From 508627934af35dad4d737e6c2143dc475afa2f8b Mon Sep 17 00:00:00 2001 From: keen Date: Tue, 20 Jan 2015 17:00:16 -0500 Subject: [PATCH 1/3] Build server with cURL library --- blakserv/account.c | 7 +- blakserv/account.h | 3 +- blakserv/httpauth.c | 85 ++ blakserv/httpauth.h | 26 + blakserv/loadacco.c | 31 +- blakserv/makefile | 1 + blakserv/saveacco.c | 4 +- include/curl/curl.h | 2352 ++++++++++++++++++++++++++++++++++ include/curl/curlbuild.h | 585 +++++++++ include/curl/curlrules.h | 262 ++++ include/curl/curlver.h | 69 + include/curl/easy.h | 102 ++ include/curl/mprintf.h | 81 ++ include/curl/multi.h | 399 ++++++ include/curl/stdcheaders.h | 33 + include/curl/typecheck-gcc.h | 610 +++++++++ 16 files changed, 4638 insertions(+), 12 deletions(-) create mode 100644 blakserv/httpauth.c create mode 100644 blakserv/httpauth.h create mode 100644 include/curl/curl.h create mode 100644 include/curl/curlbuild.h create mode 100644 include/curl/curlrules.h create mode 100644 include/curl/curlver.h create mode 100644 include/curl/easy.h create mode 100644 include/curl/mprintf.h create mode 100644 include/curl/multi.h create mode 100644 include/curl/stdcheaders.h create mode 100644 include/curl/typecheck-gcc.h diff --git a/blakserv/account.c b/blakserv/account.c index 2ebbdc8412..633f712762 100644 --- a/blakserv/account.c +++ b/blakserv/account.c @@ -41,6 +41,7 @@ void InitAccount(void) console_account->last_login_time = 0; console_account->suspend_time = 0; console_account->credits = 0; + console_account->verified = 0; } void ResetAccount(void) @@ -134,6 +135,7 @@ Bool CreateAccount(char *name,char *password,int type,int *account_id) a->last_login_time = 0; a->suspend_time = 0; a->credits = 100*ConfigInt(CREDIT_INIT); + a->verified = 0; InsertAccount(a); @@ -170,6 +172,7 @@ int CreateAccountSecurePassword(char *name,char *password,int type) a->last_login_time = 0; a->suspend_time = 0; a->credits = 100*ConfigInt(CREDIT_INIT); + a->verified = 0; InsertAccount(a); @@ -215,6 +218,7 @@ int RecreateAccountSecurePassword(int account_id,char *name,char *password,int t a->last_login_time = 0; a->suspend_time = 0; a->credits = 100*ConfigInt(CREDIT_INIT); + a->verified = 0; InsertAccount(a); @@ -222,7 +226,7 @@ int RecreateAccountSecurePassword(int account_id,char *name,char *password,int t } void LoadAccount(int account_id,char *name,char *password,int type,int last_login_time, - int suspend_time, int credits) + int suspend_time, int credits, int verified) { account_node *a; @@ -241,6 +245,7 @@ void LoadAccount(int account_id,char *name,char *password,int type,int last_logi a->last_login_time = last_login_time; a->suspend_time = suspend_time; a->credits = credits; + a->verified = verified; InsertAccount(a); } diff --git a/blakserv/account.h b/blakserv/account.h index 4a896f3fca..c1b1e65236 100644 --- a/blakserv/account.h +++ b/blakserv/account.h @@ -24,6 +24,7 @@ typedef struct account_node_struct int credits; /* remember, stored as 1/100 of a credit */ int last_login_time; int suspend_time; + int verified; struct account_node_struct *next; } account_node; @@ -36,7 +37,7 @@ Bool CreateAccount(char *name,char *password,int type,int *account_id); int CreateAccountSecurePassword(char *name,char *password,int type); int RecreateAccountSecurePassword(int account_id,char *name,char *password,int type); void LoadAccount(int account_id,char *name,char *password,int type,int last_login_time, - int suspend_time, int credits); + int suspend_time, int credits, int verified); Bool DeleteAccount(int account_id); void SetAccountName(account_node *a,char *name); void SetAccountPassword(account_node *a,char *password); diff --git a/blakserv/httpauth.c b/blakserv/httpauth.c new file mode 100644 index 0000000000..81bf1e9213 --- /dev/null +++ b/blakserv/httpauth.c @@ -0,0 +1,85 @@ +#include "blakserv.h" + +CURL *curl; +CURLcode res; + +void LoadCurl(void) +{ + curl_global_init(CURL_GLOBAL_WIN32); + lprintf("Loading cURL: %s",curl_version()); +} + +void AuthenticateHttp() +{ + curl = curl_easy_init(); + + struct HttpResponse response; + + response.rdata = (char*)malloc(1); + response.size = 0; + + if(curl) + { + curl_easy_setopt(curl, CURLOPT_USERAGENT, CURL_USER_AGENT); + + #ifdef CURL_USE_SSL + curl_easy_setopt(curl, CURLOPT_URL, HTTPS_AUTH_URL); + + #ifdef CURL_SKIP_PEER_VERIFICATION + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + #endif CURL_SKIP_PEER_VERIFICATION + + #ifdef CURL_SKIP_HOSTNAME_VERIFICATION + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + #endif CURL_SKIP_HOSTNAME_VERIFICATION + + #else // No CURL_USE_SSL + curl_easy_setopt(curl, CURLOPT_URL, HTTP_AUTH_URL); + #endif CURL_USE_SSL + + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, httpResponseToMemoryCallback); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response); + + res = curl_easy_perform(curl); + + if(res != CURLE_OK) + { + eprintf("HTTP authentication failed: %s\n", + curl_easy_strerror(res)); + } + else + { + // got a response, process it + lprintf("Http authentication: received server response.\n"); + } + } + + if(response.rdata) + free(response.rdata); + + curl_easy_cleanup(curl); +} + +static size_t httpResponseToMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) +{ + size_t realsize = size * nmemb; + struct HttpResponse *response = (struct HttpResponse *)userp; + + response->rdata = (char*) realloc(response->rdata, response->size + realsize + 1); + if(response->rdata == NULL) { + /* out of memory! */ + eprintf("Http authentication failed: Not enough memory to store server response.\n"); + return 0; + } + + memcpy(&(response->rdata[response->size]), contents, realsize); + response->size += realsize; + response->rdata[response->size] = 0; + + return realsize; +} + +void UnloadCurl(void) +{ + curl_global_cleanup(); +} \ No newline at end of file diff --git a/blakserv/httpauth.h b/blakserv/httpauth.h new file mode 100644 index 0000000000..8526c44276 --- /dev/null +++ b/blakserv/httpauth.h @@ -0,0 +1,26 @@ +#include + +#ifndef _HTTP_AUTH +#define _HTTP_AUTH + +#define CURL_USER_AGENT "blakserv-agent/1.0" + +#define HTTP_AUTH_URL "http://white.treyhome.com/m59auth" +#define HTTPS_AUTH_URL "https://white.treyhome.com/m59auth" + +// SSL Options (Currently Disabled) +//#define CURL_USE_SSL +//#define CURL_SKIP_PEER_VERIFICATION +//#define CURL_SKIP_HOSTNAME_VERIFICATION + +struct HttpResponse { + char *rdata; + size_t size; +}; + +void LoadCurl(void); +void AuthenticateHttp(); +static size_t httpResponseToMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp); +void UnloadCurl(void); + +#endif \ No newline at end of file diff --git a/blakserv/loadacco.c b/blakserv/loadacco.c index c38f35a9e5..235ef5e3a3 100644 --- a/blakserv/loadacco.c +++ b/blakserv/loadacco.c @@ -37,13 +37,13 @@ static int highestAccount = -1; /* local function prototypes */ Bool LoadLineAccount(char *account_str,char *name_str,char *password_str, char *type_str,char *last_login_str,char *suspend_str, - char *credits_str); + char *credits_str, char *verified_str); Bool LoadAccounts(char *filename) { FILE *accofile; char line[MAX_ACCOUNT_LINE+1]; - char *type_str,*t1,*t2,*t3,*t4,*t5,*t6,*t7; + char *type_str,*t1,*t2,*t3,*t4,*t5,*t6,*t7,*t8; int nextAccountID = -1; if ((accofile = fopen(filename,"rt")) == NULL) @@ -70,15 +70,29 @@ Bool LoadAccounts(char *filename) t4 = strtok(NULL,":\n"); t5 = strtok(NULL,":\n"); t6 = strtok(NULL,":\n"); - t7 = strtok(NULL,":\n"); + /* t7 is suspend_str, note different order from LoadLineAccount args */ + t7 = strtok(NULL,":\n"); + /* t8 is a boolean that indicates the account is verified on the + openmeridian forums. If t8 is null then the line in the account file + is of the old format and the account is unverified. Replace the null + with 0 in this case, and the line will be of the new format next + savegame */ + t8 = strtok(NULL,":\n"); + + if (t8 == NULL) + { + eprintf("found old account format, updating."); + t8 = "0\0"; + } + if (*type_str == '#') continue; if (!stricmp(type_str,"ACCOUNT")) { - if (!LoadLineAccount(t1,t2,t3,t4,t5,t7,t6)) + if (!LoadLineAccount(t1,t2,t3,t4,t5,t7,t6,t8)) { fclose(accofile); return False; @@ -109,9 +123,9 @@ Bool LoadAccounts(char *filename) Bool LoadLineAccount(char *account_str,char *name_str,char *password_str, char *type_str,char *last_login_str,char *suspend_str, - char *credits_str) + char *credits_str, char* verified_str) { - int account_id,type,last_login_time,suspend_time,credits; + int account_id,type,last_login_time,suspend_time,credits,verified; int index; char decoded[100]; char *ptr,*end_password; @@ -124,7 +138,8 @@ Bool LoadLineAccount(char *account_str,char *name_str,char *password_str, sscanf(account_str,"%i",&account_id) != 1 || sscanf(type_str,"%i",&type) != 1 || sscanf(last_login_str,"%i",&last_login_time) != 1 || - sscanf(credits_str,"%i",&credits) != 1) + sscanf(credits_str,"%i",&credits) != 1 || + sscanf(verified_str,"%i",&verified) != 1 ) { eprintf("LoadLineAccount (%i) found invalid account\n",lineno); return False; @@ -156,7 +171,7 @@ Bool LoadLineAccount(char *account_str,char *name_str,char *password_str, highestAccount = account_id; } - LoadAccount(account_id,name_str,decoded,type,last_login_time,suspend_time,credits); + LoadAccount(account_id,name_str,decoded,type,last_login_time,suspend_time,credits,verified); return True; } diff --git a/blakserv/makefile b/blakserv/makefile index 005cd8f153..6f780f0b9f 100644 --- a/blakserv/makefile +++ b/blakserv/makefile @@ -91,6 +91,7 @@ OBJS = \ $(OUTDIR)\files.obj \ $(OUTDIR)\sprocket.obj \ $(OUTDIR)\database.obj \ + $(OUTDIR)\httpauth.obj \ all : makedirs $(OUTDIR)\blakserv.exe diff --git a/blakserv/saveacco.c b/blakserv/saveacco.c index d3d19a4c60..abcdf678c4 100644 --- a/blakserv/saveacco.c +++ b/blakserv/saveacco.c @@ -53,6 +53,6 @@ void SaveEachAccount(account_node *a) if (a->password[0] == 0) fprintf(accofile,"None"); - fprintf(accofile,":%i:%i:%i:%i\n",a->type,a->last_login_time, - a->credits,a->suspend_time); + fprintf(accofile,":%i:%i:%i:%i:%i\n",a->type,a->last_login_time, + a->credits,a->suspend_time,a->verified); } diff --git a/include/curl/curl.h b/include/curl/curl.h new file mode 100644 index 0000000000..44b1b7e391 --- /dev/null +++ b/include/curl/curl.h @@ -0,0 +1,2352 @@ +#ifndef __CURL_CURL_H +#define __CURL_CURL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * If you have libcurl problems, all docs and details are found here: + * http://curl.haxx.se/libcurl/ + * + * curl-library mailing list subscription and unsubscription web interface: + * http://cool.haxx.se/mailman/listinfo/curl-library/ + */ + +#include "curlver.h" /* libcurl version defines */ +#include "curlbuild.h" /* libcurl build definitions */ +#include "curlrules.h" /* libcurl rules enforcement */ + +/* + * Define WIN32 when build target is Win32 API + */ + +#if (defined(_WIN32) || defined(__WIN32__)) && \ + !defined(WIN32) && !defined(__SYMBIAN32__) +#define WIN32 +#endif + +#include +#include + +#if defined(__FreeBSD__) && (__FreeBSD__ >= 2) +/* Needed for __FreeBSD_version symbol definition */ +#include +#endif + +/* The include stuff here below is mainly for time_t! */ +#include +#include + +#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) +#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__)) +/* The check above prevents the winsock2 inclusion if winsock.h already was + included, since they can't co-exist without problems */ +#include +#include +#endif +#endif + +/* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish + libc5-based Linux systems. Only include it on systems that are known to + require it! */ +#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \ + defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \ + defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ + (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) +#include +#endif + +#if !defined(WIN32) && !defined(_WIN32_WCE) +#include +#endif + +#if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) +#include +#endif + +#ifdef __BEOS__ +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void CURL; + +/* + * libcurl external API function linkage decorations. + */ + +#ifdef CURL_STATICLIB +# define CURL_EXTERN +#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__) +# if defined(BUILDING_LIBCURL) +# define CURL_EXTERN __declspec(dllexport) +# else +# define CURL_EXTERN __declspec(dllimport) +# endif +#elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS) +# define CURL_EXTERN CURL_EXTERN_SYMBOL +#else +# define CURL_EXTERN +#endif + +#ifndef curl_socket_typedef +/* socket typedef */ +#if defined(WIN32) && !defined(__LWIP_OPT_H__) +typedef SOCKET curl_socket_t; +#define CURL_SOCKET_BAD INVALID_SOCKET +#else +typedef int curl_socket_t; +#define CURL_SOCKET_BAD -1 +#endif +#define curl_socket_typedef +#endif /* curl_socket_typedef */ + +struct curl_httppost { + struct curl_httppost *next; /* next entry in the list */ + char *name; /* pointer to allocated name */ + long namelength; /* length of name length */ + char *contents; /* pointer to allocated data contents */ + long contentslength; /* length of contents field */ + char *buffer; /* pointer to allocated buffer contents */ + long bufferlength; /* length of buffer field */ + char *contenttype; /* Content-Type */ + struct curl_slist* contentheader; /* list of extra headers for this form */ + struct curl_httppost *more; /* if one field name has more than one + file, this link should link to following + files */ + long flags; /* as defined below */ +#define HTTPPOST_FILENAME (1<<0) /* specified content is a file name */ +#define HTTPPOST_READFILE (1<<1) /* specified content is a file name */ +#define HTTPPOST_PTRNAME (1<<2) /* name is only stored pointer + do not free in formfree */ +#define HTTPPOST_PTRCONTENTS (1<<3) /* contents is only stored pointer + do not free in formfree */ +#define HTTPPOST_BUFFER (1<<4) /* upload file from buffer */ +#define HTTPPOST_PTRBUFFER (1<<5) /* upload file from pointer contents */ +#define HTTPPOST_CALLBACK (1<<6) /* upload file contents by using the + regular read callback to get the data + and pass the given pointer as custom + pointer */ + + char *showfilename; /* The file name to show. If not set, the + actual file name will be used (if this + is a file part) */ + void *userp; /* custom pointer used for + HTTPPOST_CALLBACK posts */ +}; + +/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered + deprecated but was the only choice up until 7.31.0 */ +typedef int (*curl_progress_callback)(void *clientp, + double dltotal, + double dlnow, + double ultotal, + double ulnow); + +/* This is the CURLOPT_XFERINFOFUNCTION callback proto. It was introduced in + 7.32.0, it avoids floating point and provides more detailed information. */ +typedef int (*curl_xferinfo_callback)(void *clientp, + curl_off_t dltotal, + curl_off_t dlnow, + curl_off_t ultotal, + curl_off_t ulnow); + +#ifndef CURL_MAX_WRITE_SIZE + /* Tests have proven that 20K is a very bad buffer size for uploads on + Windows, while 16K for some odd reason performed a lot better. + We do the ifndef check to allow this value to easier be changed at build + time for those who feel adventurous. The practical minimum is about + 400 bytes since libcurl uses a buffer of this size as a scratch area + (unrelated to network send operations). */ +#define CURL_MAX_WRITE_SIZE 16384 +#endif + +#ifndef CURL_MAX_HTTP_HEADER +/* The only reason to have a max limit for this is to avoid the risk of a bad + server feeding libcurl with a never-ending header that will cause reallocs + infinitely */ +#define CURL_MAX_HTTP_HEADER (100*1024) +#endif + +/* This is a magic return code for the write callback that, when returned, + will signal libcurl to pause receiving on the current transfer. */ +#define CURL_WRITEFUNC_PAUSE 0x10000001 + +typedef size_t (*curl_write_callback)(char *buffer, + size_t size, + size_t nitems, + void *outstream); + + + +/* enumeration of file types */ +typedef enum { + CURLFILETYPE_FILE = 0, + CURLFILETYPE_DIRECTORY, + CURLFILETYPE_SYMLINK, + CURLFILETYPE_DEVICE_BLOCK, + CURLFILETYPE_DEVICE_CHAR, + CURLFILETYPE_NAMEDPIPE, + CURLFILETYPE_SOCKET, + CURLFILETYPE_DOOR, /* is possible only on Sun Solaris now */ + + CURLFILETYPE_UNKNOWN /* should never occur */ +} curlfiletype; + +#define CURLFINFOFLAG_KNOWN_FILENAME (1<<0) +#define CURLFINFOFLAG_KNOWN_FILETYPE (1<<1) +#define CURLFINFOFLAG_KNOWN_TIME (1<<2) +#define CURLFINFOFLAG_KNOWN_PERM (1<<3) +#define CURLFINFOFLAG_KNOWN_UID (1<<4) +#define CURLFINFOFLAG_KNOWN_GID (1<<5) +#define CURLFINFOFLAG_KNOWN_SIZE (1<<6) +#define CURLFINFOFLAG_KNOWN_HLINKCOUNT (1<<7) + +/* Content of this structure depends on information which is known and is + achievable (e.g. by FTP LIST parsing). Please see the url_easy_setopt(3) man + page for callbacks returning this structure -- some fields are mandatory, + some others are optional. The FLAG field has special meaning. */ +struct curl_fileinfo { + char *filename; + curlfiletype filetype; + time_t time; + unsigned int perm; + int uid; + int gid; + curl_off_t size; + long int hardlinks; + + struct { + /* If some of these fields is not NULL, it is a pointer to b_data. */ + char *time; + char *perm; + char *user; + char *group; + char *target; /* pointer to the target filename of a symlink */ + } strings; + + unsigned int flags; + + /* used internally */ + char * b_data; + size_t b_size; + size_t b_used; +}; + +/* return codes for CURLOPT_CHUNK_BGN_FUNCTION */ +#define CURL_CHUNK_BGN_FUNC_OK 0 +#define CURL_CHUNK_BGN_FUNC_FAIL 1 /* tell the lib to end the task */ +#define CURL_CHUNK_BGN_FUNC_SKIP 2 /* skip this chunk over */ + +/* if splitting of data transfer is enabled, this callback is called before + download of an individual chunk started. Note that parameter "remains" works + only for FTP wildcard downloading (for now), otherwise is not used */ +typedef long (*curl_chunk_bgn_callback)(const void *transfer_info, + void *ptr, + int remains); + +/* return codes for CURLOPT_CHUNK_END_FUNCTION */ +#define CURL_CHUNK_END_FUNC_OK 0 +#define CURL_CHUNK_END_FUNC_FAIL 1 /* tell the lib to end the task */ + +/* If splitting of data transfer is enabled this callback is called after + download of an individual chunk finished. + Note! After this callback was set then it have to be called FOR ALL chunks. + Even if downloading of this chunk was skipped in CHUNK_BGN_FUNC. + This is the reason why we don't need "transfer_info" parameter in this + callback and we are not interested in "remains" parameter too. */ +typedef long (*curl_chunk_end_callback)(void *ptr); + +/* return codes for FNMATCHFUNCTION */ +#define CURL_FNMATCHFUNC_MATCH 0 /* string corresponds to the pattern */ +#define CURL_FNMATCHFUNC_NOMATCH 1 /* pattern doesn't match the string */ +#define CURL_FNMATCHFUNC_FAIL 2 /* an error occurred */ + +/* callback type for wildcard downloading pattern matching. If the + string matches the pattern, return CURL_FNMATCHFUNC_MATCH value, etc. */ +typedef int (*curl_fnmatch_callback)(void *ptr, + const char *pattern, + const char *string); + +/* These are the return codes for the seek callbacks */ +#define CURL_SEEKFUNC_OK 0 +#define CURL_SEEKFUNC_FAIL 1 /* fail the entire transfer */ +#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking can't be done, so + libcurl might try other means instead */ +typedef int (*curl_seek_callback)(void *instream, + curl_off_t offset, + int origin); /* 'whence' */ + +/* This is a return code for the read callback that, when returned, will + signal libcurl to immediately abort the current transfer. */ +#define CURL_READFUNC_ABORT 0x10000000 +/* This is a return code for the read callback that, when returned, will + signal libcurl to pause sending data on the current transfer. */ +#define CURL_READFUNC_PAUSE 0x10000001 + +typedef size_t (*curl_read_callback)(char *buffer, + size_t size, + size_t nitems, + void *instream); + +typedef enum { + CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ + CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ + CURLSOCKTYPE_LAST /* never use */ +} curlsocktype; + +/* The return code from the sockopt_callback can signal information back + to libcurl: */ +#define CURL_SOCKOPT_OK 0 +#define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return + CURLE_ABORTED_BY_CALLBACK */ +#define CURL_SOCKOPT_ALREADY_CONNECTED 2 + +typedef int (*curl_sockopt_callback)(void *clientp, + curl_socket_t curlfd, + curlsocktype purpose); + +struct curl_sockaddr { + int family; + int socktype; + int protocol; + unsigned int addrlen; /* addrlen was a socklen_t type before 7.18.0 but it + turned really ugly and painful on the systems that + lack this type */ + struct sockaddr addr; +}; + +typedef curl_socket_t +(*curl_opensocket_callback)(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address); + +typedef int +(*curl_closesocket_callback)(void *clientp, curl_socket_t item); + +typedef enum { + CURLIOE_OK, /* I/O operation successful */ + CURLIOE_UNKNOWNCMD, /* command was unknown to callback */ + CURLIOE_FAILRESTART, /* failed to restart the read */ + CURLIOE_LAST /* never use */ +} curlioerr; + +typedef enum { + CURLIOCMD_NOP, /* no operation */ + CURLIOCMD_RESTARTREAD, /* restart the read stream from start */ + CURLIOCMD_LAST /* never use */ +} curliocmd; + +typedef curlioerr (*curl_ioctl_callback)(CURL *handle, + int cmd, + void *clientp); + +/* + * The following typedef's are signatures of malloc, free, realloc, strdup and + * calloc respectively. Function pointers of these types can be passed to the + * curl_global_init_mem() function to set user defined memory management + * callback routines. + */ +typedef void *(*curl_malloc_callback)(size_t size); +typedef void (*curl_free_callback)(void *ptr); +typedef void *(*curl_realloc_callback)(void *ptr, size_t size); +typedef char *(*curl_strdup_callback)(const char *str); +typedef void *(*curl_calloc_callback)(size_t nmemb, size_t size); + +/* the kind of data that is passed to information_callback*/ +typedef enum { + CURLINFO_TEXT = 0, + CURLINFO_HEADER_IN, /* 1 */ + CURLINFO_HEADER_OUT, /* 2 */ + CURLINFO_DATA_IN, /* 3 */ + CURLINFO_DATA_OUT, /* 4 */ + CURLINFO_SSL_DATA_IN, /* 5 */ + CURLINFO_SSL_DATA_OUT, /* 6 */ + CURLINFO_END +} curl_infotype; + +typedef int (*curl_debug_callback) + (CURL *handle, /* the handle/transfer this concerns */ + curl_infotype type, /* what kind of data */ + char *data, /* points to the data */ + size_t size, /* size of the data pointed to */ + void *userptr); /* whatever the user please */ + +/* All possible error codes from all sorts of curl functions. Future versions + may return other values, stay prepared. + + Always add new return codes last. Never *EVER* remove any. The return + codes must remain the same! + */ + +typedef enum { + CURLE_OK = 0, + CURLE_UNSUPPORTED_PROTOCOL, /* 1 */ + CURLE_FAILED_INIT, /* 2 */ + CURLE_URL_MALFORMAT, /* 3 */ + CURLE_NOT_BUILT_IN, /* 4 - [was obsoleted in August 2007 for + 7.17.0, reused in April 2011 for 7.21.5] */ + CURLE_COULDNT_RESOLVE_PROXY, /* 5 */ + CURLE_COULDNT_RESOLVE_HOST, /* 6 */ + CURLE_COULDNT_CONNECT, /* 7 */ + CURLE_FTP_WEIRD_SERVER_REPLY, /* 8 */ + CURLE_REMOTE_ACCESS_DENIED, /* 9 a service was denied by the server + due to lack of access - when login fails + this is not returned. */ + CURLE_FTP_ACCEPT_FAILED, /* 10 - [was obsoleted in April 2006 for + 7.15.4, reused in Dec 2011 for 7.24.0]*/ + CURLE_FTP_WEIRD_PASS_REPLY, /* 11 */ + CURLE_FTP_ACCEPT_TIMEOUT, /* 12 - timeout occurred accepting server + [was obsoleted in August 2007 for 7.17.0, + reused in Dec 2011 for 7.24.0]*/ + CURLE_FTP_WEIRD_PASV_REPLY, /* 13 */ + CURLE_FTP_WEIRD_227_FORMAT, /* 14 */ + CURLE_FTP_CANT_GET_HOST, /* 15 */ + CURLE_HTTP2, /* 16 - A problem in the http2 framing layer. + [was obsoleted in August 2007 for 7.17.0, + reused in July 2014 for 7.38.0] */ + CURLE_FTP_COULDNT_SET_TYPE, /* 17 */ + CURLE_PARTIAL_FILE, /* 18 */ + CURLE_FTP_COULDNT_RETR_FILE, /* 19 */ + CURLE_OBSOLETE20, /* 20 - NOT USED */ + CURLE_QUOTE_ERROR, /* 21 - quote command failure */ + CURLE_HTTP_RETURNED_ERROR, /* 22 */ + CURLE_WRITE_ERROR, /* 23 */ + CURLE_OBSOLETE24, /* 24 - NOT USED */ + CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ + CURLE_READ_ERROR, /* 26 - couldn't open/read from file */ + CURLE_OUT_OF_MEMORY, /* 27 */ + /* Note: CURLE_OUT_OF_MEMORY may sometimes indicate a conversion error + instead of a memory allocation error if CURL_DOES_CONVERSIONS + is defined + */ + CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ + CURLE_OBSOLETE29, /* 29 - NOT USED */ + CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ + CURLE_FTP_COULDNT_USE_REST, /* 31 - the REST command failed */ + CURLE_OBSOLETE32, /* 32 - NOT USED */ + CURLE_RANGE_ERROR, /* 33 - RANGE "command" didn't work */ + CURLE_HTTP_POST_ERROR, /* 34 */ + CURLE_SSL_CONNECT_ERROR, /* 35 - wrong when connecting with SSL */ + CURLE_BAD_DOWNLOAD_RESUME, /* 36 - couldn't resume download */ + CURLE_FILE_COULDNT_READ_FILE, /* 37 */ + CURLE_LDAP_CANNOT_BIND, /* 38 */ + CURLE_LDAP_SEARCH_FAILED, /* 39 */ + CURLE_OBSOLETE40, /* 40 - NOT USED */ + CURLE_FUNCTION_NOT_FOUND, /* 41 */ + CURLE_ABORTED_BY_CALLBACK, /* 42 */ + CURLE_BAD_FUNCTION_ARGUMENT, /* 43 */ + CURLE_OBSOLETE44, /* 44 - NOT USED */ + CURLE_INTERFACE_FAILED, /* 45 - CURLOPT_INTERFACE failed */ + CURLE_OBSOLETE46, /* 46 - NOT USED */ + CURLE_TOO_MANY_REDIRECTS , /* 47 - catch endless re-direct loops */ + CURLE_UNKNOWN_OPTION, /* 48 - User specified an unknown option */ + CURLE_TELNET_OPTION_SYNTAX , /* 49 - Malformed telnet option */ + CURLE_OBSOLETE50, /* 50 - NOT USED */ + CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint + wasn't verified fine */ + CURLE_GOT_NOTHING, /* 52 - when this is a specific error */ + CURLE_SSL_ENGINE_NOTFOUND, /* 53 - SSL crypto engine not found */ + CURLE_SSL_ENGINE_SETFAILED, /* 54 - can not set SSL crypto engine as + default */ + CURLE_SEND_ERROR, /* 55 - failed sending network data */ + CURLE_RECV_ERROR, /* 56 - failure in receiving network data */ + CURLE_OBSOLETE57, /* 57 - NOT IN USE */ + CURLE_SSL_CERTPROBLEM, /* 58 - problem with the local certificate */ + CURLE_SSL_CIPHER, /* 59 - couldn't use specified cipher */ + CURLE_SSL_CACERT, /* 60 - problem with the CA cert (path?) */ + CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ + CURLE_LDAP_INVALID_URL, /* 62 - Invalid LDAP URL */ + CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ + CURLE_USE_SSL_FAILED, /* 64 - Requested FTP SSL level failed */ + CURLE_SEND_FAIL_REWIND, /* 65 - Sending the data requires a rewind + that failed */ + CURLE_SSL_ENGINE_INITFAILED, /* 66 - failed to initialise ENGINE */ + CURLE_LOGIN_DENIED, /* 67 - user, password or similar was not + accepted and we failed to login */ + CURLE_TFTP_NOTFOUND, /* 68 - file not found on server */ + CURLE_TFTP_PERM, /* 69 - permission problem on server */ + CURLE_REMOTE_DISK_FULL, /* 70 - out of disk space on server */ + CURLE_TFTP_ILLEGAL, /* 71 - Illegal TFTP operation */ + CURLE_TFTP_UNKNOWNID, /* 72 - Unknown transfer ID */ + CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ + CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ + CURLE_CONV_FAILED, /* 75 - conversion failed */ + CURLE_CONV_REQD, /* 76 - caller must register conversion + callbacks using curl_easy_setopt options + CURLOPT_CONV_FROM_NETWORK_FUNCTION, + CURLOPT_CONV_TO_NETWORK_FUNCTION, and + CURLOPT_CONV_FROM_UTF8_FUNCTION */ + CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing + or wrong format */ + CURLE_REMOTE_FILE_NOT_FOUND, /* 78 - remote file not found */ + CURLE_SSH, /* 79 - error from the SSH layer, somewhat + generic so the error message will be of + interest when this has happened */ + + CURLE_SSL_SHUTDOWN_FAILED, /* 80 - Failed to shut down the SSL + connection */ + CURLE_AGAIN, /* 81 - socket is not ready for send/recv, + wait till it's ready and try again (Added + in 7.18.2) */ + CURLE_SSL_CRL_BADFILE, /* 82 - could not load CRL file, missing or + wrong format (Added in 7.19.0) */ + CURLE_SSL_ISSUER_ERROR, /* 83 - Issuer check failed. (Added in + 7.19.0) */ + CURLE_FTP_PRET_FAILED, /* 84 - a PRET command failed */ + CURLE_RTSP_CSEQ_ERROR, /* 85 - mismatch of RTSP CSeq numbers */ + CURLE_RTSP_SESSION_ERROR, /* 86 - mismatch of RTSP Session Ids */ + CURLE_FTP_BAD_FILE_LIST, /* 87 - unable to parse FTP file list */ + CURLE_CHUNK_FAILED, /* 88 - chunk callback reported error */ + CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the + session will be queued */ + CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not + match */ + CURL_LAST /* never use! */ +} CURLcode; + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* Previously obsolete error code re-used in 7.38.0 */ +#define CURLE_OBSOLETE16 CURLE_HTTP2 + +/* Previously obsolete error codes re-used in 7.24.0 */ +#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED +#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT + +/* compatibility with older names */ +#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING + +/* The following were added in 7.21.5, April 2011 */ +#define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION + +/* The following were added in 7.17.1 */ +/* These are scheduled to disappear by 2009 */ +#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION + +/* The following were added in 7.17.0 */ +/* These are scheduled to disappear by 2009 */ +#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* no one should be using this! */ +#define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46 +#define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44 +#define CURLE_FTP_USER_PASSWORD_INCORRECT CURLE_OBSOLETE10 +#define CURLE_FTP_CANT_RECONNECT CURLE_OBSOLETE16 +#define CURLE_FTP_COULDNT_GET_SIZE CURLE_OBSOLETE32 +#define CURLE_FTP_COULDNT_SET_ASCII CURLE_OBSOLETE29 +#define CURLE_FTP_WEIRD_USER_REPLY CURLE_OBSOLETE12 +#define CURLE_FTP_WRITE_ERROR CURLE_OBSOLETE20 +#define CURLE_LIBRARY_NOT_FOUND CURLE_OBSOLETE40 +#define CURLE_MALFORMAT_USER CURLE_OBSOLETE24 +#define CURLE_SHARE_IN_USE CURLE_OBSOLETE57 +#define CURLE_URL_MALFORMAT_USER CURLE_NOT_BUILT_IN + +#define CURLE_FTP_ACCESS_DENIED CURLE_REMOTE_ACCESS_DENIED +#define CURLE_FTP_COULDNT_SET_BINARY CURLE_FTP_COULDNT_SET_TYPE +#define CURLE_FTP_QUOTE_ERROR CURLE_QUOTE_ERROR +#define CURLE_TFTP_DISKFULL CURLE_REMOTE_DISK_FULL +#define CURLE_TFTP_EXISTS CURLE_REMOTE_FILE_EXISTS +#define CURLE_HTTP_RANGE_ERROR CURLE_RANGE_ERROR +#define CURLE_FTP_SSL_FAILED CURLE_USE_SSL_FAILED + +/* The following were added earlier */ + +#define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT + +#define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR +#define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED +#define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED + +#define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE +#define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME + +/* This was the error code 50 in 7.7.3 and a few earlier versions, this + is no longer used by libcurl but is instead #defined here only to not + make programs break */ +#define CURLE_ALREADY_COMPLETE 99999 + +/* Provide defines for really old option names */ +#define CURLOPT_FILE CURLOPT_WRITEDATA /* name changed in 7.9.7 */ +#define CURLOPT_INFILE CURLOPT_READDATA /* name changed in 7.9.7 */ +#define CURLOPT_WRITEHEADER CURLOPT_HEADERDATA + +/* Since long deprecated options with no code in the lib that does anything + with them. */ +#define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40 +#define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72 + +#endif /*!CURL_NO_OLDIES*/ + +/* This prototype applies to all conversion callbacks */ +typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length); + +typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl, /* easy handle */ + void *ssl_ctx, /* actually an + OpenSSL SSL_CTX */ + void *userptr); + +typedef enum { + CURLPROXY_HTTP = 0, /* added in 7.10, new in 7.19.4 default is to use + CONNECT HTTP/1.1 */ + CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT + HTTP/1.0 */ + CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already + in 7.10 */ + CURLPROXY_SOCKS5 = 5, /* added in 7.10 */ + CURLPROXY_SOCKS4A = 6, /* added in 7.18.0 */ + CURLPROXY_SOCKS5_HOSTNAME = 7 /* Use the SOCKS5 protocol but pass along the + host name rather than the IP address. added + in 7.18.0 */ +} curl_proxytype; /* this enum was added in 7.10 */ + +/* + * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options: + * + * CURLAUTH_NONE - No HTTP authentication + * CURLAUTH_BASIC - HTTP Basic authentication (default) + * CURLAUTH_DIGEST - HTTP Digest authentication + * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication + * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated) + * CURLAUTH_NTLM - HTTP NTLM authentication + * CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour + * CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper + * CURLAUTH_ONLY - Use together with a single other type to force no + * authentication or just that single type + * CURLAUTH_ANY - All fine types set + * CURLAUTH_ANYSAFE - All fine types except Basic + */ + +#define CURLAUTH_NONE ((unsigned long)0) +#define CURLAUTH_BASIC (((unsigned long)1)<<0) +#define CURLAUTH_DIGEST (((unsigned long)1)<<1) +#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2) +/* Deprecated since the advent of CURLAUTH_NEGOTIATE */ +#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE +#define CURLAUTH_NTLM (((unsigned long)1)<<3) +#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) +#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) +#define CURLAUTH_ONLY (((unsigned long)1)<<31) +#define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE) +#define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE)) + +#define CURLSSH_AUTH_ANY ~0 /* all types supported by the server */ +#define CURLSSH_AUTH_NONE 0 /* none allowed, silly but complete */ +#define CURLSSH_AUTH_PUBLICKEY (1<<0) /* public/private key files */ +#define CURLSSH_AUTH_PASSWORD (1<<1) /* password */ +#define CURLSSH_AUTH_HOST (1<<2) /* host key files */ +#define CURLSSH_AUTH_KEYBOARD (1<<3) /* keyboard interactive */ +#define CURLSSH_AUTH_AGENT (1<<4) /* agent (ssh-agent, pageant...) */ +#define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY + +#define CURLGSSAPI_DELEGATION_NONE 0 /* no delegation (default) */ +#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */ +#define CURLGSSAPI_DELEGATION_FLAG (1<<1) /* delegate always */ + +#define CURL_ERROR_SIZE 256 + +enum curl_khtype { + CURLKHTYPE_UNKNOWN, + CURLKHTYPE_RSA1, + CURLKHTYPE_RSA, + CURLKHTYPE_DSS +}; + +struct curl_khkey { + const char *key; /* points to a zero-terminated string encoded with base64 + if len is zero, otherwise to the "raw" data */ + size_t len; + enum curl_khtype keytype; +}; + +/* this is the set of return values expected from the curl_sshkeycallback + callback */ +enum curl_khstat { + CURLKHSTAT_FINE_ADD_TO_FILE, + CURLKHSTAT_FINE, + CURLKHSTAT_REJECT, /* reject the connection, return an error */ + CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so + this causes a CURLE_DEFER error but otherwise the + connection will be left intact etc */ + CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */ +}; + +/* this is the set of status codes pass in to the callback */ +enum curl_khmatch { + CURLKHMATCH_OK, /* match */ + CURLKHMATCH_MISMATCH, /* host found, key mismatch! */ + CURLKHMATCH_MISSING, /* no matching host/key found */ + CURLKHMATCH_LAST /* not for use, only a marker for last-in-list */ +}; + +typedef int + (*curl_sshkeycallback) (CURL *easy, /* easy handle */ + const struct curl_khkey *knownkey, /* known */ + const struct curl_khkey *foundkey, /* found */ + enum curl_khmatch, /* libcurl's view on the keys */ + void *clientp); /* custom pointer passed from app */ + +/* parameter for the CURLOPT_USE_SSL option */ +typedef enum { + CURLUSESSL_NONE, /* do not attempt to use SSL */ + CURLUSESSL_TRY, /* try using SSL, proceed anyway otherwise */ + CURLUSESSL_CONTROL, /* SSL for the control connection or fail */ + CURLUSESSL_ALL, /* SSL for all communication or fail */ + CURLUSESSL_LAST /* not an option, never use */ +} curl_usessl; + +/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */ + +/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the + name of improving interoperability with older servers. Some SSL libraries + have introduced work-arounds for this flaw but those work-arounds sometimes + make the SSL communication fail. To regain functionality with those broken + servers, a user can this way allow the vulnerability back. */ +#define CURLSSLOPT_ALLOW_BEAST (1<<0) + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* Backwards compatibility with older names */ +/* These are scheduled to disappear by 2009 */ + +#define CURLFTPSSL_NONE CURLUSESSL_NONE +#define CURLFTPSSL_TRY CURLUSESSL_TRY +#define CURLFTPSSL_CONTROL CURLUSESSL_CONTROL +#define CURLFTPSSL_ALL CURLUSESSL_ALL +#define CURLFTPSSL_LAST CURLUSESSL_LAST +#define curl_ftpssl curl_usessl +#endif /*!CURL_NO_OLDIES*/ + +/* parameter for the CURLOPT_FTP_SSL_CCC option */ +typedef enum { + CURLFTPSSL_CCC_NONE, /* do not send CCC */ + CURLFTPSSL_CCC_PASSIVE, /* Let the server initiate the shutdown */ + CURLFTPSSL_CCC_ACTIVE, /* Initiate the shutdown */ + CURLFTPSSL_CCC_LAST /* not an option, never use */ +} curl_ftpccc; + +/* parameter for the CURLOPT_FTPSSLAUTH option */ +typedef enum { + CURLFTPAUTH_DEFAULT, /* let libcurl decide */ + CURLFTPAUTH_SSL, /* use "AUTH SSL" */ + CURLFTPAUTH_TLS, /* use "AUTH TLS" */ + CURLFTPAUTH_LAST /* not an option, never use */ +} curl_ftpauth; + +/* parameter for the CURLOPT_FTP_CREATE_MISSING_DIRS option */ +typedef enum { + CURLFTP_CREATE_DIR_NONE, /* do NOT create missing dirs! */ + CURLFTP_CREATE_DIR, /* (FTP/SFTP) if CWD fails, try MKD and then CWD + again if MKD succeeded, for SFTP this does + similar magic */ + CURLFTP_CREATE_DIR_RETRY, /* (FTP only) if CWD fails, try MKD and then CWD + again even if MKD failed! */ + CURLFTP_CREATE_DIR_LAST /* not an option, never use */ +} curl_ftpcreatedir; + +/* parameter for the CURLOPT_FTP_FILEMETHOD option */ +typedef enum { + CURLFTPMETHOD_DEFAULT, /* let libcurl pick */ + CURLFTPMETHOD_MULTICWD, /* single CWD operation for each path part */ + CURLFTPMETHOD_NOCWD, /* no CWD at all */ + CURLFTPMETHOD_SINGLECWD, /* one CWD to full dir, then work on file */ + CURLFTPMETHOD_LAST /* not an option, never use */ +} curl_ftpmethod; + +/* bitmask defines for CURLOPT_HEADEROPT */ +#define CURLHEADER_UNIFIED 0 +#define CURLHEADER_SEPARATE (1<<0) + +/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */ +#define CURLPROTO_HTTP (1<<0) +#define CURLPROTO_HTTPS (1<<1) +#define CURLPROTO_FTP (1<<2) +#define CURLPROTO_FTPS (1<<3) +#define CURLPROTO_SCP (1<<4) +#define CURLPROTO_SFTP (1<<5) +#define CURLPROTO_TELNET (1<<6) +#define CURLPROTO_LDAP (1<<7) +#define CURLPROTO_LDAPS (1<<8) +#define CURLPROTO_DICT (1<<9) +#define CURLPROTO_FILE (1<<10) +#define CURLPROTO_TFTP (1<<11) +#define CURLPROTO_IMAP (1<<12) +#define CURLPROTO_IMAPS (1<<13) +#define CURLPROTO_POP3 (1<<14) +#define CURLPROTO_POP3S (1<<15) +#define CURLPROTO_SMTP (1<<16) +#define CURLPROTO_SMTPS (1<<17) +#define CURLPROTO_RTSP (1<<18) +#define CURLPROTO_RTMP (1<<19) +#define CURLPROTO_RTMPT (1<<20) +#define CURLPROTO_RTMPE (1<<21) +#define CURLPROTO_RTMPTE (1<<22) +#define CURLPROTO_RTMPS (1<<23) +#define CURLPROTO_RTMPTS (1<<24) +#define CURLPROTO_GOPHER (1<<25) +#define CURLPROTO_SMB (1<<26) +#define CURLPROTO_SMBS (1<<27) +#define CURLPROTO_ALL (~0) /* enable everything */ + +/* long may be 32 or 64 bits, but we should never depend on anything else + but 32 */ +#define CURLOPTTYPE_LONG 0 +#define CURLOPTTYPE_OBJECTPOINT 10000 +#define CURLOPTTYPE_FUNCTIONPOINT 20000 +#define CURLOPTTYPE_OFF_T 30000 + +/* name is uppercase CURLOPT_, + type is one of the defined CURLOPTTYPE_ + number is unique identifier */ +#ifdef CINIT +#undef CINIT +#endif + +#ifdef CURL_ISOCPP +#define CINIT(na,t,nu) CURLOPT_ ## na = CURLOPTTYPE_ ## t + nu +#else +/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ +#define LONG CURLOPTTYPE_LONG +#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT +#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT +#define OFF_T CURLOPTTYPE_OFF_T +#define CINIT(name,type,number) CURLOPT_/**/name = type + number +#endif + +/* + * This macro-mania below setups the CURLOPT_[what] enum, to be used with + * curl_easy_setopt(). The first argument in the CINIT() macro is the [what] + * word. + */ + +typedef enum { + /* This is the FILE * or void * the regular output should be written to. */ + CINIT(WRITEDATA, OBJECTPOINT, 1), + + /* The full URL to get/put */ + CINIT(URL, OBJECTPOINT, 2), + + /* Port number to connect to, if other than default. */ + CINIT(PORT, LONG, 3), + + /* Name of proxy to use. */ + CINIT(PROXY, OBJECTPOINT, 4), + + /* "user:password;options" to use when fetching. */ + CINIT(USERPWD, OBJECTPOINT, 5), + + /* "user:password" to use with proxy. */ + CINIT(PROXYUSERPWD, OBJECTPOINT, 6), + + /* Range to get, specified as an ASCII string. */ + CINIT(RANGE, OBJECTPOINT, 7), + + /* not used */ + + /* Specified file stream to upload from (use as input): */ + CINIT(READDATA, OBJECTPOINT, 9), + + /* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE + * bytes big. If this is not used, error messages go to stderr instead: */ + CINIT(ERRORBUFFER, OBJECTPOINT, 10), + + /* Function that will be called to store the output (instead of fwrite). The + * parameters will use fwrite() syntax, make sure to follow them. */ + CINIT(WRITEFUNCTION, FUNCTIONPOINT, 11), + + /* Function that will be called to read the input (instead of fread). The + * parameters will use fread() syntax, make sure to follow them. */ + CINIT(READFUNCTION, FUNCTIONPOINT, 12), + + /* Time-out the read operation after this amount of seconds */ + CINIT(TIMEOUT, LONG, 13), + + /* If the CURLOPT_INFILE is used, this can be used to inform libcurl about + * how large the file being sent really is. That allows better error + * checking and better verifies that the upload was successful. -1 means + * unknown size. + * + * For large file support, there is also a _LARGE version of the key + * which takes an off_t type, allowing platforms with larger off_t + * sizes to handle larger files. See below for INFILESIZE_LARGE. + */ + CINIT(INFILESIZE, LONG, 14), + + /* POST static input fields. */ + CINIT(POSTFIELDS, OBJECTPOINT, 15), + + /* Set the referrer page (needed by some CGIs) */ + CINIT(REFERER, OBJECTPOINT, 16), + + /* Set the FTP PORT string (interface name, named or numerical IP address) + Use i.e '-' to use default address. */ + CINIT(FTPPORT, OBJECTPOINT, 17), + + /* Set the User-Agent string (examined by some CGIs) */ + CINIT(USERAGENT, OBJECTPOINT, 18), + + /* If the download receives less than "low speed limit" bytes/second + * during "low speed time" seconds, the operations is aborted. + * You could i.e if you have a pretty high speed connection, abort if + * it is less than 2000 bytes/sec during 20 seconds. + */ + + /* Set the "low speed limit" */ + CINIT(LOW_SPEED_LIMIT, LONG, 19), + + /* Set the "low speed time" */ + CINIT(LOW_SPEED_TIME, LONG, 20), + + /* Set the continuation offset. + * + * Note there is also a _LARGE version of this key which uses + * off_t types, allowing for large file offsets on platforms which + * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. + */ + CINIT(RESUME_FROM, LONG, 21), + + /* Set cookie in request: */ + CINIT(COOKIE, OBJECTPOINT, 22), + + /* This points to a linked list of headers, struct curl_slist kind. This + list is also used for RTSP (in spite of its name) */ + CINIT(HTTPHEADER, OBJECTPOINT, 23), + + /* This points to a linked list of post entries, struct curl_httppost */ + CINIT(HTTPPOST, OBJECTPOINT, 24), + + /* name of the file keeping your private SSL-certificate */ + CINIT(SSLCERT, OBJECTPOINT, 25), + + /* password for the SSL or SSH private key */ + CINIT(KEYPASSWD, OBJECTPOINT, 26), + + /* send TYPE parameter? */ + CINIT(CRLF, LONG, 27), + + /* send linked-list of QUOTE commands */ + CINIT(QUOTE, OBJECTPOINT, 28), + + /* send FILE * or void * to store headers to, if you use a callback it + is simply passed to the callback unmodified */ + CINIT(HEADERDATA, OBJECTPOINT, 29), + + /* point to a file to read the initial cookies from, also enables + "cookie awareness" */ + CINIT(COOKIEFILE, OBJECTPOINT, 31), + + /* What version to specifically try to use. + See CURL_SSLVERSION defines below. */ + CINIT(SSLVERSION, LONG, 32), + + /* What kind of HTTP time condition to use, see defines */ + CINIT(TIMECONDITION, LONG, 33), + + /* Time to use with the above condition. Specified in number of seconds + since 1 Jan 1970 */ + CINIT(TIMEVALUE, LONG, 34), + + /* 35 = OBSOLETE */ + + /* Custom request, for customizing the get command like + HTTP: DELETE, TRACE and others + FTP: to use a different list command + */ + CINIT(CUSTOMREQUEST, OBJECTPOINT, 36), + + /* HTTP request, for odd commands like DELETE, TRACE and others */ + CINIT(STDERR, OBJECTPOINT, 37), + + /* 38 is not used */ + + /* send linked-list of post-transfer QUOTE commands */ + CINIT(POSTQUOTE, OBJECTPOINT, 39), + + CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */ + + CINIT(VERBOSE, LONG, 41), /* talk a lot */ + CINIT(HEADER, LONG, 42), /* throw the header out too */ + CINIT(NOPROGRESS, LONG, 43), /* shut off the progress meter */ + CINIT(NOBODY, LONG, 44), /* use HEAD to get http document */ + CINIT(FAILONERROR, LONG, 45), /* no output on http error codes >= 400 */ + CINIT(UPLOAD, LONG, 46), /* this is an upload */ + CINIT(POST, LONG, 47), /* HTTP POST method */ + CINIT(DIRLISTONLY, LONG, 48), /* bare names when listing directories */ + + CINIT(APPEND, LONG, 50), /* Append instead of overwrite on upload! */ + + /* Specify whether to read the user+password from the .netrc or the URL. + * This must be one of the CURL_NETRC_* enums below. */ + CINIT(NETRC, LONG, 51), + + CINIT(FOLLOWLOCATION, LONG, 52), /* use Location: Luke! */ + + CINIT(TRANSFERTEXT, LONG, 53), /* transfer data in text/ASCII format */ + CINIT(PUT, LONG, 54), /* HTTP PUT */ + + /* 55 = OBSOLETE */ + + /* DEPRECATED + * Function that will be called instead of the internal progress display + * function. This function should be defined as the curl_progress_callback + * prototype defines. */ + CINIT(PROGRESSFUNCTION, FUNCTIONPOINT, 56), + + /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION + callbacks */ + CINIT(PROGRESSDATA, OBJECTPOINT, 57), +#define CURLOPT_XFERINFODATA CURLOPT_PROGRESSDATA + + /* We want the referrer field set automatically when following locations */ + CINIT(AUTOREFERER, LONG, 58), + + /* Port of the proxy, can be set in the proxy string as well with: + "[host]:[port]" */ + CINIT(PROXYPORT, LONG, 59), + + /* size of the POST input data, if strlen() is not good to use */ + CINIT(POSTFIELDSIZE, LONG, 60), + + /* tunnel non-http operations through a HTTP proxy */ + CINIT(HTTPPROXYTUNNEL, LONG, 61), + + /* Set the interface string to use as outgoing network interface */ + CINIT(INTERFACE, OBJECTPOINT, 62), + + /* Set the krb4/5 security level, this also enables krb4/5 awareness. This + * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string + * is set but doesn't match one of these, 'private' will be used. */ + CINIT(KRBLEVEL, OBJECTPOINT, 63), + + /* Set if we should verify the peer in ssl handshake, set 1 to verify. */ + CINIT(SSL_VERIFYPEER, LONG, 64), + + /* The CApath or CAfile used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CINIT(CAINFO, OBJECTPOINT, 65), + + /* 66 = OBSOLETE */ + /* 67 = OBSOLETE */ + + /* Maximum number of http redirects to follow */ + CINIT(MAXREDIRS, LONG, 68), + + /* Pass a long set to 1 to get the date of the requested document (if + possible)! Pass a zero to shut it off. */ + CINIT(FILETIME, LONG, 69), + + /* This points to a linked list of telnet options */ + CINIT(TELNETOPTIONS, OBJECTPOINT, 70), + + /* Max amount of cached alive connections */ + CINIT(MAXCONNECTS, LONG, 71), + + CINIT(OBSOLETE72, LONG, 72), /* OBSOLETE, do not use! */ + + /* 73 = OBSOLETE */ + + /* Set to explicitly use a new connection for the upcoming transfer. + Do not use this unless you're absolutely sure of this, as it makes the + operation slower and is less friendly for the network. */ + CINIT(FRESH_CONNECT, LONG, 74), + + /* Set to explicitly forbid the upcoming transfer's connection to be re-used + when done. Do not use this unless you're absolutely sure of this, as it + makes the operation slower and is less friendly for the network. */ + CINIT(FORBID_REUSE, LONG, 75), + + /* Set to a file name that contains random data for libcurl to use to + seed the random engine when doing SSL connects. */ + CINIT(RANDOM_FILE, OBJECTPOINT, 76), + + /* Set to the Entropy Gathering Daemon socket pathname */ + CINIT(EGDSOCKET, OBJECTPOINT, 77), + + /* Time-out connect operations after this amount of seconds, if connects are + OK within this time, then fine... This only aborts the connect phase. */ + CINIT(CONNECTTIMEOUT, LONG, 78), + + /* Function that will be called to store headers (instead of fwrite). The + * parameters will use fwrite() syntax, make sure to follow them. */ + CINIT(HEADERFUNCTION, FUNCTIONPOINT, 79), + + /* Set this to force the HTTP request to get back to GET. Only really usable + if POST, PUT or a custom request have been used first. + */ + CINIT(HTTPGET, LONG, 80), + + /* Set if we should verify the Common name from the peer certificate in ssl + * handshake, set 1 to check existence, 2 to ensure that it matches the + * provided hostname. */ + CINIT(SSL_VERIFYHOST, LONG, 81), + + /* Specify which file name to write all known cookies in after completed + operation. Set file name to "-" (dash) to make it go to stdout. */ + CINIT(COOKIEJAR, OBJECTPOINT, 82), + + /* Specify which SSL ciphers to use */ + CINIT(SSL_CIPHER_LIST, OBJECTPOINT, 83), + + /* Specify which HTTP version to use! This must be set to one of the + CURL_HTTP_VERSION* enums set below. */ + CINIT(HTTP_VERSION, LONG, 84), + + /* Specifically switch on or off the FTP engine's use of the EPSV command. By + default, that one will always be attempted before the more traditional + PASV command. */ + CINIT(FTP_USE_EPSV, LONG, 85), + + /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */ + CINIT(SSLCERTTYPE, OBJECTPOINT, 86), + + /* name of the file keeping your private SSL-key */ + CINIT(SSLKEY, OBJECTPOINT, 87), + + /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */ + CINIT(SSLKEYTYPE, OBJECTPOINT, 88), + + /* crypto engine for the SSL-sub system */ + CINIT(SSLENGINE, OBJECTPOINT, 89), + + /* set the crypto engine for the SSL-sub system as default + the param has no meaning... + */ + CINIT(SSLENGINE_DEFAULT, LONG, 90), + + /* Non-zero value means to use the global dns cache */ + CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */ + + /* DNS cache timeout */ + CINIT(DNS_CACHE_TIMEOUT, LONG, 92), + + /* send linked-list of pre-transfer QUOTE commands */ + CINIT(PREQUOTE, OBJECTPOINT, 93), + + /* set the debug function */ + CINIT(DEBUGFUNCTION, FUNCTIONPOINT, 94), + + /* set the data for the debug function */ + CINIT(DEBUGDATA, OBJECTPOINT, 95), + + /* mark this as start of a cookie session */ + CINIT(COOKIESESSION, LONG, 96), + + /* The CApath directory used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CINIT(CAPATH, OBJECTPOINT, 97), + + /* Instruct libcurl to use a smaller receive buffer */ + CINIT(BUFFERSIZE, LONG, 98), + + /* Instruct libcurl to not use any signal/alarm handlers, even when using + timeouts. This option is useful for multi-threaded applications. + See libcurl-the-guide for more background information. */ + CINIT(NOSIGNAL, LONG, 99), + + /* Provide a CURLShare for mutexing non-ts data */ + CINIT(SHARE, OBJECTPOINT, 100), + + /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default), + CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */ + CINIT(PROXYTYPE, LONG, 101), + + /* Set the Accept-Encoding string. Use this to tell a server you would like + the response to be compressed. Before 7.21.6, this was known as + CURLOPT_ENCODING */ + CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102), + + /* Set pointer to private data */ + CINIT(PRIVATE, OBJECTPOINT, 103), + + /* Set aliases for HTTP 200 in the HTTP Response header */ + CINIT(HTTP200ALIASES, OBJECTPOINT, 104), + + /* Continue to send authentication (user+password) when following locations, + even when hostname changed. This can potentially send off the name + and password to whatever host the server decides. */ + CINIT(UNRESTRICTED_AUTH, LONG, 105), + + /* Specifically switch on or off the FTP engine's use of the EPRT command ( + it also disables the LPRT attempt). By default, those ones will always be + attempted before the good old traditional PORT command. */ + CINIT(FTP_USE_EPRT, LONG, 106), + + /* Set this to a bitmask value to enable the particular authentications + methods you like. Use this in combination with CURLOPT_USERPWD. + Note that setting multiple bits may cause extra network round-trips. */ + CINIT(HTTPAUTH, LONG, 107), + + /* Set the ssl context callback function, currently only for OpenSSL ssl_ctx + in second argument. The function must be matching the + curl_ssl_ctx_callback proto. */ + CINIT(SSL_CTX_FUNCTION, FUNCTIONPOINT, 108), + + /* Set the userdata for the ssl context callback function's third + argument */ + CINIT(SSL_CTX_DATA, OBJECTPOINT, 109), + + /* FTP Option that causes missing dirs to be created on the remote server. + In 7.19.4 we introduced the convenience enums for this option using the + CURLFTP_CREATE_DIR prefix. + */ + CINIT(FTP_CREATE_MISSING_DIRS, LONG, 110), + + /* Set this to a bitmask value to enable the particular authentications + methods you like. Use this in combination with CURLOPT_PROXYUSERPWD. + Note that setting multiple bits may cause extra network round-trips. */ + CINIT(PROXYAUTH, LONG, 111), + + /* FTP option that changes the timeout, in seconds, associated with + getting a response. This is different from transfer timeout time and + essentially places a demand on the FTP server to acknowledge commands + in a timely manner. */ + CINIT(FTP_RESPONSE_TIMEOUT, LONG, 112), +#define CURLOPT_SERVER_RESPONSE_TIMEOUT CURLOPT_FTP_RESPONSE_TIMEOUT + + /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to + tell libcurl to resolve names to those IP versions only. This only has + affect on systems with support for more than one, i.e IPv4 _and_ IPv6. */ + CINIT(IPRESOLVE, LONG, 113), + + /* Set this option to limit the size of a file that will be downloaded from + an HTTP or FTP server. + + Note there is also _LARGE version which adds large file support for + platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ + CINIT(MAXFILESIZE, LONG, 114), + + /* See the comment for INFILESIZE above, but in short, specifies + * the size of the file being uploaded. -1 means unknown. + */ + CINIT(INFILESIZE_LARGE, OFF_T, 115), + + /* Sets the continuation offset. There is also a LONG version of this; + * look above for RESUME_FROM. + */ + CINIT(RESUME_FROM_LARGE, OFF_T, 116), + + /* Sets the maximum size of data that will be downloaded from + * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. + */ + CINIT(MAXFILESIZE_LARGE, OFF_T, 117), + + /* Set this option to the file name of your .netrc file you want libcurl + to parse (using the CURLOPT_NETRC option). If not set, libcurl will do + a poor attempt to find the user's home directory and check for a .netrc + file in there. */ + CINIT(NETRC_FILE, OBJECTPOINT, 118), + + /* Enable SSL/TLS for FTP, pick one of: + CURLUSESSL_TRY - try using SSL, proceed anyway otherwise + CURLUSESSL_CONTROL - SSL for the control connection or fail + CURLUSESSL_ALL - SSL for all communication or fail + */ + CINIT(USE_SSL, LONG, 119), + + /* The _LARGE version of the standard POSTFIELDSIZE option */ + CINIT(POSTFIELDSIZE_LARGE, OFF_T, 120), + + /* Enable/disable the TCP Nagle algorithm */ + CINIT(TCP_NODELAY, LONG, 121), + + /* 122 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 123 OBSOLETE. Gone in 7.16.0 */ + /* 124 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 125 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 126 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 127 OBSOLETE. Gone in 7.16.0 */ + /* 128 OBSOLETE. Gone in 7.16.0 */ + + /* When FTP over SSL/TLS is selected (with CURLOPT_USE_SSL), this option + can be used to change libcurl's default action which is to first try + "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK + response has been received. + + Available parameters are: + CURLFTPAUTH_DEFAULT - let libcurl decide + CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS + CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL + */ + CINIT(FTPSSLAUTH, LONG, 129), + + CINIT(IOCTLFUNCTION, FUNCTIONPOINT, 130), + CINIT(IOCTLDATA, OBJECTPOINT, 131), + + /* 132 OBSOLETE. Gone in 7.16.0 */ + /* 133 OBSOLETE. Gone in 7.16.0 */ + + /* zero terminated string for pass on to the FTP server when asked for + "account" info */ + CINIT(FTP_ACCOUNT, OBJECTPOINT, 134), + + /* feed cookies into cookie engine */ + CINIT(COOKIELIST, OBJECTPOINT, 135), + + /* ignore Content-Length */ + CINIT(IGNORE_CONTENT_LENGTH, LONG, 136), + + /* Set to non-zero to skip the IP address received in a 227 PASV FTP server + response. Typically used for FTP-SSL purposes but is not restricted to + that. libcurl will then instead use the same IP address it used for the + control connection. */ + CINIT(FTP_SKIP_PASV_IP, LONG, 137), + + /* Select "file method" to use when doing FTP, see the curl_ftpmethod + above. */ + CINIT(FTP_FILEMETHOD, LONG, 138), + + /* Local port number to bind the socket to */ + CINIT(LOCALPORT, LONG, 139), + + /* Number of ports to try, including the first one set with LOCALPORT. + Thus, setting it to 1 will make no additional attempts but the first. + */ + CINIT(LOCALPORTRANGE, LONG, 140), + + /* no transfer, set up connection and let application use the socket by + extracting it with CURLINFO_LASTSOCKET */ + CINIT(CONNECT_ONLY, LONG, 141), + + /* Function that will be called to convert from the + network encoding (instead of using the iconv calls in libcurl) */ + CINIT(CONV_FROM_NETWORK_FUNCTION, FUNCTIONPOINT, 142), + + /* Function that will be called to convert to the + network encoding (instead of using the iconv calls in libcurl) */ + CINIT(CONV_TO_NETWORK_FUNCTION, FUNCTIONPOINT, 143), + + /* Function that will be called to convert from UTF8 + (instead of using the iconv calls in libcurl) + Note that this is used only for SSL certificate processing */ + CINIT(CONV_FROM_UTF8_FUNCTION, FUNCTIONPOINT, 144), + + /* if the connection proceeds too quickly then need to slow it down */ + /* limit-rate: maximum number of bytes per second to send or receive */ + CINIT(MAX_SEND_SPEED_LARGE, OFF_T, 145), + CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146), + + /* Pointer to command string to send if USER/PASS fails. */ + CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147), + + /* callback function for setting socket options */ + CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148), + CINIT(SOCKOPTDATA, OBJECTPOINT, 149), + + /* set to 0 to disable session ID re-use for this transfer, default is + enabled (== 1) */ + CINIT(SSL_SESSIONID_CACHE, LONG, 150), + + /* allowed SSH authentication methods */ + CINIT(SSH_AUTH_TYPES, LONG, 151), + + /* Used by scp/sftp to do public/private key authentication */ + CINIT(SSH_PUBLIC_KEYFILE, OBJECTPOINT, 152), + CINIT(SSH_PRIVATE_KEYFILE, OBJECTPOINT, 153), + + /* Send CCC (Clear Command Channel) after authentication */ + CINIT(FTP_SSL_CCC, LONG, 154), + + /* Same as TIMEOUT and CONNECTTIMEOUT, but with ms resolution */ + CINIT(TIMEOUT_MS, LONG, 155), + CINIT(CONNECTTIMEOUT_MS, LONG, 156), + + /* set to zero to disable the libcurl's decoding and thus pass the raw body + data to the application even when it is encoded/compressed */ + CINIT(HTTP_TRANSFER_DECODING, LONG, 157), + CINIT(HTTP_CONTENT_DECODING, LONG, 158), + + /* Permission used when creating new files and directories on the remote + server for protocols that support it, SFTP/SCP/FILE */ + CINIT(NEW_FILE_PERMS, LONG, 159), + CINIT(NEW_DIRECTORY_PERMS, LONG, 160), + + /* Set the behaviour of POST when redirecting. Values must be set to one + of CURL_REDIR* defines below. This used to be called CURLOPT_POST301 */ + CINIT(POSTREDIR, LONG, 161), + + /* used by scp/sftp to verify the host's public key */ + CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162), + + /* Callback function for opening socket (instead of socket(2)). Optionally, + callback is able change the address or refuse to connect returning + CURL_SOCKET_BAD. The callback should have type + curl_opensocket_callback */ + CINIT(OPENSOCKETFUNCTION, FUNCTIONPOINT, 163), + CINIT(OPENSOCKETDATA, OBJECTPOINT, 164), + + /* POST volatile input fields. */ + CINIT(COPYPOSTFIELDS, OBJECTPOINT, 165), + + /* set transfer mode (;type=) when doing FTP via an HTTP proxy */ + CINIT(PROXY_TRANSFER_MODE, LONG, 166), + + /* Callback function for seeking in the input stream */ + CINIT(SEEKFUNCTION, FUNCTIONPOINT, 167), + CINIT(SEEKDATA, OBJECTPOINT, 168), + + /* CRL file */ + CINIT(CRLFILE, OBJECTPOINT, 169), + + /* Issuer certificate */ + CINIT(ISSUERCERT, OBJECTPOINT, 170), + + /* (IPv6) Address scope */ + CINIT(ADDRESS_SCOPE, LONG, 171), + + /* Collect certificate chain info and allow it to get retrievable with + CURLINFO_CERTINFO after the transfer is complete. */ + CINIT(CERTINFO, LONG, 172), + + /* "name" and "pwd" to use when fetching. */ + CINIT(USERNAME, OBJECTPOINT, 173), + CINIT(PASSWORD, OBJECTPOINT, 174), + + /* "name" and "pwd" to use with Proxy when fetching. */ + CINIT(PROXYUSERNAME, OBJECTPOINT, 175), + CINIT(PROXYPASSWORD, OBJECTPOINT, 176), + + /* Comma separated list of hostnames defining no-proxy zones. These should + match both hostnames directly, and hostnames within a domain. For + example, local.com will match local.com and www.local.com, but NOT + notlocal.com or www.notlocal.com. For compatibility with other + implementations of this, .local.com will be considered to be the same as + local.com. A single * is the only valid wildcard, and effectively + disables the use of proxy. */ + CINIT(NOPROXY, OBJECTPOINT, 177), + + /* block size for TFTP transfers */ + CINIT(TFTP_BLKSIZE, LONG, 178), + + /* Socks Service */ + CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179), + + /* Socks Service */ + CINIT(SOCKS5_GSSAPI_NEC, LONG, 180), + + /* set the bitmask for the protocols that are allowed to be used for the + transfer, which thus helps the app which takes URLs from users or other + external inputs and want to restrict what protocol(s) to deal + with. Defaults to CURLPROTO_ALL. */ + CINIT(PROTOCOLS, LONG, 181), + + /* set the bitmask for the protocols that libcurl is allowed to follow to, + as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs + to be set in both bitmasks to be allowed to get redirected to. Defaults + to all protocols except FILE and SCP. */ + CINIT(REDIR_PROTOCOLS, LONG, 182), + + /* set the SSH knownhost file name to use */ + CINIT(SSH_KNOWNHOSTS, OBJECTPOINT, 183), + + /* set the SSH host key callback, must point to a curl_sshkeycallback + function */ + CINIT(SSH_KEYFUNCTION, FUNCTIONPOINT, 184), + + /* set the SSH host key callback custom pointer */ + CINIT(SSH_KEYDATA, OBJECTPOINT, 185), + + /* set the SMTP mail originator */ + CINIT(MAIL_FROM, OBJECTPOINT, 186), + + /* set the SMTP mail receiver(s) */ + CINIT(MAIL_RCPT, OBJECTPOINT, 187), + + /* FTP: send PRET before PASV */ + CINIT(FTP_USE_PRET, LONG, 188), + + /* RTSP request method (OPTIONS, SETUP, PLAY, etc...) */ + CINIT(RTSP_REQUEST, LONG, 189), + + /* The RTSP session identifier */ + CINIT(RTSP_SESSION_ID, OBJECTPOINT, 190), + + /* The RTSP stream URI */ + CINIT(RTSP_STREAM_URI, OBJECTPOINT, 191), + + /* The Transport: header to use in RTSP requests */ + CINIT(RTSP_TRANSPORT, OBJECTPOINT, 192), + + /* Manually initialize the client RTSP CSeq for this handle */ + CINIT(RTSP_CLIENT_CSEQ, LONG, 193), + + /* Manually initialize the server RTSP CSeq for this handle */ + CINIT(RTSP_SERVER_CSEQ, LONG, 194), + + /* The stream to pass to INTERLEAVEFUNCTION. */ + CINIT(INTERLEAVEDATA, OBJECTPOINT, 195), + + /* Let the application define a custom write method for RTP data */ + CINIT(INTERLEAVEFUNCTION, FUNCTIONPOINT, 196), + + /* Turn on wildcard matching */ + CINIT(WILDCARDMATCH, LONG, 197), + + /* Directory matching callback called before downloading of an + individual file (chunk) started */ + CINIT(CHUNK_BGN_FUNCTION, FUNCTIONPOINT, 198), + + /* Directory matching callback called after the file (chunk) + was downloaded, or skipped */ + CINIT(CHUNK_END_FUNCTION, FUNCTIONPOINT, 199), + + /* Change match (fnmatch-like) callback for wildcard matching */ + CINIT(FNMATCH_FUNCTION, FUNCTIONPOINT, 200), + + /* Let the application define custom chunk data pointer */ + CINIT(CHUNK_DATA, OBJECTPOINT, 201), + + /* FNMATCH_FUNCTION user pointer */ + CINIT(FNMATCH_DATA, OBJECTPOINT, 202), + + /* send linked-list of name:port:address sets */ + CINIT(RESOLVE, OBJECTPOINT, 203), + + /* Set a username for authenticated TLS */ + CINIT(TLSAUTH_USERNAME, OBJECTPOINT, 204), + + /* Set a password for authenticated TLS */ + CINIT(TLSAUTH_PASSWORD, OBJECTPOINT, 205), + + /* Set authentication type for authenticated TLS */ + CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206), + + /* Set to 1 to enable the "TE:" header in HTTP requests to ask for + compressed transfer-encoded responses. Set to 0 to disable the use of TE: + in outgoing requests. The current default is 0, but it might change in a + future libcurl release. + + libcurl will ask for the compressed methods it knows of, and if that + isn't any, it will not ask for transfer-encoding at all even if this + option is set to 1. + + */ + CINIT(TRANSFER_ENCODING, LONG, 207), + + /* Callback function for closing socket (instead of close(2)). The callback + should have type curl_closesocket_callback */ + CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208), + CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209), + + /* allow GSSAPI credential delegation */ + CINIT(GSSAPI_DELEGATION, LONG, 210), + + /* Set the name servers to use for DNS resolution */ + CINIT(DNS_SERVERS, OBJECTPOINT, 211), + + /* Time-out accept operations (currently for FTP only) after this amount + of miliseconds. */ + CINIT(ACCEPTTIMEOUT_MS, LONG, 212), + + /* Set TCP keepalive */ + CINIT(TCP_KEEPALIVE, LONG, 213), + + /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */ + CINIT(TCP_KEEPIDLE, LONG, 214), + CINIT(TCP_KEEPINTVL, LONG, 215), + + /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */ + CINIT(SSL_OPTIONS, LONG, 216), + + /* Set the SMTP auth originator */ + CINIT(MAIL_AUTH, OBJECTPOINT, 217), + + /* Enable/disable SASL initial response */ + CINIT(SASL_IR, LONG, 218), + + /* Function that will be called instead of the internal progress display + * function. This function should be defined as the curl_xferinfo_callback + * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */ + CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219), + + /* The XOAUTH2 bearer token */ + CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220), + + /* Set the interface string to use as outgoing network + * interface for DNS requests. + * Only supported by the c-ares DNS backend */ + CINIT(DNS_INTERFACE, OBJECTPOINT, 221), + + /* Set the local IPv4 address to use for outgoing DNS requests. + * Only supported by the c-ares DNS backend */ + CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222), + + /* Set the local IPv4 address to use for outgoing DNS requests. + * Only supported by the c-ares DNS backend */ + CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223), + + /* Set authentication options directly */ + CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224), + + /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */ + CINIT(SSL_ENABLE_NPN, LONG, 225), + + /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */ + CINIT(SSL_ENABLE_ALPN, LONG, 226), + + /* Time to wait for a response to a HTTP request containing an + * Expect: 100-continue header before sending the data anyway. */ + CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227), + + /* This points to a linked list of headers used for proxy requests only, + struct curl_slist kind */ + CINIT(PROXYHEADER, OBJECTPOINT, 228), + + /* Pass in a bitmask of "header options" */ + CINIT(HEADEROPT, LONG, 229), + + /* The public key in DER form used to validate the peer public key + this option is used only if SSL_VERIFYPEER is true */ + CINIT(PINNEDPUBLICKEY, OBJECTPOINT, 230), + + /* Path to Unix domain socket */ + CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231), + + CURLOPT_LASTENTRY /* the last unused */ +} CURLoption; + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* Backwards compatibility with older names */ +/* These are scheduled to disappear by 2011 */ + +/* This was added in version 7.19.1 */ +#define CURLOPT_POST301 CURLOPT_POSTREDIR + +/* These are scheduled to disappear by 2009 */ + +/* The following were added in 7.17.0 */ +#define CURLOPT_SSLKEYPASSWD CURLOPT_KEYPASSWD +#define CURLOPT_FTPAPPEND CURLOPT_APPEND +#define CURLOPT_FTPLISTONLY CURLOPT_DIRLISTONLY +#define CURLOPT_FTP_SSL CURLOPT_USE_SSL + +/* The following were added earlier */ + +#define CURLOPT_SSLCERTPASSWD CURLOPT_KEYPASSWD +#define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL + +#else +/* This is set if CURL_NO_OLDIES is defined at compile-time */ +#undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */ +#endif + + + /* Below here follows defines for the CURLOPT_IPRESOLVE option. If a host + name resolves addresses using more than one IP protocol version, this + option might be handy to force libcurl to use a specific IP version. */ +#define CURL_IPRESOLVE_WHATEVER 0 /* default, resolves addresses to all IP + versions that your system allows */ +#define CURL_IPRESOLVE_V4 1 /* resolve to IPv4 addresses */ +#define CURL_IPRESOLVE_V6 2 /* resolve to IPv6 addresses */ + + /* three convenient "aliases" that follow the name scheme better */ +#define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER + + /* These enums are for use with the CURLOPT_HTTP_VERSION option. */ +enum { + CURL_HTTP_VERSION_NONE, /* setting this means we don't care, and that we'd + like the library to choose the best possible + for us! */ + CURL_HTTP_VERSION_1_0, /* please use HTTP 1.0 in the request */ + CURL_HTTP_VERSION_1_1, /* please use HTTP 1.1 in the request */ + CURL_HTTP_VERSION_2_0, /* please use HTTP 2.0 in the request */ + + CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */ +}; + +/* + * Public API enums for RTSP requests + */ +enum { + CURL_RTSPREQ_NONE, /* first in list */ + CURL_RTSPREQ_OPTIONS, + CURL_RTSPREQ_DESCRIBE, + CURL_RTSPREQ_ANNOUNCE, + CURL_RTSPREQ_SETUP, + CURL_RTSPREQ_PLAY, + CURL_RTSPREQ_PAUSE, + CURL_RTSPREQ_TEARDOWN, + CURL_RTSPREQ_GET_PARAMETER, + CURL_RTSPREQ_SET_PARAMETER, + CURL_RTSPREQ_RECORD, + CURL_RTSPREQ_RECEIVE, + CURL_RTSPREQ_LAST /* last in list */ +}; + + /* These enums are for use with the CURLOPT_NETRC option. */ +enum CURL_NETRC_OPTION { + CURL_NETRC_IGNORED, /* The .netrc will never be read. + * This is the default. */ + CURL_NETRC_OPTIONAL, /* A user:password in the URL will be preferred + * to one in the .netrc. */ + CURL_NETRC_REQUIRED, /* A user:password in the URL will be ignored. + * Unless one is set programmatically, the .netrc + * will be queried. */ + CURL_NETRC_LAST +}; + +enum { + CURL_SSLVERSION_DEFAULT, + CURL_SSLVERSION_TLSv1, /* TLS 1.x */ + CURL_SSLVERSION_SSLv2, + CURL_SSLVERSION_SSLv3, + CURL_SSLVERSION_TLSv1_0, + CURL_SSLVERSION_TLSv1_1, + CURL_SSLVERSION_TLSv1_2, + + CURL_SSLVERSION_LAST /* never use, keep last */ +}; + +enum CURL_TLSAUTH { + CURL_TLSAUTH_NONE, + CURL_TLSAUTH_SRP, + CURL_TLSAUTH_LAST /* never use, keep last */ +}; + +/* symbols to use with CURLOPT_POSTREDIR. + CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303 + can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302 + | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */ + +#define CURL_REDIR_GET_ALL 0 +#define CURL_REDIR_POST_301 1 +#define CURL_REDIR_POST_302 2 +#define CURL_REDIR_POST_303 4 +#define CURL_REDIR_POST_ALL \ + (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303) + +typedef enum { + CURL_TIMECOND_NONE, + + CURL_TIMECOND_IFMODSINCE, + CURL_TIMECOND_IFUNMODSINCE, + CURL_TIMECOND_LASTMOD, + + CURL_TIMECOND_LAST +} curl_TimeCond; + + +/* curl_strequal() and curl_strnequal() are subject for removal in a future + libcurl, see lib/README.curlx for details */ +CURL_EXTERN int (curl_strequal)(const char *s1, const char *s2); +CURL_EXTERN int (curl_strnequal)(const char *s1, const char *s2, size_t n); + +/* name is uppercase CURLFORM_ */ +#ifdef CFINIT +#undef CFINIT +#endif + +#ifdef CURL_ISOCPP +#define CFINIT(name) CURLFORM_ ## name +#else +/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ +#define CFINIT(name) CURLFORM_/**/name +#endif + +typedef enum { + CFINIT(NOTHING), /********* the first one is unused ************/ + + /* */ + CFINIT(COPYNAME), + CFINIT(PTRNAME), + CFINIT(NAMELENGTH), + CFINIT(COPYCONTENTS), + CFINIT(PTRCONTENTS), + CFINIT(CONTENTSLENGTH), + CFINIT(FILECONTENT), + CFINIT(ARRAY), + CFINIT(OBSOLETE), + CFINIT(FILE), + + CFINIT(BUFFER), + CFINIT(BUFFERPTR), + CFINIT(BUFFERLENGTH), + + CFINIT(CONTENTTYPE), + CFINIT(CONTENTHEADER), + CFINIT(FILENAME), + CFINIT(END), + CFINIT(OBSOLETE2), + + CFINIT(STREAM), + + CURLFORM_LASTENTRY /* the last unused */ +} CURLformoption; + +#undef CFINIT /* done */ + +/* structure to be used as parameter for CURLFORM_ARRAY */ +struct curl_forms { + CURLformoption option; + const char *value; +}; + +/* use this for multipart formpost building */ +/* Returns code for curl_formadd() + * + * Returns: + * CURL_FORMADD_OK on success + * CURL_FORMADD_MEMORY if the FormInfo allocation fails + * CURL_FORMADD_OPTION_TWICE if one option is given twice for one Form + * CURL_FORMADD_NULL if a null pointer was given for a char + * CURL_FORMADD_MEMORY if the allocation of a FormInfo struct failed + * CURL_FORMADD_UNKNOWN_OPTION if an unknown option was used + * CURL_FORMADD_INCOMPLETE if the some FormInfo is not complete (or error) + * CURL_FORMADD_MEMORY if a curl_httppost struct cannot be allocated + * CURL_FORMADD_MEMORY if some allocation for string copying failed. + * CURL_FORMADD_ILLEGAL_ARRAY if an illegal option is used in an array + * + ***************************************************************************/ +typedef enum { + CURL_FORMADD_OK, /* first, no error */ + + CURL_FORMADD_MEMORY, + CURL_FORMADD_OPTION_TWICE, + CURL_FORMADD_NULL, + CURL_FORMADD_UNKNOWN_OPTION, + CURL_FORMADD_INCOMPLETE, + CURL_FORMADD_ILLEGAL_ARRAY, + CURL_FORMADD_DISABLED, /* libcurl was built with this disabled */ + + CURL_FORMADD_LAST /* last */ +} CURLFORMcode; + +/* + * NAME curl_formadd() + * + * DESCRIPTION + * + * Pretty advanced function for building multi-part formposts. Each invoke + * adds one part that together construct a full post. Then use + * CURLOPT_HTTPPOST to send it off to libcurl. + */ +CURL_EXTERN CURLFORMcode curl_formadd(struct curl_httppost **httppost, + struct curl_httppost **last_post, + ...); + +/* + * callback function for curl_formget() + * The void *arg pointer will be the one passed as second argument to + * curl_formget(). + * The character buffer passed to it must not be freed. + * Should return the buffer length passed to it as the argument "len" on + * success. + */ +typedef size_t (*curl_formget_callback)(void *arg, const char *buf, + size_t len); + +/* + * NAME curl_formget() + * + * DESCRIPTION + * + * Serialize a curl_httppost struct built with curl_formadd(). + * Accepts a void pointer as second argument which will be passed to + * the curl_formget_callback function. + * Returns 0 on success. + */ +CURL_EXTERN int curl_formget(struct curl_httppost *form, void *arg, + curl_formget_callback append); +/* + * NAME curl_formfree() + * + * DESCRIPTION + * + * Free a multipart formpost previously built with curl_formadd(). + */ +CURL_EXTERN void curl_formfree(struct curl_httppost *form); + +/* + * NAME curl_getenv() + * + * DESCRIPTION + * + * Returns a malloc()'ed string that MUST be curl_free()ed after usage is + * complete. DEPRECATED - see lib/README.curlx + */ +CURL_EXTERN char *curl_getenv(const char *variable); + +/* + * NAME curl_version() + * + * DESCRIPTION + * + * Returns a static ascii string of the libcurl version. + */ +CURL_EXTERN char *curl_version(void); + +/* + * NAME curl_easy_escape() + * + * DESCRIPTION + * + * Escapes URL strings (converts all letters consider illegal in URLs to their + * %XX versions). This function returns a new allocated string or NULL if an + * error occurred. + */ +CURL_EXTERN char *curl_easy_escape(CURL *handle, + const char *string, + int length); + +/* the previous version: */ +CURL_EXTERN char *curl_escape(const char *string, + int length); + + +/* + * NAME curl_easy_unescape() + * + * DESCRIPTION + * + * Unescapes URL encoding in strings (converts all %XX codes to their 8bit + * versions). This function returns a new allocated string or NULL if an error + * occurred. + * Conversion Note: On non-ASCII platforms the ASCII %XX codes are + * converted into the host encoding. + */ +CURL_EXTERN char *curl_easy_unescape(CURL *handle, + const char *string, + int length, + int *outlength); + +/* the previous version */ +CURL_EXTERN char *curl_unescape(const char *string, + int length); + +/* + * NAME curl_free() + * + * DESCRIPTION + * + * Provided for de-allocation in the same translation unit that did the + * allocation. Added in libcurl 7.10 + */ +CURL_EXTERN void curl_free(void *p); + +/* + * NAME curl_global_init() + * + * DESCRIPTION + * + * curl_global_init() should be invoked exactly once for each application that + * uses libcurl and before any call of other libcurl functions. + * + * This function is not thread-safe! + */ +CURL_EXTERN CURLcode curl_global_init(long flags); + +/* + * NAME curl_global_init_mem() + * + * DESCRIPTION + * + * curl_global_init() or curl_global_init_mem() should be invoked exactly once + * for each application that uses libcurl. This function can be used to + * initialize libcurl and set user defined memory management callback + * functions. Users can implement memory management routines to check for + * memory leaks, check for mis-use of the curl library etc. User registered + * callback routines with be invoked by this library instead of the system + * memory management routines like malloc, free etc. + */ +CURL_EXTERN CURLcode curl_global_init_mem(long flags, + curl_malloc_callback m, + curl_free_callback f, + curl_realloc_callback r, + curl_strdup_callback s, + curl_calloc_callback c); + +/* + * NAME curl_global_cleanup() + * + * DESCRIPTION + * + * curl_global_cleanup() should be invoked exactly once for each application + * that uses libcurl + */ +CURL_EXTERN void curl_global_cleanup(void); + +/* linked-list structure for the CURLOPT_QUOTE option (and other) */ +struct curl_slist { + char *data; + struct curl_slist *next; +}; + +/* + * NAME curl_slist_append() + * + * DESCRIPTION + * + * Appends a string to a linked list. If no list exists, it will be created + * first. Returns the new list, after appending. + */ +CURL_EXTERN struct curl_slist *curl_slist_append(struct curl_slist *, + const char *); + +/* + * NAME curl_slist_free_all() + * + * DESCRIPTION + * + * free a previously built curl_slist. + */ +CURL_EXTERN void curl_slist_free_all(struct curl_slist *); + +/* + * NAME curl_getdate() + * + * DESCRIPTION + * + * Returns the time, in seconds since 1 Jan 1970 of the time string given in + * the first argument. The time argument in the second parameter is unused + * and should be set to NULL. + */ +CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); + +/* info about the certificate chain, only for OpenSSL builds. Asked + for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ +struct curl_certinfo { + int num_of_certs; /* number of certificates with information */ + struct curl_slist **certinfo; /* for each index in this array, there's a + linked list with textual information in the + format "name: value" */ +}; + +/* enum for the different supported SSL backends */ +typedef enum { + CURLSSLBACKEND_NONE = 0, + CURLSSLBACKEND_OPENSSL = 1, + CURLSSLBACKEND_GNUTLS = 2, + CURLSSLBACKEND_NSS = 3, + CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ + CURLSSLBACKEND_GSKIT = 5, + CURLSSLBACKEND_POLARSSL = 6, + CURLSSLBACKEND_CYASSL = 7, + CURLSSLBACKEND_SCHANNEL = 8, + CURLSSLBACKEND_DARWINSSL = 9, + CURLSSLBACKEND_AXTLS = 10 +} curl_sslbackend; + +/* Information about the SSL library used and the respective internal SSL + handle, which can be used to obtain further information regarding the + connection. Asked for with CURLINFO_TLS_SESSION. */ +struct curl_tlssessioninfo { + curl_sslbackend backend; + void *internals; +}; + +#define CURLINFO_STRING 0x100000 +#define CURLINFO_LONG 0x200000 +#define CURLINFO_DOUBLE 0x300000 +#define CURLINFO_SLIST 0x400000 +#define CURLINFO_MASK 0x0fffff +#define CURLINFO_TYPEMASK 0xf00000 + +typedef enum { + CURLINFO_NONE, /* first, never use this */ + CURLINFO_EFFECTIVE_URL = CURLINFO_STRING + 1, + CURLINFO_RESPONSE_CODE = CURLINFO_LONG + 2, + CURLINFO_TOTAL_TIME = CURLINFO_DOUBLE + 3, + CURLINFO_NAMELOOKUP_TIME = CURLINFO_DOUBLE + 4, + CURLINFO_CONNECT_TIME = CURLINFO_DOUBLE + 5, + CURLINFO_PRETRANSFER_TIME = CURLINFO_DOUBLE + 6, + CURLINFO_SIZE_UPLOAD = CURLINFO_DOUBLE + 7, + CURLINFO_SIZE_DOWNLOAD = CURLINFO_DOUBLE + 8, + CURLINFO_SPEED_DOWNLOAD = CURLINFO_DOUBLE + 9, + CURLINFO_SPEED_UPLOAD = CURLINFO_DOUBLE + 10, + CURLINFO_HEADER_SIZE = CURLINFO_LONG + 11, + CURLINFO_REQUEST_SIZE = CURLINFO_LONG + 12, + CURLINFO_SSL_VERIFYRESULT = CURLINFO_LONG + 13, + CURLINFO_FILETIME = CURLINFO_LONG + 14, + CURLINFO_CONTENT_LENGTH_DOWNLOAD = CURLINFO_DOUBLE + 15, + CURLINFO_CONTENT_LENGTH_UPLOAD = CURLINFO_DOUBLE + 16, + CURLINFO_STARTTRANSFER_TIME = CURLINFO_DOUBLE + 17, + CURLINFO_CONTENT_TYPE = CURLINFO_STRING + 18, + CURLINFO_REDIRECT_TIME = CURLINFO_DOUBLE + 19, + CURLINFO_REDIRECT_COUNT = CURLINFO_LONG + 20, + CURLINFO_PRIVATE = CURLINFO_STRING + 21, + CURLINFO_HTTP_CONNECTCODE = CURLINFO_LONG + 22, + CURLINFO_HTTPAUTH_AVAIL = CURLINFO_LONG + 23, + CURLINFO_PROXYAUTH_AVAIL = CURLINFO_LONG + 24, + CURLINFO_OS_ERRNO = CURLINFO_LONG + 25, + CURLINFO_NUM_CONNECTS = CURLINFO_LONG + 26, + CURLINFO_SSL_ENGINES = CURLINFO_SLIST + 27, + CURLINFO_COOKIELIST = CURLINFO_SLIST + 28, + CURLINFO_LASTSOCKET = CURLINFO_LONG + 29, + CURLINFO_FTP_ENTRY_PATH = CURLINFO_STRING + 30, + CURLINFO_REDIRECT_URL = CURLINFO_STRING + 31, + CURLINFO_PRIMARY_IP = CURLINFO_STRING + 32, + CURLINFO_APPCONNECT_TIME = CURLINFO_DOUBLE + 33, + CURLINFO_CERTINFO = CURLINFO_SLIST + 34, + CURLINFO_CONDITION_UNMET = CURLINFO_LONG + 35, + CURLINFO_RTSP_SESSION_ID = CURLINFO_STRING + 36, + CURLINFO_RTSP_CLIENT_CSEQ = CURLINFO_LONG + 37, + CURLINFO_RTSP_SERVER_CSEQ = CURLINFO_LONG + 38, + CURLINFO_RTSP_CSEQ_RECV = CURLINFO_LONG + 39, + CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40, + CURLINFO_LOCAL_IP = CURLINFO_STRING + 41, + CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42, + CURLINFO_TLS_SESSION = CURLINFO_SLIST + 43, + /* Fill in new entries below here! */ + + CURLINFO_LASTONE = 43 +} CURLINFO; + +/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as + CURLINFO_HTTP_CODE */ +#define CURLINFO_HTTP_CODE CURLINFO_RESPONSE_CODE + +typedef enum { + CURLCLOSEPOLICY_NONE, /* first, never use this */ + + CURLCLOSEPOLICY_OLDEST, + CURLCLOSEPOLICY_LEAST_RECENTLY_USED, + CURLCLOSEPOLICY_LEAST_TRAFFIC, + CURLCLOSEPOLICY_SLOWEST, + CURLCLOSEPOLICY_CALLBACK, + + CURLCLOSEPOLICY_LAST /* last, never use this */ +} curl_closepolicy; + +#define CURL_GLOBAL_SSL (1<<0) +#define CURL_GLOBAL_WIN32 (1<<1) +#define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) +#define CURL_GLOBAL_NOTHING 0 +#define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL +#define CURL_GLOBAL_ACK_EINTR (1<<2) + + +/***************************************************************************** + * Setup defines, protos etc for the sharing stuff. + */ + +/* Different data locks for a single share */ +typedef enum { + CURL_LOCK_DATA_NONE = 0, + /* CURL_LOCK_DATA_SHARE is used internally to say that + * the locking is just made to change the internal state of the share + * itself. + */ + CURL_LOCK_DATA_SHARE, + CURL_LOCK_DATA_COOKIE, + CURL_LOCK_DATA_DNS, + CURL_LOCK_DATA_SSL_SESSION, + CURL_LOCK_DATA_CONNECT, + CURL_LOCK_DATA_LAST +} curl_lock_data; + +/* Different lock access types */ +typedef enum { + CURL_LOCK_ACCESS_NONE = 0, /* unspecified action */ + CURL_LOCK_ACCESS_SHARED = 1, /* for read perhaps */ + CURL_LOCK_ACCESS_SINGLE = 2, /* for write perhaps */ + CURL_LOCK_ACCESS_LAST /* never use */ +} curl_lock_access; + +typedef void (*curl_lock_function)(CURL *handle, + curl_lock_data data, + curl_lock_access locktype, + void *userptr); +typedef void (*curl_unlock_function)(CURL *handle, + curl_lock_data data, + void *userptr); + +typedef void CURLSH; + +typedef enum { + CURLSHE_OK, /* all is fine */ + CURLSHE_BAD_OPTION, /* 1 */ + CURLSHE_IN_USE, /* 2 */ + CURLSHE_INVALID, /* 3 */ + CURLSHE_NOMEM, /* 4 out of memory */ + CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */ + CURLSHE_LAST /* never use */ +} CURLSHcode; + +typedef enum { + CURLSHOPT_NONE, /* don't use */ + CURLSHOPT_SHARE, /* specify a data type to share */ + CURLSHOPT_UNSHARE, /* specify which data type to stop sharing */ + CURLSHOPT_LOCKFUNC, /* pass in a 'curl_lock_function' pointer */ + CURLSHOPT_UNLOCKFUNC, /* pass in a 'curl_unlock_function' pointer */ + CURLSHOPT_USERDATA, /* pass in a user data pointer used in the lock/unlock + callback functions */ + CURLSHOPT_LAST /* never use */ +} CURLSHoption; + +CURL_EXTERN CURLSH *curl_share_init(void); +CURL_EXTERN CURLSHcode curl_share_setopt(CURLSH *, CURLSHoption option, ...); +CURL_EXTERN CURLSHcode curl_share_cleanup(CURLSH *); + +/**************************************************************************** + * Structures for querying information about the curl library at runtime. + */ + +typedef enum { + CURLVERSION_FIRST, + CURLVERSION_SECOND, + CURLVERSION_THIRD, + CURLVERSION_FOURTH, + CURLVERSION_LAST /* never actually use this */ +} CURLversion; + +/* The 'CURLVERSION_NOW' is the symbolic name meant to be used by + basically all programs ever that want to get version information. It is + meant to be a built-in version number for what kind of struct the caller + expects. If the struct ever changes, we redefine the NOW to another enum + from above. */ +#define CURLVERSION_NOW CURLVERSION_FOURTH + +typedef struct { + CURLversion age; /* age of the returned struct */ + const char *version; /* LIBCURL_VERSION */ + unsigned int version_num; /* LIBCURL_VERSION_NUM */ + const char *host; /* OS/host/cpu/machine when configured */ + int features; /* bitmask, see defines below */ + const char *ssl_version; /* human readable string */ + long ssl_version_num; /* not used anymore, always 0 */ + const char *libz_version; /* human readable string */ + /* protocols is terminated by an entry with a NULL protoname */ + const char * const *protocols; + + /* The fields below this were added in CURLVERSION_SECOND */ + const char *ares; + int ares_num; + + /* This field was added in CURLVERSION_THIRD */ + const char *libidn; + + /* These field were added in CURLVERSION_FOURTH */ + + /* Same as '_libiconv_version' if built with HAVE_ICONV */ + int iconv_ver_num; + + const char *libssh_version; /* human readable string */ + +} curl_version_info_data; + +#define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */ +#define CURL_VERSION_KERBEROS4 (1<<1) /* Kerberos V4 auth is supported + (deprecated) */ +#define CURL_VERSION_SSL (1<<2) /* SSL options are present */ +#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */ +#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */ +#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth is supported + (deprecated) */ +#define CURL_VERSION_DEBUG (1<<6) /* Built with debug capabilities */ +#define CURL_VERSION_ASYNCHDNS (1<<7) /* Asynchronous DNS resolves */ +#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */ +#define CURL_VERSION_LARGEFILE (1<<9) /* Supports files larger than 2GB */ +#define CURL_VERSION_IDN (1<<10) /* Internationized Domain Names are + supported */ +#define CURL_VERSION_SSPI (1<<11) /* Built against Windows SSPI */ +#define CURL_VERSION_CONV (1<<12) /* Character conversions supported */ +#define CURL_VERSION_CURLDEBUG (1<<13) /* Debug memory tracking supported */ +#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */ +#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegation to winbind helper + is suported */ +#define CURL_VERSION_HTTP2 (1<<16) /* HTTP2 support built-in */ +#define CURL_VERSION_GSSAPI (1<<17) /* Built against a GSS-API library */ +#define CURL_VERSION_KERBEROS5 (1<<18) /* Kerberos V5 auth is supported */ +#define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */ + + /* + * NAME curl_version_info() + * + * DESCRIPTION + * + * This function returns a pointer to a static copy of the version info + * struct. See above. + */ +CURL_EXTERN curl_version_info_data *curl_version_info(CURLversion); + +/* + * NAME curl_easy_strerror() + * + * DESCRIPTION + * + * The curl_easy_strerror function may be used to turn a CURLcode value + * into the equivalent human readable error string. This is useful + * for printing meaningful error messages. + */ +CURL_EXTERN const char *curl_easy_strerror(CURLcode); + +/* + * NAME curl_share_strerror() + * + * DESCRIPTION + * + * The curl_share_strerror function may be used to turn a CURLSHcode value + * into the equivalent human readable error string. This is useful + * for printing meaningful error messages. + */ +CURL_EXTERN const char *curl_share_strerror(CURLSHcode); + +/* + * NAME curl_easy_pause() + * + * DESCRIPTION + * + * The curl_easy_pause function pauses or unpauses transfers. Select the new + * state by setting the bitmask, use the convenience defines below. + * + */ +CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); + +#define CURLPAUSE_RECV (1<<0) +#define CURLPAUSE_RECV_CONT (0) + +#define CURLPAUSE_SEND (1<<2) +#define CURLPAUSE_SEND_CONT (0) + +#define CURLPAUSE_ALL (CURLPAUSE_RECV|CURLPAUSE_SEND) +#define CURLPAUSE_CONT (CURLPAUSE_RECV_CONT|CURLPAUSE_SEND_CONT) + +#ifdef __cplusplus +} +#endif + +/* unfortunately, the easy.h and multi.h include files need options and info + stuff before they can be included! */ +#include "easy.h" /* nothing in curl is fun without the easy stuff */ +#include "multi.h" + +/* the typechecker doesn't work in C++ (yet) */ +#if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ + ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \ + !defined(__cplusplus) && !defined(CURL_DISABLE_TYPECHECK) +#include "typecheck-gcc.h" +#else +#if defined(__STDC__) && (__STDC__ >= 1) +/* This preprocessor magic that replaces a call with the exact same call is + only done to make sure application authors pass exactly three arguments + to these functions. */ +#define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param) +#define curl_easy_getinfo(handle,info,arg) curl_easy_getinfo(handle,info,arg) +#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) +#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) +#endif /* __STDC__ >= 1 */ +#endif /* gcc >= 4.3 && !__cplusplus */ + +#endif /* __CURL_CURL_H */ diff --git a/include/curl/curlbuild.h b/include/curl/curlbuild.h new file mode 100644 index 0000000000..f09419a843 --- /dev/null +++ b/include/curl/curlbuild.h @@ -0,0 +1,585 @@ +#ifndef __CURL_CURLBUILD_H +#define __CURL_CURLBUILD_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* ================================================================ */ +/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */ +/* ================================================================ */ + +/* + * NOTE 1: + * ------- + * + * See file include/curl/curlbuild.h.in, run configure, and forget + * that this file exists it is only used for non-configure systems. + * But you can keep reading if you want ;-) + * + */ + +/* ================================================================ */ +/* NOTES FOR NON-CONFIGURE SYSTEMS */ +/* ================================================================ */ + +/* + * NOTE 1: + * ------- + * + * Nothing in this file is intended to be modified or adjusted by the + * curl library user nor by the curl library builder. + * + * If you think that something actually needs to be changed, adjusted + * or fixed in this file, then, report it on the libcurl development + * mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/ + * + * Try to keep one section per platform, compiler and architecture, + * otherwise, if an existing section is reused for a different one and + * later on the original is adjusted, probably the piggybacking one can + * be adversely changed. + * + * In order to differentiate between platforms/compilers/architectures + * use only compiler built in predefined preprocessor symbols. + * + * This header file shall only export symbols which are 'curl' or 'CURL' + * prefixed, otherwise public name space would be polluted. + * + * NOTE 2: + * ------- + * + * For any given platform/compiler curl_off_t must be typedef'ed to a + * 64-bit wide signed integral data type. The width of this data type + * must remain constant and independent of any possible large file + * support settings. + * + * As an exception to the above, curl_off_t shall be typedef'ed to a + * 32-bit wide signed integral data type if there is no 64-bit type. + * + * As a general rule, curl_off_t shall not be mapped to off_t. This + * rule shall only be violated if off_t is the only 64-bit data type + * available and the size of off_t is independent of large file support + * settings. Keep your build on the safe side avoiding an off_t gating. + * If you have a 64-bit off_t then take for sure that another 64-bit + * data type exists, dig deeper and you will find it. + * + * NOTE 3: + * ------- + * + * Right now you might be staring at file include/curl/curlbuild.h.dist or + * at file include/curl/curlbuild.h, this is due to the following reason: + * file include/curl/curlbuild.h.dist is renamed to include/curl/curlbuild.h + * when the libcurl source code distribution archive file is created. + * + * File include/curl/curlbuild.h.dist is not included in the distribution + * archive. File include/curl/curlbuild.h is not present in the git tree. + * + * The distributed include/curl/curlbuild.h file is only intended to be used + * on systems which can not run the also distributed configure script. + * + * On systems capable of running the configure script, the configure process + * will overwrite the distributed include/curl/curlbuild.h file with one that + * is suitable and specific to the library being configured and built, which + * is generated from the include/curl/curlbuild.h.in template file. + * + * If you check out from git on a non-configure platform, you must run the + * appropriate buildconf* script to set up curlbuild.h and other local files. + * + */ + +/* ================================================================ */ +/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */ +/* ================================================================ */ + +#ifdef CURL_SIZEOF_LONG +# error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined +#endif + +#ifdef CURL_TYPEOF_CURL_SOCKLEN_T +# error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined +#endif + +#ifdef CURL_SIZEOF_CURL_SOCKLEN_T +# error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined +#endif + +#ifdef CURL_TYPEOF_CURL_OFF_T +# error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined +#endif + +#ifdef CURL_FORMAT_CURL_OFF_T +# error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined +#endif + +#ifdef CURL_FORMAT_CURL_OFF_TU +# error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined +#endif + +#ifdef CURL_FORMAT_OFF_T +# error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined +#endif + +#ifdef CURL_SIZEOF_CURL_OFF_T +# error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined +#endif + +#ifdef CURL_SUFFIX_CURL_OFF_T +# error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined +#endif + +#ifdef CURL_SUFFIX_CURL_OFF_TU +# error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h" + Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined +#endif + +/* ================================================================ */ +/* EXTERNAL INTERFACE SETTINGS FOR NON-CONFIGURE SYSTEMS ONLY */ +/* ================================================================ */ + +#if defined(__DJGPP__) || defined(__GO32__) +# if defined(__DJGPP__) && (__DJGPP__ > 1) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__SALFORDC__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__BORLANDC__) +# if (__BORLANDC__ < 0x520) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__TURBOC__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__WATCOMC__) +# if defined(__386__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__POCC__) +# if (__POCC__ < 280) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# elif defined(_MSC_VER) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__LCC__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__SYMBIAN32__) +# if defined(__EABI__) /* Treat all ARM compilers equally */ +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(__CW32__) +# pragma longlong on +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(__VC32__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__MWERKS__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(_WIN32_WCE) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__MINGW32__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__VMS) +# if defined(__VAX) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +#elif defined(__OS400__) +# if defined(__ILEC400__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 +# endif + +#elif defined(__MVS__) +# if defined(__IBMC__) || defined(__IBMCPP__) +# if defined(_ILP32) +# define CURL_SIZEOF_LONG 4 +# elif defined(_LP64) +# define CURL_SIZEOF_LONG 8 +# endif +# if defined(_LONG_LONG) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(_LP64) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 +# endif + +#elif defined(__370__) +# if defined(__IBMC__) || defined(__IBMCPP__) +# if defined(_ILP32) +# define CURL_SIZEOF_LONG 4 +# elif defined(_LP64) +# define CURL_SIZEOF_LONG 8 +# endif +# if defined(_LONG_LONG) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(_LP64) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 +# endif + +#elif defined(TPF) +# define CURL_SIZEOF_LONG 8 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +/* ===================================== */ +/* KEEP MSVC THE PENULTIMATE ENTRY */ +/* ===================================== */ + +#elif defined(_MSC_VER) +# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_OFF_T "%I64d" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# else +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 4 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 + +/* ===================================== */ +/* KEEP GENERIC GCC THE LAST ENTRY */ +/* ===================================== */ + +#elif defined(__GNUC__) +# if defined(__ILP32__) || \ + defined(__i386__) || defined(__ppc__) || defined(__arm__) || defined(__sparc__) +# define CURL_SIZEOF_LONG 4 +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_FORMAT_OFF_T "%lld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(__LP64__) || \ + defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) +# define CURL_SIZEOF_LONG 8 +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_FORMAT_OFF_T "%ld" +# define CURL_SIZEOF_CURL_OFF_T 8 +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_SIZEOF_CURL_SOCKLEN_T 4 +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#else +# error "Unknown non-configure build target!" + Error Compilation_aborted_Unknown_non_configure_build_target +#endif + +/* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */ +/* sys/types.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_TYPES_H +# include +#endif + +/* CURL_PULL_SYS_SOCKET_H is defined above when inclusion of header file */ +/* sys/socket.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_SOCKET_H +# include +#endif + +/* Data type definition of curl_socklen_t. */ + +#ifdef CURL_TYPEOF_CURL_SOCKLEN_T + typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t; +#endif + +/* Data type definition of curl_off_t. */ + +#ifdef CURL_TYPEOF_CURL_OFF_T + typedef CURL_TYPEOF_CURL_OFF_T curl_off_t; +#endif + +#endif /* __CURL_CURLBUILD_H */ diff --git a/include/curl/curlrules.h b/include/curl/curlrules.h new file mode 100644 index 0000000000..7c2ede35b6 --- /dev/null +++ b/include/curl/curlrules.h @@ -0,0 +1,262 @@ +#ifndef __CURL_CURLRULES_H +#define __CURL_CURLRULES_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* ================================================================ */ +/* COMPILE TIME SANITY CHECKS */ +/* ================================================================ */ + +/* + * NOTE 1: + * ------- + * + * All checks done in this file are intentionally placed in a public + * header file which is pulled by curl/curl.h when an application is + * being built using an already built libcurl library. Additionally + * this file is also included and used when building the library. + * + * If compilation fails on this file it is certainly sure that the + * problem is elsewhere. It could be a problem in the curlbuild.h + * header file, or simply that you are using different compilation + * settings than those used to build the library. + * + * Nothing in this file is intended to be modified or adjusted by the + * curl library user nor by the curl library builder. + * + * Do not deactivate any check, these are done to make sure that the + * library is properly built and used. + * + * You can find further help on the libcurl development mailing list: + * http://cool.haxx.se/mailman/listinfo/curl-library/ + * + * NOTE 2 + * ------ + * + * Some of the following compile time checks are based on the fact + * that the dimension of a constant array can not be a negative one. + * In this way if the compile time verification fails, the compilation + * will fail issuing an error. The error description wording is compiler + * dependent but it will be quite similar to one of the following: + * + * "negative subscript or subscript is too large" + * "array must have at least one element" + * "-1 is an illegal array size" + * "size of array is negative" + * + * If you are building an application which tries to use an already + * built libcurl library and you are getting this kind of errors on + * this file, it is a clear indication that there is a mismatch between + * how the library was built and how you are trying to use it for your + * application. Your already compiled or binary library provider is the + * only one who can give you the details you need to properly use it. + */ + +/* + * Verify that some macros are actually defined. + */ + +#ifndef CURL_SIZEOF_LONG +# error "CURL_SIZEOF_LONG definition is missing!" + Error Compilation_aborted_CURL_SIZEOF_LONG_is_missing +#endif + +#ifndef CURL_TYPEOF_CURL_SOCKLEN_T +# error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!" + Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing +#endif + +#ifndef CURL_SIZEOF_CURL_SOCKLEN_T +# error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!" + Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing +#endif + +#ifndef CURL_TYPEOF_CURL_OFF_T +# error "CURL_TYPEOF_CURL_OFF_T definition is missing!" + Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing +#endif + +#ifndef CURL_FORMAT_CURL_OFF_T +# error "CURL_FORMAT_CURL_OFF_T definition is missing!" + Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing +#endif + +#ifndef CURL_FORMAT_CURL_OFF_TU +# error "CURL_FORMAT_CURL_OFF_TU definition is missing!" + Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing +#endif + +#ifndef CURL_FORMAT_OFF_T +# error "CURL_FORMAT_OFF_T definition is missing!" + Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing +#endif + +#ifndef CURL_SIZEOF_CURL_OFF_T +# error "CURL_SIZEOF_CURL_OFF_T definition is missing!" + Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing +#endif + +#ifndef CURL_SUFFIX_CURL_OFF_T +# error "CURL_SUFFIX_CURL_OFF_T definition is missing!" + Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing +#endif + +#ifndef CURL_SUFFIX_CURL_OFF_TU +# error "CURL_SUFFIX_CURL_OFF_TU definition is missing!" + Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing +#endif + +/* + * Macros private to this header file. + */ + +#define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1 + +#define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1 + +/* + * Verify that the size previously defined and expected for long + * is the same as the one reported by sizeof() at compile time. + */ + +typedef char + __curl_rule_01__ + [CurlchkszEQ(long, CURL_SIZEOF_LONG)]; + +/* + * Verify that the size previously defined and expected for + * curl_off_t is actually the the same as the one reported + * by sizeof() at compile time. + */ + +typedef char + __curl_rule_02__ + [CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)]; + +/* + * Verify at compile time that the size of curl_off_t as reported + * by sizeof() is greater or equal than the one reported for long + * for the current compilation. + */ + +typedef char + __curl_rule_03__ + [CurlchkszGE(curl_off_t, long)]; + +/* + * Verify that the size previously defined and expected for + * curl_socklen_t is actually the the same as the one reported + * by sizeof() at compile time. + */ + +typedef char + __curl_rule_04__ + [CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)]; + +/* + * Verify at compile time that the size of curl_socklen_t as reported + * by sizeof() is greater or equal than the one reported for int for + * the current compilation. + */ + +typedef char + __curl_rule_05__ + [CurlchkszGE(curl_socklen_t, int)]; + +/* ================================================================ */ +/* EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS */ +/* ================================================================ */ + +/* + * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow + * these to be visible and exported by the external libcurl interface API, + * while also making them visible to the library internals, simply including + * curl_setup.h, without actually needing to include curl.h internally. + * If some day this section would grow big enough, all this should be moved + * to its own header file. + */ + +/* + * Figure out if we can use the ## preprocessor operator, which is supported + * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__ + * or __cplusplus so we need to carefully check for them too. + */ + +#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \ + defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \ + defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \ + defined(__ILEC400__) + /* This compiler is believed to have an ISO compatible preprocessor */ +#define CURL_ISOCPP +#else + /* This compiler is believed NOT to have an ISO compatible preprocessor */ +#undef CURL_ISOCPP +#endif + +/* + * Macros for minimum-width signed and unsigned curl_off_t integer constants. + */ + +#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551) +# define __CURL_OFF_T_C_HLPR2(x) x +# define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x) +# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ + __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T) +# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ + __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU) +#else +# ifdef CURL_ISOCPP +# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix +# else +# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix +# endif +# define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix) +# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T) +# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU) +#endif + +/* + * Get rid of macros private to this header file. + */ + +#undef CurlchkszEQ +#undef CurlchkszGE + +/* + * Get rid of macros not intended to exist beyond this point. + */ + +#undef CURL_PULL_WS2TCPIP_H +#undef CURL_PULL_SYS_TYPES_H +#undef CURL_PULL_SYS_SOCKET_H +#undef CURL_PULL_SYS_POLL_H +#undef CURL_PULL_STDINT_H +#undef CURL_PULL_INTTYPES_H + +#undef CURL_TYPEOF_CURL_SOCKLEN_T +#undef CURL_TYPEOF_CURL_OFF_T + +#ifdef CURL_NO_OLDIES +#undef CURL_FORMAT_OFF_T /* not required since 7.19.0 - obsoleted in 7.20.0 */ +#endif + +#endif /* __CURL_CURLRULES_H */ diff --git a/include/curl/curlver.h b/include/curl/curlver.h new file mode 100644 index 0000000000..ccdafc1de1 --- /dev/null +++ b/include/curl/curlver.h @@ -0,0 +1,69 @@ +#ifndef __CURL_CURLVER_H +#define __CURL_CURLVER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* This header file contains nothing but libcurl version info, generated by + a script at release-time. This was made its own header file in 7.11.2 */ + +/* This is the global package copyright */ +#define LIBCURL_COPYRIGHT "1996 - 2015 Daniel Stenberg, ." + +/* This is the version number of the libcurl package from which this header + file origins: */ +#define LIBCURL_VERSION "7.40.0" + +/* The numeric version number is also available "in parts" by using these + defines: */ +#define LIBCURL_VERSION_MAJOR 7 +#define LIBCURL_VERSION_MINOR 40 +#define LIBCURL_VERSION_PATCH 0 + +/* This is the numeric version of the libcurl version number, meant for easier + parsing and comparions by programs. The LIBCURL_VERSION_NUM define will + always follow this syntax: + + 0xXXYYZZ + + Where XX, YY and ZZ are the main version, release and patch numbers in + hexadecimal (using 8 bits each). All three numbers are always represented + using two digits. 1.2 would appear as "0x010200" while version 9.11.7 + appears as "0x090b07". + + This 6-digit (24 bits) hexadecimal number does not show pre-release number, + and it is always a greater number in a more recent release. It makes + comparisons with greater than and less than work. +*/ +#define LIBCURL_VERSION_NUM 0x072800 + +/* + * This is the date and time when the full source package was created. The + * timestamp is not stored in git, as the timestamp is properly set in the + * tarballs by the maketgz script. + * + * The format of the date should follow this template: + * + * "Mon Feb 12 11:35:33 UTC 2007" + */ +#define LIBCURL_TIMESTAMP "Thu Jan 8 08:17:17 UTC 2015" + +#endif /* __CURL_CURLVER_H */ diff --git a/include/curl/easy.h b/include/curl/easy.h new file mode 100644 index 0000000000..c1e3e76096 --- /dev/null +++ b/include/curl/easy.h @@ -0,0 +1,102 @@ +#ifndef __CURL_EASY_H +#define __CURL_EASY_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#ifdef __cplusplus +extern "C" { +#endif + +CURL_EXTERN CURL *curl_easy_init(void); +CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...); +CURL_EXTERN CURLcode curl_easy_perform(CURL *curl); +CURL_EXTERN void curl_easy_cleanup(CURL *curl); + +/* + * NAME curl_easy_getinfo() + * + * DESCRIPTION + * + * Request internal information from the curl session with this function. The + * third argument MUST be a pointer to a long, a pointer to a char * or a + * pointer to a double (as the documentation describes elsewhere). The data + * pointed to will be filled in accordingly and can be relied upon only if the + * function returns CURLE_OK. This function is intended to get used *AFTER* a + * performed transfer, all results from this function are undefined until the + * transfer is completed. + */ +CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...); + + +/* + * NAME curl_easy_duphandle() + * + * DESCRIPTION + * + * Creates a new curl session handle with the same options set for the handle + * passed in. Duplicating a handle could only be a matter of cloning data and + * options, internal state info and things like persistent connections cannot + * be transferred. It is useful in multithreaded applications when you can run + * curl_easy_duphandle() for each new thread to avoid a series of identical + * curl_easy_setopt() invokes in every thread. + */ +CURL_EXTERN CURL* curl_easy_duphandle(CURL *curl); + +/* + * NAME curl_easy_reset() + * + * DESCRIPTION + * + * Re-initializes a CURL handle to the default values. This puts back the + * handle to the same state as it was in when it was just created. + * + * It does keep: live connections, the Session ID cache, the DNS cache and the + * cookies. + */ +CURL_EXTERN void curl_easy_reset(CURL *curl); + +/* + * NAME curl_easy_recv() + * + * DESCRIPTION + * + * Receives data from the connected socket. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, + size_t *n); + +/* + * NAME curl_easy_send() + * + * DESCRIPTION + * + * Sends data over the connected socket. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer, + size_t buflen, size_t *n); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/curl/mprintf.h b/include/curl/mprintf.h new file mode 100644 index 0000000000..cc9e7f5d1f --- /dev/null +++ b/include/curl/mprintf.h @@ -0,0 +1,81 @@ +#ifndef __CURL_MPRINTF_H +#define __CURL_MPRINTF_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include +#include /* needed for FILE */ + +#include "curl.h" + +#ifdef __cplusplus +extern "C" { +#endif + +CURL_EXTERN int curl_mprintf(const char *format, ...); +CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...); +CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...); +CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, + const char *format, ...); +CURL_EXTERN int curl_mvprintf(const char *format, va_list args); +CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args); +CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args); +CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength, + const char *format, va_list args); +CURL_EXTERN char *curl_maprintf(const char *format, ...); +CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args); + +#ifdef _MPRINTF_REPLACE +# undef printf +# undef fprintf +# undef sprintf +# undef vsprintf +# undef snprintf +# undef vprintf +# undef vfprintf +# undef vsnprintf +# undef aprintf +# undef vaprintf +# define printf curl_mprintf +# define fprintf curl_mfprintf +#ifdef CURLDEBUG +/* When built with CURLDEBUG we define away the sprintf functions since we + don't want internal code to be using them */ +# define sprintf sprintf_was_used +# define vsprintf vsprintf_was_used +#else +# define sprintf curl_msprintf +# define vsprintf curl_mvsprintf +#endif +# define snprintf curl_msnprintf +# define vprintf curl_mvprintf +# define vfprintf curl_mvfprintf +# define vsnprintf curl_mvsnprintf +# define aprintf curl_maprintf +# define vaprintf curl_mvaprintf +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __CURL_MPRINTF_H */ diff --git a/include/curl/multi.h b/include/curl/multi.h new file mode 100644 index 0000000000..3c4acb0f6e --- /dev/null +++ b/include/curl/multi.h @@ -0,0 +1,399 @@ +#ifndef __CURL_MULTI_H +#define __CURL_MULTI_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +/* + This is an "external" header file. Don't give away any internals here! + + GOALS + + o Enable a "pull" interface. The application that uses libcurl decides where + and when to ask libcurl to get/send data. + + o Enable multiple simultaneous transfers in the same thread without making it + complicated for the application. + + o Enable the application to select() on its own file descriptors and curl's + file descriptors simultaneous easily. + +*/ + +/* + * This header file should not really need to include "curl.h" since curl.h + * itself includes this file and we expect user applications to do #include + * without the need for especially including multi.h. + * + * For some reason we added this include here at one point, and rather than to + * break existing (wrongly written) libcurl applications, we leave it as-is + * but with this warning attached. + */ +#include "curl.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void CURLM; + +typedef enum { + CURLM_CALL_MULTI_PERFORM = -1, /* please call curl_multi_perform() or + curl_multi_socket*() soon */ + CURLM_OK, + CURLM_BAD_HANDLE, /* the passed-in handle is not a valid CURLM handle */ + CURLM_BAD_EASY_HANDLE, /* an easy handle was not good/valid */ + CURLM_OUT_OF_MEMORY, /* if you ever get this, you're in deep sh*t */ + CURLM_INTERNAL_ERROR, /* this is a libcurl bug */ + CURLM_BAD_SOCKET, /* the passed in socket argument did not match */ + CURLM_UNKNOWN_OPTION, /* curl_multi_setopt() with unsupported option */ + CURLM_ADDED_ALREADY, /* an easy handle already added to a multi handle was + attempted to get added - again */ + CURLM_LAST +} CURLMcode; + +/* just to make code nicer when using curl_multi_socket() you can now check + for CURLM_CALL_MULTI_SOCKET too in the same style it works for + curl_multi_perform() and CURLM_CALL_MULTI_PERFORM */ +#define CURLM_CALL_MULTI_SOCKET CURLM_CALL_MULTI_PERFORM + +typedef enum { + CURLMSG_NONE, /* first, not used */ + CURLMSG_DONE, /* This easy handle has completed. 'result' contains + the CURLcode of the transfer */ + CURLMSG_LAST /* last, not used */ +} CURLMSG; + +struct CURLMsg { + CURLMSG msg; /* what this message means */ + CURL *easy_handle; /* the handle it concerns */ + union { + void *whatever; /* message-specific data */ + CURLcode result; /* return code for transfer */ + } data; +}; +typedef struct CURLMsg CURLMsg; + +/* Based on poll(2) structure and values. + * We don't use pollfd and POLL* constants explicitly + * to cover platforms without poll(). */ +#define CURL_WAIT_POLLIN 0x0001 +#define CURL_WAIT_POLLPRI 0x0002 +#define CURL_WAIT_POLLOUT 0x0004 + +struct curl_waitfd { + curl_socket_t fd; + short events; + short revents; /* not supported yet */ +}; + +/* + * Name: curl_multi_init() + * + * Desc: inititalize multi-style curl usage + * + * Returns: a new CURLM handle to use in all 'curl_multi' functions. + */ +CURL_EXTERN CURLM *curl_multi_init(void); + +/* + * Name: curl_multi_add_handle() + * + * Desc: add a standard curl handle to the multi stack + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_add_handle(CURLM *multi_handle, + CURL *curl_handle); + + /* + * Name: curl_multi_remove_handle() + * + * Desc: removes a curl handle from the multi stack again + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_remove_handle(CURLM *multi_handle, + CURL *curl_handle); + + /* + * Name: curl_multi_fdset() + * + * Desc: Ask curl for its fd_set sets. The app can use these to select() or + * poll() on. We want curl_multi_perform() called as soon as one of + * them are ready. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle, + fd_set *read_fd_set, + fd_set *write_fd_set, + fd_set *exc_fd_set, + int *max_fd); + +/* + * Name: curl_multi_wait() + * + * Desc: Poll on all fds within a CURLM set as well as any + * additional fds passed to the function. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms, + int *ret); + + /* + * Name: curl_multi_perform() + * + * Desc: When the app thinks there's data available for curl it calls this + * function to read/write whatever there is right now. This returns + * as soon as the reads and writes are done. This function does not + * require that there actually is data available for reading or that + * data can be written, it can be called just in case. It returns + * the number of handles that still transfer data in the second + * argument's integer-pointer. + * + * Returns: CURLMcode type, general multi error code. *NOTE* that this only + * returns errors etc regarding the whole multi stack. There might + * still have occurred problems on invidual transfers even when this + * returns OK. + */ +CURL_EXTERN CURLMcode curl_multi_perform(CURLM *multi_handle, + int *running_handles); + + /* + * Name: curl_multi_cleanup() + * + * Desc: Cleans up and removes a whole multi stack. It does not free or + * touch any individual easy handles in any way. We need to define + * in what state those handles will be if this function is called + * in the middle of a transfer. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); + +/* + * Name: curl_multi_info_read() + * + * Desc: Ask the multi handle if there's any messages/informationals from + * the individual transfers. Messages include informationals such as + * error code from the transfer or just the fact that a transfer is + * completed. More details on these should be written down as well. + * + * Repeated calls to this function will return a new struct each + * time, until a special "end of msgs" struct is returned as a signal + * that there is no more to get at this point. + * + * The data the returned pointer points to will not survive calling + * curl_multi_cleanup(). + * + * The 'CURLMsg' struct is meant to be very simple and only contain + * very basic informations. If more involved information is wanted, + * we will provide the particular "transfer handle" in that struct + * and that should/could/would be used in subsequent + * curl_easy_getinfo() calls (or similar). The point being that we + * must never expose complex structs to applications, as then we'll + * undoubtably get backwards compatibility problems in the future. + * + * Returns: A pointer to a filled-in struct, or NULL if it failed or ran out + * of structs. It also writes the number of messages left in the + * queue (after this read) in the integer the second argument points + * to. + */ +CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle, + int *msgs_in_queue); + +/* + * Name: curl_multi_strerror() + * + * Desc: The curl_multi_strerror function may be used to turn a CURLMcode + * value into the equivalent human readable error string. This is + * useful for printing meaningful error messages. + * + * Returns: A pointer to a zero-terminated error message. + */ +CURL_EXTERN const char *curl_multi_strerror(CURLMcode); + +/* + * Name: curl_multi_socket() and + * curl_multi_socket_all() + * + * Desc: An alternative version of curl_multi_perform() that allows the + * application to pass in one of the file descriptors that have been + * detected to have "action" on them and let libcurl perform. + * See man page for details. + */ +#define CURL_POLL_NONE 0 +#define CURL_POLL_IN 1 +#define CURL_POLL_OUT 2 +#define CURL_POLL_INOUT 3 +#define CURL_POLL_REMOVE 4 + +#define CURL_SOCKET_TIMEOUT CURL_SOCKET_BAD + +#define CURL_CSELECT_IN 0x01 +#define CURL_CSELECT_OUT 0x02 +#define CURL_CSELECT_ERR 0x04 + +typedef int (*curl_socket_callback)(CURL *easy, /* easy handle */ + curl_socket_t s, /* socket */ + int what, /* see above */ + void *userp, /* private callback + pointer */ + void *socketp); /* private socket + pointer */ +/* + * Name: curl_multi_timer_callback + * + * Desc: Called by libcurl whenever the library detects a change in the + * maximum number of milliseconds the app is allowed to wait before + * curl_multi_socket() or curl_multi_perform() must be called + * (to allow libcurl's timed events to take place). + * + * Returns: The callback should return zero. + */ +typedef int (*curl_multi_timer_callback)(CURLM *multi, /* multi handle */ + long timeout_ms, /* see above */ + void *userp); /* private callback + pointer */ + +CURL_EXTERN CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s, + int *running_handles); + +CURL_EXTERN CURLMcode curl_multi_socket_action(CURLM *multi_handle, + curl_socket_t s, + int ev_bitmask, + int *running_handles); + +CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle, + int *running_handles); + +#ifndef CURL_ALLOW_OLD_MULTI_SOCKET +/* This macro below was added in 7.16.3 to push users who recompile to use + the new curl_multi_socket_action() instead of the old curl_multi_socket() +*/ +#define curl_multi_socket(x,y,z) curl_multi_socket_action(x,y,0,z) +#endif + +/* + * Name: curl_multi_timeout() + * + * Desc: Returns the maximum number of milliseconds the app is allowed to + * wait before curl_multi_socket() or curl_multi_perform() must be + * called (to allow libcurl's timed events to take place). + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle, + long *milliseconds); + +#undef CINIT /* re-using the same name as in curl.h */ + +#ifdef CURL_ISOCPP +#define CINIT(name,type,num) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + num +#else +/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ +#define LONG CURLOPTTYPE_LONG +#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT +#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT +#define OFF_T CURLOPTTYPE_OFF_T +#define CINIT(name,type,number) CURLMOPT_/**/name = type + number +#endif + +typedef enum { + /* This is the socket callback function pointer */ + CINIT(SOCKETFUNCTION, FUNCTIONPOINT, 1), + + /* This is the argument passed to the socket callback */ + CINIT(SOCKETDATA, OBJECTPOINT, 2), + + /* set to 1 to enable pipelining for this multi handle */ + CINIT(PIPELINING, LONG, 3), + + /* This is the timer callback function pointer */ + CINIT(TIMERFUNCTION, FUNCTIONPOINT, 4), + + /* This is the argument passed to the timer callback */ + CINIT(TIMERDATA, OBJECTPOINT, 5), + + /* maximum number of entries in the connection cache */ + CINIT(MAXCONNECTS, LONG, 6), + + /* maximum number of (pipelining) connections to one host */ + CINIT(MAX_HOST_CONNECTIONS, LONG, 7), + + /* maximum number of requests in a pipeline */ + CINIT(MAX_PIPELINE_LENGTH, LONG, 8), + + /* a connection with a content-length longer than this + will not be considered for pipelining */ + CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9), + + /* a connection with a chunk length longer than this + will not be considered for pipelining */ + CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10), + + /* a list of site names(+port) that are blacklisted from + pipelining */ + CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11), + + /* a list of server types that are blacklisted from + pipelining */ + CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12), + + /* maximum number of open connections in total */ + CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13), + + CURLMOPT_LASTENTRY /* the last unused */ +} CURLMoption; + + +/* + * Name: curl_multi_setopt() + * + * Desc: Sets options for the multi handle. + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_setopt(CURLM *multi_handle, + CURLMoption option, ...); + + +/* + * Name: curl_multi_assign() + * + * Desc: This function sets an association in the multi handle between the + * given socket and a private pointer of the application. This is + * (only) useful for curl_multi_socket uses. + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_assign(CURLM *multi_handle, + curl_socket_t sockfd, void *sockp); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif diff --git a/include/curl/stdcheaders.h b/include/curl/stdcheaders.h new file mode 100644 index 0000000000..ad82ef6335 --- /dev/null +++ b/include/curl/stdcheaders.h @@ -0,0 +1,33 @@ +#ifndef __STDC_HEADERS_H +#define __STDC_HEADERS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include + +size_t fread (void *, size_t, size_t, FILE *); +size_t fwrite (const void *, size_t, size_t, FILE *); + +int strcasecmp(const char *, const char *); +int strncasecmp(const char *, const char *, size_t); + +#endif /* __STDC_HEADERS_H */ diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h new file mode 100644 index 0000000000..69d41a20d1 --- /dev/null +++ b/include/curl/typecheck-gcc.h @@ -0,0 +1,610 @@ +#ifndef __CURL_TYPECHECK_GCC_H +#define __CURL_TYPECHECK_GCC_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* wraps curl_easy_setopt() with typechecking */ + +/* To add a new kind of warning, add an + * if(_curl_is_sometype_option(_curl_opt)) + * if(!_curl_is_sometype(value)) + * _curl_easy_setopt_err_sometype(); + * block and define _curl_is_sometype_option, _curl_is_sometype and + * _curl_easy_setopt_err_sometype below + * + * NOTE: We use two nested 'if' statements here instead of the && operator, in + * order to work around gcc bug #32061. It affects only gcc 4.3.x/4.4.x + * when compiling with -Wlogical-op. + * + * To add an option that uses the same type as an existing option, you'll just + * need to extend the appropriate _curl_*_option macro + */ +#define curl_easy_setopt(handle, option, value) \ +__extension__ ({ \ + __typeof__ (option) _curl_opt = option; \ + if(__builtin_constant_p(_curl_opt)) { \ + if(_curl_is_long_option(_curl_opt)) \ + if(!_curl_is_long(value)) \ + _curl_easy_setopt_err_long(); \ + if(_curl_is_off_t_option(_curl_opt)) \ + if(!_curl_is_off_t(value)) \ + _curl_easy_setopt_err_curl_off_t(); \ + if(_curl_is_string_option(_curl_opt)) \ + if(!_curl_is_string(value)) \ + _curl_easy_setopt_err_string(); \ + if(_curl_is_write_cb_option(_curl_opt)) \ + if(!_curl_is_write_cb(value)) \ + _curl_easy_setopt_err_write_callback(); \ + if((_curl_opt) == CURLOPT_READFUNCTION) \ + if(!_curl_is_read_cb(value)) \ + _curl_easy_setopt_err_read_cb(); \ + if((_curl_opt) == CURLOPT_IOCTLFUNCTION) \ + if(!_curl_is_ioctl_cb(value)) \ + _curl_easy_setopt_err_ioctl_cb(); \ + if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION) \ + if(!_curl_is_sockopt_cb(value)) \ + _curl_easy_setopt_err_sockopt_cb(); \ + if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION) \ + if(!_curl_is_opensocket_cb(value)) \ + _curl_easy_setopt_err_opensocket_cb(); \ + if((_curl_opt) == CURLOPT_PROGRESSFUNCTION) \ + if(!_curl_is_progress_cb(value)) \ + _curl_easy_setopt_err_progress_cb(); \ + if((_curl_opt) == CURLOPT_DEBUGFUNCTION) \ + if(!_curl_is_debug_cb(value)) \ + _curl_easy_setopt_err_debug_cb(); \ + if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION) \ + if(!_curl_is_ssl_ctx_cb(value)) \ + _curl_easy_setopt_err_ssl_ctx_cb(); \ + if(_curl_is_conv_cb_option(_curl_opt)) \ + if(!_curl_is_conv_cb(value)) \ + _curl_easy_setopt_err_conv_cb(); \ + if((_curl_opt) == CURLOPT_SEEKFUNCTION) \ + if(!_curl_is_seek_cb(value)) \ + _curl_easy_setopt_err_seek_cb(); \ + if(_curl_is_cb_data_option(_curl_opt)) \ + if(!_curl_is_cb_data(value)) \ + _curl_easy_setopt_err_cb_data(); \ + if((_curl_opt) == CURLOPT_ERRORBUFFER) \ + if(!_curl_is_error_buffer(value)) \ + _curl_easy_setopt_err_error_buffer(); \ + if((_curl_opt) == CURLOPT_STDERR) \ + if(!_curl_is_FILE(value)) \ + _curl_easy_setopt_err_FILE(); \ + if(_curl_is_postfields_option(_curl_opt)) \ + if(!_curl_is_postfields(value)) \ + _curl_easy_setopt_err_postfields(); \ + if((_curl_opt) == CURLOPT_HTTPPOST) \ + if(!_curl_is_arr((value), struct curl_httppost)) \ + _curl_easy_setopt_err_curl_httpost(); \ + if(_curl_is_slist_option(_curl_opt)) \ + if(!_curl_is_arr((value), struct curl_slist)) \ + _curl_easy_setopt_err_curl_slist(); \ + if((_curl_opt) == CURLOPT_SHARE) \ + if(!_curl_is_ptr((value), CURLSH)) \ + _curl_easy_setopt_err_CURLSH(); \ + } \ + curl_easy_setopt(handle, _curl_opt, value); \ +}) + +/* wraps curl_easy_getinfo() with typechecking */ +/* FIXME: don't allow const pointers */ +#define curl_easy_getinfo(handle, info, arg) \ +__extension__ ({ \ + __typeof__ (info) _curl_info = info; \ + if(__builtin_constant_p(_curl_info)) { \ + if(_curl_is_string_info(_curl_info)) \ + if(!_curl_is_arr((arg), char *)) \ + _curl_easy_getinfo_err_string(); \ + if(_curl_is_long_info(_curl_info)) \ + if(!_curl_is_arr((arg), long)) \ + _curl_easy_getinfo_err_long(); \ + if(_curl_is_double_info(_curl_info)) \ + if(!_curl_is_arr((arg), double)) \ + _curl_easy_getinfo_err_double(); \ + if(_curl_is_slist_info(_curl_info)) \ + if(!_curl_is_arr((arg), struct curl_slist *)) \ + _curl_easy_getinfo_err_curl_slist(); \ + } \ + curl_easy_getinfo(handle, _curl_info, arg); \ +}) + +/* TODO: typechecking for curl_share_setopt() and curl_multi_setopt(), + * for now just make sure that the functions are called with three + * arguments + */ +#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) +#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) + + +/* the actual warnings, triggered by calling the _curl_easy_setopt_err* + * functions */ + +/* To define a new warning, use _CURL_WARNING(identifier, "message") */ +#define _CURL_WARNING(id, message) \ + static void __attribute__((__warning__(message))) \ + __attribute__((__unused__)) __attribute__((__noinline__)) \ + id(void) { __asm__(""); } + +_CURL_WARNING(_curl_easy_setopt_err_long, + "curl_easy_setopt expects a long argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_curl_off_t, + "curl_easy_setopt expects a curl_off_t argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_string, + "curl_easy_setopt expects a " + "string (char* or char[]) argument for this option" + ) +_CURL_WARNING(_curl_easy_setopt_err_write_callback, + "curl_easy_setopt expects a curl_write_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_read_cb, + "curl_easy_setopt expects a curl_read_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_ioctl_cb, + "curl_easy_setopt expects a curl_ioctl_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_sockopt_cb, + "curl_easy_setopt expects a curl_sockopt_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_opensocket_cb, + "curl_easy_setopt expects a " + "curl_opensocket_callback argument for this option" + ) +_CURL_WARNING(_curl_easy_setopt_err_progress_cb, + "curl_easy_setopt expects a curl_progress_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_debug_cb, + "curl_easy_setopt expects a curl_debug_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_ssl_ctx_cb, + "curl_easy_setopt expects a curl_ssl_ctx_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_conv_cb, + "curl_easy_setopt expects a curl_conv_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_seek_cb, + "curl_easy_setopt expects a curl_seek_callback argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_cb_data, + "curl_easy_setopt expects a " + "private data pointer as argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_error_buffer, + "curl_easy_setopt expects a " + "char buffer of CURL_ERROR_SIZE as argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_FILE, + "curl_easy_setopt expects a FILE* argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_postfields, + "curl_easy_setopt expects a void* or char* argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_curl_httpost, + "curl_easy_setopt expects a struct curl_httppost* argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_curl_slist, + "curl_easy_setopt expects a struct curl_slist* argument for this option") +_CURL_WARNING(_curl_easy_setopt_err_CURLSH, + "curl_easy_setopt expects a CURLSH* argument for this option") + +_CURL_WARNING(_curl_easy_getinfo_err_string, + "curl_easy_getinfo expects a pointer to char * for this info") +_CURL_WARNING(_curl_easy_getinfo_err_long, + "curl_easy_getinfo expects a pointer to long for this info") +_CURL_WARNING(_curl_easy_getinfo_err_double, + "curl_easy_getinfo expects a pointer to double for this info") +_CURL_WARNING(_curl_easy_getinfo_err_curl_slist, + "curl_easy_getinfo expects a pointer to struct curl_slist * for this info") + +/* groups of curl_easy_setops options that take the same type of argument */ + +/* To add a new option to one of the groups, just add + * (option) == CURLOPT_SOMETHING + * to the or-expression. If the option takes a long or curl_off_t, you don't + * have to do anything + */ + +/* evaluates to true if option takes a long argument */ +#define _curl_is_long_option(option) \ + (0 < (option) && (option) < CURLOPTTYPE_OBJECTPOINT) + +#define _curl_is_off_t_option(option) \ + ((option) > CURLOPTTYPE_OFF_T) + +/* evaluates to true if option takes a char* argument */ +#define _curl_is_string_option(option) \ + ((option) == CURLOPT_URL || \ + (option) == CURLOPT_PROXY || \ + (option) == CURLOPT_INTERFACE || \ + (option) == CURLOPT_NETRC_FILE || \ + (option) == CURLOPT_USERPWD || \ + (option) == CURLOPT_USERNAME || \ + (option) == CURLOPT_PASSWORD || \ + (option) == CURLOPT_PROXYUSERPWD || \ + (option) == CURLOPT_PROXYUSERNAME || \ + (option) == CURLOPT_PROXYPASSWORD || \ + (option) == CURLOPT_NOPROXY || \ + (option) == CURLOPT_ACCEPT_ENCODING || \ + (option) == CURLOPT_REFERER || \ + (option) == CURLOPT_USERAGENT || \ + (option) == CURLOPT_COOKIE || \ + (option) == CURLOPT_COOKIEFILE || \ + (option) == CURLOPT_COOKIEJAR || \ + (option) == CURLOPT_COOKIELIST || \ + (option) == CURLOPT_FTPPORT || \ + (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \ + (option) == CURLOPT_FTP_ACCOUNT || \ + (option) == CURLOPT_RANGE || \ + (option) == CURLOPT_CUSTOMREQUEST || \ + (option) == CURLOPT_SSLCERT || \ + (option) == CURLOPT_SSLCERTTYPE || \ + (option) == CURLOPT_SSLKEY || \ + (option) == CURLOPT_SSLKEYTYPE || \ + (option) == CURLOPT_KEYPASSWD || \ + (option) == CURLOPT_SSLENGINE || \ + (option) == CURLOPT_CAINFO || \ + (option) == CURLOPT_CAPATH || \ + (option) == CURLOPT_RANDOM_FILE || \ + (option) == CURLOPT_EGDSOCKET || \ + (option) == CURLOPT_SSL_CIPHER_LIST || \ + (option) == CURLOPT_KRBLEVEL || \ + (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \ + (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \ + (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \ + (option) == CURLOPT_CRLFILE || \ + (option) == CURLOPT_ISSUERCERT || \ + (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \ + (option) == CURLOPT_SSH_KNOWNHOSTS || \ + (option) == CURLOPT_MAIL_FROM || \ + (option) == CURLOPT_RTSP_SESSION_ID || \ + (option) == CURLOPT_RTSP_STREAM_URI || \ + (option) == CURLOPT_RTSP_TRANSPORT || \ + (option) == CURLOPT_XOAUTH2_BEARER || \ + (option) == CURLOPT_DNS_SERVERS || \ + (option) == CURLOPT_DNS_INTERFACE || \ + (option) == CURLOPT_DNS_LOCAL_IP4 || \ + (option) == CURLOPT_DNS_LOCAL_IP6 || \ + (option) == CURLOPT_LOGIN_OPTIONS || \ + 0) + +/* evaluates to true if option takes a curl_write_callback argument */ +#define _curl_is_write_cb_option(option) \ + ((option) == CURLOPT_HEADERFUNCTION || \ + (option) == CURLOPT_WRITEFUNCTION) + +/* evaluates to true if option takes a curl_conv_callback argument */ +#define _curl_is_conv_cb_option(option) \ + ((option) == CURLOPT_CONV_TO_NETWORK_FUNCTION || \ + (option) == CURLOPT_CONV_FROM_NETWORK_FUNCTION || \ + (option) == CURLOPT_CONV_FROM_UTF8_FUNCTION) + +/* evaluates to true if option takes a data argument to pass to a callback */ +#define _curl_is_cb_data_option(option) \ + ((option) == CURLOPT_WRITEDATA || \ + (option) == CURLOPT_READDATA || \ + (option) == CURLOPT_IOCTLDATA || \ + (option) == CURLOPT_SOCKOPTDATA || \ + (option) == CURLOPT_OPENSOCKETDATA || \ + (option) == CURLOPT_PROGRESSDATA || \ + (option) == CURLOPT_HEADERDATA || \ + (option) == CURLOPT_DEBUGDATA || \ + (option) == CURLOPT_SSL_CTX_DATA || \ + (option) == CURLOPT_SEEKDATA || \ + (option) == CURLOPT_PRIVATE || \ + (option) == CURLOPT_SSH_KEYDATA || \ + (option) == CURLOPT_INTERLEAVEDATA || \ + (option) == CURLOPT_CHUNK_DATA || \ + (option) == CURLOPT_FNMATCH_DATA || \ + 0) + +/* evaluates to true if option takes a POST data argument (void* or char*) */ +#define _curl_is_postfields_option(option) \ + ((option) == CURLOPT_POSTFIELDS || \ + (option) == CURLOPT_COPYPOSTFIELDS || \ + 0) + +/* evaluates to true if option takes a struct curl_slist * argument */ +#define _curl_is_slist_option(option) \ + ((option) == CURLOPT_HTTPHEADER || \ + (option) == CURLOPT_HTTP200ALIASES || \ + (option) == CURLOPT_QUOTE || \ + (option) == CURLOPT_POSTQUOTE || \ + (option) == CURLOPT_PREQUOTE || \ + (option) == CURLOPT_TELNETOPTIONS || \ + (option) == CURLOPT_MAIL_RCPT || \ + 0) + +/* groups of curl_easy_getinfo infos that take the same type of argument */ + +/* evaluates to true if info expects a pointer to char * argument */ +#define _curl_is_string_info(info) \ + (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG) + +/* evaluates to true if info expects a pointer to long argument */ +#define _curl_is_long_info(info) \ + (CURLINFO_LONG < (info) && (info) < CURLINFO_DOUBLE) + +/* evaluates to true if info expects a pointer to double argument */ +#define _curl_is_double_info(info) \ + (CURLINFO_DOUBLE < (info) && (info) < CURLINFO_SLIST) + +/* true if info expects a pointer to struct curl_slist * argument */ +#define _curl_is_slist_info(info) \ + (CURLINFO_SLIST < (info)) + + +/* typecheck helpers -- check whether given expression has requested type*/ + +/* For pointers, you can use the _curl_is_ptr/_curl_is_arr macros, + * otherwise define a new macro. Search for __builtin_types_compatible_p + * in the GCC manual. + * NOTE: these macros MUST NOT EVALUATE their arguments! The argument is + * the actual expression passed to the curl_easy_setopt macro. This + * means that you can only apply the sizeof and __typeof__ operators, no + * == or whatsoever. + */ + +/* XXX: should evaluate to true iff expr is a pointer */ +#define _curl_is_any_ptr(expr) \ + (sizeof(expr) == sizeof(void*)) + +/* evaluates to true if expr is NULL */ +/* XXX: must not evaluate expr, so this check is not accurate */ +#define _curl_is_NULL(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), __typeof__(NULL))) + +/* evaluates to true if expr is type*, const type* or NULL */ +#define _curl_is_ptr(expr, type) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), type *) || \ + __builtin_types_compatible_p(__typeof__(expr), const type *)) + +/* evaluates to true if expr is one of type[], type*, NULL or const type* */ +#define _curl_is_arr(expr, type) \ + (_curl_is_ptr((expr), type) || \ + __builtin_types_compatible_p(__typeof__(expr), type [])) + +/* evaluates to true if expr is a string */ +#define _curl_is_string(expr) \ + (_curl_is_arr((expr), char) || \ + _curl_is_arr((expr), signed char) || \ + _curl_is_arr((expr), unsigned char)) + +/* evaluates to true if expr is a long (no matter the signedness) + * XXX: for now, int is also accepted (and therefore short and char, which + * are promoted to int when passed to a variadic function) */ +#define _curl_is_long(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), long) || \ + __builtin_types_compatible_p(__typeof__(expr), signed long) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned long) || \ + __builtin_types_compatible_p(__typeof__(expr), int) || \ + __builtin_types_compatible_p(__typeof__(expr), signed int) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned int) || \ + __builtin_types_compatible_p(__typeof__(expr), short) || \ + __builtin_types_compatible_p(__typeof__(expr), signed short) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned short) || \ + __builtin_types_compatible_p(__typeof__(expr), char) || \ + __builtin_types_compatible_p(__typeof__(expr), signed char) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned char)) + +/* evaluates to true if expr is of type curl_off_t */ +#define _curl_is_off_t(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), curl_off_t)) + +/* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */ +/* XXX: also check size of an char[] array? */ +#define _curl_is_error_buffer(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), char *) || \ + __builtin_types_compatible_p(__typeof__(expr), char[])) + +/* evaluates to true if expr is of type (const) void* or (const) FILE* */ +#if 0 +#define _curl_is_cb_data(expr) \ + (_curl_is_ptr((expr), void) || \ + _curl_is_ptr((expr), FILE)) +#else /* be less strict */ +#define _curl_is_cb_data(expr) \ + _curl_is_any_ptr(expr) +#endif + +/* evaluates to true if expr is of type FILE* */ +#define _curl_is_FILE(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), FILE *)) + +/* evaluates to true if expr can be passed as POST data (void* or char*) */ +#define _curl_is_postfields(expr) \ + (_curl_is_ptr((expr), void) || \ + _curl_is_arr((expr), char)) + +/* FIXME: the whole callback checking is messy... + * The idea is to tolerate char vs. void and const vs. not const + * pointers in arguments at least + */ +/* helper: __builtin_types_compatible_p distinguishes between functions and + * function pointers, hide it */ +#define _curl_callback_compatible(func, type) \ + (__builtin_types_compatible_p(__typeof__(func), type) || \ + __builtin_types_compatible_p(__typeof__(func), type*)) + +/* evaluates to true if expr is of type curl_read_callback or "similar" */ +#define _curl_is_read_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), __typeof__(fread)) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_read_callback) || \ + _curl_callback_compatible((expr), _curl_read_callback1) || \ + _curl_callback_compatible((expr), _curl_read_callback2) || \ + _curl_callback_compatible((expr), _curl_read_callback3) || \ + _curl_callback_compatible((expr), _curl_read_callback4) || \ + _curl_callback_compatible((expr), _curl_read_callback5) || \ + _curl_callback_compatible((expr), _curl_read_callback6)) +typedef size_t (_curl_read_callback1)(char *, size_t, size_t, void*); +typedef size_t (_curl_read_callback2)(char *, size_t, size_t, const void*); +typedef size_t (_curl_read_callback3)(char *, size_t, size_t, FILE*); +typedef size_t (_curl_read_callback4)(void *, size_t, size_t, void*); +typedef size_t (_curl_read_callback5)(void *, size_t, size_t, const void*); +typedef size_t (_curl_read_callback6)(void *, size_t, size_t, FILE*); + +/* evaluates to true if expr is of type curl_write_callback or "similar" */ +#define _curl_is_write_cb(expr) \ + (_curl_is_read_cb(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), __typeof__(fwrite)) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_write_callback) || \ + _curl_callback_compatible((expr), _curl_write_callback1) || \ + _curl_callback_compatible((expr), _curl_write_callback2) || \ + _curl_callback_compatible((expr), _curl_write_callback3) || \ + _curl_callback_compatible((expr), _curl_write_callback4) || \ + _curl_callback_compatible((expr), _curl_write_callback5) || \ + _curl_callback_compatible((expr), _curl_write_callback6)) +typedef size_t (_curl_write_callback1)(const char *, size_t, size_t, void*); +typedef size_t (_curl_write_callback2)(const char *, size_t, size_t, + const void*); +typedef size_t (_curl_write_callback3)(const char *, size_t, size_t, FILE*); +typedef size_t (_curl_write_callback4)(const void *, size_t, size_t, void*); +typedef size_t (_curl_write_callback5)(const void *, size_t, size_t, + const void*); +typedef size_t (_curl_write_callback6)(const void *, size_t, size_t, FILE*); + +/* evaluates to true if expr is of type curl_ioctl_callback or "similar" */ +#define _curl_is_ioctl_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_ioctl_callback) || \ + _curl_callback_compatible((expr), _curl_ioctl_callback1) || \ + _curl_callback_compatible((expr), _curl_ioctl_callback2) || \ + _curl_callback_compatible((expr), _curl_ioctl_callback3) || \ + _curl_callback_compatible((expr), _curl_ioctl_callback4)) +typedef curlioerr (_curl_ioctl_callback1)(CURL *, int, void*); +typedef curlioerr (_curl_ioctl_callback2)(CURL *, int, const void*); +typedef curlioerr (_curl_ioctl_callback3)(CURL *, curliocmd, void*); +typedef curlioerr (_curl_ioctl_callback4)(CURL *, curliocmd, const void*); + +/* evaluates to true if expr is of type curl_sockopt_callback or "similar" */ +#define _curl_is_sockopt_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_sockopt_callback) || \ + _curl_callback_compatible((expr), _curl_sockopt_callback1) || \ + _curl_callback_compatible((expr), _curl_sockopt_callback2)) +typedef int (_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype); +typedef int (_curl_sockopt_callback2)(const void *, curl_socket_t, + curlsocktype); + +/* evaluates to true if expr is of type curl_opensocket_callback or + "similar" */ +#define _curl_is_opensocket_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_opensocket_callback) ||\ + _curl_callback_compatible((expr), _curl_opensocket_callback1) || \ + _curl_callback_compatible((expr), _curl_opensocket_callback2) || \ + _curl_callback_compatible((expr), _curl_opensocket_callback3) || \ + _curl_callback_compatible((expr), _curl_opensocket_callback4)) +typedef curl_socket_t (_curl_opensocket_callback1) + (void *, curlsocktype, struct curl_sockaddr *); +typedef curl_socket_t (_curl_opensocket_callback2) + (void *, curlsocktype, const struct curl_sockaddr *); +typedef curl_socket_t (_curl_opensocket_callback3) + (const void *, curlsocktype, struct curl_sockaddr *); +typedef curl_socket_t (_curl_opensocket_callback4) + (const void *, curlsocktype, const struct curl_sockaddr *); + +/* evaluates to true if expr is of type curl_progress_callback or "similar" */ +#define _curl_is_progress_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_progress_callback) || \ + _curl_callback_compatible((expr), _curl_progress_callback1) || \ + _curl_callback_compatible((expr), _curl_progress_callback2)) +typedef int (_curl_progress_callback1)(void *, + double, double, double, double); +typedef int (_curl_progress_callback2)(const void *, + double, double, double, double); + +/* evaluates to true if expr is of type curl_debug_callback or "similar" */ +#define _curl_is_debug_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_debug_callback) || \ + _curl_callback_compatible((expr), _curl_debug_callback1) || \ + _curl_callback_compatible((expr), _curl_debug_callback2) || \ + _curl_callback_compatible((expr), _curl_debug_callback3) || \ + _curl_callback_compatible((expr), _curl_debug_callback4) || \ + _curl_callback_compatible((expr), _curl_debug_callback5) || \ + _curl_callback_compatible((expr), _curl_debug_callback6) || \ + _curl_callback_compatible((expr), _curl_debug_callback7) || \ + _curl_callback_compatible((expr), _curl_debug_callback8)) +typedef int (_curl_debug_callback1) (CURL *, + curl_infotype, char *, size_t, void *); +typedef int (_curl_debug_callback2) (CURL *, + curl_infotype, char *, size_t, const void *); +typedef int (_curl_debug_callback3) (CURL *, + curl_infotype, const char *, size_t, void *); +typedef int (_curl_debug_callback4) (CURL *, + curl_infotype, const char *, size_t, const void *); +typedef int (_curl_debug_callback5) (CURL *, + curl_infotype, unsigned char *, size_t, void *); +typedef int (_curl_debug_callback6) (CURL *, + curl_infotype, unsigned char *, size_t, const void *); +typedef int (_curl_debug_callback7) (CURL *, + curl_infotype, const unsigned char *, size_t, void *); +typedef int (_curl_debug_callback8) (CURL *, + curl_infotype, const unsigned char *, size_t, const void *); + +/* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */ +/* this is getting even messier... */ +#define _curl_is_ssl_ctx_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_ssl_ctx_callback) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback1) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback2) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback3) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback4) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback5) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback6) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback7) || \ + _curl_callback_compatible((expr), _curl_ssl_ctx_callback8)) +typedef CURLcode (_curl_ssl_ctx_callback1)(CURL *, void *, void *); +typedef CURLcode (_curl_ssl_ctx_callback2)(CURL *, void *, const void *); +typedef CURLcode (_curl_ssl_ctx_callback3)(CURL *, const void *, void *); +typedef CURLcode (_curl_ssl_ctx_callback4)(CURL *, const void *, const void *); +#ifdef HEADER_SSL_H +/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX + * this will of course break if we're included before OpenSSL headers... + */ +typedef CURLcode (_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *); +typedef CURLcode (_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *); +typedef CURLcode (_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *); +typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX, + const void *); +#else +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback7; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback8; +#endif + +/* evaluates to true if expr is of type curl_conv_callback or "similar" */ +#define _curl_is_conv_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_conv_callback) || \ + _curl_callback_compatible((expr), _curl_conv_callback1) || \ + _curl_callback_compatible((expr), _curl_conv_callback2) || \ + _curl_callback_compatible((expr), _curl_conv_callback3) || \ + _curl_callback_compatible((expr), _curl_conv_callback4)) +typedef CURLcode (*_curl_conv_callback1)(char *, size_t length); +typedef CURLcode (*_curl_conv_callback2)(const char *, size_t length); +typedef CURLcode (*_curl_conv_callback3)(void *, size_t length); +typedef CURLcode (*_curl_conv_callback4)(const void *, size_t length); + +/* evaluates to true if expr is of type curl_seek_callback or "similar" */ +#define _curl_is_seek_cb(expr) \ + (_curl_is_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), curl_seek_callback) || \ + _curl_callback_compatible((expr), _curl_seek_callback1) || \ + _curl_callback_compatible((expr), _curl_seek_callback2)) +typedef CURLcode (*_curl_seek_callback1)(void *, curl_off_t, int); +typedef CURLcode (*_curl_seek_callback2)(const void *, curl_off_t, int); + + +#endif /* __CURL_TYPECHECK_GCC_H */ From a50dd6dd342c0871514f9f82151ad3cb0f8739d0 Mon Sep 17 00:00:00 2001 From: keen Date: Fri, 23 Jan 2015 15:49:18 -0500 Subject: [PATCH 2/3] Add openssl libraries --- bin/libcurl.dll | Bin 268288 -> 291328 bytes bin/libeay32.dll | Bin 0 -> 1151488 bytes bin/ssleay32.dll | Bin 0 -> 274432 bytes blakserv/makefile | 2 + include/openssl/aes.h | 147 ++ include/openssl/applink.c | 94 + include/openssl/asn1.h | 1406 ++++++++++++ include/openssl/asn1_mac.h | 578 +++++ include/openssl/asn1t.h | 960 ++++++++ include/openssl/bio.h | 851 +++++++ include/openssl/blowfish.h | 129 ++ include/openssl/bn.h | 904 ++++++++ include/openssl/buffer.h | 119 + include/openssl/camellia.h | 130 ++ include/openssl/cast.h | 107 + include/openssl/cmac.h | 82 + include/openssl/cms.h | 501 ++++ include/openssl/comp.h | 80 + include/openssl/conf.h | 263 +++ include/openssl/conf_api.h | 89 + include/openssl/crypto.h | 611 +++++ include/openssl/des.h | 248 ++ include/openssl/des_old.h | 446 ++++ include/openssl/dh.h | 280 +++ include/openssl/dsa.h | 327 +++ include/openssl/dso.h | 409 ++++ include/openssl/dtls1.h | 296 +++ include/openssl/e_os2.h | 315 +++ include/openssl/ebcdic.h | 26 + include/openssl/ec.h | 1167 ++++++++++ include/openssl/ecdh.h | 125 + include/openssl/ecdsa.h | 260 +++ include/openssl/engine.h | 842 +++++++ include/openssl/err.h | 386 ++++ include/openssl/evp.h | 1409 ++++++++++++ include/openssl/hmac.h | 110 + include/openssl/idea.h | 103 + include/openssl/krb5_asn.h | 256 +++ include/openssl/kssl.h | 192 ++ include/openssl/lhash.h | 241 ++ include/openssl/md4.h | 120 + include/openssl/md5.h | 120 + include/openssl/mdc2.h | 98 + include/openssl/modes.h | 141 ++ include/openssl/obj_mac.h | 4032 +++++++++++++++++++++++++++++++++ include/openssl/objects.h | 1138 ++++++++++ include/openssl/ocsp.h | 623 +++++ include/openssl/opensslconf.h | 248 ++ include/openssl/opensslv.h | 96 + include/openssl/ossl_typ.h | 209 ++ include/openssl/pem.h | 641 ++++++ include/openssl/pem2.h | 70 + include/openssl/pkcs12.h | 331 +++ include/openssl/pkcs7.h | 496 ++++ include/openssl/pqueue.h | 100 + include/openssl/rand.h | 150 ++ include/openssl/rc2.h | 103 + include/openssl/rc4.h | 90 + include/openssl/ripemd.h | 107 + include/openssl/rsa.h | 583 +++++ include/openssl/safestack.h | 2671 ++++++++++++++++++++++ include/openssl/seed.h | 139 ++ include/openssl/sha.h | 214 ++ include/openssl/srp.h | 172 ++ include/openssl/srtp.h | 151 ++ include/openssl/ssl.h | 2617 +++++++++++++++++++++ include/openssl/ssl2.h | 272 +++ include/openssl/ssl23.h | 83 + include/openssl/ssl3.h | 706 ++++++ include/openssl/stack.h | 108 + include/openssl/symhacks.h | 481 ++++ include/openssl/tls1.h | 744 ++++++ include/openssl/ts.h | 858 +++++++ include/openssl/txt_db.h | 112 + include/openssl/ui.h | 383 ++++ include/openssl/ui_compat.h | 83 + include/openssl/whrlpool.h | 41 + include/openssl/x509.h | 1298 +++++++++++ include/openssl/x509_vfy.h | 567 +++++ include/openssl/x509v3.h | 1007 ++++++++ lib/libcurl.lib | Bin 13900 -> 13900 bytes lib/libeay32.lib | Bin 0 -> 798526 bytes lib/ssleay32.lib | Bin 0 -> 67712 bytes 83 files changed, 36694 insertions(+) create mode 100644 bin/libeay32.dll create mode 100644 bin/ssleay32.dll create mode 100644 include/openssl/aes.h create mode 100644 include/openssl/applink.c create mode 100644 include/openssl/asn1.h create mode 100644 include/openssl/asn1_mac.h create mode 100644 include/openssl/asn1t.h create mode 100644 include/openssl/bio.h create mode 100644 include/openssl/blowfish.h create mode 100644 include/openssl/bn.h create mode 100644 include/openssl/buffer.h create mode 100644 include/openssl/camellia.h create mode 100644 include/openssl/cast.h create mode 100644 include/openssl/cmac.h create mode 100644 include/openssl/cms.h create mode 100644 include/openssl/comp.h create mode 100644 include/openssl/conf.h create mode 100644 include/openssl/conf_api.h create mode 100644 include/openssl/crypto.h create mode 100644 include/openssl/des.h create mode 100644 include/openssl/des_old.h create mode 100644 include/openssl/dh.h create mode 100644 include/openssl/dsa.h create mode 100644 include/openssl/dso.h create mode 100644 include/openssl/dtls1.h create mode 100644 include/openssl/e_os2.h create mode 100644 include/openssl/ebcdic.h create mode 100644 include/openssl/ec.h create mode 100644 include/openssl/ecdh.h create mode 100644 include/openssl/ecdsa.h create mode 100644 include/openssl/engine.h create mode 100644 include/openssl/err.h create mode 100644 include/openssl/evp.h create mode 100644 include/openssl/hmac.h create mode 100644 include/openssl/idea.h create mode 100644 include/openssl/krb5_asn.h create mode 100644 include/openssl/kssl.h create mode 100644 include/openssl/lhash.h create mode 100644 include/openssl/md4.h create mode 100644 include/openssl/md5.h create mode 100644 include/openssl/mdc2.h create mode 100644 include/openssl/modes.h create mode 100644 include/openssl/obj_mac.h create mode 100644 include/openssl/objects.h create mode 100644 include/openssl/ocsp.h create mode 100644 include/openssl/opensslconf.h create mode 100644 include/openssl/opensslv.h create mode 100644 include/openssl/ossl_typ.h create mode 100644 include/openssl/pem.h create mode 100644 include/openssl/pem2.h create mode 100644 include/openssl/pkcs12.h create mode 100644 include/openssl/pkcs7.h create mode 100644 include/openssl/pqueue.h create mode 100644 include/openssl/rand.h create mode 100644 include/openssl/rc2.h create mode 100644 include/openssl/rc4.h create mode 100644 include/openssl/ripemd.h create mode 100644 include/openssl/rsa.h create mode 100644 include/openssl/safestack.h create mode 100644 include/openssl/seed.h create mode 100644 include/openssl/sha.h create mode 100644 include/openssl/srp.h create mode 100644 include/openssl/srtp.h create mode 100644 include/openssl/ssl.h create mode 100644 include/openssl/ssl2.h create mode 100644 include/openssl/ssl23.h create mode 100644 include/openssl/ssl3.h create mode 100644 include/openssl/stack.h create mode 100644 include/openssl/symhacks.h create mode 100644 include/openssl/tls1.h create mode 100644 include/openssl/ts.h create mode 100644 include/openssl/txt_db.h create mode 100644 include/openssl/ui.h create mode 100644 include/openssl/ui_compat.h create mode 100644 include/openssl/whrlpool.h create mode 100644 include/openssl/x509.h create mode 100644 include/openssl/x509_vfy.h create mode 100644 include/openssl/x509v3.h create mode 100644 lib/libeay32.lib create mode 100644 lib/ssleay32.lib diff --git a/bin/libcurl.dll b/bin/libcurl.dll index 21beb24c2441cf19bf1221c66ceb9b32dd9f8381..f9b69d5fd972558040b30a03c1ab77a1b885f2b2 100644 GIT binary patch delta 124105 zcma%k3tUvy7WbUPCSWM(#_Rw~#q>Uf;e zb~<&luHLMyyruZUeBmR|va+(Ww6e0>F)S_3P|5lJYo8gQy5H~n^mpc*z4zK{uf6u# zYp=cbgR1Sus*9c076`g^Ly9U7iud-rIV)sl;JNqMdozDV_6~T1d$Ap{8#ee0eVWCH2?OW7fH*3D3*H+!9f7Qbs4#2xOgmLf*A723 zw46Rop_V-$CiFx3oW>D&xA|8{*%sVA_kmd&kc9-0r%A_qq;}_Fak#K9Tlb{4efTC6 zHuaJQzZ2!l&dUXxC(K~c+MYwsuN5@TO-@dpqZWpmtms7{FojL`kTV#jMn&b2B*#$gG z{ya_&Y9D4%=JB$%a+7S**RR-ybO8xE`Ee@Jt#ckyX$IsLL=Z7eo)s#A6{rkFGz5Tx z>sMS5*!%5!fg3m5XHF$<$PXEP59u3>(9_u%}3G zRtgAuQG_p2KSOII-UK(4Mj%cD;zG?7%^nNR%9DuS0|HQ5xkT5JPT3FZ^1=XK zmaV|1u_(VRXG(CQxITo1=n_YwfSkA7rsfLb66C|`Td0?(5-DUUtNCfGD6crLYtL*GzJ$_-5& zF@q(9=4X9Nb+zmFO#nL&k#1=W-8Y54N$L5v6XoU7Z0dB`%F8)yW$1cg28$278^6x5 zZ1MCiwma-T1iIhjs04g)4u(F$lceu}}CX>v%tG zD4|BwSh&ny>Nvb}cgE4wav2z>r6w#e#0gv3-wfXw9&ZL{10N4~hB9OSUT^OH3GX3_)MivA8%2|`NF@9Z^Wv>5d}t2bta)*=&+{)*i(#)!w8Sxl$$ zz9d^$(b&*S>C)N+jZsR96^zp97y(VEQ~rIEN;10JqmBlZ;*Fi+LE4+0CX4qrv96u7 z!tMoy9P#6~nYnXx>_fMC&q9vN)25TE_RZJ%=4+vMKV#LM$LP<$!r1_9NxRtj&ONej z?GZI@)Ajwq;EGKED)+=D=;R`VQA@W8UHIWBsd{ga(W2Z*XW8MAx|Qt&jeDh5WM$!* zS=U|?G;*mKu+GJC8Zg1$?wO3EA2hjF>PXL4nl<)h&nPf_5w!Xq_HwvIxWMj&kIb-l zu_)c|!G*Uer(JTHE+REO!UKISJ zQhSFw6j-cEpWWvNn?vU}06p{tEU=E9nK@)?cS-|($0FZO8vbP` zQS95<4D@bOt<|E0?h>K%YXOyiWJy%H^t2!C_+D&oWQ>6_so;P;xs$Dr%nv=_2f3KW zK99^6n|3mNm$>9zqJWNHSE0y@F|7G^ZU;Rc(|Ep zdF7+Gsk7@ER!jjwKK!#{r23dw2t?au)7JXxMB;@|k5R(s=wQ=QouBgY7WVDhKLKeK z3Jo$9%JV_QX+2b1ou6wX7x)Lzolk=rPTinIE!0`0#Or?As(TO@4xoR_N1z{7?HIOz zz0vi27$lf$>&?;(wjrvYsCkgR9hKaFHk8kJ7!V%U4A2d2GzAf8$*6{Q60(4Az(@wg zzvrt&P(14%oh}-8v9Zya-8E==6(ZLUaSH#?*_K~^3Ykd~Hbzeql?PdKbgzWwok383 z`$&Xy>YT%T(+$N$DOcl*9$-Z=m16oE?08Hcan9@P*O(qq330LU!q;qYY_EP%s*q)? zriXkLQdIH~H(0b_K!x%Qmy;+A-zq_=^Vs^>#JeKqafW(aG@h6}t|e4abgPKJqWfY2 zN4I1Tq09agx&!yKJF&ge$W-EGuTg2gLsx zKST&+ISB(&BG6cF&wNzU5!z5iA;4%np1FuAw`nTO%JN&xlMvnYrSG}8$}T%nWS+yl zDneuj6B0$uE%s$XbVM#VU{wwy?AuNGtqQx%!V;6juN|y+Vw|Yo#YQK_fmA6mu`O9k z2xABB4EE2&?v>3LIjqX91maA@r4eBJ^l4ms``hRI995*M4nB%(8bdXeR3V+`*^+rS zeQj^lp+zCQ>d#Rj&E^E&i6`8D0&@9*x;mE{MMuwCl3~j|ZWqypv0)b*pVUK4*~K17 zN~)~oXyVkeO73wUBp}hz5#phPcp%p@%C%du*Q@YO|*U~e-zYlegUAf?#MKaf7nxN#yk|<>&#;QDh zh2$@(%@m>L9<@qb(^esaMR_5X#U>vWrn4`T2>sMvti{Rp6Ep-U@NDx==h)Sqgad_FoDSbM{p>dr} zK7(tezmeF!l!Wx}=72%ZQH@~8VmMd}A}f^lqls-)D~r|b9!okFgL|S?sz%?iC^w?G z*aH(+&EL-Q3&fra7(p6LSE=7CJCcJmzC9NaGpA0$uiJDP)`RlTWTx$rk#-%57<}v! zn8r!lIOc^MGb!}xIqyzWX3b*O9+`dp?^YGg@!tRj}&_1>4+{MCN?Y{)ySpXtq3?;C5ZW80ubs2EX;L>-a_g zh?>E&(|VH0Oh&!deeg2kF?{O%lY&b@FpF*Z=&O@z*pjq<#`9Esy{lQxUQojhr9GL} zgh*xJEiMYEaY%hpws48s-NOORl4c(Oy4+%md-V*~)3&ogNA0SyGY9||LGYeB5Lz;MiRYFW~9eZ(Q;8HNS{`f*WDo$+CurXA-9Hg z$o#u#+Rx@>TEWgEnZ3mcHSB6;2F-+sUqyOk>SnQ;l|9o~R__b|{k?Z)e!nTIxY$A^ z2~=1bTnaIaOMA-*;|O-vht?PM6RL(L8>+Y6f?6K}f{ye~)7dGL@}D{E=icdtF+(-R zs-am9p@c@%87w_3UbmP74EvRh%Zk)efC;5N*%Mjqv{iw?;jH$crao&>uU%*!%85qy zP`kV8K=)yiV8fozBuX_Df5lO!^+_9}q8@PF-**ubY1&Y!iF~l-JNYU?F@7tNS&8obfps zVs;Iy%=wQv;|j~lO-0;<+zI%7B{x~W)}%4ov=zvZSHsTcX2huCDL0VP#xw$cfX?zj zOd^0UzJC#N&FmkpKZ6<=O!XLJAXQcUlX{;=ghlye67?}mb?hB|k!I=|XX{NqO=EOk zf<0WiKrp_@;u`jD{}dqlrGL+eFFm87br zK8-yT+GR`)s~vDx|4`V!YGDR>fZXJ|;W#&$$ew!4uYs(}%PI(Lb&9qsULzYgu&?-( zp4kTW$f_UFen+D42ONLuGjhqFdX>eO;dhQ{(PI9|O1V5yw~u;%g~ck5&>bed{ z%Vlw@hIn=80P*Th_RY}IC@5=K34R^JXkNE**g)~}PWJJzUj2cC1CvB4cMG5-~$I(P3ba;PV zpafPrJRT``4^QbyS;?$`K@kKO5qKFGht$S!P`@Bf4UeSkYT(`BrLBRu5#7c2#_uc~ zkuLz}lA@krsU_U*mm`feJ6|sf7VeEezq;fGVR>a&;ZF5MW+I~T(Y&&scqoZN_ve*e z;h{JRP0uU)nTL!ND$gtXm4~7zRFqeCgNM>6)IYE68V{w^usBmsQD4JMrZH1`7ORTB zjRPUVAC*&=7d#zf=Cne;0eZVA09y-#NaK(F&L7LoQ8fpQ!O6eSwBL~C^e@b5% zNZ0J=>E!Qin?E&>uH)(KOsO&K%y2(WqZ*ew(ir9p#6_ub3lY~Z5SK)8C1GC|`tzl! zFj1q7VQT|%*=pPz#0~Su)#mMI)uYO~d_PRh$GHP0!vTF}SP=VuRB9qMncRMLl+&kO z^qVi`;F7;-jD|hO%<#=YENfWCT?a&C4ZC#Lei5OUM)#)B$D@bRD{{=B@sxk?SBA&- zzk2NLFP2^=k~0( zIp+TxP1zsNEHU?KFZ}@Qr`Qg2Oy%bBR7R9VnRJ*~AAzxzd$E^au0~&lV=b`$B2U$; zP6)nSB`-CaElLVajRe253+_n$fFQr80*f)hW<}dJ-BYSFS16bIw*l!09ACq(Xu;tr zH3Fs{Fc5s_@sa8}-d%ZWX9x(vA3cA50_BN%`E3#lqvt_^6_%%0)_f#rYCED98TFV> zUk<7#r^%&(RQ_CbihbFv4DlDwW319H;(IqvqaWs)S&427L)B2hZsi8Z^slPqyjzcD zF!DGk3kC)mx&MUI>b#snF3Qi!2f>RLK0ZzSeE^hPRORee{>mm}1z2p6uenVdt)8*M z>h>hBH#2_rXa}H6(tr>cNg_O@u`Rxce}U&@4OuFz3QR!wkvEwY9Y~{m2w-BSAws8a zq?8KfW=@a>3w~gWCf-_K6yYBNIlt3#-sS!hWi*g_g)lLkYO(m5z{>-v4J&ZD>XjqW2Lpgzf+(n!UlgA{dd+SNe9qEkS=(8I+fG9UzFMBIPY_u zRTi+(6XJq01_m+Pgp|}nnB~bBVR~))YY)8 ziK(o}vbNHBS>Lv0be^*7ka~T&Ss4ex;p;1BvcX}~b&FX!jW5o<2y$lJ1@;p8f09)# zM5rxFBk)B*SR>5J#%PU3B89xxVfL79_}nZ4x8r>WXNSvZdcWB$YP3s{OPEgaAN-E ztMsid)LK&nw`U}!mc{WhSGiUq-L!GyKD`*mHWBH6tjCiej8kK@f!u&-JS_N zJR83xZ}qNK^ra+#rX0XY2vNmtQ!MU-QxI?;wBwh?grG`paz#Ko5^a5a95Ig%SYmK> z@yNz_*+r$wUuK+jbByli2uX?TCutG_SWt_Q?|8-utAk5*CtphJf9crHRTZxS+0C=9Megp4->+``0tGj?$J!A`W6X(nVm-R+{5 zy7U_=@LM5bb(%_hrJqP$OI75n%5C`jQlY`Pt$+sBs)Hok z8hZj<)Fl5wzMwi)OoGn2Dazm0GH0xO%~?0;$WJ$E&rZUjwrfR6}k|()f9iknBRPNA%^-NUdyrUTgWQyov>*9^-{r|vO)QXRh$A?L9u_j8m* z-c2OelE%uY&p-Q65>^sO*wiwDj+vF(K72kC^d)5&OROM~ML%r2VS>k@Y>n)prU?2> z-aQ3x`5<*ak2WW$VF(qmpqI1+74VDhGhegvDdCk#y;U9PZ(*5N#Z%pmsJ3_d;8MBT z)6B|!kgvuLEy2zzVFAI2mFquHAULE^TB#pMc_LA%KSqC&<*!uL!Ae!G;^YQoS5*#P zR5;bX3D_FDSpO2gK}F!v=KFS=0pr^}62Jb8r05f0r$}mk^vk22$$G;e4Arkr7cw*b zivJX=FE_Berw$QbWiL!E(VxNq>X`2tj-h8U`*mu;WLOr`Y>X{dW%vcscX}GiX$+Gm zHjfXC@7h3Qxf;WB(5{3IYMxqb4Z{KnWs`D&jFNu&imjQJ-eJSHkkGwXJw=&jus%>BabtEOme6UqH)8tU1q*<*0mMJfFYKi<0)s#&i!zro!BmYXqN*Bc z=UIi)z5GhvS7Jtq#jHQVuxnX zy#M@+c>`jpYFe1LCtJP_w|wpPe@W6I>T6R_h^?Dh`Lc*r&Fm{Y%W7sO2d5kcG5;RH z&d-eQ>g=i30K~%H7&Tn*`$hHt=-!RPjT!->VNB7EwwG0?_AOB3{*hRjP1r*GP($$ zF)N%kyvuw-aRX7(HtOVyq9FNu4>Rwq#KEU2=?Idj7hLswPPut$sO|)Gaw&#cdw1+R zG}ZyqOL*n8d}4KVR(YVAF=DTv#m(=O)bC<;qtf>=$zzW%iM33n#!1~}zEp;NkNbusQ)v7TSwt+GNS<@C%B`|HjC$@6OH@vXf z5F3D0v;`?az*Dy6FZ3im zG$rT@&IZwW$GG5Yf9-s`*Rn9rnplZ$`;n&^QDT9gey*}^Y30`fa5Eo<8_ z>j=SvxpR=NQu5Vc_Wr$5_XLW*AB=8Ww92GU2dhk?sZLU>WKN%~Zc~FA!OoYl-Bek# zCHc3ISd=Ts*Fw`bg9TP5B~*6eG`svf+}Rf7B?LTW%3pZ+z9mM+1=@J@XTL&!S&KYQ| zf?V@TSIBA~e0olD!n)0EG%g?E{2OnkDgREy#BENB?hNSyTEJ;%%N4@eVB07t;c8oQ z>Fp$RCwP-RB|^P6M?<5nf+%QmBSjTsdy7X~WL7>xB&M__K1YN{y9j$PF!s#Zgk2)) z^p^c(ix18v1u=IJ>wI5kSVyG!r@m~|ePhMl&$DOl>yAPX+-DY}YFNj)#c}6R8MAVI zPe8Y3W0nTX8#8$jI&W@#pC9A=O5N2ADV8pB_-!rlnJT<=na4l1hrKyBCGI*8NG(9% zZ7b4SbK@p8bAass3BZ>_+@uB#)%j?VOAnLlN-bRr?Fmz4x1U-=^$!?7+ajNLe{AJe z@Y$@q+Y7r9(B<_Q7bfu~RIZG%138e}9#ZeRjk*erUHA}VQQT^hVb3`fZu-jOx=gH) z2q6raM_VyEcFG5@BF(q^BK-!IP^u0BUk=&ks^aG>xlrzI8psUQlfb}B8$faOIYag1 zc=KX8r}O7U$LVyo)_CFItzx1JCbb+voLA8?!6BGA}vk zo|qsO`9QCr!FUgUASnt~6DUwUcyfsrgG(ngu6~BMcX1G{3#@yfYqTGxgzt@(OK8+p zf!L7;2`Eg?AA$D$lOnx44&?el(02bh|KmJE7{uQ)Rwr)WLt6DIDFIB_t!n%?pc$%ju7A_#G$AsO>)VLMO z9E_G^PU*4!I)yi$RWWT3v_v~+N1-v3x0Y4OY8x$L)vyj2tV-9G=pbiDZ3}A1O$Xra z=tu6@!WAo<`A}+$T6wQ8Tl>%$F!+myETX1{^|vR-Ov1i8a?ViA$%PE(ijS6aCTwR5 z?4v6;qL*9UWlh*Ysa$)V$mEmFPiSNdlD1H)a;`Q05XHBbw(|I6t?}3ctAYO}=?KBU z)*8PPO#(cbJf5}2KTGjCDLa-YJldMzq=Y`Im)z>em?#l|&(Wm({7$RI7cFTKO--JE zf^(L;;gw($T0wkszEcpBKUg-Mmmrv0%r+hAT5*hmlw z9YkVeX=@a83hjK(T$NB_8w`V!Z%Kh@(Q0wm`XEh_Z7^T9B$vJp;v7^DZ@UlV4bwOx zC8D2La9;yw0k1(!Tk5gYdJe$(sLTGQeQe;OUTJ5j&cw~|xBpZZ*fajRSQSe>TeT=j zv`=NPE=m`pImaXgKLev}!>sP5&GI$1 zUZ{cF)a0)O7Urcj)PijmS#_{pE=ci7{P z(xhnHqqJ4x1N;WF8;^Dq9q+K{C6q95N&Fzco?Oucw*vi>SI}G@>}l%(;Bk~{QPLcu ze+uMTk|g%2W^XKs3I!4kRAP{_jeW2rQhaF_*;D(hc{!b+xJA$o>9lsK6 zAB|^k6txB@8xjVSLwVMY1S6t6E2B^mT6ahZ3u5;!8zBaX?6qaxgk$X8Wo4C}7gPVx zxAhidrm=Z0ibm!0M!rB_j%;Nx2DcmS<|823+bQRLqDEsJA#Za(8|K*tMsL(uV(r((${u~6#0Z-pj|neuTwmY zdN+;<_7G)cP!Kgx*Bi$~gy7sm$PuD+a&ga%PF?9m8Bg;Z+I?V##vM;pFqn?KK(RS> z?J!uJI>mmk%rqekY#pW-PU9r7e#li}ZPf)iy>F6$-qBt$GDbCGT+ucKmWOqD~ z3)0paqN1qP+YhaM6)1om;@(OGg*!I*0x00Q;(HkZv0f zJb!>CEsqf&%V!14lcK6jm?m14Ihaxe784Sz%G<-3eR+nsw1{m6=*%K^aCskbQz`pt zc~^072@8HKY5d)#5D*K_eVrvogpZ7IV(=Gf&O1t6js{!;i&_HwxL)kKHx*0#;G|Q&P2ku?-#!ZuRWL`Aai8 zNrZ6vA}{i7n2w(CC?d8%baaJR5ic}>I{E0)UbRJik%Sp>y!kLI>Cirijdk{j)~w|= zLDLf&<91={v3`)AwO0_h#yrl|=)_Ug`O&nofEudKUg{|k`DB+49>vwLxz#;&mmxl8 zW#@7BY;_Sbd{sRhzujCD63}$2J|8SM(K5DVJPIYG9ca^X)Gcd*+lhKe7Ru>6%V zK|zR}w6b)ZL8Y$!}ZUFbp(kZ}G!pA&; z``2HmK98xW&vA;5Sj0|a*H-3^T62|#po_j-&wPAI7pWZIFe>4894104`We9Db36sw zO;5w~)Yn6$6{{mQp9nT;;0jpPJ0a>A4am`|yu5QrFn7mPj;v zoWu)Ms7fg~%szAv%X+qkkfXYe#j>f|3`T?85}Bx9t31!iro`b^ONH{)9X4!r*HH_3 ztacyml_o>~=jk{!>G#6@_l`=!AxdogK+5IS%iW13S{j2u3dBzJT<*Wa{K~Yr=s!Sm*d4Rv5TbIQa3*_nw1_hWO}dQX!0!fm$K zlbcfu!In>h(e8=cT^~N&OE%T{vZW=QuHA3&CaCS&wtWh2vxLVJ#ltJvu*Z`JUWDYU z65h|}*zSwmMd&z+r#Xtj9EI_ZD307>&pe(hUV(q%afg`pCM$U&)%4&B;{Gn>Z>s`L zGlRJQ&zqbEx2cXML$ps^cGR^NMQefZ-l|^8S8uZIPZWyhSF&H8NC|9gBFBU{?U)UA zqD2{clVz?=Pv+fH+fY)Bim78QpYN!f1DuzO$piNA+HT+= zY8erKbi~eTQbho>jXJYZd5g7MSKQO!kMu3lNqigO(PpX*A^MDt1S8%Td430*zb;FB z^Eb9>T}0fL-&8#Qv8@*4zD5bZC33Ia>2-@We1YMa6x7ZYmO=TA)tQ#rsLr)<#r@hEQ1`iHw#TvKT` zyKdB`99K7=N+XZ6xD6(8%5gSpL!WLl5N-CjuEXnRR^qWr;P>nrT>CLRNYZh(bHiQY z+T+Z(p?^2E6svMUPkl)1c3ng^5`#z@N~EWbvx(lJ;_>5by;l-1Bae5msCkR!Kb79S|GoAL%n^Bj>PLlC0sIx^lol4s_sed++OMD~5K?SkqH`%lKF4od# z3d9RLnCqDl^g8)WqAmh?%a!+DU{{|piJ5P)f&a7)R7q_$joawFH-1vN0y*3xKi7mR zz(s)H3Mua`_SQcK`kBe|vfyVE#GId4&u3`^aM`o>hy|~+-Ov7rzzZA4;`f)0G_>SC z_c4A$pC5wXk1vJSJ0SZ<^}q#m?C7l;V=0~mc%H-a44!&CKjP_$r~EaIalk7Y zl7N~b5`Ro3O-Q;XFyZj_`=a&-D1TUX;S+_v!!$R(M7j8Nro z@4veT2VvoZI_-sj|I&5EcPhVS*X6Icy+$ao9r@A=N#eNgSlE`h_>a%h_@Kpzpi@rz zzolX{s}idbSn-y;&ZJ${j%u`Z=kqo8_?8}#Aec-gatK6WdKSvH0Xw;6U`7N4oAy6C z^vaIQ;>O-6sf z6L;su=E@vWg7XH`l4|{{qhSK8U**mX1QoW3zONEm+r#> z*2ynVsid6@zeRDBh%4kq~~T~+N`l%uhCv2A+6s!BI@}hoDwcdqMa~+g%ACzyCTJ`yv(j_jfpzLi`xK; zRK-KZO-FgG+bey-uk*w!t%-=A^-78^*YFM6sWA@Q$-aDbd}Y8?#zaWnV}<(` z;85@!IsqxE$E^rJ*if2QxF{B{?D;>TW0vM_Kc+Fd7iG#T^bnC7g@uCMK*MA08E!X0 zl%lLkEEWrC4w(}Q>l4c-fP~+U?}PFWPPDf#Lfx#mmrAp1>r2XD5q`+_zt;0EwR1O= zBr2&Nbr|Qr*gwEbe(tSi0 z*h(CjCvd~w6;(iJ_N<`oBbb`JUPu_D2$0o)AhPN&MB_+beuxB1f=1mpvOdUI ztHBSZ#%?Ze7P(OCJB`ZlV<5ID+Aqhxe53oQ!ZT1Zd&v(`zcLNKFlV$i0X-Zg@#H;g zQ9zq`dtN=Ab1H0)C1xyn0BikxAy(yc|bk$ffPQE7en`ju?+gX)q~ZJuRhO#&~fN_8QG1F~h!SQNEf%lBIKE z9X&a;~yn}9qmbDD2IRfi<$G>18hsf|srx(|^GQtrwX&`#C^LfD<2CshM&7Q87vCDnF4d%q zA=NB$=SXq-Y&Lyob|t^MM%skpe2(jiVKvwKwba-Bawo0wr(JXN0$T1RK+p7x55M*V z^1~IhJXHP{^=mAH=#kT^Oa@Mp*rHP;t9)v@9O#{ga?x&;-5e%4r~zSUw?agqS@({C z%=q?>#IIF3G!xT_J)FTG&7uaUt3v#)VxL9%7j(Sycy?nVMIjNe1tbo8^6*QgF5>`6 z=oIxU&Y~j-$`}xb##R{xAJ^l%(kgo3CKl;B8WrQT;^q~_($T{)oW)kw(9Kh(l!op zXB9K=j@F&$fiG6E2X`0fs(Ik%O167<4|Lx1y9dTY`^qH+=nf6qTH;P={<6X)=Y0zc zxOX#qPa&w23f2Nt=NVs4@s(FBlhO$&g>x9 z$+mUuvAsR=weLWj1}M*ADk!(FUvU+vG*Tuaxe-ubHQ$8@&kCa1tn3{`Jc2|!!hI`J z*tdK8KwiUZ`{^$5k#qPUR#uxUB(cY8Gm!9l?dTFdBI(>E1vH14L<)*d=)i+!!Pq8=;C8)HzDcpcOhON zO}-#@xFrZR)#U{nT!#RW(O}c!%&!TqU(EP|_IK;9dz_j?+bGIMoJ*S_>gHO0^wZQp zB!a?4tYrUc;WGPRe?%NnP@x>*Ql{rC_5LEw$`~dbC=?!LBM$TukE~($A4nLmc@5N8 z85wQ)CmhM;zJ(L4isu6&R}Y?bmLj0HE0kwBHeG$mSV1+5j~t-QOy>`D>p2-c3(L=Z zITo8#6f_WyCk#Rcs5M%#q0PKKPO+4OC5hdC=8jDH>S`|y`Kxd&-K z4g@lJb|F%g1}-0FKp|SMoiTJ|GltoFPIR3R|BK!RCLWpB|UAJ^HY|TnUUq2%qBa|i` zXS92{0?f1;Sne@3xz}B08|(Uq)DhRRl`~7&=XGfz=ild{7nZQFBU!pGR431d6KwdA zL|pYT^GLexBCwBFZuenW!_X}Tv{iZLQ5Jc0a!4Kmu-~yF`tZ@7i7n?{?8Re8JHCTy zjf<+Vg8%|V$AQ`5qst2ldG_{LvcXP%u9p(+k(laOq)9yG@*{y1x0AFpF7$HmBu(me z7O*A9lB4w;>}7!A77Zow7d}C%cf$IpJyy;a!^lFavzyf6pLd&tBZw z-^z^Dy-VY3`C{IoFTsq~NNGIk`9;iFpA~)T6mNh6-m{aOP3;}yFaSm3Frl@++aLw0 zl2Ax0?iE;r9@8$Equhb1yplvHv)wBeV~ndhL@rzyw9nyp(0-$q?Wpf5rX;e@>j(Gz zzq@Pid_krjyulU9ECIikPhQ+=GBK;-N{trc@8m?L&W(D9`nb7n{iDd3U0(+gC><6m@_`dRiERs z6oG~y;?8oIIN5am$OT=H=|W3QzG3s;j_y2`V{kSJjt;af+oBY+XWs5nS%};f%J=Gh zAGHRwQ44wV4yoo~V77s2`x|9{#`48rZd>|c_(2g z*VJR>PoHdt7cTVccu9S=&|IMDYGvU^We4WJ1RhQR`P zxe?tLUlCRNXfmX!B^B|esv?e}zwq8V32|oS!4ww%Zd4D7!Ls)Z9(NZ`wsEhw>qC22 z*#FXe9-WiICcir*{5)intA>E7@oh4D?cF?d_>1p8q$2^s1^kC(8k@1^Kg zA-h#s(4ED-pC3g;YV4WNqAD3x9Cu=O_Q3mtCcy^bmq@`Dilyn33S*zOe5sxmy&Z*{ z&%<$!&FAfCX$A{T_iVm^k9#oGZ~6uwt4y~bWl+vowV?|sFV>rGYn12bK6yHJMDKlS zEBSHRQ>6><@v(35{k$)}NxNp`qy9Tje6=dHZ~jQ>Ea1#a-)?N`=|u5VEn9ZFOs7X2 z?yH>3K02MFOXGpU`&q{i%5-CRVDwxz>w}pc(t@xYyqL!<#U)H1q^EB5CzAnAi#8r^ z>H7B2LXLC_iDqS9B1`%(F`PK1rur!;NMz$b90f*i{4k0$wOsiyfgSj8I<0-gf0RD5 zWqoVB^7#j($l$^wRW@V})es9?j%il7;F}fw2mvEaJv_{ibn1DKUgymyM~oG_jIRu5 zPkgjUcOA4?l}&S4$1|})E=xa?(McVse&*O9tr(#0InzgkZuOq2($zv6Rwz$MEb-&6 zx-&droWq8GyZ{96__)k31*>9N`%lvQ&LF)9JM$CpoG)4JoQ)Wo_tI3R`Y@uMO`<(U z+5+*gC}sDunV(GP?8PNl5Pi%qcg_X4EK986lTzR}d|D89nnT{chg%rf@e-KMz<=>O zyZ6&>x&s^_;U2d3)98q11bmA|)?UY(j$K-n52D$@PqQkyS*`kq9N3rmJ@rUCEO&|* za?a&FPalS-j(N1tJ%y#cu#K-54R+Im~vu1Nq0>^`BLXv1uwh1`NsL9-rU zS3i5q`1f=Y2d!By8H0NQmC@|6&x=z0mzeeNU(I7t7GmAbEL}!7$IV^9tGx9OcIopT z;=x+h>0D|ToCQENN#7eiE;G`h@}Ep+W6q@rL)nAp$mU&hE<19@5H5N+d;}0s6wB}J z`QThiZz~ob%~HY17W^;GB+f-#BGbvY2v`?WZ5BnDmGN(|?&teX)#K_PT%`2~Mem-0 zUljz$HRe;4|28c{br>2>twzVqARnYknI$s_uqw~b zWZTcDiV?fmr{{AjH?|Vxoq_(#@mrMJxU~s&z7!1|+QOzTgpaeys@U29zsG^&E?tKF zqS!0j)nd(3RV(trZQ!5h@JW{rh#KbpA}iY89tkZ4RTBmj#7=+FHTvvMe(O?e>I9xz zaPrA7ag7!=jUF2j?9=5T{Pr=~L%j5F1*$sqGb{SioI#_Lyn@eaF~JT6k&AFcEpynxQ5g0Q{ zJF9b%6k1rKEvZ)J3>HJpl9sxQDp*BO`2ilk+z%yV+A!`DA|*+^+l5;*`(EL_f^GOJ zZuB-3;~!S)P?%Xc*-0%1%Mpg^gV+IqJzcz*)2-ZoYiesTz0_hFFk}AxtC;k@D(+*x z-Lp{*N!Oa`QDjnQQvOwr;TOX5u5VR4XdC|@Kin<1m#ZQmeDLf+xtUI=B$i8O(22~7 z*om#VkP9Vt$V_JuJoJ2mVDjAKj2<8 zuvfoM)1BZcXC|}HzwVxJ0rIG^diK-Uj!U}`(8xiUDccQTb{LEKrdRhzsIAMc!?jv{ zKYf-;9<$GRE6K33f_huZ`ZMhAZ_;(m9BtRh%=^v#F>9dp%+l=B)IXMV1b?p*BW@U6 zn^?lP(YjnDn3V_q&W3%PG<*t*rt1rf%lPPZ@>VVy48rmwcgcV=R=|d=;`z|0( zV=s~H0Qc+qEBZEh!YPlgLWyB7T}-J&af-TdtEH0>9|J`T2d*Qqv=`CeXHyIP_9$sF zFyr3kf1=Y-KMPc}LXm)~ZEcp{6oA6ug3%5$^=cs|p|pn!Abd|Dwm`>FN?EgKoyi32 zVfjexY{)>|?{fiw_T_^odP{?upk|8>>IG_e1>r?*>%D`T)kJs=Pji>PPS` zZE3CTKcPAOtxOZ!mJM~-THvpmT$%?Zu5NJV{$m8px|=Z0yoPid3f-q5KOlkVfKg1atkD z+;}hkci^l}8Aq#bCfP$*g^pOQH)4JNXX!l8p(AzmA&ls;MH46!OTy4I}KXRrkCZ(B&=`8ERmCVOA$TWR)VcyIz|cr8qs zfSB801wL{LImV$!7x?U}nkBV>RDS_D*=?vUZ7l%ZaWG0C#szvP^;%0K#kKZYiW_lB zjqBJJ@XPO*=TcOql&!uT&xT*7eSLE;$K!YP z<>7tJa6!sd^P!kO|q7UIX# zPXwZHABSxQ8b}FwmUa6nrrWv&q_yEgj&tvzbkLvZJWQ*%B5q>C>0CDDr?`aIZ)uG5 zJnMg^<2?k=QvPNeejJ#z)yyUFL9 zqf8vjPF~3gS*wPk$Fg=;i^Yl^Z1mN;decgvT$?juABxEMlX1+Z`K%3;rlF``tw6k&ClToeF>l1rDDNc z+5{AQVN?0p3Ze>s84#xl!Byua5xD5f*%b0nKf@tRtY*`aCtVZt&SLZ0L>E;+Y*g-@Z{KP%(z4 z=^{YqH$_Ko0ch3jBttcBe!?m%Q58|co^Q&e+m}u?^`_VDreX9dxVe;G`){5Q4(zPH zwLuWSVJxmW7jrI+@ew>%@m$ad#)kyKI9(Ks=kXK<3C3UXjM5557oPNXg7Jy=f-xmn zFfKv*empgJUcuwS^Ee(ao=teh`Pi$?cTF3DEHm(U@f^o<7Ee2%7zh-9$K%4Y7tcF* z1RaXNGZqh-u(n)v%N+H19hRxk%g84q;}UxR#v?ZV_jI9Z=hENL3WAwgd;`))g5_XC z>%w#njv!euoir=!(dc9;);ZGQWGH2Oe2GF&_K7c*ws3Q=4?NGvdwR$EFd?zOc{{GR zkR=E+ypIdQ!<|+ccuUU43z%Vv zd!s~QWA~#S1>=`^uHq4q7J;V+p1bhm;hAFaej*CxAsaiX**kf&gMhAL8l zn0qR>7Gkqed-pPayXMqmwHcsc>alM?-wiyWpdk*=gLpK8mi~$S7e7I#PI=!C7DkF_ z_Gq1uDP?$nT9O;{U=?9N zOu=@w8tFV~6s+jqjqwAvEsc|bzQD&t^^PITQIPn@6ln^!z~RJEvvP7^i=AbUZowE1 zj6f%6(OpV>mLu{kHnBoc`cWFRr{mvdtj9a9;ulA|uvGMpw=zV)IO=^aM6ihtuQw!A z=pp{N-rF}+h@qJQ-vsEb2t~J;;e9MrNW<&3P$5%nx8D0%sDR@;-lkAN65}>_{}Cp5 zM9+Hf&tU@2>v+59g(*&C~n# zY=L(7?b(E1jKsS!*+W~nO{B;m3r59>ZP%c7KixawtQ@Jq*&-kq!rKfx+x64k{7?4C z$Ld#f-3BBA`SCflnt;C@U9zlTq(K@2CDwu?pq|ImVKyHvv zKlgsx3H7=6=Q}>We}HReXgO-6I{V$|S@s#kPh=R61tEJ`gnj5d>i2k*)0rXp9g7t=4XkZB zJzupX+Lz_ft}2f9fg<^RB+^NYX;-K zK& zXlG$0|06Nz7-XAwLi72jqc|`%4fl)Es&bI0NQZ5uv?B}VRd$Wn*;z>GJ(2dSpqF97 zfZJQud@b3rV~1z=m8dt6de3wgN-Aq`vrWqlZ#ZZ0WP4(J6u4lN^dFO---yLXkdkwQ z&xX}qEY2ZoAW<57vSh~_$8_%l9sFC_%x~DzH?-prh^B2XIUf#+q_AUvG@~c}+D*%! zycuZ=RkfJy9~8zGeSoPt^*Rb6$42^wT@g`+gzZgop~ zGb~5!p-cB(h!7%l^8svC#`p9#M+l=bO4S8&>1sk|$B7IzWGii02ZKGj7SBpy!pzTZVi>XwH>EQ&Ri6dar_dS9V2=bUqy zs<(gYtI#j;bAI6#6dg^bat4{24ApLMpE{ydS=#8G*%f2T@7}dtg`VM&>0B6S zXN@C{EP&h;@7rC4rGrgeO6V3)y>Fb+5iOVM!by-S6>T#qq>ZzCRzbxn;u zS6+^3Bi6Tq9G%f?W%mSx+&XMT6JXq6+3SzdNJMnYUznPYB_r?OVuWsF*(`|>MhV-z z^)W(kvZA4(ed^!vfo}H(#R|hjz345D75YxtdKOz2x_gG-L9vS>F~Knw3dTd*DOP`| zmR{`+9l*=&xFFTxU7@@cPko*YoCMjKf-2yv?V(&}iuYu!FeL9Ms%c|zy^}t0j4Jnk zfKnX&a~{^fIM&!r(y6oFp>aZ&sb^7^@(^?~>3e@(N76KPH;RA50{(mu?+6V%UB#oL z@zEYDDV)|1@n@Ylt&R|RB_+8{2c)ZKy*uKB=zeMcgCL5df4;p@fR?nMfr`(o{ZyoR zn~^U%4v`f~c>p!GUS=akiu=r)6)!{)XGg}vRQkz#e>{fbJfvBbXK|nqgw*0QsJCgZ7C;H0oPU*{cmq=jml9PRISF zjVX@)xp&eRF#5xn)+3VBAUlns_k4noQu$w0uC^MLsy>N77GU-{w$-jeh`yyY_)uPZ zj2LWe%w8?G!1{J#SGwkZ^ZA6JS}MKK1+ z-S%6`e0h zqlb_pMxFDn>LH{~BcPVPpn89KMzo7YUU`;Ocazp0>TJT_`*SuWIWSrz{f{gZ$FmTP z2G>vIDv_Z>!+Hv7;`-^{{yl}vA+KQ%ML-eBW!tb;Dm!WPlnVW-nv$D6Pm6g>+sL04j&HaDQ+`E8Q-`^jdz4y-J%zNg{ne)IE z2drCUoYY>T#~>8aC-oGgH+#T$rA|zxch`W?D%pMa8HhO)d-U2a@+}{MXiDAom{U~O zO>~xB%@i7gYNwu}K`|oS$`QP)v&}x|W6F;a5fId*H8Em>SVv#Q0Ext>>@E_*@=o*o z0BwbPUcVnw({05x8q;0GhFsWzdW}8ecD`LYwx;UK=DcqGLhkM&C3G9|$=0@j1y0Rw z#-D0(?0XK=*WE=@BvTDMP7Rkc93IFmcN~L_0MZIH1rw*q90#~{?%D6Mm0!qW& zoHmu_#)^b!wKH3a*YM0dlmLmY`)2bZ!+U$QeYHwGhu(}8!2^Du;>C4NyIoioO{M9n zW$6i(>V3f$$VIv4z_&7eGIyu3lR10ax1AzOoMW3qG_y^9?xPPCQh~`e|#b5;1=46Hig!coCneLwcvx zwH-MAM!h|hAcXS}#3Yn9oowyPr?|CMk7m?V9l+e>9^D==n_vv?h&v1}dB#0j7eWZYWijq=(&8cgqT)LfTnDybunEU??h@YRFR(~qkfQ7i z|H(TM{Xt8?X#g56lpcO{n8h8D5?ZI{`iKm}hLEmyOh51-e_MjuK+V!N2pImunl%c`)QBUi%Ft;5Vv;R zmrNJ;FU?HzIp$t9ht4I5jsXqB?%*71(^m}YI1(|TrQYoJ0k9?_&5Bk*bNh-YF`w@1 zE8?P6U9BuWj>fv`Dniv#uisaFMgJE1bz4jDHB;2}VmZVX2tweY;K`=)>&4I@g~&SE z!)S3og<5N-bJVJzh?ve3Qae>;tVEV#Mkosps1+2^TOqnHA6fP_#<&wPTnBh>HaVu? z*0G;Gm}8JPhI4B5u>2IJiX!th{ctFYI!W*L6Jyc%?UO~fgw*F$ZlxL6gdLsjF-Q#( zpX3()1ha<8LTWe38>df%2Ud5>y@rK76=}R0M{Yx7mT>)GNj=x4Nk{7u4nKPyVpIp( zH}IpGeJLK;b-);-=n6O;BNy%TSo$RyMAYvnvOh@0@6coYMQ6(Ik8w7i--krR|70|b zv-ylZY%gMs?;xK)S7J4C4@47R>5tU_wG0~|Mu{CXYk-)@E&tj8(eXMatr3-NpZnUg{h(|tGU1&EPc!uNj$GITF+!pdOcP25Wmv7R1sr7^cgpI@D&Oh zC~j=7Y>2F6<~K zo4@kDZB5C~WEl(^%Xu0!7^nS#-_lKk#e8}EW%_8a*u*n-PMYZGuYCnc7A9QL18Jh0 zxgMX{TFXlWg}7tesI!MNwdgP6Ec^@i|3FdcVqkpo*BtA%ix?>xtQE-+30KH=+3=+> zy@&{&C3Xe3G+j*ekAa7t&5!9~bckBwpri2R9az|yb~6F2SClzK%!_1%M$3k5hH5&; z3NV%Bw{RVT2sM_?q?hUAA!1m+A3jjwRTr@?LEvqI%|4ZjWYA5tjrAOCtvZEZ-0Uy0 zt9=sN!?>X$#<1^JwVBhpHlRgkbRB?7T2l*Wsv+O&NVIQ8 zuIdO-!1*&T&+}zr(l{mES0P7#SGy;SB1ISmG75hAHh*()AkGz zZpCDh-yBE-`^+L`0Cnx zDZf8Kw`Yo!f>6HAS39%WYwL%Ts=|%J`B5K;O$t}V7xoQ>>vnAv^sK2Wf}_BwkSepU zHwt8tF#T20YrilcM>$g(N_yJs=?ujZXICXYLK(wFpXMWQ8r0U&-NQw9Fc8p=;UYY^ zQM?QcaiAfp3376{$nB_%2cA6XE&NEfy$5aOm>2GnR2nlv#6;OoU%}ZYTRWj9OH>t< zJeaUSq2KQ1##u%iMu@1;1T+rLg-qbYOmrP;1(OUm?ffHje1z!Lbu-5dY{;esIM(## zH7Y-dA?@Vw8tODsWME0Xb)<-H{x*9pr~5}@>CK}zM+)$C)9H~SDku=0_h(wF$>a<5 z8AzR@%_GYwksQv*DbaT=Xjy zj20b()~UrT7O8dRZBWEPFO3%6EWdIWIiM$0MbPMn(c(dIhVB|8+V^Tw3QKWMV9u`B zMxbELEGs)P8a+`Z3Hp^w1Q~`i^wt=mi*saaZGWNAu_D56n2NKG24agAGw89gVnq1t z8dV2f><3hN&yuBf-a4|i_@7CR6Ay$h{mAGoXS{BL@yq;X+4eoaWwmLvbDS8&Yj*88 z(Y^WW?Dq>rju(B!YML}&bQ25c?(w2m+)6;4poOWttke4(!c}46K81WhSjf(S6-8Wm zpCT>8u=diea>Pg3(NF+7P6@9sieQJbpUTxA5SFdBZjkS}D#@n!qf zk|NUJrNvWG7V7mXJ(DH6Ci0Hn#O{?%ovc@$YP5PahIiD@$MezFuzE#uf>_v5N4$cd z#*1}$)w(CuxyRO46{7nK4^-2-38ExS4F(8<EUik9l6rG>ilAg#B z(Jj=eD03JN_H-ggB>SA}4Wdl0aE_WStmU6zvV-rUR)2(^QC~^=BTauy)gLER6c-Y$ zfx91W6Wrr)PtT@fxxyj7rood%y2z)Z$zoCj%NC=ArI}HsInk_>v0V}CeJ+4LijX-k zQ{80DjYAZB1JLDLex}=R5M70v9=JiQFL)g*bN`}4_+35yVGlv#T6$ zo)G;u#9SR}ccJE$D!dSHO%6$xl>;#na6Tz5;xz92)o&@oUE{afw*{_mJ%#*LH38*v zs|=ZRSg;jv+`Bl$tx{I_HgD-s!ARm(0Nl=6H_VJflG;}^0&=fbiM#=(#G_CH1eL?d zt7|d8aA-r0P-cr#?&P%j(xwHn#4acoRzzb3C^3I~T6kcb15qmr4^fXP;>kgm&nc=! zX=aS;2=15Fl{hZP^}F%1ktWxz!Wv)~)(LQ5!M&C*tnF_T)=7Bg=TobxA}eH|m4~ly zS;>}SkY|)$lUOS`rixz86|Oszo|!757zcQFD#&0#fmA(J3=mP&bsFwa<7wnHaUG-W zfKdsG4GNuc8I(#YoF-Dc^Eg%Oi=!H(1kvZ1d2CQGpetqe(fFm2d3AbGC#@oB_b#b*Pwa3d0FnE^ha*ExgrLsSW2$ccOY zC~5}QQ2W~m%F%Ma;Ub=H)Pl@>&BYHO4#w1eCM6@Ua;7XR!>%Cqxb`I@E3u}OZ$B&< zhjG_dnsH*~QTJ!++C;xJvFev55qxWMoXcQUWe7IPkO}xWu+oP!L`dJ09R6)Oa;!!B zA_qoTj{`$hcqp$WbthT8Y9CXg%eet@w?`fFM0A`^EwnsF0ItQ|fk*G)KhZKho}iGl5xf6MDtA$OI~J_O=a70e{L&EJyW&0?8(4+m?R zU(o8CMY#Eh`s(}zJ%6*f9&5<=H#185IW@mU^tCV+gO*%9_U{T1Uf!Znw}=kS73u;E z@fL-;?7BsSC8?uH>Km$0(cR&UbGa%k3hmNYqYSNd(%GsF7{CpfvF8@ic7Sp7$Nj$f zQ*|l?W*=@}`5l+>;m>(onJY4`2<^V#RcQ4vJ^k4)Y5Yvl$$twXA{(62mdzA}el@B# z?`@nVvRef+jEYr%BTu2tp_^uj1f%YKKck0ciB3k{13#m~vqXGig32@bQ&kJ>d6gy% zYZH{Fk71yd87I-6CM{HjgAKy0b$p3B&Bi_P8M=M8NN%;0(?eA@$Ljbg?V2s3MquU| zj3F3DUJe81J+S+#lBRsZxq*IXEH4d_m2Duk;^@Sh_O}9kidJcUr9rofNKgT$-zs`{ zKA~z^qIY%zz*VQ|Gp}*l?YdP27pNnMXU}7NCk}l~+pl;kSE>(8Hs0Y;ib^gzwtt3Y zaypF7twuFV448#56v1Vaj6hYeh9+{C=%f3pTWsaW@a*B=!{Bmq!#BF*4Aw%SEe1%v zdvuIZp&JeBt6i_`E?RCEQT^3jq+^nCL+Kck<4!Eg*pkb<-tGgzC@(BZMo4D=E-m3t z{r0oMb%s8*ilS~4^8`L(xeXe%P4%K71T8r}vru*c-SSp}jZxfBC3P6Jf5a!bM+B1mEZxS4= z2ZuHUvn7KDI|t!enm);^_G1ou6?PrvboNIe ziy5JnCV#F>MP(5$r6?$?B-`QZjqPj1KIx6kF}$&n0I@^f+L7kS*MX-wz#IwSX|K_n zb46SKE*ynH)0w#C?1;LQynfBJoL(AIekP03Cu6-SkDU&?e0Ze^yN;=F zUt{?y=ZVO{i@`IFeO(o02bB2hK%@g28d0eeULei9K=|^zDUj>ti|gb)^)zO_=oi`k z7DlpQJ%L%>&>^lGvu=sl?N|1AxbNO4=8NXS>^RHEt{0Edu0^69RW1;b-A$;q>k!y( zLYKsXeR}6TU{8xK-h>APzN?SeS0f21P#^e^Wub^lW+e^yd>TU!V-=gsDfjSjMn3*T zquCI0uQ$X}%!dqw?%MzmtjIs2oqe+oZCGQZ&3dH$+s@Lr3q=pVS@_=ny!zX0?g!$KY5(g+i4?3@cqzC+OUi^Q<&^%lA0st;Ncg%fp#tup>01cfJg*f5MrM%64uLbH3bCab`i~I!f)|CBpo8U6-=TEcS52kKbmEl zXoCZnv^JM&`Vn|EXfhv+kD)I5+9B=>Z6wA-Wv2YTD9G|^b6}+))vR=iPU25`+9|R{ z09|y7KA5aM7K@wBb2OI3-5x@;SVWow(bc7oTYc%kV$rT(;!hlQQwWcnKrAlpD_3y@ z-p49eskwl+s_#+NY&(x=<_%A5h#lx!%W*^%9{{uMJX$$In`4 z3NYmq2;b^u*>+wZIQV04us76PJtf;-YlOaXZK$<+V74-=&1vb{(6s8vY#lCK6ik zFyqgI+iCtX(X&ON5xiuL3-gk-qIK$k2mw37543Ld=V$+(9RTR4%w~;kJa7WHK zNHdm;&S6&6H%sda4Hb+kDLyZ#WwB{Nwe-kx(IqMs;W^q4tSY(s>4n#G)YBP|4^!JG z9;C0Ai|d9217?nP3t};2D>zu4*Rwqz?fwT9T&N*oQHnr&jEa|H#0x~cRyb9_4%vg0 zakq%?py&*h8FgII%8Yt`INLBYV&@0x-n&H?@iXnbTZBmTLgn4yQtON{WpcK?P{Kn| zI9ldtOf|%Y~+Gri(K`T|y2!aEcHRhID9 z!+#Yeo%l@)!Y|j-T>O#Q*)m_|XhSy8oE0LjV4G^$NQID_`N+%L6{JOi)q%vFW(B_| z@QqwPk4&&1Qf;wSEp5ToAy^cZ_etfwMtOrxcm~=iAipitwXSb$N-Wrl?_a^q^~&Q@ z+XB&MJj=&H_c_v|4U)Vv`dQi>h>RMyP)^*z=?0Eqf=^{>)|g|;=me)FzXP8O zraeGeg`#W1WHq7(zoweY+Y3-gp$0OaCO91ry@33%9L?_m+FmH)rp2IFF|V3(gqE-$ z|G7)z|0R_DROoO;A@!86ARt_-g7^Btph+QdRGa5;U1gth+2AKO{#R z1zTAdRA30;ROn&*WwmISH6VXY>guD;K=*T9+m6gFJK&3AC=26NP&eb!tw?k;vrgOWvWJdP)IFl}$cNwNHQU#9C>%{U?t4U>+_;v??-2tdwxbqY zF!hhwR-kNe{diW7lcS}qr68AxX~A>VJ*YQkFJ-vI=+T$K_07ZtD5!2+HPy&snGc@# zg$MLCB-FcxSYTvXDG~zGsy6=R*!XgB_CMtkBU+@XkHozu6ZN`PhV}e(Df5umL18R- z9$|l}_^iV8Fp|31dB-%=cd!~MXe=b>O5B!AKS^6wijd)qj~nNm<@tJpK)?l~p-ql< zSD8KyKrAbW9G%UJOiDh|5@;jdT)g=F*42^RZMwcIy=KlP5dv^i zq&aYL#-q7Ovr~1kxGpjejRM7n8Lu=JlvQBxpzee;bkI*GnYl7q+V6YllAjFE{PYY; zh)!gIj~+V2eyCHE=38$^`49t21i1NfwFlh)%>Hk)ygq;-Bl`(^kkz`mGJ5=|Z*|~o zpB=!tS+4=E-Fgl1pVk<_8~dPPNKx-^WC&%h5-a=hZXtXQSC_diwsa=B>nk(Ne42T! z91D@#k`myY?5gy2z2)ngYxZ6A%Nomo0B2@JNoNwPaZBEX5>|`R665&p)j-?v+_oAd zCp?cB-@mRFefhgU=%48iz9UiaTT^Q-`-%*31LQWbZU16r#i;1y8N0&TKOR}pk~Kuy&GkJAd_Bq ziw<$lOm)Pm4tKArLmu{FjAJEe5ihAaS9`auZZm! zuMd@3xIXbtDep*4FD8h}cL3(~#l0e?U=uf{SJ)TZ)fxL$WmzN3Q!mwGAD0j9p_L(ApUWbti4s*u(%TEEC}cud6P} ze?ir*d>oQ7aZ3UGtzHMn5`>Mp^6us;2sh<8+G~p-SE3)&^%Mt<6t03$6N2|ZO>5KO zEk>~RnvyT!<2^{>EW^CY2(h15#W_vA?-Rj&ZZUjynI_lWf#V(RF_G;XcsEbbc08{a znmdH?M6=eMmfRy~rt))!mY<+btJUQ#i#+tLr#$L|KwrN=uzgAo?k33E@ z*NPqm@7@Vw?wf#_g*|T`R{Sa~AL=6=)2eE_@o^Tk(yE7zk3Z}1fkj+Jdl(C^y5wU3 z?*TydVt!k+3~zJz?IFOazM0=XIFGl<{Pq+W9;(OTjjZcLVqkv`Xu|=X-)Q_g(Ydv| zNHv@5E^vMPn614&h3;7=x)zi?Camk>w!oD=F03!$xgV|)?i09g;eLU;1lJ7V9LMV{ zcyABa1+E8NKe%+b(QuRCX29JBw}`(%#^GxlzMxJ3s-g?c9bZ2@t!1mZ;2*Ns2Y17! zAF^~O4Y?oJU3qjH9xYkXCT{QZvHYC3(&qa`>VOk<`uNNb=h#>sF_a(xKSSGV1Q?Vf zrc*FvYa`?~4~Wdp>oBuR$2L`$;pn>t=iOsvkRd!;RJBf{J0B1m{Av)-?psA6>(QzC zJ1|BvE_-&?^Wu9adp#j?_B_I| zfa(S9(zKvQ6qscCbc2XX-=U&~>(OGE$Nj3fH7f2;PpL{BK*yP?rl4VPYf|bw4PyA_ z-IV?y7+hEGrnwJ_h_06rAKaWybKGCrtZk^jzCl}x-@|ao%~nC$7~1uq2nzH)XT;Td zZle|0KZ{3`D{c>+`F3wY!s0(4p4-37!N(!1o-D@Q`jlPo}&jY zr=pD_D8Ss1!E}0jqlj-72oGf~lIl02UFR;O)+C}@zWW3xKWSi>g9vwho9QM36K7)) z9aKu9SI5<=xqNZS!DWTabz_X~Ptd1;*18hQ0_$utx@O&OYQ9NC7A#jOaaF}0cfreB)l-16La3-jWo`-%LfWg*Hv6dNNs@nq!7oi%G()!y02u<#zmwM{b7 z{?ARKmvQR}y(I=z+>RwbBswL5kUJcirmP6RquR3=Wi~`zW}u0TSD+B;7@eCRh3;WO zRoO%0&gN$^?X)x0@?r2@=27~?kUqkd|MZ7N=Z>2-Mbku9^GY)z2y9uo2tAxX71AaGS z29uq;l9}nTw?Y_yoHv`pk3jUH-%s?@BTAoubu%P5kZiza5jzaI^Es7elp&#Q&;o%| zCtlF)0`p4YThHBr@;M??{#?|d)OR-{-Cmo}KmJKOHj9K=N$86l?Y>_)E^p@z79H)$ zD#YOpasFseQ$9C)eH_hnW|tAldvt@hZkrOVZXcsUdjCQLA600{4UdYMXn_NdGB?xS zFCG!P4pNzeGmqDSF^I8#Q_)trEDY` zb|@PrR@!O^j!VFKq*U3JUDWZQ^Fz8Sb+ttT2v5 z7*sxct!ISgKy%ljGp_m@m$U+PIew2K`bOiS_?34G^iL$d!uHUbr$ki%L&czExU}MF ztZWR?>+$r{BEi3Yp8|1cAAR$*SOQ%@GPx^wi{^P(S~dq00(%n&lBf|6epr)0=U3VBJS`jw-J_9NEhmqb}> z9x{nXON&1NN?bj#yzt!K3onUHLYAMSb-To!@`+P>178-)q+ES&@2Wjwt&rL|3Vjtq z2Q}wt(yL;D+`Nk_UlrwDp7}sWYu4Rz0L^kpSigK-Sl@g{Snqj5caOY9PwW*-LUwyO z?Hm@HePs=wjZ7=4XE_dZvwk8NRgIFrx1!t2#VmQbC4E#b28X=%A+IC6MkC2imBj3# zuKU2ou;m1e+b6>1`IaDMNT=^rG&dTNy&jpyY z8>g^Nt7t&HlNYt;I&lV=>hbWgW0TUVvU#nBPZE4`>bt8wY~n;^@lEc$C1TeWyN?Dl?6U7ws26W?WKTgBn5YZ7uHdP}OE!;gW8M|(&SsT~`(pQUHysc%^)I*^*_h6Bwjl@iv5zbPUFDL3jMyp z8hx$Gx+GL9qr!s_thLZ%2Sq~Ubi^zhKG6of5G7a?UJ2dG{5g&7x(l&@C*%9X+ADn}`d11?PCul*)nM*JQ;Wlkn zF+KApX2J4i^xc~xL%vf?-4A1d`(q{Db{NBEZUxox%I5!+OoftTNF`JoDNQW>hL1qzCB1bR#GjIvB0?;&;bLAtL}c!DltGG=QJEdtgz?Mw~`f-CH_ z<%pOI5Uq}i_Mzgy)lGqeGbE*|-=M)q(Y0Vnoqkk2DMx=oKF3fdTx=b~70GTIbqt&Q zjLS6tm}qZ(`(qxqj8O#XjlJm@uEg?a|1ptueax3w0F`k+$d763`|%ioVe3XOo2~_- zsaMBNl>V;hH^5<5t)=TX0I%9hJbDaw7|%|C{VAU8F2S|Jx9;fWcf}3n&}v2!IxL`| z<6@1B98HfO7cniHT|{%+?J8^^eR5oMY4zz}?6pC8mCmDP?}>h`*TD~i-ey0fywm5= z*!LhlFvIH|ie(~4v(8g1higTkc|}XNPen#MVTel{WTuCzj^JB>c}7=#Ys;!6Nax{p zciT?_3F!