From ede20ac95a5d53e5407d114548b9b4ac0f20d7de Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 02:11:33 -0500
Subject: [PATCH 1/7] Updated Composer to version 1.5.2

---
 util/composer.phar | Bin 1836198 -> 1852323 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/util/composer.phar b/util/composer.phar
index 357793176e3b45854af3c8e201bcd3e1b169bbef..508f9cf274be7a7526630f9ef01c183e6b17612f 100755
GIT binary patch
delta 31653
zcmch92Yggj);N<gHObVxNhL4Iz)T3~J)xwNKzbvT5GIpJGGQ{4%uGlEVgN-%q(0$V
z5p-SGRaek&eO3f@)wNL8b=NNV-*t8EYw!Pa%cOyRe&6r^`@5_6&AaEGd+xcX-E+^&
zZ+8sdx_#*A&4Ixq`)190Pxwt>ttPl@)~r*%xqk(2AF+M-mLLhr)7+`0FLA4R|Jmz>
zs-OgoPfuUsc9wQ-qHxj_DTFEH!VN(h&2s^?6Sof?d7@9aL=i8%9;DOM7-$D>w}lq9
z340gQQE|cg5Ipgp6|-ichWJ~B^EtGmGdMN~cL<w<7il_z>2Tb}ZGG#%gj2zp8d(*6
ziCgs(?*t1PX@Ta0Z2A(n`p+YF5eha)IWma|WVw$$_^ohE9xps9HIkPvRL+`pZ^fcY
zA)|=SERjXinR!{h#v!Bla2r(d<7SvSUf3ZECquu7mv2<<Sv|3u=VWv>abdG&*&gAJ
zO?0T_YE8=`iVC+JSN}C3ZJC^s_5-jp{ma4~gtXmqy=E?;!0X5Di|a3&4ITNEtPkZS
zWOmHtsNOxF5Rz6Yv>FLVhv4>beYOfF$kN;tM_=N$^qXg&7S1oA%RHwrXby+aPTU4A
z**^~39x1p~3Sq7?TocHcj@u`eF8!X&<5X%j|3^+o;r3J2BO}831Ul*-WdtShIc2_P
zTQ`Nm?PuHPy+?*;tF)T5aN2>}&ntADWXbDQdd(f7v;(&XANqSM8SxN|*qA^&aBJUn
z_XA|a_bMZu%ovgq`3;B<<`!;G&beae{SuH)_{S*h4dD!_gMEX4VmNSH`KOzXfV4yl
zw}d1RR)z)4nsr~usx&|xExaERsg7q-j@#qSp~9ZUQ9??nQS*;XIuC9S|2}6S5t@O}
zM1mztI&0ReTPlVDb)@h~m|l1$R7**GBea@6%nMsWABMx)=)>tSD}BgT+vvj$>UR3@
zmAaKaG-%kHyELt2roO;gv%YM8sYCdLixPOfPAJe)VZIyI9dYx{CRhk1;Yw`?8F3Vr
z9jn+qhwLz>?Rl-5B7aL;Mj$Q=nl<a6Z4H;>q5E|P<FM0?`F4K<T`_K7-MDL)P+~}r
z&8%_w>>jJriy>}@ftdHWz4VOvKX?j2Abg+;qci-dtDz5d`epRtCjC<S@V@_{z)(%7
z_!L(5{()$L$Q01IKU^xDFvuzN^M*S5Fgv`NK>r35@X6RqWx^-Pbh&qg>nX&E@Dj}f
zOoecJ?C1))pyjCMJP(p_&$-_{MktL`30pZPN;h$Ad*0=ikqOQM<lK`tK8DHJ50Eya
zPV<40t{1o2v%i+$$#LHu#%MA|344&5GJ7YM4gCIdBhv~^1fBk-tXZ=%23l|PBi$0g
zQKD~%D5ei@MJ&=RW7Ze91qbHZgp^3uI}}+-!5)q*r4N!Qiun-mBUh2tij^Es?THGf
z06U{f=);*PHa04{k-l+9)3FI)HExW$d64Wsj6D}^Aj`qqy4+NB-jCB1qt#r?)C0FS
z6bE3_5Gfpv2@k>Ya2S+{Snlzda?M-m^apM?^+d>olUW2(ki`0}Y-}T$XFafbWMzIc
zF;E9%c}m?wvGX;}3n>oVRz7j}86hk#O3=*KkYQJAX3er}b?y`HDTx#+X0z>IJv&2F
z#Ow@ipEcevPq=Az8e_ujO!^>=OVw<;o?^#se#2Kkz^)_;y>WVthAk4eyVifzFB~e2
z6gKlp;qJINh9}O?OrEi~lP@Jyy$Or?;O62b#1w4i^};JWGX)><RNdA9R!!6k9wNFJ
z>)QAjigj~5+vg|a7ZYT5(21g>d=ydY;zX73NxVu}l%SyC%MvOH)Z1Xgi@tWWPC%VZ
zFi?nB5}268CDOTL!BEXhFK!TqU^DRC`x0X{8ju~lZMaQ7*72lpJTaAy|0J=9KBSon
zG`BGeh}-tR9W;{_HkcH`^(MBV51JNI@NZ4^^r3bRdpJC&ioW?^4zmPBbJ@dHa~aGV
zbD3>OHdB+J2mf>FHDM2s(BP;=F1&A62){Q|>0AU$Ih?cOLqZ1aWNcJf7SOqtSr|X}
zSeO-l-BL!o5|eW1!|Eh9`#nj^=^N!d_NHTA6XCA|)cVb9uAf6B_)L;fcz<3b>1c<J
zfK6-1h-n>6Rtx#bObY9h>j^{!XvAoj{x~se7~(I<Iy%d{$x8^ty&x~Y-Sq7#u&$8;
zhOo_#q!63uS8KjtJjd;u6)W;Uk};H0_<p`zb4NVgH{6z7^~L+b83?T~CvsBM1oxk#
zAQ*XKPajb%+%c5G4AQO?s`_!@H5Hwkzb4@dhWIXp#xYu8eZcNhofF(GN@d(#m0G5G
zHipiO+dpsA-!rj6r&C$%_DL$+?*(ZUgqG#7&UZS0mqBzXEnP1BAuXPCAn5q6{_RC%
zX}IJ2H0C|R(%C-N`5$(tFQ&XXo4$|?jx&MN*q!h&@y2c#T$Djg@mgT~tb&wNSkTpt
z!*;LF;dZ4p`#cVt4;@LC8Axa_n*}<!HK*S9F4@S<c`D(G4CWV(WH3d4KZB`KMrNsI
zbqifTZj-Mn`ZrZ&7<YRnQ-!B8n<=HSS&R{mEanRz%wqO8EW3fibY<6()wqD>bHe-A
zQrnRiBAm}=`}ITiBF%`BPKw)Emws^{aMC0c=LHMC940aQa>^;fS8}Lj_z-kt@iQx0
zfD06~C6}`2B<y=o{pR;4I)0PO2!A5Cme4W;3@ivUE@Vs72o-tES9Rt!5QuHyHoh{|
zIDq#Q`QAL4@P1whCE>fgasss<bi^%O^#sv?&3S6Uo6j_0M?NJ|5)C0}XYB`U)hgkq
z{BX?y<^yrN`Lf$%Cpi35z7iG1$Q5M&UIXOVa^ZHr_U)5XP$-3)3e=R8qXkqM-N3iO
zm+t)i1TIZckdRfV*L*&kqQPy@=x@G<6<LH!3z-o;Sh$p|<li79Pwal!0NP{`3`NYU
zClxWC4;2+_ganERxAV}A1;WW9s%QUzv5p(QKSxY77BHAPrmDBx<5+L^VApBa(UG{V
zkFVE*Mwu{>uwel`Ce*`@6+ib`9hv>f1#I?L7A(}f!{h?D_P^hg0&-yy>J~=P#XA==
z2X$;AwYU2hQEu!2p6yHXehjJ~C496<Dr{WD7A!1cw(<EzOaVg{vxl0+`4sJy{x{Do
z&L`Y?4qVlu4WkE%8m}!57UmU)YUVIUj9b^j-WQ3PSzF9RZM?WZGtAbF+kxQoFAL8U
zGY|b^F`KHeBt_!_J;xi3+nn~N!@%dq8>@!9FzZgU_2c&B%d7theHP7i?0kb;V`)t#
zCTo8wli;XQww#rvxrF%HnX_iyEzM~F&lf3R;vXv2&~=_FWiCx!R;anHn^J+>`DL31
zC%{L_82HYz0)j9Qn0q`=`6-cljPRqf2+a#>Ivlq<mlfs<aUo<jWAl0!UdVAK^SFIs
zo$&euD;?!*yDu%z)Cdd<ZeuFNyM+_w)Q~<1bB0%Mx{;jAqk_V8HEwG+m9CxaY%I*J
zD5C4KSIpOR3X~q){-#Rvg>a<8Z|o|nB0uh-y|_*IxcH#|U^P$JHyS1MR5Am(r4snk
z#`pql_?`Jz3eQ#MYLtoeC2sY%Xio~-C5s4e-heP8_2uh^;YG4=#S-Q*Z(729_4y?&
zl*EE6W;wT2F@yPPRh8xgc2vae`TUfth2tI3!ignv;b@ggSX<4c{?h6yjli@Tw-0xm
z{#s~kN+eK0OId6jyOf#afu+<*{RxcTUq)YBEgV}DE$m&&2_G+|=Y1VW_jxY!J<?IU
zG+ZcN#$;*bGI}ukD{%jrulO3__)xS^yi_5)wTzw(fqk=%l$8En(0cqG3gMA0G4kI+
z2Z@$DYv`E<ztBJT_bNhYdaY7;zlQ4me&~3iezjdV+dYZGdAUJzkfFfsD<96!6&`C%
z6vpc!iE#{JhalWuc7ARtApmm<0MKB#j+)S`fo@C%ZvXS?rzeD6RT#x=642K`h)qar
zsar`m<=(nB`VdmjPGoE9S=4q{J+<fG0>As(_dFr&X_zNi8tC!V7Bp*?@WY*TLfT-o
zz&EL*s_f1|Dx7z*@DsQ7uX}HSam-}>wSh%z(T!{lM<b1z&SGnL?Eh>LjtpaTM&YAI
z6{YKkMkY1YP4pnQ%rI-#hcPc46-r=XKQ+jNXPb1Iaqu~KVYszszwiUuH6Tminppso
z*IcBzWgdmXZNn$C?857?qPv=zGM;R%pi?Sas)%5}0K3rmmi1oY<CS!#D_fYWJJiC0
zhkvxN6(zSWqJsxona+u=H3SPBMrLjAZ@HP!t8SGFr`v*sg>5?0c`y=^MfJ`xVW=@t
z@OSQLV-y`~qdqqVjNbMKZyzUwU?}5qre&$isliKv?GTeH))G9z@)&}A0Wh`j?Wdh&
z<~Nr|YPy(g;Pzi7i+@X?-&`&eE@=-H7PZUi3YNCBFy>G@o&Gc^%O9@YxsvQP7C1a4
zVg-xp=B=Q?eGEWFz4+=PFawDM;*J%}|D0S=sTpHN9k;3K)r}KszI&xYC|gMheh<|3
zGGk*gS?BJREDE}FC377ATFG2<+A4Oq->{16`6G}L`|?i>y+qSKTE&y){}p`nT_60W
zo2>GqRWhM`wN`VFl!^duH|8gNMb@-=H4~B}t8*z2UR%9T^KmQ%#qC=QZvVINksB;i
zr%YJdq1J3Jqn)_D?VT@<gPP$^jc`rJY>MLk4#r018p@ym;Cf2Jcimuf(uF;1n7z4U
z4b!{t*0A%_(oS|>xv7(yqAOwGElak#g!3Z?;RTNj=7~hFO7v=?(^s%f6>8Tm)Wl^`
zvT!?Rb%jy5e(efM&R1(Y=tH~JP9IKMS(?hyl}+EQ?P3Qc5Lpxd(+$MJ#CEHM-CauI
zqb|lIwT%(F#@0d@jqP0jD<idpmjG_AbU5waF|W@)fZgD4Gbl~C-SwX<n*EL^UKr|%
zHP%#@Rn#?CU;)MoJR!)|J$j+Rp%mh}l|oN<nC2GPO$>nB@_j`Puqx5Q&E0b;<$vz3
zr4Lbd8r&TNY5d2-&&~ze$6#vVdONkfnP8O~)1EGy=y=CYcVd4JmG;j8fQv0$3}S;v
z%7jOIRKlhns;^fAT5jaW77#RlCw10yprhuoil@P(Cy)`w-Uz~+OQGYM?ffVa5R9&)
z*GxJt2d+JO+<W81uF_7G@MtfSptpLNXk_%UP2AnrPM7)bK592*AjW@m|5Ykbb}?>j
za4_?9!ojvm-OqGrSwA%x%Ycpj=a0FFp~N%a(?5rze!0JiKBTT=N1ko#RuGCmhB3!?
z{pD@&N_6q}^ecpLCp|m!KuJ$ynSElNxYO=rOWE#ZLBLy1nj`Xn)cWL6!)zPz{0gCW
zK&N>EYyjS8++Lsj$2W-#QUVpie+?v1+Fl)C`<?7+)P#eb!$WZUfp72q!nyurL3FXy
z&Z{oQgCutjS;mBjEpDdEIPI23m$?T9tgdb>ugxlo4!5?lZP$U`CkkiW%=EwGUPwtW
z53&Gf-C&94$y_=Hx2>thH-tw9nf7aj*p@kmm}9tqi0QY&L-qT2APHwqBzF>_I_#4R
zyF5Id<Cup=5~CnQzk7be7%(G6Sm<TFRxdr;T?^xHiGH~d+*!1M$G_o?pyR*s&TtRf
zB^W}5E?*n2A=aap>7B62$JTY+N8SD!(1SVNZ66aoIP6mh<HNy1!7wvh&BIK@t{Y}v
z^X=h6Iw`-No{|0!nEGdLKYFEr`HT^St(OXDeJF+c-Fjwp&aGz*S}?-)bk|6^M#`dM
z+|Kza3yw)6Y#Y-@S&+ARlo{)XMw##ZesqDR4CD|C18&c3+BGOtjnM-Q4=a7>U(!3k
zKk0>=$C4=-r^dQ8N0|KJ_KK0`okH=3ZbsyWHJYhm*I(XSs}~A3R|#u2vNO-7jXf0f
zUmI6xidZa*+xWDk2;ul8Rl@a`7&O};X2C?^R%p5LRp?ktWbu07QTXf)a|xtplR@(Y
zJ2T++jz2vzN;=+zjygspZW~`5Xd@j<FEwb!*$(3Nwvp?%3$9E1C`qqgIz%7p$9?qS
z>2XGF#^zp4SUe>Pw|oC`|4QL^o0~N6GWOwCy0PvcOtV1Pe3?>c*up|_*A^E=c5aK4
zticK5R}x?IcVHU@J+w76wqn#~AH+EttWg*OFCVw>W`6af(7ttm;`sAcH+@)e**f}g
z=Vk28?8_OgS6;rJb_Hzfrw@bM9Q5IhZ8k!}k6@W<_gwx3NQqwPydpc&pSi|uPxe>$
z`F&1_aBOpy@YWSt&E*hNVVZDT=ezIS{o7eYyk@(TB0sf#mF70aT-^Tk_L?q1xov?k
zd}V@W4$O#$<2ENjbC`9gh5ua14pN~z1}UB`J66$$b358KbM<r_ZXfw*>n%dnRZRSU
zbCs2XDRwq$Tns&K_ny7vc46247(rbbre^LkhS4S5x|2oHpYCMZkbE_Zwg<0fHussU
zX(al4SnAXDdG~@9(F;4TjuV=8F)1F}#ZF{T`5&TpGjp(dH+74T&4a^C(!f(f15omo
zpuB*R^ShZvFz-pF3t6#;QF3Sx)7=mEu;c3dy)1$o*~<dx<9pfgpnXi6EBDcy;31Hj
zrvsjd1M{dC9^9i5?%l@>;NSKolkMLM5T6DrON7w<d35Tk{RQ-4+kUo=r}h^T*e3w?
zFOPrkfpyG5r=By)HPv9~@K)kBcaL_BP%UH;(7Qm@_U;+kAY3V=QEU$j3)1E91`=@G
zj^^il>lZCx?yN3{E6wH}7<7B>o}Fw91@kr36WzD;n!8ej)3+nx(-YxB$DN!I|9FAY
z)aA6=);S$s-+gNye_1X|O*W;O=kvn(XT$Gncut#&)-MS)+_&zV0ZD+87he80P4BT=
zor6|ipT*PzaaIF7CEcg_?vkj3;h{kR9t)C$N}^Ef4wV`ehf7qbbAPZg$m4eV(7u0!
z8d1YRgAA?tw^AwY3YYvfSU%$AeSLP`D|SXpG6T@UmnBA2oFAw{i<bnXpoaVaB|4fP
zzzHV~grkP{0z%P=oIn{me0|_TbYizE94)z3@+?Y?lWdcC#rxtUx5-rVl_ozA#CEeJ
zSAsryMlMGg-$)H6ej)D~b~=-k8<mb8-ZBB0#BWrZtR7n*<j>F{Q$R#y3H?!Pby<7u
z9!pY@auaWNdhI;gYmwX`*(ByCNlwj2*SATMQP~fH2K3uDi2<FyRi#AcHpyZnZIdL5
ze`=H5DUsTob}R5@Z9||@+}$pT3j|W{UM0C-iDtJ1#LAUQ9@C;ks7De%_mWF^pvu+b
z=*3Yizi{C~-kdtIsj2;5x67QQL=W^xVkAoRQjcVjL@5m2V-)B0O7f$%=02a*X0v;}
zDT5xj&ko7y^COZhRJ=o?5Z7&$aEUPYmfIwQmqYt$Qh+uS-L)zpJl5QiL|EXm4#1qe
zsk6DFsjZ@EmAMrj(B4%6F=D{#fDjdmzb1e~H}wW6Bt@urmx4pl@T~IKhlU*<I}gO8
zV{HNRP;GC(BL7>=I+QUNxTA3d$k3m91FllC0p<4f6BuP^ZB0P1Bnj2@1tf+|0!$*k
zwlAP$O2;(3TY?5R*1E(!j)3ZPSlY|i1;odo4+{fK=;`BuTG4QSz+PTwa@j|mV`U(~
zK6^JmcP<}~PUcAU;_1Hy{60LG2qIF)2gIYBzk-2>7Xi<n`yk*3B_QniD&VbPbpMY5
zYIIvcpb4E@C6SAl{tytd06MQK2wXKgj*17!(TJnl*9Tl2u#Q^t)93T_1=5xU#)>~K
z4_p_5n#%%>sQ#XSP|?*L_`V9gJ{YJ$Z+8Uh(7M6ED0K5+U`7yGUfR0ANHJ(A@SAyP
z^X&m4qWs3dQN6^AN}dE+LiYrggrVhpfLb;@*z1Ah92zVL<fN_ShxqSD1BY_Z!_P~@
z(F=bB1sMKXsy=u|&LQ__fm~otY9_k!v%unzf|QI5J|nj<r=T!X{Of0d0g{M8NFxJ_
zc)vz4B`8A24h2Vv?|&X>2;^qy2m6WQz7C9*`4#EZmw_p0@x5{xl6))GqsNpw*+gH%
zqw+YkHjxWP<Buwo=&eJ6a#8<vpiUljfe4%Vg^PHfXW0J7#GtJz&SnKIyZ}hNMHN)Y
z1u1zYk4`2i^yp4mkRCbaD0KKKY#wj*@+OC?+dhi1nbupKSm22fU~fUwOdk878<j{U
zhB}A0(=|L`hx;819hQUz#)1bDrL=lH)-j8D5R9j_7px~CvIhzo>`7Q+XTTk>2I*zA
zHwj&t5R|AOlXk!+qfN3PW74WgOsQ^9uek%{hrkypyFgyofew-XQE>6I_#i_R7-V$Q
z$$$tw5oIjg%iW%J<qi-0M&FI7BgYw$V9(9i!sFKAa*)>A<sK#veULcA9o-IVuL~Rp
ze)ig(Jt@P3-5><`XRp)UWp&~w8_^wXTl&Gan3Lv{eIcxg$KIgRJ__@AEtOWA&+S2`
zmVoe7VpzI?s)aoK7h4!huia-G>9!=n@=bkiVsiXm1)Wp}Sr+h%3wd*z8T!FGj`U$m
zXz>p=!9x-skGBhBg<T;nd4Z83zD*txoC?EJv4M>a1Om|P-he2iIWCda*137Vdmz@7
zcer@lu*YL}`7nL3EVpNDKHu%;$K1pGh!tM@-25=e9QIRgmz}rzz$D{2Q_ZO5IM{#w
z@ql3TUSUxD984PCs);=#q)jdy|4c&r9#iR&dSkc@-4vpfp_rB+g*b0P&}D%rQ=&^n
zk1P&~(D1;3R@XY0d&I@pH=C6xK2AAX{A_WM`WCb{4jkVnT1620z7Py1zdtBgl)WAF
zbvXL!F=-@vY<+-KjQBce%Z+Gjt|Stj+b+!$xdXvp%ux}ST}O;O(mouVjC?+6{K0o5
z!Q!figU2Q4rze9s^yMQV2K3zv!P(-RM}xO^66+yZEsW0zNB4cH$VZ2h<YrWSec%ej
zzY@F{73ay-99Azl!;;8jGW~)w?w3cQH}~s#bk}e65%@_Vz8EVlR#x<QK^{P4FER={
zThK(Sv(*E-#+!P)DT`cg&w$nG*g)b9i@z5&ECl?U_lC+*x<y(lC$&Ua@Q%GMj}Z3G
z3DQk~&gZEzBq5hYIyV%ovL8692%UAwqQs*X=`JgJq#Tf~xJs(Y_gg`)&+2p7cvGL%
zyV5bp3|*0OX1Bw;9CX?};zj%1QX{%?i$bB<FaclRg%t*!G$`WGxpg7&Xm6ABd(`(F
z7^>sDf)^siadqgytED4oXTM63iuJFsaQci`jV|_{Ux=0o!O>`Ize*Ry048Xe9E6q@
z%1!Z`l*Hu4Ulb8`h(JRmI(oJAA82=;M2;4(=Je?1W~t1%+~MnMCONfM7c7egf51f?
z31Vh?Yph;hS)bKqv-_i~i_U^6Qcj15J;v4@>kXw2hzLg??~(>LOvg)xDtV9HH|%lo
zCSRWeB*Q-H^MJL%^i6Kh4Dv8~qL;vIX+#ola>F(0hzBG9%hy!e`Nh0B#cjsgX9n9m
zf44L;Y!W)v%!A}-$Rp8-E2L6n+by-A4|hvz(ERNxrP>5$5r<wC9*-NW9co1KdFYeV
z!3$93+lol^$30R_x@mHm)8@r&@%4G!Bf!xqSg2?oI4TW}1(P$iCuI>B(OQ@d!c$8U
zI$0MIh4{~dgT`CHN-+lv5y%)AJD1N2HqOxv7S3S<_k|5LkL|FR9|5j`)$8f86Z>bg
z4mx~T%|PPaF5Uu`*VYGq$l>&Y<>QIxb-28Cm)GHgNSR=wiB@kCHrB8u=;=DJ9)uDi
zD0GTpEHl{d4nUHNAhdVS#}3ZvaP{(C;6$;Jo!md(=Cpdf#Qy)UcN=A|=4KP&&H6>*
zn7$9}WH6x!LE}>-`vOV*Sv{JL^uH6_pI0oOM>a)tjWs6VBQrr*bg2qVzN2Oadrxdy
zC;5p@s?z5f143}fgY^Lf^zyyZWVMMYP?Oy|?DX*{WuG)I2cRe6u&12{goSkqAt{S&
zP6!+<=<v58h6}Xd*a0}vIrmBXVz9eshbS07RhWU6q34xx=*7L#j4%i)z`px%ga+{F
zyHH6yx_^&UjkX$sq9LRqhqV8%q7B9%)nq3chhBd;Sb>zSa?}4WeV(F4llw{a<7X9V
zn!5e67X6awVaY?8I~7sL(IAalh$Z4;4(3-GVieaRH=>SWgJS-Kz5e;RX{e01U-E*S
z7iaI6zBfAwtc807VuH&0LA$HcY3&6KF!L$hJn85h_BcCx+|acUZFxR425Ie~(HUTq
zx*c9?m(yN3?6P62=AAl{^>z06JL%YDh>|<OzFHtECW9vd%p_<Xun$0#SmPLQ_)zFE
zX%yP}d}uU!^vCEZRB}w3vfx5eQ*o4f5klbo6l9n-Wc`7QMe2nCGV#V^(%p#~lmATL
zK#%moksBhC{qOwee7wu#G~@4Jz@V#Q(o51DiMaZ2(t2GOcD~jDzwJQMBuRp40LD(F
zLQ)oa?LKB={Mio}A^z@NsUj=FALFg|*TAiwQUiyIYjp);e2i?fT1sDwP#U*8MZ3=4
z-2^8q@EX81Y@Nj96*8L|H7}KE(T*jukic&H`h$m+mhq-xmkYZDdibEuBPGS<P5}Uj
z$-!m0+&+H5ZgoKzK#~rm$KmB2aC-4zuj26W{li`gM3YPOkVf2{(@79?*&*zQz|QHk
zcc=2zJv>Ga2rF<JV*nhb7ksFl?{d0r>o7Su^k*dDQ$e2<oF6zWkKOBb;>SL)e>_+;
zkh1}ADmr(E)B-7@U462L;}#A&hkIeNI(NB!5C^?14h5F89_*cdrmqQYzExpB#ZoXj
zS6-q~YeBv}#5sG}(F@sk%I2c$uasRIM#8EFG8;^TPJSlSqv{>9${2ErBEsSDvVJ(C
z+T6n~p9Ot<Ixr%R*fxAF@LI6>rGzz6278l|(4HN#2=vh3LqpN+J7lp7!F4l*!SVGF
z_6L494L`}*%<Mm8rBGxk5L%eYK^5H`7o6|J!$7~`UzYzeP0)tpP)Zy|j&}q|ATE@!
zu5;Ms?Q`__EPnn`&H~x)L5$L$hXHo5b)eJnN^Xh&7eh(B48smY&~3Q@w|{RYuq)Aj
z?UZH5Qp{{qCpZR20KApx<DI~+ju(~TqGqS;lo?6ylU<5FzE@^MZ{7<MfBAi~b}7py
z#-U(d3acY|i`j~3^yZy%HPSsGix9uKPgWa@I(8WKsQE!zg0$XK1L7zSKPbCag6`&&
zCKY{yRVxV{SsiQ;%N~}A<`8}np9TV*hEtv5w{Oc*`p_r2@*t$S4w6fn=OM!1EZ51=
zn!7YoF>9IpfuO}Kl=eaZXs;jk4Gsf$y~Dk|w9a*v*=O~DIfN`BBv&s2izE&5aFmvA
z3`ak`AXA{o2V}a~>Byi`*42wo22@bciBfIkJU=qfIf%&1AX4?Xop6Z20lnSh1sd3}
zB&2yj7KKtT50^&%EEsz0-4J7*MQKi3wW`ntxSWL@9gxgcn&Dr-)Ct)gNOs#T39DTR
zkj&sAqcJf9YHWs+d`G`rC3ZH*@8nVDki0_TK|gMiN9QM47B?(lR%8(l#7Wl2-em8!
zkEWWF5-h8|^9teLB+KHtjO0y@QF9R*@<6`r#@%v73k16BKxh3!Ypp(8--KL4cm-(_
zU{C`^jLkEfg8};ULw0iqHXIZTefoN6IBFb{M=2%{Am@<$swqFe8j`0aO<lZs^=h2p
zhx7<gGck-JOcGN)@&j`5#SQZHDg^%>7hk?YZVEx^?}kcI%sOMpc;b9mrzsH+9-wPj
zWd=j)!NP&nd(dO=?Ib-GbK;uSn`VI8UETg%^UUF}Xb)`nfQ6v&@0B@mKIU!`!DBYf
z$++muKn)d3oK|!B&>KE^t~g(i|M4-j<a)4LV||KHbi+19q_F>8T^<FcS@u<6sBpI3
z+yN|hT75l`Xn^b+&K9n-kC9xV|26udQIRa4_@!-?#|nENm!X?m6(KPcORB#YPKw~!
zF@{t)GM-(b2v<#ZC84tq2OAFVl?I8gHz_`?MPEx4p#gj$YW%A_7ahM*u0h2pNRG}t
zFE!yDOR(5-L@`zvxVkx6{QGN)yF*aayNYPZCF14pD%vXLepif+@LC&MTdRu%FHa6o
zeDh?1I(pKiOO5nrElecBDsg#7>>eV<=uDu>g1)op!qNOWy4YmP;zAJ5#ild|X825K
z*ei3|8kd{&qmzf=L<~cf$UR3_5pfY<f&kq-M^}b^h|y&seUlbO%+VDF<D*Cu%AKo=
zi=?v<YOn&(UBbxFlDWD99f8Ce=clI$ZJDdfoP!;kePGZxW-(dGdT2V5z3R62Sm9iQ
zZaSceMTOf{D!pkcB02)aZ&#TNQ|5;$SkI9SaLJ+Gppc<~Wl|Z^Hff_V;Y#%8Y+YD7
z^Ll=72>D?@3G|>94{78sx7+D|kF=+?7S!ViQ74Vr!5l!M(dC}cL%P5Pb_AT4a>9{P
zL^uT2szS2S?&C@#6$??Z3$i0;!WC+CW__Rnor{sqMJJvO2uGSOV+?vNRG|`2q$zK2
zS18R8663ryioaSJfikaD8Up4k(O27*$<T^NuT%;PWc2bW9xZkT&X$2Uhl{#4lv<>)
zD2dO-%vGY2k3$mUJ@)k}gH{g&I#m@V<ya~__MQxAa0)0%2|4HUKL*F4GjeHg+eKkB
zF%TU^Qs{VmrV@L0zd>7NhP;dyf^?Gqro_+}m^GWkl0PY{HwX6(cbVs-^LZhW;@S$;
zo0bqbD#8~TseN{9w-+s1r&@syx>P%J=+c-Rt+#nw#s=AiT3;^-Mf@US^;uV$$!K#2
z+FUP>6fJJmsSX9nk$|nWi{Cx3QcGm8dY^YuDl(i>eG}RXQ+n;)<?aE<uArw*t18sg
z1`I<KO5UQ!z763~@w+O86l^x^1^UC?p`3=;J#5bb8Q8)iq&%&f7p`2)3@VsY@C*ZB
z=#_;iBML4tQh%e8qaCMJp=ju|stj)ZB)6)<%h|fR?cgZ~94>pk#{pp`zS6|zY=Q_E
zb~@8&h2KC+1D+n8{ij+V1<K|a7<9V3?H1}4{M|{Yu@Yj)qBE+SCV7F*zop{D&(5eM
z0aBbv@}{A*S5?MX{G0??caL>sF>LHYaFaCU)Z?&w#F!UV(Sd>9KC4*xH`U{Tl5F(D
zD=PCORx#;S)%B7vh;ADop#>CWq^B35ldq|=BT~(a;dSRAyvIlx2qfpuFH%IvAWskS
z(~aW)sH#9Gu8|wiy4O`(XJff#F(lk#Sd;ig*rihJNjy67nkqtB2T2V)8>G+nxK&0u
zv0GT-((hMs=!4f)|Ak(BN~P69T#u8tAe;`bqs!rR_{Pw}w^dPfYzr>Z5AuueBg})t
zT~3D$GKo{8Qs$|=4eXkY-SnWvNEwCh@u=d^E6oswguSUcC7I+9=KH4UKXcGqAF6`I
zo6f0%f+l;!-~K}t9(WP?4D^fO!kHpSvpr<}L^J6rf2L?zNcf$E(n4e$5$ot*6fIE|
zg>3JtUPZ;9NOb7ZXI1@Z@nfp6ARGyyl;%(~Phuk2Yx^jZzWEc*eN_h54A*6Wv8b<6
zsYbTvR8^><%gCWLRj6WoCTWB+|Hb()%07jhJD~#pWVOT9NxCc-D9Z&3m6S9-<-jvd
zx3HN~vim9=eG@5wg9<1ctdmU8$qp|QN=9$qr=j6fv415Y1Rlz=ag!t#O@oGAxCo6u
zM<P1gYA_=Al`5}z^gUIy6rJe_QHtMxthz^`0E_H(4|~Aiz3`3d+iV<{=+ONiOC!)n
ztw9>JS{@Q7#;1iCBq}&-kz@+23T1?aM53Zjr7{q*=V;&6N-!CnN(K7+<H}I9vsN31
z`p&8}=;*VmU{vf5QKGEgP@NLiPcpz>JCb;{dbI92g$7DUWa6RpkS|NrDJk^Ukxxmn
z4ntb``;m|~v_K;XL0=9lwCJ7(RKW-D2r-Cp-jLD2i$O0JKU^Q8k<9E80ntuvC=OLk
zpqh}%wzr}9e+TM=aO{bOc7zzw<NHH&=(-&t;W-01k$^J}z+jR^CwWlbi=6@()&c7}
zC|v=0!^r?V9+D4mDY*8k5KAyQ--&@cfQAshp{k*?qP~VtRhkiZRY)rO_NtI55#T;q
ziN0ASSF0BAIqBKy>6k3B;h!P-VKeDQkA4x7hunXFOT!y~3P}{-{Ve2f7cLHf8WbGZ
zIVcmcIy-48NT<)e4%UfI)P+Q&?4Lqr$IM_Z-|O%>tz9VuPF(X-$o8%v6HX9swuMHb
zz^+hZ>wL&{*zAz=?}l7x1B;Uj3*lhlw1d+Dxq%=H%s<~X=7U5F+%5C&9+EZz<p$$P
z#$hq_L3mzcclAQZP=scWhFVZfcW4PRIU#@cr@9c1Ob0hgzj8V@5%`5^xc!6_@)oQ`
zT~IQRo84)5*|3wFq&5ki(@Wyy?Bd0aj?1CYCBG}QNfu4gCHU%Z*jomJh*``|&&Cl9
z+PMXY{qm!b1axXks38!CK3bPtk6v37stjQX>QqR|o5d7I=$Er2={CU8h?Z5r(Z=m1
zS4=2vb7-7sy)yK89=`g`P_P?c2yZeZx@5J-oHXSg*eotQ5&F;^-OO|++;c;&GpaR}
zNf`tij2Xm^T#&+Cm|#x*r37cH836pa#P|LgdU_i=+7+hP_*0AioFf{l2x~x#`oa=d
z`1690v12JVS}MS&`Ula=B7ED9lWG3!5RY%{=flks#5{0C3ztLKT~A!ZJM8HE_ONiY
zIVLPZJhLur)vZw}&2_a635EPBCC~mzsI&X<TeRh;u(_f|t^Pj3RMwC(;;{~5O_&bb
zQr5sPr#(n=Dr_!Fw5UI8D6ecz$xP44nGW0Pa$tesYp9*zOL{$ak{#qz_;O4px#=cU
zH@ka$BRFMf!Dy1urxx`bKi1s;H&}C%M8J9=K$TTSXid+_$U>>f>bbGyZX1-UK%s)4
zP(nmXdQM74RuW{;!(zp4$?E6l(cI4`&q;YSXq3rNdz-ol?OLWw7Z0|npOvE@wK5$V
z>{Opa_a0DlXw_PE7W)2xx(2<pQ?Ew5*Q$9Lu5F1ojiQqQP*1UGgH$FNMaK?k^3Y>(
zN~!qOT6IMrDt}BJ7fO8{6wp9?1qX<0wcNo2T6rYSFDj{{RpJyOz7Hg&GbsMY06lsm
z11iL>yH2e`pU46yhAC1fK$A$OvfS>qc^t$8k$fc%)B$f2oLR63MiRT47cc8p=R}9m
z@520+3Ozfnz8xLCTN8zjZB}1lnBHpvkKnSS%eSbvqQy_cc`<jZn$v(fL0%N!vwBzI
zvK%zHRb3H2bEFSUs2!c&s!m6`%hZWTU#^XmV|1(1JCe{s{K|TndJSs0Qmqp|zD)fu
zHF{l8TTt&cFqz?6wE?}nQXPU)4yb2qaQus-2k`sk&JJ~4tDcXB52&G>>wr2Hy@=Gs
z=$ie(QRvoZbm8$(akLRujV;zh%wZxgO;GFvNgljgoE)4p81+K%*PrSl(b{X&L1@)M
z_2OWBo*qRvA5=H<qqMBXz8-{$FnXel8ftZ55@bZ`I3vy)`KVC@j06t<Lg`4o1YO;v
zk)zeus!K@-K7$^=p@mHnZ@gChnp&K9hx#fR+V-JNEuK57b_OH$UJa4KNVK<09gFtg
zukJ!&qIwguzRT&w!=k#&h)(@gD?`QVU=2#&ppc8hr_~+Fvg*1@Y^2fIZ`Bb>e2ot;
zz{ra5`)`to-n4&ejf#m*1V1_Pk?+;U`GEkAKAo$JP>_K{j80iJ|B|d0|CprtDib~I
zQ0mZ$)tU<Q>|+|uL4z(7oe73KKx&63g1kcf_xfP8rbE+>3jYWJ%_|)MJI@Ba3)X0U
zi{{;^*Pug?azzWfgThc)t4=0rJ2e~R=!0On4s9Obg2bD9HP6+dVo_sArXe^@jF#JN
zZkqLnx&~Yb<AXCF>>5ioq9J66l~PbK?S4&!M8>+1mDiSuH;bABF7#7MutuzytMy5c
z7yif(6#WE=FPXKw6T>YImk(+pY;Nc9fU6pp$bsOYuo`W=c*8R7phiD6eMobs3Fr^4
zI%DW+*MhV~kV-Y#>`o^-yHy<{Ca>215b(1j!lsQ#5>q<0RZ6&2B4Gi@s$Z+<Vo;3}
z3RDLj+L%y_$p@hq14NHIw0Wv2FT@`l+V*`i=Ce>kU|<B=YtSu2hmUIJp$BD#F!A&6
zw9mzbVjYP$+4|gI(V<Z1eR*6_8Tr8vvA^lSlaP;G@IajxRPI6mn8DK#ymdX4Lg33p
znyf+Ahu}^V5??y;ooHQokZR5R4xBifziQ2V^xl4rP5eEtb2X!_6}lJ{<I}~E0C{jg
z7cK`qB*!f@=+zm~BR*XSIya!}5I^?m-qeBr#^nzr7<^&7?#-wef9T+^MVg|4>Ea!?
z=sJwESL4+~&2DpbeO+gDIlo{b2`Te17RzdMc(vRh#}OtN@YUkNhjfKd-E*T<#p7ZX
ztlR8ncM9gr9H;}>gpO$SG2-sWbsx#(MDt;r#7myl6$FM%Eh#{cy#S`@XOKW8ldIcl
z_oOUB#g79oRHt-s?XwBoK4igp3;OgOogSs1(y12GJ4{Rjrh5iDk}8@);Ee7fl$;k7
zBQc}-c|lRooH->iB>2H$ESxhPaIZ1(rijPaPq4tp)tuOHN_ST`M~~*<UEm(1$~ORc
zJ4oRsi9coP!zB{RL}ba<Z=CWRE&e52|F2}N$xRY4)n2%y!8M{hdd#kmT>$J(r)O$7
zA3)q^VQ@HffGj-DniQsyN=FiLPD3KTvR1!0DEz_>SPbg3>z8XyB-}1@4>};g#u*3n
zsa-z@eb%kdKvg~ZeaPw2t5E&Fj2iJjJ^HW1#xX9)NkSQ-pAdGn#&Q`04lED;KG1A>
z^8;y0@JId{Ix{Yx@<4Wnc<#yaC|FOo-3bY)8SlxJIbm(gBC6T`34s4B;fXgw<AFlK
zx+g+pqGr9mS4xP*$6!+0NiG@i*9O?3g1k;UOiy%{cxVA8k)w&RaO?1MBU#tPIMZaM
zVFFAB@1ceYGBoVI6EeIw-PvsKCAY+AFfhP?&b+M*Layr+A?1@j<Oab@!7#a)@#a)G
zm*9$i)07UnjzKq+)X`HEI`oAiLhc7ajh`ta#(_;>(jgUqmjN^ZMN<g%(~0lPCSicL
zrpeX)+=xjCychTinbt`2=|%oThQllFzC>@)2#LqIJS?yz+`@}0w)G9TyTLXO3{rW<
zy%2K`fS6ALVqYrWf3^OITxSBg!L@Pz@CGWFXaB^_nKR(+O(He6mbnxJW1j#vK{u9<
zOAqQfanAw0LV~_{Duk0#0P)p>dhtQf$bAilXxc!nd4oX)&;0ICPJF$=@UA-M0{aN&
zF()&N*h6X^bLsh;j0zXStcHfP47_deQ}49W(uQ%8irz?@@O^$U91>jXE#}si%9MOF
z>ey+B64&fC^o63|A2Q4{k&Q2F$j?b<drwZGxTpY3gSn)+th(BaPF`b(L<{cKDA3$P
zhClod#+<y(kU%~a5MMlGNSFNjk%8dUQRB@9o{kPUY}gd|>qn!SLt1$rPAwCOqvnB%
zHi!ot?jZon%*f8m&d<ut&I4y>qOY;NRiYEO8e+s7ZZ#bJAIvBPdZF|S)&JfQO}~ve
za)-gNea-C#an0@FOE#mIk~wXF*(}~`=JsnMATI!y*swd^J_t>qEZq)u{P17o%IDIJ
zcu!0W1RED@+(6>cP5E484D~8Fn^Qurll+jFcJX*V_mD&}fgSBD<P1@uIRAT$&lGYl
z8PfD{Stz%Z3rDMZI5p~TkgE=U3m-=`lya5vL}_ZR-gU5^HYm@8BeL65SXj~2RNvHD
zS6^2lZY$-Ukc8r^OdJ&v^NT*Uae6(eMI~X=s1F~#U=ip88yAQA%enXGFrz<-{}Oy$
zz$!|vMG3ABq^;9Npmi18>T%k~D49ERbP==3BUa}+U^Yer5;Dbdl2_C99OLqvM+e-e
zVE;U0ewrV}Z{s{<>WdMH<!Tc;)^CVLaXy8tg<@d~zZly}YHIwc-x;tV4;L^QLxXRv
z4u#KzhzS4moIHH>R0jO~N~fXsuXWl>9&(X0SB;L11{;umM9!^&?@%fTGZ}CGAFs-~
zK*_1d^j@l-lKX<f(Hk#t%CKovCc))rXaowc<kq4e8WghsUMx|D5EP5|BRB|e92)vj
zZ;<1akY8udY7%Kmyv0rHR-5ebA%+){jBs6w{Vr?}+Hy$AIp{B1;D*0|>xA&w*GXu$
z&`&{DFKvdfcTyvW|6s><*nV@X3y1AEO-qx2Jh^1E()qEk#^a%2<7iG0S3YBkPH;a^
z_J=)^A0y7sLsclG7B2!zJ{CknAE`~~wcmw=Cit&(EpGA=KoT9(4Tn0MjKm0V@d<q1
z*u^!AuU2wF>TytHICqp)Rg^93tgSDv=q#^pE-9_4=&Y=7sx4`O6{U}+lYcV7PhS9C
zUstoDv#Fx7wYsUIytBNbvZS@9rFqJz{ELlhE2*h2FKMahY}UifwI!4A<TCD<K^`l9
z+seHyL8m?N!Q)zmEEs*hoGUWG1sFJep92!V)Rsb(5IWx&W<crfTtW<Z3CP4bAw(^w
zm+@1o;LyG`TsFF*oy!TG!~z58@DsZ^gYLrN=*V)e5PzExAttQgN+fas>G8M+%F*Im
zwH&%`4LASbwOkmwZ6((g=I>*50Fy&ktm1a7kV$Ktjo$C!?#m+L^b5LGUSHN)TT$22
z$@m24EOA#aw?v6@grG<w=2AKwom7Sxs7kRHTVi$5h(99>D#YT?CYi3z*cweWD3g>h
zEkt|X)J0(-sYDHrf{!ThaQ6k_AOc(Z<gn=yBEIk8GGsBs9;lw{F&8T7M|1Eq1%BgV
zf14e}Z{Tv!-Z74E!e7nN+j8%47dTp=3<?<`2{fOF?-w(Zh-WwBV+tu$!ymUfx?7uS
zV7npAgJeYKdicVXU0fGpwLsd9TogtgvjXfTxeLKA@?z*S{OErj_Ovu8wgeY9b&j}c
zbFe!JwgjxW=(l%=&K{pwQzqCsLXFQuPGmTuC->oSw16{AArOM20&+knYCmPYI8^Y@
zhAqOBu8XjO5=(FLkZvOfSuJ2m9(ExUH^Ng<Fzhs(m_*G&6r>&DOz6xQw+Mx7;3C3s
zj1A1kMZ=&{D0L%e?58V(suxH-c3aGq)io^@O`VlBB}+O%rK@W?TkERJz@kut2J!w>
z9N<}P*z&+fZ@)OS2&82bI=zw0(i5au$0kWZnh|b}c<lxb61wY3Ic4ZH?MHY1N0ETk
zmvIa5#rjOUf!^K4WoR!@d9=l%G@yjtTrPU-hHz=(G>lNJ3t`KQS4F6GH<yk-k=(YM
zTNyVw72Z%-Ha+PR7Q<JL=<pscT!p_$U<9Grd$=O>UrRX+eCXwWDfaK-UJRHECB_q%
z#SS2qqM9*3<b3yYX7rO5>OFa1P%s+X&+*9C!C6Acw-5e#-r5Dh*xUQLG%58+C|=;2
zG?Q}zeh1u?U40FgB|ai>Hp#D@zJ!C)jpI*n5oqZFF7j875^V=KV?cbv#FFuO%x?;&
zvgZimMy7BES+3<aPW^q~wOr@CU&kmMbfDrb(gZR8Iu0_ZXUw`F)Y-$S&_`+`{K0@8
zFeLB<-_?ifINXus509m&@er31MMRcoUaqs5_^!_8hKe#Cy{R)sq1?nUO#t}zebta^
zJ9G~xMXn=UF?!_?7ah$607{OUan+3#OA_6PA|!u`OF-^Fagd>X68^K|W-cidBxiC6
z+Ho`2f_#U$mT^|Z45<|otB~)6ahyJZn8pv2V<)C7g}X_x^<Z_Oj>uP7NXB0zBAPjr
z#A+}tvD@eq8#muD>A(pO$du@&m$(?@_%jz8I*lH5@>(sQZZ5OB@bxxBjw{*WLYr~|
z?r*Jd_w7odVGAiwLnSY9X_je-z+f_tu^5RCZ-!f6wC85dY@12=)B#g1>Et-r1bPU&
z$ev=;iS?I3!$AlxX3+V+a~$eF!Knk_e1lg!?(ou>5^^GBIhY>02a~@iH@lhQA$J+g
z1b*5$|D^ciX@}KGqVY0ZK94a_^`8vVVPi~=5DEz!3&mKJyu%N0G9Brh=)(sr(m9u*
zB*!=M{VT=VL%yRPOJQj<q<xZ$(9PIp9wLB<CpkVG=AALh+TBftpqOq>34gKST%ys?
zGi|E2na4?{K9eyHPz?O0-;Oc-z#to(@GjigDZECwJQjahjQ(Te=AkX+;QRQ~aBsuw
zjZ)j>y^@)-8*Y5NNuk9cPJB;dhFlB&3kvk>O?t<5A;Y2G9nw}awgzpf;$r49?C^ca
zgqQ<L8mU-W#U=QN^NGep8QCkawU|rs)41fv4%>;hjHn*^<Pc|4PEv~29){C<YqLa4
z1NoFA+>e1V6JM)>enScbXXr>FJocdI{F~qsK0XYV?(`jSxwYjs?oA^#b(5KZ&PTar
zzvM;bC~gT?$N`T?1Wcn`5KDTy@ZF=_rKu!0F{PJ;G&trVpZZkdz?lvs2N!YlIQO_j
z!?qG4c?=0<qa{yqQRMz&=t=k{_^T7(SbkW>Dba@~;6Hym!MWonz73e+3UShbC@tzt
zf{WMGjS8vgI?3$~$c!h*Qx;7jj$SmfJ;sQ}7;zw}a7BZTv~x!J1VZ&wT&%e6&)l8C
z=+RT!@ZMo(cgf5#IIl{+^XRU3IicXzzcR?6!nHB5il(-4krqU}Okh|}2x4+pAUh2S
zvTj!y#_6AJp;-J`BwQcD@)%R`VFji%kQ&%YH}OkA6F~;16X>1+tC+w@$U&by#~IKk
z&vHrOJP^TFIXN)_lJICt02I-6B!q;Zy|ogB;X)Q$=AvUOI8KERBy92Ign^P^<D+QB
zv)>^4SA{t{Y2}cro6|;I{16KIb^Z(x+VB*o3c`e<&mZFw(VC|?lbZb*1{Qscp}U{t
z;&jUR8aI4hg^PE~u-z#vL}9<<B1|)Y313;*H0J*^6zCX`3|}k3wFIdGhrgVISwpR)
zx6l16#04FFk~1U%_h-yEAxBVjKq5-?)>B-X<^ozFehAmh9E+l!<`NG+#RZ|eA-wpt
zgZQVpSQr$XJViUE9I8oi!b~#J*=M=9#qgo~fR~iT&!o@cEg^r%1RHbs+>@9F0u6dW
zBN@;&^vPo!m%#wN#66}gqBy4wn2<TrSA;fhgAW;pmvHIh(@=K8S;6VA&ZYBCa5H5Q
z)G}9Na-qhC74TjFLZ>D&$iscO9g2q_pG)V!A8s&qV>ILg4hK5<G#5Uuj3+DVgeyJ2
zfJ_Ai8t6<|MrKM9!48&)xEZ(We<M<na1{5OAWZ8dHl%!p%U4aI8kIf6<xG1q_6(P>
zm|086lFl^RQ;yi=ND7~KlkXehm=9qb4yJICTJ6hRbm{+I75p{@ee?{sBI@UfK_xdz
z;?VdePA+Dg<^ltZCYyD*x6e1>^qI{?nP<7`K!_~R$JcQ2=(@99mwe(%SkoF5t#)|Z
zaD3u-XX2M<xo8O)v8Mw3&o>PU6<XQMY0#c0AV9BvkweoEL<QsUc$4_%i<~(ay`?rn
z?an*!;mO)QsKU^^!YxIYE|V+tQ@oFVCbZ=R<s39Pqzy)wzQS2><Ps^Kc!f)Zzw@%f
zXqYo|3np_nQ;?yX?p4PJ;TP!chqY0vsa++v!P!FdPcB3ZeT(arppt)Zo#^#*z%uta
zE;dBAs)g^^m;s-Ve!#U#R+!)<VXq{WA3!055F~AZUzWJKTO8Osm|Gxgf$tV+6*rW)
ztVkJvZ=<UU9fjW1;RaG~NM5aOnRr)(-u{qFQcXdRVm{&obS~bQjPCh}`?Qpvt*YxF
ziBMNk)7j8e-&S1?IYkyGwl-A*LGVX~APoTpr*M-EinAVWhPzX!oq%K4xYigciXU@d
zNfr~w1pA4-C5`ZZ2{W~;cng_fK_5jL6UH6ge)o?9n@LwnC!8AN18KkZbj1cUzee32
zpr%J3|5<=oQ1sB}oECMy%!TSPfh4$^u!-I1bsc<!gHN2nIGv?LI9kd9YuOD^j(-E;
zyPPR`xQVX=E`}<++hgtVrKD%2(K!+)vGV^NRx<azltmlO5WMu5H~k_75TS|ZKjo?e
z%JAt5EVR9jMn@z;-QXr$OwLD@>;@P|i<snie`xC;1m6qa`URJllK@8~CynZHT{-?x
zx(7~cq*Bp5#|sH`mz(}E5(v-1Ea8k*0@8j7;bqB}Tx=i^g3f&ovBILyIhAq(dy&}l
zIkzWxdQL#)&k5|rDW4O!YGTmuzU9J$u>Pa7pBkglO+iMr_};giTT1^(Si8iS7KXd&
zhq(9yTydYo_?>zjPU0>vlsLoLz1BJiLPQ-QkYm1NO`p#<=v@qgj`Q|R$njt7N~0TP
zNne$f-I3(qt;Ls+yEyj8y>O)mRO9+s?^F~ibhs%awO<a1%{XQjH))OU1na>s`6<HD
zD*k#6br_5$wB2ZYwUCPHBm{BDJ@EIn`dU2>0B5nn1O~X6XPx4z2;&kt>OZPApu<-~
zHQ><?<Ux6K-2eq<3(xGHl9%=)p^RBYU~okwK%tC7K@nko0Jzow5l7ae!G@XK#QquM
zCXN}fgN|TWz(Q`>{hxhK&JRRDzhC7q1`E5wK8OYWUINEEFO*BUd_5LiU9%W7eU2A@
z?TY`T6h6#YI^jB{sk0MO$mX=vRQi8NUQEp7zpx>TIQa<J|LS;SxcC}x9FySt+1aQi
z!Pv(xX(sQSU=99T8TfdK-OA8zxIZMlmF%DCy%)Jzn2HPjhy^vn6qo;m&e7`{xQ3Vt
zoQWi_Xk%!~@zn%lX5)k{qf*RF=?pVTjWL0^Na|_2aYP}B#`Rds@C7qYx@e0b&(KV>
zCbVJcl)}PaGVj1{KVq~w(O9QokqewPCot#1SLgq8%<%Uy-$*oWkg<J4kFAu4(;LW=
z_@F49dzPZ@%i#*;b(3+Pc$dl8e!BvSK{B#43UYJB(C3Za(kZ_;{KZ%)nfxtmJ{ykS
ze9^dX+N(%$-(QUhQ^3SWUNXu8CSlO?e>WbU@^koQ<MJs#UwYa2)8tR_jaQ5(<deVA
zZ{If7PyQ5teA{S_ln=XjK95h&5>vi6-V#t;kd>E{m6@Aw&#>hb<XY|a%#8ekte&n6
zTW$gLWaVe&7i45*_GIMP3bHfp-MKkEwyc6|Ye9N;R$fMT-gfm*Mp6A!1fM3R=R|%J
zCVo~I`BV~$D~wPeb#P?d_S#D$#o9}wJU@!^%cB20lA>&BEv;@TS;jB34h-|nwS04P
z4ZqC2j&H`7fjy3OR<8r1_~v2H@BoiW3L+Cx`jwF>vK1T3%1Y9Q(UFdb=z|r}K|y7u
z>HTPSe`M@<i?Teu+quFu=&UYF?`_U3=wGqC&1-F`EUT?3SyGbGT2a<lo6}a+HfGIq
z=B#WkEwe5k9qekab9R-LX2S2*mCJp@U74fntpiSvvbv&jY(;xry0v|&Z$)!yO?Ug!
zjIQ?9-WmXGYhAjut)jA~wmE%d*~p6Ww#LSq@rtpgnib14GO8=<oHkd};7Y&(2y(hI
zvwM{-%ki{rxz^?qUv-7A4`XUgPam!8FG(-$t!pbSscorgYies;=WK0k^#b{ozV7DI
zmKON8HGKpx$Kyw=WS9r>I$N{a#=4iM_tuWLl-Mgr(no7IRE*a4w~o}8S7+3<v{~U@
zI=ma1`mVORs=2n&J5tuTqFf2YFR2(=+S=M*v7)wg1>scbXl+ANW}Cx4Ko(rnm08!f
z61Y{{T0PQOLKeKNVuQ04nBuXvJDt@POWOv!mN<P%TV|WLx@x7fy0Xb>&CFTfwWMIk
zy4>5_*uJ#Smen+98_4Jb24vV=ZLmOKM&-n!M{8P2Jd_#UmZiWXC2$EPzZ@0YMt794
zq@^OWw!D$hSu$GdYpZN4Yi?^QZ5}Hn{8s{>>fqm&ma<YH+}qol2`pOT9I!6;_1QAl
z;T>!tyNQncAu{^lu4p+raaCmKxF@T1q&9ab&stEwvZk~;tFLaL&Yoj0Nzcr4rRDe<
zoh`YI&bF0h8KchprS9gsb?e=wRW0s@?19E?U-nqOGPk-v$1&FIsTpd>s7r1t>F?`x
z+E>(NRBc$F*0rp^a@5(C?W@mR*0ikN(^at{zpA_3mY3-$*pS>jv|;^tX<I>Vb$Uj1
zou@8q#HJispPNyVJlej&GnVeNwfjm+3R>#M2I~qc@@sq3hL>!}U!UAxkz3H0HsErM
zRkpjTJUu0u_N6sTGuu~KZH>c~%Nu(}vVBW8^rb7al6wj=*JU?D6>nR0Z%uV}eR+O)
zZsxL#d}nKG?MPmEzI)a3-s+ad*0!$le&@<GM|1Utnq+HbnJ3dZRO-#l@-^6MmZay6
zj@B0_mp9jXbB33%D=6r#$+HhNHdZvdon6B%8Qo<ibu}xO*h{i|N|x3w$+qVWCfi3F
zD$&~1Xd_?Q+t{jH*^*Y}aCa?fs7udps~pKlF8BCadq=C<@_UhFV{`_pY>(29SCp2N
zxzn<HD#rSU^7;lUM{C->1)iz__tJF7vcU>(x4kVZV?*0Ob4g#-P)kn9Ku$$%X3sK5
zPoJ`+%AVX@+nX^|y`(3nrq?^xo?q{+TUt|>ku@~j-CEP$-&{~oRXaG6oIX&wax}TD
zvVPg}>a51*vHqTsu7;lKhK8K+?Bv?qto$*X(plG6-;!VFsm$xivJE?YEBos+mbTS<
zvK#tphgN14<o9OgdOWU`L*A91<dyY#o}uAv=Z2B;C7!|Z(LrlYQ+su`H`m_h?9Xgc
z+OzUXs@v*n`;xQ9$}*bUT30r-RS&h+Io2;}Deuo|E%%hK7;DY5<*(_l7;76IT$gMg
z%5XKU9B6daZ0ISdAFXX|$RDiEZqHwy-me_WX&OjgmX%jN(l@-+k&#w8Vq5BUZ^&z{
zE$eZ*vl@Ks(@R`!?$!ZMepypPd+EqvzN3Apy1{Kn`_4tj!q*Ma4=Q4MY94s?t{ZaB
bYTo|4=;N+g@Z*bjJ_~<&e%6xG+S30EdyXat

