From 63b6da601aeba6e63cf5c63738b76b784a47512a Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Sat, 5 May 2018 17:25:55 -0700 Subject: [PATCH] Reorganize source and add libraries --- .gitmodules | 6 + app/app.pro | 69 + .../identitymanager.cpp | 0 identitymanager.h => app/identitymanager.h | 0 main.cpp => app/main.cpp | 0 mainwindow.cpp => app/mainwindow.cpp | 0 mainwindow.h => app/mainwindow.h | 0 mainwindow.ui => app/mainwindow.ui | 0 nvhttp.cpp => app/nvhttp.cpp | 0 nvhttp.h => app/nvhttp.h | 0 .../nvpairingmanager.cpp | 0 nvpairingmanager.h => app/nvpairingmanager.h | 0 popupmanager.cpp => app/popupmanager.cpp | 0 popupmanager.h => app/popupmanager.h | 0 .../res}/ic_add_to_queue_white_48px.svg | 0 .../ic_remove_circle_outline_white_48px.svg | 0 .../res}/ic_remove_from_queue_white_48px.svg | 0 {res => app/res}/ic_tv_white_48px.svg | 0 .../res}/ic_videogame_asset_white_48px.svg | 0 {res => app/res}/icon128.png | Bin {res => app/res}/no_app_image.png | Bin resources.qrc => app/resources.qrc | 0 utils.h => app/utils.h | 0 libs/mac/include/openssl/aes.h | 149 + libs/mac/include/openssl/asn1.h | 1420 ++++++ libs/mac/include/openssl/asn1_mac.h | 579 +++ libs/mac/include/openssl/asn1t.h | 973 ++++ libs/mac/include/openssl/bio.h | 883 ++++ libs/mac/include/openssl/blowfish.h | 130 + libs/mac/include/openssl/bn.h | 951 ++++ libs/mac/include/openssl/buffer.h | 125 + libs/mac/include/openssl/camellia.h | 132 + libs/mac/include/openssl/cast.h | 107 + libs/mac/include/openssl/cmac.h | 82 + libs/mac/include/openssl/cms.h | 555 +++ libs/mac/include/openssl/conf.h | 268 ++ libs/mac/include/openssl/conf_api.h | 89 + libs/mac/include/openssl/crypto.h | 661 +++ libs/mac/include/openssl/des.h | 257 + libs/mac/include/openssl/des_old.h | 497 ++ libs/mac/include/openssl/dh.h | 412 ++ libs/mac/include/openssl/dsa.h | 332 ++ libs/mac/include/openssl/dso.h | 451 ++ libs/mac/include/openssl/dtls1.h | 272 ++ libs/mac/include/openssl/e_os2.h | 328 ++ libs/mac/include/openssl/ebcdic.h | 26 + libs/mac/include/openssl/ec.h | 1282 +++++ libs/mac/include/openssl/ecdh.h | 134 + libs/mac/include/openssl/ecdsa.h | 335 ++ libs/mac/include/openssl/engine.h | 960 ++++ libs/mac/include/openssl/err.h | 390 ++ libs/mac/include/openssl/evp.h | 1628 +++++++ libs/mac/include/openssl/hmac.h | 109 + libs/mac/include/openssl/idea.h | 105 + libs/mac/include/openssl/krb5_asn.h | 240 + libs/mac/include/openssl/kssl.h | 197 + libs/mac/include/openssl/lhash.h | 240 + libs/mac/include/openssl/md4.h | 119 + libs/mac/include/openssl/md5.h | 119 + libs/mac/include/openssl/mdc2.h | 94 + libs/mac/include/openssl/modes.h | 163 + libs/mac/include/openssl/obj_mac.h | 4194 +++++++++++++++++ libs/mac/include/openssl/objects.h | 1143 +++++ libs/mac/include/openssl/ocsp.h | 637 +++ libs/mac/include/openssl/opensslconf.h | 279 ++ libs/mac/include/openssl/opensslv.h | 97 + libs/mac/include/openssl/ossl_typ.h | 213 + libs/mac/include/openssl/pem.h | 617 +++ libs/mac/include/openssl/pem2.h | 70 + libs/mac/include/openssl/pkcs12.h | 342 ++ libs/mac/include/openssl/pkcs7.h | 481 ++ libs/mac/include/openssl/pqueue.h | 99 + libs/mac/include/openssl/rand.h | 150 + libs/mac/include/openssl/rc2.h | 103 + libs/mac/include/openssl/rc4.h | 88 + libs/mac/include/openssl/ripemd.h | 105 + libs/mac/include/openssl/rsa.h | 664 +++ libs/mac/include/openssl/safestack.h | 2672 +++++++++++ libs/mac/include/openssl/seed.h | 149 + libs/mac/include/openssl/sha.h | 214 + libs/mac/include/openssl/srp.h | 179 + libs/mac/include/openssl/srtp.h | 147 + libs/mac/include/openssl/ssl.h | 3163 +++++++++++++ libs/mac/include/openssl/ssl2.h | 265 ++ libs/mac/include/openssl/ssl23.h | 84 + libs/mac/include/openssl/ssl3.h | 774 +++ libs/mac/include/openssl/stack.h | 107 + libs/mac/include/openssl/symhacks.h | 518 ++ libs/mac/include/openssl/tls1.h | 810 ++++ libs/mac/include/openssl/ts.h | 865 ++++ libs/mac/include/openssl/txt_db.h | 112 + libs/mac/include/openssl/ui.h | 415 ++ libs/mac/include/openssl/ui_compat.h | 88 + libs/mac/include/openssl/whrlpool.h | 41 + libs/mac/include/openssl/x509.h | 1330 ++++++ libs/mac/include/openssl/x509_vfy.h | 652 +++ libs/mac/include/openssl/x509v3.h | 1055 +++++ libs/mac/lib/libcrypto.dylib | Bin 0 -> 1986176 bytes libs/mac/lib/libssl.dylib | Bin 0 -> 376408 bytes moonlight-common-c/moonlight-common-c | 1 + moonlight-common-c/moonlight-common-c.pro | 65 + moonlight-qt.pro | 58 +- opus/opus | 1 + opus/opus.pro | 159 + 104 files changed, 39023 insertions(+), 52 deletions(-) create mode 100644 .gitmodules create mode 100644 app/app.pro rename identitymanager.cpp => app/identitymanager.cpp (100%) rename identitymanager.h => app/identitymanager.h (100%) rename main.cpp => app/main.cpp (100%) rename mainwindow.cpp => app/mainwindow.cpp (100%) rename mainwindow.h => app/mainwindow.h (100%) rename mainwindow.ui => app/mainwindow.ui (100%) rename nvhttp.cpp => app/nvhttp.cpp (100%) rename nvhttp.h => app/nvhttp.h (100%) rename nvpairingmanager.cpp => app/nvpairingmanager.cpp (100%) rename nvpairingmanager.h => app/nvpairingmanager.h (100%) rename popupmanager.cpp => app/popupmanager.cpp (100%) rename popupmanager.h => app/popupmanager.h (100%) rename {res => app/res}/ic_add_to_queue_white_48px.svg (100%) rename {res => app/res}/ic_remove_circle_outline_white_48px.svg (100%) rename {res => app/res}/ic_remove_from_queue_white_48px.svg (100%) rename {res => app/res}/ic_tv_white_48px.svg (100%) rename {res => app/res}/ic_videogame_asset_white_48px.svg (100%) rename {res => app/res}/icon128.png (100%) rename {res => app/res}/no_app_image.png (100%) rename resources.qrc => app/resources.qrc (100%) rename utils.h => app/utils.h (100%) create mode 100644 libs/mac/include/openssl/aes.h create mode 100644 libs/mac/include/openssl/asn1.h create mode 100644 libs/mac/include/openssl/asn1_mac.h create mode 100644 libs/mac/include/openssl/asn1t.h create mode 100644 libs/mac/include/openssl/bio.h create mode 100644 libs/mac/include/openssl/blowfish.h create mode 100644 libs/mac/include/openssl/bn.h create mode 100644 libs/mac/include/openssl/buffer.h create mode 100644 libs/mac/include/openssl/camellia.h create mode 100644 libs/mac/include/openssl/cast.h create mode 100644 libs/mac/include/openssl/cmac.h create mode 100644 libs/mac/include/openssl/cms.h create mode 100644 libs/mac/include/openssl/conf.h create mode 100644 libs/mac/include/openssl/conf_api.h create mode 100644 libs/mac/include/openssl/crypto.h create mode 100644 libs/mac/include/openssl/des.h create mode 100644 libs/mac/include/openssl/des_old.h create mode 100644 libs/mac/include/openssl/dh.h create mode 100644 libs/mac/include/openssl/dsa.h create mode 100644 libs/mac/include/openssl/dso.h create mode 100644 libs/mac/include/openssl/dtls1.h create mode 100644 libs/mac/include/openssl/e_os2.h create mode 100644 libs/mac/include/openssl/ebcdic.h create mode 100644 libs/mac/include/openssl/ec.h create mode 100644 libs/mac/include/openssl/ecdh.h create mode 100644 libs/mac/include/openssl/ecdsa.h create mode 100644 libs/mac/include/openssl/engine.h create mode 100644 libs/mac/include/openssl/err.h create mode 100644 libs/mac/include/openssl/evp.h create mode 100644 libs/mac/include/openssl/hmac.h create mode 100644 libs/mac/include/openssl/idea.h create mode 100644 libs/mac/include/openssl/krb5_asn.h create mode 100644 libs/mac/include/openssl/kssl.h create mode 100644 libs/mac/include/openssl/lhash.h create mode 100644 libs/mac/include/openssl/md4.h create mode 100644 libs/mac/include/openssl/md5.h create mode 100644 libs/mac/include/openssl/mdc2.h create mode 100644 libs/mac/include/openssl/modes.h create mode 100644 libs/mac/include/openssl/obj_mac.h create mode 100644 libs/mac/include/openssl/objects.h create mode 100644 libs/mac/include/openssl/ocsp.h create mode 100644 libs/mac/include/openssl/opensslconf.h create mode 100644 libs/mac/include/openssl/opensslv.h create mode 100644 libs/mac/include/openssl/ossl_typ.h create mode 100644 libs/mac/include/openssl/pem.h create mode 100644 libs/mac/include/openssl/pem2.h create mode 100644 libs/mac/include/openssl/pkcs12.h create mode 100644 libs/mac/include/openssl/pkcs7.h create mode 100644 libs/mac/include/openssl/pqueue.h create mode 100644 libs/mac/include/openssl/rand.h create mode 100644 libs/mac/include/openssl/rc2.h create mode 100644 libs/mac/include/openssl/rc4.h create mode 100644 libs/mac/include/openssl/ripemd.h create mode 100644 libs/mac/include/openssl/rsa.h create mode 100644 libs/mac/include/openssl/safestack.h create mode 100644 libs/mac/include/openssl/seed.h create mode 100644 libs/mac/include/openssl/sha.h create mode 100644 libs/mac/include/openssl/srp.h create mode 100644 libs/mac/include/openssl/srtp.h create mode 100644 libs/mac/include/openssl/ssl.h create mode 100644 libs/mac/include/openssl/ssl2.h create mode 100644 libs/mac/include/openssl/ssl23.h create mode 100644 libs/mac/include/openssl/ssl3.h create mode 100644 libs/mac/include/openssl/stack.h create mode 100644 libs/mac/include/openssl/symhacks.h create mode 100644 libs/mac/include/openssl/tls1.h create mode 100644 libs/mac/include/openssl/ts.h create mode 100644 libs/mac/include/openssl/txt_db.h create mode 100644 libs/mac/include/openssl/ui.h create mode 100644 libs/mac/include/openssl/ui_compat.h create mode 100644 libs/mac/include/openssl/whrlpool.h create mode 100644 libs/mac/include/openssl/x509.h create mode 100644 libs/mac/include/openssl/x509_vfy.h create mode 100644 libs/mac/include/openssl/x509v3.h create mode 100644 libs/mac/lib/libcrypto.dylib create mode 100644 libs/mac/lib/libssl.dylib create mode 160000 moonlight-common-c/moonlight-common-c create mode 100644 moonlight-common-c/moonlight-common-c.pro create mode 160000 opus/opus create mode 100644 opus/opus.pro diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..c5ea24df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "moonlight-common-c/moonlight-common-c"] + path = moonlight-common-c/moonlight-common-c + url = https://github.com/moonlight-stream/moonlight-common-c.git +[submodule "opus/opus"] + path = opus/opus + url = https://github.com/xiph/opus.git diff --git a/app/app.pro b/app/app.pro new file mode 100644 index 00000000..45007a9c --- /dev/null +++ b/app/app.pro @@ -0,0 +1,69 @@ +#------------------------------------------------- +# +# Project created by QtCreator 2018-04-28T14:01:01 +# +#------------------------------------------------- + +QT += core gui network + +greaterThan(QT_MAJOR_VERSION, 4): QT += widgets + +TARGET = moonlight-qt +TEMPLATE = app + +# The following define makes your compiler emit warnings if you use +# any feature of Qt which has been marked as deprecated (the exact warnings +# depend on your compiler). Please consult the documentation of the +# deprecated API in order to know how to port your code away from it. +DEFINES += QT_DEPRECATED_WARNINGS + +# You can also make your code fail to compile if you use deprecated APIs. +# In order to do so, uncomment the following line. +# You can also select to disable deprecated APIs only up to a certain version of Qt. +DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000 # disables all the APIs deprecated before Qt 6.0.0 + +macx { + INCLUDEPATH += $$PWD/../libs/mac/include + LIBS += $$PWD/../libs/mac/lib/libssl.dylib + LIBS += $$PWD/../libs/mac/lib/libcrypto.dylib +} +unix:!macx { + CONFIG += link_pkgconfig + PKGCONFIG += openssl +} + +SOURCES += \ + main.cpp \ + mainwindow.cpp \ + nvhttp.cpp \ + nvpairingmanager.cpp \ + identitymanager.cpp \ + popupmanager.cpp + +HEADERS += \ + mainwindow.h \ + nvhttp.h \ + nvpairingmanager.h \ + identitymanager.h \ + utils.h \ + popupmanager.h + +FORMS += \ + mainwindow.ui + +RESOURCES += \ + resources.qrc + +win32:CONFIG(release, debug|release): LIBS += -L$$OUT_PWD/../moonlight-common-c/release/ -lmoonlight-common-c +else:win32:CONFIG(debug, debug|release): LIBS += -L$$OUT_PWD/../moonlight-common-c/debug/ -lmoonlight-common-c +else:unix: LIBS += -L$$OUT_PWD/../moonlight-common-c/ -lmoonlight-common-c + +INCLUDEPATH += $$PWD/../moonlight-common-c/moonlight-common-c/src +DEPENDPATH += $$PWD/../moonlight-common-c/moonlight-common-c/src + +win32:CONFIG(release, debug|release): LIBS += -L$$OUT_PWD/../opus/release/ -lopus +else:win32:CONFIG(debug, debug|release): LIBS += -L$$OUT_PWD/../opus/debug/ -lopus +else:unix: LIBS += -L$$OUT_PWD/../opus/ -lopus + +INCLUDEPATH += $$PWD/../opus/opus/include +DEPENDPATH += $$PWD/../opus/opus/include diff --git a/identitymanager.cpp b/app/identitymanager.cpp similarity index 100% rename from identitymanager.cpp rename to app/identitymanager.cpp diff --git a/identitymanager.h b/app/identitymanager.h similarity index 100% rename from identitymanager.h rename to app/identitymanager.h diff --git a/main.cpp b/app/main.cpp similarity index 100% rename from main.cpp rename to app/main.cpp diff --git a/mainwindow.cpp b/app/mainwindow.cpp similarity index 100% rename from mainwindow.cpp rename to app/mainwindow.cpp diff --git a/mainwindow.h b/app/mainwindow.h similarity index 100% rename from mainwindow.h rename to app/mainwindow.h diff --git a/mainwindow.ui b/app/mainwindow.ui similarity index 100% rename from mainwindow.ui rename to app/mainwindow.ui diff --git a/nvhttp.cpp b/app/nvhttp.cpp similarity index 100% rename from nvhttp.cpp rename to app/nvhttp.cpp diff --git a/nvhttp.h b/app/nvhttp.h similarity index 100% rename from nvhttp.h rename to app/nvhttp.h diff --git a/nvpairingmanager.cpp b/app/nvpairingmanager.cpp similarity index 100% rename from nvpairingmanager.cpp rename to app/nvpairingmanager.cpp diff --git a/nvpairingmanager.h b/app/nvpairingmanager.h similarity index 100% rename from nvpairingmanager.h rename to app/nvpairingmanager.h diff --git a/popupmanager.cpp b/app/popupmanager.cpp similarity index 100% rename from popupmanager.cpp rename to app/popupmanager.cpp diff --git a/popupmanager.h b/app/popupmanager.h similarity index 100% rename from popupmanager.h rename to app/popupmanager.h diff --git a/res/ic_add_to_queue_white_48px.svg b/app/res/ic_add_to_queue_white_48px.svg similarity index 100% rename from res/ic_add_to_queue_white_48px.svg rename to app/res/ic_add_to_queue_white_48px.svg diff --git a/res/ic_remove_circle_outline_white_48px.svg b/app/res/ic_remove_circle_outline_white_48px.svg similarity index 100% rename from res/ic_remove_circle_outline_white_48px.svg rename to app/res/ic_remove_circle_outline_white_48px.svg diff --git a/res/ic_remove_from_queue_white_48px.svg b/app/res/ic_remove_from_queue_white_48px.svg similarity index 100% rename from res/ic_remove_from_queue_white_48px.svg rename to app/res/ic_remove_from_queue_white_48px.svg diff --git a/res/ic_tv_white_48px.svg b/app/res/ic_tv_white_48px.svg similarity index 100% rename from res/ic_tv_white_48px.svg rename to app/res/ic_tv_white_48px.svg diff --git a/res/ic_videogame_asset_white_48px.svg b/app/res/ic_videogame_asset_white_48px.svg similarity index 100% rename from res/ic_videogame_asset_white_48px.svg rename to app/res/ic_videogame_asset_white_48px.svg diff --git a/res/icon128.png b/app/res/icon128.png similarity index 100% rename from res/icon128.png rename to app/res/icon128.png diff --git a/res/no_app_image.png b/app/res/no_app_image.png similarity index 100% rename from res/no_app_image.png rename to app/res/no_app_image.png diff --git a/resources.qrc b/app/resources.qrc similarity index 100% rename from resources.qrc rename to app/resources.qrc diff --git a/utils.h b/app/utils.h similarity index 100% rename from utils.h rename to app/utils.h diff --git a/libs/mac/include/openssl/aes.h b/libs/mac/include/openssl/aes.h new file mode 100644 index 00000000..faa66c49 --- /dev/null +++ b/libs/mac/include/openssl/aes.h @@ -0,0 +1,149 @@ +/* crypto/aes/aes.h */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# ifdef OPENSSL_NO_AES +# error AES is disabled. +# endif + +# include + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_AES_H */ diff --git a/libs/mac/include/openssl/asn1.h b/libs/mac/include/openssl/asn1.h new file mode 100644 index 00000000..35a2b2aa --- /dev/null +++ b/libs/mac/include/openssl/asn1.h @@ -0,0 +1,1420 @@ +/* crypto/asn1/asn1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include + +# include + +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG 0x1f + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_NEG 0x100/* negative flag */ + +# define V_ASN1_UNDEF -1 +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) + +# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ +# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ + +/* + * We MUST make sure that, except for constness, asn1_ctx_st and + * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 + * parsing macros are gone, we can throw this away as well... + */ +typedef struct asn1_ctx_st { + unsigned char *p; /* work char pointer */ + int eos; /* end of sequence read for indefinite + * encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + unsigned char *max; /* largest value of p allowed */ + unsigned char *q; /* temporary variable */ + unsigned char **pp; /* variable */ + int line; /* used in error processing */ +} ASN1_CTX; + +typedef struct asn1_const_ctx_st { + const unsigned char *p; /* work char pointer */ + int eos; /* end of sequence read for indefinite + * encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + const unsigned char *max; /* largest value of p allowed */ + const unsigned char *q; /* temporary variable */ + const unsigned char **pp; /* variable */ + int line; /* used in error processing */ +} ASN1_const_CTX; + +/* + * These are used internally in the ASN1_OBJECT to keep track of whether the + * names and data need to be free()ed + */ +# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ +# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ +# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ +# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +}; + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DECLARE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DECLARE_STACK_OF(ASN1_INTEGER) +DECLARE_ASN1_SET_OF(ASN1_INTEGER) + +DECLARE_STACK_OF(ASN1_GENERALSTRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DECLARE_STACK_OF(ASN1_TYPE) +DECLARE_ASN1_SET_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +typedef struct NETSCAPE_X509_st { + ASN1_OCTET_STRING *header; + X509 *cert; +} NETSCAPE_X509; + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define M_ASN1_STRING_length(x) ((x)->length) +# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) +# define M_ASN1_STRING_type(x) ((x)->type) +# define M_ASN1_STRING_data(x) ((x)->data) + +/* Macros for string operations */ +# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ + ASN1_STRING_type_new(V_ASN1_BIT_STRING) +# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) +# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) + +# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ + ASN1_STRING_type_new(V_ASN1_INTEGER) +# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ + ASN1_STRING_type_new(V_ASN1_ENUMERATED) +# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ + ASN1_STRING_type_new(V_ASN1_OCTET_STRING) +# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) +# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) +# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) +# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) +# define M_i2d_ASN1_OCTET_STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ + V_ASN1_UNIVERSAL) + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) +# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_PRINTABLE) + +# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +# define M_d2i_DIRECTORYSTRING(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_DIRECTORYSTRING) + +# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ + pp,a->type,V_ASN1_UNIVERSAL) +# define M_d2i_DISPLAYTEXT(a,pp,l) \ + d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ + B_ASN1_DISPLAYTEXT) + +# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ + (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) + +# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ + ASN1_STRING_type_new(V_ASN1_T61STRING) +# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_T61STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_T61STRING(a,pp,l) \ + (ASN1_T61STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) + +# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ + ASN1_STRING_type_new(V_ASN1_IA5STRING) +# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_IA5STRING_dup(a) \ + (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) +# define M_i2d_ASN1_IA5STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_IA5STRING(a,pp,l) \ + (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ + B_ASN1_IA5STRING) + +# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) + +# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ + ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) +# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ + (const ASN1_STRING *)a) + +# define M_ASN1_TIME_new() (ASN1_TIME *)\ + ASN1_STRING_type_new(V_ASN1_UTCTIME) +# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) + +# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_GENERALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ + (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) + +# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ + ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) +# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ + (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) + +# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ + ASN1_STRING_type_new(V_ASN1_BMPSTRING) +# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_BMPSTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ + (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) + +# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ + ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ + (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) + +# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ + ASN1_STRING_type_new(V_ASN1_UTF8STRING) +# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +# define M_i2d_ASN1_UTF8STRING(a,pp) \ + i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ + V_ASN1_UNIVERSAL) +# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ + (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ + ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) + + /* for the is_set parameter to i2d_ASN1_SET */ +# define IS_SEQUENCE 0 +# define IS_SET 1 + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DECLARE_STACK_OF(ASN1_OBJECT) +DECLARE_ASN1_SET_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(ASN1_STRING *x); +unsigned char *ASN1_STRING_data(ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long length); +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len); + +# ifndef OPENSSL_NO_BIO +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +# endif +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl); + +int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +# if 0 +time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); +# endif + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME + **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, + const unsigned char **pp, + long length, d2i_of_void *d2i, + void (*free_func) (OPENSSL_BLOCK), + int ex_tag, int ex_class); + +# ifndef OPENSSL_NO_BIO +int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); +# endif +int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); +ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, + long length, int Ptag, int Pclass); +unsigned long ASN1_tag2bit(int tag); +/* type is one or more of the B_ASN1_ values. */ +ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, + long length, int type); + +/* PARSING */ +int asn1_Finish(ASN1_CTX *c); +int asn1_const_Finish(ASN1_const_CTX *c); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_FP_API +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); + +# ifndef OPENSSL_NO_BIO +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +# endif +const char *ASN1_tag2str(int tag); + +/* Used to load and write netscape format cert */ + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, + void (*free_func) (OPENSSL_BLOCK)); +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, + unsigned char **buf, int *len); +void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); +void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); +ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, + ASN1_OCTET_STRING **oct); + +# define ASN1_pack_string_of(type,obj,i2d,oct) \ + (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ + CHECKED_I2D_OF(type, i2d), \ + oct)) + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); + +ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ASN1_strings(void); + +/* Error codes for the ASN1 functions. */ + +/* Function codes. */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_ENUMERATED 101 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENUMERATED_SET 112 +# define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_HEADER_NEW 115 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_INTEGER_SET 118 +# define ASN1_F_ASN1_INTEGER_TO_BN 119 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 +# define ASN1_F_ASN1_ITEM_EX_D2I 120 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PACK_STRING 124 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PKCS5_PBE_SET 125 +# define ASN1_F_ASN1_SEQ_PACK 126 +# define ASN1_F_ASN1_SEQ_UNPACK 127 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TIME_SET 175 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UNPACK_STRING 136 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_UTCTIME_SET 187 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_ENUMERATED 138 +# define ASN1_F_BN_TO_ASN1_INTEGER 139 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_BIT_STRING 141 +# define ASN1_F_D2I_ASN1_BOOLEAN 142 +# define ASN1_F_D2I_ASN1_BYTES 143 +# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 +# define ASN1_F_D2I_ASN1_HEADER 145 +# define ASN1_F_D2I_ASN1_INTEGER 146 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_SET 148 +# define ASN1_F_D2I_ASN1_TYPE_BYTES 149 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_ASN1_UTCTIME 151 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_NETSCAPE_RSA 152 +# define ASN1_F_D2I_NETSCAPE_RSA_2 153 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_D2I_RSA_NET 200 +# define ASN1_F_D2I_RSA_NET_2 201 +# define ASN1_F_D2I_X509 156 +# define ASN1_F_D2I_X509_CINF 157 +# define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_SET 188 +# define ASN1_F_I2D_ASN1_TIME 160 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_NET 162 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_X509_CINF_NEW 168 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_NEW 172 +# define ASN1_F_X509_PKEY_NEW 173 + +/* Reason codes. */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_CLASS 101 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_PASSWORD_READ 103 +# define ASN1_R_BAD_TAG 104 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DECODING_ERROR 111 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPECTING_A_BOOLEAN 117 +# define ASN1_R_EXPECTING_A_TIME 118 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_TIME_FORMAT 132 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_IV_TOO_LARGE 135 +# define ASN1_R_LENGTH_ERROR 136 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_DEFAULT_DIGEST 201 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_TAG_VALUE_TOO_HIGH 153 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 218 +# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 +# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNKOWN_FORMAT 195 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 165 +# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 +# define ASN1_R_WRONG_TYPE 169 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/asn1_mac.h b/libs/mac/include/openssl/asn1_mac.h new file mode 100644 index 00000000..abc6dc35 --- /dev/null +++ b/libs/mac/include/openssl/asn1_mac.h @@ -0,0 +1,579 @@ +/* crypto/asn1/asn1_mac.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_MAC_H +# define HEADER_ASN1_MAC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef ASN1_MAC_ERR_LIB +# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 +# endif + +# define ASN1_MAC_H_err(f,r,line) \ + ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) + +# define M_ASN1_D2I_vars(a,type,func) \ + ASN1_const_CTX c; \ + type ret=NULL; \ + \ + c.pp=(const unsigned char **)pp; \ + c.q= *(const unsigned char **)pp; \ + c.error=ERR_R_NESTED_ASN1_ERROR; \ + if ((a == NULL) || ((*a) == NULL)) \ + { if ((ret=(type)func()) == NULL) \ + { c.line=__LINE__; goto err; } } \ + else ret=(*a); + +# define M_ASN1_D2I_Init() \ + c.p= *(const unsigned char **)pp; \ + c.max=(length == 0)?0:(c.p+length); + +# define M_ASN1_D2I_Finish_2(a) \ + if (!asn1_const_Finish(&c)) \ + { c.line=__LINE__; goto err; } \ + *(const unsigned char **)pp=c.p; \ + if (a != NULL) (*a)=ret; \ + return(ret); + +# define M_ASN1_D2I_Finish(a,func,e) \ + M_ASN1_D2I_Finish_2(a); \ +err:\ + ASN1_MAC_H_err((e),c.error,c.line); \ + asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ + if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ + return(NULL) + +# define M_ASN1_D2I_start_sequence() \ + if (!asn1_GetSequence(&c,&length)) \ + { c.line=__LINE__; goto err; } +/* Begin reading ASN1 without a surrounding sequence */ +# define M_ASN1_D2I_begin() \ + c.slen = length; + +/* End reading ASN1 with no check on length */ +# define M_ASN1_D2I_Finish_nolen(a, func, e) \ + *pp=c.p; \ + if (a != NULL) (*a)=ret; \ + return(ret); \ +err:\ + ASN1_MAC_H_err((e),c.error,c.line); \ + asn1_add_error(*pp,(int)(c.q- *pp)); \ + if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ + return(NULL) + +# define M_ASN1_D2I_end_sequence() \ + (((c.inf&1) == 0)?(c.slen <= 0): \ + (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) + +/* Don't use this with d2i_ASN1_BOOLEAN() */ +# define M_ASN1_D2I_get(b, func) \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +/* Don't use this with d2i_ASN1_BOOLEAN() */ +# define M_ASN1_D2I_get_x(type,b,func) \ + c.q=c.p; \ + if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +/* use this instead () */ +# define M_ASN1_D2I_get_int(b,func) \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) < 0) \ + {c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +# define M_ASN1_D2I_get_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get(b,func); \ + } + +# define M_ASN1_D2I_get_int_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get_int(b,func); \ + } + +# define M_ASN1_D2I_get_imp(b,func, type) \ + M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ + c.q=c.p; \ + if (func(&(b),&c.p,c.slen) == NULL) \ + {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ + c.slen-=(c.p-c.q);\ + M_ASN1_next_prev=_tmp; + +# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ + (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ + { \ + unsigned char _tmp = M_ASN1_next; \ + M_ASN1_D2I_get_imp(b,func, type);\ + } + +# define M_ASN1_D2I_get_set(r,func,free_func) \ + M_ASN1_D2I_get_imp_set(r,func,free_func, \ + V_ASN1_SET,V_ASN1_UNIVERSAL); + +# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ + V_ASN1_SET,V_ASN1_UNIVERSAL); + +# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ + { M_ASN1_D2I_get_set(r,func,free_func); } + +# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ + { M_ASN1_D2I_get_set_type(type,r,func,free_func); } + +# define M_ASN1_I2D_len_SET_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_len_SET(a,f); + +# define M_ASN1_I2D_put_SET_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SET(a,f); + +# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE(a,f); + +# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE_type(type,a,f); + +# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ + if ((c.slen != 0) && \ + (M_ASN1_next == \ + (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ + { \ + M_ASN1_D2I_get_imp_set(b,func,free_func,\ + tag,V_ASN1_CONTEXT_SPECIFIC); \ + } + +# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ + if ((c.slen != 0) && \ + (M_ASN1_next == \ + (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ + { \ + M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ + tag,V_ASN1_CONTEXT_SPECIFIC); \ + } + +# define M_ASN1_D2I_get_seq(r,func,free_func) \ + M_ASN1_D2I_get_imp_set(r,func,free_func,\ + V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); + +# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ + V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) + +# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ + { M_ASN1_D2I_get_seq(r,func,free_func); } + +# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ + if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ + V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ + { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } + +# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ + M_ASN1_D2I_get_imp_set(r,func,free_func,\ + x,V_ASN1_CONTEXT_SPECIFIC); + +# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ + x,V_ASN1_CONTEXT_SPECIFIC); + +# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ + (void (*)())free_func,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ + free_func,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ + c.q=c.p; \ + if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ + { c.line=__LINE__; goto err; } \ + c.slen-=(c.p-c.q); + +# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ + if ((c.slen != 0L) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (func(&(r),&c.p,Tlen) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ + if ((c.slen != 0) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ + (void (*)())free_func, \ + b,V_ASN1_UNIVERSAL) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ + if ((c.slen != 0) && (M_ASN1_next == \ + (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ + { \ + int Tinf,Ttag,Tclass; \ + long Tlen; \ + \ + c.q=c.p; \ + Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ + if (Tinf & 0x80) \ + { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ + c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ + Tlen = c.slen - (c.p - c.q) - 2; \ + if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ + free_func,b,V_ASN1_UNIVERSAL) == NULL) \ + { c.line=__LINE__; goto err; } \ + if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ + Tlen = c.slen - (c.p - c.q); \ + if(!ASN1_check_infinite_end(&c.p, Tlen)) \ + { c.error=ERR_R_MISSING_ASN1_EOS; \ + c.line=__LINE__; goto err; } \ + }\ + c.slen-=(c.p-c.q); \ + } + +/* New macros */ +# define M_ASN1_New_Malloc(ret,type) \ + if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ + { c.line=__LINE__; goto err2; } + +# define M_ASN1_New(arg,func) \ + if (((arg)=func()) == NULL) return(NULL) + +# define M_ASN1_New_Error(a) \ +/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ + return(NULL);*/ \ + err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ + return(NULL) + +/* + * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some + * macros that use ASN1_const_CTX still insist on writing in the input + * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- + * Richard Levitte + */ +# define M_ASN1_next (*((unsigned char *)(c.p))) +# define M_ASN1_next_prev (*((unsigned char *)(c.q))) + +/*************************************************/ + +# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ + unsigned char *p; \ + if (a == NULL) return(0) + +/* Length Macros */ +# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) +# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) + +# define M_ASN1_I2D_len_SET(a,f) \ + ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); + +# define M_ASN1_I2D_len_SET_type(type,a,f) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ + V_ASN1_UNIVERSAL,IS_SET); + +# define M_ASN1_I2D_len_SEQUENCE(a,f) \ + ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); + +# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ + V_ASN1_UNIVERSAL,IS_SEQUENCE) + +# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_len_SEQUENCE(a,f); + +# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + M_ASN1_I2D_len_SEQUENCE_type(type,a,f); + +# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); + +# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC,IS_SET); + +# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); + +# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ + if (a != NULL)\ + { \ + v=f(a,NULL); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0))\ + { \ + v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0))\ + { \ + v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_##type##_num(a) != 0))\ + { \ + v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ + V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + +/* Put Macros */ +# define M_ASN1_I2D_put(a,f) f(a,&p) + +# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ + if (a != NULL) \ + { \ + unsigned char *q=p; \ + f(a,&p); \ + *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ + } + +# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ + V_ASN1_UNIVERSAL,IS_SET) +# define M_ASN1_I2D_put_SET_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) +# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ + V_ASN1_CONTEXT_SPECIFIC,IS_SET) +# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ + i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) +# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ + V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) + +# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ + V_ASN1_UNIVERSAL,IS_SEQUENCE) + +# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE) + +# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + M_ASN1_I2D_put_SEQUENCE(a,f); + +# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); } + +# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SET); } + +# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); } + +# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ + V_ASN1_CONTEXT_SPECIFIC, \ + IS_SEQUENCE); } + +# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ + if (a != NULL) \ + { \ + ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ + f(a,&p); \ + } + +# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ + } + +# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ + } + +# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ + if ((a != NULL) && (sk_##type##_num(a) != 0)) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + } + +# define M_ASN1_I2D_seq_total() \ + r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ + if (pp == NULL) return(r); \ + p= *pp; \ + ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) + +# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ + *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ + *(p++)=0x80 + +# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 + +# define M_ASN1_I2D_finish() *pp=p; \ + return(r); + +int asn1_GetSequence(ASN1_const_CTX *c, long *length); +void asn1_add_error(const unsigned char *address, int offset); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/asn1t.h b/libs/mac/include/openssl/asn1t.h new file mode 100644 index 00000000..99bc0eec --- /dev/null +++ b/libs/mac/include/openssl/asn1t.h @@ -0,0 +1,973 @@ +/* asn1t.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb, lck) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* used when the structure is combined with the parent */ + +# define ASN1_EX_COMBINE(flags, tag, type) { \ + (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ +# ifndef NO_ASN1_FIELD_NAMES + const char *field_name; /* Field name */ +# endif + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag means a parent structure is passed instead of the field: this is + * useful is a SEQUENCE is being combined with a CHOICE for example. Since + * this means the structure and item name will differ we need to use the + * ASN1_CHOICE_END_name() macro for example. + */ + +# define ASN1_TFLG_COMBINE (0x1<<10) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ +# ifndef NO_ASN1_FIELD_NAMES + const char *sname; /* Structure name */ +# endif +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * For COMPAT types the funcs field gives a + * set of functions that handle this type, this + * supports the old d2i, i2d convention. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_COMPAT 0x3 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ + +typedef ASN1_VALUE *ASN1_new_func(void); +typedef void ASN1_free_func(ASN1_VALUE *a); +typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in, + long length); +typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in); + +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_COMPAT_FUNCS_st { + ASN1_new_func *asn1_new; + ASN1_free_func *asn1_free; + ASN1_d2i_func *asn1_d2i; + ASN1_i2d_func *asn1_i2d; +} ASN1_COMPAT_FUNCS; + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement an ASN1_ITEM in terms of old style funcs */ + +# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) + +# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ + static const ASN1_COMPAT_FUNCS sname##_ff = { \ + (ASN1_new_func *)sname##_new, \ + (ASN1_free_func *)sname##_free, \ + (ASN1_d2i_func *)d2i_##sname, \ + (ASN1_i2d_func *)i2d_##sname, \ + }; \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_COMPAT, \ + tag, \ + NULL, \ + 0, \ + &sname##_ff, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) + +DECLARE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + +void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_TEMPLATE *tt); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt); +void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it); +int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); + +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, + const ASN1_ITEM *it); + +ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + int nullerr); + +int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/bio.h b/libs/mac/include/openssl/bio.h new file mode 100644 index 00000000..8f2438cd --- /dev/null +++ b/libs/mac/include/openssl/bio.h @@ -0,0 +1,883 @@ +/* crypto/bio/bio.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_FP_API +# include +# endif +# include + +# include + +# ifndef OPENSSL_NO_SCTP +# ifndef OPENSSL_SYS_VMS +# include +# else +# include +# endif +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM (1|0x0400) +# define BIO_TYPE_FILE (2|0x0400) + +# define BIO_TYPE_FD (4|0x0400|0x0100) +# define BIO_TYPE_SOCKET (5|0x0400|0x0100) +# define BIO_TYPE_NULL (6|0x0400) +# define BIO_TYPE_SSL (7|0x0200) +# define BIO_TYPE_MD (8|0x0200)/* passive filter */ +# define BIO_TYPE_BUFFER (9|0x0200)/* filter */ +# define BIO_TYPE_CIPHER (10|0x0200)/* filter */ +# define BIO_TYPE_BASE64 (11|0x0200)/* filter */ +# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ +# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ +# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ +# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ +# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|0x0200) +# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ +# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ +# define BIO_TYPE_DGRAM (21|0x0400|0x0100) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) +# endif +# define BIO_TYPE_ASN1 (22|0x0200)/* filter */ +# define BIO_TYPE_COMP (23|0x0200)/* filter */ + +# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +/* callback is int cb(BIO *bio,state,ret); */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +/* Used in BIO_gethostbyname() */ +# define BIO_GHBN_CTRL_HITS 1 +# define BIO_GHBN_CTRL_MISSES 2 +# define BIO_GHBN_CTRL_CACHE_SIZE 3 +# define BIO_GHBN_CTRL_GET_ENTRY 4 +# define BIO_GHBN_CTRL_FLUSH 5 + +/* Mostly used in the SSL BIO */ +/*- + * Not used anymore + * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 + * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 + * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 + */ + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: it means we shouldn't free up or change the + * data in any way. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 + +typedef struct bio_st BIO; + +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, + int, long, long); +void BIO_set_callback(BIO *b, + long (*callback) (struct bio_st *, int, const char *, + int, long, long)); +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, + long); + +typedef struct bio_method_st { + int type; + const char *name; + int (*bwrite) (BIO *, const char *, int); + int (*bread) (BIO *, char *, int); + int (*bputs) (BIO *, const char *); + int (*bgets) (BIO *, char *, int); + long (*ctrl) (BIO *, int, long, void *); + int (*create) (BIO *); + int (*destroy) (BIO *); + long (*callback_ctrl) (BIO *, int, bio_info_cb *); +} BIO_METHOD; + +struct bio_st { + BIO_METHOD *method; + /* bio, mode, argp, argi, argl, ret */ + long (*callback) (struct bio_st *, int, const char *, int, long, long); + char *cb_arg; /* first argument for the callback */ + int init; + int shutdown; + int flags; /* extra storage */ + int retry_reason; + int num; + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ + int references; + unsigned long num_read; + unsigned long num_write; + CRYPTO_EX_DATA ex_data; +}; + +DECLARE_STACK_OF(BIO) + +typedef struct bio_f_buffer_ctx_struct { + /*- + * Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + /*- BIO *bio; *//* + * this is now in the BIO struct + */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ +} BIO_F_BUFFER_CTX; + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* connect BIO stuff */ +# define BIO_CONN_S_BEFORE 1 +# define BIO_CONN_S_GET_IP 2 +# define BIO_CONN_S_GET_PORT 3 +# define BIO_CONN_S_CREATE_SOCKET 4 +# define BIO_CONN_S_CONNECT 5 +# define BIO_CONN_S_OK 6 +# define BIO_CONN_S_BLOCKED_CONNECT 7 +# define BIO_CONN_S_NBIO 8 +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +# define BIO_C_SET_PROXY_PARAM 103 +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +# define BIO_C_GET_PROXY_PARAM 121 +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +/* BIO_s_connect() and BIO_s_socks4a_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) +# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) +# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) +# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) +# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) + +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR_IF_UNUSED 1 +# define BIO_BIND_REUSEADDR 2 +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_proxy_client() */ +# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) +# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) +/* BIO_set_nbio(b,n) */ +# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) +/* BIO *BIO_get_filter_bio(BIO *bio); */ +# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) +# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) +# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) + +# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) +# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) +# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) +# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)name) +# endif +# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +# define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +/* These two aren't currently implemented */ +/* int BIO_get_ex_num(BIO *bio); */ +/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +unsigned long BIO_number_read(BIO *bio); +unsigned long BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +# ifndef OPENSSL_NO_FP_API +BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +BIO *BIO_new_fp(FILE *stream, int close_flag); +# define BIO_s_file_internal BIO_s_file +# endif +BIO *BIO_new(BIO_METHOD *type); +int BIO_set(BIO *a, BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_vfree(BIO *a); +int BIO_read(BIO *b, void *data, int len); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int len); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, + void (*fp) (struct bio_st *, int, const char *, int, + long, long)); +char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +BIO_METHOD *BIO_s_mem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +BIO_METHOD *BIO_s_socket(void); +BIO_METHOD *BIO_s_connect(void); +BIO_METHOD *BIO_s_accept(void); +BIO_METHOD *BIO_s_fd(void); +# ifndef OPENSSL_SYS_OS2 +BIO_METHOD *BIO_s_log(void); +# endif +BIO_METHOD *BIO_s_bio(void); +BIO_METHOD *BIO_s_null(void); +BIO_METHOD *BIO_f_null(void); +BIO_METHOD *BIO_f_buffer(void); +# ifdef OPENSSL_SYS_VMS +BIO_METHOD *BIO_f_linebuffer(void); +# endif +BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +BIO_METHOD *BIO_s_datagram(void); +# ifndef OPENSSL_NO_SCTP +BIO_METHOD *BIO_s_datagram_sctp(void); +# endif +# endif + +/* BIO_METHOD *BIO_f_ber(void); */ + +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +int BIO_dgram_non_fatal_error(int error); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_FP_API +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +struct hostent *BIO_gethostbyname(const char *name); +/*- + * We might want a thread-safe interface too: + * struct hostent *BIO_gethostbyname_r(const char *name, + * struct hostent *result, void *buffer, size_t buflen); + * or something similar (caller allocates a struct hostent, + * pointed to by "result", and additional buffer space for the various + * substructures; if the buffer does not suffice, NULL is returned + * and an appropriate error code is set). + */ +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_get_port(const char *str, unsigned short *port_ptr); +int BIO_get_host_ip(const char *str, unsigned char *ip); +int BIO_get_accept_socket(char *host_port, int mode); +int BIO_accept(int sock, char **ip_port); +int BIO_sock_init(void); +void BIO_sock_cleanup(void); +int BIO_set_tcp_ndelay(int sock, int turn_on); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void + *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +BIO *BIO_new_fd(int fd, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# ifdef __GNUC__ +# define __bio_h__attr__ __attribute__ +# else +# define __bio_h__attr__(x) +# endif +int BIO_printf(BIO *bio, const char *format, ...) +__bio_h__attr__((__format__(__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +__bio_h__attr__((__format__(__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +__bio_h__attr__((__format__(__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +__bio_h__attr__((__format__(__printf__, 3, 0))); +# undef __bio_h__attr__ + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BIO_strings(void); + +/* Error codes for the BIO functions. */ + +/* Function codes. */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_BER_GET_HEADER 102 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETHOSTBYNAME 120 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_ACCEPT_SOCKET 105 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_MEM_READ 128 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_SSL_NEW 118 +# define BIO_F_WSASTARTUP 119 + +/* Reason codes. */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BAD_HOSTNAME_LOOKUP 102 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_EOF_ON_MEMORY_BIO 127 +# define BIO_R_ERROR_SETTING_NBIO 104 +# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 +# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_IP_ADDRESS 108 +# define BIO_R_IN_USE 123 +# define BIO_R_KEEPALIVE 109 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 +# define BIO_R_NO_HOSTNAME_SPECIFIED 112 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_PORT_SPECIFIED 114 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_TAG_MISMATCH 116 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/blowfish.h b/libs/mac/include/openssl/blowfish.h new file mode 100644 index 00000000..83293027 --- /dev/null +++ b/libs/mac/include/openssl/blowfish.h @@ -0,0 +1,130 @@ +/* crypto/bf/blowfish.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_BF +# error BF is disabled. +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! BF_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +# if defined(__LP32__) +# define BF_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define BF_LONG unsigned long +# define BF_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +# else +# define BF_LONG unsigned int +# endif + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +# ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +# endif +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/bn.h b/libs/mac/include/openssl/bn.h new file mode 100644 index 00000000..633d1b1f --- /dev/null +++ b/libs/mac/include/openssl/bn.h @@ -0,0 +1,951 @@ +/* crypto/bn/bn.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# include +# ifndef OPENSSL_NO_FP_API +# include /* FILE */ +# endif +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These preprocessor symbols control various aspects of the bignum headers + * and library code. They're not defined by any "normal" configuration, as + * they are intended for development and testing purposes. NB: defining all + * three can be useful for debugging application code as well as openssl + * itself. BN_DEBUG - turn on various debugging alterations to the bignum + * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +# ifndef OPENSSL_SMALL_FOOTPRINT +# define BN_MUL_COMBA +# define BN_SQR_COMBA +# define BN_RECURSION +# endif + +/* + * This next option uses the C libraries (2 word)/(1 word) function. If it is + * not defined, I use my C version (which is slower). The reason for this + * flag is that when the particular C compiler library routine is used, and + * the library is linked with a different compiler, the library is missing. + * This mostly happens when the library is built with gcc and then linked + * using normal cc. This would be a common occurrence because gcc normally + * produces code that is 2 times faster than system compilers for the big + * number stuff. For machines with only one compiler (or shared libraries), + * this should be on. Again this in only really a problem on machines using + * "long long's", are 32bit, and are not using my assembler code. + */ +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# ifndef BN_DIV2W +# define BN_DIV2W +# endif +# endif + +/* + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULLONG unsigned long long +# define BN_ULONG unsigned long +# define BN_LONG long +# define BN_BITS 128 +# define BN_BYTES 8 +# define BN_BITS2 64 +# define BN_BITS4 32 +# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +# define BN_MASK2 (0xffffffffffffffffL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000L) +# define BN_MASK2h1 (0xffffffff80000000L) +# define BN_TBIT (0x8000000000000000L) +# define BN_DEC_CONV (10000000000000000000UL) +# define BN_DEC_FMT1 "%lu" +# define BN_DEC_FMT2 "%019lu" +# define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%lX" +# define BN_HEX_FMT2 "%016lX" +# endif + +/* + * This is where the long long data type is 64 bits, but long is 32. For + * machines where there are 64bit registers, this is the mode to use. IRIX, + * on R4000 and above should use this mode, along with the relevant assembler + * code :-). Do NOT define BN_LLONG. + */ +# ifdef SIXTY_FOUR_BIT +# undef BN_LLONG +# undef BN_ULLONG +# define BN_ULONG unsigned long long +# define BN_LONG long long +# define BN_BITS 128 +# define BN_BYTES 8 +# define BN_BITS2 64 +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffLL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000LL) +# define BN_MASK2h1 (0xffffffff80000000LL) +# define BN_TBIT (0x8000000000000000LL) +# define BN_DEC_CONV (10000000000000000000ULL) +# define BN_DEC_FMT1 "%llu" +# define BN_DEC_FMT2 "%019llu" +# define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%llX" +# define BN_HEX_FMT2 "%016llX" +# endif + +# ifdef THIRTY_TWO_BIT +# ifdef BN_LLONG +# if defined(_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# define BN_MASK (0xffffffffffffffffI64) +# else +# define BN_ULLONG unsigned long long +# define BN_MASK (0xffffffffffffffffLL) +# endif +# endif +# define BN_ULONG unsigned int +# define BN_LONG int +# define BN_BITS 64 +# define BN_BYTES 4 +# define BN_BITS2 32 +# define BN_BITS4 16 +# define BN_MASK2 (0xffffffffL) +# define BN_MASK2l (0xffff) +# define BN_MASK2h1 (0xffff8000L) +# define BN_MASK2h (0xffff0000L) +# define BN_TBIT (0x80000000L) +# define BN_DEC_CONV (1000000000L) +# define BN_DEC_FMT1 "%u" +# define BN_DEC_FMT2 "%09u" +# define BN_DEC_NUM 9 +# define BN_HEX_FMT1 "%X" +# define BN_HEX_FMT2 "%08X" +# endif + +# define BN_DEFAULT_BITS 1280 + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 + +# ifdef OPENSSL_NO_DEPRECATED +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +/* + * avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) + */ +# endif + +# ifndef OPENSSL_NO_DEPRECATED +# define BN_FLG_FREE 0x8000 + /* used for debuging */ +# endif +# define BN_set_flags(b,n) ((b)->flags|=(n)) +# define BN_get_flags(b,n) ((b)->flags&(n)) + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot not be used in parallel!) + */ +# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +/* Already declared in ossl_typ.h */ +# if 0 +typedef struct bignum_st BIGNUM; +/* Used for temp variables (declaration hidden in bn_lcl.h) */ +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; +# endif + +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ + int flags; +}; + +/* + * Used for reciprocal division/mod functions It cannot be shared between + * threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1) (int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2) (int, int, BN_GENCB *); + } cb; +}; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +# define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * number of Miller-Rabin iterations for an error rate of less than 2^-80 for + * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of + * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; + * original paper: Damgaard, Landrock, Pomerance: Average case error + * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) + * 177-194) + */ +# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ + (b) >= 450 ? 6 : \ + (b) >= 400 ? 7 : \ + (b) >= 350 ? 8 : \ + (b) >= 300 ? 9 : \ + (b) >= 250 ? 12 : \ + (b) >= 200 ? 15 : \ + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +# define BN_is_zero(a) ((a)->top == 0) +# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + +# define BN_one(a) (BN_set_word((a),1)) +# define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) +# ifdef OPENSSL_NO_DEPRECATED +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +# ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *c); +# endif +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_init(BIGNUM *); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +# define BN_is_negative(a) ((a)->neg != 0) + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_FP_API +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +# ifdef HEADER_BIO_H +int BN_print(BIO *fp, const BIGNUM *a); +# else +int BN_print(void *fp, const BIGNUM *a); +# endif +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +# ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback) (int, int, void *), void *cb_arg); +int BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), BN_CTX *ctx, + void *cb_arg, int do_trial_division); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); +# ifndef OPENSSL_NO_DEPRECATED +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +# endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +# ifndef OPENSSL_NO_DEPRECATED +void BN_set_params(int mul, int high, int low, int mont); +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +# endif + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +/* library internal functions */ + +# define bn_expand(a,bits) \ + ( \ + bits > (INT_MAX - BN_BITS2 + 1) ? \ + NULL \ + : \ + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ + (a) \ + : \ + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ + ) + +# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +# ifndef OPENSSL_NO_DEPRECATED +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +# endif + +/*- + * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +# ifdef BN_DEBUG + +/* We only need assert() when debugging */ +# include + +# ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +# ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf, int num); +# define BN_DEBUG_TRIX +# endif +# define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +# ifdef BN_DEBUG_TRIX +# undef RAND_pseudo_bytes +# endif +# else +# define bn_pollute(a) +# endif +# define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +# define bn_fix_top(a) bn_check_top(a) + +# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +# define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while(0) + +# else /* !BN_DEBUG */ + +# define bn_pollute(a) +# define bn_check_top(a) +# define bn_fix_top(a) bn_correct_top(a) +# define bn_check_size(bn, bits) +# define bn_wcheck_size(bn, words) + +# endif + +# define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ + { \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ + } \ + if ((a)->top == 0) \ + (a)->neg = 0; \ + bn_pollute(a); \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); + +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BN_strings(void); + +/* Error codes for the BN functions. */ + +/* Function codes. */ +# define BN_F_BNRAND 127 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_NO_BRANCH 138 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND2 108 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_MUL_RECIPROCAL 111 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_USUB 115 + +/* Reason codes. */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/buffer.h b/libs/mac/include/openssl/buffer.h new file mode 100644 index 00000000..efd240a5 --- /dev/null +++ b/libs/mac/include/openssl/buffer.h @@ -0,0 +1,125 @@ +/* crypto/buffer/buffer.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# if !defined(NO_SYS_TYPES_H) +# include +# endif + +/* Already declared in ossl_typ.h */ +/* typedef struct buf_mem_st BUF_MEM; */ + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ +}; + +BUF_MEM *BUF_MEM_new(void); +void BUF_MEM_free(BUF_MEM *a); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +size_t BUF_strnlen(const char *str, size_t maxlen); +char *BUF_strdup(const char *str); + +/* + * Like strndup, but in addition, explicitly guarantees to never read past the + * first |siz| bytes of |str|. + */ +char *BUF_strndup(const char *str, size_t siz); + +void *BUF_memdup(const void *data, size_t siz); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + +/* safe string functions */ +size_t BUF_strlcpy(char *dst, const char *src, size_t siz); +size_t BUF_strlcat(char *dst, const char *src, size_t siz); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_BUF_strings(void); + +/* Error codes for the BUF functions. */ + +/* Function codes. */ +# define BUF_F_BUF_MEMDUP 103 +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 +# define BUF_F_BUF_STRDUP 102 +# define BUF_F_BUF_STRNDUP 104 + +/* Reason codes. */ + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/camellia.h b/libs/mac/include/openssl/camellia.h new file mode 100644 index 00000000..45e8d25b --- /dev/null +++ b/libs/mac/include/openssl/camellia.h @@ -0,0 +1,132 @@ +/* crypto/camellia/camellia.h */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifdef OPENSSL_NO_CAMELLIA +# error CAMELLIA is disabled. +# endif + +# include + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +# ifdef OPENSSL_FIPS +int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); +# endif +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_Camellia_H */ diff --git a/libs/mac/include/openssl/cast.h b/libs/mac/include/openssl/cast.h new file mode 100644 index 00000000..0003ec9c --- /dev/null +++ b/libs/mac/include/openssl/cast.h @@ -0,0 +1,107 @@ +/* crypto/cast/cast.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef OPENSSL_NO_CAST +# error CAST is disabled. +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +# ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +# endif +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/cmac.h b/libs/mac/include/openssl/cmac.h new file mode 100644 index 00000000..175be834 --- /dev/null +++ b/libs/mac/include/openssl/cmac.h @@ -0,0 +1,82 @@ +/* crypto/cmac/cmac.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/cms.h b/libs/mac/include/openssl/cms.h new file mode 100644 index 00000000..e6c7f964 --- /dev/null +++ b/libs/mac/include/openssl/cms.h @@ -0,0 +1,555 @@ +/* crypto/cms/cms.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifdef OPENSSL_NO_CMS +# error CMS is disabled. +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(GENERAL_NAMES) +DECLARE_STACK_OF(CMS_RecipientEncryptedKey) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +# ifdef HEADER_X509V3_H + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +# endif +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMS_strings(void); + +/* Error codes for the CMS functions. */ + +/* Function codes. */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 + +/* Reason codes. */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_DIGEST_ERROR 161 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/conf.h b/libs/mac/include/openssl/conf.h new file mode 100644 index 00000000..fe491130 --- /dev/null +++ b/libs/mac/include/openssl/conf.h @@ -0,0 +1,268 @@ +/* crypto/conf/conf.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DECLARE_STACK_OF(CONF_VALUE) +DECLARE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_FP_API +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +void OPENSSL_config(const char *config_name); +void OPENSSL_no_config(void); + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +# if 0 /* Just to give you an idea of what I have in + * mind */ +CONF_METHOD *NCONF_XML(void); +# endif +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_FP_API +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +int NCONF_dump_fp(const CONF *conf, FILE *out); +int NCONF_dump_bio(const CONF *conf, BIO *out); + +# if 0 /* The following function has no error + * checking, and should therefore be avoided */ +long NCONF_get_number(CONF *conf, char *group, char *name); +# else +# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) +# endif + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +void CONF_modules_free(void); +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CONF_strings(void); + +/* Error codes for the CONF functions. */ + +/* Function codes. */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_BIO 102 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_MODULES_LOAD 116 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER 107 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_STR_COPY 101 + +/* Reason codes. */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_FINISH_FUNCTION 111 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/conf_api.h b/libs/mac/include/openssl/conf_api.h new file mode 100644 index 00000000..e478f7df --- /dev/null +++ b/libs/mac/include/openssl/conf_api.h @@ -0,0 +1,89 @@ +/* conf_api.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/crypto.h b/libs/mac/include/openssl/crypto.h new file mode 100644 index 00000000..6c644ce1 --- /dev/null +++ b/libs/mac/include/openssl/crypto.h @@ -0,0 +1,661 @@ +/* crypto/crypto.h */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include + +# include + +# ifndef OPENSSL_NO_FP_API +# include +# endif + +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Backward compatibility to SSLeay */ +/* + * This is more to be used to check the correct DLL is being used in the MS + * world. + */ +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION 0 +/* #define SSLEAY_OPTIONS 1 no longer supported */ +# define SSLEAY_CFLAGS 2 +# define SSLEAY_BUILT_ON 3 +# define SSLEAY_PLATFORM 4 +# define SSLEAY_DIR 5 + +/* Already declared in ossl_typ.h */ +# if 0 +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Called when a new object is created */ +typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when an object is free()ed */ +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +/* Called when we need to dup an object */ +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +# endif + +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for + * input */ + size_t *value_length; /* Returned length of value for output */ +} OPENSSL_ITEM; + +/* + * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock + * names in cryptlib.c + */ + +# define CRYPTO_LOCK_ERR 1 +# define CRYPTO_LOCK_EX_DATA 2 +# define CRYPTO_LOCK_X509 3 +# define CRYPTO_LOCK_X509_INFO 4 +# define CRYPTO_LOCK_X509_PKEY 5 +# define CRYPTO_LOCK_X509_CRL 6 +# define CRYPTO_LOCK_X509_REQ 7 +# define CRYPTO_LOCK_DSA 8 +# define CRYPTO_LOCK_RSA 9 +# define CRYPTO_LOCK_EVP_PKEY 10 +# define CRYPTO_LOCK_X509_STORE 11 +# define CRYPTO_LOCK_SSL_CTX 12 +# define CRYPTO_LOCK_SSL_CERT 13 +# define CRYPTO_LOCK_SSL_SESSION 14 +# define CRYPTO_LOCK_SSL_SESS_CERT 15 +# define CRYPTO_LOCK_SSL 16 +# define CRYPTO_LOCK_SSL_METHOD 17 +# define CRYPTO_LOCK_RAND 18 +# define CRYPTO_LOCK_RAND2 19 +# define CRYPTO_LOCK_MALLOC 20 +# define CRYPTO_LOCK_BIO 21 +# define CRYPTO_LOCK_GETHOSTBYNAME 22 +# define CRYPTO_LOCK_GETSERVBYNAME 23 +# define CRYPTO_LOCK_READDIR 24 +# define CRYPTO_LOCK_RSA_BLINDING 25 +# define CRYPTO_LOCK_DH 26 +# define CRYPTO_LOCK_MALLOC2 27 +# define CRYPTO_LOCK_DSO 28 +# define CRYPTO_LOCK_DYNLOCK 29 +# define CRYPTO_LOCK_ENGINE 30 +# define CRYPTO_LOCK_UI 31 +# define CRYPTO_LOCK_ECDSA 32 +# define CRYPTO_LOCK_EC 33 +# define CRYPTO_LOCK_ECDH 34 +# define CRYPTO_LOCK_BN 35 +# define CRYPTO_LOCK_EC_PRE_COMP 36 +# define CRYPTO_LOCK_STORE 37 +# define CRYPTO_LOCK_COMP 38 +# define CRYPTO_LOCK_FIPS 39 +# define CRYPTO_LOCK_FIPS2 40 +# define CRYPTO_NUM_LOCKS 41 + +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +# ifndef OPENSSL_NO_LOCKING +# ifndef CRYPTO_w_lock +# define CRYPTO_w_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +# define CRYPTO_w_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +# define CRYPTO_r_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) +# define CRYPTO_r_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) +# define CRYPTO_add(addr,amount,type) \ + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +# endif +# else +# define CRYPTO_w_lock(a) +# define CRYPTO_w_unlock(a) +# define CRYPTO_r_lock(a) +# define CRYPTO_r_unlock(a) +# define CRYPTO_add(a,b,c) ((*(a))+=(b)) +# endif + +/* + * Some applications as well as some parts of OpenSSL need to allocate and + * deallocate locks in a dynamic fashion. The following typedef makes this + * possible in a type-safe manner. + */ +/* struct CRYPTO_dynlock_value has to be defined by the application. */ +typedef struct { + int references; + struct CRYPTO_dynlock_value *data; +} CRYPTO_dynlock; + +/* + * The following can be used to detect memory leaks in the SSLeay library. It + * used, it turns on malloc checking + */ + +# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ +# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ + +/* + * The following are bit values to turn on or off options connected to the + * malloc checking functionality + */ + +/* Adds time to the memory checking information */ +# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ +/* Adds thread number to the memory checking information */ +# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ + +# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) + +/* predec of the BIO type */ +typedef struct bio_st BIO_dummy; + +struct crypto_ex_data_st { + STACK_OF(void) *sk; + /* gcc is screwing up this data structure :-( */ + int dummy; +}; +DECLARE_STACK_OF(void) + +/* + * This stuff is basically class callback functions The current classes are + * SSL_CTX, SSL, SSL_SESSION, and a few more + */ + +typedef struct crypto_ex_data_func_st { + long argl; /* Arbitary long */ + void *argp; /* Arbitary void * */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +} CRYPTO_EX_DATA_FUNCS; + +DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + +/* + * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA + * entry. + */ + +# define CRYPTO_EX_INDEX_BIO 0 +# define CRYPTO_EX_INDEX_SSL 1 +# define CRYPTO_EX_INDEX_SSL_CTX 2 +# define CRYPTO_EX_INDEX_SSL_SESSION 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_RSA 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_DH 8 +# define CRYPTO_EX_INDEX_ENGINE 9 +# define CRYPTO_EX_INDEX_X509 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_ECDSA 12 +# define CRYPTO_EX_INDEX_ECDH 13 +# define CRYPTO_EX_INDEX_COMP 14 +# define CRYPTO_EX_INDEX_STORE 15 + +/* + * Dynamically assigned indexes start from this value (don't use directly, + * use via CRYPTO_ex_data_new_class). + */ +# define CRYPTO_EX_INDEX_USER 100 + +/* + * This is the default callbacks, but we can have others as well: this is + * needed in Win32 where the application malloc and the library malloc may + * not be the same. + */ +# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ + malloc, realloc, free) + +# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD +# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ +# define CRYPTO_MDEBUG +# endif +# endif + +/* + * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG + * is defined) + */ +# define CRYPTO_malloc_debug_init() do {\ + CRYPTO_set_mem_debug_functions(\ + CRYPTO_dbg_malloc,\ + CRYPTO_dbg_realloc,\ + CRYPTO_dbg_free,\ + CRYPTO_dbg_set_options,\ + CRYPTO_dbg_get_options);\ + } while(0) + +int CRYPTO_mem_ctrl(int mode); +int CRYPTO_is_mem_check_on(void); + +/* for applications */ +# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) +# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) + +/* for library-internal use */ +# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) +# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) +# define is_MemCheck_on() CRYPTO_is_mem_check_on() + +# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +# define OPENSSL_realloc(addr,num) \ + CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +# define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) +# define OPENSSL_remalloc(addr,num) \ + CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) +# define OPENSSL_freeFunc CRYPTO_free +# define OPENSSL_free(addr) CRYPTO_free(addr) + +# define OPENSSL_malloc_locked(num) \ + CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) +# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + +const char *SSLeay_version(int type); +unsigned long SSLeay(void); + +int OPENSSL_issetugid(void); + +/* An opaque type representing an implementation of "ex_data" support */ +typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; +/* Return an opaque pointer to the current "ex_data" implementation */ +const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); +/* Sets the "ex_data" implementation to be used (if it's not too late) */ +int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); +/* Get a new "ex_data" class, and return the corresponding "class_index" */ +int CRYPTO_ex_data_new_class(void); +/* Within a given class, get/register a new index */ +int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + CRYPTO_EX_DATA *from); +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +void CRYPTO_cleanup_all_ex_data(void); + +int CRYPTO_get_new_lockid(char *name); + +int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ +void CRYPTO_lock(int mode, int type, const char *file, int line); +void CRYPTO_set_locking_callback(void (*func) (int mode, int type, + const char *file, int line)); +void (*CRYPTO_get_locking_callback(void)) (int mode, int type, + const char *file, int line); +void CRYPTO_set_add_lock_callback(int (*func) + (int *num, int mount, int type, + const char *file, int line)); +int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, + const char *file, int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st { + void *ptr; + unsigned long val; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +# ifndef OPENSSL_NO_DEPRECATED +void CRYPTO_set_id_callback(unsigned long (*func) (void)); +unsigned long (*CRYPTO_get_id_callback(void)) (void); +unsigned long CRYPTO_thread_id(void); +# endif + +const char *CRYPTO_get_lock_name(int type); +int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line); + +int CRYPTO_get_new_dynlockid(void); +void CRYPTO_destroy_dynlockid(int i); +struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value + *(*dyn_create_function) (const char + *file, + int line)); +void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) + (int mode, + struct CRYPTO_dynlock_value *l, + const char *file, int line)); +void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) + (struct CRYPTO_dynlock_value *l, + const char *file, int line)); +struct CRYPTO_dynlock_value +*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); +void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, + struct CRYPTO_dynlock_value + *l, const char *file, + int line); +void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value + *l, const char *file, + int line); + +/* + * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call + * the latter last if you need different functions + */ +int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), + void (*f) (void *)); +int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), + void (*free_func) (void *)); +int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, + int), void (*f) (void *)); +int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), + void (*free_func) (void *)); +int CRYPTO_set_mem_debug_functions(void (*m) + (void *, int, const char *, int, int), + void (*r) (void *, void *, int, + const char *, int, int), + void (*f) (void *, int), void (*so) (long), + long (*go) (void)); +void CRYPTO_get_mem_functions(void *(**m) (size_t), + void *(**r) (void *, size_t), + void (**f) (void *)); +void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), + void (**f) (void *)); +void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, + int), void (**f) (void *)); +void CRYPTO_get_locked_mem_ex_functions(void + *(**m) (size_t, const char *, int), + void (**f) (void *)); +void CRYPTO_get_mem_debug_functions(void (**m) + (void *, int, const char *, int, int), + void (**r) (void *, void *, int, + const char *, int, int), + void (**f) (void *, int), + void (**so) (long), long (**go) (void)); + +void *CRYPTO_malloc_locked(int num, const char *file, int line); +void CRYPTO_free_locked(void *ptr); +void *CRYPTO_malloc(int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +void CRYPTO_free(void *ptr); +void *CRYPTO_realloc(void *addr, int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, + int line); +void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); + +void OPENSSL_cleanse(void *ptr, size_t len); + +void CRYPTO_set_mem_debug_options(long bits); +long CRYPTO_get_mem_debug_options(void); + +# define CRYPTO_push_info(info) \ + CRYPTO_push_info_(info, __FILE__, __LINE__); +int CRYPTO_push_info_(const char *info, const char *file, int line); +int CRYPTO_pop_info(void); +int CRYPTO_remove_all_info(void); + +/* + * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; + * used as default in CRYPTO_MDEBUG compilations): + */ +/*- + * The last argument has the following significance: + * + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + int before_p); +void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, + int line, int before_p); +void CRYPTO_dbg_free(void *addr, int before_p); +/*- + * Tell the debugging code about options. By default, the following values + * apply: + * + * 0: Clear all options. + * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. + * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. + * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 + */ +void CRYPTO_dbg_set_options(long bits); +long CRYPTO_dbg_get_options(void); + +# ifndef OPENSSL_NO_FP_API +void CRYPTO_mem_leaks_fp(FILE *); +# endif +void CRYPTO_mem_leaks(struct bio_st *bio); +/* unsigned long order, char *file, int line, int num_bytes, char *addr */ +typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, + void *); +void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + +/* die if we have to */ +void OpenSSLDie(const char *file, int line, const char *assertion); +# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) + +unsigned long *OPENSSL_ia32cap_loc(void); +# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); + +# define fips_md_init(alg) fips_md_init_ctx(alg, alg) + +# ifdef OPENSSL_FIPS +# define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) \ + { \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(cx##_CTX *c) + +# define fips_cipher_abort(alg) \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to cipher " #alg " forbidden in FIPS mode!") + +# else +# define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) +# define fips_cipher_abort(alg) while(0) +# endif + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CRYPTO_strings(void); + +/* Error codes for the CRYPTO functions. */ + +/* Function codes. */ +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 +# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_DEF_ADD_INDEX 104 +# define CRYPTO_F_DEF_GET_CLASS 105 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_INT_DUP_EX_DATA 106 +# define CRYPTO_F_INT_FREE_EX_DATA 107 +# define CRYPTO_F_INT_NEW_EX_DATA 108 + +/* Reason codes. */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/des.h b/libs/mac/include/openssl/des.h new file mode 100644 index 00000000..1b40144e --- /dev/null +++ b/libs/mac/include/openssl/des.h @@ -0,0 +1,257 @@ +/* crypto/des/des.