&~Km_zw|pUz_&DP}N_h z8MPSX-Q8nrpusr}*Q>SmJg!q|(GDC{DvF-Ruh7EhG7w(jlmd=cZ1H%t0<2a&ATDJY zwKh+p=1SzQh5B{Su*_OUOB0RyK(v-wX*BHvaeenKOuutZVCr>GuyR%ffvmt)LCPyP z^YsR&^(idBK(Buwt{cnIrKR{oKQs(z?x+7kk~i^DmT?Ia8;QP5*9onGYcek3BD@`F zsX+$3!Cf$>86JY%0fqZ6P|p*%!`ni3Jmi!v^dz1cCwgN|5ttF%JMbv8a@SQI!77+5}rBQ@z5E_GcFOOnW~SU1uigo6jJDTM$B)&vB^EIZrX4i-h(%&_U1? z!fkv3yy2=(I)>1~&&B*0T^iC`RW5}-I=6*$DZFLc7*6Js5bxN~hO1<*L^q&OTe0>S zShbrMOKB&?ln^n{+v?A{eN?++>7tz{MHjzRwdU=nFHeft8QG_Wb=r^6If!TWSHk+x z*T7rh27Du|55k>XdpZvJiNHkU%ZRu=Av9c|qA7@cT#HZOg6H4Xk! zbZV)*($mb&7L_HdY3`Tc=>NQiR(&Z3%H$WR;!AO3SZWQ%;^G*vx?S}2-GDyw^j(Kv z?d|7jz$tXZ%xcO%C9;Em?d9FghUYY#ygxi8I$6)faR|^LCo_fOz#~uNn!3On-_bhX zmvsYjzunnG0WpYpI&BXXX~DeHp6hr}89|B`hj4rCIo5G?5V@%6aY^r93J8j95@` z8k>Yx-4Pk#D9`46gUg1C2I@FYNs8QVKZ|Jg8vJDI=A~|X6G}C%;)e#tG9BxHK~~Q& z60UjUBGA>{!hQxv2ek7roj<&^7{m<^gexfETj7t{6Y?$SXCq#w^lwE-t6Jn!rrSu< zp509|zZEwn^&8B?8x}HZkg(68)y0?aEGs^VUz?p1?9RrB>MzgGRp|kX;m8!rzWA!8lv5Wv=ugc?eo>y?e=+S;xQ%DaaqIu-2kellej)<>k% z;;L*`nQ?^MxQg#JJR!?LCQD_G zWIsQmPZXxVuw(|~-CsOHSqOtNU|LiS)FF>vt`_Oie6Mda)xI}*7W)E{O`H8N{ql?G z*|r9a3*u~_LtrpU28`7i9&PFv>hmj@r{1T6Uqzz-v!9zx6Tk!YIlcBPWRh3vpFe*_ z-~KAb-3m!0-^2^0V{!dk5NbaJa9P^O(Q5jXWwKo>CN#0RWJeJ0qBLw}1NrA}RsdP; zQwl4(+9<_+;R`g-A5nO^RA=;G5(+6xXpQJ`pV|Xyd98@cNg2j~Ar4?x5EHYtqtWcc zs7I>B`W3Zk__qYC(dYs24o!a=ZQMj9<-?iO!D5FB6T^x{7>kJ2{ zT8h~bQsL5(2H+yN9gKU2cNMd;k)m%cOhj~V977ME7vb@|?|K&cX4xia0ncNJFJWLj zYj7(TQc=#{rxhuLiyijbKZL3@7(`(z@W`(4CFC->l-1F_wLb}YbLGQkY{L4orp9PVW0)SgJ`#Ju693dt^@rh=^5HzClZ_I zaoqj%d!6W%f%P3-kHNqQ-&-j1HRM`dFKGS%WYwVjle;FLZP=u#dj-(>ZukSFg>rKK zfg`}=9kdb8{{42Sy}KL(Rb3oo2rD4G(eR*br@{l9hO@V62mSJgh>i-Y;N(0g`?wPz zKpzioVD}(hJsEUpJV$*lh~EC|j8@o6b1vZSC6CtPF-EUc6Gb4Zk_Js$aVN8$Zblt) zD*Q}ZAkLO5E0!ww00$fWgQW_JTG8JZL~gzQxO3LvoaHh1B|+HFwpI2t+r9h z`&0Cocm&n90k|%(4Z~qh>3mEdh@%MKP^cEca{Z+T94;b9V6|!gX$)eFD=LjoK_Xk;)990%Syq+8o9zS!>V9Z6Q}t4Qr^3HPyKn};t0b;%vfOXsb^tu@K8J1G-p6S7U!rFM z$Kbzef8chdihUCdO~X?TaKIgd-HJmL!?RUcng^E2eW~?D5!_-y9pCN24pSQSx+o%I zIkKz1nX?Df19`(bq+!I2#X@CuZQX$!uFO#7T5=I6z*n^8A~0&jc4mk%gagEXiZMiS zAYh<3bTI~w{hwkC92@^tYzQx0DB{>@j>(GQp9OlAh(rMB7MDcJJdTZ`nhN);NorX+ z6fMSr4x=3D*C_6G;rb`mqo;&^xHXcgDk^DJ+Xv=jsKQqKw^}O*Jwq`&laP2trZ{Q$%U9|mgF}aPw)LzB|9c!~?m9m z8=f;RR5j%m@}+NE5s$S^jeZj{Ax`mU{~O=@cen^s zjj4E9FO)!Spv4OE#nh9`vmGWHRjmPW+5{v*Q&&e}O>YLhH%^#Bw_U}P znxJ9?x=(mH=zB5P-+W}du53$Ol|xTp(|$kKv#9;)1yR zGA`Oyhz=u~GGi}WhB1q=z;(Ks8GAk;qqPiX>~wsA85<{7_!-RD>(}-PooMJ>(0T4- z^fYSIhu9~^rQ-a@Vs@?dynQP-Usa*V@zjY#@=Ft2@bniHPzL; z*^g1L=5nCH0(~QH(9rJx!2*35#M}lJ=$Umo3-rS`>XiBD|G@(N88qARg!xYv=vSIV zP%O}UaFK#`YFc&b;3uz3GgzRD6B`Q(-dkWxb|uoz9M#@&na)6sVbqfO!qWhh3jJi1 zmy!CqtDxYb0a&2mNX$s>r!!K2Ob?r7$IMrzqnhZA|K_7!^rPNiIv=$kj2tUm`|3J0 z<)iM?2RS9&F569J9D|jaVr+W$@(9&tjncFGZ_ets8g0LUZ96bmI}F@NHQD8c(L%^B zf<~8!&J(#ZIoh(`s@V<<#qv@02!0fYyJ0gu9QbqD<6IWDO_HM>S2w(TO>VH`H{}|) zAbWbVL_|;YGl~i$^8dkM{tn36-UGGbFn=3YJJRfLp4Hq8sh1Jx|APm#FDF}j4c2FG*a2{WEHC8_6kW- z=s3UiPj=d`VoAfgwCrsxCrZ44MMMrch8Mn8$#I=+J+B_ec7nZlBQL_nbnL6gMZ~M5 zchJh&NQB*|gcI=}FM99c-Cc=NsUqoIPry1|^>L0c94pLrgYWy5cs0({I^yN~z8`6+ zpq1?B7q9A{M{l%}eJ8ZQIZ&-vXr8z$;~j%=1i{&aQBkmuu^luhWnruXMeLkg78n7Q zwXgFA!9js;6;$EtXL6PDVkon;eKgD>yBX}y&&BBlNkavg=lOOp0wXtmJyYkQwHDcF zj8W!UM%1AyDlaLz0oFb`;u0)mSOf6aNyt1hkm$aQPTPep5Ma#0#^?w;TH(k7A^{o<9J;x z-l1E{ItXqA+yuC(aI@j`8x@^fx*TW_t$SIvGmi}{UCk{`GxkHk`a)|N-;()EJ+FrH z3i{33y}jDVY$0QJ)5;(j)y}*dV|Q%eNY`KfmQ}1EKF1SX7935l1z}bndzsD#VKxtW znF51ROwg8l^7G0rvf&whS_yktzj|ynG6Y_U(cyXZdAxgG-GN`wJNNIR4Tw2n6Jmb# z*d};lvp~$2U8FS2GSkETX~fWJv3U zm~pkR9Q)QoQ2&~v^Xqy(~lkQy{mclTyQMBswfXR z5KJtQf$Kr{T3#zrWZ!75&_QEEWoVcR=UK198AZ~=$2q7VR1Sy?N4}oDs-s7g^2D*) zZH-=i>13!JD;(6dy^IJ3ED(10a!Yvjs+P!f(B$@VV2k;%e4m59^DLsr+soNv5j78! z-GjkK%L$THf&~0(Qx?(CFqsyNT49@3{#+&`^;@);!enO=j0QrYR~%?u7^>zb{%|3^ z*Fm;#F~`W|#f4PcK~~1qH5PPKF(RsJfCE`wK8(PDhdDy|eqhsW^j)~@?O%@d5~>EF z_anTc?A~Sp+RkZ(n#@Cne{;(1D6i`c|9q4Ep@+C2S`fY_*zj#KS(&8f(~#HVoM=j zSErkKQ-}Pf-HOu*E|-?iqt1~sHuyF`csK5dy8@eIYKOzNEN##{%8Qg^qE~X>{*326 zeGlgzjg5?f07hY!U>NVur4x~|^ANi*#ho-jcQ}uLhvuptc3N}on;W1EQ&7D37Pegb z&W51wd$F7)2pQd*W_ObFW|t>O>+5ib;NFHi0(Ttl1l%WZC*e-Roq;AF@QGeoO zh)bY9$=pSD4`9sMl2K{1@A;EbyU5U?NgTfSU>ZMm9vs1sXAau<@x;N&{CMQxOn#Id zbm)(j{3xj?QJ6+`7yG?`5_OS%;<8`l%%Lg6$k||Jz91w(2Zo= zAB=meL43^~UE7&sbBH?i|=kb;b2weDXs zlZ)lAr^JQD|6xc+i7T5NJzz-3#|oq4)Bvi3=T+Vz?aH#wnY;9|E6X|6EgCK86dq9K zI`mwiTMRl@GA>&j6AgPEBO1UB>0iR8IUECYD-zdsR020x0i5SmWx-<(8ehBJ$Q9b{ zl<5ikQut^`YV&9?S9%&MHkBYn4hzpd>8&^9Y2p-&w zz#EuKc>-c0%-Q4dEXY&3&OFYu7~!}DvDwc8LatWaiu1?e#!}1*VBJbmsh!Pk`inzv zRiS|#+J!?WDU+dJc9m&D9>KVw_Q!z5UK-cs?-J2Q$@KFHE5pF~+Ft9miFess1mtmyI8Ee=Eh;Nc2 z%}5c`nBpv&qe3b81Q(ey83~XTC2YJ*Xf}U_tm;Jly34R$aZNmskjWZlB`eXtHk|(g zwZInoDIpjK`*!xczo@Xg93-djphMkdTA!po(mD=q65Nw;&%*73D~CG>R{{4P+$V6S z;Li4;KCyDJm_m2N%IoBY3-nN|3=cSg*7Z2sWZ6$#phK~;muN|~v9hN)L6LDXEQAkx z*Nn1~BQ!2f4pMhRxQHrnPqVt!8O6tk#a>z2qY@Z`v6PtqJlmkU&?v>TwrY!NWpn9$ zoR=rjv-5fQ8W7*KX)jI1Uc&rdLS^DUz{er?V@D_;UJgVtN5;z=Vwa;UY+4dFA!w~Z z?^Q5_e=qy-c-eWReradiMD7AnCKqy(k555P#=#A}bk!QDyt&LcW0k58wxN39IQ8ox zyTt!%PADe-Vd-r=!d0U2N_xm>Tpm8xL*6Ry{EmWq%3d)%B@M|>ZLT^YaRDasm37&0 zUwbWAPcc~B-c!b=)Z;T-OINh9!15;3HQ$`8W~|n%0Y>7Q;bvE*8F%#^+R`*(rZoi0h6E!U{1nd-Y_u@8 z``$Qup`Yy9s-8ROhzCb>Sk~A{-}aMsw9=?#oX+~#=#FH0RGzs=1N+NxoewZA&5Awb z`HM8WKgch>mx%g9?Nc5F4v@VEhF=1(zkHV5jI&Tfsfm_pfzmT*<0z(0WzcAzR`M9YYS(Kv8z3HA5oO0NG z(K4joT>_IEZ0)#PuFsn`+&XIg&{X08$HNj-QSt}fl`0p8ax4yg5k-T4=>Y~;dSEj7 z4wUg0Ukqt1fq&sPghvbw9w-M6QJ&L6-L*P*sOyTyISw38JpA4DMV`cNpb)jh0j|;~ z3$LXu`H(RtuZMpqVA}g;#rJlVonWs&Y&05WxH_wqY0Y;4(ItXhFIpw zblI;U6&+|v%`w_6tH95T;4)LTwDw;SY$*m~u1WjiBNpaS zD2K%NK_F%zrt!T+{}rLIf`w1m6jJ-JHuhJp1=uoCD@*am2)ZhIT)3t9Ajcn*Z?4Q_ zEreLgm|(^@ab|ewifB&8dL$0|(tSf@#JD9WjupkxWmD(bw22j}`ASy=>t)azaFR_s zRjnGZbVaB)ARH~5irz39sdPm+of#tg4t9H<%>tnYZSWdgCEUkwKf~`RTsYp(!mWmz z54Y9$1~ErxyrCP0$|7|AsiE>Z9s$E-{J+?>88l3$BJ{3dGHMXZ2Y7W&4&yP>zJW$0x+V^=$}pWWjoXIr|PPhl;CXp49Qls z`(>z7P0Ns73$mCR2&ESQ1Un6!pK#`YD+06bLK^J%bS=vWz*!q7)qZM1@mXTcC5 z5)|GYV6v>N#T!&mdf9Irn9N)fp{^EL7-SY0{Ly<%kk8SUqDK`L$Y#{C3Y;HfA!p4X z&jE^oBWThwa)hNAH8k~4_jj~5;OVWvTfl60dK82yW|x+nL4mdAfX}4bw;{;@Z1B(K zoP#gMILCD@^EWkuKr5S+w>y1gX~`!(sYsbVwzT9V;JDM1a!N~1GsJh)9gQ!KwBA@Y zSybc+jA_n6d#C~Y`W}7T)5c8M8*&pzGUYhA=LQNLE^m~_Zy?8TIb3c%MsEy9Tf<`1 zaG4Nv;cr-mzHHeG(_Hms!+YB_`vvMcLPp3VwUjwR4w1u-(wY&#z5bvhBd`LGJ4&@9 zWFeq094Qlf#^y@vWVq&&L5hT%h4*~8o;OHq3fu^|NpLsA&A)*@8Y#P@voDWSTXFkQ zvi~SXNzs8#kDw*&$A9jUv;Pvxe*A}pdw`o2S{Y17Ua)gF$#!&Nl@r?Tm=~EQ9VDn~dbcweD9$PJOJ)=%6&PXiCDU}YOq?~{c z*VEprEUBR_qh*>5+(X}umR*9m(`T0sjk4?=9*8H_xaW6K`!PVGE+ta-7};r}frTo0 zWY#Exe4AV{D(sl2Q!mW?2Cd!BILsCBgf{WHDk&WqBUvNjr7@U9Fx4?u#!jf?TD|Fh zoSO;SY1*SUx!PG=$m_Mi4LY)h4I#B#2&Hevb&wPJ-cemPR6>OLCsxC3yv`gs$ZqQQII*ccmXcRRLggEv!Id662d+0bBCtjra z<79_+nu^SUl`08$rRzWqZ5<~={Mp+X>N=p&!Ew^ZORjwIOGl3ZEw5!~H^VNg5KSJ0*La+^ zbb`ia$(UP*Cg}jnGWLKJscr`QY3DEfjSJYbwz9pSaJq~=Xq!RGZ*ya$j(>Bc+hBo&1!)&#U1l`A0)YSv9%swrRn~&w_e7}?9%j>t~V`PO_$**w)kGA zuP4a9?VswSSIf)JQdGn2Urg?f&z6(Jl8j(`fGTmVQQ{tb1U;55I|P{l4G7Qd(&9@9 za=*W&#br94EvH%n5fFDQ-RJ#MF?*}^GWDA%Q+zUe3vy1B25B1HFo!f_F z3ji+(WTP;c)q&2-%DW&(hGy}QkE<_zjMvN313V?GJ80wQ15Q^{e#eI~QD7Dx+*%l3$bshFb`J^<*fQ28exX1Gj4Y0-GP z!ZkXQE5k=aQ*o|t^SW#w!&bXx$HIbCQ`wSK=&ppRTCEO)Tcvb%0GmWRUL1-xqH`4s zl&c`wWZ7^SJWyclXjh>3+B#&bc1JIxCi7{&7UJ<>xl#iQKYV3`+za=8&-=Z*w*!Va zSTVE7*{x_FZ``36G37h(v%eNUtbt$I=AI5+IMDkz&2uJ88=iPV6>bfTPkkPG{pY@WVEaRI)It=f2)x8GFlpZovpcWtPMH{FS-WoLe7;w zyCkCewGCk0SBI*zUvinnwd|LS2Pq)j7yzQPUvBm1#7)^R)y4C*?3X}*t}Ou%Kb`&Z zRe#zs6{l5PGk!4@0|tzM;nQR{GYg>Dv@RNro+dY8Z#g>+fq!j z*9Kq3LfP!v(5qM|e~RTbg_jQl^i>>`M;k(0D1E}FLe#8qP>Opj{j@~1p$}%rc*f#p z$m{yYRq=>1mzC9HhbTU@|6a^NkpB5(Ri-$bfqrB`)#%5OShEaeDATpx*9p2YPfm}m z!%g?UabL1f-rZJEf&&#lJx(3;U7n0j55;WG)ynThsuO&x@R3vJLVWclwMMae&_*uA z`;BOgT!?F5qVYG$J{`~UDpi@mrvyCe_@T3V7aj=nrN?fP*$Mi3z-KbX*uDCBi%+V2 zbpAmjjIqTxUZhSp%RXZ!{*4W+x0kt3XaAe!<}}voE@*DW{@1L0Dx!HK>C820Dw3B2 z5bA6PzetbYEW--S7+yMyRb|>RE~tGNCpOp=E7ELWOq^iSYS!pY(!iKl{esaV`YMeE z<(Blk+7#Xx1#b+))1JEu01g+=Dgcyxi|k%7ldI*`O;a6Kn4D^J`YBFB7__t_Q1c(C zXIBrb9G9wQchM#+ji~Xc{<|6Ha13FCe-QZR>T0J_RqX0k_NySfYr)jiR;fAA=>x`9 zPXKoTfEK>i-j}LxkuhBtaGnkY1@dE;v1fE`OosdKZ6K0Bz^DIA8KFqm_NA(l`RejI zuzIvDx6H+BxBZavpP*lAS0@5cXpT2*wFg)_#4Cew``XNB@JtbNA||UD+N?o6k}FEZMUg7Z}Zc61k(< z&#FR9ZxUJQUY_$Uyi%aTy5t^^!02x zTq$eK)o%KTdfY0*d%Xo_ou&$LcYDM=LcQ=Cl2sH zT>lq8=-VqBix;2YrurW$ai44wAs{~hgoW)*%CDn8^s`-FH^|@zU38+cp#Q}W+KYi2 z1F0o9O3&?NyG?fPXut@%3Wm-N`s>rQ_BMIFKeJClobJ#E^!{zweIL6-wYSNTUQL>O zDoCM?OpZah+LWh_B4aTyW*jBu%XBX+>j$(VAFzJ8_zzgmgR7ts7DOJOd+MLC&NhLS z_dfN!UAF%hM$+{^qC0B&r2StidVecwnpsQe``q@=%pSj8rcKa!NVmVIn)<*{tkwVE zA#DL&p-p*6FV~=MM<#n4 zcjs~XnnBms|6kS5ycTqZ7j%<;8#Py^ctM+v(|vRQzd&y+xTe$(KJm|%y*O8rISoik zmiEUndT5@EmHUp;JM(0Z;4jrR8Y_t96^QSamu{uz^JRj0IUg)EaP|+HFFQmm0$81H zj9+7En{gB0=t4#NR$4M&-rgY`DYCU~M^)dIGwu$sAo6Ql&(q)YW!Lu1KrX6tT~~bX zXj8PzH+$rb8BYI-RoLHB7hseE3z@z^j%>xzfSMEnU&+;$(klz(C^je{7J?LqXZM9* zmBn-XLNL|gxpbkto}W7x%IhNe0Alqy7I(g?h#Ao@`Z`04`j4A9W~{TnYb_$xEtEZa zaHK-yq2l%7cu)xpHrls-;i7Y60QoUtI%aEWl{D@SIkY3!4U@A@iBSfs%5ih?0sq9K z^x_>dvBN|?$~GfPKV+a}G_~)3qsw>5o^ryY6u(Fgo-`8?bF~gl;;F3!tVU_RrRhA{ zU?*V=M!6~risC?mt3)RbE<>+3EHe;?IIx)xEt0*%>aahem>b^V#DV2}sL;zWgaRBg zu|QYYJHiM~Q^7WEM~%vhIaXWh*LYOt1r5b+M&M{wW3Jyrr{COrRwYmWCIxQ=k$;CjQQz;PU} z%fS11xEtVZftw4rBoaSGaBet0=kpogt3)>shxm;Qf#B@)KBm zXj!y<&-*vua5`Nv zZn{Jc8d$6H`+uCh3wV=7_6MBI8`=Pc1W2KULJJhATnpvW(gFqAQWR=xAq6RyRaRds z{uea?R3OFl7D5zPU{Fy(UDpdL3PKcYi(m^1h>FTCsJNmIwrW+xf|Y!~Gn2GM-EY6= z%k!MfymL8oKQnXY%$c*$l@WZEkl>|?M=4FnT(|}m=y5^H&H#8*hoK!MRj)kL-5zD+ z3sWhl5(mi&)#)$e&-qwy>WM^67W6x$NPC{HeQGQQ;v9egJi3 z*d&00{xwKDXp|UO3DO8Rnip3&X-;3`R<@-=Bqfw!KQryjv zY+Lj?F{xbR`GEpeJG80j?Wl#PV3>s;tSt!~)BzvB>Yzy34`X3J5_sRY@ zB@1jF+5f*v6&p0R;l^+ZYT-MyZ3+RE!mw}($5jfO_sX1( zi*HR~fPPl_{cSJh&@3O;YiZ&O5#b>Pr9(IJgw&6#vaqdGkG8ez1C8%A~V8`^~$as$GgBLQB0G1*4JmSJ>t(3^n%Z8z)L z3jBcJ49eWQmikd@hHKy8AT%fm9}KZOj|PtaGA zF*f*WCAx@imzmxsTaaWAi7bRrCK*HZWk4;V5PDyyBk2nm4sUX)EzRAWG!y;X0zRjt}q$OWEBlSj{bE zY>ZLo*<~!DXCun%5XN0HW*`n(!$u79;?*O$yNr!uzL9%&ma#RgQ)Z;ey3l)dl&@1( zq-oFON_LA;J`9bestHR~(wvLrFoiqB?Y~Lh5HxkjnGaN7`2?f)y~027LOiJEl}&3| zOe$%00ZRcopH@Y!sojc!TN{BxxfKJ0(YwG{OHW-Drw5TGY|M8^VQZ5eTjP@u@n6e^ z^vy+VjIij!LVZq*$tpuS#JuiQ6q|3ttXKG!wJhCDiKL%&MnYi+DTR?T@8NubIzZQ~ zr6L-rHA==$Rz{XG<|t#GGHR63pbTp#86i~}ii?kxE!j0saFx z2WSNR0=Nulw*^AsfWClkfF!^Oz*xWpKo;N{z;yr z`9R3N*$vC%fTsa30CoZP0^S4=!ox6+13nIYe;P8sgxLW2DfE2_rtwi`H3KYw-he~^ z;TQsQ6d(;S4Uh+z4JZP*SKzNZSpek#KVSpk5x^6GX8}6^djM5{Ou$=!BY+zL9{`F0 zw*z`26aR+!IY0ou2V4OB2A~B1{nR2e)6-;Lo`W&%KK(cb^+DA#p|RbdzD(U@Q-(%P zjQUDaMy4|C%1|u|6{imZ*~5TsfM)neIAF|H{_y>5xI6PnM$b@|J^{og8)na1tOWxxWZOr! zM6$g?wq&wBL$*w^Jw~=!WZOWtC1hJmwi2?@7BR4eY`Ax12n5JRi}SzfHfB#)`msGHwr;d%!3T*vPmsFcgNnz9^7EpR)tGWaI^k z$e0#bLPlm_B^hafEo6)e>?31H;4~SD!!F@q#2J(8?40X_C=VzdbPeEUM*#XcF#iV{ z5DHB8D99RE3)NgF&(CYKCI)eKCwI0%_k-vQj{^P)cp0!4@D|`*z`p=r0KNtM0x)i4 z){cN^Ks?|ozyv@FU>YDFFc0uoz~2CO0XzUdfCIJxo(H@Ns0JL~#?q}H!14*;ETA6n zBj6&yfF2nM=nRMk^aqRt3mAW{U=v58&VD`}TzoiKV3afqHqP1yAr@l^CfBJW9FvkCVYpMr9;O>C9z!(mt< z?XhE|2KPY3m2Rw!;`eYipkOItKRl-bJ0rJ)UL0T0Vhb7 z8WxJ7Hc%mGk!II7%MiVu;6HJ2qrPk4ahq}G`rdPV=4M=_T*M)lH5|s4&ERhpHSns< zEXF;h0mY0=IYpY;%2r&)mT`v-`AdDAPUxI>s_XgwvX$`BhxW!Y(ExY5_zY(S%GHj0 zp~$s(<5?;Joed;~T`j;|a-@K37$*TEbhtozH%V^`CeWt5ZLo)eT{UftI!F zqmf<^-7w=78pWjA5L_1|ul)5H@V1MjGQRsEmTorpqOUJY`9*y7ohALA00$hK05Gve zU71<$Gko^L>?(7S3^u2fmp{z!>n)IGqHrx+=2r<4XOr&2)xX{d6QjQ_^bJ4}e3j}^jCd><+?z}uJ>apl)uTIkjD!c69HFY(`A>f9BdlkU zCxlSV!)qF7o@w2T)A^yl462lZcIY~cJ`2%g6sMy zpV`Sje}u&)b_}`bM`WBuh=ZW0BrpkRFfS121jlMB4(jA5Zed-F3!lL(f(?k?j0o3> zm$pzMSY+mtn>mi$9tpcS)?EA*I9!o|bqHKPYR$!F^|^sQ`>(l(oelYJp-)@Ng}~Nc zCjR21EH*y?0*-A^|9nV+fw)YXd{JoAjWHP#zKadZmn=B4eZaq7d8N5}OXC{xr7qKy3RitsAoPv*a&E z>FXr2uOH@v9%l*WE%K}SVSer7tgn0D%W}1{i;Pg_B$k-)*A4`)?_k+&im~elWz<^~ z+LH8mOX<(3ILq#-M%=1eJ{YT>Bfz6KQj~7`c{0$jWVF-G=%EfVOtC!IY8f$>(yfr+ z`2KOoX(UR&#)o*Ht*n=M{oBN*JNgixyp{EzkRbh@cu01>`e;24-#`~5oqf{TJS}~d z`HtH9X%KI$HKl`2TBYx85AkhV*;V!vGTRw4tQ9Z5L63xdLdhYLRQ#|sP%wQ5vrY#X zjPgf@1P|QS0v-Tt-m$0WHa1clK(hN_MYT}SOe9k%I&PFXg=~F+j{d=yKE-Zjeb@3& zp29Z&qs`p>59TMSQvMINA?D9f40(`GeVPr9CEo>qOhNp8Px;gAuk?^X!#{D<5b+7l zCfxqARp?B$lD6Tf!Y;l)&4)b0Ztb?@Rl14M3_%Q?^u5_db`yX088)MR4Jzq6Nslf+ z!}@nQj!)1a3P=K0`+ni0o@E2OoW9bz>=%B^vn=6Hb6y~h-p{u^%Wj;u1CfRtYn!V7 z_6YI*1!BhH_6wzf(-a6<5=T84{b$usAo}0WuXzq^ricE`Z-0)>V>MO$*mIaAZ}amX zp2MxBWIrGNJor%H?j%~I6x;rEMNd& zdKDl4BJ0%|3{DbA1^dP9-E)ZF_#(?ib8UZ-_3Z{PaxGtkqJzHrYb(z1GcU62JbH%S z;F{u_HY2zcudFSz1)~$O06>^Qp-CFYHvguXYe#>YxkPuFbz7LpH~&Cw1>rEl%Xb66 z^CdR02OVEPW+BH{UZj#!a@c&wORP6NqXqU*oy-Z6h6abQU_;AY4eXYrfDTwdP)P}4 zeQw;rdO*-Rb_bi%p0K9`MNeqC+rh@<#3iECp&GVxx&3eBdjrkR5r2yI*0? zc4_Df`g`zotlV z16nZAL8w_jjoj9E&;ytT_3g0hCuHFk{xPs#Dt)r0kGUP}-H?wy#2?tr#?$2#DZ33eUjgJ=cO2rUce4z3a3}A%hYig9@m(~&RJ(x!d&_fC zKTx!bf1Gr#O41Kv3>1n;9PMK?)#XH~0F>N3f$gf?t(*aJDO`i2aU5tP14;xMlb;Jo?BJN(B08)u%;kNWB-C4A&-Yyzv<$(O#yhQ%h!!GP^0 zsvoD24t<3THm8K|evM7r6?Z{Tk-BPw^`Ukl8ZLoC!pa-6Y8LewZ_4K<5cnYhd`kDBoy)2%Y-{p(;;#RWfFt6ClX0nsB z`A77<<}Lo)Ue}yJ-}7YM5QTe3nnx$8wWN5De|@D2umG}Bl;9VL5{XFKej1Xzc^@0z z;`w?T&qU;X@*8YQCRI{;cEH&uT$#(P!gZvzG7sNF^@OW)yV?-TmaWIMI)2~{*5BQ) zE>uE@VHN)@yJ$<8h_D}I@H+p_?;FrT*#U>jR-S~!!pmpbVZ`B3fc5>3FzZ*x6ub@d zMZjpdd13Z59^p4tv3`T7_x;o(btE^5LO(@S#~bG$28sW>~Us&1+W)z5FlBDE!;u*#s%mBx+-Z}hQwh+9X5oh zi{4Zs`BLWxK3wI8?#G!;ytIa;vE)~Hbq$-=KI?tCo{f8-TlTY=gBd>C1HO8XS>FSk z1bhbg7H}T$E5HhW9N#>!pE>x}{j4MZdOwb@W_`$QZ?cI4O(=##>{^cGr^TT5eA8mm zrzNb8$3>t_a08_8g=Kujn`}&YAodUU9Sp=7b>Y5)M{t($V{ft^l-IA{Wb=(lJR4(} zD1++&hE3B4|dWg}Cbt5PV^ zKU;=J(}li*qNtR_k9Yh@#Jj5awpup0FKM^(u4ZF zp%%AjC)DuBI&}Bw8a|?qjbwp0_ziU|&3q<_ig)UE{$!oJQhBD1xFDMju|e*3>V60A z`SdLe?rx%`OxKRcYpsXRxX7);+9}2 zS#bx4sK_O$i;>g#8;6w;Qk{lW(3{Fs@FV+g1G!*%f~@BDTeNM6UuT3gwP8; z7}$`ludIp9lB!ibgc<%6QLx&j10_M-$e%@=|=zPuQ2p9)L$tvU%N6?BpJsw&@rf z(`7mKl8CNenky7ZxAL50?5Zvk!p`*4T%q``n3o)5Gt9G8UW@sOV{CBmO8KSBRk}IQ z70HCw#0BEUEZ*x~HhI7j^mTe8qRE$9D4s+}+&`jf4ZTxGbCGD^Yu;sv!#o&qh*bq3w@_E;i%k2C;7ffB#)5A;c4b#^bEttj|#)PG@QbDSUD* z@l@|aRdjUTsBb~)xLolzR{g$+pnM)YET)g=#DTE`nB>GA#K=(>s6+RbYjJ;d`EfRf z+VZ{Q*bCrovBu+U?Bwp5R9#UeRdm2(nCEI=Ql<1+uJ%;NAoZX#(sN%Eyo{b|YX6|~ zuWRp%L)R}o?40GRK!$IAkHz=g4N+}xITpdVb9Ws7!QIq)SkRp1Ti=6T8-zRa9veB3 zP`*wnc{N`Jp-mi|!Cd2fuMuu}&p+)oWO3a4>^+wF8t?D{%c6%FF^-^n2<2-hZ)X(f zr_oZNhNf5etsh`jkE4kPK49IWXN7l`POTP9kP+&w=6xSPiV^|_<`ZmiROqg)uW1`1 zO+3K{OrK7qconX0oBV~wwU%k}k>5*Lb%O1o2(C=N8OcYZ8@FBOsasS+I?3|-w$4e*>ri4&}*-=-mnS<)BT|;Bh*gA#F z1guchFW(!2QaD;&wP@;YL`Dp?czy^q>3;;Qxd%REb~80#p{QKU&wa?!x_z522cf4* z4$IY@MZl?OpK^n;a8)GsvK#4(I8C@kt;pve%sXh?S3}n)oF%Lo=9gqTxYu zp1me2zq4=Z{byjYl)Z^wq}L3<#;Laa1^5`n>>K!&kJ+`xUA*CA%)Zwx;_)Y0_deqn zQBG_nRW%4@a2Cr&As#?qR#YgeR`G(9(BQXWAV$wPu@swsJO;fqQ{;S3G}lV%bHJa| z_bGon{P9^RIDhsen00&4@b3R&gSwoAH#ANmA-o`1D1Q2t=lzStnR5q`vwIQ0<6k)b zSTK%1`7d^pd+Y*9hVU#OUEm*%f_hfZV5>4ps;C$SR|?evbri}X>cCKgTtg1`zBoA^ z5w9Ni3qh!`5e^3ZC(6h0<)_&k<4k`1H0#mhA1CEp+!78vCmOc= z@@dw`n9O^B!mf@DQKj-FnAkxXdWP<(9-GHYK4ELShPpNctqsnukoEn~T|Dkn*3V3I z4v&T}2g)u%WroHmLN z`iz}QcxDLAuV?2%ua!8Ki}BP50uH8LC$Lbx6U98I4-aHsB=gn>u9g!jp zF?y!FN6AEktE(P|tQ3eJ=kVq;Y`}~mIU!PJDeDVd>bWD|eRdStXOGhIqbRC(c7qdY zCmx>;4ZFVMg2SZA@O`Jraa}z2cGxpU;0IQI$=d8#Cf*iw2P zA0<_?nJr~sQxcn~&V7%gj0Zl4BH#5OHF$IsZfn=f#sB#72c*kC$)(~ysNC`8^lvF6 z#d?%ASBH|-nfOk?x9|Q92#tkK`X1OH!$> zbz90F$9GAU^mL|{RDX*o2Iq*9DrFf6O}TIg?xBCNTG8b)p7RCkX8aGo{tMP8k^+t| z|CYPIVBOiEbk4tE32sS*l0(EOSzH(&$}eOUC4utYCu=n`qik}9^OoRl>J_SQh_}OG z@$O9p*4>8ma{6~oRWapd^#1;G5@@meE2JR?@=zCX_V!e*G#dEWv#hgmDbGF&Iryw7 zzVxg*7aqHl@BfN*qvz3qsjhqj@<%^($hJ8R z`Gz+p!QBEG70!h+efi*UzhXvMjTlhAoLpFaxh7bqdvi@SP^Il5TM2;*b;-K8$brnq7xZ zcW34|-wsl<&h$5|0PA1W2>$*jtaZ;HO+RT@kO#J}sGe_{a z=ioeZa9NgK0}6+Ox_oR^gL{%tdhuER-{?R})IEUSzC2UBi*5y(drXtPp{8m#l~_D- zJvC8qHMPgd^%yUpk&ED=4Hf#qT-C24;1X&s>_qlCh{5TE5Ap z8~P~f!=sX;gQEU;q&$=wa9KT*jING&rEdcN@*G_tV!ZP=kkL5LCw#+t$am(bitd}i z7ktCI_f}Kr+qLEAkwc@ef;uvAhI;V>->}{TLLIWgKxM$sAu?>J?VMc7ylRwFgZT&F zV2VXzm%f1_|3L$Ik9z2l4M$ysK1#om>i1ERm@GY2OJQNSsa{n{7T5J5GVjVS!4+}W zHI71&eqNF(w8u#Ao>a70m@s1hOp|DR1PC)ss0z%|QMMyt@XZA>A?Ds3Y0GM+1XVQo1jV?>UDU4HQOKd?9(^?J{W z7zpfPdZnRt%h^dlRQXh*NGl&0X{Q}f$| z|Dg6Q6;tEzzq`cQ7p(KdGDE_i*M4N>M)pF_J(JI~8ly3fvkR=0ZMvFQUSJDY$Cy3h z0;@E#mEHH;(ZrrGTIil!DabUc(Fd*;x1MJ<-v1Ko!e(8~$6mtWQ`Xhoafuals01CN z&^J%yJ1?;zeD%*P%2>wVyTlUPAA_cig$uk7t>?G@%wlTl+cva5R{0e$B|=Yi8Z|9B*d(jcN3L zkEQerl)2q^I4PZQR+joJFlSKen*OrXr7|M8{)pXf4hDo>{5+W-kJNgY7s;=W)YqmU zi(q?{oyXJ1=E;0=q!!)7**-PK)h>|n8BPTVNsNqkD=!E_Rhe}%e<=v%jf?onAR7|9 zURD;=F4EAe@0#x~CyQM?u`y1YWV~Txkv7-3Xyb0JkMZ2b549v#Gl}olw4OZHsO7Sv zNt9rZ{xK*P<_n06kpcv_P-7~EUb(w7uw9aogk=aO4LJQ1PMFiM?^g$^`cfJD zOfN~Zu85t{8rv9(ean@xCm+yP$mmbBMDMQdUcNU%u8UfeDUspsZV87&DYF)LsEXvr;<30RIEc8XCQ5qo5t^1zFg%{($58nm zgntXin%Envm{KZ@Cgm9LQ(F8@E&k}DssmYNYxbTXJ5VHc|7hFGyhhVz8h7x{CK%A# zYSQ|!sTq8wNgH9jfp4eJpVC#AbIKSeLSHN7*Q=qgE%Iwqy6O>A+i4H5bK_OC66y7J z=&MwIJs3N$-hEIOymsd_MrOE z<%d&#n3u?p*{M|cUOd;V^=2K%@|(@t)xCpbWS{je$n~zyrM7(#^MP7JJ~f6PGi&47 zq5ix>duWBuJwOII2m}4r zm+G^d&VBPW-`h!B@Ad^3chIc&0Ac`R0W$#?07)G+>*5H_Is%Xb7-z!0bHJ^Dt$^17 zCjfDgnssM8&3Y7Y8SoOqMg#5v95q8>F8RaU418aZAHp1XtLDbv3rOrU1bPJl zq7ZOrd(CQt{e1-53wR5D?W2%6zzp~u29k$hjzZWGKz0`98koD`kDa;o{{Tk;j|092 zTt?Wh;Xeg9ZvYrOY1UqVui@_Agv1X4#=zlPz%76hz$GMdBLZ;Pzel7klmP5U3E+Mi z<^YRk%>Zmf*fj|A8Spspy%bOZC`00B5$-YA1Ar~a=<_H{W4vZH6v>|(|3*eu&D2i1 zM9_bvxxM@->d-N&Q)i2{OHtQuwrC67y7!2QEh_2>Td%mH-bF=y;){wBiu(2|D(as| zQ3ebgg#V&q6x4}oRm3v z%G9iEa?7E=X}R=YG`*T9HJ#!MJ_c|}Fn%1`>U7Zv3fT~{z`wxg&}InJ4TebK!2 zw$4zs2bcnw3s?%M06YeG6>!9jzb^on0NbLWeF^XrnLSXYfVHq^1D@!jS$_o-!9KIA zW_=m31aJaw-C{KB{eXkrHS2KrABTIRO|$Mn{7rCc0-S{ZFMxTmn)PGAI4hb8;O^HA zJs*})@XQA+1-uA&0g<)>!QBY_9bf~(h@P7DVIUuXZx_Cs;U9!sF>v(h1!;D`EWm#F zeF?vZ5H0}d30!G_M7T`_+yJ;2;c9wmZtKUeTmVGJY1YwzYXCO@P9egraK8)oZ7`SP z`|q$n4>$;zgKrNqlYs(EFsBm6t8eoV>hgxzn${ z1|Ku>W1XwZjcEP+2?o?|$ zxtn&p_YT;O18xK?1*``&0u07>?HKQC(`-E1rkQ$crncMn!eY%gu~2;4j6DFh)7lYaxoY}teL{RCLEmer8L2mR5?xA3MBDQp5!CJZ9_m(H}fK7|LS%*$A zb=>RSMABg)R-r4dwwyL7hTyVXyolY@jCBmH;YQD+3p&Mk)I1*9DQ;INdcag+jkOwf z_QYw#;kAKSFm$NqIT$Cjmw0-#mIQXj;%KeE`7~Hn`NG|w-yf~@>_%IV3pmekCS!ew zXWYf8C;7f;Eo(RNMWK`YJhOKjNg)2r-sF}F@KD`Ezl_}K2+ zG&60(jpDTzcv*LCBGSc}9q6X*lBaqlRT(V?%D=?-+6vOZSShzup6aD7erKiM3F+4; z?H@|}57JI2LzU(0k(ad<#3rqjY*Jsv7TCSzHvAI<=CCIKMV=`42s`c(+9T@x5q9uvjHS=52f^eeYQH z*2%Py5{~W3mwvzRVY5Q+zHpL?&k^Rhp?>Jsx@)GxfiO>!gO+wQzRw?t(MCto>pQ~S zj(-%R4WWZcEmj+6Ch>HV=-^XgwWQXsJ7Ted+KNjFvD!@cU=-gW($6+a*3$=I+Yzts z9hkoIIVdi8?>McO!UDU0l)V@QB=?Zxwy+~{lf#bd!j6mDI4%!6CcrUV5mp> zx3{M>{t2Un zNnmnQzDa-LOK!?H>rZ^iP5CDO(N`-^W_*2|W^2jF=$7EAe+*tuZVFk(pZJoS^3D7c zUvg8vf!3}a(iK-1Q%;V`o8+Hcs*B$er?v3M%D2iORPoe9TLOjZG~8>c-^)P|zq-vJ z=!y^3pZ`A&0vc`f^Osu`zy629P@m_v-rAJm10T5zm9&{S783Jd^=6-?Elai)?3Oes zp@SPk3$=6CBByx6jFa8WfIM-Vvh0dM&$lf)ik2Z7=sX{?qwH=jD%;KQw zim&tZ#aH*y#tp55coT_C#gv`0lwCkBQ?oBS7ln>4q*PTfS#KDQnW1+H|GbYzOm=g; zHsD$-vU4FbGt=4A7g;}xt8kZk+4H-kC7WDxfceX1998%&3vnxaD)rDD>THNrwaE;#j{tq z%ky{0@^on3OG7uMV)vw+;;{)@*O=RzWO5+OeNZW-`+*4}4`9npP0&W+T~%3btLydx zr&Kj2qtKl+pND24 zpN~eYFEdJ;9Azo}67KfkomskR1a+iOqj3h{d4><@uMLRHkWSm-gml&ETX45Ls7U&n z-_&0l#x5S<8)5c&`+({Y=nNhp)Sr?u6A`meT>hD#>957NpAZ}3&v0|1Ha2~!3=+WA zGi1L0uRD$Brlb1NValo{t_$Ud%INsGZ%Ng0SinWqYh;u%8^0@2>zCLlzvf8<=DPBe z6bQe<+G&|au^2^kh>5&9QR_8Sr}CE5pz>BMk#?HbycLV2eFyA?4sQiT5nuC&0os6> z7-jNK09^>6=XLZA!!W)(egsA~4L*!Ki@uednm#1{6gaE}q0`B6Qh6j*dD%haMz-mS z0T{SPz#OlP@Vkv`BM~77f;V4p+YS`oh?}^%A6Jw~OkF&{7qOJ~b4b?i{-N=`|EFxeZE-euSKQhsw~1 zPS~M!ctNU%E|b$EKL4DLl0Zg6uBlrN#eA}3;@pO+QFbR+erispYlh;YlXQu}WN<>) z%U)A(c(A^sTH1<<-%|sd&|&-IoCI8R{Ulh3c5j5p>PpI}@J4kFe{-NVvUdz&UQ4nI z>H96y4*A$*Zza*K;3(1g8*Uw>^)jDF>p==m@RUK|0=>0`-!e#B(EZCIy4gki)aM0F zOk^7=_$LU{v)2|n=JH+gXE)e`DPrFlQmo%#7hinFha_nu*px?jQ4(g3&-kh&EuA?Z z;jbrY$?TPfc|(#mIrb1_;R>tiAF>Z~>NRY0?2wJCJkN8k(#H2Dvg6$mg@2r2V#$qJ z%C2V&C3%JYo%y3zX)`*Q@I{Qcju!sYRoZ;MXs{OB2|X^jhZfIr;wc}j4OC9fu+wXU zwK#_iMXX0PS<#A?WEW;Y8$fOOk5m<&>LWRL6>F_S?od@YW^6{k8;KbT^HgS`9SQ(t zym%RJmCYB~5|4KrruB(!4{skHZ@|k*rg(#|GoFjH;)yuSK2wHiL)<6PrLkP5%U)8t z4wIp!6vzLD;z);n8lL_+ns~jD>LLo5qi`;Vg3}RZ{W3gDs-LAH@$m2c+mXM6P&APL z-M{ybApfz5AE%$E0M~~DxNOjAt2dKdP9rxDS5-T3xOOe7cG++(t?SWz$s&i6Vp^8S z=HEYD>j&?%Y=DWB6T&c{+8VlZ~&g>5!#6EOG2^! zWtOpu$2)vu&|4-aYuy>{mCa4Yc5xBkoUG9y8uZd`OCUVZxi>A(x$ir|Dp>Yjl~eS?0TCVM=+EgDRtvb- zXy@0a$YCf?bv-Fs%$VEks%}7r&J}m?&lLU~BQBQXZXY#V)C5$qVR^DY&j@u{X)}fM zAf#5T{CJ8MJ1{;JRnL?Zz-asWBC9F^8FT95qMe+bbHV_1d2ik4n5 zGI=AgN^I%8a*6jx5)+=H_=+)db^p*9bn&8tympK>ZsI{%bXxxQ*Oy9~JDXbr1^o)s!+W!s?56!eyspcWN0>kApQeo;&ECZcVV+k_h~vzmHY1x#%T z7)1eNRlwJ5_<$b&xM9$_ovQWg71|aRPeS9FGVS#ds&KNx?@iUlSgFDxigU<6%?SCb z+h+2*RBeKErI{ddM7^_6yq(5vX>#v3Cryh(?{uYUw}&>|cmWrkv-^UDN>H6-mXC_a zt3zEuHJ4o^pec}oZ`Em>l^yq+#(_q`3A?|Nz0EWREH>zbDDjk|Y<1(TH_wyw-~~yv&=%YlGvd@aP>V zsW1Dax18FkzKc$j7*AXOc9~C3SM$okbS($GF1 zx59mw@I*3ZHr(?LE{(#{yS{>Yr*(or0aqsI_QBA{8{8>Z{F(3aPt&y&Y(ASwr8;r~ zefT9+pYy&MT0G9MCTD1add))0xSZk7j>3ud4rEeE2ZFnFl6x|=Ec0>Dn*#Cpul(H% zZ43*1%p)df@#bC9b@H!#*aRW=*10}#$XcwEuA@@>D9`_$2*Gd9ZSwUn7bCvF^ zXv<4l#J5e5RI+-4Hla7okd<;*s6t-JL5fvOr*RXt>F6kHCTe~A6n{YMEmLg;$wnC= zj|XER`eR7+D8#1vR7E5XR4XqBA?f%3&c$otmTZ~VhFfw!KK_5P3>VDjn@% zpCQ3HF7$YwYq-7{RT^F+f}I(vq)h#(7I*Nkk!cjSK3QHH2s0nTVb!yYV1jhW#98oLI$G_3cR=f>7|b{b!bYfIJ-zK&R>byKUf$&+z9 zyofKFtPQ=zfuQZ25-KihejoR}W6n7Q4$J`GfU;fmkaC5QsvLwbkKFtGAhfuJ{ADybj zCbSkBzJv`zf7Iy}wtX-2kEUu9W5Ei+-U8RzkrX5yu?h@705vR2>w$XD&eBFi?$~0m ziVtSv6-O<}onLJ9X9r2jCb**%Jxkmt1qRVaR=1ZDWwe3(!o66HHz`Cd_d$f7@ra_B2P zL`9ahBzmiKsi?o4oPS^xq)RDH(I4*O8T?@yG9D18)A6V}y=sZVza$$xN>)?bI`A|s zYQ2Xe^&(|&1w#Ub>y?g5pu25bF&WzM0UJb7t+2_JTujQ*g$u-Aky^Mss!pkHAdZ}X z8u1)-o2Uao&KcUC=xK133lfKwm4q57nGitt!%#OvKr*n1CO}tvPoRh_RL2+l$U3fV zN5OEHqP2Q};anOJN=)hx`1ITq&?QuM@(<`??t|vQ7+?y=LI7xHhC^$i@sLT%VOq#L ze4`5erg`4kCH{;zJymBw^O&n!aF6V2(~*#Gb_rS=x00&KiKH;_?~i*}w+=!FBjvX{ z>C{3Dk{2Ga_ORUN-i{#R;&}M4@Mo7|@h-8|q7uXQPhpn_AQ8*2gB;${>+#yjVwAxl ztW<)7=K8JrO8IS2-zgVDSe!DZsjfn12MG}~CA0!PPR;Zsw2q3~k+`ohbg7#1;1EmU z1jHCgCHe-cF5H-xyGd*PldewscA45w-(L>aKM;ziACzvN!431W=UDI@F1iPO`_U5= z|K=|$y#wn%n2V!Ql;KsFZ_Rb94{{(6Y9%y5{!Mk+zoA}Er6OyG)?73!T5q^>>TB;> z4c6N1W^}Y>yKnz~5jB8zbYwjjw_n)QSH9jf2_(yqNv$kL)jN`uBv3E>Wq+du-RAZE z!erTf+;gd?dv&aTN)Slzc2xBQvWI@TyrAUG8!Bi2R{yYRQDt^>{ezStbkgu3OhcAv zuMidPGUUIeVKaI|n?93m##q7K;gV8=;A)4@JKR6RZGff9G!pL=NuHtJfP4%&047Y2*;ti?(Au<f8x;q(_ zUTb-Dzi+>sm=GRMK7hpu)rCk0Sqeep7C{Mzk>Q0OB)3xkk3Qy0e?$Y*xyzXlAtzbfqNm<_q+vaYftt7sDMGbhA0{86Z;*oKz*s= z6L><$KZZ44|HAbu&*j0EvRhHLzKWrk%`n4Y+{B>cKaKX$kKaWvk!*xj#6V{1@cIk4oYC=7ljL`(XM)5P^V(^SgaTBc@2zN}6w2bh;qd?p)QDc<>yjHYZp_q0BUfdH$ndqLl zzCKvM#*-yi|+lYOOYx?bWTh^_o4z7-B2V0!Z^;wxa81uSD~40K<+u9rAMp`_*`dv^H2LI(+1~N4t<}@ ztM^MPXcRgeWzvG$fp`wxhCl_PgN%@*BD{bIzYD$8BnHXgqh;_@ zQ2*uj9L#j+xhl#%GD<@zbD1%+for8UkvNsHSu*02i0IIrDpHQh7&Yh57&)OU5w33f zIvI93!lF~2y9n-_FVfQ#VJS6Wmhv>kSxTQXqW(QiPD>fxnDkAv;p`Q(;A*>w113)m z9WOuR`A?+w=KdxP4LO0Dd({x%wKhla_9*e2?1qh)92$_69yLMsu3A$vsJGEZ)s-M| zVs0Ruhp40f9;f?Cq*n243)03vAbp`*D^i<6>ijdLSK_pZ*)2G&$m10mb&I)ekfN3; zrwRWXX`C>&AhrD-sc6>*XAGShx*(Q>8lZl7WetG-sN7oo*CC9m+8FTY6l(ZE{~KwPFt;F;^?3!- zC?E~vMA0duA5agyve+#db%%OWjMybRKNVTl=M_i;U0RW%;Vq>}=)$Oh|Bl$=Z%1n} z*;8#|P77{XorD|OKd3t0Hn6Nk3jFQ*b~#{XLZt?(nVjRKGpXJSQPM8CH1LifoFt>~ z50ou}X$rJJmG#_J|GliCqFTk<2&7u~w3|Bl8HG@doMYB2%1RZu@qZ(=iDfNF&;9}D z-EDA&8fCJ=iT3~RLp(qlCWyORkV>*~MUAd*gELX#%nsvp|M$`-ih(Ui&;OzHgWDiYQb>OQd+5LQ^HAF- ziT4pmmA;v9y06ITN1alV?oM`daH$zzha2fyoU6G&Tnk-O*w7|op_7h<&bkqpgId=`SU2-yBcKZ(b5f*a zKwxiem_XBtJK7oL5zN&q5Ev^TJE@VzFeCh&y>gvha-ETZMz9mGYCNez99PC6X@r-M zSn%c3rEofNkMec&&NTZ?tFSOJXmy^I2TaUA`hc(0y_eWYy1}S{s+q1p^S8(rG!Idz)wXu15?69vjtOMWP*=KFN4~c%gC4xn zy(C_^euX?!MN`)0V5$aJTi(L0C1Im0o#@Isq}M|g3~#Dn$u4w59*Ovcv}pg^DY^6t z^am%{$yiMuP zI3V2TP$5d>p7ckM)UXk2M*}*WrSv|`jJeK^;u_H7+H8xlzP%W)tkgSv(`dp3t9tbS zsw8l#o5gL)>YZkWz$BjH7R`w?p)fex^@MS>U3%=_R3e)^;|=Ay*jn5dhc7a&)l-Eh z29X2E)>a*-N_I}t6H0I~$P!#`7B9&_=yiDhIt%#fV+*kDv69z)Dn7jMn7B;pgiOlp z(_Z`K8dmc9FH>1bN#Gm8sfujLdYcw*6@H8&@CwA8xF>ZOgU!&pz7JUpT77qE_NwnJ zO-p@*G<#qG6em!kJ&~xdT(116Bf89Kh5&5rQc*?&iDKui`; z(zpN%b?mgMQ6b2WAbWQp-(~I^OE#nxfxQ=MPxfM0FK9NCWxC;CszZQZ9PSV(48=Wx z;ZJDO%4guyQo0EtAp0FkS-c=|QO)J1md`;YIMbkqr!}JQ9ZU8hiOP+p%cm^phE!^? zMyUP4FbhB^Bb=n33m+)guap7)hCC@;GPAx92-k6yt+JZyfHz+c$dK7G_h@4s2^*Zt zgx*h8jF{SAb|O5k+YkLu4PE(`32D-x&~`BuVHL$G^&__4C{g|-b7wA&q6)h#gJ5IW z4i;ZI#RGMqqFB?YD77*$-q2K4pc`%gmveZ|x$OY4i&Ipd`DVy6+3TiZfq-mDIi+GIvWCm%0g551*%s$OZaL@D4AO_kR+*FC;Plp1~p%i zViV>yhqylE140$9Xh?geEQRtrz{?oWLtv%@rUI@3glEDKrCiexg(TZBh%jlnK{_42 zSddDupI&tZx%56NIkBVni*yu(&Ne&B(wQ*1SxVaj1r&-zi3I5gHY0OIdvnmu!pBM1 z!h;Hg8Sr;LV?sVS+`xnhqi7mi}PKXRjo|`r0XiAM6-1@!g2uoB zp0h5>Z>saUntkz5|0upj0$vkIXMuS8 z1nR`qTqyq1Lx!W{Wt`mnguNw+|3sC!FE|tQ#WHO0134B|%^^D&i0VAGWG|6WDCH^H zOLyZ8u6XdLp}4hnCjq|cn z#BI|n!6x_3kHLY3d{WGtT_OU#foEok-?Z#?tZCf-sQp+iKHC8zDc@L+j zSn%SR3-MQltYi|D_sAsB{>n*f6k`?s&iYU=cnd_KtOt4tHeA}tRF5dE;#8NQdSsd0 zEsq`iuFVgDR)-th=PL0>y+zH9cGr%f&1aT`8+@(I0wxv9{o8?*8Ut;;PGwA>jwE+Pkv9bTnjGS|ByXk# z5XFUfDs>qjV*xZz#!ci?76Sqg$%LZXD&$Q3wJPWeXC1~&DvG8*X}3iCz&*EAQJY29I$RcZ20qg7Au)cKI( z(uZRE4i#j_BsIsnI|ap`hpm)dx*t^T{&FH8y1|`^j!SQ2bWt^J7l~*>2nOf~tpZuH zu%uloBUd7_BnZmKjt3KbxNJi_>=!=A;z1&{>m@Sqy#E#$ENpi;v>U@_gA6`QW-K@L zF`8qX!;mN1_eIhag5@Y_h>xXw&XE(DDYP(@OH!1Lh*T(b3N%RtvWq!p*_Y7VedHdr zv;K@sEI}Pj?d|VI<(zv8JtUm>Bhr5x{C(w1Ff!2-L0d{`wW6PSjb!ShvmoS#94TGQ zW3bnD+Jd_&tbSTXJ}6JOutv9v=erYzaBc$yNDWg0F5E-TiX;p_aLWMDY->gXPHconB6j)5fUf1 z6zHueS*UW`U{=MOBO_KIA~nr>GBCEIQKDGYw>Nw{_v(@=xnyt-lnKY$?SjkDCUg#o zJ2n(bzxqCtxiQLF^nb8{gA5$+QTNwj;f42iEfqe5!Uj12ail=y7|DQI zuZ*qA*shFy$~dBo)5>U2Mzb_%0h}q(+Lotc#bL(I9+*!PX0zg0#kiH3pp4PV$W_KH zWh|1$FvJ=SNC!*-Ob6Hjg@6TszXB=%6o&ln18fA4ABA}mum$iO;AMcp$U5NXra!2V ziHJ1A(jJ5eglA1dGFA|6sjCfw2i~%iRMXiBUjK1eXn{r}qccs*25;F3xY74z)So9H z*&3G8AMl|j4{*eOHCoC(gG1q(%fv)*+ngP-{&e-OCO%(%ZZ+}w>L>eZ6{jyH*LhX0 zGv1+}fivhSk>?+hF)U^3{#B>Zed@ba69=$9s+u@}_3f&O1GxXP*>hQQb%Bg;r+h(c zK#V}&q55`mdE}F&uvFo8B2<80mI|}Y_WVL!P%>qwQ3|=Z!CXLzy-LNxNL4;Kc6NwP zhorc)E9RQut5hSuoa%MTb07k8SwGcLr_Kspq*x#pf-A;5tuw~DJr`|YbLvO}`=X1{ zu&)f+yTe`?viAsVhVAud@Q1e()nq4Ux&*oED@?h7=^50~;L|+sLK3FQpM5rTho>&P z5$@1R<#nAGN%52q8u*+_v#K??t6>Ub2Vdvx0KSB3-g)~y(lD+<+Kz_8C7xcPLr4gN0?Y`P9*Q+@CIL) zxNGjx9SGwQ?OZpe&u(-T`DdQRf$SaK<$Xn8M7q&s^VFI=`%Q4Y^Lx*wW=rX_h_E(d zywNqnbLlrr>BIDyV;n!(=<4ISbXi?mSewJfPiC%8o=ZXJ%C$M#_{o~nnSu)e&0tVx zBLC^xXDsWcV#`1`46v0#&UYefC?SgD$`9_`0<^g3r`zO`j|th)TYxRW<5gpj6k@Z>#9+IhWZL@Pe->R9W9aO0jXO#>T{&aqqWpLF>+!K zrGyr#%QlmYobZ6-Ay;s8HRA%%LRz$wL#&3gnu{twhoc>Cz9ylEUGMr1B7c>{=EcQ{ zIdH|?M~JXC!=~A7DSd&w#7pwT!BpsJigL{mkKikm)QTDU8FUaV80GRUUtCLm=nGNc zn`0z7aZ_W3ii{3m7F%ft31zKx?J>eo-~tWf*DN2?c8 zdabjM&()+KM3p$iy0>UkY?f7mDkVkl*gTjKAf+bd{WTYrgyP$jmm1e%NKD1(XJy0! z6%ldv%9-RE#SzLEuRj!O99Q4qPB*nPvaKh8FgrwiIFeOG>Oo$*^m;1ng-fE))$eSd zFJ{Wa4^xZU0l5N|!xAjcTzJ|=GX7~e&{b?Kl8thy3Rw-TJ2B*ft^$PIi!gG?D&ds^ zVWvp4A$*en8ERjL^mj3IF4h~brHya!4!n^y2}AV%Y46M9s;c^aH=LuQVxl>anjK3L z=RMB@4mcDl3Qma%0t$*ia8NAsP~wOdnRU#pOs&kU$V|-4C{4|L3d_{WjLeMEd~kTo zjN*RRItNAHo_nAB{&7F|kCzYMwa=c`{F~R_J7KTeW~z_2AcK!3QyP}Jt*oGv=81lK zTmMS~UEQ(%y>g(dD>nZMY&yi!Jtwe9i*?!A0mXOUAWR7qO4qJ8e9c1r%6cMHZ#dpH zaJ}c|Tx_{08V506Q0lJP2AE-Zr2&p3Z+J0qihMQ(c@p>6 zf?v=M<6^;dtOPGPF#nu8uPs@`TG9k8EMopX%EHbO7WP-I&ucAhqT`l#am)O_{`B@) zI+*aUmJ2q~1AlpMUpkoZua*m*rU&Z0;Y$Y-9@cWfVjKv5g5nJ6$K}In@WqSTk@0)o zE~a`iG<4br1<6K1O#v|~NKIPZSPNgE8eW;yqM#e8LC-)93h+9jzr39TrGtC^Rp)IL zDB0T-rIMjK(m zeOuGrFam?OP%iQt4LLzj6*PgQAakS0+DVr97sP|#jE{pX_P{>@@+6OkRY!jCSKSL0 zI1h4n?cLjmTpHrqmsv4$_}+e#CpFSoh6(K8r+?-kEQ=&pUpvGw>&gBH6%8M&n18lS zK)RL~0p5YHUzL=PTR`aqYYeVGw?w~UQA`#ol?)z&nSc9bCc=xCfs(gpy+!!O*dZ8} z`5$&&GWyDyrpp&4Er8$!$(JlDgwTEm_hGNr_+XY=@;u3ZdmN6GJXEthVch(=k$5*j zdu?uH_(P3K^yOk?zxfq$^FNF;hSlbsEJ2OXJrl!>{RPdz-l52%m(MhvaX!u!sA+6C z-q(PK`8Hgxly2xVaGq#GQDODfno2{Wo^VsL@X+k{<^T(uI8WW;!u%!6_&H zJouBkx`5?=u*iB3W59UBtEb@L-bQrq+6{P4W5)Gs$t}1as%F^yU8KtxEG8dBD&7bc zFBpmS$=WW`xwE<@2;T%`4Wdi9&;|D;?`BK}A!zsf-EjuJEboU2fz#KYqYF%9dJk#d znCf9D9`|5PqW|eZuD_HW-E2?YEKl{M zYeypMW_PWd)wMdVvA^|T*PZ6D@SuBl=*Y2qi}w|xt3&n`@55&R$m&d{des5&ry2|e z9=pB;Ppc}`m!G6V1GVId(m&f8B-V+QR-GMLx^Xx`krZA zKYC#}Q73M%{+v+MLb8W^_qn%|(HU&)BKOVx3a>9Fm(|b3ee^nV#Xg!b`4xCE849FJ z*=c}y?B3YsAtgRzA32Yw>5r2RF9@5AZ>*8Y8z6}eqz~E#sM-gHgQJA1E4reJgrxCK z3(_MXWE1O9x%wgBm|}#ZfJzHkxN4OZ_e!UA(t~df)fCndV*{mAl(2(hWwnqKR8Q* z1PHydKMa2iKG;S5+wKVK#>a!<{UndHEuo{cgboIYYhANo8WM0LguHNu%%bUW*D`|C zy&)sg-X)YO$y$Piq~FP4(JX@%3OooX$5(GgP0^7-1{EKC@~(OT7NC?gCWJ&Dz`H(I zd?3wWPQgz2`Bi+6@_L65mQymiP05F2mgj~L@xC-HhJFrfZ~Un1PyaMQCU6vz8sT~> zLa4uSI6iqCc=QsE$e!oP7qs@q6TKwx)xs-y&J3XhsELC+Qdbai%orFDau6dP;#-My z{RXcsR>H!_CDxO!k(|6UIF?m zDG5+fSjp%}3>92nlb5u)g}x4ko`H{dbY%UZKsTU86Mz0`@3mf``(v;765W3p3$KH{ zhJE4>AWR8@dpIr(^gHH8e4w-8%MWrp7^4ApM;anj>?q_Vws*20Wx)So*s`|-O zKPt4q+4WPBN(H*Ohp>-t3Ysn-Yz6$oSO<%~#A}1-8&?8s)Z4Y^MQ@X$xt;5p72Gy| zudhQ!8m?LH?uEFinrq z^f*ncXnKmK)igaz(;AvyqUjZy*3y*mLEEj1a?>=7rr|V=plKVLM$)tsO+7U2O4DeX z_M$0EQ<0`BO--7{&~zY8htM>RrtvgQB)+M-sBv^BiKfXkO`~ZBO|xj4OH(gR3u!u+ zrbRR@rs-muE~9BFO*hk4Zlvi3ny#hk8k(*u!<%*MqE^zKQkpKK>B>NM^mj2$y>ysz zX_`gT44S6VG?}JJG#y9NM4HCaG>)c2XgZLlF*G%i`s$)ox+Bt*rD-pkM$@z_O+7U2 zMAJx`wxMYRO~Yv#MpHLU8JgB&y4OWrq3I=>*3k4UO{+=ji#kPjs%UzgrpIV{7^%@B z5%f?HdU5y913@eY>!LDn6x3PQ)wt~!&%ax8L)89yFh3kazm zi6i4Pn!1^a>QUq;eGTlxXS>27IK6%Kgb1)FqTWpp9siH+>-SH=8_8PiA!*wRlHR_P zq|$bhT3eA$UDmdWZdx3so7>CirqO1)iP}gvy*FU9=CMY{uqlaU)*qx>_xeg~;ka0T zoa`?+4g%fRC^8j0ArLk%khAL#Ls#9`Xg^X?<$a9~;ujG_`x+e!{+jL{H=}~tS9Bcv zL@x;Jm(YG%64&So_CKg%N?MFVzmffnq8PV-=MdMOzC^f7NL%6P_rPiSe)#Tj-QlXhj~B?1D*V`ck1O`pwYUYhMs37)YRl~2 zOh323^S!PQn*S3A3ZlR29f1SC-0NcN%OciFgR&YmD9ea*X|7|)d3Kyjr$uaya~UpD zjSJ)yDZS4ym&a2|3mx~tZj=}m)-O->SA=ocs!<5 z*H#2EtY^|OgK9DPp^!HcDq<$>o_{w}T?&z&@yd&E^}U5k?Q?fM@}hrxyz7p()#OS% z2u{8=ION?+*jrzn=06+n>aASCPAD|qZtH{dn#=nOo;#w~jwMfcllm=j)g1|BQX-K|$X;!l-#^mT=Z+c--*{*f zv>hb7Kz&GwOROtt{!=6I61q!i{&u5Wos&rIriV`UHbwo;qGo5LjDcjqyNYCABXX9I zOm!DDcl>y$DNkgGoOsyvQ}*a-$r4Oee#g?k^qXY8yuO>l&dq zUK`~SokEO2^)?JJ`joW%l<>`xiM3EDmsrWks32m>khz*gI<#f+VU%rL@iv-Y7h0gc z&<3OCNpMYbksnJFTz%<}oe8dCJ#j0Rm(=YBQ_ICb)Xp-M~1{G9NE?ZRY<~Lj;853(5_#b)9!4b(wAZ!WK=M43K0T}&A5vt-&rh$dpBSBw z;KJZsz|X4Xu~qRjU;y(=63hIaF|NpPI)w_V>W*NZ`Uj424Tc+W*%(&`9-VP!>hjo2 z(11K-g5fzV_z$qmyKPtOa^y#J;0JwkVcTA1{$pdHz2Lsz4lSYFj=F)!TfVWdAf%x6 zd<$I;*ABirhI)6x%^1FkABN+hwp|%G^FB$=G^c)xP<)pRFYEg)@BHLR@E7jNCFe=< zcjqx)%jme2ZgCkA8D}x-)z4u(uD`$|phX6T3Ns#mB?G%gEXnE`u^i}Gg%ww1)GEfh zhFS-o#MC50t{N*Qpy5Xn9=DR_zlx@7X}Xc7n`x?|EzsETyL{w0*YptI)!}aD7oZZ@ z1(X46ft5gbf}6R3=X8z(dx6cs8ekca3nT#xaosE+4M+lFfM}ot;0CS^b2F!agTU*+ zQ@}hR8<;fAO@i7C^Hfu&2w!9@$_{6WJ`H1vJ`Z7vz5t%a?@DYZwqlB^UJCH$Si@0N49o{cs+i$$%dsyr>XAerm!L zJr8t50bd|vSWHDrkty8TMaxjB9?0}IAQI?`4DSy`#=tII`x~$kztgdO7~4`{Iq*2} zDBwdr1F-E6$iPb|$AfKWV37|Qz6kt)g028300bV3D$pCGXAZ`@nIphS;4E+%U`AqS zfDS+!hUiXgdjKL(hVw50Yk(ENVxS1{0vW(0Un7>V&;fgjJ2 znghFlgTOK1G;j{M0yM@%YXfu!`UBBuH4m7;Kp-AS0`{QtI{@8~PqYm4p$AOVWb0Eo;LAy{8z0DwU$Kz%bwu08_mP9?c@G^C*HkSp=1;i1B|r!Ij^<1Bf9UV1~K< z6Ovr9;rpL+MI2g>&^P|dHzv8l!o$g1>Bw$X5fkymq0nCC)fukRkjSJD@jZuCOhn}h zCc=X)xy0jVA|CG&d0YKHImRIOcx(m@jf-XcA53@s)@Si| zUtP%-f26SgAfFEOW^zM)Mx;WFhhd`1Q%YPHUH+`cTq?bYyp@q$7_lxmK-G`A!rgHL z`^A^nJm$&@>5}vWK0pIx07>LR;D%%64?XVsqtVo3HLi%`KoxKbs0PjgHGp~^uRj1{ zfPugeAP$HJ5`l3*5|9j}0he%3E#SuQ2%rfjI^`gA1}bscc~4*!8JPYm2tGd{4*#eV$g(1^8TLL;j1c|rnGZSof%{QX{l&_m_xLgp-e2zkYPxL{tKN~t_w~gQq0X~ZzEX*I*T+gz)r|Eq5S)Gu6sku2X1hk zx-DXJM<~enV>h668$*Nab{CvN8*g(*lmXj;oj@gU45$Lm0+)bVz}>+e5e~EgIssjQ zUVsRgz_QaIC~U_8X+Rb*7gz?Y0yY9$fjz)M;22QV0gu>L8N`@4e(4pe+a`MQr>Cz>XbPd8ivGO)s6JCGZR zj3E2hf~iG9*l$P1)nJ+IDV)2AeP9SCb14v63w{F(0fm(YrBo7L5f51yQ(pU-%iY*l zhA%OZH}#Si;%>+93IOktjo6RvID84G65C?{dChDUw$(rla0wu9rme-+jfL~!0I7Of zW-1gY$aQaSKG{yo$<0X5gWJFxIFLCrg`UVtOUcFQu1s!Du0XEL^X8KSO#aL%1oYfJ()9e zv(jfG|MavQu17Wg_WJyS+}xZzay7a8+MefnN!_CIyLqPiZY&FVH)vIUy4RDNmpO|x zg*F4#)IIb@TG=Sto!7IhuYALMZYaJ%LxUCf-B7@d7vHegpys518Who>!l`-bq^>F1 z9w=I#d~aSss<$979gT`_(2TU4bTZgp&&(9BFEzvC&A{L_7`5DjDOs7Rq{XUrr+1Va%=FIe*0y^FE)3ef3y?t|Yva&om!A9kz&PewL??y&s zIxvHWB{EU0nASUri1`F#`e|A|pL3D~D77`#!=l=u8WqoSK=PnUB$664LW#q0-kb4({Vv=2SW{ z1Lv<@KPvtHf^_umfLLnr)E7o~hmaC6_2?C(;NUe0={{NrA@20T)QptuY3cPh-gpc* zc!EU_s;?n38l61@Tr->4G@iiip43djntOTZv6L*(Rq!`*Ps`6pnUP+9E;rYc=1cLW zV4q$b%#7@kv6;mOw*s~(U>4Vh4Q{#MmS>`)3JC*c2th^Vlb(-C>#jFrMqmmNs+ygW z@0n7NndSA&&h%!0tUNU5dXC8W=mbj5DacC8?gr)^WFQz&u-ZZ|8O-1$ymk%Yim54C zSyNI{XHc;apoqUc@4>V$AZ(jnI6C_p`ykZ-6U*^=b5e7%NZ00P=1_&WUtC<5*m1;e z4Q@m>_(PJrqzoU8({Urlb{RE5gxp90M^1x)@_LEb3Us|ED>FY>andtjGvJrkE@{B$ z$awmu&hcdBKv<#le7%{+GoT;g=cL_qCpX2L5$J^fLq-kr=|#IQGrNGw((F02Q|4eu z@(WT^)ARGE7G!13A@!k@=c^Z$fyvddF3i8J42UYws;r!pG*ZTZQE^m01ZsLiLFAI_ z=P5ZN-%)YFR{Fru>RXmMEgSPS%`*kn%Lljd7G4|Yo9DpI^TZQPW_MP4_b#N%$MzdF zeCY7Ox+ge3P!KSmre;oqEJDjE$x+^vneBsSLp$FSoiKc8cMl;X%scQu3<#|)ouEi2 zqsxGNaw3>9Z7!KedFj0aic9_Zq1ObFPG%atcWPS0+sLHF2>7lmE0~SYW@cW?^aha_ zIM*x410XU}yi{%u=ojG1P@hKJ+ozr%)X(m~<=#r>>Ju1tW<_Xj! z=h~@2OF+tf$s|N~M&(CG<%7y0%?jZ{!@MB(22Mt&=4E=(g<0f$@F4gABnP=JaK9&k zj4V+E0ykaT#WlVGAP91C@7}#VB zOkjsra7=)paU!e06U`PzWfcZw0e&#SljMFM*m@>J+wg*!Q)oU}X$>wXEhcTjg*RVE zd*+6Nw8huk>gks?EeD;GK}Qr~yS@{ypFqAoPXc6`*OLalDcFkZ2WY{ug}IrSw%0Fc zaDY@SKA(QDqYCN2zpx=m1dE5Rm^!1L zwFPr+N-4fUM_kL1UYs)na+!==fazSPvROW=&Y%+c1zA*R;lix6?r7bAx%BU^{2N)* z2ZQi$@6VY*P6v7mmdWs?IK_am{P z<6YYNR~>al-jc8`;4|%vEx*pc>!_<;|_oF_H@c+m%mWIJY{ zn<1VeBZ#p6h#LV_1KbR=2&@7~ew<-y7Q+j+1Uv_*0+^-v4OEdW9%3weCX|U;!7!x+ zuVWvGc?0+T62esA^GTi-c==HgF02G{mtk8L!X&?muo+MWR01)0E+h9J*ay~rifSQn zm<;3srH4Y8cmx!4591tA2^2jKpZS*|3=1%La-$R|1FC?Sx3C`{iXc@eQv@(;eWA?S zgixjmC|w=Olo6n|Rd~cRd9;g}f}ZdKi-D(sSAiYC0pK`r2KWPL7VBm@0)2pfz%bxG zAOk1>e84hb6|fn25BMCYA}7uPe*nz}xtU0y4-f++0BOJ+0Bh@+HNe{dS!MbaZ~+J# zj1V8t7jS^#z(imM@F1`hcoujKcpvxz_!0OWXfnjjG;fEbE5HqLm)CveN_YE8<1os> zza9u)RlMb5;u;*2acnM*B@VrQU4I+#JMH=?G^X%v2q!>a<%$>th(PH}2o7OOm_!@mppI_B)W9#kl7vSa{3XMQ{dku) z<%z%GQ@pKm!E3Lv6-Xp+`HHiybB%nN>>~COo5xjg9r%&_T4A-gLHtv^MT(SIDM?x? zZIUFphmx;6q%2pCE2ovqilPoy-%&qSJ7^W!15F~%FS48O6_IB2-cXfxSdY;H0? zGONtntZr6+Ynt_lwaMyhPq&ZT7wo$nRFTEQR@iK3_xaf0SU* zJuJhDvnE>Emd|>_I&Ph^ez)T6cstP^XD8XocACAwUS%gc%N-IgJcyc4VawU$>}j?& z*OSZPin&L*GHy3_nEQrf`0l*HC-U3)y?kF`ts;aGe)n)2Bb(eZv z9jbY?P1@VqPL0vS_0{^T`gXlWH;wsd)elAsvyB;L_A^(TZLmA)HTgGrtMY?#mpVz!RUcL#Q`f4mt8=v?tyo*EEz{O%TebfBRQ+N7 z6Mc*^)!1r$Yw=MI ztTv7sy!j9Fce968VMW>Z+4JmY?Opa^`?P)54soKKQ7GwA=aBP_!{lPU3K`GFY2~dJjELpXk$5 z_4)b|%+Ou>QT>X3w^3&7Grlu^Gg_M6%oOuWv&L+0b+=-zDb_q|JSO7?d!xPCF0;3S zlq_eYli~QBRn8mE5r-*)K8VKjWaqOR*$TD=Cg%Wd0+-K~a4&M7b3b!Y{8Zk{FXCT9 zU+(2yLOa3NQ|Kp*7czy}!UCa8*dtU5v0|zCzIa4Djh3~QI%3AE(gQ&_qb%DBG{XqRjZ3mJ|*B>@Yj8(>~#yiGg~8jJ49PI=G42$1nd`-W&1VWNMMw0DFNiOREu;^n3-T7_E5$;W&rv^DFRPujm$d`h z1pR)@iy1}zlo+w^c_fRO{XvjzP!&wRq#Y8|nzSa;i|e@1h67hjQGY@f7$x0^W~ zF+Ycsij*-7*6cB3+0E=(wwAq%Q@C7=S=qC0Sb@3i> z%4fxOVue^L9hGj8SIFnUQ<9Z5u&j}a_kJ&;6`u{bNexQdh;vz*ZEKR3gM~{Em~rK@guQNDv_R* zHc0PDN%8}7k-SkpD4&-5qtJ(yawT2usX5wx;0TN^=(au{LvdN}gjsRH90{q=++J?i z*uU964`yFeRUjxzIYb^w;9BMxZzJI_LooAeV4pYT2%TT$6 z?3WN(+qilBSNtbJnAlz9#HYmP#COH7#W$tnQWLqYY{{eL3^`UAp(KF|j8Gp`zfdo# zAzHLHT3f2Ufx>^%6uqB5T%U#s>YJy(uKU3z-!V>rcUfkV`I7m*iPv*mNf4h0tV`CN z_9*+5-O?#`mOABRe$+6`aco+%k?h+LL+vp)_HolNBZ~Rw_&51qct-FDQNmdC%?{yx z;izz4xJ#TP{!{EIB}#8e-%I17;m+u1d7hOJNmJQ592(Q3fhQlsF|`NmPDT!qhueQ=Osu)HNWx4w|YxsFiA8YiBi0 zU!zAGy$se64b?D>7-OK3W;|isVGcHP&CO=5#n^5;%nrBvKV_e@?{;)2#@X$BPFe?x zdo$9`?ET4wn5vdZPv;lmbRnoE3`e@e(j)EsU6miX{Rwc8-XGQfEL~{zXrcG z?Q+PAy>=RSYnGGic%4FLu2Y1*KkA%tn1~R{B3fZKW^h@cN-tN)&E<-?Vjs7dTgH`g zE4fwNQSJm6BMcOV2ysHZkSL53l7wU-O~??kgj~TZ6bf^NBB5AVjG;Lp6hg%*5{t#f z;!ooHkR%tRt5PdS+8J^Or3-p`jP z7RNUW{ddB-M0(H@!feIn5c@qF0^VVBqqz0x$IrR1xzpSw&doRHBlxy_C%zkR@&ll- ztiznqgcwxqoG?awQ{09Log@7$cfz1A05N~13|42WPpM|5+d>@+T(pM}Z%8UHQ+7w-{92~P-Hg|CDvff4(N zdEz7Da&eRR5Am27CH0r$CEr46yL3kSQ2t*28Tyn7J!-O&p)6Jyl~?ydb84-P(soec z8?DdK*XbvqF{Buc%}$t-z9^AmM zyr8_K>{mWhjwrQir1lOb;4j)AS|5F$@uIQAXl;7U56oj`6RWQ^%c``OIHk@zWH{pk zJu{J=2YvlpXlq-!LtJ-$2w35xd>QW+?iP9qK1Y~=$yF@845h6?_*(c*aErafA>uqp z$$jFl;;o>Xbcpfyq$e#%z)*q^|#8Lqw133EP6SRywdq#B*X3X}weliF!tIqt6uiG5HPoFS)nkK+OB0;C-q7sy5PYN6WNfTDta-wom(1 zo25Uh|Egcmf74$zY7GIZ++*e~7}LX6q4SY*5b7G$H;MwxL|{|c2iZ5+AK1v* z?jrXmH=a-C=kTleHT+tB1HX~q%pc?{p^1osLHWvYD8kQ(bz-b^KQ!~VB;O&}MlCR^ zYm_fxH^gEb*Q>jsoLy1(>F4!6hGpa%&lve;sksqTtcxYV?3n}GU?0?x7(2nvvLAqc z`IG&ZJq$W>v9lGUe9B=;L#Rs7nd{4q=kigNi@YG%!ct+2a6kx$Dv&PbqOacZiB+N? zupw@PQh1ky=hjBb*-eWyvy=y&U??-=BI)|NO z&T*#-1y(y}of@z)ssyeLVUA(Q7}m{(vEghz33}MBY&1*+lT8LiyurFTmh%-tRawRL z;RQYymgE}P3z<9%qpt_D5gWx?*AegM!vE^*@$e){EvmYZ}-coJkPQE1{Xa z<$UK{c9@zFYBoN?ma={@=O5T#*yga{6ey09xEb8za57Xub#BJz42ZXB1yB@;EvccY#KHH+mX zp7c90&NlF`@>}?K_zHd>%#$y{%~?T#9HFD?+bil0Hn>I||; zlJcZt={c!PIw_r(TFTM#ba@Ay8ewV&RafKGnd+x%KzmHm{D+&mTl;>}ZqZlj7xfm# z1rWAnPBY(zm*EK*Pw!YiTA_AlXbidbeETK)N4r0)^3~1(A|Yc!nQ_=8fS|MZO~U)q z0qL-Gm(mwpr9|DT{;1xkE!UogV_-eJI&Wy@uu3}V9=)rcp?|FxnajzBz5ze>HY3HiLAa+xXjC*tUa#OjNxQ{rVpMkD8%h&LiAkb=I0=R`RAzX+M+6a-5 z$=!rkgwKRpuB&-j;-Xue{$x8}pRdEc(HyZD^`PAWVA&pYo?-wdKrXr2xm zU^rKR5sv{+e}Q@~n!_#i0<@fRVV7`L_yhFT3geq8&KB2Tge%3L#ac|oj&QXNlU{%= zcue|MnySoFK2jQ~5%3Tc!&o_?w$v1@KU9qpxGoNAhcsVnJsoZTTyJaKXFOtj1TEHr znY_#V*t`|`MghpP8V;pg*n}K)w;)W03O>S~<~iYEp}A;^gCPb_h+CzDa^-dN>OZiq zh^qR!Px(%H2KvNF7>c8`3jI6%lzs+k&?q=m+~!2{VQ8nD%`$VVx!pWqT2>~M>G!PD zFx!{g+w6{z)1ibPGxxGN>>LQi4PY7D*>|`l{11G02#@>4LQudfVwo5vUxKGJQ-20t zr(>AWF5?!%Fnoj1Zoje4_z*6rPoc*jhdc2X<2>Y89h79^SnO!tX?8bRxDaeJ7QUPW zcym(B3^T`^Wjc_U7)U-HNP5)}z*wnCk1{Hh$CEZoLl%^$+U1JZb%G)mXn- ze_4(EBb&Poo;Xex+so`yNU&A*8hdR6_t*i36xo5!5GT%wcM>5{lAL7cy3zL-l`iX?SDZ4K+`FjO_Ql_6DDWC#s-oj>VQ*zS zuw9^+^krq%Vh6HA*f=(xO@t$JG5Z+1l6?;5>=t&XkKM~w!lQMHJqM;5%7t_7I1e1J zBJ8vwPymxa(7D_L)UmvZTgPpN}q#4J=! zRWM_1JK4t4YaILDSt>p**-z%BZ_ zq|4><*K!*r9aNaC&R3VH&-m0A!5ezQKlGud>LcK&&jxR}q}%Wk%rG8BJmG@T9P=yB zoNGRB?lo)8mUer)r#%pg>J)p1y~utNs{VG2Z8IqPkh#`?Ppx-X#p5wN1+qr}AI2`7V zam}d{w6`=`J_FU@52!h+Vk?`}G1LS9J-GEyJprz*J)omMK}pLD5mjCd!*>!i>x{pd zf~V|ic%o~3_9gp@-3Ct2Wzck)icsQuV?x=MY&PuQwd{EAe(oV|3HLiEfc05IHN4Kz z5M;}xSK-|HU8;jQ(i8mlUO8TVQeG`@lRuRA!St<_+bK(xWAM$ULDu($L!=ODD)G&i zLFV_-C!(L<*T2wx7j@O>4_3U!c-?pl!JA4rCy#;Xe=;t^Wa(_4g;tVhy$I>{3n*>? zjP;3j4y=PPC)|mEWfkdkf;!t31T>Y%xyn%Lv&mu~Vqb*uegFZI@2SebaBhx6Q}%NI z;5zXh%-3kX7ti{5kyqh-h=E_dHKy217+nhy_7Oy{_yM9OUyD5@8_ue65Y@@jN77F) zSrvI1IBOpSM;0iLDfg<6BJOZiZK2(%#cGS-8>!L$rG@GD=qDhVVd0am_ei~~J!ZV-gH`yPxyL#Qg)i2gV-Lbi$U{fEm`=#-S4>C^?wXTa8N}Rs zMg-Be5%VJ&dJDKA*0B>2|lr!bQ%C}IZ z6&U(swIy0JJsJkiWBLdBRTwEf;Of-Ov1Wn!g!v}i6u;8Q&0s4XD$Wa#V&7VSz>A{T zqv5Lf5dQwBAXdI{eupaTqHeElU{F$!L2Uw0x|QqW<1!%zp5iufAHt*93haF|znh-{ zbJhp%O10PlEcOUo{r%u6yefw)cPLYp2cXZDC~qh~AwJVmEm8?nN{4G%H3uU0HrreY z`TT>~-MVT;qB0{u)Q`il!#KSm6Yl{JUGBW*d_c^8hKcdHm_68v&?kJDazC-ZvXSt` zk3pr1V5+_XN5vUEPFNCY$Ic^JL8&{xQ4(5;ZC;2+Qvv7xKh$A7~eunGEcS*d8Fjyn0 zh143ZtD(|J1aDIz-wGh%R!Wzod*xJlrQ8jo?4WuH?(a9XZK!Nh=x=b6`VsveqXw#PBe+0P&1LZN-($_i?0Cy+0taqS=UGH%cca=g`jzbRk)Q+9 z1Cf}qY%0j_JA^}Tg}r1!NtjMt&OwiJ1-A$7AR?<7B9;04a{gubi4R-gcLk0)PUz*fgQt$9S~XX2H$U@G)XE2v+gEuk~=DQDkI_c4Y(5aA@p^J znxn2(n`u1|9>~<5Xb=dP#h;i0?u{jJByvioTo5`8=!z}akgVDE1-t_Z{1r( zE^5RP_S}Q&B4zL>dBAEK6Y3U<00%=9I&(k)=5yAVb`fI#vQ;W#)!HT-Rt5He)M#$veG8jgd`a2xc1(?Ev7 z)F0mI;bNkApO}p3Wfq+Jh45AvW4%Wyf@*7g2xo2-Uk6X#fmZLu5|Gc~?LPsh-7i>= za2bL+R0@-Bk=jTdB#(5r)Qd)|ZJ77>ARaIVn!^++L&}!CAlD*kp|lKs(p50}Hy~d(Ooq`@H`3yo@|JXW5B(4j9&&PQPLVL0$h!M)bXo3UPF2W0yJ zn0KcTFmo#{5D*)LaM&nioH7aeZ59^GJb>`$Vkjtn493gK7DP|pQ}!u`lv4-ysNi z)ou(Iyo7LBCY%fl5d41*Q*Dp)4-nP2&X0tw*1DLD*tBJDXYXXY!Ar_Rm>0t@wgyam z8~ZN158~wn`!6Uz9DFU~xtWkIO<_Ky@zY^I%;M+rkMO6#(0zaM9fiJ#F@GVPg7fhb zyy6k!9by#RJ;TItVm1O+E1;ez-k>j8-C(2Bvi-|_zrQ#~F49;J2 z-yR71E8rvK+Hi!AeUWesGF2|JREDXqNWI!n&x!~ma*JV@-H}08m?;j#ypF>Xkwnbv zwdzJSQ6Hx#!K0G}iNMsjC|mzOYF6x4|HVICt$g)nTD>Wj8;l>4=wU#cSxfbo3J~5w z5Z+p3Udn}ke6G43 z%U&wfJ?ehU?@INsdJNIGD)p3F4F_b6|7rLXTiz6`^?%&d-M4c+&pdc7AW%(}ST|WS x#`wdUx$lmT)WI$3{(q*U;>H*(4914&u!(RhmV&LWp;q28j!E`!Yv;cDzW|NSEf@d* delta 101246 zcma%k349dA68Fp`kPR&C0tw_kNJ35^5RL!=0%Q}ez=l8;aZ{FPe01cv((i9>`{)JFPvtGwprM1y|Bd(OUhiMNo8SAEKf~|c%b(@< z9z1=SJdCHm;Q6_{6VgBWzI*w{{NAtpMGlwD?=N`n=J$`jPviG#_ueH_U4r)S(WGtz z%_c#ZEOrpitvE5=mn>Wnq}a})UJ#1>1mUEXdU!6Ljd(6*!^LRP%x)L^^c24L6YlCL z2n%lb3Cju2=r5e_@Mvt04l#I$XBVX2Ju|=a6S66<iM&PaJu~Eeej)`a);T znwTQD>6+OpsYxRRq#5VUou%YAXS}5v$N34$S94A&>o)?a!BX?Hq11F*-n)dY_79Pk zJ;gl!$))?pYCzuLUB!Mzvqc@@lmv5;d}WEB(K}S#K134SrUtXybQ)Kqxk!C;7}b*G ztg#LB25$ru$^=lE!XjC}loygw$ZFW@+d=7OH3O+iz8(b?2Nj$<&n0Hm06;P6ynFWmgLm(4{Hha=OTsj>y6>38^c{0b zSG_`P)n(LhZ0F8_=|zfNXUXt-t2P6VTECc+gVuL0Qt#(=`zuX~NncyB5&0rAbjrh2 zrAy~HrqK+@T}U8en%or{frV%cCDgS51=Lp5i0qw?$>7GVj%jm<8_H6ncd5Q^oDua1 zElinf*LyQmokmA}oMVJw3oLATcaPJX)hvQu7UT`q3;sspO+Z~<5Yhw?*U3!DY+XRV z%u3?-kQOL^C0Ey)PsNZBgoHq|%7$=Styxx~NPTKFQv;%7d;*oWW4S&H5U?> zARiX*gL-9dCS=UdXw{ota~jkWPl|#&H^}VH4dD{xeNd;)0Y;_CaXQB7wZ$lr8<((R zUCbzIvSW?E;2mNM(OO%iHvQ@K7Pio+tM5{m>)*x<5_8B{##^)0-J{ssy67ID2ZRu6 z-C-SC>^ipjvA|v-JT(Eh;xRwypDGg!Fa*!;2_RM ze-}>$WVAa^Z zfqfDKw*LON}gq}%r zc=rB?O3M7?h9mtN3VsO}id{_HZO*Vae4z5<&9=T(OzXYQO+u7j0q zQr9TZXYCpzoqU*W>>7rb=eqXqQS~q%hjqEsi9!*V+3Q`$beA@9G}T-NrutJCW*H*H zN_Ly!E5oth0a{0_0S6)E`NqM?zco__>F3Qkl~FV26xX48x9NtN^gz0r^#@c5-qgFA z*^9Z0MyFc~g{Nl+9tHQ5Nvywd>S( zo2VwEt0UTI&?w&4EfS=?)@_#L`IYtR-mkL<6mrDJeq-kDq2bT`#zz)PG|Zhxs@hwu z^A`I+nSC$qP-c^(t8E zC^ZYVIQIlFd>OR*v+TJZMdEq(XOHn2_Rp;nRoK~V@dnF~ILBG9v&N8fOR1YTmnc8i z@{jX)Ce2f>pybH2Kx^w>D~Y~2>Eu9dx+$`#kL+dd1SLchv0nQbwK0Jv4PA8vn$|jR zEFH*t1gDLRjHWyz__WNs?+Q>V4x-n)?=pT}rfN%(YJFLP#;*p{h!d+q3gjjq+U|YW zs^BmK71F=~oBT5SPwQ8N+-pu>gyZ`WXF`x_8@Bg5JdMLIUAJ_cTeKYyKtt8w;ooh)e zbwzUYbRTUwam0lq7~RSVXh%&q*7aw{dtL4f`Q^HLr!25%Lk3Dm`ms+!;s%#P^-P2L z;C9Xj-Oxp=kO0*bQrAI75i(gcb7F2kjR;C-14C0J+Y&Z6G_CgnNP`B^*jIxfQGgh% zZP<*$Bnf*$=SsW!GksWc)ON)h*GY^Gy1Z^uu^Hm3+(-{{?gg! zS%>gGPzY(^k>Uw9F+6$TDij83>6+o8G(w6Vzn_~c3((z#>TO(3LNIx21YJ#K{|S$t zcs`XBliuy5*~IL2uA+uwP%Zx_y1p8^%QiyS7)2e?hHiN(>l%@qM1~Tt`|@I5_eNg# z(|-d_Ol9*TZf^s=T?4M>z>$9g{!a?K8WAEXDeU)%7&JK|a;_AX!d69&(tVN)rUnZF zI~keYBO4P8T7r@1TndR%x*)wn)JQRmjf)x*e*;M_cQG1i?^IVtZ}?wuyB8s)z$z4) z)ox8}dsJwzs&BZsDoz`66kftrc|&AxMMX=Ser4ZBg$8W~2P|r7gd}(mP?$CE{~3GPu42J*u`I9FGTk)oz0QF7EWvox;_?cpEsB5ZeRaw zP1FRY?C44q6Aa~4Q=y#2i+vf!he35;w4qfYEcBHqluvV@WB&_ij1Q=nW3^GTCsvaT z7cF!-i8gOAD8DnNk5svYZHS2}4MBfc)XN&0+=YSHwJLOd2hJWy&4l{z5f7m|Zt zGbZ#(E;-A0%Vor1E>Lw&Vm!TLMps!MpU6>Si^!p%CUOQB!I2b~a#8XgppI}Iv^im7 zUX{62kqBDUU7=hA|H_0!Am_6Mx4$8Ze<{CHE1$y~w%~u2|0Y2zZ#Y<+Y?l2s4ggS- z2gp}#*+(QiG>Clm)qwvN%E_$W=tZKGh7^ms`v;Q0n05<<`{Ol|xTd{=0!8XwAuKiSr1${)J}y$+ z$@K9Ncg&8{piuu#jD7p}T#Tzzz|2+&$@IZk#UgdVajsw0<{jYT@oUs3*Lpr@cxXac z6YM=m^N2>MS^a7=bH(@XR))@XG_!7)gXA6kE2`369&FS{kH9mhNNW@QN> zVC)kKeW#F)#nc{ck*~oND^jb1`Pcv^zS4U-R;$HZbpov9Ix64VoseuB5^8dC19 zQSs|CHNbXIUx;KueNvNVa+J27EsHo=4}mLEhj7fK(C1~mHCK&}W%u++8{n%yrUh7C zeiu4eUd21=au5*{G!G`7yp5;45yVdS*(OeAcO)iDWyNe`VyNDx)u$sA?3F|knTEu{ z(Kcu_Yo=9nIj>+2b!~YczqQUA_{I1L5m3Qle%#a!vP(#lNzp!DcsWdfPT;u$?-Ty#pu7uVcOpT%2 z$Ehh{RJAfL4W!R4%j|6zv#p)@qM^8iMW)>@9jImxrCGqv3u%2NbID_UQ)wAQ>>7uO z!WLU(F{?`=*r>j#fU)*X8}WUpCN0)Z@);0OROeKQUtHK*Cm4HxqqbA+xPfBXs5nFU zp5LI=M}nRUeUo(WQz7+_1x)OhV#pdL7|TZWvx~Xt1uR>J_lwkB|7zmA~h!+yh(gOH@Hu@pCTyR!y#W8A`HQT4G*xrUt2IqJ;*Ns~3y zHzD9;iPspm)Krd3uP-8wp#Ea5lU(CMT!j(!*_%rB#_$tOG3=w6O#U(K%L&M$j=5=IUos)du2ds$_=7*X-Kuo?|MVdN$=7i?^2z2 zslQonrbI5AYGoknI4~}2Rn`$w|K&mzk zj_I3)gd(-ibQ)sldRtd-@N^m(7i&#kp*}P-%GN{9CKzw<{1W!*;CLXCh9m~fAJGP0pM4 zOS6dVIj4LI$fACufxuL!WQ+Qdp5+Z4AWaWsD~9&T2thYk)UW-xTBz^nT2F32yqVN|Se;YGO?%zgLkvA2R#wkFL z`PM20$_(8h8vTVu7GXE0gWGiWha-Nq zhZIuh(qQ@Lsm z)3R>Q=%JE%3Hxev@?hZLz|<+a`ol%X$?c;x0j;fnfxp*3GBf{s{#H(Ji!<|o;BS@mHZL>(NB*{%-U>4Ff8lQ%>1|wQ z{!RY2irxli=Ksv!%1T(8DN)*5!e*Ez&;C->6n#7Y!FgX&MonhGJj|JMvwimG!B$wl zNb;rb^rdoZR4V~naF*&4*&n8GG&MBWY@~(|_iAk6U=2ukC^xIK8N(iKVE2M}0dxL< za0&Cc$X9%tq3RGc+78Wpi0vFdBpiJEOa8!?{P|iwIeXiezv_j#4gGRR=K1Vep0V?$ zmb79mZSZ(w=g}=`%eAx$q<#OVuWT8m<#yiQ@?NRIBuy}Op4^hQNlSYOX}`lALv>bf zeTZ$Ikl*te-#h1yHivHdLt?*9NQkB`Q#x)4ad`cg{pyWBy685+Xs9}6hGPy6?GiR( z;t^?c3A;7%u!Og&Nqy<b3M?;$xoFXx>%YYcLW|pvdwj|; zN09V4JhXGI|?|^iu&Ue{_DUtCc&l=@}Hsp%AR(%T8u`w%@Rq(tO1w5tFBnW09IKlIsAeWlO_nAFFgCR}X(Gkc48k-& zGBt=RZ*z4cDBv2riCQsl8hHtuT^+fK_;xB8Wj)ME(wG1?(j4~xjpk@Udo&x({W}&v zNAop1VGb)5Ysl9ZQlxG@MywCQ+{#_pg~}W~-<48U8;js*ybaU8J2$}W&eNF-)k*xV zE8dKF8;Li^>3CRLJ{K)_&j!IM=ko?CGxW+E)MZ9@i3l5TgE$6#aVzz02Yam`X2!ec zMWMPY^jB&vmc0#rwdCCBa8uh9w8%j#KK!* zt@qXHUnKVQoSy#i$FC}UTj4KC$!>7F7g-VGf|Fm9#(==L9i zL3G2*HF1m94s_>*YtH8)%u5z^3VNE{e5NKD1UJ&w3STEhkiX7O);D%ao6VFeOJ&5{ zCU3C6=ItC{#p?~MoQ=XHnqTbA-eBzFVrjs4J*^T?F(QRO#PBSRAOw$fxqRQoQkxsp zHf>RBJ&hy85Vp0j3&i8u!a@B9mT;5JY_S4Qh}r|=+@dtL%yc12E$=AaM@ht=!0B-` zOZS`JYhfKRXl0P2F5P9iXmQQB>|;hFjiQ_Opn2}x@Rpt5yMESGmW6ig7ShYOAZj-K z=ctL1BhYQwkb_s|!W7z_3o(1`m%a9j>PhzE^a#J9=%P2K$0u}c#;OmKVGt~n$kqwk zpH>dOnd0_We?4x}weU)II2% z8Q9IJGhq`2$_9JY7TT;<)u-_an_yv`N!3Yi)8#r-gSe2pIH)l1OKXtZq@n@Wz($VB zeoutNwGI9lV{OeGpEv?96jX^`zoc-tx8dO2Ff39|E)S9Dt+K+%8?P<^{ z`5`W6`L8HqGP<0b_(KphN2$KZ<=lwZ4cY#dc+usaPg(g9yyi-$2XAiY6Zmzx&GekV z4P(f)eHEVToMre80qrjL0{(8pFJ6UO=T>@BH~b(88Gu`kH)^$YcA@L&BD}bcR^pdt z6z=dOk-BM*u=eN1E?5g8#=e@plk&4xReiW?J0Vd%OXXGPy0#Mn*8!pf8*o9&pYEyR zhJZY-9&TxsxH%QF$XVEQgZl;{SiR&yE779|h#BhD(l7XuB;!(j5BGMW+C53!w83v2 zNA$76S>xI+Bg3&g2p;LPXr8ZZ?sw$DBs4DPOhPso2`=YsLSou)_8uTE`(P*DqUy1M zZg7qQJrtp#!IW}F9H7QwC(0jw73?q&SO~zB1JpC*UUcW`;5DXNQ0|&pUD-r{7$*kj z52S8+R{(-~z+BWGGM1y{HNQ@3n1i^S)M51xCK zjjq7#au)l*)lU53ny;Bf>TtaKNT+xkBHDXEg9g2qZ&I$l>?jG8V2e_m)NVho-}D-- zv-~c(c#_6zg||of*-R%yuRtjA=Z9PGNw_o_9{IqpJRjB9TcGLF#|Pw<@O#6 zr=tR`ngp%DWS&4WdqUOu(sEkUdBdbYw zq}GnOxHJYE0@UAH9e$_G>TXCXy2I}?Do{#%BEiAnXdm^!(@?jdxOr!NtQ=TG*pJGD z%Rj@fZX{K)Bw4=PHlW;}@$tm>^joI|W4)%EeBG~b{o^k0Ky9#fE4^^Nz{^K~S)B^$ ztMAhKDrt1Kh)uXsdjYDQkNUR8gj1Pdw2_oSTXJoKuZ=CGBa}Ln*0cg{R5|hD@;nr) z?`io*MumpJ?LWeMzzi7g0n&}WlB9v}dWjNAR+L7ysyoe0n6jahwN*gGw_2;&-Z^8% z-`LM{a`kD@?Dk^!7)%A#%rrM^7A8gcG!iZ9m`{mudYbZSb)n2?p4MUq__rh$Xeqn| z#Taza%2XrJ3mYEX(XtuHDC?)o?DE`{E+2jgK|a{%9+zfTzhyn<#lr9yJTE?O3uvR- z@`JGHGk2D246I3BKHXP-+GVzCUQ|HZDj0O1j%7RNMTlm0Y#s$eQnyhd7^wTPhYoOxBP&$%*n{&eV=}3p z7sf#Bu>?0ey@v8Tz*}yGs8+JSuBpv0v@?$Q#0O?;p<{=>mRQ$2Xd$0=$NfXDX*N}n zdbaiHcHM*U%QHeFytUf%3oxfv%SkI(8;{wW8gP3XAEbY$FUZr1YEda4a zW;JxQ=yP<=zO#2Mhr5L&ny)B6?KutV!%;0zPv03`x{0tI@ zlJy|nyDS7UfA9$V=C0`B>1&Wxf-I8%MxQH`o1upCZa}BxVfwN4MigN&LFN&`%0-f8 zmc1a+&v)c zibPbYHhynX7vb(b&H!Jdxl50; z;?Cdo5At5(MIb6g>L~)@xLw0|FT0OY=tRa%Lsib;i)L8>m#uyl_0kAY$i+}_)Jcv% zjZ3cj8s|O0p1h}50O!@hVXXR|xSUuG`57P|(w>-PyeMyKv}|g}s~=};ybWxn@sXFp+Rckz|%hY&8E25Y-!JIcsi#dZ9L0s&_&oxoA#`q#aiquDTw`0({-2&S# zN0p8t8r)7F4-4Ca@e zH~vw&)Jg3NRM89CldX05b9mJ{aPd&K_THYITG)1U7~6U8P~#PJp!zhJRj6n~ zP`x)U>gvvR3YSl9zBrn>>QkReEZG{b8-#M)!8*e_NW6<}uugyue%~6G_v>dEO<0Ay zbH!T!41wm^Ye<43H&Rj#qE+1f@`t@B*u`Bup6iTkEV9iC>_@9T|9^^45X#u7GnQBFh_G!^0t_O+mN?Cjj4EaFG@?l#f7wfot>&JtI|_UmWU^~|A3XH6hE^%%Gr_>?kAsr(ONMfabm!G_PAm6^M##Kz zKWS0am;+|DZ&=O!y>vDXaQqea`Te2T7ot`^^~z%p^wIjV7aRRRoZp=nC3g1%$$mp{ zfAoQv5RCxMA*bY$$GIE&Rxfz+C;E|_|LOz1LVYmszu=#eOLMLU#JUv|OmZ<48M~|4 zA`N_!9VrgYT*W#3D4;QEV(}NQn3_?j-A)p>vNYSw9%SuJo;bOD73)$GA#Gg6QcJ={ zY^BkFfZFI5EWlxV_^()e8)BHvxLXTj1g_v6C9JIEW1YN4FnZ&i)7c$M#)Tx{B^g&V zt{_}Pa0zfNu&Yag*!d;X`OY(}E^HIo1LnHNg~Ov~ahni{OnqCZ-in5>z?jlwJ9Rei zJBw=iZ_AkI;OHvWr}56RsQua}OV|XA0S1fOt2Nor(G_kHA8LrrcHr*nLvG*2^(uR1 zX+o=3S<|0gSvnaE?rSTOc9k%vEiP<1Tqfjmq?VIM7%L?&?atVW*-6`^(q;^Diz~kg z@sR4zFA|x23Hl+;Yksmn+yt0j+R~3vdPiBu(@(XfKTGL4xs0d3*p|KzT>?BCc{*!L z{}-j}0gEIPSPVeXJsWZ+H033Ykk7wHKy-;}plBvr_yv{kx9d_J&H{GBH zVwGU^;y=NnUca5pQeTV{8TgTKrzbu*I?f0bh3b3_!SN)#)%z)PnlZ*Zl#LRw&6r-w zTn|PjZEK+*5)?qSw(}DLwihP_cuupoAB-vO`nTGw!+BF+AweW`5Q*`5ZAqH9#gjz7i;?_qW4|p+k(#=&KFcW> zGH>}r{64n4AAV0P@5u)OT16XoJ=*4YEtm|9wvM*ARyQj@Ywbb{T&5;pBe2gdHxT*l z_Dpp!Uaqg?VrP*X|C#A`eXcL_hL#z|cP=2Uc3u=~7(scbx(S(^u;-P;wm#HV*X+Z? zUV138vws;@9=qZpV6-Wg#B?iSbhM-F+a*g3wB-YV4p2N!X8nq(T|?gC%Qfz6hJk!- zMXEH%%DSzL0t?btl0qB5GETZs%oeYlB3@ueR>nxe8TQ#qS`sy{#Ks4UT@^1{SnjG= z>6bco?<&ezzbbN=Pfu1f!Mi~JlnPqXgFWpX0X&Uzi`3=CG_RA9{^_b1=^Y32t_tY{ zBmz{TpSq33t`3%NE@7Fgi{oCSp2gXVmZ>C&`p5BQdfD&kw$2odS2&!#xjG7F!?&xG z#5Y)vHNC}SY{;7Q0v}Q9V=AapxZms6$NL`D6$r?+sHgEO!zLHp2N4nnpG%QC>?|l# z>mNXd5lQa#|PuHcF!`V6KM&rm8q+r$=^rJ3-826dU2J(p9&GswtF#T>7kp;2?z-diz+ z@TwJ4gp2QuyGGLV?}{YqKnnY;Y~-L!2xO6(if+Xi;(NH*eu6z$r1oOKMW?HDE)ju} z_MY-|4(mO{rmh{P)AN^OhuEgIVbZi=Y|q-55HrGh5V1Kd3(6FlhISO9Eb5aZ*|oK) zQvMj$ZC#i&U<~WKuD>*Y9GknYm$W{IEn62eEnyt`zX(UPHjbqpL||s8()4kT-=#Ha zj^8`24t7uSa@yXzVpi`xK(zYTcdsVrnOVKf_bz2z;>VMkVKvVf&91MDlxjyYonzvn z9PD|vt~h-$>)>viC*AF&kYuwgLH4}C<9Q6DJyGGQS(3dMe1Eus|Ju@G>}k!?^ac}V zr18GPnj`tN#Ev=ogl>9-Px+O&?G@*o8VF(8REie|`@^vTW3;k-L@0#;P)F6+^4z%+ zU&+!Lp~@0=xja!dCN%$Ioq$0c^9vTxLK6fabVX?AgS7{*Sk zpYjNf{iV9>@vB@^Sg){js2$~`q71^l^9kD!t57h_YcKN#A1Ps{U2$FiII8upHK0%p z-N1fv4T!iooa9nh-=UgFG`k(d3pA)q-FAqL-7vb};g<Ju$&CMT9?m!VTx^n$gkzLhe?i{Nn>T$g_GxK~ z0VxnW%^~^G5oS=Hkzz{NekDP78sbo>E`FI^Rpy}cM{kUjBCvqkNJ0E7H(DfwlfJ*P zHyPqh8{_FM$_+Bu^X}LY+&~BiYHZBmxXnUC57RF7)1lynvI@fm(lcYf(&*YSp1M;Z z1}Kg+WVqH%W*r`mk&Yi?i4PCTh=J%T=fP;#jJ?ixA4*nCHQsdjGN*L8Z0VZ$#QllCa2i~u8d~a5P`6^QX{(C%-r$U4dUe?koO$xD?s4=Vms%G{_a}ra1iQZ*8nFswXX`s|! z%eS4*dvlM*706+gvb_mSfCB)(h4NMh8~m@KK4$W=Y}vn}q^WzD=U)ln>Ct~Jl+OK^ zC2ac+FFm#+EP&m)ou-yu+dshXil^ZHWYtg2z;D;5hv3)rbSi#Jo+b;uYA4C>MgIHS z&T#hQ(>TA$%65#ACS7Nzb_|yc*O_<6mj4TU-+5Y#ls`fCci7j!=?K{Im!1=hAK{XA z3&y^BueRbbB*(2Ee=Yum|3M6f#cP&kFtZqb=I7)9%ar_x! zPmp);y54%!SC@|Jnup5R?&tgWsNtD?S_sim`nS)=>l%6b)JIv*7gp(lHW8EF+{B)I zVR~;He|cb&C~TNP(pKFAtf-GM7s!)&&WugW_+obOQk*nIE?Gzzf}761Dj45+l`VX6 zTB+v2(!rIZcR#!vQh}hs+6rpBP&Xzids#Sc>5bnB#=0?s(oYFSS4o;u(SYom+1a8E zr@pZ~qf_4nYImp=S`SX_1d|S%6ObIN2q=8M%@l79C)A<|5AN2ZMw@?aZa%EQFW96# zi4(N}U6-2)yqIo(2P>7_=`>(ke1Cl6sLSPYq2wf2_lxxln z#Sw&Ocn$1U$FXvdE!u-D7NS^ql}P1Z*Z_CjCir`h`pG>!)&thH*7Jp?!UK%`M4Ca2$JNx*|^)N97d!Jzyjl}dQL)H4jNU#Q@y5BT` z1uJ8HG6E7E%k_f2n>C1-@iE)~(#Xz}dXv(NA$nQ!OOc&OUdSd|Ifli(+)p&JX)oJ4 zQzDNe?J|;Gcsac^98GB_1T6wrcI*`KQW<5-DLeie2odZf)*d6tx&kceclG^){3&dtk3|LJZ1y50dwxc6}0l zVdd;-RnH+Z&#u}8RPEAjnYDCSDZ3+rWJ{0@NjfwJ~l*()a(wd z>%I|~Tqf>|l>U>&?%kIn4O`2$>>DpVatHf-UwSG3_Kds;)gf|I9lf5<1=XYte3B_o z_vOX$ytYpZVC)j*Z30$C!l86k4v{Fp9eL47R@X*fG4v6a9LKRBJjU8h_@Ig)lp?h* zoALzjE0ZBA-dD!sw?MrKf1$UEGj!Ys?$LgI++;MrX$63tm}cK!kdF(%GQ9Ln7!3Q6`Tpqn-7I? z7URo2JVjRxtG0zLj>CI^Rj>_J95ezkl>3%tW~@n)L(pm*s;ywI11XWArG$#k!P*uB zBxJYF7AY_15dA9H`2(T4-Tb9X1^e+pmd?yylAUaDRUZuR*;PX$p`Vr9ER2Ra|7zk= z-iS5Xt1f#V%%Ulp?X8N2l%1~%H4+hyH8S{4`eVy5cB?8gLiq)AC!Dyw;q*gg&n}`W0Cov>+r^8ChP! zP9DtEoyYh#t7#jVRNZI9`AUe>5cMrA5S5O#73YCUkeiUmO@rF9V#JXP?h2yWta^qL zk08-hsP6qYNJ8rBCU`tyV_5JplTpm@ zT5s__Ht;nv%;&xq!B6n;t+{ot^`XP0FT6(9-rKK*blUSMjhbfl{xa71+O#p%cr8?e zFbqHh$y|%9@Cs>3hIH5_XsIqUz~DqYx{z9D^~bSY6BcS%2RaVN_O7htmTtYIoN%me zCSPndogp%q>WD;8xSrJ>-XJ!!f+Il@L_wkY;~J_`-x@uJk!e;V*xDo6qQXudNtVW} zXWt!(8WOu6Iw+q^xe;gVaRuH7r(4wgw|H6bth;=LV|$Zh)79oq5jA6Z%u)D@*zBXR ziML^dVau6s!6GhYKRO6U4DLk%cuQ!ThC*tmZD6~O=0znhKNc z#7d6cVJI$vz9bs-N)yf}u&Wz`xew-;=7TvdOE>&j168ei+UdLl))7uct%m-@0ECs*il0BupvE@xX#&IPt|xbdYaL=8ZI=twUceQIr%o);gooUCC8BlJ?VEf@=+A~~MtM6~9(9Hgc3 zMK0Gq(x@&+1ZzGO7kY6c)&J2l;!U9%{S#j{)#AVj%RF7ccfhpqXVPYWK5U*korVL| z?A+<-(jcgS>InQ8a?bE0B+i?K%1Jt(T0NVmo`fYmA5W_1Q`C-i8%4*3pe^mc|xK%Im|?iw&10$}pk7X9 z-D_!KKA|=({QV6yzpk|tR^9b+kYf1;PkP(NHr4hE-HI15SBC6C_#I6h?Nc!k1>>l} zN42rT_9Isovq{CdE|VDShr!C-nyM>`P^P;omSe6fJ4TLOn7rHZJM3_y9~)4YDEUXS z+v|oW{@+aMU6(aZJr7Yo0vh-{zGoOhzWFf77k1X@7vZZXz znP|yU%AP(GiZ&iP6AtV3gEPHJt=&445E$b^_fmsc;@LqlX?QDCf9J-S?s^l5#BeNF z=;FqA*|E3S%CmjrNci2y$PTxrThtFfra9JlJ(+lA=H*!ld-Lq5p~WqzTX^BmOyE(+893sM3@#Mc&eEA};xE=upO&U2cXT0`Cuf0LO zg5pG6HHV2%OqWkw(fOIKw6^3V`~Hp4?vptNN0VspLc!ui>S-4GW}i|$y0K90RZKl* ztTv#JTFHA7vk5KmTGk_2hP{k)FMMFNVwr=`6^M@yM#;bCGO5@-N;Vvz8e5vNG83oA8>QDjGf+`#$z=lxWe1}%eOkS^Ew_yGInT-gv> z5c;10FY_R>baA!6i7GkR3F%}P%rr#iCP|n!Pp+h>?YE8cj>f86Svh(3% zZ(F8ylMk6KLEZz!i^*@dmHJBe8pX;eCw)h9Qhm_g;_>n>z~KW$(d^Un(Nfcc?9cQ0 zx{G}9ceb*^3mLi_{H55+9=?#T3js8illQVOFWk{Z{Sz^gIXvaR_p*X_QxarfHd*4d zm*eK9uD6QzcjT?SrYVtZ$Gg!zh*esykAjFu_U^kA!0CwhLO53o)K?=|)_e14OJw_d zDdStWy{4(J;m9$a5Ymw@TfC53i2W}6Tnjw&&1x3HYzx&|IG!QuH1sgw9JfO3VHQLd zM~`NP_m}BvK#N5^zmPrrez+LKUU)yXn>JI$-oyDti+A?*`~4*-*Ipl#>B_-`LiPCF z?CB4B>2~m!?1k*u2TMTkfDiM1VjzdIiVsr;WRv29q4^x+K5z`0_ zNgGUeN*6OOWj;j@hRvtk{@dTjA|IOud^A|p@rZrUY?TOWRFP}mZ1wR^5z=>KJr}a! zcTp~OWBI_v`fhE*emE?!ruNA^EmPgjKiIby)1`0kXAvJiPL5Bs*5$-^Uha52sB1hT z4XC5aMi1YKx#hEula1%dLOVKLJJCXky*}xap>4ySy;l;T4y}DHI1&VamY5TYKO1fB zl+8^T4fLsdS@9?9jGv^CIQW~D+{yUTpZX?~E{%)#eTb}&@AEo{k;R^&S+2%7$Je)j zSN&xkyZ2HbDYA+^dMTmjh*ni?bUV$+htBVw%FbPi7qi%pm&oYVUrrA`Kaz`{%Sp6@ zqHzB0or25peS5t`_;tiJ4gZH2`dG?b9|X1OT?VYnsWr<&%<7uO?BACM%qfP?0UyI! zLCFW^<5vTrGe4B%`y!U1yfZpZYew18Wyle1cZ?j9h;F_eG}``)Y7GbLl%v!rvm5~e zEb7~HS^B35(()zD@@Yn?+(uL#_9->|80v$0Tdw2VH9q{n_aS!tG&UiYpdIiO4jgeE z2Rg{f_A-H?TC+U44Y{=)d=!U|xqd{#k;~8eh5GsejQe&tiMS0RaI;fP!tFGLnBnOmP!4eGx!q$1bo_pP5r>eo`v|# z465->EE|ExtUhnhs=+peq5LS~B`j)BUd^_)YJR!Bt(xZt@@nd^W?p?IEM<;{`xFi> zp&9b~ZBqXt3ejk9-TgRmrAKCr54@cVhab^aIx1!4zfrQ`0XCS-=d+UnvQlQ>>8*9GW$2aAk?!r>O zNYZWQIS5m`{fpjFH4sR_;yz5e4CjaOA}D@XE87efb$=jx@{8o&xzyMBH{gCPA4ZRP zvfJ!+{1#(aA5Ft8eoGAd>WdWJ8ICq@ChPU(;;=<<>EN4_57Pjdtp|S_i4ivq&PD90 zFGF<#GR*4J7Iys0m@!GHn!b4mwYByZyk~+J{mA632n=j_g zR`O=M{hjU6zulR|Tno+XdMul0rw=I;rb6{G9RG!?QW||J$3Sdbz8N29uHg_^Df=Lh z^c{0wONz+kbdQ2EXr+4!#v+AHxY&hj8U4xQ<~T$VU4rdiIUC?U1%J6yyD|-cvg!)e zM3(VYeCgU-H}JkXT+RVFzJV+ik#y*^jfEDXx2xJduRooVPypY`7;=sqoQv_Rm>RRO z`l0wNa<5Q$prIVjJ~ATRkD5%d2-c2A5W|R*OT&~mHWtyR%&YHdo?haQawz-J_wn8p$Yt2i6t*xQuYHMs9!U%kHDS4UDC0eX9 zC#NnC8iZpr%gd>u_{uv}C^*vk3kvD49sD6Nfl+gltJR9~6Ip}WtX6V%JsV6s;-HNews_Zm&gWiY@ z{U7DsyoiqU(1m~VZa^#M%X{0Je!K23O~>w|Z*P(r)gX#?H&fA)TY+>EnTljn~y7V$MPNDiWyIqa$TSIhZs0R2u(2{EGX0-?aVloQV zZ@$u`gGN&M7WS+t%iqIhyRT;p)qh=XCyR&vV9%*hrD@941@19k3`Z=bqOsJIBd}*j=HmMW8qF|R zT4=Vy*8A@{Aeo9`o8`4tHp^O_nZ7!4jM`A1+g2wA;9^ut(@4vhq;cx1r!*R;G1@qx zMEmuY#J03U zZ&b+N3&v9G5BRpW?`p=~&?p!SalL^n;77r@`6t1+^=H9Y^|$K}ynlQ{Fi!qOFwXni zwG{6y*LpnD^%bsv;d&QWlkd{s6gu#jKsK{Jp~olqc(SPpJ}_8v_~-&Wrv2Hb`c&~_ zcBG!Zw#Vx0qgsM?DrRC(Vi=@b^;Qx4ALJOtn1n9~fz|eS%=TJ7d0yZFAJx#0_V{TS z@Eq`1&;m2oHiSz%eq&EHghp;b?{ghRzTru5gcFLh@Pl&{!@rAUKQ_R3#3H_n#P9I$ z#tevnvr#E4hMvL~1+i1XALsue7?l8}EQu%Mi}0>$dV~vf-4wRxyO5O1H+elRcC)n$ z7Bwx#EULDLTRZtu*!SN}Dqa2?I_03rh+R>0f%hPs+=BODI)2sL9wsRcsr3`TveY3JPcL2{7+vonbEw_g(V2NL(emj{8=&G?bD3l$CHx={6J!PTCPw}U@N)^rc zZqp9yd~}d{_igOL_hGSPib<8jTO8qfh4MjvwBtDK8kf# zFXQgU^%lRg+#g8)E&QP`K4ZE0hvCxPm)Q9qrUqn!y=wKVtWP5r@N7b3Vqi8>pmGjO zVh=TD1kTpp9-71sH0DTOzQlfSoY)@Zsl+*(by`+hqk>h}%$ z{c%z1y_ubB9(4PPKcOUWWqSoICmNr?^#QIG{-W{o4x-W4 zQ8bjPW? z0irP+R{^dSxSqmArmA(27BWX8UgtX(1MiE1@5TE9kC^mlideI+@1GY%F?&l#aY#xM zSdPwV+kwu&38Nyc8_jCMQ+%BP(N2LkVf~hc_)91EY^e|vD1@8)ci>}2+4oDf92TPo z7Z>{(%lIKqZ0KXXfEf;%zO!908{lC}%+prB^j3rSUU>%%qSy~+69V7Fhq_(t%DZwu zZa@u_+jB+|xApFh_kOstaZSUu0M~=Kp2Ss&Yfo2Cg`Zdu*kII(8$DP2#K)x$6FtlQ z#YpMv2_6sbv2_zryUF;Ip&LFEgwrzlI_1$tG;CZle%0L*JRkUreL~9q21X@}9puM6 zJvxYSl4*h`vxAs6WS~Jbj>k0@*9KfwxIVyj16L2wF%Z{cTs!c-1$P_nFB&~hb`VDf zUhdB6+|=E3rGxmk_?hSBj^d*e2X+&UGOiW4HsUJ6^%SlgTzhey#PvR|uW>cu8V)Q4 zxbDJb$JG;860Y^#JsSeVoVaDn3{_?Od+@4u;D)ASPZ|HH@zAuYyT7M7K#Z5)byw=w zW0OZI*3p+-bgpi$0@${;Aa@0}JcP1L!5%mk-|BGuCN231UyR3h%2I&_9Q5`B-VwN_ z;<^Ku2bUoF(?5y-;>V9flm2%@r?I`z6v93+-{q5{RfJqC zse#PaLBJ15QXE9AW@R;ZM&LXxxJZCzKvUHAl2I@t(G?IBv=tZ2i@qDcpXNPN(IsdyJB}ExG zotM@`%Qg7x5bB9do;h8_w6OOOIHClA@H+p!)Ypha`;v~t>4k&ObP>HY(w;Gh{by^4 zTK4)WOu>riQKFDmQ`Gxo3n>l@8y-9n9H);*M&rC17E5yxkj^*B^sY5J*Ia*m=cpDR zjGS{yYhFL2h&k1>(kOyao;^nKjc%V%M=kUBp2z7*9Av-rm}h-AG0Nk7MvN-OMq0*M z{^wmXF1h&MPJzm~1NhNni!I8iVN=K3jQH>5Nrnm>ehVyJQx2PI?Aa~-`~|CM?8ntGLY&S z(Or!0TZtM#Nf%e{c>FOCywE?|7gU$y$VN*9K^Jmrcs}&3?=D6K_xkBiuO{;p0RmO# zsJ|`JeazGs#@*#&?jpG~x`+TznvswiNx`<8+8LH1b-oUFPu%7UTPN;9mqG zp}UFCZ)yvj*5U};;KjYU+9xDE(}Ts_(mQeHw)M+j2t9wSBe96whDP}sx}#9dhV+4y zjGMkcZA2tHMs9=<2(~!chC2>s-UmYXvswTe!1=lk90JJ{;*#<1uwZ((50S6LLxHva z!IJUT0Ie8(S4inXFtiyFR83};^IdFmx_Dy7*=ni@DW(&I5Db%z3D8=w4iSAi@>kCt zJ;gzW=hBE)`tlkk6>w!&PblL9X`Zt^MOaCmhMr=6;vmN7GHuHdR*9d%*#otC4`@-! z%`hg+>Xg2o`Mty--FN_7)OCG4t9pqOQkOx?5c*sZ?ne4TgLhe`+8dO&e6PWEfP$Qf z@t($BVtS8r_|Q7WM4MzyO7&!fh;h0F9Pf?<&)g6(VNA&YhzPU?!l+O{TRdmH)e?-L zPV;3G=g*z{8wafcYS<0W=@4;>^yCUpP^dUe`XSjfHB^j=HKLLtbv^U~W@{P^*~W}Z zjy0N;7pdPTdp3oN1EXJn2=Gxs_I1WEQMZIX-+8WvLJ#%z7{kQG9wux{ zLKrBl!X81>!>&G_iDBaE;dU-1^chFJcdF4Is^sZ9=jrX;VA*%-0}<1N5k==gYjkTP zVs(;73>U+rE<@H-1@-cv1?5+`+ETE&X-g-L%&E8UeBR$ zF{Wo3#K2sj9^t_f)J&KR0sTBbgp0QUWI}}44_~hHJQN{Djw4VWy!K$G`dcHHQ!Z!- z_2!nxsJ>c1aLa>#VGUn0=RE^?b2JpgfA6_1QjDeP2`3pRh#Nh%kz!x6bkNIQ?T@0s znDO{UiKC?k(UTJ;4w#<)I5v=byT|+qSz8tiBh)xjG#<;ORQ<7Rx^*~~gPY5KMIMiP zq566x4MJLJMJWyhLXc)@e=gGD?>QSKj?8=;ax2yc)H>(^M_us!`+tB^8vSz|7ht~# zHj_O4anGn|vFDums7rkhaYU#J!3w;rJ!Y;J8{iAqYfjPHU&r$`JUY^Dws5(a)B0|N zk5+r2vYxVBrX%w5$33q^i=hK`|AQb(qkrCmA%K=Q5*5Q+sL*+uQ7&{BM_tf@8s7k@ zMvA=aaZkS(F@!ifJ_hsM+n&WSm>O!3XHh3%Mny}i@ufTNBj7#ycCto)EhZAAmmTM~ z>IRhHzFKSsxlG#>N67yml+x&*Y}-PevJ!IyO?x_D*oC3|0y4{vn?0Rk#U5gRPgJa! z8mNgvog>6EEmlmvV?0(Q);T?_4?L>&RPf4k!Hma@jt4kH2UY-M^C`$d%wN~ ziJS(-(I|Q@$BOZ#wP;+m-s1Pe_^eAM*Oe;Iy3|YWvSJpS-p;g>HrEwx$ z5G9^%abjraOwfhD9RbIx;Hild!=#wUJeT8ONfmm2ixa2EWh39Jo2FK+<&7;ne46^) z7NVHW@uR9`hu`y*#Eao0R`Cw~1V_Bk31;s>BU*z)p&u_Ll@LTr%5k)uoeX@1>OO#F zyvuv*&~%TdE?!*Lqh&+$E#UWUXnG0~#Ga9~foV}62+>55&iIkLii_e;@t*Poag5(L zJ4Mf#1hKMo6VO}K3ciu3tHyzbHrT*;O>CzX$O||WCL`)Uerm847m;PDh_HXxJ$GZsGHK84F*CXhU-9H)oarMR9P+vK;T`P^z$5Lkv?#wWib8tMm46OS zPh_5>Ol3VOB0zV?BE|*~(onAaD;mfZ4&p$EXoJpKqr71-dA>-(m=E#XOcG-!k%op` zg2O=BK=8gE0W!`>d?;1Ryhxc|I~0x{Ww-{y;BeO9*r~yEUU3MXJCntDX~$MiWwMws zmw-UmUsOM((LZJVMN*ng{{}@g+V)Vgvo5IdqM@n=1BK$z;bx;h9-w~G8O~|^y#Uii zb)M&`6fu6_X)qnZ)O6Z~7Fn*<4G4S5R90U>%(>I6wRWk0^?BaaC(QEuTRk^Y#NJZR z&YqA|H2d^c&!|)}!bkuu+Sx2;KI*ZiicvUB=h=`dP7|{|pQgg9!>g1griZCd&?wpk zy^boi-3&h5QldPQ)5MhEA2+) zv$(IA9?xfHgL4B)I%?ACFwVWCWN2=Wm*D~e?Gc_6eZ`>RPeaX<5vb%}RvhEeWv($< z?lI|g{8`w6gDj58NUa+)le*J4li3HzX-{|z{lriSbf@$a2habmr2+)vXYmT|!?q}@ ztnQ6+tpt7_u2qMx?PAY26MjwJNPCfQ35!!zt!ZNs@Z~Mm)1r_gj0q?qi zf_b-#t)!;5t5zz|3W_UU%6hEKtW2$}Fiprz@e-)1Sy`{8m6dND!ivlcOWptXnR6D< z>i7QPGkeaN%QN?xXP$X3p)EFSRjto=xQ?Uor3J~CxEJCvery*uQui(*HbsZz03?*L z4urqL^a3jObVn(e*Ofw(bS;cwVtArQlP_1W(r50`?Ont)qerKM$y_zDql>3UTgHj7 zw7v#J=V^BVnA-GRAfhI6s4WN0#a-T9bvgRTl9vYpm2HUHFMii~vCwnPZKL1=Z(0>6 z@^~mV?ka}KJx|l5u0S{O?NZOD>D{iPqyJiL-Q2TKMv33eep#-f}aU#Jy8c}&2RCuws%p6*rcLF|HC4`**rEfYlZ zwp?FB6g!`5>~c;(%7T2}NL|h%^*)5ACWtWRgW*#hpP?R05HW$%?!l30Xd;sqpdbSq z*M#|0njqrENxGUK5*oy+&Uu5nbQdu_l^B>73$v~&zN4-4Kn@0*u!p(wtB}hzmI2eL z_#i~!Bn?#q(2PU_zY>8Brt5@Jdab)iHVm=o%AWK?hv*@!aca*rSNhc4+G1hvsA#A9 zZHhVx)J>J!Lqy11!SrGe(H2P2u^yriMjZE!^FQxSq16n+Q+g^2q18!n(muZFC46o!MD{MFR)W*^qJw=B=Zs3?Nm|E#m zkdowe!nI-){n%5qXjn7S4vwNGiK2fCU|eYPDQ1@!fYqUbDS83TNfeRdLt2w4Vxm-C z16ZmTO?4ZESk+Q*l`j)TFJJu@#2<{M6xmBG0pB=n?gd1B)O;%GB?bp7+|}L;W?y?M zY+5U-phmq#%c(pEHCKhP_*n87hs-&k7EMHNgy^d|#;n>Hk06EqL2M2=B;d>c?T2mQ6w@nK}^a*Yvw1SJTOL`>C~jX@i2P>n}!&beztHN zG%8`I5)bS&;8Fl=^fz<)PtsO4qM!SK`gNEh`hv#ipv`?nYs%`2u^qwhgIZqr-e?&| zebyg7<;W`U{$779#|q@?hc>>|7b^g&8P-pX5EJOWeqtOq{k#1{i?&Kt0&m0EgF9w1 z^LJgJP^_C^x-UPk4awom&9h)x((KMoMl=3yJSy^r3c zup}|DzOuwHm>x+Iof7X0P$zOss3j{`Tmo`a0c-=xwxGQeX|!wK8f{_kc5Sd(+Wl?b zXk$?O=<6gA-CzsHDf*Tg4HT^!T);=BHk5h{6iM77iwBB~#tLOLCvJWpg>(2NZazw1 z4;1Zvl=rMv`KQP-2!xK0ssA9H@PE2UGX{wVWzjtPc#zo0Q+D=X(ZXlmvydfV{%(4F zuxM}2!DqVm-k)@6uo&Hh8_eYBn|qx&3!j{Q?^EOu(J!`C#cBpF0jxOa5<^s1A=rgO z7h7#x5y8F4rr;I~5#xM{YO?u$h!`2HmNlq`dut^YGbW&v;lHJkQM2*V_=|CG-6cP zm7_`xd)16zhhc#I_$Eg-V;p1UGs4TbVwUCM$VDwIY9v+o;}ZpT9_WjL`a1d=GMM&w zTNH9tXn!{6SMa+UJAfEwi$jP}HIo+ihsvtr{d#yRC=KgEneKtYK!(%-Vygurw90Eb zkenJIz7C@V>o&!!uG7qQ5^t(aY|`E|60_WbP35<46MZvO1cs=_uZVzuRugV?rg~_* z&r`!;7=ReHorj6A`b_xXo){+LIvfRDt=D-j47aqUe8p-EIR0~%nJb-H4Ki$JI7(C6 zK1@V5ILGf*U(o4cA|m!8f1JRPPEXrJPs_`wv#fqaW1OYJX!dm243T=dCSx2$S6HhV0la8gycKb7>t9fhmli`1IJ{pZdoJZUOgauk?m zQDxrai2`X5On+7MEgru}N1vLKuJ(93Lb1fzREZZ;@(9tb{ux4vlW6G((E%5`v}1$_ z52_XL0rL__@hsIt=SGOk7Rm(M%5$F98O|2W(zQjH7q0wp8Z}ZxM^5n z*U-iK@*0^H$dD2_d=s@AC6ckE-akr2)gQ%Pv9x{^mR=Jb8YRF~OBY6o$Ur`w{gKqy zWb%eu1EkK-T9Re7NDO@Y7tR1)6WEvO;}6lq(c(>cew_gBaCM5X`0F(EPc zL&_c_S_FowW$Fv0)|F~OK?1!wMzptl$X#R)whdDeHqw8`h$lrUJvvr2>r$r_mb}iu zmYwf1%2Cg7V7{j6fTu+V0! z7#802vZ{kFcmdqmy=bwGw~ln}!ex@F;_>k4kBw$@#Oj9ZzR0Qvlf8hY`BPD<=+A3* zRjTMve+c_+rie7rUD#-RnrJVqv@}h0iSYx(H0?wsLkgJMtrV9#IqxX!1L7K0AfKm| z<#OePwvGOiCVF+_lR%o5p?HN9eb#dlU@pkD%G+;cet16LpJKbVO@5Lf1~xS z4|+UZ-*0(eE_H<3mMH%Q^jW&- zuRy3*V%@xMIHCJri3ns(U+V93XXkKT_&BI zAiDNc_>+DsXAjS?ZRM_G>GF3knM|va8)98u>81FV+{MQLMh#coB~sE|Vw#uxil7(o z5>dW9Ib112aG0kvcZo!=rx4I^qHv73M+B5i#$?CE`C|RCMStwqAIJ2^CH*l$J)B6i z3T{2zM!4tUw%tP~CJMV)Ljxv>f#QD3og~J$Wa&qaJ%kq902{@n>FFtaAPj?P~RivR@ zE|npZ3$tGU9M>)majBGL-u3<6Di}#z3V_Q|%az^M&67I74J5vR?PR&772hXhgsnIl%8vIie9=_g% z`CIZpl2N)RzGy=BX##e)Ff6qodS#l3WE|jwX&`+aX+)LNL~kto?WW@*(~pKv7i}4B z2aIx1X;A3o8@Ljnoav%(2Og(teX%!%nT41`sn8mQ(V|Tlq87|bf1EZI&&?Ap8ivx% z=_16xL^74NTGx$Ft!9X@NTyWQt`|2Lz*mELy|`M?KpoB}%@AWmB)vLAbm;pTcWv@X zkas|sfpng;m&uZc^An;6;hNnRzL}Rl=LN)C!Dj=sa4iyPxf=`|Ll8szZICKqLGlIe z`QxY=SoUnA5R{>1e$7R^P^)~FSx)mFM;wf)eM~+^UL{OTR^~B5;Bmf_h^)k_0>1IE zBp=58T0!!e<;Pv0sjCwGq9j1SC~3(zCF8gZ^Hdpvj54GEK2EIk(cL1r`*aQ;h;YVi z&B%cf)|0?c6&}iK$<=c#-|`MqpG&v_ai2%c?-5ZkI*IrqS`R}>r-Z`vQ;trp1+6s| z+w>V!&o+BAW!)oM)R?)19Vie&HrxXS5s-!U-y@R4M!v&KCle&s+{;a*1gb$s*1A#i zd&MC6O9@T87i85BJ|>Jsunp3#dquxy-p})TmBU>nv|J!g6)c}@i+Y|K+$SD3_vK*i z+BsTzp9nWw)z`=8Xy<((dxX(<_W>n6_8HZmDY{!2i$P1S9DTD4bl`_*#7xn=zCvAq zA2-!p#2Iz}@2B*%O|&xVzW-A?Y!k8ZB`U3UR@DM~Ub&*CLs#`# zjE2ne&BEPqDLpVtBsNOqGAp?NNZ~qL-JKrS$0oqEGk@Tr}xq!Vt)2DLSw>urk&tHlJc=i$3T>+icM#iKlYmiXGS_lyHbu zV=InKGVue0PSdPrnOb^#)ngc(hy<9fbN`?qo_?7vYBj_oKLBCwS&tg|h&gqFgY@9g znqXESU!z_=Tn~+`38m~gVCCQ+8@8&a=TKdt7Ymop^}v8ddcstE%`d+^8gC~XJ)wiYo&_z z&i#;{n6GFvgA-SDXWyg{B`!48g)GJ$8*cL_Pxd=+Cy*`7|2>-EP6=)gdrn4^rk4z3NH~FBVuCnsns~m`T{&YOBs&=00Gp9y1-qe%o|z~7eY`j-XF)~tL|BRy&4le1Xc?aq+`A(2 ztG%c3b`b=biz!EzmpZTV=vh!}89A^l(;%D*Ulf#@000m__kuf&|Ds?VI4&AQ1~SA)XmZ+I0iSRm>P z^Su}vR;}|1%3UZzh#nFV9WJ8Q&QfsWgf8j`=GTkaiuv^z9uUf{JZ4*rBp_0C@usgI z5|N24NsrI^Xle{+P?*lUhK4hK@&_8tijd0;k3%eZm*9oaca{SLt5|OtVq2|4+gclG zlOAc`h8Jj;U39|ki}TMW_0i3LE26uO88VubYZo0FfPQ4!x6_Dxm_PRDAC@)zv0qOC zOUE1?O57*DQ_5a$R^lFE?>LRmwfg1)?~1R$#$n@JP;#@R`U}O79(s%X<*W`|6p0q` z&QUFLgIgpS`tT-|n_`etkxvR++tR}C>BK_??t$`y{Kn$4v!iI)F0yGlN=heNURC1rPV~H^!e?f zK+E3xKw3e`xw=TSLRU6jEYgKPWi1v^8b;487I&NNnEI(&W*{|qSVWk)TMC}9@}kZU zi;(OgTRE&TIQ{fBsag37j=E`2-%o!3WRs%!|66&BRJUU3HF4VD<`GfE*hct-5DBC*)Lt$ zF6OjD?+i_M%oTFp+UKvua7AQ1>-u?s7C}Cjp@=OAhtB5}H{P z=Ph{%FmWolrOfM`Iy>P@izf`>C ze-N}zoffs~spIs_GF(tzc#%6Y`v85oOtcO&p}wiw_yhWC-wYXGY00!|&R?iuwrCR> zi|`DMWhgWC!woO@sHdZ07VH_v1<{yn(RPqGU}k7uh{epO;4*deU@I%yuYn3K)I=~Z zyq_&p#XFCcz|ffCXoN!t@TNd|J6psyS7eCtyx1;H`d>)Fz?hmbFXnpKQuIkDlTQqWm!ioj&sX`najJS1MPi~IZRE*pTZl*_En(}i+ld&w;l%c^m6L?4}6Fef+&?*G|vc@Hq19x<~*_m|P z1eM*Jh;A5=;#NUHktzCx8q*KCqII_F7nuG=PuLo(awzItdZv4?+9K}(aQ9x`GhzI4 zidjqN%ybLgt`m@rO8zkKe5xh+lQdg3FPs|qt`zzQ&a&FktooxyLR|miaTb{2rTrE_ zuE#{P7E9FhG;3!#E4>pOmaOJ{Y0^gtAV`ONav@T zH4IAp0w}~OVy2kUx0qLTIfe4skN;fxe*X~4ekyb*<65D%d(n~@ZHL~e&6trTtM{q8fFD&Xs=rI{yj2@Q!#t?WwmISHOLy&sjC;)b*T~gFp#mV z<)TC9Ua)_}Iy^G8gNUvx2uo%^r7G+L_$k}XH!`f5n*Vh=v|O||SEFsx3!mOWRm(-| z;aP`xt@d`74z${4V>!yIm!a*AWb_8AxmXo}b_^O{m@g?3qXQ~-V6huGUtw|p8;0CD zmupp}(>3x$jLc|6EAvFZmhHJXo`2>)fey2maFxtO{mY-e%M;PQJi}c5yJF5!aK0Eh zaxzTrGKB!zfbSR`tUaG+Yt8|E=7)M_z9qv@&jK7)ZPl}}U1e&LUdtE5eB;!|?!7=g zKYT!jb^i1hs9J!g;X)Ryf-ReRKPcP`{olsM`<$+Dz&NT@Q}PO2fqeA^&08UYhcZTM zgzV&-YcvSd8lVrGWN3ZV5eVWvTh2sITj>3G2cDnmHM*h9vWwUCF7n{|% zGJ?BJS0kjWi+j0Fgoe2O(Gv6{P2FavcUOwGEv#r1=!<)QPi;XVs>7(S_Kh!nxfYCk zd44i_9M>m9o25rP!1bwk7C)*whTgH&KcPC$GosC6K^fZq&+cgZy2r#fZRj%LFQdk- zID-mfOh6Hvqmy31o@k;vy>TDnatug>b8lp7S8;&g74x44k;3Qbu2o`vPhQo9*Wt=S z=b!$L1Xp!=vYAgF@9w~Y;j;8;=$POv_jVrfcFr+-KlJk|OYeq`l(KwDtz5Y5_9ClG zjFcF;&$)nF<9XBt$`PKL@oiZxy7PC+YB1>GIeRr&&G1~YT6E&)-qoUgH?_0aA?vbD z34eHF1%RqxdsAB#3SreuyHrg|l29%LLCWDbvJ{H;@>+dLEEEHL$FJmBmZ`m7pK=RD zBIGgY-9nMn>jL@%((6S`lXv)~Yll{#jn;CbL8O+oSUd-auHv2W=;QFS48>ee<-_bd zl(0rbXWmfBdn37P1;;`2_bFQ#p+kr%vle=H1*1(c^Jt^pJ197n(Js|1cPysL519dl z+DW_DpzK$M(1kUkdCaFnc;Shx40o+Ki#%)zj0?qSKfj^sjN1pEJ6t)xdenNYNEHv0 zeJyCa8@=hNwW4E-aD8lcSMl{pqj;H|4Ma6XDkS<T%IS?$|`j9~YgnV;;eJa|kd~vCExaj1MeC>Z28ZY&Sju}C2EYx6ONT>Gq7QKhC|Jp@?;+DXu_)fZ z(HyV=S!@G9dxLE9Ji2=WZmmpIfQLV8EW{;z7M7m{jcNY|(YN=exApOv70$7-I$|h6 zzIdAEGy)6)5RV;(98e3n+mj-t^+wF>g3)!g5!k!0!nyQBA>{Fn=T>ZdnVxx4Y-n&5 z@oawEsQXjs)ZRNVMv`y1ix^$8C2iyNupRuAnR*PtFi=de4?-Uy=3XmIZ|?;t+0q+U zn-y_0wTb9Jygnpas;AM2HMuKp7+=8thOxU<)^jmhHT^1C++|G|`YJC0$` z(E~@(3r~x{h5 zuGbBGxRWpN)up*$G?Zgn@9c1cbQr3Fz16K0_C3Y4 z4Xro_d#Y`cY44crU5v|1sD&_~;*x8^CebPZ^w^>hv7gCrvctIS3Bn=6>08qIHW=mAozoAgj3rDG;i) zEPn_+oHYP-MwIuS6a70XIxrMs`{6JYQy0@!2RSt3!HH-NbwFsl83%+-KT_IeT&{uf zaWhWz07IKaSA$p1RnC0y*b2c>ImVOCx0@lg@IwVPcwWhK$Kk=rCO$7ZvP~F1+_Jo{ zPYt~eXlML2-Kr{YR`)7CGL+9A(dUncniqKQX1vs6P&efo9eZBH-Pad=0nyIOYRyL6 z8iRSZBo%Vj6XN*ZHca^(_W0QA={ze|<^5WXw{G_jt!^8qLe^iVDO(g;^6(aMFIwQM zEzFcue0_^J%A(^3UKGQ#ZD_43UEw@>E*#4(3KLwI;tlmjStgrT4jQuuRyzc6f7br# z>pdgqYRt|9E@48Xnm7ngWec{bJO(g;N%ul;pjpTd-4lSQ5Kaw9gjq<1x1;4$3_VD{ zlxcub9Epgo`cqLTA2km``5Qe(w_XI6gZ`))Z_wgsln_~GWMTcUBLMI4LKvGHP7}~G(+4q#*1S4tyTB_2A~?bdtzuP2a}rytia88Z zf^DEC50h8LI*C~NVrJGZGON|mQ1aReE?g6(Z&e)5FKmSz@Rrx<*R7&&OC@aN!Ne4* zx3t=1_fu;E=G(}Zai_a;9?gAOv^4KT{n-i>ZFm{#7mAM1#h1ZB1xS(G{x_sYw&{?b z+g2CSk!_Ggp7%Q4+9t*_#If6fHiLk>c)PgUs_{^&!)RlVhn3vRcY3z89H{Rsz38l- zxTp~b)2nwW!t`=H6gPB{Kycg5afhgA$WYPa43}EIf(4f$dOT8I5pg~fiWP{+ zV#r$x=p_koW6ie~)k8LNd7RyG1|+p1;C1 z!22?|0=U_5^WpA>yC3dhxQ}+zwb#Ye{_Wlt0TbcOdm#1;cOK3P=Lf%PJd^NjjpuT> zUT_WJ?uUB;&i*z%{)Xt0Fmta6@VJG>y9s4wr{SBQ*YU&<&AmJuP zi=TQ+Y!tF|JH_o0kH{;}7Vq369+q<5_Tu)%Vy%!>+o_}kG7VR^)9)o>p4>B!?te#= zwE2Clj%}?w@-CX?J!m4?2PE%^2>2FHc7K)9pnYOd@Dpcvt>SgfVzsS)g-?7|C!OAh zbLM})r;2?zD}Coj4c`^_$;%CC!MkEW@UtIs65cwHq(mi|@EDc73nq!2)AaMZB3ypk zko@+GDe^a8dSJhpE>qL#)P6Bn+3W=lVP@8i@3CZ**Khe+LzDK%B-UgU1&ELETKifn z&HxiR7CtsiKdm4`q4otS3Gm6VS$kl!xlgGULo6=IAl)z3+%-T=jGz`{f2554xPZSHoPiL0aSRHH<;pA4udT%q({C!lz^}+Y*(3nX_ZgE z9}%(9f1Ou{MpPrlH8v;%H~+$#>Wb5z_>#*Kq@72&RjcA(JF8REVVKe$Db$wr4!i9g+G7v(3{ha!hiJmPc;5>oKRkB*t{krOd!hCB!)3tue zruAiFy!`%)Vy#Sc5JBfVt3B6s22{m?ZSTOWv*u$J7c+RbHly+L&WsXGUGqeXDq}`{*D*5JU8t|cr_W%74G`DS@ z3iBcRhoViR_m$Ts<@Na-dig`qvvCgmFzBteW6FE|9Qx@)2q%p7ct>KH$k3+GQ7eaY znV)%?zssvEIYb!37ze{K+bUW>?i)t=oYjpjE0~-JZ4KW4g_b341rQ9TSbDRnv_C*$ z5qkn;zV?(5?;AnpsQs zH_?wDiN9NCZl%-qi97Ss2yAtq}+Tr-;Quvubh(4X!6IR?P!iJ zEqNa`K*N9!Fz21m z==8_90?Z-vCqN+nilo7KCeKU2nj$bGhBi~H8+TpBF`S-VfjRq>Oq(U|9eldqip9|| zL)!wiEGQ#x<(Iz*Z-@+(J=TE^eF7%wQmXg_LV0^a$oH)1Cf9{h|Fh61a*XDk75&8_ zdh;yK4sYG0lX&*27td=M^1XlyO$@Lcs6Mf$peI6|)jjQjK&EOfjeA!x%^UcpqbftY ze3e>%Dq_-foUo!ELNc_+yQxLj*#~%-f;vM%^;5O^7L8b#e2d%oPw043ZGv{{oS1ye zviyAny1e3#C$2n3&wnZ+TXzB|1;Se|m;#ZfKxhnNPE-2kQxV%T0{0%=#Xqn@S}%+) zXGyg>-$pn~ZU~C`OmuG)jV1%f<`q7QzZFMwKNHP*vY*htR$?t?u)0D4zY?|u=pU1K zyaUO#H#o>VLzOrN^7@dW6%`Q}#XgctZ_@hzhzDfAO}h0T5!&H1T?ocieJ#Hl2?Ugd zc$MX-Y;_;0`*ffI=R{N4{!hw0C)!P8;R1+kN?23UjWuRyle-wzjt55<`U8WVnK9l% zOrZ6~5wYSWeC8~@X|i9;&^jW8%gbF9r^baJZk$y!xN_p?!Z|TCQtu$Jt04{eO*1gj z%GC!7YSKQaqQReo70g80pF_4cB9Pwv9B2KMDmwPLh-;<;{R-zFZsTjUmDw)gC4QSLx(24JW)v`vN=;9Y*QgCWt zPpiM`@>1=NrHicRMVkgg)SBl-kDM1Br|te+1ibehsBU=f{sMU6dEl*Z&s-1zzr!Vd z2^{n*JiitJv*7l_t-6S1AI}j;w-fI2C0$t{@JYp2147w(i2C2qDl5tB0`RK+@pShE zG)pXPzJUJaX25W0=;GgcE)XI7T&cKXwl{G-W^|(2QNQ3B8-0C2wDMP81Cz`S-|~DL z`F{y{f$|@z{gR~To?^TxwrP+UvDH_^&XhI+`EM> zX)!jV8r#AJd0;zpLv({)`%d^^_PqTa$a<6K(>LFV;6~NRr%<p|!!Dg!a~jd9)W8MG6<uEgvF@1YUj1I~%V*Vd6UOq0cp(1Wh!nLM)Vv(Zv-avc99D<>y;-T<2J6~ z>lSzLR*)-z>R0KM{4C$X3|Q3{ez_9;__tQ5gN`6RZAy!B{x=wQ*V zO~lY2zaNtVROP?ijtQ<4F&{dw7tg5_+k_NTDEKF_RZf~r@BRceW4$Kp69tW|HuYpKZ}9#u5^0xXK?#KLD|n}_t4Mjv!8Kx-gJ)Aei8cux-p~_ zZ+8#qAyn&9con8b#uyq_CGH9QbtDhPpiB@y8IicE6^*0=Rbq5hz?&?3)^Icj`yGr% zTU4e2RdxLpQ=N%L>@r_uQkP%FaE}x=D|DR!;us)VwYMhHnqNidrdQFppc!{71%FZ^ zV604bYdc5M$G?L2>J5sxBI13X`P5`evua+S(xfYpc(&`GU!JAhD`L!OkeI!Jhg@ST ze8;mxZN~r*76?bE2~?QEmWy~j$yw?LsYG0oY1qtiuk-Ix>euL3aoYD0lJ0}%E2 zO~hopJeU(hq`<6F#iwiWQS8GAMxz6aU@+r^0;@fImJ7$18^1h(Wb61iCS{6X#W2HwDtGSCwLiGXN%AeL_E7#XX_g zZ6afC$6BR3So9~K%Xi{IPSChnC-!3P8~r2-hm6sk?$*%Rav{xw-F|Ex}J)q ziNA~RSl(mZ^Sx88Y1(VAVL8udU_3)`F&A8xUl&p(z4*I`Zge;FJG&Pqu|2;kC}=td zD83BEWbfn3jiXz?i`3|gp!h&C@EjgWB4&Q9dw#UKZ@8N3o7m8{PQmAb|;`4TxOx4%G+?pe0fcEVUiv2@G7&)|wdgKogUw;e7ok+X?5UrB2mSX^5NHB7D1Vz4s@M>AUhCO>D zD_yezwhr!^EZ;JdDM^uZLDOqi4Kl(6>Rt_Wzj`}m;Mwax+qsnk6l;|+SQQZ7WiLc~U~DSq2o$ zi!D!Lnv}adiK#qp?Klp$Fp!NSjA~{uHR9Bp@HF%~W@tC3(F=cy7TFB>A0-78R}NFe zAt}H+IBJoh&BFz>d*Oskt^NJL&Qm6<(R3TrQOabl!L%CcySmiRO*V5rQz|YZz206R zJz=;_&z|NfT%*MLc3%k9`Aw;K*YB3Qrg>{P`<0x*7BrCFp8q0ea1LEqBWDm()u;gjd42$Wctf=8$dR4Z^&Fj` zZ^#q&zyJ)Q(OA0zoGgywB`g zr;q?#85#$z#zS?)Gs89+=R9rV7Hs`MdlU(|Fr|5o#%&4C$OPyoQVnB^Hm5pnCp`}~NC$6=siSr{9-Y|YT#qDn6r?qgbl zRRcP*Z&HA_Y#z4*ZD3o15ne_=c%@oHOTbd;N!Q)&2#4iyBjI6gw=~1})OsTt^FD*^9_;xMh(^D9%ea`MC@VO! zuHyH0#`}-g7_F(;YOm!(9As2I86G;0)lFkrgQYOXV*R?m4G2+Qlv7W(@~c9nAfE)r zeE7UxPlhINS1ShnH&lz=#-RT!@M!e)-x&1idOaE0lN+c!X%v^tHXHTTnQzOJCa_Og z(sYy7mATE)Zd@_NkY8GedRgnsc%KbOP-%H5d?l@}FWU@Kjm^x=z~?KuVgZ$rSk~)7 zuZ{!8uC2GR$F5T`{9I>LcYp;yg2Db;Uxu_}YtgD4dIGDKj<~f&0Jib%YQ*i_K!&xm zd&=yI8+cn>ke6TNxL@UnX5$P+3_7R%VtAuj)c)R?uI5c9}};+ z5FAi<{8f3PIrPjS5!kjNJO{SzPBQFw^7fH!Y%l+X(qMx9ow?t`z717!`Tzm{HV+Ii zq3Kj|g&S}V*b|H}!C`mfOkNXa(|Nn!ptU}-pTR<%g^Mo?fPZ13UOk8Bpus|Ywn%58 zeszjYP>=dQSg4<3k}pO%b9nzF3pIF(Y9c5WYVTF5(+u*LBB;`%zOrqS!9x9Hd~HF& z$qS)Po04-^ri2x9HV9)3v}QbmuY6qr2FOKU85v3$m&+z$YOOXW!Jl_J5+T-d4F zcipH@fe253e+KG_?qHqv|I9fZ|AXFPHJsCjSN^RM3MuyVANdwQtWM8nFimVITcou8 zpSe8oecfCdWNNMdo(nx!AbK=pz&Opl*cF@gnFnRaeT;&z@>EO#cQH={?Y_}^rJ%!r zD|G{t_zrgP?`jQ%VKMc~)E2BTD#elOsO`JGQp`=9s{KZ<`pY(Qz;yc1Uk3M8%ZAP~ z-|sfC;4(j%|3BKQs6e#wR4FYERf=06qsEQ^b&GrD-z%^Yq;QT=(<|*gIsHQgp2$rP zq^L%+M<}xkgE|Ry8n7XlI6gf&&C!S@=V(DA*&4=Y>8VC?E-cYgeT$6ZXRPr|v&i=R z{isEP8NrK6EV3OxFIr@Ce%`dmF8u5qAUpI`qA~VHnc8LW#;Tc#?7&fNhoKCtcWIiv zlUmbDlCVhQkcdEC05DT~gq{eH9kZRP*$Rgys!$zqSNM;@wfU`AqQj>6-+19-(Ge_O z#}8x8QPYIwP)hAXbKWiIxQ?doy*sgzV4JPa%d0VGyX$cg@ixI8^k+H}VPDDTMEu9V zPd$c|K{p`8q4l! zVL11BnkVMgSbKk*FL3ZM42rR3E2wi}gaSouomuGD5(;h?_XZxqL4Gb3ROa2lJRiXmN7i`6jZ}D5K16ji`fFR9<&+Jo-sVIEv>-a9_b`a97}Nz|}`s0365hxG=m&!F7g9gc}4m3N8bV zl7eM7f96|t?+xX}ZSA_^>|mKLVn_MYN2cn~P`*o>5D16^_;a%grk>%zzG}>oHgG?%ultzaUgj zETT(@IV=$|zudeLo`{c_??uRf58XVwsx9R1$4?4@zhz+eDYV z<;8ZR@)pC>MSW2a*V;tZlud**V<^jpvc})T26O*4z%hp6&~dYkE{tF)15wSE_+98 zMZPfIz#UzUEgMa3J6G%VUy2TwqeXXG7%p1|0TyVr#oQ9^V$~8U-DyX-?B^Q?i{u&T zJ9h&85-w+o1j1125R{-NP{yB&~f{@s$Rq z2b;+hU;=&2t0tAzNHrsmZX#JA8bJp)-3aKAN8MY=R&hGKnKNhB2fPAAGvJw$0Po?N zWHuw&e<;6IU2uyH|1HbuKr0#5wS0Gf zrY))l%2n)GkODKHSTk*jH9?;jFK;8`ggo1c_D0FMGi{w@z-+jAaCW%Ga7*BF;FiO! zgj)@_4sHY7Mz~FITi~|B?SR_}R|K~Qt^{sBTq)d9xMOf9JJG7Pa$B^ihs3?`Zl;<4 z8lvW=GJ|Fm^WYAIRQeq(+D#MM$qo$}ceW(M9(dn9w7Q)P9lW2ziw_>-N72DE{CMTy zIexr&@FG8+J$RWPg$Hlw55GP5$}h`TXhdZjThJc*p`Gj&^W9F)9NICAoL%{=u>-#| z1o&ZIsci{T;TV=)F#3}AFb!!h+jfrx9&!hw;bcGlbMIY;#I}`4rByCfy9<NzSNR@0y$mQ$`Qhde5oU?SAHlU+DEvY z=6}eS{q%e}mTn?ugeTwX0wayX4|<1KNI`AYwqe=GDqXurWnxBEB5Q2tG_BUQ#&mKHD9assE>JlJy(-B!EcS7R>5h#x;0E=|XDc1{-Y$;`kGdG4 z@-tLcI+sV8f;V%Ce!?mvSsio(64}fa=ceCTCfyh zohaVgQ8pC~bh{2W=unJo?Gu!XH6IMT-_Ye48J?{x{eQ!g8iMaT0G1=X>Q@7?DRwuU z%AD0+j*fzL@Q!tSeHlZ zcpxDYHVX5XqkpZC!1B{3vpx-e( zkpbUapyIIg%L6-UMVxFC`;V=JV)7rB-rDn7IU4V?IEm8={S_zgmnZ&9_jZ+CqIpUh zlBC)kb^PH1jN|*~!lB-_#aunb8S!pc*|AR!KGU^!C1j6U{igO4?%gX<;7nWTUdrnxTQM)gj&7298Ghi; z@0*ctyiAnQdud2KPS&ILQf|C#Ca3SEP4O5tCOR1}rv*QaDZ?m1-tlE21%(=J_qC}T zijxxLy+TF?)3)yN_2zLb8CDJU*<7>^EdAmWbq#R#+lX7091!b$`pwYkKE($Dm%Uzm3lE05K^@K0@y9^^gK*$7NV zx`kPIX9QAKPhjvp18Hqfi7uy|J>{6-6VQ~SO7313R`A|sE;$Y`mPA=3LW~kSX5CTR z&w9zuJ{#Al(n8Owe{Y$P?F{gg7Nl+{TvDZ-Yj}eDApRQA9(#;Y&P;7If}koAbHHR2 z5{gxR)p{szyO;B{H+WL)(MJ4qtwl|M*@&O6`PBG%_rq*75>%lM)^zPBi)tZ2k~IlF zuklmNLNM3D*zR!)-Rv#fHJZ#Fbj*$Ow>xBp^gu1G9wod0Qw_^-gm3a8Os&n1(5Q261 z;{aFgm5SOkt%=R2YIlu7m6&P+QKd!$<(NUSoB(jD4LHz-ItJ`+3Qkq-EgjC(X*w81 zKT{Xu$444){EBJwKsg-t8?=G)Wwg?oLGmyjse>_{m;1oHft(+46)OxB;ktw4=3`e> z=Od7NloD6=qZ@SOp=R-9A8g|P_kwJZpN zzxdWFK4GyMg+siD?}LnmG26_PBfXY|0wchuE_(=}l2cc>SYVJuF?B2Fb)p}vN5fNO z%Y-QyrG2>sN|tAwRU2?z)v;h%kPcU`Wgn}S|BI?+!Lm?#J4JRM0y&4UF`$CLeGhj9 z?iSn>xL$Cp;Vb}r3eP=tz73*-&ecL4hRR%Y#cM+)q-p4*p)&R#?9VhBCi^0E}13R!5LV#3J_RtntaX8j#2VmO7W?BboA;f}s;WeA+6~Krr)j#W~ zwRR+BP1aQ+DZ$u^VG?^VH5jf+)oHkFm(7$nW505$?1ZCrhV}^r9?=px@X z*#jdXUNEyDzZ5mqZlc?nzy<7B{iJSW1n94`Z6;1c1I z;nLuyji+x%OP2ZZ8>4o&4r64m5sc-b!RsCt^4X97T=_@;A(Z|24{Kp>7wd*Hm~uQ| zJ3S{u=;9dJ!uKS{1a*GjF={Xts12CB#>)OF>?Z9I3lpd^(nXeiF{7L=hZ1k%JWZB(O8)z=PjTsV`ZBl?(UfdgCi})L;di?>bid( zb+7_2dA29rW0kF#*BT>Gm%L@AAIP`PC5b{fc}#Y}(pIA%+Yy7|4*tkGKDQ;Mb5;rB z5;aW4JUB}oQf0@qvs|k~uIIU#pg^V>Y6I(YxcOE`8oo*milw*;rFE8h_bNV1FQ1g9ym$6(qym?dpkm%2aeH)Y0~92 z?oSg+$ul4MqS^O zLG=DOxv(`FKK_01Qz{lq*V>)PqAojui;8HPUo?=Vi68bqqc5gQ0s$MN#&vhy?Yt?2da^FljA*|{* zqbVDz5?2`|uJ{e|e3`O&U=pBVgPd8A_ZNa(r?(6$p$nOEvSkPYVonV7I$a=UzA&tW zhE9-uyd;w4O_1cZ_=<@l?vf8SUZ&Pm%u)#7FxJqYp1(^b1o42gEN_pM80#aZ0uY!| z`r$4)B#armbnQF`u{N7318jd9K9oFBwr+LbF4%%FFxl@Z9%D7zJu6vE?ajP{Bb%anQ}|vBYs26=%Sy#WnUKB% ziT;r*abAwjm1r}#5{F@Fc5Bur86+DsQX~LJ1lH=BhETkTZ}g&hlVr;g4EUdz5@-5z zT5dNmCC&=w+JY&u>Ipz+^~Kv8;CeG938h8j>6*~!+$0&^C)u1)Sj0eGIfht^us6zC z*4N}Pm!OAvm*M42Y(#Ap2at1FqRF!1@XE$hpIF-E#bVa7$J_}a#fCvcvofw+-*1E)fT&t={mi> zRoN(%3XrW(=lT9*IXT>O2!k@^}`(Q%se2`76&t?+B|l0$%q|l`%0!HV4coEY|f&iuXc^Yt>zv zr%l3!O`~r@9p+_j*Z)hUGPdX%CCTV-#T)qVDwTnh)WkOWM&~4~LOy@vBm_hEs%g?+ zu`?zi<^L}y;a`jn*5xE*=sADauI%9?1QO5Mp&N7ISW$8yUUVhVIh-pkyak=Z^(~Bj z>QHt5LWcS`{zArU6cBCR;#!;JdrCtM}D>XcD-ui{ENQbZ#(j=-b#dqqD~u>S}q7{HZg| zm?^uBx{3wM-POaprgOK|1FIU!TG<9&t+?CjmE1ryPb8g}<)Y#e^DwwU-Rpy$>Fb#? zOsQtqxz);(hH!apmpHM(g;$nj1>aqoNn4HdwLAhitu*g!w1~b8>+I#YZPqYcJ@9ZU z2fWJ+PaAm~02~;;=)?eM@%^$xw)Z=pjTT!=WmryPU#p{mV!DGpNHYSpSNiMORRh(= z<)c|QZ-W|-=(YPQva}CkdwGy(=jv*Y>ai;u*=~dEssam9Qzgf*^Eeq-A`KaV1JImz zuX|C9O-8p1;5>sA6bMLx3CGc{HW}`Tx2jV*J#3RL6^YjtiUd~8*Ttpus~l;~EOheD zXPd74uP9EjfXa9P3eE6@MXRvSjIa<`yfqRfset!XKoBHJA+=$U1dugbr!>A4GgPy> z8w9QZ6bEB)x)u>jU1rH`v>*0*H%#IY#Hr!0Sr0wSBRjYY6$2P z@Kvy+d03TL&#~64gWf#q`1L;&$Zno3JqlzueyoPrzi>bLf=Q-^`|;d6I``u_Y`dKG z|Hb`y6bxsc;>Bh)sr;J)*_Y}>XqeS7L+ch@r~HPF^1?Z?ZGVGr@yJKD1^qYf$1V&M z3$4!0i$*!no~q`^)*dCa_uK|U=Y7m>PhIB99zF)=V8BN-cP@6&pWU=>t_=ER zlYw4_7wNUdGCo^ZcDvCCPEx^E&HR(9Hy;w0KCTGdx1B_tm;IE+e&>OUXt;WXn|Vnx zlGth0{~DPK#;&!*Z~UeT?=# zEH7vKHs_eS!ddVyzP1oG9eowO!WLFuKwl{VSstvRxiX+FTsOD@aJS$_!QBNn6Ye3n zrEn|Y*26su$8kLFWxT%$_YT|U759%1yz* z!c-XJw(u&{nsI6#ivfjsJ5W_Hb(XE62}@*j)XvRJ2Ky6aFqQrwwvi{Q zx+dPbME38uL*+N_2u@gUGms3eTIC6T0!MpTA5pmhhRkro81RjW}`p8Cd1Pe~2^J6Q@MQdHkQ^1RHU(hrP#edi_(J{U7MP zW3!?>KqjMAu^J(&I;5H7PkG9wtv8~sYm+YnCd0iA*9eVJGoEsA(#Ci)Xs00b;OYxH z8DNM*&PZ5?LS$;!52y|*%fo1M3qBoYYHvTMMqWYQCivBizf7&u0X6;x6`e4~AH+H@ z%ygswIbsGc*V^o2h6k-hU@@^>LKg1$iks+t;FWD{rUU$~oqJEg37BNSft)66*dOqs zid?K-<7ZN{$8dMi{V?@|oVnruU4lDH>%z6$zUB~s3B8RrN zO?ueZ`#HT?*^;a2;=7HAjAF03k1jq2I_M>osHIar>h=B!6K!(JE?!UI<+KyG`;V5= zZ%#R3K+ZvK!;$YY!~jpn=!5)pxzUlM5T}BfQ*Gh=)(vlcg~QiYbP!UN%Vk)|rc!t} z;0RS5;U?yT?O3T7y}MkdcuhGDOGbIvh!UQnj(IX%ewIhW^5lH8_aV-D={`D?Cu5|E z=;u6K^z=PI-STCo*Xl!Fv>GohkE&?9OSpu04C@~6gQ~VdMw?BC8PuE->bgP(dQ}}Y z(a;tDkG(e!i?aIvhiC44P*jvrK@d?jDPN6;^1Do9;(w<5dSB8y+U-Y}Fq^K19A3FFpFOgGsn-gFdby#5 zDi)rZ=~f@d{E|#&NRLEPT*7<~*8(*p(V-i z8aw6Vo&h&S@FD(EaF|R6%OpuAc`|8`$qkuA)^H03nT(T3o=mpXc)8{gS*rMe%OYi> zkx9BtN@cP`CWmEmPA1W{+@4(~Q)E&ulPZ}6UN62Z%W%^bJ$D>iCwhq{%F;ZUte43S znH-jhB$FF5Q6J{^lVnmLlWj6NER#zziT;qAG|0p)ll3y$4dR9O4YD-&BW^TKCh0O+ zB9kpLIVY3IkGV;gOzM4HHcOTj%4EAt8f2nA!i}WJBugfFM7)P8OJ(T}nbgRnK_)k3 zqW*;2kCjQ5O!8z>DwFLpIU`br=NQfZo6WKm(Wo zCy)$`17-kefE$<(ECQAS%K;zo1dxQ{`3&e5;N^h)4bXRhD&SB+?IY070^)iv1m6Nb z0zU(nf$M;;%K#1lwZJF9ao`ki7PtUh0INm z9Kc_|A=lRhb0*UoOkGb5cGDwz7d7 z;67j;kpC>Zdz~=UTlk!yhRZdZ;BXa;U#P`ku<{s*sz`L2L~oNwBGGmdHIe8!5``Rt zXdQ`SNwktg7822%uri%Qi%675A{w1nt|HOBB-%nEZx#u6l5jkUj*%#dL=uT`NKH|x z_zWTqi6TkVk3<#{MUyCtMBomDCnTb6tjban-9i&yxt>JW{8d!$Akj}Gsv%JWiB5lp z7WKjj5?&_7BP3FN4$=E0iXjmlH>$Ld=nWF3lV}@>+$7pSA`gkcx&x0%R7|3Bh#I|> zTZj}??jW+DvYJS4duWCh6o##TOvsE5nG4u8bv;SZN?)txPAPtMm{V zRJo2w?2v2N&G1B~csitbRCJeXQ$BO<*r@ z2>1l}3iu9a1pW*7fi{~2o4PYfUUwiC7zF45E073`2F3%EftkPpAQzYdtlGrT<~>7~ z^MB0*4bgV%1)L>f*7ZWJx9V$J*iXp=8$famdiKHcRb#%?!?=4EdK0CuUZT!DWc4Va zWfVJQS6~b!!33siE^d7{tea))xH}FyaAcyiUbgPfufc`vFo)3?I{xO-n7322Q?Vxz z5Hch?wjGXjXm-p1y~elQIe#@$b*GU$GP2ga@vlZU!brzvS9U}10w!j-YG-#@awXSl z%Q+5RZt0}RUVBD}(a1q;VR^m#Z8@g7SN!3#5PDx~rK>D?XIbjHvgGx+9x#txe?~|U z#^o{l24QgPafq6)B!$i2AfyOcd2H_njJ&4gvC|vC+ymO>Sz$sq;&F5s`qProOGpWq zTXl+}epuSSjTJtNLwaE^vR9uKmWKT>1S6yh7iy}%VjTWBJ~e{bHVS>y;$S09GGPr1 zp6hfr;4ODSoYyBxqz{*w>V21458HVs# zHq*A6=Rx^c`05o)pyNJQ-@?)AZ-cosS9RggBSI~`{wl?QHUr`UDyO)Ls_Z$^$GeCv zWo{t(iRFZ{;vFpfIiZj9$O0@P;ZBf%iy+8Zm-{08^P?Eb4@=R7dst>cuw;F=ib|}s zzL+g~POt@6pCH-fVzw8uULjnsQ!!6ftXk>*8rX+kVd0yF0l{J1*x?my)MlYan@E!J z)rto;3%#Oqz9bh5u&|Asfg4!Vpk#oF!+Gr0&4TH!^c`|U_R+C{M!nzc9tS7YLY`!u8x0gbrZ8pWicg$Al(AgQ))XM?r~QB!_>O?FUbvsiYK`kC9aaoRpzy<#qf z0XOi4r=aj5SbcDQd~cM^9jb0a&yRfq{r=dxiNS?D&Q zm-ogFK3cgetV5XA5mTLzjaC4QpQ`l{hlAcpyeS zA+KYQyq&CccJCm9j3pA}uI6?(al64QMSEoE@-1Mxcyk+=D^7F0oM+iL+k|exQ%Wfv z9nUi5i$WhqJ=g0b``H-oJ}x_Vj4NN?KtTx}ZCe_=u(okD7!7MxHnfw6x$c<_Y{rYi z0M{xm+riD^l@wgi*nz({lp(E`?Kku2_#b%<{8oTM$v+|-hoJTm@EK75TE)p11+CbZ z7}K#9)zX4Cp=@MIk37v&2h8$mZj=wEc}4h-@VJj{dIj_RQ5)FdSA^BX-Yk}2~ zmeBp-|CS7C(v#(^-J4iv3fe?$m-h&YciEaZ(Mz6L!`^xmM{>5TVZXeI1u0ZOX5NYA zF%snO6#8<(re?thJB4S&jbDpw##@3}h<%rBcuV+{8~M-MLW1io-{+^L3PD~oLeJsz zhg4voRf(|?=yu>3&_r|(25?YM2Nvwb01ik6vVqw^*baz19`vy0Rlcc*YD>rsCA6;3WcuAgzX;l|0HeVuU-1;#JDDSz z13 z!D8PLjH8YtSUz)I$tt)-jXjgEDJLrFTABR(iWX4}XL;E|_J%ekh8A)vAlIG{J z&F=^!dy>;q-%#{doShJJs1?_dpcDBABz zE@gjK2*WzA`m1tKX@#{?NLN}SPg8Aw1w#Perw9Z1Y0GclCFV9jH$(dPKfEn~w^MW5 zVuz6~>SZ776%5mxppW4kxgCRFW?2!{1ZglIQA9S*^nD5kef~RLgfXy_wz!zs;vzzP zDZ_0ix6;Wi>Bki;>s_I{aCHh>{4Tg!s^FRXA`kBkega-yIT~p|118$D33ji8USnH# zCAvZPEHb=`8$S9^!)`m*d57x+-{}ml&*q+Q;94PfXth1$Zo<$JTi-ZUzYko>+u6i@ zLOh-H;2hMLj;Dc(dgpewai3rp;uf-#`-Fap)1E-)^E)Nbhm{qh{wRD;)8H0cn@i)| zOHdLrrNu>*!ohW;LTD}cj`MO?*0RJZG#-^TY)+M66n)|>tLz&XOypV~_MYGnViz*aeql&g53dcFUn2dn@0j7% zaASv;u|@lZG2LQ$l`nV*SM10KS1=$9SYh`Z7PwA<2<;`?d1y|c z4)_}isJ_91(( z8h5Kr^~s5ctsV4KKHdPikHHQ99;yaK)dC&~{gK_Q7E(0CzJ*(^a}!w*eu@KPYG-FalDOm7Zj!H7tn-sZO%0gTl}j&67Xe);tZH z%J+p4iIhmTPE0GhS%ko!zx$5XvSseEtBe)BFZA)QDGS69%u~5w ztn?AVhX4N8g_OLJ}^>*cMZdu%6$bbwfYf&IeczfgX zcllIMYmW(PqAwi1o%Dh39<4E619X2VOyySqeJI2XJ^VJm-zPcv4Cytm=z{?#3Rt0S79hV6mlMS(mY&KN7V1Rskn$-!8%( zbCO%rfMk$;k|zC|#V-rl#E*r6z348dvZWUrgAY_a#zmQF?sQmQoqQ>`olEL{nr-|T zXGWiSj8%M$;=kZAygnspg|I@_>4;zrUVn~~+x8$!JHihvmLK8EB0G-={k=bg(0m-6 z9QnO6{d@uH3#Z}q&T2nJf*lIf8|s^c%zm1EaMYFH?(=Y$GMDit1C{ym=2ku;9LxINB#5y+?v~B z3^Aj}>CcZLMvTW(*aM#mF0a~0*6xQvXxA1m!T3tT0!GUb?rLs$=REeyF~Qo_jo7SS?5Znr zGwo+Wl+dJPshJ&V?ChXaE9BDq>uyc`nxr0NHFj;BfeN3)X8F_#-Zj#Ymy7(13=Itlyo6KI*z z`njyt7s7y!sm;pt1X`vvZ7xgvLKqhug5ra~&SmSq5C(QnR+QEh&7h;FJj5^9=nBU*m0m)-Y z_ItYHGN{caDmEws`JtKx8Y)2tdsNGfT$8&ge$eh)%YuGahTNnrI1CL z`S_QZ4&c$NonH#3;l;x#xk3u}(;koFp8Ph2`{m0RA1yl21SP+xb`sd|aESO*z~Nfxx0)Pr*pJO+pBg@GY~gRj1( z=b>|}Ug$e!0JXhKae`X4I#anabTof;_8P{WSox4!SnmA|cpr{(+|nqZYn6|45%-2m zy6j5jjE>~0&PUUcw@1_Hd{?J7PF$UO zaiV*<9A8?U)_;gXMeEb+s^x{(!3*VHlH5-Xw&AejfMs-LL+vuEe9C6$`N_6GB2ES+^q7#?}fjYdyy0WQ;<+X-ksc)@t@lu&G#a-|nM!2=buR}*Eot?=ZIxS34e#bsMEoe>O&Y%#46+JpmncoR%-Q-_1 zC09(7>SXo8{nfCg@Z|E5AlJ>5p7k=#8C*&??kp;dS-OcSKb{@VOO%SfrxsUDH^N|5 z&h3%)&p;ni9Aak0XRt)qbe8>bM(E$M9NKA;mFr&0loU7Epl^ieUHsKp= zdNf*C;Wxq@@1g0uIP6h{^*S~#*usX}FgB7iheR3p^z^Wz=}+%cNh zPQKh2PJDn5!6i~rlZxn@e7SDaIC268|ER7x2^wuIzyYfippaQ2(;gdWNqcJn)7Y}Y`OR6G|QJeq~5z{$~RQ(4YgVP&U4p$BKR z!qW-Ny>CCvZk!c*2U8;lHscwr-}e|Ymfyq1e=o#^ZbuL^YD;z?z)I=sDQv~}g1PNc z9{w>d2?q(k$5!E2de-`!a4II{Jat%}dvIx!^bHnn0!;57yjY)6=9KPY!ViKmBH2h? z4=Q=nl_DAh#d$jV)*=q$f5830bHmv}(3I`NWQKkI4DdD7LjQw_l6VS(6@SHg1O~U; zxi|iZ>_S5!J$pB=goX5Yc0{35k>AN(MS9X>ceB$!2z|%dlDU_}p4Ipyhs4^xs(o;Z9gNAuSX@JY~gmE%CC7N=qnCE;{&B|+8gOp$?p0| z7!)p7YTVK<>jf6aeLo4^CjHooayuP02~8;M{pBhVQl`%rXb%3WOHG8VOZ{GpUDmo0 zPe3Rb=7n8YQlrod;yI1r7;2uE*@I+z^f*oDi8nEWSe=j96|Y0+P#;dyloDT}28MATD{dq} zcbgIHUzFs|L9>%7y*3FmRewbs;w>GGyNOq{6Q%yRa0$Uf&)FS!H|?RAN?&B7=s`kp zm1-eDuMNIhEJ&iH$nQ3>=wF1$(Q-|qf_Xpu%k&@P`$0vw%=t-$2WY&n@VJN1Hizs!-FS?;f#jeu9gX4YXz5$wE0Vp# z>Yk?$UeFHs2Dj8j3CjF-Y0{r|_QNl9a7f8I{0df$q7X$(>5ZLb~LH^x=);@n?A&z(F-<1JJFZ0$4 zxuGqquppnB+eb{NsV{A8nr|iqMZ9p0AC$m z5fpIs2pj#opa=2xQFdXE|1NY_$MG0;4V0KfJKO)e(6ujrx6T7qUZ^7MJbP_*;BFva z8nGJ*3+%@4*b(Orz#!}ShtQ=nx5yXso^p^F`BDW<;3)6r5) z-5X_jA^KAx|0CHAUt$;vabzZHD9ti(TULJf^x9(bhA!BG>s-RhuL#j$RO*WgBEh$Z zSx_wkzY;~R`id|(pcDNUou{vYYYGMiUKQen!+3J{sxU0}H_Qe@mmkN!sQRYkEK)zT zq#RS~&^?8_yJ0c`Hqoexy;p@|rEsll#qd9cYNaxj3DC?)dDQ63=30;X=AwM9QPLhm( zMH8pdh7Fj3FOwHEt(2f`tD2ygd?U@}IftQv0`<_Dv1#FYqTPQPEaBu&%Y z^pnyaD4{FB++LpAxYgYDuigJ?`>xxzT>;w#f3-dQkUNrFf2+lM7x_$OjFAt2ZhI5M z&6Ty7!`4%<^ss^HgT-F)qjh8&w_{QKu!tOnv~8~I)2+{uswY#9(nbfEF4|?flL~Mj z!rJa^O|Te~wltRPM^gM=fPTv|G%aDs(d5i$)YaBtk)uUl)uNBAlM9!c=X8~w3RidK zCf2i!n5vw>9w4G%``U;-gtInws*N}d<)B?#NT0Crf*9=KHXjVg3b-s?ma)RND2hg# zTohhtD?Toi#>=(}xw-oTvgKShR+hC+8mc9XIell^tTgPzs zKW1-*!uc_ws9E;~bk=j76w)yYon%Gk4@K(#VdQpM4>csmjdE5bs>Kn)mFsMiT8t3R z1ZYiwzIL4*Rg1j@%>wqjTGaMygE|Y}oU}HLp zB|^;t_IXF~74}3Yv9?QO4A)bDpq%+EK9}mkCW+1KES7uAX9bCBG%M;zzyzcMSAeiq zqI#B6R1X720ceHQ6M_E#TYz_g<3O|^s&^?w^(VkB;7ynf2Oa@F5y2Zp`k>3<-uI*j zGZ$}xw;FauzgJMd4$r=Yq32*A1O|7h;BjYB{W%Qn13rM>Dd+{a7S-dR_aPj422=;L z!{FFC&}E>R(C-b*0}_E!;1?nx3MQ3-< z&hF7OJ3A)3SMTiXKCw{D?%S_F{&Cp@24)X}VDONk+1bN1TAiLWv$G8{$u`Q=WVTr2 zZ2`4xuN@+XGa+&Kh>=O8m`uM>ed(V)Iy*aM3>S^P3uN55?Cex7rQi7M>^8__D6v4foniVq)Z%;0Av7Y$<)h%XMquFuc+P`DyrA1K|3PUw0yRp1cJ?gjkKX4SV|#fs?=oaPJ%-LhnbIi|qopfV+W*fc1d)P5f$sB`|mthR#47 z1Vlo91vE4Q$p`!i2V)VC1Mq|wrc|XMs#1emrQ$=`X$!&&PO7?NY9~_c9F`hR^en(77V7EO}wJyKJ9#`Nk9VV~64)V`^y{ZjkK4InLu<$@(8f|K-PH#v}HBy;t){D2LrrI6O)YJr0nV*W1$F)YLCUKganmTH9%9yc` z+?6^G$B}wPqESH#v<3YGl(MG^;>Exk;6>mI;3psli0q1X0T=~L1(d*Nu*Xx4LDrM0 zyNV$!rmMKE%S~u@N8Q{B`W|owa73|_UB!M;G-nRXmosxkpEFY$@27 zTq}Dzg~s9XVqJc8Z86Oa6#hjics=>%jll5Aa1R}k$;AWMYj551=LTg;C7`ldWvz%Q zbvkU}k>?;<`=C87Jai&;-pQ^tcr+Ng z;mL1l(o1YfH!;aHt_O92>Z|op)x8g4!c58GE~i0Y^DADMY10edbT+n*uMSlHAhIjn z#L>Yt16E2OzQK~CMJN1S9xe9s(oCi3z!FL_Y~Yj@e*pQ)61thNl+R|04&=4y)o{Jz zT<;hcf62w4ad8$G=OHXBOK738lrL2JaNY;$SbP~~XyxJUZIssF81VEj+HVlN@Hf9l zuF|bYq|rG#k674;sUEm5?dBgiVZD>6iCY!LxJ@{QlsyGuisc0{TI8W zCfg1Er>?h{6lLw$e`*(#nyjn-7hO`5b;JHem(*n4$bZo#H3dER;wz5+7j06b4-2~g zqDyMBE{%2no?4_P>k@PF-*riiK40+`!0O@Gq z9d+h?NaW)Ge_3amYsKo~&{AZ+OIj8es3PoKZ*j!X3|y9iW)S;0k`KbNEN z#L5|HaKvZ2cwquUf=Mn*?<0;x$y?t?M44oJ`-pu&&h+8M@p>O|aDTeI1a{?#C4cf1 zJ41hwT_zbDA1j&%e+BL%;%JIoaVm7h6(ou!`IaXqu-Cwup8Oj3s-I9OfQK34W_=UQ`PRWewv94Unds6D2=)eI~) zjO#1*p!}i0sLG}`tvHpR=UxYoGo-=Y_|%BcYO$Jue7<9a%eS=2M_ajpt8e9cluUht0$S&OqAptQ zy%N>=3(^qouW43SIWl8&HF5NF~4(QLnyy(9pAPoe-imr zLVc97*?2$h5s!nOu3?{3$K3&wKnYK)+7iB#_vH6%X-R8aHulYs=wHC zZtFI3-iA@$W}uMKhD`otfBvORX;2SYPfdF9(94vXddf;FQtA(-I^KWejKQ_WC3y(u zB`%^KMpp9#)cAt;|;G*sBsSQ;dwN0%Y}18pCMSnsyEp0{l)ux z^2)Hf*oAWKl2pCPbTIZMm#c4*^*`9dabo}U|GdY?1jvj>3YXqg_@-VAU4e%|@K&C* zlfNIstIkO>>GVrE?ZE7 zzw&mOe-GbCXu8Nu1H>W1*EMW5XpdKG16EmUG#uF5Kt3;(9WKFSB-ZqEecLDB>0^wsxS{ZEy<3x0otbS;;sqrf#vUB$11E zLY$dVR+0pnbd{YLDE3W7E#pl5#KBLGy|@h*P`?MA!jdypKGeKWcOof8LJ11K`n14y z;%I*V8YTIP8ia=DY04l}-1-HW0=HW2RjzCe3!}g@dH(rvaH6c$oabGjb8y@JmPrtl zj>7XdOOO^W>4lT=3|0`vg3I(K4ExSDYaXEowVj6YZxqc3qB4_@T?tX;tQod`elP|h(NmA7hbZPxXm-PKP zc72FAOt^O=8$1*}$2pcdRI~}}HnNpNMUC+Jv#e^UIJ|4&4_JXXK!2P-%4!rbBXWV0 zE%++yGE9u`PR&l)PHF;i+6W_b^inSOX^igi(o;wFz%X%K+ij51YNxLwJ2Xt3%JQDa z&S^i5*ttE5oxg$x+`RW0r4jqdN}gt=hcsez1~*0PiE@ucqhR7V7>6_bwZ)%PdK4Wv zf}Bx!CgPn=GM68gChvJm*LPF7QRBWIJZVQej_w;M0+~{pnl);~s9>^=eTW*?UMoh^ zsB@53JcbVKhL-o9Q97|lfB28=D@(qJ(l-eF>VNHRTDlH4T_<*%crF^*gVT%D&f$eI zu=d@_j#`J%A-%9Gcmst`i*5>?Rbr+qO`_w^wW^-n-qJ8%>lSsn^22h2GTa+U zZO`xQuwG8uANAq{B(2FHT03>m zzR5ShdD0fA9$T*6ZEDFBHpqziL+JvRWfXglsF%p~M5K!xbG7?4sh~7&Z^s+bm7|ns zn>_Z=J=N&23%EfQGP+Obo>owRJ5@$;SeFpQg=~$HZRN&i_>3qmN|V?{z-h3qCQLCE zEXyR)p5ZDJI+G_cjN;cNtzLoqHF2c#2L7m+F6p5z>=P4Kmyax9KbyqfL_35dx-61Fzo)y+i{nB8wGn8 z=l;L}c~)f>V}fxA4>bvaKWB#L;I0g|h~^G7=)mf3E0Dr{^(@sQj_@WjnQIa>d&=Y)QNfKu~7MCve+6~>EQk-;0{#i;0d7cZj$_SV$} z-5N*XvM|4i*UDq@V#LH3|6!st>ac7A!&-X#M^)AeL&cWD%Uha%HZjfp6tmd)5I@_7 zB3|_vE4GPd=dnDBI*oz*xYa1!Y0@VuUbN*{1yXY&uI#6TL%AhhRP+FuF1JP!*>#)P zH5lw;IQH}V1r}`=hjdPn6SFX3m}g|}FpP_l98>I~v3)?JF1Y~~*mHI{% z3(Spj6OehTL|0=gIdVL~M>s{Jni3rRGKcYSJ(!}tRJQ$GK&Q-v>wD z6nK}){r4t0oHxm7(l&*kJ)0B53 zxZJPw94^LXKECoh(vx=+PfZr?Ru5sm3_I@_NYg7NqD zQYxKlhlB_&iE)?5!hQcPKI~U~iAU!|z1sE-)|T>7UFqui!uh`Y*6n+AZ4CD+>&>SjT|8+1?OQ}ktT)SVrxfWQ?BVGs~sWs3{K~&Z{1`+ zj}R?(d5j^m-DTpblVF6NbGGBiLhF^h0V*w_W(a+i+gI|J^(Z!Dq})o56dm2Ehb-k& zL)oMTa+IzBPu$nC$*Uv9F(@d*lf+&(cWZ&lTOJIESRYu7Lo1DD3iNo;+4s^hec=eBH$== zN#rzT@tyboH+vcTclB7=e9Yg~V`TN{zpG;q&yTq^r-e)>Yke0B9d4xx{BgKZRO;?U z`B;vG$AFXCE6M)fTmI+gLLc!LYiontN>;m6928AT_g6nKzIJ$!RijXBCHcW>T)P8z z*?>ZE*w|U{50=mrjK^_uJZdRTYEiNK7f1USMN5e-Dg*tCWBiL^q@gV;k^aT8{zb7; zw1T}*DE4NTi$%2%{55M;A`bN$7Si5iI`ThX_~X!pB-lFQ?`ub1Q#OX%F)qnfZe68P zsipbIG#WlX09xcAC2U56OGhb9hDx@(jY?51Wss2X@hrO-i_)AMAx%e)AQ6Ldh3roT zY|Rr?>azB8=^ySEydd3Yk;Irof5#O3=d21Z<)r-*PP%7t5|qwKUl%7s#(`{H8&nA5 zOIB?4aH`r`0E)wITbGl3#c8m~)df`}O>ujS;(5~Cx&*SipgjEBsKzR)>w-L78}&D+ zFd)iRW&NjGQCGMea+;LNavx8pvT;F8kRNPN_}XV7-AL}JC{P2y}C;5Ee8KAvZJfSo?-)3ej^nHRJyDd zlRH<#3as`$3_2%t-jEn*%v&uUY!~`7w&~-(9-@Il{2Ecy?3e1Ve$o7vye7YVYecKq z1VP;zF`j#&S}WQ_(i*WATIBnqYsHwDo!rx`gNNW_-#B6)uC(XU{A`vjbyo8#q3XtL(E$s5paB@r_=_CmVMzd81Wm)eY|xGuY8xv z^5IM9a=MGrZzMlSgKc?I>^cb*m_nh;6{dUIAbiwUHyYjB(O$SW;#U_$ zx=>U|y%62(Y>ZK#bgw7vb@)lGNRgaWsk4zxxMZV5EOP9C6pX6w9V*taP7DtwxjzW0 zadVw$NLY^?koF*hk){;$bNW+dQ*U4lRp!W{nucW?^!Qc>B`CN=;kT^`FS+`Ke9Q9& z?4pBC@!T8(hH z|3psCdLDi#T>KJ*Oq>m5{-?#`UP>&5N7Ppz%E(pa#`wb(l&Jqx`N)mT;^hNNYlm{f z+zk{*x*Moy_US-YH|G*<5z*D?Xk@_!Ol~&L&JC9Op>|~#&A!oGFnXMT!9ZDnuwiv_ zgNt6Uq@KoT$YXiy#mEp|gz_8wCs0n=y7l5{^qr^Ii%~ixM&lg1xF0Jjh%_dydOD1F z!ympLQY{JMWC34m3?H1w;+{cA0ee?JE8{I5wpP$cpnt#xUN{t3r08W3btX*CB+w^INpkGe<^!qn`U`lVa6nb7R%3fk6$JG*GUoH;7{#1!>4s>gc5IFo$^& zwR26}{TuwR;w@VU|Eu}m!qp=ou2_($+N6B40c`VE{uCAGfaAdXz#G6upct43w4%dY z_>SPN_P2o-fG2=Oz`Z~dFdpWdKrGM+Pyv@QIg@~sz(+tOKxd5C0ZV{+Kvt9JRg8zg z0>l6U@Y7XM@i}l74tKhRKtcRAK;P%rMa5y@BybK;VUE`UhyvmO4PXIWz#O0uSPyIi z_5d}&=fF3>Md0!cuc){MK?ppH0%Cy_;1V1k3ePRT2w*Ib0o)5*gWf2lN*tgA>_9Hm zU7&XZvw(TP5}+7Z13V2p2W$s+0`CGfz^Bvks|U^k7l9@~fCnK!7a#^02pE7-fD5=A zxEGiUECL<_)&NffTYy)A-N1f;6>Jtg?N%cFmH>HIMRs+wm>gU%1q^~SP!LkKh`}Kt zv_wJaTVAM8Klzz3xT182Sgwp2HD+8gDHjw%d%Z%P^MpdZlPS2-olh&&kN1k~*eoY= z#CGk%J#FIEq0%xi5CS&<)nlSs4G@h4Vt~Pb0Z0T=9;+yRQ#`BmCc7r3D_j%sQz(*M zX&DOFaQraWUoNT(_bJrsw-xF_AhA-R)>J_Ju0rjCdX5SgCIdSmr(kS>9#O1IQjipL zNP>^t+2T~HUHz2m7>AOZk#+bV^`R@Xye)>bOG_K4NFSG`7?tj-cAN{g8{ z-xKp-eqP@Eg`U~7da;CRoJ8FHgq(E8IxBh7F+68rV0f`$yDlX?-PP>;a%`ji-D?+u z(yUK3$IMO~6nikw5wT;%)c3{nAyY`1R(f_WhS7YbIuRhXEsK=uhMBlhe3l$@ian{* z7ei+8t)(ACu|)BaJ9h>F86C&UkBT8dV^W8^6cr1OiGPR@B>sC$VVTW5E?OhUCBb0e zqqQm$UV1JN@%rOpNX5nDqFdRk;WZ@i4g?p#vH{PHzo=E@pAfGHc^h5_J0Ktd7lBK_ zWuOU2d_zB^e{-e!OsL4y2Gr7jP8WClCT_>?V)Lhk&d)HO&*l(bY- zkBZ?J#JiLcB>uNl@%<$J&{aL_E4irUZAOXTCQv<#V>Bf2(p9%^AP?{Wr9e5b9@qx# z0CodaKn-vNI1Zc!&H)#J%fOPYC_E?7OaakAEMNeV02h!0%mtPJ%YkxW{Rup>umyr0 zz;1wU@;w670}^lvxB(~-{9r&0gaMI2G!P5K0fPYzU;r$D9Y_S|E?T;PmTsNR0&;*6 zW5y4kgp+~EBU2_Q6cu}dR6;A=Zrr0)UWM!Q_u+ISDCI!nyC}@>K@CXUFN4(SE8kb~ zQ#;i+ZS2I{(NKg?;Of|&=mU15P8XuF&x3=t02kcr3MhI*i}yMe7&WI|%a zlrAb&t9vY%e_-`pO{?OG5Mwb}odVXm6o_ek*#(*f&{Fgi&{+V5W7hpMJw)%DpXZ*9 ziznvJnvqBHg`NjFeei*Mnb=)5fW-_}#Rk(9m!`g~e6Z?+4jB0q{tQl57{}1|@m}Gq zV2CQRgP0>b{poa3eReu~ZiuQ&tFAMU#xvNvLsUJyci$`PlQ%~mK1e-{V$mfL1s0?4 z0OEcT6=A<(!~yl4#R|nS;8Hp25|(?b0R@(g%YmJ=e7q83K;eU#rv=5a$I$>k0la}M z0FD7JNvVkWO{vHWQF;{`7|a6{t8in%8%jkr&;a0&fIBkVv7OAS!Zz#}MOnz;<9S@G)=__zAcHwEIm|bOQzgHeft319$*<7$^mv0yYCX zfJ)#9a0d7tPO)?J(7B)l5ZTY>6yUY=9WoohhoW z$m2~?dkJa{3ozFF?`^dl3~({6P@INK&0iEoZVITC-eGP8hL$_>sC54S^+~hm&YtmLv$~>AR!y4y zpl9LyhwhsFkm9(kGJ3WrWyXVU*NlZT9#EW=)y6zPqfs)X_()bso;Q;`Qz#C}@{tSm zvuAi_lTAgvtVH6Z8J-!6T3H_OiW^Z3Ps$kX8dK59rs}6;BkZc^Hf>rjoIPXi-1#%v zRJ-b{3cEv9BVeq2EwTPV^rXPK$>{8WD?s8b96JD|iZPek`MB1KICLN7w5WFH2ffF8 zg;k^{s)h(1ah!0+?W&}3g;hK;LiJ0KH%+rxb53)w_L#PAc%{#Cg`)IRQb`fH44MyQadcIjy4(8M zT()_(LfZ!02exyzpKRVHgfhx8$YFP+I;J`1J2pFxIF36mIPA_uXOc6;InL>FraSYU zrA}AE(gYfe9zn<_X`hO35fV{fCyIL0{LIK#BiRAgG`MLhPH>P+>fvxtpoZfiD~9p@k;pN-!h-w;38 z_8?;Qh3%$IWe>M&?JMn@?G^T5htrYlnCU2WJm+}BQRDd7(b*a0d^lkTWrGXd#Wv7) zG_{)JnzNcqnp>I>ZIpJTwzV!>cc1P>-8J1^`i=UZ^-jZDLxVwUe9RbPiZ%@}oi}YW ze_`%y8E?t4EUCu&v&v zw2!jiW1nHqwLffs&EDTp=5;*l_{y=+`I7UH^NjOXXOmM*2v0~#cp~BDgd+(}6v`az z(1K_+&uIp0Gqr_C1gX5>P&Ucb9$FMpLT9^zUBPVDI|1Da3(BE z@Fna?s7q)__=P;jD2X=h+Grv)xtgt-*EG8{)tbY|`Ky|t+FI=iZAaZ`-DA3!bq%@! z`WgC7`ty2)A>5E;C^YOuim8pGjitt?jWx!bM$z<`>7uEfd9?XmbBJY1o?X+KF7A$w$}DC67nlsNBau< z7W+Q?*Y^L~J2{3r+BnrHq*=}>&K&0~=NHbOoyvsBgkcFO3DXmb6HZY?3gv>U*JNq( zH1BCnY5vf()ArGNZQ9A&$F$FAztnco#p=wu3|+2nk#3i+R(DGGo34$%tG>V9sL#=R z^o9EW>Jts~4aJ715w{NvAEQi52EQT5*v*(>oMK#ItVij1!t{;lis@DJQM1vKhO*(a z)LQPfhR17dHe0Ig9-GIu#8zfoV|x-+Sj^VDt&LVCO2@)@?~?e9ws8Ao`yBgX z`!n{V_6GZ8$2`ZUjsebxoc$Bh6CO=in^2LU*rHHSP5DGquNk5>YgZ!QqjWQLPw3v# z-PGyzY5FJiH}zJ-{YZ@nV-I70W4tlhSY)g-N=Bn;wTYPynXa3H%y*f0nV+{@vgoYA z@uT85#(&{OyA)#^VVh;^VDIBda?C+Z-Ge6R7#g8^$7x4{MI}iS{||JE%2( zXm4ou>psx^tgFz!r~e4;tM`h2h(Tv?8QK_K#u8&Y(|x98XpByqCYz_2zcUM#D9f9c z7i@1Liw@dO+Z6WB_MY}Z_Ve~GXxYairEWTUJJ%*WmGD-=PYH@@tYje^`!q*2N^Oev ze(mepPP(DG@w!A*(e3c^eSNZ_$CF>^Z3Up!m9{N70uHIkuSM+AX zV#9NW7tu<`8Alq+jOE6y#vhEm5v&8I?&f-PPfNUIx>-!p!RBJ+XiD6(KBD$#Xwn&m;uGRt<$m*{YZ!TbBH z71o2+Pp#*zzgcfthsHObC!9bd6jve7je93?rq7nlv+NvG*|{AhGo`^ z)`IvY@rCir<4faL#h0W1-i=m#zKz+cZ8vP=94<$?Bg-+x@uS1(T;yEoEXS~-cf!1c zgS^L3Dz+nb2Q;m;A=(%e!-LwxTD$JBuDxNNq0F$+@R8w9L%eaXvB>1I3`)0TS*D;D zn`LpMMb5K$ECuLj3oXkLpjGJC)>+nDHd?k=wpq5bh&)wyo5||3PPVN=19r{U#y-%V zXkX=M?d;&}f();8RynJkHO|8r>Kt<(M*}jH(p#-mRDsN3t7ogatNLq)YFXPks(#)+ z`hof_`faEgJM=sC5r$te>gsJAXdI5h@T_sHX(CeY6||;dXh(}JpIJVOSK1r7Ucwk_qH~6GnX|&V-}$+-Pl7375-P+TG?dHHi}%@P4}zrexyq!8ZWak8;#agV;57V>0#6FsFC^RVzbZug!vis z^X3EQUKYD09f|TL%Hz+LaBF|-V5<*(*88ZZjn?bdl=w%GYfr?#9)BF;t+X+Q%u zRJ#!U(`xOj+E29g+P=CGI+w0kSE*~%y|4dHe?k8{O6J{$=_sA0D4jZEEn1aMrb(uE z5%~7zI1Hm+Fn?p#TV_~VS);9^t=ZNE)*@@EH8eik8($W`H@>IMVw-7OZHqu}qjrQj zA|26=#g0P9en*`16^uyy2;@Bp^Ao%YwUn2MO5Vh^)6UTT2bJbC?J4a>4E0*;2kXb9 zqLk`CL`F_9FjSV842KOz4JQmYjFG0jXjFef7ckWPsO3e=yOvHEDtQlD>#eQhhoN~p zW-GIo+xOb1Iv#bDIL@Ha-|hU&IRG7ae!`lBo#e4gNedbZm8PF&kS2jQa?3Fa-GRJ3 zsrgo;(hf#Ze^mQC8oHmgoiUi6jWOtZ7?+6p2>l>^f_}07C4G(lgnpP|jbXRpx}lrb zINRtm9x$FXZbTC8vZ$>l>ox1E@m*~@Y#-Xx_TKjXDBV8$A#{uL(IqxG&Z8evI1!2* zB_F^?puKfz=4#3`n=ztj&|J_|X+K1%YJ<_4Rp-?&*ZcHO=$}C$e_8*Aez(3-U!|`` zAP(!jNEh$#hB2m@rc36_<|gwEv%;dX1Y1HZTP+`29wg2J>auzzbIc*8E z6W&btIN=903^yqi^W-uXu8GnN_G(fzspu;fYyQ-vX&=|VtNjH7->tf1|EG~NkB*{B z+jx_-5HREmkbww60t8G*z*|-K)~&jAt12uqz(l}-VP7JPf)R-lAR^E#L689glF(t3 z2vI?T1Y|TQ196P30i!HI775!Y`v68jj4)3(!+89T^BwZWsm4hb*4Y9kJP8YxgXFc@CE!Nzr?TOBGwz##&G11 z9i}7R6<%vC99lKT!jtgei|qCGDfsX1&J5=x=aS=V>9%#>K%cI2cf;(Kqf3vvC){e+ zGp&Xv3vbp#-oyag2hVYWyofGHRI}B?Y7MQ0))8LQhw=5PmV}$Q5^t-CuIat>H0W$! zjEn8Yek0UO#8b_&!VrG3Nqiwrh}u@X)fZW<+&T*xt>c5&nkW~@lkz7S1@F-d^P;;m z6s}@TKrj|Q(9xD;IC+VDf_QM3NM($Yi>ULNa#4v?#~`PDjJK1Zozaf4rTTGQA}IR! zcRb&yz_<)Eo12EY!Yno0h`~rH!*CjfvPf=`#d4c0k-k#7Tb3aw9+F2fuqx#_c|l&0 z*JYKwgG2M!UOUVVx0CJX?QC>JBnKlTC}j}ED&yBKQA^<$8fP(B2T_#Q9e5r$z5$Dmkc95rqlUbBhG%)Thv3Uh_^ z1KgY@had>QE|;LKOK^cV;9WM^_w63ed}lF~rOfGa#kuJ?aG2ZNf8fslHZITdSm=4{k<{1 zE2zSFBgr5J#ru;+GSW~NBgGhiA$Hi%#WRRw=i###;4A4oB>rD!m0C@|}4Z`t2zP?8N`~tLfT&8qN~+C3-Oe%^VE!g*=Dn@fALv z&kOikUdW3O$M+jQ8&8=N%#G&HVvJMhcq(gn0(3V5iRq+zka}4d3ulomibb;+@P;@R z&ypBn6d75vWY&pwVQskvi{Qb8&M;mzrW$_ZNsC*JY6 zePkq=ORkazu-)wuR`)Bz0W^x#61B571p2!{>kJxj49V~cZKe0u&+7HK%m2osjL}F* z_syq}nOBJtaT>9pDH2nEi_0;xmQ4`e58KC_+fFODjXTqw>uzz61oR9~n=Qmk7^xc+ zGv9lpm>g5$Vc}Ndj+P_BJ*FjV1GJ&Iqu*;99Y`0`gAjiW;bc8K%MxHRWBG!e zkt#kCk6LL+WP7dC)>4^gudws&0(-4pXcyUA>|%SHT>^@*`!^Cw3umhv_;`10NN|dm zA|;oRa&U!!dR4-NUx0v&hsf4asrHk$m6p+ujRQsl1m890akDKj&GI0ose|zoArs_? z-w}bLofs$9iF4weB!@WE@fl8~a~?ChrmMID@ok_x%pL8fyA#o7vmh9iZZIj4kf0fg zBa%D^7yKq!3c)x@LY3wUQ${F0#jhMts+4fGg-Q`$QW5mtR(GgJ)yCQjIKg6g$V;@E zHf2+hU%Yyl9?1DANT^%ijR9v02||wnWUM+#%~B6)r?f8AVj~a{>gcxKRqqb9AD|CK zUfZpg>E-$%J(|zuam2I%U=~A%!bMAwBBXWSnhyZcjVz!Ny0AlQBWvrat1%Df?zoswK zKh`VJ8RHQ0R~efS^nWxafI+pfH^T+*0a7{Pv~jn(djo}<8WJ37@r02kYIC)%Pu0|y z&>0nKYppHv#dJEK<{_|0vR3RRWQ;TLzti=%f7KxsMn@1wpV)!^2(emP?X98K6l*z* zxFREL7BnZlFe4^8ucPUkxX-%J2XB0#`zfNqSFR^LB&a_PNCNS3NNh$hBW@#m;a>Mul1flyhAM$S zJE>iezj~^@RsXe-xJk>@YoLh7F<@KJ_Vi8a(VHQAB_emdsb5BIt>mBa-3U+*JX9TH z3drnLsBUXm^8My5bD;PuvinwR7ZU0<>yGuK++(+NMmx>nx{KW}Acfa4=+O*d$0HR= z9lDMkXZK)OHNB(W-G{sUI_`4?t}%qy;t~80JchUAZMeb>2v=wRH1Ev^@?jt>>EM-9 z`7F$W#e5mE!dkwOe}vL6<@@;8{2N{gUvQ280FM-E)G_KA(MB_)wb2%H$}&0_U5%bb zUt@?d5+Q7yF$orCj*)HXON^CBUh9p`;LRn*F6hN!!2Z)1OIy0^Z6#xwZWi~YP2{Tol*EZE+9LCOjB!Vy!rMsw9iR znHrWv(CK9ju%5L>S!1mUsLd>E4x-{hD+jb|H@xa0V6F@3^=hl8jFgRKoNOlz*+Hhr zJ~9^zX_qW>brzk)^n z4~Kd!Un93GTH!2i_^m+KW7QhsIfs|#B+!u-Tzne3VLF*j77#xvAn%h+@O-<-e)zr% zAcd_JQ<+X z{e=u9V@NJ6G(+AU0|GQvy`(LnKS0Hs!|A=j7PFr{90ZPt z4{T0%?db(#QuT#19e z&l=$EW`Zg&0xY_wf3Ju0NFK$b(V|aajUZuFlZ;vDo%4q8N01c93P~8CO!%t_#|dYLBo-*)Q7Z$O)PDWL#N& z=g(kq8vr17V(N~ADe;s)7+f{Tqlj2(WGcxad1Qr;D<_m#9R5BenN#X= z?OVjFZgep0RxYi;jwBh}v>#i>>f+j-(KqVvVdr#_*D@Z1SdEGdMpH=7t7d2M0;uv;D-LD(HTt#)XMrD8YEr5rkS6iKgAoP)Qx zf)1(@cSN=DSY9g(niXk9fgr_L|5vw?txi@KD+SB3-c~>GrBndvQPzv-x(q85#D3aC zCG!QPY=xDNrOsLywIVAIT9q#g7Y8tr2L!ufuw zyiN~GFAJc2p1sh{ffD|Hllnjz{jsT_Z}?`)pi}h_F9{>zB$7mtMaYh`m8S3}6Seu8 z9}?FMWN9)mP7M(KWRy=j8?DdA((ZHpw0<9S*y8;$_;SJZzvBPob&W)fvggrtYY+&GN9~B9rFPdy5RypH=0;r zOH5?}yg3n*bS3a%Z8O;%1MW1}+yHanyNVS^oX7wI+kwgU1h`^9YqYfltC$jq*hRRi zM8M>}Fpqm>qTK^)x@-1b(EiTOm&mR6od0nj$BHS<{m{J`c%#X9-WD%i;rAng*=H0o zs~@@hXW*cA@Hf5HH?Z3M3VWqn2qo=&+F)%Qc-dRphdAbMwJLO047R-%?LeQ$`s`!G z!#->rKzs+J@AZ0#zEl4iIi&@h$6#L0cNwj)2VDiD(+ImhpV*GFzbm3G-I|39*okH1 zw>a4_=vca(Eo1B!h=@b%q0Vb?V$IzI*VoRahzKs0ja}Vm(0^G0=+QIOgAb2+5=lpl z!vk27MJu*43{-6^P~SxmgjVosPr;#0L9WZdR%0$UKg*Eo0)y~|b{mO2l-8m3Xf$m` zTVo|jsl+xg1)}jReGZ6W0xoSK&8I~^x)mYtCe|VMaHVxvJ%r$9tTk(k_-kPe@h8@c z4PnFCXq>?mtR!+-0sCKeh23O#m2ou{ec51s#-Pthqp48A_>Az>7l_VUh|>KMWF7UX`!AJ{CFDR&m8Q&a!3&=#x}47 z<+ocY!)oIY;PDBiQaPto!qH#Qu4umND7iZ@_a5q{VKkD)( zDymSZ)gbJ@huNfHm)ILqd=Ps$KYsDS`GIEuD?@`Lb{fmVc6=U+JBQ`56)YbmzBU*+ zi`Ctg=C;RQ^JVW{JT}wwU)R?+ A!2kdN diff --git a/bin/libeay32.dll b/bin/libeay32.dll new file mode 100644 index 0000000000000000000000000000000000000000..147e34768f0433783f2bcfc37ab7c46045da5cb7 GIT binary patch literal 1151488 zcmeFa3wTu3xi>z^p1?o`W-t>Sbb!%}HcD!v6E#ZEiG(DD2!jceC^68M+96FVYT~6u zBpt9bZl_n<>S^ndVo!To+pj%Z8e3~K2_(oJDHpX~db1m-T)dEg%6z}yyY`+;0%+~| zp7Vdc|MS_Bz4yAj_w}xKy=(2+*WLIvn`X1w?D&^X+iYF9^1qP$eg8j$s2)G%H{)$j zj@fcvfBu$s|0h4~zpdl*{w1IHSIw>Wf9{sW zpT2n9xUm5fbm#qZ=Bz*9pJe^p@YH*g`tiKssr01Ha_ye9Rjw&1_j(S<^ZEnlP70%Z zP2RytU)txN)b)*bC#{oq@5r_58zwwwPm z#}~@ol%?_9;9Iui#k(c=)7tp^I<(blWXxNZxIbf$e*^9zChuwJ806|NS43Kx3+pT)dQvdk5~2WR(<)1dY7tiu<9#D)Vo!EnN=SeQ9nV|d#w7Z z5%p)N`nOAVKWWv6N7NUp`UkE0h7t8=s`_@TzG+1LS*pIl zs&5`q?^X3>R{f$8^%GUS$EsgEyuNKm&2fWt5)-gs362oILQ269}3IA&N*E%+FiSYwe z$JY7vJ|!3vCI^aRRl0q2Y(si#zdjh7?kD}OmEWSFT>`?ROFQ!2t&@OY5g@F#qdK;Z zBD*VW%qh$RO#8IKdp;X!Okc)2<2PsK+4RHkJ*$qk`_kiMSKIC_Xti0jPfHKyf!yHH z=46gqQ|rPjZJSym*_j0qDny* z%b=4UCo0P7y(!VtaY7pRl36$)iN~-*yR>57|Up@uAg_dbRijrc_wNg z*pBlWjbn(Eqxn{=Rt4d$>&U$~*u5~renHfgX(a4}jYzA_H2d4#?BLK3H^xq+I||Iw zpPeD4$))K7F6c`J$Wv10w4_=Pos+>62&y2#Q`%Twt&*ESA8?GBRyy2QKZV;}z<09h=6QDA7 zf;4>5JsG)IwtgB`@DCsqD`@F$j2IVx-7ZqML+X>Fe;m=a+iDAo#y}uU<8eSY2SUgA zMk6VM+^+YbNv!X}g(JMt=FKGBx$5ZMWwGfTnYQ-oh!K4^orafzT}*>V^YC9-ZVK5X zVwAtbdQVG6Q)gJs=psF0JuSV_l^7V&dc=)l<;FKK2o*l}rO#m~PQ*}i&>gy`4&Lt^ zeW@cE${D+3PRE-IU2A(X?uAxsh%f#nr`5bxnkEqY`Ia1Gw$Lw!R{U{8Z z6Neh8=A_gyDt$iZp!BOls+PNSUBJM$S# z*C%GayZSKhB8`~hSG|VXOz4BL{usn;1}AIS3PAxcZ2DU??a$*A1D$l?TepIvLK}hs zeQ=c-=_F?khFfj;Uv6W%@Le=u$4AjIUDyBt#0J0MTJ?22>K%ifC%CeAefdjxtd6~Q zBGECJtj;y|U6F6o*CnqToEHfLN@C_)7NGV8`piN7y0=2HS5G8n4(>35&qcdH?!225 zp2~FL(}cgyF|hZX?t#6@Pyb_Ki+&YQyO#<(e++CQaQTG+8IqIrRsm ze{i#Lvt89HL$}NH=%i$^e}tr1%gDrsHnK?M=qy6Y2D-?&WhM z(d`fed|4s#Cb;T{2_k_3fvbc1$Pu038c7#A&;}PfE-gdkd~%4KR(EtS;1LG;rV9t5 z#-WB+4mI4oIm4l8{}`}N>tECW5aTzXvGvS!;bx%2C~wu$gr*VZyacT(w`BX}`JzV-HHm2c7J?9R{Gn=Ih|dkeN`SALV$a6 zAG7`F)dBFC)uPyXbP5tmL2BLdSZY0bCTXY=8}VoMrnai(FIq8 zfMogTN23r=e6-%b@TLVaXZ)YRPfh=~@OPXEqn4SISK~E|DKLU*n)BVN^u2i!fv%=i zP(D7&#|J*gQ7DbAwg@@(;ugZ7XA9%h%mBZU z4<0@kDKV{460*EVLS}^iJj-!dNZ((AV!!&<q^BAEE`!}hdx;)T|TmS-^GZassg34 zSMRNLt=a`hbUXpZeEoPZUPBy55&Q-Z5wIPBNTP3K5SAL39fyDqgN#*2JI-x1st42Q z5e)XeNiseAEf^{kqS}FnvP88Lmy*QQiE8`NRBpQ`S?vxR8(s%7(hLGWV5V}a-K#_BI4!Rne>=29 zwHN;ntzp^GR8BimAnC%tN(f_5RQnT=z=84o)qWtg^;g5BO*I>BfW5jFodCMOx|kKv zuQ!RAeO}o3xncq(qY~A{>5vy|N-|{p%^}>OqCl@LhFZ1s$Gu@=vM^^KA*zSo5RHmC ze4s6~oq1uu_5U{|1I={uMNTE;eZh6unAAjVjparm&9v}%~!aW=TMhocSD_pbe7wJ>CR@aTcOXVA|Uoto8q zl<{BE+l>`A%)2+(&A*#BEBr?<%7+#%BLO4iu?)RHvmczr1~u20M*(I!uk#i(%wHQ4~9$G`5N3 zV7)3e#rw4fFS5D6h<_mn>SwrG{;-Q16~=uR!v8DR-Z3sVo#Pumo~zdp;(za;;K~S& zOIz4S*k}+oGIA?qp)!Sy2D><5^CQLf3jiA-w(qlOxY+I|%8b}bO{nVxswuX}hymY- zF01KxFpv@KaawZrBW3`xHeAIrKu;;WmUCWoJKS&B*r{RGLMW$(XCX(pH@X3nO~i0K zWw-51pl@_C{eEW7I!s?EXv9*1Xvos&>B7b%07^%h$5zBHt`l|VhmG6vqz*&Go4$+^ zH?q^OftQWzQEN)u|KX(VB`GIKJ6DySa=xk# zK%ObYYn11YPqyDa@s6jk-$}yXsqFWge>t5z?*_0D^1PWv!{u2|lqbnEDNs)%Pd}l2 zJ2PkbjD?s(7}fe<6xi7?r>U zkBT^xv8qqSsvbmyY@Mif_g8y?3*n{sWuxZ=VKFvBaOxRSsVomx!QKCh?roOL6eGt@ znJTry4r@Bx+{IYexZ}KhTYd0F5YR^G^cyT1uG4#oGow>0f_O@xnmQffBCb`S_ZnB7Z` zn#2rIlCmgK>(ke!aDJo;Y*sw}msdn{4oh>f<7ANo=xF=&MtwQ5R#07y7aLuox=+2M zRA;hsmO1RuN`pEh#y9CN*2&Hn2E4@MTrBP55xp#VcDdnijR@!&+AnaTs9yhGz=tdL zr=Je^ag%5cIQ7vivJCp@L|Ms*oL*c&^h;nseq+~(reuWs$Qt-A}QT}}A=n-%yI zJC^5~+0z?|c5njw8cJGo5tr7%8SCSIjC5P{POCycQi-~;2`M%%5_fH#J6XL5Hj1fi zypcOrQX7{_NpyQ97YSb(fW9wd6QdWmkX3&kpQzdXyk_$*iyiLw*o{3{R71C14dWO~ zFLKiMeQQR`xSHRH7S3SWcmi#7gRNfg&=%gr!#SS%Nc8&_(V#dlQEn`Q!%lbDjrKPn zbflC$t6p4wO>{NQ&HjCoA*_du$Kd$Q^9Suya9rfY9+(m~`j3chPdmJf1>-@3%?N@9;MX^xE8S(O9&$wH&x15d zB$rY z1j44Y?C?rptYb7NXKf_beNPVy26w^SFDX=39|>4V0B7Z`1~&d$JIZGJXhej*t@=E`ZF>i@uPlt!!+{@5eosu_YUemjUlIw= zhk(k`&%xX<^u5?2!M1~OCWa=g!wDTcqIA$MfulX61Jb~0p`QJn2$kN<%h<1LN=?>C#)61`l4x&xc&P20iy8EDRDvP@%XM@l5as-X&mjiAR z_9w(@2Vk}7Ea;<*Pl=nwUeWS%q2Ni;TqZBXrYl=N3kmjKBof3?#s$4JPyyWVHQoLM zmD8JQo8W<@vqD;IG`K@weG(2YNVQP6zKXtKA3i zx6EoM{5ekI?{x61tbQK=-)FTG_|B8yGac@TU1RI`i1DWb7>}bNNniA)tig6O23zDK zrn_3$iyh1>j6O8Q7O9s3s(sp<_ZDKe;R>VlA0lV^FL?Xq2jEG(^(Zfwa;G?ZIGo<- zXGVY@xM0W|W={r?ZzTGXHC{OX2ag)FUJ%!Mob1F6Wf$FW?_!7PWDZTMlzL^tx<5^tVql6T?jV=znd7%i9CYCe7O3eEoh#o z;d(eAV?9yB&CC*#ny7Iak30|9?TD)Gup8glPw9B3RXgrI7ve&R4N`>Pg}koiJ`UfR0H|z zdEmf0Iw$-m<0Trpbc~xQF9uwkcat{QokzVod{te*^@&769pj7*kSPZkTzIdXW@wC- zW{{CnSc37y-ptBV;;Gx=S}9g9=D*rVl3y)hYI_7| z#u|Gu=3!R{kaiSMcd7BKpJ<8B%z&W)t^rQYvgr%D|r)g@Q!EuLwsGJ(#t!q{&9bzR{Rik%m1h!2bJvU8a?yko`HkEd)g3-&AUF)5C|md0)E6MKI2C)7zkbKcg6V*8&*14 zYt#k2{Nu;A;#m+Nd^7?Sce3+Aq}isgnPRiu`6=~~nBf8Up4!9=jwN?uhO=w^6F>O+ zz(H+y>Uh51lQO1gJ&75Pu0%W@SEYIS#?-zk+D1L~@b4>taUiXyQm@*l;!p0>!^xWU z3lqVXM7@1M@4}W~cjn~)%1aJld%Ax5lb>9aocqSWz8%N)H&O?uXm3D}?xgdM)Sq&v z9*Z5yU6Q^9R7<;oL)y!kW=TCzfbuD;4$K?ampYzj(zh^a4?P_Fv!?Z=21!D!`wW|H zN%yZ1Rk66U?^j<+r*T%^BMp!pFp1(RA8N0&@A>>3Ti5SKefG+v^H*TWM(8emf9mxq z+J1fglI~w#m1~Q2YZ)X1d$q$|Fa7zqzfR7{S@P_oF80uNq>g*^7g7hNXfNo!L+AzR zQ;@lB>IUsd*Tm@?&Q3blLj6SIuq9Qk#TCP>UtZ5t6B6FG7({8m?M#Rxb1t5=@jo@5R=wz2`7;_V((+6PaD9fA zp4pMw(KRfMS5>jiiQwzWxjANj;QrAyT*^;9*5O%AH0kaA+=jC)yh#i(T7`#n;U5%P z2>@xICS|S2n>fbH3V+42E7BLaR(=n?k~JDKEo^NqEzeB{Gh8L6nkWFg-^Nq4wDtR| zu1HsWto@3L=JuezW$M=ZN5$=z@W4oS$6Lwk(#czM?yt;Aew@!oZ(jYqyZOdZ&ZCdu z8n4VfaN$W^?nx)_%(=fNCwZ^g?nxEbcq3c?# zOSI8(Svb90NTn*UodgkV7n+p{7W9TKy@ddWIfpGLFlFS+8PjBCNjTX_NkbIx5}yWN z)3;&<#j0be-IB-31*Tph2@5LqX-pHbWaa~7DxPsv#%@Cj0^MxAtRoFmMNv*$bnClejqdowN<9^O)fMZVpzWR2 zaoDxCH^MDR4^F`1uqqgU=EudluhDv2e!#v9dRyWGWW<1>Jvt-$?M;ozFM6x{s;*A2 zh@B|E?Cgm}%B zxSSEMxeAwpc+E6iJn@TjH}^qBtceIcp~;dW|EXDtqdu`ZqJH;H0C$YSp#! zw`f9%y7d|G^@Gzk+^(fD`}C)bNjWn-3CwY`n<7|eFHY8bW9iWCMM?XWvBA*o=QJkm zW9NsBMPp@z=6ta!vykq6CIp~Uk3>|9tI?u0Cpp6#t~VB;qBVqjXh=Ia^@Jrkzd#A- z1F3_fU@T`u=GPl#Xq$R%6lYPi#F~9VBRb9xC%)KZ>>ndohfoS<>Q7e#IvV$(1uT(= z*UAHMi1jF}Ltz+&4f9R^^>Iw< zOI>Sgb6jh^sXsaLpT~V}>Q8RD(Ohez_SB!e@{q^seW)JAYTk@y6>r7_cNgsm!ZOfA z+o?4GO>-dRTHEAE^=Q(0tOYVZIA8%BSM){@=hoQgZOoKqi8dVQSsQhx`bG=X@fIFe z@VJF(0svPPod_-qw6Whiz~M%uQ!Yr(NcHDicnSmyT6^@DgD(`l5_~~>Nox+Y0ZCn| zw*W*J0v94A#nYJ--a~agc$tfYrwVk zE`O>oKmQn7oX0-ADPkYqoDWSR-V445NxVn)*@vtY;mw6;1924V zF9cr}abQ$vFQs~^<6@EbMeIX$PGz5c`qtpKqD{fA8Ui_Vtk5=s^O96*G%ThKtv(8X z!u7@MNA^F)e!RH^awtRVQme_O`YTqWAmr-9Agu_#R0MrkT`mj00`>UN(W|`-zuKnn zPW9#ocNOgn?t&P_vi3kKWg>vf0WH;2Aoo`g#4$*u6f-k~P_zA^lCn={q6R zW>5zARFOZRZ!OwVv?qTfr0wbKm4?r!dh?3j%zvY^PaZMXXa`g4$LPEA_dr0+MLSi6 zzNKhe{tkfk0^=L0zHvocK~giC?Jn9W6}8E)3WSYti_NK&mVX2)tkCxq?I70tjh!i} zt_zfO_MaMav33wBD-?Es1C;MUF*Yf$JWjxqYS;FhdHkG_X2=LdJ{8?%bN+P>6!S8!Kn zk94LJ2Ry1W8=~)25aDc21u-xZVr>>gP*@VtE zFHJ0}(YsVTrf*91yMlXy+cGrQX>TOIDJ@AgT9rZ4QPMF+-xAy=Mdh9S3T>(mdFxl5bdOR%I+F(OJAVQ^Q`FJe5E z!|jzZK-`J#OqA7f5TYzxpA{c2#=Mw=3DUJz&GQl;a-P?$*_*K;!VkMd8WJBe!{Q>P58cay_ zPXL=$Aju6V+6kHC&j2*UQYs3P2$E6IMo_;|+XR2M2wnW>f*JbY*59QxqAE=FB6vJy z6sf&p#ZaB8|K(ctHoTo55K4t>FSv&9@&Lp{^dF;c8B?0Kj4F8xE;ea9i#Ed9uD_`7 z%Qe~-P~a08Oj0rs+9k52f#gs2KD1(q#wHi0 z)*~Da7gJ``zC@k8k*ITraC@K#QwC%GYu;Y1xaRFOifi|f+&fcWnQ`}jKwCS& ztq$`EZY$adMbsihrDV@_Jo$0(=hlvZE07G-2=x&Ne)9auM^O>N6u%Wgl6Ha}8LNbz z2z8^v!*F8^5N$#Q23BWk-i<96P*mCu1O+|gfr{e=R`-+swfj&}jOl!1s?VdnVd1#R z{juGsU>GqRN4=*i7ZnvJ;plvA^i zU(rh|9>K+z$L)Fx?aNQX@Ve*5nW$Kl{K@mVw|wR#JbC;6@}HbV9o*g7bM2MK(+KNJVHOB@?bJnQs`Kcr zUq(v=X9y%k52A(hKJop}q1dZnyA^DH2@|IA}tiDW_k&uuTy zMoWpxvmh^;{aaduNp%+FrBDC<8B}0ol4e5Q4MXYaTmIc*K=x%pKK_x_`_Zy^1kI~T z5B&kf>DIS#g^O_!6yyGMbwi7{bFi=07GUJ zyn|TFchVQlKn1*Js(&otZ$%GG2A!!N6+QS_SUOMdgW z&+WNL+eeY5))#6A^0&aXs)4sD)khp}LzG)OQivpw3zWG-#aG zIla`Pwn5*AzgR19C9s$)folOrBZ)n1 zJ@D+?48Ml02mS-i%=N%Ic#+Xs4{XC3&6Cyx_nX~^uLqiu@AaKN-}@3end^bGPq`j= z8V#@>I7j7s&sO=~i7MagRr%htRK6F9Ugmp|_GP};W955$ht>nl2qA4oDpJioz(O0s+s2!)W zz}JpP%9s0(DWrl0IBq2$JV6q}=zj*X!Ub7bVI@oc{g>l^PbNR?HS@#X#B7f~yV=YS z`%aY~4!tFjc+MA_hl26p`QgcE!T8^ol^^zH^218fHi7a_#Q#3#hntO!Z@y3bFZtn{ z(E_o5Q@!qaQnH+lB4khCrK{k~*e46x66| z?W`OO`eN5whK?p}v#=%++Gc6^VKbwmS6R{4RNrKxB*}V{!^*Xx zLtCY5?YuMyM|N`zLH`-qOexQlA!N-i$lsAhCINV=5MYq}od|t!74nfhX-f4^hG10c zh%|k86hx4}11Lfg!)#(kadL1gF#xTIC~D@$gfuEz$oGP1zO>p_iMAOABv8&~0b(0t zH8flCnXv&;GaP3yo>~t^lHZmbm=b|&?XB6edJWm^5pahW2qQ;89+#aJpb0ZT6llCw zqz=6>SRaPs?rao)XK+r2GTbJ2ZVHayuyd=^bW3q_l#UZwj6%$pmN zj}R9m$v_1BK!#k64HmU*1A}~onsmbsD%k}Xdnd+GZM26s}TW1h93T#!@{rcg4mlC;5x`43WGJr zc+~VA8xf5Bx0LOMjUrPX+(Zo`ttnmww(B>&$G>V#GA1~+-l|Yszi*AXHcI&1nqv*DY9swo|W2?>bHGX5XN>Jp3}pA2k~ z6J_H@RfBdMf6L%=eYh5zNCy%|w~%UwyE1J*{`#Oxt~3x=lUnXR;TFqNZllq=)R}EI!p*dc-_oeLzH!BHW6mBML@;WJPzr{iE= z0`voJxe1fqJ;VrWFm+X??M8tQeJZFeQ86+hssk8Ce6Qr#K(7i6XzhjFEW$OQk*yFN zApI)>aIC?J4>DIdc=WA9L(dSta;)7c5azk4;cen7*%kdfS^X$SZX#3m^yIjdXjEMl zOt6`>(jryAs;qvLXdUt48p1!S2)$~x-K1LaNWO><3BnAWG&sMBk1{GlCqMd^bwF!^Ta zq+BY9OUa~I+kFX*n!KqglxhbqUsfN=BxK?$LGu9mBI`-Lkv`gq=nZ2kgGUD75S~(P zCps1@egpvqFB_9L+DH{}a65)_=gy94D?ZU#3Ef7p4VFW`+K_I@*k%bHExg=~!EOtw z+l?VrDw@Ut1Jg2zhU}NCfmo)t$WQdiVVGnnO>#=jnHE-#M8Gak>;Xd+$~xOHqG6#Z@IfQiD3m=X{RkMW zNcH8RN7h~-IFqfwrsP-t`1Cnng(Iy1XH_`D5CR;g%^@LN1NyFf9I${B4`K5XOY}VK zV8SV&GY3JM_9qK`))lmmhnPw+{A&;$r!{RlQPx1oCz-~a*-SA@a3MTF@^ z{5X73r60lH3czT_6{*rZ2%-vmnG$0a?Ew(Pvk0qM3VnkglM}Ij^r3t5;2IK0rBG=z zKs1np9oP}w$-QC-D~cxm&VC93cVTTC{+4N6g2QUjL89KRfK{s>5l-kz`tpF^Q?$$E zp$R;A;3Y;-P=#LPrA{dDVG9;e6en)sq_${}$%7j_)LPxai%D36^i-0>Or-ioMJ0aG zgI~6csfj4)MJ7C(h9=;q1Z#0EHff;ry$TLyJxVjfg$G=CGc<@lccW(r5JU$8!K48b z2Kr(nmMmqs@REz+nxJ@@?+D;pDiHV!%oMB-R1DKZ6`GV~G*Kd&@M!co(1gZd0=-Ja z2Fa9A9}sg2WOyh64}syDXaHDRb8&_O1nEPXC>@~*`hpRfpd6_K>atA9QAw~&Gyz`) zaK#x-&;=9^*97HgX+l{;i4cxcF|=znMEsq7v_kSi|08}q8pMtemWsHPL&?RsmcnI` zBb4YbK!D29{XAY_>Y{VK3~7#ya#JG!7^WwZ2!K(M%$67iFn-1qMQsR2WDw-<*A9V! zDjZ4*Y5VZE7@Sw2e;vudITWDWiEbQTbvy_HEPhls0DKtp7h{4q@t5kw`G>d3AwVUc zAx+Q>q8A=WP#iQDy+lVuKTxX=Xx#n|0~Xx_KvX3kkzr}kT>^3MLC$fUKUdjL3o%*E8)Nw{? z(iyH$W@Ys67<|CcV9pP?qm}`wlh^x)!# zIN;7yYpPaF5N$HKFo5PBBbp_D!Y*J{mKGFpg+#$VOp+c&S(BQ>J5vIj#bA&oWX;Ah zQ=&aK>GH?{uz5k#`pKPr(q*f(CPiULjjegot{FYxvq&Ms$-c=M1U|Ta!mmY38aqjs zGZwg#Ch%P%);koHWcrp!PtM`R#6jplr!lan_h?361nA&^;Y_AiK;}k{WRAm9jzj$O z0YaI~;+%-V4;GP}pG!0S%A}t)`s&b!UVyX~XZj82tr)yn(*h?q_90IC03ME_WXkm& z*dzeuAQ74Y#xU%wB7?OYPi4%=;OaqNzrsbrx4}PEVGwgoUkC6_87B9OhZ8N=akQfW zV}&L(qMZF4k0|$XL}ESbS7Xr(#VwAph?X-XAy9`13f(Cc^zQ5tO>@*?q(jgRh!tuz z1V;$?+u&8Lp+~>Mhz~Z>1ja%l9YO%%Zs4ynxx@;MF#$NN({}`4Q9b-1HjGAr;DBjb zZ_;wPR^1Z6`BUF9<*)(6nb$?UC7ZXwi0(a6emd5 z=QwnCPSgo~M{}Co_kB*UjW4a`|{oDyv!n=mwD z^2KHri4!u3frOCm_kw8V%cEw#++=EuRXW7e$Ra+&Q&tc)gN0M&%gKo3%Pm=%`SOft zxP2kc*b<&F!hAW`flRPrZduGYgfll!wlG4<&X*H~p0?C(C0u7vA zhypXHDICt(2x5v<63EP#e|U9dG+rm_U_hA3mxp0vi-+aQqnu_l+A#Cw8FGW1aZ7fZf83K>GWFaXJyTY@w9eKH`a8!;A3HyN&KMMj)< z@gn0X^X1WhDqr59^5tBSE`|wly3Wd%n^|23sVZOo;q{Oi7R<3?qE|9$fGpiZ`EvKL zeEEk*k`c>d*l1S1+->E{ajHr7MpVB1!z0LW!9~Kbe0d0?qbZXwFJ>sHScHKgb)3nU zBlyYAmxr?QRdW~+>bWBF;xrcXg74vPfC2A2`fdSGI%FInxc@3Mb57Zq zIWpW;SebL_g50?hb+d|mxmH_@R^e0U&h?$r%WJXLgg0#9^;H6$Vlwl2#As#Dr3Vt{ z3Qv{Fze4OLN!IF(xnV0WU50x<+Dlh6e-1{q-Lh6OljxZ>8PAT(!o+E23H+L} zQ$MMP^Oc_96F4&)0H*yh4{Y*U0zd)5hPOwURR?e8suiO)lRZ|06zWEES0go_SgpZD3%NmyBG!pE8otz zQh@@TQ|8-u^Z^QU_F?4Pk4UDGd2hh5GVUfVuy7fVKCH%>t!BQwLNc7pxJ#PUyQ2qE zHZ$*;Ot0kJGr3~1*v06}q#(02X3m{308}Lw1y1d-j4u;2KFRZjk?X3(6Vpi^ZL75P zfqmqBF+wrpf_ku|SShmd?mVNM%?UYxT1W}@56}lUb?^chPFPn)s+EQ^!!Ox9cU;1SB)NJL^2F_ZCilj@8##Ai^V%=mh7Rk?TOdKLWw11~#~qYN)h zuw?UM@}VTjO>XLj+4n511V-=@uxLPMG7%Fx zXoU$g=5?SIvZEgn>PzSug#q+6H+8rtMEl~1%WwipYGGpl!W=w#P`dy~^6luMQea%A zN^t&{(#*E7atPduNG$Jtbp4A4KhDe!N9R408%-_ zisIo|JA2GDKF@1-^tbW1N}6MSr#d$weq*w`7DpZ6y5WD(qCsM}ld|kS$+B~K2Lxqk zry>(;u18RylI)xlt=NqRI~dv2S^0K9`l&eq>l3gkVFGAY$#%)Xaz?0C=S^@Y``8wf zIEc*|Ad~LpJfD$IW`;*EMr<`zs zxQu5taczJLqTluI=+otG5UfMA{alMd0a$-4goLtHEQZHExvR#sKE>;0c3U;Vod;`b zFLUVlnsz1}y5)nkjwCH-MzPG!7#zFWG#wM1~=oLmqKMI4uEujsppP zr0?5wH>g{T6u;#0kKm`1RUSV)bfCU#G4rQK`?Al|FG4DHDc`SsVCXzO-<-w!wb!X% zEzX>$UxXKA??&g?y2X6IwjHhber@Er%z643x0~nb7ln;`e}dIW)6~l{=CaUw8tkKzlKIA@aoSRRy;QM_%r=01N@~f zAO0EmDK0KYkvr zWe-I2zKd)5PoIxX!L?%ImRA>;^7MmZ<6->5ktxrM@odTSxnGNMJc^D$kY6N zGJRn*d1vvAzN#R8@8_M&@BQ@R_kMyjh?me0-^y&n54VnmKr-)xXBs?>2ClU=ABk7v z_kL834SL647YR-#SYa z_roInHBpd^_dftpuW5^|3&aL}u9eqA@3BFD`}KE>QopelJo=yS;s;_~_c^hXh7s?U z{Sw{tYyMW7H}2rY9k0#d)e*1FjfXXTZd-L~Uv4sFpLXQ7T?<>xH#l?`ryupI$SL14 znJaIXobD}?x$pay$y|B6)U>oMP7kt^O%DKy_uIWs=% zEPbxmtd%QjCz`cq$7h|R&-IzLaz*VV>*bZnczI>Y|BqSE=#|4Z%Rfv^(e~jVWZ+fX zW!zOeWY|?ZWzWzbc7WXx52Wyn?gWW-gs`C*nL{lmY!f9cP>?-MZJ_X#9s`}NsT z^L?Mg56&U)XcIP<=b8d+|E@=xqv7V~|dsPV$@1?v#X zY=8J;j@3KR!t#eJ1COCde=zVQFDnC&^5c$XdbVZGL?hkS_5c*>^&krU&c5I{8G_sH=&TQ>mCa;?3@wYD-R^{PAd znm7M2?sHSGI^;&nKO9Th6AuQ~5wmK~b;Q|vFVa%og~9CuJFr9x>Am<}r7fxM(ZTJA zqnLbY$8ONKANtt+*J5JitGHYBJ_J5ttl{`(XR5m(xB(wx=pGx~plvKVq4$D5H)EWl z-eA9$GD!oWc&YyM)M@*LJ_eO%>+4PWge-kMh(UC`9p0=$Xynf!+y&x7MeB((`R%V) zU2!Xj^N=`_)u+9XO%~l?Q6Grem`#rR{m4G@4d3c%X zY`q@~KvRiZ^!~(?ffZ1*MH|R1>Q}V=@Wo&418saUT!{)il#djaei&5o%&Qj~C2hxt z)8?~iJFT5@ZwW*V(__Do1J03tgdR5uNjR{wpeJ&rh9j^rD*TogNMA_{#RKT{nN*IT z&>QTd+^~W`WB`cXqCPY(8BQg(>rZcQ!xXHH4r>)9L47?)DJ$9nQsR~rfyAQ-hQWRF z$b=&|z{Gh7Y!eNxHwROtqOn&-0-F1v-!~yWFU;bw?002!Tm1f%0kVf<)zmLn1v@Zp zbr*sl#)}XwMgs~kM)@8wST8Qx1|35r)G|k7LGoLVed(HSP|cu?X`5`@E71)Mh=Z~M z<0{5?t`fIrxCGyK#Dc>7!$UOUJS9l#IU6)GKvqLn(FkGC%)L}Pc11WwzO$>v_fwc2 zhAa|E_^qMIaQEU#aDgX5mtt5UhHP*EGQ^2VQbwD~2=RlB&>{{F1ny1zhctWIXgi6j;jRu+roEA=_n#Y1KW0G& zN9-2mMnK^Al*Hg3I{Thkbx8n@3u&SpxC&*d1*x9N%0$QV0y+DF7!lfTNGuRcX+4+- zy8#1lg}T;$;awbt;VY>ro{hl0yo$=3G=4!&H3aJ(9lwZy7ts?>2OdS&RNvV_{)Rc^5qqvwp3`t9ya+Dg)*CC%FPS8y;n4d zLp39$2B-VJQiBSH(dHkbjUmw~X!8#|2l*|-_!HUDSrjCn_|d38ei!Q9qxC6`qEu+QCp(4lQ(Kp8aF zD|y4QkF!f#(uSe2e{3o>E_fseF+pmFG=N={N{vtTOoWl`f%K3MOU_Qy4h5dp{y;lP zE6l-1TaYcs0E1m{+XRIiX0SxEBqOI7Oy2q~6wrbBXtG8tZVTYMR7kc#{5aK4Q>L=0 z7QUx|-`q5}z!}>HlCyG1DYHw?ub`k=za%;91dAG2M9!k%48O7B%CK@QcpQgDwx$kh z78~R|xI30QhK|~CZ5bGVfO4(`Yo++r!ENwqsX{QZT^Sb0QSQQv`4Xc(!^tJ=Mh7@q zyF@Gu4EcjQzz$zLpbci3WCOP{!dn3;&bibW5O+1ReYv4Ih3%PqCa{3c-B&8T@^jIQyJ8t}1kaTE= z>2g7+8^qI2IE_kla7x#koUKt*J$if6CT0S@VHb-(Sk%ec?*LyDq-}{B1Y=y`z$eCu zlC)_sFae9~5)8%+*$#a>h{hl)fOx&2`DAzee9;Ej$zJ>jX&}gb509L}X-2T2pFwHS z9yqi(D)cfv>C;bP9cWNC(n8)HBKsa2Eq^%OLlnEk=7-Vk)CXba(4`l2m%{PEKZANn zfg^FROkMd#@z?N*LOQp&nqsLuAstgnseW8E1e3PJZ;jGZn)XtfiFT#P84J@Pb7r(D z^Peeaz76FYlCxV(qZGvA2ZBH-HgGV#jBq`0;o@}ODH_ZocX2E=$|AQ!r2W2<&XRJ} zBvz#BA5JZft#G!^SVcgFU&#=~IE9sQB-oc4<~+DjvoClER?4@_ya-j@(j6XMq`X_h z8Y`9>4FyBS_*yZX0C(Us15x?GQ%ZP|B3gXCh`9vu0vtTuJ3I${o@L46~R4Wr3>=jFiiJQss#WxUbTnc{Hj@%(LUMPEHB&08m|Go&yEg7X`8k?Ij4R zRx=Pqhcv`}Xb?vH7fMv}JBke`3MBB0)MhS#>4Y2H5N~Z_i3iOZ5|uurC06|i-!0|N z0zz&HXEqz3{`pvZagH&>Q0iH-9$kM#nQeJIW?{f7`R0ACj)=Qm09(}lI>?s z9UBjeQHTuiVO&t)#&`bSz;`Wh>qQ#;J1PzCj}lVY@cuwDxBNhOY@OfCgzx+rDI)e^ z6zyApR$2KNaBc6mNd`P*zv=tG-P9j)NFqGsyy(Jz`(%H}E&1?}=f<2HzTO}5N?JVR z+xw4?750bxk{u5PK663vGyS1rNs@<3zC7#6uk?pXC08CQ8+Wnu#r{yaq|8GVlWKoe z(;o_fDqDZ3N?mHzrA{s@w)2Aj`d9n`e@pRCQfL+v`}oV?S@bLUUI1o4P`>{0{Pk2* zzJI`nFNVwa8vty|_X=RettH>CM^7Q&+aEure69TWzmt#Tonb3Qz7#)+zXC;5Ga2yT z0Dzey9{}nYeiDD_um%sK0W#j9c=f&d+>l;V<$65jh|gJ$2c&$}vpYWL9(i`FXK#GY zGQF`1ze1$fgpj=arQf&_VB*zZ#4{>>S!~Rb=Pv+qb-em+Tx#Ogci~bSuf9{CTdUX9 zDLi-JLGbVycsk@6c=!xF?RsOK;Hd?Yw|`0`x9c^vC*X1aYg5c9^+&{mWE#Y_Qa|vJKgJ{G@%yYkH$ypTe(~c;lmZamTB3cy+|9bK?Rt!5SZLap?=)0?T8U0L3E(LKhllV3~mC6vnI11eAEoS$d;SU+6Vq z$rU_KG+~_`kDOzH6Ii}1Sn)ZNEV?GgTc+p>{X$p3gyrWIu+BAMofnT34TFV-8M@+g z&bMG)5O4X2zOYzem6))KO;{J2ur9Iy#UoRNE;P)*vUvPxy!v9{@nd>pnZB^pge6zd zb%_b<(s(3jffHC|S+L@BF0<&mJl=AJzOY>AsxV=d^9op3ny{|20L3HI1Qr^eMAvj| zA}x%!T+;$j){e&iGc!wa|5ut>yyat1W@ZmZ&1a5hpMJAHWS5PbkYn19Hm>XsIc5JQ z#-?e~A1MfA!m)oEzr%e)u`d`N7xq z-LA)WX(@cwsWDV=OVzYns_t~%mN%_2bh{%~Q=1cOth4D~=0uce3?*)x zry5#n+S|9E6R8gyAN>!tMf7X7yD1~b`KUSrRa4*AUc&y+E#di%{Q?TDY(_QyV8X%< z>Mdb>mRhUU&aSSCPeDz8|!~4coHM= zq50d6B7{~RT=>~%H?CN>RPbk?&&BL9Uw<6S4SoPLwmw(a^m@B~JHPYAEgyV1#etZP zCyaf1y)&^g@CVE%_?ilm6?=JC??KrgrOb=6SEbB{vcF1MKp#Y@A*CgNSEbJ=M&(;l zS&FJbsVe(83g4B&aunJ~aD4@`ssY?39|&wl6#~}^{PQF7CQdSireqfxk21)J$&BIy z4orq}`qH&_=81>(y)fWneZOmMDD8UeCC9`0`%`~$m(GVK&) z_EVJQJ!~O$=kHJO+i$)^r5(AFKG$PCXMya}#F8rgQ0mpQpqD`6hEVGDF~Jw}`CCe! ze8$#(%)e(O?hfEL@Ne}8kEZ@UKDGah{KNUjS;tnvSM))&8K3(58F;Z`|9I5QD`r9k z6<9(BkLDlND@%|Q^#u7P2hYHsqPt56b{E}R7Q~JVpzs$CO0`1;FKZ?1yS|w3F7T~? z8W(LzIVuAMH&kfr3wG)^c(uLIVnDC-74+bSA9CX=f$zZhgaTjc@AlMwAMmqei9;~6 z5z=b#Y&9`;Xmsk;iDnD*WeW($uixMd zoReJD~x-f!ZFIF$iiIo-f<1SEu(;PEm>m9LuG-fvl z_i^D)dx^c{c0KUyd-#>lcfzjZ7hz{f`%4r68kKUtb4gggp#l3eJ0aeJ)cyit=)Kh6 z$ALwbKGvh9Ue&;!7mNk;cU+IZG|FVh8{Dn`vI~ZpIy5PNka7(62iK<#j0)}q8D9PC zPt#~A&OXLhaJx|YUcHlD^n?6m!~LoaYIAn%$LCF`#!mK1{e24Xf1NE|kN1oY@{=jP zAb*C!1FsRJ<#>a%oPgE~Ik*dUX`S6@oVe9q@bz`L(JJraKq;8FOg}^tNKj%TtP56_ zs0=0MRlx==3x#1SGqj8n1f2m3)K98O|)clX>GGgOTy!Ukc9W<5a+ zGd5anwkZZF>yqFJe6r?+fGOB2LqC6YoYEA4!ze0e_X?>n$R z+AZ4fhu_p|Tjd4Y^-3o`YN*e1v9y*&GJj|TOQ#mjZfwRlIJ^|`gpzChfiCMjt%B^ zTyh|fmr;FHm)KWS%J;sf;=A?Lb}hw|Oa=drWtszz_~^V#R@h#>nm^j>fMcw7(=S$g z5|s|U+MB2}zbR`iRk37 z@%`-i`+F$j#LaX_qyDrU?BLhUZUg`G=O#bvjP-hubZ72^4gr?stvN7Ceb3yrwmQeP zc0A8!Y`{I-u3K*4w7hbYhbknDcpxOe#F1<59J^GEvYNsXOVgRQz$?yBd?psrTHyCi z|9mv}ChuTxp85^MHRCI#vd}LL&o^e^EF1zI*kTxeN^!pMQ{cjAQ!Q$7Jmy@hMFU%e z!-fqlU zS{ykmS=m;~=Q>e8Dz)DmpEnxNIb1yPiF&UI0ax}<9q`6)z#^EX^Xzf6BYRbjV#nv_ zx>o%HA1Rd4@ED}Lki+4b?{YXiibu;tyQpa6HI!TN7hNI*!1J(+Bx54qn<)j$NK1W` zGf&p%o}Oap(@WzE*$OxaF&oyQ_+=vpzQSQL}F* zqtmsQ^hC1gK?sK;UFFMYR)57KW59QDg>W6H8pJILUTP8ibl@K-0$wO`;>&j4)rAe0 zx&tM7xMK$5#rE^@ExU77!^1CG4PR4tX!u9mp&`C2h-?utqNyLTaXV(-7(OxI-5wgM z@IeHguu=Y^0*>!}&PQ_`hc)<}VB+g;pMVmyQRB<5_Z`R$cEe$jDW()5&x!v=B~cDg zlAK3NR{N0udjZr{mxYaea)aUcDsG|-+j*Mxv*?9^JpAi2>U*Ki`54?z{-$$sCIEe0 z$m3_8>yk6dPzIQnWy;Dq(vvd*{@hGiAkvt;J)FEJ{FEQq-u$6Hqb@PC4&SzHNzAla z4(BHMknIq?Klr0b@58u>t)mNVfx7Jb5_rz&TiUCoO|=h}(;Ueom$1FdZ6m zOUsDS`MlNaBlGJc#(9}uz-%(f(GCsW`4DAY+l$8rrL$q zS?-N;x^Im}8*ni``3VeO7(dJygOFR&(|Yf@PUQD_d*giL2fI!2xmK0{UOj4j^No_d znbI>+n*4m-{A6{Q(`(r1-j%644sZv`R=s$aqw^iX?TNM#cZb6L+9J9gXFa-NCi}v7 z#u5+;5;xiO>ujCJ*rnau#f!|{VKsL*q9Mrz*THAi{BnQQ_;A_f@hYdUQgvJQ`t`{c zUt_)TXN#KlrH#g~VqkMKH6y9mIdO1 z3Y#smCc_eF3(S#$%Bz**Gv2&2DEk3h}$#xR2H`*uUt%Fg6F ztCllI5j14SFQ|L4>^?`YritgLFAp1UCn!Ki#MpepC@R@9r_Hoat$kD%ri!$DP`=+5 z0-j7H5-~QShkh9FO35fp-krWAV*K?%j!8PSiIHd{;wx4flP{D~>D_{FB)1Tx&?7?} zrgv5B8e4tGS*`a({rB<{$i@Pg6*W0J_~L=Q-@-&}_%8Atj`S7AH@_v?TlM0CcDp`4 z$E71#+#6|~6MY;#qjZ?YWZL9m(s8sSx1~2(?Fp+-DdU4%sJG!OT4uAYTXRSk0=*&~M~=JO$A;$_ zSHwko={uZ8U5gNA@)t2G)N@9kgr|o*vAdkM4h(LQ&jId;5+5b{TKTmRoKrgYX!WLpehC zyF`4YEcpwIR;MiPH;pOG_$O2;G;HV&T?N&3Wp}+8qKTd9udCuK(w_ZfKlF`p1$!NG`V--!dKe3x*Id2ym*R&pD$h=!WApf7XZEu;BZY@c z;PU$X?s-7?i;Tcu2dMh)K~SY#d1M9=!J*zuBqw|msJySMnR6#S*!_W?*KfSqd&J?> zd(xj@o0m+~?d_?e^d}2vb{`s;T$9q*;{{ZyT@iy_}cvdXS( zM?kF6wO@eB4USHg(v|&KP(XC8#DlKvSU~ai%(XP>J074w(DU0FLJz=3*Vd70Zu+iU z6v4Vcy_LRMn1#zM)LTdPg*AR1uB~0!M@;yvSN4}-{By4<=*Ygu+E}*52%PMBZ5-x@ zHri}`k-W#@a*Sb8Jx~GiOVZN{S=RI;AYL&5+-W5eNe%Ygf8&gr%%nrn$(v<@QJL=f z4RwSvEUvzlHurY%!XB5ptme>)g`quNE=ha3M~!C9K6JU!1Zcc`(%~<~-S@7!#5|vi z`EbqQ&{HmE(&6i#?Q~^ONj;UovU=}S9mCz{Q$o-}MnO1vw`-Z^)ASmv+u`ks?BCl; zqI`HrnZCxzFR{TVz#IR#BRzWvwIu_pW*}W&(O34tqWe?hCei2{%3g12C|tc_%@%!q-byuP9F*i><$qR^ELx|Dr9KI!@XxUUXIe`YPUst223zIRq4pwZ+vf zFyg%E2eSM4phomIlc>9}e@pYQxI@D1&+_9}yw8s&M`Y*=OrL*e(`UqI>>waOjQ?x% z!SeEKImKK_WM}poS75|s#`jQ2XST}~!V0~+EPKFSZ2nw&qZ1sngx1YDIsLoesR7AiFJa=$17#8e3o?@4BhSCsg3 z+|U;^y;Z1x2hJy73W^8UP| z5z2WmuUTr(JC+})m@CQBR}^|feTB_yH*_DV*#@j-D;F4qooe{2hGv03J&-wn`m5Cv zRZdGpp^Ey>?AIbl1zW|b?(ZIB0<5YTS{}Ya6{(tATs5MPt8#M7=?X1NB(zk3(DM%t z3oYTrSDDljb5cu1&xVzMq}tlMuE@SG*QoNYdl|L`*~YoTx5N~3Nw%rU|8P~Fuap@0e@%^( z9&oZFSxXEfA{k-EcQRz*jfQhWs7WU%vkvuq5Ki6y5 zaYn6<<$}1~YmarIqmjFEx%`;#-s4hOCjnb}lIf^i|d zHv}cy#m2fWR!)BwB%Z{xY~l&FisobEFUZhT=%*R`Z}$Z3xP_UZyUENorhHMl7;?2E zlPzfWQ!09k-Jl$#$d92h!DouZ>rO(xB$l!lwJh;SX45z}O50fr@lzYrjI}n`HHIFQ z?^3^Rof|ax^6CU3qkh(vV164A$|&2cN6i8E6%deVR^cI zMWcS!#bAC#Y<7D`+0#Cj**Gr5Hk(>R3;mjP8SGopb)OC@**|(EqkiTNJU{htOSFUR z9bm6>^EfU6T85>(P_`)&8i=mDGN@$l=#`B6S+`c7fM5ij*oj}Ey0IsTh>eJlNr5X9 z)DEq6RQ4nrwomAKPF$!2*9Xgwd4CCJ@c4Q$_d>X*%Vfry8>@OKB!I!L$;*{!10#q6 zAy*GqWY=wqa{=+0lx#ZXU$$__|2FO~2$>gQnshxXnH z8WOu{1lZ1Dj;(6B{o$|yzj8CrdC*{-(hWBLW#axy;#J104NxcnLSoF;k7x$h!1AqP zWKW!;HEvg)4fD4cq;;Tn3BMKGksUh904fBz!_fGAVU+PU^LN&3h!~Q1%8S# zN~hQRguvs~x&!(NkL$Y<19VJ1-58xa^Eg92;RO90Eyg6=c4VZ;>^ae4AVz}+iYjRs4j@WMPX8Z7?J+=3Il7&f%v79#C1{R1j)cA4S&unne8JiVnedNbMFS=~{2?%40;*4bc zxLS9u_yIbjUvc^1K)acZkIhYxN7w-HP?T!f@HV4uWrySvh+7N-@+4Pa_`97L>2!dy< z_;HN@p+3s=mxZ1%C(R5LKduSL94r%X+9sdT3|c>~Mco5lkZ>SG97Bsf{WwF)1O^b( z9(6JJ)Kj@=yF;6CbOJ1RA@pH^w;TscWeyg&%W<&O`LK*V9u@$g`Ot1=GvEZUI6#CG z@g@3bjQS`aFM@-)Q{4pJYQQl5hVfGGkOCk8I!Fy9RwEUK}jdf`uL$4Hmm8 zy$o2k8BtT;?6>BA&%shDSj2JNE$Z}x#nC^wK@;spMM^;((8cPQUsXgnM^S^LSbJ@@|D(YY~8Qf_=5M} z+p*Wtn(OM2YR+AEA1UQCA_h*{Es;u{Pa9UC5?>Y|Zfp*5Av-j?W{c9gDQj%#s3R#d zwyo*62qqhem6$*y3vno3ZRMRpjngg<0^x09Fy0L zejFUpbz@0hH~MkaK{uAPRUhb&BlWKD%%_^OytMGQs=`G86B1?!2-1mv%_Inz>AU0FgqNE z1&%lZmNglRGZsW2nb_yi?qR$L4pv~o3v1WW@KP>V5M~2d7=^A_^1%)@Wx<^D@gnlg zO%u`KX~IVengFIO_0jkf@KS4d(ezo$)GE=h)WnKcKfe646kFk@&#}Zw^mAf`A6MmI z(UdIF&rRiiTr2d#R30U6cq;ef8XPRD4{=L8R1pp@xa!DkRv+byIDWo*;l;!XAYoXW zh~vjq=cX(mA>jcf54E4;G33=kVAKfJWl7M9K#vV z^718CrF%{DR}p%Oc~@>uBvC(^II8i3zpv0S!SsfAIPqHIRhHJA;T8ktPE|llJjzlY z9*T0%=$^Jc$ju6xR;%z`%WQA;jv1~urg|sj)f=~Z#etqgWk&T>TCGYWRQf7FB&b>Z zhK*NMJ)Wvj8ghNwe)soN-?Ai~M zq`wmfvVy*HeD-Yn*f*-yl*YQpHzfxnU;K@~U8b$I2cYoq`l_#D3**vzkxApaBVKEG z(v0wm@yQL5%WfxfRhFGe%NDfT)%L&x$;*C4BMYKE=TRA(KiU|KWIK6bmyS$t3r~%M zr!)H{w$$BzeQuwS{l(7ggrJ;7{mHFnn}Y2@7kI-z7-sBO;=}2RlJpk}GtY8zYl75I z8SK>yr2x_cs=5k$Ky_~l{n>bg&paFBB-QrJ{%~UJnrEW?B{G?3!ub5ynR)iy#LhL( z>Hs{m)c$kPKW6Zv!`Iy-zwX8N{(fce;191-_mg`oZcUl-o*60_D&Wp|_5d=Yq#DQ^ zEL-#Zp(u)d)m~6=s1#k|_RK**jFs+R^BlPg?!LXRG*&wBhhQZNF_tGUCH0DPGtXR* z$rhDnV9`7sEE=H27w*cs4;St_Si0YGc!RrM@(!LTir36QOs_Zb`j9ZQE3-|GtSf*GJEhX6de2E_bkd+A zv;BhJE8i4J;HgE(T65%Suot~$3w9P7tRpFwgb)q1vsxn}#Y1!MMNiGBQ(csvn%Vd9 z-*{>!r~k%N^O)QlPtC=-H=deHa&ILg>tCE(rtAAPja>R=TZS2+6L$gig`cfU_=6 zMbhoIlNm|nyzAQLV-bn`Ez239)MVS)q<8R@J0>-wco74-pYb05aV%D_V&c*k538sq z{cF&_di`tT-!)ZBv$Qe$lcOPcK;@P(mH`S{ug`f+Hx{zKjF{}^YhZz^;&E-@LoNwMrP#hp;e_G12BJzZvPf>07xrq(tmg!4&lQYCnpT%QG8kR^kL-$rygEij z=%FP386QpzB?n8cYa5F9EPb&crahX=GtYv|W`2R1cG#2A4Nv-TJyE|NPBNHFVo#-m zu7%dVM-oSM>!cjK#Is!=HUg_kP0&WSHOw}=IbH!_x8}RL(nG?B;ez9QlpD{s za*&B8>k_yo^*4u88&k6iT=S>;Mg&t0H?u;i4!_H%x-Qodqp8KI4(squuES{s1=mG; zW~<8qJ$Z~S*RcaY0em)<=LWcN;DZzgz8-`fCd`=tZM{u1geEhgt8=`f((#IT_LdI; zJ46eb<7|yJre{S$4<qXPx8-x3ZGo+j)eETD>cgf>D8p_y{}C@j@DYS0q*>)NyK&qnY==)SVktLuuceT_bsrRe{JHHyR- z@|AQ~ZH<^%9FA5$3oFQ;e=yQuTW)e;`cGh%5eOtCjy1(NryhbiWQyjH7}OEWAyB(f zhi05wM;#T8I;ygttFdZTWrLS-Rxu$P%PC4`tk2XOQspRpW+*kq%^?tvBBzW2-1^ka zV)28%aAacm{Ao}{%lSI@Qs10>p+t?Kc|9K$ox{x*_tqI}i1e$`O#L=NsKIKg8qaUs zn*6uFrzU^-gJ;`h*WS3HrMNF5_X)K6{8ZWb6Xj*LzA4o@G);|mO|gbwazevLlE(v% zKK|>U8hz9X9o2JX6`Sq&qpNZOwk_zvQn^o5(vK2xS%= z=Xrq^X?m&Ui1}EjlUQ`ogQ@RTdyRrZ&qCC2G64t7dwnV@BmpCDTr01uvj+>Qt z%@$~|5kQvd7j9hJ&O*ITa!~e`TEw~OEFNQ_mlF3U9+u40j?8oQQOP{BhGww@#PbKg zPExZc6W(|dN9-U+ox+HX%J2bk-Gu!Igz3TlJ$+!{kTw}e*y((l5zH$=ji#>*N>T*+&(x(_VoqP+cuyXX!kPT zN+L##(rCY)+?et7*`_Q|>Unq_BT^*m*w<10V&fl{yy7o6@>cdc`Z~Mc~|0MFk z-F^4rHYY4DW_U0 zu*UOwO4FAyNSPunT`S*}c3R)|z6J5~9)3=-PWJW z<&k|1avCOkN2nrZ5$cI#uOS4n8#!xWj7Ik7AmcG1XRcvDDNtTF7-2 zr_E3t}%3vVXi*k>zttUY6qv_!j9%H&MiD8+h#U;_Tli?PV z9*TbTnXs|Fd2~_CloXQu;><_!nunwVTLx^k*&m^tG(J~`tnhH+{yL`%5w;RD_dIL!8OI~9W@z{!buVGc~RgfBZGjx6)SpHSS#U0f~~8T^>0ho5C? z&E{fAJ}=y?JWVH*2alK+o~*d$6XM7+FFZwYlTU~v%e-)l;-&;}0QnSJ&zZ|()ZL=44$P)*;P0?ujRBq*D{O)K-#odX||o(+CeA;nyN1R`@TLJ8%0 z8Bx`=byUOSDV2J($skg@%zC;Om=`3ERCUXlx!hXEAfiT*)RCs{@st|FN8SM=D_YY^ z{&^}bc`0F73+I%u^~e^#plD3$pKI=$X`1FNSJ z>6;q3O3xIj%t0pnGY28d&oU))B(*SXtU`gs|86-np8Cn)+}3 z=vxJ`4-qaRTu3My@}t2D%RJ&L9+$W-YLY>;47UsHVKA&T;wq6c>!Fnfo%uDLgt~88yrpIb z>^YVga{350sEu>HS4&Wb&B(=3oPb}YAHNp{!*L7-y#{Sn0OHgDzG-?8Xww7Ge2uGC zdjc(apJZKwf>e{H_qEj5Pn=pXEfv045Kl$<1av(sQ6cmUv5OL4A)Q)XAmo&|il&>4 zv$)7r(iKWgcQTFyoatjyT@t9uoel;tYoW5c+C^n`^54+7xVO8&(cZWHuR+(_?|No# z`k$!I#Os%Sq#}Awtox#CKD%^@wv)n5#QjaB_J+&;QBiQ8Vr>Lp+3$^y=>7igs%yTO zm-w?J)`7~hUO#@tPVZf1O8Id22d=p;FXa@a+^Lj){EF|oGUs-Amz68W(26CXzjD&i z8>+t@<3m?yV>>;A$8T#$8IItu>ivk4_I^b1g32D|ro-pElyxp;=+&B|y;i7q)a44& zi<;j%xV$v>(*oK$X=8Mb+-Q~=R%&#(@e&nOIrOdwi)w(y#YFdnq20*_Hs{Ub$(5Xk zzwx!uq2#gf4H4IXfsFTFAt$;n;VXRoEBU1JwJZ6ia3$ZGW2!NF^B=+bJCesDHB)j;!D>SC7&Nm4D}qm@#Eg6nk~RG$r?2Rmh*<*CFljugoVQZ{Wdh{V3_pQ zs*Mm9XZ~qMtwQIdV>irreM~jGh=oHRQP<2xt^TfYrdEIPIrVi#mx~~IJbQ4qXsN8` z@Ir@cZfUaVe##(8&yV5#`jI6A*e{iLFn*o;GK~CVB zyCRnTI{BzRh|Ml`1qAPluX41PPr&Qdki1RJ_2nQj`}(YWeirk_R{|O1I4%)7E`4oW z;&VNGqO6zw9O(GcYyNEMN)dg8Zpr?S_vGkUS&4twqJ`A1)kKUD)nJ^OBKx?8U_91T*<=F9Z*$>RjKQqYg4$NT?PkHtm`Gsf)w|V%?oAlHT7ta+Z z!;@4UVAdR!^c3pH3Cc^2av4%?iMfuX0%Duuh^?_G`Rl>#9cKXhZg_aPCdw}p{pxkH=P z?7E?Ml?{)ku|tnQz1{CkYzQ5iba>UnUVmPbU!3VT8TRXDQ2HRd$NwriSYHj0*;Y{;Oz6knFE??aA3x5WQ=#7y84J!qzy6o7V_9t7IQ4KzkLGnLgZ2&Xbr)lMv7 zqPkSTPPd7wJK1xPkyE|mBYcYolhpAmaaTcyNkOW@_EX2O5+~E}EER{I&zYglt=246 z-}_P5z1cS}cOQc>z8?K@LG}YAHK!*{!`w0RmaerbOCCcv{{12t$FZs#tG7@IV`_-6 ztH$wCp_hR~diK+1J+=F3&G!`pf6%Q+OF1yXV!Q`kT)8q)r4}P?2sjZZ-q2ZfXR&Ce zL)sk0AU=sk_ELR4J>I}ID_^@uLw;4fDLqU2jTXAO_EziGd8Cq_y>W(}lqP*k_F9=N z(c7jhTyD!9SyadxA+CMl1?lB1b?*GlcrA7249zjU`*ePt-rb&@(ZtZ4(yhwLk!qr) zd-s#=^q)-k&bLxqe5wMvs6nQZ@XS`G7HydAMBa{5j1)ogY+ZQ~V^rI52#ytFbCt34CVH>!hN=Hv4NVORw+3r zj=cWePjhW6)4}c+d1HOI`&k;^x_h8>bLr!BiDr;CI_~RT@JZTMN9;TpF~d`!mbm4> zba7-B1apc~i$nU3xW?$SVmA=3C47dkgwRQ7BeW3Cr!U76 z3J8aJf0b~6@C;!O!T4Va=(EMshxwm7P%KBHw-P0PiSo3E)t zR{OnpplL&YxNmpg_6^SzZ8%Ugao2|DidH|Hn7F%dTi@eF_wO8-xVPwG3V5!AGA2H5 zWq6ORD)Js7f6cDCKPjOck^dwqqKWtNrK@Rrd-kzQ6}8xulq`- z8)lDy*`XWfclMPVYNMdyhB8_3l@vW(SAOw8!-kFFzQ_BvZ5Sv5mlOAHc(!QubBT$M zTN3ZJnwN#;od=5UpSX*@c(!BW?z&DNd0STf^P-OIKkhL+m4lA?k2-WzwReGz1678n zIv*F?8-&$vQiFw`8y0F8+uC$Z%P2^2``zCqim_cK4piyfPgTgNMU~l!dGIkfr9Y!e zeHd6dj8rJHLotIzp>ZMGk{mg!x;Ye%0#~WR-1lpLC9ZxXvI@PDoF@NqbloD`(aZ*p zll4G>6*4%(^vV%dNm5^XXd-iUmT6lzv zHqhoKHW5>uii%ml8+>adjNHUBWT{n~;>H%^ebcc>@(%cO==9>mK&q<*f8|<+VA;0J zygYMDC#d@RBfhbvELu)wvgfP$k2lq$YvbyI{lHg?5c0JOy7gAt3hME8(HU$epTuXi zneiCvnMNGyce+)FVZooOYMp;-ZE;m)Z;u#av{B!Ht&^@yO6*9!5n1)I)ceIU4LxF= zsp-Cj-t^GKjzwqlh zspuRh81c#KalaPze(917ssl1r62x5DDek{N57)Q;@SMWfcL;w&_zQwZSVOpu@Oi?` z)c+O2b%f6omJzNdEFjDyxb^q6X7is?fxvM^r~`)>CFbZiZlcMg!D!ncTE`-+tc7Jn zevrjHRpoz>`L#t9XP%E}EHsY^9>Vs3b6k`Qw4j>4jj^YazKwwotyOr(;P;=Vyy~>G zKj*&SYX0Wz6xoG?BxhtctXv-f@U z-D6|2lE8F`AOQ z^Yrx*Y+Jl7f&Fh|pzp{01Afy12(yggK<`*;!kG0Cq95vEU;42RW84RuQKlO6*-A3w z`&${mb+DeQ#P0UwCK&>2Ua8LR6F2tPN@r;Z9AipRdAOjT1<7h2WGpqB9q{uSSZvo| z2b{z)#SV5S4wAN!-BCWr#rv;YM2<$};+6|F0eu>yU(GJQU9g6)EQH-a#x6McP@%j* zva!R@k>FXs47zIJBw^m_$sv8Fyw+DG4zz2v>F95`{gPsh)t+b!?Ixkla4O#z8ktFQ z{In8kY6#YV$0;gPUH)dQuc(AqYZcgqe`B59k)3fQJ-?8fGdbXNN~u94H9~5DB#p+Z zhG{IhWe|4K2%@W^si#C=)AP)Y8+E})%*kVpz7|4XHyC|E(?(xLQhFIdWBOon#UKwx zUwSb5(mjh+Mp+<}@~gAoz|R_Vpaqd`@2O^iRCh9q?Bfm1g`a7~sZQ*CMO`v8=T`8? zpjff(s%TG(2#qF!vKaeNd`}KxgZv0>1)>v&j2jp+YgYcyal=OBwN*``0`%~+N?3n7 zJv>8J4J+NRm8TAgY4@o*dnbkQ{P~z%w$ZK)1({h}NYih1fUzoRweJ{dp4+Jhu%`GN-Fo-!=7EO z7*1r|{ION@hpt;@{@Cc|4(B9+Y_q$+Z$B1)yXgH#cv+LZe$lu_a@%RJoH|K?aG4a+6xfDlA9vZNib~`=>DUQH@)sb&KhnDdpaVeBS0Iyvh=OD za*!uGF8TB)a12z|bL-d8y9o|HWDZ=QFSqc8>Ev9#q(2+em#@1omWkK2d$lYtS{Bry ziL%>n{R<*Gew!$}^VV9*PPhPu&9Xk96|otf39I>d4L(O zqs;4$ykoQ+Iz!03j`AE@xRm&RIa)H?Ltg)`Z04a*VvCb329YfGcv~d8^gHs~Bk~&* z(=Q^C5$T|abPr>@Tq$EpDRGFDF;d!5Jx;7S(ISCLTH?j_g}p_+Gs0Kp3l|I=DcEuQ zw~Q-&ySzzIvUgP&qW0o`M)dci>WSE}Sap)_0E9ko3mB?(I zn@eswp1j{Fmfjh8|2x3aLk>$TAt`*nFYK*2p8NuNzwjN)`*sKJ@#6T~$onCz1Wd+{ zcV!P_v1YP=eOGpX=l_-RzU_y-FmZ&u--(>Rz?buvViJbvk1D1p5VVkb^5lF8X(Lny z2o9#bL3TAcEZ;5`nOi6QFwa1A&>dFg(bNvjT%V3)4u-r^J{?v|H(Vlsdzi1ZHNx2F7k}}0HeL?>r1bugj zy9xR+B%(S5eRSs7A65R51pT)^-FLZ8)S2WjLBB3f&<~y^=-ab?;TCm?ej~C5(wnVa z;td^xtIf6^9?|k;SP`9>h+j4=;x7(l{Nwj|Mz^?JWG0tMc1GPvTJKTF2cT`|TZA*L z83Z?SxoWhfm@vH-3rH}aG0fhK#_$aptS2Swv!hDCu$Fv6v=zwubx@bd`V|8aU!8HQ zcHrO1`N9S}U&!eUMu9tDSewnh27ZyyAwN6(g)rRu4$c?Wc@KGys`1vOo*AMvZ5gj( zgF}*j%q0DdwA3}`G)^1VQ5@RVQBNE;*s5FuMk2nJ7q!{*)go;kF2H_-y&UvjtvY%5 zkO}x@678{}yr&U5KD%>=G(&fi%9LnWtT)YFjAOXceatDsGfK=^I$kpo;Fz%TG;@&TYksrpfUgS`H-rv$HtQ=T1mnr!EFNVGALqFQ=$^O@x z{QV%iHsqH0?ZnLOE3}<9oegH+r(}II4+Ej-y&F;`{EM#p(XD^U=^S*cFBFZ8=Yq3; zA}u=tmhP{WF7sS*Vng3JZW>v8|B7?CQ{k4d>N2k#*@5$LCUWhB&1>zO`}hjOy1YHT zHZCaJvvYpVRTrH$)cJ>@z%dCU5Uy6Ok<{Aw4@hP!*wig{4*jgKF#-n`cK8w>75z9>k4GcJJb+AF7jnRx$N~Y-=0Gp?eFOV&bOfdiEVr_E? zdUgDItcbCHUYjj;5B|w3G zA%}u_PY*?MVJ^G+ic-CX(OXrx3jE@NVwxzRRL1sgx@xPhgC^Uu&0$ZHM1D|xNunnF#RjIJhp zG%y??%vxV=)2vmW?Rya#U4V3hiy+2py%N0x`3+tpHC9WshfO~be}jo{5=u20!TO!Q zh9S2%D1QyVtvgL|?d?^!rCAftn((QFhBz^R*Lv4l#N#^TiTdn696XbzorcJUCQz9mpm$@d4jbe}C%CmR#}ArXo#Tf}6V_}Yfa|Ax%Fj`~Iz+@22x@J|3u+7- z6VzG)0^?*Uf*MU0^0^)NYp)CAs2Q=(#`%YKeHsFJt;(0uG^CJ%kM{uKZAox0@7l2B zTw+Zj%h(y|4Wjgrw;9c(vvgGHQvO3({gG_LZ>;0%AiViTQQFzVyFM}-KRz=&ZNCtR zv^sdhChR8ZX&XG*XZa*nFA}4(X?Fu{)h1oTfcf2o@Y+m{dl)ph=AMQe*8s?^V1*iJ z`OFe&Z+-6(;tsoP!Px|c+i6IJHJF$B?6d*kK>bX&Y5dG*EGdQdGvk5UwhX@#zFb#+ z$vcqi8mLIe6q<7CT9yjZilzd?__tpwRQ7NAP+{yI!oL!}PxubuZwR*%QiOkDJbs7p zcZ6>ezCq|EtRY-a$eX@>`R?_L%pXPNT=+2Csny0P|0LuXukEb3g@{-pOA|97aQorL z(E}Pb69;UzmSK+o1#53d+hmn?n>1p1&NShC99ab0Rc?Qrj&i06dN7J*=s42^J-96@ zmY0|&=)6Mi=rnI|phFYIfo5Z6pwrX7X@c@Oy94*6!Pv}ft`Z8VO1>nU0$TWW^nOE&?3jyov~(SJB6W`AJM213*RHFX z;T%_>XB4No(ynGUX471(Pu$PUZjf|_u|LH0wE*W>_~epPt;}<=((Q}M1a=peW=!(( zhAyY2pCEjM@FBtn2$h6$3F8QMA5``Oe_;BH7P0I`P1Mn~_xUrSzfTDcY>lb@WAeU6 z6Slg0lmqeE+&oBW?TjOcL{7jWMkQa&?KKTARdbxr4MmOxQShPsVpyMI8#`F~GPE*J z7R4~2#^m6U=q-Pb$`h8*p!piVKzyHPebPps)ae|3y_iMzo4=+%S{O)tfO9mcLpEIh zXB_hm9pd{upFpBFe;p!(Le@9@t|(-n38DdIXHUa$mU0-CQ^mBncEN?9vxe-?ai4by zZMuXu8Mm58d}Dj|JMMcE-w_EA2Nv+XwLNl~T# z8E0cdQ|3B4+0*WAOkY{ZD4_<82-}*9$sG&BWNuMvrfptDaK*CN^4ezAem1LSYO|^; zUr&OvV^~jeYN2zUu`^%j6djlDb*>>KDf(`^+|H>D3eDwuFn*_pz@TSXf(7x;JA_Rx zPSK*dEI3nBo*aUr|5_By#3oWre_k8GvRBpCv!ei=4bqk~M`-T-l~FZlwQK^5kZG=O*7Ox$asN zdV3gsZ*yYwZO)kv)ThpORLzFFF;wOYiDIEV2VF)eqA<3EXO~bjur`WYi&GzrfI?Y} zTW_Rq5HVxA0n>zDy3mY)OZn#i*J6eX^*&*~P&KI5Tx$RsUz| z3uFI<&_$R-XeE4{P*12OJn_-O*dv4;giVBvgr5?ALilGwFo*B|@}Z%j;Dz7)HK=j( z-)H{#xc7A<-@m_cEM;4$Y63J#7BF z_xQ;7FEiid$6v_k&wu~&aqwOE!;$%~!Z<5G{r7)4^8L8}zQ#E){U77Z+N=M8^$kIO=-=X1`u_8H1wZXe3y=@eYvUFCh+kB;XTNdVSi1sP zccw;lLMFzMn4do^+p#j2k)1N8@3nr;VmPn!6^WNvz(tCoT^T6VlTS?o5OHU;8O%JyUoOnW90FO4^+s3 z85;)kB&{!>Q{x=dIpGpNIFgH*5e{zgLn$Y2G`To61N)K@3OYDd zB)7+0(b@Hj)zBvvjdQka4&j;YD<$^`+XLh7*3YE<(K-7$pLgNKvNhbzgjMMs>MJ`h zC6(Ij?$`K$EH^JSbeT%I;Ue$VnnTfbWyK*>i%6^mNJigSDRt7k3YTQnGij`U217N2 zho4A3Uy`nWzqjM3O1b+Dm@;J*U&LJ1XL%-Yfbjy&s2qqte<=N>p+qLSF6E-;bRS6n z>zm|D&%N;%P5kEk#W1HcHR3oI1Up@3?}YT1-b{b;*qrX?Y+E>QF!AWlyA{9N-`{hx z@rNJ^o1sxOoJzPu5VCC;&9*0BsB9W!!qI+SBjNyFJRcD3Q+*q&a@O(7HWes_S%~&( zc0Z5xYOo}73wkOrpNNo+S?^65Bf(KL#X`nS^m=ehBW7M%@MB?xrKq+kP()@wKgQ@u z$5E<>g+n)uVj_HMxe#J<0--g9ZM}9a*nvCw7RFTf&?xAuPCFml<-^mr7ne?G>txB> zS7MnbV{zYB4=KvG)pJjhuTG^CQtMfUTjQKfo}{bl>|a8!P|GRW=0?h#@Cfr~4Hrqo zC8sM|9Ow9xV~m_gf)F5BHAeBkWmThv^e@0R$kTF`z4>EFp=;E zMrDUrkt%hVo8sHsLy<5TJS5KbZSC=TCuvNg*p%YbT(KP}5B*NCJ7;Z*_Ov+-PX(=$ zc10(m>R3atfo|HJ?KIalX%@d7frvd-Ui`3JH68L)R+y$qn<~|@Eyrbo=QCHDr?GDm zxNDl0>@*|$vLnyH22TzTS^{MbPC{Wob%70D7HZAe;ML`9@bu(t@airIbZodvp zmS(bJbZGPN&WpCx@O#nbnyoeCk_W<$!Fm~yE7Jp))?BnT^X&M{K&bTb8g4PT=pp{I zu1oF@*Ia4)(A5Qs&uc=^NhG z!@Jh7t|jS%HAhIgo&OZ;?W(y{P#^)~<{lVeNJd|@at80^E4px!^G1=_LiC%NWJdH- z!5FOYwzE@M6YldKM#dThFyv)Au&Z>AX?A%|1_?Xl@m?>rjRhV zkfMccf&UH8v;SIsDXzf5htbcoFMv*~nD1Dp^~#POwKN?sX~_5ZCf6|iQb6Mu#wnUl z?h=N{JB7@Vk^z3p$xgHP^!!dwvrj2y2p@l%{g3^R!E8qVBIXrjJNZu2Y$X%(n#1Nn zSf(W*I{H#g1spV6d!Gh9h!_~>o1-8vrMn8Hx`b^}&SbCcufpm2LfE_z+;SJHp}%78 zxhoRNVC>6GXvtWB+#H!0n#}QPWeB}|TIr`0l7Yj`r=OvS4EUcu{R{$$BabI$2;olq zuE+^Zm=Y!fCQ+khu*AycT03QoYdap8NFNE>j7;aF2^8h(KyvhR9ZUatVQT6z1{XJ7 z7*gl0kEFvB5%4Ok2CwZV)Q$H>f+b?_yqh9@ZC{H_oM~1qsaZqOp84=iuc+aOq{@W#PeY!r2vt{OLO?B$S#JqLBB!qe8-|Sz!vsvnJ(DWDG3eX3E_|<@D&f6(t;@4!x4t;JC*mxKR44ShR)sI}3WJ zWRub0kH#Vwin{-OM)7; z_IA1xY8+Kx@{+s}`#J@u9VxNZnvR_#@p6c|NN4rf1VDR`+uCyS-1Oqq99spON%a}) zOWvI8>r0MPkw_GE$`Z+`5uIC)1alcb084WeF`;^Bhj>iWiJ!e4I=( zLsY{_-UbQp5vfhskMYe>;qJc91VfHsKP%Ta)_q%v2<7Wca=mL^C;bT~9cQ95xs`K^ zj2j*JlfERzbup$KvFdUvlR#e*^Bs>#WnzxUrk0pFbCt}Q-&SAZXd-v+&XL3v+s!mB zn}707Vy_X>+v-eO-(F|332uV|#BY{#CIJ=$wTV&rRJ%Z9gwBL!1sFvcB(+KDu8}&E zgOm*uIhD>t#?6)U(3zkW8CH=<+SGwXsZDfNF?Ejl_tPaSZW!4f?-jw4q5SlbhSFq_ z>X}lU)0iOJMXo4}9cwR){g&_&;d#P7!Y;xCgdZ}dzDxLTguf-+M(_x02saYM=G=Pn z^@6% zv|e+ZnTHa*!RQ^w&|%B*;CVivLCrOTH0q6-!J1><7pn6bbqEBU<0Ih30DogtN458b zT0RKOs!)J~{Nw??Xw)k;q&*aR5fmULCi=ZA>l{eYJDyCuh1sBM)IJ)e6;Sl9eLnv9 zag73tbu~|hn(ITK)&_f(*W7q!J=KH@lhIH=vZtE7>s!vCr&|1;T1BHad7o}Q^PXx| zPql@vYCcV;~`|Fn8)zW0R%XV6m%M)uT_Gw-P->Zz+kpI+)3wd~A#YWZpP)N=3o z6=%>>D@OLz$}{h&mFlTgp>M5*saU(#tmWy9`s>Fja-6EmA`GtYS;8ORLh{q=xClec zCC?va-;#f?eM<)$TzmgbrJV`q{PB8noL2u@!XN*f zJp_Ksv+82bDyC7)>i&= zLv49zllMJsdip)QBYMX}LId;XyZ!ldSIth73iuII4%a+V^B6NIn&1u6vv2M#MAN3`W%3j`=u6B3{hpK|)&AL$%nP8}*4$iJ^LFlj4v_l=nbn0>QA zTx2ETOWCKd1OCVf%1|}i{9tN68%+m%ywdx3)99bQ{yS-O9Q(f0ymRcsCp0~Oy;@Dz zWFI+n*5SnC z^uh9FS|5OBieUlvp98=e0>I2yICh}Y2Y*s;E3D7iDh4W)rh%_ZuJLg?#5ZSq?=rnnjxoiF}HT{ z@0`UB2bB3KWQ61Hp0)KwcBKBvF29qnhgIDCyJds=^|i#lp^s)?g=6&=d($I__t*-c zm&Nq-aPB2CbX{5YA<|G$@3b;}39qQ|rVl1xs_2~-^QM>gPAi|1++2}7I(F4hyjfvy zYGiRQ$nFt8?wu9!(qhkxdVBQKo7Pu%(=aU!<3&x_GKaC{UA@H+d*N99*H_@+DKyr8 zKrkP`77=Yo>nEj8c-H^3GXv+dXI87v#yaITe=H{7ORimnD^zd&VZI= zUKm^Ypl|xq8usQ!bh5D|^XsvtN8IGoiz)QAWjYR8BCKbg9a}1UB^AzGWw7$ubAH3UYXobmF%xV zZ-Cipar74P>tQY1FvAiRM=-Dp>vr?G9bLaDM6-A|{akJ37c zo!KV7L(R3|rEYyIm9m#TX=`-OR&PtX^3udXZz#GBcccB$DO>QFhsl5GuKc&A(p`CR z!P_O}Kb)F;>)ciM(S=lnYSr(`#E>V~q_NKS>?86jCbQh|y_%wXTkZ`fw-iC!$)R&s z?c=fmm+Xf@vX*;W{d8?E-I^g8tgU)XI3-)oq|ot)54`O2htuW_ve!G2H<-zu-Ksj$ zUhjP1lD!_g_ntES%lnNG=+UWLb zZuA8LwHd9UE&ToHU$tN4TrNtjEVqk+L@}&?-6?B4Z9?D<@0kiomFTvo>b~H5vJ|sm zaqi=!eRaO$s@TPLzT@P5L32vNcqLJ>i;;9N~gWhM@Ji(3-!vy*WCUT(kl&9Aq@Wk+W1&t+}EX~J37T7UMn)}4K=wP#;z_1V`NKl@s%&c4=4zgDl`5e0PQQ$8RG1ql?Nu%D3V3nK3@$eyft7xm@D1UP_)x zJ5ewFTRhIU=$xI24P7kN7I3u-r`YZPQv1K${;%Z!+W2a6*+VLLxHWjtCSlLRH4 zKQh;P&XLzxJ%)Q${}c~%;q>Z_`nhfOI{eX<|G>T7x%ysxyvKg0SW?Vbp7A?LBgqco;Hx=uI1G*2 zq=LdfFf`_}S1X_T7gO~-vY-g6{uftuy^k*7uTamcAIcq-ILv{ky2Ne((bc->5gvyy zSlH$euRbrcZp90^p&BpNWrk+AeucOKv}{e-0XPb4k`llzaM3H*TBid7NBhi((eKm+ z+Gp8Ih4fvkY7x#|EtJuYM`yuHH|tJe=`k7-J5)Cxqw98&qz%W8hO)iTvLj-y0D%a= zZ%{uJ5cgXS1ad;sGCTxCwIU%^OkbFO(0jvsg|e%_g^;Hn0ePIVQZt1=I)ES4^Po8M z5;SC^jC}##F*T~=&X2Y6A36M2LlY37KXk1F`9c|verPl02jdoE1Q0T7TVItbqs1FJ zlChHV8xoEXjM_4!ww?MGFnD}5l}afBS;nBwJ;wFuh(z1<9-vsOjBYg`M4bKr;64>< zge)9CVIZqGb@@(q-i!d~K8*~b~s~cd{hju57x5v}4nJ?s` zXm0dDxBWs*J=Oud)oUW=jXHSqf$=~1w5egf)Ad0-^J0a^Xb~8WpIOfd1sbb$glaso z!pzC@OXb-@sg1*|%-9ix5YP)GuFL@&aMYnr-{UH5@Zk=c2qCNI=){D;`kzWgX5&-V z2SSU=-v}lUCtx1lRf4JGl3tBPDSRB}XMljH6bVOaki4AlF zMy<#Sk^ma$C#o1=EX;%Di@F6JDfw|T)PneY`Q)Wa%65cfOv{EKKta_u15gF#44eQ% z;BoU5LWWE4_|ytygL*fX8iT2+n))?=%_sLfXhOsyRQQqz1nNs8Y(z^MfxHYt;H}7) zMrbr7VNp40ME-=J)qoj0Y2<0wEAvN{M(Wko>PkQ$bCswFJUeORS1xA^NLxK8iy(aX zvWa6qfmn$Lqkud#U*+&~_1vNh45B zEv&?7&D-ru2lPwp=+cO2VBWAaQWZ!ecoIPt@%DQN9O`cIVn(+*M(A~tjvM6S{7&w0 z)L|lrabQugFMR-?{Ajcz=2UvSGzVsULIuB6(11V^$R?oN#Bm$+^r$ai=J>Mf>O5(r zfVHsa#;H#-Oz5zXU|!CXM&{>BBVo&ToHQ~I_ET-r2>otV({?DtaXg1@F$K{E;{+ff znutm=#^~k*M-QSxVav%MWqxh?;>eSl0L`srBnc{=Oy1;gWGD0xUAG6+wD{}+q&bv< zr=XiyxB4uC7T3C|g5eHO0iiR`P-b;vtH!36VNB}=;XuaO?~g^l=UByvTRYB222BW! zIbq8N0fo(j1X~k(5|2}7W#UQh7h~}oh?N65sYDY=y%A?H)dyHHDYe_&q~$wvchtk6XxSJjYzul!Mh^Ol!ER z7j#l&9-)zBQs+=(m1={)eC|)CfB+E?x{ClwHDW}QV|N6jx2>YGI5r~Vi3OQBV`kXty&Fu5{e}1wt{d>0G zNuH%`(*L#JfgjktkN?+x2U-~RJEb#}3!vKnb@n^0efS(D)Du2T_(Q^lgmVaGgja4U zj2$36OL&T~m+%l_6JaAkI|R%nVQiY0hQ*%CyOQ^=hTj!<4bh$nnk_n4db3xB9@)Jy zZyC?xN>lxJnSGG2{+UTmJc8wo&Fdk){iHNj!}R_`qB@r+j(D?I)I4^QB9z<}!Kxq| z%$0m3v&x_-uXAZ)zc+hX;$&dd3=50aP)vDZtP< z-xHzkmO&}xlrO1r?AmpB<1!%fLUhu-%l>^8Djyv}NYQTxt%rAlDL-&wCz z2#(5k)GJ)6>CG-bWv?tU*We=c(K<$8lqH_njZ=CI>~dnRlqC$=8dkv?Z?nUahP5vh z;){lh+m}L@A{u*N;*HQ#6hRt)Yk^c`r$nhUR6;*_HDWEFL}v|mgj{7u22Q+E^K$4= z;@^gj|g)g}D8HhQzlU@$on;4{_KpdeDE z9TDzDdh{d=CVxcbM&)rMszZpMb!xRYAfR!NP@`6*XcNT!G>1`Nbq0w-Ij|UdPI_88`?p<-VZNyPVtJdK>JBPVc0}z1MQxnOKf*|8(!aNBgHk zzZ+AadX8SQVvF~MBNM~tPfHc1@V^Xd>YI}<$YMRt$5?B5>i)#4lZEUB zf38ebzDn%W>Hqw?GfV%*%F)v6#<>$h_87MtB=4&nR?j_f8t`0`U;g@bmWSD!?#>@C zZ7`b!671&7uj6v9B(Fv@TE^#PU8qJYWi%jFDaRkn@E{ZE*{~wqbFll}OP{85mOe*` zOW))v`_Na9>2d<}&8w0_g)1(^GtIk~mTw`A_S0ON@B3*`7{8v0uDEb%lj5Jx#e2j< z#g&vp8PT5onk?DEz+>&E7;59%2IbcADh{|Mf5?jm7Sg0r7;S`iU1JP9Ytx*!J6a5nitJKc=+NvjwMYV zs%z$_sIHmoBPSQuHRC)yOkH!jpLjKTW613A+IX50!6k2hEV(%*$8c#jXf0}WV$lhAK2Wy_ZN7w)f z?|C~QXLUcJ=F-#~q9UHMbXO7RJ(gYwuF6X4*l3(FRM$%T#?`gz8t%fn)=;`h?VCwf zx|WL3cjsEE-G(P!!_r(38SUxtkK@wQZD^j?trH_??@v#yqRZmxsdb^fp_kRWsHme~ zm9-EEk7xGF5ky74e^H_EP;y|ny;CBtu|$NtL3@rXk?x{s6h^hU0YQm}Ev~L+FpXVG zXj^h4Z3{<*mX`D0vd(Kc@0fL8%XxHWDEUV0i@y|FD5!}ev_FxumHjJ61>p9@U--B^ z6#;;t3PVubKoA)~r`~3JnUD0C0!gv-!kD4raS^_uAvPd?^yDqJe6FwU zu_gCWEuR+gj;ihNxWO4Tu*Wr4=aWx|-s#g3O?}eQyX!S;akOWmTFX5~5&1AAC_7vp%j9qeBv-nCq(*;c}{v?C>RrV4l#*Tv=dR=M%5YdRf6 zy5L5~wAPv-YjUt~MFsq=-1yctT`tY*+*(A_>F!mp_eY5o)4FE9i`?rXGXvq|&#jC? z$ZS=#=T~s9Nr&-;0>s{?(k-Q%|0xvh(S3^PS?qUvk4Uxy#LAw1(X~k>qMy0nGkslz zn3y+U=g*r56LQ91mA-PYciN!W{AOZuIDI3}Z+ep>i9*~3;Ey*kxvUFE0oeyjtrXFu zS9nPYF_)08IdTb!$}X7}b~VT%2u}rz z7x7rgQ&VIiPtB35)Km1*TR%}RE$Js}mhxEg4h{c>6(nS2@t@Jpe>M*Jk722r`)xHB zvw&Mk>FC!PD?5UFz;Z>glY+)B>Iwys6FI;*{MOR^`u6O{;4<0~r3dP~qDuB?;ix}wd z$z_*J53BPxi~PCMS`F&{hV?F4z>At=z1x)Q-9qc#A|jiucPHn1_x(T4^=^lHccF-3 z7M*e9RP}DIM|p;i^PhcAHS{Nb@4g*>vi@?^k=N<2qua!<@;kaU+k*SdypC=KhEsO5 z(TJ)T70_IFU+H%@2wkQw?+}h=S(h&~B+=!N`nf-H$Qa3xeE;Xf4f7*O;f?U5TDqwr zxj!PQs(}tHgBNMQgZb!Z_8;}m_@9V)uIKY1kb#q3=iqEOT(|!z;Z#RD@w4(tYLx;d%sBdQS z#mJoQ?*V{pR&*0#)ht!q-NR#3&xU)Kz#5}db^hQ)Z|ZU6l7oc?<-hwWj>C5qEy->sZW!M(daMVaS`7&yyP7dq z_D?0zo|j0>t>e+JzQDuW&aU?K7b916+V$QHkgDtk${{m%=5c%F-461tULiQBgm+S0 zi}1SMM{o>!#(~yn($^biZT>a9#U0+NX>+CUHk}OM{lgS{JnH`-K>dFTP+tWAal>#m z7{-Z=p;z`8l6u+HX$6K@_f0ggf=`u;dyDk5=qg+;bMdthS_!(Y{eci#)z51c=!3el zOZ-py7>xHsMLbl{k=cgj2ML!wwNdV6Heb5_hAW}O7u?pzglITM{_!ho-x&O85FmR`Egwx*Uoh307s8U~bn zOCRGIG(^{J(A#s0Nz6u>tMQa?qiUKmuQsjBiP|0&MMIstAQ`;!>HlNzUErgv?)>3N z<}nOpU|o#%tFSt8=MWfEt@rI2X8g4@SX`S+Vb)vrJWP%t znE*Nnp)U`x7BK-PjwlH;+TN|FayktFIJ)oJt3;F5;#^t?^p#5 z3ef_NG4MM^E{0h742t;-T(S4`3lZD+G)6cRIsAA-y~Qb zqk=x50I_U6@IK1Iy=pVA5tk(D@qUm> z;sm`epsY}@WI9&#c5KAM`3xMZUwq9X%{#J?S8W(JkZf^}>=W3=s-n+i9(05pYEnmS z7{P?XPxf(jJ;obBGST;(p5P9*_E#j2dVp7IN!Qlf`32ji)B)fnXaS2epv)u{mk{9{ zd!uAdgoL_K>44)yl_+bBu3^=Y>tylEc7>(H273#t?{Jn9F6^-E(b?OLRVGpcCh7 zO=!r;i*yGZtrM|_GxMGD@~Le7Jn>y_?$e+ASE;W(Z>z64?I}_(gfJCNs&Q#rHXFKn zOqGw<)osw#SO_o&1ZWB>Ys)6D?TEbtcb#kUo-*?4YUv6 zdm(X#3i4zWh_$J}sB)|Z=uxW%v;uCGQp;NKOKl*5$?IG*nJD`Jf%O1FLt`7F15lD* zq>f-5&dUO9&|*3hJ_rSc5LNO6N~;Y%@jEK< zJ!!O1)Zp5DJ+-&PbT@5*;$l7WCNQfm9&I*x?=AI<`X}_gPpyNihiZ%Sw4zJ}8NG*2 zkKvG<%3tHDuwBJrITCvu2vEm3{6UKoe^AfFA2Ce*$wg{>k`+m$;YS8(YRi}c_fUbe zBwcckP*IOD1d)vo>=lA9d(43VUr1F0=P2e=o1oMuGE^2jj4_m2ca{P-tI24I_(M{G z8$cj9-oghOvPJ^7PCl-C&E%;JZ<>gK?j?8=*vdq#$xuF0cyflS9zL6)(4BETJe#5F zcOim8*(TS5G%?YF0qR(z5C_Y6n50n&>x3rdC^FXExz&4?tXb`$18>_J0G!Yo z(KVriZ>Q#gT63@%MCij90uAe~jYgd0b@o+akETiMSvaL-l8sYm%NSBuWDl1W&iIb( z%TS=~IbCr#VG_he2)BL!J|j69aU~wdE2b>sL28%OE4k{^UFnY6WXyqkOq0dGweCBq z9~R+Zt!7x%k7yCRk7zX`VultO5pKW^`wOIxejv!Vs-Hl(+MM+F}@+&J>$tQYXk(c9gb zz8xfq`a9D-eBw9v97G*$+fYZkrPoN0Is5M*Q^5CS!_K-MBe(0Go}^NZ6)u}5Q$@CH zH)gY8uD}7MsfcC$B-bg~sd)m&m7dEqs&NE%Wl%W)?U5~)P*~GM9=6ggc8kR@x3mhZ{_v+) ztMDa_`!nmk`zt{h_J4PM?}r5>cdbQIOjDCmEp|_Q6Wl;lMhnWFLMFx&jC)Bn3)muiiwL_xj8ElBJc};{5se82Wu&8;F z&5v}Z6F{r0>+@j$3~G7S=VYk$ifZ3EQ0p@!$R9^6A$o?`Byi;xBN$zzqkC~2FAwVIsDVP zXW=Xh9cDb$o!`QIk{;Zu0Po24-~{R$6kOWr+WN`Vp*%aT?v?g6S9WpeO6nDd`Uc)} ztrxrXa-RAJe9uE3`7%YmsLL^gFP_S^R#fY-5~o=&`DQK*%ZsP0T&Kqve}mIXo?*SX z%zRE!GlD&RzPKJl-hfzMpgs!|*^k}F*yJk1*5s{i=0vXeo-IR|#}p^GyoR9%$zHyb z7q@b2m7l*}MG8wBp>Wu8<++EsGqWlhW!PCN^T`_Uj!Id>az7JLop@Y*5@(C5M^eYI zt3Z92^8l#4ngA3Tpi>WIwZIuAwnMXytT?;(2jjWmgYPUGJ`+0iP0*W1&eizThk-x* z_;1GHx!{wCoeY1=fIqi$Ak*2r3yE%uwmS2Y;BVPJ+LAU_ephRNn;dHiGvy z0-3u2r_baL*ICS3oKLsS+Ms$^)Rg5v zjI%DmxJH53aUMMjKqrtKe&_`h1f2q+ril6?OG{+r{4c^m6Z(D@fdY`g10)a5Zvm%E zE%qMy=Ur*BbMVjdi463nrNPEDgeif*VU`yAOG)4a4Pj}pBVYh&z05LzTa44ZTCs`|y1;^Nw)JwMd|}N!toepOY`S>k z^iyI``*OkQCk7V+XiWD)7g?}gY`t7!0$l*0VHAcgwP2lNz08#_>NNERMg6ivTV15C zc3Pl|J)M8L?XSQ0gDjUn4%@@f3UkVu)O4N{TOKWiOJ7=jBtD$b_yt2F0JY@pu_3QbS5F}0i=Tnp3+hxoKp!aAGs z2>s{A^s={uZz4i{U)*=%JtGuSEeUK=Umiq3_@s58O>mf^keUoeQ|f+8qA+PHaCPM) zAV~|mwGCcvxkqdFK|?(6f(@h36tAZa&&+>VJe7LMmCtKD3sT2sYVBpIS6un0wY4Rw zBQsMkxbpXD;bN^O2nFX62U9P*Qb%XzAA@F-*RswOZ=yPU%^#8#9EZ5N^4~}e&dmR# zwxL{GUZu6yXlrY6VAUh2mksU`Pl!=8nL0i*|BN^WK&*x`a6pxLwD67MkK#0H*J@S) zu>3#4Gcd^N#Svkbk%RfPa7VBmCu^r|9I&e6H^oASUt7 z9sG(~&?Bg^nfZF^1$4ue|HsrT=%IFZ56k}h0COFKgH!u^hT4f1xHB<`J?8@K`FrTU zJOK=|b0Ts?W3uv1Pw3Z?)Y$E<6H}$gY zjMfxRy@JlnL1*;b{9%K{SiA#uwb(Kc7^nh?p42ui*IHJJlcWUDF55xlrvcTQspn>< zj+1oH&(vDhaOuwl-oU|GfM+H=r+@!dc4;LhJh667?hwP-DMws@19*87-PV$uks~$e z%70eYrrnd^Z`KL<_KU-;>Uj`wWJj zhQZL;tA&GLanbJAmKUqb1KNfX^$9AW&Og2R;g_-(YtPc$9GtS1PUp!>Khl11oM2-H zZ>Z<@r76EsAXXIda4WSxTUk=%pn`hUA;9bH{L}VC~&>VZlLwzRo z@-MQWmZJ}}40O93W{e4;wOq?lDqC5~;UJ@iKmw1YG|jPRk2&^Gr2}HGu^dIkuGK)M z-P&5{AqK()Qa1(yy)DX^&gNkeooQWzD1E2yTR~>W~B~K2XFSKUY?cGryIhaIx=0mTOO!H`{Yg@ zk(7F27M+ySAr#+p&;#BYNIf?TqIS1D(&!P$l@vM2qJD5Vw1**VlI>q{Y2kpjyoh3d z8Y+)6MNxeW$MQnitt}7-wHm+Fpun~tvh*^eT2KX4!YCCGvgPlF8m6i}EODjXR1N`o zX->YbwN^>hphaq_5cZ4hT1O2P$l=`lJ;drO(1zMKC{r@}T^_F;I{{pndK4_>puPS<%Ni{I;Lv8j6$3zcD9pcuSdf z*E9UMC`b!c45bda#9{55yZNoTgrf<^9zPu7NPrr0QOg52eaMQA@>Hb)LmN`%X{&=~ zPmPX$x!CB@4JFz-oZ5-)AM7N1PUUz)yJ3U&ZKb2TWsGXrp#8dgbQmsI#Q;$<2i9^gCe~~#}o+-ZKkb?onkV=KB=ZN;xSCJ&X;1mO( z`l0FCFLY)-G7C7fV~EvfrCyqjF2WZ%U29yGIy@_NY!(QAXgcDOzR<3%zfr4PLm6<% zP>xY?fSsimEWkk$Bb_lcW8lT0dJy@@EPF5cvB}z(ZKb89PZ>c}EUr?orH?3h5 zoMQ~66i*DL&*!4Icn4_?VW0vhVAQpEpubJ~#Sn@^F^}K@#rztp6vOztO~D_jn6sU~ zcsKUb-WiwiL^3J`^*iDJ{S59=%CqxeFw71X=16Do0@(Ye3BOP}e=!qTD4oB2IgeA9 zh1S$%p)qxV{f>`x{svH|bpA4zbpG;1I)C@8H(>g*aJu?Q=w@D8T7ml&*1WNcupkOo4!?vKOX!D?^DKqZiaX-&9Q9P}5?)k7&ryd)8v_3%&^)p6$DoNQZCQltAF{e*k|4hBn!ew^kcJITfG^AUEAdzSuJH$}K#oU~u2Q})8kdZR(U83(SfM21pk>Pp4m2Qr zTN=lE%Fn4E-Vcc9^#2B=|JR4jlZOA7HyL=;4Ni5rgOe2Wz@u_gj9*0tyS4sq%impYc+}Nl3 zF`8r7-j0Dddcn0le9X93#(+(cAz-b&k)>h%uEVUrsolxucyTczE6i($v*IZjnQ-{k z0wbQn#vgO9JS#T9@L%72t93uI55DUNjI+>G_=&lbAG0C{FVYN66Kxx;_k6gDt#?fA zkjfjR<%>(cV3`lhCYm>@`w-8ADV}txBTkYtYX;R0DNas+hip!ngccd*Jv1WY{rEPV z@3zx%DdSjSlJ-zf;!td(q{k>p|1C@6rz|OF8T`f4f8}sF-5+hzwn^Q-6Cykfd!9fj)J%_3V{o`E+Jw1 zpyENawVQZAXQjsA3B+;Q7V|6$f@sp zGpPv_z~BNMjB&yDKSl)}(T^LRaKVv*I}=}2=#wy%Gyun_;2B4S54J{foRbRD z?B%f??hF+^&6JBKH>ptj zKT3u7HoXduvtj(0(NY)jXj8b{48wleUr-j_&-7}!*%gxtE5}jc18ogwJci?CA(cJ7 zy77OE3h!-t)jpmIYsOLGgKb!>om>_yIf(x6nO?PR7*B1E#-BI8a$t>2 z-`XnYSIwC8VS51&US0}c%~jY_kgwx+uJvMfZT%9$%Z#t*rCxUA4iE+}YU=k`T+4t&=Bg#2hZw2cL?gOgjqh0l^Z zjJdO1YcYH~orA1MnVlazjqWH{IF$^2-M{Ob%-X4cu5^+4iEB2SpHfric68 zVGse0i+Rcvg6^=rcL3Lsre5}{uj7)^gN1N4B=0GnUo~SQY=ivx9$~Yd zYm0rPFfm9A9}t3TasT?8SS+6@TGvS+HsuUjV9Aqj1nskk70`CRi1AJN3Egs`Ni9hh)D_->s zR+N3>+2lR*uBd!*BL2>yUOIbsJ@cDO&WXR0_W+-enhN@b6fOgKUv{L9Qk%g4XJIk< zjn9Sd94I_sr%TG$+55d;-uj7gd^kB5o)fjP~HS~tn2b%H*-Y35%3yk5~;)F%g4nZIFf+$?&LQ= z`RIV#F5S*!Bi$fBPH4e|5Mg6k4)+Nfr`;Ou%(Cba`!nhK3lmIvUPF9xJUPL*o?~8h zDEZCx_kR5{h>Uy8SRi5#8|KV8__0t9@{^b|tV~%_I0VZL>eLj;TjJGwTtAI*<*5t;*1D%7c!bE|#c*8iz+9p(F(zeyC29#|v zORmrsZ^W6^SuTH`Ph*p@VCEe((W(0ID>7WGSO3}{jhC#L{OowG!#w{6JF5C|7)}r4 zwY~`3HY+b*+x^Ie`p`>B+S7mCn0>x>3D~0+oVJX2 z#8mMFvsxYwy^=?k@#<_casUfKUV14?4@B39zIfWbZYej+@H}z%(x%4rUXeGi+J=L& z=T$2>G;3b9Lxi03aGn^?3+9ofClS#WKknvbC=c;66nAWZi%V#T$6kBb4i0_i+3b0E z%H!)pj=}Y8>84CeTbA_aTFepPpUu9-a-+4=5CIC&A7*UX)Z_n?{kBi;3OGq)YN`RqAjmB>wgI_LV>>&Q@JUKVn*SrGeMJjks73x0#}1@cl5 zzj2Z|n6)TA>R#8xtxS?F<^3A{g-;YdBpxG8jGKangfdO#4MAGfjFBa=6QEFWb8~uG zpawlH6Hnpp7;?u$?s&gsQ!r^Twyo=wYx5Bj?b*Tu=$=QOF)v@;zn1*KuQ)}m@UdTW z&!pOeG^|h(6QzCYZz4XEzJhM&Mf39$&N=8B$F`vTkeuc7K4FYcl<3eOKCHO zNIWEkN}kqEQWm8SDfaz#UE&y<4`5CBXip9D4F3{zDY*30pdc^0Di7-gAV_?N8(mw^ z!}m*mg-ecXg*b&K*WOnloCT@_cNuB5_L0T06A}bVE2*cTmx^LPMNfDfI21wj^#}X4<+F!d_&#Icl5A;|C*cF&l+Hr z7cP`>|D-oj;pEeusF=>DBfi6vsF;yh?CRPXoApa4>b`zdnHf{?^ArmDQP7=wMJYUO zf69Jb!V5y&MR?Jf4q&FJnN7KxdsgS*vX>`q{8R3*+FfWgy2xyF(O9F4W+ZTI?#|c+ zvQa}{py>r>)4&*;PC82qpDH|VKPc~S0Oy-@xhh>R=@Nua(Yz}@V^9Sp6v@LTeriS) zH|pz&oift51<^nKGyDpeRs8 z{kMerFWB2GM&qxzWV5cS;cY{Zw!(he~pV)cnuFmz4YGZWTiVShaLSvv?;4C$L|_cU$)vG4g=ZY1QxyIG|rBJ z_9tde+6U#-0uuXab}$@C?}M(wSl^rsxyf1hC_k){$@0T8{a?{4nGoN?z{WmQR|3Gx zlXba(v=}4*axq%Sot6t&Pj}u*CVI}4O zaRv4#;twg^zWE6pCR3}-pI>(-(J}%MF~lm}%jS$EmW-f|V4~?v_p+Q3=27R@jY2`X z6HCq{nnpP)+yPhv7{*HbG28-uIG+*%(TdU}||RFUFu-6kJTxYuXd!4B|^X%afZ6q@Y6Sx~ldU zz9n^6M2~_8b2bKotJsxtuwJ(QS?`f269WU( zKOaRk)IUw)So|ed%-dk2+TB9c#QT~)hZJ_k(oDwF zxIgYrq>bq(x)W{$z-vK=4dl z7bllc`;<{p;aQxlPvfx+`fP3CV|XjU+n40q8oaHOZ#Uv?y?hJfh^$?OPZ;`)$}Nzr zXLV3(hFWZ}17~z;amq-&UIxbVKvnfXRY6hJ+2%X1f!<0?V;6DXCiK#Rkwo1{ck_sN z9C-tYmAIC3WuOKLg(FmI%L@6sJW+ey2-2~-Q~L?NlqBkKKc~zy+TDBx6Op%2WdXCx zI#H%5QHK-9>(cX)tGjs=S*Q_<&05$j5$%>O08%-Bsl!lg%tT0q*utGM+ZSzwf&aTSlHy+awl%QZ#A-@%n z-+~m<5>p>q_QCp$eZV`Oz9t*+Qy(rBqhTn-!qd_g0Go8Bal@A2sEnGK`Eyq0q%y}; zj{$=(3M9V-_3g+ZHDW=sdI)S1u=m;fSDS_bSd2srgV;&sI#V&uFzX!aA%T{bH1uPu zsUM{ZBqK=eC=Nn37M_eyQ#R`>4VmbAIyQwu(bw9W14U{dg^I*kG=*oxzHVN^IZ;DO zl}I&-NeQ914@t$y>)NX9!_bWC3S$G@ww1*9zf@%7dpQc;NIXZ?orX}OBC%PTGmxud zh+q-$9t7Vy7eEqRcP{4a9wvHWZ&L&*Gy|%|$-<#zWiBN=8BWXm7>ogiU8LfNraXw- zF>Qr9j{HFlxWEk=c%!#?>{s**?0ddhBAup2rQ`DLr}kgm6S%#x5w=NfqAD;~CN2lg zc@>#?jU>*0cWs@8>qrB$)ZGcVUk07sc<-Kt0?X#_hIH{dp91wLERbsZ8O$+0jI*|9 zcemx_?(E*tqfePO(A|qif_?&dcWv&A({?13tGXL*$XM?#r6G~zCB0Gzu z5>fH2yD9PC8ZSF)UhVLbYrF*^v{;ctY=7|1r zrU6Md;{d>7Om1D9FXS{31Oog4Vo(ktYXW7M<$Q$Ll=BZvA#vWGbB=3kHLjSz)ITw; zqB_)I<>fT^8M?T>2tbN0Hy0MI6!AyzsaeWybU|r}yi8NGd0k-d|HG!I> z=NeRvm7dcO2QO$-X5CkYzRbt9$LPwmg!5uJY8qm%BAqV0lCcRd>M2641wc!HCMivH z+R{MH)j%1p2#sFet<3Irfl}4BgmZTFq9q|K6AKV8Ji(?Mfnb! zivU-0H{4iWo|{sRONZmqDI!tk%kD-@LkB)3QHO40;H61aUU(*{%plqh+fNd0VCOP1 z)SZ`fUX#2zr`xk&{`N#pB9dN$2G7EnrEv{^O5e2;{V8NQG8r&Pe@gMW{3&J9pK_Ol zus_G2G7+EBywBpU$$Thf;~A_d_FurM`M-^ODd?k;zAZNVGWiloLN{jt(jqTN{&=Fuf|_J^G})P2K??_n{$>&=b8l+>}W?0EV(d z-r?0L1Q4k0VgNFV=lPcZ@~U7}e)+=E$Jf24$;R7ScsEFIEB0`&=r#S9FPFlqg>q$2 zeCl3t=UPHpg`VCSHQsRIojp`CD^eDJ)8)GBPI$D|O^pv9a^3Y6I=6nyUfHxzi54k~ z&Pj#Rz`NmvjRz zAiz%$CxMSH0>I`z3&z8M#e$LWDkhAC7ce>jqv3k?159EV?ZmzfLVR%?GN7XZ8H7x1 zDXClyTo6qdh@hBmDhGGr5V0-Y&QAoLS0lN*>gwI|Qx%Ck=%ytx9gJ82gH4l+0#h%( z!_$ivyc56iBm$;o^cDSo`s@W$rNBv7ycZH-v9VJ;L^iH3i@yOjzG{q(=Zt6L`m*T7 z8B}kROfZgx>y4vu%`*rrKWE6*D85I|h69wm8^B3woR>iLV6-WMl3s#7@U~b#Y>E$& zk5%$V^ zCXW_@%|TMM68kQPBdS<}FCH>fl{flX9#at%!xk#x>(#HeAfVY^hJUpLfXr{FFDq=g zThX}m@j{^JiPl8Dt563X*&PpM(okEG^lnt%NXNzoyB-#`twtu2&$c^KhMp4a%%VQCI{vZ82S^|CQKPOFm;3d3EI?_+G#!#mp3Y794lf)%9#P$87_}CMeFIgGBwT&DqTTw1I9o?;VyRy_-BSPLWcJ8uka3jaTZ6V@-hN}+5%E} zmXjZ(=000_7Eu?M*oP4ZV9E^IDF&nH_nrrUpj`n96fB1(s^&jmrGn=!1kcTpJckJ; zc&-vNvpVwJJLyzoJu))S+P?~uxg#iUDi*CJB2?!3;eNa8hi7mkB+kdN$A3#rM?2LW zn`+viQGjh~gdBKC&@C@0t91mmn~Js85)E~1y$Q=3p^xFbp?Nq!zQhdA4t?Bu`GoZn zM2M0+V`#p)pczuFmjz}ZcIcDVOR4&FJ}xJ!$FbWoRy%a9mG?U9448d1rG#K62t%&%eAMsEbY z{m@>wtcV|0*3A@orMWS8yibX5SMXu|@%S4f(UR`GPv*ux9Dn0X^dsG&oKIHd#4e7% zF&g!EhjKqzksF&HeMHgdF|ioH?ZTxVE++(5)KBJJrEvis7hMY35h+ zgihM~)pGN(`7Y0PsE|O-J-^44+|cz@hCSQRmP*nc+?t?pz$a+9wo+u5mmM^<=TIzloEW4 zpK-?K03W_&%j@tv$D@a3SF`ZTQoIOEo>0n7OqIjS^^H=$MzDTSl< z-BiC&hJj=x7ZK@wGJ*vzm?=TfcyT&dgPjl%cU+UXI44+RM_5Dh)5?g;T;~Euw)TjWExm`cpXP0Jb zFysif=1WU87&5Nc2;%mN=k37==49ew*L^8(upWo9!%HK7xr6o7F%1&iUH9#G1P#?3 z!M)r19t>HWk#d4+O-9GfN&$QR{`6Mzbu#21GdItg^^h^-G_chL-4FgkNs~<^f2@Y& zMD&?Ba!$q?!3XSvaqbG?xs+PkuYa?Mo=b0Q?=~L@r-$$pIP!Dk1K;dsEy3hxW)$ve zmIEP3W!hh^tu-#!*2WxpAVIPCBPPZ6y=sprdQxnBQW4Q7G5_7;6i>SDdtAxy1F=hR zes_rv^_95pJEMTyoJK>V3gw<52hP!eVVHjcqfPvUA$2EqOl-vVz^Yk_x^b36eN1)E zQlqn+U}P@Bc;IC!=?9pYq1aG$Kpflxh<)lQ*H+I}5LO$YqFW2w2oUcA^JJInzGsy< zkBY`F8DIXO@FiuVs0(yc;8j!iqu<4{7x|~v=x&F)X17yaxm!`wINY-g=Y6~GJH{%+ zQ)*A@d0*-%x`o~p=Rbj_0<7QYjjR~KCClWpaDlqZz89^k&L>s+q)XJQClz(&lUy72 z0A{yZ`=q0e+)iD~PG657G}!`OJ6+n9n3khjE-;tiylD9H5fGe^`yY6=H^2Z(r_yW|jAXUru7#uPceHBlU9ZV*9!e|13 z$vAL>)%^hasCwMKms(I90ANMx$|r1U?Gr?ajE=-_2jKMLcY)EnC!8R%j~!o(+I%jp zfKD59_-%MX_IEO#kO9^2iXGa(2(6M6S`y3i4K5fL3Ma>h+yaH)YHIq{TbWuNJ z0&V@3#(-043^;}R0Pz1t)f^|6ljZsvb6zGQKUYSdTH*SWBJF_hcF`<>l029UtFS9lu2y}ZbA>a zga;jorYi_vMY+JHu?i12rL&=uN2k1 z{;_VksPp5NiAS{R8%1@IR=0|MV1_ls1#`5EzbO_qLF}d>XOpiV5iKRCzizEo9R*k( zv8fELcHK@g*16S#qMsFP#Pz`jXgKDW@ODW$N1@gGv@V7L;}TpgNe{QE^J*;{3?PwN z0*WfSzKb+1c`tK3B=(DTzlz}k_AM&-=@0mIP&}e_{g7`U9>Svi*jh$1R&&jU-T3K` zjBJ2X>$;Ec)yzkKKCXheA0O0X+K(S#!Wt0xm%rf~98oxT_FLQdPOLtnHk6A#by1b} zwH|(JsL}4)!Iwp~7|6D3UmK8L!`fYs%CF0S{yyz%yYWN2>-YThnA)&hY*!bpG_FT5 z??Y%9<6+uN{&lUNlO4af8~>&O&R{=8f9-hnV(Xukr8ChWYnvI{)7F zD*t|S1b+?n?X|2*+S_hwYNrU%+vkKoa5JxJxP3->Q*-*}qU23(1SRc;$q^6var96; z60mi?#p{mO<3u_~5NivqGi8YQ;D>I%dFJS;CL3&_VCa0)WSS){m0-vdY`tI`?NA`j zi`azqa}jFrD~1Bv`wE|g>(bTj3OdRcC7roT=x{!Yw&fz7-)x!BIWg2Z~?;FOI0qs-19=u>9fDq#L2ZQW7Wb1v{j7@uM0mOd7p4IFcB zL!E?G;vZj5TPsL2pazz&=@Y_MR%toF9P?s1J}6y6@Dezs1z$5-mFJLgnXe=8zfu9e z7l9*#%&ob!MasN-_q>n?!TzGsiA2~Jh}?^~Kdm)5v_;N&_1<|QA46MNBS-QvoA_>G z0mkr+XSJ-R@wo)R6cz5j3MLv51IBOzQ+@=F6xnwzf}Mqp!#Pqn`Vp`nTvn1UJ+tmP zj`TnQ)e9_5cN0Sl(J*|-_#hLY=1KI6r9oOaAok!6j$~P$+H>-!;^Fvn_LDzhm=v+F z4^mn(4^5*->>}3B=7qT4T7@okR|T#BT5C{wB9E-BKC1TUi!L)Tj1kG;hnw+X{Q7&D zoDRvDRW1#%_AuC^o;>d}*uxLj;0lk7+kDroF$>;^NjYL=pw{GwN1_*uV~BhG2Dk_T zg=vFjx}d>=P`Y%C1QIX$G+tSm96qN28#Oq_ib=eMC*)g&|vK!{(Q zLl_Hsla;RcfCKR`IU&DPg&hF^>|Zzcmb`d}-*)qbtu69kYYIQh-Dj4gbJ1Abzmqx; zvo|GKPw0JO3L+OE(74-ik%KZxZifhmd@|;N%Wd3IQ!Et(`Qeui)NuW1)eI_#otVG6 z=-6g+ppu4|TF9zat*8xL!3nC1oLU{W1Uab!u)aSieZ^=yb|<)~QQe8Z&TeHvuxf^T zVd*35UXyA8Dv?2XXE(0yMgB_xPoNNht#XgX+sV3Y z1JKGo`3a^W@WqC}gMTRS5Pu3hIi`HPz(+1Mr~!E|BEQ^;-(&nzfU+fHJX1yX8W-!n!a~yb24CH@z;{nDUlaqF3j|T-{iEsG`d{J+5(d4Y;H(ALG{g&Y+7F=Z( z6whLA0WxINhOZF_Euh*cOTD1vAOwnPW3ce8=#9wP7}5LSQlQ#MOM<6Ka4g%C;Jenn z1_7t8pwwf$pd6P-x)h@lkUJf{f+_%?3%KQ5zwr_SY2XD1EK~)2;Y?mXy65od0HU}8QxJv=%P<%J zDjYq}*{5;R?9nRNk~=Z2zrqhTvGrF_SZ!KGk!Aio%DNi6FNUg!VCerXr;vq13!paF z=NS9k?DNaA9Bo&*|O;Ku9~RHsCs zgP}ptUb46vP9YoGbFY^HhY{RVPq({AfBj;1_$&t??KNkF+Qj`^wxssJ6Mo&4de_!{ z_LO~lqUt&*CkNb3@DXB|h&_j`9S0EUY;|~BIST0!R6ZszWdN!QhzbK4a(~Bi2nKbN zj1Hb_bM$c zm1K__a7zqql%uB?pu0A20HJ_&zw3uUeGVL4KRlKLhIn%>JQ2W_J)P3$c0SKQB=sre z^VpB#k~L^hSrG&i&vMSvq#cR~Ks;;M`}j1@=7Fq1FUU|1Dt4^KPB_9 zDrh2wa~wCTlDGzDC0;Fj&NI+mi)R@s3FBFg=Q2FWEXEwS1gL_{l{0)5%m9tWU&F>0 zAacxo7aANRQm!BF&cOxe>=ZhRFi+f)ifUXxOy!7Cd(TwBl1k6D@9lg=B9V7IdDK&) zLdicNreWGkeyDKDJ@7?hv4cnlYnVKNT8kz08IGt0)TApisPLMoj{zA~(!Ur`kCDK@ z3rYn+Bd$!B0J#g0*;Ck`*U_jL5IxwjQX?%Wv5Yd7L;hj zf^cc0{`ITOjzteen)P3N*y`ro=18ON$v}=3r~XRWJF|0<=0^Q>tM2FzWio!+%wz+v z)?c9BX-p^4sgP2-P}wvMs68PVdE*nUidd?E8$9BzWMxj_o1n0_wAz7q%ZCQf$40ZG zKt8GnfLZ*K2(j}>$lgzDElPSGLL6Ic0QSRQmbnU2&*jE<;F=Ko31IwkjJy|Y5qagB zy@88wz1*cY9ie-#_S;FTbTy|AGfNLfrxzX+d77doZ&n&&ucJTJl2R>`b;wvBig={I z*3&4;6>4N}MBvU@1cbv;BaKq1Am^=@wbQxLUW2u&)iQVHH8$A3#-!zejIb1D6~0(O5cpuVGO)Jx!RFza1=h3G~!1@)wE%4Ap(Zd0H#PF;B4VYGBk=Gb49gH z%SndL#E${fQMag8w1o;y<`gcniS>bmK3rsO+5%lqcU&Z<#Zx0m=eGpH`$s^W^Okfy zecPXq2e28qCwLYo8P9EDpj3bId?Vf!E3??Y&rPtNuALnYVPCK;F%q2xthS2=bfu#} zOyQ@Pzx^SSViig81^jQO{f)nS!5}1;1<* z#P%;>FWlR;H&y|Gh{7_G40>xZ)Xyp)U`AtDzk7})V&BBqmH3*!+7{M7e}(+qW_2=* zZ3UoDG@}0-_&uV3lU%Sr0%i*8g710+YHyi-8{daeQxt3t7US-a0wB%}izljo7OC+a ze{>m&u0Bazs>fcxo}h6dR|R@;86Lm@!M9ozY*H) z$BS5xn`Q4s-gvK{=J8rne>DNBWqOy)1I6ar9AzG`vCR}4*XFxWm53;!PJvNZI&fQU zvLe?K>S+*a?}yj`BX2i<0)?R#kQK)Rln!i~4JKOHUzMPzjS2GW#v{g?R;>(PlU$gS zUDu-)-d&pqX<^hUsG(m;uskH3b+;%$3D$862l}zmPgY!QOL~%gv&)OukzNaWhefqR zS_R9j`!{DJ1%r3)2%a3M7{6H*AI^zQLsfoOz%ai%hLP+?yI}D(aZF5o_i`YCp^G&K zpvw!762V?XIqx5w5pLEm0NBuLm?B6t1PMCi1E)Z2=KwY(sU(o>j`y%-8u$V3q9`w| zadgbUg-=gjA@d`wSQbA4eFi@K80^Vf>>1QAGx58D^G`QQhtnSqhxH*~1+}7-yFZ62 zaBxZ*!wD9S;IpD`q0lFliTzHg(p^n)4t8m`%#}4JG#n=sv;D?-_kwnuDnGl z-G8&+{(3{{>+3Emq-yJn|IvmO1K_!I_bo54Q%e7E%OU73ZYtntACRFh>5r#_`p-8> zBrry+R!l=r!^oD3lebL%t zC?1(`=5m?90mb-g#OG|CKGi18fKwqTv^nix1+m*VQ2AA?{tA@e*11yoVZ3PlOfRQI zz9#6fAejqdB2-JIFUtDHY1s@B}cvCjI*t5gM>$ zv?HS5;gg`T%bE$=E z23k)aQ*0_v zOFy!1lW}t1UdiqF%+LU@elhxhnSU?j)qOY#i5fS6ZTl{g_1R9y#8(49!h4f?^wdJP z0)67eFYNJZ>D<9QDDFIb5b7}^9td#hWWh~}>+ZkD2Z=}5=Kq7&rMgd|g!~RX#V*G7 zy$1sKA-8V7RN|`Dtgg4QS^Or@gOp~y22^a;=K~wfDCg4)@Fw;%QlUimNgUCJDO#`w zcIM`hTx0lnjZbLoSMd~^13OR?@a_;gMkepzm3q7z-{lYT!~x`L#wP2>@Kut~wfR97 zG`d1dHRb`NzdbXGH*#lKlm{gmqSq$#mP&tIY75jjXqbhm;<;A zuFk5X(Rx4qaFN^3mfj41q5$<9(4-voi`*`V~{`PS-Ww7Mh<9HY!&f|v<$A=q? zp9+5>Iz2voq3ippq_d8VfG)oH8#x_cYHo^%ud*U5XQ;Q_i3d?gbd+JF3KY1GH-EO?$BG)P|410*_g>!}!`&2+kM%`(9$9_+vRT ze8|11z7*v*?t-!@fcEp-k{fbjLG@Huy5s7>sg`w_Ht7$1_z2#=VU(5xjIIflp5FMJ z#luYBb0!_VuNavU$OI)_WMr%d={<%e%rFB#fVJ6&*dLd63{hd|w}q27a3{!129pGH zRdZGn7|b`DL8V@7z9g^PFm*T@o!X>df&m5OYu4`o*MclC)Rnds88K`B2C!(T+P_}? zH&C@pF3y!?i`&DG~uU|xJ%-rpTWBnH<#KIAD!*`eos=VMixwl zv}#>c58HdpeY2(85hd0zfbg)NRS#>`ui6p%ma8=lY1PkM%Xr;QE?iQocjck0k7{)< z4qnlI8*qbf5_xob06;?`LWMRTL~1(r3^(z7s&F8lDqn3|s@1)w|C%*azex6Q zc5ZrxRX4k8Q=;xwt@=e#{aPbUv^qe5xb1{ieSfl23HMi1QG-B_@}bpj)9QBjS5wL1 z+wYA>58A`8{e0*hKzTS>JrLG+NJS|%RV|VP)*CqV%mXsR`h^B%;DVUbjE!eXI305) ztMAAB!YUQJ?(hXhF`^$;-XC6V(|5_u)v{8$ER3>D3+v0Ql9(tUDIFUE7|^V-*V3`! zu>Lx_E5!+V+e*HlY+@uoIhOoAB#TXYJe}jZ`#b1UI_5YF)MCHG`afnWyQb^Zt#=LDDU?Vb05>@Fzw0_%mDTN# znc|y#wwN2W!L0>z?uI)E6sAe9p%EWgKdj$!8ZuG+q8uKgQ*oc{V+@Cdj{6=MPgL)~ zd$v~a+6_HI!^VhT3*k!>of&XTat=+KAbMH*3Q*EAJ7dsFpSr*@JKL~R$0IGzASUpT z!@J9oSJ(w@MemPtT$_XV9l<~wJ0D6G5yGdT@x`AoOY>sN1(z)pI&{*dl5#YEd>Gjl z#lHfh?J8l9m*m7QU+@KI>{4l)70Gc}ACe~_Vy9;73Zs26G-}fKo8O15@6d@}j_pPI zgGN#^lw+k~{3>bG&x1|bs2|6u*C>YcSLAb8e^!oy((}oIv({aaJd=h1tAf@n-vt8G-xj)fBkLXPRb!$?%ZZ0YIdGBkiCO z&mjp=LSx!&r^+!?yu953h%J%bgc`nT)Bt;`a|es|!mIV88EAPw+Qp0k>!`7d0Q3X0 zGCk>*9bI8&ZW8weXtP9`oAkYaw@Lqvhg+?O^#||-mkSzZ%PAy31+PZFNYLF)%mLt72_8CO z(G$|~EoT)UL%N(*%$Bo?LrB+m8Z3HvCek|JlGBC!U*{nO-SrG!+xeE9Fy#OGJnPfd z@wXZ}@@1^O%yO~%G)U&gq@g$IYat8pbNsEGj?Xhl2dnn*x5vLiAf+_jk1WY0X(>kg zUXZ$~^k7G+oG&!#-BJZX#XYc`eU2k@6IN*ou)it#z$)xNAFJr|NDGyo-1snf-VH;Y zcH-~Yesg^zIK6;6Q$GUgnG*O3qzzs=m~ZM5j)x!^aW!uKK&1RwfEMn`C( z{|e4`vm>t{BWd^)o}59r2Ya$-5MIn6JRQ{lj66{<`)AG{K4#T!&L6zy{K0F@AG~t@ z;KBUC=vHP5agCfp6j<@fCaoo!37yY^E?UP4#G&kTIe}P(Os6HofEH066x@X3E?B_)dBI9Mor%UJLld za1%SAmrJE$$XtLj_XTh`>GfB5V#@OXN5`Y?B9 zPZSgH*<#`y94{u`!AZr$OEFp3)GX)L0sU_R8Rnu~KuRP(?|a3NlF^QG@PmX~|D04k zl#>AEBHkLDV)omVm>;2Mt8?lbEiy}qG56Q9R*q$Z zmt@UXf$(i8GfrLzkN#H@fVXKo38F?y>WA z+Z2op_#lSZF?b}ol;~+@7-?*p)}geuz*L2QHrbM9z*}y4`~@B({fr2 zx?up=gdYM6hVW8Czd(_}ioXm46b4QV{csO|MxM@~g%qs=XQ{w$0ngfj51h>-H$;lw zx+Pef2O!h2vWV?JWjSg(*=7eQ&tTaZj_->^p5djQ;G(W)3ldPy2V~fo6P~{~M$CB6 zlyAkKp8_C~#kr|byEq8XcrmH#n+6(VPaV_JU1BuZ+Qwv=K94DxHs0!!h;8Ja?%+LJ4Pd?++Vdoep zRwZ!qY}AjCM8ddK_Z;Dr%7MvIZfsim6MCRWPO&257WZmTv;O*FnH+yPr!_jYSuruuuhT2ackfJNAfc{@yF6QaQl&T z@(a0Kh^tXb_jKeDg{{4t^29@MfA=nK-f*$7iR+TiErr8Eafx}QeYebBHyyNJeCu&| z$iXzdZAMqedug;-P0rcOi7T(!5|2}4qFl7<4dkcGoUh+8l1c2ie7BX zs8i<2pbUSqCLMoc>Mc{!f#jOc=DL50=`Lq9p3+oi{>)W0%sP^ugqVUw?&AB^6IYzX z1_>Sz=n+#E&Wk3vOP}Y7`8V!Go|sL91EM~l?zv*0`mk0XKs+cu7zut+@3#{COu!#m z!YAr|RsthP!}uc;yrSM~C3u;DKQh51>OEEh0GSuYADQ45^=>P{%>?|B2~Lp7N^mj( ze`JC~)H|#M2NUo|CMaMwD*=mu^RU$i-J2q23y1pf6_4O*-`QeH+dLfoxuO@c+W;JX z9RDuGKL!5=SLM3*;@>av?+5sI7yjLZf0Rq>KSLjV)S@s2c3% zR!TQHI^vB@UpK!&?|Itqo3 z3B71^i1kik*QRI)~_h#oV3xAsoA-431&xs5Hs zs0;Ck5W2j72)bsvd+D#p`-c+aH5aeNe1%K%4ZExAyfXf<2w^^1ULZ_jIHyB_eD%i8 z6FI_$B4$R2ykf*=ayxLjqrY5QkC|#vexiP35vsSa(s5YW#_2VoY}u#B59MTvKRQWy zl#Prp1#Ff^l#LR3=cs8Z6Cvl)SUo)-yx|iL+}lE_{0pHh?w+zo#X8^u8*Qj zO;-=b+mN}2nE{~v5)iF@|1>O3di3KG%UsC1r2W#&_l2v!1jE>FH>a|_KmpQh{pE5b z?JtLIz+bS4@ZcZImLQ5TVk?M&gXTf4IlUrRD2X4#d{0L|f(QH(v#{GH_1t-`t+(&T z`e?kzYfoXUb!UHaYsu7$0}#lnO|R0S3x)r!z(JOkt)r27|k}S$iojI?$^95tbS`vTcP$dN!ON6(TCpYDk zcF;iR8=Qt{j-O&!HH5&3oPvre-L>gLYrZ7%GT|1byEdMH)gki4Bc`vtt#zvBN8`hw zAa9t;pp(%VSRu7V!H_aG3{;VH$PhM*zazf|oVH}-`L3NCJf)Aj8Xgzh_Z`xvQ)K=r z_;WYo8J!c-C`12LVx-}mm2u@LRR2_Lq#^ES!z@|nzUQ^+lrZgrG9+2{oRsh8c!wir z(^ac;BKk9!t%zYFB#n4Q$~>g~o7)V1c3ppn{tv9M0wT9*O=u1|%-++}Hpab(8ZsL& z$G=K9RUWPi!Pp4wU@&ZVV{~1Q5wR2p=P>vIR|r%xtO9QitrB4)d~<4*%8Yj=;Gh=5Y^C@Tj-2@pL}p~U81 zFFqyCk8JQHmF~hfg=dNgmi{T0kD!R_Z#@CH+j=kQi66>st&vAZZ`%Q`&mtN-&OTw& znjD9}kcRbifxtnEVoy@Jb4$F$7F&qADmJ{%!Jc7P7bTUelFD7ie1ho(*CPYMAx?^_ z?~jPu?~RnEqH{_I+AhICHivRsYH+xn+~38sETs8_(QL^miJVmKE*!N$-erJ{Oyqrw zpU_`ICPOxzqV_*VMAd(>fqVqKv0rU9t-Z;5v$iY*Ja5*Pp`1~nlrJM59C3IZOPUab z$9ay>$snaTBk%Us{K za<%q0w_l4y7_d@7hxLa4!a4zj2ls%$5$}c{=+gG`O!0-X_zJ5yCTfjh4%Qr+n#4^? z>P&9e(T=OPyt8otJ;rI4VH~tfv<`4v4;VdPbFF9-+aZHezC{RA{%Br}77DcXrt47_ z)|$6jlqE#SUpl;}I|(7VzL1BRo+ySET<; zGK4XHauweIW8v!6Ab#V)j2(i}foC5BIFR%8ZKIfw5r_Zevh5aoX3mjOh%1j67X ziT_y1f>1$BP2cQKhOlP2551-c^#CQ(scfL6y%UuHoMHohj(Djpx-il# z{gLYL2wD6(TXbqf|DIgXRN{Re9wTc{tK#-5v;)Pe@B0t%W~BluXm&IToMz1zBhJ!@ zJGQB@{aeT_vC>|HH@yS2rD$Pg?sUlc|8Vv$@KIIQ;(wAE$N-}=m{CWGI?7n1i8VA)LnqZBAp`*lgv?-( zM_V6rQ`%acK~SEZP#uqBwXLmIt8K5hx3{lbtF8DZ1PI~_q*|1!*xuG1rz%PXL?r+3 zTIZa}ghzkvKc7$LoU`A1?X}ikd+oK?&Yql|t4u+bNRseQN$5rnL}8%E+?qdn_u4?3 z!@^#t>Ab+|13CW+!q`gAU0llLQVzDM{9@}PSWIB0TfK?2#N%b?G+n=6OkXRQ(^sRk zF0r!GIxexwm$p*fUns?1k7FhcA)Xaa+-B`6hUc$2KMceic-}1y2NK)o&1D&e=-ulW zLKnC%>w7^^_*08-Y>PKN53(!IH8yQ|FF)j|2rWp?popCJ30`eDx0w?k9DuRSzC=h& z1!P^^e;yVnZ|T~dDY_&zy#G8i{DA?kCW}{bEEvjqZ|`S0;99Rc%#w%W|MqVxl!RHo zERs1k>Z+lvSrBEQD+@WvDrO~5=|BxvCx|2OuxZ32hh%`|h$TmCZHh@HTE&EdS|&d# zZbs}E_AkWEBK$1!OEjsYa+qSAzr%Wud7wILTP4iS>VPCd0+L; zq7m3reyC%XFJoEpNxvBA-DHQb=&41{)fpA>3aEKxTP$o^WgcQa!%jTVbtMJS;b3g< z^6O*UmM;|OYPyhZR{I=kr4Ey3f>N~-<{qps0$t~j&DJ|1R>DkY>I|m)cyd&rpLHq) zVL)8HH_^sxBgZ!MmmV%c6~qU|u9eK6eLtt~k{AS#Miy6lfJt&twK5eKSNobfi`s|m z|7o?|c2AvZ^XJL3Gxk+mGCqcDVQ!boibp3kwLSY)juj+yT&|(&%sM8Lf3EzZCs8&o zhhum9Bc&!WN7F5WISfdRnJthc1n|!l6V0G)E*LRi)KT;4aM=-p)%ID5h$>QI2bPK} z2=+qs@CTYdw!U$oKyh-`NlqqL<|-dSk$DU=3QDH?W=NBRqEyAmM}ux5=n}$Uin}o% zbU>f!@nzQgGHc{aSg1d}A3I|`Io)RdKFLWxem`o{tECjW5#>K(HoI|@wXCBbc1A-q zn)@8u%mZ%pc+t3?i&a8VysypNPP{GnMsZyrjY1#5`2cAHjr&##u|=CcK;6){%su9B zf421%HJML*OV6O#de3^XwvMDNSC4r2QuWpuIsebv zr?(-v$hoD6IR^M6!E%R1^-D9o}Y1 z3*7i33Hqa}E?-zChs2w$p6d17GRW>X|CMobhv-h$BX$UQFem@DJlf1Mf-~!?`tBt6 z;j+yoo|JmwmGo~GIonLDor`v<8a*$FB_5$#r9#K9ZRRb})vl|;P>-(UykC*t1L^d#od28RNh>}bI8>RdFV@UWWYm8%j{p$S%>wvV z0`#`b8k}$OY?l|w+GI|L&F1`CFsqcF>R#dgIj^`Tzl=L3m@-z<&o|-X9Q@6!Yv@}H z@#aDsW^{`9NxZ)nG>LQwJZO!aIpg$~k-aBcQ!fs?#D;Rd`)|C$sn_3Cz1G^iWgi8S zC2IA=-dJ8{^;WNC(v%*AX=SYkB(C0!;E;pO8|LpLOrd&wdjVZ6Swpy&s zX!ywdIHAC0VkHvxa7s-|Z37F|w%MfsFDYfZi5;Qmo?Z%=;`IEI9oq9o!HwmD8|-6G z_jGesM0#z`A(|9Oc6^@kg*e&^?Gm_Yw8UuOos9;WQ@}3Eqh}=f*cQtur?l&uvfx?Q+W%MZEdIZRZ~1q5$m$4no1eb!)B6VN zt)32`AR<7MWwv}G9c&eU``&XfS*il3gsHLz=}Sl1cQ_q^{#05iUXbQBz@cTTSQW1P;C8LRed_*Yn23D=0D$upLB(Ul)_G>Gz+jz~@-v{*v`fBraI z$2t@pYl}~QfKE-+aKNVL{Bb$2wv*rnsqJ;V>VkAR?;C8N*{pL4wF?)R z(qT4|i{fN}l1@f>^{nSt7*aFO1^jb^zz?;82Hj`xz+SLPx*w#sm9n$h+McS2(~Rq8 z(hsi1BdU6Dek7awCPhjo$g`I|*0g)p$KeE**(G@Pve^nJ_VhTLm0VEbdCt=dPv|Y? z2{swR6MlVNS@1Rf-*TSvF8`-3vY%6Vs(dB-RNZHd3lojdhOp>-{?JZ)5C&-?${qw> zv5lbx5%|4luZO!t(Ss#zOScZDtIzD&#svlwc8$xH2eQK?Z3nBjfzXNGK=uQW!0PY~ z3ibuEvNE?i0De(we;~V#U^y+>8_fR@g~V5FeVSFlq_ZJgjt-LQc5=!naO)4GfOgi6 zM6l6T6thBO@MSJBqPKMNEbFw|{dOqc6bhj;MF8uS)0uao$7``Xld|Q!d@lE8UoPRR zena&46ZTKaUW5jJ*%_<}CuPfcJIR{hB~avIj5AO4W!45Ki5z#)UX*^%TN{dnIGG?t zLXu-YtcY@JWr7h6MH%WP!o)9MB?y5n+^HK>b|X$U`Spy5&)rU!v(Sl0nl3C0##jI5 z0)7J%y49%`DP2~t&x7h)+EY{?)rI0_)7uin%4Jbd1LCG?ohHJWr*Npj1*(3xfGX-= z2!ENl1i5y-)7sP(W3Tn6D#u>uw;R~54QzKC$WphNxYTh8)Am;wvb~f{)jHZ`1m6h< z6cCtHJVo__fO{E#v>o$F&$2=ELud(ASNN>-&oA(do9VWl+5jxYGhNt*u*lB$=c`}K2MCF~O-r>- zmXcsSTX(ok3rL=a)@ZxP^C=D$-^F}wFSL4+BN^nRZv^_euXbLCChF%#6=S5(8y!V9 z03qwPn^UpPWc~klnuT)D-qdHQB6C+f)}8j#yL->qmgPrG=i}?|NtI%JQ7KTgamC2~ z7NL&_Y9R?scqMLH^ODeOF{VYD6&sBur`&Pw(97rS3hXhKDEU`v*`<^e8jP*@Hzq+5 zz5VJb2MmXyw+HMJ{(T%NCb)y@`&@B->X5)CvhO^pEjgIT1l&Hse;aw_MR>un|9{&i z<@pmUE;!rTkoI7t$O0fP9J9ZJHkeb8ZCbbM;NDw@&?HaL>El`-WO? zcfWIr=k3*3U3uk|5>RHX#oY<5@VxCYtH<8@mxev>Y}u!Qp0%9|bKX@ntt43wmbM|7 zM$Jq2ebV1~U2dw!+N+_{k@9NHQ-li1;F~$nwL=gLU6%+s(hl<`6ycf;hDH0el^87K zORNvm!7F=lJXoSubbX?&%iMr@ZTW@?C1>Z-rIILhvg#L;C7XT_Yd7aYaCit1=g?k> zO~2KD9Xl_G%I|rrH)Pg$l2d3a@@(Af!6%Ag6vv0q|_>%2JUT@Nxi!@#h%-3z$k-+nP|rQ}haQ{CqL z2hI6{-5j=rP`_9&kDcRB4c##G>|DHb>>O{}yP>T1qJ*{7J8jXlC&Lu$%&Q7e9_TwAJ;yFvmKe`IOR$0{~}$StOq$%TlC*QP#=i<;M5) z38ouBaq^BX@OkV2VvE=RA@)R#CVnvF$BX*22Mun!`F3GuK7Q=b^qO|_{+}GcyA*=M zk^W_0R*xqrx2-ny8F-G$s;zmFcm*9Tp;rvzB(pkXZ~!zmcFWg`MuK5?3YndBVKxPQ(1uA zB=SMQUUMpzLm!ZU;RrdK=JT>AJG4B9eN>y0GoNe12B0K;T4$uQDLEhF=?o^D3F;jp z5sXBMnKe)O#%c*J9!nWkidSFfu&Arh@gS!7lUIL zaWI@DmuZss&T*5ZUz6B&wjUx2 zxliWyyAGSb#9*C%XnvNG-V#+rg;ob|!nSSmjb%Y(YgrJ0`u@i*Cs$xqRLaDOMWE|M z-k6Dv2W-|&kIW~f>0|X6SfzRQHDyTFdU2P~lbdjW3IEYoH4NEo)wg7rCVWERf4PC_ zWgsRe8cX4Ns&EIW{W#%!DI=0zpzD6Ju)^(l*(qdEt*ma(`@MW3vD$`nB&aVW2uOls z-2|yCC#S@vRHzVN2j*1f?@S&=NAl-N?NTK^glDSf4iKhpatbluy!nz-=i=Atjv~kG z9@}nef#ChuJFjO}dge7nc2bC~LGoSNo7CuQHTsu!G~B}$MeY5xh0mak;5ZcQ4BM?^ zMH3J)4=8`|0Sgpy!JgbWHSTTCRhF?a+5NF6aXLC^+n>zdCK;PtYw2p4)VA(Oe$%bC zorp>^^!v=D2-SX3uqCr@B=h=mnjE&Ljg3L^|3#P4`d?hGt zJ_wBTihIvUCp!$MJOUA*4klB30&Y3aJn^XX-iPr;pzGIElQ~e9?%>48_GQy-dL(O2 zXK9=HE(veeJt|-0iffKy17q0D%@_3Fw&OygPC4&C6r0Dl#YGq3gX)-Q)_*601^ z(^N?D*u2eT)M}{)lV2=o7^GtW+^`kXN>^+sFU^mb^czpUOs>fFm6I^Edvl~5_X_oh zq*G%3atg5u9mM7>iZz9$LLXs&!qhThc7I1i8!pFV3rRszn1O8hbHme&7v*+fQ6z{e zQZTmx;{8x2-9)ajj4jAWcmEJf;hNB*AQ-q#bdHAW+z45afDKTYh|A&sRMykJ@^4HY z4Cp19=XbP-VeW}C*-!*k1UNpm#=nN;&5Dzg#s6SS?i%kUi)tkexvM664&)jiwL%YK9%iiPw*DDVhK7}2!lkRZ z<@*=^O=>`!RKMV{jpapLgXG8>iM^IO-J0spPWH!&q=+fo9VV3a&sMzg^&pKe6e19e>F`>y zY7EE3n^7doN#EV+N_rQ!eAxiE>T&_i#pzvS#F&)9z!zCK*C~5#$d*;Q{;;0knin)+ z-9ch&mo;m@wRP*CN4yN2qIw(eYmx+^zbtzS1=(|?6y>n|kN>C*v{(Ov*n>Ta*`{BX z91=-a=wjA9ZRcR|$O2GQ7C{CMfpf|4_Lp*5#dp`>R1Fyb~bm-R998>-vRiIQ?P|GTtD zS14oWdFAeRW~WPgI5+axANu>Bj0g_yj9bqq5`wN<|7t?I!v$ka51Y&3ZN2%*N_h1~ zk40x&($#V7OnoQ|29py_>aIVNVZikE<1{tCAaM_ zNmE9G(=>Cp=JlAvAnBg=i&?R`a-A*Thjg2uqB$zZUVYLEMOq;&@k?u64Lhr{xSzK1 zH;#PV$=T!)=uRlX~nMX0jOP$GjW?bwN$MSbN_HH&h05Z{J$ZBV3w(%x0qtQ}q%@OU!z9a3$ zKbdXIC0-iI5}|-K427%u8X?BB{abas)nH9gY}E7uihYTFPJjW%A-8Z#LXWsf8wFMc zV_UARsNR(IxlS^j+O45=FOKzHJF2eV8hX*0{st_`8}A@%iOzpx{pHuZWeq*kj|az0 z<83AB5wxo{wmI#=grukgHU*$-Xi?;D!i*1_nBEqVxJ&XQMeJn%!BzC6WG5#GY5DsX z`qd|zAN3x>?w)O8JX$)pCuzu+>=OCu%Q$WH80!xzKM9|gfs*=y3Cz*-9Aav|*82HF zYsL9zX`$8`)TlB+|3d5}7C*0$k}5|dFz7CH&~48W)eUNUMvGnGA?^8itF}ic9@^vR zD-vpb1!-NM6d~5`K#jRK=V&b8Zl@$~FT{-Nyppc{#xBZH*mu^*l6_q_k_0Y#+Rab2 znYuh?mJp*P@sXJFW?F;XWE^S(#;hm$&F5FD+9h9ReJCbUqe%#O(gAboW-ejE!aC3u zkTCJx6f}Mb6buV=eMEDp3e{AKqaa8gVv4;$Yvp+RX#0iB&%`n;(DjU@W_O!ppg=zv$2RE=Z@W-f0vSHk(oR z*o9r`7M6Z0-;w+R&9@=?_2df526X8cbrkXq+<*Y3o@m9ROl!C}o1qmh^x+JA3mbv? z3hQVmWcqaTtp^p^XhH=;6+lAeXo>AF%v-lx)i?($gq0tVu+_CypZuJZA&w1gfW_Qz z2Y}V?x9H0O=qUR;Zho89aXLt03>$M56t#V9CE3_J z^eL5t!|;51A80eLJ)_VPG{jq}O@+ZWv%v{gAcjOwmN36{!^oOG8vk`_O2qaWRH%MI z55fHT%M_wQKlWmo_EQH=D+lhocKG>F4t1_crN=Jwrmj|I;mN|NxVU>+Wdu(p%Y3Pm zcDF>z(#OkotndVR#?8t5rTO9f7$Qs4VqhVRLR`ztd`pLbLT#4T;&mcog@{v>Mdj_= zP~CC8ig8{2g2GMewtCa$4zsj7Vb9kKpK#{uFek|$0}%anyUj?ZgAViYi?Us_*X-gc z>ubO0o{vGkkX9$mJx@!!eAdoAuaDZ@5?Hkt+93w#fZsSM=5=B$ajBR-iIsb4VAXmF zD93e6V3nLd$;~b8lcy}}mz7)PIKoPE+yEmsNjIT{??Bh>yt99eb%CfbctqQ6ZeZ$tQJ!gk1eCZK{FRt?v2JjiJBjjkgC?b^(POXkrjJJK+ficz{RiDZ@csyTKDvxEqM+N zT0WjfOKT|MY0?prS*l-dd8503R+bvNXS);xbRr4BGnYL%qzeZ;=}%j|xPpTZ7=RO4 zRSRBFNNM_L8YC`vh6*fF-n#8}L!=Zl8-@?R(u)}8t=c^|FkzdVCUwOu=l-+Dpxc?4 zGs)D`A!h{eHX64+5b3W{#{8RDsEKzV@eFjmSgUc+&KK(rbbUo4mSBH1QRfuD#36W$ zR76S-7gz+kb`L=(WTvyc?l3Xh(;@2_GsbzVHD@?)HRdFFLq&FMA!Gz^D9gxEFLTQ- z4;8TYQj#8Nn!sqn@jMjhDxqTR2(-&ps?%nsv7PNI8RA}Z`bH@UHXT^C0nxx-4^Jeb z!Hr10FK)EDenxD2roSw(O4eu;i7;`ws?t@XbTv(&%i&HBxbye-rBDr@ML11x{GpJd z1~pjauOwb)iy@#aI{kWT8SneL7<+OvaM7l|6Yik%t7_4Al7Y> zgn4ct$16m4w8uf<)dPX+B#&;Wns2OkyWjO|Li zkYHegKG1cNU2nY{X-l6#nVA2rwfU9w{D5#A$`BL7$~LnN(=K2xN~K%=LX;%=BP9sp zsjptqe$nO`fm_ByBKaYr7dj~^@=o$`TQj#9HaupNvf;iT*`Mabm5q80tITDiz|xjVTV}h9`#**Ef~s&{z;>lp=^=o$mXH7}n9AmTSu~ zQ(dMbrGOK?smf@l$#}`+(`}<=hq?1vsTiwvdt(5Hr=qb6nIE}$iw`;a284q7(Xxh) z$iMmV&kOApeT_uxk-_^q)a0Ob(oQbCjF4`LS8ry52GsBsts$7dr*m#GL_cM>9Qx9YtitVrtnZi+ zF_}rU*S%wIgQK;Z>#0F}F<+xKA-b^kzk<$v0U#lOjZ%yhd=uUXjSnvbTo})O&7a7A z)o*_KgagUNLz&XKSptw_Vh{8re5iHg+G=2n~QqM4UHZjslW`;Q+~xjPCq zR*54qR~`$jx|gX}{2K>WeU~@sO|A6Ctdm}tUsIm7vt4vN<|n+jTgLoApL@->?R5cA&*8WD;<0RqL%^e%=;CXPH$ zioinmeMP6RaKxd@NLe;U9snT8!47P*EsL5InyT@^rDbUcML#*vXet9wdX*Ftgt z0=Z*3N-h23SUPa)0wGgzE*vm<8<=4K`yT1L(wc`V2{~71K&7$wnYk(BFHh;{F`SR1aIBD)uIVdedzM60 zMR{TKh?_EfCH5L(-631BwAZc=yR`EM>iZ5E30eQPQ#xm=q&_X^YPX;iXHu4(AWNSx ztaQ>qwH>5IHiVjK;W$P@5pEIZwi4#Wy9=%Rv=rIVkv|TXN#@ak@Z$)_>$16Spgnj6 zu%WkVE#%%O{@!e0PUa2!g$}ciR!Q@a>fW;(h+A{^dj11Z z=42(2g5*`%ll(h9PX0lJ$OYIhdd%OS(m79yf#b0>spTezHWO7Kc{|K@P>^2NAi&w; zTV;o;*OqjQ+ zK&%S>tWRTJl_#ZDna$2yz1dKBdt6g(GY|2EeJksp8R(h;8Y}DmJMDH^_gDgzY{KST z*s^f%vw1SKNzPY1A_XY-KFX$n%g~o-prXcJ0Ch0;e!*q#i!NrxDs8mb4+A({{K2CZ zugg5@xn3EFHDumAfJ!(qVq=_5;@Y;%(?dG|RI8b!dUZu9J+lec0Fnp|W0U!}07j8w zKH7GPdc+k#w*- zDGdO@M?B#o_apI-Z?*pg!9`3d{JH0s0YTk% zy?z79lbU4dgNeIdQ4wMD7`IO{1L|3Y_hDwqsD6+(koDcAB*g7YIZnv6|NRj7ZZi{0|Qa~ z)?2Wc!v*murO~u{HB7>{ATOw>ThLV6McVcQ-~1n?Z-y!Y zD%*$un{B_aD-VQ_pq3107+6=zDUy{32$D-U3DB%fp~ z$$w?#fwj;gpQuPm@^e=nxXu2=TBIaDZRG(mk0Tags3hOC@<5IKIZQsstUR!fC$ZS@ zmE=!bd0?aciR!*2U-85!9;=VxXXSzK@f(+I&wkUzti^S^Wq&#L;nJ(580Dk2 zMh=zPMWtrB*+l>zLJ5UrQS;4#WMgQuoRbW;wlO1{CCrB^dZxlH`JcE&^sPUju2I8) zp=4gWx$Ot@wtjK5|96tW`#Bql#kjkqPdrJ-&7YkZ8<`(d zWEM3>+-!7W6sd}4R%3qc#3+6be@yVZ?`InGT_;9SeYm;{?z>fEu6JT=tba_g z{yNsnPOy#r=s!WJ`JAV4f^8~zOsQZ}+??wK+tl!wQp0DM@0?(pDjrj+z-K|Z9sHP( z$0I@>pR=js6*hrIn<}!gbBjz9uPQVoQWrn<0dhs);d0>W*pD*y9hu&;mHj(M`GZUT zkKt~Bv7Bm^wx+6D1FKa08t0qd$#P$DTu^Bz^)c$Tbm z?geGIOpFPi123TV!(`+j$IoraMfaDh62=l~iG2p~DKD4TUB$}b{0DT@9eum?VP1?{ zP!P-`ZGt6aLY~lit(nRj=*m0ln^ZMuKKj^Ad`ZbFbK`BN=`dUdZFZJdFFdo@Ybd%>IdYu{9oXzG3AGz&0S^r?-&wbY`-gh#3HIejw2|h-LYnEUho2NktUMs}ymV~f;i1^No?xR2 zYd8S2p)CKV2$BDHvr}^Vx!LnN%pJd{+4KZlpNj!Jol;Y3iMoDpR1qxX)v^Eiu?vrc z00bxkkZwTHVSYh&*>U+#eeN}POL5RUo+1NXa!U-z%I@LJSG7yRU``^CwuA*}t+fBH ztrDg4x?EI8`Y8URF*M$slL!S^p98QTy4?zNy-X0rumrJz_7l5?{7JCCzr9kZ?SGw| zTeA|R6e!AS85pkLFwg2@06Mchw04%Zn@ioMGARAU@SZF1Za4p9j}C)&oIL<{76KIh zTj)Uq#m5)i8dGP>iMAQ;XZja%hB|6W;qr7K$e4hnMT4TTe?bl{j&;Vx#!5*cw>fXV@^S)i3;y1Ee(8Uvt!$D>^OJ zAZ1pH3jG1q&;kC`xmuJs7A~mVM^Zq$>oF&I)JcDC@!X=oDcVo7croOn{ef!4egW7V$M6M!0(Oa@ffr#k3q*PYUP3Z zAOI0E&p2P(gy74`A);wNW#qgU7TeN!+{q!(^(L{IesB7i{&Y$IdFB;0T=A)*o^u%K zfF1l37@QFKBJl`O&I+=!Ek8G5ZeYU?FF=n{Q_0pp1EZYxnApB_m1j+{+2$Sg49eJC z*I&n#K~j$>C-Y}Wvx@9H7Zeg+Qb@Q++Q%J|_Jzi>89in7{=mcCv5o0rIqy=D(Xie0 zUWlEK&}nR^ddK;OJ=!koP~coZr%4i`nXp@-D~H|w?jB*cGIj^AS7aE>%R~!uBmMf- z0xB5CJ%?P7*4vzutq;8@#d@`Og1ndHmU>Z0p4k7H+~>Vvu7}as8SgL;0xkMb3mG-Y6MKBtP273M zei>1jbv4ozcbmI_!!|!Wj`r)J27LR7kCJU$K9&I=kb(b73mM#b6d*%B5b;YJ8SDr= zflzg&OzxHPZ(f(#7zaRPQ~!;X+){OKn|QjaF>8Mftl3sqCbq0X_KczkCEIB=Sy-@~ zxVS>MW~w^OhC-liT|xmE51j(E)S) z-Hwj|J1g#SL@64Ln~!K@&RYnj9SynqCxIW~B4H-t)8Y42NAe~BD$Sp7>Sz+ppPyOR zRBZ&U@HTU29HXkUNJ-@$gB2P2Nj!0g8=6wjdVB?}AMh0*Cq5Vr+n)1#KLGx4@X8{4 zPFX>?=A0PP%j7LAQs(F2o}T@55q?g`=v)>4m|yfvEvb0X^ASN+6(3~BV*DgwUc%(A z<*Lk!;)sovc-?N#RA0qz&nA$yD)Vwl_F@dK{B`}Fss4(7&-0l-65{6weI}0$7%n9; zoTMkEU1j+bTE zc!pa0wCpII@bqNmmiH(DS9|$3Kamu;_7Oa@Ud?PRDOGl$34DB-m6E{TAB$T1$Wq!O zrevDHFD1+;0nLfvD#y+*256OJ6)3%f*Ses{^-ddCeUX;VV}WpP@h~q~Vf%-$JbSJvv1HWz@obqj!MkU4!m|-;)emAD zuPtrC*C6qpjq-7k=Y!Y>Iwu4!5@#0pag}R`_k79c*;)5=Y^S8y7u)Bg*eGRv$?Mr! zh`6?N92&?yqYny_g0A+Vlq6Ca0X8l818k79ylsQnv4)ufm%z z_#(e1_e-}9?T3`^E9&62r4yws)Hu*-3Df>!?N8K^`b$av!*woXNz?pJ(*QjlV25XK z;5as>@0GH{$oP9@Ot8V{&`DgNIyzel@DtWP?G)F!eINkPo&zTv7z5+6QQL=CK!#JA z*Kb380E~NeBn!hqgmh}WPfB-&$O&`C!-nQY21JK`U|@G@t^#<7aPg!7Mkh>%)PbTC zq)=o$f;!kwAKDGUHy2WZZ-O+^%EDl~VL-Hi6mD3s2mzchDy-X{T@-}BRSHHMoS7qtneZoEj~E!gwUQd4k}K;%BK9DE5ab61Jze! zuNKf;$_cqhM}$CiBJ~9i3InQFfy?%=xasJ50s2mu^y!fD!UCbec?ClK*;etjS80u_ zlmy#i+YTo8apd$CMJSp0_Ix39aF~D37lH?cjRTU0gweBu^Ns@o;e+y)?zy7!pde}R z)7e>-GP5aGSGu4cK+=thG~uEMMI;(h7=Oh`I8t!WmkPt@hC$>9ryCCdpsYdMY&_5^ zkd%{G$2nq26gYcWen#nGmxL9GplVtXIyfvOEgQ_wgenitE96mmP&#SFqNwtn%ER-$ z@t_QtSYU`cpww7E86_ZC1pO|cpc5uckYWerl^R>wX`&;H$KmD!Dd}LSP6!_c(zL92 zNM+;{s%&6YDwqxjRVn>o$UufPW-tU5GPOEBLWqZ%5u~KU_O4!YxlMy!;Nzd2m;HJJ ze0*G^Z7E`lz>fTTyR8opbd?Jf-dR3G57yJ0uyT9dKX;{%?~C*SN+-}?;1ZAd{5;c4 z33%?ab;ng%4}lB4Dn*zxi4w6vMUN^GL9*kpj`pb#VMY+^#PmQXh^zRd#CF=w`_645 zv{;)mTL>0$BPuSEY*~XNZL}id${W`>^2V9fue*)FGf4;PCyXWcH2iJ|b z#tVK8Q8y5tk76HP>upKHm38%E>rH)t<_ZBy)?lOXg%M z^A6-1Tv^MZ>7}w+%z{4bq}#aqY|gjn#36G!(-PEv#B#@L4r#}D&-=0WWqMNJAfwQn z;!gAr?u1(E9u@*%$<-lh)e+iwD~+;e0vFZ6^Gn0oaVoO>KgRcFa_jiMS~R}<0{6dA z3QV7l?Q_T1hNujJcOnqgF3i&LwLx={wBm4}`Df#MB+wi>zW*9%{^|H037K?!cgNe< zUt5|hfU-zJMzZ~9<9isqfw>+TsSlH0@eF(j4ax?A4MJ+0#018JkVz{0caZNOtQ$-O zM;Z~qHiwdD-2#vfN6EB9%nBTm99-^UfG@p0V!IEQ9+DSNFaK)!$|=G!6%~)gzsf0? zTaMVc!;GMG=7^m?TzY_2MEZk)b(r*uAqd7ej8RUs_2wgx8|^q^xrZ5CL53p&^>FD$ zk~-2L945VTx`+-!5qMBH48rUqa5{vJBX{O-7y?kml;q#SkSJt_?V*tWvg{GapK^}~ zq{9rBpxhA$;V|iSa1qJKCOQOnPWudCHi+COeAptn7zeI~oOL6+fz#W%G_#@|rjRxwo+Db2pC#8HsVzs)Ll z#F+o2Kx!DuT~RCqwT|2DAWWg+_*C#|*b*l!n2m>6SZY|3uxv{>8?QtshJVV;hKQpL z`!Ra3QH3g+B%M?so&*;9Ca3>;s6#!GCON^lYWwmsbX(|hR4>ZiAQ%AIh1&K%Tr+SM zVp_y{u9{y?_y+((B-WSm$`+p-p6>Jxisu%RK?!_Tr*Ciq-{1s(tJ6O?fxkF`bQLAw z264#gG;GyXh?w+vO!WuV`y73iVtwNH%!% zY7U?7^l<-6ZK>>G-!-l1V5p{Nzu8T@#7^7WQpI>%0X#@j&p)`vg;oz33RQY!D6BymCF9jZ{*2-&d+#)N$Rh?##~Kf z(Ys<$cfQyvuDnCr&d$J%w@Cy$lxe*hnEJUh=%Tx{TJ49evGvP2+bS~&Xd&`XWXpzT zama0&_?w8trq!g5>6o6I7(%$0vyzmUomi7uUPHr9;k*Aj+1Rh)ztX()m=vzNm0qGc z$R!3s_AbH3dz|KQ9R+YgvW!$utdjUpySaNH=O!ZUGi{a5zL&`jWc?+vWC`-mL5}}p z>%^&0I77kp1jiOG1r7?9Mdw-l*7^zDXR-XV;soh8Zl2UU**87)2`61joFk8Rb1i;W zZ1ZSjRr*wpE=H1Kieuy470GY#j*;NszN7q3rwj}Ei> z`v6un$gZUzc1XG@Vf*_W!+>yJ>P`|l{ywLWnhnv^Sx{Ig&h}PtI`%1QyeE6^XXlS? zBVaLTrlXsxRLjqh;I!@ilfB5r$)Gvru?Dtda$D32;g?{rJs*alNbGw=LI# z4}uSMYaCQ{T-f9$hKUHbnLoJ^skd?yYY5}&lR+Xlie+?%6m?lT*P~%#hPF8+7~RE{cZ`n+!EflOXzKB zW^Ca|P4=Tz9&nxH1janMLs-%jbMKTvEUBp6``vQycFXQ{e_xC z*C)X6J-|I--UMR{rX4Y|$=p-Rc-7~|1A=edB0X120kL3U!#3QO{c_ZtNWCO#kN{y* zpe_E{K-&du+I>!JKGvLKyH3pP*pc<*#(OadJROYStuxYQURARYHH2O-O~rsY!PRr_ zt#z=D5JhRxx=BnnEF7BkOrIJ}e2ZM25uwN5>DYkT%ehG~HC)es!VdDjPVn-#%EV}Y z>I(@i2osCAS+GFz$R__}@+=#Q!;ca%O1xOsiNR2UShaOPi^zHuMAg&xJtW5V4X{vxM2Fk4Hi zQHnsef&jfyC2TPGg2VfTZ-jOF9LzUdCBy0n>CA?u=oGMLZMQzpR$)2-5>#bpd2{1S z*$9m2z0$SuT>Yq6THM2|&&yG!Z-YYQX;Pd_m+PKkq{q4_ItIUC7YV+wK4zO`soW^g z7~8NkkZZirdcJyN-I`s$Ud*4*1U|730(W$0>+c)U2V)J#ULLikX|%z^Q~#7`V|pFfD(=7F)f=r1)oXc=lB?2s z*OkYn?X?p7t@D9+5EQH|cthh3+XbjWmj`>j)fB5vRkBmL4pAt4>`o1OjwFrQkyIJX ztmV+$9csEjU^F|Q|Ii|B+^D&6WhAvTYNVlsL1Uf^_VKewl4h)b%zPAVS{+5 zT<831@%{APGqa_=UOCvoaVTWNceMcVyYSB(q^VUpPEpGb>p*Rq7#ykKqUhz~qCAV{ z(>Fn|xOqls-@$j)!^x1l{i$cvsBBIoVu~eHXd(m)`hrp_Tc_yYz(4 zFDCcOywllvH8RPJTT~_yZX%MYKN0x-QrziIDAoJcd9g2E=f$HT%+1_7HmWme7n0OM zj&cj(LT>fXR4D?g*>DqGl@qP!;0o-h>|8%r(7|&gQD(h2zI#H+3LTzA2ksWkqLmI` zhsxE_Ru4Jo=}7FSDX0~;{L(ixiBpDj%=ueg1tT<9E*5?LFZBu!h&`&C z9O=`NH}jSZMgYK-oeKfLbjtz2oR#aOlpg$JKNOW4>dci?%lj1GG5wpx7eE%b_vusU z&?qcXABr|g!q3^P5p;9P5Ia%vMHJf;n6^QVhepj}rj&N`C8kmNj+jfGw+1s!rq+j| zmrFIa} z{8{Gvdj<|EeU=o|A#Gw_evKGM3=R^p^1yve56gxFsIZ=Xs9$;DJsM$$kbpA{nFG`8 zPXT2f|H+vH#|Q4i&PD_oRn)KS*HT940SdTdWxio$zZNq>k638X>6!j%%SPx44E@F- zaHfB7L6zLiZ4ZF;c(jeu)u``igzev}Z6PzzqLZDzB;p8}=GMypColwV7E1g@1uWEwMdIRyz;@KCLcb#4W4SKbCYuX;?%4GzUCS4d$4ELPk*tLmIh+IX4ox>2)BOYv~u_WNNCkHde#(nZGLKh;51O zJyF>c`+3M-1(-4$OC!a-(eKmxzD>|yrCWQ~d4%y(nb6%#ljJl*}Ie!HZoZZO0?TylE8 z+`(t5Ur5u#{S$@srQ_}TrSAUJXT>)`y57Y^2Wng3bdM{3x0&nq7EoygP{Sa84TBM4 zb;>V{|D4!|>FR^?f83wCrwP!1*3F!n2oh*UV1fuwwVB72f#NcU`elCSeCi+GmnM3hg3P(_5hC&2i^IzTvu6$hEgcKb zgf+n%8|Pi>wLYRFpICj+U=Y<}v9;=x-&9&-#JxIU*6kjf_AWafZ%0#0tk7@jLJwG; zmh8;m?2o0rOZxD)$_0z%)(Fe{8~k#%i2v1{NIv)}or~OXf>n`OyFVAY*%EiPlsSak zckn?znXT=AskFXcbr{FQkpEGk_$nsWKw46&SZu}Owzy1;4)b}$*e<5N>iRSpLJ5(4YKuX zR}v;Ytz-$5#y1&*9(L)&1_kxm@`*ID5?#XuoP3Q!K{?clC^9CmWu{l%bC6@(KOi9PmG;MN!E0e2d$ z&(*9XIOOa4nzgIp)~;-c1!nSjbL<+t-bzxAy#OJy-o6=S^-_|^nyO1KC8TJ;MG&o%xJ ztFAEZ8?o|DyKR#)PwyB9wwkT)$kB*ZqvtQcWgD;^8C2HRn<2**QKzGW9ZE%U;TiMh~9>ji85)*W^WUl>!yhk@UegJ7O9 zczvcwyRY5{(+>-#_sx}N!l4zs^%l z8psxDH{+Q*l(VGNJ3>V4mm~6TE~UeuZ()h>5$88_dKjb#b80Qrx801>`l_WqXMJ*} z%(oF!h0!ZSOt*1==T@UJm(X9Tl0|vOsiIh!M;%(ecxTTnMMJZwG&vukz`YPzNUzNd z`z+cDdWiZt^&fKV|0WjCdanrh@#)x}jIK!BR_Q7fS%o(Y@a6~Q^}=5}5iJL}XV3~vn45n7zZ{Uh^+1Rb3_)u(_ zZ`p8=ZNqZS2LEZa&ci`FO^U{PmyU#FL%GIp7IZctno*m*-W$6?^0k{=oqQEA%F13j zJ;lM3Qg|}?CgrZ@7_+K+LfIR{vtUHB9Zj|b*{CZ@ORQ0dhGE=V`K=c?GxxEb9+*e6 zdJ}gOp1v6i;aEMCew%eNt_%aK{#S6WjA~}GCK;CbYpFGC&ugQftLv_NdK&2)DDWC| zFPj*idZ@Ag%$aCWuNRd}Gm}5RR%ooXsr$`Sw&X`VL(>|zn5_R^Esw5S!#poouhPPL zluFjjk>1fS)uE)3^dmNA(b!OfwU+qMIGI%%Vw;xyg0D)DwFbTx+LGU5re-T|&3bPJ z@HK%|Ei{2z#1b@^`6RM@Smpw}`G`}N*n())(u>L5Bz(|XPZ3ozIzXTipf*~Yd8=hS zYOVLJ;e<318$mz2RZ5m|67UH42@k7;7RE<*f8f?HF&Z2S349~OOU}DGHw{hj{+$2j z*yiho$C%jz895Cs=uH#}3bA6h7R1GS=5^w86Z8s}Jziz*jTKT2E{PE)k%X zBK_2^z}HIn_m`o|x-#(I#$AEsKKU-^$2&CF#66rEIA!S0*egr6h!8}1a%-S?+6%_s zSbBll`#19yuHI1nat<`Wy;Jqaz*BDht!H1)J7!F&r~f_lu+8U2Wz#$dqP8zzI2YBIlR7-x`vuDVKK1 z!1j$0B{9T?FH6<5d2B`6ZHLH`!W7!f6)BQ)y5&$d)_^?RVUA@sp@+3pgbVwIfjQKj zZ_s~z9j+ZWvn8c7pPepzw9?E%EVt*gkj`iJF5m~shJrGeJq$CZ)DFzdoOxIHq_$>!EmeJ`)j#`E1x?XFl6mTa?nB&zebOHe6XO zFE;_HR^bJ@B|Kjw=UF0_&d1)}CdPX3QLHjWo^0rd?Ma`EV+Zpi_2;11r<1!0S@_eG zn_1V~qww!A{mP65l&~||6K1hsEyF~?i@oDgVX62Ry}rP~?h_5Do69AXwc%Vsf##CBR5S&MuI9N2#XFCgz_-cTQa3ZYWQ@OD z!d~WmCX>R<=mO%FjG0-AroIG@w`feNRO}5Y=<+d3O8pRNie6`W$}-))%(_}(h_P1# zw~TX{E?^?kfm7^_z%A-{P*vEcQjSeoZhr@_)uu{kt3-HcFk^NhCTvFnEl7&5X!s+D z4}vWY1?X|_b1%0C-j?S?6ZGJmd9GEnRu;3X$hlgGVm@pM^a4DFL|9xlMSJ z7^TcQoa(lllRsUA(aB>e+Qog*c7XdwEp%}IA7>Y(ELt+!{xLRu$(HA;m@joFCUc=E zXTucYuGgaGeRvGGtLwFS8OK!y-uUqE2F|ko4je>-+GLKGHx#o0fsCQ8kV#l@Uhcya zo>I?$quHTrcok%RNd)L@J5a6G1!ApPVOK~)DnV>k$kT*v%4o_d^4Z#k-Q`TAeVM z%JPYcQ;Hq8WiNOZj%{4_E3$W(`vbe@Co@1L^j63(dLD4wc1%94?QT^9SNG#98GNT4N?~D>I6q zgLtwEH)Zg?0RV8hwg3fFX76VLx9pV{f&;5A!)+tl#zki^23hspcSh-zb>HO2E(h?Vr>8r_U;);^fB^ z?b5plRp8D^Zil?ZDU0Y`7815k8ze#IZ-Eh^-$|P6%x%Kotl>G(pgS(QXD`Xc>+JCol5 z9+#<+SAoyJ-){b({b!SG&R`qC!gy~5QDnS-0G16N?@JkqLHvE2fbCxz?+dDm$NSy_ z0(a`2XN>pRIE!Rm-)=(1DT~J2y~T6vIq3?S#)9T7n@e&H+dO%~ndzGx@=ExN{9ySyw zFPenS#m6GwUe0}tQ%f?9ca@~heiR_AcoO}Q1g#3)l{yYBdgao9U|-IEes;<#Ij$XQ z+Vb`#i(kvU7n!_x-MqOZ2`xPe9vp1yZC)u0yMEVD(UCV-S5czbeOa+Q7gg7T2=#)8 zC&MIyEAbrJe<892Rh?&b*U8;hkz8mPqD0hMtDjYMTllJ}dl@z_i;`M|kXEJ=bfz@9 zx7&EclRw)y*37Pu)yqe&{w0a4OUZY)8A?$1+b3C5`0Vc9F|=-Hci)M1TO?|jWMwzR zjTDWv;o+k2 zu!Q^U@KHtKqa=KY9e%P?X1te=;ykeg3cA{sqgB%-Q;m4`iGt81eE;!8AFuRG{_+dbpR;n$UPsnrODV zq3P2gi@$zZ$)aG!KyMq6_b;H{%(}*&WoN`*PyHFm=(#I3-JWgp=8jr3XV13TPQqiI zge04hxxqJd35%!vh|ZzyCZ;nlwWlj6-A(`3OYMTKI@^NIE50!%`ncW3y<(1wcG%4b zWm`hrq_amR`OKPqokQEyGLLz&&72wlakj^u@icE$PYBw|i8ZxoIK^{` z_bCn8T;c)uGy16EA^r$3KOwNn+FbEY_r6m+*kXeaaw5LF;w33nUg4hBri%XVk52K# zvAFe7v}Yy-@z`4Nf>=vX2L{`IyXauW`YaADxv`k?LXxVd;syGl30eG(%6TWTXW?DH z8rF`%mr1@TK;@eI{1DxM>l~WgOcYCu23BDg6T4^Io;ODKS{p}i*s~>v&Sdna5gR2( zDP0_=up6ha8>iRvjZ@f-6WDSjHr`jwXQegeEqo1KQdUi4)kjh{G6hO<+BR7xg>hI z^=a@^jEq8oRpLG|xq@Ee54lruO7Qc)6+eY!Or0C5_&MP}4#7`ZkKUV*hBgo2=h?bJ zk0Yug{FH=gCn5NGDfn6L;Ac7Zy*B0-;isgZ;H0-=%;8zqZ@LFF!Iz!LO3gN}!q`|2 zOl2o>GAW#$7zRy00Zl`hH6L}Bx8*oTzyN}#*ZXDFi_Ummuo{GV^0w#8f}@`1wJP(9 z6fNjeEqJ-DghvgJ(rI2W$wr`wf^8&@keElUr?YJ;=_`qw)E|C;8g*Gl;p|ml7fHr(i5}6TJ zPoa2o9w7tt(W=^SrH}bV^szwc!{Oiei){2=rH?Z?_F#*u*;@&XCuIsT6>g}~$LTg- zF6Q5@GwJ)UXaiXO-!qQ8|DJ=SL7@Jup9Y^A_@3(^@SZ#Dd`AGMW2BNbcW z{99#80C_5Q$uVQk(@5~J_)Qf%siS_>E`GzKc6p}xE9AA3SLjwqj$9S`VQsB=F>wDT z$+|(ZK3}n!lo5KeRda0hObb%Wa}`^&(`0j@hS$T?6+x$J*B7X`JB8+>OYShn}?eeJP!PHelAd0wzI4`fa);eWu zc1jQdf;I)M9%=g4ij8Cx_Txzi``{zW2ahUcW%hfG#7i|>N|Y^R6I@fY?8NRjhjjXK zEAMnz!t!TamT=zUbH-`p>eU54@b!oP-+aKAl=Sd{CYukqJOF+WRX))A@A83hf|be* z(B+jpDnFU-%74lRgaD$`ZOTe0HNpnQ%Ld+*XmWrJlsZWqN#2nU7f^xu6j1~GASwJH z1wVKwx`NmOOL#o0=3p{wI$Xgo8nK@#SE%?>fh+7*t{{S>`Q(c(wTe_1u)m7ALXx&8 z+obIa2DrkW%QV*@t{@37bP~c9xCg=KcesMT-CSYMvqiI}qz^dh;R+vGFI4Y&l&P=8 z@*bTnWuM{V^oIk)|Bp^T#9!+We_{y97DT5oidFVRi92{;QYnk7l2I?#J?+_`qMdAD z$c*M$U$Mz0{^#w9vq2{@nK(Vq*i%@O{b=T)q+i{Wd9}o*f22CdzEQqqYDLDw;W!Vr z#1PsNOc^@u+ISDDH`(Yd6QAd0`C%JJ9xqiuC)tGGqFI6a-!ApMquB51gWeZFCzSs+ zl_nR^F;wVMQ(k^pEXm_t`@MmO^sLTh8c?9no)rGIpz@9?;8P>zF;A26Ir)L3$m1FN zy%B)b+ON`;y4~;x>TEukg+0eMm}i=jKHj&;&5y_s`iR(%CLUSRJTKt5PRV|kfZzk^ zG=pS66dWu=`OUWTxYp&BwVMLwdBZzd2gOm z`yg55E+;*Q4!HZe`t?Ug0tL%EqKNB!Xwi|(nw^~^;W|yibvP*WrX-WuY#qMf@2;FAy+~{)Vd< zMkdW@9sL?sYTTOGEs45gT z-yg`);s#4`?dFs36w0b`%ffZ>l>-@$C0H)D7(GTuT3RZ0Mxw&g`=x@!T~}L(ldV8$ zk=hj#Rr7U;(#@u4h>}_fZ5hZQTTqVs>}K=&J*dGu%<=7oOk(&ce%?c9bnHcCSH`KL z0q^2J{I&!G3$Eq80e8ov({J$QkyheI2V<4%X{MN|&1 z{I~=(TQaI^yIv4ny5(chvEU!)*|EQ>pAL zmSSgig_|?gB+zEZFhh4b%yTo@1(|#gAc=J^AJ($+fB}t`Y$8d--2QoKKQ+y>gXhi( z+(WH2T`G6mtJ7*tBF?ec9d-klaIk<#;~DuWy98@5or=og`?&d~6SPe>JUcNAe1@6b z9+4(HsNJkC1f5Mo>IIYQ^{Q3bla#G!{Wo9OFFB)yU7xD2N_@_!0BuFxDmIyeXXS23A7n0A&OPZ{PHc1UJ#)3Wm9Zz&=Fc)~1{SCiDcLAW7%n!oXq0>kE0SxAILBsf>F(nQHl~=HGH-fz z{hY8c7964cr;>kg+t;};?@!7$fsHcb6antz_FPaVVSXByk=wzqbZmQyJAciLb3b9b zc>#uPRK>|3y%{`4$bZ&-AV04ZzH__5vq!hET2xj^x)Fd`^05N7_KH8uQ9YT%}b#a)oM9f&ac+&nUt*P-DQoj#})gG7UPP zpfX^O+*nkAJ;Qv0J*$&W2aIJD4VmMx;{^td1Tm81oUeKr;w{6%Sy~QbQiti(Y3?H- zyaAU2e}~9n;R9s7k;Ow$jH`?nc{l1rxmBcKD(M_tQsMrc*u9qC_y& zQ(cs(O!d^DkRd8*KM*!8d8Ss)%sZO_nj=e@s;EUpCJh5ELTN@sq|!{*^y$Jz*QfMi zwK0!yvLhFsAqfy&y!uRe8mB)H2Rmar@-wDePcA3l=iI*9}+~hCX?M|2E zq+vM^lLYA|b;W@tF*8YX3yqW>U{)QXmk@J<+Kg2>;4)|F!m~ytC+K{ni@Hp_8lIxt zT-`3ogc14F-fr_fX)eQ>!$J^HY{i+B?YIQl)k-v43V%>WyuQLB{<_Q{v z8wPtOICte*a)q|!>vOd2!#nA?xw50GHm9^m!*%MuNGSCnIAm7Oar;C&Bc``<*PGBO3}!g@IVH;H0lCjhC(+?3DY0k1<{Qo* za^)}8@~dt6nd_a~axu*sGuFloBYn-f{7?-&WuBiQ{+?1#W?4hTU{2N)Rd(d5Ym9k= z+S@hdP}USwU(7kIp&h1?aJ!_OC@Ihk2Bo5Oo_XeU`p(5F*+8oPx5cV%(^;liRSQ;; zJ}7v#f;8Y&6?nCXSK$gS;mKe$H4OEPbH?ytXUG-9^LbZXI?H65-60C}f*-kMpk8N& zT?Rs4PRm4yb!~nbsAd^Bnn`V!0io{WoC#hAmVxaS-J?ZGmVr4sV}%k6Z(8Zdy=B7> zyV&n(1F;NT%Auf(iNZdoyBc>r#5!;{J^SCU12>am_d~i6d=m1{S|HXBQC$Nd{!%i; zU)F$Hy9U(THNd@G6Cok=AKeR&_D6R;1hZ5?`u+Fi=Ex*!RzUip`Ji~MT>_#Wx0F0` zSnhEzB>xPujntE%+#O?m>Dexfj$ZqP-hdW!UBI5R1i=uYrIb3pF1e6l1!`)bYhYhsR*8@;9R zOPG#_o}tq*bFy=BE@qj=WKXv-VMnh0^%f4v^QMiFns*ojE_IkASfYel?@9zwXS{jp zN6hJ;7VG@QGIWdVH){sH=SCAQ4IV(d!u;*#-Q(c~M8s+?Jw@glYG4o8OLCZI5yFei zM-~{eto6>WlRDX$9e~GPr!d8EU zt^P`>es6R&y;#_S^%^3LfRuB~ZiU;^v_oop4vUoCOa*%P2o+(OLrS%AqI9Az>#q|k zGM~hFk`wjjgk01RQ2?o75xhyKl#&rqp7yGJw&=|CMumG!qd3#6#}fFO=54)(`FYzY zZ(JlWXmI3F4`!!*t4q zkmWwmdkaN%nk{^HnxC-%ifhuS`JTKX?f<45Qf>Z=HPf=CbQn0Q;Cw_wVIBj$FKZ}#Wze)~s9H$Npow6B&=WMYTGIYPLu(}Ta1E`IP!T|b z!xxJfG0^}^pNK9|8L!aSu(@iDw3xCINplH|7h4*8fMu#A0y>?zpi{({EW;hh?sS(`=Y6!}bWj;JSGE6E3QqJFHa1zr-w1Xj0Q(y7p*w(n_~LsSZoO zS?iUVSkI?4{orW|ky@0srLv_GN}C-w7BcJ*9sdf}Q%#?h+zbr9pYz!?LlaINU z7`1nZa6)lp9@b|G_g08g(4S^7@mIhjA}Z8OAJL%}eh=L;_`SllbsoC^2m@GEU+6qX zaA#SSIX&N7qYEJG+Ov`kg_u~fTag0lE%PzWG9QhWcWNpq0N_omJv~+8CwCcFmznbq zl|Inf^`nnugdp!kanFcp%13P^%4-q@hgtMmwBQz7aJwxSj#ye2vjxu^S@1kr^up3C z`oG33U6Jej6M?QyKZZ}^&G~i?uUEKuUAN2pYNlfL@R6h_AaJ_gi8li!`!eU90htk_ z`&*~QvoRBXOK7(=?yzj&q{gmk>#uhzW&zQSXaEvObM}nZVlQw zNc3~{QdyD%Ns@2zzC|?0_iwy!*{AXSJ?~q};`__qH$+Ij*LdHMANj^Tl7(Mmzc2B= zWA^)ds%=gA^X&JRz3;Q^_m+31nZ7Qw(!O}dF;9GFUSJ%vCRu5Y*ptnESH23_hbK}k zQD5!wEeCz%b}GZK^54QI{qY_NAUoVgDB=rKb`0mqs5f<{uBj^OzpN@*sT>5R-eF99 z`kUpTzbcK(ju?wixc{1P|GClrtEy3*0RgMiqa7jorE`5cR;45=L*5^j7dTUn0OhR| z30rl#$yfRib~807F0ZEKnEBv6X{lhDG;4}oDRs!3oiC6ABDl7}5<&a}ov&5upFar~ zpF355qvgk;^t8U(e+7EVFAY3j#3b@OW_vFs__*!&6F+2-r+ z52wsCCuXy!K`l~SL#dC-R^H9jt)&lwsf!xlr=Y&}v+{kAM^L5_nzMphw%fa$G@lkn z=bN80TCQbQGVE-~#WdrS(PuWzaNDt9Fh7jv?{bGxRYtIOz|{YwZqqwi@s}<+()nr* z&QS_y1#q}8_n*>nRUC&d80_ouXDZC<`f~i%`|TWPh?$=sUMv+An46MQ9XSlL6}4ba z01Ouondy;oz#XLE!U~RA)!$QVJs_hcMLzr-+cT5ako~gKu2w7jYK_=Hgl>|u+CD^5 z#@94ZBkv};#RdwOLSW23=Gn(t@<=yDyQgG7Kmr&q>uYT^KN_bZ16nXKH@R<|q@B}c z7QoukLa);4CYi3sSyDibXf8*m&B3+IW#-VJh$4>EtiifnBV9-f|6Mq%?0mX`N?06l z`SJfmb&!AVn5Y#Sa&M+>iHiA(t(8ll6sK~t+4B2NDP81}xzwg<@#2^{>F*z^OPLTx z$ANEePH*-m`9LjwWV((*o-POztJ_q!Ygb!i6Z5A6KjA3gHwnp!h_FC}$0Pq_OC|F0 zTJ@RJl=@(4awamw_Gn@SRe|_2TvIZbNUiLNv^a>5}M>2`y`=+FvW&P zNwG+zxl4KmM&!Q!)83noB&}yse3dP5 zi57T_S0EPQ+E98WF<<)u8%Isadcl^#o7hJd>I&f?P_jpN(6ORP|MiMuAnOW+FZcP>69pd2-_R+{!9hchtXA(vgi9{ zQ5T=;>voCnLce)|WoNwgl3m2kZAUQ}^bK$~1>k&XhI-IAya^{*(zfGTSBO#lyDUKL| zyM69eV2Q0jdh7WZ)ha;QN>YPkQhTF`Db5RC79C74*9^DXyN2cDg*u9~p^3kC6QG*3 z2wZ|K=y{p>6-|A#FtFwy07~sSF!|}#4Zh?BtFJ8%CcEgI8XTV;&4M$#gaxNqUMhKE zbB0(Clobg`(NM9_O|G@>C`teRw|?H!#SJCNYg3!KZo`+_?z{SJFDc#OA`SPJprB%2 zOOz_+`eolHcHjW!V!JV5aaCZ=0|d-P=2A&3q?6d-{6Ny21_|}i{ny0Isnca5_)>dD zB`(*!_wagBIK$M!cBSKW$`lmFX!$TaT$UaTthriV_C%9Mq#sYe(4YLN)_S~K>mAhE z@^_aAym#{OhHrtRr3&28I}0(g%C1HK1{`Wm?eQfKPQ71|INXUyHl+&}56kWw$#(J| zsrSp1Z#o8QksZHj$r$uUn_}7VRacD>t{M?R1(d3$C~;ZLv>|QA9+A@;-4BQZn~Pte zw6lFuRB<9?x9&>MZlZF-w@SaC=F8S*msBv)^`?6=jKFDPj@ZaC7VJlHr#8scT&-QE zmz@J|`Uy#x--^@@-_nDv{$_bYagsYye9{%t52?K$CI;7)&nQkFo!a|RVqjfc@r>r; zc&YHv32t#xgsGnz{iw>T%$;>;-L!+f`S!|<&WX$9gIhN9Da zXQ@_2e5R=5vuT{Cz{YkM=O0Q1@_3(TPoA*;)lQDE{}(U$6*2*H7s=OU&5r@o zV8iDTE5%qUCNq~8B1 zam2b=#WPxqlao^K?@f$fH>+euYf19J)ce^)#kyIgGg?cN*2Z#y%rd{}hwtPiXzm!c zZ5Yy9vGWZWkm+KUO;Y{FaEC}IDj5EVi1kA>$j_}TN*$RsRX$1kLqs2dY()MaIF(@* ziqSv&y#~`WF@BB{sble3!a<|YG@sznE7>&%2fN~(vo*fM?4n0K@;)g(-{xx8Tw}ak z;@w)ZQ3>v)khuz>tT$6BUftG-o<o(0*|=rb<;@p$veLcBSl5O1P|cyoyO##2p2(|r~fu%JLh z+cTeV`Y6-3!_mfHcDy#e)6^CuE2-PgCVnD(Teq18Ger;N8(Prg*^}lYAT`fL1qNg@ zd6**sF*Atmwp0C^U=WV~9^Pf>$tRk4A>q7&{cZ0xZ0k9U`-j%f1jiP~ub@v~KF%Eo zRJj>vK;;A2`-Y!Lm-MzJ}xYfy0d;Fe<8DRRly1%u!bSSpf_sJqNNLcFOD$5~~ zUu!Al>3!f;7N;jTUz6s$MJ}SqxL2g>p*=YDBI1L{*0Q43E)&)2xq5=&**=Pw zZl4MP3DGFKMu~KeZV0ZPR@~o?+r4}Eo>TYCnq55yy7H;j)3eFwtmcO2SH9Qqe6lgV z(l+fX=B&@$bgcF!N*xOZS5GfWmNsWzj9+b2T&gJ+6{JZ0yW+YDx@WX0KBp%#LFuqUnHg;I?mx)K@T4O*?|yOjwj-YwBY*L88-kS#;_bXP zaJO$Fwl#&>cE5P!W9iLDKE<^bMlaF`j(MzA)9+sSw2%V0=k)HWJGr{zsk*1qTk9S| ziR=0(+DDm|6BOh4%)M`aGetyov-7Fn^P=I%qa=dp+Vt4v-WD`@g? zXN>fb44KN5v?DIpxfxn`zDPr*BNl)z`tl#=&tdV?o!jhuT}(F~Yjbn?uf5(NKY7O3 z$@4_{f1Er=$hN}IM~XYr>hZJf?@(Y!90 zN;-d1dn>OyEWXrM^vd{BD%yKY9^rD+OAJWu^eX9(F}?2MdrsY>OfUbsl3Bf*5~G?M zo?7{C!&9i=ykD{M%7NW*b*meLrOC3U)Sm3hclk+9uo4XIl&iI@s)DlUOt8qCGIF(+ zt<@q;x#JW0T6LYHQ|6;Xa#P06MFo77CjVVQ^7wKK=yHwuUO~)=`6SH)qbnLV_f*AO zodG*^m(wFlZI-%CgV$BX&$2O}k4wz_T#VpSkUzh<)K*Ko+}le_K}ug`GFCNw&~teF zJPT)0{7T>ibCrS`%fMiwJ9UUN#x64faI#ibPu*SmuP#%e&@p6M;L&Zb5$2`uz^jsS zgcQ!mZk7cW`CEcFbHl-f_F+qC^a{CXVm)!n0NKM`VTQuu4lf#Ge-N(QB|H!#nl)YL zmf+s(qCdhtveT^);TwB~wQrMObS4Cjb?W&nZ(?U$wO0C-mmn|W zFNjVuJLbvw>fYjZa^fxhW*));N!w#)aaS(>3q-_aYp#2k+L$@Vi%Y~ycf^Yt-d+`^ zT~(!9g_|J$byfBScH)fmdzljmY;j{A$;H%SIi=}aV&n~z*L-ul#jo8k1d-WX!?C`G z9*~}(0!0e}!*1Yjo%Dn~l$SE0AIvgL-ChYv=0pJk42U?xlmRqvpBEudtsq9N%Y8PA z@0Z#$1x-ZI0(<#F!=9c`#E)~Hw)l7r*z!8cO$;g9VfDHap|~rxxaeT&gHK%diFmzD zy&^8Df4zU|W;b=$*3;8B9RgFIk^|KhFTz+Hf;#v|=|5U~k9EF4 zEhcuw*t?mhzeQ6zIvJwscqnGj1tJ$r=88M8+mj=R38>;s?7t#9i6oJ!PvOG#m8mVjKc={@FLJ{fSSgB)zP3mi84oD3Fm1zOB}k*3J((1mmAPV9xb z4{@0U&cos$aCb@n(((Q6?t;%6|49F=;x3@o(#vP<{u4t%og3NAoMq-9cTGKv@FuWE z&WV-ey+X2@x@V?tQ+|<=s=+q+p;7eqm|8}l<=_u%oAvooZ8JmBa`4{TX2zoB;B0NP zFZJ)x$|uYVw+ar+_N_jKM6QBT06mStzhB6g6n8Ymt=Zl)PR!WT&#hySU95rq{;Fmd zva=!v3HmcV3x?O4O(-zxObGNE!nA-T7{s=}z>o_A(w>FSP)6s-M|S_|$Uod0A{q3I zTO~Z+X1M2bbuR_(uAiRXn%Y^MetaJmXZIhJ$$<;f+q)uT#H({?%w{l3bf+R*GXfv8 z`}xf~CgCe++nB-TBcIN}esblVLZ@YHK#esIC647a(v*IA>bB{(MrHB7?h0o!4?Eiy z#Xk>W_{I@RM#$hinTxtcqgLCf3&j~Q{Nanr7y*(gBxg=@Z2-!3gXe>{x00Kgnh8`C zUH|ZHd<=G!4hfFbnsb9nLo>gL_qY>1^DS}+`@qRZ-4iVO=2!WA-dZM4D=&PWNR>ZV zsnjI3DqO??Jt_#PRT19)sBdB}^QgYb6{f$_H_=x84R6S;zAzCi*k-QfAw6l9+LxfY z%)W%oMfRo2d}Rtrjc8}TFLOrB7z4dK?5mWbzBf6e=5?D5m2#fsRU~KPG}NBBXP1Y~ z81=6bY}lGO0=ro-PZ(m>eZy>XR?`FVYZ-;{lXVolY!UOUx_=2Gj`#B2Ao(t~`L6f! zy&Tbeo!R9P3hOX0AMH{`w#83nhtDBTb~!4N-(%fop=RI?i7!?d@l{eV2cuuNAk6FN zF~t;!gCj~^g)NW+0Ae1tu_Dy1HfF>iFky+R-U+LE4Xj>0+r7elu9^TtEqNJ~rrLd%3?|UWb&ZWm*eH%4T9qbM3VU8>x zwwUYOVm3|mkRuF!U>|m_*YyfzT6TF2_F*{?)oR|RAnJC-doup`r}P6vViPD>dZh)3 zhSBH_^GiM57jta)jQTsd09Ixp5F2v=F2z`t3viFU7ux`oO-6T`PpkHyk24LnR^Z=Y zyjjb4WEY_2zm4KIyX{hwqeeL-4(qa^g1M{F{v%HR|6WI_BI8-G_pycN~w zLC8@HAl4Klkz#WH5E$eW_u9ns3la|m?-`;01~$Me@vBE8-qYpBRHVEwA@S-n$Gf&tXMm-^>q14W%t@^rqb_Eg?GVNLY#8{5Qxq{<)?;@ z?KWpT&*}!3H2TIW44g255qoW432#)46i&4^X925xfHFmx{)=>H7Aj;x>x%~>mN zZobK0J~tbfgbco7*VkrSs>0y!sa~^dT8d}xw zJ0Zp~+oFHUloWNWGbCo}?@OOLef3q@V)3Ak+$!61z&hVCwZ*gGXd7Nw`7cV56X)Q) z6%;x3kpU6z{c%r3M7|-_3f$UKn|;7er(Zs!>otSI`kX@dU2&MQb!RvdCkyZ~0Z4Oc zMV>!xK|i@Ax>ELsGJ0|?;%c74i^@RK>tWgR2_j0@#9->hr-E*e%&}*di1}*EtKE9S zbR27=NQY562&@&-4^ZJ7QXgcK9qCuOvQWOVsL|C!Kn0Oy4;nFd9<8GtNgLbb*8tI5 zmN*@$v>>S?6WjSRKcM4dhf3FnhUWr4^}*g`N#?HWeiFZ;0RP;C-*FR)L=4}$C9P-o zx0RF*Hkj)sz^4e@_#zKz(oOpzWvpI#T=oHuC{t3X7O&^CF4QyKlyX~>qWjdh&(>6( z{o&)xM>;5;_DRHwLbRx6uc%5FfSh_VTH)>vul z#(JEqpdj3$5Z`?fq@-@w>KR4Jv0U}gu=Bd|*42#%7bV_X=R3Hyu{d##^Oamngo1h% zxxPv}lC5a4(_H+tVv~-r+1;w!T_Jx`D8xymN-%#rM%n$Y%MPx2bj6`;5VvyA=Qu}3 zHa`fNuPFvr1CR;2tHqlxU)0H2<4(>V3UVhWUQn{S(X=@(&c~cj%+wu;h-{iUt~}1& z)z8YOm`MtbwP*;}H0SsIPor??LO+}oY&DuvZ_8OiaYHF*P#m}oa$S#{L1jNobgnC& zQOcQH_M^lZ>za#a%$75^?B2x8bnoDQQE=^QBvURgKi7M;{69>%X*s&;i=s-Pr1_$c&_hk8< zc{>papDc3&CrN9n27cfNZ3~2#3vRk)LpK7dSLa(L(?H} zxBvx!AnLl}#(1Kl@$$eLx#_F9@$#gT+WHYrUv~8zv~k_I=GFhcFHyPr-}fhvYiiiK za>rD-c4%wSASH;uP00!HzLVn1xZp{_pWXn`vj9!C5Z}7^`~5L z-zrG!ir{}zs%=vd{89^D1@~@_D++RW<3)WBG953nXFzb+S1k8LrCuxHE~%2F`s49u zPc}EdAQRYUb({tmIPPxOo-2?I2|PO3=hU2vE0(1Z)hgL1en8?1!ZiI_Nk8j9rZs!RPzKwrn|9BU^jel^zc)Opxq1fuHn{RH@P2r_M z9(&+xuV#r~389F3{zG((xX$jiHCqy6F^j%noQxwZNTR(pwKuZzRVJ(`2g&U`)h-8u zdsJ#Ki=cZC#63?-CLzoRb(_zRRZNh}XM|l6e@L>u{;UnQy!EBeX&UQlWJCwp^Y*Pp z6*z52PZr*XVtk-eQFcklyaE-`+Vz|qqY6IulcUf;+kLdm8lMD(%@5~Dp9%wBu8li) zFk2rry^kq@V)cI@OzQp2X01cTHh^T0!)@EOf6wbDy8@*YPu4R{q%V>VhbEDmc za$8#~At4P9ncwEZD=cBcy-41<2<@UkMGfkCLav^NbI9k`Q}-J1|Kr?x4%$lk%^$y% zuVg_N3B3kph4g-t0vtJ`?06lVE&q?>h2IZ5UaKbQ=Ec^cS?L+Ql|`eJ{*^(=4`&er zdel)8p#vH*hjI*^;`o14vRqX_GxxgVD#K{U@0Pvg|7rZLJX3P+JAQ|%Ul}`o`}WHs zuSPOX-uMlCG2b=&j-U1qee=cyxG|Jij8 zD`r`;X3oFB-NW=etix2Go2la^bJ_gu!*b!Q{Ov=&sLXAyI}O|@MkZL}R-aoMq;TX= zYlK@9GT>?4nFp^gE6T()Hn~V*s7;kwvAT@fRAgq@h=0VV~bLXmF0%jTB`Z{{yR?IZmC zgm-y9!Bg7p{j>P`w-3s(-(plE$R!!QORc(uj$Yy@=TC6#I#nDou~E*F+42VjRkUNw zpfz&x#`s0>1>#X9`Zibxqu(t4dTe&#*}d#vve}0}Bo=4;Y%+VlMKqda#(Zb`#_ZRfCf2{Lc3DUmH$FkJ=)&Ze>r3h~Pd@yY^-IOYIi5uAr@ z`d14o^%WOlu|WK~g@{^rMJF&%lzTXOeYgM67 zh?&F4E%OCQ=8+CtemAqSVQ%I_+{~-V2iDaxJ8SF)RS>wwlxMWX)aKKmV3{L2j`6In z9*rjcj6|}Y^|Wwo<&;QVl^ZuF7bhEf1ToGiqMbdIAL!8OY&Shf|Sn0Q$KK82KA_p)qzO zsU}Ie+XY=_j#qG?_ou{DXtf-{<9+WAVA4iVr#e%c+Osz~wcBhY>_M5Yol|$34%WNU zt+M^DH*M=nirPWUyULSt+*NJ<_8$BaULXU#-GGH|REH8%%*Ojmu?GSRH$qKs6XI795 z8V4xkK_9$}^ta1g?14&rhGFG?&V<}j8#I5OB1J$Q5@*DKCCiEVstcY1qB#3`(0+Ab&;Pj785VZ-aKQ=+NO;G-^32JPD zzxnoSu{KEcpZeP>l_bW@!p(>}w+RNllyp^~lr3y_zC@ED@{7xr5QzX9MOL~N@CU@q zjRIaLlOJRWi6A24tR@SGk1rvIa&dB|ohz)Q$BV&g;uC@=&TTNr-R5SzaoJ=W4kp>a z0HJ~&5A)0%tqGsigqPWYC*8@PSxG!x_r#f zh+#nGC`1g0BvF;)gH7o+-T73q_m!xyQ>9UjUQ}YK1V@~R22aTapD)2tr&@!@=7L)! zxZ0`L;N4$v>z6oIf@_>64Sp>bd~k==j^6QGd*--RZn5IxWsa*}8X3fl@TpGCkW8ea zbUW9NqJ1eL`R3@)2cIP5YkoGO8{d8V|&-&ZQ<73bs1QiLFC&lyC1FN#hvnk7SL zE$72{60N_mrDEJ&{S{7wA*0~E^#5h zOo#`$*@K*DbKceTzssdR2@_iv;&~Qg#cb)jZ{|`Qi~5{)+~KQwzbVg(ILLUo$^+ieVP- zpz?ymK9Km(c)L?Y_2T961Vrl55(OaJUiBIpglCE~UZ+cE1kLAfbn7#XV)1?Wk3O$H zM{9M$c+WXX>$1%(wsq+;Z=NBU<;Gkbc6Q-O;n~7~f)yzKS?5-%O4J@&<n`%(^wqXTV)7g41z#Dp z<9|o&WXfF2~yUt^?iaQDAvYI2Mk2&;p*YrfC%H7JYk;-2#86xmhfXk zxvI#SkyIsfg>t#*24tzoD6b-c-tmN}J-s*srO+Bm>^5(_?m_5%7i@@^>fT(VzIK4r z#23p1S?z4F?Qm>R?pC|z*aFLgF8lq~Zxl-gUol9Tn&95e1F>CmZ$ z4*gVwUJu;uKLNX>h;ssE*jaM1(@z-;`S`3-Ih9qB*^K(3pn$JoCwnIKnL9H^A&>pe5$t6eFwzXZ_B_Y`YTr)}yT9q^HtKCne;mxOXdquj732{wG z9PkVXQp^da-Y-rbrPR-bF1xhqbIc3`eJ6%JxcQWlum3=>?|m3GKIO8mx<4Ep?x@cA;)!9 z>1B}=7A%Lj_Y-`)9n0~Bb}UB}+Odo;v||}5_!P>^y;veSZ5AY;+0uQs`QN5{+#0PA zJ5awnPYUM9f1CgK|3UtiD2_>?iAoP=%FaD-Qv+ia=oJ$K+!JYivaV(ROJc?$~K5_3q*lpd%vZsu3uBa`JrtwC9*a%DMa3AmK{X2NwQGHn-pV5jW@ z6?0J~Y^3bW7y8%keH*-gzijyp*=YYpx{GFnnNJHBxC2NzJ;5^U z5+N&YwPgo0+`_z`DdK_Tfi_FHAPXUgB=!c@A4{r*I6LtwAQ3agZ1TF06Ug<0oKFw` ziwU@}udE;?>|UTZqrt5{FWjxolw4*J{0!ess+l6skh&zt;|mKJRVnVe3MxfCsyry& zmzM_r&fj@glm=hnc`bjVcrPk0DJdCMGOE;9y78-gzro*FdgUnoZs1+QM-Rux1N5*H!7%QGJH=psD5gAu@w=~!Pw7umjsK_k7_uc=; zY)q)4%qasOl1=<^tQ$L{g8qG!{+&}iqh0!UYYAi1`{>C2jmRbSLK6ywhY@q^gEH%@ zU}~K!J$#5Sb6jLtg%LE%!}&V97YyE8)FR06Kg5OP5nb8wVXTRz&;qGs)C~Mq3Jp`} zy}|!AM9?05RVilFT$+P85CP)4%3PNAe zQv$8%n=RYN1KGjI9wzplWR>DXEUIUrU1kg_+QL^P%du^NjTsbW-_FE=sObmOTaXZ* zp%UAQ3>KH2*{gloI_@9%mDHOHRxj*AW$F;^lxj11xpcEXJ>&v1!2wCeZ9{H=&;v-1 zROw>Yxr)^LrOC<8AXCWl9s=^Cep-eFQ8u7v0w|}4S zihaKEJ!j?ZTmPcxW8u!a?cJcyIP)f&y0Xazld#1@yuJtbf96wr_F|4ZUEnARC9m%dk>_Irk zg&@*VlYFKaVQcbuUDFcP>2YhGNgQF%wkoCW%@u*}P5%sx^F_r~&^e~__fov)I9B|c z2C+|(3xK76)HfFwn@YD;Sr=Jh>mn;M(nVH8Tx7vKH7UZ{AV*Ru2I`_Fq z9kGXWyLWyYG>Nx~@?^{)6Jln?RM-EmI@#3HcmG`E2+GRB({<1{$hVGh99i=gzjF7pNUp)>?FSF5%mx4;N} z%FjJ{bLUfIx~UpCy4Rx2{hsPFD7;|sdO1agi|$zIzh5{k(-=ocR(bzzG~VFRuZYa5 zQ7%sv&*&B@CW=_d;Kq`SO*zEctHr>xlJm}2$_wm^o+c>W8{Ni(jyj9ioxF-7r?EjT z1j(70=yXby=ySehqvjDM;yp6Pc$Mj~`R!5+{u&9Xg8i;1og8E|xzB3hLsHpLBAUvE z6O&TeNaC=Cu)Y_f6DSoyOYo7G%P|p=iVlL3V@&mBEGh2E$Y z_1Y$)YTPQ)spWN#V#qw}9e&z|`fSY+*Blt@?~UF@ZWb~_35<<-O4c0KHsMKs2j|dX zp143)JO(GwyOt0TtO|J-W7}ndr0&8*q(Yu#t2cYW8+mIt@49c(%s<>W$Gnz%dp;NY z1aIk`P_=ofhw=H0l~c&9WiGH8Z9YhFNoaTPSW0&HdtA6-#eh-6K~1)m6l7|VRE8}` z>VfEow5cdr<+hF$a2pE^(^Ey{nbBMX`D;znO^Q26D*Yf-jT`X(TwWxhKX*f=%VXwo zLS>U8qM{Z4y}iEG1Sd<|uX&gAQ{5q5As{3Zg*~q7s3KMBolkvilHTYO#7e4-Hr4m? zsZJyn`{is;Ncpo~|0a^uw)ih`261|u*hW_eK)j;pN zu%V<;=dY2th)g+uS7&w%;;J!$-pAQA3_nFGp&0D)N;=K96LK9Zwmt-wcACL_;BAr` zA2|b0GE4eT&+h(9-LCXM=;g-E+snb6L%adFDWB&G1w`@F%n#m@+Es{8%)naNM$vin z+&Ja$M|L0STWFI5%a`w)KGmbu9y}PRa<_>z`kB{rjn0DZ{l1R?T@?7)))@Yn$B)Z3 z>2)I0AY(@idB?-KJdYFH+VEar!(!H7;%mX=`gYLluwkvP4A}QcBLs=icmI|PMO#O@ zSS}*lF_?pQtqsLYWLV3FEerHsY6Gh}#24>8){;d-l0oN_?1;@z=o=xbXLXnp^L0C( zC{^D;SM>0FF#TW)HV41q)@H?#R4?464o&QEN6q^<%F{AdMFVTzfZ&j%u~mla`n^R# zx@dhnIKc2X4L^vg5?(yHg6i4ha~<{zvY3!tF*Um|x8&RTUjh&x30D5e?2khgZrPe^ z*44zT?M z_pQa!#d6=;>8Wc_9-3_yvr&#Qcp=92GY?4?B@bdpEkLsj>pp;g{DccQ`J>@SNG3i^ zyUg>)R5drDw|m$M-+q6i9rF0EF+??KkCy%q_h0 z678GqH|y+sP2cRG>CrTP@j2T!JCvA}x;9vpXe9qMS~#DRH?c%$RDW#q+^-tGSUX4) z?(Sc&1ZplGm9|+KWrb9eT1u6%?3xHe!Tm4%3Pv;O&bM{DrAyl9V|ng610CNNR(6!iZej-K5T`b)C6zKgYajM2qlU^QX3v!@2 zn@+Qe4v!Ou{{`fs+@DY>)zKO99fGGX_9gzFURVWl7%+!Rj%@<%3qm$uV@O%sg5K6DU40qBwMYo&gDFm;28_KHOpI zACu9Op&P?>ynPF+^Z*J)fHd5G73^2mu_Q*Nbpf!up~Pq-6m&-Y)1lKFv*f*xi7R?*d3or$z3;! z%5O>i9;1HFqwBUt@8`U4_XKH+_buH+ z{BP`cm-+BpdbE^d=)N=G^S}B9n7!}HSB}?{@e+TL^}`2KUHMY|R*~_J_@g~Z5SMri;M~WL}MHo(y0Pd{E5njz*f|P z`OBNdNbH-;@Z)8G8~moU(DNtS*xysXk3UgiU2y^G=a&cTh&)2}Aw+?%uzf`ABWfQt z_ED?Ev?<~_3oY+!tu{R@(5R;E@quU^=JjIK+DZo&P2ORl~#2>SD-q6 z&^BM;DBJN}MmZW?u)o+3iw0wKhqmfh7ZCtM)PeKwbZ5&**+y)pGCq3#jbv z+}O53n0yd0(TDZ(6#Z|AwrBwsZH07Y&AGSYkt|rcDHbm_7y3j!s^C^GX^)d3tvfAK zn`*`1=$0>ijK5K~nn;Vp@sEHU`skamsqleW+D0Dl} zdplXXy?Su5mM{QouB0j$>iHYc?Mpg{!lUWmr_|9}8SW%;Vyx~Y^A7sTW|SnG?EzJ5 z@r+r;$$EQ0)mk!RRtaWP>Y%T+bjGaGq`0J)>3W1^T2BJ>>%SK z2dkN{$-MS2G< z%eV1Q?H3QGAzzctI$|W`Ywmi9ND8e>S$Q%qxhogbLcU+J-(6JRVxyfYaD@PKfOX6uu}zjcWULZt2`p+}a2gWpmSRd|fB*D9*p4sRDW zchV@*PK%jad1KyO0H#b|;1Be!1f!-e2nKqE@1MRP6zGlfVmkj!GUSPY-p|PA4KN~> zsq5g=>VX{1l@>sGorVw%`dg+Y`v^f@N3c-v-~-4co*>| z1!yA#oi8AObRL&GZ3J=(K2=k&S@yVlUQu87()5L(#U93P`a;m+ZG8bP;8}{qm5?9t zQa3f>747D;d80g(qlMyr)?7%nq&Jf1IiDbdvzErhOYss`X-<4uS1VinEjnJlx|isr zCiwDB^V!$D27&x{5^W2(RTEZ-)KQK@st0j9Iv|Cz#YlW3orTvXAq4%qpq6d*8eoQs z5^tv4s_!bn)g4&kyQ?^H7*0a`{cSbz3gDlaL&JH94|JEZ2snzUG;6De2Z3H>FK!{# zv6%VoucQ>kGc}oQiDKKnmimaE$WGJ48sH+ zWKW!U{YS6K^O);D5+QKn2uH*UwhEWxb+FRB_o7w-^&@pX-H1|{-vj{zkeR`wxvYAu zgGQd4=X06I=n;QM%>0CbK`pqxcb6BFboSb0sd|VT+@KMc6_?A1Y z0&CCq!(2p>O0Bh}GDD4`~nO(N-> zluvLo33jzs7bmz4c$vSyRj0wX+ud3uR&boSDLtoAZXVGDQcDzpfQ1p&GC3ff7Xytd zy0U*rJsbr)|EPDP$#$;Mtyhy!)v#y=xBXh`E%Y%$JqTrf&bCt{y=V8UhjSfGwm1={ z%&fDP?(xWkjPw|cn@t(o>w(-> zFW)-jNUW?5y*ydXbifWAb)vLgeg%1faB+ zc(vb*DZr5&r0i;;Cfu%(v*7z$v={-moeU^*a|Da}aaZ;f8Y=jrglLNz$WUt$O}r<_ zS;l!6esI;|p<70+V2ec`gT!KhAxs!15hw4Tz}hR!q@7}~AWh}Gej|G$;nJz#(N0sY z51QlG(FdEK*FL~oq_&HbEA*4qZ9WcowK<&k9VKb}qR=^=Zr~b+lbva2VM$;*I)v4< zIII!Nd`^?bOt&%j$~a23|I}?-Hz==&?bNL_oaWfFfT+sNA#<8q3i~NvM=}3n_cOZ& zb^jUcYUk!fz;Z!(p!W{@lBgVjC}%-|ib2a#tXWMAJzXIaPP$tU#%j#Q7e)!CLAzFI z!fsNfrG~xRc|-p8R!(I)(EB1mR4-^Qzl3vq;K;gusw)2|cXl7~0G2(7-`w*L=_QPX zWNUQB0lI%sMAAx8WO#vV^vDp9(yeInCE)tJN|L$SOlVhyG#svr$P9wZ?>RAZLnc=> zjQFHl&t7b+6{K2s?UCXo0~*>|rJ#xCs}wZ%`1h%jsHsXdn6JVZn_C`I``<{uKDH`Tffe^S?mm$el>nC}QiIf%>1e5N9O8my=${fqJwZ=THJ4H0hpdGdGYizmb=63MG^~KaeE13X%uAJK_nm`R`JKVtutqjI}+oDbepKCaR|Zd!N(Eo9up!y!8|i zwJRZS;aJ^ESnbqp=PH2W16*tKK(CN7(h5F?C2bVrz1v4Co<+d3)zfN;4F%S$p-M!D zi2fJ%%DS`;RZwV8x48%-S}KU2jldeYiUQA|PkyDCBN1`lUvD<^4zhBkNDzCV^wY_M z=&br7Ia@ADpYCI`R+TvviW26MUfJ|XEa|I;iexjAngLYZ?Jf0XJ_A52Jz+vTigCA# z>w#X;<-WehSHdGH?iTC2hQ!RF$aG-LL?Z+_Yh{AwXXR}ap5q25HTBKMsEC)a4n@@_8mEiR_M;2NaV}@0j zzll{vHz#AAarwB+b*NGKvsZ_+SBJ7!SD6=o;W97DvCbj6WQ#Ig-~pUL_7b^--3_Akc<6eNETki0Ln)W&`Zs3@)9h4D$T1;X}9HRz=Jmw(10&ywC61+`S2?Ja0x<=JX!t+ z{|xV9_d)3*NwxkN*dK7zE~kX6RHJhy>|G` zsp#EE2l?or(wvWLe0wyxG;Dz?=5UM>>YML(U42yMGvUxw63a>m!8@TKu`MBFUVelU z;D|8ZPL?eYtwO9d$Rd0US@sf5BtZ-MR)qF(U8L<4r187{M*P_&wi14G$ri~7o#Y~D z@i*f6Avrr29?@{m56MZn@R92HUjJp6$Zb-x@8!*u+tlJXsA-@6lm13+--O<@{xFz< z9{+p2u1l8x-Ic?P%J_0HW6KkY84OB}|5fL;*2zji84BO!e}Aq3NAkbK@8f^t3{W02 z=EBhU5&k!h**{+H;mrBxs2maR@_+a0`dEcbkNyvLyEB&C$V!s_^kQ_|tK?FW%sAwE zJdsb0B8dIdqfl{7+Dnp^>?|VN;EFS$d*9%3-%ftS0OqvENW$O3dyf(qtKPCYpu){jd%8!YqpQ>&C^FAhp0|QjR+yAjQ&)Xm2u$}SfPTXO9 z-+au@eAkIk#URJL=+ChQjwWU}tLb9y!Mr`pPv|PkoGA#2u5e=T43!WjtL8n@SD|5j| zN^r=j)!={OH$-+(A+dNBE?ox-d&GZVPs3p=nWuKW7=e)SdCsrNAIDxYm6tzLzr20n zZNM99QvSxZFH}=Pe_!)RQ$n5Zd3c`zUK-JpA63nB6kv%OEY9*Nz*!dHEEO>K%?-I$ ziT$$#uFQgTJ6F*4m58$DERk*Z&8oogrf*irl0~MX6i7oW~v*>esUx`E~ z^6zeKXKK%^L|d16+kVabE-YE%lrHnC`+b{yAKhhs?|zFvJhZgT@7(X(<-6Q@n36Ng z`j)$doWry~5Tf{@PItMjr_$Wdxgc1!&~73Jk5vn#-s?%&o;asH`FC6AODtrm^Uu&H zcgxXweH;61_gm|AlOw_=i-mD5V!kcHGsO$dyp05jgJ-@bkAMuYTF(U5EN36v*XHv~ zPwCr`jah%8#FTpx=$Rbw?b2XBe|NcmXVbm%F3;Rx^8zYV-1jsyBE7jo_3f%=9F{j! zInT8>d1zllm84)5_nvw73DPU^5@qlrrmA0<%<%bx_r0NjF?jgjz*L(D59Y(T5K))| zdw{ua+>D@W6*ISZMoenCSq&8Sv5GlTYH98|QQWx~IcoCY0lYc~P^1Gnvra3Iy7O07 zp3sq65iUy44|R2mdMJ{d^ia%<27Oq|Mfzs8zvAvPu@+TrUaqzA{>xrn;o28`|5=%P z)p&@4-91EmsoFeb{Y$!+s{04cRWBL^0p@e-|o75LVp*GB79eT)1S`ucFPjs6f;#s!PzWnRB zTvb+OAN%riP}mdu@~>NPA8TKJ#xY`>(Sm)pY*&07SBrgl#n}+u^7v&``?7~~)h@Iz zf2dM|@z3SeXPQtM?B8?s$=jE2B~3S)wqtEwy386jD-@QuFHaN(6d-)Jxv$-Auj~=A zr~e`CvhAIO9%tOAOPKL#2|LY?b(Hef^j#*-!3_8JF&O#w&G*`O3GM5{0)+mS)A_>o zy*}EuZ-!U?$+msR$EeRfGWQGT-MOp%JaSr7)nNb?EP$)P67Lp}%3# zkj~fhPy(R;+(PFJ*z?e@@b0o;vQQzHK8F+f3Kp(2(#6UjBNCk~*tTab!*&J#O)Aro<z9^T5V%r5HHSFB>AMSiE*L$<^ zq&vlY)+>&liR8H^H~mBhp1|uK<;TfVTaYE{X3_HK;8A84k_$a~NltWL&1JsAdd{3; z{)M`~#s2JT1^BPyAs6iJN;U{RGUC$3BWx4wiMsY_Ge_!E%uhThf`BmD)Cjc&6df^Y zPmHyW+BNy&%q7Ijo+ylFQW*@Fr5IzKH*)>HB-5~-qbzQ1<5;}m6hX_#L+TmWy*?3 zOsA}fO%9+lf;w%5rB6Qub9hs(Q)fH9)PRD&h1RTgYEH!pN!@7TKpQ(ishNThMafDd zOy_syqYHtw_EEJt4&0H>7FR-ta`m*^(^mm{b{;gQUUF5u-V!fALHVhYpNLt1eKGwn z-8G2|*b4HOlE2GrPYBkcB&oy2j0v=ik~;L2A;Fcg1Nms}_+00X=`#0f9j&)ahBpyEFx?NTcE$q_L5D_Z|Ujbj%=gsc+Wj;KrCa+y+3yOZ>)rq6+G_l-D@9ljj&ElANJ&dB^--F3UTD)#q#;C9_* zY?AX+DQ4a|FbG$&jhSM;$ZDm1E8FhD?(F!BxfEFx1n?XA>s;E;Y1&Ij>ntH}x04VE zrKax3k~^9?#}N^$h3hj1fQ#M)8LKYEZA^1!V&BBBY|>{AXOt~zX>vB_a$csTWI1D` zM&0IbSLq;HvGAYVkCzhV9og|`QAsNe9_+g=%A0mlZaih23@^&^V%=9dVhr80}J%T;oMBlbeJH!nlxH^uw`DDL=ai<(K? zjttvp?$I)ZEt}w!3f^kP9L@EOf?T*j%Z|T@4khL34*ag0GOj7FBBeX#tL>Pd3Ma*w z>%>;4nilYEO+Kpta2_H5`}S>s9Jqrp!SbJ4)62LSd5U@Go{{bQG>L8dUeIo_?K>h@ zYe#e4Uyy5L`>Jy(Io z6Vnr-cmi-X%8Z%%PWF!$aiMu>iI~;?#UEb{Vz?|R6 z>G8Bh?xL-PG<7O_|I{iZ00*Z_`^wX^eTaZ?5Z2dLfo)b_8%GSX*%+IiUDelCm7X2$ zYYS%%URTt3K_b|Ae8R8cK@I2Tsz?z6@!65Swn%z*w686Svo=n>8S09(!9M$n53!#b z;8y~+X!(Vsi9Uezin-zTLi=Fp#B^`8k%w3S%TrEJ{R2P$Whuv%&RvXHpk=4KAjomq zNzNt`S$w;~`mmZ}=KfkyjvWcwmg}Pe6%(zOz9S}DQtDtwdV&xaX8?F0Jw=F6Vil?RgbJ`eN8Jj_n#Sqsg1L!Q8_%KnjkINgz*hunXgTrD%+E8@j`5t&-f z~jEneIzh6%+^Pn0C*v-p=&nXmhYMorS>xj;5;M*e6{qWHyR`3)OQg7PHxz_vb29m zR_IJue{Zyjr0DX#3pB8ItM3#DMsen5JMMP8Zy_#!-=vI;T<4<$uA|H8D8fKp@6q2% z);m?;lsCK^WR^@ZOMmH7lm&9zpF6rAeLL5L&h)V|y4^awUD@aKTy-o2M+bK@05d1( zU=gQ-rMCRp=VY*S*j`}vWwS}Pgf`2G``2Lyww+4VGM8yLcNdHvd~otWhD}D#1%YRt zX0gd^q&C9GL~SM+YR*dp`TnwB1{wJR5a~g8%obiKHx(LxzQNkT0~Pm=;J@s7)={Jq zuUDbYx=r{36{iufcW#f)w)d1xF%hpda#mh3IK33px7j|N*G#`Wm<&z7yeb)(et9G@ zCQ~tec0~f3;cqIPO?WUdMj}T^WHCWuz7l2LR}^~se6FyoGGFX+UgWdMCA`37mwr*7^>ToG(|y60lGuP*(Ay*x9$ck1(rgShVqm$r#9tKUC9QQ6ei@X*q?b+u)u zDp!AZi7jolTdQw>>5l&8#an&V7q~@G0EM1L<0)g+chYB8r8~m5V7J^0M-(~k z|D!+!J+i>>X0ML2+(ffiN93j=x1O`n2lJP1T}VBP*tFR`xARxE7=r0n7^#ReD>qVC zTHhU0%%6YijTFngRZq}WtJ-|YVW8dhY_cO_0Xv~xmnX=7ysW|q*ga}Fo6@!l`H?+p zo9t2BBJ0Xv_KR4LlB1@z7AHnG9-kb`OLBDGGx%CcztVTgy0L)=H>dVo5V%o1=Htn& z=05f07Uq%qH%1KozT1H;_A%$Wlp`p*FSVlVs$`jP6^=q8ZH;xAs07 zScCd|R*e+OhRUf5_dsHfT|U&NXMAcY%ZF&r5fjyzh!N!C#Tw%>FwV?M3~AA zhq*P$HB0q||A~Q!jL%VD)$zeQ6AQG?Bh)rT4{Micpik)DdX{{)nf9iD^m0@!v9^Ep zPCJ@`-ou$<{g)TxJ&eUOV75wx8r7E&v8ydyoR~~igZ*t>ds`7lZR6Q0IT91odXX{r ziXS@${5+YyiQ}`&qxkQ6EY}}$Nrlz5ep57`>(gc8l;K!0+(`T}Gezy$lYStZpHMK< zqMg1eLJm4nVTe@pIx1l;`?0QS`ySPEE&EY5@llJYwd}99mi;v>MYa1`_J>(A*DX4pvQetr z&Y>iFq~=RBntay!|N<7U2X?5zz!C9%HT5*52(+ZSBRjYOPiaMnPNe+7`85db69J+Se;!Rr3G-W}oLd zCurZke?FgZp6A)!+1=UM+1c5d*}a3`#Vt9f>ug#w!?(o3C7p)R?2I2$m3h={CTFMn zIq#kB>okBFB4TJbznp#7D>0a}2EES)W4%9`6CC<0HPAU+d>H60Efw^?dkkhkJ;$ZE znIzMVaOdONrroQf#LYC7XR$1>XKKo}G~4}v;8wsC;}ufx@Nt+B1SbUV#x)n`_9U^q z!|nYIYh8A8t~_`vPCncE_vu><)19u1smFa9egc9;Oy3Lc(1M?pTI7$(;5o6SsbZv2 zZbeo$Q;Nds|8$mF;lBBK)mN^_d-)`uWeQT^e!9-5#&b;%g4#2?A~pokyJw#0J{MZV zq2c};^~2>=^5dV`%mCn@>Eo^8pQ(4)FsDYL{>&T92fr2)2nC($+M~avUgtXRpQ0tt z&UK{s1I_;6DUPo&n?ax{%~yx<6{Zqjp~Q{41mUEm#E%ilcYa-c!!S={#{2i8cb)q1 zena$*{#x&AqxTyB{?L3igYtF$eNmK7%ap$(de?Ct?=$^7@$!AaSpWa6GtjO>4`bca z*cE(7Zw0H9kGC*&@a9#KKRzQPE1F?{VgEFeAC9-c1;U2FIqr=Gp(GCP+r8^j|9Kim z?4#W1??qDGK)ylKq6USL7MeLPA=1KcvW8jOykB5vat8hYgLD6Pb%=25yjUz5=vzG- z=cUo#R-}d5*%plskrrP4mci(2X$H*X@WyHlvj?*RFhk2{yGyT9q=nNAToh@cxqtQ4 z9V0D32>&J0LY2=_?SG;W3;wOn|5W;)dT~6CVWYSUgcPZ8qrpF<2Kjhv&|z^GLW+C3 z&-z5%g%bD0ixhX^rqhLo;c*ux7<0&^m@R1!NlpDpzQ+n`cfQ8enXMMd60B&ge5AhOAJ(rS8!LjZYt&%vO zCVO85K)bv4o4nhqdAnM73Jc8f^1{}d*RDWB+)vqXVJW^69B6^JEd{k@q6leIWAzGvH*Oo{Rr_e{`j;21*_MNEB64Qf(rHjV0; zFd}!568YZlR+!~(3ADF|Wo~zWb5T~Hj5O(@!?pSq#v3rt@H6&w6Q&0I{|u2=w|Xhw zeG`6d(jWn)((VmVtZ)n!?v^iy&@V0SNh%x>mc3je@XA-Wqt{D2M{ks|%B{AH@Q9UU zB&yWoUsFNPKvBn7oB>01qrRjGt7E)90)1$8Z+#tY^6NZuqWE{7L4+8I zw@(^PXn5);#)LI@I!%%vx%}lS#EMzU%ox9*N-Tt2ZL3;Z=sOg=8W&xPmB%Re!8dFm(k|nHL|#-8`Gw<;-z(oW5S>XN1!y7ak3}l?h%VAOIYa}m+F~N39e3l8wAZD|B_JaOao?H5~9yKBo+bx!oTZ z$$ENwr^C~mU5)ziJ<5U8fNsfpZ?3(BjtqI{h!7)G6WPaKV7^TNLS!$R(K$FcrzsgU;y#GXryMQ~LY4)(}7Qd&!zo5jN z9FT`@P+mAr!)AX+~^qQASu{i-v+ ziKxFHd?D&@g<+=5dsVo<`S0?OSlCp^h^gQECwK|WE;uN28yRk-Qc!Q{lC_7W-#k2B z{t3g_{CP*+&$%f3{nOWB%$ zyS1-f{$}@m$#XWvZ|knFs$+KICP{mOsNQSEcA{0}+QX8Eb4Dp_fBWp~%}^UGHL>-hjbl?^mFWxB=w8DkC4 zt?u!Y^E%v;{#nxop9McCv7`VfH?y+#4tL>SWE_C}MzvZ)tIW5f!%gGFnjJj|xaLL` z13g@5-`?381k~B#F4#pQ$G~#qHN8{9N=rC3PWUuBh~*_guYH~tf1abyrNPzq`QZ5T z5nS_7l-Vb0*Pjq$IpguDa!4C_YD1vx?39905d4hpj*4nVj_&X z(NppZvI)cf<0M-SKD4`j^wF;Npr#YKg?P`1$Xb)lSP?Dars%#YDVsxokpIOIB%;R{ z-pRm={6S_)Ex9T32Qh%&9|T8`ya!0=67ms_AST8T7=6I@>wbs46XTs2ETw0KD+D9K z{#$OnB{;!n4nAZki4#F;cDMP9^-T*m^Q4#hD>+7+W5Yn?3PM9m?r8=i|3Cf!MA__? zseS2(90E)Y;l|7t7pNGxdme!Qe{A;)0EXTG9^hT`LV#>(hjl-ck6-QiU+njfTWUPX z?DxM;gb0by-Ld_CXtIBY`7?4QfH&D!wbd@Un@XB-tr`2fz3{PRhMQiW1O~$Pd!fC) zX*-O%&Lfn@D7VBMT+PDNRZ%fBC$iVC=yX5ZHMH0NrPU&asXNDHuYZgAkRmXL<3GD( z?IT3LG_S`4hc1wRVt6%=TP*JWu;}=al?P~)qbqs5Z;Q2NF-DW4+@JA>W%}-*@b7e2 z{aehg_Z4P*xT?#3Kch)91|{|=_x-5g!U0KTr7+;GPFIY|l($O!4G?8IaTIvtkK)A@ z<|q(}8;{yuK1gB*rL$8Ie<#5R5GPXEV~3thyHCu~6fDVZMU?pa!cE0Yydut);=(+9 zboo+We&~e%T3)&jZ7`0*tRmA4wU@E4O=;9pc3zkr)3BtZdu&5%Dd(fJQ<o(xE50c=>u?Ro_uNgrv~?OEa+hM4%ECx+N#BK~eHWyF-8X_LS{&XPcbPvB93Gcl96ST+yHf5xmOhAtOll8J6eE*aJ9;(j zjENx-);2wmy%{C4z64~2b{Yj>;o$LX^F!vJ@+i+v$WGJtehi`Iz*(sB=x=Ezy!A7R z3$~gAVdTopf!SnsTCLAnqnxJNPINVQx*YbIoo>|e#=J2WZ*|}ABW6(xYW16Vu;`j4 z3n^1ZtWWL-Ci~FxsqWe1tU&NXnvr%l^EK_(`)|WW#K*V%;-$zBteX`b*>N@wQ(nuC z!AiMtS|U@rFx+Lb6(f=ht;~$eo>0pSO*C%k{*>(lGS(e-@oF&O9Ni%via|q z^F1y8xgvqSp0iLe!kC?}nrn!^#?hM?(|X+c_)^{O4vW9E=?jLMdot&Jo=-sT_+7QT zvGJ!G^7uyX8dcgoQQLFwyNf<#s=aiuU)oJHnO~}Xtiqf9%L1t=WjcM~K;wJeC4RmUNhjU^+2#&+u(UYK&_yQThg@C=J1o)ApbW~KpqP2fOOc^k zJKUehXd{-X%N_|uJ*$gxxC&Uo@(7>s<~X5F#$go1Mnc2j4na8b`@*T5&mdb5WLK!3 zLpAjZCzLk;?`lT>fn8wQ-O*z6gFQT5F6y6wmV|%??zI@txA)ILBQlF=_FVk!YuOpK zeY0w_GwS+g)n#YY_sy#Bxp*pJpQmQRK-}{UY{Kg)grlKlO|E*j)zvp^s;Ko8mUO-j zEt}fv&RAtON&0*YU$Zls`erp{$F#HH8F`n`sf7ddm%Zso4?4@qyJD&pZJO1jAF}#` zFrPQ%|KhJ&zK(L^V0zlv2rIi`4L1&v!efkp(S%GEPKkm7;&h>E#J_N9#!KNtOl!fr z1x%}4ETVv0b-IN!)luwSz~s-tnsKQg@Q~+Hbfm%OO1oPBFpM7=|5Q21KIIl%8EtpD z#&pX125$68-ryaDL%tjFYw1V!3Vv0|vN zfjM_1#*>^mywH~i_c@kBRM%-y>>BR-(yFXofeU8h@$ ztt{?DhA`ST??GH6>+3WF`KhQ3WF?B|J9bk`GtJ`U!{(ejoWV5;sper*ORY}}PdDn7 zXH$!(^p+;2SrjoC2UMwG=Wk9oVnfV`XjdfhA$&}tZ1%WSd1Uy#Mo2zBzsx>n*V!0G z9#7uSWOC0|voxY;B^%YL$R$rd+0+`T*FUC}tAdm^Z-Y-{g4dFb~nLAt~_ zxG@H`i2X#$T^E5;YD7LUzdZ0iFE|HbQJ8i!nrsm$C~7c5dTU*btyV?wm$=U9?5I+1 zFJGse80{b@l|8C)WA|yB#ka_?Q9!*n$;Yv1THSF*oGPr4o|K`y@ zoKWKiPA9HW${ibl`agB=*0}T{D_s|VF%_+cKs9=1=`8qd0}W)H?C_ z#?hd+InJ}l@*EuHu^R?WA3(e97k@p5y1cN;h<;{M-(Epa3~PGu3(v1!Si57Ddk5>{ zY>T37cSPB&R*Am$=W8s>*H~EJq+n?bXgUFxQrw5WV`UWqfz(41Q&1-2IY)W^OHF=2 zqx#OU{{1|LH9dIR_wT*l9jn|sxI50aD9ZM1l+9|D=OdUb#YfKX_gc@g@fwH=PREA@ z`8O(6FkTPGc@|loi=sSS{BBT(&4CDhVDO)b%TC7!2>Or87Qo*e=UHTV_K5QA(DLE< zSz_?tipx&NK`iB7>e&%F6~VSR&mzlnPn72);d}k^@(WDgR7P*g`w~@1Qd%pa7{!VtQ4%O0Bahgrf%6=W&@?R;K^LwAF zlg+4WL3E@U$txAXy)he-e_G0ojM~le&;F%a`xo=N@bZ@Bd5NXP<{Pqb@L&v}+1)TT zFSqO&pt%f5bea{rB`PM-VoV=QqB?dUMexo!%46g4f1Ur$)VEh~W(;e3@XK)iqd6YVa`q0+j23U9oeayP~h`dk^7JU8_dw+1dT!a<-%{`wjz65ImV4BcCDh5Q-?6p&+;_SL>EprBLiMtQl9B!w43KGeg z4}Pn=Fan$DGB`E;JsvBs>zqs~rc7Hl1Otqn(_wlDhUAZf2rOK=ufQyVP;O=RR*Q-E z*=$a#G|!l_pujg)ri$u&we1yYAAzRX@ghZ$&k|Leu4q7^?UxS4Xyq-)KM6zRoK z=7+?ONBTV02joSexRldJ4)IWr*%ovc(M6lP-V+gP18V-$Oq*0`2bPS1-7O|#*6iqp zyY-uykC@6~VfQYshGu2AF&@?E%txaQp)l&K^6UgQDw)>oWyixS)@nqjDUTJB0ERRk*`#UvB8(^C1*03yZY7SL5%y=sZ$OoIhxL@lwMQ%}e>V zNS^LlKig)}O;EA-Z))k1y$Q%DHyWMt0uzHQvf@76od(*oo3n4p;VP&Bc3^0p7AOcE zXgf`(#5lw3_q7~xU-dWD zu~NPsZ~288FQZo6}ja#gnRU- z4_;ye>uqSZ`WG(k4Tm6RKM_Aow7R9xNPkOtt2@^oYS88x)s%*}OYO*sJ&cgQQvNzH zX65@l>WI1Tnem0Z#}(%D|LlS=|M%^I`flPu%-^d=yo~N=Aeez46Iy!~744o;HZam1 z@#At5Xn0YS06%Ww)__^S{O7VTbLJWD8ABVn0}uA|{p@o>`mQps=ZS7D7z=4Su>gK5 zK~dA&(?5iFbXsdee@CM2WLF-IShDw@3<7FIW0B;-Uvp-nwKY$nk1CxDF$y4*1L5~( z2yPUr&>A~HC@+L?mC{dveLS7H*tg-tnv>y25roX*o=a*+^q*LRo0Z)?34PS#(qzLY zJBjRWOtqTq55&bSxTc~=R%8x@l*+P~i^uacHr-~ErZhJ$-Nxf7_{SK#nE->R>6_V< zCpWXwy1~}qgzkkFy5ixMKe^}{lf>+pDX%r$u6dj6y;_}^M<-su3uJc|9L`zf@;1tZ z2)ZX(L{S#Yv&r_J^@)%#o}8b^ay%nnCHX4ieC0dl%UndBD)M|L&QtTDJn7s?3`qs8 zEN56IipJX99Y%|qb~<#d^aB znL3ysR7E<2FLS4{lt?`s3#oc`J!YI!J`n6AVct0EjNn#!4M+XM@<>d4)Sq|VO!Rm= z?-H)D?10IaleNgb7RCF{?C0-HFhE_wEgsM{5g^@kk}@H;mSNb{t)-}aX+D7QImTpe5!Ky@&sd2VUSnBL14tIk4*Q^sL8YI?t`>uSCE~t zkw?mW@}o{a-T+{k7M|+#pH~Bi!>Q0tAZHfgx|3Y1S_On@!61XBzrq_l7ZXz+DDST zrDRgkHunXeVen1rw|OY`z+L0NH6JvlGX9(Cc<72Fj8}Bq&<)C|Dmy0KbGN1;s?Y2i z$w=m~1(D|_h`Z>m!u{rIwZwP>cFRNbqsAsjQp-V^TARJBm$H6xfb?W9?mk0MSZz^e zVL=_cWY;L4)j?Y;Sva4}?HpIcr>YM3$E*#Xpv+fo$#jSMOI1^SH8usUmSada>1*%^ zp28{b?^oLOQ`}bvz1<861EvX9 zs|fajb~SlBZ3O{Y)$OF5YD<2yS9&UGlIzmx!q2CN1q^&mVG2H(%oiFZo7>sqsFW^q zk1viJwl_I^nw2Kru20LI+1Wp{hQ<{%%PG>rV#7)Tg#{CYe_hp7P?tVV20u{0< zDhmtUM5;u5HH$wT8&~0fqUISc*5uPodLq5fEzGB%;h~r7hNAA{sHfVVu+zB*si0G& z!=2T~{=<%BvzrGMfkd>){pW}Z?#?BKh*0$KRGrLMDf_Id)>gOLj<2ji|6`oM8Z1*S zU3_&$KJ_VanG>7TUwF#lMi2Y)CbBPQv|C;Kc`@q0tIUh5nsc8b?v~=ck$WEbkVz5*ty8;nxlj+h%8OHvUpb zYMA?HWLnd<()QeI8XhkSik3S>ZxQe>ksqR}R~ZPZqb*H0Yu%7(GYn#PR1w6WfvI07(B(BeNwP5ojBI^EIXcFKb$cA92zy^YJx;-g;t8hwrt zOm5fy+2vMk8{-B3KxqWAIfQ7%#TVQg2G?+KpofbM64(qm1CLdOW1>J}N|)l>Fs{T1 zy8Kv#3ZR#Fjf59In{Twtm6S#~rufDAT4kL>fjU~8=wLz@jDH?nJ&9=mE;Axy>@$~G zD~xf4o09VczN=VFq}qKlsyTB?*dl>2rhz^zhH_MAy2D`jE@Tc2n^;MUrg|n&L}oF8 z)Nm%y>CRz(l8us)(0YT-Sc&;EMJl+ZB)@+pdci`w^NiWvy?aAT1^St}uMq2 z+V{2y&zCIY;?wPD>vA>iQm&~bf>&7K#^Jfo$itDbjyh1)*;!cNhVXNBsF@oMFmqv4 zb*@fNs+LCV6oJj0_92j&7R%_h=j46SG(DOnb~zEq_0n7(hZ!ufB>H_PFqV;ZTVI^? z+RS$M1*D9Sre%G}Mr?!09f{Kyu&Iw}+Q)l1GVS-9H4^e`((N5kU@d(s>Un$!|Af#Y zE3-Q_)pxkSf7rTt!KC%`o0uP!1KOuf?d)(TMtQrBZkW-Oncgs~DRYc=;M&)?mls+a zA<7CVc(f65zm30@NLe6Y{6H<)vWd><|fF+Emp234k>9pH$Pv zF76ZAr%Zsjy0b$e59whhtUzF*=7uSIK@rvX6mPN{1S{NM z*nT2^WnbU=(xfe0UlL6BKhP`yYvH?|ME5#ZnNU0VAWB5D@cO(jwtMPu6fFlAs+H2+PPYYlLJ{r%Wpaf&TQ1M3W1$xDc#&~%Cl&N3 zWCiHeQ>`wwS7^U(lMQXj1oBPU!tuoJ?(H+EkvZ6x_^BX>&$cwav-Iy8PVir?t7y?z zjJMU`aCZbGO4yUp*)^d;a$M)o;dbUxnkyxu&Ec;2(;*Qjd!@{x!)2mnT&tF!3D6Xk z)lPo6KhV8zmD$8W27Xd@f{8~%-S2yC2G_M3)UwoKjwF9DTTF*m?MllO{ z9sp_S9pZSM;=0rV9pCzXyZgh})fO!vYgY;#e~L%9*g`Zgz*V32D!bP@-9cv?6(hTZ zRD3EQcoBNo03OD?sR3&*WGc89BrAMznT6~5q#>}Zg`ACVE&Y3&+pvcn+bdF{7<3uS ze0GgQSPC4_*`7Zlx+*)m)2HM=CVMYH19f7u*YwHM+_T~R{?hMTH#H=QTMc20tY|Ml z+lLMpJ$r0v2oIMAOIat7*|6$S8rEU_Y*_8p7Y&SvKq0sMXT&|@5yH)%aU7M}B3jKExatLqMcH7Z&D5heGwlG$}4S+?ekj zI-Np|uBZ+tF$qFF&|7kspdWO7B*a zdx2V*)t}qXPF>{!JM156De5WVOi!H3`v$DAygoj`lNfau6cRJUrmVwQWMb15H_<5l z+jPZu{X z#u#r1x##h|F`)+Dod-R^&%}$L?C3u!(b?uUBT^U}cY8gpYLs>dNHc|FRp0&U15rva%2Y9;|!0Yw!4lab3(yCF`YEa$nAA%Ozd*|D?e*wHJJiO=U6|^ta z8t!d96Ik#eh�J@B(;iJ-n-i!&9gA=k~REQ^*^HKo8Fk3-~*x0Nzs`-qA5U^|I7; z8I6_5WMk{*fxFjXf>FS4q6+}IFcv{%qAQi0;6*TY)AKQ8xri_5S0b@L+3ToBinQ`} zw}2I-)onJe0>#*kuVtIo+)9q7e~(NJYH@3Kvn|)p;#^{gVXjx+ADPOX)9#M2ET8+R zEJa1dsa$ir+t;!z{-`Xe1X=cJcS*}~T%1K3->{-h4FTseA+n<* zGBp`xy9Li;zw4XjCGP?6Xr*3s%?KX$UHG`~f{Et&0WWOt;;_AEh3%cEc2?5PiEdQB zou5!UJ89y?@2iPy;{T6L95K9!3jXa8t%(#o;#+z3X@=;ym8``jARv*wTz&5|3`BS8 z48Hu_hxqs1O>{cny+@(f6UD{OdW`W6-INZ9=2Y~Xc8eYlw+h|k)9%KN#=^}=-Hfyg z)(HH&STtH)SstF3*&qPbnte%PoKQVZM)&xrEnl{)4OJT@s7jB%1H}R$- zUW>Hxp<0=%3CX_s%&Y9(`=@q;q@jlMO1WseEIIQ@My$MHa%TMM!Zqbh`*`QVu+z8TfX1R*@vbKO@4qP71tu8jO(91 zqIgpydyHkPraZD`U_|EF>~Gh;lqv5|9LbI&N?a;BDtqeP{eGL>xOH>m!>gAyK7Pq( zw`>@Z>6-jpW*nItH{){pQuirW(X1_lb>I4 zWJiu@+%Dx1kj&w{5&t*@c|<80nqv@Ajc|LFB(j zuskD6X+kt-9Kg9LZlS7E1Vr{5!2PM^9wZ5WjvHv*D?xqBd$DjZL1)9ozwVRp}B_Juj zn^e}by!j1!lQ!l#zt3#YNKUcB^Qlv&Bjv@`M@jn>3msqN*pqY%-CyiH%bTl972qu41; zn}eV*E08AHH|v6^S?k+KMe2wPUu zpyv`|9es)kxiWiV3N1vt+wHeD8c@Iq+4%_t;i_=US~)Cudh1)+j*{$&rL?qv$%w`` zle6AD&UBN{yh6)slRtTq{>^UaD9cm_I{NWFXdY}}KHKVweb&FoQl{KApjj4u;B0a6 zMso)3uanf~i%B0<=e}C{{!pNuqJh%4W_P8&30(i&gne$a&r9@KvG%f?!_4zgs(q5L zJrCBBqk^SVH!aYyN@EDI22C6UY1OM`YLkXf z2ST(v#S)*HypgX>*#{>7Yx2hIcAigdd~Vr#mw`XUhP`wTAp^}&}CV%oy4{oW{jHkOl`MO8xARaj zS+$*lx}8Dhy_^!wjn6Ne&^MY(wJ#U#PTrOq*>|j6*0QPjaBHIBXXr@xnRQX7??OQ1GJCE0tu8bgIM`f6(Voz3dfzj&=al|uow z3|aNE-6+}&UYiC#L;r$<)Kk> zwG(Mpa0(#&$WDt!_7f)|b#cNk-nb=K6X?KshrzEP3;n5f#a5;6r654*6k)NIrBe29 zEc(m=Z$5b9!zN;pTH{k69qn5Rp8bb={RgIQ6#~m!d}MjMnUBMkH_ms$d_$RP%;mO{ zZ#Ugn)au3}{0+;?`WIJ%Ie^-fjz63dbIzmU&P^NK3!L^RzM0($Rn~E5JA<$Z{E35O z`;I=74pdAY5LNWmm1oCA6O>Kg`iu^f&v1YFjrFt-fg#zOVn*k4&0;_sw=LZ)-~c*x zCSk1_|7Yo)JkM@?J#%nyPTZ7ulHGBl9}3D;+i(niMWemA>WmJzGOP;vP-Q=(v`jma zz1ku`Co(8q0@>G0-Z1%%?7OsjiP*8loAE4UsIESzBbPZu@ThewO%7)Nne5#iSUppZ z9kKiZQdfd#R@9+d%myB`JW>(&9zY%uvhn+DX~S{ZjnBN&xN-T>8V_HL|2eq4{r#c3 z+dJIgfG~qtmF&Go(-)F%$(GhfIOGnR-%yPxe~CDi=TM5uK;KvLwahGLnmXJo(Xxf| zSAdv2$C;@U)2KeVP8I^Wgir*yvtVQ8ooQM=HsA6_U#gxH6>J@oR}2bYV)CpIR8}$h z$;q3T{W>N)HB`tJZ)zau<`uH@$rdH=uVY`qwB~KfdY*1v&-jnr`Vvi<+PEQe7?oBE z1N;U0bC2292w5xHd%qu?sT6#K!*J@DnjQ1hb`d^kqRFfu|1wnBNJy>)Y&~t8Gv$Tc zWCLsY7N@llU*bOhK#14O*-=KiPuJ-ZGzKQs$;*!pF?pO}sqc@F5zX9{9rsiMl?znh z4)D#)O%(R{a#n}i*@%p$WJ+N2I=2>UNCCebRFw^mW4je>7Ig4T)?mK+zaQ!DD03g?CyLlM)81B*gR5=5l zsccxC=$;)^#g#0LD%pITm-DvJ_a;`(ojTm_<`~mt-YuK7p1XONm`C~yOUK-A zBFKJWzDeZc8%2w9NoC){^(eVf_e*LK`2Myr{d0#x>2Je7ii2aKu7JV1p8I9eVGXh zLDxX}Wg4!;RYJ*^>6%U#s*$>@mOj_+mfF15XqwH}*GX@8^Hr9mE&;@Hu|%A=#gpng z-F53VGB&pYK4M>7De=XqD0#&OIwAgrQ87xccK591HhyV+rGZp7-uu%S{ckL_w3K(KD7XD$_t>bPTe1D z{I--ciyngH{?LhdaB)G=<%qiVjEW{a6ZyJXpw zj|Bn4*7tUI<@WcK7c59k$ol^3uYF-VZhp?ckXmc*LNx{IE$%Bn<5!A*jV-Bav-sD1 zKtDg7_}90t_wlcJ?(qSc?yjYeZgkxk!a`%S2=g9FUh_M8^2?jP%JqcTHZ)`=H1%vq z^=zB5^sPZ%ZMWf-#3-drdE~9+>LP9=Vu*NZDrx6#tt}n)LAzDmrcuV9WX#GbFNm}m z%_{es^6}V)6B$V6u0BzBoiL?50mBtyr}pgGW_Fc&u1j9S4vtR=_`U~W}1hd zY<0)|k^y0sYpmp0uA^!c6Kx_d0^i#&@wJ|Whth|x;Lf-Yslf*z87l%0Zo91hi@d6s zFVnrZdo1T+i+j`t_Z5^R@?(^*jSK!F3D-Pz|;&OPe3pCctMU?}S-?{%n{|-!SbLj$G0sq}4B8c{`BHDq;jbEdz-Sf5dGPssbPM>z90wZIp(UlPSJTxxEy1Vot*TwMaxu)g;2-J) zw|fSE`*4jHQKOcx^C%;s`~23)4$qgjtP~4V_x#|Wl*&CEyb>2Kj+%Q+SoqN3clpG@ z!{9B!ZTSyT?xfExKbTYQv>Aw-l<{Lt%C=wGCqB?teW+yx^V1f>(1*Q`jXs3)ctZRk z+#P&yOq4^Yp~ye|2hTHJj#I1WhXKDH4b!)9r|l%PS2lTq%Rsr^AI$vuq)l$AxEA(2 zSUbSsUdi2RXbI{#`%<8t3gfY{3pj#qXjMO?{oWY>YaB>U-;8dGcI2LQX zwr0on&Dol0=|4GziNimMbf~;&0rUU-d9&S5`kMLb)wt(oLIU3VdGD@S!PS1Y|3Fld zazDg-n$fiT15W2OsRkUT-L4d&#msLZt_IFT=sNf0kF6gJ@$9ZP4`+E0!a2*svHPBI zuUusInxU)ljp2)V!hQ7~KWdw_Q6j#ec;vXQQ$4r~az9D4q5p-AtY~Rm*L$pl*W7qxVsBLQiqOjp!gBJh^7%h7XF7<>Yb6p&VhT z?*`4>PxbHjjF%}i{%)Y~#Ul-|^o&cfD!17(v%t!TjLk(2;dyWFg9QaqywWo4vA0@Q z?iavedm#HBf_SsH{=|Q<)wP@}$y4lbPl{s_)$t3%a@zfBSi!XWp?}YAGC+}k{S}8; z{BD2G0xK_s4L7WuA2oKQkKYj;^eUo!xqAZviwAt*+~}i}lY8spI35woG)m<{zD6th zb4Su%v3NO16X~t9>o~&~`fpHTssyIQfy!{`dfiC=KWN?b5j_u#>_2_P-0qh%id$uQVKfC)j(6(TpXZuLK{J>spl=JbK zR;JyCM+NY_LV(Bjte!_0+@95E6lIR>S$$Sfran72KdtN|^ z7k9AA+Ot=7?iqmJO%3Xvm~Vq^eW>Y-sHO*eP2~kO5yl3DLS1Hbz}+d6p5oRCrj8_- zgM%q-j(q8EyR?LMK93f{3Z-500Shaw(-xMY%O*nB+PiQPF*!IoE_rEG@}_*r-)#s> zGJnLCQgGafCNr}}mVDosOJ8GH&8?Q1YyB{_8$R27eB)9IFX?G4%ADtenlZOWXOE)& zd%O92YO3)#A@~%VN8gocxdX{EvhOImU5;Bjg48?k8sqY8t3MNG{a$q@E;4I zFrYJcVzGQO&Nd^;_UkCy>2Wi?J?s_LV~T>>+e%aLK5aLP+_Quq0#$tp6R$3GgpynZ?}3fj_PAE>hnC=STZO+a|#+g!&jEGG~@UD8cN%ad%u zTeODgiv<^)7_5t7rv|ss$7~UikN`+rV9BO`;FDsv5;eNS?SGgUK5_fBNKXvD6c;TX zyjMka&w#|K$8I-LQINuYQJ$E7p>HnXzA1D|TqrfjB(}!;7^Kq)Shuod?bDY|Fe_S5 z6=&tnO5Qc53qRgA!1cVcy|1Oro%pF};X5<9FAp!*Adb$Wv%FN9-2o;&+OiQmRFLgs zJ#$kda|Z<9h`(JD4bKQTPWIlc-Yjx)!f6^4L-r=UH_G7f`>E6>#yiK^5P;hAQ1fM(_Q-ku` zba(t9N}L#ME=YWn=MJ}#YU10txb;C^aP{u?{8wu0FC7VW)NXjUn2nsMd;-+JGZRR6 z%M|5K4qODb)$RI*R_buS*gZDLku^$X%ItuEETiKr#e;W| zg~}x6=)6zTKqZP9*RG2pp!8(#I&#=o$qEqGV^LD(0!0SSumBOxa}W2<-$pXQAQu?h z9&ruRazx53={ckHb^XjPE%9-Iby-E-exfGLroDoFDUdtB&mlAi7Xk|c+|*J+<)%`y zj!z0wG2rpRmq~*8zlgO1V=j#O3HYnmOh!_#_;5h0yUl;Vvg*MIZ|wcU;@|Maz0UAY zwZar0T&DGS#=ilm%CsI8xRoG|_7pmEu^#$(I7ja1>EHYdMCr3>D(cP(UB)(5&ohgB z`xbK|Kqc9k@E9?SQdEo$UAA2mpIm!2 zIB>Te?q^8%fdLAlX!L`xc>LUlP6_-lnc0l#h`VIKa|+aCe}YGn2K;@4IdRccRP^$w z=papjw{Snq$JN%7KD9l$_AnLU{5-63d~RbP*~(pYr(duWecfm@ApUd6GkBIZAMSpt zZ0{TGe!m6Y=zwL0HadKWCactL9j?VRx(N&W3eB#FGn5SOONPrnkc`wlmkEgDuM4)S zBM@J*cV|*vNlc7m1A;LY4gTFr?!E!I?0sw?h3eoXq(d?l$XIiAn_G&I{r;(}Z(50+@Q9h6 zPqt3CkI6f##yEfUQQN(Um3#F&VY$rAq2+|p zzd6b&1bjUBRt#!Ha5JmG_zNy`>J(anGb69_lUaLrjbqLCW4!g5J!1J z^bBF=P!6y3P$dPM5UehR@o)AF_q$WpcgO_BHlf)W2sK`!fe)A{>L#I$F-Z ztzt8fR4D5u$rq|LUl{;SR1kV0@9_osms)2IT-5AMedPsHa5@5U%wS8DKGBd`+NMtzzKAG~yO{$IT`HKQc>7MURs0}FZ9 zy$auD`77-^X{rga-;IGy8~n5fMs}n5Hh1bC*y_wEAv@n7qghQo7pLff%uum!(yWu< ztJ<-d;HlI7&dlKYBC7<7sP1%!bcnxm zfC>736}KogC|`t*p=Bxe&uTEtRP~a_K%8a#;E&1TLrBR>pyv`{cnwd)v#4e=LHW~Y z57a*)cq}ek8g>4n*S^{ceLQJlGh}=R6?kKO)8Uqp&u*?bncBhcBks{+WNF?+lPc*`In& z?p5pb*H##k;q3_d#jqY<-73=+((X!M9nr$GM0a|md#2dZ#Z4oa2*3LaV;fF{y@T;_ z*%eXQzaHcTTU0%|!grT%s^>a#80dL-ME55I=?!EP!H^WXcTgU~NJTJiDuBU6dg>bm zFh*u31^dNCmPJKAlP_Y+=c6dvp}bOehivlV2A>p{TxoZv)7dHclAX4GQ4B?Q1#4KS z07gl5N?h*3sN8$iv3jfaCt5}Q#oOT$xTk$W6%}csVtmgnPzT9Wh9=w&C}alkP2D9z z(Xoijpe>XI)FZ#2IeS;`*VUh0udOG}Ci4z(l1 zs6*5x4U@YF#u%yLCI(t(JsC_JL>9*-lOxtK5~-$(p8N?z@HV;n?To?lcDRSQJV$dx z^P@7@mIo57_kDZzK%*d>e9@7~wHwsvV)xmZ zs*)>z;DFRx9v7V!75(4<-z{?kVu_H7hl{YR;y<;D*U8VmqVb{S`v?0(#o4ml0KSan zAZJ$bJ$H+CquI@<{lQKI;hP=;m5&V$CD-5#=pj3+w8OUSvr5}-&%UD6{eDJ-o3X)B z%J?$-5{QWKq*=NGo;{!D1ohac6=+%SPknY--$2T;$l?N>DqtjW!Lo$ zWSXCx$^WQVMV!H_@$k)v@bb6)LsBMp$wK8WvAmB)8b%%2l)C$|O6OYlN5 zI=V4#>x@9+26N=<2r!3r>CRBAwybPu8M=#vJO3mo7G()&XV1k{_^x`xhECFP!=c?x z!S^DNoo?dG>R+iW7};Up5+$I02awFj*=$SDz`ixEZ~I&uVgMW&{3HgDiU7Qf z(F_wB=A1%pv*C}1PcK9Rl3gRAgu6$MI5s@()cg+h_sQOys7=>U`J3FN5)ET7NuhJN z2>VQ1w%CM=u=fsn;`*lr@@NKG3w{0C3<$4flJB|xy?yAYkVL#%ikd9DQY z<@b)t>&g)#LvHkId*9r$5qsMmC9C2xGoms%1O;PaUiEJNf~AUbo9ulA4BEZ}<3K%1 z@5+{)$2ROyJa=cQsti8Cr{EQxc66Di8eO^GgUvp)VE#b6`{IGD_?xB3`7Bv=$DwP# ziK&6;#A!mZmm_a+8JmXxHo$%cpAZ8+F9O`?0S_igVy}b*UDj}JY5%kmCj7~9_KTwI zrD670zz_xs%cbOOb7@=Nv~8^nI^#mAsL&tw^<3gM3Rz=EN1Y`i2hAfxJ~0RI{J0d)k9q}rCT^lOixPY8u`b(fZHF0d5`C6*H0wjF zTm0py^uaxsTBO&D(K3{}xA(*N_EoJ*lh@5j8o#Z(R1IiUkY%PN*O# z)xdmTNq`M!jAq41U@ojf(`-|W%fQo4`$KIdGkZvC!2fW2*dw|8ji&@nGj)KuDn{pn zT&3e@*gnL7mNVEhkBd9ex=WAux&cu4+3N&K9rCFBtRahc;f3^X?k1FQ-&$p>8_41@ zhPBSUBXrx)@BScYT=L}4v+f$tem@EhL)bS2?k25DsPxW$ghZ$ANy!)3AWKlPqPIUt|R8O&XIXbJJYu0j!-EXX=K`?`CA%-8@)3fJ7!zjS9H z8~6y|PVP1jP&PJ|0IccRWIsbkxyt}45n8c#6e%h;pU`us`!>lCP@vsx1a7RGXI176 zAG%KPX;tnzBN6fCNnLaO$7y!ABRIKv&k!dA-k)?+Qw7Mv`wmG%KmO#Q$xFVmgPsyY z2fa;AmCDI|f{tc+a#4Fr+@wDkO?yohGbH!Ey+<>|<6B#z5psV>3{GYacvRW{aeBsI zcQ=*f7@6d-bh}TDTZ6@<#SRZ(I^ z3VIvqv$yP|_;plW9_=@@o@;sWg2|`Ezr*8{w7$yNIN7V^w%rZx9WB=ACjI(%Gm|G? ztc&@o75uW>bigus5tt3TVprvoK+;pK8zq=ne!^pTPl5IF_BL#p zmkZ@p?rdXJFtcRu_W+=9PqJ62wl(lLdY#+X{Vbp7vJd6C!4M^0Ex!iXd}8O2rF1t4 zb^O)1*FP40!>_WpZCfO9We(ag*A+7OAmb)7 zcDg5`jCf(3&S@l;adTHT&RuoM?nGSsZk4*7EuOZidENVZBw^L-*(F$e2FxguKakO`h?q4tuBf^Jn-99v%f#}&b zDsxcJwql%Ko}`}O`X8Z&?$Of#|3Q3H%Z>O>H*+STvrT~ z_4{jr+T7eY&BxY|u|+hKe5IOyirwUP_N;mK@Z?ABR+f~a+`YgudZ>F8k_j)a*e8$} zY(vBz^qYQszQ#9JRqYUwIMGKTg{IwTmGW9r?(RMXL!aa4we?>m!f)$vn_)$aJ%cx{ z;gW>WPIBh9`G_hADW@B5CCVVgT;pFnbn8Gkzmcmy25H&-AUoLuk-&IJzhHUJ$5mwuxgDTmA2De8gl_#P{Pt>&h;xvYybI)4)=aCqM;KyJKUilt^fS; z_73+~`;JaFGllQF>idEk_Y$y~kelMfT{+Zy*H83KEmHk>AC(33=@K?qic9JdI>X{0 zK=3E*5{ee2(|)^^Gi4KM$_wuNYsGZ6SXO#wtNFqv^xJ+gk_Bbm$!d$;S>j5gK2!#u zi))-7m3j{L&k%A9hPbXZlz|{VCNY}b_6bo*+#1sEFy9mMRQNo^3wF=Pc~Z(V&gZ#T zeO;gk*24+R$D3^#>Ce|{R9|&_9B|h4e=h2vq@gycSD6eD(zMc!LtV9O`v4-#Mt_wNDFV|;;Pc<$bf14A3o31Bf z)E*svX?C^t#kp#JdmgM}VXxE*u0vxQ1y=e4RV5-GsJ~Rx;ROUXL2Prcg%Mk`-b?t>9&G1;`XQ(qd<97@Q z6-hFva9eDqNUZAB89?-%-)eVHzuL|0O!j`umyu|Ki1Dp_!a5Sryz;#&yG9E{hreRV zYC6v+X4h!Cci_?ZBvO#TNnH`fpzX-R!g!Nhoo;&m6RK{tsd7*dc(4YzX>p_1zQ%XB zVyaGz8#*s`}=dy`NxwGK$1pN7BWnY zFLUSG4kHXgrU_XpBlJ=?!p}SA&|!)$eXxouCFO3h6m5+#Mz^5T+@;j!)?^LAY^oVQ z?2*N=ef*yE_R;=68Dp*0>2?fHzRiZ*^Rlr7mL4Ia0s``IkDHL^M~1D5#OI2J^P9TI zB0ySH-7*UgQmgPF#*cB;_y9F!KI|?T+zs@<(_IQLk||!5>*h&&Lw4vsz9-aELzr}e z!M9p4c;@R>F?qy;>#xJ8re%!9GQ+T9q{}3r+I>DMkU7mLVOZvt@De)W)}I^aJ6!oH z^{3$EXo0nUh|!gkZF-z-?35Q!3nZ@}Abjm_hrGDmY{Va)qpk2S=x8lGcwziFZ@=*B z`yswHoE4qz=_y0*Kex4_h}cgt0b(es1J3nq~ct@)Ab*Vuew@q=_)f zGs7^-H;xvjB%M^~>Jba0+#7!@@t1<72KY5XFvzq6vrUHVV%i=CWE)2gKc-w2lF5dYiiF#rxBUw}upx*;c6oi$+3$J$ z7sd-#FaUAPa(AmWQ`~p0EGRWbK3?!bx)7`cb)M>Ovx-Bnh)ic;yx>&a z&n6+oLS9cD6ZSJBmy48*RdxKWoEwz1{Tf|rx$C`d6sflZoPPOK%y0vR@jl z<8frTd9v_|2CLjn`GT5UNcvHJ@wX_y=WtuUth_cxd3Za-JN=GLzYoE?dmC#0f+h{# zcGoa{i=S`H-;MYiJ=Tso#kdwVzSzBA@G1|%4<)88u`LcFUN9~cxWw~P12nhF(*SEE zriYj@=rH94o}_1dhF=8hWmkmklG8uFG|X(`9<30-;;LGN&~GtX9WIMFmfhBYbx?)7 zRL_Xv7`G*Rmr*L)GDop4W|gegc5uBPbv`!E)RzwTr&?zWwbw6y-e;g|I~@!mL;ZqJ5t@0@BP z!sElTkmeVH!eG0%ktMo_vfY)gjcdG)1oj#=GN@mZJwA~gsSpcgM2A|te&zUZfBRH! z?Lg+=PvyGDTB7CUlxN-Z6zV^#s)!q!6YJnF#4bwq{*;eH%jYm9wYK_8AIkT8kNZzX zqD&#dU+ushWUfkIGF7M0w>dJ~sPCT!XPm}mTFq5wsVM#~*iH02h-FN&_wNGClCGTG zVKFPA6hpvcVU-0HcDhX?cC7ABzF6%KRz8(WuIJrwi zQKu;~bUngG)Wo!tb($2X>$x!$0+t0Hj_dB5#!$3mG~{+C0z((AML@1AN;f*%;IoZzybXH+I5ScU$s-# z1J~55j1il}?lN~Ugvd*&N&BPXWvtq!lz35%R!~Jyy7Dp_)bqi}Scp=s1${kA9$5W9#BTsEFnxm<#mGOkdS6lvBx}ykG zb;L!1Mv3R$PUx7Sqr@Mg+A@oD-8c12+@YS#9L9ZWSWjE*5pJ%uWlf4tg60yi;FlLl2>Y+TOG2V%mi9uC-C@FlHB1wxYVQ1RD!Sj7Z|=NJQ-=wfiU{8u>iDHe&B&Q zRevV!PEEVMp9%)X1-VC9b{{Gjd>*~M@~&?){u zkCsNQt-Vip>Z@pXM-|09=pH^w%Bd1%a1{tMH9Mvwl-Tok(S2ScG7mO2Mp?MyL_%qM zdz2xQAtC(ejkH4d`poGa?d@*Gnvf}ha^=%5BP=Y5?TUp8OdJBiPIoZIEcVL%A25+jw};xR z>}7`I7|Nt}FmcGGABBmOF!6Et43t`Gn20@!JiWa7#%Mpv^d8p6tj8R$dq1U2cgT`#%JhTm=Z-~+NjRpHeJrLusklK<>#8)+{?_q?L( zaZ1gWVJh}1pt{|?hhQvq!&LW1_*CWoZo;y*Hi)sw-uD<~vDP)LAyx|kXZWP*+vCXb zBD1M^-mpm-YzJN)5^uq#_Xi}Bo!zJVCmsc~N!47xW068$BNqv+5MmET>}{Pfhd_bh z0oJiI{%RiJ3=c4@zYv->@Z27-7+&IuhSpU32HGmOlZRKW{cj%LTcS1VQ#j%ByXR!D zf;DIdJt?1GDq`API}8tb#+K~;c0NO1J5X8BugiRmVGn3zeT+roJ`^^Ev^xHpq7ld( z$D2+wiDa{GRfywEU5vg0MxN2Mt_F2ykk3zRWTSXmr`p{)2_t2>BV)7V4@$!M42752 z9nXaAlrYPAEO8$o*-$3slbI^v>3XIQ8U>N=6Vy{f(E4MP>DN$IAT0=j=l`ICXGOw* zuQj;Q4?(Fr`f`2rT2s@9>g)~czA{(4+4z2e^c>UGXn0AYjDp*;C7yz^oUo{FhP` zs4A-Bk`DKUozzSSue-AA0&5BeU7LM7&WYL~7FL2gI}*fqo;Oj2Sa(db)$_YnSQ+A@ z+=J!b>w>f;Gs`MzCs<3lTSk7L_wZJ8dM~#wh5A#wout3>@d&+tPS63BLM3t*v zlcxwJ=6jDm+FMBsttfN*%(m%QmfbvbL798&Wn|423T`mS6M`TvX`fhbD?3L6G;Flt ze_*!sxOk(6P(416{OA7_pYPXesK948);Hyt*nzy1A(a0rh1IVdVOZ7NtZ}c|WRZ=d zq}YtGO}><;R(IHd+9#|{3?$R#v6d6NEpdC%6=(tOx%PFiYTpi?MYp$gy2~$uU?EJ| z+Mg8Y2sIin4FKbH*#|aW!QmfHI-4X019@1K!C;Jf(JIpUkh<0B9&F*LFzr6m9kp;j z?zab>0q3bZR#a{kmFI4-_I;9Z^>&BM3pejV0jNmR$5MBa0AK@El)I0trS8&KlxR2O zmb#BC5lhpe+)eHP8#rSG5n0r@iL3KuAq62XG?yM(JHu@8E86!^_P(eucNHqMhy9feV2+I{yKFP7_ejLGCm z@ZEb4ip#-TLU^SHPd3i;&7iYA(0RX&Oo#jRo!$x<2m9_Cfc&}>AfJrVIn)Y)Y{Co% zq`?3}C`MZnGOOJr8UoHbh0$7f2@r^X_4D_J0@)Zu6cEC>)ZkR+;kXmYPic&3y)L7& ztH`sh>k+G=H0e0%+?7X)$SXMPKs7g?d(J2l&KIZ#kMuH^I8;qcKq>#&`T@HW)S)}M zPy9=95En|LU<~}yW^i0YypxURtI-m}UVtXbw|!vucGhk&sfIJcd`O%KeltaZugTg} z$N&U7tp@BzhF15Z#ra9#t+=A}0i$TmI>-K!Y(O&(F#JGL^%=ZpW*9d~;X?>Fd5Aah z5VtB&$uet)N=EH__PL=U34Nkt{W0-3+^?*f&3gqqN9!My@vNt`H{T5@t#I)>=Hfg} zTQ?1Uxck_gql@H`y^>j}HbsxDAnH=_6=SoIZ9~y5G;X{2lq+bm3Lpwjh^x z`EFpZ2cz=ZP1MvcKv3ALO}Bv{p;|)RMn1Zu5J$c6$ZcHbO&gTm1{K$8;Y8nTYe9kx z__1VWlc3cm?ao{klbAfU>)o}#WboM6mO(rUS2lP)a5~+)??4vbkiPfgiu-{JWBJ( z{ZT>6(!24v65`fpjzPQN(>jB4OFJ!2+ec;emv$Ljh-g`+)F0{Wa~~vLawc)`uo=t)bMxhyov{-It#dkCJWBq3k!igekr3)9U^Q#U%o_pcDeG4g$z2N~9w{Rrx_kN-b+_D{Fhv{-`)c_q z;i3j@^S#W_b-XXM$}EQ{bbu8q`>;8M@rQJ0&$d+eL9{f5o8ZvlqF!5%U=m-u$CIv1 zHP1IY_}ryj|Ipp-Mk4K+%VTBmJ!oix%dB@&*#iJXP^C8d+oK?UVH7e*WPlW;!uq-;%3qx^i3X zXORNn3Sm7Q0Rr7()3IKErxIuJ2!JT=m(K26m`z}j=$EwViE$G>Qip@ElA3E@1Y#>C z9NjkICs!<+oRFnDi;?paqQiwaM*OYNR2Vpkvw_qo?0+-5X*gHb+eEZDzR*LuR_u1s zn0e-Sr9}GtC;$p}S1A6Nk2$Pe5hYAS@wfwr%AeFRclV6nCi6?!u41*6%lR;MSM_X{tdj}ImPR*db-S6^#T-=15ciFn0nvA^XynkQb$0iJgYO^O~vt_Qadqsf` zr4>Pml6P<+r})R9+}sC?3ikgWCzAz>{1e zzwz0WFL(!a{2Z63q_ni8v}9NZ17H68eLt^s{gJH?P92+`)VVcv!1`Fp)CDE!G57%H zP=U^^>DTKwR|NHD3w4zXHGVl_ z38{Lr)D_vo=7#$ueYj6?QIKz>IWwQ}u&D@pAtz7ShLzZE^W4H*N6BCb%d)wxf;zaR z7b!7+Qrx^{1>o#p9G*8}sI2$d3WxZW?I)f&K}9F*4vR#~A$nJ*FNY@BPFP%ezb*YV zxAet*<`N30B|Z>kZP4m0+D$hF$$k-YBRfQN5LPQWnUa3m7E24djbi=9KKCb)xA2Q8 z8MVqTev#$5LR?{yO}HXlQ7$np@b}D`HLwImXrAC?MLpWI6&(0`T4oHi65MWda7VgWsn0k=I$>j5s6Te_ey`BQpPX}9I?bo2&LU@`?91E#n=shAwuHf znG*VlhWf=cEpWpY!jXgoW1fN6coEkfJ37Q5`CC&YwKWN`yZxI781bfX+D9$^TY=v2 z$dN>WPMq&}%mWf6XSKqkaV{f4cMwDp#%s1D2}z z!gd^&H>Ik~P3K81Wnw-ty9W-?s*>)&L6Z7DzUBVhZr(jfK=n~n1FgztLb8aqn`%Xn z$VQK95c{ylYi<(s%XV|tV`UO^F6o-B1lQbde*ZHmPj@d8>-vReCLlT-GTu{Fy742g zIhG(2Mhc7*uGzQ^PoZYK{ZhT}myh1kG4Ddfg2LL%aa zM5;Tw-5jd{QvbTdNSd-|*2u)UkU-2Fe#ejuJjUX$XV#2?mx+WHbuRd9Rw`qm=W#`% z(${zRO#P;qH%k#l66?r{{R9^ksOf6HGn&+TQfFds?1(D50ZrDr+zeL@WhicZ+RZmK zw{K`}(}r>rhdp-Un)ngla-*D=do zZ$}S(dx&o^&}sTTDw7R={)AebJLbk^261$lKcP-u%JU~QaF26-bD_+Pn{9RCNzL~6 z?zhxMnq6(;Sq=ZsLUGrY!Dmc?L&p$>hp;h*s@fhPBR&aS{YoWX!S&&ebY+! zIvMD&F97by{$DNx$Q*?c>zqP>tmYDMdLe+$D*;n&fK_%L^Vg!e!-nsxct-Bkc9piS z@5y#^WlVTh>O{~YYoIX4D)z$&*(NIzw@^(WzU3{2Sac7vV8U!XnQS*Z>XbZH0%|u` ze28R>dhkURvm%bxq1_zK7D>@xr0OJPyZOA1BceDsM7+@YM8g+0DPl?LDokdhUsVJ7J$t32Y} z%qQE;|9U`q*u1Yr>@ZVp5rrBK4RKbpzQUUs{To{{SW1yYc@%) z*!?{iy_*MU<RvdBYBGIuUofn*P9%%kbQjPtG=4Yvzu!+rfb9`n(Pmv ztj*2Q=t#2#(0b;SNuZQD*)6lUlXTY6Ld%E)XWOL;CFb$qVTaZ@eib(;=4VY7?`INIY=waoNq8SLEQQQ0C1&sZZfg zHZ>Lxv+`HYc~WPSNp6|AoE=5is7RbE?_WeLIxLef;XNVmqS=hdWzM@mMrc2N<3PDg zP^)C)f#hy(d2RTBX@!DHabW9hVlRqsHd)cUsmX~HPZsi}3VDr%Ty~$@eAU1sJ=z?~ zAZ%?xQ-5ZM$xXbro2v)-r^qR08BenCEzVV2fKN`!7Tru}#sYKQcHx2|ZD{bP zNEkd|<%_HgiS+fRTDQ-2m$ic^V=e&8+r$IyjMGr>7)U*31%<3<%-HJTTR5QY9vG25JJ}OPsWijw|P9NoboakxW2rD_?hs%`x=> ztZD$n2K75jlt#e(46uO$lZ-f(sbtxqc9WPxvXaa3HW&JUF3bh{Hfx8lQ(CxqUr$SG z%uIWAf0R|*v$8~>tmv7hlttlndLjuD@L#AWXNELTBy*`kFOec2er+$n8R@6cpT?VC z|HTp;nM@HL!VDd1JB0RcHzW8aG*@NvI@F3miX#3RvX==+C?@0}%gGJq$wf}Pq?QVR zWneHJ7S?X9%5$ab4sKT$fF}M5#bX&%EOcgnSF=U>5vG=nzgymz z7*lA^W^IM{|E!gv)G21C(w1XQe3TUkh7ik^qJt%OuvC?OX5&EVocawP{51P`=2h