delta 21164
zcmb_@cYIq#wtwUz+1EvKlU(9hPE2gaNhDd4Wv7^2by>ygl9j4ntY#IfP#k(sLT<>=
z6Ux$dAqhOV3oMWjdI_QJ0t+OtusoKsfnCZ%fZyDb^4Rx2@BQ)1=i{8YGiPSbIdjhU
zoEay#T{3gWW$C@UDy#8r^X7em-Ck+rguL_S{mcKPo1mhtpGq)Bm5g&u6V*x3FZ&+t
z$Fx-oIo~%^odjJT0`Fl5`Z}=2+8XSJDh}sB1vN;}`H%nnHFkDwFZOO#Gw1g$)Br*M
zXu7KbJ9;KHtEal9p4j;L+IjPUx%W0qG(rt*tnRKN2C&W5<D3oE)O3Pg@ZD8x>`?VE
z=N=8!NzlX6J_*KQj&VMdP@M$5Wbr-Uk`k1eTyhf}ij~^;@DJF&nqKTNCXeiVSv_yw
z{i<;_cHT;AX9lZ_+L_N9<wRK2dIbHVM!p*E+>2etY9pr}hn??fx2`*>&5JBbo1Vsb
z^Zb9{?mIb9SHtE!xSCpupi3Tnxs?=6UqgxZ6EuwQ+ZC6QqHU>Z;hX`NAoM3_vWTeQ
zz$hiw7d0rk`-@PU&hXY_q)2OPn>e4eQBw%|NM+qpxPh2+TMyMq(5ma#q%qNIO3kCS
zt(;x;)F43*?f>dUc<dcmvaS|ejI?noXrmMKzB7Klf!rsKG;uztp=J@Z^3wWyun!he
zv-TkEl!z}Pqa1&L;v(qPulc;>bV*$kXE`k<K^H%B)hMa*Y+VcIt_ErbL2u(Oe}bIx
z2%NEYAvHiyU1{oba>nsG9<>>-ep$yav`7Sf<)W#HhZyt7KRj$(J-2mvI+ET-uR+lF
zB@^F5Z|TBrtzSr*vaw>`ya(#n3gE(B*k|<}oTq8mC+L%sOS;H|T-Lzj^a&|Z2>L~+
z`A5=g5)F&UWyH*R^WHg6m4|D0V8<F;u;&_@C>h^t&{2&gjT)+vZ*)?PR~o%kL&Ek`
zjT_i*s_`A$K{d=Ay61Ns2f0(Ea^AdeZEvo}j&VCNeoHep)<k*py-@M?T~}D4CX@)5
zHr10e_Cme8Yqy+19x)-?OHFKQ@gq$NlH-D^dGkJYnlB`#Zf|bo<>NuZaLIN`V}b(l
z!aRny3cH65(OfX&jb{mtJK;paRSA0T;r_3QE#Ly!=gp1O4nH>=sD`OUPc?38nV=e<
zooI};>PRWRf|`AHO&3Nw6_j&(8xz~#T0?Qa)M}y{3)*ZX_w6tOpXxrBg&iBB)V;f{
zh2q%XhH^fpV~C(_7X-e?nz&Txyab(N&(XV{ASLan!_Mc@zH}3pKA!*N>d6gWg`A5I
z-1r0`&UVP@=QVR)=27|*^t?B>jT4&_V|Vkq$T<i+gXPN>TtWB-(f>~#9TuE+YWthS
z5M>jN-<(+Vyml@n^bPH6sK$}@agL2cZ9~u(LO-32E$g61XFAjr+oK(Fs=?@_R=ye9
zW29E>AflYuI@8%kF<jA!QjNo%^xV!a3)PeAqUJ8-&YO2*=dLt){&4Qmu2xbV;#ggM
zD?d1~X5aiK&cA5jAn5qhx3s`e?Z9@=Z>uN#VK<B>61wN+D>?fG)CWNWg?WuwlZ501
z(!<OalKpOIVv?QTZ6P<Dg&hUYsEvfGo!xv&%tyMHa_(3~u@W?T$(k3j#-2`$vw%ZR
zyAs-I;QaX2*e_@YrdmMz!MX(^&KeqV2+F+us}Hf876@o-EEuL5%%0_(-GEx1pl{rL
zJPwa%5f<)g;Z)Jti=YqG&0m6jxuOHx%tx?$dwS?~dQMoCPuqDTUrtK(K2+xOU28NX
zCT!-nU~ltjO!$&d#oY$DDyQ@14C%wfs+)S}Q>$+7r4Rh6-ZRO?f-pE%?&Wuq(Y<C-
z9d@j@4jW%sOR?)0s!6U7;i0VjKI%BhbzosD#qst++FyDWQG0ho#9AU;W5y1MDUGgP
z)Xlkv27ZDb+^so?J-%o;HUHS6l~hB}H^%uHLLhN&1f4hilAqMj+*gZT-$y6Vhx=Aj
z>_7BPQVru7bYu4!TB_&sGiXRyxtMNTzL@5DZ!rxLL;Vysv_OH*-O>1avPjrFP=kHe
zUyI$-Pr2zhRAsmHvM)$6s6pC{bpxxYz4QaLJ+}_faQyCof*M*hD5V<f2I<}R47#Wu
zWC`7~eu<T|ZxqJ&`#Y{bgLLJ?gFNiBB^~5|8xB;Qv#CU4Y<h@|jSkUXI5{*)a;RWv
z6n!m^ljufpyf)NK?ed>P8j|CFXv{m#`QZ?R*$#~0@GtG4I5scUaUK&<HYe!Q$#-6b
zo=k8d*zu(`oO^nyL4t0T1s})wYdSE(64GUCa_#3kVOer;YlI9eVqj(&jZ9Z9qcETc
zmSMFUH-As&JA&iKWmHAe1WjMD<<Q2H)?K-rw(i>H3eJP`shtVB{KJj4ClBbA<#ZKy
zY&m`2s{|@i78lg>uN&_Yk+CEY)?oJuddUG8eDi*s{BWF9jTksCpwmdBkUmG#iN+S;
znUrl_6|N>H_w>Q+v1Q?-WLi$a$ty(^CU1g<pEtJb5P39*Wp&seMKt7pC89%j<uDx_
z=MBp_sGZV?p!s>57LdV7%=>Pbc5bfNM(v#t)2clzrqf)lgof4)5;Mhfzr;k!mxNLr
z#Xh^1G~;1eJtmUUCt#G0bEcs6iHIWT0C-#sZPSNslT~9+NogPWK&qq`92}uy{R`;z
zXFfM&hXG8n-abMpd;qRdHM#k-lLP-8p#^V|8A(}Yph?CWd8=vFIM_8ZIt}fSnMsa|
zU`F_^&k%*yq!vFaV__>t>nRcRqe_x%JM{V#cKJclrw_~6*uhcSr{5l>gk*HVLUE(<
zb6V><Y;vrPV}zv@p)5f+?0)8>lNO#FLx6s3Wi45@{TVJ!a1nHS(}xF6TLQtp7-N&7
zY+pe|R|;A;{pN4)Il0uPl~vdUD_S_a7f`DZ^r2kZ4HX)|4y~Y3@vkc;NJaie;N6x-
zTVZ$%V1bo1OqW*DCO@!p4QG2dwGcshU+#`#O{=KD`3TO9-f;XViMfQIz^&(N!^%u_
zHkcuj;&14C6G8JwZhH=fNFTw3y|9Y90ZhUJTl3;SOyusZtLfbbSFh$=fKZzf^yXbn
zmq51|z;0gMNgcx<R?``WF-`-hd7LuGWzc3<3$lNQ!Q6?BpUK2t9H%w@%Q%g8^UtJ1
zYTb#(jc1Nh>%MiOr+v*RX`UBh@)<7|canj*cTF``Uemz&rj?S7pxbB0E~0>A4ee^L
ztQq4hrq7w6U#|G*IM$BRIoE{JTV0MW<Je*35(iDtPs+ER2eWuDPn-7<w%bD+fS}z+
zU#W#-1ME4v1R?0uBNt#dF6hL}a@vDqa$2u@<Rhf;3x?;-yO$|7!(0Y25ekneIFz0X
z6m*i>s93@2^HEX|^gEd`eUkmz6YPIhjFAggLgPLzL%t%to>*{P+0H4jsp$lLedWQc
zv7UNzH=b=aNhtC-Z3}|FJdM43(v%M?>GM9M9OhKfs}S_F?n@uTI4TMnABKCj>CU;4
zymNO}H8vYk-T>uZS4gOxv02qhO0Nf1OF3(|Q@sTJVEQ*~>?_p?uv2S0>VniLNrSzY
zowzhD!9FN<Vh^clfP7WGg0mdLHE}uw{f~Zl=j_sqaIRTIbrSTYFNS(CuV$RI&3mv4
zUH;Z}dDt<8{ZT{bz%Mj(_7!REl!%vUY2<uUO9SQ-otASweGMdNYy5ZBSmTB+jH9jD
zuB*fL>S(V&1R0}rR1<Xfp|5|zZm}*RnCugD(VLi{0r{~BD(O58A@8-~pVwiGjqpl0
z!NtzhQ#bi$=-VG~hd(6;woSBQ+w`<2-J_>&TyH?zKldHqfHh{iux%5yn7}|?`a%$N
zZb9YuVBV7hwOIZ6^K0&a1BA`6JqGHsLUgpe_$MtPC$`y$U@MJO=)=>Q_wwYrAl4f^
zv34!C^rBYIPI?J~zWv405sd9zguP<wAfd6BzTFV?&Myl^QUGWtf&u&_Z>9kBaws<;
z1wmIFsb*pCX^ABkkfpZ)mdvDxx0^iFkyK1Nsm8iV`l@x`Bwd9apQO<I2Wakyd+R~$
zh<OQCG*kCZKfEMhKmFE(&854rw3Xed4aU=yYj#6#AT}ZBB~Pxp4bGzxtItALU(*(P
zkB2Q(74#|rhWq|<9`;q9SdNE{Tk9yfj8@ubuCr1%G(AL~FXq3z7rPoNHfdpDowjDq
zc`)M;dlK}GPTy_hsX?)@kc}=#F0rlTG%caH2+Fwi_vc_sElaTDHaZlW>?&$Yk6lZ;
z^~>-SEJwWeV`r|Vc6!TBC%P}~bm<^*&>EfP7^fyb=Aa{v<us71Tn|^dBxc`5%Dd6Q
z#ClxS*j3JEa&Tt{d<L3~m#_ntMc9eKx1F>^UplFbJ0C*cB@f>@M+!o4g<W)vo$I3D
zZV(;^KB(G6uJaeyd~)$s(5Ndud^S$*yxiTv*+}~aL4TCLjFa5U-7M@ScLTP?T|;Sb
zy_+s#zI0RDzXF5hzH6`WkY`Oe95E#_MOSI%DXLhX54k#De`g$mz#@|4UsH7UY4WH!
z3u#Cv=*B~P_nioG?0ruyhIuG~KZW6X0nf6A)bo80T?75-q0@$JEuER?*3!537uHg7
z{s;Kj_3hK<Fd1p%>-ePlZ@?7&yU%YAkXnwfV_`eiHF55P^%LPJ1XaC#{n?~Whu6_g
z^3}Q#$_7L0S93n5b3Z}v_?LJcHV$2#vx$XWzn;yRkyGmsbk{mT28J0i$iY5ZzkphT
zxq&vLX9H!R3TX9Z3x5ni%n@QoHqdzUuMKqE={M5p{Q8ab{o{*`6ck+wC*G<#KZ%Ko
ztyp)K1^4Ly51-${CS&?y`cSc(Hm&9$@TGxJkDw3V_1taP-!@HA;%L0<sm5L2Ak}E{
z(eF=1pM>h!>!U9`&}IAhzuZ6~Od?Q+z3)S?aX)ROjec6t`}}s&&;-uK-YytPTSE4J
zbu=E#ma@5Ef=GgIET?25DEk$|Strs?FLuD!%`@l}Dw9n`I4~jjNk{J8)`IPhB3LSb
zU=IZvIa}aq5)1@AUa|XWh$>y!-vf&&$vc8Zsu2rPwcS4GjUPSw!eZ$A1RERsTad!u
zVTei=!Ly2!10x~&B+Mbo-Tw(WxZNwxgnmOzWnm5BI_%{T6|h&rb-9I~?a<Rs3{tuJ
z3^-tTLiH@f^o8V%aJZec&be@4$0htC=^?~&_lEn)feWG89(z1{<H=*C2J5hf2<<|G
z2<;o^Md(v}KjNnJToI*!lLh_w!PFZ}jItMPju)adK5=67S#6BbL3BfmLJU2$W9)-{
zNfIfEoqvg)K`lKnZKWFLPSZD@H>amaiT@7gJbu+{AHuXmDgR5X77NCy%P=2G60#_Q
zC-o!-AB@wg{3%Y?0D=Vd=#znNo2%)})8|O+UyI?1X3l;H0>nWRRCV2BSCURh30R9&
zB^Oe%ElJV`epb@LX@)>YOd)9SorjNO!s#K5m7?EjmZWGKlu}YsjgvmM)kdk&lV)})
zQi+5&86X_iR!1#IP`~1$>tNt7!uV+#`$y8NDG>^3y1scdjdBjq^%y}nL|HbheufVJ
zO*8b7{b7dA49pB2;8PhY!0&>daCraFM$)N{<!Z3^GJI+eMwTiiiqMJfdZ}E3##n}3
zm8D1bWvQFpwQ&BeU2m;``K${g<}b^&Q}cDXU*!j{hTy2f_MPB(IY+D0n5WYH2I&50
zWH0(V>Hf!Zwb(29YV5K+9VEBqY0vsJPiM>F*%j1Y=~?P(^cM*6FWkBJQj9P!vA~8|
zCicl}1I6|IEDbio0&SNo3-nRGS5R{1(X}u^7d^9OD+~_$^fnji;_h&f25F>3=UhW+
z6{i8ZAK?Q8jX$>O2zG6Wy2kJ!vOMw$^KO`zTCl&DhA1%>lzp7NH0BWW;4gRdW82CB
zTFCMS&Jp^)K~PXNF2F9^ti|p-i@xc+d{&5Jm7TqoBcoXf`oLA<GqA>UwAkOyhQDv2
z>n(y77k`(61Di+}ydK)9Z9#c4$@%0tt(*sGPJ$l){*LF#f#v76a%$ko6M7NUwDD2+
zyBxUo^>E-UT6%&u?3!DPJ$`P45^2fY4As~*m!lfI&9t=VZ4Psq>Bk#_3MADpV&8AJ
za_VXG5%kA%LSDGdDs0V#2)6q?x&nXvyd<@l@ccNbLmYY?+H3d|)_y^P8oBI(6xBF>
z!8FyFzL4&D|3X><?M1WH(32O%sD|+3DAl;>Vn4a?&k$yeTQB?uo_!0}bBUxwLqh^V
zZ#+}??1>D5VvO^|*se>OI3^ka2<mz6AHT!)UqTnS3oeaQt8ck<EvG=+jG)C^Ht)e+
zxM&q7y=)<;8*WKhnV=teu2<3nZ0!Ea=v&dtm!+w7(973Sjop{KIbYJpM$q@3IIk9~
zxq|lUz!hGK?fEM#oQvs0Bxvcd&59YZ`PfEvBb&~C^J%#-|CMxMyzffd$v?Z2E}n%~
z(Fl6!Ra9Yl5A?QYCuR3TOlZOMSM^}cTWIGLZK1DM7oTYSc?%uo^S4q-?ujMvZZep7
z2ID|UcI`m^O_E!-(t-ZT*5#BU9ouM0Hf*Cq^4@Lq-ShKpbU`M&ny!b>y_%l>)YWv5
zGPhGtb~i(}dA8zU4+Ogwth9}TWwz6BwsZRsdH&}^4t&d=E!fN3Wz^O+*cjDNVYD6>
zV=GABgOK;NCy!^K9%r;?g5Ed*;5rCl#Ay<AaNqAQ#cFqmN$%f4_jqURn&p^whk#n}
ztR1U_j9)5Ac7iTjJ&`=&UeLbte9@%9pGu@t*<j`h+DWiac2KG10pyzBEd&2Nud)T(
zbkI_j%*W#oJbLi0ng_0VX=phs9L)I(fq@5J{UOc36vqWEeIZyEnZ3ElQhxusb^Y*f
z0k-MK)(37ozM&I8hsSuc8eiAV5LSTwhbl(Fv6Yp*fd5-26YRBA)dS8Q3^v$wbEOib
z?_{)r@QO+|IJ}HC2=<@JaDe5n)G&dymyyMv>1F(eh0hK$Mi>=?2<RSS+zmc@l+lF0
zJ;eCKQXraQECT;@GggCV-3$r1#?2VQ?Nf~3GFV~%fN&{a2$D+~-T1<_jE+it)dt2x
z2srdPvzvFq2FqjFRI-0?C4wOQXowGZQARJ=5M|6~@WEM8#yBS0%fnxdGDf>_<3)^~
zMR?*aM*2eh{iPL6!}#ir74>!C<LL@62tHlW3KqmG+Q4J6ig9r7`xOYd53Q&H8)Fr<
z;M{mc59pn)xEzS%70uv_>59gaGo1gGnZ;Zd2+sBo5_7J@yAu@}As)P`qIW*N`{9b;
zLIFQxHG*V&BNH6m*H#5A$(j~C{Z7R_ZB_hSBnYnlx}q0fbFAVy1h4(E;z)HBKa|RV
zqq{1l_##GS{VH6zx^nFTFtd`;i9fftGFFdUB9+JLz&F{-RuIfpwu8OjFj-))kXa3K
zhDr|DZ>*{Xm*y%LvzGEh@E4{*aOkm09{ymil0Ae!y{qzq7I5a43Ld`cfl9OyOx?w3
zsCJ|S-W>k=fyx;vc<MiETEWHNRdOpO%SB+<ca>}E#mhuOzHn^C@Yo6o{@Hhx6%1_g
zb*=b<e^s_sf?uAjtp|JFVb$Q@9<OY!!TYMKHrL^gajIloa7%p^4|ES!vGC+TRYND<
zpsKo~61=9Z>SrLJ_aYW|Cx=mk_v@<Iw}M+Fj8^>0&#FFc1N|eFE%+8j^(8j~|H10T
zVDGMmY9N_rc7davOc@@$x%!(kz%ze<X2s8CE&_oYn4LQ(>Z`yn*EO*4KRi`kVt~Gp
zN-j8dC36_x_DuCf8^JCMs~2qMAOf)2Tx$WFxXcl-WJPQ1&TTC<;E4nELZX4+-Oof3
z@C?pe0Ib7I6udmlTnH>@Gv|{c;9X+orCxB~Iwk^+{ucgq+YV+s@UKU@!J4*)Ua)_t
zt_l48ETkRutY^LsHtuA;0bO$%Fgx+D0JDMt3O6uXz$+d&se1#HR|UOy0GxLnvy(AE
za#iscFXn@<zNqI`4)V_eORr~k0Q>b!HOOpY_S8fFC(1+q^40u)uzv$nT5}G9<T545
z*~@5H34|M&Nf5k&IS9-fnM*<C5ngLGu>&Om_%ICPqkB8Ec{!ZcSB|F9j6VXOiutSg
z$zXx+IoUBlgcdO|m&phDz2M55nL~gZtLp>b?P7`sm-nSJDSt4VRb?`%%-~XfUnZEF
z^~T{WxbUfYtHCojGkd^WuT}GbeHSw_@T-Xw|7n6O8~4W{#tnc2AJ;6z7v0AEbU||>
zm`G(x>bN%y#q8%V3-E!Xsc|t79b^iSQ-k1_wbk8#znH<o_a9_#S%lyE2~)xVM?Yl>
zaMq{H1<m-`KQftOaMh*kPVmcF%?Ma?cC!Jj{+7$azg*5LvB9Ftn+L%St66^V_^X_H
z5K^<o@bNQQk1fSHan?pQ{+qK|kMz_=li8d%9uH=~dAnIU@XL*?Yr*D4)m0$cS=#^_
z29f#T&`m5Mu-wdQ2eUV`y1}bgR(5nmlYwB7zj~Z7)eJmY(n>@d>~++%)h_d<qy7A|
z&*p=}H?vl02!?zz8_W$5Ecs|Am|fdPF0r1p8MHEidjq}xR6cnc(;zVsGM*6elijQ#
zz`2FRJ5B6mx3D_!6}wq~=?53cYP-Phr)nBN_j9as!NKQPZXohkcjA{n&oWelWFz$D
zPY<yc;!Urxu4MpJ#b^ib2$6dHox`l>`|&;BvzA4`BR5sm<GtRR-&ZZo=ELD&HWy7L
z*Y@YU8JK$d*Dpo-PVa`vk$~>?2(X-A(E^0d)+%uH6V_rp6|Q-Rzl2aKnk5wv1pTQ%
zFtD~SS4s!hukA~F{nOrXa6PFb!Uuzw)yTkxOKa*u?y{OWMj9NytVRIRSJc$vj>~Iy
z)PVloj0Ujo=9=??@Wz^IJb~4GjgXx<?7X8M?EXs|3vlkN=>dYPY7qR(-_|_%1o&&R
zmJMEcfXl>>#cTg$1dH1ljbKev?Mj^eXf3`1QLF3<?MAH%RpQToQ+sbczP$o*s=?+x
zbqLNeAs0*m)}2UmRUn$pfv!7|QN}so=x-1%2;7CV;RAOezEvQ1c~uM8^$|4VvmYY^
zn{ipF?mq^==U3FZfq84)75Kt!b#Jb(P8E{S#~3%%wt==U>wZAU@A0)81nU9!?{)tI
z&mF7l2Ro2@F8Eqp-wArYsxyQ1S9NV*;;p&{a0scFcIP6|?6PrkA`G3rgg57ptnDYi
z``3eSzpC2{etfE~2Y>$Sx}O*WzIe))74$Ffiw1(pTr?Dg@2LG}62(Fq77MHU`OEoa
z>G04ubzPN}nP3QC@O|Brl?*ZX;K#atN?yF_c-{33(DWxL$Kjvqx+_*fi2u1x2hRDV
zmIwCS$U;E&=ejFF{+GH3miAHdMYCr3>nd-KK%ri`55h|<=+CX~Pv?E{sK0+b#&{0q
zIIOPc!7u9HW`Oc5b=@FQS>FwIf5)l;^_BH&2vxek<es`ZaIB)f6--W4SL0hN>#M40
z(Qahb!%Q{)R$T{S9SM_+z+SKhYiMH)crzJqX>ex`iwm|LtE&Zn;WluA@ZP#AaBp4x
zJHYH=E+)=+0XTeRy#T+TUEjq7n{H=R?YxuG4AS0aHvVE;{iC&D?@e{JwUIF2@6GX-
zWx&r5*Xi*Wdg`B$P>ytd1;m4i-`8=#g5~u+_=ooTRt8`T>RG_>V`VMa<g6b9=YP=D
z0eXb>_4sqn`ma!6y}90jFSxG$zDlC$#D{OH=P+>Cyu1nY?W@1Ca^bop_`|;X<@47q
zgmz13qCpsYrF9GW-Yg#)F9>mD`9i$v{`zAcys@ESv=Qw3l)=LjT@5`IWD^ig0Jmts
zk90TG*Me{Q8aSZ3zd>3Zj^^TCFtebc75Dcylzrfq>lzk-A1-U)fu_H)J9l2#$^v_S
z-%yRea7Due3$NYLaNPp%@$VYO@ptZTcwDvsmcbkINpB)J(4XxeT#B6bo#`LM>pyFF
z<P03b`GJc7-_Y0&_-{AX;j6E0G~b3FUdjGfJ7{&Vzs8R_+35=Wr78A{OTgg^*>e2M
zi`XyMfG>|WLql$19|iw#G&F(Et?XssXtJgjG~m@WY<L9zh^puhrU^jGf&+i9;{xYF
z&N3KaY<(s8XghleIB+GqjX6kSDn7G=E$eEgJusWgM3Z4xG?0schxV}Vtb+v^3?TT=
z&-kms=5<Z&VD~l6tsr$ftP=}+*%urCecnJi6AW+61k-V^AL=jYTDNxXhQ#_M2?0@b
z!=JvBYc3n7ngf0DXfilB2%7e>&u{+saS-{2vjFVf$L97ynfnqj1w%;8u3b;W_rI?O
z{<x2=>ilmc>&wA&4Gsd~{cIt;5S&o$q!?h+{p>|Gq%doR>%o0+L-5G`>;~}6{p^k4
z$apiW+KRgPXM=4*Rxd7jfc-aiB`iZg*Fp9WQGaxRBQbbo_<gvk5zPO-xvnlqB&J*>
zlPd7RhTfKr>L6ir@M;{|FuIh}4e|%swnYdZ;rG!s&a!cs1$4=DJ|~AcE<jcya1Ka4
z&29tl9)xFi@M-v${3*5+e7l9c09^PKyBCCRV736wR<@y;$Rxy7h~K*!+J@Mln7XDq
z2<;vO|M4{2#t4F%XW0BIn3nmV{~2}<@IS*wiJ>v@_A~6ZI!fNYA|dImPq7um_!W5L
zv+TFou;@DJ9&<-H*MfqD+k}7eNA~3`BzjV4e8c<fE!9AH3-r^U|H8hulg!!ld7NS+
zYy)<F#6Aaa`j}ndfuUO<Ky3cHtwutr4iowbGYldyztgyRvXeOcQ!M!A<LnEEz?0(~
z9<CbTJPz~rPfcz3nk5|GQt<I#8=Ap(C+9Hurj6Bt&$>7t4TI~yX==te*H(kn<s3O!
z@k(v;&K1oIz>&*2O(6O%gv2LyaE8H(yWyw$3eF<%&MmdApzazD8(ew?XAH!C)5HaP
zf74tIR$jw_Rq+*^UEs1;n63EMD>>KHfXQn(9C8?k!!MY?tsimTYt07Zp%p7&ki~<^
zfj%nOz`jFGEAjmwb8b$8-EY@4;YoW_jsY5W)U^|pJ^quUY0DyBG)YvN1JF(4`9xAj
zlvU6z5a2C0_2LIgO=(VbpFbFngMH^#bm13X-t<!i)qy{JRg)G0=4+dH;3&7L1u!pZ
zS_}%;Hc6@oe*B?po7`7dK`>niHm~BW0%=8aKiE`mrhcml65{4MutwQjhwoj|{9+F*
zEUMZ-qr15ouhTaxt3Y@^XEXlTWOLF6N;fwD39r1p`Tb`6vxl1B@5DcOwRtU%usElF
zHD4-}2xUZ-KL9p;+T4Yo{b}=x8vL(cHCNYwh8x%j*#A{?EzbO*d2uE9$C~!0!QcrD
zBP$<RY3DOZvd|_Af21!0Zv?O&T{aHpzG|KiF8`?+sUZ@OKLWRyDYbA}go7dcb3hZ?
z3bUH3sR`fmbMp;>%IRPUKhxjR#vmkV2Z=ySfo$PF1zLU{qV6X3SGRQIp{rZAR)M;m
zElxmuw?XOqe5G74t4O7z!2lU!10b`r<qXjL+m=qScW2Ap;0!s^f#*QW_l+RY+={?g
zgqC`+X-7*f_}gz<8gc2JEt{D5_@0(CIrs}twA@kyuY>zuZ*BpceQgMF`N5xgu7%G4
zZ8x`w!1lkgTkxtES{{6uFe4j0e?e<KsQ#MAt{aC2l@5yugW_LZ(E2kQtURxxg++7`
z<up{R74+<YY3h$zc;{ZRqtz+^OYF4>{=vc44GlHfLX<MpnXk4EkXNo-4!5?k6y{N>
zuzv-(`PJ4Z@B^>43K+QKjn=a(!IrmL=i|}0TK850={v10mu!6(`uV$Un#~O-Y8NsR
z@lV%rw{yVsG`ABp9pbc9Li>YF{-z~>k><A7^m&unLNEi1$|Uy@Mm2Qkd=Sh`b6dgD
z!yMkuG`9m>TE(l!SERX7D0zX~2C9o(J$`<Xdq1Ow@OJ`909xj@fVndFYtZVgZvnqO
zi@Om#U~OmvyKm&yfzbzRy1>nb+9trs@@l|M=W;#Z&5K%_!QL}?ZQ$5V+;M#LJZ=>m
ze0?o*KK|J@?uQJJUQz>ByoOs1{<@vJ670W;TLYSQK)HGV{CpJSN*PhAV;kUF@ym8_
zQ3l{&$CUv7TX4&so!lU}^g6B;JYCC!ckk=Cn{W@{w%36l04&VFt=!*%_j{o6ufC1D
z6ai`%?+ii^5$LYwvB7iqaUZ}R-oq8Ls)Gq{G!CX8<w~nmMpOqjJ_Mz0c$5pT4E#^I
zy+|M!iYB8(Vkb7~+xZ5x(7lJaT~!1?f;~5LhZ+c{KN&2*@CsK5&V7aJS#oMB6&5s{
z!ZV1%2aurh<jMo!_P4mbV9{Z&py|{km_CSl7>^(3zFvXt{kavCUWcb}SPwCN4-48^
zdYIeIN%@HS_0(D?q*Q`s?{b@g;SH{t`)eM!a&&Md*z+b=j30S}>t}$klu%zzJ+B>L
zf8=)Hul<qBtLQ(q=)mH>U_6+B)jFK|>(z)Id%@7#T<5<FbH&@-v;Mu8^A2|-V-UQ$
zs-+biI;WxufAk%0OEp-vx2XZ7j&c`+`JZyvf=zq4RbbTzTpp<IgGX%noZAC-Y_Ea|
z>jSQi1@jP5!GI4`ycY1nyYN(g{(!r5in`WqB&+NJn#bmkz*9bPV<l!$JusUQuX`J*
z``-ZB4kn4a;IC&Ad7072>ufq@1!{X6IFH3^1riH%_Md-g>jbV3x&7e6Rh-j(|J(oM
z{#*$TAK`R@r|a8WK=&3d7aXbLA-L)b?k7CpspjbkXXAk_H$mTDzlX~Lg*Ch;Fv;Wv
z!6Fu~8UKdK+rt3AwDP(bXM#0l7$%cDxr5-X8eV<#Ab$nFFH7nOufT-MfX`}pJ8)3T
zd$<A|sc&QfZJApSQmwop_(sMXqF#RBVx3@h8?PU1dz;GyuXB0OTNd#~>!X7N#8G!+
zAmT#vUdrV)g5_^P0ng<^7uo+Vx2MrYJQ<L1LU<E+fy)zupOh6W@a((XcJ_ZAT?$_1
z@_NCR3V79lhsU{Q6^y~J55n~t+jw=q5~7a?7P5Syujk|@@KIv@{~}jCB@V#}E9V!v
zyhY%b4qi(Y`3VK+t|X4}93HO^9J>&@7TU&ZmBat$k;oGFm%b?ZW<q?Q^85djD7~G~
zCf9fHMj>Fm*TExjtGko8&~^@dqB@5kgioS`Hng$$<daF#A54Y#L}@~#4oYtRYFIuJ
zb>wMk(#N`N9HN3ZAJ2h5ck-sd`Iojf<G-utJys36f97`K`7T~%1-Q5e9^h@=JSq5y
z!|MS*b@ROVH4AuL26*!<7#)vBYwN&g94P9iJv@Nl&F7s_4JsD%9DsiZcL4y4dCLK3
zQ$;8K{$k#uYRXYxUe4p;_b=sz8QAm%&ET_%+FE?~a^6pM3_E`N3Z8=j-}VS3vquv_
zu;6iSPgDQYvc$5$I=gm7bVYV~-rNr^Ud6+}ecy1Gftl63r@&zZit*B|+(vx+IPV(<
zV4={po?pXTj6WdfX)C~HHLn$c&pA|t4gf^O>#Brl2xqE!TdTo-J#Q!YYnaguAD>}r
z`T7>53;e;wYsCM<z{@bf5*tqd_Q~7fledlcHJjL|9<K`UUaSV^^zjyhni%gboIlM&
zYry4R=m)MmuMPh+$AeF}tJ<1t!DX|&jo|fBc&i`*_Lc%%uD8gW1yB9}L0wSd%?HWr
zxNNYe#47{G!Wx)(j=~3=Xqk8QowbtDF_Bmz9hKsh3)=(C)4tOK?P|uUZ}7xm`yHn~
zu_Lc_;Fm0EUw9e|e*aKAtKt+7cyd|$?$bV}m$$o4`+RYE`!A<H@z(|I`)f{pgBwTN
zCr^Fi{~T@a@2K%6`Jz$2P=YVAw%=Nz41_{n*;sJI>m3^thosWc;OOw^sKo0F$$UPk
z#21oCgkImsNH91i3XBeWhh^T8VOeM-H0+hYTc-qBv<McIm7T4ZbUWJdZbwIrpxFhh
z-K;I>&u4;sGx@#(L@PSGz**;Z41oPlwD*JRW9?1gk#pMHDi!hwcy*$)WlpC=gYvM+
zDMwRAL@f%$eVSrfr}9MniNLH*O?^9tow0y>B5t%63Yzeg(rK|6lyZ~X<0@wTCAntG
zJ(2X4<ccYmG^0~V<wpBd0WqN@qf)65QH&x}d`j#rd2Dh^z%`Nex{P55NU!Q#C@5$n
zeiLF;`isVxs%*6T3#PI|=z^Wbn2zWZ8kH#37yEA|Cj>|Se@RXVjzAUv50Zn&{GGL6
z&E}52xx7zi8w&>YW`#l%oJ6hiiQrJiRV>=4XNtLGPOK;@r0O_o6d_SfK<FGYhhhf!
z@|zl!jg7=q!=-pknO3JvsTp@Hl`eYGX{~fJ=1@)xB%)}}n3nsbGU4P@Og0&G<i>K-
z_Jn!TAQB@{p(!>Z3)<%dO1V*sYV5g)8Lp@b&6eDefYP7U&RBzHO-y2wjhgaSN#2x?
zrltCjL^+yQ1l$FY!Det3GNXo3nSB)TO*kXkc*rf+sY+qdgjAX`#mcgfVM>y<N;0D0
zh`?)-d7LG^!Io7e3~5`;oCufodAU2`a?VcKoWrHGKOvFim4>Js(F?VSNwqg*^W?ID
z*%`e%<d+Ah)T4zd6Dki$ivmkQP*zF93X3#uEuyoiA61(r0!db=opnu547q{=Tf9(=
zqhX^QK~YUC9EP5t)5(oso2|2bQaP<bMUH^BU?~y)VVFU)DaDLNuZai)T6Dxv8jJZ8
zg*@Wd<kALsmm(a*lTepD!=w4B;jx@S94Py>6R|0qlwbtC+74b&NUo_2TU>IvC4t1P
z)0W|2G!mC;1!8&9le1Wcgh`{`3mq{_go0HVlj}4yMx7=Zh7<lr{uzxNiH_LhQRV;W
z!T*~BBmdXf`@e)9LdITiRYHMUfaTGSt~tZBGwZNf%L=m&9vuW%LDU;8`AucFUY4*Z
z^&!oa$6@q26O+T4*@DR{b%^8IY{cyM1T~_dF(B|LC(K%>*eOnr4Vh#@k;yHN2R%Z>
z7ZHwTlBK|KL8p}4ibY$=F(e-{1rxJQcp3?vCKe5qN9NLURAO^`rAA3Gn<`l4*=eiN
zY>}F@e!Vg#geNaD+2S!|Mq7&Jyh2HOayTdOd%ar0klQbi$+Bfva$4fk1kx&0I#aZ&
zvzDYWUiSINX5!PL;G{Vr6itL99#Jr$5{ak6Q$xWlq8bh<eLi);nk=t(#v`h+sB0`R
zqt|9)mW;Ph6qbE@^NgpM@Fv`22J@83s*i~E2Fa8$m6TWvwpoWd?J&qkQhD{n!~~Kn
z#b<{#!eS`o9!*(MZDdq3>k1TxT&67OeV}~-zWBlpcx!&`r;ZNbE_ZeUp`)F@SUaOs
zDCB8H7%k}JXjo@OjU|axHa4lZX2w#vVj^uVWR<}DXa{$$;E$;cMwE1X6(Wxq6*je_
zsIsGG3dH?(g=#|N(Wna^w@GNUP8HM?4C_?|k;&^am3(3d!zH;fpt0nQR!c!e<2j-#
z<l+XWX~gRa<RO?VEp}DZs6dHuP@zSm$L@;9=KP7VvIhdU$0o7|6Y-=kF&cIx#%2Qw
zVgede7lZ|q9Th?_pMt=xlbDoNFYGLu$|wZ!Q+-CQuBa%Z6O`Cfc62)8G+I>!Wr55Z
zT2&#U2)L{fzs6Zc0!o$3D7R?Pbx;;X#AqU9IU$N&Yn?X4R1PByLqb+X(P%hbJd03O
z)Wy&+wUg0~XdI&Slz3v+53`z1<H$M0>9l89Itw20bx7tA)S}FlP^B~Mo;6LPa&6g^
zR~2mPv_WgLC>2_dLlVlFr%fuy$WUfTr|_AzQIkkFoX<}R?5aRXF3pb0;;FLBS9EKT
zfOsTg7?OvkGgC>C7&@!NI69I`W(`BIbQw-3ZIZmATrx;JPWO<(n4JyHIU*xww_7?h
zgC_H00%YLnC#4D7h`@xTW&$QOr4xi_O6p=>Wu8_AJ#jQ$^rww8C9e;ijTK#X?WAo&
zpw8q%?lFN9RZmSAG$T^a5bDt?ygpS>>(1G&zL+1eSOpVNvDW33+hb9YRbrOOgj2D(
zoNvr)&Wbz}LP^q6kQKB(Nx+s#c(OBIL3At~DQR@ViI7Z{gulLpyjtCe#ps+s%rmZ`
z*i5=OGF%=Rvu38fvm#l@=|p9sNM4#tI%gHOOd&WVCa|1>a*G&3xyo3UC*|RAMjlqF
z<rcqu4z*Z)h*3RV(4$j2ePIfsutRG^H5x4m>+<qsbad9AFhvXrN6t?logons8HOR;
zi(wkDoIX#lL3FN@`9K^H`}5E_%Czt1;epJO{;M*{4GB{zKxURXm}C6V5fO;)VLAMO
zXs<wBQ-yF?9hHX*gtRJjN|Vx{Fk&q#qTgavgf$99R)bm`YB`K#b)=XIXsrc8-T>Sf
z`8R=KKsrRJSt6t9!l#5r!*e>gqROF7>EtR@E=Lt88bIX{R3kx$!tydYDMS(2F^o>C
zP+wRsB^X95@)D}GpdO1ni)w@f9YH6jQGY?1Mm1sTo8l`I{1o35>MO{T2&z$`9#k1Y
zp`|4j`CJOsjH1CX8YTvGsN9ZfQv@em*-tQJiJhh_av^GluQ<ONNB#=~6wzOhr->~c
z1t=0+a4HOU(iG4jAtL-Hb%W!O4}LpPzaR`JKxG3c8iulEX<-Y*R&ipcmsmloBa~00
z$`k;MuHHG11<er(AVG4vpBSA*6%y2o%0;MRl-S>ks*R{Cj6$Ppbp#@4t)r^2A1#D^
zLijTi4*P=e$EG>qGzhFB{#UQ@>AdpTT%tHV<tEFHECIm(cHBbKBw{`ddnW9<!f8Mi
zH^$^P-|(1_=!c+{wTm2MzZzFsY(?{lH4p;82xbxiqw=EB>^Oz}29<FP<_5vku(K4<
z#1jzvBLR)m=5c#wr-s!+uWKxC*Tl;KWiIM<Nh63qISmd3y0~*Xjf=933g!k$Av~3r
zt2FVvCozWp*U)iI2g-7h(Pk_lItyLw%hRW4nUe{nAcMvJ$vi=$IRVy%g6X7=*-3cw
zh|Jj$SL`&7U%|a?*dv5+Z#AN$B-}%_b(W+PnqD6Fi!J|_R1jF1Wl4Q(Mpf8rDTKWm
z=mf#A&FyeaP1$`$M_whIRf#PV%2|7^ES^ibz0(1uykxXw3kpgvjjAxAbJ|r_<bT>$
z9YY;dhDq6#rya6RRTO#@lA>CP+NklYT`^209fZg_I*2?*o35avuS=>>G5+705awjk
zJ%|b6hzczmV#!%p25Dx8qhgIWj%XDHGpqyxq_P%?N*%U1iX-xgfYlR;n6gEi#BLk4
z2hi!su}QHRd~i``*PIFF!=%O&bJ=8iw-z-Dbd#e_pH>(P2eO`MXtH3>hG(oLnKf=L
z$l@7eN*kK-sw~M7fi5j}2h*a^Y)qv0tBMmYiDF2tLZETAmNHtjB(!l^E*YONIeg+F
zwO%ta6Do=Xl3+wTqmmlYQYt-_4bI7O%IRUDXe2y5kt~NNvs$N9VkicDzOkrN;6+A9
z!jfd!p-~tm(YQ}$5`{`bt}&_9J60T-aXAyS8CBdB7vw^@$*eUYGL9+r+MEJaNi;=C
zRvWTL93DeDq8A5(5j|3Jda@#^K9dYNCnil3X2+0ey>nWw^(7{J8e2#=G&V8nlbC}#
zvBDWmIP6n?*{Hy1HX2Q3nWGSmqJEi5o|B5a@rXr^*hZ$UNn3ozkdp_(ex*4Zl`D${
zbJ!%51{ArXN2hS$46NfXgNx8~8veT8OFU{TQ2sLhgg5O?2D3rFCI$aDZ<2WD1&mO8
zA5jhVHl<)Oh^C?^ia~hSx#fX&?ws;h-l%sdReqx!W+190vLm*Hx&SZWasRL*Y#kmO
z_P8hVK9@6pvUs9uBa_7~FZeX^*p%Cv_6<u<m2G8J$!OOVVfj{o<(r%?+o;YU(Mxn1
zRmNY1SlV*hvw&VzH0fa|Mtlip8Q%1@KCvf`_!H8c$0a?z9yP#vRPNWx;WGe%OYvFX
zv`G%qWq6ZD6k$EQl&H}3us9r0jc8*d4vjbwjSfq^9^0_R<PV{GxhFq4lh+yzxrv#{
zQT0e}A`pp9%?uUOGk$r-rf~!<Vr9}QK|=8%eMoAX776`2fm7~v=B=rWB2rFiXVal#
z)MinQ=8_>--l~d}O<`})Gp8uXObWBlt?*6z-3hZuBbDkh346hxF(Cz~FBjEh+$rUB
zM6UK{Q?ss7t59ur$1Ko69U;9-6tvBnO#X~i?u;t5g2}kWI_58^C#C+F+BM>u8rBLF
z=HT=gszPFB@vP4$wgj_@_+%noGLCxmO3R$Xt&fUiS#M}cG^-dIQwnC3(MZnXQpEzv
zm@=<%O^=FZ@@1obW;hs_5@$R^$th<ZNtRN2pLA5Iw=3Lw`S56Nbj+c5NUg@uH2h~j
z;e=pjA|{<yxki<fQ&xBrLoKL0CD8;SKKhLEQ`g=Fa=F!kxU$)VS*$h2Ra2&T+&tqI
z#w^nUsUiS=Hg)jkTm&v!g;u#*S8(X9lSWnHq+1|zl&I$kzX%u9)b&EIL<NcXh&z$g
zm*WYUI1x7p;`wx;s4Jrp8W)Y4{G=k4pH#+&CY3X=oefSZk=e;fMGkhP;ZIfwv68@j
zF!C6D*%$t^qhn4PpRsB^;z?yDi=>7F8l@m%kk7<q-ZWY)CuP~;oMs}V&14MW(pbW7
zNM;pwS3w{UWmDmaNU0oiPHJN5j83N*Rj6l-F<Vlr9oBlr!iYc_E~|z#K{1*O4M#i{
zy*oSWpHP_-zLe0U8+Hba&Y_@wE}n4v#Cn}Opit?HiHVpv2y5Rlbx1xda}`4>bF8eM
zg_UG9HI!6ERK}7(C<yvBeu2x7Pr(yXnp7Eg(LW?9j|d8i?2y7UI~3J>hH?`+w?HxJ
z2>V3&^r*{N$Y-tAz^ugLPq>f(w47T!ZSxM<*2m<clv-8_Oq5HSP;|O5;n#T66YyVf
zsvMHCFf1DtCCWBsY+~AL9?Hqxkq}xOPD!MS?8GE$w&()}B$LXfauS1HgN710QBF8w
zLp>px&KGrBh+AtnIPU2fxTOBE4!r)c&dkq1`e4^6V+2@Mbc(^zTiO?Ps3wT=xG-`8
zvos;Ew&V$x^uThUqZM%QuK8^Ufm3q$d}x7hgz&vEVsr=#0L9@_2w3n?=Q407-qi!<
z9_$>G=v3ihqg>)v+KI<NU2#&0N+BXyibiz`cIwDZQw){TeXwv-0W-I2aL#U*8xT4T
z8?9=)GO3<0IMowQhsY9!k26`%@N~FnkY_y*{ED8jw9h6VhA^e@x{4>hwFOym7@}3y
z>$imvuT8G=y3;v00Zy7o>r|?I(Id$l9k56{@xrN$I||aG&887qZBD1jp;I}t9#>8X
zuc&#iD;tLIr(_L=cwM;&EOFAogeVTL%rM2+LOzXJS~RF*@TXifsKPeo6xi)-KLg%G
zVf~L<6oITJ<{B{w9q}0>sz_&wW5$qi+94_iwL$4vNtIB$O;&Z<GGQ&aqeg)<m58|o
zVpVq5m<<+WLA^rif~j;kKa(wnedY;^NFEOP<dX{h*bvME>5Nf6s~oeaOS8ixE{{{B
zoGiP|5v6WU8?`&Fo`S}1NJImH=@FSo=P-+hg({U2DI{%TLCA}iMYHOe5qKT9LhO<H
z?Z&V<Ez;+duA(nzEKN-7eLmath;Y_t3XkPxrvl2DJugfSr=6D3@R(Vc&P&xkM5`5R
zEHMai5avXvR#u*hx^3>c5y_~;EXjGov)Pj0U{gzB1{sMNWhRwq#$D1(*mGL>NILF>
zAU+#5c|@9YrlfTuLrQ%h=u3IsLk^YGA+%d(1*NjsuGJ(=xk7Q&t;!mMDkXe%G#HB~
zZlji%96cQa<#KzV(`ohFk+GR_%BIljWir>S(1Mm^o)Ke?z`%aMKf8-H2WzqEnaFfh
zgNzk~@U*gO6rCiqmroQn#f6hI>bPZSb|e{^o^}W#mb}cFGa4P)vTj!FNxJjine0et
zHt#J7RdS0dpp}gIykaX73MjlYUbkMO%qlDj$xKp>I-&xpI}{K2RhGEHH0`vFm4~x)
zYO_csmgL>KF}t!5lsOzy_>iE=3@P1;nY<)BYw%}FNJ?TTIZcA8(VW<A(;D)&8Dl!0
zHL1#p5z%xiFq}5b3a1n0NrT)n;Yp2{GFGpsSj<jL*=J)qy-pd{jpRac6>850T}Wg$
zr%Y%AV|ruIJUpj>M<}t*#)YahD)$8KL7jaho<ygH{UcU$eoBDa?MAIWF_!XAI7dXo
z>4+$nm=(J{{)i-8%88K45vMPYiUJ{-B$kPLoN;w*Rx8mM^%;Xnn$E?Nk?5$@mDS|X
z{FJQ}31%dbsZwF}YGfJlM+H9X=;Y#ak9Iv*zz>bhf4Fx3KPs*YPVRYZ&ozJh=B4Xn
Uf8YP^Qbip8$F6xAxl#WA0PLWYm;e9(