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_NEW_DES_H +# define HEADER_NEW_DES_H + +# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG + * (via openssl/opensslconf.h */ + +# ifdef OPENSSL_NO_DES +# error DES is disabled. +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT +# define OPENSSL_ENABLE_OLD_DES_SUPPORT +# endif +# endif + +# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT +# include +# endif + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) +OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */ +# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec1, DES_cblock *ivec2, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +# if 0 +void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, + DES_cblock *out_white); +# endif + +int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, + DES_cblock *iv); +int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, + DES_cblock *iv); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +# ifdef OPENSSL_FIPS +void private_DES_set_key_unchecked(const_DES_cblock *key, + DES_key_schedule *schedule); +# endif +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +int DES_read_password(DES_cblock *key, const char *prompt, int verify); +int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, + const char *prompt, int verify); + +# define DES_fixup_key_parity DES_set_odd_parity + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/des_old.h b/libs/mac/include/openssl/des_old.h new file mode 100644 index 00000000..ee7607a2 --- /dev/null +++ b/libs/mac/include/openssl/des_old.h @@ -0,0 +1,497 @@ +/* crypto/des/des_old.h */ + +/*- + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * The function names in here are deprecated and are only present to + * provide an interface compatible with openssl 0.9.6 and older as + * well as libdes. OpenSSL now provides functions where "des_" has + * been replaced with "DES_" in the names, to make it possible to + * make incompatible changes that are needed for C type security and + * other stuff. + * + * This include files has two compatibility modes: + * + * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API + * that is compatible with libdes and SSLeay. + * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an + * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. + * + * Note that these modes break earlier snapshots of OpenSSL, where + * libdes compatibility was the only available mode or (later on) the + * prefered compatibility mode. However, after much consideration + * (and more or less violent discussions with external parties), it + * was concluded that OpenSSL should be compatible with earlier versions + * of itself before anything else. Also, in all honesty, libdes is + * an old beast that shouldn't really be used any more. + * + * Please consider starting to use the DES_ functions rather than the + * des_ ones. The des_ functions will disappear completely before + * OpenSSL 1.0! + * + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +/* + * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project + * 2001. + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + +# ifdef OPENSSL_NO_DES +# error DES is disabled. +# endif + +# ifndef HEADER_NEW_DES_H +# error You must include des.h, not des_old.h directly. +# endif + +# ifdef _KERBEROS_DES_H +# error replaces . +# endif + +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef _ +# undef _ +# endif + +typedef unsigned char _ossl_old_des_cblock[8]; +typedef struct _ossl_old_des_ks_struct { + union { + _ossl_old_des_cblock _; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG pad[2]; + } ks; +} _ossl_old_des_key_schedule[16]; + +# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY +# define des_cblock DES_cblock +# define const_des_cblock const_DES_cblock +# define des_key_schedule DES_key_schedule +# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ + DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) +# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ + DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) +# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ + DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) +# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ + DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) +# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ + DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) +# define des_options()\ + DES_options() +# define des_cbc_cksum(i,o,l,k,iv)\ + DES_cbc_cksum((i),(o),(l),&(k),(iv)) +# define des_cbc_encrypt(i,o,l,k,iv,e)\ + DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) +# define des_ncbc_encrypt(i,o,l,k,iv,e)\ + DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) +# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ + DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) +# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) +# define des_ecb_encrypt(i,o,k,e)\ + DES_ecb_encrypt((i),(o),&(k),(e)) +# define des_encrypt1(d,k,e)\ + DES_encrypt1((d),&(k),(e)) +# define des_encrypt2(d,k,e)\ + DES_encrypt2((d),&(k),(e)) +# define des_encrypt3(d,k1,k2,k3)\ + DES_encrypt3((d),&(k1),&(k2),&(k3)) +# define des_decrypt3(d,k1,k2,k3)\ + DES_decrypt3((d),&(k1),&(k2),&(k3)) +# define des_xwhite_in2out(k,i,o)\ + DES_xwhite_in2out((k),(i),(o)) +# define des_enc_read(f,b,l,k,iv)\ + DES_enc_read((f),(b),(l),&(k),(iv)) +# define des_enc_write(f,b,l,k,iv)\ + DES_enc_write((f),(b),(l),&(k),(iv)) +# define des_fcrypt(b,s,r)\ + DES_fcrypt((b),(s),(r)) +# if 0 +# define des_crypt(b,s)\ + DES_crypt((b),(s)) +# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) +# define crypt(b,s)\ + DES_crypt((b),(s)) +# endif +# endif +# define des_ofb_encrypt(i,o,n,l,k,iv)\ + DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) +# define des_pcbc_encrypt(i,o,l,k,iv,e)\ + DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) +# define des_quad_cksum(i,o,l,c,s)\ + DES_quad_cksum((i),(o),(l),(c),(s)) +# define des_random_seed(k)\ + _ossl_096_des_random_seed((k)) +# define des_random_key(r)\ + DES_random_key((r)) +# define des_read_password(k,p,v) \ + DES_read_password((k),(p),(v)) +# define des_read_2passwords(k1,k2,p,v) \ + DES_read_2passwords((k1),(k2),(p),(v)) +# define des_set_odd_parity(k)\ + DES_set_odd_parity((k)) +# define des_check_key_parity(k)\ + DES_check_key_parity((k)) +# define des_is_weak_key(k)\ + DES_is_weak_key((k)) +# define des_set_key(k,ks)\ + DES_set_key((k),&(ks)) +# define des_key_sched(k,ks)\ + DES_key_sched((k),&(ks)) +# define des_set_key_checked(k,ks)\ + DES_set_key_checked((k),&(ks)) +# define des_set_key_unchecked(k,ks)\ + DES_set_key_unchecked((k),&(ks)) +# define des_string_to_key(s,k)\ + DES_string_to_key((s),(k)) +# define des_string_to_2keys(s,k1,k2)\ + DES_string_to_2keys((s),(k1),(k2)) +# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ + DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) +# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ + DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) + +# define des_ecb2_encrypt(i,o,k1,k2,e) \ + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +# define des_check_key DES_check_key +# define des_rw_mode DES_rw_mode +# else /* libdes compatibility */ +/* + * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with + * libdes + */ +# define des_cblock _ossl_old_des_cblock +# define des_key_schedule _ossl_old_des_key_schedule +# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ + _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) +# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ + _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) +# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ + _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) +# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ + _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) +# define des_options()\ + _ossl_old_des_options() +# define des_cbc_cksum(i,o,l,k,iv)\ + _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) +# define des_cbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) +# define des_ncbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) +# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ + _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) +# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ + _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) +# define des_ecb_encrypt(i,o,k,e)\ + _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) +# define des_encrypt(d,k,e)\ + _ossl_old_des_encrypt((d),(k),(e)) +# define des_encrypt2(d,k,e)\ + _ossl_old_des_encrypt2((d),(k),(e)) +# define des_encrypt3(d,k1,k2,k3)\ + _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) +# define des_decrypt3(d,k1,k2,k3)\ + _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) +# define des_xwhite_in2out(k,i,o)\ + _ossl_old_des_xwhite_in2out((k),(i),(o)) +# define des_enc_read(f,b,l,k,iv)\ + _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) +# define des_enc_write(f,b,l,k,iv)\ + _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) +# define des_fcrypt(b,s,r)\ + _ossl_old_des_fcrypt((b),(s),(r)) +# define des_crypt(b,s)\ + _ossl_old_des_crypt((b),(s)) +# if 0 +# define crypt(b,s)\ + _ossl_old_crypt((b),(s)) +# endif +# define des_ofb_encrypt(i,o,n,l,k,iv)\ + _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) +# define des_pcbc_encrypt(i,o,l,k,iv,e)\ + _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) +# define des_quad_cksum(i,o,l,c,s)\ + _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) +# define des_random_seed(k)\ + _ossl_old_des_random_seed((k)) +# define des_random_key(r)\ + _ossl_old_des_random_key((r)) +# define des_read_password(k,p,v) \ + _ossl_old_des_read_password((k),(p),(v)) +# define des_read_2passwords(k1,k2,p,v) \ + _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) +# define des_set_odd_parity(k)\ + _ossl_old_des_set_odd_parity((k)) +# define des_is_weak_key(k)\ + _ossl_old_des_is_weak_key((k)) +# define des_set_key(k,ks)\ + _ossl_old_des_set_key((k),(ks)) +# define des_key_sched(k,ks)\ + _ossl_old_des_key_sched((k),(ks)) +# define des_string_to_key(s,k)\ + _ossl_old_des_string_to_key((s),(k)) +# define des_string_to_2keys(s,k1,k2)\ + _ossl_old_des_string_to_2keys((s),(k1),(k2)) +# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ + _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) +# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ + _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) + +# define des_ecb2_encrypt(i,o,k1,k2,e) \ + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +# define des_check_key DES_check_key +# define des_rw_mode DES_rw_mode +# endif + +const char *_ossl_old_des_options(void); +void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, int enc); +DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec); +void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int enc); +void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int enc); +void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, + _ossl_old_des_cblock *inw, + _ossl_old_des_cblock *outw, int enc); +void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, + int numbits, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int enc); +void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, + _ossl_old_des_key_schedule ks, int enc); +void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, + int enc); +void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, + int enc); +void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3); +void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3); +void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, + _ossl_old_des_cblock *ivec, int enc); +void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, + long length, + _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, + _ossl_old_des_cblock *ivec, int *num, + int enc); +void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, + long length, + _ossl_old_des_key_schedule ks1, + _ossl_old_des_key_schedule ks2, + _ossl_old_des_key_schedule ks3, + _ossl_old_des_cblock *ivec, int *num); +# if 0 +void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), + _ossl_old_des_cblock (*in_white), + _ossl_old_des_cblock (*out_white)); +# endif + +int _ossl_old_des_enc_read(int fd, char *buf, int len, + _ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); +int _ossl_old_des_enc_write(int fd, char *buf, int len, + _ossl_old_des_key_schedule sched, + _ossl_old_des_cblock *iv); +char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); +char *_ossl_old_des_crypt(const char *buf, const char *salt); +# if !defined(PERL5) && !defined(NeXT) +char *_ossl_old_crypt(const char *buf, const char *salt); +# endif +void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, + int numbits, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec); +void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int enc); +DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, + _ossl_old_des_cblock *output, long length, + int out_count, _ossl_old_des_cblock *seed); +void _ossl_old_des_random_seed(_ossl_old_des_cblock key); +void _ossl_old_des_random_key(_ossl_old_des_cblock ret); +int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, + int verify); +int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, + _ossl_old_des_cblock *key2, + const char *prompt, int verify); +void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); +int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); +int _ossl_old_des_set_key(_ossl_old_des_cblock *key, + _ossl_old_des_key_schedule schedule); +int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, + _ossl_old_des_key_schedule schedule); +void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); +void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, + _ossl_old_des_cblock *key2); +void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, + long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int *num, + int enc); +void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, + long length, + _ossl_old_des_key_schedule schedule, + _ossl_old_des_cblock *ivec, int *num); + +void _ossl_096_des_random_seed(des_cblock *key); + +/* + * The following definitions provide compatibility with the MIT Kerberos + * library. The _ossl_old_des_key_schedule structure is not binary + * compatible. + */ + +# define _KERBEROS_DES_H + +# define KRBDES_ENCRYPT DES_ENCRYPT +# define KRBDES_DECRYPT DES_DECRYPT + +# ifdef KERBEROS +# define ENCRYPT DES_ENCRYPT +# define DECRYPT DES_DECRYPT +# endif + +# ifndef NCOMPAT +# define C_Block des_cblock +# define Key_schedule des_key_schedule +# define KEY_SZ DES_KEY_SZ +# define string_to_key des_string_to_key +# define read_pw_string des_read_pw_string +# define random_key des_random_key +# define pcbc_encrypt des_pcbc_encrypt +# define set_key des_set_key +# define key_sched des_key_sched +# define ecb_encrypt des_ecb_encrypt +# define cbc_encrypt des_cbc_encrypt +# define ncbc_encrypt des_ncbc_encrypt +# define xcbc_encrypt des_xcbc_encrypt +# define cbc_cksum des_cbc_cksum +# define quad_cksum des_quad_cksum +# define check_parity des_check_key_parity +# endif + +# define des_fixup_key_parity DES_fixup_key_parity + +#ifdef __cplusplus +} +#endif + +/* for DES_read_pw_string et al */ +# include + +#endif diff --git a/libs/mac/include/openssl/dh.h b/libs/mac/include/openssl/dh.h new file mode 100644 index 00000000..80b28fb3 --- /dev/null +++ b/libs/mac/include/openssl/dh.h @@ -0,0 +1,412 @@ +/* crypto/dh/dh.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifdef OPENSSL_NO_DH +# error DH is disabled. +# endif + +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define DH_FLAG_CACHE_MONT_P 0x01 + +/* + * new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x02 + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key) (DH *dh); + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); + /* Can be null */ + int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + int (*init) (DH *dh); + int (*finish) (DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params) (DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; + +struct dh_st { + /* + * This first argument is used to pick up errors when a DH is passed + * instead of a EVP_PKEY + */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x % p */ + BIGNUM *priv_key; /* x */ + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +# ifndef OPENSSL_NO_DEPRECATED +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +# ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +# else +int DHparams_print(char *bp, const DH *x); +# endif + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# define EVP_PKEY_DH_KDF_X9_42 2 + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DH_strings(void); + +/* Error codes for the DH functions. */ + +/* Function codes. */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CMS_DECRYPT 117 +# define DH_F_DH_CMS_SET_PEERKEY 118 +# define DH_F_DH_CMS_SET_SHARED_INFO 119 +# define DH_F_DH_COMPUTE_KEY 114 +# define DH_F_DH_GENERATE_KEY 115 +# define DH_F_DH_GENERATE_PARAMETERS_EX 116 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_GENERATE_PARAMETERS 104 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* Reason codes. */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_KEY_SIZE_TOO_SMALL 110 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NON_FIPS_METHOD 111 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 113 +# define DH_R_SHARED_INFO_ERROR 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/dsa.h b/libs/mac/include/openssl/dsa.h new file mode 100644 index 00000000..545358fd --- /dev/null +++ b/libs/mac/include/openssl/dsa.h @@ -0,0 +1,332 @@ +/* crypto/dsa/dsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * The DSS routines are based on patches supplied by + * Steven Schoch . He basically did the + * work and I have just tweaked them a little to fit into my + * stylistic vision for SSLeay :-) */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifdef OPENSSL_NO_DSA +# error DSA is disabled. +# endif + +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED +# include +# ifndef OPENSSL_NO_DH +# include +# endif +# endif + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define DSA_FLAG_CACHE_MONT_P 0x01 +/* + * new with 0.9.7h; the built-in DSA implementation now uses constant time + * modular exponentiation for secret exponents by default. This flag causes + * the faster variable sliding window method to be used for all exponents. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +} DSA_SIG; + +struct dsa_method { + const char *name; + DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + /* Can be null */ + int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*init) (DSA *dsa); + int (*finish) (DSA *dsa); + int flags; + char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen) (DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen) (DSA *dsa); +}; + +struct dsa_st { + /* + * This first variable is used to pick up errors where a DSA is passed + * instead of of a EVP_PKEY + */ + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + BIGNUM *kinv; /* Signing pre-calc */ + BIGNUM *r; /* Signing pre-calc */ + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + int references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; +}; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); + /* next 4 return -1 on error */ +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +# ifndef OPENSSL_NO_DEPRECATED +DSA *DSA_generate_parameters(int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, void + (*callback) (int, int, void *), void *cb_arg); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +# ifndef OPENSSL_NO_BIO +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# endif +# ifndef OPENSSL_NO_FP_API +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 50 +/* + * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of + * Rabin-Miller + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DSA_strings(void); + +/* Error codes for the DSA functions. */ + +/* Function codes. */ +# define DSA_F_D2I_DSA_SIG 110 +# define DSA_F_DO_DSA_PRINT 104 +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_GENERATE_KEY 124 +# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 109 +# define DSA_F_DSA_SIG_PRINT 125 +# define DSA_F_DSA_VERIFY 108 +# define DSA_F_I2D_DSA_SIG 111 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_KEYGEN 121 +# define DSA_F_SIG_CB 114 + +/* Reason codes. */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NEED_NEW_SETUP_VALUES 110 +# define DSA_R_NON_FIPS_DSA_METHOD 111 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/dso.h b/libs/mac/include/openssl/dso.h new file mode 100644 index 00000000..c9013f5c --- /dev/null +++ b/libs/mac/include/openssl/dso.h @@ -0,0 +1,451 @@ +/* dso.h */ +/* + * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project + * 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DSO_H +# define HEADER_DSO_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* These values are used as commands to DSO_ctrl() */ +# define DSO_CTRL_GET_FLAGS 1 +# define DSO_CTRL_SET_FLAGS 2 +# define DSO_CTRL_OR_FLAGS 3 + +/* + * By default, DSO_load() will translate the provided filename into a form + * typical for the platform (more specifically the DSO_METHOD) using the + * dso_name_converter function of the method. Eg. win32 will transform "blah" + * into "blah.dll", and dlfcn will transform it into "libblah.so". The + * behaviour can be overriden by setting the name_converter callback in the + * DSO object (using DSO_set_name_converter()). This callback could even + * utilise the DSO_METHOD's converter too if it only wants to override + * behaviour for one or two possible DSO methods. However, the following flag + * can be set in a DSO to prevent *any* native name-translation at all - eg. + * if the caller has prompted the user for a path to a driver library so the + * filename should be interpreted as-is. + */ +# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +/* + * An extra flag to give if only the extension should be added as + * translation. This is obviously only of importance on Unix and other + * operating systems where the translation also may prefix the name with + * something, like 'lib', and ignored everywhere else. This flag is also + * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. + */ +# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 + +/* + * The following flag controls the translation of symbol names to upper case. + * This is currently only being implemented for OpenVMS. + */ +# define DSO_FLAG_UPCASE_SYMBOL 0x10 + +/* + * This flag loads the library with public symbols. Meaning: The exported + * symbols of this library are public to all libraries loaded after this + * library. At the moment only implemented in unix. + */ +# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + +typedef void (*DSO_FUNC_TYPE) (void); + +typedef struct dso_st DSO; + +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that transform filenames. They are passed a DSO structure + * pointer (or NULL if they are to be used independantly of a DSO object) and + * a filename to transform. They should either return NULL (if there is an + * error condition) or a newly allocated string containing the transformed + * form that the caller will need to free with OPENSSL_free() when done. + */ +typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a DSO + * structure pointer (or NULL if they are to be used independantly of a DSO + * object) and two file specifications to merge. They should either return + * NULL (if there is an error condition) or a newly allocated string + * containing the result of merging that the caller will need to free with + * OPENSSL_free() when done. Here, merging means that bits and pieces are + * taken from each of the file specifications and added together in whatever + * fashion that is sensible for the DSO method in question. The only rule + * that really applies is that if the two specification contain pieces of the + * same type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the second + * being a bunch of defaults to add on if they're missing in the first. + */ +typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); + +typedef struct dso_meth_st { + const char *name; + /* + * Loads a shared library, NB: new DSO_METHODs must ensure that a + * successful load populates the loaded_filename field, and likewise a + * successful unload OPENSSL_frees and NULLs it out. + */ + int (*dso_load) (DSO *dso); + /* Unloads a shared library */ + int (*dso_unload) (DSO *dso); + /* Binds a variable */ + void *(*dso_bind_var) (DSO *dso, const char *symname); + /* + * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should + * be cast to the real function prototype by the caller. Platforms that + * don't have compatible representations for different prototypes (this + * is possible within ANSI C) are highly unlikely to have shared + * libraries at all, let alone a DSO_METHOD implemented for them. + */ + DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); +/* I don't think this would actually be used in any circumstances. */ +# if 0 + /* Unbinds a variable */ + int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); + /* Unbinds a function */ + int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); +# endif + /* + * The generic (yuck) "ctrl()" function. NB: Negative return values + * (rather than zero) indicate errors. + */ + long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); + /* + * The default DSO_METHOD-specific function for converting filenames to a + * canonical native form. + */ + DSO_NAME_CONVERTER_FUNC dso_name_converter; + /* + * The default DSO_METHOD-specific function for converting filenames to a + * canonical native form. + */ + DSO_MERGER_FUNC dso_merger; + /* [De]Initialisation handlers. */ + int (*init) (DSO *dso); + int (*finish) (DSO *dso); + /* Return pathname of the module containing location */ + int (*pathbyaddr) (void *addr, char *path, int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup) (const char *symname); +} DSO_METHOD; + +/**********************************************************************/ +/* The low-level handle type used to refer to a loaded shared library */ + +struct dso_st { + DSO_METHOD *meth; + /* + * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use + * anything but will need to cache the filename for use in the dso_bind + * handler. All in all, let each method control its own destiny. + * "Handles" and such go in a STACK. + */ + STACK_OF(void) *meth_data; + int references; + int flags; + /* + * For use by applications etc ... use this for your bits'n'pieces, don't + * touch meth_data! + */ + CRYPTO_EX_DATA ex_data; + /* + * If this callback function pointer is set to non-NULL, then it will be + * used in DSO_load() in place of meth->dso_name_converter. NB: This + * should normally set using DSO_set_name_converter(). + */ + DSO_NAME_CONVERTER_FUNC name_converter; + /* + * If this callback function pointer is set to non-NULL, then it will be + * used in DSO_load() in place of meth->dso_merger. NB: This should + * normally set using DSO_set_merger(). + */ + DSO_MERGER_FUNC merger; + /* + * This is populated with (a copy of) the platform-independant filename + * used for this DSO. + */ + char *filename; + /* + * This is populated with (a copy of) the translated filename by which + * the DSO was actually loaded. It is NULL iff the DSO is not currently + * loaded. NB: This is here because the filename translation process may + * involve a callback being invoked more than once not only to convert to + * a platform-specific form, but also to try different filenames in the + * process of trying to perform a load. As such, this variable can be + * used to indicate (a) whether this DSO structure corresponds to a + * loaded library or not, and (b) the filename with which it was actually + * loaded. + */ + char *loaded_filename; +}; + +DSO *DSO_new(void); +DSO *DSO_new_method(DSO_METHOD *method); +int DSO_free(DSO *dso); +int DSO_flags(DSO *dso); +int DSO_up_ref(DSO *dso); +long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); + +/* + * This function sets the DSO's name_converter callback. If it is non-NULL, + * then it will be used instead of the associated DSO_METHOD's function. If + * oldcb is non-NULL then it is set to the function pointer value being + * replaced. Return value is non-zero for success. + */ +int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, + DSO_NAME_CONVERTER_FUNC *oldcb); +/* + * These functions can be used to get/set the platform-independant filename + * used for a DSO. NB: set will fail if the DSO is already loaded. + */ +const char *DSO_get_filename(DSO *dso); +int DSO_set_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a + * DSO_METHOD during the processing of a DSO_load() call, and is exposed so + * that caller-created DSO_METHODs can do the same thing. A non-NULL return + * value will need to be OPENSSL_free()'d. + */ +char *DSO_convert_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * OPENSSL_free()'d. + */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); +/* + * If the DSO is currently loaded, this returns the filename that it was + * loaded under, otherwise it returns NULL. So it is also useful as a test as + * to whether the DSO is currently loaded. NB: This will not necessarily + * return the same value as DSO_convert_filename(dso, dso->filename), because + * the DSO_METHOD's load function may have tried a variety of filenames (with + * and/or without the aid of the converters) before settling on the one it + * actually loaded. + */ +const char *DSO_get_loaded_filename(DSO *dso); + +void DSO_set_default_method(DSO_METHOD *meth); +DSO_METHOD *DSO_get_default_method(void); +DSO_METHOD *DSO_get_method(DSO *dso); +DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); + +/* + * The all-singing all-dancing load function, you normally pass NULL for the + * first and third parameters. Use DSO_up and DSO_free for subsequent + * reference count handling. Any flags passed in will be set in the + * constructed DSO after its init() function but before the load operation. + * If 'dso' is non-NULL, 'flags' is ignored. + */ +DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); + +/* This function binds to a variable inside a shared library. */ +void *DSO_bind_var(DSO *dso, const char *symname); + +/* This function binds to a function inside a shared library. */ +DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); + +/* + * This method is the default, but will beg, borrow, or steal whatever method + * should be the default on any particular platform (including + * DSO_METH_null() if necessary). + */ +DSO_METHOD *DSO_METHOD_openssl(void); + +/* + * This method is defined for all platforms - if a platform has no DSO + * support then this will be the only method! + */ +DSO_METHOD *DSO_METHOD_null(void); + +/* + * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen, + * dlclose, dlsym, etc) will be used and incorporated into this method. If + * not, this method will return NULL. + */ +DSO_METHOD *DSO_METHOD_dlfcn(void); + +/* + * If DSO_DL is defined, the standard dl.h-style functions (shl_load, + * shl_unload, shl_findsym, etc) will be used and incorporated into this + * method. If not, this method will return NULL. + */ +DSO_METHOD *DSO_METHOD_dl(void); + +/* If WIN32 is defined, use DLLs. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_win32(void); + +/* If VMS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_vms(void); + +/* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of charachers [including + * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * This function should be used with caution! It looks up symbols in *all* + * loaded modules and if module gets unloaded by somebody else attempt to + * dereference the pointer is doomed to have fatal consequences. Primary + * usage for this function is to probe *core* system functionality, e.g. + * check if getnameinfo(3) is available at run-time without bothering about + * OS-specific details such as libc.so.versioning or where does it actually + * reside: in libc itself or libsocket. + */ +void *DSO_global_lookup(const char *name); + +/* If BeOS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_beos(void); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DSO_strings(void); + +/* Error codes for the DSO functions. */ + +/* Function codes. */ +# define DSO_F_BEOS_BIND_FUNC 144 +# define DSO_F_BEOS_BIND_VAR 145 +# define DSO_F_BEOS_LOAD 146 +# define DSO_F_BEOS_NAME_CONVERTER 147 +# define DSO_F_BEOS_UNLOAD 148 +# define DSO_F_DLFCN_BIND_FUNC 100 +# define DSO_F_DLFCN_BIND_VAR 101 +# define DSO_F_DLFCN_LOAD 102 +# define DSO_F_DLFCN_MERGER 130 +# define DSO_F_DLFCN_NAME_CONVERTER 123 +# define DSO_F_DLFCN_UNLOAD 103 +# define DSO_F_DL_BIND_FUNC 104 +# define DSO_F_DL_BIND_VAR 105 +# define DSO_F_DL_LOAD 106 +# define DSO_F_DL_MERGER 131 +# define DSO_F_DL_NAME_CONVERTER 124 +# define DSO_F_DL_UNLOAD 107 +# define DSO_F_DSO_BIND_FUNC 108 +# define DSO_F_DSO_BIND_VAR 109 +# define DSO_F_DSO_CONVERT_FILENAME 126 +# define DSO_F_DSO_CTRL 110 +# define DSO_F_DSO_FREE 111 +# define DSO_F_DSO_GET_FILENAME 127 +# define DSO_F_DSO_GET_LOADED_FILENAME 128 +# define DSO_F_DSO_GLOBAL_LOOKUP 139 +# define DSO_F_DSO_LOAD 112 +# define DSO_F_DSO_MERGE 132 +# define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 140 +# define DSO_F_DSO_SET_FILENAME 129 +# define DSO_F_DSO_SET_NAME_CONVERTER 122 +# define DSO_F_DSO_UP_REF 114 +# define DSO_F_GLOBAL_LOOKUP_FUNC 138 +# define DSO_F_PATHBYADDR 137 +# define DSO_F_VMS_BIND_SYM 115 +# define DSO_F_VMS_LOAD 116 +# define DSO_F_VMS_MERGER 133 +# define DSO_F_VMS_UNLOAD 117 +# define DSO_F_WIN32_BIND_FUNC 118 +# define DSO_F_WIN32_BIND_VAR 119 +# define DSO_F_WIN32_GLOBALLOOKUP 142 +# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 +# define DSO_F_WIN32_JOINER 135 +# define DSO_F_WIN32_LOAD 120 +# define DSO_F_WIN32_MERGER 134 +# define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 141 +# define DSO_F_WIN32_SPLITTER 136 +# define DSO_F_WIN32_UNLOAD 121 + +/* Reason codes. */ +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NO_FILE_SPECIFICATION 116 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/dtls1.h b/libs/mac/include/openssl/dtls1.h new file mode 100644 index 00000000..30bbcf27 --- /dev/null +++ b/libs/mac/include/openssl/dtls1.h @@ -0,0 +1,272 @@ +/* ssl/dtls1.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +# include +# include +# ifdef OPENSSL_SYS_VMS +# include +# include +# endif +# ifdef OPENSSL_SYS_WIN32 +/* Needed for struct timeval */ +# include +# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) +# include +# else +# if defined(OPENSSL_SYS_VXWORKS) +# include +# else +# include +# endif +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +# if 0 +/* this alert description is not specified anywhere... */ +# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +# endif + +/* lengths of messages */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +# define DTLS1_AL_HEADER_LENGTH 7 +# else +# define DTLS1_AL_HEADER_LENGTH 2 +# endif + +# ifndef OPENSSL_NO_SSL_INTERN + +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +# endif + +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ +# define DTLS1_MAX_MTU_OVERHEAD 48 + +typedef struct dtls1_bitmap_st { + unsigned long map; /* track 32 packets on 32-bit systems and 64 + * - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit + * value in big-endian encoding */ +} DTLS1_BITMAP; + +struct dtls1_retransmit_state { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +# else + char *compress; +# endif + SSL_SESSION *session; + unsigned short epoch; +}; + +struct hm_header_st { + unsigned char type; + unsigned long msg_len; + unsigned short seq; + unsigned long frag_off; + unsigned long frag_len; + unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; +}; + +struct ccs_header_st { + unsigned char type; + unsigned short seq; +}; + +struct dtls1_timeout_st { + /* Number of read timeouts so far */ + unsigned int read_timeouts; + /* Number of write timeouts so far */ + unsigned int write_timeouts; + /* Number of alerts received so far */ + unsigned int num_alerts; +}; + +typedef struct record_pqueue_st { + unsigned short epoch; + pqueue q; +} record_pqueue; + +typedef struct hm_fragment_st { + struct hm_header_st msg_header; + unsigned char *fragment; + unsigned char *reassembly; +} hm_fragment; + +typedef struct dtls1_state_st { + unsigned int send_cookie; + unsigned char cookie[DTLS1_COOKIE_LENGTH]; + unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; + unsigned int cookie_len; + /* + * The current data and handshake epoch. This is initially + * undefined, and starts at zero once the initial handshake is + * completed + */ + unsigned short r_epoch; + unsigned short w_epoch; + /* records being received in the current epoch */ + DTLS1_BITMAP bitmap; + /* renegotiation starts a new set of sequence numbers */ + DTLS1_BITMAP next_bitmap; + /* handshake message numbers */ + unsigned short handshake_write_seq; + unsigned short next_handshake_write_seq; + unsigned short handshake_read_seq; + /* save last sequence number for retransmissions */ + unsigned char last_write_sequence[8]; + /* Received handshake records (processed and unprocessed) */ + record_pqueue unprocessed_rcds; + record_pqueue processed_rcds; + /* Buffered handshake messages */ + pqueue buffered_messages; + /* Buffered (sent) handshake records */ + pqueue sent_messages; + /* + * Buffered application records. Only for records between CCS and + * Finished to prevent either protocol violation or unnecessary message + * loss. + */ + record_pqueue buffered_app_data; + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ + unsigned int mtu; /* max DTLS packet size */ + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + struct dtls1_timeout_st timeout; + /* + * Indicates when the last handshake msg or heartbeat sent will timeout + */ + struct timeval next_timeout; + /* Timeout duration */ + unsigned short timeout_duration; + /* + * storage for Alert/Handshake protocol data received but not yet + * processed by ssl3_read_bytes: + */ + unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; + unsigned int handshake_fragment_len; + unsigned int retransmitting; + /* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ + unsigned int change_cipher_spec_ok; +# ifndef OPENSSL_NO_SCTP + /* used when SSL_ST_XX_FLUSH is entered */ + int next_state; + int shutdown_received; +# endif +} DTLS1_STATE; + +typedef struct dtls1_record_data_st { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER rbuf; + SSL3_RECORD rrec; +# ifndef OPENSSL_NO_SCTP + struct bio_dgram_sctp_rcvinfo recordinfo; +# endif +} DTLS1_RECORD_DATA; + +# endif + +/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/e_os2.h b/libs/mac/include/openssl/e_os2.h new file mode 100644 index 00000000..7be9989a --- /dev/null +++ b/libs/mac/include/openssl/e_os2.h @@ -0,0 +1,328 @@ +/* e_os2.h */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* ---------------------- Macintosh, before MacOS X ----------------------- */ +# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MACINTOSH_CLASSIC +# endif + +/* ---------------------- NetWare ----------------------------------------- */ +# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_NETWARE +# endif + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYSNAME_MSDOS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MSDOS +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +# if defined(OPENSSL_SYSNAME_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32 +# endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYSNAME_WINNT) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINNT +# endif +# if defined(OPENSSL_SYSNAME_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINCE +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- OS/2 ---------------------------------- */ +# if defined(__EMX__) || defined(__OS2__) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_OS2 +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# ifdef OPENSSL_SYSNAME_MPE +# define OPENSSL_SYS_MPE +# endif +# ifdef OPENSSL_SYSNAME_SNI +# define OPENSSL_SYS_SNI +# endif +# ifdef OPENSSL_SYSNAME_ULTRASPARC +# define OPENSSL_SYS_ULTRASPARC +# endif +# ifdef OPENSSL_SYSNAME_NEWS4 +# define OPENSSL_SYS_NEWS4 +# endif +# ifdef OPENSSL_SYSNAME_MACOSX +# define OPENSSL_SYS_MACOSX +# endif +# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY +# define OPENSSL_SYS_MACOSX_RHAPSODY +# define OPENSSL_SYS_MACOSX +# endif +# ifdef OPENSSL_SYSNAME_SUNOS +# define OPENSSL_SYS_SUNOS +# endif +# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) +# define OPENSSL_SYS_CRAY +# endif +# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/* ------------------------------ VxWorks --------------------------------- */ +# ifdef OPENSSL_SYSNAME_VXWORKS +# define OPENSSL_SYS_VXWORKS +# endif + +/* -------------------------------- BeOS ---------------------------------- */ +# if defined(__BEOS__) +# define OPENSSL_SYS_BEOS +# include +# if defined(BONE_VERSION) +# define OPENSSL_SYS_BEOS_BONE +# else +# define OPENSSL_SYS_BEOS_R5 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare + * certain global symbols that, with some compilers under VMS, have to be + * defined and declared explicitely with globaldef and globalref. + * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare + * DLL exports and imports for compilers under Win32. These are a little + * more complicated to use. Basically, for any library that exports some + * global variables, the following code must be present in the header file + * that declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL + * have some generally sensible values, and for OPENSSL_EXTERN to have the + * value OPENSSL_IMPORT. + */ + +# if defined(OPENSSL_SYS_VMS_NODECC) +# define OPENSSL_EXPORT globalref +# define OPENSSL_IMPORT globalref +# define OPENSSL_GLOBAL globaldef +# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_IMPORT extern __declspec(dllimport) +# define OPENSSL_GLOBAL +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_IMPORT extern +# define OPENSSL_GLOBAL +# endif +# define OPENSSL_EXTERN OPENSSL_IMPORT + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) +# define ossl_ssize_t long +# endif + +# ifdef OPENSSL_SYS_MSDOS +# define ossl_ssize_t long +# endif + +# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) +# define ssize_t int +# endif + +# if defined(__ultrix) && !defined(ssize_t) +# define ossl_ssize_t int +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ebcdic.h b/libs/mac/include/openssl/ebcdic.h new file mode 100644 index 00000000..4cbdfeb7 --- /dev/null +++ b/libs/mac/include/openssl/ebcdic.h @@ -0,0 +1,26 @@ +/* crypto/ebcdic.h */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ec.h b/libs/mac/include/openssl/ec.h new file mode 100644 index 00000000..81e6faf6 --- /dev/null +++ b/libs/mac/include/openssl/ec.h @@ -0,0 +1,1282 @@ +/* crypto/ec/ec.h */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/** + * \file crypto/ec/ec.h Include file for the OpenSSL EC functions + * \author Originally written by Bodo Moeller for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifdef OPENSSL_NO_EC +# error EC is disabled. +# endif + +# include +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +# ifdef __cplusplus +extern "C" { +# elif defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; + +typedef struct ec_group_st + /*- + EC_METHOD *meth; + -- field definition + -- curve coefficients + -- optional generator with associated information (order, cofactor) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff + */ + EC_GROUP; + +typedef struct ec_point_st EC_POINT; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and it's order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM with the prime number + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM for the prime number + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM for the polynomial defining the underlying field + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if both groups are equal and 1 otherwise + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r ist not zero + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + int y_bit, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + int y_bit, BN_CTX *ctx); +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if point if on the curve and 0 otherwise + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 0 if both points are equal and a value != 0 otherwise + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_NAMED_CURVE 0x001 + +typedef struct ecpk_parameters_st ECPKPARAMETERS; + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +# ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# endif +# ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +typedef struct ec_key_st EC_KEY; + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +/* functions to set/get method specific data */ +void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)); +/** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. + * \param dup_func a function that duplicates |data|. + * \param free_func a function that frees |data|. + * \param clear_free_func a function that wipes and frees |data|. + * \return the previously set data pointer, or NULL if |data| was inserted. + */ +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)); +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Sets a public key from affine coordindates performing + * neccessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + +# ifndef OPENSSL_NO_BIO +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# endif +# ifndef OPENSSL_NO_FP_API +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_62 2 + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_EC_strings(void); + +/* Error codes for the EC functions. */ + +/* Function codes. */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_COMPUTE_WNAF 143 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_SET_WORDS 245 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECP_NIST_MOD_192 203 +# define EC_F_ECP_NIST_MOD_224 204 +# define EC_F_ECP_NIST_MOD_256 205 +# define EC_F_ECP_NIST_MOD_521 206 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +# define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +# define EC_F_EC_EX_DATA_SET_DATA 211 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET0_GENERATOR 139 +# define EC_F_EC_GROUP_GET_COFACTOR 140 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ORDER 141 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_EXTRA_DATA 110 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_MUL 184 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_DUP 207 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 + +/* Reason codes. */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_ASN1_UNKNOWN_FIELD 116 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_FIELD_MOD 133 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ecdh.h b/libs/mac/include/openssl/ecdh.h new file mode 100644 index 00000000..25348b30 --- /dev/null +++ b/libs/mac/include/openssl/ecdh.h @@ -0,0 +1,134 @@ +/* crypto/ecdh/ecdh.h */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDH_H +# define HEADER_ECDH_H + +# include + +# ifdef OPENSSL_NO_ECDH +# error ECDH is disabled. +# endif + +# include +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +const ECDH_METHOD *ECDH_OpenSSL(void); + +void ECDH_set_default_method(const ECDH_METHOD *); +const ECDH_METHOD *ECDH_get_default_method(void); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); + +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDH_strings(void); + +/* Error codes for the ECDH functions. */ + +/* Function codes. */ +# define ECDH_F_ECDH_CHECK 102 +# define ECDH_F_ECDH_COMPUTE_KEY 100 +# define ECDH_F_ECDH_DATA_NEW_METHOD 101 + +/* Reason codes. */ +# define ECDH_R_KDF_FAILED 102 +# define ECDH_R_NON_FIPS_METHOD 103 +# define ECDH_R_NO_PRIVATE_VALUE 100 +# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ecdsa.h b/libs/mac/include/openssl/ecdsa.h new file mode 100644 index 00000000..a6f0930f --- /dev/null +++ b/libs/mac/include/openssl/ecdsa.h @@ -0,0 +1,335 @@ +/* crypto/ecdsa/ecdsa.h */ +/** + * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions + * \author Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDSA_H +# define HEADER_ECDSA_H + +# include + +# ifdef OPENSSL_NO_ECDSA +# error ECDSA is disabled. +# endif + +# include +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +} ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +const ECDSA_METHOD *ECDSA_OpenSSL(void); + +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD + */ +void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method + */ +const ECDSA_METHOD *ECDSA_get_default_method(void); + +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise + */ +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* the standard ex_data functions */ +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); + +/** Allocates and initialize a ECDSA_METHOD structure + * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) + * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred + */ + +ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); + +/** frees a ECDSA_METHOD structure + * \param ecdsa_method pointer to the ECDSA_METHOD structure + */ +void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); + +/** Sets application specific data in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param app application specific data to set + */ + +void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); + +/** Returns application specific data from a ECDSA_METHOD structure + * \param ecdsa_method pointer to ECDSA_METHOD structure + * \return pointer to application specific data. + */ + +void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); + +/** Set the ECDSA_do_sign function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_sign a funtion of type ECDSA_do_sign + */ + +void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, + ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char + *dgst, int dgst_len, + const BIGNUM *inv, + const BIGNUM *rp, + EC_KEY *eckey)); + +/** Set the ECDSA_sign_setup function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup + */ + +void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_sign_setup) (EC_KEY *eckey, + BN_CTX *ctx, + BIGNUM **kinv, + BIGNUM **r)); + +/** Set the ECDSA_do_verify function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_verify a funtion of type ECDSA_do_verify + */ + +void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_do_verify) (const unsigned char + *dgst, int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); + +/** Set the flags field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param flags flags value to set + */ + +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); + +/** Set the name field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param name name to set + */ + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDSA_strings(void); + +/* Error codes for the ECDSA functions. */ + +/* Function codes. */ +# define ECDSA_F_ECDSA_CHECK 104 +# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +# define ECDSA_F_ECDSA_DO_SIGN 101 +# define ECDSA_F_ECDSA_DO_VERIFY 102 +# define ECDSA_F_ECDSA_METHOD_NEW 105 +# define ECDSA_F_ECDSA_SIGN_SETUP 103 + +/* Reason codes. */ +# define ECDSA_R_BAD_SIGNATURE 100 +# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +# define ECDSA_R_ERR_EC_LIB 102 +# define ECDSA_R_MISSING_PARAMETERS 103 +# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +# define ECDSA_R_NON_FIPS_METHOD 107 +# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/engine.h b/libs/mac/include/openssl/engine.h new file mode 100644 index 00000000..bd7b5914 --- /dev/null +++ b/libs/mac/include/openssl/engine.h @@ -0,0 +1,960 @@ +/* openssl/engine.h */ +/* + * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project + * 2000. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifdef OPENSSL_NO_ENGINE +# error ENGINE is disabled. +# endif + +# ifndef OPENSSL_NO_DEPRECATED +# include +# ifndef OPENSSL_NO_RSA +# include +# endif +# ifndef OPENSSL_NO_DSA +# include +# endif +# ifndef OPENSSL_NO_DH +# include +# endif +# ifndef OPENSSL_NO_ECDH +# include +# endif +# ifndef OPENSSL_NO_ECDSA +# include +# endif +# include +# include +# include +# endif + +# include +# include + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_ECDH (unsigned int)0x0010 +# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_STORE (unsigned int)0x0100 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); +/* Add all the built-in engines. */ +void ENGINE_load_openssl(void); +void ENGINE_load_dynamic(void); +# ifndef OPENSSL_NO_STATIC_ENGINE +void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); +void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +void ENGINE_load_nuron(void); +void ENGINE_load_sureware(void); +void ENGINE_load_ubsec(void); +void ENGINE_load_padlock(void); +void ENGINE_load_capi(void); +# ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +# endif +# ifndef OPENSSL_NO_GOST +void ENGINE_load_gost(void); +# endif +# endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_rdrand(void); +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required, so + * ENGINE_cleanup() will reverse any "register" operations. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + +int ENGINE_register_ECDSA(ENGINE *e); +void ENGINE_unregister_ECDSA(ENGINE *e); +void ENGINE_register_all_ECDSA(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parametrised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +/* + * This function cleans up anything that needs it. Eg. the ENGINE_add() + * function automatically ensures the list cleanup function is registered to + * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** + * functions ensure ENGINE_cleanup() will clean up after them. + */ +void ENGINE_cleanup(void); + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); +int ENGINE_set_default_ECDSA(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_cb) (size_t); +typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); +typedef void (*dyn_MEM_free_cb) (void *); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_cb malloc_cb; + dyn_MEM_realloc_cb realloc_cb; + dyn_MEM_free_cb free_cb; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependant code) can simplify a bit?? + */ +typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); +typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); +typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, + int); +typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, + const char *, int); +typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, + const char *, int); +typedef struct st_dynamic_LOCK_fns { + dyn_lock_locking_cb lock_locking_cb; + dyn_lock_add_lock_cb lock_add_lock_cb; + dyn_dynlock_create_cb dynlock_create_cb; + dyn_dynlock_lock_cb dynlock_lock_cb; + dyn_dynlock_destroy_cb dynlock_destroy_cb; +} dynamic_LOCK_fns; +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + const ERR_FNS *err_fns; + const CRYPTO_EX_DATA_IMPL *ex_data_fns; + dynamic_MEM_fns mem_fns; + dynamic_LOCK_fns lock_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ + fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ + return 0; \ + CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ + CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ + CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ + CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ + CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ + if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ + return 0; \ + if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ + if(!fn(e,id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +void ENGINE_setup_bsd_cryptodev(void); +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ENGINE_strings(void); + +/* Error codes for the ENGINE functions. */ + +/* Function codes. */ +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_FREE_UTIL 108 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOAD_KEY 152 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_LOG_MESSAGE 141 + +/* Reason codes. */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DH_NOT_IMPLEMENTED 139 +# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_GET_HANDLE_FAILED 107 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_NO_UNLOAD_FUNCTION 126 +# define ENGINE_R_PROVIDE_PARAMETERS 113 +# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/err.h b/libs/mac/include/openssl/err.h new file mode 100644 index 00000000..f4236562 --- /dev/null +++ b/libs/mac/include/openssl/err.h @@ -0,0 +1,390 @@ +/* crypto/err/err.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_FP_API +# include +# include +# endif + +# include +# ifndef OPENSSL_NO_BIO +# include +# endif +# ifndef OPENSSL_NO_LHASH +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +# define ERR_LIB_JPAKE 49 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) + +/* + * Borland C seems too stupid to be able to shift and do longs in the + * pre-processor :-( + */ +# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ + ((((unsigned long)f)&0xfffL)*0x1000)| \ + ((((unsigned long)r)&0xfffL))) +# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) +# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) +# define ERR_GET_REASON(l) (int)((l)&0xfffL) +# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_FFLUSH 18 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */ +# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */ +# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */ +# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ +# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ +# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_BAD_ASN1_OBJECT_HEADER 59 +# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 +# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 +# define ERR_R_ASN1_LENGTH_MISMATCH 62 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_FP_API +void ERR_print_errors_fp(FILE *fp); +# endif +# ifndef OPENSSL_NO_BIO +void ERR_print_errors(BIO *bp); +# endif +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); +void ERR_load_ERR_strings(void); +void ERR_load_crypto_strings(void); +void ERR_free_strings(void); + +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +# ifndef OPENSSL_NO_DEPRECATED +void ERR_remove_state(unsigned long pid); /* if zero we look it up */ +# endif +ERR_STATE *ERR_get_state(void); + +# ifndef OPENSSL_NO_LHASH +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); +# endif + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + +/* Already defined in ossl_typ.h */ +/* typedef struct st_ERR_FNS ERR_FNS; */ +/* + * An application can use this function and provide the return value to + * loaded modules that should use the application's ERR state/functionality + */ +const ERR_FNS *ERR_get_implementation(void); +/* + * A loaded module should call this function prior to any ERR operations + * using the application's "ERR_FNS". + */ +int ERR_set_implementation(const ERR_FNS *fns); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/evp.h b/libs/mac/include/openssl/evp.h new file mode 100644 index 00000000..cf1de15e --- /dev/null +++ b/libs/mac/include/openssl/evp.h @@ -0,0 +1,1628 @@ +/* crypto/evp/evp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# ifdef OPENSSL_ALGORITHM_DEFINES +# include +# else +# define OPENSSL_ALGORITHM_DEFINES +# include +# undef OPENSSL_ALGORITHM_DEFINES +# endif + +# include + +# include + +# ifndef OPENSSL_NO_BIO +# include +# endif + +/*- +#define EVP_RC2_KEY_SIZE 16 +#define EVP_RC4_KEY_SIZE 16 +#define EVP_BLOWFISH_KEY_SIZE 16 +#define EVP_CAST5_KEY_SIZE 16 +#define EVP_RC5_32_12_16_KEY_SIZE 16 +*/ +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Type needs to be a bit field Sub-type needs to be for variations on the + * method, as in, can it do arbitrary encryption.... + */ +struct evp_pkey_st { + int type; + int save_type; + int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + union { + char *ptr; +# ifndef OPENSSL_NO_RSA + struct rsa_st *rsa; /* RSA */ +# endif +# ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +# endif +# ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +# endif +# ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +# endif + } pkey; + int save_parameters; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} /* EVP_PKEY */ ; + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +struct env_md_st { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init) (EVP_MD_CTX *ctx); + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final) (EVP_MD_CTX *ctx, unsigned char *md); + int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup) (EVP_MD_CTX *ctx); + /* FIXME: prototype these some day */ + int (*sign) (int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, void *key); + int (*verify) (int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + void *key); + int required_pkey_type[5]; /* EVP_PKEY_xxx */ + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */ ; + +typedef int evp_sign_method(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, void *key); +typedef int evp_verify_method(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, void *key); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* + * digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc + */ +# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 + +/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ + +# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ + {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ + EVP_PKEY_DSA4,0} +# else +# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method +# endif + +# ifndef OPENSSL_NO_ECDSA +# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +# else +# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +# endif + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +# else +# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method +# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method +# endif + +# endif /* !EVP_MD */ + +struct env_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is + * ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */ ; + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ + +struct evp_cipher_st { + int nid; + int block_size; + /* Default value for variable length ciphers */ + int key_len; + int iv_len; + /* Various flags */ + unsigned long flags; + /* init key */ + int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + /* encrypt/decrypt data */ + int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + /* cleanup ctx */ + int (*cleanup) (EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; +} /* EVP_CIPHER */ ; + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_GCM_SET_IVLEN 0x9 +# define EVP_CTRL_GCM_GET_TAG 0x10 +# define EVP_CTRL_GCM_SET_TAG 0x11 +# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + +struct evp_cipher_ctx_st { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is + * ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ +} /* EVP_CIPHER_CTX */ ; + +typedef struct evp_Encode_Ctx_st { + /* number saved in a partial encode/decode */ + int num; + /* + * The length is either the output line length (in input bytes) or the + * shortest input line length that is ok. Once decoding begins, the + * length is adjusted up each time a longer line is decoded + */ + int length; + /* data to encode */ + unsigned char enc_data[80]; + /* number read on current line */ + int line_num; + int expect_nl; +} EVP_ENCODE_CTX; + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) + +# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + +int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type, + ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, + int datal, int count, unsigned char *key, + unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv); +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv); +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv, int enc); +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + unsigned char *sigret, size_t *siglen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, + const unsigned char *sig, size_t siglen); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +# ifndef OPENSSL_NO_BIO +BIO_METHOD *BIO_f_md(void); +BIO_METHOD *BIO_f_base64(void); +BIO_METHOD *BIO_f_cipher(void); +BIO_METHOD *BIO_f_reliable(void); +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); +# endif + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +# endif +# ifndef OPENSSL_NO_SHA +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_dss(void); +const EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_ecdsa(void); +# endif +# ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +# endif +# ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +# endif +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RIPEMD +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +# if 0 +const EVP_CIPHER *EVP_des_ede_cfb1(void); +const EVP_CIPHER *EVP_des_ede_cfb8(void); +# endif +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# if 0 +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO +const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); +const EVP_CIPHER *EVP_dev_crypto_rc4(void); +const EVP_MD *EVP_dev_crypto_md5(void); +# endif +# endif +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +# ifndef OPENSSL_NO_AES +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +# endif +# ifndef OPENSSL_NO_SHA256 +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# endif +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +# endif + +void OpenSSL_add_all_ciphers(void); +void OpenSSL_add_all_digests(void); +# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +# define SSLeay_add_all_digests() OpenSSL_add_all_digests() + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); +void EVP_cleanup(void); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(EVP_PKEY *pkey); +int EVP_PKEY_size(EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(EVP_PKEY *pkey); + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_add_alg_module(void); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +void ERR_load_EVP_strings(void); + +/* Error codes for the EVP functions. */ + +/* Function codes. */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_CIPHER 176 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_XTS 172 +# define EVP_F_AES_XTS_CIPHER 175 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CMAC_INIT 173 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_D2I_PKEY 100 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_DSAPKEY2PKCS8 134 +# define EVP_F_DSA_PKEY2PKCS8 135 +# define EVP_F_ECDSA_PKEY2PKCS8 129 +# define EVP_F_ECKEY_PKEY2PKCS8 132 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 +# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET1_DH 119 +# define EVP_F_EVP_PKEY_GET1_DSA 120 +# define EVP_F_EVP_PKEY_GET1_ECDSA 130 +# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET1_RSA 121 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_RIJNDAEL 126 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_FIPS_CIPHERINIT 166 +# define EVP_F_FIPS_CIPHER_CTX_COPY 170 +# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 +# define EVP_F_FIPS_DIGESTINIT 168 +# define EVP_F_FIPS_MD_CTX_COPY 169 +# define EVP_F_HMAC_INIT_EX 174 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS8_SET_BROKEN 112 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 + +/* Reason codes. */ +# define EVP_R_AES_IV_SETUP_FAILED 162 +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ASN1_LIB 140 +# define EVP_R_BAD_BLOCK_LENGTH 136 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 137 +# define EVP_R_BN_DECODE_ERROR 112 +# define EVP_R_BN_PUBKEY_ERROR 113 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_DISABLED_FOR_FIPS 163 +# define EVP_R_ENCODE_ERROR 115 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_ECDSA_KEY 141 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 171 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_IV_TOO_LARGE 102 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_DSA_PARAMETERS 116 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_TOO_LARGE 164 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/libs/mac/include/openssl/hmac.h b/libs/mac/include/openssl/hmac.h new file mode 100644 index 00000000..b8b55cda --- /dev/null +++ b/libs/mac/include/openssl/hmac.h @@ -0,0 +1,109 @@ +/* crypto/hmac/hmac.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# ifdef OPENSSL_NO_HMAC +# error HMAC is disabled. +# endif + +# include + +# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX md_ctx; + EVP_MD_CTX i_ctx; + EVP_MD_CTX o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; +} HMAC_CTX; + +# define HMAC_size(e) (EVP_MD_size((e)->md)) + +void HMAC_CTX_init(HMAC_CTX *ctx); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +/* deprecated */ +# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) + +/* deprecated */ +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/idea.h b/libs/mac/include/openssl/idea.h new file mode 100644 index 00000000..60759840 --- /dev/null +++ b/libs/mac/include/openssl/idea.h @@ -0,0 +1,105 @@ +/* crypto/idea/idea.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include /* IDEA_INT, OPENSSL_NO_IDEA */ + +# ifdef OPENSSL_NO_IDEA +# error IDEA is disabled. +# endif + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *idea_options(void); +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +# ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks); +# endif +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/krb5_asn.h b/libs/mac/include/openssl/krb5_asn.h new file mode 100644 index 00000000..9cf5a26d --- /dev/null +++ b/libs/mac/include/openssl/krb5_asn.h @@ -0,0 +1,240 @@ +/* krb5_asn.h */ +/* + * Written by Vern Staats for the OpenSSL project, ** + * using ocsp/{*.h,*asn*.c} as a starting point + */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_KRB5_ASN_H +# define HEADER_KRB5_ASN_H + +/* + * #include + */ +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * ASN.1 from Kerberos RFC 1510 + */ + +/*- EncryptedData ::= SEQUENCE { + * etype[0] INTEGER, -- EncryptionType + * kvno[1] INTEGER OPTIONAL, + * cipher[2] OCTET STRING -- ciphertext + * } + */ +typedef struct krb5_encdata_st { + ASN1_INTEGER *etype; + ASN1_INTEGER *kvno; + ASN1_OCTET_STRING *cipher; +} KRB5_ENCDATA; + +DECLARE_STACK_OF(KRB5_ENCDATA) + +/*- PrincipalName ::= SEQUENCE { + * name-type[0] INTEGER, + * name-string[1] SEQUENCE OF GeneralString + * } + */ +typedef struct krb5_princname_st { + ASN1_INTEGER *nametype; + STACK_OF(ASN1_GENERALSTRING) *namestring; +} KRB5_PRINCNAME; + +DECLARE_STACK_OF(KRB5_PRINCNAME) + +/*- Ticket ::= [APPLICATION 1] SEQUENCE { + * tkt-vno[0] INTEGER, + * realm[1] Realm, + * sname[2] PrincipalName, + * enc-part[3] EncryptedData + * } + */ +typedef struct krb5_tktbody_st { + ASN1_INTEGER *tktvno; + ASN1_GENERALSTRING *realm; + KRB5_PRINCNAME *sname; + KRB5_ENCDATA *encdata; +} KRB5_TKTBODY; + +typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; +DECLARE_STACK_OF(KRB5_TKTBODY) + +/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { + * pvno[0] INTEGER, + * msg-type[1] INTEGER, + * ap-options[2] APOptions, + * ticket[3] Ticket, + * authenticator[4] EncryptedData + * } + * + * APOptions ::= BIT STRING { + * reserved(0), use-session-key(1), mutual-required(2) } + */ +typedef struct krb5_ap_req_st { + ASN1_INTEGER *pvno; + ASN1_INTEGER *msgtype; + ASN1_BIT_STRING *apoptions; + KRB5_TICKET *ticket; + KRB5_ENCDATA *authenticator; +} KRB5_APREQBODY; + +typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; +DECLARE_STACK_OF(KRB5_APREQBODY) + +/* Authenticator Stuff */ + +/*- Checksum ::= SEQUENCE { + * cksumtype[0] INTEGER, + * checksum[1] OCTET STRING + * } + */ +typedef struct krb5_checksum_st { + ASN1_INTEGER *ctype; + ASN1_OCTET_STRING *checksum; +} KRB5_CHECKSUM; + +DECLARE_STACK_OF(KRB5_CHECKSUM) + +/*- EncryptionKey ::= SEQUENCE { + * keytype[0] INTEGER, + * keyvalue[1] OCTET STRING + * } + */ +typedef struct krb5_encryptionkey_st { + ASN1_INTEGER *ktype; + ASN1_OCTET_STRING *keyvalue; +} KRB5_ENCKEY; + +DECLARE_STACK_OF(KRB5_ENCKEY) + +/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { + * ad-type[0] INTEGER, + * ad-data[1] OCTET STRING + * } + */ +typedef struct krb5_authorization_st { + ASN1_INTEGER *adtype; + ASN1_OCTET_STRING *addata; +} KRB5_AUTHDATA; + +DECLARE_STACK_OF(KRB5_AUTHDATA) + +/*- -- Unencrypted authenticator + * Authenticator ::= [APPLICATION 2] SEQUENCE { + * authenticator-vno[0] INTEGER, + * crealm[1] Realm, + * cname[2] PrincipalName, + * cksum[3] Checksum OPTIONAL, + * cusec[4] INTEGER, + * ctime[5] KerberosTime, + * subkey[6] EncryptionKey OPTIONAL, + * seq-number[7] INTEGER OPTIONAL, + * authorization-data[8] AuthorizationData OPTIONAL + * } + */ +typedef struct krb5_authenticator_st { + ASN1_INTEGER *avno; + ASN1_GENERALSTRING *crealm; + KRB5_PRINCNAME *cname; + KRB5_CHECKSUM *cksum; + ASN1_INTEGER *cusec; + ASN1_GENERALIZEDTIME *ctime; + KRB5_ENCKEY *subkey; + ASN1_INTEGER *seqnum; + KRB5_AUTHDATA *authorization; +} KRB5_AUTHENTBODY; + +typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; +DECLARE_STACK_OF(KRB5_AUTHENTBODY) + +/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = + * type *name##_new(void); + * void name##_free(type *a); + * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = + * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = + * type *d2i_##name(type **a, const unsigned char **in, long len); + * int i2d_##name(type *a, unsigned char **out); + * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it + */ + +DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) +DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) +DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) +DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) + +DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) +DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) +DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/kssl.h b/libs/mac/include/openssl/kssl.h new file mode 100644 index 00000000..ae8a51f4 --- /dev/null +++ b/libs/mac/include/openssl/kssl.h @@ -0,0 +1,197 @@ +/* ssl/kssl.h */ +/* + * Written by Vern Staats for the OpenSSL project + * 2000. project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + ** 19990701 VRS Started. + */ + +#ifndef KSSL_H +# define KSSL_H + +# include + +# ifndef OPENSSL_NO_KRB5 + +# include +# include +# include +# ifdef OPENSSL_SYS_WIN32 +/* + * These can sometimes get redefined indirectly by krb5 header files after + * they get undefed in ossl_typ.h + */ +# undef X509_NAME +# undef X509_EXTENSIONS +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Depending on which KRB5 implementation used, some types from + * the other may be missing. Resolve that here and now + */ +# ifdef KRB5_HEIMDAL +typedef unsigned char krb5_octet; +# define FAR +# else + +# ifndef FAR +# define FAR +# endif + +# endif + +/*- + * Uncomment this to debug kssl problems or + * to trace usage of the Kerberos session key + * + * #define KSSL_DEBUG + */ + +# ifndef KRB5SVC +# define KRB5SVC "host" +# endif + +# ifndef KRB5KEYTAB +# define KRB5KEYTAB "/etc/krb5.keytab" +# endif + +# ifndef KRB5SENDAUTH +# define KRB5SENDAUTH 1 +# endif + +# ifndef KRB5CHECKAUTH +# define KRB5CHECKAUTH 1 +# endif + +# ifndef KSSL_CLOCKSKEW +# define KSSL_CLOCKSKEW 300; +# endif + +# define KSSL_ERR_MAX 255 +typedef struct kssl_err_st { + int reason; + char text[KSSL_ERR_MAX + 1]; +} KSSL_ERR; + +/*- Context for passing + * (1) Kerberos session key to SSL, and + * (2) Config data between application and SSL lib + */ +typedef struct kssl_ctx_st { + /* used by: disposition: */ + char *service_name; /* C,S default ok (kssl) */ + char *service_host; /* C input, REQUIRED */ + char *client_princ; /* S output from krb5 ticket */ + char *keytab_file; /* S NULL (/etc/krb5.keytab) */ + char *cred_cache; /* C NULL (default) */ + krb5_enctype enctype; + int length; + krb5_octet FAR *key; +} KSSL_CTX; + +# define KSSL_CLIENT 1 +# define KSSL_SERVER 2 +# define KSSL_SERVICE 3 +# define KSSL_KEYTAB 4 + +# define KSSL_CTX_OK 0 +# define KSSL_CTX_ERR 1 +# define KSSL_NOMEM 2 + +/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ +krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); +KSSL_CTX *kssl_ctx_new(void); +KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); +void kssl_ctx_show(KSSL_CTX *kssl_ctx); +krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, + krb5_data *realm, krb5_data *entity, + int nentities); +krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, + krb5_data *authenp, KSSL_ERR *kssl_err); +krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, + krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); +krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); +void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); +void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); +krb5_error_code kssl_build_principal_2(krb5_context context, + krb5_principal *princ, int rlen, + const char *realm, int slen, + const char *svc, int hlen, + const char *host); +krb5_error_code kssl_validate_times(krb5_timestamp atime, + krb5_ticket_times *ttimes); +krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, + krb5_timestamp *atimep, + KSSL_ERR *kssl_err); +unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); + +void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); +KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); +char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); + +#ifdef __cplusplus +} +#endif +# endif /* OPENSSL_NO_KRB5 */ +#endif /* KSSL_H */ diff --git a/libs/mac/include/openssl/lhash.h b/libs/mac/include/openssl/lhash.h new file mode 100644 index 00000000..b6c328bf --- /dev/null +++ b/libs/mac/include/openssl/lhash.h @@ -0,0 +1,240 @@ +/* crypto/lhash/lhash.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# ifndef OPENSSL_NO_FP_API +# include +# endif + +# ifndef OPENSSL_NO_BIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st { + void *data; + struct lhash_node_st *next; +# ifndef OPENSSL_NO_HASH_COMP + unsigned long hash; +# endif +} LHASH_NODE; + +typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); +typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *); +typedef void (*LHASH_DOALL_FN_TYPE) (void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Third: "doall" functions */ +# define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +# define LHASH_DOALL_FN(name) name##_LHASH_DOALL + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + +typedef struct lhash_st { + LHASH_NODE **b; + LHASH_COMP_FN_TYPE comp; + LHASH_HASH_FN_TYPE hash; + unsigned int num_nodes; + unsigned int num_alloc_nodes; + unsigned int p; + unsigned int pmax; + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ + unsigned long num_items; + unsigned long num_expands; + unsigned long num_expand_reallocs; + unsigned long num_contracts; + unsigned long num_contract_reallocs; + unsigned long num_hash_calls; + unsigned long num_comp_calls; + unsigned long num_insert; + unsigned long num_replace; + unsigned long num_delete; + unsigned long num_no_delete; + unsigned long num_retrieve; + unsigned long num_retrieve_miss; + unsigned long num_hash_comps; + int error; +} _LHASH; /* Do not use _LHASH directly, use LHASH_OF + * and friends */ + +# define LH_LOAD_MULT 256 + +/* + * Indicates a malloc() error in the last call, this is only bad in + * lh_insert(). + */ +# define lh_error(lh) ((lh)->error) + +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +unsigned long lh_strhash(const char *c); +unsigned long lh_num_items(const _LHASH *lh); + +# ifndef OPENSSL_NO_FP_API +void lh_stats(const _LHASH *lh, FILE *out); +void lh_node_stats(const _LHASH *lh, FILE *out); +void lh_node_usage_stats(const _LHASH *lh, FILE *out); +# endif + +# ifndef OPENSSL_NO_BIO +void lh_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } + +# define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +# define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +# define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +# define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) +# define LHM_lh_node_stats_bio(type, lh, out) \ + lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_node_usage_stats_bio(type, lh, out) \ + lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_stats_bio(type, lh, out) \ + lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/md4.h b/libs/mac/include/openssl/md4.h new file mode 100644 index 00000000..11fd7129 --- /dev/null +++ b/libs/mac/include/openssl/md4.h @@ -0,0 +1,119 @@ +/* crypto/md4/md4.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_MD4 +# error MD4 is disabled. +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! MD4_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +# if defined(__LP32__) +# define MD4_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define MD4_LONG unsigned long +# define MD4_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +# else +# define MD4_LONG unsigned int +# endif + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +# ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +# endif +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/md5.h b/libs/mac/include/openssl/md5.h new file mode 100644 index 00000000..2659038a --- /dev/null +++ b/libs/mac/include/openssl/md5.h @@ -0,0 +1,119 @@ +/* crypto/md5/md5.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_MD5 +# error MD5 is disabled. +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! MD5_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +# if defined(__LP32__) +# define MD5_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define MD5_LONG unsigned long +# define MD5_LONG_LOG2 3 +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * + */ +# else +# define MD5_LONG unsigned int +# endif + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +# ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +# endif +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/mdc2.h b/libs/mac/include/openssl/mdc2.h new file mode 100644 index 00000000..7efe53bc --- /dev/null +++ b/libs/mac/include/openssl/mdc2.h @@ -0,0 +1,94 @@ +/* crypto/mdc2/mdc2.