?5+)X9beB^nCB{R3DF67ov?k%&qT-NL4yO+YNNX1r%ntM*kOZ!!m}K3ArL zx&Z^%pYcqu44UFs1CXpq1#Z-zhUz8OYRQIJ_G2dzmE8~_cZ6o!ZvMcMj}x1N%sgx; zhxjB`#7xysN}$K{Df1gq@OVyx7Ix5a-P-Iii&0bO+nXsDL6kU&bV!; zK+#oD-|RXqKzCJA##l~5a0^LY)YhIWZHozQP{>3#ZK^G<8>*OL{z`4=!C!irc^=jK zu+xpb>Db|Nx^ZUk(sYY4TVV@=70c8vN&J{+*u$-;uxU+>BsRDG848gR4#NSM7-IJC z3E@qAQK;FQZkV$fcyqtW&d1R--Md1&xAHLI;>Zo5#-~&B#21)Fk@>dTV6#zjPwE!d zJz&(ITYz~xYTLS&)=IC;LEaWC6jXfNHHNRDF7v~O9IGd6KwA+KgV!$H^6#X7HH zp*arLB)d&QLuTOv2T)3(@5qDgKg)6DZV@X7-=ShV0a8i$?-qF@aVuqjtt&7>5p1!| z3__5N=FxvHa)_su+`&U4hb$uJ#?UF7MC6ECzq4A-Qn#FuZaIr>K~zR(Am*8KbgXfL z)d+B*xtPJSn2TCTB($$2a(LpbLY)d_eHX%^PSzKO){21y1dKK}GY+wD@*|{;SKCcF z#K3$At}O$@H1nqO6fu9~iG-FTs8LZJn31Va7{TPPTb;&C9V^?7rCrR_KS`JfCezh{ zibZn)q)`?mhGi4fyq&F-v+N7x=pewAP1tm9Ws@l!&iCaCNa;H?7-1s8hE+V_w9NAh zklf}#5;AxH(S>AWVim|yY7`0Obm^Tkc<7cacd!e`hq^YTm6xsgkY)MsE^x9HWW-c= zU^21DM~Lswf1**}sZPP-Gdw`a(0GF?*ponePjg zY>#!GBIa{+YzP1q3v^ zjrTqiK@hOe?1pS9L3p)g)z#Xg#4=qa%TQm}RzwiS#yQOY24Ks@!cRj>kM9)Q6PunE z$w#tka%CS3K0LW=3$o8*>J~IVdX56oGZ%msfSHQO(V8JdAC&y|m|U2}r0f$aauo?a zDswe>KXA$onJvH5ey5^Om5M$GNDh^>8}^aIYB!PdU$vK_inp>4d+b;~8+seY&0Txz z+c(oca1YHcaP!s^v>r4L(+!#5NbZ9i_nLPOa;)rADX4m(BL!8NNnn%p8Y0HC#(d1Q zMx>!8^S<*GHAbg8A_eI%?*(|7OZ3drEj}^@n_})cvtYOSszW|;A)IuzL~}OR5wpsS zOh`->gk&^>tm_7*N|xRQR#HO!=SoVVuF8&zFLcspuMq;Y-vK3cQhrM5Cp zNc&v@HtTh)(*@2cQim!iSB5NsGe5lT(uDafIQrhh>J*(r!f1WDXfBWkvp2kFN3 z+vzt2A>f69Gl=7o4c(OW(30$BXF?y71&AsuphRTwpP9UpDz1FaVLdFYof)lcEKOBe z?y7Mv&^Tuf#gXwKdd*7TEmUi9dNjRSjymuSOnx_?FT8Z(zyt_|ap-l%g8XwpIkfQO z09b%8HUys{(t&R^@NJ{zNGsaG0(@T)WIOOloO_1id=h-G?kIxq=G_XP%=rtKg)uw~ z#sYkE3-Bc`wFS>iJYY#=%23%Ze94ppoEs-J6z7xR8~Z^Kd?7ady10}3KgFNGcd)eY zfyvK0@FlMXG2dpQG#q&cCeLs&ClRh3ittI0t$4o(vMbrh^2w0Jt)axZLS13=*Pen2 z19bOQX*2yYBY8ox#(0KG{@(e4u|aF!fW$x2{K4n({6NC+)J`w(TX#!-Gkt5BhiB{X zXll$HgSR{xS=68V(K?ja5{}RkzRSiQaSe3){bd-=tj&u49J4{_h-{n4l?B6KES^Lj z{Hc7aM5|j^np6r^z!apJE=a>7fC-J!5e4?-`lE72`aSn4{BEN>{G*TZNlX>)z9i8sRS{g-Q=EiwL`D+#K1bu?(6-*FGXH*CIa|D)uBT3KVS2&xA_mq&JgCClca&- z<{zI`vC|Hvq`CnF6hrlorxmJ!Uy@3v`!p}EJYsP(OH-mDCzZ^jZK?~jtbQjID;1R0 zeXcAs*Ha==jyqWprW=XdqjScY^3xq*kJBM!qMZAM$(-f}Rj55x?z?f5pQT+JN0GXM z+S5?FagP_lGithiTO`vV9#Il?3UgTUL3+5Qg|1nlJIaBMS-HoKBZ4OO+tGfGhL<|s zQ>c?|pAV3UA*TTWuLg$4+Dn@$=Wyj7-@zizMa<=!W%v!9Ou4B^iT^C5_iCxXvgvb6 z;MfhQ8>Xn%pM=$P15WvH)Egk6uaI)7rd;KuJe;w(I(LZta}sz}U=DwFX_EE%29x@Y z*vnLsW60dzD#-J-o6j=sYB$&Ey{)W_76p-A&|GMJ z$kEmqiZ#KReEC-_d2{~mStKxBn*=-b65yABm|2F{msrUoMspYP?35Hwu1YlgLYeR7 z>xP)`fyt|Eups+rbL~@#Y~h68OAP0{qejDdC2TLwdlU8)#hlmsjbWTu1T|a25n4i& z5`^>C-Xom1{8~ZD5a%Uxhx1mNNw>>4m-8w(%5VRz(gCChTgp#;2Bz;|V~F2=@WW5$ zx0Pn$ZOS_wek;{0=C>95$?r8%6!L^dA~w|K%rca-BU)k2v& zOT4n%Ck$)zY-ar{Z@$)9iahJx5KESrTi!0!)!KtK(<(Vu(xo3!fLA8gew*<@|IXzJ ze_(eF8y{|gg}bY{Iz9}K4>NsT68ztd4<~=}`0&y%ipGaZ^B*jT%lL5JT{1p=FQaWd ze0)f(q%+XT{ATL{F-90}E&k+_`rX_+SHAh62{*o^(aT(Uu6%Rp#r-aPpwgUjmV7JT zfOA)c2Ai;MV4Piu26}l2V%WA24R*DedZ)HJ?HQ3h z?sBq(D3P;rXRyj}H!bjK8N1Ln?jp-Xuk`pC1L{KHQlGi+Ddr+OsfshDVl6eY!e|PYK}Wa0fG9)Ca{QdN(m0!#54PuB~x?&8((EG z@R46t(Z=-Z^k zA%(Z2IW2-MXHGg1sgE{yZBfRKd`2gtU9e75M{RFBAt(?lby``}-_Z?jfK-WqaW=r3 zo!qM!ljx2e%ip!#ij)+I9fgu-Y034rWYouw?#+?U;Nl*$^ViP)BUcC%G;l&Ba?9$m zARNh4_9|fX9q9Zq!BX%-+N;{U4dCL>H+@L*Vu#FGWUTyk*+#_bwL!JM7H&po zTE$IzkGV|Vx0x^5cO=z7=Tl&h=7@;n@JD!-9`=CTfk$MpxH-L95l05H_An;dVM`4T z{5zi);uT?1quVXUB{Bsh1P9o?;mOJY%)9^MkXxWrmi5)0G~ltn^t*68+9v>8p z_=zc`DVHPu9b_tIND3K!CMRw$0{Jm%n=5sc;iI**ptOieJ)FODtgH!&>Lzub_0xJV zl#A6E>s7jAUon)}P{`5CX(>2a$bwEGsSUr8bXoYBvnaGVm-m%J`Ig{7uyjnz~r3?--lbgT`i-^r{b zip%AN=C@lEMB7O=6#7JPiE}*qZ`m;!AQ0wh331SjvtwJ&4YzTCo%4hQ; zAgjSI2d69u6g{rnuD46sQnAsL|`3=vUbu+>rI0d=~!S+IT(rtja*wX*`h2 z6wc4I1W)a{*$rwLcau+JAMVDkD#SJ}{|0yJ$i&YiTDN2_n_(CuH2Q*k z-2yYSDB3*|?F&T1U(aWVEXrvXx(`YS?{ev1TI{Yzl>P@qzbRRX&OyenYFuKzcZ$O| zNcV6doo%|blWrsF@NaR3FqBtEDMPVFaFMo!b~1T{xqq6=O_~z@d*ySC%_n!2Ijj(C zQsSAtVpTY?;z&qUE`m_kKCD%?4Y`dp1DA@N30CrT3(cQ53flbH!CfzZDnEyFlfF{O z^?W72Uu@L6*V6&+g}&luheKsL0)8-6JC&v=??ShN*5#8mBBWj+^JTusG{fKc zQM!XZRGoc3^Oo-lT&vH>q}wwe{v&nh`j(QZGfL8@ zWj@@K8o$1!bn1-K^z_V!`ILWsi+Ab_Z(6Kt>R9$babZw@+Uoo2-^on`zi}=R9i?m4 z>gokDO1@))jL@}a@K#i$BJBoN=+t%zFO}vBi=^zM>W$l-hvZM_mHGW`s6%WKlM)gT zGdH2&NEkc6zm8`ZoX~;pN1`1$PFHkh6Z8a;nEBJ4Y|v-A{hj4fA~4^q55D1(AtybX z#+c(}1C38Dn{@ID{}s&tM8KZo^KN9;Xue8bFh4fch&J?^Jt!xZET4o%`?6m;+O!HY z8&hxyN~Ap;OnQ5N`jemhWY?=?(UyJjncT+LN@>pn7@8$XoB4~y0|!2?wjtO9uT(&@ zPj_uiAB2!ql(!tgCwcEYTLF-BV*szm$8nLd?sgvsE119H>Rmy!QLLz`|AL>P`du-p z=BWkPa(JIgdKQ>oHc;hE~AtKpobAaA#p)^F8LlYeEFCg1)CtFmq z(hG-F|z@q^eH*J4TCc}dQUv>Wwi(Lo4USaU1`r5`JPit=A}Q-bs4{!&h@Ow zd*6TN-Bj4|=eE9d{g`#->qho0&-a{BGC%!p(cT|vFx3yIYLjOtu7_0UDEPBaYp+qj z7i%yo+zSExY3&9OoiJU$Tru;~j}-w0s9AvVK~kb{&OQ?FxvXTpzp3-F^zNF?u`|ri zh3R1NT8ORtAuFk)PkemSpGK}d*^?@3nbDfwNlt7Az@%sSxVH6^I=81rtvj%F#>_c{ ztaw+%Loa*1drm7^UpljM0|h+OW9c(~IO-PoYy@i2CW6AP({&}6PbjYT5_MGBIjX{a=5x`R+ zcD~z)iEC*b8&^#B6B!wuKbAVJ(rH#QVxGQVtL1DQv~^&#Dx41_1FqmXdm6`&hBB`N zM$BXfXt;Z3k&6_Ee-^=iR%T_`lR87-4~xnMXIol{5Z)1iID$|7LKTiw@b$pqh}MCF zHraV=;}zFnkyJtKt(_`BzY!DM5BxIrCr3&f8Magj?;h4XPwMy4`khJKzTX{xo*~>6 zU`cL$(q$`>Ew>g$>YI~8X#L?e~kgn71|knxkHS(R1*7gR@Dfcr0PZl*~cxYL}%lA*^;rq0=Np<_0WWt(J<38g^T97Q|c zR%zJMn-Z)rN!g6Px-Fjb;vX=(q}G7~SMbU4$$WMf=!%)n3;r9R)VQGBBI~T50LuDH z6uX&^O4i8cpc@vSJ>*Tq?gvLwEMPPPKBo-aPJXt3390OTQTH-!Z&|;T{`SbunIV5_ zociZ{T5+8!-`N!Mr{9zA30}&wr-i%y*+&Za$FGC%j+L2}Ay4WG>3bpRdz>(*eeVEe zAPbXag`Rhqp5A?^RgEcISP83(mKm&Q6ls!m>JGg9Cmo3)F?GGTdp6nO-S|74%q7Omb74`m>Lh{xSx?^dJM5mDK@6F z=wsKq4zv2KZzBgMmr$1jzcl=0;@445SmOg(Bff)Fsv(2a3RwD-W)P^Td8seIwgz8<|3ug`kni%zFYbv zmaL0KrAXV~Q=Dm4hh>w(FLE&N4f;N;e?v`CdTO!)dnam>omVZK>#LcGu3jlRABuzp7=dkhm4AHAjIs&FW=o>VSbD$3B!D_ek&9( z@A2$LSV*Bix$u+&cqNC|c0_SjAI(0+X(8X1T(bVmDuQN2(|?y3Kt*l5-L2INfV(_y z=8`!;7ck@G2lYw+StYcVT2?&vjnMhy-GpZ; zKx`6Ey=J@qzmeSLsSHB>3AkNfvRhS@T@mD#|2gNaz_o)tOQy8p3a|U5e(?tkoy<`> z=$|7hZr)@)gImbH=@L)>9J}%}Ct?GYu=?j%GMiIt6V%yn4RSM;vPj;7?W2q;pHgR= zGQN$)c;DQu3(J)<={g%{+&Z`vkA(uU<=;n;i-ligTVcW@W>}h({*!GA9Y&DS=s<3; z$Qq+CzjWmz<;NRRtM%OQw6vL(kwolqc(iw)_7Xpl7Qri%mxJK23YQ_3+ZN$K(eh~j zu=Wy$=d@Rblq?3MECy@zYMk)fzE8&`ZQZ?i2RT{ag~|ZXKS{RTB1V3*e3Nyi}ioNQz3_YRfs=DQBFP z6UyPyRP?G&q`M{E3+;&wazCOy@vPhrZciAwPiRkkEcY?(iQqll%i9uB?%?tWC)0;& zrIx{L+z+Fjj8B(f&*dfSOJ?YV>8S;(;yJ^t)3vI~TsS{|!)2p_nGH>{WfN8G`0C4f zMS#3s+YVDptasR8dEvKZgQeiRFVgD^9?R9kwUO($T<>$0(Ke&G4&oZmbvV~CT=)d> z`pQQAzx$O}_(zPieN+DPCnRM4b=&s^QPR^VB_sg-&yQ)Nm7CPQ<2s%}qjXs2gZSg2 zQ{(t2f+82L>q(r`i)67ZnWnGZd8b4Ti4wDK*Nl*dah9W6k))ki9UAM}qF4*#$-n}0 z4?3=F1tORj5QKXgs#(Lo`>#6oG;U6RN^~f+o=kMY3(S|krIT(sOm|7&VmbGtAW{m8 z@MC1QI+6^unZ=STQxMva{Sf8ZlNvX#DCKBYS{L?qO4rVgsc}7obs{+)brM`}*DMS3 zh!Q-;FzTJ%N74C{dVI&l7UakKlpe4Z5e_IWQVz&269;Fbl5*a(df4{cR4#^*Pmw!C z5n#vLB6WaBI_6HD&M-1N2}BBI9)VNTz(VsM?9{%In;@Z4kTBaKp{!)JFISsA-IuTL@ts_RfZW7Pqg4LtD%j?@Bnw#~ zmDZS9boe&=PV&e+f3Y}50#?8E2^wtWm|0ox_e{Trzrb~}3Jx=S{Wr?Y?%|e=qdVb5 zWj^d;9243JiO-_)nvLE^mSFwUJw}ex=u@TR87A=!B?I?BYWc#+CcmmZqRjR~wGuQXHe#-S@uEkudxu!Yq@C4xp@P+d7ivK@2gMY;E zQi}M2X?z=+gUm$aWvuRRvSLM3rL-L9m@UnGU4EV{~3|WVS^n zq>)`MwjC?_?b)ZCXFMRJ=<9EZkfGgJU!Z>cA=vpT0{r z?+$pGzicgY_dyT}!c^fyK1<{-HD#^LbEneqAY35F?=|3xg+dBBRQ{P@`2 zFzY}&>-iVHBPeFMWzFI2vE7qTADkb5CP`wZhgDj^4ld7Q=e{Wgo$49L{8BBQ4yMtD1rj!xJ%cM{AVv>+sxX}cu-EyFLCwL z6?2q+cgw+rdeD!bNvU`&$#a9I+g2Eu4*m`^Nc7N!A}ID zGM_yC@BGRu_Mfj`f`@x&v-5lUBRF=MozoxXgvhmpZdst=efeKR`ClcXbbkC<+6wSG zn<2c=&BASF@XvXhA5ULLfyzUIo3vg1+=_X~$9=wFDPhV$goXU?{R(*(9<(g?&E8!G zCh)^e{F%XgN)|mVqoG@|ABU0R$#|ky`0_$TIoDv54Fm8jSw9IT6LIsQ@)1|V&@0i4 zx`5(GPAi!XL5gnmgk82Fa0(oOSD_(|FGvOR9@i;gml=K1{y3^8EN#@{{EbH16q;6E!tT;*Ost zQAX%vgO(~7X-xc`JQM$pXzVcGz*J{Z*_xdfX}9uTCv^;5 z*923PLGm#r@LRb#XjJQiss*V)etexRFS|_yY(^VfntgR*YrLq&^SSZrEZX;t*DyR@ ztT-O_WeijRTm{#Q;MfM9sH`y3y|~g&1seyiILJPgtp$2UiZKa65&FD0bx?B&Axbvk zXmIDYNgJXE_`VRhcSB6+A)@8`aRWtt+VkU^EC4%+9ZZc+c$%1t=f|I;p-wC|$4tr%jk+1U0mn)}}Z#q-~fVKgFRTeZBEdn|;Ai{fxm}=Rwj*t`%Hkxy~kR0r!e6 zzF>ema{fquUf;;Fa(Vb)`^gl4-=9ZGeSmI7{)7l*ytB86y$uakMf`Z*@ou_~ zcXd|YKgvOzvd(G{C#mGaH3^{xu-(eBwFGm#as z?P`DacRdSS4Gu!$<4JVaC9(FTKQZtR+=R`3y??e5wP=3)#R$A&r?_UC<-gP4rnjdL zl{JlgTB1oUk)}0aQS{MH^w0U&r*w6X??kh%8|&ds@$3nbWsJn#vtMb?r;Sbdob;l5 z$t(Lr5orFJ$9rbK%?WQMu{O61jd?vWRxbFAS#)MzWw5h!-$CAhMx$jdt_JSF!y=^uy2IIvz8d!rA_w z3!a4!Wk36I{cp_=)={Z97WG-HkK$oU`sW+pa{6c6@VTx zPpst$oA95x0d(Cj({;Z|UI^>;8;XmMI>pCrg-(E-7Rd(=lYN+}qKFAP9OIAg;a6-$ zii{k31s}!qsq>>VuK=&u80pAj_W;Y}xUJ?C4a0U7F^L#?=b5_85C3+FP3IEItcB~2G zm~6wxnZb)!Oa|@dcZ&8`xE&*QC8bH@=pi;q-$5m{@;-9 z3wgV;yC6Z}ht`Yacj*R2^1H~(@b=7<^3)jYHXke(%9T~()`>SZ$NvAs+jTfO{8 z+X3=x!t8fdN_9F`+`RUNep6Am&>FOd+6J-|J4cHQ#@fxP6zTB4j?bchM#qGkU%0e% zG+726>fl3t?|i4|oom>iHL<8@x?9328ZEAD=>ISEvmfuJpSAm|ZpWRw>%Wp2H%P3~ z?N$-d+_p*;8dUPl3|<+yZYLZCn(+TYY2w*ueL*};_lpx;kC|SkjG%i_$l9eyZ)Aa? zT;0Wo`ZA}K2ReI6k1@+kjp`Q}chT8SyqDDLISxs%y!omKh?s~Ybd{mv%pD{v^*s5- zIc{khM}SOHGK1c9dEma5PKlXOpVGB63J2Qji$NI2m^pWh`ffNygoaWFByw zwM=0v!Y}6PvU$7lbKD2)1pVx=JZ3m~2ppt>W@H1yYB$x^ZB8oxuvDW8sY=u51@4{W zjqz71e*$|$z7 z_}i!5V!=Io#Paaf*;R^KQ5lxww0Fuqe%c zy5F<`#<2S`d49V|Ym)_STN3Dzz;kUNeQJ4Sa%sDX@t$8^o#cp$F0FEvh}Z?bFBqXwwB8sJhMx{=+k@iO~&?;rb2N!(69w{eWxDR$p)r-yitBFZdkS z5xh$rPo@5J^~~!nw{QQm|47Z1l_U4bb5s#`a`fE=eU56wMWB_wypg~9$B+iUzLAN^ z;_OBlCian+S<#Mgb|6daXiN^ye5O1-B3a6G?<}~P>Wt3kp}$3QhCq(OGR~6V%u|&F zv5~Xy$J_UIbCi8360ZTo0nt5|pil={zZ;`N5KUtbT*@wp@LY)v3IHd>|7GHBnTge! zpPwd0O0O@$R#zC7qs8xU5*eGfYJ01cTcCZzQkDxOnBL>@EDb!@6qdi@4FvH-os74$ zVb9KZn>tiRTcNx-8H+g@B$pq1XcRy`u|J57Veja6AKRi7G7@ zcy5j~)|^P-K4LHJp3iD{Go-k*d(Nc5z4L=G;ISKD^^d|q@tgzPhjIDbCkdL2yUhgj0C~5UV8Ym(gOaTIbntwy9l6_>7T83HC@|R&2BRr zboGSp8R!(il9db1=s)H2{S_FtijYKPZLeSRQL6cLjRgA~$h+nc++Trk!=gi=b3H}~ zZJgAcf6nny5$IY$kY%2q>$6@iv|nDK5YGbQLajxWB-Af!Xqa6d?TiWZ|$Z(;uhno7r{@|HQch@uGC-^@8 zWx_58?-exHHdmV;{McqRKgvR<&4?OHFCWFAZSy)$^SY=gFS6J>8TnPlGlP|>mdxM< zsfn&MO-5&ELevugL5Ai4-uW!L;Yjj={EDcllLA<7^lMCZ@d&tLL|L%LD9pz|^!_Je z>K)F9b2x{m_ntMJzdQDiD-nE{&wJWn0>WHiieDg4vD?Ko_J%mmx`Ze4x3t`vrs8nhw^!{52in#*YF$Pmxo0UKkDfc~~wSmTd`nTdH)Mvv*_6lu~NR zRah%oZD`HQB^_Y~?)>tww*~8R2XmOzoet;sE%-Y zGh;e$p2o$#t4;;$Rn{J)P4g))$_MUqpPSFhb5mzRIXc1c{?6NvI{{^UH7}>y$>{2h zwnDZx*B?&<*($VoTVzrciJ4PYP>03hFNVL1C1{S=D+N1!Nd7N^Nr=YKR;TsIC#`zpafLX(nP7*H6M9%?4}!B6GNl! zmwMzci<-j`6dXRe<^XCMG8u}2xpr+|IWbk)-+~yzh_kpdcLPbna%!?vRW_~9--a}* z?-&!_NMH!Jz+}0VbJs*9VfEX|vd+nJ=gKjuC%i8;?nyoB{cFvh+!K)8{10^N*P=d- z0WLlO?4QjiYptzWL0@C(JD%41`*ji-=8QA3+NsaS#0U9j%{P7vWSl(&25-#H6E<=# z7H!@*3%_)Sh}4v@qjdee@zJXfSYH`jH)__}X~B`H%BIGa%B$X@p(44F>Y}d+Kf;e4 zg|??9=pC#vlz>HY8du-xA1VoK_IhaX{E3R`{7*v{jeYZQEZuDsxW@IX9ltQJ0tjb4k=8SG1eVXE2=I zCgg)lhphlqnDKT`SFx^pu{y`9cA$rt!J7H*GMUm<>H>eEjAnMvo`aK!4XLUOVq$=4 zTJ{P0z8n=4&K-~)BhR^V!p_l?so+YX>?Pt6D~M-F+Mwg0#xbb_6JK<}YcsE(0(eHi zdna|0^n~deZ*F6YFEz*R6q0(hng5iCwjSx@8!z#vuwUq(rZq_1>*mKkuPYdTAMTX# zQdAepCV-h4rN8mf6pZI4(ohcF-q(GJe|VF1V*np&>&fpp|2^&>x62!w(|B~*- zA%|N!t*WTctY)9rO=8w}-QzkG>F(Es`DIaaI{|GdoI1E?HaXr)VQ#if&mnfEBkT#> za46+T1}z$ob>Oh4V;Zn1OUGW8tX3m?OIGz7h1K4`4fvYKTP`kXM-HW3vq?zBfzduH zk5`xuuo+;1VF`y0%*^`4WV+2%D1Vn}4y(*;o0YH+l-UR`?z#~kp_UXjVLtS#FL*rH zja<`T^93K{`U20RxKHQ)H?FU9eTmC6vc#_Zh*ibDYe4@aA$u)eRrn>>5w=&yljmuN zfI2RhX0;5JvoF7>!3m){)2{TyE-yr*^ys*`aH`Um%<_^K6vaE%jVI0u#?xcWbYjNM zNgCfT@gXremy%rjIhRszm6jdwT;K{0HFaMWDcD-+oPF=rr@iLuGFLCm&K@~gfn-OT z|xN?$-sukJ z>lHLLv_-A-!k5JwTj~McEWXOAkAoU=_667OK0G~2=@a}`=MD`#v=LEJ5Hf{( zB}WjNwM>jjEGIZmgAK1AB}L3aZ;}3{WM10ZNdDQ`;ZHrb>xFJVyAVrT$*V5uIion2 zsgldwXmfTp=k|t9MSti&TNVZ>FtgzmPRiBccMBi^+1=bS_{l0+FK3`u&l)&Fcq;*= zZoqgaz~=@C(Mb%y8}I?_R04u-z@G^aCAUXvI`ATIfqSX!_@G@khD{zJRTMn+RIUv? z)Eqss$Je@kRA$4|q?l#_`3}j}Q~$NQk4}RM(F)^zp!d`>vE6VT5 z3?9Cs35jQiMfo4OiJKKqF0!`q;GaKK z$e)A^aKMzF+C6RU?z99xAY;P)Bl!z7KQk2V6r%CD_WeL`jx764qiBh)yoAEdeP1f~ zydN0ri`ovzK?}A6{v14JHbn<;z3Q=88bF^XjxcPU_Uf-sD@P8g@*_JtXyY)go#MHA zjPQiiF(5$r#TxqK6!ClC#MO{LQP@|rTj=A|GqWjzqfviuyJA=AJhR2GXkhycpno$N z9Jl}i%+7PVLFU7f^vI<|uUpz(k~>Tux=S)2mZrj)4}Ixz&Y{pb*$Lh-fD5wxEI8bT zS%PY=Y4uzAuN|mmi$gZQ`!BxWmBts`$#u>EtcvR$u9mla!Cw=$nd^sKH*r1BWw<kYt@xISn$*7XO!_+9>26}xZWhJA0^1}X^QKLqTsu(r0LL?rU zwFGriESl&lQLiwaNL`ZkHkMzJ$mV5}$n*@F;c}!DdT!zkXhz4*{E23M{YQCLe?~Fn zqkQ~%mQ`gx>sj9% zMI)3Nxn%J=-`Ko&5%x`ib-s~#uLz+cR`kv#Q}gE1q4B<12aq!%{&S+|(#m2Id=_^( z(fJ(iqC2=aUca?|Cr%~BQ=QcDtU&8Vh;*fDj*snQ7U^Gpz|uhbLAN3hK*g14bb(#W z(niWFnomzIfc4q^5uO6GpP}zoQsnp>iO>D;Z|J@Di3djTz44L2{6`#JM`~%H`tioi zsnJ$n@_yiRPqwCaljN9nHpw$f1D8DVLEy~|?+4D=vNUk)Z?7ns3CJnZjL7DR|19x| zv(bsOji49b57hP%wn4(Aj-=g2+CN=UCJZXv_{deGX4JSKghlsWpV#?y?}ba3F5UIl zjUSfE*$;-KJ_*|GlGGl6Ga^Ry$g?_nQOmdS^%+6rDm4^bfxZ;a;ScoNL! zMgw3dGZ+eFj-*+IW;Qqbsy(t-K=XfhD1XM9lr3VgW&L%wjE2VS?#B18`aKE#tX70G zd&vDE&7HSgc_1UKhW25vCTjp+->|v4VVY=vFRR&6gR&(1NX`2-R1-HHG)C(qz=SSg zUZ8acaIGZA%YIanD&O^zJ_S?kG4Hqts+ue;NoU5~>)MTnk!2n-L;VJcNG7OGI%X#8 zhR1sGV;c*#%Ii5)MIDi(=n#wY=`D&OIROM~PN@mP&x)dbm1vYEsKfl=SgI4v=0&0j zArkni3$fWbwv?#Et0p?m6t+vv;j<~vnu?uN(4RUZ`RU<#pI{TzYJ!e>$=lMKj@9~YDtn{McYtG9_JG!wp9+@D1vY9;yk!knZlM+nd(DddP`kvh+! zKg&r&w7Mur0sJaug+Bt7r@?OPkWuySA>Ga22|>Wx-wB$30Dlu9E(} z>&4t*ZV#{09!_i@Un3E|24?dhxlrE4Vyb$0X3!6ro->Nf$v8KjCb>A+8>8D`vrSBC zT4F|2PnF#jm`z8z|A%)dLx~9G2b$4iW#40Vb4Hul3O3eP9)}7fx^C{YIu28MV$P_? z>GNcg$xpiK1+W~V14ejBk9zn(K$17<9pbkT)TFY{WuMsGJgv@C^ShoaO6>j<$D7V` z(ngIhXZr)6?W@_LTIwn~k~|8&w$!}u_7%JbMryVG*`wQX!wM4g@&8@%*jxy z60Y;-=>PZ(@L_RbaDS^3#1^(dbcvc55sgiY z!5p>6n+PCLa`bfLO{r^p$E5Ym;rz5n$_H9Tf~nx?v%9vhc}u>c-T0VvkTKh6b2X`h zde@S!aYtbOj(AUJ^nAX_(ZPEbX`5fO=Ni5SGR+LyDhxHgm)#tgzj1SC!@0!t)a+>Q zY4LtD^JlO3k&T0;56g6;W-#0L&0Tp|PcXX$;KG5Q_c!)kT{eRzW#K7s!;PfGtzWqv zZxWMvrQ`%R5&K)^EaABx({K;YHxqZ$H3)1<;*{{u?3=N%i6BwWkC~tSO8Oq`hu(Wd z_8;(v#*eN#(2doc=p}v3tkYPPx#s(Yi>tYHW=}<+S)E*my^jX&_0`1^58AS(NLkB^ z%4(Lf&OyJVxkOs#um>)9)&CKGG*r+gE$9$ikb=_=IOyLSKe}30ze3(e*H_l{%y?zm zV&?kG%X&WzB(cO6TV{ilDfEI-< znwUccvBZ-WwpN8HX1>T)K+1_hwnJv$6ce$>o_#ANlmTF|(PqGPLz@ zvZ}@E2V)VHlwx4@r+r@PCt%>>6s<(!br9#;82DL{@4lG8%iJ%V)^GvJ;uL{U?tq-n zCkwdZe(igmxPQYdUO>8mn(4|%m-!FU&k)|Fq=uWkBL}?htXXBLK?lxzhF6$F}z8 zdsdZtKLm{jCcfep*&aiOU>c6F8qjfx8w(%IAugDBX}HM^W-UfQthXTM=2B?w0{&tP z5*LH9_E>khxmT^&L%CzS%i9C@_QkS&8;xH!Daiw-JsV;hbK$l`iulPe6Vq!oeuO2? z>!Wk2pg6vuX)isi(6lbq_Fe``%q@Iy=?(Eq#^RN7nt(Vfsw9HCTAj?)4qMPvNE|kZ zq3OkBSw+gsrpx-;%p*Ue_dP9ZKxe`jx29geTjAQND4t(T9lqYbcK1}=y6wo7t=;Wf zPraqqQ_Qu>#l{K+)B7AmHvKBd!IPaXR&;@`$0#~6P3Y!tKe2QppTYN}M5~0pZVUz8lvEr;ZJDJ;|ZRA#EulfXs-QJ8!}r;D7Qs3M88k=4k|~;#Ft_M_in+6 zEO758u`Fwjx~65#(c!jbU^C|jz*dT;6H{__y4aVA#aS%>ymF>M=Y`apA$=WjT=|X@ z)(=yIvM^R*YEUKzVu%NtAwx2Jy-KSBWGlWD$2SP87{p&-j#!p+iByr21nH;aAJ?flhmsU?tqQwueEuJ1zXzkb8&0Xf; zEj?8ye+!nvg=DxW(x}qd^Am8A5BIJt1u*R{(Ll_Voo$F#}FayPON^fxL zc|J#skDp6D+ih3L?!YbF9;*C4aTY!#RFHrElhE9C2ZUf1S;f3vZ0_z_3Lv#~Ey`&~ zoF)9kYgV2`;9tm7hXSm}z68I@5HquBiY=bl5p&+b!t#8u@sKAyijgK&z7VK>D}wM< zY~HiJcXDl(VF>Nm#EGcO3i0*{3`gw`hQGB_{1I+MoX`ji`3n?=+*-*jcOTS|Uqky> z+xAa4C2HIR?)WA7KSrv3>Ugu{e~cSFxne-}96)G#_Ts<;-xQfBkwlVgyaZw zdss&g`e7AyQFk7b5??PwS*jVA*o<=vmS$G@OJRxsUWjm!MtJ3XK~E@Gmz_~r|4x=A z1J61y&+^n%vTjz1`&_zi7JGwixOd$wZ{oH>P7{(NP1r(%<-x?bwZbel=f@>)F{l%N zn%s1$i#@W)bl`#0`jn=HzHqvA5qLPmLL)|VvMa8tus9TeK7wbX*48XAsY{5;%_3tW z$oS?&MMmOd@*-haFv8FzdjnHr0{6}HW4|iW!P0JTLI(^jbRvK+u_?QDE>2Im-vcpc z`~SN=7rh2RkmcD9RQLP;#q`3Vi_-`H#q?7cw~Nz<|CRJ`s+&{b>0hX?SWFg|7x`Dp zO9y+$?^WOEznH#dc>2UEyekp7eb-Ch9sLCYg+H|?>iCB_ZEq7oj6#KKwFoEj*df?&jAWivu)j>qtXpVznHiB^XC)h43)C z@7kctd7^aNNT)A|?#dvX^3n<20nN_Qbrf&Q2EQJYq9po_1}944sqE1wU&h!IZ9Nlj z5l`zKOJWFbK6M_iGLYF0ab@x{`cgT8NZYcPPswu#265LvGyxf3Cot1dRvnU%N$)Ux zmXZ5!&Q%t{+{VcQPU@FAxR@tY#u6P%eQPzxp_~rde@@G6PN>&*25wf@2Z|57-|ED9 z#qwoPm}sQ_F}2-S6%o=$h%3ldS-&&z&_uSY_so1cGdNk1B5u5^)_LVI2yc{o2)-!y@DiBfV)S4=GfT|TP6p0+zzO59ypUMf-hCVL z)rtr-ky(Qwr5cE5%Uc7T?*MCSD%=|ALQeCXJSQ6Hs^Ou(oF?(){wT3iSivwhcydok zPD{y24zcW?qt+N=IrG|kWR6`|F!Rx#K&QC9LKIym*8jQWZ)= zXB_CfpDzpB%;i5V#Jxk}<`%Y_MMGgX5$4okj_ykeboLX3Y#B4Rd|t=#21nZ`A z1wq!g9T5JF5183?FR8MqQ8aem4~)_i^}=lVn|E0wlLbGNgly~-{a0V2f?6kT7N+ne z=A;qx=S51|j9OU0&AwgYvcIi_Nmpv2qqKALz^2NUN@CT{NUi5I@j|&Y~poh;6h5c9baIHhk`=bXrANXIQhZiVQ zjE-h}UlM*IJ#0O@h#pQ*+8Is{V=XQJU(&-eoBiJOfO7Z0+@JcO)^_;*Z()ykH^qv! z)$tsaf%pQ~oeqU#_VLHjWn#+nLvC&Ld1oVPCp0W`@6{n|h1wTyGk0qkC*EiWK{FN+ z?jZdHE>A~KAJM(K(rzJS@8$OoQ1N}C+5KI?qhrb`T}w8AjuaDNwV~ye8Ouf>vfP5C ze^Jb<<>w_;l0xzqukSViZxJcU(>;q&wE?&NyL(np!kuhaV?i+yCLCd@Que*#wyMML zepJs@3XDYC;Y2e)Pc)~P)sB^~Eq>Opw-(2!xUXPd+~=BT_ARa~3tj{^(_G)?`VQAB z!gg}`cs`nIJqO4HC!|A?rpqH8&_6k8|^$)clY_3iZ%u1FU*cWjo+jL4*MUS{emq)$i;OlFtm-& zGCTgYe7s+Xgos{AJ|uoQ``_XE5b$0Yz!=|Rpv7WfPL*JMFAu~; z{-SlgNaY97cC@BKt?5HlcK9Z*j_mM?$_`_kad)eA%DzxUh{L|K&yaB|T0t2Uf|-Bp z;m8k$z=L&IbcaBsq($QAsOz1TyEweU-1?AZ`hF1tdT5q*Ga6)yJ!en`kylRAm-~5f zg^HsjU9WZ82ZNck&!{|C=Z&FUgJm9v#LSfdDp0Y7A$2e-lp|>h<^LSR@F$K#{7{(- zLsHr~%3+n|Pk<^@&qYgY1h28^E58j`v&F<0Gl>!Xvt{<-$xTEc7oTS4!{cQXfTa>4^GZeIAe(;xb$oJU zoWaMOt|J@1s1_~esFwD&{PL)|kT7RYz^cl)2~&VD_^W-y5z$49xBWqcSve7g{%l=! zRw{^P;99nk#my7nvWis!k|nca_uPPF$E^2I&p`$>IAI7 zRC=Et&JV2C=4}C~${eyEkfd?@X9PXXa#QA4PwelYHv+O1^Uu5DaAbm(>^w(HbomosiC=NAd#Yk-6ZQYBP-tvsup z|6wP$_|jJ<@xNhc64)*D*SIav(%0P*W?+`C(8r#TncHMj3p;nR9l;*ofsOqueA$n3 zr8T<&x1C*i3(ZAMIt4ze!=IX1f>hB`S--WBqhhuMnji0;$BJIA!WqPBUQXXjgNsNZ zexlD78Z2sSc~n(gr4Z)v->?-_-+;dourFpUp6aM@s@^cI&p;WW9Gll^EfrJs;G>Xx>>HltBL zKC$f%c`%M!lGTyv(l#qCtC-%uJf~iTs31P7o`xU<>dwV89_lls-!=3zA1nq-N%i2r| z9VlqY?%4Ixr*`go$$nyfslmRYbO4K(5;O;2KMuI$>orB95Gd29pl*HdmL2Q(Lp;v$ zlivJwfmF`(#@l_|oZ!6flmywnq1dh-!)3E7--~F3NVSalq~#ndldI9NtevYIMhytm zC#-CO3h7ct-2DD)iW++yQC(qtq`E$FdkQ1^LQ!^Ck==1c*{O$FDky$kW9B;Yx?j4f z2pAhN*cloHis8GtD8sAC@Rif|3!kvixT!COuVH`iWs0)9lI*@(l${ITR~5d$eDxFI z>lI=c0@u!$@T|%l_cPhCER&y{oylBFe*H6*lQ0w0H^-@?a65NC)IY<1nxPRDW~(cZ zp-#5W%Mc+9w(DgQiM2%6bMgS!N}rn8>N5WPilDjKC#=1)TUb3!`v>uskg z>KJfk&OMyfiT04}UUHMNy}Yu=H{s+N!DVIH1;Lu<=n*n6ugIPn@;)VpoE2zMs!%Ae zZJ+YyMKY_9Vr*F)((y=<6eINdYOCS{NrggZaJ=TKU}JxJtOzkjII@yVU;45ODzm%1 zPuJ{dd>)bI`5xc#js44g*#&KIL-92JRcxE4Bxj-Qv$|#+aNRgOS}61I>?!lT8v>YjJV)=tot6*os>3^EW7> zF+Y!Cm5($0Q|&@YX7I8#6I1ND^Q8{U435GV)8K`v1MOgY%(aw~suZVv73#Dv9TIo> z$NnG9%BJsTT-SlMs5aPNMM-I{J)wBLBBGP>IuWI(WEV$R5vr702vZk16Ufz<9g3B> zuI-2Pze@jQXJsvsJmyf9EyUYzrC8v}$(7W&l{pdBt)#kwxa?qh0$cJAAOc=+JjvR) zS>L0KRA_F#KFTul&1v+g4Clc2eKKbsOoQ2&z?46;!tzhPu+Q15=cb z5r!gF2l5;q(gLDtM7xJC9Vi(PvHwL8h|aJiyIS{zBLrC;pGrfLP*i_s_nl#|B?otb z`%3>m-rfa1%HrxD-()w*k}T{33$7S+)m5WGjRq80&;)W*xoiyCV7Y|0sE_LnahHpR zK-_>?9@b)Ot^KuLsF&Ke_EjrlP>Tt{Y*0kN8x}8M)ec55sD&ty=l?xto@Z}@B%No!+SIB&HDjbc<&JV^3U)>ail(*;808GnowCz zYywe-?vyDLVVrw5r;ANs&M>2cKn0Y!fRcwqFsl{2j(n5^HqI7rZ)2v~TSsTyJYsAy zFPIWg?wv_eGc7qXA`=SKQcGmQ2tAer+P5bE%yH-zi<*5yo4_2_{(ZK7*2UZzjtgn%Mg%qw-8n6A926 znI^ND-%`YB60*q;wAln{*8*|ZIWQ&ugg*uiK6X;BGR=Hd&Np?+9-v2Yq89_B6AER* znV50pdqaH_!l|^5z~}&k)(4B2L?exEOx~=;(3KE8e;N7|zF($*6>ZKyro3SRj4#P; zo|J%O332U<_51I^bELDoIOEZ|HV6s+TjwnuNXJtwK{w3=r(h=N9w_I4V>@n5uzbpo zLC?Bca_pLzTLuQtpc3JRGY^L>6D20kDqGWb-!We+?ilpRXMt1eB7P|CzJ%9SF+Z2$ z#Fkb{o+KYKGZ5JqCeJ@E67oE>AB3UC7z#HQn3m>-8%Mw=#$ogdD4r)3?ARxdY$SJ+ zBo!Z-j?|HfbGq;VB!}c)8jc&=#cAe^k%}V8ISRYvxQt90$zuvPx_~8+Ss4^O1u~85 zA5jS93i_vT+v1!nnl_e9u$z`|UYu3D8K$$)wG=^{m^G$xWH8VB-O`-UlrjF14OeiT zvhYJ+Bx=S5@)k1HpayNiHc@NVMxTr*n(*l5?6x+t5vsByB+k)iX}5u0Fr0gJgSy|oL8B}1AbH+f*E z=`Btf0($#`@O_1}q0`l&%Xc&m#j#;A>t0_dbl-eaY z=M2B;%;e#d$BGF}I_V0&i)n}Z0HVE~&?o*nh1eoIFa=*ItgzsC1jE7g*I`k45jp}# zUlyIKUgmvs3Ba-7O7Hv@yp#KzQq|cKnbvZ|`)0!dZ2&uPl9%PkyC#a;)S-0%e26;R zf;ri#zCLD5aDV}~RP^HlxbwUlmz=HUhog6B-q;c+oku`Rqt2!h^-4=5*Bfi-(FVwC z0_ux*@yb{B2d#KWJT_L{qoJmQN0T5JT>Bn4n_OTK;a>1HsEf&)(y6?OK&sa0znJy- zMYDY23w|QNZVr6lLBisFDc}aO8+YEs)a|XuB9WC`_b9l{;1^*yy6xM;9%(? zDvCt@?c~U(!e(xxo4kjzg^Tz5C0>Z8m)4+TL)ntCswHXWRa^XlB@A}J zDYm0as6*+xtJ4EZWw1lM$UOz*gRhfwn%BNz{Lq%2TxSDwx*Jq}WBB-uSt|g*CFU3p zHsYK(^i99A5yY|sCb1ae1lXPIHyvIJ##V<47JyN}cb8!*QDHgVc&G}l_}=5=AKVny z$3wy!2kZDTmo}b4tR1(bTU5(4Kzp`NdkaNZcrR_}o`KNW2m=-7$R^Z@zOT70Nm_8K zUn?Sd@(IT=2u8w#eRb%`mhV_(_YPc=r(QvQWJ6b^dnbgx8SwKOpwtnmc6c`ivHoQY z>12vH-0>HpsZz~_Ypz4;1WS$Ts*5hx&?*;N1*=vE0;9HPDo8TT@E&UDnXTpWMpK+0 zW1=QLG%Uej(m9b%#=J<9c0Z?}X-sTD3|Ay|phO3Z^8 zz$Ky*BhTO+*;>U+h(%h($nCc{w%-ERUarUhZHi5+D5@fph%PldYH6Ws=0jPL(MU;) z_-Lsm=#cxpxX+otL;s2_hJ8wEYmNP&U~Qec$ToG+WFjASU*Pu3^Jh>&SXx0f=j!(J z>O7cm1#PvU5kAjk#YIQ-$}6x=2xcEm1qz*uW4yeD8e++qN0#0W8|gkxEO%+nuHM!vv&` zfgG?CNc2{?=3j$bTa+2VqInnNF=}~`iX>bf28q)#65Lu4$|GE&Zqh-aGH=K2dAOuw z++Bq@T>8zQ5u#O$!0uCIwj(lB7du&BmBdrf9_C&cA>P!-f;^j0D{VB0LOEK+B;rpPFLk)3VNA6c z@)hpmoZk~mSrFF&Hm^*C?3jC^BQq)P3KId6{V&Q&fLn_hF{z~ti zw)uabtrd$o2(A%7;Ycesp9ux}{JsNi0PKer*y?l~jH$?9h$gJkn}A85#h^OBxB_g9 zcdOMr;O26r9T;OO3E0Gkz>Be|3#?(Ju`0k3851dm+KpJYDFU)7!9=Z9cqld_GDfQ? zql5&HKd?}iHAmb_W$E*WJFr*=mxwzMOp`bG1x+97zWDS}yczy4vq8(TvJ7Sk;qOWs zXekT*-TD>RKr$|a=Wyb!ppNysFV2zyaGqx)778DFw8Ym570OK+m~Vnsf_9cM9AYUq z$j2&Ja}=u}Aro;U)_X;%x2b}X_YFGQ-%;GNl({15B z_O~`h7i2&kgUI4-lr*%9mK%=xVkkTl_B4L+1$IY#;?t$^1yt~KonUc;%#u5BD-J&M z#bC6?FK%w2IUzs6CZ)WGxpkp!!NqcN%|XBM?3zdWvn7^Nw4t}!uXO#5{3UvE-V{et z9o~hu`EO$r))+`cEcoXaKVf*L9UGo~5C)Rr`S8v(c;xx`OHSwW@#G&=vH6R46(6j_ zE;)9m!8sl3Q57yd!A}My!3Wisd7}A1c%x-%Xg8%LA2se8c6x+)b_Y{8>Ch9j zr*!dGEq|3Lg1;*Ht4y&1fqpTDzp9i1{wl;57duI*;(%cs?Nb!~vhmk6rG>xxo~D*e zSDxgr9(;v26{XOSG8jBb@eLg45T_45tOcCPIK0QQT=?bjn3b=;i44R;hYVVbWx3Nu2kj z^KX-AtW3jn&ch!WVR^I89Hf%8V~^_~MIj?xycFw4>qt z)}x0$UV3P6;r90L`{^o<8`>z!+$9sr?x2wFp=+pT#?$+fTry^Af0P2GTc7Us@6GDh z?fXwNe+@arvJT=Oi6Za<@Nk>CGb4)tMEiy+bUBPf6KqDr&QGZ2w4g5V3GW>053;Mj zhuon@uhLrI0G~Ouhaj_%_YXIpnK0zHZ^DP20TcWgh|`~hgoHwheByH$8wY5@^icrZ zF@|7`9(_6kT-v;!7U}!oE2OjVRbTXOB0W8q4~c4#el*jgPn56;yQ_PMKPB0@9Bcy{ zar%*Z1PoS&A}CEqh?snqrzHF_1`CyDBRO#SK#PgV?fTjA`jLtDh=GPis&c^)Yn<y(j zOXbr3iBWT|$lwx3$Fhh|pe5iK%$h=W;qMQ5g&7rv6OswJ#k+uBMz{S}9S|M!mFjqb z7$=cYRFL?ukGXqEdjm1s;9G<{`qx^OsxQ_3dj?UB*miOv9uFnteNMcR@iyswyxpA?nJYGP7Ec0iV@46)fVR`1fk>cj&1i%ggb9I? zP-!naP}~MA_9vpX|BApWgE(^zrhpFO{^UcA4ZJS|X-o25(BGIky3L4!q*k(lBuTkm zl=ODLOP@0^KPf0#yz?DRWe%jD68Zoqddp1k1D8br5fthWV$RHu4GyjLCpM`LXWsp_ zd75V&K%1Lj(sY`dnKV{aC6H(4Fze=X)e$buyS*__-T2!>-^tI3;U!K}go~4iLbWDf ze@7gZ#913L;{Z&x+{RuZNq*WH?#;DNe!mc!nn<}#eEA2-G<~@53Z}=*G#3%if(Mim zNW{$58Yn>Vi3<@x!){)kPn?N&_1(g0@I1DuD7-NjUJb@ULwQjvxt}cD=!@P%oRvJ1 zpy-1*J&X}wg|F#4bNvT`z=^wuMpsb6KrYpRq_1;0)?fI%Ne{ao*2F8}@~()JfCAW? zOfr*LZ1ai!R0wt5bUomy8t!J!o|lw8S9}7F3EG4wkE&|%8QY7~+4wRT<=jR_X-gcY zkVkRG^UQ@|xkrq^CZ)2B1gs2Ug3mJu)1U_&pO>5Ue{o8#C7B_9{dL6$#W{EM(G?A} z0Z^&zMrLiuBB=EZZ8u$9gex1iCi&BWFO$*?Z|rtg9WCITesSN8G~jLC*!%^o;}&l% z?!$FTA&2s1ygcwiI!hYL+3+pGy0fU*QZ82a(nFbsh6SDI%PF3@bQZs0ebI6 zPQU2HJCIH`r?kCGmsjhWa)X~kY8ECm){s)0J@XJm)+S4=#k;^jN}x_UiR_bRz{d&2 zfv5jsa1u|)QSoNp+rVOc(Yun*{WlVTr-30_JTx2wkfpu{M^QsIbQM_Re=9oyAhPN= zAWQygZ*Bq2u>Ru}a^?xiCd+%sKB>=F7j5<|LmWA=kXMZ3kemZUb}Vt^git;T73)d4 zaxfU0M>1x5d=S2;apjGV79N6?%Y$GfW%5c`fY_i=g;)<~!MOzEl|D*vZR z<(H?HUj=(Mt8CxzlFRRh4H%T4sclc7}8 z_MDz*->Y~}YTppQn5fr(O1yr(uvCqVQ6Bp1-lXzEspSD*-{9IY)F58RVWebyQ6o+a zUl%2nKP0t$w_p59FaO5m@*OI92TT;-E%js2rGl)^^NY)5BasHTnzp-v4{0478sHZb zWP!|m4QylYr%(n*#uJX~Wj817OdBcDFBvjrqF=ySBn8XOG$xBA{8dx^I=zp=ds2S@ zf6rx0{HZt$m5e_!R!%hV3+w|WliL<;)Eu&Z7&4T`KJCB_Qz*bE%)^O2;1$#Kp?r#E zokTjl%8`^k06eYCV>5X5cw!a7>&KI-G}Nf}ZvZaTA&c-!)0eBx{z6~-en;Wf!uNt_ z(|Ck~+^l7Y4Z76!!mMU`!=esLy>?pa4TP2>GM;h+pHx(22qlj6r-ZY+Pesj+Fy8Q@ngN^o~_f?=r% z@+rY}oWQkr3dEWe^lqt*KIL&^ncun_D{1kOE!!06Qyw@tz@e;y0($Nm8il^_msaW5 zYXjnW9=NEyxA@h_@(+*+bEq#`-ZS@6N*cLV#LBnP8)kzgYn8RHz)8yRxpa^DTWXK; zBwfAtR;2s`WfLOktqp7Y$y*|mcSa`fj!fQ!O_bU$b@&`)09_1M-bOO)VMfX~DS~o@ z+EC6mN;7#A)FjQTP}A}q_U2|hqvfBHiK9t5f|OV_ZwIxUulGOTCd^wma(`Jo%1&g! z&Fx|m_C-KCc-3mV;w8A-s06iq6ZvinohJ)v&y$6ij6wosR6=fY32J#8;LgDWH;I~X zFnE?S4rTeN30stD#_LXHu6%_H$jQ6u1}3$93mwLI6JU*5veVw&Nex2-*>w%xdq@!g zNpbQv_9q7qTFZYAk)eY_mfTE zX$)WOc}f%IJn&Cx)bldxxlnlpg%Dt^GIO(@S^77JxCqP1@>ZYNg6SXhrz0r5ocMS~xi9hYvhp?!R$0K?%BRK$QS4)kE_-tY01Yo`1IXj}Z42Hm#v66u zc^uM(5I4VV!rM@OdkSwhetQOQnf&%L-g?1|!%N=A+kU(e@qdmdDAbN!Ry65Ta!A%p zrw-7=Sne-hg{<_v56>8XkcPUfTcSbqF=hteVqya|0_BNb{WRcKr()Y>U z`8-Em z=LtCN`PEz+h5EEwViB`8_z)clJt6_PRtG>N0HDNCF32aIfKUJc^iQo8ydp@~3fQ!_ z3d?tn7byL9>lBm*dH=uF&~AbhtX}JO%c)wuRv;7!cIy%9lC=^~dJ`r8J65Ua%U`^Q zvSQ0Uz&xECN4?p^&AZKN2Q9|s)@7wPFNEm_%c`T_$c{3yKBiaGm1x!9)big0U5Kz~+q$!H zEiQ3Jj5B7Df)uII<&zlDAq|L<2rbiVOz;o4o=QYyomf*Lb)4Z0{y_%GaAwHVOc(0p zp1BdIR!ydBXx$s7>Ad(2@qh)3%g1-)V^)XQ1qQX3td^wQV63MRAf7=wV^s(x7X*Q1 z?%H3pz0M5&7gvI4X!63;{1`e2epmr0tkK~Ec^tg!(Z?t!egnA7p7t@zw0Cj30!!sd zcp=RPzKtchNFA>nW?-1d@4_& z+8WXGCiascAmco`y?HfS0Ku#z+|~mdqqfF7bbrfk(-sqs!qK9c>z+<<<7=iiqzJ|1 z06bUj!aF3-5AUHlm=ricAAAc8C?!GECA;iib7C$+f_db`_`?I(l>ofqP6sN+koNX8 ztf~_W-XPtM1w~K7qPzqvUTPfLn2(1#%8lO|jjSj~<2qnNeIt5sB$ZUo$r4>FRKD>4 zkE+AtpMi923YMU53yPYDLLkiKJW9dcx=gbVMHurX(%Ax5pBMue0hyjZbRLvH$QrSD zWV2pO&0;0_GF#7*a#b0Fak_IZ!56Y!sUEgbKRzdJZ9f0TZG1%}AdX;O9 zWXiWlD=eh(UUpNKLs^X<@#~KWCg-D+PdxB}UINBYCZx(6jjX64SG*XLI$Y_3Oqrh) z*-t!($VBC|`ke70m28P+QPIGiNm-PXBUjugi!+eCrUl6W_C)2Jq-6a>85K-%%6UdO zRP1Zf6nl9W!4>IGu_E6{7v6;9VMJ({+h}ETknFmp+FwUjmiVd@vL)6de(^loFV+5f zWHwGRZ9_D+VB)qHgz)3R_ZZTi2z(7jIvu`@RQT>U8b_TerpDpB_5;B8KvHBb;4Atc zz-KY){Wtjg;8ndH$Hw0ulR)SvoN${;kbUOavEHWt-(QANeT#dd< zrq@!X-AJZbW1!b*Q0^+rMw%STJfhdnc1e1rd_rK)hD!jwTD7eE5C*D!%_xAW*21vR z$!vqt@W0k^V(|aLNT8EOv> zF7+qkgm&YsYEgmVK}@JE-79^f6iCxEf)T%o|~Y zM5hIZD7d>IGvMvg1M%%+o8F^E$AU_)5W zaqk|^0y;^xDDK~p8UoTY!2MvSC6Pm zEYX{BPCqzHjYX^IW)dgs`&U{^nm32OD+KDy+aL+h^&C#`w#Kug6Pya2TZTmAs6ay zB9sAFrygv6sSB_0w(b*F<~5d>j76v^vX&Dfgc3pUGu6+UF`KaC7k|evMQ<7bk}bu5 zA@qsSTse1)?4#~}y0lF8jj@VlC=cd_ZS+X)w`H>Alzxk?SVqb4FSeo$zgWa*+?VSj zFRenmBHX%ocanX%)xUi6hDGPXV59tiLW(^ypmXT`YfIy(t#6}Haqv5gN1qKQ1e+qw zo^1%C{ftlXgt_usexVCazeIq#U+p|g17h3v+5AnP(HpubUzl@H5x*^_D*5eU2wxB{ z*<&>YgodkI+xNPvl@XXCqRpNsQC^_LCoWw{gUf+**s~i_tBj^->=;wrDKZXZl#i_u z@+d-n$URCK(op>22WK`e8 z{$I)s1QRuHS7=oDuw_A!dOkUZFFt7gI54(Odk4Lb&gvJv>acmMw|#*%I`Oc%v(q%T zBDyFe+-GU{JN89(qd{cgNA?fBS=bFB?50d$$D4JW8%~UCfBCm$u4mD9$0<*~$nknM zDp!ZFXtpC%mL{70$tdFAFxV!flZ6obfiO(=rnaU%)a7TPU0VAdTV7Yx;)&R>%QgYF z-;!nW<+<26VPT~rEdC|j z>F`$l&)_BZb|;Fj|0TT8$72p1iv|$BCEqph>=Ub5QUl*TKAz((4h@Z&KF76d0EiBe zp8`h?9b`=mzMmh#$s62jwu(!RD@idxEq07<+^9SostQ~8S4poxDp#_`cL)Nmm!iQR6 zd;0lv{F!e^FZptn1BJbP`P1k*^g zYz2)-`WIb6LuWn7O|gxRv1p0qiqJkrsUKdOP$`SQe)WocwUJ#iRu(9zh_PJRsHkiB!k$zx!HG439S% z>8Srm6GBWc!H%}HTG2Z31gey6!3m3W{(G)b#J?ex45X8VP+j1^%yc8LtgwLJmL8km z9*<7ezHnmgTZMF}EyfRuYFkpViO;zn$h zs*H&-j1_q_v8+W$n7Ha#@mQs_RMAqM&W`@CFeJLMXhZ)oX2vjwL$rh{cGthj#U4|t8?6%Uh4im$4~m%3^NcgW_T=U_8) z$Bf{xYSBnTo=e6Ui#2naL?#4K-=qXk|EB~{&(k77yQc+jdSSS%rz{pp26=f6lGG=+ zLV8&W&s|~dYo$V^+Qcsc*v3SAxwz8QQNXQ_a15m8!6{=ZB2lvrlS8cR9*GFtJ|M-% z_T4TP9zmZDUQFb5Nl+q_R#eHVh;$>(_fY%d0WJhk`()Y#4$q6@&|NLYf`jSJ{&5^~ z10}yc_~noA>&1UPG1gg)bSeDWul6v@Zu*==<~+K>mE03ql9~5u9Kc)+T6`<)febM^ zi`ScwqxmVh)A8r8x1T*RAfGbQ(VPM;Mf&;y3wtcO;pl}Hy{NSHKHyut+np?r(2b00 zGf%=8e0=%=I`2RHndkp*8%k6g%3+4>F<965V3e2Gl~SX&;aDIK1#3bEK(^&{f4$DS6m>|Cau9m z9zmPVU&E6ymGCG`o-2q3n5mNP^IXyd*;d0a7MFu{U_kZDW@JNz?&@^WpsyfRZ8&n2v#N~1@#ltI3?r;qoAot(Ya!j zUJwrGoqq(oC;mG2qWH=KCj(Kx2e#0p$m}Db0&MlPuvsFMZ$Ufm7Uh+z;cMIXnsGO} z<;Kl}afYZJ1r;Z>+`AtJU+Hk(AwcD(%+I$Y8J zQl#r@&N7LAP`3S7;qBx}S*E?yAn_BuQG4Yrx5v>B<_`o!>;9R{A6y8+x#YE;0=$sk zs0dH+xqP2^@Q=LEaKrw8BItf6LR~)mc;Y{Zn$EjtkWX}{o}|Ny(#?@RF?pY+9Yjf) zt+W`VE3~om2_If4VlflMCSv%hT0>QZ7tJ&U_a}}wZ{bjseLZg!!Ha`ic?OO3 zMMgQ0JXYdHb4=orHtrkT+cZjoEaoCaDY>|xLkD5)OWZXvMhE4ok7W^T^g6qPYl$p! z8?yq96!}l?H$U+yrP2l_G$oSN!@bRFTW*wN@7@5Z56;HNY+B z4?@3=TGHe`31k9eI=oNheC1|3tp|$>n1{cN5GIE(-8IVm0-A9qLqkc!TpH zgyXMBx(6vfi2Xm>fNtdb!VBnNaS^qkP8<1*_7=`@TlqHQFY9L@lTB>>3(uaAP>cq! zmp$>sKeC`fo{61W*b?jtS?MML5LbuVpE?a|V!H?fDD=~3G6;3RxoYoOOfevGB6MGM z(?5x-U;&XYHt9Xq7QBG`F$XWgGVA<`a9{4yQ?YJD%jvYH&8H*vej{~AUfIBPm*6%% zhQjD8dg|jNs5`{LDER{NW6~%o1g?xx@+P8EM+sWQ#Jo9FfUHj=UW{GO8JLhCB3YDE z5b1B`5w)fWQ!Uuz&bpH7N9kR-kb@1Cz2oV7Nj-|1i<|+!9C$WSfmtkot$i^W!C~H4 zx;0>qWs?ttScQdrBgCW+9Z`rBew~OfXHbL-L6ty(EWTk)jUMfO5%oer&aeeDp;D82 zNOPo$MmBEW4&v1+*Q|k`NMK5F^`TXK##S>wTTgD5IH@1_E7A zF4=~un6{+mu@C!`r$?QQvvyQp}?r!pDE$8b@ zZ$`+b-DZVPkgG}L))_URBQ(H!rb@>7>J`?N1IIc-C-YsT)fr=b8KM5Tb{5x>;^x^; z!65l6(nK97-^#2<&Gu%7Z19@}&3I&Fi#EZ+au~`d$>tQbKk*}Y)UkN2q5g0gGtVm8 zjxl5Gy%FOisRfK2$=guO1;jw#UuR(GG=qUwv=W9Olu*l{w}(Th;&wRA!98bx25$xP zh=(PWO|LrJ#7+#ZU(N|BTwe{UI$u52CvMTJ>S#RGAfjF9A8jEPE*70rJ6J7SX;r6K zq2FQbm4%;EtCu$Y$X5e1m_h~0 zoMy~u^Y9~nCRzCteajYMiZ5yXq&9P-MK z6nubPFXo1L3YruzD?X@}twn*s)4|QC36Y}6B8wP|!OATohgJS3neT%CnH#r0bz16e)Z?uIRBzXO6^K}M*$Si_z%?Ql{YigiB)<31NZ=k5Lyr?*2;^WYuTIQ70-9 z;}-`WCu*>&uX5pf16plBk?7o&Ebm(pq&DMnd5HZu|EAC>63FZM)x`&W;P`IH9{I(Z zSaT^=fKeblGpOe~u+US7uflJ)Ro4iwuHrK&_As4;?kuyo_$nS3%=K0qt3rD-T4#!a zdZd2>_;kbGEZJ({z~luXb47PI9h|%c76|rr6&V#cF2T{k!7_bPQ0M@qECXq*!x06U zERojE9?GNaOn3p!S(d?WwmSdkWMbmV^-2+#z_VI+aUt-xSr<}~If zfblpaQb;(XZm1xXh}D-E2>C@8NJs6&y21tA={v}$|D6^Vgm0QV9o>6G{)bt~a{+Zp zs~gA=mmn!qEqSpifO81qBp0C%Y%sL2;%TY&5ywPX@UI6tm7F9GTzeK~xiI#&kP%Wz zUGc70?gf!WEvFen_8rys{3G-Fx0Dd8zQF2BtSA@rLiKbAF5&%7Q zUxhH#LV#28#yGD8k{qO3icW(FNiz%zF~JbUCMNTQN8C6UxWfOGPoY~zC4av*a2 zdtVSnF${H}88Z1J;k$q5zk`pgB)h8sU)1udD-FJ~RW z;3PcR{}!Gr37#t@zS7~TI6geXj>J-dcyO(O57}QJZEFWHCD8RX=+)H;!lrQ= z9r3(q?C*dFmS*JVL6J(S+lWlzMrw#!j$sKRouyML`_8~X<%LbsBENMU4Y4QQP4Gu( zCTNl@qoFy87F5%)pmAV~+5j~jt-(dJ!5ny$F?X8DOsV-ZjMDH@hsoZ&i{2VM(@p-+ zwRK_-a}*02O*`PzaK9RSyV2ZWfwAl$Vk?5KtI~`ddkp(g$zQ;!5r-<=-I;kk&AS%=92PtmHvvX1W5HEe zz}dykpB}-|hg$tSl0td=^5;j4%w${37r+N{>gq%|k4mN4qj?FH3K*#5y*L3+7UZ7x z&vW+H;~n@aFa?9u0>W*$&o{qtJ@Gw23=5**$pL`4U|<}?A_-!Cw=2Bg*F9J|3;LWK zx@W1-&FwVzp!4Wvyi-t%16Or64qDb;)RH%`3f<^LmjN3Nc;<0+TR7pq;DS2gN7tZV zWLMdnx1f5Q)tHi@YH|Fd#F4~v!$;v^qSJiA#K|q@T6ChjMkr9(p{d?~HD;SXEZ)~` zF@IFJpO`w;h)PHd%b#feh!@6JJ;X9w_fPzaX)U-kcynMF&a=;j&MW8{7se@>DH+MN zo=>%c+|D9bMMb_E@!fepQe6h-S;8}1k&YlV?>zvblhWcvd#I}{AR`j3G za8d)uxR&CMq3(Hs>^hvbxYd$rQZ^9*3+Au2VmPRQ#7P&(>pf@+vsoO${YIb_k9ZjA zQ6S04@JEL-i3G;syar;+#6?@l?5|gR_dBAfk==PdaoKka2+pR6pJUsTt_vybVn#`> zC2%R7v22ddc+x)kiS3{Q_@rYcmMwI)Uw9<*0y~Az$I3%``-1SQ`*+z`SjR###sL7d z>o=&wXf9T+ZHTL>l}&Dd)p2T*&wDW5^%kOPWmQ&f?v(0t!^BJ&X(pfaL=nQfJ0HU z{qBd5UGqd6mS;KO%Rt>;=(pjnQ@CVQeGYYjBfQr#f1sM_%?>%>iV%jK2)O;L@OMXo z3M8xS&^h7njs|CuXjK6*EBsww(6@3z=Gcl%Xd%ASf)iIxFpsS;2fe(AMxpHX7Q+#* z7%qFeZIozs{-ug4Ca`lp2pUX{k%Bg%#G>9e>7} zdjJ|%fxjUB2rat(%bTEYT5vnn0VtF)u|i^E92QK3i4uo;p#5_ve2tI}ndbVk?7wK*<*KQD_o;cf=8Y&;Y9p;3&jaS8_{#%G!|+G&uc1{SFgK*B!DD#< z62p4pG4{#rk5Yv6KMj?Ueu)&`!d1@xNg^q#Br#Dl9BZ>a1t`#}tZ=tWevvoP__6rK zFCSpWow7S;>>m;2He6(+nxf7UY!X@C@qjsnW~)~?ROdSdBp>d#%y(iwS2Lhyf=r|(E`7tCK-nmKj?(N3Qhw682RkDXu+=IFFT zbb$Jqp0Bj&1YKbZU87!YQ0idVFCU9mM)U%7L&#UNh^&aA1$*h0ySTPqAXY3-k|M3z4$+VChIr)uIkSIb)M; zjRQBNmhe+50leD=-c5HTJG4t`#6x-kr@^yxxT`YBhHf_Xd_wtK=E_345$+h`9ezExKC1T)M(NTJpY!?q2XVG0(|1pzeC%x z2(QGS@s7!e$UZ!N&P7mhz-NtP6*O>v!_}pr?nfyQqlk8p!sBOhilIsorTCqmf&u~0 zM}FmTbcr%|9s1HHX8i^@fJjSrL$vW=#WetBSjDo}Uk5HXhiaS37IWpT#jySf*+k{9 zxxGZe+9)bmlpB{C2fxrW`~x9+Q< z$GZXkIapg;K}E|SrgmeUxM&Epb`0T0)IzS5i6vjmNB07@z^RyUoyuwuu1~D_QYL`u zZ)hNt>{zWs6fZ>8gj)zuSzs@b9AE-3ga~Nopv&>=gJ(D6~X) zD=Hr?Am&0Xv8^FgQM+h8QKh%!rH71`T!NM`GJDZwlpbxNk^oRP)Z?az+%qA-9RPg( zW&+&Vq4?0v0ZZT%q;)90&r?&^byJ}*MGI}DR*+TZL_K*L{ES_I~B57;KZ^B zr)ZjqfkuMCKH+0faa56@q&VVV08n+{*Q#38Ot~kYTm{Dy2CPU`YAKvx31tJjg%gtX z{}fN9Ot2J|Qv3vKVW}Q3`Bi6E7M+YBHQqk^x@@d{mbG?)f_EdM3pb3lH4d_`o03rx z-m|o7*?Nu%ei809H|E>dP0H2~yfQ+e%Qg>Q_T4w3>?*`9{Z#F0+JhMf_UbS)JW?9W znT?rz7Gxisry;G`@6bfhoy)#%07{51u-Mn#OQoQyqX@9C<1%S+j*z~T5H~`o+C&=Y z(5Qhef{Shhvz8+xI$JrXHoIwPk8w zOPz+P8J85Vx&ec$e#UI|Re+19gq!fr^B;{CXAH)ifS*n(o#~5K@Tnu0c#7phi1&-L z>sfA*r(YsD^~W5Z+`qV8;#3qRZHQy!We^`FGwIPG_fOA`vA!k0My;N%o?NTmFq8dO zkAoH*Zp_g~0GGUT(J*jA(F3^}_ZVZQhYtHB^xb5n}1!7PG(4Is1yYV6Nhwp;eXD@plwYVypv;&9_ zRiQyl{&5bQIiGC*Eg8vJKOC z+akZWXK97nRk$?+Ysl^#wu!=JG`JqmTWVPXxI!bbPH>qb_&U$rixcp~_47-B&U}J@ z$pGNSv3C_wNtf2$kE?{Xm5LaND0gHaen;TTQ9nBpm^mvlEOO;^NO{J7G)l8bNtDD2 z`#n3+LMF#bIiK6tfrk6c4Yl@l_V!P#dE4#lre^R95&59-p35<0mSK>!SSi4k6i}5x zA=wBCe-cksm1$qMlG9h2yQ|wjafJIaL$J`Yx9>sWCs1a%F9UZsP8rwTzx|7BE?6%v zv$MoJKD^%?ZnI!eVlm=dj7fI2@dRr`5I4Bs%TiK2vm4jSfebmsdm4*5c)mb@V#Uh(Uu3Wo7;V2B}xa- z8K=#zhpb0>H4kK~@r4KcoB-N91u1ZG5PjkTaI|{_+Dw`YbB}CgXLc@(8C)gUBmk*7 zpu557_SRb(&PTRdzj&3>-fAg?00^~_xu>GDLdz{RV>%~aio{}(c*$Fkum;qi7F7AK zjSLha6*zLtikwE6Om_87=-VRs(+VW^!_NRsr*LfuUn!Vg`B%T&Qp{b7btCjQG>OvF zC$1(gKyzsDO2!4IFnaoM*$4@*2)`KLBanf@NBG2TK&Xs3nd2S4cFysG1KK*j&&KuHCFt2r)U$R#t~^By z?*di!Y&Mk!^HbRSOWtRNP`?8gp$@=?J5KOq<1`2wGyw5|OzdYha!b@~ZC)8RBq7yD z+amZxljCX-LzrTI>bQ6Gow!13g?+BU;yU0HmEF<&Q+w)OLl| zzsfTF1hT~wJ6Il)yQSKtV(7cFh@CV#9z+`L(i-vXI~LZ0;6BpOdCK#Y{RaijLP0g+ zdWOIytuZ3F;tNhfgLeXf1H+5pSs3e1n>ceN%gBddCIZMKmxX48mm;nfm(eTO?la*U z7%pC0SSH?+-GsZT(1v2=U8Cwi>E5wmIIuWDh^hMlvd8?DLQ5(M84cmRG`I3)X~8o{ zo0FsTA~b+24oV*&>|+tKv|qTl&%V45JV*y8*sp#zvvzFqX6qKLx|wBDX0xjC!uJfl7w-jU8Xgj*~>xAtY)PGX~D*I}y(bVA*|2JT2}Y0zDCK z{t3%%dTK3_Jn5=8S}E24KPnd&b&<&izO{ASP14;`HfXAXZZ55GB#A0I{UKOV9upol zU@z&QB|m0=D`%q@=ql;v;dsGSRH)%xpIGvOK|1-$g@|Ch2F?!L0;0KX8xswBxr3<| z78>51kVBnqqjnYF$vD8=xXUlz1#00CItR69<5|gI(v_=~4z!11W~+uXX{42*>S3VV z36a@0iIRmjrkD+Kj8!`6dZJ3g2~Lh(#l2|36<$DhrC;1gQ!^~F+h)(G?@%ThF#E(W zBaBQ*M1NE&j2LWPQ)?c5Q*RCBBQR(Yl2=D3fHqkvZ1xOBD+;Bp2#JVWIjdr1#XVh0 z*r2|EOPnUFL_q^(A0_pHKIoZ#AP(WS-)F(&{UYyf0u$P-6#kLge@P4@L4O4jWInUR z+t2Vx*x~ztB9qaw&>6~OMqHrO zsO0@O47!9Gp+hyJ?b_{gs>MHElJsLfRN^p!W8f08k`c9F3Dz3wWC(0XjvsyCE34y0 z-)a=yXcQekGllupLKnZ`e*5`GdZvLu1KK;qNZ)~~IMKp*qGmz~B|0~rh-M+<59bO1 zQ@9tZC1puG({dxzw_Ef^CeZ>>OcFiqVS0M0Ifb6|&P6RYvGYYnNJAQ*q+fP)*Y!G4j_>D)mb%Fp9ixr?xJ2T=LZ>*-j5 zG;gH^h$Yy+Y0gXy#md}GRWoVcksorX@h>HXtYAV#c-wn^HfADvabh7%3AnuA;AAx3 zyPnaARyvJ8ZU|c^>G!c1;y>>iL4&3N9dkd#$FR{b5V!t^0I$(hg5H~8oXyGAb?0zY- z(9)d~BVQQ6&1vdHl8nYE&*6)U_lW`~IVdi{XF_Ky>x>w1TB>!7tW~P{I%1V`5DyLl z73XvnLT^U!^l+~=m>=$S1aV(AxDvY<<*eeICY~DV#4Ymx2`rF-$|oK6Hlqz z9nt^ZJd{T-`aj*?4nnF!zb5d~Llq7a4mt!qxI&Qn4}$`h^u)~oUke#h)kn;Rcy$Q< zO|-qh5-cPUz~1~X!dq^9Y_G&8G|Jf`vn$@MxX8ON!@h$0p7SiH=_R~$E^_~t-um1N zPEw9gC!A!IBPK58POz_=cG-=PqW#`?mtKuqxOOxS4|m>VKGdCUtiLO?=mO2VF?4>Z z_qB!|m2MN8XDR#|)_o4F4V){>>^HSo2GWf--_}Qpjdrjbo$f5fZBz(*ID&doED37q z{hz1An>qFZ87t*(+*1xFqw^$Vf;k4iIsJL&H;h>3I7!^*LFNN-ZiD-02>o$8N#k9F zjC4F-;M~KZO4(^6skhWh-qNSkv?A&PQD8}jO^U^N`YN1M+w~DEbFkSRL^4X1%Qj;p@+1jR$M3 zT6m~j;`1!E+!zEdh#C5=p^I(>rkt~M1VTu;*%CfV?f;aB_E(AaH^}xM%?J(R91^(< z%8ZUf6Xn>MXbXD4gFjLpGBPSWYLg^u5YPz$?+`Dq4eO=oP zZ5jB7yWZm`-2>Cxp$N~9Q|ZCkM5U~^xfOe5q0!41DxqSOOPU5cisCVN z7qYp7d66RAk2;GrJ+chE%i3mG!iU}9{$13Ebw*c+*Y1$qf1kbiZctm)a)GyFNgLX>JwL@btrrUQ~?dcP{zad2~ zSl!8L4%V%%>Z^^$+nb#zG$RDrBj^MmE^}uMrm-TQSoI8d_pI5GdYc?1$x5cyMJQRE zjWmWoC%EENn?1`AOcM)UoAFBSov@IjpnL?;3Zzzj%JT@G6V^%^or-fkmK}{s5gy`-#c~k!IS^4r5ldx6k&FOYpvj>jaw8LX z3t~HHP;Ujvj}=~7 z%lwCkq`>X9;7L>;ZjiQvL~>S6vXsFntz>FwpB#3<;fOkUHGb$COe@DvHkFr534KZ3 z2AvY^3b-Y&knr{xRR$}mkM{nWL>oyQFcKzGK|1u#BJ>8{s>uD;Q){qd0TKZ!iGO-; zUiTN-o9Zg2Hi}^@uPJ(Xf~gm89^Ky!%ZgU|!TqiVpEFVr(u_Zb)hYS`9hhTe%2t>( z!TuTL8uZ@mp`{Vz{-@X?oz9_>kWdGb8@OydRb$dC>x3Hf%Tq9}f6pm!W?Vy;<1Q5> zw@=<#1InSCShB(}v11T5$rXMXXAb~Ca9AzHd+-ia>=dQ(HNzQY)W+@1Xg0<HgN>GS0m1psTsqMhucxr=fHnt?8Nr2jT_FWVNfbIAE8Hr$z z;;$8(!yp?Nt69}L%lZbCvU1qilVKyi>)+Ujht2`29I(z*v`l~vbzX2TraOnJu_O?X z;QSGlbk7LfCcpla1l%+Lhhs=e3+jUkU%3y@fJF>{ngA@Qtq{*)Hw~bAd+e*GBPn!? zJgcKEf!VUSCzFcHGTMrCNMcZX#e$yp^Tbe}$}nsxMl{Ah3T$;H3I$ZJ`9D7UxOI2#|ao5C);?)i@xWH}pDS zIT;zFl|D>4fM?+xKe7&#SySPW_7dy<1bPBc9{&cEW%cg2Pxu$O3`oh|+>H=WHCyY} z)FJAwEeMG^Y286Hii@7u@XV)sD`*7>2IoOpF5q{>YHhw%{V@EGob@?~DSVy#?5*AE z(e|&*XIL&hxN}&WXIV>`XJ~W+;G91P6m%MVXJ!yLKhGz&PQ|T7Wu7wi^%s{R|6AX$ ze7zj4Ke*!zC*Aor*t2Yh0Lv=K-PYo?Q@vie8Jw@8W+xz^t;i9D`(c;8RkjF0=-UyP zcM8xtC+)Y6AX=IsS0%GBs5_EgjsCJ7n_ezI9=$+8Rwo7n^h8G;gJRx5FP)S`F`Vne zDV!_ON5oIGd2@KI&l^LLauH#WG|7|MK?^olI|8(CTVNajh!3TxI}H0n#def9~5AeU6ec~ritdHd#{ zuiXx3nLzMF4AI-?koED1TJdQ6VGYLRBMbY?xY9OX&m4L)vGP0S3h;kHZ+o8mzoxgZ zHvTA9k4tYa$b6}ol{DA7JC#0KoiC-*TSMA+RoeFl=o&Hfv1IvZCxRfye2E7Pv{T)? zhOUM`U8n>T3OGyfa_onv1et@p&5Wt~Z%;$9v4Gev{OG#zfj1Xx`h4PE*z#fYbz?JW zPM!D_B1tA#<=KsD6LxIgM@jf0D0x(Y8(V7C3~&`E79SSxSMx`KN6>kB%(jJJ8LULR zZH~DUJY?Tr(5IL}k;X%O#0Ea{;etI0F7h9ak1Qy5euQ%zb9`+7J?Ba7#UH8v-}A2v z|NNs+9G9LB{ns%dk@WN*kJm76-TDv4YwI&<^!RDo_oSCo>DiU~{Ui9BEct&epD|S@ z&$*g7c(jRhUwAA7Mfs`?`Kz4gMfY*!uUcQ|6-)zXp%7yxNGpfru?$(p3HR?L9X>-I zWDt)H-u*wN4m&P*?ob=R^I+~|2!GH@g04mukqX_9%8Nb;UmfF*j_^+f3L);LHJwoi z@$ces1f%CTl4G4O^fF*9kmVSXV_H!pMRv0+;Yo*6QYYqDD8NnPx`(Aa>7twcAVdBN zfwbs~7B~WZ5UnDi3Z$VJlzX@dX8-;kg?Dfvd$bzWg*+__NyattQ5&rqY$Vl-Sr>wTR?Z2FWo(iuCe!!AIS|OA z8)zV{cLOKiJf4_})AA2b%imvqXURcW0n^{Z7cehk$%Pcc33-!>0+VM@ru)U!s|>kQ zdT;g%(?yik5?(sp(O@HsQL(?s2ysyeivK`{!~r~pd@w~)4o@I4Od#*l`V0#WmPaw5 zNQO=wmQl;am|LnZ0WPL_ifCSO>GJ8ec&FEa(ir^_e*9zd=4Yoq=2hcf?z`C1N2x~$KN8<;2bfy-P&eeNK{lRSTD{^hg} z;>Hr*#!GlyIkYuZ!mpMR{!a;l21xja%wLg&FN+KP?MEg2|5!db^FM2EYfIXA>upON zpD(Ay-`AcR?|CKlyC*IE^tAX9Y57;B#doE}f14KHmiAqc2Jf7-{4>+ykEF$KN{e5e z`kk~My?1(IJ^IeQM6t(MkD}}ObOmu5{JFq;#OPI&SX#-Yv6C&WlfZwH0$Z1*eltDT z_zo(}OVJfPv4~4xps3!n2pUr?DIl}d&-QkaDduHAr6otQq5=cn3S}j4Wno_Hb=mJ; zW2WKR(uPBr+={(z48Utp5#|-MFS~#Q9)z{)rQ+R@Qb-$i>+wJ z8~uaBb3M%1n{HTSK?qPdaK_S}ycQxPc2gA-$1j6P*!w-oIOAJ#&J+B#|lRi~{ZbO@77Sue2x zdBJ3Wi5oQRs}9o!0;9071J)q+RbLejZSkIkFy-oRUw)q~H6Qk!88BR|ETZFL zm7`ad+FB~dN%Evi4RNx;3->kS=p;f{crWapKt1O0UU*k&7uJ?aZ_CtiD4KTo(C09F zS62kldi5GIUmW1=v@b72MUmf8ASieYV=XkOK3eLIgb7bZ-z#GNn>{qEY2X9tzD$udId_$IFI)>01Q<-7W$LqA+!xX+UCt+nr?CIJ4YE>= zpQNQ~aq7;)nlk4v8II^f)X#9HVf(q>8LQA>`iK03#%v%$fC0`1LIYG_!(`*?aNp8g zN^eVa-VBfpkt~souFlhGSkDt2U~swJsH;0qA11&4B_k+NkUr>8j8P6Xk=jRX)5{EH z0gaHlHxQ39HRR5Q>}%P34#*+QFq?uO0~@e3(Jz3UCKm@TTtPCpuG#?Pq*`u7_oZa1 zr>>x;2SRpBJo} zL(>E}RHza!4%IhDZ4&4p6x-k19wa?@UjHTaTX0;oiTZF%6Mf?1+`H&2auS5NV2WT6#+nt4X$k{R-4weigb=%u_DxzrjL0g#A>qe3(HeL2m`%R5AXk z6Q_eXGcoi%CSP4}pt$3m!&+=b52A@syY1qdc)&A%%y1w*=r4K?L0BENEvGWz+G%@l zHJLSxM_MM&Z}t3fML3fnNG_ryk17YN;9uo zHK$hn6BQZ#tt{ByybKT+h+K#TmeXGc1F>tdK669boCOrXsK7CQn%YEd2El@UP?#&| z4!1#r{44=fTX(e|2Vb!5>|%5R7+68Ti6W993SLb*ftdx*3-$8LJTwoGblBP%mt&6(juR%8fBTp&G#^$h&)7K$vsYtqs5q99|~_^0E55A zyyJ+jAj?3!!M*WGx9g+G-n;-KEV&_uIP`-i0V=0@&p4E!mdqieckfpF^3lj0Sw?|+ zqj*sMyfe$O7>IlVPn^tjY{m0g{5_0!Q?~q5i=^!6*Gouwo3dGudT)A@?k8 zR^YIMJDSdPjXBN$u{9sXh;^$H`gQacfF{cy546^|&8gElE$DhA9UOz^!4`dpkRLkL z;L=0nbccK{*aH-xG%T37*Fyb_Ui$!j9|T`0K|!OFK!qt?Dg0iGPv%kMFjhi;1@Dyo zMa{%T#cF68_G}(ZJ!hXzCk6q6sKsE_R`Zaob)Jf;g+l=r?YB|Kb#)XQK zAga|N^2H%41qe=3!z92Wl2o}Pg403Bc3O-c;AAMzABNm6>O6P~>jPR6l$9j>V@dmtyv1aZvdM0u`EqplABS z??|ps*E4~wSTJd*_fmdvz0)L5_mQm3ccKC(GO)>@@vgznaQdtKl2O zr~Q>6lAN8A9v+F~Sv-2S0x`6TvbbfIlny_^{FTSc&l_vD zLogY3gOksm6TCosj^K_~VBZ;_RDiVrj1l-F64WQHc2k|O>|z}G5@k! z^(*9W-v@n>EG=FXZ6++cx>~$b#;dY%7-6Gnw4USdbj7kRgx>WBDRd_v5;=3doLV6A=p=o8mb_Rq^uvwwdT@ecV_oU_TN`t5E)l_&^rG0;!_Fa%x zpC>JTQ(FA=wD=Ke^^=Sz-ff0GG|6VH1tl7D)!|ql$)>PiB1>J(`=Nb#EoLE%gMzT; zvfovOk8q>aRI`3Cir{nK0W04?DlX*{Gi1(s51Ec(4C6kNBJEjPq{*!aSgQVk$1It# zE`OgAVRj0?Y7KW-!(X}h#MD&cSh%W;GCe~RAVeX1bsd@E`+YP*Fpct;GMT=py5+=x z190W)#r{T9-4QKX=>iK!JDlAM2@KqmhT z1PvxaG!YZRC4mqkA}oe%up(fK_34U=x(lcff*UN$!y>iXxAx+zwYFHTwQsA9_0q&3 z0Yycteo@+r+S-Y$6{SLu%YHwfGtaY^aB08q?|uLI*@m5Gu4m4iIdkUBnKSV5kRR)h zwf?5%ddWj+h~?d_oT>b;yVX{xp<<`)XcLm;aoo*W{>H|IWxv6WP@4Bd^dosj;hS(p zlclb`UzQq98||Mg_vHDP_s#$I9Ve+jQ|0x||Fe_lADYZB{0c%CFVJ?WNz358Kadq4 zr{?~GAmize>K`#capcd4zUns;t@C6&V&xgC^UyE|R;UL

$l157`Hy7QfjW$ZS^o zWVz*d>Ekt|dhE(F@$s9@R%I_Cqg?p}IlZOts!p%U4Nh$~GFvG`|K4u(L8+0DJx<4F zFZ`EOptCXJYP-f2I-|L5p$RASsoWa&s#)q1Kp)6dQ}`3N`>Vb&8`DReb7zIz+Br9g zLtXk)yzlomTo~(mfGjY4wf4ts96oviyx-tdA^V#o#5FQr7QPkstu>C|p!iMn`wwGc zUXg;YKzuMtzW%?QFRdxn>%sq?J=?F)0)(0qSTS67!t@ zqz{o01xGeMHUFCA*${byW&g1X8#ovSWCX9&XEzYToUpMEWHqa=I>Dc?$;RZJ*b0Qf zTh7wo$A*S`YZ$7G4J_aP^aF?w_ZGYBK5tfMjH47j-Q(j?R+0K4uBc&Yq?^$4jw>vG zQTtb>?%(s}(r_`}uAx+0iWOdNz0eTl=cu?@bzg)L+XeQFvmIO_bG(crbh(fF$xFQd zQZL%>M!+m@TX}JRuIZUfcmM{-)%$`&fIF^cU`zSf$BjqZnAFP_yVrH zM*i0Ax)JJ!one&`tPZQJ;8_h?ONp#J9C4EwK$~M-lLLNurHe7}r3NI}@v>$?ewdI2 ze<_Qwkpw0pnOZZF!diqVPC~!6ntl`Z^5(Qf(Cs>W+#}Fte$HZ&#tFGyp=GD8ZRSy! zWl5o@>vG4Z(BtrvO9^A*eEaCl7o?nKn^UD)%Vu>o9z#72PkH$yC)yMk``AZM1-fm6 zM%tsi3aO+{{-=esTan*=Rm!r*iaED2l>Z9@gNqL}s|=_IdWDCK`c#|v#?kL*5)b#_LHgste^}y= z4}UA3BZLH%Xp8u<@lnyO>$AWA`O5L@f9zGpAHV*ZZO7K%Ui?ZL{@Yjd`QFy&+xu#I zek1)m0pDTq1ai#y9hUgx!?*Jg%cS?ey*<7DcIRtp?c43OY2UwH?emVGKKHHT<7=hF zA0M74-aHPzHmBF$mtI_-oEZO`K0Z!;z5k*<>DTe$tGVYm^)>8F!w=!J|I}U2a?#)p z7kBFQ|B#lihCVNg2?>w<%Zc|z$d&m@29%ctjViZ29&c)Df|BEt=R_EjZ8t=*E~Mm>b|bJUKTwD$r!y12FKi-Z!ySMa1AG->;TVAiNIqMadaop09@AeIy?E8W;0$ zN0yX72BhD9uo}T;x|jrX>JXLoMgw=;OV_%Rp4M z7l||eMm1WxkS|U{p+lP1gEX&S{ns^uO~2Y+oeCx=Vak8Vo5bgA!P~L;y!H~848k>|$s^&2; z&e(YB3t?&|r0y+CDG>W;+q4qyeKyhs9^LxAgkK2m1(4algL*K%fSVVa)SIJ;DBN@n z4rx-|_(1yw5Vm(LVkQ^PbwL1pY@twO^(OUQO(Q7qZ9a|GatQ$Slx!Uh`T@9}#D1-! z4F0+=(2@s=!=K|g)ja_9i_H==Sr-6+vsidKlxWq5R=$FM-~`C($Ke}wKM-l{DcHM@ ztXO24PvWtiM!#ysCkLo~3Guxj@%H`cx*~%(l|2wK>@?eoT9L^QSN*_u1e(uh#bJPS z7MFmxL-9k%p(q^wYrzJnq-`^bAU2L)ZglS`G&NYR`10V60olfb94n zs5C4u1Q+<#)y+(X15IpnAZ??Q1(8hb%g{9ynjw{%G!P(a4IuHs8;IH^*ak&sm70Tb z7&WkJXt2D7ip*Ze%1`0e;4#kH8v@s1*8Z`TeS?6RQo};42D82h1bDujeCaZVl=;u& zlqs>wV7dd20v=R&ar9V+-@-X~4wtW=ZvxEds2*8$@OllW3~D?5sHk&LNpd`C-Lgc+ zb19uWzNhEbM9M&H(>lvYhvVpvi;3es!fg)xnnZk!69kRsoC>2B!i5Q>g=h$v81+dYssa@<06$+hW)->S9cG8H!JRJ$z4Pt-Gb0dtl+K=Km1i#WO`ryDJpOc5?ma?Iibq&^a z^@lZt6MJ7re2)|pr!iW826wBu!846k;L!LJ$M2fJwHS@-R>^4aRhTXf))=#fr}*dM zfEG*yp)<9wRVj3>6dI=sadKLP{-FI{w&O7zl)~egmJ})d2cx;ch=4QbhWq302_2Yj zD&ay02C~|xTh2FY=AylUy5;Wre837-9)>T7t0}L4U522W?ztFE2bY74j9=s;t*Ms1 zaQfAT3Ryhu=0$#mhp~iAEAWIT6$D2Zi)?@dCxPWa#)6d=Y4UB?d^P!6Y6H8=fJlmjgl;FhRMSUa8dUDmS+tZ-9;_9PG zD6IB#@#blvT{y5ha4U*Em|pCIDaSMp3KIGeiWvgCOkmKB2}YNP+1g>FrnUsSQt}Vf zWRa_>%ij1KzbD{A8indJK|aVaG|YG|5ziNnb5*ttT^BE3;Z&-IH`DM#QzHDh^p}in zca4mEcTItg^fHTviBk!0s*&V}nKd)9pK}%6(!^wJW!qcBBs#As_-s6 z0B@AO4(;MUF#(WVq(13A3c}Hr0C0c0Bfb98f3N=TEmD8SM%G`LR{w^R)?fJV)qkz7 zf05LmpH_cqpZaBdGsC?>c(*5;sD-K9ih+?i-mZy4b06CSXE8CMC-TbxR`k1o=OniT zOTA1#fx)4%LEUOx@=B+ZCX}z(Tn#oWTN5rCuLCeqV&KO8^ndP(Wm|f z8%6M6vlp2mSB3^7|3JvEs0cA0t|Rf#DC09gt@+)L7`h+-fHf!>Nm`;Fj7ZU|fsqzG zQR6Z5BDwIsZQG^T_NAUMj!%aLW*L>33Gig|eO=2>>{_~TW_c620yj$hEl_vf!C~hr zKpBAL3sByt%m0Ti|8-p+g3NI$IL)p=^lQ9DyE}L@dPeCtpkFRAZzzOgsC;u4o#zkq zHO^5FfbE30xZt}74*Pm9g)K@qQt7EJl{yptuX*0RuuA~(Xh7zOkQ|&rYoh{~UVfuXfFUU6uHZ22 zpoTWWd+{d^S-`AzUMX9igAY+wK`R}&tDI7^(rr2Fii^-{ujE-MmzauU063CEmO*!%}DfQ*T}puGHC z*bU#aPwa++_z^5l#YDVdj=GoC_7aQnmLcpR{~F`ViqrtWEN|V>;GOsc>IVV50<&Ml zspHDy`j@d0Cul7t>xU9qU#O#qiuJz-bGJ75(!wK%fDwRNgWvF$0xPFT*K^e22NHnc zX%h-=-Sy;YFdOCJ4@B9eg=)GW9g=0}4#N1uFLFHd(ZNCZtHj?T5<@B2Hqog z-?bd1NCb?jT7n0U+BU-~2}uP6;ztO#XFwVYkj}l;yUauG*}dw84ngE2w1m=bn{nz6 zX<%a)`V_|7OG6EVAU%?3^nqf*9J2iZ$F3PAEzWAxbck|ULC)8(69Wp=nG0dqgxg~E zPT&9+S$nhH8%_lTxMadCuqIsTQ{TH!xKbo{V(K9LHqp{JtEJRIcruad)v4WhngRdy zY{fqSAz$r$iamnlz?~{wsiI{Ah1&g4EgtyHe4$f~$bKO@p+*1}I0hXTju#UxJ$|n4 zvB0rV6T?=d#_H`l{OC}DPhIo_b|^ocs9sCd^Uc(HETY<(NNv!m*`ML|ueanqa}pn_ z?beS*kjSXv(L|QLwb@556JJ`S&i+FRp*?^sNkZF`sQS}$qyr$dl0(*vuu1L1M5b*z zQyR(tHIe!YooW*qsY<^&Wka~TWn9mXj^MRZ(t$O~YRFYoGk^dhE!Zr=?i~KRIYy;V z${4{mpe|;`W3-aXUOO3s`rdrVL(reiFLG4D%~dE58MwYvpIPWPL%8_jZhHkpSansA zyKM^s0e6$?_^r(vvJ$KTl$Q}14k;tDz^OjFM_7ZIE6;<`2W`qEe*~X;a1jt7Xne&S(OAY}g zwCAhJ4Gm30V$8{gm;~Xk5S3E7y76^DA8zqxU{2a|xCCw;G>)_RBv`0O1*`=TOXccw z;gc*>gldY_hg$5wgkF0m3P)PJRrOAH+ieJ!$1y=ESeiE=<}!@5aE4O#D_urdLeOQ; zuSv+j-0rrs5sH3~(-=;t-!%^bR@uSvFdieik=7pT^QKSeAG%D|<$e~sk4-SUOS*it z@F*e!h|Vg&-IF!nl{o|Tzm2=Sk@-uh=kVQ$dMtf|Rl_UpwZp(OrDgY8 z4}#V2hDNM8LPqIcTZW!m3%iYmGZ6(cXgdwRC5O;ryk#KXr?%RAZRMAs^d8z|>N-~S zmyx^cBg9zf^@+IU)aW(nrtffcBRkLtoZwN!otuad%9Dq(T86YfTYd%7CWc(I5u7K% z%-Pj{hGl^iDv34WttVJ!pXRtpd|hJk(=><lH8-I3hrf|aqeo2)76#}`lnVcrRx zU^bb(R@dx_9A9x69u@%&R(HE+^)^#fC)M*i&gFfmGj zN|4l&qGI=5)4>j6r!Z`jvjrLEPm?PCwdMi4-F2AUnEntzIlF}qFklNG_?1oW3;yU* z`#n)-P1|<7$G+9aO9CGCCwUs#l@KCCZR?TqrTpkL_+}{-jdi$p@$z91H#Zy=adQcN zA`85c1^L!?33V0nuPMH~NNs*Xb5@VNl3)t9?2GMAV~}_u*>VC#N#QiEMA2C(Mc3|LeOFHqbSQa)XKR1&JeX-#`}YfFU^1@*E$JMg zzXsyX>aZ4vG)-NgSMatm$dk6-o+BgfisV{DZ4G?v9*9wx*L+zh+)|K%dFgKZ93OtJ zj&rQcO6k%)-$1nice9%JE0LIaAD~zewj2@7<}NiGzm%Bu0=%jJksMD2{+8qKA^e?> zzX|xO0rrRDH^Y{8vvB+PSQ+$xBqkxqS~L|13XeDD_s23b;%poRZUbQ_#am2n%=}uB zEV^s8uv)7%S+!m!cGrqO_wHItlO@7`QXIB)S_!H67OH)MnGpDJot1Gf zBMwF3zra!bV$f0YqPa_R7%TnJWIDyf2PK|gL8)f0 zU%Ua~-bm$YbmJcUYY^4gR2Hc_euIwbE%E9Js3sq4J)#e3p@-}I9V~U{1NfIxX}%8& zlGDI5R|zVDWfl*diG`P-w~X&|NZRFa!3+c4_`QJjs6>)t!ee{=4E0 zNewB=H=$qpExZuh32{NVg=+jhrUHixAfsM9SpYyxywRcC!)8`_00SVl_$YuHi-<;O z9`Xb@(LAsaBtrBuQWm*gG#QM-x@q2C81BY{E#iL`NN83W_gYP2`EM%%M$l&WRAEq8 zcEQ*5vst;GFY)IEE=S^TEB@BuuLXa|hbc`0i@ zgZ{u$VobVH zDu^_GZPvqX1WjBFVN?L1LgVA9eEhCZWt~Arj%ig0Qnl&Pk};FDw(m*j-&Xy>`QRF& z@#TR8j|uR&RCB=57|4~wF&@fajOMwgA`JYo2n=@2I1l?CI*qNy7Gw+#!hMyLqHwRA zl%V1l)x3iD$xmx00Ye9k_sJRIQ`rm9C+ExZKKX&Gm?~-)Vv;-%ZX5=oQ4jdorL$$e z>m{w-`BSS$r&FHxr|KdGv++qQIJK}NWk>CslM@eupgSY(`GgL4*R)V7$ z%$MMB21iTqR0ao0F(-qK5_<#>XeqA*zhLk=yz%E#e@D<*c|WKms}(GBCO}l>Mq1ol z#*IK+cuSqS_UA11YnFQ8ZoAZc<~VX~THGSW^&n3D7AO8b)xtKfkl-yW-Egm6dNFhU zfu)miOBnYkOON|GOV^-CcuS4yg$0LCUC6qQNbp<+&wh%r1q_}m!NCk}n94guxeR7L z#tesELhz$U8Qja@AqoDC!43(&i=Z*#yEb4!0&xxjOUA8a+$jX?s#jUj&ryVcO_s0w zSl3($Ze;Lu2|~deH!>3aZDSR$eKRet_feNeJ%c#)%|EhQA4^{sH<_WC zO}+VZyQ$5r;vrU>jC+D{ccsU*Gw$~ExGjvk)@pw2i>&?NHZ-(l3xoe)ut$O)GWe(1Ycp$E5%-5@Xr$aI|jdy;A0HtNrndzG+cjjS+i&-TmE!$THG$iy@NPaCq-^R z5#r@-scRAIIwZj+2KPvC27_Npa597ENy!QZKa<$e3_2usID*EK1PFWBTwrlpoMN0G zacYhfiFG6RkyNyY!2uHc7J>xqQ%UG%LY5>v%izTl{56AzCBx4c94xUvWbhmbZbH!5 zk$`3|TmBO^K`C*)jN67dRsO3Z7?7)2x>$mjGdNIq#dHQ=kf}ZaK?3%seDQrP^|S;> zGWej{|i|~kPtgBUm<5}01D4@7n$vAmi>roce{p5hNUOsqtG3)=BIFR-W+-yYiJR z^fhU|CMCL!(NkI1{nEW+R`8Gn&t!131W#e`m%9H9W=UhD|L~T=1ctHx%l*#-JI|_} zk63&=Oxy#t&t&Xx+hW-IPMiSAH{^#%!(6EovV`~x>L;~X_0`NDiDq;<>vx)SieWCO z&8j{)fUPxzJ?n)_n099H%+`_%8+psD3YuiR#0+H;9${VKg7>3k`NjrdA@FtM0U~3+ zTU0X9so0=GiYZWQ@6`9nT-67Hd6us0d zU~nB&DUX4<;1hA4i+A4gjdns8)X>e-(BWY$525p_=5O<$tOtF(HSQye9}^V60^+s>438kf2ZJ&unXJ{ha(ez|G)h&DH%AWw57#PUAdopE@c zaxj)<9>S}Tm6vCC;zjgY=!7OgonBn>9%lTSNz8*T7T!FtNo8OIrRUmIC{gaJ#SWg} z_uNMn%0B#y!Jrym>#ds99z+G4O{(`NqFn*nvtd<(RKXyNK8_sF10o8_mMgS^J=OcV zjsJ517Dmg}Tfq73$0kBZebFpB)QQi1`K_6c5T5u(>ft@;ZT8(NRq8ruMB@r4Kowxul z<}8eff5LQqR=D@ZS4RDA*_CK+$ve~%=$8r&EZH(ei}FcAhwZRz5YM? zsHip|f-0)T_zi30m~_1skK&7>^{{k*U5tof2Nm3q)LeychrNymgj{IO@@j(}l-CwJ z2y9w^TCV49{P}^Qzu@;X{FNZQ2!E~kdm7*1WLj&K?QmxI(I5R!eI|8OxoIjXzwspK z+}MTX+&B!%Q@i{1QAv4yX{dxI3I&q-A<;yok8XE8O^q|u6S&?0%(y_5C)86NtDmAj z!WM{$gob*l85d~%)YtR=9sLyfyIE5tES{@CPwbwfma7n1C)%HQEzKUMy^fIXpOAWA zqDBtgd^mJlRp@?dVI`dAR&{>p9Iy+4@phnE0(iMMy4(xak1N<~&GRJ6=S6kc1}S z?skn$Fz&W)#0K3E;XffvR(bt8BZoTtUdl)Kw1M?QQGkc#T&ffs{IKog95Z?@9Y zmSe3CmjfMhP`JlISHs?Q^_BeftgElmu7~T#&xzLKu1<@$dEKmP3xV@Yu3-e#cFM>ZZhqI|akNy!dJm&wh`JY$E@rGZG8@;=%U-`C ztMlWmDRLivy>p#+{X6SlS^wGkgEK;(ubY>>&d6NXkY&rvnm*nhpH3fGMrP_x`Mu^K zbBeQMmIKgdcT{h4Z{R8($hf>&JzxWjSHclz=E0YpUZv5W_;Q!(M70vjkITWN&AdPb zJ67*7_F_ght0O`x(5JfFK0!x?g!n|_y(A21cD=a#Kv%=8{I)bypf&?8wkMFkVC~w&I@b*mHF4-P+ltk(sS79}sX68m_RhY9J zP^%6pkwvZV(uR(X&V@0dEC<#ASrph%r76%ltG4ZBt<>|ZR1W6z-w`^SYtb3WY=D() zkr`KX`UWj*HZc^r<_sssA?j$DC`WqVriHYOMSc=tZGte21+nfLO{{ZZa`6db!_cVF zXv2!MVxEKnfIT?5*4SJv!&?k8y(pDTzglLK>2UgxPf{t^B3j10($f)ktMGTZDUDho zzu)E71Lm`hcV9guyECk->0x@4)Osvl9@+-PaIn<66$Cg31r|zW#&^)c*a+;k zY#^#EAOhFu44aTa8f-;_fY-0Cg~A-YT!e*$z@xJ{RvG=?x>Ipi2qMA#CDp%;TVwS8 z^uS8H_cx*U7wX#N-Vhcg)aQ)knsT+|Dzk>eIBkxcRnX3Lu(1v`YIyD@!1e4?gG0Ly z>mHYr;co8u!adkg6u$ueqtt1m2r8a*UC^bSToUaDdlGXQ6r?pI%L0UCbA#2dv0;v) zxc;)aCixUcBisQiyw@(|y-+9plpfdxW`_Te#w)M%ACQkc{NbNZHI_4Pern#6=Kt{j zG5^$xS)G#6u~;Vz>g=O=HoF?o2L} z+8h{xRP)~*`ab2`6{+))_bFG9@hs(LVI@TvUP0z%3AyfCz)J^SOr^1M4&}g&VD($r z$Y6LtTHi2eR%U$iKIY7=fgr&8e!YN&LIogOcfe-^+g&))T4WxL$NKp>*PgtP#o0nZ zV!G8yFYmx@#tjJgnw$Kz#xI7W?Fz`oJd%H!p!0BF!@ok{-!;ub zD7kk{YTS6lYNP4BD3 z5%2Yl@TsSDyi7Y@l7VjkH45!xcySGn^Ku*bsFlF8SxK-O2~S+g2b@Ev7-dDd9u;-6 zM~;UWX?$*XCy=k^9zB>a903tcB9FFTeft90PZwb6&!yAfd^YNh zIEo&W7N8RaYR-+iieUA3Tdp($dV&*4tLCTBFb$KOsNgKagPsTS1E+zST}A^KrBB`4 zs59i_E(%{bFNDmN!)GkA@IhTAK3wua#VS5Lku2#3VM!am#C_9}tPt3{qhyLBH3Q(L zeiq0wJ!a;ydD^$3-|C~XyExU{3wEL9W1C-y>`{gb;xFC6wq^IyO{o^u zz&uADyq~=^k@OgnFa?T`P=;T;8h>Fjk@xnR)pvrKTB4cH;*~ztaXpJ;mbu%mM~)`7 z`V-AG9BbpZ4ui%gt+!dp-ae1q8P$Jj@te39$QA+S$RwDBY!1=$EHF3Um;f^eNm9g4 zn;G#f(Cg6$VEgiz$a-(G198@^dr@o7dz?!*a zA!06D*vuASKmiO-P=iD47R9a$nI5R|sX;IZL^fVt<7XV^nUaJVw@*wpy&zGs|3fs! z=zbs#1L{RTdp1H-61Xyz>h?}Xs(!x}(~j#7i0=0D6GX>(*#1v|r+$V=+y6jY(OyKE zZABTNa!wU5emPC}O;-f`7SabSUS!Qs-~O0Aaezue3@a9(2i*Ml)UUoPwuV?F9p&3& zX95-{%7zcdLxas%qjNH06SO|FR@S$dV16lZG+=Ot?U_1#h%UE6aK z5lZyu(Ngw@z34(@0qSq$6#WVN@LPfP_k_{*-%(A+_V2i7&&LlgWO(rwxrYG{0)rWF zB5(@Y+{+#S%SFC*bBl(lpft{vuPFN4q7DFLzF6|5`A5xf zT)Ab=Xiesf(3cjvr{ihp4cBmUyrHNNIKqP9EqQrLb}XX5`H~|>Xzk6QR~vfu)+QNS zSt3x5q(<(6@qPKc#P}w1{~WmiTai!wSjs`E5!;?fjp(`%_oT?9a(7SddlF&|$Exq2 zIw;0<))Ax$df*vf`EK6PXd^j>E5ZGFvlROYk`|W^E_F%f->9xxW}WYW*83Z8BS+5* z%$6H3Q|~}iAdF~QaIoKIM^r-`#9+yU-wmEKTRWF18YY z7t=ak8z4fduv0iREwGlbnxzi-oBWW4K>)W7GQLO@zAZLc3g_})`CH0Oiv*k1CCCSH zkq$flvQ#!WG@!n+%XlqO!OekXSj8TY{UY{vze~-Qx|)NZ%ts;RAD!eU;Nw8*Vz{}6 zbi0IG*;7a(BH#?cZ-3tK;#a9FC}#!_Y(A!E3Bv!aJB;(b+V z!kp?vE5Pe;yf=$oGd^I;JJ>iEdGv7H-tz(aX->sV3c4_WU;1Q>V>#^)As*9eCcM93 z;}1W{f&EM(D;sQFn5bY?&x6Q_K`2nCqb&IQ&t&8PC$kPR$SHJNt75mB+2KlfLN+ER zB3ojM;T$=Bi^E*uG|SZA;NcW)md@ep6opWQfm!XC}hL3&`d@&H_E_6DWLEJGWp{Gb!&TA=;ty-}wZp)i)aN$FxBZf#n-){J`U!(`p>h5y9&}U<4vjJ!@U~TGq_L48 zY~}#pi!4S2{{V^+8Vbnka0^1sD~g@F_9f)MCy}4Mw)1}`J1)xiBIpYvAj*C5x5Wb& zbg`k~#t#!^xt+4h{zjJ-4FL}CEof46d`IVK2OmTIR)0l5-psx|hRSdg23?n4t}sZM zybDei^Yj+wEM=+Szd3ANR?G*L2r=(MX0l-6Jjln(=I;tww6ep_&UCxgp2^ z6hqSJdm-IA{|L_H(83>24L6zEW)=sF1Q$*gu6k2_9rJ}F1asOlV z1LOYpi)7sObBxW(TWxKWn?R_+0e;mzo)ONNQ=OS59XAyoH5)9GU(Z4gVyxVt{Hp6N zR$u=N<7RJnP)|Sj_ZTJ>8^20qtCgpU0m5Pp0z@}iT0}3QM>IN>BN|!mh>W#PKq3pB z-P5@d&*+|Bz#p~s!-Mhe=`wugH1KB5gfqkw5HPwLdiQID^r4xP>gmkDvZ4WrbE$)W z4aI9TAoT=lHGi_~gCezsm|@t87xhU8{{oYPJ&_(0@-zLd_puKKv1JF|Pd7Xpa^SzC zS9SysS+R6hKnQ$l@j+1>1MW}a7co_3eI;2_H}`-DY)$MRa7ID3z!X5_GN(W(;4!D< zM{4uUDc(q}*PH_VK!G`>kYGyXZPMH^}oo7y&AE}*h zPFWPGU1UyK9I0JwPB9|2M%Rw^r5ulCXXS7WaYV4Et`lXN!$L%G6qX?e)Cwc_TOD3; zDzpmH<3$<=;VnzM1X}?|AQ!c`j9ob6^QqdYLZv`au9*RpW>IsoG<`TMdyt@ee~ly4 zvd}vC@xg?7mi8xv6$N?;hnWR63&sxN9CHd>UZXC*@iID~X?Tgc|C0pop*=s`hd~B- zzYxk3a9eO8ZmqUuf@r{ujyXsrWv26#?s_5Dgh_sp&Qh#@O7%~f{;AMEmHKCb{;APF zb^514|IE}sKK(OS|IE`r^Yzan{j*sA82sVFMS4omt0sKlgE}V=*JAvDx-h1x|0UDs z>hyUhN}sRO7o8}5rcU>rD7`?ZTXMGzL$ZCU%>iGM6-t(5Iw=q7#V4wtca)G`bE5PL zonCpO^g5m1ke+UxUr}oa#mhkOWZPl6+zJ# z9FIBAC`&BLS9ZyzB)?jAk>=37O@7odpjnNQ2y*D#Ww+w^cQ|xMPm;RFqMm-u>eJIs z$e~{tYr!Eb6t}7(W2^%|TwPCGWDx>KAI~t3Vd1LqFS00Ga{`Q-Tw42DBbWB8KlHMR z1efk>>&OAN)>n7i!=zympMHo?c*VR7cN>qQ*1%K-i&U`C$mVjtgEFFc*fFrm933Nl z5P=UIB1=XjI0esHso&sE1KNgtB(%9M^RKKtto@j5?XVfu(cF?a$lnHc^^XI6^nq+yAUEiu`mWl8i51~h);vrQ2C?h z9}lI|h|)#aQlAi|BMs^VHC~8PyS^)ReS%duLI6tPm2Z)BR;18t5~YYuyVNLM>R5yx zgU>}4KG7$$W1uW5B8 z(;F6Z!{cSJ-ZN3~e8EI21cT>I6e=ERjK)`ziVdN@Ty>EKK?s>d?BQv0mOuVF^gp$^Fnf!Xy@2RBjMYDMMiQUpIT~5S)-d_)_=-ssw)!RZEgTd<(?XP zAHFMRRVU;R?-M6dnLx zl%C~)O`w#?W1?lWrbbJzkJDNTe~?Y8@Z0aBRCq-(@JXkUFzs^&3vmlFfk|V7uJ${+ z+T$_XdfWs#A!jHI+>*qkU0I#3>=I z34R-xm(p5P_xgv$X~=|-z)f8>RU5D?xrFZdz|}n-c;6J&MG|eqCPw3Hx&olB3;Gtg zaTT+Jl!mN)7p63nltGT+cQAM5`r(oOlpc@YrSxZ2N;72s0O#d%)B2N`Uz=H>(8K)* zg;!L99`0eN#Z!pI;%NkRWwKao!Y3+g(UtWf30W-4e{~X)7->A4sE_kYP=fl#==zSK zipq4VFn*gTEp%@|v-g~|t{s2Fn5wdt z^O4PqzrsK+ww>@j_>CBoc+dG1>_MHd{($XToJ%cg@T>fPNJ%OZ(hSz^@d(Ly+!$Wr z%?N%Ax=%yU=%!(91L%t!6^K>z>qQ+INy`;mXWZU=&zfwM&cO! z13uy(;wA7;)$+;s-6bj2lY5~DkB*cc*o%j~|LVqV4xFjiI^e5h&(vJ|dKUMaF4M;? zro)_3csVxUGc3i514;|=_?%>Bm>-t^^TDa-1&g#Vdv+yQzT2Dy2k4m?n3dunnBHPB zNK~d$k&Ll}0rGyBBOp|Olfz5pw1s;4Yq3qC*Z5*sS9(q7sJ>TZpcBvyYtC}AeF1lkTUYW}em zXQM~IFPVlL)@Rut0zWceczq#sIuf)u*L5EgAZV7U*n?U~c9F1yx(r~svB|6RypS^V)6UI@`h_qc zj?+=Qr@O{OOvWb8QMr2K3~DRWj?`-=fWTAo_vrjJ%s&wM4``HjwCv=@!9F4&ZC&>f zlgRg;1a0B81-h|%PlV5KdYk>~M>Co1qFLg?1G^ydVgRd)vmG~rzJT`BB}7L1KP&YVr? zU;nS-0Z-$at?Z(7$2`)s?_qT&YC!V$kc^7TFqJBNq>#ma^+g6ByDIJZ89LbP!^;Wp zON6I~j8!6b>Iin?mZs?aYzi;Xyfi=#w~OIrW3sdgs;ls&wtT1&EkC5QO+Yp;Tc24p z0S;%xl)T`1Zojnu7}}G&*Y2Tu9M539;J{^tTVepy8ynmhy;GXR`2^|$4p2ua-mANO*Ie?J`M8U5+oG@<;%<8v`5RK-P^`i5 z?C;O|>be3oWC1jgULq~vvT6;i41PzV@~cJY7hgwi$1m~~g1euO+b*Eqn47-*^1+?P z=yG`T=24%imH%}F&tk4N8=s4F?TZe~e5`fcJlau*TXsG%}@ zn}mvd7|C~dg9i`4UOZ4_hGy!p*})h3_x*2^zo(KSKzad z=ehVTz%S*`BK*3d4zY9d4rIA86FA$oq^aAn<%etb*XKKerJ|+6iPgP-l!Gdm8G!HL zd#(Pqt_x@h1tpwV3dG4bvV7gn!amvekB|pyd%v2d6QLov4l9+B{~^xyyvqF+Tj5eO z%)sHY6<-^;Jupy>97a&VI=d1Mbacfv+{$I}!Vdne0iyYnkJ1?wG}@_IS6iK_^jZmA z2+gvyKAJKW;j#qKhuep^gh*_4gIb7Lh?1w0<6?X&F(#8xPk76Ou0|?<2bo_)7i6xt z4DR;1pU(<+?3~qv;>A?YeEXk}kk;;BJs8_v_D{5RJqnTT=L4Cu!Y^dOUs@5YVG6*> z=HtY8Xj$~)u{A1_m%061pc{rq{erm%orn0ebaAq^$nZQqta znR~-)C>=gh<-UvVVu8@AHHW@)-+iaM@8FRjdq)IeO>?Us48b$VP*uCz-a;JS(UCSYAD( z%g@Nn+vbm zIq+Q3VoaKU43$Zfj*jiG2|6Ix2AWmDsT@SAJiIfDD^#>ZRTYl{)YD?4y@ADt23)H)%nm9GJ~+i1_W zKeJVz9MsfScdz`A>ygJ#soN}vXqijy6B?k_9pXk25zEbK@ImXr@WV-kz6<|_ZwFOF5U53V+%?H{WlH~^aB7#RXN$- z{bGsZz-?Y2yvwMxix{LlyHu4f1*OMTUEx{z&PYP@dw$CMeLjYe=zVLAz7g4TQxK2JoLX%077n~xs?|$N})KX z2<{2TXSYl-zC=d8ft6x}^x8CL5|9ULDb$h(cl}nvrhWnn*8qCeV z2p zf84XM&2eG7G{C2~WS7J~^;}w(nPGPhzl}sF?tRGv+&jY`S+$S{>(_(-xQ7sUJHN`N zi)C|{yRH*!bpC-q0Dt>A4P?UAGh8iWi?Noxo9n2kPH77iI?dRI zIAelP&jmsbuGneDjzlC3C4TS-~92eZHkudu#Q z(piH&+^N2(qlyDvnt_qU)eDdV+-^qTcGY=yfv5lcqJnh=9_amAhM2RQu(vjITUTbr zp$2S-K)JhmFX|KoChpHtfKuO!JLEl>{3h#Bb#M4k=Bm8*?;|m`6e~xrc`j1WAp`^)j(R8ZHF>CbZY0oIyp8r2FLAC*b6?!J4z~4-N)2j;f0}-*%oaTT`u% zf%6D#58UVorfPvJ{>C2smZIvyy3^y?u^2_XLe$F>w8(HR)&6Rmp0G%PSs8@eY^0<9 ztjNV=!V4qCqGw1|2%=KDtDvC|Nb3Tu{kNJ|xb}BBgE`?3^I|ucbDYuoc=ijem3ZrV zRs*DgFR@*?Fupl6ZaYqIR(VHx?(fPz z3IO}L;^xb5>?xcckF3f-=7n$|k(mGT9Jl)35l0IDEy5;@lVSp&OAQST42|BHsXhd< z$!Kxc!`()@uosXzpIRORpWQ_na(D1XU`RHHz!EnPZr_|n^)qAuIQaCLQ*p`S!j%mZ zsnc9lYc3~S$q7%+zvTww14J3$=VZuN`!F^(@2)lemPn~JxWfcVWVtm-d>R~xA%mRK zS&~8yfT9TOchzCyp&0jVFg+<7KD$+hJhI#wFNfI%3~Foeocz;^QD^)X7oofFz`@In zCjfWXy>SzMSDzl<3RgH;;iJx# z?ddIvW;OMAVTY#A{a>Zir;ul*+3Z~ZHCOAQugP_jvF@j)42-&3@dKwg4N+GOLT(8$ z&J&GzJE7!sHMAZ&Ka_Rg9c~uesr5nsdGdX)9!Gp9{WrsT!o3rw(J6AzRg>x9Y;O7T*!Iq&m z54LLDWhDSgtG;a12UTItXQ;Beb7lMLSCHn=ZRJRsOPWL4k5>O0X}LNrPtu%rTI=e2 zk>=EC{Ups{rMWlYHaXsLxrzTiHKo7KGr$}Yjr2lp1DdK|a&LgTAdaQA`XxYGy1@OP z9aL0|w!jq{hYUiEtz2^EuX+^1HkLP=!H9-KjYAR22?c(0ANa6~bB1#Y_kr|w8c27R zeD1?W*9GrH`RYY&^@KTlA!kq_X84(Y>{YMFZa^3b{mQ_Jzo*NZfi_ARMWZVI5EWW1i>T`_ik)LBstrOnA;6t_Q?vIj8ZUpdAgC(NQVsdAb z$#o)whV4}P=CKC%&;ebQKZVoH*B3_f|0}VLODMy{$j?3P0P95Ad@*&CgmVRE`N%){q5Kn}W*CovjDKQh$OktuH128dUw_ z>i+9zR%X^9an+~QJGEf*uejl&|28*N7B_TZK>nY&;f@{0%(r3WI(_Hc)-TiN8%Ok{ z^KF#u)wo`#&$lB*$C+=e?S%8K42h~9?I-thrI;y|at1X4avt}$b(G3y;sZy0D~sl0 zf_e2eRF%T=+Y%*0WzeK81&Xvh_zo(@WEhYq{nbJrh_)1D`XB$~94o_9e-Js~8Kv3Z zsLD~1%*NoGmdJ6s7CBCV&kJl%`PZb5?8n0)p46C^sVu-|4>+|HvsG5@G6?`Y91}Rg z2fd+wfFJ&g$f*tvwY~=8;0B^$a=sW1=m6Sss=GJvh|Zak#$4@8Pl=QK>YLE(LDWM0 zG2{J18L2+}_3eESd%00~$sfHb)4F2`tU5|w^+6_gVn@SQ9`k`hDg%Z8s;l*((E`Zb z!=qYD?BviY=mUW|5QDx3%k`4{(bZ0s?!)A=@}OWgnq5dfGno**T8 zUm1s5I1qQN`H0qlqxcVW27Enwzx$q!1yRQ|thDj2%jc-wBQ$pR2eT6Aad-oKJ9-AE zM>uL<^Hml~hfbB91YC25k2+dBB4>1kzsd@JN{ItUm@DYX!P>l*zkzMQsd9hQ{gh)U zjxMGQ*jD}a$}foH1Mff)*lF(ww7%%h&r|0w{P$pG4^PU$4vBk~RTqgBBE{+JpOIxp z+x=|N%Nt*inH*`gfy1M#fes>bYqSou{8kmaMh7WjIic&z1?TmF`Z==Iwhq zn_Z#@#>K{d2X?Vt^cjyp#Zl$Jb#*RBZD%j+Y#cX#)*QVxj{e10=>B2XyS{FM6K^t2 znSJXQz`kc;WC*m7LaFKotLo(Zlw(d0n2;xaaeTQ`&F?*w*mj(0P#VB3ggH%s|Bdgz(A&7eVHM;aY;y4j!>hBs(3OF4tBEC{e>J{hq)I{8V`V54Kn^S z(ZcxHd`L*1r`c0_t!pQ$-P1Z7aTh^Ni}P@i{JFnqGG6HH&8~q@v#Q)xm+BYu2&IoU zp1*&V=;u-P7=yR`HT<=rO-2`9&Xg{|FD-V^8;1)#TE&3@L-|H^2~dFfO??3jr|X?t z!82$sopC(-ZEc_9|I8td8C}iTiRNJ=ivA8me;)@i+rpJ&;Z;{qT4T2?Sr9DPAbptQ z1jwjkI9RGTIu#eb{`q@NL{!4yG(#JIYpO9`KoRsLQ}+bC;uN%+Q?)9CyTE5~yAzm# zs05WOUVq&ka#@Y`(0pruZfo!cMxaBjlj5N~C^~{!^_NEd@$5fFZ;5B`Z5^Lsz8o52 z?f0PAa&OJem@(@T#0Nizyw`tgM&?$?NK<2V>$CRnJle4?_mWvN)^2aPNbdI`>XLQ2 z(Pi=I05~d)g^IqUYvfU>T(Wz^W$4ofN#! zK<|kr6w8DvC&8R{J|!5%bq3Y~dbTw?g^_6)+}dtERwJ$H`OZ&7jpX!S*ipV84g&Hp z?(k3w(=Z_JTaIS4YR%us!$IbGf52}>tO1H2_fu!!WB_N{t6MIPhB7bgh?T85)QZ%W ze$O+LD;^sWI#W1NbuT<#W@G<@^Nftp`_zzrxxTLG)a;|&C4nv9W}XTJWv|PcLM2mZ z;8r-(t%gv3)s+AOtqk=;(Q~;P0YKU9L=vt(M`y)nWN*uUo9G&Va+l1Qg<$Z@^_fDg zS+izbg5_YSmVX&JYh4zIHF`-L+N#fzRSBK-TzYz%KDFmi`ZuHwXQLl$4zJL!eSp|7{t@`v?+Q6_j~3GGccS1_fwtI!@XCp%nA42)-osDTg%YbS`b$l zoD%LW<7ZV%Ww`g;V0pN=7$&y8ql2Tvy(Ph-aBnHp!M*1P&j|O937!`29UJt7d&dU{ zgnK8#X>{*o_p~q9yEnJGr~Mf(x7~#|fP(!Xty1>6va5Xvet^%M_EQnCFAb*5D0aXJ zZB0QCXJj;}yx8123fj5WTXP!1+YZ-+&NpXc{{sXTM(4n{b1SaChE8j}4JuYQI0SA3 zbkOXgdh5!+Rc~FDBR5KaPwigy7cKeh|8ysk*VknoUYA*0J#^(~IIlJHz|*rEqXk)= zhq8#uH*ow3-QJDh0`6J6cr^A4)Uf`t3?lPC5scnu>!YAk1wO9>KBxWf;q(8XX(IFh z5V{cv;@myusw)Mjk?9VtQC?^v_YDiVS6!Ksl)y0MA@I}-NH@^yj~4%jBf}~uI4pj% zBYu;kA=pp-pCM!h&Mq}*7#Axi4Q7ECaz4ytM|g!JBjgNM<^-vRwH!rTEwKLZt&WV~ zsT6;yDIdQE3k;6=Q4b0`<%*yST!b}+`X6{_*!DH=$AQyG1LbWwE)Xh4ADhDQ%%IO7 zj^~Do)fZ? z6oZ)WwgOCHV$KK+7V^zH;*Pc5n2d{Xk{Wr*F zY^H!%Yutk{*6&)m9xBFhS3zG>+J%19L80A%m$k9rfyrSCf=N0?16!r^Vp#|GDfU0M zA?NO)m_X1y=R;_4pl`?Me01}A@LlMxa(7(L}`UAb41E@bqJj2@N1=$g<>bXUww@ef$fuh)tjXx)# zzsW|+lLs(T^xVNYQUqMjQ6GTOhqn~;yp9cLV&$w`7@-qIjS$#d%ai3WzNSSiab)=; ztN$D5fm5jvi^BepQ)}e#o-Qm7UwQ^jEh(xHxp4N1q1e6o)kPZFK6b^Ky=(TZJzz5x z&5iJeQBw);R?i{!s5W~LXv)zEmRlk475^F%bu|07!Z{QvP@o}rH3{*{_?o$uk+zB z?jrJYR1CKafyX;y8r54>_i*w**nH>fV*FqVL5Rj8bFK^|_wN=#nKx z-hk5&^B%m1tI_FejGwjyZ>;KzBAhf$>aV{7M7=>nQ16VVPhBBB@pM5FB z4U)wX50T?X?ozl~@uOn2n=kyUr6Rh@5zE!3F!CKB$R zoB>@7$lFC;A+LYXTO?17p=1#s4zUUuDl&DH=+gDy$@zKoUY_>z=9>q%0 zb-_L%+XZ%mo!lG^nP07|)*yC4IYSr|#DRc@_w7BY_$Wxh2WLhqK1R@U60i%Lcr^dS zSFw6a6mD>EuaWY0c^Xnu8f;cG<`FA(lYkY>N9Y?vBaARwu@Gatst5QRUs$+-5Q!!{ z#7nb!t`gidSX4w*6{*SK&?L8?k7wROjC0!A7n^ObKy_;Wdt6_e={5;tJny2TagHg- z?rd?lqMNRT5!gT#`&`>i4&!aX%l#Mj4#FI+tH%?khPE-s+4xF2>8t zcie_yAsOYXxO5w88+RM8<$}U-U!ca3-OXg5S_(?Q_&_H!ko!QeRys(+B!_(xD>{#5 zdRfX`>W~+>L3DBnK>nE^Yj^fOp7NBcksh*j@C}T7QQP)ghpW#&JsKYscjF0aUI}xr zordbv%)bK9$bnkDC0nz1?eEMCdZ)P~F#CxcZza%vyZCd$K$l_LJQ|cbstUsz8gUtf z=euZtz6Od&*qhzi$s%-k)Uy*I0$IIxSyRb@?0su6GPFqhKH@FR@G6wX%-=3#*QwCD z0TgmpU(EPH4T71LN!h(6dqeLLlBi>Nb=S?;n!9>_63-5g@48{!IG93Q^$4lN`-Wm_T0OD1*EraHYA|_$T1@tA&r~Wf4vf zLL&kTBo+)dh^B(NDO*}{lF8=#nkba95-xiF#wPV=K~#SA*5E|F{(yQ)h%$fFQ4O27 z=QJX#w}w8#d!;{@#f7Vumcg7|_RMaC|EyyY*`a3ji@BViKgE=?=jZ8x85-0)IOiOw zw*N!0BHKHnM$gQVm{j<(W+tYL%*=roGjGbw)a%hV{{(%PzK~|~)uQq^u?D1N&|G5i z?Vzr`q*|d1OjK&0EQ}c)2m_MI2}l-Pr5``RjiyG`4%GQg0NC<1>I6nzZDB~gSPJMf-yn!dU}Na+On>i+*T`s%meJ(0e;KQO)O!h}lb zxt|KM0&@({-$Yrx0b~SRA75F0Zosee)xtgXK(*-;3oEpMrKWlWnnmGsO*MPV?w?3c zJ?P{r>X+Zqby_3VS3mvi`>FbA*;PqTz6HXw-gtmTK5HI@arjJFZdvg7Be|5B< zXyH=y(>$cnII#88tW@;VM6Io#epsDEKP@++2&L$!&k&4j{q%#0+H19Qi-D>{cR}l? z|B)x~r0b_20Sds2Be}=ZM{B*pYRf(g0$KC=L2cVtoaTP&bqtz!Vfcg9T3rztd}Y`A z&Z0dNIzn|gH*s(1M!(j>zQ3!eV*<>MFNdBQg~A_B=PTxVd zSyJ5s(b8LW?VYeEG(Y@RwtK_vtgAj#*F+zv>+7@h$04M+pQ_J7)$XTeWrp9M9R9%F z`97=f{J=F}+kn^Ce3jv38&4yr)duxPRvWz&_J%^?uN>|T*yAMI_^EtYZTyFPWa|dk z;{y$5>ISo5X33`ZxH>;LWx!4(WCH}TjYBsAFo1)8tUJ*RYj;1y`HG;k7j90OS)Ao~ew zuppy(oCVp@35VTlX@?p9Dt8r3L$J(YcShO}5r0miJcMBY-2D8=;79A704Fr+Zd#Dl9#B$3>Y-?A3hD_q*Hn(VmtE2UU z$*nK7uFG6ECsSyYSuwP?j1Bi@uiS#Hh4g;wDssE_tjlCDw`j7f)hbnsVp;7ZJ1JI} zaZ7c$*Re8+Vx`P`N>QF`uP)|dv30e_R*|)CPPVL;QU#C#<4;gcJ$j95Dp`%UDBIPm zt2rg58mr2zW1z}jH^(6l40eTkVX}4z7(`Wd%s0F!(*>2Pt~CjfRjpKIRhxZGwT^Xj za@sjU7>sr~0lyP2L4YDXf|(+6DpZy$p8cqUdx``bpy5pq%wIoX510`>PzfZ`U9snqq|N67okZIGJt zsTjTv%!NK@zCn&u>wzg)Qw(-3QtC0=4ePvPMGiJ(b^n)r=Isx=BZ)5Z{24Z9B+vgyF=5 zH;TEu<{C5u#=7K(JcWFCr2rd{%$B>Tg<0E)G)|BG(_D_=<@%+Mk?}ITFBjwzD4RnV zm%ii_{VIUsHG&DTu?7@Vx&f_+v)cFqI|VJXSiqQ~A0GF* z19y0+qoeYY3JDJp*6f2;;5-l>a98D{ENZ~vQ60z?SP7u*dEr%#n?j!WGKY#o z8u`DBy$yWR)%8D~G@%V`AOQkKsS-6}wG}I^Qf$$-lu{Kjr8Gf#oL}ZXM(5BafUcBc ziV{MRZR*_SHm80!ots~`IaVKr)G80or!jSI%!zJux5fu_v)}{d|9+qQ`Q!oE@AXI1 zZ^$(cnUBnr2eT>)FFK1yqx5J0eZg^R`S@zoTtX` z1OddIYLuvdlod-1by&&de22OyutzlY96&xBNo8Pz^lSfmgA{5 zq{hRT8Eq5KEJ6(}YVbw4WrnZSJG~|aczT~kQW$UL%1#w-1OH_y(;!cIdVj)VFs#ao zyDxq>MY`8sbsIV$4>_go+}Cb;tR{@!6T;YPv6p0iPu}e1S`-w$rGr@?%Esa zRN+A?|5ixtxWd5H=K_6l;N4~l30bfbd@qP-K}Cb>td9&bU_j&mW?YkwcvJo z)+c^jC=<7-0ntu7L#j@!XsEtA)ga00x@ibv)je6)J+uZ>22|97tliq{?^oe_42ZZY z(m~f8bD(XdSMwG)QsAKa6Nj;|%tk5n8}GSp`^c8t)E}=wRoq6?OaPN*{T{aWy45^L zz(mK-{-#+YO;E-1aA*(F^ zyrJjoaQZUg7y;;?-6qF~mxyDu^z-6AN8SCDEb4ys>pSqH28~qU{sZC53bzFlw2X;T`d@m?t*W@Px=ec5Tm^O zwO`C8c>A&f<9T-U3O(+EId&SPI7N3vYEr)xvS-w1ER*7tqZ$YEj`(@Qvq6^C(Peow zX_o)suYw4acQ1v$vY>(vI$Oa4jfq?r{WACgaoDL+camKb!FxqbFPLr8UcpDHALt5) zpdQv2URVQ^T7IcT>O*7Tk@H8IqZFIPk@JHwzg21uL2N2qMx45hoN>nOg8n%yBnD?8 z_3lDugB-Bd8SP4IOOf;m(dz|1h)`zN#%V}uh8Hh1yZ240-@=bMB&NM+*7Z5ymEVf? z4#Z<_=;T*_Bi^e!cjxO*8nE+dqc|F(N^nj%V%|OXfs=@W3*Q`eTjF!xivLUBCH9Su znG)9H&lq>i&&P@@u+M85fWWp4paW^Eb=rESogrxhhl|n;HN&aTQ}1HcnX(1Az+&2|oUES{ zd-Yc<4?0x;iY>)h5@YsOaJ{|gkB^|BH$gB(cxLZjT7O{8Lb=7No45;2;0E(3_0V4q zXClTHfP|{sqL@n4FPF27P{_C)Z(&wtJWndC9=Z=Qx6zA&x{6x}WrA|}zti7EGuNV- z+4TpyXX>?8dP(*x&9ofV%$@~SGxz9b>}E5t5F+g@4;ek*EcUi{%u}<03SkL1j*&pu z(mn!A6ti*U#P|dlGmRI{p5nl#FXPp+r)d0=ZsFatr?|mLPk)fAhM4E6lkmhsMJSX$ z^+D_t`IckMw@$tt^%NH@J~DD6w;nO%!o@#`1TZ3V?SSV9l z4YS|Ey-|Z1=!|%cHVsiNHNvE_RpUTmkAT9kaC50Ge;L172`cp)@1kgHA(w+JK6 zG02l*b?5{yf3Ji@2ySh>$5zY+9>niH=XuB~RqjWX>4*B9lu;YKD}avyhcY2u znn!iwYN`P$$h)8AUa4_Vjtc}-;~ummG`86LsMnwo3?%uzA7nBJvuzsO zE_`MS?JY2xQe9>0}m zV4t^)J9ic+8rTO1GUkJWrMX*0X=i$(5D%;g&Q4oQjczCWU~Ky_+eV{L!FI8f!07-k zKYG?v0+v2;oS|D};|2PK4PHJuaeNpnlj5%1*#CoKuR0%kWrzu8 zwu1D)50QRCLAn|L?rG?2K$S@+4+^=bUM80`PFl6Vvn@I2ol&@zoQcgbYymhx-c1J9 zo~gzxl+_HuWl`44XmHl*rZ>rtXb)sqQ^phhsM#$h3QkO6+N1FcFR98NPx!5mI=w~s z)F3A>dnO;i5(3CR%0#jDFXuW5&~ z^oS+|L6_$@(O(CgtE~h1>w7JF(};%WU^0uZg+__hvkdeXaQq$zfDmwM!P0!Dvl@RY z&7}H2dwN%62vK@|;;jzTDEScixCuGlJC0W?O7Lu%c-Qod#w zU9ZN>x?tmADNUlFmcyG0(_RKE3Py@7xjclM-L(k(W}u&-1<*;W9Mn}XD&1?~Abz$Q zo6YtK2_ULMZM8!$V3w3F3N8rGLluMA;Z4rg;B*{J?=~ke^4EgJKlT(^e4RFr6W))P z_nR-5-CpeN#HSvgbAjj*eCJOveZIRDxyhCNWCVWrhwH_Z(2-z3yd#%_(ja8J1`hyI z`l*i7!(Sj%jj0iis0DZfdPDzSTiPi309l{|!5gXPqMU>?RNgZxS6|(T1(W(Y$k!Xt zMyIMwW##KwC9(#n((r{qVioE_^k@am;&+EvBP1H+EM2?4U~4%m)KX7 ztMhKNPK@d8^W0v6odQxXjUJ9w){!f_%q;srajXFVgp97d{>+?<{y2{Ak26<3V3zOs zbdhKMe6%QA&G3hL z4eTNeV0mA|6deCuVBS|6O~C+XK_1W6o;m;sb9}6y>&&0WM~eVsIZWo}i*FRL{xPlf z2jZ9~eNO0BY%uiCUl7gpz8n_TneLO&xF2o%fIZ)@-QEt%lG1}Jy57Y!G?y&=f`KEM zc0Y|*)m7+#b-%GUxCO6Ly}^6%1tW@|2k*xZ22gwi-h$ zWwtPwNQ>%!h^9e2O`%BCBJ6m#XY)biP2DcISogLKi}*!YpW2Y47KY@G_B6ft{D4KN zT5kk9OB~F^7T34B;@kmq4X)^v;8&a;KLQJOz_>HrfcIQq%X4W7q`?^}@z)tq&&dT_ znNv|DV4#@*e>y(L>rk{(8Qh>|!Nez=I;i@7QY5i57pOnJ4Fx4MR2a;ZT6dVe^Ys1! zCHcG2hWm~0$Kd}o?(OXBE>$Ct8{JLqN>68c00D?QpE@47)f1wTWXhz+-uXYbH$5S0 zmtd*%el$h&?sRgjlyvYi{OS#rnOJ$54#;UGFGH_f0{`5MIKwvm&(kS+G9*(=sjypm< z_@>o3iq7HAyKEo?bS}hOSxh_|cy$^4p%!?=iraV*2b#kPE9#atqevB4HQRG&|Q6%V?Xv|<9fHp9N2(h07_{V!DATLAYP6EocCa^b!Pr3 zg9pD+7`V<3(S@NlF7fJ5pOERWHh)hS5EFayh*I%~Op%1Ows*p7>HQGzwM_8Or4Fk- z3;}9)f_W7Sj=eE9_yRwdwQEOB&#Fsi)_XkdI6U1@OKv{p>pP;!&M~yT1UUWGC({;+`)e zJTp=iqgEm27yQKQU{wG@w|&(`tlPSeLLVeJ8896aC!p9Kk89DmaHK}V%1n;Cq)V3b z&WfKCa(V>Sm)@qLNc=>7U^W@?(QlH<`(_s*aEBALXOrlF@J5a!wkMxwS$FoTiPc}S zPx+{yEs_arV$2}^tu%hCjfLsNCEg1esJZi5HvfLKRbHo0IXZoluHU8RUCOdY;=7;e z+0g_3_^c+kNf+^6o(tf67aRygWx;ROuiJmP<4E{$0t}V&7~m3Nxj9$9agiWb(>LmO zEAxK;ujU*JJ~@R!3_nkA6Xv=;z71#}`)w$h4RH8M3}Q0whSBT5Ak^GgEVwkQ_nF#SSKBT$A&w)&&$HXJSS^cQt^3-YK1<>U;Kuy# zvFM>{xLOeimJTA+itccFWOSwe`L*b3jPJ?MNZ+MR++Vp^$V)C1<{^OkF&~yn(yyoq zpd#A^TW8=J!)iJ+$AuC297lZ3MvOJD?Qi`CagG3%&LqOg&Lyh|08?<=u*|)mUu|wz zmIdUsX3Fc~lp|shKAjEInPfTcFR0B6G-eQkB6e9=Wgt;#@F5y~OL!W?S)LnFBW7#k z(X(INegZGUuO`)l*tADiF)vuKy9 zlwZK_!hdVO{a)JIV5IWf*Cb#e8(sc>B->>{cUXj=|u17WbHpyuy&Qg{Ru1@#GP1og(Joayr~&h&4AIg;E!Dm2;8drkDLz9WC?=ns*an1dGUI9j{4UM z@+h#K$zl39*@YxBh3&BkC?~5%SPec+^tpu>NfQyZZziE7bB3#s1nNNLM=rpqz$w|) z+q;g5e?p5)@PDLh%fmH?sGsS1?{r;PU694USw4sVGv_hQDkJ&Xdw$dhn#bqWryhC? z2J;lkU&gK4J;^biJM!H#>3ATi(U1zxpp4Ky3|I0oubTC!*t2U#_qf#k&)*h2o5Y1L z6vBB|H3T%O>zBYOsQNBi1g0J+L7JEH4t(Ga0@-7s-*WE2<{vWJKYt}Q?1)dm%-iVz zpv3VsO2My-V-P-itrmoz=r~Sq^?!~yPH=@}j+uJom#hRk^7y&ZgGw}5u6r<6C4MbX z=pJzMpia*31K%8TK5j1@kN&?FKBEa&s*MM!&ZNtfp)6SWU677mFeC7TFJJu%pM@mE zp}w&s@%v2W-{1)6ZyoA2bPc;ET9`dh@|Z^1K;P<;fs6wR0Wb7BXJdp)p+5WW_QSj2 z6r=AlSpKe_kjiW*AH%vf4i3M(!8v9i?Yij3_bBGUO)gzI>HGY2k#vf>5NxxBv37cViW_)FhH#4I@)Wqh5fHkJV_q2Qm_5u6-{ z=*P*sMeD?GfB6y5Zq%+``>CvFJ}PsnQ+51{rHnOJL)FL`UJa$24_R%-e%%ybh=zlU z9;_TXF5|RE^06yAW~&wQVprfz%TXcluirfeSE2Mw!*AW|6omk8kp$b@yDDGRZ`PL6712>cmBdI#H z1}**yCwkZX6ROGG_Iv>`Y|s?RkhXp5#p|^(BSp&TYFQUpKD;)?rl@m2KZJFcJv)UI zW_q^Ysh!@VpCs*MwaEaq8H`lfWN?>=?%e-d=??1kTWW=MH}RD-tX6+bb`NAB&zt+B z*ah&Eg3R>OrtUg;C}Z67NHGJd+@Nk!;AzR1zN z&`)u=?tB}zYI}rI9;0^KGxs@Dfz-eKi21Ok@EOG+AK;y8mIdx8d4g%k7l)OYVO>+5HFUK>JKYGt;5Q+|v|G;5%&c6xE_ z^hii&TZ<;SAC200)J0!&xM55N81DO;t8?dUCpilaDFW)QeP|XYa&SjOi?0&gA7u-vxGgnm z6O?r8_jXU(SlqjP_3_|{q0ArjTcPY&@g)d*vG%RL?u_Ge$ybugr*pV<_De2fKG+l0 zz-*xVGN}(YaZulQwxRQ$yknLvFbns3T4$r0$wwr|-${@2Y%NBK+jWTzvuv|kXV-t; z^-Iu`e`zI+ioD4Rc&;J+%Ob0>m@nTwCo+UJMl$|D7ROXR>Su-N=6GxQlHPBS>_^TA)BoR(<-R$np&U`; zX1i^)5Bf%!mf{B9f>d;7Y(#;c#Xe zxc)AyfM@eP7>7>Oaqf*^6Fj$p2;hR%mT!8iD^{sCBPZMez<8cEvmL-;P?c)9StZp_ z;GAf|tLN#IS_-d9F#8~!O z>@fR(7kh{qilCUVufAUD!rIb}h~;>GOOS_7!{XUBeWojRs=5GKWFxRx^hRo%ZXU4D zNzD|$GLT;%%)Xq4YG$kBb-h?t9}qI60D*2wyos~wiSRJuovOD#=Aw_GhBV3n=|LYu z%8kOtDHhUTW&L}=jP<4Em+W{sge9Knu;;KLjAoz-kFt9K5mV4g&=gOeIUjgul|WmC z+8USA)EVxag;kWNysQKA(OvHs@K=Dstth|RJiXsR&V(w8)#8t5{mXbtwZd+L3)6ju zR*4mh1?>u-`glI?p5kV(&*T<;t?(KGb?4Q$!h&Gsa`jEDM46R!>WnM--Js4{T!ily zbu|n&Gb(HoW3DPD z;nDToiR^?H@G?It&3@Dg=zk)+9~AvrXR1>4?&Xp@LcS4DA7lSX-ay^tdb@{cVk>uKzG*MPdEMUp0Q<+%fKG&^JZNp*}5Flp(3?%IWn9q=UQ%c=k;K6yv7Az&ScjUZZO#-eY+RMOUc4pSnAn4zmKe_q+IP`2e{$kCKT>AG4)6Mec{1>^t zKpr&bmrlRnsPq&Ts@!_T`%he|M0k=l>sNRa>TAWFz_F*|R#I4f|3SNrOO{ato)K1y zU}BDKyy#qGrAVI$ssc`!C3;0zH6UGnF9>60Q)iiv#wMTuZ-Q!~R8XC4 z+I4fiJxEU#BQUH#(ur;Pi0e2FY!47I2CQ9{Wx zOSG&#ipxfX>6G3|t+bfRuIu0LEFx=5Q3=g;zU(}C&a4comoMkSU7>d2+t~7i3wKN# z)k1;MYfi%-uYTF<-P!6#yI632`U_p+Q@Q>MtnDHBw(M+e(=QtJS5SXd@XM@?{Bzm< z0{+>5S0O*e1m9c5If` zS)J`Z2WoA%`ba>6Ur;A*3$Ji?sz$5Q*h5HfRUusf8>E*AFDilw9y&7%ovc<<%~VMJ z(;#f=wO?cuVdUl?j*ak71loe^I}480J$WIjTdWmwYN-Pje6$A7w|*r(Rl$LES~sWp~_8Q*rO3gq05=r znaJr=3MQt&RtOJ%^$^1DSP!Y0?uf)7UkaN~ZLle-|0eJUE-z!US8KgGBztz5&LX&< z@Z`auVSnwk{PB5gIhX>ddDgDvDDsEA>@t3o2$F4W@;ci-3dD+`%ywq>S+W5evhbPqZ{O7ZB)pxNuc;NjNZ7myB^(S}@L7h8 zIr#TfTx0$%C?K^zsxKTF4p~UXC1FVk5e_$F;uAsSu%T>TcZsY6m>NO~UJ3~#-pdqg8%xDq${Z2Bj>ZQHw@cvqCT z$!n8efy7Oio#)_PW2)JmsDsCItjM0Nwq#R4Uf8=w$%{r@{cw$J3atB*ESo7iSGlQb z$5~vIiBXZ)urT~jbg^+a7cXaDYef`yh<|+<*C=e(*S1*-=@lOdAAr4zUfLfKyB93= zlm)QVZ&@R=Hq{!`&)XNU3MjCDtACJJMQ7<|s?^O_FcoY9zC+ve%OA2WYH)AQ@+vzm}AZ?>1Cx4+b~ZmWz{e=hy;!gRB|rl)RM(+cR#gioh0IVzpY zr9IB`LyEc4%hWd>m8q62*7i_&pbLjHUbgx>Pk7vs>t{dH^9o6RH93&Qmsvj7pLbF%2Dl$ zz5tBTjOtLK_MQS|JkIiQS$)2-0+r*6`1e6}pwj(6FsT$;1F{78XFg5VT+sCB=pr-s z(0b$!t8bsh!zK7bE{2=)gRxlcjJrU?I96DPWXUSwrqfrTCVyWml{oMO@WyJcwwxr_ zM8A=qR*?3GCumQ^w9BH`rzbLvAJ|BhBqaqB1`?-6zoH=-Wx-vi;l`{VgN~ZPJ;y=i z1^C3?0B;eJlV(`rodWkoD7yJ@F}(#&bFh?%@!3Z>;eakuUHv7Z0bHs$?&@28-4OQ{ zu%DB+=&uvz)$D3|RajkMy>!Hv(p z42%lp?1_dX4V3deB%mK#zn|^LAWcMJbe?KlgoZqZ87+f!h0ZW z4pw@e4I$!3tUjz3pOk@@gFl7v7v@VJzRGUV}C!K=iCg}@*Dadt51cN!4N^qaBt(qnTgdExPTLmw5tgiceH_^z7cf=#-6rY zAHTxRT2$tcc{9U@ujl4L+sgNLyI7MmU2}@Oq$6&SC^OPefZEbYCp#WM$H4m9n z+p`(_bz8L5u>FVc&&<95AG~MT$9WOufui^_xYT-VL7CgTZnXr|NmY1eJqH;#AQltv zcaKjkfDqsu$AD9gUG=YaeGJN?s2gYxwTBGWVz{M|-yFxW;yKag!w}OjyUW?o1C8;E zJ=@S11TU0)eUcBu;o1Be@^#?k0U&CBY!t~iY{y$%Uf{(f#0yi|EgeW(>DjNc{&uV*$(zvSF;zgHX}9Kux;49m>UI_fS&ZDU(mNp3U=-20=m7PRt37j zC#AuC1fd(_@MbxO9$%DwEhCvm8o;QT9v^^AmqRl$nJN z;A*dLjdVfkh?#ZNvJS9D)DvhO;w>{00x8eB?UO+$Mxv=aG^buytB_x0W6$R8$k(B^HbOTTQ9tS-H$Hxq z9g5F>&bG(CK>ePUUG0YJ6VB}mq@YZ@TTw7dwo`{NtCL?g2Q^-LZ`I@%|=4hOcef~VSEJt&-)H#Pauwm zyI-@mn^4>C+pXHfGdnh;^vr(h-a~K`Aqs+uh`Qr5y^xQ3gOnANtM;1zQWdDKx>@vZ zfzDJ27o<~l;CJui-Z-PoWZa%jJ%GQb>-@|W0wnN_l&YHT5+BT6B(YByGYdnJ;*`0rRyni&jOBKqQWpe=E* z%yTP|hYS)Ccv~|g0$Ul%@mhibZ);{SVC%IXuOnZ>rqNU4XZA%$iw7yZ>OS%D(ZE{YrS{5K zH`-C%C{#DHskP5pTEDaF{e{>QRN3TmWB((=q|bqnET%MbASdGWO?vsN#-}b*yPi51 zqaQi(98x!p;c!;b<+A5T1E7r507R+5=xE~}ouyiRw61OVSz)C$ zl8WtpTMvS9^wq9N9A>aHht}Qi*}#Rr`;R@Qc@ZS_1z*-lR;zL#*p?H zFRv<7`-{3=pug8OaW$&XMw9-6Ir>{j0(9pQV1;_;%^U%mh6*MPYJJ@VmTiS1o1|v7xusVQM$H82$y-k=aFy&JrfJv&tTA&#> zHt*VB+~hU+^UW{tSIJhl+Gqq~BkKN9tcQBT%@ffS#2c_?oI7m#3yg5c;t-U8%_5#q z8(P5*gaM#nistD}1G3bm)G)#`2!#I2Q3O?Cv+^cl2jiNO=pJGA<9(cM;9SVl`!LGX z48z`vE{@mIV`f{i%W8%T8hJch#ktbJ+m<{j@AXjv(FX?L$Mk;)!Z{@6!4CD&ETICtuV8x3 z^EKO5pP6b>S2lhyS*7=w`w8w5)SW2C`Y{mN%Rsp1{iF92zccp}L9FOi5OM-~U$NWM zqToju@(@VX&j41{(NV@S8Jze3YO+4hX4#eLO$Fk^6O2ugxXG%hdp6`9xTqDODzV1qT-(^Gwr$|hJJ+p|?MWP= zWM#XO9wCz*dysbHeyQeMtBti?z@?mZxd+W+nlbbvAH3b8#4}RDAtfN2b-$SEq{II` z-A$mMz9u`c5S%_g7<{}GfcC>e1D^1n4#B($TOoVMc=9nfsP>ssc8bMs1LA|IqW-zA zr>WH#9(2VgfY?_-Q8^kLE+H?^<}X8%!u|00d~-kayg;!=su2psRVwa5D{#kt=Tzx- z2>bEh@)sq@4M8NE0$W&hLfSDardc1Zse9IclXx9t?30RXa~aa$-BG{sA9-J%dk>qs zOsXW+2qWFF!u3^DD0==UnE!agiwS~wWPiyvbYC|A3UqB|uE0hX(0jJ9dLmZrN0X%^!y0q2>2Vz-5T{Ty#2s<$dD@8@p> z(O(xW(a+r?cCv2LHxCb7QYfK zKA9w}+2A0i{QUQqP??s~D62t+{xQ_?RD|sQ194%>&=FNC^*jH2{bwAr{sijJ$>+1o zy1$xVH<_Nk-?w9>$TRK^Y%AL!(P*y^bU%gIs-Dec=9p>$>3HP;Cal+rht@xR^WWOxxu8*wJz#XnMQkCQ9MAdh|PlY5LY|? zcoDVihd(ptR%{B!kW1#GOG!)AVnQPr!q<2V!bl_r_2qF~S7(*zGj@@&vC)y3fiTb| zdUT38A$ngC2(wZWWhCnI`$hhqfc{wibRd885J=14l)nE=a=sAuureh*y-AMVoM7zN z_P(Yfy;8Ir{}DV~Hv&!5#Q4jXup)LZG{Q*2(vCvr_ms=wrE(jLxSV52^WYvjro!~SyFw8wK&yVXr?Te6gN_65WW{3 zo$l|R@;j;(pufSi+UoR&gyKCd&xVW@lKl;bWS@!L_5Q9uWx4#TLJn?`Y8K#Tw;7-P z#T)dVCo8@@4=ZR8gBKoIrM^Da2h|G9Myl05s5i2*!lRP@Ri@8$BC!K{WvrrK$5OKk z#@;E1Fb`;ZPB??7%@OI9@w}9phEj=V=0wyF8z9+{J2A{ghoq({)W%Nj{(EuUwOv}tpRjX@9w8wk7%xJAlSoO(~sukQ;&NwcHJ{a-u zz>X~o&+_Oc#%drXS|T@zutZ#yV1JHWBDU|AB_aU*5`g2<@G!g~V4CLCEBd}3&3x$b zZ7|X8wuuFZzOzTRBYLbSsC15aT3%OozhLs-xRdw&#C~)V^7)Lr(8GvYWG5tUi|;H% z*w8_&ub-^VyLO2?mk=FrGPL%LRB_4{>VP*ftYF4HQo{*S19fD#m4Op2#wMJXU$A@# zXUB~cTTlI2{g!-)lI6yuQgWY-ZBzK#{G2cXc&MUqsQ$GY*B$BfCC zV$^5P<`lB(h3Q#jF7Hon*s$Ti2aeYUK9k5LSdvn^2HtX3?vh2RO2#&#f*21}2I{zy z^%^~>C9&NZim02OH!&1zBbV;;P5FN=O_dhV-N$oj>d7umr^r$ZxnXUIi35BIp!qgG zroU0+NujU5Wk4k`=zy4L6YG}WeMg1^``MEI=aD6iWBNafcF!3yUXe0CV;Qp@>qA==&@d50p!Oy&(avCm@0&Y0}L5&wm z>)cJ}T3=|jULpCb*gE~NxT%qL!53x=u7vLGUeYOdIVzPF5dJmrZc%DypL>sEHzWg6 zev1@8B*Wl_7~psON$8``d8R1{6vzN!_4MIGnc3uvpLad9ILjEH)D;L`8D<&Y5rIIj zFeQ*y;MaCz4qA$+1d4+*RwQ;nGvI|Cb8Loqxyr2kqEr3kT658lO~QgQT9&_vvdLV* zy~&9BM2Nx#N1Z#|w1M8e*rcPs>V$0j4@uiL4^T)(b=-m?=yD?-x zzug`mo!DNK7%1x96aNRaLn9<$G??NHx)#~Fam@K%Gk3fF{19^w6rsS8xjlr1evQ5_ zo*xHO#rhnZdsnymIz)Ziy1~}^Mn?AnEmM3M%S1>nKIt*2Gxm3Z-O}-a;Ua_7!222) zS1U!YFtKZ5Lcw+ zew{eiSu)sj!HC!hU?S~E?9TKxfzgz%>Vh-FmxpkhCAj`cd_mCq`nRz{NSJc?f-COt;JR zK%7_JO;k7mS)Aa~-%BG)AOtUS@eU#OvP%Hj416xdXEHvw<70E;pBK-{ln=#pbtv<4vLwCNvXhFa zX;_ZayLkSH1v>o{0D;v;7(poLG>+?6?^sj@6=3XPz)>ZJAwqSTl|FUxxk7fy66T{? z5HE2%F?BUXId?dU&F^=_bP*;3p57=(QR=p5>)wjd$pMPSVOLPl_#GTRM2zY^3xxqd zy#!It00RZ8MZT?9@ce9x+d{7Qc71{>e+hp zh7W}6#rSoeTCSw!JSyyGZ~mpz;*}DH8aR;J4XiE%8WNJf;9AF zUL{+aQ1=vkuED1qpN04w$+xUIDEGxu4!FQw#O2eC<#vrNg0t6CXK;`xZco98-f;n+ zctg^knhAEDdD*;|I0s`JX;q&zFx?B&@;&gETrWj;LNdfZkoLmC)5wiND2jr@l4!;O zTpwxfqy6D>$#)|&cfW9GYTH=WyE`@#dtguR-FWN-36!M_FI28x@`alB`OC9yH@KST z)*F!{47T>4{a_9=$=*GX0(p599l!|_WD59)0`*#ta6}4msv{CDqWfFeO<|_hpb}*J zp|&xEyMjseGu>-Wz=nh?0=z8QjsI`>JaRLaO&*o9m2OT zCr|I+@Do8#FoT=|2a_on%bKZOMIeSa`IiQhtYc14@Pw?l{fIRl16Iy9z={{f2cQ~(zsK}|vx*zDL)e*Y#r_-b>uq0L7q(r3?dls1UB1@@YmhW~*CUx<7_K69KUZj-|71s zlb6GOhoVE3tbrRRq~>~S_Hx)O(5e@b)u`!{;FlX0(B#$y=EW$PfSy^eO9{`mJ)H=3 z>A95w$UwIZq<~EDj=KMFMW9E0`n7EU)a9hNhKL&HA|ic@Ayg)C1j?7u48;_r!I~&P z4J_Cr+^*Q<(XqKe(zj$JKu@dBsc&_!sUj`3nzV2y(oj{4uCXPg{O?^nsVZgN$95_$(89bYof1TY*wU z`dhrT^tmM)%A|h>o@GD+?JQyzHGDW8Lo0QV?;1nuwNnTl`S^wvm>At|3~{Xm6Mo}B z9}JE@@coH{nfTas|GW^{AQt+0_ebX4-q>*kIP&yPMi#KkT5ei_8RQNiGd)0;cZZ{P z(A}GO!Se|>XUhRh94t=@L5l#)AI%^>QAk}23qe#8Lhl+Jy9i2iVmnUI%1wC6;jlJP zA9i;=j8XTpApQK7E9dPf$NY%9CdZ~u=mp~ed6H>I@f;IlB5dv%-n{6_|L>*|pyne2`>o;P-RE^_( zUr`)URqpvVvF-#hjLRbia)C5v9x4fDhamIyj}U+4W2}kzo`LU4_}qoxtMP5|?(F(T zJjh4=0)iL@HYej7Bm*m%-=_ZC%7T3))z;ZN$||krf>i@2DelF{s;m7w`benR{K5^E z3~pp>N*6*P6=MfukBvx7x5ch&7!ePM{H4+D7m??PX4LL;lq}g+Yf=vl&Hh{K) zhhRhvY!UM20HgeI9atQ%lUHtNrlfiMwDdohE(D6?NxE$9AFtsq{3^02Kf5YKDIOMn zk8?6A+F*vak`vBU^en}dg8I*_3nDAApbnCS!iiV(k!kZPtEJ6&HqWIg~ zV5u(^h}&a;EL>R2;h>O%_&!% zED6u-TkBSHq@DouoKG0bzKWeURJ(P$?oelD{Izf#gY30o+~!6-Xn3L|V*T$vqi>CK z3xl?Ofp-1s{zahC5<8mKHGe!+i-50p?FH(pi$K3Y(n8W6uL|SJ>>f#H4^He`?8?+2 zzRyzB9iH8{(5-%B7CzYZPN(uu#(0pad+-BfD=R+5NT6zvRo$Acs)ojO;Ko&`?IYCI z0p^UN5@!~O01i@c)E%C!=1Y+PuHL?y-D|PB{tC{dI~U4%SuM`Xgtx=89`z0n`eT#O zm$po-424K#a9%N(TJ22zd)+(RQ83NDX&bJ8`C$?pD@}c3z8;x)3GQt8Uay?==z?QN zaF>`D)7J|wZPP1soa>|*lMD|Q!$Akg2uN#4xiCR1u<0+gNTFho(Tm1Ejtn-efk8$f z8ud6U!X)0qHw3}MBl1!-%$S{3=?V1t2WvU#It06AA zv>NiO`lzW`$v_D;(dJdU*+S|xQ90-s_ykZaw z=W(JA^v{F)kQ-PKA#5fPG$1ZvuGJ_z-qHN1Y+w<7xa+%e5TmWjvzs zMqv4N9jd|m2GlbLy$7Fc5HYL)`|V#L4eu@Rh+%-%Ca}#>ulz??R^oF=4qh^Y5UrPEevCV<^EM(twmBuqDiK8Q~$K_0NUoO|O%cv9B^SlDKQjK>(f zCNAwp&mXz~jRM{l#MTzDJ?js0{rIbu#lU#mhWr#S5vZv{-GX17rtsZw6_5qzoooRR zuWjgGklhF&2N72T@CyR=naAh>_Tgp^`JL-7rMZCBSM;;34yVzvC7_oESrB}QLvZAb z3x|-}o|Tput6)B{%|2IX@*xS?)C~f&?t3wNN1UVY%>WVtoTrzTlBk(=#-@ON8d4)M z|I0Uy*)U%s-i|R&%_~-hVjFG2KxwNJk@paV6dPTB$%fg@I!Z~B8&P({7|g@<{|8N` z4()9=yc;iYfkn&S&Wv`ahoI4T4b?(?683m6DiI82ycj>*f_XFY2ojb+ts`4%>c`g9 zK%R@J@8b3nAXx;7GZ3}&=xjdZ!GGiO3XsX|)0vh&Z4U~?FOm_DQLD1_eQ6E|*J}%C zfBV|KMu*ih=13JV=4DT=v|bui@eO?e&QI-L0~$xad9)P(he_Ip?m>#c3NqD$h9{Ut zXW}EpUae*~*d;5>(Z;**OZY2kC83qww%gN~jnU1I?Nh`P~+jA0X20?gOr zhi5vSa5)b;*?}#aJ>{=l6!baXNV^f6qXjhFh&f(|j*p}Jn@v_t;?jTU99Cuyz@`7n z4ZydpY-n(l?i5alv*SlK1o`bd$OcZJ6&=uQdNw}^1j#P$YclmIUh(*{_Z8&CE_4XG zCrA}|TSbj5Z4|%=DG~ZQLf|!Z>Q+J|TIBWQ5xfxw(rT+$@e*{e!j^Vzv0M&n8;2 zY0kiU0g(C(Pzx~eX5%#rB@z{P=m3GkT{X~2aA+70QW6;cc{U%FMnf;*PbIqO_zNct&Kd z0Q|TSBCH%0bn$Gs0bu!Hgc?o_R>Ed5qF#}q;7(zBaxv+XL#eeaBV-SW$4Qt7BI{v+ z1Ec=Lf={NwjcKI{d<>>dJM1 z83F`Ey=v(k5A-nrQVp7!ml~>skw6l4hh525Z?fB+yw10y*gibCE`BbLg|X~+R~W}* zosdD**I^Be>*-g@SnVjL@>oVi0!@Z`_uhDhaf+2cdR3H}Kl_qoMvIQZ0?^T{e}DCu z`VZsRP6r2!Uu9-t*yU0VMdcqH^T8t#CLJloh>m36Kp%;9AfFLEe-CWnxK-exD9Jrh zHGUPNSZD*Eu&&{K9eyi9^+D4jP&fvXMSU~vXt*3^9o)j#L217EL`)s6 z?@bLsTUP-Qx69Kr9Ty{epdR=1o{4k@(UJkp{b^(n!Xx+_TWTVE_joqkhRo@9XON%K9pHBjYW1ZXfxZSXtf{HWKIarRI7aOIHW5Rh`)N2nMGWl*i!UKIWWg^gz+R%q&@ zSzR;=f_iYN5R^rF<%2k`$DlSa(KCREJKE;@nt#hr^d5%@*VkmQ1FOC6DF;2_o>Xuw(N9N*KcW7x`>oVKG z!wTf_8uG3N%Hw~-wYG%FGbP3pRGhvN13QjhPyB$itsg3_40b}Ix2?r~I$oSQY|2Y5 zXrg0YJ2h0f22iiaOm$jjlHKu5*)~owF3bXdz5qWL_eU|Sun3u5q<~P0hca5GmJd>0 z=k@fKVn!tnkMZ={<;NjU?;#*fK=t&#iJytXBRsu4`bZqMdwR)D5{IEZAT1^iuJIj6CY@0)Gcj9>lz zho*rQ?kDzUyVWG!S|yi1^ST9!;3Wy)4rd)tXM!LjRQf9bV_avIHU5G}DPDI}aS9L6 zAf(ccH`8lj=@UN>3;@ygSQ&XpIs7CexZ4~u5FLC+b)a6o#a<<{$LE!Y(k+6r_;bem zY@>HujSen6Vko3RG+cSe@i`(R@*YwUnJL;g09zA6;RtmIEowSmVxb0u8U;{lMbnz} zQ`d^-#?thI#}CjOx2w71M4d02R%w1g6zq7F|nJH_4U(YuuX?>q?VHE z-4LU^eM_B*!=;|vwxcbaIAWChT5S;Pw^wPsk>r}snt zIDArk;xM4M$7&6S#SX;=VW?2zL}R$;z}N8K=6a0y0|cbX;~p$6?!d=@?A_=#vg^A237R z?*Q|;mYw6LQ{AzWGzA4wJYrNH-PQ!O)v5NynaRHs*y3&Up>JbB%frw05feY2-W#cd zD#PKyX*8B9+X1&|pb0nF214-7M*Z;jxKIdJk4Y+X;;0huGK_sAzOTpUC3lJUQG8^} zs8%9Q9*Db~>pUp#ocLIdl4FNusRilZ^qyWJQ6ngWY)2!h3?+{V5I7;Xc8lD)qv(>@ zLdJ-nO9A94u`=}mR*Ik+0qj%!*uJ_MO?n@&$I2={>hn#bmJwbavh%GalMLAf^$E8Ke?2?h>O0yQ6fAtSHbC zmg!b8YVcq=+NjTNomQt$mop8jh}Z@;dYqub(ctK1W;WybMlaq2Eq8@YR*7n*E5NZ2 zt(RBsa(pB#HZ~14`EZhQ>Ay*XAbu#k=2|rg?$SIA@GSxPo9^eOCdhX08JAlbqpPeY zPt#3euetCIsS!5EX5+v~Ek9JW)Y86518=69{@-Sr{@-{yBpV1Z48nOD_!kUwF14lp z5MKB8b`+%#9Sj6kPpTz`2VAgKoaIc9@@yMGpy|Y}K+T>%C^S{g&pa~aTEUtqNz8S> zjk=PXVg0UUi_?s6XM1$Mkc4B9RasmXikC!kpC#dm_kyZIB@yXOU4y#+G zVY0YZOuHWoXYllj_VQH=1g)VE)3qHGpUZ8S*j`h7=DCGlKPa-KZ!li6UPPPH%Z;6Q zN^?38LVj^rg7Y$Qr`CAWilG9l(~pKs_~ISLTP$-5mDh!NzLCvyw(()MmF%!Q*&(#u z*`Yqx*JLeGSq3PcJNE$r0e;YMU}>^CcW3NKe_Whe?gPa(@Mx?DI1I)<8!Af77I*3( ztgsz4R+~-XVFpetkr4!tsg9MX`>sBmNsmzO%P_GcUJQTDZk+ATcEfbXJ-s@1UQ=Sb zA6F#*lbVgQxOfmtCr-L28skykXn-cexSw=(9j5EhJaf9Dfu*p4&o@t}{~$Mf5ZGhR zhT`~zsf%dPSvTB-GyAFN8;;~%4tA0=*u9g>t7*LozeQ{%bGPn~Y(s^+8SfrZeS znJHT7&0tCRTcnHe>fu&rQS8jrN}uDS*r}Gwx*4Ui9%`Glomf@yZ)dBE?PxH~`ld>K zRjf~&{GB}9i0UT7>8N8M=F<{I&eI&rYl{VxaN|fL7M2P^c=Ty_W(hnOYIy3zbM#cQ zX!;iO!N)ePDNj=`UkJGj;U5unri7SUicV48ZLM?YaRD~9zf!h$owR4<+FLB`MRa?i zZ2w0}|JkrlM;Ikm5f8GA@7;95Eun0=&G3a(BjDldZYM(3ihwBFw!F|)f*~r0U}a%X zIg2d24QoYW`T_bxvY{gwD<0H1VQ}WK=kSGBE^VdZ#NZbtOYe4ooLwXS z?`y)C^YXIIex~QWGx)6T`~&lffAu=lht9dw&Brd!^!)OCR^e><{(VQJKX1V^_1N_> zJ-N(yFAnL%kxG}2ZS%tIp8w)J_G#|S>)AP&oSxv~5-(=BW(Xq=jJ- z*q{Cth57q$FHARL7QEm3<1z8c^!)bttggzn_eEj-2Ir&DXY(=ZlXNvXTiz(Q@{c`c z{(h$Cx6fzw&I?w5ja?S}d-fa?ex~P_=d=1ruKWUPyuWqq@=VV!&u4X2uDs2Hf8Mdn zGd;gNpVj1C`Dd*1V~<^)>G|dPtloJ(+y4iw@_U459J${2Gd;gNpVd!tbb&nbH3%$e^!`o&aYhh#=>-S{^Zi5h3V$}$faLgm~PU4F8$2Hbd$bw>7|9~CjI8p z-<1tjmi|oobOT3j^{}iN`B%g&`qb&0k4`t~Q>R~dbh=5OI(_cZ=_Y;Z^eIQDoAjyE zM<1PT(x*=UKzMoq{3d^U>)hed_eV{8I^CpC zoj&F0bdx@H`skz6P5RX79|(^x=)XyyI{n3?(@px+=?@>BZqlbt-+XksNuN6Xx}(!g z`qb%jk4`t~Q>RZkDm}WuXvyH5)~DXi9HfX00eK?4oyyB5;{^!**zyd|GPgW~NA3)e z4v*As{YBl3xlhQGk7*47fAyNPQ%06&lhJ3N+bF$?yzhhh37hW6o`D-S+-W^v=N>MG z0NQCss@dNTT|m@E+cvF3;;oyNyYS8@;yJ z@o2VIj$yIigoZwdjT-bkb!jow$8NojJ;7G9nr5??49`NuggR^qTWs-(qNGNvEl})i z!-*p{YCI}?hI`*-KxIT7{HCeO_iTO`Z=sN|4ukxIo^54fW_1e^U}m-GG?-ak!oA)2 z&UR?PRYOU(#v70YsHn|0I1iU~RSIttJid$nRBJl?g8~?k+88hI6w5L|7R*6*ChI{e zFZ>|jqqZ_XOKO&Dzw`8^KIz3_pqfUv>lrFsuIvs~;n(`zp5Alu-ELefJ-iC8XoOZg zx1EI707R5PeugK0?ql+QY;adk=bfI~+?^gEtycXW$!NQwGdvGqUMdD$=#6LntB0i` z=x+RjA)`myIXockShwq;+0oATvOQ)^@e@1SS=Tw(gqede4c(9~BN;YsPT;o=gIE+R zH|~*&JGYoav^J0f-n^nb-AeOprotPf!V~LBFh449?+8a-ra6VD_Yb5x-ex)hpfi31 zMiR6mvw&xr-3v%&v?PFfsqg+EX)0<*1c7NE0tbj{M{AZRKEgE({;Wk8XtxFhDVkf2 zqF!{tM7Vd1D|FPsuSODn(wUnt@VLh&&GVC@~?{enLq?e z8SKEzNx8M6u;vf+fZF(4+y@dGrk*8heyjC|=y)L22y(y-g?(;kI}uYQCTMU3qxE_i z@&LLQOijg+DD~A)__R7t%U}$^AjHWljP<{WPX>~_sp7u5PNFV#4v`nH2&pUPV@!FI zg~uo9rXYWNCT zC)i+0aN%i2_SFfnoV$7zmqZ)}J3}Oby_y8ya$`>*C&pOX0c=3PWnRpuQUoti7Bv zkkcokQv=RfTPe{ z7j^$|m&d_A#!sSy^?fCX_bVlT_@vcLxd3L4*0gL>Bjh!szjt%Z^nsa$+JzK4USLr$ zo9<_qno2WbRQp@{3C`H^{4EhLi)0BlBI< zL*zZFvf+V7Q=FLP#!03hXA@H~dRkk#J+@?cz!^hmQl3;@)=(N-FlMyst zk#SlK;ILp}oGO-*Z(`+Qhd^}!;~$cvUUGoftu59$h{kZr-+?>8lkC<(#4>oJ9&2L% zu_WsRt#)4xCz9WQQyn~+%rnR%1v?KFpoK?G)f^C@s}9V1b7h;%5a; zlDqB)`AsHe3TS;Z;V$Yu0qvg0%^_S{w#0-Dxln6x7)zyJvUiwkOU%mK{R;Bx$vcRM z2J_%}(7bd^V@>&}Rl@=agAM$6b=4RUNgV$AHjVJAABejY=Y8f|2Q=I$(rmCqLInq>ah`|W)9}SfKY99^(tcaUjFJT4ewA!1X+dHeEz1XQZLOV0t(s;9_ zT^dy;6%V(%if|vk6_bxA%;}HGUlH_$!V{kN>gTZ9qkkNsvBv7;0(l~aqc7RygS?t- z@~4{1lTGER=0LIu(Q1OpreLbMBH2`tYOYE)Ri&DjC7YI|ninOT7Nwf2lTFpB=GtUa zZK}C0*;JQmZb&vYq?#L(O$dF{l0>Mf=C)*0TdH|ZvT07Ld495KeyVvvvS~r8*+@1S zh#i@1TAssK|Fz&oYC;9?2Sid&27BoY2LId5N{Nf9f z7FUl8nb>+)Q0hwUPge+zqt0kqUvF>|DmGpR>kO$~7s+k`)r?Q^el73tjRIQjxP0I3 zOmC_g1~qnpQ3tBrvjh#P9)u$%jw#(vn3(ssn%uC6&mj5rh9%j);9xpMvRjn10A=~EJi%hrrc zmH&naNc;L)Ke4d&B;4qrKdIM;XS(e13SJ<8uJ3C5Mtc(hu6&{XrT91=MwHLXjQ`IH z#vv#A9j)nGAn&9G5ob)~vFw17pToI*?Ck%KxOb0_s=5~V6EY+L24>KxQ6r9aw9&*G zO_WEX5*`5+VK8O}i-`ALAE#5RRA&HN48aLX7)NQf)wbRiU#<7nw%S@7>MIx|sHmu| zrA4h;ZFd^2uNH%^`F+>g=gdq1d*ko-#}7W4bIv~d?7jBdYp=cb+H0-78=1~{XDFFA z*ypIJu{Ykf3MgVfNh92(2FF|}X0`%zZ>lE;@+b?ktrEOc;wB{n71H)$-_Jfs*9akV z?nhz*p$}}M$wRq51nommA1dsFziY&9BiV9ocf2OXM$CAnHNkAJ;#&cTI)qaza%M0U z#4k1{zdNYm{c)@hbgrRKuy4X!aODwd?n7J$IDimAYRd=?Eafg_@kvbM)Hk)?Fq8$q zhYghVwWyp<9!Z#vy{(sl4oFVf4ZUytV<>umZ=a)PtGy8}(AQ#@!QL^B>O`79#!)Dl zgYN95+Fokyi$6n627bbW4pw3_yk5xdWP~+Qb?5GTUC}*bCyUe7-;~vQKK! zE#t>sk1x<9;^#xe$#8uN74LZZ$SQPF66IuE6A5u zVc%EU_cE~{STak$kXt{0yCv zP9n?}nbTJir)mq`oZ3|!xK`r+cdR%nJ32Y?)Xl!57_*#y00Bwb*n+g}q}BIG>Ny<$ zhzk_ZA>$miZmsWVLVEj}CbtKh{)6jtk06-ZMhPy|amC2lsV$#Q4XkeA zNd=jz@6|k-HqU;7?JYor8#lJk%rsnrUCVyzKjk=3KIh3PnfV9ybMB_mHj#zL&)-(z zAIYdw&S+BazaVx1RcgZ%tS6dHJ4aa(I>s6eja)V|Wnu$? z%w*2DO9S&|h z6cDu|DYEXu-VZQsp>Jd{8;m9nCUBa>0&Fv>tAu~B9^ibCZi>a)pae#7I8yj|w5rYg zrOR>}zf(H1u6_sc>7XVo8><LP zGC$bFAZqu)wo|Blx54%rY3^Xl%+E63bhJI!UW5GcZ^qkctDjrB=Xm=Lh3z?WR4Yd;;)w@L{lQ}tD+1H{@BYTHuyZFpmGRkk8a=Vv{85RKSs~E* z3+ZTasSOqks6_}EbzVH*VGb^})6v0IHLSsf^Cn2I3UodR1ayV?U@I@IGhhBjVIN#A z5V9@9*r@F1l;o`XK4?=JXcsZirl<#T1%!uk?hrF%pjGrb;>@Mlb)e}N<@O72G?Gb< z@v@m@h-s$39INBk8&PE1mdm8WPU?QxX3CeOpkmIxxN8Z);3{*9(cCF3vVQYpvYQ)^ z9Qcduxtbf|$VY3}gG*-yQ)M&!m>`S8ct*YaQg`*G&+ z8+=g5Nh7d-xKFh+-avFSI1R<_`$zZsUVWk~C?NM|Mu7o1sV&IHbF9#6h;k`|7mlD@ zp?(MU#=W9>ly&>gjUMM1FJHQ*7(LozMQ?=<*wbnVi+Ul@xsZb1544ZmM%@?Qx}Dz*2T|ySffqW%AIlA^ zI5{9o%GF}-Au)ownG)qaWt&5#4%2m&{63F8TuQVBflg@xxdcYr9P`3hF_$VQ@oo}z z$Hkl}pMeSN77w^UyHdX0#QSVLzQPe!jFt1<4EyIZi1t#+k31zHQ*xk%ZBW-jXeiLR ziX3!wumlA=nREnz%gXusS-hxgjQMU4WJ{0|Il*_lBX;Yy>wn0n11Atq6^kqBDekg$ zd`1uz@MoUc|6?yS2tGEE+-LvIXU^mNK=23GXj}LQd{4krLhFy2>Gx9QwMqlfdipUK zot%zyZKbbh)g~b#JKntUZ1>lm{*91m;r^hGR~hj7XE5Anta_WnjQMV%HnWscJ$+ec z*pQU&4F8i$Tl((s$6O1@vC>+QA_t4;Ttv8zo7L;Z$B;fqoGcdswiE%hFCQS#N)^4W z+Aec3I$;@J#9;_@9>(%o8(`Wb83bd-j(ZHr@lw0?HjSqc9`kfe_At^jpT0=8EqH`= z&1O#}(D@3~%Trt;utocd*u5w+zuga{lgD->R?tvnU01pJ<^B5YEMI)2XzB4s?=T9NiE$AHK#KQWgv{QdruC966lDvcYDR6`+cdM=4eG zXF(lJVfPXO2}Yvk#R^)-GQ_#x`v`ktO3aP_WSJx4;lR)1OvO^?L{r%!oi6;cOfB38 zzD*;vJ2+V>4cT&>I>pOTPMKc=wmRNd!*9)8%sJ!5-NGhUzol#^FvBn^#U;??JcQH> z3+cmoLh3qUTXK=tlE!M=k`wp@MkG87MwDYisRzS;aHPI>%7;Gsk;jLGo5(og46GKl z;#EHM7MVYb4+&2eJ|yv0z%Eh$fK>zxmk-H%;X^k`9j3Tleot3cp?pXfIUnTNs+o&9 zC%6&?%2cH?9p$+~i_Ak;TBg(#F^5}cW$++A3c;u_q$*`dygVZJQrJVas7@B46OeDDqo+TD=Q~o`-d-IkIjEQJo(zwkA6)9I6MCo>=Wz1PL6or_N?-0 zwqoWXa5C6Y=U@9}nX&U{y1#ge3}c>!8SwtiJEhNf76uzgwO1BN>I;9;&WoC->`hL+ zwlx}GVk>Ph-=c@zD4@wIFS*(I8C^y9+K4IAl8F0*be8pO+LR4? z8PSzf$bw#`R8E9W?rV;c&Fgo#Ezit8yEl!zDLKt4P1h9r9HTRS+|+nyo(q^8b9IOflO}kl*Jrf^dIVi`dSL zm3H3AH<{V7fwRfX{F0jFOV)5r6TLgw9*`W@kYmGn{0y8hpZPe`f{f@7sLuc%Ooa#s zKv>o#)3np5AhJR9x11XT0m_sD+%p_;#-Z!)3L)%_0ooZ7yTklZKdNHIIv%XM$CEc; zxB=aHqqkNZL4sW+WN=R^7h?#Nt~Q?Di5%o5l&>+t(xu>6mV80!3BTK645t1d3rc`%`j=rT?IB=^x{PRx|m0nGMQ4 zB~E!Sft;6y`D7{*xVtJ_`K06wkdyO(`L!J;%e#4l(q-0kC%d$YAhf3YBvg2h(fw@3 zG`5ttAK-ipQk-|76z3J`sK&uQX$X&04a@^RHUB@ z%$r*=|4b?3#=;^7n9b$;VrJu`+AB)_Q1i9~LWK{7h?-xD97f>iK<6&9_4o2)EvU*R zPX8&VmIV|1{fxgd5Pm9ug(Cz+;Vu-0V-(9d0KWdO#y`mxWT4ve^rO+tl42WgWNrCW zPS)I2vpFIrkU{gN@(De9K)+IM?oTfZ!LP0HhVc1{%=CYqbUk1OuGuNS_jfpR)bwaJ z7a3*?+0<(Z$!=at*fZxylOV6UiqjRf&leEIwg-i2K)O}TtL zr{^{;T%0?1BDFGHl=yP$3GU-{MIq^Pd6ZKOSp`WhL=YH(; zvfy<77V>vFe`)@1=kHhi)qo^xZ=^;?|3Cj=3FRAE>XAs)`5qmr!zMn}O!!?+ufhtRyZ#z3=N z(dk(gr#M=Bi@kBj6rOY;Da{p9T%z&dwfyVqG9Oy^Fl#~GqM*&{gA^Kq2 zAMTQ^Cvk-Kb&d8ox6A+X-``AC`u(GehyQ&k--Ci+mrr&vMRVtK!4XBh7I(Q8H{>j5 zX@jkQGkjz3-^XBpgfB9Yn{MZlWD;_zlC5bEp-u~ ztx#yGa-VpBN5A>eB6ntzz|;-WBb9-9(x0U{svrbDbu2Z2s)I2vMCrJErz<) z^lBp?gfVKkM72awYtlf}X68-a)alTVb+!1-=5ut)4bz!+uJ!jKDUOPnpPef}qZ*W; ztD&cL{ChGbM@V0yt#+PJ*!e-s8?(Q=E|DplaKMazHdB(A-$Oqq#_;4trFo+9-A?m< zBHsz#BIb@~K$|^YpsuS$_WlWpOlBI{5F!8XZj(uxZG*5l^17^~CP2Q5{5$~BkpOFF zGK>-eTo+v|w=Q~00q33HTl!El$RhKQGk_SMLWbr@0+R^jG7H)hD-l>vL`aZ$=Pjbv zDQATz!ycHpNbquB1aLV7A<9+<_?HRhv0QWa1ANC&wASO3>L=Mum%Or2DE$qJ(P*Dy7ORJK|h?Ct70ZlhqYnmYWxC z_1Yion`K9qG+)~9x@uG9G@Hq~etT?0dd(ZkdTlk|xLa03ufv{PJup_zLd;Hs41i{h zqY53ARJe4ouvhnl(ROWvLo*tx(}VKs{l(1eaZrx@A0ub(P5JUC=wBjJqaI;XYrp{ZoA^YNezh4eIv6TFi;X zh5GX%l5_(HEgM#y4~FGxZleU&^9%?t?2LpSMsp|GQQ7^H>#9vsTyM0^;^&=oXE;m( zlMhR#>5k-tQi2#;ZqnIG1l;Q$1$nZ_67}#R7>1XvifsR_*~C8drGD8&CD00|rIm_F z$KlpX#LF#(u2ghUX#3Y&U3-E09XuVGVM27}zd0ka9lJ&+%harXU}VQGG<~xv|F6h4 z0lU_Vnio{C@ptY>AmKaP!64_s*)*@d3hE1Z^{u>lq3yt^`R0O82z}88n%c~zbR`I~ zD5z9Q73Q(kT%9fPa5aRw7=Oa?&5wBxafbSQVIJX+UXUUU5E5%M`!P+p`wht>9f_2q zjTwwLJNKVvP0ap;G zj;dOz^M}vtgd=rM=DoZ#e|o`7>pX%q6bLdM93-E!!7v|VjPiYGRMGj&0t}CZdXz3K z74{V5%o>^=HT!EK+o#x$Y$YXL9L0YhdWFAK8N>K;movm3eJO{mZQ!Y2W-><*g1tYy zPiVVb79(epo<2i&X=ZWz+ey;?jq7OtLHYK7*=_%$BRIxy$kBRNb}x_*vco-G?+oXy z99+LI=)?yDOr%Mllb|$$fo3r3wWu&>(tpk?_xm8tS=yC#nBQPqEPd@}IhJ(g0+>Ry znr1e--Q{Mo-Vs9+OEX&wsyl<~+(O^ezGDB^E0iU29eV4qSPUKk!dr=zW3G(}xtBgC zeHcvld3oJ3es24_AYHrBe3x|RZ#f8rU_GjRa-2|YLAB2Ba`~Q<4x0~WbK5shig`Ns z`uT!lI(IK-!wTt-M~6wjiOafgw*5DHN;&=gIP`v6@s!!p-;a*KXq-jlkp7?r?SG|gp|#<6=wu<%HhnWe}i=Cv^KL2Hw~Rg1FM%)iWAJ$pz3OO zn17!dQWCRow{niB9H%#joM#Jwx=23($1b@P@SyG>oW&gZQAxpms-Gm;NUh?Ey!~J} z#7)e6i=9Vd7f46RNlr@+IORb?!|UXLbkf@5DI@42&YE1?Ts&o(dwwNDvS(-) zo#f2R!Khv2!gw|?63@yTVn=`Kc2U&4y-movy1$*OwAa|bB*`fPa^S9pXMTJ((6JjT z){oWbD@4;8f@j^hFrTlMe7|$^VGO)-2kNB91K;ZzsBuoqLG-lL;X>3m#vSERbFqRz zS22$W{@wktnY(frEa*ILyG05%7xLQM4@W>|Dw)B;U=GW{*&?m+yr8v>J25UjUqmJX z@G=3{@8GOQ=IBQ@G2?aL%}-!PA1^9ME+<(g!tRTw`AHrWBh81_ldyB+)IjF~=uD;x zu@L|R;W&!kca1Xk`p4JK@Q1^JrqNgWe02jOd=uC3+??7KTJhJI^CBfg*PO#1>6y4~ zIPb`#nZ+$ym+Dq0=#%G(@~T#EUxeQpC;!M(aL3R9?5sNuz>2nd! zl3`NBS)mDUuhEa|(w*TB&;&!9%Aq2-qDIXf0FI=Eq`9A!@4?q3NcF`J#GbyX*BTAP zoHbg|k143txmoYO&wb3fPw%hO`z?BZ75C1Ydb^C<)TXHb791(jP_kyJSkK4iu{ zEfx75IFFe@S6p;_c>ggDD;w8uahzgf@7dC#7sEV4|XDKo(kzN)>bWC6rTG9AH z@^ulQdv%@Ytj%$1T}{3KK=99p%3S`b8ej`U2so>^>1-l&Oe@1`T+UYiFE=4AEh@kZn1OMU*$CBm!tCD-x|}{i{=!3)Yt{O>k#%^ zSiu)@MSpy`f`m-kl%9&@oH#+{G-!E*cvb0y)h>9Vyf3*eH*Y*FD=`1SH&cV323AX- ztjgXB?^{`y_+l#SOB|faPE7<>W!IC&0jA4g0|PBi&-XZi`V{BI43|kxha?`iDtjAw z65&V1u}le=K&hzt^Z`AmGxh# z*K?fbXtA;FOuiY!)`rKhd2Jt-xXf$#+9VHlHs(sW#Bod5I8sZn3yYXJd=3N5d`!K_ zyK|)tm6-Bzrg|PY?(`Is%Gd{+WsXW*PE8@vUvsT&HOKygDy?2WIU#$(X;sWD2L=(v*PUVU`f20)$$l?1zWAegww2Z9Yk2O`@9xrv zH7oPsl z6b7@2QzK^GZ2F5Hk~4Q&I~t49?jyY1mDcxwpkAB&)yFki5~Sra z`Imdq-%feJ>PfuK{bRjn6yU78*I!VErs_|9T0qo{w{M3Mpo9=FGJkzX;i0Dw5p01p z!B8|tF{f}o(=3pH%p^u^;v6OB8T7>2y+nXdzneHhaVl6OJNV>`V-KHi49HqimdG+I zil6(`i0N;UVI{?(6+vxxZ^tP`=?@asgkC+Bts44g?`4S+h2F_JjXC`LP1S>R*Ks}XCgqEX6Z1f$wZ|kHxClsQSZP|NLmf(EhpJK1a>f_J*$L#u5_w z@9n(&*Qx3oG0Y9|Dhj=6YgiI83yHH!g_-r3bg54yJ%-T%=PpFp6rGRAKmQOxQwn8K z$uAS0#9iJ`d4Z~Lj)5K1!Pm;DNN3TMvZc*T8d0o20%~c0a-@WEE|SgY%sJsOeF%4= z58szK_Xo&KbTM&rrN5fS20B0HRTII%|H(BoFRR`)FLF=3k9AI2uxUzQwaD*}P;pU| zpxcJs2)4YxMO`p!5o9x$7wdT;O^wMZn&S=LMa-r0D?GxqF|no5lA)V6XKU*vp0)zT zw+i*Z#ZA>o2b!vUMC?lj7BwA}JR6#+9B6GiDLL;E>MR=QpoU|knqL5E*J{eWYTC@t zG;n!ELD>WQH65P3Q%>f@kF@D<9WRK}Yo`}a2N|nBMkZqNs;~%^qrbkqwv@F^$kk^x z9iC_k+}~rd3t^33+fpnX@^AG!qvm=rBJHa*N$l@zgp68xxY{H)Ne@>HoSSJWuHQ)v zXo({KG&65Fut&`KPu0rgB!OK1{2Xt$pupR zJ1kH6bKv?vgZ0ItGL-!cMoPuGViJ7Cn>i9oXMc5JS@324PPm9z&-}IXSHqt>yj=Re znoqp-jiv8&rxvQK8b1#>?4rTGFI*=z8IgeGT*@l2j>T{0jN-L3i)Mnh!Q*$-^t1ff zce6x*HxECG=)i#QD)orH+S1DrF5ecmaNRr7ccoUJC?q7uPS)ZX9nxbOgH6TBz^A?V z7VRSi_uoeDCW4&E+OCr&tXSHhmE750h1|pm8pmaua_UH56WYkRt9Pz6M5HBD`$Pdt zY>CE-%ur>14t$Wf`7!hxG3TB7iB8VxLFXz8jhXCp+sg;2xm`|o88f9iQ%i((F_Q_1 zDo_@$ZzEFBHERKLxAvYOEZSv**H^*@bpa}hOn9|)+NQtfI?aN%uLVu#r-A3a?%FB> zcR72X?0+ooO+S;L?OUTYPh^&5OWtk#;IbpqhY0&nd&*KM@nEGy;rmc{B}bFYZT#T! zHy{?uARc^UU*dfdVN-pJJ-+KzsPkD&Y5LIgNm4519jfIaB}jQ=y%D3K8H9cJX66>x z_e?5Y9GJOr=xoOPDkNj}r?t>)7)~}`2qJ76NTw%{hk8Y6j0gTcSaxw&F7Inig}x8U zdk-|dc5j2*na%x$^eY<6bZ1!fT&i{#>v(9RcD@t36cdx;cy0Y#ve6ZyOj)H&r9ZM< z7w~&U&SK*2fr+_9l6W4HtIZ}ulkW~o7A6rH z=kBLBSE?^zjB3!`WJ~=tUvuP8NZ=IWBLF{AeBvnOLUR~-70@pWV>R&mp{O24GKny%x;o@Sct^;Y&3>)2@a$)#&r zIcZgkyQaCzWoryLg2W0p|DIXgM(J9`uB2rNy_2ZdYz?;`)G=vFqP%%(<1;J%H82+I zqVxbk{@+dy)_fFeH6WT0Nx~jj<-7mYGVP}~g^M~{0YSdqGS)y8a=RphR+WerGA z+rMtDl~R)l_+#CGbnO3{at7|tH2Wg+(a=1Os*mX%R{2XxQHH*-7rLsHVOSX<$4|T* zfzH#wFKWfA)RZis?Y*Z5cPePKjPme``=#x&3U;pc-r0RaKS0b_EFJE@io33>gE?B0j`x2mpd+NqYp!sgg^>(n-jT}@KY&CCl;F18#*`4gUZVVMOF3RnK zj~kuXUH%}#Z%kAd3;DWskdThew=XO^1xvTgW2%uMHOokIfG^gwgiG}bOxn?^qu=}}o0vy>*d6E}{m zEi4mL&n>r-Lu@5c;{z7Zj)dkOO+xQg7blK$ZpwWphnRT4z44v`NBj@98ZP)Q)8eyy zhE59cg$O(K-MwO&>Ytvb z#j6)VVD%I!;b*yGgu?sp;L)q$*SS}Z6x1-;Q(RbWd{tu>7LrBZ~WUSZ9 zFFBujALl85jrZlHyMM{>uTJeMNuHu?g?N0;@GzOEk*6x0GNE(r2$6&Pg=}CM%)jZm zB2>tPqZk?(Ppp(=jpB0!pn%WRMPG&gI|BhT{`^!1xXTm~O7c%-%yL`!GBu{n3 zi7>pFTxw(HJWilt%BHiPclOWK{UFs2Om!yY5+sO%hm@ba?IPty46248MbC?~&~GaE zV1@l4=2S3|AZW~aRSNJ&P3!Ijq_bxy%7V}Fci+;o-~n74l4Zfk+<%wry=%MwXVAjg+h9QM&$u9iJ8-4UYYs7QWwlIG`A!3fVoE2y{#-(xZ?$ z{jl-bzl2A#d{2&~ytC2CD}dM>VQ ziX$93YSQ9Z;S^2?oRwa!XyeZoPFvMgDVw3|d0q2f$*1ihTwDM#y~$U2fwk$Z(Qv0-1xQ zqpHmLl$T=h%Y*o&h&u*;DTO(vxjFK4o7{m4-$`PVlPEh$ju}jj)X1dXk+#*ep|^X% z*qqNwcZg!l(m(0?yt*}AuII^4s(&lvJ1)l5QOj%f=|^G+5j~}GOCTlsJo>sp^bK@x z>K8nVN~BgM9{mZ)T}Ygz>dZl6=HM+j&zDbG)=4MBOeWR5Q&W5t#v1s-PK`JZ`eilP zg$IJtXyCeIVNR)!4oe&;&6id49A}f}xj^$&4D2h3vz-?;F`|jGXM3Gk=hXL1#v3d! zQ_Ngt@3Bt)V&*hJP_7Z^l$G|*-cX?PRT?QGNC}{^nI~KHF*Cj~2ggsy2*_d!-qg4; zaQ#YF?!c8?z(6{S55+nlC`!8)fsw%~ih?=mjWr{pv}{g9Pe}$Pav0ZIG?ZkorFVf; zcl>~-_~c~|_mAR6%4>W&0N>;OobZh4p1w@WWz$ryHRY|uESN*NRT6et3O{CO z;qTL~#-}fPqW@mXk!iPx$bz&354C(dkD8Ker_94rb^j`<7kKM;qz3m5be7BKgB5{J z?CQALKhVhrGB*bWI^WWpeFB}Y>y1CqxkGOb2y{NDH#rj45#>9dI*y+A*_kvI|)I(KHW+{|n7j-hVIU#m6{7$T()=Uar9P-y>bX zuiw!xx_X&j=j>i3Yj>${#^WOU37PG@q9X2hs{jIrb@}`a0inO`*&E zO`{X#O=CHQV6`mR zKBF1?-I8y{S98ty#fdrO&7?@0p)5P!jO+3l!frDH*PR2}c56oTf?Po#vvZ-%=x-n& z(9Z_?{*$<$%szJe6>yU|;PUIa9y~fi9XH&4D}z{18VU{7J4X_94@Q#A-f zg?5{2;LHr1rp6~PpC!7I{%hDMz_nGG{zCEgn5@Xb23*>~AH;wwX2=Ha3A=lNO)bRcH)8fD*9{i~R`>b*5Y89m#?1dVC>r69fopFkN2}Ap zZ}z_MU0h=32glOBYxO~5&-;()A(>4;f3!*Bc_b)l;IPieuPAdm<#zv_8>c49oON

PNy`vrPl``qJB5oe**X_SpK$zmRUMaxM6&x`PVQU+)7u zU$se^+e_jauI&GBt?x0rp3S|m@sItoY2i-?nEy(W7o=kx8FzVks^53nzUgdwL}O_( zn0nNg+Uz6g^0!mFK29{O9WkXe`Nh<(PZCG1omM=hr8s#|YS*WUs z5m-B|WJ*g(qD=RC*?8_bm)WxixsJW76s(NG^^{_C^PRuSVkDARSYcZ&tXW>TbXPv_KjQYw4 zcDDF~N%SGd{Xq30QB!Si*bZ21_oI>T58W-Z&&&ML_w_4pAH}&Fh@Ewe;dszIa*MnZ z=qEV8$fY;y?iF(Mw%3G`uw>1jlEEy9cU?KZTvWNY8~ut-Lmi&52*2WBiF&416{>~N z`N_2(dACh4Q!#nsiZX&60m0(*rTC*4b9(N6&T0>qh^ew54pcbT3<90!7lys z2q*2mV&x%1H?UV&*t;%e-KP+AO@vFK=!uwvw;`O)LjC36>?xhAf>TN^7hRJWN{p7=q7BLAoqo{VZSiiqUpm?FmLH%O{FbAQwHU#i&)6=7XJ6 z1^K{E`@zg>D@4L2S}nW9$?+Y_^>kd$VklPdIcZRP!mh7&K1~zVvS*ZfC}8P<;4nZ{ zf%_+?|D5jAQJ?zTp=`v68+9;~+Qw0(%H3f?ZCQPPg)MSNT+Ih6i1`=X<&Y^Q8;>rhdxGrnp-sjQpSg zD3S7ms+WwW>y_%$fB4`}2S1m3Eu`HrhCrr=UOBqs)k8-=v1VM$Ky$|vhpySbg&p2! zwL%w~wzPo|4$Cah&R+X$$7?IsRMfHYTH5hM2X`BHm5I*`SgS1g*CH`f7`?f)qh)bd zy@b6xiygNQSFRjIsWydOlSgUk=yZ1DV0klN4zAtk@4!eZy^$)%oVupsxQ!p8gjxBo zl6UMEmf96xzSI@|!#Gj&3SSZN_nT29wI3klS#L?RR!Q?nP=bC&-X_X-Hv5YcqtPrJ zq<0n2`^jKQ7)x_Gff3}+Qt{UQA3$7QWn67UAuL&FS$aZtVx~o+Yy>lND>+QVj6;Zl zL%}d1)^T#?WfP^T^-^!@%A#OG({QkN(`qIZADU_>@=YMI&+5nR7Xpd%slu8yTYM$1cVZ{kadL+c zSF*B?ttm_W^^do7)r)KaH81S#DqmX~xPM#fwUsU5j>Ivk4}HrX%goAhmNtFz06LYh z+GCY&e6@VcmUQ1~E%Qjfo#SN&Bq;DIWTNcKWjDyEvW0pmDCnK7TeBw={XQ5pZO_R- z6g}rbjwEpY$RDv}o`iESYTSw3Gti|yR$m^afzq-{VYeaC3+P%#CFsP`^7vQa0Y|?G>cA>=0Q@lRe%;bg7gL)sc!P3rMVo+8pJhrd zPMn=?sj4Yu>-%Q4pRqdN#HmrUT&ar2B))}Q+|_7H`K2vIaNadt<^twTsqP!LI?vux zDv+=`?Z3$`tw@g}ii1?MQI@8a(MZ?akhy|pSYTsPO1h||Pu^mU_=`gXPw@MM1eNr& zC$U6#O37d@V9}e}UBF*5ss9+d3jAP3P}Gk?PVP~I7WF^F{gB=Q z|C4xOUf2Tu)m3{orY~M-oPEs8NN^e&r%VIZPm*bBP8)pq;_z8AO^AK9uCn!Kfq)%~ zm^Er=BT-mJKX9ScE80Jp-h#Lw)&Ty`xvmVgS5gg6uldAqFr7p@6-N*O1pInMWaW2j& zXb0xXK~!Vsn-9LlygVZufkM@#W2z$r6fuv`rS4)d*_2t(%nURhY`7t7Zq-vCe2yqR z^n+ICdTt@P-zYsZjV~%dldMcDTFpbm8KkZS^wnmc-p$iV(U1FjXGi}LWW8Aj%= zbA|f26MIPl;()x!qQ&q}Jt$yOemZgOOZTS|J)fv5%BolleyTx{DE9Kbqox{!`NWdI z{8joD4I5;~d_9heDpG@?6^#!F#xOhy4Ph zlA5%dRZp_)0dc7xxQ{8bq9nP$0K`%2$FlE0UYTp<#4Kd+Ofm7mM2bQzPB*l>V- zbGKj`R~evVzTT0rai#b&m>8A%biAI^GEzCIv`Azkm4=9A^c-L6a)7i3vlIx@WvNXe z^nI0GCF#f5#-lE4PhNHWj?`a2O`X)iR%KE0M0+&IK0iIj`ovsW7(+5?yKbFz5B$n_Ox4c%_Lqbn5Bi zuCE8XCjY83n#Vn+jO_U()a$o7*D_iSo7LVS*{Okz=v-uBg02{1@ z6V0u*Ih@||$_-dM_l?vx1B-d>`^qc}#)kBx_1E3mTR1<9_kNYraq&ow1&r@YH;H?^ z-|0~vFz|+@cFss}>q?GC^n!CS5nn<%Df~Ax{xFA!EJ07B?0Nai9EYJW|IEVdW|1UIiIrxbTYe@aMtH6p(s>TGz5n3 z^C)5MxSZeVT-Wb(^IrT;1FK7<@3stup@1F)-}Gs5Via`f>t96dfgu#!T_?1C;zp&9 z2IlD0lUX?~A~h+9?pb`X6Eo9TAj$cM!g2h$ICXv%BJixA5n&!}B8QkzhrTA|-LK9` zOq$6S(k9(On)Q+Cq-pW5IaiYa=l`=xaT05s=o+_isGks_#@+aiec&W6agVAKxgZE> z$*j`=8C1ajOz|369|kBe&BU!_*h|DaRcG6Hcl%0it1u6AUJBCWiyDe$ELE3m*~ySC zmStpelzM0WuxDT&8#T}LzoV>|sv+n=XT5yOmIlmr4Ekjh&_E5xoIrtdC~S6PZ(trL z+XXtqKfk-%z0Wu=F#X1^G6KKX(tm% zZ#?F>IK0N<@CVN-KY;|aU%O`u{x9SMPoKy35tW>!)Aw0XS|Os)`7(!}Cl6q=GQ&=m zZe!3{RUr!CDu&ZVCPVYcLCh5NL0#$#guacGCP_I3L9AqZJlGm9HebL~D7C3JJ!nRW zmywv{9EeFp)O?vo=_HgsQS;DS+R1iWr>!$!dRIIwt(z_CCw2&fT_?8!mxf$t*Voig zF7lY_O1o+)TT)~q(u~JAGu=#QRN%~EN1yrc*9*lrJEC!e;@@K3l@b*fW{j?M&{Cdh7x6NHe0Ys69Qs7CmMxN?^iqZCK1VUw zMW7<4S+PxUwA3YDsW%mrnmPraP~8O{NU3pi0W;thocm-J@N?Ku_Baq71c^ZzPM4i8 zfT!5x*qJ=Uc`R4UB~BmrzZQ6f?-}Au0q|NSos; zDBzu^3mU%@x$|V*4-RHUUw}U60cY)yL+pLw?aolbvTTgL&*bD!Ie)M z6*d20c4VAOue&5``?uw{$Qv=O8&;>f0Q2oLEd9e3=-rs(*82xrZ-cFOKzM28h9X2K z=7PB!VedZUY!S{Nv)xJYb9ejhWA(VL(5moT?NfZ~dPV80?9QhQ9S z?`8}_e?%p!>X!_{J$>;D25uu|^v{T(&LKmzE5`CpPMO=VLFb17bUrKoNAN@G%ddqB z$|G*YZOAFMn6mhi{sl}!?u%Opr$K({F-t>ct!gca<^%zmLll9s@7XCQ8oOH!t}G`g z)ndpheXf7z=<}pRuaCX=HXi3cVhV=W8S?#kbg$HI_OXx@yp!^~<$Xb#<~M&mUCNOY zubma%_s>PNB?Wo)dwE}wruof}bKl3AO{iXmOYYAI|7Fa{XWgP(F#C7s=hM#cJtU<& z!#!NYtxgQKY%qn+@HXzF;%!txh8HD++_NUmnlmqBAR3u<-b#*(U*v?p09{|){}jqJ z;`v~dqfH}w*pvaDn%0UL=6W))c|(`WQ6!a|1kk;L*N9shKQ7R@k_@fpFaP_opaimN zXf-eJ5Xp3gyMbUb{g{w=Z&i4-{zeD|&#j1Q{fQ6?gcVqGHU&T|#9+AYWAP|*KV;x@ zkNCzO#=rE`J~jBL5qN~bERji=g=GH{m;A3d+UcZ1+p^0vx)~$(LmXG7l!z(%P^zr# z?*C$qvMW)%R?b4g^O;?*(?a^kh-6Patx56!= z0S*T@UW7G%)WpOle^XF>s(L8Ol~R`cS~enu;PM13Ui?b4P|!QGa~vwrIhSrgmU;6H z(kxX4I;Tk2lp>r~bveFtsq;sQ>JzWcBFk2G1ZHg4-f1-rtL$Vt6IK!EES3+2q81gk zx;*6qfPp@QRI2Y3yi3M4t}S@QZXEE!UY7)j8%1qE5GKUp7scKX_~TeflYpyrIp+SE0d?t!C#A?RmJZANwOkp1F*x2pWl5@tNlL zHbYmL`N0)*sD{`)R(nv!Kk>L!wpdfZbkaU$9__x7pbNBoOaO zxce&lqvkTqJ!0mTPo#E&DoCHvP1?OsS^@uCC@uDQj>n(!??(@P@A5y(AD`Cw!HZ=l z{LA~^zW@0i@9mz^Au^-Lu^xWAj2Nq`Tr=+{(#hp2vbrSY+y&bK-g0xB^1wajXL+9| zzpa|zEN$`lEmYz|g({9hWoi6s*nvu)#)_qwaL38=KG}>a8W@9XQgTwC*tCf84mL^* z9P}|9GESft9yvvIna_OC0 zBED15@0GnWa9D4s8FFh|tbRunEqA4P{TdxnjOpuShr_xXvp>TbXQy_t!LhtNy}*Z& zGMTHh``sZXyzbhdG~Jv2^S~6mC^P343xlSnBJtz?kZYj}@xHSE9=IRJX3twW`L6W3 zfKNEG<7p@@XHHY`LS|9f4eruXP|~?h`<%=-t9VwvguwkR*}2|h;(*2v>;Xtal9T;_ zR`X})M#{=eFIKeR-?745KZp!HuNBkuj(gC1Ks^Fc`pKGSHqSV&xX7&egFqI<7M^z% z5OCFWi?m-{tw@v5Az1R^%Dm972FctTUtqESQ|ip6e8WJfX|#&A$-& zGv4L|p#kYlxchCV3h6QJjEI=;ezS1lut2kM2*#55DDzWWrtqw@MFbXMU(BqzGnby? zQg6HH;jFgLOu-+BVJ4Q%UB&8#A2rb{1Qp8o3S>DUIhBSi@gDXM?Vti?!2AB6zCDya zwLLq3uKJ@YRWbyloO_4@36-7hoIBMtGJXmFN13;J6eIo5gQe_}3X^&IqwI$BdB7@l z+D2zRcMwEXNsoRMF&TEdWXFV{vn(iOda$K6YiU1nOIuAkXke#y=5nT&YLy~{*O>9z|DD6B-JLqIVYTaUr z6J2lFD^?#CMu$buPQHkk?}4|>8O!IJp!#XBHIx{Ie74M@d`Pqi=;0hb zHTVB4FJH1f1AOOoX=vs1g}JQ&C8ATlSfot3SuSdvV7fEh!N&-fZwY&pToPHK5;;9P z`94*Hv>%@K{feGQqDrbTp{G8QUT=IXFwe9!+8irhj-Q?JiPFwumi9s$uI*>CfmN>d zUUU3XdhggrZ125H?s%)$ukvO;_su5Wh(;i4_7#uD&F4kU-ys-KhTeERri{{+@QNGU ze5uXLqoxv%83eU;q7vqa%QD3`IK8EMO3z# zrls0V^nZ1HYQ&6P4>IP2mw@yTGpQ@6^$`&>wdoug8Qo`<(tkTi@bqn+;Rs0-dL9>9 zA2?hke4f~ji#eTK#hh-rT%}gguRy>pP#evxHnZOpJfYTXzcACXTykuxau(Tb)LQ!GA{Q)@m=ZK^JL zSxa4=UHMa#W&*6+y8izaF;v<`17qgH!zI?hKg%fw-3R*FW4IrYjU#C`t(A?V{;C0ABgN12@+K)YQgI`~E?ez66&Ii3LA_=5^=f1-q5 zdWqsH%}oa*Hy}y|Iv10uhbPwx1qdG16~Nu)tbaTTu}v})_jUCQfliE4WVbrFVF3t9 zKeld|dk=xmCPbwT=j%tq{-#{MS^jyxNj5yZq`NeTQZUdd@da>Bj)NO3&36(ipvZjx zAh+?W#o)I8Y^mc~twZhShP#*Y@GF~2gOg|ZlDA|Q`}*V5wc+N^1!?oc@0?je3FU#+ zQ2^1_w<;&n!(oWBD6_y%7zx+j+dYV_U*z=-cYUr3PkMO$YPZ5Sn9bb^ zzd5wRM7~0?0>e;E51t>mq`O-xduo{RT?4D11tSmNQ|q%WOynyZO@$k7<}J;Hy28TN z+$JJFx%CN&)jW~fHM)IY6*&fi4@cDcb)C=TV{oOR3&WY~e(9(2W-EtA$z1mMvVSVLr2={}7dSrIwFK zc0Q3GWd>t)bon>v=wjBwU7p1mG1MPFKo<`T%#&zFsI`8lx$sKKg|edkV9r6=-Yy*G zHnO$0nA7!D5C`Bl8efu$^MAjoc{Pd_bBAcnZdzjJQii@wxH^}Bib8TE-Gn*ev*2oM zBC!cD{>Q?#XNxO)0}eGW2#f6@a%lYoJ3WoG#;#{Q=GkOi;Z?ExoHhoA$J^canF z3C7l=h)D&#Cr|=*FT*nkp`LH*2Cb;{&(j2b7%M#;d$4FWg1G~7#4{(%`t^s z5dZED-_4CobN6wTX--}c7lYZBZ9;Od(HsN@L=1TjPm|Q9Nd`Nh z!+w&W@Cq)_hsfQP_BPCI6}KYg)!L+5lEU1|NN|%R*CdiuFI>mN3?4)!jC>+0-D<>| zFr4H>{GX=Fn7H|I9iY4lLyLzx=jK}fbu17^nY(^vTfd`U^ewt#t7D6XwTMfBk!=?`)? zR>zTy&^2D!X5cG2LbFL3huffqh?%`k@eR9Qa~b(m0se}-i5JWAtCox}^2qEr;b>xi zwwXV$q)BZG$^0NrbS_|x+u6O8_TrDDwwvV$ui^C51^i>?-ucJ3bI_e(p>s=&kB)4H zoOoMg{sN;Q`F8@B1-_PaqK+XtOSdfGe8$&Vcy@-3Wa0X;TvfO3v_*7@YEFJj0Iy?? zBm#_X{Z_?9$en{OWSYK{3FZ(|f{`?ME>TO-*%9-5UAoD9DXUx&EzI%i@!&&EHdT5D z7pO|1gMqPH6>v*u!K{EpS|C(2mA~1hi8Z%$!DP|Imb~F4<2BWxs4mp zpdy1>L+Fnl?9*iK)Y72Hrh3wg?-a0Hh}#ieGA{r?17&he4P9oX}2U z`*NfL6~Z`2G=M^Kt*XgZHsQQT(a`IA9}`g?wgHauG(FvW)R4@a*UNLdFSRKwFcJ^f z!Y3o9=FyCQk&LmDEvt4(0V`+KKgT`_hmz9pXr^J3+S~h&-q`P(7P!AFOm%C<1s z?{JX`P##6@Gm^Y778oM@$x9LYl81O^mV6=KLwu{gFJn>4@0}mFW0~HNnc^K9#rf6< zp*mB@BQpgoosGfcohM}Et1#fi<6!%H&^z=fTQU;3)GhrB`O-NvF>|d7Wb?5oqWnQA zU(ZfGgF}AhyrGe3|6Go~k(bc598?vA;@LG_&gN_zpWP#$$*w%fb)2t^C8sFG(M#pn zX{EB$YDP(``&O*m4(0=8sFjwXBKIZ!qN6eWj;-PioC>JnO=@tbkQ*{Nc};j?CyziC z#yppKUiDq*{HvV5nhQuA}EnA5z}#y?#IX6MY@hJp%wL?^Y_i9 zawcomkzb)u389ESggXhv8sq9kT^{4Chog7_t`ZYCqt)w>ug1Shhm>0w#Q$MYZ%6x> zhU7mx+Woc3f5bB2+dA#4$PH*nU+7Yu>9;2e`cl| z)yO=c>p1@h8ix9V?TdP?`SBumKBAAyF~S@qB`TAOV&TRf}AwLn}ERDZ0 z7Y3b(%c>4x+Tr#VQiZ*^Z>va>0C1uT57+k~Q(GZAB*WFbJRq$=Hmx+z%k4YTLuQNI z8d2}fW8xPApCwlW)>F7TxY3DZbqkkBD{{+i6klZO;kzOcvq2_K3pNDY^06Hc`flbi zw6bLO74L8E^vS!??Ae?oPEmnWJq5oWI+Z~t68Peg|TXuhv_6~M0l8cGXC!XR7HzBv9h`f9Bjc8En(rTMwh9;!5Va?@sh z#4l~?zYKmL6Jw@j6am;C*Hn=^#yL;t3Tqy?H`DT=aLbp6N8f6tYJO3sPrAdL#AM+|c z%B|b!QOxFz%M({dJ+RX7dUmEu@HF|#jk=u`Qoto`^JZVA^yXa@rpur7pUpmQ3t<0& z>ra-JYEXLOYs*~R*2fe=?jjTSU`ZZpLtiNyYVMyW8W;UU1?GV*&g%uJJ5Jut^lesp zU40f9r^BjtBZcc3fH@?dOdg@ne~-U!QwJ>#Z6J41>eFUI-p0i=JWT6^W-W%m@EroY z8|u&on33GqZzq-S5r#&U$hO(VUh4v#Kjc*&n=^glNfI%K+yE}m@bOJm$e+*b1_zFW(fidfOr$e&64KJ-b!UEy{F&=NHnT$py z7Y>LhfqLv%Y3_f9p#dNj8g1LaMkD}EW%_boK7QYBbb~3fJ!v4Y`d@Ba@8l|DBlkkr zFfx?o&2B?Eu=-&VGprDp|DVw9k&3iT46>ZiWf=B*q>D(=bH#Y4HV5tb{f7Z9UxqoP zR1nKnr!K-?QdI%Wfb7Q?WPcCsAfmOb%0y9yitJ5EL5fd5FS28L8jebgWm4+S9Q%8Z#)U;h}Jrs@2)nUnZ+?#t7$ za-_lAq)ph&Ac_cQcNI;m)`=)0^Fgn<3M$bV3H=W{O~^Y!2f6uZcCN&-_}AfaKh_d= zpO1?A|J{7_+TVqG_Lz@W&?V+XK*_KFmNUm(OR`Kmaur?98m?X}42FyBx`$&CXh)*x zSDPbHAEwz=^JV50uPvJ;M^+HJMEHJN%`S6|W!b60F@e>m(cT#Q(3jh^#=gMni6q5K zmFu^eg@=Yd$Bncm#rLnegw^;}dlEea__*7gfG6jkshoBju!m%G5ce#kD=CUj^0=~0Kw zdy-Z|VTfxO-RwW#ZjFCW7$YPN(KK#MiYZQ2v24};tK>1koEA)o^E;6|Wm`TdMb=W< zw;+AVY=?L>LNn)5loUg*#7u1g=Wkvmw0YwKOOKr7W+_yaqF6z8}4S|>RYLJ z!=QXKT!*N{4I6?`?6C8*Jb*zv@=es-Ktt`6d!2;KieQv(uD?KbeneF1#G0@uwfvkS zdzxgvQB_jma2u7J>qvgq)%nWKk;=bh= z9~(kqK4bS^hl`$MgWcpEF0_HpsZ8PkF>HaAv(c-}~U%nnzQw7H@oY#Iu7UMn3nKSuN$2ji0Qzm(k3D z*LAr78BT-8`{NhIFM#={zhA)o#eZ4-j`idT?Qgq(U-N`+D87fCpr=uMpJ+gh8&|l| zE^3}Gc_zIPedF-XdrdxmYRBYIvbW|LToyNa!JNPv6G^b}&nf>R+Y!MBN`mIr*M&Q( zmq8A_Tg8x1y;*cyr^4K_Kl2OgB(d=1qB|FReO_sBme`6D&H zpt*N%`FC&c-TUp{-rv$rY42?Ze`b4UEtjd=H~jWS?x4Mg?G2ti;FlrnbZjC2yRQwW zy)qn~ju%D+&BkHnxA+%$zO}dfyW{6tk;;b9!=J#5;ODA?J`+EGID7c?uvOp>w$i`F zdxK{W{3!f&cLM*juMP)4Vp`;gt&q8OSovi-bb9V0|JR3=KR>?i9U~IS|1rKE+ykGZ z!K2{w_ya!^pR;~Ge0=7|*I|2uXAgYl$Je`~_X7VO`Saszz>x9v4e%oP zIsAan#Lu$m@aZ8xzQ*qjo;~oBA78JQ52wBP@pbR8^5@6bs=ehGA29nL$iyHm~r<tb4l_(EsoMNd-L@Fh?nc%wl`1z*AFXyp8gjPD}SE; zj~!P2JpE_4?=ilzCu}DSka^=OSyf@MOT0Zvh?wWQ@Qe)oN#pJHanBM(wlKln(Djb? zuGlJ@d;cJ%?h@L~9r_AN||>fxWbMclehJ&lekd^X?17 zf&al8nIj$~|HfhE&zCPwxO=pB5B%iImt&&$$iJ8NY7M~+K=dPp=>Nix))0J%{Fe?Z zf4=-jhLt~G{`Gt2x91uEczKDK!-$ErU#@*zX|0;b6y6hrhAiwdouDHdV_3qc;!T2+MQt$3MAxd)fLuN^Wtv(nv2QIUku;Q^ zMWgE6^AoW1>hFd_5277)>hSk8_YNz6zWjI59`4blLCQ z^dM0u&{LaD?*5DD7pl~e+%bZ$viOzY>qs5&x&0T73&v-;s~c5;BM-Kso)K$+^PiO^ z#O}K<*cZF?o%L_)yMK+R)KM3sTs=~!7ErCf)OU_s-#@qQy}rHRLopbU9$NXlV0;KZ z_L4u3zi0N$4@7&&zb-ZuY9qFB1$FG6U)vGVUz=ZIO&8?f3p{!FPuUZmZXc?06HVs# zw>rbJKb`Ij%b^&u#U&>_%NAD^SF~jh>WzeVTDR7&h00MYogzk53^i+=giE6@`#i_7 zEm96Dc3FozcQ8OLkvQ??5J@pE#!)k-PnJ!U^*sZ#WUR{3pM#4=up6@7yt7$e;o6ya zwbe{-`ZU`Lp)A}eeIQkC#h`P1S|T>!&~e8o$?GFjGLpjEDHz4~}l$E{$v$tDF!n#!#rTW-h}B5e-05iwqoXY-#RMA(&2?7ZUN zu$aA^XhWmSPgc9bq5p8G1C=QI#mT8Qq{ifE>*P+YDRF>#n(a%F$vLa0q=)_AzW#rJ z3GLE&LN>w*;)3O?O-;#b%p;6BvB2JVGP4TgWa| z$i@O$)Z9d&+UNaOQLez3S;0Q^3eLc>^xGB_j$CUdFkI7v)G&kn;mJ@(ax{mR-mIpf zgsGpW<@iz$h8sXlQNoY+N~3Mkz=Zrrh_yQTG1<6H$FTI_x=mnkGZ_4TIC~fPD2uD{ zKbIw0$ignN;3`oTT`@|uC>MdCO}Hch1%n|Q6bZCN`!wieO0N{kX|wMAds($e};+v?y}i?sq)W&huE=6N=o5Zd?mhfns|eP-s&%$YN1 z&di((xGe}>JoF}^7#T+>X5jpj-^|xyo_79KC|Aw%1dqP%=dM}qrw8YcWu3?8R|46s z0e*$swMzkOOmm12PQ1>E-C|BJ!f*J^%` z@=ud_k@?bhUoToBPEob47aJhhLn=Pz=bNiP*0lRQ(Qz&?5j_`jmXVvLwYesueZn-~ z-1vv9xlbkHxt!iaA)k=m3krWxrRZp3wB#zsj`Oz98+aHe~30oI_Br|{@2tQSBw73;#5lAw97~@-&sJc(@Wxl&8o8msJh> z;wCyxF{plSN2V)KIUrVXy40d|BI!SovGpAg!vpu``~Pf@yG69z`qht*k$nBXw24A$ zNE+@Mh~wtmZ&?E`e_pDUH86^6OQm|J{Z_`Y2us_z8K%xkA_wjRhEQk~E8rn)Y2-}t zjVGk>;)MBzR#P{%uzRI;-FvXa?H=imY4@_V?v49+b*+PvTgUmrP4QA^PE|iGLVn|B zI9Dc4)()|lpqVkrEdH}r2Kru4Mx0KX5L*c{7NpkADoV^1JzO>ePL(jG zCj3!heb%>%#3kPNlqO2$R?jm3B)(SasVUs%;ToG>zW6aw>R8gl&!ukMm~Qu#Hx>11 z{W-isQeS(PQYgWF<2tb>x>hu<6Vk%fZVOj4>(n-qmR^=xS5=g}#J053iMTC|OH?F~ zLJO-EIS;GmV+*&NP0r3|5#=Qwn6{UBNfT-DY1+IidoEjy-QZTRB)QF%;t2bWn2bJb z(3PPMw@c@&KLeTjWe-q z)y`y8Fr4YqgALARpfc!hsOc$#4wP!z*r63q>IrV28yg+m4g>ApPjCSFIi`Dm$bLJq zdw-;&ySe4UQ{VjYL&WC&9wNSlo5Hzcx16 z{yZlS{M^Kzx%KL3L^j}cKGI2h3E9W{ApUGCf-ugep z|AE&jMZI+Eo7V_FC-vaEOM>WTW=+&0t>*EmOre9aKpaX=axTgvsLn&sb874?vjSsG z7fF}9&{}1+6JxXf)P^CLD9_3k^s8>fMhLDf+FD#A zPhNfm=Cp7!4Z;M6(G|TbmmXeqZ2O^Tl?G%F9x&tezM{`nk z#UEwM@R3Zt^+1fk_)RWt1gSd{3&qBkPKVnGZ*W)s^)wCR!D}+#l7AbWfmE9KP^MlL z+9a*bOS8eyoR6}S*wL=TW9CqE?k&o+Xac59b)V8(AM4)5_r9dy9YZYMTQ~koet=C( ztuF7$Twf`H475$};RVAs^*-~^nt$Qu4B0*LIrA5as5i58D@Mr@A#Y7Mwr0uL&!Oma95JXJKG+6yV zw732ga#0iPlt9RAXR3>WTZD6E8q@)YC<*?wFVm+qB`U)$Dff9Pi4B6})2s#gx3Sh1vjG}xHMh@Hq)(9<>LOh{=JU13 z`9dGfs0Uog=I~leHcA`|C@Ykrt^=O?my(U86e-T&`0Uuwe}7S8437Z8P&0L7usZL_ z_!idE?H>Eqm#Ophq;>|ojW6Tdobff{@y@j)@fM|KRXY?r_xlo1*j{Qr)Ki}PC~-o} zUA*DhAo<`h(=s9HKgzB|CULEHX7Oz*L*9d=| zyz{`@!p~r&&gI}D!o1$L=<48aI%7X0?dsmn*wZ}4z#`TwPjds-2ySDi zc#TbTfSd&_`?K!_hgA^K+iG}Qz#RU{jSb5P?(C{HN zoRv$Cumq*{-T~9l;dBhzzzOX=mgCy>_7#ATkDahCax%EILKiW=AV}9dU14I-%yc0* zvH5^Ra{#pb@)q5qG4&t4(Irvl77N6ZSf$z!r``xRRa4C8rDlS!Vo2m&wK` z8gELBFpCb!E+b?U&Ao>Uez^EVlOci89rx;aaT8s*UE5&iZet;-m zJ05QqIYf?lL>i8o&q0RHIO;WIq z?mtB;ey$E-W4+Qu92qN5T6mZ&DL3FaJuuW ze47(qo0Hco>M_J`TaI%XhyPxlKa7(^=%(t&2-RAyZuzjmoBEIsOAdaj|`2#Zd4#`f@4oomWLsYoO`KOc|S@vW5cHP?KF z?a>!wFOtf&DC->!Gf^pC4AAE9KK%OfW;itx1ZM9+c75kk2x@GaPn%cGAYpC1-e}8+ABr$#bxh^1Gqq-fK|qC}=CkQ_?<-4cFh%lSe!3I4t>_}T8Q!!ox7 z1{vDJ`^N4|{W-)4Z@mIT8y)%~@?_}Cy0ek3SCn%M7E1Nta!L}ffHa1>>BHn1;l4-4 zp=j&u3KrZ@;^cPRWZc{!EtS*Gb#g_P>J3SnUP{W&eH8~}2#?}TLWmj3a2{OkAJ8I^ryk|0^3+e{*(ZIq z7o~b5CbTmzUM0V-EfS)+8Ud0TJP~Wz#rTbwbEHWYZQTV=q2668`XgcmJ1>yz5WB2D zt~&}u!@sJ@oQj5HYz9Q8CN-r%s4s|HWY25L=&Km}$()o;ME(R&zRMr-mJA3BYIw`O zb+hA=Sx$u_=GGm0lo{qcXHQgUGgR|d8)0pJlt=p-hkIus&Yg~SQcp94FUgsPt^f8o z_3M^I6k+ z-t$?jIi>M;|0z_ltD>7KVe?%Y?;6`i-l!qOiB)t}N+(x3rm*xVc&e zh)kH`E#oUM!*R2iZ-{2fkP~IRi)4pLrpmaPMpC+rVd*9E0`Wp?iSZ&2zkLMkBP5R% zy|rO^rph9EJ^-)qBSUB)<4CLd!$?&i+E3iV}y)Kg12Dz5uXGAiJ7VND7`U6H_XX>J9`>Gmi#8h+ zE96_O+5FUgt7#Ucv~eRAX*OTrN9rl@!Nl6>@7b{$iY(Z`@7Oxv_p<|j zKQQ3;9|rtx>i=7hqYx)1n$y;@(G|8}p1DE@2iBfgz;#SIieGyFQ9<=&Ke8EZx(w%lBL9h22QEK zBAO0R%o4Y*N^`bmlkMs6+&t9uSzD7?*!q4>Yw%De@jA?JAGUYK$urt7asCDZ@ZElE zdxiP?N0g!Af1M1hA@-QR2Z{-&FG`o@R!7VwRl2%R+cj!(mu?3NzBzd{NM zsvb+1rX9RQR(ux^Msaih4C%U@;e55l9DY#W)lT=`Wzr2SmD~aTajd-36WBFElB@yO z?A*M#xTuL7M07Df?aR2_W{Y!A|kgU>&T11RxR= z!p0G{U(Dso7u-M-hf^i=9*O@g7fb8Q zcL=So&=?V+)UBHBRn$u>DLv~4V5Y@aD!A<-?CdCo3H zJ{8f@Y`?TmK4oo|NrDbo++1W^$T{9qzX$ay?chmfO-K%O-@HReCDMk-7ZgF8z2UjQ z;g#N}mCB`-Fni(im&A(QZ-JP8aSOb^$QHF8UauL5bYXS`>R3<@JjOe zPY-TS#Q2ySJ55?1?S92CHwtrOfYH8qek(&fCD0mQ|eUq-N6M(zZz=q_@^TZ7|2hZ&s6j&~O3 zf8CrNH97aV(3aDbf0=YPgFNPW`AX@bLRBzLxGEc;QHCehOK0^@ziutGyb7cm59@<7lYT_2)wTk=-%I!VmQHdi8TwFuO;|>^|$;?z9bV z?W8bnK4tQ6WL5{;38gj6OI~-4oy_w>$<}mhAU)5W%)@H@U=UWb({dY`%u}`v!zNlM z^I6*#s8O^|=E`jgN@g~KO(BWkwgsg#8%q=A%6o|SuoH?pl}<(CbIhktQzS}kkmzwNzQhi{V>l@Y5+VxsK@#hjkHN*xanHKCwhAUgm z-Y|l0DSg){MdUz%dx>U%#u7Ek<*I~>0QqmK`6~sLE1W58V1jUkSe`4K(T^)|(GdX_ zTtQFG;0ki8J9>feIoJaD(q$=-|6(3RrUy3`p%%Z=(+?}k1{)t)-vZ`^>75 z=JLVdhfT@x$}_$azv8Ar({~8To7?C2jaO%EGq2E>j!MNDwo1UuYJ{mkx(&~n zCykP=jjzR-4qt4}jebvjW8&Cp?!;VCy5~TGlDP{O;_{mVUp8hjAjn-t#H=3Y@|obB z;*U@LeKix5V{er4l4uRpNa8hm0xbhhJiuBh((wO*H@OQ=^8 z(ILIGSmC+OcW`Yq@txE<-`I2{?f8>Uy5|h`mz&oQX-qxyUTt#eZW5<90S>DMetOpc-C zbp8}VHtN0SsfBq?k$gO-%X9K>bA#(VKj;I@Xk?o-CD$ z_d~}~Dh{O&=-K_uQgOB%Wh_q4)D0ueMvJ07n^~8FTBb|zI1Z zt+_MxUEN!D<+{}VVCrQ;Gi{DR16%7k%Kf=cyrmWlLW#}II=^}o!3Pp%4A2K_}5-_Jh zHW@A4PR*TBa-m!1bnFqR&_zNscg^DVMJ3suPWtvFTFW)JM#F zytAc;dLCeV(4V+RR9E&4RmLm3AUUege==$EA)`@=8=p?5mry0q1l1Ur9&s3UQtimue7veTDUL?odoq-U|6cf93Ca z{@m_8n;stC7Ye0|>D~!26<^IB*i9W5b0QV|gEhY2Zqlyzpk0@eh1L>)f4!b!6hrWp@{=mxH zbGd0!&k1&SnL3g~Izkx5FYC)Hj5ejqCH;KbVMXc=M6)63HU2ExB!1I=l8y`rc%CgO zFMfBjyzr}%_2a3FLdi!VQi&Bfm$QLuIXMxc%}r8yfSu6K4+tqBRB5ZFe~L?y?va=p%IV=w~7Oy|9hbiI}HkP>1b8g;~5r$FkWtWPo;Lr`D66+%9UGHeYeC zIH4>uhleA;EDFfPsq?E6xJ-{-aHBwc7wN6s=-^m$5_>7~kn|lC?oQ)n8t2pIorzYb z_4(gOeW4X#H%&K$7mi^V!<3w$ryrCgrVGMko2b%Q3exiv;%#pVNo{?u3ManV-hu-g zXEQ|JWa835b~x(Lzdf#R2|_N@fQ~xN+EJNzYEH%e=c;w`iVD}CPRK6-(!R#aK7;J7 z=JX0-(Ae=%$jWBu18jhcwEyU+S}>Go26oT=giKfduSNbR;GHnkh*?L8_UqGowVr14 ztpHxwZpZ}2>hHxI41b_SVbtofRS6rI(S)S}HgZc{g21E?#<2)5S5S@4!8oqd6;lGX!>iq#GI; zt+G~8_V=Yl9}Y#WO&f}mSSl@8Eu-%1Z3xo(S1hN6JY1 z#29I#zqdh@nTs-yY~~Ye4KZJ?lD-AFCRo8eK^Y_u0)1vJG(i;yJ~{MAVXR1@5S{O} ztMfD3{=Rm=?+pWfFYWicHC-#M6Me{0aCCR4T(5h@2S-a&nQ|THsl3H7oOB|Vz*pjk z&v{1Zrj&arIYzrLcR0u1@K!AlWpDUm8)L*arr`9$YwwbN^`~o{0l!xb_`Nd!J9TZ$ zxB0+txWlybLnhF`KM*-p5s7A!#fPdoYXN?%`)j{!j6;N}&OVeDdh0jHFVlU4R0u6` z8}g4lI_sQIlE|$6;iY*(?qN=x%FeFITzEYsc4@e4Q8axi`yGGRA|cE(iNM+z8rfUl zD1e=ngj_eJKbN%FA7CUr(3U)0@ulUQe>GYvpzAo;L6G6#IIvyq>#xr9YIpeKR%SmvBgL z{j7V>@rTUj2|ByL1Qt1S%8ulmOTmYw;yl`G775xd-*ep-=7|pqiaWc!p;CQtv#%W1 z%Sn=`c#m^-dx>!0JE@*=d~KmSj%__wgPe`mQPjjKg8Ez`Y#~s~@1adjlahh-QJ|KI z)SJD!)ik}ToJLmQsPol)P3x^1LxtJw)g&z2yo}BlGnY+KE_o{P8T$&CJKv#jwj2E{ zn@7d!L&!1n(U2F|9{HFcSnB%w@l6U=AtM;oL;-E&a02&(^%|wq574e2}X0 zz2vxy#hN+M52cdMp32|VXnBguKVlyL=vV%_W6LZ5S8WQpv&CNYuiCWZj=_5u_sv@P zsheBIU>vf{oqeU?Hrb!sPPG?zn1Od+ZV_LoZFLnXZVI!-P~^G zs?^TFHb2WR=M0!e7F$y{>ycgRL^01-hIW4~`=cT4yF5|Pii z7!zA!ah*^N%H#whDr=Y7RwAf`Q71>^1l4NR2@3u(%|$_n@5JN{!NW*L{@^PCH?5-vLyDy%ILI^~e@*0bVcaOw2(NB6e}C4^mN>uFoc0TXy40KRXi-1% z%+t=8JSY4Z@rW@QYRpgeWj!sK>v4d&?zEO>_6t(Mc&XqZJAtL>^v2B#e6p}CT>lbn z4lk$C!#F6NrEmSM=12O)r%jjru`@JZ*|l2PeX0YS_0lQ`cm(lm>esUUniKJE;N}>ULdk?SSDKPoyf82mtvCcrVlK7 zzlNUHqAq8#5ArE+ttRB^%NERW+urR{^jJz{jS+-~Z}N2oVjRu+vZD)nu>_t1x1c9< z2>B&ZtG$`Yigsf1L@H9j?=oWH_Nt+%?Z-M_q<`YJn!--x%luixJRj469hEX?#?ZbN zqD`<^RZV`K*;dJt#f(B+KxTt(IqM9}xZa-}Z@nO>AbbrbLlx%Tc}f$^hPLIYrz(5W z_0eWggN@F(eo3;{Tr!Namii_123rDdw4UWR_~-XLxR~=W@cWC^7yt9Hi~;hfY(?38 zlJ$Zn^KiK$*TM<` z1AeD45z@61Rim<|XG1bwU)75J8QUG|OI|(W`at4CA~8$cs^5(ih9c*%lW5BVg)_wK zMzHe^ z4CetG^lX=CXaeb@3MmAR0aKLynEF3Cu-%?nMtbX4VJ248)!}s2uM{;dA@E7&i}60?Nj zU>>!JuC}JG>m52dN;(Pa$ku89?)&u7oFjUIh17J)9H~{L<7Jk-XS6l#V1X%mG|WeE zVRu*kDi8&EffvxFk-_@m0hxMbj+Q)M~!{MFA|+T4E>$QtLwgq<@7X6~W2_ zabh2c#LxP~Y5X0-qqqvx-j$#eywuN;={{N$Zcdk{YeO7)?BFEIRz8l#hzWxQ%RqUp z8Yz;&vYw8iWEd(V^v860vy?_fWPQH)X{3%AqxjxGbhDE*4Q;~ZD)EtEhU$m_NAPV;!8;#;zM6&FuZG>E7YVaJR2SwlGg)=Gp-Km7 zoE@Rlr24j%f{`U+;>Sn@J2z5XwcBiVA7kofuNo}-BC=zzxlg#GFa1pF{aoU7=<)>o z7Mx?pCz_a(dZ##h3U6li)~`B4dUukSR7Da6b|++z1OqaI1~%z6-cvy2{f-6PN577S zfgJ8fTg`p&TT4eH=qmk;CaU0#iPK>NG26?N`*)(Mv&;7}2lHUabbe|QXHqSybRg3=}=&s`3M1-Nz!qL3`KZI51Y z1@Cbu__N305-$K1&H+E0D)Ma}w6GQ#qik?}C9Nt+j^RZ>8zyYhz}><+nX8*3`KE}7md8?Jh~5rq`_1Af3R~|= zt(JYp%~M4pcf`#sp&#axc^C5iVF^5HV*QP&~@0xmCG+mxr!j zsScb_$o+?^*M&5C_{Hfm(dy%B$8SEdS0KphHMRW;B*4!z2A0*F;gld(@~Sic>V(|d zm>9f%N`-O?b+}8OypEY$?Q3qJcLu-0x{>bgcV6QzXDnZwG=C5`RcT!}Ur3g%$jnCn z4^|@w9*}Xd=Lf$oN;t``#jCn*bh_4Gt8~73`C%kFFIfyKe9n*u)8oYTnxPRB^z?8RB*Vqs)*^6IH{}N$=g=lpQb|xZ#X)yP=K#pv9(i24V9x!#} zXfiMJI204nXQEeJJ94--EHwl>qmZapQPNxQWt9?cO~EZW)&QAfuK%YAHl7aCJj^-M z1HR-iiyfv>&jbEMh=!SB+pbJwF6);`nEb=!-OZDCwy+|FWd}ygqTtq<@I>MMsH@b= zs-b5ks;w|vs6(W8q~Wf%YrEPKU2W^`N-vs}u3ty#$`+R9;mj!f`Q)C5`m-nUL*sH) z!#5-bI6`ey=XJ1C&hVMZv8Jy2)#>^vBBpvv$ySn}vkAPGb;o_5NTlnhg@~z+HzSJM3{oz`{8{wED!8=9A91lQ!co%m-J24yWw?12~Kf5en zA2rtzq8;^irLsTa)CS1}R)1qN zwK=JsW4r2Cooju86!(`Nc^|!SRvm zhstHp1EGXf5tTzTM4C`y=mWmQ2vzQ6f(_9x;4K1kYl(Li=Wd=$AMSidF-0FParp`M zk8{monk1x^Hh9oDTSXaJ&m!qdBTS;2+$MGWBM*g~dVJPuyFm)byfc z`5_t~O@>6vhnqwlxp{%{#r#%E?02~cBUPy|te1Nz)wY@qNYbu>(7Lnb68U4iVD^e& zT4pyr#1Ow7QKQM+%bt;>^bwVfuEcu`Aezk#0RdxRlga5GFRJn&lCwDNo3DjGVhdAr zr`+7ot>|(jPdUn?>tT@}?8-+B*cD@Uw$(1{Aw;h=+9_B77$xzFBOM5&m-^G9mXjRL z+is!L&pu%y}AEECYvZtfp3l&PO9ryeeYP0C@Sf6MOVG&x&QFERsd$YJBpL99;n$+A$Z zdHIkaOv0U0Dlv&6;Ew8A9^4uycvN=Puj3J2p+?NYEkj+!1>Esi-YCOt^&_^A<9tzY z8c$!RV;x1y=~4+T7&z2jk|@`6`peadA(EcsagOBhL)|MAr`uEf%XBD=r zG(?lby|**gRwZL9wlO-@<`PkwdJ10E^GjETON=FH{6?i-fnnhRCJ-0{>yX}{v z_9Cy+%fg4|$c7=+V~-Wep{;=V=qnzqnoamSw9@|RxOQ0NC4h}c;e8XXhCP{3AcF?4?-Gr@sPkjt2mRDse)0!BkJpLr>gWp`@1NqYRStkpp(w%di;vA+`^+wz2C%<0^TtdA9JU3JIE=|Wps6fr9TP9|5@itj9WlkcD z`0CBZd?mjD&Kz@{`+M((Z@QK8P~0u=@tz*)^l9&hK6kQrUMPFvDDt}Odd)bXWtQgT zNRN{-a~CK`FXG6(rA0+@xlZz>-_N4iz3F6o;KZU_ggh_ddR2hr(Q~m^zDZGtw`2}> zw*HQs=y3v9>`#)3n)gw^sMmQ=EAybmELILGND(3Ol>A|Yz+WQH*r3y3rznkP&t|#* z_&I_a-fgP1ZQ(voE)m?kfDxH!Au}apwtr8#bZfk~ApofqnKQUM)WV7Rm`8S9e{Eku z3QfIu-8s^U^xw@LieUP1U^aYEfn5VInO?Ac5%#3ZR#b9-^usq9`>BY^Z)$MuQMd}H zoxTHy5}rz2USD(`({Z(Eiq1j@ol+r$?lbX+)W8%vNY$i7(!uonQ0_*b*)DI(dCOAK zwHiTFY@C9g$>HXpY6e)k)Gy)KLh_e1>nb6@aLJOh0rJc8{kwluz$jmeFwgA zmDfKJyu`<|3d3+Av@+b<$8%qbyH&4qC!~YYvp>kIAU*54QM=Vfw+dy_f%S=n6ZPHf z)u-n#DEUyB9den7yeD7?I;0V>BLuAQp+9pLBloJ4%a8a28;eYF>gSB0w&PcpMYR;V1JH7Gl|?BQ8rgqTr5KXb z4?=Ht{HJ}y8~=gyA!mTT1GnGUKV9v|AORGi0_MQ!N&~i=xv3Epw#`&)Y5`w5*^w7b z=5(y;oUMP*cr7RL9WE^;M3f4c&&`5G*sc@pLA*XXf0>Lf=XJzWt}xTjbWe{~sJd`I zzJZjjRQW+%^j@YmppgMCdh_$QEPVlJuP_&{=7a)Mg~WPm);%9oohVM$MYH!@bQ&h_ z)^WzeNLLwxwp>2uYm6JY)u!o8f-24=%Eb#%N!JBpe%#}<3s z#AE08ZxBrR3Ym;OUld#0kI%L^klB8YBdfK=!CEIpoq#(JaB=4|j}8wpA$<{nO-yr+ z77JTwaZ(2B6`Wi&OezE?`2$E1mGEaER|oe2mL)fWpjL@XW~ef_MfFZ#IapkEoPD@g z#jDe>iaLV2(iitBoC z!bsH|M4jtkb_l3xJV=d|xt88JKAGCdaZpqFhmE6=oFuqG**_phY9@W*+hEj8?M-ANlFM_0praHjd6L$}MI;NjGz~ zeqQ=(-rA5Qzl(7f)Apge;*fcJI>c$0(c~$|Oi*iotExaf<~3XpswdeGVp{hzyw}Ig zZ@Hx}7?^UV)k*z`)?6j}TQaSZ6|H6~5NPUTN^Yb)Uzrm5dur>MTd{=BkCJ(-79dzg zp3L)o0MD1Z4GMPNCKL~)FfL1JTvQu3^Vr6zYZzgJW#{}%UKZ5P1&-GL+mA^r zZT-g(+%2am7icv<&|LjyzvX`s>5TV>E`ecVDcn%>Xi6;4E2wmVTj__rO4|z8cco{Y z-WfW}%)Rv$rDpD$eKor}ZryTd-CDfx*9iUn`MsQK0-09HBPU8Oao4<^m=BIlu(bOq zRA=cr>$gI`|6+>Y$Lq|+#X>%f{*5QqybWQ^mwjm$3Asi~SZ{B5gB2x=V=rd1OfkE@ zuznys?EkCo)dpK16Q?t=cam$cd=h zK@zzh=8gY=OjB3BA}Z4}In2$|Rl+|a=%RTe7CjgqeVSvIGVQz(~BW|H;piBg@ta?|Gx@__ZY3jaMK^TA9{ zapYXX)>FsIUtwy!dMIue>xB$|J3y&5Y;OA?s%zq8Nf>j{qd7_k=b`W;0y4gnUOzm9<>{G|e@T=49O{)~ zuwz^1FM7`4|m<*@xg6yyh#x~cFpPUij^T{!z2djj8E|4z5-U!|;nglGUEtbZ2? z8Tz}dzNwub?s|`rCX3uS>x)r`a!$JgivOr`nsRPgdnc=iH2r1fgosEr+&{~Axt@SM z_-dZp1n&+uK9@cq<8D?Q6;>}ZFPE5tN|*WGes6)A;XG6@no`wGwkopXlwuwwrJOo4 zZ`4w*yYik?jfhl}UE=imJ3elH@TWp{5P}^97RSvOUeZZmd+X`zpYP4bLVmCqHK6=@ zKSU?8x`c?d?x3kf_06pD<`Sty`}+3A2_gt_n6X1}P%Cl@;=hPzquE4DpWzB`Z+OX@ zq=QW-kN*@4OY$9fgPwYnW1m7lY74CC7cEhyQIG{Z%Ld7{uT-1ivlwo8^)aNOr34;j zTzgIN5JIyHD6T&|v6K9{1?T4ZPwBS3QtmVuEkjrUTN*(5ygom6pZt=%pQB%J1@fk7 zpZ`D{_eHjoh4qPHutABxuyy@FzC7F>@+sKK(IN*gu=+Fy@=|sxWWsb}7GP^=;@VUTH*`(G$2>w*2oa`_N@;z&+`7!}A2E4C$)d>7dg`pF z#tM`1>d7xzHE`%h-h*mn$@(Q?G+$y}a(<#RUEJJ)oWgGE-!D+VzT!9wl<>y@+8uE- zdrIN{u|l>7+P1YetW$+~6FbTL{_!bQ`2A1&$D{8GCJOhD9zSkRVO5<(Th(t)`hyNi z7Tw($^)f1qS)k^bjSZTG>lE@Nb>OhE&X!_`4ck8(e|?qOrx|l`u{q9JmT&MaP8!6@ z`cH#dy7eTg-e*M!w|;wm($|L1?i;)fztb!uv<+`+JCPevY|qOh?){g~-p2$8>c!2F zpS7|~#MR4tkd=`x(!FQMR+u>(NnD8JHRc>}eJ!dNkatyU3y!hOs5+5jWFQYEM>?Vm zXVE|W!0kd^*Za8331vS(shDVDPGCR4O_6tccR7HfEnN6LI9b^r)KJe6bI3gSdrq0= zh>SN4;T%X}qj;^Ex*IAK_2VdVKrEM>#RHS8sgPBaJMQ>cL9J{Q&vWMFn^LDP20-kq zY7;A~K63fxdZ-d^F@HK)3$btao2RK3MnSbtkjHKe^#aT8FRVB*UM;k3H|JQl=M^TM zhppD@Dp0)oI~Gt8D55$GOlzOmFb%0;saILD#`!Eg^ybtj_)cqQScq0|c$TuPI#zH9 z?$uGZ*VYAcL%|)gyMLW}b{~U?4#pr}47;?(#5JGS2C~qfHP{^gmdzSB`;RD}uxBtA znCJN!H(92kPVsVYinp52>!K0C4OnuF8D@JBH(xC*F7n&GtRZr0W8yjxx}9Y|HPma( zpd4pxLBrj>?QHh8bG0#TgER&c1~4f6=46rHLq_BYsrJT#YFo`m^cS*kpX@GcR9@hx zs0#j&{<;DCRSWh7>JhLfdth~+D)fW8j4&VLi9l+@g9+ zd?DF`raJIf|2ee?QZIK^_99nQBl7Y!@@5?cVP)LD$@bHeH@~Aa=k7ki2kb#aLXjuc zp&4DPwDM%D$dm8=1|WL{#9M4HIc;M=9YD0O+iOxW)!kmcwc)RFA0kk6cj<2G5BvlG zo^Zg^&ObJf`v@Q?ozZK1F8Gqe(f4^+msn94Nxx5{%9*>m=`P1H^rmt62sl!f7$&Yo zCS_JvWhXv<9=OfM9v5?x>?!JpBr$TxuVtY=QoJ_sc$2&z^7v979Lv$-Q>&EX;e)cF zx|rMYFuIOS=62{z`Ay;i7#UtO=WGfmCP-~VQb$H5PqR1p*^_BTBIx=%;T`-eTgDR| z3GCbMQP>x5rnXJ;7KTf=*eq0iMpJNmze|Rw-#?KL(sjb9hNo*|Jj%G&_T~0_4ioyN ziy8R8OBWOLf$1W@G>XQ>sPuf%7Q!Hcg|AG+x7?q+TKbxlug@Mipd8o-^Vr>A-+t~C z7A11h33-&ECj!mH%{kA=?XJ7_NiBWwap6`AhxZ!n0*|-PbEb&s6E@H9=9-xm2}^J; z#gIwu-Fx1(0J?QnwZ(cEV21;=6K&0Ks^Oeh_iF9B0CT{7Z2dyJF2daUwSC2niC|-L zwA@F{YFB>UBj5M0IGVFs5PkTvc6q{wlou@=?g@TwmI3MK*mPkAvc;B5U%!b!v7S_G z*Yj71aAGy{WPV0i5$}KA&O?9dU7Z)YxN`*vSAbkg62aycv*$&HgB~GkVvDK!AIoO; zZoG-aACV~7^ry$9e?BpoY+H~BEl7^zmRYW9wtNSb#tQexx*y6kWE_(yqfi54lFjwW z?~yA+b;&CC&2^O1tcfu#bIh+^aBJLfC&3ME6L(3N!#=Ee_#NMvtif-ObGNMSI^bno zj*9NZw|}Y%0X>rX*?g*J@^*)t>WzSnC$Rlp7hh5O{jG;tD-lnz%0o13YQ`fjDx6j3 zM%@~TOI&N8DuYlDT?HBwBO2AlF=Q4xM|0VsI+Xudt|RYkV0POUwyQrQR`iczkBVRi zv(qc!fM}%2r7Dn4YD}J{#Y=$%<@e>$w_mbA?KvEzZLbI93w9GS*5Ov}-kCcxGe!Y2 zDjF8vC7PNYpx#J1d zEs3VYLy=szdmA-(z-9diw5khS? z%H%|*aF*v&!C2QtU2Q&7K?CBZg+@|S4E0N&adhV=%=Lrmvc|-4VGYcg@mGU>&ggum zmpv6-!ryGq;hb|-9_UqCkZ$DMo-*x$vIwH+in4cmp_4T(SpDGkm2If)FK>vigKfU^p@KbR8 zI$^b)zZVSJP$J2hp8!pqIpUxa78`9sdmODAne+=mvvL=Vyt;lsmz~1}g@>8%QdE`v z$lqfA7XpM6!9_+jn-Yy#tpdB9_wbBxo;63z4?pa(=7?!sYFYEq0@y>%Vhg*lIgg7K zfiSx*x%CsAl75`#G_p6FJ2c{|Y$aW8Gx^XA7W0k7HrNO0BQC0gH51DFjvop8Q@Q2civvlK6Syvp315&hCLq_>#0?3mQG zRkL|eu~OOBzCPBV-`w@@pE_RVA|Zfi0Yn+D8Ng(?Cef^Fa9?SMt3-zD%S;DnLP7pv zrh?q$s>RVyNsGA<45yx|WrR*>HY+u1DkJ2!odIGka@WqV8Tlc1fWl_G-F&q==M=ym zYQF!d!gfbUTOiT3`$p)zg6zZ0X0kV%*SNk^4(6fE9ie%uAL)(Hi}YN^XJ#HknXAir z#lt#2Khl9dc6{dK3&{8kr%K_%edBXszx3C4$oQPOlJOC(=4KO6u>WR!5IXRG@K#9? zl21Uj!Dl#U^`qN+fGJZcz1FAF;`Eld8N&4&WGf;H`h?j4CoBKZnlPGhCKePQX0D(( zP3D4bXzKkEs{+BuRHCJhvX!Z^gI05J;{x$ds>P<62b>|y~nzG7K{em$S$O} zey+4fv~ApZ3?}uyLllvkXpbPVaEceE7wu4C+ufiS6{%>Ctp=3%80Kpw0l_+Bq9Wy{&+4*2 z`?3(LlA^en9Q71)h>JFKiPwFUv%QbRn{8~kOtRSQdfJsoHeSsA+jPhg6#Sgb6FHAb zUa%lBazS!DvrKf0&CoBis}dg=`s>~MweyfrC|8b}@vR=H4L@$9JJMNv!>@fXUyt=^ZjGg*vW+W1)|Ik_=vDA%W%TNAH`3Uue$HMkOas(t&61fq*MbG!w5Q z*o7H#-1ILX3!_gy&MnW(7y1sQCCEs?)hkS6Kz<|F#6D@-?^*1KKjk*f&F@ba50>|P zn)dDsl|IfF}k7_M+S3_9V?as-RK% z(I~jz^YEMfpwvILp#J{&{l%q{{`FJ)@b5F_Ulp1_L`CmJmk1dOt8pV>&6%7IBiqTi z4#c;5(JsKZ-#oTZD){G#wrhp>J~r>2ns>UQ!Q$KH2h=K4{`#o`MNWJ~Dv--VG&ec4 zl(fsV>?O7%d44DOlRxL)Eu|snq0OZsGgOuQT&u@H(&rDFzUOOYZu#9qr4a+m_oWXG z|DkGM$hm92FJ!s~E#H?uIQ*vjsb9;_AGCa5`k?Sl=`}KsPSL&<>~X#Rn?E~}e%{5M%0p(if3W`dr4JpneGh$;_TS5g=^C_rU;5zi_elRI{cT9d%pbITU;5zi zn||(r3w%EZy9Uh|KsO558&E^y`kBemcIy=)b}qtbe7Ne$H{rf8=5*|E1%W zpQGuoA1~dB-cHxQJdiwPy|D9J(-&0;X%;lEFMSXAGi}E&ujwQHP5FzMx~Kk|@{<0` ziTybD|uYI<%mj;qYU;ni+cOD-< zdxUj-`S|5EebMpD-zE5OJAQdhA94KhJD;WesmCv`>AyT~y7|$|!as%&tiZ#M`Lw2g z_qgd_)AZ*CR*)~B()8<&SKc|O{U12J`tYymBL;%cr<=(L;!S4Zzzq5NM``-&$4&q9 z1yX+aanpM={kz9aKfOW9KR2)g`T9#W{knnWMczyunHK!S#R#&59Jv1`e`v=gT=?|t zXwuJwett$jck1U~^wU38@>J<(t$wc5&vp8Fmww)>pL_JPXqx8N&nEp`sh{ig^8x+b zqn}6gGkk&O*Uwu0T&E{mpJffeG>5_Ajem3gowffnqpAYNje*Fy1ket)?bE$rA z*3XCZ^F{si&6GT|^s`AnSLtV`e(uoE7xnX?e#UAff1`e`)6Xx;XOpvoNBb&gYxT&G zx%y_=e}o7=I5O08*W4TZp{?L~0naA>;{097--r2g_`9CJ1b>_PyM@2o`MZO^Pw{s* ze_!VBe*V7A-$VRu=kKTdJ;~oQ{QZ)@-}Co3{{F$=5&nGCH;lg!e`ENoOxe}(5vp0)hd^LGh@z>7ZQSzbMw{UO#cW}KefxwTaSFb{^WJspIRFrvq z_D+KyOmE_Bc-teocjRpNEcDUw^x-pycVHiCK4g6y*7PLgWrO*U&B)pB@6||IOJCAg zTF=K?QQz93#ZSu@AD^4nU{24M{=uo0wdPmJHDUuMY$W0~6Vr3^{^DwiF{?Rp4jqOUzH{UOFkF6pZ{ zlJ(;&OEe`KH8P7cYZg=+F@OC|{vaoLh7FpoDQ@`q3iD63%gmqCMmS1QJC^J@9POfv zo;@R#^KT4fe48>;o_78i3T4BYh9gb6snRU7T|0|@#i4p%NrKagfcf;dn( zKUQd8lbU%u%;^<))xg8hx_Y}}L*M^G-iLW#aKdGGSst};zux-zwe;o*IYyN8yG;Fi zLh9+V2Z|G8AJD$|P45HR7t)%{Pwe;9uE?dy7o0uoxD2p3_^>w1-*ut1E3XtoPuN$k zSAFjz{*4tGUv0*x2<%Di%;Rs3Z8e1N+W)_#=b4q6Iy5cH*OtqZ{imgY0Eeu}a*ki* zRVEOF244B0M+1ph(UNuds?tjjcV%j*jGOhel8Xe{(P?Ju`^_Iq@CU}7E*2e@+rVoW0NKq~ zP2S08tVx{k$Q7^xO))B>c2>p6NUA$J12Xju)i3OHlM=@Q^WMgDqop@q9ew1M*B=@O z?L%S_OJV`D>KjU8#4EO6ybXO0cOJnlqVNcoQ4J_fE{vNCy5yeNb1K=6$!&6oIYD1? zoMhIKo2t_X55F|_(BYS0g`?YVa#jl`aN4h8Fv>AaWiaHJR1O{^a_20kBmr}wE$Zry z_q{&@b_GcHeSuobj;fdX#pj`w0kr=Bn;5o2PWcYJ2FSRxr#>Jxgw5E+9M*}R1kH*% zCji&BtVF{e(YW^4JxW1e3eL~}xJgc8c5~PAGvy@2?8cLEBwu!@SN2@5>@uW!@jCD& zr3MJNV{wb;?_ubV+>=G_HlXa0vIs?F5i0tV9t}36=LyC4z2ED;=d^I4g~u8F_T|o` zU2;RwZV4{kD|L!L8s-rmA}8;ogXL|RdBt2Ftjf8t{*zcZc+IU(-d;BcB zQ?KAzZb3qnCHG8z-3)#0z1$f&944lYT$>zDV6~xU!vE5)Y<8)09~Ij17}|aVgYn0# z4o3DOIfZVN=$2#Ow9Sz58{zyYpMQ9E4tT`w2t+>ezixXHWod)m(d#t%ytpZ%QS?1K zL47~lYE}`qN{mWfBG5`5Td7s({KaHx0mdH^vGe%&{b!Tl_l;?Tv~1 zkir2~-6V0;9m#aY9+Yl89NWnQ zAXTq?KOoWG7M0}(-r=4# z-4GC8LQyl}b|Erw6Xg_RwGWl{N?Ja}T>qfrMflJU$&Y+Yo=VkL`X5jxtjnJcW)>Ic z1E^-|MoK)ev%GShAEq45O@27F2`$iw|48$s3D3Tu*;DD2`6w?)Te|o?jgmr}A2DRh8!Awqb9?wG}p50e~ zV<;Z&npf17^tDLlf9g1hGU^hSD6{?a6ML|> zxvK;vMUrC_F6x@?GaYV*8XM|bxkMdorov3YP8V3sW|^BM;#`oga6+f8YP^Rp%Z=QBRcY;Iq--G2D~%(d#{3b2*XGb zR31U0gSTCxi{;+tA0f#y2>dxR8u`2a2S@-zF=r?IlI@v!>YHf3yf4F0@5fD`79#$w zj$lZbaNLpJj^Ml>-oh)Z(>21WJ%1?N{u$a1PU9x0 zoFlISMJ+h&brEo**77>0oLUR{b$=w%Tz;K+!j|t3z1@TURhwF{c(8teMC{v$88R0z zMd_lNXV$pkUdF1eu)Y*wjXne38&p`pBoqI2q z(1O*rHe$C)wz#=cnMMBVHrEXzMDDqrcYJD^(DbcPvl-!bKhw8#5`1YQSOA>#2b|Cek@cUhL0sQ|-bF`1? z+2Nse;+kQ^j9X%fQ?%L}W65ytrr2V04wIizVTh5q#M`8zv_PYAhbY0A`d`9t@Br84 zi@5`yIK%Gr-@8v~S=N_PoWAI=PPaHrJyq4?Y=$b@tJ;UKDg>OpEQL+xq=P!flFWFu zFLR!{5ZSECt|zY42Eh@;QDQjqS1-||>O=AoiOXlyOqErgdDW*_pOpXq1U+P;$zTcF>3y5aLWTZPn3&*|@}4-jEa;#$Xbv@JT@Vm~93wkO@d z<9bBdR(z&?wVF3FoL3pucU1*KD_w? z34CjFx$EL7QGVNeE#9N{&5;B3>pi<(p=l|TnjbC^l497PCl8vnhps#jeJhKVg1LAfQBCPX; z6AlI(G`*vqKc|R2h(|)MDn* zBmz|gLtyn9^A-8-bKYS9YsioBzkflCQ#YbX# z^%SgI!o(pL;ZOaf-zxG&`nP(Xv@J68WOrPb7SFsw#+CW-WJ%|~e&dRPRj^n!eYsonA1AX{NT%Wj7{*43kt?q z`rCeMAu9aX(>9wI4hga}aHyzCBMf!YeVgwFjtNgQ`>~p2CuOPOW|tZ!d&F=b8o>-o zt?5!gQ~D$`8E5aG<@al*Xe%cPHxK2e;ooDI^g|SzPGGKvF_4yfm`hI*x((28HP8Hw z96yBmPuT-ML9F(G^E@zd!0#+Nh=u95_Wy15xnJ2;QX~XN-AFulpIR)^y^OZHav72? z7DpOns3e1^TT~KHNmuTEx_wd&<-||mZd~k0ArbTspjnh}g7qK0hWgY44)6j^=1eNY z7@h?_162p-9@HHyX>v+k&4x!Ms3tQ`>l9Pm39wMHdy>6smHEVGc2u>E-BRRGY^*nG#W4#L08pmpcdHNzP`f)@u@`*?KH^ zTb!-kTLaCYykhZ1#E zCtn~?lf90(Pcr$;H|Z3T7|Z8)hj3O!7RR^Ax2=4D*c4uv%jXk-u)3g$moxy zuQzXCJqRbt#deaR8p^8NcUX!A-S{K_p(4Uu4rxUoU$N}HEwRiOf( zj`6yzq)kN-6;U{&R4h&g8_c%`>ncy|X2iu2v+0M5+=SYiq5)wnEYJ7)c9?Cc!3j(m zz$x9^@7Sf_Ev~mWd7zfigW?=4(6O$;(vigO=s;)Z{haR0LcdPi5;-*Dg-ocCU;z@P zQfQPEl)f^vu@fX{N(cAw2*0>e#soxpZm_ILE#%zgWokUn z%aKKndh;A=(K;_|>>oA?SW4YNvYsq{uY1zc`w)07yRUBU=EYYmhRIQ2F8Bf#`Zx`G zU=^>~K)H3rv|Y<@5Eal^gc5whK&LYC0;dR~FU_8U2()M9bMZX|m(Of0aEh2Nj?dF7 z&e+)Cx|)Lc=7LCK(hcZ6>m)Y1P$YZ)Nn&=5_b&F)qSi`JrJ|87?EO1|a3YqKcp=hr zaFLiK4M?lL%MWVwIi=bvHH&YNKfc-5c1CvcXzgT15Bpqxa$_H-JTvdO_-5{~%n7c` z+oyX6TK#Qs-K^}IIc}e&e=&3ja>Iz-nmeq1IsAn97qSSrMXYj1eFG;ODUBB^=&$RX zv+|%vI|&{fg<4F(DYro{ z$)g-t0hg>rwd_wR+u)1_W<({v_-R3}5~-%aZ2a{XsfaoC--_GxgUDJ7SE@n?*Z?BN zj(yYyN@nmN4d$`$i*QZkkAoUlI6I|YIRO~KecJAdUZD4o07+5%+)8f6m!^}_=l?fS zfe@C&Y)E@7H!&N(z&U1wZk9s5ixHvUrW_ie1zKFfb`v{x9!Jm}s(flNQ4%z$m+ivE z+J#?jV=G_c3QS8}foZHKFkSYPbY+~#N%K5+;BD<^Fm)#USkL+5v{E@zIY$LlN8+!_ zkXq4ui@GsuwVwxoG;3a4$E7I6d<-AxeYRak1y+=cbHDWQsTee0C_{8j3@GXXhY&|qwG8tir4{Z@$+q&}$eJGRCP(DRQlebUu+gc}E&nl4MpWUo9T z@y8xIG4i=Ngbx~PWQal<4kO;sy9x`m3$}+^-|wDtyN3-(FO%>)Ke77yQPy^C`5K+a zyWF=$jWeD1beve`u>X6t2%iSqw&;738^C8{h6;7M-{C7CW-(*lN#h zY^2&EuUcY|>kgq!jx#UDfjApU00n!oMP|1%QtF>uy&>rddnEDS^#iE*<9p(#__F7= z=9oj_7(j}&shdJv<^A~NRCI!+f8O{9yW?-m9DkHcDa=(05?ObH;+w}&H1@m>6m!y< z$(+WzOaRU5>61IZ&W1b10#D#+-qgzdoqgnqu8J;H`-6>U3l=U)2e<&-EFsN4OiG0P ziBtT@dwv_m=O8v*c(_yrODZI*=`;1ZL<^BR9)=bpvj7o|toayW2ET-FEHep&bfDK9 z9%U?HUl;tk%B<}Z`C-momm@k#U#qW_0=R!)nJ0>=i5&{1Mqi_dQbNQ7PBUC7@(3ZJ zK!1RgN7P3$x^Rtdan0V|UM(5a9`ARY3n)BFEMz5ndR6FsW5w}zg7N2ZgFqV--NoFSZs|u!ysmMSFLEU1ivzCm>OKA28srOuF zvd&c9PjGN~TyldnLqPeAW(cf*fO$B9qCcPYK@4N@N9FiytT{?^>j9S6srGZJzMB(Y zbZ^daUZZt3^5F=xOC>G6VkqM%Mq#G$B_y2P`>{irD$&K{b!LJ2!q(_~*e8rU?7qXD z-aDdw6P1-4YKZS8cLOz;A#@Xbo3Jz3_8c8SkY7n33FXeUa!FMx2jtGeSYMPCl@P1J zi7$i~Xs9uN(`l8H-RF|SXpw*+!4|O%SU7J{XBL}yO4@C$lyF{AIc_h8f)OJ9yZ7nZ zB#z`*)2b~9%j96cX`{pNFfS2tQNPflezBl_twsG}LH#TZyAqs&5(6apym=wriCvARkdslVKuZR;0BIZF#6K}J|EceL?HJ2L$j)H!0JL;ebtt0neW0REtHby80_XmKrn*#?`yz;accUkYJze*7_p>d8%-Xq>1d#~5}$S}b11HG`hH6(9r6qh$OmEyrQ668<$H!42JtE~^jGX{ua}}6!>2E4ptRRSZ z<9wDJ-~=!w+KeQ*EzP0;=R?HLI9710s4?3G&GdoNT{tAJzqydRXRFO&b^sH$2X8nD z5MgPfyZQpT>&~SOLSO|fhZC4R3(Mo2tR)vkX9Ak(JY;9Z&Le1PVU{=Bh0!5Sv0Y&y z^Xy5Vr?fsg+Tm1quOH5QZM9MUMq+b|&ZE$VeCLPBe^q*4*g-S7Sy9&>gPusXkmOcp za(J+tlNEThfl19w=74u!C@|czGY&Bg1#@)}*?eSmCmw0XUfR?S%lIA_*qlL|T z%A>*NJ)@$1SD%tS6}z6UWd79V@r0%SPxIuF7#nO!)v#l1sB26$3Y_UqxoB<5&8N4? zoCy69m2YQ@Hiu`*_dz{{Lt3B|pl1AIR3H>mWjEAA3@^B9?+hRPW0&_qz8lFPn;NgD z$ZIPDM(Z2TaLxd#jREuEm1(;mPO+F=E{4mB1M-s(bHXRfj(O{T( zoO?XLVBRXE$Q#H~2J)DSby&4#KemSvi3FX#i=q{w%%mRU*G)A$~+`xTE2Pz zqEc?vH*2d($_S=?1Ni+HbXkAHH}BsjDRz`=j*B4a<_P>A8h3jwmCT&DVwckqq z)dR-+ImOhI%8+{2ZZ1rnDTzX*n(arY@KdNry#U4M3y!%;dHJVv29uns7Nss}dJF&e5J@0$` zR{o@UPyb-ck9lg|)7N?nB%YlS9X%tq4B{VKQjcNhsyuVEhAEZZT_fxv!{NynF|)Bj zW*4nYwJpp}p30UHE3QZLnw7OVFUx$JG9Gz8UospmH6C6sX*FIN?_m$-xWa41e6dGs zWR_~^=E{W-NHKA)BEF8-h1k)~M22D~;G*PY8~#d(|3%3P)jB3es9G<1u-nn(oO<(0 z`pj*jQtbIf^j_!)nuTvSCKyM}!UCZaUzH$T_Zef3|8Uogr1hc&wRb^&K7u^Xk(0rTWHTAGu+ z<|M4Ze658A=#qG=KVN(=_#~R$dPhz>Xs?*F=^}Fo^~s!a0)s)Igq4+`jAohi6YOX@ zc`e$$Gl3abxmTJEFDURP{e~)H#Y9|=kITcZ@KQOmMn@pQ-30rwkVE}Q)4O(i#DPzI>`LDkJrpePm7i% zInZ>X-LNf}KP`$5bKUu(Ph%S^mdmR-k~DYU?HaDcis8RWmbqmO%E1&$$ph(taAZ6d zNgzmG<+!iBnYZ8VrBeS9z4}`stXO%Z@z{FXUxBEc)eKxTkNQfeYu(*aeW{#M&HL;# zPoNC8+)rgAJ92k7j^CW06|UW9xFH#Czw~fpkGsR&u5zIO`rD7oaAkv2y`JT@#?nZ}T zk!NnZN|VX&xBUMiw6_M~NHSTr5osW8J?Wh{)i6FApE(?X7p_2wB0ef+)J?1xI9HK4 zSIMF2S_Gr68*xH1^_(Tk#Oq*UXXq&A$|z1l({!-ye~QkkGJ(o)qYJh?Ko#^lZ0=c- z9>y>k#tG?RTn+O6S;s9Ceo=j6MT5DI7QJq?UIk4B|BA&FaFhiQD|ezB-x6`)#})?h zaoOHtEvz#wuzhyPl)=z`>yweIvGc%LDIYaAWBcD{ZQfMKEr> zb2-$w&9_{(r`%2@>%uczQ}hyLrgGWtSUj~&R+#{}06*w}@OaBgs2 z>om6eRWrWeRs0{pw#C`$S9>>CrN+;Wy|Re!ti&dl?}Tjoxg-OY8k1t^Ci-1W*4z~t z4dOre2bgJiYgFwp)55WM%=DG?o>VJG&X8rpz>;1j@ zPyd?wt-aRfJJ8SiO680tl<~(2tXEY}dFsIXl`a;=cl)BMx(!+D^lSDAW3%KW%ohUJ z{8xWhf*hf1KGWYvUW53kzeJf=v`S5LSDlfwsxEugj9e?ou^XURW^>dd6`5c3S$O`2 z?42f%0kH}^EHSGvz9&WK@R}n0Yxo}8Pz zxy}p`Hb8fZU&d=f_SUh59dfUIK$33(J!Fk-h^`?y$F0q!za@;%+5Yh$=Z6?2rK$N5t=Y zII>%DDA@7>CG=tjH)q$+Y)%lqIGze|+we4O_jc#5_)AQ#C7qO+_enReoPUaHbi{;R zQ9@?|U$?Sb-3+Atl(Zjllis&vt0S(t$)QV%4|{AcH5K}Cl)O62iI+kn~Efn z1fHJQ$9)`|?B6!!b{&brcsj6Tpyj_*H;w1u;+ zJ!@W#oZrhXGV(v+Ig!kh`vX_|Cbw*e1}2V*`t9ZE;_=xd`%1NzKMLPw?PtWkKz7tD zIyB6=mme-$+IS(vq3%~orWp2_cvK(o(4JKDF1#7PAEgNpZieyywDdR>5G~tR%FHGf*p8x{z~spJX4PH{N`T|>`6K6)8)?5 za?M&!EpXFRUFkWk6gzEcB7FfDxQ;M$y;hK0)ObQ7UVHWvk&(|iYbo&39_`p1^T~M- zeAy1Mo)N2*Va}uJ`s6~`5hlm0j|pj>EZgme*1mc5AvMjPjgMZndU8z*hC#olmEgM1 znAuyE=80M&z|&3kY4!Hty42Su?ry6VH1w_Bp6uIJEjU-*-0{Hb&hiROEq}_$rLU#pPnNenwKvFzv~mj#L7gbAwV~x!?5hAOT8ld)rM%l z8eYZTSIZLlWp7x?v=U(++L}_idnW9Smh1WmuFFpsKVbHRy|E7}H;l_$gas~4-@Fb; zj&F0VSOaIg%;?Ux)Cn{G848&`>IOj{IKPq?b>`#yB^33WdSCXt{C4+?_8aPY*-Nx9 zo!$HSiQdnSJS&PGf4m+S^r$+u8=B62R?4uG<~%|Dnm^|&^S4WSMje{pyjJd&XEuHD z=Tc!2edUx8dct-VY-yI?6%&q&T@~N!UvgQh^mkDNI5&i8K3hDCHSr>+ur{dar%Y_` zH*am$?q}q=hCAtd=egvU`_}V5N8@q??iU6I_3Oe8Y?4B>Ji`6#eVlko{FZNdSHtHF zKHeMw3ZHYwQv`Y{c^ZGbw%;jJ-vaZA{m+|}JCuT)Oqb$4h%9o@0IK3va z@O_1c;L$ISRlZic5BJn;dmv?`4l?=@*%ZnqpvjVcME;ubq(4MaD6WiYGEe{4M{3mm znj=Pf^W_Nsn87@YYDKOt#Sd>=)L`($_k}m!ae7)kUv=@&Edl3`mv!@J;EJ zE!jG-BawQQ=l|>D!CJnRKFX$dlx%ts+e1@hkthz|Dk}hT4vTH?QhCMBHB^9U<*!?b zjz{NXsvcqNEAQL!9&vPf{Or@QN=C;h?R=>lJ`ZuvH= zd#AhYTYH*W8V@$pp2ln6rjPn^y4$`@AMoXLw|$%b!Dtynu5? zAM_8g08B%-2h;^>rb}EmSmXjut zHRQW;M+8=;NPMwOCr6a-@GDVzHPlDUXh57mIqMhEKEB5vynZi*Ql)J-J>w54Kkqcp z#qnY-f6TjY3v>cqJIIoecB`a4@1_YunUQwCr2WcGyNfhPvg$55P*%J%$G>AMm8)7Z z6WgWafo>u}iF+kJA&I;HWlPQ^(GkXxip%CmG>M1V!svwB_KmJ{HjukZY-XrG;owh> z_!+ARuA81)$DbVelP!O;>QqvtnmH&L$l1CLCoIo@MUHuKr$+`6D2DTk6QytVOK8P<2EVtv@_ZF-BJ4 zAK~d2hv-gMM$V1cDHZ?BHby-=c|;Q1G#gl+^T1{?L#4tmE@7K0Em= z=kp4m!5#k4AW+WTZuI`YfZXy0M*frv!|cq_&9Dof&{396$o#iNx@Hd{upV>*tW!<+ z$36+AUc#2%35iKaPcnS4GoM86VOtxVYI&74>F|rU%*<=gf}1p#})`=9~{i?*2+#+a= zs&^UsnMgF>+-nGa)5m=HuB<&D>9FT3A7T*B-_lht_Nv}`dq&mPzPhCAQ8I(I#T<+r zq-ti=N3n~Xcf8_i$J@1{C)bVXT(!;z>0CFGAvqt5+((~;VBp&H4pJyzUAElJ_qvg=3nF)wXaa?ieSq-G$ESa47&%lu8Z|Q@r*#Q zMc8EAI{MEsuT*K1#7FbvOtw$6`Fc~W~w)E_nZ6N-Vx&x);S7t zrFweNZLzs_iyfDoT#a?kgs;&SotpuRn#a!v5q~06Ft=va=Bh5iDF$JVtPbY;o1tN_T8hRh4oEak;<==6H@S5g%tJ24w##l7KTP}(lBo6Hfdnfzja zSBVyTZOsj(vVFH=SDoFUo330+#-4l53(5v!$=1ULzWEnLv#vKN0k`3$DI55VnQO|A%La;%j%WtFJB zco~IZ262<|9XA>fX;LeyL~EwCf=h!&Q8#9KlUGjst+Eb?-(bCb-ZOH>xKe7|>#5*3dhAb^Ot zDD9cAvR&Vg zx~mc@BSx8dDVH}b6~Z#iImja{+?^StPoMqB>l5TdWb&{nf*XJ|uz>q2-_#{;x{lyz z*nF-mf~4iQ-MX0iA}v+`~Qe~$zln)O&VP;(|%(S^s z>sm}*WJazQboFS9d|P{*nrmJAhqB{$pz(n`50OJudutw?Ak&g1axL#lZ_jY4 zNN|nZVTSVR(6b;!V46P>_N|wJBsL+h7mYutCtl5&ZoC@oK6}TjiOofEMze#6Egfvx zNE7RCkd=_yFI!Gw!$g8;qnuQd(-r4eyC|nt_f1<4p5j^#5(kO+Q@t$*gDb@!f`03 zURF9NE7*div#_Ld!{(EvI?u4AvsfdW^+_1gsyg%It&-#e1&WfDj?&7TWKl0|Tmqi{ z6kkn=M0FGKJz&}{RLf{3K4Jh@h=N-SLG6#D4E@pYe3>!zvPpkO1c|tk)zpG;_47tF$8r&=DHM9)+R|yR^>y zkzx&Is}@e%Ms^ClMXFnF}99k+1c?rPm#m+Yf9I55L-lAf>LT~*8y9) zjXAE<$O=+f%=-4A#(qwnmN{R_h{B`F7V?g=wHNIn@?@-FN1lb6ntu+KIr-B0f~1?x z1C=aM&dZ->Da>kov+1{6r?Y^Hgnr5#<-_Nif$p2#b^&3;isoHOw}>2^{C#U~8FZ z{@Gu|o0+xf@;T9wz`<*QKgFv}XT4NAdcyW)kAM=&qj(0LcK^s*4*gWpUMzZJL>Bn0 z?`tWM6Q?30=F$fQn8X=kI=uJ|0iH;TqZ(87vQZNEYV8?x z3@tK-CdTluHXVa9ksVwXo&`HG%8|aCzO?Pi-WGTi}hyAATAu1(M8Nie#W0E z?VL_-^uN~c#CbAZ_5v;Y>U5yapL%s?{uJekEbFjaQtDrm| z5N?Gw?F`E0dZOY3NW7BxPUvB)TjpXJKWxfODa`Kgp6gPIe+>CGI!&na(+^-|Y>UBwuu& zR3Zy!2njXj7+Zi<@|p`e%#?L*UHHhB5dc6wS@&phL?{{IyzTW}SCO)BSZ6N~umOhZi&}g}|hd=D~9{dhg7CmGJxm7){Bd}FDA9?*C z@W3_vrV~3>qwO^JXf83;$ymG6pj{K)dJUb%M-VKc&Gg4SrdN@AYu;PmJ?TH`o$i(w zq8=~{hX{Bx>AhFprceG-di#ZE_M#{4kL>e&`dPixH|#@?eEZ}Vkwm#60$0Y@!GGp||Y3r$)a>xlV(R zyoM?E3UoYWR7%8L8w#lHf*dU6&0D9Xn~>N+9P!PeQrR_3yQ*#j$K1{P=xN%{jOdYV z9Dq4SS~K_M+qT}gBHh+B+F~b4j%#pU)jV{sdsre}Z*aC~# zIhREdsWvlhx8xw{d@zWCmysf~St8NTxxd%V0DnmUrW9mN_oqefQnT^X&Rv|7Wj>k- zQ>Af654Bw5>9hypU275V+bX8Q^#}sE&M0MO{vTw&6m}ExiU?Wa+(dRqi;nP$9%+kq z3GodhBNUM(i%^%}qeXYxKH&`=7k|$^^jPSvKYq0zyDK^5Ph6p#a0NftUrMj`+uteH zm*xs7mX%!5Jh>`%QX8i~5p(Zv)2rR?55P-(T18OX-$A)?6m~k8s3d$1Of@ zr7O(~woHS-IQOu+%yKlUj#Sy2XD*X$!cus<$uOa01eUAZ(a_rD6D@#gt4&kD4<$8) z|Hz&h%(bChBIbMSR-tw;tUf3m)pttv_^F~LAxbt;efNphT-G?$^u3d2Uu=!|5;1?` z1y)ttmFeqI{x~N*w@b*t`ny5%#OD3fpNQ^6j(rkCh|F`Kqf79{TxmwA_sh}R)**Uy zo5+b4bXNI@i?UyYumj>msZ=UeKRKqQXH2_9Kf-hYHiULz1H zRLFzF#bzjU7U1*{pZ14<(SCY>23PKqK8?UW`5bpLg~(qGMQ$C7r@Lv{Y5C=)UNnC{M1G^)2WW=m(qlTdbwPc$(km550Z`*296y1GH9`Cd}l6d>&@#C476HU`4-o2+()A$)oYCobqQ|mVjEykQH$zflUmGI(hRdbX z6lzdi=xwuE&EpF7}%@w> zHOEL-;f0VrgDnMgRi(;5Yag{jF+5fi0+VwShcts*b4|f*vNBuieTl_N0Q_xdrU}6F z5CF6Lr@HDmDp^YxO)2=ES6VqMuYzm-X9d-6 z1-DCCv8u3LYL#DZ532rW1v$2YC(Ck-O@S#v-C3;YySxmgSW5*%6IZTu)w0b zRXn{+G8HPL7%?9~+0um4Q~Zc%sT?7 zumN%EP4!k0fc#;|Lc3TR?BtyBSl)$AS0yU87#H4Ns?`DWULl&P}s)=WS8pt}92d{KC?5E8}sW6j|wW+i5w8 zGI%tiyvbE*MKS}w11Gru(HqJfcLpw!%7Nf_PXe;Lvu)HII|Ezh)TJcKlbwWVHX~$s zykyl$n5Fs=O5dl0^`j*3PQ$;WQ{j(Gq#4&KdmWykzv5lQoPWH+zsBsGEHxEDlGg+9 zLKpt4$pn{Mf+kGF6-+->+v1|m9LLVVqq}tu1ftAcX{|uL$ox!e#IH1X!%eJlaf*@6 z1ekaOw^DAsiQ4kXO+BK8{u2J$-v2QpdT`w2#D)=Liw+E~Gjlpbr((SaJ36O`qQHi9 z$W)QES1stRZwU2%Rtp%b#82eu^1#g|!fq9}{I*;K&{XKIl5@@$-hAsW8EQzbno6fM zYs#;@lu%E~t(x*fo06yzuf|ZM&Ur*%kLoK-JyjL<6nI8c&T*^4%jbCM!-{fgZ^aSu zrcl<3l6X@fD>hV$t?>Hx9#Nd?%`vuEdPjBr+ZLbe?uYXkz1gw{b-dkVkl%Gj*||tX zf6*qh#h$0)U}4u=g3plsFtYnA69qYR0VQ~i+&+cL1&u(;GCB7}%mKMeO{}~ImRr?U!pIo0xb?v2B>(^=pYxnE)4Yeob{ghuW<>ka@{b<0N z*!)e(7gBzbly8#q_kXkY18vnI%6~z?{N$AOTPSSl<9_n3vEu=2sI59sXMUpa6r7Lf zTue7JCg@a%N+Bjpnwqn-L%a{59i7QWRr)fMw=EU{^y?zRE^?G~ID!@R=GS_>qP|W+{2dpiI=-agJ9__D;p1@_p|J16tV zyd(4(P!a$4zY2p4+){mpq?^H?DuhW>h-?0wug3{zjXr4 zx^#X4A7=u=7Ex=8xr^R?El3wiEb^HrpU{e1Yr!$S+)FK}em~Yl>!xGjYK{W%m0OVv zZ`wGgk$bYSbQv>CkX0;QD^>}4J4ag5PSlw1 z+CBiH7Wd}m_P3>l)PCA;#C}Wt)K^q*9;AoNd+T(WvO9FX8_cu26j+c>8`dq26dpeI z=&!C)U7ttuw7g)0_c3SnP8a<1(&XEW@0~95(JOsuuXN?t?Gae>NmXoP*tOQ1cWxE@ z@h1x+X2A35MuP@YxD;g}Hh6&r&8pg$WZI2#OBA zP3t3`xat!{sS!4Zo*)JN?n@UU9z3kRY}OY7wqEB!?)tLnqrRN(!o#Ky_;R`n51amh zZb6y#TYIE+3)o+n&XRC^f(^(R8^z{P9(E=|fBBF1rpAe3(BBQ!AzDTbE zN(6pW=@Efip|wRqNebi7=D3tn!j48v8_fX!JU|V1uxJ~^Tw;4hOesx38ZOdG%E9|B z+<~AC_NJH&BBV4vp!Lc)7;%xBDY*kGV?Yse7%g$66rXhK!U3VI=-Jw*@Kf@XTKsu~ zsh+1RfOU7MnCw*UNLooPVt)L%lq9%L#H_JD7uig2?+K&EQ3kE`iZnNb=pM2Key#U`7hWYvRWY&4sRDx}Sznh&V1)nfV` z%&hY>i|HFKQcTwfsS<9h!7MypQCP*!J08iSKQrwc7CLUYa?yrweG&cGPc|~RGLIeE z4Een<%z&xV>ubZ0g>?W*93LOytd>soEJU|^huZFWOf3W2>*gt#VqpjbW0i3%o zRN!>&lq|X_zVyB{p==6{AiM@}2Z}=o6g&@01;^)^Ds+kphL`X%^xnn7FVjj{1U6pX z;Ir)g9CDX3N11?Z^sgD2drk=NM5qFQ)gee&DDgX^eh9C=s*i-xB*ZGxqZJthq5Lg| z%XL_k(s-XCbNRu0ZM@H5%PO+Ci2c+pAat~jD@zg`>R-E`_uKXJE_r)4IY_Ry6N{p? zXDD@JNg!tVggXsIOTx8g`?1rRktvN(`E^EF z_eNi|pu4IfM?<%wJP%|=`_`EkRLJyobZ^Xw=5<$j`bQ^2QpdP{Ql zsc&HK`kK=9*-EOUK3nx2|7U%)S}`zsT)K0|eW|ho$`HR45++BJJ8cp;V=V< znzH+eOVnLc;ftP3ebAp`_(#|oVK+8JPl)gC6C2ZAGdd?m9L0ql_xq!R60=5kZ!C%R zYuS3`U@lhRM4^ua*T}j*C)&5WrkpDXBxhn{Z*x`k$N!r42L69(ujFgmv(OpB`t_Sf zI6AJ}%8-ce6P&&!u~8!vbXS#eECOikT=#%RC(xGfujMbLJf$_{kd7e-tD#xtyEdK# zmc=G?Z`=?a100e6E2?7U*nu`-Potb9T7;#A>`_ngRA+XdtlK+)wZWbx%8du6%=WU} z_AH_?&fQ#UAh(ReMfHjQF_j$N z##S_k`P|vK3zKvp`*!=5I42~fO62PXf^EhpGeZZg2 z8o$hOlA!ZfawBBZ?Mq69aiLEsOo@TU;YON`fK}^t5GvZhM>^B3v;kp%Y{U9R2I zmw%U+2c#({yKsl|9Pbk^0*g-&{O9_FU^E>9Lr4!#@y2 z<4Otl!Hq}D2e$eCK($#TH@5i{)*WqA(x5)uj;R*~viNeu>4c%0$vt^f&{F!BEQ;3X03m0j4j%|n2^b^$+;wVpppQGl-K5G*_f*IRvaSzC<)qz~W8!z?%m z(87$3WVQHMEl(VohD4D-0*HvEU}>w%T`ICP)085MBaTvz9RGnYFP-D!3%g4ie!^u+ zd?lzO-o^RKj?&z)#Hr(;(1U65zv!t!3SRo>wI4!N;wmkV!x1cwc|?{5Vp!qX8M%hr zTq}HGIH_`x3IC)M$UvHgAq&>JOMaX$TF6meyG?{?eai}~YRDe_nE3jAH4yxgY>z;_ zfgEdVcjsUB3;(W~GT}Ig(l1e)?J~)2EHI0P?BaZ24_Y5*a7IF3Q$s@hnbO3pvcyaA zf6AUzQ|^mS>fV?g?MFXQFc-BC({f>R2DL}bT>d6%Ct6Sspb+;D zTfoOEch#0NmFq#Q9*X>Zkp!YP^<%=Ck?2J|S+ck>F|p=e=)1vT+ zqr0|y+Dzj8V`3gooKlwfDE^M%&D8zEo9=z^X6l#l#zp6^tiM|DGSIy-6g^S5-mgH+ z-VGdpm3;Tc{AgcAO?XG{-f(wxYj3UbfX_qTsTJ4k>C;g6RqC9H+I`KFfGixb`ey9i zr^sd@0bu*(MJq^wW;@czhy7PaU#s7ed|G|}4u-e*c@PMi_Tel-j6VLW+ z@shehn-JdUKT331vwMhnqpLFJi_a=6N#t=q(sxz*WdQoF$_7|Q>gZo%s^~nhz_e7B}pw5)oN?L15l0&YURR+XhXiE62kSk#*$Z;3IM*u3S$(C7j ze#A1xo_cyuJ7+-vLa`CzdLA|b5`<0KaOFT=gu~{uY3_@qg!R)lR8dRwcb=utY^^Dk zi7K_t1+c-PIkF1DQ9MC$K1P~*QPkxxN5{p-XEhDy(y8FOg4S8(@$uPBMTx0A>FoF0 z*jiIA^_9yw=ylFqvjq!8>eR}b!ksl0l4Sl#$5e4F+EVpGomJ+Gh;XFIcZ~q&W+Lrj z0<&fLrE?-?Ak$oDu125TX9b;Ql#}i!>ynd#>zc<2&r`axkgxcxifkCcSrs|S!};q= z4(G2wc@Td?$wB-rN%rS&RT6kqG*dweeR{-HX12F%tzMHCF{kmCx!11OhRrAiCahbu z6x*AoeuPF)D2$d7kCuKjVt<`^O>GP9h;hE!Rc&K^H=Y%4tr=&G_sHdgH51M2Jhs-% zXcUj?X?4y|bb_DZW&D|{)|#2%*Z`4%G%lk~AoIbgOxiHkEF~|XDx#wkwglV6(UKcs z{yA0P8!->&3(1>yg$yJ#=}hoGCYX>Fl1=A}Nzx2>97S8xtT~5jPPrdQHu;k>X=9;F z8?U#z0g_7ucwy5mZF!Tm>{_WFM3-=q@{<8&yh)@kFDM8t<p2nu0T#Q&ve+RrZIG2QCi2ZZg-xaY zaHClFRMNf;fyZNRdENf`KF?<}yXKu4nf|`>g=@Q1jWjspTUHv?!*dL*3ps$AH{2z) z!8IKeg+y#E5o%tKDlK9zdYXyjl#DncL3PX}7QMvZNsUSD7Cj~xG;$DMZvIq*Yx>O6 z3UX#%E{Nv7?ec6lrqamQ8W*=+)hCw_p5GBw-f@L#nJs#r#8KzkaZ`RfCIe2C3}Lh3 zXZ)tWqt%A}H$3sf3_W01s&$FzM#f?OeCr`}c3Ei^aqs245_CB;aWKG1fPleyNSYL!z}?yf)bumNq20YzwdfS_ z^cg{Q!f&D?a2^R3ppAWzTB%V_B5X}!GrJGSKU06$!epntMp&A$-Ux0>JKXeN=&ix~ z6n@H0T$7%4oe;o=|Ks0OqRCi`l1bCe=Iy$5lIFim*!Ztlr16Hfm0$DH+^ z)a9*tufCr2@x9WS8u34u4sM*H9aJyjbT7UB+w+jWza?2R&qKWWZTeGRN*7X6C_)vs z=yLu5r&6ou0`*STcV*G``;$m~ayY+6LidSFOuHJ=D4OaSl6R@r&U+*)yhw0O3t81I zb)s8YKr4GneKe`8>0G4&0}gXpt)_7LYOV*pTAHS6Q2eQG4MkeRvUClloY;lU{EZ3} zFtjjTgX7h(0yVXq*Y%jUY}3jBXQAE@#*ZR%lvm{n(Q*i=`Gic4t=S3$J@A%8px))X zUU4DRyZixFUvR8zm-Fo#QT8d$bsdarLK^$F*?4O(kHb_EsyD^rF*L3keaQe|nH@~z z;WH*!uqYw-gL?jM6v~btxwxwB zGG)!Ig<}~I#kcU>#v{!=r)QAOj_i??$Y~wxYBw^vyRGX~YRGu;74Upr92Nv)6dsLo z!Y0^PXdWrus}KcIk?$l`uhiVHPx;LFFFq}Kt z#jK`@?*8@29WpTRzUgQV4#VcfM}*4C^HAEWHE#~l<`80j%r>K<+n266b8ez7n)RE@ zU)TE6m}P<5F6kNXG{32NRr0F;i(9^jUi39Oa<`0Ezg_Pyydi0s^q{@u++Ov!*X{GH z^7G;<^t&dD@o1#aVU5e2N6E)FD|f20@x|u4_=2UWJt-v4XUhD2unX|un&o7~zL2;M zCo>BwO^QWYutjzUHOvgQ+$ohIkwq|G#j;_sZfD#dB9(-M2WGR2Uc|A}`Hpnkob-x< zLAE3Iazfs>`ZN{?6oYH- zA|pV26gXHXn$vtw&7_XROEx~#(D8@3@kXX*kFOC=8sdFy{*ot69xw?d$F!eA(f!mJ z$1Y=#q4)+L*7Bd;=#q|THAK6FiMeZ#c2U@=1+Y_^btxwDV-P%J$2oDjtz)%pjXT^A zX6bMhG<2xY4EvK#l80}N%Po8wJ@`CHf&bwR(xisK70HLw@b{|rn@viCzBKRieTi4ZSQHPMp;9rzJ+$?u!i1JaZCJg>34 z+Xbu|3lh7X!1)kUqAeVFiw5_H;U!`~t*?1$K~}U+d_&*ls7Ak2)H{>xJ}YHuYeu0+ z66GMfk%8nC5o6m@<#eyZ;I?22pY@}l(c6xyZnYzB_M(K(a%`2^k>QfY$se)F4`zmgtEy17|Ht;&97?dy*iZ|56eltj#`4}@U} zi$}0|;%IPvzC;!RTER6EqY+pa*2`Ti#j+Qvur$~+`UJa9+rcM20&yUJ}Lt=EC0m-gUmo`$qagMe7Xlm;(as2{2X}H*O_1B3dlgP z*a5t)G5yljzHX_C@Dsw`97~_n5m_E8G9Ql1d^o{-up~v1R`KWZ7rzpJgd&*m^J#jb z{Kz|FE&foj*jzb47n1m~P7mNb6v~vavgb*x=iir97&B_gO{X=YQ za9wpiL4&LF@D-5p$E~3AD}2iSNyiqq+Bw; z4*ll6y2H4}SD*e+kGD&wn+g4a9#H_8Mj=BI-(4mU{LX^?vG)~-HA{4`__FuENhb;Q za(??jvT%V9U=OKiH$=kvzIUUSfwL%^BQZNPVOFS#XF(ATFCu}&;y}F1cln@1Dv>iG zk4tVganS7J)fFGc_k12bW_8Z^yx1S(d%lQ{SZ%l6P4PW@qX({@nlrv8C-yrzQSz^z znmfKGH+FxoD}LYuef1nh2%iy3g#D|B5*f_B=cFJpX2J_iLq@)kyRrGRQPBa-OHY=gCCyk0VP`Z#F6%o{~V8X_xqLCYOx7TyojN1;2st>?cp}_6M zgb$;|i5C*jj(mP(=Y);1cjicTyPJvl_FCKWYz;|}u4C8sMGFt!u)y{4JXDt}13^U0i~{Fw*3f053y{(^%L334LRgLS14ftL=QX5Va9=U8>dqS@Y~)rLRKJ z`Ur(tks4cVvZ-4(ukFhogqXz+VDzKB!RV6jV9S88yx!L%tThQtEK%{*_U^!N?Z6i8 zz^1tkZoEj@EsLcw=nmxUMq3Mq#7|hdqeMsPOy+(DwEc zOpR+YXXFc9V&Y%8XhGYQ6Xta^PZ&jPq3Kx@wlp19H*!nv3-xo7{u58jiXAwo9`)TP ziqL{NeJC-HyE9!v-N6qf#hJi^B)8uRNy>QVylGhgzj^t&ucFWGlD=<#bMLbry>_HN zrSCuZ%JQ0S7Wd?L+v|~M$E#fIwc*v*lRmU}x?A4LyMNa`B~#w@%G>m(zLc)m2dJwU`52*T`oy`Bjp! zAx^Og7l4Iswu{Lo_nDW zE|b9)iRixC-@K{gplO;Xn^;g)u&THjR zf-V1{+4||`Jhw^qvkH-&Tp>cP`3;-#sGcEPlYUBz(fmn2<|}p~%7vn==y#pt$l`ns z)E)KPm19X5?H}Rbi4@r-K1X_?u+5@8x|=0RmaiB4$5iSjJF`puhPIOxhwIY`cK9+5 zbmP1>;q2Yoj&K`XNrQ>0zSfGwDMGM{?0rRrtvTN0cByCe*Qy(yQd{5R;cbY_QWVgH?|SFk?B+vtJLula3R-!9=y|m$0p>(K1)h zQ;ctwP!21rASpv($Meg&#Ych{rOf@k3=8tdqi6nFjxi4r6HJ z&(hK9>w!cmMR%czu@`!cPy$q)I6aFYo@0l2TgDK7GWmZEaelfx&mkxvXkmh>YnIXd zmN$)!wnja6x|wPL+Km5MW8ZX*ODW$TVAA$ep%PpBL!IWEz!^?ZM#AKPXj ztZZ&JS2K?p$q7I|%9dnjCvqbg9wf3h`?9l4@{?}h9qJMa9Wj67DUs{wqLk&?S;a!2 z)m&(cg?^_zXPIYk$NhT5y>67iV071ORNC0bDcNVtV)CiO?c=mTq1qYX_S62lj(loMYr-=8R*;T(N0O0r{~Z4v-jFgpawV*LtzDh)egDKs|%0J zubRDT*|D8bb=;$OqpIR#EV|chwzIKA?&|N zSFYEd8dmN|tf-RkC?WILy)wB7AHkM(>FpyG1tBxmz9ediyuX9@+yU|%FK5%a9DSE& zF$ko1ISwewV=7=qh^rR80xhvwQYYx?oAhtly9+p@jE!#{n>stzq73%wERTbmSm}HO04n_Xpp*QMw#Gh*nAf)j!;cnN#<1USg5hg8q8$3 zt{p3eI3<;c76>y(+jpI{0*S0eVouOwE=YVcUYapSGVQb@QfU#Y28mTp#BYZ3-e>9V z=3}D=_H^j`(v-f}7ir}yKcogfa5zS7>I(3Gq*;2YCn)Fwq*rz3<}b8#*!*FqP=^dF z6YFntFRWgDL=DNE3J|}s5Lxk>|FD4U(v0OTLY0HRjWoyI7;+F(*op0`*fA-!bH2|) zY#mOhmms!aZHNFW+GRzj@5+Ai5RO37(RDv;#>TmA)Pn3aQE zv$$Z3XvykK-_go5v{G%%*H+7Dgh3KE5M22+S==5po*6bjJ47}cQBD=P&8#Iu+E-YH z01`=5_|sL)lQ`$(4z7_X*WO5yU{ToAr>iQ^s$wT651`z91+R>sa!n_AW!}>=!zrUo zt6WoJOASgEiL-B!iPM61+FDzIRgeX27$4Wm2_!abLA{x!XLarc)(b4mGiTeK?|4&{ z7&m`Lm3F$sYWLcIcVjhCz8Ci_(T;lwea-nK#4)6(sSACkQK|^0EFftzqR@Y>sf_VrQmcOu)8>k>cKdJ_C6XHJdyU?})*6 zl`xQzNCqX;SE;4_=0bAgO>HgG2XOaJQj0U@SSV~>cwf;Ug~0-Di2>%hscJvJ(X+b) zmh)xe+eEAuc9dZX;8?}ts$y%{g9w4 zfKr&q`%kKn?<}zS1_Xo2OW*8LA;f)SpLhmM?~&$@{r>VmMpP0EeY# zLI|%Y(q-SB=K~QoNaRTDf?v?6E`Bw}6bF^3cn+K0NtxAvPN4uo=P<$=gr|<>FGBye zA$mZanL_7f)?g%1v(4)uln?x^Bgh*vHvv``d7~rD5!8z%GsW>U`>|F}sVMH!e;uOT zT8NSn?@vg$=mz6&60eW+K7{2<_DkgA{bRRJFl-R=yf_6B+PAY>w}g2e?lO>fs1$qs zv-{`ZL*4yTFK#YMTvQd2^9+^W&5sqJx>bsNEBBLLmwvV830`5L`w1f;xGZya*2#jD z0o@#fEgMKiCwa8tx>j;aJ6}^+b$BUwXvoZ zZ%DbvCQFaiL6j2nIvE7g^h?+ez4&6^9Xk1<3q`x1y*6C&F+g-Vs*sZaxmKmrvP!yN z(M&HbNM}B6W|?8^^Ho4AzB_-(3Fr&k#}we^q!dv%K;jMI_DfGX?8RfGG1SaAj0ys1 zxtp+AV0UBLVuTOIu`hOf*a+_icwkg)5R3Iv$HL(Bjasv-{lu|gHjAWvY|T0vvMmg8tAY-aS6eRb}q z$`jDF?+xX3=19UuRDtwR&7-6TYo9)$AoMW6IE>G4`TY;~vxD!gd^{u;O^s@NuBQg2 zLFP=l;xvyH?kHpew3$>vTmMW-Toq6LE?INNDgM+t85i5>f zRmV4nCM@zT6ThQ{^GNd8oL|}e;P=1Y?Z#IA4gS*m%ox`I!m$~2%m+s_?)Ja)B{ z&0B`{Jo4sYtUnuXKQY^v$j{xHh;EVSS2MV%rfpF`SXnT=zga+!)c&y~NmNxciohi_ zh!<82N?U0zwjCmCfeT84Rn0FgNfxx#D(}H`uJC0yB#!ma-WnjppY^%%E)&yz^bsvd zu*KRfh2qaj@c*0K`Q6ZTPFQ@6eFE3rjIMXUnrd94eh}aBz-W%wM z%rPw=rF$BbDY99$O3>|XRer*N#0o2Z=gRpW0z_^)AcFA4Fu}OX6WPj@ne`i*JI#V&9 z+@tfhy|9>?t`23z0_IiV-C8Ys?TCid6(MuF_C(-)EdAW9vjL+Jyx{_1%e{?CaugQv zQwwu4pY5fN0wn>cXYZ%NOJXc5LzY!7HU=+$DgzPwZlys&AI9&h35fN5EEwVaKqNdn zh!H^Hw@^MsT@+v50$Xo;;U411j_2x^7Z0`ai?j~p%AXR7Eii|K{&y#sIJ0y#3pKI3 z6+P;%jbi*yNQn2bpt&Sle13UFH+Z#ySG95vW-+hmrv{G5ZCjKbPsyE=uKhz{N89YZ ziH+c&%#oNauM(x3*gNUOnLMD`2>v&+=!X)8DPmrgyCS#5iGZ***iuAeiQ2LUM3%$u z{-mnUIs9eACU7sVF zBAqpMZ|_f5=A<>RvqpIZms7xRN?_YrBhsTtOoPHE=Pi$yb=$@1sLqsf9~zx4O-z<* zYH&GmL@G9=s)|+Ad|go!d}tM z6y9w(N#7{bj62B%A0u#x8Kc}S6iO9c6|?2PZXS~6zc2{> zq_SId$EHN@1mw2w zLi0C`qT)NThF}|iBtZgeZME;DT4mlMW-RpqTa+Ld0bRPwjL#IVm5_oG4$RUb=G*j_ zMQ&yEV2fBku^MIECE)~O!O8x3(AUs9+ix1U>C&BE(Y%79p-8ovZCgh9u{t?T&T(Rs zseFdd)<1{(e<{nz)*rp(YwF(fkz03k8c;6+ATA<^Klf${TK=_IkgzxNK1^o%nVF- z_Z+3R!UX6wTp}9Pm>h4o%YF^Iimi3Al|lzHWRB2Y-syqqa1gXm5Og|S)1GfmT2Ptg zqOvdUnjsX$MNGdQYzy8(UG_Dv+a^0@pkY_Fihgh`SNo#lB4#o52_x^Dwe)Cc`@3{a zZI`;UbEAWq;JVbw_zV0Ug#q_38fiN)>&n-(TUUP)PhveXx~GPt$aIem&c@SASI}%L zDDW!ybD~-{v=Mr6&(S3-1p#}8pL+t#>Exw9ozFTqE3i|9|uFYwODRqQ^(1Ah5W&`Cmz3+&R<`-<3tQ^s(is8ioDm4`#t}yK+WBb z2F}Ya^0r%lm6)GpJd6E~>POsko`E)fAie=o+%)>KVQIe!Q+&(wHooc0&Bno-3exp; zR~6<&eRwi=K$+6bZ8H}HVYa~^zq#`l!s6~TgXUC8H!JT|_P1jjInjr@W%OPg-V~Z2 zs-ZSCO7(s0?kzTEW84gm9y234!g)j}@EvR=R`uHqx-^b5AE+lR=B`-TaC_OMzGPlv zF{U-5qS5##);Mu&7tDzmC%y+irozFe_n;7B-HX(FNQCz8{(r2U34D}A((n^9zyL#L zkO3n`86;{HL^Oy%P!o=T7Yu|b=TXDBOa@=AnJVos(zlCNpRoq{eHg>oyU)9ys)z#Hi)noy9h9+$8lq~h; z%&}umJTrQV+4`}a^*fim%zX@Y%gi7gF;7A#HCS=V za>aJ%tt|fT19j@K#rPIm@Cfat!Wr}owV)3dc8l-><;qNgbU7&AEG%S?fVOUY0wue5 zq?q0QFD|v!wJGn8M{N(66%yQe!=!aMoU+sy@6j^V$9-&w1g?0v zd#hHW{eogFKR+l0KX*3-Cs0;)xu`@vwR5US^oVj>UvfuPAdwj95i5lUI9ohW)lDtFfWfRD;?kO%f6ea6y+VKEBi}t~#JIm@9rXSw z|F?sPR=}6~Dm}5@NN8^z53BDn zDX{>9%`1SAj_-RkP_?D0&a|AB>lqE4g2!sfQ8CUe2I zaM%lcO&bYZtCo=5gpQCacdj1yz77lg>zus!>jmbH58!P~Nk7pNljC8`eTI_2xtD7*Q5ewt%4 zC+3jTEF^UJY**hR_K@qOZ>Rulq&VB(FgdlqGcrl~d%cB}{#JlfC!XzZkES-59rjDl z+x}t~+3~LJ?zSbj60n^9wmXrhrMm^T5?%^Oc7%2Or*Jss@oygrM@V37AzK*o2!ryQ z9&jO*?-&b?THx@)0KI5kmAp`}-y0mRy7eWdad1U6 zxl+~4oftJg!Nq~Ox|u^)cll^&7qQ_`vyc>7laqs;S>E#Gc_WN47pu3fl|6biO$|hp z<$L|Ky`?|q1S*c2=HIy<9w^yn*2f2!OR$xRwe&E^IocDHiiy#3v^&h~#Ct&OWw4d{ zk#@h`SLd9rQmLNOaQ=d2_jhZ15&uIp7bS99Az&|0uACv}Hl=H&S8N-><9-a5{d zq34_e(CSoqOo7EQQ+S58nKrXGNg#@un82ZLsN9^GK{a7BLEnCQmJGh1x0Nx|cn)ij z)EqU}xs{3}cDHlAhd!rC7{?{Bjtbiiq2p8J&{AbVa{;c=R44B&25o;nqEhXTp1#=r zTs70}&naLsY97LjCTd!LX6d4onJ~l=13JsJu9s#LH2cIL#hz`}e0GNva^_nE_&@-W zHw)qy#*FWD>6hrUdI(A5823}JGVZvQnl83AQ3k)#*TEG;B!uokZs8Xh|8aIZnH|*u zzlNs?PJWuZ__Z3wh4qOx^-Zr~%o8~J#& zEZ^pGrlvwG5G&Lz_vS%u=D6virVp5tRqoF-NL}~o1)c0?*S&)T=8m=0zwXpT=jUaY zbbc;7zw`6$U7k&s=i!~(WAgiolI0>Z#!@3wH4#P_&HMGg5lmoJP}*Q$_|8?X;E8bp zn*LiiazW?z6J4JD7j{lRsmt^2U7kY=JLjL(<@ug2&tG(T9(7UY@{7AXZ|(B@X_x0a zFYa7^L)Yid_!s^Bu|(~gi-Si=3o+brdaI^UGIn??k)@(FuSSt|`F!Ah3qh^Bd2uIr)(!9Sd}^2H?>fW3ZfBSD@MWFq zqfg?-hR_#?njjV}0G;pBPny`Ts__R%?g?U+0Pqpq` zy4Fv*QCc^GbQZt(!rk|S0-TSt&iE2XEf>EP8Oi&9!B<}X_W#HHLw|hyJa{t;OU%L@ z{~P?4m=dk3D}GDN&6b@02mF?p@!CcXf1UALVy@OYa_JVoCFV7K?`t=GSmkBCvFpiS zcMChoWmkDIV0NI+^yIs85#A0q4{dOTx6=4Y&TGrq=DXJBBg{JWPR&VfA^hCf2B(T? z+~2g`-{Q}Sa>??K;i1a+p3~lcCWs%W0Hg7jarI3 zyw9Y_skVqN2p$yTNH|MXB`kPLKOlm)Iq-7`R(71|3w+%2Boc6$ps3tDUd*vcEgGC5 zxD%>6O45b*%0Jd$jxqMN{tW^x*PH*8c0W)zRcM-%pOv4;Y(OyG$Adt=V`l3(sSp^f z;!#v9r90ZIl6?fgSM@}||DW~(R2<0zxCX%%n$y!OgxyOqH6tdWjB9AOMrF=))#IfNr?y2GCIYIb852YtC8r^D?ITTItN zPW36+!`>wDW>kF(ee4aqAF{8p@M`dZg}{5Ey45Np$)k^RKhs)&oIb|eB1#|s;T)>~ zm7S=rs{(R0XbEDv1VgM++a2JS!5TPr5?&4mKz#d;T~bz>Ea61iQjCOcOjCq;M{9Qr zVLeZr$p1oEr*p=tgtY|<+k>zyd3pC=?Jkt_CyVP{hs$PM-PKVk?0#7{d=T;?R5fLo zVx9Xc+b2#+kKp1eAQ2m&X&4pk1;Wcw5)L}l1u!{=Hxc=8zxyy?kql;cIfKuCGMdwQ z3sYFWqp<cix`Oy@vx*zvaQo7CK3_dPRoUH zN#EExJ?}Wq?YH-3`CAA~c9U)!iR$9dc6sKS`Z{yjEA)3;t*QR4+ux$(aJr(*yVm?= zlG>-0x!sb9d?&ALw~nSaVZyYm-KyI~G(`6~+dNQhbd^8KWEf$>`2gom$lUw--q^+X zFnuMyM@3u3_F7Ka!l;Q$%t<3$%?U@8+>VgwD@G>A2U6#j$T5G6-i)(t%PHc|Xp36p zPQTmfBZF+t|BZGEvOAHZM7iLy0KIE5!~8To5{A{5Jc8bq#mu{hpn>M+aC7v*GKR5~ zF)#3rB?YclyL>zJ5n3v-<7!2k=3;=SUh=x#3T?}dLHQrVGTafrG&{X?P%j1tA$7QQ z2NlX{hxuV_vX?m+6ZGs5O2YE(jh{O!yc*&Q(@%NhDN8yacQ>y#v0AY|DRc2-HA{-b zEDwAMenS`GfxGo0EH@%k ztIRC)3k3^v*q$hk7c$CE4wa6uNOJ`IbZ;F`xxR*CULV|9UuudDq%akWHR)jICt2K9 zqy89Sk{%ekfD0woqOkqf3lI@ZK}xkPEf@P0E^j%WQLp1Xt)DUi8Fh!7TOJ}W`7m92 zi{cS?4C>8^HqfnIhl0yDfvbw`u#vAmmPJiEx+6(!HgDA-epe&#e5ihvm|LCyzB@V! zm~)~Bx7z+I=#P6@t2<@ImJh_4@!XuHGFBh-m(w{gsW)Rkk}AufqCrldY`f=ZyBFBX z(%t_mGbLtDo}s;h<~d`2=e>Mb_ArfBlq-)7SBPdVWP*8p+;5LQ7TUH{^GkLN@c3g= zU*`axKFyx+3^&V_NCoCY_kj7ao=QTLMkaUy8Ud+#zA0~>vi3U-{GeaJ17Dp_1Y9B;(5j0(VmDZbZP}*Velf}+9+OW*|%=BUgzeH%~HUw2m zH$$PB0Z<1dbL>B5MEb``jNbUC zQd6~a9iT!vcdPGg*jhi2cvnZvp1o*)t^RTT*Rmc$+Un6#cI8JuAirJtVq29u%&F~? z+zR%M^q&4mNXrg>*JFD`_lFBXnWyFSkqISD9q&9(vbhi)D82Nn7$Qsf5frFnZhnM# zLryq)IT#ymqq!^GXF9i061czWuA^9Qe)>)xm8mMV#Oy%Ybk7(QZ)YmRK%sUnb5oT5 zFoS0SO11&R&G+MV_-VRKnr8m6-Le?(UvGYISzU`-BMV{FnNLsFVNy<d^^3=V+7HePR8R;9#MdQIv z)T2=wnMfQ&0dpyZp@OND>);AUY|}I5lPwlkf(SswMdE&nMA>*gBkRpAfCaNIGBLBlEnpIdI1(brt|MYF zYcH-u{x8ZxR*~u0LLR2!cntoM_2y2C55&#!1rfZMKwYwLy}8mIU8GFu#{t=X97`8R zy5~jorvVp2H`gwCK^yibPmoGqu&-GSDy@AT z^^K)I1S|7^%E^%Z;(m4JYu#oD4_Pg)+tm2;Y>m$W&nU?DlsdEhE*U-FF>*ehJf6df zQAqajqB=9{cx&W3)x>`y;~`#W!fl2*Kc_m&ZK^$FJ=(1c4Wu@T041zyxLE}ca3$zO zBX7pbwyeqwr5agE+Y<2|Akvo{BmLXH$s7Dbvi&;+MB;riQ@JACXQ_xj8*E1K^R}31 zQCUHHh;vsKwhKJi_O-BKctxkhj*X5F9Sd~H{bW6@H7CI2MXEf5jkR#@e^!2z>`3EW z^|HQDzj>f6)-y-qGik$ex`Y)u$8y|XY~L_UrLsuM9LTYFVct#eJSkWe)}=x%-zA19 z*@9NO6XMzK(Vwy=0eQu-cR+M9qdzaq^I!MzD%D&T;7i=t!+h6OY_Dg8KxcA<*>Z{; z&cAn(qEZ%?|1XN%n3bN_;m8d2}_#6~J-%i-8floU$nvIQs z*hj?%#+u@lKQxE~PHL(}!_{RWs+xy*CJw28VCA}UgWxtF*$mq{sncvC8Mat2QKtjZ z`pm-`Q_)-ldGY&xvXCHKuTmZ#<`H|5`$PdF5<*`9UmwJ7q`B-)s?fd>)?b@6lji6f$r?3#G2094Ts$upeYRc@Z@e z@qu&R`7jh>={{QB@l*jyB|cNXw{+H*ujln<5c5a%?P3m9r3#$R265b{A$EU0?Ebo^ zsv|AkcoDDGJwRH1_UFsJL)?QNxB|_h95aB?7fV=^XH!w@fEP z%-s5W9gvnOk<=71T_WwJlZE7cEsJ0*F2H&}i#Z4_g_^Sthxx%5;RkqCjWjnA$dLQE z(8os2E9bI;+1*OA2lokWh^Su>oOCBwSP}AWRLmT!&ZHqVPi3iSSw>At_h!~35T;eA zCH9RI_URIz6xa`mT0vJ_1gGz;H9y&*9ax^3mpsn-NJvuqTOB_Kn*W`8Q_G2naC*A5 zp z39!({{?6aCh+d$AQ2HuU$UZ}=z#9#Jvi>dVvRWb>3lsm#IYN#~2)xp$S$wF}1AxKR zwY=u#NGXToM$}wQuoXA$XgPLfbj`Ylb`YG$Ymist&GJX2TN2|@s%hR&su6KT>Y;_2 zTrFQBwi28=uN%Fx-5BV6?$t^-57Ga1h`ShdfUNfpVa2d9+2xGSoUxD4O9*3Ci#$7H ztbb*XjzZ4&p~7;U7n&L)5{5#_gv%mz%OyjkH$3b4H3RjvdRK<~V5`@Jhb5NCwb0YF zenLriqJxc^tImO*pa{4_viF>Mn3-r!fMa(5fsxECl7SnA{j)o8_y64;pQTGoGcuDq z7&w%!_!)z-1**{DXiJ=`h~mU&d%1S91b#E~K}9LbEA_w_o0<|T|5<18@hE%(~MkVBYvRx4up))B6w{*`6%q8XG}= zMFu>YHs}O-LB%}Qp~c5?<^J+ zLskfO5z-gLzZ>6{S*4WIhXe_Lv=OiraQ-MYLPg6|-AlH{p-$YZ+r}W4eInJ5aI2Tn zaK%t%FcEPUdRYl%;^yn&<`XeI#YM=o5SRalczUBWp5DO{Pwx;np57pdr&sF6)9Wko z^nx~?UZSV7hz8S#s*g|l*wn;u=8}jva*?PRx7dyx2D^TuY@v>y$XKl4?|&$YwbQ(D^wtaOkJke}q$Z%kj!W@fy8cF)EFwG%b&mFU zl(SN>HXpq0P-jz79KnYIV&5jZi#Egqch?teeuPqH^*^CvT`*o?A~7>Sfq&~jk}R-Y)@+!Le}G*uQ| z(PMLw{8VO}<{|^@M9PKo_~{<08UQ64xg?g34o8(!qeN3@Zogc}oel?A8)~3GA@dG8 z(5QL*OpAX%8cit?cEnHA&Yopt?YM_OwBR>u-hz!0U39yN{YA!uww9g*QyGp&n$JAV zjlqbuv{xpKaw1X5Xl1w=L_kQ97cO2Q0~D$JA`v3{WV4sn!JceM8+DWjyi(2X$5lS7 zG|AJd=pH|tuaRP$)IFMcnHk%(^9NKZscf}Zr0-y&6+3IPZ!Sz< zPYomQ67RI&@;`v3rp7=4_U+|#fp8PT_|F1kHWQ3IIavn--fNw;-k~5&CG4H721Gx= zJI0AHp<8e2!JQSQiVl==c%iv zv?D;PvM{&EB<1onl+5E_kt{+N&9byKT^=q-`px{u#M>~;T$Ka_kqj0Z@AA^k+A6he z29r8HytyXdy2>z7muHslXFeAbdo>0Yoio6G_JvD@iA&8H!)4aM823UlI*0qR$gGP$ zvJH!goG=tD-x0&BS@w-3=GI=yuo=iPQj&Qrqol!+A6@4f_wOy|rei%g*K?tKcwPIqcMA(zeHw5ek{&fCh0t za<|Of618N@um1U%b2lKUJ~wKPJB_Kv%+p#ECGm_V#*AEk?DBhwN8}vBBsUZ2Z`71h zB$r(hV&<2*>@t^~!z6ou&Hnbh{Oppz`B5&rxZ^o@2tXg8?2MXwJ7t#y;@Rc0s{-UU z$^M9DZ_H*71G^+}e}|VnF%OnEobm`3+L^>OXBq9q4~&_EvhT*ltK`Li?2AJvH5hxq z?2D3kx#ajt6&6gQ&X>rl{+~hK06OSKTKJ4PWvy~3m|t}&L#X#>9(6T; zO;?l_BnHDm`uw-P{ zubO`$zd<=-7f_L5nF*M7)iNsrhU|fW(H3^5kq9?%I{d^SR6y(H3TnKo3E2+aqqrf~%J>`vg^GlEr*1y%F7}^f0)bF#ZLCh-faqM9o%zM)2{N>UG@JS1BE6|}-Di0A7i=PzHfm~zDz~WZV z&4YiJc8kjc>FTS}0)4>(uZVohMP7=TM{mgXX1Ldz;PN{(?YzodkEW-!M;$Gs{Fm+D z@SE8FO^zVk*!|G?7b{)I%x%{SntUyjBdN*m_HXNP%EP2@Q(BUxqMGg4+wE+}Ui=Wm zm085ix;hVW?07)jm0!AuOALZ*g{PP`59xSU?!4k0K}iQDL7D#o=JMZl26N*@E|}k~ z*#pc&_5_nD1h8qpH!Q4rB@otR$gb4%0u0(Or?(O@dKGfRoVlX;7Rt@dSM#!JmjBC? zpY)mZg@YcNx?H@@ic*bXaoNB7L6@kPmP@NBj`m^L>k!UgX3Q<#55$GO$>!7ZvWdQV z_;EDMb)%)}BC^L#D|UV=eE5UW(h)iM_S<7d-oD+!r;cF4PP`z}6a8Zs5=f%f9Er*m z6lmn2jQRQj59~4W#+(I`qGp<|*1{Ca8K^*%cunIZpFiC#^#$3cm?vyGc*_>+V?#dd zrw5GI>hca=+*L}~>wsM0m>eZbQ_TG17ed@qWU5YI&z0=#s-D$bc#EXyYW}||Td36T-v<7p^Zrd_|MP``CS()5 zM0XL`T4dD4z&ExblB{r&a5XFSE@!&h=!PTAr)hWGWSar7ayi^$BE-s8gNQ=ZRDx*q z(M#C{d>~Xs{FA@Q3znY6m!$BSsq&}BsO-ldZ};}J-sYoH;(Ij6lniMqo5+fo+3>nl zpyJmCQVC2D?-3{T%RSlmt5q&HyY)<6WxU^zu|u7quJ`(a^2F@2EG25bxSdJNZdC4P z-p?8YSk;Wz*~}-}*)&XFbuOx{pnIDg8A6e`4|0C*Rjn~6y^EZ!0J6&`9ZDebwB(EwD>E(PYmU}PcbY*HxR8yW@Kuz zXwqI&=~Gtlk(`vqY$Y&@r<@msT2$B2Bm;Fm^2ehcc|_ChY6af2kphulfBBk>t)O$T z)9#gyU#vx!bS}z{3Ua73kG!hn;09;^&$g_7RplX2EqD2}{n_i8{vgBueB$^wB>0Pb%APWPdGdCvr-Y1X&Uom&Me68 zS5ljsOhID4c!hmQ7CW30{?guSgZ;zD*%6g(V<=TMhT$9Pm~8Hw^Kw6$mpf|q@u50p zLO`pSv!_om&WoZoc*W6OjQbkGI!kOPk!$uwiz^nWgsmx5<2pYprJ{Yb+5Ifa98E=ZLA3P$c^~*xl=yQ@_5Ld@^wK; zuKqwCeAn3eGwNw8<0Tx|0w|~P5TTEFcNR7I*acqXSHbH3j%=Adtgf;3-IuKoT+%XO z6vVkE&{7@tz_R6~zj6hX*IyCh=)qeB?dQFvH#{mAqG44Mheup&9JP0=bgQC1w>luQii9P{4 zn$1N*uPx_sOk^hGiXoP|lgh@(odjmh0Y5+a$=*L`nDlETx@+-CZF!`MrJvA|WDz4NK+D?yfianIs6M4bf zul|*fwRK`Nd>cQ1?=pCX80!1g?{C1)l~vr zXZ2B@zRO%|`}5=U;p+sHD!hWtC&|D)yHN(D?6kZA?IrJTm6lCF-pfkNaw|t4pV@Ap z+l*)Gtk1XE!r^M2d1aZbA#x-N-4Sf#L2_Cmy{JRBIL;&47e%d;^=v%Y%7z8K4J@5A zky1SqnG$ZfFeGOpLN85~-4N@FZTvS?2fmLX{=tZp3hBWxpIA_sm!J zzm^5yiu6&c>=(kaFkYA*O6Xp{dFxh}>JmL&-JSDcHdA%{Y=-Btw{?7Vcv?5;@O*UU ze;J-^Jf5$=Qeu_cj8A}Qw$4l@k)qt5{apb-W zq-@$s=6t~1Q>Gn56tr8Ub%F!a^nE!t3i&P9T=L$VVKg zhEQ^h^LlpXUPTTyQ>4AO-n6iY$t872RY*Pa;i6Y=kfs74H-bgZYTFJzL`?UfKQJvaRH&jrvr9^Ch{Oj9+mcHP16bIUT`{Yz@_34R8KK z5s*Ha;@&B)IQ2)(=_S%Mle_UCr!YH;a-{5){XJ#tP0P=%mY`3|6`_{NVU;)MNk<&P zCiWdq0K(N}vY~*;QtehpP=w8;i{kth*pBZ(B8=CWm9r z?Sk$$58ZQrL0?%Xu?|8dBawJ5yQ%idpKr^jXJ(RN8V+X&LoUcZD-YQZc*X1`Ln~)h;-9<6n><6Sh`NrTDI6 z{>0!wscMe?I8hMM7W*mZ3dYb*=H)^LS6j$_xh*$`h}S3Gsk@b(gy>+{(DjftR^s@D z{-g>XR`}H!N;1DoVcESk3X?3*@7yHmV($~N2emp+7I@7ZVVmh_rz}7s&t(ZV!a;St z*?Omx7b$49+|J=#=Rr$L5%V;d%MH!1yfpUKZZ}^3o1F>s_oy5tbHb~;aX;slY+1)E zd%ausP?)7MO(raM5wOY=AG56T%xjcYwp=0-V+n_`^``A+iw`bAuv*>YG!KCe#fs6! z#jx?P25!vyFUfd}tw8D@pM_$Hnju0WK?{Z2kAr(F^&=%!`RYLy2C5f@8OlXJ4R1~Lwp0`y&U1JGC;@uE;m3TOIX@o;5EPI4Mm_Hk8l7W>dy!` zV4=|AnQ^x}JWJ1WYQ54T*qMXZs^S)JqeHzC|?XJ=3ORrfaIlvM0Zw>|2evOSryur&X##BoJcGA zMmH10V+H(Pz;3TZR;{PDU1y4}hDWfXaM%%Cek+aZQAIwg`n_UN^=3-OHE{r>5W#E) z)p68p#H3Tiskd8{3wwc+GYN^*cPEMX_t_-rTMYyUO4Qun#rZ5us|DwZsf9|{W-FF% z+L_=rVmoRNP;`#W@4$pLBSaN8z13Am_O+`|=VjAUTr&4?h^BH*iy(knI9dxsRg`nE<7= zq{`S+QJHyIE0Uoyj1jlOtUIS*%FT-xyfFMw*id4=n->3o>|Gepqad6`TdSCeWX zyTt2!V?TTMl-u!($f4p$N0MK(U205;QpFf1l65$ShJBb1y7-j!NlpVUBgz<8Z~F@p zDE$$EL_O#0Aka|${U+!a2@i$5MChliLZX?>3=B9<^rOW<6z($gGhGAH2gW0yV6>^- zuFqsSCDkJy5skxEJ<1SbJl$FI7ki_~lIwt#0ioyEBN4AgZ@7FW5wfasW;6jTMQLf- zoG^Ms5z#^L&dQx%E0CH#ne*fwK>N+L_H}2D zriw9Z|IWE8y0B{0lLg8BvI;UWTo(}N*g+Pi^!_}{jsY|>0vT6*=J(9pd3NpOF`Dn( z8u6;$Tqo%59@RyU`0k=}F*iJcy$WXYaFf;bK@Krw~L2rS1_u2jf^_@ z&yiJyvP4g7F}kmM?l>-%#GV%{)xD@#0_&ns?KQ)UTA}Oo9tK#JtAkBWe*~C#DE_@R zW@f6&6ZMW5mvslL!Y#y5S0W)8pFmu1t`NOZRxTAA=XUDKJ9IH`KB^ggTnNP&DbvqC zVOlqfM$HN+Jjd@Pfc2@C=buFY?Q=;PJlBpR$q_T({#gd(cI}=2nCHntPLarL&Oh*?!>>6bZ}=LTKHejzX~Nbll;WlD+{_=w`rPMrtUDsKW}T)? zjOsyA>I*qrb+(buG^v8q$8;GB@X{>|im7u%w$3~9>Kx$K`8=u6WvLKnS+vf4PaAd> z8|sY8mb@pgn_?Y_Tk~2x)@@OA=hzE;A3xHZr#f06eH*e?71#{qQ0L?!LFG1NBlBc(Q4ia2Ly3;ZdsK!aPLyRI0@Bj-E}sm4sRG9bS>RUVnrVRNy4 zBL`C|2}M~&o_thRky-7IC>InSoL6tA0m!VIt(!4DjS{#~kbkwC-;>@rPYILTtmVC~ znd%P^h}OdEBte3pu7dLEdf4mw3a=?gyMBvp?Yd_a)#>xyVcPIddG=wJ^iz5u#4C!GpYniuvzjcLi0Ss*G;D{sI(?vP2+ZJ4Vpt!=c)w}G)OIU~=q%DHE>j6g z*tuEdkJG40 zYtT+UL>4dKuiboQwwBs~15tkbL3F6WD0?NRcZ?znWc zOtgZm7(#SZ@YbD9cWI--*ZSE5Wa(mjeutQDTd;lxpTvG?foyTo=sa7Bcpo7?(~jL4 z^V54|!n{^v`n zH?h}%z%7<;vFB0Bl+M0enbMOd*cCu8vwU~AcDAAoqP?HGgpV^9zkNWIl0xPpi>|ww zALgJ3^XXk;9;7TKP*mm?-K!IMRC-u|o?rC908tv{9mh&4qfW5Lr(+k1@?UjIO1gSX zC87f){;zg-e#!!Ib(ypSK<6qzH}imX+B_oe1e-;(OceORsw?*$qZ4R(GcV=jaSXfF zbL2PM7z_cFYs;QSkJC$`QS&!?uC8@@PZ;%$vGu)#N;hf_(Z63EF4z%{Jk+@q%Ci&g zI-pPo1)x2`LfauS4)gs9lDyqLeIFGi{-bn<`4w!w-O{d3j6--0n=0YZn|#B$FE=ht z!G$i1I9Ga2#piqNJoB_-rQ&5jHCKp)DN|YuFk32KX`NV9wEjO|LfomX!TVlr_4TUU8oX*dS+CqJ%HiP8 z-sP{OYFZh$ncS-!F+W_MRTSD#_FAb`rI(^gXB`x?4P7$ubCHI*S8bs`HC=*KhFc0d zn(RC04<6jwpKPrt?FloSC3BZf9$l{(Nzahm-cWDM@D55MH263*YJ;rrkgYp#!i_zI zEOv|Ur7$GrkVNQ|ykfc@vWPkJ-yjB!g|NSjrw|@-neKvW%^!B^+(~UtAK_e(ZA4~K zI%xg7l(>~IyFhodt?G1>H3GlLxlnfsZhPg1n|YyIKdWC}%S#)+tla!Gpn#O?s?j>? z0&u?kDw^zK9+WenymcNqRUTdxF1cZ9?lb>>p3J*U6nL{rWEED)*oVH@j;HVZ2r6BPz^s`-_?-aKq0r{||dCGx;YQ7(LL z;w@{uRcGNm%zaH9KGl*uT$0b?DY$lG_ai5ETXkZOBTp=9t@RzSg*Syqc0u1eSjCQh13=$>WWt^S?>(qx2x!x%3YWAoF|9)r?gwbUi76PM?#Io zkp?0w_YbZu+_80KO<{0twf^YFk8V4*)~>86n!z;$Q8S0eTGhg#a_6N3!AyIT@kM!4 zw2AZj-w9g$^)^BSXTQ6@1ugP4Jj&B{p6EWEC~asNGcS9oQdR)Y9CiOE`13D+Sn|pG zILMI~+@JRs{P~@<`tzT|Zy1L1=K$njR@?)B{%&|bk!pLJ*@()w$rJ3aH2|;JDufPh zC8&syw_kS1fmBsVW-I)ulgh#R!;Gdr&W$KiYMvbmI^8Y$VBOj~=2{lyp2SKlHp8D3 zP(+SnP}*}ayw*Pt2DAt<3x%9@2B?L~!Tg3q zSk7!!>`|bcAA-_y{C;4gA0i;o9Kp8<)izZOo_$0SV}vaHAHl?=eNj72%GH10UY(KT z;)sE#R#|!mJ7a~pD8A3be!18@@q~+S_1=(aO1z4XH9(JFU*%Azzij*SbL}Tb$*9VQ z_>@{s8meYE?{`{MSZHp2A+`8SP714nXNcXVpa)! z_2!cz#o(T#mWQv=z?bW?Kff)dH-Q>56J2?hqJ{35anjf`(ioyIfPL9xx*o7%=mkKmbdi_yN$vMl|a8$TD=`+Kmrqb4PjO!ap-&r_}vG6@-Slt>Z| zuhd?2;Bu8Xh2MD0qw;nd@YmBq`5rAi;AY|!exP>CC!1}WcA~EMBYJDvES?N2T})FoZC5^~*PsWT_r;fe8uzHUi5^QE+^soKc z8JLVGY5O{|p|Z4et}>3MbuLO3qdH_=dCO_pEDV?k&c2RTq&G{r?q52jJ8$_mPpNDt z{A1Qwa?@&8F48w!r87MX(D}+>{{1M59A>2B`+2djfifq+kGRh~c9%d}j+JOWef7;2 zKbMH8#pWT3!*Rt{)g8(*p|31GmgnVPK>nsZ@`v;3@q^NQdfYc#xF>!i#iqt940&bg zv1j;Iq5=1q*vrb}f*Gl>@$pWbBAm zbJ0?`xJtgezKBUM?A-FIByhBcKMJ{g!3BOaOp-Gh{IX zf@8$-3*;cnZ>sr@nM(eGXV24HIRUHKQD~PS*b$qnB0|bMMV&Pd%camKG$N?n&rhji zKOW?}j&DSb1~2|AzRkcPikE{xsF-8#-x4TOVP&D8MOvhq0y7v94ZxW=+^{2m*^jEc zb3?BDVQ%>Yf291s=%JlhJrRZStI1-_)>lJ)dNj=h?di%gGSf8@qU`yk+r;%v$SEnu zS(o@F6a{Nt*j(7y@2ZJkFmS)cj0huT|3u$4%w7-lk36n%cTGKa>1`>vX$w z8~qjuepFna8L;@GJ|R20L%n)M<~?mlvBU%{F@wFj6TN}IVa`110&W0S*veI46SPn6 z__$Z|$(5n|IBgI03OQT(WA0t52!Vft`L~tj=PMJbfnA5$0wLJ=n77h(M?CJF5}BI; z(-&$Gwv9bi;$p#k>x`_v>{&G$Xg#-3GuN4SFVM4Hy%n%V!nz_D48BzdzSO-ww`D1- z3MYRnt`N9H>A1Huik6%qUYq8`^RyN<2E`uco=YVsX3yev`Fl-+qh_z8dcLC)kh7!f z+Kf2Ui8tQUEi`6>8QD}?~z^m}4Bc*v^IxPA=iD-39~aNG$^3-(s@8}3v@jW@sE`AtHCV#F4Ca=? z1_-=znlB--lCE!S^-Y$8LIFF!Qyyk38ha7FKk;U&4I|2P0tlXXi>2oI1ltIiIDx z^pCVc&Tqf?JQUho<@iZkGW8Dhj7vy2fzKG?{YqjJVThF5E>UqcNPO7H7GE|;V|K}Ef^mGqy!LgIcxi4Ryt}7= zo>W!^&?o8k7bC3H6|!=V;?-#tZ{q(g((oA3b8$&BjsWI4E*{{On6~Wayq|@!Ctgv- zroqC|@dkS#=i_W*Z!>_AR|!T;W$5pI&L`Q_YArg{EqWVfE&-ufK(C97Uvv zEIm~*k>1QM{TKRDU@ccr^sH4;a*o#bD)@vNI}Q?1#QXrfMCj3}sGSb}QV;?U3pW22 zNs7Lf>TPp`5h(gf5IBBQ5A?O5E%hS2YSW4g?4$rzmCAU^{by4z<4XyXEeJMWOdS<% zK!Wej(gCX`6=%lxP58$5PIf|!4Xx|NQL(3cdy%;2NGnma>@z1H06PxcM2ol-c(zDa(*Di~b5eus|>tCwF$4a;`T z2`(397eV$pC;V%78rVh!saLJP=gc~DuDp{CeQ<3s_-J6-j`g8L{~hc7$>QMJsfAVU ztK{}o{$;!7Cc@1`Z_;PMZsvPNj2oC4;rS`jE7F1e@rf@^#1 z@KyVh{k{7WgKKLFYvfhpn`xC_B|w2>2qn7nl>E1|Sk@t>%D^V9kWAlmTm~m=zZ@+r zpgE3mCY_Io%1cbQ@tqdLMvAvq7itaYgXdFtYwH4$L|S6L&661>O22|Hkl^7Z&YsqI z^!XyiqV+S)J&-yWnyS-#3>u`%wdYLVU~`e63~Z-fN^SaIu2PA^sA4f(A9OJ7hVs;# zfwE5nY^+&32|IoTY#^>&#wP|T-Kzds2>Ui>ZpDt&Ke@J1n*XY`NhYW)P!W^b?#<2R zXK_evFZ$3bEsNQGx6bSI$>c6I`)O`8tP(nO>zTSbpxM)DCgycjqW?$f+_Yg*yK_Qz zFwRmIalfrf2?z$K6+Ztd_<}ff$&mnvm)lAKbR?_)^sqwzt ze|hL`iTf9gIycKw*3DF)$ip?gX+vq{PEH5g5{R}J+E@UaC;N5ab|en5i#^SR-DXs> z;@M}PV`ldm+9~=HrDGhhRJ55Jf9dvUR<=jybR5Ep@BB9V!gAFY{$#mesU$X&n10u} zT)zI{#Isq??%0lLmtCMhf_Pc^ozRm=;D}a#xkPFRC`MUINn;YQGPAXSg-mUFr?Ark z8+?+&O=hI`a-FQQ-UCgnlT|wJS=tgw8D_#_e~It$0&p{bd3aiKAB|VT>m9ynp+rCB zEs~J?Mel6Ja=HseRaP70gg8s9<07_4cZJk<}S|427EBNHMP1|8%gXXuqYr!Rq2lfj`#kvUP93&c>bF!m}>j>u-Xyn=Y%_}5~tM!pX^u#XXZue zgdOevWM%Nl_1I*N+R+|K^kth>qf6iffARo|hiV}0DJxIvDSRNWE-jka7<{q^RVNlS?LR| z67#-tP%O>v@J;n6p6lF3aQVT|Q%%PZ{@xi$oDRUi%dSwG2`=9Y3@qDqak7}R%Ln_e z4ELPU!JTfIWxE#GSH1Ps2m0y^`^vAcUgi~Lf@@!1wkr{w^t!%$f|qwvD+YqpS{7XH z@S~y)!+R0>R!uG#e|fSG0~fvmWKT{H7+-E557EaS70-yB0v#GILQZh)o=iQS-xQdaH9Z6)DqiG#%|F9G=@ z<7Bwg!REj6tr_h6(2B#=wqnT}e6mP@p;BrSRY9-H^}*$0s5r4sPK-vHqq)&4Wu#>| z9jv+sFhy3%Jdm!GtSl5`3q7@dA)gwDJy-N1G#V-@o)I$-ef(`^)ycvs*t?eu``n|) z8cR#70*AAM|I({6^_39O%EFE+&gbQ2M~u;BG?egaI*#JCBiF82;bA_Gi^Zk@k6Mbc zHic`=(2ryeuoaryFi#DH>?OszQab6Es7j{KCSOl1kLVIh$^)m`m1Lr?7NyQ@_DT7= zR|PZF8U72{Q%iq#K$+BpIkTNn3ro`-|gn-LA! z{hR8F>dkk@{vg&&2Qp*poi#H9p_qA$>gt{Gv=cLb)~d^LaUQ_8dg8ZCwW|c}n*7=Io4Asak zT<*K!ei^EJI!z;}taPuBKs6gq+}C_6^htD&#L0xP`ie`A>djpqq>TscfG30!Bh37p z-OX#$&Wn?S&Cjmiol&o;v|Q()heh?~Jva-~OI!ky=w62YM5(df{7GY4`%)W4yg@^A zDETr+709Sw1J)Is>5I`uh!4n`dN=87x}!q7*xwUzm^hOX1MqM!eb$+z_h2?!+OKW zy32rmSvhKbr8jCJQ_2z`7;5{OgdOZ#qW1o(!6QgNxhb0sIuU z$DCnMyzPI98O>mNdYg$5y)=Vwl)32xlm*=G#(IIykT1HaL)%glaD6t+p=S%;WJaLi z={sAgBB$U{*$^6ykEqQIxLpt=J2mLhH|(o)FU&03C{xzI7?AngNc>}p|J~miPM1KRLr~hl8{__W+Pi( z>v8zz(!*~Nb^~V4HwozZHutH)S(*i)8tN-HAKj$1hdB#X^=3$2UI!q#Eye>e%m2MC z#x3@lc%}9S{l)kaD2Kh9QCHmSJCcB z_eolq-rosp(jby#t0-Zj8{ke&8{l)vqhjWww{?y?`+3NzC2&r$d6tb>y;DZnI>!jJ z^_d&5k?wIqBrK=%edSg@y)>1t9}5W)mJ4Sum+4<_=aL}=2DOOxu}*}_kRZT(s$5Qh zuG-P=!^QTWunjv+F5=F!Vp9n?F$+jHQ>=hQT+AZ}gxIe>wn}z);r9AEM&fGWzhDo? zhsKkn#wqrqPFZg`29p{)ek&dPf){K+hs$Pk(Z0GF9TjzU^0v-d`B>kO+hz~*>($cv zDjJK(d8gX!)woTvp549e`;55(qwbFCf9}pO|NX-HlJgChUS-S`1l=-s0(E>OL*Qo! z|AJ0Nr*GrLn0XN%$N}wuwuKx_v{gmT3xzJ5h7t!kQ*{6z8zhd;6}QUY-@zd0T)Z$d z;2tI=ZaCegJx0)7VJ&@q)MEXa1@nQ*o=XCor-YCM5KQNt(k@m;5hb^vtQRtY5cK3S zxju8qCv}mlPJ?hCa~e6=#xrhc-IThPo~9|covtLG+Q#hZU7LB`vgolg^rf}tKxI-g zQHM#;M5=}R7nuDUSae$md9kR(Jg6Kb0PC7NhxTMCt*JyhTynEmctWo!-~E(F5L;<^ z4X;~D?-zr%;rCNUnJ)!(o0R<{Jw`zsY?jlzrbhAVJS=tew8i^*@+Eb9^^UalPP^GVOQ9-#Xj(kt69_Em1Yw6D!qnalS+I0Y1fOF zZ2SwX8GO|2Ye&vqZMq)UX#5q|wX`BL_SmIzF4;7GT|wetoGw$ob#wx1*lMYvKZ&)O zQR~bm#kBCp$dt-smpq4S9{#WpgJqig&!ah^J2t=gp3ZBj;lN5MhLff_?b^`MR-fuM zH}prE3wq7nafa3`O}*6R(B9r3u?Z&z*iS_p?n<&bleVGmQr%%gsb;`i?5__ik@fQ^ znVhMeDB|HM!RFZ_#)$e2fBt{y`XuBrffsQEb|!2*V(J+SnO6ZuDk3JJLrG>DjcOUT zd7|pF+<+qHg;TMn7Q5_V^DcmhH?)rWGq4nBP28VrN4#YssKcyUa-8NSeKkYKHPAAV zB`nyCKSBX!Fx!{zo0{ma-aKjLcT!7gA~t>YXXOh^KE#-{X_J^bm2Fz48v2UuYnZ)* zMb7B18b!HdDPl@;{c50Iif!_htKNLrMv0hOv{BZRF=oxXAgSJmV!pgJa45hm8(R=; zK9C|J&@US|G;vG5d4EyIvL%ORdMB@Da+k%IuAFperqwq>yF)x4+a2kPD3I8Pg7czH zEj?2+3DCc)x1Oz(BY3e}944rA=ku~%y^`G#WG|Rn@#eB!rv|TUU+J%!u&TEl|H=Xc z{f|PmRQYA{C(FhaB_YOI=2`OOu-qox|7n?O1B?eljhTP`MKA-wZb`&?_@ zw?A0Gm{LucN%0HuM1JKn3~Rsl$0qDy<;pD%H%+g<15=j%gA8x2F6%Of_xlML+#iGH zHXufoq1IWPsjhwG}c`3&owtW7mYrSC@R)>bqQq z1YgB#!G#@}=4K&@MZStxC_LOPyzi<)b_fH;_e%OU^*9wxQepMV9;@sIVN;J@6KbgK zwM{jd-canYFErZyaC3#OpK^hhoY;k-kWkTQBBNB%RgL9T$yf%jmh<3x^ZDxn0b4Ch z0kD1zwKu)M+rM{xDj14k8Z_|#B5`$rifnJKQlUWw3)iU zKHG>7gXY=I1^eXGW{ky89OPyG$g@$of~xM|bB+6*PfzT)d_~EAfPr;PW?`wBL!e1; zs;f6}c1aJJzr5cmechHDI`wB=bJyoC_<6YVvm^Ku(aRjUkNRTd;YQ%pbTcq4X%foO z5&UZYZa1IVPzw}@8U;N|wCEdhw z`Gx*8|AZgUFX`r>Tz;WX&A-===a+P|W3Oy~1^=4=Jq;n(HGqgC>1I9?6Qw_LkD-?)b?V1_ za-gJnbI7BgT>7(}(_MPWrT?jOx=SCq^i`eHU3$o+$2+IHw)B-nsNcJEyzj zn@jKAIo%!4T>2+vo%-*NUoQRG>%WSogryrBXKUIL6K|aBI^S?3wQ3&!$h?Gu_3X zO&_smx{E)XUc6_zi$9zG*}i+g*9ra~Nq6yU%ip_ac^AJnef6H{E`DwLf<4n+{Mz(s zd!&o}E-HB8Cw#wwjJ$k^THX;|@4t@-CDoa1Dlu<>t_C^A7A z%OSknJoKmUGqt9bwLNO4@EdC?5hpd+MRzfIYv)?!&kiTlGa4GP|C*1)O?hq-n9bL0 z)DiJ+sv*{^g?c(85RK9`>P0w;pU(Zi!LCfa`O=j!b2eA3Ipe(7ToyP{10w!VDbh+w z%e+v7yPs=!4)k)_04G;bLwtxC)hZ%{*z=L=^jPmeZ3T3iI$&7-W7#0#tt3?jocz2Rao*!+e_BQ|jL1$TXqL@;HW zV6l+j#KZ8g7;L^*@+~O~J90^f;)4sbrs#!P-L>Q4mZcH_tUL1~Vh+F|3jKv@MTskc zxmaWaZgW!tFe4DoDVyN^IEnIDST8#)-Y(7F2*mYH__P1QYslW3cBRGL&XnR#)Hm(U zFSA+1&eCzSyl%7TTA#ms+jvkCW@RY)2XNkG1}26`THIh)+tIMZ;d534TCc(D$R=(RdKz! z@l73n?T{ygxKQhO3cQynBJ<%rC0qGL91jgK@8a1GNvU`v@CGcr<8ttxo-HAfFo&4? zawROhXJ<3?Xq^&}o6v^4@HSIR7T%*j{O|CZxESupiNWE*CS&GMtT+|g2i?-rOoP$LZC+2!X z^<}6l{ddzFBN^7aLWAXP-+sdTwb~ zZwDC0NP{!E5nik+7E| zsG>f#jnke{Co7)l<50Age*`ro2epMjWqV>4Cr14=i;okdw@qCeQ&$GH)~u?;^;&II zr_`E1qs`PnVX^wn1spmRm^oSs&PpIe^W;-5p@_Sk#3d-HGvjQ_+>tPE-?oPTY~wV` z+(15SCoEi+VByl6e%hN7ws%sv>wGvO>*N%WhX5utApSm0i^By8jK(<9jPP;dU2q{lcyo1_77EnU zB|ba-n=F6n@0A^xBt%lU0S`DXPzjmcXqUCll7#7kOF;w}^P4+I(OvS`un$6b+4dg-M~cUNk`1QD4v9o?R{^EeY0GlnY9bL1G2u?Y z2wg(p{O``Pji~sd=I~#GcNtkfH8psl=AA9sx-QbXwlphhTw?A-z6u|c;KN^$Wm8%J z{GogBXX2ZbDSKqn2fgH$E>5gMrv2Xp5)h)b=6gsOBh6FGWJthMaQOjJf(vDqkd0b4 z*C?4Occy|kE?*(D=2nqb`5Er`Txig(`I%hJyJa+`=Ci381ncipv=vxpu=!0%A7G9K z+AKw9`|Z`&LWm3(Qi+0tFgel;$U@pI!%iJv{W4dFe~&so#3DrNNSvqTUvG4KnwUe` zNAt?&@b0yLS+?xqTJ~4jvV+|ru(3~E(p$i2AJpU$Z$mpe_PyTk6?*x-UZKnR9>!-k zpQrf9$O%0KWICNGBi5!Ph9)G52IOlQtymbZc4Y{uC^udwr*hm?a*Hy6)K=!d;D3fc zeVFF)+dO6D`TAz^Y~?K(L@tl|)4jZUB)XUozrX2(K&bTue~UK-WO#wMk%ph=b0?o> z`JMMKb5s=ufaV*V2&kFKJIIk2+{dvLH=mVXsz37I`0Z{{*F_i}v*SYR@5)hIji@PA z$ILJ;0P#_?t_rg>#^{_%UQgs^Q8w_#x5=8fharmvZ9x9f9gCLI?f1}9xbwF zclSE#h^e0HCNxfRe#be26TKA)|Ch9{k^dN$Yp&E`k*?c$z5r>6ZrIie)nZ-O=_W4g zHr1aIBZH&>!fwFS7K2a>dj!B|5-;f8)yOAL+$UACJTARUS!XFVQYL$WHJw$PIMY5? zpc9#RnRB-X9Ysc&XU17gxk43ez7W+OuK2^fE16emL0Sl|o=B41U7hRm$y2;O_jVqp zRt=4ByK^LvQU6FjA(_b!-Xya%q$DeMy+w2hZkkl)E9p3Bpywnb&w-AC+2@$~HTTJ4 z&-y${R=d+8$m)fPTO#*e0anK@Q>-d)09y>}jo7M9p)bx(G`4iC=1qU63Aw z?M(c_m|3vNQzwT~Y$KDsT1L84DmKHcr^zPaM#(f$qhv7M2Ddb7gE4dX7S(^|FJtS* z2)(ViK+jK@Td3VRMPY(Tm`{#7O8HFUBQ6kOK2>}ooSl?$vLNp8V&_)QXQX)r@S%;C z2Fzav+D+BeU~`J4m&X~Tjp7U#@+;~7d zz>~_xWF(eUm06%D+CogjsQGzX5yksa!hqX^ZlBGza-p{JqE0L;5awFZ3GOxI&m2Jm zRa7(H1hx8ewfc(A)pwVgU*}Ky_ppV`!mzmtUls7AaJ@khP%n~Ae@04n(&jxCnIK@~ zGkU;ig&i?$u+vP=A3J74pUPx>)FM~k@>kfrg!_piq+T;YQOX=>^z3^@L>pyxOhoL& zX~i7YM~Ll?XCRAhGOak9x{tzCGzq#oPJ8kzTt$d~@QI>}d3>=FQ>_`YL8u|b*^V!j zPWLA0MB}qcK{5*}-mEbp+dKkr%h)Alqk_$TW{g?2uQWMIniTrx_(|^VoMSgAF4f5h z&%8n!40p81|nD*13~U9tv8oe zdx)8Z^lpGtZ)ZPENJZ4r1o}o4Hir)qAy|e$&csGq5t(17N*9eYr&8S+T_SMK1jXJHqA4Wgz6o@TjS0vDbDM$4%-&fZ;$4K*gEAJUyR` zrDj7_7GmiFP#+1@B+ZsOw4zZ_Q>+!is}~P36Q~HVQnnyqJ=dw)pfn(FI=%sUdh@u1 zrB($1)yjQ15%5)D#y$NlHVO7W5@zukWs=If%Y{kGQ6o4RFS`fyspi=Oghhgt;L6{S z#5?rM7^OLrJ)}f+vP?Ki*s##Q3Pr3~91ckZ9rsFCrGnKz;U(L}FmMhB-moA9z*IKU zieETHMuMMb@%=}tc z7;qR|E#eZZ<6hKsoz`?OHBm!_2Eb!Cw=X4z$IK!UW9C|$=)uRl=)rkXNxCnY*tear zStp0LK!LK8WY6*D8XfQ1^g^cpAVqXHip)0es4NKi1($Qc$PKH(?V?8W?eR^gyZ2}b>h2Rc_}SNtXR1v^kZ zW*pOw$IEP1AqLo5EDG<=lXuo7fYyvAq-4&&ZlM^FEMX`AaM?;yq4%=-C>@fs({f%A z4-PjCy?^5xE7SN}r=;DJb?ycX{!H$bM#9_jB@*6w;f`TYB9R1B3uXUEMWrdnkBRc~ zN2m)~uKY$s4 z-Y?}PD3t|+^#Cv;W&xJ?7*cBsLL5)7)~O&H(o(tTBryT9<0=U%8ke+tb-j7 z(=DgLYbxHOql$__lxQ;sA^^L1#lSaY=C^8x1g{4uUQ6rDgTKh(mHYk_uPmvw-IUoU zd5R8-EDDEGR^W_aU3OECEXLlYdESO3X_6o{V%lz%Rz#9)ZYPy@Ax%`E0_J5JBw6V8 zjjOdUdFy|zc@J?|k&rxV$K*gL+29mnmqR5bX3>*Oc~_NI>@3dq`MmUW1pyvXRBx_) z;@gb1Ou>isESDcBH>fvflO_yvJoI#(fH8`>R0hHd()&6ivK20Lmhp=9c4JZil*mB@ zEuVTj^mKKZ9>Vj2iNf@j&~?XQ*x9rpA$ywBKkF6xg3tYY&gC=x3%jqe^E*byPV@V> zWzvvNaj8}X$hL}ShzX7?fw-8xr$H~@5P>nmr|kc5_BQZQ7sum&0!KK)!5tX%z@R}Q zMu`#ylqWUeA;gOGFyw-w;8XGA6&2x5Kp~(PlyHEw)wcTWgHKhf)>_*lS|5Tz;6apj3X+;3UC`D0PTFSoq`HGJTd6tW4$0KDbsd?siYpD>FrVL+sTJ2+WT{e9 zBg&?5eW}UMR+bo+Zo5Z|IM4?_LuSM<*R&dJJc<$=(M0 z%ShFm1Oq|($dAydS6vPOuq+p|!@t!it4sZm+FH@`ztrmh!T}+(7X_MlgiLS7uze6T zE@AT<*44hhuJ+HMHv-B3yw>G_q)xq=evp*FBrlZU zuEq)criV0HZvM$MgjAa2?8sDKs7+3>O_C`NkU0d3jij>QtkR{MS;y4^wkg>XwK$c_ z(GR7<=0q4m6#+E7lhCQu_eV6}CB#eKNFE-m!iezyt;`wLH%>_4HV!n#M9n*YV?7aA z5wq)l3kXmB#G}q%NV9`JKehs@{*s*sJ&|5=4S+)#o;`aoQ)aT3iRYHd=@0WqCM~OU z*xakDYe$cdj6L`kHSod=VR?B>j~MCI=c!92l;Fo)v@!igi-&Y-q{^x=12cYe!^_+> z+cS!kO3q~^h*kz(tp{&Fq6dtG`zsuFf+V^|!XB6QBOU4#Cdc?FQ^~u(xt0*yi7fsB zvr}&ob;MuqW7MZ6Ap?06E$_|(%x+;&lsT;j%$HZl4_}j%;0_qq3FNNQQl!(A=;4Yj$Qxut?bo%d9y5&!nSl=)4FvPFL<<&CB+@FM~_1og3%CupzTh zQ;V5KHg#Im{L!6nxJx8{?hMS}G@morA?A|#LTS;d(7ivCqX;V{8U4(~f{!?)PHtJC zA;~F-@|Dta5K#iQrY;P~#meK5xpn3i%QvEI4kLlWC89P|%0J~12^(T6u>Puiil^#K z3se+AFHf0Nf?1n9#v%*OSZ=RQkYzIBUx$L2{MLy6$4f;2;3{#{PVV_8ew2;sA6zA; zs>wZj((&f+5u7Vjy(G>mp*7V)>FVFn{_;TUfPgMWwSa)4D`M8)AMJ%d}oj z8_o|i`9IS9RoVOi`Hw=gyfz-4PCF%;l9Sv1#buQoStwsM?gYDZ(JoRw8Lj^2_eWv8 zlds3S%Ym5sZY5ENv*EBP&OZa-hSUy1G%r(Qae&*}Q_{y(o8`8cD45WpME>f`4jv+t zWkK#;-7U3W)l#yWATDF}1vGcfsx_zcn|d0xv(EfV>axCaT_o5zAL`Z$fQ<@3BnVDN zhj#z~&T4XYS1}tuzq&qG9%%ghh;(^YY?N#^Zx;p@4B%?}*AIs%c?FmCHgXXr-8Hl_`j%|7r$ELHh%A%?90%nw`X*v}Jla zZ&0TFx~Tb;+{hx91hoEQhaA9W!s5Hc@gfOJg=@db254p|)5Vn*uA za&M##XP<;LzW`#TcGNLgKUC#VR^S21@fU1C#_I3*8%v0-B*8}#pUN|>fAxUG-$Oel zq0|nUI3~AfS(lI8`#*Kq=cRR3!;?>^&6cAXH@IC?*Pe6d^lsrESG{Q%E1EJwA-KL5 zEGk#FO6rh=KHW#klXuhf6d6&!VyGkLF%`1*&}Ws*>LKQa^OgQ>t^6dMz84xgj6|(B z$B&T)RIQdlwE>XCxB}I}X2g)pHAo^Hec*xT-8&cd2^MzyMI8V`!+#y;!d-E&BWI&l z_7}MIc+cMF)*MBb!he(LmzpB)w;sS?7N?Jnm_OHGZzs~$)4Zw6pi44>Kh%`qdGa&i zmkLW6?({NC@Hx9h%dzuC3(mQ8r1O>dehK0|nMeIr`9v{K_*CN)sdo~fJks}2b+6tW zI>9A;!*N3I?wKbB-zb+1q4y-`cV5RVy&L%ny^rA1mS|fa)tX?ND49z&a=P5{1kJAp ztDti)V?t%I^{C9#@pyKeOSgtcox45oQp((NaCR*EI`?{cv8wi~IzWN=t34pW^_L<6 z$S#5a0dp@eW+~e(5vN&LLh6q_7nKMlT+rnzqTV z84?}IEl9^FTDgdqgPpQWg%w)inM{RwRNw%V_tE_SLIyB*#5rS!6qVo3w3L2oz9FtTk2WMhq`^C#rJGUY0Gp z;-&gWpaJgzcG=?FztdlP1X=E$n2R$f6+cGtf-XF5rzhaB9jqGZ;-@aX_ z59y1Y&j7Cc01*~JgoDp@nE{8_XzYM`Gv^xiLRru2lvl)F&G%k;h;PO-l)LyM_56H!!zCz|6&*H)V% zTMps>66#LUTecl3$Fb}@>f zL@i~+{Ev$V#iqE$j`NDeN1~-(?;#x@03-CaEx`yscZD$VD26H%xhj?OhKH`TwhG2| zXMIKBz7w^aXD(2lz#sH^;R7Vcz}PgG31V@o96}XY2iObO*2ngbnzLW`n7<}AAnNj` zpgmSQaR#=f=J*7j%n+_58u?Aim8{K)!(y{6r6mTL0)Kq2%Mfdy6QJz4CCb6BmTrl0 zVn?WDUv@~Tb_$XXCCKHqbQ@jm*%!S@v88sZN!xxCB;ZYImF#M%j0X`u`LX<{`SevS z`9(`!L}rR!N{$-dfuT9stTxV_t?r$u>>3}m2$A?lUazx)yTswfwL61WI8B1~5EHUU z>zt7Ir^RCCs>jwh^<@zuR)7z&FBB;!F7s->GRLLmnM@~P@lxq(f2w|s^wB0cWoOtx zmw$ev&6WdAvYFVyRb%*W{(A^qCIfefjZJB#x7XykUX!z>%~)DJWTR%9 z+CU(Hy-4ZENtWpumwnSaPYIGTpkazjM$|0V_Oaw?l2VPOa@A3+4Sa3ptG*#+lZr@s zg0G^KJjACcCGwln+*ik=rA%%E^GhO=k9NY4Fh>$5V8vBuxD16!jO9&QWN8b6#uZxx zBbATa7D^$tZysZ#Fu3wjAWZ5K!m}r3Am}>Yt=8Q6k~ig!Wsy9_8R}sZyNq}aL(G@6 zyF#Tg3#ir{#{2*gI)sP_HeLe@Ma;w!#ZD3$NRSB?LUw*7F(pw;)D$89?+D6JNpRI( zI6%MpQ!StJ#U>gvuwa(%n@XDCb-RL{G}g=uJ4? z9X)tDhm#(kn&AV7y{KCyp#$EFDoA|%OrAfNU{a3%3be*X6J|5TsY9*VNHxe?YfiaY0@hB|M*XR+ZTmx2VQlNfVD9;?YK(d;TVj>Y zMt%4Ryt>^kd5FG-3iSH^k#%kk@mbJ($mvvm`)zLd7280fk`XA0nss^+5DAkQ<`Bcg zoyJ!%5=xUtW{H+vc9YZ$w~Ye1s2QZce8Tp=L=DSRshq+W4OaF5o6#&(R~>{(Uxy88 zIbX2Z#!DyHn*Zv-4>PPm{ct$aeoOo9V|{#DXr#Jx+e>04y1~OGc7eV~?2OJNT&|dv zf*FEEq>?HDa0deBo+%l&a5YMr_M6rVW&QZc7D17|23J+HN~u+*MS`$UrpOFM`$Yv~ z2A^a{13ah7=9xKvKb_MZ?D+r0N2V7C%rJ{MMfN8u2bTz@hSx;=8Pw$QtI&|4z01F$QJnWo_tm6h4!l4p3o$}gKGSZJISk-w-J7T29D zcoau@l2y)JicFQQOk(z)!zomTk+bIlF}Wq-H~-R(2r0VDiwPF#LR_KmR{41;UDbfhs;#4bGH`p^5h92-a+IY=ab|l+h?9y3v9XGR)Nq8AhgVm z4`u%tnsb_*f8^LcWIV7Jf{Ux4&hzkH48B*^W$={?Tz|&Yq}bl6rcpl^zl-vk3K~u` z7eGUM*W4GosQnPrQ~&{F!{>`F)PQJ3^=8!!K|w}-5MHi!potTTS8k__dAb>6u`_d+H9=8C-wcsYQ&J^^+3|fQ^M6vFY) z8CcqqPwL02X894EB0<$Eygzmcw;v&sx|}B%^v$&R*%itN zj z^%jwclEKbXndZ*d=AMhV<4$vWyU?B&i}xH}WF?jZ@FI&J?EE`Zb*U;VAiKey*E`V|_>J zgOK0c{IZJl+{VE}^UYP;)M81VBlu|fgZ{L?$;yZy=LkL#H4 zwr`iKy?+tf3Wf*jTD3AxqdAKJ4!huX*~ieP7E z{ZRbHZFL1346Egc)|eb~P-3^t;0npBEtbjJ(YXYC*Gw+;ujVh7ui6^m0&~pgW>ei?mn0Mh@!+o8P>VO35>S(Huj)D;_a28CdNKgw=DFZQ@8WjwtRuT zEV;!I1+E^s++*F6{Py0&yVJ{8zSQniU)ZFGR%oP{=f}W}hIlX4EH9U>nJ*#{9PAl& z1y4EONC)c7(LB|Y+#+W0irCo}gC8pf<_EH?+rC_6scUR?5xK}kM4F?8GFs@JX+fOy zz9GO5z2S>wUJG z7zU0KzM~dNaOVtZ-oV>KNE4fpOT%IGz#T9pr5>F8$t{{A%{hO=K#2ZNmc6+zLF5Cl zS(?v~e3~x_=p;ksV+(W+X!%(zkNvgEW>)I{;Os|bo0&1pj;2h2GTS?p2~cK3rc6J3 z9I?W)-zEBS9zkGNS`mw#@Ubkf^4S4fIsc%+koi}d4x$x^bH)Ymq4;6-rO`ebLsa%v zVwo={s#O|qAe0NWhKbUNwP(!d1n*+=y+O|-OWF&~`|f>X+2#$h`+|2-b7>#$=o>Y! zXi!cYLcp&39$Kp3Yh;K4rlgN3%+%$-%8yn|x_UhYugzT>EiE-X zqKB$}f{p)y0aCCzIDIoN>;H$H)f?VH!1qT@jW!@%CxUQq+jZH&igIY>!)=%wvi@4< ziIE_6txhYrZUfM1W*IM1my>!eKcT|irEBHOu2tKS79|uD?uW_3LY3g;ncV)fWr@&I zvTD2J{M5@?^`yLRtxs75CqJc=ys>m8xqu1-O5{6bn2@PPbryRNp##vTu*IppA~I@J8L+Lc2&v+W{|aAmeJP?y1NC%&)h zme?YHPKz+UUga7SF@Jp&msj`ZM$l&o)<^R-9NK;`4wCiQjOjjy>a+LLGG0oDmqpj}6cq6>uOQu9HmdqX$sFZmPN77R8G6 zveae)D~8R7$wZRF|6(MO5D;D%A;EF6UL!N4Pro76IV)TkikelxK+=yHxeL_s!RMA= zurVz7FqrjXZY@zz2(UWtuYrT`l(=5b;%q_I_d4_6Zv~F%e~B zIGoE!j*5Eo8?+lF2Q&4cdULjgV9jN2e;+>D?eDbGc*cqF4mVK*g6^w8wTDmBJeCHi;-OTe-~Q$@fN;)bQcm`NH{;o;&~t?i0D z05H^?UF8mWoBD@}({G99<8Qu}V+Fmv>FeGaF+IQfJflqx;;dTvrb>YnTOe(6Z`_l3 zVPV2D=Iz`i+5$~;9{JDRpQnkQt91*cF0=L@l~N$w9-*-imAK92J5Fljp?gR|@{ku& z`FB#;v6bU)<(u5f`^hCqI6l<9wP{KoBCA`|NI*cCYc3HG7}i+BWC4E=A7w4~b3Bg=|h#vecWP3Mk#`c=k6tA8tERY} zm=;Ze()MxkUhF#d0Ork%V?3YOZIjt!YlW zR7>wCn^lq~3J&ilq;_k;8Jv%eG4shF^mn7`AvN8%UjM~jdO-sryj!ggYyE$mZ34WC6DPL!5>;zP&VB;Xx zP+4dC%O`%gg?z#b^0s0c%eSoEU&tqG{D0&VFR7C4gB4AX=iXYaE?pfqjaP_(M`Y)E1o;S5>jqixnRq63xE&B*fVU$#K z>y+j-NJ!>c{Ny2nREv~9W74{l^4%J5Eo;xMq1U^XF&P!vX6jK z!Xey0kKXOIy1yW#8(vdu!U&d$)?F%7Ah>=z|AJ3gURt<0TVDbg3e>tf zQ_j1QZeN;7#d$DxOa`L3g4CI|F(fqiygvC)t_%6r6?fbGRrm4#Xc#6OK>2am@>fzm zx^5B=DVp0jj0bM}=;eo|whreA4riHPlE$>I7~awy47+bd^ZQ1TDrzr8$^EZ>rz;#Y zqr`XrNB6zs#npoE(o}Hmv8Yu--P|$!T5Ym27OOT}?Kb4R02(@}kfawQj&_e@-a{Dl zi+c0=C!Z7d@@4*o0;9|`_Dd=8nm*?wdhoHkZF&)3810$7uML-g^-R{Vxo6H%c_HXP zWQ+wkiQnyN686K&&w0F6E|M=gau?-9#b7dW$Z(nyz8wL70S9`lf1sr*528%WEOObt zJO0Pwe?-)HSw_SfRg5B5yz<1n_yPE1N6hPJC^}$?39*H3;_@I0W5l$0>6m}h?Ij$c zzyC*lTcpI?;bkEfz~oWMFtvO2U0RXegJYLlys8whC&#*Y@!}DvMe1l5T9ug!5i_!N z;FkOq0J4=9w%x^d3WUtT!1VT-aiMrBO`i_2p4SJ`r2~@V#VeBdSv%aFRovG!l1*be zekhv#QOOhY61~l)Z$OO;5Am}_e;5Z) zj24-{kW8&jGDNl?v5PFe@~p^E^WGTkBJR{{F$=Paw7YE#yyFL6Gp9jp9LWdzDRjZm_Skd3MI2sJ55|q_~+s(#(+Ed$zcV5nIDe zbmbqCFVD=w2`#(7kel|Y#!~iJqVWXyDw310e!j}pGuc|Wxg6i?S=(PuR-TdLu_Mu5 zM~T>6%GKDR=7`afBd3{Y)dCugdL!ZVuGk_?x8TW8M>HR9v!!fnSdB40A+&m|bJVQ- zWQ7hO@gb)BYE!*Zz0yaUDKr-`zx{#yyYwbkO~kox1iKAw`%-QD9xh^P+epT2>tnL5 zGkj~_qPjI*23I%3zP0NbOLy}bsjowkw?~s>*dUz+y8N7AR;zVV4Alp)LDA-Ztj(Qh zn`>VVE%%voG8Oav zFX#mzv0GX|7b~Fq_62mJ3kdvpY?!T`P99U{Cd-UKUcSrRM+jIKmu_?P+Ic9M&Tklx zSKi&Us6nIIs>yb%(7Bm*+aBW|ISrAMpC-M6WixM+OtD8m)3DlJ*auABO;Nqh!wR7& z*EfwZ+uPZhXgKQ3fp<^m4^(Y;7#}rR50Z|{k-Fb(2@08LWa$BFd$yk0GMw1=+DI%;C(YOzX;Q^$RWIoY4iGSn)_OAc^{vel4@Mg+vSI`lB-;0!qm<{h z*{5?KOpQ%lH|i92H(YN+{zXl?jUnA847y#}Bte#tU!r3%j@a3iHxc>KF4q{KQUg_+u&a!Z)a6 zJy$LppU#WtPl=tOjn|ngrE$CNC+sygo?}Tj^j|Z1P=4yE7xp9{>$ci=^!QhoeLQ#T zACQhx#>4rc&DHlc<`?13ZA`MC#{>G5O-80N{IO4!YF!V@2KayKr{IQ zOY;|J^Z70Q6@K&XTR3@{b>mfY@vMtB-mm7jX#ShuntzMtKYZf1)lX{vnU$ULJ^QZM z*5>Qp!dVHj%!_V%LsZsDZWjpJQS)0pI}q_!96Q|>zr-v4;*swBv=4#V3gVG!cOkC8-toIUI4>>D$?9H@uvIoQ6@v=d|e-hI#)1as+ zUsSQ-hpPp(I7+0Mf|R_0S=!_`hn}T^SsS93)ivZ_apK4RGf3i5iW0^Bsn_eozGJTZ zZ$`%!`=a|^6dTsIPgK7;)f&ROhjKKKk%Ib%-XcR+p{Be%5-_;C4Z zKWu1cGI|b*K?SWOx6E%bU;M}0TgKn6bq6GD{!6MN z)j*g0YCxh-y?LI7sFB*)eq!>gLBUnB`somHG}4_psK@ATP(_Ae43Cp}zD+prQdP%p zB}^=Pm8Sau2CZH{?^v3`Qz zO*K5a9c+A$&H^%wKf7L)Vr>pKJ}-omD-HZJA!6AT{YMo@1iO86!hFE{2#h4VRC|d6 zFr%>BPQcLmwLZV3y-os47C((`*+><;5*DTM>YHkOW+5q{W~bb2qW{=IKABTT8D#eW zY#P0DyHlkdl|4eX^x%%A57HujumAjNKad_vc+~EK08(Iv*@IJ&kYR}zMhGk{PD+IS z>&Kd-bt~1;9S(m4v&R7+aoFq~t8tdxB?kI-dFY^oX%v!A{>tU}zBgZr%@G*i+Y5L< za<-KR;@H?b_Cs5FyOh{Bd6#Zr^YUqjsMGAdNh(h6J{Fsw zypvt59C+#5^tvc^yr=Ngt^YU zzyQBULc}D8!Y|>^m0uR~J%?Z9n7edcb$Tr0z3@Qjz%;CZ-67&2gwSEV~% zPwl7R8=gLv<#&7x$w1Eoh)#ygO@6@3z{4w7R|Gzo#uM|EVW-2K#3Y9ADkx0hw6f@l`2G9D~oMniT%*yr`AeZmy&uO+gdrs{+eJv zD(%N)`%z;*BKBjZd|0w5z3TNCPkk{EmfSnAg6RTyqIig|gS!0T-4ZWQ6G7NvL*SO1 z&vDBz^I3_ObHw~@>mP(zn1k$!nkVR(wF?Y#Fx|NM7iqnRY`u|bd#_eoJ}6dbN>%EG z^p0`v`00Kc!(p+bZ$r75#=u~q3yI(e(R#$QD6ra`o$8xv(euDH zp>h2ZgBrKT`>%=QkDHO7=$mZr#`eB(d*Z#3&Fwu7Y)(GGoe&%lE}aj7THA;1s-EeK z4>pt7d8k_f4|lisLyb8{cQpRg7wz5C)wArIWSQ>Nfq*t0TqUPx4_uqz&0~q{`aiZG zY`l?bPBR0O9018goZQjF>F4hBa;97za)7eQb@0k+-S=w!mpUa6= zWvX|``Ajn!GZ{bN=+Mdgvy{F#lQ^2ve$t$PW<)a?>ImwDHMKI6S|CoH(A^Bi+s?T; zL;E-`Lc`1sl*d}9ggO}H?ow~Wg7U9Gi-*z;*d)5m+ChDlZ~I?qiu82))eJ z(#YcZI-qfFVP{T$p*f%Ydee`iPS_qibKVTkw)b_W$|OQU3^Vr)_GTLGNzAt_Q4Y}d zoSgQ0W=JfP?CZi!^{a@n_Tk8#Vn`ETLCFb zn7JJLm^XR#lB|+QY{D`QsuYXEt|3)O3(DsTK2eMZI=29Qim^2j3)| z%P#F47W_oDxoC zT4AV3MPk!*$0U?jeF(0(O*(s8tLHOF_7ZdMiglCpEXsDRIeuCvmbv6P5%woj%koRu zUaHRFm*)rBMWQ3OjHRA}l}QQU#O*l^%1RF*4s>n>u1D{sbT?^Xi83@ma7sPKt3ZJb z<2Q32UO68qpF84SVXIug+14-<$y5RRccQ6Fkm&J(RFwl!Q74=!-Tx}2yRulMG8$3MN-uh*tx~d^HO_ZB>DOosaguJ9VUA5V2c>t zAA~oy){Z%kf(Z!Ba1lt`$15|SA5akXe&EkDNJ~K9VP>$0G)$#yvDd$Wu?DYmiz)Yc z*cD!EH?8kNrgNuT@X3ZVthW%6BdW(R0BrKMc~=k$V7zqo8IG7tyxtX>5?ix_4q)|_ z45dy|N=-t_h4SM2NU0T*|iG(KEhBTgv4)Z#)im{wB1O>aj`6d(@rl)s+xNDs^oE;klNl@VINH z&dArt&Y9(<7Y2XZV(uU-)lfO|NpX@*qu--%^|R}=q9@yh_8%jOi;`a!1{>G#bKS(x zle>E^uBPuLC`jEBXVX13w#etH+;36ss7Rt5Ij>Q{Hn_yY^soDCFR@oh2`2myyB=$Q zGNrDurC5?F)Uko|tB_HW32U@DL+#9bj4xp!lC8*sWJ6_M9Q6j1a*XR44|$#m4RXyz z4Oa3QiJF_q5fX^m@3))hq&ABeaB*HdV8-?}BH2uu)d!46+1dP!qU>LRl}j6F8f_OU!RMp`bW)+T8_>v?dK3C#~px++Qbdz4qyB@I>)<@Mb1nw&si-nUXl*! z|Fm_Dg`sQIZ#NTuYqJJ(3M+q{m#KI)b=v3M(JkH+MKqSzKKc%pJLgg_pCAM$@lfw% z&X;S`1MWqcMaUPk9UT8!e2AECRL6|a-oYK(+*Lgb8;TW^9_k7|y1ds)Vu!alUqaWo27a{wp6S`t)db0ve^@9H(JnN-m+0TwClY z0u+_x-rhX0IT?SC$_R)Ar9z=r!1`>XYO4cWa&I5f_XguVl6(6lf*ddO#x>2#jP}vO zeUwO4r4~e33->3IV_yvFDiD|WyK@ZT!_cT9?Q-aNx26AQdgrnTKh<2*H(YdXL9Rj$-M=^t6%3k z4?n(CR~TAXlfU^LU-#!{7^8DmrR!XA3TsK_<2l&Uy*V|x)weE^zs6tL_+(bF`&bjqeUMQ@}#}jkW1~F2EGKdD`n+gOw02j3ftyZ8SR%EJr9KhPw>#bKI ztyF>Mo|;)0`VACm=QE$rf&87q-?jYRRE&y}vp@*{+>(k)XO zdvWzHexS4MG_hlj`a9PNk2M$a!OXO`Q=E3e%B@;xuAnN_a)d4XYVWITOg5FHXZGE6)tF7?#r%vxO%( zR?hDcaw@(k#D7b%V-SOl9QVt*T0(4=(>@ZW_33%#sCx0q6E8a0u!6nbs8mm|5vLry zTaG=&tbJV$D|O$TINAE7Xa_^)lP94JIqHY^5D;3c12mEcfC7_vi4(YLUlfWZ=wW$l zwVy0`*)yd*^ViDp;%{I0GOb@;p*Z+c`ch=m1OX+*Lpzp2J1%zP||GJNzFZ_@!* zkK^$^x7B2;ydhD+P?fcfWmcL+twMcY`=M6NRirO;HUSlunWx?+MeX9~7!suCo;llj zkWY`ig{I{(x(5|Ni+iGsg#FK+_ZBc0^`yC&xKhU@{Pt35sKs2!G!If6kFJx>qvel7V^rJMcn2i1F<()Avx#s2o?V;2V!yI3$d z(KWY1F&!7Z2Z}hFW95fvSu1+&>LDzhFZU}i_kbh@)Jnx4dle_KM|+|Du(6B%@k7u* zykhYIwtXe@JyzjsTI`?QI#oy4smbYFq51V@<#BUpA661}@^sUql%@?X`tYhU^Q{`T82YEus2?@YbSj z5J(O;g?`$Zcl4B!>sqrOSJu#p+18uZ+_9AptuIChiK*i=A3ZNPF&;~XS^5$N!)I=P z?#r~xqFSm|OToTN-yYlGPxKdO^F_8bm+@IWZ6ktvs2FW%?=-K!vcL8E>tgbwEGG0* zop!tW)c%)vyemCa{?+rM$sH9fcg(Z-HQ$pzt;_tVDa5N>j=SThiax?-$)6Y-HJ>q0 zd7r+I{JVp_68Gt_nnz6lKklf$w-z;T_mJ;LV0A^F>D@4#kjE=H5d*st_i2;4-Ldm8 zYOYi8a}~V2=oK|d1^g!BkLbi^?f!T zR4H-37LnJ@Y}_MawnQ%MrAG-j2F#yTiS>Ku!Y+H^FF5#@?1*HVg;Y#Oooj(npMFs^ zk!Fl1cn!_H!k@-M?BN}CCRYZsMM7F6>CeyR@2>75zgsr{m$^-N^+VbG8@tLc$>z_m z?E=0pn}0`F_5IoWd%Mc7%;s;(&G$&K5?W`AGQ?z@v;0%cUC1_GuJIy{$MT&LR26fp>K}eRxlJzd=fwxJtIl_Pejc;ANjh{S&u`9w*yRn|Bp2?O9F-W~tEQTB~`v^x(kN(!;Ox z*l;fN&|+^=QTz%rvXppgck>)vGRMom~LC?ev!