From 3b2cd854837e5df38f75f323aab24e31098812d4 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 02:13:02 -0500
Subject: [PATCH 2/7] Add defuse/php-encryption 2.0 to Composer dependencies

---
 composer.json                                 |   1 +
 composer.lock                                 | 113 ++-
 vendor/bin/generate-defuse-key                |  17 +
 vendor/bin/generate-defuse-key.bat            |   4 +
 vendor/composer/autoload_classmap.php         |  19 +
 vendor/composer/autoload_files.php            |   1 +
 vendor/composer/autoload_psr4.php             |   1 +
 vendor/composer/autoload_static.php           |  28 +
 vendor/composer/installed.json                | 115 +++
 vendor/defuse/php-encryption/.gitignore       |  11 +
 vendor/defuse/php-encryption/.php_cs          |  60 ++
 vendor/defuse/php-encryption/LICENSE          |  21 +
 vendor/defuse/php-encryption/README.md        |  88 ++
 .../php-encryption/bin/generate-defuse-key    |  14 +
 vendor/defuse/php-encryption/composer.json    |  35 +
 vendor/defuse/php-encryption/dist/Makefile    |  37 +
 vendor/defuse/php-encryption/dist/box.json    |  25 +
 .../defuse/php-encryption/dist/signingkey.asc |  52 ++
 .../php-encryption/docs/CryptoDetails.md      |  64 ++
 vendor/defuse/php-encryption/docs/FAQ.md      |  39 +
 .../docs/InstallingAndVerifying.md            |  53 ++
 .../docs/InternalDeveloperDocs.md             | 160 ++++
 vendor/defuse/php-encryption/docs/Tutorial.md | 298 +++++++
 .../php-encryption/docs/UpgradingFromV1.2.md  |  51 ++
 .../php-encryption/docs/classes/Crypto.md     | 260 ++++++
 .../php-encryption/docs/classes/File.md       | 446 ++++++++++
 .../defuse/php-encryption/docs/classes/Key.md | 117 +++
 .../docs/classes/KeyProtectedByPassword.md    | 191 +++++
 vendor/defuse/php-encryption/psalm.xml        |   9 +
 vendor/defuse/php-encryption/src/Core.php     | 446 ++++++++++
 vendor/defuse/php-encryption/src/Crypto.php   | 393 +++++++++
 .../defuse/php-encryption/src/DerivedKeys.php |  50 ++
 vendor/defuse/php-encryption/src/Encoding.php | 270 ++++++
 .../src/Exception/BadFormatException.php      |   7 +
 .../src/Exception/CryptoException.php         |   7 +
 .../EnvironmentIsBrokenException.php          |   7 +
 .../src/Exception/IOException.php             |   7 +
 .../WrongKeyOrModifiedCiphertextException.php |   7 +
 vendor/defuse/php-encryption/src/File.php     | 784 ++++++++++++++++++
 vendor/defuse/php-encryption/src/Key.php      |  95 +++
 .../php-encryption/src/KeyOrPassword.php      | 133 +++
 .../src/KeyProtectedByPassword.php            | 115 +++
 .../php-encryption/src/RuntimeTests.php       | 247 ++++++
 vendor/paragonie/random_compat/LICENSE        |  22 +
 vendor/paragonie/random_compat/build-phar.sh  |   5 +
 vendor/paragonie/random_compat/composer.json  |  37 +
 .../dist/random_compat.phar.pubkey            |   5 +
 .../dist/random_compat.phar.pubkey.asc        |  11 +
 .../random_compat/lib/byte_safe_strings.php   | 181 ++++
 .../random_compat/lib/cast_to_int.php         |  75 ++
 .../random_compat/lib/error_polyfill.php      |  49 ++
 vendor/paragonie/random_compat/lib/random.php | 223 +++++
 .../lib/random_bytes_com_dotnet.php           |  88 ++
 .../lib/random_bytes_dev_urandom.php          | 167 ++++
 .../lib/random_bytes_libsodium.php            |  88 ++
 .../lib/random_bytes_libsodium_legacy.php     |  92 ++
 .../random_compat/lib/random_bytes_mcrypt.php |  77 ++
 .../random_compat/lib/random_int.php          | 190 +++++
 .../random_compat/other/build_phar.php        |  57 ++
 .../random_compat/psalm-autoload.php          |   9 +
 vendor/paragonie/random_compat/psalm.xml      |  16 +
 61 files changed, 6289 insertions(+), 1 deletion(-)
 create mode 100644 vendor/bin/generate-defuse-key
 create mode 100644 vendor/bin/generate-defuse-key.bat
 create mode 100644 vendor/defuse/php-encryption/.gitignore
 create mode 100644 vendor/defuse/php-encryption/.php_cs
 create mode 100644 vendor/defuse/php-encryption/LICENSE
 create mode 100644 vendor/defuse/php-encryption/README.md
 create mode 100644 vendor/defuse/php-encryption/bin/generate-defuse-key
 create mode 100644 vendor/defuse/php-encryption/composer.json
 create mode 100644 vendor/defuse/php-encryption/dist/Makefile
 create mode 100644 vendor/defuse/php-encryption/dist/box.json
 create mode 100644 vendor/defuse/php-encryption/dist/signingkey.asc
 create mode 100644 vendor/defuse/php-encryption/docs/CryptoDetails.md
 create mode 100644 vendor/defuse/php-encryption/docs/FAQ.md
 create mode 100644 vendor/defuse/php-encryption/docs/InstallingAndVerifying.md
 create mode 100644 vendor/defuse/php-encryption/docs/InternalDeveloperDocs.md
 create mode 100644 vendor/defuse/php-encryption/docs/Tutorial.md
 create mode 100644 vendor/defuse/php-encryption/docs/UpgradingFromV1.2.md
 create mode 100644 vendor/defuse/php-encryption/docs/classes/Crypto.md
 create mode 100644 vendor/defuse/php-encryption/docs/classes/File.md
 create mode 100644 vendor/defuse/php-encryption/docs/classes/Key.md
 create mode 100644 vendor/defuse/php-encryption/docs/classes/KeyProtectedByPassword.md
 create mode 100644 vendor/defuse/php-encryption/psalm.xml
 create mode 100644 vendor/defuse/php-encryption/src/Core.php
 create mode 100644 vendor/defuse/php-encryption/src/Crypto.php
 create mode 100644 vendor/defuse/php-encryption/src/DerivedKeys.php
 create mode 100644 vendor/defuse/php-encryption/src/Encoding.php
 create mode 100644 vendor/defuse/php-encryption/src/Exception/BadFormatException.php
 create mode 100644 vendor/defuse/php-encryption/src/Exception/CryptoException.php
 create mode 100644 vendor/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php
 create mode 100644 vendor/defuse/php-encryption/src/Exception/IOException.php
 create mode 100644 vendor/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php
 create mode 100644 vendor/defuse/php-encryption/src/File.php
 create mode 100644 vendor/defuse/php-encryption/src/Key.php
 create mode 100644 vendor/defuse/php-encryption/src/KeyOrPassword.php
 create mode 100644 vendor/defuse/php-encryption/src/KeyProtectedByPassword.php
 create mode 100644 vendor/defuse/php-encryption/src/RuntimeTests.php
 create mode 100644 vendor/paragonie/random_compat/LICENSE
 create mode 100644 vendor/paragonie/random_compat/build-phar.sh
 create mode 100644 vendor/paragonie/random_compat/composer.json
 create mode 100644 vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
 create mode 100644 vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
 create mode 100644 vendor/paragonie/random_compat/lib/byte_safe_strings.php
 create mode 100644 vendor/paragonie/random_compat/lib/cast_to_int.php
 create mode 100644 vendor/paragonie/random_compat/lib/error_polyfill.php
 create mode 100644 vendor/paragonie/random_compat/lib/random.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
 create mode 100644 vendor/paragonie/random_compat/lib/random_int.php
 create mode 100644 vendor/paragonie/random_compat/other/build_phar.php
 create mode 100644 vendor/paragonie/random_compat/psalm-autoload.php
 create mode 100644 vendor/paragonie/random_compat/psalm.xml

diff --git a/composer.json b/composer.json
index 0dca48c704..df63226bec 100644
--- a/composer.json
+++ b/composer.json
@@ -16,6 +16,7 @@
 		"ezyang/htmlpurifier": "~4.7.0",
 		"mobiledetect/mobiledetectlib": "2.8.*",
 		"league/html-to-markdown": "~4.4.1",
+		"defuse/php-encryption": "2.*",
 		"pear/Text_LanguageDetect": "1.*",
 		"pear-pear.php.net/Text_Highlighter": "*"
 	},
diff --git a/composer.lock b/composer.lock
index 217898dde5..6f2bc8f118 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,71 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "a87f82da9a0256ca85c839e83a5c26f0",
+    "content-hash": "ce088458d9f01920ccee128082ef924a",
     "packages": [
+        {
+            "name": "defuse/php-encryption",
+            "version": "v2.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/defuse/php-encryption.git",
+                "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
+                "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
+                "shasum": ""
+            },
+            "require": {
+                "ext-openssl": "*",
+                "paragonie/random_compat": "~2.0",
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "nikic/php-parser": "^2.0|^3.0",
+                "phpunit/phpunit": "^4|^5"
+            },
+            "bin": [
+                "bin/generate-defuse-key"
+            ],
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Defuse\\Crypto\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Taylor Hornby",
+                    "email": "taylor@defuse.ca",
+                    "homepage": "https://defuse.ca/"
+                },
+                {
+                    "name": "Scott Arciszewski",
+                    "email": "info@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "Secure PHP Encryption Library",
+            "keywords": [
+                "aes",
+                "authenticated encryption",
+                "cipher",
+                "crypto",
+                "cryptography",
+                "encrypt",
+                "encryption",
+                "openssl",
+                "security",
+                "symmetric key cryptography"
+            ],
+            "time": "2017-05-18T21:28:48+00:00"
+        },
         {
             "name": "ezyang/htmlpurifier",
             "version": "v4.7.0",
@@ -166,6 +229,54 @@
             ],
             "time": "2017-08-29T18:23:54+00:00"
         },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v2.0.11",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
+                "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.2.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/random.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "pseudorandom",
+                "random"
+            ],
+            "time": "2017-09-27T21:40:39+00:00"
+        },
         {
             "name": "pear-pear.php.net/Archive_Tar",
             "version": "1.4.3",
diff --git a/vendor/bin/generate-defuse-key b/vendor/bin/generate-defuse-key
new file mode 100644
index 0000000000..68ef2cac32
--- /dev/null
+++ b/vendor/bin/generate-defuse-key
@@ -0,0 +1,17 @@
+#!/usr/bin/env sh
+
+dir=$(d=${0%[/\\]*}; cd "$d"; cd "../defuse/php-encryption/bin" && pwd)
+
+# See if we are running in Cygwin by checking for cygpath program
+if command -v 'cygpath' >/dev/null 2>&1; then
+	# Cygwin paths start with /cygdrive/ which will break windows PHP,
+	# so we need to translate the dir path to windows format. However
+	# we could be using cygwin PHP which does not require this, so we
+	# test if the path to PHP starts with /cygdrive/ rather than /usr/bin
+	if [[ $(which php) == /cygdrive/* ]]; then
+		dir=$(cygpath -m "$dir");
+	fi
+fi
+
+dir=$(echo $dir | sed 's/ /\ /g')
+"${dir}/generate-defuse-key" "$@"
diff --git a/vendor/bin/generate-defuse-key.bat b/vendor/bin/generate-defuse-key.bat
new file mode 100644
index 0000000000..50b5ac6774
--- /dev/null
+++ b/vendor/bin/generate-defuse-key.bat
@@ -0,0 +1,4 @@
+@ECHO OFF
+setlocal DISABLEDELAYEDEXPANSION
+SET BIN_TARGET=%~dp0/../defuse/php-encryption/bin/generate-defuse-key
+php "%BIN_TARGET%" %*
diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php
index 3c21b357b1..b3bd253936 100644
--- a/vendor/composer/autoload_classmap.php
+++ b/vendor/composer/autoload_classmap.php
@@ -8,13 +8,32 @@ $baseDir = dirname($vendorDir);
 return array(
     'Archive_Tar' => $vendorDir . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
     'Console_Getopt' => $vendorDir . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
+    'Defuse\\Crypto\\Core' => $vendorDir . '/defuse/php-encryption/src/Core.php',
+    'Defuse\\Crypto\\Crypto' => $vendorDir . '/defuse/php-encryption/src/Crypto.php',
+    'Defuse\\Crypto\\DerivedKeys' => $vendorDir . '/defuse/php-encryption/src/DerivedKeys.php',
+    'Defuse\\Crypto\\Encoding' => $vendorDir . '/defuse/php-encryption/src/Encoding.php',
+    'Defuse\\Crypto\\Exception\\BadFormatException' => $vendorDir . '/defuse/php-encryption/src/Exception/BadFormatException.php',
+    'Defuse\\Crypto\\Exception\\CryptoException' => $vendorDir . '/defuse/php-encryption/src/Exception/CryptoException.php',
+    'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => $vendorDir . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
+    'Defuse\\Crypto\\Exception\\IOException' => $vendorDir . '/defuse/php-encryption/src/Exception/IOException.php',
+    'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => $vendorDir . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
+    'Defuse\\Crypto\\File' => $vendorDir . '/defuse/php-encryption/src/File.php',
+    'Defuse\\Crypto\\Key' => $vendorDir . '/defuse/php-encryption/src/Key.php',
+    'Defuse\\Crypto\\KeyOrPassword' => $vendorDir . '/defuse/php-encryption/src/KeyOrPassword.php',
+    'Defuse\\Crypto\\KeyProtectedByPassword' => $vendorDir . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
+    'Defuse\\Crypto\\RuntimeTests' => $vendorDir . '/defuse/php-encryption/src/RuntimeTests.php',
     'Detection\\MobileDetect' => $vendorDir . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
     'Friendica\\App' => $baseDir . '/src/App.php',
     'Friendica\\Core\\Config' => $baseDir . '/src/Core/Config.php',
+    'Friendica\\Core\\NotificationsManager' => $baseDir . '/src/Core/NotificationsManager.php',
     'Friendica\\Core\\PConfig' => $baseDir . '/src/Core/PConfig.php',
     'Friendica\\Core\\System' => $baseDir . '/src/Core/System.php',
+    'Friendica\\Core\\Worker' => $baseDir . '/src/Core/Worker.php',
+    'Friendica\\Database\\DBM' => $baseDir . '/src/Database/DBM.php',
     'Friendica\\Network\\Probe' => $baseDir . '/src/Network/Probe.php',
     'Friendica\\ParseUrl' => $baseDir . '/src/ParseUrl.php',
+    'Friendica\\Protocol\\DFRN' => $baseDir . '/src/Protocol/DFRN.php',
+    'Friendica\\Protocol\\Diaspora' => $baseDir . '/src/Protocol/Diaspora.php',
     'Friendica\\Util\\Lock' => $baseDir . '/src/Util/Lock.php',
     'HTMLPurifier' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.php',
     'HTMLPurifier_Arborize' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php',
diff --git a/vendor/composer/autoload_files.php b/vendor/composer/autoload_files.php
index c25686b153..f3c197e2be 100644
--- a/vendor/composer/autoload_files.php
+++ b/vendor/composer/autoload_files.php
@@ -6,5 +6,6 @@ $vendorDir = dirname(dirname(__FILE__));
 $baseDir = dirname($vendorDir);
 
 return array(
+    '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
     '2cffec82183ee1cea088009cef9a6fc3' => $vendorDir . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
 );
diff --git a/vendor/composer/autoload_psr4.php b/vendor/composer/autoload_psr4.php
index 61a440ffdb..9c9cf98802 100644
--- a/vendor/composer/autoload_psr4.php
+++ b/vendor/composer/autoload_psr4.php
@@ -8,4 +8,5 @@ $baseDir = dirname($vendorDir);
 return array(
     'League\\HTMLToMarkdown\\' => array($vendorDir . '/league/html-to-markdown/src'),
     'Friendica\\' => array($baseDir . '/src'),
+    'Defuse\\Crypto\\' => array($vendorDir . '/defuse/php-encryption/src'),
 );
diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
index 2ccc848ef3..f560931d59 100644
--- a/vendor/composer/autoload_static.php
+++ b/vendor/composer/autoload_static.php
@@ -7,6 +7,7 @@ namespace Composer\Autoload;
 class ComposerStaticInitFriendica
 {
     public static $files = array (
+        '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
         '2cffec82183ee1cea088009cef9a6fc3' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.composer.php',
     );
 