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_MDC2 +# error MDC2 is disabled. +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +# ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +# endif +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/modes.h b/libs/mac/include/openssl/modes.h new file mode 100644 index 00000000..fd488499 --- /dev/null +++ b/libs/mac/include/openssl/modes.h @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +#ifdef __cplusplus +} +#endif diff --git a/libs/mac/include/openssl/obj_mac.h b/libs/mac/include/openssl/obj_mac.h new file mode 100644 index 00000000..779c309b --- /dev/null +++ b/libs/mac/include/openssl/obj_mac.h @@ -0,0 +1,4194 @@ +/* crypto/objects/obj_mac.h */ + +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_rle_compression "RLE" +#define LN_rle_compression "run length compression" +#define NID_rle_compression 124 +#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L diff --git a/libs/mac/include/openssl/objects.h b/libs/mac/include/openssl/objects.h new file mode 100644 index 00000000..b8dafa89 --- /dev/null +++ b/libs/mac/include/openssl/objects.h @@ -0,0 +1,1143 @@ +/* crypto/objects/objects.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# define USE_OBJ_MAC + +# ifdef USE_OBJ_MAC +# include +# else +# define SN_undef "UNDEF" +# define LN_undef "undefined" +# define NID_undef 0 +# define OBJ_undef 0L + +# define SN_Algorithm "Algorithm" +# define LN_algorithm "algorithm" +# define NID_algorithm 38 +# define OBJ_algorithm 1L,3L,14L,3L,2L + +# define LN_rsadsi "rsadsi" +# define NID_rsadsi 1 +# define OBJ_rsadsi 1L,2L,840L,113549L + +# define LN_pkcs "pkcs" +# define NID_pkcs 2 +# define OBJ_pkcs OBJ_rsadsi,1L + +# define SN_md2 "MD2" +# define LN_md2 "md2" +# define NID_md2 3 +# define OBJ_md2 OBJ_rsadsi,2L,2L + +# define SN_md5 "MD5" +# define LN_md5 "md5" +# define NID_md5 4 +# define OBJ_md5 OBJ_rsadsi,2L,5L + +# define SN_rc4 "RC4" +# define LN_rc4 "rc4" +# define NID_rc4 5 +# define OBJ_rc4 OBJ_rsadsi,3L,4L + +# define LN_rsaEncryption "rsaEncryption" +# define NID_rsaEncryption 6 +# define OBJ_rsaEncryption OBJ_pkcs,1L,1L + +# define SN_md2WithRSAEncryption "RSA-MD2" +# define LN_md2WithRSAEncryption "md2WithRSAEncryption" +# define NID_md2WithRSAEncryption 7 +# define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L + +# define SN_md5WithRSAEncryption "RSA-MD5" +# define LN_md5WithRSAEncryption "md5WithRSAEncryption" +# define NID_md5WithRSAEncryption 8 +# define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L + +# define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +# define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +# define NID_pbeWithMD2AndDES_CBC 9 +# define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L + +# define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +# define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +# define NID_pbeWithMD5AndDES_CBC 10 +# define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L + +# define LN_X500 "X500" +# define NID_X500 11 +# define OBJ_X500 2L,5L + +# define LN_X509 "X509" +# define NID_X509 12 +# define OBJ_X509 OBJ_X500,4L + +# define SN_commonName "CN" +# define LN_commonName "commonName" +# define NID_commonName 13 +# define OBJ_commonName OBJ_X509,3L + +# define SN_countryName "C" +# define LN_countryName "countryName" +# define NID_countryName 14 +# define OBJ_countryName OBJ_X509,6L + +# define SN_localityName "L" +# define LN_localityName "localityName" +# define NID_localityName 15 +# define OBJ_localityName OBJ_X509,7L + +/* Postal Address? PA */ + +/* should be "ST" (rfc1327) but MS uses 'S' */ +# define SN_stateOrProvinceName "ST" +# define LN_stateOrProvinceName "stateOrProvinceName" +# define NID_stateOrProvinceName 16 +# define OBJ_stateOrProvinceName OBJ_X509,8L + +# define SN_organizationName "O" +# define LN_organizationName "organizationName" +# define NID_organizationName 17 +# define OBJ_organizationName OBJ_X509,10L + +# define SN_organizationalUnitName "OU" +# define LN_organizationalUnitName "organizationalUnitName" +# define NID_organizationalUnitName 18 +# define OBJ_organizationalUnitName OBJ_X509,11L + +# define SN_rsa "RSA" +# define LN_rsa "rsa" +# define NID_rsa 19 +# define OBJ_rsa OBJ_X500,8L,1L,1L + +# define LN_pkcs7 "pkcs7" +# define NID_pkcs7 20 +# define OBJ_pkcs7 OBJ_pkcs,7L + +# define LN_pkcs7_data "pkcs7-data" +# define NID_pkcs7_data 21 +# define OBJ_pkcs7_data OBJ_pkcs7,1L + +# define LN_pkcs7_signed "pkcs7-signedData" +# define NID_pkcs7_signed 22 +# define OBJ_pkcs7_signed OBJ_pkcs7,2L + +# define LN_pkcs7_enveloped "pkcs7-envelopedData" +# define NID_pkcs7_enveloped 23 +# define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +# define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +# define NID_pkcs7_signedAndEnveloped 24 +# define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +# define LN_pkcs7_digest "pkcs7-digestData" +# define NID_pkcs7_digest 25 +# define OBJ_pkcs7_digest OBJ_pkcs7,5L + +# define LN_pkcs7_encrypted "pkcs7-encryptedData" +# define NID_pkcs7_encrypted 26 +# define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +# define LN_pkcs3 "pkcs3" +# define NID_pkcs3 27 +# define OBJ_pkcs3 OBJ_pkcs,3L + +# define LN_dhKeyAgreement "dhKeyAgreement" +# define NID_dhKeyAgreement 28 +# define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +# define SN_des_ecb "DES-ECB" +# define LN_des_ecb "des-ecb" +# define NID_des_ecb 29 +# define OBJ_des_ecb OBJ_algorithm,6L + +# define SN_des_cfb64 "DES-CFB" +# define LN_des_cfb64 "des-cfb" +# define NID_des_cfb64 30 +/* IV + num */ +# define OBJ_des_cfb64 OBJ_algorithm,9L + +# define SN_des_cbc "DES-CBC" +# define LN_des_cbc "des-cbc" +# define NID_des_cbc 31 +/* IV */ +# define OBJ_des_cbc OBJ_algorithm,7L + +# define SN_des_ede "DES-EDE" +# define LN_des_ede "des-ede" +# define NID_des_ede 32 +/* ?? */ +# define OBJ_des_ede OBJ_algorithm,17L + +# define SN_des_ede3 "DES-EDE3" +# define LN_des_ede3 "des-ede3" +# define NID_des_ede3 33 + +# define SN_idea_cbc "IDEA-CBC" +# define LN_idea_cbc "idea-cbc" +# define NID_idea_cbc 34 +# define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +# define SN_idea_cfb64 "IDEA-CFB" +# define LN_idea_cfb64 "idea-cfb" +# define NID_idea_cfb64 35 + +# define SN_idea_ecb "IDEA-ECB" +# define LN_idea_ecb "idea-ecb" +# define NID_idea_ecb 36 + +# define SN_rc2_cbc "RC2-CBC" +# define LN_rc2_cbc "rc2-cbc" +# define NID_rc2_cbc 37 +# define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +# define SN_rc2_ecb "RC2-ECB" +# define LN_rc2_ecb "rc2-ecb" +# define NID_rc2_ecb 38 + +# define SN_rc2_cfb64 "RC2-CFB" +# define LN_rc2_cfb64 "rc2-cfb" +# define NID_rc2_cfb64 39 + +# define SN_rc2_ofb64 "RC2-OFB" +# define LN_rc2_ofb64 "rc2-ofb" +# define NID_rc2_ofb64 40 + +# define SN_sha "SHA" +# define LN_sha "sha" +# define NID_sha 41 +# define OBJ_sha OBJ_algorithm,18L + +# define SN_shaWithRSAEncryption "RSA-SHA" +# define LN_shaWithRSAEncryption "shaWithRSAEncryption" +# define NID_shaWithRSAEncryption 42 +# define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +# define SN_des_ede_cbc "DES-EDE-CBC" +# define LN_des_ede_cbc "des-ede-cbc" +# define NID_des_ede_cbc 43 + +# define SN_des_ede3_cbc "DES-EDE3-CBC" +# define LN_des_ede3_cbc "des-ede3-cbc" +# define NID_des_ede3_cbc 44 +# define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +# define SN_des_ofb64 "DES-OFB" +# define LN_des_ofb64 "des-ofb" +# define NID_des_ofb64 45 +# define OBJ_des_ofb64 OBJ_algorithm,8L + +# define SN_idea_ofb64 "IDEA-OFB" +# define LN_idea_ofb64 "idea-ofb" +# define NID_idea_ofb64 46 + +# define LN_pkcs9 "pkcs9" +# define NID_pkcs9 47 +# define OBJ_pkcs9 OBJ_pkcs,9L + +# define SN_pkcs9_emailAddress "Email" +# define LN_pkcs9_emailAddress "emailAddress" +# define NID_pkcs9_emailAddress 48 +# define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +# define LN_pkcs9_unstructuredName "unstructuredName" +# define NID_pkcs9_unstructuredName 49 +# define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +# define LN_pkcs9_contentType "contentType" +# define NID_pkcs9_contentType 50 +# define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +# define LN_pkcs9_messageDigest "messageDigest" +# define NID_pkcs9_messageDigest 51 +# define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +# define LN_pkcs9_signingTime "signingTime" +# define NID_pkcs9_signingTime 52 +# define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +# define LN_pkcs9_countersignature "countersignature" +# define NID_pkcs9_countersignature 53 +# define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +# define LN_pkcs9_challengePassword "challengePassword" +# define NID_pkcs9_challengePassword 54 +# define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +# define LN_pkcs9_unstructuredAddress "unstructuredAddress" +# define NID_pkcs9_unstructuredAddress 55 +# define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +# define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +# define NID_pkcs9_extCertAttributes 56 +# define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +# define SN_netscape "Netscape" +# define LN_netscape "Netscape Communications Corp." +# define NID_netscape 57 +# define OBJ_netscape 2L,16L,840L,1L,113730L + +# define SN_netscape_cert_extension "nsCertExt" +# define LN_netscape_cert_extension "Netscape Certificate Extension" +# define NID_netscape_cert_extension 58 +# define OBJ_netscape_cert_extension OBJ_netscape,1L + +# define SN_netscape_data_type "nsDataType" +# define LN_netscape_data_type "Netscape Data Type" +# define NID_netscape_data_type 59 +# define OBJ_netscape_data_type OBJ_netscape,2L + +# define SN_des_ede_cfb64 "DES-EDE-CFB" +# define LN_des_ede_cfb64 "des-ede-cfb" +# define NID_des_ede_cfb64 60 + +# define SN_des_ede3_cfb64 "DES-EDE3-CFB" +# define LN_des_ede3_cfb64 "des-ede3-cfb" +# define NID_des_ede3_cfb64 61 + +# define SN_des_ede_ofb64 "DES-EDE-OFB" +# define LN_des_ede_ofb64 "des-ede-ofb" +# define NID_des_ede_ofb64 62 + +# define SN_des_ede3_ofb64 "DES-EDE3-OFB" +# define LN_des_ede3_ofb64 "des-ede3-ofb" +# define NID_des_ede3_ofb64 63 + +/* I'm not sure about the object ID */ +# define SN_sha1 "SHA1" +# define LN_sha1 "sha1" +# define NID_sha1 64 +# define OBJ_sha1 OBJ_algorithm,26L +/* 28 Jun 1996 - eay */ +/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ + +# define SN_sha1WithRSAEncryption "RSA-SHA1" +# define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +# define NID_sha1WithRSAEncryption 65 +# define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L + +# define SN_dsaWithSHA "DSA-SHA" +# define LN_dsaWithSHA "dsaWithSHA" +# define NID_dsaWithSHA 66 +# define OBJ_dsaWithSHA OBJ_algorithm,13L + +# define SN_dsa_2 "DSA-old" +# define LN_dsa_2 "dsaEncryption-old" +# define NID_dsa_2 67 +# define OBJ_dsa_2 OBJ_algorithm,12L + +/* proposed by microsoft to RSA */ +# define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +# define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +# define NID_pbeWithSHA1AndRC2_CBC 68 +# define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L + +/* + * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined + * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely + * different. + */ +# define LN_id_pbkdf2 "PBKDF2" +# define NID_id_pbkdf2 69 +# define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L + +# define SN_dsaWithSHA1_2 "DSA-SHA1-old" +# define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +# define NID_dsaWithSHA1_2 70 +/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ +# define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +# define SN_netscape_cert_type "nsCertType" +# define LN_netscape_cert_type "Netscape Cert Type" +# define NID_netscape_cert_type 71 +# define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +# define SN_netscape_base_url "nsBaseUrl" +# define LN_netscape_base_url "Netscape Base Url" +# define NID_netscape_base_url 72 +# define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +# define SN_netscape_revocation_url "nsRevocationUrl" +# define LN_netscape_revocation_url "Netscape Revocation Url" +# define NID_netscape_revocation_url 73 +# define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +# define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +# define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +# define NID_netscape_ca_revocation_url 74 +# define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +# define SN_netscape_renewal_url "nsRenewalUrl" +# define LN_netscape_renewal_url "Netscape Renewal Url" +# define NID_netscape_renewal_url 75 +# define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +# define SN_netscape_ca_policy_url "nsCaPolicyUrl" +# define LN_netscape_ca_policy_url "Netscape CA Policy Url" +# define NID_netscape_ca_policy_url 76 +# define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +# define SN_netscape_ssl_server_name "nsSslServerName" +# define LN_netscape_ssl_server_name "Netscape SSL Server Name" +# define NID_netscape_ssl_server_name 77 +# define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +# define SN_netscape_comment "nsComment" +# define LN_netscape_comment "Netscape Comment" +# define NID_netscape_comment 78 +# define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +# define SN_netscape_cert_sequence "nsCertSequence" +# define LN_netscape_cert_sequence "Netscape Certificate Sequence" +# define NID_netscape_cert_sequence 79 +# define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +# define SN_desx_cbc "DESX-CBC" +# define LN_desx_cbc "desx-cbc" +# define NID_desx_cbc 80 + +# define SN_id_ce "id-ce" +# define NID_id_ce 81 +# define OBJ_id_ce 2L,5L,29L + +# define SN_subject_key_identifier "subjectKeyIdentifier" +# define LN_subject_key_identifier "X509v3 Subject Key Identifier" +# define NID_subject_key_identifier 82 +# define OBJ_subject_key_identifier OBJ_id_ce,14L + +# define SN_key_usage "keyUsage" +# define LN_key_usage "X509v3 Key Usage" +# define NID_key_usage 83 +# define OBJ_key_usage OBJ_id_ce,15L + +# define SN_private_key_usage_period "privateKeyUsagePeriod" +# define LN_private_key_usage_period "X509v3 Private Key Usage Period" +# define NID_private_key_usage_period 84 +# define OBJ_private_key_usage_period OBJ_id_ce,16L + +# define SN_subject_alt_name "subjectAltName" +# define LN_subject_alt_name "X509v3 Subject Alternative Name" +# define NID_subject_alt_name 85 +# define OBJ_subject_alt_name OBJ_id_ce,17L + +# define SN_issuer_alt_name "issuerAltName" +# define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +# define NID_issuer_alt_name 86 +# define OBJ_issuer_alt_name OBJ_id_ce,18L + +# define SN_basic_constraints "basicConstraints" +# define LN_basic_constraints "X509v3 Basic Constraints" +# define NID_basic_constraints 87 +# define OBJ_basic_constraints OBJ_id_ce,19L + +# define SN_crl_number "crlNumber" +# define LN_crl_number "X509v3 CRL Number" +# define NID_crl_number 88 +# define OBJ_crl_number OBJ_id_ce,20L + +# define SN_certificate_policies "certificatePolicies" +# define LN_certificate_policies "X509v3 Certificate Policies" +# define NID_certificate_policies 89 +# define OBJ_certificate_policies OBJ_id_ce,32L + +# define SN_authority_key_identifier "authorityKeyIdentifier" +# define LN_authority_key_identifier "X509v3 Authority Key Identifier" +# define NID_authority_key_identifier 90 +# define OBJ_authority_key_identifier OBJ_id_ce,35L + +# define SN_bf_cbc "BF-CBC" +# define LN_bf_cbc "bf-cbc" +# define NID_bf_cbc 91 +# define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +# define SN_bf_ecb "BF-ECB" +# define LN_bf_ecb "bf-ecb" +# define NID_bf_ecb 92 + +# define SN_bf_cfb64 "BF-CFB" +# define LN_bf_cfb64 "bf-cfb" +# define NID_bf_cfb64 93 + +# define SN_bf_ofb64 "BF-OFB" +# define LN_bf_ofb64 "bf-ofb" +# define NID_bf_ofb64 94 + +# define SN_mdc2 "MDC2" +# define LN_mdc2 "mdc2" +# define NID_mdc2 95 +# define OBJ_mdc2 2L,5L,8L,3L,101L +/* An alternative? 1L,3L,14L,3L,2L,19L */ + +# define SN_mdc2WithRSA "RSA-MDC2" +# define LN_mdc2WithRSA "mdc2withRSA" +# define NID_mdc2WithRSA 96 +# define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L + +# define SN_rc4_40 "RC4-40" +# define LN_rc4_40 "rc4-40" +# define NID_rc4_40 97 + +# define SN_rc2_40_cbc "RC2-40-CBC" +# define LN_rc2_40_cbc "rc2-40-cbc" +# define NID_rc2_40_cbc 98 + +# define SN_givenName "G" +# define LN_givenName "givenName" +# define NID_givenName 99 +# define OBJ_givenName OBJ_X509,42L + +# define SN_surname "S" +# define LN_surname "surname" +# define NID_surname 100 +# define OBJ_surname OBJ_X509,4L + +# define SN_initials "I" +# define LN_initials "initials" +# define NID_initials 101 +# define OBJ_initials OBJ_X509,43L + +# define SN_uniqueIdentifier "UID" +# define LN_uniqueIdentifier "uniqueIdentifier" +# define NID_uniqueIdentifier 102 +# define OBJ_uniqueIdentifier OBJ_X509,45L + +# define SN_crl_distribution_points "crlDistributionPoints" +# define LN_crl_distribution_points "X509v3 CRL Distribution Points" +# define NID_crl_distribution_points 103 +# define OBJ_crl_distribution_points OBJ_id_ce,31L + +# define SN_md5WithRSA "RSA-NP-MD5" +# define LN_md5WithRSA "md5WithRSA" +# define NID_md5WithRSA 104 +# define OBJ_md5WithRSA OBJ_algorithm,3L + +# define SN_serialNumber "SN" +# define LN_serialNumber "serialNumber" +# define NID_serialNumber 105 +# define OBJ_serialNumber OBJ_X509,5L + +# define SN_title "T" +# define LN_title "title" +# define NID_title 106 +# define OBJ_title OBJ_X509,12L + +# define SN_description "D" +# define LN_description "description" +# define NID_description 107 +# define OBJ_description OBJ_X509,13L + +/* CAST5 is CAST-128, I'm just sticking with the documentation */ +# define SN_cast5_cbc "CAST5-CBC" +# define LN_cast5_cbc "cast5-cbc" +# define NID_cast5_cbc 108 +# define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L + +# define SN_cast5_ecb "CAST5-ECB" +# define LN_cast5_ecb "cast5-ecb" +# define NID_cast5_ecb 109 + +# define SN_cast5_cfb64 "CAST5-CFB" +# define LN_cast5_cfb64 "cast5-cfb" +# define NID_cast5_cfb64 110 + +# define SN_cast5_ofb64 "CAST5-OFB" +# define LN_cast5_ofb64 "cast5-ofb" +# define NID_cast5_ofb64 111 + +# define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +# define NID_pbeWithMD5AndCast5_CBC 112 +# define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L + +/*- + * This is one sun will soon be using :-( + * id-dsa-with-sha1 ID ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } + */ +# define SN_dsaWithSHA1 "DSA-SHA1" +# define LN_dsaWithSHA1 "dsaWithSHA1" +# define NID_dsaWithSHA1 113 +# define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L + +# define NID_md5_sha1 114 +# define SN_md5_sha1 "MD5-SHA1" +# define LN_md5_sha1 "md5-sha1" + +# define SN_sha1WithRSA "RSA-SHA1-2" +# define LN_sha1WithRSA "sha1WithRSA" +# define NID_sha1WithRSA 115 +# define OBJ_sha1WithRSA OBJ_algorithm,29L + +# define SN_dsa "DSA" +# define LN_dsa "dsaEncryption" +# define NID_dsa 116 +# define OBJ_dsa 1L,2L,840L,10040L,4L,1L + +# define SN_ripemd160 "RIPEMD160" +# define LN_ripemd160 "ripemd160" +# define NID_ripemd160 117 +# define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +/* + * The name should actually be rsaSignatureWithripemd160, but I'm going to + * continue using the convention I'm using with the other ciphers + */ +# define SN_ripemd160WithRSA "RSA-RIPEMD160" +# define LN_ripemd160WithRSA "ripemd160WithRSA" +# define NID_ripemd160WithRSA 119 +# define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +/*- + * Taken from rfc2040 + * RC5_CBC_Parameters ::= SEQUENCE { + * version INTEGER (v1_0(16)), + * rounds INTEGER (8..127), + * blockSizeInBits INTEGER (64, 128), + * iv OCTET STRING OPTIONAL + * } + */ +# define SN_rc5_cbc "RC5-CBC" +# define LN_rc5_cbc "rc5-cbc" +# define NID_rc5_cbc 120 +# define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +# define SN_rc5_ecb "RC5-ECB" +# define LN_rc5_ecb "rc5-ecb" +# define NID_rc5_ecb 121 + +# define SN_rc5_cfb64 "RC5-CFB" +# define LN_rc5_cfb64 "rc5-cfb" +# define NID_rc5_cfb64 122 + +# define SN_rc5_ofb64 "RC5-OFB" +# define LN_rc5_ofb64 "rc5-ofb" +# define NID_rc5_ofb64 123 + +# define SN_rle_compression "RLE" +# define LN_rle_compression "run length compression" +# define NID_rle_compression 124 +# define OBJ_rle_compression 1L,1L,1L,1L,666L,1L + +# define SN_zlib_compression "ZLIB" +# define LN_zlib_compression "zlib compression" +# define NID_zlib_compression 125 +# define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L + +# define SN_ext_key_usage "extendedKeyUsage" +# define LN_ext_key_usage "X509v3 Extended Key Usage" +# define NID_ext_key_usage 126 +# define OBJ_ext_key_usage OBJ_id_ce,37 + +# define SN_id_pkix "PKIX" +# define NID_id_pkix 127 +# define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +# define SN_id_kp "id-kp" +# define NID_id_kp 128 +# define OBJ_id_kp OBJ_id_pkix,3L + +/* PKIX extended key usage OIDs */ + +# define SN_server_auth "serverAuth" +# define LN_server_auth "TLS Web Server Authentication" +# define NID_server_auth 129 +# define OBJ_server_auth OBJ_id_kp,1L + +# define SN_client_auth "clientAuth" +# define LN_client_auth "TLS Web Client Authentication" +# define NID_client_auth 130 +# define OBJ_client_auth OBJ_id_kp,2L + +# define SN_code_sign "codeSigning" +# define LN_code_sign "Code Signing" +# define NID_code_sign 131 +# define OBJ_code_sign OBJ_id_kp,3L + +# define SN_email_protect "emailProtection" +# define LN_email_protect "E-mail Protection" +# define NID_email_protect 132 +# define OBJ_email_protect OBJ_id_kp,4L + +# define SN_time_stamp "timeStamping" +# define LN_time_stamp "Time Stamping" +# define NID_time_stamp 133 +# define OBJ_time_stamp OBJ_id_kp,8L + +/* Additional extended key usage OIDs: Microsoft */ + +# define SN_ms_code_ind "msCodeInd" +# define LN_ms_code_ind "Microsoft Individual Code Signing" +# define NID_ms_code_ind 134 +# define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +# define SN_ms_code_com "msCodeCom" +# define LN_ms_code_com "Microsoft Commercial Code Signing" +# define NID_ms_code_com 135 +# define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +# define SN_ms_ctl_sign "msCTLSign" +# define LN_ms_ctl_sign "Microsoft Trust List Signing" +# define NID_ms_ctl_sign 136 +# define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +# define SN_ms_sgc "msSGC" +# define LN_ms_sgc "Microsoft Server Gated Crypto" +# define NID_ms_sgc 137 +# define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +# define SN_ms_efs "msEFS" +# define LN_ms_efs "Microsoft Encrypted File System" +# define NID_ms_efs 138 +# define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +/* Additional usage: Netscape */ + +# define SN_ns_sgc "nsSGC" +# define LN_ns_sgc "Netscape Server Gated Crypto" +# define NID_ns_sgc 139 +# define OBJ_ns_sgc OBJ_netscape,4L,1L + +# define SN_delta_crl "deltaCRL" +# define LN_delta_crl "X509v3 Delta CRL Indicator" +# define NID_delta_crl 140 +# define OBJ_delta_crl OBJ_id_ce,27L + +# define SN_crl_reason "CRLReason" +# define LN_crl_reason "CRL Reason Code" +# define NID_crl_reason 141 +# define OBJ_crl_reason OBJ_id_ce,21L + +# define SN_invalidity_date "invalidityDate" +# define LN_invalidity_date "Invalidity Date" +# define NID_invalidity_date 142 +# define OBJ_invalidity_date OBJ_id_ce,24L + +# define SN_sxnet "SXNetID" +# define LN_sxnet "Strong Extranet ID" +# define NID_sxnet 143 +# define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +/* PKCS12 and related OBJECT IDENTIFIERS */ + +# define OBJ_pkcs12 OBJ_pkcs,12L +# define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 + +# define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +# define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +# define NID_pbe_WithSHA1And128BitRC4 144 +# define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L + +# define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +# define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +# define NID_pbe_WithSHA1And40BitRC4 145 +# define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L + +# define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +# define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +# define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +# define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L + +# define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +# define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +# define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +# define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L + +# define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +# define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +# define NID_pbe_WithSHA1And128BitRC2_CBC 148 +# define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L + +# define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +# define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +# define NID_pbe_WithSHA1And40BitRC2_CBC 149 +# define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L + +# define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L + +# define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L + +# define LN_keyBag "keyBag" +# define NID_keyBag 150 +# define OBJ_keyBag OBJ_pkcs12_BagIds, 1L + +# define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +# define NID_pkcs8ShroudedKeyBag 151 +# define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L + +# define LN_certBag "certBag" +# define NID_certBag 152 +# define OBJ_certBag OBJ_pkcs12_BagIds, 3L + +# define LN_crlBag "crlBag" +# define NID_crlBag 153 +# define OBJ_crlBag OBJ_pkcs12_BagIds, 4L + +# define LN_secretBag "secretBag" +# define NID_secretBag 154 +# define OBJ_secretBag OBJ_pkcs12_BagIds, 5L + +# define LN_safeContentsBag "safeContentsBag" +# define NID_safeContentsBag 155 +# define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L + +# define LN_friendlyName "friendlyName" +# define NID_friendlyName 156 +# define OBJ_friendlyName OBJ_pkcs9, 20L + +# define LN_localKeyID "localKeyID" +# define NID_localKeyID 157 +# define OBJ_localKeyID OBJ_pkcs9, 21L + +# define OBJ_certTypes OBJ_pkcs9, 22L + +# define LN_x509Certificate "x509Certificate" +# define NID_x509Certificate 158 +# define OBJ_x509Certificate OBJ_certTypes, 1L + +# define LN_sdsiCertificate "sdsiCertificate" +# define NID_sdsiCertificate 159 +# define OBJ_sdsiCertificate OBJ_certTypes, 2L + +# define OBJ_crlTypes OBJ_pkcs9, 23L + +# define LN_x509Crl "x509Crl" +# define NID_x509Crl 160 +# define OBJ_x509Crl OBJ_crlTypes, 1L + +/* PKCS#5 v2 OIDs */ + +# define LN_pbes2 "PBES2" +# define NID_pbes2 161 +# define OBJ_pbes2 OBJ_pkcs,5L,13L + +# define LN_pbmac1 "PBMAC1" +# define NID_pbmac1 162 +# define OBJ_pbmac1 OBJ_pkcs,5L,14L + +# define LN_hmacWithSHA1 "hmacWithSHA1" +# define NID_hmacWithSHA1 163 +# define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +/* Policy Qualifier Ids */ + +# define LN_id_qt_cps "Policy Qualifier CPS" +# define SN_id_qt_cps "id-qt-cps" +# define NID_id_qt_cps 164 +# define OBJ_id_qt_cps OBJ_id_pkix,2L,1L + +# define LN_id_qt_unotice "Policy Qualifier User Notice" +# define SN_id_qt_unotice "id-qt-unotice" +# define NID_id_qt_unotice 165 +# define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L + +# define SN_rc2_64_cbc "RC2-64-CBC" +# define LN_rc2_64_cbc "rc2-64-cbc" +# define NID_rc2_64_cbc 166 + +# define SN_SMIMECapabilities "SMIME-CAPS" +# define LN_SMIMECapabilities "S/MIME Capabilities" +# define NID_SMIMECapabilities 167 +# define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +# define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +# define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +# define NID_pbeWithMD2AndRC2_CBC 168 +# define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L + +# define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +# define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +# define NID_pbeWithMD5AndRC2_CBC 169 +# define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L + +# define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +# define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +# define NID_pbeWithSHA1AndDES_CBC 170 +# define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L + +/* Extension request OIDs */ + +# define LN_ms_ext_req "Microsoft Extension Request" +# define SN_ms_ext_req "msExtReq" +# define NID_ms_ext_req 171 +# define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +# define LN_ext_req "Extension Request" +# define SN_ext_req "extReq" +# define NID_ext_req 172 +# define OBJ_ext_req OBJ_pkcs9,14L + +# define SN_name "name" +# define LN_name "name" +# define NID_name 173 +# define OBJ_name OBJ_X509,41L + +# define SN_dnQualifier "dnQualifier" +# define LN_dnQualifier "dnQualifier" +# define NID_dnQualifier 174 +# define OBJ_dnQualifier OBJ_X509,46L + +# define SN_id_pe "id-pe" +# define NID_id_pe 175 +# define OBJ_id_pe OBJ_id_pkix,1L + +# define SN_id_ad "id-ad" +# define NID_id_ad 176 +# define OBJ_id_ad OBJ_id_pkix,48L + +# define SN_info_access "authorityInfoAccess" +# define LN_info_access "Authority Information Access" +# define NID_info_access 177 +# define OBJ_info_access OBJ_id_pe,1L + +# define SN_ad_OCSP "OCSP" +# define LN_ad_OCSP "OCSP" +# define NID_ad_OCSP 178 +# define OBJ_ad_OCSP OBJ_id_ad,1L + +# define SN_ad_ca_issuers "caIssuers" +# define LN_ad_ca_issuers "CA Issuers" +# define NID_ad_ca_issuers 179 +# define OBJ_ad_ca_issuers OBJ_id_ad,2L + +# define SN_OCSP_sign "OCSPSigning" +# define LN_OCSP_sign "OCSP Signing" +# define NID_OCSP_sign 180 +# define OBJ_OCSP_sign OBJ_id_kp,9L +# endif /* USE_OBJ_MAC */ + +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +void OBJ_cleanup(void); +int OBJ_create_objects(BIO *in); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + +extern int obj_cleanup_defer; +void check_defer(int nid); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_OBJ_strings(void); + +/* Error codes for the OBJ functions. */ + +/* Function codes. */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 + +/* Reason codes. */ +# define OBJ_R_MALLOC_FAILURE 100 +# define OBJ_R_UNKNOWN_NID 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ocsp.h b/libs/mac/include/openssl/ocsp.h new file mode 100644 index 00000000..ca2ee76d --- /dev/null +++ b/libs/mac/include/openssl/ocsp.h @@ -0,0 +1,637 @@ +/* ocsp.h */ +/* + * Written by Tom Titchener for the OpenSSL + * project. + */ + +/* + * History: This file was transfered to Richard Levitte from CertCo by Kathy + * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a + * patch kit. + */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +/*- CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +typedef struct ocsp_cert_id_st { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; +} OCSP_CERTID; + +DECLARE_STACK_OF(OCSP_CERTID) + +/*- Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_one_request_st { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; +} OCSP_ONEREQ; + +DECLARE_STACK_OF(OCSP_ONEREQ) +DECLARE_ASN1_SET_OF(OCSP_ONEREQ) + +/*- TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_req_info_st { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; +} OCSP_REQINFO; + +/*- Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +typedef struct ocsp_signature_st { + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} OCSP_SIGNATURE; + +/*- OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +typedef struct ocsp_request_st { + OCSP_REQINFO *tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +} OCSP_REQUEST; + +/*- OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +/*- ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +typedef struct ocsp_resp_bytes_st { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +} OCSP_RESPBYTES; + +/*- OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; +}; + +/*- ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 +struct ocsp_responder_id_st { + int type; + union { + X509_NAME *byName; + ASN1_OCTET_STRING *byKey; + } value; +}; + +DECLARE_STACK_OF(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + +/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/*- RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +typedef struct ocsp_revoked_info_st { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +} OCSP_REVOKEDINFO; + +/*- CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 +typedef struct ocsp_cert_status_st { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; +} OCSP_CERTSTATUS; + +/*- SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_single_response_st { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +} OCSP_SINGLERESP; + +DECLARE_STACK_OF(OCSP_SINGLERESP) +DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) + +/*- ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID *responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +} OCSP_RESPDATA; + +/*- BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* + * Note 1: The value for "signature" is specified in the OCSP rfc2560 as + * follows: "The value for the signature SHALL be computed on the hash of + * the DER encoding ResponseData." This means that you must hash the + * DER-encoded tbsResponseData, and then run it through a crypto-signing + * function, which will (at least w/RSA) do a hash-'n'-private-encrypt + * operation. This seems a bit odd, but that's the spec. Also note that + * the data structures do not leave anywhere to independently specify the + * algorithm used for the initial hash. So, we look at the + * signature-specification algorithm, and try to do something intelligent. + * -- Kathy Weinhold, CertCo + */ + /* + * Note 2: It seems that the mentioned passage from RFC 2560 (section + * 4.2.1) is open for interpretation. I've done tests against another + * responder, and found that it doesn't do the double hashing that the RFC + * seems to say one should. Therefore, all relevant functions take a flag + * saying which variant should be used. -- Richard Levitte, OpenSSL team + * and CeloCom + */ +typedef struct ocsp_basic_response_st { + OCSP_RESPDATA *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} OCSP_BASICRESP; + +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + +/*- + * CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +typedef struct ocsp_crl_id_st { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; +} OCSP_CRLID; + +/*- + * ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +typedef struct ocsp_service_locator_st { + X509_NAME *issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; +} OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ + o->optionalSignature->signatureAlgorithm,NULL,\ + o->optionalSignature->signature,o->tbsRequest,pkey,md) + +# define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ + o->signature,o->tbsResponseData,pkey,md) + +# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ + a->optionalSignature->signatureAlgorithm,\ + a->optionalSignature->signature,a->tbsRequest,r) + +# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + X509_NAME *issuerName, + ASN1_BIT_STRING *issuerKey, + ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_OCSP_strings(void); + +/* Error codes for the OCSP functions. */ + +/* Function codes. */ +# define OCSP_F_ASN1_STRING_ENCODE 100 +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_OCSP_SENDREQ_BIO 112 +# define OCSP_F_OCSP_SENDREQ_NBIO 117 +# define OCSP_F_PARSE_HTTP_LINE1 118 +# define OCSP_F_REQUEST_VERIFY 113 + +/* Reason codes. */ +# define OCSP_R_BAD_DATA 100 +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_CONTENT 106 +# define OCSP_R_NO_PUBLIC_KEY 107 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_READ_ERROR 113 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SERVER_WRITE_ERROR 116 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/opensslconf.h b/libs/mac/include/openssl/opensslconf.h new file mode 100644 index 00000000..076cb4e9 --- /dev/null +++ b/libs/mac/include/openssl/opensslconf.h @@ -0,0 +1,279 @@ +/* opensslconf.h */ +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + +#ifdef __cplusplus +extern "C" { +#endif +/* OpenSSL was configured with the following options: */ +#ifndef OPENSSL_SYSNAME_MACOSX +# define OPENSSL_SYSNAME_MACOSX +#endif +#ifndef OPENSSL_DOING_MAKEDEPEND + + +#ifndef OPENSSL_NO_COMP +# define OPENSSL_NO_COMP +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif +#ifndef OPENSSL_NO_JPAKE +# define OPENSSL_NO_JPAKE +#endif +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif +#ifndef OPENSSL_NO_LIBUNBOUND +# define OPENSSL_NO_LIBUNBOUND +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ + +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +#endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_COMP) && !defined(NO_COMP) +# define NO_COMP +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) +# define NO_JPAKE +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) +# define NO_LIBUNBOUND +# endif +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) +# define NO_SCTP +# endif +# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) +# define NO_SSL_TRACE +# endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif +# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3) +# define NO_SSL3 +# endif +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE +# endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif +# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) +# define NO_WEAK_SSL_CIPHERS +# endif +#endif + +#define OPENSSL_CPUID_OBJ + +/* crypto/opensslconf.h.in */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/local/Cellar/openssl/1.0.2o_1/lib/engines" +#define OPENSSLDIR "/usr/local/etc/openssl" +#endif +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/libs/mac/include/openssl/opensslv.h b/libs/mac/include/openssl/opensslv.h new file mode 100644 index 00000000..77f124e2 --- /dev/null +++ b/libs/mac/include/openssl/opensslv.h @@ -0,0 +1,97 @@ +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x100020ffL +# ifdef OPENSSL_FIPS +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" +# else +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" +# endif +# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major verson number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.0.0" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/libs/mac/include/openssl/ossl_typ.h b/libs/mac/include/openssl/ossl_typ.h new file mode 100644 index 00000000..364d2623 --- /dev/null +++ b/libs/mac/include/openssl/ossl_typ.h @@ -0,0 +1,213 @@ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; + +# ifdef OPENSSL_SYS_WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef X509_CERT_PAIR +# undef PKCS7_ISSUER_AND_SERIAL +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct env_md_st EVP_MD; +typedef struct env_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; + +typedef struct rand_meth_st RAND_METHOD; + +typedef struct ecdh_method ECDH_METHOD; +typedef struct ecdsa_method ECDSA_METHOD; + +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; + +typedef struct store_st STORE; +typedef struct store_method_st STORE_METHOD; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct st_ERR_FNS ERR_FNS; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ +# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ +# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Callback types for crypto.h */ +typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/libs/mac/include/openssl/pem.h b/libs/mac/include/openssl/pem.h new file mode 100644 index 00000000..aac72fb2 --- /dev/null +++ b/libs/mac/include/openssl/pem.h @@ -0,0 +1,617 @@ +/* crypto/pem/pem.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# ifndef OPENSSL_NO_BIO +# include +# endif +# ifndef OPENSSL_NO_STACK +# include +# endif +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_OBJ_UNDEF 0 +# define PEM_OBJ_X509 1 +# define PEM_OBJ_X509_REQ 2 +# define PEM_OBJ_CRL 3 +# define PEM_OBJ_SSL_SESSION 4 +# define PEM_OBJ_PRIV_KEY 10 +# define PEM_OBJ_PRIV_RSA 11 +# define PEM_OBJ_PRIV_DSA 12 +# define PEM_OBJ_PRIV_DH 13 +# define PEM_OBJ_PUB_RSA 14 +# define PEM_OBJ_PUB_DSA 15 +# define PEM_OBJ_PUB_DH 16 +# define PEM_OBJ_DHPARAMS 17 +# define PEM_OBJ_DSAPARAMS 18 +# define PEM_OBJ_PRIV_RSA_PUBLIC 19 +# define PEM_OBJ_PRIV_ECDSA 20 +# define PEM_OBJ_PUB_ECDSA 21 +# define PEM_OBJ_ECPARAMETERS 22 + +# define PEM_ERROR 30 +# define PEM_DEK_DES_CBC 40 +# define PEM_DEK_IDEA_CBC 45 +# define PEM_DEK_DES_EDE 50 +# define PEM_DEK_DES_ECB 60 +# define PEM_DEK_RSA 70 +# define PEM_DEK_RSA_MD2 80 +# define PEM_DEK_RSA_MD5 90 + +# define PEM_MD_MD2 NID_md2 +# define PEM_MD_MD5 NID_md5 +# define PEM_MD_SHA NID_sha +# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + + /* + * Note that this structure is initialised by PEM_SealInit and cleaned up + * by PEM_SealFinal (at least for now) + */ +typedef struct PEM_Encode_Seal_st { + EVP_ENCODE_CTX encode; + EVP_MD_CTX md; + EVP_CIPHER_CTX cipher; +} PEM_ENCODE_SEAL_CTX; + +/* enc_type is one off */ +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +typedef struct pem_recip_st { + char *name; + X509_NAME *dn; + int cipher; + int key_enc; + /* char iv[8]; unused and wrong size */ +} PEM_USER; + +typedef struct pem_ctx_st { + int type; /* what type of object */ + struct { + int version; + int mode; + } proc_type; + + char *domain; + + struct { + int cipher; + /*- + unused, and wrong size + unsigned char iv[8]; */ + } DEK_info; + + PEM_USER *originator; + + int num_recipient; + PEM_USER **recipient; +/*- + XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ + EVP_MD *md; /* signature type */ + + int md_enc; /* is the md encrypted or not? */ + int md_len; /* length of md_data */ + char *md_data; /* message digest, could be pkey encrypted */ + + EVP_CIPHER *dec; /* date encryption cipher */ + int key_len; /* key length */ + unsigned char *key; /* key */ + /*- + unused, and wrong size + unsigned char iv[8]; */ + + int data_enc; /* is the data encrypted */ + int data_len; + unsigned char *data; +} PEM_CTX; + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_FP_API + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_FP_API) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# ifndef OPENSSL_NO_BIO +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# else + +# define DECLARE_PEM_read_bio(name, type) /**/ +# define DECLARE_PEM_write_bio(name, type) /**/ +# define DECLARE_PEM_write_bio_const(name, type) /**/ +# define DECLARE_PEM_write_cb_bio(name, type) /**/ +# endif +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +# if 1 +/* "userdata": new with OpenSSL 0.9.4 */ +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); +# else +/* OpenSSL 0.9.3, 0.9.3a */ +typedef int pem_password_cb (char *buf, int size, int rwflag); +# endif + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +# ifndef OPENSSL_NO_BIO +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); +# endif + +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); + +int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, + EVP_MD *md_type, unsigned char **ek, int *ekl, + unsigned char *iv, EVP_PKEY **pubk, int npubk); +void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl); +int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv); + +void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +int PEM_def_callback(char *buf, int num, int w, void *key); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); + +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +void ERR_load_PEM_strings(void); + +/* Error codes for the PEM functions. */ + +/* Function codes. */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_PK8PKEY 119 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SEALFINAL 110 +# define PEM_F_PEM_SEALINIT 111 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PUBLIC_KEY_NO_RSA 110 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/libs/mac/include/openssl/pem2.h b/libs/mac/include/openssl/pem2.h new file mode 100644 index 00000000..84897d5e --- /dev/null +++ b/libs/mac/include/openssl/pem2.h @@ -0,0 +1,70 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * This header only exists to break a circular dependency between pem and err + * Ben 30 Jan 1999. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef HEADER_PEM_H +void ERR_load_PEM_strings(void); +#endif + +#ifdef __cplusplus +} +#endif diff --git a/libs/mac/include/openssl/pkcs12.h b/libs/mac/include/openssl/pkcs12.h new file mode 100644 index 00000000..21f1f62b --- /dev/null +++ b/libs/mac/include/openssl/pkcs12.h @@ -0,0 +1,342 @@ +/* pkcs12.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* Uncomment out next line for unicode password and names, otherwise ASCII */ + +/* + * #define PBE_UNICODE + */ + +# ifdef PBE_UNICODE +# define PKCS12_key_gen PKCS12_key_gen_uni +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni +# else +# define PKCS12_key_gen PKCS12_key_gen_asc +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc +# endif + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct { + X509_SIG *dinfo; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; /* defaults to 1 */ +} PKCS12_MAC_DATA; + +typedef struct { + ASN1_INTEGER *version; + PKCS12_MAC_DATA *mac; + PKCS7 *authsafes; +} PKCS12; + +typedef struct { + ASN1_OBJECT *type; + union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ + struct pkcs8_priv_key_info_st *keybag; /* keybag */ + X509_SIG *shkeybag; /* shrouded key bag */ + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; + } value; + STACK_OF(X509_ATTRIBUTE) *attrib; +} PKCS12_SAFEBAG; + +DECLARE_STACK_OF(PKCS12_SAFEBAG) +DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) +DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st { + ASN1_OBJECT *type; + union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ + } value; +} PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +# define M_PKCS12_x5092certbag PKCS12_x5092certbag +# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag + +# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 +# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl + +# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data +# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes +# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes +# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata + +# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey +# define M_PKCS8_decrypt PKCS8_decrypt + +# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) +# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type + +# define PKCS12_get_attr(bag, attr_nid) \ + PKCS12_get_attr_gen(bag->attrib, attr_nid) + +# define PKCS8_get_attr(p8, attr_nid) \ + PKCS12_get_attr_gen(p8->attributes, attr_nid) + +# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) + +PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); +PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); +X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, + int passlen, unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, + int passlen, unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_PKCS12_strings(void); + +/* Error codes for the PKCS12 functions. */ + +/* Function codes. */ +# define PKCS12_F_PARSE_BAG 129 +# define PKCS12_F_PARSE_BAGS 103 +# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 +# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 +# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 +# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 +# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 +# define PKCS12_F_PKCS8_ENCRYPT 125 + +/* Reason codes. */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_ERROR 112 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/pkcs7.h b/libs/mac/include/openssl/pkcs7.h new file mode 100644 index 00000000..b51b3863 --- /dev/null +++ b/libs/mac/include/openssl/pkcs7.h @@ -0,0 +1,481 @@ +/* crypto/pkcs7/pkcs7.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_SYS_WIN32 +/* Under Win32 thes are defined in wincrypt.h */ +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DECLARE_STACK_OF(PKCS7_SIGNER_INFO) +DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DECLARE_STACK_OF(PKCS7_RECIP_INFO) +DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DECLARE_STACK_OF(PKCS7) +DECLARE_ASN1_SET_OF(PKCS7) +DECLARE_PKCS12_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_FP_API +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_PKCS7_strings(void); + +/* Error codes for the PKCS7 functions. */ + +/* Function codes. */ +# define PKCS7_F_B64_READ_PKCS7 120 +# define PKCS7_F_B64_WRITE_PKCS7 121 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATASIGN 106 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 +# define PKCS7_F_SMIME_READ_PKCS7 122 +# define PKCS7_F_SMIME_TEXT 123 + +/* Reason codes. */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECODE_ERROR 130 +# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_MIME_TYPE 131 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +# define PKCS7_R_MIME_PARSE_ERROR 133 +# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 +# define PKCS7_R_MISSING_CERIPEND_INFO 103 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_CONTENT_TYPE 135 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATAFINAL 126 +# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PKCS7_PARSE_ERROR 139 +# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/pqueue.h b/libs/mac/include/openssl/pqueue.h new file mode 100644 index 00000000..d40d9c7d --- /dev/null +++ b/libs/mac/include/openssl/pqueue.h @@ -0,0 +1,99 @@ +/* crypto/pqueue/pqueue.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PQUEUE_H +# define HEADER_PQUEUE_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif +typedef struct _pqueue *pqueue; + +typedef struct _pitem { + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + void *data; + struct _pitem *next; +} pitem; + +typedef struct _pitem *piterator; + +pitem *pitem_new(unsigned char *prio64be, void *data); +void pitem_free(pitem *item); + +pqueue pqueue_new(void); +void pqueue_free(pqueue pq); + +pitem *pqueue_insert(pqueue pq, pitem *item); +pitem *pqueue_peek(pqueue pq); +pitem *pqueue_pop(pqueue pq); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); +pitem *pqueue_iterator(pqueue pq); +pitem *pqueue_next(piterator *iter); + +void pqueue_print(pqueue pq); +int pqueue_size(pqueue pq); + +#ifdef __cplusplus +} +#endif +#endif /* ! HEADER_PQUEUE_H */ diff --git a/libs/mac/include/openssl/rand.h b/libs/mac/include/openssl/rand.h new file mode 100644 index 00000000..2553afda --- /dev/null +++ b/libs/mac/include/openssl/rand.h @@ -0,0 +1,150 @@ +/* crypto/rand/rand.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include + +# if defined(OPENSSL_SYS_WINDOWS) +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if defined(OPENSSL_FIPS) +# define FIPS_RAND_SIZE_T size_t +# endif + +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st { + void (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + void (*add) (const void *buf, int num, double entropy); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +# ifdef BN_DEBUG +extern int rand_predictable; +# endif + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif +RAND_METHOD *RAND_SSLeay(void); +void RAND_cleanup(void); +int RAND_bytes(unsigned char *buf, int num); +int RAND_pseudo_bytes(unsigned char *buf, int num); +void RAND_seed(const void *buf, int num); +void RAND_add(const void *buf, int num, double entropy); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +int RAND_poll(void); + +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) + +void RAND_screen(void); +int RAND_event(UINT, WPARAM, LPARAM); + +# endif + +# ifdef OPENSSL_FIPS +void RAND_set_fips_drbg_type(int type, int flags); +int RAND_init_fips(void); +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_RAND_strings(void); + +/* Error codes for the RAND functions. */ + +/* Function codes. */ +# define RAND_F_RAND_GET_RAND_METHOD 101 +# define RAND_F_RAND_INIT_FIPS 102 +# define RAND_F_SSLEAY_RAND_BYTES 100 + +/* Reason codes. */ +# define RAND_R_DUAL_EC_DRBG_DISABLED 104 +# define RAND_R_ERROR_INITIALISING_DRBG 102 +# define RAND_R_ERROR_INSTANTIATING_DRBG 103 +# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 +# define RAND_R_PRNG_NOT_SEEDED 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/rc2.h b/libs/mac/include/openssl/rc2.h new file mode 100644 index 00000000..29d02d73 --- /dev/null +++ b/libs/mac/include/openssl/rc2.h @@ -0,0 +1,103 @@ +/* crypto/rc2/rc2.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include /* OPENSSL_NO_RC2, RC2_INT */ +# ifdef OPENSSL_NO_RC2 +# error RC2 is disabled. +# endif + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +# ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits); +# endif +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/rc4.h b/libs/mac/include/openssl/rc4.h new file mode 100644 index 00000000..39162b16 --- /dev/null +++ b/libs/mac/include/openssl/rc4.h @@ -0,0 +1,88 @@ +/* crypto/rc4/rc4.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include /* OPENSSL_NO_RC4, RC4_INT */ +# ifdef OPENSSL_NO_RC4 +# error RC4 is disabled. +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/ripemd.h b/libs/mac/include/openssl/ripemd.h new file mode 100644 index 00000000..b88ef25e --- /dev/null +++ b/libs/mac/include/openssl/ripemd.h @@ -0,0 +1,105 @@ +/* crypto/ripemd/ripemd.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_RIPEMD +# error RIPEMD is disabled. +# endif + +# if defined(__LP32__) +# define RIPEMD160_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define RIPEMD160_LONG unsigned long +# define RIPEMD160_LONG_LOG2 3 +# else +# define RIPEMD160_LONG unsigned int +# endif + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +# ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +# endif +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/rsa.h b/libs/mac/include/openssl/rsa.h new file mode 100644 index 00000000..d2ee3740 --- /dev/null +++ b/libs/mac/include/openssl/rsa.h @@ -0,0 +1,664 @@ +/* crypto/rsa/rsa.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif + +# ifdef OPENSSL_NO_RSA +# error RSA is disabled. +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Declared already in ossl_typ.h */ +/* typedef struct rsa_st RSA; */ +/* typedef struct rsa_meth_st RSA_METHOD; */ + +struct rsa_meth_st { + const char *name; + int (*rsa_pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + /* Can be null */ + int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + /* Can be null */ + int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + /* called at new */ + int (*init) (RSA *rsa); + /* called at free */ + int (*finish) (RSA *rsa); + /* RSA_METHOD_FLAG_* things */ + int flags; + /* may be needed! */ + char *app_data; + /* + * New sign and verify functions: some libraries don't allow arbitrary + * data to be signed/verified: this allows them to be used. Note: for + * this to work the RSA_public_decrypt() and RSA_private_encrypt() should + * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: + * for backwards compatibility this functionality is only enabled if the + * RSA_FLAG_SIGN_VER option is set in 'flags'. + */ + int (*rsa_sign) (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); + int (*rsa_verify) (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); + /* + * If this callback is NULL, the builtin software RSA key-gen will be + * used. This is for behavioural compatibility whilst the code gets + * rewired, but one day it would be nice to assume there are no such + * things as "builtin software" implementations. + */ + int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +}; + +struct rsa_st { + /* + * The first parameter is used to pickup errors where this is passed + * instead of aEVP_PKEY, it is set to 0 + */ + int pad; + long version; + const RSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + int references; + int flags; + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + /* + * all BIGNUM values are actually in the following data, if it is not + * NULL + */ + char *bignum_data; + BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; +}; + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify + * functions. + */ +# define RSA_FLAG_SIGN_VER 0x0040 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +/* + * new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0100 +# ifdef OPENSSL_USE_DEPRECATED +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ + EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ + len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ + 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_size(const RSA *rsa); + +/* Deprecated version */ +# ifndef OPENSSL_NO_DEPRECATED +RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), void *cb_arg); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +int RSA_check_key(const RSA *); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* This function needs the memory locking malloc callbacks to be installed */ +int RSA_memory_lock(RSA *r); + +/* these are the actual SSLeay RSA functions */ +const RSA_METHOD *RSA_PKCS1_SSLeay(void); + +const RSA_METHOD *RSA_null_method(void); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +typedef struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; +} RSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +# ifndef OPENSSL_NO_BIO +int RSA_print(BIO *bp, const RSA *r, int offset); +# endif + +# ifndef OPENSSL_NO_RC4 +int i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb) (char *buf, int len, const char *prompt, + int verify), int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb) (char *buf, int len, const char *prompt, + int verify), int sgckey); + +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb) (char *buf, int len, const char *prompt, + int verify)); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb) (char *buf, int len, const char *prompt, + int verify)); +# endif + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_RSA_strings(void); + +/* Error codes for the RSA functions. */ + +/* Function codes. */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_DO_RSA_PRINT 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_MEMORY_LOCK 100 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 154 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 157 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CMS_DECRYPT 158 +# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_GENERATE_KEY 105 +# define RSA_F_RSA_GENERATE_KEY_EX 155 +# define RSA_F_RSA_ITEM_VERIFY 156 +# define RSA_F_RSA_MEMORY_LOCK 130 +# define RSA_F_RSA_MGF1_TO_MD 159 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_MOD_EXP 131 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIVATE_DECRYPT 150 +# define RSA_F_RSA_PRIVATE_ENCRYPT 151 +# define RSA_F_RSA_PRIV_DECODE 137 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_TO_CTX 162 +# define RSA_F_RSA_PUBLIC_DECRYPT 152 +# define RSA_F_RSA_PUBLIC_ENCRYPT 153 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 + +/* Reason codes. */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 166 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 160 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_KEYBITS 145 +# define RSA_R_INVALID_LABEL 161 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_OAEP_PARAMETERS 162 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_NON_FIPS_RSA_METHOD 157 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 163 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNKNOWN_PSS_DIGEST 152 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/safestack.h b/libs/mac/include/openssl/safestack.h new file mode 100644 index 00000000..1d4f87ea --- /dev/null +++ b/libs/mac/include/openssl/safestack.h @@ -0,0 +1,2672 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef CHECKED_PTR_OF +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# endif + +/* + * In C++ we get problems because an explicit cast is needed from (void *) we + * use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +# define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +# define CHECKED_SK_COPY_FUNC(type, p) \ + ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) + +# define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +# define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +# define STACK_OF(type) struct stack_st_##type +# define PREDECLARE_STACK_OF(type) STACK_OF(type); + +# define DECLARE_STACK_OF(type) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; +# define DECLARE_SPECIAL_STACK_OF(type, type2) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; + +/* nada (obsolete in new safestack approach)*/ +# define IMPLEMENT_STACK_OF(type) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * SKM_sk_... stack macros are internal to safestack.h: never use them + * directly, use sk__... instead + */ +# define SKM_sk_new(type, cmp) \ + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +# define SKM_sk_new_null(type) \ + ((STACK_OF(type) *)sk_new_null()) +# define SKM_sk_free(type, st) \ + sk_free(CHECKED_STACK_OF(type, st)) +# define SKM_sk_num(type, st) \ + sk_num(CHECKED_STACK_OF(type, st)) +# define SKM_sk_value(type, st,i) \ + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) +# define SKM_sk_set(type, st,i,val) \ + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) +# define SKM_sk_zero(type, st) \ + sk_zero(CHECKED_STACK_OF(type, st)) +# define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +# define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +# define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +# define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +# define SKM_sk_set_cmp_func(type, st, cmp) \ + ((int (*)(const type * const *,const type * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) +# define SKM_sk_dup(type, st) \ + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ + (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_shift(type, st) \ + (type *)sk_shift(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop(type, st) \ + (type *)sk_pop(CHECKED_STACK_OF(type, st)) +# define SKM_sk_sort(type, st) \ + sk_sort(CHECKED_STACK_OF(type, st)) +# define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) +# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ + pp, length, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + ex_tag, ex_class) +# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ + i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ + CHECKED_I2D_OF(type, i2d_func), \ + ex_tag, ex_class, is_set) +# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ + ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ + CHECKED_I2D_OF(type, i2d_func), buf, len) +# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ + (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ + (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + pass, passlen, oct, seq) +/* + * This block of defines is updated by util/mkstack.pl, please do not touch! + */ +# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) +# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) +# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) +# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) +# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) +# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) +# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) +# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) +# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) +# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) +# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) +# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) +# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) +# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) +# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) +# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) +# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) +# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) +# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) +# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) +# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) +# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) +# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) +# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) +# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) +# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) +# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) +# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) +# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) +# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) +# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) +# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) +# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) +# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) +# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) +# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) +# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) +# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) +# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) +# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) +# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) +# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) +# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) +# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) +# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) +# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) +# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) +# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) +# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) +# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) +# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) +# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) +# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) +# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) +# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) +# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) +# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) +# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) +# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) +# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) +# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) +# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) +# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) +# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) +# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) +# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) +# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) +# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) +# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) +# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) +# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) +# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) +# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) +# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) +# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) +# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) +# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) +# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) +# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) +# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) +# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) +# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) +# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) +# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) +# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) +# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) +# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) +# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) +# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) +# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) +# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) +# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) +# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) +# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) +# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) +# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) +# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) +# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) +# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) +# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) +# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) +# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) +# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) +# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) +# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) +# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) +# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) +# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) +# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) +# define sk_BIO_new_null() SKM_sk_new_null(BIO) +# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) +# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) +# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) +# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) +# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) +# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) +# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) +# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) +# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) +# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) +# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) +# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) +# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) +# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) +# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) +# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) +# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) +# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) +# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) +# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) +# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) +# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) +# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) +# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) +# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) +# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) +# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) +# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) +# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) +# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) +# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) +# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) +# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) +# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) +# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) +# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) +# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) +# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) +# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) +# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) +# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) +# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) +# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) +# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) +# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) +# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) +# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) +# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) +# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) +# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) +# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) +# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) +# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) +# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) +# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) +# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) +# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) +# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) +# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) +# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) +# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) +# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) +# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) +# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) +# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) +# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) +# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) +# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) +# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) +# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) +# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) +# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) +# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) +# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) +# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) +# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) +# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) +# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) +# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) +# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) +# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) +# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) +# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) +# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) +# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) +# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) +# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) +# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) +# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) +# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) +# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) +# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) +# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) +# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) +# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) +# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) +# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) +# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) +# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) +# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) +# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) +# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) +# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) +# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) +# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) +# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) +# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) +# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) +# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) +# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) +# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) +# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) +# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) +# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) +# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) +# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) +# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) +# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) +# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) +# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) +# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) +# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) +# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) +# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) +# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) +# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) +# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) +# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) +# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) +# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) +# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) +# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) +# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) +# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) +# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) +# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) +# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) +# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) +# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) +# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) +# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) +# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) +# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) +# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) +# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) +# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) +# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) +# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) +# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) +# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) +# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) +# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) +# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) +# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) +# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) +# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) +# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) +# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) +# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) +# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) +# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) +# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) +# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) +# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) +# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) +# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) +# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) +# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) +# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) +# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) +# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) +# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) +# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) +# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) +# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) +# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) +# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) +# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) +# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) +# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) +# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) +# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) +# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) +# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) +# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) +# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) +# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) +# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) +# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) +# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) +# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) +# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) +# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) +# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) +# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) +# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) +# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) +# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) +# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) +# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) +# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) +# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) +# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) +# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) +# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) +# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) +# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) +# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) +# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) +# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) +# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) +# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) +# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) +# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) +# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) +# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) +# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) +# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) +# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) +# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) +# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) +# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) +# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) +# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) +# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) +# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) +# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) +# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