=n=@Yk=p~2_sJ!S zpU|T-e#dvlPwAnk|I_VZE;QmpY2Ky0M4O>Unb4!rs#7jKuwGbt1e6{(o(Da&*t7bC zZ3lWhsP~1k{6Sqy52+h+*i7QtZ=vJ~znyfSmb5T}vOS z8+EdEFR^u_#%PW2qmMn!&nUWXw=BOXenOwl`1R?GpVCKBzt8PqC;Dh!^-hmIz^o8@ z%v3^q^uTgw=~1Ng*ftM(Xt7^YvD5rn^Usd-psuBd)QvjXx@X(E=p$O=`{=RHQJr?g z(nIkRdUVF`oBwpePwAnk-|Y6V6FoHVSgPgnOL1lxXk(PnXOt4!qYq|VOP{dPXXp9Q zM~f}*+&=ME-|0vn>RS3p-KdkTTV?C=p0n2YKKc}Y$9z)!gg%||ds82+&EaRIkD`91 z+rv)u(Y*bsmZeW}Nr~70V(ovkL;uGJnU;5kPygTU*njHU{!3lvOQvp>txNy4#`pEV zq|5$me-xGbl-)9cL)>mzG^;V`Wc!nu~b_9*;}H)wrJr-$A63c8=N;6^C8KrT24uQwuc!9B&hB}{2T zN#%s~39e$3k~@B7-#dO2Wc+?c z2i0taO8qmv(#zhmV~@1`N*TY2O6Jb(+x4U@Q^}6!un%QCSH77Y&$90u&&YhnQyV%- zuLU!n&04?9@f2|1Ii6W?_PyF~8&8)%z7?J~URii|e)zxfN7=W}NA2bzUDDH%U}Iay z@htzI@m%4|VmxC%(gQ~ZbL*GhWYqDSEaP{jlC|scEAKRZ^NfsNvtCg^^I<-gf8Y46 zyomABhMGX02}HczH)Q;~96tf~o#U4UH_n3lmig$8-?zf^#xD!+Lw!x?+xS8GS?v?$ z-#&iY&2ze>r_28zaCV3hFp!!mnAPyQlZdh~vZtO?`5g#Tf(E?aaO4K;kzyS%I}}; z_E;tdy59ftIW;=}bsReLk3Ek#_I(MtG@pnnr_gkwCwFSFdg|r5;^f|RqQ4x0tc&Jz zepgT}=R?Ckk()z$O2EaT^b3|GX-HBBMM7j0r$;>?6q!;{2gNu7fGVj-AoUpMRKy%9 zT6b$Hi08RyQNytv@UYi@;@Dn#YI?wD3wnoiLmv-LCF09noLsv&0jii^iXT0-_V`Qj z1|}nHPhf;F7}#Z>UMhz;V&s>$JOc%J#pc~RKbHU->@GtKIdmDVG@2tjAw6s@W&{e- zRkKn7J)v{R%-n&=bwQ4&iR)G_n>#Jq|5ctoqyj7&zpZ)c(Lz<2TkNUEB@pa-#-78*8j9m z6m+1TN59+N&CEZ+?Ehi@Rdkwvfrs^a%D2xy#if8fqMd*4{CC?ACs+8mnwMhm#jsZt zmG>!r|A5Ri%w`Sox(x)z8TdDj0x@Q#Oe~N215=HP$du3r>%*xT8J-V`KdU`29WLzo zLqhQ+`p-x&_IKd;A|9`pV%s2+?{A3tg4hsVZW=+vdiygo$D_`9e-)qCW|=U}m67y- zus96pb<2`lGM{LRhn+vOpXe)`)#r_GOl zy4Rs7KJao*EIOhIZj&0Ez62Ye15$c)h%C-;vdQ<8Y{K{NmOz(Q-`3JMO7azfJ(4`m z>a7B#Ns>=5<>8p9IoEEV;I2!}7e{MSiPf-4I@kQ=6s>%u-9(TSF+*Cl)DP@Fl%(UG zm2nAPd57l~6(8*y@<1QRbRIx_ne)e%zON_Q>&Hk;Gfh%y*)lj8W55q3s zUS0LyKs`p)F1X6shM5$5a-BV}#LI>UyE$00?l0yNUI~z}w@b(AN+e-~Tb^<5U5Z@G zyNrJ(Y$Ve88>h&SW+Q@I`MvQi)}LtXDA)@lu*hr7&gqf6kksMyfV1FeWrKK+N|D`C zioY_G9s{cxvWQYvgtx{}&cC*RxIL$qGih|G%k&`F(2jm?^2 z-Qlf+dm@{8i)P~g9>x~jCifgL8%mhGQnMl#`pe`z5CU|n<$rSeQLm}VuRRc!Dy{!h z6&U?YyM{|8P^jQ8 z3}m9FgRB0;*QmMYWvMNPLPy;+4JD2a_ca5lc#HiN?@N@)>lKj9`W3tv{gT!g`H}OC z^htUbo9A`yV!i&#Oo<;toFixT1ARj21Q9!gc!@mcy;=$vn8V+ec~Ly_b#@L!or*o7 z5a;slu$@7O7>V}s8xwiwOL0e3X`*w>#-x72ljZWM`UUZ}ELv0>o$W~EzHCPZ(2;HY zw(~suz|k`=+Wx4p1YUZy^xTZrqCyw~GTlKLH+`@NB4ON=AM^GtBy8;=^&p9RugAl& zRxW-9%wM0|qZi!?xPIp-gbMx`MAA(Rbx@2g743<$Fa=Pmm3-6}sxS3KR{y+hKk8B=W9he)ujsZo|TR)$il(Fd4lG{{mS1Fv=Y;y-_a~oXW zvEff;+Y{Q--j%uSy*xtNLp#^@6rycUPbkM$yD9XsD7m}a;@(Zw;fy2X1s+}O;iXHz zk?mRfF~p_Nn=xUD%Yjjvff4T##((tktFR5#W5Bfs8 z=0u4jVFT-oExzrFlTTvixb%HL@Iy!j*Z8xOGfDe4`^F#O-)dj$0i8?@h~Y{088c9>rG zewXpPuTyzUFBH(L?veiDn)9&D%`&;w$AA86UfxX==rL%LOP4v7aG}*YxIMgPi|Ct7 zG1;gNwO-=F`ua$b^HhpCt{eAj7lYT6%aU;xCEJ4t=$Q+5U4__qksfNCH|1pQcCuZd@ zHFK1y|Al@TW9HZ|6HLN>sWfNsr49%+=Dx?%vf(d@q!$&XCi$^Su*gA^8l_3oB%gU3 z;yVS5p`C6Qb|lL&dW$xk`bKeHM?{WKe`iCTxb#k59?om1tTRv25HkSKBT33{D02p8 zV4m;7H1ECdG9)0p0W)cQBl)chs+Z_ZH1{)V-4vC3%gseMVugVBnSpp%iF1V~DP&{B zLbcp$1~t80F2G#-lE^LBVYRhd2g&tObA@qhwKbMhtEhAXEVNb^-^;{ktuEQ59}@R2 z&s=k-NLeN_ugc2?tyAN9G#)h{{#pb8?8GGtM*_myQZn`CUeC^Hw9GLU;SzJNyaYzX zRZ2Gz|1xm^n?X0T$o!dS%RpSBbvm!-Kq)i>fr7d>+o~&_v?9 z=rR!_<}V74IT61oJ-S?z^5H(_9!ayE4G(sw(DRu>C%GxdXHt%Hn%UH#?*ZP{IyB}( z-^&!(pJ^p}^$nQ<`odk*4184i!|wl7KT0-~cGE*7;$a5xD*iwx8Dc22S)@c>U3{rX z`XhM7UZdY6zsX;AKHC{$oHkUq7ufv^{)lDfYQ}|CK|rmAr^Pr&yy^H5k(sq5UTxvm zLgOOy1Ekwj_;vg@%O0~qL|e?Uq>-eIC{g!X)QwzNu#>swnN9HrJG@7=X;!D-d7XZL z*6H`C2Rhbw9`5-2rH4BH-qh)LW2f>Db%f`{|E4_!Y=D;zKLebOaHa}#IDOrz8RJ+U+lr}-(~qtlAnv8{5J2Oo54@$rR{Ck zKrEf@yN=|WjoI=-FD-v_*X1SOT$L@qllgA@-(~qtlAnv8{5I9u`ZB&+|Clc8JCbkq z&z2Yd(DL27E-(4!eGS3tlkt)9*7DoW?`nKC-)zj5U*eU&xy$mKBtN%5^4naRtuOqn z?VZzQeMj<5b+-Ij-uNEVW%*5#pWB}NHU-)G!tdJNC-b`OpX8fY&d%_I%ttN%Sl8tx z-`ti{-p&uHqkkrr5Lg~g9{*?af6y`C<@ap<5gqeg{?6tXcFcGAH=F-qyhHmgzh?8F z>X`5HXEy)Nj`=SCW%Ji`%y;=Mn;+|#@A6kR{|6oOU4F{uAJH-2<(F)JVaI%zKeG8B zF6z*Kcl@*YPj$?9$2*&UXQzBSzVP%wfRTwo9~XV&F{N! zzB|4)|Kr#`?YrY^^Pk%{-yL6@f6u=8?)cjL_50?#<7@LT+Be@FUzt~Ps?{y7@5`q z%830wpyeXwf=4u#VHc0XQdQuI_>ibTQyE@H+$)PW*iN&D&b zPiP)6&uP(I3JFapW6zIVehHWY=x-_1vHsqzohj52A8F$Ti_W+3OTc`nFgyzFTmP~S z^`(7_`*uwiog()?;g?X`uznt$a^dMg*nxlRKpn3?!r9H5l}nAT_$6d^1ASk937MUb zccwJUhPrWUg?rW(xcm7I_dobgj?%8@qsIBMl zh`IPv*~E$^;DCrZRc)g3qmbBvzF$k0pQy!&7w{Bt7O-J7f9$q5?c8{B0iOFi%};^L zzC^>nNDvuIb*!mrGj+9%co-ip-HDpk=f#Oac4h<;auy1x^8m$4mf9UPZCA^pq7Q4i z@zpZ&@E$haxuZ$EVU0Tq0tLJUC&vN8Qd1u!RN{P`1=6Wg@@(oQA)=&?Af3%9y?=cv zCeNjXvN;E2p4>w|bCcLxX7g6xQp|v7>b2xl0cPKTIc^K^PQg_KC_ByJ{1Rg@FD6WX zO*#_(V#nM$2R5HsiPcwWO1lLaWFCA#845#JPi<>XOC(hwP~U0!CXKa^5emDK{I{E= zsQaR=wV5gXUgd~VOvu5;RiG#**Yc9xf#zZ;B@al(&yS^RxnKCHuEzYXm$L~ivQ~=d zb?r&%k;D_;?onPI+~Fd7e31G5RZ>JoqXZzspYuxe$4SPySO%vxFEcpBdRpq6?S+J} z^Uae#eJR~>e5}3iwieCNj!NwJQF&|!!kzxvb8Ej12jCjnvynL^9%~+(TK;}9%eDb(Dy*kU(58vw&VWt^R zZ&N$y_(?=NJ+9WIKJkb)hHLH7R=GkUVN9E5`O*pG^9{=PfEmb@)WlEfpoxSlFn><# zup)K|2RXaWyengbV1#qeJPlJg{|F`QdFXAAVI0HMSi)@36vlG;PV5Wy=5L>UowflA z?r7$21n^4C`RmohBCu)r;(7}5T|5ygc(J988ni?>#3H$m8;n4~askBW7}aL6`=%=tqllP4y+CH4aoP1{}KR#<`c9>Y~PXGeEi`UFZ# z%n2zUyjFuwbYvgTe^clHh94g&kT6DzSmO7blwwT$NBd=tMbm~HF&nT(MVu{=RWN&O zhSa6w77LIIknG&p#Kr1)?+Vj%(9!Uo+M&CX(^^n~;mlk>)hRW)(MWNvS&d*3t6m7Jo^Q_V(^}+dx`4bVC#)t{g_G%YA{gVPl0JvH zq)NPzs&+fQXHdsZU$DmQ^jY@H$Yv(V6d=Nfmg#b6$gS`r^V|zoMfIul7X^7>mN*9K z#m!f2N~Vy}anHws>(?R;?R%O!1&hSswMDAs^EC38ocIhegqpO99>OvclY4c zv-!qRlJA!sC5c5=qF3`U1rSaQThPSX39cVcvHDmcBq>S1ti%pB9wt>?OhRUZjxM7R zT>oz z6ejvqc}a|VDLyO zVHlbu+TV2m_0yJTt8O_`ct2iL6Q5HPTy+_BWqo9@SRXsIaVBk~rWZl6vf(ex=)Ub# z;V9=|X&764L-cSOU$vU`Ql}MRl9^UL0c}bxa+=&*D(zA=RKuzr&nHA7?Qt3f6h4u~E_z2G*18x0A0 z5mnpcCqm=#0%uk80~-jD5uEbG495o!r<&oXNZ&;C45ENc`M!~;;Y}J+WldHib4C_? zq*TfZz%#FMWx-7Q#Tub=I?VmbweIu}tR(mftXL3{%azQcM9=Cm1&NQ_3)U3i13K7w zHba?3ylHiq32`kRi3!ZvEijr_EgoD`oiARa?amHrv_AvfL{Iy@xjwZwxUr{KG|^+~ zn4XD`d2Nh{c<*)s|EFhN@Dc~6P9x-mBU^jsMW?0*+$c_OmO+`jDHB{J2Y+jNGQ-cz zMWt}f)cmP}N_(|DX;#(o413+wbob4yoOGId1-8@i!H~IVEAotwnogOCcdz*72^xye zun`HBO%^IKx?60eD+ffK3gMq_=DA07@L27o5B1I%lHE+=!D?m^Su%h5a3@gC=&1hg zGaukg7BT&HsOFVX{k7bt2jc^fvr}6W1FBRcDT}K)lxo z4|ac|6=?JpBt^hYas|gXE3{P_6d4A8+5OBbNaNZllay!bHP&i+z3(0tI?h%iB zaR(7>91$~@w=a|Ve0_Js?tW-NBDDYzh}4QsWIkIabBIaMz=I2!N)53^bYV4)x=bSi z|8wnt&@ELAM$z@dpWtWsz{db2qC^0ZZ0_;^Egj^XngO&z0iBou1Y>wROWqNESP+&4 zv9B{HQ{}Su;{@TZ+p5>LPRwa*UZ&!5ZR^FYF48>QzWATA$E0)MBpWeHk!4!$F0Y)1 z6h>Hfn$M=tyYD>GbIBRQeO>Scy8sU*OfD5Qp?``?dAz%IMoOBM6!&!cE?d}B3`9Qo zHKw)SY{2s${UmiM-lGZKnrQ?Egk6!uPpB4RF&3&#|Bo>ScCKhWKp4@P$It^qdLtAj2*B%o0t`SeD>=@lKT$)@CWO4@}b z+XiWYRL{9h3o?EHp3oE76p;51&3)&)QrI}sB2rsd!9nYIz;A{r$}~xEq+eKwB5LPD zU0QFQs-_8-&-X!Lo`(V$nA50YSG`9dW-)FGKjhZHx#zhI%nJ}VBN^-%Ulh9t25#M= zywJWL3Y4U#`gn#E+b_G+3KMuomi}FD3J0Pw2OH04joJm@`hn7Hc=X z!B%qFFgIU#hdu04i2$Boox&eBwIon)F7R4eUIu_SuMuLKg zyoL?A^+Vuf?YV8p?N7dRmYE=SxWg?Ri-+V#dAW_Yik+u3<2av(e-Fc-Nykxe!Rz8| zyn7gg<1b`J$BS)XES(CD7T%sMZ05biD2u9dikj&B*-lG)u)*k;RRp>5mTBC5+@qQo zCBwsFOv+5j zL((HDB_!KBUgP!7FGHT{KSZ(jmKya2$e^3e#}`1qzJt#%ipt$ zT`~k4`%s9nu+h$rLy5M5_D<#!E$@};UP}e;zYv=cr5y5PUfkSxx1|pHFVl`2loE)P z86>eV3sU*K1lx^Yva|2OYjpa9Hx%WEUw?$`k3ds5ofJ7!0(i)>u~j~Nq9s}8zi^@7 z9FkOm=adzWkbHWf=eK^-pcKzNfg(QEn|AWVB?PfNjdR;OEE2=pZyJ zR3^ptb3!cyaN_m1QZon5*$(S^3G54Uzj^?EsEjzJQpOxLK_?XKu)ZJp8W^@THo&RW z+>&fJ>^#c(;adlzuZ6(x!G|H9EH5 zj3=HJ-*~|cc+LU^viM8knlj-^2}H^=7oH^buCZ{&?^w1eCZoXqDd4QtDwDN}`1#I8 zwLT@C;Ix1!fzOU26jH*^{HfKtOqGU;C@H4pN}WM(@c63!{xxL>Tz0=y8i*&mhu1{U=b8ZB$sN5=|2YIHkmykeY=lb7b^2F13I|n_2`R-xq$e$w%e(?xyOqXGkLoXfn6LAbUxFX|M4qQnf`%bizs1>Po_KOirp}>Si^bn zP~vbmK8txbb+A0X2>R#VZy6`FMX>vPtU!YN!S%OO$|={>Yb<<8{fX2)*_X-}(Z62} zSIH#AWYpZ9Qnqg2&pEjJmAFr8;_dGX`XQ%Mp{Ek>m_A(SAZ zB3g=K6`vrF zrLE@dLK$D8-qv>E=|2u}D%s8*YPN{Qy!E0o+gQpF~*V z6w0(SD5$o{Lf;V#svU%bOQXgbfw5L#NDWm;F&gA+eF`$~pg@X-)%7XRj8hn23U5(^ zjBS#CdMdwL^5e9(D3$*QuqM2|+&GH&4o3;|p?k4%uUZL_E(10{F%Q=O1l-SUaM9Z!vwS?jodbTzI}e9x z(|DU5h%C7ckZ@l8OAU%+H^T1gjxG&`m2dE2gl@$9{w4B0rvPJjo@=bSPV)N^{Cs-| zBaktLGSo!e^+HX&v%;x`ypD=|Ayw2lA+S57&g}e|@*nd>0|%*fo`7+Sd%@0&RBGHd zW7sA|gyd)9QTg*XCdYZ_{1gaBI72jq~NJq&Rh`61qt z6)~QYZ$W&6EFFsDZY&1wcnq#|b&*C%J`c(0rTLDKIuQl}@l9n`@-9g}-b%))*nS*h zTWR|wt^EQlFy`Y<#rPVekex#6Lwt*G(ox8$mgy;~VHNvgz;7X7cuV1ayoJp%a0Y?S zN6hr!Gj$iH1YG9eof(lokafquguzGc0zc8SxEG9Gh;dKEXNgQ{gGw)ZhV!kFNpB8nbF1YCM1 z+=Y1l3AH+gKv4tL&)2g#UcFVhd=s0|3@4GXFQHj^+u;ck>qkUhin$_a2DRv*%D9%* zqDn}+c^XzPfi+gc!kUYmXaOUfYG+U#y8cI=+T{h+o?94U63@P%+Jxn-sqlLoX3dcc zzuvYS-loaGG~CD7{#-XtmFf;i=o%hmC!1ScrSY9FMK91rslX?52*YT8X@89VGoJFV z0o?dvM+WXg$PF-7ZY;w`L@*kt_B|_Igx!COq+l%BwSZ*;Fp3X%;Oq4erFKcaitTMJiQY zn8qqp>&ycYavnS@pQj$j9s8h~fHfj*bp~80TsISJ*T-0$tS{EKnvg6s!ENppe+1q( zw{yGXr)QQ%$O<)w@oL5 z#x`4QOyx`tWudFYa-4t_>uo&9o3dGY>5A7B!ah!ZoW&$PBe z09ig_0}3pQ?S~UZTXXK;#q-sf@jY2dLjsNer@z5)ErZ|(8rTEkz7JJR7co%R&nH2# zrbBZ+#0Sm0*CWp7K=rEJj}>43xIKpsc48H&;~7A~S~3mZ&*5(Y6bZvT%O`+f3zE5H zXmuw1hv7S~^WsWye>4`IhRxsnD1(;3s$!yScLC?AKpB|BtO5y`2o3@VOy>xU!TWl= zkfsIz|I~Uq7ftbp5HtdFnLn0?Q5aJGiDX0PRPcW;mdAfX1b1x6aq5c?_ePJ$?zffl zD=P(>_Z(*=gk_Ew8pAa)iv~*!bn(BXAx@E>Uao?7o-M23f2;%F??m5#5Z;$?YMgPm z*|XRg^TjuE`4#`tG4Cq`{rKl}yRvhv%0gpRwyvT0z~XM~g0}mCPd=qrU|XP3Bs2Hy6}#OvH-MsMHv0a-%}{34cmL$y*ASsh#4=QH7;VJP zF@`1ib3ye@=+MJ|k?34r0e^#bA9ZO_>sfW1#((7Fn;96=#AEK)hY2KN1`*WdV1rk zYILHmCwduZquGU|x$z;3G*}Xr&a;_h05(aVi9-Fs;Hy#@S+M~eoM@N}{K~zA@D;+%P(EBJj`h7jVhACchk4boPU+Bd zGGMjVoVZ{(ugLy$t%WLfv-tt>ub+g1w+oLjA9(`Lpd4jg;)3l5k^dKI`S}6ykC}h? zAszoXm0z~_!CC#Zv%BG2p(%_8XXUHM{v@15$%lY|4+0-UQhjRjbxA9Y=tYQGj~z7^ zE-)eo0!v`~hh`g4$LuH*^zjorRc*W#yO}(kMrdT!zYn{CyWBHoHg|a=GR%eOX>*AK zB-7GeGb+S{_1O4+^VG5M{r$E7H@-Y>ur6p?_#U5*Z>;zKgzwEL(-B{EuY|p>&IWHm z#XS0-xk({wfu#_C&{=yKHlpnM(tl}nXxFP= z5y~g)YvA^Ty6=H>`Q!z_yb!k4a97kU&848qr)6VasH&2;dR^u|$T?*4VnCgWqRtP2R# zd^Oz#LZtq-ZnTg!U%^*vePrM4-x_bp$v$YTjf0@mWr*)qn%f)qH9ZW=E z1#l^T;|N)|8;%o@h&e|H}j0MlVC^V_#$7OAY+y@H+2PP zMRY&~4mnDaxvC}C-apubpxGShjqky^3L;T%Z~ELB|1eW_AEUi`Q~76r%8kwa6A*R! z(QXeWGj3Y0`3Zt4>aaU%C7!|6f+y<^!F5Svv>>Qn->WabVxye`gj17nR&2xK^bf9xHR*M8G?%~(mS;G{V&qndwW`YuSI)r{k={5|I*%Z zI#UAE{W) z%wwvyV2O=2rX5vfj;<18xJO8-8DbQHZGs*VwcC0T-#V}97fUR#&4ix?ucVLIsr51$$z#y6Gol*|eQW>Z>YuQRTzcK|P1$s;{RdCjbOH4%t(S0p9B->aFlzs)KLEV3Q86pWvzlx7T(%+W&@l z+)%AQWnW@OC!eL&xBS@k-S?O^+Ql6a^wHP}sd^7$1WLWN-K=reb-lNy*K6}jNCsG7 zH!KjvzQ!Z2yeV_K=}3(GVaAS;1W#nfo~^hVF<2%LXBBS+V4=I{S{ZRzs{|xopm|Qw zbSD%Wj{H5>VGU`HaoXO&qd&#hvFcJ?1iRxqSS$9~aqUZ-%)}2QaD3Jnofz1yp`Vt7 zeyOEzndih8!IpSV3^|aHNk?-Vb!O-glclJ|RD8LjVH`J>(kv)L(b5PS;<35_+$Y zlr1seqi`yzzdTd>@2JZj4U@)$@oT(C2EWa{;xj;8n&rAz^J*3Ey{vu=Amg}6v0^&Y z#)3exo<Ln_ZUrr`_yGnl2O2)|y6!qd;YQm0D+q0#?aHZ=1F{f58h6_m; z*)w?qd+L~olcH3Hh|Fj0Q2TIK5iI>GtL^3^lH76jQ&F?`Fzs`xbRc1PxYooiJx7gWk+#qg?W zev8P7L&yh=kHfx?@IDPVA)0Hzua;GbA(f2R#mi};{}$$#p;%jS|7>X5zx*n7CyG%u z!Z}2AoNRbcPG3c5%~h{TI_R;<%7_K`bYPAll!vPn zwKKf6OLB35;!uADc)@zso`N&$Oh$OkVuaW1 z*qI>oY5JHzNO-+$EL>_AoH2D~a|e|_p?eRMJ2mif5qAD+7s4*1skX3ova7ZtkHe?7 z!pUN`_}mueCZi8SoTlHt^nVdmN@-(J@ly@jY9v3`lOr(1da-K4G%NJ716734=59li3{F^ zN)u7u`LMCPARk_qQEXm=g0Q5hT^TxjHsPrc$)?#M?=B1v_7IH0|B0L6zT{~b|%zJ-^d`Wp@ZwPq+Uz*67hn2C)tO^9B= zSxC^A#OR2ti?|Nzh^tpk!5SJZ)=UK&IMsqNpmyV7(giwcz6At|u=-QOSETYqHlrJ)V z+Zq;POEEPZQ}@5&RnmM9OS03=Aq}YT3dqC*y`S%iw!+AMW%lUerYKHaVxLvF!-zl8 zcN)yqVV=JXKlSCAb$!YiL3!{#ecYM`A1=$D2EyhA&jM)miR9^pc!#k9o(w)Y_%w@8 zS$wMDQ!hTP;gg#~qcAmy!y1yYXFFUT0-Szuu4N_mn`14ju-~%QvKsrX*IHI(zq!}4 zI;mnUt3yx*2MDQ#L7?0F|22LdV)G2rgIqHm$@b8yTo z`_s_mr||&qs_xn0c0?aQ_5pJABy zTM>U5ZcVe?WnafP`16Qv%qwOA_IRWmfryG<#O7o!%29rxPml(Q6I9J@AIyIwNHU+HIz!#QXd9 zbufrMw1QG-eM=wVkou0bY_WwA^$QO=6E?z&Ee$@R2J$XCT|CUZ zoZ*EbX60`|MD<3n6l;oFcs};$e6U8h~s#{-RCp!d?;8qA&epYg4)4 zQ=QWV4tU&G$Z)Y|ZjGhpzxDAHeKh}>HGZ-YXzauf55RNr`+`s(X?!W(=)PiOkaUB2 zuV3a;yyRLv6j~rXL>?h#n`eM%Zd7wr|FpKDW77!MdIJEZy*D_vb@0#CaNwx-l2<#X zFFWe}p`+gYuXN0B9Q9sv^n1tpj2gV72b}7|Q^aB`$!QvCNmrZuGR=WB<5@fZGhOCy zV0s!1$*=BAm1ldTzPVkNH<+%%sr+oOA`fhK9!&Jm;8@)ouBFI&QyN(uWo9u-TtogGhGcx?{z;`j*)iSfk5qbH$8?MSsr2fO z=@z|H>6dj(x9H1rQkUv;8flyIwuA9!jaQxiWxr187JYU4Yh9#k`s(yQcTTtHtJ7C^ zPPgc*({JvaZqZk#Pw1R((O0LR(>dLuuTJmNIo+bKPX98mQ~NFY>h#w-rE~tm^w)!{ zmDb;k{XVsmspVburAEbeD6bxM)uj;l+d=&mJK%l<^CDI^Fs_HW{V2U7Gs@XAN-R)t zu#}YWgdZ_8;6xR-SY|dOLJ`-Aw8!`9{VHd1A6zP}a1>8)M0=SVkpb{q+p^39W_nT< z4{-pN^+wDhXpRh<0&fX=_35b!>BZo&zh4{v({Ryt>OW zN8qM~x9+m65fxc6SKVdVBPz0a?Jl_jS$aC0uzzJPrKkEQYHxSVsGaVbj!h~oIwJ%h74FA7T!}zCdZjyl4Z|8~6J1?m_(N#y>gykE>O#JBmkS{c8U0>H5R(@d-LY1Ab^iM?1~P zipGEJgBD~k%{_)ji&$RbUIz+7x7dQO)E#iH^9ojmc=W;U=xOK#8!=IR~M9{SBo%z9gU>AL6g4=Qk^%-hrAu>UQq<-0974 z%U(H@msa!Qo1LZcubjLcwEPJ5thrb^LxKJr+=@{ZXk7j&HGFh9Mu)qGTR@B~o-uf9 z9rlQJe6q42pSZHBTA@K}B~+=pn=)1+nO}7_;KL6XVD7qq;j>4uFy8zChyEK31^nvg&5qF zy)UpM@bcgTc4t^Mo?M+-Ke{vsdoXYSD+O`|thn834t6jSq(12k20h#Ss%dWzSdsd~ zcR@%spC6|9jg0)TiJE>{DHu%e?*6iXR=MEbDBl1Y0`gx`Gjy^$k zU|~iE3&Dylq!@o5TWh#9nP;}3lY^LAd_XN5cfVgpMnKNqA4q7dfY1uw2IDRzo%skC zhD~!BkTlEZf` zjtQ|3Y{;ug7`e9&8HO{#-=kw7|F2nb|_($Dwr-aw$ zyhZY9-YGAjTt@v0j#~`aUZXf*4{^Z4h`?Qg6{!r<85}O}HMM19c+QTZ{ptsazP>eI9*I|$4#$0-D`6^@diHTF!V ze;epbKn*~pW{saNC@=wx!%wIR-X6oXHU3SgBw`+C-s&)o@62~<*Z8;Liy7R9r?>DF zc$4h`!<5uMD>pk}@mXsAE3nhN)rFLy$VM9xv(kyD!zh4{Wr5%U^F6$i)@G##r7HrH z595OiS%vu?^3&zM`Hty91#4t(!|h&F@iB|s>J97!96wSD1b8kAjl-LRotC1^GY8wd?&#CNb=P_hxgeKpU=I1lK*n|`f>h=O&>U# zK6IE*-UGcP@P~Wx*L?67e170QK9BQHcCUXGnOGtec;J_k?dLjamV5onx_sb)`z2uw z{u1nU_#AlP0r^H~{C2Z^dr-bvu%jAw;DKMsR{}?kB^qqt0YVG>;ck9iB^();;s~5g zSXTlTs7a;3d{9t-fT*MK`A4BY3nMV!s^%Wzt=oWV46B-Zq#9`eLEl0&@6jY+1Nd#e zd?V6<2iO3OB*_xEM<^lKoW16Gj>kBv3(>jLYAb`2e|zN8DR%R6HY{JOw;k`1#X)^maKBNoaxXq49^Q6_9* zlcQ)2{JOxp)UKf;)?>TCdO~NcfnOI`PqSfm#QLWw55%b!kk<1w;twSe?-Fa^*9F!U zb`2e|zM>1P!=14PeqCTa+lJW@>rp^?nT7K0K$(qrNbX$y7Y+e_Qo{o>6lL&$2ZOo> zsIVp0sK1B!lMf@rQn)&Bk3Ae`$Tt~|_gKRbIBK{u9Pc5A1MZDoV}2P?UE{yoLVmQS zH`Sc~f;n*P0&_@5iom0>p4kP~*LKDl_;rCbq@so?LPW$9+LDi{z6^4ZG6atmc;slr z<2XEWoZ>NvM>0GfC*koCK2Gy5!YKzuCB9C^S27l)(om$7;?p#IBJ1IC79OA0kF)W( zOg|cUByo`8Mm&;ic$@>A7U4H)z6M|m%{4OTxS!hUX=?SDue;ZOgHMgfi%+>tt+`E~ zI^65GnlFifThDF-Js_M50?&)&Tc>+>l}wQ&)$_t`>&OVGDzB;4Y0>3*;hlBXY~e$7 zb^_;sz&cBW`dKOA$o#O5m6%(Aj8hi~k6(W7O7xh2VX0U7;z z09lW7uG;G3gEN&_8T&hsHFb zx^xa?W4Kxo@Ey7d#kvw{Xk{02z-H~#7)8@4mC;yAWOk(0Lbh9rUlKOe24Dao+@x~N zm!!``7MS;mHfYbIXfl?cY!IN>d?XWZs%yAlVryiMwz>wrnre;KiAA~r3V_+|5$!f0 zW68aK3znW-rU)o4HQ6CdDDw}OuR<;nOBlz@dmg4O_ft(E+Z*`O$kK{C&}e#-RSEbQ za(YqvSZz`s^A2g|a!XzCSX|ek^8zwQ1eV(q5m$LcLvz-0Ya)U)w#E1cp?qMSNQmX6 zDVhs9SeS5u7FZ`kYPlscG^bEBS}V7}I+>l83lq|8Nl*Rjq??zE$W2c9xmef9^4OaB zwfqJhtjXVxbXgZ$I)D~^NPh%$!c6T$I{OY^L^N`2}c#|{GjP+*$2Hw!x8j(|24|CQ_Ta}^=GcP~5 z2kTPzs_W=}d6j<}Ytj1+0lnD(^~H;ifrn&49iYyz3(T{H(2hga!+e$ZglyE2 z0{_Bx1Gg6{oya0P3{zYI4>Enh)X5G2U!}7P{VK^54py^9t58$C*iJz9?{ua|@B;&# zz~pVUmAS~eouAieN>0fO1h*sWE}d0Ks__d8bR5x|F_`UqF&jNymn ze&WC78l4l3;>ITH;4dy7s|`P)p<9o+|I#UE5+ zj#m{%ITaTR#Klph@_*0e-jxe5blIEasfGOPoi;x9x4g1h{q!|5`jO0j-0^0kC*j zt=fm1it5f657Gh7SB0p?srWrA-zS7FM!tL=BiY@O zo%Zd$4NsV0hS=G^J6EzNodfxsSnmuN%)anY86)^UzY;(0vaOXyp+NkWS18qgzQdJ+ zu)0$!%a=`HIkrs>I-#F5GSFT$))~DRTgL@K_1k&Ld+H$HnGhPrIDo~Fo(J-sB=W%O z9(Z3q=}g@{3p$aH_j9y69Goi^jdj@Y$8>;C$z{Wj0{(Mz(nJQXF+F#N1-~VDOTX%IR%OOrs2KHq zc1v1&hN%W*CO3CgpNvIX*2mw20Woa7;Aah9>C{`S0EaeU891CxNvU*s5^tox5QGKj zQXcx1Py294H3nQD^`*%}zxq5tWSuSLejuNbs>zavpa<%N{PU~QX`SV3IzG(vu0|(W z=h5i}0^?Zn&#yKdRi6DpxL#>XSMtxV?tdap{;~f`QtjTE)(@Y!%*y&4>u78D~sLzJqL4MVA zfd5Otw0VlM4Df&60lrhsv*C9fgK6;d((&JPOKO1l4C-?>d{e^@bbz0y0%Ga|{PQ}9 z$gbv>+%&u7wE8>DFGK57^4VuBPir4lF|_ZmxD=bBpF@2Vv_y1A8IT6Q!~F8`&FSs? zQyTnw4L{TYzDtF~l&8}alLp_DPQMz4?6T%ZpV6EKpEkMdf83@_;qOraG4%m_Pe=Nt z`rnrh|2sGYO~Jo1t$%)|;s3k?e4qMAJct6m?`ZgXycVi;*O7u9)fLM=+#3n2o>Up99Cn} zGa6RL0?Bx#m65lD;a@I2<0V$c;gaz@{brqo%WYswUPTP!bJpob4jiZFMpP9}IWf;o zU_UIBv~LyXzgI6Oj=bQEOpSO!rrSVFG|Gb8Y}82pX5>d}?639&X~$19)<~|0kqdS& z3^f1EH6$mz@#HKxDKT`#r8np4Wyj_X6#5~>=44y+4 z!F0c*d_@BHwzf$6=j#O#Tn0fd_0+k{;{@7Qt$}|y?HRBIS&%qZ^$`fUxH|X}^qfAH zj&a~K-7(uVJiM7Vz>|v;ofr)4{>L0(TGWq!7md6-aUuN8i1tIP>;9u*Ck;%V{q7504Qw_!;RmM?Q|B)sai(<*tF~=69uaF3GeL-{IRXO>z3}Q%lc!aX?4KsqHyb z@P(A!jyw_d;5EWJe}%i@q;|ELnGQ>)KT4)ww6Pn8r&aKCyMhZF-Dg|DZeq^0&v5a1Qp5rWndwc0n#2L5CJj@S<&Vz~n5cqv*N8BVVKoXEbZX&rxdWURQJa_=Ol$vKwqH_l zi9FSQZSU7D1d9;#a(fv1Tb}y&g(&=@2g0W8DpU)NKpZm*GYV z^JDwVtJb0nnyYp%M-PEDqUVGl{)gNl2C`_|>99Y{gExd~kMTYzigJE+$;Tun?|V#X zHh!0e>>MC_?`+b~8&*>QF{0+7FyIUBX;I!Vf5VaGoC+0SP{n=Fz^u>>-@;^Ehi>Rw zor&70Xsa2ORu{qHi^)0HVva?q?@V1Eec0)-AUY%UN$LnaM&`@A=+p5fUPgzQl@A^% zhu^9wL;WF|o>%<`pQO`KLBF&L7NdfutEE95D-efdTstjr0b(CQfW(zt8{i!`%SF}t^~tA@>i$?Sc>F+imf1e zjwFd*8Hg9gG^OkNm+-=CzvY0%=6%_p@42cQ?EMq-^VAU#IWgZS_WWVQ3u70hUG{?f zVE>qSYUQ2l{z-Fk?8g60*=#Yun1-oJfNy;HzhP)DfKn<20bil&cltYp^&ZOc37}u#Dl7l)* zALQs|=ZK9bRvV5NO4?ZcNnU+6R=>up!N7qQ8H{B>tomFFLv@Q>l=X2;GCddgRxZ- zggm=NAW@zTZ|kP-`-4fH>fZyvLx+>)vtepRK{v~d%hC(r>-$0}=cBK0`#PzOG1nXM zgWcw5!&3!$rMAK^qtRv<>Ca?1xIZI86;S5rQyay{v;$X)X8`}xj8BvGk2LPk_+Mh< zuSYmx+T*)+WC1BrJF?KONn^zNU|C(=BdpH&QC8l#q8dG2-%}T^jTvzb{ezjw@hw`A z9ek`vPj1GWNrbZN%Sn*h3)T2O95OnzrWlA@?c9r`RLYq;SKVM9qz(aTT}6w1YjUp>`k;F~cg%J$-^_hsoN45#EqjRyj571oblLo7@bSFBUfSEjBZQiKru15|T6}dC-?xBBD68&9 zIiOjD%Sg1`kb9s+Gqm*Q z4X>38EQ%pkq57jL3Q|we3@5tnQAuu_APBEVt8Cc+zy~86CNgb%1@m zYWeRDCPKJYez3cAK~XmtI2%^ID^PEBPDI@Vof7=40|K&SGVC8;&?kDnYZ+UH)@HPf zt%0rbSN6+o$<@u!r~tNtmNrDmF-)Vcy0<(8&by)i^Ij@q$hC~=DMtksE! zAW(_Qhx-MUHn@-_-9Ex+&B|jU>Qn8A0Bk!vqRxim0an1vU|f=T1r-3-+OgyC;S{V- zprz{6-Vya@coLA8*c9WfB!;&Mh96EvFORK2>rrq-P(9Wr4Ex83&9DQET^5QF8<*Je z?5yE~1*%02b3sL7L7DZUwhhAIT~J{WO!Y?A#DZ~l>aV4wt7WVZkQ#7u;Mn}{A!P?# zN{iocqy-}s?-}^z_Y8O)+pBH^5J)+{R)HTwvv_TPtqc&1Ysd4-FP2j@!xwd{KG=O= zuxoeCD@ZkEB0nBiB7TP$k?3RsdPWjBe=}i7Dgk~LQG(Mp6P}f@kWyk961diae0&Lg zEO4SX!%cEl)J@90{Du8-N@9MQI;EKFHL_P9AUrOaSb`Fn(c9Du@c+ta;L*V?V=`n( z)W__RxYesN*NP~pr4N#5A4I5m+9q>sH2MckGkyc2=sEiK>f5W&#h$~oDb&y^lphU& zxExYN7-$5RkB`V$4Xd|Bg1D;G-GBZOE1IoX|AEB0>Q)4p!Gllb_oO8DaJ@ml{r1&G z;V4-TV&|evO&kGBfZvLj=lUcEkJy7>0P zy5we~GFkg#yY_LY-B=_o52^Pdof7jZRCjbHrK7)S38mwf?&;FeO)dBWdZajpbUYZ5 z23Zwb%o%}p&JXZ^ou^y3Z}BNu1U`kfVjXXeDXB_q zmlYQFiehhT+G8+le@oYnN!XOH02K|+L{3=dx#B-`bKkWARbfOq;a%Vh zh9rc;H#nSg*F28z@G}=qoL8EFNAz2rSa%2EtTN}u?ifji0*O$pu=*s#5Bt}_L_O?i zK%ne>;PeYY`I7q4S%zaTBD9Cq{YW=o17oB+3(fvo?9C@EySOlVXxYW*L^I2;ZRvJp z#tbxvp@vV0QOzJSiRh`Q$%Dc0j|sMHyb$r1x{>P~#-ZdoaGt?SSzw{N!a{Mf5cDJpR%k^c2DSEy}liQG`-X3rP>nMofrnD#U&VszbC&Jy#qtUXY5Ea z&_aU;^QgO*uDkVJys9rZ;m`&<1<1N9nRTR{bq{taA^uy}vE+#n<$Ht6Tag*?M-9(b zUW5fNR6S&$KtA7v&y*4K5de&&X^f6!jGlkLjB3hdOONg#5z!|Hp_nDZ5}!o$i6K-t z2>54Y1iOw_pPVdJBT~;Ebv?osL!LSa>ETxZ37bP6XbD#v-z0IKZ{u8`aRx;oG`>P) zKOlHOw&H;xgvKUIXgm(p9Rs3DwLJ{+L3QA&GpV(0XqNpD6E~T7Vas@(WICxD7*uzw zK0l`67$DZsb65bQMv{ha+4VrwK5nM zB<=clte!*i>1oNEk&N=-p$c`rL{3Dwl-ecZ>St!QetXoX+hB7QTlK2515S|7i!6hg}3hm2y_)U!6C z1L4gsR-}U@%QE4o@UMHWswc!68)Cld2Z+^u0K8CT3A5zW83!WE(8LKopfVvEb6da? z85y!{WLgJ-U`v6pdgfR99HcJ5U&Jm}o^E6cu6A;(=&LkOo#T=(wzHKn2a|Hy2HN0* zBBeIt^w#!=0vjlNGHd+#_z97h@mz>!-rX(0Z(uhARr~O@gm0WY{Vm8wq#=`B_=ljH z(1Cx24~Bxwt-cmf7O?+ODc#a~m*_?w@i!=xJ2BeNcr2NDu4E2bnR&E?^~;*AdQ3=w z;vxK|*7X%m#1hE8g6bAxPpf_>aXP~PS-e76s2+xZ!6p(&a-8wkWDV7=`|&JlxDWA- zzG5D(fke|&ND8V+X~1{dnRC_OPsCKtuqwGhUKlOFzv0T+6ZFD`9;wJ(^8~VM@-M~E zlTqrfxmRF>)nPp{5vJvFKR#s`8K4{B6+#-8{+gN=`fq8gM1sK9?yDaXH%Jr2`FM@l zg`78uTikrKD$gKt`fGM=e*GBPsCe$kcPQmWr}#jZjJ8}I-CoMxEY$t}3h9dJ@PB(h zcI>%%7E*V6p?i^ST8>96SNVqnHBQw)0Bbc&Q8RH(bNME6Op+;Oe*qh%W&M!Xo*p9< z0$%lW4_?jNry5Qt8L*?pZJzYO1SZ6;tyHVR*<^bPDk6153189aWrG><+xYyToVBZkbn!kImv|BZFDsIulEEj12Pxyi(Si4 z6ItUV)`UPS2;DHZuiQ87S?or<0t72)(eWG@KVV2*)`;%0LdFj`vu;%8h_RWmvlu_1 zZ{4V@5o5DrC&HN$;uMU^9x*mM*2DG;)NK5c6NXUzy6V{&081xWaw)ZcjmA6GXXCBu z6OMx)OP0AFUa`+rm)m8UxmS(-=}T<^cB=7*WL`t^o}SE`+;h_U!>7gc9Cf4L6^<{? zaDcw#4JTwRjE@lAX^uAmkA5TDY(=7n-qo5ur8y*ikg!=QhZ2a1llhn&;+XsPzjtc;*z)MEE82RZN3*ZM1>D!+ga}IW z1C1DUJRBMvQujV8;bpv18Jb$4_62l(^uPE^3dWgJX8qmR*K2J^J91GnN&V=E^VQ-rcjw#?`59oOClqkfIBqr)c@HNIHM%bRhl%+Kkz~mqVBvZJ3VprQ>Xow4^8^!Cq7^{i%5Kl7ZwejOp8S!5tzT zFtiu?BjxI2kES4EaaO&^L8~^NOu!CXGYRZA&cb)iPS+rA&AF;@oUl`s`enzg=@e+- zbsF_)QM!Dmi7BKvEmgzV(S3e5#>N32g5dOK19r-d1c%Z-kl+lc_LL%crvtJ44D~S} zL9{R+{796C|3-Jsa6E+KM{*YQHuL`0fOA{U0&PwdbUD6+6A28q9Nj$Zw4Th@JJEKk zbq?edZsO)(e5o@ddP9}$xV`umz|_YEV?A}4JF+WI0)Uy9!#tf{@~y1_V>R&TtGz^qt^;lE%@cmAl0 zmy@in+A$drn-@ZL9*-SntZ%UsjCfD$(Oz^C4rXJMjVqJXSYq6RvLMLQmkR$OMwRLd zK;WL$nK=KzKt)$+B}Uf+haoWd20B!-*?wuG%p)OH4HH0c0>;65Xh9z1YP+IfZKmp% zP5QZbk_lDz8at_aWa|P5FAmZW;+w??K^7!)@HI81hSlEttSNQLaJ|1DM43YV$qTAE zh)=}kK~*1qRJp&|<(9q%HQ_>?zfo_NGCyUf^j9lGb*BwDecns~$r&G#*2AH~bzoHl zQWW~{gP&m60@~U)F4m6mzvODj%-MaYSfCYVRYrV-H#X9o=&UafN{}ImF;tM|lg5-S zl@mBmCWZx7J{U;aAL|AEZaNNGnSz)@Ka(mTmKQyY&*G_8|4kvR_1VoAfQNKcKzj0T zS5>+skUI?$tED&j;hujd5~Y#sT{!>HsN?+OL!-alCm}Tlz0b~q3`KXHVGOjBaD06| z_+{Bxwm7vdjjEs>eBO&+(f>=ztIPy8rKX@ZQz4!l>a)S^UgFr??c8!im-|(|Y)1vd ziN1%SduKxsL`JLM3J?$0k1tIJ1A1m|?v|mqms3rZC)tmWU>dptA^{y;O!Blft5UXd4g5mx*9XiM~p+3=8iE{NE_oJXc#AuLcby4p7vlCJr1Thddl|4#NMYP$;<_yd$z zDrCzy5#iLNspGq>hed(x1QlRCxVs8cI#aBr{R$L}a%=m~abj7yR{ zcw_aoZI88gcScXdp++wKZ!hqu#j-5`c8%WC-rW;r2)jHj9q>dQe?gwQ4O%g9K_g^+ za6JaRIEx`ZVO4BHaMxUcls0Ntp7!p(s27EODo^{crOYTqa(nkucz*`%P~$leUDNGk z?8v;5q{J;YB_@;!C0f77+PuB{vS?u_vB0nL(+Ww{1Yw0acA=B4LX9ZI$s1rZTK_7m z`=mV#I?`+IhhX;_b2wkkH!AR>X8gc~1AV{Xkl|~TLuXfoTDskgM|DPjdn5S5pz?~f z0ZuDH=GY+Go;-y-*iX@g^Z`nMhKl{Y@%hmbn73VJt&_oz1+(Qw00^$b+b zK4?I^a4Xf1RD-6Ff>;n|*y=cRJ^DcJM%3f*xk|0}Yhl36hceiZht!Sog~0j-)l%67 z1(MuAcD9Dm0r3IvPuG?XgJNo(S zU4u`;roanVkCGyASpEh&*D_9s z_WQ3ztIKtnk;dI15k}|&Vss(OVt0|4(EHjW>MS7v<8LBN z<@}QU=tIOtnmGd;l9Fa}-v#IS+d81d4m#TY7XxkiAk4$1OB4RX~DQP!bX{kw4?=N{G#vvLca`_Dl?K;eDY_aj{QH84)_^M}9djT;|ZDh=oN zG}p`otZGEPg?(T9ZJgGI0^K}`3v8^C+TQ;=sLgQQ_sJzJ_#CqgN_RrAa~>Is`ip;D zbO%JgXkSx#vMa6%r8)24sTXxP%ZZl0zzZj#y4(?`zKbvQaC0|LL^Y!T z)?X`x`L$67_Xg7GlTb?@0m7h$6B55KX%>OJDSDAel0*rMLDB0V8B#p-qd!eEjoc8S7JL*U0`O8V+6l#^o4Pz{r6l ztg>TgN%7FJ7^?L=Ot4`busoh2V;g$LYFWJx$%Cs$?9X7Z^#Cb_3CsnK=MMuJb90?% z#Bmlw2Qx=hTBD-rXoimEiRG2MhSNYW@h?Jg0B=ug93P%{?E8O#<jUSS+PVJ(aj@A3p8YwrIy(1{U8hUK={QSs*N6H$q_#IaT0M~vPA%T$Ugd(M z59|f4870HVy~W|GVHXFqC%FsWDt5)pqaK!$meCIKGz+6IM|*&|el#!c^Az zAC7x?-eBZ`WP}gB&V?@E!M9hbW!5HfET`7tZ*!RrsFw@-#Se5_D&bPS>e^&YdeXu{ zmj%gl%yu@)RvP3JHN2CJIa)Glzp(R{+bugUsNM!1=nv%bCvzPeYRYs?s7Ux6DJde3 zHnyND4j0@=wCjlt(O-`x|HA6(epDo7DALF{s77ICx5hTED+)}(s;!aK_o=zU6;6vQ z!tOB#)#>RlbSH+tLMKTQQO%eoZ`Wkek~Db@9ppI=EpE&uBXbO(d5 zc$ytn%|0@V*GOP^BOdCxHtTek-NLqfZ7+B?fLAXyjwuox`LB=iy!KXC+Ygg~sAC`>7jAXbC2Zfmkf)fpj9KiU%|ROcl+*nY(NmGp5UskElN(4J_wDZpP{S=xN)c z?@L!ZjB(bulkv84zjTGr4If-kV~3`v8)@m9p4Z~6N7mC`V;9=Z<;0GI>6i%q)2Nvw zS+v}^c(Khm{$#?jcn7*t5U>e9SM~iD5!H91I`AvyM^gS)7*A`2wEW$^$gb_&WWup( z3#*AMk^%&}^0QcD+v55pEw0zSCB#ZjBL_MEr^@J2bQC@t((x%x!^ciIHa?@C6BZZU zf;0%KQt*`}(V~KrPt|wEsb^X_i+?kX(scgZf(5I+Olnw(lr)MqM8EF%{`5B;-qAiM zwrO$a7~vITy<1A1oQ6ahZ;l^Clr0^n=u2ZV$_3S{&yzrwE*(FZ6Z=Pu441QD3U>yliX}FT&l7>u9b(OBFt8`WVtn?Go1Rm>DS9J}KX#(%~ zuHi}9cHBHb6Kr_92=Dl=;W16%ZEWZge<}OBBs^J&a(khmCClCnG?M6A_o8!B>}BS1N2N9pi3Rn-w-xX&RmJ}u$J}k^z6@@*=B^bNlr0B zfAX06u%t_RFiq%n?{mjYSM#4?T9W?cVRdiU@R%m>Ms*EO$`0rV?{UH#)ipe(3A}IC zcZr{r-MOvIpXw_D=w^F7vW)ywPi|tnZ5d-&<13Y3*D>81FRAqEj_DSEq|z_zm~QoV zDt%CgbT)wlW{KTwpGAz6Pa{q6L0n?JNZaPtc+n)0py{;~K&r%&jdZt;gsKc{oL#UDDoPv>-t zKXm$+BIDERPvSpo1e(_8qNDNanEq0ybelgk{ME;X-$?j>78%oJ{gOVTGkl9bto9!p zzONYYCmb8Tq#x;&Zu5tR|C-EM>G;|Fq0|4|DLqM_M_B)BGIY|*cT8W>seYONV3Ja( z&L2qH<2s}xBO1koHjsB+&NN=)6eLq2_aKb>@CQ?2f80g2rb5_bB6lB40U0Nf&dJ^U zM`1k;fO4raHrV)Q643HAK<^Gp0s<7=p3jWhZlsKtlO^s*EAeEi1ZFwJ&u_coP9XN$XppP2FLiHQG$nM=uY7HNW^i?5ls_x*129SfqPG{<=(xDo~hpl`0b zhUdF@^0;eg^^7O4yJoq5%8TC4r7L!d=S5(zqRAbtRC(xe;k$Bm93MG`iX&V=lLh@@ zb-UB1ia$~%J3C>uz-FtcN3!OJLn@^6Mbu@3_T!js&1o#=)Yesq&ts3P2AteyAU;{@ z{08n7yMK)mBU`mD}_(TuHncg-JImUo7)25L~Rv7>l~ z9A|l;W?%RleSQR+mcv-#qYtvbuL3rI$pgi(3k{62n=PZ4+vN}lfpH@0ZX~BC%|a6H z)BNWcz{=k`@_f}Nx^Cy=l$eV7B2uRx#J5R2)hwfUt*v_#OkwD zEE5ZHST*Pb^72rcIG2bSX`oS^XnlkHDn!FnIo|E_GSo?Wmy+J4q<1OlJj0^oGt@x-aH8O_2Xb(cN^ z1R=jfs9}8&r~Zmoo10OzKA34)m@y;^1RH`94TFI>Vy2)QjQinvB&ho1gZWB)Q*MXD zOXkKQzmvI1(cvr)A6QQW*+~fMs1~Ox9EA#Dy8pu|`*AB^#TjX>VN+1B05+9>NB3gC z>s@paBX>{Y_tK#H9X?A9v-n|LP>qoqO7Q~Z?zdA5*=lbOHx*v_iee*^CY`E()t#(ET!4^EgLv2R=8ft`v#G38h=n z41{OKMSvEJiLh$2hu{p{tb&1@Ol<6WXBE$mAPzhb2XyOz-F5qZb||s_sb0r*Vy=xNps)O^FwpJW9dxOvEuj0#>=_M(Qes8V5hBn0~5Jj z%i7GfDxk-n_VU08Db(QHew&wRRPKna^ou;`WUrKQNR0jcTiHC4~ zNmf-;B3p&Y+~DHIg>W{3(Pgpm>u%j~q3W5|DA>Cj43Eu2+U%V$6|J{&{?^V3`?Fj* zoyUIC9xW@thV2g~`Tj-N5Yy<_2gbbuTm-ANkopqELse=fikkZdABohvPOC(ovY;wJ z7M}c%Lw27qU0F!o^|mEKY)iZK<3)r(Xt|I_OBeFuX(s_79J^y*n#f{g9`2)?WV4*; zgGR6tp_$>I1+HVL$qhs_c;0e59rc9O$@mM!LK~JhR8XF@14@d%Wn`*J6eW|O3*am? zb^_TA6_=sLI;pXu8I#9_*nXahIv_q^jwbQp=m}*DJlWW`dFCs1r;Iq+I#Grx_(-0e zZOp=Xa7|-}!(eyKAc&~Mh2^RTAOZm|pkhz@&opy&*9=Bte5ngh+}nvS_27xRg)(`W z0E!lD4Do7S;WEd1aM`AI0{!Eh5K`uB!LPO(l?h(z0`Ut-%j1vW)|=QhIw48G0_fM% z9!O3MAB}^Aia5=!6lu3*+SlY?ubik0U5$RH1aloN!E({FRb2cKu`?AVKrjPTjcN6n;l-!Jj48F>SH?& zxA-xvN^pk&ghS>@EEL#=*<+WLN*>YnYTW=N1mU^*Bar$)pb=-3G($u@`x;ulwp8m5 zbRcen??oOdQ+2x@reP3K1)=I2ao&6l$x01vbp^gxceAXp-(A5CHA|s&*AyTPgEjv} z2Y|#EJ0)69)C*G67m1mHO7pNqnhTWSNx*?vWl&O7cc3Lat3uKCPr5rzpAG-6_wlZbh(b$Bib zyH{}4gR5g6brQ6EIp^n0OwEL68Kj7Ml_}ziNa58CIn2wQwO4p*BlIo<+%dn&3PEbT z3t52ri=ZifX*2-GKc~v>Fw)_f2(`hs`1(B-j?wAFjnso`-~$26g}Q%`HehVIS3L$R zH>C46^mVXozXk2Kjr=dKpPbb;mE*AO?-pN6oZ~z?Mg5JBa_eP0+6U*Ca{Aj+ zj(G&sF9*%Q)8ZNRhFO|9xC(~(!Z3B{JuNi9!Eac7@upagQCQMuB&>GJ2dHd%leXb0 zsA6h8Mx8A`Yy7{*Cs-kE;LjTW)BLINKZ_p*CEtW!D3h=^--0JP??%?Q_=xVL>JN*D zNw9Q)loG24xLN0dj3Enmf_2GxukjcBy&1pIDtzvm4S2HpaWW;&Q22Y+Jk0#RMrw$k zhX>WW9$A<8l=5?g0yUZLpJcaxeJ_{`^as*JZ=3dRfgUWVBVjwLc?iJ z#=!;!2YsK!`q$U^zXK&G$euj_JC9EH@s@fX7k zjL`tbp!ua-1Mol;Aao}_rM5I0-UYqXFr=jTZx=q9HU2&LLDQUg{1}fyOFXlOs?4Y4 zm*#bRM>ZFd*jK!(NOOrikQG-KRj+>3SHWgjkNy&$*m#niD^kw7+*N|wxm48K+wj*L zorg*5mZH;QXVyb|XWu{34o@O@5qH~*?L(tb1#FO=(35zF;!SK3 zEZ;ECi&MRX-sA*Cd4s!v=T6hIgED6f+UJA} zy#dpuwpN73cyn)dBusEIkwi~sM*=s32STF+Ay!W}>NT$mpJ08iACPYwl6cRB>%UZ9 zThX(Asijdv6Mxp&JfKCumffO2(dY+i**L6Rhy6!S=)5iQKWk*sqDZ+~l!66i?AegQ z1#=;R10;a)KY$;Eg9(zPaft^P4MA;$As(ZD(XcPO($*c<&nXf_16@L%59=z2``U%+Hg%y4jm}|Djrpf}n%~?Adb87Sw=D@(1n4Y6b z=LozEQSytXnYE)G*lTD?4G!LtS-wdI2R;%}d!fx+W>yO6t@)=eI~)NooMQ>YE>4*5O_)&cEjC|SnYHi= z_jz0)iVXvt8m8IQB@-g~-pb;;pVzIq{aMR$gOY6KvE4_V27QeFOd*Nm}3P>?E z<||i2xT>mZf2+B%Nu8d(F=W2M@#d*_ln&kw_Hl*HZ_eL+e&YPS=f5n%e?qj^gjlb- z#Tj)sq0bQj*}eV;bAQv9v@ztU?^U;&)L7{(U6<)z|9%t?8qzUf*_+CH~nZ@-+e2KTEB_OrH_oBC($OC*Z7%*oH`_BTIoHa7-#Ec@W}Hx*7I0z0(-arB9&*B16ntOr`* z*#E&sPey3}2j(ueY5#1$H(Nh_kp1RVBuT~ApHLWia(lsU9p$}v_5^n9|5{4A@cU-l zNOKF7bKKPSAl3Co>l?e@`23Asy*nv4Jz0MG`TGa_asg7uV&8D>lr8*C)b0MemsOq+`G56q)$EwSPy856l=X~d2 z;C|{PzZbtw{JQqPvwv6ooeWl9Wqy(9TLXGlXRaN0-f_5R1BD3@>D4s+#xLThj44xM z@QA0%@MVh8!;#Ub#_(}^GYT*N!p~XwBtwIHqObPNYksGjCP%2ks(i$p%t?X$zYCm z{{Kw|+yYGezcn66)~;mxb=&sAbsO7e@juz0{K$~+DSp($^_Q1&8_B}=G&}i1_x-O{~XK}WZM{A19%cK7r52P zsKSvy#glp({eb1l^yaX!484=+y9?Q;z(-)B?@F-w+C|{#wF~hF7VJ5J#?l$M`jsKe z1mn6{I2V2j`d^E~zlP6`;CTwCepFXk8DH$;O;q=av!Mk)8YBp8$@Ilb#fx(Ym7fBM z*^lDHGoyC#VFX=na};lk_Q4(Ft^3^TdOv;+N=qH&8YA)yCw2Lso|Oz5H8;ctai+S#7=YkfuixQnA41TipDsjPnloWj(4G6b64#cXWPT# zJp!bo^qpc=BGl6@CbG5CkfOzh-76Y_XrS?~?AGVxq4lr$0oC9H<#%|}gn=*1{ZhDV z@?;0v%ZmhJb=J&i4-lsfWNEv=SO)*_MihTqa!5FmP#wV3GGz+L`g3CrlW)Wy^&fuJ zNKHW>Lv_0=JATnJl*xck68@@hP#VReSl@WCkK;`A<>y3>bYNpC4`V)=zR^YDNc3Yl z>W}E5B)2In0l{M~W`WP;hIYt>rKlC$#6J5tu)B8pVRNyo_M%yo9b*n-(cmh&h|t|N zZ=r1QfoM)Vkrf;MXai&l5b0whvRwdB-&u!z)>pNd1Cx-MaDQ6DZU5jR2?_B;X6zia zb`Xk$D86SR#eTjR#qFAUSRWJHq2dFH?AYaYEhixxV?muofYG6LiNRJne5mbfJJlTj zg_()jddwa;o4X9COqtSbUIP~t=C>$?c7wekA`^;-Gv;RX6bRRB#y)PzAuW)QXioHR z#E?w%-z0yx$lq=9cf0(33x6qsKz(zJGq8iVzbi_zx454h>2*IhrCYo)H@gW7m{UPw zbB?R{$lM+MK(wqFHg#UPqXv zeyD!?x5xKnT9h!y@0(qVO<<5pGZvO?UzizzmzNKRcxiO6X)>GsKk~jikjlUR`y37- znNhM1A$uk(dzZb7?7g#9_J~kPij<7XN|c#wWt1YTLMXD!9+}VkI`qB2zx#LJ&-4BN z`S7~lpZEUkbGZ%&GKBl)a9I2=hriknd0%RtN1^N`hpjqFd95AuP(M)2otSoqvJ7~6CI?KE^gYJxirkrU7Pup?>>)^!d9 zjIbNrKbZa;AhF705%8f>$kDq?^AtH7X6)eQ5c%BBa}jo1e~z&}u-iYlpgNMEJOZOT zrUPDaqR3&q+ov;${E;>6CHRz&put_=vE4r03BBt(0yX56`XB45WfJ+vc1>|XgOJS? z$%Y)w$a>d+DOme_4sI?#tKnXeBW4dr*eyfb*Y|!LGcvBz8kc(ozoP?poh?3xqMCh( z*E+M2SN9qF1m$I&U7Fj_q&Qdu%FD24cWHEh6+$XLdzA#`SupZMj5OyHl($4QXGJu( zL|Uafd=I?ThS)O{Q6GFs;~EZ8s=_}#9Dy6pSlr#j+Q(SjU4(@>^6F}2TpI&xunxJ* z9E?LAXyEO3Ml@rj*1Q(rkF`L56VW4=|D=akz(L$T8G);#0SwWkJF>W%_Ez;Sd|m?X zj-3MDQJ_cw@QnOxfp5VAhjqORA3~!1XRE^Nz+Y>=>FUFjAbdiBq5vENumX4iCjl}5HGmG_Jir>@4DbS60z?9?1MUGH0iFS>0F8ilKp$WP zFb!A)pmHcsqySm~7QhWS36KG(0rUW709$}NAOH{!xCbZ(yajv*Yyrq%j2HmifKvb^ zfCj(_fRt7kw<rg2E}bhUG{bN8{c#oGJ2+xR$nz!Br_fpzro_Q6_tf|HFEPWUH| zJR);Q23FRtcBo}<=!?%m3Jic0a2S9E@B+jEN&q#02EYVh3vdMl03rdm z0V#k-fTw^`z-vG&;4@$nFb{x7ITRScVZc!U7QhMM1)Kzk1LOco03Cn{z!KmHz$Z9x z@DL^Sk<+J@_4Ks$WMp7m?7X~Cb^#W)Rz6m!08v5sv?&yhS~$7e!(8swJzeYq|I}@~ zT>rB1vb%`XZN05fUI05kPm6uiJwI`65Eq`+j)B^YiI52VBu!v>gr*G$Q9JJQ4WZ$w~uw8yOkTH zM0jsIFTcNdFFPw+TPH7+p1!<=HO#85le+`rYYR6!e~*WY@9lxI4RnX-E+{*92Pbz3 z=<5VyWrOq-p}0D7n}o84HDqUF;pt^(VdLTEiQ4Zn3dexn-pLcT(;h`)^PAat1$z2; z>=9QdYknJ)r-u`)N-r#nG*-({Lj%ce<>q9A!p#!+So~RiPTokLoNS;y`Y1b;7s?Oi zgtCDeA4(7vfTa1e2T7al`PbzF7W~*nU460k5J{Td zn->cM4i#HoEXv0bnF(ojS6^VDxcj0?2pq_1sZtga;jYGV;BpQ^VYTvPyoSUz_TR}Tk|zxnB()7O&MRQ}_jgmbjeP?p!S zkk?YO(1Z$DYgj02DXHVC7K(ZX7W&GHhI+~tTG|#$$~t<=it+}^e~W3TuWTW&qobj& zbr#E~&i^+JIOr*g{!f9X(%<_57H9Po{>|i!j{MobCjcXT19<~=MQE0)x|T8)3cMGf z$cJk^Ov#^hsHCnZiDk8s6!7+NvlH-uMG2c*05+lkP-O1hJ>cy1gC&PMMgO+G_75dw zeJSdl(=pJtfGuqSQg=IlIGk+l0{$*Xg!^0833pcf%?HsTdl{$LmwWHU!X0}kC1n*0 zc_k$abuA@j6KE5{t125jST%uA^_^=3#3GrxbE{scRWnC>iQlD4SR)!S2HG zDtgMwe+l+&w3Lni5+UaR7KwpHdhG4%>FMDGuSCe}$bP%AHn1~%?65X)u31~b(Ss7; zMxo&QUwh8O0ttf*2})DxB-Yc)%LnUW|JR=WPitFKN%SAt>8r{AQ#+x5VwfUuO(9W9 z>|)1eec9uIvMJL>BZ&pdg>#R>WpDMGGZducANY(mji9QH5@Kr#A~p26Q0ukxd?+-B za4^khA+4doDQzrTwRW!gK?8YvCMlZ-?-XBtq|cebykfKdnBRVSx-uzl%|f}YC-93~ zLeAAK9UN&^P0Z=lwRubEz{PbqilpL%I14@hmK(1o^&xS618)+$S0v7U{B4b4QM_Ka zGAHY@&e|W#^^7~)n62yDLN|HqBO76AUz8}>vS)@f1#QD4IwDswCJleJ6J^!KCrd~f zB+lf2*3y1^-*m}?-|<)Y4IdAi#{q`}S|f?@TH-f$Yj4iD>O5M@{$0BmaIqQ2lTTRm z)IS+2m`ym(!Cq8I_#fM|KI8m^jPZNBx#P$<3rK0sB4b@W5F3V!w|JS_5;Ep=odo5` zxTk5;6(M7PG|a6Z8Gi*l{A^?nYCSxak$H%JF{Xvg#rM+PUSvKzVlOWubMpKStrRjZ zqEs#H$lToKaOyzjr|Zl@Ixxjm#-~4oMO+uO8v} zBgou(x|5M0^SdR`rGm^cM;nJ3GS5G`U!O`lN$Sk?VPvi3s-=BH){D*gwl~O{d3Q~I6j?Xkqc;A? z+R3hb(TA*`trv3_kTql}a6}PVM_vW|w zN^91eARCfrhkn;$Qe-LVRT-#74_>5?48j~=@gLw!Vr!ART<})7y0(pmq&EGu#vzLP zuN@c_%N1na)%Lv6;10Iiy3ZAIZg!(jvcTh=#Ss(LGx2mvuFlxg(pXNoi{SEhx@6~J z&j~kpd@^vK$o04L%F)fr#tgaOjx3a`ox6;*AeMszUZdSlOaB*d+;%`2BpwKo{X6aiAqLgD8Sz#jKsu5JIl{eL_t{)>&`zl|%x{~1@L4HyU@2);Ui zoBtLgnQVSDhZtu{Kv;E3XR6Y!(a{^ zAR;<=@X#SLG71W6Y8o0^S~|L8#~2uxnX%a8$JyCAIJmgDxp{d71cZcyg-@Oo6B8Gg zl9HB|k&%;AR8&@0QBhYvb4Ei$TU%FGPtU->*x1Cx)bzpyb8{;zYinCu2M0$-7Z*1- zcXv-uZ*N~;Kfl1hOP8)(2?+@ejfjYfijIzry>=}={>F{O#9Oy+-@bb{B_%EG!GrYl z%*?E;M~`xHa&rp`3Jae-D=sc6DJv^4fBCYis=B(auA!l^@%8JLme$sH@7}-v@S(G_ zySulyukXv3{{F$i;o*^y(a|42#>c0orl)6T=jIj`78jS7*Vfk8H#fJpcXrVGWoN%I zLm`7Q0%ZXTdS~xzpP-pXm`BJK$QFPw10h3?z}EtLVV|IxcbIp`;0p+@f@X#@2_+5L^YB@BIae1&T$%o1qi{punTCD0uKd0RV~x3OwkM-{d9&Jpc$!J zP~g$Pqk%^QkH%ubR}cUc3lwo2$VUV`G4Sxj14RrxG2{b104U@G zJrU>uK!GQQd_<5B0)sD5;E91J2A&vr(1Wia04U@GJ@^U&fC3Nk_X-|3KqHYyBDf0h zK(SanWDf!GFu($U#{v&>&;#&rn+yYfY+%R+bk7iYa9{&Fa0cLEKo0;O{4gK~Jpg$G zgA6|vgoOuFKw+2xzyrl%slc5AKm~3T0N}B}gB000kupoiSRgB=t!a)BUdTxVcQ;zSsr7&OvAvW0gpm{&42X3qCHPT*9|cfKpp=4p?r^1m{1h-?5Dowo1`v4AU;$u<1`7Fs z2LOfqz~fR=Kz<6C5DFMjr~-h(00R$t@Pqsmke>qb0}lWS`GJSVBLz+fxFFwq13*Ls z6aXS*e(*q#%nKgqfyV$36o4!fWaQvP!7W-MH249C;1@_x0MO$$1L$#!67;}>A2Cn> zk`_rof+PZvKz?Makw9+veKX`2evuu72YNivH1bHNAizxx^qvCrz@vc&Ip{!- zLSaDyKyd;Eps=6?pg4hYf*lMy8UT6<&;t*C0MG-E4A1@n1G(`5$Z+8UkfFtg9H6Iw z4Nn2RrvN?hXy8E(I?$u=u;2&4gWUK4Jjjg?z=PQMkOTA-pr-&m1?YhXKLF@~hj!u$ z%ocpZ$&54y02DV7aMXeT3k(+YSkMCx01A5G_teO#kCb zcr4fhfPxkfNll|Br6=;7P14JUsj-k5o`jwgD&` zCvO`hzA(VmWB*yQ9Xw?9=Kb@{h3Nmf7l-I(cJ4M7$m37A9sgf)e=jE=(%bwmdR=Yz8a z<)8NKhyLS(oJjj^{L=tn;pGdl-#e|4oVd2(+KEewL`MQ4eL~VBFL$_hLmihFe$b(i zLkv)%xScHrS2>DMgh$EYWKf4g6OrR&P)BU#K)NSGv|x+afDaN6u>?KNZ%>EFzz42~ z9DwsdY(cgk4~Y?q$oFLXwqU;B9>ixq$DRza#kCQa7coS90Js?c>JP51h%K}M7Yk>vj>$l-#>Fc{pr2V1b)-vfL51!wZF7!U`M<3fTD zE;jh=#lXdcXh=Yu?2q4`X#ZwwKOZhIC~!7NJfsbX4(I!)JxE({4uA3@hDcxj)qY$z z{1Gn7%OeqW#+?T-ZJ)(m;VgbP2>)-15AnrK z1tLQ{q5O#j8YC{nl0$3|IWF#A9ns1m*^r!2aJsz+NUXh_I3J{4V22c3EL=a3czf;L zi-EKS@j+t#>C+z{oCU-{!tReC7K0|jqR?d zp+FyyHviQp#0O`G=)e|5B!@zU%HgDl0=riSg&YWB>I2O=n-hby9km`DuBg#d|(Md~2m zuj6z`Jj5PsK@M6dSg-+^9O%F&bWewqA+bVnLGZv1?jtZTC>R9*IG_{&du9I?4H!9` z4WdKi>fna~Kd7S+AH)~u0x~2P5(DH&Oq>tM5F4Bf@*!nUhu9!MWO9H%x;@z+e^Bh{ zaP8cy5FO%!6eJhY z4m>RQ01ZWCK#?fO6_JHw5e@)##1Gd#kRU!d8R!rnTw9=y5kDeFfuV?Sy+#=vF}|uPH=K@^YHTV3kV7ci<}faB_=K*DRo*} zMpjNB( zKE8hb0fCqF6#vWYqD>(o0)-r%c%m z?+Wo<*hm?@cIz3zFc*b`YgJn}YP{oHdM>XGEn3#(du-kz@ssogBD=+})JQE}K7Y^u zW@$k6$K(6{Bu}u8J0T5)dW!$-{W~w4lbmqB$%{N`M-~fG&;Vpr;sex`l>gBicTTo; zR=5Z5;DeMHXIZvxqU3?Sg&uOHZ15Asx@ygivv4Z=Q+JAY*c;Tk zl1`nh;CfpBRp&}uS#PB55n|P{FTJ$4=r;pnpBxnW__S;|Wx#7&pknw~=g*>Vm3M+U zoRx20sY(suT~JNUWLtAhEcw2OCZgTC9`zaPWaFe|d@*~+M z$6fq&h9;cxk-_D%bLSf+dIj%OTP|`RFaG#uKFX5wXrTPtIq`wY;=#b{WJe_}7<#*zFqzon zZ=T-iUh;4wmrz)a2v<7DkHJPhIy2wuWS+*HuHe|ra?f>Y)#^T}!+cD4L05*Zv!j5) zXU-h*JJ}+-1+E9@+{dIYQR~c0Ri$um1~b|%Wcs0tBxKILwT~fF45y3!6<_+$L%Hd3 zWKgYnoYZGuj}dQdL)1g1V{%WN8;q>;yR``YWlwnx@6b!*r75s|>J(F>B7r|8A|FVr zUr=xJ(m!ySJ~i}nU=RD+(B$edot;rBjllAn5!bs_g!Pzm?YxH9mJj6`)6L9n*qrH# zJT@K6^j&3UUPw@T%<4%o>%zNi$%1K0%3#V{9!?eDqXq$e!>hRpy-mBpoXx@x zPrVJbh+`uFUV*UPKbuXo+N zyLq;M@#{B{;CGMYsW+`Bo5w!%zs1g>HT+NQqz8AFGB5CG_75bdB;I^>@p|EOMsJc! z=f~@vBkV0j0;Z?0SKRi!zWIIihAj`(B2{Hf48#1Pn;GVX+6+xM91|BhJ{C6QmKCx2hu^&dXb4x2msJFwUUSIi=Ti9ivWkE~e zpB#GFyFJPO@G%xUY~gtHMw$PLfE-*>gPET3k+Gx9ODY7R-&k{6wcjI49+b~`SeZu^5%UzivCHh8MVc>% zxLNFM%FBPhoZu%oxoc|__2vR!v3}-_hk2>0RYcAQqTHuEFP&B5DkP@Oj-oPt&*}RGajf!H6s+s-o4N(v!eW7|5SHdsbG05yiWyp5Xg@63(F`cXLBOe}B zHMw-8pU9{B-oxtnptDnwvzKN!7^4R46^U)SnrvUI9%Yy#`a&ZtCZ+h5wyKd$Q8SZD z_q8229_qHv*D*=z^!4G3hFU@teg03w(H7K}tOE-l%gq>fUaCVtFz?&tW8#f{B{ zyS#N(>F%d#m^_t7qn~?BO_P|DMVD~PoM)I|_TM0s)_OT;$3@OKk=hq46UyFduNTm! z!S7r`aleX;ra55x`)&QxTaTCdNSJc8))u9C7*CONNYGgZHqsI09M>zSqF!^~DV(uq zZkkS3t{#nOz5L{(SjcnE-FWoeSK+3|=Ur=~SWN8jQVJZ&AAk5Il`Jq&7&ONnDd29( zSG1J8batZ<=|RNo09y986E|Jv@~Et~$E? zR}QbWWr112efP+v7e!2Qwr}Ta=w3P<&(L{w-cIKyJai|u$|T@%`X_Y#MFXfllpr8w$$`EoHBq=NP55?Fd-j%clo2eQwc=igs2#JEmhD zCcT(x-J!yfV44vTvz1-m($K_46LQPvozuZ3;TbF3_b89 zU1y!n@blcH=-n??`8iH`jfA9cwhA!k2j3nH<-eqq9(hu^iNK+EyDgoGtb4$F;C+lC zMPR>$gPfwnsNKoeZ$695Tufi*l*aD5EljY;(43JjzQOZwbbPHaV!-jd^wgSM*lh+5 zjn$J}PPf;vH1cabcz*mY%hiskte%T(L_N;SSdogJ3dJHTln(!@1e1y~+g%@Rmcw!} zadnJa$(lupWp}#2E_*5qWZ2IVSJy?|t-d72`C1jq++L6_cFT6TQI1*o0-nV?|3e$)D zSqri5)a-x{3fwMoqUk%>mr+Y!3O-5viqoQ!TH9!2G&<^bR>(e^dISxS#xH7m{TNUN*lX#B~#Ia(&xV-~`5u=2hq@FDHQ-O+zxPTl1JKb%WYq zGB8UeK5E++(S&_`JCc0d<=ZV85$l6&Qmij)f01Rqh)O+FH6BmuHN?4=#itxV z)wzAUBH5ZK$aa3EeZnJK-C#p4=<12>2Te=~GE4F{sw6(U{HX=*9+G0)>&updRJrS4 zXEHUu(Wf4AaUY;Cyxc6t>)`@ArV;eu;Qhu&smu_qN_Wc~Kf>Ja!6^Z*S=@;(l zf?h3$B3p~x=>C|gy4szlFIc#FYxC=u11vQy@hw#%wm%j#i?3pyDf_o?o%$r= zq7ZShfNB1!d}y(SIqGz+afUzJv&ouN1r6HAnJ(4gR_^l?g?Y4PK?zc%Whq-|_8`t|PBP>iL($QCX*{bzLV~dOcoieKYz{$9+nywfXBw;d`H`!fkF{-ym}sL0QU)eUOms zSlQ?n^KUGm=X-NL-J#e_K`dKa?nHQZZCZ8egX@&NG~VQO!3=zTmtUh=T0jpMzw@5fr)5~07FaPpGstR*5b{(M|<1|XsXUVB`zv%ygB+Y+M0{7a4WEaf zG{S#%y6PIGzb@zc7m`K?-Sz^DTZQeqM-Lp{Eba&ym@K*!)2LG+YcWAXmtg0tugbgUB$Y@+WqRM2R_A`0_Ied*yYY<5K0(#vbe+vu zT37l70Rwvf#%G>3TB`|%$b5{cO(!nWdaYjw(k~)U2+i$vVM5eNCt{N{LUpek4{6t7JHwo{3yODL+{L``--}84*(Ym*Lcg5VYzBAOR z{xXdIrjEv8qvne>EzRR3hc5{ec79X7cX_dCTR*=IMV@Q@y^j6WYFCXYffLn5Ry@p$ zD;@93dG7nYua}|J?;e$-wX7)+pD$EpzmFBK^828&_9nB)-_p_-tF`kk>T|;6wc_9T zmxA+uYnU~v(Zyfe#2a&NLjV3Y)919_b2DSe>@P5|iQarn?fGi7BwsIakGh|J&aZheUm`x=>3BJu ze`WTjL47f+=(+3FAp&k^vut1KP^jB?@rC`Uy~!$4@sLJpigN6F>4lTKXXP4|w`K1N z74mnkzP1b7GAw-iy!RR3(@eLDo-7^Gw1!1F));YZchXOFV~@PDOtl3VHH_%=@4qn^ zRe!nTq*8pXp#1q)6Y3V_H&HehlE^80ujv~nVI-VK#H7bdRt>lp2(~A5yv#&^kuuItxDa}#6BS`_np+q({NA?i`V-?S9SI=*L5^WkY? z)1R`}w3ZkSPp72U^u7?H8g(t~2*^?+c&kHJL1Z!NtnN#*?Ch(F-wv|Vl44gKnWwO z|2)Qu|B}Q=;JXvXH{@sTC-gmKxO1hO`@uV3H1Y0(=6O5Qmd|nnUjqHfW_zZURDFaQ zo~OTK`&whb5d2$-a{f6PTi14p?;S(2r`bg(uJmYHwCdjRy=gQ~^Xl==3=zb@g7OqFQHE{7fQW)y$mq$~n5@A5*;O z#RrzVR`jDI3XU@gxToL07@;zfSmUm2bdMA(F?jI}ynyuc+}XV|{*9L^QG=bf+jm5aYHFuvXlN!w{8Vqez?JA+DiQ`0`>YSyQt15 z3#;ih1EIs#HfIeFu~0f*IM-y~>fK=@U4QcXhpWM#dsuiJ%)+dg4}@5+Nkj@Vosu%1 z8GB?aV0r(&WS^)?H9a4GSUTwn`b6oa$kf2$(Tw;d*Q(oskrd{6V(dE}9?Q&9yP3|L z@mQaD`*pR zp*YWCY0~*4QgGhDYuSTPKl50&q3U3N-39Biae5=i+b(Y-q`KVs2GAX|Rh`{W%%nrh ziF5pmG_p%Y`dTkbB=dYX$LNz;Sb6*mvsIkH22h)qrr8`FV$EcT`N-k$axzCf^m2a% zD?6W|xmcH%9z$|hphoPWX1vmPHPf9(^ezvJA9c{=G7t!oX4wp1jCm(8^m3}LnN)xG z*TEyoETf{F2BoLDY#wq=$p5;+$LJodhtXMzvS(^WpIl1j%@Wih$`PU_PqI7``P=(k z3P+}rneA+zf2-aTk=^(5M|d)_zEoZDzz=01y8lJTN=^2i-6xmEg4JwWKaP{3m(6q7 zw?2-KjZ?H>L(AviOKC&xfr zlMHd=v`m75Q&K0MOz##qSAMZ_QhR}t{jggh#W_fHezjjQ zpLgfbRwOk&oN=elk!h}ORuI!YR?X=+*Jp>XSK#l=clPHAQQ9u%aDI0);?2cd1Mj$| z%~x)j91hVoNxbY7VbGrIz@cVI7d8F#YlTW*QzQoO|u+D)HFzqGxTLH-X>Ph=tkX%5sf!2@fx9u-8f7oH@`& zF}WLJ2~S2Io>FRNj=%Z#!?U{I&ugdOZvN7t>zI6YU|5$hhU}IaLE(Hv!s&0l6rQ&p z22oJH46;4YGdB9doKssGn_Kj9Bz$Nij>92?KhP_@{)Ma|&-Z(3x9`sNRLh!E{o2}P z*`_xQ|M|x7mRy!G6<)+Kt=*83stJ{FJ+i~b*X!22MPkAp#!qT(J$YOf-d4d_pKIIr z&{#;D*ug@!X0c&yS8gkzg1Mo~<$BtW%Zhc<#i?hT2g=6l6Kql+gc&ll-pzF9L!aS1 z6Z7VxM^ig>qhjTP;sMvwvBVJ;Uw@LrKS>t|4ypfC7ovlQxwm<~vr9FHpH7!nrp~h{ zl)A};Uogeub<-6uyi#(K@VOB3!tFcp&$xLnsNb8qUK!J`ld*gv@}}`qCiPN}K$=0l z@U)}#7GjiFl<|EoY!EcbOdj)1)NXV#x+Om~cbtC#KX38S3Cr>^KRh41 z?b|P+0&l$=@C)|~^T$g_ELu-rQ_~uDv${bR`QUp*kU(VX57Lw2<*)9jJugivI4wBG zS)`qkR`k&SkkQ~RER!Z{Ouks;ok6ak!EU1yzpmVjlj~wG8@*CLky&d0!`y1B=>c~A z^ytUimh##6-;=5MnMtKgqrw9EdU%ahx4-;!UAxbkTa#ZHM5T4$n&Qp+yUf=H=!t5B zGm>cDioe`FU3_=FzEOJi#jylkGI86@%k7RaC&<5qq1CB+c7I%OUJw3y_R|WoBdMgdjpNbkZX4C7>6Cq~Ph46y3(ttFvHGaM^l=$e_~BM| zFjYl@0)=k9OH_OnjU%$$#Fz8#`^6EDlV!`In$$7F83U$0}#!IUOBUhRxJ zX>R$;>hK$8$}ZipVz(_N^V(3e`g#|Y)X!cek*oIp#Ncr9%4+aMyic4a;$|ejrIqH%o88s>R!r|+GsTD$*KL7vh~=+PS);fPZzbHnI2BAE>O-BS@_qQ9`1k_SUm z<;-)JYjaYvyt@W2Yo9TWFSJ#}=tg}cga4#_i8I)yoP0b})PfkhFcYZwfMEN1#a&w) zX4|FVGfZq2A%{8NS7vF;p%mM&tWBhX2fMem#U9sxLGdxtTt3Wpj8gNLgYH{$jhnj{ zcP!}mENlsm?d(vKz9ph3VnH7vK%wu`ZO$4X1avxaz)Q%S+HI#yW! z?r-Adl=x&iUaww|t@G=Q6b$(%%!V=DHCA!Z{)RFTX}ckWbxM83Nc0%fv`cVQRCCl! zI;7dY^+{g4>4j;J+5SY2TMq?TRUQVZBuZR&t9z{dT9FbjB3W@pi>0$N0*gm_v|N@c zY5nN92`#6LyBde*wNG&kWBxu@MhMH;N%)rV;)nyoUQLf3m!jenFC22Bed|MGO@DQ` zLXLsuclxo%m&FdFTCXu-@Z~6pyT;Dd^csB}?e&|~mdj2Q7@E9nm@_twnr-|+`s7uq z=5CGA#8W4cucF0AW=|Y9CM<3(N=&YDfwzUrMq zaYxV!#gfd|w9ArNNE3OJE9CC0kb#o)BJQ7UTy~GXoAE9Q=1j`wcP7@GU7O%d@5wV5 zBaMDf(nm*UfyPff;J+%FF=TF(8!&7%I#g>m&vJFtH%^!EP03u-6+7zv+1w8j&3<)+G+7+Sd^kW&ka^EbJ+zdZuhkZ zN`%X=zUN8OY%(qn?;6%3<@#~SMgQgL9V}B+u%Spw@%${cSIKU7!<#7CuHZQm3~5{N zOCNXMVSBPP%0Q7PyCKe%D<<8HN)Ns&h0qEe*;v>lYNuS8K+zL)p{mY%e`c-VeivpV zF3Gm~^wM^%Q^-Wt_(GXkb~)N8akboHns-Oz#&?JEHP9q#7WprzFk6RH z*uT$p$|sb{X>FEYXWL<@O2A9YlgE%49(!kZqiSMV*NgqgI{LHuFapJ2+7e_wj>~LxE{jj$|)qlhzxc>C@#TEY~ zZZQJVMbRi@yjm;PwhV>7&@AfVF4Hof`cxLj*&i%DlczWJOMVu%wuR(!hNUJ;qkc1+ zrFM(&9Ng6+oj$-u_*`2c-_Pl#HbHXBO`n|H;@wQcxyG#fKThzKKe1789%n|`4cimH zA*(k0I&4Td#C6Y`DbY8!=m{85T&)P&^ThM09@Rp6>Q0z*1zdYA$vi%qbovl&Dn>mBk3X_CR zw81U4katxL-#01=HF37>8djC9LdqHMA%8j ztRbhkkN(E1ORG(I8%_Peayq>w?=*>$j#QC-D((#^AtBw={bJPrX=v;fo4nD%x3@nU z8k4*K_%>2o7HRd6jl`t>?Aq%}FVudkhMkgtyg{DmC1_DY%Fmnl0Mm zmhVRgd01&vCs6wHf8(Jq@hZKUf8^8S(^d4eK@>L&?`QF-6m^{&dw5Q{Tba6l@yk_% z<^iqWV@n=tZbzo6uMoF9X0!?SwoqD*FgkMAx%qtzUahBB$NQ3{t_$vgmPy#hp=rtk z-z{s=LXCN5LXT$_6|`8rXv`RR>AhB$cDs&g$+5=^e9{u$u5ggMPJNsppgP;ky^nk_ zg7uc~5f{w>_vbSvQQE{xR~gl0FF)Ja^4l%*ufsbYZ{)k2&t0ryf#xLUSz8g8KE<3% zdhJY+Uj0O`y$_MpFoiBba_*<|^o6}ltAS&yu90EBSi6l6ohG$wF&vJVGfV5Me9vKD3(WlDvEn&^oYaV3O1}u-byn2`@TA+T}NIeL*H7$ zhYR=YMt(D@zx;Ld0QzL*TftW}JFJrt#Ktk|)?~hh!Pfn`yME>>%KFcVhE&~pCZ^^d z+}K$C=K7S^K`mS3N{Gn!38I1IQbk8}wb{?vr}~D%mc$S1etyp!eqcNw@iO|SP34pF zV-mIIL&9q}mc*aO##*T_h}4MD)%Q0Ot^}J~kEKo%WuG2BuGRkOU7&+vrW)Oy!`Z!O z+jhEySIpAaPVkGf30@2>SZ{g_WoO({e}uBWWOiLA;khfad%%de`3#T^6c z`lJq8==;)U@-J&_oo&c?-+u|Jit+ZCwr)8%F>r5DG~ug;S$smz{CEAZO8b;dqSoo} z$6|{#IFETA}eb^NRyY93G7uO{W?*$vd_ zPi%Tj1Z+D@*@)&HY~VS0eTqJF@{muc`c@E8YiiwCLI#>L(>Jg?q@Lq^zji9~WbAv+ z>5fLl}C)ez5R(MR=H>Nxt^QfQoe$HKLS>2y?*vV(M zmL45Xyz^a}G=yEfNG+)vb@812AA#|YkOAzo{;aC>^|QZnXzm@ zU>Nee_KN7aR+^fh1#j+#l(n3%DjHfXm%Ohk$=;8r?;I>`r=GxJFzx?H*R=PDPRxa_ zPkye{O0BsV3`^#Z%4@fdRXUmcw7g^b<}Q8e>@@YcB(8;uZS+RMb)uEk@_P^KG^7ef zFPsr&Bp5gR{4HZa!=-!Xr_u_W=u~mdjaRiD)}OKr1lrVvmdeBp9&uhI;F3_QWHfzJ zbC)4Xpu@M1PHrU1VTDIzw~o&~$*8%*BP4;Fsx7S`lgM(2xt|j|QGEiBmdjQX)wFRm zJZ?dU^4$wwvkBoBi^-?X4js7qVzt^LV=7GkJt>RMx0(g5?_o`j&toUXwm%mKnkjC_ zF`;$T;jhkX#TkE{PL#c$bF0?=F41z~ud0sPXezpQ)8(i}OOCM`JKsypY_@rWYT@>U zB~8(m)SS7)pARlFxQW)r`cr(EdQoyCACG`ZwEiIXiVJP{F4YXBliDb)uV(kI#aXQ?R>iK$)8+hxiMj96MwJ=qfdw%o z>(q&I+Rt4IF;sU*-0L5Ib4d50K1Q_VwI=cLxw4qaZ;xVDSd(?|Oc*ij&I-+(8Lquj&yI?4F>c_-|#mthZ zS3_&3@pr65tbJ%XHSkaSkh=A|zR3?P{5EzPuXSGc{L*^L!$%ynTs)tDjS7e}-g~J{ z8elB^>hhOnnY<_d?q+dz?^*=)dgA0h@>IywTLvT$zFamC%MNN4T*jl$X%&ulds#ct zGsE{Fu9k2!Fpx-}b;7^HH||lw9HmKX#E3_LOTv>QHs>?e%r-<&{TGVst}jwFy<7=x zoX)u9_mZf%>r3_#h3>$Fi^uSsMVjwfZd0BZ)d^M1B}yfH{WC;*j>j$BFLFkUy(2-* zzPIg^yw(KgTN10rjy!eg;g_RT;|Uh!wnfiwjrX=l5)B{gekUR&jNmnYlfHx>zf&KYs3D`9jCLaP$?)P>RF{lXipou&uVg$L zMt;890U{C?w2upCUSJTGzWr^b37y1oRsio|OK@=NX-u-VdClgAELq{2-*S>Ym&XTY z=~`u`=92|w-4(xi*6L4U=pD+uw4}3d8KRR|%R+LyIvgsVS-OZHJ}TW*Ef`dvA-+gR zyPc+M({!`@fywxKpn+;%B}1Oo_TA-k{?iZijrlrE?im%@XiWyt^Q#1}huR$u3|m?@ z>`z=0%#stmk@B(Y=xBMh&W0?@yqxs2n))VOJLUG zB>l+kvmO_3W?ws-d`OV?`_}H)S2g`JImw~6q8010{`6E0<0x7-va(5Dg5r)mN=kv` zA0(+0vpyfAlNgc|xGBR%{Uqo3o^O5qD)xNn-VkpSDG8S+U9B8(MkKi;+p7+-kEQd0 zTBX}R(=it^X%0FH9a1|#^eRr_=L378$=Q~P0E=9yv>{xbpVmBf-VlF$dyU=AX&-?4z?!ET9`=0SX=iYJdxZ|8T#&p8$ z-|zdpKF`Ax=8O!esK}4AxHLegN3zqw^Sc}t?yNG(bX?J><%7!~yO#z>t*D(jaD~zQ z^0BiMAEq4}Qmwg1<@&m1{gtif*$p4!HOlw$B1eb9cLzT1`kGeuw(4E(%q{O{eSNL| zt+~M;nP*FWK>}(c8Qt`=u^Nwk;Zzbk^~s!LfibrRhiJ^c(#2Yrk_t`;G}R zREcf##_;8>1J0YCw2NKdbn)EdA0i&^c|I*yF8k)Qk;X>1U&gK8)_u>nk|9&x=qTKi zEj)b1Av`;@epmF$S8aU86ol8k-4U1Rx9Ie8qf?5B=9?!CyZ`2aMbl9?Za>|kgF8QN|9hwCOA}kv$y_cjKeOED+@LSdMhD!ez2Ki3UOr&^*H^&<$0*l4tQ_&+ z-L76Of2llPvvlDIt)b5hgdFk12@1JT?)vdJklyy3>-Lf3UZ(Bb6n%Di9A&*Bbp8TZ#$+!+*r(Af| z`GU&L8SR=}-}>Nkh@4zu`+c{xiwt}-J174#b;cg=h*l%@^D>*Bw=bDFYrvg~!BwAZ zZ95O1wQJ0|7GX}Vw>4AtEE@W*^hJi=hOCZ5p7tx0%%}Op=ncrdCZ*rhY^u=6X2a&& zox5jNzgW2X;WNAO=O3L}9Q0`M?vT5(IQNlixBHss?0MWX--&U;}Mdix5Bailbz=bm76&@YBw(HuQ_tk!Vc#;%CxNa_FO(v{n|&Lsc#ey zwd}ViGsS7Hmi;5^5gWF)lI!*IY1z`PlNP?8@H9R)watI!cL!qsi+{(P&fnmQKjO_v z@B8Cd40szr-ft+cq*$Er?l|Hkr@wdy$G`k-E;s7JF)b%MOZ*A03lGK{+x>W}I9X(* zj6d6T9Xj;Kxe1B?b}rZDt&FmZdpU}m#5GTjZ#&jR%B!x9W`|5 z$GHOryqq*-$nRQj-+tfUr_XO&^73xAsi~RT%Eza>0`Ew%COiAgFn9NMW`F$gsK@2Y z+aIo5*W%ay{hueEJXx_|N_)VxzrP~X_- z=wIYNe0ZPC$EbG+2D_BQKNqzgTzj~{wsAvc2>pRRFF~TD9?%mr?&z{xhI6Jqj z-MV%7qLPxQ7HVqx3(Lx^iak6!c$u3Acv@HlZSB|Z#>-BfwtZQ=xbyF=TQ6@B9^OCw zx8HW2sjM6}#MQNR)V+H*3%tF%%^o$%;C*W9%3kNr?H2pg$m)21^nHg7)Xafc3@o7UBp_c?oZuiL9vH4oOV zO*a1WhY$bbb*om36Cxr8?pd_R z@!smy%^Fftmj1D9S=U1`F(bxTR48qjHZ6MJf(5osLPGKt-@kuzd*8l{svSE9lw7;E zDZ|z_&WHDLF#rDjfp$Z~x7_pR4>qr@Ej85CGz~N`aPofsyt+Ou?ZDF6vja~jB#aF; zG4X1D;{ALyvJzU(q`=L3drDo@nlNS!Z zabsCeJG+Em+}zr%n=&Q5Z0uN#lZ_fpbba~q*o9rY`a~ESx(vE?Yt`Lu-S$~&Xc+gu zetkpuojcdt`T1qG3=1o^R#!K?o|H6AU0GSPuY*IA`(3*1>U#L_qJ9@H?0>a>ef-KE zJ&vrNIyH3p%$dHy_wQerFlf+QzekTQ#UDRDp<{4xzn!_c*CtMyB$s*V(w6frTh70; zW=+zzzJ0HJZr5(T%DZB#p*L?XnO|J|*w)4->SnWMvu^C)pFVoR1g-M% z<8`Lw=iiBoiW+)k`}TshJ$s(M(xk~0B?Sd#x!-^Pps%fMxhy^Xa9Uts?@#U9Z#=tu zch1z&qfI(gRn2v_vI^V1aG`TZef?E~j~|~^&Y9!xucv3XHz((O{?)5%#!a5AvTDW* z{~hz@dD>Z9M@$#{8$0bWTjua}UT3RgV@GbDJJ)r9r)MWU9Ubdan>P>n+NRCw-}dg!4Kp_O zfd2~kkAnYP_)mhr7X0_ae+&HEz`qsz72v-H{=?vJ2LB%Le+d6y;hzZq1@Mo7{}}ii z!T%ZjPrzRT{?Fl`4gYWOe+vJD@c#h+S@7=+|HJUNg#SkP_lAEb_{YLu9{$Pj?*jjK z@DG5$D*UIzzX<-R@Q;SSCj48&KMVfd;O_$eCGgjQ|91GR!9NK8^WYx|e<%3oz`qv$ zi{Nho|Ap``hQAm5J>kC<{x9MG1^&OozXkl$;eQ7HL*O3;{{r~WhW~r`_Y(f$?*aer z@V9~garnQ0{{i?ng8xmZg{MW(14E`tK?+X75@Q;B1Ao$;fzZLxZ!#^DU?cm=M{?_on4u5s{_l5s`_;-bW zKls0b|4R6;hW~Q-2g82?{Qck`5C4wv-wFST@Xv(*dHCOf|2Fu4hQA8@9pS$T{*&SV z1pcP*zXboW@Xv#PA^aWS{|5fY;GY72d-xB9|9tq{!v7}xZ@_;v{LA4#1^#jHKLY=? z@V^3oCHTw1UmyO<;GYKnPw+nr|Ecir0Dour?}mQ}{0-n=34ee1?}dLp{Kvt675sO= z-wyuM;4g!J68yize<1t^!@mOlAK^a&{wDCh27h1pABF!e_*cV!GyDg@Ul0DL;Qtl= zzrjBY{u%He3jYD{9|Hfk@b3fvJowkZ-v|D3@Xv<7JN*BE|7G~EgMWYcpM?KN_@99P zF!+Cle@FN?hW~5$Z-Dj!v7Hbcf$W0{HMd;3I0LwkB0vT_@9P< z0Q^_L{{j5pz`p?gSK#jpe@NWTsfB2Wf zKN0?);4csV;qY$-{|NXmg8ypxr@((1{A1u>0sm?6UjY9Q_`iq$KKSo||26pA!e1Bu z-{Ic?|MT##g})~J4dDMA{%P=^4gUoAo524F{8z#M7x+iQKNJ34;co{2BKUWQe<}Qv z;eP}EcJOzD{}lL-g?}UXzl8rT_#49i7W})xUjzQv;eQAIe((>2zdHPr;I9mS2l#h^ z|6%xFfd6{<_kjOY_|Js@efST8|0DPxhkr2qbKyS;{+Hn268>x8-xvPv;QtQ(PvM^h z|H1Iz2!B=h?}7h7_&dVi3;veyUkU$h@IMOw$MC-i|6=&tz`q&%_rrez{KvyTAO2DB z-wywt@NWWt1^E9Ce{J}u!#@!I?cu*0{-fbv1%E5}FNA+R{6E5f4*d1tp9BA^@ShC- z8StM6e{1-Uf&UZupMif{_`AUWHvA{Te+m4@!Cwph2jTw^{&Dc{1^-z1&xOAy{B_{J z8UAhHzZd?-@Xvt%Q1}mk{}A}Ug?}IT=fS@Q{yy-RgMT*s-QoWS{4c|Q9sK*l|0MiJ z!v6&Phr$0d{5!(GG5lY{e*^q4!hb3JH^F~C{FlSO5dMeYzZ3r7;6EMyPVf(ce>D6* z!2dM-1K_^`{tw{)2L1)`zXE?>_#44r5&p;EZx8=!_?yCi7W|dq|111e;I9w=5%9kY z|7Y-bhW}Rhm%v{Q{$=p@fWJBXE#Th|{+-~z82+u{9}fTD;9m)USNPw9zc>6x!9NxL zKm5c01^i|3{|f&t@b3)&-ta#K{{!$3g@04{H-~=*_}9VzEc{==e=YpKz&{@TE#U7D z|8n>z!v7Qe<>5aZ{;l920slqtUk(2h_%DNh4E!tLKMnp1;2#42_we5b{~hqZ27g=l z>%#v#{2SnZ9{#oP*Mz?T{GY==4gRy?p8$Uo_#c7)D)|2b|48^}!oMs0&EQ`I|L*WF zg?}>qZ@}LU{%-J}0{^k_Zv_9B@ZSZ0L-^leDR!2de@@4(*={$cP}hkp|MmErFI z|1R)94F3!8Ul0Et@Sh6*nee|4|3UD71pnjk4~Bm({3pTx68u}je+~Tm!oMB--@*SW z{IlRc82%gKuL}P?@E-_&NBDce-xB^S;lB<3N8$e%{x{)Y41XK=H-rCv_)mcUc=+eT zKMMZa;olSfP2jHp|KH)S4gYlb2g1KS{CC5DH2kaJZw3E_@UMseNBGZyzaIQ^;C~hV zli@!D{`25(4gWFle**tA@NWx$7x>?X|3vsNf&V!8Yr+2@{2#(U4*tF19}EAv@b`qj z4*WO6zYYBN!r!>ns&^@=S+T!VFE=rt)y+BVRG)R>ZxR>Stn2W3{d9$U&DwtUk^P?A zf5X)Nr^h-rmw*5D@`L2dr`&2rBm_EDEbFm7sneEQ*%o^o=V(7otUvTeSNRg}YW>&E zOP9@VH0kK43w<7?RVd7yKh5ab;M{}PI<}taS$5#!1>52dt~qy-5{{pk+-Of9b>kpW082h^CdfAC>VP}S!HocuO(%1Y!cmI^xiNjNS+!>I$Wz@z# zdo352{xQQ{^;3slP4dmYC02~-duztdk3(A9Unp94SH4+c`wE+TZtL3iRB?H>RpIb< z?_Y=1j9#G{eBtdF7oV*w4%+YOtsviJr11-P%ewK?whdbK`mIXClDj!AYu{bVx^zHE z*``Opx$%FjJhC9wD`0WkhNXV>^ zW2AGaXHe!<9d+B4U3#5s(|KN)SCGS&Y;{eYNA0JdpY?Lv!m0Btl4}l)SSq`bp3`hV zCu4JcOZ7d|?>=x_d?@~oU4)g1g}#QCn)Zfc6W;D#y~FeP8f(LHvp4OVtCVcodvor~ zZ{3G4TjV77Vc+}0E;Zpj69Rtu(z(BD{Dd1v?N9ak`eH}MoBO*?-tfJwTb>aYV>jDC zrgwDIFo&k)A0zjk*Yo?dF?WgUv1Z;2tr~o`-gw@6wAR^sRRj7OSGv#LoxkRDlNow; znNJ!YnfP_JdGzbWS3HKbdo{)1?pVvDF;(Y6uKuy~-DJHF$;7!6^TJ&$R`Bi+I7Hd!6R-ASJ-u80~Eynh4zRSj= zYIsUkBgLoP7IY1qC|6WG=CfC<#+Oc3*_Ex&U!UgRPWOpH8reFSbu;!BB$%Y?0 zj*BpO_R@LHnZOh2J6}AotdH2zcyPzt=jTTky=^<_jG^hl;A2HkYd@rRUi&T0Ffa1< z=<5jsOB*(wj5^Y5w?}|ONLtLY!-dsW#+r_I_f1HOaEYC%^}RrDb?B{1P1X7Lw_TZ1 z)h;uA)Ttr)JNzyccj?r9hW{M+*TY{P{`&A=2LGe*e+2)T@P7vXYw-7k{{{HF!ao82z2QF) z{(azo6aG8kZvy|G@ZSc1Q}~aBe|PvN!v7BZN5S6`{xjg;0sdz29|QlL@VAHmUHG?$ zzZ?8j;I9DxU*W$3{%_&G75;nR-v$2e@Sg_%*YIBg|62H8g1-&?$HRXC{1?OD5B??a z4~73)_$$Ld1^%Dl9|`}B@NWeF?eJHEe;)k5!`}h^v*CXl{sZ8@AO2(E9|HgD@NW$N zC-6TZ{KLNt{!QS&9{w%i{{{Z-;BO6oXZUBr-xmJo;2#G6E%4WY|9SW?gnu&pm%={> z{>JcEhyMfk$HU(W{u=P#0RP?aKMwzL_&10DUig25|04MBgMSVD1K{5u{x{&?3;r4K zKM8+b_{YFs2LEC3{|J9Q_~*jE8T=dI{~Z2j;olejbK(CP{&w&`0)KP(UxEKC_#cCR z75x8ze-QlZ;O_!|C-^Ui|9$vt!G9k7d%*uN{2#-=8~oqH{{Z}l!ha3?E8!mw|5fns z2mc}PSA+jM_{+h6HT<*S{|o$8;r|f+SK)sK{ukl@8~iuH-xvNq@IM6qVEC_u|7Q3b z!M`c|Kfqrb{@(DP1pgNBZv+3^@V^It3;6GX|8V##!oMs0i{S4C|4#644S#?58^C`e z{0GB-GW^HE|0Vnb;r{~u5%BK_|7iFRg8xDIKZSp1_#481H2h299|eC8_@}|Y5dNC* zp8)?@_!q$c7X0VKe+vB5;hzuxV))0we--?*;J+OH-QeE`{)zDK0DlGee};c9{QJYd zIs7lf{}lWa;J*z1o#1Z)e{J|5f`1A8U&DVk{6E1z4gT}tKN$WU;a>)STlnX||2X`| z!G93^qu^fv|77@Yfd6{e?R;u!M`i~FT&pl{$Jq#1pe{xUkLv=_)ma;XZXK_ zzdHPN;BPJb!+$jVU%)>f{)O=W4*wANUxI%q{I9})CH&jK-wXcP@P7pVS@53<{~Gwq z;NJ}X=J4MGe>eEwfxij-wcvjY{;T1?2L5L7SAqXc_;-iD6a3%9KOFwQz~2@AN8$e! z{%_!a1ODakw}ZbP{2kyQ34cHMFM+=|{C(ix8vgg-Zw&w4@NWYDO!!ZPe>D6(;6DZa zE#ZF-{!8Jn0sm6?--7>S_#cG-0{BmZ|7rL)g1-U$cftPy{5QdW1pKGN-xL1&@Sh9+ zVerp@|6ceHguf~Lcf$Wy`1gbVL-^Oh|1tdM!9NK8YVaQl|E=)1hyM)t_k{mG_@9LT zS@>Up{~Y*VgMTad{|^7(;J+FEE#R*R|LyP}3x6B^zZLxFz<)pdW8i-k{*U254*q8F zKMwz)@Q;K4DB&OeBjE22e?9njg1XSJ|2_N%!+$6IH^4s({sZBk2LE5+KMDR<;2#SAYWR1B|5^B7g1;mD z*Tdfw{`27<4u2>3cZC11@K1*SO!$9?|33H|!T%Bb^WeV-{+r>y9RAVpUjhH6@aHe? zPL72C6!@=#zaspf!@m~(Q{mqN{;%M_7XGu~e-8e=;qL+eEckbW|3vtYfxia)v*CXo z{<`r04gQzmzXbjt;co!{HSkY|za{(|!~Z<|-@@Mz{>R||0si0M9|`{i_-}%LFZesa ze;NF(;C~nX5%AZ7|7!Sa!hak5+rj@7{QcnH7yi3itM$I*6SN}aV9c_Gr45(A480dR za-R41F#(g~6OP<^a;nXc8Gb7d+ef}^K2sy^b9GBquO&TQt~zY(-+5_L?u2uWg&%*< z9NlY<@x|p`PIt}PF|BWYlUCne?7r5`s8Rb>lNOAca%G(~ao+{?5BEDL?W#;vKI>s! zaWYy*zG~Bc1v!K9eZr>d#U^Lpcsl!S-I>?h9v017Uu^eiLty#cPr;8ZOK$gT{KmY% z%C%-(-p(G{YfTSWd~Fxi?CAMHvR|(s`eR^ir*}3tSNo4uIp(`XU$>+4i05hDQ--fG z+ul^m^TFUn(@)HQwfIhWi;ZsYHy?ktH=-e!etvDLFY=YT2@-WMyR~Wo2ba)22<6_V3>>jUGK(+O=z!v}w~O zsiLAn8ai~S^z7L)iO;=}&YU?TMe(tzK0ZFujT<+lw6rv-TeogfO-+rYp`js}o12SY z_>k)B>!r}pQ0e5!lhUP2m!!sx8%w-Xq!bw$DP6sKl{eLvlR9nc=Z&FH1iqx)M zJE?EqzEX=8Eu;w(CP-RZTGFq-{wnqC*;D%R<%`5erAwPPZmSZ{@8hUA}x-GBh-lI&|nDg@uJl>FMdxty{Mw z3kwTLPft&>w6v7`{QM*x9UW=@{P~ixv9XlOMno4iqzLo6k>?A%XNJ>aZkm~B{ zq^(=GO4ZfX()R7!rNM&-OH-##l^h%#c;9zb>G9*o((2W#rS9FkOJBc!m2z@&q*kq3 zNo&`xmCl|$D=l8USQ<8Ln6zZc5^3DHaZ-;SJ*3&QXG?9`w2?Y@?krhbTT3%%&Xn%l zxxBEN)Qb|dP#LJ-4`0?W<1qB7^ z;lqd0wQJWTH8nLUIyzdqdGn?;W5x_=%$PA!mo8nTva&KsUS3|Rt*w=sHf<_RnKDK4 z_xI<6X^W)n>}=`x-+z}H8XBYp3l>PjhYyzy9y}=By?a+`-MY0jZ{9rV%9SgUlarHl z{P=MxI5=23di1Ci9v&{0mX=DhX3diF^75o+&6-ID1_siB0|%sx3_cXV%S(Fl(5ms#Vg&i4&zoixx@!`t_6c?b|0!o;+D{b#;~Azke@%`t(WKv15ni?d>gn`}R%R zwr!i#v13PR;J|^>oH=tOWo2clckkZPqeqXVMvWRt1qB7to;`b{ix)3Sj*gDfx^?TM zxVSiJ?AWo=(xpqKNs}f?pFe+=3i&`_6%`d}_wLeWk%h=`CvLP8`y3rbqPe7O`86C=5}xJVZ+T#$wg86xf7yH`4K z;)E0*A1_r^RY^uhM$)}|_oNLQHc0Q@y^{tE7$6-xc1#*EVuZAC;lg|Zzyti1z&`}~ z`+#o`_NPGK2y%OX_W^ezuvdWk1)!6`Yz5?LARZ0iP2e30TpQ3v0rm!1y8%@Lq$>d$ z3eHQw>^8tofhz!5{Xvxrs5M|Z z2P8!h83HH_Jhy#A7JnGK#mB!kt3V7E!Rj zQ>+Up)PodhYYOxV#d(~S@2C4xeELy^Q#AQvc( zy%a_~MPWoiY@iqhPzbya_K1;$|8s)hnb3bg;FlBjfdsuKAsFX{RH?f!n=atenx1YA+UW2>okJ8hLAQVpz8_elLT{PLOGH^=0jlQej|w6 z5yCA9U@gM8C&7D~(Dfv6^$A-ULA!;JolC$rCtME`tiKSdN(Aao!qk@_H6cVV6QCUk z&vb&*g3z=iFm(t^V}jC@khCKp69~tx1mku>aVmkRN*Jyt2)`17tq8!ggx@fNZycdF zo51T#*v%y9z7uli3AiJKTN8rq1EF@EKvN*ht`TI>gxCxMtP9~KPjEFQwEPLIY{II6 zpc+m{-6f#r5l&77Q!t?vP9V)9jG7Td2M8fA0%#E7Gm+rwN9ar@aNZL(I|!O@giJ>Q zW)9)fn_y`~sO%w790`*+f@CQn@|gfpAw1d=94`qCbpj)au;@ilgb)(T2?!U$VF5X;5bhBM?+Aipgup@qK*YIdQ=$clRw<%Zv}qBWqNRx_5v^9Vdl7Gcu$Fot7oyQN*^0Wzn)lD-^9(v~bb#M2w2|Bw|*?wuoNQ0>wBZ+KPy45rHClMYM`` zAzHp@#bS&Qqm5|$qIHS3E?Th|8ARI@EmVvQF+{BxHAL$WZA`Q$(S}6)i&iPdBoWb~ zy^2vv#J6a9qVwxqTDcet#ONr-F)=oXF;I+=qP2>aE=C?P0*EnC zv_R4B#YiT`FfsCo_AT107{SEoA;vf{R*5k{j0j@P5#xavJ4D+Qqm&p=#n>uF6ESLv zkwA>9V!ROJs2DxOC@02GF(QibNsL=!928@n7>Pxz7h{+hBgAMTMj$cviE&1Z&tha0 zW1Se0#fT@y3Nc=b@mP#GViXf?U5rLzv=F1A7*oZlEXFV~ripPwjO?PNi?KkoaWTe; z@kNYCqP>eTT#VIXq!MF;X!l}-6Qhn8EyS2DMq)7@Q(_@3eJq@e*u zTi(K|kg_}st95Ysl}##PIhEO*_LR?JcK1}sd|+v}6BQ@mwUo`DNO_&79H#J;erIV_ zczUad2WMzbX18tSsVA`{wZ2{y!yDNEW9E}JMx zZ+7insFf2PTChrG30^ZD&!_yeD7&W+TSi=MBytwQ@Hx9^1SQ}Ji$0X|YRcFhVnI+^ zNeR`kt40$eE#T}Ar*D*9PvWoxw@`2wk#Njrg#|8dviL73fP%Gl~03~)7`bQ{fU*i81<>N+dZh)x{ zv3-)#%ZLAWBHj-IImDPMvDQQQCng<;nRD>?Lj3N5>#u?PCFPcZgQhj40YkT&*Cg#?flhh>I;mzX>tr8@|(Mo0o_*TOvDw80I%Hq@%>pFk(Fvre#FV4fwC6-3^8C0NPDE+OiTc zVL`+#Cq|8EcLB5lYuc$LZSo`0)SCE}5fg^cenRWmPjuWQQtlJ!OK9zPXvgD;lsB~J z-)M(}iQTSyywEj6Q-OF@9=o=j;%#&n|lYpI(lGa@{<**-`iN`U3l}^ z`GKyLXRlj_$F|%2t?FTAd~A!v=FOA-OP_%uYGU=0ajv6E%atykKWcpTLbXAgRtbid zdRkWN7f_4Vn9OB*Y{r zitU^~b&}PcJBMUc`Y8Jk$azePSfr7!=^N01H z-#z1%pC98hal}N;2!EaE)r-fv`1r~D-8ffk_3rJ_pyK?5faiBkd(459-%6yrlu;duD-9bBKrBgI`7vF)&57SYLrHmjZrbwRW$ti_Dob}_XLL< z=g(Ms*lBw;iEpN1s;_RYD6gz6vz4>$mC?*SvqvK*F?_vyQxiC4+DQGeBgd>=HOg-yc};v1{Xm^Rw@etnIjgPpRI=xOVhO!B;Oq0VOUl2TidSpohk z!Rwb!_6qP*4l>kJGLqTJ+lBb3hP-=yBw+cnG0q9GiAv35nrn_IEtPv*f5LUth*63& zrjIcR@Kp*tUVTdA^x-qw5k8s``314Qx_WYYN2-shj4d6fR$P!6__5(s_?7b~%|E_A z9x`LfD8mjZNoFHPj+8%g=!oLihPvn`u}NwnzG|VF8I7IA{B*jyPUqrDXdg$z9Cm&+BVF6XF^vZ`)EH=wh$o zo|&HL`0?$@usipv?RRY%7rJ>%sqg&h6*gU3x3vEF=0xcIyGNZiZyo99<16R;`0h!! zzUeJIyQC)D+`n_g;q~i7KBuc{wZ@JZt7@pPY#idJ9@e2%6Vr=lj~I6E5ohOOtLCbx zprYdAui*dq&T$u00}TsBIVGim1xcY(ri{?-)uXAKi=DdLoN43DS)vfG@|ex_ptP5> z>rPWLHz-5Ak}h>?8CD3kbG55uuAeMhOU7c&Z!Es4G3M2ZJxu$s~d zAjZxTO{zrMbISTLaoL3uok3ihQm!9~tTwP%FMgna=Mkb$m!&&R{ETARcTv7yiHo6> z)*+VK2a4}tIF=>qMM-QXs?HLvGRpa)_&EtyGBJo#ZoQzA&oV1g%2$Zq`NYf|;;1_% zyN~j@50ef==?x;g70W(_GQGi)&mrm-6D_OZeHM-*AfgHJ1meMza=b(2J}15=5-s~+ zKZDpFNbGhYiUjw?#C~@u$%v!o#QbrhQk4CC$}mI>+Qf|qM0OEdeJSbr#AgTM_%#tT zg_wE`*Cs^iKw|ndQDF%0kF|I)NX^s zV-bNwXECvAO5A-FJ(FnG6)lMNu#b{ggxE*gganz_l)MYPy3q1gL$eKSEr!-Ninuf+ zYR1wU<`BP|iMjj4K@+$PB%)@}?!MCcEQy>EM5l~)H4###aO?u_Vp?V!sBWfhTGBEd zXdBH%-orfs_Rpc&fws_!_VSom9ZHm4q4gXm`oD_TV`y(Ph=WYxFM`&y4dVA{le>ud zp|k-_+EXjyErjTGpgsB!oug<2y=Vzjh}{6%+kM)g197&TC_PSlX+>*Lr4@{#1zsU` zo74J6(1s@xv!{uy5aOu`t!*2-VhOvT6k6w@dVx)8#b)SH{)^cZTgo|w-4stb>#_^< zDWw#4$7>iIrVKLRCnFMKC{dXxL3aHe=-;I*4nf%fj!SshGBJNqMn!B^B?Js$a~?8x zS@wK(=LlH)!+$ZG=SRt&gY#RKJD*a#!|s_1F$E~4QiiRFom7^03(G3UX3K~aUDy^8 z2UElk)0EXA%Iz(ieh#WKcF#Si7m8iL5>JQJIrxoa395*;?(E)Hf&|NRkJyl73AR$w z(^$rMc2One+nVw_Ov&aGkxMBtePVGLrFaf*=|o^PCApahiDj8v!?^%HrQ$UNBEtZd zQ$;;crh3qoSe{g3rGZGRrv%}XpFJ~*WCB8F=#2(`3 z93tlpG^Y_eBgN0jM1Lh^T1Y&cB{B<%hInFN8Z7E5K|7*w1d+Iec)dUzED5E2k~VRO_-r6fV&UOSY-bSRhiGBd#N`Fr*Jh$k zfmSh+n2#f}>}f?)X*J!6%nNW?OoaQ;3f{myhE{V}v^Ls{FYVBlIEf)jx6)SpXjz+y z=qh4=Dbco-mJ>%yOo5U=v3iy`?oM7A*K7wI0O23+ijN_pc*tBvUT8+&e zK?EFT*~btm)$H<8mQ;??Q--Q0yK*9BqD)CPqjc-ojIk_9bNG)XGE`XBBW#v3rE`QO zIZWv!LZym`I!a9Fh~;5PC&PU#@uSL8v?MN$ib0LIDQEYcfUy?kS;tZwXLoB*>WwJn zrgVQ5sOhleRYZa)i#T@M5$MKJI){jnc*>|T@i!5M6JUCbQlCW0kASicv3HV4(G+Ds z=_nFohlwT)qU;Q1eS)}bL5YqcE>$Vl<3v_tSWG4gRN+}e^eM1(wZzY8mVF%MTSr{9 zptP!3YB?y@z;HZE)RdAaC90~3R*7;x235gIUQtm}q}-Z7C6;AYp_ES%y_1NUal}z9 zB|Dk&ISP{`qO_LCj%C?LP^PC@^6^An8PPHU-iP2=3K1QMHzpp`DaUFe_cZY}iD;>S z{b*vl8L``(C>ja(QerK*q0A3pw1Wg9w}z-4 z1&NbHpc>KHh*(u4?#{q9hG>?j1s$S2OrqqKAa;^AAqSa5V(5ieOIqGIXf~p)#nbxA ziAzPIW*n_y0`WV7n5!WUn!qKAh#Et?J5B4;CUQm+opQ9RiICEOV=}xO(=rpFI+C`j zMaxv8Z6p)-65JcXz80EIXbW+)ms7-QOQP%~t>*;MUn^cKroELD2Z_X=Caq^Q#E*y{ zl!^J~v;l3}Qw;H@M)WGv9_5M7QM7?1T0$AIt3rD_MjKQl&PEZXr)V$nv<7ur!5CWL z31YW7t*?wWTtUp9A+j`xr>3;FG2(ejlFU+)VnQUTyMrW+$d{zWeI@Bo6G^($h70St z{2P~F>vce4=}HMy{`4$X`Fty+^+;J^H1kXNnJb=kU+# z|9O69PXGUSe%8SJKhKZL$(FS&$?cI<_+NQfj6Z*=;*grAt{jggj^ZFM{*jZHXP#7` z|Nb~A{q4YO;Q!qNuYdnPIxq|Te|q@ae(#&p<3H~AjN*a+@qAYI&-4HFA-Sg)S&bQ+KI)0pr^Z$0cqJqL7Pvh_BXJ`ClTg2_C8UyL3>hl4_)5(go?ZbWeI9J&|5XZ=^4zkcym^oQ|B4oSB@3oTHq-T(DfIT%=qx zxfHq1a$V)p<+A1S1Ea z_DWrqvXllWl`2&zO;?(!G*@Yn(ki8ON*k0al@2PMP&%blr*ux~lG1ghM@kJ!UzAjo zwUqUgO_Xhv?Umh?y_F-CW0e~#Cn>j3PE~HJ+*vtGd64pOK zR3@n`P+6q1U1hIIwaN*VT9rDL3o6%D>Q$bpyioa|qNJ*$YNTqbYOm_7>ZO9p&sw-4CsP0!is9LRhO7*(xP1SnUC#tVh->ZI7RZ>$? zvr@BHb5wIz^HvK~i&slhYoV5`)>f^fTAErPwF0#PYUOI<)GE~GsV!4mqqafqnA%mf zduq?rUa7rT`=Its%|P8o-B#UKJybnXJxRU2db)asdbWC=dWrfF_2KHJ>gDPa)TgV@ zR-dcBNPUg^I`!@9`_-$|>(sBRKTv<9{zCnYdV{)xhMtCzhJ}W`hO36BMzls_jTDXc z8eKKAH1aftXpGaCq%mD%uEso#of^9}sx?k&)M?z*sMmO+@m}MLhKikNan&UL5YR=SLpjoN8U30hQUd>~g_cR}9KGS@o`9bpw)0~2q zj+TLzjh3yJyOyU`q*k<6vQ}HI9IZiGrCQ}$W3(n{P10JXwN7iN)_$#HS|_w>wJvB~ z(z>qoKK~9;Q7;yFz=W z_B`z^+B>y(YgcQZ)4rsAUHgUhEA3C(DmofES~?~=jykS7zB=(bjdfb+B<%`KF_wtD|e9Ypd(1>#iHB z8>t(uo1&YeTckTkcZhDe?ik&vy3=(R=q}S;p}R?Ui|$_CD%}&hk96PYHt2rSRnpVY zGtzU`^VAE~OVn$u*HJG`FGDX!FHf&juS{=}-aNe}dMor+>8;bN)~nGwr*~QJk=`r4 z_j+ISwDhg?ZS?K+UG?4def5L&WAz*Br|PHa7w8x157Hl|U!gx+f0KTt{&xM{`Umx^ z^lSCc>EG7>rmte4WngCDY~X1SY!GjdXpm%(Y|!4It3kFwjzO-$5Q9>KF$NP1rW#B) zSYWWoV3WaKgKC3I23HMk8$2_3VbEak$>6(zg`usXx1qmbxM8AU3&W0veGKyq3k*vP zCmGH)Tx7V!aEswi!~KS*3@;hpGkj#IWTauFXJlezW8`S$YUFMdY!qn}YZPykWRzx< zWt45y$7q<*aHBG#3Ztn;vyJ8%Z8zF$RAp3SRBLqE=!21pv6``tv4OFXv6-=jv7@oS zaj0>maiVduaa-dY<6PrB;}YZP#x~~6KQn$| z{K5E>v6_jFiM@%liN8s#Nmr8$lL00}OeUGkG?{0z$Yg~{rO9rSgC-|TPMKUXsW*9I z(qQu5;X_9FR)3&DBrUj-0Ooy2cH!U}S4R_cjkSk2Y^%o?@P3-p721`7rY_ z=Htw#o3AooXTHIFi}`Nz6Xtd1m&`Al-!pG8|6=~#T*<=T!qLLp!q+0$BHSX@qOnD? zMO%xG7Fia3EQ&0KTa;N$wOC-W%Hp6!jm0^O%NAEHURivwP_s0!G_!QJbhq@h^tX(( zOtfrfnQYnCvdFU3a)RX~%ej`zELT`=x7=yTpAc9!Sbnlpv$C+VwX(Mgv*^-r3&O-rL^aKF~hVKE*!OzN3AHeINTW z`wIJ+_N(kS*l)2vXkTN0!v2!|P5XQHuk0J_KiMleXgHWSm^rvQL^{Me#5=TbNOQ<` z=;JWRVVJ{khjNE`4oe(1Ic#^>>rmrx%AwZbvcpw}n+~@f-aCA7_~IbvsN!hgXy)kb z=<68i81LB3G1;-mvD9&r<8;T_jtd+YIj(cu;<(?j*0Ij9b2(+Q_jPM4f+I=ymw z?_}a^<{ao8?A*dR)w!*6nsXoLT<0R^0nWpnXFAVwUf{gSd6RRc^KR!V=Njj8&i9;O zIV-rRxM;Z;xLCN@xY)Y*xXPn~?NZ`W>N4A9k;`6}{Vr85mt3y8 zTz9$c^1|hVi-N0?tDdW^tG#QqYh%~0u34@*u6eE{u4S%cTq|7Xxh`>C<+{%Gplh}3 zCD+TY_gtU2zHn`Dm2)$2vvPBE^L9&iYwMQgmgUyRE!VBct;}tl+XT1SZVTLYyX|$W zajSK^>2}ZUncEw;FK!0z&hEbM{_c_P(eBOMlil08=eXy(=eZAYpX5Hw*6`NzcJ_Alj`dFTZsy&>JH@-bcb<2N_b~5L z?=tTd-s`+8y{o+I|48|oYH zo9Nrjx2tcuZ?JTHeHZzz@!jHE?R(7klJ9lj7rq~Szx%5B8Tpy`S^2s8 z1^RXL>*|-`*T*l-+2)GbXAMhsNdw^P? zNuX7rXP|#zcwlT`N?=xCUSL7sfWRSv!vaeKCk0jn&JCOwxFm3A;Qqjafz^SR0&fOB z3Vao)6r>WQ7i1sg8x$B6926eZA}Bd1HK=1ydQhLB+@J|T6+s(yEUY2yTbM$)UbscLZMc27XLx9MVt8tJ$MCf9g76{XrQzek=Y=l{UlG14 zd_(xo@ZI6n;itmSg^tjJUTKuHo9YU zT69))cJ!d=VbK$!r$%pxJ{VmaeIfd0^pogk(Ql%^MO(z!#yG~f$N0uX$Hd1Z#&nHI zkI9b7jTsX&HD+1NnwTvyJ7f08T#vaO^DO2=%%>Q&SdCb{Sfg0mSpV3-*znls*p9JT zv3+6(#14s_9=k4fXYBsigR!S#AH}|kZHWC8s}!daXBKA@XCLPp=N%Uxmm1eLu5(;^ zTv6PxxU#tNxN&h)<7US#h}#}l6L%`^Lfp-`dvR~#RN{5wZQ>o{o#XxEgX2TvljGaR z=fqElpAZEdE9OoA^)hY6%(%CJFWlt_k4@(FutO z%@R@)QWH8RWF_P!lqFOoEJ;|Aur6Uk!v2JV2`3URCtOeXl<*}%DN!%cAkjV1H!(Ib zDKRy%ZDM-jfW%>m!xJkKmnCjU+?2RC@mOM9OWvk5sbxY^%f@Lr{rYDW7N=zm{>PE)HE!gWo5qVZfBpK$jsJ34T5d_-f4jUWuW$dXw1SfK%zwL&w11tS zmd@`P{`+kT3jhB7&u!x2#Y6h>Jo^3Zyg$$4x%}fgKfX`P$m>^BT%423E*1CrZcn~{mX5CEMw81>m#o7kMI94`&V4nx2RW6&tkScC!^2L$7c74 z{hpIwn3s{x3!y*H7q2J%_&PtwuSdT>&;Plu;XGGzmDihIej`e*f%@k~qlmK2HG zQZTX}gJgrV3iBl1hc_>i4W=Tet*s<)K^u9TnvOnLp_g~-t+y-&&bXgI_Q7AS^65r?a%MtG*_s0XvH$;Rlv?>GQug=1&M(ZuWEyXEoSrM5=igon6gBhX16bJFzbq705{x{^$$M|{PSbI%fQ@#;LaS+#wanRJY z;CPo zzW=-raoNw?|Gds$Z}->B#C89BxBGc}aVoC+^C0d|ocGuJ`s-te`xKY`+-`B*zdnuv zmy65(xC6 zy$|vI-w!|UPuxa){nzdL`*p?l;_{!{{rBztPuCaQ{BuA2ef$5@^~FB;xnIQBpa0X9 z{&L>W?HAAg=kpTV@$>t??oV;v|LFGq<)QxPzT^p4 zY0kAKL6&VV{F-ANz51I&U0PXISNj{wHq5f@(a=s--g@uCORg&Uvu5RHYX-J#x{r4U zD(e#_p8jvO{cDeSZtyqJ zQfxKYe|1~ib+;||WIq2=uGr!FEA{bD3)**8)*MzjTc>-fx_EUCsZp^~4!> znmVR0ICJm3lll3VecpI~R=zr3HSfPkU#Shl`#$WIJ_0Bil$<0QdldTCmfAZ&k|9Sd<_W%FF{co!(XI>bgziQ0G z%VP_E)!o0Rv(wyaXVc#A?nao;=oPTTNaLDg*^`rQ7n?u6zW4BT#aoj8@KFpsO#LVvyvB2sa|RyzGQSt=SMGW(p~e<+`YVMm&MKgw)ssg&ni!KzO=d1 zn(5n~&Y4tkvugDBoj0beJXF!*UEqlTW#73!*Zt?||5^Y4jn-d&)U=@L&)d!q&3CH0 zcw=jKr$)Ce;jT$+aQoEss3fP5x--D+w;+TCl8zKFa9__(9$Ymw)cA*mv!}@`bMq!eXj2xxnu8*hxL~a8PWFO_#G8% zhi`t_yYHSJ$GpC59-O%1;FPQpJ0mZhs&a7PPZbN>U0gcrt-HU^z0#!gqT`b`?>UqE zSiR!iiFJ0~zg6Sly3Z;f?|&wF|LvB)&kSfk^2SM1r;-^ZJ5NdL5;^GZn>&5`yPf^k>0dXX(y~&%51enES`anM)d^by%sJ*Z1n^+o@)HfFSExF`^L6*?3kJm5G|01hd<)>Z3p88(!uW-@6a&X)5SvTe^Y&hVX)Q7e9 zl!+Kq``OCK8UyZ(ShViA&-M}5V{Csu%>4G99~Wn|nHurv*0=@Jx|R){6j{r7a{MPk z%j0+3H{V~Q{1?wln7YmAeYIP1-pv*B{nVFplc!(US10*K;a8^YLHi5O&A#*V1*zSK zTVa3eW6m+9H@2zNJwg-e`>Wy;f*p1rt4-S3PN}bcK*UdO&fq=fH%Ps%=sws z)I9t(alzq`&NU48Q{xzcfAG^}rKkD7%HLjK(QDxQkNyGf{896B17NXtm8o}7U@?BY z-tZJE={a7RLT7$Te@W6;g=hYdw79<{sXIR|Eek^%bESMBwh0;l%M;>f{vU7gHEiIdnc9IA@MhQT(yJ;$P9TYXVocsi($ zlH?<|CO9D$^&~VgJds*Imh3nk76c4wXs{GNce|r>@>frR$4IeV|B|7p4CxW%TcAX#SW{=o}p!nL$rDWUd)fJB4MQoEzKELrJ1el#zz|# zZru6Ft4wk@BpBy5IA|H{!UuOmVvwL%vD(D^FoID$2$yB?XKO%Mv`M$-=uJeY!T}Ij z+3xYkRa#$iB1dkd8LWuHth4KB?TM{d2?i{YrE85Uq$$T_%duen$c{n~yA@h7)5~jH zsa!^BiA%=w5_7D1LFg2N-6s2I>1{S`y1v-j81*))tW=p!jMNq8LZDovH8zV4BP}gZ z>9Gce6)q*-rZw8B6eS$NQp6I@Zq*u$daF#6kA6tS6DJt5vn(w0KuoJ~Ds!4D8*$SW zpH$$igv9bRYKvv3AQnC&GxF*qpf^*c87wvxm8dwlV2#hhnz#x}Vd&4PPMdO!MpcR) z^-Hhf^%iZ##+tEUQl*;pd?iqiMMR^@!o(8HTD^tZigE$dY!R0RSwc|t%y}qMgD3nK&gL37&pf_Zna$$oZc4fwCr^hQ zDe+R2lgc$7r5_d`%_x`xNer9Km>a0FnvKR3Ejj?L-HsRd*)#MitrmfQ zk;R5I19}#5K{eB4&O??+=|w%vF>#!uui`l%;j^^1OsSqoI4N(Wypr*#qhgf;Upc8* zy9Ez90-?B{T(O<~c<$_0lHyMzWVI2CYBTyPD5YvF=x0$ghsTnpeji8xy8 zBH8jgd;65ddl25e@eYGOUd}(4bpBhKB;JF%c>B;AR3zRKZ^>^LaFk#4BYxu%??(*c z{~`ga=a*(U3PZHL6*%Hc>tROVrdIc2be@2{@#Kp*>P%@r1C6iLsifku;Gw>i#y7m! zct&sPgXvAx2eYb-U`clXj@nN*y-A5;eMdCAE*b5f_w5k|y^*3|ItjF1%&6jnW1##> z>x`5J%3n*cx6j2yPag}OK}mRedHO6&_ViKVDTG^v#}5zja`#&ZKQ%qQJ$;H0UO+f? zAH4f}`cy^$ijVT_|LtF#MQ?)kN=;50Vv4sP8Zk3?15$IH)VGJepo0pZl0oaRH^t0U z9KSk{ynKKP7ssa#f|?Cj#exVid|M3*PXZRm0T-2s7QWWhSp!zBvqfL z%`w{XpWlyzZ%3;(3Sebo->It5cANV0>&g4UOHT zj}Z)&0@HL2(+w3csu^kl!WENCXSL9-qA=8Hx_g~;F{z&WxAbf2Z&dlWQFVvzj^lmW zD8i@0CWJ>Lf1OEEIseq}7tgmN5#Bz#6k`MR5ywQF)K@MG0## zmcppQ`TmC62onb4r;0EXhwC^+{if?!Ly@?SH8gfz1TW=yMq}4i7aWaUw_R{Rv7aQX z1plAJEv2&v>7;&tHr}r3bSKw;5?2|dhw_eou5od!qZ}mINd_sfx7ojZ9=LywV0n zw5+$4tqh!oNh8`l7>&Z7A;Y3QgTV?rg#?SfT= zxurNqX43&tJ9nC^n)H~8A%j&ceLNznSMnSYbwe7!X^tpQb14AmWQ59f*Qy{$eIt@3 zu_#{W%v{k&QU&7o-_T7$|BG=&{1@ZO{x8NwWknDDX#B88dHXD!2K{t8^wUo;md(X8 z!_#N#Ea2eYH5)nv9t-?-;kggDY7TICE&{$d1-dTYT|WX1+`I5_?rz3W_j;p3A7t&+ zS1ngooL69TQY)D*NQxZ#Os1TvJJ4w?*vl)vyNPeB_(pK%PidyU*zzf4#N&5_%Q(U~r6P5C zST4@7F+(cqmCQ`yPr^{|qhX5(_znfeO&BgIAvsu9Qpip%j@APxgcY`7EF&NVwt}n_ zWI1bMj&$ajUX@ZQ)9^V8@}KfVwpsFi$`OUsMh^uVKRO3TDiE@_A^ntga^n1Z0cX(QjfcjdhPIZev>wwC zidPSO^A#Q)7|=3|uk(hoC80#K*_fd>S^@(SOj?UA!_0!P8()`$wluQsW%$YPG4)v?aE7@ zafimmsFSeP5A_=IF|Adc!thB$Sfspd0DA@`>l~#8y=xY}uM$`C0n1Yr2ul7kEbGF2 z>Oy|XZk=GKsSCl1DFO2*Se}Q#UolN#{(vQK+K0heU}^@T!{cc)10@hY8FrYa_&y7S z2*W;&5P1g&9;iJ{NVVrA*~Cc; z34x-ahw#fPVNr^gz59;<4<7-m?#S72LuBPahvVQ};tR#3KM#2-pu# zA^GEXQGAnI`IG7xE&A3ERH3Sg!hy)qAF#THCdn<34qCOt5(#<*UbZ$;TnfBG%Yv|pa0Z$R0i+I#G@V<%XH_S2c9J!5pbO-YaJQh5I zdY1G#g16s2;O-;6csNJ?U-b}vPw_klJ)S~5!b{XokCHx9OO$k?EyS_cMR=6q$t|aw z$!*ct@Et4f(fIt9M|vL7UH>&$H%MWe@*UPWf5OFF83h3i^%;(Nk_Sha?2l4 zB28}dyFAi>aR06Rp6XrFrz_(8xBNC4Z0zGt=W?LWqxmt8A=`5O7NjB)59bs5dIjbpu0IXY0!tCE^3Rw7zDVF z7xto8%0&8N7A6D+?Bx^JkI6(M_s>|?&p{W$#(c@{Lm{l#=K$5qV&>a}WO~VubW#|< z9rzq;E-AMX56PmVjEkjHL4);b_Fb+NhG!B!?pEw)z*3N1Ycgly+hSFU)@C5#C3>;X zV}px?v%|8eq?YYg;=n@VE@^~XRcus3B8@kE-o|mVp6KLDe(Za4$|(MQGcPhMDp2|? zT9#K#L6++U;T5$cfG18ab(XPM;#V0=Y4q(h>E|3LF6kqGbz+{{j1V9V>&&3ZL2r)$ zC>lp^>A>;4lh*B7lq?M23&4Gy*W#rz;cMhjKw=*?v<>R_ zWt?oi6>&;6NTO4!LK04?4k>W5N+jYa#sC&MkJll+XtoBOD~{`dz$?-!QIqV&@e~4h z4b?)n57R#=K#b3U3kYak9M`68F3EBpFd^?UOa7#-v{5vg^RPJ`2xQa4Z__-LYz0y`n+RP@& z=j6wF-dFh1DIf0mQS^4RM%;_b(&5At$6UCC;|1Z!U{;oDR+Ji6Av6itk;&>H3Q*1S z#-gF&)q-j*7NjG*7^m#d3c<#XB`Fq``Ms(T9CC7AZQA~GT=0KoT$0~w#)W41k8zRz ztKyRVUN0`#^Pn^E>`~^Ah<7S4%7<6U^>58e;_XD|C^goPpm?#A6{C(0cU$tWrV;0v zaWJ#F#6zDOh^?lWpQGuDbw-qp6F+8rDb0rMk_ z-f{8x!T}TL1Xk7E@}@j<(+%)GP|iQjn_AB6@n$9Qs&2!DH*1fuWW0IlcK}=c^7&S zZ*k_2?hm`2_0F`Sa^u8Tp*(6t<CoGbid!+U8W z;^Si2_@=-^iza=U3_vu2aN;L7BA0Y4@yc{l@rCzJj1T6K$mt+@M|P9Eq$u%E2uRuG zX<#@iDbZgH!3|R)j-^<1LoeoY0wv6K7RH}q<>m?6Ea0|gvwUC`+O_e4C$H#Oq7dcd zu#WGQll^sa-QxbKDKvah8aV8J9OfDNT6Cm?DR_0qH&3*~)_~fm7}&uOC83BHlMO7H zIKmoi8m%2?N{O1h%oBLCNzyj@5ZP#VM%J1ZV5(Hr2aP# z(-Jm1N^aMtNP8@ldOVe{h*RkBGR|qfVhAu(SZ33sDGcfGYEo*@w{odS3hWzZcqkF> z@HF7N;LUt)B=e=cAC$Ms2@c!)0i?L~gWF|ASp57=#yQz)L4!^JL#}AMCB~$sGmHZ# zeljPp{pR8sV$3Z~D#Zz-c#N1ChlgP&8$TH=B_}Nnd(z2}A%0arYdf-jta2ho{*W!J z3f{DriEKoE;cLwMLRzKX={2Lt&!beoU8+0txb*F$_@*O$-2Ei{^VGVfYWzB{@Os6i zH&eMSfHN7`9V&D|FF#;nB--f4}$A=S{B~&1byacP3xw zQ|V4-gG0w{&+-<%QxI868OfaUPuo_>+`n$aPfgf7OOl)HswDUJ?AG1p9N+u=Z1~0n zpMAA*%HZjf_9(-X8)VYY!^KaMozO2flqxsIyX5+nkAnk})nP@OPwqUmwecH4q4kqq zZrEJGdwb@Fog)J(PyMR9=Qlqm@2*s@bwJ^XO8sls-QG?&e&dt+e?`~3aP3fN&ceQ4 z-BQDjkD4<^7}44}zN(8aZn@vN^0}tr{rfk2mxPki;|DjT=d(7`27gv#@sQfWgu&^y zCGQP6w94kpqZq`}K)mQz%(pngmHzp9|5i&ccfNjg_J^f1uRQgwQN8v&(~D8TZ+ccK zGeuo_T;K1LgFcwp^600{#_YTE^X+E$R*XAPZ^xuk?LJ($_nn8T)pk?ujwzFt&Yj)o zN$|z@5}UP8D)IY(ok>lN9TEq&x8|1H+_u{J?lT*;Fb|kNd*`%iXPZ8KRC{}qPpS;N zdB(r;#`{}#l^e9~aP1MJJ{=NTd)U<9Drky}%rSd)F{2)}^S#jf?ebqn7A+le`*w}N z2lq5(HZ>_9X+IL>#+dHn?>D9(| zVf?!-T0giKUgub*x{DxuKjy>In@g6wd1!v;AJXd2*bp)=byQHPE*tAUZL)SyX3V== z7xfsJckgxT|FUiJA>9 zhSxkj`*B!Queo6v)z)sW*0^(8i&=NAa|S+Y)OC;gD~~R#y|isQS;j85?(RB%$MoC< zN7K~*nh$^W96Rp)ovmhOjy&iQ`K0XUM>=lYzh%O_ZfmxgH^1{y`_!^hc}e|`|MHfX zODs5AernB1o#%M@-2dtA?>D)WgR-qEy(IkegY`~a_^N+q!>jYk>r$8eI@>#_!{VwL zrxWfj-g^B~RDQ_s=kp9d-rPT7mvyzl9O>CzZ$Dbwu<7=Y^yXWdm3jB~--|{MziIjM z{96j+`?c)PH%OcbfImmHMQmB0M=I`CQO4 z{&~GO-`yS5x72~9A@8m^xWC(=rN>elW*#?G9o{r=l<1H*$GskuriIDM$SGbqSgNN7vhxsb7%t`yH`; zT^EA{Qqy?ederSV_eJ9heN#oFPw zZd|=tZonE-*Te$}Z!C;RT%S?>aJ|f+=RXWB@nDThyz>WsvS7f}?7xo2HyS_n(>Gkx zbz_4^)skfsJP&j%oHM)m#RWfna;>ThhnFv3zJ9v2BUfew^fGRHalHJT`wixGx!e1z z9t%Au54jON`TbTc+OI8pdR${mPu2dq+Xl{W)O2vCv%f#=)obBze~;VZcfFrS!>hmi zR$;FyYvFT`(?z2K7Hmv9Z+bMS{_vNRu5MLI1$lm4dZSNh-mxmX+SmQMw@T-luHiO& z)hRDpXKyMuCU@+j={Y~|T>MhWfxBNnT@8Dc`m>o|TH?A#KX{&4s{YKop+|{hv&U6C zz4fh?S)J1})_hof+caG6-GBNgi@!e|nQ-LVplweR*X>tpZuYI}b#20wAn(#&*G_7_ zx}LeC`Nyl1Oru86SzG_hA+1S8aYcuve!4z{5Xm>YCARXV1qJ7ey?^`SrCwS1+wLfAqtz z4(xueYuJrX{WUUDo|Ftl7?#D+ALCb9by(O>%<9 z>*qh+S~95W-SZPFS(?`?8)*%i(|6$Y%%o?#@6TQ~@7J~C8thu!xkAM!If582x5Fwy2cqNDnDq zA1S>R%FD5O@9Gd{JJPlQ`Q>`-r4oLABd6dSpMpp4o@y|sQ;WL;f38~RN&KVx-%i+*E&?7J_h-`ZQ1clj=!cJ9uQ_rdQ4B{Ao-@-?TnUqr{e%K1)mu=LAPym{(= zYyaohI*xzjD#r=W8nchC-}Yi>pM!IEK3j8X;N9n+6&`6?<7^9k?`>HV2Mitj`Kf`u zn!bPSuYje8Zhh0W@urUkPl)MoH@ozULd~~5!n%OrNIW})2G-J*H-09`L2nX@l|THI zKMV@1nBqc2|N8S1I!3o|ab?J&X-hoj=lZpM^!QxNh;72hlb^NmpK|t2=I-~#CR7Xj z_I{_hyN*`jvE|RI7gm09pz5aej(m~i@kuyzwMCT^Gq2^2OMa_bLdS4H(mj;-FK|1(_ZK67KnhmUPdB2o<#GQOSkRplR^zbDlH zqDhi}#`NKR&hCG+Wc{A)hV1z(Kq2F!ea{-N`T0OjJ({%PC)FcK&adXqDVnps{>8>+ zmq^0)bQOu`r6jcYCZt8!aH;jrfAzUFX=Sg*Q6s%_n8;7|1AG(c8eEFk9BG3kW*;$&h@d&sy|$`h&~Dy<)pWy z2e`yeASAfkj%fY|KhIy{9#q)X>*kt9MZ-%JZhq9d_UA{}{dUnfd~T~&S@V*cEFB%J zJMz|!v8}tlw_^P1fvrAO#QUPr@6W4MG(-%xpa1&<%18Ru#>1QnLZuTz{>lsqjQW52 zuavMTykB6<{W%x>o;O)!SdxD8swHQ6#S!`nn>H`$FN`R&;LgactwY{B@YjhaS86=j zRkXd&1J zt6)dkh-YWFtx8&$GUM>LH@r&Beg2E@;U=g1{64B*)u+{FM|L=q*XXnF^aGas^}Ir* zGRyw1wjuJ1F^M(ibvrWUFP~#uTxHt2=Iph#kqbNS{Au9iBW;6&rShl+XP`S}QE}!f5SIXUH@{65Qeu!F5c=?A6@EhOI z`-|&)U!=~v(OdOIxUu8v&zBo{g;k$)@#fz8!lyQ^xy_@MRlH8NN%^Lt@Ocxz#s$6a zjy~!?@aO7dr93@-@b<)@U(JG0EdE`8y_H*L(D?^g_MbVCH%d(Ks#r9j{mb3~by^mdYJ0r>!84zomgGUS9%UBeg5Wt%KflNG zhgkljJYJi|w^(s+S=@}om!q3(AAdRGr~GD@y((*c51rjmZsqjMGffYC^rXYH-fK^L z8fML$wK8-<-h|}z3CSb#hvesektl=?{3Ybx+An8++VjQpEBnfhe^lq``<{*#9l2uD zgx&L&`ZS*Vn({d1fe3h%C^x8v*OvVW2da#^<LL97 zSJcjH-!5CQYW0dC@AUh6*f+a>J>}nRd=-yJqrTQueA?Z<+IYcy{?SftK}v%4)UG|3 zgoan<{64kan+G5MHowE$M@JT|SJfQ+R?6 zzh}FBi_AyP)T{JL`8{+G`}SZ@x~k9bv|U6l~=+tSJ=O8{)EQIPDHmG z(d^4HgZovza&Pk=wL`0}5l(L!UZbUF`aaKx^WPrv-hnD#^lVdZjdsKokHgaglfAwz zxvJ^)^M9Q_;PH6ov&QwJ&;Mvt%J0#4WpYg+vGT!Vcjp{;$WJb^Lr@X9lT|J{B`*r} zKlyohSOd0>=`h0f_JgLsw|Z1%hHgoX-IQ#QoU8u!KS-O0kd`{)yfLuF$jN2vZ|hyRV_-+s&BGz1UR2TypE7l| z@aO&uKdgGc^0vA`54PoK?&-e{sxztW)2Fv=*?%WZ@(>1>SyIEZP3in!$28fobK)EK zo~AE7&^FsV!sDq=yi2B5zG=VSYNDZ@XYEFwKVCd3^=DG~6e4Z>*Hv;j-Y%>h9Flc?jKM&N6@$6#rMND-KW`NoLwT{o&n%)Z(urEP5MO4_`0_4*XIvffizqX92RP7i;l^gC5M zX{CBd>7@FWce%)BxmEG~W?9EK`92?isPwkcJN}o_?oncBM!9`k`ec2+WbMQn3;ntr znDuvVxZi@spO1>{`$wbB{v8VzKQ8qwsNn~j&rQAbaol7}(S_SB?=;+!G-B1f!poOt zKRvYL(AagV1kd!0#1{>!)cR`5wPRnFFR`Jg`ALa370wmCmtL^1^8E|pJ4U_vNHLs< z1IxXsK{E$E|9Ilms{Kkf8+LE?dM_#^shnHGP37#a%@JL(U!jcoPinEuz9bwA&|@9u(I{d;_p({X6G%#kNTT0VGqF1?%f z&p9VnHQu*;(X216@3k@>ACj~pPQAu|XyrtW$AHK|N5-F9AC>7nC^aW#P*|<=-5=!D zjw!11qF?J@XL+7&*mvy2N`*a>J=d%pR1llEtzhO-LA&n9m6^XjY`$~p`wi~+49;!) z)t;r>Ykc6*dqrI0_#;!=_l&D^p+{WTpQ_hvJL=oittD)GOTW6ZcwAm_;)^#Q272w# zEE(2meyLXPk4in%?)2hHHmVy^J&lC>_4*?U^>4qD4gZbezwGZ(!nAo=pJ`pbey{pW z|EE4(uCAK5c$VA@$u ztLr~n_RB{jgWGTNJJsXY6G83Y`RM$H{x9;T=!W@tNbQ5lk9am)*!xL`3V|ylGb?IK z`t0d2vT}WPj>~_Z-~Vf6>QUlRg%S1Y{yyV;)9h-SAD(E{fAFlAKTN*&;85nW!`(lr zzIyb_mD@l3vrl02>#Ng~zc4lJ{&)4h`7hsG5nmzZdeGJb-XmYU9N9FggcsNH%? za#Lf~UB}9II+;`M{Fj^eCc}bybo{t*6=#b8#TZ<<4O8IE*l!%&NE?b{ayH&|C-^{Ig`9V)p{d1k(j%>WP=EQIM6(1Yq z4o-Gl(;lw=GHJH0OsTomGwP3dXYaXri>lVX`EF193Df)U-Q3pd2Ax*w(Bq`}(oe<6AGOcQJov&ZB^R)7zYn4-xkF9A5f(gYunTw%^-Bwdqid`O{;k zz1A9L&xr7Ow;*7_!FTQBD+X@6;rWBd?fP|V_DNg)TkS66p8VE3a?SnC2NqDrz<(as zD(-u)*4~&kYro+Lss2fFCX9+MRX$8o{d;>axxCO>+uElrDc{cg{_8&@p)uxa4TLY{87I~}7!|X{D-hKQ@sUr?KU%Y*{ zO2ta$Ue2ss)*&aks^Kxg`c$l6XF_@jSFiojbVlj^U59@fwB^Xmp))N#mfhU{hA`kv zw{kmDtDOJvo4_?qZf-mI{C2sEFMk(4sJeS>`s_`@v-^`aEW0u2VbjSMyZ4$cn3p8X z^Id)J#MX^fhif;qy>z_GRjC zVk;j=Y%G^|Qme+FOdeebeDPlik0xmeL(|jab%Qe=>k}_E>e@Inb^eq1l=PP2_j=V4 z^3CZ*Wok~J@!9Fbl*i}GEgEyX?fNrM7YCGn_TBGuPJa3JytW^;`+Z;cODoFf_PgFX zaQ(A^flULhS6Cc=ph5NDDm*K!{#RE;q$L+unELJ1^nD+1`%2ckCArx+mwm6*y#{hU z-Er}B|F;Si;T_Hr9$kH!4tXIZ7U%CAsMgwTlToeZL|Be3Cz^m3MMP-qO75*RPNKA^XMK&l>$Wx?sY+dmn7*^M`Kw z>52iXyS#Oy-GJ!JapyzBCY&D^alP7D4|UmVruNGlolEQ+R82dx*MQl5=Cm~p{yF;M z(qSjx99nwETS<KqNnDu>Qqs+Q9IUsv8{}D_!S7^vGrO1S@rh}HP$`T@}=*<; zGW*YuTMjEX^XI?&SxirUef&-GrOXk-#(Iv4zgb&*>aIHP+b*~Nc(5q5(Fa!z-|n@? zE?=IVx?t~et*(^HAqTlC#)Q1Q6xA&1;|B*$q+RW%Oc&LoW?#&1bzzBAj|MbKZ`^oz zA%%1IW9bU<^T_M9H2u%3^=Bu~wd)!lOQ^ioE3Hv#!RF+|YZ`UC-}J#Vf4qO_y)VD% z-s;DeU7qH}kJ%V*ZRPpfq0K#-JUbFQRWR&3+il^P)-Q5@`byY*@}B==%L0{m^x{&< z>4DMVYaec0*m3ozCkM93UjA`P^6>MJ4UaQ_M?U-bDbxy-}%?eRrLe>#0(YUgL;Crzvn{ZeW_^&w_ycjJH~P2v#ohVaqCkM4KWZ0-K#!AJ9A z&(*6~)Fj(CWJgZ(7G2B6Y(2Db>|ZJ&JN@4N=3ibpJZ$2Mm#r@~o0nwqJh``nd9Bc8 z&L0OyzxQj`CxW)j)@?2Be*I)zsfneGJG@_{_~zALJmKO*uQiqLmG?QCeeMInXRo1G z)iLkf%Ut@$xR%Reb+__+kct$YtrZCrhXV&RIA{_&(D03Kjodp1+mW` zXQyrXrfblkcaq+-b=@J<80s~8;M~in2mex0(`jUjm)nPQ-m>Y%xBW++7}@CDA5HqE z#@Wj?sv=xkuw%2S{G#lhBYx~!Q{80l{VF~Iu&~h^i3`rwoVKeY^)bhj zdo^3Rs?gym;oJYCbJe;`*{D5}F{f%+Xen9%#ZRigzHmq5Y2GGEwb?N)^;;C^`+Xts z|MsJ*Oh1q0^z^~{9;%$UHm2pOYNsQThef0(B|n&vyfC8b#`K@+e||AJ`LD#ORhOqF zf8MKs_41J#!=l=DsdN4DreC}U#BZ8Dyz+p_OTr5W1by8)xlx&!3*qsI*7v^Q2JwN-#b+27R>IJPUnw4({BC^t2{MQ*v?cMkdOJ6C#cr`F-^+kF;$+64i9hO(uHEk?N9YS?~Jw2{#+>sB129>95LzHNw!& z>$acWnsWTqm!;;$_nP(G_FjuVrRJq{2!Gi=^ze`y_)ai)>j_oZiqXX7caosFu$S#j5ZPU*`(y`=r=QQ1cIUL3I0y!yCe zx8B*Y6US}){fplBCfB{b=iW_y+d9Ukb9U|SR`knB?`xY?N7hd8TyFkAvv_xseL$!1 zntm-ljyS#f>X_?aU#*kbr%vZ7gU|g?^mTNr=|hHJS~fRjz~DZU+6@vsyS9GiU;S?@ z|GBZ$1WU((-+$0%+>7taSFQC8jAh+FqMVcRwIbZ457Q(6u;%LYa|J!p3JR9Iv1Hb- z$9G%uOIH&f_2~ZK_HJE;GWq>)9ehh#8vlFeM{BcwW7?o2KGF$2@i_D-LFmdObBTo` zi~aWs6jutJe1s0U04V zC>nRa@=_+z1pCgjVPU^4XrS8qeCfbl5NL~?pIv)ofw#{$fc{8t@*#k$K#o;O_z77hyZ#y?|%ubN_{a_W^ESz~Oy>_XGAZa`-;r z1Aw23{A<)9|kN8cfdcAzX;pme+0142=2cS z@KL}EMR*_Jp8)%f$8uO$;_Y)5aK<ae|MP&y zPjtYm01ukX;ok6H4Yzx zZmoJHMknwSHdJ&8hf1sR_Ya^WP57B0IK+;fx=*yPK_hgRC3ZvBrtRzV3~cX4fLFwiFXoCfX0*M7TDA>vBQeg@ zC>{cBlgM2P)g7f9x`4o-;v8QUeSn*sD4t*b{(+1o&OXF3jmmoGuKaPk57kj8VmCb9 zk+JU)SuVL_+}52GxF?`^{dY_GiZb(eN9=}Ykh|Dro^Ip~2y_?1oxD9wtHfbnw z+tmu?%0{UZ^tx72J;GbXX)}$u#)}`=go6sDF|19SV*NwQa%E$2fRruAVAs+qV02AX zcqk55heuC3Vijk3F%KO5sW;KhHoOz6D=Fcxj<>ZOZ~On{cwNq4W9g)G@Lch9H7DWy z`~w18w`tq1eNb>nXjnKqlgfpbooOJQr6;8=dZqKdO0-^}cEQoSD^bKjb!Mi-BhVvg zPDVd(JiX!10Q@6*Bj8&o(y#Y29;ON21S>b~QW!hJ9KoGKD@b1ve}pdtp6()A z>4Kk3_@>Th+RX+|c~2C@JrB712roc*nmZBeCBQ92SSdXVMcK%Y(nJ2_rXTT;(j)EZ zmhihkN3uzCLCdfx}^ zSA*v{!6f%15l88yABB4g+@;NZ?q0DRBJ>r-*~-EWjNB zKdI`BM|z~Rl3b(VFS1}Scj=i98j_P4K|n>}7E-uoCFOgxC_SryQ|9YM#6>dDk0RLu z|4e_}KZujgGO-V~caWxSfJPl2n;0A$7ZVj64H`>JGY)^Y(%Tdwp7&>IX}37s7THbT zj7WFYabBU3IMM)jfyP6F#cjKZz2ZOuUi_Fp-0_AZu{HKQvv}rWBEJ-nhjpBdrbU<( zJT}~KLE%N->^wC#Ex-wC;;~}5yVIs88u9oUoOd7}af5Ry9Os}B4ZG*AC7u3=b2P-W z{W#9zbZ#EU(TRh&G|Fx)2o0vQLzJhgAx(-CDU_l4p)7PN1wU^DXGh>*BAomH*rh)d zZ*nPy$AK=qm!vvK?OGL6lAV*P#=8j5ky!LO>XJSdJX7)b;apVLb5aqM{R-iyig)g# z?gO?YBP<>|C-oxU>fYen2TxznYrqdrQ9roxsPS0vNIdE7oR$FjoK#o5d~hei%tl)1 zp?jCg_bGvdrpdVrrw58Op~1h|Wc7C%3{>E4O1 zpr49|aP$igb=+ZsGi$YqYu{XC*U0Axvq9PE<_XSAlG)FSe86)A5BXSf`TM^37Hk|Y z65l-ZYy7w4ELl89a$L`G)yU`f;v5xL&2Vs#Tz9)kr#z{eI8KOZ+Cfm@aeTdeJQaL! zwzMNmMnQ_zkP57GnPuYOM1J5m9cHMCiweVO#>^rb!OlsgMoXA-0_zi04p?nA7VyJA zale~*UUIN__eO~Lj-%5>JE(+Ev7N#xB%qy>Yz_Sa@+l@~c`OC!8mA+>ZV1a4Br#kM@JG33a3 z#}Cx$&tJSxcH^hP9bPl!Vq%D;CgtR)0jv3ri3-@k_iWnj+r8V@R7s9 zZ6d%CpTXQe#US5-pdy}8as3+lwKw)2&_Rg6fov*Y)+})@xi%HoFt%uD%xTJSsX_e$cy;_n}^z_e?@@ee&ulQj@{OTb7nko44AEn99cO*hx=EQFvW@MB#_f4RYN0} zgYk7i5+4^7i^~;9{9SR#8kG*E$ZqcSRY|8Mk$OT`Qqt9qf{78CO(wd&Lp)mvXWnad zI=uyEN8DDevhiy-xZVN3471J7j*C`$&^h@;ES?0+&dqlX3>sUGE(0?;Bhyb@4=1*3 z(-pUu)0x0*3W&QmFcrs@8@Pd-9n$Z>>yVAOvt0CX;Egz5Qg3qL=`>@U){Oh5NqKU* zFIc>^f#*GY0XT5_gA$$7|^P#mMkr z9C5{QQr>H*aCqI6oK#QgR87julmg04(Vxm2PRU=4LnEhM45y)h8iPfqqs*7W#RT^V z$3a?AbcQ9-v$n+F?9LsDj`z4(8nk6jM`@SBklRlT&oW2p_G9!^=OtcZP=+UAaX1=I z;^tw*;MATYkWK8EFx<)%D;*fd++x0lb;J2znuO3qwI&`}DMUo!2v6}~G3I7i>{Y-i zmr8!ruZUg(xqHP&Q85X)vz4Wv$}urGJ`qQ=31a0IYdgP_F3pUC8O58>>D~yrl8d(; zrC80GAg~y4WjF5IQ8pJLJT5{70|mM{GmNFI+EAYhlLiiov*TnhXq#g^!b5`r)fFiN_**4rvm1Wo1AbISbXZu!)Rxj8++0rTWJnw-QO;>fqdK2P zY3f9Y>I|JZUumz=rs&X-fwfCs@bj}NT&h`Xu{J@1*zaN&{=P518+7HcP$<0{`nAr- zxFgW5YfPsD4>*N}csI0(zMT@(!J**^tsqlE=W?!bQ?^jlf?a13GVFHrNO0?otgy+G z8YAK9od)l8vxTOu0_|8-g2o&H^NqwY|J!SRJ=f$jp60r*irLPVgUUWw7*t~sXc zN|}t@?m+o0mXp*Cy2y)qqt&tdWpVeSZwhpYOlk^IaVnfk%`Rl3@^LK}YAKXRv?6GA z2KV(zq@e@5({U`k)FzyHA^ueIWm!h)A#u%gw-Z{W>_+E~o1b1oAx7TF{MmI;{n>xw zZlp`J|ED}yp#JPX@qj|6fyR+#Lj`gC-i2`zmIfATk&Pjw9h)OC=^cC=9^#lOBYm6GDA1>R#IAYJig%nC8 zXySuo!(OLq%5|G22>r8CHS|WsZ0Y6)F@!#5$VhjsN-7gwk0wnHBZ7OjP*G3Rp;fEA zyu6k)w$inzW@~yY@j8oEY1-_T8TKsFiyXhMU9Fg-Zd85s8dPgEv8qWFtEBKp5z>6cL>^O7ki{fu(UDe(LzxZYW4-(8wsn5FC~qtd4Tr zg%%s0=nU)a=#K2rT@5;0H^xGU)!TzDh7fj&Da~iV7W*`{f=S3?|9c5$!760p?qoY) z+^63+73JtD({fPOp+>V!@8)W` zNZg|?-73f3{6;zMjz)g-8|NG__g7oZIw(z2P}pxoSiF!fF@v;T*;|lc(OU?M!kvx5 zeH`NkRg(U!!s2Ew{w76%&F5~A!J za9n7D+5rjB$JGf+I5fry6e44SLzVtaA4gosKbqGF1{fEOT)7iy<_#}_�xj6Pp)9 zDn2i!?mZQ%8gxlEe{|G2o)mSKsFXiKxP|Bwek1Da0&n`TJl1lm9$K#ibH=d$iczTyo+}&oi_D7u5TS5j6 zoHXpKnlM~bhO@JN*a;0A54&GVhz+K?o5D(55K!m)|Ghq+WMQ>aXVxJPMc%T2&0Rfobt);%hn)m8KHDXf}AeUCt^{Sv#c0El zLlffpt-vf=B_Hl*vzRe|DJGLvE6FbgSL6-+Y;SdDdKHM{=XNhVsSKyOLqDQXDLVOhfp zXAJB_M3F0HqYeprW0ob6?0U|ARBgeZ*SaW08>75}AL$YXJ6*iTb4$rr42xxzXtQ)t zwR`_yyB%YKs~_8GfRbVr)kS6=H>-z<5T9uU#mW-$DKZ6lYbzEUI*CD@H zfg;mf<+I9RC5qxSundxXEPLI_NBl$MqyI4tTB|Mt*2!1$q4HfZ*H>WV5717RkipP}}N|=I;Gd=ty zRx*EGs;@DXMd_eLAI~bFE!*yk-oZ&uCqGO&VeE7AhjPKf;yM{~T3lM36$-tw-n;n6 z7w=o0!iVX}c+9SFcgW|$BY~~~R@QMB|6mJ*K?m_qaGVa~B76xd>OND*Urntkc5 zQOfa)j2_s5%32BRH+o&TDHVYrksz=gttuc?5(arpG>JKwAQ?q}5kMTwF9|kExOrF( z(D)COz%q#FsE+#Tv}$B0h9>H!MI7~JG|s``P5l|t$Z0VGI-^BAZVtkjY1KpItgK+M zo-^JcPeKK^>&1K*W+R2mttG=s+tqm7Qe#0`rx~nNexm#w?xi)@X+)6mX7pm}9#Jt+ zVzuc~e+R2kC|htvSh#sca5v!z#|M1{j?_kEkO4zBo5E4NA|GnU{9YxtQNoe03jbg} zTE)SN0A&y2DZ`tMsZ`YLic=+CYE`7ApxC4^6oGG!J*_>}1_dvMrD%wEVLn5|B$B!?5r+(qHkdNwMGGq{BML9#9RiBONN%^77K?}H4E-T#zuJ~pIsmfnm(0*J}xc9V6|s3I>NC95(z2NVe=0go=G;M z(ZSSew-&^ug<`YB5LoOpu)o07FJ5n>I>D3+_+boXQ!cUXP!V(6tmFrwZ8qNXQnyb0 zC=6|Sh5nH)`-pgUg{xRchz=b->l-jev+=ZNXhH!l-_G~V_2+qqDV&a43BqIi_C;qP z=YeU!c0$&JL$yl;IVQPy73L25gj?P*dU@nb>WqXC0VE|XR zqh`T2Y0a_Oc6cvt)fSQU8IelpX`sgU^j%_i}p>3(%P^} zt{{ku?}mNM>9~(O3~TPGLR2tWbWq+}6Px49;eiX2c)^{Op2g<5F`!FlY6iEl(H2Zp zAf|JM!{(-h#r?~)Pcs*72kUDBLzvmL(UngoM}_HN9iB2F4GJ^;R&kVE_+T zxKnl9P(*xEb#crpPVTT!z~(Hi!4wKJ87?};oSnn)V|ZGtHX?tZ(>b&>JJ%3MChn)A zsU*|j*v3<;HUe#@L%++~DQvI4qV9|iCIcW1Ip{XgT!|Lr0>+~J0%`&n{mE!gt(dAM z>nsyEj%jYzEH(0lhkradH(DS2df%?(uXd9}*fk1Kl= ztr!D%i1aX4C(5dz$&A@+a4ySn(LdI#a?EH|%#Yd^(uEI)e0vA^wnZ5Q$0kIn*vDCr zjSAhD?V1;;Bf{8(dO)jgzSxH^dLVwJO|NrYsmR0O`%UV57!PuTx9koS-S{F+rXjaP zLvER-O#*|SOOsOHgvelj0XZ)4-E;G@wyb9jE{?O(3{f~^a{LA!UqL7_`@yphg;?kx6B`InLpezf1;Q8 z6TQeE-=E6-$u03Gx5S^^5`S__{K+lxXY?X}Mi2fO(6pkc!sRe!Bb2Tqj|2`CS4N`R zu}jKbXwhT4p=DU?sd3>8OL>&dhS42$q&R>0s$_51u0%Hal<%l?6P8+|Tzs5( zalUG%ZqOJ;ssj2dT@Ll86bJM`>h5J6h8Y9RW2_OO?E?ZZOVb)LGeDTw1gUEi`#LNz zqq9vFyTvpFGo|AD60VF0{330s_jUB0Je}5bt;sNi^+<@D;jrDBe*Aw*cyg)2Dapk^_5&R8D{li z$VALMDczW9Vly@3&%iVpv=oPw`Lsuk=5LU~@JmZQFEs8qwED;~pQ0FPpBqO`2 ziVTG2FHYp5UQhDhy4>M4smot z95Rmgag+`<@=R-V6pEzfO8JvzPJw;IHMPipjP%yxXsk;*)hQMcbPBoZXpIgXXRsFA z=@j`y^?}UK+(OMKc$D^(9D|V*doDG~Bq6vb*rJW;2eKd9q86CKs6g#$W;A}WU zR!)|Trty~HwfW9?Da}gdDK#oFUe6UCfs7?o*QC0@hAA7{?kD6!$4W98F#k~2GL#n$ zds!K*PoNbjRZL_8rA5N~(n2L<*o6)w2_io%O+jUa%v>lH(`TvWh+(zN($4vCy+q`RSrrAONwu`iz%^_NB%w(w;-TpU zR)~2AEyLpafegoC>$pr0!;09Si~dpYl6V#KBibbBEa@h;9Z96acOOwEY_*ocQ7?eG zLx?s#U9@>{-W;EcxvJ#lf|rAEe5jVMeIzhjjU*p-PJua>TEh7zhOl}f!Y=+i-fSlt zQN~x`ddqo0bSwiIrL$a086;UbLr#YcOrct9DvjqcHfAFf@hpERABfroC#K9fFF|W_ z&>}9Uurf?yi~JbQg%`s~(JJXgTyGZ~4=$z|raUoHM;tQFkzcTegHDQA8CHte4NfUH z3s32Fsh4D6fB?!oS92W887bW%TDvYII5o>amO)0$<5S|D(nSRn#p{%^>|*r6+3xW1 z`gH92g85Kc9!k-qJmfge(g`OeOw0$+MVYdl$}^lcFtCuEMjaJ~j+^>fjD#WKa{jBM zq_#*{PAk`SB6Gq)V7E9&*(vHeC`I|iHmHmj^+;?I;Rr0o>r~fW<>6)TEF+b%8#=;; zIAoXVwiH%|m34;NgMyc$o-5OVDHzLU2rZ|L;dsu7IH^u6@`~4KG*(Kk6qeU>N`MQ_ zIjuab9C2}4h1|+IO0h|CDe+2K<+{j-Mfs(Ar<6;^DdcB3&P|F31|V8+NFy6F#wO>w z>+I)L|3gBf!Z0~y6MUy|7^-|R#D>yLo{zN{IoZ74O#9whyhM{_psI(w$(xi6wP>MHA`LWSanQ47s8FG#Fwjnr336Y_;^Iw~>nIW( zp9P}5D7eFqG-aAL48 z9u{82g<+p2U&C?G1*2M{g_vM{wDL)(!>>CmJIe6M*qp9}V=!yO+!CWI$XNU0amSi- zVYtOE1>exHmhC=4jRm6(6iXk!Jz*AKkU5^oRwqZ|9xiWOf%KQpnoVGgjAF1 ze-ZjK{i8IRW`%4`GpA;lX2#5%Ok*+#NN1MMSLWoEURW%%;&6 zd0ve9reHakGfT`xrPe3rqmt`Amy}%Z`K07}&ACzjpl0O<%W37O)+fqOu6Oy#^)5eH z4$hhD9-K4R+dfERpG-fpXk=eiNEOsN{&7KHO|WTM`NH+ekiK5aJV@gDmj#J1ZHyg^ zxf7FPjOps?m<0(Yh1K5rI~~64n>#Ni5ssFc&etaL6_nNR)>_TX*}>?9r$?+hxfIN) zQg%UA4MWwc#$mxbr(+WfO#4?yYMA^?pBWD4c+pK}jJ+-1PLAvC<6stQY}$h6yqQqt zP_wU{(4i5k*n8T2WW3-RyZGEHF5D9}i?oEKt)GWnIa zIl;C_?|Ji}OwXGq<6$}SVL6H?%Nf`wQ4aOz7u=F%_U#|c#RuEsm)Me?Ut6nZyR_?d z{K%%F$#~+qg6}gZ<%uW#fI|IbP$K<+!c-dK$uxueB-3yr)8onXT$D-A#gO#;sAL## zo=H$Y9bF54^6^?pKYu>gzU%&x}NnndvY)5oSfbI>QMvGMpkKBV3gouFB3T zEsd5&vr3~aN~1ZY(cIE#tI}xe(%fX`9G8|8X2}Ul%gG8?g~jH$3K=;qyedqRmC<9r ztjrerXsM4JeH_rEMMgB^vLQLi8fIn6AE=N06D4E?DRW(1%Pi-oLbSere|eN;@A|+WDZ;&TUIO$4WaN8637- zOEWS{bF<=5Q5x-D8s#+hDDB)u_2G18mqznSqrsK(kBf7Lw^Dr-(H^`qD4L~YofGkl z9$m9C^^p}`C|SA3W@KD>Nb(@(XXTc5K8np|XXhk7vm9hN%yby~sF!mIqZyYE%*<$) zjJ0>H6&FQfZL2KhQ@U1J;c<#)ly*L}v~#=C&K-NiS?2?um%K3Z!rEr!WrQa`FL{OM zWrU|cFC#qvd96~JTcvWhN@Z`A%HJwgK&xa4E!(;pE!%~W_F>IhwohJ*9YU8K-m2OA zCDL=@2S<_Pod}b8e7$F6hu3d*SncdqJ~){fE+wPoex=c4OQXFKg}AIjFNKR?7@nJ! z-Khire`Qec5pE}0*F+67TIMGsZf;OvqL%r|3g?Fhy=8t_RLlJEptsBqYu}RJDohoa z${k5%kEHTPQUyfPN=V+g`H|$Uo1Z+HR4-L-@?>IDZ zR_e55r4C>60Y%!>;mb-LzO2;YOWyZfTB&lgQ{}cu*%oOwwY3(hlhq=%wHDr5rW>k= zZ^uMnnVnc_kqCU}szsw2Y?%mjYqHcj5#%L;i0{0J@4Sdx#Yng@7aVcP5f>eC*%22W zap@5k9|_BE<4&G2?Jyj>n-L2Wa<-3)Ix!`sd9b~D3P-08ENo@a58 zKg;!sdOxGy9#55Eebn2FI)Bvpqs|}o_M+ZiG%U~i8TEcfy`NF3X(ux>iot%IR7;T`Q++?R0rz==6C`Ul@kYR~Vj;!ti_)hUcR&JRgPO`6vv}M`3t5 z7KYbjVR%6nX84E|X0%qvMbJm>(L)EC{|nVg^$6-fs8u@t!9^O)_{s5?Pi}eB(bwGk zWzUL?gTq*~O=(6p{~zeqE39U?JvJ8{=~ncP$CP&NTH1MFY3Jbac_KMpIWc$y5vb*P z<;38@@ydx=wu$bPmem?5R8yo-?T|t>LJHO1y>g;!dilTuf^K9yE1Hpv1pP^wpg*Zd z&`(mNojQ$*v=1X4!brz3a%>ps9!7eEk)EZU)%w3OC{g=C!6T2Qtd<-kAE)qeg<(b* z$qFOUFw!cFWF=KrcIcw1^vSi+)Y=xwbUDeGY7v~Y=zhuA{>j(@$=HF(*g?ry+hnX= zGS)tfWh8eZBQxoe^~*@sFC$sMjAZ>XlJ(2TP3BG3G$VNoGFm6s<|SiolCk6-WhD0~ zBU$H+WSuiob?%VN+c6nCBpEw28S9jcbxy_(OUAk+V@D-p;i<03I40@3C1b}XW8IUn z9?4iiGS({@J1!Y3OvZXAV||jbzR6g>WUPNOHXs=rn2Zf7jTY$M)=kgIG5FNYPuwcA zG}^N?I&5b5ncX8ZyJyVoo;9<3_RQ`%GrQ+vP!U`t6Ic<60&62JfFu#6X$h^MHRM4X z*bnmI05}j1g0|2O+CvBE2nWL5>@qlZ*&N>-!TKDIaSmy6NRvaF9FB1g>2gSy z!!gd`80T<|vq+ys`Yh6Ckv>Z&DNARGfvG+MuN7I8l$AwMS&UYL<-})@AUlX>6VD}< z%R$dQ0*(Z-<&rD+(Tiy7=%;3d9q^16Gr4v&^lTe+0}?R?&@D@&ehmAmo8ewaJNFga zF+e?xygZ28g+0%Vurr?#cI7j|j(o;`ZgDfiMm;lZ)HB0Io!)4V%c3)T%{ya8ipv;KvkgzAPP15P^h7YLXA5Vwq;l7;qsBAk52mNtdExZ$koST`skvMm_82I zM=O0Cp^qc=5!FYwKHBS}gFZ6!k*SaU_0dru2kYYyeH^NfEPdqb;{bhh)yGl#I9eaa zaDby3`pD7;M?52%tq(4SjA)KNa`n+tAFcG!S|52#zeGwqA70vdK=&(h7vFv=&wn2M z$!Jz88qK<=cXn1r%M6F@93Ja1T;I{lJsoB_?BI|YotCAYJC%0s-2I9}7T;c!_@qM- zEYYDzge@EYYKyGM!0uOa z_v@o&5X%Zaqrqpwvxg=HZDXhbNL8naFo!V%?F6 zbw?)Fbxo}6npoG?K_W@pM3T0_7FuR72G#+}$PP52J!c{CoP{6^#s_NP4#+I+?75>{ znmQ(v_Aia*mqrgPjUH4QZCe^`R~l_!8tqUT?N}N;xHNi5Y4p(2Xs6O>=hEn5rO_^> z(O7Bp@Y3iJrO_ixqg_j*N0mm8E{z^j8tqmZJ+3rbSQ_nJ8tqdW?OPh{R~qeK8Xdq@ zPW<+Iz8Bs+J30EaA#7?2<6-JH=BZbM^j>|8+8QJ$_G|J>f=!g8zm?3s$V(llX5e48=`@Oq}w+V80Bv7I=aM zzi<7r{RZ4Nh}!?jem5@f`ZoF5_HWsD#R+Y*CA@E6jH?7~Q~opiMYtu9YyY+VI@~5u zS`qnsqW(K@(Hq+2^HX<$Z)snM8waiN8E~Nee4NO`X`c_WUxr%)ZE)J>cJ`ZbJ7GWj zj`q1r+T_PzfBQr2i*QpwCqU&KX1@@(91gHQ+ofvX9|JC#OH(z6duB^q(cxHFTkUC2k?;zlSb=sr?GvD(GUr(0&7M zJH+g-vEPZyy}3>P;rR5wA-E}U1X9<^^-ez@w;Ya4PfUC#E`KT4bTdB*Hy4h=YkzNZ zISX)$;OJ)Qm*G~yG0prM+&bvi%&*67fMfAG4tKl!Ex4V)a3Jva+vok1Izo?T<&42q zKu^5t`EXcI+)^lTIZxWJ!mWp1&C1z@6UVunbxxmq3&$A>@wyJz+jqkWeQzrNd;7^a zq3QSyDNl+V8*#UIPgHKkV~w3G%ZX4*o)u7|q(LR3}#{f>SkJ(Sg&4nTO^uHCj z^`PG~PXF7D%e$>jK0i_1fU zFx=?}*w4o;gAw*8*ssHFgCdtR)P65cjIAD7xwFMd*KZGUxwx1LwcBO|BU@Q z+;%wA{#pCB_j0YlS@zG_&&4f;v++7^zq4PD+X7Q?P5xHWUcos{B>yca+*-qSK%O8iEChT9cuf{EaGJN{qYTPE6o-T>!-Ou@ga^gB}e|9-TaK%tz|E7H< zPQ>lE*|WIMzm25b3o}`(^51d#ZVzy6LM2Z3?|b&uI8o*FAKEX)iF55gwqJ`A=h=U1 zzXi7!c)cq)FT3sYS8@Dd7C!xN46Xud(k1aFxV4~vgOvWa2Pf)~I`98<`LPGNPT+i; z+Rx0d6Yc6W+9 zZZ3a0ZVgo19`!&{n zK5jW&ZhyM{X51dQ!v0MAyhpfBV4;1PeGzUNTxnkwmXBKsSK-x1Ki_^GZZlkMf02FU zQT7WK*@Vc)4Vc!-fZne+&CUHM@!--|~dG>`kahrVy z`$0HyyZsUNML2PXeS!TXoLG+6c^PD1ffGNoA7)>N6L;cuJWsJ-fD?DwPqJTv6D#b0 zY`+XA?#64omG&!?7Vfb>-+mQN+>6)!a-sb?+y+=_f4TiO+%CA!{#yIICm098{rL31 zuDC*Y0IB-iA^*XYB{u@4|`o_9N`~;>2(5$J^&_%*z+g*`HzG5htFvFSGB46C3bq zPtLO+f)l^9zrem2Ctk3>%)SCAUbJ6qKNlx9+TUuw3@3hXe~6K~sJW4{L{-mzb5-}a@ve6ijB zF8h8s@vi+t_Qg2yp8e15t8wCQ_Ur8z>oAK1TZzY`}uwBKc) zw~6xtJMF)=?}-y1*=PPw;yM|J6Cc~Rv9H95PwYF|FUE;o_D9;U#)(hud)aTsiO=i@ z+wZ}N&+Uus^Iy)(7rX5z*muK;FYM2cl)dC zSK`D!>~FMRj}u?pFSp-{6W`cBV806|{%QY&eeNr?pYSjHU)y)XiT|xg_S(O0 zUx^dn+P`hT7$^R1|B?M_ocPXukNswx(8Esc^LO@paNj@%UeBpkdlT2sUYy9p>p6a) zeeSF57i8HVY@d%4QTv#EN1VvEKgK?W6D{m}*>}T<9Q*$Eg*cIGKg50zPPDWiVLucn zTG^jsKL#gS+n;Vs)0&s6(5oY>EPru`zE*x$a^eg#hGix!nL$9^47 z9AJN`{RW&k(Ee)s%{Xz8{SEdzaiXpLt@e@4oKI+Hf0un8PPDgwz`h$!bg+NSz6d8e z+CODK1t$)+f7X63P8?$YqWwagIMn`C`z1Kh$^H%d6}UCf+5R2-^*C{u{fG9OaiWX; z=l0uiB4+=!{cfB%-2OZJy*P1%ea^Ru`y&63oI^O$et-LJIMLOrk;w1Zz?N{K$$@X8_ufvI<_IvHO;KVTd?0+Y&^IbSG z+{4)*ytQDoo6zAH|Qv_Hmv2u_T$KhAy}PK>r6Xg>`n#@L^1KNly) z+K;whf)l6MPq1H!6Q|mrVgC$HjI*C=zZoaS+t0M$i4&*U*V;$^#PNX%_H*pp;zY6i zrS{!$;&l6~?T6yTMEe`;i*cgF{#N^GI5EloF8jGSQELBy{UV(Bk^N)#%W>ii`={*J z;KXG6XYDuQ#F_Rl+Hc2+v+Q5BkNlbA183X6Vc!-frr5t@-wh|uvHvhEhih+Ne?v$s zraJxSPCpJOrrCdOUx^cC_TSkr#EI$lIo~DjixoIgZoj|%I-IDm?_j?fC*t;9?6>2@ z4Etm3cj3fL`{V4RZ_u}bO8bHK`8ZK!f3kfHC(gAWZQl=91n1dLu%C>Z2G#aw*jM7_ z!z{eotEu)&aLb^^zS4drZZ*`}pKreow+ZU(FSOr@+YRU2Utu5F%6>t;{bKvBxPH)J z|5N*MxGB(Rf2Vz;9L%~p0i(t6Z7zz7ka^d z9d09Bh|k2oWWN))3ogR*|H#YsyK#G9zSF;A{|zqkW?ufqc+E#`w$H`2g-h_N&+GOv zTsOGX{tf$nxFT3!|5y7-xG8X%{X6y*xH`Dp{%`j4aSP!J`w#6GfRd`)jd+ayhHp10-&3AokzZJI~7TM=S67MoKuH*c|HTd+uourNaB`^P4 zypG!eP9MXGpWt=e+S>QT^@GKD)u*HVIGnf+ujk$2_LFhdaJ~Jp_KR@h2K(Oj%Wz@| zUiBGlzXG=wZnPg_zZtg!Zn8hw{u^BMuX*`5+Yh%7kHb=Y`d?Sl7Q#>QI{qV_eh5z7 zg4g)&6#FqaajX65_7ym>%zkpXU0fsFh7ZO^_6u<0cKez3i*e!(`&#>DII-M*j{QoU z_?i8s_G@tBPW!9vpTUW{>~FB&h!ZRD+TUC4x8kCjoJ8-*UwS7iL;{Mu;%Y7>^{}KCE_HA+9;8DD;=Y#Br;wHgk zcpc~V_SLvWu*SZ#{VLpgc-+3L{Z^cK0?+>=J?!@~r!JmEYP&t{x06<^bveh`@4$(l z<8^%wu-}CfzrgFfpJX3-oAVA&*^jpGh!gAVi|u>j#4qj7v>${MPvg~&O}8I|6Th;r zwy(g6XY4PqufvI7+b^)6j}yPKzt(;sPCRSB)P4z0thc|@ei=^u)_#@!Dx7%E{t5ea zIPtvwGxi&B0roH0Z^et>*>ASri4!l_|HVG?4#yu}wBKRh7AH2^e`X)UiQn6QW8V)q z2>xK7nVGnrhvLLb_IdV`anoRveS7;loOszjW9-9ZqbqpJBfVC;nt#XTJ?6{%n7t{Vtq%!+xRtUYyu! zf4zPFcKT`Xru{Pet~l`*`+MvQapJG`tL=y4#5Vh1*iXWVx9r#3SK!3k_J6Ri#))_A zx7aVliS71p+b_Y1ckOrDFUN`Z?7y^Mg%f|X-)p}XCwADk$Vyyq8*$=&`+WPYIPrn~ zA@;j);zRqc_Iq(+r+qK`w(oLZz(@9j?0e$G$M(bRhvLL1_T%g)=)p~XZGjXFTsh=?Hlcv^I`Xm-aW=Z^wzR?3df`!3EggZy$M& z_5}WJzs5cnC;nmow0$R>_!_V0%Le;?xS{Y3Uj3*S?Z@H7Kk@qhca!}zocNdhYxZ?G z@jrMyAGg{s!il~1@7S-ziEr_$&jS@sQnV0Xlb8ozXB&(+2`4>!HL%P`S#D?M4o+H`%O5}#=fKd4xHG}zLWhPoY>z! zW}ml%vO)i#Li^R#zAH`~VBgJt2u>Vm-_yPrCl0bNw6DO4w)Xw(8*!qY{UG~=IMLpI zi2X90=wLt8el<>Xv@fz>j}r&mkFno^6NlK3v)_pmhuRn0@5PBu_LJ<}zRx~EXZy+a z-EiVC`ziKAaiWX;H2X<75wowbufU1J?JMo);=~d5)%J^V;z;{C`xQ9R)xObwElwO| zKi7UEP8@AN-+miT9Am%0em72ZvtMW*{eXK8ju}apDB~ z&GyT1Vu<|~`_(vcqWxC;^*C{o{Wkk8IB~N5cKe+;G1PvCePk!k1Q=$&)4nZE47cB9 z-wh{5*zdL|3x@4#y)Dl94E%w=i0Bq ziBs(J>^I=VsrLEyTXABXeOvooI5FP7qkZHfjvJh2-^sosPE4?m+4sbWV*9T4ML2P~ zeK-3lI5E+_r+pnxl-L*AFT{yS_WkUa;Y6wZAp6xg@gw^o_8W2H4Ev$>J8)vMeUW|S zW1eYnru`WEuDE`1mi;*UaX4|deX;#CoS0%i$-WLJ&at0tzW}!wer!L*ekD#!wV!6c z7AL0JSJ-dFi8A|2`)xQe-M-p>H%^q>*V*TOLf-@`>>KSn;Y8eiu6<9Om|;KPeke}N zv|nI91t%))7uq-CM3wy_`$af$uKi;Bj+i(!K~M&bNQieiBa9+dpbwi4zU>PuefQiAMW%_DgYMw*9Z| zSK-73_RrZrgWC*q@aoUMXukuu2j<$pY@hon`wR2zU$-yB6~Tq}Z`x16)xkyf@7OQG ziTQZ-58t<6juRK#e`LP~CoZx7)P56ATx$P?{WhFfVE=dfT{v->{XgxapV6;?%kes2 z-`cmu#o!9O=F>7;B--bmII$3~`LtH{MYwTrB|iOc60QQSYUUepOWWpEUDhaFbziGhd0D3)eOCi*U=}`euF= zZXMjv%x}bPfhEoScHAzwv6=q{m%E$!|7N};t{dFk%n!m1g{63nufR3Jt$3Z^{`O08t6-V^iT3Moo8UJ4k@j10JK=V`>NDOx@&)}0xWnm- z?PIu}upF=JXR>_}t{8r1UuIv4YlJ)P&$VBSTLyR8H`uSit%DWz^X=E;Hp1QZSK4pJ zZH0U6ueaZh+X?sD-)g@bCsyKh-LA0D{gU$t_u+LM?zZoU6Zhl!e`KY7C!Bb|>F>Ai ziW95wIxi2}55QUxO2G+h^t`+JSM4`S+FZj(v`O1x{?Y z&$FM86Yts|V80wE-m`CSzaA(4W`C&tR-D*jAG7}kC*HR|%D&rm{Chh1z`ncv7@YXf z{y6&uII+{dpZ#*2_{e^+{W{!6_!zJLt(g`;qpOaSPy6 zeEQ!i+y?lpnct1;bVHl`&+&TCe2mK(gsX(z_9gZUam(Qg`ybmsgWCdM;`O|%vfqQt zThb=~EBo{93vpv$kNrIRI@}`oyZvSMYj7LkANJRT<>PX1Y?J@B{f+jWaD(6*eEMHC zZYlh;ncs$s-qa@lU(I|WZXEniGhc^W411gTHMmXiZ8N_I*Y@T%`Txf2_}u1tcEgQ< z@9gikuf#0^o%EppV805t0W$Eq9v-*fgX_fahh*BXwI7O`0$KJ?*{2_q^!O6eu7GUP zYdrPze@UO7H$A?QGPXf3<*5Ga!*ckok&e*PexrRMZV0rp-)uh_*9ficx7shlEr&e& z?e=SNo1l&TPW!F6J+L2M{jS~i9r;a>A+W#wKkX}ULO-0O`e(LGv{#F8E8zh9R`wfl z;y}FaqXX@~!HI+HJKJ~Vw?;%;yz0}i5vEPmphuhz1zZWNt!0UM4X5W$DOA$xf-(%kmC%WQwoj+_}gcC>M)$e-T zei}|3ZT}1VYTPn7#^wCVek1N1=w|<0`$7D+$~ZXI{zdyr+(OV#O{zXG+porLgdX;< z+wZ|e`5l#>_HWvE#SMW1`*-Xo<3ulf`rks_N;uBx-*@_rxIIv4|A~Dk{pJevw*SJu z5w`;R*ne%m0Vn$6b$xzoALVyfL_hmztHk})PY(Lqx3;gti2?Qp+ONQgf%XU6Z^4N{ z_A&cBe$zz^wm-&x5>6a%-^+dxPMl!h-~Jh#7-B!feiu&gdy|R#(Y`Cc10zndKgGTh zCr-9M-F_8L47HzZzYQmb*-y3axPt2(hTG4upNtbD>}T1pz=oVw@OfzuJBi zPK>vI(ta;aoM!*Deb0NjhhT#JZ|$eyM6vxw`vth=a5`S?=d1P`aob>`{TudsaJeh_ z{U7^x?0e!S3HuN27vr9RQv1*CcjG$V$M65xe{CPVv~~Vu{2BQ4zee05n2c9@_?^?Q zz^#Kb@ye3hI&t4^#qEK!klL@-_WAeo41}|t{vi8qI5EY(z5P&}ILH2A`^h-*WBX3_ zjW{vYzKi`5oS0^Rg#8MfD6>Dxel<=^x9?`Z9Vg1|d)Rk+fM*v}*!QyUhZAx8-u9Dm zVupP``}sIA(|(}+a-68NKi+;lPE^^SXulmN&b1$EpSz0d2hOt}Vc!WSs_jSF7vjV$ z`?2;zaiYe4oc$!6sI{M9Uxy2@pJ=}TFV43wwO@`C_4bqP*W*Nk{n_^0aH7%v$M$&- z(mum%`!f5UIB|h}h5b03m}5WFz8WXy+MjE`2q)&*&$3^J6BpXo*{{Qii|iZhx8lTn z`wQ&1PF!Yxi~Ta( z8o1p4F8d9*ZE%JCD*K%{vC#f;`{=`5S8%2M)ArqPL*Xj>=j|uq#MSnj>??6|VG%z4 zZzXO6T+_@)R?`=TYn%CgIPnv_j_03RC)%q@oLFqX-F^{HTxb7@{WG|2a6Mk*>wnls zA7Ovt2E2~{zw8I$CczT>th~f_>u`(UMtu6;2HYOFshRKjD9>29xtX7jTMJ8@`8~Lf zkMa9I&HQBCBDkfQUys`Yx8ha*JlC_DNo~FJuJZLRyS`V^cOp6;dPiRGy=x!z-nzD> z_tEtoi@qPxxzT&>dUsv#ookzVpIqOy=z9{KBfY1tch9xIXS3aNU<&*g_5;l)Xbi9M zx5mzz7tq*O^9dTmYy7RTv*raf_SJlX#_$?{YwWCf0X?9q32I;#)PnAxHiXxK{tZAa zTn$}V)^}Wo5iTLT5jqo(K@S)LC&A&+6HbJiNOLosOuPV!VLoLw5)Oy+VHAvjWAWvL zdd}vl4sbE<2;7m-6?%bww?@B3qwml3U0F8i_GekoVg4V5$=YOa1UGx z)8T$N3XXxJp&MwtQwF+L=Mr8B^WY+w4fEk3P(OY#by7cJ8dSm@=nli60q&xn%i(8m zC+PYN?j^$3kPEHgSkexKdr7kb^u3P0!+8ex08~Ie+yHtvTz_f@E+n2usNeVbC0q=8 zxA<`A0@pzd>Ok+@p9gb6|E@-DfacliiR=Aez3Z#@O&_O>vp~r*k8S(pAm&Nj##P!@9K&XG;^Aot7_!ZCx`onE76DEV6r5c|e1$#*QJm|e%{hN%d zU@>X*96L{W2s;s8g4eTC&#^~Y*1tp0yX1N=UGI+TecRuH-bdHF=Zjzi96|acp#!X7 zS@Q{+J2(_NK}RU0yoI1=`IV$u0IOLZ1eZV~%jK-oJNfF5{*F-ZKQCvU-k&`V*8@tR z0D3`Bm#q0m^~~45@7SMk5DW&5_fCMm zpfTGJI0^c}KsX)7fW|AQz^O0})DPE~r#B3RVK5v&C-rFab24=mP_w zKO6(4&u`i}l(%F%Znah9)E$o8%$el-3V=mtMxITOE&_$|as;4R|Y;Ah0Q z6K;Y};dMBcwCBMuSl1UW#eD<+f`7tJScJbCu7YdfVYmhsQ3t)l@-Ar}Vfl9A=M%pf z#;`mNPJ!cL0*r>!-~>1o#==ivJm_73PssOIsHQ$25ncdwtow@aL)Z*cS@(0or{EXx z4s3*9!ZWZAUW8u*MMj>6L*ZA@7TUqVa0qmOj?f-%h2!8x^67h~AG4iv;HShNhDzd9 zPzbk><~Fz;?tta+Gq@A(g3DkMWnDnpTgm%xmY;;f;P>zx%wXLT!dZmt315X4$~pfVFUaQ^xd?+ht_w_`hHp8CBFol;CAx< zg)&|y{tCPbo8gb}8oUnrF7{9GXLtj)!kh3H_$zFKx8QBKoU&@D%e916lzkaA5I>)F zSfQe%!Eof z7pkBf%3vByhd9iD3g`qw;dp2d`@;z^1Uf)R$cJIj84iHMU^t9`E^s0o43nW36vJ_F zI-CJNf+83RF*qEKfKf0S#=w!#6^??ja0na-C&9^ZC=|i~=nEw<3Hm{QD1}qtR5%)r zfo?Dk#=~iFEOdt+FaZX_e$X3QK@PNpT<8e}&>Gr89<+f$Fc=Pkb}$k8z>ncfI18r0 z*>Dc@<9c|3>tQ!s0ZVbExD2kD>sg*i{7b?wKywb~!cD}d5l)9Pc!}ks;7Zb-3lCAo z9G2ID<~0W5dP5!YKjLZ$XA|B}x(DDL_z-r&N3b2sh~yw2$LwvD_J+B(A>e6@=)@C0HtP?E zE^r;h;5SeWx-ae}TuPY>;6CEl;;w^5EZ@Vj`mZYqZzOzx@TY|8$395>C#1U`u3`Cp zmesdiMffn>LR|gZM~E*b%?)rZ%MY=vKJRM6n+WF;?tu57JN-~J|VO@XN4{n1-(jN^+!5-2-51+#ma205r*oAagkoPdcC4@IZ zXW}vF0Yl&kn;ae#+>s>e>H4?M)Hq<;cz~T zf+HyZNH~`D|7|=vm%7a+?I7}%6TU*8-@(VQ95;vc-x61wUe0na(wqT#&<1{J-1z}{ z-h|g69A{ok{C_*n+}9X$G}{{r|0iS10i^E_t=M)sOos}%0pc(N*05jUxG@|rwkOZk z(1P{<|2T2q! z2t(lnI39+>FnE?S-+;fsTd*76gtuWE?1YctGx!ufhQGmwunRtbPvAXxAO62E7CeIe zI1;)-FIdU3eVJnwC$2H!r!0R4KWDj?@Ji5l@G8PvaM`4Ji{)+bGnV&Yy4L;R2Wq4Nwm?a30KrN;ns) zpd89z8cc^c%zz5$1ViC?Xb=0t2`~gYKu5@jVbB>4fWu%ojDRk1A{-2pp%)axad0}E z0Y8Ew7zr^r9FBldFdD|dkAUX>crbhaNBi2Eu;O8(KjQw1iyf2?fv^+Cm<*fk7}B4uWz!w zp#g@$y|}wz1uTcV;b(9U+zH)D(+^(Yy4?-=#Fyf~B>n}2W5^2pG_ITJkUoYy7yl6H zHFnhBzQ&J#VBP=SW5|mWn+rbGCSSugG^SF!d=;p_`3t<-$dxRse|R;a`h0oB)mJ>7 zFoL@u)Q&vGqWV_%v3xCI8wY{Rhu3jAGNz`bG85Ki|T$?e?OexQoE*hQ^!ol zOUF(9LXCy>JW-pY{%be~rg6I3ezo6fdvwq0m}v}tK4^@gzPS3=YX8eY&!%swr^eQg z5?B9I?V|d?IuGhE>intCJs;Fws%^_4K9Te#FbPWGM{ovAhU?%_(p^uu7&1wp1-Elt zH0C=KJ|TV+cgR|8q{8mg;U^E7zbe+qjp8@pV~gP4PiT__DSua+C#OI8iSk#YBSV! zsNMK6RKqN&fm)af)1VBdLpfAH9A>~wsDvsw7tVwEumCQDi{TQu6f_>xxNsfkQ}aGo zg62-t|LF`}pa3)`)H8Mj;c!s<6oar`8%11go1WD-z#l35HP{L-!z-{Jeha^Y4e$qe z9o~e$z^kwsw!oj@&+rC32hYO`@FHx4-@{9=3H}P(;4OF?>fn5+hX!bb*>C||4)4Hr zco*J-zrhZ8A3lH&VJCb9nkQ3#LjA~Npc`n;N^?`1%hEiS=D9S-rFksPZE0SMLlw-K zTuP`uqWX&J!_1+~xiAkdgo{9JbU*U+h4FA2On_q0*iK`-fzW(xsqZdNgp=T87z)E+ zIE;WI7zv|bH0*24$>xK(wKde?acE@ud{946a|_F01#}>PN5~}p80$5zSwI*i)Hq1v z$Q;N8jhQqa)fgxbZeb&9Nc%s;_rhS}U*i4^e}}K&JNO6efe73An(*hORlg|gBdLEh z2})ril)&lmBWT{gRUZ}|^y{O9KQxY4e^h-?&1b0pc?H{D1*_o^coZIkHSjn*0Z+nO z_&NLno`QAoOL!W71<$~*;WzLs+{V7#4tKzE_!-;@cfr9_^bj}{I)TQM8cS+SnGXlR zfp8GCg?7*$IzUG_7!H9$p%XmLesm^O|GNvs;BZhsSp8x3g|CC_;a2LllJxh%Q7m6Z zcsX1F3*l(oG0+XJWO*$dOT0VufSynQz2G<~gx=5x`a(bG4+CHz41#?2aWLWWFanBT zB#eU5Fb2lLDR3%`gYj@0On_oI9VS8vOoCGQ5u5>&;Y>IS&Q{3wrVyS3Q(+pE!E`8x z3W&oDxB+HDB~-z=uuSI zSv2Nc%sP!RhrvS1*7)THSOUvg{u$f}cR?r8w1ifmG2?^q5EQ{kxEt<)cA#-w2j~dl z7_X3cZ|DPkL4C{qFaQR^AXp6#z%#HMG+us?Z9fDL!`;+(GIhI(@NCwdKsW?Wgp=T8 z7z)E+ILv|?sD(N>AL^k28eukE0CV6TxEEH!eW3X&%@;3#%iw<81F#An1kGbz4p+cJ zcnJ3}tcFLRJ?=`l3a*9~sz2NV_rejlBVjcAF$TuMDR3%`gYj@0On{%jA1L!B*aR=b zEAT38hCjk<@H%XPKf#~j4cH2A!e8L8unpdVtKn^U2e!kz@E-gPcEJ1a0elEM;UoAM zK7n2EDSQT>!*2KjzJ#w}5Bwee0Z+rP;2HQe{05$d_3&F*1kb_qumOGtFTjhi5q=N9 zX8(T!&%%26Ej$O$!<}#!tbiqOBisZx!&3MuJPcRC)vySzfom1#JX`~x!*2Kje!@9f z4A;R1()wh;dl{2AVWt?(xN1^x=# z;4OF?-hu7#F1!bSgB|cbd;lN9PWT8uhEHG@dbD+)#oA3;*5?H{BaF>L(EapT4gE9l*4P`EysuYc2gC+M3fSEiIq+W#owAL0Nnx^U24{r^}bu&aP>!pBH3o zQg`RmGbWXfIyzrqtoVR3BT3&hQZD=fOj8CX9uCKkIs-`^NY}-2i zqk=l?nU>l%zI;Yd=i2(2Wi?e7mg%zl-u8RzxI2GodVU?>@8>V8F0H9*Oq7z`|KNBh z%1CZMIM#{$$#lWBGHN(YS#ZD8jC`-Y$#n%4v>r}Z&`>p#W=ib|S(;rlY2_8fYc7aa z*VZ{{vM$<3_9azzqCBqBkxep$^(v^Sni+3s{NDDwpQ&=O4#Dlnp-vss#Q6);=#-`MC-yrm zTeq>w(Jhe7?|ll>j4T?N%J2OM%Z^vX6Ll;asa;Byq4PQ+asGpPR>Xt#sd})!w)wR{ z-JEA^(a2%p{hG?ddgrOCh?j-;ZIgO8$-j^5uSx#I_8VqTKbOX(C~RVeH8$2)O`qKu zZ%DSsC5a@lWSUr7qM)w6U#l7#X7e;Cs%l7-!R=LCTcxwh7(;dT{TsIPiR6?^`q^xg z^gLt|8Or1Jja4(M%DL0Wk}h6P852h&nndRxkxCLvrl~JaG=oa3YH3-UJ#}o!Fx4X{ zgF|y(RYP#^1nD^x@;ZE4)?q3cGc3|jSr#c7IkG5hkMt}Fd^}ze?h9%5`CJL|`8g3> z$3-K9Q`(@sZgYKY1dBm>pT8iD&z1A`4X=kpxlOOFu)IXsiSw#_DsIg9VIz2;(Ys09 zGb*-nR#|z09^(83=g->>(z1iPPlNO2It1z2(S$E3E^BC*Q(Ip#ysRN!LGeM`r3X%( zSHz}kO-!pI@mXb6)x#<(>f;SuQ7X5fXiOq!nI3$zYjpC<8)w(YE5f$8sA|THs(8T| z9+I=lYSK%ieXOl%q`{apuP&~#su~L#X4ln?E326~sZ9NlS!}0lX1pk9uqeO0Y+}5w zwxLRoPiw1wsUS82qRxpR^ z6-{&cHTWhz;0U+MY|QaQ$$QGzd7|UiKe*-<=kg9J zl)A4H_mZyhaJ?!Nw%g$|KW%+bk+kJt!(qL2D{*9}>c~#@#=<)3c51SY4b7>ns;{oA zt*uV&Ti@_G5Oj@e>*{M$`_(sm1|-&T;#kLZG`hB-abn+oy?Yl7?w2^Lp(!lrQ&`wr z?U`=h$mj_rlVTHNef#wa(#BNJSekTlwS7VQ|5El~ofEf<|I6}&EJ67?-pxDivnr;} zWM6_rMQ(4?s;B+aG4!bl_Fc_ZxVOQ2<*Ti(2-?2HzJyj}KfS%#V7r58I8*zR zSQX^!GpKjJfdyLadopoPXd8nD7nJL%+T=d;JyX-5#x`sqd?`<`{HU+Rw`*wV%q-dJj9A8j#AxefzwNDa=j*wY0;Qe z{enh0OrNM|TDghzF*5L{y4J+!&;<{6H~l`)@eUFtkCBsl*PEZ4phVR*F*;2Y=xaYb z69pqQRIO#$Q9$2ye7vEO2T7CTLESz04GL(U|FqhgczV{FhLVQr5{7i~`ry&m{9c9?(WD&O;>lru>4&#n)FcmW^xUu? z^}~54@Vu=r=*|Dq_xHc2FKnJ(hvh%)&&07Knr*}VbS}KH74(1fELN8|EJJO-uK9xI z=h1!Tun$lESd#)=_hkOmxoLV%&x_A1RmW;y+f3zYdOp2vZS#MTx9K^otFO9%zCU?` zti|#As#Rl)Hqo84GhtGQpU#`K%8 zdHI^8a{0r;EWs6=mg#$Wyp7?b5-p$CC!byA^a7^ONVITGpZke(NKZ1B-lkDbFsj$H ze{etL4)O;h_#nT!RBCZz$^6NFlv1l6>RG3y)tO66ov4pSt7-ePul_4XJhA<>en8N_ z_{v``@?oy@bJpcSp2Qq>BEQBRDo5+we`fBYUqL@+kH=|Fm1|4g1?JoXH@>R8zP6!u zMq?~k8(c;Wte?R^wvzq@H%c(~(XTLZ-T1m2<<&8**PICJgINoXWo=DCUA&%=InSZA zE0Vr*Xq!G_BBPmeZituFmsgISUB#T)Oj^Nk;&uA$2EK7=py$;XpXo7r3F#TLHKpT{vH!-(G z=DEH5^bY3$bZ$>8PR!8I&L$obwbY`jr06u)FZJC8-!sK$GF=vDwj?Y;$F`nBkZkTW zc5P%w)P)~gQ=y@MZO~U}tZJ;*1Dr{W8S#3G2oKcwI1N*U@|D+DCBBW(LY<4tlswLcxnvjUrr8UNp@?q&qnwwQQ ziHWXcJDeJrjN_oXyu_qe+H;^;D&~~9qk?G?Pf!+@RRzbl$@e`YbPy5~fbp8jGCIN) zC299SI2NSpoR8YZ+Va}!u{ASlxvzBI(#M363M$7?V|EpHY&c2AlwL4SReq*-=xUGm zkyhK#zaSjHSJrZ5(yr*#d8_7jV*oy@Avu08ptY%pS2v~&*n;Dtvck5eVpgICv;$?; zGYg8(m^ilJ)RCt)9amGQiDQdLjxXvxKwoN=yUpU-iqEP@IOR{weT^QWcMw*Nq6)=^jZhFHBob+GLqw1t}|)Uvpsvb!BuMCyq#5xn9Q{T4KBP<%ugbC=;vg zE3K~7RN6#6lvY=3m{!|QrD?V;uGqvn&B>*0i>p=nWmEgACGRWS)>Rs&3HFig>Z(kY zm)h1a=6Qp!ktR)yOdK~dc^u0d>m&8EYhs$8WQK>wdoXnw%+H-QZY)n`-d|B(_IU(( zFRZSb-ZYiZ3F}o>I5!z~$d%viTrl&;v}LN3?XrWtqU_>R$4*xIj zs@2U2&Rh6(M{-hh(zue?8S&}ia90U6{7E!8-14sye~?u*?xb zy4d&1dB`bu4X7Fqc-sWh&qVrJ4I@W!*b>(@`%LSbDA$vpsr-IdfXt(KgvUze@kpJOJXUmc65Dkn z$~;X_pXB_+zBiw`pPFqqXj9dZ;x9NKx~H0L!}k(TWTwA0dP#e7vp6wc))2fS5uTIg z`%J{%tgo$^soS8Qj$mVq)#-Dm{nRLFfBj7KTq$yRRioY&NtU^)fzM4*(#515et_gU5-SqLDeRYtAw^r)ofuU_In-LHCRE)p1az;JvT19p8 zor&Nb3d+&3pUZnX={=qX-bPAa4%RbGO1(=os3;!JtU0Yv+V>bin?!qhKHqfJ(M^qb zF7tGniD14dHlkRkKy5B*X4llx4y!-;y>z9t>ao+p)xr2;K)=M<(O80bFqSA8KXyFd ziVjn$CC6zYHlnPqY^JQW`v;L_9dhe!LI$emt3p>=i z={ZYXK(r%s8z;uk*S@B;8Q~XPd}&B`i~eHVsYspp>MOa1x#{3d8v0W;$-}4P7JOMp zs4hvQEF9dc<2S6F_j(#4dKd+B1T+B2-eAlt$unU@33sHv*Gx?D=sYp)oLtcQ@DZeV zdOJI|WJ08hK6Ro`UNF73VqOFnOY|IL!@XQk%K4BlEorhUGI?-8f4!qJd2p{F>@}r4 zm=T{+8@xl%pm1tMSz|9osJ)J=o~?TBGYx$WrI|4Nl&NJE6;l)06U$uvL3^Zi6|?Jt zG^g=y)l??>r&jUpD1$z&tEsB!Q_aIAj8jH3-hiK7b6ySOj2P)ujo>}xEW#F$3sJ|r z6Y?5W;D-?obzB`JdCisUox!1?XVNs73Mz*#OHj^1gt}OUg3{}pC@wz-bRd*o??GpP z;wuP;5-uauJJ2gYUhhKR?YQ2F)_c72dN*3{^D3@?qo6N!z^$m@)FPJlT-i3v|`}FPCf55;&gL@no><}N{g@4<3fA`%N;X*3ho{FCI-Iw2; zoXCIt2}4d~g>pwSGP9!DEpl>OwrZW%X21RO4><6kw(Z(?=y-4<=OKr7>U>z2*x^SU z+4ZQSkLh-7_Z~e9dL5^#1nbKi=N6pgPW+G)W8Ih|IJTkc!g%eBZow+PVbLvDrfW5M zJmMGBO<@H+JKbiHn%I#4n6XK|#H(IGzF-51<${y=VpiLYQHhcN7i;eWXIE9-iyt6B zhykaS3M#foAQCVMlMo=LL}xN{lZ=_nTxRZsfZ^TD%$-Tb%%98LnUH9#c@>{j(FTi_ zDo@i&m0GN^r8aF*Qy)@x;j00FkQfZ-ShabrhEa@ z+|gCuQtGRARCZLy_Eoh|S&COOQ*%moY#+;XXuPTC(Cp}y$q>D?GBkaFBFJ1ggo+1o zAUlbLKwN%XOE*`$OFf$_IL(|>Ho#@sOpfh~gLG{VA)164o@CQcMj`xKoj~m)Eh|#2 z^JYgjFkPIJXu-z4igkwUMScNpj)(p`6JtR7@v~d%A3M7R;N%c~yIy!s%kc}&X=wwT zu%E{d!$$~nmW4UBK$w+6A+9>oDGdXlE?&;nr&1E*Qq4*l-@`MGG?(Ca;`f062@SIa9-bd~$#*OMGi@H`1+X*Bp#{SHr$U&e7N&f3 z{&;o*$I}L@+^1nYrxu9k(kKkWqDYeTlV`W2zpwE;0e3M!mjM>%=PV1;`UmreSyc$b zd6@AWSsxVSVArSHW90i9}AQI z;rwA`Quq(VJ_Vu7;$wRyrE{?z>C#ydBxT>rtDq<@U@4L_#! zVkE-b0p0v~SCeV;Fw(ApfAUY}55qg2aTsaW2vc4l4DW_|9E_LYnYL34q>cB77=~p{ z6VB(&5AU0jwud>L{P3P?9OiWL!~3nCHbf`kpD#bW3&k)gey5us-kFuMvM{HUp9Dy8 znA6D*@928k5Y=hr=UGb|!|~^7EC1>IZRcMtOtF3z3iEICl)*w_el$AY?Jlo2i<;jm@=dMqm-EtT|akDZD-yqzqZ-(V}I$?Mp zlVL*Lm0|zl*)7K((|CAqt@yp8Sf*_nrtM4fhk4gLVUh*H+-dFC({{GS)AHr{sfQuX85X8>fimD-RhFB_v&h06ULXwbw#H%3vM>vk^*f7g zvF-WG`rY${S*Wak#md_Ab2??sJGm^k6hE4$Q`Wr8>tPV&w91fXa z>6G?RLN=tI`&#}IJRB3LBJOhdZ6VP?%?MprIUy^N>%cLz7LY?WoM##Cbiyn%Tqfjn!(0JeFE@tS ziXYR~`i=S1w!9Fg+rlLObN(=|1P@Mr_iQw#G!3USVzXJBR6S0qRlwS zGiZAfdlCF#6+I-yI^p?goNw|B80ORhVR&C84#U3AFvq_+e>^-Z{&}YPwwTP{I9cHj)L9^{5<%{RcE!FYCWrk{ATjl{R7meA(scsAQ$Ioacn09#5zyoLL<#`u9shr%$8!jtakLt}mXoLp{L1(N zB;P{$Jp_y=6;1y0EQ9AHZE!Jt>Hi}=>cQgICjXIN&^v+OsVIHs)zo0P2P2=2u=B_I zJrloX^^3>qTI%?*+=|#O^M1XN{SfCwFNDA=Uh@G6+eb-cvX>j&{>s{BaP3825Vnexb zLt|6bq3hN%b8?=7^9mk=q_5c!&M&G{qoXXt;1Bn!#+n@<$q`5nZ+@(Z9^-3v+@j$ zU+>mZ4`@nQU;qus)uHLBy(65P9bO%tsvoH06by_Di07gvBR`%vL5Oa=8LWyM7DYG@ zzGE0_n+NU9U^o+JHnMaWZj~1x^Ki7dkr#1A{$9XUm|V~gu+62)>T0P2a-LON=-$17C0o9;{4+LY&U8s&{MZ3 zGlN5}AXiROg$xCMdj9t@cvST)euf2 z#lN#_bE&_Q(Z>NXo4(Vgj9-=Au1YBmtgU-0;@?xc2{NJ`{ntwGL`9A5lL}DSzBL7~ z;ch3K7j2o2uI-zpn~L8$oNmr!T@)}RlnJifTrMGAhy>yMdUIDtwbEPNR^st1Wqy&C zAfuP!*cC)(>***&G;!@68^shU%L5T^urawh#S8!|#@<>gN7p8G>oD)W^d}8Hc?SMu zTAv*v1k(5r(RZe2vxxL)oX6}sz*vw3g1xwjQA;6=m4>+n5p%c^;MfF&SCTT>__astwVB6tY{XmI(*Ih}M2+ zDiC~#9YA1_Nn|~YWbm}MN1-{Gp~f)LFJJ`na0N1Eh{2jBp)3t!ll9pdEn3Hr!Z(@A zFju>q#iBWbY@NzsGJ?=f92Tk#`9b@fnVL$+2dDK;Ch*Z`q_v9Xiu}4D9c!eMv*Vb6 zFgxL@ha@g;F3IGS6(?Ib=)(;unL#vykX(U@UX2I`#g?mZgk#c$2<#!r7KAi7N~WW; zlTyv;@YLk!*lw!-pr4L{O?{zXQJO83#IUi4!q;{!vXxkGsnnNF&ncTG@?v*MC1L1` zxwaSk7272`C)aDt4`W1Yf_zj|=pLK4!%XJP*JAEJWeU#R&9)mBib$WV66G=tDv8%+ z*ykW6I$3L|pWd{Y8^+*S{Gm#jXdh;BG?>a8+eKtpgkg$9N}_&IiCY**A@_7uIi={VuWm@B+hoQx0v2JYn=G$U1G_4)GzG-V&@!=%vd+ z;`X--t^;J{l7nD9(ZPu*7fj~qj<6opiIMAzNLGm}OU29Nmt-|rz(b#_qIylR32CB# zr!F035kTq!lTMsX#DtY}X_v#Z>04H|2r6L#lcvEiz1TpJ3ZfD}uB|Cs1ewmFyK2=* z)TFpgBfls;=bRStZ1NA1xjP8v9etXV>V};rm;1DfNnJ*C|d){Hh zeNfD~*xg_{yL}Xwsp!XhVKj$vUCZ5ebxmMyM_Ur9aI6Ewr2Ewnq^6rD+_)+sZZW-W z5!vT;+5;Sc0vvXSGqA&HZ#2f&`27diugTf%enMw||7xba)}U5Q+?$YlRxs_dRm_JR zUilgkY|HJDD2r#i*f(&qWjssAoyL7iPU57U3&;KB)Lz*uSN4pgx6O_X?@clGLhg2S zYJd8M*$JqgOSzs+acu{a)f+MROzpm+kq!+G?_D*A9@9}r69z>t)hNHhkGx3AsgX5P zzFgZ0d8dReieRklkKor9!MNU2LCYWi_~ffJ>|wyp#;*;(`pcF`ySp29Hkugr9=KN& zV7~@8WsBPI^RV~8zN`RyFWf@~*l)t^X*qJ0rsV;^nC3WdzhkgCZyy7U`EA3GWpD<} z593FAgz+Pc`o9TdSbl{4yurvDg%E2cvUhYN@i1E2;*g0r&@9@BP zLs!rC_U^7u%9Dlgh6lZ=U=k=EaajlaHTy_xDSm7#7vcAd_9Kk;BJJ6k;h71LUe>y% z*6eo+!ua=m@&2T7W5H^1ubnq;_S59Jr$9}1*xFO)x3u^7tgcpYZ3OOOzIb#E>?fWnc&4b~_ut4674^`-2@)=OT2ze#2{%GoR<%pPaEA#of}lmdode5S z*V05o=7Qle{N|MJ%=E~96xF5hOJ9}B_|EZsMT-7`U%DZc_Z|TX-+fOkZ8>%ExiaPw z$gy?p|Hj>h7b}b@KmK>;x7ZLV=S^+!_c54Zy5TN=P{(}cWf9zj`?mw`u#p0g_xY+= zu=e(0UUH@~HqRNn--C+z0K%t(N}mA6{gA=fZy8w)?l_Id;l{>h;|TWVBk+g4eH6?~ zST!DuNVFHf<43Z1+;92QS^fxP{H=hUipuCIi~lj09FJ~*zvK;eUHNnUYH^nbHe$70 zsK5PHWteDNN3ifUi~o`DoZr&=lB|wuh%e6n18_@uVr3r)!QwcCo%(1#uS|DK+tQZ9 zXb<$~N6UlXJ-?;plNs)XfIS4*k>5I}<()*rcQJks1D1YF=Wm8Pfi$qJj={VH=A-b3 zA$^5$ol8fP?+Ma*Ad8PQo&wC<7=tXv?-{`2I;g;X7T`C)WJJ%xG#y8*11bN(f)3bf zU+G3{dp1#@^7P1U;6aY^h?%-Hx!$K46lO|!0-yd~j!eg0|3~`^;rs}@*I>kB`WM0N zVVL&^;D!;tV{o${3UYvAP4qiid2VS!LvBEv`52UC+W8FbRz-ba5908+8EH5C-OXS-;jSOmcExe(K}#?F z_|@P~y8i8ldsl@2WC8yW{E1us#5pY|@uPj$$6>PRjD zmU=3EHz$3aJu>*^;aze+Shc;xVZdcB_4RNh3;3W}ELYx*@lho%52lF|9`^_S75hK) zF#gf=b7O+{y|_QJO<(@K{5Zk9uK;XUG^TRwD2^u_J05+@3uHX`71-I{I9{wnSoUwi znC=w6PJ?j|!oGever3RtE!kLj0_DpFbPVQNm^Xc!l(_qXeKh{$>VCl=U`JMGt0gQ78!+M$Q1dR3R?)@kWkB@a$ zgMZvkW=QwgIRaxCmeoOnIgMvQ!`mCvatHjO5LuWJ(<4;P&G~<95ZUG)MsBlCVKdE1 zTH13*sjpIPAK-ci)A;R!(>09ISP?cxBL8xG7uFH{Jl=axo!`Q_CANgXNdI%=EVzSQSgH^s_{~_H@#)UPFmodwy*p4qp`bn1` z`$)y;dYKY_;`li-x6;o1``4@=H*3qqKFji{S=yW)J5RlkUbcyYfVH5!*cbURjh+Xs zzrJptTcK;p>P*j}P>-gGRa7#lUteiEj-=T=l5y~?2I@Gm8Nu2O9mMSnw-;>j;ur_| zGQ<_(oX>siBVB&Jc2SqM-SQ96{%sx1{62)dc{#IgcEaEBX^z9)^5^-sGD8}+4kix6 z71t=wg09yo%lZ()1YO&3_mnFA&>B#x_LsM|cVL{T?-iwJwjL2>S20c(!W6%jN3(Rf z-+jNU>wK>(w!vo*H~X;nn+M=#o)5!h+JDHjVGLsb3~@@I>@VFoQ0nO@!6W+0|CFss z31%ES0E^>T3U^$tyWrk4G6=T4j&}?f;$kC$J71?Y>`LpitkWiN;UwhY+^IIh7kCr= znJU(S(qtkX6R!PWJ?E7aA6o4o9n01=wo|S8)a3efSp$jz(&ftLaZV;@ixCM;Q>I%T)QCUW zy1uoQey}48IP386I3>bqXIK|&cvAxb4rfpR(U5dOi5fK&jgtm*%uFs@eVx$6ZRljv z$WXFva5`zPPs2Qryl!?9zj5e(*q!u`K<5Dl{hq0P33&H~`kSflM|HE{qjJ}>h|8EI z+^l>>Pn_w+T#qttQW@#;o{`-+8`?K=WwL|?v8)m5LX}KN^#s^sjjDL!#@YZIyHve+}&*n<$Zz0YV`Bf$Ka!y}D;-un!%NpsjHMNwiu=U~JvQ<|BTtiVb_jkXm8lvC`Edm-) z&=!_mC3Oy?XDW@oRd|7f?RR79Np-%F;zV0n*XThF#=xH5 z9vS_p&M2;2#*g_aem+1t4hpH6m*idQGS`07tp1}6ai(O7Bu>6el#5yFk6m2qu{ac= z45hv@Jx|bFhH@F`+1k^4Q%{mcLrC15SSV>)7;Uhbw!>qo>oo1~*CJBrPQw0EYjK_y zDhaVZ!*)^}2f!JoMiia33w2IE9A&E?+gbQH+4#glAZP31FD<|lUE%OQgOUX2J(=j+ zU^#@o1EUSUL-+|gJq@Wz+HeG~Xo+8u#zw|#;7V3-Tu$&20!u(!Z^nm+m^W)yF_&sNS z)UQzdF8mM8-*ecL7yT|bKdF;~XDj@;e!hs0S4JOk+sv=LJo12*er5AJM^0WcfBNmT z`0^B$Pdh%3A8`-P<45XunIGF%?n67e4}LNHA-KtVB_4Sc<>&J2PWs2q{Lupbp#nbr zNh=ORH@_#$Pdc%J!vCku@2mjHEYF%>oNo7B{9}!e^-}yUF+c9Vir;ec`m%H0sn7&4cJswT`}*kVWNBui;?Np{rY zUjoYyg;&A0OxznGtrDj#j?44fGtk}bb||qzhBWLzWz#wf+hiQ9PpfEpazp#ZesIHH z!*;nIg(57jl&9u8N0<8gdi&Nx>S`P;1W4Dtep&5S$V>^Vg<;Y+VZOhr@n+fwCZU0r z+Q%>_Q%(cR8ENhinS=~Qwu=EimPfst5CelV{4!45FmEVrD_3qtYPhuLkij{aC7x-J%|$@gR|oGT8} z9et0&EqoaEp`QM(UW_1NI|sbHU%$xvGI%~u6olbnz2?gAE||c9J9*yPBpe@|)o^*5 zT*mR`G4)%?Z)0h5R}XrhIF=-0lzKWd2zViT2C1`EOg>aaHy@}fzTqQ}nyso|KY_g9 z5m#5?ef9p8l%%|VCG!}=9eO_coTzOKJ9=pP!fMs@RIcP2Zhfl4!%zu!HP41dYQLDI zuHDSvsSnASJ0N$hy>vh7o7@P;=UV)bq*`g_mXdu2*d$ z94LF2r{;vw0cOGA@E!_YYaT}-Mn0E5lNhCu*%c7_y1m?K?|y1dSK=DL2sE_I*&E7L zJ%#@Swfy5aJ9S0R?&q0#Bg;8UgOn;jS^lKnmI*o&oQiEFr-Kd48mK=_``mEzmy2Ws z;=N$p&j=yLS8N%Cd4fW%p}7?NwM}NeOzir!ISuxtB7F_7KKXV*HTGB6#|OtI z&tJk8k1;wx67)OFnV6;tUwfX8HypQafSo*b+Gma}m2rq`yiUM5o^yS<#c*gZTUbW0 z19qDH)eN6&z&)_j2p7_-*9L@2>T0RaxZe1;n04M;cz^>7k1tqru}}{NsnoI z5cc!TehhZfk#lI+iA(zl*on*i)8mFu`^j?@hjY|Pz?pX1pD}#yV@?@9?a#q}K1}Y5 zmM+n}(0(E8jQ2(OT@E|bLwhUijF)@5wFalX4R+F@y=?ZE!M+Q2=8N_{u(Paw7QedT z(Ecda$(%OIa*4`IDt4mzea6mYPW~PRVTPi1w&U zb(l$UnGUxs*Rc#uWGQOvODt1iLwsWDW}&!jr&47<}Yf{=#=C8Y} zL&Uk0E~FE`;6_>8)Yo3-8rMv9qddgDskcwcoMwBaIOlV|uR?@P=jWNh-6B`j-rv#H zh5T$O?O?ffcR{=uoS$iW>Katgl4UDbujAN%{|hc?;kdzZ;Q`nm!jEGI`~4%ZKY`y< z_;GxA2IjN)En0d(OACIN;K%mNw#zooe#CyV9B}qiju#vo*1^rbw*@Bq_zsxtm!;kg zrZM$GleQ6DqFWc+k`!Xr9e92L8!n{Rw;He}eI=C-x`CUXboFY=E=JoI>`?@M4dG^A z8`-a=eLIAh0z3#^Rtw2Oz?bb z0V@=|YYjdmrJk`?5mAlx8{0cm>#XEGa}7K)ILRS1S--57ydDiE?Ht%vzIA;Sr4<`UaX zG<_bt&s3*|XYdZKY_I0{H}RXDtV8zO_G7m1x4{b+2i^b@z7LiG&7xJ93OXhmuUiX| zr1s7#+ZXWZ#ycdHk^we$^@_S^-PQZ}R_)kG+@9*pl;Bn4VvXTm^vN(z(HKP)oy7O^ z0T!^(&K%F`x1+ba8y%LJ5fE5vN zqjUv&magFD#vWgAbKz9gNCRvjBNS-+B;#Rc`5LCb)2H;DcV5-&xRS207X_@kM)8W_ z^auxgPNPj!gp=@QXHao-PX=qSLzrA-L6~;gui2iLrwt6$Sjx2N6h9+)Cs)s8is9yoXB?jn`j`}#}O zO8aK)@HWF=@4n)u*c!RaI<_x{S*Hj%bhlCzPmaDr*uAw;3C;LK*FH{d2enAdEzdQX z%mK;}C4Lidr3`U^!izku2&2*j2B#b#dza&xTvkVKr|@+otipCw(Qp`d4yI8UOrlde z>&)mPT5Pb=Ad1JCmcv{lx-%*;EdA%eXZMGTn7nU03?T{5v$QM0)Q{2y<{XZcMPqoF z%afsrx{hfa&h>Jd4)4UlvpT%-Yh(Bv486&a;O7dqrWlw~oGRWJ8Ym8uj zC6MG848#zR+*M>r*iG5mNFCG5$o^rxAFBY2N79eQo-CB&*awnE2 zo(^Myk~rE<3N9gcssSG`!MB`nGP)Y8m8}4XP9|e` zv3)n5uF*Rc%)h>}KzhMX=jPys?8)>XBBfRb$MI0^-h&HrZXd&yYsnKEQbgB_%<=H< z9pA43)^5o_fXhwYEH2*M^>b>+@y-$4a>o=I!{bG9oO<`Pk>alB7~Z%^@x#8B5kWMc?8@F^z6%6ua`?$=s8Du3+Kge6KLj2w`$~v{q#9~KPkFu#{{-LjhE*AXI z#^r*c)8cO3?~?`?7&75KT)RK57iqINtnY(`D%_huzcIqbtq2tLE<-zE>E@Ud^1^rxu0xzQSZkL$#M;7c5)BA#JdOJTX%*W8VIz}M zv%B}C9L|zrR^gWZ&7L>BX9^FD@goc}xpK~0ebTVkuA7Zx!Haz+eHJf!C-L28=1oMOT9hD{Qy;nr437z5oDvkRjpiEXNQd3LYDMV<2tlRUiOUb z#>gw}ze(i=LJa4VO(8!4&P^G_prCRllB1FtZ6wyqkjYp@ehACQpZ$*BEQA}W)d6D^ zn>^^{`(m-W{hqy#(e5tjM3D6oUqECzIF5}I(k&g9iE?OLb$H-BMmO`_k3A{U{=~sG z1*0GJh`rwdrxWUm+fS<2;hp?Kx-y)(>B#(i9Etm}*=2+o^mVW81qOZp5$%EkEL-{~ z0cJb!_Hr2~4pp*NbWfJ;jbx#U0bb$QZOPiZV+*dmS1Wku!ra&#;iR+*=FhgS3eJd) zj%}J)7ZQ$}j?#`8P2pVRkJd9B*$86C=i%(qrqbxGws%@OOsA5-vpma6x(LGtaU&0s z6%PG1SjLKdQx~(|)9HSNeOYe*TJ%HbMlhuVt`V47Gb7b~*F-RErH4e|TjJ7vovg^k z&CLY%F#(@$F9)kH+ZJdX4ztWC4b1*kD?m>RR|WFYlBEsX=xr?cj^1q>yLw8tB`})i zXY2ZmW|p`-3<=D|!>zx?Bk{5a72VL3wLgX_!yr$`7y(XOE;(ZSt73MCt^`SgwsYB0 zsC%GN9?16O0?TnCEY31D7U}**a5BY2vSSn&25qSNVpcRRx-FUNFWFK*^qV!NcS!uS zA7$;%+#<3eniGts!P&1ZIZ6*z06_?JAkRL9m3D?$WJfA$X74Y``IS2)+j9LFfQ_V7?$U^ zFSfK?*93Nb1oO0Dx{$C;pu@O%AiWsIMOYCwX0SGxp6B~uXFB*%#*Ofg<5vv(dl8<8 zeLIkd$FQEa-voeeeok*&d;eDQA19}zVdLGvG4u$`QCMT@DIfQSqMWC2o;*l42cA4r zo^-x$c`=_$x@LZWOM_NF#udIx=gL7W28{O~nHT2c;a8{}1jC?6k{0+=?+e}N=CVhG zZV<3I+J&EMfWpeiGr*ZTYo-p$6+8qX~J!={G%b5v!S z`Zg~L)`%!(rkly zAuF|Pt6PQ@L0)CyPtt-25XNYGm5R1zdSfHJQqEAF+ zF0CJ@dwu=9$8u9#S1GOz4?uJ=iK;cgI2Ch@rY!TWoy)qQ<)%JgZQM)3~a=?p){EU{M=xd_QQeA^27EMIg`#UdG|&v zYdibZUT{qZ>)x*xQNzqIM6KbgkJ)Pw>TuLVmh?aW;cv zWAp>%zZ-8g=eEUcfZdKuGnj<)Zbc#t^Bo?A86T(OAeMo^rmBILOZTQK|LaMRmX9_% z_H+91#46G~BjXq0o^jeOse(_tB{S!)mR$=Y-l#f%)MyI7UHJ5x8`90gvU1Jf8Fli?Rk#UTR;tSbUBdAA zuyG>P4IPBaFfsp$!QD`o7g$gdhDWIH%TxN`6s-sYO)?h3ku&|*E z{D6$N9C=Wq+)&Jmj&{rH1)d+76=24J)$OMMnA+%T&irYD`-PDe`6OGUHnJCd7}bG5 zx6S>+l%|`~w7SDr9@PwaTFSx!Z)pm5(k5_3Y%F#^fB@|%#b9lTy1}HrZ?7=Yvf&+g zfW>KIEjzD7`9+~y zI77yr-!3XK$BbY@Q+5|N_@SliuqA86!5MC>S63mDDSHtX@V;vZgGNN`Ql!A!T?YuR z%u#p)JK<`Ns3Dl&A3O%u(Y)bjNPUh!dVZ_C+1tbqT%y%^zu`S25SOrK9_h#7`7EFi zzz`;jq#?*K&y$B{{&5~SL1GZXc#zX%F0`qhx5{3_D}_}`l4`y)coF7kiYI5nQslgq z7r{iQ$D9O9oOZShogb0E7HZKS1?TLuh&Dzv8+S8&DKy2=@*CN&MW`@6tmj%G=O+73 zXiyic!LoWH4177#3vHku@>OKYXd!D{5sb>?C4PmGNrfb?uHyJ-mOJc% zAGPBaVZziZ;MHfRA+k(0@K7nigEsNEv{CO*NS|!1m_EZ%w{SHjjI!jUg)j`)3;Q|D zuvHjyI=7~<1F_*j%*9fkK`pcB^Z*x})7k+{v^+@PgHuw`K#8>h&YU0*ASdwI`5Wc~ zx#+^fPd_8k^I-}uXE4{T!8wn~;_O$>Wt|h&Fyy3p$CEyTn8;H7tG_cINY8dVQ0aYos-}Up~k^m^?*Ylev+%O zF`3i-zB-ylDl=S~(a+8}Jnu?ZH6~j_NU2~XoMBK8i9qnChv@DdpPJeWo#i}l8E&ERo3 z3ZP)EjGj>w{MfB$W7^oH31y{)Tp~KXypQe+84JYsy!d*b-_hsbYw2YgOPp|#uHt3d zOdM|t8r5+?J25gbB^?46+eW3}aGn-1YRY!ZCj>B>8zB2EZE@wRgHZeH87l$5l-7cvQLNrJ@ zjdsM0Apu(x7Z$?4V?Xb6EsRB3TH-}1)wYM7_tfnpwG}B|1OP)yj;g8B7uPkWr!eL5 zw03m7aON3N!8jxnO|E>{sAW7x`;2i_?~%&*ME5~-G-Yq+hLZ0xh^Bj-i_glrnb%tw zy9Z~X>mIY(0TGdMERKGeFjh9wd;hQ(SLz>Ni@W_0G^1{pqYnZXP$UT zFBiABNr)=sw$gEi;{d0FU!Q`gRHUSVX~E_f!B-dFVk&J59B>` zv=`dLzH4@3zduCoAM135Eb`YUE7)mqwqj>gJaSD!Iapit1|79$8P9njgtm<_h&R`% z7gb6PHtiQo1Im(y_YJWNJ=pT}Fr5PrG{x+s%p(S9b{-$gY|xHD&=EBWg*o-v8m3>4 zPgpC&&SWd*sM4fzS53T^^G6Ou9bH8v3hw2QkT%k4$F&xh69%2w8SA5xbR!7k>Ojw9 znq~bd7Ql!5y2a{oq`h)=m1j1h%-x*Sefg1})Mof%HpE z9KZKx=~h7Y|0Mic3jXyo%)bE7LgAiflW^>J{yo`_yJ4o=m}AO=aJwH(`U@MW6Iur- zvOmz@z8Rd#Ci%ydyjOJ4G29mZ!&f%i>eBxwKCrl@?Y`!Dl?wzvML1#1{S@K0TEc$P zbawxg;Y1+fr$}edPZ^)j6BhimjVARwHh3*te$%=Scguoe5a5Zv5H)YW5gN7;CEmW{ zH9XNF(u3tuzrU9WXfytJlXL{#P}obzT7V2?GEHuVM&JV@jbs#3+w@?W_2BGt5>j-+ zvnmhtm3wjRMz~mZrd3bDebEc)HaJ<+n1Ax?a`odK#%!mc zXJlBb4q{oQFKsbRSi{<80?0@fa>+9@hvkwT!%;J%RLc;-kOxUheo>pzlF`gc3;Z{` zcY*5%*pCIQ0H* zv1RdUZW@6;)(9+^Yy%s`5%@X4x^EGYe`X7D@h|fV5QUJNhOa84~OVCgBa5qN6$LPL{wB zyN?7O!u%r!4c53?I}t1lARf$dtcNfS!?Wl+lQZLZgwMxPq{nF8z6Xy4YN3Rr;LLCq zTOl$rtdM{o29413i#&`u)quTc%zrk2ECOSma c^a|%UhyI87=fGskTiDPjw0Kkpc1;wAXhubuM6+XiFXICxbywe zYH3@07bbbJclGxV@Xl>7PlPoF*s(0)Mr0G=wBu^2$j;E-BOb^X{JPd`mt^I3Et^TE zzq+Zf7cwBYJnZSlxX7a-AF3c{(@>e3OokmYIQ(>ne)6CxC!m> zOZs7oym6GShTl7g(iLE$fWU8BW8dWA`?=86vsl9134v@>K!2rL?gcfiYAq-h8E@o) z#txhu%dr}S5ph|G`N_eebmZW(%Cl7%&K#=6@CGxy?UL549kJl{d0w+S5{cl=QwMoJ zF5%$gpoKw)0_@G!HS1S?*jzf)*QsPlq{}U7d?zk}gqzmW2l!5+|^{Bxo?)HrI8jq?j?~zbDGNM>}j_ z?%${vEq;%v+?(f{oJ5#kiO4(y_Yu5#Kp3};r16}==;o&Ho&t@s27f57aQzez_^!n{?QZ2&w23UN1O-XPkR0xBMrnwH}^>opgi1<=A-bJ`xuze zdMjI~a#4hIIL)_L5`^LSin4*o*l-~5VxuYmBEz*!T^Ezj#@dXEC2uGpDk`V^x6D=UX%!(M!1v5 z^Wn~7gE@_Gik1DpA!3AcgBjLiuX~WT2PklfbJSwpYwq1z#<>vWzePwaWDg0t@EDP~GH_r9OZy!8>l57&! zpvQ%&O}-<4ou?7gb9)-$#A7PoU^@YRc08u?4K~7jOnthNAD34QV0;UFGzc*Fb@ifK zg14L3pHH_Ov7^?}B;`BYgqPOx(ERDY>!%F&j18dk#g~4qd7L<(gFrs7=GS;G73^EV zOYXp#63%1BxYt7+#7^+Nm^&<5`vji6ZbXR;CLmMJ?E%U}ZPgJ8nGk#rN!n6NIxc>vvX z(uKJVSDJAmh4bQ@aOJo*J$U;h&e{!@fs*z@-rEa#f0xzap-3;Pfs(d)>S4!IEiJza zB=(^bPc*M9r_l=k!}HK7@6fXu$0fZTfW`V)AH6BxzIVaj@oD;F9|N5>3(xh+j+^soqd)QdI|(<}LtI<&BduouD}#oo^-j=; z%l_Gj2JsiYUhk6KPXhK4z7+5>X#chYVG@2Z;JXTWJZW(}R!A>{E(bo-$VDmhL|7|e z>9?~qu0WdNG}52x_pc4^y5)&5rlT7$*3&>gmTj`v#hM^uNf8g+6X>IuoZ_UbIM@Wk z9?8SYR)#OlDL+M?<4SIu#Wn(?98^cxURkb|V9h48CCuS^V|IFsabTT>_NOt?U6;T$ z3wPrHwm|aGqGC*saH9cUt|)41GJg#t9df1#W<0Xve4c3WhwvTce(5(ol0Ts*!W9)T zT$l!pt0(Z|&|S*HdO|mW9l`aj3fS3s_NuHgd|G=b*5Z>s;z}^LTZ&bWW0C54X z5kYe}(C99?tOwKMh#ipIp;lm^$T?^1Mi_mEMBY^i(aJkJ#E-v2|DgTG=RUTDma4Av z-vK+@4Phx@eD~1X)#07m#`eQp3jek6zZ<51op2}rxHvc0KM5Gm6gftd4#%#i0OOv* z``6>3XG>byW0m30`2E`n_X$fg+y9DN^L=;*{!VK@{J1CLcQJm);rD!LyaPBqbLSex z(|9<7F>TE6y?`+<#FH|E`9OrnG2}x09x~XO2q<_c6M*Oaj(=})%Sp>0k_n*@MF0@2J<9-+=I4Y-n$$>*7-V^Tk!Mo3m}mXS~UtqPLsMXq=Bs%C5!fnUTEMH zd0FAyDCdX%489MxaMNQ$vs}28d9=ha3-E{^)}QdMxX+igQ@DU8FVf&3sR3~a@bh(F z$yEyd{Eh@!oM6^O^vHV!wHjp|G%Ug>lNWI}8=I!b^&)zdZG_Ebnf;${2*A*^wIhvi zY@*65ZooLoz};uT3?}G=_aezMqvswI(lFxJ(O&csdR>-nuGN4I`6LqRN5Md%LUSj0 z0&e&Ba0{dy6X^h%v`a+skzmS51v!$&xLXB|@l#}+ARFS=#C0a73}{eXataucvU8C= z5!syvr7D7K2}CDMeGFjYZxH5_>nh2xgf4>ehI(3(ZPNl9qax0{XKr%M>J_CJZh5t z-X{@;{jF{3{QJBz{EnZW_kTCy`Dwx-s_VscwDz(i;mU-sx}II(zt6{~Z&H4CGal((nI=;x3w}rLSdxod zq51zu`Chwy(-w|noDA=*=33m1> zS^hNZ5A1%@A3(##6ufl?2b0bD*uUZ%wQP%gtCVdvp5N~P&*3og&8#qEJ4UiK2X5-aEzcrui%Ql@_rO2yQ}@Gt#NuF|x&dxY znf|B0PC}hikUhm@NO@w6fhrT81Ln^me63y$=Mqi&R()cyF6(QKW%6B=wG)E`qXmBD zf`43J-Mh6O2qQV>vt}?akHv7u<#7;hJD~M-vS$%<_ntAFr>c7!B;{px2>HsL!|<_6 zFp%+7r3qFWl`f@`sxu8#nw164J)|r+p7U#Y$^2zO{}ld5UfLYzk_VTDc1m29#nCu^oT@VAQ5aa8^?kXa&dy(s!jw$zoMF1k>l5elg57&{ zWT$udo*UD?$2{|6`7V7!o>wyioVXk=guml6%;j)%+@PHwY1{zV(M!(@W67}sjV zkJ{${fAliU6PGIK)4-^p_$(##B112n)y+RW5o(l=&!95)Cf4{KM?d7rTY(?P z-%S|e_x^JnG~CW{s}|89or7?*9PXwkKGMC5IH1A3BqLljk8f z&e%f;dnm$Xw8sFW&MMaf#W)@XjC!D)9xaa>p2N7$=NsM3FT=9D$!~bt!g^cSh4gbT zyandvFrS4#jPNaf)7-Xj31D$sSUj1P0n@w!{!V~p)(!X3&uLrmdS`u}jOw$yK%)}T zAT2L1uP@TA11Hus#<=eQ>@euY<#jJ$b%S}n9{}uB6hF)BC}1gIUblylrkGdrF#Me^ z(32uvrpf7gJeN=9%jPlAU|9clyzhMFof?2NP6CJd@^uLF^&G=R?QRd~vTyL?dp|7) z^K`wu1Ofj@cLi{Y?W+~AxD468wg48N4;)8a49|~kXh$Kg8Muq%#Ua4rHnO6gFNZq| zG|C^!-iTv7jPD3={2Y!jmc!2PpWo8fo6Ti)(Dia)+8>DMl18&};1S@ILBre9qlL7c zh-iR>l-n-g)6S1{i)FO*wtW6h6=>Y|#L`?jlg5KsPmy2eZKYhGvGmPZoz9mRAJgsx zJ?~qWBix}VfA@f{ml4ZwE&M&s#nah1%06%~iWAPz?+(*}kLjoY=P>A#Z%I0&xeGA1 z8Cd0GU3lAK7=HAu0k0mFCE@p4SkmH0{L`uXairbzC3O!vp0AVe^LW{2AAuif``4_0 zJPe$pQQDX<&x41H`-j75Iz8{RjQdH@i~H8|(et#oHu7ozVKME$G`GK93|QRX?gI^P z-;DQi_%ogHcQVQ=;Y{-lz-tBkPS}|q!a4yvVldJqtef!}jCDX*1+X&4PllzNzny@c z0G_AiS)_|R*^@Att{VJdgs)jS?gvgwM1$e(1gs5lc|g|7y?~{_^ZAaRM+w7R>0|o- znS6VH1pZEgrpNCv=E3J+hcSMiXB@`(ANh`sVIJ4Bh>PL*F_I@vBd%f|7*{b5wb^{T ze+G0t&L`k^9wWqeIeshN(ma20J3Zal3!2l)nNVKuznUvw+9)_jtW5?%J1?6U%=m!Wez&j`np?0e&abQa-QcB?b7sfbRnQr3Lr{fY$;4QUQJp@I!$AED9rz_c6c^ z0}k}?J&U|?-S!mB0E{e03;6U3YYkK$`7(r^1nnch^)h?>b{#h!hRGtKKmGhW1-Gv~ zN#o-Eh4>HY+1t-pfFk~u0{(@-XM5tuvR?r=-`~9pb{~J*0Hf@hk0JX(!|hCC8U8TB zSA#pAi%9n%VK<%^`Xj^LWpuqQKMcC@d~z@R-LDn<6w=|x$R35CIP71uaU+zs;V{l( z+SqO%WZKZ)pbxXE%)|D{TE7TF>A5R#% zchJm{y|C0))uB3+a8R+d7lKA*q>W7*He#zfq)~+CB z+bLtji1m&_+cvz3!QrT6RJV+dB9N^e9LBgoZ8HjCIkdxtmMqsnoiO!o@Fr@$lr=t) zh=iY~0`lR~S20$~cx1^yS%sIR1w=V=j&NDHP$K5fbmdcm@yAl)p*#&T%t}E^9$bZD zzxs#%){tRZ$}WOIR&Q*S?Yg!K>V20V9HaPK#w!y^&VK9cn-j(VbTA=gGN-i+7kJkzl$VVMRVti$C1Ub(57 zNxcS3J}={ke#=(5EMp(p5p9f4(_@-%j8b#sR)5^q8lI?! z`i{e6Y%xWaK#=hH_$yKJ=JWUDHH)A0rCJ8Zcgx(`B#i+_+VC_km!Yg!pD5cXtsL)A z_F9xp;=;wii?>?!@DWy*BBU7M3UcZx$A zeQTNF1l}i=?hTh9$p?EH)@_(kR0)mXXE1MCic3B3N@qLFO{!&9(-G0pFj2>mw1Xy; zddtA!>BT`4p8^%yc)P*IHg$W%gEgpmlJtZt?D5(uT*T!7&2Ad4tNh_d6s=Ti&QIw_ zG*!b1&zx{qVa(*xRdax9JE58?2tx5W;ig#9Zsg`PPOhLe#==hEojp8KX~W1^7#%Ye zX6`39m-Ti(Xz8#sM>l2;4uR3siw#%1b>=CAB~BQZ6lD$#Dd4%`=adoNVDJ(frajXA zW+RPz+d4Qn6V;7??kKtna@V}g4{br78@1QLbb7?I3FxA>R#Y131ww;8273y5H`-xn zVA^ZPxJ2?h@nL375yq7Bu?@OEp@xGgKC5TqOh5%YRHd`VLuTelVexs=B#&pBJLQxW zbQ`-->Xu1uDtVX`{#+${xo~-siQeyr1`F*llqXIH)jyvu=SU<8p1GQOBj|1 z&VX@K1aID<4CtpTKDCGY?4n_HW)JjVN)T@IaCcq1i-be#wAmAI;4r-4LM0k|s<^{D zgjyPTSg28@7jT(H*U1E$aj`ItFy7K0zhVcsl>|&%cL1g(hFKy)&NK>2tdiiM<!5g+)>;MDSJ>@AElJ!26W)ImN=^EI@UsCS zbK8>B>O8=+4k95U_`Z>GXjZVHA=4`$DIR;HXxd|1Gd%&`ZDr$*C;eQ107u~HDqtA4 z*x@igW9g?40OoO|@if)JhqgLzxI%x9$>-9L)fID`PaphbOUr@86EHh@`}ANvs~2;J zQE;9v3!S}LDAl)a(=gf#=SIwNSZ6AeCb&c5vUP>vW$@6(EzD|PnEQe{z_TzCOMq+R zlr-StH`X1P;2~^Wfd)Y&P2k?V=;pepBew&w^=NZHHduM!g7JyIhAi7cTVT+(K+RR1 zU7PvbjKF;!V>sG3aXz*5(A@>XOpo~63OBNIowQm@Er+AKhs@^ub)QzPO)-3y2caF7?GhilAS6k=1~qNgEycf7*e^pk+J=;s&c$AoU%q?o<)qi5DHak87 z*_|j%q)ng`Dm?fW58IC0_4OaT`_$Vxfae%wxo&oOwx_ed*ZukidT{q9OC;7KIkzN4 z{jt8PP6oY8MOYPMTm}oO5@Hw@Thx;4c$y&%lNCbbj^ft08lnDC`Z{Uo+Kk~qG_5s| z?1btSpe=NglOSHjl80t+`;;$-LslOu@Y4ovVqv-)!c*US^{r0#$9!$-aCL6bJU%FvK+B4AIZS5agj!q{HxU4(Ls}n#U z#2eDdOsk*3*EpAWv{2>)+Gs69(-d)6@fITgCbNq zT9zAXQ+a@cpyqn>Wiv0TfC~On-bGNn~;!?HKh5%=o6VKvbHH@|ZzMyNzn$>&C zviljS;nqq8%1Syno=yoxWr622s??ZC8pEFeJo&5hT6mru!=D1Y z1@M;?;Lib`0?zZ-7=Q8maoz?vz`1W%0Y-%Teit%2l&8f(pr4smUWxNw;QE>A;`i!# zvD^sD>Jq@(5GQ4%`SC1q$3Njc zNXS^ayaUe?*Z$-AB5UXL7};{>_wl*;Jz2;vQ01(h>7kt;)6FtYk=Vj)w z`P#6TqsvhKG;P@H;Np9=eIR;~e{7p4o%H9&Gb-Th~@M2|VocS4%DF~)=Q7Kzdd zM-M1Z59_;FcZbK!z!tMS30!0)G+w$xEovjn(O~OSZeE6O%!z=9=TfPj4mY8dQ{d@St&lsQ ze^Bp9tFO`_m)h~zVmiZHb?Q&pCfS*1?k-s+s+&*R%2A2si}>69xYS|cjLpL6iCR?- zN(={WrMI(WAcLW0+JTaW)7`P!H+7-)hm0yrjzst!7lL9wN!j#CLwE3fGU`muHL`m1^9j*WEQ+i3Oy1$r7?d~bEXuGi z2BU8b+ou{zL>@@RUN!K}EpNi+bw)J&Ly8o0q!DwiSS5hHoiH()oXUvSFhpVkZp>QZhpn}G}mJH|F-U-xF+Yv^&Mr94_~w-$axR97j}+j~82m#8_;Y}lqrDxxo9=IyegtWW%H(OpAFq??AE(39 z{=Pzd7Xz>5x6W<(^#Xi3!=ns80Qh_G4`NJ2@{3dbUM4C`Oiw7>G$TB-h#mbWl+f99t&Fbt{6}1NE8fkPIvbDAG z1LPBn>g@Uapn2BmF`PW2i2RE1i-l2!bZBRgkD9Df4AR31i_~y&`+CAplB%^efwsW8 zr|=bQj9&-WzRJdI?aKU+42erLe-~g(w#UD%eQSx&*+@Ydp1}III5gmbtIor`;FhTC z*XzQ=!Ws-Iwe?7VW0GgPclXdpCf{YS^2QRkj$`{!NREd^+H74*EQIA^J1#?ru(A-c zUTyRY?kNo6b#ZG%iMvjg#)w)THdMTIp|r8C$Lf5d|Xd|qWb8QYhlI0Cr@smuXT5a}Qu_M^lk?LhVgpf9Ne zE(K|1h=-hT=>%{_n{X|hrm(Oei&tzqe5h!ENusb#2Lk4=OCMP_1}|ABu3nSYaV{lW zGxsU1t>%>{FxohZ7->2#)z`_D|ICkv>o}{y!DG1f&t2{<-CY~2o4N=3wrw zb_C-CxgG~`>Ky3!8c~%Brt)!#pMi5>@CL2BW&Abz-F#936NCGSyRWpZcY7)1K@Me2 zW=Z&57FOYM!$Bn>Vz`{C$vcB8bz**UfNOSDo13MdW1Jo9g`)O!Np&|VGlr2$Hkx$H zS*N)x?Hh6O-B;R-eBu?4kf(tjIRVFbpNDm9En$+xNjdw4(ZFD=x;gpq1lwzMOQ{>m zn-jVXhsSwcn+N((YS7z~!Q-R%q`P->)kIMee-nm3cNXN(-;rX-5 z{?_(Lv^i+4fs_?cAx99H7&w6!f8XTb*q z?@6`1CCuz(Arx-W?1Qi|xfv?7jCImTNqGjH+h_~+J>fSWBum#0#Vx7H|O({$qSy%^27;% z;o2csQR?W#D28#YqqDyqW*^Qw=*Ia39<=C39>~Y$K1zl`G4asM&E-n3+WDXl@SDXm zI;i_5v`2XpfP35de#P)JLpCQi$piefAvE`^?`0ck?uRLHLj0`WlK!dD8R@!OuFg13 z&bGArrg|~l$ETOHqz&D3U%Uu_!Z!#v^T)9KPA5zo@Y?aa5I=sc--fQi@0{I|;-?Ut zQ?EL!FuZ|_lF zWG+5y`O0n+lqzTP%8-ZwezA^FWL3zduqoM?tMhCFW$H3$HEtKjhO3lpVIuo`yvlSD?vr|0)MA`iVFE+mr#h9EjW=N&H%20<;O;bji$8Ti%hULguk;uAUGhg4 zv@FMub@K)MPW}D`Eqmam{}=IF`Ul_{ng3&O{}BEs&HW{~6Zp3tQ~WQ(c`@8IxSKSA zq~BgOXvl=bT$6{28+0OkrK3mMz=XlcW(@v; z8|5xUMm5~L8CKC7K6#few-*erjKdF3rWV~8mIfGnMNWsqGbf^(_Mne|g^k3K**$0z zg9ouR=Vz$pts5q%R;=EDH#AqQ*}$a*@Bbb^tZ}?}QqC#sT)-y~uHaaR@$U+7ioxGU zurVx279iMOt2K}+$3CF1b>F^c4D*d<3&#S;BKAm(MdoET+;p}srR^o{k4&UP2U6iy zacjp_4%%0<_Kfx_?Rj5S$~YOKysb7sW;6Gl`ZRc%Z(R~}Y_mN)2iQ@-*w)yAAGLPF zfE*86K9lFurEnKzDOv#|@6~B6{o_23^o9bBZn*jW!`+MoAJeguuqYkn0*!I_9|j)d zApSwP`PLF)>=%UH1sK!e{Mma7H135z(86~=+|;QQr{f{Om^RPL69pQN!v9XAz&M{I z4e*f(^Rzt;*e>LSFi+dFhUaO!KDhJ`^EveZNd9WxaBq37^#?! z4tE39ar?^~Z^jBI!-X31nOThEj=S*ymO3$hZ%=;-ZaX*dC)k2}E97x39sOl2*unoW zbsN;jOuFt?&F)cJw)cVwpf7Vc{oPa494d`2C$F7iAWd1 z(e(WAly;zw$rWkfu5o;%nddwm5BrwQLZO1F3 zcs$b6jAuPC&IQ}N}Y71qmb9XvSFvan_qWkllYh2Tf&M&j}k z|CGMg#(ayro16i&Mu0_s~hQFQR?`H7L42~zsO&7F)p}=Ri@I(ap_Tvy* zm>9wH>o$^bzX0w(cqY!opP4>Db}~imC=WqQEHL@L7|%Vh%zUGC!$f;0+H89VZ;shZ zW1`cSZOa75@NOU8Yk)pqw!*aC?*l^3FZHc=i8dm6av~)Hwf{zNG~NIfxT;x7RnHQT zmk;!8?diR#hYM!5Sv)Nv`AXT_5O0cad-h<}tUg$^U)I-4=xO+1E3xA+`lJA7JLeM_ ziIeV^@dIkU?MZiz1@0FEEj`-%Jwd=_w0S=rrT8w7r;qUwug}KtR69tLf|0LJ0r}`7 zCp&TevcZ9NneOcy;yb%zHS*acj&1Fg4m{i|c$gdn zCWmCzSZ;@@qz}h@93$*%oYHmJq=+rqSvN=CDqhqo zt!7wTepFrPbqL!>%({d0Gx;S9GcFegJ}*yMW@Td5`!2wfaR^*SY&yrlh~T7M@MDJ2 z2~){(kc;Dt;c{Abyo!7Cf&9=2Mm~sN1)@w7`L~ks)cce0Tv?Mgev!+c4(|a^TJZy7 z$QSs!wm3;exYmk4C2gjMqoq?94l!uSOYqrZDA1aoLZIP635x?@DiKQbxf;ZQvh*=J zz-)Ax4<4VNS{Pi6%+3$Bji-42Oon*eM`xRt=nvq$R@xr(ZSa|?sZ?HP^ijz4Ab_br zjYq|M*0ydCPKipH`CGW)lTvjK#3p)syG!l31)05*8~mV{9xSc!PC$TbKTZa^aBCNh z9%c=PMN$NQf@LsD+BnGZfhaMS}It{ou%yDFcX>V~L(g-*@ODj&Mpxh4mg&VzH zP6WABrJHAA?u|2`i3zaGr*Na4;(&u-^N+JN;Wi>>Sa}<2WIs4YI2yoF)ClHc92SVX z!7E&7pKNc4Djk{~#W?}X$pBfPJWK-u=5^$U5_aU2ty^ZtcFv9kR((?9Iv~Y(Pq9XX zkJCw}7C_0(Q?uy=nx)J->=}Ud=I;ikd=Cp=AT}y@E-@uxkYs;d$*Chzw;x?CDW=ER z$igy0`Ar7dGRA-3m$N-D*GY@;yWe1kVdt8O>z=0$y&%W$dHM_az2<`q13dp8HX8Q; z;B+4atOfgPy158z`(l3o_c;9B?+E;u7JkHC^p|=1PZ@p2>GYp5`h-u-~ZJiHU2 z!F2Ouo!?QQaZeK(_Z4Vd_@z9J2MRPEYC_}T0*xI78jrx=%jFpS&XW|Xe&5Sa z6Z%gA#&*Z@@OpU)Ft!Ww54>KU0j#x9FF%avaer|ke$N5sJT~q%cn53|($Qx0&V`%$ zeU~zAh?hJNmS>9Jg@BcT$GY^gUI*ANzyOlAH;(p6yMOc_(cwPXyKj`!cZrJJAs{A)k|OaFTJF*l!n z`t47@XzEKpa`WwPf92b|fAd9Obo1D;Zyfubp^2Yy^NceVow4}rGtYCgxAzsj8z(<_ zzMI!w_r!G{|K9iq-2BK#e(NJQFS_x^Zhqw}Q(yVkr~i1VoB#aJ|Mbs4I_Ljh;O2n? z|9as2hko!rH>ak4bE^8~Z?(F4_uapA_jBKW?Sz|seFJ?TJNN!)-Q2b7zwWx?-;Zy0 z^WlfT@bItf8@bla4}4(z2Oj*=tFCwR-S0m0-HYxz;~j2(_`{$2@NGZ$`meaTbZP6- zT{m1j?&h1`^p9`)@jL$I4mYp8_VH`~@Y`=V&JH)XZe6`~=#B5Y(#`+)kN@=_ zAAZHRZ*}vgo7!*sHpl=eS@2~-a2;cSJwW?ue#aN(guCu>0vj2_{0DE!+$#KpU-vki(h=f7hin*o!@lx zHLrR0HUIGWgMa1b*=JvP_VS-uveM1nyZ`g|1WO7`OV*b^IzWcZ@=&6 zd*3_x-Y0)_eV3b0JhAzScYo;P+ui)pkG}Y$ceeh0-OcZP??d0a?6yDqlA8w){=>mP zzx&xgb#rv|ZKD_c&11K@`ORJx5m-h9U9GdI1v3y7`4KyzmP@|KES*aW_}4d}!tDZ``uO&Ch=J^Pj!@!0;+J&pr2&bJxA> zg4eqF@sGdz<7Zs9`9U{txn=g2|8w<2N8NnuTd#ZT_#eLP`)*!y&12WR?Z=~^a&vh2 z?%~(|;PX4(JoC)OXSOU^^s{b$>|^iw*sIrd{hFJ%-S+j{KJmbJzUAhlkDmMJ1%LUj z&%61Om(*VJ=$qI44>!BIUfnfaf6p(v`Sq`NeEq+?{}WX=fAE9v|KPv9{9jkQ`8R*_ zyMMEF%l~}9&DX#Fw%32>s!#o~n|I#%(mU6_=lqA=eE<9V-hcn2SH8y0SHAMzSFZd_ z_Y2%yv*yt?@A|jeXWcw{^xuwt_jPZ++0E~M_pRT3*&F`y2X4Obg*Uu#|202A)*qVrlb8R{&Ch)1bD#N*gM(MN`K2$t=u5Bs*4zKy&9!U)Klbhe z+KH-R81>K*RATQMd)J5+YY^5?ls$WPo0^>RHc!nPI64lyci*M^X(Jmt z#^IlT&iV7M^*-($ho_zP!)ZTV_WdPs*wAoV!}p)>G9V87_U+gA*pVFQAA0EXhh98#*I9z9)QR^&qXV)#`aKL~|2DJI?g`?u|+iySqcFwYYZW4zh zM$8=X%qnX~tts~hgxHx6&U`RSYct<|>_hnHNk^d+mG+vf5(++~;VclqJP z(_VL+IDZA`%4^dy6N4UcDwMPp>cT9Nz+fd=D{yN zio3Gh7;wlT`aMrA|W-Xj_|3-1R+G>MWd;8?=rpDpJ4}bmel*3LwF%Iv$?}Gc5 z*|^KoaX4tu!-G!#@Xa;iFq1hV^Y~JQ&*QLLwV|6eo;dvGoAKXldg9b+ak$%Vzwb7G>Y4Ax;eiM4b>J1N-}!tT-g3(Wx15^jGbau| z|NOGgTO9r3XK{G+(W8&<@a0Q`;_&guUw{0ufycFo!!5Uba?7K~9@!%fOQj7*u3({Ui?i_rI$D_CHNKFb>~*^W-;`}{lkz+G{8-g%px*ZbZT%5gY+_*=s#-!X4`9Cqq7uhU!a5C1X__t|Ij zeGct+?TT@DEKKS5|4}RP2 zU%SWQ+H0S;_6oP{zD*one|?YZubj1h+c;cv%~RH_9<%e;aoDBHGF{f`bwR&4eE#{J zoQ}@4wIf{lQJ=?-z$HTP9j2mv6gX9PYn=pZy#f(Y-YySyUnLHA+Ud)krq4cUVI1Cd*VT7zwaeb);_%g1*Lro=nP*qyaG7Pg zE;H)Db*_uU%Pwnu*^;AMoEwKdd#>NJ$MM&->n{pk3IImV>cf= zY~?syZn=GyySDEJ7scUbn-w=Zxuh^9N#Vur%YLQ${urX zx-bq8IAH$+ZfSn|w{iI1dk4RF??tx_kHhxuH*0^$hASQrhd12N^M>o+*sxg~4jz2Z z;610jy=fe7wbit(uKJ<>t#NqbiLab^;bWhE7l%Lo_~(xwFY)aPak$4Gt@dcw<>Gzf z@b0_E+`YsG-END+(WBQKz4J949*)E1m(MI;=(^EEarn_k6Fxd@_YWVB!xdLNWW{37 z&2Epw9e4b6$5&oI@uxUE?zqQ}8&-b3bsR3S#Cl6~-+bB5ahS`!pS$Cp%Ir9N6TZ;a6Xc{c5K(pPvsh1 z?V;B`^z7!F#o?{D-g)a@OCR`E9B#BxVWT5PWk$x~;fD`7{N1e{y&w*M{`vWz$L{vk z@o{*;1?ybU_10ycjl-4KeeTl>A8oeZcDKL&!>PkA@0ERW{G}6?{MWW?RAxWB#oh}K zUg6~J=igNA@$MlnZrtwv!tv)nbwuL(mv?P-?7R&-Uv$SASH1n)*QX!z{z`k^_|oRj zw7KWdbGJTmgy$gPB};GmH~zqZlZh~Gq<8FVPe#J$@IJoZadp?-Yl`t>5Yrd`D1hhI z9)RZ>U*Gm+x5j^7-SoF;hj>>rek>i%SDMcA03f^_8u^Z7-`@T`LU=bM{LW+T=WF_Q z+1>KtbNF4=@X0TpHvW=H{pVI2{{=yaGfWS!Ui96oYhPdYTJ#(4VS3YLo6Zd1XQ^+q z{yeR3Z|}%7J}U{|CEUL6iNnGI-g{Z}yEi`iSN8|@>fEJIZ#vw8rP92P|Hu{_lnttovIdx>0aRpPp}qc zf4sb}&^3O`v;HNfsx?IQ`HQKj#!hd1^YaC%-czCI3 z|6?8b+4rB~59>5OryO4U&e-3#ReSbV+l_c$D2VvKOvls0m&H8aYitS!@723|U$;@a z>~(;DkFhu{joWH`#`xFx!gOucw6gqto=0GfKc@Bf>Gj*TA9y48+miar zP`|@tyZEbAzCTd=e-z2^0I~5~zwWz_@CteTmt4XVy-?TUUN_8(pT9SGfF93|;_p}0 z>RQuZph@ON4$t|4Snnr^B>ebEy}>r^`aKKPV4F;-eGX6A{T}GZ;f>GPJueMA3yp?g0MdSmULC=?YIpy*fW^ z@sISYgtf$+IwE{QB+iJ&R5d&0l|N|F z`%K{*C*Fap{R8#=yl9mSpB=yASM(d__YC=FR+q&uHOR5rOI_j3oUqW}x91(bMcdoc z{|oRQ!WJR!`grnWzv-UzZRpxd5{{4~w(t(rpvHgh6c#+VpC4-)dTir5y%xRmne?@w z@H0AL*~Ygy8|RN4>gx-`{JxI&%EI^injU`_9hiM}GCZg8o2iY@z#IREfoJI9`)HvC z_$i_x$DJsZA%aCegCqZaOC&sLF|B`nfr0&MUnHsh1WtGx&j05N%k@5>^M+A4zH<5N!&_&(s^k-jdng^E;LwpI^^jcoj7 z|K-isP_ZJo~bzC3)| zZ@9fytKzz>R2mo3P8&~VHnWUY98P$`Xc%uiDf)*xAG)T-2VdP9|M$p%k@a6L2%UL7 zF-?BbrJhBpvh)EXwVGoFj~wQOpSa(xuea!{rSZ1@IzP1E z#&>(PfqF0b_lj)AzwC!PvsXAz|Lbo2b(xU+jYsvrF13DYn*km_{)e!?TdbejZm{#H zV{3g>93HHD+IN`q*x`+RlB#CelWTpFY4Pic2iLkI^A=B2qZf5*QRJA~Is6W$u)fQU z<6U(rd(?W4S|4w%&Wn4A&zzYd7f+eKmRaNhV<)A}QJ+_CY17oUqPTDI|N{a=@fuRp@MS>b}tzzc)D|YI@GEYYV6NQLS66eW-P7wQ)as?{{jPPaJhzIL?GG_Z}B63jEv1 z#=bJFYoBUA+F)F_(U`FC`s$*W9m7KP;rs8r2jYK8$DbSDb^89V@8e{ve|?u`N%Q0P zU`pnNcTd6)-aqMXUgL-QpZNPR@w5>C>XylE-M%r7Fg?7JvXN<3@2G@$!w}w&+Qzi- z-by?zM7*YgNBrIeI@4;lgUTV?zc^W5%Y4vqS*C&MS9@1o5h%;-%H_%{O_`@K5^_r#)UM#2fEpJT2@`{JYrkv=H%$;*Y=A6{d&%sea>~peFef@^u^e z9QHfTi|}4goIl~+p)e#FY~AqPqmVyg+4X3eKVh2<_OY?S8Q+N0|F(~#>Uq-2yfB2k zYcMUj+T!hpeZ1DR@J?CSPUF7(`>%O7@o({3EGpQq5H=ki4clw7zhQgRObfrk7RNnL z+~GZ?8N!g4Gt3Xm#Y6bMTiEaTbC?(BcO1t?>U#XHQ%L`te@kE2-izyfh$qDHsb#A5 zw1vnA|1FN6|CWxHKd3L;v|scc$`D7wwDkLJ7wt>&Z*i<{zLVF1;n$bLOI2a~=mC9Q zx;9<|H@Od@UubeYTkBV9H#OpG+0gNZs|wMCYt8UAAMX&=?)}vIl+d^Q$GxM*>zVpG z@%3x{c%qIvyo7o6BT&<8`T9MZ+Bbq~$Di8l_+q^=4eqUl`(gE8iLU=bwC|@hen-S5 zeEs*So7_ul{EnABYwQc-{d7ESjHl^ssF1F|9p}PN`81yE?XXp+j$!_GTWzyV2)9Xf z+Af4!r?zjL-Z8b!4&n1w+iu-BeXCT*#^n~pH)441aN;*<|6_XnTL`HwmPzCZafP9K zE%<-*H?yR;eysJcy$e-EqL+!C{r7`<=RV$1QRL`qz@yTVn|RK3v?V z{of}wets{!plBHAz0?pc6sCH%N^D2`IfUgV^TX#IkEpfzR>D;X>xJoWH(744Biknq zCrpp$&uB6~Odr#Cao^GWoGHD-w3Dvv(Adv)UDj_&EG_SUS~@x;-60x$N{1+=bkkJE zw2#_ew0NJ=N41WM6b7{RyBtCi`?QWK#|h7E6O~Dw*CxtRc(Zj>5*E*I6J=Iy6Xhrl za>VOny|=7$m~}2NZ-h9>UC=s85685^$v&ULg>9nrY2p<|=UHbo1DZwI6PiT{VZ)GS zQGP_TsBAoWR4C!U4yj*TM&)~2MwJIzM#af3quh@zqr$z$|7;bN=lk4BTE1@;Ro|=i zh?S}4Pvbu8ktx=u7k;mWHLMgvjb=23=1 zKht)%OoKT3TaUzS^KQ0IyB1OEDAUQdZxQ7#GVNl^_#B2}_vTS@uiAK`k8Oo@&h+`+ z+O%?rb7=D@HNZBBj+VX)EJN->+Zkov8{)o1oR`|B`3=YLNb@MYTUcH`A8Q^B6O{|a zJGo0D@xP)Y(O|j8!~GtpOw^Ss-&G5RFe3|Dyg-7-o&z-`nOG$q3Xk7t)k-L!XuO~(UHoWa<)~J>fb7Apg2bR zdc0+nl|Plc)s2bvSsK#fOdJ*JhPF9c9ep>v#cW@8u-)C-M&-fc9bh^cvO~l-RCsKw zC_T`$C-kQ~UCn&!1cGOZ!CWE8#b$QTW(=((}##q;?indfoUNwow!x(fvMCGA(zn zZBZousBsFEs8A((%<`1Nva_Y}Bk>2V^+j)*N9hjhJt!VZlnF!TL(@MneU9mrsf6*T zgw`ofG~Y70N^SYZm74si9_jn22dGDS+$x#J)U`*{HL4_^*WZyLPs1^7qY~wjwfNGf z$d?OkUsw`G|FT`8(`}d38PX7(ZJBfI+XHQ)hW8LA9@KZ<-X_Z5A)KWDz0EYAQzY*+ zon+DU$ApioD^FVQDdE%V*DJpsu7{u@49 zt|Y9|FikvfT9+b)w~T*kxmiA2u0dELnr^w-=24{Zw(-wQf2U1U3CjsfWZzsu|F%Tb zK#>v^swCbrF8`9kG#PT_DNv+Lg=m)LNs-~dYe;rg7s;lTPiJ)_qinhfclUYMW>K}9 zBWaToN`2i(x#> zJJvE&)%88wMpcsC)h`O&%_p^N>nQ7U*?6><&%txzBYjZYC`+CK(^hE_qR6@TrdkJ+- ze@2!(1yX~=LHcEN<3;Q0FLKA*cM=Ea7vytEn@wx4W#g4;(l}i`8Eidr-L<&~EJLcB zKKC}`6D>#1{05SiFW#ZN)S05sWx|l&s#%o#ym2(jf8$v8n`7Gw&7$Jh`kBw7D7#{_ zsPL`v=9X*OEK0Z0->udxDy?aJZSywP56)Nr7FchcW>IPh=kx9Lf#Pg%wO?J%XYoZl zS#L+n6TRLpN)Xnmd}`gL&FdikO>2E-W4gAH&%NyL_V!J_7wYAdUP~E}IzYJyOH_wx zk4ejrzsx*klT;Q}`qs6aV)ZaVyN<+q1^|{ zqc}|dkuzRZ9+5oFDx1t>%1AzE$>robMP*Y_F42S9)#J+Y4&#%w7mDVW$y>f`dOjfOe0kGGI@|tpd#rxwxHH!= z=Ogv}UB{vifNe`~q-<$YMbQk!1*NE)1Pq?{uZwSlUAr;Oq z>O^(}q1YZ~*ykZ~@VB}bmpan1!sDzD33$6n$*;6mj!%CxI}zE=5l zsnzY=sg~bUzjV3nkU!UTR=yTzdRJA6FjRJ{g{dy~Sz62CO5gFmoOR4!(f(1ONQp2M z)^;wptva--&#Tp@HTWf%q-&$R_%hBZqD`GskPX)oBz6|=qJ4B?N9P$nr*^f!kJr+a zv|c#ZD8C}#W=P9?d1?Ir&X9BcSS8t8|3fugi@Vk?y4L-tA-RLR-WlyLQa92h)T8K1 z?fWX{6I8EO4-U6XA9Z$+y6?D^>Y(2fW`%zr3ZwNWp^w*>gdua3YtY@=MOosZEFY7@ z)cw}#hx(JqiT4C;V7M})VFa#kn+}R;zIUGAU8ORvcn8c3DZhu51& zg#%qn8&A9bPrL4qx~ablv^7#c$%CKuSCptqdn&Cj?d-Q;_@|*_x$H06o&Kgm`3PRu zSM}AF$+~}2yhuMp^n||h1=DFb*Z#Xs$hj8CInU2Ihc8_(e{N9cE)(A9*mJphNYQwi z%FX(N38rZe={vN;i9S;$J;^$E>oduQa_BETwwbrBzYO~Gih0q+>UVu!!`1RYxuva_ zJx%>NRbTlpWlyS$J|eAbpRxSY;(w}bRC*Ho(m=_yw0V^&(l}FE2t)Egt`k-LTDqS$u)H!MLz2>U&L@I#_VL@4rllu!uF$p{q@lc-a4qq7vOJ|7Y>({q+G*GqVMdslpnPu8p9`xuYrm_@ zr#0nsvR3w)b=0@8{JP5aJ^4(5%p7_6zWg_yct?4?%>|CXBrnuQ2`lI8%R=bbpH@do z!enUU`ogR*Da?n@|34WD@~dR=-l}RxZ@D zE7iA;`N%YibG31wi^i*AJWTVsB1{NN!m==7UP@T?IVa4A>853c#j&Q57k5>d5?1sZ z)peyY={UN!bL6!gTj%Ki`#OhkFE6KU6G>Pd&{V@iR+pF<{{h7dHk8Kx6X8J}vYuWwgar<)zO>pGzI|p~8Z&`m|?RQ=NlQy_6}^^{g~{R+JJJOX4(MHa+WEQOR<7 zpG(dWtMi=)x!;#v-Z;hO^uuR42S45P9@aa}`I54!uBHyGWPBfecDUyd2KP6^Q0St( zqgt6I<~Yw<^s79MEzaGW4&@H+1-nm?uuT5R#mAY-iH=pa5j~-ftfG#6;at`Bau+$r z4%6#HR=WRVSatFIoc*i1=U8!#mu*(BN6vXm$JMtb&ZuWN=Bl$-IFE6S-#8p4O@se> z?8(oz&+;bqwR;cl!xY^gPKm2}do8ZQDn8fm3xqgw@}+#6dn=XN{Ho_3Dfb3SpE$p? zPDwg5(wB(SRoik@lqY4^IhD&T|C94r`gDYULMKSYjNh}Pue~fltt4aFMVbC zmvb%M;ND|Ar0jbbirPjgY{!0OSGMc~*BmX~iwWB}UYc)JrnVo_kuWV)FTZL%Y*06f z@;tSg{I!1SJ^R)CZ+${%@z|d*lpmM3wi$+8)4I2!ekMFSl84ok7pJpvL4PtcYwK4Q zs?#B^kni>V$-2)|sh2^#d2|1iB+&)f3b z@-%Fx-d^Ik3hH@0ROCq*D)qS2%BUc|M7=Jg)u+6BU&Xc6PjSUVRz9S|b)T>0dEd-+)}d`YQ*pgSvW?He;>PZ`crz!J6dF&hrw(rEzHG|A z8_(;z^ZM`#MQN(6jxhRIIguBCSy-+}voPlvkP62ELxW>UO8IBV8PCX*ioD9aq&{Sv zClcciX%$+%|`o)?AZ zMhX36cy5&KB~IfN~)!I;1m@m5a7gp}6w=3^Hlzh(mT)Nl29$_)O z4`96Nc$_{=nil9&>)UQj!2hCuD*wfOz5ln8TR8T=x9p8Ssqv24*Rj9* zp6XBHUhRu4rJZYiMxvAUs%~Vw!%}umUv&PJS+TbDg7H%L9NuvuONzpQj&TQRi``uZ z9Iam)=<|>2#cAqqM*SYE54u9TCKgyH=K_vcc>v_Y!QA+wgts#~c~ zv|)WiF&ux$_pyxUp%Dqkg1l+jq;*=TkB2VqFXQ|wId{m1z97_lLs1(H1WLk z$DPcPrXQn^HNCutZCExQ68)`zsCmcMr}eOI{a$HO9Eq+zTP6%CVO2a~$XmWxk0&RM z1!;(n*-6_7LpaVRO;1{`YF~5mC+B`_X%;z}XUQ|qLQ9Tu(NpT$TefwX zW#>t&6aYEUmsOFcy!{pE6Pylbc4$^U}1mu#z8vW+*T!@b(VMB5lG4}4DAzIT$N zvi-_iu5g8VcAqqjGW|C5v#lE6QOcd?vu72V2|~|98g{jxL}A}AkjDAiiS(4+11vt{ zvwM<-x$2gE&+BtD?h_V{lPBI+tKR9};8)s)?Wf&eEz6ViW#;cMjnb95wpEmskLfo( zi+W7@-w=m<2}9y|@y@dBit^wZZR&Y>{7kK`S6_9FWZ9xTDc@^77-=H1jjuKyZCfZ$|DvOH!E6JO@JgaPP zy-)_ynjfMs3HzsflA(NWv46IcQh$=lH}$S#lQbvI&o|iLkk0dk?d7-pD?ID7dP?}NPWcxiu<@~FYNR7#oU#UDA|CLBBcKl3PW z{e*Q2(qC5J3Z8`*Y_s6La$XvWd1={2ee!IkBAq4k(zaE2Lf@v2SMC(I{q#Rx)Ia5` z&7`bbd0jmiXj#iw#nYf)DY}kKNLxYMOE&21lu^z-?r5@Uq5Ue~=wsJ!>*^2WYk9c+ z4CnEu>(iw#A?-PBu)%p*wW1E*BW>Y+Ubc2VTz%YazH=S>LpiDcpuwUj=ccpR-T$vZPEZq0G;< z?j!PauyN?BCEb07M9;NL|ZUy7g zS(s+t1pUK6d98mb-7aqPtNOo4|538fnH!Xg?dQdp(ih~^(dcONUGtScQeRAOd`2su zlG80KKa$rw<}PbLEmv0GO7^!nuz6G-Cmmyyg*uhi=cYp6q%0crH96ZTg?cqjfA2k} zqP(ptv&g#Dn=Lcez74kBkRI(J`H6Hm7AD3jBl(z8N5Z*BcB;I6#lAhNPItC_d6*7q zQx?e&#V_BI+C@3+;~(<)49~f(o0(|;#yO9kEl<_=wEQefQ~G-GNn=hNk^FDaZn8Jo zAMLO~Srooj4=v|+biHTgT-SC|(va<9ok{lTF8QF&B*a5b_wT)b;&$k*sMqcO} z(w46*uie;AgMO)`UZiK67Rr@`XG$gWa^tKku7)Yjib3G6uO6st z73+i{E3Sr>?1yq`kPn&ApUKmLW%AlePTvuZ9eL9l3fh`7%xWW%I+K;2ihPd_GR=O3 zp`hFn(os#dFlA%C^`w7AQmZHM`elgY4OpD8t-ZhQ{GuH8YnpV4Kk2wxbzPLR{iHUS*AJ(!bWC*Zl@LcY^vMP3)7Mn) zP!Hv2QoRoE_a(H&vNn+k`)gksZj;CIId42=zYF%G6!uR&3xoef7iE=8!ZI2AQuZE2 z`WpEt%}MtzlKO+9ywA($jIysDXkVU`2FqqYlQ;U8%;P>QtFrc*)dupWRct3I4Jmam zAM(P!RqbO{-lXkQMP4>^Q77bC`d0gWg?6ZYrq!c@GO9W*7S;Fk@H4oem&JSU|(tZTt6^D{`*{h$@J;254*d+)6w~!@r>!E zXI(3r7V2kY-EfQ#L*qRu?}KDV+V7*o^@6^DgmUk zijuNx94w!9JTHd6S>IF@Cdg8ihU8Py=AF}ouxQ`IJKTBum=F0tWesI$TILnU_#XCg zlJ`H>QB}SBANfv4+WYU7HMKF0*V*QZEJ7|P!v-grn#b39}$ z9}k6l7mtT&l_vAzWkQ&*FITnS#U}BV>)TDaPRq7X=M81&9RD<=y#M=8Luy@lvyS#A z%#oq$bBPL(&q=bgYVQmbD)O5=4a7rgU+p5}++}}#%s$R9j3;{-_ufvXgJZzohU)t2 z?+z7~ukYW=(&wH@+Pc+EYIUlzsxn^1 z{3{*T*Az#O`t+mK-+SfBuAV3SQcHh!zH_%vYU2&A4Z~2<9&=yUrWJR0t=LUHaQzzE ze9?7Hv9o$C&g^~8ISgg#i7wEtH>z*vcKhlW9)^Pb$ky+TmTkZBUZB3J>Cm8$3+K~cw3+CUTZvL-jQC%vDBHC|JXU*d**+pP1yH%$cR4~^42yJ z(o{S~zjUqbNNY~N9<5eeHnqNG>g(mc7ROJnKizjOoNn81>l^KFW%lB{C|kd=f2eP$ z!MYjmZdAPQR@qLS^JUtSI2H}cyg^w;WbabnHm&VbR(jIvOZH03%eSwsuUL#ko#KW1eD^04_3akUcaEf=Ow{XAkD6)F#@eV_rtPscI|5AC;-H%ZKuxD2;O$?{{8#6_1m?y=v)A{Gwhq z)M73Oi0HP1-|2{Z84}Fl0}*KcW0RUn;1x4dP6{ z=G?0ucSGCImi24$v*NoaiR*2%-o`>d6TUB)SI5iBCUQ@p@K&wt6Y5F1)m#~Q%M~U{bgD^FKlGn$}CaO-?V*6nqF3>VJJ&yTK$ZN zgnU^v?5z*6FO^VE%C)kdG@s z|0N@#{uV-CI@Y=JIDM{kr0RKB)Lv6-t526Zrh6BFDl9; zqkn7Mcl}CUT?%DXT2j2BO}poxpDu5GE|4S}<`EI{pk#mYG|X{+>%1&_!g)Gb8VA#J zrYD63VT0-ECmr|6kRwk61xgetQ=v-a-Qy$)Ql!a{ynk^WY1)Rf-dhdt@5V#vk;VC( zF)to+g<2Y$PK)O)ItPp=gixNxL)P_YCR~Gh&hbw}NKexIrbB3}@lYJ^9zgxvGM*N~ za+9<+ogT)+F(T0<&iEJX(%Vz4$EafOHkTISR=7jkl)r0W4yX!#r>dRxDR~S!Rr9Zw_zhFG; zepi+BO}2TPx^la7Y0s~U-i^%Q zLB@OQ*ZZr-mMisf9(bJd#IE%4`3TFOW19I{)3QTM6HnH%6=C5#AyxfZs;|$(g@c`^ z9b%dN9Ybz1?_hBqZad;l3^Fauv)$Yk;xZnFg1FKl9V2W{SdzBNzS8S+LfS)l1W9SC z*iM7Ela{MUM?qZW(Z(&8J@)3oa>YktbU7DBvXU!=Jzo&xFawrhUQv_v>NL|A)X}4_7eT;%@w9MhPI-d(aFk(nHsav%v|M@o;mTCO2rT;mv z>6HBcNnD9Zi_i0$t{0D2LO=EoLt?Mm#N7J-F!O(MQbB*5-m$&!?zDGL0?*o0ju(ZU z+DFOFmCxh)+l|{t>F@N_yE>+8dsWAg@^-gjqQV}B`aJzbaY zZrh<=FE8WlQ|OyR-x|HBeM@iSwYT&|ZS7x3>kqcKg=3d%k=(M**EeV%<@5TRu+9nE zi}=$MohNQBziclI>33^wDJ!js?b}C*ZOju^>_^Ui7rxXNX;Y!UOR2RC67s#e zxplUbK55K{dj>33-~6|H+WY z+p076yKGu1q)!>=m0hA$`zR;<8TnQkW}b9McRA--XxfkVTb(FMV=~kU<(gm5KH64s zCF`FozvkJVbQN>fm5$sV@D*QwDJ!pH3-!jdf;!)L zd{bsg^}V#Ew1<5CQ@oq0U*fOYZb5uudbr;o_OG!_#nZTsb&JX~D@_IS63dB4J}291 zBeoHRcz>53%ctCLNP3qqoEs+XQ#fa@>cTR{#BG?as}(jqmYl0@<>~@I8Hsj zMf#L!c9wb-@-TcK!9G>wYj~HXVtbkO&6kd{{41;9<k7|ZE8130yK6|*@}nRPRsBLyTdFFb?7EJX@-r9ej_p>ZD{p!@Z;L|Nbrh$3Z=}34 z%A{=h@Hy#tQVs229Vu9+?D&`0mt>Ve&i-b!uhOTrHjuYYHS{g&dQKiR$d|_R*^n>N zS(aCM^|d4~!@anq_FS-^VSgJobBuTVPRXxQ%D%c6nztY2BOTYnIgs(9{VT3h+eT<} zIs2Dazp~azh5jz2>p16u%CkW_^4r)4{aHyr6TX*K40TmJdC$-@(w_}=NcmUwi3R(Z zwtVCHsXVSW_gUPb?l(9dmdwvl+FBarUs-+^p3@I*Zn@p8Cv9nEn6izkdYrLrB9!Gk z$Gs4r)s`Mz7BxnrXIO?T9P93YSTiGM@e zQEt^Oe6~(Q*l+jT^X~7JZ8r+}VZ5ThE`{J%Nxw8Fm1X{X>pKo*#!ADL zp-#yY?+#X}kZLcls9dYgPnBk(iMF?-_k!BFcd#ri^?9wG2d?BAbP3nk=9QfnMk~0+ zTHgFUT=!B4VHelkr1wxqcC-DxwYi?cw6vL)-qk*ImG7Ok!(D_u%=fvpvpnl!T6bkH zOz*AFaxXHg?32ni+s8G;tI}1!zZvRnx`*~&zh9YtuzvnupC6f?@1~CQsGU!jeNH{> zx@Mo+c|t*4VJMiMa4r`QsrvfqFnyYRA+fW%K2;y{oa^J~UHiXa+H}`jK^y1F8#Gt{ zoI7tTFV>VlJIa^6mBG@co0nY1bY)Q5$Tjx%u0fsuRy)Z*d7EF^`o{B1x%RYd*1E;5 z+&fE|w!U-lRcgy8SC{{5i+kN#T!owTa|QMBP@Kz!q3Ye6if3*aVeSL<$@g%}J{Kts zRL(vp&u$&>s_Sd_fuyClMiiavx01$lKQAzcFIY&2t2#tUwq`f><1mirOvZ2{4={yS zd6z1!uI>=6L5jWU%gJ2C1fJkEKH_^?Ueh63h0RIRn}M9kWlUr$@ACsoU)v$tnBD2m zX*6&LPw)yAzNPtf9irt~pKaNLgBirBT)>sw!J|CSY`&$_uNjavnEuKQB<> zXIhW%5Us`5^q@bdaV2*%op<(Em z%gJ2GwcN)HzM|QUw!wz%#J*%XfwQ=b8@Y?ec#+wB$r3kph*n|)wxJh;IgL?V!^6DB zXEZBxh*qT&Jvf4qT*x&{!O{~tL~FApyV8>*$ZD5_4Fj0onRAoq&tVu zpJANNrQFPeOy_Op@h2%$QoekKEZuDUYXET-w zOs2%U{6yP3Iz;QS9eZ&UgE@usxRN_~oELb53SaRnEhct|mSaserz?kW48u5`E11Be zyukZ>#jh+mNnW!xJF_Rf8Ni90&M2;80uL~iH~5Gz`GuBuYR9b0W^6}i_GbXY_!sAL zDdV}7dw7JYyuutl=Q|eC_AdKJl8xv@PmW*+|Kd`{b2m@$B6InfCGOUDu@N2Fm3=sf zL7dGv?qUja_?njY*dI2bD~B?KQ#g;y7|-oI$P`}T13u?h+TE*M*n-{Z#W9@37;ffC zW>Dc!J!P|Y_4De4>FZGRB2aK2U&v+*@~U$#(wl+ASZAp7c-XIxQEF+ z%}dPUedh5cf71GXZG+9}%3%y=GzISEai%eYcUiy>w0odKv<_R+iLUI=;SAvvMspnx z@&a%3Ils{6!4A=iY|3u*Aj?Ud%_UsRBp&7&p5t}i;WK_=iHFn$Hl`!HvLA{h#R?+hnd0*-ew+EnmwYdA15=Kn|Okmd_^=( zU1bAyBUgaa#x138wHxQOvQz-#=Q6<=0{^k6XOay!p4mu54>$BrC8KZY}k8+e$P`G{X=_lhzj zMR)peEGILX>$sOkna(U0@Egm#s!gy9z3Im=PG>Y%b2Inz3}xo>Zx+(wHECsYI&%Ph z8Nq0-r^vIs!3TW8&$KC9pS9SI4975%(KK))4>6UQyu-&-`IBX4s(*B1Uyfu5XK)3# z@fa^Mn+5z%+t)ipE3h`3vlDx;A6ZUeEO+uauQ8hiRQZGD-%#h+nw{C3-t=V``}IwtZsQ+b8An8$atdrKT_LTC1&4}&;|u}oqL zuQQh_f3nmp>#`X;b0EiZCf6{D$C=I>%;Ot=XPMdh6?Uc<1Nj%1GJywpmAQPwAGCYh zIRq)Xa45qWMS;n@#>f1~3h(H*=*jVn=6WVEjraJDCEs;CVJCVqh_ktsM|hrhS-`ja z!7_8K!%p<#SWf2>Ch{CJ`J86&>E~IKt?AAY4CO4Y=5F5NV}56e_vI~HvNJt6m;nrD zJSFDw6Ky`w7TAWpIGp1+iP4PbUZ(Il9X^y64(B{>;6bJ^o6q=#b`|-^W^|%E{TRX- zT*)om%agp!9KPgt+JEF&#TM+zp$uabH}WvAuz-cEFxR;!T{xU!oWnRC<~e3FpM@;_ zu{>fw`ZA2s+{p`k%+D-8PaS7Rj^rdR;W{4XWj^FP+Rt~s$+ql4e}-@&m z+LziId(ej=oWZ5s%mchYg|BJ$m2+uQ>`fnraxT|#FV8ZYFKPa@JSIg~`Y@F97|(q? z&wG4J>u=;ATd@~ePU0eN;z3^KBYvS>ReIQ*JvfvRT+Yorz;nFIr$pb1pUvsUAq?Ym zF5@POl$ga=wD`AuU<7!-&a=$n7nc8CyzI#l z3}Y16QDi!E_?#9$sE2IAwshkVj^$LwFpfKUjF*_hH~h)6KRR}?CA-m!evIHk#&H)@ zn8gBqq}5N(U)YeH*qbBCaW3Pylc#u%x%`{xXZ-@3vI~2YWe8_7hO4=i`A#N$Byhne@1XVH}ME%=J6{l{pvb_E*#8AE@J|ZF@ps}zsXBBryGZGJm+u~6DjdF zpVRDjb$}E-IEoRR#}(YfWXgQRPb~R|dcaofL0@uQz<4GxnU|QuS2SO!POt&HaR@mY zxSqS2!kc`;uPpVa`>1Ts{tVNb#Io!zOJkNW4O{->!Xf-<0 zoqi1GJg(y|p5hHY;(MAmPxu|zgm>8!(YEZ%AWq?Y#xj9Nn9iHbVwSU928Y%YRNKRxl;a~LJ&6B*u+svcNAGB{Ht*l3iUFb=c5uDG}+`(jC z$#Vwd5sF+ z@F&ap*D>p}1AB1@138T`jAsIOa6gap0&g&zkNBLQY0*LbWjWShW6~VNAkN|d$9zwV733`&u@n2zmm!?aRZOD9Og?8JtE}kX1JRqIoWUjB#C?=_ zmv3mZlI7W&?hGK$%{<8r-lxhED@!|D(T#%{#2H*lf%_>@=3~C6^(u*IRZ?`N4?{Vd ztC++Syvi4}SXKRIYcdSvLT=|JKIJz$tftP#-5r)0JKv!ALIQdL}WM>CEHA!;u`%X^i43Ze=pBvVdP`w~jW&`s~8q^rjyp7{iU+&x?G>zgc!&ZI~4Mas($Z ziW_-=60h?)zq9mu>K~i2J4Y~*i= z6c@q!O2|2&D_US-lIzU zZM08zpa%zX3@33uS92>pYj_^Y;Rj^$o6!nFDEjFaZF?~FY`WC+U}sgXIr{+I72y`0#7lAulR$d zJL&USmo30b{tDTezDid6^HX z(tIc7&U$P^H~MfqXL1<@iagB=%w#Sw{UFj_giv`Z93|Db8kMKP2GM`^*-^ISLAzRUzUK~fBYnjM1 z%;Ia>cGZv2k!~Es@ti?{$C=5OMBT*C)^z7EMlgn(c!1~lfFEePhrFN@8Tygq94_Go zCh-(An9I*Bx2L+nPV7y8Mlg!;+|FcPW-i~+w!336Ta)1!PNjjHd5qVY%Wo{Rmwt-_ z$T5c7nZo-lWW^rZAUm=reK~;(xPn`Gl9_x)^S$*mY{IVW&mhj^DsJO(US=LYv)n$m zK~Dyf=PK^!c`E$MGW)9c>_{*Aa|)Mp4^w%MA6crW;~v}5lL4H}7_R3brt=Q-`Gq$7 zNef9fWhZ)Z45xA_x9}h@@E%|B18p+$o-OFY!3^d^#!%osrt=P8&}@Hoo%PtBZXCu5 zoX2(C$28{iD;;`So*mhb9OpBRo4Jq2Df1y;@f+i}!TK-Op(APbqc10L0oU^wv-pnIhd4&DH9a|&Q@NPiDDejK_>p#f zw0Tl=p%;A_LY~W+z@yAyEM(gtirv_U!x+M7 zZsBoe@)-+R@^I;6Gj?V_1~Z!LDKdk3EF^J+<1@Q)Fei}bQYP>;bNDwcj&z)2eRgDT z4kO2<+|5gTz;`U!SDCXTJvo+hxSIQ!!6*E{l3B+~Hl;He25=VRc!*bdpDKUQzMpm2 zoHPe9fHS#{$9R*k_?>qB^}lpvclt1pQy9ff6q(L!zNYn2w!!xFq(7%Jh8wt-5^wMo zZ3fr|oj8yj=W`Xe@EFfChp%XTwCh~9=Kzl9EH2_&?%*+A<`aHng=5qscAy7`aXjZU zjt7{=JN&>h$J%H1t$Mzh`iHzkzUg1-k9cLfekv^Qrl}zSk zKHv{l9Hj2joqn9oRou&q%;gVOI9^}L-VEe)F5@;H=4C4U%JPHNS2}SJ$CKw8?q)h~ z@(Dk&U%EY@U+p;?c zF^F@ynmc%s8GOPYEH^^@?8>1G<9u%74kq(FAMzcoPjuX2ZMJ4V1~Z!5d7k(Ag_TF@ zgXqHmhI1~Lb1RSVJn!)}%}!ER*^pi6$sruWXJ2IFezU zNdwn2iOEc77W1g`J1d;&+;3@+n(CNY_3d4mdH@heN8r5>^+JJE|{IF&Kn z$YfsSBmNJ@zB({&Bl};pUah3nN-kXKuFRA;O_OpR$4T8Lc4|9mQra5Ui5pW4fig2Q zGq+d1GBb0p%*=3Qxc)wGKpJV+_x=6xY`xFCnRzqwhGD-4;WCpJfYt(S25JV)1C4+V z1Dy%F9P}^Hqo8*|-+?j*V$Ka(AG8f<4yYG&0O&N(wV($;uYo=S{R*l&2z@?iJ7XKL1auVWY|vGpyFt%_-T-|D`WfUL3_AdA0ICJe1a*K$K!<@&2VD-j8}tI`Gth4! z?-0~8Pz|Uav=e9^XkXCrpbJ3PgB}FE2>KB87pVGBi~&HKf+mAzg64r1gN^~64Z0e1 z7wBowyP)qu#$jkHLFI98|4h5YCx)^jl=x)&Cpm#w(f%3;9uRvRXnnB&513<@tE(P5VdII!1=yT9dpxkjt zFKA=XwxFFr^FjN8jt5-~x(oCo=wr~&pv>{8&!F`|TZ482^@8>S9Su4UbPebZ(2JlC zLBD_sCm?S?HK1vrJwOXV$AK;a-41#f^eX5}(66BUiD=V68-TV2HG}4X_5~dWIu~?3 z=mF3(pf^FEgZ>2hC!x&%Z35a3Gz&Bjv;=e%=q%9npoc+kg1!R%1zPrGj7LEeLED3N z0S$l-0-X%H7<3Eh5zs53??IVUVB4T|K@&jRfp!7S2kj3!4s;&qI?#Qf7eOC^egtJt zMSBAp1F8e<1S)}sKnH+M0G$oG8gwt{1<-q-Z$Q6-oYUYRR0FC9wSfjehk{N6T?2Xu z^aAJ;&<~*Cbd(>c4zx39A?QTVm7s?~?}EMt{SFGxKwk(N2ig(T4(bK%13C(HCg>W_ zJ)oyRZ-agS<<3N#2-+A_2WkSfgBE}e0i6cA0CWxLF3_`}k3oNcvS*9GzruQ+8s0qItFwu=qAvEpjSYjf_?+J=VHDD+8DGYs0p+yXaVRj z&FX^7xXmf9ngP3?s@2UL2H0E1Z@tg2Q`9r2X%vnK>LG^2Av7I5_B`@ zKG0L3S3nB_j&eT)+4TI-)!A#{pcJV z9%2n;S97M@hgyeOhg)Cf9&@k@Z{u-8`>JfMy|rDXwYkl9RS|;x!$tcS;615 z({c}HpK@J$Ic<4ug0;T=cJ9P%y*S!ZeQ3u`Uyuj~)bBlf4(w$3Nkkyf{Rl(n|D zj`q5_uC|`GzP5q3q1NWrXln%B;k00<@JTyUxWgQ$Rb`!QHoG8eXUA*0zo~YUzixg> zZot1KKS5hLoTzQ4ZLV#hon&sQy(ay=WWOvG*WuIy9n4Otz)n;ms znX|N=wAtDmP0Q}Ay`0}g+g00LE8@IRhqiU$3%^ra+xprsY5%diw7J?mty|kuo3Bl` zmM{E0cU11^T#xpYc|?A(|B`u(@8+L2?fi>obN+V!xZoM{KD$?Y!0xm9a2n;r{Ezu} z@^|FB^1I}h^7H;GdC$Mqzc9aMezHG1KRN$m{*C-z`J?l#R=?J74QLCrue@$+t~Jlv z)B2(ChxbNdP#e;A4@R^_+GplMJmY(QZn3sR+e_P9n^f2b=Y#gudaeDm{k4zG1GEEi z*6CnvU;pp<>CENMQyH&1SM5~0)j@Sw zov-$*3)OoU4k(;d7!#gVxTJ7IVX*L6p{;O1;hMq?g@+1P;i}S-!d``Y3s)4zRXcs(SeRG1uyA?dj>7SUhYQyRLxtN5w-q`IcNdN>EG#T8>{&RYa7Lbewb)u>?PV1U-`JnqS7}SUtF>#ie`$I(*~Q*~x6m8( z&h+;2dc9$9k@uZ#dq&kJu3ps?Ob$*Cwh1>5e+|A0whpe-o(rE0*Qs8+dg z8&oe_yVug&G$2es#&k1`Kw1NM;pn)9&sN8u5iyLr@q%zxZ}!hh0#+JDA>)_=}_-nY%1 z>6)JTto@jsH+{2U2IgZ{Xx`>kn@gEXo6DHXntwBwGnY44Fjq8JGXHM=!(7>1#az`q z)H}>u+br7c_B!Ue=6dG(W?S}A?QZ`u?Q!i1?MdwbzazU_cK7U4IGt9??ws8v`?R*e zy)%49dlqNWo^fW|PiL2M2eVF<>*cDlRfoEns)fO>+3}f8GMi>5WE!*2Y0qmfXkGp( z*{*DR_9d;DeOddr_E5GndrtNh?N#kH?Oo?}?T+vboI6||KU4UQ{g(Z zSMXQ&_sdVp_vdH%JNftLZ_c0Zuj8NPpX49rZ=c^Ozr^3sU)J9ze@=d`f2Mzc^H_cb z@BRGx`5$xZ`6s&5{4L!>oWM8yP5ix_tMga5eg1d(W1JcJY5BYI)%nhR*16H$&mW(k z?5^lt;=h_Vou~2_JFEDY<}dYs4cEz^;O~}yEB{meZ~p1|E%Iyn--ZqO5A%)wa`_GO z=lZ4m)cjz6hW}f5YyO~ooBwGzC;w>vgIs<7ZTATGe)mszC_mu7?(E?2>fY!#xf7h{ zoOQj`UEiJWhE7es+3)szXXSj2v#!5}GuO+zd%Fwslia)9KIi4!f!vJt` zo%7G!!@28nujCH)kMi%x-Ii!*Xi_kc1!M7euMvA?ic6l{C)13?lfn^ z&=0q8_Hnm!9}89q9?D&jyEu1Berf-i+ceHo4_q6x5546uS>o^aaA8H?IA8VgzpK70JpKGPUo4GIW z#`l-nSK52_@%}h}75Adt*V;GQx7s}KJ8h}VY34chf3(+vYVT<42kl4gC+%nL7wwD8 zA>KjW!QNN-U$sH!H|=-r5A9m-Pi@z5Giznn%x~-N8SE3@7916>6^;u#!qdZ5!vAV( z6*eyXg;RVFg~eP=;SqmK;XZS79NmA||H(hm|J;AQuzT(a_rt>G)+fFeP78y=me%k7 zDup!)TUc9J168ZyNbN)x%*VWhXmI^lxJiRw~ zBFO8$UeE(Q)H|GNeY(4pZn<9J25Tkfbf?FycP13pD_DiGg*o9l!EK>iFbjY9OY6(% z3#!)5w1(?vRt?w8td)7tJ|fsTcq5n|4umU(KL?Y-CBZtuj^VPwP2ouJS#Vu2GwAk% z{MG)B`Bj5`gYCoRf`5dkg%<|z1dj$2f*Zme13P>%*gjZRKQ#ExoR@#Z{F}a^bxN>& zxVFD~xOZ@PxRF(dt>xwPSz&X~WFMEEnEx)@mp{Uvn5r!ktf+5p-;iCB z_wB30wS!A>lx-#b?|Kj}2`>v#OLi>R%RC*VoYd+?A@e>KnaNz3aTM!WQS3 z@O1C{u-UV#@Ab~`Zt^}0H*}5aQ@oqpjjR6%AMsA}Zt=bj&v&Y-PxgKa*VNb2*Vfn3 zU+`b@U-V!0|Lwoxzv{p4zvjQ;zv;i_zwN*4zvI8>zwdwG|J!`UeARr-TvuODf67~5 zf56*7-%#I3-&lXv8>8RuUF?n3YxHsYdEO@aczsiSf<93{+TTpyT;D?9Qr}A7THi+B zRzEa1Nw3rYY2ITtT9fs9eTqI+-%h{RT&}u7e>D8SYA8%E>`<6e*k0d3pQeB3eeZqa zed}ezDbDiV54jh-o4tFj|2X$pXNEPw-PU=SuCD6bWsP?yhX({p=X?F({Qc%T&VPbC zoL9Vu%m+-@dC;s08^bGugPkATT4ztM%DdeCw=>4u&-v6n-@U_ab*^>(;Waq#=bm>@ zazA#KcUN})$X)6F&HL3o%4zX-^e%I^aqe~kZ)5j>+(EfRatG!P&Nb^TdaM4uIa8md z@1)Px=jg|Vx%@KuQ}gF|XL(=SU)rDA-`dAJU)i77AJ|{mAK4$<$5`Jx$67n-JFPv|4tGU-W>$zR-IZn}?;nlgf zxm$X!d#dx9O;t zmiLT%mvf-=ihHEHg?p1T)>+2;HMfyF);-VN)IG`RcW1e_dy2b@Q|%n)KJ0ww=AE^j zqum;BhWm*-&zNdM)x%)aj-ijDB9Pci1Uvy`>>v$V@o4J2?K6Y2~&UO~M$2rfr z8#re;t2i^gT|CWM)A=daTxcm=vvH;Va=$`QLCU^n%>6 z-b>-xUR`x<^^4)lp^-803he&DHn!iN)y>N?U%$ZYBy>;GW=XkG9B$NF3T@O-~>zq4HCpN^CH(^@w3ll7amv-4K&aA%79 zyY+{a%j{}j;CyF&Z~ZOvv-OvyWg4Bmo!g!NTC00EI=_2gSN&0SQD|iK><__unPY=7 z)n<08^B?zeeKqe2{YrhYbCrIzzP5Lb{!jhW+_n03`t|y~&JFsF`hmf6-c9<(*3J3@ z&cF0q^uL8iI=AW9y|d`f9=WaF=kty}-KIyu=)1jkT^c2d#_DtISKy^USxb zH?1qo%gru($ht#svkwXG)JyiTHDWEat~R^voxHpBOnA9}fK_8%V4mY2Xq|8FX@4DT zlAUKC5MCebVXu+7)m<&KOy())8|#AL*P@SE z@}4)JGpA+mG(XTk)Jy(^tYu}aO|v^&AL$?K{n^K@-@NZa6uxC!zj`_A3Cpou%d>v= z^42H%r}}65=lU1=m-<(_X^qdml>b`)M*miS)cH>TUjN1WZ&+WLTBs{*Uzl9jt}w0e zAN>dYNBt-LKjzQ+zw)2tH}XHr*ZceXr{$acoBa#?v;8ytxAU$3ANeu<&i;z|U-Vz~ zAI#tM4*U8-Phod^uDxw=W??t`!|=WE?eMkm&G6mut?ygr;4Y!%!X)`u?z-v_S-%Z1+tPX&X)`N6i~>%rN< zUBS-b8R0*IErS)ph2fgP?%|f<1Hrq&{-GD15?&tuSN}`b4Bapc(>TaI+&jYC&e_5H zEH~c!)cM(6&Y9{h<*egg=gfA-J1aOFc{{kPx*K}uIxD&NxNkd$ItMvJ?nTb$&U@}O zufzS&9dRyl9}XXK4|M;`edyGAkAx-f?_R4n&E3P@-~Gus&VAH)-C&>?G%8>lEu$tG}w?KH;2Zoo=0By=Z_XP zf08@bI?p=a8mzj&@~SShJnysYyP0<~7g-lumssy-p2&QVIm~%4GqbQ;?yHPt%qpDe zWQ?5(X7vg7LDq5hiT0KD!B&-Vs(q4ulzp|6HIBBAw-3!;<~*0ZJNs+?>3oN88^1d_ z!!cI&T;l{RP2A~*u4m*8-qs~M{sYZz-9YZ+@B z>lo`A>ly1C8yFiJ8yOoLV~nvzjj^mf&e+5lZ)|D|x)Y3v#%9Lm#**wS*+tncj4h3= zjIE7rjBSltW0Fy4Og8F`DaI|~=H66eJEOtaFSk!_dt(RV#N0IFgxqwa(P%PG_h%S8 z8fLiAX*ODn;b2{RioI9%_3T9Z;q3X@YWu0|N7-7h)tKbXG%mF-urIc+uxDpyW$(;i zW^b08Wi)4ZGTL+J+vnLA+Lzd^*{1AlV{3Pgv9ocBw~H|&yQ{IAvAa<;##irQv>CqF zZgd!(M#<6vGa9qzVQ#Y$LKY#&)yr}A6}ooFTB`4+de+`qxqBh zv-ykptGR>qV7|}zHhXK<%6s|W%|A@XACv#n{I7XZu3#UR`zrfJ?&Ms*ahEw@EHGw- z62%8Rur-&mL|ZVH{~3 zWgKl>nmxui);P{M-Z;TH(KyLC**L{G)p#I$$yqIbcJ8L^X~x~=>BdLS;r=)I?)-ZB z!}5#rN9I@dH_1=+f5@LBaImvs(c*WVq&3h-iyE!K~Yq~poS2*uE54ww-r`??MFZUL=+ATQU&YSLlQ}D() z-?&%18D}+fb#o1KO>-^t7guvHaej7Yc@5su&K<_>)}6*(#-ebe{K@`@{@uns#w2UV zU&i^~z21G--QNAmo$7Wu|8+O<#(HN4KVdR=f3O379^zhOu6v(xzwv~%!sm_4tQU--s*AiAjjb|U zWL`2}HulYaY#nJ|ZatGZp>SZKyI@xR+t?;ko2jaDt6ni)HC{7bH*|Xg`^${Lk|r#Ume3e z+`Ynj(|F5h3Es-QZM>JOalgtv>oj@WdpkKF=gx4Cb)IzBa{lW~bbFnR?Y%N9XBKAc zOeT}hgqamHD`nm>-ZkDc-ZwrlJ~TcuJ~lovJ~ciwJ~tNH``N2!eyaLU)%R6DS3PGv zpLsd+f%l1*v5&|dll#Ir#6Hyi()h~w+W5x!*0|oh)tsB#tonC!*H>pZ%#6*n1xE!9 zK~wnmurvH4_;;{huwF1X+$Z=Zcs_V7^PTa%u}9%Q#+}(o_5%M0<45Bs<7eX+<5#1# z@SE|w@rUuJ@n7RF40?6bFiq1kGiH@}m;a!DpMQ^kzyE-LuYZUCh_$A7o3)X-u{p*( zEx0#$D;UWw&aGsRH78p&=8e`h)?c|z%<<+v_NL|pbE4Ua@j=I4f3yAuURiy4_YsnoBB^% z4_JL>zd2woFbB;cbJ!d)7n+OA#pV)oFLQ5mA9G)GKXZTcIr{+fK=UB;VDsPB+WA}j zHS+uB7y1A4YxDo~uk;VjZ|!&F!{CST&+skp!^}h0A?BgxVdmlHEBPbLBh8n*qs%>X zBUMM6$C$^O3#*PZk2epiI>8*SI?;U8%KFb(FIp@5(;6n#*UlMNvr%VHk5*e(SKrc7 zoLt{h*W56pwV|o8*fm%xRl>W6E1`X*MOtlrOR>GX*gdyYEcJB^E*XF%ppN#AB;VCO zwq{}(lm=1~!-Hv0ouxRAQb&8jzZ!p9pZ@ar`v-=*`}>BNxx*rjdveLNgHohvr#Ls#E>h_<9%-I-P)axL6s4?!Lvd&rW-&LRd09~je*#ab zCeTQ+hT8FE0mPW}93!#E#@70&_07eO-T|&og8({5Qb3$-QY0#O2}JRTFv?`kgmlq(4|%9;eK#H|JqX`q6Y^@wt3MqTS{B`X+94NpgDaJbmj(>51PBBeTVsD$

Szq%|O{f(8Uv(tz-^256dFYbQ;sFEi{JDHoZ=X*^b6 zdQdYp!pgiCD|j4UG9XN?rGCem^^JA)iOwVfWne8ZFSWN3iC_srtJTR1FoAaTl-l}a ztxLE>6-}U#SxUZt039M(gaA6*hTD=rD%{vug%2{X&Qe#~NY8Mww{1xDhQhI@)Hio{ zULrsa6;W;pILbNUQ)wVoq*z*<@W#Xd7P~~FBZSkzgCCRdNOse{q}bRnxeOjPHRMNi zjC)cMD;lMlty3l@LR8A1j~NJv4W)I{vBGnlvoR)(B1WQoYEAcW$!?8tN?*o!B?{^T zqtJTj$KEk9!HmDSD7&WTniJ z3<^V^Vt>bQX;|&=BG<|;aRMmJSYg49<)y*`p@JMe3UV!rVrFB*tor7b+G%B_m3EQ2 zn#Lpj(hkTtHJLM8>sWq9BNPcJr5QoJ14YW|qNq#~k26>zkyaw~SQ`N-B`*C$d8hy> zRi{iW&kxi90mhL=P!#X1hL(m(ZFCZsAtcc#5VVJ^SLp5U9O)7E*50RDFUvF(c2{>_ z_b|<4L<8D^=>d8r8oyU??X2m>aJZkF3^B5K>BQt?NMv@@n{%^A=zR#ai+hT&h2tau zt7_k~)FFI#*L22F5F?|2n!QED$-PNVkrnPK4~k;kk8HRZhZZs!BsH0ALP(9j6oDE_ ztPqJZnn|QQB&Cz-Asx#S)rZEDP$iCJ1OshyHpSvoOp@_K-E;dCzr+?hhDC?KBu4sD zK`bl{c6W&`uD6|6vtmco>qQVsPWFVnkcvZS#du^CWWwwR+6IRrH+&X5N8}(FD))8| zcP}g{xf^3qY6nJ!i=}=sWg|wljG@wkVw?=()MUk(Fx)n`CYn(agXD3Ik^2KZ7~;ld z9wBiVMo?5D5fbUiBTgh<=IG4U?V6e!TIUoS8mBZB#d-q|y`mG<79+nFp7rH0{Fj3)gei$NjY(j;+Be-KT7Uo`*Cz0( zE=>?CRz~oNg@~jtxeNg}>Qrd;VN%0XOp2-Noz&1&Z0qPKVO52F4)u+to)C>!sjGW& z5*r%nN?;UPT8=P9uA{A|r=2XfV|cKKg+{|fIaH?@$>dSP7Y`Q)OT&Yt8n8$hA50z0 zl{z7?V1(K|DZ*S94WiB!=Z>@uw)G8TZ7FgbKr2hL)Cd?Xk#dzoTBJ&MmfA<=7NzPe zfX=ytZN0_5{=Q-t#-=^R(%@kKAa|i!M{!W~LkY&;Xi6iz8?6o&Qc`?EoQqI<%B2w4 zyteK>#&uzk*Ed#twzmzHHr+%rD3cP`q^sD`Juoj~dOL+kANr8uu*|rwV&4ds<|vLX zWJXVSTRZwJ#&%XrU{_~xXkPzF59PlsAoOFMMK-2n9;peJA4QZnW5|lQWfh0|JLY4g zO(KLQa#jV3ZG*hL2&B$}<^j?d?+DOMc4G7`!Fm1YKf8IBk*9(F!8jhKFBZz0B5{tu z1cv%~#=;K;(Y}OMyQJ6<`%sFEMrn~v_L3K5mGmI^C^uMLMoRI&SU0_eg+<>qO^=uv zJJhvIh&ZJJk|dSaKwCF2RRYkV_feNksV1ITW5jjwf+mNqZc&zu;n_l;z32$rN4g>} zN`X+-<2cof_-hRR9O-Q@4YEq3@>J=DOFRp)V2K*YUD+r1Ind9eXWb`{c>r_tC>sYx zhUPI(=y-UBNAVA-Ez%Ghb5P2M68SL1tb?j03uUM%vH>456NV_=!ZkAbA=MhuAaM7z zRZ>eK%`~z~2F6v4Sk*|0=j#YeTX4f214Wo?PaAL6hWeDupdu*BIWzM>K-{h{cN#8o z1L)MXVmBrbyfO-angSLcH3y2a3t5**S}aslT$oT;6mw&7(zJ%g$!y)Z zzYqN|6fDPRhMa&=xM-#^W})&@Jp3fA9Pq(v_p*o#k@FoKaL3G))=(n2GW7#eQl8Hr`nx=GCR$j8(v zHCR>0a!d3*I9M~#-vfIRj+k?(->_9Q8?jrlvwLBhFOw-PMpae(fG?9lo+f0#m&x>w zz}S>t?W+WWW(11C9U@aKwv%XKyxc zEXI9H}bSyR)FCcF_1Y@htX2MsxZ z_0?dsDZb|MIDz#JbaRX~AQ*D7pxBs>a6Y)B=|IHDl+&Ugfi&Y~iv>fA+600*4_pwP z&_dWO{-NXPU_$gQ6{i_5qfiC(XpG=aM>hWQ?p4$c>Jc7;BgZxN{_F>U=9kRv0+UjIzZ0JG$O}E zW=KQnrj8I}Yi@7gqSVN5VHpwI)rOpA!#?bV33&`(IVgnZ5B6hZF`ovFjm4g!dEH&C z==c}YkycYFW~L%lEn!OH6IHnz(`EQ3K$MC2tYPJ$xK-q1lSoTOB`(5?tU>Za-I!sr z#+MM*>|;tSbcs_#j%tcxHmN6upca@k&S0N-#5}0ELl8ys*xg=Vlr4!X6`D7-C-^0wc|67grXx z{Ei}zCX$V0d^DXAA8gWs@1fF2XMa()3JOcuTvjsDk^U=aA_E5_JLF%?4yj`n4GVqt zmFBk53J2*xd|Zu)li4MTL1a5+dE_EmA1r&aorib>mqL`N*yke%Jr>KM5z&y1h(H&% z^^BB?s72bOnNy0>>!*u}zhLGL_G8$gFnr7xL99UGjFBp9*YG)5!l;Vu7~fb-kuW}c zI@*xw9Pa6$W|M#SkxX4}OKV~Ufdh%v00zlb1jeZA2pkYA35-duB`}DxmzEIf;x&Z2 z`sUV#DGhblVxQ48t)Z>~$1_;7T*(1_LnWB

BFDmQXMnlEdN{pmni`<6%o-)^78e zFJ>2uW3ed6Dcyajnaq0w4XD}IOg?a9-&h$K!SoNawPGE55X{sY`nvi>8d4zhpOoVf zB{5b(gg!0BdY-AJ&dHe3M$0%9U(!V`JXPy?8din=MaAG5w{4|$3O5Fp) z&3vImY%z~v2}?PNJS_9Va+BHgP$h37^{K#Q1_16J=$6?R*%?<%ahYG5KiEyZ-xwOr z3&qRavC~U+t%5U-AMmZ*|KZL;Z|lKc^C$r@0b0kz{I;SN$nr5!mM4?OoCey4hFEh_ z9sze})ub%(Y@vX>v{2mKB3LIMVS~*2*lxK@Ad}^IGGS?lWP%h|Wb`rG@Ao={OXnjXTFaBYl`` z2UZFxO2!OIlZr|r1t&@YZevrGKn69IS&YKPv5cjG1vkHx5YI2^39Iom-Y5?BVjSLq z(W}t10x*p3t!)q;zAD<$-;3qaA)YO4ZHoe+57|O-PBc=Sk>^C1s5qOZd{gHaHw>c6 zaWIiHNf&9Ed?P6l1>3w% zN{v+fMfC;F6$_W)WI~ZAl=WZ_=P>Z?EDg6|i;XulEW65LRw@TpnWCTor+mvwLWV(B zL#-{-ommPS9FHxw4Py(05|jqzUjJxrIOa2|zhNxXDgLmkRKf%%9Tm$$vM7ow6&&0u z$uq2iW>WlrgoHL=M6>`Hos_V&LmG}?8%r_tk-l^`2&puz>QL@URim=2%%R9Nokx*F z#avQd<9sSZD{5IOugZPKxusMu{u$d+({yFUpiXkEhb2a4ZLytJ88jwz zBIdMLPj`F#6%VYM8nK&18y2)6h+QkeVe^48d~`rCQby|!{A3NPa98(SzQD@lDBYMQ zV2POfBYp@g)oAAxfS(p*9=b8lz#cgTD^~f+U@pPEtKw|Iy-a#!XpnCcl)11$Ofnd% z&wOn$Ax&^HoSuHHPca$#iZh9EGLuA7(C2VbC27gfghP2W+<{iCF(I3$h60Q>RhSA= zDppEGl+uv!NM9_G0qPT)HP2lPHwF?JW!M@Tg#I?j-1nJ@n~Gjr34yvlLGDNCD}HzqXd%n&E;hG+|kjC zt-Yj=${`E1Sjh(;P9~y7(ydrh5yDTekBv5xr6kAWQ}anYtr|Z9NLzqd3KI2F zsF6HrFM~;-v^g}cCQ@m5s8VhxP}%0mIGB&LQrw5kFVRYJAD!)J%~(Z?d9pdV(jn9& zv0fw!XC)K_9bOtD155kG3fy4-l49o))XI+eG}91qjSQqSN#q&Zo@m7z(rq7T`i@stV=s#OX|X)^?Z9ck>&qUB3?O<1px zRIHbZOjg#i+E0!m^Tj~-e~NU9@=7-%YA}@3|1%KL_lPt=fmCgvz+_>wIYlp8KQ=vz z63!)%L1M>SW(aVa7{m1FT!kvmwBo&F95FWvwgHR?yD&E6cT$w#6p>Ngagd^7oV2mb zk4sea8atv@#lFN_R-=ri_9XWjhkhoAg@ll5F@C_f%aicS-rg zdM{;2l$z8vCZRhv^XYsdhKf87Y4e@|MTw*uL&1v0PT^~?l+17N{n*x`-a-wW8qrZ} zGdcbrwOJJztv0JNl>Rc~CV^D>C{VF-r6q|9m6KqKq=Y?$QEWaXQfB(ny;40SHwt%@ zdYE)h)kEo6sUAwVa%K3Uv?$ehUt9o-6CJKrhl4UbIA)Ywn~uQbwYgXrcsv+Uq?Msa zgeFE2afDG%Cj}FW-4Q4kyd{vX0urbEpoJ4$XJlzXtr_W!I9c(SYhuw|AW>=<&yM^e zG}^f69u|SJ%Z=nLG#|%8ht}f~p4DWKbg8p6E|I$`h&EOvFhPCV8}mV{J0!(lv8qL zA&JU{R|qMNbQ~HehR!&jiZ7-jmiVy$6)}8oGRaauJh=gfD_WbH=ctzj(jX?bX^1J` z&@y9M?VQ&7*{yuSfEjWGFh4OX_4K#nRCP~(|9qC+P0SOE39B_YIY4pp(&r~&6~6;* z!}HpgV8Fnqj9!6%M*7d#VFsNwWu2O6AaEA145Zo!yn<*7;)47@ zrq~7)HdtQ=bby@&BUrcd%=Oc#Vn3)4t3B)o<3Y`fRfS;b4}cz zpo$n{*d~t|Ix7)z)H6m*(ici`jBL_znIV#5_)rNW7ZqYR5Li=?gmD`IgE+QHmk{sh z?`rE9PK8_S7#YNjkB(_3Ly@?mEEySxS&Nhiyt6bnkpU!&V~wb^2{AN|*of`#?MBwptnO3`tH!5}scjn_?4 zv{ZYrZC5GL5A#t-G?B^AOOQ9m5vtCF? z)YFm}R`+ywq+phi$XrAiG!GGdrO=Sfl6Rg8fCxmRz!%7cQ+MAG^}wUJ3Ok{gDq0CS zR48-~(@{MU3mcM%wu~Gp-xKyALFxt*2_(s~1QM7?AOSe?7UwMi6|$DWWjUKfi*2}W z)<-=usy13doMn~Ch`MDtjAA+6UBV?L*%GncD|T2FN#_jCFEcZwP&mTRD@%(J7;j7k zBW#Rwo$WobUtx0GB^d;1vpo)k(mh)`xUHms`ieLV5-d+;)IRdCM-@^6qVvM3wDDUI zaa?Gn+vvhMt<7V>A<6^bX!=;~kHOxy`B<1^`LBTd<`ZwfxNdYrH3~@>DR;rule9)m zK|0$S`QQj0FHb@69YbUm|6kcjg8yfBjw+;NC&^F)N~d+u0VK1cDi2f@fvYIJKdX9vecB9(^KF zeO(x}uq*2VM(2a&bHT_%n3ChLXB$eSClNA-^_xP1G ziIZaGnZg|s>5m5XaXtZ}ev4n;RD$J}P%*Q*x(9J+L6zm5e;jCRt7ItDtW^vM8>xwK z*dY$;lc=w)lzJ{O(mt9yAN0g}uq%{`q66fS^{O=DQkB;qKZnMo9E8QC(OoA%_P%x7Zf2$SIb~vT@^f z6{*79*eY>1i}M?5C~_4<#S()K9=j~pXgsIDgPrVVf*Qi$P#gLsMJAOQ z(oJb%GBT=QYM_8imi%{BrtDqEv zE5t^4MdgIUC|)WmNnR=`O8Dr?@)kR?l|(|Q)24%wW!X+arkbjR$GGGYb)sCRvh!#< zjjGRRy8K^yMD<)rKkcH*1k->dE=|V8B|@xPc7jg|s3k=LN&yj@C>H`!NoP>HS7czN zUXdI`|D>isc3H`kL}*fB38z!0;FUe3Qz|{AQY_&L36)N%(o|Aa9Hl_ZL=twTy7E1t zWbRb%xtTB4b4SKOP^vp7Xq0Z3IjOxY0dX(OxJtb&Iq=4HlwLI!sNAbY?x`lWta~Ow zwfiOhf8=m^Z6Oa8I;N4nsHVp@r-HEsDX403Nw}i8YHy0TVr~kWsAmeEvO>irWrT{$ zC^?jtNSL6UVmCLl!x-#g0S{e2l@%k4X!h7MtKV;&9%TM($-$tUnttQdbclyprPVEgG&n4o?rZ;V!Xs z5D@F4aCb;XZ3zWRi?SPeo*f&XoR3|E;wCZ0jTmj=Fu5wvqdpS63MmdOk4;8?=mI|UX za9^`5PX*Lt}MU_S#?NZsZe5J=AZ1`XF&x4_R#5`DT+I)eMRX^Os zX)hCEYnPM&db^B0!bHizF%7)vQ(pPRX;N}P_R#XKSh`?-*y*#lPK)Dc;yhD~QD4YkuE zZ%H)roP=c%*a2*$$68q2GU5an1&~0Qf7Gr?OR(? z$yP2sa}zfJ}$L)KJoSDMXZzr%z72 zUqA(|K=Ro`6_zcW6az0ckPtdITF{8Y5{H^qs9Tz%@I*`Sv4>>KAw*J@A84w615xUB z#HsZfU|grcu!%-grvR{1Q$mvnrxPo2X%QFY@{CFKqADgJ+~eol7f2I{2wrUV2~h1{ zNT>@-a4Z*SJU6js2DUZ@TR#UJuoPQtAMBq`d;Jt3ZG^J7C}e+=K&V?!%CW9h^~k$b z6+vr#N>H=irJ&?Vv6 zg*pTTIi?(fiFLPONGdgCog#ZLED0$_27_Tz1SRc*!*V>ra)Ciq?5QZ2B_s<!rl~$G^cwo zD#M2w`~Y%{Q&Y%POF49kR}dme0k9pQI9!SL_sCWN1*BdHSNzlSYN}7-%YtJdOFgP^ zEL{@E>!aWVkn%6lggVIrNty$*1S+FADnMh|>aMg(4$xv#0>Ngw+St*;2wqM|iSaw` zs>j4j02Lh)^$MYKA1S*eJh?E6XVsK4P``Q06ssS#RAOYs43gHRQq`0}$?C|UWOd|F zqTVqG8sg=dL~F?KL}g+Kt4uh0L_cg1D(3Qq_;ID=ebKqlIAc)e$!f^~ zwZ1VVT`d`ysFpyKF^xQnMFXc~hmtHZ;!??t#$7Bu(a4K&>EaWmmb9qRiZY4Ev9{nc z^pt4IL|in0Yk_*P)2!48AKfn-&dHM~C|QD(B?Mym+BVDbw$f0ME{5Y`OqwswBLf+l z*T&n-NU{T`Iw@S~6L-tXfEqp;RAf?s81P8}T*69(fm_K59v71mJZ{Cs{AM*t^@&&g z6Q5900IHH4Qj{b>RT6wcN$?3J!K+HvjNde&l;A7mDRWWOWxT4c1Qc}z6syYsMP1@m zb%|HiB|fdL%+q!}eJ-qlKIwWJ%WE()NPJ4)9r8k-YDGy$C3n=t02%a6*!(&0cg1j0LxTh1(8;Pfn_R4G_8WbQz{TzrUHSn3PZ!=mEGyyZ=S1B);@z)=f68|m&WvD>{YRL(@%!C0v^W2BnBoxGCvc8+Hr zab|$sZlZ{LJ3DF^IM`8B++<9Y8e;L|7P7_=oA{2RB^MbhealD(J9wn{k8nj4oA5SH zD#Gu4E)pyET!yZOBGG(DrHDHj9PS>#vz=o%cw9x*LP|;EH{+L09xeD~XH|OO&)j zM0-K;^G^J>LR4~|Ggzud%cLOB5jt<8e6knq zxF|b`5=G23uWxOstHrMuvMuB2r$M<+mE9;4D!U{CY?-kGTDN3C98&|}NZMmVk$%<+ zYbewgMUg?4J76$V?obv}0~_byN*C5iQh}s2Xke8n84vF#k{C6`6~kjw^rS4GJIC?T zDUVccFi2H}0W2??Q0MBK@l(G%RS`?l5kr!6{Dqk$CeASC$%A<0 zI{p-44>4C7IgnEqTY9HhXib5;DH!gzL~u`E4XsL&FG@%B-Q8K!)5l?aA_39&5QhOp zKIxlw6etvyI9@o6jl+jTE2I)~jeelEvL|vya{q@b?l9we0G=v9oN|Owrx0e@ zlrhvQi8C}zMDTH<1t5bEY{Gv_Yi;XHF>H+j5uoZ%K(XKEY4Udgxi`i~J{T7XH{rM5 z>vybBw6Q~+?E*^|s(|Cf381_2K$-D zI5iTHJ|wStnTcP}u8@fkl`e6DC78}ei6>%a-peym%8Fd$c9;Sab)te>R3j?5B{MTE zpyZ}>QZk3BT$VY!Ut$IcKWz5E+LL*hwPG1Q;gHAyCW;=69zb6p$g zQK{Hrv|wfzJH~ZF!PC`3af-7*0m~~#(y?MBm0Fu}Z;2MCvU9ScRFF~XisBmQUz8tF z28!RK#I@c5{0`8M%Y#Dk>UO>{6;2?qo}u`XCpdz^TU3nAPwR-`8rBvqI7t4 z1jCOw1U4L0crg}a2nCGY@;Fik@G#iEPb@`uh{XVb%~I$$0cHFgz`{g#CtdL7o@f(Y zl^N_&s}r8dmuF|`KnwFi4;a#*i*&~~ic{>BN(38rBe=*G3E{VI(0m9%p&T~aZ~|Zi zH-nik@yo50j|fc2D4_UphP3QhRdp$jOURU&I9Zqw7g{JbAw4MiCB3kgkFD<{LW+w@ zhM*P}*^W4gA$)QYCH(LuUM0Jr}K7vh&p63Flfo5hGg*!)>u zV-+v3N8)&vlT{NT+t<(Xp?hv5fM4!h#C}mYMuyR6qbdq7sFv6WDXF0V>PutDs~Y^E zpVq|62fa5;mY%fX04}D`210~kC9Ijv5LvJh$NPYYrHqIe)*#}f9>Sm8jr`!BRH0c( z^Q{B4cqv@oNy2%&8a!K2E0)M&7LmjZMFK7<$T=>@zq!~Blcywui~%MbvrHZrJ=iTA zW~g-SBjQ+9i4gvpWs;2~;$3bMh<3RpBNmhx8*O?^j;%XMMv-JQd^QY;R7*lp>@m!g zjPQ0kqEGEO|D^(o18Yt3leQd~kGVR||1qY&D8`1wQHM>N2;#&#slue_7w!0I1d@uB zWAWhf5tCtzd}>iaT54zTLlrwp{`gIc!fae<&adE z(XtE8{cw8%Glj;w`Zyr|>&sDm{48jaEn-o07TYnrezld>{~#m9jXnOdp*Nq!X5kWS_1 zAzUh^J!vK+S#By3TESdmH`Qb!RGLlPBJyTO8Vu(W)*_%XQ;Bdj9TBJ)3CAi}NaT<- z4+)ot`#%hWdy1_h=DA5Ie5xEPy0EoFDt*PZf*lFh*oXvBDM96C!i5P>*hmDIXFy~f zTqa=}3Y4@9)j=4A0wpYh8yhV+G}iCLsuGuk{UkZw(_+*@KM)n?6WLkPlmtRko^sI& zc1H5(QYw~_a4XLi;ZSCCgpX=>!m(0Oai_}h{GT>Rp3`<1VU_cNHB+fTzgp1RsP8rK2#`DW)qCRnsY%i)#1kpUSNT+ZjFA;+3 zSt~;tXfNT(0c^HXwu~=ImTtyINYb6SF?@|B5}DuGrG~PwhH044X+p8KwH0^DvAirR zuYhLZn)wuVn1o`SfOVd!wD%I3bc6_tjCg4%6N;E;(W?@w9|=XCB#`h`#9;>U1Q5)mdAaiZucF<56FR3jk_ua=(3^LBY0ru1h z-F@Opv(}qk?P2FkV>DJ)rU0VyLQLeBR+8E8Z^uZ&a>-9R6>50wPLS{mdy&!OlNljT zrGhdeOB7=I*RVxkV)Dic9@|xT@}?D?2wz2GAn$rv(5XpB+)AY#M1H1WnY;L*O;j#) zb0b4-__YYqB>tUF&Z*WjkzZ6txs4IB?BY6=h~O#r#BFePXNn)6o`DXsDQZh`&@urt z9n&DwuxVOD-5jOCk9qPFbFuJ_Gi#@%Jw#aKDMDh8)Hg;48F{^6;V1AYfCQ=pGQD=j z3~VR!*$nqDAW=j~EDldfv9Ow(X5$V$d-H~N+1Uy6mWHNA5yq&_6x^teamYO5)W8H1 z`4>ESVUILn^P<$Ygnz?e_y=1(=b!T6851te6$1FcZZ($Jxlm~#dIA1PKPbYVqhmg( z9bgZ;(0#{#;hUeYgdq1a(2uuLnDoF)72X$kf^&&AF9}A8#v6qrqTVQV`B@tMKy2KDk$n`WD z5J7;g$BZpXQy~BkF|my&F`H*XF($pm2(veMoW0q&u|@ioV%qX1U-%_~K6-}-`PG#I zP{I)4Tlg&B!0{vggtLlFADFb!YYqHo3eo_MW3W)j4&?=GX^PA*o#*3ciMdzCLtAl* zQ-X>gY+&}oCfTz!6TgDF?;g!~=drPw>SYwRe_ ztn>Vzjx}XIQLYPX#+AWTRAnH}O`xJ6)lz3(JfkE?b*!LSnR8M%?p#4T?og&5hhq(C zaKUwD!wekgW{UF_OFA~qX4ong)n7^=s{~0g4yjU9Z!6dp!Kz&muh<4yyd^13pQ%NI zi|B(d4>#4d;=Td@Wj5i2AN3)9#Y2?zDMk+Q=O});oT$mtywV`Itd@FAh17G%sYlru299sl%HrU`y-k=;`zM<_7yjBj1}!0zUdMe z{}+1%7I~#_MH=_SNE$aT`Pf`AtVtE$iKs|2_D*-pAccRicVeV>`i`aP`WdA0FP0`o zO4D~DG6G`nv8TvKQaqBK-hiLe!;Ni zCn|n95PRml@ZF4U^0uCiBFa#HPKrOpOX;kbr8Au%!D*=kHWGVT%syw~B)C|+pl~@$ z%{We1k01m^sGAO`#6r{{GmcHKinVlCuh^(UlN5-z8uR=57xfkAHu5(Ym@Hq|eEZr1C5>6`;WI4E-Q} zy{{a`&)t^8IK6CxXyp;6p8O*t~y){z7$q}U&c(fP6YPzcK!>{qrhP3=yL zQ18@_&V?PeQsbb5EEqF)r(%)akQn|Ze6ZDoqzd>M7ykPNu#%2>ZMeRx`e45thGAI( zWRZ4b(6360b%F#$i!C?}sb(N67>=j&j7oqVIYb!KTc#Eprqk`aRyG<har9uhAP#su_RtTDK5j5RvN%*JTUz&MSa|(@!Rn8bo1S>e=ldhA< zWRbA?O-W-bQaHUR57A&=jbR$Iss-Sf4z8sAX5~rN_SjfU@`rOvTSv zXT+*M-n!$e;wUP;dq>6E)z;mErA59j$dpzc*^8}d6b}!kp}6|8lj{_CT<#)3%35*S zHsPP}VLUv{j;^TzM|md#pya9TQ4|$9L~T+M9kpFbh$UN~gcD2?Kfg-99EitYRP88I z-d0p}Nj4dYAjRsUXf~2g>_BmOR76J*-Vz;V`=-lO@<4Aj2Zj~uXloFMM zIBT3J3|2zy*+l8BVwtJsl`?jeU@8fb22AsG@r!|cnd$kV~9uYZzh4CNYM2R!6+rI7XmUCITpTRYOlWh_*6~DGg>NC(&wF za#EYlGWV$cEOQZ!Xc}iNX#z|&rwO;HO-rC^XPt0Jw0H@ZxYtg=Z2t!~k_7QMN*Ys| z%}7=lM8sFN2D0CZg+&gdrJdZ$(@to`w39>Sw3ADPv=dyGb_S->PMDJRxT9b{^*~SJ zA*U2n+NuJv*-BDM4QFP%@O6eF(`YqFu6$he6QDCQ)O)-?P8QMQGoJ>7K(T>xv z>!w#DpWJs~4e zSQ`B}yg<2@e47{$4~UH&F%d#hlbix}^^6SRIhz!UM|m-;NP)cYseeZtum=3>Nir-l z@-kn{+Eq!a)@7;?Sgs18WvUSPKUE=tGF1qSRiQ=zx>HHSIZYQ1FjFH3l9qG4Sb$Ku z(kO(Ij?$KJl!L#Cz(<-hV;(bpg=1>8PMJu>)1l3zFIZ@Yw$pYE&C_NyHBF1Zij%sB z#d=lbDpsvxo~?GptdOUs4!`Ds{jXwO^EB3mpbWdT3OHV|NIKBufEu0A@G=h&Rs$x# z{3&B4wn_mKhGmQ4wC73@6d70?ny(7W%`+vQw9>@08t|&sdItjz>lMuTh#g9jbB@-cwtimrA#A;C1VQAdf**3_g!hB9J zB*P(R{#;b-p98FSC=+97F*bw9KN_tlb7F7=3mStm5SGKNDHd@>Q-997iA@oHReRP9NG&MTw{km@tjxQBMhq-qSsF$qN|QOKf! zjZ#^xrBMXit0pg;W!F;`md5!CoAS(hE!7>(gd$DNgu+6>F)1D|)(He>>l!A_Y{eQi zd##&$i$S!DI1p43m80}g9ci3Csv|u^l5&jG9L2AsJHk+aWBB+Z<)1m=u@YE+I%wv^ zj*z7ML>U(aA7@?!Ap^%&jFCC0F|yMGxcd~F4L?vokc=vliDHV7xY~1XbX_VP6vGl> zF(eKQ^F-ATv5`12u_PLIHmQtrnc8~>MLr~u@HM@@bvt>mgk>oC6JSCR)qV{6)`ghL z3WF0pO8k0ETH{ndvWH=vFGWCO2F3hHRxO_1w&4!m7%?A-{8tSM-uOgC z^dd}}8n4vACDN1J#Gx~`1e|c7pUhIm3sGPdl%;U!SL!N>%lTRyHkL!;Qm4fc%oKRz z%HzPV^u+FbSkL+ByiVM-Mv$C-h?Q6tTP4S+5M#%vRf?h5v|@}3Dp}M?H#$?8(vw+_ z+Iqx3WckKORID*X`8ryZtXwNZNw^wis{S)JifY>bWAA;yqo~fl|AB1I% zs=J%NYP!2g76=k?k)S~%t`IOQ>RB zrFONbsZzVGsZA~VtSx;o>?S_%^Iq5Q`u(|{POdwjx$kr4%*>f{?sLxU znVGZCK64@7DM7EHqOVJcY|9xjrSYP!b+#gw3o?q0y+ zW(3;}Vx~&xO1&?!#7IXB;O(&rPo}qfeP1VjPt=nVeI`ufo`2qWC1l)CtB8ynYBg)N zP^$#lY`G$2Gg2AKm6L)1`&F|AnI*+$vQF7%%P$WF0b`ODu6Ru!J|!u#Qbf0Gc}{R_ zP=5a8ZIz!nmU|aznEt(Buf`nF++pNrCZ@Jwx{s~vBGM|zT;Ze((j}X?{WA7!@`Ccu zhJxs~`0+O~L-Mz=x{CTs?nJ4jk80#jDen^IUp&m{5#I*QMYdHpajv>c$4sh%C^Yai z9leN%5}?Py;mw(?Ke#}>S(=njZ!Mti}1g+~r4;wQI|F_|`M#uU2nlxDu;$yrRNLl%^#FFhs-E8I8P47X#eCT2=`eMMok`iiEO>noB4KN!<# z8L8G_jOKA#Di*+l&Oh8;O@hr-`^{bcRR<0;T zc-G10ph+`#MC;a0#23T$cZVCFN6@!!KO1kFvwn3iu;DcEdj0k5*3qL)^rY*56|VO} z$BklZ8gj=W5=V$g+Z=Qh28+o(OYqc)(HqSR$BV(lbe*wBg*$NKJ!In?&6jSIJ5idg zGd4~ASCTIcz`!nwPr;72oiVL?{2*K*QA8N7t{5 z;>QK-2EQd(rNg@NC|9`3>v{}Vl}kzljC<{0ci}3O8 z+~pN{EZFOzhyo)kg~@7*6i3&+kxoMd+Yn7GGy~_ zd3&QUTTbMK<$0XE5PK2N3mE@|k!$sOF6Kohv+W{|4HJ1p6E(-4s(vA?5?Z+Jm!1=C zmseiLY?*T=V}o*ofV?nqwXB&F;$U%&3%W|evaXA6x#!(h5_VDU3eCALk+`Qs-DIN@ z=z1<&$uk+x9_znOi(}9`@=I5l6++jS8~4_9O|-N|?fa6BzhTy!A^lS5CR=5(Zct#w zYKn6?N!FZJ*e|pXAgsZI7!KH~7VeuyzXxeO6$J%Dg?@*foHvejxtPV68j9Z+!K{y%h1Dc$! zH&ps(Va0`|ApPE`z27XX`n^$`2hraPiss~EJ+F=Z=E_R$r^B&9xtmY6!yU5$or8Gr zFK-W)b%}Mm%4`NO-4ip@alA&=)%9G}wdUwkCk~Ik;{i@_-Z^`rEianoaH-H@N4Alt zF>_4RRXt6^(u2EFJ>rls84aJ@5c|suBeVVXlMyJ)bSiX}(DTpR(iUiI+Qw{o$$B`i z6?hQE@ajec8YI|iyWJ{wD2_RAe_{*$U}%38lo@rHY`do#n`i&k4dcxr$0>M0p)1uhqB&Dy?MEBefVB1MDc)GmBD$GBo- zvR5L~$JP{K9aB@tns<*tJhvwbLjLba)|6Y^)-iu$%-L*NWxp4Zt2KGnTn!sz&efaV z_0cGPw?ZG>x^<-I3AG=&s%>hBWds}V2gA(_!$6I-Xp{|KZ@;5qc0;YfqRo&$p^oxo zDQ-oXuMrW6+YNU2S!g$1XrbM_M+bZ1Ej5@#p{5@~u;*@x>G6bKa0F(wFWK5w zuQxQ(c~M4-vw~XCG{Zuv*&-OKeV4gN_C4lX^V$ttkY4T1H@_OSWNmM6&yv9OsW=e4 z_7;wt-e5wH#_J*Qu5gp|LaCfiG3hDK<*RzvuO7#4KB`%;Mc!lWW5TQlJPSg`*|+iV zXk)>y@fayS3u!z$nxBgO3DbfQ`j({qk=5~n|BE9RpRmk-V!t2-d>E4E?-d>_%=*;X zG1134W8`Sh~ z+NeHo&fk6X%Xfp83#D(IQf8D>daxruvGEJADBAQ!=LUN3+NGHJ-CMXFg_?omhFvrB)>4;d0W= zPc+gGd18yX;aM#$c-m$`zP4oEY++bQZvc>%_O7X?DW5AbS52&+-qp9D3vcb9PcR6B zaFjGXTvzdHAX*pu7WC1r&SiQi*2Q}j#Fj`y@7Y+IxbtUenAwW?zQ%4SGJTC)PX|4P z<(SE*N8N~tiOcnM^1{oz*W&f{@QytgQJRNE0q9)8O-3=q5!=yqE{wYj85Lf1rg(@{ ztmj^Tny=1z$Nx_UjnB7pK| z#Uz8J^j@;grmSCPD98=HSe!c7dZmD6GmC{~Fv^l%@^IS*ohgh<=uu!42P%}a@v4z_ zytYO+(?hnlbVXEQJ1cAyu$&1Ki090*ZD%W{RwSb+&OLulOFJHI&+WtrC`@$jtSMtm z#kE^~Ki~HA!nS?mJEi&q;no2zoHrNuQx?o>D@A$Y$ket#7y;L|bTTpb~k_`sX}B}*bAO;4PA z+T7XjSK?RsxpNli_OtM)wmyMiF1@OsQowr%mdx*3-nBB?H=kS$eqT1t^l-OW$3(Q; z7hUzFthXgo1bnXp-tz4E=h@C48-&|t;X_Xy`bEnnAkxgKVwQz&%X`(bNZ4)>wS24< z10U09`UBHoOg<=3?dcdXXe?zULhmy)*TwG^y+WHao4zezh84WWnKp$f_qJlgkbkWZ z!!lUMkY_ZGBKN@oJstBP&Ff)>n}?0BOyM4D`+1_Z5!=AAh&if8$stE$yfIRL38j8c zu;Ps7(HDCuwr(8rnPy?mYtU#Hc7t9dXb1Tp{}o&2zPnqX()V+1CKPyjIdQ%PGrh(b z^0zZTdz*`f*MH_G1Ot5$f{r@>1GPDm{<&G3u76Bc7{25s+mxIYBt9vcADg}$ns1>& zoNh5cr>SdQeZBZfOc%YNS{TGPbgWM|=1ihm>#jgVAzgo9)E0+65tvi;FXZKPj7w>b zNS=Yd`DQm5UtY^MSve~9OpguQcSAaT5zW4h_(3{hqZK@ z`HdK%Ss!yTHSz0$p;(_}(RF$;RD*35?(%fKtcq7GH7qgTbZw7gyk**MGAo|3l~GOg zH?~kQ5NpQUY_09Ach%-w$XU~SX!ET4>ql*-F|T*Eh2>t&YBN$cqH~%%8e!1icUoYz zUSDdn+s_cMzSO-TomSI0KC94fk6!SSck_4(->YcfUtw5Ya`_Rhpn|s`>StoT=g_8_ zZ!pwNU-r^JTc|#bO*iQ8q!;I)PdBrUMpwi< zrIT+pk|N`n)J#L(rj{|cCAlzjhqf2dgxR9n9=JOcH|V%sMDu<=+s4m!Xm!XlQY5V z+9Key1Gyk{X+KA~IF*K?^@Cf%8eXjb3D(%@$>O*^+0O&7Ikxq>CO zFt4Yn6dWd9)V#yAU1ehv(ct8E00)>;@H2Q$$x8>PO2gH4E0#9|@oZOg9o^uq58y>; zW6jg1HksDODGgK2$Wt1pj$>{J1jmcr7?{>DPHgOZyhNtf2dx9K?XszUdV|!BaXD^{ z=(j;6e4cH*A*C?W@XIA<~j!ImNKOpUY(2fZi*V_u!8rYH_G75km(F)OrycB!v_?E1qBU~`P z750Mht!XP5-B62 zOt~SiVX!=dIH0`It(o0ow9dj62tv{KL58uAL` z*dZ^O?IT>VPrE@c65|YcX-nIXH(wP)*PO{5^5$7+Y*1*(-_9EHTG7lQuiZect)-Kb znJt=V%VZ3BbGk9)C4)7t6}=175sBoiAbrT27h4Q@^DNXf>zi3aUJ-5|@{*xo$ZMHI zO>Yq?6b^ZFam0|O%V-<& z=4{rG*JiSYyuxM;c}dF+c@0e;^6E-%$SZVx$eUZ$hrBl38uHp~=8)HBGAk>M_3$E9 zqt=OmuE+ziW)6AH?Q%ojJc~8twOfrLZ_YG!$eRnB*D~ic+iqlx1aE|!sb9fTU#dBhQ)Lz)$-F6u`q1>&Ax0Cdsf?0q6b&LbQ21*@1>BT>3Pn2Tr( z!fj!;B<+K6BZfJ^Hd8Ql`~EDOkp;FvIHh8>Lt?C`55i5mIS9|`)*w7*!jRiiM59Q9 z@O+CHgy&2&2+wI4gxeK;bem@}FQ+&{>VFz%B6MrSolC_s>0J>K&1&H-%@~ARdlG~2 zoR%wCVhdcg+z#jxS}ms;Y~{ISupg%Jm{Beb8iZSWqd~Z(NN#XxY@YXHI z5XD41F=v(LZLh@*EsPAT>mL>0A{2+NuhKC`@dM?0%+SOvY-^pK>oV-d37Q(FEiR=w z35ISO zOj&~|inG_D7a3Z|yW_})^EE)TDwnKSzh=46yH~Ez1L!3mh_`-CuW8cXNCn&FUF+6L zxyd@XZ6$3mPv3Trhivu{mWX6GEEr><6PBdO_jCN$ml)QSbuOv$-khy&kV`!3lFDqh z4X{bDDYk77z;@^om$cg!Z_9&R+KzZ(n=SS*mzrT4Z<&WQrb1Rw`dCWAe_f|AMz3;3R?^khdcmDLEeFU1Q~@K zjpI8Fasp%#WCf%g_Q$Yo0z%6sa2=!*GJ^ddf{a4gkGNC@aYKBNsgMxl49I-QVn`2U z10)970@(@~ggge>1$haw53(Qf0b~Sn2=XrodjQu0@->JTQU?h_WmZjy`XM(%?t%kw=puCqSk`S|DwZMG#u{BHx~a+ym){&{8Hzu_GXTkY30% zNDwj!QVP)^GQN8vYsx4tX_&l>c@n%%$B4E!`d=?mQ*sKMKmR3pJc3` zt-tz3dTYYzU442|_}?r2FVb7Y`}AiojrK}!Ph248fSK`YCL&x{W=YcNEpv@S{j=24 zwXW+Tya=#s-5mPT)q=I_*I|0w0~6jS$eWFcmv>&HN&v~_sL1%l3%PMdfZUIU2_xt+Rp<1A^KekQ%E`qoDE zG$io~M>B7)axCdx11G+wZ-sQtMED#$R52i5y1W-YO~QVbELpjBneGy$74n7^MpWte z;w2lb4J9V8Te=b-rB!8Io*vB0lip{m^%dzFCfYgaBZki*EyqVkq+5$<>fX{GnqWQ^ z1!u$|o?OD}#}tR$vGmW0OY}!gV0{wDh{=-FkV?D7`Wm5Z!11nIw+6+iSw@64l=!gN zOE->vgw|HC#XP?S4t+xIqs7JyT~yswyu<<8oAdv z;Ztc3B2TVBto0}(=du;zJ)n{lVJo`Uu8^cOcTC=t-$o_Rnkoik0PMB-^^C%^Ms{aalCrmD{$6bePR};hvF(;;6%?V%J9@hH!3L};hj=WPrJL(fS`(i zSTuWneM3O^24NgI-t6DmwQT)Gc;VBMZafPtNjp$dVP3eV8`B_rx;p1<11G zZ`Gk%cM`6HzP5#qm|j949yCPixCcXB$zH5tH}vIB>6{63u#tH#o#cj+* z41CGmWTObPIy*7{6^=SZmIZyCdK5{TNjlE3tNpSlKKn>o8{VTfM=!&rq|eshZP4CL zMRhJpOHmQ5i;OQZNZk`KJ-2fV_*N5!2ZHJrhnt zU#@NCvUN-GW~Uz&wXI#+X=vEiRlFeYXx=P33y)E+JQY8+w68rEgN51j-p+42&Y`dV zg}c@X2Z))(v+2E&xMEJ*(Hpsh!~Y9e+gC1MC89}EMbYU!YnLtUIZJ$~jlAo6j6?0*OHqkQ5{Xk&Zw(Bm{{-VvqzR1<639uSnbt2|*%|7$gBnK{60@Z1@E1 zhGfG+7w5;JD-XKCO(5Aq#(Jy?+d=qriQ`uX9z99o*%=Z?mDHCIn>4u5g$^{Ew3`@a zlZJ>9HYrPtu}O~0z&M*!MohCwmBa*_6eK3uq!wa|P3j;TOBXsz-O#b0Nimz<{RFp; zosJ)Ux;!CQ(SB?R$M!{?AeyV9J`nD|s2{utOn`9oMLR$=wne+aHQ)j8VlWG$Iu=RC zm2fojMI3~yFLHx$fkgojU4^1%5Y1dsD|iXm0j>snK=VALtX#B(^bji=5O$?#2Qkcw zvR?-ytVo#*Mp;ogF~*AOh;dfbL=4GAEyM&X3KO|fw3wJ=MLoi<6!j6^O3`Lvmx~67 zDOR+N7?X>(69Y=oZemC&+Di;8MMK1hQZz!0Dn-&az?f1rnHX1!>WC4!C`3%NqIP0R zF6tzP<)WCd%SBs>8SF=p740S_m7;ybs9ZEc%(9|UVq7jNL;gyVT;wKlxu}llmWzVK zgk02249G=oL}MxcG3TufB|LmY5sx2J#Ccf}k9@6&r@v9e-E$}Mlo#s|GyWK+6h~7d z?MHRA5xMGEObjtc4>6!RHWIUnV+&DI9ovW*#gQZ?R7Z-KRvc*}R~#e6r0f_ahMA)z z2u7Hrk{D%lbDtrF=7bEPfRh#ZeeGR1H=q-j1sf5qiiaXIqHZB+0jCj zkPeZ{j((zBb_@!;;z$t#vSWxCk{!dui0U{*jH(W08W_j%5fh4|ju=xN&BCra!o;NF z=oEIv(MJr+j?Kh~>=+a|l<+N}8-!nS1i>r8Fohz6=!k*q!JXju!F?dQ{EiH` z6+8^y36`8(!tVlW!5@Gv;B8<8ycCRr#$`rl5yvvOh^HV4NETv-#Xl(KB&MFn40G0< zj&x$o*+dL6XDczxoE=0-cJ>gt?A%C9$Aj56mgLD{*N7-!A{#DMHPNDRr& zQDRtjmb8Kq**Te*z?D4^Ao{=qTUL0EqhF zYynYjoE@OKpFXTduSb60fPCJP%j?w5@UIXvp2_4cE^IiCs*H$%1sg8#1CM>lSyjIgQ*(XCYV z5R-D%CSsIT4G?3jYLFObRXd3ZR+S_DA=w1|fvE8>C2^|Hs4MLYvB zw@p5YI6I5@<^?63{{&$#pg)i*;xR}ZV#c!=VZ~BAjwQ^BONa?p>?XS9;wEB1E^Z}; z<9&++_Vp!oZVnpHFhyjJ~B65wVi6Mn&iD?&CmV!}*R}y(CZy|E z^20)BysV3KoG&q@@Mb~e8_})s9%9r@4iR3$_YqT!A0%dQ9>lDZm#-jQ z;Q^xL;%&q<&PUi8-$cwZK0xFyzJus?@f0!O;`@jZ7tatwE`E?0cJWccQeJWq^q9h% zh?301L@x6P(Jk{RF(C68G3w%RVo2t@h+&x@Ai6cKbb}F@mlLBh4-jKAZxwX$2r-WI zhzX=eOv-#f*j;=(F(vb~2zT*A#I(%aE5QuXA!cRXCx|{JF@$nJOuBfIm~!#m#EgsY zCuUuIgeaBpQDPMJ?P4%c%H70NDQ_aCOL>?WQ+YQrqw$TzF#3u_l<956xW<#jXbDdd zlPLGZgvN)7#)9^nAA*i{noFxh|Cg76@ISm3L_d}{gXj61^0vSe|!XlzvPZ@iT*R645B~Hsow*C$?KrQ zKk^U=Kgz=(`tv*j_Je&O`tLjr-T)4Q=r42fujuD<>NlaE&v(O)elAago55ia{crrp zCHyY#mx%s9=g`ql=j4B{1KrTk-{wsq{5fw2;h%Xo2tUqaAo@pq3m5|vAo|%n38KHm zQy|6*JPl&}z=uKfzxgO==KtV>CA|Fc610mYybaRy66ej35TpgNF^O_>yTghP|8U}V z*x)x#+(`_x6ZaC01^ISj20HTXL~2iP9Z#fo1o?mBL0i1U6WHfA2M_%aa-S{z7&~D< z!jS$68Df~7aF`fjCn!&XQFcN((O8iF2{b-K`X^BT75hJ-4&m7U36%fHw-czpihMhP zjtAHAgeHWeT|1$}mJZUDx04=X@=ju$$$N-lCJzxKOdcl2n4Be=ONhDqo)YogF=B+d zw-5u0J3)*x_fBF=cBcfHdp|MG+!*C%7 zqFlSTfVdv+1c>Y5-U;G*xetK2UT$fZs6TG1uPE>CO6aI>?j{iR)*S*-kKL_1MLlva z2BXk7f~XhnIEZ@SPJl6RCkTJz-UGtlxc7tbEAC+s{=_{B!k@Uya6RBZ+;t%Qhr1a> zeRYRH)PHw3XkPva4oPamam1f<@WAs9o`PhFyB$3Gf`ca@6qg}hAL2z{bRaJJl?D@F zhU9=A&ryuu{}GR;ustLL3I7yfFF}79=|L#HiAZk?;z_R{93s8y;1NiY_&W9hp?Jke zZ$IJ%egPXqdPBDdz`!pZJXWKRdrJ`S0OG~cIDSavO+8*5jK7WZfrQ_2@FVbp_~d8d z)8BV+j$;lSSCD5Cn2=oBatr|#ETqN%wuIp-G$oti*biu1BWgxTa$rj6?WI*f#`zp;CGg#}i?d z<-`!HtR)%?%5`Nkbd>+fb`a&hvIpz}H-nwvAZW&?d(g%*q5LIbpIEE2s7a@zRcCRB zP8QWEZ_%j?>QqxYooSt}j81J-XKC5XBK=7LoxDwFS*K2SpH5G|PVa!uitRcpcj>H3 z>-3N4tRB@_Q?f^-|INudeRVnm%{ukd#F@8|?v|u>VnC9H`f%Sqq?cDIEJ=&W9+9MO zVpNi%#F!*)B*rn(f|x)(ASNYgfM_fzF48vWMc{T2#X?Ggxa`s{kbx;s2KRyrm8;6Y=hY>)rj1M*TyU2GKubBj9H65QyVt%DWo%-&h$K1!??@ z_JdVI$9+Xc{ZQNwWkKlh|11ompUJwxelP}J3vLB(1b2aGcNq0kkq_(ublk6GS@3>P z8Pcd7Vw1rifpy>mU<-)$hb;!tKC+Eq42*+UfrH?8!Cm0ZU>bZ7q~Eu$1Baon1xG>L zCuL>7*7$a?61*C00tdi0a0M6v(ay0b_(L!T#=))NMIiN`t^t$Kai5o^z?;DRAlgqh z4BiDE265k+Io{K#J!j=0+H)2JasQdoec|te?axk?0`o72o?a1VkBXl%vy!+VjaY=!g`1)C)-5KI$1xFyV!uxRW?XWJJ~K` zh_O8)+{x0!h{7_&sKTi2)~TCZ=Q-CMIOoNenaAPm~n4m6(;; z4q}F}6w&Qu`-u_8GQ@z)vP8+rqz}N5%m&^9vy5#g#uT=T$Yqu$Mj0C+#ueuH6&O)j zIWeWO05Qf`3o)Uv4q{YgQDR(Wn}uCvTZu`PC54@_eL}~16JshnOpMBm?KFZ7{1aPLxzuOXMmG z5i>H25R;5Wi7Ccn#E6r{i3ul55Tm$`#3ZgCG3I1hVjTGizk&M>tc;jeStT(nvj8z7 zvle2=$rckOnQbIyRJMhfW^9|F%#tEpFLC70_Wc(1?j$u3nA-@-x zjlS2S65iT|zS?8(`&YX7M)<+o;Je9>V~1iO*C z(0b?*#xuq`>9nL_%Ni2ffp`%2qxorsU&OINI@37JziE6j#0{y0)I#bY0Z0(i1ZjqZ zAT1F0I1BBU&ZltMiu)LjSvdEF7?;97m7IaTI%F6UKC^`HeH6bDUE$(cZ!T1NVUu5bcDv5rjY2`a$?l zEe^s@YJ(vBp0*2o2TXzRf7$^MeoY$&;h!{WN8pdNQRu%0Cm&f#{znUf@IM;07x3R& z3-rgpcJNiO6O4k?UOWnJhQ0%&b_4B{whcPk8*LYec17C{!ar*VLHJuuDk~+wrt2v=d?j^7q|<27TgEMz!C5O=s3ER+CQxlL_4O1 zz+Zr2@Hwy(d>-5g4uP9Nv|CyNMEk7m1g{16g4cl~AleU&+CTIIv{C50!IEQ2`5Rz4 z_)9PVrok2v{R3?=i1uCU27dy^z?;B0xCPt}z5?zBzYC_p7rt(5u& zS}lnFgVqMV3oZr|;3n{1a0_@Jm;}-P(e{8p0}p^Nfrr7DL5h#|UvqrDl=?*)wdW6j zmCzpqTfseGC%6}+_If+G5jy$@T0dy{ixAV|q=%W7AV!$BlNe>%UJ=iw4GG<)4HLOb z8zsh==9mn|nN~(jFs+W5Vp=mX&9ru6l4%iQ%%$}aGfaySvrOAUlw@ryk;~c+VyZ;j zL(I6eG%==W8Dbp!CAwW&`8SBNR!0oTS~D>uYi-1^tSu%+WUZSRm9^6)jBUnzoqe*0dg?q-mRo zA(ys=m{7E>#H6AniD{R%hv+WRhKQjO?I1CwXrm%r(Ml#k&nTLkm{qhOQBt)QB3HEt z(XDDxVnEgUi6K=RAcj?KkQh<5UBsxW?IUJOvaP_@a#q^i{sVu+yK}@S!Co!vPeZ+vK^^0(qwv{M3we3Xi)OHcWE^RL{;M9hQA*VJ%bUU@f zBHXDtj({FxdX`RF*@|PIWv^X)WX$fM?sqG-fo!V|< z!l~^iCQ&Yl8C5$hbf;E=b`kw+%}q=@wK}4?xQ&&ptd`f1T~XacuBdfHx1t7#0Yz;k z#$e!OdTag znChqnqf9L$#+X`5j5D=~7-DK0F~QUbF(Ru`Vv?zGVpLYQ6H`pxNlY^}C3Hni6O*z! zB6L}mj)$JXeu!D7RuUyy4HCJmwh-O28YU(cH9`!?>PBKnR<{ttvN}jK7W8M--O$mW zQEB{({*0Q2j{c0A0sFu#h<=Sq{hRfm;{?%fa+RI zOfgrKm}agxF~eL*VhHIFv&=P2lw{XoB9~ny0njbG+{A$53JJ=t2r(qPHW9IPAc zT$@0Y7groa`En&dlt^aGglvo^6VM_(f@YQeJYe!*LLVAzpmXN%9)GqD@4IGbd+P4y?+ttQ^Yx1V-)E7 zX5`Kr!ws>-dKEqdJNm6+!7xoMWFLkd{aUd&43a$yd%vL<+w4-a=+_DhGwf-^=dkZI zblGNi!~Ue9D+Ve30PNQqdI#2x)f_I<&n;)by-38%en;VjwmnQO7I%!O<)`hgE6oN zya9}X7@v5zf~dFN9U$trcMphq>m347kG+RMj6b~mG*R!pwIIeJ-e&M#umijgjDq)r z{UGYQcK}2^_wE3H1nvbN01tqu=iV%cdhV4@7xmm*4x)a0>p+apyfi+6UAlgZ92Y3_M17dvT?FZopy*ohoEAMVF3Z}sUa0JA-&MVCo<1a4mKasMqk^heITLzF z^_CM;sy9H)GH)v}E_*wOVb$A1jLF^@F`;+|h#|$B6yb_DMGPq3eZ+|BJwS9T-YhYx zdPj*N=5@4zDdsIFO0u_(=$5@L!~ph3%&6W@BA2}ziD}upS=eRoHey!x?j%ZzcQ27E z-UGyd)0-uRv7fWRq~a|nMrCi17{Pf7D&B~&GjEU3Wp6(*EPJ;S)2ep|F{^ra6630O zFEOBchlp;~nr$0GPE$ONoU2J0Z?Z=1n3 z2>IK^U=%|BwjYc`$lq=QcS6X&?*lUs^08S^f^So?&cRBE6YEW2E5z=5VHWoWX`i%& zMio99K{`wI<0LyB11)icmBH>d!pLrhWe`>ed&mf*VbJdtpCd zgpqBzB>7VP;y#^kKbU}?1v|l#YlR>8)q*Raw}9}!z8n?d+f-yn!SvTqj% zKk7?^@T0y%Ao@$bvg?E&^#wurOaPsw{9rDrdQt0>jLeSxteC;6or*9L8{=080cpta}ydO-1gWy3B?SO9- zgx~X(Z5DpdR|~=~`vTw-U<(L8>kEVM+rB6WzwFxtJ_^$PxEM(H)p5bc$34~X`~Hw2>n@f`x=pyNi--ufnkXs>)h5bcJq4MaQQqu$}zCL0^_Qi?Z=^G?QW#2AhO!n;|#%13yF(Lb;o53W~Bc^0u6EThSh#A=zC1z#c zW}>9{%C7>s;%g$h6<-@Mp!hn8A;q_m7*>1(A{_fCW>w#AqU7`q5hIH4ATg@=l&is* z;;SXb6<;ecq4>IqNyWFBm{NS(iD|{RmzYs}BgCxYE4c=YI(Ki1cRo_mcxx`p$<@cb6SZR249uO7{{ItaON&WThiSNiH2FrWh&{n8yBzTrO=QW>{$p(Jhy@6SJ(elNe^D zQKGTHAC_){4nJ2K2jPE92f;3I4+uY5Is`_+EQtPSsd9_(%cYed{BLOxgx@V~2H|&0 z7lZJhr8Hj+{wx#XqhtL1ffB$z}f1`s# z7gAqrm$dNOla9rii)oAe-?;L6Y-?*I_J4l$9ke+e>%Xr*@42;<2cA-S6q1HWPpdou zN$pm71|t1L|yXP#POf_a*VN#B4^R0I#eEqM^{dg2c$%Q2ALnTW(U0>)K=hM6TR`-a zJ%b?nrylw}9Q{MjZs_>k*0Ue%2kG~0^h-VTd-io8{hp2X#FIrh`pq8d2cv)Lp?)y> zhaTz&qaWx|5~9EAq2Hy^Pxa96(rD*AwXmbV>1hLTpTW}&qJQeCM86dMSP%VfjrPeC zgB|^F&vp>~OwS$={cq0!5dCq_K@j(gJdS%szt>X+qTlPO1<^nEP(K;%qbCGC22%eR z{aa5vbo6gMJs|qW9{ODy{dN!am(h-T24F`!>PdoVKRtUvw7Z@W5bd>R6hyo1;rEGl z*+czcw5y(4=xBF6&7g7l(5@&In;(Q8WfcR&5UWTKvvS2QVuV%fC&pMsmKbLh%62fx zD$0pzR#8h#u!r)cM%eKgTfF6xbbJ;%&hvQ34sm|RmxE?HD6dlgBQ$SIUlJia=La!$ zVx29%-7eNcuIeC#hh5bz#E7eUF)`|@?jgombw4q|s^fyr>I5;PRPQFbUDbPuNoVzt zAgj(2Q>3szbzpT-`40CDolosiZna49V47iBY+FJ256#?OI7WT0JDf)#@zKT~e()1}5a{N@7y34iMAW4>2QGFD7!Ox{v5qs{4sCSM`9PTD^mq zbycT`8CUfXG3Bft5p-1_CMI3g{Bba?RM!%X1=poI2p#^ax&?&4s*Zs0Pt|?kW^glz za#)=JQ4XqiffzSe4}tI>)dxY8%W8TS68^8c1cbk+o(!TKR|i3q*Xl3`zgpb`#=w3M zexy19q8wN622qZy_kk$K)maebxLSEal;i3$5dOBBo=<^)tgeNABiIbWk5-34`0MIU z5bZ#99~cGuLHO_LI2Z>9LHNV!B#3sPdJl+lU%elMzpNexQ9r5=gYb9NB~J?fTkQtn z538F%)YIxP2!C1~1p8)odh&S;};u z)eM2~Up0q7l#?3eXQCadsRU6jYFa>C|C$aE*SUt;KV0V;x?h9qT+;_Tu5-<15dNx$ z+MyV@6*~M@%?=RPv1UJr>ryiU!f(}#g78~4WqZZ-s|kR(?lshY!Ee=2`-SUV(*irL zYfU?dcCMxeL^-b61fpEj(C?8bhcyGx#Yxk@6sz4ydYaXyi6K@yLd>#S=`}FSY87IH z)lMd6SZ#n9Wwouu1gl+4OtRWOVvN=H6XUFQfM_hppV~p_$k*CEAo8zvKZyLQ9R`vA zwTD6Ee{IR@BL8aLpt=2KTK|QUC-><-GxT#Ok3l!XaX-P|^E<@JF#kqkmiadmCD}hf z~AF|WPgO1l>HltDcK(cZ+c5Pm6HoKR}dJ|3N|h3c+9c zrH_RF^>Yx{+fVfj<+EE z2T{KKSrFyPFa1%JAHPxm{AJKlPyEzhM1AnrLPtIDw}7aZ{s@Tr;ivkD`t6TGM?LjZ z{X#wUZ-x#(;2#9xNBz4%^o#xbK-61*CL`*t{}2d2;dh`sp}qG{22n5lwIJ%HzZpcm z_IH4&*M903n&r291m_BgL$*P-Lv}+bd@o48brd9DTluF_@w`wQI0Gyz?{zkAA+ze9s+dzt#1S$PJAf-P9e#riu z@_*yiAAW20hHL)Sbk0BTdU(zE5B+?uI`7ghH{0|mh zJ@xr+w+pcYk)loA2Ea`Nrb8HxJ+RZ20#>Z)Y;E-uljwtuvZ_b=Ajr z^!>K)oef=8+uG{yyT{f1#ro@)u8WMk^1aWUha0!O^W7gm`mFQuPx-$%cjH({Xrc4i z1zP|lp@nSE|9#4v|N3ylFVCvDYwm56%8&Z%tEX0Ox$lo#?m7LI3%@vS;`zSgpW5{& z|BYAfdf}lDyX&128(`(J1Do;tkc%AW7c_FdX_-JWMEPk!6~e$5@h>9>X0f8KP|y?6g+!I`Jb+c5gXEAL-*P5bF5KmFW?u6rUsD7)dZXZJo4yegf&=-{Rs zC;s-pi1)7N7d{=EeK?(%5$`za_{$^1XFl}mIUoGIX3fGSXD>Nx-&fCE`p~B@#M*Y; zdFUHIdjI)v4<2*f37Wx-`(L*%I$=n8`P-8n`?ejw;Ekf*dDlPw(dB<| z#A_l;H~!fFxA*^1SM>S8x7OEO{@{h*c{^G8RK=Y3)=Lj>{;1*ZZ+-2wW3HE&cKsP)QUX!S*B zKJt}{w@<$JqD$9jZoBG}I}>k<6!4=lYje&XW{n7%fk-sn8ruHx#!^<&%b%yQM~x`t>x8k9rcHcZ~u7H+}o#@ zAJcLBfByW$4_=$!wl;ggD^GpzKKbB%*VO!==(^JKx=Zi*aK;-`eWzU*Z`kB1e_iS6 z`^>R*_Zjo1lw7p>jyt0A@o(Sr{QPU(i~hQ7@*R)ff1u)mu4|V3vhttXPdR$!UB6m5 zd1~u>TZ>;@e($bL(n}|QYxv+fD{AL{bljPnj;Q?MV?X-g4d?%3Rnw=RJi`t>z4!~) zs!ygp@TXJT4!wHCh08WPb?xw+m(E$eddlz4o>sQxFRPs=2EIP~q+k5_tGEBhZydp! zFH_Dq$NPgLXFTwNYhvHNi*8irO+5b1$p>OLEqirO@TG3geeX?rP0#h*|2ykh@UJf%t)EzPRqEzxm#Gw|>0ywujD7zFl(*OHXc%dN%y#>$@I*_xEo^k6(J+Cx86b zIoI7gqvF1oJ^%hl+x`uT4-q|GxhJFI<23#3QH; zmq=)#I@#(tf~PnWsP8|RnHHP$ z)`k1ZhJM%j;uWjEx9{QhStmXz??3aE^EBs+yD8mzBO;Wd-b8BZ>)RssE-@62X8&|)d{a(bKZ+@ZJ9RV z(5|(oKK|~B=bYniJhN)wN2ixv`Tp0R-~YyQJ#VypQuc#i{`vix@0H(h{&mTk?;le? zR1^PX!NtkPCIn{ro8JFJ>4JM6WdmOv{>ilGPTp|r`qw@C#1~4|m*t`kINO z4`^R~?Zl=}-}Xs&ZGN|Ba_ddA)zGa!y#CLJPK!_JzVDaEzP#$MpZA{i$18rq-+toW zD?Yj4tF4dx{TtVwro1xwubn@=pek|a$oJ<=z4(#7OlkdZzj?Ujl*31!u=;_G_x<>9 z%_p*xe)FwQiW<8w8@WDp-<4+TPKe)RV$Hoo@RiG4dOg57@`K7ZTtM^0K%Ik@V!|J+dZ z$?2mvzWCsAebTS){_fKaduKdX|7>r1&kI9ae%tWS)0-}B8vet-zOwe#`}@v2;)Q?L z|9`iW|Ks{et@06E+$f`)Wk#ELB)Hgh1SgYW7HuVs$@<2zQ#-n496QWX>)$XR7h$cC zFxEGMLA1ji#=0Bp5o3J|`qAB3k0Z`TtVfOYL5!m|8tZYaQ@VlrhQ{EOsneRK&pLHB zKG1l2>)bQWY&&b-+2M2MFKA!5=-iI;&R@E0d1u#(i@H}{ysBsQnzhkO@ap^Z8!p{= z+2uYzrD0#@eH42BiLbucV%n$&X|Dg9|6k9631Titd9J%>9I*Z?KE~g%{41kTOO2p`>Msg808kS|BaK|2fiptj(3qmgYg9i~px#otB?C{^MVIEtw#d7!`?l ziU`%`R8sx0FCpx20@CY~)=4X+HPS^$ZKc#Bbs^<7(h6xUB2N}^0#Xon52izc(lT)$ z;d1Gl*mgGJti~&2mLmRTIGUxs#V5(ObQdAsI;5OSuO2Z1ka`>uEe(>2_>@E}b& zQWB*i-{zJcLXOv?1WlKkP;wfOj{#{4Z2!G-;zP`_d$OlG1*w|pyHQW*c$QOJ4@uV+jd61uu`e%6<2u!{&ylKo>zfP zKxw2hWnRHt&B1+1%(cN=h!9HkgUa#Jyz;3!k`&?J%m1Hq0KI_J1k80091*Ap)CXn< z&Iv3JToSk@a7*C+z!QO&18)XC415+Ssz0K>qQ1UVt^ zOJiH({KoSdmo~0!yrl8c#w!}HZM>;5-gr;r!;OzOKGXPOJT_Pz^aZB|PY#|MYz;09t_)rhyexQC@aEv1!9?(Ot1kahWc*>Zi?`cFwfRrd>bnzG=Is{chUdr?IBe zCU4V;O|zQjH!W#e-*ipW%}w8L8fG`HNnm%coF#YS(r%j(d{etOz)32UBF#X}_ zFHHaW^j}Z^Z2ITZy(gV{(zz#fopj4dkDT=9lS*eCJ7dO-IWumb@uL|}&3I+T+cQ3% z@!5=j%xG?&)4Z&CRr3|io15=!zOVVA=Es_!YJR!-7tOzF{A>5up+QNa8=;WKqByD;Mu^>0|x`y z!2b%U^;&%yuHwx4v+FzSH`ITpK2iTd{V(f>>;JRrS8GI)Ali<&SZwB8D z{wDaxpgg5!O5K!(DO0C3PdRnUX;a#!%%8FdSLb(AKA+;Bdh*mWrY@Yibn5De@36nIPuW$RRHrxZVxn`8^MLb&lkdFjyytxC9Cgk)_1#prz3aH0-Jb3M zcbI#-o8vBU7rXiHGIt~I=~MTR8|T&WF7^zshnMNyFQB77m zs-4yT>P_nH>Qwc9^%?aIb+3AX)Kt=Ay1m@`p6_LQ zk9e{l`n~<@{2Tqz{+<3@f2seX|C;}nzuo`DKjEMA>+p;&4B7>H&^fp!7#!Rj+#XB` z?hAGW`#Isi24{oXVI!VZr_c|t46hCch9klm;iKWx;q&23;fC;?@b@s5j+e!wyFq$D zS|mLuy(;aIPD$;oa0}V-+3NQRYmQpUagK)=NZo! z+l-yYx5kBLFLR_h-&}6KY?hl9=EYVg%d~E=rdvy`H?31vJv+s=IB65?du;x}j3_o7 ziycw^P<{{Ugt43$2qqTm$@lnzPd_@mFO2pKM*qzQ=@V(Y{%MGrA^w{UJlE!&T`G|d?Q`@WU-_CRUfoJu87zwMb`S0STN9B3SVWpuy#Q5H* zZT2*)J0Cf|Tj274EQ3SxhpYG2_voke`i5eRGVV7|nRTp7E#11_8q2qN#M)~8VEt-U zvm4l{b|>4nd)h;(Ty33Bj^@}-;9TzXa|SuP-8R9fU`&u5OyCSp4RScgxxt(uFPI-J z2o?wV!LopVth~~j`9dwxWWB4AWI6Ub&Tw~>JI2j+C%BW`sobtvZmv7W&2#7fbD|WZKCGHNl)ZOjware1p)X0{YGNm3dr$w~_)MQN?1DeV=B_iZVjlCE@9x+}eu45h!4$&JWThAUH)=~}L~ zP$TQPHV6Ao#oo;-fr(G)%v7g;h*tiK|B>8F-Qs;2FXE-ASGxW zqy=uUD2#sfidP;REoZ2O>N>SZ-KZ9;Th$VE2NiX;rE#|m>dC#Q@?%n*UBy3R4SA+N=%Jc6VyaCO?%EPvNl@9{JkaC z4y)AKO|9Bzl~Jz_Sx2pM>!j7(-R{oy-|@@*1=NtZsPx9JP)d{?N~yA2*`w^EavoF; zDM$b5Z?A2o238QusQm9sq{-?THKxUD2_TZF4<=JlQ?%Avn$}*EG)=R#=FuI=ii2au zVg-_=?$Wv&XRWDrjy=oHwddG*AczI_VmsenX0NbU+lBTzyC|wJ*>SP%^n%&yXnldP z)OgN#(O3s^*>02>$BZhbYxXq_MmS%<2uA$a= zYqE8p^%PHem9?Haw$u9DI>1w?Z#T6swpF{YJ;|PKKV&bpU$i&dyXl=L>_n#--BYFt z+yIst8w5F!SX11ELdm>J!HN7p8PFmtPWMCgA#&cZ&Rj%iIymZCc^_4M0pEk~QJy{+xgKGr_hzSVx# ze$%SyNqTd=9XRPq@X_^p78U7kJx6~)e@f5SSLq*umyYUZ^s4me!02uCr#d}qJVAw8 zVSGSWIcof7B%7@`9bL@c<_+cubG$j(ycZ0W;JoE|e!Aby@9y{VGyML3CKxlzAMTIx z$50_A@Z?_yz3leCpng@QYPAZ|gDZmp!A$~pE)AXwwgn#s-vmFf?%!*2Y@}t zh4aFv!WH4G;iuu3;o zga3gcJ(9mXZ1I=uGUyHwLt5w-Jng;?$w^qp4Q&d-r)%!(5mP)^<=#b zxO1>RPM;*6>C5^?{d1n`&w9+b&}akl>1NEfhH}nNIH_(QcZR#cJ?kcT7kTZyE}Z39 zeq3x1-))Mtp6~LxbN~!}R;o>}onq`T`db67n?XqnzznZgZ(Hwi*UGJ!-HcAF+75T^ zLHlv;+7|nL`%}BjuI|)vQs}z9xM@S3aZaA|r1Pw^hCB9^bK0rtCb_M-UtOvFH`7h0 zflt@FyXcP>c+EWB>+ap<&GMFduXx{bi>mp}K?*g&RH;F?pl5JBcxq1YSny2nR!|xo z2~GuPf-Yf?@LKA8?s*ioBm6l0uJWD~#>G7DNgb(~)Q(!;O}arECEX#-mX=B{N*myN zKX6m(%Biv^Um^FF?~rH9&&Wmc_jKY$%B9M6%I(~Wr>LL%!B~m(up{DqBxrRx^QoGw zd0IEEr*@roqc%nxug!#~Mek;%Rw&-jCt8_yNIS0m&ReRZH`G&%OL-HS#&9a%oA9+S zVQW#f%Y_ZBfTh*5F0mBq+a~K>>l@HaRT$X~b~YSfz5M}QuVRmcO7l2F_(Vuit)PfK8U2uxPbdEo1xjy9A@5bPBk~tXTPS;p5Ym_1osUQeKrpU z`Ra_v{VV+^y^3*x(SnZlrtzNf8C?8#qlVeg96(3A#hhr)HW!)Co9pOhf0#9`CU9}r zx)KgD+j`ns$+y^UePMl15AR@iwtL$H?Xh&Q*>ure_CdScK5N%^E^<0Ljb-g>nbkL^;WnZ$>+rP5mp7Uy?tP_kweOk`t8% z%0-~rD_}2!lv{Wc%jh?6!ePErj=^E-!RaoAlV@^LZdWJqHl9*fsO!~t)sNM$)#K{L zT3gN5x@v>9;oPgnE38ZYc{`i*_w;Y{AN13D z4WpUS+E9&j?%!x*vN6k80tQ}Zylw0;_8UL)zB-wPdAWHF?2YrbH zRtNF6^<}!;)%3N|yxRvry|4J2VVvLkNB!Taj;(@A;G11Q6ZcRZp9l(r*Lb(3bhQ(_ z+d82fT5!!i-0(XD*IXX1hG~|BzeHG~JTA6^cUx7e&pkJ&lD(*s+0sPb?qkwx(p%j7 z&(Osxq#AM~xs9xd?sl*IpuB)uxe;CLBe_iIDv3%{#fPEvqsL8Droq$~p^FuPCUz?c zYF+h0dR!N^2XA*IcWowbcd5Ds&1J9pjrxZguQi~e{@LXo;l?e~UeZdmoxI(ne|5Ru zdVkQvIDNK0PcP74*5A>0==*rP?M%h&isp5jIl-LCn=3JQnq}sXW^Jp!m1=dcCRkH= zUkj|4!He&J7nAHJ_9eCkOY93zybZl;jr}f2@reDC9p}_`u5$V~Bb^D(Y-b+T_C@Cq z$gsNG&~4``LScExo$Eda)7$QT$>nk&P3%VW4sv`1?Y0?-uTb>|KlBc5O%#w5EIdYzST8ZZbv``IH znGM>9bj4HL)=P93)vUcC8{NTu!;M>vY23;+=3MU7XZA044e<9PZZptzVi3!&B6R%Y z%5WI$7$e)5U`#Tm8ae!bykJgpraC#!EGHLCpXbbX7C3`ZxXya<{!0I4|M}npFah5s zr%EKP#BPzsO1)8cPs@@rl+#(R^g*Y6Q|JGm`hZ%X?$tKyHH|CL_?|L9qk3oC1@xX2eho$nczUGZPUGL?|4>{7PmteLh(2p+l~@b@7^OU*-Dcbe z68^j^&86D@JR(}MH6$vfh;^fkYJ@Kex~nqh#eA~mNfE)vV$ICK4_ zFO_QWfk@r%Lq%?`^+OrG$6RP`Fh539J7Q*8i@=9v)?s^~^MhN%YwKO*-HOWi0yl!c zB&lj7F~z2%r-#ZtoQY+qt|!$B!8oUA#ab7Aysq-M9W$rU6aTPQ+Lt+9K|6Kb9`0oK zplA7gLH0%dMo|4$KbBHeyw7^-73yg9Ss2M@Y9D&TV$RrR<0<=N`vCQKy8Es>(VOe7 z@Yci5Qg~Kx1YY=9xIT(L+qLMvs9v=?Rw5W=akbHC3l1S zg*OA8V=oHKC7|H+uzaR4u(o+|U6 z#;J4FRJ!0b#sMSEy2DDd+oLdR=zgA^Zcnyfw=3*c&M;>kHBNK4p|;1es>bH`CO@m>S)6b$Ei=k3Ad?-)!)@ztpTc;ZH=_ujVt}&>-av9Fz6hBI7YM%F5?El;^t*=2C%ja~T!rTBR+Fb(|Wfb=H<^ z?`ikZFE+!8;*3;o!B9MtpN%fy%NxzUeEYrbATQ6mg5G%|m=pdG-M_rbzjvaPhqLf8 znotu?{YZR*chuXpnMS^`(fG!w1}hzIeh5Bj#gm=mJd7Inl-mzw;C1g4e2;2=3t#oe z`&;~)oH$q{;qR)kjr@@*4dU4jhmVY*+unx`{*}~#?kdB*OVqyFP1^0+QV?gE)=Iw| z&ish}x?an;*tp#&G|m~#QJd#_CUxX(TrEui|EA6XPy!Z!p3`~OkD=E$wp-e#sm&=)YbTA{QV&k_t^0>NE4TngxHJ4QdfvrV zMNM2I{VeU`j%e_cVM@007-#n#^#-kq(EyIT-DnCHUuK=PR@+@Ut3_Zh9j~J^9@XQx zQy&K3(wi?1dxtZlPEuM`^rFY5Qt3x2RX!k(h0R~9&DFMOYpH{0tntoTrz-Bt2K=$( z?iR1A@B5dbId2M7FxWD%R}>P0E>kyQ{&km^WHIqOwW zqb`)Ml1Iwxx1w5~ROf2z;Ot50Rk!Gq^~dyLo_QDNYzd6$`Nb+>Y@=dI@U?{;G}j)g*5xd5+ii~E~vdpGcz?(!DX^)`7O!G16K z2mI!+?|#9^;O<~a&@$A+q2XlQP5Ntkyy&luIR|-CV|?dZaGc+k8z~)m_Q$zDH{okF zz|WefJ+GzcL-cpiq~}|oSyk*bd!qdq3hO*{$KSlV^n`eU-(HcbQlalu3f%A9SXR8y zX$Rq~G&fsXnbsp{35RTh&e#P7<^fK`Apeh`P1v5EKNr^b0W~*XV7Y4CnKaI2yrL=- zl*`qr)X`GSL%l21*Xc#v&rZfnBhEZ)Hnif#x-8$}^fo?Yl&NL4Fi2-U>c2M0?3RZd%qXbnR}`v98Xw?oxcqf!-ir z=$?7;qAy9(Ui8ho<)`JwileOOwwUy}QMiC>srPlY5%{zF(8g-$iF!T#E&W0?#fOYE zxZREB67FXoH2TM^CDuAv_t(}haPD!i?N97q`Q&l#rTC~aXX^mIc0KT1B8;GOS@2i5J${LJ=$P?V>Ut|zr^Z6Wqck_e;bPUIje?U7oO9~z7$7ntUc{t z^!SZ-vAxwU!CM|ipP1$>ceXo^xR3HV4twkV!dN9Z_N6GOd;ER$=QBZDPVS50I&>mx zSaE!0{lG~Yqp$Ulrg4H_;>{$=ZK)x%xLr;0uqofR9%V2fI`n%|tw$TIUJkR*Z*lQd&&Kgb3OHhQaM*E$G9<&qZ{5P`$osh$nHtPe<&Ug4Be^@41YTke2J8z^Oo^>4e3ilTGPWNG$_%YP|dfp}8&E9SJ z;`gGfEI?T+;%TJ%29ED&^psb45@B#fur4Tqu@whfgOXqvcV;~dtt>o9U#P4xcaTR| zD>X-ZUnI2OkxG4ath!sMgi<;4?>bs~dSD!rf(+ zpQ|QL)3b6HWwbI+`Op5&I&C|e{Vsj9u@F7(l$i@IJp%*!o$SFN=O$-9Ph~Oc#4^zI zYOl~+#}nEJn%GMHE%OfI(H-@Y!8|E`Yd_6z?@RCr%dgbvKgFLLh&EA1UZ8onDmvfg z@v&L_QCDh5wfac;8polg`m=VI{*pf3*aTkv-M9d>JsB?Wqty;aCyrk4IuBB1-UD<0 z;na4M-HY&QdbmT}DRhGx-i7$|w|T4Z=`Fu2p1}1uFcau>d(l97ZH8XaVZJf1sNU3)>l-pIo9ebShOYL!EE&9&xOdDeXNki~dt%d8dFYO9cHSoD{_ zc+##5>q5EjE=uE=5f^Ecp-qZ~0$*@9!sYBc1Is{S}^1s^QXU^YDLm8drhOug3>mX?oV>R!^(IdfI;4 z=}%W_=YQ^B1b?d*i>Ll{m*=BGAC`ZU7lBX)X$9H^dJDa+ZlNyp*GGVxX6TRVPvbRh z1Xb?QztgK5^?3^y@eVqpJoE!$ZiMlF55Bw@m)F5*>V?xZ%A8~tpxVA-Zh?{hZq6Vl zvcjrvUuEBH-$7y`m+t#4{_ZB;S)|L4##4OSDdcp17D6FYtZJ8$~Gy1XQ{%QslT6s z%zsfl^o{}&XrHRJQQbmqfJitk)z;JD_i5izkK@o%4L#8N=wtQ!!JTXLojkYGx=E_3 z5BzBY3~H|Nvhl9*Ik>#4c>zlIAW@qiK@W(Y+Kc8J=2p1T2vRmPQQls)-om;5&N^=W zX0^5hdnEOFrTvQiCOxP>%FXL2rhD*+jyV-z=PvFw?o3YK=iKTu-0S*YOVk9Dr`E^2 z5uI(4*P0Z-e!o}nGX3}wQ2D+}yq{4m)}AvFL(P=oi}^6CcchO{$o{~&Xek@$Qn{$n z$K_LUd(cByWem0FHM;6oz&akC&JhsTtGu7}xRiMj3Z< z_wzxzyQpzB%_gMw(oCKHmSyIcbLr^snV*r|JA~(P&b$bY*UP%e8b{J)9<}gY-2X4F zarSq1GHI{%aE#Ng>J9eRfH$MF^c70ZDbR3RYG4f-fk7L{?DItvwI1y6A^YVTp{(gLlP zuIg{-EsV>JUbyStr0QbwDl`(gAgQG(G$!dn2mI2lnS^E)!8@p8&1Y zK~eASUP~rtI%@0^cdfgL%+1F_QLp1Q@p^kBNU)to&w89(;YC8x>Js)1M}~R$x}{Oh zD!W>22S+7JgtjFS+8bYED4292>|i5~?h){K3(^=4yrmGOyPnd8Z#+mDrAz{eJtf?W zO~T_ki!K)B(MKojldiqd(Djc?|k$^MQgLl4=Ideb}z;j&yIMt9|Hx%^gVbG&-EIpSS?BRWMLu>5=n>j>Q^o-e*6SWzv)Yrbr zzMaI|L!=Ftk=S^hJNYx7Q)}{513`z6J1cNBn$u~AxR1eec5yEc!z8Pr?Je`(AnkAg zJzw#MkfM5t9?L_`t44}H78@bmh2Q!(8p`|9LFpY*m`l+CmUCBn!>@AnGGjhDkHaKX zlkDs5JMB_C=Cr{%-s)t#OToj*q{W`2{~htG1$9Y^t_DF=;;&xeL*aaIcs0TAtMLv) zxd*yp58h2xt&Y~5gux@A@8|Wc+@{)=L^@|Lc>fURtAU-2vzpIS{?$%$lASA@alwpW zZcq@c2{s3@!fJy59KiR8BM;n8E>PESa(AgScvA(|8lKrMT<{a*X6xbCb*3f_B~Lj6 zm9c~|*ny4m05JLn19qi0iGO=Q{@;+!1(w*=TtN+KR(FFn&3 zVl2ZKUQJGPomoT{rXgl!d;hPtdtDHuLa6iecsHTsLYC7uhEb?@7$-S(B1?_?dwecs?hBKK#9WhqB7&J`QzoE-8pLQayb1&Ugc0}u0S?|ZKcuH`fS^N~keUQO`3o21pGDI%wK0xsZGHHYevtIi=i zT>v`$L#t1Bm+)XG($^Ql7>e|_^$1TrNzV3FaAPa;GSfG2HpiLwnUCTF{a{wJ>RK1$ z12uvTU1j&Tcf03s*1F-TO~)ty*F0cVo*PI?WFjI5>)-QG>$GuTm8v+to#}rEaStoV z_ckLb))9u1iEBN^{N6kPW~gQbs0DqkK_G`$aQ5G$w$&u1*b-JI+qaUuoCc1VM_TGR z7;g%RMGc()EcpI4R0UaNt*^mpdJDhsBRAD+M@AyVVS1d5#7b)Y0a5EysP!7oOyvIF z3f`UO=lW}@_wU2pKIeQ)3a8`he=Bfeb)g&Az}L?}(T{Y?*Wu$Lb zqcyHGil|w|#+9Z_%^HoTInTY*`vO*!<=;p4^+Uf^a3i;VrOqDL z?+A`x>9-FC@vpo=wr@#$mFkzXS}{*}^M&8NyY*QV&lNWE^iJM%Ym^roOe%?c#$U|;em-=W7;7aHHY zxO4UKN!#IzzNXYxPtp6@=*xyPxmZQv2#SWWHg?3T`8XA$?@#pO=+T6^hWwP#TW zKfn>K z_{|+a9kY0bw=+voRm;+c?>+3D@>^XmGuc++kW)wNg2X3Nw`SX6#>p|`|QAv<%bqS{t~r_dbSGm9Lloj~7RiS7|~n$A>|#nHPdu6$;P#n~J{ zzHqNxjjY=mKEWsCO*=FHasW1w3Mw8-z4nY}sVMcpyPd_enZeVEp3MofGhXXB@oYAq z@2#o!jigCmLt|a%e1LvEm85k8{KT60MH~H3nM!C8qy{~LiNPZJ_IkA5I;8ln4*PL) z@1y65d_!sV*kV3rS80eeiwTjoI9QpaAs-^Uv;da8jpvpC56D&8g6sQ}Vw{RAalgKb z+P52C{)e#vrKveO_aN@+UaJMp*=gK4%ke=eb8(srz$))KA2We*Jvj6g_kA?rcBJZN z31qa1r`DJh+jV{kXMQK=ylR+4IyozPc4gH?rmza?S#J_GqsaS5>CGr>QAgHs_2!|D z7J|6n$73kRudWBW8BTI$AyW`*=}aFgAETqksf~mSH(0%cIfw;x^S)%#CTkmEC5N?N zv|;!uOJKiS^$NYY(H8{WY`D?If`S5EjVQ$IOmkDb6}|D1FlD_dmd(n-yA*LrCgnyn`p z4PoLfaHm@vePP*+&?H{AW}_HCi65nq)T~Voc2>A4dS0;_LgTPuDm$g7a=P3PW}C01 zqrObWVOsPr+4FsPk(cV%>Gh1|<~}oyEQrZloIrXy#lFI>>U>TInC%wQ&D#1iN!9G| zt$#w84~0w7Ir(RkYQzrm$HVY~7@E-U@*T=4rMcQ3&3XiiSt@sZmvI6myx#fQtD$Ce zt}Ac-0nT8Pv*eNc&KaK_e9l@E~LjB`^_ zr#s{3jYBuC#AuOH9p|Nbok5{9K%kpJ1#uwH&hWk&Fu%?C4{_X-&Q!Y@V7Sd7f;e%9 zhk_FeDr;X#jaU)i@z2^9Rld#CzNq7L<;Hv=KcZ|>LUk}1;618L7WEIRN;jsR{!xP` z=vk;)ZyH;To_zPMq;Phar6l+E@bt^fT41o|RzIekcHy&G_BHk*zU@BL=bN2u=WdcV zi@4<-T!Wc_VSKX}+}B{X^+<(Y3gYPn+nMG+;txXySrqIDx^mAqM+%fwc_t2^YP_U= zNzZSJcRGvw@lmZkT&D^BZM2zZ9yMJYzBT;Y$#xgG&IEeGTU6b%c0&}!JL!5S@V`HX zNlRWop5k_|9o%^_Q%{#sVWtI7gFU_tjs^|FyQzFUsPq~_|Gy2*K9%!kl8de6KuC>4_HcHOkF8{Dt?)c3ehsW+i!*>fqiRK)fs93!Bgn zB3~vGj+q1YjB=7cSj~9qqxkM~IBC1#(#`RRXQR9Pgp%6CZOcr{LiY=>OmnY;r+9&v zgSWO6Z{l6=Q;@pkdnB#<`$L!xn+x{aLJj`H{}GMqG%8g+rZ3c>Ymfo{cm!>shQMbD zB$S>eqp*s~_7&b@Px)bH@QOG~-zzH4@Plf5=IcgjHAw?~p`X-ypeZdh|E^AMu*&RQ zbfGD5{CF?)Zwa0ZZlS^#Md<)$3M!vb4DLQlit_IL<;l3v@5y_ZANxDMYCLk zOnTe|6Dzjj$v;o#-fkl|)(~V-=|sN_Q|`^}yr0wirZ<4JR0&UM2s+j0pt5Xu+3Waz zxCLOV8X_BFg2Hp8XV4r@NgYVlE|hCCVQP>PpA83k7VJDyn+9fV1?O2$+BAjExys(a z8~hF=`wDvFht4JL&15O=3jPq>yN2*OJD>@60p-u)?EC^wXvSUc$&}q_l))Fsq&HUr zw3~S-8SCgIRn;U?x_wDD%~#)3$7*YNA4AR8@C=7CE4rNT>w)fW!-dsJ$3<1?85H9z6Bj#{aLja_9= zr6wJ*&)MyqBIg~qBV4P8H{N>yk7EzcMlb5Y3Ust}ywQU=x>In&Mud+uSH!hBxzW;=5g6E1a073F}! z&RQLr#+yfl_|5L<+(=D)+xdkQ(2eBa-ge8~cfD~q>~TT$K*moVil2OfoJMMR39Nqr zwfuf~evMcfnqECTxz5anj6;7ZV1{rPd~7K0`&{`6c{8(>eUt%AQ{E3wTMttFP8p}( z#b6A9ol2s0vJXKyt_i{fG6Hh&xC8_>T6-$-{^;!th~tRN}V0g zt$7yC_%UhPs%C@0ZH~V{I1^!0_+1)K5LG~D?VurB=Nh2s+q<4&^h-r+->f~{&mscS6)M8(MCuM z<v6_F{ERAQbKK`c=umB#;M$8fd&WNEd`{0I~!b&@0lK4Mg8O7<5%Lw@W%&y{?k&Dm|4%12gzAXJl{bY zKb3TQjKpoJ`kmTHyGMJNjyPTKZ7enqnoX>Z_$h;MqziZpJJIBSMG?Cat1oli zK9jB+ye>>%3m-ZqL1Yo1lLp{#e7GclkrG6fw6(s?{NB>+kHT*%b@=oI zF$3C^lh;y~VV(gwhR?K>V4(^2e*1b*$Y69T_WcTue1WtN7QY2{HCb6sXXtNUjwboN zJ=eJsjJBL)MKVls3cANy9C?l8*gU+DOTv56YEDJZKPy4hyh}LqH%JR`L0ZfGxcBe! zd4H1~W^MvfY7^0rM(Z~2!}V~ByU|{r;*Guz64(nrJPjIX>RbpGnFbzMf+O)3dPg+1 za@J|e+`H`tVEh}w2xr}H`0p?MT z$v=bs&%vx}vwxt8(vlqnmoaUjD=uf{N;q*p<$7fZiJj5PI8=svm|J;>WXlpX>J?0N z75+yL{y)zHCNOQ7q&7s)ZlR{AtvN&OVY!-WF)N>rE7Bc|lfm3|raFkaHXM&+44AM| zsjJ1r=?yrY1$s5KvF652xX8sO>Wo4x5y)f@T;G}#7Ydb+9iB9de1otLXW5}DX@UYm^!E;_kzuRKq@hv z@7{>KOb#6AO{Pl%kp-=%HzPaMozHbMse&p@mPn|B{b3sQm|?n%N?XtAKptZ>9qn!2 z^i8CWr%_)Xr@}<)XB;@F2l?$;bhF3&X5nmR!4d=y|42Gatv7_Sby9g;C_(_#;z#miJwc4*n5) zB^t3&LeVB@_rnCgA#r`7-h;`N>*%bxyrW3JY-3EpqiYVP=}DLGYv0dZ_z86^>OJrB zG!(G-Jl@F}uvcy2TK4pAWv=c8YO75aVknGhG-!-{+XAaLXUcypEIU{3uAGJa-+*Q` zAK$DSvr!AQMdXHF0TVw34nAiopwT&`$5z7eTa)u0?^JOcaL*!s(+7rA`6M>;BqmVX zr-DXj;g`2bFH7=l}cU-#9o=DOr_+{vqZg%Kw^P?sHzj{yY1bhlfh_C{7SQ zatC%wJS6=jbpkQWmXDxg_r&MF8HaEt`oMDht^G1R%0G^KHq9FyE&F= zE40;GA((u(wpaU!F5i}CJxafiKJp{!>&R>F|F_I~t}%zMFdwx0Ev|E0GeE0;3eNO{ z>7W-+u>RGnpCz&^w}F0Eg1Q>w3zc#(YD%(Dx`uMcHgLi}^)JTp?tq4OK(x(*YMk$$y=1b?E}3Mcy}=GCTiqUW(CoY6CcGv?kL|%-tvClO&spzWSpIc)kWGGrh6kJMPY92_(KpIGc4 z@^qoA9^iAwsi}XZ`!}j@QKL);RB-=>>~%gI6)vyUVUdpPItPnHB7u zd54VWuW+y-xR77DCO+OUkl9QsP!i1Ob5cUj1e^ikSwxc+yJ5BPS=jzuwJmvwN=Ioc zneH7%DJpA)aVh&Jj*A8|z&`9^;wIep26LoHB0X ziFaboqmg|Jwa_GupX0Tnv+u)$oR5B;!Q>@}H>;-5PA^088HnR>iSmTaTT{vjkenB(9V|NWnBmJ9!(u-8FWXn%0z7tIk)VZA_sg6XnX?q z@CUgG+Fi1-#k|$3MHOqu+id4u>ursDjaTtou7XLFSwmrR3&8E)u}8sm$GZEOEtAQyji)y?#|MALe-GWh zDLW5Z;#1$lr{nwP)f9ev$h6@ZDVg0r31He6>9v=Uo7@hHnL_sYVzA{d{ce)H?~`i( z*gS1*AfeznGuhl=;2JJ+>!6~|gsUHeslNvE+rXquziq4c>rL+lI7mZxn%*c07}v!<{?GL7a7x;h4WQy4b*u0^XE7uC z9*#_^e-T;$zauN~UmsMX&2ZTYr6o`A4rZD+fdtD?Y`fFlW}+XxM{PK+CvcBGGWL_K zy_gB*Y22UX8TfdLVhMFinyHFUSid9e4tj;JscmK5=CY34rKdbIs zs_tfP&IxW#-|CoPAkRE;RvYNsVuLJ7ogfdphdwG!C*6uHl zqCXqJru>!Gt?aa?DN@ifQ_dsFDuuoTdC3~snciJ)Nm7c;{zj+iQ_NLAFbO#6uqdk9l19< z@Rfh}HD(9aRPNN`XGXL5>yyB%si;hg`5P}{C(wPk%N0roRRPVM(b_Try$S5uifVD1 z+2#k$091Lzs>Uv)(KuEYxYxODyhb4Cn?Q>n`FTMLb^!=&gkPGEvOB#56{xW=C1e$Ome zq^&QCo=-|Gp}~xmX2=)AWnV|b|3e+Xto?U*+EaKoNz5#cqi@wUuVO0uee+=){PpOr z*OQbSNX{XbjKej-ZKSbBM1P-DOT5diRI43e!`-06;W)PiY&`iwz7!?3KGoy`(vC~D zzRc`52a`{x_bfAek-A!Kk9ODcq~BnJ&LRI7KSH24k_7l6=n&Py^jabhat9gVN6;@* zWd&d4YU=&1^4+|FSLL~I?G4IX>V;ZgROJcUquMjz<*hKU7R;pU#$fVakAwI34`{895Cztj|^hm&v99q~IO`O{}LIf6r_}EwDr{dkp(EHsX~uAdl4-H1P<| z!Hw=j&h&ov(!^1PT9FUyLm$4^TSzwhL$+tcQH?4SE{n-Of8zh)Hw!dU6n9g5%gGkF zcNg9D3@e}(>4CYTB#Yz55sf)XKF^=N9nx>D2J1(O>?IuUN z554>#8sJgTWHqA++ok$4Kf6X~fGRv73BJ3>GDv#fM_YEFPWoXlL{pv4)bo}oK|wF9B{GWD+4*+``~L1n%X}B!orsS+Qz#}c z2#w@Bl3$lASD}E+ARY0t@+z5=BUGJVlxxVF+@RhG_IQ?B_znr}--W_Cg!JaE)c*qX z&Hd=jKadzp#f6v-XM0FrE^yy*+?C&8^0Hxwr1nA()GlgrU9%BspPuOO1K6zgD!up< z&VOC2k<|=#(1*9UoYP-H2Z=PM5|WFNUpxYZp@?a`9`4mJfv3?fkGVQ;Ef+RhlLTER zd-qo0tDN#@FuC+?@MO3f{iv4U)m6dN9hk#>gfsmm^Clh8j^e0PZ^9C9IKZ7y;07@h@g-@$e@^)4FxUPnyzMm1r5@V|E+eIP zF1Qu^P%E~TSJ)T~_!>H3TR7U)B1@kyzrh)+hLUv|3f3TWf<7>nae}K9oX^@F;4Rf7 zZ5wrmapy7lKX-?rbceZghs|_{h|i>o{xDP|lcNq%iPbB)&40T`q=IyZ@@)%nBM*oa zMrU;A8F;RDMCUKBmZ;$ylu4-L_32g(nF{+8XDlgWV@#{lB8m-b^0jxTm6$-R&<2(eCpb1fMWjah$AcG8+W+ zusd5_#xQMo53ayc{Fk@zvOh=9J&9IRS>NB1YLVx?4=!|$oq{)Vk}T48JJ?9tki93b zYO|=2washIE+kZLB=J7ee#Cy6vpj^E@m1{oJmsEai%Acf=nzhi4%R6%hA~^0M>T$lwBunk z_oeJ=IK*k(X(u?BIMGhad)!CS<+ix*F}3yyTA`03-UHNnEs5|cxV8`ARPF`me@nWr zq2JVRfx3W1d7bR~oZ>Ny{aRBc!O=Rq^Cv9*WX_6Tzj?bcN zts%*}No+~k9eiz7MlJz>eJl6X0$6YQFQvFvtN1g55VO9_1y0Q6~+CPp(*&6N#=h=LtD(M zysw8qZb$4`S*=)N6_OKdUP)u7P$NNd4SL8ZQbJSFi1Wx#JSS#0z7+ZQpOqTSLbg;d zhFzMV(w^!-aWf~PsV-q&{{>Y1VqAq!(e!>`g6k~(v?1H!+LDLwPYNp90d^O9;~aJp z=Ci?L9Ubs}-f|hAzZRRo8dG80i+!mX%=!*zht6d3$$9z{WWl4kuV|mg*JLXzn9)dN zV@nFG&tU$(7cBNJ_C4Io4$lQ76JH^d_%7V>b1GT65i_fkVv*S2;xW0=m;B`@&eBwN zgyo@WJjY(cjpl4H$r4g(uZo?wyXmgSNIq935!!}X_<)@GI5_(~B%q%riMgKJw*ww? z%&z4mar)Xj-Pj6}g&%b{^H&iPUW-4ln+(ZuCXW-`3tSIG+?~okg87sOIj1j@NPl0b zbl-Dh|8Ubt2x^`~4IKvSyPtH>3wSJ>ncdtYWAO3iauSFO$8>*dI(!$m$R|p z>)>}PUrN}H$(2EDWSl@%$|dXfIyGq@pRBgPZ5K$b&}mM}^|>jVn0(D+%HL)O?`!Nz z_?7)W)xaDr;YE+qe{bWx?l+&dbhL?I*{NFk znY^7;yAf2osVLCVe&g54r#5FUum*2sJ^B;BRV?;;wx`o|Whc(HIB+@~>~8wTJgph` zw?Ddjxju@09}iOH6PWhvK{oY4`tJ@9#82k0V5Xj&(`b(IGv;K@G2`Bx9j%wJv7sv! zcoG@?wYbwVY@;jlco834F0yCI=;mq6!DX?n@TfbITKEv3av>8Tf1ohjf^Ig6y7v@s zsD#Y!9%^1Q@*0-}5)lEVBt2;s_e(a~OGnsFPR!eO#CwMG5D9!397HVobevwIC) zIEh)17V;(J=Ux(C)i$yOKM02^nmf+Kxx5)CW+$5rPB1+l$1|?%?C(+8;>hI6bo3FT zqrb|VJpt~@Affg;j(8kBTt}50$HtSWs(pgmR?loB)X6(VQt%%p_z01u*pw zt;0+R#^L64w0qcBi+;Y6sgd_^H2=}lA4EIf>>OqXT`EuN7W{<*I>}-85>fQEE>$ z*+a%8#@@e}lqmGPY_V;40egm{DVAt{cz3V|%yyLB5;0Pt4a3%98k;{os&^*XEt}6W z3vGJ=m2x#c%?^~jXwLX#SOFhRj2-2lO<*V6GXBNYQla={8`%R<$$t-tZRmgIFDu>K z3|!kR&Swtu6w$NFr#~0reC*(}M!O2nXo-B@7IbI{wXGZVDpTaEqZy(+oRJkMAH^h) zb_?Ej65S$Ry-VDpTwCx!!7$0(?>b4G^;)HLYiffIZC&>ksQqY?@Y`_8+ptAwu`p{ z9+hY(F=y0*`rRE4pTXQoCaPK%Ig3#+`fPG|lSmv@Zp~f5t^NDH+-NdCmX{c7i08G8 zn!b*m(p%Xly_*|(kP3fNII@XeL*_|avp-G~-fS;!=^*lhW4sA;sabfX^HC?4@f_Eo zi*AKq?-rA$N7+qw2A4e%l-zb?FMF_&jQ_Z+Hrk0a>#to4|LR}I|FwO)#rfUaxjf%I zregA`WYJvxL25~?kTb(wiIPCsaP1tnuf>XaX8iB|oaOn4^Rfp&i2nn>b#s#cnao*| zI7#Wa%Du>h&=avG4)?0=KV`St^1hwFXtr1#5YZ50&7Ecgc#Z%y6?b$`0&PmDumkh$U&gLZLh#l?G z_gu#JEaD`Uu-$OC*d%b2+8qnysh-K4q_j}tBt^A6lUhEU9a2-NpYy4oD>y^NoS;46 z&GLu?C)J7VuF98|q6(T!g>MZ)^iWhYn2O30dzqq&pGU=COnr^2Yq8K3_fY!}@;eh1 zcohj^cXx`|+HH|X@5ZD^l)@Ty{@F*{?-r0oU52h)#Pmv}{~lr@JI1E>WH!8~iQVq$ zVyk;5&h2nE6HTJq<-*J6!^~EYTtPqoC#ljIRW1g-YPw))*IEm?m6tQtV1FSR%R+r6&$6Wl&d~|{$ zSY3%on3suKULmS@lE~?%iTa&RP3T4K&a#G+gN`y4xuTBei=78WqB@j{J?e+V2K5*f zB9WS%Vz&lyTWm;+>O_BP_9!a$BvGsLs1}Q<7tvPpVyg5G5{qRdn9A9sb_S&)$!W-z ziZmFb<)l+PGDPhdMeUeC^@uhUF2F}!M)JFe3R2>f!XnGqFnN@GV^l?wg!`Q)eD8EB zNiQ}fXR#wcTm0@ouK2})e73-@M*ZCizuZGdI7Bw|B*}sVvIWUr3LQaW$CJlBj{0fT zO~-JLbLa?pVuQyDuaJ&V?3K_F_K3|LmFgxGlR@0#Z2CbCjC2mS zIG=t{DE7mYh|Mr%B4<+}ejgx7{4ziqtU}`!cc&j@@*6M1xy6&{2f5;R7NTmknp<2< zKPUzN?4xRx(+^@KG!wbSDf9yg9 z4k7}vrPL8Wpq9XI#5Ckar%CO()9GNh3^C_8isZ-ya9l1v-~wE@W!&l_uv&@m3d*Di zF;$4I{7Iw*T5zi+S>slBCt;Q;l9k!)wTbozNT8Mrf9Xf9*8-8r~^dCCH2=2wVZUNO4c4sLfDjI{;Nz6Cpl7F7h{f-h#MQmN%$_?Mc-iJeCD@{yKU~f{gp28*ri5(gq_dEk6m?eO0$7xbqFMA%@GKnHnZ_sI(I!8&R{2@^qk1bQn+vp-`c zfZG~U1ENid7CREVQ3E36HcDW&9Pq*%YCwe63i(}wjnsfj)Nsf?N)3oP@zj81&_f#A zAvJ11cXnfCq8$yV225g8X|C8&nlCU!5g1}CHDC`o;t)9EBsCy`NvmWxh5U;Imhh+n z8T?j8miYaVN#d7B^6(E9Qv(XYg~j4`M)t5l{UBAK0$iBjC4mc5yfkp3MK|w8703h^ zj-s1SpbA78x&>m3PoY=jZKMj6f(y&&pv9mE> z?4&6YNs3aj8S0S8*~J7xNfzitqK|u2fD8~}mdKw?62G>R2VPk$@X9(WKnaL&k3cTv z^zk!H_a=b|Q|ROEsQ~HlpbR?sASysMh%g7uXpUe*%cuZFAi@$D(QYchA+}jmpjTAh ze|Ei50g~AOl7`!^Q31N+?q-U8i`i(hQ>g%X@U(ovn~DTuD#cgXM+GQnYB_=5v|w?AUIMdEi>O2sd%9AcyTNp63F_$9FvG+Bu(kjL%MK$*>=yN}`a=P(yBM0~R=l+n>!Z$>h-I=WzS;VOxdF z0Bq#;m%_2igb!GOj~&nLPiCSoP2_dbnGNX0?ayMrZ?@Rjn=5jU`C`7j2o-lLw|@^f z^blSDB)31oOyu@QOie;5@wojNq;<3C{bRWOIc)#RW2Rs+I!PgOPQ_x%Y!7VUAh*8) zCYK;)by5U}vjls~009i*_GhD-TNVk5 zG2H$f+@U-Wz+!HHAu3EU2w(@dzl@DRoy+$a#h1a5yW zze%z{{H|A__@$u|Fu-nZ{~=gm1zJrD?!EN?0~DYBHyocWkbLgnuzZm~^Q8jMAF4$3 z%;dpi{sq%Z|Ay)(2_+}*|503DB9MKV!1fga-6#Do!S^eK##Q`3jqpnZ#xD~nzvAC; ze!4*Vng0RnuRw1p`Y$8?ED*pLYCweg^MpdQ;%~Tr5Bki%BL6ggcggxU{GTHjzyiSm z3jZfqzzP(CV)TL1e`5eC;Qt8yN7z3?{yF@z(E?C^A(+1e#9s#9ulQe#_KW^s!}}>> zSD*F2BjQIJtRsGpIpP14n12+A|9>3sM`%C7`VrDE;y2YIlz-^IfblEQ{r@S5K8Jlp zdH;vu`Tq)0WQD_e1H<6_(a=U&u}&>^=S$9KT>?hFoL<7u zirlq)^!!M_*$s9(2y^2d7gNJ|u9Zq`3sl&2_*%w!wPu#^w<6bVk6>s=$^Ipw&ZL~z zTl=GON85&T&+9Q8#oYf`PQ^Wj`2=qzVoSQ68W!%1R??v5fOoiKtv!S5C}vBA_9RxAQ1bV|6LN2PItP~-CJAR za;m3`ci;WbfBtjMy>DjI!?)}W&y@WlTELOJ$#;MfD5O~0emFq8KeTV@wb1&`*#kXy z^YelUKZQDU=F)kT2el?GrHO7T&1Bazo}-tlzO?QsDy(OkXy9%vn1-mSQ8g!I)#oUhAr#FxZbcfm!sk3)&rTDonx>{(NUe}7 z>vJ+#_;rb*rCZ?RtW=S+5-kww7L|JaXAE2_*zT+0Dz#CgyM{?~uxKC6xrENdZ}%el z?5}r=ldTN*99?#0x710MO@rb-ifo1~TMlit>~7=?bd}5BbhD*r8iEuA=?78|q#Z~( zkZvH=V2olY#Xx#N46QJYQkX+0lujU(pbewwqYn<*I}@})X#-LQv~yHx8J_I`ZBFxf z{;OZJZN754d9Xyp?)+D$(H$iVI?e8rH1U3PZd>Zm7aM2L!6#b`-{v$?sW$KTY ziP$%kr>tNKz5Wz6UQS^WFYUk-xbk1#VZ`oDsyXGm?-Z|`Y1$3bvTksv?s(sEd&@F7Nslb!v((tyAIp5@;UeY@k9{Q04cW1SMX1iVnL_*seGIz&d#Bv@E(=5$3$+j+Q9e)d{ZD4f^y7eJaqVQzQpZ zQJ}BDE^bNAH2a`=EhToB}G29N-2D&N*L9YO!;BU}xZ>+?$88f^Y57Q{%h| zA!(i(uhLJO=%(tY11kKM8lO<*k5u{k-*MdYjA^9D=5eZrUYc7T_#FoqXUK>t^VJ3#@wK>L%gx5`%0 z^-gi`l%wb}&EHwFL)=EJCWU@47E@+&pHf%rf5gz{f~h=D{e;lk6Ho4Y0iEsG`kU?- zm;bK0Ip}TI_N@V}>?4zN&DKz?Woqu#8qGS4a+QF&_;wf45#F;-eYZdft@OYj!d!xN zUb5Gt`07d4ISZDS!O;_QnLDhrSj&)gzGt21taFf5h~Z4Be;vSD$~en4JgEl$xmNs& zbi#;EHpPot;6-`nCnwBH&Y?n;aFXjNP%YHwE_?m6EY3+ppUZUoC1r|}_)CR;)}W(F zYgR_*+Tq!w`AmD}F>TRo*RPjfe2udte3+ss34vqOg_x)h7cJr@sXk9}irbdpm6m)9 zR?O_%&eD)$Xvis0*~dRBa$AG=j?kk8>$yZZ9-2`{+H zKB==$TBa21T)SMN2`=`*6k*- zVR5J?PS6E8A>A{2YdWx4)C%7>Z2Ip3=q>H{81$CzE7f-ZdXG)*Rc|*5QjJ9BbAA&e=;> zBnM!d9y*8d#JP*T-@U7d z-D5Q3|Ipvns%PNihrid@I}J3%HX33V7g4)s$o?72MRXXy#={fK)6@Fs_ex!zfb(a3 zo4g0pz6R$jJg@1f*}H()UcIAEDAuUD9XsN7zoMivg(jmzl@!V8#SiF^5&G=%*pP=os8B`P+&aat~*5A8#QIb1A^hjx1Mj zX1{#EFTdrNPrzh(2^)U7Fj=$YA-}xDFFz(n(7-_yCJ*R-!sMA_xccP@FgZ)_6Thv( zZ#7A(_w`Brj7a_LvfC{pYn~|L5>{~uPc0>Iq5F-N5jzK8gDIR@4yQ-P@olb}VMfR? zC6t*HY9wzOq;9(S^K$1##%gA)#?o~8*Eo8FD|dz?ulexO(l&RX=#m~9B4rbU*(UAo zn>^gM>@ZXetm`oJ-kkU4-&OlM#i`vG_*v?f@qc<(QGHs=3t7%6N-iO86HwC92^r%= zzGW1|jEe3?<|DogCx&!t{X;ydZC&JoEK<)H(~w>=wllT?JKiuW#o+BZm~n}9sIn4u zR-(yTbXbk&{qgqhNW;2(_;i8ZQlY!l@G2XuOPiJH!bS)1iy;hS48xegF&3=QhBXSC zSD9dy)NM3b3neP_n;Pn6gCtTLx3UWp8GsZ+&i#&Au^DKw053LlpD^b~_HirI%-}x# zrvPeHTnB1^9Br}+U66PHdJO48WBQN~WI-p|(2K$@v6=-PawL*Uc$HP=_ByPl39sqU zk@_&3YrM*l$bi}-xiU7JEiAo+w&HiyBk;IJV$Yz%};f^k{HxDqH=1<~tZdJ|0V zfa-m4{Tf^!f$S5w*PMjH3cL%!Y-7f4)96n=DWw9_ZUu#*hQiRmqin-*yQGu`c$7m+ zicbwaqLy+DvI#FIpeiU>2L+p;Ne3kCf0kNZeIc`2{=ZJFPDmWi$tSFoPy(-`UcvAn z3>NG&6{W!dpNvw0+OJUeHR`?r;BWsR(+MpYY=uJ>Eu+ z7_;r$*wH}uYMbsgAm22^;oQZJ*T|8BAAJNnUZRFDqhq;-zU7*fZ5Ud%>CO_4Vo!6I za@>${3c*BTaFL|xX+BJn+}+?Y_k~F$5AE;%49#tE&_~6 z!z-Rqruq|brcMsB`BiSQWfre-=D)`+!f=ay9ECI~NS_m9-_I`I$A~T}=N2Wt%q~8L z5lJ%8-^wl~h7Z!%H-G#}TxfsbM9h)ppXG@3m}G8Hm!vI8!IMfa4KIb#su`wiQ%u91 zSm@Z?B&%sjE%Xoz6MMaPj8%F-C8q z!_rQP!8jhGUdS?0FDH=qct`&iGmkAM6ux`j_}Pe1aoNbaOGma{KC(|fT8hQcWh57t zj+Xu$B^fO};*fbG?{2^kct^lFGz;D^X^3b1yh-ENp~03f>|((#W7vE)ZF~$5q@}-y z2-|667Y{;T;0o_Cg{K-=M!nV>H6TwSWqmVin(dc3_(yA@{c7@ln}csFA@_mVd$$$> z2L6%W=zqu5y>c`6J~g0w9P&)um7hFm5AD?Gm1-rwwdRPvq^s6Bb~$5S#amna2NO>a2kDh2Y6bFTNML(c3}gVe|+tbhHd J{*90Q`41={@1y_# literal 0 HcmV?d00001 diff --git a/bin/ssleay32.dll b/bin/ssleay32.dll new file mode 100644 index 0000000000000000000000000000000000000000..e6670a7e8c13d8c97920b6d916044063d47d03ed GIT binary patch literal 274432 zcmeFadwf*Y)i-|Tl4M8%Gho!HQ3n_>n5fZ23nb_S!Xzrfgpiq7<>DjiVTy<_1E>%Z zPXaR>2C#jqv|5Y3SnS11t2C&^gkS~`D`GDwTJhFrPe&?N4ItwDzH9AsCKGI*_xH#9 z=bLo}5!UHJSk<=G*x zj_k5bdv)Y2b-_~i;w5+8vE-IJ-M8MdXwh9^_kZ2yUJ_a4Ua-hrH>1gY=Uww}yL9N# ze2;O%5k2dh{pE-W~Z<8E9^_43how&E^ z(a~eRd^Cde@xK+1)-l{C{5$@)|KQ)53vN}Z46{c5sfseqlB49@-!sdMJFHko7FY@u zr34%qVd3bzJ$QEEv4XgSCwjIjN-l-)XZ|XS!9ijo{%ndDnE^Btb3ogkkt4d1pRjK@*u8TF#N zo>snFQRZE`Wd1GTTNI`AcL1ikKZ{>C^8gR>&kHfRRDvn{E=Sx^q*vhgPv3y+zI4gb zCAT7p>xw!vE(yseVM;5V!gP^WmB30!H|+Z^Q$Xuu2`MNrR}nJIVkO1q&b7#|8fqud*XGTqLAG$ zwm58xw#y~1!>>N6w8G{>*1zguPm%uUeq`!A6dA6s`4CTf+anb2c1}H*_LT(0zUfxv zv_C;|6m|u~i)Pr1@Q{GGxq{QR9h;F&iHugCz>hlXTQ-+Uk{Y@NHpEwb-Fe8_u@_l`A$K7ChPJCP`65D-6tAKTY4ntHx zygecdY6haT)`dz}8vwRf;LBOpV`Pi@s*;CLc0ddnl9i=o5Ms)gd=5|{z&(R5tnG53 zEjm6!l*6!#) zyqdlSawNJC$&C=67Hh4M;%2mH+UrgD+-?j(sG$ouNczf8rPF$ARrM)n$4ESeEUE=5 zf!Lxdmd99YRdNX8gW^U;Y)_r1&INh0$54H_$2`J`McQlW^z@S1AiXfCS_uy$(G%Q{ zHqAUkakURuTuUP=3DEIw+WLvkea0 z?Ky)Ya&rd-^YiishaLFKjv10sU;9k`cG%Q!^pK_Bnu7XDPhtCN7A(EKMsKk@J4uu1 zGwQmi9m{(Bar-&`pqP0TB7=4MZW+B3y}f$(DraM8K~Ow?C3T&`xi|I3?fJ3#x^=c1 zTX;c7cX(U~ZF;;M4EI4$B-j5$Twee^HP%LLT|#>5re5{B3;>BN1LOdJ=s?N<9eYuh zKeQ+)F6TnakvCCa)#wIw^|SQ0C}6eYu4QAXplQWU>d(Jj^1h)e6SYdh_TTl$Ii^;hARb(V?N$VJ-Mr@}X^tF=s=Y>Aw! zef@RVyROzcak4csRQoy|u3T4Zn>g7PE~AP(SB8qHW<}JED1qzpfyJx~(}yo^otrW( zEXS{9LwNi`Qx~DBsqaLFC)O6CeW{7TzTt>M3jLTu@Gqo*`8%LJ6}>Mb2G@ffWy|ZR z^_fGVpx9a|Tb~A-M137)fB;y+Ga&#>{jrNdJqE690SG|=#$>4H4yIOSKv)C_#L6I< zvCO&cdW&=06l>3Wj)L9Q&Q;c!6Hzuq**OXg5sSJ|Da7U=Hg_PlNXF(N){%*Am>;h_ z3UOI}BbYEk*1lO+?IcQ3%3)({ddqyRcZluH_LHQgmcbARicwUl>oXLW0ysnz`(gh| zsh({Nzd_MI4zSl`V95$+SWgC)K}iljBRPB-a`^rg%+>0?@CbhhT%Ih$5^0toHZ^Ap z;*43^%R}^bBAo^@Vg;%v`{81u;%1YI&?+Y3u{0SJ)CnbK%Jmk}r}*`D%Fe`me)vJ!c|2qB4xo|3+qBQ)R!n zm=V}9Y+r>QhsjTD93P zo@BG3koAFN8I20kX1yJ0uxE)j^!f@niZxXKY-&&R`g|f~pw~B7WcB(p{Gsmz#cwY& zdp)>D{hqR{vrVb7hFjY1ODo|^h^t>={-WwYnx*@{1EMd^5Dm#E1nPzi5O;n8%3&a* z^Ak{$C?5m5c9Wd!iCjW0`7jmmU?%T&5D}uhd%mJ3;K4-}Ao(1NJ`0F%>I@-cPtzG6 z%h&;(p`CEFa=koM>`yYqmf(qto%tV%ZLmYZT<&H@w~r?+f{}LV#l)gFQ6=?B6BQbj z$j|@xc$#%T>85xnUyl-TwkQ!Eo8@uYlI^EhIbBLPI|=7D6Q|0`iO~M;q{$T$31aD> zv2W3(rp_tiHvZ!!93FuEkHcRYT|Ap4L#li8ZLc(H-44IFkjC=gQ+LJCp|w^i5hnC) z4+!nc5c&tC%ldzl(BQ1fZhalq*Y?VU$%W4EcYFPfjp^SK9|B@Dh8_K(ZpyFd>!^|O zyTGj<4JnwFRr&Gd_0QBkvWf*7@u0l3TME#(iGl+e3jRnriB-`rnN_HJWw+$iTEeck z5$=Ak#~RN619B{xFkaX}UdD$Q~45j6}nHgn(3o38aSZM%#=&&TW&t6-jMZJDi>Sk)oZ*b*?9n z@cHUzW*+DT%J8pal%Xhj1!ZWpSi)mMxk2$Dp+A)YjWB3}K}(XD(nH}*w>r1^Y#GBR zS`3yU){fYmfmqUGVD3`4c|Xcw;@r4+r5a%nxew%us#lJ*m|BpDG2Ec7rpPeb>RSvt zAN|A&W4wrrar72XAj=Gj`*P74i`W<;lF|8#(LUm6Kf0a(T6EFjYKcj9s37?Ypu`Q7 zd=%D7ac94?kcPQ`L52;>CT22J&JQaR1 zm$So0aCR&OFi6VT0-*HbuSg}8`$ZiC6cWHp0EAqqOp#0)H<0u#%Da}-C(tjh5amcx zuQDs(7cYK6q(d?