@@ -19,6 +20,10 @@ class ComposerStaticInitFriendica
         array (
             'Friendica\\' => 10,
         ),
+        'D' => 
+        array (
+            'Defuse\\Crypto\\' => 14,
+        ),
     );
 
     public static $prefixDirsPsr4 = array (
@@ -30,6 +35,10 @@ class ComposerStaticInitFriendica
         array (
             0 => __DIR__ . '/../..' . '/src',
         ),
+        'Defuse\\Crypto\\' => 
+        array (
+            0 => __DIR__ . '/..' . '/defuse/php-encryption/src',
+        ),
     );
 
     public static $prefixesPsr0 = array (
@@ -59,13 +68,32 @@ class ComposerStaticInitFriendica
     public static $classMap = array (
         'Archive_Tar' => __DIR__ . '/..' . '/pear-pear.php.net/Archive_Tar/Archive/Tar.php',
         'Console_Getopt' => __DIR__ . '/..' . '/pear-pear.php.net/Console_Getopt/Console/Getopt.php',
+        'Defuse\\Crypto\\Core' => __DIR__ . '/..' . '/defuse/php-encryption/src/Core.php',
+        'Defuse\\Crypto\\Crypto' => __DIR__ . '/..' . '/defuse/php-encryption/src/Crypto.php',
+        'Defuse\\Crypto\\DerivedKeys' => __DIR__ . '/..' . '/defuse/php-encryption/src/DerivedKeys.php',
+        'Defuse\\Crypto\\Encoding' => __DIR__ . '/..' . '/defuse/php-encryption/src/Encoding.php',
+        'Defuse\\Crypto\\Exception\\BadFormatException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/BadFormatException.php',
+        'Defuse\\Crypto\\Exception\\CryptoException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/CryptoException.php',
+        'Defuse\\Crypto\\Exception\\EnvironmentIsBrokenException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php',
+        'Defuse\\Crypto\\Exception\\IOException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/IOException.php',
+        'Defuse\\Crypto\\Exception\\WrongKeyOrModifiedCiphertextException' => __DIR__ . '/..' . '/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php',
+        'Defuse\\Crypto\\File' => __DIR__ . '/..' . '/defuse/php-encryption/src/File.php',
+        'Defuse\\Crypto\\Key' => __DIR__ . '/..' . '/defuse/php-encryption/src/Key.php',
+        'Defuse\\Crypto\\KeyOrPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyOrPassword.php',
+        'Defuse\\Crypto\\KeyProtectedByPassword' => __DIR__ . '/..' . '/defuse/php-encryption/src/KeyProtectedByPassword.php',
+        'Defuse\\Crypto\\RuntimeTests' => __DIR__ . '/..' . '/defuse/php-encryption/src/RuntimeTests.php',
         'Detection\\MobileDetect' => __DIR__ . '/..' . '/mobiledetect/mobiledetectlib/namespaced/Detection/MobileDetect.php',
         'Friendica\\App' => __DIR__ . '/../..' . '/src/App.php',
         'Friendica\\Core\\Config' => __DIR__ . '/../..' . '/src/Core/Config.php',
+        'Friendica\\Core\\NotificationsManager' => __DIR__ . '/../..' . '/src/Core/NotificationsManager.php',
         'Friendica\\Core\\PConfig' => __DIR__ . '/../..' . '/src/Core/PConfig.php',
         'Friendica\\Core\\System' => __DIR__ . '/../..' . '/src/Core/System.php',
+        'Friendica\\Core\\Worker' => __DIR__ . '/../..' . '/src/Core/Worker.php',
+        'Friendica\\Database\\DBM' => __DIR__ . '/../..' . '/src/Database/DBM.php',
         'Friendica\\Network\\Probe' => __DIR__ . '/../..' . '/src/Network/Probe.php',
         'Friendica\\ParseUrl' => __DIR__ . '/../..' . '/src/ParseUrl.php',
+        'Friendica\\Protocol\\DFRN' => __DIR__ . '/../..' . '/src/Protocol/DFRN.php',
+        'Friendica\\Protocol\\Diaspora' => __DIR__ . '/../..' . '/src/Protocol/Diaspora.php',
         'Friendica\\Util\\Lock' => __DIR__ . '/../..' . '/src/Util/Lock.php',
         'HTMLPurifier' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier.php',
         'HTMLPurifier_Arborize' => __DIR__ . '/..' . '/ezyang/htmlpurifier/library/HTMLPurifier/Arborize.php',
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 2424ae9bec..02d5f612c1 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -442,5 +442,120 @@
         ],
         "description": "Identify human languages from text samples",
         "homepage": "http://pear.php.net/package/Text_LanguageDetect"
+    },
+    {
+        "name": "paragonie/random_compat",
+        "version": "v2.0.11",
+        "version_normalized": "2.0.11.0",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/paragonie/random_compat.git",
+            "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/paragonie/random_compat/zipball/5da4d3c796c275c55f057af5a643ae297d96b4d8",
+            "reference": "5da4d3c796c275c55f057af5a643ae297d96b4d8",
+            "shasum": ""
+        },
+        "require": {
+            "php": ">=5.2.0"
+        },
+        "require-dev": {
+            "phpunit/phpunit": "4.*|5.*"
+        },
+        "suggest": {
+            "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+        },
+        "time": "2017-09-27T21:40:39+00:00",
+        "type": "library",
+        "installation-source": "dist",
+        "autoload": {
+            "files": [
+                "lib/random.php"
+            ]
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "MIT"
+        ],
+        "authors": [
+            {
+                "name": "Paragon Initiative Enterprises",
+                "email": "security@paragonie.com",
+                "homepage": "https://paragonie.com"
+            }
+        ],
+        "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+        "keywords": [
+            "csprng",
+            "pseudorandom",
+            "random"
+        ]
+    },
+    {
+        "name": "defuse/php-encryption",
+        "version": "v2.1.0",
+        "version_normalized": "2.1.0.0",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/defuse/php-encryption.git",
+            "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/defuse/php-encryption/zipball/5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
+            "reference": "5176f5abb38d3ea8a6e3ac6cd3bbb54d8185a689",
+            "shasum": ""
+        },
+        "require": {
+            "ext-openssl": "*",
+            "paragonie/random_compat": "~2.0",
+            "php": ">=5.4.0"
+        },
+        "require-dev": {
+            "nikic/php-parser": "^2.0|^3.0",
+            "phpunit/phpunit": "^4|^5"
+        },
+        "time": "2017-05-18T21:28:48+00:00",
+        "bin": [
+            "bin/generate-defuse-key"
+        ],
+        "type": "library",
+        "installation-source": "dist",
+        "autoload": {
+            "psr-4": {
+                "Defuse\\Crypto\\": "src"
+            }
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "MIT"
+        ],
+        "authors": [
+            {
+                "name": "Taylor Hornby",
+                "email": "taylor@defuse.ca",
+                "homepage": "https://defuse.ca/"
+            },
+            {
+                "name": "Scott Arciszewski",
+                "email": "info@paragonie.com",
+                "homepage": "https://paragonie.com"
+            }
+        ],
+        "description": "Secure PHP Encryption Library",
+        "keywords": [
+            "aes",
+            "authenticated encryption",
+            "cipher",
+            "crypto",
+            "cryptography",
+            "encrypt",
+            "encryption",
+            "openssl",
+            "security",
+            "symmetric key cryptography"
+        ]
     }
 ]
diff --git a/vendor/defuse/php-encryption/.gitignore b/vendor/defuse/php-encryption/.gitignore
new file mode 100644
index 0000000000..987c516453
--- /dev/null
+++ b/vendor/defuse/php-encryption/.gitignore
@@ -0,0 +1,11 @@
+*~
+/test/unit/File/big-generated-file
+/composer.lock
+/vendor
+defuse-crypto.phar
+defuse-crypto.phar.sig
+composer.phar
+box.phar
+phpunit.phar
+phpunit.phar.asc
+test/unit/File/tmp
diff --git a/vendor/defuse/php-encryption/.php_cs b/vendor/defuse/php-encryption/.php_cs
new file mode 100644
index 0000000000..e317732de4
--- /dev/null
+++ b/vendor/defuse/php-encryption/.php_cs
@@ -0,0 +1,60 @@
+<?php
+
+$config = Symfony\CS\Config\Config::create()
+    ->level(Symfony\CS\FixerInterface::PSR2_LEVEL)
+    ->fixers([
+        'blankline_after_open_tag',
+        'empty_return',
+        'extra_empty_lines',
+        'function_typehint_space',
+        'join_function',
+        'method_argument_default_value',
+        'multiline_array_trailing_comma',
+        'no_blank_lines_after_class_opening',
+        'no_empty_lines_after_phpdocs',
+        'phpdoc_indent',
+        'phpdoc_no_access',
+        'phpdoc_no_empty_return',
+        'phpdoc_no_package',
+        'phpdoc_params',
+        'phpdoc_scalar',
+        'phpdoc_separation',
+        'phpdoc_trim',
+        'phpdoc_type_to_var',
+        'phpdoc_types',
+        'phpdoc_var_without_name',
+        'remove_leading_slash_use',
+        'remove_lines_between_uses',
+        'short_bool_cast',
+        'single_quote',
+        'spaces_after_semicolon',
+        'spaces_before_semicolon',
+        'spaces_cast',
+        'standardize_not_equal',
+        'ternary_spaces',
+        'trim_array_spaces',
+        'unneeded_control_parentheses',
+        'unused_use',
+        'whitespacy_lines',
+        'align_double_arrow',
+        'concat_with_spaces',
+        'logical_not_operators_with_successor_space',
+        'multiline_spaces_before_semicolon',
+        'newline_after_open_tag',
+        'ordered_use',
+        'php_unit_construct',
+        'phpdoc_order',
+        'short_array_syntax',
+    ]);
+
+if (null === $input->getArgument('path')) {
+    $config
+        ->finder(
+            Symfony\CS\Finder\DefaultFinder::create()
+                ->in('src')
+                ->in('test')
+                ->exclude('vendor')
+        );
+}
+
+return $config;
diff --git a/vendor/defuse/php-encryption/LICENSE b/vendor/defuse/php-encryption/LICENSE
new file mode 100644
index 0000000000..f3e7c8e606
--- /dev/null
+++ b/vendor/defuse/php-encryption/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Taylor Hornby <https://defuse.ca> and Paragon Initiative
+Enterprises <https://paragonie.com>.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/defuse/php-encryption/README.md b/vendor/defuse/php-encryption/README.md
new file mode 100644
index 0000000000..a8f29258d3
--- /dev/null
+++ b/vendor/defuse/php-encryption/README.md
@@ -0,0 +1,88 @@
+php-encryption
+===============
+
+[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
+
+This is a library for encrypting data with a key or password in PHP. **It
+requires PHP 5.4 or newer.** The current version is v2.0.0, which is expected to
+remain stable and supported by its authors with security and bugfixes until at
+least January 1st, 2019.
+
+The library is a joint effort between [Taylor Hornby](https://defuse.ca/) and
+[Scott Arciszewski](https://paragonie.com/blog/author/scott-arcizewski) as well
+as numerous open-source contributors.
+
+What separates this library from other PHP encryption libraries is, firstly,
+that it is secure. The authors used to encounter insecure PHP encryption code on
+a daily basis, so they created this library to bring more security to the
+ecosystem. Secondly, this library is "difficult to misuse." Like
+[libsodium](https://github.com/jedisct1/libsodium), its API is designed to be
+easy to use in a secure way and hard to use in an insecure way.
+
+Dependencies
+------------
+
+This library requres no special dependencies except for PHP 5.4 or newer with
+the OpenSSL extensions enabled (this is the default). It uses
+[random\_compat](https://github.com/paragonie/random_compat), which is bundled
+in with this library so that your users will not need to follow any special
+installation steps.
+
+Getting Started
+----------------
+
+Start with the [**Tutorial**](docs/Tutorial.md). You can find instructions for
+obtaining this library's code securely in the [Installing and
+Verifying](docs/InstallingAndVerifying.md) documentation.
+
+After you've read the tutorial and got the code, refer to the formal
+documentation for each of the classes this library provides:
+
+- [Crypto](docs/classes/Crypto.md)
+- [File](docs/classes/File.md)
+- [Key](docs/classes/Key.md)
+- [KeyProtectedByPassword](docs/classes/KeyProtectedByPassword.md)
+
+If you encounter difficulties, see the [FAQ](docs/FAQ.md) answers. The fixes to
+the most commonly-reported problems are explained there.
+
+If you're a cryptographer and want to understand the nitty-gritty details of how
+this library works, look at the [Cryptography Details](docs/CryptoDetails.md)
+documentation.
+
+If you're interested in contributing to this library, see the [Internal
+Developer Documentation](docs/InternalDeveloperDocs.md).
+
+Examples
+---------
+
+If the documentation is not enough for you to understand how to use this
+library, then you can look at an example project that uses this library:
+
+- [encutil](https://github.com/defuse/encutil)
+- [fileencrypt](https://github.com/tsusanka/fileencrypt)
+
+Security Audit Status
+---------------------
+
+This code has not been subjected to a formal, paid, security audit. However, it
+has received lots of review from members of the PHP security community, and the
+authors are experienced with cryptography. In all likelihood, you are safer
+using this library than almost any other encryption library for PHP.
+
+If you use this library as a part of your business and would like to help fund
+a formal audit, please [contact Taylor Hornby](https://defuse.ca/contact.htm).
+
+Public Keys
+------------
+
+The GnuPG public key used to sign releases is available in
+[dist/signingkey.asc](https://github.com/defuse/php-encryption/raw/master/dist/signingkey.asc). Its fingerprint is:
+
+```
+2FA6 1D8D 99B9 2658 6BAC  3D53 385E E055 A129 1538
+```
+
+You can verify it against the Taylor Hornby's [contact
+page](https://defuse.ca/contact.htm) and
+[twitter](https://twitter.com/DefuseSec/status/723741424253059074).
diff --git a/vendor/defuse/php-encryption/bin/generate-defuse-key b/vendor/defuse/php-encryption/bin/generate-defuse-key
new file mode 100644
index 0000000000..24e31b5e00
--- /dev/null
+++ b/vendor/defuse/php-encryption/bin/generate-defuse-key
@@ -0,0 +1,14 @@
+#!/usr/bin/env php
+<?php
+
+use Defuse\Crypto\Key;
+
+foreach ([__DIR__ . '/../../../autoload.php', __DIR__ . '/../vendor/autoload.php'] as $file) {
+    if (file_exists($file)) {
+        require $file;
+        break;
+    }
+}
+
+$key = Key::createNewRandomKey();
+echo $key->saveToAsciiSafeString(), "\n";
diff --git a/vendor/defuse/php-encryption/composer.json b/vendor/defuse/php-encryption/composer.json
new file mode 100644
index 0000000000..866b4975e0
--- /dev/null
+++ b/vendor/defuse/php-encryption/composer.json
@@ -0,0 +1,35 @@
+{
+    "name": "defuse/php-encryption",
+    "description": "Secure PHP Encryption Library",
+    "license": "MIT",
+    "keywords": ["security", "encryption", "AES", "openssl", "cipher", "cryptography", "symmetric key cryptography", "crypto", "encrypt", "authenticated encryption"],
+    "authors": [
+        {
+            "name": "Taylor Hornby",
+            "email": "taylor@defuse.ca",
+            "homepage": "https://defuse.ca/"
+        },
+        {
+            "name": "Scott Arciszewski",
+            "email": "info@paragonie.com",
+            "homepage": "https://paragonie.com"
+        }
+    ],
+    "autoload": {
+        "psr-4": {
+            "Defuse\\Crypto\\": "src"
+        }
+    },
+    "require": {
+        "paragonie/random_compat": "~2.0",
+        "ext-openssl": "*",
+        "php":  ">=5.4.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^4|^5",
+        "nikic/php-parser": "^2.0|^3.0"
+    },
+    "bin": [
+        "bin/generate-defuse-key"
+    ]
+}
diff --git a/vendor/defuse/php-encryption/dist/Makefile b/vendor/defuse/php-encryption/dist/Makefile
new file mode 100644
index 0000000000..4b65c9ec41
--- /dev/null
+++ b/vendor/defuse/php-encryption/dist/Makefile
@@ -0,0 +1,37 @@
+# This builds defuse-crypto.phar. To run this Makefile, `box` and `composer`
+# must be installed and in your $PATH. Run it from inside the dist/ directory.
+
+box := $(shell which box)
+composer := "composer"
+
+.PHONY: all
+all: build-phar
+
+.PHONY: sign-phar
+sign-phar:
+	gpg -u 7B4B2D98 --armor --output defuse-crypto.phar.sig --detach-sig defuse-crypto.phar
+
+# ensure we run in clean tree. export git tree and run there.
+.PHONY: build-phar
+build-phar:
+	@echo "Creating .phar from revision $(shell git rev-parse HEAD)."
+	rm -rf worktree
+	install -d worktree
+	(cd $(CURDIR)/..; git archive HEAD) | tar -x -C worktree
+	$(MAKE) -f $(CURDIR)/Makefile -C worktree defuse-crypto.phar
+	mv worktree/*.phar .
+	rm -rf worktree
+
+.PHONY: clean
+clean:
+	rm -vf defuse-crypto.phar defuse-crypto.phar.sig
+
+# Inside workdir/:
+
+defuse-crypto.phar: dist/box.json composer.lock
+	cp dist/box.json .
+	php -d phar.readonly=0 $(box) build -c box.json -v
+
+composer.lock:
+	$(composer) install --no-dev
+
diff --git a/vendor/defuse/php-encryption/dist/box.json b/vendor/defuse/php-encryption/dist/box.json
new file mode 100644
index 0000000000..f225f781e1
--- /dev/null
+++ b/vendor/defuse/php-encryption/dist/box.json
@@ -0,0 +1,25 @@
+{
+    "chmod": "0755",
+    "finder": [
+        {
+            "in": "src",
+            "name": "*.php"
+        },
+        {
+            "in": "vendor/composer",
+            "name": "*.php"
+        },
+        {
+            "in": "vendor/paragonie",
+            "name": "*.php",
+            "exclude": "other"
+        }
+    ],
+    "compactors": [
+        "Herrera\\Box\\Compactor\\Php"
+    ],
+    "main": "vendor/autoload.php",
+    "output": "defuse-crypto.phar",
+    "shebang": false,
+    "stub": true
+}
diff --git a/vendor/defuse/php-encryption/dist/signingkey.asc b/vendor/defuse/php-encryption/dist/signingkey.asc
new file mode 100644
index 0000000000..63b6aa3dd4
--- /dev/null
+++ b/vendor/defuse/php-encryption/dist/signingkey.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFarvO4BEACdQBaLt6SUBx1cB5liUu1qo+YwVLh9bxTregQtmEREMdTVqXYt
+e5b79uL4pQp2GlKHcEyRURS+6rIIruM0oh9ZYGTJYPAkCDzJxaU2awZeFbfBvpCm
+iF66/O4ZJI4mlT8dFKmxBJxDhfeOR2UmmhDiEsJK9FxBKUzvo/dWrX2pBzf8Y122
+iIaVraSo+tymaf7vriaIf/NnSKhDw8dtQYGM4NMrxxsPTfbCF8XiboDgTkoD2A+6
+NpOJYxA4Veedsf2TP9YLhljH4m5yYlfjjqBzbBCPWuE6Hhy5Xze9mncgDr7LKenm
+Ctf2NxW6y4O3RCI+9eLlBfFWB+KuGV87/b5daetX7NNLbjID8z2rqEa+d6wu5xA5
+Ta2uiVkAOEovr3XnkayZ9zth+Za7w7Ai0ln0N/LVMkM+Gu4z/pJv6HjmTGDM2wJb
+fs+UOM0TFdg+N81Do67XT2M4o0MeHyUqsIiWpYa2Qf1PNmqTQNJnRk8uZZ9I96Nh
+eCgNuCbhsQiYBMicox+xmuWAlGAfA06y0kCtmqGhiBGArdJlWvUqPqGiZ4Hln9z0
+FJmXDOh0Q/FIPxcDg8mKRRbx+lOP389PLsPpj4b2B/4PEgfpCCOwuKpLotATZxC1
+9JwFk0Y/cvUUkq4a+nAJBNtBbtRJkEesuuUnRq6XexmnE3uUucDcV0XCSwARAQAB
+tCBUYXlsb3IgSG9ybmJ5IDx0YXlsb3JAZGVmdXNlLmNhPokCPQQTAQgAJwUCVqu8
+7gIbAwUJB4TOAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA4XuBVoSkVOJbx
+EACG0F9blPMAsK05EWyNnnS4mw25zPfbaqqEvYbquAeM0nBpRDm7sRn2MNR0AL4g
+7XrtxE/4qYkdEl6f2wFCQeRhZgxE3w22llredzLme11Hic8hn4i7ysdIw0r9dMMR
+kjgR5UcWpv8iU847czyK09PkKW2EaLRbX2qbA7rNU5qCFKeD4Sy4bBTteISeVsHo
+Vr9o1/bRrMhgZ++ts8hYf0LmujIf5cxp+qcdKwCXSnS/gmmXaKRMCPv/Wdlq9bt6
+LX9jZB9lXBdGxcBJeFOsTG+QRDiVjg3d6i3o3TAKV87ALBI4v2ADEYtN8lviHo3/
+SovVKv6zrUsZHxhoGiLTiksNrYsKMmiMxdJCoOazmtUPnZ4UOtT8NdqMPoKvdoRz
+f4rhZ+f5jSVD9OuX2PDmfyq21Rdiym7Vcgr+uTIFJ3ShRHjWb/ytCwoB2FeGY6+G
+AKY58bTQvUIqEJvSov/+TAqZ4BfOuSdTLcHglV1OdUu2SFZvU2gmyVp0l5elGv5t
+FyUlBJUkQT9MtvsdLOR7vQi8QapV+9LWpqwvaj9hyEJz848DQ2sdYTphUytFHv7H
+k58DAtVhTrVjHyeefjiYtMl6vSAgTjy5LWAUpo5TfhdGrAi0Tdd/GD7amHoWoDy8
+EKXKq2xPLo3JOdkWYQUi5NErzEskfsSzpCOgyDJmGetWK7kCDQRWq7zuARAAu7/i
+cm8cjgLhHEX/bgfwOT2hLOLSjjve0O8YFSuJO9XqIHXqmfVOrqWtfG0Mh4bwlfqc
+MAvBfF5NSSPfAE4ftBAQ1e5jEv8hJeqICpq3IHTFX4etBs49NfNkyveQl/amVTu1
++/O5J4CuIcsEf3y0Xuu38n7EB3SfMQCWLcOR1NyZoX3bI+CGRpOVVoFse3ljSWL4
+LhLVl0WiEMXULsussEoN+c6x9KCyAi/jFOrxrTrFC//sZesKj6KucoqKGfwMWrrv
+IeRT9Ga8Wn5MJnQu0aWg+zVVYqTedXZLNLODgQIInFnXO0seBXy15yDok1y5bkx2
+sinKg4+mueYaGUpoUti0hM3J3yaC34i6Cwa8MQoLNw1JIS/oNtKjpMxyV10w8aoc
+PHRK3n7UYp10mJHx7aM+lldSKvVS1NTQmI4vloNLwMp324H5ANDFAlRUz7mysVnu
+DEEvigPSPxs5ZYENu/i7pCQC5qHfhrlBrQwTjhegr0pQPcumy2fO5SGC9l/5B7ev
+bqQSZmDeWWoTvh2w2wl5/RWAsgZKx6rDtkCqYx7sSBY17uorrxP24LP4zhq7NxRV
+nfdsLogbCFNVQ66u7qvq5zFccdFtg9h1HQWdS7wbnKSBGZoo5gl6js7GGtxfGbb0
+oQ9kp6eciF4U92r6POhVgbRe4CfPo50nqgZBddkAEQEAAYkCJQQYAQgADwUCVqu8
+7gIbDAUJB4TOAAAKCRA4XuBVoSkVOFJ8D/9J8IJ4XWUU3FYIaHJ3XeSoxDmTi7d5
+WmNdf1lmwz82MQjG4uw17oCbvQzmj4/a/CM1Ly4v0WwBhUf9aiNErD0ByHASFnuc
+tlQBLVJdk0vRyD0fZakGg64qCA76hiySjMhlGHkQFyP2mDORc2GNu/OqFGm79pXT
+ZUplXxd431E603/agM5xJrweutMMpP1nBFTSEMJvbMNzDVN8I1A1CH4zVmAVxOUk
+sQ5L5rXW+KeXWyiMF24+l2CMnkQ2CxfHpkcpfPJs1Cbt+TIBSSofIqK8QJXrb/2f
+Zpl/ftqW7Xe86rJFrB/Y/77LDWx10rqWEvfCqrBxrMj7ONAQfbKQF/IjAwDN17Wf
+1K74rqKnRu+KHCyNM89s1iDbQC9kzZfzYt4AEOvAH/ZQDMZffzPSbnfkBerExFpa
+93XMuiR66jiBsf9IXIQeydpJD4Ogl2sSUSxFEJxJ/bBSxPxC5w7/BVMA7Am1y8Zo
+3hrpqnX2PBzxG7L0FZ6fYkfR3p8JS7vI6nByBf2IDv8W32wn43olPf+u6uobHLvt
+ttapOjwPAhPDalRuxs9U6WSg06QJkT/0F8TFUPWpsFmKTl+G4Ty7PHWsjeeNHJCL
+7/5RQboFY3k8Jy3/sIofABO6Un9LJivDuu9PxqA0IgvaS6Mja8JdCCk9Nyk4vHB7
+IEgAL/CYqrk38w==
+=lmD7
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/vendor/defuse/php-encryption/docs/CryptoDetails.md b/vendor/defuse/php-encryption/docs/CryptoDetails.md
new file mode 100644
index 0000000000..43abd72ab5
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/CryptoDetails.md
@@ -0,0 +1,64 @@
+Cryptography Details
+=====================
+
+Here is a high-level description of how this library works. Any discrepancy
+between this documentation and the actual implementation will be considered
+a security bug.
+
+Let's start with the following definitions:
+
+- HKDF-SHA256(*k*, *n*, *info*, *s*) is the key derivation function specified in
+  RFC 5869 (using the SHA256 hash function). The parameters are:
+    - *k*: The initial keying material.
+    - *n*: The number of output bytes.
+    - *info*: The info string.
+    - *s*: The salt.
+- AES-256-CTR(*m*, *k*, *iv*) is AES-256 encryption in CTR mode. The parameters
+  are:
+    - *m*: An arbitrary-length (possibly zero-length) message.
+    - *k*: A 32-byte key.
+    - *iv*: A 16-byte initialization vector (nonce).
+- PBKDF2-SHA256(*p*, *s*, *i*, *n*) is the password-based key derivation
+  function defined in RFC 2898 (using the SHA256 hash function). The parameters
+  are:
+    - *p*: The password string.
+    - *s*: The salt string.
+    - *i*: The iteration count.
+    - *n*: The output length in bytes.
+- VERSION is the string `"\xDE\xF5\x02\x00"`.
+- AUTHINFO is the string `"DefusePHP|V2|KeyForAuthentication"`.
+- ENCRINFO is the string `"DefusePHP|V2|KeyForEncryption"`.
+
+To encrypt a message *m* using a 32-byte key *k*, the following steps are taken:
+
+1. Generate a random 32-byte string *salt*.
+2. Derive the 32-byte authentication key *akey* = HKDF-SHA256(*k*, 32, AUTHINFO, *salt*).
+3. Derive the 32-byte encryption key *ekey* = HKDF-SHA256(*k*, 32, ENCRINFO, *salt*).
+4. Generate a random 16-byte initialization vector *iv*.
+5. Compute *c* = AES-256-CTR(*m*, *ekey*, *iv*).
+6. Combine *ctxt* = VERSION || *salt* || *iv* || *c*.
+7. Compute *h* = HMAC-SHA256(*ctxt*, *akey*).
+8. Output *ctxt* || *h*.
+
+Decryption is roughly the reverse process (see the code for details, since the
+security of the decryption routine is highly implementation-dependent).
+
+For encryption using a password *p*, steps 1-3 above are replaced by:
+
+1. Generate a random 32-byte string *salt*.
+2. Compute *k* = PBKDF2-SHA256(SHA256(*p*), *salt*, 100000, 32).
+3. Derive the 32-byte authentication key *akey* = HKDF-SHA256(*k*, 32, AUTHINFO, *salt*)
+4. Derive the 32-byte encryption key *ekey* = HKDF-SHA256(*k*, 32, ENCRINFO, *salt*)
+
+The remainder of the process is the same. Notice the reuse of the same *salt*
+for PBKDF2-SHA256 and HKDF-SHA256. The prehashing of the password in step 2 is
+done to prevent a [DoS attack using long
+passwords](https://github.com/defuse/php-encryption/issues/230).
+
+For `KeyProtectedByPassword`, the serialized key is encrypted according to the
+password encryption defined above. However, the actual password used for
+encryption is the SHA256 hash of the password the user provided. This is done in
+order to provide domain separation between the message encryption in the user's
+application and the internal key encryption done by this library. It fixes
+a [key replacement chosen-protocol
+attack](https://github.com/defuse/php-encryption/issues/240).
diff --git a/vendor/defuse/php-encryption/docs/FAQ.md b/vendor/defuse/php-encryption/docs/FAQ.md
new file mode 100644
index 0000000000..135e235ce5
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/FAQ.md
@@ -0,0 +1,39 @@
+Frequently Asked Questions
+===========================
+
+How do I use this library to encrypt passwords?
+------------------------------------------------
+
+Passwords should not be encrypted, they should be hashed with a *slow* password
+hashing function that's designed to slow down password guessing attacks. See
+[How to Safely Store Your Users' Passwords in
+2016](https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016).
+
+How do I give it the same key every time instead of a new random key?
+----------------------------------------------------------------------
+
+A `Key` object can be saved to a string by calling its `saveToAsciiSafeString()`
+method. You will have to save that string somewhere safe, and then load it back
+into a `Key` object using `Key`'s `loadFromAsciiSafeString` static method.
+
+Where you store the string depends on your application. For example if you are
+using `KeyProtectedByPassword` to encrypt files with a user's login password,
+then you should not store the `Key` at all. If you are protecting sensitive data
+on a server that may be compromised, then you should store it in a hardware
+security module. When in doubt, consult a security expert.
+
+Why is an EnvironmentIsBrokenException getting thrown?
+-------------------------------------------------------
+
+Either you've encountered a bug in this library, or your system doesn't support
+the use of this library. For example, if your system does not have a secure
+random number generator, this library will refuse to run, by throwing that
+exception, instead of falling back to an insecure random number generator.
+
+Why am I getting a BadFormatException when loading a Key from a string?
+------------------------------------------------------------------------
+
+If you're getting this exception, then the string you're giving to
+`loadFromAsciiSafeString()` is *not* the same as the string you got from
+`saveToAsciiSafeString()`. Perhaps your database column isn't wide enough and
+it's truncating the string as you insert it?
diff --git a/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md b/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md
new file mode 100644
index 0000000000..12b5fee430
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/InstallingAndVerifying.md
@@ -0,0 +1,53 @@
+Getting The Code
+=================
+
+There are two ways to use this library in your applications. You can either:
+
+1. Use [Composer](https://getcomposer.org/), or
+2. `require_once` a single `.phar` file in your application.
+
+If you are not using either option (for example, because you're using Git submodules), you may need to write your own autoloader ([example](https://gist.github.com/paragonie-scott/949daee819bb7f19c50e5e103170b400)).
+
+Option 1: Using Composer
+-------------------------
+
+Run this inside the directory of your composer-enabled project:
+
+```sh
+composer require defuse/php-encryption
+```
+
+Unfortunately, composer doesn't provide a way for you to verify that the code
+you're getting was signed by this library's authors. If you want a more secure
+option, use the `.phar` method described below.
+
+Option 2: Including a PHAR
+----------------------------
+
+The `.phar` option lets you include this library into your project simply by
+calling `require_once` on a single file. Download `defuse-crypto.phar` and
+`defuse-crypto.phar.sig` from this project's
+[releases](https://github.com/defuse/php-encryption/releases) page.
+
+You should verify the integrity of the `.phar`. The `defuse-crypto.phar.sig`
+contains the signature of `defuse-crypto.phar`. It is signed with Taylor
+Hornby's PGP key. You can find Taylor's public key in `dist/signingkey.asc`. You
+can verify the public key's fingerprint against the Taylor Hornby's [contact
+page](https://defuse.ca/contact.htm) and
+[twitter](https://twitter.com/DefuseSec/status/723741424253059074).
+
+Once you have verified the signature, it is safe to use the `.phar`. Place it
+somewhere in your file system, e.g. `/var/www/lib/defuse-crypto.phar`, and then
+pass that path to `require_once`.
+
+```php
+<?php
+
+    require_once('/var/www/lib/defuse-crypto.phar');
+
+    // ... the Crypto, File, Key, and KeyProtectedByPassword classes are now
+    // available ...
+
+    // ...
+```
+
diff --git a/vendor/defuse/php-encryption/docs/InternalDeveloperDocs.md b/vendor/defuse/php-encryption/docs/InternalDeveloperDocs.md
new file mode 100644
index 0000000000..4604cfffc7
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/InternalDeveloperDocs.md
@@ -0,0 +1,160 @@
+Information for the Developers of php-encryption
+=================================================
+
+Status
+-------
+
+This library is currently frozen under a long-term support release. We do not
+plan to add any new features. We will maintain the library by fixing any bugs
+that are reported, or security vulnerabilities that are found.
+
+Development Environment
+------------------------
+
+Development is done on Linux. To run the tests, you will need to have the
+following tools installed:
+
+- `php` (with OpenSSL enabled, if you're compiling from source).
+- `gpg`
+- `composer`
+
+Running the Tests
+------------------
+
+First do `composer install` and then you can run the tests by running
+`./test.sh`. This will download a PHPUnit PHAR, verify its cryptographic
+signatures, and then use it to run the tests in `test/unit`.
+
+Getting and Using Psalm
+-----------------------
+
+[Psalm](https://github.com/vimeo/psalm) is a static analysis suite for PHP projects.
+We use Psalm to ensure type safety throughout our library.
+
+To install Psalm, you just need to run one command:
+
+    composer require --dev "vimeo/psalm:dev-master"
+
+To verify that your code changes are still strictly type-safe, run the following
+command:
+
+    vendor/bin/psalm
+
+Reporting Bugs
+---------------
+
+Please report bugs, even critical security vulnerabilities, by opening an issue
+on GitHub. We recommend disclosing security vulnerabilities found in this
+library *publicly* as soon as possible.
+
+Philosophy
+-----------
+
+This library is developed around several core values:
+
+- Rule #1: Security is prioritized over everything else.
+
+    > Whenever there is a conflict between security and some other property,
+    > security will be favored. For example, the library has runtime tests,
+    > which make it slower, but will hopefully stop it from encrypting stuff
+    > if the platform it's running on is broken.
+
+- Rule #2: It should be difficult to misuse the library.
+
+    > We assume the developers using this library have no experience with
+    > cryptography. We only assume that they know that the "key" is something
+    > you need to encrypt and decrypt the messages, and that it must be kept
+    > secret. Whenever possible, the library should refuse to encrypt or decrypt
+    > messages when it is not being used correctly.
+
+- Rule #3: The library aims only to be compatible with itself.
+
+    > Other PHP encryption libraries try to support every possible type of
+    > encryption, even the insecure ones (e.g. ECB mode). Because there are so
+    > many options, inexperienced developers must decide whether to use "CBC
+    > mode" or "ECB mode" when both are meaningless terms to them. This
+    > inevitably leads to vulnerabilities.
+
+    > This library will only support one secure mode. A developer using this
+    > library will call "encrypt" and "decrypt" methods without worrying about
+    > how they are implemented.
+
+- Rule #4: The library should require no special installation.
+
+    > Some PHP encryption libraries, like libsodium-php, are not straightforward
+    > to install and cannot packaged with "just download and extract"
+    > applications. This library will always be just a handful of PHP files that
+    > you can copy to your source tree and require().
+
+Publishing Releases
+--------------------
+
+To make a release, you will need to install [composer](https://getcomposer.org/)
+and [box](https://github.com/box-project/box2) on your system. They will need to
+be available in your `$PATH` so that running the commands `composer` and `box`
+in your terminal run them, respectively. You will also need the private key for
+signing (ID: 7B4B2D98) available.
+
+Once you have those tools installed and the key available follow these steps:
+
+**Remember to set the version number in `composer.json`!**
+
+Make a fresh clone of the repository:
+
+```
+git clone <url>
+```
+
+Check out the branch you want to release:
+
+```
+git checkout <branchname>
+```
+
+Check that the version number in composer.json is correct:
+
+```
+cat composer.json
+```
+
+Run the tests:
+
+```
+composer install
+./test.sh
+```
+
+Generate the `.phar`:
+
+```
+cd dist
+make build-phar
+```
+
+Test the `.phar`:
+
+```
+cd ../
+./test.sh dist/defuse-crypto.phar
+```
+
+Sign the `.phar`:
+
+```
+cd dist
+make sign-phar
+```
+
+Tag the release:
+
+```
+git -c user.signingkey=7B4B2D98 tag -s "<TAG NAME>" -m "<TAG MESSAGE>"
+```
+
+`<TAG NAME>` should be in the format `v2.0.0` and `<TAG MESSAGE>` should look
+like "Release of v2.0.0."
+
+Push the tag to github, then use the
+[releases](https://github.com/defuse/php-encryption/releases) page to draft
+a new release for that tag. Upload the `.phar` and the `.phar.sig` file to be
+included as part of that release.
diff --git a/vendor/defuse/php-encryption/docs/Tutorial.md b/vendor/defuse/php-encryption/docs/Tutorial.md
new file mode 100644
index 0000000000..40285cc33e
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/Tutorial.md
@@ -0,0 +1,298 @@
+Tutorial
+=========
+
+Hello! If you're reading this file, it's because you want to add encryption to
+one of your PHP projects. My job, as the person writing this documentation, is
+to help you make sure you're doing the right thing and then show you how to use
+this library to do it. To help me help you, please read the documentation
+*carefully* and *deliberately*.
+
+A Word of Caution
+------------------
+
+Encryption is not magic dust you can sprinkle on a system to make it more
+secure. The way encryption is integrated into a system's design needs to be
+carefully thought out. Sometimes, encryption is the wrong thing to use. Other
+times, encryption needs to be used in a very specific way in order for it to
+work as intended. Even if you are sure of what you are doing, we strongly
+recommend seeking advice from an expert.
+
+The first step is to think about your application's threat model. Ask yourself
+the following questions. Who will want to attack my application, and what will
+they get out of it? Are they trying to steal some information? Trying to alter
+or destroy some information? Or just trying to make the system go down so people
+can't access it? Then ask yourself how encryption can help combat those threats.
+If you're going to add encryption to your application, you should have a very
+clear idea of exactly which kinds of attacks it's helping to secure your
+application against. Once you have your threat model, think about what kinds of
+attacks it *does not* cover, and whether or not you should improve your threat
+model to include those attacks.
+
+**This isn't for storing user login passwords:** The most common use of
+cryptography in web applications is to protect the users' login passwords. If
+you're trying to use this library to "encrypt" your users' passwords, you're in
+the wrong place. Passwords shouldn't be *encrypted*, they should be *hashed*
+with a slow computation-heavy function that makes password guessing attacks more
+expensive. See [How to Safely Store Your Users' Passwords in
+2016](https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016).
+
+**This isn't for encrypting network communication:** Likewise, if you're trying
+to encrypt messages sent between two parties over the Internet, you don't want
+to be using this library. For that, set up a TLS connection between the two
+points, or, if it's a chat app, use the [Signal
+Protocol](https://whispersystems.org/blog/advanced-ratcheting/).
+
+What this library provides is symmetric encryption for "data at rest." This
+means it is not suitable for use in building protocols where "data is in motion"
+(i.e. moving over a network) except in limited set of cases.
+
+Getting the Code
+-----------------
+
+There are several different ways to obtain this library's code and to add it to
+your project. Even if you've already cloned the code from GitHub, you should
+take steps to verify the cryptographic signatures to make sure the code you got
+was not intercepted and modified by an attacker.
+
+Please head over to the [**Installing and
+Verifying**](InstallingAndVerifying.md) documentation to get the code, and then
+come back here to continue the tutorial.
+
+Using the Library
+------------------
+
+I'm going to assume you know what symmetric encryption is, and the difference
+between symmetric and asymmetric encryption. If you don't, I recommend taking
+[Dan Boneh's Cryptography I course](https://www.coursera.org/learn/crypto/) on
+Coursera.
+
+To give you a quick introduction to the library, I'm going to explain how it
+would be used in two sterotypical scenarios. Hopefully, one of these sterotypes
+is close enough to what you want to do that you'll be able to figure out what
+needs to be different on your own.
+
+### Formal Documentation
+
+While this tutorial should get you up and running fast, it's important to
+understand how this library behaves. Please make sure to read the formal
+documentation of all of the functions you're using, since there are some
+important security warnings there.
+
+The following classes are available for you to use:
+
+- [Crypto](classes/Crypto.md): Encrypting and decrypting strings.
+- [File](classes/File.md): Encrypting and decrypting files.
+- [Key](classes/Key.md): Represents a secret encryption key.
+- [KeyProtectedByPassword](classes/KeyProtectedByPassword.md): Represents
+  a secret encryption key that needs to be "unlocked" by a password before it
+  can be used.
+
+### Scenario #1: Keep data secret from the database administrator
+
+In this scenario, our threat model is as follows. Alice is a server
+administrator responsible for managing a trusted web server. Eve is a database
+administrator responsible for managing a database server. Dave is a web
+developer working on code that will eventually run on the trusted web server.
+
+Let's say Alice and Dave trust each other, and Alice is going to host Dave's
+application on her server. But both Alice and Dave don't trust Eve. They know
+Eve is a good database administrator, but she might have incentive to steal the
+data from the database. They want to keep some of the web application's data
+secret from Eve.
+
+In order to do that, Alice will use the included `generate-defuse-key` script
+which generates a random encryption key and prints it to standard output:
+
+```sh
+$ composer require defuse/php-encryption
+$ vendor/bin/generate-defuse-key
+```
+
+Alice will run this script once and save the output to a configuration file, say
+in `/etc/daveapp-secret-key.txt` and set the file permissions so that only the
+user that the website PHP scripts run as can access it.
+
+Dave will write his code to load the key from the configuration file:
+
+```php
+<?php
+use Defuse\Crypto\Key;
+
+function loadEncryptionKeyFromConfig()
+{
+    $keyAscii = // ... load the contents of /etc/daveapp-secret-key.txt
+    return Key::loadFromAsciiSafeString($keyAscii);
+}
+```
+
+Then, whenever Dave wants to save a secret value to the database, he will first
+encrypt it:
+
+```php
+<?php
+use Defuse\Crypto\Crypto;
+
+// ...
+$key = loadEncryptionKeyFromConfig();
+// ...
+$ciphertext = Crypto::encrypt($secret_data, $key);
+// ... save $ciphertext into the database ...
+```
+
+Whenever Dave wants to get the value back from the database, he must decrypt it
+using the same key:
+
+```php
+<?php
+use Defuse\Crypto\Crypto;
+
+// ...
+$key = loadEncryptionKeyFromConfig();
+// ...
+$ciphertext = // ... load $ciphertext from the database
+try {
+    $secret_data = Crypto::decrypt($ciphertext, $key);
+} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) {
+    // An attack! Either the wrong key was loaded, or the ciphertext has
+    // changed since it was created -- either corrupted in the database or
+    // intentionally modified by Eve trying to carry out an attack.
+
+    // ... handle this case in a way that's suitable to your application ...
+}
+```
+
+Note that if anyone ever steals the key from Alice's server, they can decrypt
+all of the ciphertexts that are stored in the database. As part of our threat
+model, we are assuming Alice's server administration skills and Dave's secure
+coding skills are good enough to stop Eve from being able to steal the key.
+Under those assumptions, this solution will prevent Eve from seeing data that's
+stored in the database.
+
+However, notice that our threat model says nothing about what could happen if
+Eve wants to *modify* the data. With this solution, Eve will not be able to
+alter any individual ciphertext (because each ciphertext has its own
+cryptographic integrity check), but Eve *will* be able to swap ciphertexts for
+one another, and revert ciphertexts to what they used to be at previous times.
+If we needed to defend against such attacks, we would have to re-design our
+threat model and come up with a different solution.
+
+### Scenario #2: Encrypting account data with the user's login password
+
+This scenario is like Scenario 1, but subtly different. The threat model is as
+follows. We have Alice, a server administrator, and Dave, the developer. Alice
+and Dave trust each other, and Alice wants to host Dave's web application,
+including its database, on her server. Alice is worried about her server getting
+hacked. The application will store the users' credit card numbers, and Alice
+wants to protect them in case the server gets hacked.
+
+We can model the situation like this: after the server gets hacked, the attacker
+will have read and write access to all data on it until the attack is detected
+and Alice rebuilds the server. We'll call the time the attacker has access to
+the server the *exposure window.* One idea to minimize loss is to encrypt the
+users' credit card numbers using a key made from their login password. Then, as
+long as the users all have strong passwords, and they are never logged in during
+the exposure window, their credit cards will be protected from the attacker.
+
+To implement this, Dave will use the `KeyProtectedByPassword` class. When a new
+user account is created, Dave will save a new key to their account, one that's
+protected by their login password:
+
+```php
+<?php
+use Defuse\Crypto\KeyProtectedByPassword;
+
+function CreateUserAccount($username, $password)
+{
+    // ... other user account creation stuff, including password hashing
+
+    $protected_key = KeyProtectedByPassword::createRandomPasswordProtectedKey($password);
+    $protected_key_encoded = $protected_key->saveToAsciiSafeString();
+    // ... save $protected_key_encoded into the user's account record
+}
+```
+
+Then, when the user logs in, Dave's code will load the protected key from the
+user's account record, unlock it to get a `Key` object, and save the `Key`
+object somewhere safe (like temporary memory-backed session storage). Note that
+wherever Dave's code saves the key, it must be destroyed once the user logs out,
+or else the attacker might be able to find users' keys even if they were never
+logged in during the attack.
+
+```php
+<?php
+use Defuse\Crypto\KeyProtectedByPassword;
+
+// ... authenticate the user using a good password hashing scheme
+// keep the user's password in $password
+
+$protected_key_encoded = // ... load it from the user's account record
+$protected_key = KeyProtectedByPassword::loadFromAsciiSafeString($protected_key_encoded);
+$user_key = $protected_key->unlockKey($password);
+$user_key_encoded = $user_key->saveToAsciiSafeString();
+// ... save $user_key_encoded in the session
+```
+
+```php
+<?php
+// ... when the user is logging out ...
+// ... securely wipe the saved $user_key_encoded from the system ...
+```
+
+When a user adds their credit card number, Dave's code will get the key from the
+session and use it to encrypt the credit card number:
+
+```php
+<?php
+use Defuse\Crypto\Crypto;
+use Defuse\Crypto\Key;
+
+// ...
+
+$user_key_encoded = // ... get it out of the session ...
+$user_key = Key::loadFromAsciiSafeString($user_key_encoded);
+
+// ...
+
+$credit_card_number = // ... get credit card number from the user
+$encrypted_card_number = Crypto::encrypt($credit_card_number, $user_key);
+// ... save $encrypted_card_number in the database
+```
+
+When the application needs to use the credit card number, it will decrypt it:
+
+```php
+<?php
+use Defuse\Crypto\Crypto;
+use Defuse\Crypto\Key;
+
+// ...
+
+$user_key_encoded = // ... get it out of the session
+$user_key = Key::loadFromAsciiSafeString($user_key_encoded);
+
+// ...
+
+$encrypted_card_number = // ... load it from the database ...
+try {
+    $credit_card_number = Crypto::decrypt($encrypted_card_number, $user_key);
+} catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) {
+    // Either there's a bug in our code, we're trying to decrypt with the
+    // wrong key, or the encrypted credit card number was corrupted in the
+    // database.
+
+    // ... handle this case ...
+}
+```
+
+With all caveats carefully heeded, this solution limits credit card number
+exposure in the case where Alice's server gets hacked for a short amount of
+time. Remember to think about the attacks that *aren't* included in our threat
+model. The attacker is still free to do all sorts of harmful things like
+modifying the server's data which may go undetected if Alice doesn't have secure
+backups to compare against.
+
+Getting Help
+-------------
+
+If you're having difficulty using the library, see if your problem is already
+solved by an answer in the [FAQ](FAQ.md).
diff --git a/vendor/defuse/php-encryption/docs/UpgradingFromV1.2.md b/vendor/defuse/php-encryption/docs/UpgradingFromV1.2.md
new file mode 100644
index 0000000000..8eafe88e01
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/UpgradingFromV1.2.md
@@ -0,0 +1,51 @@
+Upgrading From Version 1.2
+===========================
+
+With version 2.0.0 of this library came major changes to the ciphertext format,
+algorithms used for encryption, and API.
+
+In version 1.2, keys were represented by 16-byte string variables. In version
+2.0.0, keys are represented by objects, instances of the `Key` class. This
+change was made in order to make it harder to misuse the API. For example, in
+version 1.2, you could pass in *any* 16-byte string, but in version 2.0.0 you
+need a `Key` object, which you can only get if you're "doing the right thing."
+
+This means that for all of your old version 1.2 keys, you'll have to:
+
+1. Generate a new version 2.0.0 key.
+2. For all of the ciphertexts encrypted under the old key:
+    1. Decrypt the ciphertext using the old version 1.2 key.
+    2. Re-encrypt it using the new version 2.0.0 key.
+
+Use the special `Crypto::legacyDecrypt()` method to decrypt the old ciphertexts
+using the old key and then re-encrypt them using `Crypto::encrypt()` with the
+new key. Your code will look something like the following. To avoid data loss,
+securely back up your keys and data before running your upgrade code.
+
+```php
+<?php
+
+    // ...
+
+    $legacy_ciphertext = // ... get the ciphertext you want to upgrade ...
+    $legacy_key = // ... get the key to decrypt this ciphertext ...
+
+    // Generate the new key that we'll re-encrypt the ciphertext with.
+    $new_key = Key::createNewRandomKey();
+    // ... save it somewhere ...
+
+    // Decrypt it.
+    try {
+        $plaintext = Crypto::legacyDecrypt($legacy_ciphertext, $legacy_key);
+    } catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex)
+    {
+        // ... TODO: handle this case appropriately ...
+    }
+
+    // Re-encrypt it.
+    $new_ciphertext = Crypto::encrypt($plaintext, $new_key);
+
+    // ... replace the old $legacy_ciphertext with the new $new_ciphertext
+
+    // ...
+```
diff --git a/vendor/defuse/php-encryption/docs/classes/Crypto.md b/vendor/defuse/php-encryption/docs/classes/Crypto.md
new file mode 100644
index 0000000000..e98251192a
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/classes/Crypto.md
@@ -0,0 +1,260 @@
+Class: Defuse\Crypto\Crypto
+============================
+
+The `Crypto` class provides encryption and decryption of strings either using
+a secret key or secret password. For encryption and decryption of large files,
+see the `File` class.
+
+This code for this class is in `src/Crypto.php`.
+
+Instance Methods
+-----------------
+
+This class has no instance methods.
+
+Static Methods
+---------------
+
+### Crypto::encrypt($plaintext, Key $key, $raw\_binary = false)
+
+**Description:**
+
+Encrypts a plaintext string using a secret key.
+
+**Parameters:**
+
+1. `$plaintext` is the string to encrypt.
+2. `$key` is an instance of `Key` containing the secret key for encryption.