) +# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) +# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) +# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) +# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) +# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) +# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) +# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) +# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) +# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) +# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) +# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) +# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) +# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) +# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) +# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) +# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) +# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) +# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) +# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) +# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) +# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) +# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) +# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) +# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) +# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) +# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) +# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) +# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) +# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) +# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) +# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) +# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) +# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) +# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) +# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) +# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) +# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) +# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) +# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) +# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) +# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) +# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) +# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) +# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) +# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) +# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) +# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) +# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) +# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) +# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) +# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) +# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) +# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) +# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) +# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) +# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) +# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) +# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) +# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) +# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) +# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) +# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) +# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) +# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) +# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) +# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) +# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) +# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) +# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) +# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) +# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) +# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) +# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) +# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) +# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) +# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) +# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) +# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) +# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) +# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) +# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) +# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) +# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) +# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) +# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) +# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) +# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) +# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) +# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) +# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) +# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) +# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) +# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) +# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) +# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) +# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) +# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) +# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) +# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) +# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) +# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) +# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) +# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) +# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) +# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) +# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) +# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) +# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) +# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) +# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) +# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) +# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) +# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) +# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) +# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) +# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) +# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) +# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) +# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) +# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) +# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) +# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) +# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) +# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) +# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) +# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) +# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) +# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) +# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) +# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) +# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) +# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) +# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) +# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) +# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) +# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) +# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) +# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) +# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) +# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) +# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) +# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) +# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) +# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) +# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) +# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) +# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) +# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) +# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) +# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) +# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) +# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) +# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) +# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) +# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) +# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) +# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) +# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) +# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) +# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) +# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) +# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) +# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) +# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) +# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) +# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) +# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) +# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) +# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) +# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) +# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) +# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) +# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) +# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) +# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) +# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) +# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) +# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) +# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) +# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) +# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) +# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) +# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) +# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) +# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) +# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) +# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) +# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) +# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) +# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) +# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) +# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) +# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) +# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) +# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) +# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) +# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) +# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) +# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) +# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) +# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) +# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) +# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) +# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) +# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) +# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) +# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) +# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) +# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) +# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) +# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) +# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) +# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) +# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) +# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) +# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) +# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) +# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) +# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) +# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) +# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) +# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) +# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) +# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) +# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) +# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) +# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) +# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) +# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) +# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) +# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) +# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) +# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) +# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) +# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) +# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) +# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) +# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) +# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) +# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) +# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) +# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) +# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) +# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) +# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) +# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) +# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) +# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) +# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) +# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) +# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) +# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) +# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) +# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) +# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) +# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) +# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) +# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) +# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) +# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) +# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) +# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) +# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) +# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) +# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) +# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) +# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) +# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) +# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) +# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) +# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) +# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) +# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) +# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) +# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) +# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) +# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) +# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) +# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) +# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) +# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) +# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) +# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) +# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) +# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) +# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) +# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) +# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) +# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) +# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) +# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) +# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) +# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) +# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) +# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) +# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) +# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) +# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) +# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) +# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) +# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) +# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +# define sk_SCT_new_null() SKM_sk_new_null(SCT) +# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) +# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) +# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) +# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) +# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) +# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) +# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) +# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) +# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) +# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) +# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) +# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) +# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) +# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) +# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) +# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) +# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) +# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) +# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) +# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) +# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) +# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) +# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) +# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) +# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) +# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) +# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) +# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) +# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) +# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) +# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) +# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) +# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) +# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) +# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) +# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) +# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) +# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) +# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) +# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) +# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) +# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) +# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) +# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) +# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) +# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) +# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) +# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) +# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) +# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) +# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) +# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) +# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) +# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) +# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) +# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) +# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) +# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) +# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) +# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) +# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) +# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) +# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) +# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) +# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) +# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) +# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) +# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) +# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) +# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) +# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) +# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) +# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) +# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) +# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) +# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) +# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) +# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) +# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) +# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) +# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) +# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) +# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) +# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) +# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) +# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) +# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) +# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) +# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) +# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) +# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) +# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) +# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) +# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) +# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) +# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) +# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) +# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) +# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) +# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) +# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) +# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) +# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) +# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) +# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) +# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) +# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) +# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) +# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) +# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) +# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) +# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) +# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) +# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) +# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) +# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) +# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) +# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) +# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) +# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) +# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) +# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) +# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) +# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) +# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) +# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) +# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) +# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) +# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) +# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) +# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) +# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) +# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) +# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) +# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) +# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) +# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) +# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) +# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) +# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) +# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) +# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) +# define sk_X509_new_null() SKM_sk_new_null(X509) +# define sk_X509_free(st) SKM_sk_free(X509, (st)) +# define sk_X509_num(st) SKM_sk_num(X509, (st)) +# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) +# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) +# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) +# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) +# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) +# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) +# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) +# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) +# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) +# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) +# define sk_X509_dup(st) SKM_sk_dup(X509, st) +# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) +# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) +# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) +# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) +# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) +# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) +# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) +# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) +# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) +# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) +# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) +# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) +# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) +# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) +# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) +# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) +# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) +# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) +# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) +# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) +# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) +# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) +# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) +# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) +# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) +# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) +# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) +# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) +# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) +# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) +# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) +# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) +# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) +# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) +# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) +# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) +# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) +# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) +# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) +# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) +# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) +# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) +# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) +# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) +# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) +# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) +# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) +# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) +# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) +# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) +# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) +# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) +# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) +# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) +# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) +# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) +# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) +# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) +# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) +# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) +# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) +# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) +# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) +# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) +# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) +# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) +# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) +# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) +# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) +# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) +# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) +# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) +# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) +# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) +# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) +# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) +# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) +# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) +# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) +# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) +# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) +# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) +# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) +# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) +# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) +# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) +# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) +# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) +# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) +# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) +# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) +# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) +# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) +# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) +# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) +# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) +# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) +# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) +# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) +# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) +# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) +# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) +# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) +# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) +# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) +# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) +# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) +# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) +# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) +# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) +# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) +# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) +# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) +# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) +# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) +# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) +# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) +# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) +# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) +# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) +# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) +# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) +# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) +# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) +# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) +# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) +# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) +# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) +# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) +# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) +# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) +# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) +# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) +# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) +# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) +# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) +# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) +# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) +# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) +# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) +# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) +# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) +# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) +# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) +# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) +# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) +# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) +# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) +# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) +# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) +# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) +# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) +# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) +# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) +# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) +# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) +# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) +# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) +# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) +# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) +# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) +# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) +# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) +# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) +# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) +# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) +# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) +# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) +# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) +# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) +# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) +# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) +# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) +# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) +# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) +# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) +# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) +# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) +# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) +# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) +# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) +# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) +# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) +# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) +# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) +# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) +# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) +# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) +# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) +# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) +# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) +# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) +# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) +# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) +# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) +# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) +# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) +# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) +# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) +# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) +# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) +# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) +# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) +# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) +# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) +# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) +# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) +# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) +# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) +# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) +# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) +# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) +# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) +# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) +# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) +# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) +# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) +# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) +# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) +# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) +# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) +# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) +# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) +# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) +# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) +# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) +# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) +# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) +# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) +# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) +# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) +# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) +# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) +# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) +# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) +# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) +# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) +# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) +# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) +# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) +# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) +# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) +# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) +# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) +# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) +# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) +# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) +# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) +# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) +# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) +# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) +# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) +# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) +# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) +# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) +# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) +# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) +# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) +# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) +# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) +# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) +# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) +# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) +# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) +# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) +# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) +# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) +# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) +# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) +# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) +# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) +# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) +# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) +# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) +# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) +# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) +# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) +# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) +# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) +# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) +# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) +# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) +# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) +# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) +# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) +# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) +# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) +# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) +# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) +# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) +# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) +# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +# define sk_void_new_null() SKM_sk_new_null(void) +# define sk_void_free(st) SKM_sk_free(void, (st)) +# define sk_void_num(st) SKM_sk_num(void, (st)) +# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +# define sk_void_zero(st) SKM_sk_zero(void, (st)) +# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) +# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +# define sk_void_dup(st) SKM_sk_dup(void, st) +# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) +# define sk_void_shift(st) SKM_sk_shift(void, (st)) +# define sk_void_pop(st) SKM_sk_pop(void, (st)) +# define sk_void_sort(st) SKM_sk_sort(void, (st)) +# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) +# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) +# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) +# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) +# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) +# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) +# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) +# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) +# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) +# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) +# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ + SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_stats_bio(lh,out) \ + LHM_lh_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) +# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) +# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) +# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) +# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) +# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) +# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) +# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) +# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) +# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) +# define lh_APP_INFO_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_stats_bio(lh,out) \ + LHM_lh_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) +# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) +# define lh_CONF_VALUE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_stats_bio(lh,out) \ + LHM_lh_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) +# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) +# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) +# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) +# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) +# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) +# define lh_ERR_STATE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) +# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) +# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) +# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) +# define lh_FUNCTION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_stats_bio(lh,out) \ + LHM_lh_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) +# define lh_MEM_new() LHM_lh_new(MEM,mem) +# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) +# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) +# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) +# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) +# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) +# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) +# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) +# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) +# define lh_MEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(MEM,lh,out) +# define lh_MEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(MEM,lh,out) +# define lh_MEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(MEM,lh,out) +# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) +# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) +# define lh_OBJ_NAME_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_stats_bio(lh,out) \ + LHM_lh_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) +# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) +# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) +# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) +# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) +# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) +# define lh_SSL_SESSION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_stats_bio(lh,out) \ + LHM_lh_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) +#ifdef __cplusplus +} +#endif +#endif /* !defined HEADER_SAFESTACK_H */ diff --git a/libs/mac/include/openssl/seed.h b/libs/mac/include/openssl/seed.h new file mode 100644 index 00000000..8cbf0d92 --- /dev/null +++ b/libs/mac/include/openssl/seed.h @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include +# include +# include + +# ifdef OPENSSL_NO_SEED +# error SEED is disabled. +# endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# if !defined(NO_SYS_TYPES_H) +# include +# endif + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +# ifdef OPENSSL_FIPS +void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); +# endif +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SEED_H */ diff --git a/libs/mac/include/openssl/sha.h b/libs/mac/include/openssl/sha.h new file mode 100644 index 00000000..e5169e4f --- /dev/null +++ b/libs/mac/include/openssl/sha.h @@ -0,0 +1,214 @@ +/* crypto/sha/sha.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +# error SHA is disabled. +# endif + +# if defined(OPENSSL_FIPS) +# define FIPS_SHA_SIZE_T size_t +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! SHA_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +# if defined(__LP32__) +# define SHA_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define SHA_LONG unsigned long +# define SHA_LONG_LOG2 3 +# else +# define SHA_LONG unsigned int +# endif + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +# ifndef OPENSSL_NO_SHA0 +# ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +# endif +int SHA_Init(SHA_CTX *c); +int SHA_Update(SHA_CTX *c, const void *data, size_t len); +int SHA_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); +void SHA_Transform(SHA_CTX *c, const unsigned char *data); +# endif +# ifndef OPENSSL_NO_SHA1 +# ifdef OPENSSL_FIPS +int private_SHA1_Init(SHA_CTX *c); +# endif +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +# endif + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +# ifndef OPENSSL_NO_SHA256 +# ifdef OPENSSL_FIPS +int private_SHA224_Init(SHA256_CTX *c); +int private_SHA256_Init(SHA256_CTX *c); +# endif +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +# endif + +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +# ifndef OPENSSL_NO_SHA512 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; +# endif + +# ifndef OPENSSL_NO_SHA512 +# ifdef OPENSSL_FIPS +int private_SHA384_Init(SHA512_CTX *c); +int private_SHA512_Init(SHA512_CTX *c); +# endif +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/srp.h b/libs/mac/include/openssl/srp.h new file mode 100644 index 00000000..028892a1 --- /dev/null +++ b/libs/mac/include/openssl/srp.h @@ -0,0 +1,179 @@ +/* crypto/srp/srp.h */ +/* + * Written by Christophe Renou (christophe.renou@edelweb.fr) with the + * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the + * EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef __SRP_H__ +# define __SRP_H__ + +# ifndef OPENSSL_NO_SRP + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include +# include + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DECLARE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +DECLARE_STACK_OF(SRP_user_pwd) + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + BIGNUM *default_g; + BIGNUM *default_N; +} SRP_VBASE; + +/* + * Structure interne pour retenir les couples N et g + */ +typedef struct SRP_gN_st { + char *id; + BIGNUM *g; + BIGNUM *N; +} SRP_gN; + +DECLARE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +int SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, BIGNUM *N, BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, + BIGNUM *N); +BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); +int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); +BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); +BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, + BIGNUM *a, BIGNUM *u); +int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/libs/mac/include/openssl/srtp.h b/libs/mac/include/openssl/srtp.h new file mode 100644 index 00000000..2279c32b --- /dev/null +++ b/libs/mac/include/openssl/srtp.h @@ -0,0 +1,147 @@ +/* ssl/srtp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +# ifndef OPENSSL_NO_SRTP + +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); + +STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/ssl.h b/libs/mac/include/openssl/ssl.h new file mode 100644 index 00000000..3cf96a23 --- /dev/null +++ b/libs/mac/include/openssl/ssl.h @@ -0,0 +1,3163 @@ +/* ssl/ssl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# endif +# ifndef OPENSSL_NO_BIO +# include +# endif +# ifndef OPENSSL_NO_DEPRECATED +# ifndef OPENSSL_NO_X509 +# include +# endif +# include +# include +# include +# endif +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* SSLeay version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +/* text strings for the ciphers */ +# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA + +/* + * VRS Additional Kerberos5 entries + */ +# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 + +# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 + +# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_EXP40 "EXPORT40" +# define SSL_TXT_EXP56 "EXPORT56" +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_kFZA "kFZA"/* unused! */ +# define SSL_TXT_aFZA "aFZA"/* unused! */ +# define SSL_TXT_eFZA "eFZA"/* unused! */ +# define SSL_TXT_FZA "FZA"/* unused! */ + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr" +# define SSL_TXT_kDHd "kDHd" +# define SSL_TXT_kDH "kDH" +# define SSL_TXT_kEDH "kEDH" +# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ +# define SSL_TXT_kKRB5 "kKRB5" +# define SSL_TXT_kECDHr "kECDHr" +# define SSL_TXT_kECDHe "kECDHe" +# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kEECDH "kEECDH" +# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH" +# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aKRB5 "aKRB5" +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ +# define SSL_TXT_DHE "DHE"/* alias for EDH */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ +# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_KRB5 "KRB5" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV2 "SSLv2" +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_EXP "EXP" +# define SSL_TXT_EXPORT "EXPORT" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) +# define OPENSSL_NO_SSL2 +# endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, + const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, + int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + SSL_CIPHER **cipher, void *arg); + +# ifndef OPENSSL_NO_TLSEXT + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *add_arg); + +typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *parse_arg); + +# endif + +# ifndef OPENSSL_NO_SSL_INTERN + +/* used to hold info on the particular ciphers used */ +struct ssl_cipher_st { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + /* + * changed in 0.9.9: these four used to be portions of a single value + * 'algorithms' + */ + unsigned long algorithm_mkey; /* key exchange algorithm */ + unsigned long algorithm_auth; /* server authentication */ + unsigned long algorithm_enc; /* symmetric encryption */ + unsigned long algorithm_mac; /* symmetric authentication */ + unsigned long algorithm_ssl; /* (major) protocol version */ + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ +}; + +/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +struct ssl_method_st { + int version; + int (*ssl_new) (SSL *s); + void (*ssl_clear) (SSL *s); + void (*ssl_free) (SSL *s); + int (*ssl_accept) (SSL *s); + int (*ssl_connect) (SSL *s); + int (*ssl_read) (SSL *s, void *buf, int len); + int (*ssl_peek) (SSL *s, void *buf, int len); + int (*ssl_write) (SSL *s, const void *buf, int len); + int (*ssl_shutdown) (SSL *s); + int (*ssl_renegotiate) (SSL *s); + int (*ssl_renegotiate_check) (SSL *s); + long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long + max, int *ok); + int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, + int peek); + int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); + int (*ssl_dispatch_alert) (SSL *s); + long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); + const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); + int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); + int (*ssl_pending) (const SSL *s); + int (*num_ciphers) (void); + const SSL_CIPHER *(*get_cipher) (unsigned ncipher); + const struct ssl_method_st *(*get_ssl_method) (int version); + long (*get_timeout) (void); + struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + int (*ssl_version) (void); + long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); + long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); +}; + +/*- + * Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET STRING, -- the 3 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key + * KRB5_principal OCTET STRING -- optional Kerberos principal + * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' + * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension + * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint + * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity + * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket + * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) + * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method + * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +struct ssl_session_st { + int ssl_version; /* what ssl version session info is being + * kept in here? */ + /* only really used in SSLv2 */ + unsigned int key_arg_length; + unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + /* + * this is used to determine whether the session is being reused in the + * appropriate context. It is up to the application to set this, via + * SSL_new + */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +# ifndef OPENSSL_NO_KRB5 + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + char *psk_identity; +# endif + /* + * Used to indicate that session resumption is not allowed. Applications + * can also set this bit for a new session via not_resumable_session_cb + * to disable session caching and tickets. + */ + int not_resumable; + /* The cert is the certificate used to establish this connection */ + struct sess_cert_st /* SESS_CERT */ *sess_cert; + /* + * This is the cert for the other end. On clients, it will be the same as + * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is + * not retained in the external representation of sessions, see + * ssl_asn1.c). + */ + X509 *peer; + /* + * when app_verify_callback accepts a session where the peer's + * certificate is not ok, we must remember the error for session reuse: + */ + long verify_result; /* only for servers */ + int references; + long timeout; + long time; + unsigned int compress_meth; /* Need to lookup the method */ + const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used + * to load the 'cipher' structure */ + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + CRYPTO_EX_DATA ex_data; /* application specific data */ + /* + * These are used to make removal of session-ids more efficient and to + * implement a maximum cache size. + */ + struct ssl_session_st *prev, *next; +# ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; /* peer's list */ + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; /* peer's list */ +# endif /* OPENSSL_NO_EC */ + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +# endif +# ifndef OPENSSL_NO_SRP + char *srp_username; +# endif +}; + +# endif + +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +# define SSL_OP_TLSEXT_PADDING 0x00000010L +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L +# define SSL_OP_TLS_D5_BUG 0x00000100L +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. + */ +/* added in 0.9.6e */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. This + * used to be 0x000FFFFFL before 0.9.7. + */ +# define SSL_OP_ALL 0x80000BFFL + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000L +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000L +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000L + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000L +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L +/* If set, always create a new key when using tmp_ecdh parameters */ +# define SSL_OP_SINGLE_ECDH_USE 0x00080000L +/* Does nothing: retained for compatibility */ +# define SSL_OP_SINGLE_DH_USE 0x00100000L +/* Does nothing: retained for compatibiity */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L + +# define SSL_OP_NO_SSLv2 0x01000000L +# define SSL_OP_NO_SSLv3 0x02000000L +# define SSL_OP_NO_TLSv1 0x04000000L +# define SSL_OP_NO_TLSv1_2 0x08000000L +# define SSL_OP_NO_TLSv1_1 0x10000000L + +# define SSL_OP_NO_DTLSv1 0x04000000L +# define SSL_OP_NO_DTLSv1_2 0x08000000L + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + +/* + * These next two were never actually used for anything since SSLeay zap so + * we have some more flags. + */ +/* + * The next flag deliberately changes the ciphertest, this is a check for the + * PKCS#1 attack + */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +# define SSL_OP_PKCS1_CHECK_2 0x0 + +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) "Released" buffers are put onto a free-list in the context or + * just freed (depending on the context's setting for freelist_max_len). + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certifcate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +# define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +# define SSL_CTX_clear_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +# define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) +# define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +# define SSL_clear_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +# define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# ifndef OPENSSL_NO_SRP + +# ifndef OPENSSL_NO_SSL_INTERN + +typedef struct srp_ctx_st { + /* param for all the callbacks */ + void *SRP_cb_arg; + /* set client Hello login callback */ + int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); + /* set SRP N/g param callback for verification */ + int (*SRP_verify_param_callback) (SSL *, void *); + /* set SRP client passwd callback */ + char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); + char *login; + BIGNUM *N, *g, *s, *B, *A; + BIGNUM *a, *b, *v; + char *info; + int strength; + unsigned long srp_Mask; +} SRP_CTX; + +# endif + +/* see tls_srp.c */ +int SSL_SRP_CTX_init(SSL *s); +int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +int SSL_srp_server_param_with_username(SSL *s, int *ad); +int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); +int SRP_Calc_A_param(SSL *s); +int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); + +# endif + +# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) +# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 + /* 30k max cert list :-) */ +# else +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + /* 100k max cert list :-) */ +# endif + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv2 this is 16 + * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this + * length to be less if desired, but under SSLv2 session IDs are supposed to + * be fixed at 16 bytes so the id will be padded after the callback returns + * in this case. It is also an error for the callback to set the size to + * zero. + */ +typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, + unsigned int *id_len); + +typedef struct ssl_comp_st SSL_COMP; + +# ifndef OPENSSL_NO_SSL_INTERN + +struct ssl_comp_st { + int id; + const char *name; +# ifndef OPENSSL_NO_COMP + COMP_METHOD *method; +# else + char *method; +# endif +}; + +DECLARE_STACK_OF(SSL_COMP) +DECLARE_LHASH_OF(SSL_SESSION); + +struct ssl_ctx_st { + const SSL_METHOD *method; + STACK_OF(SSL_CIPHER) *cipher_list; + /* same as above but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + struct x509_store_st /* X509_STORE */ *cert_store; + LHASH_OF(SSL_SESSION) *sessions; + /* + * Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. + */ + unsigned long session_cache_size; + struct ssl_session_st *session_cache_head; + struct ssl_session_st *session_cache_tail; + /* + * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which + * means only SSL_accept which cache SSL_SESSIONS. + */ + int session_cache_mode; + /* + * If timeout is not 0, it is the default timeout value set when + * SSL_new() is called. This has been put in to make life easier to set + * things up + */ + long session_timeout; + /* + * If this callback is not null, it will be called each time a session id + * is added to the cache. If this function returns 1, it means that the + * callback will do a SSL_SESSION_free() when it has finished using it. + * Otherwise, on 0, it means the callback has finished with it. If + * remove_session_cb is not null, it will be called when a session-id is + * removed from the cache. After the call, OpenSSL will + * SSL_SESSION_free() it. + */ + int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); + void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, + unsigned char *data, int len, int *copy); + struct { + int sess_connect; /* SSL new conn - started */ + int sess_connect_renegotiate; /* SSL reneg - requested */ + int sess_connect_good; /* SSL new conne/reneg - finished */ + int sess_accept; /* SSL new accept - started */ + int sess_accept_renegotiate; /* SSL reneg - requested */ + int sess_accept_good; /* SSL accept/reneg - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* reuse attempt on timeouted session */ + int sess_cache_full; /* session removed due to full cache */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not in the cache was + * passed back via the callback. This + * indicates that the application is + * supplying session-id's from other + * processes - spooky :-) */ + } stats; + + int references; + + /* if defined, these override the X509_verify_cert() calls */ + int (*app_verify_callback) (X509_STORE_CTX *, void *); + void *app_verify_arg; + /* + * before OpenSSL 0.9.7, 'app_verify_arg' was ignored + * ('app_verify_callback' was called with just one argument) + */ + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + /* get client cert callback */ + int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); + + /* cookie generate callback */ + int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); + + /* verify cookie callback */ + int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, + unsigned int cookie_len); + + CRYPTO_EX_DATA ex_data; + + const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ + + STACK_OF(X509) *extra_certs; + STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ + + /* Default values used when no per-SSL value is defined follow */ + + /* used if SSL's info_callback is NULL */ + void (*info_callback) (const SSL *ssl, int type, int val); + + /* what we put in client cert requests */ + STACK_OF(X509_NAME) *client_CA; + + /* + * Default values to use in SSL structures follow (these are copied by + * SSL_new) + */ + + unsigned long options; + unsigned long mode; + long max_cert_list; + + struct cert_st /* CERT */ *cert; + int read_ahead; + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback) (int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + /* called 'verify_callback' in the SSL */ + int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + X509_VERIFY_PARAM *param; + +# if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +# endif + + int quiet_shutdown; + + /* + * Maximum amount of data to send in one fragment. actual record size can + * be more than this due to padding and MAC overheads. + */ + unsigned int max_send_fragment; + +# ifndef OPENSSL_NO_ENGINE + /* + * Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +# endif + +# ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback) (SSL *, int *, void *); + void *tlsext_servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb) (SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb) (SSL *ssl, void *arg); + void *tlsext_status_arg; + + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ + int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, + size_t len, void *arg); + void *tlsext_opaque_prf_input_callback_arg; +# endif + +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + +# ifndef OPENSSL_NO_BUF_FREELISTS +# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 + unsigned int freelist_max_len; + struct ssl3_buf_freelist_st *wbuf_freelist; + struct ssl3_buf_freelist_st *rbuf_freelist; +# endif +# ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +# endif + +# ifndef OPENSSL_NO_TLSEXT + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation information */ + /* (for experimental NPN extension). */ + + /* + * For a server, this contains a callback function by which the set of + * advertised protocols can be provided. + */ + int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, + unsigned int *len, void *arg); + void *next_protos_advertised_cb_arg; + /* + * For a client, this contains a callback function that selects the next + * protocol from the list provided by the server. + */ + int (*next_proto_select_cb) (SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *next_proto_select_cb_arg; +# endif + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /*- + * For a server, this contains a callback function that allows the + * server to select the protocol for the connection. + * out: on successful return, this must point to the raw protocol + * name (without the length prefix). + * outlen: on successful return, this contains the length of |*out|. + * in: points to the client's list of supported protocols in + * wire-format. + * inlen: the length of |in|. + */ + int (*alpn_select_cb) (SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *alpn_select_cb_arg; + + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; + +# ifndef OPENSSL_NO_EC + /* EC extension values inherited by SSL structure */ + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ +# endif +}; + +# endif + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION + *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + unsigned char *Data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, + int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + const unsigned char + **out, + unsigned int *outlen, + void *arg), void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# endif + +# ifndef OPENSSL_NO_TLSEXT +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); +# endif + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned protos_len); +int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned protos_len); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + unsigned int (*psk_client_callback) (SSL + *ssl, + const + char + *hint, + char + *identity, + unsigned + int + max_identity_len, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_set_psk_client_callback(SSL *ssl, + unsigned int (*psk_client_callback) (SSL + *ssl, + const + char + *hint, + char + *identity, + unsigned + int + max_identity_len, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*psk_server_callback) (SSL + *ssl, + const + char + *identity, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_set_psk_server_callback(SSL *ssl, + unsigned int (*psk_server_callback) (SSL + *ssl, + const + char + *identity, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +# ifndef OPENSSL_NO_TLSEXT +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +int SSL_extension_supported(unsigned int ext_type); + +# endif + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +# ifndef OPENSSL_NO_SSL_INTERN + +struct ssl_st { + /* + * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, + * DTLS1_VERSION) + */ + int version; + /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + int type; + /* SSLv3 */ + const SSL_METHOD *method; + /* + * There are 2 BIO's even though they are normally both the same. This + * is so data can be read and written to different handlers + */ +# ifndef OPENSSL_NO_BIO + /* used by SSL_read */ + BIO *rbio; + /* used by SSL_write */ + BIO *wbio; + /* used during session-id reuse to concatenate messages */ + BIO *bbio; +# else + /* used by SSL_read */ + char *rbio; + /* used by SSL_write */ + char *wbio; + char *bbio; +# endif + /* + * This holds a variable that indicates what we were doing when a 0 or -1 + * is returned. This is needed for non-blocking IO so we know what + * request needs re-doing when in SSL_accept or SSL_connect + */ + int rwstate; + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + int (*handshake_func) (SSL *); + /* + * Imagine that here's a boolean member "init" that is switched as soon + * as SSL_set_{accept/connect}_state is called for the first time, so + * that "state" and "handshake_func" are properly initialized. But as + * handshake_func is == 0 until then, we use this test instead of an + * "init" member. + */ + /* are we the server side? - mostly used by SSL_clear */ + int server; + /* + * Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set + */ + int new_session; + /* don't send shutdown packets */ + int quiet_shutdown; + /* we have shut things down, 0x01 sent, 0x02 for received */ + int shutdown; + /* where we are */ + int state; + /* where we are when reading */ + int rstate; + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by + * ssl3_get_message() */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + struct ssl2_state_st *s2; /* SSLv2 variables */ + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + int read_ahead; /* Read as many input bytes as possible (for + * non-blocking reads) */ + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback) (int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + int hit; /* reusing a previous session */ + X509_VERIFY_PARAM *param; +# if 0 + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ +# endif + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* + * These are the ones being used, the ones in SSL_SESSION are the ones to + * be 'copied' into these ones + */ + int mac_flags; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *expand; /* uncompress */ +# else + char *expand; +# endif + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +# else + char *compress; +# endif + /* session info */ + /* client cert? */ + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + /* + * the session_id_context is used to ensure sessions are only reused in + * the appropriate context + */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + /* Used in SSL2 and SSL3 */ + /* + * 0 don't care about verify failure. + * 1 fail if verify fails + */ + int verify_mode; + /* fail if callback returns 0 */ + int (*verify_callback) (int ok, X509_STORE_CTX *ctx); + /* optional informational callback */ + void (*info_callback) (const SSL *ssl, int type, int val); + /* error bytes to be written */ + int error; + /* actual code */ + int error_code; +# ifndef OPENSSL_NO_KRB5 + /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + SSL_CTX *ctx; + /* + * set this flag to 1 and a sleep(1) is put into all SSL_read() and + * SSL_write() calls, good for nbio debuging :-) + */ + int debug; + /* extra application data */ + long verify_result; + CRYPTO_EX_DATA ex_data; + /* for server side, keep the list of CA_dn we can use */ + STACK_OF(X509_NAME) *client_CA; + int references; + /* protocol behaviour */ + unsigned long options; + /* API behaviour */ + unsigned long mode; + long max_cert_list; + int first_packet; + /* what was passed, used for SSLv3/TLS rollback check */ + int client_version; + unsigned int max_send_fragment; +# ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb) (SSL *s, int client_server, int type, + unsigned char *data, int len, void *arg); + void *tlsext_debug_arg; + char *tlsext_hostname; + /*- + * no further mod of servername + * 0 : call the servername extension callback. + * 1 : prepare 2, allow last ack just after in server callback. + * 2 : don't call servername callback, no ack in server hello + */ + int servername_done; + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + /* our list */ + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + /* our list */ + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ + /* + * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for + * handshakes + */ + void *tlsext_opaque_prf_input; + size_t tlsext_opaque_prf_input_len; + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *tlsext_session_ticket; + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; + void *tls_session_ticket_ext_cb_arg; + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn tls_session_secret_cb; + void *tls_session_secret_cb_arg; + SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, before + * the Finished message. + */ + unsigned char *next_proto_negotiated; + unsigned char next_proto_negotiated_len; +# endif +# define session_ctx initial_ctx + /* What we'll do */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + /* What's been chosen */ + SRTP_PROTECTION_PROFILE *srtp_profile; + /*- + * Is use of the Heartbeat extension negotiated? + * 0: disabled + * 1: enabled + * 2: enabled, but not allowed to send Requests + */ + unsigned int tlsext_heartbeat; + /* Indicates if a HeartbeatRequest is in flight */ + unsigned int tlsext_hb_pending; + /* HeartbeatRequest sequence number */ + unsigned int tlsext_hb_seq; +# else +# define session_ctx ctx +# endif /* OPENSSL_NO_TLSEXT */ + /*- + * 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + */ + int renegotiate; +# ifndef OPENSSL_NO_SRP + /* ctx for SRP authentication */ + SRP_CTX srp_ctx; +# endif +# ifndef OPENSSL_NO_TLSEXT + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; +# endif /* OPENSSL_NO_TLSEXT */ +}; + +# endif + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) + +/* + * The following are the possible values for ssl->state are are used to + * indicate where we are up to in the SSL connection establishment. The + * macros that follow are about the only things you should need to use and + * even then, only when using non-blocking IO. It can also be useful to work + * out where you were when the connection failed + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 +# define SSL_ST_MASK 0x0FFF +# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +# define SSL_ST_BEFORE 0x4000 +# define SSL_ST_OK 0x03 +# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR (0x05|SSL_ST_INIT) + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_get_state(a) SSL_state(a) +# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) +# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) +# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) +# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) +# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) + +/* + * The following 2 states are kept in ssl->rstate when reads fail, you should + * not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 + +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() + +/* this is for backward compatibility */ +# if 0 /* NEW_SSLEAY */ +# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) +# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) +# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) +# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) +# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +# endif +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_CTRL_NEED_TMP_RSA 1 +# define SSL_CTRL_SET_TMP_RSA 2 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_RSA_CB 5 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_SET_TMP_ECDH_CB 7 +# define SSL_CTRL_GET_SESSION_REUSED 8 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_OPTIONS 32 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# ifndef OPENSSL_NO_TLSEXT +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# endif /* OPENSSL_NO_TLSEXT */ +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define DTLS_CTRL_LISTEN 75 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_OPTIONS 77 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_CURVES 90 +# define SSL_CTRL_SET_CURVES 91 +# define SSL_CTRL_SET_CURVES_LIST 92 +# define SSL_CTRL_GET_SHARED_CURVE 93 +# define SSL_CTRL_SET_ECDH_AUTO 94 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_CHECK_PROTO_VERSION 119 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) +# define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +# define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +# define SSL_set_tmp_rsa(ssl,rsa) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_set0_chain(ctx,sk) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) +# define SSL_set1_chain(ctx,sk) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) +# define SSL_add0_chain_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) +# define SSL_add1_chain_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) +# define SSL_get0_chain_certs(ctx,px509) \ + SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(ctx) \ + SSL_set0_chain(ctx,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +# define SSL_set_current_cert(ctx,op) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_get1_curves(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) +# define SSL_CTX_set1_curves(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) +# define SSL_CTX_set1_curves_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) +# define SSL_set1_curves(ctx, clist, clistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) +# define SSL_set1_curves_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) +# define SSL_get_shared_curve(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) +# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) +# define SSL_set_ecdh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) +# define SSL_set1_sigalgs(ctx, slist, slistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) +# define SSL_set1_sigalgs_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) +# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) +# define SSL_set1_client_sigalgs_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) +# ifndef OPENSSL_NO_BIO +BIO_METHOD *BIO_f_ssl(void); +BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +# endif + +int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_free(SSL_CTX *); +long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +int SSL_want(const SSL *s); +int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char *SSL_get_cipher_list(const SSL *s, int n); +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL *s); +int SSL_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +int SSL_set_fd(SSL *s, int fd); +int SSL_set_rfd(SSL *s, int fd); +int SSL_set_wfd(SSL *s, int fd); +# endif +# ifndef OPENSSL_NO_BIO +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +BIO *SSL_get_rbio(const SSL *s); +BIO *SSL_get_wbio(const SSL *s); +# endif +int SSL_set_cipher_list(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); +void SSL_set_verify(SSL *s, int mode, + int (*callback) (int ok, X509_STORE_CTX *ctx)); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +# endif +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + +# ifndef OPENSSL_NO_TLSEXT +/* Set serverinfo data for the current active cert. */ +int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +# ifndef OPENSSL_NO_STDIO +int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +# endif /* NO_STDIO */ + +# endif + +# ifndef OPENSSL_NO_STDIO +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +# ifndef OPENSSL_SYS_VMS +/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ +# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +# endif +# endif + +# endif + +void SSL_load_error_strings(void); +const char *SSL_state_string(const SSL *s); +const char *SSL_rstate_string(const SSL *s); +const char *SSL_state_string_long(const SSL *s); +const char *SSL_rstate_string_long(const SSL *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); +long SSL_SESSION_set_time(SSL_SESSION *s, long t); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); +long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +void SSL_copy_session_id(SSL *to, const SSL *from); +X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL_SESSION *SSL_SESSION_new(void); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_FP_API +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +# ifndef OPENSSL_NO_BIO +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +# endif +void SSL_SESSION_free(SSL_SESSION *ses); +int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); +int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, + X509_STORE_CTX *); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, + int (*callback) (int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +# endif +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); + +int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +int SSL_set_purpose(SSL *s, int purpose); +int SSL_CTX_set_trust(SSL_CTX *s, int trust); +int SSL_set_trust(SSL *s, int trust); + +int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +BIGNUM *SSL_get_srp_g(SSL *s); +BIGNUM *SSL_get_srp_N(SSL *s); + +char *SSL_get_srp_username(SSL *s); +char *SSL_get_srp_userinfo(SSL *s); +# endif + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +int SSL_accept(SSL *ssl); +int SSL_connect(SSL *ssl); +int SSL_read(SSL *ssl, void *buf, int num); +int SSL_peek(SSL *ssl, void *buf, int num); +int SSL_write(SSL *ssl, const void *buf, int num); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +int SSL_get_error(const SSL *s, int ret_code); +const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL2_METHOD +const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +# endif + +# ifndef OPENSSL_NO_SSL3_METHOD +const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +# endif + +const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS + * version */ +const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available + * SSL/TLS version */ +const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available + * SSL/TLS version */ + +const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ + +const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ + +const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ + +const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + +int SSL_do_handshake(SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +int SSL_renegotiate_pending(SSL *s); +int SSL_shutdown(SSL *s); + +const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); +const SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +const char *SSL_alert_type_string_long(int value); +const char *SSL_alert_type_string(int value); +const char *SSL_alert_desc_string_long(int value); +const char *SSL_alert_desc_string(int value); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +int SSL_add_client_CA(SSL *ssl, X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +long SSL_get_default_timeout(const SSL *s); + +int SSL_library_init(void); + +char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); + +SSL *SSL_dup(SSL *ssl); + +X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +SSL_SESSION *SSL_get_session(const SSL *ssl); +SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +int SSL_state(const SSL *ssl); +void SSL_set_state(SSL *ssl, int state); + +void SSL_set_verify_result(SSL *ssl, long v); +long SSL_get_verify_result(const SSL *ssl); + +int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); +int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) + + /* NB: the keylength is only applicable when is_export is true */ +# ifndef OPENSSL_NO_RSA +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*cb) (SSL *ssl, int is_export, + int keylength)); + +void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb) (SSL *ssl, int is_export, + int keylength)); +# endif +# ifndef OPENSSL_NO_DH +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif +# ifndef OPENSSL_NO_ECDH +void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, + EC_KEY *(*ecdh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_ecdh_callback(SSL *ssl, + EC_KEY *(*ecdh) (SSL *ssl, int is_export, + int keylength)); +# endif + +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +void SSL_COMP_free_compression_methods(void); +int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); + +/* TLS extensions functions */ +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn tls_session_secret_cb, + void *arg); + +void SSL_set_debug(SSL *s, int debug); +int SSL_cache_hit(SSL *s); +int SSL_is_server(SSL *s); + +SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +# endif + +# ifndef OPENSSL_NO_UNIT_TEST +const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_SSL_strings(void); + +/* Error codes for the SSL functions. */ + +/* Function codes. */ +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CLIENT_CERTIFICATE 100 +# define SSL_F_CLIENT_FINISHED 167 +# define SSL_F_CLIENT_HELLO 101 +# define SSL_F_CLIENT_MASTER_KEY 102 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_ACCEPT 246 +# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 +# define SSL_F_DTLS1_CLIENT_HELLO 248 +# define SSL_F_DTLS1_CONNECT 249 +# define SSL_F_DTLS1_ENC 250 +# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +# define SSL_F_DTLS1_GET_MESSAGE 252 +# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +# define SSL_F_DTLS1_GET_RECORD 254 +# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 259 +# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_GET_CLIENT_FINISHED 105 +# define SSL_F_GET_CLIENT_HELLO 106 +# define SSL_F_GET_CLIENT_MASTER_KEY 107 +# define SSL_F_GET_SERVER_FINISHED 108 +# define SSL_F_GET_SERVER_HELLO 109 +# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 +# define SSL_F_GET_SERVER_VERIFY 110 +# define SSL_F_I2D_SSL_SESSION 111 +# define SSL_F_READ_N 112 +# define SSL_F_REQUEST_CERTIFICATE 113 +# define SSL_F_SERVER_FINISH 239 +# define SSL_F_SERVER_HELLO 114 +# define SSL_F_SERVER_VERIFY 240 +# define SSL_F_SSL23_ACCEPT 115 +# define SSL_F_SSL23_CLIENT_HELLO 116 +# define SSL_F_SSL23_CONNECT 117 +# define SSL_F_SSL23_GET_CLIENT_HELLO 118 +# define SSL_F_SSL23_GET_SERVER_HELLO 119 +# define SSL_F_SSL23_PEEK 237 +# define SSL_F_SSL23_READ 120 +# define SSL_F_SSL23_WRITE 121 +# define SSL_F_SSL2_ACCEPT 122 +# define SSL_F_SSL2_CONNECT 123 +# define SSL_F_SSL2_ENC_INIT 124 +# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 +# define SSL_F_SSL2_PEEK 234 +# define SSL_F_SSL2_READ 125 +# define SSL_F_SSL2_READ_INTERNAL 236 +# define SSL_F_SSL2_SET_CERTIFICATE 126 +# define SSL_F_SSL2_WRITE 127 +# define SSL_F_SSL3_ACCEPT 128 +# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 +# define SSL_F_SSL3_CALLBACK_CTRL 233 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +# define SSL_F_SSL3_CHECK_FINISHED 339 +# define SSL_F_SSL3_CLIENT_HELLO 131 +# define SSL_F_SSL3_CONNECT 132 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 134 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +# define SSL_F_SSL3_GET_CERT_STATUS 289 +# define SSL_F_SSL3_GET_CERT_VERIFY 136 +# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +# define SSL_F_SSL3_GET_CLIENT_HELLO 138 +# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +# define SSL_F_SSL3_GET_FINISHED 140 +# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +# define SSL_F_SSL3_GET_MESSAGE 142 +# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +# define SSL_F_SSL3_GET_NEXT_PROTO 306 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +# define SSL_F_SSL3_GET_SERVER_DONE 145 +# define SSL_F_SSL3_GET_SERVER_HELLO 146 +# define SSL_F_SSL3_HANDSHAKE_MAC 285 +# define SSL_F_SSL3_NEW_SESSION_TICKET 287 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_PEEK 235 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +# define SSL_F_SSL3_SEND_SERVER_HELLO 242 +# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 318 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_INST 222 +# define SSL_F_SSL_CERT_INSTANTIATE 214 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_PURPOSE 226 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TRUST 229 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 +# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 +# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SESS_CERT_NEW 225 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_PURPOSE 227 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TRUST 228 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS1_CERT_VERIFY_MAC 286 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 +# define SSL_F_TLS1_ENC 210 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_HEARTBEAT 315 +# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 +# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_WRITE_PENDING 212 + +/* Reason codes. */ +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_BAD_ALERT_RECORD 101 +# define SSL_R_BAD_AUTHENTICATION_TYPE 102 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CHECKSUM 104 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 +# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 +# define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_DSA_SIGNATURE 112 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECDSA_SIGNATURE 305 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_MAC_DECODE 113 +# define SSL_R_BAD_MAC_LENGTH 333 +# define SSL_R_BAD_MESSAGE_TYPE 114 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 +# define SSL_R_BAD_RESPONSE_ARGUMENT 117 +# define SSL_R_BAD_RSA_DECRYPT 118 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_RSA_E_LENGTH 120 +# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 +# define SSL_R_BAD_RSA_SIGNATURE 122 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_B_LENGTH 348 +# define SSL_R_BAD_SRP_G_LENGTH 349 +# define SSL_R_BAD_SRP_N_LENGTH 350 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRP_S_LENGTH 351 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 +# define SSL_R_BAD_STATE 126 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_DN_TOO_LONG 132 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CHALLENGE_IS_DIFFERENT 136 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 +# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 +# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_PADDING 283 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INVALID_CHALLENGE_LENGTH 158 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_PURPOSE 278 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_INVALID_TRUST 279 +# define SSL_R_KEY_ARG_TOO_LONG 284 +# define SSL_R_KRB5 285 +# define SSL_R_KRB5_C_CC_PRINC 286 +# define SSL_R_KRB5_C_GET_CRED 287 +# define SSL_R_KRB5_C_INIT 288 +# define SSL_R_KRB5_C_MK_REQ 289 +# define SSL_R_KRB5_S_BAD_TICKET 290 +# define SSL_R_KRB5_S_INIT 291 +# define SSL_R_KRB5_S_RD_REQ 292 +# define SSL_R_KRB5_S_TKT_EXPIRED 293 +# define SSL_R_KRB5_S_TKT_NYV 294 +# define SSL_R_KRB5_S_TKT_SKEW 295 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MESSAGE_TOO_LONG 296 +# define SSL_R_MISSING_DH_DSA_CERT 162 +# define SSL_R_MISSING_DH_KEY 163 +# define SSL_R_MISSING_DH_RSA_CERT 164 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDH_CERT 382 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 +# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MISSING_TMP_RSA_KEY 172 +# define SSL_R_MISSING_TMP_RSA_PKEY 173 +# define SSL_R_MISSING_VERIFY_MESSAGE 174 +# define SSL_R_MULTIPLE_SGC_RESTARTS 346 +# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_RETURNED 178 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_PASSED 182 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_LIST 184 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATEKEY 189 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_PUBLICKEY 192 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_VERIFY_CALLBACK 194 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 +# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 +# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEER_ERROR 200 +# define SSL_R_PEER_ERROR_CERTIFICATE 201 +# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 +# define SSL_R_PEER_ERROR_NO_CIPHER 203 +# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 +# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 +# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 +# define SSL_R_PUBLIC_KEY_NOT_RSA 210 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_READ_WRONG_PACKET_TYPE 212 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_LARGE 214 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 +# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 +# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 +# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHORT_READ 219 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 +# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 +# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 +# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 +# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSUPPORTED_CIPHER 256 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_WRITE_BIO_NOT_SET 260 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_MESSAGE_TYPE 262 +# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ssl2.h b/libs/mac/include/openssl/ssl2.h new file mode 100644 index 00000000..03c7dd8c --- /dev/null +++ b/libs/mac/include/openssl/ssl2.h @@ -0,0 +1,265 @@ +/* ssl/ssl2.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Protocol Version Codes */ +# define SSL2_VERSION 0x0002 +# define SSL2_VERSION_MAJOR 0x00 +# define SSL2_VERSION_MINOR 0x02 +/* #define SSL2_CLIENT_VERSION 0x0002 */ +/* #define SSL2_SERVER_VERSION 0x0002 */ + +/* Protocol Message Codes */ +# define SSL2_MT_ERROR 0 +# define SSL2_MT_CLIENT_HELLO 1 +# define SSL2_MT_CLIENT_MASTER_KEY 2 +# define SSL2_MT_CLIENT_FINISHED 3 +# define SSL2_MT_SERVER_HELLO 4 +# define SSL2_MT_SERVER_VERIFY 5 +# define SSL2_MT_SERVER_FINISHED 6 +# define SSL2_MT_REQUEST_CERTIFICATE 7 +# define SSL2_MT_CLIENT_CERTIFICATE 8 + +/* Error Message Codes */ +# define SSL2_PE_UNDEFINED_ERROR 0x0000 +# define SSL2_PE_NO_CIPHER 0x0001 +# define SSL2_PE_NO_CERTIFICATE 0x0002 +# define SSL2_PE_BAD_CERTIFICATE 0x0004 +# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 + +/* Cipher Kind Values */ +# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ +# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 +# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 +# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 +# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 +# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 +# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 +# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ +# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 +# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ +# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ + +# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ +# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ + +# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" +# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" +# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" +# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" +# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" +# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" +# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" +# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" +# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" +# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" +# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" +# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" + +# define SSL2_TXT_NULL "NULL" + +/* Flags for the SSL_CIPHER.algorithm2 field */ +# define SSL2_CF_5_BYTE_ENC 0x01 +# define SSL2_CF_8_BYTE_ENC 0x02 + +/* Certificate Type Codes */ +# define SSL2_CT_X509_CERTIFICATE 0x01 + +/* Authentication Type Code */ +# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 + +# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 + +/* Upper/Lower Bounds */ +# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 +# ifdef OPENSSL_SYS_MPE +# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u +# else +# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u + /* 2^15-1 */ +# endif +# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ + +# define SSL2_CHALLENGE_LENGTH 16 +/* + * #define SSL2_CHALLENGE_LENGTH 32 + */ +# define SSL2_MIN_CHALLENGE_LENGTH 16 +# define SSL2_MAX_CHALLENGE_LENGTH 32 +# define SSL2_CONNECTION_ID_LENGTH 16 +# define SSL2_MAX_CONNECTION_ID_LENGTH 16 +# define SSL2_SSL_SESSION_ID_LENGTH 16 +# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 +# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 +# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 + +# ifndef HEADER_SSL_LOCL_H +# define CERT char +# endif + +# ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl2_state_st { + int three_byte_header; + int clear_text; /* clear text */ + int escape; /* not used in SSLv2 */ + int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ + /* + * non-blocking io info, used to make sure the same args were passwd + */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; + const unsigned char *wpend_buf; + int wpend_off; /* offset to data to write */ + int wpend_len; /* number of bytes passwd to write */ + int wpend_ret; /* number of bytes to return to caller */ + /* buffer raw data */ + int rbuf_left; + int rbuf_offs; + unsigned char *rbuf; + unsigned char *wbuf; + unsigned char *write_ptr; /* used to point to the start due to 2/3 byte + * header. */ + unsigned int padding; + unsigned int rlength; /* passed to ssl2_enc */ + int ract_data_length; /* Set when things are encrypted. */ + unsigned int wlength; /* passed to ssl2_enc */ + int wact_data_length; /* Set when things are decrypted. */ + unsigned char *ract_data; + unsigned char *wact_data; + unsigned char *mac_data; + unsigned char *read_key; + unsigned char *write_key; + /* Stuff specifically to do with this SSL session */ + unsigned int challenge_length; + unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; + unsigned int conn_id_length; + unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; + unsigned int key_material_length; + unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; + unsigned long read_sequence; + unsigned long write_sequence; + struct { + unsigned int conn_id_length; + unsigned int cert_type; + unsigned int cert_length; + unsigned int csl; + unsigned int clear; + unsigned int enc; + unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; + unsigned int cipher_spec_length; + unsigned int session_id_length; + unsigned int clen; + unsigned int rlen; + } tmp; +} SSL2_STATE; + +# endif + +/* SSLv2 */ +/* client */ +# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) +# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) +# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) +# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) +# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) +/* server */ +# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) +# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) +# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) +# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) +# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ssl23.h b/libs/mac/include/openssl/ssl23.h new file mode 100644 index 00000000..9de4685a --- /dev/null +++ b/libs/mac/include/openssl/ssl23.h @@ -0,0 +1,84 @@ +/* ssl/ssl23.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SSL23_H +# define HEADER_SSL23_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * client + */ +/* write to server */ +# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) +# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) +/* read from server */ +# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) +# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) + +/* server */ +/* read from client */ +# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) +# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ssl3.h b/libs/mac/include/openssl/ssl3.h new file mode 100644 index 00000000..e681d50a --- /dev/null +++ b/libs/mac/include/openssl/ssl3.h @@ -0,0 +1,774 @@ +/* ssl/ssl3.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# ifndef OPENSSL_NO_COMP +# include +# endif +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +# if 0 +# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +# if 0 /* Because it clashes with KRB5, is never + * used any more, and is safe to remove + * according to David Hopwood + * of the + * ietf-tls list */ +# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +# endif +# endif + +/* + * VRS Additional Kerberos5 entries + */ +# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 + +# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# if 0 +# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +# endif + +# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" + +# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define TLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content type for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + +# ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl3_record_st { + /* type of record */ + /* + * r + */ int type; + /* How many bytes available */ + /* + * rw + */ unsigned int length; + /* read/write offset into 'buf' */ + /* + * r + */ unsigned int off; + /* pointer to the record data */ + /* + * rw + */ unsigned char *data; + /* where the decode bytes are */ + /* + * rw + */ unsigned char *input; + /* only used with decompression - malloc()ed */ + /* + * r + */ unsigned char *comp; + /* epoch number, needed by DTLS1 */ + /* + * r + */ unsigned long epoch; + /* sequence number, needed by DTLS1 */ + /* + * r + */ unsigned char seq_num[8]; +} SSL3_RECORD; + +typedef struct ssl3_buffer_st { + /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + unsigned char *buf; + /* buffer size */ + size_t len; + /* where to 'copy from' */ + int offset; + /* how many bytes left */ + int left; +} SSL3_BUFFER; + +# endif + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined either for SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 9 + +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +# define SSL3_FLAGS_POP_BUFFER 0x0004 +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 +# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +/* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ +# define SSL3_FLAGS_CCS_OK 0x0080 + +/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ +# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + +# ifndef OPENSSL_NO_SSL_INTERN + +typedef struct ssl3_state_st { + long flags; + int delay_buf_pop_ret; + unsigned char read_sequence[8]; + int read_mac_secret_size; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; + int write_mac_secret_size; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + /* The value of 'extra' when the buffers were initialized */ + int init_extra; + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD wrec; /* goes out from here */ + /* + * storage for Alert/Handshake protocol data received but not yet + * processed by ssl3_read_bytes: + */ + unsigned char alert_fragment[2]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[4]; + unsigned int handshake_fragment_len; + /* partial write - check the numbers match */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; /* number bytes written */ + int wpend_type; + int wpend_ret; /* number of bytes submitted */ + const unsigned char *wpend_buf; + /* used during startup, digest all incoming/outgoing packets */ + BIO *handshake_buffer; + /* + * When set of handshake digests is determined, buffer is hashed and + * freed and MD_CTX-es for all required digests are stored in this array + */ + EVP_MD_CTX **handshake_dgst; + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ + int change_cipher_spec; + int warn_alert; + int fatal_alert; + /* + * we allow one fatal and one warning alert to be outstanding, send close + * alert via the warning alert + */ + int alert_dispatch; + unsigned char send_alert[2]; + /* + * This flag is set when we should renegotiate ASAP, basically when there + * is no more data in the read or write buffers + */ + int renegotiate; + int total_renegotiations; + int num_renegotiations; + int in_read_app_data; + /* + * Opaque PRF input as used for the current handshake. These fields are + * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they + * are merely present to improve binary compatibility) + */ + void *client_opaque_prf_input; + size_t client_opaque_prf_input_len; + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; + /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ + unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; + int finish_md_len; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; + int peer_finish_md_len; + unsigned long message_size; + int message_type; + /* used to hold the new cipher we are going to use */ + const SSL_CIPHER *new_cipher; +# ifndef OPENSSL_NO_DH + DH *dh; +# endif +# ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; /* holds short lived ECDH key */ +# endif + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + int reuse_message; + /* used for certificate requests */ + int cert_req; + int ctype_num; + char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + int use_rsa_tmp; + int key_block_length; + unsigned char *key_block; + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; + int new_mac_pkey_type; + int new_mac_secret_size; +# ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +# else + char *new_compression; +# endif + int cert_request; + } tmp; + + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Set if we saw the Next Protocol Negotiation extension from our peer. + */ + int next_proto_neg_seen; +# endif + +# ifndef OPENSSL_NO_TLSEXT +# ifndef OPENSSL_NO_EC + /* + * This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari on + * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. + */ + char is_probably_safari; +# endif /* !OPENSSL_NO_EC */ + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /* + * In a server these point to the selected ALPN protocol after the + * ClientHello has been processed. In a client these contain the protocol + * that the server selected once the ServerHello has been processed. + */ + unsigned char *alpn_selected; + unsigned alpn_selected_len; +# endif /* OPENSSL_NO_TLSEXT */ +} SSL3_STATE; + +# endif + +/* SSLv3 */ +/* + * client + */ +/* extra state */ +# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) +# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) +# endif +/* write to server */ +# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +/* read from server */ +# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) +# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +/* write to server */ +# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) +# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +# endif +# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +/* read from server */ +# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) + +/* server */ +/* extra state */ +# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) +# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) +# endif +/* read from client */ +/* Do not change the number values, they do matter */ +# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) +/* write to client */ +# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) +# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +/* read from client */ +# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) +# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +# endif +# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +/* write to client */ +# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x01 +# define SSL3_CC_WRITE 0x02 +# define SSL3_CC_CLIENT 0x10 +# define SSL3_CC_SERVER 0x20 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/stack.h b/libs/mac/include/openssl/stack.h new file mode 100644 index 00000000..eb072166 --- /dev/null +++ b/libs/mac/include/openssl/stack.h @@ -0,0 +1,107 @@ +/* crypto/stack/stack.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st { + int num; + char **data; + int sorted; + int num_alloc; + int (*comp) (const void *, const void *); +} _STACK; /* Use STACK_OF(...) instead */ + +# define M_sk_num(sk) ((sk) ? (sk)->num:-1) +# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); + +void *sk_set(_STACK *, int, void *); + +_STACK *sk_new(int (*cmp) (const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func) (void *)); +_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_find_ex(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) + (const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/symhacks.h b/libs/mac/include/openssl/symhacks.h new file mode 100644 index 00000000..30019579 --- /dev/null +++ b/libs/mac/include/openssl/symhacks.h @@ -0,0 +1,518 @@ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* + * Hacks to solve the problem with linkers incapable of handling very long + * symbol names. In the case of VMS, the limit is 31 characters on VMS for + * VAX. + */ +/* + * Note that this affects util/libeay.num and util/ssleay.num... you may + * change those manually, but that's not recommended, as those files are + * controlled centrally and updated on Unix, and the central definition may + * disagree with yours, which in turn may come with shareable library + * incompatibilities. + */ +# ifdef OPENSSL_SYS_VMS + +/* Hack a long name in crypto/ex_data.c */ +# undef CRYPTO_get_ex_data_implementation +# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl +# undef CRYPTO_set_ex_data_implementation +# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl + +/* Hack a long name in crypto/asn1/a_mbstr.c */ +# undef ASN1_STRING_set_default_mask_asc +# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc + +# if 0 /* No longer needed, since safestack macro + * magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ +# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO +# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF +# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO +# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF +# endif + +# if 0 /* No longer needed, since safestack macro + * magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ +# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO +# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF +# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO +# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF +# endif + +# if 0 /* No longer needed, since safestack macro + * magic does the job */ +/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ +# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION +# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC +# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION +# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC +# endif + +/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ +# undef PEM_read_NETSCAPE_CERT_SEQUENCE +# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ +# undef PEM_write_NETSCAPE_CERT_SEQUENCE +# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ +# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE +# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ +# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE +# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ +# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE +# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ + +/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ +# undef PEM_read_PKCS8_PRIV_KEY_INFO +# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO +# undef PEM_write_PKCS8_PRIV_KEY_INFO +# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO +# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO +# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO +# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO +# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO +# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO +# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO + +/* Hack other PEM names */ +# undef PEM_write_bio_PKCS8PrivateKey_nid +# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid + +/* Hack some long X509 names */ +# undef X509_REVOKED_get_ext_by_critical +# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +# undef X509_policy_tree_get0_user_policies +# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies +# undef X509_policy_node_get0_qualifiers +# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers +# undef X509_STORE_CTX_get_explicit_policy +# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +# undef X509_STORE_CTX_get0_current_issuer +# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer + +/* Hack some long CRYPTO names */ +# undef CRYPTO_set_dynlock_destroy_callback +# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb +# undef CRYPTO_set_dynlock_create_callback +# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb +# undef CRYPTO_set_dynlock_lock_callback +# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +# undef CRYPTO_get_dynlock_lock_callback +# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +# undef CRYPTO_get_dynlock_destroy_callback +# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb +# undef CRYPTO_get_dynlock_create_callback +# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb +# undef CRYPTO_set_locked_mem_ex_functions +# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs +# undef CRYPTO_get_locked_mem_ex_functions +# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs + +/* Hack some long SSL/TLS names */ +# undef SSL_CTX_set_default_verify_paths +# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +# undef SSL_get_ex_data_X509_STORE_CTX_idx +# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx +# undef SSL_add_file_cert_subjects_to_stack +# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk +# undef SSL_add_dir_cert_subjects_to_stack +# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk +# undef SSL_CTX_use_certificate_chain_file +# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file +# undef SSL_CTX_set_cert_verify_callback +# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +# undef SSL_CTX_set_default_passwd_cb_userdata +# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +# undef SSL_COMP_get_compression_methods +# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +# undef SSL_COMP_set0_compression_methods +# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods +# undef SSL_COMP_free_compression_methods +# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods +# undef ssl_add_clienthello_renegotiate_ext +# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +# undef ssl_add_serverhello_renegotiate_ext +# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +# undef ssl_parse_clienthello_renegotiate_ext +# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +# undef ssl_parse_serverhello_renegotiate_ext +# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext +# undef SSL_srp_server_param_with_username +# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un +# undef SSL_CTX_set_srp_client_pwd_callback +# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb +# undef SSL_CTX_set_srp_verify_param_callback +# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb +# undef SSL_CTX_set_srp_username_callback +# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb +# undef ssl_add_clienthello_use_srtp_ext +# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext +# undef ssl_add_serverhello_use_srtp_ext +# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext +# undef ssl_parse_clienthello_use_srtp_ext +# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext +# undef ssl_parse_serverhello_use_srtp_ext +# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext +# undef SSL_CTX_set_next_protos_advertised_cb +# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb +# undef SSL_CTX_set_next_proto_select_cb +# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb + +# undef tls1_send_server_supplemental_data +# define tls1_send_server_supplemental_data tls1_send_server_suppl_data +# undef tls1_send_client_supplemental_data +# define tls1_send_client_supplemental_data tls1_send_client_suppl_data +# undef tls1_get_server_supplemental_data +# define tls1_get_server_supplemental_data tls1_get_server_suppl_data +# undef tls1_get_client_supplemental_data +# define tls1_get_client_supplemental_data tls1_get_client_suppl_data + +# undef ssl3_cbc_record_digest_supported +# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +# undef ssl_check_clienthello_tlsext_late +# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +# undef ssl_check_clienthello_tlsext_early +# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early + +/* Hack some RSA long names */ +# undef RSA_padding_check_PKCS1_OAEP_mgf1 +# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 + +/* Hack some ENGINE long names */ +# undef ENGINE_get_default_BN_mod_exp_crt +# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt +# undef ENGINE_set_default_BN_mod_exp_crt +# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt +# undef ENGINE_set_load_privkey_function +# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +# undef ENGINE_get_load_privkey_function +# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +# undef ENGINE_unregister_pkey_asn1_meths +# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths +# undef ENGINE_register_all_pkey_asn1_meths +# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths +# undef ENGINE_set_default_pkey_asn1_meths +# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths +# undef ENGINE_get_pkey_asn1_meth_engine +# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng +# undef ENGINE_set_load_ssl_client_cert_function +# define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +# undef ENGINE_get_ssl_client_cert_function +# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn + +/* Hack some long OCSP names */ +# undef OCSP_REQUEST_get_ext_by_critical +# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +# undef OCSP_BASICRESP_get_ext_by_critical +# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit +# undef OCSP_SINGLERESP_get_ext_by_critical +# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit + +/* Hack some long DES names */ +# undef _ossl_old_des_ede3_cfb64_encrypt +# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt +# undef _ossl_old_des_ede3_ofb64_encrypt +# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt + +/* Hack some long EVP names */ +# undef OPENSSL_add_all_algorithms_noconf +# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf +# undef OPENSSL_add_all_algorithms_conf +# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf +# undef EVP_PKEY_meth_set_verify_recover +# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover +# undef EVP_PKEY_meth_get_verify_recover +# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover + +/* Hack some long EC names */ +# undef EC_GROUP_set_point_conversion_form +# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form +# undef EC_GROUP_get_point_conversion_form +# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +# undef EC_GROUP_clear_free_all_extra_data +# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data +# undef EC_KEY_set_public_key_affine_coordinates +# define EC_KEY_set_public_key_affine_coordinates \ + EC_KEY_set_pub_key_aff_coords +# undef EC_POINT_set_Jprojective_coordinates_GFp +# define EC_POINT_set_Jprojective_coordinates_GFp \ + EC_POINT_set_Jproj_coords_GFp +# undef EC_POINT_get_Jprojective_coordinates_GFp +# define EC_POINT_get_Jprojective_coordinates_GFp \ + EC_POINT_get_Jproj_coords_GFp +# undef EC_POINT_set_affine_coordinates_GFp +# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp +# undef EC_POINT_get_affine_coordinates_GFp +# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp +# undef EC_POINT_set_compressed_coordinates_GFp +# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp +# undef EC_POINT_set_affine_coordinates_GF2m +# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m +# undef EC_POINT_get_affine_coordinates_GF2m +# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m +# undef EC_POINT_set_compressed_coordinates_GF2m +# define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m +# undef ec_GF2m_simple_group_clear_finish +# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +# undef ec_GF2m_simple_group_check_discriminant +# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim +# undef ec_GF2m_simple_point_clear_finish +# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +# undef ec_GF2m_simple_point_set_to_infinity +# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +# undef ec_GF2m_simple_points_make_affine +# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +# undef ec_GF2m_simple_point_set_affine_coordinates +# define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +# undef ec_GF2m_simple_point_get_affine_coordinates +# define ec_GF2m_simple_point_get_affine_coordinates \ + ec_GF2m_smp_pt_get_af_coords +# undef ec_GF2m_simple_set_compressed_coordinates +# define ec_GF2m_simple_set_compressed_coordinates \ + ec_GF2m_smp_set_compr_coords +# undef ec_GFp_simple_group_set_curve_GFp +# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp +# undef ec_GFp_simple_group_get_curve_GFp +# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp +# undef ec_GFp_simple_group_clear_finish +# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +# undef ec_GFp_simple_group_set_generator +# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator +# undef ec_GFp_simple_group_get0_generator +# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator +# undef ec_GFp_simple_group_get_cofactor +# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +# undef ec_GFp_simple_point_clear_finish +# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +# undef ec_GFp_simple_point_set_to_infinity +# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf +# undef ec_GFp_simple_points_make_affine +# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +# undef ec_GFp_simple_set_Jprojective_coordinates_GFp +# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +# undef ec_GFp_simple_get_Jprojective_coordinates_GFp +# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ + ec_GFp_smp_get_Jproj_coords_GFp +# undef ec_GFp_simple_point_set_affine_coordinates_GFp +# define ec_GFp_simple_point_set_affine_coordinates_GFp \ + ec_GFp_smp_pt_set_af_coords_GFp +# undef ec_GFp_simple_point_get_affine_coordinates_GFp +# define ec_GFp_simple_point_get_affine_coordinates_GFp \ + ec_GFp_smp_pt_get_af_coords_GFp +# undef ec_GFp_simple_set_compressed_coordinates_GFp +# define ec_GFp_simple_set_compressed_coordinates_GFp \ + ec_GFp_smp_set_compr_coords_GFp +# undef ec_GFp_simple_point_set_affine_coordinates +# define ec_GFp_simple_point_set_affine_coordinates \ + ec_GFp_smp_pt_set_af_coords +# undef ec_GFp_simple_point_get_affine_coordinates +# define ec_GFp_simple_point_get_affine_coordinates \ + ec_GFp_smp_pt_get_af_coords +# undef ec_GFp_simple_set_compressed_coordinates +# define ec_GFp_simple_set_compressed_coordinates \ + ec_GFp_smp_set_compr_coords +# undef ec_GFp_simple_group_check_discriminant +# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim + +/* Hack som long STORE names */ +# undef STORE_method_set_initialise_function +# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn +# undef STORE_method_set_cleanup_function +# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn +# undef STORE_method_set_generate_function +# define STORE_method_set_generate_function STORE_meth_set_generate_fn +# undef STORE_method_set_modify_function +# define STORE_method_set_modify_function STORE_meth_set_modify_fn +# undef STORE_method_set_revoke_function +# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn +# undef STORE_method_set_delete_function +# define STORE_method_set_delete_function STORE_meth_set_delete_fn +# undef STORE_method_set_list_start_function +# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn +# undef STORE_method_set_list_next_function +# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn +# undef STORE_method_set_list_end_function +# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn +# undef STORE_method_set_update_store_function +# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn +# undef STORE_method_set_lock_store_function +# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn +# undef STORE_method_set_unlock_store_function +# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn +# undef STORE_method_get_initialise_function +# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn +# undef STORE_method_get_cleanup_function +# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn +# undef STORE_method_get_generate_function +# define STORE_method_get_generate_function STORE_meth_get_generate_fn +# undef STORE_method_get_modify_function +# define STORE_method_get_modify_function STORE_meth_get_modify_fn +# undef STORE_method_get_revoke_function +# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn +# undef STORE_method_get_delete_function +# define STORE_method_get_delete_function STORE_meth_get_delete_fn +# undef STORE_method_get_list_start_function +# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn +# undef STORE_method_get_list_next_function +# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn +# undef STORE_method_get_list_end_function +# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn +# undef STORE_method_get_update_store_function +# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn +# undef STORE_method_get_lock_store_function +# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn +# undef STORE_method_get_unlock_store_function +# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn + +/* Hack some long TS names */ +# undef TS_RESP_CTX_set_status_info_cond +# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond +# undef TS_RESP_CTX_set_clock_precision_digits +# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits +# undef TS_CONF_set_clock_precision_digits +# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits + +/* Hack some long CMS names */ +# undef CMS_RecipientInfo_ktri_get0_algs +# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +# undef CMS_RecipientInfo_ktri_get0_signer_id +# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +# undef CMS_OtherRevocationInfoFormat_it +# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +# undef CMS_KeyAgreeRecipientIdentifier_it +# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +# undef CMS_OriginatorIdentifierOrKey_it +# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +# undef cms_SignerIdentifier_get0_signer_id +# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +# undef CMS_RecipientInfo_kari_get0_orig_id +# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id +# undef CMS_RecipientInfo_kari_get0_reks +# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks +# undef CMS_RecipientEncryptedKey_cert_cmp +# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp +# undef CMS_RecipientInfo_kari_set0_pkey +# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey +# undef CMS_RecipientEncryptedKey_get0_id +# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id +# undef CMS_RecipientInfo_kari_orig_id_cmp +# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp + +/* Hack some long DTLS1 names */ +# undef dtls1_retransmit_buffered_messages +# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + +/* Hack some long SRP names */ +# undef SRP_generate_server_master_secret +# define SRP_generate_server_master_secret SRP_gen_server_master_secret +# undef SRP_generate_client_master_secret +# define SRP_generate_client_master_secret SRP_gen_client_master_secret + +/* Hack some long UI names */ +# undef UI_method_get_prompt_constructor +# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +# undef UI_method_set_prompt_constructor +# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + +# endif /* defined OPENSSL_SYS_VMS */ + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* + * These functions do not seem to exist! However, I'm paranoid... Original + * command in x509v3.h: These functions are being redefined in another + * directory, and clash when the linker is case-insensitive, so let's hide + * them a little, by giving them an extra 'o' at the beginning of the name... + */ +# undef X509v3_cleanup_extensions +# define X509v3_cleanup_extensions oX509v3_cleanup_extensions +# undef X509v3_add_extension +# define X509v3_add_extension oX509v3_add_extension +# undef X509v3_add_netscape_extensions +# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +# undef X509v3_add_standard_extensions +# define X509v3_add_standard_extensions oX509v3_add_standard_extensions + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/libs/mac/include/openssl/tls1.h b/libs/mac/include/openssl/tls1.h new file mode 100644 index 00000000..dd1d8c10 --- /dev/null +++ b/libs/mac/include/openssl/tls1.h @@ -0,0 +1,810 @@ +/* ssl/tls1.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS_MAX_VERSION TLS1_2_VERSION + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) + +# define TLS1_get_client_version(s) \ + ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +# define TLSEXT_TYPE_elliptic_curves 10 +# define TLSEXT_TYPE_ec_point_formats 11 + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ +# if 0 +/* + * will have to be provided externally for now , + * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 + * using whatever extension number you'd like to try + */ +# define TLSEXT_TYPE_opaque_prf_input ?? +# endif + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 4 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 7 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +# ifndef OPENSSL_NO_TLSEXT + +# define TLSEXT_MAXLEN_host_name 255 + +const char *SSL_get_servername(const SSL *s, const int type); +int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * zero otherwise. + */ +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, size_t contextlen, + int use_context); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ +SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +# define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) +# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) +# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_TLSEXT_HB_ENABLED 0x01 +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 + +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D + +/* + * Additional TLS ciphersuites from expired Internet Draft + * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if + * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We + * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. + * Note that the first two are actually not in the IDs. + */ +# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in + * ID */ +# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in + * ID */ +# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 +# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 +# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 +# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 + +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* + * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in + * draft 13 + */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* + * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave + * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we + * should be using DHE + * everywhere, though we may indefinitely maintain + * aliases for users + * or configurations that used "EDH" + + */ +# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" +# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" +# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" +# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" +# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST94_SIGN 21 +# define TLS_CT_GOST01_SIGN 22 +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 9 + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 20 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ts.h b/libs/mac/include/openssl/ts.h new file mode 100644 index 00000000..2daa1b2f --- /dev/null +++ b/libs/mac/include/openssl/ts.h @@ -0,0 +1,865 @@ +/* crypto/ts/ts.h */ +/* + * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project + * 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include +# include +# ifndef OPENSSL_NO_BUFFER +# include +# endif +# ifndef OPENSSL_NO_EVP +# include +# endif +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include +# include + +# ifndef OPENSSL_NO_RSA +# include +# endif + +# ifndef OPENSSL_NO_DSA +# include +# endif + +# ifndef OPENSSL_NO_DH +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +# undef X509_NAME +# endif + +# include +# include + +/*- +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +} TS_MSG_IMPRINT; + +/*- +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ +} TS_REQ; + +/*- +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +} TS_ACCURACY; + +/*- +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +} TS_TST_INFO; + +/*- +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* + * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c + */ + +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +} TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/*- +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +} TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/*- +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +} ESS_ISSUER_SERIAL; + +/*- +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +} ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/*- +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +} ESS_SIGNING_CERT; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in time stamp + * token. */ + unsigned flags; /* Optional info, see values above. */ + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +} TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + /* + * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the + * algorithm from the response is used. + */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +} TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +# define TS_F_D2I_TS_RESP 147 +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_RESP_VERIFY_TOKEN 107 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_D2I_TS_RESP_INT_FAILED 128 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/txt_db.h b/libs/mac/include/openssl/txt_db.h new file mode 100644 index 00000000..98e23a20 --- /dev/null +++ b/libs/mac/include/openssl/txt_db.h @@ -0,0 +1,112 @@ +/* crypto/txt_db/txt_db.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +# ifndef OPENSSL_NO_BIO +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +# else +TXT_DB *TXT_DB_read(char *in, int num); +long TXT_DB_write(char *out, TXT_DB *db); +# endif +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/ui.h b/libs/mac/include/openssl/ui.h new file mode 100644 index 00000000..0dc16330 --- /dev/null +++ b/libs/mac/include/openssl/ui.h @@ -0,0 +1,415 @@ +/* crypto/ui/ui.h */ +/* + * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project + * 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# ifndef OPENSSL_NO_DEPRECATED +# include +# endif +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Declared already in ossl_typ.h */ +/* typedef struct ui_st UI; */ +/* typedef struct ui_method_st UI_METHOD; */ + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is usefull when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parametrised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) +int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called wth all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int (*UI_method_get_opener(UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, + const char *, + const char *); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean promtp + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_UI_strings(void); + +/* Error codes for the UI functions. */ + +/* Function codes. */ +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_GENERAL_ALLOCATE_STRING 100 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_SET_RESULT 105 + +/* Reason codes. */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/ui_compat.h b/libs/mac/include/openssl/ui_compat.h new file mode 100644 index 00000000..bf541542 --- /dev/null +++ b/libs/mac/include/openssl/ui_compat.h @@ -0,0 +1,88 @@ +/* crypto/ui/ui.h */ +/* + * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project + * 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_UI_COMPAT_H +# define HEADER_UI_COMPAT_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The following functions were previously part of the DES section, and are + * provided here for backward compatibility reasons. + */ + +# define des_read_pw_string(b,l,p,v) \ + _ossl_old_des_read_pw_string((b),(l),(p),(v)) +# define des_read_pw(b,bf,s,p,v) \ + _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) + +int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/whrlpool.h b/libs/mac/include/openssl/whrlpool.h new file mode 100644 index 00000000..73c749da --- /dev/null +++ b/libs/mac/include/openssl/whrlpool.h @@ -0,0 +1,41 @@ +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +# ifndef OPENSSL_NO_WHIRLPOOL +# ifdef OPENSSL_FIPS +int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +# endif +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libs/mac/include/openssl/x509.h b/libs/mac/include/openssl/x509.h new file mode 100644 index 00000000..6fa28eba --- /dev/null +++ b/libs/mac/include/openssl/x509.h @@ -0,0 +1,1330 @@ +/* crypto/x509/x509.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# ifndef OPENSSL_NO_BUFFER +# include +# endif +# ifndef OPENSSL_NO_EVP +# include +# endif +# ifndef OPENSSL_NO_BIO +# include +# endif +# include +# include +# include + +# ifndef OPENSSL_NO_EC +# include +# endif + +# ifndef OPENSSL_NO_ECDSA +# include +# endif + +# ifndef OPENSSL_NO_ECDH +# include +# endif + +# ifndef OPENSSL_NO_DEPRECATED +# ifndef OPENSSL_NO_RSA +# include +# endif +# ifndef OPENSSL_NO_DSA +# include +# endif +# ifndef OPENSSL_NO_DH +# include +# endif +# endif + +# ifndef OPENSSL_NO_SHA +# include +# endif +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_SYS_WIN32 +/* Under Win32 these are defined in wincrypt.h */ +# undef X509_NAME +# undef X509_CERT_PAIR +# undef X509_EXTENSIONS +# endif + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +typedef struct X509_objects_st { + int nid; + int (*a2i) (void); + int (*i2a) (void); +} X509_OBJECTS; + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +DECLARE_ASN1_SET_OF(X509_ALGOR) + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +}; + +typedef struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +} X509_SIG; + +typedef struct X509_name_entry_st { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; /* temp variable */ +} X509_NAME_ENTRY; + +DECLARE_STACK_OF(X509_NAME_ENTRY) +DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) + +/* we always keep X509_NAMEs in 2 forms. */ +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; /* true if 'bytes' needs to be built */ +# ifndef OPENSSL_NO_BUFFER + BUF_MEM *bytes; +# else + char *bytes; +# endif +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */ ; + +DECLARE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +} X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DECLARE_STACK_OF(X509_EXTENSION) +DECLARE_ASN1_SET_OF(X509_EXTENSION) + +/* a sequence of these are used */ +typedef struct x509_attributes_st { + ASN1_OBJECT *object; + int single; /* 0 for a set, 1 for a single item (which is + * wrong) */ + union { + char *ptr; + /* + * 0 + */ STACK_OF(ASN1_TYPE) *set; + /* + * 1 + */ ASN1_TYPE *single; + } value; +} X509_ATTRIBUTE; + +DECLARE_STACK_OF(X509_ATTRIBUTE) +DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} X509_REQ_INFO; + +typedef struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; +} X509_REQ; + +typedef struct x509_cinf_st { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; +} X509_CINF; + +/* + * This stuff is certificate "auxiliary info" it contains details which are + * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself + */ + +typedef struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +} X509_CERT_AUX; + +struct x509_st { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int valid; + int references; + char *name; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +# ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +# endif +# ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +# endif + X509_CERT_AUX *aux; +} /* X509 */ ; + +DECLARE_STACK_OF(X509) +DECLARE_ASN1_SET_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DECLARE_STACK_OF(X509_TRUST) + +typedef struct x509_cert_pair_st { + X509 *forward; + X509 *reverse; +} X509_CERT_PAIR; + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC 1 +# define X509_TRUST_DYNAMIC_NAME 2 + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old + * X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +struct x509_revoked_st { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; + int sequence; /* load sequence */ +}; + +DECLARE_STACK_OF(X509_REVOKED) +DECLARE_ASN1_SET_OF(X509_REVOKED) + +typedef struct X509_crl_info_st { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; +} X509_CRL_INFO; + +struct X509_crl_st { + /* actual signature */ + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; +# ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +# endif + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; +} /* X509_CRL */ ; + +DECLARE_STACK_OF(X509_CRL) +DECLARE_ASN1_SET_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; + int references; +} X509_PKEY; + +# ifndef OPENSSL_NO_EVP +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; + int references; +} X509_INFO; + +DECLARE_STACK_OF(X509_INFO) +# endif + +/* + * The next 2 structures and their 8 routines were sent to me by Pat Richard + * and are used to manipulate Netscapes spki structures - + * useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +/* PKCS#8 private key info structure */ + +struct pkcs8_priv_key_info_st { + /* Flag for various broken formats */ + int broken; +# define PKCS8_OK 0 +# define PKCS8_NO_OCTET 1 +# define PKCS8_EMBEDDED_PARAM 2 +# define PKCS8_NS_DB 3 +# define PKCS8_NEG_PRIVKEY 4 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ +# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) + +# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +# define X509_CRL_get_issuer(x) ((x)->crl->issuer) +# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) + */ +# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) + +const char *X509_verify_cert_error_string(long n); + +# ifndef OPENSSL_NO_EVP +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +# endif + +# ifndef OPENSSL_NO_FP_API +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +# ifndef OPENSSL_NO_BIO +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +# endif + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) + +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_alias_set1(X509 *x, unsigned char *name, int len); +int X509_keyid_set1(X509 *x, unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); +int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); +X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +# ifndef OPENSSL_NO_EVP +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); +# endif + +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(X509 *a); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); + +int X509_REQ_set_version(X509_REQ *x, long version); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); + +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +# ifndef OPENSSL_NO_FP_API +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, + unsigned long flags); +# endif + +# ifndef OPENSSL_NO_BIO +int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); +# endif + +int X509_NAME_entry_count(X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, + unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(X509 *x); +int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(X509_CRL *x); +int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos); +int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, + int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(X509_TRUST *xp); +char *X509_TRUST_get0_name(X509_TRUST *xp); +int X509_TRUST_get_trust(X509_TRUST *xp); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +void ERR_load_X509_strings(void); + +/* Error codes for the X509 functions. */ + +/* Function codes. */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 106 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_GET 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 + +/* Reason codes. */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_ERR_ASN1_LIB 102 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/libs/mac/include/openssl/x509_vfy.h b/libs/mac/include/openssl/x509_vfy.h new file mode 100644 index 00000000..50626826 --- /dev/null +++ b/libs/mac/include/openssl/x509_vfy.h @@ -0,0 +1,652 @@ +/* crypto/x509/x509_vfy.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_X509_H +# include +/* + * openssl/x509.h ends up #include-ing this file at about the only + * appropriate moment. + */ +#endif + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +# include +# ifndef OPENSSL_NO_LHASH +# include +# endif +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# if 0 +/* Outer object */ +typedef struct x509_hash_dir_st { + int num_dirs; + char **dirs; + int *dirs_type; + int num_dirs_alloced; +} X509_HASH_DIR_CTX; +# endif + +typedef struct x509_file_st { + int num_paths; /* number of paths to files or directories */ + int num_alloced; + char **paths; /* the list of paths or directories */ + int *path_type; +} X509_CERT_FILE_CTX; + +/*******************************/ +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +# define X509_LU_RETRY -1 +# define X509_LU_FAIL 0 +# define X509_LU_X509 1 +# define X509_LU_CRL 2 +# define X509_LU_PKEY 3 + +typedef struct x509_object_st { + /* one of the above types */ + int type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; +} X509_OBJECT; + +typedef struct x509_lookup_st X509_LOOKUP; + +DECLARE_STACK_OF(X509_LOOKUP) +DECLARE_STACK_OF(X509_OBJECT) + +/* This is a static that defines the function interface */ +typedef struct x509_lookup_method_st { + const char *name; + int (*new_item) (X509_LOOKUP *ctx); + void (*free) (X509_LOOKUP *ctx); + int (*init) (X509_LOOKUP *ctx); + int (*shutdown) (X509_LOOKUP *ctx); + int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret); + int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type, + unsigned char *bytes, int len, + X509_OBJECT *ret); + int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len, + X509_OBJECT *ret); +} X509_LOOKUP_METHOD; + +typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; + +/* + * This structure hold all parameters associated with a verify operation by + * including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +typedef struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +} X509_VERIFY_PARAM; + +DECLARE_STACK_OF(X509_VERIFY_PARAM) + +/* + * This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' function is + * then called to actually check the cert chain. + */ +struct x509_store_st { + /* The following is a cache of trusted certs */ + int cache; /* if true, stash any hits */ + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + /* These are external lookup methods */ + STACK_OF(X509_LOOKUP) *get_cert_methods; + X509_VERIFY_PARAM *param; + /* Callbacks for various operations */ + /* called to verify a certificate */ + int (*verify) (X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation) (X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + CRYPTO_EX_DATA ex_data; + int references; +} /* X509_STORE */ ; + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) +# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) + +/* This is the functions plus an instance of the local variables. */ +struct x509_lookup_st { + int init; /* have we been started */ + int skip; /* don't use us. */ + X509_LOOKUP_METHOD *method; /* the functions */ + char *method_data; /* method data */ + X509_STORE *store_ctx; /* who owns us */ +} /* X509_LOOKUP */ ; + +/* + * This is a used when verifying cert chains. Since the gathering of the + * cert chain can take some time (and have to be 'retried', this needs to be + * kept and passed around. + */ +struct x509_store_ctx_st { /* X509_STORE_CTX */ + X509_STORE *ctx; + /* used when looking up certs */ + int current_method; + /* The following are set by the caller */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; + X509_VERIFY_PARAM *param; + /* Other info for use with get_issuer() */ + void *other_ctx; + /* Callbacks for various operations */ + /* called to verify a certificate */ + int (*verify) (X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation) (X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + int (*check_policy) (X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + /* The following is built up */ + /* if 0, rebuild chain */ + int valid; + /* index of last untrusted cert */ + int last_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + /* Require explicit policy value */ + int explicit_policy; + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; + /* score of current CRL */ + int current_crl_score; + /* Reason mask */ + unsigned int current_reasons; + /* For CRL path validation: parent context */ + X509_STORE_CTX *parent; + CRYPTO_EX_DATA ex_data; +} /* X509_STORE_CTX */ ; + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 + +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 + +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 + +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +# define X509_V_ERR_UNNESTED_RESOURCE 46 + +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 + +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 + +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 + +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 65 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 66 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 + +/* Certificate verify flags */ + +/* Send issuer+subject checks to verify_cb */ +# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check selfsigned CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 + +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + int type, X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +void X509_OBJECT_up_ref_count(X509_OBJECT *a); +void X509_OBJECT_free_contents(X509_OBJECT *a); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); + +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb) (int, X509_STORE_CTX *)); + +void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, + STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX + *ctx, + X509_NAME *nm)); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); + +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, + X509_OBJECT *ret); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +# ifndef OPENSSL_NO_STDIO +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +# endif + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, + unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, + X509_OBJECT *ret); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +# ifndef OPENSSL_NO_STDIO +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); +# endif + +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb) (int, X509_STORE_CTX *)); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/include/openssl/x509v3.h b/libs/mac/include/openssl/x509v3.h new file mode 100644 index 00000000..f5c61560 --- /dev/null +++ b/libs/mac/include/openssl/x509v3.h @@ -0,0 +1,1055 @@ +/* x509v3.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_SYS_WIN32 +/* Under Win32 these are defined in wincrypt.h */ +# undef X509_NAME +# undef X509_CERT_PAIR +# undef X509_EXTENSIONS +# endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, char *section, char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DECLARE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +DECLARE_STACK_OF(GENERAL_NAME) +DECLARE_ASN1_SET_OF(GENERAL_NAME) + +DECLARE_STACK_OF(ACCESS_DESCRIPTION) +DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DECLARE_STACK_OF(DIST_POINT) +DECLARE_ASN1_SET_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DECLARE_STACK_OF(SXNETID) +DECLARE_ASN1_SET_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DECLARE_STACK_OF(POLICYQUALINFO) +DECLARE_ASN1_SET_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DECLARE_STACK_OF(POLICYINFO) +DECLARE_ASN1_SET_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ +",name:", val->name, ",value:", val->value); + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DECLARE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, char *value, + int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, + char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *name, char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); +int X509V3_EXT_free(int nid, void *ext_data); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); +int name_cmp(const char *name, const char *cmp); + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +int X509V3_extensions_print(BIO *out, char *title, + STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + char *name, char *sname, void *arg); +char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int a2i_ipadd(unsigned char *ipout, const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DECLARE_STACK_OF(X509_POLICY_NODE) + +# ifndef OPENSSL_NO_RFC3779 + +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DECLARE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DECLARE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DECLARE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int v3_asid_add_inherit(ASIdentifiers *asid, int which); +int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned v3_addr_get_afi(const IPAddressFamily *f); +int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int v3_asid_is_canonical(ASIdentifiers *asid); +int v3_addr_is_canonical(IPAddrBlocks *addr); +int v3_asid_canonize(ASIdentifiers *asid); +int v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int v3_asid_inherits(ASIdentifiers *asid); +int v3_addr_inherits(IPAddrBlocks *addr); +int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int v3_asid_validate_path(X509_STORE_CTX *); +int v3_addr_validate_path(X509_STORE_CTX *); +int v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, int allow_inheritance); +int v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +# endif /* OPENSSL_NO_RFC3779 */ + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_X509V3_strings(void); + +/* Error codes for the X509V3 functions. */ + +/* Function codes. */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_CONF 124 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_HEX_TO_STRING 111 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_ASN1_SKEY_ID 114 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_STRING_TO_HEX 113 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_CONF 107 +# define X509V3_F_X509V3_EXT_FREE 165 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* Reason codes. */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_ILLEGAL_HEX_DIGIT 113 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libs/mac/lib/libcrypto.dylib b/libs/mac/lib/libcrypto.dylib new file mode 100644 index 0000000000000000000000000000000000000000..b88d5522cbdb430b2262ea6fb3c0d04221b450f4 GIT binary patch literal 1986176 zcmeFa4SZD9)i*jrG9iJ488l#2kVJz`6m7|bUuFnctgPXCvc~KbZ-=w{5xKUM>Nwv0dLCmsWazJeUjhz#P6XM0^ZB9 zyt#qybM6QKRsjiqf=(go;C+9&WE?)H)2A*yIORo`}1*%20UfT z)ag^EJ^ApgsiO3Jc=JCL@ERpiPxm2Aqv3?EN$%<~;FKw{beG;o)amk88p1}upD6B0 z-Ux0;cBV{uY)*u07lyY&0LS+wJ@6v=h)5arpFMNRyk}-TGH2$LxvnRB;kN?)>7URZ zgMsd&=_GhB@D}20%9NQ8e;>TnI=p2%5W0_sNA$8D@Mg`SNuA-EGR-}^xEFp(Y)|~? zJ{n#^6fC;zEq6WV;~^d1s@H`a(|xoYp9c=`9(~yLaHRD7`L!%h;g!v+L>s#Qet3_} z>p4F?@oSe!k_?8@8wEW2j)o_&j?@vovu4ei9V$5=zq!u}cuJ@Nexvz!K0InoZKq6e z*zdUACfh?cv{b+mRuT;+>Uf?L*wMU3!y>yp5g+1?D5r0u;iv9-PyTe~oZ^RP{&db< z7d}&G&zm>%r!!|fLZ9L%pPB2LbG`NYEd2NAGblkP{_je#B#W*vu5vkWeEd?wYEi|% zJ8|y?5^LuHuL2|2eHuG!_hp7NxL7@Nn4$52(J+ue=>0OGbo9B`Vlb4U&3wJQuOIL9 zVTSMer~oRQ##K!>Ip$n-!^{t7s{eTF*39AQC0p1erI2ySC~w!^F#gzkVP8*=2@|XhA{wkNggGkpn++ z;71Pp$bla@@FNF)luYa^Ob}{Qs2$g$ny}@whb_#$yMdv%)sr6C+Urs2OB;ygBj~7 z4p=4OOImvX-+`+M%5B(c2hz~a-B-KM(N5cE9%!(7mGav7`-^G_yS20>7njoAlYwR) zp=qw@hX9D8nkMU5rYN2vBM2%*u+|U9*N5Hs3O1t0Q0n0xqG?}o!s102b49uUVTl5< z*8>m;G3X#@5PtfmwiDlN6{10W&ju22K==lxIoN6KuY(Bjq=PT@ z03%u@QL8-QePmPw@3qu2!lQG5M?6Ye(HDduYPEzxnADcQgAUfA{hX5(+ytPnM*%JF z2{a7@2OB}WD>hgYxXP|BjK?h8ibhp5Yr!G6qc3591d*|ig7|m3g*D$VJ*Z2{J<{FM zU6UoY#m;uIlM?%`vSof6hD_Iobja*$Vr7@ij^8gmAU!BeDGIhiR=Tc*thla&u+G6a zG*#E2slw_++u)ErXu$S|`n08izR*n#&A&Pr+#K?I{H(tVF=_2tga=8EC4o|9kaeHl zZkG3BtmkPgbH!PJ0BQ_(A<-yA_bAcG=G=fBIC-0(>vrt`WO-~&$#@jz5Jvm7LnyH` zzq2yvx>r*Bdz7HW%r$} z?u{5aL|?EK;GFC`^w@h%1ld(Rdng=PXXO{JpV-v}=`?T8qea#2R6gWYbi}-cK(>v7 zCWUUezE7SQVUcQbMU9h3<3#l3?hsRQcpGBM<}brcxeA4#atlgyyEQ5p1H`F3#N}hG z2dPCm!2EbvE7f!+GtzQHUoCr>DRfwc4nq8J^Ir7L|3q$BZdvrrOVKw^M{ZQpucB|< z;TvwOwV{ZADs1@OD2_6f3d?nb8v;945U;TQ3VS+UpcPegQ;*W}+{@9=;7$aDi*U6T zoQRNO2*VUBg=#vQAy_jIMqP{#-BC^Z_2Q&pqqRX{w`25yfx+6NWrGdjdxga)EI&R9 z>nbvt0pOHn zp>|E|gu>22J#StNT)f(qq?!GIS6DL(VJ;@xSe>11mDmn;($3BT>e-(NLa%VJV{D(y z4m#Kw8*As-!)g@ic7sc$%)SyfLi<&BFet?o86;LD3}vKh3aVIh&;GjDvu@a^A?4i} zi!N1)VM>y`Uk!y_i1h`oQaq*yaWERVth{CyboeGRzEb^axCmN^iZ{Z9#b~l|QYQJ3P6k9=H^X zZ2_lZ{mmeS)&MJw1WTRq;=M*|LuofK^eLVN@kT;LyA!o2bH|--l&&g>mq;sATPyRG zHPBHI8EXJ#0~DW@%ErfvxuNxd&x=xaq!Gi|SyzSEb+tLO@*%7>=1k9A{!>_L&MaDD z&YZf!oH=W?In(VmXO>_stjt2SgDDvfmY1q9B}HKqEee~9k&_x)X<8FNdM7bYVdFul z4YlLr{o`Y^Fqpp|(FgJSGjE#XU^}(9FcT*I|)-}+Kf8~%l%Xo+C-tB7mlf?LN>fX z)ZHZNYD8Tvez>(ckL^Xlkx!tCi>_*V3YS=(=?)d8dIcf5Ae|$5hXVZU3hQVAf(F%z~_|7@t9m!m$w>jx2+2S6T=@Y{a6)B)&aDEtJ44v%Rx@9P-rRm`?}9VS(; zraqpeRH_atW9w1fsjyo^Ab)#4NW#My!b7E6;PEVP#qlIO7Vz7+o_I{5LQm3$vlwWb z7^qQUmk@2#M>)R_6=q)vi;qQ9Z!?PD#)WVj$#459l?@!i75vudgzcfem*CdU^uM&{ zA^P6byZ_tt5n_`kN^F-xtN1zX+GhtFJoAm%uF9-Slep6IjcgJqrX9(-Utwt#j5^N> zaT>WQik*bSP7&{55Fe!Jbc4EqI(ipdJ8b0Sfcv_WK=Xy>7=kt#!66?$l>+J5fIhoM z2#(}PA9ChWo1;wxo)vszBiO=;VcR9vVQ1gL4>wo5 zjVVO8$`