~`y=`41SBLs1u*cq{W2e_<)NJa0wfh(5%7!Mct)N8bm363ngjOa zKI9Wi5NH4MZcUDZf|?Fg*G7qvC!%B4NB=%;UV^WNVAm zGN!95Jj5?<;Y7PkQ2k~-Lblje@=wI4xO*#9q5c=SfO0!PWU;st(aqvrPITzKP)n?oe4NueQ|oSk6^0s&!!R!M z!e?;{aOz%~I(cKhx`eL*IWck#fhhsiHizeI(kgR7v$+WxI&Co~x9#4~6FS9Ct*0wsm+wsyPMrD|Rh385p%_WY;FjZ2JAq&%QZOX7 z|2JhrJi=awj-d^0q4l_Ekb{C8>BbO4HXXMijT@K^h0h>^^xKn7^c_!rO`fN59&TUQ zTWDcZzPvyXnQh8f4xEj;f4&s16gy;^eL)twHdAPCfI3ckaS?t>%#XMQ z>4wU==REa36GzByBJfEBdf%L0b&;8@k`gf?JOf2Y^7cu8MIVMmvNzD;>~OD4lRAf7 z$Lk&92_$AY+>6QKeibcuLCtbZ@(0Z~GjKCBT~Twof<1 zUJSlP0rAgbPEQSq{|t=?9;bC*6-X(bM9W&MzvJxqGkT^*9`x_gsN|~wQ(b=X@h6VHO?CY=aPQoIiXP&BAXw>ki}SKw=~TiwT54&-HJxpNTWHbU%16lyNMeJ%+hkDuhE9_&^pz+QAxB17i|gV4<*D3Z*8_yZm@P{$E9P@BaB^(%(@1HI zWp{OJjkE4J>~8p}QR0xGXy?N0ptG<^wNft5f>BNHg+ETc3UyZBru8BAcHakW@+4=G z)9TrPIp<=*l<4hV=35)WNNf$h~Ox>Yi2b!Oahd9c)GvVwBuf+N)2W zZ`+B1ymJpc!pqcvpVZY=_|OcXZ8dE3aiQFR`0`9N0Q|4A6+*X%=A#M9J|+>7V<+QU zV+`SE>54X92|KkFc4!C)%uG<5%EQAZJTx`yi|Vu^R@8!m@wrxK=V7V>Ym&+Xm3v^U zm(Uocd&8B7po}Ww2sGl$-55ykC*d#bJao^9**DF_3KMj)LSqV3fQ&TE84FL^NlWC0 z&OOeKw;?~B2b>)r;ddsq3KJy8Y&AuEIK~64Q-1hUBO+q0JVZl;Xic$ESS0Sk19gW( zkt<^>JvBhl2-^GdXn3vhLYvm~p$7EhwOBR$S`*SVLf;14sFu*WlPHt3qXuM5BAz%q zFUKRy1-Bnqy(0Aw^g?C>TEMiwVP3yW@xDPuH;mKQ5ZjE*Ud(%Y@r=j$e#6LXV|&T# zNLPqHBx$=UFza-Z$?OUG#rHX?kZKaIr&&gEU!EhYCYCg60N7%nV?+w@v?3FjTLhm9wSiPl;q94cOC)nTF7k=gAB3rq1(sDrRn080x* zi4dVw8;z61L!zuK0cJOWS=r|156>fgY=;DJyLTQ4pF2~$o@4@Ph=n*0X%x>R0s*x) zBe)?J+$9{3`6o;p>VX-12Bk!9Gwm50*)yA>Bwk;-U@yOm@rjiX?B!n|7Cm5`L?lfb zHqN9`a||Q6VblPnv7U39#r#(uQrKdKm4JTjqJB-Pl?YJLuP=gZ$mT>J$kmnV-0(M?ZQYc!a51r<7!%4%Y4AUVoN6S)DR!>iPWlfU4j{A!=fTuo zeFx=_Ps#7Ik?eYOpCkSqi|(D)oc=vcInw({tJs9NnX?wg>h0Qb2f4ih;vp(!jadpj zB~--jzjG02S*jQnfo^=J9~Puve939du6w{PU@j6rLmV3ivAM3!L#@@?$%Obzz4|OlKL_cMqO5}SwL~%d2=mzCo+{|~x~<`H88>0|!BwLu?>kQ5 ze!`?&)sZcEH8o%_c;G5KsP~cxO;wsuGUJln4L`D8SQ{;Xs@)h)E=n;>;lZ&%Pn{E1B zyWVTti!emi6P;?0&d$+JI$B2%j*$RkQ2l?{EcD~$SS+pU9|Gy$;T(l?K)VJ0uX^&ZpTRz@ z<#pLh%rwD_d`nJ*6W%(YHfF`>-%~6!OKqU1A@t;*gQ^pOX4U(7z0DH&AN}{;lyN%z zobKh*wZ4XUlSNC~mkigf)wx)w#v*l}9T8ZkKJit!Yn^psF4n0}oC^PD-DJx|AFWfL z_&U60-DK-TAFWfLNQb|-ZnABn&lc9n%{O!?*m@$vwf{k3%+~4;Otw-*so{;kEPqFq z09Z+VV->1^h#gpkdJU#jnYs21_T3p2<%oj7(c~I_V}ft1wuc+rs+BM=uB^nwM!gm2 zq^jn2z7y^I%lA!!D64u$27()!AfgOmEI##Cc8{N8!IA?OKCyUYg+n10eH*0>T1m<* zNT0ThbXWooEF*FD4`u8SEJ)`Mcwi4AmK+Ssjakill)!A!!}!*>Qlj>9L1wLIwAz*- zoL#R(_-pS`)rfFfw;8;^6E9+RVNn^I8^FFJXK>g6{P(LnT5kcb^>&bUBF{<}5u=1h ztD7=~6Ja4LeCFW7wJu^3!EVmL(*7Za9eX+~RTVbg7*bB;@{(=FtI>qJ|M1|7t?dT5 zwxUj1hOr&%zm1d(rH-*ZC^YCjsg;e&&1yUIT$&{=mX1o5klwE&E|0k_o zFM{bsMqPJnY08HEC|F6l1yTNHv4m4l|9ggE#o8y~uwwmAlbDbRaHYo+fhSD@RbFDH z_PCwFGL;7ET*OF+Em$9Gr%})dZYQ^{62|Be6v6>~b{akQ5&-)r)qI3?uY;RhS7Pl1 zZ@B$z(sQhJvr~BA-%!TQo>GXoOxL5E0SlvQiGHm^f>v8#i_$_m$z`ma3{e(bdT=e{ zrLtRzh;vEOcye5Z>M`RV0D4#^X75QqO(@tt#mN6{9{C5B$gsCED9#~FXcCDD)(7$C zy1{5nb+?b#&}hFEIW5#%j=6_30J}j&hyXSKV9*dpN01G}g^l0vyh2o!g4u0oo1{BOIcV9fH$$Q1a_?_fHyFd{b*{T7Za z^_dK{)Rau^;kV7|Fmil#p)D2ZPB->DEW@Bp{zO<%v`4qRvfm%TdWajJ5^)F!jEON8 zg`9S?Aq$cPKqSUf@=;n4ItsK+0dWl%$PTT)AqJZ$O0X!j^co_=p}jt zTS@riQww8L9kF6@9@A#8JOuNx2%2!XT9qN;2mn*nLYrPjK4-W25jRq{<0!u~4WIMP zW)AqAUj(@z@4#CIc_;Y6PJ1_dp1 zrLrFrHC@8?Kw<2@irCVs#1uR6C$?(Z+&PJ<3Oc`%nCi#3f;m*Cv&;HB;G;V32oKYa zFOSgHaYyo^pFnKD7`*qI}UjMya9drEZtWjWn$NxQYL)l z)Q5~bE5l5CK-8d~0kMVS3KR9Sh|D>2CDN`E1VjKMF}g=zoyS=r#sFLw=q7Mve;=91 zZ$<*QrW>Go>nz>tYENvzGnNFS*MdClc!hJL7Y|L%;%&-cxLBj35T{R{1!<}PxT48H zz`5qn2$&xA-m;#Yd60Hng3+*+qG@F@wlIw*WNW%9D}1kBj8!Xg0JZXL_22|JG*dvY z?#7dtC+lXwb{83|t5}-+I~KY^7T_CA)6`PG_%k9fdHTA}QkX(=Od46b#FW1RH9B%3X~-A~Gdc|Rr=w8y`V6$C4TPKtXt)Pr zEVx&yGcu`GNOC&9^&xF7S9suSLw9LPmCU>kiW*z_Dm;uNrnSrn|!G3 z#u(6rK`^`ju)iuGZabfwNG|-?2@*0f2aB^=U5z=7_IAKUc7^P&4!vg#@TDi=%Nj0d zKcNH^Ti6C}lPkv+wMvi9WJ~lqE6)&n!F9W~oupccoJTckOte!7;}{GRvMt0oeBEf4 zOXVcI6_m{KW5%1!F4xB%$IwVMDGcgs2#3CdaMIkp&NE~kNA;mB1;PBp8ZI5_TH3bk zY_)D8x(=Hw+;zrCo}=*#f@KN#xz5FmiQE02{1~I1JLksUvg7hOa=z}PS;ARxc*Ch& z7zo)K+3RiLeb5AIQYwFOy2in}E}$=-6)w%NvozkjCK@@K089V)k<{-|e8w$AJVwTgHU!(J1N!lH~<%4K+^e%DRu z%Vx9KVL-enWN8w2z-bY>PF+ZxV3*WN^v2D9BA621>{Zx{5yu|aI*{2fS}-9&xG=75 z;&21PM9m9r2r7{aLNg_*^$3YdMpGEmC=r~RsPmJb{5j&EoM_ixAW$VTF?4fQ&J%AC zTI8fekXjO2!l@W|iN52UjQy_|TMK)2hH92*9|Bqk4#r-)t~&H7v*Lw!QUS3jThUW6 zWuu3RWku>r)HyVt@rsKjsZHY83GQGpSsb%X{L?(e+C7Di)?&4bvMi8Uj)4e>H2HXR zts6LlmFWp9J#OdJQ?$zuMdxfmtSy1vHjOlDi%*cFvU>t_taGZ6c?LngO#7z7o*I0{ zi`|6&dTfm=jkhzNmt(azBfZRfMNutU*}Y zb%h{H%)+@796(xSpsyaO^WAC4d-?nlH;vRUS%B#!Axi zGt3P6G7a$;S02!Nj(vvC4{J4LEqe>2s&NM$$ng2UrtLFQm=MFW0N zS9h$X2B3OvmDX*G)wX1wZIBgMM6=QuF@DQ~CRVz_MTlwAy|ZiyY-krx%6Klyu0*bi z+pA->(*P2(q!+gY#FMlZJAGE%US_FnApiBGlhiYcuROF@6HE6>ym2yc$_^ig+lG zg#iSALm!itgn7$D2T-mktvKJL{UDr^nqu{r+O z^l7IhX|3}VvXx7mb*b$%wpS;e^-0j^hPhWnWMFZ8nAYl7!n9Z0QJGFPVvasipYGTF z6|@YZPoGx3mq*qj=!?dg;wubAsS9;~IR@PGP;@YE9}d6rM~LRil@nIdJXF(C3gAii zR>XYMs!y(}WB&%ancV#`y%41}=r3bTBY0mi4XFUOC9p(R47BQNK#TPpz_ng&I{`lQ zR-XiD>(!`4k?oaO1BrRr$=Hh0RE^p}mWrSO;|<^mErvqAD zEiFVx#_56i#2*a6y00N%>p}Huuxeig53bLK}}g34p)9ME#C76;PdJ|3Jd=O^1R zQaz?zV0TsS!Z=z?LR?D1S3%V%55k$|GUgKjvF;3N7GqD(`C4lU_7CemY^B+cSemks zBse?%3$-(a#b^ZV#@KKI(P%pIDmpu#MxecQ{813)?8G9qqV1qFQ^=>1#E0ubIRWuY zwoWlOac%cc0&H2u4lP%Iw?3)#9@b+8V02Lk~RVp6a=XpsTr!Gt=M5PgP4d+Fm zCz-3gXNfgndm|%ucJ2fi67&Wyb{+IsZ9V9m)jh3em-S%xB?Rv^)_zinx? zJOnfW*Er;+@uUSwm^uD+FBMBmo3rK62-KpADBi8tdolKXN&p8q3@J4sv?@wVY?;tO>yNuaW)$Qm@1wP-Y}O!cc)%ehnXSud&r!6QKjK= zfQhMJsg-6#s5SK?eRuVOI_Hc9bzeRoS3ty%7*&Tv?rL0(Y{?L7nVb&>C^8&zPif^+T&s z_liA~m6j*w^lCi8z|e#98=tWaYQ#hi^WHz+$A?3UW(Q5L&S8fRDgn=5 zmSB4H^WEIO`tH<7_45qBsmgL$vq=0QAz98NRds_qj4cSQ1(pUDh6Z=)k-2)$91L7; zV5a_Huv_nXErtXI^p#)ow&Xjxd&AsQi zW`PpY^(8@Z%g`(tb_GSF8TLZ8V`tr`|0D;9-P{X(5%2U??KRLvGR}(g8M+$oW zl2aGb;IxtqIEq_}2XzLxDa%a*jajaEnafQ+0?XgHO<*~;CbM{m?VQM(dnMBK`WB=R zS$dlv*kbin$pRENY4|728n*y<3E(hla^A-hslRA;dd7FU5CaEv-L-m4vfmpt$7aKphlIuFS%A zFW`BL_Gs-T@>D8a`;lS$QG8+7AlPA$n*0Lw2Rd&Sy7v(U2I_5f;M_5<3*xOrt~ur{ zq)|3!30opfb?;2?k{mlv(^TDr-iI-cDud{=!82 zVm#2_v7J<0*eT^%>zYQnBa0ACYml-Wsx>7i?l;I#MMW#x$2SanGN+Ep!AKqK^t8< zaj#sy72iAc@~d< zEn5V-G815zY2t$2wq7 z9sxgs;-6P!m3oy?YF2UCQl5OCv%CVHWQ5p;EZW!B2)yo9BT#ViLBN0xt&52wp+5wZ zHv|6$XfZ?qIW|#_`HVFO6T1x5ZvaJD$5I`;xjuB1N$KJ)Jau<$Mn;^+Qh84DTEaU$ ziPUnWw*3T-Vk#>q$hJW_TY$nS)o3YP+X4_KlsV<>_zH+LhdX(Ib_&(ER30(%;V|BW ztppPu9u!agEW^a9pt150_REtnuSB|DWWx}4tzPfY7tfEkKZ_`wET1Wk^pN4Vd?zV0 zIFNiLL2Of{-bR_yRmEZ-19adUT9)khUx5^x(0c9K$>NnirYUIh8k5>KWKtrz?T$A5 z2E_&0jj@b)@qgsl=TInI@j#>emt~TXA4fkjOR`7Fksp>+kiBAdZG$ z>CKz~b%c;zeVr;qC>~e5!I7!R^mw;74YIq#PqKmkxZD+}SUP|uHSUVMO)_j45>m-L2 z#Ag!xGC}Ja)J8bZIYw55S-BQv4)i4|EJ-8aBs<2NaM2{ii=VTNdux7hJe^ME%K-&2 z$mgLS^A4M!yapz3pcgqiujMM?RvT>1bVKG!#ixIOYUPFEAxKlHfPfH)G+5RRl(FSC z*uMeR7`oD-sgS^fp+(5bXJOO=$6Nv8OU9POzQA^Or5i9ux@Iox4z{B&uOcm* zw9~8#z=)yX7qGsAqGAi^TwWt~yog;biF%$sij&v~g1)7_#DlxR7Py}t0ngXi{9b8FGQdgi&Q#S|1a89zPN>w@rBeT-EO*3mF(nFR=lRgk9;7G|Zku?pU@gS2ZcF zOYylIpM&^ZG)r-P51(1himN1`xMtw#q1mp3@Vnb)S)Czo|wa}k6l;LY(H!0`2rZ_mM9AqAHG?f(3y~%Q7+nYa zYicv?GFZV5kp%2iLMZg@Af(;_Ruq8&jjZ0lhQ~&t4qNcWB3%MDxUiCd$qWs)YrB!N zDWE_72!65A1NV*HOK1)@1!xu~ZUp7%2bj6$S01YDCpTW@9#%rcF=u$v03VTijJmJD zWZjcMs7CP>D&nh3#9OFpk`4g#DZ1o1JYjp?81>JYEOg$>$Rd6XXwH}X1O@f?xB&Tf z2J-DJ$omQMGDIX_2Bb0KV6(~x8R$+VrXJUqd$m(uXJ-dOx@}T9fWvu{%J35jzu-kA zxj;oXYLBMGIj@ZYBvlLN#_9Ma$0Oa3HP}*fc9LBstu^QRg?L7bl=#6PO!sW*rzutJ z$4+iqxuK(E8(&2^>cxei=kn805nYDiw-WpGurq^vBzA1zjf_&iG%Ew`Bbh4J0q+h! zG9}^Wh4ay8!6g+%ss+fU@Ge2=$t|3gi(M6No-5PL9saQ*)scZ)OmHgzr}bHJa>=>v z0z%gFfurCcf{3hs$GPEMSe5EonLOl{OV%L|dxwjq`|T`H1Ytq9Xle#C-7+>e6FZ4G zj7U!t4z_=>jeu$XyD>#>xJf4N(0!)ZRH6{^Q@|y8AIX&&h}`5cGID7=v}nh3BWn6? z+$7M_6bN~8$ZYk8mWZEnvG4`nGfKTalXKZ1-1UTeBQiKU?;si)GjR6~g1eC5Xall# zJRF&tDXb`G7ZsMi+b){S(wrO5Crr0wFfAU0>Cevr)A`6XX*0ee4gU_;8w0prhu2wM zV&YOSN1j3G)(|>cAD7}hj>Q?rg*Td62E^qifbJ-xW_uK0So;-+P%9lLVm`tzjkhPg z;d7eQB6v^IXMRiz1l?YL`b;603M%)+XL**#=X;cO_RDLd*7(e{cEY>zUnJ{pgXy$f zT8DkBKLo;N+%(X}i0P(=jSi|v3{)j)6OMX;NuN4oph}|aS&)eN9H=P@(D?koALzLd zvlNEG&yqBG9ZK!M`a&VL$9Dv#jw9BhMP>PZuz4>9wi;(aYaJxWSZJK>V|V-4Kw zcnM9QOVu5jS|^Z0jo}O9%Ff>rjYTh!!IY#Go%X9~7T8)bVe=;ZBHzoIe95eQ>x_KZ z@2n)3As@WL1KPNY*do1MCklXLe+EY`aa@-D66F=O5>fIB;Lv?^+|MIE`YjCtr0(IN z8>{}+%pIyV$u5w&FdWKtahwmr^1hb9O>gz5utN29&tWV~A&}+;5g3&v@md>J#657N z7K5U9O`Iwz6O$rpe(@Aa2TPJ$Kx*XyI^#&|5XSlumNT5&=2{5-L0ScqifX3~8@>{Z zAA6&Ut6z7njUx{&_?ObXBAcl~(89P^Bpis_FT{2SPs9g<*VWu4oLnC4bu31MPAupa zS01T;ed)barPK!Xq)F;P^$QIWS$_MGo*Jtj&43Lxx%AO9C>BRWMUX;2^U$YzGt(Next+)V5bs|f0 z4RjLQIow;qcLv1c|4m&B*dz1eEBvVm*frZ!#GM5N-jLq*G2yI*YEj*pGJiWzrhZ)H zbAiP{S{)PEan8JTc5DVvvluOjPp(5q?)fwQyR`W+N2WH3r}3a~=mrpIF?N)5P+vm? z$c?wgoDRU*joLKSffo_&DV!PZ5Sob)TIP5B{ePUnK?lc{K9El3m zd5X{z=*`{MI|?sT%d&blP#+fRK|$)$c|a!>}VZ==7QaNZczVH+i69&D~)Y%0Uv-}lhR*f?3q}-d-X(iOS=Q&TW`VKz|H`S z$WJJ!fV1O%l#Pvt?zWYVkxFFw+}U%?y1ILDt7xD49+Z=mMcRa|QcFXdeGUz#b4i9v z3v8EOts-s5dcY`=0&T}8ez3-d!FVn5Awb%i1nI}WN0s>KKw)y7L!o;-na$M)d?emG@T>c7Zlc^dc3}03dKxYH+%>wW-mntMoqNI;HOb@v z9fpU^=Ip!=S&6h#BJBo{mZV+3dKaAoiTmyGD529np`&QoSEhbKN72$>g|9KLOiiB( zS7okDO@AG}D05{hPH~=VT$wr|QxIJc#O54gN>CE>68m<+uK`Vu743q96cuqpf0wAY zn~bAOWc#a-8zuQXS%nKdrM87QL}0J3etAiWdS^B$bDeG1jR3_N(h`gh#r~#XKy-f2 z>;xk^X#Xs=sO==(u|dU#?*!}u+55rSVtK_}Wm<1>h$nwV%>_+roZq4CUM1pDj&)3E zafE4`d~v;4BjKu#uY5;+Jew${pO(XuUy_>Uic5jP;(7I}%SzN|vcU)H@Cv|b3s!4E zTMcd`$njS9uKa?89=|2(OW(*uhZ~X)B9k0XR#u|&d}fu-u@{5N3M|gvnL~V#bA-Jn z3iSiZdK0qZK57e3Brr@|q`sB`cpm_!03ZD&3o!a|N%Cbtpaa83+yV$c^&S16r0&V` z-_U|o;<2;yGVr|pYFuKcIMH&h}MKFA23G!Y`-4}+LfiW=l z1dEOCTOq^u7~wVD$YxwVx(abIUs&ch;ubKRBj#HHwkF!vgJbk3Vf41A@k|yRRr(7& zo2t&LpxYGXppon_@QFr0Qq@`DQc}Yv661b~Bk8AU02gm=HHF%^;k(&L=tBbRqjIV| zojZ0{4-Ze3nWq{cKazQ?#mZfP#I85^SD4JmMXKi;6f_eB7NWq{5{nXC>eb3U5b6su z_MUx0_0Di!ZS^ZFKTA2PUvaK~ib$s=q)cTlqnH4p+V&-ODL|wm3kRwmnI|cf<2Ly1 z_lsk{;2KsQ0k=xgc_(G=-)B{6*7q*}(_N@5{Gym!fUcp=Z6IiW*v$k@t%kl?`3kn) zvl#CI9k8j+uH2J46BVK%RaOcPMtACv?vU*ii&8t8ZAMZkg&-`68jw^eqVU-iV`GRK z`bL#8HYmwnYz_`klOmvqat!6CN$ZWOA+0Q_;cP4elDZ05xDD#i2FXo8CFz6TCvCD4 z?y>LaZA33^Yc8)mBA$NS6qIQ&c1q*d(uI7FA+q0FAu>5MuET zAgka4E}-HzQ*kK|4$N?{i-TtxteK8!-?Jz!CRbaB4O%7}Zg@+E^s~iliCm2RP?*?A zv-W&2q=;l3YJp9Qx~EVhXJXi0XJqI%^cV;FjO~5XJQA|9JLEQA$b$D>Njc1q7dXD1>)?O)1 zFv+x292n7E>H{M&(>bDU!cPGE4yy1Ok52_Yr99iz4^F_Nv*WvksKs<|P;YG^O|L&h z{L&{EqB)AUTAUp}0R9P2Ek9Vm3! zn6slExpDl=*@=T@*p`hmT+WV4ddy`TuC$yOeA4u&r^Bn3S& za*n#!Ebb*9wEjV5wxdk!q$T*2Rewu6S+VLI^=}zK^7*I?*aAT4^_oxxZtMCPvD`sJ z#?3@?od*X^gMNRLXyue5{h(;WlfH&*T$lhZ?XwE!wpB{JDShmX9&B0N-SdwNN4??P zHXA!9yDNJ!vn`Idq>t^#wRAn=!pheGGwNWxHjTis*Zbe5A; z*&V)0&((1vr@Imi@A=YE`PX;@p%E8Smfi8m>0<{dfYNqC`?>qy1diSLZ&KMi%iTjWROfhpCeSEH_WFVBs-+mjiI%+5aX&;QK5=hEo}|;h9Y7_OZCCle>n)k z#<$x!FZqIotG~$PElb`4u4>(RKL{!0aQA5M=h<*SjEzlU@c=RzCvlPO$*gP_BO5bs z84AUNTMP$mvlxeO4qi-EC4nVz5F-c?1UA7-THqncE8t2Yva-SSYYRy=U@j^3LQsn9 zcyTM&s$B0)9we({T84;B1NA;C>)nC$CwR`>fdw6?h;eiZvgad5fuIp)s+Gobw3Wh+ zQe(Iot-fwzlwL%m)fX8^>wu~KR2y=&j#mGg0sSr_OukPsK+gfF{^(((K%IK zmj!&50sJutX>P>m6!r@NbD*moKxHq}VWO3`m+2hK-x13xR zLfcgweZ>ARWQ=y$Kf{mF^lfA+O7r#IN4Ud6G+bg2$dJOouDtq`(EsgA$E6Yr37cF;=Ae;DO@ zThCF;%$iHX=q5lXRpjO|=_N*A7+XVFSzT0^;31nS4C^13!f*p}rMGPbq+e{7bU_ox zXcDJ0f(f{6jZgiW%|#WFOs!xX_Vl)&A-gC>?yLqQFqvh-R(gga_kxV%<8%^{`nqUZ zH;};rW>L9cVHb(&%aEIq-FJQ{$>lp^zGbGrbQut({tcNrMW(e}aKJUs@5uyMcE;ORrqJXB3mqXRSs@8d#>ZG4}1Zm??E+F)5(Z(lep12!+$Sp@aI|apAMy)!A3CyIOs5KDH!_Wo?587D*Z(2 z0`+c_ZG6nY6a)Q6YYT=Vmd4X`m|zD)mI_R`r2Qz7yaBt4}ktPiAHxzUL=2 z5yD~{PcUsX z5sp*KyPX}h(VMZi0S(SOsuMEUZ_UDfa~5{(gmslXQ9iv6x0|(k;h>FAv0`U!1FYg| zi`H$$A(fuUM0JLVt4W-C2z-FkqcFB147`|0k5p%x$uJU(T6_*LG{@YV=x7zLU9;dE zTOSXCh0#Y>Afs{N*T7~E<`32f6x7YxN%Jy&O$`9)3~m}P{A*y0u&*NWtQd>~zVRH| zO@i6!TsvJ-nF%^@e9^g$!*+YL7E5w#N`Wz2i+2gExtgDFogsnKf%Mv312$Tlm)=IP z@mfcE+ju(gr8cGJa zJYqZ~3M09_k~B)ZA(za&a1;Rga@CB$V7R2 zAl(aE5pA*HTF?qB6h#FYaK+*;ByxlRrWRxpwZUc#TpE* zeo2*%lwJs0pJgcV7mp-l(Hm{?DfU=>oz`vlHz(v>>&zt-4~e}*y#=!kX_DuuWc#C| zzy9B{i^!u@8eP3n1E|zNx@^g7x7F7XNBfjv#1*f6CO-Vz=QQHA`a0TFc?)DLbXHKj z@^h9(xh!46_dB%T!#gM=BXMR7MI=B71h}?pB(fxG>&O~P)EeU4DAq{?hF_;^Gul!7 z1zK;wpYz{{V(EU-^J_dpz>flxvvVtCRA0LoQP>yr`);5G`5v+0cC?THOWIE+%~INL()h2D%Nm0&Cfj-|-?a3ptKL(_nW6>p+~F zOZe)LRS{p_MhvERLKIiO?A-W$6CZ8qDi&`eH6R{5iLL|Ma@HZ$PkTHMf0vsDW8-4k z5XkT9Q|u5*7af(y`MTFZX1v4GMOj20WC`NqK}k99>~;xJvO20J{|loUZ;BIM+__4G{p!|ia|7RnuQdK4Os z_~Yt1Q5@x$3)B(}x`qpI-5Izxf+PKF(P=jLzrj$4`rlyy0LvNlb$B|6s6HEdEv<0o z5+xi@#3I7$pjL6oR`~#|qB=i<0Aly`V5mMMc zENY~%bOX#U&PM<`#%+TthjfuAt;}!7j|bY3OdNN7@>eDwJs`;)zxFG7Wkdt~bosckFlzN z`9dbJajf!kDE9VUBq{^;3&v+JP(a4RZ6j9sU= z$_K)RiyPdSn;*sOUk(#>DoruLvtMpto{@P;*B<+$zEKhj-N3B%jSh%K7;9~?Q9)-Q z{d66J(`=cuT!GAL7%wb81X`SQu5$xkuFBs+?`qz*Ay>= z6<5VI90ry9Ngp4;yr&Rw$vHG$?k#&2mmkZ^NTyiiT_jVi(d%txZ$QW{2Rmayh?_Bz z1ceuC&Crir0ds>$7tQ>|8fedf@njRCnku`S1KWg*VvQXw=;s#v$U!aGq6cgAD6v7l#SM;Hob5(8XQZ=mMi*DSP=5SY7{BGlZz=s^ zcyQAi!Wum5i;8j6-Sv8)1ZRTg>({#bdmLSK`s)uoNt^nzUwh9AeSW~$R0SXFof&qX z3w9Xqf__N-_?_>atA!UsK#>ur~ZWEVwejt-+Z*jg9|T+eHF=@P>l|Z zqpy=mJ-rmuktuqBuH`6&ei+X!CE4^14$&M2;6-YmStsd!EtNtvVe>TNP`ogJ$=A}|oK z2ocnK+NkT0(h65LiO;!m_DMg5Y(PJKW|k@6)?r9Yo>43vVrvpFAPa5|f>TKvU*!EB zt)??Mt5J^0yH{h986P5*H}v2-qJVf+7K&x9IG)s@#3{jSY!<6HhX;*cEIP^avKwO@ zZ6x#1T!YLh+9!EGejA(pgsd%t%!?=DM=?5h13ZUr^?YDHt$C^qifTa-#&M4r%aya^ z6d&}32Y6XO;F)y=eoftB>Jrv1$(;aHhiCBDnl(NYl{J2kH2udWQwF5z1ta|c(%BCT zN#+Ak`eyR>#jm#*`vLF*(~j=QiLy5_&moPKYBGFoEy$^_C07`6pDu&rziQvxx^xP+u>%1 zaK#I)XaN|Aw%D|eh1zjzq~O@gq#?t$DOfS?wR&xD5(4eGedP;~FQQe-7(L;XvK_FI zE6r2N<*>h|HDXd*jw=TFtRLv`;)H}FzW9pdj{%Dt7`Tn>saz(_i%A!}xoE6n(ahYV zDVJMal3{+H$^1EMCG+X1Du()XH+#aE27x*iIPf!GKPqdB^?Pk)N2wB?Mim-rR46BU zfiH#I{yG-2aX{6^OmrQ>Q6C+h!Yky%9p$1BM37K=ZQ+i^vJY_We}l+6tcB2Ju0mS$uB|Bg0K&E{yRFkhfx%L7*^}3DzKN zh)9%0q|w6r(=D|uAA9Kq9K%irxK>$brbnk+WGd>SZz2r(-uMEGnf_|y%s~3g56MN& zatO7lo8_1=du^XmolqAqy(oy@V7;tP=$4|`UkN<5tZ0VQEP=b~+%X4U_tP$LoydLSPT%8^5@IFZM{E1Eg*07K}zhm^j*6H_qLpc~wB*Wm%31ZE~) zMNos%RlT>*QfTK69#Q@TK=5uBR>wG& zc3vl^f*jK{=3h(`X~Jz!SQk@OaerJJ4a}q`p}oRo+IE_nDdADtcAB&)IJ$3Lir+5k zM)ZCS+LmTdcHT#~8e+~PuO~SRqZ!S7DvvbF7uG@R6<5N&XpiGsX6(5XpF_E3U0_l| zFRi2wJXeg|G!SE4_s57Iu;NHd%64oF+Axd@z$J0?#u_*BC#3(Wy2shE7iBj3#dRzi zuykF?F2n?c^P(&SucA`4Z7%HAc6faAaEFgT*Q72O(T?QKA!b+w>JC|!&3?8I#n)2mX@U%!JvmI1$87D>>l2?24(rCDio zjW=8uU0Vp%c0y%&eiNap!^_gD`Yo<79ZjHAgB7$Vnb%lmQL&MFY?hfaVTZtT_?%!6 zC(oC;M6y*9>mt#hcOqkh-vxRry*00-`Z&FKQ?7$9FmclFJr)qesT8}RgRJZBG;%KZMoaCj&a@H;zOxHR1R;Ik8=$i?CW#sa#z-`NpFno3BU#Zg4UNTq&Ti`dwrn#v=% zUlfZJMsF@dEZs&|wvV(m1ClC*|84>5CaK2jB2gQ>E|M58)gN*j_e0SB>^9_}zvPS9 z2p$mc&OugR4VOT#A-#=>up6%-0PD7tkjL_N)V;~jP}+opr;OCCI1I#3Hj+1&N+zDcDZ2| z%tl*FNbpy|8=Q~gha=!OG4ffs4n=r_0KM`OZ@q688}8*%ALSMXjaOcBJK?H-`QibZ zXFR01Uctw;S#hnx=UIH-z~`bLD6T2^e1y*_eE#@D#r4?3itAQ1S zJap*b@UUUhOv<_+p#n{ao@6+74J)dPVzZ*4fbpV4`7LIwWTDSW9%Oq_K-x=xZ-c#r zIh#wLVhp!>16}YB+lt&#_O0bOFa+T^#yc~dop<3`-W`n>BGK-XKoEYTF=`<>!%5U2 zFZWA1dwm7bfcxW2VbE(A>kAeFYl&WqSH|T;N}JMmH;4~#`K9c4opusKK8VOtTLGy} zl8F(wd*fbPx~e^1)h>E~S3e$1UnPDD@eASr@wVhc5j7(K@GX;W_2&dI8->9rEz)1t-nZbIKfsNw8Hsm@9KmGa znhfj{1baEbuJn|^V=5u*YU%))24sB(@}~qzGZH!)JWB5yW5@F(`athJcm zJP9pL8z)pdHXq=8_9$>r4)&dU!e`<*@F+%$y=xAfcRCAgQ-fV7C$Ab(H-^ zfY(tD8i8}^;3AeA4`FZanr=kmQuOHDQCea&6l<+^(%m{%{WB_J_Ad<}(BpSUn1$dK z=2y%gnY)P=PH-3ADoQT2oy1!+>aAFgI{6D8Yw%Rt1J@J$!!C5);p$-%wfYI{8=FIat3zAMV4uL*)|ARAUKesx^9pt?bV*qlQCHVgd8T zo3skIs*{T4B^(mEef#+RE^yX4aMy}F!hv!_XQ`het9le)a*-Qb#pDL1^B}NI0qul+ z={f2_he0=AbHH0xlLt@(+)dJUwIzIx`tD$WYmqnk3;>+l=3pVzCl9;h!6r|=_t~-i zqPi!1miqU>8L{r9r0&z#jt7GOkGZ!2kE*&Bzh^R&FhF1i2@o}E#6hD$jU?J&f@VSp zQ4t0MNh}E1QhOSyMVLWUgv3c;hQlECdRy9hTl}}ZS9`rz+j=qDs)+%D-}qUrZPjY+ znT{VQHGov+|66;XGnt_6z4v+F_jz7;Cg+^}x%S#?uf6u#Yp<;r;xkvPKH;4AJ&Hbj z2|JRFh7ZY{#x3DH>zFHig3}d4eL(UP1upJCW#^7&i zp-otk3xP}V7w&o~>W>{B6PeaNN*q!6fZX^{R3K{3C;$+3gr5d_R0B)7AZF20m96t) z5kuFXp_g-m=y@Y2>QWxRiEM|nrC8EOJ#@XnHeo>Yh*psvI823Q;ChOY=inLxvrQzY zzJI!2A(X9TyFUE2^niR82ofhvJw+yiAYhGOSK~^#8 zIiQbbf7w1sbw#f47qh>-LFsu#ue7IT_nMR2rwK0pb|bBr=m2JXo2pYHRuA^OqjR|| z(t7<3)ybFA_vBVNkQKD$KE9?>q=?2gpxBJYtRE3!oj@up-d)Ul?-mSkfM zB2w>?r1E{y>WL{$F4(c%d7dKUf;zHq(G0gKNHK|oUOFck#qt&T+s0#usRTrdJYxvS@Np^*k%!rXIeTlPuLL$DH?w6R36}-^Sv8pI;meA!8wIs1!;&R7;$b)SZVZFkWjO;#bB`_ED<&O|?G04!CBDMdxC%=*;|51~Q{KB%@fC zkUZBu>g8mTWjp0I-n`EJ+0Qs_9spcI%v<`ar}o&L>Hsc^jCt6B!3tl z5$cjXDil?C#zDl;dr22qpX_69GkXb6sOt>Pm~cD1bO8(4Kvj7vS!LEz5$sM9fjBk9 zH56w^eMFgB&^2$a(~}<4do4xWVAieRQOv3ilQ^r9RENl{%?U`Ya}3 zJZXfa8yIDTX&$hUEXi3%Yxb`% zGFCWA44Fn!7ZTM1jVx~sTMxnFdOFEfjulZuaHVIDSZzN@s75^d2)UiI1sxceA?32L z75yfuOzAg*5}m4tRBt)Xc8@o1acXveYY(M@;O~=-A2^9I>`ziS1pLcu6?3T^Or1_v&pI{@cbD&BH;zvF ziIZGI@-{@C3yJJwN!lD}{v(@1RxqiblS82Kd}Lke0CTSfW|Z*&X;arBN)1)&rqV~U zMX2Uqrz>rgnr3HPJ&;YbRO-28sGg5hdua6iPCd^`Jq5$+k;c7}Eke~(@Q)f7P^f+* zn`5z5`VzAsjq`les<_Ttr((6wD+kfum5P(dfizHT=ZeD3p0cdnSHcJBTf?yqMghV|%2_Wt?(xw(rksxk} z9Lt>|bcG9!sc;xM>PoAe9PMjUQ&gozo{#41{@VKu>YbzO4ap(AQAUl_`#Th8Qg8VO zgLH*EGGjP?3#}&%m61Jc9W%s8WkPCN0Y0n1q$?#_X`?XgziQe*OD}KfP?45 z5xm+dLDwfnD7p200fN^#IoemGcJXcx_7%BR$`0o!BSvhh<8xJ-P64{g4nF^zD(`S| zw0|=-pZA<0_{rB*&*+xwF8u*1QX}PvJ)Nn$mC<$Dv3>dp_RbK))a(dLpNW3vm}Eig zSv#3@`F=XDm<8vcE{k3-lU}!{-=>wRztYQhvp4_Gj6gA+n#R+r05fE)04L*&zHC!M zsTJZ!;xjLd=|v}0qvV@p>$uqC?|w}t5gd?(t$SF$1A?fMcM%x2o)mlwbHILMoFVS% z)yQrSq$W@-4XbFGZ#@HcG~*d($N^L*$;aZ(!Rn+4LH-wK3FNqW?56k^5q}{!m0*`V4zx{f0qFN z&Ko?*%l{S|@Ya0fzpa-LEFyuVnqR5)DXCc;N#dUpm2C8uTjVZP-FcL*JmuJ~JnL&i zwHBwR++BBUk|t}!uq1S$2)L^8n*`)ouk<5kZ8lHEE+)|wp@q^wmvsxd1wI0rR6v7* zQ4a4-m2YWj9`2*f(Ze^#MXTX#j^D$(9^=y)samYuL0D=7jcl>jJ_`USMwB2E&@nnN!>#upzm&M8p#5wXY3~SM>70YoF2Sw155*p%4{yO*$5676L zPK;URQI8|l{e5GWrm*$9uaIzNTYfJkXtN271fH=2cVq(*0ec9<+9R)Z-q`3M zRoW*`DcaYhL?-Zei;<6!{9N?SDOnULcc`TRL!(A~QKJrBty?;*QEy9NB-oJCuzdv4 z%qD5qLK?P*Z)F|gzfI`Yxbq7Dcu^t@C&G|bR_ZYc8<7o@Q);Pym$1J%oPu?&O~ciy zj-u3mNc`(gydWSfAs3Q2y^6KS@kW_bphRY6mGna40;wPV6`Rrb@xXhplgjuW`O{w# zaQseZu|UVT zNY=XgfMWpG+__7Z#j=m0&hIIGpySe|4m$7}Z^`Obc3g80EbjAneVKgCt+7uFZW&=D zk%7`*=LDkG&@$8Zy;YouzelTOeW5kfeQyRvcG^LCPLMAfbiB2Hj#>?NVuA!Ay)JZ$BWSciht zfewoZ`Dg5Kif*=EvJ5vg5{K0Pc`AW&6=!wReK&0$n|}rr&EHuDLmL>&XW5TD(Irp`I-Nc zQBnCi+K2O`e=7J>nOO)KSHT@J=+4UEk`>zJ&VJmxmioJX1B*5QfbwupbLVwpz z2~jSIQ16wpXYeVGP3}^$qtV5R?>vQU<-odqmA?GqmOAS;wo{obMW`+{7C5Ou#5QSK zk@X<)AR=`ZMdeCeB4sEqs%X*0i7HC$nmr7|#ZD19>f{$;|Kc+>a#PlS*3dFu6{Obl z_)C3-(pXXi#aHUf03a)Lb-rvJ<3o0SvnSH-A~xy02%o7_qZ^cKLF;#m1ymU|%i*_0 zEEs|?)Tx!P*F3)}$p{N9v^>3fgZh!ZWOvy%%D8*Jm9NZy2|-(LifV7O(+XoFVKy$< zy}L(MQJf0UBI8C9rJiB!W<;Fiy3w1+lj2B@%eXEZaTa0iW7Opr#@Di;GT$m~TIxQM zTVaZ~-gs1uZAC)ZNtoH)OByX@Xnx=)UU-O#K#8a}Dc~4I;Y5M;@FKxcv+zK&xvV-$ zG!L1xkkv31ZJ-mOrDAm|C@>g;P)3ooNRp;cl{aeS3Qm8Q7#eXKk{SgfM0Ou0qP5wo zM;i!^W8!DPJml}XU8TRV$PjT(k7iD@V5H9F?=}M{@Xk<(e zVNb$!MJMT^be@3@iI9J0vRD3g3kf7Tcks9JbwQ%wBYmE6pVJa`o!6uEKJm^FxdRxe zo&AJ`)~c^6j-|N&y@WSg@>h9mC9K4nL-q94R5rBqR&#OxK<5IwMJiI$juSkz`|x>w z-hOiXSmSD87R&gP!^|TW;5P1T%{>4772-=!7vwNm=`IHKAFmXMOBHWZl^%1TOY^HW za51%A8H7)9>zm$MDxFIa8RJx`y)?J>61F=K<={p4GG~ha%KW<&r7GX9VsrS(4*e~S zjW%QMrPZmP=xqFd%60LRhHwGfRFJWMQQU9TgCW%nZnqZge!CnT3d$^RO;l|uN{K=M z4`ke)L)yH^2;(xI=_heUYn}{CnTiuy^C^z+@m|Uf~nLT9Syi!)V! zx1c|UL)Fu@LsfrwrwTY4nP59rjl^)|kj&H>BISo|*jv+d3^;ZtTcb zbBJ<}t!9B;&DEqDoL%CL%ru9474+#P;VtFH-PwZjzX0CRc0t9YIyhU|Y(_^OoE>n% zy&_*axN#qOqIO~%8g(D z!{S!k#dSz=TYCY*RMaUPnJcCeoidP=(HNdRRkS*{Su@)gDL0FL}AhW6KT`gS_FnyYZNtq4~@xyb;Z57zrOhc|W(zA-xVq?YHqSI?>UGeRt_goRs{9WguVlpN> zx!PCfAW}piYrf8!zS{VDwsBL3iWX+C8h56hZo1K&O(&v?1Hwq+>C`%~OP9KBBh1lz zl~?aTBUOnUC`*ec7D;mo)ip_2r7+3lOt{)!XALvAtfT^Bt+SG;4loKSLY_*xh@PQ6 z{XoYPxeFP8$9{E-@kp#TR*|0TjT@`3=Y{<8@OP)k4H5W6HxPglUL;i51SY9B2IQV^ zP~?(n85yhJHj|HK+|d>UE>0azqiv{4BWH!h;#-Qeo*yfnBtq{vn&xYCR{s`<29un@h5tOTv*U0aFgMa5siDBDev%S4-JCB81D zQ8^Ae)SU!M%xkbgwkiNe8-fN@wWVUJCrBE8KK-j-QKjgpp$_edKrPn4w&m^@uO!I! zml5Yxt`g$#atA=d!2|qC_?7y*O~^}*q8nb>vPM;Gpul)x>?e%T!9+4LN;xFsDc$sY9K}_xoT7rAIS)`et~ zbrp9JYzP{wvXI~4K>o{l3i8Uq%GXm^F}dt=#JNq8cDr(=J1#z6u!&LLIVrg!?3|2O z?m00)(zgsM_ngF|%lNG-R{MJ4oE681l+U1kX`kcAg@aX{(k0?Cp^2*1>8e|nsa{3_ z(m~IOz+CyXHMUhWAkxwOMq9QGS?qr}*KPx&q}2L7RYU8gYAz5ZOOJ~7a$yvf&i|#c z-E93uhcY13-xf!q%d%KCw@a^b+-9n_qq(V-QFa^xsb-6!zH_h_RfUvdGS_7;S}Es$ zj}Y5z{Xk&ID&$Xd^0w!vx|IF6d)lC>j8y?sVP6z=!@=}T4<6e>NLha04J#@ zh!y9di1fz}sk1enkCR-j*<87J9z&a0)TB<7maL5E@zrEqM6lq(E5ll_|1q7|S+kwL z{%+Z2GgqsD_ByXE)*b;E&%LiGczwtO>V}T*6DdN&w|QFIh?506E;+Y5kf1QJhxx`i z#B#j~<0-Wb83XIK8+2jxFEb}%}H1&YN}wDg0Snvs7DaE)&EDc`vcnOY7wrc!})8Gb>$*+GnBo zp~B#a6X5H!CFy<<%}sT3mK%a`S?5tN-wiXZ85ARLRw-qp2P7Atb=H-ts;bmpcI%9f zXkThQy{$c*+7pJ|4Vg=ax?u#nrAD`;{xkV(mwxZjl^PY=INS^^lc8pY7VtRDI0;J! zO_?HpIh}hCrAo&>NI7BaZN41WTc=9HUu}lSg4X4L3yWL9wt@Abz%j240b}~l+h9)Y z+HVpNO=N1i9jAZX^+R4Y_u=&Ka?)F`5MZ21YE(|Ucn@2Dl)v~A=fO1OSp2qFwNkta z*g>JBC?|lr=ZJ*S#`h+^x!-_%1S}7?``UemtiRhc&DMF@%2#dSME&WsKcuJZ4hCZS|oo)j!8@KadH6fe6ske%&%u*Lcf&_h}%H412D%ok{}9#t*QIxt-R zcjg($WvXziGcMsevhM(lZ9^k`#@r;T1sTt;NY&QMr1^)O>_JIy^^(jUJgoIP_LCRZ zMjtYNtZfoNy_pApA}Nw2js-+b z<`=1OC`MwSm|YGohA8GlRjg2q2=-33+j!SR`SvVTEd!V{_D_>Ir#?w#ez%vu(|;lF zm|Q0Wo`JMgEB+8%#yVi1b3k=5pt+mKTZ%Gg4V3WXXP_Dxx$M zB&8$qt9!Ssop7fi`%s}vTi(BySHLREdM|>Z6%*#NUT;tsV1xJ$6odMr@cZBBfnthU@!DebpRQP<)OkHrka}21VMca^T9BF}0Tl$K z)EdYmS7|QMD5`T%}pC%DFOI z&J)J<*>cWGFVmM~j@6fBjxe?omu|4z3ssiXNky78lt4h!)wCQItSg_u>%`kimGz=( zIuh503yfH{h6c6GjmCd}NXS4MRu;C7@Ij^$YnAFw@p+J5SNX)l7gHJhGO%rPL(%eh z!&q@_7YJP{K{vi9p6|wjJLTK~QJUe6EZ`R|5MVmDxj|n1DsjKbvhDU^%Qju{txm;< z>$RVZUtS^f5MU+u6Y92Cat+L$IJ+aj(aEUuEeuLIS?%xMNQ{5yZENYf=42=@_U0+S zDkZ2~oOQOCE4}mMbD4-EL?;{b#i?M4^&93!2%w}nzPKPi)?1)0d|#H(1$ZHRaZka_ zrZuxgE^Sf98tj|NDRa>`H}osrXX6G+$b1ktnW~eK;osw zyfKWvJDS*E3mGY5W&ihLML42v>5mN@iDfEpnCsuU$#_k9Vpzb#+$sgh@LHM(m54vV zVIjfKg-lf;q)%)t2IQscGc$&wPT_YRznT0l=jU?gdHnRO9yveNVo&McADW?7{4SpGeMJP!XJ$$Rrct702k*;zhwVWD|> zz>F4=|KKJ^Qy-Z$Milm)PpH37s=v?5U-Q~Rb5Q`OOYnyT5+h?`kG(0N_`B|rIcr_8 zY;bmI9?$BCuR9eP-~ESlLAMnd-Tm9hh)2la!YuK9^FZv~IuKDB9XZ&~t+6K(VSZP2 z=cOy;B#Y=)wOkSFc}W$&@gR>_&#UUA>n}V^x3Kd!<*g1*>F<(_d$qX1=Z1O}ja1iT zyl!^Y=0$w97%Ki;BI;LS8Cl2jAyTgwLpADx%k#t5<(i6Te24m@Q?#5?*=ueV7+6qV zZGKw-=%~$eN5XYAeXBmfskvTO)vcsNO3PGOKD&_bN+IWbu8EV1O*c$y+;xlQmCyOGUh*k6Cst?nD4{NAVJKydg3*&*q9kmKkiolw15a{m`hX%)B zPIy8Vb8?i56WEo5f~x__30r@z9m3VMPP@zKa)qcX!&X3#(Jw?)b8ZH(^v(=5o@e|o zu=Fh^|Nlo=Lh=xw1SlJ$l`MGGz9nH5@c7_N@Kj}eFkL~#>A5X;p=nrZ?omDpg8gKB zhGb=IbyjdoHpzr)*w9(Klk;_FvrACwik!|;xud5PF5!xtAQe#259TklekjRNIQoS3 zr4xi~QT5mdNrOXkMvvsR)-YSk%u$H{kP^B9fBEbX9D7#lrV9mDpKN_~l+s&_=80j; zkh)Zc0ToJl@@;lB!JTxHyU6GykKPPGneG}YcyoRk`=yt~r)%mynf)M3R#LkX{r$qJ3vQ3$psz56qwg#oog|)Gv zWv>lXQ@yDG@%B!XOkbkRnXZO~SBECn7Uxu9EXo#LpL$s|%}$-yWFuy#eoaJJVQ;9; zYqRnBsXK{xwsdjDTGeWOUtwB0;*3^n6CcLvq4b8`9px8DcNB{(2DTNh%sNDVfw@^1 z;J{p(3-g9-QT3@)1?F|&N$_B1BW9+2M6_DJ)!0>7+?I_kPyGc=wga(GL9A)RhBzh= ze{U$g1M!XMuRaHHnTB}YaEQxtA^vH$sQT2ms9N1_vew*aGZ@-CLY3^5qjQNzC0Jz_ zPn!P%?cz1@%BQM0fnS z6JXRyzTXoj{jRD^Y%CcfW%LMkU|DWpiMh3k?}Sf94iT%JR^o;N&8@QMr=xsB!FF1S z8wxbHR`b0y!5yBpyeP7e5RKutD;0|nP!k&^m^TMLNv_Ljv97vVaRF_obxMnMx&7@T zO~lWAls{7J&^#n`hd&}g@pMZx3EX=?0WCFDp>h`qM)nR1`? z$ffqV`+lqWYM|Qsj`ZM2b7YOr-z~?1Omzd_J%swA{>t9Yi^M_V(k1>o;7Sr2(4l$5 zL%ljw?(fY>o2NsCk>-SA1~!R`xH9#kJUh7UEmz>X{6_!L6?lx_r@a3s&t-4B0%Lfe z$Zrb2i}+p6?|Q;L@3;cR{Lbdr!0$?aEBSTv`vJda_>G2TPU08hcM;#LaXjAqf)U62 zMvfYN{QvY{;qhbaq+|VoamS4>8kTXw#7V=xKmSqesLIq6x={WNW4%Yr+wTXXu|rM% zO>&J5PWSfyS+V*ZJV?g@Jbevmzy1jJ(6u8wv zjw~4A8-~rNpGHjZHLLlT>pNS`M>R^X@NeqUD82tZg;Ik@Yy;Qmt~6&?$*d>M4_o`r zQ^S@SZhdQZXns(1@ z&*;Y8*#!0J--}|xDxhvz!{Vo!9m)U7#^SjMl1k~#Hs zP*1bTaDiv9xpu)F-k<)ThESBRkXT%h`zX)R)v$eo_vI3#>wvLPrx&StJp{Y)lOpj?{R z=!Nzi7G?u3Jgov`E$T-mFRs8dl4qKJcARl@k_eiMuu=Q@aFcAmlvZk*)=7+<6O z)HuRyP`C3vuu)jUwpU$&EYP%L2xR(iISFziiwU|jCn)x)>>aqGv?`I6E4 zAYy^Wwf z`Zq#9{@cGkQj8oa$wm!JJGyWTbIvf1*Hg;+aA^6c&mYMNhBs*w{)*@zwc7E<)Y?g{ zv9{0DLWL~6Wbvi~`?G=B#U!%ciRGG}SYJ5nM?$Yw_!jq)IA>rw*R*#yCv=4lb-aq~ zQ^n|&>RS3&XV{Z1JZAy;?by{78?(NxS(~JpZH4P59_)9qDB>Pn zCgere47estL`ANq=fVC_kx_(rybqDW)p?=FK+&;-{bM5|uNm;V^9#7tR9@V9ybSg) zi;UAXteYsIp?X5?fc!mPcU{QrTV%u2YIMlPoUEu6vaGM3sh3-FhjHH0{uX;B-D-VB zm^bPNyc)w=HrX6!lWhC6B-XcCUjg4(9OK8-C&uhWYBVhwrd)^edIWeN#udI7wpJvcy&gJNY@Z7xUWIK^OaP+Lc>Z;l&sf~gnykE-Ag>6f6 zR0)r3dX23ub>U{N4wtQN)hMl*ka`u;hp=a#Kgof6UaaR3>0HsqSdYwGuIP*wYc{@6 zW4pZfh==Lu*`&ti)64rXjYmc)I0T}MQheyDWCtLNd|uRkMQr_4HhXTPbPP#dbqtxV zTlp~ORt)yJqrrAp>B*@1zko*jSMl`BiLvg(r$xf3}p-0_i|w1tUjeNyGgQ`nON!c@|4^ z+XmfUt}$y2)HD`FjTnc=qNmVXifZUC>s4t3$~+w1t-qQo6HQ(PP_8TO;?ou5VLLg5 z0dTRj)N)0XdWkx4%1gc_++Jn-+co?8r3Tuk9(C0=Sp+_}e}s4PtXFe095h3|&T3g? zMaT4Xz)w0qt>^`*c_y?Y|9V7@wOW|EhW6Jx2#WnWxQ&O))PDHI+2I4~R$@&(0T4}K&nKL34v91l!sQpr#i0$J7zhPhC02Znnga03(A7y8BUi4J2$sO6=Y*||Of!5<$tjM=4rn&i3+HzS$FRC^DpkYJEpjL(%n{`xX+oCh0wo&E^0_ zMPygEAxxrW{MxL)&J-Bxlv7S(riQHxgH*9X?eteH3|ouN&^x(A%AK$5?UqXdDv^_u zO*UMU2y6Eduz+J5qxcYDg0s08uOWDuRLM0B2Tmh+Wmy?G{=bh_nQ0WJ&p z4RNtuO>Bts%@#LJ-9->eM#c<5wasDc6pH1w0igCkr2tdGr!=KDY<-8+0?=aP0fnfI zd=n!l$qn+}pvrIHiw%8hAZVYI&nq1$7_SanjVe)~X9S&b)LR|(G~IZJ6tZ_LRAlcR z`R0~#`g=}R?`7)mndTkLF zJ5~KXTm3yp{bj_GR~-HK_h6Um>WAs{4}9VZJjrh#zgPJEj^7{oS^PfW_g8+O@^b+| z0l(w;74s{!pF=K$hnxrJWgQ0(ISdw^fv5}$*dTSh@@8NB$A*a`-=WwcH@<3jbu4{R zD9nbZI?HbTd!Z0sk%L2ZJ+^fXllstjmnm2e@EyFh!r-u12=HnjLpJZ}fPtW&jJ=sB z!_e$p$2V`{pmvhcE3(3Sq&B#uDqy{Is*sqlTC-;h>G0(0F*o=IyVO-mg(Qc;?BK!p;a4$KKjwOV~TDxsoSRZcgAW$F62lEUcZ56kRM1qS|vq0T!A zvZ=EjZqvC-$W>2GvL14=?>;VDh|F`=6mrWHF9+7ul1U~Yl{RuI7}By+ozGm-7VF0r zl`>+FN_XU9rp7oaTd2fY`%bYjBVS6tyTM6-%chxXY2Bs322GMiqe*}TO`BOn>9tE1 zO~0Bf1%f77(a1mg?4(xfhdS6 z7d0Jx^~7E-39dP`ZXzPxh{x=hn~LTgeB;DSY(QDNS+!EnKC>%$FBz#0Q^jEH&~cHA zVuw!UP*?+YY=v?gQ(3a`Tgf7~STe%tgGuj&p1m~7jl}MGGP!LBxrv*a+}6umdK&DM zgU;XNU8XaxyG(l5a)_=-W~yXin4CJL&a*?3aobZ(T#hl|5KH_rDB@zNdl$=EI3bo+ z7o5zwT<}oQtY$_;289TJmu#xzjo|yl3m=8?PU2M@<%ne%XBEftiSoZen-DP>d?w=d z;@|=muo%Ak9s%(5F2z%&5FDB`kSn&UmP&%c;uk|0f%Q#Pbly-!|0(&TmIg}wH|HZv ziQm^H+LPNdZk;25gzH$&P*Rb(u@|r%iA9fhScc3T#qv{JsZ5${t%gL%8ELNzTmPa< zSs@p*-mc#l<1dl7*e&ApYmhk=@D8Y1z zhBQ-kzxB$AB*B9%p`}Bidk95imc|LL-Kqia{eqt%I2v25#w-}!H#2ZayJQgGqbGuF zYO^kvc4E{mo;xH!{@FK?!(*JON6VXD;;eUtv#jF?o-*T<1HU)4vCzFwm{sQ<;WFHT zdtZn861L1dBj?QU{a>ai*c*GSmq?es&RDKqc$Y7kB>uqDZ1iTLis@Mggec_5JH4Qe zjl_<)BNtM2i7RrU+4sGJ$k_o8Zl-?Q?0HHK03eWBaiDWAK^+kwE2lpSk3JP&?8`8^ zWO$aiqQZVgRlZ>M9Xx=~bJ=ufSM|#N`P@{JSyQ;s`tSrnDz}rlZ$W#g9A#hGpLtLw z9_up|=VgAHXosW;30pr_;XZ76dIiSwbWLZ4#pmt8kZ>~PW`J_mcy&Ftd2?f-%r1=* ztCnB@qKAt5tL{iI7RI56pe#>ItnbhZqIl-GOf+9vZQ+1pXq?umL~_ZCBx%*DPu3GEf+8R8;G=OL&6>nfrzAtzQ)nQKAIM zzhOFu9)l3;8rY8`{~$9nDXdWLT-M4JsWOtQTElx9f|Ej(gVwhxl8{<)IrTdr=N;*N zomBK|wIZr~oxZ`?11J3ctxKu2M`Wk+-7@QLYm6NYuvs9u8jPIf--(&pH+tRtGoLkI z>r3S&*9Dg!_;>Ruh^sjEmgm6FC{*a=C<)=q_X%xKBg=t_)F|9Rtt^;33IzgSF*|xm z&mo}9%D+icIO<1}R8)0)DN2F-9Yjk6Yn@kh1ha-j^x6?zH})72!zK&X5tFEZwE|F# z=gls9n=SzkBDsfZrSO}j46#dHA!#YJU8k*!?FxE!x4UWv){A-X0=uLhi5)2Km(OJ! z8ab*)c5!+v-?hjo+ldz{=?}zqEA-a9;ol;11MwL4;s=)mywl!KCOX}c=8fJ^13@G; zSp;#S@YkwrqhI-&x2Iv_0~!DW-a!^*J1sZb_ePKOl=bo6ARGkWz6nUoPYl~GhEnHqI3YOiKU2?rftpbYhUBZ`zt@}w!r}I%lm4Xzix{E+z354PpiM3qV+A0;{AAzqj392U9yM%Gw zUKPvrDscnBF%c}YJ2SGR_HXepageZt^`GRO6I=^RHg`)ef$kI3bZ_+cET>9q4-?7| zewPVPi7Yhl4R#PI=#9{D$HzLm++X5Ui%f|)(a?Rqj1u>%iFJ8@wID?kdh>@_qVL34UM5+kXCw(j6{zWG$$r4E(B zL@HHo8J0zI6lj_HRObLF;3s4_wp?KRC%fDVTLlo~8|tW{kTxNOy0EoUSG8C^n;6Sa z>+djkw(-Vj6A?qWZfsYbO#sI$mcBeY5!mBS=?_(>srg13$ozpagm#1m6q6T2uYNgc zwaaTAQQi3=e_2Z4Q>jz(k+j|2KGGIf?mSNQotn|;IpOl0QCq#pwi4>|oICZ9$-zvtpFwrTCYVhr|R+80TQQhc+4pj-wO0{LZGEQ|$ zX|kluI*WA45>Kn=b?y&lmrZ{AfvUJf^8bU05^bih$uiXWAiu zCM0bAh`+KmpgbFOzi{K}i-y%zQQ13Pujeri#bgF3m68(>DzthXI-lP24psQOWw|h2 zSuIEABTEJ+MK6U7mN5)mt)isvmsR{Bx)ujV>Q=o6fj5>}$aU0~aJ*e|cA%l%fJE2( z6%Ej8;L#12m6X&&9;GZWACaANk3yG+0@J83s5=lv% ztQFJzV0=WvV;0CJ%xpKi1LN4Pi=GjCbeohMJ^2{_FJn6o%SPGyf<3eI-0A$y1>F6j zRUG1Nj^!K9NWp4F=S5;cv<_x<6#C843P-=5*(sBqRVb(yZA9!d_Xe?_7k9u5m|VT* zCT12UF7qau1NLrlq`t-aDY^#T{f)*&6s^#sT}KLr7LPp^LzVA8#3;b}roi8jO5ZjA zim-K(Ot~|av_4a>^SNvumppC`=$SLUp4}et{N&Z=Lb`j`o(XzN-7~$3n*)iP3$YjW zxUYrjNd~zd5GOuRimWk4=a7kir_%f?mw9n6by3RS*i3IeG*ChH-o*H5qetc?F{*_i z5}h(cgu{Y?MBLCH^AkO6Mo4gLV%rM+c124fzLHn#?h^$W0f!iJMkDf(8jl6AU(qNc zGqh61K!*%5`N!y#O@f#jm#$>DbhC)u5np>=IJF7Fi>cx0icHLoN89kyzx75HEo20V zv{+Y{Ieo&uPa7A+>1w1VF^7|@;0pV*Loud?qAOD4DA=aiLvO_xXE2u9AzvmWY#qm6 zXOp6oO^V~w-*d*_039Pxs4*A?QYIo94X)^@p<$s3UeW$=s^2qW!hmN2ssBGD`w;nbkO0cT=BC`M5Xhrs^TNvlV z3I5-%FpBzsBGEG{sFD~;};4$`k&Fef6EvWJA^J<964kTg+s_C8o{}=&1S67 zwzQG{nxBZ<^gYla?WUe z;V3~&z?{1rHh4m2jX`dl3g%0~aQlSJ1#ELak9=o-XCHNOK-yjwnA=3fj80)P8T>or zlAeu@+j%I%g87E84hcB(0;D}e5qxj?NJRkp+*hMG zLe0ImH1g+zja6)qfN;5%G~zSEW#-zcTs9sqHP;I76VAsHrU#6}`ife)6MdhIIk_UN z)Ucd7Iah91c)+JB6uW8ByDv?|t7(#w#I%9}8uD^-uuW@`w64T(H6SsqDa_n2`fcko zO|`f>K&P|>w?i;hQK00MGKA5g@(O9PDzDIR)yZp7=6+cpS-<>(@`@6Tg(F$6<|MC;cYaLWJvZXZ7{9!Kva2p7b2~(Lm$dW2@TCB&CphpA}7;1oRm>Ixl z&)TUYAf@tsiRfIfY$c+jV(Y{C{#cSs6fA4L{k*p4w^+X&qqw<<}Gi`W0)YlL|eIVR?LV~+}6T+z|~$NFnX0*+dXsDqb35O+3VEjzr=3ZZ z8XS_EpOq9QAsmdC?8{keRcOc%gYsj~WYS&~b|p}8AYVp-r(Yp%32?|ZObbtQt57ki z7<7?3F1jO`N+ibv)%2+-f3-KW+NS)~Mf0sk^*{u3@rOv4fbGsKLUPg<<*EEap#!sh z{Kbt}SRSzrUL?~!yovN7YwY6KVccr|P(mPv)LbzFTm(>>)yR=C<2E8;HHVp=%mVYN z%06V)d*ni14p{2Fvgl~!MN(l}l^FY2BQLGu7w+eZjtWzs5n$jpQWyHzH2K`YA9Y!_ zA!Y}vw#Q`8xc%DHKS}%{Csgf4rf)G&PuR(1o7p&v`1A@j!c#jW0HoVMf1A(r9ODD0 zgvW{`{&>kyWBeo=Dl?AJDQTw||LlYs-;n^n@y%?2AnUP-lGetxuxB~!$Bs#rpw2GN3q6+0~Jr;tKX+*G5p;Jnf#Ij=M^T8J>f zMVM6*aIWztT)^g8hJZsqkITZm$SLutnoZ047q&_Xwx z{p4*x8|%@L6E=^Cd(R@^l1yAeX3y$=V#6DJSH3=dy9BH`$;@o_bING2KFH;Xa1Lc66`_(+H5i4H#0^Luew+uMQk4bt z=V)8EAm>v7zH>kZlx_4QLn1QL;nMiEd|m4?gdLwkK?uyTM>a_QAHDc$J`um9GQ`L5n3!1=qyE0H6C_`75&IQ{kq zfXm-?NTAy$P?NWM+f^$0)6huuHsM(Q?q2mSI(C2e1H5YiYa#+xzLee4?hUt3%v^AV z60TaT4YO4z#SUR96cYhcZZ+qC$PK*PhI{_*c0O9H2VRxGf8Z}1U*>~ml|H9iZ>M$s zt}1FBRA%B{fA_h%OxuLc-+hV{MaPoHWl5XO{p}pO`5`3Tj*4nqmb8}+5!R`Sk(Tu% z^sQpQuhD@xDw0vGN4b%VwrR(W>%*G1y{l$-^hkr<(TlW#4sKr+>k%xvBIR1Id$8jt z^2tGj=<)5#<*x79YUEnqgRI~hsq4kMdM@UNLJE2QTmOy3{+-_wI`Qv(Xd#b*PKlC# z8qqnDtfbPCtV>I>8~2e6FnqX3~dD_?URpH+mp!cI0Eu@91&oLtD)M&=^I#|u z_^*@@+u(yh?v%1-7j{$=x=lhK61xKW@LLk$mP>l(^EPDz6r6C|*fATI(}*G{ss$PS zhQjtDgmtyl#%*?6%YeFa9Z+1>w^5~O*`fOkK%z@?nBZk<5-#hHJtWl30Qe695Z>YM z{xNT6W7U+5pO8bI=vjkqcXUc@ebCh-vhqW&Qed3bmuRfYy|unf>Kw*q-1Mfu>lwnc z^!Ot=VI@=}1Bt3`<2y@_AD`&Z<5;(*M{LO~68bo)M z+++b<*qK%y{u`c-4c{e1prIC1gR!jhcy9_Dg@iU+UcNIsd#QZnl8VgEcX+Y3epQBJ zHOq~m0lU(!-H(>~)`?KZQc^#Vu=9t9ZIZCFoiJ5E``1%zBy_nG zYWzuxwWq~Tj|e2k^wpmfLt(0wQM`l9u1HJlq3!DBa%k)xA*jgM83B}P>qg8FAMfiY z+~X=G@SGW?r@CAl&X^J4v96T%4RlHgU|e~vwUHgOYcTH1LiGtLQUm-kzU_oz)3Q?n z5>9}j68#^-?2fU?V^~L?VV8~nB7;gX9?%R5mg(@&ix8WLz&a8!4aO{7^eiVVq{D`j z?+baFI$Eq-Ln^PHp~J`<(aY>5K(yYdbf~R;`D03;v(fxdpDHvf>FRpu2fhT%IRkr@ zT|TU+sr&WyU#?k-GucA_Yy@;%Zps#Vsa2)Yh@>;e6|F{gcQ5tHJRilcyjsZEQn4Pl z0Zg~0|J0a`(!fjbOhcoWUS;-Y#g8LusFwBHD6+ANQQDkfmCz<~*Q<7tp|z{LX?@%p z;zSlJ#t>x$#nLRKDb#-@=C|59cZ*~fyG5jyR;#8+)s9d%iW`U372jylE_Xc)HeBUg zP(Olpm9YyKEktq%Mwf{RL1LjVJzK7Sj~&flcM(2NJbkhO+EG0zT7maw59cGiYQ?Di zx2-$ToCVj%Cc*Rgke9X!pi1CAh1|2?Ct>QtL(iO6D_*C1(!PA4)mm$RyP((TdDJgn z$EHTkSh7?$kx7BDY}6+VsT*x!PyNC8d1D_sC?^1#hizVZVg22|h= zshD_I7DbAgX%4QgeX?5;J*Zpqlq@TuCUOsM5&!O^hPi?iHx4%`@9ivyw0BG6oxFZ0d2v4(H1O~c}?abt9MX<5u4Z+^KMCo z9E4$-yvaZ7m0E>5&8u)@FKdipll|%ND~@M=!zoeE4YF>A!2a-wGQJCvq^ixy%IT`U4phez zS{d0$`S11fPpj6EG2-awA0{Mht>UkvpJ)4W?dtT2Ir@2}F|+r`V$`QPS>|-^l(1dW zL@tSCCPf<*VS)qM8Iwl->}`?jiiCeLs7{Ii^Yku;Aym!45)zxeBS9?EQdzL1ONH0M@YZz-mA$ z5e0zW8$i3mc9{7cnIs8;(O&{S^DAg6Xe!OD^k!BDw3c;c;T6`MirT@RKYkiX7=NXS z5T{bOkTj4kt9+kLF}1DkZ?Mu^g|QXE*lOWtN0@zccgQep{KvZn>tq22_xm60lKHpH zBeA_}pfntM-#}=U^AWN|X0iz<9SKKHjEBEf=k6brWcS8Azi0nj+9lfv&gNKic6UrR z_ZepmwjO)^RSd^kW|119wvl?ycSp}If8LXl)llkNEFQjSbH(?uLt<&!-&(X(Z!J+e zM}xg*s*#RAC-@tEwkWYpn2Fh^HfT#6>jlnV$(S$1ywcn#+aEO`%YR#mBvnUo`7Vl# z(M+5RhD9}MZd{=g2K?OzsI1vMNzS|3It(VK7tML1DxAWk0qK+8OZv=CAAda?Wp|FA z9H)RUOrL7p$spG}sDmg2{}aNp%0F^gmbq0j*7QZH7;OQ!Dy)2OLWQPpH~kzdKFZXE zlT8^|Y_O^0(3HYW@=N-4`k^pqIy$q}x}sXD@M@{y_*Sdl{#Mfw)6nFRiXmZvu*jbN zOtt$XyB%U;p@44R;6Qxieg|R_49!?At%mGg7}cyH+6&u9Vldcu04iqu#CC~X!q%p# z)K6@C#AVG+e-weflWL|jZO!*Fn2s~^GM9L{t=IfGS|Ex_%InW5bd+@+MN%B1&O~Fk z6Vqx9d?>+%03?2;6ja7@PP9N{oiDIpxlU$gO75NTnYS;a27tL;fN7!nN;8k49;n%m zA1mxs%zAH)TKBI$A$HWeYJy}p>wSr733sO6o4C|hImqnK1a15wr>arbld8*sQLJ$) z6=YuS%VXklS%Yu{b~qp&k&jmrsq{#qnI4Odz0c!$3LjPoyvN(}Vmv&o@d~wEen=JIOV0GT z3v83!T>naDV{K+l1B!KzT>aN#jl-tJ)Z2eIj!=dexBx%_iDXjCPM1p7Vx?b_>7vk_ z+fZ{DpW`jd!Kl`gG_`p8I2TY0du&!ae(c(nWY2`V*Ef|vw=^-gL3w1#5|rA%L&1;W zqAuxbuR{ZYN=|-C#aOKR(cJ6r686jRZ;thJ@aAfTHe~!Ntm#F~_X$of&^ilVCAGO- zHq2^Xi;OqMW)q7_y!~70vzqlzTxLz3^_TY*X)%wTZ%oK0tR$f!!k|)%(L}MK# zm>sp0z%3`3Ca`%~D-yK1);oPkmB0HJWJ`PS6A)Y9;Jt-Y!3|~$n_6o0l=p>`-sxep zzN&qqy*~;AS>NQI+aRgey&$@y==_e0UC}um8{8b_?Leavt?S@+VG$#j4>UFal*lA^ zDZQ4rRg|Q*Rx6#j($8~A2T_akskQD% zO9u41TuD>tl-rJzUR~b5P###Qg}V$dLjd0{y+(H>uB*!Srj1eQ)FpLhkEAGH-_V^| z&rU!Ccer6=<>_ZfdsvV8w|*N5gkCE@j6uOGnmRhFiv(A4BRrE8xgi&uX|!0k?W1jT zm(w&Rj1px=(9klJ!0tt5NRUH(n!s$1qR!V_YnX1K^j3_^chKZtjo^=-Dt(Chf#`Vc zuN<8?5iZVJ4BBoW&2QDVk6LIgPzV?Nl^NGLBmn+ouZ;e zR4QZgils-yuPo3`mywS9WBnfSv>nPf7kZh;Qh_~rqnE}nb(>Eu!G-Zv@h^)v=J=&~ z4uUnj%M@i}$N=)4nCxW2i<(b_PSv%)kWr93#P$oq-S$HHNiG&30jM76P+NRN+B|ny zev$0#{KDj5A6iGcIVZoQk$<1dUxlDqh&i9)hWE`xJA#|P}3JZQ%|xds_~FB$tqR7TWn*rTPvi)#wJ9`xea3GVIxKB7hv}S z5gP~WBg^214~xD*o1;|0Aw*)}@Vv~uL1DTW0&wL_)T`XVFzF_?KR_z*makGLXQQO7 zRq{olOnoeNqZj2&SuzCF#BBW+7u7JJ_0*^H+Ed?WOlB0Q=e=}oPHv@KRTJk8Uyxf* zc#k=`WwzThLT+=yn>V*S_fwk?*6h6aQXwHGAh2INgmz{X>k~D1bCPMew&UriX}{Mx z1Lz@MhN4^C5O}S3b$}emJou`ET7_Y4f7D{VG*!{NmcFs2+NHnMnavqOKhgZh*q@gM z+dIqAn>q((hGaKGqDv!?qeTKCktfW^0y+qin{=f(u58;m{cPu@)Xf z#+~GcMLqnEz@v_Lh~bdF1zTQvWH9iu)Kt`;Xq+=dybk@N74RO@p1+o>_C18g+hw=s zp|QFo+X+r|wfSff&})}>v4LjK;d?~C?f`#}%O_Y+5v|$LbgxWj*@m2-(-2uo(~yte zKBgfu=2SxjRa(r+QoA$$TiRj|tIe-S{g6pkGwQWg76fa{%r-H~T3c$iA?e5{NZ#t0 zWO4Z`)Q^6eBThJy5P>YGbbEanh&`LZJxl=FD73aK0KMkkbe{Pf4C6A>Ew2A%PN@?I z{rSn2ThkY4C;KBF75t^kwD0_q8COt2WP!w!a5o|RB^*aSjtsh;0|Ph-2ooz+(duRS!C<)5y7>;=WO+Ns`?vNf6LTg?G@l0 zdH?PC?!cS;-sSfmzeD^!=I5ovqdZ6PgedW>ljrvEpMMY{|7b{o+wJ3@OaA2k8)5Sv zdGy>(TI*dVOvm0r&y%J;udGfH1^MV98Jb8hUN?5}Dl@k{MJrW4fN2-}v*zIHNk)?h z)*ljMEEd7K^^Zawg|Up7EUl0@A#WX5qvM!2st&#yd-LL?9MyR>xk>0o6n-`P*Nieh zDF3kYeF-rKVs9Spdvj9xZge7n$`=kEgh-psk1+|Uu&z-PejzGCrDv8YKZPBGWYfU9O0Ri(8(Ot_C>I(Bf@&|-+PC;A~ zmXf0{eaf^~&1d>jr%dY`C0fd|Y5REF$6Lj;=Qn%Hjy^fq0q>SiwgdA3_4l zb$m5J2Ct9QQP-nF!}Q-`(l(({YM_VaNYD5P-@`FNcPEovz_n_U5f_5^C7r7Y;;c6n zu`p`G)-}9`t^F#*H)98LoBuXpospHXL*7WG_~`Ba9^c6>-&U`auOd0ns-u=ztsF`{lUu`mQbVbo<$k+{ z1*!%s^<%=%z6&rTMpI-#Q{*h;0cjj`X*cfjH&o+9&wMScV?d6dWm3y{%>vdW6_k8o z1@EP2Ws^-OnYlZCTsB~`mTj;gM?H*QN2YaG!OXi=qul!tj~D%$e93!-Y1?1g3Cx; z`9iWVNt?w3K}F>g>YPg%MFuN-`CDu5Irs_BbtXUnP#wv=1qVNI%3Z)Ik$>*lBcp4Q;;zo4|sPGdO=;y?o|gw zuS7Bl2=m-Qnc>VU$n{#~)Ul3R9wPHh8W`*4v};#zEhz<>mzdvS1{I9(pm3k!cvsOn z;^aNR`z`97N<|dvDq6*7d`r=49_dSftvIKs#1|BGb52n=4KM1Ox~LUA#9&2~B@P<> zT?raM@l{S+%734E1?X!%yPF021>h-cd8NYLocENGNa!*`Sw33tF>v@?E{S;dYGiQk zeBj_Gv0Y_Noc-``{3)Setyy~>c3k( z(Piy*WR8O!>8>f1Nmn(Qf(tqK3URg7?DKCD?F#H0Dy|$%Hf0X(VZ&=sx`5PG>G3dM;lrN3nnSC{5L8{> zx7k}w>ErnbCQGK7uOu&X%e=Lhil#k2O6DPB+LLNRJNg6xs6L)JZBB6IwBIssEe@{T z+&8#yGWk2+>KJ@+RNv%R2|R6f%>xQVG_W!WFn{`Y_HN!gIdAa!$*(aX0v)qeLqAA=>016lUJpZigf)j?$WNf%R;*@A!AWegslNmOBr|AWo%cWKUZZGCmV35 z1q3Uz$-Td$S#yF01dC)V^sqePCRR84I+e|fP$06lEfjgxv9~ z(7_3=x(%c7waqj;W?FB5{xZz+Vuw689Jt?24r&W1*93u(d6l>3sWthcW9c_%6}BLr z6lYp-T63iQaOL63r$!$paY=He+uUP5U;awvE0ukt_f;P0`|y;?=jTC*m!9_NX$LuR z|A&LWiM{FWd)GHI>Ke^Ksl-)Y6q2@#s`d4aOrCVIPrN-8n|Up>T9v8SEtAwzhsg_$ zS#zCtO;DYAL>JGuRBo>KvNcsRaKoS7a|_*b1LcPk>%9kWb%9-0K3Ea51@3M3?_7+R z$FpM(#|g%g7{8aXwRrg*8(UlGiuwlo-BC}>=OcK~<%{H_$a7z2-r7OhOoesxZ>4`R zymgi00TQ)9Im>)6dqF)?$yLD80u1Hmr{#w#4^=)s`cUPkVBjHH=QE|wtLgLC??rw_ z1cY^n$K}gqr7XfKYoEg8s*GpQ8$P3AC?#A9~M`1&i3FOSE|D zgM-g68QllSIqL(;kONG36y;o#nWr>D>Hr4!D0BS66AxibQ;$bCFZ(oFU&MDoJXFAA zL_EZSje3+wAkU{_NAf)?9va1CbUZYgM`1ivXx6KFFf@kmvGLGY9{za9FZ7nJpStXd z<>6NK=jrOH2eq!$n$II&R}M^4Ikf=1)G1Yu)KvqKR81X)Jg8AB9-}J;9zS2>=hx7+Hm;M0f(jVYlNCBKnf6!ObAM};<2Yn@kKwn9J&?e~*+9dr! zo1{Nz(|8{Am9&?>lJ?S9(q8&X+Dn_Hy|hW%OPi#F(n?F%p({NoyOy|c!;4_KRF(n!sFC<=yV>X@z5DO&W(qd80*i8htA}2 zc07cWmHMgiP&tqCcxWn*v*Mw%d7K#!ox`In9y*uDm*OEz)9NpXhtA`1empddM^!vj z$)hqJs^T#%9y*`LdGXK%JSyU$FY&lI9;)VXQ9LxA$BcOBLLRm8Pz{foc&L`gh4Ih~ z9@FC?R1)>o@zBLN{VDniyi<1l6E|e5`y>5b)~HNITh(^`{&>f#w(A%2DxN!WPtB|2 zfA~%0>!ISF*8KWAOeHu9Vz!;|xAR$3v0{fuYTpGn5r^-pkNxAk+Rp=;O4kc&CboX| zyjv8xjzilb^N0K3lju3e+1A?~B1ob(pY-c6HR|kFu?0qqohzmtlx~{6`Lx0z$ymIxYyA%mJvA#;x%id3F8sQkG z(sCB`O6opD8Qqz+XLBF?na1k`8&6-#;z!tj`|AJ8*}K3;Rb30*^U4DV%m7iNMja&D zD5%k-Etsf*gd|mj!9Wr#f^97wQ)^LXP+JO#lR$>UAicF#TU)jD_S%=FtrwzgAu&jx zYJId-thEY#Am#fWKD|b$6 zGjANj%+3C{h>A*6Z%qpK{+tkJ{X!NIMJy9wKv!{MWEEJ)h-#h)Cw$)KB2lkrkJN`O z68-xbxHdNj@$9{Y3UzG=1(NH$TWC1OQ1El_z^H!b{mfHdJ9496CzU%fx|mkon|DV}shCU#IMLg3am;>76(w{M;$MfSAM z{Nm>3P@VsVtLlO`oS3T$*OCku3RJ-qDQskOUEqe3bHS11wBbV0dUu1faX}p2v4$h@ zg_32%g`)W81%G5*a6nS~@`BGKSkn2kZ^A>@alB_LRYi!)ft4b46#zUrz^1@U76Q0} z8zy#bm=Fx#@@Kqz29hV>SGcCs9syGXl*4J+i8NB;tu5*ogdBmiH&0}(w(fH@IXjczU;?GVHt?eaN_#k+RE5(v)&^ZPE?qz} z6-d~?Q{8l&sW}4so1bM7L7k!Y_(AY`^q7NCH(|a964!PXw8zc6Jln|rv{?(drXWfREg^(Q}HW5fQo|}&i0zPo zRI+crpX%>zU{+|VYnas$N{s|z?nODM@A81S;BEZKO004R01&~+a92J3<9=9afA)ET zFbopz-6f9oOMPw0X~zH0qaJB|i0C85=E>L8C$+vqXTPVup|mqTdJ!`WS_daTmYa%X z-@}d?nSr7{pHhp&bR8@SRz*vP>q{uhH!{(>ZGD!uq6*}l8c46;YU!#aF+^16X(nzW z0?c#=Dw3oYsfN#-wD;&}S`?=v>85D**LbDg32<`o9SF+L_>z5^(GQv1y+ek{()h=P zLMq(|P-ylUVu>yGred@0_+0(>Nm@~Lu8GW$JcG%LhwWL0v>ZzNE5WMe`;IEl>h$qt zo21>!)ubJ^>c?u;5h#_U^_(#a2+4YPtAa~Y*^ks8s#^fxqxo#9t|?xv5)XkJMoPygxiwP zE$3aD;?}wP~qSyAFyYL3> z%r`IN1_XkCRB^PvCbi2*f?S4T0*)k$^J zD{8Xe#~=Hq!qC9t$dQ8T>Q_h3iN8YT@wvC6%Tg6CLCT zj2+Vw#wlNWRJ#+amK`TQQNpwDc4Lh+YPiOP288$#Tik-=BXUjI$%PkzJ{-(kFwxR3F)T8MqktL zh#M~a!1(aDG(6;n%e+56{2dJsa4wYmQ8b&ho6)NUkDQzu4J3{i&HgCO;0S4IS0#>7 zdziFb_*XDOR5&`s!0T*qmF%G)1p{PZ)vcq<8_~r1-tvfvqry2LIyPl}6IInlwn{Gc z_s!>W@K9%Y3|$-Z+#ax(&2sQ$WD=$n&0ah#)^7a^B{1T6Cnu;rzcV;8zk5{Rk}Oh> zk+Zu;1q{iF`k9$`bYuo&YAglTY`MW3KB)`8>ir^a7paaMJ19%wtihcqL3l(HIb$DW}JOMhc6j|4oja3D9)+kW^fc4nikW zd&-8eab4DTNg=WkW<=)g;Ra;vR_`L9lDdbYBn~gw*LTT8H_`+k3cX`O?;0RXeq~OO z->2N)1N;(e*5HzYgE+;OZl&3#g)1BMBiaZ=qY`JR)y82vG-^W3lk~|PA>p%rn;JYC zd`wF%>FNt`j5|oIracNG5!uEX1^+g zMWGk$yTl)S-s7gx?l{R?Ip0CX5QNDw^U9zS1ks47-k+K0?`sI4>?N!iYMdX$_ShSF z>t!W%%SN|Lamy_0-ptCXi8`xfnof;_MK9OI|0>{9^3hu@+ zk-dJlll;yjeM>|=E%gXHPJ!+>CEK-A;~&n;WSg7GULQAr2+LN=2BzLucAA`u(!Gx4 zv~I<185$UIo9FkB6cLjxApb1JF4q#d_wi&J-jbd7O77)pORs43x_$kBNw=3U4akJ% z`nH+pKwl-_T#&nNwWC&-t`SvNXz)ie4M#XJZq)1s zdOB*-13GGmBHE-9OX}ohRDhiU(LR!VJi=ZkWZ3S<6v6?BCR9mhQJZ;)$%Xz)9VrU; zZlU3=oV;AWaC3N-vof@~xzIUh6}UT%RrA!I{o(Xns=}ICtP7~CfZ6vnTy@Zjllb*e zjjMi2YOBd{t5flYTb=PI^>N4f!%{FlF5ztfhtEuWMp@qMuN7Rf zau!=Go0|h%PQQs$)4r}Zj+KRTK_GEb*Bi%#d(p)J!a?BrqPjvrmKBPurH{`+H;|lc z7pP|90;F44)}i8@3&b*|U80)F)NG`_juVKvz=#CORA8Q><40yvjowd?eJ%o5p|Fj63G(dYN*jP85Ny@R<%K9%^D2b^%j;xTVMmBz`-@}qA)|lqWo&`m9oC6nI$LzLwwN* z?wiOWH`9db!~7s@O2AZU;Uy^LiHb$3iQ3BLbo9*E{sY>Mk=xpRYbG$|gt8}madZ@| zSaI(D<5Blog&YjXBxH^wie(IYenymh5Ve_$CBsAJTQ46)K_yp?m%+IEv)ar%egU?- zw7EnNwl2s!*m_eVM}6+4=t_QQoHS&=B2kBAHSysKy2vk4<;-IbBZ9#@{AR*z$hoUyoR1XCEFNL|Kqqq~ zCl?3$L7B081qV1WV-=2ABpKd1oSbI8eqA_(3zh7exDG#TO`R`x7Ut?(2 zyUPCoG%p9we^Y+{`0{V2{GYL5VOhWxdXJa|W=tES<$v(smJj}7*H74vMKNc%_Q^F@ zW8QY5o=G{LvlYz6WdbmByf%@Yx%Kl$Cc3--oM-Vj#YpJV7*fwf04?WPju$^kNEYTr ztsZGNJSB(vIDC>jV>fm_r_Nc?;>1JF`o?zTyA+KAc^Tu~XYTWoub;KeD`_}!=By*Z z0~*zhM+$SZ7j?t4>Gh2((<@qF0fY|-4p|Yn43+LTl(jGHACR?G_Z!OB7xvFt$QL)1 zZRgk8p$#u^Z&4e=KN~CWTl2{KmehFzYFv4hm*$suk9<*H*`oieJdKr?zvhwmEvf%q zdD|o`*S_M#w!AKW|9$&3R$l&^N8Y!j&MVLILx-8ggc5Sj3QR)fuef`+tZ{TfGz~k^ zsfWr!d?pJ;srT|B(K{&5EDAuSN@}0Dq3B8>sFx45I(J7&CEE$IxC`I|!hO|j z+Q8$=+G%sJfqDE5xXH5G-(qHv5ZF+b=dF9|VdLc}N)=_3m+F+8N?J~A4uh5iA0tI1wR@X1 zJlyjY-fA(t9HzA0pzgsC<*WnOED1ZBZDBGbWyGp1%^FOZP`K|Sc<%M#fiw~{8)Yd(VY@1U>)5lHFE2FQC@vDz3uE6 zF{twoa&;~Y_w`T{=PL^dkvgyCtNYEjsr1^3@k4lK7mcgwL|apd?$(s9)VhXu+$z2T z?XJNGVmCz5ByGAB8B`Tv|CryTtsKNyf&JBzH)8 zEM`ktSHF-etWXP!E7V-fWZ*=|X{`5WN~jA>D;H22Awzg9fX1C}3u_(SE;U+WJ}Tws zBPD8YGG4wCp`miOthdk&_iiUa_nW$3x8*+EjFQ3Bk&5sw8=3XSY9b1Rh-g%@v6onU zft}I!^*vd9*|R99DG7OL*t*a};$4R~-&`l>#%pvvghoW1$qV^Rx5!Y7ta2vDBrx4l zZd-h^MOWEcL+tS-e!4G`gZGdC+@m|Icq1=9Y)<--av;p}waO3MAX9?3D0W`;-!2&o zZ~Z!xvkj$v!2?a^58E{}Pm1CjyNR{K8Tl4|Z}6jRbnv$9ODo ztIZe(v&@;c-Zc5bZ8C|qx@|5Ke<*DL`dYRmX0CpaX6ze$qquKMUlU_ZVAf#%`a@}T zY3+e^Vwgpt@BBg{X*c!7#-ZFZ>yJb0Fv9f_0w3d(9LYSjr~UAua}g`8~jCFfGwBRc8G zQhRTpT1o*o#URmpOOp+}Na~RQ{l!&c+&Qbr)B6*Wwwvc3kue^UmE$+?&{;34v)<$( zPR`1i3+AO+CbcJ$dNp*@r^W`t6zzK^Qg^WC&u}Oe$qXmPZDodw(pGPV+o1(AnI>k& z)%u)J9IQx-ayIPn4<67i@vuy)j?ohlkwzHMybtT4m`Eb&G}m#Uq$Sk7LAROFOUxEz zx^umQc=aE@^5d|lUsi3k$S2+8w6pU%|uk4%RJd(d??H9S9xt#$dtW{0-Maohg zqy1=EstHtP&dSuD*|1O8PZZXwzAcjs)c!M^dJTA_HeBmVo}JoVfg3}FE_v;jO;WMK zKO}X5fbJof9TEOgdog*&sXfg;5!c>q(cb*w{Q_6Z!~7ArWN#)BJ=jPtgKj?S#A|TX zaN(%(15E+BnYN{GQ7}fntgb(um&e~Ej}MX{n5bw>?Uvcrmsn$~#3(pdveLO$EK1Mh z3u7TfVICcolyBjtAm1cMXK&3u-jCrq35 z-wpFf*|WWA@srO9M%!tT3jjPI-AyD4oT)%c?VhcP#)7+SFw?uj&>bbo&!u*EY0T>t zmW>L_KMpA9VlLF6ko2rI;@8#_^`359-nteDeD_m)_C712#f63Z&OWm@7~r=maID6wapTP)-f=Q7ZutarC$kt? z3c@mv73xs#h`J@eLA)Y@mh&1|dt%MY!VTy7Ua-mV)L%z(1BG0}P0M**Cd zEOl;QEv{!0r+9u`A@$>sG^!EHC~c$9(GU#8l(Zx&TN2Y+l4qwkRuJm$WpS;c7}LHQ zeHG%c+p-e!vqbg-msqb{JgubEs<^#+)RodDK5E4wfHyX`zm9AZEp6t%*u@cv3dX{) zBDhP2Nv7E^EB}om_DFMWxU^_=yNo)_X7E4qJZlI7KC>W zt`gJ8dx)MXDXe`myy+pFLX;!Umm*}D&p;+WZJEb)pUBKRwRRZE0dbwDcSV`Vb|e1v zxmzqwptdl%2C)n!q+ScHd2N*wScTVBsljOv*ARJEi6r#b29lSi2163@Z^UvMFetUR zD+)IGR}5w5O{*PFp7pR~zDqLK_$TGXU*-5$k;O#PxvAVOntpQdnPcH`6d&7DyOc@; z^;p$4{vWuDR%jipUolgCsT^RzQl4z@reAV$IM5xZ0=4L z)RI3Ne|V!{Ep%w~y;v-3d;!q)#2%S=^JH-giYmS?PMong5m}r(FTG1fp^ghK{bW=L ze!uv@7=F9HpzpBt9X}E+603a2to;G{03cdaX8%g*si@#InnNAVMZ-GWrRu{QE8R*D zcL{lvztp#T@O#@zjq0gtnfUS>k>5ngGERt_XR%=hRdhDqM_db+bJ@gTgb%BiM9pw; zd1Dvh`Z50~+*WDrk#Op7FcsK{LH>{%K060z9l(TL@WtA^mpY%LW*#=JC#ADh(4}`jNiG?D8PmO?KST}pi)upZ)u8iy?Tg`Ce?q#Hb}w_Ra4A9;gp4>F2YAnIyB6ct z;@I{SZ%$wmU$r<_38PcRS9~em!;p6~ z^;QWA5)>tbv*!zVhj*NkSuiS>ihP!@)Gom{0Q7M_;=SWQ^1W{=|CV-9GTbwnIIWq* zeimw9`mR7g(gFc(`&Rj&)!V%KYkMb=Bzu}x1g+<9N>RD;UlZ^3*HU;0mxZUJ+63VL z@iB8Q<$F*L4Ql}DU9b3ml1BTk)k-oY$Q-$MTrVo2q!;74{INPBG!vQ-vssUBmq=#l zJKEN)TwR@dYog`bsH!6GAB#EUzu>6AtXArbne{E_;oz86xc3b4(NU`%QxS{R}{^lSx*9$~8nW{;x}`Va38d*Ah!e6N!D< zgyuat`EjIe5t<>F$k;Jmi_0Z7Ow{g}-e+2#5-CETOoMhpDot z9*2AWNeNkQ(xM3kmS%KcXg5ptkj1LnUxjax24Xa;`w?NPo6|~IC2Kje+xrn>jdhP( zj{~+I^wX_hA~Dox>)q6cm1TI#Et;FsNEPh%Gg3xp4F(V3VEH*1e9EOtr0SFNyRxXN ziJ_l0r_&dF!|W0I!19_~|yKHoa ze40xMVGBaMRcnxTP|&R(qY@Ude<0SsYmfpI2B-Uznw!aeJVp9$4M(W(1q`N*cpXKd2aL(ZwU!buRns3j3;3HM$} ztkl*X-ocTT*5My%>rYf$Tq+ZFp?L}YWcwmfo_cFa z@;DCxBM2cZ0``7e8q~-E!JPxaBRG&1$c(jd5sJ2aR;K5GjAbC>K_a@h8-{y+#fPUB zAUER-*<5PkPYXShL1*nCo=v4XF-=xUxH+U~?_N|)@i5H;_`AgYVM5(u%;c-Yoj|Eu z&9HAZE@WM5Bs(HfFE}PtTOvct%w3FV+9>hxANIwF>c(4UHjD)h`_3DeNiM-TV+qJW ziM(c=$4iS-O-7hMLvDp1so=WcN;RZhA^gZ}iOgti>PKl-SOtTQ}4>HP>XwMdh(&|Q{+D;yuJ?wXG20{<@hhNh!jh`d@ zf>LmEJ6?Hwf;Ypg&*kUNFgCMxcY3)R>H+P@K0#fDXfN}KHdolchhU#aUUti%&0MsX z1UccsY(iEs3~GGgO;Oy#8>KI${n<5|b3yW4kB-)ghpXt>^G`k$U|69el`P%(@5^2w z{z&;$OMh%6+XFLpQS5y6`$U4|^swcJo+S!l$7~MGoq+9xm; zE#7P>%gp0ic(7xwwX7CTaQix75=cuUNO0fC2FTv;q!bJ~b&6F{cRy5zz;ZViluZj54CEOv`O zl0E)Tzc1Sa!e{>ol(O^1)xZm#{2IdN@?6N%z|+Db?e_k_NiZi7={z|uQoNWc`i7E@ z{*!4jC`ULfW->@tXkFSKs@^|0^h6XeCnn63JL&&Upi}xp1wN@aM-#u6Jh23>>rZ0F zyqG~7v*d}T67!AG#CM4q>Wd%+({>7mv-gK)nlr((_c6ERQB6M)TWzF=K^SsEk4gr1 zJZS%MAMzE@il$;Z#POvI^8h9#$SK3gsUyeVSnPy)ua>0lVFf9V@C){UEgLEl7jnOCfp2o z-XH>Rwu^XA&^PMOxF_jbHpPbe#Uj&CzifC7=|0I&KiZ7A(Jkg(s_$d;eXPFA^nJX% zY0N16=l;;GVD9`CUvw6#V+rtF3c(<89S>Q4<19I`KToO_&Yt+!Y35MMdErb}@ zi9-Y|i?4RJmr(|dI93`lx;?^ITW1*!agTTsYnync-kiRs(8|8qL}nLh3f59q_|;5u zreS*RBjHWVLjWuYCt8|%gT-VY-^=1lX$=vy7p(%#cfUw480WD}(!Y0sFMthM*^H@# zG_Rmf*h|bX`ZA%D1@f;*T&DikWdi)NuUX(%0sJzj`Dzets?=LT74|f|e3@BHA|P;O z@8O%zzrqSCQ*Q(iCB8K+i7f`KPSpFIuSiGhnzi;9$?2K-{`4mCu{}r4vEr|ieu1_8 z34LgDiXA=w;0)$#RLDk|Rm}@;c?~yHk}B28o@VK=dxp@S2SX!S@*ZwV$PbI&twKIz z#Zh|c)2}wPF9`1lZoXtx#2ty^mgF^=n+irsbo+IrK$L~pxG2hmnp1TffzU<)b&@25 zYG^WaY+n05U5ynJIjp^3nVa0{o?SZdTAkl=I)1OOj{{tqEK&78gh!-tXYb! z-zSRf6!#tu_uPZK_V?k`L4K`G*CK266tPFJA$UN-_7KL`D$XE>cOnC6@K4%@>^t~a z?JvWr|I)yz^Mg;f&5+UuW&Rv}a>U13`(4PEK7bVI4#arsUzU>L|IQgqpp%i7H) zQk6YrB2+rHC2m~1|5^UtzZ<}=geV>l8VrW#_f%!2c6 zl0AgEX;kCmm%uLspLdtcpMYG6WT;e(`-yE3p`ztfpiIgX^x(?ov!!Qbo#^li4ogTx zYjYw2sXb9No5x!F9g1o`@NbfGAC95OFB zlByI7ZRdg~f;C9VrplRxXog!W%tKHlcy{uPqTigZ5+i8HJ5vL}k%{JKBv!7;!2~Nw zS?!3~(z{91y+`mC7SG-n*MyhYi>C^u(%Gf4>cef-qvpa2ohN2f1hnk~&>~8T3?7`= zJCyJ@kHv0kGt-Hx(UQM|1jd}fJ6|7#BrS9fRS!T7VM~^`%Mq{T;l_O^1Xr-DvfNCe zTy3_#I%QAyYWmD)9!0yuVsg*De2DY5b!tx?janW28+QCpB-^DBzm8ddcb?lEno{M@e8hio@_+FX^@N3cdcer;YNRqdZEE$TI0^4|(Z09wJON3AGS06ywL|+nB7r`aUVE5l4&E3mXGDbgc zlNR?>Z0CovJnO(hO75{3u*|FAsaMv{J(NRN+2+BFvGY#XWGjr8lW zNOz7!;`VkauF8!h!Vb5%#8{-4>1gVpLn!VBU!vn)#R!iQoDYdJHAo@xU4rPbm&rCC zAjM-bD8-`^Ue<4-s_8bg^If4!W9D~bp%9bz0p?G~BFvKF-xrv-k42KT1d-kcnAeX* zdWjYg>3x8?a4eGa==%fn17ne7fU{B6xPCbxZIKaeDWrJ=T(bn}Mlxv;S~}~MbDey$zYl$Op%z19|Ssr8_~WVO+{BGneUvQo`Vo2^g~l&PK(3cKWWd zE{a@fU8_6mq06|Ty8X7HYz)h=7vg&=Id$)mL2uXBw1D;Vn((IGcwx}|;Fr{(`BnU| zsvPD zhWbCMZ=uCQ{jwc5)c;w1uh#eV`o2NmYxLbFZ`nM6d5t{4^B~W|JOey?c^>CkPNSaT z_W;lDd0ysuh362@VV<{n0>mliVP=Sw@|?gE9@^9^NMDScoGyu(2Z)6$(iStnvRGRqh+dB$V}Lyl355gQLOd|Ek@cUOU;o?EzGG?M z*nD*aFX0{_V8R74N+S4h7dN+%G*U}v`#O0qi8^;|!IAny;Bb%bZu=4QR5{za@WfT` zZ0iwM0^8I}D;mQ+$C26Lc@?2VVQTR@|41nHsdYzDos_&2qEI7+`9{u;-^{Ot#1=fv zy|*ZRNN?)mOQwoY@4?paJ)tBaqQgugYyfR2B2N2aAT(-F!3l`L~$LCF!Yyp!53P3JC!oGx}A zgr=LvsW1z1VhB851ZyMS(!L=TYg6TelHu`Wyt5CzaLHcHHkqp6pQ z6GggpI5NqZU)my?1G1-fpWJ+ zK_-551WS2?witF@EIy}>OiRp99hpIa3?z}ZfTeRDgtN+&i22!?Oi4rVX-+c+_hFJl zeAG-A5u?E;h*~ai8#xDFG$MYQA~Y?yFB9sJSxy?5DTzy-_mHO~5cC2LwS5U1w|=U< zuS+;jtUOGEWx0$|J%=Z1Ze?a|GiT`_Ud6jOl|OJE)MOq%5y5|TC0<9N%jph`^EO%<7q_u$qY33;==iDotq z;KkaK@YUQueYw&^?sw%Tl+>PjLC{apEV7YdM~5QpS-*-N%!EFJhq7JQ3Ud`>u@qk; zZS@L>X1ec@7!=YyppN4BJ|eW6-*mX8l#G?)rxe;#?#pnucd|J6B4+_aH*=FDh4HUz z8?I+8GF)Gm;flCA4+q>HPoA1OC`Kk|3ot~TeKS$nH-p%(P%Nz+IYwgWB2ptI;uGs3%$CoW&!zIoVnnRfwAi37 ziOJ_&K2v+5{WQ@xa+0;ruV^tZ{2gsvC8~v&BPO(KPXq&*)C+eN(6v2+^Q(T%UhYAbSW}EFuw>9KWV(;tzqP zcFEyrP>G{-3e4)>TSa~#07B8^r0N$S0i{`?`7txi4!rJ*0y3t>=2U5T%ik%t)m%c* zSU<71!9F(L$CA0KAj=-=R-|PJWg~N&N)jK4Kkd~Z{yQo(ddy$N=HNhmZ1fnT)(0b5 zVMS3R`#tlrY`zSHZ>REw;hs;BmyDk)5_3R8rwNKYETdcSj?)ih1x447lRzYfT=}0g&SnL$pUB5G}0q~iQDEo0g zR*0WUm9@AW%h6DA@`{$5kBqcA&CAJQLU`x4i4;3hgrgY8;G4yL+)r(Ty1bw+3Bm-* z2c3Cx6z)T-oOy*}Q1pD-Q=>&es@51)1g~4)XEujXi6D}-doN7&#})_EsZnZR_rLP-cJuiuq8MbiXXmfaHL2bw+%A; z_I_Oy6U4;B%|sr<=)xqX&XOgmrjp`RQ-mjU#G>3!K^C9cN+F;IQ?_^ zYmK6xR;X zBFJu~NGdYT^*~N8*sa05A?FK+K1z3oD%;HMl*MdXky#uS z!}F+oi%JToO1cIB80Sht7s|&z`_XuzoIUYOMm1h2$4@+)QH>Xtk%M^LThf9RE4szuz$n)8Dceq z1?q?Ghgej;QcNoM4^U&Xmf`QsS3SCc#C$D1EIVfM3-XlWC47wBxm4;b=%_y2&eEeK zv#z3L?si$SB~Dvrp0L~r6Hu8T^%l(w#J++8y7vr_d`JjSYs_3hMR2l9ENiIh7r1RQ zEY)W63ik+#*!wk>nTuoE>R#d|ZUhpg<_?lNmx7uhC(RrH7CR+(!i&a`$1TiQwrbXJ z?V$}9iJIr^m^poNwxqOP`rdydSAURI&0I@nt*z#o`o(T{ z-k(LUdw@9chorz*xbg31eo_i)tlob`@8OlY=^S1lSA*>#0vn=_n+Z@k7oua-LhmCK zUbvVdBF-&RGj(0u!433OYz(z>EMJZZoE#SvzRWzo$gNj|dck2@#>Oqg@;6O@-NP5= z5}{!tc(3cMa@sm*NU^KcEG1I@(#$RQP?IH!)v{;Lzi38l#}pKo(S`o7SL~ezpf0RP zP_*vDte~|g>Rev~zP6B&+57qY@*AO0OJ&_1v(`{Lz|b=1x^<}02#Q8gb^L}fS*bq- zGJV1$Wo}wJGR^r$kNWvDeZn_nZYpk-1%_FdQ2NhX_@83@upD^viSf4qPW)H!PnP?d zED?w=q+GVxUrpA~aKY^32vKZH9?KYTS)N83(MGLPds;-9s}vr(LMXCRXc>oNE#nY& zis-$o38{0MLof+^I8Do$Fkuw>JZ_**83hi!F05E+gWkg^Terf;U--?6R3tQ0W7rYU|RA?E91)GJRXo8cm{6q8Rc@nRs_nG9C zqdU5!GkyxHj?K4$;d&WaOJzJ(37*uo zn!l=PrOJ_uJ165?A8R#@Hz=ShMz0SMztz<6P0(yfFsId=sDroy3DR-#5Qr3?67ssJ zlbAA4UrkD0EZ1JWUOYk`%ulp1FCEXH%}EB~E~;(6PUUsDRw0{)dslbiU&N*x_cgu<& zh*g^3tyb~bZ0CSEmrT(xE^E(}2ZJw|fmW=0f66Pq)$|cl#(>y7;g;*Jc-g8ocf?l{FMWpq0qAIBTGP7oU}_{!%XK7+;x`a)bcok zCxFB!Tt*XUCNI-18c_?}&@8a-ItWCBPPz-vt_N{L!_Q3JR2oeRKbpQ@qT~k?6v_+w zxg_TX`vxk*X-lSK&}6Iy`Si4UfA_kIkQ`p(0@~2#+`kksVkwzT zsdDo@Rl0XAia}Pt=6%--Mz)z+7H2XBnwFP{2_kgC6_UTej+Z6Zwcbv zd!6<#WDJG@vNn_wQ4o0@-)1(<)4WDEB6dOXSp5lVN7;_cz#rW$3xx}OGw8WCjs}=u zxaWL&^sIMIk;T{B=%L}4mGf;nBTULOS#`XYD!jnfO(cPc3|ljN4y$r-tEndY#Ue5f zRgu-Lcauf9C&T-!2&G*hE8Fm<1PPH4{Pia)A-Ip9oNebnUnN3`NWHu}8M=D35drqr zYi(g|!&;1Fh7CVy!LVyld&@_avSp`JIziOMmz{(=m-Xj=esol_3rTh-kzJeVpd36z z$K@0|_qCZupboBo#}}1uA*bmSGE#)23Wsj9xJ6>nhlX**EZ5Sd=Pku}TY6pxW_=}I zxYv=ersei1Z+Kf0~VKEggCt*N0#5{X0+i9tR3(Y^S8x15*TVh_h7Mi!n@~e{f;KAVGdC}sBP{IZXPu31@ zI5DqESLIdd2gJa>`33TRBppQRoC9Rtuxj!VHfkeao(d0$1&$nRxP}}gPZG=nv%-`#zSV3+<5ADrMZLzEKswihn z=p;q4;Vwxme}GmZWe@QUh1Hy9Ov%eBD8QD>1!BbL(){wrS@tKI@EbqO8%$485+JCUkF_?*dBcBq(X@NWID0t8h*Y3>2$h}+!tv5uA_a4u?UeD{5Wq+^Zk9u|y z;!93uXbyK7Jms^^Y|C%$A1KHz)I-p_|F7in!5I*3sU!A&KL-a*pOwf6yi=R{>sp1F z4#nx@i>C*ZY%}@(zl=_y9O$A7b@XW4JX^u1DAB9nQQFaFzVlQbR0UoX7t4!vfLMUX z9)_@kJKZglxYZlI+EX2sh2Zm)8-JR_aVZC#%(b=#+A<+}wl5BjWzVJEou_iYgEfdC zd3>2@ayI;nmk9`pvmIJKmnK|2x_b8L>dN>_lD}lpW?psk7j34kD@iB-qp~!?M})+& z7GVXY6B?u+8jm zf#EX1e8~p5#*5}|HMkSUFImzlQ@puA+aQb{Fczg%wgyk&-iF$D64P@ROI_z)EVaId zt5C=^``y>&B7&2+FbMe)3D*b$n78sgVio=GCjk8M3!s$;RlrFT1jwR{ZypTsSgJGr8>8G@A?Tm~7zCq#Ed~f=Yb!f3;TdSvX18ko+Ur@N4D{_Z}&%@AV= z5vBS4Q^)=Sf#BE&u25*)=hT9N@!y4oRiQ~T~O&b6G?yr)P z@jjC$kN=)BW&C$IJpMa^R&XAFf5-ds_u`w+-W#@KTTJc$7X6_Q4mV187 zVFqNC$)YCQbBNzq^{Zy@#}#Gp+A8;Ja2@=86%t1_52NM*LPa=_0Kl9KhDg1f1DTNQ zp4VhrrYvbUKl+4ZAiAzSACZb~kh82+so|2~(bv0tg2FyuR4%MYo^LI2iQ)MOcDS(M z774Ie#ps$y3U-6Lgp{)|!5)4H%#<%MuYF9Lg|Ub&=gD50)cg0k|G?QmHb1bASrS|na^zwr*LFeE4c_%KV$~u`bR!ijdsaLrlBO=+?X2p7yD5$`mJ;F zaC3`50ZWSQ>^jJ*q}@EOlSXv7x#nYZGDhvq`OB2}*x^?`6h8_lV+UzbJOmtBGkr!| zC3^?5`;*#JK88SgJ_TYc#4^cw-a1_n$Z~HrXH;hV7jWoyT&2 z;8HC+?+lCG@rtyQrK}*ry`myuZ~JfxGoLS!U7RBJaGJSmKuERoniIQ;J)_S#ixrr1Dd75#B$iqvp$bC(45HFJn*d1@dux?LFjSi8A7PVYA@5B5tirivdG z;B^LBOHbFTSIl~g%9m0T)NAu9USKOOKpTpG(W8%$H4&u(vD&Ky4`h2oV&pBr`(#%vi8 z*kC%FW@LI)ku+xR1q-YtoRsWpCob&tXSS%asaVRYSi;9`)Kz|^Mb>hb3{bTn#;HlI zn`(WFNdoefXmT9o3R`Q}Czes`3G{^d9OcUv6MNoY(KwjWGb_at)%1-rQHi>N2wBit zqI!s9HcAg5a^c2j9O5BsBl<%9x^UZ#l<vEfd{YDDyskli>-5ZqMc1o73qpiQx0FU}&p+mA=hz{XrX`AXz z5N4^;OAtNV?pDI6UPW-gVv?(PiNXVzXRO9l_>U%$tbeR*P(Ny(*zY$qgU9wUH{2leCol5{CrDodeaObIw= z#X_z8Ryr-A)S#%QRAlD=O+lmQps7|xS9Y2;z*$LKD*{j_$j;wqKmjaaGVd%WTWFRk z@n}{^iPcw7^blfo$|C8x8lh6R#gtMYF}MRD$*5uj`Zo~e?mg1axgqA!qk4)--q2=B zz9;FBu_bF{Eu5CsV(R9SNU|_>b0nHLC4Q+lLKwWl`Z9ReQ!O35D~7m6<+oR8$>dNJ zUqEi>}N<$^L>j@uE zAI%KSF)BIUp370`#JY-7h(r}h!oAGgGIBekVk^D5qu?Ituugxwx#4c+pQ21sNoL{Z zBCJUg&d?Q^rNjaYn*#E2zxy#!KBV_0WSV@)$dZo}tf@SZx%6;-l)Ex4>JQg962aS< z>}X8A6$EQZ+1BCbruZHPWIJUmX}n&iUJ6Oj3Fod6dMrW3q#-it&v~$ORL0$O^-|m z&UIycmmw@z?6j3LLtg8&L=O)Z_scHL&t>`xFL*STdMN;%env&^)Ka3C#zh0s^7|(M z#q9YAftQ&t+nT1Ylk*T|&SxS{y=dFjP+KW?xN9{qCAu}B6z|C8@qO_-OuHyN+;b99 zoa>^LbCJ_lLA5IKs~@6q@(|lfo3L7hmJWVk}Rh zATaO89RlF8?6*m=%>3bUuna5+ah5O|zd0AZz>A*J=%v{kZ2{@+Qh>9d6l9z;_sX(F zwY!mz)<*IJF>@XHrJG7elV#=;IGK6VO=WXelqQ7WoEYCm0V7{;GdF6O_!Y%_#V?J{ zgmay!nnDsv1%5c^WJl-~xf4hZ?Kq1nWwGhB&HjG_5)zFPIRh8}j@O>}ho#?ck)1AZ zscRu^paD#@w^Nb$cA{l}Beu8p1B9JkqRv?!5Z1TrXwBY021`twG-ELP*?XfecB9Ls zVwBgG=E?(5dy&^@*;)T!?xVzmV6iW87B@_L0aRu9y?Ot$%~s_v5Z*TPM|wv!pG3K7 z4Q+(hYKH;Za1Ub;kH^M5mf)cP5P~9fD^cBQuCd`4d<#5UKQsQES7!V}#P%St&MkH| z#kQI%lEln;gF5-nejj7Qr70BobRUm5Gh?&7(RHuEfncr09X9)Bz26-m;Gaz zG_itwqvlOgb0e2X!dNfRXV>@cPkd&{vKTvY<{gD|h)jNtOW;r@8eqs#qH%wYY0vdy zzvf$-{Te~c?3LzQTD4GWC{+C_q@xl5D9Hf*YIx@G)Qx;P{=Z(kkcqj2=re9sF)2m1 zE$#XsSJb6$_&ma29~3GO?vZTltl{)6#79ibU0vbJ*;~t89-tBtsRU{rA9fzK`Vlb` z5EvkVP7M^@nfgOf@R7kI9Dd#sXK^+!hB|NW>MC>{`&Y?9sxC@<6+HttU&L=CN9v+joelc1Hp_Qu46DYey`g1o<^kr| zW#+rBnj0{RV0u=LdqoArlFfH)$86y9T^*C_6b_AJaC+0r62vBlvf1(6#gj`l2%>j|H4i#U4aL+z1Dm9}_@9 zYF2b^E{{Au`03$RYo>B2!9y3q6p7-QD z<1zCvp2AbFhRt{YH%_!Zu{E3NspukN%!Dj77lMyh!AQq~`z}rGsgrq_>fgFr7zol( z?efvpayqFhmT3yWq4!kuNczqj%+=(;Kt-I-ML{`q3VG->onm1%vxlYitaC&up>Q(} z;nw&OO}7J>t!(Wqp<<{@ulqPdsi6e!I4$gS3&o(HJYRVeDgbNIT(e{beosUFgju;_ zfrOO^<4jbSalQ+x3*(H(Q0hn`+?&D0B>Hnu(S_n2B!3SS)2`<|5?w(H6cc!gdb6xM z5;5~hK9}KaR8V-3Fn8gdQtj^EACWr#^&BiFdax+cD5cp~2*2PC021!KTMF`-S!4C` z5$Qek`g_cJ-Xqbydi@U1ym~#s=lj$v`T0<)OXXJ7^L-%W>b0W5L zBH0y8qH#GeV7VpP`{fR@nK_R)@o;n6CFIsr*zCBGt=$Av=%`0`A@p*O>|!Y^1Sl)b z>qG>Itm7tVl43SqvU4cTO51N|0+5wJ^{dNr68SQWFz*Rv78J{-mq`#KPad!L6~Czk zM9h8sw&%q0<^P8`Uau=Y<95NIF$w(f-giB`7ZUh~Zq)F(Do0P8+-BySsvcI1o>uRX zB6k2gO`_gget~alo)lfK<2~!0uuL0G08gaobNGFa6#Z9=1VRvgq(CHjpWW*0gnNoSC+ z2xR(CC+$N|@fs&XX7?~(_|S}X?}oX04|3x8_I4|L7`PPFr=BW&cpjj!yK^$a2k^DL z_J|cgFdK27-k1PlR4^oa1K7lUdNB7n5!juiZ!I` z>{UYa#tE?-yjl1BHuJ>a@|t(C^rbbcEKTXJmsTEncPq2UljClNJL}&XiQ&G8{ z?!~+ukI|!6%}X|jKdG)FRrVeY{^URMg1;%bnp;kx z*^5{phf)u9z%csyyNLhrYF^y?mF|w=r=8zO*qD4I+ol=bcCzI0fD26(E?;6xm0YrC zYNXFAG(KFseUQf-@i?YHbDcnk31x zPl(MVG2F&rEFmgQh~G;`na@%@S!(bi4X%DR zFF0m{>m~I$1T&oCPxBF%1Z`t7a`TSZ)$;o01X8t`H<8E)5(-_ADl2Ma|A;P`-SHmI zNnxn~>rkYXbMoY|F>t5%UWOC$SW*i;nAqv>M1G7#!;*Y?tVnNlmhIu~iDk(zd8RoQ zk&0u4MdR?770WI&lks$W@iX|QudAzmmGQ|v4pdkAmMI6C-DX-a_u@uu#LKNVSGm)8 zu5#CI(?Mjp72N3{*v?5JncLV6CxNi?$7U+&p^QQ3sS~OE2%0INtGbB$f)8W*3c2I|D|IsiDdbHGUq1>lVz!!G5Ith_0Y@oD_E9# zNaQm*Ba6e8+t*`VYLe(#fFct>z zbUGUQR-T#~o(am$lRe(k<8z@*9;O~43YglmKrz+b;}tx#sdbOH-GpIOAV9&l7|7i! zZWH3OwkX~}RwF-g1$0G(=HzqDtlTV z1my00~(bd4i&~WEnj)X@K{;IkAFP}SdlBl zWxWOBJvpDH&JKFF5JIWyMw9lbNed}6J;mI4$+%L-#=f}hcy6L_ftSjiR|66cQv9+I zU{3siRfz;Ij&*#p5D4qFgQDqr1MzhQa6JyFf&7Gfv!r4LS1jx42%Y{d*jaa`zd5p! z*#O4RCtAqTZSLeC8ntco10!9G*^2!7%$Q1t$kN<<)TI(w=Sx&@Ed46hm!yV8n^8T= z(W$#wPS`=&87}}pou!y?`q4ZcmTq<|GoMut(Uu^ktUGsG4^|hLWA*`Jx<6Uoc?L6P zS~*hFjvXxeP46br>UIgE3Xu~YNSaTpMHL#^(A6m z^C^k2aR4}Y6opO07d<3p5--$VFlW_kA7oMUf|y>*j&0TG>Jqa;y_I!J5-~N0ZLn)4 z%MLbm!#y9viPY9ca+IjcMj|`6oAm?N86el0ooB~PgT|sm*SjZ`g!T{DN2(~%cIx^d zhSEFztzy-tCe~SHj$XuoJHU|XePKgKJOnyg+_}-K^^HUzxcUXKEoweV3E)f=T4~Xy zUV}LcD`)a9usGCeZm_wQ4w*`};(JMivKEsGCxo*>08Pa249%qH?-* zfV7=e>3I>t>td!;b1l=2un5(u!Cv-acOy*3M>n09hZ}!^;($1U8_O-4u>BqUi?H8$#Ya?6DRu4wj` zLdxq`gEB~s!aXn0608K#0F_(_hRMl?_)ok{It#L!Nz!VTxBwj>RF28o?kLD!D;bg- zSE81-n{y>6R#PQN0!w?JLFhS@7q?#GHWgncio6>IhybiPlcnnQv-KXJP-shehXJV8ODJh2H%K!#(qW`n$$VsfF#|7m&%zWRksGTG5fPa5&6j*GLy9BC7&O__|TFA+t0#o^c7BH^rZfcI%^ zRakh>%YI(6S!UL0D}}mFjnB#jN3tjfu+P3$Lm3K$Hs?ZTW$~sCAup8fS(+CbB~&2Y zY4zMZ@dkX(d8CkTEu~vIPfj|~?6*~#l{EnL|LE4raoze*gFqZ}6#6f;%{2-e%B9uh^toJ4=WCzH{^}fI zYWhwwXHzVnjSc2}auJs~iL95I8ARo?-n3~+HQ5icB95>3YSB55mCq@;uN=`la=!Ln z1u)5ePFBAM;?szgy@zF zDkOF+-o+czay6vqWt^kiMVw)+X9ARnE(O-I`{3m>M$11&wWLb-kbvHw8QA55)xPr zEm>nMaWM7bbO_hZ#uJMyz;rff=Zp?nfkv7L}j91bEf#f1d6qa*(itgD-Et1ieH&4t}$K&rn6+Y>qCqM z4jVI&Nl^Vb?274g@8fCO=K!^=1(SC6R)?TF4HQHt_{+JZZ$u~MRiQt)k z=d_ug>%^Bskf%sdi&(%$YP*GAttm|FFIlayd6ld^HU22|ia#Y=LG+t14gr;F{_h8s z)=;~gMSW|p^>#?A)U1?TWIB6FdbO{f?4dEGSY5-_>fF&`J&K*a7F^4m`{(e}?(|DN zY(&|pY!kXQl+s61>nnT-d#*?5r%&o7|7iDRSB?JICooqerJ#6H&gSw*~?E8e&Id&NjI5QdHJ2bO)Ap? z&)RP4yu=!-J}>bLS{dn5b4Fg`Geo~a(wAxaw?FJQMkD&(lU{&qvJ%M!Po1RCZ_kSA z9DG`Fwwv#GS!&uJxM`6qB=>QdtHPfyFK)}sd#(C#>PS4iX*)QBwC$=ttF*0Ne!yCu z67vlG%77L0y_ZcU!LxhLC`Om53R@^J(o7W!3$+pE?BOreQMn^l9%&{^O5B%(qEK; zAr+7UONH$zHJ^S{#7hxua!@yCG(Z!&|KyK+ljp}gdwHJYd7Eb@VLsX1{QvRi4+Q@| zqzV-jx@1b}Q=3^(D0|AfZ$L}*OVMe>`%>h1(fiVVeUdLB0V~hd z`E9sqIl%L|{R>P&hReKxiL3*Q^&~o%J9?wg+7mbowvEky5vgRh6CrlrteUn;kK8S$%00633?M zDtsFv+Pn=D`n5EYVbI$qCcWYxcKCczW(H=3x{qo-k#Wh{ZAoEnZj*vp46i>0>|rAB zL=L`Gm7AF#N6!|h+dE#sF}=T}-F&jZ#js>xB&4o0#}na+!Lk*ch+h% z10XyTf+>brr8g@1f9E`L>HzqMIu-l>qE1Eq-{HjKwY{~i1$+mCjIUO- z*5cLMVrzR(n%ZKuJk&D3?^^qu$$<9W&*%Ri$jpAM{aSnNwfA0o?X{D~v1yu&m51~V zi@E!$4~T~pc^yj!&CIicQiZ)~%}mghevo8lf|~sx$<_qb_(4)%6I5w}67G-A)J!{& zmyOV{8IQ{u(uL#k$gw!lAB&NPrOP~;bZ!vS%lUE0LM`39gL0!=o2tsL8IXaP?v)Ye zTqfEA(XC42Mco3!y`)j{i#WUUO#1T@rN_7%qmqm{HZifKGU$$?W`%=J>4~ukt(&TF zE+{0Q)%6#3lTjdtg<1$sGkgdfDK6peyVxu4o@oqRH_OpJg$N6iw=yEKoGnrAhB?ox z*Dzr$8pIgcZgRKw$o0h8?qU*R2@`^y;yzccb>yBZmc>{lVuPQzc7;HgMJ{(Po|_); zG{oUBo^`N43kuPiS9@UZd7hXT86llSmdnXZndhk#Ple~1BAzPGQ|)w76WG^`G|wwF zEX+2{CBs0rAud1O0jgJEmy`vJpvNo5FTu}T^UZ3OlHMJM;D)YaSze+ij>8k%1v$St zTUso#k9xfWX0Xy^?I#WE(j`+tj=ToNpcV=8x%kN?;ZDQR?yfVb;a@DSd1Fm!9}K(W zh#oFw-Nc>IB?=TWn`T9NKKnywD85DRd)VD6;m9(tD~+@}tHUafmByQD{HLZ1IVI`l zxmX+GofQB;W=mKwB5>l7>o^8e^E9#?f487ZA}hrsy&|3|;*nkvPqlcYSDcm^>2B#0 zXR_QVX&9BRFJ105j9I!oT|eFo^O51_@z*~>Z2oznh{(G(l3qUKP{Z87=0CcndozIu zb;bFw#`y{RVL7)6B&S*rUBu>Kx9ma%S#Aey?UZYb)8d^N5EwN>`mth29*(si*4#x^ zNw$!)**}^UUUZY#yRn}b(2_eACO>6Au~FQ~^Kx4@^XtY920>?)7jhvXad+S8!X=>y zwhElHMY(>*);;X+WSvJpBsGU;J6rxSF>5ni0uu=^HkVos$#p#z@=}zDrR{7f1)PK# z%DX@#baP)Z7Ogazuyah9;|>?|5@_UXnplx`WJ8p-SyTsTK_G3{;j*8&9d{r(hw*-b zPsVet3uU_}II={m(fT`IknH!T2+1ylWI0MV_$Ldl{P`zm%b~1_<>?~Fma@DO&{_&4 zPX~{kMIxUFogLIVAW#*{2+TF>2Ud$(ZmdYd(~nBM(vM0G$i-vaDCweH@K*GI)ZJtx z8ZiM?h`|Qq&BscuKE6sYH8@Ne>*ukwx*wUj+yWJ&S^W(~LVNXzbVD(wGe5mN-7q@3 z#fFy>#Y0S5oBoC|wmQZYbP0tGV5|P`WeC(voo%78tR3Q8K2!$@LuIzhB0!K$Kxc8f zKZzG-wrd3r?OpM#^ntc38Ls8=Qcx^6`fr)6&_as*FF-WGUE74zi&GPHFR7R451cA^ ziaGP->91pRt1Q4!lN=?0WSu+Ddjib)s_b>K))h0tD`)dJ)t@|x1l;Kpc#tIHM_-|u zZ-whbvM1L;M><T_CpI~Kh?c<#yeCnRmuxcwwEU5nUW#xx) zBwJ_=|>`Ki0nQn*2`BN znXa5D2WGo8WV_>Pcdx4Am;scfnK&>py8aRTk4po;oShQW4K|Pp4e=06)QigW&+PDWJ*}a0EsVap>W)r7;whI_`+*-x9q9 zJN-gtf_2B`(Pv(sak26fCTz27HhT=I(ehfwVs!m~f{xseW##IA!Us;S z_TSrrn!WAeUrvLVy{&&aa<+d*j49Fs3$6Ti_X%R@yo7s`U|08g%OTuRnF@OS%MM7=6a>@}BvoJP&6)-gvKt(kK)3Z%zWZHA zy7i*{%#Au3{Fq91TIM=;4dCwHDddfz0`_@At7zS>Dzm;tn3)pL1q%#4hBwUxtd?*m zst{MV3pdtF)uO$_anQtUvl$mHIxcDkhPIPJNNucS{$v-KKsU%9xR%|+w_6U*6iLw@ zcOp>LWZWq8To=JjA%4T*^9woLHW#&J zDx1tGI9dei3wdj2_la6Frs`4l&vV#D2RRu#(1ZZLITY>N&8R^^upi?%IbN2ewt?h4 zur2_rPP6{ux6qPle|WC7%MW-0Ne!y05?b5tZiIO#<~ToDG7JyEWZ_H z9gOBBB$&(Q=3E_raS>NVWXp9mOW#sEHyMoPCUJ?Dt0$oMXbBl_h1gDM8#|kZFOzF1 zE9WyRzo~phPLkJ)a`DXTDpCpV125M>sf;Sw>@-*EYDBm~e?L&E8tViFgPvMSYNmY??;2IWFGpPl7?XDdD8d^ z$B}Sfb2Vn-KLx!wK^}_lSyMti4opf-$gJL%x&IZ?XS(h?tO)5#`G>P0a zfLosLI3Az<@I&}uRuk}GYEt0%kVDrtQ9mWouc4H#ZLb>7bL#oE@jQ;lEXXFaAR8rx zB(UpolvWxFLx zJ_ZS9Rk~PKr2=JErQUn4y}JNoEQcLe&X0#DdaKheU7Zd@=eTBWNgmCy<(}}^Y}^Xf z$-4AcFn{|45cYMl6yCC}hjxm9VWk8>3q#i+)rCfZi9)%Y1qwwxMR}RkZ_Dn8)47Oy zFP8(rqOohZO^^|7IsjGj{sH;eHzAZ|f#*u!%7Fy(8cd|lL5JM;Pp-dK+Itf!h{c55%Y)qI^$N|!@?BsPW! zhHk@aKkSilm^@^?WnL<#Rh8PRwUY%Y2$y(aRG$o(*;qa@>f_|lh0WTs)Ts%#?Jd9j z{!x^VzWymvddMGzCu`}`Psv3IJ`hZuX(%;yij1pma(MS}ppsS^BaQ_+_DZXVu~_sZ z!NyOia-J%mMkzrVkVln26J2zlDynVC(bur_lX29pX*ZUD46sK;Yf!00b=uHdhZT(V)Y_&6eA`FcCWn4fR?N%6x z1wCnrg_nP=(EDsF<5q;wHn$IdZp#2Uij8?w} z?yt^;BoA~(+kG1S)3HLC?d}`=euO+e@8x9e^+`=DFnkO5$BvOs^G6w+*U#{JN+2Tc zZq^*bLiS7juvI4P2>SO*!Cv1IO>34nah6A^OYA4QXl)?XVD>4m?pp{gvl5)@fr$Jvr0O8N)x3IP zrXyr$!)@)Z^sEZl)<3(p+CEr${bXnKFZbBb6mh6kk`5xxT-uRt4DlebsN%3AE)3iM znxru2Gr!z3W^|$0RLc{Ycfwh@uszerJ56iDyobc7@yk1w+|=Tdl#=e1MT9T1)ttXX zh9V)?Mf5NCtPiIC>O|9Yz3eAM`fCONr8ZTSsi8{@MckH$ z=I%!xx~%|OC`b>EvFA#LY`xgWiXvyg{o`>c!m+$7PhhvJ4lXg-+A9*u9e$?nCe0`! zXN)w?BO!a6%!`5K8AnQgmjNx7@}|gN!Yw&T$i1Rt$(4h)8W;;8Q1yks3_@1Dn_9sU zd)v{%+yOH};5L@~?H?5bU!;{GSzZi$J|XDnAI-Ag69bov82D3EPsPCHR5M`2z#y%n zza*_vU{3;EBog3aBjQC$EZ0ws5V#V7@7HzQiV&EKhO${CY?=u}1U$ePs$@x3#rw@h zGOLo*v{OgXz62O`;P=LO(|_v1eg`8lK^IuHoPx^Qx}TCgL(S_6xY}uucDcj* zmfqeauxjFl;{H$#0T<=^B~=5~Rd4w%{+fL=AC!Pq$2z$UrTrVLB^Sb*GnW_DYRs41 z4xS}i%1Ly=QK!~Od8=-=k(fi> zEh5hI)XSKNi=d~2mAFWd6=Os=X{9?;(}y#S!J^R}OLX>;7k&=^7=5^2_{E64CTxz{ zD%$O}t%2lZYwi`W+86u^x+iPC*k5Y0egXnat*6(#?pot%ClXNo3W+M5Jy6`OvZSQttpR-BRxKZYDO} zQsMN9xGddLX%vIgEme}sRx{hC^>mc^F}k%S92}V1QfBU^91E?6iwDkVDdQybI6AY8 zcOY22!URS5-tOMS?f0Rl5Q&HsIrpGUOYRo{5Izr(b~9KN^M3nu8aiCTPtNbd?M|bg zbc!VPq}W#_;4e3X?X_hbU*uMmyQdSGTUFt<7)o-Qr!l2*UcH{Vp3ZZctBpTp{0Vmj zj&>~5lV`q!o#Hc8k-Dd2=@BQ=+t@f_|Baf;%A-6XN21b|?#V~#3WP>`iaaqcF!Apk z?B6$ORNM_x+`|FD;XSg;jm_*A4U_99Thkax);MC6I^C68!HCeaEF&sYXWIXml$w(7 zLTF>A(neg;(P}T<43o}uX&a559M?9+-71X<^L8Q?#tf3YuE>#^%)jkA?^k>8SINXY zDL*lP#Tz1_V2;Tds{>7Pq+8)11V=YTS)FS;IoaxJ^xAnGa`Q|??{*H33qJ4MA+4mj zwXdxznfjXjLF5LbP0N$2bNw{`Q!0I=$6{gvNahp4(e`mBb@0VZeWZ4GwD&7SPJPW; z+f@5OwB>_t z>fWy21`h7(NA>e$+ZLW2Y6$W(rk?}6E%o94hEe>C@0UZ|`f>dYOk4F4J;<#;ic?&C z6Z#uU`HA&6jD?}JBef4Ux5l|8`pv&1cz`W&sp!V5n2gJjOmxvU?SrWa_rrRx556`g zkI!X(Jo;K2r)y8>PByx}nHcC(L?pUu?2!{?I#-u>L$8C$+7IAB1A;-_{0ql-U)HQ6 zECFJQ@oxym6RZW^qVUjiYzgBh~U#f+a5{i1Jd7bq0q=V{tjt_+ETI`ow<~ zNh6%Hsdjg=s;HxN>Y$x{FZcmB$8<>wF|WN`)?DzIvZ3=t(5T1JJl|-6?gSi5c=>|- zVf4~POR~+aw2o~!W7^X*MYS$ANEFLDb+SlVv_xG@UC?n@=G!cY4ai;MqQhr2-M_E{ z@GQ`a$g z3^W>hZS8Ues7n44?k>q6sn&r*N!LE`kL2&UeK5xU6cqVgVx*`gA?`Uux6EM{>R%dk ze!2ZmvHtcVmI2ruyNn*6Gp4^q;<=kJYI(MWZPd<|aG<|^O#fx2{Y%GU-P~R3W9x-1rh;gG$a&7DcLeT0B)a}WLGU!@N?sLf= z9^JB{>hkE8HB}3kQ!Arecm~Zo|8J_gEbp4XoR!`3u`Cvws@k^yAw1R<*A;nJV*CGu z#~zTdc6AwaupTR4E=EN~KFyz)Os`sAyLk$AN>28W744A&$L03>2#)W?#rh~*doa50 z5!~ij;tg?ayF)M=UH>BA$Ytwr?l8`JoIf(o2Aq-y0F5{?6#|Y#06mGW<3zG4(HQ|v zc_FmW*VW$eO1PibSyj;7bEh0U)&`P6$W;~$43ya{8n)}iR>$RX@X5i?wa9De_5z5z zj)0iSa_De~n>`3?BcowRYD*=Sc^Uo}dv>*#%IW8NC2TGrVO|NOFf^G4uwElpwAnMF z0K}dV`^A2z-*S@N{3cW0Jj}{Zz^`_xS7gmVZ8mw7^+O^bKbv?R+zW<3nGHfMVgtY^ zv3QMrMdz-%LF+TXkMM!VRW2stL72gVq=e!Yh+J$_1a^Q>ispJK1utGj%q^I8UXK1M zTli5##!$lj3{j$wL}GSsOjU=gqIfze^BBJu^VcwHIi$IK>@&;L^TGrH-%#QaYeQHa z>3I<%VB8I*e#BTWLPRI}QGH;iPYy-o#x*P`a3802FgOn4WeVaYCQBHFY5jGCSm*FX z!?$wiDeMR}#KCs=s*9wTjTJLPf%YwO-XP~bZ3%0cpGD^>?lKZOyE|h$gGHI^i?FV^ zJlp(X;Hc=9TQlU`KkpE(jq2j~>MnpY%`p*j-;T5Ml(x?Dc6St~o}#2YjVC;(IhTo2 z(^0t_tagpgo$o0#p#}MhiY>Bz(iHxqM&xp^O-0d3XM=0a^Xp|8yw|ih6vi~os>_3X zo*ewvKU@IfcP76&zl^MqOAsf@3i%XH*I0e$SIAd+mGD={ZN`tbl5zOm^FkYXvxU2; z9Q&wBU_1@&6g#9vgR*AjMakqbg&V5(X|KQAIyb#`+Dz=wCtIzZAi;jRWc%AeL;CK^ z0>=tRHeR1#kRhagnjlb=a33=cL|R%5b`sr3!x9%+vNYXMEjT=UdVOIVDGE>gjs50k z61DLFqERU6EOovx`%xA_fd#CJ%iLydv+Q3^v+6<~sj<%$t3A-!Wm*Zb^}l41XH?PY zsk)oUgz%{!3KTjseQ)95+COZhGVb1{qf++HQ>=^fd5-n-{D8cnUG~l+nUavr)aOX( z{*Gu^(u$gW?#&8G<<`y;eKXNmUg2IxpctO0h%a!@*efI^GfoffkYrY~+oGvLwR_k6 zg1JnNX~;UHbqbl9*6hnYDEmLR!hll1MRIaY27zDqg-*z5uRntd)k zMtM(2dCsLFdpOEbsLMka5%~@GUpc z{Equ$u^9v74jG!LXM*$j7P#i*)-!ZBm(9H$hjc78GL5<``gyUzP^(9lMkpp2_l95+>+h!6(w~UuSUH>_k zEJm=}E$cI!sAq*i)b02dsSZ`GCP@CxI>#@_Dy;t<%n#6o)?dmpOaiSc?$(G|-OH|a z9xSJ+u&znMx^fT7#x~Je4*T*>y@BeNK>Og)*N@UNyAKBH0)ZRe)^VNZGpVAT za{|RI6Lq=SKfb>MzRZO7FnlW$I$pT%B-)d?{^-O4;lJzU&0UyA_4?OWmpd)8zL+45 zkXU8EyI2}>$DjP6f+cL8E)aoY$DsXwaq5%y2S=rNX`X4Tu1F`OTIKhtW7^%tFDk>% z^~nTa*fy2+Fb)d0Aqn99Q$~`%UhGkUfYVbYeca}JQ-9?hYVjwW>tlip4x-wFJJAEK zZA7=~G-9G#8poIu5!NxR`;I3-jDMT}{g%g_IS4?S=vViW0PK<0gfSD&ow(ZTL(w_A zh>mW(L=Mem9VZ1WuYD%k+aURFeI~lKF>G%yr9W=1CS?7~(e+dKT|SfR45=|)wcLl6 zjwdUQ5ri{f4WSGogslz<1v%?smw|`p&Ji1z(Uxaw-??G6ED-i`cga5r*%$R zU{u)4Y7Zr+gCkg2%&pOjQewuY%qagyIY7DYkS8BPD8g_PTYSRO*bouVW0( z*(3n=j@VRgD~bFBZrG9S(o`h$Qn?X7&G$&-%a+LAmn}u@ANbIf?e3;3&C=Wb%UWFX znZkPs=Xhl=m9pi24rHtESvV!G3pJ#R8!U(WB zpZJuv&M5kxWSbXYQ^$zX%A+V3!V=={%O8k?OQc!yaNo;na&B-Hbe@cN87Z9i6^?hI zImUaH{M=rJri0x5ki~_JHU?w4b3@E&iJ&jdkpFp(-4{yIQMrB?aMm3$v|fw$2~Eq* zBiUmiUCnca3b?^ZB5vjPWTk8lQ9Z73t}-?;d&0z@TFiR$hL9UaS67%~SX5a>v6_)r z!oUmit9N7?Wqj%dnMN6(EiyhEWqj(rn8r${WlFkniqjZMH^#D!Y@3+t#yShbgw(c# zQeU=j!esfUo|LhX*Egnd43LY%jFJ7(maL2s4F1Tb=yIcV%ffJN_0+$6<72qqX`B`W zIet2%E``9ge@V^&XGprrFsIk%PDB1hcfkhAJvQ((Y(P-&v4I~mth;weFAY*q);<)z zf1c?4h0 zT%0S&=620SG|&-Az9IbPX-1bWGu-ZdLV6KS*PXWN%olUp4+W{f{l!iX|{r;AV`b1%G!;JPrgV07!kaPal13*`|fc{4*7 zj7?Ru$ZoovBlIt>`jmH;P@8YZiP5ctajSB{$1#V<(32GISmwOJzPT*$q>yuT&H-mm zh?Cx&zGa56&uwQUX_&K?U4Bz^>w++=*9~(5&XQRAR#|!W_lXd5dHQR*-t6<&o9Vk$ zFl??pffVmtMXGNORuIcMy#tgAV!UIa<<4f&Wyp5D#kXL`nZuQi#c9pNnNyM0vl(Yj zWm>av=2WFMhvm+kDXje@ZFK9LDbcOZT_i%Cqd?>|Z1PQU5(`B<-Ef8T>4nOGx2<2gflf#373qZw=}(K2?buOa6Zo2j;HV>eaBgo8VF+WDgy!e~}4ViAuF|d_y2VQrgE5$dr$nCn&#( z>WPrR96EJ-&>oHJN}in|vTY+LVYc!{%#(~#5d>iZjcqQ^yd@k)*V<}?3U^awCQY_4 zvi@3L+Z>Lr-zZ_tvD}Yk*(ROft{?-}G8H^ewEkUTW3m*iU<7``xokEsb0U=FotWIJ zY4T{`_PG0kk~VYM`E2PHxW`HPO;s33l2IGQS;lt82#OXBVnMIn{k9q}h-6!uC_JFC z;-IyQ2F=#zi0RD82T*NeJA-8MZh%Fm6%Xw!=Ej*cs9-;4WU<-iCZSY4jqZwvsF{doW(Vx-wIZ@1pBn{y%6w4Tx6sz|R>MhU^Cey7xw%`dT` zyMf510`6x>OG2)CMmI_J5_TzJad~=o<6o3)I44QMeq>leM1#4X_5kP(Y9x#;d9D}o zV?wYc$ag{YZ=7r`l!`n^8m*GsU~<(KbrEVVMG2R}Oz7AJ?kh@ew8egOfM}5R65nF& z`&s!#_k26QR1^V-dk?^}sgoyn%It$h$%{Zdb`mafvUl!3IQ6;xwoX*^o6g!8O&NoL zVqYMfENTe8SbOkh&f8)w{a2LaY7ee?Pljy~7v&Gacgr-RR5>!e(wdi@?EZJy!j^&u zBr<}Ab}*D%60 z=|Il8ush%>lL!!bg+@IDn-FdgasPn}!WiL-67Q&%y9uM-A-1;1JKbvlh3`&sy5AD4 z4J1pQF3E_n0(&T$zkr(jzx8qXC*;KacxRjDm?Ot+nj>g&p41$36q%En|Gf-v{;wWk_A z0ZnmjL5i-!Q*79dGEwnBTmK|pJwfJD^E%30C!(@i3fzX)QT^jL)P-agCtA!R15*3i zn&0jm&Cv$^gk}qjEU+|YI!S>9XOz63>w7{RC-1Be$-EiK1~|#V#`Z{O%YF_% z%l$7F8Nym1zSGH>OC6k!F@R37wh(RV+bPA%`8ZgfYl_dzDH2tuM0@9~w%o+s=gKxz z_F#y4lcSxzQ{Uy~gm*LZP={>p8Au(R`i_0UH(AdIo|Nz8bd@JecAm;uMH|9(JXWle1%pNROrzm;ak`9ZSN@eI$yQ0NYcK* zU9J%<8*V%mUk5%KEAuIONuwKwEBhAPlGo+6_W)60YTVm?DL!(a2a00v*9g+U@< zu@44sK3hr8;7DNgVKs0xMM_cgg$QhrQurpMRpMA?4um-8eSW61#2N^H-erkoosZ=jOdouBAc_(V*4+}oSpJ06R%js#vZKM zrwg{%*PfbK;J*Jqk}N!PbtqZVT>I{tKMzM_SUA5)cMBy7J{i0*=FK0fj=@|x$}PEQ z$s*o~Imh}!zV^$+bsk^f>^<@%VKpPz;LN)!d*z@=TSXa;aTFPqJj?n zA(NgZVj<3DL?PQmPolwyH|>MP$r9^3q#1scz#wAVPZz7$w(HAW**n{MAfLO|&dWVv za%Xu@?q~ZwYL0s%?J}RJwD56{ua!HG8@?9p=>pj2ZOK)#u%*ud0j7BO%xfvjTc!I&gX#4i{wrkxOvy6ndA9jy z`HcQWTwbHPO-2PM_w!Mbw`P|Dy8|}c*R0CWKrYzD+eW5Za|2H#1U$#l*H>ipI{`;HXbq># zOf@H3x4>VuLe>+cwC*!?dgKp+PN`FTzB^ef5FWI?oQM5!0qmwcEc}@YWg7O{2QG~E zB|!`7$5rPR$8uHcw@ojONzIw%NUK~~D(tKiZ+e3Xlz8|+y8kf(O)E^A9~_=Wyy*>x z2R4+YFD}yw*{S0fuCMtwRHiSk^n%TAZY4TL%E3Zj_;l}gw)Z>3`>peSTfN^V?{}g1 zyV(1k>-};iP+CxTgfgA#?3hg08_+q1c&rZ_gh-!A@k^S6gTm%qLI9pEoO z?}Yh_@mJ1YC4W=+yMn(9iNA=y+xWYOzx(;y#^0CtyP3Z(U@qYA8vgF(FL3O!$6}8T zBXcF;F{NW8VLBkCui{86U(0J?i0*9hytLv0dVGYy;7n7 zp9=YL8kgmEbxuQFI@2Lf=>Bl`zTC5Zm^#A^clL3_B;mQ))N0gKyck3)L*vjnAER5|M={B~_| z;^8;wp>415#l>1I3iBMs4VX?k-@TWt<-v|vhc5t*yFdAj5;g&wW`kb$49Tx=FQp00 z6sclm0)5lXZz^26uV16E_dV9{Zi|IzU}%hhP7~12`Jfwp&{!UnHGW{|HxPm~LqKQw zpqqWriFwd>1@xzYy2nz-bl=?y679L2piEyEzBu;|-QVljj%538CqzEowW8pk9P6ID zM3UV>P^M2#csQ`m_8kzAI_Z@FLGsD=ah|Oow?&ZwpIUoHrmx&2aTn(UCuaKO%vKJ* z^N_cccHerhq^?7WJKHxqpJ`p*b#LDFgS<<4lYFv$@x1E_&*i@H3kFi1kBCm%wvebw zz}=buE!_}H_X*)j5A||UJu5k({2^ghGwHmy*1Qm1I7PB`VS#e@zacq9(tU>CrH;;R zm2~bOG(4n+;{6N-B%hb@XePEcIh5`DP_pF1c^zZA$gi?>4`D<5x&58zkMN?f$HQKG zQ)*DK-`DvnKYx5xqvdo7!GVaQWdADOaJv3#4XwA1;D5wR{+W76y*?Dro#Q_IdBqdV zdurVM1xnP)?^(G;*?*dqn`~B;kHPK&+IU&H3F|4;Rgwl!s4R=Z>DCom@Q8n9-YpYC6A7~e|pX9ZI zmG(N}&e5EFu2d^?J~F-j_u@3j1^h>GY465%KG#W^K!j{Z} z=hfW?pZk)N67G`*xoIyxH4dp(Rz2jFHzk!vsE%iQZKXbr89hcbV)^I4Nf|n9@#Nvx zsWW3s`-8rhHp_l3=Cl@U*j9KOw$`ij#NwrATXwv)A?P);vr(nRwDDAJhm7p}b3rFs zxB76FZppqwBLMy2*HTjj)$JbKLXHy*Jr@GLJOb$L2k*?oJt6q@GW>oXj{RVXa&8?( z9)7~|;)B8~l|CjZWh$X6EB%yQu67@9@kl#aZp=5h-!Q5a+1>%b_T{93Goa9oBQfMeg0^&R?vWzDcF(p zsnW7oyL&qpmqeVz@$66ol^1KQk=mAUaw2b2p>ED;mnmLV&%=(cJ=&aa%Mye(o}tgq znNAotN?O@j6n8)KD{@juXfLgMnPKc9OB(qg97N;dIb+1Z(dFqP`+)G;uY;HZUMr_2 zP|kT|M@9_Lc)ItSgk}2f<~yG0)gSjmo#{}`_nC`~AI6(6e|QUERQ_-uKQa=X zx@85zfo187@k+3W9a?p{9`JVW0ctf?XC!eQwj-B-boWSbx2(Githf$?m4LJYn1Z@w z0XI?w)!0dIFo6g}K4y1cMgqemyxqN1w~$Wwo6}VulB}q{?)MFQaq8=Gdw$he9Qz}G zN73ph_}$6hg}5)`uYt$Z5P|#AzQD^8GO-@wi@yEzFST#=+}xw%9=NCZUMaktgL!{Z1hWW zTcvN^yO;_@Q9OiDGzbWWC`PN{UOB97gMRHN2Y?GK;HA@qTcmro@bFb1OX2pDN~X!P z^AGj0zdyc42UKpW#JOG7>NA8b3sx~Wm)lxEncRn)Brp+2m*m_L2MLZY%F}9q%F)$( zx>tJJX<3$TUWRgMx|uU&E8T24x4u9*PM<6#u#C<3`e&1))0-qTcf(58hRbp8x6)1G zaQb#An0z~ZyVNb;j_%RYy)x@&boax6*^4LMS>*O9W8)bWUP_lLTo$2(V=~PVv9leS z@Ba8DslIN>PStqP!#uV2vIxe-PqbysIZmw`zD$~uC zPD@p~xytDihK{y}WQYb>^Ax9LTDp0f(^8#ouI8*=cr!+kn`dO3o2Vy1E7Hv?Xs|T( zi`3X@NwUa>;!!f+PaEm+baPS~(XHUCiGpjt;YW$T)6xAAu507&Q^bhonml?tzb*ak z10>^Z!)}v+JyJ`1n|q@GxeMHrDUo|wZlkgvaFv|c*5WQOu(b!)yn<~_ZUzi4aBU@G z?h%|ve&k-W&x`U$gIVu)&lJl`H-{khK^_m`SOO-*%RJL_dyKw>$hTUcCF^}qWSD9! zqoN%VagEiIMFIcTlK^s>S5hU2bH3Iu_=+xi6=%I|` z&@y+IX-KxYj7kIUiMsxkv@`)}7-`4XHb#G$awp*($4LiNne)xSF zzT6L=k>!YTN=S)Z z;#r&&u@G6Agbhz{9@OgZOHOrG!IzU&*wUj~GQHBc+U;wPMki*xR#ZmxC{{QfWa-yg z_7AX}a;F{=OC6m*94|4)6$K~bW{jEo4H%5c3A(yQPS8#K?Iu2WWbM8Ea998T9$&{g zY#D=D_mO{TWVfsahtn3?>(&(ix1c2y{)7wPJQ0#hzZzyKRh|6W6?G^OJM1s z*zj%`R10*{2Heg}h#qD@aN9i&K} zKc|3@X2iAYQ|t?iH3V@dS&P}r0r{~x58fxTZK&3g`4e#j>N#P~lymMoX3Ri16Ecx1p0Vz{ChmUtoS-r0 zgsLzTBJ|oS&kjz(8A&)l7KNL6u#b9dkre_%;drZ_-ZK0>n3)&DTB3WF*1gQsgF*1o z`p+PZU;k~iMHE4h^8By$m*onT7|nRC3mw)#$)A`B`Sz4JU7LaSfj%yN;}P+)g7z`S z`7y5z2mN(v|A3VIY%*qV6MoD!X-6hm)~H?L_uA(}fmOq`Q>6xsnn_kNQF;YPeHNI? z>TS43$;^51F}^uMR|OW4+{^ty`ya*8je=P+EH=Km#wV*0;;t~h zfblIBpUS5mxf&WU8V%MLj7FMP*`nk*=+$lHYcN-uoJvT-+){7KmMrEXP zl>13WB(U6(@@`zl+`FC!;H3g6lyTfr;Jm8>_Kqnv1MBxKjsDw!yh*c`{Jk3LdogIm zARSSInkpR`ltN`PU>|h(PQeX=nniIhi7by6PW67=e-zRR}i#U3TC#`!C$9|A-SRs8jJMMn-WbuT|Sp#FI zrro{LT#+!EQ!0S3_p5a~MQiO5nP+w5PhJ!yvv9g)nPYEL$JLIlBeunI>;VbU9gbt~ zP`8X(5d%!N4#;ubMSkntM>O{c_eX3Ycy#ys?&eqg!c)XAZ4&=(&o6Be{~pgTaG z^S(0T-0R56`rHVV#N723P+2{6!GWuSc;l+eyQbihDJ|PKEgvRpNdq@M?~-+-37d^e zQn>F!K-><%n^heP6DW=;^xQLAHhpDd2GV>>E+ zS(SUjg>;V&%;QJ5Jxa0 z#;}CIzer^v5n<{3>RB=9RN-%eD$JtF%S(Qg-yp{jwpbrm5via5qlf4JTWUi76OPEg zG+SRz$)cB+-)ohR6eH_P`{B(3kt)sVlR4tf)=PhIp}^anP4QFwb9li22|PC-G-KGo zp!fb8yaIzLE2^q$o=vo~0W6!z8&=WYyCe_vvpByVNZu3_<9e)lRa@>plau$&y1>?-iK^MN88YHY`w2$CCaDD9MHgW#$diu5E(8;a_Y2 zu|NsSob{M8t&zD+`d76gjS$lCS4U+l++XXtk1XJnqa7vf+)rgJyO9%we0+YiFZl&$ z-i&nX4CmH6q*~2Q>G~$$9Z%QCefQ#Y{bJwE+rLOw416+OpY+_lUF3jno#bO;^_EN` ztxp@fC!eSV+fNF666UmmS<(9bSdYftPi&X?i1RfW>|BBE5uWF$FsSw?!d{~5|DEsd zr-XGa$lQ82KhlX4oTA!ddT@J4I??aJGdC2?Do$N5J$TZF`l4A4MXBY|gA+H@7td-a zPF*QI7~W7HoYfFa%`N1d|9`pT66+DaP1u-egtf)pJD;Q}I{Ptlp-gu6$v1Q-YIvK& zqg);bP`$~i^U7FcV$e$@9OIli#7wbleU*SB(2&bE)OuWPR%*UY8H6X;I8o@YoF`?*&omN_ zubbF(M{H4gt%#Bt31#9UM=4dtztD50el_QH$++2&Vq)~Q~Hjy|AL=F1bU z6G!=M@L{TBMZpSes#784Kt@N3&pwU($HSjgzW{#}fFhgV?*@A42>d-Xpe261z~pOw zr1;TR$p@;`~?!k$W!y z_KuG`Ki);Ow?5VL?5h>0Bkhxkt02CAPu}nIr<16y@G#*^{wJTlb=u+iwJuY?k#8F* z*#&X;GDE2sjH1(1XX>@HYvf|aHIGTwF%;!vs0<@H<(#En< zEyNDH(#jSfn%W7Xt2HYSO&V&>ZP-o=JKF;+23ExoYySzY2_Mmb_zm%XL9BP4{qbik zFSDW2Zq%KHcb+XQZ`9p<#oaq}e3(j0-Xr*_)}nlSsaP#y*JVGS%d{2OzR2y4=1PV} zxaRfRdM*PF!t_c~qta``!)4}>3n!9#?{H}sFBqh_{8Y9yJ+HFEd1}$1&I2vNJh+O7 zKi{g6@~3N{_@zHNTGa#Z6>^9$q8^r?k0f3Wy#Kd&Iq?2x@iLzspsPMYFYpKI5KhZ3 zQb<|W(W7~+6`zkUpWdGMxb)PYK0;qX)^CG`A8_$ivVp$-Y8cBA^c8W(uze_?uZYms zn;7$_?RoloiL`NdBI9&~z8)-~FBxCZ*DlzUQov#KwT8r8py9IM2F=zCQn04uGq}E$2H2bw}Bh7Z!ZIpa< zqPt(i8I8%)xiLfK&4VZmP_r;_dIx~TOg7(v)I_yfV#0V8P{R254^sK#MJd6Mu+ncG zf-dhP^NY8B{;$LFC;W|io@46it)GjMr(194;a&v9GH~9i*DW3a&ttjLU(8ab2uB!s zvO}Mgko9DB+}*NOP=UoL@ch?~cK5r+uOd97U&)Ou5|n23yir=nGc;nBZZ3uw^mWLv z-1@o={!RPJ?%bafn;>%2MlW(#BKw-)oP_}=E|0yd3@0>P;zlWk`>)tb6cdqUl5KR; z4bz*9NlwxjGBsHrS)AN!g1XU7tw zo_epJ&iWel@sqx$Kr*cqa989z5n$X^Fb&*x`|2u-orPS8 zl{bqjxB^}&8;9g4+ufaH?VYwodt^*-x2_9@)rQpMHZ3;Xeds%ccii$tmSdIl2)EO= z0l}022csz`I5HfMiM!_!nqk8-pRaN(u7A=nK4;M0Qnq#AFXnX6Q0@{PRVW>(bKchyX3w-3G;$ekH5&KGon{F z5j-;1%#~N<;*7C&L}ulPUU^cgZZ4!CeB3<_GRkcczq?ke8qR7g z0j$x5+6~;hU@f;r{BFXB6Q6vX-hRG;L)q^OX0Y=1x<*Ol?fJ;d{YVLt&qvmGrhd(` zOB*@xedouDL$)w-;QL#HQSZR_h#X}8S+D199N`{*-Uja*IY;yH$66-jPNpVI7{nJ1 za-`7n!Bf?SrJ*)t$*&m>tO_s0}xXITa6cm){^k3M18JNNnWm&gbFd!`%XMcHaAX%c7 z9G$-wkF_lWKLZ((Q1;0*4U>ijJf?7cL&59cZ+2}@0AYRm%KcEL)q}r zPD_l7qLH|}^+$$sT4b9ch85hq2oYCjD&hVM$(g?B_e!fJFEuDptBjQ1tBDOxU^QI3 zK@TKWyEAzztJ9w=O^Uw1zdD+ELoCJmvMFDrAK}+seveol8v1fZL+)(te`M%9D;*hd zzkyGfdU`YjJ-#!*Y;hEM%Pj#_z1D1pY5^@MK+eaxvUmxGL@$VE1SduOZtRI5D{`cmHh3}8lHw=+aI^16c`CZ}&Go;4bI z-NAn(Pv6i`G^<(Ubq5b6D>gI~&uSKV-N9Tkx}hOBt2vk~Ic|V=eEc)=Z8M~)ufi9k z7In8#fe!9|{qK^`ygm=H$MMa6K)~IT!cHCX^fZTye%{qsuu88N;ycUYDda|Oz*9#iG^^K~PTrS{M3JV>&ymI}=klo41* z08;{8DJ|{(xqiQB+|sRdG2begye>9Q!k45w(9tbJr&+MUGeA3L48CBsmU@dx?iasH zIDGjp_Y0bs4&h{0LqYs|CjJ)%@#ef@6|7XJ9;bHz7<+Y7AlkDNm-E$?6xQZkTq$zY zcIO~nQhxFW$?JrSQ`Y|NLWimG@yp$>jF&=XpLw}a#IjdU3GmjeW@z<{@oPDL)V<^@ zQsB#wah#+=bKd36h z!G!%-RV5Bfp2D#1;MAeBymJi9p^|I@?pL5=j;AZzkO>7os#4QdPGm)IQ$K6Qc41bu%cFHA4LLH3fHC82Tm3>{D`CZn7B05Gs>-S7QCX}~%+pP;<6)V+y3oQ+jg zw8KUhh!YBZ1LkjZZ}$#C`k-~JpFqzh{X%wqS5lM>-}$Hvqv6|SmLK_;@vxj+)CMCv zU90Y{Kuin<>0F}>)cqrQID6SnRk%@V7kBRxT1Meij80ctyBQRwC+n@(U>K8tCdEEUX9)CgCi1mZ) ze@K(UD9o%bb$@f8qH7qt*FQ7i1=%`&wyFCe>@xRRAkgQBIPhy z;VZ*jgP6>>)!Oqe#J__GR^$$Kn>$A9f+d*z@spm3E!c8LP6sK@p`#rADjhns_Wsp-8c`^Hf__$CkaIqU<}8o%PLvgr)8yB)mt$A>Tpk+XZo>-ESAh z`Bl|lqmQ$bZWQ`d+JrRANF4z8mxC~8w|f(%qDQPX4h zlkW)PmHuS&pGYY6EpV^aYHK)|u*yu0b>qM~d)Y!PQ-Z8j5FtpI!XEJA37wOzs8XM& z`G(t-ATKo(HB5(A5zZ0DCrq(b&zgphCpN+4l`Vw($w zmYlc2HFEzhjVPJ$`Qp zC(rM@G?mBiB`(kJJ^fITS9_*oZKRiD-IK_hjS1Fc+uazAi@T43Nx>1K(`0#j?mTz0 zR#bM~$_Q3bQe};2uVCv89q3ZoZFTL+PwcR}dWrN^T z#D|#x8U&A>_yV8 zuTxVuYx7cnX@6>1gU zw4pQ|v^NZu85e{zvQ8+h0YgL`PgXjPgYkm5OH!}5yTkBJusWiDtmBu#aDpY;*ajJm)^DV0W$v#O zS_Z?QjM6jQvj~?_3i!r6c)bt)-4SpdkuvBLo<%PPnHhyw0i>f)3l)}R3auAvkV2P@ z-nT+TG8X3=G%uxvAjmjyz)5xaR>hf-GZ$%CM_9X%5J$(Ok5LI@buFlGOy)l>}3w zbF!MuFrS`hzh=Fz`T*vJWS)_GRoK=~0{5%TAEIh1d{Y+Ba>F~}eu)WLm<((|21C1) zcQs+&vmRKI?t6;_=%X_&Vh4Ww-2x9qV?FQBBrqL4)_M^j>VAV}N8OipbnlR2c}3=1 z`+2y~EMxz652TC=&-8 z5J>>Q0}8-3O{pL@O4mP|jOJEa8ku_u*kM^bhZ)!2@Y%~0xFW4qL`+1B7qK&6TZV;K z?~(2k{ryo9V(si_KK#a#ej^KtNIxg_5}SID19Q9VovM{A0z z!an_9;eV|ibQrwqpUFz;)?zv=MCCijXKctpx1e`39ay*JW5mM2$ugdiW3=UNh`FC7 zL!nomsqjLYP;Dr z?0QHJ>}6H8Nwxvnl&S6R!vw3lOpN$Hpg@(iJJ%-FzTXWM=goS3{SA$2O&jtkfB zOtqLbzLr^4yYrUK){X*f zl)4jjJjTqDU;4qE7dF!|vZhLhszl`rN`p4leq+MC`L2itokW$pyJSo;f}E9=*}6*V zC!3tIxb@&>F6v@T*Daw508Fv=1^rHnbe5)9R=WSDV`>^RkasQy81kHCo+QN2faF}F zPWv6p^QsV7#M|Dzo~=FHwd-o8@8x3 z$xZZwp|n#~bsN^O_zoT4GVvtb6Y{WAtS%qcx}=CyqUjCznSdwUZz=A}B@v~D(+_?K z=JFGf*PxO5tkyP+_}3in?+25}G(?__I8e?Jk#vQfhN|?%g#*T$KchWzG->@UPYmNT zz4wxVOflDTtgLII=&i>9l<6HH0`poy_XNtw@PHkB#|0?UT-J%Y!GEi>wX+hwhSOZ; zvv*XP31q7GE{9(DHbGZw0o><%jEqgtYhRTz3EGtp+Up0sl@I!FKWH~WBL)Rb76X3d z9*um1Z~2(W@A#1$^Ff>aAX(QKsGI$uz4@R{6Qr+gCEUN^!veI1nKKCOk1m7zJUyvx zK0|UMFB%}Xp})e40Dy8odS5E&{*+jz9_>GQxn-Q3<6-G7U7V>m#_H^WR>@JyGvlEP z!30+(M*R1QU+J~oe&Pi@!sjB%qwOc25l^xd=5_%NSQ+cK%w;msP0Db+_ndU~()1<) zO7}{-jzROAeo(_SW@-8yos^+3?j8yhhtxgY{5tCd3IyI@&ZaUqRMh^0%VpW}+H7ik zwuH!lInf#Z6gv%tPCqC)44<93p&ULJOOJQfNq{MExZG2|+8`NwF{*&IG^=2Q@{W^4 z%4cM)Aox#M1BB`D)IM{+1H&9yk_`Hh?4TaU&0xG60LWd2p{9^kf)Hyb6m~Zt3;|p+ zIE?E)Tq3VF^2l`W5ActSk*r?xCWtiBB>803oSbn9eH+&+d6!VLe6qbh(Pn%1Xb4N2 zyOgz5Wc4W8KncMbm(ZzvMpjI6U}o&ybosp2*!7)3m1*rySXXLm3-kk9Eqh=^+`ai5 z5;dY4DCksu(g8{sI-Ppp7rK=Drovx@X?08U4XG>qN8$xt%G3-{LJg336E)NE?TjTd zViOk2->@5J*n(!e@T{9A6BTd!v486;m?*X8N;B)7BtEPZFX0Z#d0-bXqJxs(% zz{y6IDf5^mSX6_y;ODm66hC?nEao%D$J<@^Rhidi3UtklKW~{~I3|0rnIv-h2FOPF zrfh(2S1r3xdaHyQ`LbD^`G=x1uNdJu`Et~8l}V88l?3wfEQthoEC2;2>;w9>i1u`d zM#+&gg`(r5{bSMZAQ&@DD{vL`gn`%jp!-6(LKfYK2#;bH183^=c|>90FRMXPC)u5p zSw909({0){+!0qGdUgL@{JN=~w59cgeOi_h=s=)(pv6(~#OQZcuTm7>1EQ~R6Lu@a(YHry8pPAp*2 zw^7ML4zDT#WcNlvcBO8+$qs?jiCJ3~hO`(#iyWSnwDIH=O=@#X4+!;!co0>rZXBuL zp#AUP?{DM|a8c?4^uCqWLgqar-bXsm_t$Y6^a<8rTLvg8w?(FA_n>Nqo6ho&wGDCc zZRDBzblzM>TSUT`3Sz2QNGay@$zcvlJBBFo?4?g>Rnxt~G|Yf9gxJhBO9-(~ij@!e zC<`oz_S_6UoD%y$acV3(?dGN!al@Aw#jj9$^zh6J^m3#)&$^%(x=e}lCl_%7gggZr!aqMAF{ECA$811Y7?G z%+LY8+AJA=J^_q!|ATSh+_eK3S-`)JF1cdh(Y<{bv(amxWIboM_4$HSqunn^D(=Q` zu*1r_GM>4vbwPXXm-dbdcJZk)E9pa9XW|;_R}w0%Vmt1>2f@9Gu38PLxxgCE1_Gm;Gcb-+|;cPOr>f z^b$Pp!i?g=`ZiJ8~Z$7D*v{ox0Pa&=5<_JL5euO0{tKi|%_PI$PUuMPc*(ZXg}5GUsk(r1RjN7t)c zk8}6eRZ6AI6)I;mgj~j38w*9wC|i(rsCrpj-2H%g)QS)=GGLOMm}@xwk9#M{n0kIw zhg=nzh|IsjnvhR0a`yba4MG%U=BZ9^vpU*6jm)TArHnlknw86F{c?4B#xH?j67pIp z&8VxE5j3CdGaL05^L$W}?NK!q;!%|*BU6oNkG@~zWwzLUOySY`VjRXSdGyCLX{3gu zObty@f*)W~B6^xWof`J=*z=-P=3=XMlh9any_h-AeEV+PnJ=%f(M_7*l+*@M zO3H@p!4LsPDd~a@C9{Ij_44k6C?=h?p`~b6BTsC~9#oW*KCz*tcvd5CCyTI56qF(x zT7t70Ng`dfPuHor0l?a!nYr(#mx5QH+fM;_8dE1eD7 za5&qyyXE~oiW70iaE~Dmaffl2;_lyAHCBR(M~?isg$Cj!5+#6}OK?k~`Dm!4+{AQ{ z?v_#nOSUO5d6BOs;6Y5)sXXr5F&H0T+TUs;TZBxV4UTY7<4anM~CIqyq{+k*jZABX7 z<4T|ps61ZFv2!M^-La|s0Al1JGqb(+Cd?U`#b)%lw5#rn&+wrzuRkTRF;L57pvt7w6xP{LkCi0r*py7@G^Q$9P{jJ1(ex+UP3bKq9hgN(Nf{m6Y$~SJZ_o#ayvU8KvRwU-QLRM3sCF>paEu3@-R zO;~Y7O}JAI6;&Z&#-UWYj5~zY8&J@p9J*YMG#DvSYnKcTsL5J)V8+FKx3&c(+ z^mg5R-_6*b@QhT)QCtomBNbnN_&8mX4|mdK#NjTw3^`m*^aBnrq>JS+S4Pxf;tg(i zYlaRNXXY4`Bn3~X9u!o(`cmWvQV;c~2#+4IpGYyP zB%)JG#&O4VUUIU3g~>mDPP_?&yof$^gQsW1T+9VfV%-J0QUnn0sg1_^}d&`P&9SB{h&^or;Ac^Q+$zXZZfS$ z;rKk7pL5Zg#MY)QsD+TZkzhP_YvDK?Bol`nn&90=NqcVBqVG>-t@}Ib5vTlE>u4Gj=vWOqAMeTN?Qhmelg{GkU_a~jhOmyS4wA3k< zA)23iSErYXhvC6;t_{RvlFoxqG*W&H{ut}soLu_`7+XT=tcHQrD4mrHn_7u{Fu@3o zM|31B6-koy^~9Ps0cWemJ^0f~s_v7g1Zf#rm>H%EK+WT3;I*T;8=`Q&Qn4`IfWD~; zP%r%bWoE1^i^fV@W?wfd$%dK7d$GL`worl_3mfjGRrv7mT8GH_J}mK%^yOOG@IecH zzF585ltU4^xHhaG`heRYtsjCCaWD2eBvx8Nl0=ImNTM7G3F;$$#Z7_Y zg$YXP6L=B!z<0PFc4$?zs8o3^z`!C-KP)Se(y9D8kdqC|?o6_Pt;(5@;Ars?3kYK- zeXG<(VMl5;a&&~QC$eq&v1OLw25CIa#bIV*3|`I&Q46sIGR7jFk7@@X&=)6_`@cHKbT=6Sy|vUOPV+RM~QSh|`> zC-`A)DD5T?ivz&_fX*@jYk2>p9ziH3ysdR<==dRimi~VHb6Pz`2c?1}O1<5N6{ok; zenWW%weOn#NST+Jn{2H=0d<_+4ecTd>t6doisbsG7F=?yb+iZ^;VCjarGBYRhCeC8 zvG|?Rr`9jE%W$6z$MR|lPp@B^Aj9vK;Tg1YCx_!Q>X#NaFQXgnPEP)&xTx1aIbNu8hnJ*utyULVCh}k|;B8_L*zJ zafZ@k^Pz#Pu=q-C>WQ`j3rb9jZS_^jv>y}Ln%w!!mQPpA{LETMgZID1ns|0RgbH+D zN1R;u;~~#ZFTd^ROK!p^@Gu`5vm6-lup*ko=qSOKU~XsTC3hdK1RZ@)27FtMhMRc; z(Ak%euNZaZZa>a2qU6T8(`t{O$z#@ zwPQShh!^JI2p~K&0PKJSKq8M5Z@K!SSBX$(Td+L{-pYLjBQYCl7h-AO^PX}nm{tAi zii>Kb`hZEj&8${&2UU;3+Jz@iS9Cq*dR*6_4Mo@Eh(%W-T2*v?1y=I+$CFEReKnTy z)85Fw2;O`o)sLmy?qAU$-iFH7X61{^=#zs971$zX(~AhE=95f~C)N9sjn)@K%gu_u^Xv4B>d;!-#JW<>^k&g*a+?!c$Qd~k7>p@xx~8c#U<97eR=?Mq184&qC%Ax+B?>pzYzv1a77BH+jpYi;hiCDxTEu`tF2PXxOg zr#UGC$q+%VlOTle5{N?xw+7;O2VBho*V{Pq?K_#DJv6-0w6AfxZS;vo%UbBWG53@& z0tZ3(axXScv)|(Wq|tP^ar#M$G#&O8)n6pP1zj^Y?R4X7-j;K1xw081qp~u5X6`5h z_Q&;y=Q25^jEco715A!q`9t5lwdE5-gFLagjon^rw70L>Yqfd%(xhU7B5UE7y#wX6KhyR%o` z8JFdq)SdUe-FZ_l9zD_k1CW!w(QB=AOOHlto@k+!2j3ohUsVs8K?gLJFh@2yDU`$fJk@9TbR^njje*2%Uwd%;G>4CRCan z1UAuwi#6|f+?yaTK{@gexSyVL0wN*zIS7On`rvilgs5`jg-ns6Ee?Bz`HU0dD=9(V z>nLa(B~jQ5L1k>_4nsFDWz~JUeaiJD zU!eNv&cI%({)V2`@eaU@rLcI~z_G3{SM(6BX=3vin61G5AgY!(vBThP(Qh$FV@}e7 z$CZPt&?(TnxYYxk+C9yqGRPOx5v@_<8}t$y)~_Zjp@A9`lY_}!V9)k|{e2~_B6?o4 z@)mb^W=q}4QwKI&(wfh1MiRcSIE&j3gZ#?#VS1@$=vd9~Gdk|&Z%sR@#L_hgtl}?B zJ1VmIF*D6|9luj>C1&$OW?%m5!ac4jmKfaB)Q2vqtgMbvO>yMADqB8cW*Z!M8jWd+ zr@(mGT08o(3RP1**|pDz1*;H!_BaLL(?g$sgbM#HVd8ifv+4j>5IWQmWt<@n-EY<(UBb~lv?XJXbjSHi@8`Dn`9@F z){JdsbF6t?s*&!keuF%`51|Oy*Za4tsiN=-31za@J%Jd?kDp*Rk|-Eh)IMrUaJJ8V z_u4P%WzCv9y|s3edoVah;6=eMbREL{ATz^bZ#E)xI5HBEO%&PjfF9{sTWj}#x!b`T z><&?mQ~axXysMATs1*n^@La=ef$(UysQUXog=b#CRe(`|RKO&_O@QwM{-@89?ci|? z@IF8Qehc^mVCW9w9UU1R9c={A&m=Da97S!aDFx*dPeUJR%`}Xsqmd+Sh~}!t4X~vS z)zASg7MGOq`sA!JZp&e+d))CQ7Ie(b8Vx@gi1bg(8Ua6qv5E zO|;fM2u4{BYu!q^W?Jj+rfZ6|?oM3sZR1;M??RdsKr%@MaNssC2eXDY^>qk`Z%{Tw zXXUOjW!+Yrkd=z-gj!qHB3vJ+HD`@+nX<;ZO$GTKf1vhS0HJ7RsP1_P1F7RMH1QXN z1@dD;gwoAR5#8QEz6|7&Iw8SYmqG2kON}YPd*oRm$K<->RN8aelZCr?2NA*o?Nhv2 zTMdm_TitKK*fY>U(Tk0oj%?r}F1c#|o;sP|gzcvMFv~*AUT8-AYT8#X#ah3G!arRoWi)XB8Cdk6~Wz@2B`t54FNAl5pop1>i$ z8nme`-qS|cRbR9kU4!9nzsMV@^#SKmyL+L`W=eY z!d~x)mWjO+aWsrN*$h!rNwc`ENH;(=AV6Iup8Xl!s83FWgzr-{`Y!9$$I0B>zeA=j zO2*!fmz1rrcR7!i0Cg!JqQ)?pv8x6~i}!K#CMu!e>?ERq9A~rPP{yGN^dxbE1Oyly zQ8{PlBO&^UWs- zyz9lcRd_Uxz{i-_gnDMDI*qoEKdamb9W`b>OFaXZyG&Fq2al69;fQe?ud0)j3A!G! zczMt>B6QzcK6c|(m{Fp$jB3X z6J}U_%VFK~ip9!hR4%#FL@S!6-(=8>Yv`5(J%*vpltc{CH<9LGpJv>@ASM;gucFyW zR{I&8SelPYqeoo4z(@Ndlu9TAyW-%@Fgo)>wO|h3Zk<$?!~7a8-*0(8k}G2t6jCJK zxrbzOph2Kz<8;gwx{abbo<`=d>9;uvtz|=PB)687;jYO}-$C1F(Kh2LfOJ3>AP-Q4 zH@xq{EOC#Nh3qpxgKv#&>R0M}Q29b$pZqG+SgJ-e7F)i^v3S%Wu6(LZ_s!T8E*!#pddp?Ve9gTRc~Rq|1<=!|ia5UusPgO8 zX!T*d1F(2p7|Bu3L!hQa(p3Ux2d=>8wy-tr89(!L_p9{OL!AN({|R18C87X+*AjZZ zCHd#F{1Z(4m-R#ZXQDi1sE>pQbt2wGQj^Zed{ryV*XMJq z#Wz*|CUhw{7>YU4Vv{&?Sc4Hd$ya<7u{2tsYa3723 zIhxbSm65(ols!)mOp$>~^WsQbsV_}5!S7EKxANd)!7@WlnRq(HASB049b?GF*@;p2 zrJ@eas^zg7divxKZ*ikwMF2mXn)%_ZwT;G9Z4IaPeocNa`!t4UWe#3ri;t_}s(@<; zJsyick+&KzSa;Awk2ua=igl2;g}g5E(kzd7hP)o~()^CtLEeqzrRg29g}htIOA|Yy zp1ixsOA|F>6?vP-x9nI>9B^++vQKQpkpg|~41n6=! zx=MN;Uc^Rk+Cj5BsO3>uZ^Y529WI@`hRC-E$RjlJZA5+*$gBK279uSy-mFj{%^TXN zu5h)}RaD?T9V{RGL*@Rcz?62a_7V8eDmf3XehguPF4!dB+H2j)#O zp5^JDgL`rAea0Gk@tVarhjAX`LdHdmos8!&E@xc9cp>9T#tP$V#x;yxj8`*W!`Q>P zj`4cN8yRnAyoK>r#@iTgXS|c~F2=hV?;))E4Uj(?U;z{YW&rvF5&**hNr3ABsel^+ zS%AraIe^;$3js?2)qoX%)qq++9bf}sGvIN+Ho#MWU4UN#_5uvU^k0PT7#3+XY3`^% zSab|d6O6OO_qE#k>4E)q$FKo*-8oQq3>y@14Gy>xt{5^j@k;7L$V__Fr};Uq&yD*~ zpL+yd}1;5^_T00Y9K0Tw`i zKoa0OKq}xyKo(#!pb#(vFb8lOU?E@$pc=3Ouo_Scr~~{zt52+_X!+9Y{W1cJAX2!d zQh}dO2hz{1(Z>$1|IqY_oIZ)tlL~uHPu)sR#+XjDd{;uD%UbA)Zeo2m*&n8QvoW?1 z*6r&u=})hw^lvk6Cmc+l&NH{xM}B}V6DyQ~vkm>=eB_tZ;nZD=r%s;YeRwd|M|EL| z@l4RTZ2L*o$;*YVRB-t%gkcPWZ5EAVmi?#-rrYs_A z%41x_cn;$V#+8h#8M_#-VO+;}BjYWMw=v$ycsJv{j1MwC%J>-Lw;7**kd?>y7~wJf zAh@f)S6E#!h1U9msD!3d9Q`)q^Q7l&+XyNhmCIW9IG4_W(vfvo8|bw>N@qJHM~4?s zIy)<78{?gfcQfA0_#oq>jE^yXoAD{eXBeMje4g<|#wM2E!r0C@k#Q2^bcspiY}-{N z>=_o8R?d&<2kEnqv#_TK@AK3hW?@aZG@WA7GmOtMKF|0fV-st^!r0C@k#Q2^6vkPM z^B5N~p2N6;aV6tw#xBNd7}qi0$ao9mZH#v^-pzO~5+Jfad@&09pYr1Kt4q4)8AEeZXG<9|1lGd8i(r>Xi|oV{$amJW0<$UDJt9_9TV=SQ7tsY5+Ca8-@mUl+;0o__V0&#^&H4j z04M^?1~dT<0m=dM0hNF%Kn-9OU=83qfc1b)fGvRU0k#942J8kr197+;52w_lJ)66w`k|c)UG0;B&;F z;9$@Gge$_+4;dQnPrOp~C!s9Y0a5`s0-kTe}FyQKX6dEe{e#$|B4~u z{-KHC{ws%t+_3OtO^$wl@GOlmbw35x?hoi?xV7%qND9CmK;Zu1KDs~1x*NS-QzGFp zM!G*})kIa!*u{7==a>g#kTNxi@e44RoC8bPeT*SCWhVW2Q#8|lxY2+P4 z0^KphXE2__*u{7YvrVbAG@z-H>&DCpPjlrOobtwFA>Vj3am+zZwTAGE%@|JszX$vg z@E5>Yz$bve1O5q!XhDAohzAS+Tmcvk7zr2+cok{J;o2X~)i5CB7ZDlafzxOT_eVvC z`(w=EetNnN4TKib?Y76)G3-=D_ulkoju4=#vz-qwX0G)tZKpkKMU^C!xz&5}y z0eb<@1DXLZ0geIQ0-OZA2RH+;wno|p0)_%c0Img$0i*#Y0G>jcT>#cegd^-1X(X>H zN)L>V(OvRt?i22hjSKf%;=}!PKN1?!e?X|u;jj-3_YWEz?oYTP+&^S!xIgjAaR0F3 zs=xF|r0ouX0$2uc0UiK&0P6r70sjTq3iu&lC*Ws*J%D|HgMcG|c0dK-b->#I*4Lnr zUqqxa#5ZV=DJsl6C^{zGkDJ%9fH+H-cTjxaa6fd{KQv@Os0VI)H~;^(ccALO8TOM8 zcp2~p;8wsaKp9{j;7-6&z;b{a@E~94n( zkZ}Ld#Bl$W!@~W;9U=EJ@+A)ri~{3l0*vF8UrBM=XK3Q!0~F>Ua`0}Sw%~e?W9Y1Kd|g8C?L}!Ry`N8e zSB#irz!debXUR7tc>96_0KXI99ivc@P}FM4TWy_>twl*X+HSQ}OyOWmdOv)fvOYi+ zsZ-r3sjxpPm)RuAQNjdXyj$k&if|A0yK86?omL6@-Pm8fR4j%}m`d+RpluFtLQ^T? z6XHqi2^?eQS3@@C2YQb5uBYSrvJx>9D^zIbu#ct_2g`zarQ#`;LCad%s*_Z$(S>}J z)8bg2Qn4yDt!4+b=8Rq_4OeUd+9}GfrCLfPEtVg&@^>I>TS;HVV(Kq-6L2U417x{6 z*)W~#cI&^ulnsvLKLayh6*)QQvC2y-JU+bm1~~u>Baz6q)zoA zN8@Pp*O3D&z- z9KHUb=;9LeC)1Ej97FXxMFo_`-$3D8@)63hfTm&;n#zL_43?Rxt+Zb;#NXtYvhMR{jv+(?{p? zgyb{7L_8eI2pbR0g{eb-sP~mHcD%HUNqhI~k03KGvHmWuffJ4rlv4?K87Rgv2OOld z1+nzQ$%DEmXTgJXj(*!UTJ>X7&Z@qp;;}m^4|-jg9ZY&CnAH7yaTPV9_O<_sN26nMiUX(>z1AJdlmN#Vk^i9jH7NXK`hY5`>*l?_5BQIFLPDq>J+GMtxQjGQm*cXkfee3 z5ghNS#p^xvF{zNnk~n0%rz$TNWl!r>?of6H$Z~oAau~{3os7r(Qfh3pxMhU$(?Hs2 zJ#D0(md0`HtqB=WbhXos=%YE%O`k?b$xl|Fj81NLLp?8hhzNn`ekkX#j7xv3BDTAA*c!kVI_ zQ$vyl>_?98L#w9grt^~2#dVUdduMUwPTg`6t7b@&Tty?fFgZ{u)V1SDfo>WCBfHF! z@9p&ax(H+vtmjPu<;E**Qi`2HmfgnpW{wHgvtA&s?|-7EokE4l>GgeO)dDGPjM6Sy zPm`>>RrUxDrOLjhYO$n<)F}o_ic)cj9ha-=4DOZ9vZjkKQ`27VY-CNxRz1Kum2`}i z-Gri5^Ql}?9}f#^NS0MDDcBlauv$*XeZ-w1=~yMai=M4aJcTs6GOkws3l+mmO1X0u?R8;mG~I(l z2IGsxjfrd3De1Uzn2uYOL0oLJcq<3eOiA}8_Jl-l`Gu7MiMc=&EfO@eq+}@a8Pf=>#SW+_<1^!S{DDNUvno2CTgQU`@ats!A zk4>NNn}-7i+VWWkyqs?yJ%=?_fJl4@SuyHW@~W3jLOk0RPDB!{caBlr z^r7HDk^D2Py`+5uWA}e20-xbK`hmJAX*HU8DrjnOn4i`ug2D*nnn9Nj|4?pKNS zaY?(7zCeLQ<)e=n+aW~;@-Bz2M&JadNi1sxQs8Jb6Ifat=D5)$2EoI5D6g} z(`QL%58%!kv`wD&b z*z#v{+;Mm#JF?dPl@8-w>o>r{tQ$+|jvZ_wL)h#hHn+$O!Nz9YmqTnoz--#q?IjuU z^F7`K+f6DT>@7&Ou zN>Qu~O5l8`pk%F3%@)t<5J^{6(oc%Z+vKJ*SR9i-CRl5EP_#NIa%_Nh_ zEM=Nu@~<*slW!^0Qpf~e>5xjc{o69x$`D59N3#vn7i)Aw2xd8+2~S$<55q%R;V(9l z$i-j0IGre%OO&E5(RW4mx_9qqO9Ds3{&S?VsSwfo&k+zGrKci{21{@AC2qv_4m#$C zSBK{j&(%&*mP^9O8fOO48iRC_Z#0T&1QRD}Dggv&{7xpIo{w`zZ>8n@nuW_5w08Qq z$2F2#oUnpOZu1OpmMBN}gfR=H=a$^jPv3J6Em0<;%zIbPQ$gjhN`gpJ&IBlB%O-=aQsYhq&hVw*I6IfX^?Xcw+9CVUu#q_EIofrbRA!-0~} zD(PgpQW+Cbx1NbRt@Q)oxO^EM&{5AanyHNazHu3$K^#Uh21AlwPG)et&%Z9`5GDvO zClh`bgxw4SU)N4YkONzx)^Z!OqFDQ_B`u{SM^A}#HS`8Tu#13SiJgzT1?!E%kk<+QY)3Bt9+gg1gPR7-Ft zqt6&dHslnuK_)j|hCfvt#vKhRhxBrs6oKE@>*Xh3r;I0# zm$#QkpzWS|$tS&dqW(R-Y~%i4>V+BHtTDKpUVL(t3DXM`MuV^yz0gNsu$QYq=3BQJ z#bUiYas%r{Z!du^2lhj0=%?8ax3}=yoS%MOud^Il@2Q_+($7NEzo8%8=G24?Ow3@o z#^7@LS;_?A?THCL!~h(sAKZusdYxnt$(?GUoh)(hIMPnfUT38DkRa7yr8S*dWNG8g zZE=I|r-pZqqVUrc=ODMPU{c_R6vrLX&#d+Dz;k&68;k1csX%%;cXl|6@r}D}bV!*z zxJUzI2JeB(zZ%(-nIK$&O!#9EhAI$l>X7>T)}5h}Vc_$vBlVCjD1?3}FW=GV1{Tl< zMt^E!o{2xlzGHA)e)PWzmC;id^bY>)0IewB=$;w6xE}qyK7=uYx6tPQl`ayQAY2zr zNS~LHE<*2eNFUn6@0Helu%|sJ7wjonjJTdP5%M7HKvd8;po~lKdnWFdJtq~QVI9kah41?)(MF}c7y#}|Pa5~I(p9dPPB zTG0wNg`~p$&p->P1Z5UK$s$K*)m>Hb;<+&pu`X#nl3?#f%$1C8an2GYoCSS@-ya;K zCb$i*KBeM!kMTS#Hk0F>aVi3@(3?D9F0O$Zg8R*{Aw$@hM6)Thy*yo!y#w;3P*HGA z)~<=#6?t+vZglvH8s%$}cC~3&bV(d;*RBb4#j67PVi!45#%agIdtkTrC<)f;J-nBa zxchhyH<812qOmT?NdiGRq*KgNk)F(m!}X=a?VptiV&wRG9mBO&%V@1mY`A^I%? z0^-*fCH3tXpal|hN`=69@8Lc08C+LwXdnlIXb7#;= zDxd_g@9|Ek?I_%h8frQY>--a9HE{*&o zyc+o_I5qOqaEga@^6l{Hymv{-rnxmxQF?lZ=ZdTne1( zcQ;F-o~22b1Q|hsEG8gr^jiEpNl+LhD1s9fm`7jkeoS3>Cp8Z8orcdyJ{S4klfJs7 z-QZ0Dujv6hwSa>N@E%Pzc6uK+8CKb0H)KbY^eK)pBjzws8;V^?h;7$mS0h$ESrt)S z6@f4O3&mDWZKu?`C^aW0qajwe%EXZ}ah|waPb?4DfXxi0WFIFZxzP!Zn8gtVdZH3! ztIHoxoJ5tWq$)y;)Dw6QZ|5wpLc()emM77fS4Bx)bHqQmYiH>wfuWX?Qq5Dgzo4Xj zWYSdeMlk7_09UdiO1g=X#>%ASVrMWZ*)IAAa3#y6q<2!%Xqhxm+#gK3hm#IR72&8= z+yzm(IGHY8%nGL47+^{EL`iLwG)5+^5Z45glBvnu$&x7P2N+dwARwy}CwRbzsXeM3 zGBTNzY>1LRPf0B@X@)qiC#|xTLdPxeswY*{hnHsbtab5puL?Ruqm~j;ibQ(F@ZU%W zH%}{8Vn$YaQ|LZ&4eDQd)2Un9g8ZE#Uxs8+$T1E{lOdQylwFroj6euJyJy23L7ORn znT?{GnIIC;8=`3|TC>HoK3cO z&~}g+^io8DHw}=iMMIfQ5q6D`z<&QVUa8c`n*CFw-BhY(Rm>J-Cu zBH8*hqF4|W=|tCr5K(996klAYDPm7(nc_f{tP_2TByh7Lqz$&{M6yk2IaxrIq7xkq zA*$q@HcBEDyUeLDM{Fa!F=-=W=Bcf>&tHJsp1(pk?Y2jMJB|IfX~BlA44Z4!{Q-%w zTZ&CtjrSR4Vg>WVt*doYGsX19=hE0~l8@b(j|Ej|Zt(K48#C8_X_Vf)Qk+hZv-V3q zIxD8Bh`i(EK8;8`hrCy<{gTejf_FXg=@`(o85jN@8%&XrHUEfH*~TLLa}+6$TKA@G z5`o|A;O2IWx{2>Vup1=q#PH(95b5r__I*548fGbbn5*@<7N^oqPBS+4Q%*C#p9lGU z1R~`;hx#~_3;KJ6roB61e%`84+Wu$OeR;zQor>8*D!DsI{|ls?k~u$b#e0g4e7ayN==bqedIrKm8aj;W$_ zD(j|VgsS{pgL=7p=$oyt~b@p>?U4GFx5WHTMF9OvjA9L=@- zDb_Ponf&_%ILI^U%EShaM)9nh-a@qZkZiBFp}o=4Px+^n)F~h`h?1W|NVGIBj{klc z+wAP4Zg;1w-D=tp=T~3Fs9j%+*!E#-F zpHuw-u1riqBf~lJSE2o3`J4$)Q;AiJ6a`HOdm9}BQ>;7KIGid+uAM_KWr4b?%0wkX z;d7LU$Nwo;($8^FI;^_FN_yD`iBTkxcnDY|v2z7EN3!!Sa@yHhLC%5foJCF>I}6D9 z7?|R2g`CkGno7EAD>=`x(?rg{vhzz|@n?2^OwK>D^DpE)$xg!F zqd6iS<#LMS@F{d)ixT01%YnX4l!k|;P}pRIiNPa?*@J6tJb?%>+3-3l*j9;GwjA0HkfH<3sw+o^aXYi zCFy+&5*Ex?Uz~S)YgKHSNQIoZM+*tWnUX_$1X{{Ov~o9J^B@<3TMeg3UHsLy3HHGP_`{3J=I?R_Qn`A5if zd42vJOrWK3ef|t2=m+Yb!nLP9t?M=*JVd9zmOMiA0rj04)=d?p=(Zk#(A+aJuosY7x^@+dqarH=x*wfN_8V0Qm_X04xOP`o`p=Sv^wPSQF9seXuudFz3|0 z?EZ4}OU~ISnoX=9O7hFIx`{^Ck2G=?Rh{X;WR+bVhxJ7k?^pM@V&tS(Yhymn)~U5N zJOHt2SCB}f4b{;cVYHQs6AMvi1!i@IgG>|0BABuAssdBsahW(Q0rO|iO8YDoyC);% zRGf}S!+0Fdsz8O*WrHQ8a}bm`g=GlIXj4zp*$u52*x#jlyjD!kCmKp!R;={qLp#^PWXO&33knFcWy`^nakr6ui zvOFp?Hgg?&D_M%&D-BOEjxF3BIZ5IJvH=Jzro0G;8u! zq1k^B7J_Av4t0t{rJENBpD>l}u~ghl`QGXv3yXj?z^UfoBxf8iFWq!7i|(d#WpuY4 z1_^$+H%?e!eXLaqQYxJIxCXXGjl~zyv#u@TFN077)U9p^*t;VA6274YTx~Gg?gVV} zV=olI8-OmrNVM0zxNe{;;hwR>iK zvs9+@z;b5v)iy(!D@I&I_tOz2o}I%gE31mAx~Ei(hQ_Fae@Q=OGgwC4Rij}1MN z-QiVCZmv(n^++DqQGX>7Zl(_~gN; zk6XDvqA_%cLIK#B6d}qU)D@OekLOr6lcsdofLMnB{rwb{%aGC2Y@4Yn)hUvp4*$M` z=#CL$qmbPQ@vYNB5-22=)9gkX|Gr&}DOOm)mR4vcW2kzp#kY>y)%->iYJ@wkR7}du zW>L}u7AyB-{{l9PL!Tf4da*@f_+PCTV{091o2=-uh7#J%38; z-$xmWhd2eD14)m!b?=bTuiK6o^1aG5Ti`3jPU0{qGaa)0EJBg-PG+))m`nl_T6=Gy zvlbpFA{ducONoD>qk>j~VT3oP*KJ&WpSuL6 ztj&~Z)qw|UQZ848ovK3E*xb1ys9))&BFgLTPbm?lP(X=z9)!@_ zJoJ{jwXB|0D zu#@hE#H;M2DM``H&dua}mYrmP;%9I|mbP^YeDrHuM^l^9RUL5A`!N|tB1jiWAYCMY zbW#4&McGRi!ABoHU$sN(!<_XB^3CQmW zNbLzo?FmTj2}tb;NbLzo?FmTj2}tb;NbLzo?FmTj(Iss21mySV^0U;f$6yp@%+AbU zyPx^TuP}~=4wo{1I$|y2{dXzW66l(^Noe%5nBLlxo_AZYRM8T6oA~5Z@B9r_Gdcc^ z%f#P`Sc_P6+5C$*KDW2{u=^F+gNYNky^+mPOvN}RyDO2!&ONA1F^-*k$$1SsNm*hj zI}ei6#?EGPMzQlKIsbuPpY1iE?R9}#S;u;Zp#<#)OPWDNzqWO|11=IkhEe{~#dQT| z8xJxvj53!l%3Hd223+j{*D-Rjy&l)Xn44~|tRJ54FUKgV@+2ws__vU+p%NrME`-`Z zM(kThMN=EdjD1`rwV{UHWNQC=1yUO*U*9?^7T(0Nn+m2jtOmvqF&O8gpjOdgV=*}g zS?hj_f~yT{0tx!*2}s#A);+@sJb?tAaT*7z14{5HC#aJN1~|nVdIG8%5V$TZ*r+tqp`)g*$hR2w!+*9fP$U5}&+$NfuR{?MAo z$|_^WIJLpW;nunzKv<{fjMd6OwtzC!uR}2Jr65W2lnIEy6z$nQln^J^Q$o=SpVlPO zX{g{4T#RBTX+sQSCzV?aU?-JQnAu5X5?^7U@b4obdF+*=m-s6}(In`Yw^p@*j06jA zfdikk;ojb)u9a2hwy0~*kjlABl>Lm1mo*lQr%DZtC%b@d0`z1pq481~!FbY{7N3`7 zmVE@a4p29dAWqzrCe0Gpu;_I2KT^}o5QGG6ydzE=hSsFL!SK-Y<9>>mkhB_;_jx$g zm{7R*9YTWb9ZVizCKM-`&>at$kk&OO+d`ReZER*H%jAtekAeqp~OJG67?5>G_T(vx-G^DtSJmfOtFVmWv$!99#)sN zZY_JH%INDuGd(Muj3&uY#@fYvIHrXH=b{w8b<~>Zg%gE5hh+LKA@SDlC%MJ_FrIiM zrM*?(%;)v_)=^8v4)_ajxD%QXJy~>dnsjV>3n>tmfr-Ln;?G*Bet*ktLFY~Rh|{`! zR^M7s>T%o^9M$9QUy7HpNX@4z&C}Y;dX6<^t~-X9HAC>>4zAGRFsVgWBFg>nHE24P z`E7=&V2=;F^&B|&XSmZQ3;2U(V_M?tWn!AYmF@Q}*KD<*e8c*;dA_wJhmL5f9bWaI z(uKzgWhSy#t^-2X_c4Y;bbZt(t&de_lw0?$B_e0z+AVyUj48N1oUa8O=UewNPs%sf z*L{*fdkUcU_W@0A>53j|86P2!CSLSz~(Wx7q533u78 zk-uF(NS#?;&`mIWqYJ4JfpFpvfqzE=Ysri+ImMSeS|mV(1rVDOVd|Nr$l(u5?enz) z1P;lDAy}|^`a`1?GFvH^lXR6L%PH_lOr-)umI%8y;821 zl*u8K3uwN{T&$L(1S(0D`KD`(9M8CtW`$%tO_Jk{Dl$$+4!2{?W@~BVZ>WwM%ObpI zO)CcA{Nu>XXt&LKgbv_E(8^D|UtVL|S z{AK`?mH|WDBP*fB*y);tHw%Lm%U+mcr=F$w0NJ1~0fncDk{XaCkCJ>ENOD9=g4YaG zRb!Md^eBa^iuO{0S@Q{{{KctORXpnQv8hw6`-=Uty2dIbdq_oV)bAiPP+Y2L`jUHo zYvu_k$Q+mdnat+WC0E{t+{lTO$!sq9T{msWHBOvtbX~7p(W@Ab zLUqui6od4riGfqK8+5}7-2GsFYUIZ8cri4xjtFR7^gB$XPm(}i*XL)JjR8L zix@i@&tY87xPtLQ#+8f}#?_2#7`qs+X1s>6hjAU_^^7+%-pqIl~j88K@!&opr$GDU6dB$CgFETc;^_m!) z8Cw|J7~2^qFivFbV4TD_nQ;o^RL1FyGZ<$v&S9L#xR7xXV<+P|jLR8UFkZ;GlCi?L znsE(d7vt58*D&@lu4BBO@kYj*8E;{{mGL&l+ZpdQ}#(Nm=W!%L0Ame7nM;Wi@ z_I`}r#~HuP_$1>~j88K@!&opr$GDU6dB$CgFETcyvHdePGqy0cF}5>KV4TR?!co*Z{jQ23!%eaa0LB`FDk1}p&e2npN#&0t|$@moG(~QqB z7L3m^?qqzPaTnu@j1B3mf5v9U7RENlcE$;e6B#=gCoxWDoWeMjaXRA+##xMW80RrA zWL(79$#@Rqa>f;m7c#D7tT3)-T*KJKcs1iSj6IC&7_Vo%k@056TNrO;yp8d8#yc7B zV!WI29>#kaH!(iQxS8=$#_f!cF+R@tZN?`VpJIHP@fpT~@j1qwjL$RfVtkRYf!mac zv6-=jv5m2vaRTE+#tz0wz%+U%voD2lD&us<8H}?S=P=G=T*$bHv6Jx}#^sDFfb}Oa zd8NZwO{3d~HeWb?b-Q|Wq@mOA&um{2tG3MDg1u@?Nv&gO)DxD=ux7c^Ny@Th{1a~tnr~U-q$02F}?*R-%PU)N0jEDQKxtM^3SjRbm_9i)71QPSNk}5 zT)Ubt#!p?m%pKQ$;hn08AupF-YN;~JwLTTfVfs1W^e)#Fa2nZpv)`KCjIZ!qS7$Gb zjx@Luvuo%wFxwezG`RXA5SJJP8V&A#YW8}_A(G#iYI5=sr`9 zyrR{Yr1-valdsUMPVe$LA-MP{eM94l_r4LSF~CBy3oQod(>2}ux~VOSN{=K4SsIEm zm|ZvU)#kd+`?^^s!F{EcWS7G=!27yG2GfcfNy%$%)eq*imMR_u`Uh@Doy=7`OZ@}Q zxChyBbcD&aqZtS<)}zvzb1;!|4PJj>4nP@o9aiGKh6ib!6kJN~7P#lqojEFT)-3Ns z7QBcm!=cWouqQV{Uew;Ef$$U_Xd#Al&p*%tQPobLn;&$)N97n#GHVeh zeQt|yp4kib@2#kqkm>q+nJnD|qw8;YG0EiEX-@|FjQ$gnuR5Oil8>1A^1J*eP(c%> zTkt)c+cqKJ?Aon<>ci2tZY*%}<(oTxKzHG0sBRl6QOkt2CreDi`nVty9=d3)Z-$_0 z%?-x0&#~hyP1rzd5!U*r;gX8M+3OdWxOep!)4nK}z#OY07r6RBITloT$9TnYBc9W2 zKy6W^I8vd=r23f)wf?tap=dLZa8RHWYOY*7(O~puw}S>IuFzEs085a$;{9%0ncr>p z52Rp!6jxw#4yFZQKu0Xxb|JnyN*qHCA+g_WL2^OUUU-hABvm%0{8{9B92N*`qB=X1 z_O5TYV0KRext>!WErI_y-flt&qx)7p zm%&Izb9Pr#POfyFVzd^ISJa&yL)Gc$a5lKXmw$SeQ{0VOn2TLe7mKua)z3kNa>Kl7 z$+N)Zh(Ucxd<8jLRri^;DAEPJtfj`}A83OiRz>XCP1Rw8?nvgoxO%fG2wdIRq)dDP z>bXiElc8B$Am=iv8``V}-n}O^UgtONG zFWES77hmGH@#V_Ze2H@LWn>Ls##H07?UAVMxM0`79b5Qn+OZYa#(eXRo#d}Sh22`) zqE4eo5qQLZk|K9(gRd=WGcXC<7PWiPsf|vh8VS{RoCG*mXK5C)a_mo0BttyFy@sXa4QH%Uf^^1iz|FiU;Pb zyo~Oz@=1tjaC*;~kpa)xj?3>#d(qjL-&whXqI`=5YMWdNz$VrJW6~H^G6!;vp)jY6 znT>jvbITL4bfiTLzi`}pIzlrQjA@lVOpT&`Wy@>D$fjaQT$_OkZnkb|QCrBywB+bb zdl1MnNPX;|ew)FtWP;g+WmDLRj}(*Eymo>!AJaXS=i^|qOD4=pux>%5H=8;zgUg7S z(9$YXmBT-<8M>W&x#6NJp`3>c8WO7P%64c<{2mOwi%)4ix8B40^3Qm?WN(4ag?M%> zt}+YS5M-`*@kPC#KY?^w&kpD5#{ARJ?inW<0|rs+}xZj&>T}`v4zk6LC5`##o&JFi8kJxJ`RCE8`3EM#JB}O)($ScI z4vFlPXnJR3{>8NE=hCKMOl!}41E0jt1n&-8{p)x!)Dqth)6XrZZE@|WcksXPrjKnN z>%(E^s74wz-2J`T)IH(@ap=Q8FbRCo!&0YPT6U-qx<5>)BaSzEjPxJJtYqee6`x|= z7UG>0PpG$ew4|NmsU__KR`yUIw1>=3zNQK^2-yn!wK))McLLA;Nd$1j~Cj#!P0MD2Vo*4-HC!huNbCLHwfDFW4 z3-}4>u=d~6h`7zfAMWLVWq|Jj9t5lctOj@hKL$7e?U4Nw_~N+$IFB-2kM!R~9!^}J0E`3N4nSYy`5f`FNQdcu z&u1u8C*V^6HXQSmfX{3|I{cd;!)(Zqin7^JCoh41VIRl~{}80X3IoqZggpoNC15q+ zX23|~yARhoT>B$!8{D;UPX_!9?)#z*p8tXj{ZI}gAOdg>{!aiO0q_>tgO1NL1&|B4 z1#kyoB47>T@udYmoHBUcgf6-eRt-5ikk6Bl@iTGBXa5AGt!=Lg?Yi2F6d;t=;J(m#rPA4E6~ z;q%-Ncnv!FInvZ1d<9@R;9fuj%KHNNJP1A$;m-sNhpeX|^Fh#k3|{rn_h5t%1)PH) zZ#g`8`1O23agggLF=(R*djzl_GT>YY&y9$G9oGz8&EStm1CI-`T?-fq_tk*Ih@XOd z%i+cf1WzfhyAU=VVWYt-6)+7j36Kvs3|?PCwqnS$7j+-gA9evq1^gC#{{+AetezyK z9SJxF*=`5V1E6~!*9(A$0BZrKz~>B=6YvMXp8+2N{s?#<@B!dY00C$K{U!k3CVJ`t zKEU0O*A3mR0_+06p8!gb=TC7(7i)05Z#3Kh$N>}rN&$BOY5?m1+W}30X22_elYkEa zod7%a)3| za1&*Kjts~58V$#HN!0Ef+B+kCCT=DF2i zTL?&<3IAk+t!63Cdj)_r?6(j!n*pbDK#O#p;B^|%3_tz1BQ61}p_`ZCtTrtzF(4Vc z=bLjwRxfjDazsFy z>Ip_02ChhQ6W}S3ujI}J(9fd*g}FF=WUuKl-^R4bA?ZDw-WW)aHvBL7Z{+l*Ueou+ ze;cQd3Zy4vAvrH6|8AtuF+>N_>uKpa0zkhE4JfP$>6;BPf%H^&I?YbT|_$G=XMGuFULMHhP+-NN#@GC~9M z3iEp;r2IqEzG?%P({go%YJ9r~>wJ3&mwdZN=;iGmPG#;Mrl;**=3p672&#fW zS@de_9v&!TSVRc_u<-D@mdwNJM21nHHz9otT{0$U7wRV{;D*%HaouCI^jw|N9g;RI z6#MFE`qu;_JyW02J-EC6_2dW-*S{X2m$^HmQ2py^oyE6u`=maN+-cMx^YilghC=K6 zC|s)_x+URIEsWR%!iw|r^JFaUNn}|9LGV+%4Dn0Z0|C&fE_Y}c$sFdF?SJZ&=|Q8= z+J_dFmVr5_0547Mu=IL9z0>LTMXe%?jLM|-EmZ8V>^MKFyvyaM#q}W6^wb*}<##zU zLx}x`2^nI;VFKn)0XHDjf!@^^Lc;W6FEmW+nzb<{NUzB%jU$AIrp{n^e)kMfFO*&n z*E04G7B%?riL(EKTgSkWyQYh&U<|F;#dC0JE{(&&PAjq?LwzJoEPvIm3sih!O2aYP19%f5qE9f%4W zGDF)3ScZ{lwyo7&2pRDU+--!Aa6Ubg%RItOfCZC$!UPLz``zLxr_1#LnmWSBdnsEO zdC&5NkjuP7gbpF4IKAiW-m8Yjbr*O_(F~qXDxO_B8&#%1tEDZ_o@MEVeez_Cqf@2? z|XFLmPC4$pUa^6`!y57Wj>x^J2L9(wefHe(J&8w~VlLr?CDsu$x? z98M#$S-EuCUD{)+V_fPD>DLi5q#}QQeqDU$ip8!TkIcymvshF~&%H)G zPde7&xzrnB+fx@|Yc7be*_;tJ$9z1e&ckymuKWy#=Qy5syUcT}4QY>4dd#n-;(EFw z!d3%bq4RE`&#}GbOZj{o`ED-kJzxD9Kky)n@=wj5q-R=O3-fdH=;|zy;ZtVL zn2|qa4$YUWTD*ehOQ?G06cw}8l;+Pao;DNjF?#5c%JOaL(KGw&$`hQx3zktfj_!K? zHs>j93t=mmrx3l&Q$%*NtN&EK5&w_!?N!fY1K+}Ykmujk^M4@UUiJJR$hW(mzs>oj z&VNJC|EYYt>-j&CFM79Cv^L0Tx#!kjZRnH<_AZ3Af=(iDmm zCux$lv1u~o&;wK%q(G61K@p0e1OX|68n9}8tQrv&v0%}v#Rnm1MdYASE7r%V@9$oF z@0mT5NmJkJy{_;2zV8j({qMcjf8Fa|Yp?TKdr#MfmS)w}(n(vIxi{OaZlB$sH*M%? z->BD%?Yw+Zul*IZJu@D^53yuj4o+k>n9Ii2hJC- z?sNVR#5=e*f4t^%YWCUd!1>ZIHvFGTzxyYn*kN^hmH$D3O{c*cJErfgv7xnNz)&xc zsMBM=L~YH&>g9==s^v@Sm#UXeA=TD~PdcnM#$$}o>|;BnyGII6b9Y;pFR`h$J%Pi# zE*Wg`2Zw6VosjWmiMnesF8Sjs4(l>TbezxW5cLWY?(K&t)qSY`BtnLZbo~)RooR-YLnCnnL-P{wS9AA zTWhnYtDD^zYD!}hwb`Rpvgd3yu(Cgb3bnANCU$nCJl)vYEhgArl22W&&55S&t;6OIo{S&Q zudB_!U{kZ+zvMcQb=|e0(MLSGdh&BsCi+a2G|N5>NNeBTv87#fjU4Mdr*C?%kTf+h zA(P!gbAGmtokq$`>$+{8rpC6mwT(3SgiM(Igtj+f_CL(&x-OpEMY!{*n=5LomSaz% zvbruo$!?x^E=iy7IZyOv@=vx*GjXk~S}CJ{Pwm1wR&eW?3$Vr{6IsI8b>`B#MLKVo z5zAT~Yxt%=>!z~aBKt>5)=nfIR&fx&-gA3>k zW%VlTSX#YAlCKt5*XlIQUEmL}G1%p~bZg1n1(7b#!X7Z#<*90K;v(ARS=J~Q!LGSo zQcvWsc3t+ll2w?2pO$xlnWHe39ixQszY)4$c?%O3y9{G}|ubQ34@x6|T_ zEhqEWYw>yM;-voWwD{vsimlXr7JuqV^7|~l`y}~$EWYO?`TZ8Z{3QANEPlgD@&_z_ z>LmHkSp310UPqIJ^+WeC&aIf2ZY&n@SJ>=k@OccldL;i6G-*XcA zGiH6JeK?scn(W}8OdW7L_$O1QXF2%gCt<(mKjhDI@KYzD-|OI?%ma=%`6uy!%bk4I zTSog^>g1oq1FN<8@~rqFg%h^@61SIM7!XV$C&Q0edJI#-Oah=39zKOLKD$f3zakmct*- ztYi* zSEKOvdC+ko;&#ZVFFilKf&xF8@R(9sUpbFXiE%s7xQp!#`1( z9?HWXmLNw0kLBTe9R9hN@{?G(ZgM|Tp2}}#<>QZ(r}DE|{|R4ygexC^#5`S{pD#M{ z*)--q%}0Y8<8AIafo&8Kn-1#1qfV#TuB znyO`0%j;Jx&b_a!TD)*oO}*ME6K4K4Rxa(du-QVjk;8{_E&pz`CfFNgUJX-Yi-mAD zS`%_>+O0Oq#9Q2D@+~NnV6f4OuaN@;;x5o=>DEgm!Xd&&OOc>hXn|_9^fp?PYK>l> z(kNlA_{4PUbcRNbSOw%@gT!f_^-iBT6*uPh_IU_>Eqmiax6gE?J>jO^Y!YtkJG#0# zu-4Shil06|WyRInyr8kA%i4v9XWm;o@7&9piDM60jzV80>m%%wvy70au3UY!wL0!x zA8Be$%4YY8!|Syzrvmo9#ms2%#No`Gbwn+J7GR{rCnsQ*vV>uu<#ptn>2582h`W_N zS?;z0f^wcubgrzgGZ%fiw#%h#K6G@Fnfy^?=7oHIy|OFUviUAIl}j(yr3uufsdA}F z18s^vLt(Pab4eFl1<5LoYI#RHrPw?(DArJB<^{dyYYc_Y*K0=eeBp@1N7}WYp!f-f zu|$w3Y}!}hw>W-_<4^m^8E5;3{IM^kyv-x8ba<{=XEMF4YwcChxT&SBt+mk(l)kqD zN}03$ByEwXsd6Ff*>?IO(aieWCKl~FnmkqV%7FMU>RGprJ(uo|4o{c(iQBy8E0$Mb zm0nN0*j_~xpUit0((KqxkD#>cGE6XXWNiy8hAkeHurl7-%_|12*EV*WdrOvIV^dR0 zvU|9`hL@+S2bEo2>w4PSWW!2$oh>%A#Ur(dvj&#_ zi$~Pou`%s;0{br>(SE{PetCoI^;y5i+F@fQn}aW`UUzOwTKPjL-fgjV^G5VHx8W=; z8z?Lt9@8q2$oN$`D%-73=(OcI350r^7-3)mSXY={YQvj z7N=X+wKmCyiKxh@!^sgfqj7X!ktZ!qJ-Tk09A{oxE92?>&*PUj|Fg2evdh?GbPp*!9oRiU$``q&B zk%DU4yE^2J%BEtv(mPBV&aocWFiyaer%kb*b6!8|83(eWP8Th0TRuNK{n>sFbFB7e zWPh`aWc!<^8=5vWwy$@z7boC|8F_4U+F|Fq+5Tng%E!xRm-VWkr@OUjV@tQRWb(|i zb>(pK=4&&fnoK*G9bWr6(v$TZorX&BwBjF;b256;?PyN9aK@ExM{_vC9+a6MS@vXc z#GovWqhm-nD5G{VGY|XG~cS1Oxxm857qdl>I zR=G;6m51pFmv+zO*E$ZpZt%$Y9H>riR{xQsC(AFR%h{%yb=+>F?B{E`=GGZAFS7mY z^yKq1+jv`NzWyq&UpkMi=jJFQne+|!%cRfr%PM#Tbe6j;zZ1ll$${+f&dOnPa^ufw z3B>d)8*=<5c#gk5AC_(`oc3FJnQkl`WoLMoklhC7@wcC$vs`55ki+&7IS%_xj^nYV ztG3h5;r^x_{)=f+t;cH~nal2nM)J4wU;Aqla!Z_%%i< zA8HzHrQ9wfqGU9VC^9)_CXA$LR1S))GbQF(CG_fS*}&+crPI7#+tDm@FYPX+iR;?x z<<)ZPo8w*@D=g&Mt+*6-f5pnG5V1U(P>F4z8orhYU0l9guoC06``+8;FSv+T0$VCHVxVd-0G z=@S(Gk_t;NsO?0*w%dwlWu0XwsQp154=8r7jxJd#_aLuesKDZyRV!JW3tVB^r;%`h zIx~MXn)g~S_gXJ_X%+Em)czH9Vn?73H2Ib0{mM#xe+Bs@{(|B!DDewo7ij7eH2rmc z;;!>kc(R74QTs2hUas#!9iQc22kLvvzs~Z%VyS7Lpbig8{B>5k1x-Erxdg7T(l4m_ zq+7>lrT+>m{es%xO8*sB`mZ3}Cf`gycA5EMrN7Qfub>&Pncg}xy?zqPu^*)of4@8k zeUG6w;$F$^<=ktOdxGhELGD*Azx0ab)Q2sNo$b7UqSnzj%fbxblTwS3RY(OdMaX%e zMMx!%OA)C%veLNF?h9?!(mmn8n;#8a@@+`#p^q%`X#>JCbZX`p+r}1$TYHCdx@78d^ozvT)svJ}LQY3I-5uA&y}4r} zXQ7>LSlQZ{<7S_YYi(<5S>Mh5f9G8cW4ogLjBO&x7=$j&-~&AHGn zR_R)s^eJynNB3|TTQZ)brY)WA7;VMSL$}1Ky!NIR&V%AlK4zA^%q6$1yldIo-I6}% z?dUXn+B?>EH@3Dnu5FV?L>Ni+`gYc+Ie1C-;3m)4nYVIgwWmwclI&>jY8mFgp^-r* z$6I>{Z1){3>3dqqt!^_ps*W;NNBOU#d}huBc6K$g#=PX!hmd2Qzi<3TYv#bMaTtM=a^6*z{KMzlgQ+5-z zTZLXf6kpuD;kMN%kh^U6V19Q?hZXmN>dKgh=+#`WpSR$Ynkb4go(ni7sR`PBnf{Q> zf=gSrW!$(~u&{GIp)zjHjKx(BVe0Tsch3fjj}BtRSy$_k0wm8DXU!)sSRvG3v9YJ7 zZLRBCx?4B3Si$GEHGAe!Bs-|ZdL4U&a5|5*Uqz-FAorx0nsMd0d*;p63U!#3dTq3x zXbIAm2_r5YJ>5F(wk230&l5M#<>on6N=Q##7nJHPvj!E#)H+D-w8A zt*%$e7V2tqM@yHqqaJISnDJ9*_u7`m?yl_cE34`_n4J|qO{L12D@=`TGS=GW;S)&m z+9GMw2jr8T>$sF_kKM+Z?GEv`HLh);W6`#*tg2sCo4B;<%EY3Y6%~39PlvJ2q_;FB zJ18(L=JTl_Pa6lX>5uBF>#GtR?5(U`zQl^dOc#gPC0S-`(CpdL$~TXkt%Vt0^i#X- zMQ<7x-9UJ(ip~dbwsdlUUNt6@dVb0lfhXNxNPL~Nvus^Rx%Fgq3c7--#%>PSv$FuB zvqd;|Sw>HDtL%HoYcrJHZdyY0_2?E)=+ax!ayOe+Q+;%MX1<$h_5e5y=eIPaLrDAB z*wej1S~pgwWqYD~Te8IwhB!ML+15z*tZi#;vfr)I?dq`g1ZP}K;hV*>bWbJbneFX{ zmZpte9Kz4CP4l&7&JYrhekaGQ9pvL$$BFJ?@nww66K_`EK0IzJ1Sj{qH*`qF)$wld zthXMrBR|?YFbS@o_jf~{PUt)&25tlv2vEM?l(n9%7f2v8_l;))iis)-;YSJ|T3TaMnh3S6U^l#46WcQI~nbSo_ z=bcp#(V@@uXVof`W!jalCz&KEYSm(=ogsGo%{rgVI2q_! zHAm8DhR>SqTLy|A;pXZ}3fak_>){m_+bONn9wSL!imoItA+Ty{t4s4bTQ+sDFJyiY z&7s#0Z;!F8*Ui)6q`=z4FRj08V|tvT`@Kw5I(~c5v;{ndxJCpwqE=5 zVUkx)-R5&Mv)1Nr>S*p^F)*DvCto(9*_Wgc_po@B(Vt!RGq&4#Eb)r|k$Aaz-PM`& zG^Q=cw%HnErpuym*E+e<#Phn2?tAPEC!2NraMO(rHkm6R^w*l)rC->xdF>9Jx(Bj$ zjCqVQl1SHCiQn0#nq2!OC9}ZUIy1S-yh;xT5*1Z-_0@~3D;CyQi9Pgm_ID5XlA%xLn68V^%MownvXI zB)(i-ayTVz2X#XNTh+-<%d&+lc|S*n4|&4dTx|>C)7@~UIZ@62)&yhng!RskZG)pG zTIERIjU$fA6$!memC%C_+h(iQ+7%j}#A!Zj9$x1*2}d*mJDA!kyJEbnsMF^t4W{yi z6%|#r_2Q>_s5dv8B^N0(Jvv*d%A3sRBrm|)WreRtc+w*nb6(*~EUc{5k3CVpBC%+d z%;nco*d%r{KHL_QjdfKOE0_c|(Ja_y(X*+Q^BLVu8wg`^E0$JOT$-q_URJeYRefSP zivcEIj&jI*hiRT!+N`JB)FhL%rk2*tbomT7<$#2x&-xMr^Lxi!P$zj?X8vn(^)j92 zSq05$o~4g3Kk)9L40##5RxhStu&Kc;TejZFnDhY5j$io8c;jo~5~_o;c0Tkl%q)-T z=G~#+;wKi@EnFh!-O}NBOHI!>8PaX$^+UK+T<=>xV*Ba z%Fbly*89+AZ^`&o4;(FS)xx^^MO6#ymA%qI4x2{n<2BA_!V}{I7-msmX{dU6I!tc= zVCt5MMBR!Ca>tR>tT6HtsH~{ie3L9CW5r@B)n$&X%?f9Y)MbRus5sf#x>>(_DjTFZ zx*U1t=yNE%osFHmGj1IyGUKn~^ig8bmG$O(ch&(LNgC1Rd-j^Ycwu#oej(4nm!>1# zLYul-8#XJE)pqhQFI!b5hYXuKIySbpWQwAbpQp)Hdi=Y#rF%;YFY!vnU@aYMENpCO+{|m(S;KN2*2;)<-Zj!V`n&rjq91_B+b@=u_J4s zB+hL4?7XnzN*5rR&~7tFIV1Myt^Ve$zSKHYmajQdy5_OQYYvjvGfwSfw#rbXds9-U zoxB!XtV)(u(#$Y48|e(~}Yo~&?aO}kjGF_${hOYlT#@yr2~{q2EFAD!uM#Wp)T)4YyN zn`kbzj)eUYCv-ae)2sc?d5PA=@F5|4e-3`Kr!&c}f~jvw)$*!3hQ)e0Y8e-G)eHGT zf~{M|-S$$Yoeq|vBug@!ob_lOubCxjj&<6G5}p~Ir+FAiyvv>Oc6av3vX^Ni>t$J$ z0e9Uju@svbfmvK@jJmONt$tUXIMT&a-0UNuG+8{$b}A8T`tw-5@7~y5#(Jj7A2xJU z&ams50P{66J*U+C3QqnnTF3~oqP~v2b8=<%!OAy^zV6Ht71gy%sjDmN^=u@YziA_{ z>|f)V$I6E6pV(%ZcA3Lanad;?EF~7!ELp*_;8M1w%s8#Ba_Pd%{I=3#g>w#0wT%`( z+eRlVTW@ExX&ZUZ7>>oy&P`qEJad#wr*5)Uj+yJdATzIY7G>Eh99hELM!xE=a+uGZ z{HkAVW$7?}*T$AD>3prMUc#UxQL&JOR$2qjm3;f(`~ZAE_7QdTzQY zlcz03MRp6}w$iH8GBWOvMJ$;<*!Eas+;sQlrz0wQk=*=z@X|B~> zi#<93_T|QrJ%Y*DPnjT>bE1psU+l|HPfjGZeRe{uL(3WcnW;}YkA!O< z2)C1yPRsJDE9}WK^Ak3t>$AdH!=2%Iu$4m)!7+XDorEs{sFZYVlf zO9~{?3!n0OP3Boy^VsxYLhH_#hdpiGtx1^+u5Y4$)~D{NE~eeXr)`Sw(8!|oX1~W; z)3sJ3#U34p)h}i5Y0Dfuy_96~^gzsn%)#*4#o+9Oj z(+gjYF!`oQ!@{uFPrQ!4#*EJln^W#HZH~t=6Swll8O~}V9Q-5+*O6rG%Tv(EXGa)0 zpqa@iiEZ>@k0(?3!gn0?6#jKv?eUnY9Zb7j)iS9~t zvwhnwpES~8^~PML-O^!X?Q^6+cG}I-mOt&*99yObGL(`WPq$bsjmT4yNpTNPK+1tm zqf?(FUzlNvip+d5A3sl?=p}OI4U!aT+H^dNSg_$6OG{TUXCU9K<}&?>CzB%uOO`IJ z!D3Cdth&JGJu7JhJseiB_2~g&rJNXY_*~e#xr=Ny zm0A3S%XNVg{aN806(l|H@MNjcY0>f0{_F7VZR|U-jv?>HZ6QmUQLbxcD#wP1RrV8l zQ6ym%Tlpy;i8tBEB+pY@x0nz-GUvcw+p1S+^F2L&zsR{~RdV9aF}5aL zC%YW>%A@)0tjA%m5Z0}#VdTk~tz;wH?vBZb)@_gT%~vlIEA^MB;Og@T>3w^BV!|A9 zSzQe2mGDh%EE;pI`PQPJ*2_D`x`H^CbT|#BTfhw0+3r}j(<0I=WR)lfpQ0#jX^suu zopKz`VFM31ryj^KJ>N5P=yq;zIU+Il#B`d_v25X`9C4^yv6!_<8SFBtb?jYca@Xd! zGXfzCws0lGtiDI@eK_@7b&%6kiS*$JD~vTp zY#JVh_nB!l^pQ2kVF7FSnqD5xvd5lJJNTqp*VV2@N1B=I>%`inz`;+GZToY$iG?ed z>oYp~9CG${U)q-3Fsy;_RY_?ct@F!r;7L}1>`CLuwppR9aOTE^Rn^U1FsGfh=4$(; z(wJDwySdZDEE_X?Gg(#`UBhMh&{<9-O%A?JjDw$k*Vkze&zNT}Csw+*CFFP*3Nt&` zY^1Y<=4ei`Y~$=yCc3O}(wb8YI^e}qFN0go| zoI~Qy-V^6Z2*wQc1D0LiGUrn!JwG*D)qb)iP zIh|vDAd>YEvx?{i4NQ`AmZD$U&Gc${<|IRx-Es(rvviE`%(dG5qbt&#{@FAcTIt!D zx$vK-9~rLC9$ne%;riejhqzd9x3>E2wtINk?2(opWHsq+1SuRcvd}vox#KQVk8_NW zJ6a}9viC0?L!SM6XNAnJo!I}$$a4RyNuav7{tR#ntp$*}+(ha(em+eRH`)uNi}iUccmI!N9y_Trwz zW1W96>jUcw0g8@HCT0E9F-XzR%H}3nH11BUOImrJ6~=1w^;(EiKjR3WvxAp43_C7I zJn1ga4r`7^&4KesVeGT_W*Bn`FxNI`99EIkY04cBIpfGWXQ($Q&36bS9tpROw#3QL zOswqPakJdW(tWy}bfi18*OGY$z}9V#ot*k}2d6f-6GNQ5%=;1c#+PY_*lZP_9De2; zl_Q_h`IB#aMtm~;l2Z>dwrg%#*T_niN1W|p*|6~DdVE5kVG!a-`6YJRV>RKOU`<&+ zhb?CMo$Z4?k+ip!OURa>HAv zIqk!<*v3f3$3~bOYs=TAThGE#Qy6YK-&E4!t-Ucb&f#w^nH>GWZP{Js#RaDL)&{d3 zCe!+6?e!-X%gY=5T0r`smzkgGiL~_7vQer>jg2z)%&g6s?;jBZKkgvkleg}D3`7`} zo9`%{O-0gculmOcwr|%Tf)6YxWzAu8YX?6~WzN_cK$}1GAv8=-qlPobKEuLE*xvVy zaStNAdiB5mNBHuu6uMn#s9RaNa&2UD`-cDCy!?~v3x830#+iQ?_omnyx(yBwwLh&t?A%p6y@t7Vz~9`)Z@71{+_Wv=zbM(PR~(coLzjsC_rnVc z?aM6um-SuSgBIHNU!QA!n{WrX8?oIFJ9xi8uh4xQ5rww@0f)c1UvPfr8;7TS_&a(X z^xUTkm8A6p{Bt_;`d127?>7q7(Qg;3zEcX7`;G!N*ioPcK3Jgo{RPSsC{XU}3sf>x zpoVbw78R%lq!;POeW<8VHN*>8+#!tMP@(dcg8X^P;Qz2d^&#q6u73m{sXb7jQqOUX zsDogtKpnghIm-1hM8ctO@XN&U6}Vpmk%n??SxDTAhzsefz^@7$yU@9maF>|zO5E;C zGuI7V_re(xw;J>;;~McSH#vi0a0O{ZYHJu<@saN6HW3 z_cP*0ygx^8gQ;Vn&ZYVnyVSv@$c3bv5;0`(J>>g&B$sjje(*)YyopYJILST6EQ@ZQ zwTHaxBM*AX7w=u91*sLp&;INGFn-uP0M>#-VKZJ2&p(L_^2~?ix$}3h1RLSWp9ik| z4f0I9;yXJ8qD( zUPih}yZn_)n#mve8zf)Ltvr_dgIo_tUcv9jZ;15tNnY_RljM7fdh0F6o$ylD)n%4W z3q{9Bf90Y#-yiXKF2@eA7moKQE;T@Y_Y?QP-5_Pi^C)Fd>eyF!Hn{bEm}{Pge%|o< zxh}`84|F5)yaxn%UcHEvkMb+b)gyhtDZ1Nb#? zt!^Q{o4E%)=u%d`4N*sHDK}oq&484liL_hOkV%vwZ~*a4FI44VAEI#gh#w+<1Mtha zc7p?x3)MmD$j~@sJUYhWMp*glgEK&xmUNaA*TEgwLwufcY;pXhuErjDKKR*xUfQta ze1!D$OTFRRjd&&B!CKsF(HnTGP?aF7k!EBo(u+KRd=+^bc@g;oQuy6MH5>6GHOSS- z^~eLrKI8!MGV*6+!qbK7eB=^j4RQ@~Gjbo&k9;2)MBYZme6LVVN9G|F$or8_r~fl*HIO6?Nz^1Q`IzehHH-N-L6?K zw|YZ;RNbz|xz2P=aBXm{b)D zi*LIQs#Dcz){hasTb-e1t6!-z)m+zm)Jj*Y>kjpZGF&&QThv*~qs~^VT%S-ktDWjH z*Cnp^s&mvg)IK#w%~j{B^VAitzo>cYe071kP|a7{)dF>qYH(ewnp}TUpX3Ah0Tot7 z>O*RpYq~3mF6EKBX4A z;;vHHBG-D?LRG1bs48`zTCA3+choWURkc)At4q|SszxnS%T>iNP-o$J%;a^-T}uO_-Kbe->dQ}yxvmDTD>wO{#NK3Bl?fGTs9yWXd+ay7dC zOHFZoUHw5_tzK21Rqs~`wZiqVYEX@8t!h%uszt3+>(vI;sy?7Da6PELqBg2cs$F%c zq`F3RsxH;7dQ{XEam8HquB%;_yB<@Is?V#kAh!pS!6TI0_L8xwWDu2X5U$} zOv|yVt}dZBeq{AQ7KYl_cd6Q{WqRd3>-B`RqkKI<*!DYs;-S|qMsUsL>vh7$wx-0w zgms9Kg+uF=23FXt6zFegkYxGoX8DP*48u-9HUopK(+SNjT}_?x7A#9YVyETI(d&eM zRWrwp+{|%F?>;y}+Ur4@dV)g~X@7}s_#ulfGcHjegiK7FVX)Uv*YU=TNpm>rMOCdF zM>!Q`2wU**?f|0CF&y+b`%aTStCj`t<4J6vNfSUa_FSvCiRCeDzt3PBDc1$>qyvX z%<^H|nEXvw52rTkm_QcYT1m^R%JO3+q+1^<)R`@*u$SND_>mofu1l7O-b~W_P)8r&fc`MJV9MHbUtPBChaac;mEVJyQMGJOLhhFsS@{ms>D6Ns;rbi^V!u` z>KNrhLh2`)T@=#JBjvFs=$-TIf}-8?mm!B&ZW+q;vQFOExvstS3y7HpB`eFM*2?>d z_S4Prw03MrdRNyLYN7K1bti`T$^v<3R(Tc!Y?_rLasVt-Mud=C3B)bkLRxiPx&ddZ z^4A3kDL-gBtYnLaylq7@z)>b1o}4GmO;3i(uyTXy2g~=+h6Sc`)Gvh$ z^N>fJ)sSl=vBLHkIkI#CU?+0~mgB&d)70EXOyXqOS{^9TvU=T}%rcY%`-$ca`Qs2j zIs8AeFUR*s@YL^GISn(Dlohv?%IpSItjz2jrTN*;<_?XmKF3e*z&QP~HfXXmX88

lj3iUsii* ztJXCl*Dl+UtqU^(YtK59pUzEeiN^fqmnIJ%c8zj8U595>CJ)!@8iyTW*Bm)JLa)%( zWDUX1=yF{dsB-zYAF1ZBpqXmB@ym<~ho8ZfXv|Z@`pTNGnAh2J z5$$G=8?z4Zi4Sj)Ym-4aRhAwKn!C|*M4KrGTbS(g@~b17ntm9%P-pre`YZESM65&i zc=IFd=IJ&aP{uhDC!>+{y`vsx+;T=663*NMG`nGaKYZk&oqIaz25fppqwSnI*FMaT z6!W9t_N+vd+2a6bO%ZqVz_z4B-#JFaj{AiCQUI^_t*GO$9mB8IW^-(8QL^i=IC9*> zR%vfdrX7Y49wdacCuX_TEm)eJc6YXl=>Wr&Q>Eo|6>=KiHo)1s<#jXX*nG|IP)Gfs{q+b_)Mu2BX(=@wTsnZuKGFP`m`&}V{eTXGAW`F_W+@{=|7 z(E1n=EKi#z!x6JC+kW(JG=}Rk2@;ApW?MzaZd;!ztg;kfP3Ubitxngj>gkAwb;c6E z<)~kz$Wg$?KPQx&!Ly3+7Uv_76Gal7GY3+mn>d`j-mai__hX$(VlrnnM){7NiW2Rv zYeITmLY(a$M4w(12m3>ca;=XGniuJ|LR*wM5Ym!pT)S3w>M4%GcEhLY4>@ciRm_5)j9%K|$3 z?5eDtvdTxkQNFP9jqq*v;iG%oXV}PId!$G8a%VOU>GC*QO!5IEXPa_Arz|sIvw)`bMz~l{dofA zi!0y^lpB+|P@TI}ZM$0L*tgk6ny&sFGi}$bpt+`+r0i@l-LisZ$CvxHyWB7K(CuQ3 z9!z%0aaHody6I>C$o|_o$ax@dp)x@GZ^o;I>dp{*vJT$6e}g}~e1E0CX8#WP0CFwz z5#%$-KID1i2=XuFB1Hc7bL!wLND$%E@~JmmDs>!u8995JN-dtKQm0H(skxI?Y6^bu zMK}wUx`Cq;e@3pvwA;bYj9009kdJY{h;VOwJ!t=sQif>+~BKVz$JVLn7bN^BNdPP6iyqc5Zuw3eHRH@=g!~ZsZ{(lYSB(A(5d#kUb}5DYh4?zKwZXpzc?$Ue;b#!{3jE%W-yPuJzGM9M23hn@B!2JQ&AL4ou@_DYej8&x-E=VZALZ`?+*|^@@{lr z4nBe`L4JpDyeG9CDMa5FN#8r@tcF*K-_=~#VBf#d`x1Un;5G@rJK*0zyw~Br1=)r? zN1i+eCy9F}(t%uq+(LT4iJt4w6XU)ZISX3{v3Wn?{(!EV$nSUIeg^Uu_p`vU`2A7* zu_ND{dj=|lD*1IV+;VdOPr2r;Cc2H&Aicmo+kevTYKzJ=^X zK9BSvcOetu%3n=2pRTlbnAPiJ60&p<4yxD2Zfe=ol;jQ7H{^=J7w1~#O7@u4K35{q z+OakvZ#FA+-Pm<{k!_udk7H50U4j*xSDTXRse;5hOR2h8T$?uVF6ib0S(Ip}d4B1X z#sf@@z@Cg!j}r^dtJ>ui7|z01@ufO* zpZ77-ryfnbuF&05+u0!>u~T;zGEL({5o1nC^t9`%i_o00;ERM~vz{M55;J3C64uo& z(Z`|Yc0KnuXFxI!@8S}3`85xvt|d>j0s56y7VCnt*1CyZ=SiomZ0W9Hf4a*2+-7aT zlC1kph1Fe_g&m!X`5^&bkg8?u%)*j7+f^lR;kMMucl^o6f2m6SZi#)rp0Jfxw%B17 zjJd3*rE^;?KXxJ?{^yrPDtN72LQj;KE6l|yE5_<(HPzu-zd&k6>gKkqj zrD|apPqIa>INMTbehb?q*O(s@tson_)TMlVt*XX4^PtP<{}=ypk*LAAK09A1*CHMZ zdHDbkhf<^~=Hh6X|!uM`xNZHrjk=dLvf6 z9{3YR;GYdg(kon>KOa7N()w-Pf;SME@RMBAw(Gw*{7LZ1Q%-GV(klF1dn7$4u2|q;hl^rG;*e`D=URUc?TQ&z@QEPaT1OHerXAANZ#^ z__pqm?5TwRE{iW^NW`|uX-~>>uZKTt1pY!eVvle|L{9_!(;a+Ux7d?Ue>ePhkH9~h zFuCd70sjmKf3)=OhJP`9u|uRBvBTKUD}|eg{5=HU3t#d@%1}9SBK|)3d=w;IK2OA# z_z%GMTlS0I(fEV#0~UWY`^En#eCE@-yh$2H(?6!H(9Jv|oj)nUL~n04*N&rPcAQXS2*lH5nu9i z4*W`o{iE^Y@T)AogddGx51-#!NSB|{_#5D_cjzxCijnePqEEr!0N;MTsXTm%Qwy*g zek*)u{mRvE^Ceh6{0~_6NSG9IBK|Y*nbhd?O8C+EgYcPlr1PgdkABf1BKnTPXT2@W z7xxp{Gk#&A8xDu(A&LSr%I@oL;I>j6#oYoAeB4dGgc*e&f&XEfj}DI+L`Ns%=W?x_ z3;ys{HSlk=`RMoHMie9Ro8j+(FJVQ5$p2by0Cjtk_T+tO_&329os!Pc_`BfW3}1AP z#+PUwf`1EqI}cB!U-+nAUUos~JUBcM;vyf|Ndm`~4 zg@2oaZ*v9h_BP4&9z^()7Ztj9Ir!zc*1~5Q-odwZ z3)=QO)4LP?1P8y|VUNvE;U*&X_rag&;ETH*hs}4UcOU#o@ICNO=J_6gKiR<_Exm*A zr#SewEhDA(82qUYet91IQ@DvpdM8)0zTx1DyB$Zq^m^dC;R{c~dk~wS@A(GdPj~P~ zOYc(nGaP(d_ekk&fIrj0FL&5u+n>TsMC{!P-*E87-HyZNYa(Rf_rgEb;*0Gb2R~nW z`{1AE;E$Hxe)#Wl@NHX0O7GL~XF2%g4ts3-Q@DwU{fFV7?%<2N9f!?#ruQxQ?}o3$ zaKz?ndvKEW$63F|EM|Sf;!Av^@jdWoTYM*XB>i#tXFBXDcf@f6*SYOsE&TU5>=})} z0sdJIdq(4@;CmeQq_DwGhi#8DKktNpw!@y$_>aSXufv|v_)o(>2fpyiEs=Ie9-lnl z6xOA<7Ln&O2!D=)FYX@1=I4%2j>De|zZ{O}wbAD1>Yufw(0#6hpCXJ0vH7|BgYeI@ z>~X;>M^0pa4g7fyehR(^8A*RL{PW=p=Va{P4*voNKSekRJCgo8;a_OkQw~oe5w!Wa z`Lh@Pd?(+N&CkuBL+}^C7oB4NX!?)BzsSk=oLIlHl=Vi-9?AdF^n2k`=hE%JWKKE3 z?DXc^UjyFYg}onlxl{MMwC(at%8>%(LH;QO`#?$81K=s(XThwo|2__3kEfz-cUh2y53Rd)S`RpvLnQXu9I`}?<< zwZq&;bhunUiV?kSk3GaEWi+1%N8D|$jW(Chbp5-0b)owT^1&A2*w+%!gOnrkmy&;Y zhT}-!(>L%;Ufsli+@k^DD*?&N>fY*Zi!0W&x;8ld5d~2b54HyBh2Aje6gS)^ka37ce2f+q#&PNK} zjbH<~9X*eOoTV||0zU-Kzpc=HJ=g&9Jd9o74d4Or!=T!w*XxYg;12F zcni26+zGw~vVLXE`lw!)GHOBAn+y&Fx_=G!gS)^(;1$?4{&u}yWW>P$_ub&_`0oWj z1|9)>LE~fW)8JnN-ogEL@Z;cq@Dt#DA7q?~zq_~4eJA(z;3vUd;Bwptzz}#8ECJ`- z!M*^v8e9bK0xQ6$!7z9nTnlC`mEb5O^v2 z4}ky0{c-Rc;QY@Nx-Y@K0o>31e(;;%QSe)!=l(+Xx4|{w0Js}m34hIp*mnVkxc?6B zkv`fl?vvnC+}{a)7knCg8ax7i51jl!p?fvFO7MJe2e<^>4}Ks2W8iNXTW{n55Xhgv!L-{q5DT*96SIf!RNq!@OkhM_+!xhP@(%3a49$lc7v~id%%O> zA@Buo%)^E5pMXK|r{D%Kf*pO}A?^=@KLf{quF(B+Fb-aTe;c?$cwjAf7`zNL9w~JH z0$vSxIrm$^!`$x$Uj$zVe+hc_6uPg(e>FH0>;+E+_k;h9|1od__mdwjbic%XE!fKa zZtw%(VUTmV#+=X7Pk?RUui*8AoM|*(0vCd_9%FwHTn(0kDR4fxAAA}95IAED<^6HK zW66=gTJTivcY+4EA3P0w3mgl2zCeEl)`IT>Q{Z&4ALQJraTuJ*{rE2yx{siLDfnA( zC-|D!2QDD~!{9~W_%9J241yPf-Qe%wJr16Zo+IG9L8HIW{ZI7QfM;;O6PyF?153dn z@M3WO6Ffh#4dl$K(Fa}xz6Ab@@Uxzzz2d$GTm&Y;_kji$rgOLx@AA=jfPvd_d_cVMZX$odIQSPZ2_6OafPV!Kf(GG_g70uY>*hlD-@piX z3~U4c4(dsg@Sk8k_%Co5_-}CE)}v$cljR>mD*4LAne3bGz#^nqi+1K>Dt{6|=?1ebyn zz&pWC@DRv(ZDZDLtRIR$I2q*dx_b(^2UPZ7`B>v9`c!hF5h0wa9c%0mY#3_{2qwoG zu5#u`b%hH1ub!Q>3%b&b=E@w>Pmm}vwBQ`3w!g1ys>9fEz+jDErXX~rSJ zfoaB=kAerM89~9pX-1o1?+jzNpnInAwBXP*V@OcVFg&*lx{X>vx7)Z+(Bn1^3VJzO z^f9p9ZOj*}bsK908{i2h-Nqrol-n2*>~$N#Ua-$?bPM*ojXuEvw{cjocdX&QL;S}Y zm4f|ajc&n#u|~h(!Li2cf`em?*&hdo#v1j4YMjAgb?h5w?9uL1jh6&H#u*O@_K!0L1P8_$ zLxS#UhMVz$>YHj*3LYG1Y!DonYV-;Yjx+WO4iS%_8gCpGOwBOnFkVo-Q;m8-_jqHw zpl7_XUr^07jtY9m8y?09s(ie$TCjGCkfm&vMsR4lu~pDJ!Pq0%&+`#1pJ0q(oSSnx87HXnnMRGEnrQ40 zbWb$)2p*hb91ojpKqT%He~86ODSo+L^{~!QP3+GlB=*#xX(93}fCyf>VtK!Tu@6 zPQkv3#(u%tsm73YpJ>c}nEQc=#!`(_jO~I4CmQ<%2PYasfX;|b6`-KZ5Dm~8A6JUH1H5FDIr z92Xp#Yy_VK)fA&yaB#Y@OVB;Vct+4O-I)Ak!6`L*dyqr+};3|Pd8?L z7#x^xtP%81F?I-+PciljT7S!5EC0q5r+=GaxcMjR7q;L3#s9zMfJ;fim}MqbD_DLFIcwnHOuvAYgKK0?XsG?b$s1Yso9$2 zRY9zeB0;rQ(xI;9i=Qr40cVp+sz&(Ru%?kaR@C^bR~xwUU|kaAdyD*6!+kArb?_C< z7QU<5&6h(x@Vfag$+tl-=D#iazl-3Q;dp%(i{!o&`!3eHFIVp(Zrj#MbakOk(vU<` zE8KR?%Z+;_aW%qgQO(3#19L5R;<8QiFH++idM}43U-r!C^I?Y<@nMnt`T1(AOXpR$ z=C-4&&5;YH?Jc-&<9n!n9cB^V19g!rV(ogw3}dH7?#vv_4SNwbw^{KnW$M9K-qF#4 zYmd&!lgayf_#NojNW9(Jeo1e(p4?RDrg^ffn=mz`cfC%nlz=4ZGt(o_Qt48W?dIWY zs2=hy%6}0`j-Pz=st|4`S57X1IXot()(~24{T}Lx*waL)g*-10Uw!Q$pQMCKiL1wN z6L^XCTZ#|A_XML|-!Ihp>~W;13$B!!F8!1@^KUauIrk{_=W_C)GhG@pHAksAdWWMP zU#TBbjvKSe=Y%o+QZ4`Q-~XF)fCj$-`^S5ydwt$!@Ati%eIN8a5jYl@AM^%;!ALM3 zEDu%&mj-KswZZz}>%l(-+e04MJ*lF6lqOHu5Rwp6KWybpU1dN1*H`dt2}{2vK?H}FEBIQY-tg3#{p#G>Uzn~FYL z^z)+UB8MW^#$Jn!DIQ-ux!7H76wfN2UF<2IQ#`Nunc^3U+v0P}HkL^PUW?8$Z>#Ue zzFYmr{RP2uf>(y#2u%)uFTALzz34MV(a1+5dm`V6Tok<{S{Pdv`)zD&@!sOo;!W|_ z;>Y9Xmh_f9Rq|%Z*UG*l9ZWfA;(&JVC$Q1&EAqAYZuI>by~hJff;R;34-N(Y7Ca|( zLFiC)L2Pbueeq+(u6TF6tK{L5FO{^E-c$NW>Aun*mNu7trc4ZLM%Mywt+(F0+PlWv zK(2nqd&oP_ca`rNU$5^+KA-NB#UGFN$M?qf#rMYt;!nq)i64j` zj30_0j=vNij30@=9)BzTkCN%7TS_ODJz4f!vA2Pr8v&+yOS}_(LEjp*zU73LgwlFS@BH9I207ANh22Fm`&pGX7$G zd`U@3s^o!^$4hI=eo{tbsGrxF1KdxN*n z``y58!Iy(yjl2;}#Qr<>#o|8{$KzMUKN5d`$!#V7RdQPCM@pYAb(LLN_VuzCC2X(x zti!$!`S%8{4gNj&zRm_fM43!)$ zIaYGKM3s&y9bY=R)Lm+no>As2`>yEgGxuhvdf(^0&ijb>1@AHMS-zdV1HNDR&Ix=d zaC-2C;GcsRhCUg3EOdMLQ1~}tSJ9`6-Y%LH*%5gx@)OGXwCMYyw?)s4Z7ja4`0K@i z_{}`KSL5!IMI|?te7@xElCw&$DSf+iR@p^mYs&5~dqLvtH_Jr5_gZhS_gh}&^ZUAd z5Brk-oBcoVzv1@>x`Vre1Ht3Lb3@mKKNUWsC|I<#Xid@fqI-(IT{Kj5N%Z09q3G9Q zzlwQ^Un@Q}ei6@YR>}O550<=B;w$}9>1K&zz|5!TeIfsc(0W?nn!q0e^}!p1&jn8j z6^9x^JE^hFMc*hoFY;>S;pptx>e%Mkmt)I|cN9;h6kZkI9Dgi6rsR|4;NjBK%hW;h zeZwW*Tf9H_R{J*jUiNMCe<<)+U}fmh(Eo%Mg&zw4DpC-g5Ur1{j;@I|M4O{y#g0Mt zF@axt3w#quFZ}so>Kj(kbe@0+k;G2OXfxiZh(1yGf8VVf^9iw!q@R;!U z@Z_*NY=mcpXNNuEIpKNX`C)H37>Hz(L+UhiXJcOFWOtQuV{bK zK+)4h<&hTBa zYF%&q&iL;5eeu5dL-9RQ2TR^t`o7Y4Ng9UCIuP=n>Yo&t9(*(y3+)emH#Cw}HR0ND zeRy^FAK{9kWktP3?#Qah=OaIgY>Le$)^C>nLv+&9&g0*szGD9-e{Ya+4t^wfZ}32H zQs~Ce`--;~-(LJP>dzRS-<9!A@f+fI#}||=EUBaH?~ph>E4N zW&f}J^Mkv>bBop$oe^0Y`E=xKk)KBvMn4_>X-pNLU%bBfn&K}}u8ZQqlKV^kR#H^< z811c#FV8Er*5Bsu^MBs|%fN%dABTP(8vd-V3lD^!4ZjqAExeIu@wdq0=<;Y!^n=ko z(f;VOl;H`n>9Liut74bYPN1;drQ3xk!Y_o!7A=pw5P36lSF|tsM)b$AN3r5t#ZMRi zwD`s1*Gc0)iwonk;`8HG@qfj~mAyjXL>L62E3Pf8@<J`ny@_^t5&gnt)(DXx+(#zj# zExIXsZ|wDWdFg9qe0hUk9Z>2{?~~r~zD2&T`VRTL{#t*%f3<&&zrlYU?f*CYKlT6C zKQnM{pfS)N$nIlT2iF7}g3ZAV!M0$MXTCMKJ(vpa2<{B-3ibx?q^-Cw*cY4_S{8aK z^zYEYa3r!fvM;hfG7xz>a#ie%_y$|{L>-(JVP2byrGf3CH*lvWr5dKT3!~ekL(!*VKa8n<8PzLw z$R7=Scoe$^X-i%Yycu+b&MUeya$DqR5C*Qs1q< zW4`#|ulRlvb6kpp7cf@1h^_7Wc5M&WWYZ+aB<+Oz@Gwt3%G*ELk08zOCxoWnl(m*UUG@s?Qvts`qSU9Ulf{xA|6*FYU-%0Hfj}&y8GG(eJ9zn9%sp@Ru0>HQIP z=M~D{rM?$^|Mr#n*O6-~aCKmP;Ar68!DoY>P%894MPnj|Bj+*pT3p;%+#LUQ{OM9p z*}gK>z;8=oM}v2#_Zb66`xOzB0a=CwUsZ)Z&t^lC32V zmh35co-xNerA3UFx@bH39W2a=FlsLJ{eqOngRca)gdU)!3x(rFR~EI<+O3P-61y+< zZ0!8vD~mr^{Nv)k6wir=(EOu#pyck7XBY>5pwwITQ%P5EftusucbUC+dUt#8WBmD$ zx6Rk>`-txz--EtAjK+WBd&PIe_c!Jxll(LMXZz3fhy5kA)CuzYgZ>@<+x!pG=Y7fl zRsT2rPy2u5|B3%?|55)x{4)Zl2Rwm_z$Jmzfwi=(*D~V%1TE3jC0k^A~}a z1LJ~IgQwDe2ZFKS!eAY_|NdYL?Rr=6T4okIgC7e%5d2o~7s3At+9hvJXkI8DDi2kL zmWFCVwV~$FhEQ858R`yg4Q=O%KOK4|bRcvvbSQL~_J1&Rb$DBNXZZH;C#Zpc3C}Jn zE!x5;|EopkMk0~w$eKudJfB7W8vkYftLRNX;P3D= zGSw~0{q(F~Wi0SKwf|NBA9zYr0;lnm7BDAT6!=)+Gl2&KkJ7_^i}~mC^lN_&9H-qG z7n~BD89Y6BR&Z|c!k{l$6f6l=1gnE9f~$g81sj9wDdkd?EA;=4ZbN{XX=^&|gFU2)V-J!c)RC!>5PO3eOE+ z81{vW!X@E~aCLY^cvbkSaASCVcvHBGr+$6-rtq$CZ}`se?(lu#K1Sqw!jFgh!+XQ~ z!uuJCJsp0AvCBbbF^3tG4Tg_|UuPUM#2ETm_&7grG^XgIMV~0zUG&YO?-o5%^jCT< zS7cmdZsfv_ff62@ku+t_BLjqOICvD4UN3>y24qA^SxFlv;Hqj=15qijqVlg2Tl zVoc!{r;VC1Yt)U8$O>e>kIL(_X5B1VN3AhfRJJCp$&bvZZl~GtI4zFXS?2hhR>$wO zIRQsBOClFtW=@I^9mn>2cCduaj~59M{n%m%GX3D&SNO<6$3{ z%F?saF_c@CW^gTU;8~h*EKBe!%jeyS93X*SB5#&2BiCIiUn~DWzEQpf<=r9Q4HbVP zKPdkK75CS{j$ zyK<*;ukrwV__^{3jCf3WLU~5{t@4uM4t^@wf*O6nmBF^)>R^bwxjlGZFc!QJf^Nc} zZpEEmjW@jkXZj<2=^k9^K0N6m9O)7K=#wz@`QV?q#r_^Vsn?UFkv^oSdas9m|Ly*+ z0=4(BHXhy>PLP$~&)h7|w=0s2bVpKjAn8aiKDaNEg}bNG-`lx#TrH~;>ZE#1t*BFK zRh`C7%&K*DPHm_z&8;ggtvz8CV8J9xi0c*=xLN;(4;+T}B&8PclQM zW}0N%sCl3Hnwhr-@XdqP5RRe94K`wZ8E^Tby@gl5Xu&gdNViBwYl1rtZ>u?VrwfmMwhVAbR?Z ze1A|4Jrg>UoA`;aLJRS&$fc3(&~+wqEzfTa`FR~}+QnLzwna;6S7^Q34tk=Saj!qt z3ff*8$b-0*!z8oEwKDC|G3{lN(~LGtkJO+&Y1WtMUVXXVs-L3=bVb*6TaW5%^-g^Q zoyumtTi>Rq_3e6}zEjWXyY&J69(_nZK$?D7FX@l!KFAX{kUG!Pv~>_cDGn8 zTEtnxCsv9!u^RU!M7ubTlfID7XOl>Zt)hqSCnIhU{p6Fp*dqqTK61(-p1~0@hOe67 zIaI_eVp_Z|>f%kBfivi1m(s?rpo?8)NJhjkjWtGxv5q$MVx!C0Vx){KXe4&fC*5q^ zMkXvUultRIaP}~ieH_L<3t?Y|uQSl~4WnT+na$=BCT_XeYM#RrS9snwPkXJ|X>KqR z=4N`EZL~Jq>1=kAEqBw`+(TP)z#KLoHcRHCbfr(zl)gw$dYqQ@ggHk$;IwQd&Zu%->@5Y6Wm_{^_Ro^b0EF~?`>$m7S?Zo^qb-Q zHYmRx#_x1;&TeObhIz<2;0!wtlWiY$#+|1ZvelGx+^IPyoH;TUKeG|P>yplpJknBW znY2RkORFRaUuQ~dqz-AF^ds(x{oEAeq>CBpY8wmP z2lEcw2`kf6)09}S~Kc>-+|LHJdIH0((5f9X5BymA0qX!?`8w03x&=^9e zAI}lZp<34|T<$PqXf;mqN|;?{@?Z3-?ya8o2jw@AUSwCIIkeIg6Pa$KvqE@5>+yKXB5@6u%L411m| z%*(O;n!iooy-7!{kMCAnY@gi<1>5WZ91PhSBy6Ys=&)mUCp6q>C*Wby?uLjxb{ZyT z>^`X2Pun#B6$kAhxLCA@A>*iBf{kPLICPw_C*fnoo`R6mb`3_>?Kvpv`nSDt*6D|u zx6wxqI0a`Aa_*<=7`Xw=V@}1HqM@3GqNLJJ{_8c`_seZKWr+=& zCYy4*9HkG5(PYNujqKdI1QbaLDVkzJ-zXcs*eShnQt5`pJxW^XRWdX>S*4#A^EM@|4Y4mhb9d3_9B z`9&OMjF6JNkRXl1C)pB&P-vbFW8L&KA6Xn!)$;P>(mat#+fCj`a#mwbecn%Y@fp^9 z@w3Iu(gRc_FRwq%>zb6^{0oyxo;IYe_=9np;-Pg7A3`y>1z z!+e%9U;5~<=XkX^f85&k1KaxvK2t4ARPwGRd72 zA|d2S0rjAtJ#>~Htx9JSr572Z3vsh2N|J=fNVk494n;@s+g`fm|HkRKU77j$_>a#f zPKFr4FMGKO((JV+Y4bwdX?e1CUGuYB%jzQ}W$!5zj4yDo`xFLFiyB$DF6KzXZqjhe z!q)s$D)-=`G7EdJ0{-b8Zus#>0mv~=jQBsPF!(kXMqt7i>2(q(RAsALXRGAK1$oiG zAMJ(#w+>oHUTEbl%i6Mr;%WW zQc_yVFta(PsX*ITWO_@?Rhb=pg*mPW-r9II2#f=rn51qU1bE z9zw+N)C<(6U=yu4NV43<(T#Y+m9mZDlzwEHZc`+Rzm@e zpgZKDZ}ZW$1xUXp+KZuz1lyGqD$Jmd9Gjv7dMu)p61pp+%nF*R(Rnw}sE4lG7xvRc zg~-5BQeB+vo1|+@(=%qnITTz#TgC7Q+s`pv+a!Hsm7Q&!eXX0O-piiW&yF^PgNsID z>_8J}FhxGjFxNTMSfGL5Vf! z+8|?ja4SBXN&uH);!t7`H-S4z;Y>2HH-{rB;6{p2xP%KSi%Aky6{Xe}RO+Fz@{y$i zI5rbT$8c&1Tv`fRXK-gZ97q9f7s*d0oJbjhSIAB^dZ`91_ux8wIF0~RH_1#fTv!6W zr`}e24$>FUdJ$Jqg85}~QiXSu)S!QZjO4*R_$>c|{!Ls%3<4x@3n`pJhPxq$LnuIk TBDX~8eH=iA|Nr$rasvMV9sp&4 literal 0 HcmV?d00001 diff --git a/blakserv/makefile b/blakserv/makefile index 6f780f0b9f..c64ae7209a 100644 --- a/blakserv/makefile +++ b/blakserv/makefile @@ -111,5 +111,7 @@ $(OUTDIR)\blakserv.exe: $(OBJS) $(OUTDIR)\blakserv.res $(CP) $(BLAKLIBDIR)\libmysql.dll $(BLAKSERVRUNDIR) >nul $(CP) $(BLAKBINDIR)\libcurl.dll $(BLAKSERVRUNDIR) >nul $(CP) $(BLAKBINDIR)\jansson.dll $(BLAKSERVRUNDIR) >nul + $(CP) $(BLAKBINDIR)\libeay32.dll $(BLAKSERVRUNDIR) + $(CP) $(BLAKBINDIR)\ssleay32.dll $(BLAKSERVRUNDIR) !include $(TOPDIR)\rules.mak diff --git a/include/openssl/aes.h b/include/openssl/aes.h new file mode 100644 index 0000000000..031abf01b5 --- /dev/null +++ b/include/openssl/aes.h @@ -0,0 +1,147 @@ +/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_AES_H +#define HEADER_AES_H + +#include + +#ifdef OPENSSL_NO_AES +#error AES is disabled. +#endif + +#include + +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ +#define AES_MAXNR 14 +#define AES_BLOCK_SIZE 16 + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +#ifdef AES_LONG + unsigned long rd_key[4 *(AES_MAXNR + 1)]; +#else + unsigned int rd_key[4 *(AES_MAXNR + 1)]; +#endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_AES_H */ diff --git a/include/openssl/applink.c b/include/openssl/applink.c new file mode 100644 index 0000000000..54a0a64262 --- /dev/null +++ b/include/openssl/applink.c @@ -0,0 +1,94 @@ +#define APPLINK_STDIN 1 +#define APPLINK_STDOUT 2 +#define APPLINK_STDERR 3 +#define APPLINK_FPRINTF 4 +#define APPLINK_FGETS 5 +#define APPLINK_FREAD 6 +#define APPLINK_FWRITE 7 +#define APPLINK_FSETMOD 8 +#define APPLINK_FEOF 9 +#define APPLINK_FCLOSE 10 /* should not be used */ + +#define APPLINK_FOPEN 11 /* solely for completeness */ +#define APPLINK_FSEEK 12 +#define APPLINK_FTELL 13 +#define APPLINK_FFLUSH 14 +#define APPLINK_FERROR 15 +#define APPLINK_CLEARERR 16 +#define APPLINK_FILENO 17 /* to be used with below */ + +#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ +#define APPLINK_READ 19 +#define APPLINK_WRITE 20 +#define APPLINK_LSEEK 21 +#define APPLINK_CLOSE 22 +#define APPLINK_MAX 22 /* always same as last macro */ + +#ifndef APPMACROS_ONLY +#include +#include +#include + +static void *app_stdin(void) { return stdin; } +static void *app_stdout(void) { return stdout; } +static void *app_stderr(void) { return stderr; } +static int app_feof(FILE *fp) { return feof(fp); } +static int app_ferror(FILE *fp) { return ferror(fp); } +static void app_clearerr(FILE *fp) { clearerr(fp); } +static int app_fileno(FILE *fp) { return _fileno(fp); } +static int app_fsetmod(FILE *fp,char mod) +{ return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); } + +#ifdef __cplusplus +extern "C" { +#endif + +__declspec(dllexport) +void ** +#if defined(__BORLANDC__) +__stdcall /* __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. */ +#else +__cdecl +#endif +OPENSSL_Applink(void) +{ static int once=1; + static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX}; + + if (once) + { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; + OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; + OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; + OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; + OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; + OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; + OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; + OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; + OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; + OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; + + OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; + OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; + OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; + OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; + OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; + OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; + OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; + + OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; + OPENSSL_ApplinkTable[APPLINK_READ] = _read; + OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; + OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; + OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; + + once = 0; + } + + return OPENSSL_ApplinkTable; +} + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h new file mode 100644 index 0000000000..3c45d5d03f --- /dev/null +++ b/include/openssl/asn1.h @@ -0,0 +1,1406 @@ +/* crypto/asn1/asn1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_H +#define HEADER_ASN1_H + +#include +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#include + +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 + +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f +#define V_ASN1_PRIMATIVE_TAG 0x1f + +#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +#define V_ASN1_ANY -4 /* used in ASN1 template code */ + +#define V_ASN1_NEG 0x100 /* negative flag */ + +#define V_ASN1_UNDEF -1 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 /**/ +#define V_ASN1_INTEGER 2 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 /**/ +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 /* alias */ +#define V_ASN1_VIDEOTEXSTRING 21 /**/ +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 /**/ +#define V_ASN1_GRAPHICSTRING 25 /**/ +#define V_ASN1_ISO64STRING 26 /**/ +#define V_ASN1_VISIBLESTRING 26 /* alias */ +#define V_ASN1_GENERALSTRING 27 /**/ +#define V_ASN1_UNIVERSALSTRING 28 /**/ +#define V_ASN1_BMPSTRING 30 + +/* For use with d2i_ASN1_type_bytes() */ +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0004 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 +#define B_ASN1_UTCTIME 0x4000 +#define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 + +/* For use with ASN1_mbstring_copy() */ +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) +#define MBSTRING_ASC (MBSTRING_FLAG|1) +#define MBSTRING_BMP (MBSTRING_FLAG|2) +#define MBSTRING_UNIV (MBSTRING_FLAG|4) + +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 + +struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) + +#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ +#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ + +/* We MUST make sure that, except for constness, asn1_ctx_st and + asn1_const_ctx are exactly the same. Fortunately, as soon as + the old ASN1 parsing macros are gone, we can throw this away + as well... */ +typedef struct asn1_ctx_st + { + unsigned char *p;/* work char pointer */ + int eos; /* end of sequence read for indefinite encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + unsigned char *max; /* largest value of p allowed */ + unsigned char *q;/* temporary variable */ + unsigned char **pp;/* variable */ + int line; /* used in error processing */ + } ASN1_CTX; + +typedef struct asn1_const_ctx_st + { + const unsigned char *p;/* work char pointer */ + int eos; /* end of sequence read for indefinite encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + const unsigned char *max; /* largest value of p allowed */ + const unsigned char *q;/* temporary variable */ + const unsigned char **pp;/* variable */ + int line; /* used in error processing */ + } ASN1_const_CTX; + +/* These are used internally in the ASN1_OBJECT to keep track of + * whether the names and data need to be free()ed */ +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ +typedef struct asn1_object_st + { + const char *sn,*ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ + } ASN1_OBJECT; + +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should + * be inserted in the memory buffer + */ +#define ASN1_STRING_FLAG_NDEF 0x010 + +/* This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been + * accessed. The flag will be reset when content has been written to it. + */ + +#define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st + { + int length; + int type; + unsigned char *data; + /* The value of the following field depends on the type being + * held. It is mostly being used for BIT_STRING so if the + * input data has a non-zero 'unused bits' value, it will be + * handled correctly */ + long flags; + }; + +/* ASN1_ENCODING structure: this is used to save the received + * encoding of an ASN1 type. This is useful to get round + * problems with invalid encodings which can break signatures. + */ + +typedef struct ASN1_ENCODING_st + { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ + } ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +#define ASN1_LONG_UNDEF 0x7fffffffL + +#define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DECLARE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 + +/* Declarations for template structures: for full definitions + * see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +#define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +#define I2D_OF(type) int (*)(type *,unsigned char **) +#define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/* The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +#define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +#define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +#define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +#define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +#else + +/* Platforms that can't easily handle shared global variables are declared + * as functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +#define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +#define ASN1_ITEM_ref(iptr) (iptr##_it) + +#define ASN1_ITEM_rptr(ref) (ref##_it()) + +#define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +#endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* These determine which characters to escape: + * RFC2253 special characters, control characters and + * MSB set characters + */ + +#define ASN1_STRFLGS_ESC_2253 1 +#define ASN1_STRFLGS_ESC_CTRL 2 +#define ASN1_STRFLGS_ESC_MSB 4 + + +/* This flag determines how we do escaping: normally + * RC2253 backslash only, set this to use backslash and + * quote. + */ + +#define ASN1_STRFLGS_ESC_QUOTE 8 + + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +#define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +#define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +#define CHARTYPE_LAST_ESC_2253 0x40 + +/* NB the internal flags are safely reused below by flags + * handled at the top level. + */ + +/* If this is set we convert all character strings + * to UTF8 first + */ + +#define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* If this is set we don't attempt to interpret content: + * just assume all strings are 1 byte per character. This + * will produce some pretty odd looking output! + */ + +#define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +#define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* This determines which strings to display and which to + * 'dump' (hex dump of content octets or DER encoding). We can + * only dump non character strings or everything. If we + * don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to + * the usual escaping options. + */ + +#define ASN1_STRFLGS_DUMP_ALL 0x80 +#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* These determine what 'dumping' does, we can dump the + * content octets or the DER encoding: both use the + * RFC2253 #XXXXX notation. + */ + +#define ASN1_STRFLGS_DUMP_DER 0x200 + +/* All the string flags consistent with RFC2253, + * escaping control characters isn't essential in + * RFC2253 but it is advisable anyway. + */ + +#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DECLARE_STACK_OF(ASN1_INTEGER) +DECLARE_ASN1_SET_OF(ASN1_INTEGER) + +DECLARE_STACK_OF(ASN1_GENERALSTRING) + +typedef struct asn1_type_st + { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING * asn1_string; + ASN1_OBJECT * object; + ASN1_INTEGER * integer; + ASN1_ENUMERATED * enumerated; + ASN1_BIT_STRING * bit_string; + ASN1_OCTET_STRING * octet_string; + ASN1_PRINTABLESTRING * printablestring; + ASN1_T61STRING * t61string; + ASN1_IA5STRING * ia5string; + ASN1_GENERALSTRING * generalstring; + ASN1_BMPSTRING * bmpstring; + ASN1_UNIVERSALSTRING * universalstring; + ASN1_UTCTIME * utctime; + ASN1_GENERALIZEDTIME * generalizedtime; + ASN1_VISIBLESTRING * visiblestring; + ASN1_UTF8STRING * utf8string; + /* set and sequence are left complete and still + * contain the set or sequence bytes */ + ASN1_STRING * set; + ASN1_STRING * sequence; + ASN1_VALUE * asn1_value; + } value; + } ASN1_TYPE; + +DECLARE_STACK_OF(ASN1_TYPE) +DECLARE_ASN1_SET_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +typedef struct NETSCAPE_X509_st + { + ASN1_OCTET_STRING *header; + X509 *cert; + } NETSCAPE_X509; + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + + +#define M_ASN1_STRING_length(x) ((x)->length) +#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) +#define M_ASN1_STRING_type(x) ((x)->type) +#define M_ASN1_STRING_data(x) ((x)->data) + +/* Macros for string operations */ +#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ + ASN1_STRING_type_new(V_ASN1_BIT_STRING) +#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) +#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) + +#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ + ASN1_STRING_type_new(V_ASN1_INTEGER) +#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ + ASN1_STRING_type_new(V_ASN1_ENUMERATED) +#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ + ASN1_STRING_type_new(V_ASN1_OCTET_STRING) +#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) +#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) +#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) +#define M_i2d_ASN1_OCTET_STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ + V_ASN1_UNIVERSAL) + +#define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +#define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +#define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +#define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_PRINTABLE) + +#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_DIRECTORYSTRING(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_DIRECTORYSTRING) + +#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +#define M_d2i_DISPLAYTEXT(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_DISPLAYTEXT) + +#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ + (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) + +#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ + ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_T61STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_T61STRING(a,pp,l) \ + (ASN1_T61STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) + +#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ + ASN1_STRING_type_new(V_ASN1_IA5STRING) +#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_IA5STRING_dup(a) \ + (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_i2d_ASN1_IA5STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_IA5STRING(a,pp,l) \ + (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ + B_ASN1_IA5STRING) + +#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ + ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) +#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ + (const ASN1_STRING *)a) + +#define M_ASN1_TIME_new() (ASN1_TIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_GENERALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ + (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) + +#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) +#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ + (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) + +#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ + ASN1_STRING_type_new(V_ASN1_BMPSTRING) +#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_BMPSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ + (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) + +#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ + (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) + +#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ + ASN1_STRING_type_new(V_ASN1_UTF8STRING) +#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_i2d_ASN1_UTF8STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ + V_ASN1_UNIVERSAL) +#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ + (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) + + /* for the is_set parameter to i2d_ASN1_SET */ +#define IS_SEQUENCE 0 +#define IS_SET 1 + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_OBJECT * ASN1_OBJECT_new(void ); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); +ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, + long length); +ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DECLARE_STACK_OF(ASN1_OBJECT) +DECLARE_ASN1_SET_OF(ASN1_OBJECT) + +ASN1_STRING * ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING * ASN1_STRING_type_new(int type ); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* Since this is used to store all sorts of things, via macros, for now, make + its data void * */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(ASN1_STRING *x); +unsigned char * ASN1_STRING_data(ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, + long length); +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, + int length ); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len); + +#ifndef OPENSSL_NO_BIO +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +#endif +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl); + +int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, + long length); +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, + long length); +ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +#if 0 +time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); +#endif + +int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, + int is_set); +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, + const unsigned char **pp, + long length, d2i_of_void *d2i, + void (*free_func)(OPENSSL_BLOCK), int ex_tag, + int ex_class); + +#ifndef OPENSSL_NO_BIO +int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); +int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); +int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); +int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); +#endif +int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn); + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, + long length, int Ptag, int Pclass); +unsigned long ASN1_tag2bit(int tag); +/* type is one or more of the B_ASN1_ values. */ +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp, + long length,int type); + +/* PARSING */ +int asn1_Finish(ASN1_CTX *c); +int asn1_const_Finish(ASN1_const_CTX *c); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p,long len); +int ASN1_const_check_infinite_end(const unsigned char **p,long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +#define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +#define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +#ifndef OPENSSL_NO_FP_API +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); + +#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); + +#define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +#endif + +int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); + +#ifndef OPENSSL_NO_BIO +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); + +#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); + +#define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); +int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); +#endif +const char *ASN1_tag2str(int tag); + +/* Used to load and write netscape format cert */ + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, + unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, + unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, + unsigned char *data, int max_len); + +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK)); +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, + unsigned char **buf, int *len ); +void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); +void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); +ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, + ASN1_OCTET_STRING **oct); + +#define ASN1_pack_string_of(type,obj,i2d,oct) \ + (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ + CHECKED_I2D_OF(type, i2d), \ + oct)) + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); + +ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, + const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, + const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ASN1_strings(void); + +/* Error codes for the ASN1 functions. */ + +/* Function codes. */ +#define ASN1_F_A2D_ASN1_OBJECT 100 +#define ASN1_F_A2I_ASN1_ENUMERATED 101 +#define ASN1_F_A2I_ASN1_INTEGER 102 +#define ASN1_F_A2I_ASN1_STRING 103 +#define ASN1_F_APPEND_EXP 176 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +#define ASN1_F_ASN1_CB 177 +#define ASN1_F_ASN1_CHECK_TLEN 104 +#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 +#define ASN1_F_ASN1_COLLECT 106 +#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +#define ASN1_F_ASN1_D2I_FP 109 +#define ASN1_F_ASN1_D2I_READ_BIO 107 +#define ASN1_F_ASN1_DIGEST 184 +#define ASN1_F_ASN1_DO_ADB 110 +#define ASN1_F_ASN1_DUP 111 +#define ASN1_F_ASN1_ENUMERATED_SET 112 +#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_EX_C2I 204 +#define ASN1_F_ASN1_FIND_END 190 +#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +#define ASN1_F_ASN1_GENERATE_V3 178 +#define ASN1_F_ASN1_GET_OBJECT 114 +#define ASN1_F_ASN1_HEADER_NEW 115 +#define ASN1_F_ASN1_I2D_BIO 116 +#define ASN1_F_ASN1_I2D_FP 117 +#define ASN1_F_ASN1_INTEGER_SET 118 +#define ASN1_F_ASN1_INTEGER_TO_BN 119 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 +#define ASN1_F_ASN1_ITEM_DUP 191 +#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 +#define ASN1_F_ASN1_ITEM_EX_D2I 120 +#define ASN1_F_ASN1_ITEM_I2D_BIO 192 +#define ASN1_F_ASN1_ITEM_I2D_FP 193 +#define ASN1_F_ASN1_ITEM_PACK 198 +#define ASN1_F_ASN1_ITEM_SIGN 195 +#define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +#define ASN1_F_ASN1_ITEM_UNPACK 199 +#define ASN1_F_ASN1_ITEM_VERIFY 197 +#define ASN1_F_ASN1_MBSTRING_NCOPY 122 +#define ASN1_F_ASN1_OBJECT_NEW 123 +#define ASN1_F_ASN1_OUTPUT_DATA 214 +#define ASN1_F_ASN1_PACK_STRING 124 +#define ASN1_F_ASN1_PCTX_NEW 205 +#define ASN1_F_ASN1_PKCS5_PBE_SET 125 +#define ASN1_F_ASN1_SEQ_PACK 126 +#define ASN1_F_ASN1_SEQ_UNPACK 127 +#define ASN1_F_ASN1_SIGN 128 +#define ASN1_F_ASN1_STR2TYPE 179 +#define ASN1_F_ASN1_STRING_SET 186 +#define ASN1_F_ASN1_STRING_TABLE_ADD 129 +#define ASN1_F_ASN1_STRING_TYPE_NEW 130 +#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +#define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +#define ASN1_F_ASN1_TIME_ADJ 217 +#define ASN1_F_ASN1_TIME_SET 175 +#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +#define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_ADJ 218 +#define ASN1_F_ASN1_UTCTIME_SET 187 +#define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_B64_READ_ASN1 209 +#define ASN1_F_B64_WRITE_ASN1 210 +#define ASN1_F_BIO_NEW_NDEF 208 +#define ASN1_F_BITSTR_CB 180 +#define ASN1_F_BN_TO_ASN1_ENUMERATED 138 +#define ASN1_F_BN_TO_ASN1_INTEGER 139 +#define ASN1_F_C2I_ASN1_BIT_STRING 189 +#define ASN1_F_C2I_ASN1_INTEGER 194 +#define ASN1_F_C2I_ASN1_OBJECT 196 +#define ASN1_F_COLLECT_DATA 140 +#define ASN1_F_D2I_ASN1_BIT_STRING 141 +#define ASN1_F_D2I_ASN1_BOOLEAN 142 +#define ASN1_F_D2I_ASN1_BYTES 143 +#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 +#define ASN1_F_D2I_ASN1_HEADER 145 +#define ASN1_F_D2I_ASN1_INTEGER 146 +#define ASN1_F_D2I_ASN1_OBJECT 147 +#define ASN1_F_D2I_ASN1_SET 148 +#define ASN1_F_D2I_ASN1_TYPE_BYTES 149 +#define ASN1_F_D2I_ASN1_UINTEGER 150 +#define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_AUTOPRIVATEKEY 207 +#define ASN1_F_D2I_NETSCAPE_RSA 152 +#define ASN1_F_D2I_NETSCAPE_RSA_2 153 +#define ASN1_F_D2I_PRIVATEKEY 154 +#define ASN1_F_D2I_PUBLICKEY 155 +#define ASN1_F_D2I_RSA_NET 200 +#define ASN1_F_D2I_RSA_NET_2 201 +#define ASN1_F_D2I_X509 156 +#define ASN1_F_D2I_X509_CINF 157 +#define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_BIO_STREAM 211 +#define ASN1_F_I2D_ASN1_SET 188 +#define ASN1_F_I2D_ASN1_TIME 160 +#define ASN1_F_I2D_DSA_PUBKEY 161 +#define ASN1_F_I2D_EC_PUBKEY 181 +#define ASN1_F_I2D_PRIVATEKEY 163 +#define ASN1_F_I2D_PUBLICKEY 164 +#define ASN1_F_I2D_RSA_NET 162 +#define ASN1_F_I2D_RSA_PUBKEY 165 +#define ASN1_F_LONG_C2I 166 +#define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 +#define ASN1_F_PKCS5_PBE2_SET_IV 167 +#define ASN1_F_PKCS5_PBE_SET 202 +#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +#define ASN1_F_PKCS5_PBKDF2_SET 219 +#define ASN1_F_SMIME_READ_ASN1 212 +#define ASN1_F_SMIME_TEXT 213 +#define ASN1_F_X509_CINF_NEW 168 +#define ASN1_F_X509_CRL_ADD0_REVOKED 169 +#define ASN1_F_X509_INFO_NEW 170 +#define ASN1_F_X509_NAME_ENCODE 203 +#define ASN1_F_X509_NAME_EX_D2I 158 +#define ASN1_F_X509_NAME_EX_NEW 171 +#define ASN1_F_X509_NEW 172 +#define ASN1_F_X509_PKEY_NEW 173 + +/* Reason codes. */ +#define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 203 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +#define ASN1_R_AUX_ERROR 100 +#define ASN1_R_BAD_CLASS 101 +#define ASN1_R_BAD_OBJECT_HEADER 102 +#define ASN1_R_BAD_PASSWORD_READ 103 +#define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +#define ASN1_R_BN_LIB 105 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +#define ASN1_R_BUFFER_TOO_SMALL 107 +#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +#define ASN1_R_CONTEXT_NOT_INITIALISED 217 +#define ASN1_R_DATA_IS_WRONG 109 +#define ASN1_R_DECODE_ERROR 110 +#define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEPTH_EXCEEDED 174 +#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +#define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 +#define ASN1_R_ERROR_LOADING_SECTION 172 +#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 +#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +#define ASN1_R_EXPECTING_AN_INTEGER 115 +#define ASN1_R_EXPECTING_AN_OBJECT 116 +#define ASN1_R_EXPECTING_A_BOOLEAN 117 +#define ASN1_R_EXPECTING_A_TIME 118 +#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +#define ASN1_R_FIELD_MISSING 121 +#define ASN1_R_FIRST_NUM_TOO_LARGE 122 +#define ASN1_R_HEADER_TOO_LONG 123 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 +#define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +#define ASN1_R_ILLEGAL_NULL 125 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 +#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +#define ASN1_R_ILLEGAL_TAGGED_ANY 127 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +#define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 205 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 +#define ASN1_R_INVALID_SEPARATOR 131 +#define ASN1_R_INVALID_TIME_FORMAT 132 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +#define ASN1_R_INVALID_UTF8STRING 134 +#define ASN1_R_IV_TOO_LARGE 135 +#define ASN1_R_LENGTH_ERROR 136 +#define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 206 +#define ASN1_R_MIME_PARSE_ERROR 207 +#define ASN1_R_MIME_SIG_PARSE_ERROR 208 +#define ASN1_R_MISSING_EOC 137 +#define ASN1_R_MISSING_SECOND_NUMBER 138 +#define ASN1_R_MISSING_VALUE 189 +#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +#define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 +#define ASN1_R_NON_HEX_CHARACTERS 141 +#define ASN1_R_NOT_ASCII_FORMAT 190 +#define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 209 +#define ASN1_R_NO_DEFAULT_DIGEST 201 +#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +#define ASN1_R_NO_MULTIPART_BOUNDARY 211 +#define ASN1_R_NO_SIG_CONTENT_TYPE 212 +#define ASN1_R_NULL_IS_WRONG_LENGTH 144 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +#define ASN1_R_ODD_NUMBER_OF_CHARS 145 +#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +#define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 213 +#define ASN1_R_STREAMING_NOT_SUPPORTED 202 +#define ASN1_R_STRING_TOO_LONG 151 +#define ASN1_R_STRING_TOO_SHORT 152 +#define ASN1_R_TAG_VALUE_TOO_HIGH 153 +#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +#define ASN1_R_TOO_LONG 155 +#define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 +#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 +#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 +#define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +#define ASN1_R_UNKNOWN_FORMAT 160 +#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 +#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +#define ASN1_R_UNSUPPORTED_CIPHER 165 +#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +#define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +#define ASN1_R_WRONG_TAG 168 +#define ASN1_R_WRONG_TYPE 169 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h new file mode 100644 index 0000000000..87bd0e9e1d --- /dev/null +++ b/include/openssl/asn1_mac.h @@ -0,0 +1,578 @@ +/* crypto/asn1/asn1_mac.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_MAC_H +#define HEADER_ASN1_MAC_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef ASN1_MAC_ERR_LIB +#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 +#endif + +#define ASN1_MAC_H_err(f,r,line) \ + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) + +#define M_ASN1_D2I_vars(a,type,func) \ + ASN1_const_CTX c; \ + type ret=NULL; \ + \ + c.pp=(const unsigned char **)pp; \ + c.q= *(const unsigned char **)pp; \ + c.error=ERR_R_NESTED_ASN1_ERROR; \ + if ((a == NULL) || ((*a) == NULL)) \ + { if ((ret=(type)func()) == NULL) \ + { c.line=__LINE__; goto err; } } \ + else ret=(*a); + +#define M_ASN1_D2I_Init() \ + c.p= *(const unsigned char **)pp; \ + c.max=(length == 0)?0:(c.p+length); + +#define M_ASN1_D2I_Finish_2(a) \ + if (!asn1_const_Finish(&c)) \ + { c.line=__LINE__; goto err; } \ + *(const unsigned char **)pp=c.p; \ + if (a != NULL) (*a)=ret; \ + return(ret); + +#define M_ASN1_D2I_Finish(a,func,e) \ + M_ASN1_D2I_Finish_2(a); \ +err:\ + ASN1_MAC_H_err((e),c.error,c.line); \ + asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ + if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ + return(NULL) + +#define M_ASN1_D2I_start_sequence() \ + if (!asn1_GetSequence(&c,&length)) \ + { c.line=__LINE__; goto err; } +/* Begin reading ASN1 without a surrounding sequence */ +#define M_ASN1_D2I_begin() \ + c.slen = length; + +/* End reading ASN1 with no check on length */ +#define M_ASN1_D2I_Finish_nolen(a, func, e) \ + *pp=c.p; \ + if (a != NULL) (*a)=ret; \ + return(ret); \ +err:\ + ASN1_MAC_H_err((e),c.error,c.line); \ + asn1_add_error(*pp,(int)(c.q- *pp)); \ + if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ + return(NULL) + +#define M_ASN1_D2I_end_sequence() \ + (((c.inf&1) == 0)?(c.slen <= 0): \ + (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) + +/* Don't use this with d2i_ASN1_BOOLEAN() */ +#define M_ASN1_D2I_get(b, func) \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +/* Don't use this with d2i_ASN1_BOOLEAN() */ +#define M_ASN1_D2I_get_x(type,b,func) \ + c.q=c.p; \ + if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +/* use this instead () */ +#define M_ASN1_D2I_get_int(b,func) \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) < 0) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +#define M_ASN1_D2I_get_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get(b,func); \ + } + +#define M_ASN1_D2I_get_int_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get_int(b,func); \ + } + +#define M_ASN1_D2I_get_imp(b,func, type) \ + M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ + c.slen-=(c.p-c.q);\ + M_ASN1_next_prev=_tmp; + +#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ + (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ + { \ + unsigned char _tmp = M_ASN1_next; \ + M_ASN1_D2I_get_imp(b,func, type);\ + } + +#define M_ASN1_D2I_get_set(r,func,free_func) \ + M_ASN1_D2I_get_imp_set(r,func,free_func, \ + V_ASN1_SET,V_ASN1_UNIVERSAL); + +#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ + V_ASN1_SET,V_ASN1_UNIVERSAL); + +#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ + { M_ASN1_D2I_get_set(r,func,free_func); } + +#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ + { M_ASN1_D2I_get_set_type(type,r,func,free_func); } + +#define M_ASN1_I2D_len_SET_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_len_SET(a,f); + +#define M_ASN1_I2D_put_SET_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SET(a,f); + +#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE(a,f); + +#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE_type(type,a,f); + +#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ + if ((c.slen != 0) && \ + (M_ASN1_next == \ + (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ + { \ + M_ASN1_D2I_get_imp_set(b,func,free_func,\ + tag,V_ASN1_CONTEXT_SPECIFIC); \ + } + +#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ + if ((c.slen != 0) && \ + (M_ASN1_next == \ + (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ + { \ + M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ + tag,V_ASN1_CONTEXT_SPECIFIC); \ + } + +#define M_ASN1_D2I_get_seq(r,func,free_func) \ + M_ASN1_D2I_get_imp_set(r,func,free_func,\ + V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); + +#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ + V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) + +#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ + { M_ASN1_D2I_get_seq(r,func,free_func); } + +#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ + { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } + +#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ + M_ASN1_D2I_get_imp_set(r,func,free_func,\ + x,V_ASN1_CONTEXT_SPECIFIC); + +#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ + x,V_ASN1_CONTEXT_SPECIFIC); + +#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ + (void (*)())free_func,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ + free_func,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ + if ((c.slen != 0L) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (func(&(r),&c.p,Tlen) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ + if ((c.slen != 0) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ + (void (*)())free_func, \ + b,V_ASN1_UNIVERSAL) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ + if ((c.slen != 0) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ + free_func,b,V_ASN1_UNIVERSAL) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +/* New macros */ +#define M_ASN1_New_Malloc(ret,type) \ + if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ + { c.line=__LINE__; goto err2; } + +#define M_ASN1_New(arg,func) \ + if (((arg)=func()) == NULL) return(NULL) + +#define M_ASN1_New_Error(a) \ +/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ + return(NULL);*/ \ + err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ + return(NULL) + + +/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, + some macros that use ASN1_const_CTX still insist on writing in the input + stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. + Please? -- Richard Levitte */ +#define M_ASN1_next (*((unsigned char *)(c.p))) +#define M_ASN1_next_prev (*((unsigned char *)(c.q))) + +/*************************************************/ + +#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ + unsigned char *p; \ + if (a == NULL) return(0) + +/* Length Macros */ +#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) +#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) + +#define M_ASN1_I2D_len_SET(a,f) \ + ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); + +#define M_ASN1_I2D_len_SET_type(type,a,f) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ + V_ASN1_UNIVERSAL,IS_SET); + +#define M_ASN1_I2D_len_SEQUENCE(a,f) \ + ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); + +#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ + V_ASN1_UNIVERSAL,IS_SEQUENCE) + +#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_len_SEQUENCE(a,f); + +#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + M_ASN1_I2D_len_SEQUENCE_type(type,a,f); + +#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); + +#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ + if (a != NULL)\ + { \ + v=f(a,NULL); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0))\ + { \ + v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0))\ + { \ + v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_##type##_num(a) != 0))\ + { \ + v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ + V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +/* Put Macros */ +#define M_ASN1_I2D_put(a,f) f(a,&p) + +#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ + if (a != NULL) \ + { \ + unsigned char *q=p; \ + f(a,&p); \ + *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ + } + +#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ + V_ASN1_UNIVERSAL,IS_SET) +#define M_ASN1_I2D_put_SET_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) +#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ + V_ASN1_CONTEXT_SPECIFIC,IS_SET) +#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ + i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) +#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ + V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) + +#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ + V_ASN1_UNIVERSAL,IS_SEQUENCE) + +#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE) + +#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE(a,f); + +#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); } + +#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); } + +#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); } + +#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); } + +#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ + if (a != NULL) \ + { \ + ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ + f(a,&p); \ + } + +#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ + } + +#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ + } + +#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + } + +#define M_ASN1_I2D_seq_total() \ + r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ + if (pp == NULL) return(r); \ + p= *pp; \ + ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) + +#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ + *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ + *(p++)=0x80 + +#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 + +#define M_ASN1_I2D_finish() *pp=p; \ + return(r); + +int asn1_GetSequence(ASN1_const_CTX *c, long *length); +void asn1_add_error(const unsigned char *address,int offset); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h new file mode 100644 index 0000000000..d230e4bf70 --- /dev/null +++ b/include/openssl/asn1t.h @@ -0,0 +1,960 @@ +/* asn1t.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ASN1T_H +#define HEADER_ASN1T_H + +#include +#include +#include + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + + +#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + + +/* Macros for start and end of ASN1_ITEM definition */ + +#define ASN1_ITEM_start(itname) \ + OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + +#define ASN1_ITEM_end(itname) \ + }; + +#else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) + + +/* Macros for start and end of ASN1_ITEM definition */ + +#define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +#define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +#endif + + +/* Macros to aid ASN1 template writing */ + +#define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + + +/* This is a ASN1 type which just embeds a template */ + +/* This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +#define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_ref(tname, cb, lck) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) + +#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + + +/* This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +#define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* used when the structure is combined with the parent */ + +#define ASN1_EX_COMBINE(flags, tag, type) { \ + (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +#define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + +#define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +#else +#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +#endif +/* Plain simple type */ +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) + +/* OPTIONAL simple type */ +#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) + +/* IMPLICIT tagged OPTIONAL simple type */ +#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* Same as above but EXPLICIT */ + +#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* SEQUENCE OF type */ +#define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +#define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +#define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +#define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +#define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +#define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +#else + +#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +#endif + +#define ADB_ENTRY(val, template) {val, template} + +#define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* This is the ASN1 template structure that defines + * a wrapper round the actual type. It determines the + * actual position of the field in the value structure, + * various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { +unsigned long flags; /* Various flags */ +long tag; /* tag, not used if no tagging */ +unsigned long offset; /* Offset of this field in structure */ +#ifndef NO_ASN1_FIELD_NAMES +const char *field_name; /* Field name */ +#endif +ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +#define ASN1_TEMPLATE_item(t) (t->item_ptr) +#define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +#define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +#define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* Special case: this refers to a SET OF that + * will be sorted into DER order when encoded *and* + * the corresponding STACK will be modified to match + * the new order. + */ +#define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +#define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* These flags mean the tag should be taken from the + * tag field. If EXPLICIT then the underlying type + * is used for the inner tag. + */ + +/* IMPLICIT tagging */ +#define ASN1_TFLG_IMPTAG (0x1 << 3) + + +/* EXPLICIT tagging, inner tag from underlying type */ +#define ASN1_TFLG_EXPTAG (0x2 << 3) + +#define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT + +/* context specific EXPLICIT */ +#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT + +/* If tagging is in force these determine the + * type of tag to use. Otherwise the tag is + * determined by the underlying type. These + * values reflect the actual octet format. + */ + +/* Universal tag */ +#define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +#define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +#define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +#define ASN1_TFLG_PRIVATE (0x3<<6) + +#define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* These are for ANY DEFINED BY type. In this case + * the 'item' field points to an ASN1_ADB structure + * which contains a table of values to decode the + * relevant type + */ + +#define ASN1_TFLG_ADB_MASK (0x3<<8) + +#define ASN1_TFLG_ADB_OID (0x1<<8) + +#define ASN1_TFLG_ADB_INT (0x1<<9) + +/* This flag means a parent structure is passed + * instead of the field: this is useful is a + * SEQUENCE is being combined with a CHOICE for + * example. Since this means the structure and + * item name will differ we need to use the + * ASN1_CHOICE_END_name() macro for example. + */ + +#define ASN1_TFLG_COMBINE (0x1<<10) + +/* This flag when present in a SEQUENCE OF, SET OF + * or EXPLICIT causes indefinite length constructed + * encoding to be used if required. + */ + +#define ASN1_TFLG_NDEF (0x1<<11) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { +char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ +long utype; /* underlying type */ +const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ +long tcount; /* Number of templates if SEQUENCE or CHOICE */ +const void *funcs; /* functions that handle this type */ +long size; /* Structure size (usually)*/ +#ifndef NO_ASN1_FIELD_NAMES +const char *sname; /* Structure name */ +#endif +}; + +/* These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * For COMPAT types the funcs field gives a + * set of functions that handle this type, this + * supports the old d2i, i2d convention. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +#define ASN1_ITYPE_PRIMITIVE 0x0 + +#define ASN1_ITYPE_SEQUENCE 0x1 + +#define ASN1_ITYPE_CHOICE 0x2 + +#define ASN1_ITYPE_COMPAT 0x3 + +#define ASN1_ITYPE_EXTERN 0x4 + +#define ASN1_ITYPE_MSTRING 0x5 + +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* Cache for ASN1 tag and length, so we + * don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st{ + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ + +typedef ASN1_VALUE * ASN1_new_func(void); +typedef void ASN1_free_func(ASN1_VALUE *a); +typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); +typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); + +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); + +typedef struct ASN1_COMPAT_FUNCS_st { + ASN1_new_func *asn1_new; + ASN1_free_func *asn1_free; + ASN1_d2i_func *asn1_d2i; + ASN1_i2d_func *asn1_i2d; +} ASN1_COMPAT_FUNCS; + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* This is the ASN1_AUX structure: it handles various + * miscellaneous requirements. For example the use of + * reference counts and an informational callback. + * + * The "informational callback" is called at various + * points during the ASN1 encoding and decoding. It can + * be used to provide minor customisation of the structures + * used. This is most useful where the supplied routines + * *almost* do the right thing but need some extra help + * at a few points. If the callback returns zero then + * it is assumed a fatal error has occurred and the + * main operation should be abandoned. + * + * If major changes in the default behaviour are required + * then an external type is more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +#define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +#define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +#define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_I2D_PRE 6 +#define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement an ASN1_ITEM in terms of old style funcs */ + +#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) + +#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ + static const ASN1_COMPAT_FUNCS sname##_ff = { \ + (ASN1_new_func *)sname##_new, \ + (ASN1_free_func *)sname##_free, \ + (ASN1_d2i_func *)d2i_##sname, \ + (ASN1_i2d_func *)i2d_##sname, \ + }; \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_COMPAT, \ + tag, \ + NULL, \ + 0, \ + &sname##_ff, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +/* This includes evil casts to remove const: they will go away when full + * ASN1 constification is done. + */ +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) + +DECLARE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + +void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); +void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); + +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); + +ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); + +int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h new file mode 100644 index 0000000000..32eba71480 --- /dev/null +++ b/include/openssl/bio.h @@ -0,0 +1,851 @@ +/* crypto/bio/bio.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BIO_H +#define HEADER_BIO_H + +#include + +#ifndef OPENSSL_NO_FP_API +# include +#endif +#include + +#include + +#ifndef OPENSSL_NO_SCTP +# ifndef OPENSSL_SYS_VMS +# include +# else +# include +# endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* These are the 'types' of BIOs */ +#define BIO_TYPE_NONE 0 +#define BIO_TYPE_MEM (1|0x0400) +#define BIO_TYPE_FILE (2|0x0400) + +#define BIO_TYPE_FD (4|0x0400|0x0100) +#define BIO_TYPE_SOCKET (5|0x0400|0x0100) +#define BIO_TYPE_NULL (6|0x0400) +#define BIO_TYPE_SSL (7|0x0200) +#define BIO_TYPE_MD (8|0x0200) /* passive filter */ +#define BIO_TYPE_BUFFER (9|0x0200) /* filter */ +#define BIO_TYPE_CIPHER (10|0x0200) /* filter */ +#define BIO_TYPE_BASE64 (11|0x0200) /* filter */ +#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */ +#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */ +#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */ +#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ +#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ +#define BIO_TYPE_NULL_FILTER (17|0x0200) +#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ +#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ +#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ +#define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#ifndef OPENSSL_NO_SCTP +#define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) +#endif +#define BIO_TYPE_ASN1 (22|0x0200) /* filter */ +#define BIO_TYPE_COMP (23|0x0200) /* filter */ + +#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +#define BIO_TYPE_FILTER 0x0200 +#define BIO_TYPE_SOURCE_SINK 0x0400 + +/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ +#define BIO_NOCLOSE 0x00 +#define BIO_CLOSE 0x01 + +/* These are used in the following macros and are passed to + * BIO_ctrl() */ +#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ +#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ +#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ +#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ +#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ +#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ +#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ +#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ +#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ +#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ +#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ +#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ +#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ +/* callback is int cb(BIO *bio,state,ret); */ +#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ +#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ + +#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ + +/* dgram BIO stuff */ +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally + * connected socket to be + * passed in */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ + +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ +/* #endif */ + +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for + * MTU. want to use this + * if asking the kernel + * fails */ + +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU + * was exceed in the + * previous write + * operation */ + +#define BIO_CTRL_DGRAM_GET_PEER 46 +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ + +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to + * adjust socket timeouts */ + +#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +#ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +#endif + +/* modifiers */ +#define BIO_FP_READ 0x02 +#define BIO_FP_WRITE 0x04 +#define BIO_FP_APPEND 0x08 +#define BIO_FP_TEXT 0x10 + +#define BIO_FLAGS_READ 0x01 +#define BIO_FLAGS_WRITE 0x02 +#define BIO_FLAGS_IO_SPECIAL 0x04 +#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +#define BIO_FLAGS_SHOULD_RETRY 0x08 +#ifndef BIO_FLAGS_UPLINK +/* "UPLINK" flag denotes file descriptors provided by application. + It defaults to 0, as most platforms don't require UPLINK interface. */ +#define BIO_FLAGS_UPLINK 0 +#endif + +/* Used in BIO_gethostbyname() */ +#define BIO_GHBN_CTRL_HITS 1 +#define BIO_GHBN_CTRL_MISSES 2 +#define BIO_GHBN_CTRL_CACHE_SIZE 3 +#define BIO_GHBN_CTRL_GET_ENTRY 4 +#define BIO_GHBN_CTRL_FLUSH 5 + +/* Mostly used in the SSL BIO */ +/* Not used anymore + * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 + * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 + * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 + */ + +#define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* This is used with memory BIOs: it means we shouldn't free up or change the + * data in any way. + */ +#define BIO_FLAGS_MEM_RDONLY 0x200 + +typedef struct bio_st BIO; + +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +#define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +#define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* The next three are used in conjunction with the + * BIO_should_io_special() condition. After this returns true, + * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO + * stack and return the 'reason' for the special and the offending BIO. + * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ +/* Returned from the SSL bio when the certificate retrieval code had an error */ +#define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +#define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +#define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +#define BIO_CB_FREE 0x01 +#define BIO_CB_READ 0x02 +#define BIO_CB_WRITE 0x03 +#define BIO_CB_PUTS 0x04 +#define BIO_CB_GETS 0x05 +#define BIO_CB_CTRL 0x06 + +/* The callback is called before and after the underling operation, + * The BIO_CB_RETURN flag indicates if it is after the call */ +#define BIO_CB_RETURN 0x80 +#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +#define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long); +void BIO_set_callback(BIO *b, + long (*callback)(struct bio_st *,int,const char *,int, long,long)); +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +const char * BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); + +typedef struct bio_method_st + { + int type; + const char *name; + int (*bwrite)(BIO *, const char *, int); + int (*bread)(BIO *, char *, int); + int (*bputs)(BIO *, const char *); + int (*bgets)(BIO *, char *, int); + long (*ctrl)(BIO *, int, long, void *); + int (*create)(BIO *); + int (*destroy)(BIO *); + long (*callback_ctrl)(BIO *, int, bio_info_cb *); + } BIO_METHOD; + +struct bio_st + { + BIO_METHOD *method; + /* bio, mode, argp, argi, argl, ret */ + long (*callback)(struct bio_st *,int,const char *,int, long,long); + char *cb_arg; /* first argument for the callback */ + + int init; + int shutdown; + int flags; /* extra storage */ + int retry_reason; + int num; + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ + int references; + unsigned long num_read; + unsigned long num_write; + + CRYPTO_EX_DATA ex_data; + }; + +DECLARE_STACK_OF(BIO) + +typedef struct bio_f_buffer_ctx_struct + { + /* Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + + /* BIO *bio; */ /* this is now in the BIO struct */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ + } BIO_F_BUFFER_CTX; + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); + +#ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo + { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; + }; + +struct bio_dgram_sctp_rcvinfo + { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; + }; + +struct bio_dgram_sctp_prinfo + { + uint16_t pr_policy; + uint32_t pr_value; + }; +#endif + +/* connect BIO stuff */ +#define BIO_CONN_S_BEFORE 1 +#define BIO_CONN_S_GET_IP 2 +#define BIO_CONN_S_GET_PORT 3 +#define BIO_CONN_S_CREATE_SOCKET 4 +#define BIO_CONN_S_CONNECT 5 +#define BIO_CONN_S_OK 6 +#define BIO_CONN_S_BLOCKED_CONNECT 7 +#define BIO_CONN_S_NBIO 8 +/*#define BIO_CONN_get_param_hostname BIO_ctrl */ + +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 +#define BIO_C_SET_PROXY_PARAM 103 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 +#define BIO_C_GET_PROXY_PARAM 121 +#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ +#define BIO_C_GET_CONNECT 123 +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_MAKE_BIO_PAIR 138 +#define BIO_C_DESTROY_BIO_PAIR 139 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_NREAD0 143 +#define BIO_C_NREAD 144 +#define BIO_C_NWRITE0 145 +#define BIO_C_NWRITE 146 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 + +#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +#define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +/* BIO_s_connect() and BIO_s_socks4a_connect() */ +#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) +#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) +#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) +#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) +#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) +#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) + + +#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +/* BIO_s_accept_socket() */ +#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) +#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) + +#define BIO_BIND_NORMAL 0 +#define BIO_BIND_REUSEADDR_IF_UNUSED 1 +#define BIO_BIND_REUSEADDR 2 +#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +#define BIO_do_connect(b) BIO_do_handshake(b) +#define BIO_do_accept(b) BIO_do_handshake(b) +#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_proxy_client() */ +#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) +#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) +/* BIO_set_nbio(b,n) */ +#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) +/* BIO *BIO_get_filter_bio(BIO *bio); */ +#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) +#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) +#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) + +#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) +#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) +#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) +#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) + +#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + +#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) +#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) + +#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* name is cast to lose const, but might be better to route through a function + so we can do it safely */ +#ifdef CONST_STRICT +/* If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b,const char *name); +#else +#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)name) +#endif +#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* WARNING WARNING, this ups the reference count on the read bio of the + * SSL structure. This is because the ssl read BIO is now pointed to by + * the next_bio field in the bio. So when you free the BIO, make sure + * you are doing a BIO_free_all() to catch the underlying BIO. */ +#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) +#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +#define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); +#define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); +#define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ + +#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) +#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) +#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +#define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) + +/* For BIO_s_bio() */ +#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +#define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +#define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) +#define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) +#define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +/* These two aren't currently implemented */ +/* int BIO_get_ex_num(BIO *bio); */ +/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +int BIO_set_ex_data(BIO *bio,int idx,void *data); +void *BIO_get_ex_data(BIO *bio,int idx); +int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +unsigned long BIO_number_read(BIO *bio); +unsigned long BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +# ifndef OPENSSL_NO_FP_API +BIO_METHOD *BIO_s_file(void ); +BIO *BIO_new_file(const char *filename, const char *mode); +BIO *BIO_new_fp(FILE *stream, int close_flag); +# define BIO_s_file_internal BIO_s_file +# endif +BIO * BIO_new(BIO_METHOD *type); +int BIO_set(BIO *a,BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_vfree(BIO *a); +int BIO_read(BIO *b, void *data, int len); +int BIO_gets(BIO *bp,char *buf, int size); +int BIO_write(BIO *b, const void *data, int len); +int BIO_puts(BIO *bp,const char *buf); +int BIO_indent(BIO *b,int indent,int max); +long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); +char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); +long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); +BIO * BIO_push(BIO *b,BIO *append); +BIO * BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO * BIO_find_type(BIO *b,int bio_type); +BIO * BIO_next(BIO *b); +BIO * BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +BIO * BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, + long argl,long ret); + +BIO_METHOD *BIO_s_mem(void); +BIO *BIO_new_mem_buf(void *buf, int len); +BIO_METHOD *BIO_s_socket(void); +BIO_METHOD *BIO_s_connect(void); +BIO_METHOD *BIO_s_accept(void); +BIO_METHOD *BIO_s_fd(void); +#ifndef OPENSSL_SYS_OS2 +BIO_METHOD *BIO_s_log(void); +#endif +BIO_METHOD *BIO_s_bio(void); +BIO_METHOD *BIO_s_null(void); +BIO_METHOD *BIO_f_null(void); +BIO_METHOD *BIO_f_buffer(void); +#ifdef OPENSSL_SYS_VMS +BIO_METHOD *BIO_f_linebuffer(void); +#endif +BIO_METHOD *BIO_f_nbio_test(void); +#ifndef OPENSSL_NO_DGRAM +BIO_METHOD *BIO_s_datagram(void); +#ifndef OPENSSL_NO_SCTP +BIO_METHOD *BIO_s_datagram_sctp(void); +#endif +#endif + +/* BIO_METHOD *BIO_f_ber(void); */ + +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +int BIO_dgram_non_fatal_error(int error); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b,const char *bytes,int len); +int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); +#ifndef OPENSSL_NO_FP_API +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +#endif +struct hostent *BIO_gethostbyname(const char *name); +/* We might want a thread-safe interface too: + * struct hostent *BIO_gethostbyname_r(const char *name, + * struct hostent *result, void *buffer, size_t buflen); + * or something similar (caller allocates a struct hostent, + * pointed to by "result", and additional buffer space for the various + * substructures; if the buffer does not suffice, NULL is returned + * and an appropriate error code is set). + */ +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd,int mode); +int BIO_get_port(const char *str, unsigned short *port_ptr); +int BIO_get_host_ip(const char *str, unsigned char *ip); +int BIO_get_accept_socket(char *host_port,int mode); +int BIO_accept(int sock,char **ip_port); +int BIO_sock_init(void ); +void BIO_sock_cleanup(void); +int BIO_set_tcp_ndelay(int sock,int turn_on); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_dgram(int fd, int close_flag); +#ifndef OPENSSL_NO_SCTP +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications)(BIO *bio, void *context, void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +#endif +BIO *BIO_new_fd(int fd, int close_flag); +BIO *BIO_new_connect(char *host_port); +BIO *BIO_new_accept(char *host_port); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. + * Size 0 uses default value. + */ + +void BIO_copy_next_retry(BIO *b); + +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ + +#ifdef __GNUC__ +# define __bio_h__attr__ __attribute__ +#else +# define __bio_h__attr__(x) +#endif +int BIO_printf(BIO *bio, const char *format, ...) + __bio_h__attr__((__format__(__printf__,2,3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) + __bio_h__attr__((__format__(__printf__,2,0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) + __bio_h__attr__((__format__(__printf__,3,4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __bio_h__attr__((__format__(__printf__,3,0))); +#undef __bio_h__attr__ + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BIO_strings(void); + +/* Error codes for the BIO functions. */ + +/* Function codes. */ +#define BIO_F_ACPT_STATE 100 +#define BIO_F_BIO_ACCEPT 101 +#define BIO_F_BIO_BER_GET_HEADER 102 +#define BIO_F_BIO_CALLBACK_CTRL 131 +#define BIO_F_BIO_CTRL 103 +#define BIO_F_BIO_GETHOSTBYNAME 120 +#define BIO_F_BIO_GETS 104 +#define BIO_F_BIO_GET_ACCEPT_SOCKET 105 +#define BIO_F_BIO_GET_HOST_IP 106 +#define BIO_F_BIO_GET_PORT 107 +#define BIO_F_BIO_MAKE_PAIR 121 +#define BIO_F_BIO_NEW 108 +#define BIO_F_BIO_NEW_FILE 109 +#define BIO_F_BIO_NEW_MEM_BUF 126 +#define BIO_F_BIO_NREAD 123 +#define BIO_F_BIO_NREAD0 124 +#define BIO_F_BIO_NWRITE 125 +#define BIO_F_BIO_NWRITE0 122 +#define BIO_F_BIO_PUTS 110 +#define BIO_F_BIO_READ 111 +#define BIO_F_BIO_SOCK_INIT 112 +#define BIO_F_BIO_WRITE 113 +#define BIO_F_BUFFER_CTRL 114 +#define BIO_F_CONN_CTRL 127 +#define BIO_F_CONN_STATE 115 +#define BIO_F_DGRAM_SCTP_READ 132 +#define BIO_F_FILE_CTRL 116 +#define BIO_F_FILE_READ 130 +#define BIO_F_LINEBUFFER_CTRL 129 +#define BIO_F_MEM_READ 128 +#define BIO_F_MEM_WRITE 117 +#define BIO_F_SSL_NEW 118 +#define BIO_F_WSASTARTUP 119 + +/* Reason codes. */ +#define BIO_R_ACCEPT_ERROR 100 +#define BIO_R_BAD_FOPEN_MODE 101 +#define BIO_R_BAD_HOSTNAME_LOOKUP 102 +#define BIO_R_BROKEN_PIPE 124 +#define BIO_R_CONNECT_ERROR 103 +#define BIO_R_EOF_ON_MEMORY_BIO 127 +#define BIO_R_ERROR_SETTING_NBIO 104 +#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 +#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 +#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +#define BIO_R_INVALID_ARGUMENT 125 +#define BIO_R_INVALID_IP_ADDRESS 108 +#define BIO_R_IN_USE 123 +#define BIO_R_KEEPALIVE 109 +#define BIO_R_NBIO_CONNECT_ERROR 110 +#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 +#define BIO_R_NO_HOSTNAME_SPECIFIED 112 +#define BIO_R_NO_PORT_DEFINED 113 +#define BIO_R_NO_PORT_SPECIFIED 114 +#define BIO_R_NO_SUCH_FILE 128 +#define BIO_R_NULL_PARAMETER 115 +#define BIO_R_TAG_MISMATCH 116 +#define BIO_R_UNABLE_TO_BIND_SOCKET 117 +#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +#define BIO_R_UNINITIALIZED 120 +#define BIO_R_UNSUPPORTED_METHOD 121 +#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +#define BIO_R_WSASTARTUP 122 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h new file mode 100644 index 0000000000..4b6c8920a4 --- /dev/null +++ b/include/openssl/blowfish.h @@ -0,0 +1,129 @@ +/* crypto/bf/blowfish.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BLOWFISH_H +#define HEADER_BLOWFISH_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_BF +#error BF is disabled. +#endif + +#define BF_ENCRYPT 1 +#define BF_DECRYPT 0 + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! BF_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#if defined(__LP32__) +#define BF_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define BF_LONG unsigned long +#define BF_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +#else +#define BF_LONG unsigned int +#endif + +#define BF_ROUNDS 16 +#define BF_BLOCK 8 + +typedef struct bf_key_st + { + BF_LONG P[BF_ROUNDS+2]; + BF_LONG S[4*256]; + } BF_KEY; + +#ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +#endif +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data,const BF_KEY *key); +void BF_decrypt(BF_LONG *data,const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num); +const char *BF_options(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/bn.h b/include/openssl/bn.h new file mode 100644 index 0000000000..c4d618522e --- /dev/null +++ b/include/openssl/bn.h @@ -0,0 +1,904 @@ +/* crypto/bn/bn.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_BN_H +#define HEADER_BN_H + +#include +#ifndef OPENSSL_NO_FP_API +#include /* FILE */ +#endif +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +#ifndef OPENSSL_SMALL_FOOTPRINT +#define BN_MUL_COMBA +#define BN_SQR_COMBA +#define BN_RECURSION +#endif + +/* This next option uses the C libraries (2 word)/(1 word) function. + * If it is not defined, I use my C version (which is slower). + * The reason for this flag is that when the particular C compiler + * library routine is used, and the library is linked with a different + * compiler, the library is missing. This mostly happens when the + * library is built with gcc and then linked using normal cc. This would + * be a common occurrence because gcc normally produces code that is + * 2 times faster than system compilers for the big number stuff. + * For machines with only one compiler (or shared libraries), this should + * be on. Again this in only really a problem on machines + * using "long long's", are 32bit, and are not using my assembler code. */ +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# ifndef BN_DIV2W +# define BN_DIV2W +# endif +#endif + +/* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_ULLONG unsigned long long +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +#define BN_MASK2 (0xffffffffffffffffL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000L) +#define BN_MASK2h1 (0xffffffff80000000L) +#define BN_TBIT (0x8000000000000000L) +#define BN_DEC_CONV (10000000000000000000UL) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%019lu" +#define BN_DEC_NUM 19 +#define BN_HEX_FMT1 "%lX" +#define BN_HEX_FMT2 "%016lX" +#endif + +/* This is where the long long data type is 64 bits, but long is 32. + * For machines where there are 64bit registers, this is the mode to use. + * IRIX, on R4000 and above should use this mode, along with the relevant + * assembler code :-). Do NOT define BN_LLONG. + */ +#ifdef SIXTY_FOUR_BIT +#undef BN_LLONG +#undef BN_ULLONG +#define BN_ULONG unsigned long long +#define BN_LONG long long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffLL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000LL) +#define BN_MASK2h1 (0xffffffff80000000LL) +#define BN_TBIT (0x8000000000000000LL) +#define BN_DEC_CONV (10000000000000000000ULL) +#define BN_DEC_FMT1 "%llu" +#define BN_DEC_FMT2 "%019llu" +#define BN_DEC_NUM 19 +#define BN_HEX_FMT1 "%llX" +#define BN_HEX_FMT2 "%016llX" +#endif + +#ifdef THIRTY_TWO_BIT +#ifdef BN_LLONG +# if defined(_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# define BN_MASK (0xffffffffffffffffI64) +# else +# define BN_ULLONG unsigned long long +# define BN_MASK (0xffffffffffffffffLL) +# endif +#endif +#define BN_ULONG unsigned int +#define BN_LONG int +#define BN_BITS 64 +#define BN_BYTES 4 +#define BN_BITS2 32 +#define BN_BITS4 16 +#define BN_MASK2 (0xffffffffL) +#define BN_MASK2l (0xffff) +#define BN_MASK2h1 (0xffff8000L) +#define BN_MASK2h (0xffff0000L) +#define BN_TBIT (0x80000000L) +#define BN_DEC_CONV (1000000000L) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%09u" +#define BN_DEC_NUM 9 +#define BN_HEX_FMT1 "%X" +#define BN_HEX_FMT2 "%08X" +#endif + +/* 2011-02-22 SMS. + * In various places, a size_t variable or a type cast to size_t was + * used to perform integer-only operations on pointers. This failed on + * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is + * still only 32 bits. What's needed in these cases is an integer type + * with the same size as a pointer, which size_t is not certain to be. + * The only fix here is VMS-specific. + */ +#if defined(OPENSSL_SYS_VMS) +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_SIZE_INT long long +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_SIZE_INT int +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* defined(OPENSSL_SYS_VMS) */ +# define PTR_SIZE_INT size_t +#endif /* defined(OPENSSL_SYS_VMS) [else] */ + +#define BN_DEFAULT_BITS 1280 + +#define BN_FLG_MALLOCED 0x01 +#define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ + /* avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#endif + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif +#define BN_set_flags(b,n) ((b)->flags|=(n)) +#define BN_get_flags(b,n) ((b)->flags&(n)) + +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ +#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct bignum_st BIGNUM; +/* Used for temp variables (declaration hidden in bn_lcl.h) */ +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; +#endif + +struct bignum_st + { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st + { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0[2];/* least significant word(s) of Ni; + (type changed with 0.9.9, was "BN_ULONG n0;" before) */ + int flags; + }; + +/* Used for reciprocal division/mod functions + * It cannot be shared between threads + */ +struct bn_recp_ctx_st + { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; + }; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st + { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union + { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; + }; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +#define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } + +#define BN_prime_checks 0 /* default: select number of iterations + based on the size of the number */ + +/* number of Miller-Rabin iterations for an error rate of less than 2^-80 + * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook + * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; + * original paper: Damgaard, Landrock, Pomerance: Average case error estimates + * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ +#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ + (b) >= 450 ? 6 : \ + (b) >= 400 ? 7 : \ + (b) >= 350 ? 8 : \ + (b) >= 300 ? 9 : \ + (b) >= 250 ? 12 : \ + (b) >= 200 ? 