+3. `$raw_binary` determines whether the output will be a byte string (true) or
+  hex encoded (false, the default).
+
+**Return value:**
+
+Returns a ciphertext string representing `$plaintext` encrypted with the key
+`$key`. Knowledge of `$key` is required in order to decrypt the ciphertext and
+recover the plaintext.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+This method runs a small and very fast set of self-tests if it is the very first
+time one of the `Crypto` methods has been called. The performance overhead is
+negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+The ciphertext returned by this method is decryptable by anyone with knowledge
+of the key `$key`. It is the caller's responsibility to keep `$key` secret.
+Where `$key` should be stored is up to the caller and depends on the threat
+model the caller is designing their application under. If you are unsure where
+to store `$key`, consult with a professional cryptographer to get help designing
+your application.
+
+### Crypto::decrypt($ciphertext, Key $key, $raw\_binary = false)
+
+**Description:**
+
+Decrypts a ciphertext string using a secret key.
+
+**Parameters:**
+
+1. `$ciphertext` is the ciphertext to be decrypted.
+2. `$key` is an instance of `Key` containing the secret key for decryption.
+3. `$raw_binary` must have the same value as the `$raw_binary` given to the
+   call to `encrypt()` that generated `$ciphertext`.
+
+**Return value:**
+
+If the decryption succeeds, returns a string containing the same value as the
+string that was passed to `encrypt()` when `$ciphertext` was produced. Upon
+a successful return, the caller can be assured that `$ciphertext` could not have
+been produced except by someone with knowledge of `$key`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$key` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects and performance:**
+
+This method runs a small and very fast set of self-tests if it is the very first
+time one of the `Crypto` methods has been called. The performance overhead is
+negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong key and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
+### Crypto::encryptWithPassword($plaintext, $password, $raw\_binary = false)
+
+**Description:**
+
+Encrypts a plaintext string using a secret password.
+
+**Parameters:**
+
+1. `$plaintext` is the string to encrypt.
+2. `$password` is a string containing the secret password used for encryption.
+3. `$raw_binary` determines whether the output will be a byte string (true) or
+  hex encoded (false, the default).
+
+**Return value:**
+
+Returns a ciphertext string representing `$plaintext` encrypted with a key
+derived from `$password`. Knowledge of `$password` is required in order to
+decrypt the ciphertext and recover the plaintext.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+This method is intentionally slow, using a lot of CPU resources for a fraction
+of a second. It applies key stretching to the password in order to make password
+guessing attacks more computationally expensive. If you need a faster way to
+encrypt multiple ciphertexts under the same password, see the
+`KeyProtectedByPassword` class.
+
+This method runs a small and very fast set of self-tests if it is the very first
+time one of the `Crypto` methods has been called. The performance overhead is
+negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+### Crypto::decryptWithPassword($ciphertext, $password, $raw\_binary = false)
+
+**Description:**
+
+Decrypts a ciphertext string using a secret password.
+
+**Parameters:**
+
+1. `$ciphertext` is the ciphertext to be decrypted.
+2. `$password` is a string containing the secret password used for decryption.
+3. `$raw_binary` must have the same value as the `$raw_binary` given to the
+   call to `encryptWithPassword()` that generated `$ciphertext`.
+
+**Return value:**
+
+If the decryption succeeds, returns a string containing the same value as the
+string that was passed to `encryptWithPassword()` when `$ciphertext` was
+produced. Upon a successful return, the caller can be assured that `$ciphertext`
+could not have been produced except by someone with knowledge of `$password`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$password` is not the correct password for the given ciphertext, or if
+  the ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects:**
+
+This method is intentionally slow. It applies key stretching to the password in
+order to make password guessing attacks more computationally expensive. If you
+need a faster way to encrypt multiple ciphertexts under the same password, see
+the `KeyProtectedByPassword` class.
+
+This method runs a small and very fast set of self-tests if it is the very first
+time one of the `Crypto` methods has been called. The performance overhead is
+negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong password and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
+### Crypto::legacyDecrypt($ciphertext, $key)
+
+**Description:**
+
+Decrypts a ciphertext produced by version 1 of this library so that the
+plaintext can be re-encrypted into a version 2 ciphertext. See [Upgrading from
+v1.2](../UpgradingFromV1.2.md).
+
+**Parameters:**
+
+1. `$ciphertext` is a ciphertext produced by version 1.x of this library.
+2. `$key` is a 16-byte string (*not* a Key object) containing the key that was
+   used with version 1.x of this library to produce `$ciphertext`.
+
+**Return value:**
+
+If the decryption succeeds, returns the string that was encrypted to make
+`$ciphertext` by version 1.x of this library. Upon a successful return, the
+caller can be assured that `$ciphertext` could not have been produced except by
+someone with knowledge of `$key`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$key` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects:**
+
+This method runs a small and very fast set of self-tests if it is the very first
+time one of the `Crypto` methods has been called. The performance overhead is
+negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$key` may be leaked out to an attacker through the stack trace. We
+recommend configuring PHP to never output stack traces (either displaying them
+to the user or saving them to log files).
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong key and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
diff --git a/vendor/defuse/php-encryption/docs/classes/File.md b/vendor/defuse/php-encryption/docs/classes/File.md
new file mode 100644
index 0000000000..fda607e085
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/classes/File.md
@@ -0,0 +1,446 @@
+Class: Defuse\Crypto\File
+==========================
+
+Instance Methods
+-----------------
+
+This class has no instance methods.
+
+Static Methods
+---------------
+
+### File::encryptFile($inputFilename, $outputFilename, Key $key)
+
+**Description:**
+
+Encrypts a file using a secret key.
+
+**Parameters:**
+
+1. `$inputFilename` is the path to a file containing the plaintext to encrypt.
+2. `$outputFilename` is the path to save the ciphertext file.
+3. `$key` is an instance of `Key` containing the secret key for encryption.
+
+**Behavior:**
+
+Encrypts the contents of the input file, writing the result to the output file.
+If the output file already exists, it is overwritten.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+The ciphertext output by this method is decryptable by anyone with knowledge of
+the key `$key`. It is the caller's responsibility to keep `$key` secret. Where
+`$key` should be stored is up to the caller and depends on the threat model the
+caller is designing their application under. If you are unsure where to store
+`$key`, consult with a professional cryptographer to get help designing your
+application.
+
+### File::decryptFile($inputFilename, $outputFilename, Key $key)
+
+**Description:**
+
+Decrypts a file using a secret key.
+
+**Parameters:**
+
+1. `$inputFilename` is the path to a file containing the ciphertext to decrypt.
+2. `$outputFilename` is the path to save the decrypted plaintext file.
+3. `$key` is an instance of `Key` containing the secret key for decryption.
+
+**Behavior:**
+
+Decrypts the contents of the input file, writing the result to the output file.
+If the output file already exists, it is overwritten.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$key` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects and performance:**
+
+The input ciphertext is processed in two passes. The first pass verifies the
+integrity and the second pass performs the actual decryption of the file and
+writing to the output file. This is done in a streaming manner so that only
+a small part of the file is ever loaded into memory at a time.
+
+**Cautions:**
+
+Be aware that when `Defuse\Crypto\WrongKeyOrModifiedCiphertextException` is
+thrown, some partial plaintext data may have been written to the output. Any
+plaintext data that is output is guaranteed to be a prefix of the original
+plaintext (i.e. at worst it was truncated). This can only happen if an attacker
+modifies the input between the first pass (integrity check) and the second pass
+(decryption) over the file.
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong key and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
+### File::encryptFileWithPassword($inputFilename, $outputFilename, $password)
+
+**Description:**
+
+Encrypts a file with a password.
+
+**Parameters:**
+
+1. `$inputFilename` is the path to a file containing the plaintext to encrypt.
+2. `$outputFilename` is the path to save the ciphertext file.
+3. `$password` is the password used for decryption.
+
+**Behavior:**
+
+Encrypts the contents of the input file, writing the result to the output file.
+If the output file already exists, it is overwritten.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+This method is intentionally slow, using a lot of CPU resources for a fraction
+of a second. It applies key stretching to the password in order to make password
+guessing attacks more computationally expensive. If you need a faster way to
+encrypt multiple ciphertexts under the same password, see the
+`KeyProtectedByPassword` class.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+### File::decryptFileWithPassword($inputFilename, $outputFilename, $password)
+
+**Description:**
+
+Decrypts a file with a password.
+
+**Parameters:**
+
+1. `$inputFilename` is the path to a file containing the ciphertext to decrypt.
+2. `$outputFilename` is the path to save the decrypted plaintext file.
+3. `$password` is the password used for decryption.
+
+**Behavior:**
+
+Decrypts the contents of the input file, writing the result to the output file.
+If the output file already exists, it is overwritten.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$password` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects and performance:**
+
+This method is intentionally slow, using a lot of CPU resources for a fraction
+of a second. It applies key stretching to the password in order to make password
+guessing attacks more computationally expensive. If you need a faster way to
+encrypt multiple ciphertexts under the same password, see the
+`KeyProtectedByPassword` class.
+
+The input ciphertext is processed in two passes. The first pass verifies the
+integrity and the second pass performs the actual decryption of the file and
+writing to the output file. This is done in a streaming manner so that only
+a small part of the file is ever loaded into memory at a time.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+Be aware that when `Defuse\Crypto\WrongKeyOrModifiedCiphertextException` is
+thrown, some partial plaintext data may have been written to the output. Any
+plaintext data that is output is guaranteed to be a prefix of the original
+plaintext (i.e. at worst it was truncated). This can only happen if an attacker
+modifies the input between the first pass (integrity check) and the second pass
+(decryption) over the file.
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong password and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
+### File::encryptResource($inputHandle, $outputHandle, Key $key)
+
+**Description:**
+
+Encrypts a resource (stream) with a secret key.
+
+**Parameters:**
+
+1. `$inputHandle` is a handle to a resource (like a file pointer) containing the
+   plaintext to encrypt.
+2. `$outputHandle` is a handle to a resource (like a file pointer) that the
+   ciphertext will be written to.
+3. `$key` is an instance of `Key` containing the secret key for encryption.
+
+**Behavior:**
+
+Encrypts the data read from the input stream and writes it to the output stream.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+The ciphertext output by this method is decryptable by anyone with knowledge of
+the key `$key`. It is the caller's responsibility to keep `$key` secret. Where
+`$key` should be stored is up to the caller and depends on the threat model the
+caller is designing their application under. If you are unsure where to store
+`$key`, consult with a professional cryptographer to get help designing your
+application.
+
+### File::decryptResource($inputHandle, $outputHandle, Key $key)
+
+**Description:**
+
+Decrypts a resource (stream) with a secret key.
+
+**Parameters:**
+
+1. `$inputHandle` is a handle to a file-backed resource containing the
+   ciphertext to decrypt. It must be a file not a network stream or standard
+   input.
+2. `$outputHandle` is a handle to a resource (like a file pointer) that the
+   plaintext will be written to.
+3. `$key` is an instance of `Key` containing the secret key for decryption.
+
+**Behavior:**
+
+Decrypts the data read from the input stream and writes it to the output stream.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$key` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects and performance:**
+
+The input ciphertext is processed in two passes. The first pass verifies the
+integrity and the second pass performs the actual decryption of the file and
+writing to the output file. This is done in a streaming manner so that only
+a small part of the file is ever loaded into memory at a time.
+
+**Cautions:**
+
+Be aware that when `Defuse\Crypto\WrongKeyOrModifiedCiphertextException` is
+thrown, some partial plaintext data may have been written to the output. Any
+plaintext data that is output is guaranteed to be a prefix of the original
+plaintext (i.e. at worst it was truncated). This can only happen if an attacker
+modifies the input between the first pass (integrity check) and the second pass
+(decryption) over the file.
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong key and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
+
+### File::encryptResourceWithPassword($inputHandle, $outputHandle, $password)
+
+**Description:**
+
+Encrypts a resource (stream) with a password.
+
+**Parameters:**
+
+1. `$inputHandle` is a handle to a resource (like a file pointer) containing the
+   plaintext to encrypt.
+2. `$outputHandle` is a handle to a resource (like a file pointer) that the
+   ciphertext will be written to.
+3. `$password` is the password used for encryption.
+
+**Behavior:**
+
+Encrypts the data read from the input stream and writes it to the output stream.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+This method is intentionally slow, using a lot of CPU resources for a fraction
+of a second. It applies key stretching to the password in order to make password
+guessing attacks more computationally expensive. If you need a faster way to
+encrypt multiple ciphertexts under the same password, see the
+`KeyProtectedByPassword` class.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+### File::decryptResourceWithPassword($inputHandle, $outputHandle, $password)
+
+**Description:**
+
+Decrypts a resource (stream) with a password.
+
+**Parameters:**
+
+1. `$inputHandle` is a handle to a file-backed resource containing the
+   ciphertext to decrypt. It must be a file not a network stream or standard
+   input.
+2. `$outputHandle` is a handle to a resource (like a file pointer) that the
+   plaintext will be written to.
+3. `$password` is the password used for decryption.
+
+**Behavior:**
+
+Decrypts the data read from the input stream and writes it to the output stream.
+
+**Return value:**
+
+Does not return a value.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\IOException` is thrown if there is an I/O error.
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  the `$password` is not the correct key for the given ciphertext, or if the
+  ciphertext has been modified (possibly maliciously). There is no way to
+  distinguish between these two cases.
+
+**Side-effects and performance:**
+
+This method is intentionally slow, using a lot of CPU resources for a fraction
+of a second. It applies key stretching to the password in order to make password
+guessing attacks more computationally expensive. If you need a faster way to
+encrypt multiple ciphertexts under the same password, see the
+`KeyProtectedByPassword` class.
+
+The input ciphertext is processed in two passes. The first pass verifies the
+integrity and the second pass performs the actual decryption of the file and
+writing to the output file. This is done in a streaming manner so that only
+a small part of the file is ever loaded into memory at a time.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+Be aware that when `Defuse\Crypto\WrongKeyOrModifiedCiphertextException` is
+thrown, some partial plaintext data may have been written to the output. Any
+plaintext data that is output is guaranteed to be a prefix of the original
+plaintext (i.e. at worst it was truncated). This can only happen if an attacker
+modifies the input between the first pass (integrity check) and the second pass
+(decryption) over the file.
+
+It is impossible in principle to distinguish between the case where you attempt
+to decrypt with the wrong password and the case where you attempt to decrypt
+a modified (corrupted) ciphertext. It is up to the caller how to best deal with
+this ambiguity, as it depends on the application this library is being used in.
+If in doubt, consult with a professional cryptographer.
diff --git a/vendor/defuse/php-encryption/docs/classes/Key.md b/vendor/defuse/php-encryption/docs/classes/Key.md
new file mode 100644
index 0000000000..2befb99c38
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/classes/Key.md
@@ -0,0 +1,117 @@
+Class: Defuse\Crypto\Key
+=========================
+
+The `Key` class represents a secret key used for encrypting and decrypting. Once
+you have a `Key` instance, you can use it with the `Crypto` class to encrypt and
+decrypt strings and with the `File` class to encrypt and decrypt files.
+
+Instance Methods
+-----------------
+
+### saveToAsciiSafeString()
+
+**Description:**
+
+Saves the encryption key to a string of printable ASCII characters, which can be
+loaded again into a `Key` instance using `Key::loadFromAsciiSafeString()`.
+
+**Parameters:**
+
+This method does not take any parameters.
+
+**Return value:**
+
+Returns a string of printable ASCII characters representing this `Key` instance,
+which can be loaded back into an instance of `Key` using
+`Key::loadFromAsciiSafeString()`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+This method currently returns a hexadecimal string. You should not rely on this
+behavior. For example, it may be improved in the future to return a base64
+string.
+
+Static Methods
+---------------
+
+### Key::createNewRandomKey()
+
+**Description:**
+
+Generates a new random key and returns an instance of `Key`.
+
+**Parameters:**
+
+This method does not take any parameters.
+
+**Return value:**
+
+Returns an instance of `Key` containing a randomly-generated encryption key.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+None.
+
+### Key::loadFromAsciiSafeString($saved\_key\_string, $do\_not\_trim = false)
+
+**Description:**
+
+Loads an instance of `Key` that was saved to a string by
+`saveToAsciiSafeString()`.
+
+By default, this function will call `Encoding::trimTrailingWhitespace()`
+to remove trailing CR, LF, NUL, TAB, and SPACE characters, which are commonly
+appended to files when working with text editors.
+
+**Parameters:**
+
+1. `$saved_key_string` is the string returned from `saveToAsciiSafeString()`
+   when the original `Key` instance was saved.
+2. `$do_not_trim` should be set to `TRUE` if you do not wish for the library
+   to automatically strip trailing whitespace from the string. 
+
+**Return value:**
+
+Returns an instance of `Key` representing the same encryption key as the one
+that was represented by the `Key` instance that got saved into
+`$saved_key_string` by a call to `saveToAsciiSafeString()`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\BadFormatException` is thrown whenever
+  `$saved_key_string` does not represent a valid `Key` instance.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+None.
diff --git a/vendor/defuse/php-encryption/docs/classes/KeyProtectedByPassword.md b/vendor/defuse/php-encryption/docs/classes/KeyProtectedByPassword.md
new file mode 100644
index 0000000000..b286f44ebe
--- /dev/null
+++ b/vendor/defuse/php-encryption/docs/classes/KeyProtectedByPassword.md
@@ -0,0 +1,191 @@
+Class: Defuse\Crypto\KeyProtectedByPassword
+============================================
+
+The `KeyProtectedByPassword` class represents a key that is "locked" with
+a password. In order to obtain an instance of `Key` that you can use for
+encrypting and decrypting, a `KeyProtectedByPassword` must first be "unlocked"
+by providing the correct password.
+
+`KeyProtectedByPassword` provides an alternative to using the
+`encryptWithPassword()`, `decryptWithPassword()`, `encryptFileWithPassword()`,
+and `decryptFileWithPassword()` methods with several advantages:
+
+- The slow and computationally-expensive key stretching is run only once when
+  you unlock a `KeyProtectedByPassword` to obtain the `Key`.
+- You do not have to keep the original password in memory to encrypt and decrypt
+  things. After you've obtained the `Key` from a `KeyProtectedByPassword`, the
+  password is no longer necessary.
+
+Instance Methods
+-----------------
+
+### saveToAsciiSafeString()
+
+**Description:**
+
+Saves the protected key to a string of printable ASCII characters, which can be
+loaded again into a `KeyProtectedByPassword` instance using
+`KeyProtectedByPassword::loadFromAsciiSafeString()`.
+
+**Parameters:**
+
+This method does not take any parameters.
+
+**Return value:**
+
+Returns a string of printable ASCII characters representing this
+`KeyProtectedByPassword` instance, which can be loaded back into an instance of
+`KeyProtectedByPassword` using
+`KeyProtectedByPassword::loadFromAsciiSafeString()`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+This method currently returns a hexadecimal string. You should not rely on this
+behavior. For example, it may be improved in the future to return a base64
+string.
+
+### unlockKey($password)
+
+**Description:**
+
+Unlocks the password-protected key, obtaining a `Key` which can be used for
+encryption and decryption.
+
+**Parameters:**
+
+1. `$password` is the password required to unlock this `KeyProtectedByPassword`
+   to obtain the `Key`.
+
+**Return value:**
+
+If `$password` is the correct password, then this method returns an instance of
+the `Key` class.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException` is thrown if
+  either the given `$password` is not the correct password for this
+  `KeyProtectedByPassword` or the ciphertext stored internally by this object
+  has been modified, i.e. it was accidentally corrupted or intentionally
+  corrupted by an attacker. There is no way for the caller to distinguish
+  between these two cases.
+
+**Side-effects and performance:**
+
+This method runs a small and very fast set of self-tests if it is the very first
+time this method or one of the `Crypto` methods has been called. The performance
+overhead is negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+It is impossible in principle to distinguish between the case where you attempt
+to unlock with the wrong password and the case where you attempt to unlock
+a modified (corrupted) `KeyProtectedByPassword. It is up to the caller how to
+best deal with this ambiguity, as it depends on the application this library is
+being used in. If in doubt, consult with a professional cryptographer.
+
+Static Methods
+---------------
+
+### KeyProtectedByPassword::createRandomPasswordProtectedKey($password)
+
+**Description:**
+
+Generates a new random key that's protected by the string `$password` and
+returns an instance of `KeyProtectedByPassword`.
+
+**Parameters:**
+
+1. `$password` is the password used to protect the random key.
+
+**Return value:**
+
+Returns an instance of `KeyProtectedByPassword` containing a randomly-generated
+encryption key that's protected by the password `$password`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+**Side-effects and performance:**
+
+This method runs a small and very fast set of self-tests if it is the very first
+time this method or one of the `Crypto` methods has been called. The performance
+overhead is negligible and can be safely ignored in all applications.
+
+**Cautions:**
+
+PHP stack traces display (portions of) the arguments passed to methods on the
+call stack. If an exception is thrown inside this call, and it is uncaught, the
+value of `$password` may be leaked out to an attacker through the stack trace.
+We recommend configuring PHP to never output stack traces (either displaying
+them to the user or saving them to log files).
+
+Be aware that if you protecting multiple keys with the same password, an
+attacker with write access to your system will be able to swap the protected
+keys around so that the wrong key gets used next time it is unlocked. This could
+lead to data being encrypted with the wrong key, perhaps one that the attacker
+knows.
+
+### KeyProtectedByPassword::loadFromAsciiSafeString($saved\_key\_string)
+
+**Description:**
+
+Loads an instance of `KeyProtectedByPassword` that was saved to a string by
+`saveToAsciiSafeString()`.
+
+**Parameters:**
+
+1. `$saved_key_string` is the string returned from `saveToAsciiSafeString()`
+   when the original `KeyProtectedByPassword` instance was saved.
+
+**Return value:**
+
+Returns an instance of `KeyProtectedByPassword` representing the same
+password-protected key as the one that was represented by the
+`KeyProtectedByPassword` instance that got saved into `$saved_key_string` by
+a call to `saveToAsciiSafeString()`.
+
+**Exceptions:**
+
+- `Defuse\Crypto\Exception\EnvironmentIsBrokenException` is thrown either when
+  the platform the code is running on cannot safely perform encryption for some
+  reason (e.g. it lacks a secure random number generator), or the runtime tests
+  detected a bug in this library.
+
+- `Defuse\Crypto\Exception\BadFormatException` is thrown whenever
+  `$saved_key_string` does not represent a valid `KeyProtectedByPassword`
+  instance.
+
+**Side-effects and performance:**
+
+None.
+
+**Cautions:**
+
+None.
diff --git a/vendor/defuse/php-encryption/psalm.xml b/vendor/defuse/php-encryption/psalm.xml
new file mode 100644
index 0000000000..b3f25cae1e
--- /dev/null
+++ b/vendor/defuse/php-encryption/psalm.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<psalm
+    stopOnFirstError="false"
+    useDocblockTypes="true"
+>
+    <projectFiles>
+        <directory name="src" />
+    </projectFiles>
+</psalm>
diff --git a/vendor/defuse/php-encryption/src/Core.php b/vendor/defuse/php-encryption/src/Core.php
new file mode 100644
index 0000000000..3f5ed5224e
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Core.php
@@ -0,0 +1,446 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class Core
+{
+    const HEADER_VERSION_SIZE               = 4;
+    const MINIMUM_CIPHERTEXT_SIZE           = 84;
+
+    const CURRENT_VERSION                   = "\xDE\xF5\x02\x00";
+
+    const CIPHER_METHOD                     = 'aes-256-ctr';
+    const BLOCK_BYTE_SIZE                   = 16;
+    const KEY_BYTE_SIZE                     = 32;
+    const SALT_BYTE_SIZE                    = 32;
+    const MAC_BYTE_SIZE                     = 32;
+    const HASH_FUNCTION_NAME                = 'sha256';
+    const ENCRYPTION_INFO_STRING            = 'DefusePHP|V2|KeyForEncryption';
+    const AUTHENTICATION_INFO_STRING        = 'DefusePHP|V2|KeyForAuthentication';
+    const BUFFER_BYTE_SIZE                  = 1048576;
+
+    const LEGACY_CIPHER_METHOD              = 'aes-128-cbc';
+    const LEGACY_BLOCK_BYTE_SIZE            = 16;
+    const LEGACY_KEY_BYTE_SIZE              = 16;
+    const LEGACY_HASH_FUNCTION_NAME         = 'sha256';
+    const LEGACY_MAC_BYTE_SIZE              = 32;
+    const LEGACY_ENCRYPTION_INFO_STRING     = 'DefusePHP|KeyForEncryption';
+    const LEGACY_AUTHENTICATION_INFO_STRING = 'DefusePHP|KeyForAuthentication';
+
+    /*
+     * V2.0 Format: VERSION (4 bytes) || SALT (32 bytes) || IV (16 bytes) ||
+     *              CIPHERTEXT (varies) || HMAC (32 bytes)
+     *
+     * V1.0 Format: HMAC (32 bytes) || IV (16 bytes) || CIPHERTEXT (varies).
+     */
+
+    /**
+     * Adds an integer to a block-sized counter.
+     *
+     * @param string $ctr
+     * @param int    $inc
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function incrementCounter($ctr, $inc)
+    {
+        if (Core::ourStrlen($ctr) !== Core::BLOCK_BYTE_SIZE) {
+            throw new Ex\EnvironmentIsBrokenException(
+              'Trying to increment a nonce of the wrong size.'
+            );
+        }
+
+        if (! \is_int($inc)) {
+            throw new Ex\EnvironmentIsBrokenException(
+              'Trying to increment nonce by a non-integer.'
+            );
+        }
+
+        if ($inc < 0) {
+            throw new Ex\EnvironmentIsBrokenException(
+              'Trying to increment nonce by a negative amount.'
+            );
+        }
+
+        if ($inc > PHP_INT_MAX - 255) {
+            throw new Ex\EnvironmentIsBrokenException(
+              'Integer overflow may occur.'
+            );
+        }
+
+        /*
+         * We start at the rightmost byte (big-endian)
+         * So, too, does OpenSSL: http://stackoverflow.com/a/3146214/2224584
+         */
+        for ($i = Core::BLOCK_BYTE_SIZE - 1; $i >= 0; --$i) {
+            $sum = \ord($ctr[$i]) + $inc;
+
+            /* Detect integer overflow and fail. */
+            if (! \is_int($sum)) {
+                throw new Ex\EnvironmentIsBrokenException(
+                  'Integer overflow in CTR mode nonce increment.'
+                );
+            }
+
+            $ctr[$i] = \pack('C', $sum & 0xFF);
+            $inc     = $sum >> 8;
+        }
+        return $ctr;
+    }
+
+    /**
+     * Returns a random byte string of the specified length.
+     *
+     * @param int $octets
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function secureRandom($octets)
+    {
+        self::ensureFunctionExists('random_bytes');
+        try {
+            return \random_bytes($octets);
+        } catch (\Exception $ex) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Your system does not have a secure random number generator.'
+            );
+        }
+    }
+
+    /**
+     * Computes the HKDF key derivation function specified in
+     * http://tools.ietf.org/html/rfc5869.
+     *
+     * @param string $hash   Hash Function
+     * @param string $ikm    Initial Keying Material
+     * @param int    $length How many bytes?
+     * @param string $info   What sort of key are we deriving?
+     * @param string $salt
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @psalm-suppress UndefinedFunction - We're checking if the function exists first.
+     *
+     * @return string
+     */
+    public static function HKDF($hash, $ikm, $length, $info = '', $salt = null)
+    {
+        static $nativeHKDF = null;
+        if ($nativeHKDF === null) {
+            $nativeHKDF = \is_callable('\\hash_hkdf');
+        }
+        if ($nativeHKDF) {
+            return \hash_hkdf($hash, $ikm, $length, $info, $salt);
+        }
+
+        $digest_length = Core::ourStrlen(\hash_hmac($hash, '', '', true));
+
+        // Sanity-check the desired output length.
+        if (empty($length) || ! \is_int($length) ||
+            $length < 0 || $length > 255 * $digest_length) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Bad output length requested of HKDF.'
+            );
+        }
+
+        // "if [salt] not provided, is set to a string of HashLen zeroes."
+        if (\is_null($salt)) {
+            $salt = \str_repeat("\x00", $digest_length);
+        }
+
+        // HKDF-Extract:
+        // PRK = HMAC-Hash(salt, IKM)
+        // The salt is the HMAC key.
+        $prk = \hash_hmac($hash, $ikm, $salt, true);
+
+        // HKDF-Expand:
+
+        // This check is useless, but it serves as a reminder to the spec.
+        if (Core::ourStrlen($prk) < $digest_length) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // T(0) = ''
+        $t          = '';
+        $last_block = '';
+        for ($block_index = 1; Core::ourStrlen($t) < $length; ++$block_index) {
+            // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
+            $last_block = \hash_hmac(
+                $hash,
+                $last_block . $info . \chr($block_index),
+                $prk,
+                true
+            );
+            // T = T(1) | T(2) | T(3) | ... | T(N)
+            $t .= $last_block;
+        }
+
+        // ORM = first L octets of T
+        /** @var string $orm */
+        $orm = Core::ourSubstr($t, 0, $length);
+        if (!\is_string($orm)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+        return $orm;
+    }
+
+    /**
+     * Checks if two equal-length strings are the same without leaking
+     * information through side channels.
+     *
+     * @param string $expected
+     * @param string $given
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return bool
+     */
+    public static function hashEquals($expected, $given)
+    {
+        static $native = null;
+        if ($native === null) {
+            $native = \function_exists('hash_equals');
+        }
+        if ($native) {
+            return \hash_equals($expected, $given);
+        }
+
+        // We can't just compare the strings with '==', since it would make
+        // timing attacks possible. We could use the XOR-OR constant-time
+        // comparison algorithm, but that may not be a reliable defense in an
+        // interpreted language. So we use the approach of HMACing both strings
+        // with a random key and comparing the HMACs.
+
+        // We're not attempting to make variable-length string comparison
+        // secure, as that's very difficult. Make sure the strings are the same
+        // length.
+        if (Core::ourStrlen($expected) !== Core::ourStrlen($given)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        $blind           = Core::secureRandom(32);
+        $message_compare = \hash_hmac(Core::HASH_FUNCTION_NAME, $given, $blind);
+        $correct_compare = \hash_hmac(Core::HASH_FUNCTION_NAME, $expected, $blind);
+        return $correct_compare === $message_compare;
+    }
+    /**
+     * Throws an exception if the constant doesn't exist.
+     *
+     * @param string $name
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     */
+    public static function ensureConstantExists($name)
+    {
+        if (! \defined($name)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+    }
+
+    /**
+     * Throws an exception if the function doesn't exist.
+     *
+     * @param string $name
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     */
+    public static function ensureFunctionExists($name)
+    {
+        if (! \function_exists($name)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+    }
+
+    /*
+     * We need these strlen() and substr() functions because when
+     * 'mbstring.func_overload' is set in php.ini, the standard strlen() and
+     * substr() are replaced by mb_strlen() and mb_substr().
+     */
+
+    /**
+     * Computes the length of a string in bytes.
+     *
+     * @param string $str
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return int
+     */
+    public static function ourStrlen($str)
+    {
+        static $exists = null;
+        if ($exists === null) {
+            $exists = \function_exists('mb_strlen');
+        }
+        if ($exists) {
+            $length = \mb_strlen($str, '8bit');
+            if ($length === false) {
+                throw new Ex\EnvironmentIsBrokenException();
+            }
+            return $length;
+        } else {
+            return \strlen($str);
+        }
+    }
+
+    /**
+     * Behaves roughly like the function substr() in PHP 7 does.
+     *
+     * @param string $str
+     * @param int    $start
+     * @param int    $length
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string|bool
+     */
+    public static function ourSubstr($str, $start, $length = null)
+    {
+        static $exists = null;
+        if ($exists === null) {
+            $exists = \function_exists('mb_substr');
+        }
+
+        if ($exists) {
+            // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
+            // 5.3, so we have to find the length ourselves.
+            if (! isset($length)) {
+                if ($start >= 0) {
+                    $length = Core::ourStrlen($str) - $start;
+                } else {
+                    $length = -$start;
+                }
+            }
+
+            // This is required to make mb_substr behavior identical to substr.
+            // Without this, mb_substr() would return false, contra to what the
+            // PHP documentation says (it doesn't say it can return false.)
+            if ($start === Core::ourStrlen($str) && $length === 0) {
+                return '';
+            }
+
+            if ($start > Core::ourStrlen($str)) {
+                return false;
+            }
+
+            $substr = \mb_substr($str, $start, $length, '8bit');
+            if (Core::ourStrlen($substr) !== $length) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'Your version of PHP has bug #66797. Its implementation of
+                    mb_substr() is incorrect. See the details here:
+                    https://bugs.php.net/bug.php?id=66797'
+                );
+            }
+            return $substr;
+        }
+
+        // Unlike mb_substr(), substr() doesn't accept NULL for length
+        if (isset($length)) {
+            return \substr($str, $start, $length);
+        } else {
+            return \substr($str, $start);
+        }
+    }
+
+    /**
+     * Computes the PBKDF2 password-based key derivation function.
+     *
+     * The PBKDF2 function is defined in RFC 2898. Test vectors can be found in
+     * RFC 6070. This implementation of PBKDF2 was originally created by Taylor
+     * Hornby, with improvements from http://www.variations-of-shadow.com/.
+     *
+     * @param string $algorithm  The hash algorithm to use. Recommended: SHA256
+     * @param string $password   The password.
+     * @param string $salt       A salt that is unique to the password.
+     * @param int    $count      Iteration count. Higher is better, but slower. Recommended: At least 1000.
+     * @param int    $key_length The length of the derived key in bytes.
+     * @param bool   $raw_output If true, the key is returned in raw binary format. Hex encoded otherwise.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string A $key_length-byte key derived from the password and salt.
+     */
+    public static function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
+    {
+        // Type checks:
+        if (! \is_string($algorithm)) {
+            throw new \InvalidArgumentException(
+                'pbkdf2(): algorithm must be a string'
+            );
+        }
+        if (! \is_string($password)) {
+            throw new \InvalidArgumentException(
+                'pbkdf2(): password must be a string'
+            );
+        }
+        if (! \is_string($salt)) {
+            throw new \InvalidArgumentException(
+                'pbkdf2(): salt must be a string'
+            );
+        }
+        // Coerce strings to integers with no information loss or overflow
+        $count += 0;
+        $key_length += 0;
+
+        $algorithm = \strtolower($algorithm);
+        if (! \in_array($algorithm, \hash_algos(), true)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Invalid or unsupported hash algorithm.'
+            );
+        }
+
+        // Whitelist, or we could end up with people using CRC32.
+        $ok_algorithms = [
+            'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
+            'ripemd160', 'ripemd256', 'ripemd320', 'whirlpool',
+        ];
+        if (! \in_array($algorithm, $ok_algorithms, true)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Algorithm is not a secure cryptographic hash function.'
+            );
+        }
+
+        if ($count <= 0 || $key_length <= 0) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Invalid PBKDF2 parameters.'
+            );
+        }
+
+        if (\function_exists('hash_pbkdf2')) {
+            // The output length is in NIBBLES (4-bits) if $raw_output is false!
+            if (! $raw_output) {
+                $key_length = $key_length * 2;
+            }
+            return \hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
+        }
+
+        $hash_length = Core::ourStrlen(\hash($algorithm, '', true));
+        $block_count = \ceil($key_length / $hash_length);
+
+        $output = '';
+        for ($i = 1; $i <= $block_count; $i++) {
+            // $i encoded as 4 bytes, big endian.
+            $last = $salt . \pack('N', $i);
+            // first iteration
+            $last = $xorsum = \hash_hmac($algorithm, $last, $password, true);
+            // perform the other $count - 1 iterations
+            for ($j = 1; $j < $count; $j++) {
+                $xorsum ^= ($last = \hash_hmac($algorithm, $last, $password, true));
+            }
+            $output .= $xorsum;
+        }
+
+        if ($raw_output) {
+            return (string) Core::ourSubstr($output, 0, $key_length);
+        } else {
+            return Encoding::binToHex((string) Core::ourSubstr($output, 0, $key_length));
+        }
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/Crypto.php b/vendor/defuse/php-encryption/src/Crypto.php
new file mode 100644
index 0000000000..fdb411c76e
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Crypto.php
@@ -0,0 +1,393 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+class Crypto
+{
+    /**
+     * Encrypts a string with a Key.
+     *
+     * @param string $plaintext
+     * @param Key    $key
+     * @param bool   $raw_binary
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function encrypt($plaintext, Key $key, $raw_binary = false)
+    {
+        return self::encryptInternal(
+            $plaintext,
+            KeyOrPassword::createFromKey($key),
+            $raw_binary
+        );
+    }
+
+    /**
+     * Encrypts a string with a password, using a slow key derivation function
+     * to make password cracking more expensive.
+     *
+     * @param string $plaintext
+     * @param string $password
+     * @param bool   $raw_binary
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function encryptWithPassword($plaintext, $password, $raw_binary = false)
+    {
+        return self::encryptInternal(
+            $plaintext,
+            KeyOrPassword::createFromPassword($password),
+            $raw_binary
+        );
+    }
+
+    /**
+     * Decrypts a ciphertext to a string with a Key.
+     *
+     * @param string $ciphertext
+     * @param Key    $key
+     * @param bool   $raw_binary
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     *
+     * @return string
+     */
+    public static function decrypt($ciphertext, Key $key, $raw_binary = false)
+    {
+        return self::decryptInternal(
+            $ciphertext,
+            KeyOrPassword::createFromKey($key),
+            $raw_binary
+        );
+    }
+
+    /**
+     * Decrypts a ciphertext to a string with a password, using a slow key
+     * derivation function to make password cracking more expensive.
+     *
+     * @param string $ciphertext
+     * @param string $password
+     * @param bool   $raw_binary
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     *
+     * @return string
+     */
+    public static function decryptWithPassword($ciphertext, $password, $raw_binary = false)
+    {
+        return self::decryptInternal(
+            $ciphertext,
+            KeyOrPassword::createFromPassword($password),
+            $raw_binary
+        );
+    }
+
+    /**
+     * Decrypts a legacy ciphertext produced by version 1 of this library.
+     *
+     * @param string $ciphertext
+     * @param string $key
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     *
+     * @return string
+     */
+    public static function legacyDecrypt($ciphertext, $key)
+    {
+        RuntimeTests::runtimeTest();
+
+        // Extract the HMAC from the front of the ciphertext.
+        if (Core::ourStrlen($ciphertext) <= Core::LEGACY_MAC_BYTE_SIZE) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Ciphertext is too short.'
+            );
+        }
+        /**
+         * @var string
+         */
+        $hmac = Core::ourSubstr($ciphertext, 0, Core::LEGACY_MAC_BYTE_SIZE);
+        if (!\is_string($hmac)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+        /**
+         * @var string
+         */
+        $ciphertext = Core::ourSubstr($ciphertext, Core::LEGACY_MAC_BYTE_SIZE);
+        if (!\is_string($ciphertext)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Regenerate the same authentication sub-key.
+        $akey = Core::HKDF(
+            Core::LEGACY_HASH_FUNCTION_NAME,
+            $key,
+            Core::LEGACY_KEY_BYTE_SIZE,
+            Core::LEGACY_AUTHENTICATION_INFO_STRING,
+            null
+        );
+
+        if (self::verifyHMAC($hmac, $ciphertext, $akey)) {
+            // Regenerate the same encryption sub-key.
+            $ekey = Core::HKDF(
+                Core::LEGACY_HASH_FUNCTION_NAME,
+                $key,
+                Core::LEGACY_KEY_BYTE_SIZE,
+                Core::LEGACY_ENCRYPTION_INFO_STRING,
+                null
+            );
+
+            // Extract the IV from the ciphertext.
+            if (Core::ourStrlen($ciphertext) <= Core::LEGACY_BLOCK_BYTE_SIZE) {
+                throw new Ex\WrongKeyOrModifiedCiphertextException(
+                    'Ciphertext is too short.'
+                );
+            }
+            /**
+             * @var string
+             */
+            $iv = Core::ourSubstr($ciphertext, 0, Core::LEGACY_BLOCK_BYTE_SIZE);
+            if (!\is_string($iv)) {
+                throw new Ex\EnvironmentIsBrokenException();
+            }
+
+            /**
+             * @var string
+             */
+            $actualCiphertext = Core::ourSubstr($ciphertext, Core::LEGACY_BLOCK_BYTE_SIZE);
+            if (!\is_string($actualCiphertext)) {
+                throw new Ex\EnvironmentIsBrokenException();
+            }
+
+            // Do the decryption.
+            $plaintext = self::plainDecrypt($actualCiphertext, $ekey, $iv, Core::LEGACY_CIPHER_METHOD);
+            return $plaintext;
+        } else {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Integrity check failed.'
+            );
+        }
+    }
+
+    /**
+     * Encrypts a string with either a key or a password.
+     *
+     * @param string        $plaintext
+     * @param KeyOrPassword $secret
+     * @param bool          $raw_binary
+     *
+     * @return string
+     */
+    private static function encryptInternal($plaintext, KeyOrPassword $secret, $raw_binary)
+    {
+        RuntimeTests::runtimeTest();
+
+        $salt = Core::secureRandom(Core::SALT_BYTE_SIZE);
+        $keys = $secret->deriveKeys($salt);
+        $ekey = $keys->getEncryptionKey();
+        $akey = $keys->getAuthenticationKey();
+        $iv     = Core::secureRandom(Core::BLOCK_BYTE_SIZE);
+
+        $ciphertext = Core::CURRENT_VERSION . $salt . $iv . self::plainEncrypt($plaintext, $ekey, $iv);
+        $auth       = \hash_hmac(Core::HASH_FUNCTION_NAME, $ciphertext, $akey, true);
+        $ciphertext = $ciphertext . $auth;
+
+        if ($raw_binary) {
+            return $ciphertext;
+        }
+        return Encoding::binToHex($ciphertext);
+    }
+
+    /**
+     * Decrypts a ciphertext to a string with either a key or a password.
+     *
+     * @param string        $ciphertext
+     * @param KeyOrPassword $secret
+     * @param bool          $raw_binary
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     *
+     * @return string
+     */
+    private static function decryptInternal($ciphertext, KeyOrPassword $secret, $raw_binary)
+    {
+        RuntimeTests::runtimeTest();
+
+        if (! $raw_binary) {
+            try {
+                $ciphertext = Encoding::hexToBin($ciphertext);
+            } catch (Ex\BadFormatException $ex) {
+                throw new Ex\WrongKeyOrModifiedCiphertextException(
+                    'Ciphertext has invalid hex encoding.'
+                );
+            }
+        }
+
+        if (Core::ourStrlen($ciphertext) < Core::MINIMUM_CIPHERTEXT_SIZE) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Ciphertext is too short.'
+            );
+        }
+
+        // Get and check the version header.
+        /** @var string $header */