ui#Q1d(!;U^E9oh>2`sO%xpVcmv9;!*ct7CpChZb9l=KWR*JhhHr2r) zU${9D&dP6GBb~(^aElz|_MFhZnLikY2v~P$i_>UX{yI2hD;i@6?FvEeC4yYu>S)vu zy{RFFK+das64_P>MW!_%5Jzlq_J(o_7Va$M2Bwqy9hz6!UijOL01beHr?+*LN1E4Je<*uawR!@aq3 z1MbS}`!Q1iZh_Q%I2mH!PgxotCSU~ZmG)q;Z8>f`OsQxEh$LW&r=(TebQ1XH4nnEH zl?+!dfkSb(YW+_IgRpnSif1_aEdnH`^Az=Ed$h5DD#+&}Q6PtkuM8LS)|5X&#RE}X zI`R+0E;XFRFmK{l@nD#DFn-YV3cnq)uB6967ZL8;j|GD=cjhfTaIhZA)r8Msd~(s3 zi<(k?B*og&VHyuOM%N>tOw*2^z{2ktGM!+WfW&%^&TxXc2ryS0J4_d&c|Z3M;B%3{ zN7F382a%xHyyg!uc|)$D-jog|dS6MsCG_UIgA_gZ1t;O)<>Bp)YWggE6K#G^*;!D# z0~k}FX$3%jLUXRIfV#j-_btFclp9m!p)vBh$ZO#Sa5iEPF9M>$JpzbQ+9R5;psv}w zc%*DLD#>)`!i;I%kUs}2w#aN=ii16y>d(&tJcHuT&%h59J@+18CT z(-cq9TEaLH&_UDVC?%Sv>mu; z6gwN?WOFQ7NU--xv9ZVE?d5f;9j5+h)X#mf)k{HAJBtfo546ASZ|Fgrx|g5}Fr(cm z9FjZU?k}Ld5k^w5mM0xTxt$ecb(p-kGP(z#o`l>G7-$V@^XAdMwIB!Tx=b4nNT|)D zTFlmOImDm~%IRLFy|!D(YJW7(3+B;umZAaHA1!mIs6yOO$s?C9CTPbL`U4d9(B_>X zbqH#Y<5$c|7HL*_twORbA_KzJR{Q^_vaR;NR(ECjWQKf>$`1E^+BD1&gk%zUv+EMh z8<$PY-fCb1npP|93Q$pnO6@OPkGZlBRn%ueMbKr^FmaIS{n~0wtU%pOT?uue6nug0 zA<4tgo9|;xS_^~`z4_W))HV|^#AVnA;W*38D_mb7Pn*ZtQu!I9dph|}PVG%_3N+j& z@a`lK9`_1?cR#}WxX${a4wfVHZFBD7p&*vkX|F=U1kzsg3k;RkmVq41giLGsM&{Fw zLC?iJgm>{m%TtMw<+;BHBm<%gs_A8dNn%PNSb@yrgbXWcR{S;%g$BQ^m43j`8N6}O zH3qW26GaY>yO}(n;jnfRB32L(>~0D*RNwnFMVW}jqbd=oe~kcmhUB0$YEeHm84Qny>LOVd84*@acO1U+g{s>O-M@9B-% za1XWh3|apaM&=QFzEZ_udC)%7LX$uLH0M`p*c62wNd!OcMTi7$B$ze0k>VDZ16!l{ z9>h5+S3nZ+vqb!q;z#jUuEq}$VOL|*7508TmEIC(u8=@&hbbBO7~KgD&)*wS5m4-& z1?f=I_o=h?{OrL7Rf(5X{GS&Kw6lP=;(3FbuBT9qVCnItpc<^5JO>`9=WP>JJ3J+g zP+3RjQM>9$&vL4Ay2Xa86hQgTO_KpnRr?ou((k3{i6zis40M>DONJ40-GE5AJ#!zS zld8QKAQ3TwNmf~p{;Y;TNA0|ewddQ*Kp7Qei0|M z{m>12aI-zQfmHMymUu{^`l*n@TWpQ)ix2=K`HV8S+U1YyLEXD2WAg`XfA=D2mFrHS z-5$7}nyZ)u$ge#C#32U4n9M^BA#nBjUxH8`!E~_W+K``9oBi6q1dF+oKgKx#L+U3@ zWGYJ#5YDypaU5`JCt~r5@?P^WkL0F4`Xv#NdnMYzL?EPzpTc%+A9Oa#tIpS3-$<<^ zyKRR$NKp&0Iz4Ss?@3YbjCWvFVg4d1cz|4>@}TKyi$YVEw5Lf#jf)UMHhl|Jgh^i; zOf^_grkdUz%#EIVFm=@EJOzczQ79T>o<0o|KpxwN4fxXj`~~5YI}hy)ZVEbIG@W+n zrecET8S*>o!YvH%vKd{9+MYxo8U)st=E5_?)f4bO0_;R1_-W<2DI9d7gN-rcigr~5 zSn3J*5Oui>UG&2~pnkv-P0v_bomA6i6czTE>COsY`x;0z;NigU!n4tBuFI{A!+mwyqlBx@Q9 ztz!LAO<6k7MC~OZ(<2116u#}nk|LmpBgqhkJs=!43z8GHp9u(`Q-PY7`fo#cI}9OS zK=^L~A>;cXz_&z%SYoHKAlTJ$=~$tVF7O*aS0_8;1+IIw2^;C)S{~a?Z5E{jH{me* zfd-x^Fr12lRJY);410~`b0S*v$W=gs^#1$_$dMV7ynY(Ksw8|#YfB(gfnlf}-B+y} zwc1<92EfSo*j0e*`t}|s7;EXJ+TVeMJhpwISy69+x4@N|%BW-L;P~#z4$qj)b3+=; zrMVKaNT|MffEH`})D(j!-^fgPxQLSZ7xY#O&?@RE8Y*8fh^8y(wrHN)h*BrJ+R0|qu?T=ofM;a$ z;uqRuYs4=tqE!TdpS^O9%q1wVwgQT}C|)b9Cl6?fWo+}JN2mbvJrhC!&!iQTwurj& zDV-jf(s=~n#5c4coz^mr>N}kPe1W7p`)WU(+E=4}APc<5J_4)fqIi)EF$lv0#Y?DP z!~{J{J=*t&H`HOR4Ew2}%~A?-1Qh13*WSZsUTlrc6+3{d-QOSI1p6bbkz%XQ$^Qqz zUJBUoisQArL94`SDI(|`?-}={=riU8^r?E6T7HUk8IeB2KZJL*uUHUEa^(=?-;LsuQO&mpfFWL$%Ya!6iNlAETb8Z5t^!mEmX@e8{A|DiLvV!8??yfhi1X zDM4A`b+Gt;gc3=OpcRMe&vwqXIK{ToDqsbd+ zLiX9_<;XbLthJ=r{hg}ob3>pYiq;g2?C^|S1RxG}P|qfj5sQLl@_^fGFXhPR+0 zsa3YUd|`^gHOk4(!XDI9Tz;Q+C3fmgHO@&X5^4$d`q0aR4t3UAn&i7v1Ruclo!Gb!2 z_5!$zI8r>BRQT$-cK{mgaP|{(5FaJr9(SXbDxf>YcDn}i6;xX%wq{p=93beR;Ua9K zOebw5AqaF3aZ4IS_1s#_;5gw+T6-_G`aQC`!2ggT4hKLm`X3%hF=%aALJ2#Z*n+H= zQG{sOdtai^GbXEu?uy!0;+A-dh-AxygJEX1ztWG7n})HQkVv^g6u-cWt=_Sl5Y-m5 z#TQqa(39GqP>Z2(x?2-fCn7Nxz8`S5Iy|-`+6O=!2c0xezsDud4)Mf#9{p*oK`Ha? z9%wWuRo^_)S-&ps@v+M3!wTD}AZqW^Zc}{c%!;v2nNj!d&HX^Z#2Cfbh0?>fDjwN_ zo6deprcasSTLE4vCjMRJsh-X5UvPRThqRqI#UXVM#-3i8QS(0c0T6@M0U7DCpK^MS z!{Zn{!olhlUn^o0iKR-_9~Z^mU#CgHrk(@arBpR+a8-BR_p6ITMU4V@*FeQs{dnD@ z#v0F>%jRNdS9b1?h)LVsYYt8G$`ar#LaO zvnHkLp3F&GR@B>YCLq`lqB#jPD{DcZp>z_a(EJWKsijJpKI2Y##y#;Cq@6xq5IfFh z+$b5V<(NyPvMy@4U|_ILDyuI2$GIRppvrB}Bm}q6J*v1+%5XGg_0D9;lYbI%h8fd#+Df^l;Bxb z^K07w6t_5Lv=AT%Yf*fG+w8vXG|AW^c`A%c@Ki7#XGCRS5_yNH#yBI5&7NU-tl8H& z!lzwf#BaZtdlF^ip3Lg9>i3@`nA?=%I>p#{f6;v8)fsKf!WF2->Wz4yJXoKKO{c=( zY2&<>w!$7~J@lek8Xo)mKKq^>IB^2!0elM-Ur?n!gR1v{PY69{>b7)`oyyio#tioj9 zqAevP#R{qYm5NzbV1>2?)l_^*Ym4x${j-(3h9(Xv z%ErEE`aGDTXPIonl@SNc`aiY5!xJ0VE}P%&@BWrldD+PtSeWb0BPsw9CdsP!4yGyz zjVEi&BV^i8HsfHqAm03@#2~q4-33!;yJ77mq|bHDm_5}_*9pF|GqYV&XNqfc#R~vb z)-AbR(|OD4vaYGKT{C!Xb=jF>$tjC#_rqi!O3iQPLK91$#CE-!NI`*=&>)o^Fvf$_ zvMzj=K6&F>`Z2%hFn`cw5At>f^PA?XgTu__s{q9pu*f;v%`ebdblE{H`^VaTjZ3M# zJ65W~ZScv<)C&g_n( zJBy+8yEylyBiqeEbMD+Ylfl(LcVb+;0kzoi2fGQEd8uM-sk{q^-W-Mnn3Z-LpN`XO z$_~)WNzesRcOsK*1CITlymT$?HLVRm&0KZhvM1xp4k4#K$fm^8{pItLP-Sc^Z;dPO zjB_Qf4SpRwCZ+kxAB*2__Z>);8GQX3M?yWH&8YcQ;Hs9NGtavO-v(FW;{HncQDk>6 zGP+OE3>%cwe2>d(JWs**SY!+YDF4axRHt&f4u>IB7Vkbn{oP(2d_-QRnU8t#X~1V2 zJ}vlsfzLPibl?-5W}^o9YM`%e^wmONU(nY#^wmLMK?S)p2)bfdYz;bbYHDq8TDLjL z7hppPPj(bR z^^Bn-aP6kG-1i1oCbD)dlzE+0RRsG>V#iMgsw7-VYwsgTxuJ!eZN5;Rzmw9_Gr;at z9Kyrfr6unv;Bhcr1%?uz83p<~jhF_E(=mJoKCbdW0pHiZRPqYYCV_NxczD zgu~R_kto*&popR{D7LG2TY?iUw2+^Klt`aI5)FajifTI9nPMnkODloFrO}DacGMH? zI2S%IEHB(IdY0@+DtX>&?g!`$TLT29lzk;8!P%@ZDV|vswnZz3((1_GhSp2aS|IxX zG$n%Ue3WZNDC&*u1R%q`tB_ZvhnqPH9-GE;cyc%;iL1F81m80T{xMipt$q9X5L*H;o^ce|AmCrZ4XU~Y z+|#ml(j@YrjcYy+GZxj;lp%1mT4p!nq=#OHMA_*IyN}RgfCdP2Ad*@d;Rf@g6wgD4 zq({)Qid03rVG=y2v5&_t90tDfc+EH*mUl?O9f(k1r?OcYTeILRibrYJGy{R&u?SA+ zMV!#$J7PVPjO=bG=eT;o1_j4oh#v8WMdrpAwT;Gjx?jeP@)sRqj_zT@+i>YnpUzUk z2_$3k3B?vzqDml_yA}=R$2r*3S%D0#hK!$@`!@CWj3H&$hQCX07M6rpsF0bK;3s@w zK!RXV$5f!KvP11ZKW=QDE4HYHe85G(>(@|n!mFq)AIh?X=lhif*CPP4AXzn?z;joK zk`M5kzQ7g9a#2lrZVRpru7Q5jR$L$^WWcFi?zJ>F#=3`~O`Zs@vME`>&_)Hjd@v7Z zhhk*D=wU^>)8aO1d2xvV6N=P41W}?!s_9ZEyiPyM9gJVmk)MKz)rSt&YTpSZ6SSHs znE*KjnK;cT&m9kpL|Rb`ZQ4C!egky0KdvTpO;;1T6ek!1UXc;7<1Kn35M!>Ov;(vs z0zX?ksY!8UZPIow-p#z*M`$9IFG@DJt`V^{*!MAC+!N}+vjS5^2QTmNB0AX1Z!@?? zpy5a1hLrK7o!-VFV;S+frrOIF#fw(2gsVrIY4)~Mld{6gohf{ z+)1Y}A0I=;s0ozJucdqj$WRmbuI?>T>0_xUB(=a2utCFaBItZEii-UFlm`0K4j%bY z7Z7~P^4Yc{0!5?n?yIqhB*$t}!9R%k3CboI<^jF5+C$lLD?HIy&dXfe3&0yckvdm*rS42;sZCbt2bKr!Zc{z*Ptt_QHBwfiaQ z1oMMs7r_Yj4Av_U3d>GZUrKIF;6@M6EF%c`IApca$kcuiR6E7=ZaZgo2N@^ zPqcp-LHpZ(hS0tT;7=5W(4HPan_k2imU*qtTtj=xUi}~Xb%x?)}elIZ32}7jVtIlvYVLlz0_t!Ch_=1?fMQRVs;X@MU zVERpArZ>GysLQ^1?)7ZBE5xIyk;;kd!W&!j(XSvxI9x&MRio95#Y&XXlTt}ZmK4ZOkyINAAIahR)k6)c!)Ix`36<7{wk-URf$KpsoI839oHm}; z7HiPj@gZ8_6zGKZUgtm@ZTM|CjD7i!dUX|%Nas>397(9$0J~B=8Ef%pV6BW`{U5fF z^IJ=2GV_p%3RmzdK%`Cxk@6$0F74UdlQ2`a@Nx80bOl3!gV+ULZ7==|G2M={D8QBw zVWNgcctTf`xy%9>tT)_$>W=}*lqx_L%r?Q(qv#fQP@<>ne0p=>A>t5oH7wWb$7t?? zI6Xx6Ug!yU8_pyq#A~@^u_0-R`sB4ekFjx#vHGKb@j3j4=C30(f1j7wF@M+gF@Jya z)BKGtlkixmn3PPubd2^9X}MScFr6Ri(|OkYk3bwvr~7j9x055CPQm2SOd|8PflFl0 zc}E}7Q>v4=79_4Y+Ji(|jq$LaAo0F;&LffH9w2e;1xWna1xVEXbv}s`xPf;0;)%vz zD4fQsFpYn|0F9RagvRL#+fG4v)iib$={{PKNNpgx4SLu#ixyRXVKjhyYI{X1ln^)Fa!p@rB88j^~DK+3x z_wut73H*~+0V&sn^%F%8Z89kNXFot2+qM~vsY&1=BH+VMH;aGD=>s^jFd+hrqXjr5 zv84zvr`j_&;0U>V!|H$bD=%5zZvoaC+Y(Z!i%YAs7F+7_5K<3%F=0W4zcj%=qRaz_%4fn{F#%Z6sbKO1ijw-2@{%Q(**^hY)waAGCnn5UYJTYr zLSHRfGR+@zJsqwF>)T#N(fX12LSCU~>I#S^{DF7xps;G2_Q2zGfc3Su-ZmHvSq@1M z!@c~04v2G_Mv>K7%VDC3n>^?DwYfkXbd+jWr9+=oTd9<}L1wd-m&{dS-Vl{VOZ+yn zuUMeT2-=pw7XorhaU)Kmm*{i%#Z}b3a0&RRI!iO_nQeKAMKR)tC(?a@QtYF19u(0` z*gTIW8i^Ty-UJglSShYojGIE0lCc&x3Znf=Hk^3i@A?(7^!;%rLtrlTrXnm<`?WVw zgnUi>3*1BZUmh1vP}( zESZuuk!4`|^-7_qJo6FJ0yu8dql}oAHa@%sLIO_V8Qq@m*Y4ry)DdP&x&~sEX%FvS zqOBedaBN=Y+`+&xH}ZhaV($zJ9lD|3E3-q=*!?9ruwu6$-9_>p!9rUrHGKzM%?<2PC67H+k}G*)havhd;RH)E)=5oxgsfd)ra5BhEF7!y z(O}`)N-z4&r)Ao#1f?)tz_pwq8a<0`MC&gi}r$PR(Y5|5@u2X|22&!tstbARC| zZsX6!VYeJGztimWOf}krpE}I%w9#P7>D`o@B_VYrxOw3)nVr10Xb0tEAPvLmnQ6l0 z!j}LluD$l+Iy$Pi8#e@A>ABjL9ibco%>8R`hHW%u6GI-WXlJOfkLz)*HhU4>~Yni$LjKWgM1^j-=j2^cV6#0UVdi4lSg2_d4#_%#vq$Nc-CkG$fSJLv3{JdZBY3E zV<36GA&;Dypf)!G7*Hx3+*{Dt<$N)w0w#pxBdofeeO}?6Z!v%1MN0MaVL0XwIyopU zBLW9NQluAcVD$z(M%xg$2MI9(RNzjj6bVHxn^b4RLSg=(Nlwd4STT3>^ zVV1SP-@w08j-kPIBc=+LpE9n0j(SX4I^kDil`BnFX!3P+2iJ>pRw)E+(>@hJZSTwtr<^3AG;7dafRP*n;R zVPgFKwIS=`a_a8rG43fI)UE&sknjsN*OiMz#ygEH>2X{@G+8waXQKlGsvYRy-XmGK zEV3Inx06MyqgOQ~t${xxHhqr*13eykDF)WAtV4bt)TV=?6Z^HR0EA4Ky)N{eT`#TY ziNWNhm3PKG{ivOiT0BFR5Mjl!&*AJe*y<>jU@yJC)?_?ott?ykfTBK;VufH{p%mkp zv903tcOzC%oXWOcX>9Txi18%b*_q6y?T3`&O^UU?+#iFN9oU2Q5SQWB1`wf+)n@zw zxFQksnRx9%x{OtdCCf;d@Z0RggB0I^E0hEZ(Q`|QbCPFJ^C>vbCs}tGW; z$X?@kDXJM9EuMsjE=QN*IsDE)4n>r5K|3MPN$BFpmMBlLtFCt7F-qX^bq_I|D2_MH z6%WB0bmXTR@dOs0&f*V_9XUBL9Cgt^sQN618uQXJ2;gMgYM=W^`b08cfEc09OCeH_ zqA(em)TcG?xWULdeL6+WPev+dvYKz9j85o`6Aylqhzk2y#)rrqZOZ#6Y?+z{}^V2C;pDpGNPe;@j9T;#-E_v04VUP%oXI_ zC~7wMOppa$rw!vkZc_78%j=VXUTOewjHI{FSqT4Bbf`+gm$a6AJ#8d%d;&M3Nkz{l z5^pk(n)E{x?qU-UvTJCQ7}T!CFIHMgDx^SMBzF>^#$FKAzp4q;7p~PruT~9__%lr( zm$W-*qU(8z50|y4FvrR*dSnOj+p&l@9YESMd6Oa!=qVIo&-gdWyTWT-_+3%ka@=y6 z;GuG)>>$(SBr9pfwkVfBc@}h~!iQ_s{J$g9H~(T(q@x1NyJtBE@4gz~#vY*UjcF{c zS9mVCDg&(e5ZiEr_AB^6gv2niGbS8quz~!6c;e9j?D>&%65g+ggcCxCr+JZddTgx< zv$eCiv205IfL8&XbSMfiC8nMhGJ4o}eb+jYj?8gHnQIB(TX7Bk{@s%8kdX9uUU7977u1 z$XU;==al{zhGwQXjv=INDGJew9`iD|kzbwrPil3SXhqL@5nG-Fj_+)`hfV|)R)QVpHgkpF#8F>z(mV$Oh6f5*;bQd)^^RCL zxYNvY>+hH*nHO%MtFP&5E8K3`+DZ3cPD4c+ze7bW?H7!DSoZTyv?|o1`iLL!U~sv&#=Rob6sDv19x&%6^Ed83#OSl11d@jedg0XgkBzKwNy z?ffi0F3QeO#Tm)?9V=NQ88?f*qxr}uWa|kz?I6A}B=a%n3dy)jG|0g|OALLG+H_G9 z482p-j$^h}G_;L&f?wLwzQwn(PBtFJpg1T-fy7SQ5>DFEx@`#o%xi&XD#uK%pWs<}bp#C{{yAQVBPZ;W z(>i#IlFbu5>u!x8L7?Fq%L!k}X@GRpX52Z!v*yMK5+L9#9@LN%&dF&2bW}2Kn&4S} zg=o+h7HY{dOvMl2p*oj?CEt&V>U8A3+?!P|)t0BrwccCtLT?uzv{b zo-G@_Bo{PU)(+YFmF%gAqjJf(Px5&aplq_WS+;t|dzNSM_Ay0kd^M1JFErcQJi)Ux zMKu3T@>QD|HI=Q6AUjnQ*JDsXZzLeipv1s|7&md)7;~q!4s%9@fGQccF+z^es~E}w z_`GI0rl_9nBdqHtcwXXdC7&-Q#s#7MQIa0`|*K4QkRFfxlJ=a(gfutLmiK6q)k0i zJYtZhAy={FCZ-OUo{MvnJrRG~${zQ2DEdMS( zq~61W9{zm3`mN7H7xIUHwi^%GAptc`&5uQDbF7*VKX5|4nxBZD#Hd9poZC(z!GekS zDEMG$#cLn%VhDV&h!$WGEx;mLfJGE}`K-UcfDdQRFqJi5WH1lz&ml&+ay%vXA(4zr zSwWuRYj@%dz--$C@3mA@vB`pSH3}inQoh3ShZsxAlO-;ErLDpKfBgfT7-Z-+!!r-R zTIwOZ>%t8Tw&g^7}C|5&Dwf zP&)CF!pZpae0NI-d!I$(FplWP4aM=PS`@1~2lrR)xnO)_Z*8YZK0f$4~7&e)F=@ z8R7BMdyoIlX;}@ApV52#ckf4JE=2#R-s7*|^#BWxpVfQ(D+e!mJUssB-s8Xe#4_No z^FOEe_%G)_^XKsR<9d&u7Qeci@HE>b1#E|O8WUAvd1T}j9a7p}v_(~lEnzRD zKsL5YY%}~3hy%4+dQskcd0r{478s+|DBh|?HXfANUSD+rgo0YVG);Qj(546g@`a^RFt-CE3!mGY}``2N-(l3P9SDzk83*(h@A-s0>zo{mS zSK@{6dLikvQ(?SPFND`O$@kg9c#XagUZ%D~e+lCie<8d&|9I@XFkZthgxBtVa~=!h zm31M!UUXdJ3E?FsJ9-*vZXrn|VdKYk1#z1S%RuIWObtY^#Rz9@=|yE7PrN`P1+zf5 zg6zydvLn?bPgg$t#w=9kpc@$~GBSu*ZZ|fO93|#_c@~wi=tfqGEX*Zj!T6Z+;q@y~ zY3Xy!zii!iJ1U3uIp#yRf7F4>j6TPlyY7?qs2ttrm~{*PJA-U&Uu1Uu{OFzB2Qalz_Pb`fQIo7U@tIL1=6dXkSHF`IAR!O}vOrmSlbRtY5;I=&i~FZW3&m(Fe^~R<3t5N5oaY^Zo zOLD&PkI}e{?v2YI2FKqKjfF3&BTd^#GJQN3{)bK>TYqj8Dvjmt;dc3l&VOL}iy ze!czqKol;zr1#( zx<$czns8(@Gd-1ZB~M14-s5kE{r*5BQjqW#s!*U2F}bKfBc4^3)01uZ8wq%`cHe=< zVUa-NunPqm=Uw&h2O4Q#^1n0C_y7WpK#anX6kF7;jB?&va6``f15tan9xuiVZ-B%j zoo4k;7#P~5eLNkTELpt=k4?H4E9^CT<+?hQ6>e51#4_75gpte}eKjT-uB6qUwpF(7 z!fxKU$B6grZk0VRT}*KZ^A?{ES&p{FI7h&{ZOu5P-{`A0$%r80Jr>=JXOoRWySnF0fZL4*waieVYrR~O-XStPtG8le<@EQ?qAn4A;vidM$kO#~S zo^}0si%#-Zs(EanF%7YZM$Z}xRrqQ+HnKVwPG%Epr)EA1W7MZn!~o%tcxr}h1apJW ze}!yp5Xh$>Qj9m@0(JE2vhGPcVcjEpmJZ;9Rhu_rp{mm{c?MYqO+XM2@gBFHk<)zm z@+==Lz@9NT7|$TmBIuoxDzp7QzsYz;M$F-~oVJU?4rUH?H(DMSoN+H!C!{l5Jv-;C zGeKq8PQ*qi5QJ|8BY1P4xj{Di5Pbn;H~29-LuOm_<`j29T+X`FvxYa8SsOBYYNY2?^65t*DL zHsCUGw9K%O6YCHL-6*G35gpNyOp zKc2)`Cs`4RoP{tLu?izi8prT(^$ywEgrKZ!-EOn)L`GeyYFjN?AwjRr$4HXZXJdXu z)0u5GB5g}-)?*Sq(xRE`V{A)h^)*5VbP$n{lRbEb$+}T>uYs6=(0+un%>Lx!jatq1 z#(MCEb@A5OMVlG^2V?fgY1{D4F!QwXd6w(_wgXcck2niawYF0To}KWl(IpkKQ&JCp z(^Rq(VF{Jf_C!P!Gp^cJS`l_$io}9tlGUpg)><1GXQOOAm|eJoGXY?B6JvBznm~%R z3q*9uo;7^B91MAz*|yE#Gb6F@0wH+$7N00~TDIvuEwVkjogv?=YmD z%R?8xUTL!)K{H4)<^j1#$IM%0<1XtS#3e7|aY14U*Zy5>4@L4J#h#@%Qx)54^|LOC zAvQg09g%s0lmt3T%6CF_*1`$R_K|;mmtC~f&UPaWi&FzRgN-CXBi4aSh| z&O|4y!cOL1$4=11RMUXmCY}&s=X2nNKHveH^;1mX3OU=kL@mUyg{2S#taV&)IrRcn zb`BxnE#dh)sTS5-x3i+9*@ZYDJ1J+oADzfafM5OKV=Ao|=0s-OWoW6BHIdBonZf)KVaAO#$ATja=TBe=tv57~ zu!9inH6RH3vdy}Y6?(Ist8LJa?821}hElF42Vf)l3c_u$Zmg>@(IhVe2$mBFTk*Cy zuoZu91#448Bxps11YtpZn>Q8MLGMadVjfq(%3>6fw&SF>Y$NeTSQ$-UrV*E?lLXI8 zoIk2+{VX|@9T3E}l zO5$_@e6%qHBmihnLYJJjQBJ7V7h+;4p~Yn$XRpoB;epFuyOF7|O&cRDB@zTe6 ziT9O=`CLV|LzvBWNP?ITE}Vx*7TDBM5(99HHKuj4rUY`W03+KCa=4KK5?s5{Tg;|f zwAosOX=x%CU|Dw2N*ntOV!s;85In;)^lM0HN;?A})^66!%_R=TxZ(0t==hQ;-z}## z@Z-%bX*(0P01K$n0a`Ag24@&oTex@?gNS8Z{rWS6Yvs#y)^iPa^L`JleA$qo6@G^|?365xuXmlK$%C754`(M~7ZVa8cMSV>xp+Bu#nfsfIVaM(*m05^OngXPF>_I} zHg%nf+-vMOz`G@w>Qae)n(bVPJZP>hyGdL2BmhnV%;Blf@=U3bRmX6{;2KemfztW)-^S9~9W;->nbir~)oQJ0wl!E8VJ5-%CE0kv zE3}sI#D^Y=7gLprPzex}eFMAou1XL>9xdJjJTic*XustvwU@;77_SALUuJI*&C#+{S zJzM}^0p|pt(t-}f=2IBN+U{9;0|8c@wb{v>kn`vXhbfvhh3(fET(`e!@aDrL-_)gGExuP(IhoQ^#t|mGO8PY~NW5_22ZFr7%p* ze*jqu!!D4euxC)uQ{LwQrS~cC8njaLQ_S_qP(Ypn{oWg$so+2_e?AYNg)3TvzAyQaj3HnSZ_+O4m((AbTNGLcjCV3Z72`4`m;O2W{ zl6peHp9c1sQ1AnyHYc&Cs7(Qs-lAqltM3!FO!PWm)W&@9|B0wQ`2P2aTJKDmf4mo! zX(0Z*%=wuzpWtntdZs}Z9(!B=5CYN=5^eJPePhCxeXIO_^5{(_mqKw^}d{@;QBaTtCL zzvA#yd%_oQ*qlr6$Yf`b!Gw1&-ThBI;A6I(z^gX!OnIp}Gk+pJdH7`ElS+T>VDdx$ z{OJH>0PZ&t?93QkQpjT->8pd+9xTssV}8 zwR3wvWcUL~*{O6^k{&uMN$+u1l1^tOsdQE{{X%CY8IiLRJVA)W>OPXP3kLK&D>;it zH!ftCI5%jr{?nxFRRpwmQucJ5l>o8OS;@MDD7*9yZpbc8|Gu-5sLZ?!HGewRyo?L1 zd0+MKX^4gbquz$di&koWI<0jN;V~EbeKdN_YrT^U5obeq&3pS@7^2%}mY*5sy1e{M zs@sZyZeqC^udz#fo}Nc8?~HdJ4J7v}?e9LyNef(S^`hU?>HMzzOze}F;eq^(YVxb_ zQCRZJ>g1We!~K+?Z*0?(`qKyD#j+2i{GjXHv{Mm;TwRi4c`ECP51_&tHU<{?V}qG+KVebl|)<9fAKk?H=Pj; zlKKkGO8J>A!NX5(j`*l+M-u*Xcu!^4}(JfQ2dvpW>0XWB$O1OsAn72`%byIaBEk;s$O z^(0dCw9mwkO6e-I+hP3LF*fiN9>GB(?P2ZDv1ADULCpe>ql_MM`3=e>KbJ-n8|;~% z+l~A6X`#Pwq}}uyO3TicqVh?cM$@qUp~IAuJPcJ%<1wlH%SF!2WAuKPA>0J>!N$^H zj1LyYgC1wp+8Jncl-B8ry#Wt!apvIBxUwUy7&v;l{mI{StCV4S;O`e1@GP|j-icUI z??(aFT+;rB#3gC}RB@T*FDJ_BAAc)WexAQPr23JycN$RAO;iE7P|avgYp>;PVWP@v zTTv2Oe*47ny}yQW?8GZ_df<2(1v-x3iA%!K`29HM2`qFoS{*T?f9#IJapvE8;TX;( z{a?9|)uaRa@bW}FYt4U#wBScN?WL#VT|bvjlVYcuE8P|-Y}vsKxGH#|Ed7`(-o*oH zQduh+Sn#e{{N&jZ>ZP(yTusCuPf5eyN?m`E!NA|Y9ezKq!dfRo8Sud0-FA9n^9Tg{ zxKjRw*UsQX$?1^sEJ>XoYg6xyx2X>$+SKWmz<|j6QYCdT7CLoCEaFZqIUV7!PjT3d zO?_JD1kc;o(0Q$7L{TduSCVmq4G#e${={acqeC0E`PNQq+m5FyMvAsLg=|KQfF5pA zCne&z0FQs6%K`I7E6&4Ah>+vS4Dqarag!Ct78}sE1{hdaJ05mRM39+K(0JQc&$^ol ztZ^%zwer3%a zfPzk!q(AW!Aq*H~5Mg(vr?WG}fiPV+a1KQ10s^CGwq~Yhu;ZKs;rY6*H(ismKo?F99)EQru`+4*zE zv6)fNHo8mX1kzP{L@Fs@ZEePLXi^g%C#%iAD?MHaCi))0orTkii;QUTgk(ZKjhmXP zA)vq_kqanfc{gs7#Z=;I6dn}R#gs(U+HTz1w87{n6f8ng6LH3ayA+*vTxLZCmPg2~ z8sdjdb;dg2kStKMfCqO$#yG!lHJZehpP3RRp9*zsss;in94}}^8*Wm=Ov`~zUP&E@ zh|NMJn>fcHxTHXk^aGqxVU~>}8RlK^WFx|+LN%KRE68svO(Od4#%+e+SaLcEvcO8i zlagFTIZ~Jp(xy~)hO>yvJ+5LsYiqL(T*rm!L=jGmf?Sh+K@kq%E{Bti3k#^`xefF@XNYQn6~vqL3>|k9 zUgLyL;3^r94W37~Kq^Pqw$UIwIb9bLSQQfY^9d)M#&M0y;Q}A4Pc}>o+1~T1CX`0Q zoB$!H6qj~gMF_W4GQsCjEl`4xL;pr&Mo89$g5V;Z>@e>TO*Y{K5hpD~KazA^Ibdxd z)4rCzZ&7^;T(L$V}Lvj-PcoKH% zYVGDdYn!UmPKNY-FIY5+3s?s0CU)V`V=nuNB=Wo$jy5q~4P+|~kId@Q-$LkRaY-9R zsT{D~{A8Oefd!&3a1EfZ5pOoc5$qvd`S$}QC=KL|w3r2OI}Y{{45H`Qp#!4lA?jJz zR4u2q=w@Ia(902WhyI6XDIo5kG=+3QbkmvBv>}Q&gdNm@1Q7i>=CPbPQ~^C&Ig-<< zbBFjE#U403;3EKlJ>aEa53Clc2JaSP4={~l53q^_chLJJE)xZBaFq@X5ts_r5Ld&T zA$*`&B$d#t0Nq+RYv?Kinj(4%)^Mgqc*Ff7E}MXGh;WC@X?ADu)zFAgeP7d<`=Q*g*ryLZ^`AfSp2eVD6w%qMI%_;A@yUgcDSXGz;Ci zW?>oUnl(E8hZPG7)l4D)5Tsb6LW&jpLyAQ!7K{W}tgMh?VY&K2#lpG;Tr-4XjgBZ* z;twen6pAYr7BEsQ=%i3A%MU4*?$&X28W&zQcY<>X znnl_S&EjiJN_dTdZY>|qyF?K!_=E+C>oNM0MhpwBF{4Q}1X>ZoxpybjH<_<7@b1Xb z27WnE3DG=Ews2X7aji`e3k#->yW8Lse7m==6Fnky3!GAgwnBSoMZr48DNlxju<~k7 zMHJzL5>y6rO+M79kPn3wZ24upZ4|`kD_C6;iYmxSoM)tD?P2K)3F?9*egPmh_7C%UpEh9ZU{h9WlI zVlO{zbb9Ov?d9VQXn1*ddY(gls@b8=Zgr^BG)0|_lko>T70=au{ACpS`#Crv?~fDl zJ1x`9bB6ykhZkH;$K98sW;ROaHqg~msng6khC{eom_=6s`Z_sHHqXIdR>?7R2l|^w zlp-*JS8;B1cqZiGq5jQwv#p(4c+EKtc+bk5M)S>^eFk$*{b%^YD_^1Ts5xij*QlsR zMKx966)ne(q3{SQPe=FIg^E)s{0^1hM)%l^inAy@_iv41ywDg_(dQUc(dQUc(I*`j z9HZZb#-NHm$DoQn$DoQnd3C`tVxq^uEMkhqd{D(_`cz|rL%gNpE#Y~`Y)4w}3Jbx> zaBB(8g&-ht;+&Vug}JgFF*Ytrx)d#fq%FMDLXy~5yh`yrnvO74orqR-B5sA4l^qXl zJB^U3;Wvz-m^S{uH&#*={IQLRiEN*Q@Drv}YBDw}&=Qc5a%&7Ef=9veqc)N$m_$_+PYmUW38pt_0_J48rHsDcR z*SYWv5+EDlk!w;zP3#eo6L4^%Nt{%Uop=VLdSq*i972NY5RZ`|xB(=CNlaZVIk9^) zSLO@tZTqE9)B7l`+d7Tg(%z&uxlLS2oCD%VAb}*n0yO+uFrbkH7$L#%z3e@=YgQ2XYnJ|-7=cp{E<@*93^`@D<*` z`kILWZ~>qZ1g_|?5&=e|8xVMaqZyQub2Q~eZqYva!}!gySM7lI(T@P_hG@Tp`~hf& z{=wfaQ9sAXHwyv)7|oyofQQ*y0c{9~N9)C5P6NUK^sj<+_1<0+46dl=*$V{BD8l*G z`_wFOMH`(1g*$j}69j^>9(11L&5f801_W|(x~f?Qj&GQp#ne7W4pExuhqSS4ol56q zi8PvHuRhr8yhyD(cSFnh)Hbm_h<%$or#cTodM(gm0ZOiWzRk`)vPcd zYjAS5MRx(eGr(4_n!#0V&LL3~%m}8s^Be#>6KwTQ0xt(~1EeNX*0Y0i8+`3@wt>aj zAXeSb3ugAp#PsxH3Oi{tI>Dq{EX?Xg{7h&YnK|I>^Bg2IcW~B1L_5JZm}v#$MF7@z z@(d9*Ij_qwXvx5~QwOti!Og%V&#_RH+_c_Junl;+X_vrFt8hG@-0bWHbUI~bdA5UD zC+B=Ocr6wav6_3U8_CTP=S5Fc^hL7+ZuWz5aB~=(KLB7*yyRv#WsEO0rXp%^TLNw_ zP67&ckejx<#b$c;8L&Dm96wBM_V*e>rhG-Rpd8N0FOn&~`T({KH<6js&VG-8r&-y~ z7=9d0W=??dTtmEMrrkL#!@#^Q7Eyy)lqFhsX%cqnc9R(>iYCu+25ogbw{W{y>PSBr z$IsWcQw@Yz~+!>;Q`tpHLxnU9%%thx;eJ%(1B~+l}WTRWOM)BP)teTF&SoL2!jhn z0U>d?)!V5d_!@!z!}K~FMki(`J&Ff5MPRSx%r2sVQ2<}P17SxmxRfoy7e&9Ak6>~i zdL)92M5p~d zs0=W9fMXHg-;DVSCL0A-(fy*CB11D|azE8WCgG6{ErCmzG^$GJ`|E%u-2u4VPuM|Q zG*#fT5w_oB+Wz_U0tu6+Q|x~?bWyDAf0JqdkC^t~fL&~tvj2xLo(F99f17Fl;bAdE z;odNEh6BJn>29oovzpV7K^5hUf`Wf`=nmizp=(nJa+OO_In?VPUQzF~e#L;rS_~R4nd~k$+rN z=q1)B@_K;sQZc{67rh^ev%0{ zug(o!^o9I+p?$tkMZV{t4_SO+?Cj4jVgtrKUWX~-q|QaKahcw{IOCFx3o$Ofo0nW% zXmNSPB{d!)Q9zUvWkx|kZV(W~Q?~i@X%{tY`yC{I)Ca$lK81{aeAEzHCTH}kch}QT* z?4o|Prl<%Xh#~Qb#bj%J#Pv=Wq6_Whi>`2<#c^#`Y+daWP8lPsK=z8nIWPPKVC+fdk*N(KwdCv9Dg{hun`cKwh%hwN^ zDWXSry|sU`*64u?#O;x=v!Ax!*`_tlgS}*r$6fF2p9;83lE@QC4_$BVl+2J;-}TPU zsh(c#U+uD80#@{wF;U*SHz4LKj|K3Lv{Ax<@Nff-ukQ_&t{cpDMf zFbe?39Y~Fwx{PfvIKG~*x0!jM8lTDWQ;{BK0vw;o@l(;WGE^fIBn9MqGE8bNtkM8y zn+$8acJevb045vel^cAwsIh_Xqq)og^qolWFi7yN$v};~Pirhg-lfJ!QA^$j#ygP( zIS?<7JUPs*=Mr883_W+q5~KBnH%Ind!wEYZQ6X8B#_e)tW=~7uF~h)o~K`>_<&TE%Ha^MTX0$!+eZarencCrA$EhU z*1HvkC7;hV#(0&vo1}53{#5dY+anDIER*s!!jMS?wFky4H@bG@>HTK@7TO^*t6$}A zkY+Q-L!G=BZHBLuv`rZOC1P1{1c)NJ;8>jJ^nL_B@JBQ0j|eb&Y+{eo=fy}fFg2Ub zNX-^cFSX&^tyRA0YRJ>inps<@TV~2xm9c?^owP7_8T>ZB5YO0@5x`6p$rLcLP~7Tg zF;~IuT>30>%alU#2y+u@1&{OTu!Kis5eAQyFSr`>^y6m27TPD+IIfa4FtW>FxbeB@ zAu~@?vwGbD#e+L8S^YSYGz3K@bmD>lB*UgKpNlXCdYHak*t0~aRX*ox%A-M(G);*S zhmxX!1y~m)PFOaGQ?fJR5?0Ls2$M9$sD2o!8FMtcc+opDGgFSRZQw4So?hY86rNW3 zv};=)4HQ^Ja;7ARV@b@w!yZ$TFjbJG6kMi?t_ zH=7(W)Hjfcc%Ha?%BAJe+JH$($tXG;Utx?7CR&t8mEAGp{32Q$0}Zq#WHi*P?_>f7 z0RRU>_<@{CT#$s}<_H#xC{l*~24WKuFtW-3-+-*7U|MCFOV6WOF%vP40LOz2?ZMk# zafxmvab;%AApZdx7y~Ob9UN6?yWYs$3-VE^80`dPkNgWaW1UEi12Mk=<%HZzxJPtv zU|F&+%`!4Z4#r{7$S|r0gN7!Qkuf9tT$_<$kgwFD)5Ij|1{y)urA&+(090Zi+|-0* zTuS_jlD8QgBlF?_V1RZ}1>mh&sX+{ml?=}SZ-%*{J62i|bCakVCT_w#2mT82UMs5W{yW^%rxg*n{02Gp2CE613BH5JzT*C&#Xh?o#K-Mt7l41QNGAtl# z%wZ*XMTRB8rLr%$Id+nZKFY{QUl~%qrf=X5-oE$b}OQOk9K&BEz)@09D z$Crw^_&nK`kEv7)yU^8>JpbmmifZvhP@d>*e!+{!e6{My-cr141yA+@4|W7xkDkRN zJ?jCVudW*D*Q=a9sq-;D`_{H?Dk*h1wQU6|ny=L8E{yKVH@{O< zi@%Wq`L#m)@$VMxw34Eb`Fy{Vn39vE~UV6)@WtZfp? zo;Xk9)h0P>>a`QWfta&}S5L~--IGwe*?HPCtW|DeT5>ts;=|h-WVATgMNjxj-)U(J zAvA7?HW#*_rnKieMuGU?GV%`$`)wI^;*blGqiu+wSPX`YfxaUH)qEQ;ilouXDBLm% zHDcf&BTgQyIYur07`4g`%xo@1J2Bd387&SD5VChA4jZ#6+G>m)LqR-o0TTja-y>sB z9Cu+0nnzk?+!$?GMyvVOU?>S%E<7Yd@ybxtuurAbuc_Le^aIr@*DyCa9qoo%&&!Z; za3oQ+Fa*&{M+17Ylrl$u8K2rvkBW1zV*P|ddjqe#$lVT+6+D5HR;G2*?M(QhLJyGJ zf$?}ZKkzADF{dYrWdf$nTIDh(Vla6C>_UtRUq!+3k%=9Y;bBmIaEt`30~r^F#}4B| zlTo2{qz6MQPa2R|Mq^YMP*6CoC&!5+ix2Ag)ML>qmoRICJ;kV2VO02fC2?e8WMz05 z)at ze~_5`5lR-TkI@%$7B+j-%;YcgkofLPC4xeZevju65~%JZ8OZPp=~2R18`$BArW$+U zklhn3JLPGj8!%--`_J*jCnm;YxB*PjLOPiqPd|q*#(#wF#r~TkKM!#*Q8R7{H7cs(tP-%rcpn`v3BPs`$4X?c4)EpP9n<*gwtZ(3U3n$z;O zCoON`w7i{4%Ue%c-p*UR0hNKxKVjruw)vO*W9C>n1?u7CDm-Mv*QN5@4Yg`>{CM(q z9uM8}Se|Gk?}t>gDqezDGw<7-q~8%a?qmR^*8Tv_Dgu;mQqI-?mlk2`);3ze`8$x)=NT^d!jZ*ozG@2aiQhS;a6dk*t6w0l=R2OJrS-xFUT}s-5JD zDeOyfXex`S#%cz0f3BrM2ok4arL=E^jl}4%FN8rgBi8t0E5>D}3g)t8f=njvM&e7fEr{#%hJTS+DWe2V!+9ft}NpkE{kgdT+PL}CG5po?cfOGiUDEQ z2$ymg0LPbmF(A`9m;=IsfB?Z%6xM%55?Fo4Dsa-gu&)!yfWk7Mz<;rj*<7vmjWbIA z!%v*Oaf44kM%lNPw9K7+Xsv&+(#mN6Sx#ZJ|NNQsX#e>;%F+JkOmaG=PMMrL?bciJ zT(?cnPd?^3USk_xTkQ9F+{;&2ResC;(z@r?u3uTTZjBos?w3nG|Lo@%u-3dua)5?3XLanQ7|d!-#p{b@NlZZANqqLuOB}JM~%C$6jhXmzFxGn zZff1Lxpj;3@a`wP3aVgX-J%(I57bP&AZm6bm-{zSfO7NwkKK+kYbZzl@zRj)3vKtg z_V^lGZYvG#EA{BU#=W=5TL6lRe4g#4g*$L*a;ftO&f(HDv?z66!%MC4o@xgg_&nWc zFa@sxTv&Jm4JMU3&-*;Xh!RVkC;gk(O7$c4S*2x#TL9H!yts0 zrJ^!B3CSyCo-fM7JA!uDQZUxrOr|{rcxA9u}Jw)PTP61)OlQy z>IW(0q(@6bdks?9FY7r4d`e}biB?1?Nek>Ac-TMQi`Le6iO%*E%}@%hi%ACml27U(4ds3Tc*fM zG)ygdhM*zni37sBZ$N1V-UsiqWQX^b8w2X*fM)nSov32Z5uscMB}6cAL`rVFtW<=` z`SAgv3_0`zEh#dT+f2O7fiJQ(QP*9nu;Alco}NeP8PDEQ1qPq<2u>nB)HjSPya%XWKp^WQj^Qb6m^Jwnq^Js1s=h6Jp=F$AD&7n}pX<`5MpX;N(=iSjyMfdn?Y~jyGoUHB&jyqs&82Q4yx17z(`jVxl}6Sl>FqF98%WB-_BSWFJ-ctwUNMbUEG1UO!Dhq&nv5H6VPjTM9skU??T z6rrGSf?PIuoCy|DX2X~#17nh42^kbm&oEAOJQ1EA+|8y03oQ2f#|XlQ$sl6{na85y z($GZ22w>3-4j~IefMc1)v@!@CXb~wtV-`<9WC8AqC_qTUU~jAt%q546Nzxj^Y{ev; zCv(9g#9_?hv4{{Rh8!}K8O0K2Ba|V3^C?6~!(ec%rZAr@N)VLZ6lNy~B9q17F>bEM zW(o_)A!DbsrZ5|^6S;eUBAjc9aI83-K?Wu2N^c6Y6Lo>d60kVmnkr*6g)_;Z1Z(L` zVOD}QaQ84JSZuL3R#P~e3^L3c#S~^G%&VJU1O_3Bo3Mm1B4qF3(M@3%g2UQPIam%k zd71U2u;PJ$(7*ZH-khm9&*tVV%FDq@M-EmxaVnyu7{q*JHbD|JCaz8YH4}hm+;d~yrz6@0qRlVCFN_~s7E!|zjyDbI z|2_Hm;2tt%9*AJ6LfQk$dk9)uS zgO{o*|K{ZxFE_uQH)+S4$;U%C-rW*eUGdhHzrOnJz{@XgPd-jwZ%jURI49-g-E!+R z)UTI+$;au=o9(b(`I*msJ_{?Bwmob1{cHZs(|?Ig@2HvO!vC+KkW$qzYq2v9b(R|M zVqL6%#>f7Lb7<*P?4jjd2w&1k^+?JC)G#B9=lCOVs3v6|q{82P!L zy9F1!(fYL6I*b$BT_r8Y?2U)nI3|tXM`M(B6Y5U1-G;U&?QO5I?Xa{3PkSz!9lOz3 zLt~VGGZ+OI*V*`*GzNEZp1o+Sqw!^X<8&+sZ-V95YO%b06Kua$uiB55^Vb?w`>`@F zZveO%{v86ZF^l~*w`!k`f2Exm>+!wjRZYRVp&%*%Wf7_dRjaDkf~v*#Emjj$1mwXk zG>h%$$4=K9A6J#(_7nV9&1tX(aQ%YoAYR&6gSk@kH5Q87lGPRZNh<;7sxQ8c7d~JT zO~L;sIj_D7;FUOb;M+Hfv3ei6%HIc-IQF6K3Lv2h4=`|u`hc-8jy8CC)QxYOf;e>+ z{|E3N697LW!D>JLBKJo9AQyl5kFqo_{DuUvi5|&u-Q)0o??NrJYTS+&6fD%D1WJ1j z7ek#96zy@vxUxG5uhzu*&Z$17|l2+mLWjvI)SQ>(Ph@K%2cqUNl*+U+9 z57wVqmgTgs5bNH!b=~D@3-Nn0R9;2z(KFIgSi$Z^EJ90DK0+wGAvdl&cx$Qi92S_t zil$hBeOljnd#Mv|g~uZS7Wu)-6W5UtP;y+i@cJY^FYu5jUYsl|p^#Gbjat417C&{u zssWU-z8eo4*e}?GAdXWA95e)hTS}c!O!Z)eT6TsMP-&>@iqCl!0X;@S)+F^+4B@>A zR0Ii92uFQN5m*~l3>9LX{OCgb_AH-`@Q6VgaO~ALP;>ntR;nqf7mfweS zp@f1`KI4I^6c+FR0*@MSdjb}4^Frr2JnsQfti$h}L_vA~B9o+G%Zuz+P%jQwO4h30pZ5JruLJoe0?L%oSA_0xa z0Ulf62?Z&0#C&#v7oR#KxZ`StJR}0)!;sPy=P<%*!GX`54CIEB0sSi+;Auvw5&#xp z1qY>tdvFpkn9Vj^G%>~v6i@*I0=F@60Rfk8ojrJJ6xRTLc|;Ikn7U6u@DkRu6bepS z76Gs9O<@sE*et>zECOm;+@wjs6R{K~;cBKP0TqC6+9YtkV_s&*Bp`cEZxRmLO~O#N zO~QO)A+1U9+RoJQHQ2_>W1gl@Y{7|yCqcz6_>5VWJfZW9a*7&Zac$Fd2xc7J9^Z8KhNBlJ zZwv%&ly6s^wplKnjKTIBV%6rLeR1C$pM=UK zTf7>MSnQ((T8siqiTUO)R!|=mN>`1!1?q3u`F;R-@EDj75fH9*<_|~teSia zUiFT@(+lx;#P8+xt5siYK92@NRa5Z)$pU}A9|!fT zu@(3k#&eEty+5|bt)Go;@ao57n}Skm1o^D01rq93wK`Cqi`u8M0dree0}w?fs~b)W<$~ICkl6ADgz()cvUKS-q_(_)wpMRsilLmC zew7I<8XB$)J$FvyrXA-oHouLvrIb@+qgz<7i96k39(Z{&E+cO>{2T5?USedlXd(BK z2k~@zy&3&)8=)``is=h@Ki$ z-dD(r_LUE2Z=!w65sQ>9Z*1vax#R@p;})>IM>%J9EXqd;t30%!fxRR_KP@^49T5)T zoJILCd%^)+HoCI8Z4BsYg|dshLFrzlvAn_3y-H-+HC7wQ0uosvY+ou^ARC-qdYFzKe ztUnurOU0~LallPZdnBnGw~Amz@tID0BW|!%pL*J#jkRZM+MkVKbF4Y-=R);E|3T9p zgsCWV+SA4x)7}V3DB7Eu_Q+B>%}*-*oAdq!*Hxu|m8-_}Z_NASF>bCkGS!=%_d{8p z_bS4%l%HnaACDc$*1SI+!^|_n^%5w5_&;Rcld5grACGMas(G(MCsF*(%=>s=>Kwdr zgIya=pFJ7w-XKU%ANTS$2XFK3reEjX#@x0|YnvyxIdRK@+k7|gSALts4VP`3x0b86 zd1;%6wmIkc4COkry6}Oq#w>kXo*0R$!S-&;0kehSe0k0AyF6=5z6{*0(Ki!Tqi<%c zM&Af1xIi3FS=j_^V_DL2rIs7zHG9^|KA=V}|MHTNxAH9fMRMZG7O)ju=Vc4Z+Dct{ zjSD$e?#dQ)idfX;HT28{U7khHHa}={fi~|4Q7gw6cY3D3Gdkvit7 zqhoqBqhnn`*9=~5E^LA@Z8#>9&o-uwv{t&dg_v2v^mu%UNL%?2k+$+2Jd61f$8@n; z+BDeCCZ?4ekdCvAX(Qd0uCt2io44Fq%X|OQ%zKfhj=HzU{QYra{`=Z_H-391KeT%7 zl;aw5X#UpfHLU?pjZ^*H3RL{x>uso;S{Ay5A71$%?8I-c%3TXjrTG1ozNu<*?@?sF zo2sTyIfm3&evhSJulnLIcy_4jcUY<7Nmi=(Dl1idLn>9|7D?eiR`_P+z#SUuRiIj` zln&g-(t&u_jT1@pOI=Kw*C1cMF8T5bHw?NOAqo5f$K4(0Ou;IsvsbMZFh z*&jnysrISbf|7v~rJn1&)Hekj?ck+S4~li{K>4Qj9QldrZ{p-9nND{go#vUo>HO@O zv|#g$-@@-e&&Z@dg9g``Q+s+#H_v_u4}(FX6Aya-r08`pgOy<3bZ(ZE7d!b%-_SI4 z``O1f&zQr?T+_4#s|JqyzzP}-OhKbFyaZOTCWnp=-bx-%f|VKfd3H!2IKDWYXCq)F z|8`wRnk|ovk>l^cSP(MwqWKr#omp;cVa}UH-xo&qkjB|ryg_OvTm>gHKJ(b-{6ZUp;G~l3!MS-b z!_o&%Ks)$62R>%pY6A)$Bx5M>@V#jNAVLcY9kb_c;iH`-09e5Zz7Bzrd=C_i$%FE3 z%jYVb;L3o)2`_;Wgdpg3FDV`eBb+z8BVfaX z2%asA9CERbbq^qd%*?PUE0CV2uqhjmq?57HZOVn%!Axxm688TZHst~`_zAEn7h;{1 zqur(q{b$(}gO|8Xp<5z%W3wrnkjamKQ5LO6_2Oo)XM?B^r=FM<}-|eA>6=lS&0k@O+k@1t6v$Oaa zk1Di;h$0?LBusi9*kcGQe2`&CL<;dBf!$h@nFk*-k0Gfb z763>B(EvW4eBt*Gald??HStpd+kT9ge8Q$g-haT9$e;Kr;hyj*0d*T;??g?Bxf4Al z=1=I9@YnsSi1k+FS4Hm>G0`98mqnxesL21&h6>l~Z{{G=@O;3^X$W^C&MgabmK99& zlv^@mqGw!S=7dkU(%BO|-*Get-Bk*ka<}Jio}ld4)rM==Wjkfm_D;kM*CP zNUHzTOXz@6RAo*y>`AHBEU*yr>gq&tD;&ShkhpOPX5rJ zNP*h&(2t6K$n$km{dLdg`Rf)H_)+<(yzVh~dEKJ9<#k^xF0XsGBywBguNeJO5b9r1 z5X$e_S6=t=KuE{?Da%}Y${Jhl421RtJbGE<-pK*a!SYa1QJH6Zpl}B+a2Dg=ky2=ajGL^lv1J3hhp5bzo`jz55c>(7|{MItBEYuMQ z9WyAEhjx^CI!LJ;Y@j$#UchtAUkCyu)sB-S#U{>c<)LnpVgnC(0jZ`ki&VffRPH<; zkh(@Q1I_`EDkuxJ1VWt#sj|?)GEWOh1w1=QsvzL$EGq;7lG=llic||m6$l+vq&fp? zRDsZ8`>3v#J5L6rwh>0v4^lws(LiXgLCPQ6SLQiNQhv%0WeozJz5YVV2c$HdRHTl| zsP-vRd&_yc<+ebm)jq1ha%VUoRfjODK9F*kh4g@>s^wQ;OUmz%0s*2qw;%(peU#d1&;E{MSybyp`&G%0R5pI0drK{9M#-1PiMIr zRhe^-pOPXhI4ZvqAR8!Mm4_PRqbm1Yg`%J?keXR80xS-MI?5~o214Bd1&cDJtKu@x z-hhHdnezxvDpDPSKoKAslqmuFLkH}m8it~vE;TA5up|&_DYGH)U_im5+#{nZDf1jF zSFk8^YB;G#waBOhfoOn9Ljn3j&Gu0ZLQznc8WnZr9c@}YU*yf=yz-Aeul!k@R~4hr ztBNentEHpQtEE|-SHaQeRWOV5YSrlTYE>5JRrToesyd7F>gCbr)yr9#R}uVziod@v zM|B1KeE$!MFu?Peic`y-eSuJ{ta0Cc0nh2O#`9Cl+FAmhD`kznQ*iQ*fag4p%2Bw$ zUygE7n3rNYw&T_ba(CnquJ{j%AQ#~f{;w<)^Cxgvt~kU=a)={xSiukaNthhEO0YOV zev&*QRCpNjFjyQIn-G_hMe(m>v6C!LkbfnMsLg>D4_tuJ<;_~X!vyF|h|&^izxw$j#Zt zJo3n(C9QGHR?xyJQ$aC8A~$Cp3&35gmAZnQ{zTJdV*kmXOEl(amF)LP3<2q8K5No3V~CD`fFyhLGva zV|GHw+D%ijO7m}0S4yp^Aa*nsoc#C&Rt{ECatrP#w-5V%&DvQ%Uwr%bSU)TI_@~_~ds#E9;4?qF zpLMj7j~^)<{vm5?ow_ahF6(P0A2;GV#t>ojX@8*PAd#ifwZMU-i zR`T(+Pw)R7*4+B|&X0dx>To3;U${^EUDoF6{$GFkm#oi~e0;3(pXykX>+OH}&cm$J zm3(~WA1^${+FcKQ?z=NszbpCp`JDc8*6eZ?FZdPfcqJeI(f>Qx%GzGV?|x+p>w6_1 z&-`+wG02-{*euYpnhCi?)CJ4C{X-A2+w|{{?G)E&i$RDb@i?KK}E_ z|I^LdU~l{X;yCMrB_CJ*?oORG!FK<5-$~X9OFmwIvhq8u9roA1_?J%B4@*A2_Ak+8 zy{I7;{PdlVvW{5t@w%V({g}1I&OiA4Z?V2u^6}ieD?i4XVrPH--D9jXmVEq?jobf) zwZ}fWc-=|XA4@*|(Q_X^xA#k**fq7Op>W49{;)0i`0hx!rE}AJ=U#4G+gr0})8*vj z|5J76y1)Ns-;}@oVe?<fyONJz-<12Y%irmm z`#*|ycwhPHuFoVN|LWbHAG!72|M_tF^nxF0-~8yK$;bb?;7hyTZP&~1dv(RNAI+Bv5i}Yi?yZ~9lP;urB`cu!EpfJ z)>ddu&pEpA?b|`E>1oGFe0#N8YkJBN(Koi2*765=7xfq01NB;y&oQjO(7vQWf3AI5 zSl@^jUg=M_mpbqb`;hgg+5>KU#V%yMtbK_WU$F;S_q8tz;_E^zX5u%wY*~S43(_u# zRZ?k%$U~1zr!%wsm;W{0foHB-<%@WAvs&T63v8Zp9mxxX_F%-wT8^GK7Z^ z0nZ+uIZRHlo?2Fj_4N+nryLty^6-EHEyx5UyQCIRDX_{-Ca^|~<^kt9wQxPV+}Rdz z4sjLL*$Dy7DAFolz-yls(E+Wp%yksYKOBxB20XY3c<|~PQw&&P)f!)H-(6O?2bapR z2c`gzEKE6&T_p!Ry};@>Suo^qCIfTaTi5NK!< z#6CRPunFQY1hKu`iMQ1Q5b7}#1<^L8%z41?9Ac-f64Q6a1yLTt+vov^G6e`e>F^w} z1c61{Kp`HEK@ecb51q`#QxLQu6EdyvC*LhYwb(&q~+*R(p%B5Q8UJ(Q~ z)jo}vQd1D+A-w*5qpKSe!zKtm9$qCubM0M$!ggHpW6x4?S!ka^1R7d`z%vp& z46zB~J&f5zs;e@m%|oFdsQuh~ToYvqwFsf*=~oor8R8Vj!ZJMnQ{Ph!CgSP#@VHF`7@~>r+f2mM?Mv|Nb&MwBD@9(K1wC#fUT_^AgN=Bq zJrcJO6=SmzM^f8}cFRUQ)!s918v%xBBbM51#8d4{+&5t(DrgqA$8E%OuJ^`ZBg)z@ z#%%=h=dsv`qp58~hh-zm+WW?BBft=C#44MOpjW*K8-Y!-8(ll%HsWbl*BESsuYEXf zBdW({BaWrE5uKKe@U>&kB6A;)jQ~Tm5ii?pgs*)GV~4TYi0ay3|2OP_KvMs=*Z{0- zCKMxKgbE;Vj-i8T6C`Rd;)R4zK?Mm$e4s)DHRahU;(>%vfSp=VKvDoOwu!BJ#WK8@ zQRU=Suh^Ji_v~=~G@c3WTsd;Xhb#B3W~J&CtAHW^<*rq)hNn()(qo%@s@Fcl8*|SA z-76)4?FM$|Yq(u(F^GFy8PNSE+i% zCIY*EG(2O1Q&jFy?a_cgq7ziuR=olPHm9e0HT+$Ys~a1FRj;GMRk^V2g?myW_HJhSMJ}dg|RIU^>MLO?bFN3n&~Y04X;`= z{m^ZD{~7uB_oG(+eI2!`kVyakB>xWJXYDYZec>5IIzJIE6uacDWcIKhHr5_jU`8e;Gt^YWlkV_UX z2|1FHD>=MZ5^^T$@WO0AS^wwt2k(fd{h6d|mQ*B<*aUE^Fs)U@e}uv#}vOGjB(#&Sqc^c{_!t+`B0}mA)I& zld&1nQw~3c^b)gpVGq)?(s(63rty$opDDe5BfXd5Q+lnCo|(*>(nA`lq$fGOlAg-x zmGqF=lbn*CGQ~;K<6yB{&)Fl{KT>^RFI}!rxj=mJWS^}q@u_Sd`81m`)-c7#h(n3b zO!`H9Fy_495+7rbl;X4J{=9?Wvyy*`PsJw?U%wI`lYcG>AXE_!A-*>3*)f*@l=u*~ zDDfF90TiDZ!I4(S1c49Hw;$p& z7Yjz4FSVbT?bM7)lND?0gt5y`Sh`A(;Wd&g`-MRwhqAZ`Wu)x+y zmXC`GN_+eCosg9#`ZCWH70Kcw$EDBNU(jE z&B+Vfhs6$??duq`?PD}-iqAHAQ`$bR(kR=Dp)7uhdDkKw_vb_?c)kc zTH6<2FZlqQAPgxo0~PtHfX@)xh$Ry?!S6Bnc!fPo zunqWT9K$w>Zw4<|OyM=GQ1E$$idNXdSWe+J{LqEr3D2fnP+=SJ&4&_fL%!AQOEvM> zf`JAWRd^rzW^lo?j4MVgtFR4l!iNoPqj19K3|LsczI2H)Amx3K_Y@SRhU$LHkUtm9Q}unsuo)a17`hWIsl!V@O}a{TM5_A7c~uV=Uu-j7`{O;ntUM zKgK3JHTUWP?#I}K{TM;kSgO@axhaF~1E~8Zt+^*d+5%UqB@Cjm2_u5{kI8*n_kE4p$BGjeQ8t+GjsV(@$z=;5hXASrD-KI5e zYTu?c-i!4OHVJqxPX})`-O~s7@Uv(3 zdbK-~;vLi#^oWr#!@%26aJ4=f|3U^nOH=|9KP z5Q)C0ogD5P`VA2M>>^YcBh`WXc;T?Npl9HC84I%w_YHve&tYju?qECc&ZJ4&Jv!WX z5?s%?52jlU5oa#W;g}=fH~)6%ZAq;JD`yy~czV(J3y4b~XKw9SgRLFqId7tP9~neR zm*Kv%kZAy$Jox=8n49sLMJPIE%Cv7FOqt?ZKls|vzT1>(ej)f`wq%njxHtjs^5?<$ z+hvOL1H$7u@Hl(g2$|x+5oFqGlWG2gh<6~K6wp&I73U?3oP=-jPD6`ykXdOQVg^D7Z*C82s@`fX{Q_7p3ZGOiZB?sA&8k0y0^`$h5EKaDz0$`t!VEug=)-x2rpsw9|wD!{m^+_s9+D8$LCovnLlfUP!TagsQYa~ z7=l$%dlaG`uQ-sTH20ncuJ_*x2v5tp_+E}0|>RWeK3_>?TiaGn|75$ zgisUgYAM&S(%aR4V2oP3>Azvy&m&mIV${m#(($MjlC{~@gh|r7e;KGw~o22X;GW4$@}gXxHk6j1?~?ShNN97?H7~#4rbm zrg$`n1A7RlMuWIdMk7{zb36>gfj#yzM?;Tmm;)MtW{|OhD{WgsNR<#r*@CA^d)$Nr z`_wi^W1H2S$zdU5Mo3`IHir|UB1TIP8W)+-b3FdRfj#Ikkw&5UCA(?o?CTLSMpVPm z*ydb90Aq_<&~rRs!GV2FnMkvRDSUK4;d2I?<0pK=l;d~w@$711X3Ijq))5?#Y6>Cuf@Hp2)??mh!rlfxZ92Xb5s_yh}e!Zv`4D#SvH$T7W2s}h1U7rU{BnC>bD4bkt-$6l%a@M@Hb3KC=~}*xm;D;PwXZC7tu5oXCVpFhZzT?$ zmtWEFxx5)?t9U7P1vHlL!?~(qeq6-Iy1vQy?7ohVu1ok>zLTwYt#s9RYtcH^hjVKy zn(?`=?Jm5}`wG6{?owBz5g%*Inpe8kUAdbrKVX{!lSrqJ9JKKIf@WNbbhDFJ*vax% zoUPifV5Ze#<_z0(3Nv9ca}$aGoTB9GSh`~YrXAk8JEm;v@w`zx0pG`HXXvuAu@9sjn*z`Co@rY@(Mdy z-oWm+;Ujj?Vuos|B1Q~mD5)+ox13O@+6`uc4P=Hrto0va%Q!RF(8gc}bPddOvQ4`% z191_xWabc=d7quU!cN8wU`p5k@R3AjYyduDF_Rj=N63rucmX_}1^dEg&-rzvmN~vElc;#Y}4ao+mR3zwBh(_;r&RWq|o%qRoQPR5O2FPTyJ9ZZyr4ZnjHGpX@A zNM;m%*~xhEyR?GLC;-z$+SFtN@HLB>)BwIlW}*lL{I%#~?JMl*Ls9H=&GbKlhTW-5 zagb~g$~K0s;f}ILlqEJ{(}{DBvzG)zjFV41LZ03SPZe9>`C;Fyme$kKH{mD`Ul32g zBhW$8Bd`Sy>9-M1xT=U1gcN9xXkuN*Ju6+Yop2G}YVwsD&n8QWmN?QvKDt2wUaTs( zm0fPfQAGiH;H0mjUsODBz!FPzL*iBE$iqe6fFMHgupc}?#^8Yr+GJzE*yJG*z>yB} za1d1CysEt79(5cob(06q^(yK>@j#~~Aw>5u8b@%100KN9c2GQYfd|MGJP^Y+9t`xF zJS5^aa+Ew=0oCK^)-RD1V!ddvm^{!$RWV*rJRIjCopbjP8q*9RZU7Gqkwh1;?ln*+ zcp!9bJQ$!gc}Rq7T_tls@X*9V&U4_?RYkjuZ~->} zNs5OC@Bn>+hh&_h8G;3qheR_Q(a8fNwyI4I&=z3!v11{48K?XeWQXviG<>e8U_heU z29kr(6tr^KxJn*@VMe`EEwz9Xg zpll9S_`-eA5KTDYnn1Z1l=rhIE09fsVF5`q(#Na=7OP2`STsnB!X;o0lk^F+AvBFa zGo}S-4bqWB(q}+gaAAe5N$8VNGrhoM0|aYHnh-Qdi=HJs?IURb9-y^IbAAJ>2I=#O zq>q8L1SM9GngqIHvzcBW!~}66r$$>Da?W+#%tV8Ob4RLyJ*UhzfEdNJQWn#VQ_yGjL*}5m#Ht zi7bwSs^k#{Cu|c%+*MQICY=+w&n6RzuFSv=KthW%xFNm*nH0)#5-4DT{V1037^{I3 z6P&op)zU5|IE?lrn=m+Gn<&Dtnx)00)0N1HL|bN@hoBBEMolL;ClpS>e$?BFk0x?r zVii}JV|K~1D5y$KVQ|7WQ9!3A=p`L$)g}{(@XfdnK^|J9PAUw*a*Egh8wMvg4_I#n z>12r5E#xGQSlZ!nAT~%&GDK`WIk6Bs6O4=lu+?NFL%?n&BVtJfum#{`9DuDQCm8~^ zft-k86~NNojRUY-$VrBPZ6zmh3tJ3M#sS!Ra*`on!{j6mST8sk2Vl37lMDgNfy4oe zb-HmOR*Xevh~;9L4X{BlG7iADW&yATQhGRjIze2aEib*Dr>J+ z+$!-PNXtTF1xaT!YmzlKg-ls!?Bl4-Kve=jkd}qUAW3I6ZK|iht+a_&!wO6#;KNl} zXRIdWtY%GHNjaW16_B(UiGuVcUgkO@6a&)P$(jt5HL&ma3XqJNd62Qh8DGubLeg19 z84+zmSusa#W=9Dqt0(EKqAX0(@#Ne~(kW54m87$ZvObcwP$sLbsbSVY(%FO=VP!*E zkb_Q%vQ|>gD$0a(9A(ucof2hXlFlm1h-e$iYDqdJ%KAt;t0*fb={U-^kn~8DfofI( zMljm|R!^#Cf*rSGpqfo=$;z4yTw6(XB)C8|tGEhstZ`g5km^WWfofJEMflnv)k>-( zAqA>gMN=)Q#?cfe)rm(FL2E-(AE{0tnn29h3x*XSSzl96RSg#?_%VYVdH&0V7(UXJ zH5gn@SZk4ox2~$3Ut;&Aa+PqNPvXZmrm=1!hI z%Wu!RdB?u*+})Ss~LP;EP5?or)b~vPQK`R^|1zgd=mnA_0#zO9XCE|5X&ydzJcYv7eYOnz6QG)s`qinNADYi-5!|ep^+*ug?|md$pT;_)hY~3lwXKql>3sE|%S_IE?Vp zi#WudR$e}d=m~G_fO@$z6JI%pV~nZrQV$HDE)QSDp0v8Yu&2@CDrxR0m2ai^3aeG( z0EwCY8du3qZcP9UZgHu>)tyIp6^pA?+=GgC=)0;J_cpPYz3ipQ!Cnx!M$e#qFB(LT z^3Kyj8_g}E2jfILT_wBTN2^_UP#uk;^%dTChWFutJ&4)K?1_`vja$z1K8!kg39Y%K zEE?f`T;8Rd!x+A;S99I#g(Qm z?zQg1dBi5Jm>8TGjS<`dO%DFh9=SR{O9MZ3*s}XJ;|PMXr;?jSevjXNZzpbe3^sNB zp*(#1ZG1V#FOP-s?J&Q62R5>Ekr&P*56;8QzGvf&O8!xtMv?*cH=cEWZ)noGJFhgl z;Xqw)JW=RyL~g;$sb9z8hy4QL7~WuQ{sIE^i$?J++4vE}8*Ya~|NZ!HAn^TJH$J}U z#Ya^TAL3|H=x9yQe7`o{H?=8@O33O*5d0!Pg3z{YoHNPEUqNWwUYK(SzCGjRMZczB zUEZYmHsU7`+KG)0UEB8JoX0h%_NZsh6Zqr1C3XdG?O8W~+Ny=!*YVMHNxzC;H|V#- z`cRg5`A*b0T(|!&ePzFD#NN$E1ibW1mWqJK-*04P<|>$74fQ0#X3 zVN&X_Cr?3RGp2Coapwh4?t<@R=qHWk}FRyKTb;R79}sARQpi zlad_}=SKy^c|{3-(gDJq4iK;#iGb)E6%c)j68@wEL~%MmTp}gAiMTW>ATB9N_>&G0 z-gJN%Bqci_21fN zHkb=MqAa@w4V-)YktAf`+!K#j_5x%pw&?xQ-T1P!J}o?|2@f>OqhV4Ggg4o+K~(5% z>)P(o`(to3mIu-MBjP~xv(a|Y2yRUaj9LN%%_<5=MEMThWrGC)0V4bF(a*;A+nk4f zHX^=5KOQ{=f@nt2f# zn9hQCk%(a#sCf`+y+^+qYp{6>{c1#~vtan)FqMyqE|G(>5VuF^&%F(X-u)FMvi~j= zsE%G5pXMQOi5HYzm=&cL_qUol53>JG>Hp$5l@8cQn4ru-VU*6hB5dlrnglw8z`!^a zE+as6psc{WD1G+QK2z7VB+xDdJ{YI6i;a1%RDKI2eYM7Is(B0hKOp^s@XhJjnBU%1 zDlRZpTu%ZSsW@1XO2=+f$6HAtGaUz0>A2X`aRUitrsHZ7NY=5})Nv~bWTxX<5%M$6HJtyEE5uD+wg)xZc!pappP(Oh)Q>tEppe<~r^pfn*&wm=n1oVWRU;>tV2lAgF4`0O`A_B&6L)a5cAefZ)3#9=SkuiYBMSB{T9Gg`n#AbzELyX3@LiI@VmDURp8!(U? z!k%A3!lZOSD1D&9G6wLtXiw~u1GHd5fHtoy#*nN580a?DKMz3yqq!mM=_NKyO6@}F zvWm?Zz~iDlu}_ZDsuQBLTe_|@E^7rCkmf5K+`?!9A>9!6>=GmP!H!H5DKV(g3116F@Yi z0t7?3RDjr$2_RZi0irk!AnG##L^u^7ylDWjH4{Mer2qtS?9?WrAp=C@r2<4S4Io-G z0YpJ6KvbszL^u;bxKjb5HVq*9G66(!DnM*W4T!u<@Ze2_hx#;lD98X0NOSE=Jci5I zng$T=OaKu~1&D?;fG8dpAP`7+%|HSX&&Y_;OYJkFXr-IVEGt07GcsbVpw<~lgh?Q? zv|tMfB!`SaDw_dB9|>d@GS-toa>!Us9V13?v;WK@#;xo>Iby7(W*IFMkia-2Mk6+8 zAc5q}kHMnoSVoYUj$26}IV)h0C^|0AT*qM&NY*i9L(#D}a~=1QK(dY*63TL2MaD`l zVE@TFW*{g!4rZ=nA&{(N#($#YY7)py$AHO59W(3`9oLdTX7jjsgpLjMZeib)Cf^)3;)TY7MP!W#5_2+#vf-(5j)(2KJqqLaW(#!lX5H*~-2%(`7CDPMEKT zF2n3QGhJ?B-w9LI&}AR{9-l7RrG0j?Cp>0lK8A(u%SlV;_7!uimK%HcuyKRi_wa{X z_wa|i_VDK@p6q`XX-Ko2>svXf?~Gm1=XD*_3%j~O%KjroaE*5x>rY(le}JD_dDLYC;e89NxWc6N>oyRk#fB37)v7=+l4tHO!3(LdKLh(MW)ubR$|uC38`rwI!;iZsHlcFm8u{koEqU6^)BPpf60mWt zSJM{U@4&_hbgl98MO-YL^9^k5c=W+J3-D)~Z%&Qo)bCx6?HFZq*5m6Jm*ah<%VO{A zI({ypU+%uBU+y}GccN6(^7IMq(R)h{IrU$!YrRYFi1w1o^F_^i%ewx%@$P}hppb3W zkH${xm)EsT!k7281@}4*>z5;Yg%4~H0UymA(MoLlARqWcKAN2v1hyN14}29qR>Zo& z$EC^o_3i=vde>R-fk%psE3mHe=toP!+4!4;Y+u+ z;G>S?`t=CL2YF!o2>3t^>f7h6<=znRfj{J9k5m81a%`{wANVSKtce{29~URgR0Cgrz@m1JJ z1ygr=m>vNic93Q&B z$LaY|aEk3R;N!eToN_M=_`o0XaXyYyd=)-Y;B;|AdYtxw4?9l#M!_jU7x2+1IOR?m z@PR+%1J=Mar}!#-q`>Jj;q*AY1U~FIy)+6=vDF5AToRmO0}c7WAM$Z2j#GRUK2qTH zW9eZ!2sZ369UKLw*oOl)1_h?vWCJ$vhinYSVT!N9Mk<)P)5G){_^`wDT56cW!!NBR z8=J6I2h3a(ta1wun86=1b1jZld=+MZRqUfFFM1@|u&(zeBNpufkI=k=Ap@^C_2eT7 zaK)KLk65-9Oa<%twz;GDwyGh~!=tJH5yQ@?u{tF@B3)<4Cq#eiM5d)y;dNoe>7TI50a)s=RFqw zh&&R)V-(*hL=mP`6%a=woprsyOaDmpTMZy#`fA={VT-6Di4KtX zNbEw~UHd)~QSRC|9S^LaT{kf@(h)ZZboA-b^e#j|XB%*o|nyAxJ23U|F;yePt4H^P~bEV_xdWhes zZ7=#4ZR5$`__V#a9{nTz5}jX;G9IGj5SLNaLG&-G?twis0TPt@+>dQ-hi z8_<1*>UE?4MD;$?V5&D5M*kVA*NgrW)ms@h)jJp6XQUE?4MDT^xXHHQk{oz_mWnmvt_xlL@V(fyavIx(MavhWhW~xF=9zkdfJFwIi95RBJsEN_ z7Q;=p^_1k;Yq6UOHiECqU48JutHKDYIzb28z8p3D@T)bI4FUy=P6z40i!$zFK!%%a z>m|tn*fU-#+6cg|;|EF8qs54<_JRzQem!cq<5z1aU#^YF%7cVmAOm~L(2Fq{Zn7iUr=2&P7XHxm?8G>kyOw`xwNTBSkynjHT@nkxKT$^b3H_>TcvV*K|Eq^MGJ>?qAN07Ukh8~|2AdMY(v#Q-g{ z01)YGasc?Ppy-w>FbvQ#3jmS6jtBs2MX87buUE?4 zMD;FhFx87?hm6(hMgK|heb`j*C((U|+6|)n#PEKurCc|<&rG?K;H zo61G@Izqc%OS?hzpV{O^`Z_|pK~uX}cgR$`NM94QYbq8?4w-89F7#|utf^EiHe{?+ zH@dc^Y^FZ3&XBP_z3AFDTTNBYM9&#&GKijS^VCwJ8(n9Xf+I^!twb-n&Tx9xqw7>! z45I7tO-*!Y(;d2L!w(bTLh+m#y&yOh zPq;e~Oe}Kak^3=3FJD7?)^!Ha5_WkUjj3H8v6`uRtOiYDHMktB;RcWz^U^1+?IGL@ z!p%09kE&fY+z*3oFy(bGx0cscA1bd~6)vv}_Kdd6CaIvw%^hy}^NrvA-O>L4IC6OH zX#bD=>aHJ*_P?`n`L5Ca=S*@srcRlhJMGq6@?5t~&rd$)IbLHMUR&(vV(t3%t3Oq>?wen781Luh`)|Kzz5llN6Y=-oe)mJ)f9w5ry!wlO^S^U<&jeS1 znGOC}j_t8pbGH$X7S;3fYYqH-Hq6gY@B?+l@cA7tKWl=h+V(luCe*f>PK12Q+<$~J zJ5?v}fr`XG?Xji+ZzUMLouK=wK%%U)3>ob3K-!UzM$R~YzDq{vs`r7QE7$q z&1QpE-ZKe3@C|8FI`%N{1L{YvRFh*)a{BoTiH_+SKRk{51$>-zpxi~jj0P-e_14;^}0Cux?5x^F7fcI34 z5J0_O@}4y%091`jA%KwxAS&Ys z;44LAEL0~5xWFUUwp_a^pPxSYd|W;k=O+t57;H;Kz)toq2-u1aV&}368NTy?f-^!3$&ytU{R13i&6z`EGQL_q$H3)!Xgw< zsZ@%J3bd4lMW7T*HJ1=YpT37r)T*ec_#Qs7R%J=LQ?{0+EJa!tA*D!5S=zER|L>Wb zNz;YCz6Zbm4}bZ5=AN57b7#&ub7sz&nR90f5nF!-f15BMh>?cJtP{-R^ic~I8DPVU zC8C@le{?D$1JKztFn~$GNh%*ZF*+GQy-0HgG?xJ4WJ43!OC-}?hD-wJJWjTi?d%zW z$bGhoT}QI(_`s$N!08-L383~VN&uRylL6F4(XOyf8K7*$06KD%NdUEAkpUz+C3G+; zYXaz0#01pOG?su8VgOSwtP`YOq&Wkc_W`V*re?{s0PT@UU6sfHIux~jH<3Q0J6%=m zI+9(-cW=r7c47{irn>~7$vPQOg$$TBY9awKtY|I)V(SAT)Ph9@?@dn*?ML$tYZ80PR{@pQp8a=K-%};=qg`x~kZ9 zB)g7>2sc&+*Ia_of;rF!@Bf*tfe=PNyN+bn@gYs=Z`~T8{`1dl4NwKnR^hQN$A>j#K0Y6K*j)e9m%fa2R3Cu>()RFG2l;Z4GdybM3`o=Y1#D!#3Zrw3EZDe>9UXr_ia%^@he1=E5{40* zDS+K0vLz0~0+=N(Yek+=*d7VVfZN;28Fk*@H8H>r6PH(FRF!bP9ip=k@CRH5duW^D z|8uhy;C31aq%GoUEJ&vXB`~J4@gietJh87MIN@SynUizQL4cE~7-=Q!Ys6G+;9QAG z8alVzjj4FTm|8{rB1$TavBXi@zniIXNos2|HB1~^medwzYQ(`Zg!B|iDy9tL;tNSq$KF^{ z)0#2$7D{R@wLxI;e`@vzl8U;okB_;rq;6=&RFanFit4}WQ@J7OWU6aM2~`bA#Yw?U zB{is#q~>u+g?Kn6_211Xxg_-@)#nXnl&UDZmL;`?86|Z6VxLL}3t&bGl8OxKXT;xF zQmxIHdJ83$ow7`p#{Z>RDtR0R;`Q;#Hx|^wW<0%xg39e%Cr@1yU#MvaD#=TeE;Xi+ zp#B#VUoJsyZQ_dxzJZ{&V8+rk8=LyfZ8Y%(c?}?WU3Fu51tN)7`sX!P!$?p!+)z+G{wL-1hPG-D@$`>oeZVYh zqdou)615AZLv#0{S(S~y|H~_Y5L6`zDsa7#ts2mbsb#lLP;Y3fh7nW$yte9C64b&Q z3aT=w8B=ee1#m-Km1c1MtaFo))EJUf2;Yq)HLMv^Z=s~#&{iEwO#SoPs_`VLRX3JY zWizJULP@=$tr|m2El1If?W$S8#%-u74ieF)-c~EBkkn)_71DSkK^@zSr?*g0Z)mH= z6HigoO?YaIX~fgp*;aLIlc#=s#^G>!Jofw77%be%;|Adj&_+jq)`$*{zBsb2N_2Ac zLxt3nqa$W*MaWu+^ITiXJlB?z=h{-{xwe#f zt}R`P8d*9Bgbf%s(Zhp$C3S~d+?Z_H!G?{={;j{H%m0n-PlkQTg0SrEc77;x=4*O{ zC^jma1sq!O@w@Q}qQSn*b1&(oWE{!&QW~gCiUUiN;>cew$%igu$X_pM68Y;TO(pJ4 zJ4u&6;K4S{Mi;n(#PxVK3e^msHg;Ot%Lz z+*5I96W>tUpN)O)~ibR6wf8 zh^vGj8~O0XMJ2Phwo^-EXOGSd8H=M4x1R-qmFTT-s4?n#aY#Hp#Dr_Sji%i2I-X)D zGn6;vdafXrzH1!u3)p{0cU zURp4rlT3M0^sq!eaL4a%1tIe^WR4RR-SSPNeD|8}X3mLCWVoQDgRGG&`(due`_cS z{w-ojY@l|Sm2`+oYEm<0C`qgtnZ5g*Hc)_^%QpN>q*&iJt=Q}J&kR- zp2ps6J*}cv(9jjdxGIUa*qFxk!_u?PfuBEnxmi1kGsII3K#dJ*oP88CulCXlta}zu zu63SCi*n+3(^=8Zc8b3TqVTX$kBSp$cj4KK#cpWhFZzzS9+O9Vu-ECRXm%!f3F$nX zR*p+GQBg`4Xd431F9e`a2#^L*%Zu+JJ3>p`2by#_ilAu&#<9!Kt*r`Lc&;_!}2Qw>T0U@pz2GY9T~)fGs^OqyI7P=hl8% z)AZb0c~3fBw(0q_6+!>O`LrKv{(pa=&Qf$`Ht>iZ` zRzmxOve)L&78iAuS=huEhs8)L>yQV_x6q&Rthy8b?Ky`^PUI{Tvn}k(v#n~Mqo}-w zt$10c^fX6Oe;vU=bjx^7xCp8tg0S~%MCIumS><_7&;dqJjY!b3k|Q~SNYDWnK{f4j zBCw}bC^q5%4;ewS`b*eUn4R-G!lumH6tjE2>OEv+T$Xqnh|8> z1nqGVR1JbcOM!D}Nr@QS2?y;G29yEL=wUS^sXUs~2^*F98= zP??A_B3uNW2SJKblB$y9Vr(~@=PSN8hmHbbH6*M2J*QjcF;38aM$n~(8u~yaXupe~ zOYKpkCvqb2MI0xn8+L(VXPST@?BfQJ3t$8Vhy(>RCa91RRK*Cg5#MVz3$jGzk*HT1Pe&|Vio7uusn_oB^Qq9Q3f z)}GjzJs=4CEun@289{*}L4l14DrN*-W(1WHK{yF}PC~JZpv#OPB`2uZMbKpsBr8Rw z%CJv3%BF3}vE8ndAZ$s)YACq!FnXMj!0y)i-i89|pAK~+Q$_H&(+u-`?{B}Pz;h%zEv1YH6_ol5g? z!Izhepa?k069$w4Hb7!E1l@sN%f<;RVg#LUsG*-lf{I)Ooo|mC%|e^`oie5DSbK_q zYy7eta*bzn1u?pU7+pakT|tfMa#Kf8T(`S63SsnwFnU5ndO{l0aT zBV~nW*em(gYAg(|xNG(u%_e|75F5WLrwIPpIktpiY0mkCVxOGygv+F8>*(JdObOyi zM!t9eqzgh zV#_7Ymi?S9ml#{(a}Kr47CN5g&<)vwSQ@*!DcAT_I3|XUQEf8R+g5K(BW|(?ml5=z z4fR-QFn^g5grVLxoaog0P_NikfjHWghI%9|8%SEh+9WN>Hzh6ZDmsl?-ycN%?Kog0 zX|a;D!18W`w5+-*X>n8Z@f%25u+@H(VJD=ej7!UZJM45yi)+})rRB!M&RmzY;Luze zc9OIdlC+F%leDDWl(e{;3s#br+tyqlX(=OViD{FxY`7_DaWgvN3rSk4Nm?2WfgvqH zTw4CyA+S?gTti?kEjJzlUv^0gjw8k}_y9>u6-i5co212hQ_|vYx|H44rVH58hlC}$ zO~O)mQ^MkA@5EP;u;9{UG!9{b*ouniza5P`g~c@*=fZO1(Ks98qgWb^=OXaYILS-^ z$;_%Y$xPWz$;_W-Oivw55Xnqhn`EZyrewz5cnP@ejh8SImJMwY7LS{f6?fYu=(e|A zlq4+HHVI3>O$m#;?Gkp|+b&~CSPI)BEXtspk`{N{MS0uXE-@r6Wo?p{u$z(=ciUy` zZEw58leAQ|Nm`UQB`xl@OU&(VyUa+2w1l-uSjOIzu(;bU@qY%}h5R>@&NcXNR`>Ss zV15!eIQz9OZV(nVtT_6$CTH7=5VZPwDEbk}IT6^I@(L}oE3iG~6xqAy$I!T*J`4eZ*9CO{u%6T9tjozqJ$$=N@xJUi>d9rKdSwkWeqt!(wKLCy}aTR|C6_W9}BSMR$ux0&{wef!BqT=<&F1PBodg zvl8Hj0jkroZBgWgVI(&UCl+wS0M*$3RzweO7(4=0_a--t-f+WUvHs+S!D5XGaKpGx zZWu%0hT#u43@6nzH#aK*b8|%X?{LGgh}pso!z%PsVJ~CnJ&osD^6>ry94-sV4JvRswuAK(&>q#?+gUrrw-bz*hrQTL}dg z;i8&+HTsdSMnCv!u-Go-tKp;?z8b8qz2K|S1-=?is>xSlRswuAcwN6QW(!{pXL<0| z@Pe<#0QhQfs_AH$E+i`pXU_~_&KgQ~HL&YA=D0Cibliv}0IK1?!Kub=bE?TYos|HG z4p3c2RAULvNDduNEa1=qs>=uk7U80r96AP&L&pF(bg)^DjKT#3o%u-O}sbGYi2|< zuMZ`=8rXFl^8lGGdVoX{0MT#+;Y8!MIniWVqM@;>4kD_t7H6bsF((%A3<1?agaV6j zQB9s9UgR0#1ClX7<{F}8R|C6_V{Rg|MK_U10-ze+BAja6Hm8~_M>I4>wUVgDf}N4v zN1Rx|eFRi12?ZA6qMF=C{K20P*dhqQxhK`x{u5ZVg4gZb~Ui;IOa<-Tl6J~Bmk=6Qo^amZF8#0 zGDJgTRL2n2b|MZwCQdBiV*;vUM7j{+qM8=)x{!}a7nn|r>LKJ~!d^3yj|r=5=vQ>f zHcmCoYM~QpsO!xl)$lQKmIoh`e(*7&rp&3PCO*V9t0h)B#1gHWT@CCyjyasn79CC^ z34nO`op9oD+njisv~p@~I&wMccGub=jB0i@uqTKm;9qWU)1+F^`pb~Ui;IOYX2Tl9j7Bmk=648y6$ zZF8#KwDvTXd(1Bmk=6Rl}*qZF8#KwDzk?qWU)1+VHNy*A}e8T`o5U+|6Ro#<`qt zW|POwJSFSlxE~JKLAOhlE|xgma+GPi<4{aInFV>dYQ+Q|@?*1JoO7csv@7 zbdA(Jo{bsWSl8nbIs3RPd_01yPb005N95{*R4&zzNAUD%S^r~D&pmcLaF1o2{q?V= z;XoAl=UgKHoIl7vhu+1%J8*M_o^(XgVM-h!4*wi64*oe}9Q<=&li~bOdISDB&Zqt? z9sOYz+n;HOPb{+L?5v+_1zX^sbBX+O{viJxk#zXyh(y9a2W-K)EG@HTCwy9dyCGW; zOEVvC)&!mDXdwTbCUXEg$v+20vj~>~N&Y!)p95f}VGzO$NX!B3gnv%!a{$Gz3ZxTE zF$X}>Qby8J))r||Cf}5_xS1Qb`6L0@(g*AeZ;Pxb({4&u+^muKGLn^xBodA05Fjh4 z9_OgQB`g2g9D-9;TyqFqR&G3pkn56_9`Me=90JKo5XnkVn`Fg$Q?lY_uE4&%jm;Hs zWrh;6GFRCqVJW*QVR5r(;)6(7;GENB76QV8`VoZ%&N=ARNRRwyvk*>Uam_+-VY%@v z#ATPT^n-H_W+6yeVn|qG+9E6-Hzg}>_Rb9DZEf#>D>%w{CpqV|K?`A#_-3?_o4pes zL&8!;!qR9O1Hyv(5ryTyoyKqqi)$K#3riz|rjaef=0->|F@=%qHjM%9%q7zWj^&!V=aN zSs8ZAOcy$?`1Uqk=91|GFSoYH$}KZpZts~E>R8BhffsrkI+kI#%ygL>bi11_bIEkU z8PjbL7U``rU2gNK8VCzqb71Etw@FxTndvh3Phq-{Z_eutzBy|`Ja8^6w*MLp@ZTOP zdma8e*Wtf&9sWBz;lGmu|DAgB-x&h`oqF=$836yCdh*}t2mhUV^55wV|D7T5->HZH zP7f?X4S@d+k_P2;f&WfF`0pUOGRGhOJG4fMS7LI!;J?!Y{ySaj%X5;*f5#vGJ4xif zLrbbjoh0(#Nh1H9`lW+hPABjyIfgCEXrGjy|Ci3DWgacAjoO;{ zx7_4kSGKDkSrOSw-&zgKJsB}A@Tf& zw$_5}@I81>@a>skx(=24lgh0n*$%xf)lv%g!^S_tv}pt!Y=I-ujl)&AuC}$^ zS_{52AHTP?pr5aOptbPhrVagD3qSaEk7zB7{N~{3*20*AHP5ydF2p@NqqT7E^|upS z3vsbuENCrsUXZ`Mwcy(>Z)I!Yiet;F)R+i3rGAq7LhA3RPosW|`X=gssE?t3g!&5V52(#kyQa2F?UULdwKHl<)Ly7fkld4O zll+p5k{pt(kvx&ikX%sRQ~gpMQaw>!5Wk71#JBNU)uRI*3z}t|nfP+QX*1(uUkyr3 zcz*WW7vmCU1>q93VBlj@AM4*YXxLLvkDV}Pgvu~JXxhS{!OzFXC&Ve^;$N6OckaxG z;}Twa(j!VM{GR7SPRV&Ax??LH4{gR%&YxBo;it{$?fl_i=L|{^okj1cCaET>CXCk! z`*cE$PN-Lzy|t;<#8JP(KK0OsX6YkN=q!u9J?91Jg?hbk+&=9Axrat_f5kKSuN4m4 zpTd7#=nC4`BEQB7kVVIi_VhdiC3L@ zdsE)R{S3WlRZ~>YsiwMN83jDCnQ%Vd)e1{CXw6zF^n-qm+L$+E`7aoVB14_9OGORwl2*8iysj_j zC>9!0FKf*m67SPToKNhmuo_bTkS{+Ak2-%D;`EXk;JdG0fPkXp z_X#`ul3ZVpRI7aX9OSEu-Nz!&*+=J#PoKq8t>uR`RF>s)kt)1>-2RL+!4pWJF^7ay z3_yK9rMJWmEceGFg;lleS~A{}zj-&y;#bOo<$un85e!ocEH`JW#6Y!BrnPL6QmQTV zo;viD{i$F%GLrZ4s@oCZArDx|V&#+a<)JIR#sYV3iZwtxgi;%iQOT@MU4*U85lIk{ zuCY6&$vm{Ng<8vx^e)x#%XyR{@ikV)7i}qH(Tv8-Q?fD=QF4v_lP38)>@qR`yR|7< zzD@~y9c&Y9tWs0A8QY;+&HfdylSIh0gA8I5BZS?X*rFge`J!HZw@N712^S$xhSZaZ z4;WG%iM_OzMFZ{O*}kZ)MKkOViZ{OYV7keZB1aDm3Zn*gN-b3Dg*q<3R1f57Uj94QqvB2d+&S>XF!9o08`nUETv?q_Dbm?5t(R=m^sq%Gm5B zWpq-OrGFaE{^hX4xO=*}%{7W6^gw>4uIQXx{=HGz#h_#)B6#@N9U;78*1BKQiinS%39wMemn zJ-w_J&Om(ZuRv_brqG&GDT3^ap;T$+9|;5WE`*QW8}f&k-q1(^&Mc@}i^Z2aIv?4q zk+#D1?-qIkJPXdi90R}lG;W+-unmM+o}ZL zf59%&9`;As%Z!lzXeoMOkXj(6vM3NCAa9tTCsHw%W0q;417ouw|mbJiCwHyr_@PtnttZJ_gJDAf3e+MEz}qsLg|PW@CVA6VUU} zre01A(OH)Is?1To_Fw-X&KmEewC^GLl%5fDyHmE)A8PX@4hN=J6|GFC27npE`vL^gdn-(&ptlAZOb9<_6gBK)cyOn`)9w zd@zNC+>1!p3d8y^_PPnDa}WUgC_wCm_2!rQXocPOG4vkl+!s($l4@PhSGyXv7O9aQ zF#m$k9Ul=pSNp?PSR?OX)*L|!Cz>cDpphgJy0u#Kf<7trlEjFVdY{CIU&WT;ZJY?Z zMJazT7nb}dRz*q5702RX%AhLalf)6Nu*=^0EUTu_ioRMwUeQZ$R{Cnq$^e8QtvTM; zj5|58!T!NzhD*l=ET|bON-8ceo{K{sk=lKt9ZK49HUzkK9?T&yEb<;XwY6A0DtA75 z1dmi(30a7W1}f$t^?Q%c^ur5cTQx@=gp?EB-E`(8su7@l)E-?S6ZM2j{(c^1{#Te- z6;dQcA761VPx=dThUA^H_d|NcHW*s(+l2gP9MqaefZ7GDzU`mZqWj}X8=50CEzv}v zP%r6(YcL+=%L7pNkrvNOB!?=gI;6A8tPcsC>*KJg1l;I_YOU=|4@rSam=F@ELOG$lnMa%%HaeQY*=H?-7}LbVXJi5K2ih}r{1Jc^&GWTRiMZWKCCEEODZj!o?tOfT!c);;ovKZOdw-< z?@<<$=_@I)WwjTMD(Zua6-T9pRcg!fjuZvz{8gwKR9n5GSRI_Js0WKI%e~oq)($`h z@>Hx=b2ssO)Z|%}*t% zB76=gcB_N)6bIDi=#6U0QOm~1*}J)N$x&j>ZnYvWxJI#C`Vq;cWm8WU3jsPHVr*4Z z1=p$-R?L|st0mQzH32L^RtL#;LaRzq8+=evr8Y;cRZEI2D}7n4%||WPR;}V-aK54z zSZ|25EcalMR(~J{tWhDTufuAZSpoYuitNwzlhhMlnKgT4s8LiIXnNw)ibJ!3PY1LF z;#GCc9*}Nq-B1SlXD56)IN^KIX zV$oI~kx{!5OMC*4);!K)vLNhPgbd|b3O-6T>mn_i#Mg*Ll9yw|k> z6%bgD7)X%b9JPvJ(^14mF0!T=vAalusz9JOMFGc-L?9|{S52{61|d?LXQinn6%Zu$ zZmut5j#{wR6w0d5=b5ATktl5%$fEQ7#aa`p5KWaPjmogR7r^2&y%~RmT0|96g&EhY zCFd<`d|7Ok7f}kqE=2S}RG8VYK_khhI%DxxKaod=YKmm&Fr_~-VcDo)k!ZE`RG~IR zLQK_|GE+Z>7KW3nH?mDNrs9Pb;0Kqb<*gKmNng2 zOqQRB%^^imaGjz^Ey=emm#`RXM-dSlYYvB`#!Z%u3Kj!_W>}n8*r**bwnVU)ypD}9 zkVa*@FpxLG06cJEAZvty-fSU}aYw|r5h7~IWfvl7?ZgfzBGM(R!HSj;5t})S$@FT3 zh%|bg3lZ-|h=>ghosN?ojj_<1Su1AE+{qR1Cdgz!+88#FHZSNFh%j|atZsN4=k?^A!P_^(-SOihY6x83M_ENgsNT$WsNfpt98+7zW?pTlBuA!WI& z(_!tY2JLAhwI>#t*8#NzwjE@mT?^&_(*TM>LEg~Wth?cYZLp%RVei>|C5K3IA=qk} z6>UOt!LmG%MNv;9VoALTlmNsuL%RnW21KU-@Ez8@9Z&UvYGlF`Y%V^0*(d$bMsOgUEWwgXRA_nb+SXU?2K;|SYDifVb zwTKn9;#x(a*w}WVv4yb|Op}13I<%)ENV3_OK}3nHR|{8b_ICJ)tRc0TSvG3LUTO47 zn+;Zjjrbn5lIT$sVDcI&zzt(mcdc4TosL(j<4T=^8`jSj2(X?q%}~a>E$@lcXL<|o zPv!|@a0Anf+C1tc@Ra$pu^<2ggpbHL5)Rkw(MZbFvOUN|BRMkMvbL9)BwGf7B)dp0 zl-3+j%kngmYih-5jihq8W&KbwO^ytfrb@D3+rPULU8*IHNc$U9wS)niBKK^4CbRRJI(%p8@TM)vU6TiF7f6RSpEHK7gv4;(_N5 zjZiS$vdM{R9#T}QkVGw}fjnGMOPTEkdL9(B$p#0HxCBZqyP{ScN1Ir4w}>Z{UWp2# zhzSKM=D6apMsh(doR5T#Vkt6_B2%Q}G;09|#0v6pV(CjJDX;{yu->7_L(OMvBsIX& z$*jB%8p&yA+X6e)80JV{fKaY~K+GWr`r|hdL8vUX%%N6Pnl+mwS!&DLo??=0B-tlo z>7XQ)s1OV)RztPFcbABzAH$NkSxG5QlkH%zGIg+qp=!(WR*MxvriVHhDO8f(!!2uu zh7=j5fQvGXqylK7+7+e22Nb0m$$nJEBVw!-wMCVIzC(@ZQe0G$iy-m=F+L9_B#aMA z0Q~dRlp;?Wl?MDMfi2TVa+qioz#<1s8(gK)kd~e-HVfFZS`bll06%H;df>*Qku8{< z<&K-){2d9lMq&qwK28)t0M$ez6!WMaoG8K&X@;WMHAB1I5KXgY9cdURqFh{Dh(cQ2 z@bqhfC;0D%pieUd)zZzRqTG-~r`ZfivvDJiKG{R3z&`{+ZKaHf& z4L|SZ_?ZnEOrl*VHt@0mMQSl3is;gtqG&e4fPz%7cVd}?`b5)2x6ZIcvvZg=*(ynv z8=lmSG107W@)0V>osnJ)QEHf+k(C;1cP=c^wwp3i8U>ZNmf?vyKnZ6>UW#25dP0cp zKGr_hKPa**2Z45HViUKzbE>sF7Wqgc;6iuc-yoPox_ zBKFJ`YDGyf#@Q7r30l(fLFMyiy#`dMXBHbf>q@9gP)T-BZy+Yf1JRYN%VT{3s0KMPHDud}~{F+wRE(x}y_I+g)x<4o4)QeVWn zDpHv~;>&E3pb2*9l-D^sWie46WTUhZhH43{2v)w0h7jnE8X>4RvpE2bWG{r+iDou3 z;oUN!Nm7hXS5lz1tY?^liD*YTPE=2;gDa6ts)3SQ<3u(K66VyBc)OC3dK&Tp3u`E& z6(g2XrO5cUVf6gj9>rwAcUraJfxQksoxnf$DE7M1O*l3bJQ7MX(tP`Srp0_LGg z(Hqx@m>vg`iYrX4NfPofJ|dB$q7j9NLc9;0?M`Jas$Za`$Ye$ZG3|F!lA;JOwXQhB zc%2Ok?iy^qW(YuLp;wn=H^%^TM!*2m98EDm7Xl1sWi%@u+J=fxZlQS0C0vs(S>LR9 z=vFke8_aViw$O zk%?vx*_3B=`41K1VyU~k1J=~Ln}xICK`zp<4#BByhUPv&SM8{2hd06U@T`g<+Ffk;;f=guY(90160gu= z#`yKu9cHOY@HP+gR0+d9&BJ^FeBn6(;Ab8d01)6d8|rerp&8i`lMyg)KSGP3M8FK~ z2+Yuq=!1ai(Gi%T9f29z5tz&L!4mu%-(m^AlTY4=fU0AAvRJNeQ`3C0m#sN6$BVAt zx*RW(?QfzQF!4@~7s+h;7EVXi_WR0dUKI>EW&av8@LOUSU8n7fzI8fYFh`4qgukScx*OP?v18I%qyfU#r-`t+R>ZKJF%Vu{D8CRy zY0Upj##QZbNjuwJ4og){-X@tKegF1QYVALQHC{ORS#X(E}p67y#@tQnc@1vBR zSD66JnjI=hj*z8VcAbzjc6LY39u1^4ia+28r*&uwH3F+L#_3Gt=;ZVU4Wwa#$lYHl z6Ln~XK{$oAj=8-AD}3{Oln^tl-AF-jp*_pd5o;S~HNx*2#pR0rwhAdvWPSmQGN)+C zxC0oaFNNE(?TnWBU{?R;yH3bYH{HOa&9bC zEjvl9#QQ`+>Tu#uO7=iEab;Bs_P|Sy)u|SB>a0>FuTm@lSk}#n0P6<}z>7x{@t2_bNu!SAA5Kew) zW~xRZ9~GN&%qQ_K=8!>x28235#_)0nWrdGm%T;$!CZl1b)CDK>OQ{<=|4sp(5sN!0 zS&xkl`{1>XSX!N{6w$-#-kT&)+bZDD7L<4=7Vs>KrOGWqC@plC{acoJ*iywdt@*v} z)D{(&O`XF~d%jx7E^SJEtr5-7TB~)~v?+C-MtEMh<=hWB(*oC1TJtcp_2B~n!vMno z(U}eJ0~iDt1Q-Yy2#5vU;aC@iaE$WR38N9bS;t80kVC$_?qJG`u07WR-`etfITn zlw<~m#mhs7#UPADP$GmO1R(^-L#4n13%gn&(>@i;$IPeUsC_&wVVk`i(cGiMZp0c_ z6+Ai!DTb&0-K!lvR{h)Gc=YsG3!SK%q=OtUJ4+ftn{v{sx4ajUjC-B%gic5RPo4@e z2+suRg}wL;4Q@mpT2zo?kKXK~H;?hvn9ewg08bf8}F4AEol z6b=m&La??tg;r6ghaj7oA${~%gACIPi$ezL!@c$4qkZ+^69e?&&jsqkUkuWR!&M=C zUYI^S3Aw04(1P_LTFPcDWiy$wiJ@#}P&Vu0gt!{2$MTZw(bbVi?H!r{B0nY-n zXNY-9h^IU~U!K0tW{3Mse;NL0ErajC1AVyq65L7k*L}?D5MMEFyBLRY@`Ov?dh?X) zUbYJ7YYkD;FL~CKC;OIj#RkJ7>?u+o}l89oK2g->s(wD6fI zEj*Ex*11V(;fqmPxVpvCCQxZpSZVNQB)VM$gioi^X0}*bB9*q7mDas!X=*A>-(qP~ zsI=*Wj)W)n2~^sY7E7B+r6sb`!kU)0m`YQ(Sel+no4`uz-?X$TRNC|wOG~8E7PHa@HZ4s} zrRiHNZ32}xg_SnAX=&4`w3#iIwwOv&v(l7JOVd+n6Iv{73Y9jUm8Nc5+Ds}f@w%jq z-9QTsg_gj545v03VyB1O#-T>UrAa%|Jm+SV*5G%c-d&2n*dW(anZ+_Z+mri(wbC z{>^vVs{#XK0<8K|Q+FK= zPdyd&)HgnBYdMUG`6%Xr>(&t*ZrW6^NtpM-01iL=aN>vScRutuhi|>r?k&%ik`)|& z{(1W6bGkgcheJQVFu$0=fipQ=wCMaI$BN6#IUF!x-+&*Fy^_pfj~@PoYiNmt8 zugb=c`0WP{4;)x@;PUz(f;r60d?fR^KR#H);lmGSJUr{KQ-*OkYLsHswAcO`%3*zd zY5nKH$D%o$G)Xn-^{)Te&taD?6S}NZJ-C^}`SWe_KS@7l=kW2zk39ZG#q4)E{QdVI zeqS{4z{ebZ^2zW|Rvx-v2hjvP5)9?fbMJ+pF_49De_O{rAVlEFH^XTG}sZ zFW()#jl)-8{r=UZhl@LNn40=<>XdKqI>h1T&AT=)oBPsW4x^)Aj^5M%m$x|#2v7zj zj}2PI;l+zJ7cWRJ`Ea;>dxz~^t>)i2eDcZKC;!M@yq7~Sug+e5I<@b|;Y%+qd#UHC zT?;rodGe=|bI0%h8;1`(u;zi@zm9Ilp-R6FIzkb^BFwSVcUC=gxg{?!Gy; zog6M+{Kw+FcWQs-@WmHXU%czYjyW9u_S^X1zI^MeMI7FB*Oa?5Mm_vb4o8fTjA%Ff zEe(ese;oPo@*}}_b68LyFSs{H*vDbNejEE4KX_&`hg-MiZhdEA?86-T_;mLfcu&Wn z9DeuRTi;3U8?m0lXPz-WbLNqa8#qi!c`Rk-kM~q^7#_YOJk{}HI)|~b@5BzR&Yi+x zyLP_q0@{1t!QnUGy!%bWK;2(BoHOUpoPVx6ew4%fe4qS|yDhmKcI!61TmF(qi#XKj zB6JDy?+)Vd(4k?6-uU}Jr*c?bU0I#gqfWu$i4)(R7^N*)$KkWj&UyCugXuqWXfoYx z>i@3)CJz7p_ox28Hb3-94)4Ez_5J;}=sR%u=%e|MTCPmr%Hf6$S2mQ7T=F!B<>e{m z_q?*ZnnSsKuzW%Iz4JNTzklxjQ(yiR&S7%$6Um9c^tj03mMxiEK3M$x103$$dFRgi zkG@&KVgLSx{WqVSA#kYG4$;15T=gi24o8XO+mI6zIDGB3ORv?uebK_nz;_xqjnfI5ozYkic*h;uJ61gt@;Zk~We?>O(aEoI=<6HgtLzh?#sFJ^~`qseVr=M>5^!c7stsGh`9WC8ceBR-3$dHRe zE^T`)pTocX?Zv}-G*hf_{-*H%3 z`C;WliCNhk4jp=J= z_xe4?;ffV^tO!{x`v-^r`d9V8>XZvdad_&~)>E-h7o~F8vE#sw@sD*+;;?7W#XW0d zpFGXsv}x~8d%Pw)io<>T=I=ZA`HxRFS_=eaqqUkCe&R(-)ie zJBKS*wqM!#4X@Q478S)7<^F5yT^xS##Xr7Kb(nOL!{f*Qd3>1R(5DbdL5qGeSacIu?=WQywb0f%qD z?ftf&AWh+L^yuEBN4~nolf$2WI`vc0xVbNKSW#iF=n%8LjKjf$s|H`+vB1XRvSm*$ zTfDXBbq?Qq@0IuV)elf|SW|Pgro!(+cMgC4`RLD|z7!Y8;hlHt?_53gelv%C`)=sF zWXfYjvU%fayefrnauTI&!lEc}vznDE~`;iC^v$G%1o_*o{Z#a}n{iK0% z?|V3$I8ifk#hvSqaHv-MtMAsCp5t)o(ql_YKdw*X@awNX{yO;aF(wWld~n@^hSw*& z#Nn^M7XSMFtXJD}XtUjC8-DzgH#r(N? zcik|$@0T1t@r3<}oqG~%IDGl#pI?qE+~dumOco;3_PayHVSM~=@n3ycc7Vh5^yBG= zCd`TBu(0r@!d*XYzL{`kuugOc)!Ioz@1t{o4Tq#oxmGO|nLgOire;BfWoXI5{_ z?AMpWwQIjwtLqr`2Zw$7r1gn5jWu#OWy-86hZPxba9CTLSNoTtf4s`!8*lV_L%p_B zCWnFd<=WrOkc@fk%RQGC#=Y}Y%%%_D`rL2PfF5NBG9MmQKdH<7$AAB%YUJU`+d|ua zpZ03%=IDTn+n@A$>Er_{^H)pWKX~=r;un9rYsAL|{kHmi_e@GSEuq09z~XNe6(K_&*X05OB4{@2FrLZA|Vvjt%|6R%_`gg>4)sD=RD?anixw!-2gTxQt zLMp6<1!xD|mDq``dckEkrB0qyfi+n#XX2D0Pi*b#;gRT7?ho^Ykg!k04Shq-%8GJg z^F-(N#{MEQC<)mQcF#VjQT8ksES<1i*m8Up`$V_llU8}Uk34;h#CFVAhE>5yYA^qZ<*v}JMJsP(=pz*V*#=vdHPZx+B#&naK(1UQ<1ssxEw!4q3yV* z;)-Ci9lJweTXxLDW5*6fzO5X8u(VuuhoTUtlj2dP&5nB^v*?VXVA=5~{1io!J#Z4j zwh*>+zA8nrYS}4=hr)Wg9moEH9>VTr zrvW^$b%#9tkVb&RPNk;`&#*wJk~y$riAq+gQIx1Mt|h@Qz|v&}SUJYxhwVM8u{4fp zFoXQ_g9)9B&Y-+|R5EXh3&QqpOh0)>{C+dn{s-vtW;%Q^NWWU zm9pk_4}57%tG#lhWdE^M4gK$ef^FqpQ;vnnYcmM-OLfIM|K7AvtN$v3KrE+2#MZdZ7HX6ov(+-e+6 zVn!dDLKrs=rcX;fvHmmUJ;Y+ujW6km#s6&py~S%K1O6)j*mAMLYM<`y>yhgfh18hF z%npb~E>Gi+D5F@WrHtw8U$4DNajjI)*qPYQmq0vZxscX&phZ?CPoFQfoeGrY>Mh1H zmGBrMAieXwcq(t6%7>*=3G?vDB0exL77FZ@4}yheZf@rN5Ucs* z6rvRyA?}onoP6AkmD-L6$};JhCnfP>?Uep9S}2Lu$961GW;0lp)M`?<>EQ+<$8sqx zp*!TJt#BUD(-sS5wQ$73oGbha1kDEc`gr4yW}V(LE8ieobGq{&H*f5vAx|IeLS?uM zmC;gG4q}IU3dH~uS+7924QI#@9TR;RzKZjLAs<~q)DEZTMWtRSwyz8YGVn~n$C0Kx zO>-sWa1vk|){Y=C8XgU%QJ$t(y+~vc;Y|<`KDv}#beCDa_}H~pE=)wL(?3KzBQZZB zt3kMqEr`~Y7c;*B5PcEUHzs;DXkEpLHj$4Gy(IcD;ZsV%unxF;BQzr%4m>YPRkoAZ z_6S=Zy+8~fPBk&wRTCod`Q+*2BkqrsM|&fY&j4+6RBV605Bbg15#?~>#lB79ntV8} zh8uT?!j>m;LELdjDpZNGCUU@b4%-mTbz?vd7%-9;AUad6ax!5xJXTC>6P&N9!y#h+ zT}2Xlg8YW`5RIZ_31i?)SFG5BZ5xQ3+y{uev}cOWqJi^Et+)Km{wUPBACq1JmE=DQ z545qK%e0bwknSiGYjn5+?jNSv>^hpRV$HM1qA-Xl=CKqL9py(@O7&>k6dn8r z*u5;DJYk#(0_ExBSpsa2Rfv6s+>#5`2H_|@km2JT7zWY#f>f<25XO6QcNk*KclX0Z z0nTjIrgo-j&OT%$>q8=?a7Z*odYYy=yO5Er3yGvI#4(8be-s+Kq6?Yq=1PP;6BK(Y zR@%*nI(o=^dXRI{EQF~D;}J*>oIV4g?!QIs)xL@(sc#2&^9x`%$(FgO}M^ z=D+Pn)zJOuK}UGm%6!#i4NUd6od}R+;gJv72L}aXnV>ldQ7S_(suc?Kf(@NeqL2Mu z9S)TCvVS@fJTa7+H7BvblBuIXGywILu{ zliz|WfumeYnnV|yyTVVZdQ`4+|IewE{@y>0)=S=-eSJ)8yGfWr`vi+zBv%0Bni?k2bh*d9{z=^;>AfUKWkq zJ?$SALwh#Wov3C*2KE;~J@0@Hg*`x9v6u~5D#Qk4X0MEa+%&*9d=V*2f>7OAj9=J7 z>@`;14tXlMqM>he_4DY=d38J08+Gq4)#lP{F2x3EfKn5C_EY4=2NW{wUks;3RAT_` zSAZIBo0#ij^H%tIs~+tLmrGLzts~2Xf2eE=yyj!8M7!=NPk&BgJK-zaj!JJw zqZe!tfsepZwNUG2Q0r*kqg_>wF%G&Raf~C{G6g~rye@?$Ci(IUWK2cumcLnv8<-rc zU_#gSwAp(|4q|HyTgtIoTdh>P8jjOm8?*xR(pOwo38kvg-9n*K{(i1DWf!b2@$;R{ z@W1oWgkEQZh@Ot!C?XjiqZI+rTqWd4Y}TwQub}D|b_j+wBzT(ja6lG&nIDN4_$q)n z0}%|c_hRe#Mw3p0ZFV%tDYZWH)Ahm^3n<>=|0Tu;+Su+;$J?>#nT9Dx?5Lt)PNj+x z#U5+{xI=^XM-uX|-$@{w2{rSq)hU?D;Wlrg8=U zSO#Qf=i~cb{GZ5TkNe6pHNp{|T2_RQxCu2P618O_l-0tCa6^80^bRzuG_9nXNSKUK zM0eils~%`c?j48NM9H<^}f7ID>Vu~h_`qPPA`19H^k27JmzpK_oc>5DGx zx(cUe>^T&=B5DJ6;7hND>9qG0_U!cf9v@f=<$Eh-HA>TB2$ypv;)pz5vq7G2_})2s z2Y$qPd3w|j%nV2LMnwO}qtjWmfbsj1pJ@D^$5>64qi~D_M^a5h>mtqzwepnZ7~z%6 zG46!O&!f#L1Y0=`L*appOBE()-#(hYW#DFJly6<s_-R(P@xhI%a?oOiP^BmWY}Pu^}SP~{>3Ef2Z*T2u+cQ@N9W^o_V_1! z3EEixC_2!j`Hv(pV0Wt$c&zObX#BxB#Kxe!B_WijNB?9y5r|0;;V|)mSmNYRg$x^F zsDvtXC}4*!v`8x{a@Z7hXBM1Wx}dNTPRWs2dG|bLV-NxIkXAks!#xo15KSwbDTq1RXgec z#z{?2dzuz{IZO7Y#{RUAHcyiexrVrUbq;G#f3$NfX*V}(-@bNdM~~m&Aifh}Gr~U+ zzCidJf(cLDv; zrz}~IHp4c$z=Rb&6Eqt!2EYben-U`wR`!*XCK>ch@O0p7s^hrpkMA1seG>bw#Z60M z$_3xn5|I^mAxo-wt(ns&ehuNK{^5EjwVePnyJN?!{Dj>%^9fX@Mz3X9SS$Vu=ZlQM93T& z>-oA?Qi$3TC$5~beghGv?w+S$CaEaoOPP>Qr7KmvOT4gCEI!8-isdPn(H+AAq@K*w z)ilqkOE4gXE}1AbjrKIncFu%iijihZ+;vHQXzRLUa$ZM|&e*fl6X7Cs!zqL#2)hur zBK&}`1ab2bW+FU~Fd1PC!Z3u#5qg3>as&quJ&$k-;UK~`gv|)O5Y-)_6M{Da*C&;D zhjy%OtV{6WCdTmVFos8?Gi101@p^MK2JuS*pja;SaVZv!c@V~EJ_utZxJ+t?8!2vH z@}voUJis7+gpb;!$yb{U+n@w|F-lRJq6$=471GEGOor{~5Y@6GwdsW&N|RCSHcy$N zcF}hB)h5kuw!VdlBSDkR<`=(0KaXJ$`c&B9#*whktr(hQK!DNv7}nXXkC91c#ZD0> zL%wO&HgO^=s(>H{1=~#+`M z!q(=A57Fd78>bD3T^a!n+g>>jG>8CAqPTyAXrG+ZbTo~rGJ}w<6Lv!QFnyxJOj*j1 zK5^)0jQ699?}R<)w|XkEr|nEI!v5SS+7Q=EhInkyDqsFF9wL3&Y)X&4wFex-mgQo4 z?9T6De^^X!Lp*KhnxHig*v#%P8+#-553bbnD76PmovRfFtQHd`sLp6VZuY=cBiElp9UEdVWZpbc|kt?VLgRVf!yA zEv43Bl-uoDxEtu1SX}N&5td200zxg>{(^^zMx=pp92L*cQg0q?7 zLd`}SVbjYa%P?L$g8TyC|Nvg|Uu~}WP0%sm_Z6>lZ54a9soQ}x?a04x%5Z!yez0dF1 zmwFl)fCb7X6L*G)Q)aIqm*CDq7xwysZgq2>WY!Y9lEKw>k`GxkFCVr_& z8DsGfJp!8FfQ9rj=-CS@)WU!S{8fiu5PHnQP5DCbhl+5^J50>V?oatX>{d|xN$P9| zM6mqWp3=$4vZ8}C{WwJHgrnv6Bg>}UR-cA0>kGjm^?o61}k6Q5>2n#;fFp17^YqQ=>3)?2&|ub-@CNC^mzL zz~}kZi}TCxMgc+*X%Jrm0kH2(@$F1wrSMc(Izb;>O;bug)2N*7HM^JiEwOd<7-?BN zAfFvc0nUUTwV!^H9Ut&k0aB{A`r!(4t6pIhL|Kpm&Mse%=PsLHZCTvj2Q!+rs+8SW zYORDF?65*WQmmdR97_hwl*0DC@-fAiB@$zx>Sq#ot&r=Y=_jnuS9ERu{2?HWjyh>D zc9f3ILe;(qOsK~Y>OyVW*dp-7zB!XO;oeq!zKp%~tSJ$mMn7y^5|JllEzQ*kXFP*R%j8 zwTViMt$(8snm~XG!`y!E3bj}Mqf(mQHDTj%*W^A5HU5<*trVheL~Gp8c1@O{5yDXc zSA!ZVpqVCnYYQ!=H|76ir!BDx>j5eOgFHG<;Rk0vr~p+;9VUejz*JUcPz%NX;Kg0? zG}+ESLz5m7BPt$c?l&;-wR_8GLm7O~F1{hxkZk}HyF#wA=*n0!F%4{jb@FtWBqRB% zQ6yhRcumSC*5v7tFjPkJC8J1j$w;V!1@j7qtiK1UWI349RSUCrP_?~v5n>N5yuKt9XiKwhXp8zdAG@_HsrL>Y3eIb&l-+$KIR3MOD3jz%wvxir!H% ztxU0~q^y`Q(=ua{ff=1qQc+7$%Dq%b!KG9{Fu6@*w%cyI?Y5bf8iO0|xQn>pJ|il) zf=lpzzvs>{1AyKVCjACYcm?q3J~U*J zQJqVxnJ%aD0Oq@(%u=hWnlc3oR)sMpaD{{HUbCmwB4Z@(o^3^R7#WorSDJ$@^Dv)df)BEl z31wmbstRhAr{1&Atm>2@

yfseT4|MR8xjC%0MS7s;FSTTZ|Sj&<5%SYeA;UoZug z>bE#}3y&ei?Z7kE_@A~MgVzf5R(u=;FU_m*9X);&8G;;oc?FVy=@tY=!O$X2nU~dg zD!nua3UV=43pwOv!k#q$@7t4>-&DQXcuyTW`u{HGjNd~xF99+DsemznL_l9acfff- zDc~?*7ho%317I0|E5)kX9UR(Z98VXFC8pk#vrimNm%zz}yb2OPnoT_ozTS0IjW4#b zA8VyvlX;+2-VnYW9`GUPLK>&tsM;)VuvfIPpS(%EA@fMNyfM7YIJ7JxB(k`-yxo3M zlX*bGDzc!{^7hOlkyvh(c_7jj@&oVUHyz775N`_^Ut0oy1Q0W%Rfc)`l*j-bidqeqi5$qp%$xO`;vLk#iyy!&;jBL=UR zvL0A1Pr$~>OiZp!^vvW6%PKr*RPnLfD-xAylf2nIk?c3=29Hix_j)X&dr`o06#uW5 zWMOcL#Sl`~tB_q5sED(FLw97#ycmc@S_`HQKnis&Ihqa=D5e*JRv}KE%Z)~eWkIgB zNf!B>HGaACOVFj4t^IW-8>YFiKxWcCT(8o61Tr=b4aUNlO_lp;aXf^`#i>=HNAaY% zE8Mxbc?UOW0icnN9+nDPrfr>!|vm$;yW+3P`!)Z#=2dzVjo>$}=j~&wU9AY1z zxa>{v|BWSLdGt}OL;vP&O-)_o7z~@EGNG>5ZPe?QXE)4#+O>M5k61m@!?(7z6kI2U zrB(~Xh{@DB*JA5kZjn!7?H1(lwB^!E&q1m=BivPTI|3##P4my|0>v8~ASN@AL!O-A zTKk3GY>`FY>UbT*w_xE{{BkUjf|dkZ6PO@idK|dEn&HQ_8mflrM=_$t1PEd+*A;-P z$h1{U;&RKSnGc}h6%T>ew(TZZ-dQnVPUm7{UhYOI_;(3%FtMmdZ?(YvC*t9-pP}3L(Iy?{d^TjkZ=%a2pjW+rtYsIn@PrXKO6aJ=i9EZTL=o z#`3!+T-F$*?~eAc1rMW*857*$Yd00Ev4Xd?TwvedCcHo&4pz9Nw%7(%N-w2=3_MjQ zSoV*WM`*CCKM)>^&g(0ola~9Y1sTwly%>c^)jA+?T$UK6Q66^F1;S{dPQ8&g(>IAj zTp(BXIocsCG}x-+hN?NMi?#+>duhmO8mw@;mCL#Hx*U6v22Q-iAVKvkI8ffFC( z-K4j#y@^MSq+l2qZEdXA*{%JslH9&V17Fa3uCvZO@GzDOM~%|Ly&D&XH^5@3hYeWO zXfJ7sA?3q*yYmJdBdE6@N8CdX%UkTl4X_ZKL)@mB`yaL+yCF8R)tuPKcNcJtHGUUy zbu@mnRah#5-+5e{ZHRn#E@!pzo6S|!_?^Sm(b3kPfd*ZHwO=s2ZdS+YpQ6((QZuJp zWR^e&zXBcn3Uu%*(9uU`33Tu)(7~@89j%~INKG33Q*8c2;C75NDJi&Y1c_oMb_qlzKv($$~gj72-IPgwD}(vOsZaO%$PYtR3=yrgS6= zOjGJhHI5QA8dH--|3^wkq9D$&`a+xmf;fZf331{Car)L5;ur;S%=LsgQGz(p^@TW{ z1aZ356XIaf6a$?O^@TX?1aaEe6XJvl;)K-~;4T+rmhP5r{UgH8QD*y_j`Vd8{&(ygSSC||x`j@4ANO^L~ozI~#tx5K!kx39a&zS`U9W6cK^_kvU}ri;DvkuSQV zojQnvPQ88*2O1BE)1{se2kIb*6J1}3V-&035GPR(XIOn9 z&L}~gG4+Hv$$~g3^@TW-1#zYd;#3)Z1d6Z()ewtNI<{H<&y)^W%OD+7>Pa=ilnChv zQ(_Go{U0eEu(N_V!|DlfV1x#7V1%w8#DRq##OYg4h=b`15C_v2^@BK=+W~Rlsij`% z@|gGnak|tO;zS7Ibf_o9X(x!&zP=DAR1hbuo)D*{AWp0LLL99iPDni=PM{!8a6KUo zR(Ar0%Sab3eYYrCg(3%4)5G+3Bx*fW5Y`WIrL{KjJx!_v# zvr$>}Q(kk?4;(_kuOo~{v@+@P;n#5uP7(Du%5oe!fs;P5>~bHE{oH{YWobI^&pTG( z-rCIC11pg>Ip8l+B$BJn(dE%57D%s>Vtr8__WQvDB=*|DHsvx@ZK9znS8URxp=zaK zs1h#5Y8t8{`-vH z=)z%#f`gz6{8Df!6ut}8mCM^Voz$(&I3fyEsy?sV4ysJh2twd!IL8K@vFag2g<~o1 zT~s>n_#QX^cT{mZ+ETn1ZdJVRm`a*q_YaofVy8vTC3@HHy%0MdxPiOMgW=RLmkUE| zIIMDEcoM6$s(bUp&N0J$w>Q6e9v6n#S9%7?{Wo10uI37IxPAI}To}&hZW$bfie;jg zxk=dRhq4O4jR&qM^c5})@ey4Zve0t;d~E+<(E!AH>RL z2SWcHmw(*v0)KxpRy~@ryG<`+1ulHl_ScAZDpsX$cl?U==6Y)j_${cmeS`88UPj%1UH;2!sp061D(_ zXe*>#x&Nd=(UD_OrVChujBS2q^#SZsv?F({4_2Hz2>GdaQS$begncS3kysNf!YOz8l9uS|KTx3l00a*(*L1uvvVp|YdfsjVlT@$gt>R6Hy{S^ z5I_gG9gvQ7v6BE#1BL(|1JFmJ5m2?Z*tPb5l<>p4UHA%&=f3mjTsT0Q)v>MXabK~% zyY_8e*y!cTCqd+zao(}#b1%$H??AwN96GYIs2<+~vg2O^b5SBAQ;;;yvV0#9aKm$at5h z)|D<#t->j*Z+0I|_5?pRb^5BM6M#P0k>O1dJt=}+0OmVW(_K<78!nBE)+LkiMtFCF z9Kl()Qr0h^4Ax7V-^HQp+0{&Gva{X*hhG{eQ2?Y?FIro_|8yM)ZsRwKz(970+B z8Xl=G^G11jfr8AN0D0zkGgHXC;RyE!7y%Cg?giWiXa$%KCQ1d21|$Ib10DtNQ0nS3 zPhK(r&#eCP%whb6183o*#TpYRi_LM?m|%G(y#ZNcwDL@DM6kw$DDBZ2(^8%}RXk~h zrfQ7|l?_?em@wIpZH;Ls8(y@=w1=p(#ze@5*Q_xeu!+?g(@8eGYmMmwnP!cN!fEK% z7&uj$Z;e4?|JoV@(YU}G69>Nq)|kH7*J_O!fGw@om_cywX^lz5rdw;wFq}YdjTwbq zLDrZtkjvJXWZAGa+Bz;J+B$J^v~~Ja?A+HczMiaQ^ShxF9PC%Z<&;AUU3*#EEp5TX zg>WOK)m@5wk7bruV%k~{_c-Oc(nwKwI3Ba-VOCn%YM^W$h{g0MJloh$HpSHQ4cu?w znn>2mxr~WhF@r0^GwXqeF<^`3d$5|kj8pYT9_DPl0~-%8os0%6qKm;9Vu{TKm~Q6g z0@2Gx>wx4kJ&}c$5&0f>DMn+%KlfP38zP09NZm@{j0UcQH?&>EfG9I-vDcwnWEU5@ zVrIPf27TmWG1Kfq7q>2S#rBB<4QWT@fAVid4h`g2e(|7hT=R${;CO z1h~o-#5VG0iZiYP5EL#YjtaIOR6Ue+p<08ojOn4SG8C>xT#yyS{hO2pUEAhGzDM@; zP!<%8OidT)>b!6jYYjl6gCNmgkQKOABdv#~D4c7}h68Ih{svh=)PyWBf>Qr-MPzC= zxs@~(bziSoHQ_}MH6v5!)Kex+c+JD1sdMWudnUZ=p{C%?dG(MtKdHu>^XoBhe(j-V zWa@(Y%9}rV@#dm>%$tin)D*m#QxAD_c{Se5tH->#&O^<})O-(b*4AVGWiNCMoqJtf z5IR%%iZn#N=2AyEhKbhYyL))JJdK>THCneX8V+s6md|3{GSRzV!WPgxjeN;o>_b(j zqyg6886tz{DoT^5YhT3Gck(K%(i0KfT2r0QaD8Q(wL%Q6^T@|5Iy{$z&*BJ zcL}Q&+vel0?b>MF8SF-_h}PkMFEQ2Y&QN{hDoR6S$O87BI~83Cg%zq16v30!)Nn6! zBdm_pfEaNhNZRAY1L$z#K?C;#pe7!0t)YlPH3_PsLEa>^6)1Ol`s;s&qb1nj z?Hgf$r!Bi&v1PAPW3PLjeBlaX_Jx0H%r;tudvsYR>xG>^!Q-0(!^X$kUZ+Z+U*#GO zj53bT$1^yqFk1bl6;#=BUuc}QdV&52eTok@;bvcFl$OH19k!7F)`16MwQBG}KXuk- zyv(;B^wDR>s1YFt{!QQsA`lJ>{B=1m1P5fTP6<)1&NlnyxZG5aKSl?Z*TK=IZEB+& z;aehnrLl6QBWog@GQlqqTyjJ}L&KpWj^VH47ei1n^gKdetQQ=*GaPvuRN01KvWG7c zD^as8zY5<(zu~!tK8}Ykc0FGro-bW#_ya!T^gpEQe+46Qh%gC7Sjs^m#t9eUg~T46 z)wj_v@XEeQw;F7oUo5?5NBk6DsIF0gJJflV8&bDNNeeeV@TXrzq^xI9D7aFDh zre7J;h_0^;J3XVg=5T}xzY`>?*I3T6Ikh(5MU#d72^L=ij8Ba!b}*SBqimtYCI~P^ zZ9f_q#B+E|!ejjfm@nK;ak=x|L>tExzp6;WVLc;FfsKQ1BQ{D41L0~)Ne1?HB^5jo z&WSeC4Z=br#@3USG;pINflc+|SdTmm#E^y9QeS0y@|g9NWayisb`Ka9c?I6Nton*Q zj7Q%j{3K=FOfv?oLYd3TrR=f79yS&xpq*YeF}I;xLz@^3WC`i;&j6d)eAA^3wwoYS>h$Y42(wB*!fCtL2alkxbThrsKYdZUZd zJB9oE`IrJgsdI6rPquRqDU^9JNP4lmn>@Bh$`twx07>2xPJ5N{JM3nHO87W_j#17h zmFP5k2?sp#7TJ;xPiy5QBMPettDRuro2g-Le`icQGX$srsTqll)gXwYjB07J_qFs&NXv=Y?5gnu`&QhdVVIVmymT-Hu z1H!W%?-Z{oFg9GH&COny%?&3CdE4BgU|=>%Vx-u03FHQA49vY&C8B=!C-vs{31TL~BcqUbyv zOI~Y`FT(*S!pDysPgPtzdH4QOmiDH+-EJVPhr=ugM{RGI93*b>BT1Vp?eX1$ex%I%X+I)oj zzz2Aza7{aSPfaK!P`s50J`%y~XJPJKll?g8hE}_%7&;42CpuXRzh(E+WKVPv4ctcW zyF7zv#Ac6pzaF#2lf48xDi3zLM__|jkTxiOT zbUm8642SO76q!&#?^Oo+OKfViDbBs28^O^3;~bask17vVgAj+&fdqJ6 z#s*&8pI5%`+}$?lo=Rz9Gx!UZ7ES;+!4YF%5Reh4gazSn4!gAQIr01`%0OE1=SbRFAR zHDb;MWN|%s&j-M>03^U&fSUn=AF&>yYUUsFS=pS=f{wzj22;+daD0hVc;ex?SscIA zS>!3!17H@qY7&~xZiOhpnHg@!h&*4(b$T9ND}n=uYbZxD{zubq%BfGgL(Hv_dYQZx1RG7CswtM7~#WC_S!L6xt$);O=q5Tw8N?5L=cPnV;pxzwE@2=-~ z=$aJAgwc5e7WRCIH}Wnkx_V0X)cMuKt|GBx>hg0%$HF-8ks4p7VL>@21ErU`f?b`* zJvF}Pslk#f1fjED}x4KForllY=?VxX-k^;Vm|KQ?DUg;HESv9r73TuKtcnm6vJJ39ae(bqeL{zqNwc23@MJxP|r|P z=gXziOW_oL8d16MoNv))tFxa_W7LkmA9@L8-!rurif6KT>qbiXfnGJG$VCCG-}7sf z{*4O{=ybN4_sr`@Vc^#4a%JT#zy!b)0R82^53m7dkRbs)cX1!!ARrL3lm0X*KNFmL zv)!So=)jd{FO<7OMY22e+Aeo!>nV3=;@j>}c~vSse{w(jaHTucey2OsslXj-yw4q4 zgl=ESclZ{4AuKPVyLcPzo#?@)lSFC;jh zf`2z9%h6y-B}6ajO6cP(_uGS2A^(}~XCKdUhh}}{4!!lYJEW;1;xnHq&s>=o98@yL z`aNh++CT^f41`XJ{;Bzgd9387=(HS0+ma$2dSJBuTvUd|cH9=KmvbDB*hZMWn^_1R zP$E#^`2zvh?NUZ`T#(=f6z}n+^1#6dRzJN+UuAp{2LLz5Fg9a35l~J6-ZtFhHkzmf z616;|Sj{BXo;3HZ!mg+e?7F+LgGMLN$Er#C=gz2!;DDM4#wrNTTjl2RqExLwkZ8CT zK05Aop$Lz^x5FK};u0>wIk1_##+tz0KkF{@f;!bd!Fd|aqZ6D{n<@`^FmtpOD`;$f z1$beUqr(ED<&ZE(MS&V)Se)c6j&Syh_CvL3qj%R4%~~y*c3;hC$Z(X1q6u@vUGWy< zOrjLyPQ*-p( zY^1h?MxcU!af}mv@w2oaxZJVjz~xGLXJ(#SxH0dXm%>=P;7c8`&f{lkf5!R-vGnJc zOXBTf<*gsn7{IqL;jPJjTm!#=(#&mmV(DBWWi5c{H`)4Wv5bbMCY&DvM{yj{?#HSuaLkL%Qn_I~-^- z8Mzp(fktaoph=DaG&WlOjqs;ul)D3boLLxGi$c963N=wF)M+E6f7a($6bea;64?@w zE=mO5WPwpua$yl&4H~!7p}y+a1}KQCr-aITa}F5 z<%>s&8yKy^4zD=WHGt^fEyq~Fg|x3(=9=W5paFQ$Fb}u$O|k{I29?q3 zmyzohkBSoDJ;-;2Bzgq6dn_~=1cO0xtC>f+^SEJa0#^`rcBP|83v@Tx9*L0-iGfjE zYAeWs4RDtYS+EH|OZS3sjt}=~M`jVkgIMeXiy@j1n=6`?ZuJWxf%VR2(zCG znWvr>>u)&%O?M;!v#L10UU8&$h8!sz2ft@72UeFQtSdIl7a_bR&2{#xB99rNUbd85 zRTlM8BT&KmM34$jT{HJfM%hN0>6WYt*-X}0;Mc1PKleSP1}N)pyDtR$0$Ep^C8cbG zOF7x0$f0z{{gARQto1LLH9$MqUz7}3F96oyRHc$Kb5LjHB`8o<5{SGkW(OQ(`!M>9GF?~!8%Y9O*tM?g{RixoNUkiBHS+!^&Zi;5inIM9U`?1 zhB86gR~oo0-A#E>?I){n%v=WKE`hQR7%#wH7bd-k)^O(^S7}vC2Pv(}AOpol^PpWN zIGtD+N;N}y)(W{MIQ`1iIQQXN{`8Rn`p6*~ePpjd7(s&#*6&I|4t?ecb+JZj6NQ;8 z971_XTIe)bL(Utlttt%Gu#?h47-#;J79KN1_C4=wh#XYmYp`nY_&hzGEIe+A9CqFp zTVM>4(ItX( zKUi7_JJJcgH2^V{$7(JN*F)B0(iKy}uz+%HIS^J(`t~4<0XuS$7BU-Yp~wezF(!xG z=<`UvONHLr{$$2c>@`tk9OhN8yQtR{i&79LltFLpaGo(Uj)+(yu9!+atH(ALuR^&a ziX@My5E}{edYD(e?lfj!^}6HI!ZXrB*tw1?@uyY*k1;2Gki6>)RVBYrRqC;JNnoQ; z8^ma(x26zn@lC9jpCB?aVPv8M%7lP2ExjpoX4we*-7U4rLOcjF+w#d{a z8LV+R2J3(#y|oi=Lvb60+r;8Pcl;Xs!J3Sg7UlyA0s8^D3VwoSCu8B7|2kY+wZS27&nLc+OA_X3xfM>z2#cL$j zQm=Dxz7IQ{VCm6a;(=!}R`6#4cOxMH2-nn2`a88^xnLQ)-a0)Bj|^79A!t{K8K^sEUyqiy z-(a1c1HRE6a~^|L-osBd_(S0~FMjKTeFNzK`|10ea7clzJLKe{9Ao%?V_AVQV}B0K zg5faU91k_hDPa(TeZyc$-{BHNaI8HUhs%W2uHBAmwdF?7OF6c^%j#M9nmyfb;Tv@Zk(L0h$q}>Ix5YNZ3z?R zXp%1Rh|P_n2S8~M1MQe?3{8}gxXMI`Mz8XCA|Zsdj%d-6(Gsf*MIq>`lJmrD$qfn~ zVMx*nVd#l!jn$$>i{|Vt23gc{8W%nN#1-}XUy+Bdu0vW_0vT18JUj;qx9=*7Dd+8}&m=H}A|)b(owN|A_pQa2Q-kif z$PbrR%s!a1I0SC<^GU;lEg=c9wD$lcLUmdA5w$++Laxm=+7E^r?FT|l)}?{G4cci8 z+GMhRt7R0LkItIf+D&b-O=>O99x>US0cHqF49xM{D##qZ)*ODo)VAEz_L8w}v9awj zlWwO;x5Xr%#<0NBHrLX2k6Ff1YR60vvAt};`0@mP!)`Q(Z!w1-Gqt^7YJ1uJWr0bD zeU-|WYb zb;m3a_7LnAoQ`2%)>3&*Z1B234{>Xe^Yr!=_&I38@v8X7gnaOw$%;+Q?& z`>p7$?KxVD^$iMOE_}BygXrFGv3|?Cz>xyjdg8=UJC)SeYRIcA`2D{rk0aXDC6A5v z6TT+(NylthfB%_ScIzV^{LyIyI&K0?TpqzVHgQ5@1&HtO5eemx|nRkv_KgQ zzaUW-M|8%rRm#m^-q`NCA4;>)_DwqEB9>QRZUIMoVMkXH7EW0cLU9vijZe(Dz^X_I z%eat(U*%L!oI8mskg|9r3I-&wUspPtFije5`eEFFbNc!Rl6f#C<%jN!3M~Zep!?FP zEFWyC+bM3iU3}qb*Nu3CBOsJF*oLt)GRu~Zo=uL`MqEf9QDAq1zi#Y$qLc2|vI@gqK(>EN zZ<@9Gk8lKDz%fkV2z)@Z_Shem@;GpmbJ25nCGMvAF)gOcYg7oT!BrusG&wdxl&nK! zY)d(|Q)Fx_IkpQ*8R|5H1y;pIz#_wf7US4qEP<-5JhMz{la6O95C8UdBnl-(6P8)7 zl4io5t1?&@aP(!=Rd%-p|6-O`nrvONN6e|Blw`Dmo5)nG%Em@m&y2Q-FxX=7+_@|j z>u&tU!2E2qCZjz}jxbtBb+X7fulb}J#(^|Q6JaC!pM?HTBs9e{MKi=Zq_A5UD^eKy zob}jIr-#`Po1KG6cxfhQyTA%&>r^PM&_L9=af*aDzp$~>B5kxyG}@2g<`#O8TZ#(_$FVahnD{2bzsrStCbftK*ymhhv+ zA(rs1rVR1el(9Ste2S;0Sx3z>#z;n7&~{T$80hZpU~3J76(~Ba)2gg6M&+MbUI9%& zuw6OM9M@ZCk;^SGCxxG`%KakI86RxQxEP51$KMEAV7>;+Uc=(dy!_f4-<&aiI!6xR z7~ogTqo@$aV!h5{9UN-0j)<~Y$0b7LOUH{$r#kg8)j!NR!N#IWnJh%P#%c+)#s}*o z(M=A3&BF+rM;wL&UBZZROGn8`c25YIttd;4QG>-61w)2OYsx&PHI?Pktj6I=J8Zy5 zg<{v9N>0$gIx5EpJMTrwM@Vg=Nl3etMGF%LEm0%p=&cxgBX2A6wtDCNDpu+;p(qam zkp@*{f+o@u7#SZ78Zu*%qe!X_>{8z+XLZ6njtZw;2U;+HW041i1v)=a=;eOFgrdxN zW4sDZm8ZSw5g8p86*(v@I?^0wjO-g`wpd$Qtcig{E2SNiLVCl(jCCL;FfV@1h-QGZ z%-fjdk!T~;hGlay7b`3yDqYHY6kIE69j)h#@vAw`D6+S0Oc>TS9ESbtWv&S`K_4vJ z1uo)H(j30cIO{OU144lZYcL*;taI@mIS4*UOg0TQUHoK5V+a-HcFgo}7N1=kd!>Gc9NCytufLMTBEe$F+axc8 zq0%gGLT_P~H=g+f-Nh=q79W|zH<55(j=-6vd8Spl;+eb?vtG^~Ae^f|GTI%`%vOR| zz%RoCJ=Mr^)xoP?%#Md1)XEs0UwnC35!y@K`tNZ>jR0PkI)F^lg#3Dme7)cr40%CZ@xKB_;Ksjk%S>1ee@^6@ZERE2)DfZ?jM9cpL|kAI5d9z8-#aq zat0DofB7Ysu>a3LTM-_5_0?|)=G$(2iZG^Q$HxiNAAVR*I9FEYL&#jWt`}ichYo`X zkAC{;S;D5nhdU51oH`XqIPlCfuM)o6xpM;HNu90_;g06bA0`B9G{J<|SFP$zh`HsK z;e_{=EgMXTXxXwI;r=(?_>j=R&rc%U^Y+_66B-8u1QEiTHtk5bF+Keq!oC9s9wMwS zF20S>^Y+_E6ViV8VLjnkYU&4sra?hB5^l=Oe4j9&eftzbhZ}CVo6zyb8}B0Q9yjg> z!cUJsev&Y7-n>hMPkQ%0Pnh`NgBHRs+qXYKnD*n38wkC_!=EGUIe4%uVemcoJVR)f zmGvg!vp#*!5q{mYX%qnsU;NomoM=yo3Jpyp9K3wF4Pnan-{%n)4jg!bu=S~@mJ)1h z*TxV=E?rtc7~i>b55jBRyYD5;HJi5*77Q5RAk5sju{+`S{QRd0D@sc4AoTk3%fo~d zmo8mLc)nY=6@<4fmK}r7^G455MxtH-xtDy|iy zgqFdyNH|Kk_xkJaBpjJA;dMezV&Xi)^%)s+3GesnwTbZY?%ipG z=$mgILFjwO9n%R9&YANSp<#A*CgH`Hm^Fk|Cr^eGo?f(Q3!z;|NEgEAd-qNuEFL`g z0O7iZ4R0cRQ&>2WP*_y-AYs_O_x2;CJn%qILP&!KtqHG~OofDCfByyqV_4W2!lFTg z4iP@c%}pRI*|KFEq1)GAmk^de`Q&GW&M&__pP+mF^-l;}4jsCmaC*uVD`DHwqxTZ5 zd3oIk>M-ZC&JhL`duWPIeRvM zu<_WjTM2815C4vE_St7=6Jo#p)=AI?2DT(5{r1~7Lh0nm*@W)5-kL-hbobrk37uNC z3M2IY?6XsZ2|xX`ity&jm5&nEIvlqUKHRfsD#4MG@-Crkn>K9;Z}jM~hw#LbCA$fY ztk&lV(hD!lBorkl&mm0h+Vv5_Ge7^loUm@hh%X6qjK-Y=e_vleLfQHAYC@~Vjhhm3 zpLpV9!c+I%H-zwQ|Na*UqksK1pU~p@=U*ngWw#F?JaE%Zw-auE|NUPH1^f4RA{3XG zHzV9RckYjbo0~L=By1i%`gg(?1qI23fZ4NULgZ_&eNMRRop%-zy0mV6GokscS+5XQ zJDs6~SsON(2w%p>R}$jdwVO=%bl<*b3BE7B_!8l<4?ip?1j%wb;f6+yS`dc+@y9O0 zjw45Ogsev%SxLwrHEI!IhF-sn5dPL%3kZ+jb=M?9Ye{NCcy7UhwS@V7`(7rD{r> zg!b26_W)t&)Je~semZGIgnHzi6+6C~xMs%cX%`=hE&XQeN8i2s$@rXK{(SYejt`fu z>+tE}Q_t+wHP@`VWm(HN{N4^|ntq`8_8(G%GTYy9skKqUJ$?CI7bt3fg z_XD3=yR>t6^MH-{C0}0ZW{I3>xZsl(*X4uxkA58W(kt(EI=6V?uD06BGn>~3H#U0OhYiZz^7WH1zkX=S(Y*V| z+P3xlVoblY$A&-qZQyT{Z@s(KXFsiU>`7_UV~O>JV)|qy>F{zwUqK|6l$8|C#@3;=qWJ3tc&_ zrs60o6c7bS2iyqg$gt~=v%>u2j4=NmJ^OhaVY+^JAHoeSK3PV1;P%095FY&M>9vG5 z?-@=JzP>o%D?*QhzONEOBQC}hzL_}oJRy7C#Fq)@e9X5JdL7 zQ9|=q-hG|$$Jl3!39t8lY!_kc(#*RE15(;eGs*V*+1f4`;M2%9=Q*@m$Evx*l89q#V) z9^s=i@$(3NFYLdU@X7h&R6@hd+MLxeqD z{k|nwjx32GyxiCJGvS%#34R2P|JEczVqEh|!u4}6g%P$dalT2Aqq?mlj4XJ65@CVk zktKux*_ur_di}sogeiF^3ke@iZ4gVC`iSHtlxMYGO+b?oe?jTbXAKnQLy z@_WLo{f|n7pH9B9nQ-GfFTYPn&soun@Wk%Wj|h)X>M@$os_6~a5e~fiTLVJQygLpP zy4+mUjnMSQ7B>+Z2Q_L)IBi|^4dJeZ^M56TwEiNG(Err+GYQ|ps7pBc)}G%9AEzb$ zNhnj__5oqg_;ZU1(IXyQK^S;xdIy5FTlhr6+FMrcCM-O0c@$yMp;JQ%J9N9(5FQyi zQ%h*}=FL%rtd&hd2{XHgO(Sgn{h@Ngw-@ehLRc04;aI{=@88pdu=|IIGlWLZ_dZUT zWIvcsxbw&B#t^iGYttVI zd0)TvAVJ%5+UEqvyFpgfA

%O$~B^-J~vybrprk@WI%ui+CNU*nWvxpEg{LwVRdxMW@2Q(!jM0|97x#r zP*MnCa&+PIgf-ut$sqhXYI#>er?3v~3ArCf4Ix~2)3Wh|#RqN;Cba8fvJxsAy{;#8 zp09p}5E%U9Uc%0w4!uhl*3UkN@Z8$0CkWf_U6@QTjv16f$Y0d|5kl{vr?y3O{It^_ zQ6Imbac0M*sRujHc;}wVSsi9~i(bChxwh|fuig7u?kx|UG{4^Pk&DZE2HySQh;{{G zKTI6>k!h@T)2-vn&kuWk)ZFW~elloX!tjN!j7c`e{dwZoU4xs)^#9!UUe=tQU#VVP zyrn_ep#gr2el+;!w{QK@nujGH`*%xx)y-ab`hl05=zERaeeBKC8#k2xbY#LCU#HxB z^qc!;9=LG7qgCp@aj~avc;=??6>`!qPd5It<o1&Zx`lNOkV%^**1IT zM`j1C(tY1l``GR2$A=_7n)b!@KX-3**WqVBcy;x=CG(0Nw0wKVxdnN}zjw*(^VSnB z?$k{GZPNDJ_Kyx38s9c}T3vdPTmJu#J_>~ttj=G+w0eY;)Vvu+LnEYpdGN%X6h1;4ze$5vh4v9rCsjV)`}vCZom6;I zvdxrf*Wx$VY-|1wo)=HS0Ho^A;-r%ixa}Z019BMpR#*bI?QcUElPUp_gH*GCrcJrfb1EmH~;g?mw4`x#8` zZK^@oT`t06=1-s}5;xfo)}Ze)L^EZci2z9*Zc>{v4@Mwu&?D)tTLM@=CAlPvMZLwz ztw@+#6S#@ObT4(`)=9NiAOw7GM!?P}-L+LOS1?o+P0%d`c>DwM0?s z=>h3PFr$fjL5AQdR0jg6)aty1XIItR{5?lpB|F6_=weYzxN94a#OkhcA*U zE}nxNVgns3@e1jd0;NMz)3ZxyeQ=z@WrXyAv@+1a9YPK}AFg9)2SP|GrMF`VZ|CE- zIA2+x!1T0^iFhoWi#gs!h$%Zhc74;@A&W=JIiNxknp{$aNC1I9i}UB8q+g(lr*?Ok|jZ+(n?o6L7LV(Y{eJ z*L#(DT~%w^PfSF%TNxTCvQ-L<#P;wRdI|)$A~zx521f9Ey&N7ec{o-5;*nd2vm-sV>nN~K>EfvaOY)|O(ugV^rkX`j{OW6g)r z*4IZXwixT>QvD`}KC>uPpII8}xVP5t*`gi4F#V<%u#8Vi^A|Z(wSV!RveVJ~Vr}n@ zv(^|ho!arq6w?vL@CwIML>a5NQaTj-j9`0)#3)(m_z^4BQFW!rLerHiI{DdzqT+k2 z_qR&?q;khWpu-RGOYzYBpWw!ge5D$Hs^mK! zpX>M`H*oUJz2_ADwnk-{s+$&}HfOB+bHU~B)7PuI#;tv6|2yADpSvSu+_U>WRo!yn zV)LynJC+pO-N?SK>_Ju7GYwb1`s{)A_sm@!@BC%3Dtv!~sO;j=-EW!kRo>7Kb5*OB zB()g3Ie+qepB2yk@nv(>Q@;=SH0997i}&5B-!!N7Y_*TC%FjPQ6V#w#V57!Tuy>g6 z+|S+d7{?vvJ71OBCqU!p-!L$!ffUTQjT(DDb3b=K^N!1B`1i%<0r)hQ8fqH(OM&VJzQKNt15}L~1ZdQa8-kotaFD<6!jtcP_v_10GW|`{v;Gk$o=GCp9@3Y-k)&26q&rb|&k~gEn^rTx~El_P=-DXWI z-)+yw^?J+v_RKzx=XUq3K;_7G55B>x>Ssp6ITM47vTu zM<*IK{JG2d^#_Zrsv&(FY6iwhHyC<0X|30-^`F)``i|^o?~FUATDvl= z?BangTT1peZ`4v3u6pFBH(nWbbG~Nl=>_LwZc9{+d~E$^b6>MR{bl^UU4tvnsPebo z_QorxV-}qMX_zMQk(*WaFDuu779V_X*T?2QeP-lqs;CRo`y89q?5?h_ZT)rZm#b7a zMZYTb+tKvh*(-KFmeFHPzu`kupiajPA3ruV<%yKhN#jDRtJwGS>C?v$**?@V`sv}J z#wW%;nL2)CXuCcsPmF^aJ}fkT+~|qJ$4?lYG9_HmwCiq(uJ(P?=sVHAp@Cp+T$Gk_ z`Z>1cl5zym$>Ku234K#Eq%}lFC)Fz6@8qS3x9A=_sdn&|3NAa>PO5#p9OVT)ekWBK zUL-w834!hiS*=Hpx=qaxddUe}s7IXypt~tV{6c(Pat<%f@x?&|&ZwEPlb2om3f=95 zO=_mcd?)N+yft_Mq@}`*2ozGbZ9=S5;!9#Yp-coXyMhgJUxU}1HN=BxW3(fcU=UIQN)_%9g_256LIf2g^p$IhADhE3I^k1rf>dG*#U(BR&#G!( zDj5)khlz2lR#(kSC8HAYEIFCaYSz5bmY&WIL<~_BRzi7{x&(ui90RbRATiVe!2={! z$p!%N$52d^4i|B|pSOE(L2O)B^ODPAA7khsN|khhMBT?{r*SFH<3&U+L#VJA7s0)# z72KY|XVAG^Ulbl>Xe%%4_~HmJyP0wkFMIF;Xy7x(E9Pjg$IrI#vW}M({I&uifmLBXpA|5H51Czod zyil*^9k?D5*gP*XaF!PbE~q42L{8iIj3h5)kwjy}2SAW*uCRg^lDCkgL=7O#OUhe( zM%`FpX;DewTog+x*+Crl0>^U3EW{Jma2yZ{OYg;?ncZ^UZsz4YFJPG@${4gzG)YR*q~{`}neW04ln6&TUq(=jU%Wa7 zmtaSIV^}v~Gvzu2G@2JVNk~ExlTzI!4qY-`WR0(2M__jX?(lRBLRg?G(5;|O*)a$y zUbABm{NU9wKmbkHE;4^@Ca{V{}it#rIgBTrH`mlZgv|S& z{_#Kk<6qT3s9m5J5t;=g05wd}TMIG0j;)rgFM1rRZ;(K^Y~Y2W7(F>IyD90|AEBw? zvVxL^y)nKLiU*!ij$E_iA!HN3sHu2RJj3{m^r(VBGe)AagBw zsya+XQ9MMKQ=8&Jo91@n&91Z%_I7cH0RYew6-L~tZ?J$c;fNk#Cw{3lbNC_@P(}cS zX|IQt#xLO^Wy+AuczSIjj76PyUsjg5K| zTO#$QYWkAf{&L|4G4a#ch|QruCCQhU9wG>fIl?fM<2p2Igf#I4?6hV$dd(SutE>CxroJw3Md8B?ZhpA)k@cjI{Tp&|t9%rgIb!@z?|)k?}Sz zly6VttuTG04WO+d1;PzAC`yXTKY>T+s}Vafiq}zbye22|Iyu>8UZ6mmsdCN3Jr_sg zbr!4+iltndc_bH`V>2$M^-GA){?r82qsvwq|e!+Jr65^e%`qiZ`0E zJJNnqBj+0JMeyA0NHm5o$EWbMrk6K6qQuNzNtZBGNCcou*cnhJ(v*2J@C-T%+@ji| z!?gUt?neIf4U6Cp_PX+CSXdlVV`xlRB2r{1B`ldGOAU4GKZ{0>vQHCVA~mFm)WAlo z7(|L-ixLOJNS5IOhLJYIYZyib44+{bSunhnVP=BxVT9AB!Q;^wk=NnL7C5`W2P~a{=ARd=`k=ZK|v>h3R*adHAy=^qrre2RUw|9~*q`0D1JtK{jV z(;nCUUsrkWyY~E2JiJuOt7X%x4G2aPbJEj83+YvEA+svwaX%6w8))CSAYcjx%F}{s3;UPo%$@QAYR*fCL*BHrXhzpv;QGHvd`# z6PtwUO6i204458=!-E;GqZPsB(3MhZm*Z_^q7U=mX`N8|BuyB`+~?rtgE!Mix1{Ha z5T;#UG4!HDny_NODt=NTvFpd|w_d6c9Tdk(6-qBfO{PNWsyGa)Q2Hx&&K2mi@KqUu zPg4|COrYEb4sc-)ax?Ez>PP?TU?1gs9qt`)n3yB$C}k6*)Qn{=;ZY?=DX1uw@k6PM zA4+BXK-TaF@{&Igm2UY6bcIr=P^~0~0%DqqPYV=T!Qe3l69hYMVQ_2&pPpqfp2R3w z&tNKvQF4SqOCsiEXRew(X*b5eYhSjRUm)-3d5$wLf#H)Q6S%ocdU z2$vnK5Z;`pQdfLH5%SdPO3;+>DI2*|GDv7}&pz1Zqhg(qe^JUBESxI_52THfbghO>}?e`nODVY%IZlOJ+2by4UkY{}3 zB~t%Ak^MIX^*<5Mg8i!J^Z$wd|LKEuNP#h4{r@1P|7V**KQH?K1hm-_SO0H;On_c+ zMgL#Jd?FfCGHB>h5{t0JTQEyCvR=`@Oe{XfWj1$C%Ck9{A!Ul?J;gj7RHZ^b60;^RO)#A_Us>MJhDaC?47P0;f)k5fC zUP_ZE=qoi0@b_ulAjnVM2#(}b5*AuFZm3aX*|m!6t+{3!%f2CX5+9boj73)=?YAjvh1miO?R)KADg_e0+PX zyiOTDKD5u!QIno{a(Met{kUOMLgSLgOnKtzq=_|GRAWDkq-~+>uamSsl2$NjsMJ3n z({Q^tRpv=rD#SQ}2={w1QH0ZP8>k56^QUsAZdfucoNDRfgj>Vt4mWcxeHuH6kPW3)t;TiEuB>*Y5y|) zz5IBuclvvo$X>7XT~Y9KA7AaeO8Wha>MjC4-M#l?zGj^~%pXGG4h#$WR^m^>=s|5lm3MqVT0ae7CcXqA~)KV0kfn zTeG~oG1*$J(7bhEeV!Qq)>i(y@TpO-z25kElL8s+^}^?h&+y)xD7>v5AG8WCVktt5 z-J9H8%o}bJ;|i8i-k?%T$|bFa+^j9WsmA!Yc6#hS#V;>hji8Jm(ns1P?azEr)h=8$ z!e>fS2)Wt{LqvHGFzmF4N$kPayxQ6i5OX?b{5lQdKtG&MKrUwb{p$F>!D)hKo zB>{!Kf*yOl>2a01C(?Tb(tEw=agAAk9#`QBCcRH2ja~b0{x@bGD1{9es)90q3Hf7^ z*WxTI!^|8ht0z>Bs&yF-bT?S^(E>0;i_6GRT#~STGig#3E@^RGT@jneYcI^2{=xpq zm~o6hSWo3z?}5J6EMrS_Qj2IgUurU#2@TOoO-3-Wk)cwPaZE5NLTWORiB5`=noN&F zAT2IhY7!$7k4;3dCvp(3;HzclXatkHE6)k9DS0syk=F>3IumA^B02Abj2XE^Rmyq@ zdKA~G`>Q1_aLigNLX)EKJW-mFFYeM{nLdJ$LJfn| zf3;&0ww?kRV#1QLkk!y|uAvRyE&r)3U@1;DH6@5^b6jc)QgXh94@7*&J8*&TO52&q zWU9+s$Aj2+>Xo;1h=@~VUvylm{+_rw9~7ylqYx^of2E@wGt^#5xY2ipAey7F_Ln5F z^9%}7v<6e{iOT0VAHx6~h#eIbI@}k+znjk?vAhQZk6uT zd-$N2ww^LpVoj>M+vGmM`Qb_#)A1{{+m6lzU5Y3Yn6f(eD1$H$_w3oEw;#|fB2idm*d%~4 zkTi$q_pq6pg_`8t;$W~umHhI?o`@?Y$ULS_Nd;0Q9e#SSkf0gDF1i&5xcCq8UHVL& z1gt{D6Bi+u;z8t`JQv!Pp5B_tMT*S3Dr1XnU?_9u_XU-Cc-|0?w5eEu+G!6}%c~K( z2LGd{QKxoC5?V>y#`-ezs*R{?B&|15-FZm;x&FHl?M>>x*%^$<587YiU2`MG%tNI{ z+o*EZB>QEx!5S5e`1#S+$MBmL5~k;Z5V7VStCq2`LQ2Ezy0}8lA)JUKI7A@XWQ$Up zY;ivD+p#8Ew-ZO0!ClAAJALuo7cmBLE!P7#AMlm(%rfQ|<1~1PNi#&%OJL9kZg%(@ z_)Qw7@+~%_Uo;PY&`X#ajPqAC6$4IML)thPVh~~?P5|SKK^z>Lqg&Qo#RwS(;Hp)_ zNK?spKw2z-NWy_Lpd^+ZZHMM#%sl3=#~C}SC{;=uqfJf+QSr>j`2hr94f=~V8zE|V zt!S!jr42m%sL#yte*`VBNxtBgXgLQ(5*06XIu#ujtOs3qi*p-yiYKjj=fqW%cY2%R3#6;GBl*#ke;3LFe%DRkN z(c2!$?`|_USx~mq?$9{zf>u_eF2s3wnK^;TE-4xl^lr+E&xLBe z8(Opn7VrIUGTZ6|5B#NVOyu&p4^N6Dt9wJ_v4qf z=3e?&xevnU>?vGaRXun0Uu8Z9UkB8gxwcy7j8+8lfl-oL@J7&nYG!%Ey0X`YN;6iY zb@IJJeTEdmGgNDdBlt$CYKD|rW~f&3Mx{K>ch{VH+}}z)vA7YrysCd=(T9lUme1fw z(cX44C=`m4A_gak7Uy6vEe`boI}9%6*N!HHeXm5BPPgrEMXr&{WWVd*aFg<2vJy22S-!YdWb}Eu7z2aPxjMxg^piv9SwH7PvLF| zAE63x>yj9b>q-=1irT>Z$!0+^v2>*nPJ39ol0yh!q<|1MhooVkfY51#IM7X-$e|G4Iq__zlWT< zrvOQ{_FOFwi%d#J9PqBQM8JpRI4qT zh@qgB0z&Lu$5D1yt@~+rOLy(o?$6)9Y_~?Vtvi!U-gpTKU>NAi{e^eivKM!={?a$L#vOL8_p11t#PivN;+C@>2D#2{+;T;7p*LlbY$T>VyX^R zt)F;BOGqGq6=zSx3vze&kb-Tfl3b8`zlRj;9Ht<5h7T#oVkI*q4k0AKn?i8y4Dts(v@Vo{3r>vmc2jtS#kUMG(Tfsi5j8{lzE8lvL z9srMP^kL+etzsTvNG?;-P{H-Hg`kQ=zs<}S+DV51x4q000ps;c{s=(JQh3ps1CLs8 z3;vPgiF@%XbFW8nd^)*1pfli6Cc@lpU1pVn!igu8D98L4}V4#LO!biphRJdc);{9&& zEbcjAmIkfFVsmKe6pQhdhB6+sB3lt)VMeyNQ#3+C3BuvMMie%o>gmG}TU<9XkAnc5 zMzOtf3sQ)fAsomN6P@C{WE}`GCOaI(y+jRv#9X9!FZ^V-&`(cT8F$+{sNnU`f*}|| zgqD8X3472hglcsY0*OMX+=a~uLBTJ^rbMEJvi&NUxoYy`_6YX;}(LP7dZ=a**vCmj31wX{? zb2QODW9bZ!E%rH@Y@ef4_)+1mSnRXDv^o;|e1XL`t9`z}q8=l$!`f#wonW7_&`4KL zx6fQ@E{<~cA&FwxXRag1?X#dr+&+UI3HCWo4%0q^7NDW-MxyZq`z%1R*k=J!+?*OP z!NsxI=V*d`7Vw$&S&o?De4@KV`)t662NEpZK1UPnvjoeu&jwWD+yPY8DFs_+*k^sk zJ;6SA46)B0(mr=2+UE{wpF5;|?zkNGS+~kG(&M=*Myo81^hU!nD{Bf?H+H zGb6Rnu{>;Oq`o(d4J^noW|_P|1C6CCkMaP|nw16`cjeJf)4nKc1_&4}JT8(Kgw%C( z&Etb4`+Ht{K6I&w(6L?GbN+3I)pB%k=4-4k3}??X_axbKR^4kg>Q$tvzMd-lfnn|W zT1z{^p0k}OV8R^KT&xvF{h|2!we&A8XwQq=huU+rOrKXo14LLrI!8%H-L_WJ`#Hc5 zn{JqGPMo(7agT;2Cn>2^&BV@3cmQw(M)_yK&=2DZkQ0WwT*J1>(7<2Y5irJIt=y)p z`5G1~+;Z}bl_XDPqq61|PzbWkm3;_{WAOv-58Spg@_ShXQ6 zU0(tmCO;bflEa8sz;@_FnWH?t7jblSXS(;az}?5{4&>|!qjR|p2c5IYGBJe+@mXWnGjztR@q=+VoFD4T2#8>aE?#583M^oS z`q*#YvA6)kk`0v9Nru!1uo?gpE*NeGVMqkQNGvGZ1VO0462RJuAr>Jb_SE%xcEorEdf7dU0Zg>a9W8WDz;N5UjsRxs_@MrQSVl`6M1IXe z2N5EIPVtU1e8@i#SDe>^@<(I8wUie}%nip>N*PaPgY^D5uY0L!Us3;5><8Q8{mJ+Y z#>cw2GgJnYGMrt;;|mZHDzxwy0c1CPh@YSkIZ?8s2mS^Y3X~d{x~?3PV*8 zyuJpVz#~F`YJCX&I;d6-Dr*+nkw+iydq}w6!Z&o$JGL?%bbtQJXMYXvA~?;lY9NK| zv1UDFQGO&xS@QyNRt>B~i%MlKs=f^u5Do}7X`q2MPcwfUVEINzgDv(qcrKEuvCkSw zd+bw2GBcK8BptC2p>sspyx4IgSrR*JBv;1v7|Cm5%|`NXW3@;s<5INpInGem^Ssgb zKY`P4h@pAcTky)za@iNoh|bC=!l~WJDNezm)5Uuu2ra*F6WY4Cb_i3m6^e`M+@X~(0H(i@+R?&)CzYShbG$t|J{T1b z>jSaT7OP`%jLF8-*!xD(9{Zh<%#1~iq$Bo^MlvtfU?fXo%Z=p9*dLG-Brj3{36CM8 zJOi5>{9;_nzOWX5CEW$B?ecjm3CuliDUiV8y%1_iclzEi{g3sL?n4tbI4QCXN*19f z<*|O2K>|mK<5*5H8XSp#)ynfY{z93p0Sy3?1LPQk1V`57&wuBWajD98m;)VDl1EUwE46ZmGt_-$qCSMK z!LA`T8^UkMa#3L+%j(6+Dz!hih zNCS(;ThSHeG;Hw9c5^?yGOAkh5>LtjwAgHt}T|GNEvZ--L1 zAMoK%<9{ggS^!@n@)y39@ejUZctuub#;A0ATBKc6Ux(k=F@9{%`nv}A)}QgQ6z?My_b=ire>cqXUi4Q9MTabCnt=6L` zUp9}c@C6^|xj|(PpXM&O-5WkUsl{LsPcVjjIw_CyiojcclWg`zm+q<3|72`UZX z+~wjF9%DSf$;AK`G*=XGW6l{oKw#FvB>W3;{tuF;5EWRl7V(mq>yq{tg*T<**^~mf z;HTkqwW7@I^=KTcs@RwiIp*Z4qd2VEtqk;N^=Xs12XIlXb5l5!Zaalu9&5MfcR0mi z+YwuBxPkNWp2NzuXW>U0|y;mf-7dz>(+i??5EYYA^;weE_tZL%*fxb532OP4W6opjI)*|6ZCXbf zcas3cCTB~yCf(MH?8o-n^S3%hU}B4{Exaj%D0B)G*g=nTr&gD?s33<;ZxNIM;U^T> z&gDnh@;>J#Nf@NNoK0--LxEwV)&m;lB4hD8*9juoP7s4$1B0^m{CaF2B?YcEXw<#M z*`c+9GT1k|7+<okvKWlc4<`dp_>iLaQVZoa;7cj}`@8#P-kaf-We4-4G62Up@~8FFWFFF$go; zVM4zfyaQy<31qi{c@`B+Tw+25*##oq?K->N$ZjNy?}7XQtUDbPO38KNOE~36jv2g%VeE7^ zf#EQF05!U$OyY!D+X;w2jtrvwPglm}OiEM&`SrjZNRkT&_Sh&&J%=EzIunZBbVmhg z!SgtEh5RSP^ZiswS~0ZFI>B|BL?R@xLp$AvByDks_?~07ljJ+wCa_sH*^RQ-=WK+jLv$hC8fLD)&h~4fU4yOj{&$Qp-P;` zpnYs4e9s9$ohKCKqC;8-Ku71NZM{y;p3CmclbUAWJ&DQtzy$l~4KW9=*AWX)`LOLA z@Di-%03x4_;e~*s~#;viiKTpZskA#z;gnL8{sBJkLe@9Q4sV;(>;;2>;fn!Wl@K=6R=|p zd&0Kk9D+Q32;{J095Af!0vA-O0WNlZ9MDNwo9(Q?3>v9Oj0xZucB41d*{XHOp`|W& z?vz8(T_cbX=0X>BQ1IPj`dDxn1pV3B77T(zsFX#WS`Rr1FmB`+uBuBm?=I z!BaWS0V0mzW|}K8vT6QJ&YZ6M3+_%b_7=2#h9W2=mBCqunYPI z`R|CqEuaRMWGFkLVUz`@#1*xacVU4RpGc*qCiL%I3sOzYuM>K``yJq@?F74m1)vUg z9kU&GLPHC=n?!pL9LaIbLLX{PK$_Ov*-Di`%xJcY@^Q-nb}5T?YaK!!d)i3?t}B=Q zs7UCDf&J2w?-49OZLdo^O}ymVvOQWI%7XY<6(;WIF#dq~WGc0(U?(s|aeh>|J>7eN zyw(Gz7Q9iu|CrT^J7K_uklsjBPBdGgR%oZ4(34U&JJTi>vl7fWy<$#~$FmpDGwY@C-PBT3DA|jy5psJ_y7) z+Ehf~pKdBtjH(#lY<+w=wA4PrfzzcE!zWEb7e>>;(FBI*f6-BnCN(or6>i%BXc}dp z9kv0A=RGm9IhK(%#jxx>4zF;a^f3ko(9s-d$v5tTT#hv1evf>Pk*1Ha#$71-xdnL~ck;WkXfKDIx?X5yAy`GGV8O+*3Km)LsFT)o;1HM| zXTA%zDA3sg_9;r%kX$D{ISxLRKiP!l2|8e+w65JJC9mkllzakWp>FvhSW>59Nhi^! zCa8i|X@ky!4T|CdC9KY(!_u4zyFhy?)SI-Y$H4Z;{}60H#W1K)2k#md6>0?(5eO9n zRM-QWRKak90pe07Z7PQDL%{+!CY#eVdjWN}7|?+ZVMB#q0W8F@+6i^9Py@-@8o*`J zP>R72CQ<;DeO|j*I`xFIMg&-Z>P5`LIQPOBID`h~j7-R-RKU=RhlDuh&~So%;bfRD z3@CBtkN`h7E_*bYLa_>CDMW2TvWbLLLnDM8gKq$;|@ft5m=ja=GoB;z~87lBep)l25?j7egQ89;*3yNn$4B=sNI!@sdd`T*)9#Y4>?@gqjv42OY>%G zTV2}C+0LCV?IB10K$n73<&6O+iMe8@h|Xbm?|0yi;6@zMD>0}~&U_;6f~fw;6W z@Zo&?+pS|j`g0gKBpe3}3+PYkb0>uwtSETU7xZ^UVfmLUcZ~i>-UNx`yWrKqwq)eKbq1M+5b>VYh?euDN)oM*dGZ$I&dTserVuCZ9jw_ z7f2wk5R8ax8Gc(v>L# zEI?$lvqgDj4-sj%+j{f2*0%I?(R2fm8s)V;8F6Sk^$BlIBz$vEOvnH671<)d0z42q z0RaT^O~B(^c5TbRdor{l34nUtF&&Q+aZr0{dTkgxi4xitw9um~?5s5ckX_q2@PQ1YNGhO>?p_@+@B+zTV1vdj>@bPF9hcOwGD03* zHiHKu2kubLX3B^O5NVRg1Cgkm!(SWjIZGA*A|SRo_EX{nEsBI)J$*X<#7P89fYZ+F z;%op!2D59!1A{VFA}N51-F-SD;002^Km;w47{b1M#iaDol6bdsDz1v>FNo)tBe_>F zydi`-Bi%?i`y~k(E)jHF=u+x3Yx_A!kRll=!EIQVp~8W!wiA?7NVgPJ+p=*5laj?X zzaC1VCu9<}1K2lTDL`xp17CUTUFki;bu3;BpDr?ol7KYyD*^y5)}S zS&}?X=g7i4l$uN`XaJ5_h$J@dG1GN+0G!PR(V;^@bP)j|(W#turjl`xk1fFZ$kn!B zN(jVr=`0GK!+;rs1!WIxClEtUhjm%OOqY^!vl7XqN(R!f&lG3;q1}ZzfBy>*?L_m- z2{H!`RZeq)3}m;EA8n_k{x&Ab1=QR+gHjQbAlk9oMo!;AbFik>{5pl!1*H%G5jq@7 z1_R1DvlO$$;0F@ zl7;q`PC+LXwa(R4!9-iDs||BD2O7&T2vsGR0I?6DvUNl;3zp&+hq5;@@FCE{^j33sa6R@x+CZmoXYd24HtIt!gsI3P zOc1O@VS-ZbX*T(SB4g-udSa4AgicT76UaHj9zvtXiKaWUWDs5c4ZaXTk0jwo*dr2G z_K1DN`5|s3srRLkgx;4%l6qecc@RrLZ0dbeZA-oHD=7X5D@nb77xexRD~XT?$hax4 zou#{A=xDI7Jr1sE5##C^5Q?~m90$V!Lc55_hm<%rAjQfsej@mhjtw6XD2JO$cs=j@ zr~2`fa6I@CseUx2QL0_k8mOkRl)4vy+Y7+5VlJ)gUEN0k7P$n%aA=fE$09PeB^Kw>e=))k~~0s)f6CJxw$h=`;x zSsm;x?AM5bB2QR?B11a5+(S9kku(SJ6BxQ=xA1?{P+dao1e5l0c?f!pB!2Qwk3aQ2 z>+jdyyB@Lr+W&mb^VVN$_`Z$SUmErdaqkfK5b?Znab~$?KM{8D%<|qaecJTvZ&6*& zyvHgYs#y47-UHabvaI-T@A=y)Bi!3#zK<>9KinbDk03wdbs$jw&1Kl|baVXE5M62-zTT#a$>L|q4hW=J&1>Jl&;>9Pf-n~l=gv1H(^6D!`C zD9yHejnWpR;}o(qO`IJ@VH0Nn5~q;FLo|&6ic`o0d&Cs7z_EoC5{s*dQGZLUt)efJ zL{_BZB$AM&l0-z>B#{Ma3yEZJqBOBKNo2t~P9jUwMA{^giF5*qEKPH)iVT99V2_wY z7C3Ouq+@9jMUo^Et7PbFz0sEy={SibWN9Q3k#06hTadPpNcJX5?=TtDAXS_xMS(3S zaLSZB$f`JH#L_}s_=eOp*vq8Vi0H!uIkBi)Lvj>h$9;)XITMFjAC`X6;4)!yd%^#aE{Al@aXCA55vZ#T7^^4cubKR>=L>3i;=6VXLCH-5c)CbDgfn z_I&KO&*Z-9RR<=bj%(Ff{!!LUDc}wFN;;IvcRz)!(Kum&4W=rihXn598#Q14n`fr| zz5DBrZao`%{Wp7F?@GSEv--BF$HyJNmZ(-@p7H8Ev*ZSAXj5N@qdM z^6Xoa?y- z<|N-&Uh&44iu14e%7+h6D*g1B;#-pM=RS7D{eQaRhd=&GWA&=aNsIp>`Tp0j|NhsT z9{9|w<$;^3|Lx{Q^~v|+WB<@nFzTOLE5A1O{ql7`bR^$j6@F!W=Ay4(>szXR>GeOa zpOSq4U)d9;e&;{hX3gIC%R5h&edWRA`(sZ%Us1O3H_LLCHLS@@t$#N8{>*&9f%*6 zicib!9|aG@TX;sbol&)l0#(Hkq;t3wwZMl{A|LeOw%n)PRj^F1S*gJ{R{}_1@CG}O zatD@{m+~X_tqeusD3@bdu0Vz>a1Zth&&FQidD))8Oot~hJI524m+J}KGa+JoysY9> z3jZuR<=~(1pUSI!qHNwu<2;z!{<3fSu_He6>nFi{~ zZ@3pP1ae7hE0?r(*7gtFpTc#mj@sh`59if(4J;|C-8Zm&fmqjaArvH*wzQ~R+(Im@ zf5nppMINm-;r#%0^?NIcO?H7#!vd{Xy|TN)TgJMzUM`xPv3s=59%t?Iv1Qdq$GXBz zSsv#OgeZ5Up-{RD(UbmxdQW~N;&S$EBxY+-*o_F0ORHy{Q=?I5w5Zc_$mQ%ntx+D^ z0eAiYpPn6q7Cg3YgiQ}Sqi)-7gy6Pcff}hU+ex$>acS>(Y*7~NNhMSs?PP5jXF_S{ z?;Q!vW@MZrFdk>rmA`|4G~i)v__2;mH>QL*O*SfF*i2ZRbrOXAuKd$%w{HyUc@RBs zT-h(z7TJFUJq>0`09sx7n)fC>hTQFJa@n>^$^$Oj3ADV~qwRIsT8%LvBa-A8gNVlO-w zh-Q=!;|_}FXrKUT(N1vPa@gIrefqHXgY#P5wk~wua)rlP@3L()x@<~y+xpq1M|;O5 z2f?i!XO|wW-6Pq~<%|!z3*-gg8Pvc5sPC{#%#U+j*w7$=h#+T4o(nr01To0}sOGkH zW1MWeI4HK09&L-u2394?xY^+`IIJCc5Vfes!d$(0iXoq1@OC>$DVpYhqpaH&bAj}7 zz}>b!$h}JpcmqlM2n-@Dr&{=6bx+$W7d z+_}vGB7Pt)?++>cA1Uwq20AG3uKYbF3(PB#LJxyt(evjMdXj#K&|?s!(C-^)ACb^o zXfnql`BUPO55R{=K5dRJ`P(m#)!yC0 ziI6(r#u4a%B42>k9*{?UfhP;ph-ldM#0vYDxKYco@-M6Dxha+H_?&{pKakp~SNa4P zK6(REJJp@X384OCA;aKF)kl3G3_e)^wqB|LwhjxQVBOhzqGeAq>Q*tArd(Qawha57 zV7pybyDeKDVzQIW^<|P@=@N|CQcKG8O2bULL((Mtb?33fq&o^F*k37x(&~~tc$q{P zTec1}n_yzu`Y`4-!LlaEmXs=KO4&G!Xo3MvFrKpYA$Bv-W?lw)G3><1%%!BudAWTU zYe=eJCT=%Cr->uWTddpVWO>@IB)fH)Sl*(ZM{Ke<0&q*u$M@&6NSBrQEqKt(Kmy_x z=CVk@5c`p6J1&D5Tn4it42CbTs6eH`cu);g6qF15!HJ@2J@BCfSPxfPhAR!T;xx>P z(=aPe!>l+Bv*I+&iqr0y;QPDp7tC>K87>WFG?dX$Mnf45Wi*u0?wO!GwZC_8kc%!0 z*wr%FpcN^YlwWW=>d^hCmv8=$bK^g;`TwztoBtpEYt8>XSfXVB0A^l~0XS=s_ko!E zH!j|h!2+E8!{&2_JKW?SJ5hF|v68M2u?Oh=v8;zlDSZIUrw+?`0k$Rdm!Ca@**}Ym znSbNr*3r@>V2!cdRb~1G+)Ol@B>~N5K2GOUGSNlAtZwHOhM&N)qeTbDoV3N3V zoX5r(04f572qFN|ZQ#}+*3f+imPE3Z)u4$^@UiqFSSSmSf3U{mjPNnsl-AnD$D*0Z zK>*=Vpp!aG4Oj~l0ols?piMeh5fs@cAvR(G0zMfKV1-oCs}U8DAW3)_8xRkjds&bH z0)iA{vw(+T0)RAt4K;dD!s>wtkO+?q7~mFx2?*3B`j3aaNHIOPp0?*nq5Jx-KN#8AJ^PM2HxWRiqaqK;bx>u1uU&5C-65 z!79UeHG=xmwPCx0TTlhsowX#p$k+iY1C7my97s>cWEbh~h_OM?K)}MN0l7&;4cM+^ z7sL+u81mC3*d;l5Kqm-&G-39@N*En-OaC0$0oEJkwjD6IMaB>Ww}?Oj%L`^Pq6u+c zkue1Uk8=ylL44ZdyduL3iM$ebnh1`71$6*5V;MRq$>9b8!LacLRxp){h&fz9sbDf~ zaEdk95a$%>WW_mUSf$c`d6bGFJM_dP<#l&VkmQ1z1<{R9O0$@b8zK*_iJIliUstnO z93-owC*YC{%y^`TPz$aZ8kH1WV^uF^oI-Go^Z*&CM6BWh`UTVO^9Cv6taEWn=FDYM zG8W>{do(l+Tu769&aY_@8M)k=W>{wv0gGs&x;gvTQ#a>vP6?ABk<>X1ppY4${w_l2 zTy%WnLwugn65kN)COsd-IN3dY9_H%q&Ty^{i|JktOX?1e;oMmK8jDL~x-)to(vwN_ zViFt}I6JyEGW`})v#^bLtb;JnRk64!77t}u=ft8uEIvun(uC;6T$|8)(HAH9jLrvh zb-%;V-}Ba6mM2(FcQ;rRq`I)D!9wu~AZs)7!CdrmzR(AY>9G%%1jp&oZXo(F zOugQPzH-1vwD8OY>z-%rfTh5>u<0!Kk)p*yx(PpzbPN*`(feQoP;??K^~aD7t2s6T zBYG#7UqnnR`w5AN#XMMTr@%+L=d zF~eH2Pe5$WW1j><7cV=1_4vuZB4Tlw;wL<4P+fH}1sf35Rgn-j7$xnbxX>nwbCHFs zJ~x1qH1(|%UwCuxkWfl#@W-dQJ7UWFVyndaa;wDqdEV9Ug|Nk9RQzFw> zeeN6%K1999fh9_(-JSN!f|Xd1;UdfQpY+DYM-JSNy%|jRjh+^?7tIV#_?boS@@IQ&a04lJv4IdJBZ3Kr*{mmvD9h7oX^zO zVrf1fn=j&9I zjSeQy4CZ_eJ)9aHnfBm`eJlr*=!vX?NPQ1%3g|W_Hvyp0!e$><2hG zU!57u&S$yEwDJ>Jr3YjFr1v;Tgb)rN0URj#+AWCSu;cvzC%X{t5IU-3#t8w>5x_HH zG%EGYA&m@Uv<^TaU?Y$bM9OwDG()i6X=@6e6=1cq$L{e0h66wlP-Q!32JLwg(EApg z*sl}m{yd*7mOG=@G!Q0VEonz&>{qlY_%NwKbYt)BFRFd6Kiv(>aBlS<%r6yhUNi6RZILe~cXk$oa`lVB=jK=yF$21H;gKxt*F zUI2u>CCEk;h*Yu{Lz{uAFlpCS*8SLDGK|Vvf}JLW^};Iay@8!0R$2N$B4#8tR{#IJ z#xi)zA;?w_BY~Yge+{+u-aspfouszTBrq2S@PC8a0;rP1EUse_K%?%WQ56KU>aOM3 z!ZK8MJ&gDe`S!xP>(D^Qh;>(@7cGcK1$O3tUV&LCH%Cye9-auctNj(U*r9uziQAX7CYlBoqq!d5brPj-<43o zE0?EXtBgwzB^mCU8-e_ixWks9_Y%FdxVj@9P3Md^R=;ehPX=&xcZ?HZx9Nr@x?qXk zSKRZWb}*bSrmYT_ppxlp3HcL#7T2;=#*hG8*LYszzEz@M6?duFw&_hJtE6F^D1nvm zpSY{l$E~jDryI@*T>!&piX^y8aaV~Qm|hZZtPYaZj;)spM&KrN3rM(tyJ^rFJRw}; zdL)wI{>0S>+c&))-dG(TD{3LBE6|zrb3n%LoBmCrZxcyyYfP7h0GZwlZ>*k-6|ZI~ z{^&|~V8DkDGQ+*?#j6vYVH2+5m|(mXahobS0e93` zosmd_A7c6-Y}{}^n6`QzR;+r_5xfq8m2fz?$^3FlSAzS1t}Mc3zs$mw&shwYZxdq?AsuNgQEv@Iq%PaCmKSKKH(g{Dd|-*#>r{ z6mNNlP2l8?ha8Db0Ma~Bg>CH?ZS56p?a@I`VH4GC0=sRCH{%GChl&!LV9hEtVQR8$MZ7g6L2~;(y9&aL% zmKM6RiIofjv6TeE>LX!t5eg&{)};N%qp*H{NrgDSB!R>$*XeM5JSwjY>CJpRLa*%9 zoB4RO=I6>j2Ca2DSed6cVo4xCd(Y00n|sOLg+nMH7Y12&!{W_jO781(I&@rRW-%OPnkGCU^tK zZS5sn;A>R5zTE409e*7&b}{)Gk?|Rkv5&c30CvOQfjGQr<^>o`n`+xZ&lR92 zGfc#D*+*t(RCu(1-Y(Ve-4fw-oSF;n~J&kO8Po*6!U+DeL%jzvSweP zyv-MQu+tY<5K{vW_Nsx~`_y3G(9?x1-*?pI+f^8s@2)E@t9&oLuzat$fP8~ZW?o3Z z@qBiIgzwNLoWc#c=D;|35reaXsn3zH;!wHknL5bJQHwk$@BbN2exu3q8@0&qHI&~d z**I#I-zeobO8Jdi{0>(`%I|PBD8Iwiu*h#> zwH^vtpXg9ZFg|}30t56kNU>CkJMdwa;tp}DVMT5)ndZsy6vE;TYX9PnF3Pj}Grj!d zyQWvlFpK5j^E8xVrYA_2lful50-+GvrARYl(lv1gq!j5+!T z_7&EsIGw2^F#Ba#Za)i`tu;#Cv(B*GzQQf4hBsA({htT>k7CmPqro3gKL``^c9|C`DJuF9!yV3sqKT`fs0T}5tpq8PQhyhtj?S9ynK$A z>v_oYHl}h4BH?>`_Aog=gFJ4sZU!H&XdB~ zRP8PFA#gO6a5L2FBKz-X-xt|`b9m{+5CKm0r*5VKgWRnI}&8mo z@SuT2sfol*5{d6%iyPWMnv6uZiNt)-{DUSEnWe!+pEbv!n9Y|P@Xs>A_Z67%UyJtN zPlo@b3I7A4{c;oh+|pphwI=vCvi)TS__Iy$OU*I34$Xg<4E|XY{4&w}G86oXrNJk! z!x)rd8yv=R79G>s3cO0?sVd4H$3>tMmj?m6kO2v_!S%(0Q3Px(EV)}i!oqzL1cQgw zitk-Y+h98|;YGHM;U(0NoIwlduB-=e3wf6CyKDmk0_`G!3h4>~ra&9`yo_e{Hsknh zYgeKitZHf~O@ zx3CST+Cwei?v7sH_1KnDyRQdwjQjg=k1gqVGZQk0`yb&R0*6mvKt6C^QGkr^gR`m9 zn6Vu9P|CVuTQ+V6?#1~ALdPu|Hyig)@(==N&lcLwt8n0_@Qh*6F3A&Kn`|E$&EVF0 z7&#nN7y_eQUQ1bfX2lByZ1y5eCd&V^pjnj1-1(zzC(6H4&?(AeGX2p;6y;wl;7QOI zXH8N3j|HUBMVeKV|1-Amv;0NbSE$T2*yWG%muP5F@mahPkdi`+n?EYa;?mfb;2}Rq z29A89Y&0@~wxq)KrrhqGs^y6V(QP+8dP?knQwyFwD9hJ6;(2w|V2 zw9iqieU2LTIjY;|DD3kSWpVo)O|;K16tFwCo?xSelP_#^lv*rmwb4<-Mn`oU9SyOI zxQ&h`+UQ>v(Bm->FzvL!LfGl(KEqB6R17B|;W^ zEip3fwHOoAUJFEoy%vZFdmW8g>~#VnwAT`mxV@H$nD$yQlxeR8{K8%f@TI*L@Ei6z z0e;$R34h#POYlv5Exn1izdky##>~*x?u-6y_1D}`COh=Nv?$FKc{yRE4rJ>cE?TAS`yWiWWxCYiso@1!lq=>LP_DKFrvN&2KJ=`OQy$YZK<52Wxi(ILO!okp z4@3Lfdba4=m##tpG4YFX6>e3vL$@HJovUgmm8uM-YNH0)GBITxk=VUxTqW9pcS`v zs=?)*s@7WBSdkGM%g}pztQg0Ps{v1^Kh3|;rfOj|+~x4!l&Xefx&G;CcoOqZxBC~S zn~z4xM;YqsNba5UYlvE1M#`#zRZw`Y4J&bVE55qQ#tkWUOlW5{tm?NhQQA=X!B4L$ zU5GclwoQA+{;6qx`_e8tjpX^;duwunD@50bCb2A2AgQ3!e&9j2;s|US<8=W8c zf@9nQL;Kg2s%^GvrK)<`GdYA%=>Dor9jsHo$zGpq54tkKeQCah4R7<_SJ>p! z8r0Kmr+2N~m+{shvbG;ls@7!iVSckOn11xs*c7yt;?Mbdu`sxcdRzm+Mp6bsTr4BZ@riPciyJ3aM&dvz$%T%fWebz>8?#uyo zb!g!6*nA!hPx83txo&ga>Y7Uqc+jggd9|J31Fv?@rBtQhr`l0HD~wc$4VO9T;r*Fe z)x1r`rCbg;Z_|8QCF3bbFUttOo0(N#8vH?@r?L@z6qbDS>icAt$VPED=0C(;H@8;RjUZr%04H%wnohS@UHCKuaqRD*o%??fA4#b#*5~z-p$dm2OZq z&pMDl9XFn}zTonZPrHA;s?C2Dpm~T>sl*8#H%d?xfWn8wurysDjE61a;gzWpPQ*g1 zJjA(lluOD8L`pD?O~ufvLKHkuL7hMgpPQ&!p5_g|o9oT0_i4*RER0W& zgNZDKp_GimOESFS!zf&b9vYzVLTX^ihS<$O(x)BwX=k9))~S;{%wDTbUecf|zIuZ* z!acbq{-1zAy}IHP9D@#yA^))ij!?93#Cc$)&I5iQ`cnh16WMN1^_bv?D?u5rw#BRM zP^v~LRkKX-(B-zbm->H(4UbIW(0Tt59)Y!?|7Sq|&oV_ruh}YVLjTV)1w$9BO|qt` z|JRZnkdCW4?BB+qVJ+ITmg0`w@{kbxus1kw@NGtJqPJoAVS#3(8EhwIa|XtN97*f*;GM3!T=QLbyY87^17>$Nc3q9IH_izhg+Hee z>5k#I3%@4({u{sl!Y_c1p2BYlehfw5i{I_|-Gra1tLNV03w%ip%*^yCZ$!M|qYmW_ zp*UQBLijbs^(J@;gL$I6cy@5^AF%Ook85>5)Yc0%uGKZ^T6p!oZ@bg%&$;zf0aE*r zmzMLK*22H`=Vk<_{4;V(zXmXDwPF*4Sh7Y z!Ur9$tj#{{OK1-gMin$OlXMqUHwi}L<_r9dsx8OD;XRo?t&46%sTTEyk0F#sIehy= zlI|@M@NLqs+p7kahrSbh^1plG5v(2{{iu3FAvDz+4O&}EZ1n+K z_<)jCCjF$C2OadcqFycbZDoWlC@K@tjR``wbKo< zrm3Amrm}tvvH?s(=k-Y&&f}AM7uG$Ko#y(g;vKAa`Abv0gSCF#57xO>AI|U&ZdNKk z4U%^C8L0Ol@e!!c>pm~)K0LYr>fe+#heQ3VvgR|Ji!AU>>)6)zNg89W~ zqpIfEaJfAdmt}O!meDMiq~oHF^1(qwVopYhe@TPee`}-LKYyd!zkE}PfB9y*uBYL@ z)u;G9Tf&{0?krFu(vadWZG!!GXTg($XXw9mD;!~W)*0OG2B9%a+So;k7pIJA5eYiB z#VJ?r&~rb#N9Mu_q%*i;{(8aRjL?JgU-dZQEN#YcFPQ;OTMzsHax6>C;5_U7o(BK@ zjm8|O6rK%?k7pBzwZZS%?7tstj&f#H+9V%sb&=S0&$!bYzM7^E*0}s03$@Yjl7IA6 z4pvN61EuK61BYPAI{#SzBXF;D2MPvG_*VWIcK-wB^lFxzUd_nx1pu+;1nDcEm8AbW zPxBH591_tAKbXvgu`^;&Y`@eCy>-U+qHl-@0RDEXh zT|dLr>snW^1YbR?>ig&#-?PaociT`0U-`PII;nb{RMfFwWSumB zk7okr0yeo=ALDNH_IrJdH_r%EJkOq=&zzxEFgFT`jk*KAUuB{=2lyn4zhSV%jKEy7 z1nSSw<}!CTitly@=KdV46|3~kXHvL}2NMXA~& z`tZVtm1eb|632KuD*b%eN-vU9wGBPzz?9cR`Dwg@Le1WoY7bnovu{br%s#f{#7PIHd9Nd zo>SJ8p*yfY?0s7R`I3=$Obg8Yd8URj0w4c8Q$%V|ckWc%WDsGR9|_;o<;}_(r>vcJ zakW#8+Nr1=Qr4UV-sszYakbNo+G(iWpsaaa)=s~;+IFM19ktghYnIB|n7>^N-swi| zbkyFUteMK%t3xq}4!bY2Y(&BAk~}cs#T(&0Akj|Ixd>M>~!H*dH>ATR8j`1dGoiclS`X@`Tf4E zU0&@9Iq2GTZf&03V)-%8ZN~8a0>20FE5ffIY*CHhv-r^`z^gb*R*p%TU!&F|)+=WF z>3#dgrZ_{G_m3Gs>ZGy)h6p;x{(v$NR=>&B*d<3;_ZANsq7navpv0cfR2Mcv3r@Jg zZEJSh+K_A;3{O4oQrrzt@DzDrMIih$0(U*1ElcO1bQ>!uRn3;tKNqF5g^poq$3>KO zn5AId7oWhet9VFl?aqv$7`qo*{wS6T3xCGair-sAcH*BLlS$CI)J2q3*4LS{ZRo zh}e3=@8!mWwMnsApSC|9u|)(FC5>P$_!VJ)BW8P*D(Y}ebMY>KNeib$Y4Fw5=^%*gcG zAg^y!2WDkcl9b;!tCibC1EN`P;WnRKL-H0@qk*?%1J$m=jit6-h*P?qy$JdR?ncma zH)^-A_El()FsX%@i-{b^qkc`DrHE7Y%eK(2jE!^(IP{>p=>S3Th1*jJrsNZ&@1l~mbq(nVB9NW~n3R}Il#yIMC zmt4}QA2&w5C2*VDCy2INC)y@Sv|U3{Z*hYlI_hU(@z8`Z0~uqIBv8du?V1NCOX@V8$Q>bnfoj|XnM z%cq^hs9zN7a@03^oi!5mje*-1j0pAb1N8?b>NSDe7JV$#%SViQ#m7T^*@#eo(j9nu zCG?(w{Yz_TD+K$QY=22(|1W%vVWc#8iKpj&EHb>ror5Ex#B(p8B8c%a{+Pu0C2l?z zG1iF&EErY=X!QI2^MIE!TK?`&7tM7E(Eq7E|w+v0Z;4+>Kwp=W8e1L>l z%Od>4FXR2G`MhgcYw_p;YgzZon($qREaUyHtZDkL@nyWbaA+o@mip|)KiZhO++@>z z_yEF_a%zJuIOfxI>BN8ZV%``yfn5VYR}kP75+6Z;x3->_0MFym1qiS})*OxiUz0V5 zA;6udJ{AEkW=U@}NB|m-WJ&La#s3?Y^uE+Yx?@RitVrlfddIiO+|Ra&1ow4Wm-MPJ z)QL-aK66R$@JUG#gRvM!5U!`cw9$Y6MtxP!e7f0uy2XEgli%~v3wuE>?0wr@*c09< z=0jND!(>RGecSwxq;lVs&fK$1=AM=Ae_)i~y1e)Ato5?;(`;#v+FD^f?b! z_c6tgdr4;}uh#F_OfKhM(%H$Y^}oX-$>rQjIy-r_{s~zVTs}K_wSKm&DY)DhT*B8^ zS6t=OPD3Te9y@_Ja{xQSNax(4a_+^%%6K?b&M_}^n2Ha(V-Y6M5MrNg!