15 : \ + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#define BN_is_zero(a) ((a)->top == 0) +#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + +#define BN_one(a) (BN_set_word((a),1)) +#define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) +#ifdef OPENSSL_NO_DEPRECATED +#define BN_zero(a) BN_zero_ex(a) +#else +#define BN_zero(a) (BN_set_word((a),0)) +#endif + +const BIGNUM *BN_value_one(void); +char * BN_options(void); +BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *c); +#endif +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_init(BIGNUM *); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +#define BN_is_negative(a) ((a)->neg != 0) + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, + BN_CTX *ctx,BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a,int n); +#ifndef OPENSSL_NO_FP_API +int BN_print_fp(FILE *fp, const BIGNUM *a); +#endif +#ifdef HEADER_BIO_H +int BN_print(BIO *fp, const BIGNUM *a); +#else +int BN_print(void *fp, const BIGNUM *a); +#endif +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char * BN_bn2hex(const BIGNUM *a); +char * BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *),void *cb_arg); +int BN_is_prime(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *), + BN_CTX *ctx,void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, + int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void ); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +#define BN_BLINDING_NO_UPDATE 0x00000001 +#define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +#ifndef OPENSSL_NO_DEPRECATED +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +#endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +#ifndef OPENSSL_NO_DEPRECATED +void BN_set_params(int mul,int high,int low,int mont); +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +#endif + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp,BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +#ifndef OPENSSL_NO_EC2M + +/* Functions for arithmetic over binary polynomials represented by BIGNUMs. + * + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. + * + * Note that input arguments are not const so that their bit arrays can + * be expanded to the appropriate size if needed. + */ + +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r^2 + r = a mod p */ +#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/* Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); + /* r = a mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +#endif + +/* faster mod functions for the 'NIST primes' + * 0 <= a < p^2 */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +/* library internal functions */ + +#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ + (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +#endif + +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include + +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else +#define bn_pollute(a) +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +#define bn_fix_top(a) bn_check_top(a) + +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while(0) + +#else /* !BN_DEBUG */ + +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) + +#endif + +#define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ + { \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ + } \ + bn_pollute(a); \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); + +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BN_strings(void); + +/* Error codes for the BN functions. */ + +/* Function codes. */ +#define BN_F_BNRAND 127 +#define BN_F_BN_BLINDING_CONVERT_EX 100 +#define BN_F_BN_BLINDING_CREATE_PARAM 128 +#define BN_F_BN_BLINDING_INVERT_EX 101 +#define BN_F_BN_BLINDING_NEW 102 +#define BN_F_BN_BLINDING_UPDATE 103 +#define BN_F_BN_BN2DEC 104 +#define BN_F_BN_BN2HEX 105 +#define BN_F_BN_CTX_GET 116 +#define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_CTX_START 129 +#define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_NO_BRANCH 138 +#define BN_F_BN_DIV_RECP 130 +#define BN_F_BN_EXP 123 +#define BN_F_BN_EXPAND2 108 +#define BN_F_BN_EXPAND_INTERNAL 120 +#define BN_F_BN_GF2M_MOD 131 +#define BN_F_BN_GF2M_MOD_EXP 132 +#define BN_F_BN_GF2M_MOD_MUL 133 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +#define BN_F_BN_GF2M_MOD_SQR 136 +#define BN_F_BN_GF2M_MOD_SQRT 137 +#define BN_F_BN_MOD_EXP2_MONT 118 +#define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +#define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_EXP_RECP 125 +#define BN_F_BN_MOD_EXP_SIMPLE 126 +#define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +#define BN_F_BN_MOD_LSHIFT_QUICK 119 +#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +#define BN_F_BN_MOD_SQRT 121 +#define BN_F_BN_MPI2BN 112 +#define BN_F_BN_NEW 113 +#define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 +#define BN_F_BN_USUB 115 + +/* Reason codes. */ +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 +#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +#define BN_R_DIV_BY_ZERO 103 +#define BN_R_ENCODING_ERROR 104 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INPUT_NOT_REDUCED 110 +#define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 +#define BN_R_NOT_A_SQUARE 111 +#define BN_R_NOT_INITIALIZED 107 +#define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 116 +#define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_MANY_ITERATIONS 113 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h new file mode 100644 index 0000000000..f8da32b485 --- /dev/null +++ b/include/openssl/buffer.h @@ -0,0 +1,119 @@ +/* crypto/buffer/buffer.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BUFFER_H +#define HEADER_BUFFER_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#if !defined(NO_SYS_TYPES_H) +#include +#endif + +/* Already declared in ossl_typ.h */ +/* typedef struct buf_mem_st BUF_MEM; */ + +struct buf_mem_st + { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + }; + +BUF_MEM *BUF_MEM_new(void); +void BUF_MEM_free(BUF_MEM *a); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + +/* safe string functions */ +size_t BUF_strlcpy(char *dst,const char *src,size_t siz); +size_t BUF_strlcat(char *dst,const char *src,size_t siz); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BUF_strings(void); + +/* Error codes for the BUF functions. */ + +/* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 +#define BUF_F_BUF_MEM_GROW 100 +#define BUF_F_BUF_MEM_GROW_CLEAN 105 +#define BUF_F_BUF_MEM_NEW 101 +#define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 + +/* Reason codes. */ + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h new file mode 100644 index 0000000000..67911e0adf --- /dev/null +++ b/include/openssl/camellia.h @@ -0,0 +1,130 @@ +/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_CAMELLIA_H +#define HEADER_CAMELLIA_H + +#include + +#ifdef OPENSSL_NO_CAMELLIA +#error CAMELLIA is disabled. +#endif + +#include + +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 + +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */ + +struct camellia_key_st + { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; + }; +typedef struct camellia_key_st CAMELLIA_KEY; + +#ifdef OPENSSL_FIPS +int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); +#endif +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_Camellia_H */ diff --git a/include/openssl/cast.h b/include/openssl/cast.h new file mode 100644 index 0000000000..203922ea2b --- /dev/null +++ b/include/openssl/cast.h @@ -0,0 +1,107 @@ +/* crypto/cast/cast.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CAST_H +#define HEADER_CAST_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#ifdef OPENSSL_NO_CAST +#error CAST is disabled. +#endif + +#define CAST_ENCRYPT 1 +#define CAST_DECRYPT 0 + +#define CAST_LONG unsigned int + +#define CAST_BLOCK 8 +#define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st + { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ + } CAST_KEY; + +#ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, + int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const CAST_KEY *ks, unsigned char *iv, int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h new file mode 100644 index 0000000000..712e92dced --- /dev/null +++ b/include/openssl/cmac.h @@ -0,0 +1,82 @@ +/* crypto/cmac/cmac.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMAC_H +#define HEADER_CMAC_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/cms.h b/include/openssl/cms.h new file mode 100644 index 0000000000..36994fa6a2 --- /dev/null +++ b/include/openssl/cms.h @@ -0,0 +1,501 @@ +/* crypto/cms/cms.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMS_H +#define HEADER_CMS_H + +#include + +#ifdef OPENSSL_NO_CMS +#error CMS is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(GENERAL_NAMES) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 +#define CMS_DEBUG_DECRYPT 0x20000 + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +#ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +#endif + +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, + unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, + unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +#ifdef HEADER_X509V3_H + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); + +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMS_strings(void); + +/* Error codes for the CMS functions. */ + +/* Function codes. */ +#define CMS_F_CHECK_CONTENT 99 +#define CMS_F_CMS_ADD0_CERT 164 +#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +#define CMS_F_CMS_ADD1_SIGNER 102 +#define CMS_F_CMS_ADD1_SIGNINGTIME 103 +#define CMS_F_CMS_COMPRESS 104 +#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +#define CMS_F_CMS_COPY_CONTENT 107 +#define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +#define CMS_F_CMS_DATA 109 +#define CMS_F_CMS_DATAFINAL 110 +#define CMS_F_CMS_DATAINIT 111 +#define CMS_F_CMS_DECRYPT 112 +#define CMS_F_CMS_DECRYPT_SET1_KEY 113 +#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +#define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +#define CMS_F_CMS_DIGEST_VERIFY 118 +#define CMS_F_CMS_ENCODE_RECEIPT 161 +#define CMS_F_CMS_ENCRYPT 119 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +#define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +#define CMS_F_CMS_FINAL 127 +#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +#define CMS_F_CMS_GET0_CONTENT 129 +#define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +#define CMS_F_CMS_GET0_ENVELOPED 131 +#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +#define CMS_F_CMS_GET0_SIGNED 133 +#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +#define CMS_F_CMS_RECEIPT_VERIFY 160 +#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +#define CMS_F_CMS_SET_DETACHED 147 +#define CMS_F_CMS_SIGN 148 +#define CMS_F_CMS_SIGNED_DATA_INIT 149 +#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +#define CMS_F_CMS_SIGNERINFO_SIGN 151 +#define CMS_F_CMS_SIGNERINFO_VERIFY 152 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +#define CMS_F_CMS_SIGN_RECEIPT 163 +#define CMS_F_CMS_STREAM 155 +#define CMS_F_CMS_UNCOMPRESS 156 +#define CMS_F_CMS_VERIFY 157 + +/* Reason codes. */ +#define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +#define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +#define CMS_R_CIPHER_INITIALISATION_ERROR 101 +#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +#define CMS_R_CMS_DATAFINAL_ERROR 103 +#define CMS_R_CMS_LIB 104 +#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +#define CMS_R_CONTENT_NOT_FOUND 105 +#define CMS_R_CONTENT_TYPE_MISMATCH 171 +#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +#define CMS_R_CONTENT_VERIFY_ERROR 109 +#define CMS_R_CTRL_ERROR 110 +#define CMS_R_CTRL_FAILURE 111 +#define CMS_R_DECRYPT_ERROR 112 +#define CMS_R_DIGEST_ERROR 161 +#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +#define CMS_R_ERROR_SETTING_KEY 115 +#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +#define CMS_R_INVALID_KEY_LENGTH 118 +#define CMS_R_MD_BIO_INIT_ERROR 119 +#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +#define CMS_R_MSGSIGDIGEST_ERROR 172 +#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +#define CMS_R_NEED_ONE_SIGNER 164 +#define CMS_R_NOT_A_SIGNED_RECEIPT 165 +#define CMS_R_NOT_ENCRYPTED_DATA 122 +#define CMS_R_NOT_KEK 123 +#define CMS_R_NOT_KEY_TRANSPORT 124 +#define CMS_R_NOT_PWRI 177 +#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +#define CMS_R_NO_CIPHER 126 +#define CMS_R_NO_CONTENT 127 +#define CMS_R_NO_CONTENT_TYPE 173 +#define CMS_R_NO_DEFAULT_DIGEST 128 +#define CMS_R_NO_DIGEST_SET 129 +#define CMS_R_NO_KEY 130 +#define CMS_R_NO_KEY_OR_CERT 174 +#define CMS_R_NO_MATCHING_DIGEST 131 +#define CMS_R_NO_MATCHING_RECIPIENT 132 +#define CMS_R_NO_MATCHING_SIGNATURE 166 +#define CMS_R_NO_MSGSIGDIGEST 167 +#define CMS_R_NO_PASSWORD 178 +#define CMS_R_NO_PRIVATE_KEY 133 +#define CMS_R_NO_PUBLIC_KEY 134 +#define CMS_R_NO_RECEIPT_REQUEST 168 +#define CMS_R_NO_SIGNERS 135 +#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +#define CMS_R_RECEIPT_DECODE_ERROR 169 +#define CMS_R_RECIPIENT_ERROR 137 +#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +#define CMS_R_SIGNFINAL_ERROR 139 +#define CMS_R_SMIME_TEXT_ERROR 140 +#define CMS_R_STORE_INIT_ERROR 141 +#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +#define CMS_R_TYPE_NOT_DATA 143 +#define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +#define CMS_R_UNKNOWN_CIPHER 148 +#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 +#define CMS_R_UNKNOWN_ID 150 +#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 +#define CMS_R_UNSUPPORTED_TYPE 156 +#define CMS_R_UNWRAP_ERROR 157 +#define CMS_R_UNWRAP_FAILURE 180 +#define CMS_R_VERIFICATION_FAILURE 158 +#define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/comp.h b/include/openssl/comp.h new file mode 100644 index 0000000000..4b405c7d49 --- /dev/null +++ b/include/openssl/comp.h @@ -0,0 +1,80 @@ + +#ifndef HEADER_COMP_H +#define HEADER_COMP_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct comp_ctx_st COMP_CTX; + +typedef struct comp_method_st + { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); + } COMP_METHOD; + +struct comp_ctx_st + { + COMP_METHOD *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; + + CRYPTO_EX_DATA ex_data; + }; + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +COMP_METHOD *COMP_rle(void ); +COMP_METHOD *COMP_zlib(void ); +void COMP_zlib_cleanup(void); + +#ifdef HEADER_BIO_H +#ifdef ZLIB +BIO_METHOD *BIO_f_zlib(void); +#endif +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_COMP_strings(void); + +/* Error codes for the COMP functions. */ + +/* Function codes. */ +#define COMP_F_BIO_ZLIB_FLUSH 99 +#define COMP_F_BIO_ZLIB_NEW 100 +#define COMP_F_BIO_ZLIB_READ 101 +#define COMP_F_BIO_ZLIB_WRITE 102 + +/* Reason codes. */ +#define COMP_R_ZLIB_DEFLATE_ERROR 99 +#define COMP_R_ZLIB_INFLATE_ERROR 100 +#define COMP_R_ZLIB_NOT_SUPPORTED 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/conf.h b/include/openssl/conf.h new file mode 100644 index 0000000000..c2199978a3 --- /dev/null +++ b/include/openssl/conf.h @@ -0,0 +1,263 @@ +/* crypto/conf/conf.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONF_H +#define HEADER_CONF_H + +#include +#include +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct + { + char *section; + char *name; + char *value; + } CONF_VALUE; + +DECLARE_STACK_OF(CONF_VALUE) +DECLARE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st + { + const char *name; + CONF *(*create)(CONF_METHOD *meth); + int (*init)(CONF *conf); + int (*destroy)(CONF *conf); + int (*destroy_data)(CONF *conf); + int (*load_bio)(CONF *conf, BIO *bp, long *eline); + int (*dump)(const CONF *conf, BIO *bp); + int (*is_number)(const CONF *conf, char c); + int (*to_int)(const CONF *conf, char c); + int (*load)(CONF *conf, const char *name, long *eline); + }; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func(CONF_IMODULE *md); + +#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +#define CONF_MFLAGS_SILENT 0x4 +#define CONF_MFLAGS_NO_DSO 0x8 +#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file, + long *eline); +#ifndef OPENSSL_NO_FP_API +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +#endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +void OPENSSL_config(const char *config_name); +void OPENSSL_no_config(void); + +/* New conf code. The semantics are different from the functions above. + If that wasn't the case, the above functions would have been replaced */ + +struct conf_st + { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + }; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +#if 0 /* Just to give you an idea of what I have in mind */ +CONF_METHOD *NCONF_XML(void); +#endif +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf,const char *file,long *eline); +#ifndef OPENSSL_NO_FP_API +int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); +#endif +int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section); +char *NCONF_get_string(const CONF *conf,const char *group,const char *name); +int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, + long *result); +int NCONF_dump_fp(const CONF *conf, FILE *out); +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#if 0 /* The following function has no error checking, + and should therefore be avoided */ +long NCONF_get_number(CONF *conf,char *group,char *name); +#else +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) +#endif + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +void CONF_modules_free(void); +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb)(const char *elem, int len, void *usr), void *arg); + +void OPENSSL_load_builtin_modules(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CONF_strings(void); + +/* Error codes for the CONF functions. */ + +/* Function codes. */ +#define CONF_F_CONF_DUMP_FP 104 +#define CONF_F_CONF_LOAD 100 +#define CONF_F_CONF_LOAD_BIO 102 +#define CONF_F_CONF_LOAD_FP 103 +#define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_CONF_PARSE_LIST 119 +#define CONF_F_DEF_LOAD 120 +#define CONF_F_DEF_LOAD_BIO 121 +#define CONF_F_MODULE_INIT 115 +#define CONF_F_MODULE_LOAD_DSO 117 +#define CONF_F_MODULE_RUN 118 +#define CONF_F_NCONF_DUMP_BIO 105 +#define CONF_F_NCONF_DUMP_FP 106 +#define CONF_F_NCONF_GET_NUMBER 107 +#define CONF_F_NCONF_GET_NUMBER_E 112 +#define CONF_F_NCONF_GET_SECTION 108 +#define CONF_F_NCONF_GET_STRING 109 +#define CONF_F_NCONF_LOAD 113 +#define CONF_F_NCONF_LOAD_BIO 110 +#define CONF_F_NCONF_LOAD_FP 114 +#define CONF_F_NCONF_NEW 111 +#define CONF_F_STR_COPY 101 + +/* Reason codes. */ +#define CONF_R_ERROR_LOADING_DSO 110 +#define CONF_R_LIST_CANNOT_BE_NULL 115 +#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +#define CONF_R_MISSING_EQUAL_SIGN 101 +#define CONF_R_MISSING_FINISH_FUNCTION 111 +#define CONF_R_MISSING_INIT_FUNCTION 112 +#define CONF_R_MODULE_INITIALIZATION_ERROR 109 +#define CONF_R_NO_CLOSE_BRACE 102 +#define CONF_R_NO_CONF 105 +#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +#define CONF_R_NO_SECTION 107 +#define CONF_R_NO_SUCH_FILE 114 +#define CONF_R_NO_VALUE 108 +#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +#define CONF_R_UNKNOWN_MODULE_NAME 113 +#define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h new file mode 100644 index 0000000000..87a954aff6 --- /dev/null +++ b/include/openssl/conf_api.h @@ -0,0 +1,89 @@ +/* conf_api.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONF_API_H +#define HEADER_CONF_API_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h new file mode 100644 index 0000000000..f92fc5182d --- /dev/null +++ b/include/openssl/crypto.h @@ -0,0 +1,611 @@ +/* crypto/crypto.h */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_CRYPTO_H +#define HEADER_CRYPTO_H + +#include + +#include + +#ifndef OPENSSL_NO_FP_API +#include +#endif + +#include +#include +#include +#include + +#ifdef CHARSET_EBCDIC +#include +#endif + +/* Resolve problems on some operating systems with symbol names that clash + one way or another */ +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Backward compatibility to SSLeay */ +/* This is more to be used to check the correct DLL is being used + * in the MS world. */ +#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +#define SSLEAY_VERSION 0 +/* #define SSLEAY_OPTIONS 1 no longer supported */ +#define SSLEAY_CFLAGS 2 +#define SSLEAY_BUILT_ON 3 +#define SSLEAY_PLATFORM 4 +#define SSLEAY_DIR 5 + +/* Already declared in ossl_typ.h */ +#if 0 +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Called when a new object is created */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when an object is free()ed */ +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when we need to dup an object */ +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +#endif + +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + +/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock + * names in cryptlib.c + */ + +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_EX_DATA 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_X509_CRL 6 +#define CRYPTO_LOCK_X509_REQ 7 +#define CRYPTO_LOCK_DSA 8 +#define CRYPTO_LOCK_RSA 9 +#define CRYPTO_LOCK_EVP_PKEY 10 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +#define CRYPTO_LOCK_SSL_METHOD 17 +#define CRYPTO_LOCK_RAND 18 +#define CRYPTO_LOCK_RAND2 19 +#define CRYPTO_LOCK_MALLOC 20 +#define CRYPTO_LOCK_BIO 21 +#define CRYPTO_LOCK_GETHOSTBYNAME 22 +#define CRYPTO_LOCK_GETSERVBYNAME 23 +#define CRYPTO_LOCK_READDIR 24 +#define CRYPTO_LOCK_RSA_BLINDING 25 +#define CRYPTO_LOCK_DH 26 +#define CRYPTO_LOCK_MALLOC2 27 +#define CRYPTO_LOCK_DSO 28 +#define CRYPTO_LOCK_DYNLOCK 29 +#define CRYPTO_LOCK_ENGINE 30 +#define CRYPTO_LOCK_UI 31 +#define CRYPTO_LOCK_ECDSA 32 +#define CRYPTO_LOCK_EC 33 +#define CRYPTO_LOCK_ECDH 34 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 + +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 + +#ifndef OPENSSL_NO_LOCKING +#ifndef CRYPTO_w_lock +#define CRYPTO_w_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +#define CRYPTO_w_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +#define CRYPTO_r_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) +#define CRYPTO_r_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) +#define CRYPTO_add(addr,amount,type) \ + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +#endif +#else +#define CRYPTO_w_lock(a) +#define CRYPTO_w_unlock(a) +#define CRYPTO_r_lock(a) +#define CRYPTO_r_unlock(a) +#define CRYPTO_add(a,b,c) ((*(a))+=(b)) +#endif + +/* Some applications as well as some parts of OpenSSL need to allocate + and deallocate locks in a dynamic fashion. The following typedef + makes this possible in a type-safe manner. */ +/* struct CRYPTO_dynlock_value has to be defined by the application. */ +typedef struct + { + int references; + struct CRYPTO_dynlock_value *data; + } CRYPTO_dynlock; + + +/* The following can be used to detect memory leaks in the SSLeay library. + * It used, it turns on malloc checking */ + +#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ +#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ +#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ +#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ + +/* The following are bit values to turn on or off options connected to the + * malloc checking functionality */ + +/* Adds time to the memory checking information */ +#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ +/* Adds thread number to the memory checking information */ +#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ + +#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) + + +/* predec of the BIO type */ +typedef struct bio_st BIO_dummy; + +struct crypto_ex_data_st + { + STACK_OF(void) *sk; + int dummy; /* gcc is screwing up this data structure :-( */ + }; +DECLARE_STACK_OF(void) + +/* This stuff is basically class callback functions + * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ + +typedef struct crypto_ex_data_func_st + { + long argl; /* Arbitary long */ + void *argp; /* Arbitary void * */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; + } CRYPTO_EX_DATA_FUNCS; + +DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + +/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA + * entry. + */ + +#define CRYPTO_EX_INDEX_BIO 0 +#define CRYPTO_EX_INDEX_SSL 1 +#define CRYPTO_EX_INDEX_SSL_CTX 2 +#define CRYPTO_EX_INDEX_SSL_SESSION 3 +#define CRYPTO_EX_INDEX_X509_STORE 4 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +#define CRYPTO_EX_INDEX_RSA 6 +#define CRYPTO_EX_INDEX_DSA 7 +#define CRYPTO_EX_INDEX_DH 8 +#define CRYPTO_EX_INDEX_ENGINE 9 +#define CRYPTO_EX_INDEX_X509 10 +#define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_ECDSA 12 +#define CRYPTO_EX_INDEX_ECDH 13 +#define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 + +/* Dynamically assigned indexes start from this value (don't use directly, use + * via CRYPTO_ex_data_new_class). */ +#define CRYPTO_EX_INDEX_USER 100 + + +/* This is the default callbacks, but we can have others as well: + * this is needed in Win32 where the application malloc and the + * library malloc may not be the same. + */ +#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ + malloc, realloc, free) + +#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD +# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ +# define CRYPTO_MDEBUG +# endif +#endif + +/* Set standard debugging functions (not done by default + * unless CRYPTO_MDEBUG is defined) */ +#define CRYPTO_malloc_debug_init() do {\ + CRYPTO_set_mem_debug_functions(\ + CRYPTO_dbg_malloc,\ + CRYPTO_dbg_realloc,\ + CRYPTO_dbg_free,\ + CRYPTO_dbg_set_options,\ + CRYPTO_dbg_get_options);\ + } while(0) + +int CRYPTO_mem_ctrl(int mode); +int CRYPTO_is_mem_check_on(void); + +/* for applications */ +#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) +#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) + +/* for library-internal use */ +#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) +#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) +#define is_MemCheck_on() CRYPTO_is_mem_check_on() + +#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +#define OPENSSL_realloc(addr,num) \ + CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) +#define OPENSSL_remalloc(addr,num) \ + CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_freeFunc CRYPTO_free +#define OPENSSL_free(addr) CRYPTO_free(addr) + +#define OPENSSL_malloc_locked(num) \ + CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) +#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + +const char *SSLeay_version(int type); +unsigned long SSLeay(void); + +int OPENSSL_issetugid(void); + +/* An opaque type representing an implementation of "ex_data" support */ +typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; +/* Return an opaque pointer to the current "ex_data" implementation */ +const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); +/* Sets the "ex_data" implementation to be used (if it's not too late) */ +int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); +/* Get a new "ex_data" class, and return the corresponding "class_index" */ +int CRYPTO_ex_data_new_class(void); +/* Within a given class, get/register a new index */ +int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given + * class (invokes whatever per-class callbacks are applicable) */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + CRYPTO_EX_DATA *from); +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index + * (relative to the class type involved) */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); +/* This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. */ +void CRYPTO_cleanup_all_ex_data(void); + +int CRYPTO_get_new_lockid(char *name); + +int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ +void CRYPTO_lock(int mode, int type,const char *file,int line); +void CRYPTO_set_locking_callback(void (*func)(int mode,int type, + const char *file,int line)); +void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, + int line); +void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, + const char *file, int line)); +int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, + const char *file,int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st + { + void *ptr; + unsigned long val; + } CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +#ifndef OPENSSL_NO_DEPRECATED +void CRYPTO_set_id_callback(unsigned long (*func)(void)); +unsigned long (*CRYPTO_get_id_callback(void))(void); +unsigned long CRYPTO_thread_id(void); +#endif + +const char *CRYPTO_get_lock_name(int type); +int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, + int line); + +int CRYPTO_get_new_dynlockid(void); +void CRYPTO_destroy_dynlockid(int i); +struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); +void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); +void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); +struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); +void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); +void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); + +/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- + * call the latter last if you need different functions */ +int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); +int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); +int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), + void *(*r)(void *,size_t,const char *,int), + void (*f)(void *)); +int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), + void (*free_func)(void *)); +int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), + void (*r)(void *,void *,int,const char *,int,int), + void (*f)(void *,int), + void (*so)(long), + long (*go)(void)); +void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); +void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); +void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), + void *(**r)(void *, size_t,const char *,int), + void (**f)(void *)); +void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), + void (**f)(void *)); +void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), + void (**r)(void *,void *,int,const char *,int,int), + void (**f)(void *,int), + void (**so)(long), + long (**go)(void)); + +void *CRYPTO_malloc_locked(int num, const char *file, int line); +void CRYPTO_free_locked(void *ptr); +void *CRYPTO_malloc(int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +void CRYPTO_free(void *ptr); +void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, + int line); +void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); + +void OPENSSL_cleanse(void *ptr, size_t len); + +void CRYPTO_set_mem_debug_options(long bits); +long CRYPTO_get_mem_debug_options(void); + +#define CRYPTO_push_info(info) \ + CRYPTO_push_info_(info, __FILE__, __LINE__); +int CRYPTO_push_info_(const char *info, const char *file, int line); +int CRYPTO_pop_info(void); +int CRYPTO_remove_all_info(void); + + +/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; + * used as default in CRYPTO_MDEBUG compilations): */ +/* The last argument has the following significance: + * + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); +void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); +void CRYPTO_dbg_free(void *addr,int before_p); +/* Tell the debugging code about options. By default, the following values + * apply: + * + * 0: Clear all options. + * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. + * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. + * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 + */ +void CRYPTO_dbg_set_options(long bits); +long CRYPTO_dbg_get_options(void); + + +#ifndef OPENSSL_NO_FP_API +void CRYPTO_mem_leaks_fp(FILE *); +#endif +void CRYPTO_mem_leaks(struct bio_st *bio); +/* unsigned long order, char *file, int line, int num_bytes, char *addr */ +typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); +void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) + +unsigned long *OPENSSL_ia32cap_loc(void); +#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); + +#define fips_md_init(alg) fips_md_init_ctx(alg, alg) + +#ifdef OPENSSL_FIPS +#define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) \ + { \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(cx##_CTX *c) + +#define fips_cipher_abort(alg) \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to cipher " #alg " forbidden in FIPS mode!") + +#else +#define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) +#define fips_cipher_abort(alg) while(0) +#endif + +/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a + * defined order as the return value when a != b is undefined, other than to be + * non-zero. */ +int CRYPTO_memcmp(const void *a, const void *b, size_t len); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CRYPTO_strings(void); + +/* Error codes for the CRYPTO functions. */ + +/* Function codes. */ +#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 +#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +#define CRYPTO_F_DEF_ADD_INDEX 104 +#define CRYPTO_F_DEF_GET_CLASS 105 +#define CRYPTO_F_FIPS_MODE_SET 109 +#define CRYPTO_F_INT_DUP_EX_DATA 106 +#define CRYPTO_F_INT_FREE_EX_DATA 107 +#define CRYPTO_F_INT_NEW_EX_DATA 108 + +/* Reason codes. */ +#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/des.h b/include/openssl/des.h new file mode 100644 index 0000000000..1eaedcbd24 --- /dev/null +++ b/include/openssl/des.h @@ -0,0 +1,248 @@ +/* crypto/des/des.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_NEW_DES_H +#define HEADER_NEW_DES_H + +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, + DES_LONG (via openssl/opensslconf.h */ + +#ifdef OPENSSL_NO_DES +#error DES is disabled. +#endif + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * + * and const_DES_cblock * are incompatible pointer types. */ + +typedef struct DES_ks + { + union + { + DES_cblock cblock; + /* make sure things are correct size on machines with + * 8 byte longs */ + DES_LONG deslong[2]; + } ks[16]; + } DES_key_schedule; + +#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT +# define OPENSSL_ENABLE_OLD_DES_SUPPORT +# endif +#endif + +#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT +# include +#endif + +#define DES_KEY_SZ (sizeof(DES_cblock)) +#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +#define DES_CBC_MODE 0 +#define DES_PCBC_MODE 1 + +#define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ +#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) +OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ +#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, + long length,DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + int enc); +void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + int enc); +void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + const_DES_cblock *inw,const_DES_cblock *outw,int enc); +void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + int enc); +void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output, + DES_key_schedule *ks,int enc); + +/* This is the DES encryption function that gets called by just about + every other DES routine in the library. You should not use this + function except to implement 'modes' of DES. I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. The characters are loaded 'little endian'. + Data is a pointer to 2 unsigned long's and ks is the + DES_key_schedule to use. enc, is non zero specifies encryption, + zero if decryption. */ +void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc); + +/* This functions is the same as DES_encrypt1() except that the DES + initial permutation (IP) and final permutation (FP) have been left + out. As for DES_encrypt1(), you should not use this function. + It is used by the routines in the library that implement triple DES. + IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same + as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ +void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, + long length, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3,DES_cblock *ivec,int enc); +void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, + long length, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec1,DES_cblock *ivec2, + int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, + long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int *num,int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, + int numbits,long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, + long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int *num); +#if 0 +void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, + DES_cblock *out_white); +#endif + +int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, + DES_cblock *iv); +int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, + DES_cblock *iv); +char *DES_fcrypt(const char *buf,const char *salt, char *ret); +char *DES_crypt(const char *buf,const char *salt); +void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, + long length,DES_key_schedule *schedule,DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + int enc); +DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[], + long length,int out_count,DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. */ +int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); +#ifdef OPENSSL_FIPS +void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); +#endif +void DES_string_to_key(const char *str,DES_cblock *key); +void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, + DES_key_schedule *schedule,DES_cblock *ivec,int *num, + int enc); +void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, + DES_key_schedule *schedule,DES_cblock *ivec,int *num); + +int DES_read_password(DES_cblock *key, const char *prompt, int verify); +int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, + int verify); + +#define DES_fixup_key_parity DES_set_odd_parity + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/des_old.h b/include/openssl/des_old.h new file mode 100644 index 0000000000..2b2c372354 --- /dev/null +++ b/include/openssl/des_old.h @@ -0,0 +1,446 @@ +/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ + +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * The function names in here are deprecated and are only present to + * provide an interface compatible with openssl 0.9.6 and older as + * well as libdes. OpenSSL now provides functions where "des_" has + * been replaced with "DES_" in the names, to make it possible to + * make incompatible changes that are needed for C type security and + * other stuff. + * + * This include files has two compatibility modes: + * + * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API + * that is compatible with libdes and SSLeay. + * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an + * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. + * + * Note that these modes break earlier snapshots of OpenSSL, where + * libdes compatibility was the only available mode or (later on) the + * prefered compatibility mode. However, after much consideration + * (and more or less violent discussions with external parties), it + * was concluded that OpenSSL should be compatible with earlier versions + * of itself before anything else. Also, in all honesty, libdes is + * an old beast that shouldn't really be used any more. + * + * Please consider starting to use the DES_ functions rather than the + * des_ ones. The des_ functions will disappear completely before + * OpenSSL 1.0! + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DES_H +#define HEADER_DES_H + +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + +#ifdef OPENSSL_NO_DES +#error DES is disabled. +#endif + +#ifndef HEADER_NEW_DES_H +#error You must include des.h, not des_old.h directly. +#endif + +#ifdef _KERBEROS_DES_H +#error replaces . +#endif + +#include + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef _ +#undef _ +#endif + +typedef unsigned char _ossl_old_des_cblock[8]; +typedef struct _ossl_old_des_ks_struct + { + union { + _ossl_old_des_cblock _; + /* make sure things are correct size on machines with + * 8 byte longs */ + DES_LONG pad[2]; + } ks; + } _ossl_old_des_key_schedule[16]; + +#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY +#define des_cblock DES_cblock +#define const_des_cblock const_DES_cblock +#define des_key_schedule DES_key_schedule +#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ + DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) +#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ + DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) +#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ + DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) +#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ + DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) +#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ + DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) +#define des_options()\ + DES_options() +#define des_cbc_cksum(i,o,l,k,iv)\ + DES_cbc_cksum((i),(o),(l),&(k),(iv)) +#define des_cbc_encrypt(i,o,l,k,iv,e)\ + DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) +#define des_ncbc_encrypt(i,o,l,k,iv,e)\ + DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) +#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ + DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) +#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) +#define des_ecb_encrypt(i,o,k,e)\ + DES_ecb_encrypt((i),(o),&(k),(e)) +#define des_encrypt1(d,k,e)\ + DES_encrypt1((d),&(k),(e)) +#define des_encrypt2(d,k,e)\ + DES_encrypt2((d),&(k),(e)) +#define des_encrypt3(d,k1,k2,k3)\ + DES_encrypt3((d),&(k1),&(k2),&(k3)) +#define des_decrypt3(d,k1,k2,k3)\ + DES_decrypt3((d),&(k1),&(k2),&(k3)) +#define des_xwhite_in2out(k,i,o)\ + DES_xwhite_in2out((k),(i),(o)) +#define des_enc_read(f,b,l,k,iv)\ + DES_enc_read((f),(b),(l),&(k),(iv)) +#define des_enc_write(f,b,l,k,iv)\ + DES_enc_write((f),(b),(l),&(k),(iv)) +#define des_fcrypt(b,s,r)\ + DES_fcrypt((b),(s),(r)) +#if 0 +#define des_crypt(b,s)\ + DES_crypt((b),(s)) +#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) +#define crypt(b,s)\ + DES_crypt((b),(s)) +#endif +#endif +#define des_ofb_encrypt(i,o,n,l,k,iv)\ + DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) +#define des_pcbc_encrypt(i,o,l,k,iv,e)\ + DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) +#define des_quad_cksum(i,o,l,c,s)\ + DES_quad_cksum((i),(o),(l),(c),(s)) +#define des_random_seed(k)\ + _ossl_096_des_random_seed((k)) +#define des_random_key(r)\ + DES_random_key((r)) +#define des_read_password(k,p,v) \ + DES_read_password((k),(p),(v)) +#define des_read_2passwords(k1,k2,p,v) \ + DES_read_2passwords((k1),(k2),(p),(v)) +#define des_set_odd_parity(k)\ + DES_set_odd_parity((k)) +#define des_check_key_parity(k)\ + DES_check_key_parity((k)) +#define des_is_weak_key(k)\ + DES_is_weak_key((k)) +#define des_set_key(k,ks)\ + DES_set_key((k),&(ks)) +#define des_key_sched(k,ks)\ + DES_key_sched((k),&(ks)) +#define des_set_key_checked(k,ks)\ + DES_set_key_checked((k),&(ks)) +#define des_set_key_unchecked(k,ks)\ + DES_set_key_unchecked((k),&(ks)) +#define des_string_to_key(s,k)\ + DES_string_to_key((s),(k)) +#define des_string_to_2keys(s,k1,k2)\ + DES_string_to_2keys((s),(k1),(k2)) +#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ + DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) +#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ + DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) + + +#define des_ecb2_encrypt(i,o,k1,k2,e) \ + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +#define des_check_key DES_check_key +#define des_rw_mode DES_rw_mode +#else /* libdes compatibility */ +/* Map all symbol names to _ossl_old_des_* form, so we avoid all + clashes with libdes */ +#define des_cblock _ossl_old_des_cblock +#define des_key_schedule _ossl_old_des_key_schedule +#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ + _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) +#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ + _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) +#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ + _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) +#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ + _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) +#define des_options()\ + _ossl_old_des_options() +#define des_cbc_cksum(i,o,l,k,iv)\ + _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) +#define des_cbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_ncbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ + _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) +#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) +#define des_ecb_encrypt(i,o,k,e)\ + _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) +#define des_encrypt(d,k,e)\ + _ossl_old_des_encrypt((d),(k),(e)) +#define des_encrypt2(d,k,e)\ + _ossl_old_des_encrypt2((d),(k),(e)) +#define des_encrypt3(d,k1,k2,k3)\ + _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) +#define des_decrypt3(d,k1,k2,k3)\ + _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) +#define des_xwhite_in2out(k,i,o)\ + _ossl_old_des_xwhite_in2out((k),(i),(o)) +#define des_enc_read(f,b,l,k,iv)\ + _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) +#define des_enc_write(f,b,l,k,iv)\ + _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) +#define des_fcrypt(b,s,r)\ + _ossl_old_des_fcrypt((b),(s),(r)) +#define des_crypt(b,s)\ + _ossl_old_des_crypt((b),(s)) +#if 0 +#define crypt(b,s)\ + _ossl_old_crypt((b),(s)) +#endif +#define des_ofb_encrypt(i,o,n,l,k,iv)\ + _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) +#define des_pcbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) +#define des_quad_cksum(i,o,l,c,s)\ + _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) +#define des_random_seed(k)\ + _ossl_old_des_random_seed((k)) +#define des_random_key(r)\ + _ossl_old_des_random_key((r)) +#define des_read_password(k,p,v) \ + _ossl_old_des_read_password((k),(p),(v)) +#define des_read_2passwords(k1,k2,p,v) \ + _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) +#define des_set_odd_parity(k)\ + _ossl_old_des_set_odd_parity((k)) +#define des_is_weak_key(k)\ + _ossl_old_des_is_weak_key((k)) +#define des_set_key(k,ks)\ + _ossl_old_des_set_key((k),(ks)) +#define des_key_sched(k,ks)\ + _ossl_old_des_key_sched((k),(ks)) +#define des_string_to_key(s,k)\ + _ossl_old_des_string_to_key((s),(k)) +#define des_string_to_2keys(s,k1,k2)\ + _ossl_old_des_string_to_2keys((s),(k1),(k2)) +#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ + _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) +#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ + _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) + + +#define des_ecb2_encrypt(i,o,k1,k2,e) \ + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +#define des_check_key DES_check_key +#define des_rw_mode DES_rw_mode +#endif + +const char *_ossl_old_des_options(void); +void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, int enc); +DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec, + _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc); +void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, + long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks,int enc); +void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); +void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); +void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); +void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); +void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc); +void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc); +void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, + long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); +#if 0 +void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), + _ossl_old_des_cblock (*out_white)); +#endif + +int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); +int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); +char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); +char *_ossl_old_des_crypt(const char *buf,const char *salt); +#if !defined(PERL5) && !defined(NeXT) +char *_ossl_old_crypt(const char *buf,const char *salt); +#endif +void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, + int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, + _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, + long length,int out_count,_ossl_old_des_cblock *seed); +void _ossl_old_des_random_seed(_ossl_old_des_cblock key); +void _ossl_old_des_random_key(_ossl_old_des_cblock ret); +int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify); +int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2, + const char *prompt,int verify); +void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); +int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); +int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key); +void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2); +void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, + _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc); +void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, + _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); + +void _ossl_096_des_random_seed(des_cblock *key); + +/* The following definitions provide compatibility with the MIT Kerberos + * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ + +#define _KERBEROS_DES_H + +#define KRBDES_ENCRYPT DES_ENCRYPT +#define KRBDES_DECRYPT DES_DECRYPT + +#ifdef KERBEROS +# define ENCRYPT DES_ENCRYPT +# define DECRYPT DES_DECRYPT +#endif + +#ifndef NCOMPAT +# define C_Block des_cblock +# define Key_schedule des_key_schedule +# define KEY_SZ DES_KEY_SZ +# define string_to_key des_string_to_key +# define read_pw_string des_read_pw_string +# define random_key des_random_key +# define pcbc_encrypt des_pcbc_encrypt +# define set_key des_set_key +# define key_sched des_key_sched +# define ecb_encrypt des_ecb_encrypt +# define cbc_encrypt des_cbc_encrypt +# define ncbc_encrypt des_ncbc_encrypt +# define xcbc_encrypt des_xcbc_encrypt +# define cbc_cksum des_cbc_cksum +# define quad_cksum des_quad_cksum +# define check_parity des_check_key_parity +#endif + +#define des_fixup_key_parity DES_fixup_key_parity + +#ifdef __cplusplus +} +#endif + +/* for DES_read_pw_string et al */ +#include + +#endif diff --git a/include/openssl/dh.h b/include/openssl/dh.h new file mode 100644 index 0000000000..ea59e610ef --- /dev/null +++ b/include/openssl/dh.h @@ -0,0 +1,280 @@ +/* crypto/dh/dh.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_H +#define HEADER_DH_H + +#include + +#ifdef OPENSSL_NO_DH +#error DH is disabled. +#endif + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif + +#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ + +/* If this flag is set the DH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DH_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +struct dh_method + { + const char *name; + /* Methods here */ + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); + }; + +struct dh_st + { + /* This first argument is used to pick up errors when + * a DH is passed instead of a EVP_PKEY */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; + }; + +#define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +#define DH_GENERATOR_5 5 + +/* DH_check error codes */ +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +#define DH_NOT_SUITABLE_GENERATOR 0x08 + +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + +/* primes p where (p-1)/2 is prime too are called "safe"; we define + this for backward compatibility: */ +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ + (unsigned char *)(x)) +#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH * DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED +DH * DH_generate_parameters(int prime_len,int generator, + void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + +int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); +DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); +int i2d_DHparams(const DH *a,unsigned char **pp); +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x); +#endif +#ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +#else +int DHparams_print(char *bp, const DH *x); +#endif + +#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DH_strings(void); + +/* Error codes for the DH functions. */ + +/* Function codes. */ +#define DH_F_COMPUTE_KEY 102 +#define DH_F_DHPARAMS_PRINT_FP 101 +#define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_COMPUTE_KEY 114 +#define DH_F_DH_GENERATE_KEY 115 +#define DH_F_DH_GENERATE_PARAMETERS_EX 116 +#define DH_F_DH_NEW_METHOD 105 +#define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PRIV_DECODE 110 +#define DH_F_DH_PRIV_ENCODE 111 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 +#define DH_F_DO_DH_PRINT 100 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 +#define DH_F_PKEY_DH_KEYGEN 113 + +/* Reason codes. */ +#define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_DECODE_ERROR 104 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEYS_NOT_SET 108 +#define DH_R_KEY_SIZE_TOO_SMALL 110 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NON_FIPS_METHOD 111 +#define DH_R_NO_PARAMETERS_SET 107 +#define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h new file mode 100644 index 0000000000..a6f6d0b0b2 --- /dev/null +++ b/include/openssl/dsa.h @@ -0,0 +1,327 @@ +/* crypto/dsa/dsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * The DSS routines are based on patches supplied by + * Steven Schoch . He basically did the + * work and I have just tweaked them a little to fit into my + * stylistic vision for SSLeay :-) */ + +#ifndef HEADER_DSA_H +#define HEADER_DSA_H + +#include + +#ifdef OPENSSL_NO_DSA +#error DSA is disabled. +#endif + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED +#include +#ifndef OPENSSL_NO_DH +# include +#endif +#endif + +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + +#define DSA_FLAG_CACHE_MONT_P 0x01 +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ + +/* If this flag is set the DSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st + { + BIGNUM *r; + BIGNUM *s; + } DSA_SIG; + +struct dsa_method + { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; + char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); + }; + +struct dsa_st + { + /* This first variable is used to pick up errors where + * a DSA is passed instead of of a EVP_PKEY */ + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + + BIGNUM *kinv; /* Signing pre-calc */ + BIGNUM *r; /* Signing pre-calc */ + + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + int references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + }; + +#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + + +DSA *DSAparams_dup(DSA *x); +DSA_SIG * DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); + +DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); +int DSA_do_verify(const unsigned char *dgst,int dgst_len, + DSA_SIG *sig,DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); + +DSA * DSA_new(void); +DSA * DSA_new_method(ENGINE *engine); +void DSA_free (DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); + /* next 4 return -1 on error */ +int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); +int DSA_sign(int type,const unsigned char *dgst,int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type,const unsigned char *dgst,int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED +DSA * DSA_generate_parameters(int bits, + unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret,void + (*callback)(int, int, void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a,unsigned char **pp); + +#ifndef OPENSSL_NO_BIO +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +#endif + +#define DSS_prime_checks 50 +/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: + * 50 rounds of Rabin-Miller */ +#define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +#ifndef OPENSSL_NO_DH +/* Convert DSA structure (key or just parameters) into DH structure + * (be careful to avoid small subgroup attacks when using this!) */ +DH *DSA_dup_DH(const DSA *r); +#endif + +#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DSA_strings(void); + +/* Error codes for the DSA functions. */ + +/* Function codes. */ +#define DSA_F_D2I_DSA_SIG 110 +#define DSA_F_DO_DSA_PRINT 104 +#define DSA_F_DSAPARAMS_PRINT 100 +#define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_DO_SIGN 112 +#define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_GENERATE_KEY 124 +#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 +#define DSA_F_DSA_NEW_METHOD 103 +#define DSA_F_DSA_PARAM_DECODE 119 +#define DSA_F_DSA_PRINT_FP 105 +#define DSA_F_DSA_PRIV_DECODE 115 +#define DSA_F_DSA_PRIV_ENCODE 116 +#define DSA_F_DSA_PUB_DECODE 117 +#define DSA_F_DSA_PUB_ENCODE 118 +#define DSA_F_DSA_SIGN 106 +#define DSA_F_DSA_SIGN_SETUP 107 +#define DSA_F_DSA_SIG_NEW 109 +#define DSA_F_DSA_SIG_PRINT 125 +#define DSA_F_DSA_VERIFY 108 +#define DSA_F_I2D_DSA_SIG 111 +#define DSA_F_OLD_DSA_PRIV_DECODE 122 +#define DSA_F_PKEY_DSA_CTRL 120 +#define DSA_F_PKEY_DSA_KEYGEN 121 +#define DSA_F_SIG_CB 114 + +/* Reason codes. */ +#define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 +#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_DECODE_ERROR 104 +#define DSA_R_INVALID_DIGEST_TYPE 106 +#define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NEED_NEW_SETUP_VALUES 110 +#define DSA_R_NON_FIPS_DSA_METHOD 111 +#define DSA_R_NO_PARAMETERS_SET 107 +#define DSA_R_PARAMETER_ENCODING_ERROR 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/dso.h b/include/openssl/dso.h new file mode 100644 index 0000000000..839f2e0617 --- /dev/null +++ b/include/openssl/dso.h @@ -0,0 +1,409 @@ +/* dso.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DSO_H +#define HEADER_DSO_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* These values are used as commands to DSO_ctrl() */ +#define DSO_CTRL_GET_FLAGS 1 +#define DSO_CTRL_SET_FLAGS 2 +#define DSO_CTRL_OR_FLAGS 3 + +/* By default, DSO_load() will translate the provided filename into a form + * typical for the platform (more specifically the DSO_METHOD) using the + * dso_name_converter function of the method. Eg. win32 will transform "blah" + * into "blah.dll", and dlfcn will transform it into "libblah.so". The + * behaviour can be overriden by setting the name_converter callback in the DSO + * object (using DSO_set_name_converter()). This callback could even utilise + * the DSO_METHOD's converter too if it only wants to override behaviour for + * one or two possible DSO methods. However, the following flag can be set in a + * DSO to prevent *any* native name-translation at all - eg. if the caller has + * prompted the user for a path to a driver library so the filename should be + * interpreted as-is. */ +#define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +/* An extra flag to give if only the extension should be added as + * translation. This is obviously only of importance on Unix and + * other operating systems where the translation also may prefix + * the name with something, like 'lib', and ignored everywhere else. + * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used + * at the same time. */ +#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 + +/* The following flag controls the translation of symbol names to upper + * case. This is currently only being implemented for OpenVMS. + */ +#define DSO_FLAG_UPCASE_SYMBOL 0x10 + +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + + +typedef void (*DSO_FUNC_TYPE)(void); + +typedef struct dso_st DSO; + +/* The function prototype used for method functions (or caller-provided + * callbacks) that transform filenames. They are passed a DSO structure pointer + * (or NULL if they are to be used independantly of a DSO object) and a + * filename to transform. They should either return NULL (if there is an error + * condition) or a newly allocated string containing the transformed form that + * the caller will need to free with OPENSSL_free() when done. */ +typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +/* The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a + * DSO structure pointer (or NULL if they are to be used independantly of + * a DSO object) and two file specifications to merge. They should + * either return NULL (if there is an error condition) or a newly allocated + * string containing the result of merging that the caller will need + * to free with OPENSSL_free() when done. + * Here, merging means that bits and pieces are taken from each of the + * file specifications and added together in whatever fashion that is + * sensible for the DSO method in question. The only rule that really + * applies is that if the two specification contain pieces of the same + * type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the + * second being a bunch of defaults to add on if they're missing in the + * first. */ +typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); + +typedef struct dso_meth_st + { + const char *name; + /* Loads a shared library, NB: new DSO_METHODs must ensure that a + * successful load populates the loaded_filename field, and likewise a + * successful unload OPENSSL_frees and NULLs it out. */ + int (*dso_load)(DSO *dso); + /* Unloads a shared library */ + int (*dso_unload)(DSO *dso); + /* Binds a variable */ + void *(*dso_bind_var)(DSO *dso, const char *symname); + /* Binds a function - assumes a return type of DSO_FUNC_TYPE. + * This should be cast to the real function prototype by the + * caller. Platforms that don't have compatible representations + * for different prototypes (this is possible within ANSI C) + * are highly unlikely to have shared libraries at all, let + * alone a DSO_METHOD implemented for them. */ + DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname); + +/* I don't think this would actually be used in any circumstances. */ +#if 0 + /* Unbinds a variable */ + int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr); + /* Unbinds a function */ + int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); +#endif + /* The generic (yuck) "ctrl()" function. NB: Negative return + * values (rather than zero) indicate errors. */ + long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); + /* The default DSO_METHOD-specific function for converting filenames to + * a canonical native form. */ + DSO_NAME_CONVERTER_FUNC dso_name_converter; + /* The default DSO_METHOD-specific function for converting filenames to + * a canonical native form. */ + DSO_MERGER_FUNC dso_merger; + + /* [De]Initialisation handlers. */ + int (*init)(DSO *dso); + int (*finish)(DSO *dso); + + /* Return pathname of the module containing location */ + int (*pathbyaddr)(void *addr,char *path,int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup)(const char *symname); + } DSO_METHOD; + +/**********************************************************************/ +/* The low-level handle type used to refer to a loaded shared library */ + +struct dso_st + { + DSO_METHOD *meth; + /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS + * doesn't use anything but will need to cache the filename + * for use in the dso_bind handler. All in all, let each + * method control its own destiny. "Handles" and such go in + * a STACK. */ + STACK_OF(void) *meth_data; + int references; + int flags; + /* For use by applications etc ... use this for your bits'n'pieces, + * don't touch meth_data! */ + CRYPTO_EX_DATA ex_data; + /* If this callback function pointer is set to non-NULL, then it will + * be used in DSO_load() in place of meth->dso_name_converter. NB: This + * should normally set using DSO_set_name_converter(). */ + DSO_NAME_CONVERTER_FUNC name_converter; + /* If this callback function pointer is set to non-NULL, then it will + * be used in DSO_load() in place of meth->dso_merger. NB: This + * should normally set using DSO_set_merger(). */ + DSO_MERGER_FUNC merger; + /* This is populated with (a copy of) the platform-independant + * filename used for this DSO. */ + char *filename; + /* This is populated with (a copy of) the translated filename by which + * the DSO was actually loaded. It is NULL iff the DSO is not currently + * loaded. NB: This is here because the filename translation process + * may involve a callback being invoked more than once not only to + * convert to a platform-specific form, but also to try different + * filenames in the process of trying to perform a load. As such, this + * variable can be used to indicate (a) whether this DSO structure + * corresponds to a loaded library or not, and (b) the filename with + * which it was actually loaded. */ + char *loaded_filename; + }; + + +DSO * DSO_new(void); +DSO * DSO_new_method(DSO_METHOD *method); +int DSO_free(DSO *dso); +int DSO_flags(DSO *dso); +int DSO_up_ref(DSO *dso); +long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); + +/* This function sets the DSO's name_converter callback. If it is non-NULL, + * then it will be used instead of the associated DSO_METHOD's function. If + * oldcb is non-NULL then it is set to the function pointer value being + * replaced. Return value is non-zero for success. */ +int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, + DSO_NAME_CONVERTER_FUNC *oldcb); +/* These functions can be used to get/set the platform-independant filename + * used for a DSO. NB: set will fail if the DSO is already loaded. */ +const char *DSO_get_filename(DSO *dso); +int DSO_set_filename(DSO *dso, const char *filename); +/* This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a + * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that + * caller-created DSO_METHODs can do the same thing. A non-NULL return value + * will need to be OPENSSL_free()'d. */ +char *DSO_convert_filename(DSO *dso, const char *filename); +/* This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * OPENSSL_free()'d. */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); +/* If the DSO is currently loaded, this returns the filename that it was loaded + * under, otherwise it returns NULL. So it is also useful as a test as to + * whether the DSO is currently loaded. NB: This will not necessarily return + * the same value as DSO_convert_filename(dso, dso->filename), because the + * DSO_METHOD's load function may have tried a variety of filenames (with + * and/or without the aid of the converters) before settling on the one it + * actually loaded. */ +const char *DSO_get_loaded_filename(DSO *dso); + +void DSO_set_default_method(DSO_METHOD *meth); +DSO_METHOD *DSO_get_default_method(void); +DSO_METHOD *DSO_get_method(DSO *dso); +DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); + +/* The all-singing all-dancing load function, you normally pass NULL + * for the first and third parameters. Use DSO_up and DSO_free for + * subsequent reference count handling. Any flags passed in will be set + * in the constructed DSO after its init() function but before the + * load operation. If 'dso' is non-NULL, 'flags' is ignored. */ +DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); + +/* This function binds to a variable inside a shared library. */ +void *DSO_bind_var(DSO *dso, const char *symname); + +/* This function binds to a function inside a shared library. */ +DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); + +/* This method is the default, but will beg, borrow, or steal whatever + * method should be the default on any particular platform (including + * DSO_METH_null() if necessary). */ +DSO_METHOD *DSO_METHOD_openssl(void); + +/* This method is defined for all platforms - if a platform has no + * DSO support then this will be the only method! */ +DSO_METHOD *DSO_METHOD_null(void); + +/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions + * (dlopen, dlclose, dlsym, etc) will be used and incorporated into + * this method. If not, this method will return NULL. */ +DSO_METHOD *DSO_METHOD_dlfcn(void); + +/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, + * shl_unload, shl_findsym, etc) will be used and incorporated into + * this method. If not, this method will return NULL. */ +DSO_METHOD *DSO_METHOD_dl(void); + +/* If WIN32 is defined, use DLLs. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_win32(void); + +/* If VMS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_vms(void); + +/* This function writes null-terminated pathname of DSO module + * containing 'addr' into 'sz' large caller-provided 'path' and + * returns the number of characters [including trailing zero] + * written to it. If 'sz' is 0 or negative, 'path' is ignored and + * required amount of charachers [including trailing zero] to + * accomodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero + * return value denotes error. + */ +int DSO_pathbyaddr(void *addr,char *path,int sz); + +/* This function should be used with caution! It looks up symbols in + * *all* loaded modules and if module gets unloaded by somebody else + * attempt to dereference the pointer is doomed to have fatal + * consequences. Primary usage for this function is to probe *core* + * system functionality, e.g. check if getnameinfo(3) is available + * at run-time without bothering about OS-specific details such as + * libc.so.versioning or where does it actually reside: in libc + * itself or libsocket. */ +void *DSO_global_lookup(const char *name); + +/* If BeOS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_beos(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DSO_strings(void); + +/* Error codes for the DSO functions. */ + +/* Function codes. */ +#define DSO_F_BEOS_BIND_FUNC 144 +#define DSO_F_BEOS_BIND_VAR 145 +#define DSO_F_BEOS_LOAD 146 +#define DSO_F_BEOS_NAME_CONVERTER 147 +#define DSO_F_BEOS_UNLOAD 148 +#define DSO_F_DLFCN_BIND_FUNC 100 +#define DSO_F_DLFCN_BIND_VAR 101 +#define DSO_F_DLFCN_LOAD 102 +#define DSO_F_DLFCN_MERGER 130 +#define DSO_F_DLFCN_NAME_CONVERTER 123 +#define DSO_F_DLFCN_UNLOAD 103 +#define DSO_F_DL_BIND_FUNC 104 +#define DSO_F_DL_BIND_VAR 105 +#define DSO_F_DL_LOAD 106 +#define DSO_F_DL_MERGER 131 +#define DSO_F_DL_NAME_CONVERTER 124 +#define DSO_F_DL_UNLOAD 107 +#define DSO_F_DSO_BIND_FUNC 108 +#define DSO_F_DSO_BIND_VAR 109 +#define DSO_F_DSO_CONVERT_FILENAME 126 +#define DSO_F_DSO_CTRL 110 +#define DSO_F_DSO_FREE 111 +#define DSO_F_DSO_GET_FILENAME 127 +#define DSO_F_DSO_GET_LOADED_FILENAME 128 +#define DSO_F_DSO_GLOBAL_LOOKUP 139 +#define DSO_F_DSO_LOAD 112 +#define DSO_F_DSO_MERGE 132 +#define DSO_F_DSO_NEW_METHOD 113 +#define DSO_F_DSO_PATHBYADDR 140 +#define DSO_F_DSO_SET_FILENAME 129 +#define DSO_F_DSO_SET_NAME_CONVERTER 122 +#define DSO_F_DSO_UP_REF 114 +#define DSO_F_GLOBAL_LOOKUP_FUNC 138 +#define DSO_F_PATHBYADDR 137 +#define DSO_F_VMS_BIND_SYM 115 +#define DSO_F_VMS_LOAD 116 +#define DSO_F_VMS_MERGER 133 +#define DSO_F_VMS_UNLOAD 117 +#define DSO_F_WIN32_BIND_FUNC 118 +#define DSO_F_WIN32_BIND_VAR 119 +#define DSO_F_WIN32_GLOBALLOOKUP 142 +#define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 +#define DSO_F_WIN32_JOINER 135 +#define DSO_F_WIN32_LOAD 120 +#define DSO_F_WIN32_MERGER 134 +#define DSO_F_WIN32_NAME_CONVERTER 125 +#define DSO_F_WIN32_PATHBYADDR 141 +#define DSO_F_WIN32_SPLITTER 136 +#define DSO_F_WIN32_UNLOAD 121 + +/* Reason codes. */ +#define DSO_R_CTRL_FAILED 100 +#define DSO_R_DSO_ALREADY_LOADED 110 +#define DSO_R_EMPTY_FILE_STRUCTURE 113 +#define DSO_R_FAILURE 114 +#define DSO_R_FILENAME_TOO_BIG 101 +#define DSO_R_FINISH_FAILED 102 +#define DSO_R_INCORRECT_FILE_SYNTAX 115 +#define DSO_R_LOAD_FAILED 103 +#define DSO_R_NAME_TRANSLATION_FAILED 109 +#define DSO_R_NO_FILENAME 111 +#define DSO_R_NO_FILE_SPECIFICATION 116 +#define DSO_R_NULL_HANDLE 104 +#define DSO_R_SET_FILENAME_FAILED 112 +#define DSO_R_STACK_ERROR 105 +#define DSO_R_SYM_FAILURE 106 +#define DSO_R_UNLOAD_FAILED 107 +#define DSO_R_UNSUPPORTED 108 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h new file mode 100644 index 0000000000..338575268f --- /dev/null +++ b/include/openssl/dtls1.h @@ -0,0 +1,296 @@ +/* ssl/dtls1.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DTLS1_H +#define HEADER_DTLS1_H + +#include +#include +#ifdef OPENSSL_SYS_VMS +#include +#include +#endif +#ifdef OPENSSL_SYS_WIN32 +/* Needed for struct timeval */ +#include +#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) +#include +#else +#if defined(OPENSSL_SYS_VXWORKS) +#include +#else +#include +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + +#define DTLS1_BAD_VER 0x0100 + +#if 0 +/* this alert description is not specified anywhere... */ +#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +#endif + +/* lengths of messages */ +#define DTLS1_COOKIE_LENGTH 256 + +#define DTLS1_RT_HEADER_LENGTH 13 + +#define DTLS1_HM_HEADER_LENGTH 12 + +#define DTLS1_HM_BAD_FRAGMENT -2 +#define DTLS1_HM_FRAGMENT_RETRY -3 + +#define DTLS1_CCS_HEADER_LENGTH 1 + +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +#define DTLS1_AL_HEADER_LENGTH 7 +#else +#define DTLS1_AL_HEADER_LENGTH 2 +#endif + +#ifndef OPENSSL_NO_SSL_INTERN + +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +#endif + +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ +#define DTLS1_MAX_MTU_OVERHEAD 48 + +typedef struct dtls1_bitmap_st + { + unsigned long map; /* track 32 packets on 32-bit systems + and 64 - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, + 64-bit value in big-endian + encoding */ + } DTLS1_BITMAP; + +struct dtls1_retransmit_state + { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +#else + char *compress; +#endif + SSL_SESSION *session; + unsigned short epoch; + }; + +struct hm_header_st + { + unsigned char type; + unsigned long msg_len; + unsigned short seq; + unsigned long frag_off; + unsigned long frag_len; + unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; + }; + +struct ccs_header_st + { + unsigned char type; + unsigned short seq; + }; + +struct dtls1_timeout_st + { + /* Number of read timeouts so far */ + unsigned int read_timeouts; + + /* Number of write timeouts so far */ + unsigned int write_timeouts; + + /* Number of alerts received so far */ + unsigned int num_alerts; + }; + +typedef struct record_pqueue_st + { + unsigned short epoch; + pqueue q; + } record_pqueue; + +typedef struct hm_fragment_st + { + struct hm_header_st msg_header; + unsigned char *fragment; + unsigned char *reassembly; + } hm_fragment; + +typedef struct dtls1_state_st + { + unsigned int send_cookie; + unsigned char cookie[DTLS1_COOKIE_LENGTH]; + unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; + unsigned int cookie_len; + + /* + * The current data and handshake epoch. This is initially + * undefined, and starts at zero once the initial handshake is + * completed + */ + unsigned short r_epoch; + unsigned short w_epoch; + + /* records being received in the current epoch */ + DTLS1_BITMAP bitmap; + + /* renegotiation starts a new set of sequence numbers */ + DTLS1_BITMAP next_bitmap; + + /* handshake message numbers */ + unsigned short handshake_write_seq; + unsigned short next_handshake_write_seq; + + unsigned short handshake_read_seq; + + /* save last sequence number for retransmissions */ + unsigned char last_write_sequence[8]; + + /* Received handshake records (processed and unprocessed) */ + record_pqueue unprocessed_rcds; + record_pqueue processed_rcds; + + /* Buffered handshake messages */ + pqueue buffered_messages; + + /* Buffered (sent) handshake records */ + pqueue sent_messages; + + /* Buffered application records. + * Only for records between CCS and Finished + * to prevent either protocol violation or + * unnecessary message loss. + */ + record_pqueue buffered_app_data; + + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ + unsigned int mtu; /* max DTLS packet size */ + + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + + struct dtls1_timeout_st timeout; + + /* Indicates when the last handshake msg or heartbeat sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; + + /* storage for Alert/Handshake protocol data received but not + * yet processed by ssl3_read_bytes: */ + unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; + unsigned int handshake_fragment_len; + + unsigned int retransmitting; + /* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ + unsigned int change_cipher_spec_ok; + +#ifndef OPENSSL_NO_SCTP + /* used when SSL_ST_XX_FLUSH is entered */ + int next_state; + + int shutdown_received; +#endif + + } DTLS1_STATE; + +typedef struct dtls1_record_data_st + { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER rbuf; + SSL3_RECORD rrec; +#ifndef OPENSSL_NO_SCTP + struct bio_dgram_sctp_rcvinfo recordinfo; +#endif + } DTLS1_RECORD_DATA; + +#endif + +/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +#define DTLS1_TMO_READ_COUNT 2 +#define DTLS1_TMO_WRITE_COUNT 2 + +#define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h new file mode 100644 index 0000000000..d22c0368f8 --- /dev/null +++ b/include/openssl/e_os2.h @@ -0,0 +1,315 @@ +/* e_os2.h */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#ifndef HEADER_E_OS2_H +#define HEADER_E_OS2_H + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +#define OPENSSL_SYS_UNIX + +/* ----------------------- Macintosh, before MacOS X ----------------------- */ +#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MACINTOSH_CLASSIC +#endif + +/* ----------------------- NetWare ----------------------------------------- */ +#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_NETWARE +#endif + +/* ---------------------- Microsoft operating systems ---------------------- */ + +/* Note that MSDOS actually denotes 32-bit environments running on top of + MS-DOS, such as DJGPP one. */ +#if defined(OPENSSL_SYSNAME_MSDOS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MSDOS +#endif + +/* For 32 bit environment, there seems to be the CygWin environment and then + all the others that try to do the same thing Microsoft does... */ +#if defined(OPENSSL_SYSNAME_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +#else +# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32 +# endif +# if defined(OPENSSL_SYSNAME_WINNT) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINNT +# endif +# if defined(OPENSSL_SYSNAME_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINCE +# endif +# endif +#endif + +/* Anything that tries to look like Microsoft is "Windows" */ +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +#endif + +/* DLL settings. This part is a bit tough, because it's up to the application + implementor how he or she will link the application, so it requires some + macro to be used. */ +#ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to indicate that + DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +#endif + +/* -------------------------------- OpenVMS -------------------------------- */ +#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +#endif + +/* --------------------------------- OS/2 ---------------------------------- */ +#if defined(__EMX__) || defined(__OS2__) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_OS2 +#endif + +/* --------------------------------- Unix ---------------------------------- */ +#ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# ifdef OPENSSL_SYSNAME_MPE +# define OPENSSL_SYS_MPE +# endif +# ifdef OPENSSL_SYSNAME_SNI +# define OPENSSL_SYS_SNI +# endif +# ifdef OPENSSL_SYSNAME_ULTRASPARC +# define OPENSSL_SYS_ULTRASPARC +# endif +# ifdef OPENSSL_SYSNAME_NEWS4 +# define OPENSSL_SYS_NEWS4 +# endif +# ifdef OPENSSL_SYSNAME_MACOSX +# define OPENSSL_SYS_MACOSX +# endif +# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY +# define OPENSSL_SYS_MACOSX_RHAPSODY +# define OPENSSL_SYS_MACOSX +# endif +# ifdef OPENSSL_SYSNAME_SUNOS +# define OPENSSL_SYS_SUNOS +#endif +# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) +# define OPENSSL_SYS_CRAY +# endif +# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) +# define OPENSSL_SYS_AIX +# endif +#endif + +/* --------------------------------- VOS ----------------------------------- */ +#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) +# define OPENSSL_SYS_VOS +#ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +#endif +#ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +#endif +#endif + +/* ------------------------------- VxWorks --------------------------------- */ +#ifdef OPENSSL_SYSNAME_VXWORKS +# define OPENSSL_SYS_VXWORKS +#endif + +/* --------------------------------- BeOS ---------------------------------- */ +#if defined(__BEOS__) +# define OPENSSL_SYS_BEOS +# include +# if defined(BONE_VERSION) +# define OPENSSL_SYS_BEOS_BONE +# else +# define OPENSSL_SYS_BEOS_R5 +# endif +#endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + + +/* Specials for I/O an exit */ +#ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +#else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +#endif + +/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare + certain global symbols that, with some compilers under VMS, have to be + defined and declared explicitely with globaldef and globalref. + Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare + DLL exports and imports for compilers under Win32. These are a little + more complicated to use. Basically, for any library that exports some + global variables, the following code must be present in the header file + that declares them, before OPENSSL_EXTERN is used: + + #ifdef SOME_BUILD_FLAG_MACRO + # undef OPENSSL_EXTERN + # define OPENSSL_EXTERN OPENSSL_EXPORT + #endif + + The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL + have some generally sensible values, and for OPENSSL_EXTERN to have the + value OPENSSL_IMPORT. +*/ + +#if defined(OPENSSL_SYS_VMS_NODECC) +# define OPENSSL_EXPORT globalref +# define OPENSSL_IMPORT globalref +# define OPENSSL_GLOBAL globaldef +#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_IMPORT extern __declspec(dllimport) +# define OPENSSL_GLOBAL +#else +# define OPENSSL_EXPORT extern +# define OPENSSL_IMPORT extern +# define OPENSSL_GLOBAL +#endif +#define OPENSSL_EXTERN OPENSSL_IMPORT + +/* Macros to allow global variables to be reached through function calls when + required (if a shared library version requires it, for example. + The way it's done allows definitions like this: + + // in foobar.c + OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + // in foobar.h + OPENSSL_DECLARE_GLOBAL(int,foobar); + #define foobar OPENSSL_GLOBAL_REF(foobar) +*/ +#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +#else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +#endif + +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) +# define ossl_ssize_t long +#endif + +#ifdef OPENSSL_SYS_MSDOS +# define ossl_ssize_t long +#endif + +#if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) +# define ssize_t int +#endif + +#if defined(__ultrix) && !defined(ssize_t) +# define ossl_ssize_t int +#endif + +#ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +#endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h new file mode 100644 index 0000000000..85f3cf7f66 --- /dev/null +++ b/include/openssl/ebcdic.h @@ -0,0 +1,26 @@ +/* crypto/ebcdic.h */ + +#ifndef HEADER_EBCDIC_H +#define HEADER_EBCDIC_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +#define os_toascii _openssl_os_toascii +#define os_toebcdic _openssl_os_toebcdic +#define ebcdic2ascii _openssl_ebcdic2ascii +#define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ec.h b/include/openssl/ec.h new file mode 100644 index 0000000000..572111f16c --- /dev/null +++ b/include/openssl/ec.h @@ -0,0 +1,1167 @@ +/* crypto/ec/ec.h */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/** + * \file crypto/ec/ec.h Include file for the OpenSSL EC functions + * \author Originally written by Bodo Moeller for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_EC_H +#define HEADER_EC_H + +#include + +#ifdef OPENSSL_NO_EC +#error EC is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#elif defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +#endif + + +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + + +typedef struct ec_method_st EC_METHOD; + +typedef struct ec_group_st + /* + EC_METHOD *meth; + -- field definition + -- curve coefficients + -- optional generator with associated information (order, cofactor) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff + */ + EC_GROUP; + +typedef struct ec_point_st EC_POINT; + + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +#endif + +#ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +#endif + + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and it's order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM with the prime number + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM for the prime number + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + +#ifndef OPENSSL_NO_EC2M +/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM for the polynomial defining the underlying field + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +#endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if both groups are equal and 1 otherwise + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() + * after choosing an appropriate EC_METHOD */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +#endif +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; + +/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number + * of all available curves or zero if a error occurred. + * In case r ist not zero nitems EC_builtin_curve structures + * are filled with the data of the first nitems internal groups */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + +/** Sets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if point if on the curve and 0 otherwise + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 0 if both points are equal and a value != 0 otherwise + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +/* EC_GROUP_get_basis_type() returns the NID of the basis type + * used to represent the field elements */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +#ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +#endif + +#define OPENSSL_EC_NAMED_CURVE 0x001 + +typedef struct ecpk_parameters_st ECPKPARAMETERS; + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +#ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +#endif +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +#endif + + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +typedef struct ec_key_st EC_KEY; + +/* some values for the encoding_flag */ +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +#define EC_FLAG_NON_FIPS_ALLOW 0x1 +#define EC_FLAG_FIPS_CHECKED 0x2 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +/* functions to set/get method specific data */ +void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. + * \param dup_func a function that duplicates |data|. + * \param free_func a function that frees |data|. + * \param clear_free_func a function that wipes and frees |data|. + * \return the previously set data pointer, or NULL if |data| was inserted. + */ +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Sets a public key from affine coordindates performing + * neccessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + +#ifndef OPENSSL_NO_BIO +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +#endif +#ifndef OPENSSL_NO_FP_API +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +#endif + +#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +#ifndef __cplusplus +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +#endif + +#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + + +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_EC_strings(void); + +/* Error codes for the EC functions. */ + +/* Function codes. */ +#define EC_F_BN_TO_FELEM 224 +#define EC_F_COMPUTE_WNAF 143 +#define EC_F_D2I_ECPARAMETERS 144 +#define EC_F_D2I_ECPKPARAMETERS 145 +#define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_DO_EC_KEY_PRINT 221 +#define EC_F_ECKEY_PARAM2TYPE 223 +#define EC_F_ECKEY_PARAM_DECODE 212 +#define EC_F_ECKEY_PRIV_DECODE 213 +#define EC_F_ECKEY_PRIV_ENCODE 214 +#define EC_F_ECKEY_PUB_DECODE 215 +#define EC_F_ECKEY_PUB_ENCODE 216 +#define EC_F_ECKEY_TYPE2PARAM 220 +#define EC_F_ECPARAMETERS_PRINT 147 +#define EC_F_ECPARAMETERS_PRINT_FP 148 +#define EC_F_ECPKPARAMETERS_PRINT 149 +#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 +#define EC_F_EC_ASN1_GROUP2CURVE 153 +#define EC_F_EC_ASN1_GROUP2FIELDID 154 +#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +#define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +#define EC_F_EC_GFP_MONT_FIELD_MUL 131 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +#define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +#define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +#define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +#define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 +#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 170 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +#define EC_F_EC_GROUP_COPY 106 +#define EC_F_EC_GROUP_GET0_GENERATOR 139 +#define EC_F_EC_GROUP_GET_COFACTOR 140 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +#define EC_F_EC_GROUP_GET_CURVE_GFP 130 +#define EC_F_EC_GROUP_GET_DEGREE 173 +#define EC_F_EC_GROUP_GET_ORDER 141 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +#define EC_F_EC_GROUP_NEW 108 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +#define EC_F_EC_GROUP_NEW_FROM_DATA 175 +#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +#define EC_F_EC_GROUP_SET_CURVE_GFP 109 +#define EC_F_EC_GROUP_SET_EXTRA_DATA 110 +#define EC_F_EC_GROUP_SET_GENERATOR 111 +#define EC_F_EC_KEY_CHECK_KEY 177 +#define EC_F_EC_KEY_COPY 178 +#define EC_F_EC_KEY_GENERATE_KEY 179 +#define EC_F_EC_KEY_NEW 182 +#define EC_F_EC_KEY_PRINT 180 +#define EC_F_EC_KEY_PRINT_FP 181 +#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +#define EC_F_EC_POINTS_MAKE_AFFINE 136 +#define EC_F_EC_POINT_ADD 112 +#define EC_F_EC_POINT_CMP 113 +#define EC_F_EC_POINT_COPY 114 +#define EC_F_EC_POINT_DBL 115 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +#define EC_F_EC_POINT_INVERT 210 +#define EC_F_EC_POINT_IS_AT_INFINITY 118 +#define EC_F_EC_POINT_IS_ON_CURVE 119 +#define EC_F_EC_POINT_MAKE_AFFINE 120 +#define EC_F_EC_POINT_MUL 184 +#define EC_F_EC_POINT_NEW 121 +#define EC_F_EC_POINT_OCT2POINT 122 +#define EC_F_EC_POINT_POINT2OCT 123 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +#define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_PRE_COMP_NEW 196 +#define EC_F_EC_WNAF_MUL 187 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +#define EC_F_I2D_ECPARAMETERS 190 +#define EC_F_I2D_ECPKPARAMETERS 191 +#define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_NISTP224_PRE_COMP_NEW 227 +#define EC_F_NISTP256_PRE_COMP_NEW 236 +#define EC_F_NISTP521_PRE_COMP_NEW 237 +#define EC_F_O2I_ECPUBLICKEY 152 +#define EC_F_OLD_EC_PRIV_DECODE 222 +#define EC_F_PKEY_EC_CTRL 197 +#define EC_F_PKEY_EC_CTRL_STR 198 +#define EC_F_PKEY_EC_DERIVE 217 +#define EC_F_PKEY_EC_KEYGEN 199 +#define EC_F_PKEY_EC_PARAMGEN 219 +#define EC_F_PKEY_EC_SIGN 218 + +/* Reason codes. */ +#define EC_R_ASN1_ERROR 115 +#define EC_R_ASN1_UNKNOWN_FIELD 116 +#define EC_R_BIGNUM_OUT_OF_RANGE 144 +#define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_COORDINATES_OUT_OF_RANGE 146 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DECODE_ERROR 142 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 143 +#define EC_R_GF2M_NOT_SUPPORTED 147 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +#define EC_R_INCOMPATIBLE_OBJECTS 101 +#define EC_R_INVALID_ARGUMENT 112 +#define EC_R_INVALID_COMPRESSED_POINT 110 +#define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST_TYPE 138 +#define EC_R_INVALID_ENCODING 102 +#define EC_R_INVALID_FIELD 103 +#define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KEYS_NOT_SET 140 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_IMPLEMENTED 126 +#define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_FIELD_MOD 133 +#define EC_R_NO_PARAMETERS_SET 139 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +#define EC_R_POINT_AT_INFINITY 106 +#define EC_R_POINT_IS_NOT_ON_CURVE 107 +#define EC_R_SLOT_FULL 108 +#define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_GROUP 129 +#define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_CURVE_PARAMETERS 145 +#define EC_R_WRONG_ORDER 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h new file mode 100644 index 0000000000..8887102c0b --- /dev/null +++ b/include/openssl/ecdh.h @@ -0,0 +1,125 @@ +/* crypto/ecdh/ecdh.h */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDH_H +#define HEADER_ECDH_H + +#include + +#ifdef OPENSSL_NO_ECDH +#error ECDH is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +const ECDH_METHOD *ECDH_OpenSSL(void); + +void ECDH_set_default_method(const ECDH_METHOD *); +const ECDH_METHOD *ECDH_get_default_method(void); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDH_strings(void); + +/* Error codes for the ECDH functions. */ + +/* Function codes. */ +#define ECDH_F_ECDH_CHECK 102 +#define ECDH_F_ECDH_COMPUTE_KEY 100 +#define ECDH_F_ECDH_DATA_NEW_METHOD 101 + +/* Reason codes. */ +#define ECDH_R_KDF_FAILED 102 +#define ECDH_R_NON_FIPS_METHOD 103 +#define ECDH_R_NO_PRIVATE_VALUE 100 +#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h new file mode 100644 index 0000000000..7fb5254b62 --- /dev/null +++ b/include/openssl/ecdsa.h @@ -0,0 +1,260 @@ +/* crypto/ecdsa/ecdsa.h */ +/** + * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions + * \author Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDSA_H +#define HEADER_ECDSA_H + +#include + +#ifdef OPENSSL_NO_ECDSA +#error ECDSA is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct ECDSA_SIG_st + { + BIGNUM *r; + BIGNUM *s; + } ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY* eckey); + +const ECDSA_METHOD *ECDSA_OpenSSL(void); + +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD + */ +void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method + */ +const ECDSA_METHOD *ECDSA_get_default_method(void); + +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise + */ +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* the standard ex_data functions */ +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDSA_strings(void); + +/* Error codes for the ECDSA functions. */ + +/* Function codes. */ +#define ECDSA_F_ECDSA_CHECK 104 +#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +#define ECDSA_F_ECDSA_DO_SIGN 101 +#define ECDSA_F_ECDSA_DO_VERIFY 102 +#define ECDSA_F_ECDSA_SIGN_SETUP 103 + +/* Reason codes. */ +#define ECDSA_R_BAD_SIGNATURE 100 +#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +#define ECDSA_R_ERR_EC_LIB 102 +#define ECDSA_R_MISSING_PARAMETERS 103 +#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +#define ECDSA_R_NON_FIPS_METHOD 107 +#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/engine.h b/include/openssl/engine.h new file mode 100644 index 0000000000..f8be497724 --- /dev/null +++ b/include/openssl/engine.h @@ -0,0 +1,842 @@ +/* openssl/engine.h */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_ENGINE_H +#define HEADER_ENGINE_H + +#include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + +#ifndef OPENSSL_NO_DEPRECATED +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#include +#include +#include +#endif + +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* These flags are used to control combinations of algorithm (methods) + * by bitwise "OR"ing. */ +#define ENGINE_METHOD_RSA (unsigned int)0x0001 +#define ENGINE_METHOD_DSA (unsigned int)0x0002 +#define ENGINE_METHOD_DH (unsigned int)0x0004 +#define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 +#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +/* Obvious all-or-nothing cases. */ +#define ENGINE_METHOD_ALL (unsigned int)0xFFFF +#define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be set + * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. */ +#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ + +/* This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles these + * control commands on behalf of the ENGINE using their "cmd_defns" data. */ +#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* This flag is for ENGINEs who return new duplicate structures when found via + * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() + * commands are called in sequence as part of some stateful process like + * key-generation setup and execution), it can set this flag - then each attempt + * to obtain the ENGINE will result in it being copied into a new structure. + * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments + * the existing ENGINE's structural reference count. */ +#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are + * not usable as default methods. + */ + +#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each + * command expects. Currently only numeric and string input is supported. If a + * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, + * then it is regarded as an "internal" control command - and not for use in + * config setting situations. As such, they're not available to the + * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to + * this list of 'command types' should be reflected carefully in + * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to + * ENGINE_ctrl) */ +#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* Indicates that the control command takes *no* input. Ie. the control command + * is unparameterised. */ +#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. */ +#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* NB: These 3 control commands are deprecated and should not be used. ENGINEs + * relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate the + * same functionality to their own ENGINE-specific control functions that can be + * "discovered" by calling applications. The fact these control commands + * wouldn't be "executable" (ie. usable by text-based config) doesn't change the + * fact that application code can find and use them without requiring per-ENGINE + * hacking. */ + +/* These flags are used to tell the ctrl function what should be done. + * All command numbers are shared between all engines, even if some don't + * make sense to some engines. In such a case, they do nothing but return + * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ +#define ENGINE_CTRL_SET_LOGSTREAM 1 +#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any + handles/connections etc. */ +#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ +#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ + +/* These control commands allow an application to deal with an arbitrary engine + * in a dynamic way. Warn: Negative return values indicate errors FOR THESE + * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, + * including ENGINE-specific command types, return zero for an error. + * + * An ENGINE can choose to implement these ctrl functions, and can internally + * manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the + * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns + * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() + * handler need only implement its own commands - the above "meta" commands will + * be taken care of. */ + +/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then + * all the remaining control commands will return failure, so it is worth + * checking this first if the caller is trying to "discover" the engine's + * capabilities and doesn't want errors generated unnecessarily. */ +#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. */ +#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. */ +#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. */ +#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the NAME_LEN + * case, the return value is the length of the command name (not counting a + * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer + * large enough, and it will be populated with the name of the command (WITH a + * trailing EOL). */ +#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. */ +#define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ +#define ENGINE_CMD_BASE 200 + +/* NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before these + * are removed. */ + +/* Flags specific to the nCipher "chil" engine */ +#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +#define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. */ + +/* If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its + * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries + * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that + * supports the stated commands (ie. the "cmd_num" entries as described by the + * array). NB: The array must be ordered in increasing order of cmd_num. + * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set + * to zero and/or cmd_name set to NULL. */ +typedef struct ENGINE_CMD_DEFN_st + { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ + } ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR)(void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); +/* These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* Returns to a pointer to the array of supported cipher 'nid's. If the second + * parameter is non-NULL it is set to the size of the returned array. */ +typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); +typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); +typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int); +/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE + * structures where the pointers have a "structural reference". This means that + * their reference is to allowed access to the structure but it does not imply + * that the structure is functional. To simply increment or decrement the + * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not + * required when iterating using ENGINE_get_next as it will automatically + * decrement the structural reference count of the "current" ENGINE and + * increment the structural reference count of the ENGINE it returns (unless it + * is NULL). */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); +/* Add all the built-in engines. */ +void ENGINE_load_openssl(void); +void ENGINE_load_dynamic(void); +#ifndef OPENSSL_NO_STATIC_ENGINE +void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); +void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +void ENGINE_load_nuron(void); +void ENGINE_load_sureware(void); +void ENGINE_load_ubsec(void); +void ENGINE_load_padlock(void); +void ENGINE_load_capi(void); +#ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +#endif +#ifndef OPENSSL_NO_GOST +void ENGINE_load_gost(void); +#endif +#endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_rsax(void); +void ENGINE_load_rdrand(void); +void ENGINE_load_builtin_engines(void); + +/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/* Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required, so + * ENGINE_cleanup() will reverse any "register" operations. */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + +int ENGINE_register_ECDSA(ENGINE *e); +void ENGINE_unregister_ECDSA(ENGINE *e); +void ENGINE_register_all_ECDSA(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* These functions register all support from the above categories. Note, use of + * these functions can result in static linkage of code your application may not + * need. If you only need a subset of functionality, consider using more + * selective initialisation. */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* Send parametrised control commands to the engine. The possibilities to send + * down an integer, a pointer to data or a function pointer are provided. Any of + * the parameters may or may not be NULL, depending on the command number. In + * actuality, this function only requires a structural (rather than functional) + * reference to an engine, but many control commands may require the engine be + * functional. The caller should be aware of trying commands that require an + * operational ENGINE, and only use functional references in such situations. */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); + +/* This function tests if an ENGINE-specific command is usable as a "setting". + * Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional commands. + * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to + * use the cmd_name and cmd_optional. */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f)(void), int cmd_optional); + +/* This function passes a command-name and argument to an ENGINE. The cmd_name + * is converted to a command number and the control command is called using + * 'arg' as an argument (unless the ENGINE doesn't support such a command, in + * which case no control command is called). The command is checked for input + * flags, and if necessary the argument will be converted to a numeric value. If + * cmd_optional is non-zero, then if the ENGINE doesn't support the given + * cmd_name the return value will be success anyway. This function is intended + * for applications to use so that users (or config files) can supply + * engine-specific config data to the ENGINE at run-time to control behaviour of + * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() + * functions that return data, deal with binary data, or that are otherwise + * supposed to be used directly through ENGINE_ctrl() in application code. Any + * "return" data from an ENGINE_ctrl() operation in this function will be lost - + * the return value is interpreted as failure if the return value is zero, + * success otherwise, and this function returns a boolean value as a result. In + * other words, vendors of 'ENGINE'-enabled devices should write ENGINE + * implementations with parameterisations that work in this scheme, so that + * compliant ENGINE-based applications can work consistently with the same + * configuration for the same ENGINE-enabled devices, across applications. */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an ENGINE + * structure with personalised implementations of things prior to using it + * directly or adding it to the builtin ENGINE list in OpenSSL. These are also + * here so that the ENGINE structure doesn't have to be exposed and break binary + * compatibility! */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +/* This function cleans up anything that needs it. Eg. the ENGINE_add() function + * automatically ensures the list cleanup function is registered to be called + * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure + * ENGINE_cleanup() will clean up after them. */ +void ENGINE_cleanup(void); + +/* These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* FUNCTIONAL functions. These functions deal with ENGINE structures + * that have (or will) be initialised for use. Broadly speaking, the + * structural functions are useful for iterating the list of available + * engine types, creating new engine types, and other "list" operations. + * These functions actually deal with ENGINEs that are to be used. As + * such these functions can fail (if applicable) when particular + * engines are unavailable - eg. if a hardware accelerator is not + * attached or not functioning correctly. Each ENGINE has 2 reference + * counts; structural and functional. Every time a functional reference + * is obtained or released, a corresponding structural reference is + * automatically obtained or released too. */ + +/* Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently + * operational and cannot initialise. */ +int ENGINE_init(ENGINE *e); +/* Free a functional reference to a engine type. This does not require + * a corresponding call to ENGINE_free as it also releases a structural + * reference. */ +int ENGINE_finish(ENGINE *e); + +/* The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* This returns a pointer for the current ENGINE structure that + * is (by default) performing any RSA operations. The value returned + * is an incremented reference, so it should be free'd (ENGINE_finish) + * before it is discarded. */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* This sets a new default ENGINE structure for performing RSA + * operations. If the result is non-zero (success) then the ENGINE + * structure will have had its reference count up'd so the caller + * should still free their own reference 'e'. */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); +int ENGINE_set_default_ECDSA(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 +/* Binary versions older than this are too old for us (whether we're a loader or + * a loadee) */ +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 + +/* When compiling an ENGINE entirely as an external shared library, loadable by + * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure + * type provides the calling application's (or library's) error functionality + * and memory management function pointers to the loaded library. These should + * be used/set in the loaded library code so that the loading application's + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ +typedef void *(*dyn_MEM_malloc_cb)(size_t); +typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); +typedef void (*dyn_MEM_free_cb)(void *); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_cb malloc_cb; + dyn_MEM_realloc_cb realloc_cb; + dyn_MEM_free_cb free_cb; + } dynamic_MEM_fns; +/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use + * these types so we (and any other dependant code) can simplify a bit?? */ +typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); +typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); +typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( + const char *,int); +typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, + const char *,int); +typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, + const char *,int); +typedef struct st_dynamic_LOCK_fns { + dyn_lock_locking_cb lock_locking_cb; + dyn_lock_add_lock_cb lock_add_lock_cb; + dyn_dynlock_create_cb dynlock_create_cb; + dyn_dynlock_lock_cb dynlock_lock_cb; + dyn_dynlock_destroy_cb dynlock_destroy_cb; + } dynamic_LOCK_fns; +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + const ERR_FNS *err_fns; + const CRYPTO_EX_DATA_IMPL *ex_data_fns; + dynamic_MEM_fns mem_fns; + dynamic_LOCK_fns lock_fns; + } dynamic_fns; + +/* The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. + * If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's version + * is unsatisfactory and could veto the load. The function is expected to + * be implemented with the symbol name "v_check", and a default implementation + * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ +typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); +#define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load will + * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the + * structure, and (c) the shared library will be unloaded. So implementations + * should do their own internal cleanup in failure circumstances otherwise they + * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that + * the loader is looking for. If this is NULL, the shared library can choose to + * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared + * library must initialise only an ENGINE matching the passed 'id'. The function + * is expected to be implemented with the symbol name "bind_engine". A standard + * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where + * the parameter 'fn' is a callback function that populates the ENGINE structure + * and returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); */ +typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + const dynamic_fns *fns); +#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ + fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ + return 0; \ + CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ + CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ + CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ + CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ + CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ + if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ + return 0; \ + if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ + if(!fn(e,id)) return 0; \ + return 1; } + +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ +void *ENGINE_get_static_state(void); + +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +void ENGINE_setup_bsd_cryptodev(void); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ENGINE_strings(void); + +/* Error codes for the ENGINE functions. */ + +/* Function codes. */ +#define ENGINE_F_DYNAMIC_CTRL 180 +#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +#define ENGINE_F_DYNAMIC_LOAD 182 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +#define ENGINE_F_ENGINE_ADD 105 +#define ENGINE_F_ENGINE_BY_ID 106 +#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +#define ENGINE_F_ENGINE_CTRL 142 +#define ENGINE_F_ENGINE_CTRL_CMD 178 +#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +#define ENGINE_F_ENGINE_FINISH 107 +#define ENGINE_F_ENGINE_FREE_UTIL 108 +#define ENGINE_F_ENGINE_GET_CIPHER 185 +#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 +#define ENGINE_F_ENGINE_GET_DIGEST 186 +#define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +#define ENGINE_F_ENGINE_GET_PKEY_METH 192 +#define ENGINE_F_ENGINE_GET_PREV 116 +#define ENGINE_F_ENGINE_INIT 119 +#define ENGINE_F_ENGINE_LIST_ADD 120 +#define ENGINE_F_ENGINE_LIST_REMOVE 121 +#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +#define ENGINE_F_ENGINE_NEW 122 +#define ENGINE_F_ENGINE_REMOVE 123 +#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 +#define ENGINE_F_ENGINE_SET_ID 129 +#define ENGINE_F_ENGINE_SET_NAME 130 +#define ENGINE_F_ENGINE_TABLE_REGISTER 184 +#define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +#define ENGINE_F_ENGINE_UP_REF 190 +#define ENGINE_F_INT_CTRL_HELPER 172 +#define ENGINE_F_INT_ENGINE_CONFIGURE 188 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +#define ENGINE_F_LOG_MESSAGE 141 + +/* Reason codes. */ +#define ENGINE_R_ALREADY_LOADED 100 +#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +#define ENGINE_R_CMD_NOT_EXECUTABLE 134 +#define ENGINE_R_COMMAND_TAKES_INPUT 135 +#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +#define ENGINE_R_CONFLICTING_ENGINE_ID 103 +#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +#define ENGINE_R_DH_NOT_IMPLEMENTED 139 +#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 +#define ENGINE_R_DSO_FAILURE 104 +#define ENGINE_R_DSO_NOT_FOUND 132 +#define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +#define ENGINE_R_ENGINE_SECTION_ERROR 149 +#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +#define ENGINE_R_FINISH_FAILED 106 +#define ENGINE_R_GET_HANDLE_FAILED 107 +#define ENGINE_R_ID_OR_NAME_MISSING 108 +#define ENGINE_R_INIT_FAILED 109 +#define ENGINE_R_INTERNAL_LIST_ERROR 110 +#define ENGINE_R_INVALID_ARGUMENT 143 +#define ENGINE_R_INVALID_CMD_NAME 137 +#define ENGINE_R_INVALID_CMD_NUMBER 138 +#define ENGINE_R_INVALID_INIT_VALUE 151 +#define ENGINE_R_INVALID_STRING 150 +#define ENGINE_R_NOT_INITIALISED 117 +#define ENGINE_R_NOT_LOADED 112 +#define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_INDEX 144 +#define ENGINE_R_NO_LOAD_FUNCTION 125 +#define ENGINE_R_NO_REFERENCE 130 +#define ENGINE_R_NO_SUCH_ENGINE 116 +#define ENGINE_R_NO_UNLOAD_FUNCTION 126 +#define ENGINE_R_PROVIDE_PARAMETERS 113 +#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 +#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +#define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/err.h b/include/openssl/err.h new file mode 100644 index 0000000000..974cc9cc6f --- /dev/null +++ b/include/openssl/err.h @@ -0,0 +1,386 @@ +/* crypto/err/err.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ERR_H +#define HEADER_ERR_H + +#include + +#ifndef OPENSSL_NO_FP_API +#include +#include +#endif + +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_LHASH +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OPENSSL_NO_ERR +#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +#else +#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +#endif + +#include + +#define ERR_TXT_MALLOCED 0x01 +#define ERR_TXT_STRING 0x02 + +#define ERR_FLAG_MARK 0x01 + +#define ERR_NUM_ERRORS 16 +typedef struct err_state_st + { + CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top,bottom; + } ERR_STATE; + +/* library */ +#define ERR_LIB_NONE 1 +#define ERR_LIB_SYS 2 +#define ERR_LIB_BN 3 +#define ERR_LIB_RSA 4 +#define ERR_LIB_DH 5 +#define ERR_LIB_EVP 6 +#define ERR_LIB_BUF 7 +#define ERR_LIB_OBJ 8 +#define ERR_LIB_PEM 9 +#define ERR_LIB_DSA 10 +#define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +#define ERR_LIB_ASN1 13 +#define ERR_LIB_CONF 14 +#define ERR_LIB_CRYPTO 15 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +#define ERR_LIB_BIO 32 +#define ERR_LIB_PKCS7 33 +#define ERR_LIB_X509V3 34 +#define ERR_LIB_PKCS12 35 +#define ERR_LIB_RAND 36 +#define ERR_LIB_DSO 37 +#define ERR_LIB_ENGINE 38 +#define ERR_LIB_OCSP 39 +#define ERR_LIB_UI 40 +#define ERR_LIB_COMP 41 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 +#define ERR_LIB_JPAKE 49 + +#define ERR_LIB_USER 128 + +#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) +#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) +#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) +#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) +#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) +#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) +#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) +#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) +#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) +#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) +#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) +#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) +#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) +#define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) +#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) +#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) +#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) +#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) +#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) +#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) +#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) +#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) +#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) +#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) +#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) +#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) +#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) + +/* Borland C seems too stupid to be able to shift and do longs in + * the pre-processor :-( */ +#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ + ((((unsigned long)f)&0xfffL)*0x1000)| \ + ((((unsigned long)r)&0xfffL))) +#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) +#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) +#define ERR_GET_REASON(l) (int)((l)&0xfffL) +#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) + + +/* OS functions */ +#define SYS_F_FOPEN 1 +#define SYS_F_CONNECT 2 +#define SYS_F_GETSERVBYNAME 3 +#define SYS_F_SOCKET 4 +#define SYS_F_IOCTLSOCKET 5 +#define SYS_F_BIND 6 +#define SYS_F_LISTEN 7 +#define SYS_F_ACCEPT 8 +#define SYS_F_WSASTARTUP 9 /* Winsock stuff */ +#define SYS_F_OPENDIR 10 +#define SYS_F_FREAD 11 + + +/* reasons */ +#define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */ +#define ERR_R_BN_LIB ERR_LIB_BN /* 3 */ +#define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */ +#define ERR_R_DH_LIB ERR_LIB_DH /* 5 */ +#define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */ +#define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */ +#define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */ +#define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */ +#define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */ +#define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */ +#define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */ +#define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */ +#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */ +#define ERR_R_EC_LIB ERR_LIB_EC /* 16 */ +#define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */ +#define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */ +#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */ +#define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */ +#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */ +#define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */ +#define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */ +#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */ +#define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ +#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ +#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ +#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ +#define ERR_R_TS_LIB ERR_LIB_TS /* 45 */ + +#define ERR_R_NESTED_ASN1_ERROR 58 +#define ERR_R_BAD_ASN1_OBJECT_HEADER 59 +#define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 +#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 +#define ERR_R_ASN1_LENGTH_MISMATCH 62 +#define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +#define ERR_R_FATAL 64 +#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +#define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +#define ERR_R_DISABLED (5|ERR_R_FATAL) + +/* 99 is the maximum possible ERR_R_... code, higher values + * are reserved for the individual libraries */ + + +typedef struct ERR_string_data_st + { + unsigned long error; + const char *string; + } ERR_STRING_DATA; + +void ERR_put_error(int lib, int func,int reason,const char *file,int line); +void ERR_set_error_data(char *data,int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file,int *line); +unsigned long ERR_get_error_line_data(const char **file,int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file,int *line); +unsigned long ERR_peek_error_line_data(const char **file,int *line, + const char **data,int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file,int *line); +unsigned long ERR_peek_last_error_line_data(const char **file,int *line, + const char **data,int *flags); +void ERR_clear_error(void ); +char *ERR_error_string(unsigned long e,char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); +#ifndef OPENSSL_NO_FP_API +void ERR_print_errors_fp(FILE *fp); +#endif +#ifndef OPENSSL_NO_BIO +void ERR_print_errors(BIO *bp); +#endif +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +void ERR_load_strings(int lib,ERR_STRING_DATA str[]); +void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); +void ERR_load_ERR_strings(void); +void ERR_load_crypto_strings(void); +void ERR_free_strings(void); + +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +#ifndef OPENSSL_NO_DEPRECATED +void ERR_remove_state(unsigned long pid); /* if zero we look it up */ +#endif +ERR_STATE *ERR_get_state(void); + +#ifndef OPENSSL_NO_LHASH +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); +#endif + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + +/* Already defined in ossl_typ.h */ +/* typedef struct st_ERR_FNS ERR_FNS; */ +/* An application can use this function and provide the return value to loaded + * modules that should use the application's ERR state/functionality */ +const ERR_FNS *ERR_get_implementation(void); +/* A loaded module should call this function prior to any ERR operations using + * the application's "ERR_FNS". */ +int ERR_set_implementation(const ERR_FNS *fns); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h new file mode 100644 index 0000000000..faeb3c24e6 --- /dev/null +++ b/include/openssl/evp.h @@ -0,0 +1,1409 @@ +/* crypto/evp/evp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ENVELOPE_H +#define HEADER_ENVELOPE_H + +#ifdef OPENSSL_ALGORITHM_DEFINES +# include +#else +# define OPENSSL_ALGORITHM_DEFINES +# include +# undef OPENSSL_ALGORITHM_DEFINES +#endif + +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif + +/* +#define EVP_RC2_KEY_SIZE 16 +#define EVP_RC4_KEY_SIZE 16 +#define EVP_BLOWFISH_KEY_SIZE 16 +#define EVP_CAST5_KEY_SIZE 16 +#define EVP_RC5_32_12_16_KEY_SIZE 16 +*/ +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ +#define EVP_MAX_KEY_LENGTH 64 +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +#define PKCS5_DEFAULT_ITER 2048 + +#include + +#define EVP_PK_RSA 0x0001 +#define EVP_PK_DSA 0x0002 +#define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 +#define EVP_PKT_SIGN 0x0010 +#define EVP_PKT_ENC 0x0020 +#define EVP_PKT_EXCH 0x0040 +#define EVP_PKS_RSA 0x0100 +#define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 +#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_RSA2 NID_rsa +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_DSA1 NID_dsa_2 +#define EVP_PKEY_DSA2 NID_dsaWithSHA +#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +#define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +#define EVP_PKEY_HMAC NID_hmac +#define EVP_PKEY_CMAC NID_cmac + +#ifdef __cplusplus +extern "C" { +#endif + +/* Type needs to be a bit field + * Sub-type needs to be for variations on the method, as in, can it do + * arbitrary encryption.... */ +struct evp_pkey_st + { + int type; + int save_type; + int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + union { + char *ptr; +#ifndef OPENSSL_NO_RSA + struct rsa_st *rsa; /* RSA */ +#endif +#ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +#endif +#ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +#endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif + } pkey; + int save_parameters; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + } /* EVP_PKEY */; + +#define EVP_PKEY_MO_SIGN 0x0001 +#define EVP_PKEY_MO_VERIFY 0x0002 +#define EVP_PKEY_MO_ENCRYPT 0x0004 +#define EVP_PKEY_MO_DECRYPT 0x0008 + +#ifndef EVP_MD +struct env_md_st + { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); + int (*final)(EVP_MD_CTX *ctx,unsigned char *md); + int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); + + /* FIXME: prototype these some day */ + int (*sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, void *key); + int (*verify)(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + void *key); + int required_pkey_type[5]; /*EVP_PKEY_xxx */ + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); + } /* EVP_MD */; + +typedef int evp_sign_method(int type,const unsigned char *m, + unsigned int m_length,unsigned char *sigret, + unsigned int *siglen, void *key); +typedef int evp_verify_method(int type,const unsigned char *m, + unsigned int m_length,const unsigned char *sigbuf, + unsigned int siglen, void *key); + +#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single + * block */ + +#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc */ + +/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ + +#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 + +/* DigestAlgorithmIdentifier flags... */ + +#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ + +/* Digest ctrls */ + +#define EVP_MD_CTRL_DIGALGID 0x1 +#define EVP_MD_CTRL_MICALG 0x2 + +/* Minimum Algorithm specific ctrl value */ + +#define EVP_MD_CTRL_ALG_CTRL 0x1000 + +#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +#ifndef OPENSSL_NO_DSA +#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ + {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ + EVP_PKEY_DSA4,0} +#else +#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method +#endif + +#ifndef OPENSSL_NO_ECDSA +#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +#else +#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +#endif + +#ifndef OPENSSL_NO_RSA +#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +#else +#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method +#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method +#endif + +#endif /* !EVP_MD */ + +struct env_md_ctx_st + { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); + } /* EVP_MD_CTX */; + +/* values for EVP_MD_CTX flags */ + +#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called + * once only */ +#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been + * cleaned */ +#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ +/* FIPS and pad options are ignored in 1.0.0, definitions are here + * so we don't accidentally reuse the values for other purposes. + */ + +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ + +/* The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ + +#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ + +struct evp_cipher_st + { + int nid; + int block_size; + int key_len; /* Default value for variable length ciphers */ + int iv_len; + unsigned long flags; /* Various flags */ + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* init key */ + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl);/* encrypt/decrypt data */ + int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ + int ctx_size; /* how big ctx->cipher_data needs to be */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ + void *app_data; /* Application data */ + } /* EVP_CIPHER */; + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +#define EVP_CIPH_STREAM_CIPHER 0x0 +#define EVP_CIPH_ECB_MODE 0x1 +#define EVP_CIPH_CBC_MODE 0x2 +#define EVP_CIPH_CFB_MODE 0x3 +#define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_CTR_MODE 0x5 +#define EVP_CIPH_GCM_MODE 0x6 +#define EVP_CIPH_CCM_MODE 0x7 +#define EVP_CIPH_XTS_MODE 0x10001 +#define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +#define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +#define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +#define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +#define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Allow use default ASN1 get/set iv */ +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* Cipher handles any and all padding logic as well + * as finalisation. + */ +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 + +/* ctrl() values */ + +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_GCM_SET_IVLEN 0x9 +#define EVP_CTRL_GCM_GET_TAG 0x10 +#define EVP_CTRL_GCM_SET_TAG 0x11 +#define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_IV_GEN 0x13 +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_CCM_SET_L 0x14 +#define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* AEAD cipher deduces payload length and returns number of bytes + * required to store MAC and eventual padding. Subsequent call to + * EVP_Cipher even appends/verifies MAC. + */ +#define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +#define EVP_CTRL_GCM_SET_IV_INV 0x18 + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +#define EVP_GCM_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st + { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; + } EVP_CIPHER_INFO; + +struct evp_cipher_ctx_st + { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ + } /* EVP_CIPHER_CTX */; + +typedef struct evp_Encode_Ctx_st + { + int num; /* number saved in a partial encode/decode */ + int length; /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded */ + unsigned char enc_data[80]; /* data to encode */ + int line_num; /* number read on current line */ + int expect_nl; + } EVP_ENCODE_CTX; + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_RSA +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +#endif + +#ifndef OPENSSL_NO_DSA +#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +#endif + +#ifndef OPENSSL_NO_DH +#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +#endif + +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + +/* Add some extra combinations */ +#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +#define EVP_MD_nid(e) EVP_MD_type(e) +#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) + +#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) + +#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +#ifdef CONST_STRICT +void BIO_set_md(BIO *,const EVP_MD *md); +#else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#endif +#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) +#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + +int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, + unsigned int inl); + +#define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +#define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +#define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, + size_t cnt); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); + +int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); +int EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify); +void EVP_set_pw_prompt(const char *prompt); +char * EVP_get_pw_prompt(void); + +int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, + int datal, int count, unsigned char *key,unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); + +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key,const unsigned char *iv, + int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key,const unsigned char *iv, + int enc); +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, + unsigned int siglen,EVP_PKEY *pkey); + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + unsigned char *sigret, size_t *siglen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, + unsigned char *sig, size_t siglen); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + const unsigned char *in,int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +#ifndef OPENSSL_NO_BIO +BIO_METHOD *BIO_f_md(void); +BIO_METHOD *BIO_f_base64(void); +BIO_METHOD *BIO_f_cipher(void); +BIO_METHOD *BIO_f_reliable(void); +void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, + const unsigned char *i, int enc); +#endif + +const EVP_MD *EVP_md_null(void); +#ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +#endif +#ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +#endif +#ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +#endif +#ifndef OPENSSL_NO_SHA +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_dss(void); +const EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_ecdsa(void); +#endif +#ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +#endif +#ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +#endif +#ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +#endif +#ifndef OPENSSL_NO_RIPEMD +const EVP_MD *EVP_ripemd160(void); +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +#endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +#if 0 +const EVP_CIPHER *EVP_des_ede_cfb1(void); +const EVP_CIPHER *EVP_des_ede_cfb8(void); +#endif +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +/* This should now be supported through the dev_crypto ENGINE. But also, why are + * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ +#if 0 +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO +const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); +const EVP_CIPHER *EVP_dev_crypto_rc4(void); +const EVP_MD *EVP_dev_crypto_md5(void); +# endif +#endif +#endif +#ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +#ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +#endif +#endif +#ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +#endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +#endif +#endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif + +#ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +#endif + +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +#endif + +void OpenSSL_add_all_ciphers(void); +void OpenSSL_add_all_digests(void); +#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +#define SSLeay_add_all_digests() OpenSSL_add_all_digests() + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); +void EVP_cleanup(void); + +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *x), void *arg); +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key,int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key,int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(EVP_PKEY *pkey); +int EVP_PKEY_size(EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey,int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key); +void * EVP_PKEY_get0(EVP_PKEY *pkey); + +#ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +#endif +#ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +#endif +#ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +#endif +#ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +#endif + +EVP_PKEY * EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, + int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +#define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +#define EVP_PBE_TYPE_PRF 0x1 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, + int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); + +#define ASN1_PKEY_ALIAS 0x1 +#define ASN1_PKEY_DYNAMIC 0x2 +#define ASN1_PKEY_SIGPARAM_NULL 0x4 + +#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, + const char **pinfo, const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode)(EVP_PKEY *pkey, + const unsigned char **pder, int derlen), + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free)(EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, + long arg1, void *arg2)); + + +#define EVP_PKEY_OP_UNDEFINED 0 +#define EVP_PKEY_OP_PARAMGEN (1<<1) +#define EVP_PKEY_OP_KEYGEN (1<<2) +#define EVP_PKEY_OP_SIGN (1<<3) +#define EVP_PKEY_OP_VERIFY (1<<4) +#define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +#define EVP_PKEY_OP_SIGNCTX (1<<6) +#define EVP_PKEY_OP_VERIFYCTX (1<<7) +#define EVP_PKEY_OP_ENCRYPT (1<<8) +#define EVP_PKEY_OP_DECRYPT (1<<9) +#define EVP_PKEY_OP_DERIVE (1<<10) + +#define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +#define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +#define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_PEER_KEY 2 + +#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +#define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +#define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +#define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +#define EVP_PKEY_CTRL_SET_IV 8 + +#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +#define EVP_PKEY_CTRL_CMS_DECRYPT 10 +#define EVP_PKEY_CTRL_CMS_SIGN 11 + +#define EVP_PKEY_CTRL_CIPHER 12 + +#define EVP_PKEY_ALG_CTRL 0x1000 + + +#define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* Method handles all operations: don't assume any digest related + * defaults. + */ +#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, + const char *type, const char *value)); + +void EVP_add_alg_module(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_EVP_strings(void); + +/* Error codes for the EVP functions. */ + +/* Function codes. */ +#define EVP_F_AESNI_INIT_KEY 165 +#define EVP_F_AESNI_XTS_CIPHER 176 +#define EVP_F_AES_INIT_KEY 133 +#define EVP_F_AES_XTS 172 +#define EVP_F_AES_XTS_CIPHER 175 +#define EVP_F_ALG_MODULE_INIT 177 +#define EVP_F_CAMELLIA_INIT_KEY 159 +#define EVP_F_CMAC_INIT 173 +#define EVP_F_D2I_PKEY 100 +#define EVP_F_DO_SIGVER_INIT 161 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT_EX 123 +#define EVP_F_EVP_CIPHER_CTX_COPY 163 +#define EVP_F_EVP_CIPHER_CTX_CTRL 124 +#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 +#define EVP_F_EVP_MD_SIZE 162 +#define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS82PKEY_BROKEN 136 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_CTX_CTRL 137 +#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +#define EVP_F_EVP_PKEY_CTX_DUP 156 +#define EVP_F_EVP_PKEY_DECRYPT 104 +#define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +#define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +#define EVP_F_EVP_PKEY_DERIVE 153 +#define EVP_F_EVP_PKEY_DERIVE_INIT 154 +#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +#define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +#define EVP_F_EVP_PKEY_GET1_DH 119 +#define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 +#define EVP_F_EVP_PKEY_GET1_RSA 121 +#define EVP_F_EVP_PKEY_KEYGEN 146 +#define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +#define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_PKEY_PARAMGEN 148 +#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +#define EVP_F_EVP_PKEY_SIGN 140 +#define EVP_F_EVP_PKEY_SIGN_INIT 141 +#define EVP_F_EVP_PKEY_VERIFY 142 +#define EVP_F_EVP_PKEY_VERIFY_INIT 143 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +#define EVP_F_EVP_RIJNDAEL 126 +#define EVP_F_EVP_SIGNFINAL 107 +#define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_FIPS_CIPHERINIT 166 +#define EVP_F_FIPS_CIPHER_CTX_COPY 170 +#define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 +#define EVP_F_FIPS_DIGESTINIT 168 +#define EVP_F_FIPS_MD_CTX_COPY 169 +#define EVP_F_HMAC_INIT_EX 174 +#define EVP_F_INT_CTX_NEW 157 +#define EVP_F_PKCS5_PBE_KEYIVGEN 117 +#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +#define EVP_F_PKCS8_SET_BROKEN 112 +#define EVP_F_PKEY_SET_TYPE 158 +#define EVP_F_RC2_MAGIC_TO_METH 109 +#define EVP_F_RC5_CTRL 125 + +/* Reason codes. */ +#define EVP_R_AES_IV_SETUP_FAILED 162 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 +#define EVP_R_BAD_BLOCK_LENGTH 136 +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BAD_KEY_LENGTH 137 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_BUFFER_TOO_SMALL 155 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +#define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_COMMAND_NOT_SUPPORTED 147 +#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +#define EVP_R_DECODE_ERROR 114 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DIFFERENT_PARAMETERS 153 +#define EVP_R_DISABLED_FOR_FIPS 163 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_ERROR_SETTING_FIPS_MODE 166 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_EXPECTING_AN_RSA_KEY 127 +#define EVP_R_EXPECTING_A_DH_KEY 128 +#define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +#define EVP_R_INITIALIZATION_ERROR 134 +#define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_FIPS_MODE 168 +#define EVP_R_INVALID_KEY_LENGTH 130 +#define EVP_R_INVALID_OPERATION 148 +#define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +#define EVP_R_METHOD_NOT_SUPPORTED 144 +#define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DEFAULT_DIGEST 158 +#define EVP_R_NO_DIGEST_SET 139 +#define EVP_R_NO_DSA_PARAMETERS 116 +#define EVP_R_NO_KEY_SET 154 +#define EVP_R_NO_OPERATION_SET 149 +#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +#define EVP_R_OPERATON_NOT_INITIALIZED 151 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_TOO_LARGE 164 +#define EVP_R_UNKNOWN_CIPHER 160 +#define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_OPTION 169 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +#define EVP_R_UNSUPPORTED_ALGORITHM 156 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRF 125 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h new file mode 100644 index 0000000000..1be0022190 --- /dev/null +++ b/include/openssl/hmac.h @@ -0,0 +1,110 @@ +/* crypto/hmac/hmac.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#ifndef HEADER_HMAC_H +#define HEADER_HMAC_H + +#include + +#ifdef OPENSSL_NO_HMAC +#error HMAC is disabled. +#endif + +#include + +#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct hmac_ctx_st + { + const EVP_MD *md; + EVP_MD_CTX md_ctx; + EVP_MD_CTX i_ctx; + EVP_MD_CTX o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; + } HMAC_CTX; + +#define HMAC_size(e) (EVP_MD_size((e)->md)) + + +void HMAC_CTX_init(HMAC_CTX *ctx); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ + +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md); /* deprecated */ +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/idea.h b/include/openssl/idea.h new file mode 100644 index 0000000000..e9a1e7f1a5 --- /dev/null +++ b/include/openssl/idea.h @@ -0,0 +1,103 @@ +/* crypto/idea/idea.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_IDEA_H +#define HEADER_IDEA_H + +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + +#ifdef OPENSSL_NO_IDEA +#error IDEA is disabled. +#endif + +#define IDEA_ENCRYPT 1 +#define IDEA_DECRYPT 0 + +#define IDEA_BLOCK 8 +#define IDEA_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct idea_key_st + { + IDEA_INT data[9][6]; + } IDEA_KEY_SCHEDULE; + +const char *idea_options(void); +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +#ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +#endif +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num,int enc); +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); +void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/krb5_asn.h b/include/openssl/krb5_asn.h new file mode 100644 index 0000000000..41725d0dc4 --- /dev/null +++ b/include/openssl/krb5_asn.h @@ -0,0 +1,256 @@ +/* krb5_asn.h */ +/* Written by Vern Staats for the OpenSSL project, +** using ocsp/{*.h,*asn*.c} as a starting point +*/ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_KRB5_ASN_H +#define HEADER_KRB5_ASN_H + +/* +#include +*/ +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* ASN.1 from Kerberos RFC 1510 +*/ + +/* EncryptedData ::= SEQUENCE { +** etype[0] INTEGER, -- EncryptionType +** kvno[1] INTEGER OPTIONAL, +** cipher[2] OCTET STRING -- ciphertext +** } +*/ +typedef struct krb5_encdata_st + { + ASN1_INTEGER *etype; + ASN1_INTEGER *kvno; + ASN1_OCTET_STRING *cipher; + } KRB5_ENCDATA; + +DECLARE_STACK_OF(KRB5_ENCDATA) + +/* PrincipalName ::= SEQUENCE { +** name-type[0] INTEGER, +** name-string[1] SEQUENCE OF GeneralString +** } +*/ +typedef struct krb5_princname_st + { + ASN1_INTEGER *nametype; + STACK_OF(ASN1_GENERALSTRING) *namestring; + } KRB5_PRINCNAME; + +DECLARE_STACK_OF(KRB5_PRINCNAME) + + +/* Ticket ::= [APPLICATION 1] SEQUENCE { +** tkt-vno[0] INTEGER, +** realm[1] Realm, +** sname[2] PrincipalName, +** enc-part[3] EncryptedData +** } +*/ +typedef struct krb5_tktbody_st + { + ASN1_INTEGER *tktvno; + ASN1_GENERALSTRING *realm; + KRB5_PRINCNAME *sname; + KRB5_ENCDATA *encdata; + } KRB5_TKTBODY; + +typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; +DECLARE_STACK_OF(KRB5_TKTBODY) + + +/* AP-REQ ::= [APPLICATION 14] SEQUENCE { +** pvno[0] INTEGER, +** msg-type[1] INTEGER, +** ap-options[2] APOptions, +** ticket[3] Ticket, +** authenticator[4] EncryptedData +** } +** +** APOptions ::= BIT STRING { +** reserved(0), use-session-key(1), mutual-required(2) } +*/ +typedef struct krb5_ap_req_st + { + ASN1_INTEGER *pvno; + ASN1_INTEGER *msgtype; + ASN1_BIT_STRING *apoptions; + KRB5_TICKET *ticket; + KRB5_ENCDATA *authenticator; + } KRB5_APREQBODY; + +typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; +DECLARE_STACK_OF(KRB5_APREQBODY) + + +/* Authenticator Stuff */ + + +/* Checksum ::= SEQUENCE { +** cksumtype[0] INTEGER, +** checksum[1] OCTET STRING +** } +*/ +typedef struct krb5_checksum_st + { + ASN1_INTEGER *ctype; + ASN1_OCTET_STRING *checksum; + } KRB5_CHECKSUM; + +DECLARE_STACK_OF(KRB5_CHECKSUM) + + +/* EncryptionKey ::= SEQUENCE { +** keytype[0] INTEGER, +** keyvalue[1] OCTET STRING +** } +*/ +typedef struct krb5_encryptionkey_st + { + ASN1_INTEGER *ktype; + ASN1_OCTET_STRING *keyvalue; + } KRB5_ENCKEY; + +DECLARE_STACK_OF(KRB5_ENCKEY) + + +/* AuthorizationData ::= SEQUENCE OF SEQUENCE { +** ad-type[0] INTEGER, +** ad-data[1] OCTET STRING +** } +*/ +typedef struct krb5_authorization_st + { + ASN1_INTEGER *adtype; + ASN1_OCTET_STRING *addata; + } KRB5_AUTHDATA; + +DECLARE_STACK_OF(KRB5_AUTHDATA) + + +/* -- Unencrypted authenticator +** Authenticator ::= [APPLICATION 2] SEQUENCE { +** authenticator-vno[0] INTEGER, +** crealm[1] Realm, +** cname[2] PrincipalName, +** cksum[3] Checksum OPTIONAL, +** cusec[4] INTEGER, +** ctime[5] KerberosTime, +** subkey[6] EncryptionKey OPTIONAL, +** seq-number[7] INTEGER OPTIONAL, +** authorization-data[8] AuthorizationData OPTIONAL +** } +*/ +typedef struct krb5_authenticator_st + { + ASN1_INTEGER *avno; + ASN1_GENERALSTRING *crealm; + KRB5_PRINCNAME *cname; + KRB5_CHECKSUM *cksum; + ASN1_INTEGER *cusec; + ASN1_GENERALIZEDTIME *ctime; + KRB5_ENCKEY *subkey; + ASN1_INTEGER *seqnum; + KRB5_AUTHDATA *authorization; + } KRB5_AUTHENTBODY; + +typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; +DECLARE_STACK_OF(KRB5_AUTHENTBODY) + + +/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = +** type *name##_new(void); +** void name##_free(type *a); +** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = +** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = +** type *d2i_##name(type **a, const unsigned char **in, long len); +** int i2d_##name(type *a, unsigned char **out); +** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it +*/ + +DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) +DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) +DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) +DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) + +DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) +DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h new file mode 100644 index 0000000000..e4df843073 --- /dev/null +++ b/include/openssl/kssl.h @@ -0,0 +1,192 @@ +/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Vern Staats for the OpenSSL project 2000. + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* +** 19990701 VRS Started. +*/ + +#ifndef KSSL_H +#define KSSL_H + +#include + +#ifndef OPENSSL_NO_KRB5 + +#include +#include +#include +#ifdef OPENSSL_SYS_WIN32 +/* These can sometimes get redefined indirectly by krb5 header files + * after they get undefed in ossl_typ.h + */ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* +** Depending on which KRB5 implementation used, some types from +** the other may be missing. Resolve that here and now +*/ +#ifdef KRB5_HEIMDAL +typedef unsigned char krb5_octet; +#define FAR +#else + +#ifndef FAR +#define FAR +#endif + +#endif + +/* Uncomment this to debug kssl problems or +** to trace usage of the Kerberos session key +** +** #define KSSL_DEBUG +*/ + +#ifndef KRB5SVC +#define KRB5SVC "host" +#endif + +#ifndef KRB5KEYTAB +#define KRB5KEYTAB "/etc/krb5.keytab" +#endif + +#ifndef KRB5SENDAUTH +#define KRB5SENDAUTH 1 +#endif + +#ifndef KRB5CHECKAUTH +#define KRB5CHECKAUTH 1 +#endif + +#ifndef KSSL_CLOCKSKEW +#define KSSL_CLOCKSKEW 300; +#endif + +#define KSSL_ERR_MAX 255 +typedef struct kssl_err_st { + int reason; + char text[KSSL_ERR_MAX+1]; + } KSSL_ERR; + + +/* Context for passing +** (1) Kerberos session key to SSL, and +** (2) Config data between application and SSL lib +*/ +typedef struct kssl_ctx_st + { + /* used by: disposition: */ + char *service_name; /* C,S default ok (kssl) */ + char *service_host; /* C input, REQUIRED */ + char *client_princ; /* S output from krb5 ticket */ + char *keytab_file; /* S NULL (/etc/krb5.keytab) */ + char *cred_cache; /* C NULL (default) */ + krb5_enctype enctype; + int length; + krb5_octet FAR *key; + } KSSL_CTX; + +#define KSSL_CLIENT 1 +#define KSSL_SERVER 2 +#define KSSL_SERVICE 3 +#define KSSL_KEYTAB 4 + +#define KSSL_CTX_OK 0 +#define KSSL_CTX_ERR 1 +#define KSSL_NOMEM 2 + +/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ +krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); +KSSL_CTX *kssl_ctx_new(void); +KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); +void kssl_ctx_show(KSSL_CTX *kssl_ctx); +krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, + krb5_data *realm, krb5_data *entity, int nentities); +krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, + krb5_data *authenp, KSSL_ERR *kssl_err); +krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, + krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); +krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); +void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); +void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); +krb5_error_code kssl_build_principal_2(krb5_context context, + krb5_principal *princ, int rlen, const char *realm, + int slen, const char *svc, int hlen, const char *host); +krb5_error_code kssl_validate_times(krb5_timestamp atime, + krb5_ticket_times *ttimes); +krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, + krb5_timestamp *atimep, KSSL_ERR *kssl_err); +unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); + +void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); +KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); +char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); + +#ifdef __cplusplus +} +#endif +#endif /* OPENSSL_NO_KRB5 */ +#endif /* KSSL_H */ diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h new file mode 100644 index 0000000000..e7d8763591 --- /dev/null +++ b/include/openssl/lhash.h @@ -0,0 +1,241 @@ +/* crypto/lhash/lhash.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Header for dynamic hash table routines + * Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +#define HEADER_LHASH_H + +#include +#ifndef OPENSSL_NO_FP_API +#include +#endif + +#ifndef OPENSSL_NO_BIO +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st + { + void *data; + struct lhash_node_st *next; +#ifndef OPENSSL_NO_HASH_COMP + unsigned long hash; +#endif + } LHASH_NODE; + +typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); + +/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. + * This way, callbacks can be provided to LHASH structures without function + * pointer casting and the macro-defined callbacks provide per-variable casting + * before deferring to the underlying type-specific callbacks. NB: It is + * possible to place a "static" in front of both the DECLARE and IMPLEMENT + * macros if the functions are strictly internal. */ + +/* First: "hash" functions */ +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +#define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +#define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Third: "doall" functions */ +#define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +#define LHASH_DOALL_FN(name) name##_LHASH_DOALL + +/* Fourth: "doall_arg" functions */ +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + +typedef struct lhash_st + { + LHASH_NODE **b; + LHASH_COMP_FN_TYPE comp; + LHASH_HASH_FN_TYPE hash; + unsigned int num_nodes; + unsigned int num_alloc_nodes; + unsigned int p; + unsigned int pmax; + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ + unsigned long num_items; + + unsigned long num_expands; + unsigned long num_expand_reallocs; + unsigned long num_contracts; + unsigned long num_contract_reallocs; + unsigned long num_hash_calls; + unsigned long num_comp_calls; + unsigned long num_insert; + unsigned long num_replace; + unsigned long num_delete; + unsigned long num_no_delete; + unsigned long num_retrieve; + unsigned long num_retrieve_miss; + unsigned long num_hash_comps; + + int error; + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF + * and friends */ + +#define LH_LOAD_MULT 256 + +/* Indicates a malloc() error in the last call, this is only bad + * in lh_insert(). */ +#define lh_error(lh) ((lh)->error) + +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +unsigned long lh_strhash(const char *c); +unsigned long lh_num_items(const _LHASH *lh); + +#ifndef OPENSSL_NO_FP_API +void lh_stats(const _LHASH *lh, FILE *out); +void lh_node_stats(const _LHASH *lh, FILE *out); +void lh_node_usage_stats(const _LHASH *lh, FILE *out); +#endif + +#ifndef OPENSSL_NO_BIO +void lh_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); +#endif + +/* Type checking... */ + +#define LHASH_OF(type) struct lhash_st_##type + +#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } + +#define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +#define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +#define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +#define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) +#define LHM_lh_node_stats_bio(type, lh, out) \ + lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_node_usage_stats_bio(type, lh, out) \ + lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_stats_bio(type, lh, out) \ + lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/include/openssl/md4.h b/include/openssl/md4.h new file mode 100644 index 0000000000..a55368a790 --- /dev/null +++ b/include/openssl/md4.h @@ -0,0 +1,120 @@ +/* crypto/md4/md4.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MD4_H +#define HEADER_MD4_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_MD4 +#error MD4 is disabled. +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! MD4_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#if defined(__LP32__) +#define MD4_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define MD4_LONG unsigned long +#define MD4_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +#else +#define MD4_LONG unsigned int +#endif + +#define MD4_CBLOCK 64 +#define MD4_LBLOCK (MD4_CBLOCK/4) +#define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st + { + MD4_LONG A,B,C,D; + MD4_LONG Nl,Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; + } MD4_CTX; + +#ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +#endif +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/md5.h b/include/openssl/md5.h new file mode 100644 index 0000000000..541cc925fe --- /dev/null +++ b/include/openssl/md5.h @@ -0,0 +1,120 @@ +/* crypto/md5/md5.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MD5_H +#define HEADER_MD5_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_MD5 +#error MD5 is disabled. +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! MD5_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#if defined(__LP32__) +#define MD5_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define MD5_LONG unsigned long +#define MD5_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +#else +#define MD5_LONG unsigned int +#endif + +#define MD5_CBLOCK 64 +#define MD5_LBLOCK (MD5_CBLOCK/4) +#define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st + { + MD5_LONG A,B,C,D; + MD5_LONG Nl,Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; + } MD5_CTX; + +#ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +#endif +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h new file mode 100644 index 0000000000..f3e8e579d2 --- /dev/null +++ b/include/openssl/mdc2.h @@ -0,0 +1,98 @@ +/* crypto/mdc2/mdc2.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MDC2_H +#define HEADER_MDC2_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_MDC2 +#error MDC2 is disabled. +#endif + +#define MDC2_BLOCK 8 +#define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st + { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h,hh; + int pad_type; /* either 1 or 2, default 1 */ + } MDC2_CTX; + + +#ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +#endif +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, + unsigned char *md); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/include/openssl/modes.h b/include/openssl/modes.h new file mode 100644 index 0000000000..7773c2542e --- /dev/null +++ b/include/openssl/modes.h @@ -0,0 +1,141 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], + const void *key); + +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16],unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key,block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, + const unsigned char *nonce, size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, + const unsigned char *aad, size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, size_t len, int enc); +#ifdef __cplusplus +} +#endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h new file mode 100644 index 0000000000..b5ea7cdab4 --- /dev/null +++ b/include/openssl/obj_mac.h @@ -0,0 +1,4032 @@ +/* crypto/objects/obj_mac.h */ + +/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the + * following command: + * perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_rle_compression "RLE" +#define LN_rle_compression "run length compression" +#define NID_rle_compression 124 +#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + diff --git a/include/openssl/objects.h b/include/openssl/objects.h new file mode 100644 index 0000000000..bd0ee52feb --- /dev/null +++ b/include/openssl/objects.h @@ -0,0 +1,1138 @@ +/* crypto/objects/objects.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_OBJECTS_H +#define HEADER_OBJECTS_H + +#define USE_OBJ_MAC + +#ifdef USE_OBJ_MAC +#include +#else +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_Algorithm "Algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 38 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define LN_rsadsi "rsadsi" +#define NID_rsadsi 1 +#define OBJ_rsadsi 1L,2L,840L,113549L + +#define LN_pkcs "pkcs" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs,1L,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L + +#define LN_X500 "X500" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define LN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +/* Postal Address? PA */ + +/* should be "ST" (rfc1327) but MS uses 'S' */ +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500,8L,1L,1L + +#define LN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define LN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +/* IV + num */ +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +/* IV */ +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ede "DES-EDE" +#define LN_des_ede "des-ede" +#define NID_des_ede 32 +/* ?? */ +#define OBJ_des_ede OBJ_algorithm,17L + +#define SN_des_ede3 "DES-EDE3" +#define LN_des_ede3 "des-ede3" +#define NID_des_ede3 33 + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define LN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define SN_pkcs9_emailAddress "Email" +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +/* I'm not sure about the object ID */ +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L +/* 28 Jun 1996 - eay */ +/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +/* proposed by microsoft to RSA */ +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L + +/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now + * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something + * completely different. + */ +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce 2L,5L,29L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 2L,5L,8L,3L,101L +/* An alternative? 1L,3L,14L,3L,2L,19L */ + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2withRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_givenName "G" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_surname "S" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define SN_initials "I" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define SN_uniqueIdentifier "UID" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_X509,45L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_serialNumber "SN" +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_title "T" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define SN_description "D" +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +/* CAST5 is CAST-128, I'm just sticking with the documentation */ +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L + +/* This is one sun will soon be using :-( + * id-dsa-with-sha1 ID ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } + */ +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L + +#define NID_md5_sha1 114 +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa 1L,2L,840L,10040L,4L,1L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +/* The name should actually be rsaSignatureWithripemd160, but I'm going + * to continue using the convention I'm using with the other ciphers */ +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +/* Taken from rfc2040 + * RC5_CBC_Parameters ::= SEQUENCE { + * version INTEGER (v1_0(16)), + * rounds INTEGER (8..127), + * blockSizeInBits INTEGER (64, 128), + * iv OCTET STRING OPTIONAL + * } + */ +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_rle_compression "RLE" +#define LN_rle_compression "run length compression" +#define NID_rle_compression 124 +#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +/* PKIX extended key usage OIDs */ + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +/* Additional extended key usage OIDs: Microsoft */ + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +/* Additional usage: Netscape */ + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +/* PKCS12 and related OBJECT IDENTIFIERS */ + +#define OBJ_pkcs12 OBJ_pkcs,12L +#define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds, 1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds, 3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds, 4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds, 5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9, 20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9, 21L + +#define OBJ_certTypes OBJ_pkcs9, 22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes, 1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes, 2L + +#define OBJ_crlTypes OBJ_pkcs9, 23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes, 1L + +/* PKCS#5 v2 OIDs */ + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs,5L,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs,5L,14L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +/* Policy Qualifier Ids */ + +#define LN_id_qt_cps "Policy Qualifier CPS" +#define SN_id_qt_cps "id-qt-cps" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_pkix,2L,1L + +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define SN_id_qt_unotice "id-qt-unotice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L + +/* Extension request OIDs */ + +#define LN_ms_ext_req "Microsoft Extension Request" +#define SN_ms_ext_req "msExtReq" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define LN_ext_req "Extension Request" +#define SN_ext_req "extReq" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L +#endif /* USE_OBJ_MAC */ + +#include +#include + +#define OBJ_NAME_TYPE_UNDEF 0x00 +#define OBJ_NAME_TYPE_MD_METH 0x01 +#define OBJ_NAME_TYPE_CIPHER_METH 0x02 +#define OBJ_NAME_TYPE_PKEY_METH 0x03 +#define OBJ_NAME_TYPE_COMP_METH 0x04 +#define OBJ_NAME_TYPE_NUM 0x05 + +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st + { + int type; + int alias; + const char *name; + const char *data; + } OBJ_NAME; + +#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name,int type); +int OBJ_NAME_add(const char *name,int type,const char *data); +int OBJ_NAME_remove(const char *name,int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), + void *arg); + +ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT * OBJ_nid2obj(int n); +const char * OBJ_nid2ln(int n); +const char * OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +const void * OBJ_bsearch_(const void *key,const void *base,int num,int size, + int (*cmp)(const void *, const void *)); +const void * OBJ_bsearch_ex_(const void *key,const void *base,int num, + int size, + int (*cmp)(const void *, const void *), + int flags); + +#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/* + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid,const char *sn,const char *ln); +void OBJ_cleanup(void ); +int OBJ_create_objects(BIO *in); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + +extern int obj_cleanup_defer; +void check_defer(int nid); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_OBJ_strings(void); + +/* Error codes for the OBJ functions. */ + +/* Function codes. */ +#define OBJ_F_OBJ_ADD_OBJECT 105 +#define OBJ_F_OBJ_CREATE 100 +#define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NAME_NEW_INDEX 106 +#define OBJ_F_OBJ_NID2LN 102 +#define OBJ_F_OBJ_NID2OBJ 103 +#define OBJ_F_OBJ_NID2SN 104 + +/* Reason codes. */ +#define OBJ_R_MALLOC_FAILURE 100 +#define OBJ_R_UNKNOWN_NID 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h new file mode 100644 index 0000000000..31e45744ba --- /dev/null +++ b/include/openssl/ocsp.h @@ -0,0 +1,623 @@ +/* ocsp.h */ +/* Written by Tom Titchener for the OpenSSL + * project. */ + +/* History: + This file was transfered to Richard Levitte from CertCo by Kathy + Weinhold in mid-spring 2000 to be included in OpenSSL or released + as a patch kit. */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OCSP_H +#define HEADER_OCSP_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +#define OCSP_DEFAULT_NONCE_LENGTH 16 + +#define OCSP_NOCERTS 0x1 +#define OCSP_NOINTERN 0x2 +#define OCSP_NOSIGS 0x4 +#define OCSP_NOCHAIN 0x8 +#define OCSP_NOVERIFY 0x10 +#define OCSP_NOEXPLICIT 0x20 +#define OCSP_NOCASIGN 0x40 +#define OCSP_NODELEGATED 0x80 +#define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 +#define OCSP_RESPID_KEY 0x400 +#define OCSP_NOTIME 0x800 + +/* CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +typedef struct ocsp_cert_id_st + { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; + } OCSP_CERTID; + +DECLARE_STACK_OF(OCSP_CERTID) + +/* Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_one_request_st + { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; + } OCSP_ONEREQ; + +DECLARE_STACK_OF(OCSP_ONEREQ) +DECLARE_ASN1_SET_OF(OCSP_ONEREQ) + + +/* TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_req_info_st + { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; + } OCSP_REQINFO; + +/* Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +typedef struct ocsp_signature_st + { + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; + } OCSP_SIGNATURE; + +/* OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +typedef struct ocsp_request_st + { + OCSP_REQINFO *tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ + } OCSP_REQUEST; + +/* OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +/* ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +typedef struct ocsp_resp_bytes_st + { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; + } OCSP_RESPBYTES; + +/* OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st + { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; + }; + +/* ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +#define V_OCSP_RESPID_NAME 0 +#define V_OCSP_RESPID_KEY 1 +struct ocsp_responder_id_st + { + int type; + union { + X509_NAME* byName; + ASN1_OCTET_STRING *byKey; + } value; + }; + +DECLARE_STACK_OF(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + +/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/* RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +typedef struct ocsp_revoked_info_st + { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; + } OCSP_REVOKEDINFO; + +/* CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 +typedef struct ocsp_cert_status_st + { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; + } OCSP_CERTSTATUS; + +/* SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_single_response_st + { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; + } OCSP_SINGLERESP; + +DECLARE_STACK_OF(OCSP_SINGLERESP) +DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) + +/* ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_response_data_st + { + ASN1_INTEGER *version; + OCSP_RESPID *responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; + } OCSP_RESPDATA; + +/* BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* Note 1: + The value for "signature" is specified in the OCSP rfc2560 as follows: + "The value for the signature SHALL be computed on the hash of the DER + encoding ResponseData." This means that you must hash the DER-encoded + tbsResponseData, and then run it through a crypto-signing function, which + will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems + a bit odd, but that's the spec. Also note that the data structures do not + leave anywhere to independently specify the algorithm used for the initial + hash. So, we look at the signature-specification algorithm, and try to do + something intelligent. -- Kathy Weinhold, CertCo */ + /* Note 2: + It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open + for interpretation. I've done tests against another responder, and found + that it doesn't do the double hashing that the RFC seems to say one + should. Therefore, all relevant functions take a flag saying which + variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ +typedef struct ocsp_basic_response_st + { + OCSP_RESPDATA *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; + } OCSP_BASICRESP; + +/* + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + +/* CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +typedef struct ocsp_crl_id_st + { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; + } OCSP_CRLID; + +/* ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +typedef struct ocsp_service_locator_st + { + X509_NAME* issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; + } OCSP_SERVICELOC; + +#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + +#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) + +#define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +#define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +#define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ + o->optionalSignature->signatureAlgorithm,NULL,\ + o->optionalSignature->signature,o->tbsRequest,pkey,md) + +#define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ + o->signature,o->tbsResponseData,pkey,md) + +#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ + a->optionalSignature->signatureAlgorithm,\ + a->optionalSignature->signature,a->tbsRequest,r) + +#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + +#define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +#define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + X509_NAME *issuerName, + ASN1_BIT_STRING* issuerKey, + ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, + unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, + long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); + +int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_OCSP_strings(void); + +/* Error codes for the OCSP functions. */ + +/* Function codes. */ +#define OCSP_F_ASN1_STRING_ENCODE 100 +#define OCSP_F_D2I_OCSP_NONCE 102 +#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +#define OCSP_F_OCSP_BASIC_SIGN 104 +#define OCSP_F_OCSP_BASIC_VERIFY 105 +#define OCSP_F_OCSP_CERT_ID_NEW 101 +#define OCSP_F_OCSP_CHECK_DELEGATED 106 +#define OCSP_F_OCSP_CHECK_IDS 107 +#define OCSP_F_OCSP_CHECK_ISSUER 108 +#define OCSP_F_OCSP_CHECK_VALIDITY 115 +#define OCSP_F_OCSP_MATCH_ISSUERID 109 +#define OCSP_F_OCSP_PARSE_URL 114 +#define OCSP_F_OCSP_REQUEST_SIGN 110 +#define OCSP_F_OCSP_REQUEST_VERIFY 116 +#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +#define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_OCSP_SENDREQ_NBIO 117 +#define OCSP_F_PARSE_HTTP_LINE1 118 +#define OCSP_F_REQUEST_VERIFY 113 + +/* Reason codes. */ +#define OCSP_R_BAD_DATA 100 +#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +#define OCSP_R_DIGEST_ERR 102 +#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +#define OCSP_R_ERROR_PARSING_URL 121 +#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +#define OCSP_R_NOT_BASIC_RESPONSE 104 +#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +#define OCSP_R_NO_CONTENT 106 +#define OCSP_R_NO_PUBLIC_KEY 107 +#define OCSP_R_NO_RESPONSE_DATA 108 +#define OCSP_R_NO_REVOKED_TIME 109 +#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +#define OCSP_R_REQUEST_NOT_SIGNED 128 +#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +#define OCSP_R_SERVER_READ_ERROR 113 +#define OCSP_R_SERVER_RESPONSE_ERROR 114 +#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +#define OCSP_R_SERVER_WRITE_ERROR 116 +#define OCSP_R_SIGNATURE_FAILURE 117 +#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +#define OCSP_R_STATUS_EXPIRED 125 +#define OCSP_R_STATUS_NOT_YET_VALID 126 +#define OCSP_R_STATUS_TOO_OLD 127 +#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +#define OCSP_R_UNKNOWN_NID 120 +#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h new file mode 100644 index 0000000000..7921712813 --- /dev/null +++ b/include/openssl/opensslconf.h @@ -0,0 +1,248 @@ +/* opensslconf.h */ +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + +#ifdef __cplusplus +extern "C" { +#endif +/* OpenSSL was configured with the following options: */ +#ifndef OPENSSL_SYSNAME_WIN32 +# define OPENSSL_SYSNAME_WIN32 +#endif +#ifndef OPENSSL_DOING_MAKEDEPEND + + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif +#ifndef OPENSSL_NO_JPAKE +# define OPENSSL_NO_JPAKE +#endif +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ + +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_ASM +# define OPENSSL_NO_ASM +#endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) +# define NO_EC_NISTP_64_GCC_128 +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) +# define NO_JPAKE +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) +# define NO_SCTP +# endif +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE +# endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif +#endif + +/* crypto/opensslconf.h.in */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "c:/some/openssl/dir/lib/engines" +#define OPENSSLDIR "c:/some/openssl/dir/ssl" +#endif +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION +#define OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned long +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h new file mode 100644 index 0000000000..4a1df08f6c --- /dev/null +++ b/include/openssl/opensslv.h @@ -0,0 +1,96 @@ +#ifndef HEADER_OPENSSLV_H +#define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +#define OPENSSL_VERSION_NUMBER 0x100010cfL +#ifdef OPENSSL_FIPS +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips 15 Jan 2015" +#else +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l 15 Jan 2015" +#endif +#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + + +/* The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major verson number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +#define SHLIB_VERSION_HISTORY "" +#define SHLIB_VERSION_NUMBER "1.0.0" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h new file mode 100644 index 0000000000..12cdd43be9 --- /dev/null +++ b/include/openssl/ossl_typ.h @@ -0,0 +1,209 @@ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OPENSSL_TYPES_H +#define HEADER_OPENSSL_TYPES_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#ifdef NO_ASN1_TYPEDEFS +#define ASN1_INTEGER ASN1_STRING +#define ASN1_ENUMERATED ASN1_STRING +#define ASN1_BIT_STRING ASN1_STRING +#define ASN1_OCTET_STRING ASN1_STRING +#define ASN1_PRINTABLESTRING ASN1_STRING +#define ASN1_T61STRING ASN1_STRING +#define ASN1_IA5STRING ASN1_STRING +#define ASN1_UTCTIME ASN1_STRING +#define ASN1_GENERALIZEDTIME ASN1_STRING +#define ASN1_TIME ASN1_STRING +#define ASN1_GENERALSTRING ASN1_STRING +#define ASN1_UNIVERSALSTRING ASN1_STRING +#define ASN1_BMPSTRING ASN1_STRING +#define ASN1_VISIBLESTRING ASN1_STRING +#define ASN1_UTF8STRING ASN1_STRING +#define ASN1_BOOLEAN int +#define ASN1_NULL int +#else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +#endif + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; + +#ifdef OPENSSL_SYS_WIN32 +#undef X509_NAME +#undef X509_EXTENSIONS +#undef X509_CERT_PAIR +#undef PKCS7_ISSUER_AND_SERIAL +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif + +#ifdef BIGNUM +#undef BIGNUM +#endif +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct env_md_st EVP_MD; +typedef struct env_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; + +typedef struct rand_meth_st RAND_METHOD; + +typedef struct ecdh_method ECDH_METHOD; +typedef struct ecdsa_method ECDSA_METHOD; + +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; + +typedef struct store_st STORE; +typedef struct store_method_st STORE_METHOD; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct st_ERR_FNS ERR_FNS; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ +#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ +#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Callback types for crypto.h */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/include/openssl/pem.h b/include/openssl/pem.h new file mode 100644 index 0000000000..8a6ababe3a --- /dev/null +++ b/include/openssl/pem.h @@ -0,0 +1,641 @@ +/* crypto/pem/pem.