+        $header = Core::ourSubstr($ciphertext, 0, Core::HEADER_VERSION_SIZE);
+        if ($header !== Core::CURRENT_VERSION) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Bad version header.'
+            );
+        }
+
+        // Get the salt.
+        /** @var string $salt */
+        $salt = Core::ourSubstr(
+            $ciphertext,
+            Core::HEADER_VERSION_SIZE,
+            Core::SALT_BYTE_SIZE
+        );
+        if (!\is_string($salt)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Get the IV.
+        /** @var string $iv */
+        $iv = Core::ourSubstr(
+            $ciphertext,
+            Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE,
+            Core::BLOCK_BYTE_SIZE
+        );
+        if (!\is_string($iv)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Get the HMAC.
+        /** @var string $hmac */
+        $hmac = Core::ourSubstr(
+            $ciphertext,
+            Core::ourStrlen($ciphertext) - Core::MAC_BYTE_SIZE,
+            Core::MAC_BYTE_SIZE
+        );
+        if (!\is_string($hmac)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Get the actual encrypted ciphertext.
+        /** @var string $encrypted */
+        $encrypted = Core::ourSubstr(
+            $ciphertext,
+            Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE +
+                Core::BLOCK_BYTE_SIZE,
+            Core::ourStrlen($ciphertext) - Core::MAC_BYTE_SIZE - Core::SALT_BYTE_SIZE -
+                Core::BLOCK_BYTE_SIZE - Core::HEADER_VERSION_SIZE
+        );
+        if (!\is_string($encrypted)) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Derive the separate encryption and authentication keys from the key
+        // or password, whichever it is.
+        $keys = $secret->deriveKeys($salt);
+
+        if (self::verifyHMAC($hmac, $header . $salt . $iv . $encrypted, $keys->getAuthenticationKey())) {
+            $plaintext = self::plainDecrypt($encrypted, $keys->getEncryptionKey(), $iv, Core::CIPHER_METHOD);
+            return $plaintext;
+        } else {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Integrity check failed.'
+            );
+        }
+    }
+
+    /**
+     * Raw unauthenticated encryption (insecure on its own).
+     *
+     * @param string $plaintext
+     * @param string $key
+     * @param string $iv
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    protected static function plainEncrypt($plaintext, $key, $iv)
+    {
+        Core::ensureConstantExists('OPENSSL_RAW_DATA');
+        Core::ensureFunctionExists('openssl_encrypt');
+        /** @var string $ciphertext */
+        $ciphertext = \openssl_encrypt(
+            $plaintext,
+            Core::CIPHER_METHOD,
+            $key,
+            OPENSSL_RAW_DATA,
+            $iv
+        );
+
+        if (!\is_string($ciphertext)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'openssl_encrypt() failed.'
+            );
+        }
+
+        return $ciphertext;
+    }
+
+    /**
+     * Raw unauthenticated decryption (insecure on its own).
+     *
+     * @param string $ciphertext
+     * @param string $key
+     * @param string $iv
+     * @param string $cipherMethod
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    protected static function plainDecrypt($ciphertext, $key, $iv, $cipherMethod)
+    {
+        Core::ensureConstantExists('OPENSSL_RAW_DATA');
+        Core::ensureFunctionExists('openssl_decrypt');
+
+        /** @var string $plaintext */
+        $plaintext = \openssl_decrypt(
+            $ciphertext,
+            $cipherMethod,
+            $key,
+            OPENSSL_RAW_DATA,
+            $iv
+        );
+        if (!\is_string($plaintext)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'openssl_decrypt() failed.'
+            );
+        }
+
+        return $plaintext;
+    }
+
+    /**
+     * Verifies an HMAC without leaking information through side-channels.
+     *
+     * @param string $expected_hmac
+     * @param string $message
+     * @param string $key
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return bool
+     */
+    protected static function verifyHMAC($expected_hmac, $message, $key)
+    {
+        $message_hmac = \hash_hmac(Core::HASH_FUNCTION_NAME, $message, $key, true);
+        return Core::hashEquals($message_hmac, $expected_hmac);
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/DerivedKeys.php b/vendor/defuse/php-encryption/src/DerivedKeys.php
new file mode 100644
index 0000000000..86a48e5ea9
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/DerivedKeys.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Defuse\Crypto;
+
+/**
+ * Class DerivedKeys
+ * @package Defuse\Crypto
+ */
+final class DerivedKeys
+{
+    /**
+     * @var string
+     */
+    private $akey = '';
+
+    /**
+     * @var string
+     */
+    private $ekey = '';
+
+    /**
+     * Returns the authentication key.
+     * @return string
+     */
+    public function getAuthenticationKey()
+    {
+        return $this->akey;
+    }
+
+    /**
+     * Returns the encryption key.
+     * @return string
+     */
+    public function getEncryptionKey()
+    {
+        return $this->ekey;
+    }
+
+    /**
+     * Constructor for DerivedKeys.
+     *
+     * @param string $akey
+     * @param string $ekey
+     */
+    public function __construct($akey, $ekey)
+    {
+        $this->akey = $akey;
+        $this->ekey = $ekey;
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/Encoding.php b/vendor/defuse/php-encryption/src/Encoding.php
new file mode 100644
index 0000000000..001fb6e89e
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Encoding.php
@@ -0,0 +1,270 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class Encoding
+{
+    const CHECKSUM_BYTE_SIZE     = 32;
+    const CHECKSUM_HASH_ALGO     = 'sha256';
+    const SERIALIZE_HEADER_BYTES = 4;
+
+    /**
+     * Converts a byte string to a hexadecimal string without leaking
+     * information through side channels.
+     *
+     * @param string $byte_string
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function binToHex($byte_string)
+    {
+        $hex = '';
+        $len = Core::ourStrlen($byte_string);
+        for ($i = 0; $i < $len; ++$i) {
+            $c = \ord($byte_string[$i]) & 0xf;
+            $b = \ord($byte_string[$i]) >> 4;
+            $hex .= \pack(
+                'CC',
+                87 + $b + ((($b - 10) >> 8) & ~38),
+                87 + $c + ((($c - 10) >> 8) & ~38)
+            );
+        }
+        return $hex;
+    }
+
+    /**
+     * Converts a hexadecimal string into a byte string without leaking
+     * information through side channels.
+     *
+     * @param string $hex_string
+     *
+     * @throws Ex\BadFormatException
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function hexToBin($hex_string)
+    {
+        $hex_pos = 0;
+        $bin     = '';
+        $hex_len = Core::ourStrlen($hex_string);
+        $state   = 0;
+        $c_acc   = 0;
+
+        while ($hex_pos < $hex_len) {
+            $c        = \ord($hex_string[$hex_pos]);
+            $c_num    = $c ^ 48;
+            $c_num0   = ($c_num - 10) >> 8;
+            $c_alpha  = ($c & ~32) - 55;
+            $c_alpha0 = (($c_alpha - 10) ^ ($c_alpha - 16)) >> 8;
+            if (($c_num0 | $c_alpha0) === 0) {
+                throw new Ex\BadFormatException(
+                    'Encoding::hexToBin() input is not a hex string.'
+                );
+            }
+            $c_val = ($c_num0 & $c_num) | ($c_alpha & $c_alpha0);
+            if ($state === 0) {
+                $c_acc = $c_val * 16;
+            } else {
+                $bin .= \pack('C', $c_acc | $c_val);
+            }
+            $state ^= 1;
+            ++$hex_pos;
+        }
+        return $bin;
+    }
+    
+    /**
+     * Remove trialing whitespace without table look-ups or branches.
+     *
+     * Calling this function may leak the length of the string as well as the
+     * number of trailing whitespace characters through side-channels.
+     *
+     * @param string $string
+     * @return string
+     */
+    public static function trimTrailingWhitespace($string = '')
+    {
+        $length = Core::ourStrlen($string);
+        if ($length < 1) {
+            return '';
+        }
+        do {
+            $prevLength = $length;
+            $last = $length - 1;
+            $chr = \ord($string[$last]);
+
+            /* Null Byte (0x00), a.k.a. \0 */
+            // if ($chr === 0x00) $length -= 1;
+            $sub = (($chr - 1) >> 8 ) & 1;
+            $length -= $sub;
+            $last -= $sub;
+
+            /* Horizontal Tab (0x09) a.k.a. \t */
+            $chr = \ord($string[$last]);
+            // if ($chr === 0x09) $length -= 1;
+            $sub = (((0x08 - $chr) & ($chr - 0x0a)) >> 8) & 1;
+            $length -= $sub;
+            $last -= $sub;
+
+            /* New Line (0x0a), a.k.a. \n */
+            $chr = \ord($string[$last]);
+            // if ($chr === 0x0a) $length -= 1;
+            $sub = (((0x09 - $chr) & ($chr - 0x0b)) >> 8) & 1;
+            $length -= $sub;
+            $last -= $sub;
+
+            /* Carriage Return (0x0D), a.k.a. \r */
+            $chr = \ord($string[$last]);
+            // if ($chr === 0x0d) $length -= 1;
+            $sub = (((0x0c - $chr) & ($chr - 0x0e)) >> 8) & 1;
+            $length -= $sub;
+            $last -= $sub;
+
+            /* Space */
+            $chr = \ord($string[$last]);
+            // if ($chr === 0x20) $length -= 1;
+            $sub = (((0x1f - $chr) & ($chr - 0x21)) >> 8) & 1;
+            $length -= $sub;
+        } while ($prevLength !== $length && $length > 0);
+        return (string) Core::ourSubstr($string, 0, $length);
+    }
+
+    /*
+     * SECURITY NOTE ON APPLYING CHECKSUMS TO SECRETS:
+     *
+     *      The checksum introduces a potential security weakness. For example,
+     *      suppose we apply a checksum to a key, and that an adversary has an
+     *      exploit against the process containing the key, such that they can
+     *      overwrite an arbitrary byte of memory and then cause the checksum to
+     *      be verified and learn the result.
+     *
+     *      In this scenario, the adversary can extract the key one byte at
+     *      a time by overwriting it with their guess of its value and then
+     *      asking if the checksum matches. If it does, their guess was right.
+     *      This kind of attack may be more easy to implement and more reliable
+     *      than a remote code execution attack.
+     *
+     *      This attack also applies to authenticated encryption as a whole, in
+     *      the situation where the adversary can overwrite a byte of the key
+     *      and then cause a valid ciphertext to be decrypted, and then
+     *      determine whether the MAC check passed or failed.
+     *
+     *      By using the full SHA256 hash instead of truncating it, I'm ensuring
+     *      that both ways of going about the attack are equivalently difficult.
+     *      A shorter checksum of say 32 bits might be more useful to the
+     *      adversary as an oracle in case their writes are coarser grained.
+     *
+     *      Because the scenario assumes a serious vulnerability, we don't try
+     *      to prevent attacks of this style.
+     */
+
+    /**
+     * INTERNAL USE ONLY: Applies a version header, applies a checksum, and
+     * then encodes a byte string into a range of printable ASCII characters.
+     *
+     * @param string $header
+     * @param string $bytes
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function saveBytesToChecksummedAsciiSafeString($header, $bytes)
+    {
+        // Headers must be a constant length to prevent one type's header from
+        // being a prefix of another type's header, leading to ambiguity.
+        if (Core::ourStrlen($header) !== self::SERIALIZE_HEADER_BYTES) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Header must be ' . self::SERIALIZE_HEADER_BYTES . ' bytes.'
+            );
+        }
+
+        return Encoding::binToHex(
+            $header .
+            $bytes .
+            \hash(
+                self::CHECKSUM_HASH_ALGO,
+                $header . $bytes,
+                true
+            )
+        );
+    }
+
+    /**
+     * INTERNAL USE ONLY: Decodes, verifies the header and checksum, and returns
+     * the encoded byte string.
+     *
+     * @param string $expected_header
+     * @param string $string
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\BadFormatException
+     *
+     * @return string
+     */
+    public static function loadBytesFromChecksummedAsciiSafeString($expected_header, $string)
+    {
+        // Headers must be a constant length to prevent one type's header from
+        // being a prefix of another type's header, leading to ambiguity.
+        if (Core::ourStrlen($expected_header) !== self::SERIALIZE_HEADER_BYTES) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Header must be 4 bytes.'
+            );
+        }
+
+        /* If you get an exception here when attempting to load from a file, first pass your
+           key to Encoding::trimTrailingWhitespace() to remove newline characters, etc.      */
+        $bytes = Encoding::hexToBin($string);
+
+        /* Make sure we have enough bytes to get the version header and checksum. */
+        if (Core::ourStrlen($bytes) < self::SERIALIZE_HEADER_BYTES + self::CHECKSUM_BYTE_SIZE) {
+            throw new Ex\BadFormatException(
+                'Encoded data is shorter than expected.'
+            );
+        }
+
+        /* Grab the version header. */
+        $actual_header = (string) Core::ourSubstr($bytes, 0, self::SERIALIZE_HEADER_BYTES);
+
+        if ($actual_header !== $expected_header) {
+            throw new Ex\BadFormatException(
+                'Invalid header.'
+            );
+        }
+
+        /* Grab the bytes that are part of the checksum. */
+        $checked_bytes = (string) Core::ourSubstr(
+            $bytes,
+            0,
+            Core::ourStrlen($bytes) - self::CHECKSUM_BYTE_SIZE
+        );
+
+        /* Grab the included checksum. */
+        $checksum_a = (string) Core::ourSubstr(
+            $bytes,
+            Core::ourStrlen($bytes) - self::CHECKSUM_BYTE_SIZE,
+            self::CHECKSUM_BYTE_SIZE
+        );
+
+        /* Re-compute the checksum. */
+        $checksum_b = \hash(self::CHECKSUM_HASH_ALGO, $checked_bytes, true);
+
+        /* Check if the checksum matches. */
+        if (! Core::hashEquals($checksum_a, $checksum_b)) {
+            throw new Ex\BadFormatException(
+                "Data is corrupted, the checksum doesn't match"
+            );
+        }
+
+        return (string) Core::ourSubstr(
+            $bytes,
+            self::SERIALIZE_HEADER_BYTES,
+            Core::ourStrlen($bytes) - self::SERIALIZE_HEADER_BYTES - self::CHECKSUM_BYTE_SIZE
+        );
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/Exception/BadFormatException.php b/vendor/defuse/php-encryption/src/Exception/BadFormatException.php
new file mode 100644
index 0000000000..804d9c17e8
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Exception/BadFormatException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Defuse\Crypto\Exception;
+
+class BadFormatException extends \Defuse\Crypto\Exception\CryptoException
+{
+}
diff --git a/vendor/defuse/php-encryption/src/Exception/CryptoException.php b/vendor/defuse/php-encryption/src/Exception/CryptoException.php
new file mode 100644
index 0000000000..8d6c57fe94
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Exception/CryptoException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Defuse\Crypto\Exception;
+
+class CryptoException extends \Exception
+{
+}
diff --git a/vendor/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php b/vendor/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php
new file mode 100644
index 0000000000..7fbfc0aa71
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Exception/EnvironmentIsBrokenException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Defuse\Crypto\Exception;
+
+class EnvironmentIsBrokenException extends \Defuse\Crypto\Exception\CryptoException
+{
+}
diff --git a/vendor/defuse/php-encryption/src/Exception/IOException.php b/vendor/defuse/php-encryption/src/Exception/IOException.php
new file mode 100644
index 0000000000..cda4d151bf
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Exception/IOException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Defuse\Crypto\Exception;
+
+class IOException extends \Defuse\Crypto\Exception\CryptoException
+{
+}
diff --git a/vendor/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php b/vendor/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php
new file mode 100644
index 0000000000..4216861ba0
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Exception/WrongKeyOrModifiedCiphertextException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Defuse\Crypto\Exception;
+
+class WrongKeyOrModifiedCiphertextException extends \Defuse\Crypto\Exception\CryptoException
+{
+}
diff --git a/vendor/defuse/php-encryption/src/File.php b/vendor/defuse/php-encryption/src/File.php
new file mode 100644
index 0000000000..78e39d6f58
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/File.php
@@ -0,0 +1,784 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class File
+{
+    /**
+     * Encrypts the input file, saving the ciphertext to the output file.
+     *
+     * @param string $inputFilename
+     * @param string $outputFilename
+     * @param Key    $key
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     */
+    public static function encryptFile($inputFilename, $outputFilename, Key $key)
+    {
+        self::encryptFileInternal(
+            $inputFilename,
+            $outputFilename,
+            KeyOrPassword::createFromKey($key)
+        );
+    }
+
+    /**
+     * Encrypts a file with a password, using a slow key derivation function to
+     * make password cracking more expensive.
+     *
+     * @param string $inputFilename
+     * @param string $outputFilename
+     * @param string $password
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     */
+    public static function encryptFileWithPassword($inputFilename, $outputFilename, $password)
+    {
+        self::encryptFileInternal(
+            $inputFilename,
+            $outputFilename,
+            KeyOrPassword::createFromPassword($password)
+        );
+    }
+
+    /**
+     * Decrypts the input file, saving the plaintext to the output file.
+     *
+     * @param string $inputFilename
+     * @param string $outputFilename
+     * @param Key    $key
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function decryptFile($inputFilename, $outputFilename, Key $key)
+    {
+        self::decryptFileInternal(
+            $inputFilename,
+            $outputFilename,
+            KeyOrPassword::createFromKey($key)
+        );
+    }
+
+    /**
+     * Decrypts a file with a password, using a slow key derivation function to
+     * make password cracking more expensive.
+     *
+     * @param string $inputFilename
+     * @param string $outputFilename
+     * @param string $password
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function decryptFileWithPassword($inputFilename, $outputFilename, $password)
+    {
+        self::decryptFileInternal(
+            $inputFilename,
+            $outputFilename,
+            KeyOrPassword::createFromPassword($password)
+        );
+    }
+
+    /**
+     * Takes two resource handles and encrypts the contents of the first,
+     * writing the ciphertext into the second.
+     *
+     * @param resource $inputHandle
+     * @param resource $outputHandle
+     * @param Key      $key
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function encryptResource($inputHandle, $outputHandle, Key $key)
+    {
+        self::encryptResourceInternal(
+            $inputHandle,
+            $outputHandle,
+            KeyOrPassword::createFromKey($key)
+        );
+    }
+
+    /**
+     * Encrypts the contents of one resource handle into another with a
+     * password, using a slow key derivation function to make password cracking
+     * more expensive.
+     *
+     * @param resource $inputHandle
+     * @param resource $outputHandle
+     * @param string   $password
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function encryptResourceWithPassword($inputHandle, $outputHandle, $password)
+    {
+        self::encryptResourceInternal(
+            $inputHandle,
+            $outputHandle,
+            KeyOrPassword::createFromPassword($password)
+        );
+    }
+
+    /**
+     * Takes two resource handles and decrypts the contents of the first,
+     * writing the plaintext into the second.
+     *
+     * @param resource $inputHandle
+     * @param resource $outputHandle
+     * @param Key      $key
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function decryptResource($inputHandle, $outputHandle, Key $key)
+    {
+        self::decryptResourceInternal(
+            $inputHandle,
+            $outputHandle,
+            KeyOrPassword::createFromKey($key)
+        );
+    }
+
+    /**
+     * Decrypts the contents of one resource into another with a password, using
+     * a slow key derivation function to make password cracking more expensive.
+     *
+     * @param resource $inputHandle
+     * @param resource $outputHandle
+     * @param string   $password
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function decryptResourceWithPassword($inputHandle, $outputHandle, $password)
+    {
+        self::decryptResourceInternal(
+            $inputHandle,
+            $outputHandle,
+            KeyOrPassword::createFromPassword($password)
+        );
+    }
+
+    /**
+     * Encrypts a file with either a key or a password.
+     *
+     * @param string        $inputFilename
+     * @param string        $outputFilename
+     * @param KeyOrPassword $secret
+     * @return void
+     *
+     * @throws Ex\CryptoException
+     * @throws Ex\IOException
+     */
+    private static function encryptFileInternal($inputFilename, $outputFilename, KeyOrPassword $secret)
+    {
+        /* Open the input file. */
+        $if = @\fopen($inputFilename, 'rb');
+        if ($if === false) {
+            throw new Ex\IOException(
+                'Cannot open input file for encrypting: ' .
+                self::getLastErrorMessage()
+            );
+        }
+        if (\is_callable('\\stream_set_read_buffer')) {
+            /* This call can fail, but the only consequence is performance. */
+            \stream_set_read_buffer($if, 0);
+        }
+
+        /* Open the output file. */
+        $of = @\fopen($outputFilename, 'wb');
+        if ($of === false) {
+            \fclose($if);
+            throw new Ex\IOException(
+                'Cannot open output file for encrypting: ' .
+                self::getLastErrorMessage()
+            );
+        }
+        if (\is_callable('\\stream_set_write_buffer')) {
+            /* This call can fail, but the only consequence is performance. */
+            \stream_set_write_buffer($of, 0);
+        }
+
+        /* Perform the encryption. */
+        try {
+            self::encryptResourceInternal($if, $of, $secret);
+        } catch (Ex\CryptoException $ex) {
+            \fclose($if);
+            \fclose($of);
+            throw $ex;
+        }
+
+        /* Close the input file. */
+        if (\fclose($if) === false) {
+            \fclose($of);
+            throw new Ex\IOException(
+                'Cannot close input file after encrypting'
+            );
+        }
+
+        /* Close the output file. */
+        if (\fclose($of) === false) {
+            throw new Ex\IOException(
+                'Cannot close output file after encrypting'
+            );
+        }
+    }
+
+    /**
+     * Decrypts a file with either a key or a password.
+     *
+     * @param string        $inputFilename
+     * @param string        $outputFilename
+     * @param KeyOrPassword $secret
+     * @return void
+     *
+     * @throws Ex\CryptoException
+     * @throws Ex\IOException
+     */
+    private static function decryptFileInternal($inputFilename, $outputFilename, KeyOrPassword $secret)
+    {
+        /* Open the input file. */
+        $if = @\fopen($inputFilename, 'rb');
+        if ($if === false) {
+            throw new Ex\IOException(
+                'Cannot open input file for decrypting: ' .
+                self::getLastErrorMessage()
+            );
+        }
+
+        if (\is_callable('\\stream_set_read_buffer')) {
+            /* This call can fail, but the only consequence is performance. */
+            \stream_set_read_buffer($if, 0);
+        }
+
+        /* Open the output file. */
+        $of = @\fopen($outputFilename, 'wb');
+        if ($of === false) {
+            \fclose($if);
+            throw new Ex\IOException(
+                'Cannot open output file for decrypting: ' .
+                self::getLastErrorMessage()
+            );
+        }
+
+        if (\is_callable('\\stream_set_write_buffer')) {
+            /* This call can fail, but the only consequence is performance. */
+            \stream_set_write_buffer($of, 0);
+        }
+
+        /* Perform the decryption. */
+        try {
+            self::decryptResourceInternal($if, $of, $secret);
+        } catch (Ex\CryptoException $ex) {
+            \fclose($if);
+            \fclose($of);
+            throw $ex;
+        }
+
+        /* Close the input file. */
+        if (\fclose($if) === false) {
+            \fclose($of);
+            throw new Ex\IOException(
+                'Cannot close input file after decrypting'
+            );
+        }
+
+        /* Close the output file. */
+        if (\fclose($of) === false) {
+            throw new Ex\IOException(
+                'Cannot close output file after decrypting'
+            );
+        }
+    }
+
+    /**
+     * Encrypts a resource with either a key or a password.
+     *
+     * @param resource      $inputHandle
+     * @param resource      $outputHandle
+     * @param KeyOrPassword $secret
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     */
+    private static function encryptResourceInternal($inputHandle, $outputHandle, KeyOrPassword $secret)
+    {
+        if (! \is_resource($inputHandle)) {
+            throw new Ex\IOException(
+                'Input handle must be a resource!'
+            );
+        }
+        if (! \is_resource($outputHandle)) {
+            throw new Ex\IOException(
+                'Output handle must be a resource!'
+            );
+        }
+
+        $inputStat = \fstat($inputHandle);
+        $inputSize = $inputStat['size'];
+
+        $file_salt = Core::secureRandom(Core::SALT_BYTE_SIZE);
+        $keys = $secret->deriveKeys($file_salt);
+        $ekey = $keys->getEncryptionKey();
+        $akey = $keys->getAuthenticationKey();
+
+        $ivsize = Core::BLOCK_BYTE_SIZE;
+        $iv     = Core::secureRandom($ivsize);
+
+        /* Initialize a streaming HMAC state. */
+        /** @var resource $hmac */
+        $hmac = \hash_init(Core::HASH_FUNCTION_NAME, HASH_HMAC, $akey);
+        if (!\is_resource($hmac)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Cannot initialize a hash context'
+            );
+        }
+
+        /* Write the header, salt, and IV. */
+        self::writeBytes(
+            $outputHandle,
+            Core::CURRENT_VERSION . $file_salt . $iv,
+            Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + $ivsize
+        );
+
+        /* Add the header, salt, and IV to the HMAC. */
+        \hash_update($hmac, Core::CURRENT_VERSION);
+        \hash_update($hmac, $file_salt);
+        \hash_update($hmac, $iv);
+
+        /* $thisIv will be incremented after each call to the encryption. */
+        $thisIv = $iv;
+
+        /* How many blocks do we encrypt at a time? We increment by this value. */
+        $inc = (int) (Core::BUFFER_BYTE_SIZE / Core::BLOCK_BYTE_SIZE);
+
+        /* Loop until we reach the end of the input file. */
+        $at_file_end = false;
+        while (! (\feof($inputHandle) || $at_file_end)) {
+            /* Find out if we can read a full buffer, or only a partial one. */
+            /** @var int */
+            $pos = \ftell($inputHandle);
+            if (!\is_int($pos)) {
+                throw new Ex\IOException(
+                    'Could not get current position in input file during encryption'
+                );
+            }
+            if ($pos + Core::BUFFER_BYTE_SIZE >= $inputSize) {
+                /* We're at the end of the file, so we need to break out of the loop. */
+                $at_file_end = true;
+                $read = self::readBytes(
+                    $inputHandle,
+                    $inputSize - $pos
+                );
+            } else {
+                $read = self::readBytes(
+                    $inputHandle,
+                    Core::BUFFER_BYTE_SIZE
+                );
+            }
+
+            /* Encrypt this buffer. */
+            /** @var string */
+            $encrypted = \openssl_encrypt(
+                $read,
+                Core::CIPHER_METHOD,
+                $ekey,
+                OPENSSL_RAW_DATA,
+                $thisIv
+            );
+
+            if (!\is_string($encrypted)) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'OpenSSL encryption error'
+                );
+            }
+
+            /* Write this buffer's ciphertext. */
+            self::writeBytes($outputHandle, $encrypted, Core::ourStrlen($encrypted));
+            /* Add this buffer's ciphertext to the HMAC. */
+            \hash_update($hmac, $encrypted);
+
+            /* Increment the counter by the number of blocks in a buffer. */
+            $thisIv = Core::incrementCounter($thisIv, $inc);
+            /* WARNING: Usually, unless the file is a multiple of the buffer
+             * size, $thisIv will contain an incorrect value here on the last
+             * iteration of this loop. */
+        }
+
+        /* Get the HMAC and append it to the ciphertext. */
+        $final_mac = \hash_final($hmac, true);
+        self::writeBytes($outputHandle, $final_mac, Core::MAC_BYTE_SIZE);
+    }
+
+    /**
+     * Decrypts a file-backed resource with either a key or a password.
+     *
+     * @param resource      $inputHandle
+     * @param resource      $outputHandle
+     * @param KeyOrPassword $secret
+     * @return void
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\IOException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     */
+    public static function decryptResourceInternal($inputHandle, $outputHandle, KeyOrPassword $secret)
+    {
+        if (! \is_resource($inputHandle)) {
+            throw new Ex\IOException(
+                'Input handle must be a resource!'
+            );
+        }
+        if (! \is_resource($outputHandle)) {
+            throw new Ex\IOException(
+                'Output handle must be a resource!'
+            );
+        }
+
+        /* Make sure the file is big enough for all the reads we need to do. */
+        $stat = \fstat($inputHandle);
+        if ($stat['size'] < Core::MINIMUM_CIPHERTEXT_SIZE) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Input file is too small to have been created by this library.'
+            );
+        }
+
+        /* Check the version header. */
+        $header = self::readBytes($inputHandle, Core::HEADER_VERSION_SIZE);
+        if ($header !== Core::CURRENT_VERSION) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Bad version header.'
+            );
+        }
+
+        /* Get the salt. */
+        $file_salt = self::readBytes($inputHandle, Core::SALT_BYTE_SIZE);
+
+        /* Get the IV. */
+        $ivsize = Core::BLOCK_BYTE_SIZE;
+        $iv     = self::readBytes($inputHandle, $ivsize);
+
+        /* Derive the authentication and encryption keys. */
+        $keys = $secret->deriveKeys($file_salt);
+        $ekey = $keys->getEncryptionKey();
+        $akey = $keys->getAuthenticationKey();
+
+        /* We'll store the MAC of each buffer-sized chunk as we verify the
+         * actual MAC, so that we can check them again when decrypting. */
+        $macs = [];
+
+        /* $thisIv will be incremented after each call to the decryption. */
+        $thisIv = $iv;
+
+        /* How many blocks do we encrypt at a time? We increment by this value. */
+        $inc = (int) (Core::BUFFER_BYTE_SIZE / Core::BLOCK_BYTE_SIZE);
+
+        /* Get the HMAC. */
+        if (\fseek($inputHandle, (-1 * Core::MAC_BYTE_SIZE), SEEK_END) === false) {
+            throw new Ex\IOException(
+                'Cannot seek to beginning of MAC within input file'
+            );
+        }
+
+        /* Get the position of the last byte in the actual ciphertext. */
+        /** @var int $cipher_end */
+        $cipher_end = \ftell($inputHandle);
+        if (!\is_int($cipher_end)) {
+            throw new Ex\IOException(
+                'Cannot read input file'
+            );
+        }
+        /* We have the position of the first byte of the HMAC. Go back by one. */
+        --$cipher_end;
+
+        /* Read the HMAC. */
+        /** @var string $stored_mac */
+        $stored_mac = self::readBytes($inputHandle, Core::MAC_BYTE_SIZE);
+
+        /* Initialize a streaming HMAC state. */
+        /** @var resource $hmac */
+        $hmac = \hash_init(Core::HASH_FUNCTION_NAME, HASH_HMAC, $akey);
+        if (!\is_resource($hmac)) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Cannot initialize a hash context'
+            );
+        }
+
+        /* Reset file pointer to the beginning of the file after the header */
+        if (\fseek($inputHandle, Core::HEADER_VERSION_SIZE, SEEK_SET) === false) {
+            throw new Ex\IOException(
+                'Cannot read seek within input file'
+            );
+        }
+
+        /* Seek to the start of the actual ciphertext. */
+        if (\fseek($inputHandle, Core::SALT_BYTE_SIZE + $ivsize, SEEK_CUR) === false) {
+            throw new Ex\IOException(
+                'Cannot seek input file to beginning of ciphertext'
+            );
+        }
+
+        /* PASS #1: Calculating the HMAC. */
+
+        \hash_update($hmac, $header);
+        \hash_update($hmac, $file_salt);
+        \hash_update($hmac, $iv);
+        /** @var resource $hmac2 */
+        $hmac2 = \hash_copy($hmac);
+
+        $break = false;
+        while (! $break) {
+            /** @var int $pos */
+            $pos = \ftell($inputHandle);
+            if (!\is_int($pos)) {
+                throw new Ex\IOException(
+                    'Could not get current position in input file during decryption'
+                );
+            }
+
+            /* Read the next buffer-sized chunk (or less). */
+            if ($pos + Core::BUFFER_BYTE_SIZE >= $cipher_end) {
+                $break = true;
+                $read  = self::readBytes(
+                    $inputHandle,
+                    $cipher_end - $pos + 1
+                );
+            } else {
+                $read = self::readBytes(
+                    $inputHandle,
+                    Core::BUFFER_BYTE_SIZE
+                );
+            }
+
+            /* Update the HMAC. */
+            \hash_update($hmac, $read);
+
+            /* Remember this buffer-sized chunk's HMAC. */
+            /** @var resource $chunk_mac */
+            $chunk_mac = \hash_copy($hmac);
+            if (!\is_resource($chunk_mac)) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'Cannot duplicate a hash context'
+                );
+            }
+            $macs []= \hash_final($chunk_mac);
+        }
+
+        /* Get the final HMAC, which should match the stored one. */
+        /** @var string $final_mac */
+        $final_mac = \hash_final($hmac, true);
+
+        /* Verify the HMAC. */
+        if (! Core::hashEquals($final_mac, $stored_mac)) {
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                'Integrity check failed.'
+            );
+        }
+
+        /* PASS #2: Decrypt and write output. */
+
+        /* Rewind to the start of the actual ciphertext. */
+        if (\fseek($inputHandle, Core::SALT_BYTE_SIZE + $ivsize + Core::HEADER_VERSION_SIZE, SEEK_SET) === false) {
+            throw new Ex\IOException(
+                'Could not move the input file pointer during decryption'
+            );
+        }
+
+        $at_file_end = false;
+        while (! $at_file_end) {
+            /** @var int $pos */
+            $pos = \ftell($inputHandle);
+            if (!\is_int($pos)) {
+                throw new Ex\IOException(
+                    'Could not get current position in input file during decryption'
+                );
+            }
+
+            /* Read the next buffer-sized chunk (or less). */
+            if ($pos + Core::BUFFER_BYTE_SIZE >= $cipher_end) {
+                $at_file_end = true;
+                $read   = self::readBytes(
+                    $inputHandle,
+                    $cipher_end - $pos + 1
+                );
+            } else {
+                $read = self::readBytes(
+                    $inputHandle,
+                    Core::BUFFER_BYTE_SIZE
+                );
+            }
+
+            /* Recalculate the MAC (so far) and compare it with the one we
+             * remembered from pass #1 to ensure attackers didn't change the
+             * ciphertext after MAC verification. */
+            \hash_update($hmac2, $read);
+            /** @var resource $calc_mac */
+            $calc_mac = \hash_copy($hmac2);
+            if (!\is_resource($calc_mac)) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'Cannot duplicate a hash context'
+                );
+            }
+            $calc = \hash_final($calc_mac);
+
+            if (empty($macs)) {
+                throw new Ex\WrongKeyOrModifiedCiphertextException(
+                    'File was modified after MAC verification'
+                );
+            } elseif (! Core::hashEquals(\array_shift($macs), $calc)) {
+                throw new Ex\WrongKeyOrModifiedCiphertextException(
+                    'File was modified after MAC verification'
+                );
+            }
+
+            /* Decrypt this buffer-sized chunk. */
+            /** @var string $decrypted */
+            $decrypted = \openssl_decrypt(
+                $read,
+                Core::CIPHER_METHOD,
+                $ekey,
+                OPENSSL_RAW_DATA,
+                $thisIv
+            );
+            if (!\is_string($decrypted)) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'OpenSSL decryption error'
+                );
+            }
+
+            /* Write the plaintext to the output file. */
+            self::writeBytes(
+                $outputHandle,
+                $decrypted,
+                Core::ourStrlen($decrypted)
+            );
+
+            /* Increment the IV by the amount of blocks in a buffer. */
+            /** @var string $thisIv */
+            $thisIv = Core::incrementCounter($thisIv, $inc);
+            /* WARNING: Usually, unless the file is a multiple of the buffer
+             * size, $thisIv will contain an incorrect value here on the last
+             * iteration of this loop. */
+        }
+    }
+
+    /**
+     * Read from a stream; prevent partial reads.
+     *
+     * @param resource $stream
+     * @param int      $num_bytes
+     * @return string
+     *
+     * @throws Ex\IOException
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public static function readBytes($stream, $num_bytes)
+    {
+        if ($num_bytes < 0) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Tried to read less than 0 bytes'
+            );
+        } elseif ($num_bytes === 0) {
+            return '';
+        }
+        $buf       = '';
+        $remaining = $num_bytes;
+        while ($remaining > 0 && ! \feof($stream)) {
+            /** @var string $read */
+            $read = \fread($stream, $remaining);
+            if (!\is_string($read)) {
+                throw new Ex\IOException(
+                    'Could not read from the file'
+                );
+            }
+            $buf .= $read;
+            $remaining -= Core::ourStrlen($read);
+        }
+        if (Core::ourStrlen($buf) !== $num_bytes) {
+            throw new Ex\IOException(
+                'Tried to read past the end of the file'
+            );
+        }
+        return $buf;
+    }
+
+    /**
+     * Write to a stream; prevents partial writes.
+     *
+     * @param resource $stream
+     * @param string   $buf
+     * @param int      $num_bytes
+     * @return int
+     *
+     * @throws Ex\IOException
+     *
+     * @return string
+     */
+    public static function writeBytes($stream, $buf, $num_bytes = null)
+    {
+        $bufSize = Core::ourStrlen($buf);
+        if ($num_bytes === null) {
+            $num_bytes = $bufSize;
+        }
+        if ($num_bytes > $bufSize) {
+            throw new Ex\IOException(
+                'Trying to write more bytes than the buffer contains.'
+            );
+        }
+        if ($num_bytes < 0) {
+            throw new Ex\IOException(
+                'Tried to write less than 0 bytes'
+            );
+        }
+        $remaining = $num_bytes;
+        while ($remaining > 0) {
+            /** @var int $written */
+            $written = \fwrite($stream, $buf, $remaining);
+            if (!\is_int($written)) {
+                throw new Ex\IOException(
+                    'Could not write to the file'
+                );
+            }
+            $buf = (string) Core::ourSubstr($buf, $written, null);
+            $remaining -= $written;
+        }
+        return $num_bytes;
+    }
+
+    /**
+     * Returns the last PHP error's or warning's message string.
+     *
+     * @return string
+     */
+    private static function getLastErrorMessage()
+    {
+        $error = error_get_last();
+        if ($error === null) {
+            return '[no PHP error]';
+        } else {
+            return $error['message'];
+        }
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/Key.php b/vendor/defuse/php-encryption/src/Key.php
new file mode 100644
index 0000000000..fe4bf7d542
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/Key.php
@@ -0,0 +1,95 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class Key
+{
+    const KEY_CURRENT_VERSION = "\xDE\xF0\x00\x00";
+    const KEY_BYTE_SIZE       = 32;
+
+    /**
+     * @var string
+     */
+    private $key_bytes;
+
+    /**
+     * Creates new random key.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return Key
+     */
+    public static function createNewRandomKey()
+    {
+        return new Key(Core::secureRandom(self::KEY_BYTE_SIZE));
+    }
+
+    /**
+     * Loads a Key from its encoded form.
+     *
+     * By default, this function will call Encoding::trimTrailingWhitespace()
+     * to remove trailing CR, LF, NUL, TAB, and SPACE characters, which are
+     * commonly appended to files when working with text editors.
+     *
+     * @param string $saved_key_string
+     * @param bool $do_not_trim (default: false)
+     *
+     * @throws Ex\BadFormatException
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return Key
+     */
+    public static function loadFromAsciiSafeString($saved_key_string, $do_not_trim = false)
+    {
+        if (!$do_not_trim) {
+            $saved_key_string = Encoding::trimTrailingWhitespace($saved_key_string);
+        }
+        $key_bytes = Encoding::loadBytesFromChecksummedAsciiSafeString(self::KEY_CURRENT_VERSION, $saved_key_string);
+        return new Key($key_bytes);
+    }
+
+    /**
+     * Encodes the Key into a string of printable ASCII characters.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public function saveToAsciiSafeString()
+    {
+        return Encoding::saveBytesToChecksummedAsciiSafeString(
+            self::KEY_CURRENT_VERSION,
+            $this->key_bytes
+        );
+    }
+
+    /**
+     * Gets the raw bytes of the key.
+     *
+     * @return string
+     */
+    public function getRawBytes()
+    {
+        return $this->key_bytes;
+    }
+
+    /**
+     * Constructs a new Key object from a string of raw bytes.
+     *
+     * @param string $bytes
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     */
+    private function __construct($bytes)
+    {
+        if (Core::ourStrlen($bytes) !== self::KEY_BYTE_SIZE) {
+            throw new Ex\EnvironmentIsBrokenException(
+                'Bad key length.'
+            );
+        }
+        $this->key_bytes = $bytes;
+    }
+
+}
diff --git a/vendor/defuse/php-encryption/src/KeyOrPassword.php b/vendor/defuse/php-encryption/src/KeyOrPassword.php
new file mode 100644
index 0000000000..4a810d3f62
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/KeyOrPassword.php
@@ -0,0 +1,133 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class KeyOrPassword
+{
+    const PBKDF2_ITERATIONS    = 100000;
+    const SECRET_TYPE_KEY      = 1;
+    const SECRET_TYPE_PASSWORD = 2;
+
+    /**
+     * @var int
+     */
+    private $secret_type = 0;
+
+    /**
+     * @var Key|string
+     */
+    private $secret;
+
+    /**
+     * Initializes an instance of KeyOrPassword from a key.
+     *
+     * @param Key $key
+     *
+     * @return KeyOrPassword
+     */
+    public static function createFromKey(Key $key)
+    {
+        return new KeyOrPassword(self::SECRET_TYPE_KEY, $key);
+    }
+
+    /**
+     * Initializes an instance of KeyOrPassword from a password.
+     *
+     * @param string $password
+     *
+     * @return KeyOrPassword
+     */
+    public static function createFromPassword($password)
+    {
+        return new KeyOrPassword(self::SECRET_TYPE_PASSWORD, $password);
+    }
+
+    /**
+     * Derives authentication and encryption keys from the secret, using a slow
+     * key derivation function if the secret is a password.
+     *
+     * @param string $salt
+     *
+     * @throws Ex\CryptoException
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return DerivedKeys
+     */
+    public function deriveKeys($salt)
+    {
+        if (Core::ourStrlen($salt) !== Core::SALT_BYTE_SIZE) {
+            throw new Ex\EnvironmentIsBrokenException('Bad salt.');
+        }
+
+        if ($this->secret_type === self::SECRET_TYPE_KEY) {
+            if (!($this->secret instanceof Key)) {
+                throw new Ex\CryptoException('Expected a Key object');
+            }
+            $akey = Core::HKDF(
+                Core::HASH_FUNCTION_NAME,
+                $this->secret->getRawBytes(),
+                Core::KEY_BYTE_SIZE,
+                Core::AUTHENTICATION_INFO_STRING,
+                $salt
+            );
+            $ekey = Core::HKDF(
+                Core::HASH_FUNCTION_NAME,
+                $this->secret->getRawBytes(),
+                Core::KEY_BYTE_SIZE,
+                Core::ENCRYPTION_INFO_STRING,
+                $salt
+            );
+            return new DerivedKeys($akey, $ekey);
+        } elseif ($this->secret_type === self::SECRET_TYPE_PASSWORD) {
+            if (!\is_string($this->secret)) {
+                throw new Ex\CryptoException('Expected a string');
+            }
+            /* Our PBKDF2 polyfill is vulnerable to a DoS attack documented in
+             * GitHub issue #230. The fix is to pre-hash the password to ensure
+             * it is short. We do the prehashing here instead of in pbkdf2() so
+             * that pbkdf2() still computes the function as defined by the
+             * standard. */
+            $prehash = \hash(Core::HASH_FUNCTION_NAME, $this->secret, true);
+            $prekey = Core::pbkdf2(
+                Core::HASH_FUNCTION_NAME,
+                $prehash,
+                $salt,
+                self::PBKDF2_ITERATIONS,
+                Core::KEY_BYTE_SIZE,
+                true
+            );
+            $akey = Core::HKDF(
+                Core::HASH_FUNCTION_NAME,
+                $prekey,
+                Core::KEY_BYTE_SIZE,
+                Core::AUTHENTICATION_INFO_STRING,
+                $salt
+            );
+            /* Note the cryptographic re-use of $salt here. */
+            $ekey = Core::HKDF(
+                Core::HASH_FUNCTION_NAME,
+                $prekey,
+                Core::KEY_BYTE_SIZE,
+                Core::ENCRYPTION_INFO_STRING,
+                $salt
+            );
+            return new DerivedKeys($akey, $ekey);
+        } else {
+            throw new Ex\EnvironmentIsBrokenException('Bad secret type.');
+        }
+    }
+
+    /**
+     * Constructor for KeyOrPassword.
+     *
+     * @param int   $secret_type
+     * @param mixed $secret      (either a Key or a password string)
+     */
+    private function __construct($secret_type, $secret)
+    {
+        $this->secret_type = $secret_type;
+        $this->secret = $secret;
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php b/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php
new file mode 100644
index 0000000000..9d32e76295
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/KeyProtectedByPassword.php
@@ -0,0 +1,115 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+final class KeyProtectedByPassword
+{
+    const PASSWORD_KEY_CURRENT_VERSION = "\xDE\xF1\x00\x00";
+
+    /**
+     * @var string
+     */
+    private $encrypted_key = '';
+
+    /**
+     * Creates a random key protected by the provided password.
+     *
+     * @param string $password
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return KeyProtectedByPassword
+     */
+    public static function createRandomPasswordProtectedKey($password)
+    {
+        $inner_key = Key::createNewRandomKey();