|sZ)-1N$f z83_2#PD9QtBxc%07Pef@PG=SpGe?Q6Y(mZ~BxYucEC;f(n1#g5D@0ZfvPLrtiJ93V zD;HT~n1#g5u_9{%vJ_@b*l;8Gt^3OX->67?>DQ+Z>jHh0vA;eA=Ia4f^c zfDpEOWRF5LHP0Pzk7_{i&2Fte{B9O^;$&oV4sH=JZ-ZB^dbs`*C6 zPwIOD9U4sYyfj! zI7DlNqwb>MKs>!oheKcxd`iNxP4QN{wCUNd)n_s*J|CEgtvb^kfterTV38P-Io{PZ zxvoKML^_kDJll>)abSi$Fe?*mr_IO=JWbmgc#f`t_8ilia1%`K6=qxP^L2n=F6}h- zAgO`$nni}DZNnzIaht}byrnu)QewXuJq9a6gWe4)nsO<=di7)Pd(X=QmCSr$)eVbV9u`E-Io&ABK#f<&%sQPbuRn5~YlJb1Y?ypoj#k5pq+tTI1nI)S=8hQH2_pqIZ^XbB zj2PI7BL#NSh=DB{F|boc3T*L+fxQt7KODSnu&rP?gKfo)!M3=exXdb%{ZWtiP8-=J!qSMjFHDBO6~`GOBOl*0MbmaNA- z4Q-*}Tx}~7vrKqqnDETP%m$BU5FYrAO4V(62h1U0oFO10KDT9LRXdM6&uFC$+O61= z-{Zs7s{&ivu^%ji?ec-r%{1p&E)`ZCi=}cU9h=pWIo-~`TqQMD(Ce`AL%!LhXm?_c zfcKbQ#WZ%knzm#EK@ZGd*TvWE1-{)w@O>F*t~K!WaeF0cfvH=cqJ5jR2;9HHcm4fq zb$YyvcNP3yM=j{WOVHkXr2~mZbBNLH^W#0O~W^zEjifm%>n*A$dl=qGw1+m!o3tGrRtsxytx1f zAwt^KIDeQUxU>&3gP^-$@J;!yQNz;tZmnx_X@h(6axnJ^pKU+pN^%|B{# zeg6AEw2eq`5T`Ni!uwio{}W95zay?ceq?o@4)pao(#D=&^1Y9M{o zJ;uDIdC66n*W7N|gyr1U^#taKv48k5JLQ43KSc5_{AS_j!EY*lH{kbq{C)za;!93H z#P9p~-GN`iI=1Bg@4#K|>I&g_G zQq!fXK@MXmr5Lj5au&t+ImBR1HwNn_#!pIxq=EZGu}>kMhBz%9{$b`$n`M6T-07oZ zw{t*%u0I*j{{e|l1p2uMOEJB;!MIl`qpuVPOq_=~Onx4R9Xg}^2oz2%Q=HUe?%z<%P!PhKi@->Uuc+Fz@ zdL-s$xbX%9-VuT*ls39Bq@JuW-nxKv?9cRIV|LaFyoaH`dw~}l@Y01Nt53defr60B ztQM^_f;TP%Fa3WQ4eTf15PxH08pM~|a$b$49VbEg_88a!mPpK{jmT=i6VV?CzHslq0Cc6YLO}|4VmZ$)D*h1nsCFD1EK# zX^J2B0PBs51X~peb}kZZ1#dfwG@GxlWCN(nc%r_6I8-m7l9>mw4Ch2KBEy{eO5(?q z^Mm@z4SKr1lB5v1d$2Kmb^quR<(Ktp;6>6|dut`0jDDR(M*lObWSw-6{tMd~9b~)i ztbR=-JXxKA7bQhr=VN!)33pbtCbB$PM*;#{m`s{eSm&>_kHs?Ils_Q(`OdLmgCOyA z2X1`ENs6;4UqFx=d!2|aO0?mR_5o@f-#IpA@`OJ?bluLAZY_#etAkgzV-F|8ev>Cu z;jZZbi@fF4-f=t6Vhb#`-~>5vO4T4(hz)8{tRG@ibd#!yzO~)td+kN`5_p}MxF%0| z0ZpyO&M~jHO*`S5ob#4X+vy5Sc}^1)ah{kyd2TQz@Va1u$#Y)^lUAM4TG22PO)gYw z(So8Wv^{;Y{m;__b6-rEJ{j+#z8DeE;MJxeYX@$8Ui%Bj)7j_5#+-T=3S;9g;CWS) z+w9V6w0bo0tP4AOppl5s%XkC>>!2Vx&4^^wIKrv^{w8;~m!Io2{ z3cHG4jA8GYYw}&_@~jvNR6Fd__5eMYPB>55Z)?FPQ4PDhQM#9<15(fF9EaXU0P#6Fe_f<1-x%7RsEho4*s0-OwM_uR733i z^vuAdU(K96X`Pg3txj?U;_X80v4YT(s|DAfQ}C_!dWwMPeKfY-tML!esfHyXE2`sMdf#tf2=CPoTL>WC?}q3EcRSTl)()k1JL0c+iAf z3;J;v5UK=Yv0kYkf4ZH0`16mYS_g3WcNdV;UR;YJ&Sp){^VrLJ zWC%n63rAX#52V_lRAG|zmp%|zsw_`n!kcdAZak_&AQk$klig{9lXHFsO8*uCb*)(v z3K1aE3KH{rG0K4N(NKvWRnm`A_B7}X%Kv)tYBrHN$^ZifV&W7mdH_vZ)zwhxQ-S^(Ed+OBLtLju$s`dOO z2F|eqS-_U2BZZR;btP&3=4ZkyMDgRG+?$f5K^#kBz6SD53@V+C@ABr zf;NE?B|v1|%Z(&lI1<}t_DF0yjqleTiC>9?P+$OG&cv=+mlDov{d0eKd%RXZ7I=^PVt=yH3Ri$6G zS3k7( zy@4y^yKcs(*_|n0P$_=psNL9P$LyydC0%%GDKds3aivf&>{V))_fX%j5$+jW!u*Ri zw$jYb|1>@mc@z3}<=a-(J<;(#FFE`~hWoLU)p&!qtE5)EmP|g#0(Mf0P38W9{-xL0 zqR(X|{@cZr@-hgL81`0*8Tk>~Gn*$4?2y|y?O;wpX-3dmFmd;Gk$@Gmr_Ut;J?I)b zPqQ6>$ZrAGw$icyps@iX`wlXciZ@S;%(G)6O%+5r6FblJ7<9v%I!RE$(7609Z^dLG zm!Bg<36#g73u^FcO3?c!M*F12$+XyG#bVtOJHO?ykv6Q9lDjX3#tsTNjDxD-2c0wx zmtjVK0_+(c|7~k92mt**PhwZpj;ZhI|7=CfWv}1dU+4((v?zh;J z>Ex4`(K!y=K}+X>IyEtRj=bgJElZ3nUK+~Tn%M%xotYm+ESSgT7ZRW!i2J{pRs6J9ZCe`5D&F;dq;}?hQ4aGCS<7uUbA*)Ske{A2 zI&yWsK6e>=SEYR=IUXBO<{<@0o7wg)(VrOna=*e>8Xf@W>G5CaUM!;6)<-b&vMYWm zerU2QWP{tbh>Q#zx5GG~0P?dBN1;Y%t#|DmB40(@-f)F1aVEx1cH7pF)b5Bc&FK}r zdVxN71&frOX2(nwvJwumlGGX6(dSI;_%g8GbjN?|wVfgxot3*ez1jxfSPj5e)u5C0 z23i4PVUt|(^U;hq-689}wmoLQSX3mZSKMkwlos;yM6~0enq9T*O!p39pHPRvxUSRe z{EFAM-)&n?+PNeCU{0@&@)m<-00cRi;j~@~BKHO_z7j;PUxFiKZ%(hy!8bN38p`-- z(3~l%334xMw#{ohZT9Pp$;j!|=U3sDGQbgEozv?KdMa$JM~>P*205CJa;&C}4r4-?aYY03qOz`P zN9Y{p%?@)ySREn0gAfkmcxb<|QjJJ0T3GzK=;snV%|bMl8m1^QK_%y+ua=0RynjJi z2|OpEZg1K{Q8^K1+6W)h6)0fTy&M$GP>Lr~Tr^aq3ql@u2+i9&`;`>8LFZQyUfs8B3mJGa=gvmVVff->#~3Pzb9U zKvzN-8u_xAK)Y?3nS#v#dgof`NM=Lm&=+JngG^_NZ!=RcN>yT%#Ast*F-nb!2Q8+v zL&wQZ+b%N&%U33rPl^YzscwwTmk0^i2>9h@3g#8?ZEL|R^D4<14Me*`^c%2|w(d1k zqT-9id|SwDz(Bp#fayWidBfSEE65xT`iGp+VL81lrxQe|q`^Co=RFX514BO9w#014 zQs1CM(dSmtSN^0yS%xxv_70uFrZd=_mifG!e@ep`A8j|dA&F)rb+WsHU>%H^=njIg+}C3M{-H`&UEmtUEgM>uRR}`!!!G`({z8eeZjhdJxx>DAK>qLyMsXlwZxr#W4*{> z4vMtvi|zUnyS}u{0URD$51fW<#k4Kw!?u*Yz}REXoc2RlxTH6q zqI)E%ILx#p_W2=<5rIU{sW7V$546N7r=%c-q{OrzG;Vk%U%+L?DW$D#WxU z!0ooxtT}YpHvhNQ5=$*{!CF{tzSwSKrT%|=TiR1g$KSjy3Dna0H*ZT9YU%o$wWCY`pM$Tyoeq+jJ|m+y$!v@+jrTV-dpJ6q^REL~Y(w{1XL${%5zeaKWx zVpws?xV_}@8XIMYAAE^H;_?!b18>^bH0{Q z%lD1>`Wv*Rgj#m~=51jlErp2+WubmM+fhs{Yku>#6j95v#%)30@|C__gt~>L$Nj9j zJ&L-qUl}UP%&x^zD|gavuo!D|t-jUzFS}7ASrhddWVx%LgR-2HhM&Sg4a7n9jdV|{ znTQWdm!y6idar06{5-fmkF=``j$jivUZtL#VFEV>b_SYX8gt39wfIupH` zGZEN{z)tKN$t<6P-P3TT;Jn*iMyaAmieB*?AzXJW+Zscab3?mEHsL@ah8xE>UNjo#cwUxb^zqIVWWI~jr7$$D8gyA|%@Gd}LF0cgeI!o{nZV_O?2RMRH5RTvj9KizZk;gX zo!ozn`m1L^*|T%Mo_tsN4L4UVY&&B0f%osN>2uk2L$@8jc30G?g596Y_w}0tDvkf8 z@lWIbPd-6$&^ml4br*`9wH@>gE|2{?c?$h?|(;_1y@6ztNi&s9n zOuOtd&2G29qP_A8uU_?n_QDHVWo6}mY5(*c{yLK(K7A*k1?*r|F542XTS|w>oNmOyyT5auGtyiyJ1GRwz zsp_(g+QyCAV~;&{zjpuqRQbx?+TC|+Uw!q}Fm2c{s(!)LOjFCt%X?FM^G#6ruM^sd z6WSmC@P|3toH?NKe7csNu2oc2bkI6<0HrIcw5lp?`SRsiT2>aQ-Ts~S-FI3-Lc&sQ z=~7VK(pl@=S$pWAhem6oM}z91;o9)wT47<~U$npc1(aK?)K;$4F1h5AFfA+$)IW&U zqNBC#+qd7M-Es>}NZO`t+omm9vZS@vx;0H%+ez!xN$b(0$4qVJOqw+CUhUp{wcBpH z?Vxt>AWhqNT04DO3keBXp{-a!6YpQ3Em)wfTet36?b&B(>fLc#T%6XgU%xV~tc)fP zOVv_SHLutEg!aS}G~N8G_Se5^EnBwC)pBzo!JB{5{`4mq1bIYzt zvdgv0FNY*^O0<#^?Yir(8>|f;3~AD%w5TZU{PWLOg4LlzhxfGi-qT`ZV>7gj3`kX# zqvhmiAAkJuZf*B&NR}0$MMP+Cyz$0XZR=J@_uY%yi!W*(k0(>h%!GtXztz6|R+~S6 z{#1r)AZ6!K+Ne?5`0?Y9Xh)7f($Q~gZ@;ZIZQAr3?VE2P?eKfFd+yQx`OklD&^By< z#D6K$ii$Lw&9+cmxDZmWoTN>fq+NXR#Ur#4BOrO$1=sQvMe+QSb&JWrc94_0i8*W%-~OE10jn0D+KENOj%cEb%?+qP{# z)js_c)^r-HjUB7$y53A{)(jTS+@tN;qg`~-MNex_KMkwyU8Aj8qs7F;{7w7Y-(cB6 zpXT#vS6+FgU-SE6-RY6q$dQ`E;rLwp{Bu~iqFSr2*8cI2e|)HY_#v!ZaFce^P1&BX|#wqwVR^#~!Nd(QxbPkZaFw;o355aA7%B5c|<*Id&UAw!gl zbc9R0`R1E1LZ}ewg)s<|cI&OTUWpJP+LIgzkM`PYul)m|LBvOVhOlTod-i-8AwkqH z2uC=yufP6!HbQ~OKY9{j(5}D!`rZfuqF-JN^R;K5d1f3;M+N?Dz-(>Glqs*nWK`jg z55QdQsi&Tr4pUKyc{MOod+DW@R>4G6BR&B0v>$%>!3EP$kz+?;mNs|p+|4ivRkB zTrDLf2AipFYv`}Tc_Mxu(%{mSesBUs|D%aY#Z{L?nQQ_75sZ4wBx#!NK5>)w1H^8;Uix&?C zC@S5(3&6C3f`VB9LA5Vz&&yhAY3Xykgo^)tF@?3mhYuG}2vr|b%8%NjMT-ve5S5>} zh#T!4{_%l&3bZbmQ_*HSW>BQ;BHW62uhEFLc+ZWvQ_=2M5jRYVmWr7c?{g5e#Cnay zt%>x{$GwY{`y1>NZ~7+gOT0h^=1;6+Gu)R%5&a1_G`vkNY!xYe88;wOa}>8F()$_V zhO}Za>MhiI7c(o|nSxl0)UATO;vJ@92E;2I!5j+}n@g*(;(x{rixs;Tb1qzb33n>m z@ejmAsOg5h;$^qt_QXndN328&AH;2oR<6g*3zZhZeu+MA$6bgN{D8X`EAmMcB0W!`ZW7J>7wRJ3;s)HTNb3&Vf>_gR+?rUOmbhW@=J#UeC90@G z9L3Ae#C(dCd<=1xXlpO(CSLVD#9pGVk8lHUPkV>(Osw|zm@Bd76Hza*TGt^45{*5H z*o)TBMr413=Z*miEUZSQCaEoG13kgRg3VVUDO{}69cQ4wPh}jisKZUy%>o^3r zDAsBKVTNecYq%SUT5iD&iC2#x%n&Ov9kG_EAd0X?yyIBRj(Fz{m}Aj`ZkSK8vdb`s z;yo%+f6?A+a4X_uxHIu~ZE$-M#k@%PCSI-=VYEc2EeP)<>iY}fp?J+m!e+5H z&*1JQx@(PD6l*pCGbPsiO3bZ94|@n##k$;wdlK)qov>J}=O)xzyxMJq%@XAl;U>j9 zosS!pXflj&N21kq!aj-G`Vg**_e{Vni&q+t+m)#0(_EB~rnkq;iPh7!M|VJ?!>4fr5?#jQ-X-e&mM~d*CBq1ZB}%=3 zFi)cF!MI=Xa&O_jBx-$>Fj%7Cw+VYRSe#EdF5ayt;i^O%|0Eoc-q-tt5#r4a!a0ea z9wK~@=;dR=9f?9N#@&clI80b7(e6CDPZCA0rn@CxEQPR1dKD|^)`(ZVnJ__mUxVmY zNtD%t@I}1%G`dIP&5jfHNOWw+8IapReFs{bRVVnkx4iwz056y#nLPK zEACo)qt6pIO4K}tutlQBesmiox@$^zN}{z(=~jw2o<%q;(e{Oe)6xs2zB|82J_bt7ot#pT_7rvA3s`SqO zM3}1Kx=RQ*q<58rdzaq80m5*Ja@P^oN$>Aj!WQWbd`Wj!qJUDmi5jLkneLpHpX|!qNxJ*plicw;+($RLC+)~*WY81OxrZk?`j8D&Ip)k^ zelFWtc$npH?=ptPB`~J{m&%%&&tp+!mU8o#5z9so$sTiHs>>QI-m%9uX`jY&3PxSn z-*Dw!Or^6x6*OeMsw;B`$Jj8S=8tCE_ReuGqfZ>We|X}eJV`qoW~jsL$)@u6vbWs> zk$RS&H!4~*7&&1@Bx94FIOZC7k4Xt<;)8Jw=H)*uk=0b4zkHwxlGtItAWjFFr8mM7%J#jBx^2N$m?J-pO0Aih?;ql zec@c}coKVP){v=hdjK2bVv`2wMQTL39Fp1qfA5P&Ih>5NnC<-Ss1gbYCF-dlCs&vc zgjX~pMZm!#VUzaKfH0@k8WOv$_9`rBmCGQjKr#}pEVWv$njLI&k(<}aQE>AT#9HD= z1a%5KpkP}E6pU3=a6rR2$dKOd%ytW5%E!`#+I$6p-d+*v>NCr_j3zGQ{_u*f*v`7~ zD+fe~alqcT4j3KFF*9*-Gub&XJucSmAEzmj)xH?Ye3u}e;4zat=F_B3JQ3wFA0~0) z31sZP_AdX!35OPRe|Y#~!-hTaaO{u~BV)&Qx#^*sI>$cpOl;SO)6zzcNFI^)*i)lM z4ZD8C$j5J2*(~?=mfe_*W1J0;M>}fLZ6{5<p}4_2x^`M z>Z@UZa_X~6S)Kf0b$ECGlneZkFSC^97Xy&E#P1t*=&7z$|0~{0=RIp5i1||MC2g*J z@mIVp3L}(tgnHNbeYxM z6PA7Z<$+&S|F|q^x+Ao2vDEzdU?01>{^FW_!GhP5*`O&ImSro>cw#Q``K%uIia7{ND?uoVGXaq%N5FJNkZF$Drr^*bo}udBMK zhreq_#kQR>_K1_+{WGHjQzBpf6>Xo*mPR5ncK?*-T~YU6SO15>rn6VbcD8;gpcT=+ zHf^r_6)j&QHIGHre_hRU?Ec8+7T@-u>U+BTvo6*XJ7GT8)Ja{jm|JUGfK|2TwhVLo zf|B=vpB9vh$oR984xs6dc=+{;-^~j)d|8m^D16q%mkk-r!p2_=V;MD zB*nAssQIyO{;bxwEGt5z*Eq~igTA5I!2x!=-9^P+)lX+Jz{(RllR2 zY^*?U@H#qN`?^KBVAJOXn~uU~wH`I&<#q~(ta=>68UW#OEs!jQgH-NE)q{Xw0R-d)P@@k@HyArPI-t3)C&imRjbsH1Az9Tya zDk$?TD0o`SJ+k1*oD#H&8(7g@SKXAl>ZYjbSZplOhWVLzW+TD;Ox&uG7G{1X?$JmK zH$M}9XQV}%pNZ=-(xS}I#0ME^(PqX(BQ3_v$THH}ni)PLE!NDKVx+~H8B>k4_GZR3 zBdsI5_84giX2wh-tutG?8);q4j9ErnS2H7Eq$QgfMMfIC=gc#~QBZe`@X1 z8F3UbPZJd+!HE9smdEnK;Qq&FZnH*#F>IA5TPBP3AYh3IZtbOZJ!j(^eraKk$mfea z&!s@i+5)oSxhn9GZjV@CHX&2OyfaJ^BRBHaVvqm2)IUkwwAF6Td|TMrJ@G-mCL5v4 zJ_D?vpZS%Nit-pP{i4fqU^Lo$(rM27N?vd#KFje)JIqXo!3+x>;C0o5v5yR!%@`5vDh10g)X**zc3uh&>d1oYN3fT(SU!?(> z?C$c_FGTaxAe!k7(fqU?%};}9vgf|6e|DPFf@t<>h~~6r7|$JxuR-P_1$AEtWPkgX)e(b>10MBXlc;c^B@WJk27M?U(y&=Iz9iGA9L+~UxQFtzK+U7fL z8_he@V7PgIIt!d+i4*i(WH)ib0I|zPcMa%?>z39EJ+qY44f(%~R_wu`%HA-jveySy zT&i}3oRF;tZR`Vu)f@}9_dL&D!8T5AKd$yxX^1DM(F9|;Af9^#&*{?IAf9XO=CtWn z!-Sso!C#P`68xbx@a3 zexYc++J?=S65PK!C3u>w+V#Vi60Sl-UrK~;{CU1XEf^jQ7LQcy^QE-(J=MzBOFx&x z?QUb0A%4DLyj?Z@+>N&pdE^O^Keyv;EC}&77UbLxy_7+|6N7wi$J@9!n2vipx0z0` z0MiK;&TXdu4+*^pWMMji?77W!x&<(uZo#?D^o0KzovikX>2z8D9j5>G@pi0=x8u%r zrpKswyX`q2Z$}B&?~gv`O)5VQEYBtvp?3F<;QkyND5a86)czb!cC~1{jR(7Fe5Q)9 z$;Yk>8vfeww4g5Ru~WpE3&n0@J$ui(Gi%r~)tNhTjN9LXGzjM$&hx4A_&c(5hAWD4 zdB%J7QcVcuaml55NWOrW~-aSEh(MrGVUaEiL)OA4L4V5wC^Fi zrLZFHTkACHe06HYQHaPYaGkj%Qlv6ZM(L9e3nPu;#d5ZbkQ9=E+V(1!-ws8cc|30= z7c(I59JfCVDmrsH#-hk=Y*ol}kW=6Mn!d#xs$+TzHMcEtk=6bt8T)C9pzrl(NK5!T zsgGI0Sv|8kt7i`6E%JnN43Rm!n0Xm?uJz_tJSkX>%#c%@NKhJA?9SX%)zj~|T~Od8 zp`$K;hEFQA*Q}KaBNxKl1+K(Cg+8|t%~7L~3u-IhA(dM^rPcto7JK7QN~K=obj3w3 zW24IqahYz&*pt6dp|BjHlm76T)!1_)o8?4@cIwmA2X~wMB13B#+|-j)GO|Qa9!=v! ze58?qs*HIRmnxQD=nh$E&uL}7;;vb!n7$vbH9VE(Os;kD8l0%JK;&7H;mmPSPLs@` zRq35LawYw`JhY7sEDwNIWGCHKv&ioAYVMjsd(A?7=5C$yMP2@TYSNohIAa4jcrf{I zyy5b9tAdELMP-8OlE*zfbu?AfbuU`Tyc=2z)eXKx$i9>OGR5B*PM2l9q0WasH##(A zi7z^|U~jmqrpS|2WvtBDiy9!8uq4c#7}?xyc$%W}`6yd;)W~x3&frC%A`mF)V{%F0 zo9*g=2AkuGT}T1PS#U19G`52ChK3hOds!^GR?umLhdLfs;o(|TAP94uM`*~pWMAjd zg8hPzD~S`AGRoQZ+U|GUL`L55Vk+V2B`6jhY46mBLtNoR&2nF~o>5-IJ|YX9#?Aji zlWNcS0d00HNDxL`FDS-4j4FFhSV*VlFv5rCvzh3#H9=OSx1y~f9^-h%#)?o(nCuwl zFdrplaG97geez7G=`~Kd3-*QOaT(=KD)i{x%N$0DBczNQb=0p*?@`1Ctx|x~B6^gt zAFf4|3>0E7T7#5qsOcNyviQf#dJ!k)I{WbH)aL-7%ti_FYHX&c~Cep&i4+8(mY z6Z#lt&7OlOCn%*CTaFS19Y;}3Uk(yW7eloNCYQbNY9u*?q)_&RI-WR|Ib%{)y@8mY z8qdN=Tj=87PKr%WSE7rJ85ACr$977If!CU!*gSGPs4Fzl~_Iwr{i$EpT!fi^sN{M&i_5snua12 z&SC_-^{D2y{PLF|D~G8FHhC6_9aZ=oZ~S4q5<-rIz!{5Gv1mO9M?M=X?hV;?m<#o!ro;vj#b29QB02Yp(nm`Ra*8N=wkK8TOi$!7#>c^g=~a;H#5zL)l<$+#HqLZBepp?MtW= z&s@TZzPUAhi4Zbo+w$?o81gXO@f>`R-4_{Vx#Oq|wvSs7WzTUEh&A(t;%@PZu9^jy zkPPs0PQ@QZAr(8T8cT(%fpV6Oq1H3WH$a{IB~k$eKTvPii$rtV=5i9>5q`yLJ!`iZ z7~`?2?#yLSaG=iOf~yXEt~0YNI2`2dcrjq!r6TiuI5BH zQvr>q>6}^;ZkAvsy{+Y|164WQt2#kqa_xnTh3=YVoY&3vD?;dsR&@<2%Vd{RXp>WE zNmm2eY#8X2T>@rjA?`Azast2|1fVR-39&4j)uD4il~c;$(lI-7wt>G}6hWxVaQc*u zbk0b>)+vXvvl|gQCAJc24IX3krYv!T6W76>`yFwR%Lk%+ym$-(oJ3CFmX7-Qe;^|^=@OEGXE*c%M>*x$JF%OYRPffA_t=51-HJlF(>NM zWd9H$%lF9ZjEeKE;>aeJt714rnsFwPdiuNGObA{_D7G&2a?DxH8bu)y#h`_bG3zN5 zRAMZu$0&zNQ!OgZ!1O69^`iMS(!1~HskAlc$5g^z7s6*Epu-%oC?^t5FCZ+_r{~8O zWsZwN54}a{H)iFhk5X|OjyxDKbA{!IbJqkK#%sN6l*Z$7jsmUo%0}J zz*4)ft-NLT0m0?Jzc$pu5$SR0{fXLe zO8QhW_RQ1zm@B}5t`*fKMiNDG;Wn^&wXyY1=_5*?QFM|}N20eepNmlqhS#~l@Y-!G z@^HGGgx8N1e<_i(3h&~T?UF#ql3J-3k3@o(0~=08Tpi^in^^IfYP&D8S;nrK1$JXw zd8xFVg$|h~2x(Qc=*KLby{l2*RzitJb*i>rsoF~S!Nfjs3OJp*u*O}9?KD$0SM*Xk z4VfqOF>|p=GK-hm ztEXC;QEIPQS z`rNQX`ielIA|=I@lK@8=$HH8vR*^(yd2j=MbSfOm9?~ zM`%v31_tE|tZTlIMI;=tyLx^*at@vAubxN=+1|Y@q8Kg9>*fo)1`F;<+N))f4m=XCpk|8s#=GcAI19M$3?kgn01wG#g2hJqMnUHGYQWj!m+M(A!Q*pg>orIG0oRNncKxY^L-eN>vlgo9pKObVIQ7cS zPQCx)Lk>M^F&C@kqIifyAJOz?Un?t=Jfx2p7GA?=SojbbIH_yiwM z9Fj*BJX$M{R?DLbJ`V1ck5%$>`cMIrz`7;-gZ6>;LH38NJ$xGt?|F?CDl(NpKEkUb zPV)v)RSfyQ^p3%Cj&k}kwc{MEi0SN%bY$*gm}3E>bZVGmU&cnu_PhW}3>xLSEc-L3 z!B7Xfr^d3H)!JI9f{fB{lkp9Da#8loQ~H=TtZ{PJ4Pit!tFy9uEwf_{@rYWB+4%;u zGY7N72qDp1=(v1-U<88zgD|65T5^+edJSs9=b;Ce;nc|FE+e!{*i!Ef4r_F+EOST9cdaaU*_OMFxw#bb8n4afE3<@G zH@MnWv$NM79z4d%3RlEN3N^Yh|U& z_MO`pp9b<{-A1+BmhUxQn5te`>9#HQ8ZXV@Ml6<%9>~BVxAD##_3LV{ZMD~UCr|yl zfM59~U;VPeYg-TPinu`<-8RN}KPXl=oQky8YkahU8&{$Xi+x=smnLWH+Kxk!YIWDQ z*g{-Z^SNxtz&%{(Zz~2fS*GW-_}v`~*mLQDxDH zcaqgJdI(>;)YTer>#eR%f!F{k=WqJzD1GqgNDm2stH z6k%IZQAXRc9}*OhmpU~BlFMDi=Vk6|)o<^{H~ekz@A&QQGaX-hI+*B`*Zi~KA@cKL znnK}tq-B5@6YSyQFPXnC{3T?xHM@t~F;4Vo+(vWz!XA3am#h}n%Ks^JW#kgkC?5F$ z@k$ZlQ>v)2$3M~YZvu|-lGwIzLTfL0tUCRK7J;$phgsVTP^thjwyBVnH^Sr* z+t7uI{@D75*Zs=D?UDLYdP)8&*)rmLS@ZrM$EkNdr-*i8Z~g4eyQ8vE15wNd(J>Dp^c(z z0cX8uR1&8I!I!rIcq2;4w1wIcoe=}Vj_0~CBB{Sp;QE@?)ipBw>`FSSTCBgg4q?e! ztYR@;$x{T+#WPT|m(b6w<`JYR6`A4Nfd>9O- zi!#+O{OB;Bi!?Jug0u6}@9^S~t}_FUsC~fq2NBEg^ z@pn%aIp;f-Z`>q)#XngJa!Y3`BUge;@JC5z+rP4Y_ztM}|Grae`uZ4-tsN1T5qb~0 zkQj+uub-vaYt34SYb&hED3IwH`=mfVSTHM->z=ewfPStZi{VqFw0%*miGsU}pP2&$ z`5K0Kv5a$E#&P|{KJcm{)Mc!9F|@&KlAg6zT9tX49>Pa*C4(GwZDb5c=JE>4!dQ|P zCewHYC1Jri3YzT9BaUk>^q9?Ll8``#AsN!FZ>3VTA2*cwD5iw!=A)Q~kolQH27$ml zb72(->0>@(=(?uB6Dp(6V9~*uXE&D7S+aV_!)J??VB+jlt*}U6I(`Z5SG|eTP&NCA zCGXuS2zN0^rxbdM0amH{QE?k*vFG$@fgDA*!s93OX@MB!yBMb3V;tZ|)3TaBJ40kC z2)iXPEQF4XLPz$Cj(kzCBkO`XGB>CrA2rgEsr5QC!()EZSVxLo#;7_Sxv;j`_L_C| z+M(jTQS}OPuP8{OJ?Cb3%_3udj^~1?$emC2G>LPEA?~eyAe~ zBnpC^fzGhou7B&AbX=rQpFCeAr?E!(f>NZ^prMfZ&}L>O2?r4x1|CXW{)v`$h}sON zCs)}}U2;(uM#>nPSmZFO)dWgobqQFWrAY?r!u+h7?6cHmc#(ZlVLqr4`ptGvT4ZSo zJ-$ivE!8+Ks)1U~(O>L`UNBp1sYF0EN19CcZd7V5!Ux6k>61UO8Y^Ots;Id;r6Pj7 z-Onh1n38%u$rn9gE>Cr^rO9gUOmw8SX%c84XjqY7)I1S$X6-;mAM=UnEfy6K^{-Wt zOxm8Q3IiQ6-di05OZNv11|GD7%8FVwq<(UIm0K{t^sJ*4YJy<4H)7o!Wl3ljRY zLcbSy{lntw{lv)-h5<6xDL9 zB$GSd_+7Pe0+mXf(3c64Bc6~_d4suEMq?>0QNunU(6vI!UJ9DhhSNT0#v1JrBNcmD;f9#f-DikVtts6W z6r**P7}4u{)e@u3pSGV$jOyZyIvJ|Bqz%Iix5&@UjB81soba~`}XN`@S-a2baZ zJYq-}olTIwZ4_|a92BJ1c7x4Mo=XmzQ-`rfUl9}|q3ForK~st-br(^Zqa;LLvc{D# zlLxV&LFrCSS^Co zC9+Xmmr?@fYb)cbIFuuhExRQ$6|x(#GFCJYnmfea2<{RVFn0Q?h)ZLqi^*wKZ*rm; z(^ayv+me-9xBHV3y3Evyrvff^{Af7djBH5b>@fTw*l1bu5-M#WZ{&2iTS-{567YHU56KfSg zZBipP&Zw~+v8^g=j*FrbldNWOWt2tlzCq1DZ7O>|oq>AQC22IAb1$72d7bTAHm!`* zzVShUFTQNXs6^Va?oUDmUIyZHY1dkI^@=`UTLGiN9ZBJ0} zJ5}Yt@^?-EtbQXL{Ec)Sjpmv2n`iE5?(h6r7bu;%yGsPQAUE?{tjFll-eugCFmQp} zC}v%>?l6inOPYVtN;ncfUy;U>G=I#KJdbPMHFV_fTn1Zlmv!+8T)9f{^@y;p+WUH( zXI;hmdbFqrcP;7>4j46UV?B@Y^@y~tqI^AC`bM}bhTfCQjFbVUTccoH7T(|z)2@+PGhMr z2GekR0=q3GJQx>}M5Hwywexy2T{i-zM)oz*pQf@xWgg4r7y$Vi%W>E%I9a;!6JpXvx_e0+w8*9teAj`fiv#>du~ z_?!z|W_QGbK9$)$LFkEO?Dh3se`J1gMofLw!oblo@;fj}uA1(gIP$$cb7ymV=3$+| z$L0=ShjgYYN^Gkn`N$QqZeds`dIUm;tCxFJ4eN;p1?w%SGs+Tg5=&2essPG(~) z=U6~U1s#`%8z2X4Dt#}bpeEmwR4{TM?u^NIMqx3~WzMG}No@_nP$m{R!2Yt2TmNQy z>+VrG&h@@f%ui-u?9U8tTOtRVCmcD69>?I1-01V|~UoL5X9i z9iHTo`GWSY4Wow-Pi zC4ed6+!D%Sch8hV`b{!lj1bl)SPE(CQfn$A2$QRV$LD` zZe%1^5QVgYzMAP@&jeq7y}%(W88Z;N2!th<6tsj|c{xBjqsjw7lg5GDda10D1ceS0 z2^uanSaYgHlnP3aQxg$#_!9r605P|X<03dEi%5dgzikp&1TM_loDS1jo9mGb$N*@={PxEUU78#bmnEybHLhL zeQ}R5-)pR=S}%EOI03{U&o~P6>v`Yq|CaUNV?~T{pGs|BV~@L_GAw;?9V3|`#7GMx zNi2~>!&(MT;w{C%!p00-|5FS+4&)y(@b-Fb&cn|uF4ejX#Z6(1T?QHIba?wnGAeO% z3=tKXpsm=H51U*=&tQ|xAp9~mNdQ}I#uQXE$t-P^xuA(FY4vEy7d)RyM64zu9wvTM zSt^1cfl+-V+i*(MMHf-cx#E3KsE~nCWxRis8oq1hlJtL-6L(iQp)W3luhZQ59M+$YX?%0*R%BwqfNj?|zV6*kfe}ve~J~RB~AD+*o@rYLRGMGi4fYmcE zuu>yx?!{gAokM)Z3|Fy4Nn)d!N5SYaOGP570c3OByn>o5 zChf6uK-!+qRGmu9Fc=lqXRRYn%*Y$!l70>!i|FSR0EblL5d;DtU!jpuJxWxveNeMR zt8yM}nNQM<4*wW85{E6!69fgNL`HK+kRyNJl_V30qjBN2$!u&<{d+XR?P(EV)lcq`4VJ6U@{919Z+ zJFtRby$r7r+CSv9?Yzt1@!Fnd*tLiec9XF~Usre7)$kb=Ptf4?%J*YPSvuj5dN3HEAZ6J1Y9 z_sN#p=vY~O$deM3=&GNEJDeZ5K4vNP+GZ8aWFFOT1UOGIOaW|-U^6V z?M~V{@_mSwYjszeNi>ewXOl0}^ybG}X=GRy@Fd@LYj`^PLl|ysE9=$rM2#(9CUu0m zxrL3X+fWe85+99}vrJ^yXAirV=^p=O370}12x!~v@Z~#v3-X!ZSyUiBagXU}7Va@4 zn@udO!b4R=u=#Kn&mk}qLTpq_68w^!FrDMF!aRwN%fm@C=;}#~yxh0In;5y8SAgZk zSk){ZdtHN9g5{glmKXTJ7bsov?vSa!xbTk))?)!If$G+a+&a0ZJ>W5!HV?){$!W_m z9Fc+qfFZAv;M-?TN z*Bq1=EZXEOP@{mFZ$X_3)S_U~(6c~|0cx=Y73~?cAy_o*EKp;CT4F)X1!`HaXw$Pm zCE)Eeiop~pc-pI z%?E1xV9|)PKy?8%!Gem-8q_6N^t`h`?G4mq3u-Y?UBRL)&H{A+PJU03z42$%a;4KzIP%uB-$F4J*&|QR>yE-!< zkC*Tm%MsTW$@ba;O2*5=z53jp$a*+dVCzJX>EcQBY}Mr5L@^9{ zD^?HDH($53we;93*HZoLeeP>wTh0a5)8;o9#xeT{Ha=Ak~ifAc~M>(RV?L}@uzO& zZGN?$7J$$uX;z6~wTYRli=`ajJ)%HMFAeAN@mK&Aor9>4C_6_HOWRsU)2$G2L_#f5 zlk17v`_O{gcp3R>PD`%KB1=wWjlUt#yo*-&v+diW0ro#4GhjxunoE!@|LP9z(65+? zYHO08f8jsrBS^!74H_RyZ@Y^&-<8SE#91Snsvk#3nN6ST94!+i3Hsy|j*^i~*Rb38 z;N+K^xTkmmIg=&%u@h61bIJZ6F*-p$$IImF{p#|53-Trw3v|)Y%n@YzrK#Ra9Hs+3Q@_P17ddt|;~Gk^Q^sPVn|-YFH{A0?knf|W>B z^Bcml>y`Q31JG#!6peA{Y5BeQR6o_jXK=xS&vO4{8knq4ehCv)5nd|~Q0f-PA}MB7 zoe->59w_JdOP0o5p>f)GU^BP8Gg9v}tnFRxRNucZ-L3^rxgzENYPU%Vni}+~R<)ymTN*P?A*e+k?0aYO{HkFEG2}k8luB2UD zS~YOrfC+V0jtYe_R%PH^#~2HJsjQA0na{H%2Z+K0^|ithj75UePRK8GwwjJ54H8n| zQ%P-mg#yxG`GC&9jqzq=B3aKWVuTTa7$0k?R8s|Al@)gxIM7 ziq&7Z2$`H(alwyNJQ-1xKH{RnV}xXU?5HW+ zK5Eq+h2_L#g)1xf6|NleJx@-A7nWD7E?l|!x~^n=6qZ-6Ei4~?u<+Q3`Gt!s54so4 zXX{ui-{K4rpBgB=Pp=3sJU(GWRpGJW8w$5qZU~e63^R+nn+#8~27h@|Si2i+$Ue#j`Ehz86 zwgP7mwPBbb{Cjr9#UB5K?~+&I@{dmD_PQ6i4s?sx*19Ggn+R*z;z$C3N#$}wfstu2 zeRO`HTZHxlSK~`KdTRJ`et0%DP#S^x3D|9w%LCm)v{Q1wytNcB4%kD6FOs)=2TE;@ z^%P2~T%=$GN<(0y0wR~YRrx9fM1Up-N|PLwQBqTs0&0nYR0J8eE4X#_+=SfiZBT(! zm>_JnDiLPa)oE1}D*_p;ytba?y2@kEsH}0L5>#!{ursQR`q?UbpQXyQ+A44P*&0*p z+6U`j5r)(;=?2sYVpJXva;hR^Y8}nf6i`L+M?)OzV6X5_sK@O#Meux!i$cCflL#b& zoQ0DOI9nKBxw;`^WBYHZXRbwq!Zww=0`@NbgS@u4soYV^;5L<|fdU(yDXWRX>Oeso z^e|wLuUsjBsx0Q%1+L;Pg4K}yB3MEJOD?*{>pQ}OA}5Toh#r)Z)jev}fJrfG3NPhydy!kUwavMWQI1@@OF6je)3XiFcA@n{I!twFr#|j=57oDBI zN;J+2TuHuSSRI=J_Gd?2S@>{eap8TH8x`FP?uLbYR1|(Z>Qs2)%28W`n%u5(YXAjX zrUZSJ_3+FGtCiBz;nei(X-K2;IEBwnxEQBIe^#BJskdqw+2Xv2@aD~$hJ`laz+b4@ z;NSe_!J9L`=bur~Di+(;`c9TKSN^5OS>F@Wtnb`m)_1y zt?$%A>wDtM)_1Po`p*B0^_APqvu^T{^H~=lam6sHoL`jN6zib zy0*Hl_f4IuEeDnXskP<%y|r?_Rz0+H0;EdevXA{66;jc4@!+M~B1lH?<#o z-4`8CUVr-y6Vtjq9X4v=NZ*({M@ObF&zL&?o(a+8);&Mtnfu4KeRkV(xx*eA9yen5 zQ?sA^{qH*t-T%a#M@Bx{`Qam}d5=9ixa*M9kLSCZxE(!TxU=Z4^LlwaFL{eo&hOF3 z`I=*c{gUJdyS>xBq|cRo2lxM=U)jCCyJuMMkM6FzztaQh_stzpJ@A$XpC9z~L)!NF zC0RRCO2cvQ6bPD+cY2J+kO^e4a`{LV^D{fyt@#St)!(LhVs_(TsUyq!= zeA?7M-t$iM%ynuPY+X~)>^_uSXJ&s{z2-g|%Q z*wcpbS)kzA5%qpm zr4^A4-)D7-rZv+iuOWUDSof6_8Yh>C;;j$Z+f{zYvk5p*yQ2ax(WY`wVRh8q1l@MW zp%AZar#IwC};)ru$9k#6Z>Rqay8W8B#Zp(LaIRtyxW(x_;9QhmQ)_M!u zuMCb$5FDO}!V+#dDz(f3ivt4bTY??|O_xJ%*HQ$Kg$0!-ywL)yFm(Z(2>2OCxdmL|Of>t9W3g4m&^r9P)Zw2@Wjmw| zcPH0XR!n6I`lh9TV6~LKOAJ){`kg93^+&?n1=WUBoNAxk*w z1fsqgRf7Vq04s1(bwV9D28JX<>feCXyAD=r#c*-tb;G>Ey3oLmr?o1%dXmV~efr+y zLig#dim4@q@uzozp;lbj?({ye)HW#HFKl!A2hi0@lo2R=`SiEot(8#?fPhw1UdqG_ z=Q&#faD2k^DC47w`XT}r3sB{Y6VfUn-GwVLb&s^( zT3NXG93BwspTbh0lyA=3-Dj7hAa)Qq09} zE}kmkqLPczRa_h@JU-(2xc246$7^aVyCc?0<^+;8uWc1egHrX$S0D{8e^^|70t!)z zY7i-86Yb`JNM`Pr({J|ppPuMmv}hs|2of)mO|^5PlnZtF4QY|r?@l(KNDDlYq~&|t zop!g|>u+gJJJ@F^OXF_j}|7N})PxkodU7XBF7dImkWa%I%aXltBu*0rZ zbJag8u;V_hgsUq8JMPxXlp9D0>~L#UTn>v%4(xaW{vV%^9@jgt<6&(Bmwn<=`Ft=g zt?Vtf>4Xrya`}K_idu?Nib_JEK({0t6b)Q zYL}l>=;9wuLx9!8s`>ZElIBNEQO~d=-^00uPggFh^-a}KrOv6vSFTZxtsTQT;@sNc z^>A>7tt-D5&s7*vdAQ=d2J$Zk>ZcXdJ~paroH`@jUh{3nD&a%hI7_CtS6*vbn(dV% z5MFE;eNw2Z#Q5RL9tbbSi)a0lEivAX1Y0s{+qz6dcdbb4HeT3TB0{;>63DTwTL~$n zgp{#-3`yYQsboGz^ZMviMWTBBJ)7$OSZV2Xuc_17LZMBq$_jy$+6sk~>I#XL_Qd-tTMx!3FY59R2 zVt$^T;J`}nXeWXy;uqM_CMc>1W$SuTjS!heR1?Yyq)T8&gG6J{??}c8^AQ!LIc25n z`G{~m9~Y}|lMiB>g5fLVl_aQ*A)xjm43A|DEGsDTt<0csrdXLkVUI8nbdw zNr#I!gm$G*JF2X@k_9e(0LT{M_p!);elk_THZ%oQSX&Y4?tctbB-){KQz@t1=_%4;; zc2{A3|L5cAk%G1cU6%mL(LIV5bm_k^P};7x?qpSWLHzJlfk)dpHYlW51*;`y-l9+s z(pHGExG=o`(Z;aiYmt%oioq~Q9e6apmdxUUSF09?Fs&3i(`-JgTdS%U*c?ZrBo;aj znGZslU3?!dJRoE%cy`1CQ5MC7bP~@jNYabLg*OYLVDtP&_vMxA)w5q|!|UwRnf-6{ zui?M>4R5#(VaBV`KMYT!e|G1+*Y$G8_UP`79X?`k#<0hJecz~I_#?4UgJ|fCTjH16 zMU1krfHk709p?Bb$F0vrWwa*8S2D7n17oK#KB{7nGn-9Mk9u?mJ7qbxsf9qN%ckFq zIW&%D=a0Rd1YQ<9l-*8ySSx;=eNl>}qiZV7z5?gR7G9gmVy$0w`BmC({n|t&nm1gj z+i<-?dlp={j6>{d9`0lVK&P?G8UKUsJHYFXTOVgZ?6~6b7dnjHWuGNtz-2*ycD|l< zh@T~2-qdBw&a4V<-R2##tDwv8Vwr$!nJAk(JwHF(Y1>S)Az95NQInBwp6@cRa3^iD z>#r5COy6N_JG#x=Cf^%U>?CbE)L|@U(+Y;;7KO8{bE7+cgU8TVe-UnHJE!?a3PNg zBm*-r1Bqb0U=`H2@lva{US<^9+;EbX<2aV5t?xrGRvug42m92PzEvAhbOJ~sChOb>92e*fHibsRdsD)VEj!*HG`86 z5D~w_EG+{CgbVVI4>&g!21^fBB}R^nB(BY?N?d5&QE<&aV5a`sW{jT4{6@0taVQ}C z)EYUY5xo2eBI!Ma(Z4ebhcTr;l9w4^|I<79&*d(F=!oq4aN>k;Qa3$t>`+k{`!q9f zMk|?xnIbVT?N(E|~zcc9_pt7Va7?^H$+64ri$}T9NBi=AyvD zRh&uX-d^$z0NHuH7%Wa z{>C2wp-45}nM#i&xX!>$uO@x}l)?G20YvfKKXq_^w7>>=*L>c_H>YX~VZ?AM$NzD^ z8ORv$Q22;AK}hYrEM=( z0E1Fm!iH}@)bG4IY%d#=6bX0;A75R;!eo(hgZwsA;N`fB9M0UIm8IgfTd?@M4Ij$j z$l^dEIe(kC#Uz%g|t^xIi$zPP~a zxsExydakkJ>{h;`mZghBdG&^Haza~js;_*tziM^1t&{_pv9EG+o@YKDQ^ZP#7(}XP z7dl%@+gqFD$<8OHe{HxLC!zc|^cLw$MNZQ#d~_a{OS-5EyrgP*X&XCQpVM?ViID`J zX_f7rVJA6@S1_wNmXC)@0YOjO_kmCgA+F4wa4Qu^OfANxW!WVGqJ$8ymUz+QZ==d< z7uTE?Akq#rX|Fj!BgApW(xoOkf{Xv?&=v|5RwZJ2$s4#YCbVSytfCs~s$If@+zDQh zJ9?utcaclV=dA4%TExbNlPfg+A%r)l!p_UK<9)MWjh1f@LL6ufS^5kS@8f^;RB8%Wc5S$K zTJ2bB-^$nBU&?|Z)NHI@WPE7fgG0l<1NRqKCLhd(OSgvO+w#KY>mGQQ>s9bO!$F!G zVJ6{(7Ea&;f7{}q^B$4XO@#Z0A_@O=Cm%<53lBIp6WIeaiK<0rKI0U030%A(moEWT z!QpYYxzPOxu_f|eHk7AuMLTH&{yld&o~@P6B?NehzY3>Y-5D(3<$v@D)YC5KYW&Qh zXy=9#{&2DqUYMBMpfw(jm*>S!!yKv;jEZ;qoc8*UGexX1<0DK)(173iG1*M87I#JmVv|9smTl2Wpw~ zzg{i(!CBC2Fb0qEc(8{J$6x9#;q*uBHHA1?=uoII{SvP^$uSrHVkm?jj%?$M9183Y z4bJyBJuZCPKTVI1@F*&|L(HiBP_(eJJcFB83}2=Wb21IFg4*>wfM*>0Ah+$1+x-*+ zj{e3^^uQt`K&#OGRN{l$^uOAA_nPFnP?XT?fp~3UUflqYEN_3FFIM5k0YUIF7mU^d ziA_rXMl~e|{(G@$IpGerbRT9I4t4v zqtWBcRIiDCftR#S1&c=j7W4s`XlRe6D9Fd>Gt5F<|1?VOQG17IDe<~OU+lbiU2$G) z#Qw=}&eO#bI(EeJ-q`rS z{@_Texx@-zAa)Vr;z)cSk#}R)0M468z?vx1pZ;&QL1*FVS@R5!#0o+0}o@tOzs&+|xgn@SN=YSfZ zVhp8BGg~NSsZkbuQ!|&FpWf<%=5~@8TA8kU@zt(hisCG#+QmhME(x*Rva#5-0Y$xxy~6=;;c+B|_)_ z;|5J%8{@7lH?cDmbrHXBU?(uMJ^9rC<98sJX<2VJZjS~6kKi*RinLt>Z?L%e2mbbQch2a+!!|EXC!C4PU1Yf77?1 zxaqG^AP}z^$!cP&gP0H>=Yu$sQcOHoOHo+lz0ozj0s7+#IBR%vksy68bP}3q-apaj zQmYRwYOJ;qa(nLiPu0zy$ua3lggq@NO@wHTznDcWo7WTC|T93fj`Zl(TAtqVbY z8iROkW|C+pDSE%4#HE0sBS^EuPWg`q`SLOs@tw5HwYY?uyS^phL?>Gu0ce1L-MiwW z*#ct-(kFc17Cjq`SP~|BBypXnIc5I)1l!?4x0ji|s#QcTUb`qSc3hYa6_~{uFQn1D z1{qA3uzBdsEf#!yJutR}M*9PgZ6pf*;B+~UTMiPNV!20bf=h%h4M5@`dtB}#vUfXV z#}H87B|G;3T954ffy&L}f3#FQa|-0!2Ko4mpoJ0VZ8IBE$z5mRM8PDlIj)j{R~5Ll zcEK9;tp~Y9WLN~6N_ZPpB6Mt8Y_~}MMtQV{ohKUX*AGo!L_3M!(K|NoI)s1 zz!rE(^hOW$EELQKXEUQK)d%MbGZ4~XJ1N^HuRj*I@eO}mqcv|@5=E5hgzYT-N(WhE zVy`z-hPyQqZoQ9Dugmz--=d(`QwCR<=WmpLKAcEuxGrWhqz;A@b{=0y8WU@Nf4oS- z-$mH^k^6;y8hXM`)kKj{#3>c8zwia-Id9@#{?woK0vsqW-Z`^=Xlv7QzEUvn1!z8L zL;a6_$peDFKF~`$K@eckkOP&8COf>#XjM)ALRk}!D{FFk)+#kN?}~RKDKFEP#lU6> z-#p%sctVAl6*COke!A0mM0lV{y>fcu*&}wCiVgg@ZPOh$flW-?adzpIDw5gwm8!7j z&x}#6W^_%72g)gDHs;cc8 zn;x&}?97{YnfV@OL1bP=W^JMp7U*8xJ%CYayXSBE4MWZlFyRRmK$%!n$3A3d5GiVK z2^9%m)!+bV27egMHs|=Tb3!1V?Nc){2;b4AGs*i>No)ZkumKi`b>Q*b?!^8?*RfkAYSUaA*Cu6jwaG^T3HM5(j& z*W4aVK9Fr~(p&-jGz7bAsel|G0xreNKUohqf=N(v;N z6oH`9v9!gih3tA4QYaKonEg55O&ykbuKd6pXuAE4EA`o>N%WnNgJ$X(q%iMyc5TDl z(jwh%sq{~5oddt9%Q3xL61=U;a3ErqEJFjl9Z1~zunP&x+HUEKaI8JOpw@%4q4xGF zK8GBh$TOr%~9QG%v&Q_^FG~lR%d?cjg6j5>wi5X1cHxk6O*zb$+!^&gfLH6 zxKdaPAGAS5cBHnzO3`PCys#j!;IJrk{iT7GqRqTo>U?fsrN}c1hne-KwOV>hNs7`} zr9z>1@f1!b1!E7EFc>H_+6PnU_NXyT)d2$N_aw@i8#Ew7ym0kaZ@-m%M)im|{tyld zRes;1x9}pLI-tz&x2b@o%z8r5RYOl=2%}6p>7AmGm%mf90;;Ua9sAcCX691KhgtJm zsHxpNrmrE3CEHqC=FzTn1!P1$@0QMSUz_LK2!`3$UAY}Z*6GK~!}X1|uAI7z z>>1IgxTW!Z&}a(O{zsn>@RD;zLXk8E-hilutKD^ixeFh$(CL60-es$do`No9wB^2m z&F=@|Z}@`FQWYllZFYTd{8A0I=GDx#oGZjin0Zw%6@<2V8{;r z_j;c1Hj_$A`{VYeyLa)G8U|Qv2nZB^5%`U*NZXj8m_k3BGJ3m+92Cn^c!rl zpHMezwgomFiB!MZgJOAQyaMk61`*sGK4xE6Se(&zjCQ8{&SL5z*e2&hS@Vyxg>~-A zK9{2DN8z33sbOEGQq7E)V23u~4|g2tYRC0;T_h?}tpHnXVJFmp>r>rvR@s=h%oiJl zVC(-uZjIMai6_`@0T0bfzttK~j~@u{m`(-jahqyPlL=`^YCq&v=`%&%?mJ8B*S`~) z-ruM-MN{a4LxluB^*7nzcnPZkjn6A2fjFy$!O)5VsLcW+*fPiUbBAF|rv^2u3!P|DVSl!me7#cLaUu@i{9=ZhV0#b1Bp zAIWA{iV2-6`jloi^2|L2o_so6wJ1cC)gDP*Q;w9VvD~jO^eDZH8Fpb)=x^GnVRgZV z1cj>-Y|b654;B&=^Oy~P({K3#F!}?GLX`p-7o5_S$pT}LZR6hnBMdMqW|^mVSYW7{ z9>D0YT3ujR>e>wqont1f^4bw1Y_hn@ek|UZ^*61ecb?8L{b!z0&Y~8HaXECXp=D1$ z8zy(bp{MCu{n^c;y9*9o3~cL%G>huS4}G(q;OFr}L;O#slEFN5*Pn-5-a9+oa{y!2Pov?37E`QfW<;fy$-c5=`InPO(jWWtvsY^(l+TT0R zNmol~t`~rGo|BxTx2k8s_TQFX^Zs5J6#(}hQ8|S zG}}La(|=KcgojvjrU+8BOugN%D=-M8s*>rONRetG1%T1A#5h!UzmR*X&7C=`Y`^(A zl*VO+_mD`aHFsq>fx;Xrs|JfOZdJDO0`eZyKa@!pfd2425Dng2$AaB2^FhdVsXvg*qgEBe^CopA9CC< zSKxB5K)4$IC1o|rCew!!zU}ctB{i?V$T}0aQns+$VsZ-D`Z0S&xT@-LFW_Jr8$!QU_)l0_)afX;JrZ1qD`>MsOfgjU%Bv4%jyBMg=GMjV; z*41Ue@SeJS=rylTo&=H0Z~AzhwGgu>O6|%@_XrY9%(z3vHIKf?ItFkGb6QJ(mX6Z0 zOx*KN`@&t;m|I9$(HU~mv&`gP-64Fbot3-2HmJX(h84Nj8zI6{r23ukovZJ_h6jx? zv1TWQTRKPh+LHMV?6FE$&l{fQ1k9dpNg7+3(LszyDasX8R#48@~P zBPP+<{?+~cjXK|!T(+u%u>3&4KXW573Bmn34nadp!qvPyZs~t=u;d)8q8hd@>5f{AX(}X<@?kZk40a?MW{p#0Ngeemq{kTh^-vcAv%Eo?aD}!7QgUOsmxPGDs zhs!tCdzAarBD z0CtM4utIJjhgF^&HO){77wkQ0duZKO- z?&V0pEc5bjUF;E#&qren{pLgi(vizz=KN98X3$<*pDa<$ExY@M`w|pY3{NMnBcT7- zKTY%0QmyrA_%cj>U~6c(fSTdNwssjuB7o4}$kqkctoxL#5O2zm@@Z51Iz9)t2_e$T zlp8z?T3CbVrB%&kyg}%lsUnB?pzdiQ=I4^iq{o}8+5|tTD`C%QSlA`l8ALVA?A^g} zE8PD(9vxu^cqbHYYEqX3wQ8%Ukfl{^H88Qg-A(ScO>U!3%3@XJ*7y+wpv_7aR6NL5 zY~OBMF zA$^w#PRIqIXi)k zSShwI3j^gv-})QS=|8rY`H55`XU4dabzfz&$gZbF7lv zyL1^DF=VTfQC=Y5RmnL6K?#e+2dWY^@8(sFKx+=H6BtgOUDZ%EfQwQ$MiPT}RE{`^ zttGd-9_1p9$^jdkZDp%qqE4stR>xb680n?eX>*4i9`Si(z!vV)sx04JvlKK~6iE!B zy@i#|$aP#GUD@}Z#o_T)OSnklb$`>9mYQh#9xQCyUw4TPPh_7IY~w&1tu&?{sm|n; z+4xbPvq7dF%81mQ%AD$a7I3aCbT(Mc6#C{a8$lS>^*u20*t4@R(`c_W2LIl|0!D^) ziGusT+of3WOfDYQbjt+5-}DfVGN$u4-NTdE_*}Mph}Kesh*127WOh}{ctymLwnN8P zWe`*SA3I53?TOZRc#Jrlra$9q$Ix_s523-Hq2JB}lmUVQ4|S{BZI*Gwp%x+%Eo7bH zZ~R}jv8{oZr374H6*yJ_SRTNDHJ4&_fae8XmQd>|tU0E!+k(K$ROO|i1iZ-B#vW~_ zb^%-;mPo2?9SSYGz-{{tEjlKlrw&m381p0Pt}3fd?hN2V<1l8Fe_wVf{}xdg<=>ZW zfV9jl?snL;>r_mHxV1W#W(o1vP0KhYs2JA;Bh z-`z!w{7uuTP4>A9)@ZJKpaL3H9|s)?_JSPH9Va7Ef1{4Aaz_|OyDM&Y&ivjg7B!LP z5+zw3U%Hj7LFbE{PSJiI%x6u|GQK%aNZID;5VPxBo1W#BbfFB~;6{j6RU7yi_(JjkUeM~+kNI`{Z& zv^^9^*kazfhic$}MOEs0w(J{$@*OoVWv+{_R3GzV!z|_r0T699`TsN89alRoNFjfK zY}xhhKz`yjwK^>+qq}$AJ+5*-@G3^Ex62{%jIc`jM>{G{|7ay3wldmjNKm`XYqWtz zrGHf3nr-etdY+o(%2DVa>g>_4*|DE@4CtvPZ?vt%oj||y02S)c{S&Rr@A%O^zQP%a zYk4r8_2f(Wvf%r_y3-h$Jx^f@uRuK zwNAn3ewWo0hHY zz9_vZJfbDOtIvRadgMBC)ta8b80GVj zfq4xOf+>Ts7o}3|p43Nba-Y)Q_v(^HhVV)RC*_t17Y9(>-9ps+SJayoBCzJogw@_f zPi?IjEILy5TG$Cwps=-~nAg0_*&xjMDx=0;zK=gE0{jUyBQfTg_M|)-x^FbQdR9PU z#i3yN14XqL(6P(6K3g;K<9ORsNZu zB`YuYRVMS3VuI`#Ied3E`HOx2;z+Uo1TKoY5_`_IC0XLTx0G<|UB72~a`39m47$7Z zTfMq_Clv&mG2L@ArU(H@%2qc3l*hFTtxyXS}X@)v*i}9W#AY=H6bzoo~_F00DEyKTuS6 zg4%w}Ly_B*syjLogPhM>4)$q!vu=2HRTp@Wmw84p+23IDA2l3qqCT11|6SFBj zB{s`z_8=k56JJ_9y6GY7}__(XcP zI#UO;K)aW>3!{Nuw4?KXgx=1SLi*!PtTHD!eQHesi!5$O^?v@u=zf2U+39p{&E=pN z=QyhVL|1MAgfo~Et+KPa&M6S`$LOxi{m^KdvXYh^HH5z-H@`h>h5sfm7q({mqq3(z z!K}oeo*J*^;2_)@;E<_suXT^UYyVLW*fm7BN+gg=C+%szDL1ABr_Dsv(%Kv;s&PS#dA z0A>ja9PEW8v#b*oTf3(1^X?9C$5_iJ{a8|k!E#eSDU_`Bg~opuM=y&BN6kwv@pH>bD;~UapLV@ja6)dU7%4=3T%S^a>Bi-{hJBxaQU{f?l3k zpwIq!H?c)$r`(T7{J^m+sCU! z37k!~kL#!=*TW*uFTlRL?SmEmIJSAw0epjRplUe&*X$Lf_D#RNXa7Dp?t`&dB;2qE48fV0o;WU`md zU48qaJ6M(X^Q+~zkl#=F{hHs?{4NF!v|sGx*F|uyK~%_ACC-Ct>mIE!_`=2~3EZ#rQw@zp~Y9BN=DV}Gwo{C4C*o}_*JD>fS{iTp&(~lQbtPuy!{|d3S7gT7F%EafINa2J(R+-M#1-Mh zk2J~%{LcKyma5}W?h2HtF%&@^-QrgIPQG@(b_sL371ueGm@*c2*)RTsae2CO*O@Z5 z3nqyvqk`OUJ$}mhvD=eH6`RscslZDmj3wv~?Vg;Ru#`vCCzlSn9$ESu^u;vRA4C*f zE2$xpxOx=4Mt4VXvu(?JSU7cF1E& z{OoI)!ITAs8-!C~u;&G~@_E@+v0XuD+L+d9cE(*ACFdMne|?mB9GhpYvVr9Z=J{iz-g)Gt`di@MgbE@Pe*bXEtPH>_nS4&zz#vs(n@7Ri(;s)$s7i9dXY zf8ncoNsj#oQjxz=ny6420^Zx<#F^Sq$Qq>&I~cB^YYW5=U`P-r3wLd>DBZ7<@$s{t zgUZ5hHhY6n`D-so*T#NvvvO0&Vo55X4Eb7*9DHbo^ABwEnOl4ey7HqNKFVsek zxB?}7L0>Bf#9IziuV}N=Cw_ zcgdDMmp{NU2MYF~i7QRmnQoZ5#|GGnuH47_zT^yK1OH?DnR>EtpgO%XIpe63_SmFB zVduE`>chE;07C59v=q4i1W#NGV!5ZAD{gW(9`693Nc9$u9sZicz-ewPk{&=?xT6~2@x9Kp+^=@ZZ5&;e&BSU zh0}1iYT$I=J}l35@KfX_0jK*qlMftK5~pc&02NA^g_B#63#T3Kc>kvHekV6xxBD9J z(fV7%eZSu|*7@#O`}m#zqbmFM8tdx$2oJ}Oa`pWBp5uFh@o@&)HNK;D13>aQEThb9 zXGd8|{zY>RvgYO-C`=B!0t1Zsla#_jn{%Mpru3bEfl^psa}Er(Df#oUK$&w8RyyYZ zkZjFQ4!hirPOC>7v!1J`7gFdZ_mK03J>Nsy0^Q~0x;W(Q4Gs7ZyOh|OxDv!p6$eDs z81H#KcY5v|rsa^o{)#|y@UT!acm~>~4iiIpgEBwp+vRu0^33|06ZECAG=K(gK#^Fz z&#L&!K0iJ$eG(bi)N*i&E!|d*XTu} ze*C6sY#}x=waSMVS+Xcnwmlgv%;zfhhfanP{}3wNCI8y9nAVWg>v#nvib2Y*wVv~d;#dUW|m2;$bg_Vitv_d#Y zGIBmt)s@cqBYX6XPaa|tA!ngEhyuYwT^-ar+rTU{=6ZVNtd%2r^fVe+WQWQL(?NZ$ z;A^0CZRYf@FW80PoV43?&St^;_65)fSf_t(*iBAAfzEeZa;y8DR-&BuSfj9@Z?`Ou z7Ki)hb4HQB?tww<&DUYd$xKufMkQ^}>%s1CU$mHE#rbXZ{@1g9esp2_{~G>3maMTm zS>v?JFrj=`z+brqhg{<4;BvIbf8|!9=o}DZDr7AaDP|#+rbBXgBE7pHsoH zfSrewCcEL!h8NfZlUia1hPoxwcfqkyv` zREmcG+J*8S$4-I^SC>%2Cm67HIWtH#i!gq+j_sdf zNwEcL4kiCHWu_#H>RUsJG-PC&_3%FT}FT|ndla?QZ zmRQm)Yn_m@D^ay2ASoBE!?mf*cx6TXWIvY5ShTw;s=0Qdxv^&*tosy1Lv`TRSivVc zC?cGGlt0$$F~>%Fb!5m_D>>*@a)=$QTF+GJuUgM=iq^AJy~gKuYOS`tSpC_79Xlwq zjIYy@6Gnm`g|XU5^-hwnk>V1^f`TOK#zPlTSWJg~`HsvhH z3IVp~?hq_(9_taw?#_uKoz5jEl}_$krL(8XIowS#ZGSD+zxC7lP)2J9NLNd zbi};DKm*DAVbDZ7(pIQK>DFNBzMSN9dD@N?1M({8!!*AA&=_xY6IuhM+o)W_OWO>Jbbr8paWW(BHUM%8}qRr``qp2IoyXsy1$(2!>R^_OVG?C**- zgLHr?T3&mB6{y6@;OeL{tI!v;ncqnUakgc?r>rXGWw(-=Z}le5C0Eys36`&~8O>9) zfT!3V03_%*MI*6kMriAXkBPJ6%?$rH8Ga(ZgmHl@RaqhJfLVN%_|lqq?XU8pXJ9ZO z@e0-kB3j0Ez$_&L1UGYL_eU10Ax2rnQ5d*R%8k@go)3u(KE2Su+cVt}4{Q&`1PMOb$OF)2{`I1OjgId<07jkzm%J zlYaXwAeJ2aj?H)w#Kd&p+(+iFOqnTNmCO(cV&S?4sDuLMGGULcc>*<44xXr*i>NvG z{t=pk-pu0DnLU`rHCM}E5NB1knum3)v&}56(uSc=%>!)a#El3#SCYKi$D$r-P^=i5 zF*j6dPg*xiiTg<0Mz>{>S*79!FeFo_<4wNB= zl;u5Olvn7w9)-NBRcMl1h%#VCtq6RI{S!MGcN2i@a?c{He-p%zvy0DMK>=3;U1B-J zg}i6N1WT+;j)kY^$a8lIdIHZ#n>nAksFI*!Z$@Z~kT22GSi;L- z8zUs;!!pF0u;7{_j3aiK4beD9OboiQU;NtnJUYl_QoGHq#iX9k#|JovUctFd2W;#1M-9Qc8ok?J>eBtf`C-`_%~e!?NNFYH4q#KWti@c!MI zv$ZYn&R4!Jm#Gwy-v*7mpVQ80RUMlG&hmflHLpm?w!WPD)w+Y?&uf{p8oIu&d~T|KesY-31M|jTUsQLxtde&C*k-fs9fmCd zOwpIVu7;WVfHIv?>1JAOo+pozmCxDgZOSrUMlt?t7`Ywtv))kEgBWw!JPN<&i37ho<}je(I{+2=A3NiU`ew5$d8B%sS+ z#64>2(UGVBZAacq2T>y6qQ-pNT#f*mfs|}Br(a=BYlkuK?UIqTe92Hu=PAya zqyKSn9CHR$x^vTGzu#kil1$!`1a{Eyc<_JDRvpCa(5@EDb`zy z!ujULfM)tgr2NY$!N>QS%hYy`ySR4a@=<*35z11n`Q;XDZ)jkz`466OfSeU9--ACN zQobaASZOh{|Evq7YXhb4WQxqRK^EZCZ0reg9W^IGA%NOaw~(gxe!Kc&Kh4PM^Ec(W zv&V;McExx36KEa*VKtXl%XA;D`M)|%aL;TLb%oe=HZG=M%ZK^#jeR(r{U(*JKvc>z zf4;@D3l+($>hV!Q!)k;6DE+z*q<&%2|dneyl1k~SVwl{g^{BLzx zjP@W$V0za|*5WlEzp2f7MR;-Lox9}3O6(1pN=I4_qcMBE^3Kl9Ro_Bp?hLmW60_$9 ze63TG!3lj-VBZ&~t-A|%;7H3Sd^>tJYLg3-6Kup^dVQRFJx^V^_2z@@Hs(wySTUbh z2ww8iPcAP)fNV7pKCx-;Isvyb%+Hl;t{nT?&DX(SozH5vo+4e=P5#E+_Nf?zyA9&8 zCwej*nCN=f`++_-vh}b}_v@Y259B*8GuUJlBEDGwOjxQXN}U**C_p z_lHYyHLJqfib%J~lb2pbLkdR#N&jZPIzL4i6paLA>UebPx3Uf}?AH;|l=h5nLnw z-iTmTfSfnsg4h7eB3;A2z)H#zfo&4G*hGaB1>?$3&cV@C}!@WtAX5hktW=>eOU#Ofg1_`GIVT zvy)dSLsMu{4t3>Ots_WgxjkIk&Sl;?LHyj%9P(i$awcCIlvcM}pSdRvfZYJ=g8rume3&d9!W2d&Ss=PH8 z*QcOUQHUgkQCqL>PF8p6trY+j^W-bmw-tp}3Qk2ig6$V_ZYj>39%!ww2Dq-&h<$?R zTR;Z1TxsR>+MGF2iw;03@yEr_5>wbH6p2 zi_G&IB-gAF{tWNNAM9^Fq$iPhEe2@EnTyFJQTFd&9owWAh(K{css zsQSSp%sX2|W3@kP`ACrk&i1w6l{%@krTHXAQrd=TMX*Ji7J|UK zgltB#@)=^NygY>X-_zT(sd(o}u`^XaT84qJSsvlS=D{NSNKvfhw7NDbJYPLZ+OGu2 zCJ-_{+W#s*w)+(e)?9#WdHr7D++3VFE*G}ixdKwrmi{0&wK-eshVd7Kxe@}|{ELPw z#>7r}WU8;IWWqfBXyR+F-PqGsScLqVG$I!O8fN8U%EbnwMN_cl=n|E=yCj z+m+P@st`$rEcJSE0`)2k-1J1ybRxLP@YwIP1P2_5jzro^7QDI{7hK<3cSF-v{o&{G zIl1=5PQhIA@cfsFUfTzKQG4xw+jaolYhN*3ickFc55Tb4SPi$ez~M!MLL~VKk1(4M z{kNO{7b-{(H0v)BsXp$^&znm}?k1O&(VaHTs*y5}Lfo9x+^Y2cj-VcdFd}N0_F}0L6%+nbrL*YwGOg`qhd_8&1UnP$LGB)qUE2RvI*I$ z0%nr4Se@K`U@pJ1fQ^CwvCqk(7&dHLQnA^U)wNq#^{y92vUanX>SkNGo@|eVHpA}g ziW^h&i>5phJSRJ4Vep*1%#aDC4;4;X%VS>VxCvK3)XzR=2~<~Aez@jYRm{*A{)hU~ zsK55MoF~<8c7t`awZe#0#zR8j)CppEt!C#N=#3bSYnA%D3v+TxJxMDbROx1&3mgCS z$SJx|p!c;d$Tko5E)%e268z1qE89+xsx6tD0*?@K|7<&4&OkSR0I3b-4cHf0NODnN zZ79zdXsGfvEcYdB<)j+e?l%w6ZM=m5?c=K> z)#w}dnr-uBB)Zr9X7<5s`f5+U=)xw;FfBs;5y~JW?f!&>!4d}7bUCv=$+E~fpe-RA z@m2o>2U*5)*e33Gvfy!=s!U!`LD@=w$iPU-Z!V5r3}oh9kb~y;X<@|!7BcVi*R)($ zpg@kjt(R`y#bVRy|Az}S?U|5u9v>FCUvm z%d{QxkA#s;MN6!$lkM^OWVgMg8t3~|la>`Yz1}fcGk0zW=An?ab!zyE%@wxjC*3;P7FSZt>%g00dGf~B2Hj7hg&j}!pYgbAYL~+kbk2mL|TKL zGT&h3PA&Wjo3i4v%SQ-}#tkVd^H5ddeC|{UzT1ffy7TChS0lx~1Ha0QTL2Lw;{ z_502BUN668vj-B~{}*s(5-i#;p<&ZUTw3K^^LD3>vrdmBu6cJ~*#F!1Nnt1W_CB@< z#52PBvAzC%tl|qZ$GHZ-zW_9LyvJZPim6Y!*dNDcoFa2(c2smqJ2q}TvVaaa?*v*t z#w}=O;pF7l5f-GUxFG!>7J^oJqm%{8K)C*0ldz#1f%8vQqQC6htKZ}*oVWO%7rjfC zqcZMYQNf>5G>V%7&bDy%+i3nVg(8H+HCur>QtNB*LY##-@!AyLjH2n99mF7B4=C%m zYa>1IccnRW5-nXJr9q%M$zM}&wYJHbc}(pvoKi$SFGJB< z&od*|9ghZiCR$OV0JNc_RBE=cNfg8S#^eY3iO zJ8w=GK&Nr-*P7a>uvRppY;`vKg7!_NZ~MTHHv%n3hU1WRTEM5repOswF()@E^2@6G z28b_@{*i0#G{h!bUCLvlanFpJ{XsGF{1e^4$JiAn@f%&r|NdJj65cP9AZ>NNu zJ-QW*r4eFMgU-5O>3bpPyKwL5-GrNzsInJ!9-S3fSwX=->ANzjNzOkSD*aH~knEaJ z>FeCVwym%dIVN!$dUDRsU8m!LcBTbaC8aW8X~>*rqDTDmPTlQxD{w>Yra1k3)_0MWFzHk??1;pzedu( z%=Dw*1n^Sd&fz1%q^4o~DoA-iPJI|q*IgD)T#hpp)FDx`L5uBBiR8?!5w4kNd9MUT z%7FH=H}!_!6n|3_`VAG zBAW>#L}xiC`^W@c9pb%J)eoV$+Fy6Gwi*x#WdE}5S0?WM3>LZ59?ZXIR*sRF$rU}p z&-O+9e_SJ*i_+D^%8L*!rT)#_4K`fD;P*Vb@E2L50W)n!rrgsJd+8 zb5OT_C|{uEbajZVRez(fN|&dJFkfavi0UeYzlWSV*eb!lcbH!)2gf7jcW~j>!@S@b zph)}N#6|~-Gxxjsa;qx6fvH0S1lKIzU3-qMUP_GRTyJOC*WuZI`#1_4whoU=rsB~3 zTQg(I+hXSj#!u6Ib@w8mWX+dMuzGZox+XV?X}Em#pY9CXrQM!Xjk)GrwX}^FkQ)_y z*2m~(VhS`OdZtz3Uhb)E>4y0fmc^@ZEpxXL&Y;5@Ab5CPmtXG)hn(%W|bhgJy|xA`q2w?8|X}q|g?>|0DDvu|ehSvE#DqoU04FyWGpc+j7%G ziK`3Ue&fM&m4-Z7p55rl&_XXdUkWn22rh$X;e3bX_F?vX5N{ zBP=gbHCk}}&Zmd%JycUFlhxxAQ^uj?jNU3-&L0`?EQ$RuzH(-E!~Q81ePY+J=On`5 zn_V^yoT3a}jiZ5$E0531-7f`qH1t_cs!#oG+-G zV<(#DZMr2)ejC&otcoD-5Ydc2f@ZB|ELntR&daI-yK&WlemT#o+{l$r>MUN`R75Xf z?njFx9vW(9W6`MGi^%=rPO!|L4c9|uW;2+yDMoKYq1b3sKeHh3oGfQ2NQHODsicMFA%`+RxaHgi9$}!n?*j94j&r5Q1*+Ba% z?&D9OS&C4TjuhZdxj)K*^pVWhzEa*C$7YG|v0e0ybn<(O@lu$A2zA|(?BE|1TPp6O!jDflR6qnCs1;=5#O(FYYkXXqRAAIFh0q9{2xMmv&v1>dAwd`UtfI@7Q{4u z;%{uBKkkVNI>Mu-5{!1?1a~D6mHjH)FLQC%mw^9gYh1()5WrkI;HvgS1l}wG1#zfI z3A&HW#|<`it=HY{-2xY_#$2-<W=|GmiZuW|{#~{D}Zy#^SBhEIn2NOfOq1pP` zn&`bQJ=nk6NBEHV6?uw^XjR&1wd1?`XXa|!`vw-S3B00lp;S(pZLd;8)87OB;7%)K z^~6j>Fn^Q0AiZkb>J`T;y4sD}XX{CSoh4bUk()1ndRn$zY~H@HM#sqknc|eAo|+ z1vT4XHRk{0gonxR+B0C~pBNA=VnIs<3S={bc)rbhE?~ddv8k)dYpL=?gv&QauyJY) zbnM*U(g%d@bYUwq2<%SG6FWq?xT+=x=6&dPBx{xa4tGp+2k%x^Jd z>zXdzMX>Yb+;l0vB-1q(5@f3q(lq%6hlOh_j-?ec2Aeh=s`+e+F7oQ9E$%p}0yCl`UB)!VCMc*t>@p}44iFG?-(Q6G zuGnyGzPpFXnhWVL7S3rOdLoq?uMKwWQfBs-r{~Ctjwx5%%b!5=jr=vcf*u2htc?>X znCl*?N+1;B=Ag}LSeX(;;_~kJ_usOU|DmZzgcRvnjTnU1QIE|$0^Q|${=NI0((@Ac zxlPYMbDx{_yim_->=Bu1qC&Cb+!q^UPJQ0{aA<9~ji$l(7p+oqb% z0O>G{^EaNzgFbxgS@cl_df}K*CM$!zo_;~YD*$B|WGeQ#z1_wK4Z3wQr^)v7at2CS z3xn-RH`lW^7lt$PjB{ad!MpCKpSzzZAuC9@j4e3Nn?9kLyCzz!OhbphZ~| z32C#NH2G3Hi!5^whEyu9p^!O5U%=V>Y;NnZ@}4=|iGNjRwq}lIn@#Pjbm<%ZN2^6) z&y%cs4~+Rtn)}Nsy%5P=;|FNR-iP_~-d|l&NT&m4M}?&T3TBS{T~t}#5$$hw{7GtA zEzWtb0I+vBu7b)h$yobS1|s|Gb3V1b#f{b-TlbQ9Jz>8*Ee^?1mJJ~3bFnl&UjZa{ zx=@32#8T$2`4-JSFKwn~5FHyAg7Yqo%!l#Z(+_vT9v-+s5% zt*z9}*rtrpn{&9;Z2pslq!}1szt;+jo4ukBZ*xCs=SuUSn^1L`hjnjYSE+(FOs6{M zeogDHB1Au+BQzOD_31ULAUW`yA^&7X29rJgBilk~Ii2&xPG>xH1HqSN4Bu0-fHVn# zkZuS_bj4D;U0xq5DbHc;QI3v6&JpOI@*&WJAz_am^pox&`n6zrEq!jbVAAHq8;rsq z+RMD&0DD%Y58I|}Q7+KyNR7S+Ap_9M1Cz1r=g7Ch@uHdi8v zPkD2&)cxv#Dz`uzy{|uVzj|P1dDybIyI-5$Wr*opl_fdwox!~T>C(t=3y@ck;aGNx zV9Kf6wb=1-9fxbgw+))B**SBim=r9+6%+mT6`MYyuwWXa3*fD^cmoesTK>SC#j>{m z5wU^uXrN|bF0qV6&QUlM4mfkA$k74x#TLVGc&hS;-{-g2l^@+3g{zXa7$9)fr@b?{ zXr!da00*L77YNH37*7E6yph1LUvsgZ*>mL@vxHP7X+k;qPxNQ{mS-O5SwV%HHPg?l z=pL`g5?hNsB3}ggC#ov9Q~JZN(!-Bsr=*S{=w_aA%VAG%-mdrh5S`&wR$?oQ{Uw8| zu`XU!S79G1x3k)djG#yTGpFm3J3V9o`GI+Nxvd8{vMoUiir_ke8F95HJw;Y&PImR4 z&jlYZrsKIS6tfsx;zk&L7WzyO#C(6#?|5==*zGX;UXVD_VaD1S*M->~W)#oNx*pGP zlaV1h%n9!EB0U$_Ea(F}%)u3&Ak$&?@@OajE@Z5*dv`nQGesK0NzF6f*DCup)Se?U z%gn_hpU7%l;K>ts0op7vfBU0X;9L%3Wv(v23E>pHV+G$}E}Gjyz6PAC;z0S#V%?-- zkxJ|ba@veK9-9Y}M4Bl4nR#Jz?hDkhKhm1+JbP@d1g1n^ZY}jUilGbpw_`-CIwt1P zg8#?AA=xTg>BbU&c7-u>H`v4*dpQG9S7{PU9m}4((hFQs7{*-+aeyaiSIU z>xSnxRGhkL&jcAXH+t>8OMi*W>wYjlavN+;uO%53BXu^{4Pn#(H|TtB=6Oy2H=pT; zKt6-10i5T$T^7FQ*{a#Q5f}eqH=_q=JbP>hWKXv32P)_0nnNyi9cG|o!#~e=2NojP zg4W;kC+HX;g_q4;oaRKvg)w+G6&YUm_DD0cB7J*@sppZUsK=;Hb@BJxHW|^n!_0M) zSydh8D)-sqa!AjXFjyK!#hqa2w%>WFPmwB#JcpspX3-ynp>%zjY2pzWSQNb^htof? zIK7j^#pcXhVl9cDhF8`c-1;s@3u}OL6#NC4SK0KidtpQC)WIxWG&tPb?F`ZZULglc z`oGAzvWSCAWgd)4L%gjYAth~1vTHUUU^t|~45U4GVaM8DhF=3n2?dI6f6pRfN#Fx* z%^3ZS^TB1sd3QG0Yg~@BHZhf1wXThn)AViLP*l4vtcfW_PE*vT6uWo*5Qx_6hAl@= zuu~GL2`BAsS9FT`gQILUKeDs$Z~P7|T7>=p%z<~A%imC^rD_$HlO4ffn;D2ygM`t+ z?YNeQvwcb2wuD_Ai;jBaj#m;G12dEGQ-%3Gkjo z?W0a-$5u`O5LloXg|KIk6a}SrwpXTaq==n$VazXouP&-)f8!MpO{O32i~H7X4Vl`P zNnk{T4K)m`r$Q)>q=MUXYiCwQN68ikH1L< zbHvKNMIaQ_QGkb|=5M=P+&N#cvi0v23%Us$2BjA6V>#xAO`9F_x*>AD?G$_c4+IeP zXjaUv>qNVJsAs+RSu2MAt7o z#jyR2I*qhigV<;V@|P6YnIF~8y$_)kp znLFL=Bi#LM_avUdBxc^VAN`HP1qCpi3QWb*mPka$*!IVeY+m`mg-T3beU^j*$t6PP zD_Ay+w5bWXOBB%Fsf<Cp{cKglHV+lB?smo zpOf&kGg@)CpwcW3Zzhc`Ak?FEGOSJM?6G!vWWY{;<7Z?^>yJXxSRN`0ex7YNT7_QlSZQqlM{gX>ZH&K|To#S#%f0qQW>49o`%_Z6y>C{hE&~kfbzMkEor0-*fo6!1v zsT2T&`|1||kMAWl(*OqH>n+v7zM+=dCCHsIY@fqDA3LiP^x9=uBjkPFsGI_jafLH5=5lYM|tXX19dt8nCCkK9j|LfgG{t z$ZqYK6fqsm-9?FVbT82h@x;vfVkO~3Kqm*$p;lv#Ce`VXSIN3;yFHVhyW0N8ZZc4u z`|=f0@Y^UK?Ddw2@JX2*JC8rBzZ|wgaSL`Gubs9yT{|K6`5=b*;h?qLju|qOv!>)7Y zeY#FuB>13Z;m@QPvR*Go-iGNd|4Ia*^JhCzkLZm#sNXzv2O1sC84UOiq02 zcLVd%+MWg!?}W<;_?+i&6ok02SY;C{Ri((_(07EdBHYP|-=Unpv4S=@Ah9Ihv*dbQ z{n38#UcRBK@Hd{ygF3W?I?J|udA(}6!6TPnb=mwG<_MIDdb|mS@puDunqNSERL^?8 z6Hhrf{u#}7&BN(~B$REp?I)g7T34-y=?I!)^LJY%T5Wp1{ON&t(R0!%l2}xXi`>Gh zbRSX@cFazT=Oo}H)iM{GD+A-50icL>pe~DK&XbJ9|1U8UU7)*(Jlumj&&`8mXP$5; zPdR_WV@{*@CHO@e(JoZGS>Y)nc92~5rnO~dS`*J{!c4+(hhpKL}Ph;i^dXLklt;(*A2<4g7toMt&_d&YrdBI@|zKxl2UT9^_w+xxor2}Y|3kTSyYp}Rv?Et@h?-f1 zoJ_;`KBSEX+K`{}o&$FHO}~W25SDv;1~+!MGbh?2MA1^$7@6^@cl`gPq?1HJzkV)d z=XUW}iRF7@1wHtlG@&Wm&&&&E;ct%b?d-=POSsB;HDC{71NI=+9RDk|09LFu4ZpGd zdTc4nULJo?VFJOAdWIo48{NB2Jgf9_JbJ9M9Ww1Qtnf1qIkOQsij-rwy5oI94|U#Nr#I%uCJ8EKgfZm9GB^5J6xQe+s;-{1qdAH?BMvT1ewH* z%Ik0R+lD(#2Wdi>@j@7PJ3Yoe5;=tAkvzMNSdQ4Pg^im#L|0PMgkO98k_=*dAqqWU zyG4t}H6&WCO5k0{6lvbr7Rqj?y( zD)n5|?W!ZRPxH1Na=|wr+ntWTv9HZy73lJtK$V_TJrj;w$!Lwg>(;Tu+_A(C?ItvJ zS*l+{XV4-b>k4pm$8Kr4%9r3af8ZQYUHA=oB=LVm(*Kc0A|B@sq{vo{vOBgkH;yHV zYo9f*d}*7!IT3o6;LV|DiR-4`_#Zur)ael_EayJ?sxQ4&gU@ZxT0>y z@PBd0Gki!)yyM9e^GxBxHNCfG>O7$VT<$7h z0{+n2L{gQ=PI+cwRr%g%v1PnR&4+HS*m-#fzEYE8&SMM5ERW4{NXTAA9PMOj!WaC1 z?7a_sRMoZUpCJJT1t$n<6e>YeO|I4^6)h?L$;d>`;2FRQh!q5h{INygN`hE{M2A>T zk7IeQw!T(dUTa%#|8j4uMXi`XAVCBJ_y)+zTbPF z-}NJtbN1PP)?Rz9wbx#2?Y--S5Ij?wQ~PlDX)K=;3Shn?v8+?&(8PzZ8CzUMb!O~e zb12skiY@724|MF7TJ9z|I5t*(0UejKo>bAxkhj-ZSr-!BLin-lBkuI!iXyVJzLFTH z*M-TF!XacYV>{$gN3NcO+ps2yc?Hqb;LK%?)cH`#$V2==eya1$U#3JlqsVS58u*Z< z9;f0GaC$7O;%lnHLtVM;KIqEZ%=SL zTNhr5#BOLMdH@);x{;P3sZoGd3myEQZc zDm5`)H4&PDZD^4Lj5sJlz7Vaf;Kc_ar!v06cvB}Pm|2X0m?L!hLDI?Fz>!AOw8lM~ zO@9;j0B0HzD(c$|iq>@hJSUwyWea ze=?nDb?=Al)CVpd@s!{wY_}%D2KgYzpBvE)xkSO{0u5&4?RVT)TJTZ%IL^uhk$XzH z&xDws_!Y9g1eEiV6(~?BL!kBc@?q-Z?5+Uuxfh@1HmU}FJ`0voYMI>~z{dES2{fr- z*Ce7O$VwyXNrk8zK-BBO=-VKw`~ZkrnwP~@uAoX;y+!k(fmx4*ee07wXUdo0VTsO> zZ)@B>ge{7JIkpt>5h9U~YrO^K(kKZ(E`{*rV@;y>*7%&RsH3*P_fR-GOAGduSAf0_ zh_}>wHI78t5x+%X#MmhWsj6yl+cB*(1c{U`FX8lh0TVKo#u}43u1De=?Il?_iSTLx zc9+hwE0rai&ulLjaiRjUt?fc(&w?_D?Dl1X+v`HHAZMI&%3QA?XZP3c>lKMzm&Hbx zK4#49TjHXyt%;lF47uM%kS1?(YV!4nNzkNTb9v2Ih*7VFypBxKQ3+&p#}lOmyKbCT zJ{mNm z$Y^_CM@ovOE+-5W)Wo?sG;7n?L0Rj$TdF=1EAj0;q>pg!De_BcoEv6DoHF{U) zs@@2^;Uv6d6gWI7QkigPDi3|SS>#4CMPSYKBv|8fHLUq)iK#9qY}}limLj$1q@@T1 zbSK$yTi}%LcvA9JcM=JvH67}^x=?i|9XDj`f(fZC9b3{MAjnvH@CTTl6zOulH$}Q! zm`VVng}Tc`#;0RciWYj1BbR+pSz3yK;66-B-9h#+DN;dj z;ifQ7TF9vc`o$D=wG5t?$`ENnDg&DqRo&bC&DC#0NHQJ{KllmZB+CoEECH1jMNh~2{vU` zRDz$mB`KyT6qd;Lgx!*TbZxgc>HPk1~mr)RPMdZFTyW21H)F3l96#8n@ZSPJvn%NxQ&w=_HjJ`wDS z;(6R?wCxLX6oc(!FZH`&PKaoGNBS%x8>tz#UW&vjeer+c?7i6+CF&3RHnQa4#;qM0 z5#JjT3h^|~n)h)F`K3bN2EJns;ya~T$x&;h_=Sp1l$6Ot7xb2rN{V(+o16H2`&eu6 z^O4wMU);Cq8hhwJG_?GTg{OYTwR~kzYIgLpvx|5>t^$7}3t6c%>sU4%P z+Y_l>e+6t$3n6aEqi#{_0ZPUy22tYm_ye7J;q&POF7oLljJ#uQxK$+7?7-m~u3JWg z);4qUEaD0&bOEP3+{EYkImVD{5mI+@P;z2E7%Q^Nn%L$aJ7ntn*$``M?pS+bYyQ|F z^WM)HYfWv-9&62O%NaW)^gbV^wib@H=e3R;J7nVf`M{nf((do74pmasp=(PN7g4CH z=qe8Z1A%xXu;7&0fy%7BBZ0~Q^Tm;?0t+Tynk|3KOLJ#m6{rl2khjW-U(eQWx$>NRp1(RXT43c>|(R|^Qo z@-9#lWAS@;WW@)~UX_x@%$6h`j#$spwrPd(ayeTmFMqZXn7>_ySsq@P9S+QY&F=m3 z^g$V4mZ{)!`KdU|`S3zKOtGQNq)Zpjk##xuULWlp&vizfA;1j{m=;!a&zC-k;E>Ed z=bH9+a9l0odYrp*IOR3h95O4z9CDlA98!^O4p~OpZMmj(zG*GMQF}+WX;qR`nM-t0 z1qOXaJ2v!WZmJ3hfDH=Lz{1TL+(Dn0A4gGIFo=IQa{s}NxeWgK{9C|FWiC`Ox=DUo z_z4Y?$Iu|27uU`X?54-NU*#XEyB%F;eDCZ)JPz5+Y2s%=3wLJcR;)geNmLXf&yc6R zq>aA}egqAn;5o*e5goji0jxUi0A|Kd?LK}G#7U;rKM#iNZCVra@Y*%|WH_GU=yj^`*drcx|zRfU5xIFD~o*~bu)j~IzKxy@E_r* zc*W|?z@MeEqJwoakF_q&G0_O&jM-*jWUHfoKa>vx8I6&x?MEW~?v#WZ{OV()N_kyU z{ud!V4Aas))Z*)!)Yo0=>pSxGPHKM6v~JXOHXV`rKjAPKNTIAHB~MhbPwMvmzO~P6 zY3pSTysoWo@6TGV&Q|IB>t_B4Xy?oUUiHz1RbW@7A%$O&hKto_4d)&OiH2Omc0i>- zgxBp-`I-Q+NkM(s19h3M-SI;G9gZn`Ay9pdh;<~Vble{vcsSzgh@6Rby{H{_RR1M) zXEi6KvTE=Zmc8RUNEP4ZjH3V74eCWU-1lH$~lP71&qucuJ~-ISRan=K?10jUJ=p$LKpGr zTXkac^F(E)5q&qe;tz&3=tRV3WWoIMISX!^b^D#Uk&1ccw=SG_YuU}^w=S5UJA1+H zxl2Y~I{nfS7v_%s<_!}jjvo_@T$elZ&fLpxUbyh~1tkj>&YHhy(Y%Wm+&<@u48d5E zr@U+L6M0Uq&t(B#F_4w{Yf}bgG#3!Sr{=HOf%)_D{HZBi7C^EJf8cqCQT!syAv1Q` z_rAuQDeG`E_RA{TogEA;=p{d6vt@n%SU9?uiE81&3`XZI{xMs1F!L?mIERA`<~2#KUn=yf`dZ}ucQxMnG)CR}n)H_> zaCv#Ux@=utuBuL9R#jK1s?$hy!PCfetJ6qy!3)Guf)+N6qvN#^u@DJ9Q0g|ImwbMU zP`-!%((Egr+a9FW<4L=ZEK5Jd7^L)@v2dd7nK2a09DW-CcTf-%(nD!_hf)nhfyzOz-GXzJ-ie)kyiqM0qOF<@uH>&(aAfIOA0Q zOw5zfqIe-Cdr9f+MCsf_X+EV&YpSLA1YLZFF1}D&FOl*S66I$k%Ja=FABexh;MU3D zvJG4hE`zGaR~h=gfa&bZfnimk83Vn?-q+pym2U7muKi4nvy^82sjP3X#L}3gTrdc_pm83i>&&>1;;!~ zz8tmW`$I%N#xL~nlUo0As@m9?{`mQpfNAD9cL4|(YT@Sug>7UNbt02>7quj5Ut_V{ zn>lhWm(=xMbAj9=@rRRyP-J<6AkW~RA(L8vCo$J0=CwI8nf>?7CK&qfnGNYU&nqi; z|MEY3W;3mMdWl@3=QzT*PJtD=x;;$JH8&F0KQXqRqRe{T%$i=a?I|fU^qnj=!-O1) zrTGf6L=WrAIO;v6u4;QH#?ltCKk0%g6ZI8d6LrLzpR!O>qMLd13MuYd`@+_8B~q2m zIAO5$7{9O3)=KT9pyrfyI$^l=_V9{C57T?crBJzn>f)p!v&U{=rvF^M;8KmQy%-zo z-_JAe~ziH~p#ABt{%Jm}PbMex^tT@R*^T^#1Zhpv|Cwp@f81_%;e+&Ea+9Qe>v22kWeK;V0(%#> z$h=65`2w0b>Xy8mz&%Ykh>fBev*2K4V5ixy(TOz5H;sQd72|n=g8AEdCK8Q zxM;ilaAtp-!9geaCfllWosV0^-1o(lD8X+y_U&Amio|?wmtWL0Hn!9pN&Oc&Mr`R< zn+$vEMac2`aNB-y&2u`twG*rFR~<RdNx9J@umYa2uzca4!^DUov8m z43*O@s(jhLz4C`z0_|}Wz@bco2gIo@C0-0ix!XBew>|X~O#TGeiJvqse^g$n-L!@V z6brnRYJv7o$p%7CGs(K8J?iS-K+bU+m>QrmnCvBNSmE4H>j&r4X9TJXVMMpR*lkKQ zxj_V`^;KGy!0#UHYoCgA!Uw=LF3$v_<&_R5F(lZ})YupFsF8?pWN%_5e1a=AMwz#K zwY?j{6k<8vMWIXvwq1tI>%Z<{e9X)X12Rr?QeYf!pk$QPz$!GFnYRQ`)Wi4;yrb3? zhya4Q{uJzN=Mv3Xw*1BbLl{ELVsvNKoz738K9zL9+^TZugSV5@Q4s6I3O! z2wf;^I>i;h#~t(Q6`4x}$<=yd(a|Cv_}cafh^!UOf~^uT;%kyoAmX2G2-jmJ#mNMh zwZLV0BbD%*?jIk^n;ho$GA@a~AbRUNv`g}FR@EKj!BS%LC>DKfX>7a;lj14v6SpR~tv5ClA{AGS5Z-1V|qt^Cn zQoq!WM|+sb4r(C=p#jsLlWW=w@=g1WLes9K5U%mck~y3wWd!~_l?63NBtI#ex{hU0o7nwQ=c!y)uSRlUG=3jN2w9q{w`CC%PUH^frv`=G9mEi zmPpdTqP{_yrTMxbfm}+`s&u%dv{0vWG@ur!(hx`Ym5$WuY{Ppw9DP}V%ke7`TvM8% zKXu5RQz#aln*-GsiK-L3tpwyrR6w>d3gdVnS|#Q~GqbNb2qX;xNrOPrAdoZ&Bn<*d zgFw=mggjwyRd|uwUH_y2LS?1U62}4^2Ss?uj)$Qhk@H`J7<=mTgjLqNXpug6P;+qt zHA%cI8m&5Pv~iL`X@)uIv(Te3(;P>ndh9=w3+!ZQrCdWefnUvM6XeR>d1}rbbN?Y{t=s~pZEl#mrx_=i2m-z zkI=XPSCTD10!oPsN^@?-zAs|9R0v8A&#Esn`~$qhKm0#`gj2ye&gG2F7hhfof6COR z`9e&!u$0F_dy=x;N&pGg+YeaJDI=K_AvTD0q1S*r7~SrvDn%-;V^Y~~`O&V)u4c^t zUwI}43rU~sJqg$3r+6j+XDt|gdCegs|=?k&qXs2Ib!JI14x?mMQ z*RLj%_#y)frmvC56ZJ$=NsUy}D3vrxN$rEAo)%S4jT%$eW!R`+v`4c^za)S;U#iKL zYI0RI%0f#ug{m6mLd4@FFF*Vg&*R~g=h28gn{Yf5V>C5yt~WqQg7Y^>$jyB8iOTE}=JzM)qPm_L-g*}57wxPKEa)rMqzLn#Dz_R% znBQOJt!A~inluK`V(~?$?#{`>3;MN7ucxJAO z?SghsIJm2BW*o9tK}~Lm*SlQgiNtn;wh~cXI_xRQ9>N=(kt6IOj5AOX>SsiCsXSd{ z^wN2xNkaBiQ{4Vq)*^eA22d~Kq_WzCeE(!8WhWAOIy2f~!mK)xui^1s?kL()tysr^uqpG039IF}d*jGbCX5YQGBetW|8+Shx2tiJ;f#R0;u-zi+)a zhZ) zi)~T)K4A%8g6)J=IvbnM+zf02*-hCBnjBSry~?>opkbvUfvH| z<>!To#5YoLollG;k>;~KQ*T^VcUYDDP^Et;rX$&^r@+WjVCY7@VCb%T!AQ3FqH6IC ziGKc*w0H$g=BTQ7t7dexEvIpgVLd#)P>q9*l0B$$(f_}+-lQAQO*Tl+U0iNawZACA z%CiNR*ozkDt8#jH*p0PZWBm=)+B@poJG3^E)=KKu|D|=4$xcnx@8{~)|GssP%Gan8 zcGj)`Rcj3gEvdBKD(!XXeq`&$y7hMJp1P}k*6MIDFmptS`uL{GxKA~rL#+?anNxSw z)2%J)vyPno&=^%tc_0RJ5~;6kXXX!cPLd4?i#9dhP=BtUp#Dssf{kYeHlDfI zcosq+ON`h>E^Tv23B9h7K$9GqgL1jKcyJdEb5*t`{`Sr#HQ}c3WOQ%)dzUuc=%wb|M1WR(; zCOB&Thcf#JhLWOJ;Ya3hRkQR7Lmo>rRr6NlhITmg6>m#7qY#_MR@88!9n^%~G7R5} z?ebb}=do|lwjTRtCOWZW-U^M2E%RTM-N&@=#HRT|bCoV{h(r}5(FBY{Q!oJw!+fItrDneI;&+o8T;+MIX_70xNt)vLreXaGRv44>&eH8k-QBB7bf?dwarG-FVT zCGPb6Ztd*5NB{&d4cYEQLvtq3*c6IEIn$M8Y*llvD8|yMH@xYBt(U|;stmysW%e)! zzzJ&l5Jg*%mb5Q-wJT!+#fH2y-MlP&b;K6O-YZRWsr?b@{Ifyz6aLwk;2)g=|LjZf zj}}ev&%Rcde|D-;?Ah4Ys`!UnBNL(ZyVa+6>h|tyorqmq)?1Rb zi-c&iKY@tm45>@($I#DbT9BnN+R(g?9iQ{(Mk-Q1u0dZ}lr@nD&<*;Uu`&EX+#J`O zyp(*SxM(DBPj3ugR97khA+Eonp}wCxf_SlU$E$hLJ?h2sNPb+sSY&3x#CCNUz{ z&0O_?Q#W(v2Q76ot3JRzxXT=LK9du+W30r3Dv@~Sz(feVZ{x13F|FH?h2KR$d{gZ- z`z=l%jKizU*coPQy3cyQ_E1*ztw1c;9zA+;Brs-YU`zw&-e%pt(}^|>6VO+PkjRL3 zWN@iMZ18giN9)Q)9`ObJFauhS9%3VQH+yrJIgs`U%e?zNzYu?{_k5Xpqi?rhmm?(E zjh-}PKdquABeo(>{`R;rfXt~NLX4zUB&5Ra1C_=q5>lb|n0Qx{klGG_op(*wI%>Ms z(b%<)rml4Wcp4lTU8~6MT19TxDhj()QBu;ijtO1sn4#;aoU*XH{aXwd%4|V|;pi$B z@(Zq6CBN6L#?}U!c)W29kAff-4=#vN@!W!tR7CdZ8dbJYm2Hx;D&fW!DchJR%LiSS zD&fY3Qg%Y3EFW}Pk`u<2 z_&br<&x8ztrb7qMff zeAew>opW>f+*!AO&W$^=KL^@hNt5Avu4WhC;s}Wx&SZ@&5jq*+;k6v2xltaC+V(4n zqV8wZcHp2NDo3AZ7{eW-w)0B0fvV|BWB4Is`@7tCY}D?*!We$okS)taEpoGX?SadU zqUVg-c&1T=3+%OswbgJh=#CV<1AH~?{#>9_FW27HzLiBDzW4tJz+Yw*u?uL?QMP+-QW=Y0 zbBjRXxRgD``g@9vaEtZ&>|%pG#V&MB3CM36177s4v~h*N%rdXe&p`M|Jy z|BrJx+9mK*)9^(z$vS_N{A`vVQDx`vLRdBN5BdI$P%Z3v7&GQ!LN~t=+R58DLhob* zu5SulPwImA810Y!{Jg=>VWjopjciRmgMVYPWeUQ-Bm2AMWKPp6&qF_l@PsO7h@oOG zkpZFV-ZQ z!}Cve)N6s=7T9^3E9x`ri%0V`e#cy$|FxTLEBNO&3QD|P@*q}qS@YfR8K;Zg2qmn# zrdcrX;9B+P@dowhnTO<$-Fxz{v(Zh#6&HBNsvAj+HWfZqBIqkvkK$s+{&1S4nz6t3 zZagTrBRF4f0lU3RWM2PrMmFo6*rTUq$Ehv$z-bfSlcsit1EDt}fzW##=4}Q-d)4vD z+noFJ#1F^$zX}GYQoRy#__zS*EYz=ZU6iHo=WKVTlExL>|2}a51vyk0J(#;U+ntb3 ze|3_iA5NuTsOmVt@yDq;a!6wVr_LmHPUc13;Gy34JIBuDj3RZPPvX>MWa3fhZIac! zRBo{s)3eF-ev<7O$(9AK+-!gBIoppVn?IH9-k!59kZj;HQQLIh6;y~vdWoFZ8a4zVf%o&m=GgYQ9@18yqn>8@%@b<++lLK;HzEgL=;P@o=)? z!B1p+kN2)n?vgxskP~?t~$A=>gt*fO45+lO?&E?Y5q?O_pp! zQ`xTOy(^SolRRHaL-SK48?r2s&EUOj^CKh=$8{v~gY@2!S+Wg~^XGki~ujO5jt7`ti9?IM;d1RV$G4`*# z_t5)qNw%|7*~WUR`t=$S%pw~eS(?VNmJs z!#rH_qozf!FWD=vv1erJTbBX#Ia}X3D)Z%eKiBi6+=g%}N|Ma7soMZHI8Th~dKJRm z@3qq*(~7kd55(O*pgjZgBewxEC%2GhSdaTjFsx@Bd9!=3f5bZ{XY-9Y`Nu|6X3brIuju3>EX45T5vZ{l<*F9NYP4UcPl$f5#4t#jDg9XmT8JnkTi{6Aw42IiC#D(BOrLM4v?kAXh58VY^ zbs0^yKwJu$orZ)8K6|A=oxp%<^s2xUQ%AxN$?2cYz9*$^HN3(SPf-YngSE{p8I<;t zhPSEWHNF4d^fNg>Rc2AUvXp_6qr z0O|DSQY(mS*3Z%jScub0z#oo0IYS*Uk%}E;CHs(!3%f4t(}_#R6m(x+6)C}|rl6sblYe*MlD^ioc1H&8mf&u6p03`|!ftz6V&|}4 z1N3p6P$p+4zZGT=hCm8ZC5%=Q1QZv{5+(&%q2+7*PG*_Jh%)jLjSWnR{*xdF9J;{3 zb1q)?My!8~i;ehK8sxK!Hda@O&*9ql0H&7f5;QQJR-!gqnAWlJvCEb!U^a#a672m7 zz|51gnaUAo3S&3r3J760BAd1o7}F8!y0wT^H!hYnI_%>hFc+cwbffD{z0)P^!<_4G zXxThI*56c())RoQiHpEOp)f;ZU^eSXIUoFOO<{Np+^&$ojT%i6>lGPr)tlPG^o>iy zRA@USFg`YPdN&$i6+BT^lJf~9l@sGR!?ez{9G55L@PO_6A_L!!3}jbaYq!CfA%nx} zlgA#>1F02{;-*BrzW*Bn$%or9L%)4LVFgCGJt4XTlW7rv2)=;kabGI$z~Etnv_}a7>2^s6>6t)iG6@z^4*B6&xGY zGrGfWpxntZwvRsN({N&*cLNFf84u*i8cb@uUmjE~2UOe5()KtFpQFmW zFWJUv_}WySqmt)-!JjIq57oj4M{P;?>Q&jTD#KO;1Ms~g@V)NBr}4N;Ua{rjq0H}-=b}O9@%m|i@cs?%QMIpBeo*1LAAc5(X(LcI4?g>X{}aR7s_ytH4a_G5dclAnBJla!`@8bDG_bHn-j4E5 zpNSF-EUw{YkBThkrGb|Nyu5}lXmKMihk4m2FJe({kcSreX`daE zBgXjQ=plZ;nJd5FD&%)}jXcgQk;l#Q`0WYuxI-RqpCOOCPVxLShT)QQ)5(#BRbY@X6RKkCe-psv7T5pyR4*!#4x%$lWJwVR_ zf}8k_D8x_7mFHa_tT(V7H`u^-iO2qfBAyeKEGCwl=E;zvd%lRE45ds<5i{I-HZ-rOQ|6Cx zoTa)CwTm(%TWci6)x4O2_w}TCF^TPKU99IK6@R>3&m?hGL(7~*Xh^t*R4^ZLtn98W(dbk&F?6HDZMf>1SiWZzC5e`fCSb_Q0d+vMbaA4I(nFk^XzA!8 zOA@n+@dZiieK8k)jupZGLghcPSw<}kl5vCbmV8OgKXTHgHc^a^Wi=$H>F2~Li7QUq zDh%tBq;%fiJ1L#Zrx^Ayr%~1*Nu}jPIqD*rPK&u=6I!nFQWrT#pTp)#+l;?IeWM-TXS zk#G0DGYkJPRw5VWCP(uT43EJAN9bf$lsB=UoXvW2KFi6)tR@i(a-casxM$UGuKF!h zza{E-g8H42IP z={_x$D*H;rJ1udOq?(yZGc*{9sY#|KIe)~}l#}@8QW8Ait-9N%cEP^Hzoo@LC*wD} z$3Oqm@tY60%9Ik&-J>@jmj#v*l<856Jq2(|XGg2fuKJ8=n7hPT)kM_!2W{KK!y8O{ zQg(Rw=5QOq!qalX!=DSc5$rlEH#~d`+rZiSk{=%aJiEc!{ZbenzLibk97i-VJbatl z8~(y)95V13&~#tMtWv6+XqKW?_Qmew|Nl^{yp6+IDqY3W-T%z}%UY)ubKn1^8XMu4 ze)sT*Pt)3ppqS4)K&!NhRbPt(!_~1Qs>M~b!UJ6`D?AV*mZ(_afr`B6=Z6Qn$`zYO zMI(_NEtCA=fp3HdZc?WvaB+NQivRjBGbHv5sO<+QqO7>uovW!_A zpNG=~zKL5)x~VIQBekw_t-_z$F3}C#`~8V_Yf|dfk6Br2mTpLCSm{6u%%4-eN@-Uf z^PtwPTwocX5>qU^Df5abRWp=n)niFzeOCp9!j(yRN#x%vK`kxy{ROaQY%#tRVi%v4 z+`-Px5>}hAKcN54XM^&B0i&6}_}lve`TJkKoOVIm?I{myKCC@;6w}ak$hcalDv7_L}n_%j6#V@*MX6 z$#wJM)|Do9Ie6J|k#dsQ9%n6Wgsdj|nd9+Crbo3!-^<5?4t#4BeE*==H19mhHTCk> zp$d+algBp{#N1E63yf5pLK1P0PQ6NfHB$X{#aSe&)8w`||E^OBw#6%h4~89!)tziI zVx)}f&4CqvQx7$P6@TJ^vVj%9mK3l=*jx=5W-41NuJT`k@amet$~-=smUOhu37kf^ z>_vs8zSdyzrcl6a35{Abf=G$-(`1+^hUZ$m#TJFE(IcYmG%YM|UstGNCMp`8TM&@c zyW&D=Hg;W(VJ~Y?=x%nt%^9WgX&|3M7c9a-x(8@#giN^Fo~oVm-NJ`Kb^T}&oYi-Mr!Ftqm$rfA(2Qrk?)=E}7{%=rT zbz$Cqo}r6_l5+13+oG##w%yWUi=-&%k3P34es$RDo7!D)b(f zxZ=akW5WrTsBYD8J-8u$Sul!iDx|$_YSIt;GPzAKr`hRFk&I%Ag)pPC?CohZGs454I+&a<#L4R^k}>9 z%-x}WN2Gim^|)eyE8wT;OW@PmHeg8{lZxE2At6*EjYioGsQkxz1@60B`dd8BUvXEk z_$GfvMR3&g{>uje1Y@!u!h`k$D+C>3`^vCg!5{qhM0(mrt{E$tAkhSu+%Kb1{*55s z@ZiOz*+F)l1=*)oy*qIKL#ib6Q)pMa5go}vgufugh}N{nuIY>(^I2Oeo%j;d5^6f& zoIOkpqcf9EffU6><)Z+`v<^jzKP(@Bcpz@X`P-$42Nb@&&d=^tZJ&{#M|)DEW6(m; zZs2|pbLj!+msF}Sx2DX;kCFS@Z&007ehtB;yec3kyeJ{VMntV7P92DvoxBl4DF z1o8`I!c2-0BK8P8oN=ReU#5|HrpPtU2Sf;jkWTZe2#2XYxcqCpgbNU{?Q&nEJ;)sX zQP{rJ;QGdXOc<9M^}>vh$OiQ0O@0HFhGi>w1Yz`Ld4XY{V#Lf^$f-D^Vz3ddZI4Y5 zmarNt-;4KQFYRP&y*1fyH6kJU)?cm0G+ZX(*VUVs6QP88JQiwD)L4xOFn{>hiXm$iZUPNwE_ z^dLEZn`$Qcln*i1GEvlE7$phJRr@Z^&_3tJR`WQ(Np+0p?>rXD(FF%2u{9^iLtZ@ za=Ms0{Lb7&Wz+S;NM|w+A!`we>!KB6lqMvd9j;1Np5lVBSU-$(ZsVbqmV3}h z?s~-4NId$4k&;|?@8-qHz_ws?nOrE4PY-04+>5}JzvqEFg>BgG7kqf0iwCU0{h=M{zgt2L>DCc}zfnEyUGEu|& zWBJO^#j>g*k7mh;eTTytW5$)WM~BrmpA`%FuZ%X;1g*XRA~V#qHByV8L0?xwS$X*m z;sMUImpv9((N00IfioDsD9SeaUsj-J3@VTUQMPMxIWq*jZ-jlkP4 z1vPuezI!i4b3vjwlU{b z+<+ojF~Io?eMLKzWyf5z-#+Qng3|BL$>Owf_!y-J4a51JusZ{Cb+G2WzSLS5w64xx zQBz(l{kgjzoW4+rnkympIJ3!s0qL-cXb!HO!>=>%p)BT6D4|6t`KI9XX&Z_V3@A$0 z)&97XHi=*aU&6?-d{Wa0SHt!G=wFlKE^PZ+Gkg`$@_^soos9$?vMTHWGk1Qk?0mgIX zk9}KqX))7&Q!o%AfAt#m?Xa^L#ZaWmQ!ERa+~o1k>alvIn`5%m9TK)i64%!z`Ht-f$u}cu} zjBsA??#^F;!nN{Td7g?iCrQ>Vl{qTTHW=+3Upaswh<2V4_(e@Dl))vKr`c=yLr zw6Y-hj4(E@s@PeJGHEg|EaZ7wcQb->-Sq5ff^Ai9dqxft6*U4;m@$~=+ zfGfQ=7(n}RHNaSnoqDp+Z1sm=TF#nyT=FzW$dBB~22zf@;>XBMD ziL1_5IF1>eO0U}46m9Rdbevh%uGDPN(ie!jY^``hNJY`c4^*+gzR@5F(%A>q(CfN~ zxOIP9GIee+i;pdRiX4v#h{TM5b~Pxc%MAuBWX%2opZd%iGc5N!v1f_xP)*LScF9OE z=`oN?R5u=xj#hlF`4sAwiS3!WygSz*ICPx4i(BQfOe+)pt|0kriop;Dt3CU{85DKV zG4}(Fj=v$(WaV|w4^p^O^8gU2QFHT;bn}0Y{Gd;ON=M%}&9asx`U;t975d1g(AOpp zHt3VTN%Rr1E(y}{UGHmnwn+v-;gO|JID0dtl;T4Jns7Ui2G?r0++mo7>O>?kRowp! zuc6qj9U&`z!6QN>p$innFwxgn3t>QeY@(}IbiiXqz2azjayh*sm~6SjdPIhj-3^Me zSp8aCKno6&Y$uoY89QK;Z??)PWHw#kAwg4VUmEy`>`U^NG!!FRQ)_qC3Y320GA;N7QYevyNtu~3-n*NFnyM# z-D{Az3;flwyqklaTPaYw9f@%@4h!k2%0>EUq5)P|>Rx_F#iR!nV?a~+Rl)5ahs&^Nyr`-pJw-W* z>W&_g!PuKXuBe--D$6hF+(P%FN_6`IKlrY$LKqz}wvs=LBkS61=XAJG3Bw21qaE%* z2Q;F~axy9ghz5ZLqRr`tC_;_TcD^CHr9EKGw?+Q+Ge$)kEB=MOuI%uUS>2<^ri4ms zZ&#?qf8#t$;9No-5Y=oasu^CbQKM1)+suG@%m|oo2JJii!BLC*FCQpPpOZz4Ld>f` zkWqGxTHy{4b8D`BaoD~>3{*om85a*-PZ&5+mD6?cHqWi2; zw6H0W;*Oxb*k4{29Cb(k<=BEdovTC|N&l9EK>1kRx_k%#h3$Y*_A>Tw`?6hzb=j+k zFQa(p(iV65wl-+p!Q@s-)j4rxK z&i!MH%H!=p8@owO7N(2ek;*oNorlI2jW_}a_J^WZg?H{9S2XcRdjh=b1xO4oXEsK$ z68*s#Ua(@?lj=C5v04nL^fFkm#Vq5xufgc0FN3S_&O=atV8z3H4yx5>X~AnavKvb6 zTT!HI{UK>}ud(x826io(*zq4~9BU2UU>04B1t?-YAF>XYk4^N}*TKfCkNQOS*QoAs z=+Vw5v+Sd>MOnuR+RD#ReUvV?(iH=?>rFq8`GfXldEsbXR&{5^6Ww5|#w-XkR;-3% z&N0eLU&I7PNZzD1VuP&U<|FKn<5+6=tZi6*AeKpM;wM?}Gd^oAzqL&pe_AU}uD?o| zk6dc@u0|EBVkL>bm&=h*kh5VOgZsm?HTPQ)j)bmgRJ(kcew`b^0%G~}XnWsf1C7`u z$Yl>ba`v%=i=T^5|HkZuP9G(!yWDvLVeJ&$hZ!1H9&m70Lb5m&{a~(KwNQ2L%{)0H z1VfirZ!TZtg2nv}3h`7`6)D>svbNOj>(jXfl?R?KCSGZrJ#kBWxN~#th8l>pe1Gui z67oi5W%NOLe*{AxqimPe|L2`G;q8YyHwQbnRK62`ytq-CT-M(xYpBn<9~5_X*07#Y z4zT268I;VWqOkQs*!qW)> zsE#rhFQJoSe~&)rLnA8wprSYHxp<|C%8cw0r5 zy4aH4GPsk= zge)@*wVxHQ6qGsFGut`)Gg1><(nrYNRhdhzBlrg!ME^gxub}yWGlxns{nL{2pq-(# zx@nE}jsDn(A!=#>>Q3kUPZ(&K8d@1)$fD7n;un9zU))#I#-i5ODBA)eV-tsfm>p)U ze`BnCNQY6@%E3}CX6#EtPa8n4r420xw&+^tGRAKMMum~W%C+%JqWhMNwTBMDqEKk` z!=)*CilR*i@Uuf^!cl+(N6wGn0&4^M%DJK9W0hwk zw8Tk?*9qGujM?D4uQJ5Hj9pGlHGQa3Td}HPFITL8MVk2Ly;;b=!_LZkk9K!YrS)Kf zAs#zX2-}nuc#rc*tAM@<&>v^Di9`32pU(jFTcqA+q5^syPUiBj;Y?Ma?-wubuA?sK z!$QSJD#dxNu!@QtX;dfKSR0aHkEc2fwyf}7u;)tkKdTn74>;SaU9d6a9oO$TSF^bS z97X?tb2%EF{JmQ=S7iqctavVy#b9X-?Wl@pCzRSJNoU4T(&1W_zf=qL)qIdjE=%P6 zfl8=YN$xeo#;sPPLVNEzleJl7#ckwJMv#cr#!^x8+ZAh6zC+Hx9Cc;M7*$WF^K+~y z)U{Toq#yDev}#K23V$hzX$XyQxkw-}&Hl2z1IIkdg$SaPD9m*97=A6&9x3!6DsC~Y zBg@VT$1bbK+v#!c{p#3BOxYB)OIKS{2yLx+EI8_>{>#sxMMUjbZ@vEk)+6?%;rc#^ zHnAKm%?Zbr`(vZ!NNqijO-xny7}W{$h!;19syZQZc~62_Ms*y=S55Fp=_;UFj`|XT zPqo`oRFyu|22Io?ilNzo)oE*CP;8JCdx&n%}QIwAs1MY zO=G3S>z7@^T*V5bVl}~pbe6ek61wn7rTE3zreamBm0CIJ(6l0}Wlg}O@K`)hYH^*P z_%)d!n9!+5znXAe9a?iq4k(QblLt;PM;dGK{Y0UoEb~h6?z0(yG$p z4Rm6ybf{vIj9@S}x>Fgu&kDxOOu(;gN8f2g*L}K%?i6g{_N!M6yEwX`1f}id&IXw{ z4UF4yXX^(-4;z97oXD!H6x5>V21RoKanqoMxT59A8UbC}ORP5{v2p%V>$Qk|ez3KU zljg)z!+J*Qi|+G<+jfWTNmTI-bNC*ks9whUTloA{f9yvzej6AX2$LHRKjE%QGw_G~ z49UN?yM-Dv)MWqdIf6sU*V&&Bv+X-a3 zY*VoFxj^-F5Kt;6#939ELzq zieRLO(&m&WU@7Pcq2hdc?34zD{r$qDDwah+nB#)-d+NZHj3zABk$ieAOB@WW0>qg> zrcg^bfC~gROVCR&7Bd=Eh_U2EnrC3K>Q*!c?J<7DO!-hW)nXkSlvcd?Cmb9tv>7G( zEl1jRt~{b#k5H@l9-IGNI2Ili2!8po#^-(@QJo+_jYY25o`gmyEfdPcSgGjDA{os) z4vQ$Li`H~3F^Hld7u_Y31hAd_p~|Pz>Dhi~DUw*DL9)3jgAB#9%FtW>B`jN&Pm7Ea zr2QB%Bi1wxs1V890_4j8sj2Yu>pKmH1YEDabL$k8h5=|0&dR%vqwo9*YwM@#J2x=8 z9>w8ws?>^u7+77!VW2cIbD7q69$NO9`VLD+ZU2gn$|%29hFZ|=J0=X=>6C&4MetDB z+vWN8#hu$k8#oJj0DhrRcd+&<3xB)wH_UlZnH2pARm8J}N!y(7iXeYR=2T60$JJvd zbW^{U9~4Y_)vsaKgUPUT^NQ~tNBz2? zu(D|(h@1E0VDyTNz=~Jsut>qbqVve#_KyUa1mhfb4)Vx6%=~)Tc}t!}tNEL#3oP5g z9%2%!s8huGeDdWHz67I{;_{Gnda$(*)6O!EWO&$Z;t^G!at{7bSG`)QzBf_zR9*E$ zgf*=R+Lsn_$L}l@3N$F@bu04sq8$uC4upH-(o znJD`rza$o~w-N^I&ecW19I{uI)6T{3YUq~m#TCBjK9e4E&T>CY=R@ZPAS*r+xNjbE z(2o3_CBH0WOZ?HJMNH9;Rr;mdkSX1-n9pM3$%zTF_@0o3+{qkV`)kOec@2*m3%{c0 zs*}y4FY2@(B-7p{AMk)?qFy_kLPUZ>QzPkW9HLibhOO6^eVg`WmPw)M8<4Mn^Bbu_ zePD6uT*Kj3lBx{QI$+e)RAOoUzWoJ~J6|%W<(#B+YNpDIEgC2s4aI10>`)S_=2ob;{DvmlQ z5&D7M@)A{r@`wbgzb;(dWi(=!Uqw0L+h3`w%FkV17%qM@u;QpNma5LF=I&3zO)!Mw zZG5mM{#z}@|N34>XY&rSkw0P`D8HChUjJT|r>|o*CPkf&cU=;f5bTIJMZ$J}Tu1$t zLnPXsS#emr`k!Pi%?n01eu70ghY(6kG?)pOA)EF)3lE=!p!=j3(?sPE93`=(8y|X- zUSxO{bUO}`#}3$&9>SDpa5b&3HfRM1lF1F)l|;h4U{^eBNB&^=+IS9HB-I|~({#V# zJ7)NH+LKoEYxp*Z6$I0hlm(uyOb^bAf4c{)q*JAh@h`$|- z)hCyI1hK3VSn%y$oKzQ^SnJ4=8mu73I-EBqGdN|t;=Pr$VC>eB%Z$xh<7R>Y1ST5EY!(ZiSH*@$~=I~?2@C`)Sh*`QnUI7m>aRB+H6_zy$Nk;UthK!1@U?_@R z+bjB!ukuhV=#$_VWn;%y!5Ka>LA!pV=I43o1bO3hhUUNXUR2ZkIDedn-#aPkB1_nI zmUxME%ednb>%xPYSc4FZORVp_=Oxx@1a3gAD^(RPvECtT`e@w}ujq(f{zu9Qv9>~z zh@b?q7L(Z})?H4I#M&2HY(AB25UXkJ)5MwyvBKkuSg)0GB0Jlludsc#CRW4hzd_d8 z(e|t)u@-1Tb)q$&Ffg%6xUoiX?8Db&wZ|tFHv1mbouF7fsve5Xjms)u>?OCY6=LCZ zHO~2!#XQp#x$5~SdY(@&&<*yhw=B=>?5$Q%VDt?Ted1}VZB%n z<51Q0e#81e9x)c8u7+#h&K1%{)vn@WHjzoPnB|~xX(g;KD{2rR&@@&)Dab&qC>ipR zmArQ?{uIR{)>kEG;CfaJ1!J-VDx}5KGR4RhfD+H7(tHUvq-Ou zc&VztC{gRf-D`dIo63A1DMO{J5zalg_n~XDIqa{&Jh%7j^3)Gw&uKF$sd!ye-T{yu z?Bu|ZUEwlrDSlNBjUWD;!9LXCdxh(V*Bbq{3$qVqJIvq|F$%Lw4Z`fg^e4dV|C2c{ z$?W&>;$`-wyu<7j{Bi#5bZ7Rond!~3$7S}PHEU*{2tT>Zo=s9}W?G2T31n0=4%v1exTGW#u3PME!pOg+p@31;uD zW~Ptf>fF@Kv`S{Cmq8ITQ>JHTTBXLp!{;LpoRpz`fkKhYQ6WreA$!^brf<9Hdo^T7 z9ySX$+sjrP1xIDBDR>{v(jSID0AP{_XR52mllC}=kdT8x5S zW`V_OqENC_-cFFqu0ci-Ueqj8oqWKGYT50l8yl+ z4G(qMx=7g0O+&=C!-FNBv=#(G9 zxrIs2eMV2Q`<*l2QOw(0nD=Z^EC0SxK0QgyrB}0DvQIS2z9IY9@)gEi1p^9|L$JPG z_N0f6f<`tPXcn0cuWleFt6XKB^pNR`o1$0lGz<2b1>$3aSC0t`z^ibynns1NeQ=@! zTSN5lt8mkF^iQgaEu|{cx5f1BGdaoBcg!r58&3U*Q%d@GgR0pGqUv$JoL={scl z_M1MU{f}~ru*s2b1>1~R|8WQc*jVJrbQIMs2$L05IW{)*I+K$ueQ{T#Ef5VD@aRDBEAb*e2 z`>UYLemdS{rGzTi?*F=k9$4jDt7MMAE5~X7QSQ;&$CMa%mz78q?~?*`NS|s$1cFx7Z+6O#Ce3oRU3hn}4I>I0^w^ zQ)Bzq5dBeEU(fj!?gLz60?RApaLZv?rb&9=Am;JDc+w=p6R8ZC#t-~br>>S%d)eBe z-9@b`jvhR)SG7>(u6cA15Qp z4qtKkohK=nEYDu|HQIWTE()&cBRefhbDd3>O1X*=(hpD9#%TDeZxO`@e?=KeqB0=o zdu9V=UX;*%KtB4_PHl0IHzqB}vYCzW$CvTDI9pzJjm+iW)#ne$R?4hA*~~T2?b-q7 z52vb5Oi{)-F>Q8YUH=6&uN#tpUG@3{xtOEBhWw0mkh6@ZGoR8D_Fu7)u%p3lveYmw z0h_f;pzqneERjW=gR!guLB$FDa9QBKf1~EW6I2yK4#uo>Vb%1ie*X1zgi=z&iyVsfes4n{D9k@4( z+bf5$`yzPvCkGG)%h@{J8XqhJ=j@^dc?)RQx=O1f?Svx0M08`Sg;C?B;2 zC}F+DOJcGy&HvAD;7VxW`6-F&bpCBxVuyHO#X}^R*2OsgP3x{1ruDR=67J%7t-G?F zs_oKS*(;v!l*{v4zRG`9Y>+LfA8lxZ(Opw0jEiJXuye8>y1P|+yKef?&iFL!%|oR1 zYznQL$Inyp6I?ri-}pE9`blxx*Q?amiSl(QU-zVc4XUr-;@25IU5?{O?q^NWvf8UI z<5FqZnTB1GEmEU55Mj}Z-8I9Jt)tPqLK$}sG;GydiR9_+OsIvy?L~f>w$DWSpyUKq zk`e6`iQpW(3A71T&SuLB5Bbh%@?g_*Rl`>KZtann=;m6UN?Jmm!_bOPO3 zrcF5RUH(q7n(lE{QGgIvjv24mPjDA7ipuHt#DK^y5Otu>Fx@W=o$i+mkvhXCEHJ3Y z)GoFIxWkw9lVI3>|l53be; z3rKa5G$+^izJ{YO zN9U54oq5h5na!Z`-x>B0N>prTiVkHgDa0WUozD;3&k9$|0M2yguA}Dq?@5CE7oVV` z9-636H>r#a(hB>RAfd;Jlu$8DNuwrB?zf&P3B6Bt%<8Vcr9Ys#dE<6Pt>UNI7Uz-hX?a}f2zOVIe_GO{;$8Um+W`? zsIIQAuCA`GuHFY(=biyWgTTALiiL!xVI|!KtXeQ+zsx#PgkpsoqP+I;<-)HvHK(#R zbxEcB^$U{r|FUMDP=VB(L1YYamy=kJ zR^G2!(d5YTGbshxJz~|9DjWLLRZr{R(6g?3W>tKOHnz~~LtTA2PR=l3|L{#Y5~9ddmPh0WBBJK?eUUGO*3O<@iW2ZFxAy8Tl$PDi~yTJ0XUO#wF)J>DW@6P zaK6OqZ@w3-6Q3U)wt1NcZSzhzS4%6%Y@ zV_XpiphrQ*x=Y_ZT>VI zl|36e{Ng*|AY3Fm_(3>?$?IBqSB3i7p#*}fdk(EA)kx5zjoR97bYDE)uPN_m&7K4fBJs)Qn09B9EnesN#`=^tS}i+^MC2)KTv6P~*XcbN|Zv_Ty&*=az@2_7T9CNXVHNDdN&u3jp_gC89g^5BKyK|kA;hzAd!7|b@S zHn_Cf1NmxK7OMSK)xJ2RxY{;l_sOfnlTVQl00b)mj%lS1=g~TWR100ys!JK^jig{SP^NK|CrqIFnXjlG3T)z z(BFTsNn=B#&!v2t_uwXXzkNQX)H|(!dbd8_DygcpjkO}2$7_5;Wu`9PFcxY*^ zpS2&7>n=I9dzs`?Zt`*hI-2eSd!gH0if$9DJ`3F@R((oUymu@)T1(i6k_+R@vzv{l z^I8Vi1G;7V$Eq*3S`(~RtSXMorMM|Y|FkVvU2lP<1DV*qqdQ+;OTE6*-~J~{+Fxir^xgPxK z0{{NW0ac>8ck`%k5B`UF0P?~K82ichLV0{2h4!e=mSv5Q1+h&Gq0D0^g2nxl~%_Y7udk1lS)TkWFwV>zAF$xt*T$CyY`}n$l{zEDlxYZU~Ur$&hFr6~t8yHR002n@b9xIu^q+v(d0l z_2{=ebmjK;z|^d1?)68|JW`J=qMm!+e`^xCC;4t~62Is_)8vaxZiV_M7u7#r-}9EM ze!*CG1c_?DP$j*z(B!@P-nPn(B&tei*t38bAdAUnnrnYdwjA4;F}Drz+SEga|Gi{s zxDF#-NRV!QxjsnWEtF&ecJ>-q;j(^ZtI~1JQtIZW|)<0}Bs|23D#;F$l z;51Y@{rycl{ZrrzX}vbm79?ioG)`Pli$8StJZc1pG`~TMIt?>T@ZZZwwbLrLSh}_6 z9yJe!NV80i9GrESxoK{H>Cvgbi z;EkyEib1IczHbf0&nf^GL;~A^h_2{z1ZhCy!|eD=*tvh(tv2bS{+6Mu!c^yv#C4mc zBQalNXQx^s#vq}@pJOql6tS};|KFp6`zuI~K z5G_CtQn-DC+&!slXbV^$88pkllhvsCUSPXWg#C|?!j8c$(757E?lnXSWUS)*|5jtRoUjp`x}&_b0i%T>l|Fr&NOK8pV?7tc-nb2cYG;& zhB{!-nH>gw{#%wY!jNq^Ec+b<%x?RK0_HBY8Reg7`cS&+>c(kF&K?A)oxHpbhU#O+ zQLI-k)@w0gU{|TPbsh;Nbh-P-gV0d%o*(re!`%aXw2z%YYyWXAD0jz))vEQ;w4BXN zc(!yfDaETmx%=zif;R5<9|V-lKzbG;NXrR6xAHtV^bNa$&e^!w z$(~lw0i?-f`UD{rw3iC_eIQ{ooJS_ss;IbJ0w4fA6Q7;{G>E`<8TZ2L#h_O)g0i^p z05pim$0H9~E11Nwgyv|B8(=%>=zef?pqL-7VYI|r zX)RM|^C&Qy!@ZssVv%$A_?z&GoAd6TA?QB}v`$>3>45^h7oa&7%$&}Tf(Ew5FWanS zab&iluyC!(?k#U}9cVpJ(e;7N7%zQx5y#nG=S}VlDVpZ|x5;JnEk;;KgM=BZOV0Bv z-8ln?vp1kvE9dw+;A5$SJfCuFM$u!lk>(UNu>N<6KE_8`!)`i|ZmRCm&|B9gBh6n3 zpk}$Nl5}hRyZ5qXi9c;iM^5o87nT1Q>E6k=+;ue+zg6@#*F(Y${n2y83UbQJ6K%kH4 zBDisF$So|h!hX#)lVYU#5%s1B}o|zlF)u!SD%iY(l0gL=zM{Zt*8Lofwh<@l^ z_az!`%HF!I0GnhFvG}Fv3zi1C0C149R(CD$V^YBh2b(2&V|J(|qtSecV!=$BR6r@y zMsQQh-bfG%t3`AT^vA8+lq>tEP-NYhuQ4>w$K+g%J&ZhGve8@pA7$-iaJaw{Y3>dK zkvmrc^E#9-{e2O-kcLXM&b9k*CfGXni2q)s@B95XTc36A4*w17u5;QJQkP*^=aTx? z?CR|sS%}xd1m?!xU?d?eO1oPSKvw7jpISxgB6n4o`U0tVIjGuXD}e6-yyvEd1@yv_ zGz(G}yHmo{MWn`3Cu#bnjr|l0l2;boA2@ClN|&lYvT-4q91=`iEbe!SAoFa?tVx?k zsSlJcrhwi8qmr+@=)ny3U>5m24`pePw>x=;x)hs8^F{nr%QN}Q(duw9tNY!bt@k=J zK-1*jt7V>PN*OyiIj_MExry^tbGc?Aiwvyb`=lp=-pNgDQ>G~bmO-u0gk&M_8eg%> zSERp16UuQ31?=c71J8C$7a&79&pi%Wc-)MZ82e@s6@qMWfG$xYdD@0nR(U?U5 za9>I7Bc!2M34Z-h;B{HV_RPeZg?5rcNUcUGeGfscXnT$6fwo!8J}5qG6(|eY=4X#v zn6-=ciwT!FoGCVdc3|eM*`0Y|2D+QF?*`mwq;DALJ!6#P$!9NZ=dJHmpQev@mF2nHS#*#z5y352+|Fxq2A$c z3+hbIw-*fI!a}dl%;%+nw>V~j*aM0jo6lQ9p7=@R2r~B#8?@e0fax+gXt0ar`SUTY zDP^Q(_IFUg4dohe7ufQP2vo8Q2A_n6Ev*cJUYHx!#NZ74Qd&0XhTf#kgM0pl68ib(T4OjXHM z5OWjR73uFyQW{OSSnpE)8|GN==J{_V=X%!=DwcP%gx99(22PW=tqBUM@;rS*wfiC{%C$sCB`g(iSqi2Pj=bW(d*mxT(7cNAujo#j5;M%hzN8 zC^R^nb5Nz9BA`Yh+1nt*mzlmyOU5x%PuBL7wW+sfzE%lgUk#A?Qp6}B>`S=7sJVB@ z2|KStZ9h^`z0_02dtp{j_pMET42RJ#TGyI6MSZmFLf5XNmWdA?e0O9{W7gEBP7!?r zhTvL6SQ<`9N1AQLg26+E*gwGgcpwGabx%u8SOiijmit?KlhepcosEtwoxL(m+qEeke{?<9{%Iu9`(S)f-#9_>D$RSeNV!$ z!}z01KwE{q@o1ASdFauOPhSeVigW0Vv|JeZD{D<}vzu*)nI_~r-9tD(u>_1!%VgzS zN3wcG!ilbFd6gt`US4&&xzvJT%r$$3-RRNGjs1lwpvZM-hdpfPAYQ-)3Usb>(FyAdgiax1!l&v?br(wjrkv ztQs<7TnOyYXCl(_E3vlxE0Sr`{gR8M_k|m#zOLiXf#kx|V?T1(Ikz%P79(<4(KfkX z-|sg~uS%Kq-X71|rvgN6a&7*bA=u>p#&_Uwpb4NmVnA6KDED&jNE<_Q9~A}OPuABd zREtSh=J*LJ-Vtfmzy}snF>%1~+=05x{53Eb8=e5vHTO zMzhjpWN)Lefs=eD%CpqpNVArLKum0+{9+Ti_N=dgVRWSpMp_8Xlgr3lAI!sDZ2_z^ z1gS^UW(FmCzhG^bP_-BFd63FSFn3O z`w#h(@O&d)AvS*!nW}~J{r^3DB_8&kGC^%D%DbY(3-*4taAvMkdp&`O;*G7hKJhVz z3(x&+up%RtRhutRLVtGy5s0AAa^aL%Mxlk!ge3+1d3^u_&q}YNrAZJ))4=eiJXi-- zeH#q}y}Xr}+dgD}YS^eAxW;Y~Dz$^;7i;0dFJdAy8dE#W$j$9WG_)mdNM2i=QMzGj82w?nXA@6vfl9qv4{=5Xz%{c!=PIWlu23ZX5r)ghrVLE&!0Ap?`gN@H6?Xj)S>i6lm?g~QUSHdk z>pJ}`+fH+J;O(Z%#+2a}*tBeT0J1h2e+$*(jJMe1)^MWf&4Ug5W?D_G;M zZ?!%|nir8Cbob9ECF9?0rn8GxBmQ6L@oBGe9KA7~w@8 zD?K)q?_3akGT9AW08+mQ!aQpvDYQMgQ_?SQEY%~SKw5NCa^%1D@~WV_HrPPJn)s9$ z(HfSVf?jrHyYV3hl$Ns)bRN;+O>>|-;gGHBLf7J}q9svJcQD~Hi=;a8jLg%wO91p+YqTqvIU5XppwF zP$VdXtu>bVWz~NGWe5T)IoGo#9t$>p=niu1eO)8l&@X$eaVEO}_agoFmTKK@scCH= zGl7OchuB{PDi~4U7P)d0V%P+O<}DK<^EOc<_?zWL&59elgaS*~ByFP*O&{2US=)I~ zcTFFSfN!0}m~~Kg(Q>v2E^?<`3yoI|AujjGx25G*xYipPLO*voPhRg<9;B;pEIcI^ z+U08fPy8dmnNvJEHq<=EGa{{1C@D- zR)p8~;QIa-aLM2N2XIRQa74_m)mEJKy$Hj{ul~;%4&M$W;=m<=hi>|d+NQ^?U-1Lo zD^~#|Vcle^#ZRwIK4dgN$~}=Fi?ji?$;Z{z;2JR$80;1;0_B8JfFce1mmqdvDPqWC zHhQ*w6K#ss*FhG8fJ??NV&Le&HKR89=)iCc`noqkuC~3|QbcIwhNIBe{rv`3339_> zKqJ#hrq?z5-4-r)Jego)B>lan(|ypQ4$I>Md0lJ2u#tJkk9YM=yhpzAsJ$UIf_E)ungTMXa&#NQ0F!Uh~|OBb1)yZrU=rqS>r zZ$KTwOxs1^gSPe#E|uv}ESP&zaoiaL?2;D9WQXb>oQ^!5+{1LIKH-0aecN{wf*gezKj{L1Y^o7)xoOODc>ey0JzqZ;+P2tAi4! z@K}bwHmNzeR0gVO`c}0+y^2HF3B=;Pm5SMejmh~n@*aNe$w$@wd{pwW>aTq8I8Ki} z|Bi4-w7f%YCKmi9H$Hie$!Vz{^a>vBT}6NMOnyFEmS^(*MNGb}Sn6-*j(EXHvDUoV zUsGl;LD@qhrcx16Kv8Sop*T+P=zB%{%dl%QPXwp?e^J+N+}~deJi}dSdaXS+!-2TD zj+vGwS1Z>S!!~59VtM4w>I7E2wQO2-e6>)0q&c&vwKJDH{9L{jaQ{nZxSk!n9EE*A z_8nok*`@;zYzaHCQXSCLiKexia?pS8Vd&pMNY5 zUOHK5`oi3~!CmaZvmsdPo}f}ubcOuY;1W*SrU$2JKDWCI{!0_Hikdj*|I!4HV5jMx zNdowltN1LT-3RItel<+_(WY=rbzBtOppbdbb=}vtpW0r|drBaRrh}f5L20dwwXAM9 z09MfrbqvoNw=0?X#j_&UMErRE72i#2_U_N<=0iVp&ARH$bYexr<{X{p;s-KKKz00L8aq+e=UG2F7XJsyT5a#w)+f<2hGINRHt;;I zUw(gQl2UtIZGS2@^2h!8X`%!IpQ7l%u;}63#3nuu>T#?J@QY(fUI)c!|DXWDNp25n z2>wdj9@4^0GEBqH?ye45i}s-mHkzxgn~P(K8-|k*OWZohAO*1tr=t8nIDwQ}-H6ln z4^$o`a1Za0MW z!iTYC>xi_uPH&(s{TroJE!*EN=r7e-cu;E%NkD4VMjM$$a02p>Gaa#ZwT&X&xC9D+ zTd7Tr3;FElKU?|iGGiFQErGN`Qu0wWAmVQs?vpwXx9S*3MEE`4s%U5>pkc zKQHOPI78x}xPV5vM zQ`U;-yls!uo>lzP@`Jb0aaz34T|Va&r`)Bj*a&@--oX0JjaVz3i}RZ9XcgW=2WvQ@ zYo3qRx0M7q$Jwgh)F?h3@)Zb}ZwqOe0sIO`k%>!CBx@EEZUR(;VAxdtU_QcTk!|ni z+r!eD&#_IPO0nlDICE<`zA{$50%q8dJP{S|)!fRZP^rw`YkenHJ$_K6xd+=-NIK`U z9gy@6k#qq2ZKHmR88K27XY8n`j(9A5d(2OvSaN#*fU61rdxM72di-Z*5Bm~`$x9mF zDDg4Nt6qBvS9&c{I5E7%7qQ6w%VO2-Gp6&BU^P*})iZ7Y$3{deFF6a0pZjzN7|S0q zGYq)c(s?S2Fs00>lM_Q7v&sdts%GJdiIFa#XcaJ9nNAsdLBphjRhnB@?IKrw1hMMn zEc}+pS(p4#RgCAsusg(--8CE>v8C`3okzQFL}Pl!zJLXMpUsN6cSuL%%5o$F{G|z% z#g)_ACX@XP-nt<5l_9nCP>peF*p>~w%Uou+EjchE7*JcJc>=P8q6>LS@+(ttH@fE* z5ahXOMM|~i;P#FT2D?4igmJ{Fksb45 zz-3GkMC2y7ZV&Oj2^67?fc8P5jBUEKOH_mBso=SEJUFA|xN7h4SL=g$FF8h65`uxowJ$3ThEBbXB@nyZkj`s2BT>i8(qil1re9o z+gG6TjE6;zuT6DdQCr=v3rZCilmhW$=4=6JG9WxJn0bvyw+!`_2oQ-k4cZkNO>s$+ zNnZx)IqPw*zM7N7npTDkQ9pb}1&t08agswfvnlXvxEl@;1ZA0^Xklm?xw-4~*@cQa zfm_6`Kg~d0Om+9W6~0EKs79A~omq7Y)rPL&!Pzx5tjbc6EJnWDj6$O3Rx`xdy3``{ z-dsxWhheGwT0%fN>oW-3Y6z}+MBuXYd51h`Z)uQMc5;tS?-7h2;f`U(7s%-3;i z-4rJ)g1uGW+6C0+F6q*Mej~G^PI|&#ra=@63)fqPD+OgnZPu}>_@`!JUG?E>B3H@Q z!7rAr?rV;ZJl=hfYTQm@Vp&_J7u%}nrnSv&k%v}}i_~r&SN&=HC?4aI4M=n`RfqTN zjjn$RNOKR(4QZ=EW?kRLQ&7=WIckWoYC=Kuu{6hb4>~1h)x-)norojZD(i*sY|t5w zBLc$Dc`Dx@v4{0XZ<{|8x$-E8LlfLiL^Z8XU6_kp=Mck6YTjsNjX3T;qME69+Kzex zX1WSjKOM$w)*_;_E45Ofn^X3;l zo$v1M%i8q_n~|W|>?~`WsX0r7?}ZL+_T3Sv{Q#A@ET{}Pzih*)z{rfEFB*X6Jp^d` zp~@{cO0;YgnbcoN*aC>mH^9~I#+x=%vj&4jl2UpK55(#-BAlz%_) zz>xXUcAo=lQ?pg^G*twTTu@Qo;O^_5TNsPkJFzUXzE;r=JdCszK57 z(se)!&I>g^Ghb`QriS%b0Y1x?N_BTz`$*Z>fn}umN|K{1dX)ulpJo*P#6-TSEQ!~6 zV;+ClX!W>(m3y}7nN7b0{)}R>-@iJC)A7VVqN&C%w9}elfqGv}++5Ve_pNNh686PW zE$Q_gsqQvS_6i1DkVMC(H3;@q zUnV9#Y7!y-qaiD!8&`CR$H%oa@ciee@x6I|_ppg@pN>X`b|Gm%{iCrF4Q-L*pB_=) z5lM{!ixKtd$bw_|NIc#29=T(6--&ivAwV#6WWmXrIjM>p zct>KpF&aSonRkImfp}?wD5=r3j4BqW>&((zF9p^rSAn{Qm*)Dq8FJl(3bVrKl&7ge z!7*SmJwQ3UXy;Bx+jP!T-Eql}0G8!7i|sHy1WXN)=XR8<-JT(G|BiC|lk3|1bT7*^ zm=vjB5=(T+D1QF7Og_`Qq|~N}(U%&w95sP``Fi_PajrCGrqd|aX}V#m>}gW-Qp2j% zswUFX3)JWRd)r=CcD9N2iJ=42nu$M&MSjutc{DO-98s9s#|`Y?okYP&TrrRXg)0VD zMM;%wxlPCKKS*onL&w6B?4M}vU-6&YZmJ_Y6C$nnFeK7b)L0tjpJ@6*{&jEfOh+FE zx?PV+Ros##GwT_HUrUf=;;zc_N`Zq}-*qyO2tv^8-chEAaV1$06u1>~*CB>yYA&`?N>00pV@hc2kqZ`E`++ zcbRt!tVaZqt62A53G+wEh^7w{Pvv^)B!^0c8Ji_OW5t6zsv%zy_gub4R?a=w?x^6= zDtKqUAoB^oEbt8MK*1f(k*qJWhuF#6%gy>B6|>DBrMD9-Ny^Vbff}-hDL?)076l5* z59(Q`n~An1i3Xtc?u#Ww=Xs7F-o!q$WQE{_U2LL}3eXa}WV8`cT4n+tlIF4Gob!;# z<-#Sk$58uIaR+~#Br5w;#`cC~i4L#h#ge0ber4Y>xBD(=vIwlM#HdOQ`yNR{a_;RO zBx0RS>euAV3;f)6y_gi`7>miez#LjqJ=R}Yi55PtdfJBguHv_*wkl-Gsnh?J(PWJ! zC*e*r*bTvb(kARbZM+qBp{A4f!OCM(#&+j>J|baZUFyf(DkYs)v$FFVf!i`ml9v6A zxYOMJrmW@F`F*SmeuA$lUwQIEAD3vnQ#?X}bB3%Y_mMF77He}VbBveGTktKw0Z~B& zZie4;1h!~*bMJz7b^@mjvW|A-e#1OrYh}Lt=3_cx5N)+|YNDkop3NI&?g#wRO8$wa zcj<$2u@j6%fqO~|cz)g@OZQQb6=L`M1BS}?gqx;ws^ap}3P1s3PawLj-Gd2$KG)D@ zzE>zZYu(GBjW}?luGC!-*bGYLY=)WUq);Dhmh4~i(~mx(@Ay6tn=^b~i^N*zJleqG@nID8> z)-VS6BlGZ!#$z{)hnZ4E8oJh}ncmS$Kc6?h+rHK2>CrvH5ty>9?`-m8CmX@p2=QaCLG>;!?DLUt)wl zCYE~=Z#v{*JI3iJr@wDC12K$Q_iD;AIq-s`#EuI|vS5=kS7@7S=lWl| z{-z5@7AORnmb)8~birx#L@R>BWsznX&!i}{SqWkb@Fv6-*PkVf zLI?OncU~}qJ_T}ct?ha~v4cpBmbI0EIP!~dB>zOhQUxQ6rcdGD?0Mu?mgYt+w}yY+ zjk#_>+L-+*r9R4^{um5@`ZG~5wE26sG*?@oX!?7Cak_^g!wmG>3V9_B%f*d1vLDa} z2@PPK`+Tt$eJ;op2OwZ2uJ~ms=(z@Z3jbQer9^ z-MkBL9~hCftk!Y|W$aB|kXQ1uil58Mzm@Z*rQ?AIz9)UXSprGSGS+n3PsSUFyjOJD)^1=vPMH6IQXHka zgq3 zRQXp_b}4EGT^kAMQ=^U~D;jxd_n!7H)+gPs>2uutK4Y8Si(J#^*!gv1yYLh*#{ms* z9>1ddEKu3xRxth=zD@2?zQSJa$PGjSN-iLBd`vaI6Km(_3ly%#?FHn}rW)RXXv}%7 z+dbe>A(m`>#~phi-t)wsf>E{+S!TU-PuTdhyEgvHS8LuDI?S`n+#GwfX|5XK5Hkm3 zZSHvmr`!08Ed3K&XQXBoj|!*nu}?&>UX;lDtO!}TXljjs>)GKmoIyL2_&ds)*r(|c z4}Z60Q#0+*kDZzxnQu)V#WejiuWmd^S`gPyR|njwUv+~AW$+0_u)oTpFsN9#(+YJL6-34st`uS3zo3;-7sN~$1UN~ zSHgr*_gTW)XTyYHw^+hM1sGGVQY%XfFix|CqYE&imT+?c#$ZdB9>6ehb;jw~hATrK zo}RH(!Ht@(cRZzE$TgMN zO(+LjD1|$a^n_3NtWEOlrcT86H4M5~>Av-Z;{UPp<{9R8ue;(P%k%M2^<56F_ejNB{p zxmMlh>e$o_#6QmGTHQ;n?nA0Oin=G{bBpS(q^|qJMsZNZf%yVf-RshF=W#6*2pOb! zd85(>PKLa?Y)~mphn^QkOUPZlqudwO=63+;t)A%n%~&TrU4voU3u+O(ATgRrAP&%N z3VDH{u5g+@#nZB(6!=fAX+>Mk;H9e$ow1_=C#!(`Z`@Ts4K{0znu4q+C*0HljO*Q? z=%f5;k37m&kmi%9G|JYMmZ$inG|UH&jS`6_jRI9updt&Vk$^tT=HTtfg75Rgl#EF* zlKPSe5-?5F1WA{W#M~uD0m{hWAaRNkanaLRv(#WW;ZS% zt6mmaAQw6D!-9J)5n^@wxhJZgK1^~7NYaK2e9{3*k~)W{-f$R)$j>*a!UyM-cw#Go&2@pCwBoFF+_;ja4}mCXy2%H(ha^a@Uj zmWmtPmJQO$#!?V=SYsfNW64_n|0R|%{Px@3YZu`25>$^(fwjg?s%@H61y{<=fE>gz zwXYD4exQD-PlW7{o6NXwmh=F>{*q{shX&94aI1!nLigW7ApuEFpv7{OQBtKJr;)w_ z>;>7JD%ozkj?_vfFXBk^|ImugK`X&TUII|?U-^?K<3+z2X;eq+KVvhpw=dORT1tvb zG~JI<*-L^Vhy-F2=nfAf~!?)D?F){g%*122Z{#07?J=Am1Rfj-HfG8Iilg-y5SJ421e#IkiqIONc>$b z)5AyA;tMT}4T>}TLH^jv2;otdr)$!;?iP&EPt0 zzRz)s+fkNuh%hMM-V+Sb(wR0+v{dHi^RL|)=uukaGAr`AicF;lK#vZ9o&-?v$?xlT zs7_6?1J|#mYVRB6@~X6{lktZCLGbWV{7kps{vdY>d$!jvuPk#FPm0>w%r=Yw;Y)dj z-b-KEwS!|&g~f2Megc7hX-leqE~yW=t-TBoe_hc7<&p?yi_Ds$2RK}VedCTv1%gch zi(P-a8?u)U@M=r}YdM&_Ol44j>0IVcJg;C8nrjn$RHIs$wk%k&B_||0@mN*`lN}dA zD|Fh9I&>?{36W;agTQCBha0?~kZWKSwkOq4i(lE|(QUhdSpZJU_{$h-Xa6hws%y<} zjwj7%AUbcW>0&L@_~GvTf!QCJtTGuBrwX#@F-x;5Dg2B}2E9I6IbuZD^SdH%pmEM1 zS&7{RNKr=IK6{kkORa0 zI``@IzB`}scgRMM6PseMOt#=z1d-~OIP6f;7komh;_Ce2)lJYdIB0m9-ew-=q!)(x zNxs0%DiGzLX!1bf4P94`3JM;~I*oqtDO-Euc7!u5(9ju)#BzCV6ye6rb%U*Q2q< zWX+~r^W^5dtzO-dj>QitTpEH%%T9(@EQVLABKmGPYpg?FMoBj}VLhNUH)`EIUErG--^_jdhA7|gUb~-p2E&)S zm{OT0U*OHs0$z4aqJS+|kMAh=GUbj3_~O!BkKnoFI$~ZLPhNZu#*zam+E7~556)~A zeVIpWL>mfC$QLrM@VMyFXxB<189#K`lN$B}11XNb4k;rp=uIm!`RyUYdCo2SNCv3M z8sCO}vbb^7s5z)H?6^y`VO{Ueq@o?3I!qoV=Qk-vA~kVgELDHKhOUQ&bTsrdtj%ZH z8aL{o>2T5^j}?vLhcu9^XB5i`#-eBclJ(c~r!w;kEcNcu&k99b&hfVUDZKu^-N^g_ ziexf=RXILiz$Q_Y7NTisnC|urQeL51_y3PY=1@emSbsK}f~W3hyuj`oETZlSqV8!F zhPoN9wQ2=lnJ-wxGm7eyxy_$-EZI>3EUW0sDjfM(P5fGu%}ZqcWKH+urjyK z*cm&Zl**cP_8jgC&mYH0THaurx}rR2^Dl4F=6bdH{s%#u+GeRg!GW2Y-HJ#`)ZC(0 zuO}B@$MiTH4=^as=YGPt#FMUOYEM&J^?E>UayGX0t;vbExFdsPDI|n#7>LTvL!PrM zeHd&MnTEYwcDi>>XbjO`b7uk{j9|MZ)Z0pwn`p zkmZ=*&5#d_ul%f4jD#?n?aI;uej3UF*&VVD#?xz5e<&^DVSGc8@Fq%2X@Mwxil*NY zj1PF03Zg6)cb+=QV%>;AGhb5#$aOoaxIq=~r6OGF2g<74>8tEnT7}h%w%%8j%c$bZ zQ_;`j##S>^|^KL7J5w&)EXhL-< zzzEK#TLq(sJ4no`7(n)`zyGz^)t;rLn`tqI4?=iHn(Gh}5+q~15i{?Y7w*u1N;Z0UmB8~LV9q7F zLScatbgL8J&lArcWb1T&efdFFemBY+lwHpB zT2H2{eEm}uedutJl=FvRb>i+lzOn+@*GdX_?mj~W{_P<=U0NV&!#YU?Ui1a-E-m08 zoI?S()BCKvJZvjOno3LgDe_}V*&cFgX|9KHzH+sP9ABF2Q8-VzdbRtI(p(SuBIRli zx$};4FD2Jq@K3+eW*)@dDcq3o1gDt3YFT4}Kt z?yu#wulw~*41~8OnV+mA7My{7q&&VCLly5M&F14~ZO3L;y3>jHnb)G;5NVS=^<3`> zUat~MdTS;R0rq$IA|EL2%?Em;0+WTHGm{c607}j(cc08Rh$O>g;(A^SrUE_%a+{4! z=`C~Wf?BJ58is}Mc*8L=9(gIOqHXJ_7++**;OaJtxjwvnGXr*kUbB{0Z zt(;%~%^0XhZT0^Ci1{lH-murEhFx}{l(S9lVZ1^8 z;o5((?-OWICwJ1|wO+>TvDape7N7mg2<*h?#<5jh8*nUOs~f+Z4M0CyaMK?UJ9`PZ zSmmeCIj;B2>hFe}s>9pu4r;|^_a<}2SwGhq?l;|Ps=t`g2sLheIizkI5SMytG}7P9 z1LC_>#U-T$#!?DTA`#@3wOZBwg>9$hU(v|8x9n7L8@u)J(%PO$E~a+24Z7_`?$UYu z8i!_k;#+}c;unj?j`}GZ>!*C9?jip@DPMo5Uxs`X7<2_Efpl9>=`YyX@h+ z>7q~sL3wG7Q%~_zYH7nMH4-`sRZ!B4e;bLY5&9kx`a;5n8KJ44`JutBSj&Ur+m&uo z>Cs{7%otzvZ>2^344bc_yHhl8niI(~<-W?i(kfm~{|{9%a>Rlw&MPh8r^!t!@PIEc zy0n1r&21`RoQ^Y95fSMet2w9Ih+~DR*k@+2imNQci2bxwM`TzNue-mW?MGE6ahWtA z_xhjNxt`3a&#+-nESEco57eKP?QO~G60&)`mx&hTZv{lw+Uy1O(Hf`Ju$w(h_r~9P zV4m^&i1T&?=Wl}3_9lv^e5OW~7V$KEL`80;i0$Dv;T3ef+Tw2Tobt@CJ`P+=Qx#?T z%8%2zAZ$jbDxXK?@L{*$fYf{e6d4ww!pn+HBg*2V%(hyeJP3;rOWhI{(a^NqESjdc zVq?A+U%Fqt$0~%xJXTc>sZSha*w0xN5^7-qfj5M}+BbwfZXNIB&oJrjDW&B-VV%m~ zPkDjvQD1#fe1)_?dz@X?)V)e8c_w+6O4*yjMP61%V$*ICl_te(>5fk@)*)d$8X5C; zW5XWqc47@7B4P~rLfDb4jg>#E%Q!=9nOc-IJ93YuuO zXh!74O5cXSYh`2nTrFqct4;0#_0bF(*hUXq^8ym|0N{>ePg1_d97i%ZA7Gs_5FQtVdWh5g-EMu`?cddVU)Z$ODXXu^H)nkbQ2Q#|fxm6rBo zI7FrYPHAArUtsU(+-oTB?L7flmVF%hRFziq^!c{vV|W{iq%R#?=oZ`++{!4F_}c z0IKFrH)N)v6mrUUQvW&@drCS!nF;E`^(dW(kCV9f) z`hB>`!DpWfXTx7tiJTJkYoQ-UBr^`kaveFaem$DLm zt74$<)8OM!nrY2H(e!I-YxA?XgyC@2CGz|H)q=b;9}?1!xx6iE?eb)#`5jf;IaV-~ zZ%{&ia9~5k;$ytAla2B@qP;dmZ;lu3eGIry1xs9lMx|5ndKgE<*K%b2+3N1)Xje&6 z9%@3hTjnV$!M0Ep7-RpAAyX_h=z8*k}SL(hCzKL}ME5rA7 za_;>TK-*438wlpW27Ca_nvFuOBc2V1M|wvvJfHLFhU2wEYyKskVmCT*&94DSreO9j zYk)D=W_xm!q^y}_X}Myh;`vR2@Yg!PEh*{tNQ`iU zdmBIuC)Pwc{B|*9A`5;Kq&Lmc=Hd_b>m)9IykD2Ps8WWDjRfD5^Y7jXKg1y*@$9+8 zEYujcdLaG%WpJiy_{!NQF3!B9$ov&5lB&4*>5`6LNoq7bk*;OL1fuXa6Lj){h@|v| zrKK;h(#KKSBLAIIntQqBj#KVv>JBN*^-E8TTsQK?KnL5Uw1`KhPDS>lh-opnUxSYZ z`}sJIAKaX=&3S%XY4q9Rwi+RbAgfVFx{$1(NM#n{FrEgT+gFx!e3l`5u8{o|xy_}y z9@(?W&HNHdlyDeE4JN?LQhI`YqJ*V68a!+t5Z{kSaHMkwsczIMHnnYDYc8lqyVEn{ zlV+r(v58&n<`S!l_`YNlS<=$M)>3@3 zABNIaR{FfC1U{Ef+#5(g#4STbaEyiy_l*6H9}gZI+e`4!HY1wW35M$e9_)nZ+$Q&D zNUFbeC+ly{-8UTuIa`d2K({hmT|cTa<&k7Oaf+D^DqB3dr?QXbR|EOKf-p;y*7ctP z1(AVZ-Q+$(s$wOoELj%2U;HdAJ z8>{gjivdNWu4`+>?N|Ex$?;YGBXMc)ksLoTOu-c8&yjmh&MbpRf+oXM1!yjwZ`Qw%_NlwEQ36#yI1LJ|FqmQW ztWGRKi*|Q8LIP+H{sU-I2R&|k2--nFV^`!|kxLLOqR}PHL{Fol#4>D*p)Q&nf4I-z z>C)h1(<=vrpRrVrFU|>rVfv*gHEWuy9K$dMFL`&@cm7#z_r>VoMbjd`>_WvPxnadQ z`p#GM#WUxVDAE?Hd~sZ%O2&Un7`eCj*1B$9%>0>4Vtdm<{?&i&O}aS3)FCWYiGR3% zsM&|GuT3>hi=}2vb8o|*a$J#2IT;qIPu-_pDpGudCz@!}Cv%r-a!MAWD71|xnpa0x zt_DO}L zSIpLPgsw?!DU!OP!nISb9k`g^)yqVuiEzfqr&FhPsqT!_cS5J9^K_bXd~dkt-hrMm z)|<)WGxxvQm=A1JE3$5LY%C6t8~?ydm6kx~)K2`buiTkzjM(}ue zrF#Gk+HWJcFNOfGXF8$rTO?jzH|NhNX}j_U~MCnwEG*7O9ri@!7H@URIy_30ew{T(7t~-we@opt6p# z(SFyt8xXS;sNxKZb}B`pyuvNs^JmsJ zxRW0b2Upr{pebIf!TmwI23L3Z^LD8G;xCh$zZ&(qyMw(Eq}mU4uQCtpb^-I7G5L37 zht{R040l7o&ib&z{ej6qt-;iK{jm@Qt985(OzTv{y}4pL6vUo;vv@(UoZD}NA0~Xw z_45~q&%&J^;!`e%Vm9@@5Es$hUsZ6EtD#`_?tE{8m&Yg7%N|0vUiPz1{=+L!wWx=E zM$$KnY*HjzcfU_Q$dW&CCtMf==TIyNe@kkTh&I_@Jt0tzILvPfEI|A&ZsYNWkrLz2 z@$Y=E=;mAps-im6r$!@Lvsm9{{+oNfIrr~zmfoRn=f9We`%VA7NZ+0Qd!fFc^51Rx zPU~AT{>`phP-Gku=U@*57# zj1Ix;RpAay7pg<(8oglQ?zu#*u(MJjd+x^uxIfIU2itc+uRhn{(Sl8ev z0HQic)uc-wxnnJx=ze7BVB60xA1p}~B2!gtRUb_Ksry^<1k=2g*3vH}|iPmUfDAk;>3P}@^c7NbHZ zZzDVC2?XB!9pAsCDwTHqEz63>>F`2Nb9nYMx56h+4iOBWFJqJnPq@U7^N6X!4ZgzR zVai9Y$*1gPJSc^SQ84D{gczAmSU-of`G@Z@VM*@65%bNKavnZ2?gKQP%$a;i09YiM zRlEf-IrA~w%1|cQafpe5oO`lC*EDUdBHAqPgy*k7Ht9J)IGBn0wopC8nA09Bty0Vs zkv8#Vp+aWm5aH%6UH|2sz~Mghy8@5b(6~1SA%=J~P1~N~MY1LOsFZy@M-_ihj|Ro^ zuSYZ5_5hkR5j{##;jZ)w2!^cqLmcR~A_16Jo7_YQqQ5suNyf!Z-zmvbgKYw1nMR!_ zAbD0!DmRu2R87iux{ZT92S_(yI%^kauhI~^&vtUTi5;3bb5%=EHL{=gPvf~qt!DgZ zg<5bLFI4dC9aZ9|(w5Xo)xhzDO70q8;~0sJh}={?p@jx3VVg@Nv6lGBmS;$L*vk__swK(ZU{>k6#dh%$t!n>*xsmcdIqb z33*_xbu0WgBwy>6`fmw9_h-JNPl$Ci;0$s6Cs0QO4PNoo@$hJ@ALP_o&WBK(AteIT zR0#iWZQ^Y^LH0!shosEzPuvUN4SHiY(RDoh7%7Er;7Gwt+2kG(u6l)D!|=R@;S_q6 zd5SNOR_5Uyj0onsS8P&#q*p4+@kN$7wGg|>A33h z)jm3-V1p@JI0(a zrFqmPo*{f$XT9E(B*gGb?isWLyH$e$o%f$EL>j!tRQDb_^@*>!v5GPvf36$aYMZ|4 zLJ&Cqbd6m76lAW#(_Uw@X4aj-2SF$id<~0vWnhs;d)1F@4tRU*pD5rFQPxAslJIIJ znFK$nR=7oPq%bkQFGA#x6i`6B>g@FSOyb2}O?%so zhF(Kf($o!#6U~A?HEnkYjC8`AftBzm9^BtDnMwv%wHRPvE)ml8h=IDqNK`YVQ$`|Z z)~z;RZP}>rdzKR-*7=#|XlZ4L7?{S6?EXs3?kQ-7o{CJQ2x62efq6K_4^1})ZJk@K zZ4(|vEUvNtG}TxUX67Ge@rMS4gZAzm`)Jnn~^g zMf=3-i7VoBdx-;U(#Z)Ik2oDS%lbud|LncNNHGN$9zcw|eJUZg6-3fudWcKbVabi)4N?)Ri66kA<9kctY#2`vo1D|5Z z@_P-vhQ&ixAI&xXNi-~US07@cyZJfFn9L++k-PFpTRocpPAU=&#F=0n+IGN{1*LRR zarP3eVI|p@DLeJ+K$}=%`o|55IOm2B@~xgliCRqn{WrIE%9-W$$z5=pU$r@wSfz*m zWkdXn)M>Z?D-1W8u!w@l?$`m#>D)LT;<-qxN8(oO*Zfg;xfn2!$h7aeiR5VF zYLssqCZV{_eZcZ6rq}mt{u@=7IiLq><>&z!`2~SLJuDc7K9(BL5@JZwEUHhulgmGc z_)+%~YFmlLB_%qFOCSVzDcR1Tih$f@MH&$x^8H@oo;%2sI#paX5HE$1yr?+WMiRg% zg++ktJYX9}VuQIjfCCEr7^*Ziww19LqmXEF*-%fX$H+0^AVyYL)I2vaHj;1!6h3A^ z^SRJYFJTvDKUbWsv01zwhJPw9vK{&0*e{&<(?W7EDvH08D53(Z5c)&}SgBT5Yq7k16es<2-oA!PR8j~s(D#pu@u|gj6=ORcw7s z26cZ>QkUV`LBGw#y@dSp^ZgF33;jyq2zOv@LmN4e6oyf=9U9hegXr_VPzM985({1P zw>wCd~5((w(_z z(`yh1ZTjqRUmvV{?Af0v9b*zqw9(yu5d6#XUZoP=800=WpcFR1vIhtvmk!svcII2= zu+8W*OdV@C`gso7Ud*C>KZ%4janrL(=)%a*#YHF*(fJ4{!+?`xFj`BWEa_B&p z=}WOh%^K0?$k-G?Y6K#_0;!jg5~Pk`B-cE?2s}~j+|+3IGLQ2a=tP_U80ti_P=!~6 z`E<{=;%|bLzT)N5A_}(~O-qAvcT)rcuAwv9TDT`(MJy@|*I+4M`J)zfUbkAbsjv7m)^aGX399G1%a1h0*a_l0++;)L0g z%Z3bC?lNk~HG1~MC)8DU&l{UjxZa0?YfLA`D|T~~fM;1EQds{P?o+bzPW$&CLKO6^T4H{?F%9r0>+R6tkZU8M>XP0WK{ z`i~RSUpPC@rsfG%Je0>N5i4Kf#KC+I;_o2;c;1Q1>(B50{H^3~Wh`0lU)egoJeKIq zOny_d(S2_hzXR4z8o`D9&be#e)ImD0E#w%LtN5XaMap;p{)i@?vbS1vaLrWz$sJ5} zxwDO9o#_3iaISmz16n}-A4g*g-KEsku>FpDe#)our%u+tskL`pV&Fje0b)mB;%{+B zp3pO#^^q3&fUEU`@7zspPII&Gn5)d+_if7F%g44@glc+&KV}BRb;qyb|$ga~b7_xO1O!;livxh>yvc zo@aLTGuwOTezuR4JPTlg^YQE|cg^b%dNt-_S?hktG-2v7f@|HHy)j7YUcp*-E|u_| z$o6vXUipsaU8U?D>aDRUt1U3xl;{1-?H4X1$SSw@h;Su2K>fchB%rR-1XA>C_3TPi zbUE0coA(g{`PZKVBHhr+v4{HP-gr%u6ZsIi-u!{hYE}|+kqUI{0m{jH@6J>8ce&}W zZ^ZYLNL5FFM>ZX0Gq~1mIuZ6Vr8e&$QV`9oNr}&eg8Ly=uvVHNo@mgQC+nPvMl$m_Y;<#ttCY^6R8aiq1BF5@oVg(vS}n?}R-bCMbXqT}(0pVbovQo<*AV{=ujR^x1MX89uZ@MpucTB@_q8){cg)zhUk37auk!FSDvdOkoF=HO?j--g%if>oMdBv7{aZ-1pj|ndi zdqEV~;82&UUtCnTCw1-4P|hu+mWc8#U$Cf9w{07kN>MMGJ@EPOGft6aZMUOMUo)0} z(AT4)W#(r7@qHKd7Z>;a+_?HqY-clspi0P8HktA$%!|#kI)NY1w^RLqC=jOMUJbbj z^T=T$%m}wL95za79WiY{J=u6~Q?3W$RCyMyWlq39Hxdfa_=lhjRGL}k5~zfXikodu z*9LCF1bcz4Ia2%3%^)A#T23d)LgCaVd6$BYcpda$zrZZWFaRt}&)vep^nH+pxu)MC ze@%{k)U}nCuLlWw3g-<^8`K4VRWj3qy;KJi=X(Qt@)IPqd^WvHXo!`pn|ueX#bj#p z%h;!#+fJtg4rMxh@{Kk;ZQG1lzz%<(X9K%HbEl|;XB$a}pxkvqImHjrZfoQ!b)?-b z?$SdOkI%t>u}%v}yfs8eZui2#BwVRj>7R-Bh+k=8_?4?x!l>J)akoSv7 z*2{W~#*H9c<9;yLN}qtn+KLclulNajh?jQ}Q^yAr#5!G6btkG?y*78SueS@MYtzRc zD{E)EGlYOGI0wwd2e~_8q^y?Di+&p}pX)((sX1q+*E4c%ECHarSeKgAGMhBYkIt9> zMCElM;{TC%F7S0#RsPRy8c49^CKj-vt)y5nu_LBRF~}>S56-3c(kM{s1B^046_u(D z6nV9#895$~R)_qlGgj*ijGe!B>^MY2Ath;{4eyjvZJY_I7JhHC|%1m}T! z2yuMnCN(zZC9kS8n{HT9&^RT!>m>ESj1@!k52cN%mO1$?t*v4v2)6b{k6+~&zzT)S z?&ZEuP*`}wPvwnkNA#l}$EFt(t>o*!BAQ_Pcvn=fg!KQr=`kiH1zk;$zdriKN#-!f z2v$B{{7b&i**0h-YJEgBQyAU9O5}z`Kzy7)+9L|k+%$5o8!AGG9qfAV?-bB@jGSi& z96F~GqNjDH|PqRiTN%kdlw#M42%`601`(weR3k|F9i0hSUE40-+#r(tkRM?UCN zRCdxrD-FktzQ=(plgpq{5P=~_)TJ7dtpi^WalTFX9Qh;R)07KvtBp~H z4DR?*{@#uBf>DDYz)Hb-CA3z&6z#1zLbHenzi6VMox!~iwB`8)vq@)4m<8viE|b!N zqt1y=cf^|9`Sji1Wou zjuW8DsQ!n;NX*|@o2v(93QMq8ng)(oFso^xG}$ckZu$5Cg^{MA%f`TR|7BfvWt?nY zr3B&Vl3bO~3|9F)UVFtNql@m(=2-9vaoJm;7&`s*WhQCMDq=ybBHk7)_TqK+v(aQ$ z2e8Ar%Ch8aj>YIW$`4wyt;?(GXVhYc#TE^Xts}gy?RLR%;SbEt70j~|!sP_32JwZ< z0IhFVPLW}!*4!y-J1O|uf-{urHmxdbL~!>z(7bxCK{iwG8{PYdY0$SH(6aK#x{V{5 zl!54Dz`Og_EW8qJW2e#|5k%{j3!>-ya9sIZlpZg?3HRHa^}7WpL5W_|2Af!lJGGXb zp~(e3DqKYpXJ@n+82(y%;sJL-x#g?n>GF6g2cj37GDG_NU6fDKEd& z#tM6iFlp!HRT$CiS%00D+0mxuCStLb*!Hv8`g^YT7gUA^3I9bx5p_p2o+$)e zAFHzJ{*}A3xdqDZ-jy|6)7pFC(Ztw(z@ z^-JGHynKjgNOjEj2Gt%~mr3Aeh4>kgfR@YkNKWqp{OPQB<0Z5C4XcKTcTbtw(t!8u&x~w;MM$@O8$hxGJQ1#v~--gq)PJkLk z`8FeT$mDKIrHNDDl12`Jh*{!soC<|gfBzi-qE?odniSjSNrAoKO8Q96lZoEcCv!=3 z=t!x)>r$nZQS%2{;8!?&6su+p@?`U|@ZR2+P4Ly7Y2Cd$-MdJp4k&uJ48~cO-unqy zx>S53HgKQ%8LGawmc(l=U^%jp@fhQDh5D*3BG zfT(Pv2L_K23?2qE=dtVxM!3gUa=r;I7W$d1Gbo6?yxKg2N{X$Bf>5)oM zSCnd&Jv#b(*fb%0VZTuK&2!6do>opORb9aoaHiFex>Bi+!MjU!^!xr1jO1yAaE8CH z99g9j2-ySNSgn=4Kdt(3N)K=ne2RQeFZfV=-&|4j_-WK1WKZ(Faj$(@ZADQLgb441 z6LbGX@7`s64R_Q@7WOJvUOH-`Bt;mDv^jW=7kp3y^@y&ls&B#RCJZsCw2$_yN-kUS zclDhNW&iTq*#ZAF?O7A>!)>adKRRofS*Q2en7^0`a`$5lv8IamSp*M9^McC&32#G< zN80_j3qBGpU=DS9hXtP<1mg9m9w4$uo{!RKAHeHE-zaUcAZ|qGAy3ddrdG@9=6cic zdtffi!Mt%0=4S-+H*a$qwS%@ovV5HFkS9$8b#7@oXsA%9OoOv@rM15vTvM3|-mkG( zaSolm4EH-<)n-h~x3U=ewQBoo!_ZIojmBGTeJSO65hE>cS>M#GOM{YVc0Gdg#=asO z2xx?!Fj-N@S^cLn>`(V!FhUd8+ql`6iP0#Yo@OiKQ1sf=YljgZwj))qnj@QFHZ(uC z!V9h~7NM3zznPt1qra1zelaSVVYkj05#@^R{a5_G4Vl^9W)a7=vfWs>==w?JiN@og zMce*+J^ChVcCIk)y_dGz{3j6z>W9guPM-mexqA_Y`;UsQOJvW5s z7OAg(^tX;Hd{xOs@sf|%N0Thef@!JXLpn1cUjP*ue(0R^B$$Nkz7f^2i`^gferJU0 zv(3)?``)3nHQ>^T*L}wmr6Q~a2coBcVFN3=y=5PyEWfA2;aV*0p*nvHS6Wnte=~qn zr>1=+*PI3&Xp`T&Y~*4u(KXN`zaF>2gtBV^xvJ0kMt)_gNdAQ0X#_SM7@hov$h7Tt zRyWCi>`#7OmzT30nq0D-V8u88*bsScac{G|oK1H+SMw+Uqu?wU@;)%e9_j&pqW32Xg3bAby;>r| z@nF2%Kz43*Z;She6BhO^;T^T)jiXYRZAkg&*7VB0&=g|5U$SJ5K^8?Hy;XCkF}dWD znToOu)xGEN4)&wznUQ$Ru4Mtj$A|bhQ}r&W)n}zX{}Gfdn4-^ei`D0e`aDXXKhozI zeZGNl%$fhdC-ao*!H03L2`b_F34^R@KZcRrU~$IH*Ng=L;PDZ@JY78!T+3LQ%~(Ml zCgHs4+Ui8(G2Ge)%c@B<9@TWME-lea3q~|IG#(v&nKcD%x0&L~wFO9uh##h_Rl4Z! zSvvK7sxCZ#Ag(=e%^Yej@0$g|eDa%F#&JJs*JyoK*ESKbO&mXKXslzrlZlP)|E`!= z-{{oFbF0ZykYx?U@h)d}9@`al-UW0U&jl(9-5MPyXf{#v4u43^-z2)OP2Jh|4@+k< zTg!{>8vb73?*M-%GUsE7HgF_=@;Co>{<7RbQ?8h%wyVOae@n^gh<|yT-DAf_&D8J4 zL4R*SNxNT;;N@}fk~rA*)(2C6kzh_8P|*PW(X4GovHia;!EMPhKAa9#0(~F$@SJd6 zs`;RCyxuS1gf#D^dVlXar_2yjav8O}xGO_;#EMix?8 zpsx`NuWQ@NZ!}4;JnfLPOu`EidB|DVoaeyo>SG!AA(?cU=j7eyzUFu!3<9f@uJi+B-% zj6j^zEGMza)&mG%(~ZF9?Q<7I@XrgF!E3G5T*2sc>%@}Ww_82hXED+CQpyXHE&G;`>AcdBT^VdzAxpBFoo!BAOJc zLcf^~q(Tt7lN`}*YO^m*%*3iG(Noz#86x=0_rd0fQlp}^ii$Oe9~3@TWz$ykwYXhr zb(vj^$Yk?-_{d=&sJx)nAP8CvYeA@Db#PQ3}iDWd+wa*pC+c);;K! zcNi=VDdUgHSO;c$-(Y6RRi4XrFbKoaPC95;8*Qld{u|{O7eRN?i`Cj-p?w>2i6#uoeK|I zMS#&i#Bq&Q>OfS445&2P)zA(`b3cG%ZA3qn-ZEH|q$TKIjg9UEVF$BNzqx>@c!WgX z%}+5s{A>AO{X=13X{MjnGd(%2honYkSL7#+`ElK8_thn*-RH{G0`Z*uM29Jlfi^Bb z*>Gi1sUhLz*YjF1e0f6km%$a}Z7pM-x?Evb5Y~5Tt^=Xf9L3nnp=8o~33QRw^7OqO z0Ne)&>z!L?|jZaS}_s5P}g*yv_In(vl2;IPw$G3`G!PTcWKh~Dt8eSOtVBC zL8}NMx`m71Y(xO^j{_U0(R>_9JKp_aN}~psL(F?TwFPCv)p=UZSSNu(c05Q%PHd#xte+w9aPiLk8?GxCMoUeCcf`TUN-X*7aHTiTrF*% z9yD8nn&vpG$74~zll&)x$vwwgn0K>jFOJjpf=JRf4@s-O$xAyqPOIIXrgqW&$OUhA zFC#Gjq^6sIu#}fIdJ(7(@sb7A4x(l2-FA_K(RO>nsbli$)ebH1D>hk&EIv?@ZGjiIDqed+PwX&(>ge8MDBTE9WdPu10x&#w4v!qwM7_tjj@(6= zUSQRQbt82ri*b*p&Y~Cy%+*E6-T+WFYr|`8T_N-rntA=L_5! zF%l1ABWrbE>^U2n1>#Yz4cdsHQFQ_>Xip?~l%WE^gav(OCc+OU<7E z7g?$K?YV|&3p{Svm1@}OOAfQ>Fg+|Q!l-nxSz5l!uDifB>%=w4lU#{t+L~vh^|U6g z`wJKs#0@)WJpQ%efyB`@U=b|wj+Apg`F@M_CnN6Sd5)(m^fL{R%j_EpL18Z zZ&tX@=iJ5iZ5|<~UY8}q?bNsCJN(qOnWxt=<3RSV4cDO6 z$TI)vHb_5(jaD`V*kSob59L9N>@{@A5?%)^tLOssetrLx8(n5uxA?^xy2Lz+JYh=J zqNhHQTQx;rK>mTaS!R!J`dSv^9TXnBO__$8FM68m>R?@nZvg2wI;cwRA>!bUF_ayFR`k+nXy3l=!+K)p%r8&sQXfArS~zH z;MCy~d{hbkg#^(NdrJ<|YcGCrD@2s`!(wVqvk0?(4d>dUWtlxtZoSE=6;y;p$9^nF z!%&wng{8x5eaA$T{_rLeqAmf+_`gpsNl4i8myfkVxh0NRp>k^8>h5~0cULr#u&m|f zyf|#MrE8wA>Lupsw2Sh;`lc;07iPmX0A^^{u-zbSrjk|j4CdvPR&{$dkK~fSCmp2R zz#N+rO2cCp+GF(HJfh0*IHY*?|c13yN{04E3 zi|APcQMVPc_O!UB-HXIxPRqt!ZE%xrxCN2W9=yA}2 zuij;VAbfs+elfXgDV4zfv?S|5XzJoq%CA91!N0&_bE<_!H|(>%A4SPZ8eK&IvZ6{U zaJ%4_C?qKQ?VLPa!n;uMYnN>CeWJNM#>EmcXrHS(Uz^gQ*(q4AE>8QcZ9IUdhDUPA z4djBA`YpHcS$E~Yc=nrTG$ImhfxvY};)`F?dZXERlQf&GPsXXv zb*Ze4YV2xCOEnD?+HuCOeAsJKPR^((=SI)Uq2dBBu~Ef9LYo#)=dUR(`opzuf#Zj9 zAtREvQDi7YNRfVPCs+|UNYLX(Qbv>Ei?7jq$vc7WgkhkpBu(1CW063)a_@NXs$9`Y zuawZReO_nJ$TZx~Z}ybnb9)<(AXkk05u{0lGfIiAB~~Iudj&7n$fYzy0pQjaT z9M8B%&|i05p;5tK(YJY2a1aT=D4~pA?)E@jp=|=pUJQW>>Bxo%2~!^E{b%YB`wcmF zT*_W~Izh6;Hg$CD=^SGgns-)lb&w^|!h0zHcbJX+sU+-GT_p-4;iEL8$xOE3SWS7;<|; z`g5xUi2~0H)0GV|%9E9*GCL<(HodZej|y6BAM?)(Z>d})Ec;c^0_1N>)lO&5a zPGzKbMkh>9?Bf(Y=W|1m%X#5=?o$|93qcoo;i$rNIDKqII!uqPjehcel>Dd74lg{Z zVOIG4lNMQ7OHNwBlgu4tP6y3uO*#k#W&H(pAN_nm)OaHCP4`vQ4QxztP9?SY4=W(; zWOIXczfo71NPYj~8v8sCV{U!=fbwr^C_9c-R_&;iw=F zH|mbkjRn}$6PXGxf){Pm#MGL!^QuU>jY|pYm9ZVdn4}vd=d>FZNL1YdvFXL)I%C1` z0v1Yk2;GL<=L-f})!w>~X79zRziJ4g7&9R1y$p|N<<*9$-o=n07=6!h3I8CB-sBR( zSX}oQMq}Ldo~PVwqlSVD2D}b@MRb_5H~H?u9j@OIQ}51TCEDK zNdtys*DMbGY>pm2#fXBj&^jONuEn|)7(gdy zUL!YsaTxULq(@ZMXz0(;pmA0S8V|f8f@#-0?lvP<@CJ>lUz1Dzk5m<{$3fD!=&j+! zL#5PZHcujn{sF1t+vn$`&`h{sQUi1HSJaO1*dN(r^z%Hly)l<#?OH)G$fTKLxhE%D z$3|Df-a(WG65+`uUxFm~Sj`7Q$1NJ{xyA6W)r9cOIkR(%VXUHiDLXv#(!sEoqbCU?FQROl!4rGUmiL=) zF-6*{F1e&g5Fr12fxaka&RO#W#Yb0uS&CZKM+4Lj4j2)>wty6xV}JER3FnHM^$Cq5 zM_#DACw8gBtS+pkLZKuICpu~KXXH+Wmo(@S(P9~v3KLVPTcT)4B&B*yFD=T(S479e zk-C2@6}GRiYFy@;XfJ`vc>zy)Whqs)2@o2)l6NFeewi-fIU*Axs6bem@Xn$Nd){7D z%QF?GiwK-vRFUDW))2_7yMq zVxr^VO6BV-{Hqb^aKVTQiR9t+BdCGVOL4EOpn}0l;!x~}tdjlF^DGusNw$U(CLFaa zd5fm!RM^}Ba1x(fOZ~7`4Gzbryw2xJSW0F51rz4#r(Qpverokoqn~R1pv_q@p+Y}n z^;4>!V*P-XdnVK}C*bpULW4bTov_HBw@g@MEG_h?EfX%8u!2ukd-e8t%Y+X54CmVC ztrG+zsGrcoGev6A3J|X#y1wpWx(6clq(W zbwYuW!YvaD_-4LYXw@v4P{AiaEV9pACe+$zcr%{^t*Qï=zyK%{x@b(GXg%xBg ztVAF+I%?4dh7B1pSQQWFQnAPit~j-9pjFKsXcZ19_Vhe}YoS@gnmxf9PbM%;QbDM~ z9Y6!EYWP5F+~ob`uF3GA2@Qg3k>Tz32`hNkwI9hZqp*uCUU*%DL;x0scp_4CI^@or za8@nWZZr~q1jsV~9G8dV=nj&k1|DhT2&khFBuz(Bo(%{OOP(xcHUCU&e<#2s-XRP- z0p{m)eO7?^+^Oze0!(52E&=B4s?rHC>!%8;(NFU5!mt~t??oEQ3Nx)s35f34LnN|G z%r9ad)B6L`i7!0IT!~yLjvFjrt#)TOqpx~Vo6fPntv?9Jpy&ZFZ*BM!ig0T~ar(Tq zA+z|WugK0f&k3M9e(Kt`kSw|je>t{~W$ddjmGNKfn+{hz`Mgn>$izJF6T48>hsV~d z)^PMqJP_B`8KSmnmK}YJn5v*QOSz4i(8KmyS{zjbpI z$8{U1@Rj3K_^~ItIzG!I`uTWUC&BG><3ntuYi=jdR++s}P_*IP>_iqhNoz&+lw>dQ@L7=+d^!f#Kb*X~)4L0_=pS8+ zBbSK}dO_oly@`){@5=m(*BKS}6;J6vNx`w-lz&{xzq&Z(pI@5tXO1=g-+K)?qbr_2 zbmA`tQ1iFezE#3QQ1soIS)6qvE%iu_pl5XLvOJO)7kDjtRi6@~%sa`Capn<6JVQh( z7(dCbPC`G4X7j>Hv1)UxxA(b}KL^N;NYhsPz$SL4(`n+rs1tQ$IvkG&HK)_;LLW(d z1)0!k>V_wOYichEH{~ley|M>MR81n3n#A{H8zL6jh-E{O{ zGW4CJ<1vH4xg+{2JrPsZN+SM3Da*vRXcsdCrGT)83Ie9xhDW3&G%B;#^h;XJ0b!{BC5oWh})@z3* z995EKiCc{&B7i62#*Kol&70J@81onsjkF&b zbL?M$8rS1dAIp&c1;e}E*qc#$IW4MdM_sIbS2)9aZf@_0VeNI&uiM>*&*yMt6Zp?TQ#{UhX<7T1C{-EB%X%X>&i}vZZ)^I=EOPVuJ8vd$ zah+|cx* zvwFIC9$yVPe|C1}*o@Hp8@lV-3Kl^pg-4`hxTk-M(qk?yPTduM45SOu!>qXpyz%d* z^q4tgy}K60UtZz)9Fh7`jTfMQ2(F%&;RI0f_KoPFf1m1nu{2$HV{LlO&(vGrC#F6Oc_=#Loz3D48N%$ zRn?g)=XmaO>E!KiRO`Oa&WQAzy)x_$_j`-CyUMm#rV|gOnjSC6RPD=@qj=fib?&aA zj;+O5i>1q6OXaju>4{vswl~%J5;!&}Sk`RFpr7(z#{8G$zxK+XCg+A~X8=+lP1eNz zrsop$qN+%#iZ{|+PSDv~lS$sbzBrXwpDtrr(*2~Yb-$9l=_qqr>7O&)L0dbM&C$Yia8f3ChZ(@(m)0mR zrBj+z>Ss_OJ(|IS~J0?#-^pNA}8n2Hd-maMS-Rd!Jd`Qh zNk5aX+uOU-OKeTcUe8gsl|_Eke~$8d@}SskHiYDG5I9=59HaunI9!3!Ridq+9rY8h zFh5KELk@;tkPePuz!fuwIm|xCKvFM3Y*p(pKd4l%-fd*gK=AxW(x3S9`iQ8RD1J>)0{@t%hzB~8{ON{B6tfs z)*HYtZzubB`)e8>_He^^m#lKXdEw~CZZ7o(Fl~9D@nsLw#@JYQT{PAy$6)2f$# zcwgfY(hpy;=r;;uq&J;bi=Wx!(po&3x_1 z_^k`=(Y{EJ;36h~qF=o~+mGE%HA5kG#asX;Qu_+bO zW}jh~J#eoZnh{iQAAq4$XfQPx{sp!~zuG6=QciKZWWVX*Wwl64qp573U zMVBc-*xFCQCc?ViQUE?7g!AV#q*>Uoqv-77 zTdD2B03m9JVZi}!7o+*j!UC_#DHQNZ^PAOt?XQd4_ak+;UzYtnz|*%+{{;M;|9gE*j=Q2iC4U)Cy8rWYG3&2Z(gQ6WJpgA zg(i%8RhQTF6m({ld6QcWX-!)Z99_M>t7-Cbq0npEMpCN{%2YMpWJgcr05w*DZ#80; zqGqejK3H-%q0M8X533^!@35+aX0=g!vJSKa@LJ2(=9-##S@S(DRvT%mYusM1X$yhN zRb#raRc-W|Hq){@)Qz4sz*XV9DkeL+c5SuV7=_9;xm{iCH9boMTphlvV{)tYbkoyB zxO#l6$LMjDqp01{Pw}gk3EmTvoTw@$IY&-LYa%B`t&ssPsQpkiri1wmF}!K|ZZHLN z@l)L{N{BY0vocHK8!Dsw?fq#@uq9Elc^Whli)P3lxmgFiwW@A}m2}At@M&1^A4><; z>~zVKUdfYCq}TLvg3ZPBl!v?$=G2~y|4fFx#USIhu-Iv zJm{5hRO~sg>6H<&IeN&nX;HGTxN|{a(q|%#^LE zlCD$<6A)EB>XjTw4RobTHh2@aTziUWLQM}GJB5Jk%Qz;Z=VrbbRfgCrPVPR7iE*k|B^;BzaNRI#R8)LY#@UQfXJB&4sOY<(sm< zrOSnN=z(8h=2xNN(pS^~@boOUU#^FCL?y2(&=z)Q#qq)NHp9lVNH?paNQia?Ovol^ zU26TaBYH@YLA&~yMcCPlWucW0?BX#iJmpkS8!1w)Wdj2#n0B}=38Y|~3)Dv64KQnv z`d(uL(QEH6(145$$4-y2dBzKmDWS|2*)n&40aaibz}2q!%t~UHH>NdLv*TO2lsFS) zotIAZcw;PcJTtQM%Z7*cfdSSKG`JV+z@Nj0$IJ#dnPd_>Qcar^-kKaUjj4!L2+Y#k z*rAA2f(!AOMKE87r=};{ImMLN-sI2-kymDnS|t^mpWJRcN-)f9`4p$SXZ#kSR3+yX z8IF8ANHn^p^i%Kx^ZSqy802 zw#HmW;D*yni@m!n;te7SjTlmiC$yLhTa?