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PEM_H +#define HEADER_PEM_H + +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_STACK +#include +#endif +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define PEM_BUFSIZE 1024 + +#define PEM_OBJ_UNDEF 0 +#define PEM_OBJ_X509 1 +#define PEM_OBJ_X509_REQ 2 +#define PEM_OBJ_CRL 3 +#define PEM_OBJ_SSL_SESSION 4 +#define PEM_OBJ_PRIV_KEY 10 +#define PEM_OBJ_PRIV_RSA 11 +#define PEM_OBJ_PRIV_DSA 12 +#define PEM_OBJ_PRIV_DH 13 +#define PEM_OBJ_PUB_RSA 14 +#define PEM_OBJ_PUB_DSA 15 +#define PEM_OBJ_PUB_DH 16 +#define PEM_OBJ_DHPARAMS 17 +#define PEM_OBJ_DSAPARAMS 18 +#define PEM_OBJ_PRIV_RSA_PUBLIC 19 +#define PEM_OBJ_PRIV_ECDSA 20 +#define PEM_OBJ_PUB_ECDSA 21 +#define PEM_OBJ_ECPARAMETERS 22 + +#define PEM_ERROR 30 +#define PEM_DEK_DES_CBC 40 +#define PEM_DEK_IDEA_CBC 45 +#define PEM_DEK_DES_EDE 50 +#define PEM_DEK_DES_ECB 60 +#define PEM_DEK_RSA 70 +#define PEM_DEK_RSA_MD2 80 +#define PEM_DEK_RSA_MD5 90 + +#define PEM_MD_MD2 NID_md2 +#define PEM_MD_MD5 NID_md5 +#define PEM_MD_SHA NID_sha +#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" +#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +#define PEM_STRING_PUBLIC "PUBLIC KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +#define PEM_STRING_PKCS8INF "PRIVATE KEY" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_PARAMETERS "PARAMETERS" +#define PEM_STRING_CMS "CMS" + + /* Note that this structure is initialised by PEM_SealInit and cleaned up + by PEM_SealFinal (at least for now) */ +typedef struct PEM_Encode_Seal_st + { + EVP_ENCODE_CTX encode; + EVP_MD_CTX md; + EVP_CIPHER_CTX cipher; + } PEM_ENCODE_SEAL_CTX; + +/* enc_type is one off */ +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 + +typedef struct pem_recip_st + { + char *name; + X509_NAME *dn; + + int cipher; + int key_enc; + /* char iv[8]; unused and wrong size */ + } PEM_USER; + +typedef struct pem_ctx_st + { + int type; /* what type of object */ + + struct { + int version; + int mode; + } proc_type; + + char *domain; + + struct { + int cipher; + /* unused, and wrong size + unsigned char iv[8]; */ + } DEK_info; + + PEM_USER *originator; + + int num_recipient; + PEM_USER **recipient; + + /* XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ + EVP_MD *md; /* signature type */ + + int md_enc; /* is the md encrypted or not? */ + int md_len; /* length of md_data */ + char *md_data; /* message digest, could be pkey encrypted */ + + EVP_CIPHER *dec; /* date encryption cipher */ + int key_len; /* key length */ + unsigned char *key; /* key */ + /* unused, and wrong size + unsigned char iv[8]; */ + + + int data_enc; /* is the data encrypted */ + int data_len; + unsigned char *data; + } PEM_CTX; + +/* These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: + * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) + */ + +#ifdef OPENSSL_NO_FP_API + +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ + +#else + +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +#endif + +#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +#if defined(OPENSSL_NO_FP_API) + +#define DECLARE_PEM_read_fp(name, type) /**/ +#define DECLARE_PEM_write_fp(name, type) /**/ +#define DECLARE_PEM_write_cb_fp(name, type) /**/ + +#else + +#define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +#define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +#define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +#endif + +#ifndef OPENSSL_NO_BIO +#define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +#define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +#define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +#else + +#define DECLARE_PEM_read_bio(name, type) /**/ +#define DECLARE_PEM_write_bio(name, type) /**/ +#define DECLARE_PEM_write_bio_const(name, type) /**/ +#define DECLARE_PEM_write_cb_bio(name, type) /**/ + +#endif + +#define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) + +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) + +#define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) + +#define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) + +#define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) + +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + +#define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) + +#if 1 +/* "userdata": new with OpenSSL 0.9.4 */ +typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); +#else +/* OpenSSL 0.9.3, 0.9.3a */ +typedef int pem_password_cb(char *buf, int size, int rwflag); +#endif + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, + pem_password_cb *callback,void *u); + +#ifndef OPENSSL_NO_BIO +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, + long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u); +void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, + void **x, pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, + const EVP_CIPHER *enc,unsigned char *kstr,int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cd, void *u); +#endif + +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data,long *len); +int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); +void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, + void *x,const EVP_CIPHER *enc,unsigned char *kstr, + int klen,pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); + +int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, + EVP_MD *md_type, unsigned char **ek, int *ekl, + unsigned char *iv, EVP_PKEY **pubk, int npubk); +void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl); +int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv); + +void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +int PEM_def_callback(char *buf, int num, int w, void *key); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + + +#include + +DECLARE_PEM_rw(X509, X509) + +DECLARE_PEM_rw(X509_AUX, X509) + +DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) + +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) + +DECLARE_PEM_rw(X509_CRL, X509_CRL) + +DECLARE_PEM_rw(PKCS7, PKCS7) + +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) + +DECLARE_PEM_rw(PKCS8, X509_SIG) + +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) + +#ifndef OPENSSL_NO_RSA + +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) + +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) + +#endif + +#ifndef OPENSSL_NO_DSA + +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) + +DECLARE_PEM_rw(DSA_PUBKEY, DSA) + +DECLARE_PEM_rw_const(DSAparams, DSA) + +#endif + +#ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +#endif + +#ifndef OPENSSL_NO_DH + +DECLARE_PEM_rw_const(DHparams, DH) + +#endif + +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) + +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); + +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, + char *kstr,int klen, pem_password_cb *cd, void *u); + +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +#ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +#endif + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_PEM_strings(void); + +/* Error codes for the PEM functions. */ + +/* Function codes. */ +#define PEM_F_B2I_DSS 127 +#define PEM_F_B2I_PVK_BIO 128 +#define PEM_F_B2I_RSA 129 +#define PEM_F_CHECK_BITLEN_DSA 130 +#define PEM_F_CHECK_BITLEN_RSA 131 +#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +#define PEM_F_DO_B2I 132 +#define PEM_F_DO_B2I_BIO 133 +#define PEM_F_DO_BLOB_HEADER 134 +#define PEM_F_DO_PK8PKEY 126 +#define PEM_F_DO_PK8PKEY_FP 125 +#define PEM_F_DO_PVK_BODY 135 +#define PEM_F_DO_PVK_HEADER 136 +#define PEM_F_I2B_PVK 137 +#define PEM_F_I2B_PVK_BIO 138 +#define PEM_F_LOAD_IV 101 +#define PEM_F_PEM_ASN1_READ 102 +#define PEM_F_PEM_ASN1_READ_BIO 103 +#define PEM_F_PEM_ASN1_WRITE 104 +#define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DEF_CALLBACK 100 +#define PEM_F_PEM_DO_HEADER 106 +#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_PK8PKEY 119 +#define PEM_F_PEM_READ 108 +#define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PARAMETERS 140 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_PRIVATEKEY 124 +#define PEM_F_PEM_SEALFINAL 110 +#define PEM_F_PEM_SEALINIT 111 +#define PEM_F_PEM_SIGNFINAL 112 +#define PEM_F_PEM_WRITE 113 +#define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_WRITE_PRIVATEKEY 139 +#define PEM_F_PEM_X509_INFO_READ 115 +#define PEM_F_PEM_X509_INFO_READ_BIO 116 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_MAGIC_NUMBER 116 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_BAD_VERSION_NUMBER 117 +#define PEM_R_BIO_WRITE_FAILURE 118 +#define PEM_R_CIPHER_IS_NULL 127 +#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +#define PEM_R_INCONSISTENT_HEADER 121 +#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +#define PEM_R_KEYBLOB_TOO_SHORT 123 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_PVK_DATA_TOO_SHORT 124 +#define PEM_R_PVK_TOO_SHORT 125 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h new file mode 100644 index 0000000000..f31790d69c --- /dev/null +++ b/include/openssl/pem2.h @@ -0,0 +1,70 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * This header only exists to break a circular dependency between pem and err + * Ben 30 Jan 1999. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef HEADER_PEM_H +void ERR_load_PEM_strings(void); +#endif + +#ifdef __cplusplus +} +#endif diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h new file mode 100644 index 0000000000..b17eb9f42b --- /dev/null +++ b/include/openssl/pkcs12.h @@ -0,0 +1,331 @@ +/* pkcs12.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PKCS12_H +#define HEADER_PKCS12_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 +#define PKCS12_MAC_ID 3 + +/* Default iteration count */ +#ifndef PKCS12_DEFAULT_ITER +#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +#endif + +#define PKCS12_MAC_KEY_LENGTH 20 + +#define PKCS12_SALT_LEN 8 + +/* Uncomment out next line for unicode password and names, otherwise ASCII */ + +/*#define PBE_UNICODE*/ + +#ifdef PBE_UNICODE +#define PKCS12_key_gen PKCS12_key_gen_uni +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni +#else +#define PKCS12_key_gen PKCS12_key_gen_asc +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc +#endif + +/* MS key usage constants */ + +#define KEY_EX 0x10 +#define KEY_SIG 0x80 + +typedef struct { +X509_SIG *dinfo; +ASN1_OCTET_STRING *salt; +ASN1_INTEGER *iter; /* defaults to 1 */ +} PKCS12_MAC_DATA; + +typedef struct { +ASN1_INTEGER *version; +PKCS12_MAC_DATA *mac; +PKCS7 *authsafes; +} PKCS12; + +typedef struct { +ASN1_OBJECT *type; +union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ + struct pkcs8_priv_key_info_st *keybag; /* keybag */ + X509_SIG *shkeybag; /* shrouded key bag */ + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; +}value; +STACK_OF(X509_ATTRIBUTE) *attrib; +} PKCS12_SAFEBAG; + +DECLARE_STACK_OF(PKCS12_SAFEBAG) +DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) +DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st { +ASN1_OBJECT *type; +union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ +}value; +} PKCS12_BAGS; + +#define PKCS12_ERROR 0 +#define PKCS12_OK 1 + +/* Compatibility macros */ + +#define M_PKCS12_x5092certbag PKCS12_x5092certbag +#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag + +#define M_PKCS12_certbag2x509 PKCS12_certbag2x509 +#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl + +#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data +#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes +#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes +#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata + +#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey +#define M_PKCS8_decrypt PKCS8_decrypt + +#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) +#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type + +#define PKCS12_get_attr(bag, attr_nid) \ + PKCS12_get_attr_gen(bag->attrib, attr_nid) + +#define PKCS8_get_attr(p8, attr_nid) \ + PKCS12_get_attr_gen(p8->attributes, attr_nid) + +#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) + + +PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); +PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); +X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, + int nid2); +PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, + int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, + int passlen, unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, + int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, + int passlen, unsigned char *in, int inlen, + unsigned char **data, int *datalen, int en_de); +void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, + int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, + int key_nid, char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_PKCS12_strings(void); + +/* Error codes for the PKCS12 functions. */ + +/* Function codes. */ +#define PKCS12_F_PARSE_BAG 129 +#define PKCS12_F_PARSE_BAGS 103 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 +#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 +#define PKCS12_F_PKCS12_CREATE 105 +#define PKCS12_F_PKCS12_GEN_MAC 107 +#define PKCS12_F_PKCS12_INIT 109 +#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +#define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 +#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 +#define PKCS12_F_PKCS12_NEWPASS 128 +#define PKCS12_F_PKCS12_PACK_P7DATA 114 +#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +#define PKCS12_F_PKCS12_PARSE 118 +#define PKCS12_F_PKCS12_PBE_CRYPT 119 +#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +#define PKCS12_F_PKCS12_SETUP_MAC 122 +#define PKCS12_F_PKCS12_SET_MAC 123 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +#define PKCS12_F_PKCS12_VERIFY_MAC 126 +#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 +#define PKCS12_F_PKCS8_ENCRYPT 125 + +/* Reason codes. */ +#define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +#define PKCS12_R_DECODE_ERROR 101 +#define PKCS12_R_ENCODE_ERROR 102 +#define PKCS12_R_ENCRYPT_ERROR 103 +#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +#define PKCS12_R_INVALID_NULL_ARGUMENT 104 +#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +#define PKCS12_R_IV_GEN_ERROR 106 +#define PKCS12_R_KEY_GEN_ERROR 107 +#define PKCS12_R_MAC_ABSENT 108 +#define PKCS12_R_MAC_GENERATION_ERROR 109 +#define PKCS12_R_MAC_SETUP_ERROR 110 +#define PKCS12_R_MAC_STRING_SET_ERROR 111 +#define PKCS12_R_MAC_VERIFY_ERROR 112 +#define PKCS12_R_MAC_VERIFY_FAILURE 113 +#define PKCS12_R_PARSE_ERROR 114 +#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h new file mode 100644 index 0000000000..5d54c4ac27 --- /dev/null +++ b/include/openssl/pkcs7.h @@ -0,0 +1,496 @@ +/* crypto/pkcs7/pkcs7.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PKCS7_H +#define HEADER_PKCS7_H + +#include +#include +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_SYS_WIN32 +/* Under Win32 thes are defined in wincrypt.h */ +#undef PKCS7_ISSUER_AND_SERIAL +#undef PKCS7_SIGNER_INFO +#endif + +/* +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st + { + X509_NAME *issuer; + ASN1_INTEGER *serial; + } PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st + { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + + /* The private key to sign with */ + EVP_PKEY *pkey; + } PKCS7_SIGNER_INFO; + +DECLARE_STACK_OF(PKCS7_SIGNER_INFO) +DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st + { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ + } PKCS7_RECIP_INFO; + +DECLARE_STACK_OF(PKCS7_RECIP_INFO) +DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st + { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + + struct pkcs7_st *contents; + } PKCS7_SIGNED; +/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. + * How about merging the two */ + +typedef struct pkcs7_enc_content_st + { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; + } PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st + { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; + } PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st + { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + } PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st + { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; + } PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st + { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; + } PKCS7_ENCRYPT; + +typedef struct pkcs7_st + { + /* The following is non NULL if it contains ASN1 encoding of + * this structure */ + unsigned char *asn1; + long length; + +#define PKCS7_S_HEADER 0 +#define PKCS7_S_BODY 1 +#define PKCS7_S_TAIL 2 + int state; /* used during processing */ + + int detached; + + ASN1_OBJECT *type; + /* content as defined by the type */ + /* all encryption/message digests are applied to the 'contents', + * leaving out the 'type' field. */ + union { + char *ptr; + + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + + /* Anything else */ + ASN1_TYPE *other; + } d; + } PKCS7; + +DECLARE_STACK_OF(PKCS7) +DECLARE_ASN1_SET_OF(PKCS7) +DECLARE_PKCS12_STACK_OF(PKCS7) + +#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +#define PKCS7_get_attributes(si) ((si)->unauth_attr) + +#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +#define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +#define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +#define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_NOSIGS 0x4 +#define PKCS7_NOCHAIN 0x8 +#define PKCS7_NOINTERN 0x10 +#define PKCS7_NOVERIFY 0x20 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 +#define PKCS7_NOATTR 0x100 +#define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 + +/* Flags: for compatibility with older code */ + +#define SMIME_TEXT PKCS7_TEXT +#define SMIME_NOCERTS PKCS7_NOCERTS +#define SMIME_NOSIGS PKCS7_NOSIGS +#define SMIME_NOCHAIN PKCS7_NOCHAIN +#define SMIME_NOINTERN PKCS7_NOINTERN +#define SMIME_NOVERIFY PKCS7_NOVERIFY +#define SMIME_DETACHED PKCS7_DETACHED +#define SMIME_BINARY PKCS7_BINARY +#define SMIME_NOATTR PKCS7_NOATTR + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, + unsigned char *md,unsigned int *len); +#ifndef OPENSSL_NO_FP_API +PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); +#endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, + void *data); +int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); + + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, + int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_PKCS7_strings(void); + +/* Error codes for the PKCS7 functions. */ + +/* Function codes. */ +#define PKCS7_F_B64_READ_PKCS7 120 +#define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +#define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +#define PKCS7_F_PKCS7_ADD_CRL 101 +#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +#define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +#define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +#define PKCS7_F_PKCS7_CTRL 104 +#define PKCS7_F_PKCS7_DATADECODE 112 +#define PKCS7_F_PKCS7_DATAFINAL 128 +#define PKCS7_F_PKCS7_DATAINIT 105 +#define PKCS7_F_PKCS7_DATASIGN 106 +#define PKCS7_F_PKCS7_DATAVERIFY 107 +#define PKCS7_F_PKCS7_DECRYPT 114 +#define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +#define PKCS7_F_PKCS7_ENCODE_RINFO 132 +#define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FINAL 134 +#define PKCS7_F_PKCS7_FIND_DIGEST 127 +#define PKCS7_F_PKCS7_GET0_SIGNERS 124 +#define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +#define PKCS7_F_PKCS7_SET_CIPHER 108 +#define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 +#define PKCS7_F_PKCS7_SET_TYPE 110 +#define PKCS7_F_PKCS7_SIGN 116 +#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +#define PKCS7_F_PKCS7_VERIFY 117 +#define PKCS7_F_SMIME_READ_PKCS7 122 +#define PKCS7_F_SMIME_TEXT 123 + +/* Reason codes. */ +#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_CTRL_ERROR 152 +#define PKCS7_R_DECODE_ERROR 130 +#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +#define PKCS7_R_DECRYPT_ERROR 119 +#define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +#define PKCS7_R_ERROR_SETTING_CIPHER 121 +#define PKCS7_R_INVALID_MIME_TYPE 131 +#define PKCS7_R_INVALID_NULL_POINTER 143 +#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +#define PKCS7_R_MIME_PARSE_ERROR 133 +#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 +#define PKCS7_R_MISSING_CERIPEND_INFO 103 +#define PKCS7_R_NO_CONTENT 122 +#define PKCS7_R_NO_CONTENT_TYPE 135 +#define PKCS7_R_NO_DEFAULT_DIGEST 151 +#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 +#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 +#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +#define PKCS7_R_NO_SIGNERS 142 +#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 +#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +#define PKCS7_R_PKCS7_DATAFINAL 126 +#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +#define PKCS7_R_PKCS7_DATASIGN 145 +#define PKCS7_R_PKCS7_PARSE_ERROR 139 +#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +#define PKCS7_R_SIGNATURE_FAILURE 105 +#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIGNING_CTRL_FAILURE 147 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +#define PKCS7_R_SMIME_TEXT_ERROR 129 +#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +#define PKCS7_R_UNKNOWN_OPERATION 110 +#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +#define PKCS7_R_WRONG_CONTENT_TYPE 113 +#define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/pqueue.h b/include/openssl/pqueue.h new file mode 100644 index 0000000000..26b5348089 --- /dev/null +++ b/include/openssl/pqueue.h @@ -0,0 +1,100 @@ +/* crypto/pqueue/pqueue.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PQUEUE_H +#define HEADER_PQUEUE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif +typedef struct _pqueue *pqueue; + +typedef struct _pitem + { + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + void *data; + struct _pitem *next; + } pitem; + +typedef struct _pitem *piterator; + +pitem *pitem_new(unsigned char *prio64be, void *data); +void pitem_free(pitem *item); + +pqueue pqueue_new(void); +void pqueue_free(pqueue pq); + +pitem *pqueue_insert(pqueue pq, pitem *item); +pitem *pqueue_peek(pqueue pq); +pitem *pqueue_pop(pqueue pq); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); +pitem *pqueue_iterator(pqueue pq); +pitem *pqueue_next(piterator *iter); + +void pqueue_print(pqueue pq); +int pqueue_size(pqueue pq); + +#ifdef __cplusplus +} +#endif +#endif /* ! HEADER_PQUEUE_H */ diff --git a/include/openssl/rand.h b/include/openssl/rand.h new file mode 100644 index 0000000000..bb5520e80a --- /dev/null +++ b/include/openssl/rand.h @@ -0,0 +1,150 @@ +/* crypto/rand/rand.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RAND_H +#define HEADER_RAND_H + +#include +#include +#include + +#if defined(OPENSSL_SYS_WINDOWS) +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(OPENSSL_FIPS) +#define FIPS_RAND_SIZE_T size_t +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st + { + void (*seed)(const void *buf, int num); + int (*bytes)(unsigned char *buf, int num); + void (*cleanup)(void); + void (*add)(const void *buf, int num, double entropy); + int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); + }; + +#ifdef BN_DEBUG +extern int rand_predictable; +#endif + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +#endif +RAND_METHOD *RAND_SSLeay(void); +void RAND_cleanup(void ); +int RAND_bytes(unsigned char *buf,int num); +int RAND_pseudo_bytes(unsigned char *buf,int num); +void RAND_seed(const void *buf,int num); +void RAND_add(const void *buf,int num,double entropy); +int RAND_load_file(const char *file,long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file,size_t num); +int RAND_status(void); +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path,int bytes); +int RAND_poll(void); + +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) + +void RAND_screen(void); +int RAND_event(UINT, WPARAM, LPARAM); + +#endif + +#ifdef OPENSSL_FIPS +void RAND_set_fips_drbg_type(int type, int flags); +int RAND_init_fips(void); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_RAND_strings(void); + +/* Error codes for the RAND functions. */ + +/* Function codes. */ +#define RAND_F_RAND_GET_RAND_METHOD 101 +#define RAND_F_RAND_INIT_FIPS 102 +#define RAND_F_SSLEAY_RAND_BYTES 100 + +/* Reason codes. */ +#define RAND_R_DUAL_EC_DRBG_DISABLED 104 +#define RAND_R_ERROR_INITIALISING_DRBG 102 +#define RAND_R_ERROR_INSTANTIATING_DRBG 103 +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 +#define RAND_R_PRNG_NOT_SEEDED 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h new file mode 100644 index 0000000000..e542ec94ff --- /dev/null +++ b/include/openssl/rc2.h @@ -0,0 +1,103 @@ +/* crypto/rc2/rc2.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC2_H +#define HEADER_RC2_H + +#include /* OPENSSL_NO_RC2, RC2_INT */ +#ifdef OPENSSL_NO_RC2 +#error RC2 is disabled. +#endif + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +#define RC2_BLOCK 8 +#define RC2_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc2_key_st + { + RC2_INT data[64]; + } RC2_KEY; + +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +#endif +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, + int enc); +void RC2_encrypt(unsigned long *data,RC2_KEY *key); +void RC2_decrypt(unsigned long *data,RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h new file mode 100644 index 0000000000..88ceb46bc5 --- /dev/null +++ b/include/openssl/rc4.h @@ -0,0 +1,90 @@ +/* crypto/rc4/rc4.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC4_H +#define HEADER_RC4_H + +#include /* OPENSSL_NO_RC4, RC4_INT */ +#ifdef OPENSSL_NO_RC4 +#error RC4 is disabled. +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st + { + RC4_INT x,y; + RC4_INT data[256]; + } RC4_KEY; + + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h new file mode 100644 index 0000000000..189bd8c90e --- /dev/null +++ b/include/openssl/ripemd.h @@ -0,0 +1,107 @@ +/* crypto/ripemd/ripemd.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RIPEMD_H +#define HEADER_RIPEMD_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_RIPEMD +#error RIPEMD is disabled. +#endif + +#if defined(__LP32__) +#define RIPEMD160_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define RIPEMD160_LONG unsigned long +#define RIPEMD160_LONG_LOG2 3 +#else +#define RIPEMD160_LONG unsigned int +#endif + +#define RIPEMD160_CBLOCK 64 +#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +#define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st + { + RIPEMD160_LONG A,B,C,D,E; + RIPEMD160_LONG Nl,Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; + } RIPEMD160_CTX; + +#ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +#endif +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, + unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h new file mode 100644 index 0000000000..11853fee5f --- /dev/null +++ b/include/openssl/rsa.h @@ -0,0 +1,583 @@ +/* crypto/rsa/rsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +#define HEADER_RSA_H + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef OPENSSL_NO_RSA +#error RSA is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Declared already in ossl_typ.h */ +/* typedef struct rsa_st RSA; */ +/* typedef struct rsa_meth_st RSA_METHOD; */ + +struct rsa_meth_st + { + const char *name; + int (*rsa_pub_enc)(int flen,const unsigned char *from, + unsigned char *to, + RSA *rsa,int padding); + int (*rsa_pub_dec)(int flen,const unsigned char *from, + unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_enc)(int flen,const unsigned char *from, + unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_dec)(int flen,const unsigned char *from, + unsigned char *to, + RSA *rsa,int padding); + int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ + char *app_data; /* may be needed! */ +/* New sign and verify functions: some libraries don't allow arbitrary data + * to be signed/verified: this allows them to be used. Note: for this to work + * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used + * RSA_sign(), RSA_verify() should be used instead. Note: for backwards + * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER + * option is set in 'flags'. + */ + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); +/* If this callback is NULL, the builtin software RSA key-gen will be used. This + * is for behavioural compatibility whilst the code gets rewired, but one day + * it would be nice to assume there are no such things as "builtin software" + * implementations. */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + }; + +struct rsa_st + { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + long version; + const RSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + int references; + int flags; + + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + char *bignum_data; + BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; + }; + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif + +#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +#endif +#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ +#endif + +#define RSA_3 0x3L +#define RSA_F4 0x10001L + +#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */ + +#define RSA_FLAG_CACHE_PUBLIC 0x0002 +#define RSA_FLAG_CACHE_PRIVATE 0x0004 +#define RSA_FLAG_BLINDING 0x0008 +#define RSA_FLAG_THREAD_SAFE 0x0010 +/* This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag bn_mod_exp + * gets called when private key components are absent. + */ +#define RSA_FLAG_EXT_PKEY 0x0020 + +/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. + */ +#define RSA_FLAG_SIGN_VER 0x0040 + +#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +#ifndef OPENSSL_NO_DEPRECATED +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ + /* new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#endif + + +#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ + EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ + len, NULL) + +#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ + 0, plen) + +#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +#define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) + +#define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) + +#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +#define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +#define RSA_PKCS1_PADDING 1 +#define RSA_SSLV23_PADDING 2 +#define RSA_NO_PADDING 3 +#define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +#define RSA_PKCS1_PSS_PADDING 6 + +#define RSA_PKCS1_PADDING_SIZE 11 + +#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +#define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA * RSA_new(void); +RSA * RSA_new_method(ENGINE *engine); +int RSA_size(const RSA *rsa); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED +RSA * RSA_generate_key(int bits, unsigned long e,void + (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +int RSA_check_key(const RSA *); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +void RSA_free (RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* This function needs the memory locking malloc callbacks to be installed */ +int RSA_memory_lock(RSA *r); + +/* these are the actual SSLeay RSA functions */ +const RSA_METHOD *RSA_PKCS1_SSLeay(void); + +const RSA_METHOD *RSA_null_method(void); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +typedef struct rsa_pss_params_st + { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + } RSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +#ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *r,int offset); +#endif + +#ifndef OPENSSL_NO_BIO +int RSA_print(BIO *bp, const RSA *r,int offset); +#endif + +#ifndef OPENSSL_NO_RC4 +int i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify), + int sgckey); + +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, + int verify)); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, + int verify)); +#endif + +/* The following 2 functions sign and verify a X509_SIG ASN1 object + * inside PKCS#1 padded RSA encryption */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* The following 2 function sign and verify a ASN1_OCTET_STRING + * object inside PKCS#1 padded RSA encryption */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, + const unsigned char *f,int fl, + const unsigned char *p,int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len, + const unsigned char *p,int pl); +int RSA_padding_add_SSLv23(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_SSLv23(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_none(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_none(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl); +int RSA_padding_check_X931(unsigned char *to,int tlen, + const unsigned char *f,int fl,int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen); + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int RSA_set_ex_data(RSA *r,int idx,void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* If this flag is set the RSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define RSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* Application has decided PRNG is good enough to generate a key: don't + * check. + */ +#define RSA_FLAG_CHECKED 0x0800 + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_RSA_strings(void); + +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_CHECK_PADDING_MD 140 +#define RSA_F_DO_RSA_PRINT 146 +#define RSA_F_INT_RSA_VERIFY 145 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_OLD_RSA_PRIV_DECODE 147 +#define RSA_F_PKEY_RSA_CTRL 143 +#define RSA_F_PKEY_RSA_CTRL_STR 144 +#define RSA_F_PKEY_RSA_SIGN 142 +#define RSA_F_PKEY_RSA_VERIFY 154 +#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +#define RSA_F_RSA_BUILTIN_KEYGEN 129 +#define RSA_F_RSA_CHECK_KEY 123 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_GENERATE_KEY_EX 155 +#define RSA_F_RSA_ITEM_VERIFY 156 +#define RSA_F_RSA_MEMORY_LOCK 130 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_NULL 124 +#define RSA_F_RSA_NULL_MOD_EXP 131 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_ADD_X931 127 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PADDING_CHECK_X931 128 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_PRIVATE_DECRYPT 150 +#define RSA_F_RSA_PRIVATE_ENCRYPT 151 +#define RSA_F_RSA_PRIV_DECODE 137 +#define RSA_F_RSA_PRIV_ENCODE 138 +#define RSA_F_RSA_PUBLIC_DECRYPT 152 +#define RSA_F_RSA_PUBLIC_ENCRYPT 153 +#define RSA_F_RSA_PUB_DECODE 139 +#define RSA_F_RSA_SETUP_BLINDING 136 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +#define RSA_R_INVALID_DIGEST_LENGTH 143 +#define RSA_R_INVALID_HEADER 137 +#define RSA_R_INVALID_KEYBITS 145 +#define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_MGF1_MD 156 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_PADDING_MODE 141 +#define RSA_R_INVALID_PSS_PARAMETERS 149 +#define RSA_R_INVALID_PSS_SALTLEN 146 +#define RSA_R_INVALID_SALT_LENGTH 150 +#define RSA_R_INVALID_TRAILER 139 +#define RSA_R_INVALID_X931_DIGEST 142 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +#define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_NON_FIPS_RSA_METHOD 157 +#define RSA_R_NO_PUBLIC_EXPONENT 140 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 +#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS_DECODING_ERROR 159 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 +#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_MASK_DIGEST 151 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_UNKNOWN_PSS_DIGEST 152 +#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +#define RSA_R_VALUE_MISSING 147 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h new file mode 100644 index 0000000000..bc194cb268 --- /dev/null +++ b/include/openssl/safestack.h @@ -0,0 +1,2671 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SAFESTACK_H +#define HEADER_SAFESTACK_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef CHECKED_PTR_OF +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#endif + +/* In C++ we get problems because an explicit cast is needed from (void *) + * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +#define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +#define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +#define CHECKED_SK_FREE_FUNC2(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type))0))) + +#define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +#define STACK_OF(type) struct stack_st_##type +#define PREDECLARE_STACK_OF(type) STACK_OF(type); + +#define DECLARE_STACK_OF(type) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; +#define DECLARE_SPECIAL_STACK_OF(type, type2) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; + +#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ + + +/* Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * +o * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as + * mentioned above, instead of a single char each entry is a + * NUL-terminated array of chars. So, we have to implement STRING + * specially for STACK_OF. This is dealt with in the autogenerated + * macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* Similarly, we sometimes use a block of characters, NOT + * nul-terminated. These should also be distinguished from "normal" + * stacks. */ + +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* SKM_sk_... stack macros are internal to safestack.h: + * never use them directly, use sk__... instead */ +#define SKM_sk_new(type, cmp) \ + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +#define SKM_sk_new_null(type) \ + ((STACK_OF(type) *)sk_new_null()) +#define SKM_sk_free(type, st) \ + sk_free(CHECKED_STACK_OF(type, st)) +#define SKM_sk_num(type, st) \ + sk_num(CHECKED_STACK_OF(type, st)) +#define SKM_sk_value(type, st,i) \ + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) +#define SKM_sk_set(type, st,i,val) \ + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) +#define SKM_sk_zero(type, st) \ + sk_zero(CHECKED_STACK_OF(type, st)) +#define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +#define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +#define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +#define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +#define SKM_sk_set_cmp_func(type, st, cmp) \ + ((int (*)(const type * const *,const type * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) +#define SKM_sk_dup(type, st) \ + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +#define SKM_sk_shift(type, st) \ + (type *)sk_shift(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop(type, st) \ + (type *)sk_pop(CHECKED_STACK_OF(type, st)) +#define SKM_sk_sort(type, st) \ + sk_sort(CHECKED_STACK_OF(type, st)) +#define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) + +#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ + pp, length, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + ex_tag, ex_class) + +#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ + i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ + CHECKED_I2D_OF(type, i2d_func), \ + ex_tag, ex_class, is_set) + +#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ + ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ + CHECKED_I2D_OF(type, i2d_func), buf, len) + +#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ + (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) + +#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ + (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + pass, passlen, oct, seq) + +/* This block of defines is updated by util/mkstack.pl, please do not touch! */ +#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) +#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) +#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) +#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) +#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) +#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) +#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) +#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) +#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) +#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) +#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) + +#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) +#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) + +#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) +#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) +#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) +#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) +#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) +#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) +#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) +#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) + +#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) +#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) +#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) +#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) +#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) +#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) +#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) +#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) +#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) +#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) +#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) + +#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) +#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) +#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) +#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) +#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) +#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) +#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) +#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) +#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) +#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) +#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) + +#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) +#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) +#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) +#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) +#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) +#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) +#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) +#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) +#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) +#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) +#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) + +#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) +#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) +#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) +#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) +#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) +#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) +#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) +#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) +#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) +#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) +#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) + +#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) + +#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) +#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) +#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) +#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) +#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) +#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) +#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) +#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) +#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) +#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) +#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) + +#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) +#define sk_BIO_new_null() SKM_sk_new_null(BIO) +#define sk_BIO_free(st) SKM_sk_free(BIO, (st)) +#define sk_BIO_num(st) SKM_sk_num(BIO, (st)) +#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) +#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) +#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) +#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) +#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) +#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) +#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) +#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) +#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) +#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) +#define sk_BIO_dup(st) SKM_sk_dup(BIO, st) +#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) +#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) +#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) +#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) + +#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) + +#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) + +#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) +#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) + +#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) +#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) + +#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) +#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) + +#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) +#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) + +#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) +#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) +#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) +#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) +#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) +#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) +#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) +#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) + +#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) +#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) +#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) +#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) +#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) +#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) +#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) +#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) +#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) +#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) +#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) +#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) + +#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) +#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) +#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) +#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) +#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) +#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) +#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) +#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) +#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) +#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) +#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) +#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) +#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) +#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) +#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) +#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) + +#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) +#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) +#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) +#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) +#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) +#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) +#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) +#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) +#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) +#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) + +#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) +#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) +#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) +#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) +#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) +#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) +#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) +#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) +#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) +#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) +#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) + +#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) +#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) +#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) +#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) +#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) +#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) +#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) +#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) +#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) +#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) +#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) +#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) +#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) +#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) +#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) +#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) + +#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) +#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) +#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) +#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) +#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) +#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) +#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) +#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) +#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) +#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) +#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) +#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) +#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) +#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) +#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) +#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) +#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) +#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) +#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) +#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) + +#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) +#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) +#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) +#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) +#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) +#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) +#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) +#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) +#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) +#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) +#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) + +#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) + +#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) +#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) + +#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) +#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) +#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) +#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) +#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) +#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) +#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) +#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) +#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) + +#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) + +#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) + +#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) +#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) +#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) +#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) +#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) +#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) +#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) +#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) +#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) +#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) +#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) + +#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) +#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + +#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) + +#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) +#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) + +#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) +#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) + +#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) +#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) +#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) +#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) +#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) +#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) +#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) +#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) +#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) +#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) +#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) + +#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) +#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) +#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) +#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) +#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) +#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) +#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) +#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) +#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) +#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) +#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) + +#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) +#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) +#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) +#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) +#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) +#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) +#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) +#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) +#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) +#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) +#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) + +#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) +#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) +#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) +#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) +#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) +#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) +#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) +#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) +#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) +#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) +#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) + +#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) +#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) +#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) +#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) +#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) +#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) +#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) +#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) +#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) +#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) +#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) + +#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) +#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) +#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) +#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) +#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) +#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) +#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) +#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) +#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) +#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) +#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) + +#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) +#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) +#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) +#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) +#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) +#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) +#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) +#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) +#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) +#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) +#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) + +#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) +#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) +#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) +#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) +#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) +#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) +#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) +#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) +#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) +#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) +#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) + +#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) +#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) +#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) +#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) +#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) +#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) +#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) +#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) +#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) + +#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) +#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) + +#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) +#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) + +#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) +#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) +#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) +#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) +#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) +#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) +#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) +#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) +#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) +#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) +#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) + +#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) +#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) +#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) +#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) +#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) +#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) +#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) +#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) + +#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) +#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) +#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) +#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) +#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) +#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) +#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) +#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) + +#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + +#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) +#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) +#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) +#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) +#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) +#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) +#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) +#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) + +#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) +#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) +#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) +#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) +#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) +#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) +#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) +#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) +#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) +#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) +#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) + +#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) +#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) +#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) +#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) +#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) +#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) +#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) +#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) +#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) +#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) +#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) +#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) +#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) +#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) +#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) +#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) +#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) +#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) +#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) + +#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) +#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) +#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) +#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) +#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) +#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) +#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) +#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) +#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) +#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) +#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) + +#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) +#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) +#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) +#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) +#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) +#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) +#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) +#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) +#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) +#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) +#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) + +#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) +#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) +#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) +#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) +#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) +#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) +#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) +#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) +#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) +#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) +#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) +#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) +#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) +#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) +#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) +#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) + +#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) +#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) +#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) +#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) +#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) +#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) +#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) +#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) +#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) +#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) +#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) + +#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) + +#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) +#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) +#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) +#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) +#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) +#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) +#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) +#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) +#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) +#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) +#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) +#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) +#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) +#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) +#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) +#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) +#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) +#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) +#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) +#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) +#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) + +#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) +#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) +#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) +#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) +#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) +#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) +#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) +#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) +#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) +#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) +#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) + +#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) +#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) +#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) +#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) +#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) +#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) +#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) +#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) +#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) +#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) +#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) + +#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) +#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) +#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) +#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) +#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) +#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) + +#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) +#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) +#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) +#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) +#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) +#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) +#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) +#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) +#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) +#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) +#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) + +#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) +#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) +#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) +#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) +#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) +#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) +#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) +#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) +#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) +#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) +#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) +#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) +#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) +#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) +#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) +#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) + +#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) + +#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) + +#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) + +#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) +#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) +#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) +#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) +#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) +#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) +#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) +#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) +#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) +#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) +#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) +#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) +#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) +#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) +#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) +#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) +#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) +#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) +#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) +#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) + +#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) +#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) +#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) +#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) +#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) +#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) +#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) +#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) +#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) +#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) +#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) +#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) +#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) +#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) +#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) +#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) +#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) +#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) +#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) + +#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) +#define sk_X509_new_null() SKM_sk_new_null(X509) +#define sk_X509_free(st) SKM_sk_free(X509, (st)) +#define sk_X509_num(st) SKM_sk_num(X509, (st)) +#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) +#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) +#define sk_X509_zero(st) SKM_sk_zero(X509, (st)) +#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) +#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) +#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) +#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) +#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) +#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) +#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) +#define sk_X509_dup(st) SKM_sk_dup(X509, st) +#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) +#define sk_X509_shift(st) SKM_sk_shift(X509, (st)) +#define sk_X509_pop(st) SKM_sk_pop(X509, (st)) +#define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) + +#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) +#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) +#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) +#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) +#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) +#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) +#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) +#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) +#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) +#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) +#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) + +#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) +#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) +#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) +#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) +#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) +#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) +#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) +#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) +#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) +#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) +#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) +#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) +#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) +#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) +#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) +#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) + +#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) +#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) +#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) +#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) +#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) +#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) +#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) +#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) +#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) +#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) +#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) + +#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) +#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) +#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) +#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) +#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) +#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) +#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) +#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) +#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) +#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) +#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) +#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) +#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) +#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) +#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) +#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) +#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) +#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) +#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) + +#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) +#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) +#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) +#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) +#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) +#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) +#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) +#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) +#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) +#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) +#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) + +#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) +#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) +#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) +#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) +#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) +#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) +#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) +#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) +#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) +#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) +#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) +#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) +#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) +#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) +#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) +#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) +#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) +#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) +#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) + +#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) +#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) +#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) +#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) +#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) +#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) +#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) +#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) +#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) +#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) +#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) + +#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) +#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) +#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) +#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) +#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) +#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) +#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) +#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) +#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) +#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) +#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) +#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) +#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) +#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) +#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) +#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) +#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) +#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) +#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) + +#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) +#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) +#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) +#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) +#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) +#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) +#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) +#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) +#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) +#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) +#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) + +#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) +#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) +#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) +#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) +#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) +#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) +#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) +#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) +#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) +#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) +#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) +#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) +#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) +#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) +#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) +#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) +#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) + +#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) +#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) +#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) +#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) +#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) +#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) +#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) +#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) + +#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) +#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) +#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) +#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) +#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) +#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) +#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) +#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) + +#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) +#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) +#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) +#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) +#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) +#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) +#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) +#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) +#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) +#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) +#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) + +#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) +#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) +#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) +#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) +#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) +#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) +#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) +#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) +#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) +#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) +#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) +#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) +#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) +#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) +#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) +#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) + +#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) +#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) +#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) +#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) +#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) +#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) +#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) +#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) +#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) +#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) +#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) +#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) +#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) +#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) +#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) +#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) +#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) + +#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) +#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) + +#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) +#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) +#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) +#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) +#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) +#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) +#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) +#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) +#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) +#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) +#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) +#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) +#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) +#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) +#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) +#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) +#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) +#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) +#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) +#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) +#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) + +#define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +#define sk_void_new_null() SKM_sk_new_null(void) +#define sk_void_free(st) SKM_sk_free(void, (st)) +#define sk_void_num(st) SKM_sk_num(void, (st)) +#define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +#define sk_void_zero(st) SKM_sk_zero(void, (st)) +#define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +#define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) +#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +#define sk_void_dup(st) SKM_sk_dup(void, st) +#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +#define sk_void_shift(st) SKM_sk_shift(void, (st)) +#define sk_void_pop(st) SKM_sk_pop(void, (st)) +#define sk_void_sort(st) SKM_sk_sort(void, (st)) +#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) + +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + + +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) + + +#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + + +#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) + +#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) + +#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) + +#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_stats_bio(lh,out) \ + LHM_lh_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) + +#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) +#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) +#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) +#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) +#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) +#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) +#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) +#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) +#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) +#define lh_APP_INFO_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_stats_bio(lh,out) \ + LHM_lh_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) + +#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) +#define lh_CONF_VALUE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_stats_bio(lh,out) \ + LHM_lh_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) + +#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) +#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) +#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) +#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) + +#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) +#define lh_ERR_STATE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) + +#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) + +#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) + +#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) +#define lh_FUNCTION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_stats_bio(lh,out) \ + LHM_lh_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) + +#define lh_MEM_new() LHM_lh_new(MEM,mem) +#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) +#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) +#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) +#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) +#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) +#define lh_MEM_error(lh) LHM_lh_error(MEM,lh) +#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) +#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) +#define lh_MEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(MEM,lh,out) +#define lh_MEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(MEM,lh,out) +#define lh_MEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(MEM,lh,out) +#define lh_MEM_free(lh) LHM_lh_free(MEM,lh) + +#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) +#define lh_OBJ_NAME_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_stats_bio(lh,out) \ + LHM_lh_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) + +#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) +#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) +#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) + +#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) + +#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) +#define lh_SSL_SESSION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_stats_bio(lh,out) \ + LHM_lh_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) +/* End of util/mkstack.pl block, you may now edit :-) */ + + +#ifdef __cplusplus +} +#endif +#endif /* !defined HEADER_SAFESTACK_H */ diff --git a/include/openssl/seed.h b/include/openssl/seed.h new file mode 100644 index 0000000000..c50fdd3607 --- /dev/null +++ b/include/openssl/seed.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#ifndef HEADER_SEED_H +#define HEADER_SEED_H + +#include +#include +#include + +#ifdef OPENSSL_NO_SEED +#error SEED is disabled. +#endif + +#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +#endif + +#if !defined(NO_SYS_TYPES_H) +# include +#endif + +#define SEED_BLOCK_SIZE 16 +#define SEED_KEY_LENGTH 16 + + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct seed_key_st { +#ifdef SEED_LONG + unsigned long data[32]; +#else + unsigned int data[32]; +#endif +} SEED_KEY_SCHEDULE; + +#ifdef OPENSSL_FIPS +void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); +#endif +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SEED_H */ diff --git a/include/openssl/sha.h b/include/openssl/sha.h new file mode 100644 index 0000000000..8a6bf4bbbb --- /dev/null +++ b/include/openssl/sha.h @@ -0,0 +1,214 @@ +/* crypto/sha/sha.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SHA_H +#define HEADER_SHA_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +#error SHA is disabled. +#endif + +#if defined(OPENSSL_FIPS) +#define FIPS_SHA_SIZE_T size_t +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! SHA_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#if defined(__LP32__) +#define SHA_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define SHA_LONG unsigned long +#define SHA_LONG_LOG2 3 +#else +#define SHA_LONG unsigned int +#endif + +#define SHA_LBLOCK 16 +#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA_LAST_BLOCK (SHA_CBLOCK-8) +#define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st + { + SHA_LONG h0,h1,h2,h3,h4; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; + } SHA_CTX; + +#ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif +int SHA_Init(SHA_CTX *c); +int SHA_Update(SHA_CTX *c, const void *data, size_t len); +int SHA_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); +void SHA_Transform(SHA_CTX *c, const unsigned char *data); +#endif +#ifndef OPENSSL_NO_SHA1 +#ifdef OPENSSL_FIPS +int private_SHA1_Init(SHA_CTX *c); +#endif +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +#endif + +#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st + { + SHA_LONG h[8]; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num,md_len; + } SHA256_CTX; + +#ifndef OPENSSL_NO_SHA256 +#ifdef OPENSSL_FIPS +int private_SHA224_Init(SHA256_CTX *c); +int private_SHA256_Init(SHA256_CTX *c); +#endif +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +#endif + +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +#ifndef OPENSSL_NO_SHA512 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. */ +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define SHA_LONG64 unsigned __int64 +#define U64(C) C##UI64 +#elif defined(__arch64__) +#define SHA_LONG64 unsigned long +#define U64(C) C##UL +#else +#define SHA_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +typedef struct SHA512state_st + { + SHA_LONG64 h[8]; + SHA_LONG64 Nl,Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num,md_len; + } SHA512_CTX; +#endif + +#ifndef OPENSSL_NO_SHA512 +#ifdef OPENSSL_FIPS +int private_SHA384_Init(SHA512_CTX *c); +int private_SHA512_Init(SHA512_CTX *c); +#endif +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/srp.h b/include/openssl/srp.h new file mode 100644 index 0000000000..7ec7825cad --- /dev/null +++ b/include/openssl/srp.h @@ -0,0 +1,172 @@ +/* crypto/srp/srp.h */ +/* Written by Christophe Renou (christophe.renou@edelweb.fr) with + * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) + * for the EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef __SRP_H__ +#define __SRP_H__ + +#ifndef OPENSSL_NO_SRP + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include + +typedef struct SRP_gN_cache_st + { + char *b64_bn; + BIGNUM *bn; + } SRP_gN_cache; + + +DECLARE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st + { + char *id; + BIGNUM *s; + BIGNUM *v; + const BIGNUM *g; + const BIGNUM *N; + char *info; + } SRP_user_pwd; + +DECLARE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st + { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + BIGNUM *default_g; + BIGNUM *default_N; + } SRP_VBASE; + + +/*Structure interne pour retenir les couples N et g*/ +typedef struct SRP_gN_st + { + char *id; + BIGNUM *g; + BIGNUM *N; + } SRP_gN; + +DECLARE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +int SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file); +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g); + + +#define SRP_NO_ERROR 0 +#define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +#define SRP_ERR_VBASE_BN_LIB 2 +#define SRP_ERR_OPEN_FILE 3 +#define SRP_ERR_MEMORY 4 + +#define DB_srptype 0 +#define DB_srpverifier 1 +#define DB_srpsalt 2 +#define DB_srpid 3 +#define DB_srpgN 4 +#define DB_srpinfo 5 +#undef DB_NUMBER +#define DB_NUMBER 6 + +#define DB_SRP_INDEX 'I' +#define DB_SRP_VALID 'V' +#define DB_SRP_REVOKED 'R' +#define DB_SRP_MODIF 'v' + + +/* see srp.c */ +char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); +SRP_gN *SRP_get_default_gN(const char * id) ; + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N); +BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); +int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); +BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ; + + + +/* client side .... */ +BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); +BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u); +int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); + +#define SRP_MINIMAL_N 1024 + +#ifdef __cplusplus +} +#endif + +#endif +#endif diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h new file mode 100644 index 0000000000..096b624d0d --- /dev/null +++ b/include/openssl/srtp.h @@ -0,0 +1,151 @@ +/* ssl/srtp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* + DTLS code by Eric Rescorla + + Copyright (C) 2006, Network Resonance, Inc. + Copyright (C) 2011, RTFM, Inc. +*/ + +#ifndef HEADER_D1_SRTP_H +#define HEADER_D1_SRTP_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +#define SRTP_AES128_CM_SHA1_80 0x0001 +#define SRTP_AES128_CM_SHA1_32 0x0002 +#define SRTP_AES128_F8_SHA1_80 0x0003 +#define SRTP_AES128_F8_SHA1_32 0x0004 +#define SRTP_NULL_SHA1_80 0x0005 +#define SRTP_NULL_SHA1_32 0x0006 + +#ifndef OPENSSL_NO_SRTP + +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h new file mode 100644 index 0000000000..2ba5923204 --- /dev/null +++ b/include/openssl/ssl.h @@ -0,0 +1,2617 @@ +/* ssl/ssl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_SSL_H +#define HEADER_SSL_H + +#include + +#ifndef OPENSSL_NO_COMP +#include +#endif +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_X509 +#include +#endif +#include +#include +#include +#endif +#include +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* SSLeay version number for ASN.1 encoding of the session information */ +/* Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +#define SSL_SESSION_ASN1_VERSION 0x0001 + +/* text strings for the ciphers */ +#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA + +/* VRS Additional Kerberos5 entries + */ +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 + +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 + +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +#define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MAX_MASTER_KEY_LENGTH 48 + + +/* These are used to specify which ciphers to use and not to use */ + +#define SSL_TXT_EXP40 "EXPORT40" +#define SSL_TXT_EXP56 "EXPORT56" +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" + +#define SSL_TXT_kFZA "kFZA" /* unused! */ +#define SSL_TXT_aFZA "aFZA" /* unused! */ +#define SSL_TXT_eFZA "eFZA" /* unused! */ +#define SSL_TXT_FZA "FZA" /* unused! */ + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ +#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ +#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ +#define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_kECDHr "kECDHr" +#define SSL_TXT_kECDHe "kECDHe" +#define SSL_TXT_kECDH "kECDH" +#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kPSK "kPSK" +#define SSL_TXT_kGOST "kGOST" +#define SSL_TXT_kSRP "kSRP" + +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ +#define SSL_TXT_aECDH "aECDH" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_aECDSA "aECDSA" +#define SSL_TXT_aPSK "aPSK" +#define SSL_TXT_aGOST94 "aGOST94" +#define SSL_TXT_aGOST01 "aGOST01" +#define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" + +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_ECDH "ECDH" +#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ +#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDSA "ECDSA" +#define SSL_TXT_KRB5 "KRB5" +#define SSL_TXT_PSK "PSK" +#define SSL_TXT_SRP "SRP" + +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" +#define SSL_TXT_AES128 "AES128" +#define SSL_TXT_AES256 "AES256" +#define SSL_TXT_AES "AES" +#define SSL_TXT_AES_GCM "AESGCM" +#define SSL_TXT_CAMELLIA128 "CAMELLIA128" +#define SSL_TXT_CAMELLIA256 "CAMELLIA256" +#define SSL_TXT_CAMELLIA "CAMELLIA" + +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ +#define SSL_TXT_GOST94 "GOST94" +#define SSL_TXT_GOST89MAC "GOST89MAC" +#define SSL_TXT_SHA256 "SHA256" +#define SSL_TXT_SHA384 "SHA384" + +#define SSL_TXT_SSLV2 "SSLv2" +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_TLSV1 "TLSv1" +#define SSL_TXT_TLSV1_1 "TLSv1.1" +#define SSL_TXT_TLSV1_2 "TLSv1.2" + +#define SSL_TXT_EXP "EXP" +#define SSL_TXT_EXPORT "EXPORT" + +#define SSL_TXT_ALL "ALL" + +/* + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* The following cipher list is used by default. + * It also is substituted when an application-defined cipher list string + * starts with 'DEFAULT'. */ +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! + * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable + * some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) +#define OPENSSL_NO_SSL2 +#endif + +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* This is needed to stop compilers complaining about the + * 'struct ssl_st *' function parameters used to prototype callbacks + * in SSL_CTX. */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st + { + const char *name; + unsigned long id; + } SRTP_PROTECTION_PROFILE; + +DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); + + +#ifndef OPENSSL_NO_SSL_INTERN + +/* used to hold info on the particular ciphers used */ +struct ssl_cipher_st + { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + + /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */ + unsigned long algorithm_mkey; /* key exchange algorithm */ + unsigned long algorithm_auth; /* server authentication */ + unsigned long algorithm_enc; /* symmetric encryption */ + unsigned long algorithm_mac; /* symmetric authentication */ + unsigned long algorithm_ssl; /* (major) protocol version */ + + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ + }; + + +/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +struct ssl_method_st + { + int version; + int (*ssl_new)(SSL *s); + void (*ssl_clear)(SSL *s); + void (*ssl_free)(SSL *s); + int (*ssl_accept)(SSL *s); + int (*ssl_connect)(SSL *s); + int (*ssl_read)(SSL *s,void *buf,int len); + int (*ssl_peek)(SSL *s,void *buf,int len); + int (*ssl_write)(SSL *s,const void *buf,int len); + int (*ssl_shutdown)(SSL *s); + int (*ssl_renegotiate)(SSL *s); + int (*ssl_renegotiate_check)(SSL *s); + long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long + max, int *ok); + int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, + int peek); + int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); + int (*ssl_dispatch_alert)(SSL *s); + long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); + int (*ssl_pending)(const SSL *s); + int (*num_ciphers)(void); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); + const struct ssl_method_st *(*get_ssl_method)(int version); + long (*get_timeout)(void); + struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + int (*ssl_version)(void); + long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); + long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); + }; + +/* Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET STRING, -- the 3 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key + * KRB5_principal OCTET STRING -- optional Kerberos principal + * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' + * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension + * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint + * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity + * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket + * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) + * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method + * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +struct ssl_session_st + { + int ssl_version; /* what ssl version session info is + * being kept in here? */ + + /* only really used in SSLv2 */ + unsigned int key_arg_length; + unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + /* this is used to determine whether the session is being reused in + * the appropriate context. It is up to the application to set this, + * via SSL_new */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + +#ifndef OPENSSL_NO_KRB5 + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +#endif /* OPENSSL_NO_KRB5 */ +#ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + char *psk_identity; +#endif + /* Used to indicate that session resumption is not allowed. + * Applications can also set this bit for a new session via + * not_resumable_session_cb to disable session caching and tickets. */ + int not_resumable; + + /* The cert is the certificate used to establish this connection */ + struct sess_cert_st /* SESS_CERT */ *sess_cert; + + /* This is the cert for the other end. + * On clients, it will be the same as sess_cert->peer_key->x509 + * (the latter is not enough as sess_cert is not retained + * in the external representation of sessions, see ssl_asn1.c). */ + X509 *peer; + /* when app_verify_callback accepts a session where the peer's certificate + * is not ok, we must remember the error for session reuse: */ + long verify_result; /* only for servers */ + + int references; + long timeout; + long time; + + unsigned int compress_meth; /* Need to lookup the method */ + + const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this + * needs to be used to load + * the 'cipher' structure */ + + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + + CRYPTO_EX_DATA ex_data; /* application specific data */ + + /* These are used to make removal of session-ids more + * efficient and to implement a maximum cache size. */ + struct ssl_session_st *prev,*next; +#ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; +#ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; /* peer's list */ + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; /* peer's list */ +#endif /* OPENSSL_NO_EC */ + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +#endif +#ifndef OPENSSL_NO_SRP + char *srp_username; +#endif + }; + +#endif + +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +#define SSL_OP_TLSEXT_PADDING 0x00000010L +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L +#define SSL_OP_TLS_D5_BUG 0x00000100L +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 + +/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include + * it in SSL_OP_ALL. */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ + +/* SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. */ +#define SSL_OP_ALL 0x80000BFFL + +/* DTLS options */ +#define SSL_OP_NO_QUERY_MTU 0x00001000L +/* Turn on Cookie Exchange (on relevant for servers) */ +#define SSL_OP_COOKIE_EXCHANGE 0x00002000L +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +#define SSL_OP_CISCO_ANYCONNECT 0x00008000L + +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Don't use compression even if supported */ +#define SSL_OP_NO_COMPRESSION 0x00020000L +/* Permit unsafe legacy renegotiation */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L +/* If set, always create a new key when using tmp_ecdh parameters */ +#define SSL_OP_SINGLE_ECDH_USE 0x00080000L +/* If set, always create a new key when using tmp_dh parameters */ +#define SSL_OP_SINGLE_DH_USE 0x00100000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 +/* Set on servers to choose the cipher according to the server's + * preferences */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +/* If set, a server will allow a client to issue a SSLv3.0 version number + * as latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. */ +#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L + +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L +#define SSL_OP_NO_TLSv1_2 0x08000000L +#define SSL_OP_NO_TLSv1_1 0x10000000L + +/* These next two were never actually used for anything since SSLeay + * zap so we have some more flags. + */ +/* The next flag deliberately changes the ciphertest, this is a check + * for the PKCS#1 attack */ +#define SSL_OP_PKCS1_CHECK_1 0x0 +#define SSL_OP_PKCS1_CHECK_2 0x0 + +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +/* Make server add server-hello extension from early version of + * cryptopro draft, when GOST ciphersuite is negotiated. + * Required for interoperability with CryptoPro CSP 3.x + */ +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L + +/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): */ +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +/* Make it possible to retry SSL_write() with changed buffer location + * (buffer contents must stay the same!); this is not the default to avoid + * the misconception that non-blocking SSL_write() behaves like + * non-blocking write(): */ +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) "Released" buffers are put onto a free-list in the context + * or just freed (depending on the context's setting for freelist_max_len). */ +#define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set only by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. + * Only use this in explicit fallback retries, following the guidance + * in draft-ietf-tls-downgrade-scsv-00. + */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L + +/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ + +#define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_CTX_clear_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) +#define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_clear_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + +#define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +#define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +#define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +#define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +#define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +#define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +#ifndef OPENSSL_NO_HEARTBEATS +#define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) +#endif + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +#ifndef OPENSSL_NO_SRP + +#ifndef OPENSSL_NO_SSL_INTERN + +typedef struct srp_ctx_st + { + /* param for all the callbacks */ + void *SRP_cb_arg; + /* set client Hello login callback */ + int (*TLS_ext_srp_username_callback)(SSL *, int *, void *); + /* set SRP N/g param callback for verification */ + int (*SRP_verify_param_callback)(SSL *, void *); + /* set SRP client passwd callback */ + char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); + + char *login; + BIGNUM *N,*g,*s,*B,*A; + BIGNUM *a,*b,*v; + char *info; + int strength; + + unsigned long srp_Mask; + } SRP_CTX; + +#endif + +/* see tls_srp.c */ +int SSL_SRP_CTX_init(SSL *s); +int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +int SSL_srp_server_param_with_username(SSL *s, int *ad); +int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); +int SRP_Calc_A_param(SSL *s); +int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); + +#endif + +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) +#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ +#else +#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ +#endif + +#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* This callback type is used inside SSL_CTX, SSL, and in the functions that set + * them. It is used to override the generation of SSL/TLS session IDs in a + * server. Return value should be zero on an error, non-zero to proceed. Also, + * callbacks should themselves check if the id they generate is unique otherwise + * the SSL handshake will fail with an error - callbacks can do this using the + * 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) + * The length value passed in is set at the maximum size the session ID can be. + * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback + * can alter this length to be less if desired, but under SSLv2 session IDs are + * supposed to be fixed at 16 bytes so the id will be padded after the callback + * returns in this case. It is also an error for the callback to set the size to + * zero. */ +typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, + unsigned int *id_len); + +typedef struct ssl_comp_st SSL_COMP; + +#ifndef OPENSSL_NO_SSL_INTERN + +struct ssl_comp_st + { + int id; + const char *name; +#ifndef OPENSSL_NO_COMP + COMP_METHOD *method; +#else + char *method; +#endif + }; + +DECLARE_STACK_OF(SSL_COMP) +DECLARE_LHASH_OF(SSL_SESSION); + +struct ssl_ctx_st + { + const SSL_METHOD *method; + + STACK_OF(SSL_CIPHER) *cipher_list; + /* same as above but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + struct x509_store_st /* X509_STORE */ *cert_store; + LHASH_OF(SSL_SESSION) *sessions; + /* Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ + unsigned long session_cache_size; + struct ssl_session_st *session_cache_head; + struct ssl_session_st *session_cache_tail; + + /* This can have one of 2 values, ored together, + * SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, + * Default is SSL_SESSION_CACHE_SERVER, which means only + * SSL_accept which cache SSL_SESSIONS. */ + int session_cache_mode; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + /* If this callback is not null, it will be called each + * time a session id is added to the cache. If this function + * returns 1, it means that the callback will do a + * SSL_SESSION_free() when it has finished using it. Otherwise, + * on 0, it means the callback has finished with it. + * If remove_session_cb is not null, it will be called when + * a session-id is removed from the cache. After the call, + * OpenSSL will SSL_SESSION_free() it. */ + int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + unsigned char *data,int len,int *copy); + + struct + { + int sess_connect; /* SSL new conn - started */ + int sess_connect_renegotiate;/* SSL reneg - requested */ + int sess_connect_good; /* SSL new conne/reneg - finished */ + int sess_accept; /* SSL new accept - started */ + int sess_accept_renegotiate;/* SSL reneg - requested */ + int sess_accept_good; /* SSL accept/reneg - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* reuse attempt on timeouted session */ + int sess_cache_full; /* session removed due to full cache */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not + * in the cache was + * passed back via the callback. This + * indicates that the application is + * supplying session-id's from other + * processes - spooky :-) */ + } stats; + + int references; + + /* if defined, these override the X509_verify_cert() calls */ + int (*app_verify_callback)(X509_STORE_CTX *, void *); + void *app_verify_arg; + /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored + * ('app_verify_callback' was called with just one argument) */ + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + /* get client cert callback */ + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + + /* cookie generate callback */ + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); + + /* verify cookie callback */ + int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int cookie_len); + + CRYPTO_EX_DATA ex_data; + + const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ + + STACK_OF(X509) *extra_certs; + STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ + + + /* Default values used when no per-SSL value is defined follow */ + + void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ + + /* what we put in client cert requests */ + STACK_OF(X509_NAME) *client_CA; + + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + unsigned long options; + unsigned long mode; + long max_cert_list; + + struct cert_st /* CERT */ *cert; + int read_ahead; + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + X509_VERIFY_PARAM *param; + +#if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +#endif + + int quiet_shutdown; + + /* Maximum amount of data to send in one fragment. + * actual record size can be more than this due to + * padding and MAC overheads. + */ + unsigned int max_send_fragment; + +#ifndef OPENSSL_NO_ENGINE + /* Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +#endif + +#ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback)(SSL*, int *, void *); + void *tlsext_servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb)(SSL *ssl, void *arg); + void *tlsext_status_arg; + + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ + int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); + void *tlsext_opaque_prf_input_callback_arg; +#endif + +#ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len); +#endif + +#ifndef OPENSSL_NO_BUF_FREELISTS +#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 + unsigned int freelist_max_len; + struct ssl3_buf_freelist_st *wbuf_freelist; + struct ssl3_buf_freelist_st *rbuf_freelist; +#endif +#ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +#endif + +#ifndef OPENSSL_NO_TLSEXT + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation information */ + /* (for experimental NPN extension). */ + + /* For a server, this contains a callback function by which the set of + * advertised protocols can be provided. */ + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, + unsigned int *len, void *arg); + void *next_protos_advertised_cb_arg; + /* For a client, this contains a callback function that selects the + * next protocol from the list provided by the server. */ + int (*next_proto_select_cb)(SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); + void *next_proto_select_cb_arg; +# endif + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +#endif + }; + +#endif + +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +#define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +#define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +#define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +#define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +#define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +#define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +#define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +#define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +#define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +#define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +#endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); +#ifndef OPENSSL_NO_NEXTPROTONEG +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), + void *arg); + +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, unsigned int client_len); +void SSL_get0_next_proto_negotiated(const SSL *s, + const unsigned char **data, unsigned *len); + +#define OPENSSL_NPN_UNSUPPORTED 0 +#define OPENSSL_NPN_NEGOTIATED 1 +#define OPENSSL_NPN_NO_OVERLAP 2 +#endif + +#ifndef OPENSSL_NO_PSK +/* the maximum length of the buffer given to callbacks containing the + * resulting identity/psk */ +#define PSK_MAX_IDENTITY_LEN 128 +#define PSK_MAX_PSK_LEN 256 +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)); +void SSL_set_psk_client_callback(SSL *ssl, + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len)); +void SSL_set_psk_server_callback(SSL *ssl, + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len)); +int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +#endif + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 + +/* These will only be used when doing non-blocking IO */ +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) + +#define SSL_MAC_FLAG_READ_MAC_STREAM 1 +#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +#ifndef OPENSSL_NO_SSL_INTERN + +struct ssl_st + { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + + const SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + +#ifndef OPENSSL_NO_BIO + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ +#else + char *rbio; /* used by SSL_read */ + char *wbio; /* used by SSL_write */ + char *bbio; +#endif + /* This holds a variable that indicates what we were doing + * when a 0 or -1 is returned. This is needed for + * non-blocking IO so we know what request needs re-doing when + * in SSL_accept or SSL_connect */ + int rwstate; + + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + int (*handshake_func)(SSL *); + + /* Imagine that here's a boolean member "init" that is + * switched as soon as SSL_set_{accept/connect}_state + * is called for the first time, so that "state" and + * "handshake_func" are properly initialized. But as + * handshake_func is == 0 until then, we use this + * test instead of an "init" member. + */ + + int server; /* are we the server side? - mostly used by SSL_clear*/ + + int new_session;/* Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + int quiet_shutdown;/* don't send shutdown packets */ + int shutdown; /* we have shut things down, 0x01 sent, 0x02 + * for received */ + int state; /* where we are */ + int rstate; /* where we are when reading */ + + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + + struct ssl2_state_st *s2; /* SSLv2 variables */ + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + int read_ahead; /* Read as many input bytes as possible + * (for non-blocking reads) */ + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int hit; /* reusing a previous session */ + + X509_VERIFY_PARAM *param; + +#if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +#endif + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + /* These are the ones being used, the ones in SSL_SESSION are + * the ones to be 'copied' into these ones */ + int mac_flags; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *expand; /* uncompress */ +#else + char *expand; +#endif + + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +#else + char *compress; +#endif + + /* session info */ + + /* client cert? */ + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ + + void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ + + int error; /* error bytes to be written */ + int error_code; /* actual code */ + +#ifndef OPENSSL_NO_KRB5 + KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ +#endif /* OPENSSL_NO_KRB5 */ + +#ifndef OPENSSL_NO_PSK + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len); +#endif + + SSL_CTX *ctx; + /* set this flag to 1 and a sleep(1) is put into all SSL_read() + * and SSL_write() calls, good for nbio debuging :-) */ + int debug; + + /* extra application data */ + long verify_result; + CRYPTO_EX_DATA ex_data; + + /* for server side, keep the list of CA_dn we can use */ + STACK_OF(X509_NAME) *client_CA; + + int references; + unsigned long options; /* protocol behaviour */ + unsigned long mode; /* API behaviour */ + long max_cert_list; + int first_packet; + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ + unsigned int max_send_fragment; +#ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb)(SSL *s, int client_server, int type, + unsigned char *data, int len, + void *arg); + void *tlsext_debug_arg; + char *tlsext_hostname; + int servername_done; /* no further mod of servername + 0 : call the servername extension callback. + 1 : prepare 2, allow last ack just after in server callback. + 2 : don't call servername callback, no ack in server hello + */ + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; +#ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; /* our list */ + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; /* our list */ +#endif /* OPENSSL_NO_EC */ + + /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ + void *tlsext_opaque_prf_input; + size_t tlsext_opaque_prf_input_len; + + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *tlsext_session_ticket; + + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; + void *tls_session_ticket_ext_cb_arg; + + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn tls_session_secret_cb; + void *tls_session_secret_cb_arg; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ + +#ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. + * + * For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, + * before the Finished message. */ + unsigned char *next_proto_negotiated; + unsigned char next_proto_negotiated_len; +#endif + +#define session_ctx initial_ctx + + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ + SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ + + unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? + 0: disabled + 1: enabled + 2: enabled, but not allowed to send Requests + */ + unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ + unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ +#else +#define session_ctx ctx +#endif /* OPENSSL_NO_TLSEXT */ + + int renegotiate;/* 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) */ + +#ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +#endif + }; + +#endif + +#ifdef __cplusplus +} +#endif + +#include +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include /* Datagram TLS */ +#include +#include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* compatibility */ +#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) + +/* The following are the possible values for ssl->state are are + * used to indicate where we are up to in the SSL connection establishment. + * The macros that follow are about the only things you should need to use + * and even then, only when using non-blocking IO. + * It can also be useful to work out where you were when the connection + * failed */ + +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 +#define SSL_ST_MASK 0x0FFF +#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +#define SSL_ST_BEFORE 0x4000 +#define SSL_ST_OK 0x03 +#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +#define SSL_get_state(a) SSL_state(a) +#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) +#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) +#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) +#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) +#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) + +/* The following 2 states are kept in ssl->rstate when reads fail, + * you should not need these */ +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 + +/* Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options + * are 'ored' with SSL_VERIFY_PEER if they are desired */ +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 + +#define OpenSSL_add_ssl_algorithms() SSL_library_init() +#define SSLeay_add_ssl_algorithms() SSL_library_init() + +/* this is for backward compatibility */ +#if 0 /* NEW_SSLEAY */ +#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) +#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) +#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) +#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) +#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +#endif +/* More backward compatibility */ +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_time(a) SSL_SESSION_get_time(a) +#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + +#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ + +/* These alert types are for SSLv3 and TLSv1 */ +#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ + +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 + +#define SSL_CTRL_NEED_TMP_RSA 1 +#define SSL_CTRL_SET_TMP_RSA 2 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 +#define SSL_CTRL_SET_TMP_RSA_CB 5 +#define SSL_CTRL_SET_TMP_DH_CB 6 +#define SSL_CTRL_SET_TMP_ECDH_CB 7 + +#define SSL_CTRL_GET_SESSION_REUSED 8 +#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_GET_FLAGS 13 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 + +#define SSL_CTRL_SET_MSG_CALLBACK 15 +#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 + +/* only applies to datagram connections */ +#define SSL_CTRL_SET_MTU 17 +/* Stats */ +#define SSL_CTRL_SESS_NUMBER 20 +#define SSL_CTRL_SESS_CONNECT 21 +#define SSL_CTRL_SESS_CONNECT_GOOD 22 +#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +#define SSL_CTRL_SESS_ACCEPT 24 +#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +#define SSL_CTRL_SESS_HIT 27 +#define SSL_CTRL_SESS_CB_HIT 28 +#define SSL_CTRL_SESS_MISSES 29 +#define SSL_CTRL_SESS_TIMEOUTS 30 +#define SSL_CTRL_SESS_CACHE_FULL 31 +#define SSL_CTRL_OPTIONS 32 +#define SSL_CTRL_MODE 33 + +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +#define SSL_CTRL_GET_SESS_CACHE_MODE 45 + +#define SSL_CTRL_GET_MAX_CERT_LIST 50 +#define SSL_CTRL_SET_MAX_CERT_LIST 51 + +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 + +/* see tls1.h for macros based on these */ +#ifndef OPENSSL_NO_TLSEXT +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 +#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 +#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 + +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 + +#define SSL_CTRL_SET_SRP_ARG 78 +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +#ifndef OPENSSL_NO_HEARTBEATS +#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 +#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 +#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +#endif +#endif + +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define DTLS_CTRL_LISTEN 75 + +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_OPTIONS 77 +#define SSL_CTRL_CLEAR_MODE 78 + +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + +#define SSL_CTRL_CHECK_PROTO_VERSION 119 +#define DTLS_CTRL_SET_LINK_MTU 120 +#define DTLS_CTRL_GET_LINK_MIN_MTU 121 + +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +#define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) + +#define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) +#define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) + +#define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + +#define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_set_tmp_rsa(ssl,rsa) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + +#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +#define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +#define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) + +#ifndef OPENSSL_NO_BIO +BIO_METHOD *BIO_f_ssl(void); +BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +int BIO_ssl_copy_session_id(BIO *to,BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +#endif + +int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); +SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_free(SSL_CTX *); +long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); +int SSL_want(const SSL *s); +int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); + +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); +unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char * SSL_get_cipher_list(const SSL *s,int n); +char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL * s); +int SSL_pending(const SSL *s); +#ifndef OPENSSL_NO_SOCK +int SSL_set_fd(SSL *s, int fd); +int SSL_set_rfd(SSL *s, int fd); +int SSL_set_wfd(SSL *s, int fd); +#endif +#ifndef OPENSSL_NO_BIO +void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); +BIO * SSL_get_rbio(const SSL *s); +BIO * SSL_get_wbio(const SSL *s); +#endif +int SSL_set_cipher_list(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); +void SSL_set_verify(SSL *s, int mode, + int (*callback)(int ok,X509_STORE_CTX *ctx)); +void SSL_set_verify_depth(SSL *s, int depth); +#ifndef OPENSSL_NO_RSA +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +#endif +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + +#ifndef OPENSSL_NO_STDIO +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +#ifndef OPENSSL_SYS_VMS +#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +#endif +#endif + +#endif + +void SSL_load_error_strings(void ); +const char *SSL_state_string(const SSL *s); +const char *SSL_rstate_string(const SSL *s); +const char *SSL_state_string_long(const SSL *s); +const char *SSL_rstate_string_long(const SSL *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); +long SSL_SESSION_set_time(SSL_SESSION *s, long t); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); +long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +void SSL_copy_session_id(SSL *to,const SSL *from); +X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL_SESSION *SSL_SESSION_new(void); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +#ifndef OPENSSL_NO_FP_API +int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); +#endif +#ifndef OPENSSL_NO_BIO +int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +#endif +void SSL_SESSION_free(SSL_SESSION *ses); +int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, + long length); + +#ifdef HEADER_X509_H +X509 * SSL_get_peer_certificate(const SSL *s); +#endif + +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); +void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, + int (*callback)(int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); +#ifndef OPENSSL_NO_RSA +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +#endif +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, + const unsigned char *d, long len); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); + +int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL * SSL_new(SSL_CTX *ctx); +int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +int SSL_set_purpose(SSL *s, int purpose); +int SSL_CTX_set_trust(SSL_CTX *s, int trust); +int SSL_set_trust(SSL *s, int trust); + +int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +#ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb)(SSL *,void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb)(SSL *,void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb)(SSL *,int *,void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +BIGNUM *SSL_get_srp_g(SSL *s); +BIGNUM *SSL_get_srp_N(SSL *s); + +char *SSL_get_srp_username(SSL *s); +char *SSL_get_srp_userinfo(SSL *s); +#endif + +void SSL_free(SSL *ssl); +int SSL_accept(SSL *ssl); +int SSL_connect(SSL *ssl); +int SSL_read(SSL *ssl,void *buf,int num); +int SSL_peek(SSL *ssl,void *buf,int num); +int SSL_write(SSL *ssl,const void *buf,int num); +long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +int SSL_get_error(const SSL *s,int ret_code); +const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +#ifndef OPENSSL_NO_SSL2 +const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +#endif + +#ifndef OPENSSL_NO_SSL3_METHOD +const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +#endif + +const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */ +const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */ +const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */ + +const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ + +const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ + + +const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + +int SSL_do_handshake(SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +int SSL_renegotiate_pending(SSL *s); +int SSL_shutdown(SSL *s); + +const SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +const char *SSL_alert_type_string_long(int value); +const char *SSL_alert_type_string(int value); +const char *SSL_alert_desc_string_long(int value); +const char *SSL_alert_desc_string(int value); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +int SSL_add_client_CA(SSL *ssl,X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +long SSL_get_default_timeout(const SSL *s); + +int SSL_library_init(void ); + +char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); +STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); + +SSL *SSL_dup(SSL *ssl); + +X509 *SSL_get_certificate(const SSL *ssl); +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl,int mode); +int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl,int mode); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ +SSL_SESSION *SSL_get_session(const SSL *ssl); +SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb)(const SSL *ssl,int type,int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); +int SSL_state(const SSL *ssl); +void SSL_set_state(SSL *ssl, int state); + +void SSL_set_verify_result(SSL *ssl,long v); +long SSL_get_verify_result(const SSL *ssl); + +int SSL_set_ex_data(SSL *ssl,int idx,void *data); +void *SSL_get_ex_data(const SSL *ssl,int idx); +int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); +int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_get_ex_data_X509_STORE_CTX_idx(void ); + +#define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +#define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +#define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +#define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +#define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +#define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +#define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +#define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +#define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +#define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) + + /* NB: the keylength is only applicable when is_export is true */ +#ifndef OPENSSL_NO_RSA +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*cb)(SSL *ssl,int is_export, + int keylength)); + +void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl,int is_export, + int keylength)); +#endif +#ifndef OPENSSL_NO_DH +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); +#endif +#ifndef OPENSSL_NO_ECDH +void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, + EC_KEY *(*ecdh)(SSL *ssl,int is_export, + int keylength)); +void SSL_set_tmp_ecdh_callback(SSL *ssl, + EC_KEY *(*ecdh)(SSL *ssl,int is_export, + int keylength)); +#endif + +#ifndef OPENSSL_NO_COMP +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); +#else +const void *SSL_get_current_compression(SSL *s); +const void *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const void *comp); +void *SSL_COMP_get_compression_methods(void); +int SSL_COMP_add_compression_method(int id,void *cm); +#endif + +/* TLS extensions functions */ +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); + +void SSL_set_debug(SSL *s, int debug); +int SSL_cache_hit(SSL *s); + +#ifndef OPENSSL_NO_UNIT_TEST +const struct openssl_ssl_test_functions *SSL_test_functions(void); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_SSL_strings(void); + +/* Error codes for the SSL functions. */ + +/* Function codes. */ +#define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_FINISHED 167 +#define SSL_F_CLIENT_HELLO 101 +#define SSL_F_CLIENT_MASTER_KEY 102 +#define SSL_F_D2I_SSL_SESSION 103 +#define SSL_F_DO_DTLS1_WRITE 245 +#define SSL_F_DO_SSL3_WRITE 104 +#define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 +#define SSL_F_DTLS1_BUFFER_RECORD 247 +#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 +#define SSL_F_DTLS1_CLIENT_HELLO 248 +#define SSL_F_DTLS1_CONNECT 249 +#define SSL_F_DTLS1_ENC 250 +#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +#define SSL_F_DTLS1_GET_MESSAGE 252 +#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +#define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 +#define SSL_F_DTLS1_HEARTBEAT 305 +#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +#define SSL_F_DTLS1_PROCESS_RECORD 257 +#define SSL_F_DTLS1_READ_BYTES 258 +#define SSL_F_DTLS1_READ_FAILED 259 +#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +#define SSL_F_GET_CLIENT_FINISHED 105 +#define SSL_F_GET_CLIENT_HELLO 106 +#define SSL_F_GET_CLIENT_MASTER_KEY 107 +#define SSL_F_GET_SERVER_FINISHED 108 +#define SSL_F_GET_SERVER_HELLO 109 +#define SSL_F_GET_SERVER_VERIFY 110 +#define SSL_F_I2D_SSL_SESSION 111 +#define SSL_F_READ_N 112 +#define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_FINISH 239 +#define SSL_F_SERVER_HELLO 114 +#define SSL_F_SERVER_VERIFY 240 +#define SSL_F_SSL23_ACCEPT 115 +#define SSL_F_SSL23_CLIENT_HELLO 116 +#define SSL_F_SSL23_CONNECT 117 +#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +#define SSL_F_SSL23_GET_SERVER_HELLO 119 +#define SSL_F_SSL23_PEEK 237 +#define SSL_F_SSL23_READ 120 +#define SSL_F_SSL23_WRITE 121 +#define SSL_F_SSL2_ACCEPT 122 +#define SSL_F_SSL2_CONNECT 123 +#define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 +#define SSL_F_SSL2_PEEK 234 +#define SSL_F_SSL2_READ 125 +#define SSL_F_SSL2_READ_INTERNAL 236 +#define SSL_F_SSL2_SET_CERTIFICATE 126 +#define SSL_F_SSL2_WRITE 127 +#define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_ADD_CERT_TO_BUF 296 +#define SSL_F_SSL3_CALLBACK_CTRL 233 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +#define SSL_F_SSL3_CLIENT_HELLO 131 +#define SSL_F_SSL3_CONNECT 132 +#define SSL_F_SSL3_CTRL 213 +#define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +#define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_STATUS 289 +#define SSL_F_SSL3_GET_CERT_VERIFY 136 +#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +#define SSL_F_SSL3_GET_FINISHED 140 +#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +#define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +#define SSL_F_SSL3_GET_NEXT_PROTO 306 +#define SSL_F_SSL3_GET_RECORD 143 +#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +#define SSL_F_SSL3_GET_SERVER_DONE 145 +#define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_HANDSHAKE_MAC 285 +#define SSL_F_SSL3_NEW_SESSION_TICKET 287 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_PEEK 235 +#define SSL_F_SSL3_READ_BYTES 148 +#define SSL_F_SSL3_READ_N 149 +#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_HELLO 242 +#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +#define SSL_F_SSL3_SETUP_READ_BUFFER 156 +#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +#define SSL_F_SSL3_WRITE_BYTES 158 +#define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +#define SSL_F_SSL_BAD_METHOD 160 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_DUP 221 +#define SSL_F_SSL_CERT_INST 222 +#define SSL_F_SSL_CERT_INSTANTIATE 214 +#define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +#define SSL_F_SSL_CLEAR 164 +#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +#define SSL_F_SSL_CREATE_CIPHER_LIST 166 +#define SSL_F_SSL_CTRL 232 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +#define SSL_F_SSL_CTX_MAKE_PROFILES 309 +#define SSL_F_SSL_CTX_NEW 169 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +#define SSL_F_SSL_CTX_SET_PURPOSE 226 +#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +#define SSL_F_SSL_CTX_SET_TRUST 229 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +#define SSL_F_SSL_DO_HANDSHAKE 180 +#define SSL_F_SSL_GET_NEW_SESSION 181 +#define SSL_F_SSL_GET_PREV_SESSION 217 +#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 +#define SSL_F_SSL_GET_SIGN_PKEY 183 +#define SSL_F_SSL_INIT_WBIO_BUFFER 184 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +#define SSL_F_SSL_NEW 186 +#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +#define SSL_F_SSL_PEEK 270 +#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 +#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 +#define SSL_F_SSL_READ 223 +#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 +#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +#define SSL_F_SSL_SESSION_NEW 189 +#define SSL_F_SSL_SESSION_PRINT_FP 190 +#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +#define SSL_F_SSL_SESS_CERT_NEW 225 +#define SSL_F_SSL_SET_CERT 191 +#define SSL_F_SSL_SET_CIPHER_LIST 271 +#define SSL_F_SSL_SET_FD 192 +#define SSL_F_SSL_SET_PKEY 193 +#define SSL_F_SSL_SET_PURPOSE 227 +#define SSL_F_SSL_SET_RFD 194 +#define SSL_F_SSL_SET_SESSION 195 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +#define SSL_F_SSL_SET_TRUST 228 +#define SSL_F_SSL_SET_WFD 196 +#define SSL_F_SSL_SHUTDOWN 224 +#define SSL_F_SSL_SRP_CTX_INIT 313 +#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 +#define SSL_F_SSL_UNDEFINED_FUNCTION 197 +#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +#define SSL_F_SSL_USE_CERTIFICATE 198 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +#define SSL_F_SSL_USE_PRIVATEKEY 201 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +#define SSL_F_SSL_WRITE 208 +#define SSL_F_TLS1_CERT_VERIFY_MAC 286 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 +#define SSL_F_TLS1_ENC 210 +#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +#define SSL_F_TLS1_HEARTBEAT 315 +#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 +#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 +#define SSL_F_TLS1_PRF 284 +#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +#define SSL_F_WRITE_PENDING 212 + +/* Reason codes. */ +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +#define SSL_R_BAD_ALERT_RECORD 101 +#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CHECKSUM 104 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_G_LENGTH 108 +#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +#define SSL_R_BAD_DH_P_LENGTH 110 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECDSA_SIGNATURE 305 +#define SSL_R_BAD_ECPOINT 306 +#define SSL_R_BAD_HANDSHAKE_LENGTH 332 +#define SSL_R_BAD_HELLO_REQUEST 105 +#define SSL_R_BAD_LENGTH 271 +#define SSL_R_BAD_MAC_DECODE 113 +#define SSL_R_BAD_MAC_LENGTH 333 +#define SSL_R_BAD_MESSAGE_TYPE 114 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 +#define SSL_R_BAD_RESPONSE_ARGUMENT 117 +#define SSL_R_BAD_RSA_DECRYPT 118 +#define SSL_R_BAD_RSA_ENCRYPT 119 +#define SSL_R_BAD_RSA_E_LENGTH 120 +#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 +#define SSL_R_BAD_RSA_SIGNATURE 122 +#define SSL_R_BAD_SIGNATURE 123 +#define SSL_R_BAD_SRP_A_LENGTH 347 +#define SSL_R_BAD_SRP_B_LENGTH 348 +#define SSL_R_BAD_SRP_G_LENGTH 349 +#define SSL_R_BAD_SRP_N_LENGTH 350 +#define SSL_R_BAD_SRP_PARAMETERS 371 +#define SSL_R_BAD_SRP_S_LENGTH 351 +#define SSL_R_BAD_SRTP_MKI_VALUE 352 +#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +#define SSL_R_BAD_SSL_FILETYPE 124 +#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 +#define SSL_R_BAD_STATE 126 +#define SSL_R_BAD_WRITE_RETRY 127 +#define SSL_R_BIO_NOT_SET 128 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +#define SSL_R_BN_LIB 130 +#define SSL_R_CA_DN_LENGTH_MISMATCH 131 +#define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CCS_RECEIVED_EARLY 133 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +#define SSL_R_CERT_LENGTH_MISMATCH 135 +#define SSL_R_CHALLENGE_IS_DIFFERENT 136 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +#define SSL_R_CLIENTHELLO_TLSEXT 226 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +#define SSL_R_COMPRESSION_DISABLED 343 +#define SSL_R_COMPRESSION_FAILURE 141 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 +#define SSL_R_CONNECTION_TYPE_NOT_SET 144 +#define SSL_R_COOKIE_MISMATCH 308 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +#define SSL_R_DATA_LENGTH_TOO_LONG 146 +#define SSL_R_DECRYPTION_FAILED 147 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +#define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 +#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 +#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 +#define SSL_R_HTTPS_PROXY_REQUEST 155 +#define SSL_R_HTTP_REQUEST 156 +#define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 +#define SSL_R_INCONSISTENT_COMPRESSION 340 +#define SSL_R_INVALID_CHALLENGE_LENGTH 158 +#define SSL_R_INVALID_COMMAND 280 +#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +#define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_SRP_USERNAME 357 +#define SSL_R_INVALID_STATUS_RESPONSE 328 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +#define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KRB5 285 +#define SSL_R_KRB5_C_CC_PRINC 286 +#define SSL_R_KRB5_C_GET_CRED 287 +#define SSL_R_KRB5_C_INIT 288 +#define SSL_R_KRB5_C_MK_REQ 289 +#define SSL_R_KRB5_S_BAD_TICKET 290 +#define SSL_R_KRB5_S_INIT 291 +#define SSL_R_KRB5_S_RD_REQ 292 +#define SSL_R_KRB5_S_TKT_EXPIRED 293 +#define SSL_R_KRB5_S_TKT_NYV 294 +#define SSL_R_KRB5_S_TKT_SKEW 295 +#define SSL_R_LENGTH_MISMATCH 159 +#define SSL_R_LENGTH_TOO_SHORT 160 +#define SSL_R_LIBRARY_BUG 274 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MESSAGE_TOO_LONG 296 +#define SSL_R_MISSING_DH_DSA_CERT 162 +#define SSL_R_MISSING_DH_KEY 163 +#define SSL_R_MISSING_DH_RSA_CERT 164 +#define SSL_R_MISSING_DSA_SIGNING_CERT 165 +#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 +#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 +#define SSL_R_MISSING_RSA_CERTIFICATE 168 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +#define SSL_R_MISSING_RSA_SIGNING_CERT 170 +#define SSL_R_MISSING_SRP_PARAM 358 +#define SSL_R_MISSING_TMP_DH_KEY 171 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 +#define SSL_R_MISSING_TMP_RSA_KEY 172 +#define SSL_R_MISSING_TMP_RSA_PKEY 173 +#define SSL_R_MISSING_VERIFY_MESSAGE 174 +#define SSL_R_MULTIPLE_SGC_RESTARTS 346 +#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +#define SSL_R_NO_CERTIFICATES_RETURNED 176 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +#define SSL_R_NO_CERTIFICATE_RETURNED 178 +#define SSL_R_NO_CERTIFICATE_SET 179 +#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 +#define SSL_R_NO_CIPHERS_AVAILABLE 181 +#define SSL_R_NO_CIPHERS_PASSED 182 +#define SSL_R_NO_CIPHERS_SPECIFIED 183 +#define SSL_R_NO_CIPHER_LIST 184 +#define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 331 +#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_PRIVATEKEY 189 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +#define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 339 +#define SSL_R_NO_REQUIRED_DIGEST 324 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_SRTP_PROFILES 359 +#define SSL_R_NO_VERIFY_CALLBACK 194 +#define SSL_R_NULL_SSL_CTX 195 +#define SSL_R_NULL_SSL_METHOD_PASSED 196 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 +#define SSL_R_PACKET_LENGTH_TOO_LONG 198 +#define SSL_R_PARSE_TLSEXT 227 +#define SSL_R_PATH_TOO_LONG 270 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +#define SSL_R_PEER_ERROR 200 +#define SSL_R_PEER_ERROR_CERTIFICATE 201 +#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 +#define SSL_R_PEER_ERROR_NO_CIPHER 203 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 +#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +#define SSL_R_PSK_NO_CLIENT_CB 224 +#define SSL_R_PSK_NO_SERVER_CB 225 +#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 +#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 +#define SSL_R_PUBLIC_KEY_NOT_RSA 210 +#define SSL_R_READ_BIO_NOT_SET 211 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 +#define SSL_R_READ_WRONG_PACKET_TYPE 212 +#define SSL_R_RECORD_LENGTH_MISMATCH 213 +#define SSL_R_RECORD_TOO_LARGE 214 +#define SSL_R_RECORD_TOO_SMALL 298 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +#define SSL_R_RENEGOTIATION_MISMATCH 337 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 +#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 +#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 +#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +#define SSL_R_SERVERHELLO_TLSEXT 275 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +#define SSL_R_SHORT_READ 219 +#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +#define SSL_R_SRP_A_CALC 361 +#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +#define SSL_R_SSL_HANDSHAKE_FAILURE 229 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +#define SSL_R_TLS_HEARTBEAT_PENDING 366 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 +#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 +#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 +#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 +#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 +#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +#define SSL_R_UNEXPECTED_MESSAGE 244 +#define SSL_R_UNEXPECTED_RECORD 245 +#define SSL_R_UNINITIALIZED 276 +#define SSL_R_UNKNOWN_ALERT_TYPE 246 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +#define SSL_R_UNKNOWN_CIPHER_TYPE 249 +#define SSL_R_UNKNOWN_DIGEST 368 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PKEY_TYPE 251 +#define SSL_R_UNKNOWN_PROTOCOL 252 +#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 +#define SSL_R_UNKNOWN_SSL_VERSION 254 +#define SSL_R_UNKNOWN_STATE 255 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +#define SSL_R_UNSUPPORTED_CIPHER 256 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +#define SSL_R_UNSUPPORTED_PROTOCOL 258 +#define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_WRITE_BIO_NOT_SET 260 +#define SSL_R_WRONG_CIPHER_RETURNED 261 +#define SSL_R_WRONG_MESSAGE_TYPE 262 +#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 +#define SSL_R_WRONG_SIGNATURE_LENGTH 264 +#define SSL_R_WRONG_SIGNATURE_SIZE 265 +#define SSL_R_WRONG_SIGNATURE_TYPE 370 +#define SSL_R_WRONG_SSL_VERSION 266 +#define SSL_R_WRONG_VERSION_NUMBER 267 +#define SSL_R_X509_LIB 268 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h new file mode 100644 index 0000000000..eb25dcb0bf --- /dev/null +++ b/include/openssl/ssl2.h @@ -0,0 +1,272 @@ +/* ssl/ssl2.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL2_H +#define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Protocol Version Codes */ +#define SSL2_VERSION 0x0002 +#define SSL2_VERSION_MAJOR 0x00 +#define SSL2_VERSION_MINOR 0x02 +/* #define SSL2_CLIENT_VERSION 0x0002 */ +/* #define SSL2_SERVER_VERSION 0x0002 */ + +/* Protocol Message Codes */ +#define SSL2_MT_ERROR 0 +#define SSL2_MT_CLIENT_HELLO 1 +#define SSL2_MT_CLIENT_MASTER_KEY 2 +#define SSL2_MT_CLIENT_FINISHED 3 +#define SSL2_MT_SERVER_HELLO 4 +#define SSL2_MT_SERVER_VERIFY 5 +#define SSL2_MT_SERVER_FINISHED 6 +#define SSL2_MT_REQUEST_CERTIFICATE 7 +#define SSL2_MT_CLIENT_CERTIFICATE 8 + +/* Error Message Codes */ +#define SSL2_PE_UNDEFINED_ERROR 0x0000 +#define SSL2_PE_NO_CIPHER 0x0001 +#define SSL2_PE_NO_CERTIFICATE 0x0002 +#define SSL2_PE_BAD_CERTIFICATE 0x0004 +#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 + +/* Cipher Kind Values */ +#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ +#define SSL2_CK_RC4_128_WITH_MD5 0x02010080 +#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 +#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 +#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 +#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 +#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 +#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ +#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 +#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ +#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ + +#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ +#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ + +#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" +#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" +#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" +#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" +#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" +#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" +#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" +#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" +#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" +#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" +#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" +#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" + +#define SSL2_TXT_NULL "NULL" + +/* Flags for the SSL_CIPHER.algorithm2 field */ +#define SSL2_CF_5_BYTE_ENC 0x01 +#define SSL2_CF_8_BYTE_ENC 0x02 + +/* Certificate Type Codes */ +#define SSL2_CT_X509_CERTIFICATE 0x01 + +/* Authentication Type Code */ +#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 + +#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 + +/* Upper/Lower Bounds */ +#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 +#ifdef OPENSSL_SYS_MPE +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u +#else +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ +#endif +#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ + +#define SSL2_CHALLENGE_LENGTH 16 +/*#define SSL2_CHALLENGE_LENGTH 32 */ +#define SSL2_MIN_CHALLENGE_LENGTH 16 +#define SSL2_MAX_CHALLENGE_LENGTH 32 +#define SSL2_CONNECTION_ID_LENGTH 16 +#define SSL2_MAX_CONNECTION_ID_LENGTH 16 +#define SSL2_SSL_SESSION_ID_LENGTH 16 +#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 +#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 +#define SSL2_MAX_KEY_MATERIAL_LENGTH 24 + +#ifndef HEADER_SSL_LOCL_H +#define CERT char +#endif + +#ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl2_state_st + { + int three_byte_header; + int clear_text; /* clear text */ + int escape; /* not used in SSLv2 */ + int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ + + /* non-blocking io info, used to make sure the same + * args were passwd */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; + const unsigned char *wpend_buf; + + int wpend_off; /* offset to data to write */ + int wpend_len; /* number of bytes passwd to write */ + int wpend_ret; /* number of bytes to return to caller */ + + /* buffer raw data */ + int rbuf_left; + int rbuf_offs; + unsigned char *rbuf; + unsigned char *wbuf; + + unsigned char *write_ptr;/* used to point to the start due to + * 2/3 byte header. */ + + unsigned int padding; + unsigned int rlength; /* passed to ssl2_enc */ + int ract_data_length; /* Set when things are encrypted. */ + unsigned int wlength; /* passed to ssl2_enc */ + int wact_data_length; /* Set when things are decrypted. */ + unsigned char *ract_data; + unsigned char *wact_data; + unsigned char *mac_data; + + unsigned char *read_key; + unsigned char *write_key; + + /* Stuff specifically to do with this SSL session */ + unsigned int challenge_length; + unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; + unsigned int conn_id_length; + unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; + unsigned int key_material_length; + unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; + + unsigned long read_sequence; + unsigned long write_sequence; + + struct { + unsigned int conn_id_length; + unsigned int cert_type; + unsigned int cert_length; + unsigned int csl; + unsigned int clear; + unsigned int enc; + unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; + unsigned int cipher_spec_length; + unsigned int session_id_length; + unsigned int clen; + unsigned int rlen; + } tmp; + } SSL2_STATE; + +#endif + +/* SSLv2 */ +/* client */ +#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) +#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) +#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) +#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) +#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) +/* server */ +#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) +#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) +#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) +#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) +#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/ssl23.h b/include/openssl/ssl23.h new file mode 100644 index 0000000000..d3228983c7 --- /dev/null +++ b/include/openssl/ssl23.h @@ -0,0 +1,83 @@ +/* ssl/ssl23.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL23_H +#define HEADER_SSL23_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*client */ +/* write to server */ +#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) +#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) +/* read from server */ +#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) +#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) + +/* server */ +/* read from client */ +#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) +#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h new file mode 100644 index 0000000000..6fad054e03 --- /dev/null +++ b/include/openssl/ssl3.h @@ -0,0 +1,706 @@ +/* ssl/ssl3.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_SSL3_H +#define HEADER_SSL3_H + +#ifndef OPENSSL_NO_COMP +#include +#endif +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ +#define SSL3_CK_SCSV 0x030000FF + +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + +#define SSL3_CK_RSA_NULL_MD5 0x03000001 +#define SSL3_CK_RSA_NULL_SHA 0x03000002 +#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 + +#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +#if 0 + #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C + #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D + #if 0 /* Because it clashes with KRB5, is never used any more, and is safe + to remove according to David Hopwood + of the ietf-tls list */ + #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E + #endif +#endif + +/* VRS Additional Kerberos5 entries + */ +#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 + +#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B + +#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +#if 0 + #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" + #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" + #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +#endif + +#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" + +#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" + +#define SSL3_SSL_SESSION_ID_LENGTH 32 +#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL3_MASTER_SECRET_SIZE 48 +#define SSL3_RANDOM_SIZE 32 +#define SSL3_SESSION_ID_SIZE 32 +#define SSL3_RT_HEADER_LENGTH 5 + +#ifndef SSL3_ALIGN_PAYLOAD + /* Some will argue that this increases memory footprint, but it's + * not actually true. Point is that malloc has to return at least + * 64-bit aligned pointers, meaning that allocating 5 bytes wastes + * 3 bytes in either case. Suggested pre-gaping simply moves these + * wasted bytes from the end of allocated region to its front, + * but makes data payload aligned, which improves performance:-) */ +# define SSL3_ALIGN_PAYLOAD 8 +#else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +#endif + +/* This is the maximum MAC (digest) size used by the SSL library. + * Currently maximum of 20 is used by SHA1, but we reserve for + * future extension for 512-bit hashes. + */ + +#define SSL3_RT_MAX_MD_SIZE 64 + +/* Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +#define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +#define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* The standards give a maximum encryption overhead of 1024 bytes. + * In practice the value is lower than this. The overhead is the maximum + * number of padding bytes (256) plus the mac size. + */ +#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) + +/* OpenSSL currently only uses a padding length of at most one block so + * the send overhead is smaller. + */ + +#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +#ifdef OPENSSL_NO_COMP +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#else +#define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +#endif +#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +#define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 +#define TLS1_RT_HEARTBEAT 24 + +#define SSL3_AL_WARNING 1 +#define SSL3_AL_FATAL 2 + +#define SSL3_AD_CLOSE_NOTIFY 0 +#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +#define SSL3_AD_NO_CERTIFICATE 41 +#define SSL3_AD_BAD_CERTIFICATE 42 +#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL3_AD_CERTIFICATE_REVOKED 44 +#define SSL3_AD_CERTIFICATE_EXPIRED 45 +#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ + +#define TLS1_HB_REQUEST 1 +#define TLS1_HB_RESPONSE 2 + +#ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl3_record_st + { +/*r */ int type; /* type of record */ +/*rw*/ unsigned int length; /* How many bytes available */ +/*r */ unsigned int off; /* read/write offset into 'buf' */ +/*rw*/ unsigned char *data; /* pointer to the record data */ +/*rw*/ unsigned char *input; /* where the decode bytes are */ +/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ +/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ +/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ + } SSL3_RECORD; + +typedef struct ssl3_buffer_st + { + unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, + * see ssl3_setup_buffers() */ + size_t len; /* buffer size */ + int offset; /* where to 'copy from' */ + int left; /* how many bytes left */ + } SSL3_BUFFER; + +#endif + +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_DSS_SIGN 2 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_DSS_FIXED_DH 4 +#define SSL3_CT_RSA_EPHEMERAL_DH 5 +#define SSL3_CT_DSS_EPHEMERAL_DH 6 +#define SSL3_CT_FORTEZZA_DMS 20 +/* SSL3_CT_NUMBER is used to size arrays and it must be large + * enough to contain all of the cert types defined either for + * SSLv3 and TLSv1. + */ +#define SSL3_CT_NUMBER 9 + + +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 +#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +/* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ +#define SSL3_FLAGS_CCS_OK 0x0080 + +/* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us + * from restarting the handshake in a loop. It's reset on a + * renegotiation, so effectively limits the client to one restart + * per negotiation. This limits the possibility of a DDoS + * attack where the client handshakes in a loop using SGC to + * restart. Servers which permit renegotiation can still be + * effected, but we can't prevent that. + */ +#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + +#ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl3_state_st + { + long flags; + int delay_buf_pop_ret; + + unsigned char read_sequence[8]; + int read_mac_secret_size; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; + int write_mac_secret_size; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + + /* The value of 'extra' when the buffers were initialized */ + int init_extra; + + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + + SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD wrec; /* goes out from here */ + + /* storage for Alert/Handshake protocol data received but not + * yet processed by ssl3_read_bytes: */ + unsigned char alert_fragment[2]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[4]; + unsigned int handshake_fragment_len; + + /* partial write - check the numbers match */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; /* number bytes written */ + int wpend_type; + int wpend_ret; /* number of bytes submitted */ + const unsigned char *wpend_buf; + + /* used during startup, digest all incoming/outgoing packets */ + BIO *handshake_buffer; + /* When set of handshake digests is determined, buffer is hashed + * and freed and MD_CTX-es for all required digests are stored in + * this array */ + EVP_MD_CTX **handshake_dgst; + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ + int change_cipher_spec; + + int warn_alert; + int fatal_alert; + /* we allow one fatal and one warning alert to be outstanding, + * send close alert via the warning alert */ + int alert_dispatch; + unsigned char send_alert[2]; + + /* This flag is set when we should renegotiate ASAP, basically when + * there is no more data in the read or write buffers */ + int renegotiate; + int total_renegotiations; + int num_renegotiations; + + int in_read_app_data; + + /* Opaque PRF input as used for the current handshake. + * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined + * (otherwise, they are merely present to improve binary compatibility) */ + void *client_opaque_prf_input; + size_t client_opaque_prf_input_len; + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; + + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; + + /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ + unsigned char finish_md[EVP_MAX_MD_SIZE*2]; + int finish_md_len; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; + int peer_finish_md_len; + + unsigned long message_size; + int message_type; + + /* used to hold the new cipher we are going to use */ + const SSL_CIPHER *new_cipher; +#ifndef OPENSSL_NO_DH + DH *dh; +#endif + +#ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; /* holds short lived ECDH key */ +#endif + + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + + int reuse_message; + + /* used for certificate requests */ + int cert_req; + int ctype_num; + char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; + + int key_block_length; + unsigned char *key_block; + + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; + int new_mac_pkey_type; + int new_mac_secret_size; +#ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +#else + char *new_compression; +#endif + int cert_request; + } tmp; + + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +#ifndef OPENSSL_NO_NEXTPROTONEG + /* Set if we saw the Next Protocol Negotiation extension from our peer. */ + int next_proto_neg_seen; +#endif + +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_TLSEXT */ + } SSL3_STATE; + +#endif + +/* SSLv3 */ +/*client */ +/* extra state */ +#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) +#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) +#endif +/* write to server */ +#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +#endif +#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) + +/* server */ +/* extra state */ +#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) +#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) +#endif +/* read from client */ +/* Do not change the number values, they do matter */ +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +/* write to client */ +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +/* read from client */ +#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +#endif +#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +/* write to client */ +#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) + +#define SSL3_MT_HELLO_REQUEST 0 +#define SSL3_MT_CLIENT_HELLO 1 +#define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_NEWSESSION_TICKET 4 +#define SSL3_MT_CERTIFICATE 11 +#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +#define SSL3_MT_CERTIFICATE_REQUEST 13 +#define SSL3_MT_SERVER_DONE 14 +#define SSL3_MT_CERTIFICATE_VERIFY 15 +#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +#define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_MT_NEXT_PROTO 67 +#endif +#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + + +#define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +#define SSL3_CC_READ 0x01 +#define SSL3_CC_WRITE 0x02 +#define SSL3_CC_CLIENT 0x10 +#define SSL3_CC_SERVER 0x20 +#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/stack.h b/include/openssl/stack.h new file mode 100644 index 0000000000..ce35e554eb --- /dev/null +++ b/include/openssl/stack.h @@ -0,0 +1,108 @@ +/* crypto/stack/stack.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_STACK_H +#define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st + { + int num; + char **data; + int sorted; + + int num_alloc; + int (*comp)(const void *, const void *); + } _STACK; /* Use STACK_OF(...) instead */ + +#define M_sk_num(sk) ((sk) ? (sk)->num:-1) +#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); + +void *sk_set(_STACK *, int, void *); + +_STACK *sk_new(int (*cmp)(const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_find_ex(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *))) + (const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h new file mode 100644 index 0000000000..bd2f000d59 --- /dev/null +++ b/include/openssl/symhacks.h @@ -0,0 +1,481 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SYMHACKS_H +#define HEADER_SYMHACKS_H + +#include + +/* Hacks to solve the problem with linkers incapable of handling very long + symbol names. In the case of VMS, the limit is 31 characters on VMS for + VAX. */ +/* Note that this affects util/libeay.num and util/ssleay.num... you may + change those manually, but that's not recommended, as those files are + controlled centrally and updated on Unix, and the central definition + may disagree with yours, which in turn may come with shareable library + incompatibilities. */ +#ifdef OPENSSL_SYS_VMS + +/* Hack a long name in crypto/ex_data.c */ +#undef CRYPTO_get_ex_data_implementation +#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl +#undef CRYPTO_set_ex_data_implementation +#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl + +/* Hack a long name in crypto/asn1/a_mbstr.c */ +#undef ASN1_STRING_set_default_mask_asc +#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ +#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO +#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF +#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO +#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF +#endif + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ +#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO +#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF +#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO +#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF +#endif + +#if 0 /* No longer needed, since safestack macro magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ +#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION +#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC +#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION +#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC +#endif + +/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ +#undef PEM_read_NETSCAPE_CERT_SEQUENCE +#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ +#undef PEM_write_NETSCAPE_CERT_SEQUENCE +#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ +#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ +#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ +#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE +#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ + +/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ +#undef PEM_read_PKCS8_PRIV_KEY_INFO +#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO +#undef PEM_write_PKCS8_PRIV_KEY_INFO +#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO +#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO +#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO +#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO +#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO + +/* Hack other PEM names */ +#undef PEM_write_bio_PKCS8PrivateKey_nid +#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid + +/* Hack some long X509 names */ +#undef X509_REVOKED_get_ext_by_critical +#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +#undef X509_policy_tree_get0_user_policies +#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies +#undef X509_policy_node_get0_qualifiers +#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers +#undef X509_STORE_CTX_get_explicit_policy +#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +#undef X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer + +/* Hack some long CRYPTO names */ +#undef CRYPTO_set_dynlock_destroy_callback +#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb +#undef CRYPTO_set_dynlock_create_callback +#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb +#undef CRYPTO_set_dynlock_lock_callback +#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +#undef CRYPTO_get_dynlock_lock_callback +#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +#undef CRYPTO_get_dynlock_destroy_callback +#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb +#undef CRYPTO_get_dynlock_create_callback +#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb +#undef CRYPTO_set_locked_mem_ex_functions +#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs +#undef CRYPTO_get_locked_mem_ex_functions +#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs + +/* Hack some long SSL names */ +#undef SSL_CTX_set_default_verify_paths +#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +#undef SSL_get_ex_data_X509_STORE_CTX_idx +#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx +#undef SSL_add_file_cert_subjects_to_stack +#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk +#undef SSL_add_dir_cert_subjects_to_stack +#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk +#undef SSL_CTX_use_certificate_chain_file +#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file +#undef SSL_CTX_set_cert_verify_callback +#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +#undef SSL_CTX_set_default_passwd_cb_userdata +#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +#undef SSL_COMP_get_compression_methods +#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +#undef ssl_add_clienthello_renegotiate_ext +#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +#undef ssl_add_serverhello_renegotiate_ext +#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +#undef ssl_parse_clienthello_renegotiate_ext +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +#undef ssl_parse_serverhello_renegotiate_ext +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext +#undef SSL_srp_server_param_with_username +#define SSL_srp_server_param_with_username SSL_srp_server_param_with_un +#undef SSL_CTX_set_srp_client_pwd_callback +#define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb +#undef SSL_CTX_set_srp_verify_param_callback +#define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb +#undef SSL_CTX_set_srp_username_callback +#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb +#undef ssl_add_clienthello_use_srtp_ext +#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext +#undef ssl_add_serverhello_use_srtp_ext +#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext +#undef ssl_parse_clienthello_use_srtp_ext +#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext +#undef ssl_parse_serverhello_use_srtp_ext +#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext +#undef SSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb +#undef SSL_CTX_set_next_proto_select_cb +#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early + +/* Hack some long ENGINE names */ +#undef ENGINE_get_default_BN_mod_exp_crt +#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt +#undef ENGINE_set_default_BN_mod_exp_crt +#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt +#undef ENGINE_set_load_privkey_function +#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +#undef ENGINE_get_load_privkey_function +#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_unregister_pkey_asn1_meths +#define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths +#undef ENGINE_register_all_pkey_asn1_meths +#define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths +#undef ENGINE_set_default_pkey_asn1_meths +#define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths +#undef ENGINE_get_pkey_asn1_meth_engine +#define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng +#undef ENGINE_set_load_ssl_client_cert_function +#define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +#undef ENGINE_get_ssl_client_cert_function +#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn + +/* Hack some long OCSP names */ +#undef OCSP_REQUEST_get_ext_by_critical +#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +#undef OCSP_BASICRESP_get_ext_by_critical +#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit +#undef OCSP_SINGLERESP_get_ext_by_critical +#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit + +/* Hack some long DES names */ +#undef _ossl_old_des_ede3_cfb64_encrypt +#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt +#undef _ossl_old_des_ede3_ofb64_encrypt +#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt + +/* Hack some long EVP names */ +#undef OPENSSL_add_all_algorithms_noconf +#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf +#undef OPENSSL_add_all_algorithms_conf +#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf +#undef EVP_PKEY_meth_set_verify_recover +#define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover + +/* Hack some long EC names */ +#undef EC_GROUP_set_point_conversion_form +#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form +#undef EC_GROUP_get_point_conversion_form +#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +#undef EC_GROUP_clear_free_all_extra_data +#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data +#undef EC_KEY_set_public_key_affine_coordinates +#define EC_KEY_set_public_key_affine_coordinates \ + EC_KEY_set_pub_key_aff_coords +#undef EC_POINT_set_Jprojective_coordinates_GFp +#define EC_POINT_set_Jprojective_coordinates_GFp \ + EC_POINT_set_Jproj_coords_GFp +#undef EC_POINT_get_Jprojective_coordinates_GFp +#define EC_POINT_get_Jprojective_coordinates_GFp \ + EC_POINT_get_Jproj_coords_GFp +#undef EC_POINT_set_affine_coordinates_GFp +#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp +#undef EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp +#undef EC_POINT_set_compressed_coordinates_GFp +#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp +#undef EC_POINT_set_affine_coordinates_GF2m +#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m +#undef EC_POINT_get_affine_coordinates_GF2m +#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m +#undef EC_POINT_set_compressed_coordinates_GF2m +#define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m +#undef ec_GF2m_simple_group_clear_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#undef ec_GF2m_simple_group_check_discriminant +#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim +#undef ec_GF2m_simple_point_clear_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#undef ec_GF2m_simple_point_set_to_infinity +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#undef ec_GF2m_simple_points_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#undef ec_GF2m_simple_point_set_affine_coordinates +#define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +#undef ec_GF2m_simple_point_get_affine_coordinates +#define ec_GF2m_simple_point_get_affine_coordinates \ + ec_GF2m_smp_pt_get_af_coords +#undef ec_GF2m_simple_set_compressed_coordinates +#define ec_GF2m_simple_set_compressed_coordinates \ + ec_GF2m_smp_set_compr_coords +#undef ec_GFp_simple_group_set_curve_GFp +#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp +#undef ec_GFp_simple_group_get_curve_GFp +#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp +#undef ec_GFp_simple_group_clear_finish +#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +#undef ec_GFp_simple_group_set_generator +#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator +#undef ec_GFp_simple_group_get0_generator +#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator +#undef ec_GFp_simple_group_get_cofactor +#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +#undef ec_GFp_simple_point_clear_finish +#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +#undef ec_GFp_simple_point_set_to_infinity +#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf +#undef ec_GFp_simple_points_make_affine +#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +#undef ec_GFp_simple_set_Jprojective_coordinates_GFp +#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +#undef ec_GFp_simple_get_Jprojective_coordinates_GFp +#define ec_GFp_simple_get_Jprojective_coordinates_GFp \ + ec_GFp_smp_get_Jproj_coords_GFp +#undef ec_GFp_simple_point_set_affine_coordinates_GFp +#define ec_GFp_simple_point_set_affine_coordinates_GFp \ + ec_GFp_smp_pt_set_af_coords_GFp +#undef ec_GFp_simple_point_get_affine_coordinates_GFp +#define ec_GFp_simple_point_get_affine_coordinates_GFp \ + ec_GFp_smp_pt_get_af_coords_GFp +#undef ec_GFp_simple_set_compressed_coordinates_GFp +#define ec_GFp_simple_set_compressed_coordinates_GFp \ + ec_GFp_smp_set_compr_coords_GFp +#undef ec_GFp_simple_point_set_affine_coordinates +#define ec_GFp_simple_point_set_affine_coordinates \ + ec_GFp_smp_pt_set_af_coords +#undef ec_GFp_simple_point_get_affine_coordinates +#define ec_GFp_simple_point_get_affine_coordinates \ + ec_GFp_smp_pt_get_af_coords +#undef ec_GFp_simple_set_compressed_coordinates +#define ec_GFp_simple_set_compressed_coordinates \ + ec_GFp_smp_set_compr_coords +#undef ec_GFp_simple_group_check_discriminant +#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim + +/* Hack som long STORE names */ +#undef STORE_method_set_initialise_function +#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn +#undef STORE_method_set_cleanup_function +#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn +#undef STORE_method_set_generate_function +#define STORE_method_set_generate_function STORE_meth_set_generate_fn +#undef STORE_method_set_modify_function +#define STORE_method_set_modify_function STORE_meth_set_modify_fn +#undef STORE_method_set_revoke_function +#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn +#undef STORE_method_set_delete_function +#define STORE_method_set_delete_function STORE_meth_set_delete_fn +#undef STORE_method_set_list_start_function +#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn +#undef STORE_method_set_list_next_function +#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn +#undef STORE_method_set_list_end_function +#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn +#undef STORE_method_set_update_store_function +#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn +#undef STORE_method_set_lock_store_function +#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn +#undef STORE_method_set_unlock_store_function +#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn +#undef STORE_method_get_initialise_function +#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn +#undef STORE_method_get_cleanup_function +#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn +#undef STORE_method_get_generate_function +#define STORE_method_get_generate_function STORE_meth_get_generate_fn +#undef STORE_method_get_modify_function +#define STORE_method_get_modify_function STORE_meth_get_modify_fn +#undef STORE_method_get_revoke_function +#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn +#undef STORE_method_get_delete_function +#define STORE_method_get_delete_function STORE_meth_get_delete_fn +#undef STORE_method_get_list_start_function +#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn +#undef STORE_method_get_list_next_function +#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn +#undef STORE_method_get_list_end_function +#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn +#undef STORE_method_get_update_store_function +#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn +#undef STORE_method_get_lock_store_function +#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn +#undef STORE_method_get_unlock_store_function +#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn + +/* Hack some long TS names */ +#undef TS_RESP_CTX_set_status_info_cond +#define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond +#undef TS_RESP_CTX_set_clock_precision_digits +#define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits +#undef TS_CONF_set_clock_precision_digits +#define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits + +/* Hack some long CMS names */ +#undef CMS_RecipientInfo_ktri_get0_algs +#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +#undef CMS_RecipientInfo_ktri_get0_signer_id +#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +#undef CMS_OtherRevocationInfoFormat_it +#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +#undef CMS_KeyAgreeRecipientIdentifier_it +#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +#undef CMS_OriginatorIdentifierOrKey_it +#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +#undef cms_SignerIdentifier_get0_signer_id +#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id + +/* Hack some long DTLS1 names */ +#undef dtls1_retransmit_buffered_messages +#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + +/* Hack some long SRP names */ +#undef SRP_generate_server_master_secret +#define SRP_generate_server_master_secret SRP_gen_server_master_secret +#undef SRP_generate_client_master_secret +#define SRP_generate_client_master_secret SRP_gen_client_master_secret + +/* Hack some long UI names */ +#undef UI_method_get_prompt_constructor +#define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +#undef UI_method_set_prompt_constructor +#define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + +#endif /* defined OPENSSL_SYS_VMS */ + + +/* Case insensitive linking causes problems.... */ +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +#undef ERR_load_CRYPTO_strings +#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +#undef OCSP_crlID_new +#define OCSP_crlID_new OCSP_crlID2_new + +#undef d2i_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#undef i2d_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#undef d2i_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#undef i2d_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* These functions do not seem to exist! However, I'm paranoid... + Original command in x509v3.h: + These functions are being redefined in another directory, + and clash when the linker is case-insensitive, so let's + hide them a little, by giving them an extra 'o' at the + beginning of the name... */ +#undef X509v3_cleanup_extensions +#define X509v3_cleanup_extensions oX509v3_cleanup_extensions +#undef X509v3_add_extension +#define X509v3_add_extension oX509v3_add_extension +#undef X509v3_add_netscape_extensions +#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +#undef X509v3_add_standard_extensions +#define X509v3_add_standard_extensions oX509v3_add_standard_extensions + +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create + +#endif + + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h new file mode 100644 index 0000000000..6ae8876462 --- /dev/null +++ b/include/openssl/tls1.h @@ -0,0 +1,744 @@ +/* ssl/tls1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_TLS1_H +#define HEADER_TLS1_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 +#define TLS_MAX_VERSION TLS1_2_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_get_version(s) \ + ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) + +#define TLS1_get_client_version(s) \ + ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + +#define TLS1_AD_DECRYPTION_FAILED 21 +#define TLS1_AD_RECORD_OVERFLOW 22 +#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +#define TLS1_AD_DECODE_ERROR 50 /* fatal */ +#define TLS1_AD_DECRYPT_ERROR 51 +#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ +#define TLS1_AD_USER_CANCELLED 90 +#define TLS1_AD_NO_RENEGOTIATION 100 +/* codes 110-114 are from RFC3546 */ +#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +#define TLS1_AD_UNRECOGNIZED_NAME 112 +#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +#define TLSEXT_TYPE_server_name 0 +#define TLSEXT_TYPE_max_fragment_length 1 +#define TLSEXT_TYPE_client_certificate_url 2 +#define TLSEXT_TYPE_trusted_ca_keys 3 +#define TLSEXT_TYPE_truncated_hmac 4 +#define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +#define TLSEXT_TYPE_user_mapping 6 + +/* ExtensionType values from RFC5878 */ +#define TLSEXT_TYPE_client_authz 7 +#define TLSEXT_TYPE_server_authz 8 + +/* ExtensionType values from RFC6091 */ +#define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +#define TLSEXT_TYPE_elliptic_curves 10 +#define TLSEXT_TYPE_ec_point_formats 11 + +/* ExtensionType value from RFC5054 */ +#define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +#define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +#define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +#define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +#define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC4507 */ +#define TLSEXT_TYPE_session_ticket 35 + +/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ +#if 0 /* will have to be provided externally for now , + * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 + * using whatever extension number you'd like to try */ +# define TLSEXT_TYPE_opaque_prf_input ?? */ +#endif + +/* Temporary extension type */ +#define TLSEXT_TYPE_renegotiate 0xff01 + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +#define TLSEXT_TYPE_next_proto_neg 13172 +#endif + +/* NameType value from RFC 3546 */ +#define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC 3546 */ +#define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +#define TLSEXT_ECPOINTFORMAT_first 0 +#define TLSEXT_ECPOINTFORMAT_uncompressed 0 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +#define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC 5246 */ + +#define TLSEXT_signature_anonymous 0 +#define TLSEXT_signature_rsa 1 +#define TLSEXT_signature_dsa 2 +#define TLSEXT_signature_ecdsa 3 + +#define TLSEXT_hash_none 0 +#define TLSEXT_hash_md5 1 +#define TLSEXT_hash_sha1 2 +#define TLSEXT_hash_sha224 3 +#define TLSEXT_hash_sha256 4 +#define TLSEXT_hash_sha384 5 +#define TLSEXT_hash_sha512 6 + +#ifndef OPENSSL_NO_TLSEXT + +#define TLSEXT_MAXLEN_host_name 255 + +const char *SSL_get_servername(const SSL *s, const int type); +int SSL_get_servername_type(const SSL *s); +/* SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) + * + * It returns 1 on success and zero otherwise. + */ +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, + int use_context); + +#define SSL_set_tlsext_host_name(s,name) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +#define SSL_set_tlsext_debug_callback(ssl, cb) \ +SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +#define SSL_set_tlsext_debug_arg(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +#define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +#define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_NOACK 3 + +#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +#define SSL_set_tlsext_opaque_prf_input(s, src, len) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) +#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) +#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) + +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +#ifndef OPENSSL_NO_HEARTBEATS +#define SSL_TLSEXT_HB_ENABLED 0x01 +#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 +#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 + +#define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) +#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) +#endif +#endif + +/* PSK ciphersuites from 4279 */ +#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D + +/* Additional TLS ciphersuites from expired Internet Draft + * draft-ietf-tls-56-bit-ciphersuites-01.txt + * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see + * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably + * shouldn't. Note that the first two are actually not in the IDs. */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ +#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 +#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + +/* AES ciphersuites from RFC3268 */ + +#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 + +#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* XXX + * Inconsistency alert: + * The OpenSSL names of ciphers with ephemeral DH here include the string + * "DHE", while elsewhere it has always been "EDH". + * (The alias for the list of all such ciphers also is "EDH".) + * The specifications speak of "EDH"; maybe we should allow both forms + * for everything. */ +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" +#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +/* AES ciphersuites from RFC3268 */ +#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +/* SRP ciphersuite from RFC 5054 */ +#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* SEED ciphersuites from RFC4162 */ +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +#define TLS_CT_RSA_SIGN 1 +#define TLS_CT_DSS_SIGN 2 +#define TLS_CT_RSA_FIXED_DH 3 +#define TLS_CT_DSS_FIXED_DH 4 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 +#define TLS_CT_GOST94_SIGN 21 +#define TLS_CT_GOST01_SIGN 22 +/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) */ +#define TLS_CT_NUMBER 9 + +#define TLS1_FINISH_MAC_LENGTH 12 + +#define TLS_MD_MAX_CONST_SIZE 20 +#define TLS_MD_CLIENT_FINISH_CONST "client finished" +#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_FINISH_CONST "server finished" +#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_KEY_EXPANSION_CONST "key expansion" +#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_IV_BLOCK_CONST "IV block" +#define TLS_MD_IV_BLOCK_CONST_SIZE 8 +#define TLS_MD_MASTER_SECRET_CONST "master secret" +#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 + +#ifdef CHARSET_EBCDIC +#undef TLS_MD_CLIENT_FINISH_CONST +#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ +#undef TLS_MD_SERVER_FINISH_CONST +#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ +#undef TLS_MD_SERVER_WRITE_KEY_CONST +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +#undef TLS_MD_KEY_EXPANSION_CONST +#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ +#undef TLS_MD_CLIENT_WRITE_KEY_CONST +#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ +#undef TLS_MD_SERVER_WRITE_KEY_CONST +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +#undef TLS_MD_IV_BLOCK_CONST +#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ +#undef TLS_MD_MASTER_SECRET_CONST +#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ +#endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st + { + unsigned short length; + void *data; + }; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ts.h b/include/openssl/ts.h new file mode 100644 index 0000000000..c2448e3c3b --- /dev/null +++ b/include/openssl/ts.h @@ -0,0 +1,858 @@ +/* crypto/ts/ts.h */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +#define HEADER_TS_H + +#include +#include +#ifndef OPENSSL_NO_BUFFER +#include +#endif +#ifndef OPENSSL_NO_EVP +#include +#endif +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif + +#ifndef OPENSSL_NO_DSA +#include +#endif + +#ifndef OPENSSL_NO_DH +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +#undef X509_NAME +#endif + +#include +#include + +/* +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st + { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; + } TS_MSG_IMPRINT; + +/* +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st + { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ + } TS_REQ; + +/* +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st + { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; + } TS_ACCURACY; + +/* +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st + { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; + } TS_TST_INFO; + +/* +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ + +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st + { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; + } TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/* +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st + { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; + } TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/* +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial + { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; + } ESS_ISSUER_SERIAL; + +/* +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id + { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; + } ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/* +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert + { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; + } ESS_SIGNING_CERT; + + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, + unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, + unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +#define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +#define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +#define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); + +/* This must return the seconds and microseconds since Jan 1, 1970 in + the sec and usec variables allocated by the caller. + Return non-zero for success and zero for failure. */ +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); + +/* This must process the given extension. + * It can modify the TS_TST_INFO object of the context. + * Return values: !0 (processed), 0 (error, it must set the + * status info/failure info of the response). + */ +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +typedef struct TS_resp_ctx + { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in + time stamp token. */ + unsigned flags; /* Optional info, see values above. */ + + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; + } TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* Adds a new acceptable policy, only the default policy + is accepted by default. */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + +/* Adds a new acceptable message digest. Note that no message digests + are accepted by default. The md argument is shared with the caller. */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* Clock precision digits, i.e. the number of decimal digits: + '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +#define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +#define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +#define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +#define TS_VFY_POLICY (1u << 2) +/* Verify the message imprint provided by the user. This flag should not be + specified with TS_VFY_DATA. */ +#define TS_VFY_IMPRINT (1u << 3) +/* Verify the message imprint computed by the verify method from the user + provided data and the MD algorithm of the response. This flag should not be + specified with TS_VFY_IMPRINT. */ +#define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +#define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +#define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +#define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx + { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + + /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, + the algorithm from the response is used. */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; + } TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/* + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* Function declarations for handling configuration options, + defined in ts/ts_conf.c */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +#define TS_F_D2I_TS_RESP 147 +#define TS_F_DEF_SERIAL_CB 110 +#define TS_F_DEF_TIME_CB 111 +#define TS_F_ESS_ADD_SIGNING_CERT 112 +#define TS_F_ESS_CERT_ID_NEW_INIT 113 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +#define TS_F_PKCS7_TO_TS_TST_INFO 148 +#define TS_F_TS_ACCURACY_SET_MICROS 115 +#define TS_F_TS_ACCURACY_SET_MILLIS 116 +#define TS_F_TS_ACCURACY_SET_SECONDS 117 +#define TS_F_TS_CHECK_IMPRINTS 100 +#define TS_F_TS_CHECK_NONCES 101 +#define TS_F_TS_CHECK_POLICY 102 +#define TS_F_TS_CHECK_SIGNING_CERTS 103 +#define TS_F_TS_CHECK_STATUS_INFO 104 +#define TS_F_TS_COMPUTE_IMPRINT 145 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +#define TS_F_TS_GET_STATUS_TEXT 105 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +#define TS_F_TS_REQ_SET_NONCE 120 +#define TS_F_TS_REQ_SET_POLICY_ID 121 +#define TS_F_TS_RESP_CREATE_RESPONSE 122 +#define TS_F_TS_RESP_CREATE_TST_INFO 123 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +#define TS_F_TS_RESP_CTX_ADD_MD 125 +#define TS_F_TS_RESP_CTX_ADD_POLICY 126 +#define TS_F_TS_RESP_CTX_NEW 127 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +#define TS_F_TS_RESP_CTX_SET_CERTS 129 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +#define TS_F_TS_RESP_GET_POLICY 133 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +#define TS_F_TS_RESP_SET_STATUS_INFO 135 +#define TS_F_TS_RESP_SET_TST_INFO 150 +#define TS_F_TS_RESP_SIGN 136 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +#define TS_F_TS_RESP_VERIFY_TOKEN 107 +#define TS_F_TS_TST_INFO_SET_ACCURACY 137 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +#define TS_F_TS_TST_INFO_SET_NONCE 139 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +#define TS_F_TS_TST_INFO_SET_SERIAL 141 +#define TS_F_TS_TST_INFO_SET_TIME 142 +#define TS_F_TS_TST_INFO_SET_TSA 143 +#define TS_F_TS_VERIFY 108 +#define TS_F_TS_VERIFY_CERT 109 +#define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_D2I_TS_RESP_INT_FAILED 128 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h new file mode 100644 index 0000000000..6abe435bc8 --- /dev/null +++ b/include/openssl/txt_db.h @@ -0,0 +1,112 @@ +/* crypto/txt_db/txt_db.