+        /* The password is hashed as a form of poor-man's domain separation
+         * between this use of encryptWithPassword() and other uses of
+         * encryptWithPassword() that the user may also be using as part of the
+         * same protocol. */
+        $encrypted_key = Crypto::encryptWithPassword(
+            $inner_key->saveToAsciiSafeString(),
+            \hash(Core::HASH_FUNCTION_NAME, $password, true),
+            true
+        );
+
+        return new KeyProtectedByPassword($encrypted_key);
+    }
+
+    /**
+     * Loads a KeyProtectedByPassword from its encoded form.
+     *
+     * @param string $saved_key_string
+     *
+     * @throws Ex\BadFormatException
+     *
+     * @return KeyProtectedByPassword
+     */
+    public static function loadFromAsciiSafeString($saved_key_string)
+    {
+        $encrypted_key = Encoding::loadBytesFromChecksummedAsciiSafeString(
+            self::PASSWORD_KEY_CURRENT_VERSION,
+            $saved_key_string
+        );
+        return new KeyProtectedByPassword($encrypted_key);
+    }
+
+    /**
+     * Encodes the KeyProtectedByPassword into a string of printable ASCII
+     * characters.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     *
+     * @return string
+     */
+    public function saveToAsciiSafeString()
+    {
+        return Encoding::saveBytesToChecksummedAsciiSafeString(
+            self::PASSWORD_KEY_CURRENT_VERSION,
+            $this->encrypted_key
+        );
+    }
+
+    /**
+     * Decrypts the protected key, returning an unprotected Key object that can
+     * be used for encryption and decryption.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @throws Ex\WrongKeyOrModifiedCiphertextException
+     *
+     * @return Key
+     */
+    public function unlockKey($password)
+    {
+        try {
+            $inner_key_encoded = Crypto::decryptWithPassword(
+                $this->encrypted_key,
+                \hash(Core::HASH_FUNCTION_NAME, $password, true),
+                true
+            );
+            return Key::loadFromAsciiSafeString($inner_key_encoded);
+        } catch (Ex\BadFormatException $ex) {
+            /* This should never happen unless an attacker replaced the
+             * encrypted key ciphertext with some other ciphertext that was
+             * encrypted with the same password. We transform the exception type
+             * here in order to make the API simpler, avoiding the need to
+             * document that this method might throw an Ex\BadFormatException. */
+            throw new Ex\WrongKeyOrModifiedCiphertextException(
+                "The decrypted key was found to be in an invalid format. " .
+                "This very likely indicates it was modified by an attacker."
+            );
+        }
+    }
+
+    /**
+     * Constructor for KeyProtectedByPassword.
+     *
+     * @param string $encrypted_key
+     */
+    private function __construct($encrypted_key)
+    {
+        $this->encrypted_key = $encrypted_key;
+    }
+}
diff --git a/vendor/defuse/php-encryption/src/RuntimeTests.php b/vendor/defuse/php-encryption/src/RuntimeTests.php
new file mode 100644
index 0000000000..9f00a97a1f
--- /dev/null
+++ b/vendor/defuse/php-encryption/src/RuntimeTests.php
@@ -0,0 +1,247 @@
+<?php
+
+namespace Defuse\Crypto;
+
+use Defuse\Crypto\Exception as Ex;
+
+/*
+ * We're using static class inheritance to get access to protected methods
+ * inside Crypto. To make it easy to know where the method we're calling can be
+ * found, within this file, prefix calls with `Crypto::` or `RuntimeTests::`,
+ * and don't use `self::`.
+ */
+
+class RuntimeTests extends Crypto
+{
+    /**
+     * Runs the runtime tests.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @return void
+     */
+    public static function runtimeTest()
+    {
+        // 0: Tests haven't been run yet.
+        // 1: Tests have passed.
+        // 2: Tests are running right now.
+        // 3: Tests have failed.
+        static $test_state = 0;
+
+        if ($test_state === 1 || $test_state === 2) {
+            return;
+        }
+
+        if ($test_state === 3) {
+            /* If an intermittent problem caused a test to fail previously, we
+             * want that to be indicated to the user with every call to this
+             * library. This way, if the user first does something they really
+             * don't care about, and just ignores all exceptions, they won't get
+             * screwed when they then start to use the library for something
+             * they do care about. */
+            throw new Ex\EnvironmentIsBrokenException('Tests failed previously.');
+        }
+
+        try {
+            $test_state = 2;
+
+            Core::ensureFunctionExists('openssl_get_cipher_methods');
+            if (\in_array(Core::CIPHER_METHOD, \openssl_get_cipher_methods()) === false) {
+                throw new Ex\EnvironmentIsBrokenException(
+                    'Cipher method not supported. This is normally caused by an outdated ' .
+                    'version of OpenSSL (and/or OpenSSL compiled for FIPS compliance). ' .
+                    'Please upgrade to a newer version of OpenSSL that supports ' .
+                    Core::CIPHER_METHOD . ' to use this library.'
+                );
+            }
+
+            RuntimeTests::AESTestVector();
+            RuntimeTests::HMACTestVector();
+            RuntimeTests::HKDFTestVector();
+
+            RuntimeTests::testEncryptDecrypt();
+            if (Core::ourStrlen(Key::createNewRandomKey()->getRawBytes()) != Core::KEY_BYTE_SIZE) {
+                throw new Ex\EnvironmentIsBrokenException();
+            }
+
+            if (Core::ENCRYPTION_INFO_STRING == Core::AUTHENTICATION_INFO_STRING) {
+                throw new Ex\EnvironmentIsBrokenException();
+            }
+        } catch (Ex\EnvironmentIsBrokenException $ex) {
+            // Do this, otherwise it will stay in the "tests are running" state.
+            $test_state = 3;
+            throw $ex;
+        }
+
+        // Change this to '0' make the tests always re-run (for benchmarking).
+        $test_state = 1;
+    }
+
+    /**
+     * High-level tests of Crypto operations.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @return void
+     */
+    private static function testEncryptDecrypt()
+    {
+        $key  = Key::createNewRandomKey();
+        $data = "EnCrYpT EvErYThInG\x00\x00";
+
+        // Make sure encrypting then decrypting doesn't change the message.
+        $ciphertext = Crypto::encrypt($data, $key, true);
+        try {
+            $decrypted = Crypto::decrypt($ciphertext, $key, true);
+        } catch (Ex\WrongKeyOrModifiedCiphertextException $ex) {
+            // It's important to catch this and change it into a
+            // Ex\EnvironmentIsBrokenException, otherwise a test failure could trick
+            // the user into thinking it's just an invalid ciphertext!
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+        if ($decrypted !== $data) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Modifying the ciphertext: Appending a string.
+        try {
+            Crypto::decrypt($ciphertext . 'a', $key, true);
+            throw new Ex\EnvironmentIsBrokenException();
+        } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */
+        }
+
+        // Modifying the ciphertext: Changing an HMAC byte.
+        $indices_to_change = [
+            0, // The header.
+            Core::HEADER_VERSION_SIZE + 1, // the salt
+            Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + 1, // the IV
+            Core::HEADER_VERSION_SIZE + Core::SALT_BYTE_SIZE + Core::BLOCK_BYTE_SIZE + 1, // the ciphertext
+        ];
+
+        foreach ($indices_to_change as $index) {
+            try {
+                $ciphertext[$index] = \chr((\ord($ciphertext[$index]) + 1) % 256);
+                Crypto::decrypt($ciphertext, $key, true);
+                throw new Ex\EnvironmentIsBrokenException();
+            } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */
+            }
+        }
+
+        // Decrypting with the wrong key.
+        $key        = Key::createNewRandomKey();
+        $data       = 'abcdef';
+        $ciphertext = Crypto::encrypt($data, $key, true);
+        $wrong_key  = Key::createNewRandomKey();
+        try {
+            Crypto::decrypt($ciphertext, $wrong_key, true);
+            throw new Ex\EnvironmentIsBrokenException();
+        } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */
+        }
+
+        // Ciphertext too small.
+        $key        = Key::createNewRandomKey();
+        $ciphertext = \str_repeat('A', Core::MINIMUM_CIPHERTEXT_SIZE - 1);
+        try {
+            Crypto::decrypt($ciphertext, $key, true);
+            throw new Ex\EnvironmentIsBrokenException();
+        } catch (Ex\WrongKeyOrModifiedCiphertextException $e) { /* expected */
+        }
+    }
+
+    /**
+     * Test HKDF against test vectors.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @return void
+     */
+    private static function HKDFTestVector()
+    {
+        // HKDF test vectors from RFC 5869
+
+        // Test Case 1
+        $ikm    = \str_repeat("\x0b", 22);
+        $salt   = Encoding::hexToBin('000102030405060708090a0b0c');
+        $info   = Encoding::hexToBin('f0f1f2f3f4f5f6f7f8f9');
+        $length = 42;
+        $okm    = Encoding::hexToBin(
+            '3cb25f25faacd57a90434f64d0362f2a' .
+            '2d2d0a90cf1a5a4c5db02d56ecc4c5bf' .
+            '34007208d5b887185865'
+        );
+        $computed_okm = Core::HKDF('sha256', $ikm, $length, $info, $salt);
+        if ($computed_okm !== $okm) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        // Test Case 7
+        $ikm    = \str_repeat("\x0c", 22);
+        $length = 42;
+        $okm    = Encoding::hexToBin(
+            '2c91117204d745f3500d636a62f64f0a' .
+            'b3bae548aa53d423b0d1f27ebba6f5e5' .
+            '673a081d70cce7acfc48'
+        );
+        $computed_okm = Core::HKDF('sha1', $ikm, $length, '', null);
+        if ($computed_okm !== $okm) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+    }
+
+    /**
+     * Test HMAC against test vectors.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @return void
+     */
+    private static function HMACTestVector()
+    {
+        // HMAC test vector From RFC 4231 (Test Case 1)
+        $key     = \str_repeat("\x0b", 20);
+        $data    = 'Hi There';
+        $correct = 'b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7';
+        if (\hash_hmac(Core::HASH_FUNCTION_NAME, $data, $key) !== $correct) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+    }
+
+    /**
+     * Test AES against test vectors.
+     *
+     * @throws Ex\EnvironmentIsBrokenException
+     * @return void
+     */
+    private static function AESTestVector()
+    {
+        // AES CTR mode test vector from NIST SP 800-38A
+        $key = Encoding::hexToBin(
+            '603deb1015ca71be2b73aef0857d7781' .
+            '1f352c073b6108d72d9810a30914dff4'
+        );
+        $iv        = Encoding::hexToBin('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff');
+        $plaintext = Encoding::hexToBin(
+            '6bc1bee22e409f96e93d7e117393172a' .
+            'ae2d8a571e03ac9c9eb76fac45af8e51' .
+            '30c81c46a35ce411e5fbc1191a0a52ef' .
+            'f69f2445df4f9b17ad2b417be66c3710'
+        );
+        $ciphertext = Encoding::hexToBin(
+            '601ec313775789a5b7a7f504bbf3d228' .
+            'f443e3ca4d62b59aca84e990cacaf5c5' .
+            '2b0930daa23de94ce87017ba2d84988d' .
+            'dfc9c58db67aada613c2dd08457941a6'
+        );
+
+        $computed_ciphertext = Crypto::plainEncrypt($plaintext, $key, $iv);
+        if ($computed_ciphertext !== $ciphertext) {
+            echo \str_repeat("\n", 30);
+            echo \bin2hex($computed_ciphertext);
+            echo "\n---\n";
+            echo \bin2hex($ciphertext);
+            echo \str_repeat("\n", 30);
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+
+        $computed_plaintext = Crypto::plainDecrypt($ciphertext, $key, $iv, Core::CIPHER_METHOD);
+        if ($computed_plaintext !== $plaintext) {
+            throw new Ex\EnvironmentIsBrokenException();
+        }
+    }
+}
diff --git a/vendor/paragonie/random_compat/LICENSE b/vendor/paragonie/random_compat/LICENSE
new file mode 100644
index 0000000000..45c7017dfb
--- /dev/null
+++ b/vendor/paragonie/random_compat/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Paragon Initiative Enterprises
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/paragonie/random_compat/build-phar.sh b/vendor/paragonie/random_compat/build-phar.sh
new file mode 100644
index 0000000000..b4a5ba31cc
--- /dev/null
+++ b/vendor/paragonie/random_compat/build-phar.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+basedir=$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )
+
+php -dphar.readonly=0 "$basedir/other/build_phar.php" $*
\ No newline at end of file
diff --git a/vendor/paragonie/random_compat/composer.json b/vendor/paragonie/random_compat/composer.json
new file mode 100644
index 0000000000..1c5978c6fb
--- /dev/null
+++ b/vendor/paragonie/random_compat/composer.json
@@ -0,0 +1,37 @@
+{
+  "name":         "paragonie/random_compat",
+  "description":  "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+  "keywords": [
+    "csprng",
+    "random",
+    "pseudorandom"
+  ],
+  "license":      "MIT",
+  "type":         "library",
+  "authors": [
+    {
+      "name":     "Paragon Initiative Enterprises",
+      "email":    "security@paragonie.com",
+      "homepage": "https://paragonie.com"
+    }
+  ],
+  "support": {
+    "issues":     "https://github.com/paragonie/random_compat/issues",
+    "email":      "info@paragonie.com",
+    "source":     "https://github.com/paragonie/random_compat"
+  },
+  "require": {
+    "php": ">=5.2.0"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "4.*|5.*"
+  },
+  "suggest": {
+    "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+  },
+  "autoload": {
+    "files": [
+      "lib/random.php"
+    ]
+  }
+}
diff --git a/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
new file mode 100644
index 0000000000..eb50ebfcd6
--- /dev/null
+++ b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm
+pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p
++h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc
+-----END PUBLIC KEY-----
diff --git a/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
new file mode 100644
index 0000000000..6a1d7f3006
--- /dev/null
+++ b/vendor/paragonie/random_compat/dist/random_compat.phar.pubkey.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (MingW32)
+
+iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip
+QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg
+1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW
+NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA
+NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV
+JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74=
+=B6+8
+-----END PGP SIGNATURE-----
diff --git a/vendor/paragonie/random_compat/lib/byte_safe_strings.php b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
new file mode 100644
index 0000000000..3de86b223c
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
@@ -0,0 +1,181 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('RandomCompat_strlen')) {
+    if (
+        defined('MB_OVERLOAD_STRING') &&
+        ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+    ) {
+        /**
+         * strlen() implementation that isn't brittle to mbstring.func_overload
+         *
+         * This version uses mb_strlen() in '8bit' mode to treat strings as raw
+         * binary rather than UTF-8, ISO-8859-1, etc
+         *
+         * @param string $binary_string
+         *
+         * @throws TypeError
+         *
+         * @return int
+         */
+        function RandomCompat_strlen($binary_string)
+        {
+            if (!is_string($binary_string)) {
+                throw new TypeError(
+                    'RandomCompat_strlen() expects a string'
+                );
+            }
+
+            return (int) mb_strlen($binary_string, '8bit');
+        }
+
+    } else {
+        /**
+         * strlen() implementation that isn't brittle to mbstring.func_overload
+         *
+         * This version just used the default strlen()
+         *
+         * @param string $binary_string
+         *
+         * @throws TypeError
+         *
+         * @return int
+         */
+        function RandomCompat_strlen($binary_string)
+        {
+            if (!is_string($binary_string)) {
+                throw new TypeError(
+                    'RandomCompat_strlen() expects a string'
+                );
+            }
+            return (int) strlen($binary_string);
+        }
+    }
+}
+
+if (!is_callable('RandomCompat_substr')) {
+
+    if (
+        defined('MB_OVERLOAD_STRING')
+        &&
+        ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+    ) {
+        /**
+         * substr() implementation that isn't brittle to mbstring.func_overload
+         *
+         * This version uses mb_substr() in '8bit' mode to treat strings as raw
+         * binary rather than UTF-8, ISO-8859-1, etc
+         *
+         * @param string $binary_string
+         * @param int $start
+         * @param int $length (optional)
+         *
+         * @throws TypeError
+         *
+         * @return string
+         */
+        function RandomCompat_substr($binary_string, $start, $length = null)
+        {
+            if (!is_string($binary_string)) {
+                throw new TypeError(
+                    'RandomCompat_substr(): First argument should be a string'
+                );
+            }
+
+            if (!is_int($start)) {
+                throw new TypeError(
+                    'RandomCompat_substr(): Second argument should be an integer'
+                );
+            }
+
+            if ($length === null) {
+                /**
+                 * mb_substr($str, 0, NULL, '8bit') returns an empty string on
+                 * PHP 5.3, so we have to find the length ourselves.
+                 */
+                $length = RandomCompat_strlen($binary_string) - $start;
+            } elseif (!is_int($length)) {
+                throw new TypeError(
+                    'RandomCompat_substr(): Third argument should be an integer, or omitted'
+                );
+            }
+
+            // Consistency with PHP's behavior
+            if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
+                return '';
+            }
+            if ($start > RandomCompat_strlen($binary_string)) {
+                return '';
+            }
+
+            return (string) mb_substr($binary_string, $start, $length, '8bit');
+        }
+
+    } else {
+
+        /**
+         * substr() implementation that isn't brittle to mbstring.func_overload
+         *
+         * This version just uses the default substr()
+         *
+         * @param string $binary_string
+         * @param int $start
+         * @param int $length (optional)
+         *
+         * @throws TypeError
+         *
+         * @return string
+         */
+        function RandomCompat_substr($binary_string, $start, $length = null)
+        {
+            if (!is_string($binary_string)) {
+                throw new TypeError(
+                    'RandomCompat_substr(): First argument should be a string'
+                );
+            }
+
+            if (!is_int($start)) {
+                throw new TypeError(
+                    'RandomCompat_substr(): Second argument should be an integer'
+                );
+            }
+
+            if ($length !== null) {
+                if (!is_int($length)) {
+                    throw new TypeError(
+                        'RandomCompat_substr(): Third argument should be an integer, or omitted'
+                    );
+                }
+
+                return (string) substr($binary_string, $start, $length);
+            }
+
+            return (string) substr($binary_string, $start);
+        }
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/cast_to_int.php b/vendor/paragonie/random_compat/lib/cast_to_int.php
new file mode 100644
index 0000000000..9a4fab9919
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/cast_to_int.php
@@ -0,0 +1,75 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('RandomCompat_intval')) {
+    
+    /**
+     * Cast to an integer if we can, safely.
+     * 
+     * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+     * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+     * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats 
+     * lose precision, so the <= and => operators might accidentally let a float
+     * through.
+     * 
+     * @param int|float $number    The number we want to convert to an int
+     * @param bool      $fail_open Set to true to not throw an exception
+     * 
+     * @return float|int
+     * @psalm-suppress InvalidReturnType
+     *
+     * @throws TypeError
+     */
+    function RandomCompat_intval($number, $fail_open = false)
+    {
+        if (is_int($number) || is_float($number)) {
+            $number += 0;
+        } elseif (is_numeric($number)) {
+            $number += 0;
+        }
+
+        if (
+            is_float($number)
+            &&
+            $number > ~PHP_INT_MAX
+            &&
+            $number < PHP_INT_MAX
+        ) {
+            $number = (int) $number;
+        }
+
+        if (is_int($number)) {
+            return (int) $number;
+        } elseif (!$fail_open) {
+            throw new TypeError(
+                'Expected an integer.'
+            );
+        }
+        return $number;
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/error_polyfill.php b/vendor/paragonie/random_compat/lib/error_polyfill.php
new file mode 100644
index 0000000000..6a91990ce6
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/error_polyfill.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!class_exists('Error', false)) {
+    // We can't really avoid making this extend Exception in PHP 5.
+    class Error extends Exception
+    {
+        
+    }
+}
+
+if (!class_exists('TypeError', false)) {
+    if (is_subclass_of('Error', 'Exception')) {
+        class TypeError extends Error
+        {
+            
+        }
+    } else {
+        class TypeError extends Exception
+        {
+            
+        }
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/random.php b/vendor/paragonie/random_compat/lib/random.php
new file mode 100644
index 0000000000..df74c8a4b6
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random.php
@@ -0,0 +1,223 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * @version 2.0.10
+ * @released 2017-03-13
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('PHP_VERSION_ID')) {
+    // This constant was introduced in PHP 5.2.7
+    $RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
+    define(
+        'PHP_VERSION_ID',
+        $RandomCompatversion[0] * 10000
+        + $RandomCompatversion[1] * 100
+        + $RandomCompatversion[2]
+    );
+    $RandomCompatversion = null;
+}
+
+/**
+ * PHP 7.0.0 and newer have these functions natively.
+ */
+if (PHP_VERSION_ID >= 70000) {
+    return;
+}
+
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+    define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
+
+$RandomCompatDIR = dirname(__FILE__);
+
+require_once $RandomCompatDIR . '/byte_safe_strings.php';
+require_once $RandomCompatDIR . '/cast_to_int.php';
+require_once $RandomCompatDIR . '/error_polyfill.php';
+
+if (!is_callable('random_bytes')) {
+    /**
+     * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+     *
+     * We use conditional statements here to define the function in accordance
+     * to the operating environment. It's a micro-optimization.
+     *
+     * In order of preference:
+     *   1. Use libsodium if available.
+     *   2. fread() /dev/urandom if available (never on Windows)
+     *   3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
+     *   4. COM('CAPICOM.Utilities.1')->GetRandom()
+     *
+     * See RATIONALE.md for our reasoning behind this particular order
+     */
+    if (extension_loaded('libsodium')) {
+        // See random_bytes_libsodium.php
+        if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
+            require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
+        } elseif (method_exists('Sodium', 'randombytes_buf')) {
+            require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
+        }
+    }
+
+    /**
+     * Reading directly from /dev/urandom:
+     */
+    if (DIRECTORY_SEPARATOR === '/') {
+        // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+        // way to exclude Windows.
+        $RandomCompatUrandom = true;
+        $RandomCompat_basedir = ini_get('open_basedir');
+
+        if (!empty($RandomCompat_basedir)) {
+            $RandomCompat_open_basedir = explode(
+                PATH_SEPARATOR,
+                strtolower($RandomCompat_basedir)
+            );
+            $RandomCompatUrandom = (array() !== array_intersect(
+                array('/dev', '/dev/', '/dev/urandom'),
+                $RandomCompat_open_basedir
+            ));
+            $RandomCompat_open_basedir = null;
+        }
+
+        if (
+            !is_callable('random_bytes')
+            &&
+            $RandomCompatUrandom
+            &&
+            @is_readable('/dev/urandom')
+        ) {
+            // Error suppression on is_readable() in case of an open_basedir
+            // or safe_mode failure. All we care about is whether or not we
+            // can read it at this point. If the PHP environment is going to
+            // panic over trying to see if the file can be read in the first
+            // place, that is not helpful to us here.
+
+            // See random_bytes_dev_urandom.php
+            require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
+        }
+        // Unset variables after use
+        $RandomCompat_basedir = null;
+    } else {
+        $RandomCompatUrandom = false;
+    }
+
+    /**
+     * mcrypt_create_iv()
+     *
+     * We only want to use mcypt_create_iv() if:
+     *
+     * - random_bytes() hasn't already been defined
+     * - the mcrypt extensions is loaded
+     * - One of these two conditions is true:
+     *   - We're on Windows (DIRECTORY_SEPARATOR !== '/')
+     *   - We're not on Windows and /dev/urandom is readabale
+     *     (i.e. we're not in a chroot jail)
+     * - Special case:
+     *   - If we're not on Windows, but the PHP version is between
+     *     5.6.10 and 5.6.12, we don't want to use mcrypt. It will
+     *     hang indefinitely. This is bad.
+     *   - If we're on Windows, we want to use PHP >= 5.3.7 or else
+     *     we get insufficient entropy errors.
+     */
+    if (
+        !is_callable('random_bytes')
+        &&
+        // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
+        (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
+        &&
+        // Prevent this code from hanging indefinitely on non-Windows;
+        // see https://bugs.php.net/bug.php?id=69833
+        (
+            DIRECTORY_SEPARATOR !== '/' ||
+            (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
+        )
+        &&
+        extension_loaded('mcrypt')
+    ) {
+        // See random_bytes_mcrypt.php
+        require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
+    }
+    $RandomCompatUrandom = null;
+
+    /**
+     * This is a Windows-specific fallback, for when the mcrypt extension
+     * isn't loaded.
+     */
+    if (
+        !is_callable('random_bytes')
+        &&
+        extension_loaded('com_dotnet')
+        &&
+        class_exists('COM')
+    ) {
+        $RandomCompat_disabled_classes = preg_split(
+            '#\s*,\s*#',
+            strtolower(ini_get('disable_classes'))
+        );
+
+        if (!in_array('com', $RandomCompat_disabled_classes)) {
+            try {
+                $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+                if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+                    // See random_bytes_com_dotnet.php
+                    require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
+                }
+            } catch (com_exception $e) {
+                // Don't try to use it.
+            }
+        }
+        $RandomCompat_disabled_classes = null;
+        $RandomCompatCOMtest = null;
+    }
+
+    /**
+     * throw new Exception
+     */
+    if (!is_callable('random_bytes')) {
+        /**
+         * We don't have any more options, so let's throw an exception right now
+         * and hope the developer won't let it fail silently.
+         *
+         * @param mixed $length
+         * @return void
+         * @throws Exception
+         */
+        function random_bytes($length)
+        {
+            unset($length); // Suppress "variable not used" warnings.
+            throw new Exception(
+                'There is no suitable CSPRNG installed on your system'
+            );
+        }
+    }
+}
+
+if (!is_callable('random_int')) {
+    require_once $RandomCompatDIR . '/random_int.php';
+}
+
+$RandomCompatDIR = null;
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
new file mode 100644
index 0000000000..fc1926e5ca
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ * 
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('random_bytes')) {
+    /**
+     * Windows with PHP < 5.3.0 will not have the function
+     * openssl_random_pseudo_bytes() available, so let's use
+     * CAPICOM to work around this deficiency.
+     *
+     * @param int $bytes
+     *
+     * @throws Exception
+     *
+     * @return string
+     */
+    function random_bytes($bytes)
+    {
+        try {
+            $bytes = RandomCompat_intval($bytes);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_bytes(): $bytes must be an integer'
+            );
+        }
+
+        if ($bytes < 1) {
+            throw new Error(
+                'Length must be greater than 0'
+            );
+        }
+
+        $buf = '';
+        if (!class_exists('COM')) {
+            throw new Error(
+                'COM does not exist'
+            );
+        }
+        $util = new COM('CAPICOM.Utilities.1');
+        $execCount = 0;
+
+        /**
+         * Let's not let it loop forever. If we run N times and fail to
+         * get N bytes of random data, then CAPICOM has failed us.
+         */
+        do {
+            $buf .= base64_decode($util->GetRandom($bytes, 0));
+            if (RandomCompat_strlen($buf) >= $bytes) {
+                /**
+                 * Return our random entropy buffer here:
+                 */
+                return RandomCompat_substr($buf, 0, $bytes);
+            }
+            ++$execCount;
+        } while ($execCount < $bytes);
+
+        /**
+         * If we reach here, PHP has failed us.
+         */
+        throw new Exception(
+            'Could not gather sufficient random data'
+        );
+    }
+}
\ No newline at end of file
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
new file mode 100644
index 0000000000..df5b91524e
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
@@ -0,0 +1,167 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+    define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
+
+if (!is_callable('random_bytes')) {
+    /**
+     * Unless open_basedir is enabled, use /dev/urandom for
+     * random numbers in accordance with best practices
+     *
+     * Why we use /dev/urandom and not /dev/random
+     * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+     *
+     * @param int $bytes
+     *
+     * @throws Exception
+     *
+     * @return string
+     */
+    function random_bytes($bytes)
+    {
+        static $fp = null;
+        /**
+         * This block should only be run once
+         */
+        if (empty($fp)) {
+            /**
+             * We use /dev/urandom if it is a char device.
+             * We never fall back to /dev/random
+             */
+            $fp = fopen('/dev/urandom', 'rb');
+            if (!empty($fp)) {
+                $st = fstat($fp);
+                if (($st['mode'] & 0170000) !== 020000) {
+                    fclose($fp);
+                    $fp = false;
+                }
+            }
+
+            if (!empty($fp)) {
+                /**
+                 * stream_set_read_buffer() does not exist in HHVM
+                 *
+                 * If we don't set the stream's read buffer to 0, PHP will
+                 * internally buffer 8192 bytes, which can waste entropy
+                 *
+                 * stream_set_read_buffer returns 0 on success
+                 */
+                if (is_callable('stream_set_read_buffer')) {
+                    stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+                }
+                if (is_callable('stream_set_chunk_size')) {
+                    stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+                }
+            }
+        }
+
+        try {
+            $bytes = RandomCompat_intval($bytes);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_bytes(): $bytes must be an integer'
+            );
+        }
+
+        if ($bytes < 1) {
+            throw new Error(
+                'Length must be greater than 0'
+            );
+        }
+
+        /**
+         * This if() block only runs if we managed to open a file handle
+         *
+         * It does not belong in an else {} block, because the above
+         * if (empty($fp)) line is logic that should only be run once per
+         * page load.
+         */
+        if (!empty($fp)) {
+            /**
+             * @var int
+             */
+            $remaining = $bytes;
+
+            /**
+             * @var string|bool
+             */
+            $buf = '';
+
+            /**
+             * We use fread() in a loop to protect against partial reads
+             */
+            do {
+                /**
+                 * @var string|bool
+                 */
+                $read = fread($fp, $remaining);
+                if (!is_string($read)) {
+                    if ($read === false) {
+                        /**
+                         * We cannot safely read from the file. Exit the
+                         * do-while loop and trigger the exception condition
+                         *
+                         * @var string|bool
+                         */
+                        $buf = false;
+                        break;
+                    }
+                }
+                /**
+                 * Decrease the number of bytes returned from remaining
+                 */
+                $remaining -= RandomCompat_strlen($read);
+                /**
+                 * @var string|bool
+                 */
+                $buf = $buf . $read;
+            } while ($remaining > 0);
+
+            /**
+             * Is our result valid?
+             */
+            if (is_string($buf)) {
+                if (RandomCompat_strlen($buf) === $bytes) {
+                    /**
+                     * Return our random entropy buffer here:
+                     */
+                    return $buf;
+                }
+            }
+        }
+
+        /**
+         * If we reach here, PHP has failed us.
+         */
+        throw new Exception(
+            'Error reading from source device'
+        );
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
new file mode 100644
index 0000000000..4af1a24227
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('random_bytes')) {
+    /**
+     * If the libsodium PHP extension is loaded, we'll use it above any other
+     * solution.
+     *
+     * libsodium-php project:
+     * @ref https://github.com/jedisct1/libsodium-php
+     *
+     * @param int $bytes
+     *
+     * @throws Exception
+     *
+     * @return string
+     */
+    function random_bytes($bytes)
+    {
+        try {
+            $bytes = RandomCompat_intval($bytes);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_bytes(): $bytes must be an integer'
+            );
+        }
+
+        if ($bytes < 1) {
+            throw new Error(
+                'Length must be greater than 0'
+            );
+        }
+
+        /**
+         * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+         * generated in one invocation.
+         */
+        if ($bytes > 2147483647) {
+            $buf = '';
+            for ($i = 0; $i < $bytes; $i += 1073741824) {
+                $n = ($bytes - $i) > 1073741824
+                    ? 1073741824
+                    : $bytes - $i;
+                $buf .= \Sodium\randombytes_buf($n);
+            }
+        } else {
+            $buf = \Sodium\randombytes_buf($bytes);
+        }
+
+        if ($buf !== false) {
+            if (RandomCompat_strlen($buf) === $bytes) {
+                return $buf;
+            }
+        }
+
+        /**
+         * If we reach here, PHP has failed us.
+         */
+        throw new Exception(
+            'Could not gather sufficient random data'
+        );
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
new file mode 100644
index 0000000000..705af5262b
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('random_bytes')) {
+    /**
+     * If the libsodium PHP extension is loaded, we'll use it above any other
+     * solution.
+     *
+     * libsodium-php project:
+     * @ref https://github.com/jedisct1/libsodium-php
+     *
+     * @param int $bytes
+     *
+     * @throws Exception
+     *
+     * @return string
+     */
+    function random_bytes($bytes)
+    {
+        try {
+            $bytes = RandomCompat_intval($bytes);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_bytes(): $bytes must be an integer'
+            );
+        }
+
+        if ($bytes < 1) {
+            throw new Error(
+                'Length must be greater than 0'
+            );
+        }
+
+        /**
+         * @var string
+         */
+        $buf = '';
+
+        /**
+         * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+         * generated in one invocation.
+         */
+        if ($bytes > 2147483647) {
+            for ($i = 0; $i < $bytes; $i += 1073741824) {
+                $n = ($bytes - $i) > 1073741824
+                    ? 1073741824
+                    : $bytes - $i;
+                $buf .= Sodium::randombytes_buf((int) $n);
+            }
+        } else {
+            $buf .= Sodium::randombytes_buf((int) $bytes);
+        }
+
+        if (is_string($buf)) {
+            if (RandomCompat_strlen($buf) === $bytes) {
+                return $buf;
+            }
+        }
+
+        /**
+         * If we reach here, PHP has failed us.
+         */
+        throw new Exception(
+            'Could not gather sufficient random data'
+        );
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
new file mode 100644
index 0000000000..aac9c013d4
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * Random_* Compatibility Library 
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ * 
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!is_callable('random_bytes')) {
+    /**
+     * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
+     *
+     * @ref https://bugs.php.net/bug.php?id=55169
+     * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
+     *
+     * @param int $bytes
+     *
+     * @throws Exception
+     *
+     * @return string
+     */
+    function random_bytes($bytes)
+    {
+        try {
+            $bytes = RandomCompat_intval($bytes);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_bytes(): $bytes must be an integer'
+            );
+        }
+
+        if ($bytes < 1) {
+            throw new Error(
+                'Length must be greater than 0'
+            );
+        }
+
+        $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
+        if (
+            $buf !== false
+            &&
+            RandomCompat_strlen($buf) === $bytes
+        ) {
+            /**
+             * Return our random entropy buffer here:
+             */
+            return $buf;
+        }
+
+        /**
+         * If we reach here, PHP has failed us.
+         */
+        throw new Exception(
+            'Could not gather sufficient random data'
+        );
+    }
+}
diff --git a/vendor/paragonie/random_compat/lib/random_int.php b/vendor/paragonie/random_compat/lib/random_int.php
new file mode 100644
index 0000000000..5b2143a162
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_int.php
@@ -0,0 +1,190 @@
+<?php
+
+if (!is_callable('random_int')) {
+    /**
+     * Random_* Compatibility Library
+     * for using the new PHP 7 random_* API in PHP 5 projects
+     *
+     * The MIT License (MIT)
+     *
+     * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+     *
+     * Permission is hereby granted, free of charge, to any person obtaining a copy
+     * of this software and associated documentation files (the "Software"), to deal
+     * in the Software without restriction, including without limitation the rights
+     * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+     * copies of the Software, and to permit persons to whom the Software is
+     * furnished to do so, subject to the following conditions:
+     *
+     * The above copyright notice and this permission notice shall be included in
+     * all copies or substantial portions of the Software.
+     *
+     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+     * SOFTWARE.
+     */
+
+    /**
+     * Fetch a random integer between $min and $max inclusive
+     *
+     * @param int $min
+     * @param int $max
+     *
+     * @throws Exception
+     *
+     * @return int
+     */
+    function random_int($min, $max)
+    {
+        /**
+         * Type and input logic checks
+         *
+         * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+         * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+         * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+         * lose precision, so the <= and => operators might accidentally let a float
+         * through.
+         */
+
+        try {
+            $min = RandomCompat_intval($min);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_int(): $min must be an integer'
+            );
+        }
+
+        try {
+            $max = RandomCompat_intval($max);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_int(): $max must be an integer'
+            );
+        }
+
+        /**
+         * Now that we've verified our weak typing system has given us an integer,
+         * let's validate the logic then we can move forward with generating random
+         * integers along a given range.
+         */
+        if ($min > $max) {
+            throw new Error(
+                'Minimum value must be less than or equal to the maximum value'
+            );
+        }
+
+        if ($max === $min) {
+            return (int) $min;
+        }
+
+        /**
+         * Initialize variables to 0
+         *
+         * We want to store:
+         * $bytes => the number of random bytes we need
+         * $mask => an integer bitmask (for use with the &) operator
+         *          so we can minimize the number of discards
+         */
+        $attempts = $bits = $bytes = $mask = $valueShift = 0;
+
+        /**
+         * At this point, $range is a positive number greater than 0. It might
+         * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+         * a float and we will lose some precision.
+         */
+        $range = $max - $min;
+
+        /**
+         * Test for integer overflow:
+         */
+        if (!is_int($range)) {
+
+            /**
+             * Still safely calculate wider ranges.
+             * Provided by @CodesInChaos, @oittaa
+             *
+             * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+             *
+             * We use ~0 as a mask in this case because it generates all 1s
+             *
+             * @ref https://eval.in/400356 (32-bit)
+             * @ref http://3v4l.org/XX9r5  (64-bit)
+             */
+            $bytes = PHP_INT_SIZE;
+            $mask = ~0;
+
+        } else {
+
+            /**
+             * $bits is effectively ceil(log($range, 2)) without dealing with
+             * type juggling
+             */
+            while ($range > 0) {
+                if ($bits % 8 === 0) {
+                    ++$bytes;
+                }
+                ++$bits;
+                $range >>= 1;
+                $mask = $mask << 1 | 1;
+            }
+            $valueShift = $min;
+        }
+
+        $val = 0;
+        /**
+         * Now that we have our parameters set up, let's begin generating
+         * random integers until one falls between $min and $max
+         */
+        do {
+            /**
+             * The rejection probability is at most 0.5, so this corresponds
+             * to a failure probability of 2^-128 for a working RNG
+             */
+            if ($attempts > 128) {
+                throw new Exception(
+                    'random_int: RNG is broken - too many rejections'
+                );
+            }
+
+            /**
+             * Let's grab the necessary number of random bytes
+             */
+            $randomByteString = random_bytes($bytes);
+
+            /**
+             * Let's turn $randomByteString into an integer
+             *
+             * This uses bitwise operators (<< and |) to build an integer
+             * out of the values extracted from ord()
+             *
+             * Example: [9F] | [6D] | [32] | [0C] =>
+             *   159 + 27904 + 3276800 + 201326592 =>
+             *   204631455
+             */
+            $val &= 0;
+            for ($i = 0; $i < $bytes; ++$i) {
+                $val |= ord($randomByteString[$i]) << ($i * 8);
+            }
+
+            /**
+             * Apply mask
+             */
+            $val &= $mask;
+            $val += $valueShift;
+
+            ++$attempts;
+            /**
+             * If $val overflows to a floating point number,
+             * ... or is larger than $max,
+             * ... or smaller than $min,
+             * then try again.
+             */
+        } while (!is_int($val) || $val > $max || $val < $min);
+
+        return (int) $val;
+    }
+}
diff --git a/vendor/paragonie/random_compat/other/build_phar.php b/vendor/paragonie/random_compat/other/build_phar.php
new file mode 100644
index 0000000000..70ef4b2ed8
--- /dev/null
+++ b/vendor/paragonie/random_compat/other/build_phar.php
@@ -0,0 +1,57 @@
+<?php
+$dist = dirname(__DIR__).'/dist';
+if (!is_dir($dist)) {
+    mkdir($dist, 0755);
+}
+if (file_exists($dist.'/random_compat.phar')) {
+    unlink($dist.'/random_compat.phar');
+}
+$phar = new Phar(
+    $dist.'/random_compat.phar',
+    FilesystemIterator::CURRENT_AS_FILEINFO | \FilesystemIterator::KEY_AS_FILENAME,
+    'random_compat.phar'
+);
+rename(
+    dirname(__DIR__).'/lib/random.php', 
+    dirname(__DIR__).'/lib/index.php'
+);
+$phar->buildFromDirectory(dirname(__DIR__).'/lib');
+rename(
+    dirname(__DIR__).'/lib/index.php', 
+    dirname(__DIR__).'/lib/random.php'
+);
+
+/**
+ * If we pass an (optional) path to a private key as a second argument, we will
+ * sign the Phar with OpenSSL.
+ * 
+ * If you leave this out, it will produce an unsigned .phar!
+ */
+if ($argc > 1) {
+    if (!@is_readable($argv[1])) {
+        echo 'Could not read the private key file:', $argv[1], "\n";
+        exit(255);
+    }
+    $pkeyFile = file_get_contents($argv[1]);
+    
+    $private = openssl_get_privatekey($pkeyFile);
+    if ($private !== false) {
+        $pkey = '';
+        openssl_pkey_export($private, $pkey);
+        $phar->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+        
+        /**
+         * Save the corresponding public key to the file
+         */
+        if (!@is_readable($dist.'/random_compat.phar.pubkey')) {
+            $details = openssl_pkey_get_details($private);
+            file_put_contents(
+                $dist.'/random_compat.phar.pubkey',
+                $details['key']
+            );
+        }
+    } else {
+        echo 'An error occurred reading the private key from OpenSSL.', "\n";
+        exit(255);
+    }
+}
diff --git a/vendor/paragonie/random_compat/psalm-autoload.php b/vendor/paragonie/random_compat/psalm-autoload.php
new file mode 100644
index 0000000000..d71d1b818c
--- /dev/null
+++ b/vendor/paragonie/random_compat/psalm-autoload.php
@@ -0,0 +1,9 @@
+<?php
+
+require_once 'lib/byte_safe_strings.php';
+require_once 'lib/cast_to_int.php';
+require_once 'lib/error_polyfill.php';
+require_once 'other/ide_stubs/libsodium.php';
+require_once 'lib/random.php';
+
+$int = random_int(0, 65536);
diff --git a/vendor/paragonie/random_compat/psalm.xml b/vendor/paragonie/random_compat/psalm.xml
new file mode 100644
index 0000000000..1e91409894
--- /dev/null
+++ b/vendor/paragonie/random_compat/psalm.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<psalm
+    autoloader="psalm-autoload.php"
+    stopOnFirstError="false"
+    useDocblockTypes="true"
+>
+    <projectFiles>
+        <directory name="lib" />
+    </projectFiles>
+    <issueHandlers>
+        <DuplicateClass errorLevel="info" />
+        <InvalidOperand errorLevel="info" />
+        <UndefinedConstant errorLevel="info" />
+        <MissingReturnType errorLevel="info" />
+    </issueHandlers>
+</psalm>