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_TXT_DB_H +#define HEADER_TXT_DB_H + +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#define DB_ERROR_OK 0 +#define DB_ERROR_MALLOC 1 +#define DB_ERROR_INDEX_CLASH 2 +#define DB_ERROR_INDEX_OUT_OF_RANGE 3 +#define DB_ERROR_NO_INDEX 4 +#define DB_ERROR_INSERT_INDEX_CLASH 5 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st + { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual)(OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; + } TXT_DB; + +#ifndef OPENSSL_NO_BIO +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +#else +TXT_DB *TXT_DB_read(char *in, int num); +long TXT_DB_write(char *out, TXT_DB *db); +#endif +int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/ui.h b/include/openssl/ui.h new file mode 100644 index 0000000000..bd78aa413f --- /dev/null +++ b/include/openssl/ui.h @@ -0,0 +1,383 @@ +/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_UI_H +#define HEADER_UI_H + +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Declared already in ossl_typ.h */ +/* typedef struct ui_st UI; */ +/* typedef struct ui_method_st UI_METHOD; */ + + +/* All the following functions return -1 or NULL on error and in some cases + (UI_process()) -2 if interrupted or in some other way cancelled. + When everything is fine, they return 0, a positive value or a non-NULL + pointer, all depending on their purpose. */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/* The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is usefull when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +#define UI_INPUT_FLAG_ECHO 0x01 +/* Use a default password. Where that password is found is completely + up to the application, it might for example be in the user data set + with UI_add_user_data(). It is not recommended to have more than + one input in each UI being marked with this flag, or the application + might get confused. */ +#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/* The user of these routines may want to define flags of their own. The core + UI won't look at those, but will pass them on to the method routines. They + must use higher bits so they don't get confused with the UI bits above. + UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + example of use is this: + + #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + +*/ +#define UI_INPUT_FLAG_USER_BASE 16 + + +/* The following function helps construct a prompt. object_desc is a + textual short description of the object, for example "pass phrase", + and object_name is the name of the object (might be a card name or + a file name. + The returned string shall always be allocated on the heap with + OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + + If the ui_method doesn't contain a pointer to a user-defined prompt + constructor, a default string is built, looking like this: + + "Enter {object_desc} for {object_name}:" + + So, if object_desc has the value "pass phrase" and object_name has + the value "foo.key", the resulting string is: + + "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + + +/* The following function is used to store a pointer to user-specific data. + Any previous such pointer will be returned and replaced. + + For callback purposes, this function makes a lot more sense than using + ex_data, since the latter requires that different parts of OpenSSL or + applications share the same ex_data index. + + Note that the UI_OpenSSL() method completely ignores the user data. + Other methods may not, however. */ +void *UI_add_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* Give a user interface parametrised control commands. This can be used to + send down an integer, a data pointer or a function pointer, as well as + be used to get information from a UI. */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); + +/* The commands */ +/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + OpenSSL error stack before printing any info or added error messages and + before any prompting. */ +#define UI_CTRL_PRINT_ERRORS 1 +/* Check if a UI_process() is possible to do again with the same instance of + a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + if not. */ +#define UI_CTRL_IS_REDOABLE 2 + + +/* Some methods may use extra data */ +#define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +#define UI_get_app_data(s) UI_get_ex_data(s,0) +int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int UI_set_ex_data(UI *r,int idx,void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + + +/* ---------- For method writers ---------- */ +/* A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called wth all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* The UI_STRING type is the data structure that contains all the needed info + about a string or a prompt, including test data for a verification prompt. +*/ +typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) + +/* The different types of strings that are currently supported. + This is only needed by method authors. */ +enum UI_string_types + { + UIT_NONE=0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ + }; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); +int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); +int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); +int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name)); +int (*UI_method_get_opener(UI_METHOD *method))(UI*); +int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); +int (*UI_method_get_flusher(UI_METHOD *method))(UI*); +int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); +int (*UI_method_get_closer(UI_METHOD *method))(UI*); +char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*); + +/* The following functions are helpers for method writers to access relevant + data from a UI_STRING. */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* Return the optional action string to output (the boolean promtp instruction) */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +/* Return the string to test the result against. Only useful with verifies. */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); + + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify); +int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_UI_strings(void); + +/* Error codes for the UI functions. */ + +/* Function codes. */ +#define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +#define UI_F_GENERAL_ALLOCATE_PROMPT 109 +#define UI_F_GENERAL_ALLOCATE_STRING 100 +#define UI_F_UI_CTRL 111 +#define UI_F_UI_DUP_ERROR_STRING 101 +#define UI_F_UI_DUP_INFO_STRING 102 +#define UI_F_UI_DUP_INPUT_BOOLEAN 110 +#define UI_F_UI_DUP_INPUT_STRING 103 +#define UI_F_UI_DUP_VERIFY_STRING 106 +#define UI_F_UI_GET0_RESULT 107 +#define UI_F_UI_NEW_METHOD 104 +#define UI_F_UI_SET_RESULT 105 + +/* Reason codes. */ +#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +#define UI_R_INDEX_TOO_LARGE 102 +#define UI_R_INDEX_TOO_SMALL 103 +#define UI_R_NO_RESULT_BUFFER 105 +#define UI_R_RESULT_TOO_LARGE 100 +#define UI_R_RESULT_TOO_SMALL 101 +#define UI_R_UNKNOWN_CONTROL_COMMAND 106 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/ui_compat.h b/include/openssl/ui_compat.h new file mode 100644 index 0000000000..b35c9bb7fd --- /dev/null +++ b/include/openssl/ui_compat.h @@ -0,0 +1,83 @@ +/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_UI_COMPAT_H +#define HEADER_UI_COMPAT_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* The following functions were previously part of the DES section, + and are provided here for backward compatibility reasons. */ + +#define des_read_pw_string(b,l,p,v) \ + _ossl_old_des_read_pw_string((b),(l),(p),(v)) +#define des_read_pw(b,bf,s,p,v) \ + _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) + +int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify); +int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h new file mode 100644 index 0000000000..9e01f5b076 --- /dev/null +++ b/include/openssl/whrlpool.h @@ -0,0 +1,41 @@ +#ifndef HEADER_WHRLPOOL_H +#define HEADER_WHRLPOOL_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define WHIRLPOOL_DIGEST_LENGTH (512/8) +#define WHIRLPOOL_BBLOCK 512 +#define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK/8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; + } WHIRLPOOL_CTX; + +#ifndef OPENSSL_NO_WHIRLPOOL +#ifdef OPENSSL_FIPS +int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +#endif +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/x509.h b/include/openssl/x509.h new file mode 100644 index 0000000000..ed767f84dd --- /dev/null +++ b/include/openssl/x509.h @@ -0,0 +1,1298 @@ +/* crypto/x509/x509.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_X509_H +#define HEADER_X509_H + +#include +#include +#ifndef OPENSSL_NO_BUFFER +#include +#endif +#ifndef OPENSSL_NO_EVP +#include +#endif +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include + +#ifndef OPENSSL_NO_EC +#include +#endif + +#ifndef OPENSSL_NO_ECDSA +#include +#endif + +#ifndef OPENSSL_NO_ECDH +#include +#endif + +#ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif +#endif + +#ifndef OPENSSL_NO_SHA +#include +#endif +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_SYS_WIN32 +/* Under Win32 these are defined in wincrypt.h */ +#undef X509_NAME +#undef X509_CERT_PAIR +#undef X509_EXTENSIONS +#endif + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff + +typedef struct X509_objects_st + { + int nid; + int (*a2i)(void); + int (*i2a)(void); + } X509_OBJECTS; + +struct X509_algor_st + { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; + } /* X509_ALGOR */; + +DECLARE_ASN1_SET_OF(X509_ALGOR) + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st + { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; + } X509_VAL; + +struct X509_pubkey_st + { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; + }; + +typedef struct X509_sig_st + { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; + } X509_SIG; + +typedef struct X509_name_entry_st + { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; /* temp variable */ + } X509_NAME_ENTRY; + +DECLARE_STACK_OF(X509_NAME_ENTRY) +DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) + +/* we always keep X509_NAMEs in 2 forms. */ +struct X509_name_st + { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; /* true if 'bytes' needs to be built */ +#ifndef OPENSSL_NO_BUFFER + BUF_MEM *bytes; +#else + char *bytes; +#endif +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; + } /* X509_NAME */; + +DECLARE_STACK_OF(X509_NAME) + +#define X509_EX_V_NETSCAPE_HACK 0x8000 +#define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st + { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; + } X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DECLARE_STACK_OF(X509_EXTENSION) +DECLARE_ASN1_SET_OF(X509_EXTENSION) + +/* a sequence of these are used */ +typedef struct x509_attributes_st + { + ASN1_OBJECT *object; + int single; /* 0 for a set, 1 for a single item (which is wrong) */ + union { + char *ptr; +/* 0 */ STACK_OF(ASN1_TYPE) *set; +/* 1 */ ASN1_TYPE *single; + } value; + } X509_ATTRIBUTE; + +DECLARE_STACK_OF(X509_ATTRIBUTE) +DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) + + +typedef struct X509_req_info_st + { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + } X509_REQ_INFO; + +typedef struct X509_req_st + { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + } X509_REQ; + +typedef struct x509_cinf_st + { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; + } X509_CINF; + +/* This stuff is certificate "auxiliary info" + * it contains details which are useful in certificate + * stores and databases. When used this is tagged onto + * the end of the certificate itself + */ + +typedef struct x509_cert_aux_st + { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ + } X509_CERT_AUX; + +struct x509_st + { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int valid; + int references; + char *name; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +#ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +#endif +#ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +#endif + X509_CERT_AUX *aux; + } /* X509 */; + +DECLARE_STACK_OF(X509) +DECLARE_ASN1_SET_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust)(struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DECLARE_STACK_OF(X509_TRUST) + +typedef struct x509_cert_pair_st { + X509 *forward; + X509 *reverse; +} X509_CERT_PAIR; + +/* standard trust ids */ + +#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ + +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 +#define X509_TRUST_OCSP_SIGN 6 +#define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 8 + + +/* trust_flags values */ +#define X509_TRUST_DYNAMIC 1 +#define X509_TRUST_DYNAMIC_NAME 2 + +/* check_trust return codes */ + +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +#define XN_FLAG_SEP_MASK (0xf << 16) + +#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ + +#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ + +/* How the field name is shown */ + +#define XN_FLAG_FN_MASK (0x3 << 21) + +#define XN_FLAG_FN_SN 0 /* Object short name */ +#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ + +#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ + +/* This determines if we dump fields we don't recognise: + * RFC2253 requires this. + */ + +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ + +/* Complete set of RFC2253 flags */ + +#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +struct x509_revoked_st + { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; + int sequence; /* load sequence */ + }; + +DECLARE_STACK_OF(X509_REVOKED) +DECLARE_ASN1_SET_OF(X509_REVOKED) + +typedef struct X509_crl_info_st + { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; + } X509_CRL_INFO; + +struct X509_crl_st + { + /* actual signature */ + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; +#ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +#endif + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; + } /* X509_CRL */; + +DECLARE_STACK_OF(X509_CRL) +DECLARE_ASN1_SET_OF(X509_CRL) + +typedef struct private_key_st + { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; + + int references; + } X509_PKEY; + +#ifndef OPENSSL_NO_EVP +typedef struct X509_info_st + { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; + + int references; + } X509_INFO; + +DECLARE_STACK_OF(X509_INFO) +#endif + +/* The next 2 structures and their 8 routines were sent to me by + * Pat Richard and are used to manipulate + * Netscapes spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st + { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ + } NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st + { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; + } NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence + { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; + } NETSCAPE_CERT_SEQUENCE; + +/* Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { +ASN1_OCTET_STRING *salt; +ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { +X509_ALGOR *keyfunc; +X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +ASN1_INTEGER *iter; +ASN1_INTEGER *keylength; +X509_ALGOR *prf; +} PBKDF2PARAM; + + +/* PKCS#8 private key info structure */ + +struct pkcs8_priv_key_info_st + { + int broken; /* Flag for various broken formats */ +#define PKCS8_OK 0 +#define PKCS8_NO_OCTET 1 +#define PKCS8_EMBEDDED_PARAM 2 +#define PKCS8_NS_DB 3 +#define PKCS8_NEG_PRIVKEY 4 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + STACK_OF(X509_ATTRIBUTE) *attributes; + }; + +#ifdef __cplusplus +} +#endif + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define X509_EXT_PACK_UNKNOWN 1 +#define X509_EXT_PACK_STRING 2 + +#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ +#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) + +#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +#define X509_CRL_get_issuer(x) ((x)->crl->issuer) +#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new( + int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +/* This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ +#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) + + +const char *X509_verify_cert_error_string(long n); + +#ifndef OPENSSL_NO_EVP +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); +char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +#endif + +#ifndef OPENSSL_NO_FP_API +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp,X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); +#ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); +#endif +#ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +#endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +#endif +X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +#endif + +#ifndef OPENSSL_NO_BIO +X509 *d2i_X509_bio(BIO *bp,X509 **x509); +int i2d_X509_bio(BIO *bp,X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); +#ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); +#endif +#ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +#endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +#endif +X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +#endif + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME * X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char * X509_get_default_cert_area(void ); +const char * X509_get_default_cert_dir(void ); +const char * X509_get_default_cert_file(void ); +const char * X509_get_default_cert_dir_env(void ); +const char * X509_get_default_cert_file_env(void ); +const char * X509_get_default_private_dir(void ); + +X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, + STACK_OF(X509) *chain); +int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, + long length); +#ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); +RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); +DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, + long length); +#endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) + +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a,unsigned char **pp); +X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); + +int X509_alias_set1(X509 *x, unsigned char *name, int len); +int X509_keyid_set1(X509 *x, unsigned char *id, int len); +unsigned char * X509_alias_get0(X509 *x, int *len); +unsigned char * X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY * X509_PKEY_new(void ); +void X509_PKEY_free(X509_PKEY *a); +int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); +X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +#ifndef OPENSSL_NO_EVP +X509_INFO * X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, + unsigned char *md,unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data,EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, + unsigned char *md,unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, + void *data, EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, + X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); +#endif + +int X509_set_version(X509 *x,long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER * X509_get_serialNumber(X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_issuer_name(X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_subject_name(X509 *a); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY * X509_get_pubkey(X509 *x); +ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); + +int X509_REQ_set_version(X509_REQ *x,long version); +int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int * X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, + int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); + +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); + +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); + +int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +#ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +#endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +#ifndef OPENSSL_NO_FP_API +int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +int X509_print_fp(FILE *bp,X509 *x); +int X509_CRL_print_fp(FILE *bp,X509_CRL *x); +int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +#endif + +#ifndef OPENSSL_NO_BIO +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +int X509_print(BIO *bp,X509 *x); +int X509_ocspid_print(BIO *bp,X509 *x); +int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); +int X509_CRL_print(BIO *bp,X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); +int X509_REQ_print(BIO *bp,X509_REQ *req); +#endif + +int X509_NAME_entry_count(X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, + char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + char *buf,int len); + +/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. */ +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, const unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type,unsigned char *bytes, int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + ASN1_OBJECT *obj, int type,const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, + ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + ASN1_OBJECT *obj,int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(X509 *x); +int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); +int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(X509_CRL *x); +int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); +int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); +int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, + ASN1_OCTET_STRING *data); +ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, int type, + const unsigned char *bytes, int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, int atrtype, const void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, const unsigned char *bytes, int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, + int atrtype, void *data); +int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + PKCS8_PRIV_KEY_INFO *p8); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST * X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(X509_TRUST *xp); +char *X509_TRUST_get0_name(X509_TRUST *xp); +int X509_TRUST_get_trust(X509_TRUST *xp); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_X509_strings(void); + +/* Error codes for the X509 functions. */ + +/* Function codes. */ +#define X509_F_ADD_CERT_DIR 100 +#define X509_F_BY_FILE_CTRL 101 +#define X509_F_CHECK_POLICY 145 +#define X509_F_DIR_CTRL 102 +#define X509_F_GET_CERT_BY_SUBJECT 103 +#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +#define X509_F_X509AT_ADD1_ATTR 135 +#define X509_F_X509V3_ADD_EXT 104 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +#define X509_F_X509_CHECK_PRIVATE_KEY 128 +#define X509_F_X509_CRL_PRINT_FP 147 +#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +#define X509_F_X509_LOAD_CERT_CRL_FILE 132 +#define X509_F_X509_LOAD_CERT_FILE 111 +#define X509_F_X509_LOAD_CRL_FILE 112 +#define X509_F_X509_NAME_ADD_ENTRY 113 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +#define X509_F_X509_NAME_ONELINE 116 +#define X509_F_X509_NAME_PRINT 117 +#define X509_F_X509_PRINT_EX_FP 118 +#define X509_F_X509_PUBKEY_GET 119 +#define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +#define X509_F_X509_REQ_PRINT_EX 121 +#define X509_F_X509_REQ_PRINT_FP 122 +#define X509_F_X509_REQ_TO_X509 123 +#define X509_F_X509_STORE_ADD_CERT 124 +#define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +#define X509_F_X509_STORE_CTX_INIT 143 +#define X509_F_X509_STORE_CTX_NEW 142 +#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +#define X509_F_X509_TO_X509_REQ 126 +#define X509_F_X509_TRUST_ADD 133 +#define X509_F_X509_TRUST_SET 141 +#define X509_F_X509_VERIFY_CERT 127 + +/* Reason codes. */ +#define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_BASE64_DECODE_ERROR 118 +#define X509_R_CANT_CHECK_DH_KEY 114 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_ERR_ASN1_LIB 102 +#define X509_R_INVALID_DIRECTORY 113 +#define X509_R_INVALID_FIELD_NAME 119 +#define X509_R_INVALID_TRUST 123 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 +#define X509_R_LOADING_CERT_DIR 103 +#define X509_R_LOADING_DEFAULTS 104 +#define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +#define X509_R_SHOULD_RETRY 106 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 +#define X509_R_UNKNOWN_NID 109 +#define X509_R_UNKNOWN_PURPOSE_ID 121 +#define X509_R_UNKNOWN_TRUST_ID 120 +#define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 +#define X509_R_WRONG_TYPE 122 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h new file mode 100644 index 0000000000..fe09b30aaa --- /dev/null +++ b/include/openssl/x509_vfy.h @@ -0,0 +1,567 @@ +/* crypto/x509/x509_vfy.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_X509_H +#include +/* openssl/x509.h ends up #include-ing this file at about the only + * appropriate moment. */ +#endif + +#ifndef HEADER_X509_VFY_H +#define HEADER_X509_VFY_H + +#include +#ifndef OPENSSL_NO_LHASH +#include +#endif +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if 0 +/* Outer object */ +typedef struct x509_hash_dir_st + { + int num_dirs; + char **dirs; + int *dirs_type; + int num_dirs_alloced; + } X509_HASH_DIR_CTX; +#endif + +typedef struct x509_file_st + { + int num_paths; /* number of paths to files or directories */ + int num_alloced; + char **paths; /* the list of paths or directories */ + int *path_type; + } X509_CERT_FILE_CTX; + +/*******************************/ +/* +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#define X509_LU_X509 1 +#define X509_LU_CRL 2 +#define X509_LU_PKEY 3 + +typedef struct x509_object_st + { + /* one of the above types */ + int type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; + } X509_OBJECT; + +typedef struct x509_lookup_st X509_LOOKUP; + +DECLARE_STACK_OF(X509_LOOKUP) +DECLARE_STACK_OF(X509_OBJECT) + +/* This is a static that defines the function interface */ +typedef struct x509_lookup_method_st + { + const char *name; + int (*new_item)(X509_LOOKUP *ctx); + void (*free)(X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx); + int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, + ASN1_INTEGER *serial,X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, + unsigned char *bytes,int len, + X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, + X509_OBJECT *ret); + } X509_LOOKUP_METHOD; + +/* This structure hold all parameters associated with a verify operation + * by including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +typedef struct X509_VERIFY_PARAM_st + { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + } X509_VERIFY_PARAM; + +DECLARE_STACK_OF(X509_VERIFY_PARAM) + +/* This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' + * function is then called to actually check the cert chain. */ +struct x509_store_st + { + /* The following is a cache of trusted certs */ + int cache; /* if true, stash any hits */ + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + + /* These are external lookup methods */ + STACK_OF(X509_LOOKUP) *get_cert_methods; + + X509_VERIFY_PARAM *param; + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + CRYPTO_EX_DATA ex_data; + int references; + } /* X509_STORE */; + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) +#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) + +/* This is the functions plus an instance of the local variables. */ +struct x509_lookup_st + { + int init; /* have we been started */ + int skip; /* don't use us. */ + X509_LOOKUP_METHOD *method; /* the functions */ + char *method_data; /* method data */ + + X509_STORE *store_ctx; /* who owns us */ + } /* X509_LOOKUP */; + +/* This is a used when verifying cert chains. Since the + * gathering of the cert chain can take some time (and have to be + * 'retried', this needs to be kept and passed around. */ +struct x509_store_ctx_st /* X509_STORE_CTX */ + { + X509_STORE *ctx; + int current_method; /* used when looking up certs */ + + /* The following are set by the caller */ + X509 *cert; /* The cert to check */ + STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ + STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + + X509_VERIFY_PARAM *param; + void *other_ctx; /* Other info for use with get_issuer() */ + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + /* The following is built up */ + int valid; /* if 0, rebuild chain */ + int last_untrusted; /* index of last untrusted cert */ + STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ + X509_POLICY_TREE *tree; /* Valid policy tree */ + + int explicit_policy; /* Require explicit policy value */ + + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + X509 *current_issuer; /* cert currently being tested as valid issuer */ + X509_CRL *current_crl; /* current CRL */ + + int current_crl_score; /* score of current CRL */ + unsigned int current_reasons; /* Reason mask */ + + X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + + CRYPTO_EX_DATA ex_data; + } /* X509_STORE_CTX */; + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +#define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +#define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +#define X509_L_FILE_LOAD 1 +#define X509_L_ADD_DIR 2 + +#define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +#define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +#define X509_V_OK 0 +/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ + +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_INVALID_CA 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 + +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 + +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +#define X509_V_ERR_UNNESTED_RESOURCE 46 + +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 + +/* The application is not happy */ +#define X509_V_ERR_APPLICATION_VERIFICATION 50 + +/* Certificate verify flags */ + +/* Send issuer+subject checks to verify_cb */ +#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 +/* Use check time instead of current time */ +#define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +#define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +#define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +#define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +#define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +#define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +#define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +#define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +#define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +#define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check selfsigned CA signature */ +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + + +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); +void X509_OBJECT_up_ref_count(X509_OBJECT *a); +void X509_OBJECT_free_contents(X509_OBJECT *a); +X509_STORE *X509_STORE_new(void ); +void X509_STORE_free(X509_STORE *v); + +STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); + +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); + +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, + X509_OBJECT *ret); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +#ifndef OPENSSL_NO_STDIO +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +#endif + + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, + unsigned char *bytes, int len, X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, + int len, X509_OBJECT *ret); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +#ifndef OPENSSL_NO_STDIO +int X509_STORE_load_locations (X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); +#endif + +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); +void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, + unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL * + X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) * + X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE * + X509_policy_node_get0_parent(const X509_POLICY_NODE *node); + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h new file mode 100644 index 0000000000..b308abe7cd --- /dev/null +++ b/include/openssl/x509v3.h @@ -0,0 +1,1007 @@ +/* x509v3.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_X509V3_H +#define HEADER_X509V3_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void * (*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE)(void *); +typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); +typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { +int ext_nid; +int ext_flags; +/* If this is set the following four fields are ignored */ +ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ +X509V3_EXT_NEW ext_new; +X509V3_EXT_FREE ext_free; +X509V3_EXT_D2I d2i; +X509V3_EXT_I2D i2d; + +/* The following pair is used for string extensions */ +X509V3_EXT_I2S i2s; +X509V3_EXT_S2I s2i; + +/* The following pair is used for multi-valued extensions */ +X509V3_EXT_I2V i2v; +X509V3_EXT_V2I v2i; + +/* The following are used for raw extensions */ +X509V3_EXT_I2R i2r; +X509V3_EXT_R2I r2i; + +void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { +char * (*get_string)(void *db, char *section, char *value); +STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); +void (*free_string)(void *db, char * string); +void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +#define CTX_TEST 0x1 +int flags; +X509 *issuer_cert; +X509 *subject_cert; +X509_REQ *subject_req; +X509_CRL *crl; +X509V3_CONF_METHOD *db_meth; +void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DECLARE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +#define X509V3_EXT_DYNAMIC 0x1 +#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { +int ca; +ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + + +typedef struct PKEY_USAGE_PERIOD_st { +ASN1_GENERALIZEDTIME *notBefore; +ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { +ASN1_OBJECT *type_id; +ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { + +#define GEN_OTHERNAME 0 +#define GEN_EMAIL 1 +#define GEN_DNS 2 +#define GEN_X400 3 +#define GEN_DIRNAME 4 +#define GEN_EDIPARTY 5 +#define GEN_URI 6 +#define GEN_IPADD 7 +#define GEN_RID 8 + +int type; +union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ +} d; +} GENERAL_NAME; + +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +DECLARE_STACK_OF(GENERAL_NAME) +DECLARE_ASN1_SET_OF(GENERAL_NAME) + +DECLARE_STACK_OF(ACCESS_DESCRIPTION) +DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { +int type; +union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; +} name; +/* If relativename then this contains the full distribution point name */ +X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { +DIST_POINT_NAME *distpoint; +ASN1_BIT_STRING *reasons; +GENERAL_NAMES *CRLissuer; +int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DECLARE_STACK_OF(DIST_POINT) +DECLARE_ASN1_SET_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { +ASN1_OCTET_STRING *keyid; +GENERAL_NAMES *issuer; +ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DECLARE_STACK_OF(SXNETID) +DECLARE_ASN1_SET_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DECLARE_STACK_OF(POLICYQUALINFO) +DECLARE_ASN1_SET_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DECLARE_STACK_OF(POLICYINFO) +DECLARE_ASN1_SET_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st + { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; + } PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st + { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; + } PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st + { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; + }; + +/* Values in idp_flags field */ +/* IDP present */ +#define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +#define IDP_INVALID 0x2 +/* onlyuser true */ +#define IDP_ONLYUSER 0x4 +/* onlyCA true */ +#define IDP_ONLYCA 0x8 +/* onlyattr true */ +#define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +#define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +#define IDP_REASONS 0x40 + +#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ +",name:", val->name, ",value:", val->value); + +#define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + + +/* X509_PURPOSE stuff */ + +#define EXFLAG_BCONS 0x1 +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 +#define EXFLAG_NSCERT 0x8 + +#define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +#define EXFLAG_SI 0x20 +#define EXFLAG_SS 0x20 +#define EXFLAG_V1 0x40 +#define EXFLAG_INVALID 0x80 +#define EXFLAG_SET 0x100 +#define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 + +#define EXFLAG_INVALID_POLICY 0x800 +#define EXFLAG_FRESHEST 0x1000 + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 +#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose)(const struct x509_purpose_st *, + const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 +#define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 + +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +#define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +#define X509V3_ADD_OP_MASK 0xfL +#define X509V3_ADD_DEFAULT 0L +#define X509V3_ADD_APPEND 1L +#define X509V3_ADD_REPLACE 2L +#define X509V3_ADD_REPLACE_EXISTING 3L +#define X509V3_ADD_KEEP_EXISTING 4L +#define X509V3_ADD_DELETE 5L +#define X509V3_ADD_SILENT 0x10 + +DECLARE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + + + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, char *value, int is_nc); + +#ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + int ext_nid, char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *name, char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +#endif + +char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); +STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); +ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); +char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); + + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); + +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); +int name_cmp(const char *name, const char *cmp); + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +int X509_PURPOSE_get_count(void); +X509_PURPOSE * X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(const X509_PURPOSE *, const X509 *, int), + char *name, char *sname, void *arg); +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int a2i_ipadd(unsigned char *ipout, const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DECLARE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 + +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DECLARE_STACK_OF(ASIdOrRange) + +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DECLARE_STACK_OF(IPAddressOrRange) + +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DECLARE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int v3_asid_add_inherit(ASIdentifiers *asid, int which); +int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned v3_addr_get_afi(const IPAddressFamily *f); +int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int v3_asid_is_canonical(ASIdentifiers *asid); +int v3_addr_is_canonical(IPAddrBlocks *addr); +int v3_asid_canonize(ASIdentifiers *asid); +int v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int v3_asid_inherits(ASIdentifiers *asid); +int v3_addr_inherits(IPAddrBlocks *addr); +int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int v3_asid_validate_path(X509_STORE_CTX *); +int v3_addr_validate_path(X509_STORE_CTX *); +int v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, + int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_X509V3_strings(void); + +/* Error codes for the X509V3 functions. */ + +/* Function codes. */ +#define X509V3_F_A2I_GENERAL_NAME 164 +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +#define X509V3_F_COPY_EMAIL 122 +#define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 +#define X509V3_F_DO_EXT_CONF 124 +#define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_EXT_NCONF 151 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +#define X509V3_F_GNAMES_FROM_SECTNAME 156 +#define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_ENUMERATED 121 +#define X509V3_F_I2S_ASN1_IA5STRING 149 +#define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +#define X509V3_F_NOTICE_SECTION 132 +#define X509V3_F_NREF_NOS 133 +#define X509V3_F_POLICY_SECTION 131 +#define X509V3_F_PROCESS_PCI_VALUE 150 +#define X509V3_F_R2I_CERTPOL 130 +#define X509V3_F_R2I_PCI 155 +#define X509V3_F_S2I_ASN1_IA5STRING 100 +#define X509V3_F_S2I_ASN1_INTEGER 108 +#define X509V3_F_S2I_ASN1_OCTET_STRING 112 +#define X509V3_F_S2I_ASN1_SKEY_ID 114 +#define X509V3_F_S2I_SKEY_ID 115 +#define X509V3_F_SET_DIST_POINT_NAME 158 +#define X509V3_F_STRING_TO_HEX 113 +#define X509V3_F_SXNET_ADD_ID_ASC 125 +#define X509V3_F_SXNET_ADD_ID_INTEGER 126 +#define X509V3_F_SXNET_ADD_ID_ULONG 127 +#define X509V3_F_SXNET_GET_ID_ASC 128 +#define X509V3_F_SXNET_GET_ID_ULONG 129 +#define X509V3_F_V2I_ASIDENTIFIERS 163 +#define X509V3_F_V2I_ASN1_BIT_STRING 101 +#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +#define X509V3_F_V2I_AUTHORITY_KEYID 119 +#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +#define X509V3_F_V2I_CRLD 134 +#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +#define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_IDP 157 +#define X509V3_F_V2I_IPADDRBLOCKS 159 +#define X509V3_F_V2I_ISSUER_ALT 153 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 +#define X509V3_F_V2I_SUBJECT_ALT 154 +#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 +#define X509V3_F_V3_GENERIC_EXTENSION 116 +#define X509V3_F_X509V3_ADD1_I2D 140 +#define X509V3_F_X509V3_ADD_VALUE 105 +#define X509V3_F_X509V3_EXT_ADD 104 +#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +#define X509V3_F_X509V3_EXT_CONF 107 +#define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_EXT_NCONF 152 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 +#define X509V3_F_X509V3_GET_VALUE_BOOL 110 +#define X509V3_F_X509V3_PARSE_LIST 109 +#define X509V3_F_X509_PURPOSE_ADD 137 +#define X509V3_F_X509_PURPOSE_SET 141 + +/* Reason codes. */ +#define X509V3_R_BAD_IP_ADDRESS 118 +#define X509V3_R_BAD_OBJECT 119 +#define X509V3_R_BN_DEC2BN_ERROR 100 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 +#define X509V3_R_DISTPOINT_ALREADY_SET 160 +#define X509V3_R_DUPLICATE_ZONE_ID 133 +#define X509V3_R_ERROR_CONVERTING_ZONE 131 +#define X509V3_R_ERROR_CREATING_EXTENSION 144 +#define X509V3_R_ERROR_IN_EXTENSION 128 +#define X509V3_R_EXPECTED_A_SECTION_NAME 137 +#define X509V3_R_EXTENSION_EXISTS 145 +#define X509V3_R_EXTENSION_NAME_ERROR 115 +#define X509V3_R_EXTENSION_NOT_FOUND 102 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +#define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +#define X509V3_R_ILLEGAL_HEX_DIGIT 113 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_ASNUMBER 162 +#define X509V3_R_INVALID_ASRANGE 163 +#define X509V3_R_INVALID_BOOLEAN_STRING 104 +#define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_INHERITANCE 165 +#define X509V3_R_INVALID_IPADDRESS 166 +#define X509V3_R_INVALID_NAME 106 +#define X509V3_R_INVALID_NULL_ARGUMENT 107 +#define X509V3_R_INVALID_NULL_NAME 108 +#define X509V3_R_INVALID_NULL_VALUE 109 +#define X509V3_R_INVALID_NUMBER 140 +#define X509V3_R_INVALID_NUMBERS 141 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_INVALID_OPTION 138 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +#define X509V3_R_INVALID_PURPOSE 146 +#define X509V3_R_INVALID_SAFI 164 +#define X509V3_R_INVALID_SECTION 135 +#define X509V3_R_INVALID_SYNTAX 143 +#define X509V3_R_ISSUER_DECODE_ERROR 126 +#define X509V3_R_MISSING_VALUE 124 +#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +#define X509V3_R_NO_CONFIG_DATABASE 136 +#define X509V3_R_NO_ISSUER_CERTIFICATE 121 +#define X509V3_R_NO_ISSUER_DETAILS 127 +#define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +#define X509V3_R_NO_PUBLIC_KEY 114 +#define X509V3_R_NO_SUBJECT_DETAILS 125 +#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 +#define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +#define X509V3_R_SECTION_NOT_FOUND 150 +#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +#define X509V3_R_UNKNOWN_EXTENSION 129 +#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +#define X509V3_R_UNKNOWN_OPTION 120 +#define X509V3_R_UNSUPPORTED_OPTION 117 +#define X509V3_R_UNSUPPORTED_TYPE 167 +#define X509V3_R_USER_TOO_LONG 132 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/lib/libcurl.lib b/lib/libcurl.lib index 08d408b45f248c7023b17db9c514b276283a4fa5..1ad495fc651e5cdcac8cae3453731eafe71401fe 100644 GIT binary patch delta 1264 zcmZWo&ubG=5MD#oXd;c6?1skdZg!JxviZ?8X{3f?rIg}9`~iCMpaI^q}H<^Jd?^ZI3hW`)0oRX5MHp8Vt>`i``xq zhL-+z_IFAK8;j{bA_{B+?&QZ4+iM$x{J&!o0Z%6~$G6wM+#cJ<7Zeww+^-_$#>`7$4tXo4-~~2@Kg>CN=F*xSWL&f2j1N|f z(Xfv&Uf6;`HBXcTf;nLT$yh1Lq6WOKW24=YG6LmpIF!p&P~T^#FZF#aBh7b33huQL z^4yIC2}n?mNVf&)L3#FYogG2}wVJC?T`rqBn&KNNX_}VRlCYQ1;cLYWt(0@+J!P&> zJ_=m*XbmLrz#~5>zCU?bFnpg372`<#YMk*VjJdSGRUyq~(#|t!uTJLSN+S*PH6xUV zMOJHZdvP9{kxV{ME(clP2?=tZWj{Vonw#J-lC32*xO-NIePSsWvs70|w8+i6(tW%k zBzvro%evpx3rw=?j&ff%Bmv{oO&J@&3h)De)Le=bGaq#A}#NZ1ghjymLfC_7& zBaOsH>m9`d`s8+(u4`x^Cg>i;BxVRh7x!=`rhk{h@CRM(h0g}iC)?`D&)}nB7F%6k MO9tsI%wIV3A6dPAeE^m#Qcjr6%VxK?aI3KdCh@dEnC=dZDR1{D|DUhp(${hlw zqOfi#5JIA(4oZrEKtMrv5-7hQqDq$trAPsY{g~a`OUjvjZ|2RL*{~n>hvvw9yVHfC zrN8g~PRU?rIsJ!6fo;Hp{AeN^?DX^hE=UACpU7Mc2jA8{z>k6jdlQGz)5k)F;=_U` z@jgj_Q@kla2CTNmX)Y)(MY*FQ%Z->fM2_(`P0kB!7XC69*fW*Z>@db1E6(_2#TX6y z9OISE8CdgDi6e*;2B3`1k}PV#+d6A>P*O&~++7EAnF`bQ)#*unpUaHqyF3Mt+6?m2 zjRbK>P>x9VIq7k^d$!I#q5xYhRIo0UO&m?pjg&M^%W6qDPU!Hx;tDI}TzOBK>x<6> zZh5!{6nN^P9~iGso)ru~Cxv1*Qm-0kyc02%_P5HVxkTD^BJIuPJltxeVXgi=Sfo&973|Sqy`VibT~nlaxp7)g@lXTtt;I}8(gwS z3b~~FJ-t9A%kE6>>xLw-_-a$e29N^uzz5BhNHOt&=8l`oQBGZ3l{DH;>F}(jtc|FX zKGX={>6ILuw73#=qA5NRUi9vi*cg*$x8v)1fw5BHv>hw3F^vqmKy+w-nh&V3mO9c% z)@ZwVDch=_;?5ebcmZ-Ed9(2$66K4oy28D|DWG9u#;hlq&G zh{(){%!r7{jEIbk%!oW>W<(w%BQhc)ju8?4@8@}+wbuKtwKksrT-Sa5W<4M8_xjjt zuf6wcM^?4gEErYsmOkO%6~l&JarN-Gj(F>^&_2XAuef^H@T;$qjhiZ>s8{Fc(!bsl zUHZ2J(WU=;NmS8smvZUzb0Wt<6#hQecnF2F1C5O+{G-BHh6>L)&drN1RraIs&tV32 z{u9o3F_xpkamT;rMwcqI>tAr;8e=O8|L$t6M1`|TS=1Cco& zjeAkJq?>UkDx7g#S{;=sPohvZ$=HoT$3ezDD3nu%6uNaWmZQQ6$IIqK zWy&KcbRTYPMd9V$4f^9EG`iJ@g-9Y(wDi~+(i#~UAu%9MF145Xh5eH;jH z8e~xBn_v*-D(g^qGvzAnsPL>~@C{L!LLUdiTZS6;xZu-_|tQ5ZeMplzdJ4DC}G^D)9X z$JpAaOgV_cxZ%eAD2!)4DXUQ7v}3}&s7!ejg^42!awfvH_lNoZ-X{Y5iU61*%Fm0M^KnL#drvX>-rlTQJ7Y4EJX#zUYJh1l>;cu7-?)p;a%Mg z`uZ;6tYaqaRt}*sYm~uSm<6-RQ&ynD3CH!+r!cnH!wuvq+fjHo^R28wVa_GS9jI`| zapQuhOgW6g+^GiZbS}Jyc~c%hVO|eoH7cBTy!WQ4OnD52`PUd*P^i4jSb_@AIBuF5 zl_`&)P(^*p{U}sZpTd|`3yhmkLw(9qDAdk2D5DnY7!QT9sDpaOL)nPJ&5^MX6`pV` z7#o!-yHIH8Z)`w?^NxiJqB4cNg>cJggErp+jh7oMP~oIwQEgPFJc&XR^(haa&`h4P z1{K(!gq9}b2nx5(F!rL*I?&jJLfd7=a#T3xXeUqEgTi9+6vkw+aKW*J{wefr3EW2i z6vpy4SlZiIiwb8Qw^v7H%0U#CjWD*N@V@TGv#4-~}SySJB8;RADSPPDUYJCa+txGu7v-r zFqWgj3CF6rQJJzIg%8tjWeW9=wxDx7ruSAA5b97bUc?NlB@;UoQxb*OOGv9>lU zQx2f;QN}^pg~GZ)#%2^g*40>z3g;Z_o1!x12nru(eJJ$({N_#ES?Y(wGRp2m6L(woQ!66#BdkzDhfkm8fvWv3)^QraXWAGq+Yl+bX6^=O` znjMuX2T=Gn?NpeXZ^Q21##t1;Q}5WlmTmaXVaJ}SQJF&D_P}=s8npSlu(#Y`4)zL1 z9N!~PA?JJWF!d>n?ZX1|EPS7KDy*UJ!#>7Eq3nI|gDwVh_XFXm;}ObN_Mq^?{>C~~ zpijbn`lZmH{qQ5kLD`1FqbrOasPLTQ$FxhKO+SXm1{)hu;ez8QwNaUJ5QPK7jQdge zX-|WCekw3O!a>@vJcPo}`Wfp{c)Wwrhzd_S{+sqI51??UyRjSC+f!rUB&U-viY z+pposCB_m|pxwf6ZZe)i;prI$eRvxFXRJY){{znqHFluzTgFkLZNG)1^i!eEqwu@S zjI}5{+r_~5Ed0L0SdGFl=0RDC3iMC-1MO63;~(HS{Z$yVsH3tU zg_n&o9z>!00AnKxFE2Niqrxf2<@2MC3Vpg9UNP37j8{Mp%276<@X9U*WxP^2_g$z!;J?}=-ty;hr(-UuW|<}Jn!hUAnK@4W*>O%6ysqO zxQFDR%)anC=2Kw|UI+cU8LLouePpzw!bwN}c~M8@5DIT#T$EiX3>awKhr%1X8*5R4 z_6h@OuR>b~!kcKXvKNIxBaCe*yt%)z35CI348~xvz`O}>sWxcaTVTjE<8c(Om}%g< z0)|qrvIm7LM;bd(7{)v+n^Cx`w;}(-@XL+6PgdjBJTIDo0Rw`!s{K{&pBO-q?e}J1AFq0EN-CU!ly=!g+sYOcCiOM$L1A(aV?8R+E@4We z@eB&@oNYXY!c^L&FjrIII_67ZO>>{95Xt}r(5hB=oRw3+)v z9p@Z(+&Cxds62|o+~LN(D7=UDrz}T>6OMWFqmBxFod@rwKIH)v=Jz%j`}t7W!DvN= zqmG-VMjaLUdJ|OjGd7^YSx0q!)KNKtLd|T0HrGHc?N;tbp^pA4>?3u;Nk{#>sG~wo zJ={FlxEqB9v{Pw8g=ZWM)TgjdG{8dot5DZMxaD$VB`VNvp>d%>n;T)#6yre@n&_{x z5rt;zSDH}aDM!oLsH3tSgjr%6e3|;CLV7qLBAKxMPyB8-@1|Fc=f= z7j;~IiP3@z&pJN9`cZbFu%eg2+F1b~WIUCnsBp}2C;e0QqVS>q##&T3=UBNQ>Zm-8 z!hcRP_MoteaZxs-@L|S9p{@@LCmpNjM;(Bc9u(GfH|WDU;k@Hxl%YI{!g|(|vJ-`m_cB(a0(ruQR)g{00H2s+96;f& zQN|7wKH1Np51)j)yBNz+;W@{rZiqT6`%u_OKa?#feEM=@Eee~MM`Z~roN#=mI_jt} zKA(Zj>|e?r6h3>6A^*cYLyT=Gd~SfT359#hj1{QxyyNqYQAdR__&nS<*LWO-FHAJ3 z;|s85sKJ`t0$=QB+=aqc>QP!y;jrUNoOe7#naVK~zCG7CfWqz(#ugO5 zL%9lL_Z{J^V-Mq}oJQfhOAP$qg}tl=;d^BUYx#QuvBJZQlX3`!?=#-Y4ixtFG1j2) z1I9&ZM1{kSM`lJHl|3l@aG-H73j4blv~Ry~)bXPkQAcGj3XcvpHly(43S${6Jm+|< zI_juAfx=HXz9v_hLC>)t$>_Oo-jJL7{g{ONOYf<66Du*@aO@h4t_({C=*%TKqj6V_ubqQTPMnqCAMg@gc@e6#mGz zvK58rdK-74@TYDDefyJe)^VaX>ZnlX3HbA9gTDM3PEw9S&PjoB5&pt@QE2;L;1umw z4xsQ?%28{w$v3jgSDY(?Q*KVusT|D+uXWAslrUv4m0JQvjQ{AtI(>Z6Xz5fm=WG#*9a-y@Bk z=+3A-8fe^y!i)ME_n^?B!ngw!PC8yZFDh3Kpm513V>=3$QjW3_g|bVGC8%)1(Xl!z zSB{`iKFQdFLZ>0d78ELa7;8}Bf}?Y5RIVIDq03z3aTH!M)_4$w%jma4A1{Od=x(e+ zh4YTCEm67hEDA53W6v(xnRIVIF;d07V9!235 z!;Sk<=+Vd6fWj-87lkrkDV%Zitc}W*CsBCSBx4r}z38{XSoVTf(>{fKoh2D&( z@-zysnPKcjq0eArGYYTmYS5O~3g;Ys>8C;;`@-vPFdjjn-$-Kz3a{^PFm|tp{@sj~ zsKEFMZ&+wNi^2fPRSu%?#)-y5C=8_E3S|z2H}y0a%QwNG%Z$}1yg4$Kq5|tx7(CB- z0)@AXH+G{iWUz4`3Rf^L3T0j)TyP9!ZiFkzR~|%RSU=+~6oxiBuDT>DSD2Tpgl8PX zr$yxob21#>O8p9bd@GEgU&;y;uAXZ=io!M5826*_wjKs+;cdcs$4J_tJcGiBQ;xUK zj>?sND2y6n+=Ie9s9#x*3gii+=NpfsFlMx|6NRw@jJr`7S8gyD$|ERD z7-4KfVPY?1H7d{_;o1epQz%RtYmhSuCigH_qQdizDYa3#Le3O;C+ke1&F_S%eT;P| zT-U*9MTKLIX*WdW%6=54k1}?lFk_H$4+`(6;gdCF%p9?DWwU_69b^~TdE%${K| zHnZXS;l_3pZs>1N#|`lAuEr`xX5WE@4InsOA{Rt+^H4d%86 zYH6RsK2{5LkPdna`*u4QMRD4qN}kS6&O$9gVe8(^Fg@t8e=C4 zA6jqFjt{{~=2vM&g=ZYxzbRK3bMD`iuNr7Dm#g5zWyZ6p(C%1$LsYKpN8!JQ8TX;E zhIT8od5v(w@sZl7Tv*F^2_HG+Sj$=xKHAUNfWo@SXhMY}j*m@=$`x`x2J7jgvIZ5- zI6h9i!utC-Y?x`#<_+)(#!X?)J^^>J&ntaV_+%Gj1u9Uka5rTMpPJ#|8J}|DQ9S_+n(Vqr!2= z);UqRLjG3x(oo|b6z;DuT2SFh$CpP(dL}6zyV-+f#a_o4Pc=!hGQdkS$ zfL)BUvIB*0_BYm{!a2u-jZwLB1ch%+HTIzJ5aX_FM&a9xi?S9KC`Z`6&^Us^cj&Kj z0EIn_uR>q;z<2u@t5M;sV{dI#t~`#y_r@CAPuvIbA11%s9bphg?)^lvIm79 z3^G^)KY&NN7)w#%nB#}6ALUUL_Kz^Adq4cBx3K|*M>`lTsPK&A$1|gHg}LUrp7O_r z8uy{_ldcAR_=#}JabSK_t{gz&r=yJRC>-o#tVe|lj-NF~k0V95aTXXpdG@K^~U2U{Boi}8-58-4KnUU z;a3&L5>#L<3x{VIuLC(9>xX~p1H(m zM}=dK-_DQ9l_ya+I>~q#h2PPCg))B!&vr8yvuB0#j^DRL<;qbMj?q449}0h<9Az^K z$IA`ca$KNK!XL>~9!24~VFqVhh38zOJ51{b3?#7*{aKdrshNxV57={16#@KaH3NO0ESb_?t932)$os{D!y!a;LAPSd^G`68|X-{Jf3S}J( z%H;k~C+-g^9p^=zlqXQ&{*YrI3Y{od*@HsGaAOM!ox2;WP~n23OHeIl&4U5`4odb zy&NtdWZZ+oD;PgzJqkT449e^woO8UgCF-P{M4@M+A^*dx78*xT=rzsQkHV`*8aq(v z-Ot#B!fVQnrKoV+(Pv)NNqG!~*Ir|6L!oa^gR$%@oO8UcHtM7>mal_;6OD&Z;Qo+< zx?d0dyBe!d;k@Gw?NKM?1PTMHjYBBBalEk;g@JvHyHI#j2V)5;Fjm4K%25uZ@a8GT zZWIO&H10*=E!~V2sBp?Lq$%p8Q05T0g7H!qt1DpW2;%`1uIyo~K?V9L3|nA4g~C;n z4A$^fFnp+S9|~`!Jqm4kt8m&ef^iqF-sQNaPt-|ShYIH$Z>x_wDUYKta-y*Zg|`nh z?nYr0HgRve1W2YJqp)jtWu>ln>IL0rGIw{mO z9wtmN9!6o}aN~XyuI*v0M1@n1N%U7agu>)&jIAh4x!hQb3e+#Wv&A@u!qmCO0TiyI zJqmre4yN@tn4@Vhy{mC2Dx7u9XpA~3PowZI%29TsFms4;FAB3LN4WzPPB>=Y6m?P# zqj3EUV?PQvj5cW74e;*4#tszb^flO5=D>~Jja8_?+zE4A4eFf>@2NGY^F1(+_A7f) z;8`EXHWcRfF;=6(8AoM()JZvl!cDYa*@r^aH3n_1f@<2U+=oKVa^rba=<2AYy~;@x z>gF5FeI3+KGH7c(a6ibwSln*_jAO~eO z!lE9=Iux2J4AyFsaL&<8zm!ubv@kZpt#ceL3)zNSpK`QfR}P@iHs08SLOc73LYvxQ z@c?5J3QM{gYf-qZgRvA9PCJ&?MxB%=P`G`pL7BJ1vVO+hD7>%SScVGBg>c6_;~)y} zA8qVJVR>KUE)+h%I4QK{0|M<4Rx}!iQTX6AgFb%{?i^&?gTjZp8!J$OGK7`1M|li| z{~T%TL}3+kqntzG!!3?gz1W5iA9t*t8+B3+pzvReyRrp^H9d?qsBppYk%dtwg+6=) zc!tOE5DFh1Y_R4(3hO9GS&a&`N%$D;QYhnNuzsRJ8SCNW0}RIEI1d9BHstHo~X-8IdL zMTO@bpJ|OcDJM|aTyN0F&G6Zo#v>@)Gs4)0!snPHg)#q}aL#crRd3*Q@VFc;s0hr1egqQYs% z_iLk0%3&1tO*2@N```zZquh_eBRz~YDEzS8Sc$@Z##y0{`-P_+KcZZPwell)w2wg< zj|$H_e$03%2T*v7`jssx{Dk_IRj6>%!9AW%${`ef%6ur~{1gt7r!a;G1?m%iR%?*+ zGkAQgu?>a)?rE$RG@C*&!Y_H>d$a; zu(1_|zg%um#$SXpj#IT!C*^Sz{>u0Xrx_=u9Tn)a@VAM^E)>r6Hdu2!@6+kbDaZe^ z4wU^UJU_@_4xR@-$K_~61(M01x6kgQFSc3}Z9UYpY3Wb~w z@Zzz?4iqlwXKX-)3yw=$q6+0G3T1PR11NN)9HG3Yu^JW5I6BRbDwIc2s2FK%L!onT zgPhI+?G?H-8c(C}68foZN8z$w##$8qql2*&6;3+3&WkFPLnyp-lCc+sZo>`Q(hXil zxym|JxZvpC8dWHaL3en0t#Jf}%V!z~Pb#t1{?RG@XGE6bM#8+85!-UaLnAEhzM69u&&#Eu3|{W*m+K);2) z^jkTB!s~7_DC2d|k8%{+(hs=b7hfx?Y&3G7vtA`rQ z_0@0<^QNpr;cb@~t*F3Q3nOnZXxm75JM*UOMq$)2Vhm z3^wS)9JsNou@V(dJLXc3@+1oHVH}kQQJ6Q-*o?w^DMz7<_X=kn^Or^y$_W%IZ!(@h z;igH(9u%rZ8tjAI@2RNnXVAxL;dw_53iLtv;C$mS3VfE!aR`ME(JzIzdQ#QCQW%ScVE` z93QTaDwHQtSUu5r2!;Qmy~-vO*08=5%2*>Db9`iGRG~bA!rEcR78E|(!&rj~7aZ$a zqY8!bS_dDSW;~3-diteM_j>p^m})$V!d;_`ohW>AfUyCE zyCb6!6%IQ-H6^N0=+mcw`#%oK*a)Ad9OWJqHgz+WqryqYXXZu~3T^oeY`(^L5QWbU zH5jYU!abK8%-uckIr^9aSiYP}s`4P-yE`_))1_rsSdSD~$67ARNXGhB{mQTWOY z25tQcY#VLtM&YZ2jIAha?_+F2;cJYGatA7$aO{{9RVW8g`1&=*HWYUDH||B@8>~-- zwtqvo;Mmm?RVYVL_~sI*9EEQ)zRF<~c2lmh3x)3t zbnGdQDunOQS78rhshmLJyN?=kQP?}m*p9;Y`WhQhc$l&j%6V8g4nkjh!g`xVLc^3Xerb zD=N@7;V1M}IfTN2Nya`DemcT<0EL6yjTNXs+k~IZHx8okIOQn2QTXqn##R&#bu;cn zh0~6o-xO6SPoeO{RD-rW0l%Oeg))8tPxdi3q43L|27Ue|Jk`Zmh6>L)ezhQ~P}p~P zj;Dg>cpSS?_;r6{GYUs8Gnk_z@Ef+3RVX}ti9uhU7S1{Tr#-4rPN4A2LgOe3zooy* zVHA$eG30;v-Be>Q3eS!-cA@b5LB@S39P4S&_hayfF2+h!xZpU>`cl}hj>8}8ji*s~ zZm#hp3V&igmE9$C*aRr4eI!_aNcpUJ*rUX>q+sC30!l{V{WuAh+4l%Z% zaJrYV1{Ek*_#5M>(AK}fnVH6Z6nIX@u^olyDM#6W3KtxIXB{X{pm27EaR7yX&~Ifg z3g_4#l$|L2bD+W4{}aw%ZmdP&Uu6bk@-KmUg$qlKGbsGK$vBQ4k2**7#*-+#XsWRf zg${#_%_zLM!dQ+9Cmff|i8?EfqHyUbV+RUleT>zpaNf~zLDX5H?v7AC+PEKuPL~^Z zp-@q7w4lNSf%GLa%NHZR-WEWfCBez9IH@)J_&ECHy%e}5bIB&Era0AgN*x77)-wu#%?gYB{G(v z0`n^jp?wNv4uLDi8#_@L+Sgc*!j+d8OHtvpV;JpI=;JWBYND|Vh2aAY+BO{C+RL~L zg%M>2V>d#e&%)JB#t9UzVO|vZAKq5&7&$fStn5SKZBIGgJ|gO@Y(rsGKVuUL@91tY zM(=>pv_n~j3TGTVr_)(s%*Mdjc?R{2g>f^D{V0qdYdna;grUZE6ebQZ?nB|)%MI4x zwE}$?CM__iV-ifBXi(;4n9|qSfC}dv@2rhFD^H*>mG&q*QMiurSE%bcfqn|pZZcR4 z(_s2YV=D?Xx*Fun5U5XhSF3RZg_%=~Jt)i?U~EKT_9aFODv%>wPyZD9c0Jrc{}krt z27$VScQYRfIq!x!)Tiu1;YQY*vKfWBml?}Z;gsV&3!=`-(9!^*5NKDyZ&YEJKCo95wTz&dMPaYDXJ8QK+L|3Vo`B zdfK4ei3+qwxOt)R3`W>sZNL zC{LpBpJR>fDDbR~gPc{u83*@pIxA11zC93NvGl_MyuzrkQE*2BjK8~35Gp{sExDqL`Ug7zu& z=@W1l{ZeQP_i;LZvX8L=g}XZ#%#H9<=0{;}ehLQ%8q|Fde#Uqx zcc8)v$K&&&&dLE4{`(qZI|_&TI(}XrbrudWw!+VsI-Ve3_&NO%o;c|E1-Z&76rQ9U zWdjPo>|nH@!coUlGosE4bMX}XiuNemP~dqU$68c4>-aVEsvJh)2=l7!M&UOD494&` z@N}861Qm`u{%20qS=o=mGsBGsQ1~tNE9+1=%6uq|sPL5IcjKeZ%1#uXB~Mv{3g;ca zZ;CoAM^HFMyOkX%{GpGr9);tqKZQ1P|EDweew07Xk2))dPv@gNF+8f0ul;Y1f> zDJqJ-)_bVRG@vr^VJ49&%@tYTgpxp&h|I%M&Tb7#vQ0|%)zrfot6D4{FC~H^IaYP zyq|42zsz8LoQHqSH6BOd0`shFN8#VSjMb<>o1sf|lW`D*7mYTyqtKy`u>pk_N5+$= zu)uN2_^6BWAPSfEHORRX$}TZlP~nK91iLuEt7KVC;m~Gkywvc|G*+XRJeoGmbaRi@GSx@f%`= z9$Q&C`MMd?XU?u1KVjCmnUiPCo<6g3>g2H##@u-2(5SL<+VxYX<|CpH#33$V_N42l zy|Z%snAu~Z%2~6f)>Yk3YQv(I%4BQIxN#F^%}OenJbhYaeQRA^99Gg@;Am*SNR~JY za+>OHyGW9H$4r=2S=~_CaC2Q{T~kf#?Ja3F1s;j6sjevs4a^!>Uwy^U5rv@{PaIt; zHnm%1sZu?=Mz*(>YC*;$(Y1BC?k6Vk*VR;~4RO<)Gpiv#jLFD~zr;`nW{GRgj8a-< z)}zra?G4RMZOL>?0kKK^ZFTK&4=Zn}OBQOOD>hoQi{b;9#4m2Tt+lEp8|qsnswgJ4 zjhQv=ipnw5Zmjgyx^Ghd*vYdiXU(2DdD^v=H4Ex$Zb^D9k$Gn}C)oWmDbAP8xS5fw z&a}v@Cvj)KSj=BosFIJB%N^M3_-bKb-^3?6}uA5;CB0sqqS0+9?MM-ozLy0Lj#G%KPJbn7q z31g;Z*Y8-*tZ@^jU4Pw#nPX;87$2SvWa@IhYz7N1m;*0CUD^0dC%y2bm!2)#&8#b1 zdUi#4@#%{2jP1>pW2cpBzd5yziTn2oI)h-Mw zDD)R*<_{>@T#G2o&aJ*|vUhyRx-yegto%;e$ zWm`K3x|=ULNfeNT`7J25r&~3FyCAQ4oGmNaAHu>)jIkx9BRqM`RYCRMqRqOrWvMaK zs?d>%&9){D_F6J+_JnIE%&e?g)DjHxWZ&+}HB0T{;z+dzk-1eK7wWC<*pxj~1@@rS z>CQWjua#u5A|U&5Kzw?enaDdD%8vSUS?v$IYIQT#HQ`KVf3_ zyjL9H>hN>3%QVPSXFeypV1t}=)duGL2>Gq>$H}*6M=R^gw=FkveoBe)%P!ZT;pv*4 zF>dyp{56AT)z;{?T$t9>wYFE*H&)%8zA%tgROk;gFOp=gFurNg#p+4DVODcP?ZwhO zcbLZsXclI^K1YDxR;E#bjCE!(-Y^jQ<$b^U~C<0cfn@Xh(cjLfhm(aCtu;`m(fdfGR; z65Z=*oo+6lYlDjhn}5%lswt7^(zLIin9Kt4Bnkr3piuV~DiJy-Ziv z9P{Epwfm8^Rqa(p9d`C0vbcxo*~aR~oo52OU!okNYwPN(7B{w6E~;t^Z)R9lKE^Mh zv99Un_60@lk3IQlxfxVC!+HIz?6S9prEA^{`Ii)-!!J`~E9;gPwIlTvWmMLOm#Tgp z6sT@LkIoJ$s>RtektG7{4vJMJ2lVROE2m8!Um`s5W=em-xt5Z{^>DEga<^8z_W7lF z_gE}~OWx~ePaILy{KVzgoI8}o<>(&O@q_*JG;cahQRL1ExN&w-gQW0^0yK+%D;c0hJ4qh2Jc!_qp}^AnB*w05xH(k zh}T2e%Whmu4%7p=jteX$D(vl+8Q}_ zzhHh4kmlxQR2uHhsBAJRSA?-`ne_O}=5m z%vocmmO2^~2WY)nS7t{kau?=h2RoaXj(gU_k}X&q7m0H9&mN}>K6|h7dfy&I<_{=w ztba^NY`hC8yI5toCl|ScT5`KjoZ;<3u_-&&*7W4K6vySp)&jjTHB0^g6_?>3qhecj zSqJu@SF-MkCdsPx-Ih0TM9Ia-c{A{3GjhX{#Cs!?*z$uDy0r8gCeNCDkym0x?t;8b z!@{hjZJ{~ayaKP*#EXVXdF8pNxpr}5cwo=EG`_m2;B1r{HAdGp2c`OkriONTdpdkw zQsj1dybsFDczJX1BH1N_w2a!J4ZOqD92{E{TN07E5|sckIX`dcwuO6Nt(lxZ^I{@> z72(d3^th>}xv4&ALe`}vCB`LJ76*&nB02t6FRZHx+ofkIGizMK(Ar$@6I&9I>AeIb zy=TG}RWcqygHod_!(#GP1&%N_TWK7csX0IRu5y0{oFy|2sWGjW7ZrtFiS0pT?g*+S z%Igw+@FR$2$npb3sM>?b?0y&*njS;dQe1hq=E7<-b+TDJFNq^)H(RPQj{tbqw50rr#f7=|+tawVhMSx6GvcgaRAo(j z_}Wzqlt|}EqZc<7w=uS-kxS}Y8|uTm7Fud-*T_ZH?o3vhyTg(3gwY&JGB-q$aC2$A zJ33Uhafu#`LtxiP=~U54HLzP`Yg<@aOO;wuZ)NS`%v)6&VrCcD+OVjhy2A5NK|Zg zaoOeQt;F`Kn}=o}kw|QsEnBRWU>*~ji>O=F(#Ts(xx*VrRnHN|=8iE*uy>qEY#al^ z2E-++BP=;PQAr``Jh|a1T6Y%LoSb=fBuVpq*^HtVy7;hd&Q{ne&oy?;tjXgl$4#Hc z_3#+pEtnPTnx(vXd)lgEU*77qtb}vy#G(fkvsT%zuO2=u`(R(*jwN{-&@Ct5!v6)2 z2WG9Z9X=fBTlk*``wH8Vu}ft9Y+urr#DZ5|(0C8|`IfPhujSz*?_CeiFn03v%Bq^0 zy7U=P-=hDwHC-V$Pq=umt8Yk7fQ7EW*tWR7RDA48;-&Q^%J*GCd|ZePhjc`ms;}&< zYKgC@YHX~Q6IV@pYh!#|DsZTY_cSu^GUm)`;Ka&(nWgQOt#$3K$?3b$rN(U4x*dCT zba~&umeOur?7f1xNI>Aat(9wr%9|HgwN^E?r;i$6JSOqB@G8r@(UrF+mex8M+>5rf zC?v_htyER1Lt<;|su$m!%$q-DS&v5F+*-A$vZ=YLvYvN!8Y}BsTbq*;;6(z|V^*s{jtp=*w^ZU0k5yDHk*s6X=quHjfib7Vo`FzkZ!yGns`NC z*`C=a>MK37#Vu|Oc5Xt{;=HYOjSW@R=}n5PRkv#|wutHryq49rpm}kl?7NvG0V$zN z^)b4m*+16ZhOL|wogflkBM@heADJ!*S zBP**~lgIgreX&(uGkb5i=FFaflRWotYSZ@!i+!XYBiSw_<;!U$xj=OG_-%y!THN}2;ZY&$% zY;nYlcaEF&)@+Cwcy`hyD9 z?b_7R91N&#N|xRu3I;N^sFx?svU^oaV$+DlZOL;O>9+f?J=l}EXTY|2vP0*##nYCo z-t>|-wYdoI2DN8!{}!y^Hf|Z&vUV|YAkHq}Ha$E$tBVTPZ(Fi@`7g6}V~fjU3Hnpe z#$gA8^SSe}-?Q`#-IlCM-|w$fE zDZrT}PA)dX$2zlC*q#3uE(C6ko)Z%JyD7&~~S{`hD%t#a(t$zJ(( zuNKMk0{mRhoX_)|e$L_+&Kl{Zt5;F%AzB_%_uj7cE%twAIiyduo1c01hD_XQF>i3x zan;!|$8CfIF4^%|%l~cdRl$zp*(jgS{)`)|CjhSjzENT(4(0Qc>2tDyDcNXk9oo{| znBEYI^AdX;$(!bWT~fH3JU=I*^s?0oBF35hxY~v#1!YyLITKf^Ok(rp)-6r1n!Nhe z?3at7RJn=Ek7t)DYOk6zaiz*7Hs9Vwi_=qp*IqUI!weetp^JKjmf;-w`2|)NeRh0B(Y=;5E;8)W_YMb0^{RFV&E|9t<%u#mnVnY zMlOQt{9W1)PrPK!oG@;NjzOkp8M_~u=~)t)9RCta*t5{=ml*aeiBmIibFRMf3hu(T z$~&)IxbR4scSEL>JI+fUO_|ejt2caFX6Vahl&UL9O9RLa55~IXtd+MlxB62dPa`># z_}glRR;MpFQv<&0hNjRL8^njpyOWw4oR2q(yv`D=2IpH4j2=EUINzd{pUYEcB}%UC{R4$<#~ym*FJbjMTN063hAt%8yS$HHNQS&&FDegG>7#~i zw^jM)h^#|n(`OKpP5xng!m*AG;tNh_@p(+nQLS|~etoIQWo2hx{K?FFA0L!xc?bv% zPjd0OEi)>~c+|Hx%Za+F{pRLHb>164@*OW34`tt6w2h z-7pM~uRytG8dBNRz#?%w%N17-4XP;cYCWNS=+I#o$x?4o)>XqVmL=YTtSd)ctS} zn&dj$H%e|>ZUv+!&mYcu91_oWvRz-rKIy+vlGeaGW3kUKH@23jAaIj+OKUSXNN@4p z$q8&kG`1~hs863x_bti)-U4yqItTJWC>b$-nmilXdgU8jekYdH%SBp4`fOOW7C5ka~T8bLd182U_TtGHAvqY`EE-hKBu{Cp?49#B2ZG3f= zcQe`zGsD2sV9sH&`YJblqAP2)?fm>p#fdeHDx52ejeS8zX3YH6lhhI?Ci`64fY@ba zhA$Q*EPkC}|Le%+4)aCMv_v^SHMF!gb1yN|T6tmNJ1r-?%$LIBD}4LkKYgdBID2vW z2DO{IHnF7MxX;0G5EI)ivS4YYE2^a-Jo<6Pq6WzgUT`JjM_02YCML4Ni`4k4TTfZi z!|;R^nk8FKZ4wurqC#^J7o3#RI6E69hVV2Ln*H*^6HgMSW{GQ}ao*(Hws`o4rOY8N zHF^H*;Kf1d87X=0Cz;p8LOGoGy@w8x?bzczwi}paqpfanZL?inCS?cKFiJvi_Ag<) z*w{x#<{~z^dX<0Tu%tTQD7i&@ly8)n+<7OlBwlYyoKyD`dFd8jBPSLz<^QI-o2%pz zR4+d?TU>lWk@Q2NVxz@m_6mte_OtLv5FZ6}e@=_Ey<7I+Y*~p(>I$#Q-6nQEx1`TV zrr*uv^{U9}<=FS56eJ`bqPa)nFMhWv_V9&-+Z21)LAQy0Nmb+Gx=OA$y!t%b*y|@& zUN_;o@Y%z_7DwFN+MM2qwFqbPBiwr=NnKuC?1`iOgO`Q5BN!XJ+2y~+@GO$uTF1?L z?-c5r#Lr{9ne5nN-o~1$^lab~oGI~pue4&nn9SdlFW#BPjhQu@M~re`@tC(eOVJaH zMIN>Bvd;g8$hyIJk(*7b(`YOGYx5)0T#gguE*Nx$EUG9L(3w!VD8uIqk z;(cl$V@x)KuEte3V-lmUMBQ^IpVg{w^?CN?ysmsh?;|DWu=JLwtp z-|K@nG6Ius@bKc|^c8tv;sKV*alG#5dA`X__08d27y7ap-W+G*#gmN=h9IokMj|xo zNk1Isk^xfJ1h*^I)sE+Zfb3(=7YWF_GLJW3Bp~l%2fQNK19L4)BV6{9y2j=fYjyZt zS*88rnORp;*U-{F(>-8oU$ZqNKH^_2qQDof{#@blevotM9-*hPT&!W6mt6BCpld(9#gE@$8}74P#M2KKGWoTUs0BPRkJQ-PsomD;2<}OuY+;7m6zI z^HF~HB~KSGCJZZ4j&`c5G5vn67mmAFgnYh-r=8OGu>X(2`7rjCA=$l&nf4|ujVO`b zQq|VxUs=9jSg8R2w3=Ht+Kd(r$>;lz9+vWoeU^-yJACanBxUgWVMygTde>0j!1Zq3xCPA(HFd$^vSdh-KeKKLw_xPUv1Phl z5q=xAgyNv2jO++&jx(k)=?6+eTe8&}?|#|+Qj5!Y3$lv#$4qJ(V)<8OPIj4|=iNzO zL7%VC!=}4Fp<*_3eKuQCO4_T!^0MwE&n@j-Yh$y;*`3MCwne;oQj@;>RMMR|N+l%r zB(k0R5>>6-i%VST+Gh~tX_9P!)lPd^=A>?^V+Uv8JqoA%i& zGzlq{&vyxDo9Q=7@-?JXetY^+g^PxGPM)H!<9+rLeGa@{mabntlEzKS^*SFC=9j9H zJaZMqCnH!?ou(xbC9;c$IIgs4gcDy)^WyM2&E_{7pf$Ji)NS&hzi*NM7xUc``SYM} zby3*`Lc1>EC^c^W0rL*@}0U%4&ItFxd@?Tv{S;&&&H}`RLH0 zv90Nw`{}m+x2&-tdGpvaB>(1a7)yI3DRuBI5PU;|d@9=eOhv|+Zl<4C4sE&>+)Y?`MX+%V&muFH=6M$Kwjg2Nnxmq0##wdVwP_X2vW$1IU z`CZsgFmI5xxT$0vu}kB5)4i>(vXSRRf|>Bm8Ycr4A6DGwn}hfwcaj%;O<&eJZsyd= z@soK^b;k7EH{=xivR3aFf2J(Gzn`)BrRF z_mvA>IpgBiR{ySFwvO1H&671Be+o01icE4ClPzIEmAAYzna-EZkXe4AI>VTv5;(Q+ zw0!ae_(emCoGr~fvg4hbGEJ8TBq5eB_o0I81(%bWEspo~Lt;%vLf zzSSN&3v)78@z%{CGY$#!lfldMQ|nBeg*kD77s-r6EWfszD{lWt!us($lYEEO2-xZa$O?Obrw+~U14Yu(QK z8$YAz^;z0^7}o zH8%Ez83pGCix18XW(%(L^rFspgeCKxSA0WJ@&IKCXJ{@u_gD?)3gh$V9*g$RJ+jZo zmnEgHwMxXqwNZlYjrPXQ#mXreSx{Q7?aL)D0i{`Sarw}K@?=-}zqBnAS5Q*;YT8zk z*PQtEbm}QSXG#|mk5^B8bkWawEaGxq-!IP`g1lte7aHrlz_2Vihy`EVRnqM_edf@rJOj&fL&eGEE zj6aj9gPY#1Nf(i%#ZJrNEkx;q`+))P-k?j$c`Zu{$t-MVGJoM!PizcgiqFn2H1Wk5 z(opZq;Bscqz$xOE>~)89)a=ROq^Fz@qR1~Nj&*zX>@P_lIw*f=K{U5f@_Lg z0fE=clAgTq^@Fs(WMpw^-f1n@7_TTVEK^Q+aZp%B7~H!jMe<3nhF0I5YUTRmNzW-uGbzP4es(xzwF&ijSUI=QzHEwUI9* zF8s_@p)buSK1wG^8F!GEJGT2-sngHNpAWno&za_AZnW93C0QAFl9${A$Rs58B(mt! zVsY_-FU`n&YAlJ4?MY4$Mfkh`G6fK;>F2>GZ|yNnOQ?Q zvl@y%f>+=$Q#!e>M>(?^^vAR4hJ0$Zp*{HyvtplG{SWqe2Km<}?#lSw9NJ`y$-1(r zVWHh3O9ZB7jjOG@vS^msV~W3$>o0? zqLf$dO*K5ElD-KO+TyL?+a)tb+myLYzF{S_d0WYM%Y-&>D_8+G%Ge~LKKNv)Z;}6b zQFR-yPW&A!XBLC3*f#&!&Wuqun+iVNnzxIkxsyM@Q#yQQrNt!>JNmG1}M(d+I@(KB&j9V}oyc;0b zP^l}7&kS=KtqzG@T4H`f`}j$f)A@ajS+k}lgX>xFYS%rVZO5L<7QO<&Z;WN6c8TQC z%*8wsn~C$SMEUP8B%Az`eB)G@9-93)#-4K_?`)?7>XqVqi?et=;B`2uCr#7<%`NpT zM+v8ylh+%zP^ER=tB^EGZZZV-Hw#@D3G|w*Th7Xrw0s4B=uC{n$g(Vc9;JlS%=tb@ zNr}~>a~b!-?vNvDBl>(if83~k9)@Qox{Yq;%wJ4u0K z{A9kXaQ5_>HwM4PYI9fU%Vwlc))aZNHh(fR#k-lEJZr|(F*nYhFlTnS)8y@b?J8bggk?%{NM{?Gn4MADr$wr553Bt4ODbW;X_R1}6 zK&I~EYO^)!e$(Q=A>dWxJIBu&lRL!vCh^ajd~GAXG-?bx+4xC85oQr@FvQ8Wc#Q|Q(hun0>6nE_YRl)a$4q1n)rCGOIWv#R97+-Ku`#XCw@P++SW69w&p(*O zZna5-u1tHXIbT{#ihnpjmj)kw{T;RG|@Y@OPl30M`m?V>2HRn z+wxz0mPnfzTg02+0b&c@g40T9Ok=V$V5w%##D%lrhuWM>=R1Y?g~;)h)phA7_r}l4 zm_0*n@-1%}W3X9Y;~fl=!fG4U?nU}PkdZTc2EPBIsjaQ3>crzkFOhG#jAtRKU9Dc! zZ4FK7qfdFeSoro^e)5-#Y`-|qn8YkezmYby$rjJ=Gu1ry&F_c=hwMV1W_WL9rQ7mf z@aVW_(0{$hmC|kbPYxR;F0)E_Ai@$5qtlH4bthJdYN={pP<=aZ zg(M%e$XaE)=;)UAxyT!56%DDxr}j899<{LC*cwO48jKfZ`T%Yzuh`?`SXypunJ|v) z<;-ii(571jufg(mwUl0}CEbZ5IUBfk=Iy>k&TPS}n-Wen7fp{>Ns&9rD{7S_B=#gS zo~TU8v6(o|Bl*GhjV>m8MVGav+uq907~N*($}VFJHoa@2ygjkRC%vSPwBEZsba5A5 z1SAys)68UG{W>HiaRjkN3&H9j!SlMTqPg}fD)Oh9NfWXui6f1T=RF%5+bz<&p7AZ| z|GA0LOB%V&;Kk7F^x&Ge$CmWk$G5oui>5ZV@e2U&oRQoa2`?jyeMMI9a;BskN9lTU zo_uszMDTi)Ou4lfU)*G^;Wpn;-&P~PK;OgGtzy~~qAS89~++)qcx zwNz|rg!g@Y8Dp~P-J=O@$yQ;DoH2>vxG^MtjhX(&Zb^6OXsb(a+ZK6zoBJhaxxUNw zU5;J)JI~G=WbwnayldcpA4N%b;HYV?uc~P;?hzLUu`|qB+{$Aj^7|=;O|0?Ug?af| zm7c|E{`{tP|AM)oQ0ERDwRJZatu!ezb_MbLa7KC+ROAV4yb$4=aGDo2a7C(PUpN#6 zQDG_a;U~KWYvY5rmG#Z7#e=G!fyze)rO7hm@wMb7R|#iemK*#p)Qen9Qo@2N{h5@y z__~ho!OkBOii46e++mP+pK>GUd6MYhLdA|=YV#xHWAkn~6)qb&muDh^?06*>tZzy6 z-GzDi_3fwm>znUPy6Dj5{7HRsdEp%kGDpdbH^}mvUy$az3-j{5liK1mzjvv+JJD6R0YE!8^*vG1I4qdgew-F3{{V~acgacEEOOB8ux zTX=5Ms?=ou@Vq8&wU{?^P7`->Mw5-?E@!^sq07qSu*vzawb{Qo)b9HZKb9L&OXSBB zi^`{{z#Zf*u5N6oDVgSZ(=0tMW{;h&m+t6lJ}-l}4x_Uqe%y+#$Mn0i}Yh3_ThqD_%xHEvYwq?90Yx{g#=R~6tp5X z5@WZUjFv(qAw>C^^4qvM&wNQcK3ZaEZmuEG*DngScAd2dj#gf#*qT*Wdc_uV7svu{n+7 zx5@eCWxkJxuUt=K~3m0bag2IiRlv*iL-Cb4Gqv^z$ zKlS*lyOQdvq8^=qh=_=Yh=_=&h^UB&h=_=Yh=|BIj>9+%!!QiPWEdvHWHOnEF~%6< ztbHE)?7h#vf0OUq>AGvJz0dQWd+zi)SiW18%(V2wz2<9-0_+5{|HlIPJy@s8G#d3EP+xF5yBMKcC`A zGf`=qHTo%jKwoq9g_9oC(ef)eUd}WxJo69rZhK17 z^KsjPolKv}cuU{Ww3AxuGwLLu8WfH#DYo>j>{#_NCVH07_PP9OUyo*}C9<4h6K$vQ z;!fPEhosH9TYIA6t5m$66@7G1@(WImEb;tXvr3+NG{8jutXDGu7O}B*4)2E3 zSB~N*fqHb^cBza;6@LQ>@+ z9-k`#-&~4cD6JF9j7(#5Yrfo>$1x^G3Aj|6-sEMek|ck5ZxhpycQxhQ#g&LYPhv+1 zPmm&Sc28j=3w(g8nqn!YQdg6YA{X-<2Aye@;cN=tgi5-2sW?+9c2V=Fg0`1K&Y)QD zP2DYNOG0}|wAXHCU9a}s1vjq_i0D<@h4)hIS?kHQE!AGNPp*Co1g3X6-IgG~o~pZF>$_;`x`eI$aFg<5betcwbs5ef8xs zbA|aiVcMonPrrKAW#O$SSCF3~)7G!55Z}L&xp8{dSqNe4i*}KzI!**r3iK?m8Zh)p_S-n$;!_9keB3%^C(}|HZ|MV?c2aBW6T-12#g;yj z9jm^=M9=cszLUMU{i`;s6iz95q-gbKh2vd~6RlAyWm`0FP!XM}PRWMwvvx$WrH0Yboby@>2QjiI8cr!fRnXGB$q zN+D8_r-ARNuf3F_y0@;J6q{1oS>riQbx}5)<53M~(nXA&0(J)Limg-fhHCBRr{)aQ z!cC3S67N+mIZ6v3??PYGb;pdUB4O$ESC3V34JBY2hc9=9XXtDh)nHBYu&S z!o<{Sy=by>Np$w}w?=GZGrorB-Kk3OU9Zjg&9aCmCFm)#w|?H491>VGaqArQYc@+I zM;`QXv9?}RbHRgtS{Ry{*yDAOaHY~D`wWlcCDiaEx9U^DMRCPrqTNAIML&0_-9d8f zK_8%N%ah`Y2Yr*R)kTrQ2OpVg_mO1riF^09dKsGiXdjuDN|sd7<5j~}2gwPK_I3;} z@#f^&gD$MCiD**#$kfY#8Tw1O=$4SetALeDp^82}*lnwTH1IQB{BY_pY7>%N@i@`m zZN?N>@nLu3`mOgbK@n5X?{tu{^ZTOZ#i*OtB<9XUr(<>vQPZIs1PQ9mS(@U z{>(TjH@e;X;{`)rvL&ij)n&Ly#dX+#)rHvSIVJj;yd_hTa`b-oij&QwVf>8xqL4Z^ z@5W-mGxM9}rB|v{2?rf6)2T%2T8SUs1a6gLr+AmDz_L@kO9gPptJwmQ2AdIXVFhv9 zG{U8$AKpvCX9Ii81=9yrYDx4D8-rJqqO@VSm=`4^?IGOeplM2hZd_xr?6lo7S=~M> zBoE7GFWVtV8!=MEFD-f}v}ML-W;!Ed)3Y6XaZtXdWnrmP3;BgGy|pC}`Gcs1DdPCd z%-q;?XJ%}AeCU`>-yv%sn-}d=a-?ySFNdU*uqVaD_{8B@Kc;eOuJW*1Q!XWE3N{(5 zIlAxImv~WcFnI+JM?Su!q1<@s6E`ZXGz2)(2Tfuuq94Q?0y7i56V-bd>_*D|@(3FECau9`qV@SV^ZbS`eaM z$84ibDl~YWqvo~5@$c0?$l32B#K_7@GcTQQD{@lbz)NOwEqEP(6~-Gw31`ktT?&M6 zc)t-dldwaZb0QgDc!p1+w~a=U6h7E*2S4>Y$z-C^cDB|xx5Zu-rADF)^TM;O4ePcG zC*s!Ho=*7)sEDIjfv@y9;{+!>diD)T3ZFIioC&Br^AKL<)a@)`qm$bNQOF_j(R5$85AzblIa zIQ5K|sCBw{?g;%T_ET8u4$}ujq(s3*SJg|@CAjEpNu#WkG#=+%mJ?p%DIV=E?zz<7O8`Uiug~>$7armLLE}Ddm&gP&QECZARw@TBkq?mg_0-dbp(}Qa$ z1AbVFV57Q4qcEAE93LMI_Yw9DIfpT7o~@Uf6S0_;US=MjASs~Wgom7*RaGp>u8-851(*=#ESaLUf1*HQgNSSZYu9Vd%AwY^jhxW89 z7%8TP$I`sR>MWDh^Q))S3$7^$!$zlfo6zFKWe?}{q)afJb<0?OE_*kLA{G>Q8h>DL z3VUcMjX`sUv)vAJORcB#y{eH3E7Zn6a#1KqopE%l>J9N?uqSDgiE}I$FM^gF7 zCpsxRK^}LlkchpL=bWUcI8uwbKei0&b~iCQcXOi!Do2s(?HE|=<=(w=F2n5zKUk=I z7Z=*{86FQ;di7w_6g~gqZDHgZdo|HJ@%$OeDz4I0?D|G`Q+@onmqKyoi33*)KW~tT zTv;Xy0dahHPl6bechl{A&!W{Ll{*^Oy=M=cDJ`gcTUw92h^q9htw$b_WFI_K*n{0e zoYP7$wVHNiniwx{V&^JjCl>g=_^Gn$k;*p+eBW*H&Y+ua5ENg!k45a=b%KSd)OZ%L zGGBgX;dGKqrnTRqnb?E|4o^uUqt(?IO@m)h%aK}Q?(oMRX8en|eBECa!i;M{O@otP zOOes}4?~%Ix^u8J8dQGR++j!T*Qzo`Ls_D=pLddnl=N91pm1(@7Z=0o6v)fH5U`h5 zYvffuA}dWV=sLCZ!kk~}!82}LC(d%tOMGjthiiD}PI+$0ZJA50N0@Vm9Ynj{Ajx=9 zu58!m$U*>FBR(jtF?kd#P<^1Pl`aHMx1NrcXV0bh%%ZA0#;p<^SwCJ1?VIF@tbEp2 z^&E`O@9Yvd;XyCm_~YMlW{ex9Si7sGVTG`Q zupTW5i)Lo_zGW#*SzcLO#pIY6j@*Y znene1mR2d|cTVEk;*NQAo@*q(8id`#PtngM{46~P^y7AhIGs2_tQsc6M(1~Xo@CNM z!ydFs*`K`#MyuUfNKl(uNWk1#h+uSV_mqn2xQkHkQ2|4{>_%ao8v;w~RJ<#F@X%NK z0MR(bx4)(<)&iYQ@b%_w#WApsmp8X4Ui|BF=qil!<)tm3ET~h&cHrKCFJec&_G}xL z*_8#guY1{J$H>-Rx!<=HGxN1)m`CAWt2&i9&7!Ei-RTW`npuv*7q`pS0jdjA7a_+W zs8h^el4vVw=G#26OllEtpw?Ge&RvX9bZwD(mLLW(WmwtTqR**@3iW4RXB-Kq@13Oj z{KOF!Ea}~obLA?IW0uA>6yM_{!OkM$V!6Q9GgnQPl)?hLwyAn@!r2!dKU=Rf z3Ag2mA?*x(E9_v;pZBQFf{N$V&`;f22jfQR%sQe}%{l^MyxA^%rqMgN=HPfA6J!F5?7a*lVhvViZs$fBZrl_M7kTfU!-zODJ zIy~>eBbrlo|44_)>b%aaGzrDXXjaA9p*$~1mC>N;Zguty9>9}1{ytv?8=!NVM#-(y z^Xdj;z66p2<-1ru&p}1Y9t11h@&dA?a-F4#vFbK$6}K%aa1~QOVC0++k_TAo@CkUYC;^tb2laD|oNj+0u1ck? z*2p7p(PL}-=DNBV6dF5BEaGi1xJJ0>s*I9Kv@0D}Sz|E7$*(e$D+)huA|4BdY>pXX z9_=NYB?tm06nfZ85(0%rHB^$M_MszFT846j?o#(An~#V|g;yL>MO-VLf<>t+U54r+ zO2$U63Y*2U#FQ_u*o>>Frl~^(k&=60LYzt}?SO2wR8dt!xkHw|lM={;$X!b@N^i}s zej#)j9E~jFgH8bw7IL(;rTc3*PK>IXEj&aayt}xxH7}V21P=Q>$WN+kjE?B}eZ13J zp#4kL&ssH?J>p%L@1eQuvGD-5KgJGsYN0qKAPCZ~EOqB?4Hc{?>>w01Wef_(rgs*M zy{$iU7w>&W=rtj*W(o#m&tO9maA?x%8%u zcKpOTgW4*S$qq7Xnbmh9*6PZDggeIp1kJr8}RVh#Mm_6;H9s|%&5Y7jK)fl zYFs0tAPylRd@p4qXSK!^B36OcxI$!`IfR13kDKe;c%f-RT(WvfYVz#->JGO^E3F8> zGCKq-T}xHQ?=LE4_yxnQ%fu)(y2$QMD7U;+_mtFRd$~jSL}$O5x#8LAF?~w;oJH%( z%CTg9Wz4BEMIAXlG?MEn{!Ran3y}3~LX8(h{NQXrK9mpq4akQyo~o7h9uqM2P+cP7 zZ~0JO0Q{$T14CosD8E7y$9VTbk-8Cl~o3^G!U#Eo0x5B0q8YZ`8b)$9x6W>^s=NlnSx(2kS9WE{hWw4iG_*v zFT0t523X7Wz=*8`O@ydp6C-}t(1g;O3}hvzp8=b^!gECW zC0Gs^H7=1lY4VpT)3K8wxJOie~oiiJqg%y6!$)e)8?51VFc&I8S z?SErErL!C3t_Zgj-t5A$#@4p!_vzN;(>vTrumw|lG2`@nb)3e zg&$AVqSfKSZP-wq`<HQCWsa-cv^p-^^7WZx588Cn?}UQUYNrbZt*Xs{c(qxGiAl^w#-_&( z>GTa+R3cs0gf#g`rl&!?UJ#yS$=9?s#z*{XUu>fqXC%KkZ-f~(I(}>3l{3p;=!J`8`TEhHpT{!WGE#ls#$n0V;OhxEsC_%Iw* z1ualiVJgb#@mfp|7iP(8b!||*=pqsNn>vA^84CQ$(%>qOFcQgsqs3(lAlP7lGQU-M z6GALxHfs!JUcBL}AUX)WNR1E{4aZgaw-Q1u;@dnhlzCG^;$sPE$K>Imnemb7G5m#& zz6Vdpu#4v)Pk+Lu%59RGBzLaNDtcs%S9&L~-BAjRue`{*lmRjB#1bwIuC!!ROKSff zC8UdZD2DH4UNSp}sGUZuw&$HP!0(*3$5`B4!S_SU)@5IcvPGj_W9zLkY`N$;gn`86 z&tn2c^JTp+Yz0f8>O9Fm;!I5b)JdQB*;NjfVz?F`t&6`mu`jo}xh)+;Ss z9D((%P66R2dQL`LP6CfsDOIOI_7LYmhIB_4-OCrKbi7kRxH%>2aWWW3K3}{PxwHHE z&1X}%;I{dfp58l1(YcZ8Q^FQRo)ej?duHf8vS$Xs>6ryr`B69i9+R=~OL6GOr?K9r zy!F}6E5_?vA*AkG0m8$DJ$PyK`D)gKDllYy>M{oswV9#1J{7}} zs~?>_Mq^GkLKKyYfOwfG1V{BQ@ig6MTq>Q^p;Kw&*h@LX91RcJ^+QXK(U_BZh@#RD zh?j#x=%`+oo|y{jL?!)+$)jVVZC3|NRz6kci-*X60qY_dE~J2O4V=J}q+^r%ajMT* z)MQD-;v5OgX2?=8IzBRh8SJ#vw6y!bq>SEXhSeo63{_dtOo}{l_!y>>y>47*ux7*6 zI1#Fgs&*DvAwjfUT3Zx0)oKtFeqtOHXzOLRRb$iiF1Fg)FKLfUZtbqGx;}4jV|%Dt z%0Q`<%c{8i`k{)nEna;Qb|T5^u%N5%%{@=_Z^r5luBnj2`NhTV#x|~eTN~?ZTX-kJ zdijFri>HsYA=2W`_WJU2?dj0L5Bp-REXMiiVs}$N%c(f)v9`Xp$UoY(kQSzI)$Ei< zhje!)(#fpwia!g8){gQB3tj#>pi*WcXsM7`BVSdJ!izHIN4~i4a|Okg_2Nk}6)%KN zaMaQ7(4D&S!tc`=7fP%sTv=M#=KVTdDuT3Ym=jpQQMb98uiv7&77LnH=#1f0NMi3& zmkJ=NRV-{(P(Hw@qIcDChzwx^j~)Cf?1Yp|P_M6bF<+!#%@AEb%d}L`V-F2%6Sq@7 zv0~A1jF3CDpAu%hRoIHN9(zK&t0}DT$!zUax1MrKwDMco3fsJtuSvAA3QrYNkAXQo zE%1D)zTFavN>9(sa?mihmy2&zT)}Ew{AlP93d*Ou=-4^&OeOu+M&7JZX$xF*^z()( zDP$4VDvTA?07oNw`tc-@#mA{bh$G4>x*XurCpQWAIgKL9o;bQzc@GgKuRU7|5xg?z zc~m21zL=$IiG1+f>aH!JVdTn+8du1gShnI28tOiv%A8XRm(-}li!ZC)IA-J`iGD!) z3t2k&Vbthson6F-F{+D*r6#AwCT3=iVHNRo2c_i_B)gtBU52iF}89OZ*vE|tMkXSP?$TY47N#~As`PlYL)(LXX-y)u8(;Ntv72Yte3 zS5d5&KX#|M@dt2LY;AQn&#s8sRhAV(YPWaf@6$q?h^&pPmUdQFw^!EE1~X+YmfUf=wOgmxA6TB>7C%mc=#8^Bjzq}~h(k9i39?2d6cq$9uak*_fK3e_9X;fh$>LHelPkKIVmVfc8kjz29KK90 zFBt|@hw@VE5DYzlD+>1&i|S)HWbls+sl{em@$52SK9tLRHI|R^%3d8Nqd`@++!CS! zW=)kABoWJs994(OD5=8gukiTLHh^VnwXHYpQR=SXqEbtiT$)l_pl@)}&D)Yq$ugwI zx?$`vv%0!4U)D$0ctq~U60EW*s>Z_6dPo02U_d&=yfeJ*n!W)_b(lxfR+NgO^^?N(o-*T-8CF zj8moWy6msq5~@_Z4TnYbaR=|PoCvQ!+pZYO622p2H6?=Il2z$t1)9o|6vxGWlM**B zhE-l+XHKs}l2ak24>wkw3{$M9QKzc@2r5lyXzrw|i-gvOJ~1^kKJ9x5+W1W$Yw;jL zYw;VRuMGri#cig>(y zA$LU7WEDTY7UYhM?CFh;g>*(pP1b38BPILrXj$DTB!J?@`Kp<239x9&2w18<3JW9D zdf2O6G_Cx&4IL-ult&)!9EVI5y&dDMljW7Cd&BLu?O`NUIuLlUu@tvPWC{ zbzz1*TZ@J+DG^adJkPDL%8PrCu)|<1c^L!Cu^j*{qhtC*pYSo`o@Df(XBm@@ z8SaEyk9F~$9~fSod|utLsKgy+OBxtCYjFUTCO*xtC}droC=u%)fSNwoaqhHH>}T>sVpEYnf)9blqzjdztH+ z#Qkeqt)TOG&md}L_Q=f8A*{d_KWTVW(hm@^=yor)ad> zS+zdf=PX*~fn$k$FjnV9Qyl&17(H`D{&|3jSwB7`7^$8)(ylLD^1u&Q^rN1M&8Sde zmw}bD;=@%gl|X7~Zh>^h#at^!tJT{#E@i-~!c*|j#f-MD?ko;WQq#|ySd2&89pXE+ z{NrsKD{#3ivVsM$yt#rk9;;y!;Fct6Nt?e|N6}Lv$go$0Y7r`PK!plR6y{f{!EMJN zu_T4h*8Fn$IWRUhsUvK3`~z@}Cxq&AVgA(MgYqeIjH)R|j}?lhKTDUuW-rWc#gCXN zegcywf6sKQt~yO6z5Je?7s`yz-{0hb|n!A($Wyh()(|3PM*Tak? z7B(&@Q5_;encwc7peEXxNnMXDazw%38}qb>xT<1CQ;blc`JL_4bhcQr zC8f{Ce)%bMkI@)fquqf?_QCpBlXKh%5tbDTwBQh3!>S6NlvsM@^m;~%YG=dOWjrZ& z)@-$?3a)AG=hjhV(A*w1wGi_1uz!bl=%X_OmGgOsUCO$j~5u^ujp4PKq& zhY#_d_Y$GMZ>AM2b|N6aqQNOpO#`B^Fj-AYQ986^sw@+U1yN}`Ge?G0K9xgaqu0hl zcTjHVY*BsOSvjlok=+BqS_-&3E}5+4ic=o0G@d6ncQzL8Us`r^TJRX{>|kh!QkA8z z-Q1~2^4Z@Rnw_2Q&}&v^YHb;zJ~1{uekkr8SrSNk!9|bJ@x%0Xvc0bD$AVQsD6O8E zu`inQouP?QtlF3!$4=^TIiEZ= z_IKJ9!^add1dWxsKIL zY=0PI(ZNI83Q6tn7A85G5+&3xmL%&`s>YB-v#pUr$=BqZh~WjAf_KaaBCi#cnB_fB zuP%z8u8o4b^;i`c8I#T&x{xCQwCBGtHG{?DXV$C{p<7o9Y;y z@1^4*KDxWIftyS-NKoztRbn!zSBr*OjdDtS@uYr?7pOMX?McjpptQc5>(H$za?=Xq z&F>S`ctoh;a1~xZ6W_DjbPClXN&cz(RDD19t3V{}wrvi4&J<5QB1^Y;qiSc<8ZXEp z`Ca1*E`VAM9omS}N$a8c_(b@AvF^U4%Xo?xpC}kv29svx6unm&YBY9!G@Kcdo*P5usacnp|s!)#((kx+mn4 zD*E(>>--wM+O)Z1^Gbe>r1;l;UXJkOUMq~Z*UQ;4lfs8buPP;GqS{_J%9WxzKg4;l z5xzRVxc#8+SptsHae3SwzqTH}^P<%i$v&kSOpC%ram6ElUt5-!)EO7bc>Y&;p?9R{ zx{}Xs^7gJ#5-(A03pyEhB*kBT?A@a2ILsPU`NTYef`=^^06iSEN*|*n(v^rT=a-fcXT6Wj1*>(W_8=< z^PZSQh+1esCOn?twDAmi822 zjI)8j;dNUbNx(vfF3+!)S8xRAtXSAwzh6H_KR{1%7@wjqWW;ZpP2tXU(%!oGZ0#jm z#QMbcu&8PcmzD^eLrbop%d9Cs*rv;lnEO&Mtbht(6N?O4Q2E;byk-gFjVD2 zGchtf_292FsD}X|;|}fk*<2~Fk~0NYxvSZf(($3GDQqgFe%y|kQ;b&YQ(wswW%N}U zQtrgwE7CRP9kjR$F6)T5n}#0eXvKE>c~o z{t^5Xp|m!WNm=rhfGR5zpAOHvW{!2|dFK@cg#!$wc{nS_;ji$bo#GM_Sl-h+4wxDX zN8M98ayZURe8Epe2cOZXIxBA1Boh8!Ucn_*?!#fxa7^<(e0OH4bEdm}dR^zI;(|x~ z;st`Mya_a@Hr7}9hg<=~KexI&*ml0Iz70hLE%s;Gd_hN)T-0X81&=N4qERjw3W^8a zvW7Z_)ByLdlSe3xWa>SW~LKf$kz+YT*`nd z51pwJh;vaOakVf}0z=rzTW;FZIX%C1T5LmA1g?xSLkER`Pn03ML?K zA12QR4U$HEbW;G~Pw~v79MfM|VA0*gBSm$pRk&4RUqM+g86;3qk2~J(^8C&!77^%c zOo(5z*$W@ckn0^PSO91pJh2ns4e_~*`uWHxsj%D0I<7ldE_J^wp@KBWrp@80=k)5CIw+0VB@Y!JFEAGi$x*%y09Fob|v~Zsj6w+A(s{Bc9#8 z+qc%VMaZ>RdSC7%GDcSQjN;aE6~)wZZ@wOV5Y)FfqHLAvp z0CS!4p*M}Cqq8(v+W8VSaa?9!D5*Ektz9aB;YwLzh}tuZPPgy8;Kf^$nwITLGjQp7RaRnXig7}g(G$6Ai^m;D)lXe#=;Tq9olkdsi3D$DW*~y zlk3>x-}HYy^_NKaTTb`|5dN&D`4$bwdUCHI91ITf?M^<5|5o{eGGj?$@o_&S-7;=ef^c7!rxNnz3^0jEs|UJV&MMamgciDeKP z(TEML$IKaFeFlg#*(!N*GbBOs&Z(Br8JRggetZmzk5{oN6*eyBJXtvEu%v$}jFnm^ zV4)K)$y!t#)7Z-U3)Of;w#5g`BohCQ&tvG)qO&D&sjM;oeh?(iB&dB`g zVy85vK$sooTxAvrvx}>=(nAe@Stcpg(^i$(s96q|SuZKp?^LM+VU}+iB|?9nz-Q_7 zVn~aYV|qA=-QstUzDz8JP-O905xa6)v>c0jIs=BoutuVTTg3IH&V)+ZFhV`ts%D1N zah7`j+WG@)ol_II?b|G`iMR8C3GcncsmY42k+`X_pd5W?Se3-M1eUz0TJzlTl=83) z=Jj}{Ly2yQ4>?B4#E zYdSsv!O!eNBO`OuLnC*}hl3R?0a+I{E)mM%nU%%Ob$+PZ#@6`i>Pio<$XYLKE4#k7 z)au5x^b_?`!4e2}Lak+yZ0*%nmgrTNg>cSnya?N%OcQ}iSw2bVHWt?hyb+vFmmUI8 z;Zx_-PTO1al&1W8dn=uZ@Y4~kt`lj6fP$#BvU#)^j8cn>R*h$b>I&c9*x8(4lb&ZQ2SKqd}YWA5CJm=U4c-xD4uuB)z_g zouu*D)OIV1UpVOzYGtLYQ}j8B>ZN-gqcA*;pzmEceVsBDS6L<6@pF2za0{&TqH|IH z{_ArGne3}yy#87NXlPeTN4XfK*X`V`vnJF_KQ(z*rKc=L{-d?DiOq$q`tTKaRc`K(C{G%SYrQied$xzFSk3 zIN?GWFFxY;Q=b#4xsULegz0mhN|eua`rA8)44&f9+1Jt+H6`?_W>h_-bGg*2@bc=7 z^t#>%X{$HGiP(OnlzJfLkILq@Zt9YkFy*SZZQ?aY_ zr*!|6;Uj5%&hUyQkFi)a>j~c)%q7UI^s0uelqE54C4`2Z^c5micOETMAir(ADk1k= zZ|5aryLw8g^!Ef%b31ceF1zMs3dGP!;I@h&E1#AbtT-n`-snR+-ptrWl`~U6l2ll4 zjPl*JF!Nqq@EVAUqct`{oa^EDk~ViCsC?a-pK1a-`}0UW18h}PsfQ(JtzC?Y9>0&2 zBt87;g$DPWGeMHhMxwX-dek7(*)Khb%HNo>HDA%$Pfue*MFlAH-g&LhX*w@erRXkK z(K&KBpXHKuhfq+U{Sva5&inkz<(_vvph1(ywjABB#P-4_s_kmS2G3 zF@E;arc}|!kIoGB!eBdZm~F2iQgVrd$IL7~ayt{>4b~l}VvO2!BPr+JBthML6=R}{ zHsj7GeFP8B{Gy99{jVvhcW(sPMY76E-4YZz!BR)FYg0`uE}ZmeQ*({7Kb<4am92%B zX^KY*1u0|Gb*0ytu6gTuj{Zc>N@D$6 z`xALO{fXexU+O|?-litHi|;A~);ISU-!Ze+tF1p#J|kCo`28t3*#1NycNjloOe39g z585%W(6o>mHdhZ3jjta9lfMY-IFZqq?%^U#?&GwvY-i}$;mK(^;o>s;G}538q3HSS zVDQ3LAU@O=Fv>UbfEuf7B9-f|VZmw_E zE;W_(bo1`Z6~pR{9n|>x`f7Kcf7tLjg;qtN{H&}|uuLUAt%^{K=W9G6IP+*~p8aFb z^Esfn`Gaz2k$UU;nX+}DOA#2CCFHfA9Nplg6q{o3A^upxHWHibFW}{)9KsT$#VSpF zJJf5rno4@rJ|#FJDTdX4%Tf5)5ZtQDqpIHGkg23^YY%cT96aQi&4>5{r!6+t2|vTu zP3w`_XMJZ|b|nan=eGNg2Eofk!Az1QtSW&{zn z{9|R+HKDJ_PUsY@j=_8axuj>ja-&2I*iCe`Md`3K{YW|dt_ z8XpYfVHvdRlgZ>0yRQ0NqsIV?8H_*htgd5l61~OYw8!%5&erKR7bdmOIzDRK=8`$> z5eKv~!mYRD(bMTjbY*HwJ9FA2T=-hj%UtoG`4pa+y0s`d?ZFkrEt@KyT$t28xu!gq z%xMp=c06xSrz7Q>^1L&rJ#tNX9+`uOn8f9y_-}oUq4QXrTgdbx)*Ohw%LpP+J?144 z*@?5_k;#Y04<%+asoaPeOqx98sz4c>!@iCale6O^dVysH3!p3mGoUz>wOLXK=-lj~ z19ZyscG&_5f8t7`xd=S($oTZJsmV!v+%c9!0Q_fXcx5{;CpIcc6}{RitAYz4*F0Oa z9JeK%ahmC$xT%A!89F1=@zdLwJMk+et+Yd|ox?Hl!jpc{q^V(xqoy6dwiL5togz}p zjV0m*R3BrV#L7IMK|W{DmQs`g8a-D0@npoM4A@p$O292?L_1sjW~di1(1I|xvK}Kb zzpuoqFgp458)y!Q~d8Ptm;+xf(xH}0WL_e}u`Ty&U5 zV?&Sm&9De4{^n`VIO^N3N<=}acKH3c8n;NepRIG(31JfH`gE#ck#bku0$+KG*EfBx zLU*u^kmp!!Y{Kb8Q#V&No)A2tNmU#l;Fuby>EuV}NPRXkDpY1Ut;a}AJ?3x-0hKy7 zxu$GLvht~GzqkZ0d4w+xbes`c5=ooN=~cU?SdVEiwbLr?#$ZYi=D~uLK4pVJi;81! zB%+{tBuaNc@-{rj2)jOh6VpJ$MYLP}$5SS%ifS zEx6kW7h$0*vqA%kLoq9~s5nM_dMQR&>pEqjk3&QVTj`Gv&&}e+vh|(va<|V}6n7M5 zKiwA6h57fsI0@~oX=TN)g1t4Z>~{Gvv$w{uRUhJ76#a;?x-S{ZM5oT9o;M&&PbKMA~@>tvDqVL z_e`I&s24v43l!@yuiK5^ZO&p*j+)2jTVz2>pFQE{F*EngK7y1!a&bqEGh(l^bgv#T zR>4Vg=%R+5piOYmnQM0t5ypyYtR;!KYSUpD1M$mB?xYx^%{~R|-D?eWQ z;5ac?Jg^qB8eM3Cq!>Bq5I?B$Yxc@H5(Qc>zvLT`599BSRjL^dI^Kk~y2CMyR_9-c z^H?D2fc>ndHG&;9ya;9FD6E|W8^)wpjmt$YM&|<3NKl3xw}4t=(j!vtgV#zsM4l41 zrkVxD*Nix&Fg)%Q$c`(9F_GyEI!A42iR0g+Ho|~|FIJ?pq2z^#Tv)d@q#&f}&&dQ@ zRJIC&sEn=0CMS>1P0^*Ndivd|xDd6V_-4ha?q)qQw8;Z{+e_HQ zLk*cpT(}T9JQ2pX>89_r!<^`)?V|P=b})2fl+n3t|3M`T5dx7$UPx9OjXb313PC~4c9y^z^*w-*lcJ)K`6nk|v_7hP&xAm+9& zCd&7H;V`s@^ANKpOI-i_5%ZDYOy@*PTMMd0B`~ZC<(9NPt5&plyKSw!OjIQW?fXh1%ZzDTi_g7+{Q8b?^X&xM-fSk=gKEgMQ7SZzZW8D?7eG z`mQWJNS%b|BBGBbXRDCjn_c`;(>>cgM+jHu#;NbdQ!Y4!yfaT6R(E2@QRk$0`H*h- zgiUqc3$&qlo9tqhUEmXRCk zFx}#3mm@j8WnEMtzAO-JebnpH(9u6WeHPEgI{`D@XcX=)Jh zER~M9w%kG+mg80z3koG>sdR|52|wzb!FD25p(MpI>Fjf>pb(X|t!ri%=3P&(V@glm zFPW(aqEy_FeKitgLe-<57qv-Lj@kblzMz%g#?FG*8L23lV!bom@Z6R%=?yY^e5og^ z!oEF&Q<2MTkz7wp=l%q9>Gx9#wBDC`;P>>jA3r zmt#~#x)11cQ;2*PotqPHz|(2TUsP>;`>U$Ut8}Z8C?+OGqX^U^lE76&Iu&Wb0=~A6 zJv&G38nK)uPgcc=58)?v&McIdgU%re^vw9-`X;M@tTCl01(%!-Y^fQG5oRZ+$HHb_ zd{-el;7rXLujJcAbQd64)$B!#0@{5eCum{FPTYK#fd*3Nak87IhMlf2#Rc%iJ`y?6&XF-E<*zJ9-XxKQF} zQuwsYE2=p~xFV^&Dn$@UR?KQ+Wsz)cB+Z`jQqTU~~!q&Gxaf$;T5 zQ#+F49NObNV2?SIq=-!CU4CnMV}ARzmoZ0EMexUy=xN6iLfg(~!I?DpEUm^5@?q9^ z)z4+QI`T7H%>rA zXf4DAWR01qkb>{H=)j(}jKv6J)8mKkj9)dT?t|Z(>PcGKV=8?5Sc_U>Y|k&04~O^G z)GT$vP3P29xlp1yMm1n7XEAOooW{+1%H1ZZQziepvsL~{Qu})oPvy;m+BaXdWM`3W zoB7(a>LAjsjP5EU=*;}Zu{vU8eY_qbs=#ujsL9Yj#pf|vk|{D*aISWaXKT4;*nFI; zoyotoor&a2MO%X@kza;tT3F>WDq6g&$zkmtCAEJz!R^j?=adBj1{v|Xj3~V(igvS0 z@85arW`l>Ji(eS1TirC9y{f0BNJ2cj4J&8E`z~t0mvD?k`%BOxbbXRUU4(;73h&1Y}Z`8^wuU$r0R?y)uetuJ(AT=4&g^#Nh=Z}0KFM6$nL#+HWrqsyyuI!@J zvJy4?+*m(lm2gM_tFf2DR_7%bhYX=svas8#k-BjzRX1r`y^0YM`=2ker3W3 zyRiAT{xR62Lrf6f@2nCoy7k2^{AMO9Hpn8HRe2T_?jSpO#HmjJcz6om+b-a)oP(g% z7pol4+U)AY;U7hQjA~_im4T>e_da(PC_+mf^10rt8kC0f!A})+TbZYgR2nET#c-Z6 z)})B8=i5=5S7N0jIzjBZ4@=32q_@9V34QscN`U2;r>dOc2E6bprTPvg$CURk8MD7Y zDV*cR$Kdtkiqwi@kNlIc$$Ey3F5c01xA7^>s!K-~rC{&Y-r48#w&YbwYJYOg zt9QgHtpZ4mj1X{YUpj~Jo1mBRTGJAteteMfAR;7oHJD&Lla}Av=2(nJ#I6Ms?~S|fj2Dpo!*_VF)3({5ijbtR1#a$-P`xp5l7FwX?B-7w7Ri8?Ug`oy_Ayy6$|bfJzh2 zXwhl1EZ|WYSL4xIVwHYcjTiB#q~}TDv5`I<;=`D9x&~$ZeM5!Ikl^c|38P5<)-4cs zUv?YLh=`uY+Foz7@r3cF{6i6qD59sztB7 zJNHR&sp;ZZt&5KO1REXKO6hSz&aC5AR~a%D7d7WwJL^?l6lGH4UhM2m)c$mq$qp$| zii~6VFsKy35J^k9t0OY1Ra|ftHHn$5eN3ewC&Gt&k%r4%Yg=MPVN$FrR76hPUB@OT z;+nu1-5z(=x3*S0yKmWt%G~N~;%06A3~m&|UQInHd?~imiN1It5;qq3GC3M6cu2tL zD2>I1#m?gWTRUf@-V!Z--L)#E>{%$!cX?soUOaa3y$$L6_wW{!=WFXGqq_VQr zd7wLge+N$_Y)YDPeBsmC!fieMPNEu55{};*4KFP{(QuBp?G!3yOZxt8iNjk^p6>=N zH>aC$ohrkQ&qj~Z8qV>?9X*C_ZzxubcO1FDXWf!=`XC2ch zJY!nfu1-L5Rjd~wZfA`9ia{h^)p!09Ord+m@bb?IMAGqputyI!T=d>LJ&#>@I-_GV z@u^^{w-&ha*~G^`;!{E4QNW;|A6)7T%}ne`+Y~gN3W#Iw{NPH|jZMrQADbSU9UCRB z0~-DK#O&DNv1uV@#3*O5{qe+MA*7kG`Vf{Gm-#sr61b?`@J=1;u4hC{On+YO?2xYiapznVr zoj4XM>@tBnVU? zq5|DCj-tckv-oOv9PeDv=y}X!F(XEaJ9F$u)6f~A2lk{3OMtMLl%6WbwK3@+^7zTP zGc+=Sfs-yfBh%wkv*VK!O{WbPUUU_aF-m!r z;=mF#`g9o?ziVuCcKrBQDler_F}`P2isYAZ<262Xb7nYu0<-FT4K3P?80Ey=F?@B3 zW%1Bxat~ou2CQymcC7T$qE@i+nL?MI9U4A1R+X+|+B`+}*#}e9a1L@NX2za7H#UJ! zfelUEDI7Fh`QWq=5pYy1s(`Z*G0NF}d#Vx&%&K*liapF~?wpd{ZZ;em%^aWfT#N!) z?Zi0NWX=p7tMWN#8S6PaV$OlNj8w`)2kP+nYFY-3{>1pqxYsufZoC#=fNy1rmP^M* zMIS@J(@ZUupwQ1@qxk9Z**oLrG;z2~3HX%fi@l@9F$WGU!Cnaz`kn3dDZb(+xxtEh zcxYyPq%$%(feIW#V`KJ8@g2DM&_@Ku4~>stN*;E)8XrquE+PDm&vZuOhGpaU`fp5W z#DZEs-CgXiY-~@{be47tqRf$t#kE(M$7E?Z5Ii>I9v#Q~CsUK9ytJ3N0*ik1NO*}c z^@nmK6ywvl08UQdnL8n+JZeFypP4!~bmuI#+KmN5$^}rmluMTJv8PHmDKYh2zyu2Y z%#iIKqZ(?_#>rNQF7DrS== z%Z$`Y9`ZtQAq;@g(d>1k^y(lLm{H@ywnxX(6(~qEV0A}rUCm~sC@02dXGVsmupbI0 z2RI4hWI0wt8|Qe>OdTDjJ&G&`5hXVzxW>Zgz80W3=6 zu~ALpNhd9ep~?@k3>Y0mw8f$jGEyt&a9^gC5vi0jQ^S}M$pTTeCCpKmQzzt=#1V3| zs_>*Fz|mnAoQ7168KFuWc0a0WL7>J1SA`S!j`Xp~)VV`^30gfa3~1kJnH{<;B&PY)ba`@A5xS}5BbB03fXT&OT6_~zrDxF?Y%8;X_yF5%FtiHgt&k6L{{E#3gkTI)H z6P=-nQ8fpOZVqYvaSt^<74DBk^=$c}b0P=Iq`b_0$+aSM>XMdeSloDZFiAKOW|d_~3#nP6 zr=Q8G_Vw!FfRU&iJDg2j)${>B1s#))WRyIQ?o46UKFM9Ff`!lIvGI{RMKy_It9tI- z&@rnlm{3nop1d>NR?t@s`4c>;Yq!%jM%;K@x@ANt#r<=>m$s~E%DB0=9qA&Ui8`_*viPnT!pwj(j47JV-$)3K*gWy&}5 zrXQ9VVGvE#mBm!V5_#q%%93Y-d|>!k*1$^N*%|tYYHoUHB;B+spu_-teCBXx{CM~s zAqKNpo4S-&d)QVqY;H#fRw?n+9>VaqWmWo6IO!59(#wY?Ql5o|gy^8+O;Wf|GVPjN zbz+d|7KJL_@Q4e$#Z=m}cqm#1WJn9(>Qp|n*2ybVqH+{gqR(N{KM`&$WABj1MOAKA z?L8_Tr|+W201D6%qRz@>dqn5_4Q8nq1A|iJ)~UEECL)x9vY_0k%>fuifNq!Ioi+` zGNL^{b4omzD4>cM?%_po(}u-WP2=7{sKSwng}tkUA{-fo&b!yERF5j7A1w*mTwWa9 zi@{)HlinxavwLuF6W*8b@R)AxwSV6M&ndvl=cbzn_vMsszG)vjRd}1%;O@O8Dd83I zHm{p@@5hsYlyBh`@is5iikriTw|VW`v$xcsNGsxPUI+Hv;^r{o(d#spi(wgPT=Cg- z%wg2549>f&VA^ouMQcXnLX+TPL8IrN^;yh_QRbx@EX;t><=;M8mw~KXC@aiX2E~Ek z%Tzv`3qfWuq2^g@5o;)G7wZ*JSe;jcM$a|EVn(tOD_NbDOZe`(iwm!?l1Qw`3N9A3 z`m#!?$O~rGd7Vz8rkB~~f1hrp~luTv`8 zj2LBHs>Cw6a*4s**(<=rnp8`aidwRg=ef=SJWcJBdDrWMJF>zT@ z3v5!Dq1!$o#Zj%O0;-iu>@8L)d6wcf5H$}SeyUg?U193gr*sCd<6NyeB^ z+l5CV0~Rd$vi^vKQ2Gg+1BuvD z8>_w2+tyG^o5C$X?Na8|nalHt*u5!6K~#RyqbAnzv8Pg5&JU?f@1eCp=^KcYt&|}N z>B!;6Bdf$+NP_b6BXd|{h~-D55rgaq!|L*Aw9h2ss$Y*VaU3k1D`K!^6S&xR8a6)XKQ_NGj!OB!TnFBM+p`m)L<{Jx> z;efZNwub##RgKG#O!oF~DJy+i+Dl!prYhafEWwg9$WSKjXL9Y4Cf7!ya_w-|Ti24? z8oCXtvR6yFV&|)1k+N9P6~yA$s>*7vqAZwDw=dxej_tIKk=Jt-w~Pp7`Y|?W)C!w| zh^7pRs%|674OR|CI_B=ZoUy7Ou}Y+AFfV3l*dnIv2yJ;N6AD%ii-uNDv48CM25Qlk z%qqRDCr#$+s!^Rv$th)=)CKXCIy+hI<%T(#83n2o;-apU4Y|TALvl5jhv{hfcYjt^ z{ST#8&rGz^DN$C7@<^zp&x^V!Bp(<)_5roRi{w}gR91LZK#2jJTH%$X3TsoBHq=pU znGKuE?Z7G}-1o%7K^XqFtV$mWCtX5Cdil^qqD5V);PGy<;!RR|g_m&EiK!J{Nu^eJ zd6-H&ue##=6~NW0d}ggvFHDKbQCNvCS9DQ+<#AD!2LSfIpN@Hj7X?s&j*wS)X_*`& zqjOo!Rg?v@F=^>m(UlcmjD@EvVTG3inP@>9S958xT;Wxiu%ycz+K9BKt4PWUFNvi! zL=IF(E1e+J7QG7|CLWG5H$MvrFgjkHm7Z?~tpwZjqEsxeqQ@m&TrRo7OM#f}hZSBf zXmSvjbg@#d@G4*$$Sc6a3L_7T!cncTtwZBXe2U{}c@h{ZlB8bi5UyG$169Pd!b{{a zAx4QCGtna9$SA^^E{-Escrm8)?&VwMS@x!NdgD7^w<#kA$a&d{zyHex8!Lkj*sAY@ z?Nca)$}3aGm)F6t3nNBp*F~fhG@O05V@b-I3j<``*?Q^D%Af-lz4?iO)CTgkR4H1@ z=i^d$UhmtwQXwg3!1a!*QL8bb#+I{Xx67bah*aiHd7~;H35D5rGw2K^)p@_nsLMw} zLA!{h&2;1DfI(TI#sgcb(Kf8cL!r@Q^>o^oy6K2N3%5SMx*DnYmuBz@ty6`KN34i@ z${}j}gYlI$d{$sPxaB{Y3*S|Ni}>CO9nt4YwzlWDw}O{EES{{1!?&PZTQDY1qnero_F z=D(wV`Ib=mD>Ca?E3C%B3W&N5DpzV*`L|?4BSuoR=LU9`*}*qh@SVD*qYjd9;=}jk zGA}+Zm!RBr%%O^bJZ{d1jsLQW0i}x>jp^1oT?-qrrwH*td2e*P*j_R5@j&zIn6qS> z{?=^#mP+R3msJwBwemvr4|R|t#2f9-5Oxo(1_UfqK1*MYbV=V|4G-2|k=lQHWN%16 zY>S%x6d3he=v!eYQoefCh*9bb7t1xAeD3FwY^(ffxVWVw^YO4~=(F!cme0TADE3tT zgVls%JHp_>e-}1%S@IHn7l*muia*&0`%G_zZ+3*3;)oTYcfwWl(s4M!W)7xTZY1)8!PDVzU|9oh+%xbO%2p#ugu{3}uV4oYWvXARqP!i)N8 z0gCSQ%5w6Le-#E55v?AiI%9h@{sF#W~M3%i@x2@6F0BjLQYFBXe~ z)rV1YHuqk+1ELESy_xio+CaXx=~!tVH7p)FpbN&xlQT2eX$u1czH}nLzZ3A)l?B?$ zI#U;X_tpBpJ$ncD+_G=~f&F_mzB?W6xn=ME-M7%ey%!8z)HHAU+w+^h{=4&==luQo z&3pPUXih$Pe)BQd@IRd2ybpH$Q|C8tfL-v9=Ql5eJp#M?>GPY9!uI~t`OTYP7d~@- z^J3T+V0Zm9;=yix_Wb6pu#5lY{N`n_r(kPMU-J;`t}p9r{u(xXUSIPb*!5rD*Sr~a z$#eRem%^TaEu7!id=hq~udjJO?1uin=1s6m2B3jG4cq>TzUEQb!UcWJr(v^SiMX&k zF6?VQ1l#*nea+ipS6WuXz{j+N)3&*rnf$e8HZDtzC_}flYr)U-MDezH9oLx4a*j3-&*SrpP-gVHx9)|tZcl0%P!*0DEX~J&!PH16Q-O$&( z8g|}yq5fc>hn=_)X~G7-8|?tQXm?-pLfFHw**!=Lws#P5U{~JM*Sr$;By4kUU-Jm; z!#5)aZ1+B-0o%17bqc%W0JN}yTl$&@VUNJ>y|u6T8`$mN)7QKccJ*y2AFS_tktXa> z*gd!RHJ^YT`98D}Z1+LLgIzL&yu+S`Ee-cIAA{{1>1*BwyL_~-c{%Khu)D|ln!kh{ zI0O!M`Qg6iWw0k;OGgkJHagzdyc>4a9f%2g7PfJ;ulWq@j$?hz`(W1|?`z%w8<;@; zVUNJ>od>nTB4C(=P>1(QFYhDX`26p;BaIk~-BR1@^Rg?|(7;Nbb&Q;j(8uAOfY#n8TJq=siK%K&-o{zSK zUB8L*1a{FD&NtY@u&M37<^!e1IQ=rst0kdz@CCFya06xJMcoZ z0qoKrL_dbT2sZH|#Dcxyhx(cuVduRVv0xvE-TuSS!!CLW>J0Wd*d0I8*Sr_D>!pYf zdlGifkD~v;_Pz{xgP8YyW{7PF6{a@fP-D|3+T77M_?y^5&Z^s@Ru;2!mfKG z$_BgOmr*v@W3YSPgnEVD{wwIeuq)n-a}(D5D$WhqXJN;F4Sf@~@7Iwx*rjiQKkQ-H z#BZQ3VOPBs{SNjR?C#%0e}nCQ8_Eki@3)X&*r#9z-;VZxUHscP_hApg4!r|u!>;-r zoU^beV5i@Sv|+Qqi!#6tz6C)nP<#<>W);@`pt_Au<&$Iu60yZ#;8 z4tCz(^fjxnPr?rVdz_!JOFxb_gM9&Z@;{(XVf#LTwt!voA5jk2VHf;Qv?1)ghtZE=kHGHzUx*2t{Q~j^8~xuXFKq84 zXg}EX|EI5cJ?y+k;RE|3?DYS|SOPov7}^T9>;EBL*aeT{yn>zhThuY^G5mew7tu#x zeSe2GgMAUU`~>O`cIfYsZ`kEeqU~Vk{R8>|>|xl6rw{{n;2%+suuGmso4}rc-So)9ye?gtYo`h{Q{mmn=g)i&J9I3y#^}PP(U9cOzyuW!H zY}a%8n>WHPKfk|u6>Oldzj+z#S=j0R{^rxLLj(QIyJ5S&qQ7|^>>1e71^vw@Uo4wa-VD3^Yx0i zn-9Vc+<-cQUHe_gH|)Y2kq6l0u!ZkNJlMqU{^oCB(|d3XyJN7w`2g&;n^5<#>-M6Z zU{~FYe_@yHLtDTu-rwK65_aB!{^o_S$6!mh^fw=a-Fj<(^G?{6--Eoto`r4PhPHuC zd@t%9HhMeKf!+FjC_C(`gV4gBf!#OM-+UH!Y#4P3yL|-p1REa3F>LP`>Hv2AA(Rhx z{o(%REwF2j^fzyUT|SOJ0ec3vdPjfr5N!5nfAd$c+mE4KuH>DvJ;*=oyiR|!3Hu!E*u6*>wrjq> zc`fWI*zyAE6gInv*sy&|IJaOIbV zkH8LWqn=Tu!mtMUW)SpcI}U%kHMaXoqiem z7;NIl&<|mQFGv4|4g5I#V2{D>c?H@WcH}4eoA<%4eI;VUnx90!f_(~h6csHPV1R16%#+{^pag;n$$g!LIxn^cC1Mu+7&Z->{QEi#`Lp{dFieY}d~r4cLXR zNB@950z2{Z==ZQ2-++DvyX+T`2JF0F>~GG(9)&IZ67mDP)3DLsM0sJ? zz76#SyX3bpR>7Wz-S>9HgWdbvIM-mq??Ao5cKr^@1nYYz`X%f!*ge0CJ`Wpx7c{Vg zzlVIncD)JxV0 z{irM0Wq*wP!JdNM_W_*eu(N-HW7tbRh&=r%>KXP$*gYRYd&7qR3~d3s`okFGV9lSS zu3(>rO@9P+1iSt(a2~@h{3znVJ_nonSLkQ38~+k@1H0f~qr9+3U<-eRYYFVgzrk1r z+xyoz*I`%xTl8hvMIXbt2YVK__U}*@*vY>^J;DzDd-QwQ^&dyMVSWDrd4@d-Tm1y$ z!%qH3oXfD=KZ!iRZv9VaL)dkn!gT_6*?&fSSl_2HCc(Z4yZgVOf5Ptg49Wz%@xP+Z zU{`z={R{RC?CgK*Zyti3d_5|#{&!Zk-cl}S)Bkah- zC@bvN|AqF0?fwGJ1K95W-QTkE4xY2mcmvVK;mc`G#Hbcj!B?3!Xq(VSRt!-@Fv|G;I4x)G6%bKOjDA_$iEC zuxtMjd4cVE8vPG;#XliWuz_b#F4z}g%m0kA5H|fR#!}dA|AKPBu5SjKUxQuqWdqHd zU>BS>(7Xut80_vZA87s>cKdS%ns>skIe(ye1ME3{1I=03qp*ekf#x%?BLf4?2VlFu zVxV~o?D7i+npeV}g>8Q2K=Ux{t_ug6zkv;Z)j;!J*!347P1vPhJdOb3*TOFN z254bVz?QBUXg&!$@{I${dtldJiG0E?{U+oS_6%(Es)6RSu&HkzXg&zL@#=x*jj)Tq z1#w_c!`7}rny?e!I?#LscH6Fj=3TIBzYY0=U2^R}^D@{|u=~CpWr3ZzZlL)X?9g`% zH1C65e?7FYE4~x?gk5yQK=TS%^IZeYgRn^V21EU<@Q6Z=pW*p2&I`=I z_n;nN&%jo1gD>oH=w`onp!qOt_w8sa*hSwr(7YJ-IP9K-XiwO|p@HVzu)IM|`1hz+~? z*g*4Y*m=iMHrT_k6B7f?M`5>5qD^5pOd*f3OP&iYY+xGsfIR|RoD zUDrW8*k$)39_(q@+C2IUY-$1VV7D!zys)d6&}Oivi#msW7B;br_JR$bLVLq5IgNIK zowtIrz@CKNdms7}Z1{eZ8+Pp~&P&(@XVA8=$6=?}5DzxHj`IjMx`F(`2A@CBydAb{ za{$kN5Pu8tVHa$p?qScu?%RPcY~n2P3p?-t>I!zvgYbb}@PdKng|Nq9_q-5!fers4 zG_b2*G|;>X_7rUShX$HY!=_%0Jire8FwQyH#VE)h@(z0pcF&tpHgF%qzqkD=`U~ueU&FZr`y%WkzYY!ThPR*(!J6MdeZal| zJNZ`du)*I%UxZ!oHjJyVPr?rV7V-eQ?Cof8*kiD}ej9q&jqgA#*t4*;-$C8OPP`N6 zKkUZeMIK=T??O7TJAM!C1-tUy=;yGB8OBGNF#+NA~x*3_l_NV?+vjdA|fIpA|fIpA|fI_-xImj(Hn&{Ty=z*a8YxU~Ge)U%=PE4lrpY z>;?LM3EP8xpmG)32eQ9H8KC!S%-w)~jq5Jh2=dn;4)pv6V-nD{7?WTlDEJojfFA3R z4|Mzv?E~_9^c~m)rhE^70681rgP`vZNDJC+gl=FjX!sHH7AV*RTY$blp}&B>8RdYD zpx|fN5)9aa{Gi=0uoKt@CT&IAz<^)T2SDBizXIz)_HVcrf5j!wP zf%bpEc3>-*uoHTMp?|`!K+j!hH)#JC^abi}qy_Tds2^+xrF&pUFybHd6X?7b{RG5+ zp+DFF^7g?`z<~dBvKVwG2Du!_f_k>AkTvy?F@1=unscF0%4YCc? zbiyZ?ewablg1pWKSqg?7Zs56?LArM_$gMy>!XR_NW-z&{K|TaSk3{=Hr*6;_>;dIR zK~Ip~-5@W59!DcTXxjtr1$#mBF|ZLR?P-t|AoEy*JPo?`GRXBnJPvjQ+dye=gRB9g zk2lE6pjRJ*+zr~DV337iJE-f6v|w^S=miF+8RQYru|N6+>;+W=U>lG#5H<#BgA8&n zXm=vY0XsnXV1qn61bPfL$dzCZs65Fa%R%-q*c9|S*&sIpaX9J)t3l=|$OpQOfSti! zP%{#GgE8r_1L&S%kZZv{Fg+9b!00T4ya@(nqrXANQ3jrgp-rGN2etu2a}BZ>bQleP z1p7e4sRr2uCXF%3$6)kW)B$?rp-rIeID?!Ac7vLHgRBFiPlNqH-vZbVv@JBqe6STv zErPBfe?0mgjF^D(K%dj$1E5Wf21C-B!uY>ftNDI2pgKq%+EQ8Dg+rZ@cm@B}Dv*F{Q z+XC1U&~s1@*a2!5!iFI4T+|JEpNDY^+Mf^K1Utaw3*g&e*o7zuT(Ai30Sy-!q%%G@ z<8#u*Xag8@3Fa8k@lx0d>;uy;LmeRJa`Y|ea|LV0((HiRY(J}uSOcs^BU*@ ztZPv|m=7jjhdRKB>!AneaRb^6XYXY0NEPIT-#7@`E1FqP;+U4)Yk;4yHU09|gl+fK5R67co}=`6aXuYz9+a zh8`gM6_f+Iyb2w`9x(kigRBQducI6==nb?3w0#p}9qa(*Z^4!z?`_x;40;Fi3h4MQ zYzg%D;5UFQMV(+B$a^1l0bQ3N4cG;ye1JX%gFb{GfsP+x+=Fdk%E#yfFzge=fsUU- zN3aW&e}*`az8rlBI(?4%z)mn_1?D=?>kIfl*bAnwgl)m-FEKZPUaMetK)-^YfX!gi zYWO`E_BF}`o!3B5unSE227U$xtwlRQmv5m9AnVX?U@b`h4)z9J*5i5!+J29I19Su0 z1onc4A25%AsT*MvF!@LH0~oytI)k1+L1&ccXov)8A+h*b0jGV4ekO|3EjCe|P8KG4`6I)L(nDOn2&IzSgN{18fB27NkGaxZ9qDB1)_CrX;ZCQy7BC7*)K&S*F2 zb2ugUgHBzL7VHL9M?eQKqAMkjfX+uE4(tPs-6+`#rXGbfU_^J619}`yvF@S7>OsjY zun80&gSx=*o|HTdx*v-)phGW|2lj%-?7dV?OLDY+3?r&2N>Yy-t(DESZ!8jHGtl?VHRjbPF^ z^g9@y5B)&*(&)vI?Z1fqntKCR1`dXnQ8ofZbru6xbL{O;EBDaHRWPgseF(ajqE4_2Of5qi zkY0{406JA*e1M&xv=VIvY17~*z^Xz!z-CZf4O@Zi=_nfvm;oOL9cqvt>;ZMPunU+_ zhduy<>d|J;sK0upO8(3%Y{L*{~1jIR|e(1`U<1fsfUyjEor5@_E<_)KEnv#I@Jle^Jd7uh zc|OVkeJ-HnA<*?gO0EXtBG>}#1eF(|4Iuksv;p+G1bPAMQltT!K*43O0T^&OYydi5 zfj$8HK;xCr3*=n|-vE8CMt-1PgZyASn0hVh0AsGhdH1lz!r&oCB2&T`lfqnF?&U>}&Z8GQvR zf5vqhOxl7m0CIkTKA_K5=mXmRiacO1Xx@f;!GzynH;}y@X+huL;oqS14vagn7fk;H z<${8plq>~9|3v?S&b!dRU>~UZ3-bxc-wnS5Ie$ZcFnAC84D|X3`hyO8VH2SK3thlI zFlQfp1JwNoUjvoIB&)y}!6a{kKB7r(2UIf20{%2cSH#6I8Y}$!d^) zAo75;b|zU2+8<@F6C-6IdNhG7oGArH7hiB^cJp zB#(j4hneI?(5^Ge1N3kc&$vvo56tOel3ifV5zqxp>1tw6$HblvbO0T@K~Jz7)Es4! zwIHv%NnQngk49TS`yM8l4>p5I$Cy~#m?XWYNnQkL$D-Y!Lobso0=q!vaVA*~M)XEG zp!e}6xfgWo1N{Iw0qq4F!KA)O3o`qe zpNM_|>R{*xc7eJf=wDDX6rZ5<(7r`{0vdGthmwNp1!0Pk~NA9Rd4-ouFnU zbOV#qkp~oHm}DtP&os&NAT7%zOF++T=m9#6f(^kgP?du`AUhXnLATK+xfbjJ<)@8T86?7hpd|)S-ng=_8VdKy*plv?lz#h`aH!J_aLdFfKutTKEGXb;u7^f%JN`2Xt>h{{wv{^Z=W{ghuog7}Nyc1s$7B zaye*hfxch^SUL;!fWfm7KL=wRpO@ovFQ}Pok~Lt=JhT<`It%514)fvPU>7Jo8*K%d z3(!{3{T$c>kcH?EupShg3!ejh&ojy0p#AyC4|ap;7oZ&={X+N==)4GVU?-@&2(|{< z7o%*@=@N`(um{v#in76^%P=0m@XL_~^t=Lg0OU&85o`seSE290gsY(k=yMHx6|}t; z{Q>rYy6aFE$i5!sfUY;79YDMhabO)NxC!Y}fm!#VFTqAI;eO~1(jI{QLEFU` z<6tY8{2<23Lzu_#xdfk`9!CFx-JtRj^bJUV6m0@sAA|pZy`buGj6X1Z3H%52d;)VT zX#XT^49HW^0c-`uPs7Gw#4~6g=<+P;0J}idb7(gh{XBdG^nC%g1?^un$pv5+sCx{pz$@>805VUJAmGAU|fT?Z({s`9iZwh_#?=98)-n=JD49p z=XWvAf&3oo0_#D+Qj@$6`o52L0c#n?IoJkDKY-7H><`g)(BmUqGXP%NAvIt%82t&_ z1A2Xm{Gjb;usPTYCNIah1VcZE%|W*n=&LWFFFxnsbMi{mgU?U#x#UaO7<5~OJ_q7g z@CUE~;T9Hv;(XLnLnWKLFbL=SFjh<{fO}ZayFqqLD!$)7eL;OvcYyRQ18oKyz?45=7ch7y`VO@F6a5Qz zfYM!v1H=D<&Y;I`v>DL9VSBI%6z@Ts!Qg+;Cwnnp;d357H-kz4;<^Dc_rdO<^M4qF zU0BgY*%_6UY+jWcd0&NV7 z%mZ6NF}282kY-xsUeM06$U?9kOtvku3=C*v;k=JUtOG2v0PF&lZ7s3}~M=L25q`nSQA-f1IRl9?E^i!B0bmx%8#_jaxk=;MV=t) z02xRIkrT;aGK35zCy`;~WHOwbLPn60B%NfCOp=A2!cioLKY&L!uO^T`F|Lb8ZlL@p+mkW0yB&Ug_dU6A~k=#UXCby7V$!+9zatFDS+(qst_u!P(GR`GTw@U*b;VE3%q=P1cZa$XfC(Sx3Gj>&f?I z1Nnh$BtMc(?D7ZUF0vaoBU1okblTt@-Nv( z{v$*X1W}L#Sx^L3&;(sD1S*(eE%XqM5qb*83cZBmgx)%2(?0;P%ktH zGlfQ>NoW>YgjvFDVU93Ym?xYi%oolU76|7E3x#uq^Mvz-3xo@WMZ!hG#lj`RrNU*x z<-!%hmBLlR)xtHxwZe76^}-FpjlxaB&B86ht-@`>?ZO?xox)wh-NHS>y~2IM{lWvn zV&OsIA>m=+5#dqcG2wAxiSUH*r0|sRwD64Ztni%hyzqkXqVTftlJJV~s_>fdhVZ)Z zrtp^Vw(ySduJE3)Ojs(sFMJ?;D10P*EPNt-Dtsm^7d{tO2ww;*g)fCw!dJp-;cH=y z@Qtum_*Pgad?&0Iz85wKKL{IzABCTUO~Pj3XJL!*i?CJrRoEu{CTtge7j_7L2s?#8 zg?j^8b`lR0JBx>lUBn~AuHunmH}NR3yLhzNLp(<8DIP2K5|0ymi^q$7 z#1q86Vm~oW>@N-w2a1El6UD*e5OJt@k~mB}SsX5&B90J8ikV`%m?36~+2SZMN6ZyR zi>HcX#Ia(YI8MwLPZJBoLa|63FHR6o7mLM-;w145ak6-(I7Li|Q^gXoR4fzA#R{=f zoF-O@)#7w5Ko+B<4&lS%T z&lfKcFBBJv7l{{(mxz~&mx-5)SBO`NSBY1P*NE4O*NNAQH;6ZiH;Ffkw}`ijw~4ol zcZhe2cZqk4_lWn3_lft54~UD!2gQfPhs8(4N5#j)$HgV$6XKKNQ{vO&Gvc%2bK>*j z3*w97OXADoE8?r-YvSwT8{(VdTjJZ|JL0?Id*V{@eQ}xif%u{Lk@&IriTJ7bnYdj1 zTwEc3A+8j^6jzB~iL1r0#WmtL;#%=rah>>`xL*8T+#voSZWMnMH;F%qo5i2SE#fcY zR`FMHoA{f!UHo0#A^sum6#o==iGPW^#lOWp;y>bE@n3PD_@785K@ufNk|jk_B~8*L zL&ENbWJ$KvMmj)hD;+4clMa&FO9x9Gq(h{R(xFl(=`g9Ybhy+-Izs9y9VvB_j*_}d zM@v1VW2Bzau~IMTIH|XEywpcJLFy~@lhUOA(g10oG)Ov88Y~TwhDs+%!=#g?;nFG6 z2x+90E@eoWQkIl0jgoStTxqm)sx(F#E9FV!qq9OX_0i1bg^`abg6Wibh&hebft8abhUJibgguq zbiH(gbfa{WbhC7ebgOimbh~tibf zxlk^W$IBDs)8%4$qC81HL!K<3DNm6T@>ID*E|tsVa=AjTl&8s6aTNH@-_0c@^$j{@(uEh@=fy1@-6bM@@?|%@*VP>@?G-X@;&ms@_q9C z@&oc>`9b+1`C<7H`BC{X`EhxP{Dl0Z{FMB({EYmp{G9x}{DSekmp8~i$Q$J!PtC;ulCMNmXVQe;I@R7F#C#ZahXDwfhtv6VK;0ZLot zK;hV9K{-U}s2r+vQVvs&Ryr$(D_xW$l&;E=N;l;wrMuEYIY#NJ9INzFj#GLo z$18o56O_J6KP64+uMAKIDua|0mBGpoWvFtJGE6yH8Lph7j8H}@=}Lx@sbneH$|xmA z$yG)xrz&HVu}YpYPRUnJQwo$qrAQgCOi)f&ij|4VB;^ccvT~*}MM)@Al@g^?DO1Xo z3Z+t+rc^1_%5-IhQlr!=bxOU`pv+Vnl_sTGX;Ee=vz0l@TxFhemNH*CTUnr-qbyX; zRnAk+S1wR4R2C^0DHki3D3>aiDVHl(C|4?1DOW4kDAy|2Dc37EC^srMDK{&(D7PxN zDYq+kD0eD%DR(RPDEBJ&DfcT6D2tT`m4}pvl}D6EmB*CFl_km(%9F}d%G1g-%CpLI z%Ja$#%8SZN%FD_t%B#w2%InG-%A3kt$~(&2%Dc*Y%2MThWtsAU@}csP@`>`X@~QHf zvRwIGS)qKPtW>^KzEV~xtCg>nHOe>2TIE}1o${TsUin_xplnorP<~W4DL*Njl`YE8 z$}h@RWS)Lb%;7tJxLvgpMn^! zo}!LWN2=*+hMK8nsoCl%HAl@=N2{l*W7M%~o;ps=S5H$5)IzmL9j{JMPgjf8iRvWv z40W=4raDDUs8iJvwNx!r%hd|CQk|w&snzOqb%t7_)~a=Cz1pD8R2$VMwOMUZXQ{K* zIqF<>o_dx#Up-r0pq`^HRL@nL3s#mF3tJkR4 zs@JL4t2d}OsyC@OtGB4Ps<)}Pt9Ph(s&}b(tM{n)s`sh)s}HD))d$sw)Q8na)JN6F z)W_8&>J#dd>Qm~|>ND!I>T~Mz>I>?N>Pza&>MQE2>TBxj>Kp2t>RamD>O1PY>U-)^ z^?h}j`hohP`jPsv`ic6f`kA_1{ajt4exa^Zzf@PLU#Y9{TJ{?C8+EPvt-4PAPF=5l zuWnF(P&cYSs+-iG)XnP8>K64Eb*uWTx=sB}-LC$w?!ar#JJmncUFu)zZuM__tHK|4h2s2!?x z(hk!)YlmxHv?H{x+L2l}?I^9gcC^+*J4WlN9jo=yj?;Q;$7_AG6STfsKP^q`uMN-! zYJ;>BwZYmDZK!sVHcUHN8?K$AjnGDF=~{-Csby)|+9)kY%hg6}r)p!gv09!sPRrL$ z(+adgtw4Xm@INX?JV)X!mOO zY4>XnXp6N6wTHBawMVo^wa2u_wI$jU+LPK-+SA%I+Oyho+Vk2A+Kbvt+RNH2+N;_d z+H2bD+MC*2+S}SY+Pm6&+EVR(ZJG9g_M!HX_ObSf_Nn%nwp{yMTcLfSt<=8MR%u^p ztF^DSwb~l(8|_fQ9C^zQo6`Z0PBy{CSx-b+7D z@2wxN_t8(#`|ADlG`+t*Kp&_N(ofU}>qGRR`bqjQ{bYT(eu_RqAE~G78G5FkrDyA- z^c+1`AFZFNkI~2KdHOg#Uq1~m+Z5_W`gnbUe!5<)Pt+&rXXumlGxaHYLZ7Oa=%sp@ zUanW@mHITjO0U+Z>ofEky;iT&>-7eGrrxMG>CJkJK1-ji&(Y`V^YpXy`TE)V0{t9) zp?(A)V z>d)!V>o4dp>M!Xp>#yjq>aXdq>u>09>Tl_9>+k6A>hI}G_4oB<`Um=l`bYZ5`X~CQ z`e*ub{d0YV{)N6$|59J2f2FV1zt-32-{@=gZ}oNhclvt$dwqlcgT7J!QQxHhgahs$0+^sV}@`ZoPHeY^gLtp@6!L$ck6%ad-Q+wy?T4&UwxmBgXxA~h=ydy zhGM9OX6S}tP{TAV!#3I&2N-RQ1C4gZLB_#G2jdWLWk0m=rDRR9ZpZ7Bj`w)PBUmG&7#?K6wRTzbTmDcj-g{|9vw&X>1nip7SbX* zo=%{r(_%W2PNHYf$@EM*g(m1!T0%={87-$3w31GvRkWH;r!!~`t)+Feo;J{#w2?N^ zX4*n$(b;qk4j0X%XVLleY`TD+Ll@F>>3Q^gdI7zVE}|FFi|HlwQhFJ^oL)h%q*u|a z={59PdL6x<-av1pH_@BvE%a7;8@-+0LGPq@(YxtA^j>-&y`Mfn7t;snL-b+#2z``3 zMjxk3=o9ow`V@VdK0}|S&(Y`U3-m?$5`CGzLSLn?(bwr4^iBFUeT%+B-=$0Gd-Q#} zjDA2rq#x0b=_mA4`WanLKc_3`7jz~4lCGj((be>8x`uv3*V1q4I{F=5Prs)d=nr%w z{gG~>Khe$fXS#*{LbuXi={EWs-A;d}JLn&DC;gM|qJPod^l!R{{zLcDf9XDoLky;1 zil$`Bredn5X6mM4Qqwdo(>B|f2bgWm1I>2kL1ugNV6%gHh}qFR)a+y)W_C6YH@lce zm|e{y&2HvVW_R;wvxj+%+0#7M>}4Kj_BM|<`ZZ&^3x0%10+s)t29p)eAPV-N5m-&~u+x*+yWBz0AHUBmDnRuzf5-ib@ zEZI^l)zU28GAwGDmSx#i8@%Yy);iE?XB}j>u{@!b%fQ` zI@0Q99c6X5j<$MO$5_W&J*{5WaaM2Zc&m?fg4NgRXQf&FtpV0RYmjxKHP{+r4Yf|P zhFK?D!>v=S5!Og6-O8{stt>0s8fE2Jxz=dwRBMbi*2=TSS^3s!R)JM$6teIA$)nqkW zE!He+wl&9^Yt6IHvgTW7TMMjntcBLO)_KtgE?>r(47>vHP~>q_e? z>uT#7>ssqN>w4=3>qhG)>t^c~>sISF>vro7>rU$~>u&2F>t5?V>wfD2Yq9m9^^oTNy=T2|EwetbKD0ivKDIuwKD9oxKDU-zE37Z9mDZQmD(fq2we_{N#`?xuYkh02 zv%a&|Ti;t7tRJk6){oXE>nCfo^|Q6b`o-F6{c3HqezUe)zgs)3KdhbBpVltxFKf5; zx3$Om$J%TCYyD^KvxqI&qAl67t=Ouq*}84m)HZF)w(U0d0d`yaK)aoNklo%s*zRB- zVt2F;wL95|*`4jf?Jo8ac31mIyPJKK-Q7Og?qMHe_q30-d)dd?z3t=eKK2QAUpvk2 zXZN=U+5_xC_F(%&dx$;MKFJ}-3Konz}q?u zJ;ScCYwbF_-fpmG+KqOT-E6nmv+UXS9DA-k&pykZZ=Y>1u+Om<+UMHm+2`9A*caN1 z?2GJ+?Mv)S?aS=T?JMl7>?`f7?Q867?d$C8?HlYH?VIeI?OW_y?c40z?K|u{?Yr!I z?7QuI?fdNe?Fa0|_Jj6A_QUog_G9*=_T%;v`w9C=`ziZr`x*OL`#Jl0`vv<&`z8Bj z`xX0D`!)M@`wja|`)&Iz`yKmT`#pQ9{l2}-{=ojw{>c8={>1*&{>)x(e{Qd^zpz)@ zU)rneuk6+K*Y+Cw8+)z&t-a3v&R%bSZ*Q=Fus7O2+MDd3?9KMi_7?jWd#nAcz0Lm3 z-fsVH@38-{ciMm2yX?R0-S*%19{V4Aul=vR&;HLQZG<*r8>x-bMsB0F*+1*-pLO=n zI{Rmx|958{i6lm5WMmZI(zKeNjlaapT5hjm!(|7X0mdxU`TI26EL83H>@kvY?WXFlc8;*j%4T&vOgS zPLFHk{-J2@q^!)M+_71SlJey*)aA87%~teaF-i3?VJbbC zJf$8iB1sR-dPO7C$7CgYe|{{=H+eiF)C@06#Kyibxdi85svU#-$(rXjcz#%zb=vr> zyo{{qmC2X-1s1~fA{Q^WIlO6@@9;nJypo8xtfr!*j{T2!a#S!T-5kN#_5}3}bE7%S zOPWh!l6c`EZ+44ezE@sRS<+I|oTx2n@-DJ&Y)wVov}XL5c3442#{MNcDi3R_Qz@hlkb5}rG- zuosM8-nbODm{w6&(O6PbJ+Gp?xw_UH9YquKvqJMJ4~F$&(SaxPXy$KNY$fW;nk$-} zKQVW0>_@i}6>17AH>9~6>=!PG_3;0wheapXGd?eOLRLZH$T7*C7?1MJ9FGXpjK{!? zkp_=1%HZY=Rzsd7+{wNSe^Jj&pYVpA7ZEbJCkm8vs|YFOO2VGtWeZFilEih+9-P8B z7%8qaRJAV)YM+o>n45C0k4E@~M8!clm{9p8rnbJkrN;Bd(z=L$b0fkBDy!?No7t_F zHwTy1*EQin$8IT7MVF^lV`X0NIui@|(^5HZjha0B2MY#gaG;Jl6kX|N^o6tf`x5wE z>GX;+uY~Hf@=#4IxU zSB^x1`FWano>+!hFCWXsoXEE}*rg&cIBR1s7FchEDabv`+UWnlKN##j|pwL!_aku_=hfcdWwwg*mjZ zt!}QKRS`CMAPm~x(9)c!sP}F&St#NUk?G?z?E3vP#52#s~MN3S&0 zVAUOR311ZIUtbn+ysZ(pij;AD4oDf})aXZ@ znl&*u(=%sG8ZE?0$+M@AEX>VFWQ@zhv^5ed&_cI>WH~D$S?Uy$9o@4@N4TYn4E-YME);PC;Rgj&)CQB@*zr})BcDAvl}s#6VqBs8cXV$*;M4mHelYa zuA3H;G*&PrTPbXIBz<{BY0I>P*9NDI@@b7FwTZg=xRRK2UejoPQ7pF z+d#}`SwE&4^A_7MiV31QoJ66F4Y=l%RAa7U*(!N=dEZM*nkohj@I&aT3RkDfL|Ju1 zRS>GhT6!x?Rbn>{7(|kv7ip?@&5d$cF{N|aexIKZ_u8z?aCfpb zW8k~BEE|mHXL1FBd7Oy=h2TpfV{D;QA`7rBh#-`IYDVFSK`=aSSz^|g4JFlXr!xtb z5_Np3z%*n6?zlk-m98VOsLE=ur+LUV75iR`%Wi24)+Amj;l5&H){SAqDfAULSv*5a zZD~a#A8Qc-8?Mb2u4%EOi^1#0^Y3o%hI&^Ke#v%qXuv*1VBdz8Cfr@Js&IvKdm~V# zDKfn^Ig1~bxG8F#ChkUTTsvhoB|PKcn{S#XW(+SuFjkr(?u)6#O_JotY}WBSJMd#J z4UJG1j`%ebxLYS&bp)Hs8WM2vni6-eY^n=ei1kpy-x}a~m?Sh$@f2)T>#EA4Q%-0+ zVe$xfd>~Pc8z6TuyAn2~IAyYVC9L)==TgnInH5%cR#bP-74j14V{-E{*@ia!7>fX= zYO;{;1VrTMd|U{ygyMY}%Hh@@lCY`4Gi*%UT*aIyQO#UB6jhx<6GxV$2*yq{Z@3#n zMKW7Y1UFBS0Gyi5KS6Awyn0rWAURdV95&8F*&s+x1w%(u zL6DrPwuO0Qs4NJQQ#IAsU*dyVIBW{pd@)&h!OvC~knTAW_3Euuf+cWM$;@`ux&;iC?-e z@k;jvUg^a{`uD@iw2|G2u)7c39UV=yXx30wvGgC+-89X0jcjU9{8yzL_d@QY$ zT^{l{(@r^HkAgxQoy4XojmsaIg4ry%zZh2WYECVqEVL9lO$QPYF##w&y8yci@ z7o*M^1wnSB#l-9upYN75%`Wjo>@E&*sMyoU^KX3OB3I@lWC6b={3ainJRkS1UfEb* zo2ad?Yo1nLTfrB-d5LLdjRJMJS}ZNYWcuH zDdqhKr%pdG4SQs04Vyao9Lp}bPS9^LI>R%M?@-n3+KU?l*EbOiTIL13Hu>So5_EyH zJjKIFHwzZsj?_y&qp=>#oEdz9o0q6*s;aJZ27vR`(U)yZGYuSd*{Jl~&i#(LpqgzH zpfOD1^_KfRjdxTyHnkvdo20aXN4RAM{^ALms&OyvOzcd=FDz^$z||?#G!`9cUJ#Bo z#7PwsdUGTzhE0z#FZ9H4=<0^XdMsId9Wa-LzdMFz>6=>Ey^do%e2-P=`vyj*=NrBf zP{5D(<{R$PtX$8beSzo6fxvZPU*P$!FYuhUt_~$~E!iV@-y6I@pha-soX7l>->A9Y zoVzgunkrh#>x1bf6lTI{PPh595Bn09M=jeJIIZ*5aay)C@TMvDy{=+f3ETPMO<;o1 z2xLLuie4{yox(aKi1g+&>?ZSPD8WN`Ua%*2pUQF>u9J@8TD+$gk9$7?*l+S9@V%z2gn6D5 zQB%gJWhYR_lVyx7EQ)TdIFjfF377esD?Ak0UU4Me1`7|xwph4~S)OmKWQ2BBGO`Ma za$+=-N#*V~36P9ZJiawC=eMLX$R^X-Q*9Pa_ zA2&?6I{OKOa$ETy=h-wV6SppReq2*h6zbU_R-SJP$g3NwJzEBD=%^Qpno%*M zv6@|Q`|{fnx2mKBcx=zdW{UV`pbI&*2ABvCBi-tnZ~eV>P*9h&Onb0 z9k-3#e*>=zOC#RI(^a?=brC;^!de#^z2U6Ez(Ru5{mvtpiv{`M2aPpu5DWA2islkL z4Rz-PZogy&Lc<8VZ$WX8#|!Ys6Z0G9Rcy9)oP>K4U%mHBlr*!)P^@ursehoOwMd-( zYCUH&+tdu@#70{M_LP#U<0fSe$Eu5$h{%*VxGnX}9FOAny~+mi$++2 z#Q=L4#`9F;eh8-@Skc}_Xp-DXk|KliNFynIOH-r!OeQIcua;sZvC;4D!A80((39u5l&?TzDIGU1 zn3!KQE>VqLZJ?1)Ar zwcj~P${x>RHuHwCt4!>55U-?&m_3y1kKIQb{CM3c|G)czXD=9lRA{*=HCd%hx_?FG!H$ZNMEe%N) zb1ldpyO!19uE(!4qALp|<>f+e!`{_&TC#V#qPTZP#j#FtBjW~+ic{zDCqk#uZkCA8 zy0Y*bfLVIuy?b5^u~4aT)|@9?r>Mz|2s{&+l5J!PPiau`2Ssu zcNue=0wv<(g_Y-d0Ke0z#iYq^-vSFbNnk7Qu!3hAM6i2#cqKbF6Uo4JbFaHW?T)MP z2lc455^F(r%?~_|X%kA*dIBsAQrFAQ05~UMQfCh0>jHL&@&^hwORBLd_^pZyR z{e7vw_wPxPhKLuzjKep8@NO?}6$VxdZqB`+KRmf0`W(U)1r6f@ez+V(vWGm?%~*?b zsdLzqeRUhr--$p2`bP_hG>K)XD6i-rHF#KxDcWmoAWqiPDWtMAMe5kI5nf7N8Sbpv zirNdg$9vo$YYiTCg+f?AhC*)RD&0*w7K4d?HYVf1*vv#t&gK(~uZz3`%_J%Gf+*Sm ze;}|74M|0?b0UdQkFuwEczEx3IBR1f&D$KrjLM4PLQm$1B3|MKoNE@_J7bwVAui&~ z0m9;X+~0(K0n1S~1>kXA8WeFW4TQdObE3`3NsPk@*TTXvs4&N=Jott~bfs>y5Qi)%CLhnzxx4Aq=Xu=J`p=A<;2=OwQ z)HzPcgUoi`{zy#h&*8|;l7*xBNqoq$ipQyERub11yPE8^2S4OK2abmMwLUW!r(=r7 z6-A8&?oF!;x;mD9LAyAm>y?xH2Sjfqa03MaIoky6!33yv@JP6BY<~UKV zK1k&Il;dP!N#IRRCO>Hq;kX&kl)@=odEga+02+G>a;BT#04Ddn1`(b+cwZe)Kq#db zy7EYc5kF)JeEYC(tQ_utJchk2!qoA76yHN8j5uuJNH-X$7#6sSj>D6Byik#uD6Obx zgSF5Xl;h!1Bv@I-`^`__oO}%>!86vnrlx4NS+&tpXIIy;%>kARN4W5w5@xtia8?Pn zEm`Ji%9;|BDL7W5D;Q|^;nyX6ZVioH)EVWxS`s#r`|yFe6eAmpvI(2a=|lH5jT06Y5dA5Aa3Bt zzx>I~m9hKBxGY8Pf^p;VM8x@R6_zsyX*eC!57cIq++ z@nbE1kY9)WP%J09x371tU~l30>3Bp_1zSOdWzIWJY!->h@d6Fjmd@kQNQScd%966? zc-e`vmPXvVvO~VHg1m@uieDf^|jTQn7F#} zc(x<%&Js=70!mcYH^#MN7QyBPX7otWY%Q6(;HnaS!neYkQgCc9+?|dqVUZmwkk5&J z@obpk`Dn`KvpCOQ5krO}!iK~%|5g-XnnSxtC&BRpzwG64c_(BJL9fH+6Mg6T8Z{ z7VUWut1h+wu$WZN;K=!rO}8q(4Dx0{7R~x1>M5R-Ek2@cWoeV!%B0b@G6@bkhK$W5 zscg;V$)=8q6D4@nvW{KxF%Mt{#VKe$zL=uHW#3!Eann~<;3YhN`r;1;oiolbgA>Bx zc95wPN+Ui^d;=a9oRDswzcB72N9Sy`E(JI)|Sk`CMEBY zu+(|8&z<=k75SNFzckN_ojANJm82Qhlpl!pGdUvuLPJc30z%a@hxvbIU6wMX-P{@1 zQLoihVe7I)Z2n~@uW%iS_GnUZt)`3@i9L+u&cKd-D!W6>-td8KnAeoHRM#|DyIsb{ zNM>&S$bzDYq1)n!h~3^s1Wq62jmphqKPtu+3;uUBudWh{Bj*PqTsf{}?6HFz@{iFJ9HJ{x!yKy{N zI5HB(@-mu$uQww}3P$E-Mg_4l3bC`16-nV7DNZ56OgRm+R*D$bGlABup}1XRkEp^@ zW&>|?ITGXD+Qk~B3j9kWDPG1e$pkTlJhh;wZ85zXoMQ)o(W80ASWhj zir`iwFdAg+O6b1X94gxJk<^x}tZrlnOTww$^+ix{$eo!Fu_-ZiVR(!kEsGy;Vb?fz z8Bb{mCq+wXs|nmCR-ldZMsY}Cb|TohT(hNSq%F~?RNfa$fj;{m1w{LRXH8utleStL zi;R_oR~aJJVy^^G#@N|!=U8@1)8WO;W-Q0pM|4E-dBtCTIF@rB!@E}FM)xL0$KwKp zcqHFXuP+a&#l?82R#MB3+k^}9H+RCq=)%U)!RzZ_5gC#tjBI_Oe3KA$lCWQ`TmaMy~{>7j`tkcCFDFN{nPVQH$wk;%bN9G)3`VRX{;#q2?6 zD&4p|Rh29vwT^B~Ynf8($}*+Ymqq*!ot+s!aH2?q*j1jLk4^3dR%(2Di)0P@GCFFK z6SWfGs$#7x)v7}OS7rPeA#4ct0NZalTONh_mj^>V#KMu@bOo^_k-lR|!d=F~(Vk+G zxE;7G=_<>mDX+3D#=X=<8slC5VvX{}G0i=BQX@kVtz=1Rw3j8`cu$_H$zEK%k3-E% zwARf@X`(I{j&>fh#SGQTdVuHS>w&;)m@IyYXR_9=8`IAD(8N_K-@+3ZP7Dk+{Z zC8cEpC$%_bA-Eq;QHHa&OANFkk&pF)ZkYf?!w3R5M{$Lq(*1+$+{>X+6^#EB{7 zY!XN%PT6$)^jmV3<8xC8iwE`{GNFGf5h=vZIz2^1q`roV3jfD_n7;?%(1?l&Lqm$k zuzNel|D7=t6UGY)lJl5wX*ey2?VQ?@Mx49k+OYTMouXamcQ$1CK*ft-crzxR%-O7E zEnz=l=={1GOM??N_&Kf=!_+-q%wk|Hw!7_ZzVKZ9kYQ*BaE~3j=hQ+G?Be50Ai*@r zWbtEuOc^E*TIsyg5$Y-Y%>#R*JAv0LoK4b@z}+VeNt_!T2yzPx$K!X{3$qGxM~(?{ zM#Vw?sN63Fk5lv5FDG#g{OTjppp1yvDFWj#eJ=K#i|S8hzZjT>a7J!^4isbWq4SrV za9n{uz>G#Y7rmq$!8TbedE}8tEY8_?jtQMzw5ZVAiH}L0y|So~T_#Ez8a#iEM!GlA zG2txsw2c3Rb<7NGU!s*L--;ot)$#ROv~d2b5GW_fV9dE%)ssc0ZZnJdA8N7a25fTT zI+Ro+|FN9pQu%WdjAwp=B$BBWFTkUF-1bFMIwJf?T4OVR8XMRkxjx=O><1^=TQ4Dl z;}>;O*t(Ur#!bzYXR{J(O{7?E=M>es&rz7B?k}@(UHJEG=Uv^Hz&V`YXUOHhr4XcH z;aC#yHx^i;Ogz;ruSj=Js|SKmRZfbaSSK7SgPo_0=J6$d<;ci{k&-+?JW-^0Z&Q=0 z%fE+f3IstJTo$Uw566-e;3|~a^XJfK?7MLR}d?z74oL>Ws%EAr^PvYsAEao?k++Y82i*OlphIl>PL1KO9CB_p_{&NFS zEuuZg({fu!ecG4D{MDC-mK1@8tRVN{LR?WE#SczIV%$@Ap6%H0AVBl5Ho*xw~Dx&o#nb*(32OOsQkm>!n*g%iS`Oljr8^AwU8|g7-H75o;3T1eH z6COu?u}+Fu!PQMo?46sG^Fp+L*u|{2#5+#s)t{n$o+v&}om~JOD;+pzg!v}zYv92Pi&pziDDP0SU0j@yy?MOk2ft? z?eSnzr@DO^^EOwS+{4j`P~C<2C4lVU=8gq}bz@=lCS^kW#>2Ue;}-_J<3i|iCJXO~ zu&}fD@AN}SMN@+PMgm^YN)jZhnD;bQmAG@RpSFyh=w*d_nek3!vLwx2h=x+dCEilg zOM({$qvhaz{HOr0%|!)xuQMbVk``+T6GX~jf~dN#B%-b(3#-c{5p^MmstZ9>T?iuT zrVShv)y@^9vNMkgE6xQG#XU(_aaR^noJ+!rGeJagCWt7`1WAhfb}q%AIe5;(zOxrJ zogP5QFBsqbBFelsR3nZSmHI795_`>yN4RZ_i2dp#(iDoY-t-y~q-D|+in!urMVyEv zMIcV02&Bo1@ZL#MgiDhZ@x)1rxDjzhm^fJxCJial)I2b33LXr)vL zxPQ<%H(OG5VUPFH#EXfR;@bHH4 ztd;RQevAZ=X7TgGqJKPZ(c=fi_o%+pF4NMa=bZm&dmoL92cl69x=*#jA)tm|Kj4br zmp?RNau~%Dre9Fp-o^y5w8@txj!72STzEz#}w_b*#P z{_*+x@#f+Fo(Ak+PxtTu%dVW9cz?3}b3bNV5M)&_^UI9z_5RTbX9Z|i_LFm?Z&vMn zUpcJXZwHPT!?LI5GA$WGqBIz8U&CEnRP>Qm7%DVSey_3<|={u_;{1CbSxed?6a zKB-g94k=ih49ahv3EEFFv&vUD;&LmFdv5L&wibIqUPsfiJ&vv&@w?mMQjhH$T1MVH*(b1GlaCSHZ@8BdM#|%c7 zTotF9CK=fIWpC%r37#<1@{O3qXj~&YJaCdT+93`Py-~?+e0WSN$+;QlYdrC)$zSjP3Nyu z>`$)s3?VBl`x5U*%DU_NNWu6?pLGPJl zDHvoZG=<$?@eM*4l4QU;=rMv@DVSLmlsUS6nRVevB5Xw{n;<8rV_#cdWNO1u1lhsY zGSw;(xz$kMVyF8~E*il?iUiSuIYd+4JH|WmEra$g0qjed>Ejo1~ zA>cQ%Gd|Xh0B{87hwR%hh~&1_oP4`@z%)YfLuJz^Oqn7gK>ET2q z4GD^P+a9P$sziw&m8_A-le{yrjD%ek6NYk>XV2?kBqQTf5?yE<@W&w)UR}N*qS@gS zmFk}$Z38R|_G;a0N|+kpvfmIB)4rpOlhf_f_kCV%f*KlvHp~S-erpfHYDfV_Ao(2p zhX-iof2}HfP+UbcaH{HtyNouZsN_MJ1-l9w)f)rEx}9mMViSX})kdR@FF5?oI8TmV;Z~~9g4nMq=u*@n zpQe)|H`8u0H!Oq{t{5=3JjMtl1j2U=g2`fED_UHFgpG8TE9BSbm=7Pg@6aCh4$PZmK6&!&L@?j5tev6){9(zu(IvrHk zavWi5JdWmy!=XhJiqtxyvWuDn#%`*nr{+{J`4;8Kt}Lx&Mq##>iE+~X0hj5*PU=XQ z`N)L^&rkPPcr}^V(Mc`yQkHY=vh+!ojN*;eb1V)rOc&&5PIEZ^sSurzI-t)+1)_8q z7G2bWs2tsJ8+<%n&uJTl%UX(0y;?F9f&JzBLheFPHhMnhSzWcgGf=B?;A^ zAnG5ee7R_WTrsUZK_!-2y+$Kg@h`kVs-zT77zd@xfVhDMtwT< zkZ>$n$3_JmvuhS>S6deBOI4}NKS>oSlM1czzAQ4Ji&9BwNA#`V2w79$KDoXu@gk-l zwYpk=Iftuj)83=K1KdW*yAfe`XXYJ1+wwqA{h0UTHP@R@_n3HozQv{ou4vfEaCe_r z@UZCf9i9m7(a2JTSCbncPiwgEhi51@s+pI&bf!b@>LqWO3Xc@RZ`*sVD8}Y_p z2a2PmvEUkw$1iy7$uR(Wde((j6C_4}exSR(E-?b&x?gQhjr;CiO63|p-aQ&T;QWWY zRqvoDObR$FXra)GvEOtVBmujdKos5SQXO;q~s zH8ZZi*|?>4b*qKFVItVEIrw63;g*l>ZUG$MjB0#IRQOE1`q^0ZqjA33eVqgkMES?J z2ElP7IUc5p%F{>osV&B!cJpog9z4$ZfGorLpnrAqn0yasg#M|9wEpFp#U3FOnvuwe zjZ_R=k~;_=c^rg2etUL>5y5umZp>EXcNi7u1}b0ot3LPSCx?9Qx3n`6Op)^OiP7df zLcWnoi4Ldaluf?+^{XB_**;Qtm^ZW)brHBCaeH<2{uL~<5$rBC#uzWybIc%Ag5eJ{ z$u-Lnm!dengB8lb&YqJ+=indHH#S5q5#l_&fE17|JhnAZfu7PUb*vSthD9KAvjFBaR9%1|0BlWN%U!4d%3E z08LdKkSn(&sacdt;mDPSHL_E$hLkxg^heoeL`x+kG!xqN{vdGw5&l~bQR2%4l+d1m04P*ktN7`Sj|g*e7qy-O zmo&f87D_v}0CHEY!0@sq3~Fo*hNl+c@zyHzsQfl|-A}e(!}=%lUIkxm|J<#Ctgx3` z*z5q3Ido>M40OeCmcSOwP#4s&82rs1=R=4GbCP}p4~8WBfE@oeRhTAl;b0SbyP!`ppR#tw*J%^o))GD<=NoQjLwY52HR&p%Ch!J z(RE(q;Q1_gEL#Z9_W58crv2DyGbT9LxMDDZZca8Xrxe#u@|KO9yj;l+m+^preKor3 z@p$Es#1Id7I7^BH`85iX&cuX@>XPy-9joFA*I96oD#K01<_QEt)>!|XM#|TgsWlNG8)Ar+P`}7o7F2JB}?Y&_ia1Fz2b@XApKf*}$GdHD%<{Q+N)&NtZA92N< zyn_^ib!>#|NDRn_N8yMV;{>bWL4ct_$Or63z+J?rdheitK6ry%*ml1JZ$s%hbrp{8Bbh^w*k+oG7VoL-AFbRbjF!HGX#izy_k=joh{J)ka8t4$rTX`93|UTO zX>`;GKto;woGd|(=ahQ9C$;q=EvgnM32*2^3^}=tTP@8a&Cs`^#+jr+iSZ8H#f%{Z zMT{;SHzP3$9(+=xr$z<3o|^@|pK38m4+!Hc-?{JR9ce@ytGZl!(>;g8!$ZAp$Pd>p@Ij6p^#s^?y%s>4rl!b}Z(1kLHOd&q%pbYu zKo1V3`34}Gt9dgqeO$l(=*os*+u7kO*sy8iiGnVX#HB(t+G8j@fs<+sjdex(AeRft zAw5mLi~>9`rtZc)4S+|DT3(3u^H~<0#&fEy4;s~*!E%OzOg*sHBto4`6n=}DTg%kL zqK2_{+iM%^R1UVz6s5r49PH*GGtqLENMl43twjQxu5#!#iB@4O0& z+8dYwNP-(Qj>C*ajQ~8W6CrDIq~m~0q+0h*Dh|x#&}?vM#EkAc`DeU!4TKZvM&5_v zYgZ2I9QU8yd3yjlM2&CfG(Nz-9~BHI>hBpLs*X3H44!U@miZW1q&s=JGKC_73)Eyk zuUjdEZGcU<=Tpr@*kAwh?aLM4sTcnO2E=P9cf2YKMTjlth)@B*qP`PamiTOEM@Z3D z!CzQ%@&c6h;7Uf|9iyVCvHgMqQ(6g5SIy>VuAv1$!ZBou|87TpFl-9nLwof?DKc0_ z8PId`JXrwR4PnyPv&(+DI^5nn(p1hgl=%kI>h{wW)^$w498`ws&D5(zGPY?1tX|k^wd0(z#wO1|A%3 zo>`T)k{A^Wd~E5J&JhnfN5Jb0zH#MjZy=gH&S}OkHJ~5voZ={pK8x9Dyfu(1?|0Vn zcb~6}-%H_@v$cKGy^J=sJK4kXE%c{~$PvTQX9{SgDqo>bRixXQe=3`qza9+78S#k`KY7jf8Q+xGf{vm&Hg@ zjFX6yAx9z+3V)ppewhq@xDax15+U%{h2WQk;75#=h?C(0j!-Gc;D5J|_fBDsg6n~t z{x)CqRKN;TUcVXE*07)^q>;%KdJy zJE%5v2D6nD#%v-`)RlxB7ITSDPre9@o&udEH}8;ObQq?Z>ZA#M(qp|56BFqyzpd_La=V zw|{YD?!Pq$WRoEXzE}IOfc?C8+*mp)26qY6k>{Ix-fXFuj==hxiJRp#)X8Z`kYh>H zArz~v?VX+X$J;yYK{gL)oF1V>JgM=>H&$mHZ=e@Ays+-?E)qdX#Y>Prxsa^*ESY$a zjMmaimRD}UNQ2!VNu```W6Gb_XAJWsHHXNBAhT%NJ_fHrn&`nMy50ja1@NkUempzJ z+=7N%u4uZcUU9jlLQ-)ZAUr#(72k$Y2sRx~xNZ%w(@2_)AeYoqh^bkhuCn+6x z=t>`Hp>yl!Gah93VdR-cOcEn1F<*0~;(5DSBw(~Q!5=mhr&N^^rUGP@sJAJ^ygT`M zwf~N%NKbX5oG{Zz&&Z0U2c;w~6K>a<6_0n-^H@|EPmx-##FNm)^E_1)!EJe37o=B4 zHu&wm(K|#Z%=Vinm@J3n4I#0CbJe*M3 zx{8=82b0a%P%yk@TIYU_vH4&-M73I0DGs&%wPC%^D1R5Ps|YwK^A=3j_tn|;4J@$D{3ogRRDJa#!@Qg{W3IK!2?$2u6ru@b zSvPm=D1wA1+<~s{i(dFB$|i#u4gHwKN6P5SBD~z61-{gA1sXIL4{h^dS6`bR8A>dO4~e z*4v*C@ghZ-D6^e-H?yGhXr(5Sv6>M?p2ipy%9L;{$IP^(mRI&1KNoyan`ut{v zM@8D92>Jc~bpNfm%i|`b384F(OiU3-CRTh$BZKTvXN=Eoe8eS4xL8!gGWhi!(Ik_L z(Po-#vGgu*#Ep>wp`OoKQhF&CSlc+zZAwIBa}+;tPuJ7qeSbAt;ztLW9{nI6z?^)= za`Ff2l233>tkx2wqlU2gEh`_NX@T#bpHf)}jPXF8M(?5ZdkQUgrn`hl*jSK&CcB(U z9cH=l4K3}O)IhDPW{qx`D{6{wiMu`fQ!m?WTpflk%JUu#*5tNLd|)a}CazegK?$Uq z9C~&0yvEg18OB}USnXs~^@39f!~;d)!%#62wuL#IG>X8>u3%0O(IP>F=L8YmoFH<{ z2_oteBwYtG!OC$(&!a9_QA++8qAy1s3t=<9LIS@N*)$D4IR|o!NSo=t9{|l3?o-oq z`uZnU8oc!0^Cz?zKmYlc{o}Vshlg+7&(*8zr*5J%dNA2cC zek~akj%C!7n(R8xlY7=&k5B;=5R7n1?f6=af88$!%<+g0QCF~ zlOulW=F&|;je?@XLoHjQ=vkJSs^49lJ<3X6S1VBW5ujfymk}9oW=4TmPC*!jTo#8u zZxq!)pJAjypU}ihnQN!s5L-j7b>ucymb9-8ew*#91s1FgZ4T1(aKsGK=48Tm9|v`V zwzVi)18zdu<|XMj+>tb)0zbh@?AT)Ew~l(`c(u)Gi~18Vlz!{^Yxj-OP^C6{79itc z;9&pa1W5nlzLC@yfkC>lrYYiZx&P|@DJ=Q=z<`E?8)ie%ztYjGgl+k-NR0j3 zo&I9ZLQ=#G+R(^~uHps8?=M)2cXe!Il)J3SM6hF#b*v$B*xA1Pl6rv6M|J?#ycku= zpeP4c18M`dFdgozBTq<40xOZ&Fc^~~j5d)7V?~`~2#wQ+vTjmFcSgbqiq}tahdR4G zdpd6&nFNY;5)=+WL_QS3tzW+#}+3baCBgEvqI=4HBMj%GUbx z^V0?PZCf$PL=8s;j(;mvrz8*EDam83bmXC14s^=pQ0j?OphO8Z>1d`x4jY+wVA7LB znZ-+Qe)q(Ofu&$2fPu09oN1}7Lby~=V~`LreU!*icfaD1m{hj#aD*3^pCpOAT-YpT zVfFbUC>Ew7UxAkLMH-zW7J_wB3NcQ9pIiDb>+0gS{dinR4bfQQ=twNzoi*KY831QtDyI_3aUB@01(lkuWT zIj}nQ^}nTklm^Wad6+TGO4X22uFa02hh$pv1I7%SiZ2Q2_MfGrbyz$_;*t=$D@HteD}GrLQbbPM$p)>!O#2r5zD_hd zofKP#=2G&MSV%_k_1_|m>FZs#cla>cZkQRnRd_?VoO%N(ejk%%Q82FjGC=le-St^z$;wk(dpWpaJ^OHxYtXC@*Vo zmeA0w1|bNEUK1u_nrikmciB;0V(78j>7kqkD67{3MOZ^zWa7XY_Um_tHKWUrDwK0l z2hX=3Y1|eC!zn%A$@9}<8OQq2E9{lCQQ(wP^v_fJ140ocT!usw^744r7@KM9l(A|3_@wi36kX-4&!}H?< zHewJJwq1tCSdBs5Q0}bZgi_Zfb<|lULYRfZW{|c_pGs3{RXLI(y zdGVR-lrRXTdR@3)aU%Ls3B=e(1yX1PfwGWu6d`>6=TsB-6&qv;QHo1^bj#4od1I|D z=8eRt%{k`g)>236btVLq+8h2X5*oFh=VAgqUUCy6+UJBI(kI+axx`53_j(jyd9^}j z=hM#NH+KL@imoNjezzv0z8A|cy_GI4KN_y%S&#MeC7i*1;S2){e%bKu`gOwY zbDD;Rwai$@$hySOz+fTdvD0o|_Q%^L=bawAS=VUT=d>9-9PHs@+NXLT#C4DW_vh=r z6{jui>I_~bGK{P+tLg29Am_Btfo95XuDw!q;T&G z+ZPLYEQTF8=JgIt^Z8Ek{d330{GCX%>N>Ll(XhfAfDU}^0dT2q($pdxrtJc&McDT` zdP^{dCfo`v!CUM@i`-7^Omj9hm+UzRGb3kLV=M-*h8@mE6C5nSi3X&*4~Po5rf!Ei zIB&!y5jJ`Z!URUf(PvYu5uINjH-|uJ?k(L7x`DavMv?|ML%y3QMHh&~gITRn1!tyM zb6A4Ju#W1-$|>yMp3(1J;mA{;)ie&SSA5^#VTn{y9^;fSnj*$I2AnCd_<#voGikAS z4G+aBj)`U(?UsjO6;;Fx532EYaf=jj8#rV_&~m}?EVgMPP8%KH-Tl+{)srn{$q4Ax zC0-Egl}IeKH3CI@5_oP;grjjoPn}BY)83nTVZ%yw+q={O`m*z;6xX@}?AqdlyY{ty zet5u!AC?1V4QnOD!N~Ol{S$nhpg;0%7sDL_s~XIv8CyMZs?GKVaB%^$w= zzz>KLJxluz5f8QyZ-nC@wJB4Bm6db|H>Z~HgCM7KJ4 z{}z4@nF9oz2wL&D;U4ZV=t0LF9*bml@{2_2lp7V-JAS-g!CPURWFC}oaN5D?=yRl$ zg04QgqtcH5=`kFl9uzx_J)m$R+rj-<_J9_$laFkV0QV1V89X3%G%XQo8IPoP?mLs7 z@BVniegAT1Zv>by9=zN>_)S)Jjg8Q&{eDy)wiV2Gtqv1W=azLqsxl^-OF@?@GFNDQ zVlCS1O-d17J=9wj>yRkSr3A5@<^1hp$T>Ujj`Tu-HWK@gM#>pA!jud6z3y%6#eYuH z-og8Kd&k?Sd;J2Unug*IIdj2M3LGUT!I5%FITGyiJZkOI@%mMr_V!xt{=e+)p7OA~ z%sySXOrMo4b4(hS8B%65Ip;XjXT8fDxnK&qIoi)zUDB5(rIG7QG-A%e{`U7vQU@tX z9E3@l9&p#Whf9Au_^$hG1wK_w50DkJ<2gkw-lg>9V((&RWt1UoN{*l@PQh}7m>F;* zUXO(YEpL=bbiaAXgu0Z`oB~vW~qL>PnLe8o55$Cje+Qt;;YB(Ba zTU|;7Mt108eN8(b5?ZNDXo`pnGKTvIK|d7SeESqaXvBoJt_lAp;?<|=)FVc03zZJkq7 zzg8w}J)UQpzqLGJjNl=oDiO1~s+P!wTe<8`e|Xs>PBl45NtFj-lD05uDrZUp&eJ1- z=frTXmD53NN&>-I6+~*T%??(R8=;|;^@6z@oY%WhgSV^K)8BCKb8cS(&gmy>ZlS`; zmcr{{?$4htX}^|Jr8yEZZDg2=f$>fGZ6LNAas<@7ucm@bOR0E&u#YX3lkK-l>XaE$ zWoB~DP^P15io$w-x+4{rXXPEA)y*hvM`INmd?!y8+6g%uEdf*V8$N4h7nCc@;dM@5 z|Fl@t=ouPqN}f@23P0?h>~9#GBRPqU#4MRcBTg9fZM~p-AMc8`DwPCn#O4oPD1gl) zj*9RyrQJ?8trnTEErGQyZsBo?PK*{>54E!-9!dk9-7wkCf;mmDbuE*d03` zRLE%}meQoJGHl@yMITn4YA7<*xoatN_LM*6Q9v4^t5`WWiYrl04hV8QvB0wmNCdT% zQbbu)EP|!-!d;zLb!y6_@QsJLeCNg~=~gRv&gC$OXNtZFF^li!WygQ}Q9Ci1Ss&mw zUs0fTiKL$QI1R(g9$gT5xT5G3v01|xI0Gk7N~-1F!;jaucyS)?*i%)ZXc{S(ClBji z@(oTe2v|QK;NUeLI-N?MU{PXIp+Dhqm27+?h75_<`9sgm)~&*Aa@>2K=e+>Fg30VRj)UrV}Ak1^oQ9=rOlm3pF8Vl|W#i2D)uzE+xyO*-hfeZAmuCc?^Vjy!Tt)H(d5+hs)MbaD! zZxP*mU+2DN(V8@l*bkr{x^m@)u&p7vh z6CT!=uq>FY6)v9OUCvWjT%~|aZ501U5%%Kp6=@l zW02j*_$_XQ2^wQAGr^uvd?>i5oj7^Oht9mX6Rf6WQE-@1|JuQRC3@inT=CWD%OAc= z7?g%Pygp=qLcwFaq0N8ut!SJoinWL95ODc)WPHRaAoWyp!ST@fa)DmK_44!m^9>aw z>619;_|+zh()Vrs8^;4fIygVlR<&B=9?G%CW&jeq()+}F9KJe1*+}E`MGiHNoHZDo zkW_AHsHAHsQMKVlt5~$ zdPhm~ei?xqoGZb1yC_l?fLyja0urLB*2hb%UBMd}=N^!()VYT<9;}Sqn4jOtG5rWj z)6KkBL6Ip{onB(l*uuz#3)oj5pK;|$WSq5$hm8XlJEI9OV-8gS`)xQeAiY*#RG3{M z&H@FBbdNI zclGhDSFwWdEsjc~)Yq(v7$o;P>!OikSO|d@+B`>(-WTLHFSP3ixd+Lmr|t>J9E{yk z5CEUfA6Dq#Z}@74lX5rL4|Qv}h&o>4(>NsDdcGjBZs=jo|NX`_3 zqRjhL4MG9Aw2~?4p@xeYA`=c+glfe0?GA3+^F#N+>gU&6a7Gy06o^ux$Hy%=*NsNh zaF~2tT7;Dsrk_2IQDbnzT@G%vR%gZycqzo?pQBfGf&edtKs8r!0A31l`#jp4iv#dd zi1qyq*3j^CEHgi-i{bxP7SH-`j~hbxO1Gjz5KOh^(q>(4Mf@FJLev9q&fb9fH9R#) z!;^Ly9#za>v>8_c9+vl1cx{ZS0G=4syNpxZhNrjnfQKv_?t_Z1T|U_IJOa5K>xt)olXM$a<)E>X~Y3W>AM8rn-`*6X?(of!kRb& zpF@(tar49vl>9BpuU31yd

wn$(ajken&NI5)wZ32Ae1<<#U!xUA8g zmUO?v`aoflC6kn4%x!s?3W_p{!Ww8<6dIx=#W9fLIsBDvtP|z6P+Z8#rz%a0NyL~m zBfgr2>3P^&wD{o{UM4MRIQqY+;VJ1zb_x;43TfI*L2TFt#}+-{(3B01ZP?)0c<=5I zpDPkNd?ualP)>Vtu7y6Jr3THFZ?`!_7JZE`4GIqBc)=Gat=bYRKW84k4x8)yF*jia zd=uszIu1QV?k+#!`0N*-2*OhzM=;fA)Gw%w%LtVyv&XRu`^tQ&2ygawA5|B;6Pu@= zqhPM*tMECFl+Q60dUd6|oz{x@{cBvO_bwXG8usb&eylwlrfX44LZf(P286}AA2@;F z+60`u8RZHHyBLWH$PJD!d*K4PVO_)Bxqv&{I44|~_!X~={6a})e!&WNbj71Tx?rWT zUntZKXWZYJtoyu@asT!H4m^?NW}tm|?EASyMIXBz71b60&bw{wqF`agnbh6ba2>dt zXB!xz?-FF*pmt!Gh-{8(fpV;`^~qt?E#caicdQ)HFW_?!?>)XX#eltVwWIer?eiM* zn6OB5Ws*XLl*K^WF@@}$toF2mFE4g^s3ofgghz(7^}{qr2B^Txpaa5z18}&STH}aL zv6OIpd475Q@N}&EAOBhwPe0g~`xs+%Wr6a{X>XZc~ayHAm+`MoMaW7Uoh_M|}-}!uhjr-OomSek_ zhh?H%6H`vP2$vgkMv?`4?8=^NK2fV$2g}RUo>M|_8BQuf2{R|;CD*8`A9WC|kt7~Y z8t_KAT#aYOL++OGe$96k@Ei|4ptBAI@3+2Kq5Mw6fP!%(P%NDcknsH()RErS&v0=# z^{IhY)kI`SEl+O?s8S*ROYKS$U$jNXkKM?z)L<5*v4!p-l$el5qnK$$3y?6EZCE`0 z`$HHlg{WFE3(MUJm^W#rkg1tj67*GWq8ZhKh4sZHF30&iEN9HU)Y4K?T^FM7?}cbU ztwp9Dg?VMG;ArV9N6G+3-fnWB)oc=Wf=vA4y9`*Q5Yv0$Fz3O2X=XFMjtp=lJDk7lM8C0;Y7 z1lLTd)QxGO+>O4ePWc)8T*S4yahzLvzjYHf3FP<%KYfv5!6>w~-3l=7^ z42iPCrTCZaf)u>2as4Um{z@nouYMttguIg+ zT(Ef~{O&$%4o8QRmtv;5)l~}Ro9FRwxI18V`pfa&_AWdr{X9OCh9zVtll1mSOM4MhD-IG;NLCQl0#s{Vq&_Bh_f-_dEE z%XMp^5yIHHQ2wn}#MAB^FJg@Ov}UBp8=(bhLShQslwRe0T53y;P`9N>EES-!)D;+s zo5H7oB_z6NXHD?j2R8!TRpD4U<~~7Q)jC_axph*Dde64hf0CzFeOrtEBb@z3#f47U z3uTr5BO>EOq-7e3tJ^+f==vwthFjQe9u(`1Nv=TPimw6EWDXGM0wozr^`;&v1V zX`V1K)3w%eFZ4VNEGd^WLpgFdwz~708EQG$bY)rR!l*AcYI%lJFPhSoIbL=cZo7i7 zQl9ETsiAR0uZeoZm6^pj2KXLcOCVM8bA~Q^L?rTDO{QEGq5@^NnZLc$8 zD1vV*!9~#s`^DwARTX<0T2L&zL0rn+rHH-yxEQkBw->p0=ddb|)ndnj3wi@t9_CEq zF!RZCSSX~c^IVh|hX24|n5&uW-fF9F!`O&M@j~hpuQi31H%MnDV<|#0orGx~)paJ`!-_ELFKpWEK;cHSg>nrE z8>H0M{;Ue*m+?}&uF!UW(PUbd+Bfe*4aEZ-M)c?YCXa>oD>Mi*-%y_#2a6+8ySmt9 zSfD}0(BqQCd0;oGMiZArISq;fohI!d0dum+G09{-Ek;OU8igU1=q$&bH3yHryfq@1 z{9+$!c)9HU(y-u<7Ew2c+}($dHty~Gt+>)6(}pcCQ+$E!pB%m2{_PY`A_l_(42Fh# zK?99KnsrfMJqtQwmPe%pVIfp4a6winrj{Ue`{0*jyC>UIy8tv^y=j`-FfSI+1#VPv zJA4!dC~krXh}z%%#VQ|cAuss0cHkS2$4C3{Vl3Do`{pA87S*{?vpx?PxsA(S<|P#Y zd6MpfDXMS>y!Hay(9#;UNLta>$ee0{-<0oKmvD{iADETYCV@;i#gTwtu$ZS1bw-!;{4RC{Q<+RHK(-m&(d_h?;Wg635ia zfsir!$&QbnQjuI3M{kb!q^Hd1Vt0=NXcNtKhafKpOq38zk4-l3u-N|gc0hd4BO@h+ z7OgZ)wJ?kFjt}upvrN@T`&s=wP#nEn z92nequ(A~0$##k@N|wOB;}7JE%THC=GRZhJIC{nq2;Cu^1n+OJF$_q?%5=#dZ|h^% zc#dp^=OXGHuuNh0wNW}m#&z4Ks6L;`8OqDvA>+`ExrCV@Rc0)brnh zwk$ew^l~q%#gpf1fd}Qr#Ii4v%X~_0B6UO5o;*iAsAaZDZd2hx7fJocDwUk6q2R8k zw$I>Z<|uK&wUMLk*bJ*vVtXcYY|TVcTP9@l`8hIeUc= z8&wu^BKdR2NllCr+~NB~fygPLRObIb^+x`(F2Y!+Sy<$q>y4}&`FMf=BYxDL1<{NA zwRqTfm#P_i-OF_e;<#%AB}&cx_*y_RqFG}Vb$R~W-Uw|2S_|d2 z<$Dl7@IA~al8g2Lr^|p_py+thK|ib1_*kUFc-Qy@JlRf}B#PydS^6BatfC6`jVW%#X zq9bn%zEG+?I4<2TlZ_pf`@h=;am5mD2X@ul&f_c=w9>1>%**;w1)y-&!`tp`N5n;` z`nxH$SJ#i@enTHJ%veW+Qv+pXbLiO=30(I^$30|;i!-1sDxu-Zkd%TvUVeg=3g>yJ zZgWtke#=Njhv{j{0gJBE0?z%Uk*cA{h;*`A&V^8y6GZZ++%)=T0h@9~0UL5g@>g@G zBW_mhPyn0(-oQS(RLzX19u|U_p*K|zFtcvt`bx6DmgKJ__a98E^@elt(M2zn7boA7 zE(thk0MSBo8eFm$dP4SDJ&0CXLA)+ip)AazgvLqhLbptMo2(SY(WfzGu^6$;Z>KI4 zlOt~ozEEsEcwKy*x?EhHqt-K5D67q?HgQ&s!ZWEWOtM z2}dzUBRbPHK<|UyUsnP-x6(OZ?FaiNl#;Q5=^xh)QR@s!P`V5w?-tZh{AK z64NcGC(2X`vW_ZUvzcR3xsYjT#ku6ivvCJw=ZMqu7EFt2PCm~zFBPP826ADSh7M&W zM7il%{0ZmOfR^CyW$*7ZYfw0DaWyw(jq5g7m0ctWQk1IyoEUFPq0jbuf;+* zb_<(`8^ppow5=2Zra{vqw8GB`M~8h#F;R$hu)B-3qQivD*}K5bw0X{PVG+$H&-{!lxRK zKP+}p?GPjBr~ux19u2_|+m7>0y<)@Lxs8d;iGy~Gc{n1aK0dSXVDfBS8g6^U75q$as=jym8y^peVy#6ZhZ z1JMgbAN1<)*jqfke{(susetb6AN_(X@J>Iuq9eS(wHFz5YGX>Ch}dd(Hv;CM#YTJz z@AniF$?qpbQZ#xcn%^miBo63j4-c`uMV4SXOQbLKDRIxdrp(f|xsf5&jH`n?w|at3wIjpbBVqGXx9Im@8Pgw)_-V!|Fja~56+ zkyH!v+TR$KVDCa{BKF-anuDKc$sX_6WPn}x99>+#@@IMnJS9iDbEJxvvU#Mbl45vD zCPa}`#L(e7KoNP|N@7+8nNu_1EL$j3S`01OPv9EA5C=)Mw58;Kz=bJSe_s%%#4KXt-vEMCqpOdP_rE&_R0^k8mt3Np<~4!9S!)(4q5OQ%OAB*BPrxYmf{UETG<&e< zlwkw4oLTtbezB3Fp5|B~93q8BB|U5Gz5(h-;K7dKW4QVwaHP4Eg#_+Rv0f+|j$FCB zF=iQ#iz%W-KnAzQN)goA#>DAmxc$$vVw80CU(MjIF{~Nf6^4U>lMBT2Vp1!am4Sk0 za(y;dls!vA_AmBEk#j?VeoGiqNw~XsR=VxqSFntG|IID{n9jh%Vc!vi zBbsEXreDN+bS+%N#UW+NODEpnq+S)uQe3R*gz_z;LLA|xsDvg3i*9cUdl}FDTT~6N zg?3_<{!%$gB^Ldq+DwT8<)z<7?RBNN+sg<9m@JC{i3V%j#9Ifd`yYf5!czC+=~eGz z^t$MnsO#;)ni%MrB><~%9dsHrDkFbd9oT)w@`5wS~?gE!Bf>5N7?xW zs(Wd{TCp*t193q+So%umWzXNSr4#Dj zNiDy^Gmqbmh}ure5vj07tw*4>oPn}Ke^Xtd9Lruy@uC9~!a}blw5rzvVV=2j7TpQu zB%@Rxf^`w*HHs8YUZn`Qpjb_x%2x3eU5n%?eJ8m0@pU%r5X>u}lgf1Pp*8{Nd=Ixx zMrUv+A}O=2m#FStdo4J-T(5Y`CN4BtfLEWX>+8>FVa&5|=i}raqweBx1ydju&n4=LW zl|jRzJ~uFAm{`iEKo?=5)}U{F>*!dOoPNDp==n#0Tq2$_r;b;()k*v|7g!UtkfgbV zcm7&@B|X&;1pGP0HttvERQ6)M4#jYJez89D1&P@?UMYy%VO(YD!2OX9`k^vp1tuF0 zHSOUKm?_{8J&uYX71tM+a#f;_Sg~9gf~EoyEM@)nB6OCw7vFo?aK_Dfy1h8x@+^<% zTdVJ0;$IxI3yT{gj#c0wuXkLMxj_(Vct(!SHdFy%_`r~9M%A%qaT)D9)D zzA7tRRS~Gy4|wYE(ZQ3L@%6+=8L>v(Md%6s@r8gplYYRxT`3U6=y3n^`SS6= zHS?JzT)G{|b<+JsN`YM#iB<8i*j}t8DZa-EfrX_^%E|jzr^kD-c6-oHn^W2;u9$zp zvywe|{9SGI4cu8(4D`!31KBddK9^9!QcMuP4l}@Q3JMlCBz9akVioj zL{}DXj$eJh+CDno`|GR2-FS&bA`OX&P)ZBw8v$086t76i`u_Bn-R;wOuU@2NIX%Rb z7!dXjP8Txgh=sr&Zb4>|MU^*YvcXx-&M$jAZ%*FFS8pYoMoFnMJd4^p*r^Mw6Oy0~ z7jkGS@qLLT2>irnDMYi7qvQR9o#|k@$Qh(0Y7nxt(|tsJIwz^&Nlrs2A#WB`;It94 zm*Rg-Py`Qfy9IYh>4PVgxfamCEb=+hQcLU6V+?ZL>#3zkz7F^h?Dp~?;ngC4Has8 z0=?^Q;4}88+>25U9hbo<7}6$@5DA;F%E;-jKI*lyv42p~yIzhUUgj}*bfuq>IlNid4~gL^5oG~a*ZRX`a>p?M(`g;c%Z1 zU*y~EjWb|;HhUl~F=p!}#ZB4y$(=*qaf{a*{M*opgez7u_2zENZG@7aC6%G;i>(`5 z8VVB-6p_y#!fdSr6Bx2^Le4jYqBPaMDGEBJ3&FB9LOvBdvGQvBWPj&)55G{2csLBF zrmnY!7EUbWuxvzXa|>8z2#Jnip_m%^#n$zLcn%56vKuw+haXO{NDkvuoXbqOjuIC+ zj3<2;IKv)#;u%dp5q$e+Dmkje6Aluf!Bf#SJc(~;CHv%b`}BQW9a{vARtRg9N#OBY zq;*b|z*&rdS;8Tf?0bJ*R=Po-D!q{w)U8pcv^9KD(FT1f!VM}G15*jnD1#o)9Hnw4 zwpp_pLn`Bj=0ZjZ?;pI5mqbgYcR~`=;X=;)J-l+c*hL^$V6W@{l zThLAp0I%>;LD4@9(vQ(S|Tqr*|P513iLJ&Y>>NxP#ZiH=iH&KAO3QW;A6q+?Dut;JROhMSp@@kYS-C^4g_1KkIgVG*~Wtx8GZNB(7Ssn={fuB&-Z^^ojtiV zZVRz~!qn2-YzrnNRvWNkcy9E-eXzOe}%0x5=b4@f?z6W4sMI0Bc&|f2yu!VFi zCNdwhfni=?s2eg3^Mj>6=CXS|MlnU$Yl@nxZ^kI$L{2vY;oRC5E(G3=n@Iy5$r+eS z4!|tegP%3QoHt1rE(`Jj1?%tN&4iQfBlSIhGtBv2^osZV z9KC;qO~)!=^k}z0@dcYHAjr!R!ufn5J~Qsq>SY@;lXRZ;{INvM3(XQLCqq}*3H>0x zEV;y`;1*J|Aq()4{|Z&S`K#ha(538CFQ;sYvTncswI)bG9c}L)FOZMl)&y8DCW4z^ zSn&Z{Rk}ueQQw5Pv4k4OQb9EGg6@&}75!^0%Q~nGo8tcmb&-N zWeRCJ6%wj#gMu>jW)%mf}wh@zhPa~T4`$@4CthBmO zmQ>ovMQIpqR%RtFYqHTxHSW~KIKQsIDq_;!0SDD}aIIP;gWpM`dOD_M?Qcwz>Nk8t zc`RzR1|_*tX`?QdW>#hmQE9THlxpnhQHLF+QebU2psWt|{@M558V<@|f;!v7Wd8EZ zj@FEtV3R4^K_k#2vlwu>tuQnu7Mm2Mu`HH&qc61^lE2n=8qWrOQI3si_($6jMJ==? zBW)~AnX1%PD5S3yW@4&aUQfzTUu%8BxX=QHR*pWVimR`s_A4!wQEYCljbmfo)vcBx zms_q;H?-ctQ?+2DmaW)RLrd0MBe&t$c(VN(i)pvMQ_`#LpW}88Yy9OFcKm_Y+TiRGAbw(Q{ zY+lDebK&$bb9QJdfT@pe-MB-;OdL%hsouis;HyVGC2?^h=ROuf1{P=La#Ebbl|x~F zI=f-P@tiS?XlZ@+2W zyzB)BQIlYV3Y+La}fsZ#3(CcldSWwWo5_ov)Y1|!k7a$s; zKLfUSCX2+w)lJ7}a? zU?WV@+Lg1s;JM#eE9U`yMgG|Dv~^r_xzDbmy!eiTLAi%w{o7-}d8Ii3bjaR`3AlrvB5SqtN2OGpz?M%ri_W3IE;Li!EQ zkw>(MMSWwk2fa$wpib$+G~tB|v$*u0QS;6ezZ0fO0GD2l2CjI~gweYY?A<-_;VgeW z$HcV0#bz6}&!XaR%EA%<`s4Gsn{k9?mwtT(AI*{&Cni72#t!a}xqjd?UUNJ~ispIg z#boM)vcR_RV;B`xs&0mFN~v(zewyZhsYhpVf2*76k43z_=%z~In}IP49K&~md%wm) zJRFW0aM(GKe3JQt+(43q$4kVT2GQ%uOGs*N6=!t%M&5EvWZ7JS#!*#~5KHCF?QW{X2e}#E-BqMnM`!Rt8jGIPj5Pt` z(6dwyq{XXXOd$7v*$8K0RpX_gTqH$YbAx7}6a^4zd0KNbQJPexb8ERiepPo2$^L?wsCo82fqZu zXxUX$zGag&LK8h#cPH5Mp9Wm9)k8Z5#7)x}&3* zu&WJ~MPM=D1SxKu$YzRT!n_BhA~dUq7lE57D$dkTQ7Z1IsHHNS=mLk-@7&MT{lgQy ze@5l*e8=T#2(XW>hh2B0#&HMYDcS-13C%#KlfQ!${X~M9*&iBXa9M`dErg=IP^bc*A%>XP(V@Qtm5ROwucqfs|5&VXxS4-)(4 z)xr$GM6^@dR;f8v4bG{n-+mTlmdq>W1XkYV#|4Ap&;~fWF+=RkN&yyUR zAdu$+PO3-C`an6=$C=w_NcTcC$hCW;Wdv~}zJOx#T5a>PvDHBkqLf!NMaPcc@9zJ& zTYWmvTcv$S-38T7@H(a}kyfull*~@=?>`MnSZ3+`G5g7%{0je*bY8M!W9HZqUj_^) zQy3hEz$G(#Kkpq|UOdfha*LQA=K1D+JTayeKPyy(8C#OyXp{Vg7xGhv{3H%mpzWQV z_s82ic&%U@?C`KpoyQs9?e+QNy)8^;>dnpdA{B=t?(Z&2vMX;dQ%35=7?rvdBdJA< z=s|id>QySriFTu;4>)_C5UU=T@+J^V~Nj?XXmyU z^fbmY31c9hJNg|tfX$vKMYzv!y}-#`>3cLAf1t+4L2rC4@UQC>^yU`V;~~7*y315v zu5pfurhK0E`+PQTh4kU?A90=r3$I+7%%-I4de}L9xM;8r6wJ_gSg@!fQ41w6R0k{G zn@k}1-O10Z{dc?u>@+nRPf6{@lc-SKYj#=8Emg(d14DoeNnJIIM>oV=6XsvbaQTaE{Mqt&`?dFaX74s5{u- zt%H#0?w)9|yO8-ba^eVQHWSUc#6*g36+QVVaz6j+S5hueI9cj&ZK2L);b@pR_~T-Y z67`0$FI6oSVWGU6jw~dY)GEQmml8}`onYOhXwDLNS1i;cFM`3_uGGS-v+En|HHJMw z$+PFVIU8?-XX1E;E>os{P>%33;z>E--aC6Tr%vlt-?u+EMIcPtmoO2VWO_KUbIau@Uh;mi=q8R=~y`H#D8dGRX-KL=l zsUUJLNM2IRW=mKqfJSCjg-!pSgGPT!xobBj$+lK3Lr+OX=}9s7o>CP;-|Q>~E+dtr z*PwAS`<6S2EPASmpkuR|1 z(IgOynPQ+I?UG2VV_gln$mQy8#bScE105j2Wg=FKt#%&pHQK|eid|BVEkXWHQ_I`iG$7Nyl zaLD`9{kMAZ`r(fSm`7;bq6=bVg8%q<|5%eah%Hebo{=fsdygt|(NW;_9cg7;G)jdF zZd)4q@RHMqksNZK&sh`xeFp?~T}!lbE(&Gz~=2`eGYsB-NL&kJ>1u{Fa&9vp@Z-XDvi0qFr5&4VgyNOa{kGP&5)< zfZp6gL7h4~+SSeT8gCZVL_G5g>qAXb&E=#N@k5pG7x>ufmt;uuFT$}4#k9XnG-->8 zCUGgzr2Qj_Cf`z`Nt+Vwx?hw#)nTe&UgH1@k}F9{>ISKaoy1w+h?cCWb-# zjxB}SkcO4eR_ou3#H9I!6S|NL!v1Wi3*n~64ux(M@v@h6wt0l?I zrHET+G-LDLMT5KF(C%$CZxp#`NZqodX}r-x?iZi1j(wKhd^;Tw8JrO1T%WP6S-NTrNzV9h1B+UDfi z`-xJHqW)SxhhnDWQ_^^A!7^7WxJR$;1iN0_p~$AW4M%u242DX;aj*SX?@zH??cZq6 zG>nJi@I^^Xi~2<#x2#{}akrr-o~axy`Eyws33~Y=%+8Zgq2tbUce#DV;r-wfJy(rI zJynlUP(?2{B}(W;qQrd|m;X$vua3o}q|{i5oERfaovO;>B|;0)2&sxk2vbBblof)A zW*Nk$;27}5)Hc;IrvgIBVme-ldbfA_OLCHz>ZGtntAe5XeSvx57nlOW44}_PrhD~G zC_8Rv5i{Ifb7$CW#v7z?GH}4DYhgCZf)X{ydfo3Onv_n&l-nJh@#HcK2u8eW{7i=< z=XRgS*_M}MF1jZ#Aq`VfCyboa<++tHWT7#)XHVy0zz{K&E))$0BC9!wh~TJG&-E>v zWN9au{Els)-{85?c~)#OEa#QN?@&z}0w;sjh!>XeFcz`w#BIm$8x+># zS5hUahU0y8am!9hk*d0P6*Q;j?cw2@_qgeq&!$|Tg^BNK&~Vi6)8*sbOa@0&_M*QT zJnQFqP;OLj4wI5^xIZHiaGci&WzzV?d;a1&%$R#VyusDWS}2nB=jW#j_=$yRWSM~@ z=*PcpQ0S5=Yjnw!XG)GK>%AjQitlLD+exhxz0e@Xkrdlea=|%Lske!~6s?S}cTbPz zb|jT0fsIs+P%}qa=0QeT;CUby!F?pJ6Bf^7js%yr21iSrXP77G5>H*3tVRhoYa>Zw zvtKNez)_Y7Ip~7AQAB4bCFI4KK8_{L@%|=Guq2z6R+ajMBMUhG5*xcnn0uoEV-hnL zl#b`H!$q@#rW6VrLLifSJ9^Uum!CX^8#~9waDDM73$5zf8pq=$*3dWr_m8s8)0QSk zef0~ykrShn-UynDv>gXLINaTvZ3OM2t$Dhs*Qav&7s_bBFQO-{=zpW8if-tXF1d${ z<5?90;5vrmqeD0tqeZ7siWi16WKn6zOI%WWLh!O{nHj-W>uE~o0<)UOB~Cf8D8a_y zbGP7yZ;%YDeY8AUUUR9^WLi%VjFM{2@LX@r`l^>ogh~h$X4|>HNvTW>Q1i_aa%bHn zaK%#C?ZgRCI(s8$bEdGUOE@|QIT_?!FD;d=>*s9=Qv!>QpUKMoJ~2yXnT)CZG6=L3 z>(E=bJg zhGSsnlS~cVCp!z|LRU2$b!SOtqt$8|f|F&|%!#F3I`!Q3*eWHClCrI#OPF*~gU$M= zIJJT1BwT9)ulL<-U+q#wX~ZaV@O=AmY@|vPzzsn2;7c&2g-}k%$>||ph@wAeHS7)Q zRCj}fGJCOt$NwWw0=XLkHEkw8u<5!lC{Yq9*Smg&K_X0gpT)>IfEDhljdQ`khR1Qd zFaMly>;cJhJ@xxfEC8MifM3tbZW8GY=kQW+)I>I52xkZMh)5z3h- z-nbervvA3+l^xadvRLS-Ox9gD3O}6TR?nj7l&97((w20Cv}L^@b*a)xt1JBU_&x4i zLcN4^Dq4*oN@3q$1Ry-mfh-7XBduHpZ62WqZ7z^Oo3pGmWVuKo3!-ZNAGV9_6@sZF zBb2qGIdkgMJ}617QRmKeW_mjNI4*t>r3*YP{KrBS0@KuF0+kJ59$6-qxpV_d)t?83 zqCp4x#_~di*oo=65J;UBDo7U=DR6fRuaxw)vY>8!r7Xx&wZNRB;9y)QX4cyvM6{!v z!$HI98NCo5FS+4e?NJC>VqKt4Q+C-3nEe(MX1Rw3#=)T7=NOz8CHuO%KKng2e}&KE zzJ`J_L5sc8<|TTg>MSIt?DHj#qRs`L4ZQfaY27rsk~o123#7stkSzhSnxAL+*kR$t zS$)%RzV=W`vvXBL+tejUr>tvN93{qynrOWMxw0(?e1E=<4ldfGT%EydR|fyp8C*z0 zSx+2!7p7u>P5aAcDbohfBt~u$+a#x(cB%wb^EJi*9KBaDt5#whVH(Ej%SJ9o$}3t& zDp#_dK97%`l2@+8+dkZ6VkE7wV+>d)HkVI0usPL;?&=i_Rt8@*f#_3=m}1zYi=x9V zg+s$9AFG*T+FfwjTnf%2klVCEc6`8ccOs4Zum|FVIPw{%Jqk}aBzIL>B)q1VX~~m?Nsyc-5Ofo(7UtYGi)xX3 zsM3a%nk3Q7B&($28GQZ-eM=WMOIvD#zDyZI-Z@{X`ZnUO2~1(`?w_`=&<9k6SC?1! z;~r&+pW=#Mh45mZAw=~Am}ht-Rwh%rsKhh@m`tU1?i2R+@q)9a6#Q}|v}icK2b+46 zK%DxaiMq$%&H@GE+<>a*s zbQp z_-Ya`#X)0PZVj!GA**%qZfu0oO8J=a7M~gV14pQBA{EogV{n+YDbGSg!eU2rtMGrM z6Pl5SBlu!ANW4cMiJ9Z|(?VAJ@yGks7UV4CWH2qp^=DNn>(6KK>09mM@ijFY_~4HC zh(mvFj(mm}q~u9$3^8yE>P2_9b*=E;!TWc6$J?iSyAvs0%w|F2-JFDf-aCMdx8jfF z#q1w#@9yF5&Se!h6tNU1Ft9$S?*Oc?9OG6a?mUJi&hz^1!{tH4ij&wkIKPO96|j=`^oN%VQIth_ z`rFZ**!M}1EYkM}`!J@TY`0 z`=`ID^PTE*C`)6&gPP;AI1&5&bbmB;FQnj#)%_j+6o!|`BVqfm_jfQdiRb73o(&=l zi(6z@JL=rJk2^F%NRW;%&o8eZo{l+G4A;UQ&|U5)5Dt>;?qf^w=n%CNqREd4lYMs| zZ-~J;;J3M8A?4`p_HU;+DB)8ygx6>oHzkVdb>fNOyV;pIEHRzdyXTMy+?%bAtu$j4X{b+j2x8bEuL6YG)?SU4HXK$w{1p{Y6 zbs6mKV#0HL`WwBueL=AEmm`j`We{#p;pvlmISk740Joq^*g)fRExUWWeA!lC)bZ46 zGR7kFcu;btfzi}z`sVo6_p9wAXSboSfxbH24c)3z&>!$2U!N``;1J3ZUJBd!WpC%r z$@_OxAoS{GB*0NJ6FUcrom@APs?&W0m=ksS<}@d0^Ml(g8RIxPdNW?(%#?kfItxNe zRUpXa8OM9C19^CBPx3 z`oo52a)8k>dlCZtJ%*qHKRJ4Zo-$~nM8MSNYBfTUAoAlWrqJRVzxX$n$wGtsu)l-% zGi?cCIbo~YK7D^Y3p_z9d5heq(mnkJ*PNs#kH@07#Jj?09AJU*#nu_-(;hbKW!mJ8 z3w=*J$P~s^e*?Q9wdbS@N*V`S46$bn_p8c{%~60UwSNTX42C>0he<&Gcsjf&*P;0+N2-| zFmw_!C`nK?i9$y_D%(d82sw^OjM0#`6jR45c}APWaa>ACbMHA#l&P?hqCV+KYU3y| zR=I`WOBNvZ;J7}pU!Ctc0lPc7mnpdnVz{KsAf}N^kwOUgs=%@1m(Un-!ZTpg3S+J!PR+;0n+Der%sFq!M({*Ri#i#cWr zdXX7C4z>eHHc$QM9>)l&CJc{NA+VigpJFvin3_nSJjxr0;Q|M%Cs91eID=E$5-~|N zJ630w`dMXm*4rjWWifWW84Uvym=Ud<5>Y;~6ZVJDAvGrXSGE;y2 z;ip9W_WP|LdeHB`{b8B9_2Rn?VZVLxqfMDwv`#XTw?Xm`FTcx4c42>d`4^M?8Ma!S zYEnCXPwMs7*#soq-Yv*YogPB3-RnF#{Z}n1kf4n1)6xroos$`^AOFy%p2p$%+{$ z-ijFrV+|Z&Z^d+k$%<*T*@`(x*^22X*@`KoY{euvSuq}gMPJa%K zmli9$ftjtCE=00oI!fx+nyA>P5&Y5XqyQK%e|EO%E_1SC212%CdSbL<4$7hxbFg4P z#}>c?oo$&{P+T*i@DsyK@B_7+&p(Sik5h?50&pxFW|l&@J}2UE1b3LXp> z1DP_PEwI8`PIQLZbP{6xxpJxrV6dh7x(b9GM znF?F@wP=&tI7*B)SYRnRSzrmlFqti|4K6IOGbNV+#JO;(?!+`|{{Kx_vSm3mW<~-J z3#{=)3#^By@P!4o@ppTw*BwOI;Ubqtim}WVSjLd2L}HZ-7TC^}EU*L47T7@P38L!o}rTbvEHz@ai;zP>M4Tir)qQe!)to zd!;;tYc~X=vu!((;l0O=)(#(d+6``khDYzX$DY9b*^OP5*1vI9*&eV3=FdsvGd^tv zz@4|`7tccSvBY)Px&V6Z?S$v`*{6jtj+8?_-{Q)N%Ud5!zd6#yoKqs-Nfa!3{+ybe zgLNm~@8JefsQCk94~3(MD~<>F0Y2j_CXTB2Bz4H$%G97(t{ueD!ZYWB-QYP6UT>Y^ zc(}Z@>u6fIhkJ7v=!k#2wqgE>CG4!oHGkVU0I;BQnWa#@&T_o-ok($q2-YZFvHqtP zZ+O+>*S{xKHo$wO6CC&F;LBG;`-G==FE%2sTJRaGgur^Wma~a2jH?T9;A?gFJlYhY zaiR-ft_t)kNBV&GsGN8ddi>&n%hlEMow@Bp%=+{7RbX@Xkc0euml?w2Ea3PrmyhPn zI*y89&#A}#rB~DJGES1WkNF@Tx6U*N&^p*~hE7QS^qc|t+}uQH%7`>YQtGlZ(VcCI zq;}jZfbL{mz|)zyOk0XWPq^VQ;6mEV6L3*D&&cKRByx;XZxi0nyJbR^^_E2LQdaEW zX57xT1@3sFEs)St*jctfNT=8WZDZEs$+Z~H2HF6p(`tbh&Zz}TIH6Wi+5yo>nogz7 zWOp8|Ao3(y1&^KMKxLnRSARx6&;;+H$0g-<=Ig$`#vlhu%R8Vg_U92URE2`oEE z+$C3yW~lihiAy6N2E`pJ9N*@nB%x<-icH(FQi19jB-=r7O7M&b44*-KoG3 zbtkaTp4kC}6H*47i@-Ol8Jm*Qw|mqHzygS?fd5K#=N@2OdLn6jic5ffj2C4*=nE_g@Hk-@k)-$G_vU z$d`}2mrro);>%awzgN)h+&94X?BjRatrsxv(@&6g4l_*qLq~f@Vo2Lt&fh_n-+yj` zboae|^nG`Jx*d1@jC<`3bGz&fF*CBJBd4OYI*v3|LoV*%Qp@%Y_#iybibi5+M=#16Bj%56t%F!y#Uo0nQ9x{uj+f_qrE2OOZW z`|IJp?>n$!$9E9@uI@nler`hgPHu$V9_}E7-0GQ>PV{@Cfz17)(LQC5jCI&|6D zE%rPu37K_7H|=mr7`L}MzQ?YnV9WcNgWPvA1!<=L@!O?JH`gp#Y3Rs%l_J7;hHAy3 zko$H_PoBhv~=VZYHZS0uut#b8?Eur9alD^h~(DDne4 zW@9h00d6-?vkxYRjT|Jr#|2n6W|}x|$XL>pW<@Wb+#xjHzBlLrCphc}HlDt(XHq&4 zqBXEf^ZS03GzJsd7HWHaonpIu0~q^z1LMw~eT_Z62G z+gSp?#x>B^-iGw$r~!Rx8BQNm=MIV!2X>&qFZ>O3k;BcsOnY;GkHI@QmiF91)iVu! zX>Ul(c4M2C_Qu{QBhxK}TiP3MOg~K!y0kZjQI<_g+*~m}x3r(JDJgMjZvkX!@4s|u zZ-`sk4@`Xi$EPgq?Q`<;AC$h1cgR@B8<^JdhNCT-KmP#LlV85;b$leXbv(gh%}%&n zvkM`w**lom>>ZcR!+nI*Pd@o%9P4=b%IkOq-8#MjwvLbAZ5=OQoN7#v4q!9P9Rp)_=dT4d_&wEDkCFb(>h*RLmq5d z?}OzW#G5=sieJZfAg$v&9M|!J7VCK8aUGu#46TH!bv*I0ZdbnXt&8!&W9#?;$vQqG zDd6k`JtFIP1Kc{^u)dBTKwrlbSz5;jT3g3w4D0v+aSG6&v5psxu#P8^*YSq+ zb$kH&I(~qv%)`I(~p-9q+KQ zju&vO`6qKwXc2 zJ394DfW|uBbM|%oz>0PJAga&y`1b4if%bKMLi)Ns!fstZ2qE{;AA2zM&R3SgMvM-1{XI~iK!@eNc zvVCEYyL~~BwwxKiU8;0pZKaTgv{7d+i1Ccv#37pY0b|lq4A77j;hqYjv&4?X(1yCe zYF}V>At~4w40A;yJX#E<)DG)%n|*;2%)Y=6EbxbYp#jd8pxFnL!$uAg-s2LZ0USS@ zI9px1@4!m?g3-Et!2^yv*cTd4w;Y(14uq5%*rj><0ws+>PFB3lzR)RVUl_o!FAR+K z1^XKIg$SvAVPIlk7@xE+_^-BH50KThq_x`@jK$d(W~@zuB&6CGjK|v-3{?BV_;lJQ zGQ_@MWLEbWp*zE<3PXB5G@#iROpe$W>`Uwm_7!ulf|9?kdE3S{X>+w5VE55Aez(vp z{c^9jl1J|KR^f|FFi%Az!djR-Zxx9ST!IB}TSdB`t$Zc7AjP`Nk9*VR`eO#S)Yx5ITcgp@Du9NMf=eU2G7i$Bg80ML-j#NpjGLcnu(zTJ2Cj9n#ZYWw;|C?0)NR~{q|G+PWefXQ~cG!X+Olnk-w#o z@S_(He-58gd`ZdZ-{wck4||KA4u zYyADs-@N#*jqisBfAjD71Mzh}e*Wig{^`H|H~9M>zWML@`OUxenfjl;`49j8zXeEv z{O{l5|Ns5(|HHfM^T+%3{ngVy{m=g&ao+(SX;t-25ev2#lqQNxlP;TV#hy*FOWfTg zBv}O8!(=i^hMmj|QKke>-5mIr?joOl+T?nwiV*qn?^cvR_UAB@Zg?e*&0G_P^a* zYZ+cQRIru^xxykcW-2R3?chN zm(&*5Wr1te1qbh^JapUs9KG&AC|@E6cbq-+;(ZZlzv3VECSI;vpE`hndIF(-oPLK3 zl^%C1!f1ckE6fdU%o7RoNgk%00yR*v&8}PHM&&ql=Q}b}`kG~)HhSr^qqHsvMa-PU zkS*IynL@WhEWWRy5iI^;ucQk2JvT>NoF5wA7>i#PJPm$#Cw^ZqBJKmcj~4Kv@dFZl zPL9`U#gph-k2l_hBzo;_Q;SKzEYXcqY%Rbx|E&C;yrI}T6#+Epy|GQi>jxPxr_&W- z_XcSl;B_MvXUgZiE-pp`7V_-OLa4*sHx_b0j+pkZMLJ@gt;;KHJs%xMws>5IWcJ1b zL;OZ&C5%{X+kz0+p5@L7TrHiS<%Dki;#R4tntTmRoPpMQ^4`&e_TUUH78ZykKT@*f zO#pg^gr8{FXchmkS03j<;tJx~hp@-#pFPm$BlMnhAm%!^-i{~CRn+QPn5xGvGTTqA zJyf5aKn1CV$tyARVss!=5Ml0@>#@IiVyRQibG;|4pF*-d*CksuDx%>DJz^UuVGwa% zuj)d>lB}Yzh`(313u^99IT2~3R%(}ZqGD9Q^S&+#^AM*9qWvM1=TBWcIm(9f1kydx z$E$e8e)zBY3_%T2^F0aaC-RV| z<1KQ}C?HyfBi1B9e6LHY;gJqhBOh=f()Y@nCN<@0f7mNcdNL;W!GFvBfAc1fd&u?Z zsaj7WyeH-rm$5xc?-X9BF_Tw7s4{p`E?X1VQSONuulICyClljN9uZ7rJ1mIp7i6&G zbIqE#rlX2cfqo}*KQ&P;XO&CYW5-z{1h*;6)fb8J<;Nx#Q3QQH@i5Y zs9Mdt_9|`w>-s$%74loFFhw}-<`HQAar>Mae?dg1Z;(JV<>vX2!_KYSN zhva^g@65-LEvN)9&t=<343;aXA@+ALj384_jNn}NmOK)thvj_Yta*hz=i~=;jv4c& zKEvMi1?rq#b4hVTSO+wCe+w@{h5_;GIYu!8}SnN75^*OX}u|=(h+bxjpj9a?F){8bS{^6Fcm8gp9-5ZUf ztns{jVlX{Acb=mN7Dw`Rp4f8|+0SNLPwQnxg~n$j1-@o0e@{ z2c%T4>wu>`&ql1%)vz&mdNL(%3cbrlZSbQ4HmsN{Kz*ieL#$O=7>$9t)`QAb!6S9l zaL)vG`wkt8JaXUI?QLz`7`g;@`z76inCU*S+p^7bAK2~5HfkihMK#K^@+hBwQXg-+ zT3Ct{)DeL)Dw3Re{ZT2RQavVqfzlf39FQsTMn2^JSNv; zj%lh@mFLjnf zbqOlV^GvoqMD>kY(I@^7ISW`2m3X>Nt+Jzty;u1P)BuN?XpZAiF&>zVJT^ZkOrwp$ zsFFCfY#4*G+qn^sK6Gdt!s zZ`8$Il>J^=Fvu>iG8x;Yvz#G_4g3|NR*9&a$gS`v#{^P+StZc}ym@e*#rk*=WD4vi$vfG(Xgg$RuJ)F^rsPZY?Zq*%G(lAVabJ6k)H&CHwf#6x-Nqw0J74D=5@ca8^RjWl_&N;WI5|~?Qy)> zXO^?U#*St=$YNiU$2;TZUPnlfdJ6hR?{Y7$nV7|>;Pm5_UR29vA9uAn4FN8R(w^9piD?+#|Wh?L`jn*7K<+Z4}HNXijC`GwEYUYvK28AE=7lhbt) z`dtv1E`27i@-kFAjf$-oROesKPeL-hU|#`!&h7HfDnkqR5wxLslw~!JQdVv?fFa-G z(5p%^hE_6@;{hw(n8)}6p40usR^y31`~~*u1wCf>tviCdoGFL^KPmWQj%gaJ9MMzt z@f`@yEBIoLXc??nu0WfcbGd3));mNiMg?bRLwO9)QBC2BF+HY{^6bNUhGl1kqS+^jgX!zr`t3_ zPkudKaylWNr0!hdIePE8)7aQ({=$7=k1@Zm!dIUbcX`)o+(PXJp#OcBd&{u)udDWn}5nhCz4CwBcy6y;%yj*t$IX{5+cT1k(RT!GU-CwsATbN>Y z$TAZh%@U>9GC@>1RhOhQIE(Rs=8n)Ulkvi%il<)SoO6AiRh1{yX^|j;Z6fVmpfj`# zQz}hlmk-dfnkDlRGqGKwGqz*$&OpgBLT`Y$y;t{wc6F&98c~3q+@F@D(wc!YIin@z zPVmMO@PuidU$-7ZdjRhTI^M2ItGXDxl?f#J+`M02nePpEqwIlt`Z})pw&t^l9Fb~v zbM;i}e`u!6lck>3^y+7_n@fz=T<(EDhriEfXKXCap_v$Ot!HY+lgJZte)L9NJD3^h zMjnw@5DJNIO)#%%5bF(C%5{0xqae0Y?NoPFVpK@L8%}p1TB$*EFjkaa5_DbHhQ*0@~E`O(Cxq`G5ZLP;H`Miivae8vJ z)14Rx*v2pNT+k^k4O`b6ifsc;ye`V~0Ao=m2+iW4nte;|Wt7C5HM%0fZnUIwM5i^c zwDBVJ2B@<;qOZA(;XwO?!}1C7AePh&Jy_S>!jT0TqTi|8@i8< zAACthTrc!Gl8@L2(HHJFDywlKn@1*MT(np5c|YTDEArGWT$BA)Sy9ecJ$M{N#vsFw z=rZnM21^&+7xo($%W%1R@&@Plr!%7UW^@$E0&QN%QPxHcm#rr%oIp&U;bs~vUDWZO z%#mo*=EVE_hS)bz?{Z3prae$sjCcQs(H{SxWyQmwy34y-RxUGeIaf{~i$x^q}D%Crc;AtJ0L*81$Zql}n^+ADL#vb3` zY~IrFS{3%kcv43F_H8uei=9-ZR*NPI{HUd}CiNz09t-p^AeXHt4sgYJ0B=LF{VpuE zN-Ol>Z#`M0`x9zOrPXQ}!x|}5o^< z%E5{eI-+9TyN^|_HkZS(Jl4+}hxh4YtpxA1c;YbcPd-1ZkQS3V?Z+jZ;OYU{;C=h7 z>fM@AX3BNt`Pzs#P_I^#6v{7)l(K8p(!9C6EJi~&T;4zDwSZHZ9MyAf!za%VD4@2N z8{Hb$f1OrnbqmhGMsh@ojuGxVLz#M0j>WIS7bD^SVL}8V$Y>EKp)M#83*Blvo?-Fw zYp+MAN9W5sgI`brRr6t4$Hkagmlw*>GnqP`_}$Nimy}w@r@wMf08#87nYS}X-gC6B z;wswD-b`80O?)RAXf&RsZwMB`ZyEv&w-haBxzVQ2V*_s(LK*z*B3iT23Z5i+x~x@% zGf~7+@r!Fr-9Te%?}0WRHFfQVQF_Vk6L8#Gz+~mk@8PE+!#JYYxvhW~dY3fH=Wp)K zHK&yMo6Ue&g2*D*WsLZ%aC<~0#zKA0y|M_lQt2!=D5D4K3ZdPQ^*Je;eHD__`qz3a zk#8!P%;Xq;rUZJ@scdq}p>cHkY@nrs?0r@diQhKRp~QB9y0t5^4vJY#ZylZ8po59^ z1nSqRf}SEx^FfVpa5isZX50oeOV!X$3fcU0ksW>DR1g0O2vn^HWPLreQ}d=ky?Lr1 zK5smy$ZRpRb3+kvMnkFw_ctic&uUmk;UV@hWEl@GTH*@rM9+5vzkWk!wsS>Zu0mYQ z4Q1uaviTVwMCc|c$MN)qyw5k6%aEtlI*>R<0b4&$!wJ3<5>&r0&rYf8-Ie)DOHJX! zc%eDq%M3I=;pkLC>qF#UGr1(yX^KuwZW|yopQ|GoN)uZLs5EwDzSV3P0Yi)eZ1CJ1 zg`ZtFLWNv%pwjqaHYsb;dma%gP!uU1l(Xu#L+>F*IOp|oI>CJcm}Z`z;n)Ews*WC< z;k4t_OlYTL|ICxx;a|j}s`DXzPH`$FP<4JctCZSmgu+L2p|J>9#Y6kd!Yd^ZBOX@3 ziBKnj%$xL)sCLms7c=Tz(8q}}M+Z@FzK;~AJ^~qIA;%izJoNrqchAT9`(Pe=eb(O> z@gmGaQC(XpNHU3XR)uQzle2j!GmJ8QMe*>DMR~?}0m>7h_&eUkq8vNrW8q{Kc;czL_=}gPsXE+7jPRO?CqADTbymNe-P%Mr+aW=)1%_YT;8K4jV~W5%){Pv$s*V#2f4`C1_+#KHts z_t#BrcAK=&VH}r>Z5GX6KdGwj$%LPMwl0B`BYEV>+q!l7|H-Bvk{#xxK7lxWy1r_? zt}L-t0Q>t}hP8Qkg{~qG%{<^t`C1LB)f#R#YQdc|VD{l69$i-(CPOsuSTc}km}4B4 zOErej9%`a3RCfh(^VHP5Q+nq#&un4)ASotsCYZl3UK?>9}|%KfBD8Ma8^6o{vPP&>nuNv=EYWNSRzHA*(QM1ehO?RW3$xkNdowa6&E^=w{y@`B-B0bm;df$X+Yv6c7y(zU*g_>W-e_rz< z-8IBkil&5D7n$amak#Gacn7~m*iIvW)ewr=p>Lu)eU#+lM$2$_X+%TkDoHxEDz(eQ z^Ty&{Oq^XQqxoumpg6lT9D)h{M%Yu0@#g67(#hL=eV8sx(hWVP+%E3(Sq}AKWCzEk zafn| zia507W)uZ-EKiK*H!U8aVcE%9Y<(cwJu<^GFZ&fULU(wKrm7$ z%At7zMW82UDC!k$KFH^yIV`KANynqpN!iU5u3|}|n-`8rCmnRcwK}O+Df#xQ<)O2N zb)r#GpY1^%9$q^@)H8DV>RgA{tsfxjfgY}FHV%^OBRyQ#4F}&`1FDdprul%EGt}0L z@lk}h3IQ46Nx64+Vq^qR)pt`QDz(FNHi*_+Qt8>F4zb*Tj-H&dsq%LhbU|Y1tP0f! zPw8Vth@Gf|xH9!JV&!i4}F@Bnc6C4jg2l(_9X{FTO z$=+s!L$Q6J-Hz`b+}n)dL+9{06xui3nc75(L`Qkm;1{eAvr98660`7n88Q3aL46q# z(y*##Lu&(Ya_~%@nFCI0_h>r$w{#-QdgEhzF4cRF>2iCm)0E<(y0(-~cQjmkfGPF{ zbPBtY=F$u^ygNmm!m|xMwyX4xNuWegwtG$iPpyXrzw(5>7+PJhn<%l_vqR1I&P`cZ zq4616=CcZstjBC9N;E?oH1{pU=^myFQtE#wem=KgE!J|0-0M6w`3Z#bJRQk943M%z z+r+hkrxQD#Lsgrt27Q?r7SWJIZz$-nZLW8SC5kHO=N2rKkOo*4-MWa>H7?v0b3$3R zt0TG0UyO%j_=18}+G$5>i)gxgd}fQyYIvsz=3g(&7@4bLQRVjQbVkWu6+v!*&x=w% z)}gzY52^_cO?yN&=HkM@8gfZ(0ipfJM6-rlG0}FV-C@qn8fwKvJIh3~hFLMu?rx%4 zLo6v8y3^yHX>708$wc%NBDO{pm0q0Le3ve1vRXqaBNT66Vjwx3S^0zPF`Nb3BDs9RrViGCrizCrMu9GaT1Q|-yfx&Spkh9myFg$ zZXICC`HEDQ_94I2=26dbdCH7YT$EyBU6wJ5Re6FL*()=w0nf-@rQwA3V5pXUb&AAm zjNv;HC?l^)^9Uo=D@!GQKv)m(F|Fd-v=(HvL7#=ZrXa(?R%(}LNa0-%s0Ux0p#=9K zCE*F$y?^xFY4U zt5oY&5<17xq2$^DSZ`2RJ2ofV$G69LVHBNBy|IY3)M^-?tc!UeJAZ?kOQyUSt9Rc| zs3bwn`KBT}t1%Ya2dLLyqdHaMMt80)gl|0oP9ITw#e~$V&;=mo&^jikH)qnLr^^S+ z=}nns5K^sN3Z2ja>AgimY8oE{i=_vUKA2eqajIM5lOmzs^jglrqa(9(G2hSibc}o> z*-!g;F<;OH5%I@4Vw^X0ku-mjV?}&L7jV0#j~C}1U7)$2lov(>1Y=pvv+P4c9UiITrBzLvyUn)w+3TDMtdcqdVkC6T!DRqQ3f$ zInEBp#Y58S0U`ZQjzq7^b_cn`@<{#~gi3F|KE#b_!|sX>MF9Y=$CKHt25Gb{~0HrPgSsk}j*e5d-^YbOXp2Gu)Xl{MAqCv^K1%^u(8K{vyd)TU8I`7RHp z6|lrv6h*Ah7Er6rYL*M)L=I0+eoxZxTim!iD?3|Ne!zZp@I9Ewy55J-s|$%WCY8$^ zaKFTZ-XZE`x=GfCm)hBSPak+DN&XQ4T?xKaTMG594W843wS@nPo5OEcm+JJYPv||U zD4M>>{TnEMtd5XB)&t$I?bUd*3B~b(zbWKqsof4g?^^GX{i!7TF9Y69Ya}4GIuzYr z;6}EeHxzps+D?6QhC0hO)hmj^zehsZ@<|$EOBL2}d>U0H4F_s0UtaI2uums@`hX8N zmJb6@dX)oP6@V!=OIgrf6W5rw^i9J=viDbR+(6H22I~SWVvMtDW!&$afHq=LrlW9>N zcz=QK5GVUW(>6HkX=y=rKLn zeidOpF~_Vf@x^Pdp{&$$(08&|7kIIl1?L$1V1U(Uq^ZF|? z9M!B+mDC@J7y(+0>X|JcPpGfeP}OKaHR=YWJf?Y0EbdO2@76G#&66At_}}L>yh?h` zH@By0tV@dJ3OK%6!|c^dp)y6i(hD^_dz2*R1}ybG1+2*Ryk}#8zaRgIhRW6MAmw?b zj@GIfU}AZKyCPncVbKLJ3zbf(ylh_hEJg#~@P!ObW!#9~06N|`Xqc%tsQJDjR=M8; zAH1l5>Jh9M57oLa&hf0_mly~2DN98h{wkjPX}u_v!Uu*WPVRFIT85X144c;LY~_6KwZ#M&qT_c_rwy`79`=t=uGHp4wXF9~Y56|>t4>&g0GGy0)NX!v^*Y{Q(DN>z`dhiMUN_TW>yYCqt zX>>v}=(9Df@Vz)xE$z;+vLu(x^Rq-@l`xtn?#U79HbcJWAp#!i+%C!STIS_`Vw*&> z#7E>fm(;3(-vuN2U7&2AEs=40AGDgEsfex7GZEs`mp}2{CZki6o0Em^N|P>oXoT4Y zvi$3GtVQE#f~fj>3vui5im>4e^6n-4{il*2v*(QT3^!P#O%PF>k+vgt8~Rw zw^rfxUDpHXa*iJFXoQI&T4TV=79aR!^K?x14@ z=PDHG_T+j?Lr?H6Drn30A`^`Ro!dy{J^?!8i%nd1iCDOv49z>PZ3DMWS($ERT-M!R zYNx1%dzp>cs)U|cdV0cD#PCrTUbr8kX;$5d=O}jM_5<|TwNShD2s}Mg&|^rhyK_Xk zE392fYV;IOpw)m{;D)?9X2-}1$(2fH*}U>nYO81tdYhahqtYz2zNk}_>kynr9e7KQ z;4|Bju?f0eWO|BjriydNfoEF7w~MS(w>TJ><|lA+mcUXEaIv%+eW?~vpFgeU<}>F{ z&rKzBXU~j}j7^M%e}9D#$DN3w_urt+(ib=pyRBCE{=Ub0c+U6$wI6IqmNO>ZWnP;v znWGfB9RY7y?ZRFznW;;RxgPNSmrKeV8Y1yUr>KAMVN+{MpNIs$-HMR!??Y}j=n~uD zt{UW+caV)yL{y$jWuJO9To1tFH~~7pZx$@7JYOCf-bjfi!q@faE99@(m{B(WPz831 z+86CfwOn3do~6*v1aUms#)~3XWV45PF%zP^e(m6_=x`f3ibfIJyL&OCu=PYlt{+aY zk?oH!#W5J=)?;l%ion%fff@xJ#7Q<{rxZGE1GVm#i!otwp8azuiDE;jg7}t=x-k+e zh`CqUs8N`r&5_g9y)mvfP`yGgOgYAFa@z%LzglG5X|ZPGu=Q9kpNZb7XuTRH z-B;6EV?3G~GoOB4W803FPf;ZNk{2_^SsTi7U$l`2uG?>TF{7{rmDxKBmD$2Po#lkj zaKOa)bE^CAc`T!GixKCo22>}#%iy>|L81{@XQPw-cN=)Lr|T4jHAN}XC!w;3zm1EyE^rYov{NwW*x zW!IC0)CYa`2uWlUe$&``YLKSBfpvB*+`!NfMY&YhI1!8HU zIB#*ERU zd1}s86npMrBZg0SL0x@k8?QyH{-x0S+EE{Rw2e97KJ*wHF}M#!)6Vx5vItjP*#s`y zw9}J0hX}V*s1X=Dtq;=gePjKC4W0^jn0`Ua^9!+eMyVzzHvw1khP{ z+k+ovKLo_9-xq2M)_t75e7$GlvYK>#e|65+t0@YIiFy=yg^p0v-9UQ5Ce<{Wy&O`g zOjCR=6RY)wig9VQ7!_3i?>GFLFGU>uxy=U*RAtTfdX+c>t_RWNn!?0~<=ZP6`SlPs zu0{IFh1c~$D{^!v;I9i+tMLmw@KQ~qsmKQ%GN*+>kGjRko_dGxcx@CqOyYhl#=aXOXqQ~iSk<3pj^nMw0zp+VWj^g%*3~jT_V@Vs~UTEYC4q?&ydQklx zU_?*GWe+!p31S(8*x4*t7Jc5%BBsyVDK7_a{i449!v)PU!?28mwh2E{K#DT=^27+f ztK&C?*x18L1GG+0oDtAg;YW-7Sb6jmk`5=f7O)-uF$0ZSlbxa22K6Q%cj3`{MS%># z9Ox5HL~}7zDpO>ko7A@;y_${O&$`Z8iiIY#2Nog>N0&$ysi*rmnPholq1WRVvdf)_ z=O><6%6E3(1>(jyRX{u1cXgx3nFj&Z$3ff}tkJy}w^Q5HJxiu#9u@q8ql1U-38dq% z6;6%lWvXbWkSN}^3i-0xXi{sl82Bv}n%K6BXx;X*f=j}pAKDZBWFh)RI<*1$@{NUV zHARc^wj`uWob2uCIg=}q^^3^eKL)?s1R3~_r9IRbiC+;pT_*q zusLSFZ>BMyGqlaf9wQTHGt?j5ROpXr$6}yw;(orsv9nAy$%6H?iXfW+Xaw z`HGII?M8<63aH!rnuh9J?2!8k=oY@N;l+Dp8FBoEj_GRqLw zaz3@5R}!;C5&bq?pN`SH$MkVZQr=0=hXz`yXa2-rcOG2CiW6JGzR2xzH2)Ll(h3Z9 zv$rqcMT%{}1HZv_kJ6huAs{13=#$xM$9U97ZY!R7?2()~a?J48LD8)>cgQ4}2C_A} zNs2k4sB*^)i-Oo1x7y@*zz6=Pfaiu2+a$1(Lvpl*%9@z<1<3SYqSzIz z#XLdJd8p3Q@9=V60_lE`XJ&n-i}P-xa!kPVP8w6nO6%7~LPZ{V=Nz?Orpw{X5BtOn zQARqfh;=cAw7`2D5U;}vSRB)a0wWE=I>Nv*K9Z5k&|@V>Q=~r9zzU6^=my!NGOR_% zXRTsZD8t?*L!!g+i|Mq}E{&uy1=-=z85-x-c7%K8LDhHH46Dv%m@{0;B?)SyyJdJF zfJkMDGC;s!`8y_SBGZXerhn@Pemkh#8=s0;G7zE>F(n>1^wyNJy3! zWR-e~)Y~I6KWGsnf~v1k(w4(=)u?5hI$XhCYfam3iJ%7&|+eYF6sAv)gp%6UP^HZ|xTdjggdD z2I8Qc@G+j?WH?E)J0Br#qA2~vj2Asn*rkUkEc1{{(GxQdC!{Z>Xc4{u1YPo%Qwhqa!lc^FyGS5pfjC|z-4i$NVpDdok4V%$=P&Q2Cn zEG{7Sm6bfCfEmY1kTf4!K#L*GwIFJKEwzt!^^(wO2AI#bc=LlY4}FH-su-6FN+SrG zWPF5o{l?B#@rqtyGcQY*+q~y18-B^|>pjV(SWUW;+PDx>jD~jnzG0&!q5H<@{P%Cl z1}A35N9U$y&Yzu|nV8(-xb{NM5me1z=dFb?19PCaGoG({0|U_tl~M~uHQ3jBa-E&t zHgf*l_<3_NWQuCAJ1ftd=;MXU6I4fSlU=whJr(-#pZOD)o8VNtorWeg(B+nKHzqYcmfaH2cNsQ%*lswCr%B+G)BC3ycQevA& zvy5*Nnz9NzXozu89=$5V$(z*h=>poG`j&;)Z;EwsO7({B?psowIQdx4vX5%D;&S{`mOI|b`&1PKyPwE#*8Vs zT1Yu3PldwUH{Z=TIhr7;zEF4fJq^cdf5e>7y9S@lBzSXU201FQ|4I=xiv6Q%=&~YO z94qm3cSn%szMpB&POD-WB33^r;v}TL@F@Ub^}{}zIY5!K0vY_LsyC)g;2NPsMfy?3 z$W@fckw69XVKuFp9r2B8q_G2?^Ix5^@{eo8XdbKJZ>z3xphbvRAadMA^%}EN$@cNN zv!}+A`AWk$B9QV!J=@RK+@z1TFu>acuC=fh%SKr)wn}6vKQ{2{-C8I+U@1Q_&>D2w z*lrtuVtyz-zLLK?9P8_D*NR~%Vl-5z|J2}jakXwdT|B>KxT0 z*JRuj)~-@ZhZ6Hbwd%ck@qa3zS9vHf(*tt!oTNQU5M!cV?#7IteO-tg2i1=m&SI^! zWEi73YI%H(E0FKxIM(&eVm_#L{6U5jzjyMS^xd7| zs*t}qjZ&;b(AoU3DBCDCD>`*4XIXWr)|fBVh-PD_Sx$=C0Smo4V`o2RCbm%YO5?kF zbA>7D4O>g0=YHUH@mm?6fp)v!E}%r}c7X-HrB}61(N0%qd43OFn-CoL!5rrM8MpX- zD2OHZ%Y2(r-A*mHMPF5p{#R6&h6%st28bnmURu)IhYaK3fghGWiC}_ zNqC;oq?n_p8@~rx%{4j4n+r8!R1j(ImNRA4NRkD8^3fWeE7VBYp>E`a6fN3$9EhQh zN%a@;M9yO^e0nviqlM>pfYt0{MLCs2p8lY|#!{>Z=PbY;&(rW+BR8o%qB~1J)tBVW zg->}r^VET>$Xed3<2v13%+r$r`Sj}5eW~IADrf2Oz>^5|ls@Xsg-|&zknYQM+&Iz& zG5h&Co-2ro`JwOlo>IWGj^yP?Aku8@+bN$?SgtR&Q6R(7}!k}IHzS)sYu5k0Kwt<(8teBwBUlw*3Vge#>-^)zQ=S|fh3y?AB=e5P<& ziW-@xXBUQV&RkAqYaoWR1eh=DVJ2HP53kSy&PuaZaklg^CHpw;cE?8vvze?k>U>d{ z{m{DHf`Bf+*wdv#8%zZUp_PUx>UubIaq%6WHeNjoeI@{=K7{fy`Du^&`5j7#~BZcO4B zf$qcIZlgEo+o^O0-=>#|lEp^LFlX^EK%VlbiXOz1par!Cbox^4ST7AAkEA5r2S zn?9ZNUD2?YOB67gtx7hpU+LD257(r;(f2a9)~vf%SSJnR6F{+cQ4R5KEm~QFNii1M z&wh*+qj*R^zb6gJc9;?)qv*I^(7Ua)Tt`GUKegJl!QvZqv>4(zcuD1CQG{Nr&cZ7SJjAp0ZroXqob;NK1wC;@d}=5 z-b0r!U*M;P4aO3woF|BCe=bBB?u8vot71G+CyE>0Foos!PXY#NQdUu zPcZPjX7gVFHKA1>IRR+ZXnFx8k+25CZ)y2YMpmsY5qtjW}QlC7DcB@ z4=zaDwGb=ij3WFOQmpjTIF+=kmD+;ifIzHY6l;Hxo(oP-O-#=5`+9-78hxp-Ipx^H zny(M5=28a~%hXdFaP9t+bQ09VEAN9d&!_2#13mNnl#UhN*?H;!-j?}a4QpXO_}f2# z)zPdZLLcerefWI!B8^vgCyAokkJ5=w&l=gmAJ}X)F07P0RT_2|A{uX8=uRQ__zj-k zU=4BJmPYjc@34caw;-IDdm7261cvbC`E)Qdq9+b_F9bXY|eP zw8purzL3<_EavC2Y(9nEs975wG?zO3SZlRzJ#r&P^<-}Db-!t%(m|P;4C_SYas`;D zrjz%cJ+G8@(#y1}N(jXS)^mcU%YAWTbVnVrJIDxJ)373Rwm_1HY8KNdcjEXVn6ItT z@{1}#hUWuMRnh6_nKDt==V(<3u;=XNkiQ{ zvJ*2y)1uESOG(jI=xOIReFju1cRQu|aEW@Rfqd@z&Voek3s+)#-ds_homMR=uNdkR zqXGLIE6OuPOX!L2YCUu(7)9&17o^FZS$kP8(WDH~7Qp9GXJ)TAZD3>gl_RO1-rR+y9tki=sfpmXhvg8c0NKdr!`-q{^^<-N< zd;5Tao4q6x9Cbh@{E`nd+&{sz^4_YK=ttI!X@m$1^g3xog#zk8*?!d{Vx=ju#L!TP;`B!IY^ai6m7M=-td@SjqWjBIbTq(e8fU-nWh^R zFEQjBV|NDi2;VmNnXS20i>OzAmx)D3V9|8AdR6+b3&{Kb`(HX;-T#2ce{zmzNAELm zYb8^KQkLsIdHYO4TQK4*U(U#vOzh%q$Vj!ydQYu#Ps0C=5&e4j-FZK}ls!6IeXk+w z2;XJ^&3?f|tLzTUE9j-m4Sc`nc)vDkvPjiOK78&Nmd}tyoepv1xmlN;e6c3))286 z6L|0Y4ezCcv0Y)7w84YMn=W6yqwc+QZ+cR$Rq0#iq^z#UcD9jXzMys*F?y?Zr_`Yj zE%@Jz(SR7$laF}fzs1N$YBC*VCl^gQ-%`*mueyZk75U5y3i(duy6gz7H**QKU*I!m znaJhVo@S@95NgHfP2j&2`fM$MH2ZW5v0Vz?fkFQHwL;ug42{4WX1VB8^;-pv zhM(V}%J4&l?AfmhsY_i5ua3}0(~$+=Y*m)%Zm>$rI_8mEkEa&oP3|u_5oe9V9jT0zMGn4wCN;g&42tHiqW_?f%o{IV|Uy zP_{_Qe{{tqMvdS>D2IR2XUooGMycz1f5ZehCZWJ3s zbK)-+YS!Gw;@TIO>mBPwk6~Nr#N)GC##m|W3Y@(ltTz>~c;7j6UjXg#yw1cj6Or6Q zSNqRYURcOP%*-w?r122-tcMk>X?2zU@X`+R5^LQR_VBONtoTGG* zTMC$PbPBPYb>|G@azxNE-n$S_72-bFO!}drL*B`ab=rp}03R}N)6E%us3Mmx=-{q$ zBL>Gdv@!D@A7;3xfExcwBkB~kl0vslK?nCk!#@kC17-VZkBq}(AJXhse5k=((LTv{ zj0lm*I8JOr$Q2_RX2{NRPwcnoM!`~{;^L^7A;XeS{tGhyBXdiA)eZ`3%b8`xPEBuwhIT=SN*I8M# zigLBTv-_f<{qPMgcKzD6c3URqx&u2a6 zFhZUSK$lQ0_)-zmEbFAX7D@M_Lgie*v_}(irl3psV4+LUQ3uKO7jB)}#k!m;(CT%C z*ihgaeCC0sqZ{2?b&M^fwuI`%Yu!wp4MI%Zo7{fmY!Ae^9xGl=b?S2q(XgOd7>>pG zo@(_p!hbZtcLZgzRii2G6@{oA<#s_2Pkxv0tXuHD&&&*e=ATqrtwt-xy}W3D>-S2s z8saYdDqyKD(GK{JiKpV&yXa4`)CW>xG%(NnNru*wrmLY7TMO!P{=%=%vj&TJN$}T) zfZ??nL%tR-{TM#Dj{{Nur#T+2#A-AHwdjdId`sHTGEDw7jU?OKicK8XC`fGwdH&B0 zRP#v(DHgJuUsza4Ey6d!K&ICnlv-*kQ;Ic==mhhJxy zBuWqr}+h6H(r#{GE4uES@;V)H z$7VOAoF$O#qMB?_L{KA*(e1ObFo6YKqw4n@b87pv8&oV?fO)+p+tH~>k8s79AjbbW zi+erU&YV9z=P_I{DzMw%YfQ(^jwD-PLx0c_XGh$SQSJ6;S*53BJ2vYPtQ-^A&~wx@ zA+uW^UAT#gwFxrzS`#y#bb$>Wt0owIrjd98UwN$-6VeYkd;Nk@PK%`rEccI^<#OZT zgp^wm!2FYrd9Ek;MaBHHhB>wAfw6c3Z>g%zJ+q;y(OD1CnEJdy<2gOPJr+-3xp&Sg zc@>GKw~o#Z4ZC5*OhH_Dv6fpHb%PsJZbv|;muXR#2bykBF;n0#f7NtK<4iZCoF|BX zKUAmTneEPbiXt&ffOsd(TXsyiNs1AH-CmkayOiCYw{G=W=dOu_3M}YGO`D7w2@^2= zn}*r@5Hu1hm<;`0LyePH(5B))GQ4J`va{C=26onHa`{gi%`q|&+bh_;x;~4ueSW@? zNz_>Iq|7rFF5ge$5^hYUPw*f*1T1EX?vi*S!i_PR0w>#lP$x+gahr`MUp>82YVFj` zS1e)RoBztKm&P=yK8-R{ELr3&?QHHw8xuKRQl1ZF2=d9lT?~U?Z9}uR|Ky0>I35Bb z`b`;Dt5Ryy>lwvyf0#_sH%C`y{?V$?-No$+!%`mMS3o1o!qJZX|MvOvM-e?xov7Si zfqWm9olCVU3a_(Fg68j~!*9a?=WqAQDiU5c>8aE{43qN&RrIQ?&t=4@^Kf+I_ARnl z$EbFolQRS|9myDW>#EL+Q-`1v#+|Bmo}Eob$7kk}iLu0boGNA{f0VM+0-F6im0X@6 zPkqp2XI)+(W(TU}XJqUqW@mSd&m^ERx8>k>98tA?ftp1di1f`^piY5@u5m~=#@0Gw z`FVA+ptB5*L#Tcpa*N2j-acQjFfuAH#xTmnshMNS*_O?kaL^g1+W{2Cm9+acl_8b1u52-c5D(Gz0rZ zbnE4Dxh5S?9m%B$c#s zAa9iOszC8$G>e`%Z-Dcu19f&gnluMD%u>z|Sj#Okys=7|?nvImqZ3_uVs-%SARR4& zZ6Zs#rH&TEQh?@erK82s9KgGE0grFEb_i2$DWH?)7d+Hlk1Qp}3-<+JEw?ck+6olg zCWvJJ&OANk=X7*~x5msXky0u2yGjxn(k9 z44H!Hd3#-hF4vRm5cIrto#DBaR&{Yt45@-H>B}z67;*)ke}_!21! zP{Yq4f!*9K^NRx7VD085CL*nTnN4R*yIC>pCVlfXG}Zvm-)u0fT0;XVKeP|I(Xi4L zW8f>rLf-+OW?;oSr9qR>gAB}QXB8l}4HqzDofjY-J~*p^$qS>L6@WVJvaC+avErN) zpiRUN7WhRuBLJ1f?Fzb6SJ&91R&gFgubkbYfET_6gph8^&LK#1HYur}BYQk7%k5Lm zN{ns{*~Z~TEW1b&>k9Smt!xTEy=gq1A;&-jx!_dwH3{{aj998I@tr?<>XGUV#pfNF zpB2y?rXrUqV0e0wp|dEHGDOyLT#?}-J+7q-Q_Ku?VE4$G(Pxhvho`rWpFcpfllo}m z=Mxw~2BM*?`Wf|wCEF#j>Y*j`t;WuZafy*scWAQov@G*5X0L`1-*y92kcT+&_=`MU zuwsrN`&?~dM%eQOmC9u951C9O?ACd_{bbr~xX8kzGx*gBeY4gI-cCZj*xfw17N|G^ zpk0}NSlZk-dxWDdw&CA#0bjYq$<+QVM(Qi*U8hr=n55CANOnl6WV_2^NPXgJUaNB}R*Vhe z)9+l^v33|eocR`~cQ|o_zq|wb}>`+qbnCVpRr$C>FsBhTP zI)#hp9%3@TCz+fW(*s0IJ9?{|DdW<$CWFJB@$>EM4tzlyY4$kHn$&J43466pRIFLF z<@{(TBK1hslJS{`RIiBVRxKJTp7uu`a-LwqdX&vGLf?XFrMuf48PP6$qw;*Q1C{P7 z4YeR3*~@Loaxof;2)WR>U?7P`}_rP0EdKJv1VK&SImDY85JCmS8XQUAF!3 zc$pv33e_k;ov~S}p>_nz1sc7Lo2z3LUMgYK&3xOXzEtg zs*>_bQx~I{7pe)K_LK;{3Oczz!Qe@8 z)hK_&@dilsk%lH2&7nxSwSq|gR0qR^^Ci#!Lai2f$(fp$RC+5sp?JVc#x&Wccn;yl z)aR%ZGu%s14mnDTdf}5}g!LfJcI-l3EKATC%xbb!6Y3aW6#)yKE}p0Gwf95TW2kaZ z1l9SoZwft3;~%oOpcC(A(knK zrccvy6v9$&z1$;(>7Ryaym&ZzB$PTG+J_ zV@wMH$C?9iu+xw0Y(xrvtI2%KBR{c!fardKjT$`9LerKP*?4N6MVA@XyG8>o<_RWR zS9)-*HDbAM0@O>jc%XbU()13=_#`)~vyB$Z7-Z1*_;Br(Pb_7`_h7efoehzgFVOBA z-F)q_ftW3t$z1Mc>q>26Ty!_f>)p6&I!hFYEfa)%1B?|_K> zdW~a-7o`FRbFqewsxBE<*rAho!1N_9OxKZ>T%UmH;Vx9ift6UNARgXT^O1Im=D9xC zlye2Mt9xs+D=OOtJiB_AHrMIl4RUsMi8gmocmtnZ-O-lmKxbEP)#4AA-r-+}p#AZa zHUG%)>=hHKf1nBS6*^}4X)frB?`C1eh^>g--E{8{zE2oo9iw4IuoQ3#e~4z8uHsH= zBPjP@;y{a`Ido$E1{bEYjFd7(+tWKV3+>4@D_&zTM)q^}%zkDorP}83JHJrnxT=U1 z;cG3#>)0HNf=dKmXkL3KC_o)%XX=3&Q`J0=&9h#o?70{Ap?rGY~ zCF80@DK28UzlB>iE@~B{fhzRf*}X$K%f)$voY-Q}Ch&_~c*DWp+yRE~a3BWbdF+Pw z-~N#0rCg%ss=io%0BtV2^&ms51b_Vi(Ee$1TMD*Kfc6qobB)E&H?;uTUrcVhLwEa- zm(Ob4&KeGnWeDvyT1;WIV7&p4`-H`9urcMOF1&%pl=nCg2N_d-r`aa!Z;&zNo?4zI zw1LKy15Mi;XiRybskwp1l=l=RIlOLtxR;|7h1Eq#rfB=3V!5ekoeFo5(dF|+4Jx$3 zMwb`6@CF)P-tRyhWOVtXrN2Q&msb}n7S`WDqsy&KpBQL#d4Z|9fkv0Vn|cebSkTR~ z_sDv^`9(X7iF*VzdpN0xv^c+hZD3D{Se;zJvJ6qq%CpOP6!itC6p$>l5F?>!+_$n# z!*Xe*Qll?B-OaKb6P(<9$Bk))W^wNWHXFa~#WcgS7!@%6t`F4+(PB)G?Ho_G^F1eK zxV<7P`o0r$u$KD+8`ISqMYY@?xiJT7xj*z`4$^Y3_Mr~Ya<6e>4%Tvi?8F?b<^IIN zObhV9+=Wg9f9l2@sO4Vk#T=yN{>+CuK+FBP6LYYZ`wJ૾Lm+xg?ewIt^&N{oa z6X!87WBa~=Wfyl+G{o!&I+~@rm{>p5u`HE|u{;&XU8ov3HLE1!-1`TRPRo$!`rdHM zKsEnYv(8B&Ss_fE@sVAeuCa<>gPuLAqe)kvHh38UOU?^u>x?3=aBBxh_tcOUi~~)v ztpoX;X&|i$&8J{)z1qaGO4u{6PU?OF@XHWx7-VD~CRdxM<}t~1$L zs*`d}>_b!Sq<-D$?D3i2(hR&^1=Xwf%kZiTl~N2Z^K7W!jkw)k$FhU4 zSbK=s12nYo{E4teG%PDD%6WM#gk#l{vv#3-Qt9_ynx z0*Dw1#NM}OeeKFZc~~bT*AB4pk7qco@^G?t^?*HUD!bW+(blhxfd;fSo@tBGf_D~C zXS-QLvIB+KG61VBMJy{!#6&u~h-3u`F%t0Ji9S+jjPRW1@JZk&`nJB7Y(3Dc(Cv6f zWvAb*^4i`eh!vK^UW_`-2j=ptlok?7!*uIEed`#?&{IpDNV5Dwb_P!GSrrhIm1^i0 z!^qEmk;ji}v$C=yD$(PZ^)(qv}Qj% zY=mL4p3v^cUy4ZU)(1u@g!HEZ(wdEfDGip{fqaaW2P>JjD5_i8wNho$axQY=)9e1dcImhs8)nUQVDoOWBbufn$MeMfRb(q4w;5VyB9szfABpK6 zVvfLiK5A*xat^sSdg`NN$s5=6uD@ojbj7>*RDc)}+0VFTKNL_`C(3^85wBRbp4@*A z;`%tteiU*H`|(tU#}n#de4|7r;n^LV=4QrSC4gAQD2vqjOu)o6%~p=+IfdXijk+$D zmg!2hxyCblyAvUPisun$Zyy=eld+r?@WyM|_ZcJNE8?iq_$ymzAJ4jmPbxoz^^2zLkL%Dob<^#~XFsB@yHZH21x}=61}TJvK5o;t-|W8$doE>dP`i zG{q^$1HSMWo1rCAag6btZk<3i(Qo_uBYxwPbFus#M3`4QF-@_GS%QlC!%jp?uu(O+ zL(?Ql)?un*jv&TdY2gJ+6!^v6HNRkX5u^z`|A9HX(X+=#x6ba^?hvP3e}Li7c|xgT zc8+KYRE`Hc|EkP z#xpgb<)Hl@$MJIem~kX6l^dGsJRwDJjgQ1Qp4h=#;!nzO?BS7IFCK~Ux%cBUoVix1 z-d=390&nL-v$rQ^Sgzrbm=&^vS>Ep0J{G#O>d9WbT|bv14B8HMWHpz}*{E<^GZH z;qS3p=+ax#^VLS6bs}cJH_#RX-}yor`L}&6+x*3`3)Sv_){zoAJqq0JMCXdn;aa+< zG5%7l-d&lmv=ZaEO3n{-3xDYIW5jl)+^IH}{SLz%}Eq`&d>Omf8l|qv`)|pB2S3!Cdxm z)e&bIR3Q%3L!M;g1$zjp?tXF*OLU3`_~SFl~Imopkxm3BmRFmW~l@p4wfA{U@X#1<;Mb-<|BGN&Q7 zDl7Evt_~;VhoV=Ba}Zk#zem-WzmU3o9Zbv(Y3{Y0eKIu4u2sV%#mqc@z!BxT3~Rn! zDYeSWNgyvY3;LXiRoQL8iJ5_!WI5BBGjxfOJk=)O$+D0mtqgExSIJT6k^plBTWo)* z^ZO;A39XT}8N|eh9`E8T z)5!oFQ?@x1gkwM03b$j#OP3t{DT?sGKe= zB2lc@17b{0JBvu|L2{~PNW{lB2{9*N5tH1PvX3!RXSb0i#YmnGnC}yNL*`pON4AG= za;pG7wUSA&J!qe*XGkQy!RqSSSq;TV!Iq9D(?_Vl<{^{2$&unX-@>Sa)o(wV-+UKOLwGm0G1!v4N#Nfim3T4msP7Aw@)*J>P*y zeN9iZ3&T}i$Wmma+57QHu%THVW=7DgXVP~%MV;IFQ4`ASlM`cMjMoF~LsZYI+j7d7 zu_@{XVtbZD}fmlpEdPZ`9G*%by(V2iZ>_ zdg*RwK3ZkpBqk$CE=Agn08)~%QHo@gOr#Z>fe8r$Kw>wRGt_O$@1s9 zrKV_>>cnx-Q<)r3e(^9(ma}ssb35YP5##a2V+r&0+&-CMiWx3bPweCK*3(=p!{rL* zk>~ZbIJ1o$!ZuN<7SYUSLtml_%@n2>%M;7Fa(=kM%o3yA8$4(y5!yt~Y>I9%8b1dV zesWx3F}re>eO$XZkjfQRBo8;4`bs`IPY_G5&pjjMX&b5>59ssHc`Qxw{N=0Zn0qpzU*?mz zqrj8mqWa(hleHOs#WF_q!8vA}umZ4@8>(H$a&8oSCnh&fMaX1`-3Ki^Q4Qx}PNC90OE&FUmcGcxJeEIumn6_pANR!t^CHu|_?oDXS<3 z+}4t?ozSFsNTZuAJbyxy;-bBlt(J712~Dg~G_AR1(OZ-ip_C?Ni;xfUv2~_2F|y|j z=1j7u^ATrvN|Vdn6QNEa{Ik6Hj-)0=Mv?fBmdpnkiGOJMQFtUqrSQc`Kaa%3eS-e#s1)#7Mws9^Y{Yd zxl>!m$71!DfaUiKQte}!iWIX1z1P#7h?XklwhA!slVi?~&zwtJ)7z$89~j9ofk(b4 z*Jc6J6s#N(=yKSFXbD!VOMrNI9s_14woKAl$&4%Ph!H^)_*XtJ?IW5(72^Rdp4qpY zoS`LBu@={R5Kp5hFkC>K+_H^^{BXTPjE!a#ukv8qqY0;|2l8CX9ejnt)j-X$Ul+PfGz70Tiu6c+#uLtNaycu+B(L;>B z!BYhe6ZeO@EUYjla*s^J-sOqWr_(RE6Z!>?p@|e5O%t$;1% zh$fylMK*W{H=0khpHb-KoayWDy`(Sm!% za}1{T$DmTnMQ2&RG0E1S7gM6MeKfx9DRDT3oSi3^@ZQkN4Lo|>rMgh<7$3Wf83K7ey01feufs)9 ziiRdcE4kN~TQwRGS&1X6H1FD%W~)YNqttHHZSxfK^Gq1{W~p1`{K)yNhq|OlD7HK& z=SE0W@2sY87#EETpTu~cu8DW(E-B(w+wCshRAdp1s=aULh>d!Mruiw$KyOFZd2Wu_ zEVbH|q}vMJ5Jo4er{uOm#iihFWd&XLR-8Z>CYT`fH18YP~T!0dU%PH%qexuhA1^REv6rC1rK`W=N7!N*Q};rCx>E!2=GuFQ%${8e-(-gxbCk>mK$@YGUfgc zxZcBuX_t3$T+m_tJ)e%ZEA<5~O2Tj1L{;8wzDtqe)h$4&m!LDpIUBEXaj5Np%HVBz zlxtV(OSMX`#)}aP&fihzobUGoW@jyOc9EaJf|mo`{dm?5j&WO^@h%{FL5JA@Hw=_ z{0JLW1r{4t8p)7!zou#-iqi9YI@Iy7WNkpXbU}`NqN*GSk=|xY=sLLCd@1-vKUD2K zGL!2R_?_FwW>^vY9a+e;d7{acin9LE?X$Z0#1?`omB$r1C1YpP z&Qob6u(Lw3?D0C@?8tPhx{Iy`-x~gw5134Sf;;kDqGPio$@Gp*^lH2=SgEa`IQ9gS zr%SMMO#=Tb^Lby+aeQ=o>on_)bUgAOLAP&($hSW;=)~6Ll=lvg|8HrHK&#t<`?aIZCzZ@u4%RBD%qi z7`NgCb;_5uOs*Km=tDuQdK&L!Xt633P7RFm-kYrK6SWQoY@g?pZiHGGU_RfC8D0;2 zV&Rb#i(imoI*u!)-4p86%2_SkJH4<9VJQ~MXfM<_d5U0h-GEMMUSuHpOJFfi&(;y& zPq8kGJ3X2D%3nECkG=3$@h`TRx{6;hOV8=-NrZUsEC%#gqQY0s)KjJK+$OPbJ;_s! z3gml~iRvtRrSe_x;mOt5^Rk+^C*Qp(c;$@2{>e*pi*l5^QnqN?_|L5N?6Gx}x>7V$ zk=!!NnFTc8QHvPYV@0QvPP=+!P%Qhn;qPstx5obCkT5FkrM%H@@Z$`5JIZ>w?ScsW zQp0wmMF>!BzD&mi#kE+no+!c5@V!}W-LqtWVI5VzXXn^F~h#;Rf^$ddwYB{dw-2PaypjX&(wae+Kh?hAKtzue^2)yLWy1gpd^3Cg$ z;}6nD+G12xTfb80NsX@#CXE9qqdh;HWc1Pa9`{2;#hGLW#!k|xDmTO6h+>lcYAEz zF*`mW>o?gx9j)s_ec0=5S;y%7K(BD9?Lm>cKU9G%+qpPy2M8En;g)fXE)bx;!Gjv! z2_g^rl1IC7x4Qvm!QV%sn@I0iK-)etnnZhh3ruGIT##pu87@;#<;HdK z?OiOxfE?^NKJBF1A| zv|Lf{86YEXC@|zJEJkOiC+QQJ#JV;{jtb)Vv(((X7XcX6zGzu0RaCp*Snz&ETWnS7 zp26B4zKqu<8WZ_%2s!vZJQRK2X-JsjfgTFv`UKlDe>Hg0RcfUghae;5No9*pkB?N< zbKi#ArNzK69Z_BNR0o>zQJ`F+Af7i1e#zc3Us@X89sW%Phy+uV|gXOjbcJ_5nVkA$m&NnvxZ@~j8 z?I$ZGU3IkM{Q`e;hC}BgZTYjsKL%X>Xm! zCr%=nZYfl#iffbZF-SO1P&CzH<=z1*G|if>sv zxDWxtD^yg;JWNe*dKODa%~Cr!?|MA`1mg9Yf~6{RDRn!`Y%&I@)c4W6^M-=<6lQb7 z0^PeAYN3GTUu;D3MjKSh5`FD=WWi$SY}dS=S!|uCTKh+l-#oog$GJXGp2$Y`D{!Oh zZ)0R%&uJ>Z&%VEo)@{bX1JQe`;1k_?RIl(v7~ZIUq>UQKF96dIxiF)62HL0jZ^2r7 z@2A)bm3ktYN}s?tWb)}OO{KY~7)~1u-9f~NptpE;L9UEQJ%t-o90gF0`cKX?*}i4- zkWNpIZ~_q$2TD+XVYj} z7pIsZu$BYWxuc1f%$_|GtV2(=$Q{%HebnZBWtgwn*C|Go>5XbPL~+c}lIkuUP%2Z@ zXP=hkjCBd&+2o{H=-lL48aKvT-Fx;zrze*u$caOIlQ_pT=C^ZUF^c{`1$B$Qwd@*J zPVaU^v0Q=YpPfa~4avyd+)TnR(OZX!a;btG{MW35N)gW;pPATvegsS~bAO{cBPLC5 zpci4bjL*)+nDK*I^zm7i$nk>vZ(yfyve<=pPpG$eb02Sfa&+eWX_q+VHUk*$>04=r zXbM!02khl7HbYCKVlM>Q>8%=GGCDOmH$E9hs=yOZ?prBIHAfAXEQoP$b2AN>u4fL$ zr_paOVxBv`jUEt+;s3yXew$6iHYDSdDWWM>vHgH3ex-w3 zcOll6y2bVdy!PFF= z?R^%z2pR-6!}|@q-W|XWk&5jG?L8cs_3ax}tB~G2+-n*n1 zA$4~W`>=;IcR8(oM(2gJo}#nu|m+B|4-_ zv{j*ZxM<7I7~zT$fxirU5M#VxfKG4TtV^{`ai5-uZw2nYq3)!wUvum2zXjFjhGpnCD)jl{}xL@xr1i!28sVn)Mc)l;s zDBEvn_w-5qYH~5c`(U1Kk9Wa7(wAP0ZUD?q7yI&4!zGo9%*Q;$mVvTuw{Ml%qHA?N zxKcwoXqS#yZMVCWeM)tH^u1LLedi73`HOYr*m)jQr*G}YHI{NutuZn#u%!z%TT0r_ zqF-!F=(VKt`qRqb?iEF|kM{jBxQ0M8yIb}U^GVF(b$Oam%}}M3DcTBswJurvDK@blQANMAAJ3Shu0Syo^29&( zD+@+aqmy39)Hp2ecwq|hEA?gCTXoePf$voh@z5zFpEyNbHTEU;9&*J2po8 zS_#Z8UXyv_#-!Q%YN)e1j2WukzG0wI>JLQ&IsfFom2izQ-)ihMKNggGJ~$)$R!?vA zVBU_|kuBqN3ERxXlv~zZhY>OmIRO{bcS*Vg_ju7U$Qmjf013o}crH(hRYSvWGcTEpzZ5RTwz8|LuNu$}RHtK;f10nq+ zLy96blvfT@v3G)A=@=VYA36aCap}$)PBP%F#6xwo7+Z;+o|@;FhwEr_lr`InjaKLj zRG`cX5w_@P3x@>(1Az<*jsQ zokdTM2fX2(s>&jMIi5*R8W|D0pQr44cOE6Pj&XsU9q@m7WqRIOYlf2LQhPZuFBg{U5JZ@(RHa3D z8x6-lkz`mX|AZC1!A4f->w!GG>dlQs_6Q zXiE2s%*$<8lWPiC#xFA*y4JJOqP$~^PmTwo$s(T)u&#=DNhNgC(lZ@Ak-U3jW*s~N zTBt0Rx;47eFvb)JbsPt&oUV9wh+YzY8zt(wZ)u=W^rC&^1yihIO`?6k4Mn*QT%Hff z7_L-S8Z-~0JK1;Y0ZbfGJQ?V4vYB6HUSXvHF$$Q4{p4pKgn=OUH`6twTp}S zIFogNc%6wDL1o;^(dpo=^ua&zr$N_T%8dbT``}{K>~ddb?|@8br}Br5~{TSRK!U}W+#V|snNOd zxrDYwX`gX`4FB9mz9e*BjlKo@LONefNO7%7=-dh+-HAnxe9*|^REoYb}4xV0kQAK zv`+GsNn%c(**|}|^zV$5OG#o@XiH#$_ts~(Pi!BjM;&X6bX`$1aHkfby;JoY3XR^T zUQja!J?V?3=;;Ue>+=-@ZFIYF_$rsAr{3f{@RPnI6*oSj+MtsY^3gu z6(gZ4V}$Rv=-Ei`lLH>{1u{cc^0L0(dU%%Nq*j8yD|&cejy*Jo;-q*;Z@=U@)a=Z3 zGFqyY6Qdm#>kT3OOheifsxeQj=Z)o`Xh`K6-xO_+6Qoi^vyvZbh;)-9P4&VNku5}qvVM^@;O*ek6 zV^-_t8n2ik+5`Q$juyPTg-#)Vm1C(}i<6OLrLmAq>Y^00Lx{gI5I4m^^w=kFA^ajk zO!sQ*jf?Ba(j+Z7wMxe45OSsFcUMzd*g|TE3NM_PojQxrr!uVxioy!Y7d# zR(LD})5bMLR^gG%)9vss+vjs6wWC>Gpi2|y#k^FaSTJ2vbv8LV}l>)?@N6ojwAa-e_yaL2dlp?T6j_P=dl=`YplyXJ^Vf> zbk1~UpINwUK$PFnXN|9-NG7Q+WT=RhZtwk|dC*b`Q& zvPED*h3w#K40ZRjiOJqkMpKX!n`k*Cj6v#@BMtWp{HW89RcfoK+2YGGu+H? zHzu8SiFWeJ{0V*_s^@#2Rpc^97g5!t}l?0NoqwuKnJ zPl9&H=2QDodSpK-mCM~$scej|yk->yx{K~+2eYfPo209& zips2}TajyaRTiCeRb`Qx)r$xypn!;ig1d;KqCUsxijLxffI828Uk67NaAkBHcLpZn z=Dj!X*?#X6pL1@$Kl86|Mw~ct;zY!a)84g6)6HiZ+ndu`%cWFubh2HpbEyY8q5)G) z@AXBUtT*ZFn|3~jnOOuf4lg&z@taM)w&fr`n{4XFYPbY^T#P4BsYC}Z|_eN}Bw4vF_Gnp%IGE@kf_iFjc>Pa6;|9p#`F zdjibp+U1ix#5_N6uI`>lx}mx*s%)5`{`Q)Ak&&;cW1n(uJTrA}4={VClr+uD9PDj`)=Ymx|#lnrlrb1V> zY0+UG`Hz0J!yin6AMH*3a-tsZFTt;v#C&$7CmGIRWA~uzt_Y$rdbb182uybG$U= zL?5Ago*igkT%{2QvoAibQH$OeM`^r4?2C;#E9JEevoBCS;Qcvb?@_{y^mf-;dZ(ne zNpT|4Zii6_WdUI~6-LO1EEcbVgzJ)`{6P#~l`_IZlx5yK0%z16B zx?DL+wL&9GT6CAhP$(|H`|k?&h-bbMjoR%{XT!p* zmH?4U3!E=-MuxQaBrMLi0{R*fo1KeO3cFAq)=5md0$zE?Z4 zBuA0VS6aC=356QP{cEr2mbeCx{WIc7=1o>|{2+zJd5N{{IFF7aZSQTfu-;P`F`3^% z_dXB7NpYV|@@{j!;ca6mx_Vk(YI?DSdxhJL&LR!-_pFVgyw$;ZS&hNs(p5#BtwVYF z3O?)KpO=cy`JDCmc?tCO&$IIqGPP?yr7P7aszP3A@WR9u$X+hUYt}!eaQNJV$qW2v zp5(Y3i?s=M{jqr-#}VOd#*u5_e&s84YN*%{NcwP|8GnwjE0Cu_G2$6{YfY$JP^K4- z+M0tC#|&tf+-;H8vN7dMM~uWBQ*#NkS}WD2s??FTcD&%q?p+q5>14(G1<1H2SP25-bkj@Oj0~ULVu2GH(LiH8`i~XRD>us^Ac z%aZbn+DdogHAUpp0of?v$;poF!?9#dA9iS&Www{`r27Zmh1a_1mQtRSi|#4kap~JA z=ZUGnTl~R6)e=4O^>sv`eCz*#jp;04h^2K{7U!LxVOv{E5kt%bzUucjX#@3AB0K(y zjq50&h~))mY{$k8(^CoT_+}fGa|`OVRBXp+zCp=mP1N70BE`A|H;f1jaDSVY z2jB^J*tmsz!ozJ^F4z-BHc1Qhgs0hvVLT!5O?M``?bqj{>A6OI!TUZ3@&P|JnIUdh zfcWA>w>c>T%w$0s-n~qs{}}_$(Hj%qrd7*Nib|vF#wT4Z$l_B5+>+m&Q2F}iIMjm1 zCy&q|kEph(7LBZ-dsAHausruBl@MjIA4NkwQle?3QWA>29-Slcm6)!EA!Kvd4A0wr zOpe&3+L7;zEddini8gBr;Nq0jYConoq#i{GxA%7|`mO$vP${Uy!$hRywj; z{2J&}QVF|l?IQ!RtvDzL6XjXS+RadRUAwi*`XrK=2X?~;5~-+#A!-c7%WTdO2jgW{ zE5yNgnf(oB5HACE{c*{D;FS!y>(QPVO{_IQEC_C8%MuF3fy=21#6v>D_-w#DHqmCx zY%O&|ofGJLv6~W`iJ8>GL{C)vo`XQb1M^z#(ZXmIc$?4UnO$;mVTiz={v@wc$KfmX zr$DPO>+|4~eNrZ}o6B=d>w|sr=mM-^x4(u|sEp_yAL3?)I{R=Pjn3ExLm1NbwF? z?YI+jukq(O*G0F}oSeOYpPP((H-MJ6o`KAFn=*4Az*}Z?TfNL=#wnE|<$O4~At!o{ zztbq%hVN5tn3;v!@JQm3a&i`K!(UKsnB^R(4bPe~7jDDPG?_tc7|olWN|;8to4>ZXF>}$t;gWs@f@eAQowY4X50H=)y7fS^=3mJ#*`UP@UalQAPGb@v$6XWAr zkwhvFs-T^(aH2KMuI(W!F%k3;?ZfA3CRva-$AA?cqskZH@A*4n5nj5sWr8BG{~ZM=cItx{U1TwH9W8wFJb)J=C@2 z+80e=*Al2=>j8S*TiYv43}HE_hx|*L#b(T?vrRQ2v7{h#^Ez!ctu0Yh1Wu&)%dH@3;f>guGRw)2c3cR~SIH|7II6?qTw@Twq6?oaM5H zV;N&+q+bo>cH~%D{^I^^R#}_=(=Q!W2L7IRFRQFeG#TGJ=MJps?Kw#~Y7O#rEx7CL z#krfrGf?kvvQ2s|#C~>!PR(EC?pzcRME)@d^0zB=OW5C+ert#-Qtz-b1MEql*LUWa^ag0B5#pW&VuPRM)-kaf%Z3cOl3!AY zG%1>Wz}(h)XRF^zqTTp&o!Rw$a~Q>USLW`KoaGM^!-5;+y?N>4eP~%i@$N_Z+{o{j zv%l$m{!tC^exKt^=8DOAX^fS8Y%)Esg|0zmdoa~zLNmrsiD{^gu{(c3(AT78;lz6n zM62hh>&7|%<(|9Faq{vvA8$5+E1rykMwUAyh0+6em; zee|l>NNBZc-_jG2Mv zgE)Nl(X=;S4cP%EgaGz?A-lV?$o$n6mURx`VL^nmXWuhqmKC6*+HqcSo#(X{{j#SG z@ns5{IrAD9x3%R0di_y#^zu^-NPLZp9HIviM9c5%pD@|l`kpfAp7l73Ed@AffM#D| z(JcA@6-C?9buMlgTXJ|Oo>KR+^yVB5mnUmcX=;-tD3V(*$Vl9pSy4vRjY!S|R{IT8 zLc@rp=N#%)__WEhq?|(%|F%~eLBtxJC{-pcizp@noqp9q)E80A16Ded=9_y~8cS#_ zqS$KCo$K+L?-{1ajTUvvX^!0B{hB4r>8g~oz&+s~RLKlAhFrIQ?6aunBOZZi z1_NU0P&VM;H2)ZPnZ!hIZKB)46HE#HHHvNv+$j{_V7ZHCL%DY5_(%xrL>}$Q+%Kdv z{iOu=liSleVcILSoIdT?PLq_iVyM_w0dpUnxgwrj=v`q#*1DHsJzN1X1~iIy2b!Sp zM1|*{*+EwGB!%S~UMgNelyAv0SG+gqDQoXnJ&-Qd4m(`0RgDSf&dVYZ2^& zLzLYf-=uh!rS}XG)C+W~m1!G4C6*LKqWdUXO*~YUbKg3cxZ0B%_EuP|{ z8fgzH6=i$&by4j@QN_Cjy*Kt$D?3O|4V=tB=*Ru!eG+Sm0#qU$apPgMwm(;*0cP@7 z2O(~&XyVV`6+f$oS5hlNQTVqM`R420X{~G}wj1QppQhN25#Y#Kj!XkrS-z5G=J>3# zToA=H6s3OIq#O~bi6z%Ny( zXY#&a!7( zh#YCz16k<~MSk`m2YII6^_<&{X0adapxR0iVrhZ@+m`vG{vPs;Es^d1FN>W1F(0y| zWfmfz*~MGZAr5k}mUO6t8p4v$t>LhY8!F?B&e6kFnqflXJp%5SM`Wzg@$vOj6P!E< z@%!U2}&Qg%dKFCNNty8Cs0gZAg z0q@y5Z?-w7wEzX>9b@p?4R0RUFURUUZhWQ8aFHGN$LY)v^T-7?P4Uhn$?b;qGwZtJCrfwZ;i@hwaLvWyq0=g#6BLgjqo}o`)OHMh*fT*bxg`e z)ti+zxsA|XOayy%m5peI_F~II*`n1pCI|OsU?k?EGxY=)*A^Oy$tddWWLcD)P3d8_ zoaorS%V_tWXp`07M>%q-rq7dOnR0v(^ClH)@1LbtukFUNu`_=Q=u zBetWAXf0=n?Fo^;56Ff)4ocn$$c8f(lhGaHRCRrg!oAoJgUI(Zm6aCmO>+`Uh&mxo z*Ql1_y_knIdWOc+%lBf9f{OZcR91skX>0M9GSMBlq%uRCqrm^HQE74U(=-^Ve8>w7 zo5c7{mE!%+2p|XWKaNQMNIKWbCb>(67pur(T?6h~H`fqY%0)K3PUV^(Es8w?ii|#% z)hy!^ExswX=Cp=0F%i|9Psw@}W1@EyhWy=`sxJNGFObQtsI1mPW3IWNUGt@Of~rer zsXR+sN=$RqTexHX(yaR-UbUD;jYDdvCAJgvHTK1JqIU%!*~@xWrxZP_0!lTCDh{I= zi`+?hxEA-b@|VgqKA@|O*bs9a*{^5OO1?VNYr<{L>||#eCeOFp5fSjK(HnG$+YS1X zxUs$A#D|podR^{}9-_kr-M7bdx#@k6c4O8S42gFTI!VSe?!@}?<`DhTXzxs@G=Eu2)Db~GlkBCY)4b0Uw0=ujS5%@&qJ>#M zbb~!A%hpazO-_tg%RJ-M(_T@LbOAgPSJHB=#`Cly-BA6a=t_wt=& zXf}2L9kYcnq^zH}$;$D7KD<%vbx`bevx{1=v`@C_I7l3Tsv2LhN~RXA)*a|ML=fzKy1Y{wF5T=)1E0 zk<5=?5!Jh0-?}yO1aGqw3(qdS!_D>1E+Ki}|1e`cY14MdK=$Qw$regXj?-oQOUg$s3_m6tZ-7u2(XJ# zTzztOw`OUJ{s!?J#VZ-*dAT;hO|z<4P-e5H@rbGDF1<;S&@5v}Efqxv)5_XW%tv1U z&)1s;zL0yfVxdH|IC-&zpfdheE6?iU#jA+&K5ut&4Hqxx0$=-1JJ<3lpj6Aq*G?%r zg;!PCEuI-o)G4GXM_Jy*r7ebQmueV&fp|vN#ll`z5B$U=hu7oD9M4r` zGeSPGwW2KL^Awh)j3K6>Zvx+`M9}s!hE$V?cdjX&cLf9O!n2jVK=+@pyAbS$=PQyj zImCWIvFv#UF{xo#QYGRw1rb(caEt#Y?*%He&~NfqXW!(pp9%9#9=g@m71_G2cs$E3hipWMFD<(UlkmD!{X(F=y^D(iXK;2ds zIQf=PT1-Yaho#&p-rKv0g@u@`0X*YmR*jo1_qe`MCi45+4E_2?nyCL^xgi}#DLi6p zy54QJ7DoIh0XyQOXOlJmNA8~8(=F3`pLC5a&2P~kzLxGJluww;G+nK%vor#TS&lA` z{YcJ(vRewXeC-EylFchp`P&Yv$u0C*weiVvG+f&h1*$wcY-Snh@`ITlsAg3EvkmQ$ z&t_c!eIogu<J_ndWjz$01XS>9HY-_i&n z-8Jadr8``b6E{}7J`_WI-k?=~N7hfHOWm4lPVb7k#s`aH*@4dAoaL(&`U*;$*PGfW zc498b(O;K&WQ`ld%Fy}#r^lwVB^9zw;GpaLXBRi!-2U_K9J~7n+FO5d&>QV`%e%(s zh}VxH?q3m?W;88!edlYTDDrPE`pzI{#AL{HpA<_TahLccHU?Q9JwjQ|$m=8uYGxO54LRQNJw9Wpu=M zhtlbLp+&~IR%@I0SG|tA8uzrfHKu5`(kCUFesxGfw)60Xkr z=zCFfk6COy)6ulb*;ieCO-}X5641Z(%J&hJ9 zzYb2bM>Ha5y48S4>J!i&dDud;w5kO41^1auK3VjSKY}t(&tm(Y)$nN+q+$wo<>M^O zApQq1_p~rWcmlK||0%1k^>j;~Ks8wTN;)d={L;eJnuP3k!rcB*wQ@&xc5W<<7F?~| zE7K>l^kkWI_oHg%PDLvJhzHH@8_6P`jpfP8+Rf2KX|l9|-8X#^YDv3F9e~}f zZ}FbAiR8ZB&gO%pZ3{=Fa-(SE3t7~q=-j*@iFYXK&UwI2WtVFyY)Iurs`$+OiLw1?1>24_(MPcjh65Foa;x$J1mwCIqh6@qP3OxUQc3J5FSmAlzAe)-9 zOUhJBpd^(SRlsY29DB@WL%Xtx>5dM@qsXGyIq603;^(``A$GB&w}tzmHoD2yOPpBW zAp88!PV0`$G_ZItBMZOPEwv?d6wB<$79LCbzS~ZYk7Ro*la!9WgSa}oH3#f|23h`P zS>zh?+6{i4JhF`>6-x=c=D8|0UQsJlY*Q$*+?7R^oO7nHt~@<7`qFd1zJznldWT

QHp|ZSSaDO8HX24M8;ZYQ)L*^OUt5Em)nl{$ zkbL9a>%H*ZfsV6_r%)ZD5iQ4t+`Bj=d>Zl2>GS3nedPkX@8bUY%`ax{rsi=hwHdS@ zUfH)%V*0a?=e#77FVr_N=v&cC`!vf?VX+Q@eZ06&(hHAbJ4E_xWNQ_Fo*p1Cg!-yp zpH*||)t8w#W!igDu};6jyu$)Ai*GRKVWu;#bj0INr+xmCY#q&%h16b957lfI33BX^ zd?XreX?8pMpcgR}oU=2T^$<14gaeeNoygwei)pRtj<4rL9j2FMD@U|6KO2|HBWfPk zj(G8&MD^p#-DKmr8R=@GJl_?N8#NZTs|S^s?Kpp*Mf>EXZgzlogpf~q877-z%h%fB z=eeSNrInt}v@w=j%tl{|-IUz}*utrQIl!A1DC71sokzL05dG5V7I&4R-vGBbhp%5o zYk9TK3i1^x>c@Jyjp+ULD9YAeVGsi^Anc)0>rNRs{S;C=F_VKT>(0Uz1jc%i@C4%L0f?Lpa3OU@@p~%}^ zuQGe@{RPOkqiFusedavhyQnsKfoifL&+OM^w8UEbQG8@PD-_qBaG zyUq8ARuRQsXQhM4IlI?qG8#oj22omp5Ke0E}9GMWQGRmr9)6)S zrIzkxl+9RWm9}SPywXO)g?Oz`aNH+`Xsyq5%e_QVcdtv%_zPnB9X^`#DSx!e-*Ye_ zZj37(H@IgI`wiLoU~$-DJ);WC@3M#@(5ywrt&Q)&|2OO9Oj*XL#h|jiQPrXWlUfVP zDvbAKi>HiQhb)VwLudO{S=}#bo`}0B{rmyS@omqdL5ey<<@g+XfWPy4Q?`1{%iSGR z5rgXV%?fj&)h*3ZK0yVBw3@f*yfuy4R$B{O!n2UDHjae)eCS!_D z|2Lx9!v*rL%A$>4lcpuOk*}R2ug_Bv-<8Q1V%{*))jdBC}NV;ZB@=?w{ondKsvB~A2MlHQG!e$r}chU`RbD)zVLscE<2`}G0v=U-r*_PDJ% z8a374wWzrOsqLU1+V8VA`!tqvddqY)y{)sPJ=QFxBHccR?>#29u@FF7)I;&a{+hCG zV`*o%tX@eCk0Hp8RXvhC-whUtXSammq8jyimh}x_Q6NIN-XzX6V(lL9d6FR?c(|$G z#`Kos?FtU+C!S~86p`&<@g8#c-ebt3-ec;yG1E9c-o93ImP_qeWv+1E>!Q22Q&9e0 zmi1=oTLJkfBHd|`e_@)QfT(LngIH?ht-orKny5QyHm{b7ms%Q%Y5u_~Yq4JBHmjt} z9P;!cXjMPvr26_U)L-{xlR9fTj>MLPPT;-GHEnjH9gX@n^HEu`ErC1o1tymo#G(#; z^QdhcDHWX#|7L1Y`we-U>NQ_IQi#CSMV%te0V5bi)!Bllpp zB9t3G)WW5+HX2&2cRD*-?HOO|0(-Mc(1ZM16BdIGNTYyx6*s zyni)!6Sq_tCN0%5lK0VeW{Z+<^aen)>-)kwvg&u5ySP{Ah^TfoL}C|c)qg>3e~mk8 zE&NT)Ip)c*cJ^b>%VAS&KZNlC~$K9iBwHM-Ttg-djW(XRe-4T6fzaJ;)&vbY)*;C(IBDcX(Ki)qtz zU+4zWCR(?rvTv?4Z>B{8YEM{5*A0D>{RfURQWDL@_kFPf?dT6?EHaJ&UH^#nQ-u}a zO)TK|*DI`cqto^8Kt-}WsPH=V?b=2Y+lM1E;jW%D`>dVOwEod`NYeS4&C~RQ=FqgC zS44NzM>3hX);qnm)tqin@obLf=Xt-ag-PDHRjT{HdN|a>}t)?VlRm#9mmXh)-}!szk0wM_p)t@?)Rn_=H$9 z&FxVTmLr#Z0I{~Re___rB6X51QgPnX{vFje{?6%+M6Mpky9NPHxz8n}`K7smtk|77 zUXT?7*75m-)w!@8#ySA&+{Egsr#lD>-GP_5pPEkX-W_;Nr4|)_OH_!(-+^DG@IvGi z(7E>_VPvE z2Qig1G{NizbitS3m^!wxZLi+OWBVatn3T6_(MCKYe#a&f3}&Z6b;_3*yvM72?K9wL-qs1{KSR zvOeEY^txqNSAV)jOhZxecNH4HmO!6t7)YsBQ8&vaS@b_uJ9B)pQrjF=#@3D}mjOTT zjU;^_^EVlHeR*@mw`K}_>dUj(W~tkn$g*mxi1O70r{cR)8P}AmmEmZ3e2mPsL@vm; zzUasZ9Zvi5Yw0c-E>G4fYb(Q4h@Kc9tqfPnzEt21uIKOm*y{~%s7AxBg)R-Ysw~WU zW@FI};Ice%vN7FgE_Nrm7}(K16%nr}x|Ls$r+R0b(f-&iJ-3D@N28Gny%#$%?r%9L zp88(udq&QruAln6)_5bie0kR7);bD&_%C`U5M^zh;1X(tl`Y&icMS zfTFk`<(c*}jCda+JAF)gCXQ4~(ZtjmI)Z)e6r8}vm^5<<#quFL{c9TC^yTxOEQZd9 zlQJ(u`m9zwd!*1E>c=@tvAJvM?nA7Xa!(4M?&V?DqqkhB?)e(-#pn!G|!p@+FYCf?(62)dWr`a_wKk>aK^1cUxSmHh0 zdk{-Uv`V!)Ri2Eh^s;x!H`fjJU^Oox`Oh)xpN%E;J#9h0q@AterdoMyq&yPQ=^jm0 zOY5|BoBYHDwt9Pd=MC7qi}vCjHlFWI7ijg$)v3rAMuV19p4unOy2uql}IU}ky5RsZjO*1buWWg9@DOa@?8P;|I^cYWpDjR zKH?Ru({Cv<4xd>bUSFNsP@GQhS7fC6kGX_$oq}%?rgWZhc@bL-*b{$Kw8^!+;et=a z$13vGD#Ppb5|>y$;J2?*Y3oB+C;DFXJ*nRwE7z*SrHOLy;7?13s+r2|2CU@2r8lRH zT%A~7^8E$_ol*DLh!s^t@md0JT1(HUOu|j8mY?LuL-)gb(p&G?IGJgAvb@%hg)$^R z$#mK1cBbo8AffV_iVJEj_j1=4M~mab)rlxh?*N#tjVoZ$F_`X#Ua8r9w zk&kKBTB$bW89|{~=If~^?a4Pest5b>^#j_RNb9jNZJfR*(?_9-cOLMf>lGTIxR&N? zD}c92(IxSws3Pji1HSVC#aehHtf5T0W-Rjc1HSAH%5Gqy8CHl_5ZKErHH}s$bn_I` zfOKCrq@x<4c0CjGKpc96Cf&yI_2rQeHVQn5U>%GYi3 zXp@>+FuR{3WJkNbTn@#@P2`{3s~b0eLr zdNZZiGST$V`&43*Jui)o6rMr9UnNu5NM$1KR8vh>EG@Fx2UI2p68caNIS<&-FD$%C zi;!Zwb=1wcU+kAAGb)eS3`t5w9`08v)o`a`mLp@&-(&t-W$DgTzJfrTJJP6(z3GYl z&X@r8L5GBgk%X7JsD;XUX#SKsF`|^{#<;>{UMHlhi9FDs(_W`o!z$HZ%P3>{Ux@6j zX|!AZpppySEq_s2-g2RDa=ww~fG4ubWHdpQ*m2K%7mDP*nOQA2#cno@RqhYK3H@D_ zcJ@?hGyoCJQ~PVm1(!Gh!%U`JMxb4`tYKUIm+#~aQ zAv)KP)m)wCy?Q-zrlS#C4chP5YBYTlO4kfY_M7Z<%=&bEBPy^TUYe~~Mhl=zRC{@u zh3KtMM+CrqNWabWX>Z?@t{sx?!IVWMkbbP8E}xhO;?w`I^2`MkGaXqI?q2(yovAOO zc>f_k_WL~3zKn7nknw{&ZeKqP5Y_^+Dep7o^Y7+#SSL>{ zJT{G+s++tm1=-|~!tt*3fSl}>v?gDx^0#$UlcixTG?MN$)J1(wj<%t?E~;#Zzdl#D zoOlPI@3GFZ6GPY~IFTmOzDm++PELQ@ba-pd<3BUUG>XY$og%N&P)PxFiK5Q`&aEKH z<*!4>y78>P?l=H2pvo+Xvd^TXXi&>)Nm+3*|)M#V*dt zM~xyDoK%~rvh+I(&42xnM!#tzdaog}m>;Gm&=gh1d;L?MUK+g|_n&EGYc_<5?F32n zhdd`LjjkInayoTA{VJEG>d~}dPi&PSy8JIywi*q?UNcqm?Jhty@!Qkrt0&*oCQl1N zcgo>3wv1Wv#~39Y7*d<<^xKv`Z=zK3wH9>F{ZU!JVams;>Xb@{R_;$KYf}5fM7-zF z%Kceqh49Xx_v|kQ&qz$mX{VmJ;v`=Uqxj+r+`X`sUXY-N%6d=~mBU*`FfU`EyV7Sf(x9sP_hdwOxm3LWz};*+*DmR$n88iA-=z=(?F8UM59GX0lV8jm z3Pf= zbvXg?zC?cK(foB(yoQ6C%6@w4cLp$({fu;93~VZUsZSihRQBD|)eAPW5!uS)OM8iJg{Uu}^qfGM@RKty6JmNfstFC}ET!nF?1ymGi>+h;Q`xWQ z>DoQkfTprvmm>~h3jBdNURK5M-F3i^y~xH3vF|_?V_n~3`kxE>_xXc6{vCZOt)E3n zcRBJZkM2u1kg4oTCQo-_a<2(ap>uhvS-b}aGnM@b=^c9@Q`sL$V|k_xXe#@}vol@Eflg(Ad|H1R$W->jQp@Sn3Z5YTc9mH8 zRQ5SlpS>yR1)jktrdiJ(pB_S_J37~ zMNehFN2L`$mHh*$-_9n7$6o-Yr99ug2v%|=y*Xv%qNlQ#ZNvhnvY(m8Q<;R^Qm?91 z8V{qp=#SG|?*OK_15}+XI-&zAHW72QZcW znK@R`Q`wjLtN~1Ae_Tc@dMf*FDyiV9>`%~W#ZP75TO$@fm3=>rXfzv$PjwVe@2}DH zWUurDLQ~n-rSWvZQ`yf{IK@w8uc*Ajr?Q`A@QRuGO7*J5X*^PWZ$65IglCfV=A-o8Svv4UePn)Crsu5X274VQVr)V^{2>k zew)?@dUhJDR}6KgPpb0i$Ax%jAP;a^+AkVUMei4PD+{wNv#2c9ESie`5=8cvd6lEK zd^mLiUF0D9%Zn;aFLF`6Wku`zVi$FxIpZ%cTHi|$*;{6`zRU9Q*1+BucvO0Wi+9o> z-xqi!?H9C>y)}&@+lN)MwUZIw2F_XQqE z>wEtn-WRxEWf%Uwz@3>duncq(pWi5szOwhV_l&b~NltT|oIIocDvhRZLTP+}B&%jo zP_V8#P({2lJFPOBc|3}BiE_nPScu;G1Z!8z^l5KImaZL=Z7OB)T>4C*eicjPuQytG z<^qak1bvw2*qQng%54VJhc@Mz_GOgwfQ%oq@l3VKnV{G76IQ0KR_RKjF7MgYs}=sf z!0G(H0C!@>^Y;hwzQAqiNz|YCuWm#6+5sf*u33T#>66n8$3Wf}*f&SZ&E5C4Nid)0HajtdU4pMupW>i;`!R>N=Jy2- zOZ$XqCH-f6qS$Otl@vgi=$82wjpnUG$GY+R0(a!r&Ho*4H2HN=k*YdjDp7pKIp!D~ zNOFBtlgn_DLC=BBIoSsDzQEIS@)iHSz^N9R|N5bC?GCjO^^G82L$t@gpPoPid0$|2 z8ugj2jX|Y)Zk|*4`vT{sU$n3YY?v%et zW6PLT{QCkYr(bFHc?G{OaIUg`#lA1_e3ez``vT|btb!+jM+VPGOv^13M9?oVc)DYj zp5*8xs4KK=+P`lE?YQ$Squ60m@nRX#)03fyZ;K*hvF{5^8?2(=7no6q#lA1lP+69A zwA40Hjb>J%`QJg%d2qhYD%h)RHF(8(m8QY-_9`H=c!5SM`h9_I3a{Ar1?Ci1vF{7a zD=dEtL3zssh2?D>;DkG-*R9o}i4oZ|v+98(^&)8g%@2Cj*G_L{a;Q19XlmLI9mJ?s zS~IFW&?S}>?7HtL+(5IM9odaT=_J2P;f;rzVhU{MTRki7_Es~nQN4Y>FU#RCpGr3J!h|*3Zun}>aqe(k@S=p$TpW2HEoacQ2n)Ty5zMnZ=+x!?H34x+!D zXpen^bF<_#7MA9tX16h~EunlrJK{>Nn!O~Eu-)jkn~m+h`^*s?JdH?~B_xYc$|Z7C zjrS+c<#~>|P;!>z6yv(>6&b6&wcgq4yRU)vzQ?iSLY5v z7gqxPeT-xNMYi$Cbn^0*a`+DR@`tfpJ(A&or9Khe>@SHq7cMoH8qsWXVMbl5kffcl z?h=y!3F+{H+&g+(juhgQME18Pr$4fbcD>tbd+HF_-}`ft8D=53Kj3HItB`j3#u-CGhebs5c(DOt@U-g5R~L^Oc>{&(10klvb|sMBh9 z8(KIe*Br37YZ94?jRUrE$2v(w6uRH(sT!%@TM6XZ&R^XzX-Rt`C#cq5k!UTz`43{6 zYx@+-MM11Juzy~el9u%AoR|XEW=FC%bl`jX0u)QXDv^c53c58$vr7xpDo!jDxS?K` z(zZ5deWh9nR_Mx9cjOQ}r2!uM`b3(gg-!^0fZmo8dA8T*mb73~zEgqTUY$tv!bZF0 zsW%WId@+uGD3`QwK0lI8Z)N+jP%Qa4zJF{_BfDTP$vXBe$C6)T>6kd6ncCmB@q86%`RTL_|bH+;P5Bx9Z+=YRi3jFa9`}C-55hYry|!JXGMd6GR4g;0au~(&7d@f!8gyxE@d7^#c}{;|aWBZwrL| z4Zua)TOjNgG43ny##4w4ZpIUM)8Q5f`g5}v@Ni!H9j6L{Z|7GJ;M;wH zpR0jSA)E$x;R#%Wa2ec)C-CW|7D(Gq1J^FHKpDLj_{`oGug4Sk>@DoSiBHV#@`Ek@x??2h|3p&FCqK}ci;(p`DBah@dU0P zus~R^2fnha#aVbV?k#Y`bBPRKa|7_z11&Db6Zjg^+W<(cmm%&#o}f>f$tq|@lia1@9$-C5uU)U2%iDMb}Qqa0zX(wWB@;Y z0Q?aC7+j7g@T0vgF2obKZAXhU@MIv}89#ce`4ghbM5~_7-R3$$-C%-;Y@Q3{T+x)fVvce&7!S79YeDcwj#Zl&uGV zKTfwmSpUelyTF5|5*Z-P9|Zn1-{LAffj^@h7$DAn2L6J08%*KJfIp1CuCcfUPvCEe zw*mb88}Ro-Ev~>5_{VIEci{;9Z#l)!HswV4?EQ2GHOhp*=!zr z!ip1Du5K5XVVWKG=ST@$$++4eH-MUtXm6}82V`HtMDXE;&aMqsRtZtly zJmsxoWc|Wn;>_k`YjUzZKGtjx%b-NX&TevK`DYJ;MvI)E^5+b9pYUPUNQG=sH z%_EugwrWX{4QP*Lq1g-W^jCK5vFY^%YTMJaOnLxZEEYX^r;Zw^g$ z%Gy35ES*PMFqr7HH}NNRdh1M|X(&`EZDTaX&1tL~-8ebos&bu+oZgAn%N&rxCFpV(Ou_eo_hRQbSs|&S(w~P7TJ)N|C3} zZE1UKxOGOtNXVsSdu-i!(-nu9siz=qU$C)_kFaVpby4Lw`Wn)Ds=c8#zA>7xrAX?d zDrv7fGaJ@GC1O9^nwT1iMbsKwdBk$V_;9oUS;Io?>`a?&C8Og*gIvo8#X6zn{6LoZ z0X0re-f3+Z-_&v+jj!rUofTIGrdBkCFesXVII!cA6c*{y&WQs%8=#D-&`{QsC`y^o zN^xN4f};zk2`$?>abPFHk}wq-(mIyWOjo#9np1PVK8$S@5UNrlw40`)h}L2p4=D|- zg73nQk+l!>luzx65%iv7m7xiM6e~NgmW*(F8WHQVmP}fg8Y%16*!uQZ@By2k7yQNt zr=@%uA3wd_65YwjN5h?wP%Gk#OXHj$LPz>A+*&udadZmBW^!^fdQnj?B1&05nj6tk zjWsr$GJ$78JLanm_{8AUNKn~H|FoX;schcDj4nk|zwG1NPfUygx2Pr+yk;(B_Y|b< zhROBGW{G31<MoZBiR^F`6|ABYp8|~o|5lJXL4|hfzUe2 zht9@u_{9Zist`!sBJ*Mi3l(XsFU(xXk@TG)=b4g`Xe<{zSZ$3ObKp!+ryZlZcm-r9BGdQO%#`jh!TgwPVxqG zS=wD{VhA>;Inio$WXW~vLg?9)({x_nOjv3a-@felRrRK{EyWQ#9^M7BBA&6(@qN$} zr_zokzBX6liKJ;3vY3T82O>#StKb9(Zj8h@OaC!br^|!$zzPE0<~r5HD0L%~7N{TR zB0pnYBWD<>c=pXQbDg8cByn`qcEMFYa*SM*f8-L1J5~nbBlWJS8DomyH2xk zXU)N(Av7{F+nkG$@|1Ydh0`;>-c+#D9d38*cz@&C(=ce5Z1VVF3iG*&0lwxmoo`&L z)buW^YWy4J`A%NguxnK+K%p>dgY~X4)mt9)4Xs9HJ$2>;`bcJVEM!!|s7-=V7z)Or zK}>X`vQ^nB9GSs&*n|0XPhfPzY4hrPNX)4ZjkX3=Eo>c(e|lL~ITbI_HPfibIC^vU z#gYL_hR2&DgJZ*!BZH@_dQZC>&5f#R8Rl2(-aP7vU``40%9-_AXH1NvU}4b#>z~aH zX!twrLA7v^(qL=#J#+N*B(ho~xOHY%=Pew6xmT!JyGm2NCe3fmO9Y zm^76tzCB9A;Fv!?Gr_gQLc!U(xvsL&)oB=ron5Qb8CTyT^H|4HCtS}lTF%+iYo4@V z&LPcJ*wAsbX^PszYE?&=Mm2?RqHm+4gT__JoW(l7+&9^!l%heK90|S+^nsnb)AT0G zG_@ymHr%l++9A_l_VYau2X>Jm0jE@HSjv@U6?h#=V^#@En_}eWEq@vwAt|**|2&A0 zlEo~79=)LvW>&%3`m@GIlkP{N^2~}W7PD#->RabhZ)C8;bFHS9 z4JuSLk4jou={-oHd+CB{sd5XC=O|xQr^!SdhH#WR7!YDyurA1Pp8Bd}zC|>pt%aA? zB2&Yp(87`h6K3Hy5EB6*aoToP#`UE9+zG^62-t|r`H@@ySCHX6m%%jGjbhGt>W94L942AXt9RnAVY7&#-J-t-?2QD9qqeg5dFbYl7DLA?Z4yc-FhT9LVDPO6x(@}_wQyAez< zDvikC8@onTouk#U4Ty6sqsaE2%vfZC;fo6Wh|guf3Js4&1R)lJOhN=A_CJ;km0O{a z3_*|v#SyH;A*_VZIqQ`0UEO;$ED2%ZJkL+~A_Wsd=Nt>oyfSB;Rwgv_{M;#Q>_|H1 zy(cR4V~WnL(8z=#DjJ^GHbXSK=u6GOp-7JP1tS9PM4esc*v>X<*6QamF5) z^A6ly0L;1scRBz&y%YCa01pBqINN$VaO%4eS77;j5H?`xdvV?!SbQnY;R8p$59i~7 z`Iq7T0ATj}ai0RP@8$3t*zW^)2WH}I?*+h4A0j#j*#5&rX8{iYqaQ(<0TUm^S!dv+ zk0EZrGMu-)0a)^J#1Yv4O5FJX%=`rW0;c1f@7cgZz*(Qfd17GfYNQV^`YFU2I0Wp8sP;N;XLl;z}}z1eHXyA&k}WjJApNy!&!9TIGjtq4w&8{h(V|0eG70H%KnT)^GHNjD+ifaTxD-3h<}H{)&$VAt>9juGG?VB!{>BL`0T zF47J-{Cl|X0od#N$Xj6gt?&=vv)yZd03G1)A0o`a-akT_0d~9%q-J8;bH zDC5AsKfygEz>aqiZ36BA*8UXv1I+mu;s;FoIl=+l4XpVE?hgQ#{t{&kIN(l%1DNqE zqAB1`;FP{#)b;F#BHIF9PiPJH#E>{yvle zfX|wb{2piSfz|gz7Z~^h?#=-AdjRPLO#dVN1?~n;eGp*>=Kl%t1NQzixPfVZLHK~X zfi-_c8UV}x23_FLzoU!;v;ToI4eay~bb;G|75_v&0({Jyk9hCgXwccf{lKZy8gvt| zWV;4k0qnnhgDwW9@6e#LfO~I+KV1XkEbWl-t} z>u5cVP@7Jp(`l48&=`%=1igSdG)Ysmkv7q0I)l!n7t(*xS@a@$F};M&rvIjM=zr*? z^uP2ndO4j-ub}hjm2^J6iY}m6(`)FpbRoTtUQchJi|CE?CVDenOmCsL(%b0m^bWd& z-ids8H@%16OPA97=rVdgT}~gM57LL|!}JmQD1D5sppVm)^a;9(K1o;8r|25`G+j%d zq0iFi=sNm5eSyA6U!pJ5_4F0Gfxb##qp#DA^bPtZeT#0QZ_~~69lC|SOW&jK)2;La z`XT*@ZlfR5?er76gMLasqo30+=$CXS{fh3QU(?<68@h*nOZU?6=sx;A-A{j@2k4LV zApME{On;%j(%>pp#~b>}*;C@q z107CI%wA; zSP=D%1qt8M2W=~_;{}90HMyTma--qzrsKpif<)O8vY>4FvbyI_RaA20Oa{Sim$4^KSW>OTAcIgqtZ9!ejpgs3*pD>-KJ-HE}#y(nS&OrWn+9rW`h zbq?zJHkc2vx(ne@bd0bZ4> z*9@ve((Yo$oLN0#F=_6&Sg0oUwWmrH@mI@3uemBxTOwV6gdpOrl-57kB;%Br%Xh~{ zsT z6EVKJ4xT#JVpOe5cua+*TXFWpnQ>XO9kB3#ic#_pbQC4K%X1!;Pg^{w!K$wM7Jbh| zzcY52!ua41hm2#{K}{TcV5Qmz8d$md08GKJS~7J!fi)o)2M?@^>$VnY%EeTCvcl2t z#TZRD@$USpw(1r4ew6OrY~c5e>TJGuHmQyDrM%ce-^D(7XX$o7alFHQ-jQwzE0&wd zn|71B^Q{!9Dz!8T2~aEWMOtPfdFhGR+g;^UqP}FmV`B++Pw(G$ROMD7R_|iBwX-k! zL_BItZJI7Mx48eg)I`q*`<&%#a`&=SLPP2A_}=nHW9NbEHJ4W`cmmPPb5dFLYE&g0 z<&F;P9NWa}2+G|ZU2MH&+phM|vO(D*MYh4RJh8{M5Oup#)mX{R9YuzAv8R-MFioMi zk&4~XM=AW{ZenJ)r}ZN|`NVdyO3k?I9h%OM)P74RcNGbHksR)@FjA+mb2!XlSN`g4 zKwZmK#XLDGF_v4}jpzcN+*Rll>`&O#`DOFV->>@&nZFysmRkD)_Zr6ozbsxHR)Nc{HEo{MIuj}rqDK>x1^|qvN=ThBN zT&M+mV4SlHv3rkNyZLo{rE;OGEj_#N7Hj^hw{XvOc!hPb!Nje8#8yVMhFKp8oOsg4 zzxKLVJn_~_DoYku-)G?-UpG-QmnO>5Pa1Picl;vg!meC7L6W(lv)lJp%7QhL$~JO? zvoB0ohwChbp;}6Dr9m&HL=;`bql(-!sB@_@_sTMtC-cbPQdd5*jlYLBwjv`8bL%pm z8v7nyor&lLp}-81Ua1jALgt^^;)xz_c&`oB+Km>uzDRJh0ec!5PkYwhT>@<6-|ed{ ziovjUGifH)cOp`6CO)ab4T0%zgc{{^c2vZR62ZkX932jv*U<|-@W*YTMmcvAifjkL z<%BA-HUPR0k@Uhp*~sBf+)1nbFe3`> zCuRI+amIfZXZ?>~>>4}X#_7o3nbMWNvULlYX?&40HGZ_i(M(b!QPvGb@x2%gw*nRM zCvwASQp-gwl9`c3r!dDON@8Uyq>Zmng?fq4no}V`) z*04h5=y)-%W}DJf1;SA%SG7VP@^u#*yOCi0dMNjC@XC=}=L%VjG`89mSFP5(;__5k!7w%SJQ%RXRlK2VTuHB&MRfdg zRxS!f4G>ExTQ>wp@!3+38hvXmwWB&6CQqdp-i0b^G#R5&3P~odl_KMcwVW6Z!y?2< zBB>+S-SWPr0u&kMRvx*9E5GmM+|kCm^|;W;G{E+59`A|)VP7p}#eL8#ba5TsTbG{m z$0M`UmnE)(^LjPTDu0n);?_KTsCq3gj01nmk=Dr3nom6u5hwE_qSp8Xqgv^!+}$N~ z!XMFEK!~d|&2Q7Lf<($774?|0=Hdemz7tawy z?JYCFR0Q#Q&xqo^+DfD@05Q(VL7kC$E0Q{VLryAh4U4OY)k&@3dYF->nFC-~Dz#1I z`!>3nRm;Ew9 z68PzNr`aZYb&~#ek}I$kfxhZUxYxMw$h*0yGWL2L#rkX|F7NlLoQkzt`CeAmGE?O( zK{YNRiV^8GT)`*>L8EF1v{hpwLuEQe(d#oJ?FaX9^a^hk29{yg+4Ebk_G)c^&DWFa zm0vB4UcwWp*f~(TSh33%CKXsESv#{ZHJQM&EsXh{N@l!oRNQ*8j&{0^Wh1$EtnIw| zl$Gs-fS+CYc>-Yw56a79G@0|FT0KsYR2tp{qv46vuEyP4M-4ppE=r6-(J$xUWJ- z!P#~&iVZ6of|k;PUf$1 zkZJDsTUET`ZUp@2eD`9Xi)oi54{Gxnnf>ND(MCh@^@R3NXMA#e-PEiDRz7vs zvSXJYZ=~Kotjvb&0iQ$X|LuZ*cQF5xGzbN+LnF8^I`hZ$PaIw@2-$}JIDFH{#d~7+olxM$=N3$6v-crpV4)?Epp#m z^_6`O3`IW2(=GFrEpSQ2rIEif`6s@z`Ocm7aJh#1>u>tjNz=W--^ZG3zAcKg*32OD zg)VDw?X@RZ&IFpgwP_unZMMZA8>l|FLAfAIy0@qGx^_tOrZ@qEOPo(VQ!TD&xX?r({Oup30#Z3Hm6I{C2 zBw47hX$neeMz{ZMJI<$bJj<Bi_Q-iiyzD#$aXd(I`Wp^=6V?#u2#;@g~qc%JC^$|*88G*Npz zRRH8mt#r=tpAhi7ueN{u3(8T5ZnK|^_;X*VSU3x}uF80JpX#~R?QD;gXUNT#SVbvc z>ZG&1VhIzIMcc> zFZr-ZN$tAsF^(C|<6@jQqNz#2C zk%=WP6s#Eao{ye5bL~3MxsEidYKFc1G}bG^ideqXiEpk{@r;`) zRoj~~7nVnXqQuZoh8HPHknwy<`Vw9EZMZfy*mNi#5?Gt6K z4rocP{(d)m2F$!`VOyv2?orlloyt#$vi2>N6DtWk`;6tpFPC{E04=@6}wDV%bIQMx=-g!9rdVyUu^VNi7j91 z)KR(Gg4eXmnx8*cZ@-`9>b|zfG4pRq#F+cjKORWT4m=(4eR7W3p5p8=-Wm4C1?=JJ z&>q&vCK&FTDXuqtvg8}6gs=6AJsZgh!FHFRn7s2sk3c9of z+|?mj$-5P0K2yhBkP3xO{^D}j-uQE)hgbXjeHj_%=34PX4m#b-H4C=`wbvQ#-1u;B zpS_Rc!`#SahR>@uBlniSxw+-G&s%LL#~wa+-*0dH3ln2S-a;~z=J!uxt3b$?I$wIO z#686iLu|9RBvh47uk6o=vD@XbK8=_YH7xJIxYz%_-Es8Z;+yD=^1hbW`iy;@3CXqM zzw()@3WYbGO!2Rxs%UrJmgUB=$N2ed&fTwV4tCb}$ht7G!p$2d4~w!!PW!8f%a=Ok zJ6E$UiG`rNL_jii-*V=7kB;${mlJF|-eY6D*qvTnde9qhZjJx&9B*}*f(n3qsguvS zntW-DzwD)S1~>F647vG}-GVP%T>T&;tG>88G0*jpuJBp6`3&niKdt?1v*+4E-jl1?d78{!EFcqEC4a3lmZ&|rrZi_8;5%PYVJ;XF ztbIxE#OmK%aNnMZadF{7q?mV|<^!47^C^T>n)ih}(?0Gm+eiMo!xM!)<$7*EE3Yz` zc)J^Q%(W+quIqGOkl9nT+QrrJVadqelcY%HORbWfXotDyb6SKG!^RC0IC?wT`!37O zJpYA$>hc0vf9BybW%;rMYrl4BEJ$$g1K!8P(%PT)>%K%KS_(cf@v>NK&E;0I3~fdK zBa^S^ra1YoDMc$^>XhRJiME*Qr&&I0@2mHTuZEd8H&xA0T=69%q@r3YcA0$SIjxY7 zZw^zGU6-9)zv{VuX~n9Tx{*v#%a>ZQ&6J?m`?2NqxW3d3xzj~2kFjp!Z{-y!&fdS3 z#9Sq}X)DW|mDjz=9NdZ;A;WjP&)0_?$nz6l3-`&n<}+W5y`HYem}Tk#-tSy6scY{P zp?sU?GGQE3VB{Hen@16UJ(G$;$a1X!W9BmDDRPw2pIwdBzZ<5Ez z1&_V9vbR)B#E5%AJZEZ|^v`AV#5h0EYv)-l-YHWs_Tl71rj>k=<58D)s%Ujxv&>Jl zT|7s~C%{a+_)<_sBVX#2j9kB*ca%An@~%-yps4GxaR(AbuC*DFXmQJl`nNlZf;l7v!blg zWx4LlYbJ$%AMlpq|2sjJA!ms+Wt=`p-nrfy&NQ0C5mKU=bz+uvoJx=-2MD$ruZRoyDz8)I&C z{-9#?t60ffC--tE8(Ol|#4o{@bgKN;;m)P&lQegEx4t6m{=3Z7wfn^xi#z)jt$e8! z&rF}>VwszEudhl-^-_y1^F1D+*z_+9$XIQ~H-UVA26ah zY>nv}JFxuPaWny+;f-*Jvzj>VIGW4F6q0IyGVxa+o;@Z%dsV2*k85si;&{i}^Dds;%FZ&!VtzKK$JiuVC*G@jLd7#S+#c((z0bvHxnnZF z^3z+4anSX7^i1lBnzW=2oUx zl&LF!DM?YNms+vReB=Kf#iyQ9c79@pmG^Kjs5tv|e@CW$-&e5p zY4s}8Ph077k$20f-@Q`F+1GY{mE`2#(^6FOrB)fu^axi=rlG#Alx4n(=P1U$u3aVC z3f@ijT*az>RZJ$QO6WRin;Vg?lI67cv9g}HaxKT(W&HZGr!%*<@I1-pcSF1W5^`5%E^A1FEdf0sdqdA85o-+K%)Eyz7GZ~JnG zL2ljroszAubMLu%l#?W@_*Fnv1$F(c=0>N_SB!qOAbIQ5thw6mWXaT*x!T4wh`WEH`prd|q+PdMxfsuj@m4?7sJOZxq2^XP=I5DvzS%Ih3+r7f zpWUw?szmPkd&#ZtE>>~%ep#{CG|tq!N91_jHy{$Npfj&cv?cl^g%9 zjqyb$?_|o>YC$sXM^+rxl@%ABw zbG@&pxmtf4+}x3CL*L`#i(W||R@Dor>Pm|sL!MDnFp z&7SFHjai=Xht?&_R>Un)%kq6br{*}s=mf(Nw$8bYGM?(FUrja`Rgdk zs{66m*3`)OHXJ2iUNQD3MKiJcK*iP1^vtXl!QMO8+bAQq9&!e=wdW1@ kk1f{z>% literal 0 HcmV?d00001 From 51e02b4bd4b654ad34f76e0617b84ce146df94d6 Mon Sep 17 00:00:00 2001 From: keen Date: Sat, 28 Feb 2015 17:57:31 -0500 Subject: [PATCH 3/3] Add Jansson JSON handling library --- include/jansson_config.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/include/jansson_config.h b/include/jansson_config.h index de4284ef43..396c966868 100644 --- a/include/jansson_config.h +++ b/include/jansson_config.h @@ -9,13 +9,21 @@ * Jansson, namely those things that affect the public API in * jansson.h. * +<<<<<<< HEAD * The CMake system will generate the jansson_config.h file and * copy it to the build and install directories. +======= + * The configure script copies this file to jansson_config.h and + * replaces @var@ substitutions by values that fit your system. If you + * cannot run the configure script, you can do the value substitution + * by hand. +>>>>>>> Add Jansson JSON handling library */ #ifndef JANSSON_CONFIG_H #define JANSSON_CONFIG_H +<<<<<<< HEAD /* Define this so that we can disable scattered automake configuration in source files */ #ifndef JANSSON_USING_CMAKE #define JANSSON_USING_CMAKE @@ -41,12 +49,15 @@ #endif +======= +>>>>>>> Add Jansson JSON handling library /* If your compiler supports the inline keyword in C, JSON_INLINE is defined to `inline', otherwise empty. In C++, the inline is always supported. */ #ifdef __cplusplus #define JSON_INLINE inline #else +<<<<<<< HEAD #define JSON_INLINE __inline #endif @@ -61,4 +72,18 @@ +======= +#define JSON_INLINE inline +#endif + +/* If your compiler supports the `long long` type and the strtoll() + library function, JSON_INTEGER_IS_LONG_LONG is defined to 1, + otherwise to 0. */ +#define JSON_INTEGER_IS_LONG_LONG 1 + +/* If locale.h and localeconv() are available, define to 1, + otherwise to 0. */ +#define JSON_HAVE_LOCALECONV 1 + +>>>>>>> Add Jansson JSON handling library #endif