From acd65aade17c2e8db1dcb012b6d14a732bc87244 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 02:21:37 -0500
Subject: [PATCH 3/7] Switch to new php-encryption library version

- Remove references to library/ files
- Add namespace to library classes
---
 include/items.php     |  3 ---
 mod/dfrn_notify.php   | 15 +++++----------
 src/Protocol/DFRN.php | 16 +++++-----------
 3 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/include/items.php b/include/items.php
index 64aeabceab..6d4d30e7cb 100644
--- a/include/items.php
+++ b/include/items.php
@@ -33,9 +33,6 @@ require_once 'mod/share.php';
 require_once 'include/enotify.php';
 require_once 'include/group.php';
 
-/// @TODO one day with composer autoloader no more needed
-require_once 'library/defuse/php-encryption-1.2.1/Crypto.php';
-
 function construct_verb($item) {
 	if ($item['verb']) {
 		return $item['verb'];
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index e0e30a2488..c8dc093d17 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -11,10 +11,8 @@ use Friendica\Core\Config;
 use Friendica\Database\DBM;
 use Friendica\Protocol\DFRN;
 
-require_once('include/items.php');
-require_once('include/event.php');
-
-require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
+require_once 'include/items.php';
+require_once 'include/event.php';
 
 function dfrn_notify_post(App $a) {
 	logger(__function__, LOGGER_TRACE);
@@ -185,8 +183,8 @@ function dfrn_notify_post(App $a) {
 				break;
 			case 2:
 				try {
-					$data = Crypto::decrypt(hex2bin($data), $final_key);
-				} catch (InvalidCiphertext $ex) { // VERY IMPORTANT
+					$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $final_key);
+				} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
 					/*
 					 * Either:
 					 *   1. The ciphertext was modified by the attacker,
@@ -196,12 +194,9 @@ function dfrn_notify_post(App $a) {
 					 */
 					logger('The ciphertext has been tampered with!');
 					xml_status(0, 'The ciphertext has been tampered with!');
-				} catch (Ex\CryptoTestFailed $ex) {
+				} catch (\Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) {
 					logger('Cannot safely perform dencryption');
 					xml_status(0, 'CryptoTestFailed');
-				} catch (Ex\CannotPerformOperation $ex) {
-					logger('Cannot safely perform decryption');
-					xml_status(0, 'Cannot safely perform decryption');
 				}
 				break;
 			default:
diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index f400d033ea..6ba8ed7d10 100644
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -1296,26 +1296,20 @@ class DFRN
 				case 2:
 					// RINO 2 based on php-encryption
 					try {
-						$key = Crypto::createNewRandomKey();
-					} catch (CryptoTestFailed $ex) {
+						$key = \Defuse\Crypto\Key::createNewRandomKey();
+					} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
 						logger('Cannot safely create a key');
 						return -4;
-					} catch (CannotPerformOperation $ex) {
-						logger('Cannot safely create a key');
-						return -5;
 					}
 					try {
-						$data = Crypto::encrypt($postvars['data'], $key);
-					} catch (CryptoTestFailed $ex) {
+						$data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $key);
+					} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
 						logger('Cannot safely perform encryption');
 						return -6;
-					} catch (CannotPerformOperation $ex) {
-						logger('Cannot safely perform encryption');
-						return -7;
 					}
 					break;
 				default:
-					logger("rino: invalid requested verision '$rino_remote_version'");
+					logger("rino: invalid requested version '$rino_remote_version'");
 					return -8;
 			}
 

From b4ce07bdc5d9dea67f3e00947f8f80f57078c096 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 02:21:54 -0500
Subject: [PATCH 4/7] Remove old library defuse/php-encryption

---
 .../defuse/php-encryption-1.2.1/.travis.yml   |  22 -
 .../defuse/php-encryption-1.2.1/Crypto.php    | 677 ------------------
 library/defuse/php-encryption-1.2.1/README.md |  79 --
 .../defuse/php-encryption-1.2.1/benchmark.php |  42 --
 .../defuse/php-encryption-1.2.1/composer.json |  20 -
 .../defuse/php-encryption-1.2.1/example.php   |  36 -
 library/defuse/php-encryption-1.2.1/test.sh   |  30 -
 .../php-encryption-1.2.1/tests/runtime.php    |  32 -
 8 files changed, 938 deletions(-)
 delete mode 100644 library/defuse/php-encryption-1.2.1/.travis.yml
 delete mode 100644 library/defuse/php-encryption-1.2.1/Crypto.php
 delete mode 100644 library/defuse/php-encryption-1.2.1/README.md
 delete mode 100644 library/defuse/php-encryption-1.2.1/benchmark.php
 delete mode 100644 library/defuse/php-encryption-1.2.1/composer.json
 delete mode 100644 library/defuse/php-encryption-1.2.1/example.php
 delete mode 100644 library/defuse/php-encryption-1.2.1/test.sh
 delete mode 100644 library/defuse/php-encryption-1.2.1/tests/runtime.php

diff --git a/library/defuse/php-encryption-1.2.1/.travis.yml b/library/defuse/php-encryption-1.2.1/.travis.yml
deleted file mode 100644
index 20ec31c201..0000000000
--- a/library/defuse/php-encryption-1.2.1/.travis.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-language: php
-php:
-    - "5.6"
-    - "5.5"
-    - "5.4"
-    - "5.3"
-    - "5.2"
-# Versions below here are not installed on travis-ci
-#    - "5.1"
-#    - "5.0"
-#    - "4.4"
-#    - "4.3"
-#    - "4.2"
-#    - "4.1"
-#    - "4.0"
-    
-matrix:
-  allow_failures:
-    - php: "5.3"
-    - php: "5.2"
-
-script: ./test.sh
diff --git a/library/defuse/php-encryption-1.2.1/Crypto.php b/library/defuse/php-encryption-1.2.1/Crypto.php
deleted file mode 100644
index 5b60f6f121..0000000000
--- a/library/defuse/php-encryption-1.2.1/Crypto.php
+++ /dev/null
@@ -1,677 +0,0 @@
-<?php
-
-/*
- * PHP Encryption Library
- * Copyright (c) 2014, Taylor Hornby
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice, 
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Web: https://defuse.ca/secure-php-encryption.htm
- * GitHub: https://github.com/defuse/php-encryption 
- *
- * WARNING: This encryption library is not a silver bullet. It only provides
- * symmetric encryption given a uniformly random key. This means you MUST NOT
- * use an ASCII string like a password as the key parameter, it MUST be
- * a uniformly random key generated by CreateNewRandomKey(). If you want to
- * encrypt something with a password, apply a password key derivation function
- * like PBKDF2 or scrypt with a random salt to generate a key.
- *
- * WARNING: Error handling is very important, especially for crypto code! 
- *
- * How to use this code:
- *
- *     Generating a Key
- *     ----------------
- *       try {
- *           $key = self::CreateNewRandomKey();
- *           // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
- *           // they may leak the key to the attacker through side channels.
- *       } catch (CryptoTestFailedException $ex) {
- *           die('Cannot safely create a key');
- *       } catch (CannotPerformOperationException $ex) {
- *           die('Cannot safely create a key');
- *       }
- *
- *     Encrypting a Message
- *     --------------------
- *       $message = "ATTACK AT DAWN";
- *       try {
- *           $ciphertext = self::Encrypt($message, $key);
- *       } catch (CryptoTestFailedException $ex) {
- *           die('Cannot safely perform encryption');
- *       } catch (CannotPerformOperationException $ex) {
- *           die('Cannot safely perform decryption');
- *       }
- *
- *     Decrypting a Message
- *     --------------------
- *       try {
- *           $decrypted = self::Decrypt($ciphertext, $key);
- *       } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
- *           // Either:
- *           //   1. The ciphertext was modified by the attacker,
- *           //   2. The key is wrong, or
- *           //   3. $ciphertext is not a valid ciphertext or was corrupted.
- *           // Assume the worst.
- *           die('DANGER! DANGER! The ciphertext has been tampered with!');
- *       } catch (CryptoTestFailedException $ex) {
- *           die('Cannot safely perform encryption');
- *       } catch (CannotPerformOperationException $ex) {
- *           die('Cannot safely perform decryption');
- *       }
- */
-
-/* 
- * Raised by Decrypt() when one of the following conditions are met:
- *  - The key is wrong.
- *  - The ciphertext is invalid or not in the correct format.
- *  - The attacker modified the ciphertext.
- */
-class InvalidCiphertextException extends Exception {}
-/* If you see these, it means it is NOT SAFE to do encryption on your system. */
-class CannotPerformOperationException extends Exception {}
-class CryptoTestFailedException extends Exception {}
-
-final class Crypto
-{
-    // Ciphertext format: [____HMAC____][____IV____][____CIPHERTEXT____].
-
-    /* DO NOT CHANGE THESE CONSTANTS! 
-     *
-     * We spent *weeks* testing this code, making sure it is as perfect and
-     * correct as possible. Are you going to do the same after making your
-     * changes? Probably not. Besides, any change to these constants will break
-     * the runtime tests, which are extremely important for your security.
-     * You're literally millions of times more likely to screw up your own
-     * security by changing something here than you are to fall victim to an
-     * 128-bit key brute-force attack. You're also breaking your own
-     * compatibility with future updates to this library, so you'll be left
-     * vulnerable if we ever find a security bug and release a fix.
-     *
-     * So, PLEASE, do not change these constants.
-     */
-    const CIPHER = 'aes-128';
-    const KEY_BYTE_SIZE = 16;
-    const CIPHER_MODE = 'cbc';
-    const HASH_FUNCTION = 'sha256';
-    const MAC_BYTE_SIZE = 32;
-    const ENCRYPTION_INFO = 'DefusePHP|KeyForEncryption';
-    const AUTHENTICATION_INFO = 'DefusePHP|KeyForAuthentication';
-
-    /*
-     * Use this to generate a random encryption key.
-     */
-    public static function CreateNewRandomKey()
-    {
-        self::RuntimeTest();
-        return self::SecureRandom(self::KEY_BYTE_SIZE);
-    }
-
-    /*
-     * Encrypts a message.
-     * $plaintext is the message to encrypt.
-     * $key is the encryption key, a value generated by CreateNewRandomKey().
-     * You MUST catch exceptions thrown by this function. See docs above.
-     */
-    public static function Encrypt($plaintext, $key)
-    {
-        self::RuntimeTest();
-
-        if (self::our_strlen($key) !== self::KEY_BYTE_SIZE)
-        {
-            throw new CannotPerformOperationException("Bad key.");
-        }
-
-        $method = self::CIPHER.'-'.self::CIPHER_MODE;
-        
-        self::EnsureFunctionExists('openssl_get_cipher_methods');
-        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
-            throw new CannotPerformOperationException("Cipher method not supported.");
-        }
-        
-        // Generate a sub-key for encryption.
-        $keysize = self::KEY_BYTE_SIZE;
-        $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
-
-        // Generate a random initialization vector.
-        self::EnsureFunctionExists("openssl_cipher_iv_length");
-        $ivsize = openssl_cipher_iv_length($method);
-        if ($ivsize === FALSE || $ivsize <= 0) {
-            throw new CannotPerformOperationException();
-        }
-        $iv = self::SecureRandom($ivsize);
-
-        $ciphertext = $iv . self::PlainEncrypt($plaintext, $ekey, $iv);
-
-        // Generate a sub-key for authentication and apply the HMAC.
-        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
-        $auth = hash_hmac(self::HASH_FUNCTION, $ciphertext, $akey, true);
-        $ciphertext = $auth . $ciphertext;
-
-        return $ciphertext;
-    }
-
-    /*
-     * Decrypts a ciphertext.
-     * $ciphertext is the ciphertext to decrypt.
-     * $key is the key that the ciphertext was encrypted with.
-     * You MUST catch exceptions thrown by this function. See docs above.
-     */
-    public static function Decrypt($ciphertext, $key)
-    {
-        self::RuntimeTest();
-        
-        $method = self::CIPHER.'-'.self::CIPHER_MODE;
-        
-        self::EnsureFunctionExists('openssl_get_cipher_methods');
-        if (in_array($method, openssl_get_cipher_methods()) === FALSE) {
-            throw new CannotPerformOperationException("Cipher method not supported.");
-        }
-
-        // Extract the HMAC from the front of the ciphertext.
-        if (self::our_strlen($ciphertext) <= self::MAC_BYTE_SIZE) {
-            throw new InvalidCiphertextException();
-        }
-        $hmac = self::our_substr($ciphertext, 0, self::MAC_BYTE_SIZE);
-        if ($hmac === FALSE) {
-            throw new CannotPerformOperationException();
-        }
-        $ciphertext = self::our_substr($ciphertext, self::MAC_BYTE_SIZE);
-        if ($ciphertext === FALSE) {
-            throw new CannotPerformOperationException();
-        }
-
-        // Regenerate the same authentication sub-key.
-        $akey = self::HKDF(self::HASH_FUNCTION, $key, self::KEY_BYTE_SIZE, self::AUTHENTICATION_INFO);
-
-        if (self::VerifyHMAC($hmac, $ciphertext, $akey))
-        {
-            // Regenerate the same encryption sub-key.
-            $keysize = self::KEY_BYTE_SIZE;
-            $ekey = self::HKDF(self::HASH_FUNCTION, $key, $keysize, self::ENCRYPTION_INFO);
-
-            // Extract the initialization vector from the ciphertext.
-            self::EnsureFunctionExists("openssl_cipher_iv_length");
-            $ivsize = openssl_cipher_iv_length($method);
-            if ($ivsize === FALSE || $ivsize <= 0) {
-                throw new CannotPerformOperationException();
-            }
-            if (self::our_strlen($ciphertext) <= $ivsize) {
-                throw new InvalidCiphertextException();
-            }
-            $iv = self::our_substr($ciphertext, 0, $ivsize);
-            if ($iv === FALSE) {
-                throw new CannotPerformOperationException();
-            }
-            $ciphertext = self::our_substr($ciphertext, $ivsize);
-            if ($ciphertext === FALSE) {
-                throw new CannotPerformOperationException();
-            }
-            
-            $plaintext = self::PlainDecrypt($ciphertext, $ekey, $iv);
-
-            return $plaintext;
-        }
-        else
-        {
-            /*
-             * We throw an exception instead of returning FALSE because we want
-             * a script that doesn't handle this condition to CRASH, instead
-             * of thinking the ciphertext decrypted to the value FALSE.
-             */
-             throw new InvalidCiphertextException();
-        }
-    }
-
-    /*
-     * Runs tests.
-     * Raises CannotPerformOperationException or CryptoTestFailedException if
-     * one of the tests fail. If any tests fails, your system is not capable of
-     * performing encryption, so make sure you fail safe in that case.
-     */
-    public static function RuntimeTest()
-    {
-        // 0: Tests haven't been run yet.
-        // 1: Tests have passed.
-        // 2: Tests are running right now.
-        // 3: Tests have failed.
-        static $test_state = 0;
-
-        if ($test_state === 1 || $test_state === 2) {
-            return;
-        }
-
-        try {
-            $test_state = 2;
-            self::AESTestVector();
-            self::HMACTestVector();
-            self::HKDFTestVector();
-
-            self::TestEncryptDecrypt();
-            if (self::our_strlen(self::CreateNewRandomKey()) != self::KEY_BYTE_SIZE) {
-                throw new CryptoTestFailedException();
-            }
-
-            if (self::ENCRYPTION_INFO == self::AUTHENTICATION_INFO) {
-                throw new CryptoTestFailedException();
-            }
-        } catch (CryptoTestFailedException $ex) {
-            // Do this, otherwise it will stay in the "tests are running" state.
-            $test_state = 3;
-            throw $ex;
-        }
-
-        // Change this to '0' make the tests always re-run (for benchmarking).
-        $test_state = 1;
-    }
-
-    /*
-     * Never call this method directly!
-     */
-    private static function PlainEncrypt($plaintext, $key, $iv)
-    {
-        
-        $method = self::CIPHER.'-'.self::CIPHER_MODE;
-        
-        self::EnsureConstantExists("OPENSSL_RAW_DATA");
-        self::EnsureFunctionExists("openssl_encrypt");
-        $ciphertext = openssl_encrypt(
-            $plaintext,
-            $method,
-            $key,
-            OPENSSL_RAW_DATA,
-            $iv
-        );
-        
-        if ($ciphertext === false) {
-            throw new CannotPerformOperationException();
-        }
-
-        return $ciphertext;
-    }
-
-    /*
-     * Never call this method directly!
-     */
-    private static function PlainDecrypt($ciphertext, $key, $iv)
-    {
-        
-        $method = self::CIPHER.'-'.self::CIPHER_MODE;
-        
-        self::EnsureConstantExists("OPENSSL_RAW_DATA");
-        self::EnsureFunctionExists("openssl_encrypt");
-        $plaintext = openssl_decrypt(
-            $ciphertext,
-            $method,
-            $key,
-            OPENSSL_RAW_DATA,
-            $iv
-        );
-        if ($plaintext === FALSE) {
-            throw new CannotPerformOperationException();
-        }
-        
-        return $plaintext;
-    }
-
-    /*
-     * Returns a random binary string of length $octets bytes.
-     */
-    private static function SecureRandom($octets)
-    {
-        self::EnsureFunctionExists("openssl_random_pseudo_bytes");
-        $random = openssl_random_pseudo_bytes($octets, $crypto_strong);
-        if ($crypto_strong === FALSE) {
-            throw new CannotPerformOperationException();
-        } else {
-            return $random;
-        }
-    }
-
-    /*
-     * Use HKDF to derive multiple keys from one.
-     * http://tools.ietf.org/html/rfc5869
-     */
-    private static function HKDF($hash, $ikm, $length, $info = '', $salt = NULL)
-    {
-        // Find the correct digest length as quickly as we can.
-        $digest_length = self::MAC_BYTE_SIZE;
-        if ($hash != self::HASH_FUNCTION) {
-            $digest_length = self::our_strlen(hash_hmac($hash, '', '', true));
-        }
-
-        // Sanity-check the desired output length.
-        if (empty($length) || !is_int($length) ||
-            $length < 0 || $length > 255 * $digest_length) {
-            throw new CannotPerformOperationException();
-        }
-
-        // "if [salt] not provided, is set to a string of HashLen zeroes."
-        if (is_null($salt)) {
-            $salt = str_repeat("\x00", $digest_length);
-        }
-
-        // HKDF-Extract:
-        // PRK = HMAC-Hash(salt, IKM)
-        // The salt is the HMAC key.
-        $prk = hash_hmac($hash, $ikm, $salt, true);
-
-        // HKDF-Expand:
-
-        // This check is useless, but it serves as a reminder to the spec.
-        if (self::our_strlen($prk) < $digest_length) {
-            throw new CannotPerformOperationException();
-        }
-
-        // T(0) = ''
-        $t = '';
-        $last_block = '';
-        for ($block_index = 1; self::our_strlen($t) < $length; $block_index++) {
-            // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
-            $last_block = hash_hmac(
-                $hash,
-                $last_block . $info . chr($block_index),
-                $prk,
-                true
-            );
-            // T = T(1) | T(2) | T(3) | ... | T(N)
-            $t .= $last_block;
-        }
-
-        // ORM = first L octets of T
-        $orm = self::our_substr($t, 0, $length);
-        if ($orm === FALSE) {
-            throw new CannotPerformOperationException();
-        }
-        return $orm;
-    }
-
-    private static function VerifyHMAC($correct_hmac, $message, $key)
-    {
-        $message_hmac = hash_hmac(self::HASH_FUNCTION, $message, $key, true);
-
-        // We can't just compare the strings with '==', since it would make
-        // timing attacks possible. We could use the XOR-OR constant-time
-        // comparison algorithm, but I'm not sure if that's good enough way up
-        // here in an interpreted language. So we use the method of HMACing the 
-        // strings we want to compare with a random key, then comparing those.
-
-        // NOTE: This leaks information when the strings are not the same
-        // length, but they should always be the same length here. Enforce it:
-        if (self::our_strlen($correct_hmac) !== self::our_strlen($message_hmac)) {
-            throw new CannotPerformOperationException();
-        }
-
-        $blind = self::CreateNewRandomKey();
-        $message_compare = hash_hmac(self::HASH_FUNCTION, $message_hmac, $blind);
-        $correct_compare = hash_hmac(self::HASH_FUNCTION, $correct_hmac, $blind);
-        return $correct_compare === $message_compare;
-    }
-
-    private static function TestEncryptDecrypt()
-    {
-        $key = self::CreateNewRandomKey();
-        $data = "EnCrYpT EvErYThInG\x00\x00";
-
-        // Make sure encrypting then decrypting doesn't change the message.
-        $ciphertext = self::Encrypt($data, $key);
-        try {
-            $decrypted = self::Decrypt($ciphertext, $key);
-        } catch (InvalidCiphertextException $ex) {
-            // It's important to catch this and change it into a 
-            // CryptoTestFailedException, otherwise a test failure could trick
-            // the user into thinking it's just an invalid ciphertext!
-            throw new CryptoTestFailedException();
-        }
-        if($decrypted !== $data)
-        {
-            throw new CryptoTestFailedException();
-        }
-
-        // Modifying the ciphertext: Appending a string.
-        try {
-            self::Decrypt($ciphertext . "a", $key);
-            throw new CryptoTestFailedException();
-        } catch (InvalidCiphertextException $e) { /* expected */ }
-
-        // Modifying the ciphertext: Changing an IV byte.
-        try {
-            $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256);
-            self::Decrypt($ciphertext, $key);
-            throw new CryptoTestFailedException();
-        } catch (InvalidCiphertextException $e) { /* expected */ }
-
-        // Decrypting with the wrong key.
-        $key = self::CreateNewRandomKey();
-        $data = "abcdef";
-        $ciphertext = self::Encrypt($data, $key);
-        $wrong_key = self::CreateNewRandomKey();
-        try {
-            self::Decrypt($ciphertext, $wrong_key);
-            throw new CryptoTestFailedException();
-        } catch (InvalidCiphertextException $e) { /* expected */ }
-
-        // Ciphertext too small (shorter than HMAC).
-        $key = self::CreateNewRandomKey();
-        $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1);
-        try {
-            self::Decrypt($ciphertext, $key);
-            throw new CryptoTestFailedException();
-        } catch (InvalidCiphertextException $e) { /* expected */ }
-    }
-
-    private static function HKDFTestVector()
-    {
-        // HKDF test vectors from RFC 5869
-
-        // Test Case 1
-        $ikm = str_repeat("\x0b", 22);
-        $salt = self::hexToBytes("000102030405060708090a0b0c");
-        $info = self::hexToBytes("f0f1f2f3f4f5f6f7f8f9");
-        $length = 42;
-        $okm = self::hexToBytes(
-            "3cb25f25faacd57a90434f64d0362f2a" .
-            "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" .
-            "34007208d5b887185865"
-        );
-        $computed_okm = self::HKDF("sha256", $ikm, $length, $info, $salt);
-        if ($computed_okm !== $okm) {
-            throw new CryptoTestFailedException();
-        }
-
-        // Test Case 7
-        $ikm = str_repeat("\x0c", 22);
-        $length = 42;
-        $okm = self::hexToBytes(
-            "2c91117204d745f3500d636a62f64f0a" .
-            "b3bae548aa53d423b0d1f27ebba6f5e5" .
-            "673a081d70cce7acfc48"
-        );
-        $computed_okm = self::HKDF("sha1", $ikm, $length);
-        if ($computed_okm !== $okm) {
-            throw new CryptoTestFailedException();
-        }
-
-    }
-
-    private static function HMACTestVector()
-    {
-        // HMAC test vector From RFC 4231 (Test Case 1)
-        $key = str_repeat("\x0b", 20);
-        $data = "Hi There";
-        $correct = "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
-        if (hash_hmac(self::HASH_FUNCTION, $data, $key) != $correct) {
-            throw new CryptoTestFailedException();
-        }
-    }
-
-    private static function AESTestVector()
-    {
-        // AES CBC mode test vector from NIST SP 800-38A
-        $key = self::hexToBytes("2b7e151628aed2a6abf7158809cf4f3c");
-        $iv = self::hexToBytes("000102030405060708090a0b0c0d0e0f");
-        $plaintext = self::hexToBytes(
-            "6bc1bee22e409f96e93d7e117393172a" . 
-            "ae2d8a571e03ac9c9eb76fac45af8e51" .
-            "30c81c46a35ce411e5fbc1191a0a52ef" .
-            "f69f2445df4f9b17ad2b417be66c3710"
-        );
-        $ciphertext = self::hexToBytes(
-            "7649abac8119b246cee98e9b12e9197d" .
-            "5086cb9b507219ee95db113a917678b2" .
-            "73bed6b8e3c1743b7116e69e22229516" .
-            "3ff1caa1681fac09120eca307586e1a7" .
-            /* Block due to padding. Not from NIST test vector. 
-                Padding Block: 10101010101010101010101010101010
-                Ciphertext:    3ff1caa1681fac09120eca307586e1a7
-                           (+) 2fe1dab1780fbc19021eda206596f1b7 
-                           AES 8cb82807230e1321d3fae00d18cc2012
-             
-             */
-            "8cb82807230e1321d3fae00d18cc2012"
-        );
-
-        $computed_ciphertext = self::PlainEncrypt($plaintext, $key, $iv);
-        if ($computed_ciphertext !== $ciphertext) {
-            throw new CryptoTestFailedException();
-        }
-
-        $computed_plaintext = self::PlainDecrypt($ciphertext, $key, $iv);
-        if ($computed_plaintext !== $plaintext) {
-            throw new CryptoTestFailedException();
-        }
-    }
-
-    /* WARNING: Do not call this function on secrets. It creates side channels. */
-    private static function hexToBytes($hex_string)
-    {
-        return pack("H*", $hex_string);
-    }
-
-    private static function EnsureConstantExists($name)
-    {
-        if (!defined($name)) {
-            throw new CannotPerformOperationException();
-        }
-    }
-    
-    private static function EnsureFunctionExists($name)
-    {
-        if (!function_exists($name)) {
-            throw new CannotPerformOperationException();
-        }
-    }
-
-    /*
-     * We need these strlen() and substr() functions because when
-     * 'mbstring.func_overload' is set in php.ini, the standard strlen() and
-     * substr() are replaced by mb_strlen() and mb_substr().
-     */
-
-    private static function our_strlen($str)
-    {
-        if (function_exists('mb_strlen')) {
-            $length = mb_strlen($str, '8bit');
-            if ($length === FALSE) {
-                throw new CannotPerformOperationException();
-            }
-            return $length;
-        } else {
-            return strlen($str);
-        }
-    }
-
-    private static function our_substr($str, $start, $length = NULL)
-    {
-        if (function_exists('mb_substr'))
-        {
-            // mb_substr($str, 0, NULL, '8bit') returns an empty string on PHP
-            // 5.3, so we have to find the length ourselves.
-            if (!isset($length)) {
-                if ($start >= 0) {
-                    $length = self::our_strlen($str) - $start;
-                } else {
-                    $length = -$start;
-                }
-            }
-
-            return mb_substr($str, $start, $length, '8bit');
-        }
-
-        // Unlike mb_substr(), substr() doesn't accept NULL for length
-        if (isset($length)) {
-            return substr($str, $start, $length);
-        } else {
-            return substr($str, $start);
-        }
-    }
-
-}
-
-/*
- * We want to catch all uncaught exceptions that come from the Crypto class,
- * since by default, PHP will leak the key in the stack trace from an uncaught
- * exception. This is a really ugly hack, but I think it's justified.
- *
- * Everything up to handler() getting called should be reliable, so this should
- * reliably suppress the stack traces. The rest is just a bonus so that we don't
- * make it impossible to debug other exceptions.
- *
- * This bit of code was adapted from: http://stackoverflow.com/a/7939492
- */
-
-class CryptoExceptionHandler
-{
-    private $rethrow = NULL;
-
-    public function __construct()
-    {
-        set_exception_handler(array($this, "handler"));
-    }
-
-    public function handler($ex)
-    {
-        if (
-            $ex instanceof InvalidCiphertextException ||
-            $ex instanceof CannotPerformOperationException ||
-            $ex instanceof CryptoTestFailedException
-        ) {
-            echo "FATAL ERROR: Uncaught crypto exception. Suppresssing output.\n";
-        } else {
-            /* Re-throw the exception in the destructor. */
-            $this->rethrow = $ex;
-        }
-    }
-
-    public function __destruct() {
-        if ($this->rethrow) {
-            throw $this->rethrow;
-        }
-    }
-}
-
-$crypto_exception_handler_object_dont_touch_me = new CryptoExceptionHandler();
-
diff --git a/library/defuse/php-encryption-1.2.1/README.md b/library/defuse/php-encryption-1.2.1/README.md
deleted file mode 100644
index 292ecf957e..0000000000
--- a/library/defuse/php-encryption-1.2.1/README.md
+++ /dev/null
@@ -1,79 +0,0 @@
-php-encryption
-===============
-
-This is a class for doing symmetric encryption in PHP. **Requires PHP 5.4 or newer.**
-
-[![Build Status](https://travis-ci.org/defuse/php-encryption.svg?branch=master)](https://travis-ci.org/defuse/php-encryption)
-
-Implementation
---------------
-
-Messages are encrypted with AES-128 in CBC mode and are authenticated with
-HMAC-SHA256 (Encrypt-then-Mac). PKCS7 padding is used to pad the message to
-a multiple of the block size. HKDF is used to split the user-provided key into
-two keys: one for encryption, and the other for authentication. It is
-implemented using the `openssl_` and `hash_hmac` functions.
-
-Warning
---------
-
-This is new code, and it hasn't received much review by experts. I have spent
-many hours making it as secure as possible (extensive runtime tests, secure
-coding practices), and auditing it for problems, but I may have missed some
-issues. So be careful. Don't trust it with your life. Check out the open GitHub
-issues for a list of known issues. If you find a problem with this library,
-please report it by opening a GitHub issue.
-
-That said, you're probably much better off using this library than any other
-encryption library written in PHP. 
-
-Philosophy
------------
-
-This library was created after noticing how much insecure PHP encryption code
-there is. I once did a Google search for "php encryption" and found insecure
-code or advice on 9 of the top 10 results.
-
-Encryption is becoming an essential component of modern websites. This library
-aims to fulfil a subset of that need: Authenticated symmetric encryption of
-short strings, given a random key.
-
-This library is developed around several core values:
-
-- Rule #1: Security is prioritized over everything else.
-
-    > Whenever there is a conflict between security and some other property,
-    > security will be favored. For example, the library has runtime tests,
-    > which make it slower, but will hopefully stop it from encrypting stuff
-    > if the platform it's running on is broken.
-
-- Rule #2: It should be difficult to misuse the library.
-
-    > We assume the developers using this library have no experience with
-    > cryptography. We only assume that they know that the "key" is something
-    > you need to encrypt and decrypt the messages, and that it must be
-    > protected. Whenever possible, the library should refuse to encrypt or
-    > decrypt messages when it is not being used correctly.
-
-- Rule #3: The library aims only to be compatible with itself.
-
-    > Other PHP encryption libraries try to support every possible type of
-    > encryption, even the insecure ones (e.g. ECB mode). Because there are so
-    > many options, inexperienced developers must make decisions between
-    > things like "CBC" mode and "ECB" mode, knowing nothing about either one,
-    > which inevitably creates vulnerabilities.
-
-    > This library will only support one secure mode. A developer using this
-    > library will call "encrypt" and "decrypt" not caring about how they are
-    > implemented.
-
-- Rule #4: The library should consist of a single PHP file and nothing more.
-
-    > Some PHP encryption libraries, like libsodium-php [1], are not
-    > straightforward to install and cannot packaged with "just download and
-    > extract" applications. This library will always be just one PHP file
-    > that you can put in your source tree and require().
-
-References:
-
-    [1] https://github.com/jedisct1/libsodium-php
diff --git a/library/defuse/php-encryption-1.2.1/benchmark.php b/library/defuse/php-encryption-1.2.1/benchmark.php
deleted file mode 100644
index 3da61a6285..0000000000
--- a/library/defuse/php-encryption-1.2.1/benchmark.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php
-
-require_once('Crypto.php');
-
-// Note: By default, the runtime tests are "cached" and not re-executed for
-// every call. To disable this, look at the RuntimeTest() function.
-
-$start = microtime(true);
-for ($i = 0; $i < 1000; $i++) {
-    $key = Crypto::CreateNewRandomKey();
-}
-$end = microtime(true);
-showResults("CreateNewRandomKey()", $start, $end, 1000);
-
-$start = microtime(true);
-for ($i = 0; $i < 100; $i++) {
-    $ciphertext = Crypto::Encrypt(
-        str_repeat("A", 1024*1024), 
-        str_repeat("B", 16)
-    );
-}
-$end = microtime(true);
-showResults("Encrypt(1MB)", $start, $end, 100);
-
-$start = microtime(true);
-for ($i = 0; $i < 1000; $i++) {
-    $ciphertext = Crypto::Encrypt(
-        str_repeat("A", 1024), 
-        str_repeat("B", 16)
-    );
-}
-$end = microtime(true);
-showResults("Encrypt(1KB)", $start, $end, 1000);
-
-function showResults($type, $start, $end, $count)
-{
-    $time = $end - $start;
-    $rate = $count / $time;
-    echo "$type: $rate calls/s\n";
-}
-
-?>
diff --git a/library/defuse/php-encryption-1.2.1/composer.json b/library/defuse/php-encryption-1.2.1/composer.json
deleted file mode 100644
index 6856b9c72c..0000000000
--- a/library/defuse/php-encryption-1.2.1/composer.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "name": "defuse/php-encryption",
-    "description": "Secure PHP Encryption Library",
-    "license": "MIT",
-    "keywords": ["security", "encryption", "AES", "mcrypt", "cipher"],
-    "authors": [
-        {
-            "name": "Taylor Hornby",
-            "email": "havoc@defuse.ca"
-        }
-    ],
-    "autoload": {
-        "files": ["Crypto.php"]
-    },
-    "require": {
-        "php":  ">=5.4.0",
-        "ext-openssl": "*",
-        "ext-mcrypt":  "*"
-    }
-}
diff --git a/library/defuse/php-encryption-1.2.1/example.php b/library/defuse/php-encryption-1.2.1/example.php
deleted file mode 100644
index 10e73f9154..0000000000
--- a/library/defuse/php-encryption-1.2.1/example.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-require_once('Crypto.php');
-  try {
-      $key = Crypto::CreateNewRandomKey();
-      // WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
-      // they may leak the key to the attacker through side channels.
-  } catch (CryptoTestFailedException $ex) {
-      die('Cannot safely create a key');
-  } catch (CannotPerformOperationException $ex) {
-      die('Cannot safely create a key');
-  }
-
-  $message = "ATTACK AT DAWN";
-  try {
-      $ciphertext = Crypto::Encrypt($message, $key);
-  } catch (CryptoTestFailedException $ex) {
-      die('Cannot safely perform encryption');
-  } catch (CannotPerformOperationException $ex) {
-      die('Cannot safely perform decryption');
-  }
-
-  try {
-      $decrypted = Crypto::Decrypt($ciphertext, $key);
-  } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT
-      // Either:
-      //   1. The ciphertext was modified by the attacker,
-      //   2. The key is wrong, or
-      //   3. $ciphertext is not a valid ciphertext or was corrupted.
-      // Assume the worst.
-      die('DANGER! DANGER! The ciphertext has been tampered with!');
-  } catch (CryptoTestFailedException $ex) {
-      die('Cannot safely perform encryption');
-  } catch (CannotPerformOperationException $ex) {
-      die('Cannot safely perform decryption');
-  }
-?>
diff --git a/library/defuse/php-encryption-1.2.1/test.sh b/library/defuse/php-encryption-1.2.1/test.sh
deleted file mode 100644
index d1691e7c6e..0000000000
--- a/library/defuse/php-encryption-1.2.1/test.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-echo "Normal"
-echo "--------------------------------------------------"
-php -d mbstring.func_overload=0 tests/runtime.php
-if [ $? -ne 0 ]; then
-    echo "FAIL."
-    exit 1
-fi
-echo "--------------------------------------------------"
-
-echo ""
-
-echo "Multibyte"
-echo "--------------------------------------------------"
-php -d mbstring.func_overload=7 tests/runtime.php
-if [ $? -ne 0 ]; then
-    echo "FAIL."
-    exit 1
-fi
-echo "--------------------------------------------------"
-
-echo ""
-
-if [ -z "$(php Crypto.php)" ]; then
-    echo "PASS: Crypto.php output is empty."
-else
-    echo "FAIL: Crypto.php output is not empty."
-    exit 1
-fi
diff --git a/library/defuse/php-encryption-1.2.1/tests/runtime.php b/library/defuse/php-encryption-1.2.1/tests/runtime.php
deleted file mode 100644
index 76565c58e3..0000000000
--- a/library/defuse/php-encryption-1.2.1/tests/runtime.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-
-// Set the encoding to something more "challenging."
-$ret = mb_internal_encoding('UTF-8');
-if ($ret === FALSE) {
-    echo "Couldn't set encoding.";
-    exit(1);
-}
-
-// Dump out the settings / encoding for future reference.
-$val = ini_get("mbstring.func_overload");
-echo "Settings: \n";
-echo "    func_overload: " . $val . "\n";
-echo "    mb_internal_encoding(): " . mb_internal_encoding() . "\n";
-
-// Perform the tests.
-require_once('Crypto.php');
-try {
-    Crypto::RuntimeTest();
-    echo "TEST PASSED!\n";
-    exit(0);
-} catch (CryptoTestFailedException $ex) {
-    echo "TEST FAILED!\n";
-    var_dump($ex);
-    exit(1);
-} catch (CannotPerformOperationException $ex) {
-    echo "TEST FAILED\n";
-    var_dump($ex);
-    exit(1);
-}
-
-?>

From d5aff9ac31a67cdd7a78327ed2915d2c7a7a133a Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 02:35:11 -0500
Subject: [PATCH 5/7] Fix php-encryption version 2 compatibility issues

---
 mod/dfrn_notify.php   | 3 ++-
 src/Protocol/DFRN.php | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index c8dc093d17..b8c771b75a 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -183,7 +183,8 @@ function dfrn_notify_post(App $a) {
 				break;
 			case 2:
 				try {
-					$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $final_key);
+					$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString($final_key);
+					$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $FinalKey);
 				} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
 					/*
 					 * Either:
diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index 6ba8ed7d10..7f37f9839b 100644
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -1296,13 +1296,14 @@ class DFRN
 				case 2:
 					// RINO 2 based on php-encryption
 					try {
-						$key = \Defuse\Crypto\Key::createNewRandomKey();
+						$KeyObject = \Defuse\Crypto\Key::createNewRandomKey();
 					} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
 						logger('Cannot safely create a key');
 						return -4;
 					}
 					try {
-						$data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $key);
+						$data = \Defuse\Crypto\Crypto::encrypt($postvars['data'], $KeyObject);
+						$key = $KeyObject->saveToAsciiSafeString();
 					} catch (\Defuse\Crypto\Exception\CryptoException $ex) {
 						logger('Cannot safely perform encryption');
 						return -6;

From 918f2e8593cdf112f4d4dff665d2e084513d5b89 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 03:01:02 -0500
Subject: [PATCH 6/7] Fix another php-encryption version migration error

---
 mod/dfrn_notify.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index b8c771b75a..7310205326 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -183,7 +183,7 @@ function dfrn_notify_post(App $a) {
 				break;
 			case 2:
 				try {
-					$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString($final_key);
+					$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString(bintohex($final_key));
 					$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $FinalKey);
 				} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
 					/*

From 1262d6bfee193977ccddb746d5a3611980cb9983 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 9 Nov 2017 03:01:53 -0500
Subject: [PATCH 7/7] Function name typo

---
 mod/dfrn_notify.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 7310205326..7397b415a5 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -183,7 +183,7 @@ function dfrn_notify_post(App $a) {
 				break;
 			case 2:
 				try {
-					$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString(bintohex($final_key));
+					$FinalKey = \Defuse\Crypto\Key::loadFromAsciiSafeString(bin2hex($final_key));
 					$data = \Defuse\Crypto\Crypto::decrypt(hex2bin($data), $FinalKey);
 				} catch (\Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { // VERY IMPORTANT
 					/*