`kK0xnV;wtC>scG_gaB(gOoctM&txe{=!*Jki&DVgZZ1eaH& zf;p@_)}?~0tEp3znkk%#GqtPfaz`xpS`Juns_;gShdm)W$rW%FwXb^bXA%0FR#eXC6mnxI6cnh zc(4zC&#%r7oylgj>WypH=m+u8==rro3NEO~2L3oRJEmvYp*z2xNaJUd&2rlt=S4Ljj2l)vz67hmt?spw_%m#1D zgXxJc@ay@vx$nsMm)pibD~k z6RfG=n9drzzs^8@nDOoLWl;3+iMfSPva~Q+Wv2bf(rL`YZb}R9 zXaHK97aon~y~wLOS8n3j&ghum#gVT?vn;Yz4R^}XXs<$i7%@xwm!p5)4J4r*WS3C? zYa%aCUUf%3@bJ9v^5hdm=f7)I0q@J_yRe4{8-1R_>XKKzk#icEbb-?JGYcT z)HydvzS}^~hcEY%H+Jb~6C?fdDacu&HnzAQZpr#<-7*Rl3xciJ^mu{;5vhBX8{b`E z!ff`_i8mMrYG%5uJGF76qBDv8>9Qx&i36FkE$OPxbZAFLQhsr|92Hf4ak{E6UCzv3 zJ2vIdEzMLtl`aPf3t^gGMY?KdrhH4rpAVOu50^BePWv088(&a=*j!3ymq0b5N~ozA zS}7r@4#Ih&mY` zRax7OHg#i)IZ>ia-V)fISV?SL!_=yE^HOk=Lfx8`YC1eV5*xg-%|b|*M33^#SWvSJ zO8Xy28~XO#@apoaB<-fl`!#Sp|7(WBj#O2Ll+)ZOl=ja7=kwhV>_AhOE~kMXukrk^ zsCyj;gTgmQ-;dP8X6!?EifM=ith+q<)&3Fu?BVB$qJejcojfu6$P=XNZNAy{Dn0lH z32z!fcZvjzfpBXPswZd17!CAV;i8#zz=SxL?FVF^U?F1|7NqX&Vu>Isu@Q!5RHKbv zwwucDPbFT>ls%jYz6Nt}dRb{(ZQPRr8Xq|>Bc(5)tl?Y=T7||+T_RyWv5hXI%Q>j^ z8^gP)yU#>F%3(-QvQ;}4z6~Xhl{>VN{23q-+(U3FfO!e6foga|NB$y*!;R5u+@fZw zbiohuZqq`lb33o$ST!hl`vKnF61{U5BAgv3jRytfg)V&^p>CZ5E12MGDIl!mlzMewdp{ zY{(Q&$KWVHSet|BaIp@I(El1Ga&zuC&*jZIJ>}?vP=xcU zhzIV*8*v5gOvGaQIM3goVr}McijGIEWoJxJLi}lZV_fpv6L<-O`>1V7$Kw6lcp7iI z=I#E2IFPBs)yq2;Z9j7J3r#x`ojVG{;1*K2bR_BOjFe>LkxCM=AJEw|qNF>Vb>Wo9 zb7>AKCh@qEjCTpH9*KvtTwP~aT`x85N_Zt3*JAq%r?IgCrT5b~oxghoOwh;$8HB-F zmXH@U_#$;cW)VN8;p&@uIE=v-RdPK~ zNu~957k)kw{Yw0jVAi z&StY{Vq#M`%0KNP&H^aWk_*|pFXs4nnrAqzFuY(y_*FD_PlX>F@V9loB<|NhC;Ho( zb{*;4DPjLH7d%hFk6G{&dfn@S=j*-oVSbx-9?8m5pIbV2Q&8(dy_-U&X~&U%%QO01 zCyz&d%Obru-^XuL&ymjZ)ux!{HiD*ypB~8of^Hc@H!HyJv1HHl&S{Cd#eaxV`*`1k z)Rh~@v(d>4PAM4*i6B(E%`Yt4k?7b_w76Zh#OXWw#t)_!42%oX_b7cdDbdk0vbcM( zos`e7;4vy-{nn!PP{C0_sHVgf6e@?BKU@wW$K?=S;v6HCL+u{@vmK-SZk zjqo)IZ@bFI56{uRI8K6u2?}Ao8==Sk+=aDBN?=f$y<74Z%~sRit&)Wv(9b$=$|mhS z^6T3wnnP#7t&fZ)mlxdm$Xq?q#Ig^`uYaeD;FM9*{=&vBe|DyE<{vwxU>?FmJ-ajY z(X!{=&`J$#WOU)eYc5gA<|Y=coN-;sN6bK&;?$FUM<9xXbJ;IUe)|NrUf^}}t-a>s z!Pdt!7P$qm_QuR1hYMX1hpr}cg(}fn8fNJh#3vjxbjH(cmOtbD>|foCmu8EKy{S9} z{*+E{E&W?ifGB}ZJzdg)*I8CGvKrZxF4^RjXg68b=1u*H6d!{MqbcjsQ@Xv9?sQ2P zM{ZJ0{Uf9iznAvtUm`t4I)ATZuXN@lDZxubbauRNyzxjNG>>Z9pwOQ3xy3Fjx{%Dw zKJH7`;4Xe~5oxuD8x);7COi8^Xe5O@R@Bi8&(IA{|GNA)BA=q8<8-Ibh#E&>N23zV z{3N=4bv*eWRPr-#AFkx1x8+Kn=1RUZPIqX@=fx$XZ1L;n@`r3y$5OJcmOmu*x@!I^ z`K#cMRxw-;fv?kx>->K6ciiPo*(ag7bN5IOY@+w=j7F67*ZJ$}HoZ_+vaXJ~ zn{5sjP*XZmToW*ny^2%lqK;J4dbZ8?jcV*oX^^aI$eh;M__G+@VbT2$CJWq$ZAVA@ zes|zc^~?46oou}~cd#>bs9&xhwd#oQK=j*RWWDZi&X+#O`sI4W!iW0hy34|b_~m*B z>yxz=mha`LVU-<4e%D~wjwtQI-ai=jLR3ST)8R+ka4MAVm+LY2jndTl<+|6t%`ewa z-=96Gwv+l|zg&%M)kLqJsxy3?S9X56en``Dez|JE!QuUK`S)vue>lHf-=PbJ^~)uB z)%M;wxxo2nnBD(&P7MWSN+hdk7x%%jG0e%+~I3!7Z$dib>`+@;I2ogt5F@ zqthAq+u+<8wHyltgkN0kHlU+xPPTNVWV8gkqYs=xNKokA)lXhDuPoNOykJ&wx@?aY zC0cx-x98#ylWUz!IcqGs6~(YN;oJw&6`pw#RT(I?$X{vs?aW7d68hF@)h@gy4zE^r zOmC!+iwe#ZkgJ3Y2bDI`_rCWn0GmN?WgJ`q&B8q7q9R8I z@;CNlPN?Vgav}P_Y4kGdno;z!e3z(~%>>YTxp0=PJO{ftABb$nrVFpEPLKI2YtAoB z(n<7Om%a}WnBSKQFDw(6QMtQaFkU<2@gce7QMO=^gp??{S%?Co&Dxjo!qMNJJY=Xb zju>h`VW{;kbqT&ST!J4e!Br%P-v56OU2)d1SVOh2TCzgUtc7V9EV1op+q-y(Ob3nN zz38k_ITipbl6P#}nmvzOvkYgeo#We#zY{(z3h-m!V%&>O>6#!f{a1JvY81IGcOH)S zM&}Wh_5AQ@vMJrEmd>e3L{Pe~S>f+=;o2)RLYqRk9J@5NR{}6eY~4@A+N45@psf|W zW{`@@4jR00YODG?Job5ejD8R3jXu~T|Arl4cT+i9sH8bH^Q?;?=_f7HIc$k_B}i0? zPKDPrKuD1s85l5243P(PcAe1@J)8~y0^zCfmn+1L@TyGKXmvKOUU~3(?5bnWrJ6VM zDbmZ%jM8TOJyG#?G27%4T?7()G(%zQlA^gM!L|c(Y{orC$aO58YLmBaUtZvZvEmSIeK-zykR*Q_|>%1c3b- z-p!xc-Y8TE{_l=*gklW8pjZq)g5itU@&rPZkijZJ$>pE;GviXTRsHH)r<6)AX`<)+ z)=4B_4W>3s_h0JVg-4_b&6T(oJCSlVw14nE8Kybq&Ap&G>(1;=b7v-RYD%@xrLrcf z>GhPCYI<{6cV_nw=gzE5b)H0N(fh2ZP8JMtA+b9%;UVYFtd@_01fGaD2)aPEcGw74OONiCqN5uFOgV`RbG9%4~1+X}UF!0NlHwM!gRZqAm!d_rol|%!`?z zvKOUdRcr5RzSc`N(tGDwqntaS+B+EXL8}sI4&c$dQox;VR0-ya36ejvf#_2VGI$56 zD+x1yX4)`K2a~#3Wf)_^wHXwdT(S>>Fvn&u@uGHY`~m*Vq!^b!GjpwUo#vUq8QqvH z4*72tQ8|mUD78Vd*ig`tOSsnoBH6}Nwlr$KT|UhOACktqWTw-(y@=r?4EV#lHIv(x z*m>FUSWALJjaNBcOW}8?g1FUWjt+37P!R=+Xu3~RlO}>)ad591^|`E5GvQe*HL=tC zoI#_mPleZyZ$Rl`RuxzYs?=Y;TjBSNUnKncv4uygRrr0P0$DX&IEW|dRVY&?*l=Wf`l9b!N+o68S z{`oz+a|J(TC(BRS$&0MWB`2@oDHm3BhuQ#_TPeu={qj>5z5OJ`%1haOsiyn!Que0v zQuYb!RHGU5Qf6!-eHu*CcxUqKbeRq2 z0_zaRC!LcFb4jK->PLT{9VJJ}+eLE8lh(54vFgdNo^|#r&8bev(}XfRCg4d6cO(3hy_d;GnLDr}@B)x@evbb4?wka)FX5uG# zErNJ8UEwK*=5d(hqfsKJ-$A8-W}cs&Ah2R1-`&v)_bGu`qyIbl3`}IP3NV1EKyt3dz@Vc_d6CP8^pa<~#n!$OdkzaL&rq%`s<9F1d?+fvEVw0|UK3 z)7!uO@KD)vu5`%q@giqsI}$nBGV84D2(>CacB(x_FXW+Wf3oF(CLowv0cOz>PMou{ z2Veq{JtM4Z%^$6P|fdGN&PUJvwVSWrt^edNAze=)HuI7YS#d!2=n+&PbE9 zvhB=&=2R!SWU7@m^~WdB7v`+20@*!UJ1Ngunc9(D(ubjb&RJRI4-V(7%+)1lWomcS zgOXPB&o**vFU~nCV@0CKPgA!d+w&qTM7D~Y9!Hu#sW@j1k)?`!PaN5#oT0o2n-?VJ zqOAZMy#oRlYr*@OC|Nm15)}J9BghKb^UnB+GEfwejVo|S`6swItDMMg7xhp#n0MRV zSr=!ch|9S+Q$0BsXG1IfcU_#VhbH4nWPop-nsssZW8$2PGgpILoT+7px;V2+{qSZY zvo6k1tNGI>%+*i5ezZk7p;kXN`e9`|eFD3k(KQ7In_;WmY5Pwcq)?u8RZB=8tZYR zb8dD7*8(~>VZ`(+L3a80-5=&TH)}YaQi7rv-#D5F>jGV(^%JPfIXBbHkhf3-(!V`E zJ3qZhsx@`|)U}-`_V~<1%}-p?(<*QVotq_&%5!dZknbXX<*|ueFPK%wJU2KIP`!}wR2Y5ukdQ2;G=?4z) z+^qL?hXQ{_?A&ZM`_C&hIrV;LIFDu%&7)aUc@`f%!pBm>$3O9#=h5s_!=?GZq={Bm z#2(GQV3j+MX4lcHLp_>(?KYDG-^a2i%na|*?1mLyaM4OF0y$S4%xLR7D(kOnVOm$iv(AT&&8%*NofPyoGLE9Zz3ou>piS!}|MyHJ6(Z}PXzl(i zs=8D6l50RZ-c)-(Z>FYo7WB~_W7WN_)nuZ>B!V>{n5BXvP}gB@jE0Zfcb3m5m&fJK z{;c8@hXhmYl%=aVNq9b%F1(7DL?bPVjE733UDHy|X?IeREPo>N0RsWI0;r7o1${YhlWEP_~s^_MVq11M8ul{*z zeum}__Uh_CrB}@(phn8)piRT(&S>(x9GT|ESKja$+Mpqu4S$yYP0+M>C*(;scVdXX zcj8+kc5n>;xyJ9c;2?%$_8=T(4vwL87BiNinE7+Tv4|DS7<7U zIr^~`0;1VMhHemsHDd9a0-QMoAZm)itWddw(9C+)GAmE=d-i;xt~%EfJRYIYn4u&IC@RhgT5 zzEf#A?SCp@7gga*OQ94jU{(4Bg;yw?=_$S&!>RHK$E=jH2{#p`I|o?jZ2sc2b%Pzd z7_iw7bTWc=T)nnzLog-q?go1%T}1EJLgw)O?Ug2zS;<8;V zjnQv`sBYlVWb;YGb#e7z7k8nH9&TJx{E_S_KaBwf1n$lTKD}An)D_!~u9(8M>B>L0tv&tL3e-Dul_A=_*XwLZms_s0@ z@OAw+{P1;g`F&f$y3hLd6xX-nLv*1e80fl9^nm|;9=V|zpPP1v`!yo1d;Iw5b9{y$ zx4H~LN{CzuJv{R9f{Li6lCY@dDA!j9O(`0lBAO$R+>w@ZLvtu!kdTictr2=KGTew& z5pn~}DnK1+QnN;^g+nuN3G=@gji8t6)^_Cg=^c(G?~FD=)pW5NxoBMuL|;Gte`=qi z@Y@|t9XGU31vzRj^`az3bp^}HaV3WxtSH*V&CQ$AY|t+pAHRNrTq0Pk3_o6p zX1y{y=E>bg5Mo~EvR;vy#B0$l;L-8R!I5Os2#xp%n^gG}b08X}b?(2%7#-a10PR~% zgm#`=EMDz=%jwX@jC1|L1mKbnofKV)2E$l5j|Wqu_~t4Awy|}h!g5oifrx<$Y$T>W zSugz$;G1u+QP{HDMu!cfuYdyiib<{QCr)}7 z4BEM>(#;UDd7RwF==#dkTJU9B6^zpJB}WX-?6x(Pfv`i`gJp^t7;`DyO%FpP$KBC( zEmLD@ouU12kcf@)*P=$2X#(${8Ekm)4lCHssQ6C+l^$F>pEwB6^QH~>BLR8~eElZ? zx*J@?N{N^UwvPA@VCRr7`%i#SV<3oq?TkjF)zvbEe#5n0^bl*S|E8Y$hru=ULdZEL zoe#$V{ZW+t=Ovvo14!d5D~Y`g-Kenh7K7{03&OW-scW7gV`90Pp_?ge6c`Ndt?czy zn6UC8*~t@_XBwF*)K#@v86akAb;%M^zB+l#4*cuBh(La$r9ex(e1+%2RO`j4g?T(A3 zAew9oa#e0^9PRYppRBvI?o&8yE6LV2=K|eLJ(uhpriD$R$v0anb`I`%^KAw4BNL27 zjyh$FcUu45;&XD?;Z1x4M|g4!gohp(&i7P!6Z_4WerKu9kyu!9E^MU2!tt$^AD?GhFcxs{U(so*%Y>{aWGp?c-7aXm=WPJC(HNKecu^{Vz}BM9}X zUUu-5KaD?(v2xB>^(=;$RoimG{*A>Jj2p?PP_oY{l}A3iYELcoCgT5Zi&yn1+IrkB zUK$(l8{%2Cj-I+hJ%%gK%)Vsl5$soVCrfAIlVC;<8wIP^RL~gCo(%T9+#hX61 zL0yF6BFwrt~EaCFp-+G830o9(XLdc`HES0qN%^@Y_ z9O$j6%y*!7SzN5Vkm5ykX7vmV@(Sh7MY@tsH@2-W66^F`^`N`B37(Ip(i_wTyx>H;%>AXq{0?ru;Q?t@uKP zk*GPLOf_{5kk<QulUYV75yp40>=Q#}dhBiSfZJ(=cL z@J?7gndXyb3d+KIt4W>+KbQ)>%tLMmze*-*<5q9p$@FEybbI$#wWWe1W@qA)b=1Q| zp#5t+4y4!;{%G9=1C6EJeAR)9N}JzsHnGoktstE_vX*bQ_v`FOwJK(}mDr+hK0B1T z3VZp?_4w=am}`6``{6JQW>2@`H1hu!U^ZG@sky^`K#uyfDFM6&U>Rfe1K_} zzxh%qwk%Hb*3zjd#H@%+caX&T{wThf2Fez>jd*y=I^zW>@|Qo z-QVbrvTudI^I;KZ5aB=R!lm2wO`T=u*lQIfj|s3HX@C9juLx<{exx5xS5&9adZ$2d(o#sV0m=1gHjK<=2MaLcRcpsCLE@Urqr`?sGG0*9B zWgR^2t_tHU9epPZ$s&l{fp-Cuci>&{=U1~|2Kw&IyBg?@n5%91XWpw1pGgRFnS`ss zWAAl~_Z_Ahq2A>X;s=ktXUWf6p9fZVF1>ot(q~V;e~AD_+*LfHyBFKZcfB8S@*M&l z^#Q0YzNosbfJ6fn>s57mYk1|TGwVgaJ6-+)45M46;?bDLl-KZ+vP|FiGByfy_8?u( zX+C!egx?-1YOR7*q>g&x{g$^hu2wBwzXiANv&XZ{lAh&$K$QX2AbJj}Q zOxLD*wp>ku+Bc6St{C1KD+pyy%tETkFvFyng%Ob{$Uv>xQi^759xC@qrpp(ie>MML zxi7$-yz?X14WmTqQOx#@)@J7PUk+B?>g#MT(UInV+3P4uY}Mmj@y{HKCoc2EieE8K z0X@T#pOrn=C+tjQ5=d(9o;kE2_h%BXawh|;d2*Q7S{zkyYe8?i><#=qJ;cQf4`dS0 zX3C$gvozdcumgj$bQ$M@v?Fv4o;Dv;T9h)Zx~k1{uJe7n9{1UqvN!NK^)#hCZ83mO z`5V%SEnfKpQW_+0-$NufGQXU{iAyHI!o?ikCbp85<(x+~wRpiY%ZS-?siNKr>S1Qc zlwk$$E+zm)3yGVbht{DBzhF*1S7pqlzRfI6cT{kHMy)sIQqRMigbX5PO9374k)?y1 za87(pO{(h2R5@oP`SP!+@v=oso-^MYcj>}(a78IDPSe3vV^d|nN&8onrv0l}LVl_O z&l8obVpHX~eCEq;C84%}+OpNBs-8%d=Vdy-mMbDWoOyLs;I69zzj>Lm{IYc4Zq2fdX&u<@3EO&tF(5&x3Mr*hzFX#n&9JpUo-Xt6XSWkO@vlAV~W+ zh^q0SCMnCmLI}#}n6}@MW|d?FkM9;7LcZdLh_)gmNXVJqW8`kr)fiH5V0)<%b`8dz z4`h>KH-zk)9W@m45b2CO@w@mW#9Vb zxy4mkO;$RMYcXCUMLLi-gUE`;ZKZHwp^c!Z-^v6-xSf1frQxR74P2{_B56fGt*BKN zhHF|lpm2%m!;YVL!6guGQO6^>weg_!ul8}7w@krnmzbyhN2A-#vFYAuoAyMp zC$geiYV5HsdccKNxX?--m=lz0K6JMzd=NA8VfQ7(!NN_KIehOPjMsRNWTFT@`-IYL}9z3kQvs37Hk6s25Cy@Z3noiUO# zWSPdq6Z=fYCYBMoi5+7I87t)`_L-lC+nhvpkWL+X0tg;66d9ZB#w4wvo)$vuxc(kq^Rlw5+uKRYtS}n32(z&CZnXE zw#D`h%?hzoQL;wA5ps{^Nt$qwQTicGI8swX7H;RXN%-_EDd{^hKWNGcVu!;zxCkBpW2G!AzUDnlPf)rEy zMU|<-5q1++Y@1a06&4EILgimw%C5%PRN=?jZg`UKODpimU70C7Z)^%T?>J1yH^)qL z9?O?zQT1B%g~$-YqFa=pvG*SCCjcvEpnni9a@J6;4~O6aQ>NG!YIs}>nnC5`f>63L zHi9}3y=ix9Tx8pC>B5VadSlF0yv8x?i94%iaI@Hq6$GzjOxgf}95XnGOc!!mbY962f;@Gj47z`eYb1O!itkVH9Ey^ww z;ng4|6MU&MzR_OG&oY_Xvu(c}AMQ2rwNZp;%AQGAZT7~s3UvIi(=+d+gNid%>v7)c zM)r+3U%#|8UDcHyw@NT){4a4-gc_?hrN`YNaB;&9m9)C#)Pi3ZG*#+6-K5jTB1I!G zH)ffLAhCl+pgV;d3yE1OKFDhPKSRYfX*)vJMg+86YqvFI`IMaZeE2yVXX0K0)PZO6 z(vUG_7UOv^+Aev_AXi+5+|&tdJ@W&w^nbmLCN(BNJ|fWaNLaiO$Up|o}uAZ^q3$D_LQA{fJ2 z6WGWAozF1oPt>uWFbJ=?82ezsPd&W2VXLY9vp;I z)o!i|=uoT2#W1SL*!(KuW{{$L7x)+SrwV8eT)HzJxT?7 zO(cde<2Ab>5cy`PV!nt+F0+(M;N)nV9@tKB!3}TGI!o&|wO@$trjuo`HkA0W)Vvo= z*t}(;i(UMbBmNlsISFP63&%<`HxK6eVgDctpUEiikqMzmFIg7;T9iT=0~u7uWPo!# z-lB0ad}bjIB@7j#{#Y`g`eDdGq4{L6ksB_AD46$h?pk!jSfLxeTObf&Dc@?JCKx>N z*?`z-bTBMP`R4`14D<0~>T$+Kn~moyJ~84ZfIEZO3$ z8^w%NaHvI0JLdFz5U^L)jYeDgw|MhZbewn$t;}k|@TVA)u@*So4Wo2rXb2uh|Ixum znsq)`NAQ+m;+<>`D7bTCuA(N}tvRscdCE08oUg~Y4(yffO-W3SN! z?J)#l1vvBG7FO$lpBVdUt!_sn7U}ZCmTrNP6=Xlkx=S+bd3iGI*Q%Xxi_QjD6HM2fZajh}aif%!Ac!0i zJ-FqP@23$nn8gr1lDF^Un>lPI2OqhSh29ZVj&r@b4Ulq65K-=GE-cUzv<;T#I8Mge;j7l1WC@nvjAZ__U=%C!OJ8I@42#p}8U)9wRH$CIP zIcVq@IEap>yF+bZlA(jj&iQ3$F<`N};H!BoBp-r7DR6gmL|lE)x^6{b?iUoP$8E1Q; zxy$tmPowTds$tBh5exvYfpenV2~{YQh1PjWKIUV9AyDRX578<3^-sEN-ykDqXP+zh z)K7%PjMz&!X(_P9xs<#KLq6_)whk?`>@lzE4No^OG>-)p^mwTrL36k2sp`p;>$VuD zV9)L`M-~;O%k3%w%azr+tB2EE#)1B`keR1Zt{S zVIggqQe41VeOhHUmC)-_8S;H%e5JSmlAczRO=Z}&vJ5hx7+)zas3nzjwWtuBy26zu znm}IgNTn3@q?}8tb)<4cYQWF8RK)m7F{^=;(#3YEEKv{&b*8ccSJphlKvK+_PpXC4 zREu({ie0LOq?(`F*jWqaGJb!i5XMo7KNHMfm}=T`HiE1XS-cb&=Xy9^0tBsX0%me+ zm$lJ-Wd&jD+ze|6im)CGS`74YCP?E!9vNeq<%`!I4)Sr$D=pA{OyYD{DuY?OtFQws&~27W+C_7%+KRx4loaWs1w-4&H^_Q zklVs`?E*8=F(yukdt7_5U?S0Jx)ZE5D3}zbM92HFTp{O`!RJvf<7r9N`?D*Mce<65 zxWFNb^0mugyA2zn`*sSx1F5}R5I1W`ncDk=JT%NeoH?dAJrTbscV;w)r6<0Yo_Kp^ ztYn@NYH^|Q)yEZ$o47DJXsJ-GxFA!FLGxUD+&Ws>DQ2|g4bCX`@UtC!vY6*9>4{IL zCqAiwDO`o}eV4?)$7M0|&;7NHcdP8?S}WV6Fv?zPW#2&ij!DK)3TH8t+H{YhG)%e+ znhi=ek4IY=09mrP2FQ{CP+SZOA_tIX*P!L51Fq9ec{7!iRs4B>~YcOH&7R?*kb$-XYZPctKpR7b^VR_NpN}tkff? z+q8Q~AcYzi3V%EY%sDrh95!~L&;$xjW)VRh--n7n&>^ME{((5zPUMx|??U&v&}``i z4wB-brMvdqRilhG1mXg!T;U2>$%8<~C9Exb-JG3dBoyJeRzP>SwAz#=lmS}{&_$26 z4&8OtRzcpjQS_+`+^(znlb>B|qfWQLl`t-@p|YE}Sdc*|69t_3@AFFfy^;g07|b$z zkIY-WiKs0f#qlPV+1TYN49n~|49o0CxlJgx%-(}QR64P|tt)T-6IxxJCC zyh$LlN4xHE1WhaN9NZV-Fg24zk1}w=vY7Y&_+9f#SNzVL(%cch)3eR{;&&vv<|uxL za+-_PA9hj`r)s>Tujr=dO?Uigbk=67N7XFsY9VtV+OJjH;PM*b0RJ0ng?>|kql}S~ z%DF&}C3a@bL;YwQI}{%rRDS6!f1;atmPG{p<5bCHmL{Cgq1vx!qt5LynCQPB&%yUG z!3R`>ASSxVEU2WJr)gQuyn*$nxX~U2D^Edh8f8Jofli@QI{4kuYnv3Z%3)SVK%(af zaVVAE;y0)<4g)o~G``^$Upb(M)9Da7R4qR&F8hbUWuve*s3_(F5=caoPn&wyr1qdi zWaeSSeRp=|LRu6lvFXT4Tm_OXm&Qjb@j40?H7rxsS!WyIZUdIZR*H)Zwcb*z{c9PSNRzq`Y*u*v z7Yh{UU(2xMa^?R=+`GV6SzLSn3E`4daVMf}ELB2{3gy@nsLYNLWpAV9!dKvXU&0WUlua#56k7xMr9 z);xP>2LkQe^M3wsKA-I8d1ltkteIJ}X3fl+wdBm0&Z+VuC6FJ>>3`E=Aj-W(l!ZSF3N)e2^BA{~|RPj?MQ9Tk2CpIKTs^Yqy z4L&0n7m6gBwiF+JT{LaG!ogZM{{>YXHnHDd|EgZ03k))~+WFm6A|&Gx1)JytF}7fv zgPRfgI@2@6+@T6V-OpC-jIZl%xh_-K@Ed>F&2s;DuTe0Y;o@Nlh-r2%t822Kh%7mo zdB{V`no+_vfDx>tU%`9g_8cVo%~G9I_j21J2L+r>(wDT3ci-mt$5^GjE+!6N-m*uK z9w^a*26h|+dm0)ks70`vWniX;O@yOBoZoUEg4Hj}+r6xhM?{vYeKgXfoiOy3=qU%x zb*`*yk^RukY)l*daqJ`?wlQvH3|wF+n*ZAIMX{kid(Va>PJu=Ew8MPb!AnqoZZ<%f z`pPLt)pdYwE?5fI^}Gtqnkv{7umL~d>(Hzf#PXikSv2Yl8gk;0XwLOT-hi(|y$g&D zAdyGoGdKsHP5Vw95zYBt3DMB;0^=rZ4(LD`R_c$NX*^T_aFq2Cg$7$t^9T81T z5Y%Ep<@ECg00jfFLFHDPIn4Y6R4i{e*=Svd%T*`g4<(fZr1DD8B<2i2@qJfVbual*k~l1b{hcEKA{=k&PH=Yw^%Zf z{S%rH>P=sL)oM&9)EZW0oW;v%ikHI%;Q%%@hzXwEQMT30lD0gJnth4>x z;A)PR8w>*Z>2qh1j=tWDnLUOK0)wP*mFE>~m6tzA41&W+fmeWTr?F><$p{6%e5|BW z{w{_+WIdiDD|5mJfDzU*b+OQ83x!(5h8~32)UWc#2enZQy9RF9orp?6F2n1^UJNfB zmyV))FD@jYk$_e-2u499w+~^TYjrO~DybCE;qo#0GGp->!nXBdH|PLuz!^_8dwt-9 zkd2vG!HdC>CEG92>=!aO#G7OCV!9^Ee)zCY#|GkfJO1gY{6G(5uYVx-qT+WIM&rB> z8&eb;co(#C7qrW6>9Fx7k%3oJy#B|F>9%N~V4m-5Yeg)9ZC-7gOG4}4ZO$ZIPO`?hK zvTedHNaC7_Y>-3~5%x>g@%cUWOPE2v&VI@IkzUUCWyHwDxZG(D~A^x_W_ODqW9($&HE__CM-2Rt18lFvEOc z-4cB{Dcu_uoTNNt2?jpapahBk5n9ps7ZJT2W_V#|2gNeG35r6PVh@xtz$#!2eAWtx z#&0T##&7i~NSP5+DhKIGG|)Of8XrG78lTRd$ujjUJ1O%l$IE9hg0yF{&_W-YZK0?V z#_#I3XR^Q=D|>n1u}hs9;D<(PqHYGs*mh=E1givNYKe!0wp>7KM>=TDID6$8yTmP? z4jY)!Sz+2H%Q^t9v7~CNU2zZQzuN!VOXQU3bM1e1Uu$X+mbup4SLW85-Z6ZJ&EhyO z?K2GNMoSz`725NW7^4*pTiQGeyHi6QF%|DTx)O5&FtINt&;tEz&Y%QV`%BH(E zSL3&!O*58T+Gyrv9;zPlZ{8r%>CpOR+j48Ka{@%aTHac90h*HfyDUJor|S8mg6eT^mmATp<4#Z4%%|tsZA(sB1dF5d z*#H*}IK2i(2jhm&zD14}q`#m8?5%3t5C1!j$oCqpou7F)MVEdRm!|^*t^RcZ4szlV zp3MJ5{yqLn`6owK2XUAmO9%c7`G@*ood5rLc?(_L-OJmF)&FZRZ|{uZe)v(mygfBm zw$(fRPOoP#Z#yi!yO*~YEv%cDx8YA8m-X~0$XG{?w~sU%?o+$Mw)@jvSh6c@r+*1y z0p%Pl?e68R&3&_=Lu;d|+23T}=H>0B#=I;O0iSN8yui!bqg>JOLu-1;*uIx=Uf!Od zYO9IBv?TF|65QqG zZBDgD#>p;hp{(qPD<;2F9bDY~i!3@MAF43nYpb?TuE)?*paOE-X}l&MQE9gLM7MjV z|45PIQDuJJZ2!tv}QTPDs#0OYpbjp=NEdFt*wx3qF@rP{sXZiB!GIN07 zf1@0VMnhevWZS}fh}poPd-$hZAFsH+FQPTyH8W)W%*!QQk_xMa#9SZ5_=bo$SQ z9Y1BfJ@=ZC2$CKr$Q2adjBFdjbZ2g+qo%+V4}PX-hiP7 zj<&!Q%A))_9kZIGhs{GmL$!UVZG6G|ymMxgU3t81?<4lA^KUpfDw;g+_N94r#xqY| zBYi*in(l6tMUXmMn%ObyIqI#@A6Ix-&}eMUNnY6St^)BVV%H4BcEJ@Nr8ZYyJGUT7waa4l%_&dEDpi$<;2ADbKh*O ziJnrGThKrf^;OzwnR2Ak|4z5ijmnm<1YdGmR>PB#R77anp82v7N*>7LH|!e)eJKzB z{`1uhn6YW?jqVQ}(4aoMe&1vaasp$-G7FeUQgX4abB3>J|GcJBmdmhJ{}4HYuMiKm zSK5B3X8fvKb8;e0j`ASZ;h)OT#Aqwfxj>r-F)^`d;=*RenX$EmJcvO+Co?pS%^uH- z($;+m-$;3Uq&)sA~Pb5qJ>GKrK}Jkj6YhT!4Kk*q6oM zFb`rkJTr;`sAgeF+Swdme$V|UtBUgqt9tEJ}w4{V?F7q zHRH=>t7>k(@h4l4EFC14m5Q%+@rJ+%>(z%!$upLGc#v3^foU>jBSbi!3`kfGt|Z2U z_pdg`VoLy&W3dDFy#I@(#8-U{R}YOoj>QfHj>Uv34X@nIvDozu##xic=R}ibgN1~e$nyLq^bm~6y~r>c^1QV%2Ld<>jrGNb9LnI zl}d?wvBhZqh3Y0*j~hYZUJMEo&k4p#===A8Pin-}enh&!zs8S?)P8JtdC5NiO3&yW zxuMVMQum(E`!&Hkz1wH{MGEg-98LD=PjEEZ|2!V9nG?%wd?X&SHqh3%F%JK#FllO< z5az8}+J2hFce4M2zjk9J03ig-5F>fv=|Fz8j`uLA3HEKvX>XEU-8~t@nPm4U*}|TZ zp>d$m&FB-|x5>e!@sdKm7*`HeE1)|h$Y&XdO~%1glW<%+#cw(*E9%x)UgaE>Ex~Zq zBL3&|Up;+wc>@^j`Xcj;8_;fee#-gxdjO;(N%kr-M(8&GmdjHP%bZ)R_}2E@@kEMJ zoN9p3rlG~*$0Bg@3cpD&?zk3UW5214%$Kos_M!o-+0D-{zKskyT_m)W+^;&=F0UlYii z{gh|&qRC5w41v`>>*nEkS*vUG1(hRga@(-00Jhfrc{7|Wx}H=R zXfxiLb}z;d6snUbQ?t_n2P2N1azR$aEF?Eg{_p^1gJ9whnU+fO=VIz9PaS((D~>?Xvyiwcy51fS zWaU}W4fMJfH{JSJ@;AARxmfbPi9Ap~k+v6=!#Ld}2B69eUva5FJIImpi;y*!h^M()pOG*J&R4E_LSh9g;0fqGVafoJ?L7JRmL@ zh%zS!<=SaJo;n}1DuU1sF)%T`gzNvrBO)X)7EvJSoHmd4!JF4!fU^lWF7tm%rAycN>&X;5IOksx?VU0r9P++_sz(21JP>TMR61KA+pdIp z#WxwASP=;=SnY+%&_>?l?+~&WsiWHd&MRQi=h3S$aF2lY*Zq6XcDy=psa0aRpFGtS z@+%(x_pj^OrPkf=ECP3PCn>w2KmAdPrw3lOszXD~WC#y!tMi!118IZtFRpUunLRn% z8g0(D&iF&BkypZ@!3! z8QAoaRf~j2-+z%PgJ~!tBr-S+eOoqMcJiY1nt?6Chpw=uTXr=M#>X`KT2N_^C=Csm|a_#knBiVin{HSp~ne zLLNH+YHlmW7k>)kf8*knYPY6Vmuh}0)!Y6?LOCgJwK~|%k6Tia`~9aB>F$F}Nr&pf zsN6*d5ga~cg+oL7T0M9f6I4X6K~1=k#+fE&vcs5S9T5%{lu2(uE#v=NR|y|60|cR? zyF%aU3O&0k^o6d_&vb=8L8wsScuJBX81+jbG#0EJK4U>@$QZRO$4QAXH0;EOb&T6k9Ue{r%R*)@&CBg&(6GQU%izu4KCODUzkC9kpUC zx82Njc<6kat}*g*`@~Yt)8H{r6q2ZJwem3%x!+$(3JU0598?=xQXN%q<^sK{;?@aP zbIMlL?IxDX(0`Vh2JuO`-Sm%@zu&0BQpi&6KU02@)t^eg?MJ)H-wm7pN9x~I{!&u> zGv$|dmH#Z`JXQaHto;2(4X*zGWck%yGxe9`oa%o=#r6N; z8 zR0-MBVJrB6%CNoALd#K?wu)Si?C+G%kHp_ordZZ(Na2^x@r_9QC6`sKV5PE(V_9p; z672CGX7OdknYkczDhxD`}-?rL8O%x=fP~3>taZ~ndvUQy($NF-hp07UIma01H zzNn0-r%$pht?=z$&O@`PmN&qeqvNuVLDi#9!jVWJ8YQZ+Y|eFDlOK`2-}TXiw2_{3 zR;Adf#jun!>4r)gcCLy{xtC%c`EA1#TMUCow7Sl4^30DyMFQK`anCV^(Sgnlu&cM2gNL9n(s^obncLfKeeavw)b*BB~;T zV|BAA#~?yg15K+ynUh@5o@w+3ql<|W9$J|iiiw+wc+cm(8S{OG)4kA5jngBco1U8< zy0MY3yOaPXNA>0`=E)eFvxLK?3pgFZhNjoJqpz2@+Dne2%H@lYx9!6I<)zqYL*^Va z!))3m##7H2dZgp2&-mH!PE^XCt~LUmQy+=nk&7gL?(|sbCO?W zAjs!(1@M9Z-q&}BeItUbPi6ceN`xQvon9Wgu`Lq%eWT&NW_swBmJ3L^VWp6157ffc zGuTe^xVlC=pxiw@w4n*88+n;|##mt!+OmPbmVM#S+)MM7>3d}Ll4Z4^B@TY^dUvclg<`XJ2_}?hPf8#&<4|rh4PHzR|pGUINXY!JFvb zh$%#lne8R+Q&$;ki3f}oHMY_J&C*$Ie4GA%-W&Wnb{%9kfmY=%Y9!~JNRCXza}7wO z0;fm!b1=N&oTHH|I}amZ9kE0xmbi^O4pZ})0_LOY1=GPEo$N-*>Re(hbc;#5#Mlxh zFB@6d`7vH#CYNv{$+MKfLFt&G(XpX8nlWnTnFg~LfmMunb2QH8bH_F_Psx2YKUIs#5&-5vo0Np_6+_^# z%q+~_3_1qer1{1T-!%J}BwrCLV0PW>GOdqv5CMmC^W7#7-xiR0wJ{ORc~KPM%%0R0 zBcjeE9^4BgEeQohnL~_Y!b07&Lgw78=$0$z9jXd52fR#;5rD3>`Ndho5y!DoU2W7j zYEcgm_?Z=H?Sc(GvQTN(63?i%U`$0?Gb;kJ)Z4f6Sn@nJgX}X)1{bh$Y%UX5%}?+g zIU<;}h&O=U({Nt=`cVt9|{s{mVgAr`JcmG;t4cpRGcT+UzZsyVxTCL^P5GDuh9?8#XVsbHFr!5-xtBA@E}8_A%pk;`TmY@x0?8GVJtm;R9hr+428J?4OH>=l zlUj%?K-sRM8x8GgFk44h)C>t%gSnJ(VvVE;+=gVgn$?q0a|S74vXdH4oA24Zm#LVv zT4fRcUt2HcuUzcud4@%!!^w*4vwISGS0?4Bh~(iJ&z( zjn+gb(eAaBdxZz(TGvk|Z>qk7Bo&l7Bi()#lsUs)7xZ!vYzH9NO1Kr*scAZfDP7jd zeIwFBznraEI5oESV)3c49?bd0=Q4S6*+uqixp5X_GDiNyPy!dE64SZ01ItQ`FO_m= zh#&{aM4)n7I{!<Xnc9?8lM8SPy@{W(O|7F!7C4pUTa{ zFm(JZ$RJnFnTA5!?`1}I5R*?#Wavw3ZA2F(uCDnFf+#2Jbb2dh7@bem4@IP>^Yu80@w|_m+&swExeBiV7K$mn2+t`m`C&ZlcPZDp0bnwI4@hOVV!HM z*b=f^Ac11~a(`RC&d>TkTIq0>qqMx>7zy8Xu@l{f+@&y?k2s3AGrMH}X+OnH8GCnG zfy1+#*hck-|5)e!8(|>1SGwycE*0wL`2R^I{eqH;yn>{6DCz$B-8`JBlPs6E`~IV& zQ)}#=a%%la_nhugPQUM-)6-H%AUnVEDIu52_A5cQ@|BiST3*N&Wek%`&RUK$k1&rz zL{6jU+rvy?vRE79CHmCeqUIuJcB(irJ*!ZCzgh)-&R$otaXQPCR<>%ZbO;ugJ*jxJ z6}pBiH_rO9*>*x8TSWGu+Gl7^QfbGQ6BkaGhUW0p;nGkYGx1i$8^-~>mGH)C1g8Pq z^(dvYOG(8VbY@@HocP9@o2`#A`N3B>-#&{{pGEdrlKLd4G2BpVK%U-cH4Q6EcWP!P zWJ38_p`qEKe0hfo=ko-Ua1oC9O37m`S3?pQz==CkmfRR=`wFDd)d0*ztS46ar|(oF z*jb3$p%JreG#Ez+!3MQ|wX7E=-JUf7i)6Pg`AE8ILVCQ_aoV_l*_XFq4wCrLghuz?w0Kr*zg<|Ep%&dn*Sz z5_;8@LkXeJ)KF4d0nY<6x@KGAY$*)!7w%PzZHvF|VwlnnljfN7z$5n458YgcJ^O^5w!h|AG%F#L_aeyjC%BYd69k{ z^*{yxw=XpJG2dl-X(7>@ z$Zj(cuMuGz%#?TOkc^0pipT{uAu% zt-MoRBAfN*ZteKLRAkp}>}*D%DrNg&TDG$R+}&)Qs%b{#bo*LSw-li=AbWLtm00yQ ztEe(mr>Hw%vu3Cc!=GGVuxRj*g}OTsu$cxDqdlxiG$^{1XtSP5kSI1WZX(f>i8iBi zEf$TKN>F^<#AxEu3ZiEa-J;a0ZA@112#Q}?5l!4Oi|E-z8)~XHZdr()9gW{IE1LLu zwdSrwjh68MZB!nj<5>0XKBN|kV)G6f z(9m2-6a(wjSdkn#9~gjMl(;oNeBu|%0jRkmIh9yE0APp!_~Fy**y;e(V38adKmdS! zPy5kl$3_QWO_rkrb^ts9crre~_RA&*V2zd&EuJWV$pV-xO9T@mI5RaQt=T}bLI5)a zFe3(%6_FH@)^H#>O8~P4Fgpg4vmzZ^XbfwyoCk~5n2`Yw7OOQQarcbzR5<)(V!*%e zhVMuVsEVzfdso^ROq{ez=Bn7#9?l};eizu;fJv~ts?CC(gY04^8jncA@~5XHu++sg z9J)c`tQ1zHltKZUYTXO7z|6wZa4QU{R0%!6X-Xo$)!mS{!0!1eD3Um-p<904;6g)E zX2KSNZ>S)ffF+~~6(F|^F|%O2qNQU7%y?x`)wQa4!JDHN}j&?XMfiz>8;Wzd@{BZp4 zcjlS$Nm7@YV%q+&tNC)bi_Z-cKOdWCkCbVz=Vqkk)=++qG}wp^<&Q?NtE+IY$aZxT z-78|IyS*pw;;em1AY=U61n|5+kx`0zi)MAF#p<`e8AR^)&#_3eZ5s#*&$~!O7+r~- z2?3*s)j$iFD$m>gABfjf`bk?i(wuL&5X3ULVO`FSxb9y{v$Bk!&W&S!)cA&{=EkZ4EYl1SffRX0zU&_p)Cmy1}Ap zf?19B#>pTiN)E6vnUL&V%0$&d#iQ|FT!y*Qi+@Af6nbKQ_j8x9%f1|v%#}GUNml;i<22ViR8L(3 zq2o3c>!?so(vQVUJ`{-wJ*YtC&+Vu1vE;v@RG7@=RRK`NhEfs0TwWDGaT{3ED1fnD zS{ljb7{=KFLt>EYaZk&MiCRNUHVAZ*mw*Z1=@rPCd~_{9#&lnQjOo7o7!#~M(jwKN zSFH(k|LSk3i6QQ49IJ7EjGZ?jNsH2Uy@aG|+;X*B5McExr(UT5t5><2F@WIkaaw6F z2Aq0nI&G;A!$Pl(!kzwRb1L!B5^KM$M5rbG8DNEQgCLO0@$mCGY&YaE^{2#|XyS%K z!e1hMJK;ARA<%FP?ifkq+q@nr(I~!|da`?^_#;Fb#p^;727MHNgiND&5d@CX6dwpR zcT@yI%>l)$n<6fMq?$XBYOb6WNHrT3uXc`LfQ$5qHCH0m{M2UL#Lok<=0#_}3vr;n zArN7rr|fm&3#Jh@o%7?wmy`(1cxjBD(iVs=X0pkCQld*ER#@h%U?;j@tjR1kb%`zl zP|F0O3!ak%z)wna5rCQ|=0umML>GR#L>B?5ZDLMziAr?gClFn>YQK1(n?R6`5M81Y zUHFMn1fmNPoB-51v7D9$*%01-6uOuWSNuQhR)oqZpszxuu1p6Jl^CyUe7nS^VmXr*mXv7-F;1ZdYc~F z)8Hk!{uP>QyA+Ib-WV!#89#GN_v)urKP~!c(9aV6EYi<>{Z#W)J&T_9R+p9{d&zNg zeJ(hJ|Mq>paD;t81_=<=!NFY-fgQHkKuXTzQ5JusnMeBt;pC5$!o22&aTHx(o`bVH zYj*U?TU}n)Ir}?yb&>s^$9rd&#Sbdl$M8%073Fois?J8}+pF=Id`yR89$N!mT+Xwj z@n<-P@O|ziacLwdJ65+QRQo=qh41cEp`jn`;CFZ@pSP3Aoa5t2jckjfL(*OWVn1N7 z#@u5Iv1~((K~l3Lmjri{a_$ITJ|^XztAOsE0o~i6eN1ZAwD!(B0N5PR3;pN>e&eg# ze?}qZwTWGkBKbr9w_G*huF6k8xsiNRm4XX>iN0?CN-E&+TI#4JY0e}j@+<_CiE@>E zk=9$>)R4`9__nfyHMQKf%2DzQM|G6^0vFiLx$7thPM(r4;2BO%z(MI1cuT$wZ^?7< zmOK{c#J{KS;wzlbL|!BPb_yTED%%AayQFPO6k*K~e7r}yyn?Waa=Xd31G9}C9$KNgUA z0B+dc2gpx=Y-s;n7o>`CZjV()+U+r*hf1v1dqMCkE4!@Ogo1hq9L zw|T=kernWj+{`n}l=l746)Bg*qtDsYJ6z`<9>4KNT?D)LH3xI6Ue*BmY_|b~R}EEo z7n=C(2zfoTiXH|LgGmV|;%{Q2zsGl@Dbm@bE0SM*WFk=kM@iU72-Q^)#Lk>?HaFbb zkJCsA!07mJe0AtY5v`qu)EURZ(in-{Vkk?@!7an`-K$noMebEAsS;jo8J6$V@)BnM zS&8$_-GC*|x8rnM!{wWPLa>I@xw2csp|pZe>r}Da0k$&B7g?Gizn`!~7PCcksBeMLgNAL1T)`6FjNb7=)Rz9DK4nt>y^OeA)Cr55E4y|N38ilW%2?!Kxbd-seNe)_{(U~U(C<|lpt&zq(yvhkH z2YNe!MfFL?Rl9k;jk4WoYK~m+Vl~0%1hvJ(eQDmiSaJ6{UWw*)MDx}}I@U$=2;3Cu zcrlu{m95u^qB?bo*|ARY;s^`T+oI4{%HhRN22$OkED(Yf*q8;X< z@`=KX<%FUjindmDm5SYuD@G7i5=2pTzAcL0K!Yj=-83u8bksZ-MF*kFq?2?PHIY=4 zT@-zW;*d_vT~q~8Gh7ti$RT;o1P;lCJ5L>&57QyUk0c~|IX|q{qh=kk?lo=^uG^1n ziEOIxs-BGoh`r`}*{Zp#TK0sX0kEt_$?F9U{ozj9J}yj3Pn)fMz=du zta%41dX*g|?n8^W1qGr8H03X~y^`3XaOXPN)R|TvjY}1MN;6Bb%0A)Fm)rZY{_C8S zUo)qr*PW5F#CKXaLqnSVT(y@2RPx-?NT>8`>Zw_$6!l^avE+rvyDb<_N&1ks9d@<3 z6J_x1eE?%YsR~;-oK~VRL(gHbW=?~0h-R}~r>r66b==(`^TeF|(7ao8fTtp%EfN9E zJ%(0~)6U4XG*&YK%OlBidwcOJbf+pW!GX{p-{oVzcf-4%@T_L*0Fp!bE?IU-FC}L> zG}WKvx7D)?WRU8H9Y1sYPz=h@j6qSFw#7-XM8SbR3l}s(#IjO{UF36l0 zu%2h_PCG}3RiOz#rJDW;{is9Je@)YjjJd}~OMG3pp{-AOyg9soho}<$r39nOBp^0SSr){`QWK zWu%G=41sZ?_>_g}X|@RbKOOiOYT4s|a1a=~>aoXfbMFxD9{)9aM`LD>zh1ApXL=qJ zD6oq#un22fST#*CA!-G*#WwZszwggYAqE>V1c-%Uf1`tumq8qLY&~Ei7MdV zQ<4u)au--P8BwAWukFJRnImO|V2nkgJXH1dHeCosTy9I<2usLaHR`Xxwsp?WC6qLj}5R2h_PdF%I3YBmFZY;rpN8)Z(nFgbxiCmKTe_jm;q-Lc};-JgG5+cC#qGjN?Sq@2vmL{ z#@!gTDQ%(V=go?)yg@Zq*KMYKp&hX$Wv!~@S-zDXk)&E=oklg={4buP%j2q6OXcLm z=v=CB-;XG%EHP&(B4P*|QHkU3$%A4`8bftIAg1jX{LpVoB1$?Lf=u5<|HB6#v)*cD zWOx}P!>@pf&%nTYr+3lJtgM`{`K$}o-9t|PklTB)y6oRFD|N^Ew}d`<6F=elU-R2m z%};<%AT?>%SrkR=5uIm5fcPyhv`E9=^Xa!kvZM&VayYH}YAAl`| zSiC8WSSnj4o#C28eM3JK?bKh!Pg&^KdqXuz-q0~(wt^^k`=@-tj5-c7P6#<2j{&z( ztvYrU*9)PwtTtu9kZ*}3=g#o2+wpN{((BiFa8P60smZe3evNF;U5kQkIGf_woW3fL z>7)!jqB+f3mDfejf8*BgQm^cEy=IWxlh^SRu0OypI)lmnZ`_oswZ-ZuT)$PZpCfi< z_gI%!+amtnD%m8Eh}>Q6k@~@Bm;jlAvy4%m;6L%6aX9hDN)A}c7r9Aeho9IdF1f>h z0XuSp(>FW(6?zwK?J_2ymV#Cwukw0EZ9OxG-*F~34R{ySYM{#Eduy6|*Bt1}OVvp= z-^*3VU7QC5F?y}0Bk*1o9s0I+{;FFCQ};FB>DDri ztUgU~Z5Q+7Ve{d0u%BkSCfonlcXHuB2hh4_hiFf1=#KUi!hZuQOMRS%y9X{mXpb}SQZ)0kC=bD{cK$HPn7y0eGrAfEx*y2;e2< zicl~|GF=oJM_{e@7_dAS`+s~Rvo9}W(0<6EMVW96gZ2{!ZS>0;w9RV9%gAA2eA2Uw zE85eVQ6_PQH?%$AkoaMs-9&)H~7DVohb_cuuveAx!jZ+c@6TwpCLYc`Om|AU%za;l9D72KI%5B~A zbKUo2<#(n-ncIVikBQh4Aue>Q28CD*rTk+;XG1+@6YiK*jx)`S9@JG$IyXZSw9*&T@u0(CPOP6^O(0eo$nhtK*&iZhI|n(ED~rJ)zo7B5Jt4 zmrKj?S7 z=P=WFq;0HoLifFBh4#Itu=M!)F)SiVaQTI%Ck-S`$EHv|~zUE(EA%&eAMI(~^xBvX-oB zksutZyPODXUDk1vn*Hy;X028?lHj%-lEtv=+r4}z--+A#4`6Jwt+59R^)h5EivjHL`DW6`w!&p0LdCq%5p(^8H3OEL>Y zEK!AtSod^~bt0DLB4fWdc8_%vi%GA^8@oiTO#Vyt7BOzRiCCAzI$=E;jwWI)Oiidm zY^vVj-zd4m7NR@+3il3a@9-~k@AbyFPU&Ss#;wR8vKV8t71LhMsN6>kAKJXPWSX*h zB}fd5D=!Y$%+1ZJ9Nk4F;#=elo1F%mZB323Q0-E&3~npc%oan_8{1<0v$8AuD#JsJ zRYuFJnX{!6ah-5RjWdO_FJITK#hq~WK5g12t0LWnv!87L$Aq)R{z=bE&xBuW zTTkLy2NMyq_&Sqwh!H7qZ5nH1ZKkl?)6`L)A+Aa80?j`PK=bi?{#OQeiEIBsn|;1J zB2HZUA<5cqra;8C`6jM4F;5}5z2_IXx`k>dD>@L@?s`2fuC1TiL&d6;-{(mH$}p~2 zbJYyinK~e1WW z^**z8n2$B*N|>$t407LV!KCRW`b87-M5X97RGkiwtvZd|k5A`5M}#_xpK$$ne%l9o zU+r6Y1|V%$r>blq(+uQNe*LWJ^ku`870RsllyK*^yJz>7ELqieN?Rkk>r>i(_km*q zM=AZjbk>^sg3@p9R{9OyL0sv#sr2tpJ9_D(t@N`qOJ6AQE>^dttM2*ftncV5UE)qx z-FIR0&Dn%E5Lfz-ReJBkN`E7x?)$jwF{SP6Xp%^vc6DDwqHZn!lXTX%6BX3`cf59$ zKC?TBEB%jv_&>Pr=ymt^s`R_DN@=Ah`;0$$Le}AX*>}G)nU2bIEt2)M)R|O^|5GT3 zaV7G5|Eg3A>=l~d<|kZV-3Rh}9QiD87t#We`B!|_ZT5cOg%^3rWuj1jWDx#sh1aYY zLHK;a#W9M5s0l=&Zaa_QC`xh~dd@=!Ban5BUtCOl(k5El|K09iGFT~y-0k;Mq-~}8 zAD=F`X^d$pH)>b!3n@5^Co9syZRmPk)AjnarT(8;Hu8}a$zZ$RR+KL27sNl+j|K>G zxsPwmdf}Ybxg>O$d&vbZ2h*?o?^N=){i#YG>PkMLD|w04*eXu)iH3kBzo9F6k&+MU zN}iuio=T@y4NyCWbWc@x0l)G26sjp;E7G+_Ujg%F^+Q zw_cOlCbawqbpdVY0$O803mionT*ql_4GqZ&4Z(>YmiKAY(9rRybob?Qm-6x-uq13T zpaUEb@(R*uQG6yfQ~kXpr+0upbCz1wXniJE-LyGbOLL%cD_Yk!)kFwhWeCxr^KK=x zXwr-|P{a}<$wJLJ#Ug^sb2RWF{|54>97TpK|H>gcx5;WhouPaFzjYhBKOsC^|3ikZ zKej^b!%Or(?g9;Z**tYx@?r{IV#x~s=dWZO2Ae;cnm1cH%C7E3ed8R2a;2ONH_j6K zG@KvskJ@5#&yvO-L`H(361 zDp+o5JGH;HZB+ryRdu|7QRongWNrNjMW3g5qjIAi2Mk}sWrpXyulB0?tZwI?zv*U{ z`F9q3tU2=K1?BUc&;2Xqo!(Pk|M4S7mkRy@%|ud_6gm{WnF-ZQx6=Os`6 zx;^^;ClCLU{&J2X=QkngIFf2rR`D;Pl+|a&HOHaAHFp#s9t`-=;w(@PQkS^YUJ*Ll zLp(gzTJn2~ORa$6x?4dIG{$DxRk|s((SP;?xBC0E+6Z^0o`*s4iLgr@W)&XqBJVrS zHQcW{!arI_d!QGK;kFSS(i)bO{C(@61u`uxY87ilwLZa<`>{H)3^tMQl9 z_|Z6qB3xTo>(XAHmzIyn!hQ*9vG|Tq?X{E~xfUG|v^VejsXh{)k&<=I!G2*G z+2-hFLgVoL=n@_n)aaj@%`=C6>qPJ6^J>o(na+Fo+&@|EWuPm+bl%c)|D66T)aPH) zpGEq7H2pb5pO2+KOZ54;J{$cJWd2vZO7G$P=kKfz*BmGc{Xq6p+l~iGj7Bpip_v)( zG0Q#jZFwP!v|jvPJ3+>@&=49pRs`zmt) ztf3q8y=%D}rZn|ROV1X0$m{Fpm`I{Na@fAUhtquG4rDOGbf$03ai@b#|s6N zx-U-l-ga^PbK52)i?53`zM02mEyMoeTwm~Q^qy+TMgqwOI8i0EbxiuDQs-HalC z`-pj;^=cX!zJ=bk+!T=Jf6a2p=-oT-t2xNXy{dTjU3u-pr2NRM>PF9EL&8H1y~w*3 zYbvXsE&|b^tGv!t{{8E6858HeZlp-9OZ@-H*Jz9;mRb!%wXZ>y_&z_YC;%(+XB$MQ zc0~|V8pMq7uMT2$4>>3St3=?P>BkEZ-~RaS|t&#k`%t#!XG@V)i8j<9yR3rU!CFL zokM{XWW7LR%HqN|%0Aj`M<&8UhSbCCv)L<*7jISLmwMhxnHh<8`j^YTW2y zA@`t-D>;6uy;t_~bvsokGnRP0pI@YWqs65tC^5b( z>PxAjH_Q!dFQ>M+THnN!*b$DaO8DtcLRWJY^AOMB4N)#+4hi3VNTKMGpO3oL!#4MX zl3%1J80fRn(iYWTRy>3yi-9#JFEKT44NfXl5gGa%T3V4vEBJ#4QJdsaH?1ZgEiQr@{OC!lB1W1vdY#XpZG00V&8&tpW>okt_+zlJ zS-~$_!x6V$aSvKz;<(GUhg;Nh(*d=`dtIvgi%ZC#Xx*1^9~!fErrcLWIsykI{0=jKTxMmf+L!kcn(}kVAj_!IL(e-+E*X!qbh11Ud$Zgirt)U;{f~B)= zjmeAFkD>e8X@50&Q53peWFJr?ty-Ry-B8o|H7W4-Nsb#C-`ufzaAVEhk%L?E8m%qE zt}TP!4chd%Q+sIB11J82ZTi1#PS_fx%-+j(znt-vZqSu9=nJ8`v#ddH)YYBc#`vR& zhl{JJvbwUU?P2-}VR3(~n{fJF;=}d7V{H4qCz%Kh{pXuUzFnHWx3qnYZXLd5c&9&l zJzH7dv@dyuDuoA#hQc?wBLB1!g1ap$4BQ zB3705Jk5mEsq&lA#P4l|5lPO;mDns;{}E)d;af;vPB2(LT3n&v`v@kmB$li)5xbf| zR&@TYF1%3h2a)p_FX4FkL_1XG_Qn^>29N!oVGDzITuMxk+kgRzb~ya3Z{-~ zj3J@AyWi&+u7V%Q=gIzuE>5+(Ey}{y?y_+1AAgA!WprKpP~cwf4o9K%&lZi3H@_ah zb?ag)vh5_s9$qTSund=6+FJtm(?z5#bHYhSb8c3GX@=mM*16dY+=B==?&-&UDNPS$ z@ejp&&eMB}`}7X4^Fxofbaf`Tpx9Z`w{-$sNj;=l?RI?Zp_BthhYMtIbgqI%i;Ik( zV-oij$9o9;TydI@b48RdtmZ;JdN4?gffLTF><9Ugt1pqR^96H?5b6V22d@o;f94Q$hcO&D#}+|AMAgKeVz z&y7vxl`&w-HDI=k*FdloFiyCg8w2^sVWeA-PG>l{0d$9O_%-QLg||&TsMC>EM{LHt zGs6@!K8_`klb8!uP$D}Fd+gEwA|wdyN_^%Mb2{e#v?JvXEmZp_$`CjCcVLWnvzV)s zXUO4eYl*c7Ma&lSRX6#B(i0}2i51UkOi z-?QJTTZ|&q&QC(Mf9BN{4925{ap}Zf%!#z7KM0ILshPzpr!n=RT2)L;@WFjBL207w z@PBNtXzS`AubFsT*{U%}x!8=x@AuDuX==gyx`H{Ji8r&{)u2t5WtRdspQEe>FFBS8 zh)Ywjn3{$nUgtT)?01nV|GY|R%IJG!WWgLfNpZTtX3TSn6v{b&tzc|PumjVo}RLVu9 z9I0jq-FG4>1L9zxL16Q7wSw@0)nZ+iNuDfUUkrdU9=N9Zi5^nAI^>T=!9_yB8mhKH z2(`pQ<%inF8yo0<9nN;#iOfFoebPx}r>duK9>+ji!)m3w-aloOq|-w1UcP{7eBg%YKaxpj>uVDr7;f3Mj#{;EFHeyT}!*YhoCnyb7;=iqw4JLoXx?xdNRv0U74z+~Q!N#WI_?sBMj+D`hw5?wXzQ1eO2KWrY;U^% zu2J1Eb-Z$#ivB3lE35tYF6Z{eI&w1eg8rErRLDaE7(f0wv`@UzmKvNs4#oab1w-{@ z>(Z0Mu4jM5!yk1(qq33g*t6o{%bSrwvJBsM|nIy`z5c!mNacHDCn{=&@ zun<`sr2C4}(W5Ezkj+Z>%GbJ^hfLg2$O(L9AAhE&47a)r+pgiO3lGRSmFf1w9JI9K}@TiIg0elLl${By6TB+B(a9^29Rw5AvF{nHehE`J+Q zYykHT)jdso&DPMu%qoinRY#{P9f4g0=`TYG0uBfBE+iBDa=;Q1>qeeX5P z?y5IWdGgKrixcVW&e%8jwRu1A*SqZMrp!B|u=BfhJ!SW4wU~$VXI}?>nno5hOhL$R zK;l}VI5eYrSC#4b!?x?Wo%wFIrwZyqZzow&f#qg)$>tqEbSgZd-A zn!VY|bIOYOhy5v!)SvQ9{V}pEe^Iag1cUI>sY3LJs!pdUTyV$wXB6w;;Hdw~|5*RZ zJN0J;2S36?;o-~V(6Vn#er3n!VsZ`B$N8~>HCRSw$~ez9LE;Uug7vWiwuIM4YF^5U z4&xrpy68Y$A`AqU?cjk|7e;Dc!*trH2L8Et*pCNxY$xQ#LZjF%zJfK-)WYzT@KyU( zOt-%;h6dFdT0!|LTqR?=Iw<+qU`T;NEXT?l0K@=S-T;;NQkFM-zxP{JFd8bO;Ig&+ zuZxAsUge1fYjb3s&-^_SE4z_(ZIQeN_!S?UBI|ZW=;Fq0BO~ju!u;0ANZ#65Uc0ac z-7G0Kg&n-I(auNpp6|))?5Mo2l3O0pLD5+4THW{ z+YD_e8H~;sn}_;c<07cE}6;2+KSqwS5miegw9E7%#qe^_F4Zlqv?MlHSJvE$KkW>?lS zGTt#gH93Q8B@!t*29&$#dvLD4R}5Uc1eyh($-;H5}S3v$MD7*Xmfe{H0oJyL)o z-RS%P0#ZnopQ=i_{2t4p{8TxIm;anAAM@)ik%E>8_vWK`1Z&*hRsM^Sf_EagC`*hk z3?QJxRQcWOL;ZU!hw@Y999}*GB^?9P#)y2ux(FZ9_-hz}>MH-$NWm^0;}$dk5RLB= z3~K)HsTHwPK8Vz8B*og;DF?-^VA|XG2mUM`^y|!Ap0M+=@Z|}GJ&;goRzSax+}|Vp zCb&v*E0lW|lsl%-pJ0@$2_QW{yu_z7L5y;}V^eOo^lYA)PZliNA214i3knS=QqFkr zq$3JtZ72%fAlNj;di0gPAs?gQNcKB&=mw2KzOmuZKK<60%T1A*m$PEoYaFwW6}%ZM z*cHQ7O3f=-o?OHyUg6&l8Z-kOMfsEt9)kckBs_KZ>Bn8M7k=OP7M!=YEuB;UNoAK!xYiX>tu2;a>|}a z&6X_Yu~z=upcx)4SdC_|R(~5bGxtcEvDv??`{y@}dTRfgrcwL$uaB%=RRn#&Mw&*w zxSxgLMfLmPKLr;1CXNi?Bu&fNKcT)&%M%^Vk(v$Aep{qqZPW67`?-g5DJ+Jjcqia8 zP22bF|3fud;y7!>{x$pb`;rCDO9ig8z}GBLhmZ!j$pYW9KzH=F*21@`beGL8A<%|z zu@U?Iefn(>?}2~8ZBod)5v6&n?`1vA+sw3ne~QDn~+&+kt>DF zPD7^AkXa)}1kK^|@<)QIs;- z>m?o#MZp}bijEo_A*{FRb~J5&YCosC=Jm{Awzzh&_czt@u!je%NkurjEOwp6?*Epe zl~|2y5gRR{)84mvZiLv!u5TGId7b>@eVBU^alhNNd`(BQy&h;<{!9n+>`RUz33sZ` zxLMNyb+lwDy3y!$h2j|g&5A?*S!Z#}jeHsuw_Zb#xM$Q&O1C1CEq9?r_lU(mf_r$9kB{UY1bx)SJxug1`x{>!4@#rJnw2K*}o-r$~MiU%skOkcE(OY zU@dRtAFm7uth%Ge0wYw0J%VE_iMq{ii9Q!6^Rs?i1VM!Av|l6Lveh^mm>#+bld5|# zzq$wG?t9+ke;5Dz`R|k=*ao)$*JOFC8}dnt7r&VY2tCxm&#ea)e}aB4&)4tOMf#my zqTicJ^?U0?CgKWG;jfUNS2zu6U#GXNdfTkG9eR61Z+rCij@~--_JMv5d7aHwaTM7; z!~axFh|c{MhC}DhEaB(2Qhw%6+_xe$s5C3l=iB#ouOG$td3*0sD#-azx?-h=S1hAW zu8ygSQJGTV_jf82D!fl?Vylku{}p&1fxlb8ruoat1GlaGWM-d9AiQ$dp7kr=+OuWl zYkS@#?Cik`n=|v|^YuJ<)7qx(-}&+yIwY4ei2pMGcNGCJrj(znEBN_MwW8+C{KFzW zC*8Vc<=MBsyYi(&{>rltan|;D1Hny=u`Ta5HI{EV*c85KOJh^`j4iJ>g-_k`c2oG| zExWNs9?yj*p(8JXwfiv;r8tp`_L zbnB*-r}BL5Q0vNz4mGSi^-yb2*Of1A*|YMwEgena^R_(G6h3>)i>llI$$)b3`%6}k7+l&QQ>n2C1^N$WYJvz{3K9I}@TIR7+wxGf%Q7~43 zyoCTk-USD_N&)jA>oS*hS&%gwA4e0>=SPROMo(d3))YMjMDg#ui_AGFVXcRE$PZ-d z3vW}gf)6e8axyPBro{okT1aEQ34{`OseY`0{SMgP|F-f_Si1hH_3ym=EVt?n)m~qa zm9Z8^^?5Orf;~eHV)pSEuT^jnZfMbh7{g)VcyE#!bJRnDAW@qfY4_qDO86UYkFIKV!L z4n5+fz-uiG8Vdr4bnNMVt692(8U z0WTY9dC$kNzZVGmf#!?VFDi{DG|aptif>VLR!UUA5w5yFgj<-Z03GZ9hbl&+6uG#B zPHAbL3Wd>R$J6qcrMloMb%9hU)CJ+pTrRWb;l$olwt`Yovs6ouPy?;@*O_~s2aBsI zmCIT&*`VDY;jnhL71_Jk%@ew(Ed~k|k6EAo$G8Z(V_I6&bE;)P%St+fS=d8C*sY2{bT0bSuecZTl1XY~y7Y z8P0l@q7hF_IJ%YRtT#EvkRy>>7^-(n#NWtdI_0Kk+<4U({IkdjEf^K*B_DK!Lk!TM ztbjqsykRj~1jw*OZ;^iVm&%MUsT!!UQt7FIUDPx6FLgQ`;!{ecwpS`Wqv$#-%V^^M zVxOlJKHT?%#d|IM;o<`p9uyr8GSS(9GSO3+WLakS7w1~$PHQBZps6kV;o?FI4>0){ z$304{lGLQ7{$_^@dnpQ!MXU8uBHvP0p+x{RqC=GCM}=EFwey7s{PftyUzZ z1gVbNIt@xSBfv>n*f@ISfT85j`C8QtaxT!KpG~p4hN`Q$8{_nM143Ir{>Mt_ z9Lq?UJ61yHScq@#*okfL=Rj{6^N*4}Z)s)h5%k)ALjAkuC*x`2DV`{xRI>oYgYvzj zzd77HJhJ|H15hV@@GVM-@_d1O#sAGn;rqh8_$Ih}=eYkkGg$JdW zw=zn>24L|q39?#E{(*dki6E`XAxNIbOw|B@|2I-O0l|jH|DlwiWgSwIm$*sWj2LPh zpKoFkPUZb_ZHS4?C`Mzgh^qN5><3w6D-booW_#Z2?hDZ_8w21{0q59W+F7<;5J*Q# zTWv5dH z!DlqO8Ys?EwAhPF!63LoBVj6RIHTMm0}0A4aUZVS)>JNgGjcg*xz(u@^D|OVq+3aK zE4I`if?_AS4_B;snIRv{4}ZV9i&Did>0ay=VgXZ27~PsCGw0pVpfVJ(-1*E~bGqi& zp@+|}J~=XVA%DK88O%+9ymgym50fNq8g%tz26S~}-m5U=nD=J6mxogm^6!HQ*(Tc@ z<|~_Q$EhqiaI?ww$`Z@f)igD^2Gw;Fr_HSmsWMvZh2?tJ{EC%*C*cU`r* zULpr8^Z;tA3?@)y92c->ODw(*&|n&sM90Mj>1PW#d6gCufq?UKmS9IR+9D_b zR^%9MiTe=eIr-VwH7d58y1}0R0GqA0#4zUh_Hs-%+e+oqrAnsb!|}UCsa%5L{P+1? zX)49U?&bEtX0r?;sBFIbaK$#HGHJ=k1f-hy?|D|KNTrySkwUXdn$3z^X0lmZ&vXe? zhka^)Wx!GPS2(HAiNHU##gaN-SN;Qg*kZA>E9Jkz^3U96iG-efgFT$l?1hYW8!e-Q zjh4|F8!f^4x$-~d@GTaX`5LdL<%n&TAoEdV&IS=;k3^m$_u$g|BO2Lu;CT4{%m1cv zGUVSbrGtNLqvfP6w$XAb4d|=*i@MG<@fZ!3EEr0(1*n9W*sEaH9djkZ5TsA5S-a|zV zUMgr&B5Jdc)eRr!b-+P63dkzLlTM)YU*1%9eIekwipUe;OF&A-s1Oz?Bi zibLh2GGCMqMW8oNW2ap$JXlpjTYs;y(Hbsn{`a<@=-H~49zNJ5g}B>U`w%$ z{FlSt7e^meD(a*xtf06#UyCv(UyE{)v?zUjN$EdnQNEBCC8+h266EVop5H@%0;6gc zt{eB%pNv|!uU>D~pX|YieAUL%50z-&3|iPPG41_q^GR@T4az!j^Di|hSNO&3twEWS zPl>hUVotTts8jjKq5a?RX1|km{k=tahf4nsO71oL(x80#zi3c;?n{FL?fMPW^S>Ty z0Z7&q(^%1QIUhoip84y%Mj>_&^~oAU4M8i5X7$N2|G)agsiB&e6GK5y^KwE=?Eh)? zi5vfU^XGr3DA~s}CrV(x`~R4tq|q^x`Bv7odkj*P9QeN|O6KGgCEZp#Dt5H5rRtSd zQL^`3P|~a@nbVrhh^@W3$_=1eI}}i2^8B|0s00A>Yd=+^pGwbv! zMaeT(QSvW&xi4VOSfdIeQ8p_|)`{cqp(q(^q4wk?t=IL9`Fvmwtj4T--!;D6Z-$=Y zKea@*C`z-ZA`hU}q{NZ({A$i(9|9=h1o_cqU8OwYBYYmA#!IUiQ zdw*~*r;%J~64nh|ucLde^tOh)?{I8ZV%FV>N2Y@EKwzRAMt;5@2i&lk4!k&)pN4Dr z38j9^Z~8duq6C$RSgASQlgp*xj4j02T<*8I;CpG}$$XcZd-#rT3)wt>nV;tvo2Qg> zX*tx^DPeQXjFz*-iwLan#=N6LWoO>&4i(qV)S=?Vz%Etr&3x)8t?FMwNi7b(CvqJF zZkv+*dQxb^^EUrUjpqHXThYyoNpY5wbDwjgcj$y?Oa}Hvn1?IZuHO@99%ri|^ir08+>gqM zy#B4+IDq8({DdKrgi;HX@cQP2Dwflowz)wc3r{9#b^;guRQ`#|8ZIANYkt?)9=kK+ zinnGnKO^(f{LF8)nZLzv=8?TxbH+&opR!l*p(hi37(O1tI^VDd23{wUv!yB5J`sWL zY2e)LT#KcT%>(t+lJL5-2!~oqbVz&qUDgRN9u~XYU6hBmI$OaH)%qKQ_=(pU*3g!4 zv`zFV9CVDY4L7s<9>05D<*UNG;TZ;1BS#46Hggq#=jQ{uc8wR{Y0ZG{7KYON;dXF-LO0x|E8(urxe`<> z$i{jym;)9xw9Xc$oQH4?w{I2J|NCyZ6?D;XgJdc^9C~23w8K0GBXZSMJD;ZGp!}@K z#+xZWS(w*UNBIw_B2g-mo@gom97p++q5O-QDL-W%xY?)ti+~~u%0CCn9|GkM8BfjR zs2T_SKF#+9h`_|CXW}~xV?*q{m2Gj(A795^quV-1yQ_8p$R$J9^DS}J?Sh0Aq!xQ0 znKd*=-T*4Nt;t*CEevz7*TDl}3_rwA!3y)d82rw*(Zh91&5v?`i4iLt6eQn1|+Iqh;J{9UK!uc4(Y~d zG`_un>nelwYp9N!+M3)0+enw#Dbz1VF(>t=OJ0Ir;4r!lVe+l?+H6~o&&`|g6;=I8OBIP*py*BJ zq^Xu*rn&9JE`P%ZXsdcTs-CHOJ=78B0>@GH`|?3t7uE@60wAt*vEO6q2R#=vTTmhw z8{it&pXgpZ-i^GwJ8t!7)v>LHd16qsu5mmPOiV*qZo@X>tcl)J76->CrEo=x3)w+9 zW%xjoTJ_w_kEz(sg1ov{fVxoXSE|^@MU2R?U`6#Q5PfJad6g)eKVw3^MKIZ4Z;r)_ zjv~(h8W$NW66MkI=L+VQ;1Pt86l;tf9f{x3KM*~GM|mK6DvwAYdLoaZI%OZfV`LzD zWF#>V#|7Njg+nuMeRgOmIocER=}(|?xs>-t&5WHJNj^AU#Xz3z?hukFA~6ulIS!3= zN<@mh^NJFY&fa;Q@hj_{SDZMn8?Jy7<=x`zw&Cfdy*H>^Vqi3bWnwkye$;1fo9Opc zK>gexo*>c!SSw#%K__QmEfxmJNe}bQkZz7jz$pn`X}hQ1nB;&8(f&7>FL` zgMlUvDXcedzUcVOfdF#HOkwPJTXJHYhzhS3G<}DeI#?9I|1V7;w1-RB;Q6~U?Ob%$ zoQi#Ai?FxX96m=3wIMVTPS;rPxbuYu&KsY4uX7*RX@?z{t!2?KA?c_-7~8N_Q>bKn>8dD!fcZ+0J0n z-Y>|_3C-=&JlWu8Raz7<9r<-5E^~_i{1J%QygP>oo4_IBJ0W6KVJ-n>s2#O_dyb^N zwhJl$;7AR2p&UY8YYsZj4b+bc_cc)6lqu&V8l*SDQe7p~h)1Cx(BUM;ritqQ@sb!v z=G%7VHQcd)?qr^MM2&4vV;SePb6%u=Ww7oFP$HRFvL+{#H=9y~Q;q(QA#2s* zX^nhu#GKgCmGMc8`m=d3>QCpvsPDsrQQw;fqyBr&CA1w);Nx@h^GCi+GSc^wB_ls} z77{K)eE+JX^=VV-bx&MS6ymb*#08ysbWU7Q%%eDzxVRhFH76<=^V^bD`?U{w=XcAr zt4>VPI6pE^npVvt*Z5=n3#h!cAe|ey3`jQI{PDe1L+K@WPquc_9Dj6!1$YCJ^JcTT z!Hw<@G_D+f;Qm0zqGo1ajqhlC+hDM59c0&Z`&p#m)$GT>rQ|DBLPH40)NPNV(bF|@ zl3lL&F0Wf0JswH7q&t8W0Lt?L+?;Ze06ue7$jiE0PdZfh(&dHz{Ck8R+0?EVW#X_0 zN2dAlhaabr*Q6^?y*A2~J0y4J)ys)1m#EmA0GN3a_?gDvL;O9%Uq17gx>5a#r$n6% z*5$Ff&3S{lh}}~??`L9lTw#Nm;oe~&8_b>Vy;0-^Jp}7D0w9KQ6d;bb;}#fCBHW)@ zpwbI63()bJ26$*5-~nx%pFb0XymPzZ5`UUTY=cW*{y)qjs!FB^(&~>}!t%N8q7{s~ zNPJVRU8_Mj;`keW;uF}SwzN9AKmvnX%efh$DHs13@yc;-8)lEC42#waKjrjb4)S&% zQo|xtiSM5zcYb?qLY$iR1{U$?><#S9qu3i*oEXToR}e}JvE!klsJ%C^8zZS)j^@Dg zN10&jFIa}I#(KHJpQTjLmT;^f)(_MU6>5?rz}9}6WCz=cATlGVNHL z4)w=Wd37RbWhJPKVq2!nKS4IGjQ^WW>7Un><}be~TL-zOSYt)o6gn#$u}!hJT>MY1 zAsx5Yy5)9%T2xDCLOd)6xW+Fh1gx>#aV@Q6RHw{e2f7+8BG@|jX5BHOzf!Tl=<-7s z`2>*!kF;EagdS%$*PFJp6dTeaF%Yb)2gYIwSt51{7KV}Jta7NIuE!e$J)an)j>j`Y zbH7{B2caj|?LKzg>P9`i%CB7SeN}GU*{*V(UF8@WFljmXU2m?r&qZx+L4a-SS$+~- zf+*F5oi6sX>8nfR5UWmlBVka=3b5Je(6^!meGmCrs-Uk;EaVCj?MTPrI@_iLOA@_I zH`|8jHOaob3cb4YnQH{)hRo2mYT`jpdVjD>vm`)(*StBhD|4W+gMFqr;YMGg( z*P6Om+^m%lPOJO)6k-)JAPxSuCD*>_%kBoOqT}Wn@{mj>eZRYY# zTi}`xs}1;SW1SEi!%YV1Z-JCYL%B+>De-f3D(Jj9WvjFs-za5o6ME3Ga~K!hVFC;q2x* zZ)81M^(W|9^UpkV91F18-3$0u=#Xw$!CeS$sc*3UR>&(|#SgxfujP?98xC#Ojj4}V zrv0cYdD68i&*J$IYCiuQGL{?lXTI1X(z7Fwsb#ZCJ@p;;h`8oi$cPVl50JiFwa{hw ztNC$g^r%I0^S8lHN}DaUG{>aJkxyQ&BJqvmop2wr#8a7&-^22;k|YlY^%aObn!PxS zzIc2KuCnVw@$Z6Duwd%))HgJto$x-DpN8@Lgi`u7GmzxL#4;kyZ3z6i#e&?>OV%91 z>PF9>-)`jqC}gX-%e}Kw*lO-@?~JLf=0?3s?i@to%J`I$KAy|pNLwh>N0oy0SBv-`C+aV+}u1iuNA`vxa@vN0<*I1-mO^ve6AH|?AoIhos{M^((Kuak+zPxR!H5L zUd!OJt!UuIHuY4$A+Hc1?AxjivsE3xA0Gr^w7}(hhbw=^xg^Cj)35$sfSwSH*6u0+6-Ov&>(iAkUQ!#CDwg0UWM)Kik=E~b5l0?^NZ-bSV3EO5xZy{o6E&}o3 zD|4cYxTK{-3HwN-v;P+v&hLxFl#y!6U*>=3?#8A)sHj*8f0@U)M75z*Ay_o;ek;Z$ z7pcYKJyW8NPaVO!!SdQxjL`Z??8_B)qz*K5*5SkKJlyYL6)~5Xh9p0x{2S&At1*e5 zSLJ>4qGB{1K7GBs*B7499ZzReuCqDj6LnkRp$hN@aU)bVTCSDP_xCTbi|<+zRwsYb zqsp7mBQt=uoYvfyYl-rerT6k`I?|T(Ahl}Vu?4KfnsVus=@rWK&xETK6+N81KK~+z z7n|3yXVq`9?FidneJibAumyDzs?&!UydP#-5AY&)Z zug$JDavT~xO%;gf9w}_}LLfW)7R_Xkp4rO@S|f@JoB-sftK{@srfW-lKjPI#S^AFq zq`g&|1nn%V-i~-@#SSV)rlb3==S4W&UlHa?Y-;Jki*2k0WoB*m@@iMZJ6+w%HMc|y zRkszwuIkmrEC^C=)1V%-G*IQ;0&6)(lami;CBZ$suOd>&>*+W;=D3YTzAIJ97NOKC ze$Di>B(2FEd;#)b7hY(}Rd{k(GeU8Ri;^pWdsi!qzFH&hHGx@Fo>*USUre_8`m_6@ zuKJqezG$Joe(t`QGWAvGzL+QVb*uXt>AuF=ujg&&+vvYMt|FhGLqi#vSrM}@VP$017kxA5ZST^IvU5K8C7us%+LmtyT? zYEYG&(5K3qG$)eOAgG?pvz+HVo+PhM@noP>H}YiAR4;{%XB(~mb1a2kpM&?pwp^0N z{c-W_?PD90XTDp2M5z?M#Wb!t-ZyqZxuHWT)hvM^VQyK)!r-G zliq^vI<%#tSF}8OtS&&HG3Ah3W3)$wy|GYBOoN45b_LfBq;=Uh{>FbQ{KrmC^`bKI zoxOr}wY)%3Z<<_PV+1tB`3a>)@tdANLeM)K6wV`KbKGGXI&`X6Kw-f;`Ol4y?-mHw zt>g{JX-xqw)gn#hMLg&tZm>(%OW74kP9oX4MOEIoBCm%$Y;Q4bCbfkhZ15JDKM&)! zv&gq)%e}ReWy^AAewD_NS15G{ziGpdmSNm(;hGd)8of0+zJR^F4kT)rOuTt)BjZOE ze26df%FqYurb+XduuO8I3jK=Fo_Rs1WWSviR|YQE<^232Lbixn zeoc=r3s~TOQ6X2Gi(BuR?KMKHwULbuzq-*I@ftfIeCW>8-nj?BCQh{6l<{HCA4`@n&ry-@dj`rHxTK@jC9GZSc)f#jYa46NF zTK@D4)pAP(zMb=_m_E6MR1Hl)X@9kIMr->&?$Epw?)GaXXJ&xjEM*QHQ)DHb8OnltrT>wK$gx0%QvcxB^xlZ1aifKbf%hY; zYc^=0u(15tyn_1FlJpS8d#kGo)!H8NL3Pa)U+_LZyjT;}Zz6ClecvNBJTOInIC z2F1KclawW7)?~&LPIv#UqHG%!GY_Biwv@GywhF)Csv@BcQeoS`Z0am7fV2L;(VyTE zM63wb+r3R@hs5|I&1wgk$4+Y-h;J(l)>~~GFq%6OIOslv&80FEtWT-%IQxykx=p-R zu*jO!U1I|$Ek9;)qXFFA)}zUc`>j?x+WD+38h{#Ist;<4v(+U!Tt(dQ|(Az z`*9vtBwB}3UCGnTP1})74lB|tXucfkdds%3Db6k-+YwcXA6<@zsAxwyAZ6nx`-vD) z*n4?CdB6i2hlVaRmm|l*2yy~qE32yha4CCpZS_*P@!Y0!+o8?~c-_FDAMcOx=wA5UDxh2Kx!T(>^<(fYp*ak<= z9LFsNzWeBWi!i)^~s3%W!CFO6wOTQI8FY9?6I zoUNu}gRdj(u?IRMiL^>+vQ?9gp`J;EPNxS%Z4_v@k)KfNJk|3ql46W<`cFbl9RdZF$ti8( zOLq1CsH)~OdjX@E!Z38Fqn`ww|>o7$iUOtEl2&FVFXMPo5 zw7d7BvTr621nkOuup2Cxs3LuXmHN7b@&P1Rg;Jsjt6i3^3W|T({Bu-MAYDO{=8lmm z=FkvVPI~X5&t(ZBZQ{4gP?N;kKW~;0RixiVzvk6^@+qu+%uiUUx8c_NHlg_9UE$u` z^|}^SojHbWE{63vn6XVhmeE=}AP_syssCXW9c=8B&okUHvM7{&C0zE8i65dU<%{dj z$U>btn3~$o)Kw5Lx}rTOF>hdpxkF8R#_!pF!N#%USHWpFFi68?-v#eIn->IzPQmFv z;LVP4U1ij-izL}MXpDsJ_tv+pdn8F!)=&-h8$L4UT#Bv*u27krcm%=kM0&rk3jY2w zX6xW{)q(7?FgHjRgyLVd31ydtdM*ud?{eQ|l-PD+zp%Hx?*~@@*>@$-tbejgiT2*# z`hL%?J)69RTi@#VR?pQPw|9J*n`$LVbADC-h;ZvsqAM5ueR?Y-ps24SljDOA}zLJGl!c*=1d`FlcjmnDn6(%B6r= z{c-E@uqVf8?x%bri!c5bagYxB?L`wW;5bQ}?U7_fn>LZAmpL?;tsT&oyW_Kv4_D&u$WGkEPxR7I ze97)m?>9naTPBN}otR&k;~x@9tVMj+{8-1QYKcv2OcguHJfo;62e zWyA_`OmQSpc*p!^*DV83N7h?7Uiq+lEY6gh}6WU!GT%9 zOw;y{EO=_MzN*#cco9bzCH~9Mv@+X-s9QTYc_s>`XSK|zNIa|V4}1TtIN@;>63V^? zYwf)X%$dFy6$L6z7&EQ1hMlJB+9mA@3IMFE*&Qi(Gm#XuZsqPxp3WSz_ge4ONa9%` z#@qzT5jxzWBs%Xw^%__*7yPn~ z8$CkKMhcRaaK?IGq`Tbn+UsMf=g8q! z3PF?{2LV<{-9%i8-%93m8QwW7Ey|UEpcfw9b~v?b+?C%f6g)Jcm?jZPw;A z2LxYSL`=2!&*1bMX+);K8~msG4J5;veOHPADI_ls6tWzHVvx}YL4f(t4(7Kw$haPyf+Nh>yHkHbveXlyH!+gSK= z4lN`DT5H4OVK}-VK=m>5#k_b7RV?i57ms4XF_Eg#mWi-OgR_qB#62FnuT8*vu#|N5 zAI#@BJNfo-{TGv?72Y=$WtoYclU0E>WvhcT#J4eA5tB%E>9ID)*&iXe;dXvPsW168 zU$4o{O4J(4G={8KFVf@Ck(VsuC3!pD-f!whu!IMI^%lrl!j!JEE3yWy#u&cIewPDa z4j>ff)gK6JW1J<{>NmCs?7;}(ks5Ynn&2H$QeJ-njHuw7%9?j0z2A0hpj^4XaiJCM z+I#gU@>x~$q-sRQiiD|tAEugAHGJ+NxyzeXtN<_BgGaTu&0w3Ib(1(7JU^=Po-9#( z!ZxnH5e@s~!}(Hf|#k0%Am`2QuBo?SCuux?xRaqjbT$FtY*)udo zC2Xsz9Arh}aaF4-@uc!i4|f`r@P~O_>ez%-wp79#zB<>d`FW(flNgOne1STFYmxk_ zJga6-+`sR#d%ATE_30MWUIHS`X66J9ky%5D_UD-eB4kZ7k8Ia4_G=ZalZ7ia6>6DL zBFSf!1{$hLJge5puxra(uvM=yv~@*xX}IUQP|rrm)OPl7ZsV*z0Ef#yo^-)^$!@1t zIV4s0{)RPoW5`<_eC`ZyXZ)Lj?DB;>kIKHeFnd&m_r})uDtf-x^CNHd*0(A;F6+6p z<5v|Omv>wn>bVU8DwKV>GP^vsi0-Ig6g{uPTi<)(fTYHcL-OQ7jE`*}+*E9WQb4dC@UL&)mDlK4izY(c zp6KXJ(QsV@ikyJ?ycb4&GiFY(t~XhrJ4}(=k-XYLb&!4eG+5VJk+RupYhN0Jbvqc< z?DdzTC$riGj_<_IW*gpqMB-%yu^+_87YAbB2ayeHa)_J&_8P|U6G~kmM0)SB>+Evj z8uDe6(Ypn<1X#F}s%~GYBr2F;r0V;DEG^LGV(DTMf7Xe=0;{2{&QDfr3%gXw4$mbk z_md58mF(dBWK(UjE0pXX@4C`3+Q5uM(uht9jl*0g^a34fO*f7J8>q^bqUR|QOT4IB zW*4?T3s&bfeu~Xl60(_YGp@!y#5@tUCU4S~v2yo%IHQe4DAT=B7}nn~52$ie3lsuo z3ijngj`ksSM3BjBj?SD|79}f+Mzj1{WrS9DX|V1N2QoJoEsM+5X2UOCQMz|mhGAO~ zqvnuyE=NYqB0qOo)W{@=)*&#W3EQmLPj7TddlDOpPb%X0);qENF?ocH`WM7H5XL?4 z>dA&xc_MGvk{54DJ=0aK+)xoDIW1J*Sdkd>POvUXIBg5% z7oeTIQ0lKLpqK)5=;Laj4$Fsv*dUS8!xHkH-rJwqxt zG%`h&AfZ21u$#pn+W1bq2o-Hzz#Ow@5Jy~3r zytQY(U%#8fLR|}NtziG04{IkhSDjX`VQWyJ`^GUMAXSSJ)t3`fgoU*e8Lo8}q7lzZ z(v{vW!|3*Ly7Ey71*!K8L| zE2A50cd&o=XQC6;(=n~LD`M7@y_c4)3f4)%3G#-&orinZn-ZzhKXU-5<^yP$gi`vo z>)C_yV?#DpT*fSUL(?NGCQE*&vb79hPM+Ip0U%=*yJ`|K=QEKPSLW4912UAFt!!^1 zTi?X~(KjUO@60^Fw_grdJtm$NahqOjJHpA|r|UK!N1?7B4MM5e#6B%?&-;NSxm;bA zm^EH0-*T}Jf~m4q7)SM9Rk?6Cv-f9J1zWV~=eOt&7A#ozQzdm_{!(&*A0w9!wraZC z-s(|uMO=4|-RqG~^_{o!S~}LY^be|K{p$#m-N?fo2uOES<-Vx!7nEKjn}8v2;l9{I zd?N?Emt(-fAu9Ad7-Mklh9omdI#>bJ64FoFLP|D>`gnGf3dIR zTCJu(fW8<=oI&Eij`O zid3c?COe`@OVgtPQk2Wf{x0T?^`0PCk??Fq2hX*$yAE^qxce9AY)l3$0Qu5&jb+>>$g+dN1@j zSn#>7Jr_>v8mVboQqey9f}QWQ(4hRKSTdkyYmD~MLS*TyGGAF`?YsW^Mjm;DsD3E* zEx+cfSHX58%GiC{>*Vyp6}@-IcNf@02S07jO47EknzQSTL&z#cTeF!9ljrQ#bVKcr zU((^a__j6^4`t7>GC920t{0ytnWoJJ1B(KKlb0R6Yf0M%R_mFzOFCTJvX$@)Vk>E5 zySA^{CW^H++kOrkTH!4!TOJ#5PaAJx?fTud+pmqCeCBnrOX54*1*bns0r5qJEB0Q_u12!U?_SSgrB+SRHee`aWt<_)T5rV^U23-`*+-1jEUG=T z&1bPjZh< z66ZHP0W1R0eqR8R@Y9z7AhB&~b`IlvO1F5nJbIG*h#i^wfr>qTYW5N0qDM^4KFTxJ zA%*l1$Qk^V(Wji6cBew*hbeHWzT#R2wkhfm}ep zaW>$9Ik|u?-LF(02e;(W-Ui&;lE=3;$=3UGN&0^wi0-z9SV|E~C;*4)Jrc!6)T{|KbPhNZ2>=Y@29_rM3EO z>;&`BTaxZzWt|uv@c3Dc1&tZ(UIv(U?-1iGt5YCWI~k%7bw~3i9eT=Ad$?x=CMjEC zc4i3qNmur2f32|=$;2HK$Pc2!SSeHoAKP$CkU^n6-_PyozUY9;?BdG!cjXg5jwGw+ zH5I@BSp{FiB0dcF2o)pavx}*-P){tkDy;o9sJf7Q<_P6mq|e=_OBt~xTBH?0)!Uj% z;ZQPsD{Un!%(PX%Xc(0)j!4SdEtw;>4&B*CPOwUVHoqArlPhfBY6!Ej7%Gf|waI#+ z`-@V>Qihg|agIh?MMXw(<>ps&V@zYgDxgCtDJjh7oakT}VS3YSO&xM|paK|Y8m!gy zFM=~5?VEL@FmF-)2a`{?ropCiGm=XpY#Isy(gjzPjyhL2^-({oHlREp$jDL^Kw??-UHuq1AfFZ@!sds+6AA;PX{{br8ju!3~s&|;qaal2MH3DGelm*qM}e5b)p2|wr6ilk@kE7ociPF?Iz7%iAo zxi3zNf#FfKS=O{RFOK}7qbfD7DUe`8|;ml~i zcbk|uf62=(UKH~yn`H9M1fAs7hdQQ&y*{5H+UJ zhZ^9Z4kBoMz%`_lAh+QtKG_HN&+rLQq5}~d!flaxzliqK22BY$BKm3bKEAj|3)f8l z?asE^STD4UCO^*31#SqukHg75XNE|`TOMf&&jUHsLE>Tdjri^k!MmTZ9aeZd+%!_t zd0wPoA&vnt=dB-ZBdX^~x2pQiyrMlO0t!^@X*L!MSz_iW<`@E++DbA=S1T^g8n*7z z9C!!ChF9>*AX;m>Uf6*hj3v-(RWiKPX>S$Yb3_LzJE8-slGQ6LgKtnx=eIA;F&5MK z8%JnbDPZ0i-_|}@_cKaGT^y`mt^9GakeTSpKOtAX7NRs?3szf!6<62_G=&>gCA)oA zJvZ0VnlY{xr&5c?eb?d)TZ_rpBl*U+wF}l&xEjPRrS!RuH6DTKuRl-FG|eW}70}43 z(m485z?6Bs1O5uD*?iy<0e5y&z5{nV%8?dwunuV!4Ye()N=|CQqc)k|8%B77vmE_R zBewqFDVp*boYWW+{WZ_Bd@zOy1Z_*^A$7rXmn**}@t-<7YUzm_Vg_H;0pd}QFwp9* z=ZR#nLPd;nMFi_EAn>eTSw0GiD8`xaGVX(QPYFr=i-YxZZA`f}%4IHs)3UZGW^zAi zixpTPfnZ%6AUu;5nVUQEg5NUUwLHr@e(dUDxp9o*Didd$`+^jxg03Qf&5${ji66rT z*fb2!4%S_63mssdreDtbovq<68#JgW-oIV2zN-?k`+?`EqDT`Wwn#U2wFcR4vP8$6{yXNxc0^P!bwn2caDJy2(tqXGj`Y822K2{>jyBIPY61L>5BO>` z;LKJzc5VT@1wc*b!D$ZzYF7NS1^qJ!kWrbM@eIwNW%!?u4g#e15&j$p9Oj6x0is&(HKJ2S1+ks%%>QzTA|Gi z8<`p(NMqDS(f9<@-I?sFw8P>}8K@lc%}1#sUF ze0N!nI$QCM0+1d`vDpS98FX2*?N_cd#gbZePRCs5NUWM|R{Bs9k{p!n>%!JhbIhMC z)Z}rk^4Sjvim6D1arn2|++!i^GR$Wt!6C-l$}WB>4+W3g#=(1>O!h>6>?1ZdqNYFG zP#{7uPof*eiXm7xYNu!((dLI7pcraDvSxpr;|S_*>lGUhF`|Z3i8O^}?E>lEyy0tf zCR5>``CH20u>`&CKZoteW)J1tUn@v%u32gAvLnh5St4&0Fllh>RY2y&T*I^h;;#Z^ z6Jb6@aFmJIkNq{Ml^Z*dV{XzMHndu%U>H3^O9M&M>hYC>nB{ zr~cDs&a;78Nt=exoYgkqBFDBwYH6df_bVb(^mrhHpyM*kt!i4SN19imn2NrJi9V)D z+WBTvLGsO^=HlM1UBEftc9EJ@7znfPi{T$YN19Xi1vFc#@!-H!>~zR+aOz`6 zF3s-JePoqKKbvP{KeJd}97B!nR)~cxv_7FNL9@#tVJN>K=aalj)vR00`*eQX=P-f!DNIugpuX7Vb#&-FLQX9z-T(8JM zex%T%Rt4)`aA18X_d>FBSqZd<5Bit`=nufaJbwQOfan;i7$LG- zUgUfi86k2gk!|uKf8!!gAaW#;U!g>9sn`@78G4ao1JO?Y38c1GW3s{A@vQ8xq&b0E zG`oArF^pkDwLRb;P)nR^S7T*}S1}yHHH%j3e9`IyW~u2LHM>i)!vZWZrO5P9W4-p; zieVT^4V}-HoYx|RRD63*D3WhanBgrS!wm0*AH=xUP@+?D?66h^e$_0?ecT@bHfR6u z^Es=bDA8Hzrtmto*}U^}nZ7N7*{ym}f@Q-tLNT<}JSlQCD`vWRvb&|0+^V3p#3QIb z_)wckNM0Kq<5UCZcW`s1pz0h{-EzVc;f?WayQ2rjw`F52rv(+_fG9y9%>)APe5oEGrDvusvMx8D> zt%I`f;;ie;P3k!jVKecy%v3oYlayHMpfD8-8>mQm|NS~`Puaz3e0w<#P$-3iWPp5R z#?iTyaRDe@NAniUvduH5&~ICR^EM)t6fNG7$ji~vmqcXdeGF!i=S*vPu8=B2K!)4{ znXY7LT)TivKRbYQ4rRCKj+*BxCS2^ZFx7n9`qJV&*qBDq_`PeJ zl|l8k32vQ>Q)qW)`cDKhk~E0uP1eAiy%@^`?~}ol%ES*%2Wl^*{*)vCD}aO;z(1~Y ztbb;6(RR_jbG|s+meJ*m=W;ytQ34u%$xkSCBiW|kbO49s1IVT&lo|nmIp8UO?;x!u zwpJOinCCT~(oYfq!~XDD9fVorc(%=7TlS&UWlH|`JedlwwFyW(FFl?_p_jU;Si685 zkD?`y4RRhbD}=IttT zG-axybl3`4Q=L(*_I5G*xQZmJ=kCoCBw;R??pVUBwtm>3Ty>4CA(oKUTr*PdWlMtf zDht+D?QP;}88Rid(PrFAsB%)d6v;^CW{k~Om9lQ4{iVNUB5f=aSr*13@`n~`@^Izn zva-y`7s;!Un2xXzR?xFb>EMu68J(H?(KC6-c)}v%ZXx5szqBC3bmw~9W(E42r=nOE zV{UD&qbb0SY4ysG2-Nl=miCS-57ywR5fv{Z48Bu^b+7o(98{AKWb9gM^5$Q2HF=my zH2lieL@LTm*vJ(dsHho0ooHJ2%1|_;hK)< z)|6j+G)?|6?DOKae!SJ*=I@E_}U$BMCakm~PKC%SvY=C(FNiRdP(D)ysZq z?!O<+^@-*d6;AVYT!QuuVOCXpn#>73Ww{rdpBW&Nywmu>Q%YhO>MO~%=9+ofhS+-o zCLdrq2vP-m_-4TXvK5dy2Ub%XOskjP4ogL9ZmFvV&kLEkRZFI2S+6u-e_b7-((ag?! zNkR%!9J8WavCEHF+C&zr`mg9b!U%4bn8%s!#5tVOc{Ad@f$KnX3TikPKfYgO%_|YF zty4KzXZfjlInFbKtQ%z15K4W@uNm?OX~#8ZIYnn{hKJAF9!xvY3o)IY>wu)tyaVS6 zF?`2ODK@)Lvn`VU16j2%4aT2Q)stP$%`b4gEs%Z+m=Ax?3B_Ni`Mo&AMRT7)rME|0 zADEwOYjDOGRV{JDGwJW~V!Ld&xeQ5F8mvl!xOJj`I5DITCq3qBuv@2U>veC1Iq2_B zW$IF9&3cjvJd{F82&mW*%-Gx0jf`3PObRZUe(Xju3t^pu>JyshTt0K92<7vhZvW!? zE0MRF%+>2u_>lesr?o3{xoRVh`6;D*W&E4IS{Wz1obi`D?1wBe7=!_{VlMiwI8e>p z)gK)FF;!$gnFG2E5M4(z3KGMsJ?^2jk~kwip$Ce0F>KmgEoO|3!Z+rvD^xXm&W9>^ ztHa(`ni^k!(UN{zJ4^QJ30XL?4F_BP(gbaDgLP|c?T7WRNDT6w_0WbDW*gBus}!Cm zj2GJ+@c!{BWW3aO$C0=NJdIdt7L{m0`zbDVgZC}A4sqo0g^>Ue!w9h~(kMHdI@(dN zG*&6mkK&w}t7z+T>zLz7s-hy2BiILV7P~2WbcNC6O*Ljrw{;EA<7iJ~+G@lx4SO<& zWzC2_jo%_HU;DdeOWKS4MjzVA_VKy!2cI11II1bD=gp>_Makr2s}h4i$9ZfJV$dxI z4Lj7W=An1RqHQ}LUM!Iv70J4N2n($xUOXu*w5F$s@LBAj*=Dv%8u5u>of?d@YK^vF z-Anp-0n%ps052t+gQe4|AwfA$FqiM=Xg>oKi(9Pe4;TgbTL(7q&I3uL*$vR#wqS0@835KcUp= z>hjwjhs!Jn<}>pOyBCg4!al}nf`ov|As~nc%ljRi>dM|yO2f^j#kp2TBW!5W zi8e>|qF58Adm2!3Chmtjhe76S%JZ2#7W(#s$-tPg$yy_1*EASz`evUnT%ud0vqi7GXiB`O{k>m-~&bi5%NI zf2nO`N#@{OPA(7e(qGtY#vcSD(B$D2*ySr*tRj0WFzl^*v3Fphet9D#-nFwTab2mS zjpSX~O&TnnZbJvvMQ&mvHSMNG3YN-)?xY^=gY~#U2~6EBokXyHC}J36txx(U0<|66 zIe7O;N|P)++a|T!u`cKA`cNX)gW+%bShaKP(sW0cyhnU#8|{MDziG49Hc+tsQ{EY4 zh)azzym5w0SfQuiR|2ZRX4jn-R(nga1N>-LPWowps=Zi=|M?i7G^OD8Irdh3SAoW}R8lanWKkN=p-=J`BQXjvetK26bzfz8h#S0hl=jWS=GIik8K>-j5*|v)`o$bJN7Jbq?3i+EHR)R@ zYtCa2^GjlLf5v~$JzIw#4{U$_E+gGUo`2x)Y2G*ZVS4|BzwLbM`2&j0u{Eh;VFc2N z+3ilrv*@^1JuaQgT2pX{tj3*(e1gC5gFo-#g8ybay5DDh@Y{Ycdqv7*tsne?AB-8j zg4g)LkNd$vI)vai{oomXFe^<3FZP3PBiLGs!xqLkE3mAoy`~VfTfOl4>=&+cN)5aD z>~;~iN^*-#V47yDc#7RtTKf>^*tKRizs+@y`lZ3HA5s%3)l7bf1@i}aN@Z$tUtg>K zHeYmijo;=_^&;6wBzw;fE_1E?vmgADAAGJ0{*50zm*D4F1zYU)adGv2+;l&Qb{Q!5 z7C$)V2jA?1e;#(_{@4!|U!+wB0PWOPwpBXP5=x;w#{U=F%@%{{oGjn>Ae@a#h1Afj zDav$LTY5A{sEYI3!ffr{FZZ@JrX?9#T{|QH$0B>;e1TVY6sw zvq1XWYUZOvvpe_q-VYoi<2qB{^}B3(I$zII(Lm;C)!~oDh`3CnSM8yx%0y66=eCp? z71{Yxh2^T(Y9k;$l!BDg6@E?wTaiceW;Ig(!py56ZuO&ih?_$hq0~I;litX!7Ub?(3u`hwKT%4CdAIltj=-Yegf8+#imPdT9)iLmWu4QZ}#rb;9e?HKP;#>BX&8409-lEJ!hY)Pai$-PFsil#G z{p^wdS(5)*ocp999V5uxiSmflIJs78cO}v6OSjn63_(lL6rW8!^)GcBXgzvRv`Z}? z-k@kJ46#vwCL}+7i8=Z|q?g3G#gvj;#IvP{-VVwY6JJ_HAx@^UN-lrXz4eL&9XzW* z={&2wZ)5wLG7ehi+}J(>Vs#9ym~)?c4nKs}P{4)NiK|Pcw@8=fNOc2;pMAAvMDy98q55tz z!)D;>u}+12kbcBwfU9`n=T^&-q?B`We_~wcg`c$zUfgJ=CQ&n7tmtHyvmeeww)jyf zrNyKfG@Av{iK^w-9LNRqzNj-u`M=E#q6`GARC{wgrLj&&wo5Jtxu zUK*OZJHWzXVh3~2VJP(q%{4qk1j5^rp=|;S*R|zL8n-`I*RcPzR%;L4BokYjjWvcY zzBXV`qOsMom)gIjvQsxkpc(3m;1Nj_{(YP~p+_00U@8}Wi8cWLzq?C6aIKu6UFGY!2U3B9W9ld9mkpH$Z` ztE_?ilDZT)+O?`|`K=wRyyObLGJW}~3JzS30OSX8?IR9_=a*0t^IDbns#(#cC@`5*6Y-iKEHCG@=>AB^?ZU$OW9kQhb!ZY ze^?p+lu`QlI#TF>=-&#dOE#%bLd!`gO>4r&V@6ZKv9MYGwEiqP(7cF+u?{+PIAYNPK}hO*^A?wilv3w3%D4Kz1q;j|=;lInI-eXAj8B zjHJ^&1p!H=h+95LaK;KUbdFPOM@QVfZ7?YvgP+#o;`VIm;YEY8TOh3ytw_Q;If*!D zCb=|!f5y!a$0|Yn7RYiY=Q|Sh4o!Guv#w9}I0;um6ko2_NK6X zGK(*F{90RqilUaesNefh*Ar!XXdC6ji;hscsSlP@iCGFWQ+!BC{HQ7u3q<-7+#V{z zm&O8-OCUIHrLtB}_fU5v9EGrk?m{0}$IzfZ+6w)xk&21&Of)7rq~85kht#*A2+9#> zOxQES(yBx$)S?HV0OhDS@8#fMEE57+f^OWuQf#ILvGv6Vzf!Mw%T0W@wj>@&2ZcjHNeAX$4~}9o?(RJa!gX7h#;Wo0$Z> z1!ug7WZg_QVo6m$w(#|tov`CBL}j=}?u*O`{6Ohy4KfWy74a5jT3c&sg5Z#60ZR>O z|D|j*-M%3(QF!UKZUSOcDOi6aR46sz)Ww>lT3Ihyy2o@>NQU&6VKoam&or@sGFhPZ z(pi#zhQIAFbu&SJwJmx19cI09IFxVnA`@9)m55624CaVQL56C(MzF?XBN@ z?I1ckh_7tVT3=B>l-j_g#kA|)szg$mm|v}Rb$b{1&`Y!xQ-)`i7==esK@2Og_SR?0 zWmW+a8)1IQ)g|Cm%@dPwGFB~sca%Yi66)v`#UW&9?2CCQ^AU_Sk|6&AInV7*Wdq(7F*aAXOmfzvd0zczC~npwtNh7@Dd*(J?J zDB9frrN+8*TCe_EL!bodyY>@L+hAUW(-Pm`wr_)Z-hFD0R_veLr@B<154z8Q4?M$t z&h}%cxX+=)f*Wj&tf$Lhopj66PTOW&%Lk&(NHxK;&exjiui}H=!Ths0FrF(VV$;;9 zN@vtaTLiW*u~R0otfWISGFyMiSR^#P$mWEz3H%6n4$2NwjQJ2->zrUGy+ zB8y+U3rCZ>gFI`^2<#{6tr_~+J10eOnJ%y!OhDZ}?{hU5~fRr8n4b-_AWWX;|+ zO(gsM@zc%$^Q0g5nBpX75QoiGm7UsQyWg0E4>1*pzALewVlAbKaE>2-4dD)B}Nt3e{lOzrecTscY*TNEKbMXzs%*-#6lr!dyU!4%LJ$W7TiuL^z+< zMQUD-B%_5hwS?7Tp=No+d)CUYz2AtuL`Q09v2tj_I->-alQT)0Z1=7rLJL1_<8z>w z1cWohK6(^v?fq7y1_PqxT!6j$jVf(6Es~@~7W4F|X%cNz2CJEyo}H!;{2Y3Asl-8F z-|JuE28}B)u2-o<3iWT_{6}n^iQ54c`h0Gt(;OHBgo^ds3@_iAy z+S=Q?%>giIk^CRYXn#_ zkdJcuH929r2wW*hsYs43uwoYDf-##&8f7{6QdNISzu>He`z6&oe$NRtELh0_KV6<_ zg$|B9kucp(?bX~MCmFLW)=46@U2K}^g@(Xi2H;hzk8~Cd!&Q)o(9a89id`>;YyDM$ zpzgC!!MZ2J5na7)r>Fs1QrM+nWb3o8AM4jq6OIipV~r;h25&jbmkY?kTdnqE1Hl4L zj8r4wK{0I2WMg5U@dZjs5hJDrr@am(*_A^Ppm9qaDm(?m_)fbk+GJyeEH$Tm>pG3? z5Z9^5xVqx+5)2nEhyEJ#@GEZU-`A3OfNi&1Feo#%!f#)2x)czOiLIjkrW?|k%C=T1&aI;=3D-MJ zTt-o6xQa_Q^;zBtewkWMKv-&sYnf&db8a73S1l*BXn1h8MXba-jZ}<%gu$RD3Xf_xf;9VJIoJ!fH?xNGn{y#`4fl~3E6R&upKKh9e-lW z>H*v-JLp?ByURz~n%;Xbgy7&~L$f%~6fX--f5l2^jy3tT7OcbWO8lltyszIPt4P1J^2zz@F^GKfb+{ct(AS}3g+R>*fGFJ<^iDbmq z_jc;yE|o6hrh`Sem_kVFEzg`yEW zE-wx6xBGJVQ^0A+x6cE>O!0Q)<`Gb)FeBFib|r+SQnHc`zBw(g$=)x@Rl{3s&X*eUxz7Xdm#qIin9glr*V2$ zsatiX?KGij|B&|~I5SV&DOq+^g_o%U8%0uw{(>NB@{2Xe7T6W@2J^9Cntr(p~3)U^Lh?2+D4Q51de3pD5)+tR$ zh!r7*wI5@l+D97t{mp4Mo$ClGEOcWXyEjAIRD1u3orC`k?B6z-U7(>d(YaTpSB=?5 zRj;CuS6!r+&b)NiOEE9Sp~MKTwk^jm5 z-6!p=n4J@?vuq883NDc) ziU&~iUURXY;&#~>R z3Gz3&?&8%fpUm#ep^PK*$EPH0H|3{R0oSO2$B0#lYTsq#=;h~lEO~`eI#gh8Cr5T8 zYxTaGYUM8ex_DnHWP4)HRUNdcilydw=l(!O?&lR*rI9xbJ=A$4`C}*QymJ2f^Vf&J zQvOQ#>){Q%+`lNcoSSF4`)lk=;EDR8lK$GfGaddz&KN4PSG6qKmw{w2iDfwEE{W|! zMO&xol@!n7tktA_T?*T3*VOJ6_17TE-S28!F8)_+)^K=&eb`#+qJP}-Iv#5@ZJ7P% zTV5{*$-U}wx4c42;CC^<=80SOyyaEnc;8hhG#9H1$zjb1F@r5O+$FSyX8jkMlqN8R zNCot^`|>BESKJrXRovg)7v<>d_wK9QeLdj5BJL}xFF2|*!k-H@+l_9nRi#N6#B=ww zx+Z<0CcXXBz3*v-O_j*Ei76(#WTeBw?ME$4ACdHr5p%+f18m7KHyE8;#Fc5x|A8d| z=TpJ3YsUClqgw0V*htc+mW7d^~}E||29G3%Y{kuU34_%7Pmn3vH@qcKxAydqb(3?Y`|eH5LXU z)mb>~jz1rvN;Wxj-Ei5~*zv3mS1{iw^^VOQSU1JGvwB%d!g-09u53w}os?%vV#o8vVFavMLIIFA6FcWl7m1?w9amKm*TV{7VbJ^2m7C$(my8vy`Yg3pc zFbN7YRI0(zTgjVN9Ow=lMNrdvZLR+SYX$a@pzTWFr%Do1?c8l}k zw5Jgb=H|UQN9XuhX`12IeC+5@eKm8nmA8>q%h4k4+51aTFkm)l?gMA;p1t1?#3Agb z*wX^NXYc3k*?W{vH{uEp>y&ea-Ll6Y-#8Le1Z!Bx76>BJQi(~B*BtYSp$f@K)65!P ztPB3?vg>>GfEUrpQoxr4f^~QM@48)J0`DBTNSPN%z}#-te@yA90EjV*zfq{WJKCAF zRP?f}=xE8QaPwu+L(n2GWgM=+k|Pw{pLlmxD{~~&Di7*Oh!l50W&(=_w-r$*+gXXt zC1%8iy;*nJqREH4*wgc3FDvS>a3^<9PfD>Nf&q`|B~~e6@)i0HAr76TH)=7rp{Q~t z5~uq!L{_lUorZvd<-9q#*e$@_Mw<>S*oeLv7aT%^-Y<^}|6OBsg}ZYg7by@=b`S-P#htk^oT)!;WDX)W*1T4U`pS4Jva z=slq*^O&9Hbjr~(MfOvuh}}hb$G6<)s2HU6lqIvtqBvC2P~T(`oCuM6%rpIMg%(^+ z?&d`IuGO_EvG0>+n(n+niF7Ipg8>q{eL_@jrnA7*_clX!#|8btjM?TN2;z%W2CAB4 zArV1U*Uz)00mM4?6nvksmE%d39##r#rJ{tC&Mjy`KLqfI^-k?qQr*Wb_BJ)?U_yeg8S) zb(-_5IVeZ=rPYZcBZGA_sbZDaxfg30<`j5G8iUdm*%fI?+R)k26LWNS9RdD59)?%5 z@TW3mOiSwp+)fTfI`(eiP-;SyGGI5q1}-h50w@~5mH!fOoB*E&&=REgp4MaDLVJ{I z@XL0XUCR-+5^JsokNMih9Qd4#8R`%go2OV1{x+&~w}y}QYmwTI{sbcOet=gBZb7kZ zTMItK)BT8GkdkZL=c#ibqq7;M|FWh_ZkFx}E~^>yjgQ?J%Q~B~j*`Vh($5i2_ga$v zgL}6m{g8c!q-XKMV4J#FL#EYu%O6pezvF4>Z7!VC2_Fq7`518$;$?OqMMs!J$xI@G z+l!1I%*#5mjdtNBK$C*?i})m253_0g&g@zHABXAL#k6wZ9l4H^YRsM>4y7(9#s5Xx zo4`j|B>(>j5E70sL5bppSw#WyfYm67(Tot8Xd-x^c*H9nc%w`NL@<~{7{@`pc3sz1 zR$XP+V{yG=R0yI5@8E$b%HaV$jtCwgppyUl)BQYiK-~TQUVk+6JWqFZb$4}lb#--h zwLQMwH#7DkK!S~@s##wdk74}+x}2v!Naq-~{ujA=-eb;oFSX_rUd)Y>_F;-+@wJTy z^D2nQ5!g2I#qe%*H*$T<&hQ!yHuD-C8KZ_8u_Tm0|0ZQ3M3HZsoKfV9ZK2MhQ1Oc? z4ggnW0=Uj7f0w3vvedSWHIRard(0K?rPfsQ55U~B>V z+5##pau#7|!&=cLyAd>5xIyWxfl@nav^$O^jmnKwxcPhQuWeOUT(vS~y1;}= zheLo)PGRMMAF3czd4!`L-Xh@`8oxj^aQ=<)Ys~aH8MOk}Gk6A`-*A7F7!cfYvH65E zmi}U@dIQ@eo~N925qh>ev#)ZmxrxoiP#qs66pZL4)(Q9q6@0Y8Jw zSG@{QE8LCQ>BS#9WJNn-Y#u(HLzm%`>o(&s@ez``K8t_Cm`<|x2;neMUVW~@Z<#Zl ztl?(7{Ijm}>03jZrg8k>%0odiH`? zG#&Ar4&-=7z0wdV@LIs;hxxEtwXG)iH%>%Qm8`flJ``bDO-2zeB{bNmacr4RQ)X6)X(E?7sr>!R?Q~E4u~^#EK})T}m9yH*>j5G94y$$Mv}H~j>~pzvSyH>x z``4O@anH?2YC%lFd$fm4x;gWAkWu!;lNyd8>!-SOP$)X8C=|U0ZCs1lkLe)kvf4lF zkaXEx-DUfmajYI%F5?(p@(3E!l?j#e?4Xgfy>pJdR|o1lvyNxbz;6?^iQGX**e@KbuvC z;pHc3B*}&+HM(q)UFxQ`7Sv#Z_f?{pAA2?rZ7;9okrnY5!5{#4Hd;8vHtU8^2c6O5 zIDQ`WZ??`$Q_O*#aJs&~F`CnxOC6+ud!YcT)D{DKgvAp`Xq1GvmFjc{(q zApDtW%#ga{dm(5}9V7!C4q^9~kJ-OG7gjF6fp(Az{wO)5k*TBaS4uUKkcG+yo@fvU7IThtP+*V?rtY{XCBNj-K8m;%-Z=b zPIFoD#&J&Dl}_bwmb?t2+W3<`4sTwu;=k#fBi+h&@!#+lIe59wSySp>eTlxEloWv#K8{w*fWh|Sj6X=3 zMTLteXT)|R))xJ4%vZU^ui87xTLhF_cen0|9aaRE5BHu@{Ouq3_cSpTP6V%IUYNU zg=UwIowE|fE!lG@i#^+F_XktyYQ1z7Hk}-Pk#dXqa8qZ-gY|5PlL)&%a;kaeHr-Au zzkA`4nn_OB$kZR3irR5%{)}&4(+;P3;`?+?GyO8Z zd9J6v9;cDdHq#49CVhX$`ZF#AW5!sZIoRs|3ESVrbz3?_#(Y?lTPeM%EdMt(yb;vq zeb%&`%IFn+2XT0xX8QVcIejhcMaH4Ph*nY&_^JW}Wv{4b_oin{62ial#3eh9nTqPo z@<{^=LjUUq!RU6tLidypZQNn4L26|)7JX&UbckfnziPhML=$BpLJbryEkr%;*rr-}D4u`SJE23*d3sIhw`9zg7>IZ*#^2Rcij z7E7~pq-4s0QN9wzHO6~`aOyY*WnC?qeikA;-m0^Sy(leqqq6Dj07eO*KLE!AAdQ#J z!I-rNdZh>k?ryOwt_}b=?x6LU#~ohNM0fW&Ry;~{qu3HK7M&xvwK6+Nm(J7|?MZGj zTYm|-iiGA=e$1|CyCu%x7VFclrL@x=g8hA&5W>^{&3T0iQIxF?bp4b6_->t;GJAA+bq!aGjX{F0%;U~Sak{MF3;Km?W1Do! zDW=csuzzQ>3$Rqpl;vDEYof)7iqSQuUt-wSpJC@`;9%BA~tF59c=8b#-4k&WI8)D zXK)vs`rs1>`{>IjS5VL zIKPWL9Jp;ZW%XS1Xmtbwyb&^ZH>KE8a$O3YeswQ-&?^m}sgDosM>t%mj~4rJEYb%b zO?;Hdr;ar|F^}m}(^_~R#onjSzv~k<=}HsRr_Kuo8sg+#9yzCX9LpR02g#R2_^j#M z!QktUsTq2HvF2=%t&Iuoz-N|rdA z0mHE9m^e|{_aJ*!sgFLgRTf+DfIffN*(-R>K@=-5u~%ft!i9TSEOlG*Chk1{?@%f5 z(7O}51S6+)vUGCNTrB^G>WqS1rZP4@qk>dW5N@|wN@?F|59k$u5}$BifDTLzrobnA zf6s3B+&=sa;{D#5=BouxbPf5aKIeR(efIF-1daECPH;g-r9lmGK_}RHx-MkrdyUEi zmgKrMa1#y2Fx>G3K_vr^D@qM5E^#Z?PE~N(PzE7VX>jr(g zV86ZZ)0P2f?e<8sBpvzt$H@H#OyQUH&48& zx!7nw-NVm@QQ>(OG++8u`X4Kr^2lOy2?;!XF)qSaniFm8FA2#Fhu8##!~6tG%%Yn? z&jq~J`eN zs^$xrCjpeEIeeK$*IF0AWY%0$1&g{)`5ZtN^Dk6p`|}fQoS`grjzDc?)?OnVE6r15 zSYk@oA{;l~nzAzfcu%u6a^YiB?(tC3s0U zbCWRLT<_Mm$uq3w99ieC(^cCb47h0d|C%I_TeNSgWENlx;_$Y(h>VIV5vELkEW zd4~{PPGB}f{*0bLYlIMKxY+R&ZYeE-2w7G=rL5A-hawa6JcW5=VnOn)w|lF5w?ky2XT2DT9N_{tjV$U= zgP9Qniry~n5sFOg?E9E_QGh2Hqb5upC4KDkIX4PrgwPx*f%S`mT z=S}ofX|A-2wU$WPywLoC`ppoJm1V8b(%JDRteF%m6;7mVrs?&blwa7Y2pln%Ykd~k zkVYG_Od;>PkY*b)jnt-DAxa@%3?!e+{L9WRw&tAc8PjSG`o-BShqH}N$h&W06e!&oy+#GJ&K^B;9@F^1J1Lh_A3qC{W|aW@cs&?&GKHEIp*Ec zqVH!`zNb>k%8*54bM4f3v$VEdD@#FkLFTY(Gc7&bV)O$QJz6s-fohG5Eox?)(-@Rg znn12WTc+Hi82Pg-WiJ?GLM!p&()O!woHn274FuMZN=98&O6aq_*k2WE?V#Mc)f#I2 z(~In`I@?Y4h9h{bo%)_IHR{T{K>cwvWqIT?#><6g`s2k;$W8=23B>U|_yJ&eCctnA z7i^S@J+7@RkYH{CJEKNaKff>&I%uJL18ugBvh%xb=e0&I{hnGcqdSa_y;H>y@jwOFTAB_3g?ng2az? zw9vaMp+=4WF-e~hnWzyZss3I=M}BU=KLl9`Hy3p8>E>085xt z$wJ*FBe0x6SK$LPF^T5}8~>=vtWLso&V&hC7&#O)iAv>`M)EcE2rFzQZQSgQAWmnz z(ax#&(~r#`r}`35pgu+b9i<{-a0)Q%O>eZ1g05IsG7_;q!u-ITw!qH3=0u(ZG@3FS z@Tw_s0j>1IK)t;+M22Sg5wmzXMRO`I@PJmr%6SzVips@?3}h=EFB|2;wegH?qM5kK zajlpkr3~V4W!m&>blXVrmL*j%^x9@qY16U5Bg$|KT!8u;=s|rRG8b!H=l|5q_S6~!Y z)jyl(8Bvxe&jCiqN1LfK06Z`Q!vdo``!}1noQ{ebD=aly%u1e;zuQXwL`obZkVae_ zmbBR1^qXi>(s-YH(YGa$MjA$6))3m0PZNS^4;>2 zXJ&IEQT9+AB%q=z&5^JOrMW{WMH2kCaYvktNEVy!U%N;VlzrOP+EA}fphKcIkAl$> z7!qnvU+^sY%wCV!Bn>*s!00?|j6Z}gp)*@UQ9Km#8n;s-{?Rf49KRHAHJgtYFS2YC zM2S-~5C!efxQ<`DxAsnEtYbS;Hk(1rPdr{VL>QIh{&f%MZi?Vbb z&YWaFw~W~^X=Lyf(aE&^zD;u>a|tn4v>lShE-CM@%o4fsN*fj57iOul&_jK<>pe1o zUGb;+mD_MiM%AUn3^rO@hL6hOseQpmhHqvm$YvBn*1i(e^ziqhrejM}@BzX@jZame!bcs~dDMtgwos+b=-fVu4fd?HLS zFvVB3!%;)d@roxFO5l@vO5^6!iQ=oyl18(U!j79{*DqEcv?@0xcuyJp!O1a5hZeL7 z3pPno_8Qy`iX-)5bT~$qUI$1Lqs!`jFZVuA?>*f+qUuVMqxS|ts-U!tO~k64*XJ^7`a0eT&7hDjy)V@+Eb5!h?naqufT9PGN$UHYQ);0Alirtgg_~?wHxlVeU zvV8YAFH5$AG_u6;CO}m^dom~3`RYp7SIwmcU$e4))jHP-eD$695=jCLTh&uUmenwO z*kUAZ116w#$DJE&LHl|#X0}fBb$Q7)VW56@kVxRxUd#}@E-eQV)YWh+lJA(xpB;%1DnUJzHyIH-#c`(jDWK=sXrwy3+ zB}#?0RwjUJ`1=G<c6n{2#-})dP$q!upbG?0Yum&lP6taIZ1QME`Wn2CvnQhVgVwGfjAIdT zNNm!kHk&i-JVndjwJ81vm(A+Rc4+Yd+1OFCC^Oa-0xd23AIP|NV8*ffPs)zk*usWe z8cT7NDVXZeufu5U*k+2B<_&(|$|?BB!%#M*6Kq@6uJX~YsYh4nD!g~u;0Vg><2T{m z*TdV-$IB`Xk&zLi}bEky{>R&v|7`)6?q8HI-n&O$jupMfXenjUW&-~S3c#&ueFW_zOC1q>yG+|&+yn8EJtA0>IwJVEwK&EOnJlJpcyJzb zOk-vBT8s@ALltJ|FU-Y)A^swr4Wy?kqSc&FD7IR*m!UkU8SSJ~1cWclH!s-pfF-ak zy1VtvY4W{_?C+>DwUI-Dt`=>hdq)-}3M{6?f$p*A;N`lxsgUeAHMr4?Kn16F(>-Wk z7MqUbzk@JlwL#I6&L8#2GCi2+Rcv>#?Z*#$=wRD2R*NXu#sHwR?QihuG)Vamu9ebh za(`cgRCv1$_+d{!AisB95T~aga&17X2Vpn;)D_rUlm(Re5lxD(6uM8HIF|pB$tPdi z8GbPNVDhw{_EdZU7cx2t_0FzZ)a)()eCT%B?xLp-FXc&B8V;DYzlMi+7O8@RC1OQK z0dvCWXh7%A8Os2iC*4DY8&tm=Nk%$}^xiR;(nY2fF=3cRyeF*odp~lsiU7Ym+5U*e zmL}!G)=1ehyHgq|GdxTAUd1!Sa|6%wRDwgvezXk54v3yUw&DG0xMSt~K+DJi>5@W` zQF)PFF_T>!iVT$yLRK&}wB zcLwv^F2uN#`1ZtSny%8ejK43=0An0jZiUImj9L{TT3V`V>F%fc4W_CT#LyX`F2un3{vi+)Atd&HSkdMVh19t~UUS~bN>fb`; zF2gM)oD(NK%v&z7K)?fob-!f?Zi`v^C}(DkXvNOdy9Ru*S;2;dfJA>QcGe?b4{Qh+^f0kK(sO%@y-|t8}mf^MyT9 zLEQuOI+rrPn{s}~2I4RzP=6+Y!IxPiW+g6}PiJ$f9#5qjs#Geq`Ex3j);htLRqe!J zZy8Ho*QHW*R4TD(bABq-cL))c)$1hE=mx+h#nYxt0E@dV>>b)|>b$Nz64v;$`Yp(Xu=S*)B3o+#k=4 z@SGvpHG6XD5CgGLD3MsqksQb)$@}r0lmrUko-R?tM!VG~nJyIErsd*5@WH2fbdLkTsk_uSKTUny;NFPFC+3gM}~83*Y=!B*ecaRB9X+RgO88^UCbxC=4*6sbORL zm`r+t8aE^F|FsQN9cuEluT@vxtCP)4N5selQG*i}R(vv( zVEwcjH>iC`vmEV>D{c(4DXnB3!OE2F)@W6;)9c|J-qJICu*JavD|oCfTssE3+{4DS z0Q@xhO&aX>+!VPS-q!* zNt?aurJ;y-Vht5qRs6>paOLPu`oEpntLvP>ckQS_X-CY4NJ?-=%#OY{evM{*GCVh%LUGL&~__dXR$7B zA8hH=mmF}IJI~JXR{7ONfM(SCr`*iC7)d6i^B3F=fsS%Ay++YbDOh}6-N?zZTR7HH zN}oKVAW**$EMoKKriUD1FdF@td4&zy$VH2%X_jOT<4W5vY+zufcGZHl-TUUTni4wAo|J_4V!-7*NI@EL(ia@c#n4g8C!y?+ z=%$Bv=cEY#8f~R#HFJ@3bCWJ%Ll^2cQ8X$QC83ds(|f9N3NNr8>auINA+l3nE46f2 zh^iGqE^zeCi%+$(!n(w4k5YM7RyXwsK_RYv4Al2#Qcw7F%(F7Nx!A@o?gT_`pnel5 zRPemGT$|bn!{2?xUW-ZWN8A58Q*)etJn2gixOpbPb*J?vn<{FGEVJG7RVxt&>K_Cm zd5G~5w}(`3mpYcLYs_tPRoNRm1#5d`tDivwGeqMP3XDsp?DB;r$>|c|B^{q(Q%zE; z4x%21HRO0HY3!vOxc-a)BkS^sU$n8Q4i z$f~$-Z{HmKIgI5Ld0b1>p(a-@b^0f|v*X*asZj~0<=8`KDobAQ<>7=-b0!gd7a=7& zEo51vF2pr?4~UufsM`_<+;o4G%+mXJWdAr{8@ebIIM%|^ ztp)ew|AMp3v5&d=f5DyS@SXGD;22?c>$HzK;(vg(I&2014a^-P>u@ATStimtNE$CQ zlS&p74G%_50O578XVFlsp4sfwBQRpInj;k3>wf!L_DNGMl$U}LUMj;B>3suH`h(iV z%=(*m!sW|-^VkyxMw?_$Hd(oG)vc!0*U3Yd)C}>OgHqkaX)Lp1hR8kb5#Y;@qc zUb}_b7SYvX`C(eEJTT&2HXf|Lx%g}X%zDNjEatXq&0akn<#3eua**O_46^logfIEK zb*J`pQ0JL@4siMi&sM614!47{fl{x~`6`n5{mL8(gP{iF)Xa>O_c;k0D}IuaM3j*E>E!CEPF=BTEW z)6qeeEL+XJFJNWLy zfyhzNJMDqg3gmf#$mPbrGC{7iSZKv8a~B{g?N}{HKDwou;R- zWySDGR~Qpg)FH`%sj{3+fVC2bq}h_uEsw+rv^K0 zh2d1j`VTPknCci2MOeY|H>t>K3ZmnS%yY~Ok%fbsx%Bj|=Ize2CB1H3j;PY^06@fP zum3-=&>b_BrBVC+|8dvS>)qlgZ^*TKnlys-U|@d6g$o-B5ZJX5rpx35-na?X$H zU8lzTmNWXimnXZwrkTI8*DUC}AeH3`iDBFXM|0&L>NnR_6t+qIKiIfcB>#Co%b<`{ zL3$U?Rh0fz(tAQ@s(*s!^*?5yxy+)GVTzdtn#4;<>ZSHPkk*sE*!y}|^r(tL^j-s{N^33a9mhyL{HC$AJ2aQb13fL<*jeffdbe}i7{ArIPL9lB{W zi*PtrMYK!1J{$%vphqpV3M6iJyut5zmztve*rK|C3V$@%ukh6r$m`}Zv^5K`Ur&q# z))_Xn#t(!A9ecV16ZooYE3`;ip8vt_8P);j} z(rkjMm*-W*ce~qZ>zt0H`h7Er%?@>y-m=Y)>ST_NHr~KJf3~*PKzGX^zi8;3vYNEt z5o`>qXkYG2pHPwV&T<+6=7CUjVi7p1;zxtp%r}OGsrEmb$}Dg zKjR(tAm0xSJ+T1mZJ0|{yys7;5oeDSv4Q1{UF3V!ZhW5EdawLsZDO%d=EWi6+qeR= zf;b{ru;l#mHhXzPhZiJWCX{+mrKZtAbx!(VuvJStZ3Cs{AK@~uI4W~hd!^9ID&O#XNTqq~^W(RZiJ^4)t%aVLzKL z*zwzW>~M+Z&YjO30XMGij6AVUQ(RBl!!d^;W^ej&$wt~I(C|qoNgV6u-$TkK`ObNv zGu%38Hy+*f)MoxRdzZ+p_lPw;AJH~kI(#nh)`pY~!-eK{5BNcVU3R5;bwhBabGr>- zJ2z@wYBjrQ8&oi`e%!3$kHSlVQ_=VOp|e;P09M&EjjGCHgsC2d#M5HdR7$tkVg}wV zb2=w+pXrgP?$hk7{c^L=ww83j@-5I1Btki16+%hrygF7^gDJEK)7N5V?I(^gVwtOJ zfIxkZ165{q-5uO=Pr!LX^Wbj|er0D@>d#0|scx^>L>Eh^Qho-NF87knB^g{|4)YT` zj(nH_f466Q%Bxo@+#Jd$)s*ma{v;L2y1Q;D2NeAAaXf=9xr{N-CD;{eWp9ob7014k z>MbV{CoyRWO~iJYorJV4(QK(=8ym~B?>a*jZlP80sGn>bjs5Oe)g079I?ZHm`3IdX zx(Chn*a@@&QgwYtdg%^52xSX25TVQs9AdEElh;Y7ia=$t&)Ng*xVgaXR9fP^B%w?h z$<#s{=$qQ94IgPYlN(m>J$QLqnjN}qH=EMW=V^@!OyMk*hfr4Y5Y5Cg4ikxcdQBuS=W4XY^Qlx6dGn4=>;Vk zSb>J8_^q2dFDFp{C~u<433LIsX&I=$ld$0QsaX!TfiFBi6`9Uh?y!!LeWdC6fV`aO zt%x_RZlnV31E?MNg?g#}KwbLR5ae25q#j>Ix^Z%2YQ&=E;XG(H8O>PUYdOwMsT#JOI8ilwm%JxRQ)u!g^IHV-} z#OForYS@hhC&*@XxAlhQ;wop)!>O7b!%?&W#= zz&t0=aHuU@esL1KM&M4aL9ES+cT<|3Ic5#*=VkQ1Oa?f6i{l8x7?jjj18lBF;z8fI zuH+0Cxy6pI1>;iGn;!{li+SKfJ4{AEmC+%Is%c$3lYb2KGLec>7#4y-XCAUR%ud65 z>PabigsdaT$|Ifnnw_kj&IozPp;OC}hs2`TDet>Nv!bOBNbN9*&cZ~vv-|p{A04WN zgv4hKy%alS(cWn8*epcTM$nRTVK8EA-;l(dOmkv2P+83>sHt+n_g8S+{?2R>Uou)A`fHVB@TA-1aZtCy1@O1<mI5oxo%U79u$0EL4hi;4Cb0d1^QFv<1JvyTBuM!= zOzKhLcr4)48m=4sj3HEpi?5oW9hGHE56@`zjC{ye{Qb}eIzXb=rL@OljI%0P0uu#) zhLxJbxj4-e;g6LPm_q7o`9%u$89q9s1)A1P&*K;qWUQQNU!5l_1^tVfDB`-FkLCH_ zcu>@gUY07XTtvLKiT?Pq($J*&qRvyCsff2=h^dc<`Ct;V)AQ5Tt2G`hcgIoLBN>*O z$m{9}o5I=`Hc!N)VAp(IlauI8{^il5sU)kj!{H;9k)v%H(~UNr>>A6te39g_kp7NTep%OeRcv|T(mUFxh(A{l7SH*u_CI+glYCMv8fKH^16))YNZZn#?St}&daaZOt zt$zajbDo;eJuA?YqcLJQEv3By%6h%DZ#JJH{z~~9!XMfU&aOINDSPrPZ5bY-D|r$z zr|i=NUQhpQ54rzp!ggvz0u5hP8NIQ;y$dNAD98=;?1+q604{FW8QGiT(ZO3r_MJJr zFMCA&&Ecm?*Vv1rt^YJj57;Z)1M1ONOau=7rF4QB( z&_v|@iXBawGrQ0ASoRL)l60h?vxONaM_nCm{G1a7&6U*`WtByzc9%W^w%uxe__Kx- zyHDEs3r_!)s|&MU(BX*SOLJ(s5rI*wgLMpxKp7h?n6xx-H~ZA)nh8oged=N^5X`#a zOw;eLEY-%E&sXY{oX>18rA>p;8gyf0IBm2RMTa?_?&nOU!oBD334S}3eqqY60mt?! zemF@qkgmcTN_+qx=IMJi6D(xnYXwhU-PR7_Ay)doht%cOc-nkF-IooyOE_fM(-0@? zKNGr<8sgO^aVX%lO5XoWa#@=xo@o;e(w69|X@`JT#hQ7q>Iai%IeZUBJYq$4Fb%&s zSZK#DtFydRY!K)! zh&-Dp+_#gLYO@+6b{vGA2e=m-Mlb2(SsIndGsijEPu z7>i(Dnc6H&r$P3_ughkJ`+9^;ER$eYO7XK2@8Ij_dI+VPXy4~=BY!=in|%LF=T9ff zVHIta{5` zT*k3p)v64CZ?&!YR@hh36?;qJTmqa1H zg~2C)yyRNfXKvU1(ND#AGF_&S*K_crw7kw1u16g%<#mI;|Lne%*QxrR@xSsK)_z`^ zante|B3#2#d5zWgz*Js?^u5Rb%IiIdwSB!(g3t7C#bfNH_Z*D8TW9p_ru)m|c?(5z zo-y5-)o4LnXS9^f1l9`85qGir^euds24*}#e`USX+w8uWm7Kc-KK60}C`=AJeu&xS z(|;AHI8s(%hWrU2B@~28(gL-k3RAuIksdt8%nn74&wBw~MOLJ%w!E$_h#b#8@v~Z1 z;LbjBT3#sfw^9`{@@$9)CRc1KDccdtu_KzO!?sbiguR2Rm{!~tDgKWLBJ;QCxfqE=f zXa;+KI{*dl7rg7TmfmKM0an)$iax7047rjy=QVlxMrrEf$yFKh~2{#PR$wIzF9e7h;Lmz(mjf^lR6% zhn2O~6w3Z<`l}iWT3~oq@8*)a)Sa-_KW$KF%jk?~)X&7f%IXE68yNameudeFmGg*q~rIK7kTWWR6|G+<$QHhsFI z&$kh`lHQO)k&;mdd8Wk2@dDrSOo?#_PsMWv+t`$#`a4d*BKbTwWDvX z2C$~BRjhBVmpteld~0>32{LpE>`nc7PJ4%BLY0x%*iUi;Ojpm9|NJ_os}1Y$#N=Ik z%3VlUlcRz)N+?5UPF#tZ*J5)>gS0c&Klj;q;k^g*N7m_F&~UTNAJ>}WWaBT(8s3kz z@91#b%%UUISM33uK_r={u&W893+VOip})0ldbOaYxSYH2z}wD+)7; zrt$?FHB-jF<41{HIy$5lVf~(Rho7D$QZWkUa;w#5FHEHxnz?J-dCg~ykE!IZD(j0+ z=;XNDC3=EnVx=t6Inq?gbvwo$8$abGp+#*lCs6+qFiQ8;lkVvF*F3!xkx#v|eiq^;4f{sKZjcv%wvN)< zGNd|8Otk(zN=%(Q0_KmUHv7> z;EDm9Ep9W}Q*}^`r6rD^vlYlR)NKBI16Q;yQWXOY?+9hI>>h?!pnjdjU&%HJ3sd=u zwm!7l(B2UFlQQJIdg4sVSVIvU_poEY(d028OfV;n>WKq@Ezg8?Ez~I3!gN@bhvLmK zEoePOz%FDtuGn9TWR@s7^483L#;c*UnUV~b?UYeCbj%QNzA}8c zlV3R1FELxcl|wg9$b~|Um8!0^Y0&EjQwr&P|12{y5ngN&zAA*LBoW3X$oY#BcMhJT z==SI~6E&u?_8ffC7RSl@akK^tfYLlRZtT%t+{JU$OO;8pq4}M2@LbcGcOTZprQKlE zutjHGyz#Hry0~jc0%OJf0FYMq7uR?7R27dwwwU12%k>uay@MYvk?fERm* zVu$|ZEYm8oFRE=@M2q@x1*U<#XI9-dbLuQ7Q>58N%LX zggrG#S{F9gPjd|}C=P9dtr(xI~oYX^%-TKKqCOV2s3rA;QcwRP+A?(Z<#_f2rv0q>>f}wbj0raWhhKAPHs_OW z;SH$Y0vS-3SSW2so8ds2Lb8?25-VN>An;%EptK7*0U|5MA9U&3H(l*2!JL?lba5C^ zk7i|EvOq7}Zm8y03RA%&w$DS*_zm`4U(N+s5bE;*T)99@t*CsBPlu7+%zigyC*`-7e9m77DQWb7u0O)+=0m|u}gdyDgD6HMY9BAiDEQaTBq=b^ zmDZf6a#X+idZ&(XsT(?Gi_cdOmQH2`U{ z+C0+HOj;szZk>J_1ED6jB3k^z9sw$HXv=WB*Ufa#Jr`n;;IwIGG#Ezg^5hP204mEmll{lDnqO!JJG^#EaC|~k`;_sW>@hOY?Qnc*Cw7AGPM#XG?&u_ zB`?}WwI&k7T#K=5fhyQags#;B4Ns63|o<+#p?9Jd6}`U zGrvx(F`EFX0Hh=nL=^}&ekKH(XZOyGb$iHP3&Eox5P!DfRXIfR`g^+96q>BCZd=Fj z!E93M2X_{sYMS+8Fux|QwI7(~i(Fmu(TfQKL3^rZ@;`n6h=nt2}Wyyq}s$9DihET(; zqQN>=I5UYsf`})|vb1o5)=`b2ul|{_j?l<3)E_a_AD$YV=_M#qQ>B$)S*~9P zA@E9oVT3C|Q)a9yK~mJaFEiGaK!S?t>y<#c@1nC~RDLA$LI-)hw*>TTwDQL$aa^zb zT@J?y$EqJ)EiB6+`4B(Je#s;^rjnejBu}Iz*+*pGYtzVH*)_Pp!}N&>g}$m*fTuQx z`?syKEyM|n&OQn1Q~0hEzAErl4Q{p>dp<*`&=gHy`CLIXgqJ}5KS*S=;jle*Ol6}i zxp*qFiS~AEs^LCh)zKch!tab@$-L>$%IxV4$vO21!Q2RpI-|#*dY(X=NI2g=S=?!< z;?4krU9{w7#s&ciHvUDiVjAD%_*J!O9Z!lW_iKL;@3n%Iu5_fDIaH_Ar}PJ)PQQl;k3842_ zhBxKMa$cI{t0Jo6=U|4S?&8;U`zNZZb%2|@nQoP_Q&oLR5aQRl8wiXQSKRKzuhD!8 zm)!=b78_rt(vnH{Ry3KM^lhDZ(sioGPUh%>F4Sw$!*3QU|MF(-EJBBv;&nn`U(@<+UCE{bhkvZYZ}=1vE{ZP> zW#Yfn!%y1?|9n9vvF9yLVkhoFi={2Rrz!@f-YVY(0%^&)Ng495ioJr~UnF~C>5)1@taw<+CoUOHRb$i#6rnKz6h6US$M zPRjUvz7_;&A(7|RmT3W@$n$fy3yCII1taskT%vxjhi8sYhE4L{X4HbheMIe0OGXH{ z_Yuqav4_755o;(sS*%<`e7*+C3or3w2Cjsv(Y=-cDeYh9Hp>sGH4-%h41f62^1BCENUH09Cz zl|HlJS7c`JrGU!-))aUlX5n_tFj7Fa&rBfR>ocDSv?<~7wM=E(Hoq+SnPu6aG;2P$ zWnnyQSC&{&oVP*+s&dY7{Bk%+X{`qkPrfHg=$1Otcc?_vkPwJ}NJiih?U>Leana zWbIV{M$Ia%V*V+t(VVAj(&liFP+g;7$Pd|={PH(;^lLGR08h4_!K<(P{xAt}sQ|={ zgNSHawqcib0^(MjyCiy4MCOSEMrBe1MC8OfqE`h8B7mCOOya}Ff$3p$3N|qcBHLF3{a58E=`jkZN7AI z9QH1LRDm2zl??N?4GuKe^_sSz_a@S{$7SU1@uuTdEA;l_ zBS&Ha1;YyhJxdFC7V#|NIf&;Vo~1lXd5-2en&&v4<9JTuIVn(3HxulEp0#?=x98{) znW;xKs*EEu^{bYM74}mtQa#Kza@H~$*_-`Rrd^Cy);0$qw`ll7fN!_urfaO6OnRpX z@GWE3&OUDd;%GFVG#*uF3*;yiF579WIE1oB-W#JO2j+@zx7Dn79o+JXXmlPZtbD=f zE_9S@TNtsyo_NTC`SBY2J!xX;LBri$s>G7PZzSG9_42U<9XDQBWwqI~P8<%Gx^X^* zW8^GE`%=H!WZ@U6@ah-AMzLUX<5#|F&}Qstgz!9xCJaB%TwY4=4=Q&q5Lsp$=suy?pYZt;`SBX4j#u+n#&nw9R8n~xzL=aZ%FOw0 z4{^&!8=V?nL+tkLv)8az_J0QoO=J)f@0HB{a%JyG{1;yB)YkT^UpN~(oN&*1<~GD{ z^&Ts_%%1JHs()c$Z;Z3>)$MDWrDwq83SC0wVhaDX(5A>H9jl7fm12#E+Vxf%%_KW2 z_S+B9NY}MxO`BX1jn)!4n45s!K!ym$PVKv~ZfjnkPMTQ4!Z*0#-67B***sYHYqvnd z!@PMzk+ma0Q=>gm?o8Cm84nEHKp$yMTna^YN!EE5NxTMmo>xne&A<2*v9S{8gN^E) z=G)aOQeuBle2@vG9_wyYGA#i4ssOAuleVLjv1?7)%*6>V30PIPxI^9M0Inbi?a5YQ z-on}~xK%7$TyuOSBcqHQu1V$~R^S!VN+kD*0266`>pdHiJEJd#Nm_ovHco#1iXQ0c zIV7*S)QWi6UO+2}cpT)RaXF2I{+MG>SOC!iubV&PazL{~oHT9t6rWav7uV~GY{}k_ zuOyU`eY`b;K(6l8IxGGu-O*;GQ4oywpq%~6W2Y6-0-Svvx&_0k=(R=*sNQYO(XO&g z#1M8Zj3aOG8$QqrjKsFUh{X+WOd1iad-W%((K#@q-sYVn-P`fiz2=0nUupXyRQ*P% zZ6TX{Il*YB9xC@a6kzcCxO!siJTT&w_$0n5@qWn?TUy?t(ly?u5?2Di@h3b)caH0H z7r>jh_|>z(5euy0>R*HMaVCHhEB-A2dkso8C0d0ix*Iy@G5r0nv-v`aos286bbk{4 zw>j(#Y@FWJc7Y##c4wlO+bh1YUNSoa5Q>e@W-3X1oJ$u(s6d2aPst_VR8HsK@mqx< zR`>=G)S`^NCaW|MbW3L6h>x9?m9>c49s#At@^>+RI>UJ_)S#_Q#w`YNrZm?oWX+t5X|K+rcT`v z6ylfV=?x$Yyz5CrI-%(=K$8OW2W9FnZcV*q%IsB2Ue zDO-DH#yZB|mspeYx!Nx9oHl_Al6C|1$1Y|QWSp0s_>%NXuvu`kn#Jx2rH%Z=d}5!@ zjMcOmY}7tWVh*u)XU4h_q@kU-Nd^eV0&;C8h-D~^qX3DYO$Pd z?bODM+BVqSCMvggXfiuS9D0uTCLT~v;XJ`_zJ@kZ@^127l94}$4jB=t)D18p^(EBO z);=*-I9-`_Aq%%e)37qF?`WZaWh)0PVdn!8_pL9JSn(9CArE3+w4$xnAj}6$!)z0+ zHLYBD!_5YP`mL&7?4r5Rj@)G$!oruENn|8fN@sGG&NUMj6am!qCw>sDfBT8W#C(KQ z7aOQ&vjNvEWxdHDE7~y_Da$g)GDONFWlSM-*|!KUZz(I_VZDjSxsB{ZV@#}i$8cdT zH8k(iw=0Gk9Ox)PbSma>T%{mP-uv>W-3mn$Z{5_lvl@kw{CbD`YcVwnDIR`tDB$9u z;an`eZXv8PQd8iUFWB~8sBTdw)x4oAE$mKz9!@*%PqkdH6LIQ{ngxH%+ujm!NZKTCSwzyzELQlu5~f;msSiUd!;_0MhcZF5F~R z5!BE;c}2z02?aGf$y>_L=3<0y&L!CPNou2{_;q0CEu$RN-6Dv47o@9ve_FkM*|kmWhbGDTQS!_a@cnJh30@ER^DJ=~l}GkbQKf2d@9aoW^o-N)pT zG5x5pQb9Oq@158KW5&c@`Wd2couTcW6+YSm1Y4wBQqEs}pHW${By%V^oBO|1LvE%f zSk5G;6y=yl7hO-2ct)U4+wK^wTcE{O){R{@<@|d~kF4yP?lR>W|AUHEQ)JVPh+Uoy zLwY)yb_DlaydJ-rE?qg4Vh8HwlTyis+GO1Q%6GDo8X8vR9dFH)9x_kuaY`v$G7U?AVG2ZLSAiBUGy z@)K;lf#1Zn#D0(&>n7F96niSls%I6O%Kd7>WuUdOWn)_!O6e7YjpJ?PCw8iynu(PO z0D$ZGHD`XLsX94FCx_1OQ)#epr3TKe!V;zc=~T+kEax4984V0nQd|BXsPxu%K9xka zrs@0y8}H@UQt64zSVyIZVnwCf6q};bEW$;l_g?p@WKlXQNrsmsEP>|qOstMdcL87y z`>=f~iNSDL9T%{@U2ZR6bNapTgbH~fh!y4tV~SRib4-Y01ncIzE`^%1aMiku;!0{X z`vO!Ry;)rsVudGLdEGnJ!~J$To?{tal1|{ z1zRXC#KBgT$NU5NX%b@>5B>Jc9H9+FYraxlen7C}_Pe3L=6>t9%*#rkk?-C8`^gd^ zE8dV`S(Z{mZZ&r@aqpnrOER#ftbCYfEccp9_7&A@Kr#;`mhpUH4m!cD!=*YUX1XL& zv7|4|&R$F>7qhY|8MEbhmu3T{BhAGrY%9GOZFLcIQYz*(FJ`fed3$*h+hbmgWFyk- zn@V%L7cbhi>>pjK8fo9UL2+)SnO>5154pDRUozRT(9dR|Wl*E6f5dp<<( z)%W||+!G&8ZaTE%%uQrC5qK8Q2Z`OB5-X1zmPk>{{H*8kU+O6X@tT#kL#L%Q-@#eT z{`)X`58RD;G5&-T?rXN--p3V?JAY!uzijBi(xT)IN>UNqZ}q{P ztFc~jc28nwG&x&j9ctW+K%#0^LjkXv?`2G2_*`;jX3L=Devnh%}C6Q+^@o%3H_{#A_ipa!*bZ|?!W0Z{uHw-D+$~LwTh<_s7A6y|k!gWj* z!YAB*JCtDkdJ*nk51CK6=2d=`E#ck-C`Gu(53+6D0-3?Y$6xa)jE;I}JDIOj&h|5T6bp=?CB4s@Or;RZRvZTQX> z!Xw2YNFJA}KLTtv9j*&`Hl5j=o;FfTYlfw46*|b86 zaCn{4P@SdNB;hVh7Q*jw*Y8k*vq@1EU+*FF30L@e2H}nXC`CAq>4{&Fz`$g&e^g0pBk!Dl#Pb! z=`?GKa6=s7s$3zwp?XNN5I*68JCtA`DXQYndB}XieYQM`F2{-+3cys{DD z`p~Q?!j(G09q0<-5pHWgzYsp*@^&b}*0=~a)kEeJ?jbw?rOm1z0hA)#L!hO{k>&3Y z?m^vbO^?e@l7D-`VJ_=eYGP?RN$jY)itKD1kEER~2Vob~DhlLp-1D}mwG2l@#~9tH zMQ%C|!i~bwN&}S+6oy#wURj<%@u}QNccWOSxv^wKh(VW(@vbFctmHQ%B24mfLn3Y;7K+{Xotp#uk{+^3COoYV~lp2>HoDc9u({ABxV|=p4HO3cS0h5g}`u7{-$rXNMpjXXm zx--=n`@gzFV~kEV#^@ay<3cjGBcq7!vO{BV#i|uV|J%seM;NwmjPKXBTVERE$FJ2G z=Xkl%7?GvhH%7mY|94}gmF#yLV-#u%@F$;PlI?d^|@gFg2g zqgjn{k!_4xe$8LdT38)KYGjN}HpbYr#_-sra%00yE&*+R!x{9;+y#GYEj#)n4oc;N z9S2O&vSrck_js;RHU-;G?K_rc>Y}Y^vs#Wx+ZL4%U0L(7V@>Jjk8DLJeC0KKKf2}) z4S(MMq2UJ$!}blo8Ar_RkHQXsSH&;#a--pAf4F_aANU$4iu7S=eF9%3B^Gw7;Y4Xlrr`wVJNd0%4E4+ zl$_GjNyi0$KSidp!w((o-6sJ+(`-|4qO{h$iFOofea&EvtYwqqUB20C^vTp5t^81w z;^MOA%IGvG)n>X4f$kW)3=8(I*)=%|p zgpD)%fW^am2HFh5(2^Hl01637&toV_5QbjG)Y%3Nw!7PMEKuC+1)aCXLg}=&>F~bI z!~8>JaNBfyFK}77uUnH5PFSP!?_9SfC%kvvmh-jqoO9A;`B@42S5D)(Vv!x}b8{D>;vRQ;7CF$Y1qT1>2!yr)-vu#OvaD? z6M}Gb2vsZnSe7vAyWzuVyjbyRi(DHXGEkMV4i@?_Fg;_`%l@h>B*cIvJTT&F`CPAEs-m2Jp3c^;fcw&;z$tKwhcZb|(Y zSiYX`>woDm6vjaC+A(c&GO zHP7o~|Jo-<jr7JvN>w)vbpwGSLva8ocfWPylOT@#}>{+Ne;>i_L;q$+suMP0gJ3TR7oG$qpF4VRxQ zDbm?smqlz5cp93aPHUk4G!I1aZ@;geRQMtf^DFBy)lPn=ykP~zvx-_x6#hANCrz~G z9tI_zFB{D;npmVS{^$d4FRI_B@^GmJ

|aUB*}{y=jA(QajMx+V+lr;)SSnhFPvf z`nzpE*4&E;fad5h^$Pwt+vO`K(3GUk3_(r{{z zGT5kj6r3WW`SWhzr1>&XT9V>npXt1{O zsK5?OY5OjOY2x5?lV2W>9(ZGz-y##BP2sVc8P}UrZr98hxV4nSOLj;*zcV0lrB`*E z7)O*|-OBE)c2CAydNI(6y_#S1>2vB$oWZMmb!?i^gV<1lO^p__-v?@&l0!b>^yy(t zdsL32B%D7~zZUq-Y4X270ln;;w#eBpGx`7FH40>Bhd{lCH}rhsFpWKK41`kZ-%%Gl zeTfV1zSz#4lYqQgF+i5Opo<8a;sqV$f;eDSJl+c$;)0Hu55u&{hPnVv%qyxj{c*pD z3$hdQrEjWeD^2&;dAh0iX7vdMs{8s;Wq0)vh5dQef2KsR>E8~avs>4h9|j{E*=>v# z_a57WGp>`zm*ZYCmUAuJuyS0cact(1VPp}0{TB&sjvBU(B1f&>o15p9jI}TMqWpC#9dC$GG1hD__ z|9O7TFV8cXJLjJDJ@0wXd*1Udk~7I5D*K##a)wHtBZJTUK}Ix}1{^J%Gi?*Ip{kwi zVN&`uz|;H+|C(;$pWb*I?;`tEhLRH`!vuM^k$=|NFN;E&xLG5-7&(etB*-)$eEe6I z^C4(QWf7kOK6!j#MJsdoWWmnzg)UKL5ud|f!GElJC(||A(C%sB`6cJMeX@2}`wzNS zJEoLC*9Hx`tSZohnnd)V)r;K~KnRdOh0nGm-$~C35dM6Xa7ajk720i%W1dV8<%UyE zA|9jwaF>+*Vu|Pv)Qq(rKr2G_&t?CRaeoF4f*^4(t z)xDP*?$+3LCoCwQoQT%z*-B-(qU)1kO{OMw@BFc|=k{UpBJaqLaQ2HE;?p4t0!^$} zrb8SmSi4?^7Kqo21&J)6rmIO;S>ETrwL!9AO`Uz~(XxCgSzaKE3}-vjNX8L~jB55} z-RO-sOLGsBk+YMymYcg;fR#dALM2t>1*mTWSJ?uOL1P(M?)n#fPa>j%;}g&P6pMsp zdw@>L`y{GOSB(+4#1;LGm>GPjJ=!9O5qXrPBcWGdL$5$OE;>g>6lTrNT4-mz_-I)dNmhxHq||$b4$DMp^&5DS1J5sM zRpB2of8j7|#x_wcv}29+#(YX{B%8JTHCc1ry`gE${GPxd9vB4cM#3ctX?|;kD&jTC zAc3!gH3mAwf1<2Hy)(dbJJ^f1@I(3o$0g~)XAO}h5E`MXHdk6_sfvW*#t4+0yt3JY z&#aGN17Rj*1^j#2PYmbZfeCEkp0Y!;Uyjs~7hsjH?=mqqupZ}K$+4_uPS!wFtv8QD7gA+5_y=LXHLUz;~MI-w!TEom-9rtkzXB%#s0zLYCe1UoWi)O z_{`%YySDH*Kd@FLY>!d`&ag(&0aSM#3cdP85zxfLRlR2aV!Mgqm@8azJbkiC=Fyu3 zTku=Sl4J`eMjj+Vno2NK;f%@MG}oT;%yO+>N#9QRr=XWQBMV>SXKDo7zHL^ljws~Z z<|Oq2XPJd-njtwVkKax($aA@qRBR`S*NN9IxA(i3zEs6dky?M#DvfQmE?B|0&B^?Y zsc^cS97liNOSc=DEQc8smPWjZBi{-h%$hyedUk^l;1>TdA#K4mS;1BNf(J8ev8nJ7 zZ$}CO*)yzK$wrc7J?6tDgUe& zpSPRWQ42*^TP77X?x{Ie zr&0<>KY9&>B?*#7`IVen8yt2lZ!p&=+o}broG44z=S;LcZU7#oqhcP5KJ)u%#)_mAsLA;-Z!>+ue!lB2} zdM(C8)>O`&aX5(e+yHS}b>4#RMr_Ueih(gBwl1(c%3A9%-nH=X67~&@l`kk>FmQg~ z^7$7Tu{I-ypIjq?(5K%g=cavi+@$w1VjB!RKEfpIGz#|}hNs8L%6<40MIT@= zob}s-UM0>}$=PxAXJ=9uoWHmV|Dg`8eY*vy4K4Tze_*Dd;kDC$5uSxfTgeG)fZcU6 z%*$b!9Ub`rusMhTM7%c~tigHZNiO9}@ZTtq+RIEf5NB$ym(pXFsugXk;HR!=8*^+o zt~O^k0k_$z3zyUW6V#|&ELT7v*0Ym4gpt(^f2q8XH!)#qk>8tWUH03QWo31+uHr)a z)W*k+C6%~$Q}P;xIxXmZV*OhG3G;iO#3cmtW|Xa*9yQ#b8SbsjX&?*9r}_a*B)a5r zjNNdHq&*&Kob7|TA6UGlZrDjK5JA-v*iHH3jnN+PU0b4Q{IInNyOiV@ZCuK!dy&vy z(9?DTRYDR@pnmx*iQ$spt+ky%UB*u}tzyg4$%_rE0lP5hO_c)cC2%zkm;^yYSW`wi zhx@YyU)-#KsF+RtPKxF6rui=ZIq))gv=-BXf>+lY1W{ZUn_{0iMC2?Iz+zOEW8Gp4 zZzk*7J!^i@YDcLMmAo$HQ$(mr0k1DS>qdSe*Bmug9HygleZV^TRnRKrlel7Q*$qtF zeP@n1iH>J^kSxmGQpzo$5=1Db_Cabk!n4@&vezJFW|M@496%zzd1Wj&J&7q$tD4`2 zwYB&KwH=9`pst366~>e?u6bZ9O|VstyHT}nWzw`^-@IUAQC==nMFGKqjtbClXKQ?PvQIms`}J3hix z50>{jBfFJ(Lurq@wOPzt%s*I3sJfylCu=?S5&geW4Qx_;V0&U?^SX>G<{u%Wl4FCa zL5)kwswsP{B|fNol7k{P0^-;|JA+bK?YMVfgY899%j-|h_SCWeJd z-7k~qh(zRPC+r$EuIu9C>Qv}hkibDfys zpppA{BkVb3!jiUH-RVCWoOLc+plyQfH8;TEr8sT?w>S!?3E8JNW z3Lx1mbtUK*h(VwN9u6#uhdIN~%=?8ap>3v3-QpQoMHD zI8Ir;_?zPZRa>eJP~|9f&SI))YmsH0pneI98M(hmG6Am!yAlMv$cV_U32D-UP-FGnNgqCBW``KM#BS>4rI`Tn$Ye z1#Y!op&+~khgXMzx3>^=HLHR>=)Ta@Qf5;cr+_$Fs-p}JW6I&K)$W_gy@p|4Q7T`s zF*I>$xjIUzW0bnUa9lwvj5hZx|9<=T=y})z8KId}!j|2RJ|G>;2pRciAG;T!(fRg6 zbg;or#uW7}uiq1L`Ma0x40Mlb4Lbw9xH^^cfzM>)b@*I4fuX@Sx>PXi@BtkwAP!A8 zh$&raMYw1uG^)GitF9c2G9qIID^cA_1`l5$;SEEVSWSE6;A;!Ugq{!*dvuo8cNE?x z>|ofT(SyuUgZPz)PjbEra8KUcTLDmR3<2OJNDX8(x|~&lYi{(0uZC~17X20XE-n5u z5vY01PyBcf;|};UE1&7+QkEFpIDdte{!Fe?8}63{bdF5nsf>Xl{uAZ;)cihlgF(dL zQmYTi!GrGFo+6+7M(&Y#yRGY@vQ+^9RLIB+Zr6HTo);?5H{(!0%o8I~(8Ud-!Rb}a zW3cVUiIE%WbMjZZBcq5fq4I=*6MyElreakT-ZZ$ zJRP3;JvM#R45&nd5D*TqxlJ4+{^_EmNW;P_I!JDopTcK`+xcbbLxqK{(7gLD4gYhv zWT+}Uq!Vp7xG!Tm3dh+ZtxAOVH9}8GDIpCZ!~o#|Ez6MysmrnOuWEpKa9_GMPh_!_ z6jm@BRSV}$?5bg z#2fJg^0jsS#TZsJ|yU&*G`RbzO-{bY;g9_`Joi3$c&LG&K_)f7*H*jbs9dM>Fq zNEOHNFjF4bkL;989%jS~2ws0!mKb_8&+LtNfC0a5q(o2q`L8_N9ez<|ycTk?#eX6( zE@f6kk`p^d9ZA_4kw6pVF%~@*EI7$8SWx6luQjdcmAsZv+t`;mx zxmU0j^yLOO_>ADA&^a{xrr{i`%KpTNSd;d# zY79xN)3o2q9G2X7iG8g4@p1cD#cj=S9c90`wIv508DEcvJu?b?)q7a1@OJ-y4B7Z%v}oD5svS)&a&RN-g2x-<8vaOHmn;E(~JYiwyG`grmeFzdxtWIJsL} zc>!fzvZRhezhLhjsbtlj(Is&cbqd=uncKkq8-h&FHKO-Q)Dv0tk5Y8EaI(P3&(x4YqQNQK3~H6xOaBmk>2Wy`ca- z<i9yXwaZ$82aIz;< zQ$Th80nH)}5u6OtbhL-poS3B|P9*{(#rd7&bc;Y!Ca?@Z*|ghSDbo^}1eOU_IqZlE z03w@9=vHTVJ!k`ONBQwk9}R13P84m}ETeiCJ89XjIf$vQaMumX;u8Gbz<1G}`kL;n zrRZ_yI){^Nq77IRO0*+a>7&*_BDkp2u+1jQK|EAlRNNBmyuWr-Y(ucKmo`u4j(KgA zuj>APC#p*9bLFi7x@|{O+B53pZr+eTKPTX~GWr1Bw)A{*yP`9Kom2c3!Op4vE9Q2} zDKBs*VG#m-CSsQT&qi6*~07EFnp-jp5k8i6zoDs(`G#xvWT5m_pgZS9hr`zX;A6rk?Zgz-eiSg4C#z1d-Z3-cm8k)}uz zxVRO#Pn5nWq>J-5Y6_>LHwn$i{^d`-AdBg(6IaDww~fw)Cc4^2D_TK!R1XyJ;?2k; zKT2cD9~^XSK%y&xIpSV@uPzd!;fIDnks2|daO6Y-ywx8y-$w0BoopFi=nDN4r|$L& zPoUtqv9UJgBBN~U^i!;kUYRcT_29lT`n^1d3QD;UGPI|OLKEC~i=QgG@T01?!C2Y! z{&0^f8ncss-Bd_(Fm{W7Kda%V_#)$W0TQy8^=M6|r8eq^1hKTaH4s0xTeD@KS*2*9 ztZ@^<*RZAbLL%xY^_jBv>1SAHCHr_r*FH`?UUB16a*~kD)UitMw?}s*dqOZ_TedHo z!DQ>ho~iu-d_s)O-d+2%9|+T*i&Oe@j`buZ9hjYSSbt7TP^%9pDHCu+pFVZ^!~sg( zyvSNxM6+E8)jzuuDqFg0RIjWG-_jlDBtIhhoreFPAL7>a()WHW5eQFq-O!#OJNigv zUrgCr+%i8+FYWGUv)XGF(oABRCIO=~S=d<)3MIO=HqW6%><~hUkY^?-5!`olWU#Zg z_T*saZT@S6owo=4YO&1}NynTJ@qdD=Py@+~2Ih9wQPSUkZl^Hkfhz9Yiub7gMziD@ zh3!2_)Qmg@P!%D{uP~<$g2@3aimMN0nxhIN4LPMOABBO*f~z>S32}(-kd}?=wCESt z^79Kmk2&A+9RG0j8GFx3S{SV(+X|1j2aT^Vb6ha!FUX=X9Qw0(Kb#3rZt4t^@Y z0Tc1BWug}y;m*Qk^`lA7dW0bQ2W&t$l9W(XZ+uDKKCwt9u%wQ6WSPqs3T-u#GlSQ{ zn13ve-YWlxyzQBpu3%|5e^0AfJ#`OokDh(8WX_Xn<+8S^j(>Wi+%HE@W4E)0(7X~v z_v@NZI-)nq7G@2k4@aXy&^EI)PG%FdP4;cN3$y1BU6#vk zbhlBxk&||j0b5vD+uNCZWPsiYHFUO~&mjXphb$PSZ;~}&Z^Z22J zuuV3cP-<*^$B*~S#xf%^Df)ZxV`TEx=jbPhEpjgiyp6NPMN8y%pK^=01*mn4Q}!% z?Xz*b@|q(em+@^4QsY<^86}C;Hw=ng%!9|gbx=e_%X>8g)ZK?KvJ)k9EM4XR0bk9s z_#E`3dIEg%R-{x7qT(1XS;%XAijc@kutxqaJ~4h0oQZkGDKU-`>f|Rl|0;=k@JqL} zUu8O`=Q_kAB6o?BL;MGe6Vh#Nk_YK~R%Zo{=RYwETlh-%52|kof<<03ILHHMy^;>H8sRygsPMAZk0=A6Kl6!D_*OaEOPpm~{>|DE1txEh*`G&|05ngKYR^)SF609#a6=Z~fxe3S<|lX0uEA zf{>K(CE`ENCk{CgZLtF!&}{@yf#c&&HNB`NIv29?#oyv&Mdg~L=BJ)qmWA#U4&>$b zW%8nph_{~RlgVa?45iDbKWT%V^waph+F1ySj+=zy`TwBdN3x4ZwrqB>zjYY^i8F|8 zqw?rp+y&ebbe#p!_kttnn9ZZ@J0CjMUuMVF1v#8YTLQ^Hl6u+8Ih98{s~hw4|Aa?d z=}zT|93E|`;8Y5a_7x+7C+fy;F_-% zERmql|8^l1r!X@Gs?h;3GwQ0*dR-48E4rNFHHp~A`m%vr zSIAI7n`~~%BEmqVV&ulvdM3A(=gF>ToW&=fIpE9_-^Y}&<_uP&QsBw3`puUsTp}$3 ziwrAWekGK%_RQl~^7@|D_+C+BH9EKJ!&^wQex39Vb5ipy(kYRm%Z6|?N=#93M0X_>CaNcj@v8_9T50{Nv%4#KzVTMSFXx*WXqbwt&r>~X zCl_SskL(!`WhYKBPxJ2Rkz~8HUA!gH`pxmyFB3eew9<~&h1Zz8)GnNs?80wQpi^Cl zi&*lG(uLG>ibY*r*1#4>Z=8t`7NP*jhKSoj8POZ!660-LgcgOz#De?#INK!%vzVP8 zE@GkK-i0gewoE}2St15qaY%0D1`@-SPl|Z>8g`B6Rgv_$C_TltDJ~(449=+lC6F|2 z-d?FCobfxm@coOr3adsDY) zmT2`W?I*WZzgnKSw`-6GFIWH3J7qmagwr+04T{e4hAsz9*ZTV@3{&i;G`NY=2e0VH zTEFHXpQN`)diB-0Dh_$^T1k3QWxcwzxes+pLbK4QQ)mp``|i=>^x!4k{pc2fxt-R{ zGS0{G(q&$4i%T4`(O0B3o&?$G9vvPh7V1q;Koq)O_*WEIjZk*^^)gjGjGNEzYR70b0040W>Evon2VhUhCu0UaNHTZ%j9SRi?E^;&v4lPBo$=a73@4E zwKLJ6Q^6B<1v$F*diTjxkr&wpmU@G2@M|L?@5?iK8Ic!x5Lps<(;&*=WGCytd9t=1 z=8J`#D)ojvC<=L&@}0-`GQRWq zZq(moY^Z#fOyH<#D7Mp8=SugPlUj5ny|MP-zD#Xi4lljc>A&*1ce0{GlSIu$tG@xP z_QqC&ITiU3_k9;n--SGC)zqlg+>S%%VHf+eh7mwJ!Wz`qkVV`WU#vB3<~R3h+@Z!= z7G$9YmQ}a^+`w*bY~sF*Gpx3`g0SCMGd2m1d2%94)j~!j9SSV9GS83;Ds7>-e#Y0a z_?&Y^p0INW#?v+4kad~$=9zZZF-}&#T#@_8Di(N&D_4Du=Tug}>z=&Htu0yLqUSV5 zKd5zEE`zHY+`2udM=MXB6I-`s^=Oy0lX|pjYjv}#K-!l|lk9jCGwQM~1T~Sk6URZi zV>j4QVa`wmM7$aKmVdT94QqFyASJ9$5xFU89ldX~^nI!lG>Od0d~xGEzk!;hNogZG zTdXfbGYYH?XF=CI>qSHUe^N3;=8;Pe&dJ3-FVNvXRw`EqW2?PHfu-JL3Z*)cGqicu zQ&tK6n#HMLlk`$=l)+)fxZbMV-`#0s{y$_q;lcR;Ud(Y4XcIk->j5nGCUKHQo&P(h zFEj$J24kLQQR$%oz@Gyw4shG=m{v4A#2YRoBLYUp!r=)X*-ifN=lB^!?tYr?Q=Q`U z;j(V21(9egaz8n(m-cj5=gHxBO95$8sq^TKvU!L!riAQVaAZ}{MK-n@$wu`rOeeRD z5kmLX{P>|rH6;qYdgI$p@jW%tGg&PWIsH~}Qaga`R>nD>ajN@j0kh2H+|7&=u!<4@ z7E}4so5(woOYV~5xjf_wjbD$qz@|UNyDT|@Ia$R?;DfZ8(&ZP)MwjQ^&e7Bg)$qb?ys5d^tf9sVw_Gke97m`WF3e@kV#)uMLhO__PweW4K z@CQMMhy+4x?Q2aZP?Ahtm6TRDd?nh^glj3bC9$9bPLp3tSv%A(b!LI4)l$t*M zRhKc|s(P{CF0LT@?QE)IuH`N*M-ZAxPvEnC-<9ePeFL<8G%Vchd>-L*JRIe@ApA9a z&*76`sNvzE7f2aGql$v1-2>S+d%sDh4fZ~dp~bIQy71B;otnZ+tKDXg|J;U+HD|(( zi>`;dyi+1COhLq%s!2Nh~T;wVmS&ApM`#dz*+1r0%uyayiM55RIq*2DyJW0)l zXjxf96dR#j8r(o%9G3gER=Mi5cL_iOdC28q0(!AuMO+*+iF;!u7V!P-)o+9DpEvBF@T z`hif(>+;ieoG0WF-6TIh+&ic6ZK|s%i)!Hwbe3lni0VGWle$bqtyQ>LL7S+0r#H=?pKI-)ML8vD3m>L#mCL8=UdJ@2afu}=nBU#{Ocd_i#+1%sJAesUygx^|!c515e(Xdgy%Ij{U6H+el zPSkhUfb_CYwTDERAU*_d^{3P$x6-3`vje)N%kIxGwP4>+r-FtpGc&Q~uF%H(fDD$Y zO?9gxbCt>mVf@-DvQ>=!ge+EtCfk5NKRj?BLm^m=yLFZW4#NgqKv zS^@n?J`89oqc&z$^cw}f)WhTxbeO_iT{*Y&1E5`9fXsC#hi*DwTcpRH#c4;D~1b-^X<780ro3gfa^?dm;f_lbjc(f7JS zz!ob>5S-9m`N-sNsU4v-rh04hhOp7GSKR}*l+b+=gG5gbpFGhS5E`x34rE+v>ogWX!T)L$pc!081{OrJp>=wsfAzS2ix&|zsL4NMEPR-(J@s7H}(bBuPClG zL6k_Rc$yfdOw5YRw(H1?2>(cB^a$2-w#pnI&0YLbB9ln5D7D+edh;WB+!Xl*g+vl`6;cA1 ze}X48$rY_if=B=crJ!(EY>bprl{Yjo3*J&K5D&p#l&+DIGMw=5?yiU^4SCETQ7wpO z>Y*x3hKcqu5vF%eu0HpWniyZL=tHZx5~0v2DKw2jQsilhI5(u1D?};V>K|xj;domRMGh{W{(N#g<|IL+ zTwhttf4pUZVpZmxT=hPm_j!;XzS8Z}?1gL?(PHn=iCOkV*mA+haQ3>#;+&;0l}$ST z^u|^?V*L_cR73<_mhR+5PrzIKjr03N=#_jQ?K7EoVj6#d&&A|PtZFgA5tE-QrPTsy z@J9YwFW;wDhbT{qR`i3Uk?CB?a4Zj_R+@|M?spav2^w)Ah<*gMBcH_7#z<^~@CM$X4q~z7O}^p1cAt zM;W<@eZmpm+)HMD(WZ!KZ;~qHVswH$qzE76X55~NRJJgc|6!%3@IP~RbkNQE7XN8l zp`xZ*Vfa3Xs#Z9@PAiECkfJziL0zN zDE=pAQhBnQyTiz$gwk>`%oXk2Qz88P?$WsMQ~K0FqA$E;F<)LpVZQK-OXZP+9N|^D zN_(|M{gkselRmuS5jlgDc=&26f*M-`KzqX+#L5acs;U}ZkuNco=VtHQDu_WHMbW$u zU5K0JhCQK2C7*EFszcUY>xBUFOB%9Pf*=_CvC0~GdINyP#Jkw5(#?2@i&Y8hS!o%) zPiHuy;n|-HoVlxI&?(!Q_2M^20!E~wRpvWBvq7{f3^Sa^7m+}`qT@cNj(Xd?Niel} z=9Ay0FUYLt=xZV3LsXH2gFe+kz;Znj(cN0k;0HQ-VJ;zg+5XX`F5VdV4Y_S0*sxP6 z%TB=lTIYkYcvR4Z8K3VnBR+G5?8t`s)C9hK=9Vh+Yx-yXiNkY9WdxF5a|?>QDnm$R zmnJi5k{*2GbV}F`_N6-7iTqAA%@do?zB9CiFS4+BI#a6`!*-sEwEDsJ)7cd1DQWB7 zk^UrUueAqTJA(UrX!AtqIx3uQdcwZ)4nV-Lb#+FIjFA$}8N45Mj{mgCCHzb&_XFt- zTLjQ9&Da!9e?kvmm#jd};E`-qf#4RMxl?;+hyCQ!>LpY&X}2LtL+Ea|szlb2&GI|A z?`mzKcz)1>Elc^8r_FnTbP>!Dr>D0d{o6Q12^#LrvF&xAXVx7^*XrM6Ty-KeU#A|3 zlJ$9SM zC#Q5P(nhK`e7T#QrS6iuxXBM+>FS2-mvvN*%{7;Y1Jz#f5enAE!REhGt*ujsAIPW88*zA^GL@%~>}G0Km#7RWv$~iBpBc6(@{6(% zfr3#zhS-Y2AI{w`(C{w5b+Y~E3lF&OAsm^_(*<2Zco=cFNB%;_IBq>J&w^W0F+Hsw(pnt0!D%mHCCxpLuWh zQYR${q7a^ZdK4LDV}4>$Er&*Q>C-EckkVv@_PRULBBM;fpbGBnk7#)jB!iZ5SVx1L z&>~By>L}CI8kXsLI2CX?=9u)zuO%f8*Z(=ZUyrJOC6U+{5@gNd@-RzR3aDK>q+bcw z5y?Ef5PL`{3(^Nx)k6Aw=2M0u>WXFql$kxMi131lV_- za)3-^ms$)-#Hk3mhXrgnEoYis^l0s{d)3YU3&byPfg4W&I%9U;&Iwou5Nw_*YeQht-WbMk<$=X#b8_%Y|^kW;(}T71v8P}2c5G!}pH%fOUE}+Vjk~q$)?vd(H?tomkFNc;MeP#lK2lzHRH}a=P0=cULlwRvANwcJ*2r z0|UISwRkN<$aqJx{cte;_iG`+=VE-7cYRH;}1pXO`v6}E<_ zVs6%7^ZbCV%g8kqCCgZhPsyZ+VP5;sH(1z8Ydz;z3|}NZEy}jCBh20q9vutDsI1Lw zxRNT2#|^Wgl!rAH8H-#MA%z4LX3O49#{pYK>tk!rR4CwXE!^dBChfYpUf=r(wn5U} zrLv5+FNLzG#p?fsNMouzLT+sCzP?5+ggJFpa?Pz~%4`11+RyCBEJ8uG{%`O9Ie&!@fVik_XIhi9v;A!VBsb|H1O`l=Dz3N4i7 zeK;)~r(Y#|!$-6Xh2~_MXH#jo(-E`_UJm}{TOeC~zKlw-I*Nam2)$n_LbVq5y5UCJ zjMN|2u-Ny7s^*KwowtBIj>PmvIT_h~=#&K`(=Y|_3rtp09FPnA0sEZyl2Z~r!C88d z>i`H=3%w01QOEUermXOj)s=nwSslN(4*3ey@;&U zcA$td%aI)|M(iaeH+f03+a~s@c#>wNLu&bC2x(V3kGZ1gp|l z^>RgCK$vmVTq~VipRMc#GqWY~AQ@%xiH~zJ}5IW3;fcDQrhI@Z( zyJS2`8I#4@#m34rU;7>Q(vQli(d;=b9eslN0z!qpEzXJ%cv=hwAqT$7$-wl7)CrT= z%=TH31LowR_5o84uE&cMcJ68+Nhv2+Dvf?C z)rkY+<68E1^boa|BKz7barrWqqo)!ippQp%c$kbZWw1MR8AH$Kl+6$3)tK8EI|z3; z58ZA!5UwWXu5m$93=_9jmx!o}z{>+Zdl1iCX{=1^nClUCfKPXNF<%)9uegd=P5W6n za!Ikq(k6=ZQCYtm%A%1Qvfkd%1&C7GtUW*>ZirWb)KT!+LBpYGQ**r`jBpubnm42w z;jwNpg{+vL?mqHnpsRQ(xMPA3$&ERleK)WevB}afH@J*BUT+e{jf8H2ffeEYqT|Ne|2z*TNPD;FO~Tyq5{l{zpB?x$s^zEZ!Tp?2 zGFrrAZ+O5>q`@lVx^h4I^k=_07yVbw^Q~c4&99K?;5c#}CmDw?Uh}NMa$pVIjeR#-VUB-9FI%Yx zKSE{WOOLrmFZ`@R^Q~f7KY9uYjr_fJ8&K8@+ekSS5{0AI;Iw4#7k@gsb1&3OsRxD=|km>5O_EJaj z+KRH>+LNvBR&Aji#jC12Lk;rQsP2H}gXowIjr{cP{RHXkVm4Q#vUPkR{Wlx7@rH{q z*!4%-d4%h3;mdsL6DeW7-z5HNz)mCls`L;Hw{H4}d_VQLWYAvvq*-oN#Nd7}%j&6` zOc&NZ=cBw4FDVXaYA6z1A$`I>sfgVuznEW`ScG1b9{574*{ZVt%&CNv?jUKT_FC@( z&ISAJxm4#hcGjG`^frk&v z^5Yz`yib-yPak1qzOoh4Q!Om3!RZ>CvFddAtSp6fD7X0r$ISNhZNqL*e493^y-PQr zl&ViWvYXZnOJZ=D%cu(bQ%9cYEIpV${S?v#BX0n&AH)zREA>=RcL~ito#UNbU#12 z+#JC;*pIEg34Jr`rD|T~cYR&J(YtC~@B{p03 zb#76rIK#bf28cRyP)+i2su%WeoFAbB$!O~cgx(0Q{$W$I6;QF72vnd z!jfS8`$&#^{YvIpRPIBbb`ZEf_V0F{Kas~u=M9vRo2TFFdk>*70j&)5jc2)#J3?#w zSAwEzc!8;ORoQp5AL9`+-4b9wFS(jpXy%y)F~+1~TD4xHM4~zJ3@49zX+6ptb)tvM zIGV19=(MBfA$tEz_rT&fA=^egAg$2TA&Yufv~S#DI$TSd{~ke`SZnbft@(T?yeAv~Z>G91>xI2vG9PUBTdl<(cv zi#G^4$@mkYl;vzX)Uz#6r1mssN}01W&(pg$c$aEWq6Sz`ji*mbtz-UWuOl_fHXk`L z@|}|yR}tG|dl>TflWY6f`tEY9I1_!{?$KGaaZI8O8Bde=kJB5MNgHLfflJ718Q6C- z7?_%afxKD%y1ag1v>MnaypoFRX;r48OnbdNXR@skEK#8TAw?BTRMAyZ^b(3HpsNAL zU0#y;S4YX*&u(Xi(@xO_8Gu&*FDe4Albz(_oa9zJ`6?&5o0HsPCwrXaD4mr`{$MA! zD}oub-glA}smCPI$-Tl!{*|4(r<44wO7_=Sx4$jglfbe~^kSirE_K~wN5Qamk5e7p z!aK5j#us=1ORo0J1J;s>NGpD1H=eAwbsy`BeCa$6bVW8hk8ijm8=S||^oS_fOWpyl zh`243$4Zw{_!ly()-(qa%PT~TxoneD0WDAbv62yPjLLAMTrYMAi zK#r{vTBaMwBU(l?hgc2koH2eeEj~uXG@#1)jMwVJ7@fI1>@>r1?s3Uy3Km+QJ}*qg zTlzmC$l^^(tN()DNkkwE#vSE4h>Q8&0+ib?#>UsbGp^|V;?rO+-4ootAA{#*KP|T+%pK?QQD99XZBH>QTS_q zG+!(!sM5T}zy+Cak}I*<`EJez72DbxZlMObLyr=@WB9QE!Wze=t6^rm;Ky|}`MJd& z-c!AmUOJf0&`17S<1^UPB$I#RD2mVZWIfZa+U+ipWph*JW--l+!aQPn86 z1#}E`GUZtju`gL{Fk&718e4(YgT2kxwHD0&3-28zJQdw7tW%R#D15oBLo7gbQLA>X zad$(7|20{#?1PIZo4Q+~)c|Z2D(q4;e5LXxrl0ZYG}b7;m&40QGjg_+a8Bs?H=_BE zlK*n0_|NYqrT0(D8>04ahAU*eTv*-R-qs+`(z?C^Y;;A(J3WoO!pJ2D`&nbi$kA5} z;&nw?q(U1RF+%s{!OxXbbh#v>9AF*9v%C=^UeAEysmwsQK}HEWELLL(c@}H0m8vbs zwlDZ_ZHj$?sPH)L62qVc5l*)Nr>`dkE9|8r3&+;wM{%85c+#3q1)Q~E0aVJX(izd* ze2IQ2EA2vA4cG9iB9upsT;n}JeH=E5v<78C(Xb`dAX0p@VTN=y)G$`{*hbC*B?feG zlmootF50GoPZ!fL@XuP%a1;5XW%l>5ZvG*|PShHv(gw>Q9KKCerZbi9H4P%waW6YD z+S^8|T9?bctef`Qz7&AG)h-KM|EHYPR1BB(JV>jr3gXGge!v3|8q7@jNAeUTew_-7 z^fVbooxhb-X6rCO-%Y(p-t23BWzNy?B(y4;=>XiikYYkI2R||;PEKrSZvucqp8h$8 zZ(>OC8mhTea@jPK1MX7mz6o(<^V{i%@*=J`e(V&TOHq3vL?_b1d5IR}WTiK1)Kg)8 zE{$AmH*%}p$f&~_>D9Fn(Tvj@`%+qp4w6O`8I!O{!gU*Ce&Udg$R{T_=Y3b8r$FcF zx4MfH9`g_qV#ISo2~+sz<~n{$w!44^=;QAJcm(~TORNEuQ~;WKe;hz|_Xju~c%n)H z=mlN_pm~xj1wfZy-336?sZ?(qNQTHIOzh!D+}nV?c<%^h^pjxGup_v_6Z7{abq9rD zUzfj6^mX^ivJ-t>m`0R#)idLTm@Tq-%hVZwt|ziPL+19{J*Ez+}a!(zUcyBVjxJdaU8OYi6zdyj2T#n9MG zQr(KVHwz;2&5v>=X=*@Zq&z(vku|~ zMEVptox0v+refB*79r~_9-+4l8tK;ll@4xPEu8^CE)`)xZ@iW+33Aq67N7k|($ib` zr#D{byu6v0_VS3d@&b}7AhNz?+C+_Kt2e_X^jkQ4AvM^1 zx9YI2IxKgditoPfXm20mt@YTYf*l#x<;R)mj=%shC7HWgP&#F)S&`NwIAu;hP@wUL z%=4OSCa2d~8K{UAuLa7F*!GC{zjgdaA`SHZn2nB{S~zjb>kCP;`aR8z0XFu_lbWZ| z?}X)b%TnINEw8^Jo5)x;CGADTYXy$gdZ$*z&)b&te>g2J zy{DgPpJEA=p>kh<J%2I zdPp-bE6~j`=-_vk)rhsU7^2$VukR3@<$H8geuz1eBhI5HDK`hB#in|=yet(d?LEXU_NDf&~{XxiaWfuBW=2f<5I><%h02Ox@B`tZYyGOsE2E^qm zcGsU^xXqe^=sFZ+`wQHnEsL5VD`GNyw2yEPbNI-+)qKlGp0DHM=2--7J^4P9PjXol zZ_&-`b7?~Ew?Lum^Pmsc+{x+|7DL6gx1OnhM8M2ks7y%^)w`>_4X zfl~Qm*~VhlY*JHod;g1JaYB^Dy$zm>Vj=NF937)2u;nmUf(U?Tdg-MI0g@Knh_oQ;H>^cZcrRt1?Q9! zNVTxxLwJQMG#cZ#7PO@a4%)zo)bhg7w2xUm7#(IJ3aH|8B0M$M+6B?mIgthb(;3LK z?J*huPk*#?O1JGUL`tYhw1VcpOq$by@2xM;D)O4E)d}htatQERDXh*aYpfRa7_-(V zlV0aBI13l@@lkwl-HWtXM)5o~0|+%2wbqBvO4W8S*=4+e#}Z078^R}K^`?l#OkwXh zcw2n$xP=52jYDtT$fGr*BHsJx10M6cXh1-g^H15>vft`j>JIYjjh{-Xk(7#FiuYs2 zBEe>R*$v_w*?(4>oOfK2KZ5(zF}G_S!iwsR%0YeSD8*t}JD*ad*6tVhj@(#$G*zMYOO-MJi0V9uq5Fc zWWEB@Hh^?AA*JKJE8!)?j>2-Q8j$}+2eb zO#f-Y&oe8^KF7q23rsaE>nchq0mncY(RgM$nw@ZRxbsO~iqplUHz}F96pjA({vdZJ zHd~OA{1A|eC&z_w{|h_KJ7`b#{Zu>6Su9!c#Ks=?x@_Kd=;;)ie}tW;mlD!Vn=Xb+ z(k8P!P!@GH34U6qUt$yAAuL>mmt`8LAV>_9Tvl&<4^=yx7=x*X?C~Y&?5Xsz$lg@O z>s`rY7ZZq-vMI1xPxs=m0hJ$)c0px_WBE}J*SOg@CQO2{+%4U{Z-iV=E2n}Jyw!we z0Tf@0t)qvNy^8R|N$;9Jp-Ea@eTcVkmp=1z>tx>IE0gMx`=3?Oe@uVRSq|FtL`oAbby|hA^{DuXncvfMlkJAEBCPxv7hjw0X^TUztDD)V$3qq|VZ zW|7F*p$G!hDdTSzO$a;b=6KR?og`~4DRi5SMEr?3i_+W~tR-^H$<4yKNgrFS0_osz zrq0ob^|ecG$hoUJzLCr(bJGm|>5U_q5$oI$aC^}FSaKvT{#l*+?-V)G*MGB&Ax zEvp!+b1uf05|~CsGI{pqc+DcbcWVBH)cnD4r{>hvlIZkr$ZdCes?dg`b^5YI)ej`A zzDcTnAYS#)bz1H>9SrQVD%UcCUvn$M>XG-^z1UXnK*itx{M-L`*eVF06a-{+;N63Th*hqBq_JnX>*k z45%?3u}F|ah&kaRD`6sAjl%tb{?5h{v(BYyl`VQhRrQzNvh_Y~^ma6#5vF!TGrewh zx5_*s+2tB#1ch$(Y9rq<3g5Xj-1~G{B!vg@|LxT(KOqN(0^bR>`S&Ya*V7zPvb++c zvhWkcp<3e+eRVQyzO-RQ?a0? z-yF0*wn|jLE2yGylQfd!&lAVrxx@$a4z0+~Yo=1vVLUs%CRKVd8}H>s;3I?xU#;H4 zPXkYItWN9*NmE}Pi_R=pAfh%+S>10u3OS+bJa1VW;3m?`?EE5o5>`93GU*w38r|wb zQD6R#Ls1jJQzpXLNh>ey;a|;Q(u4bYO|LZ6_Rgk=D0R-e!-Enk2iEfkr5n92cIC3!H&T1l`Te@ zNxRNq)>icXVvFme8BP}!`^G-85A1nDuc)wBNE4l3?CjX z!&=GkTQW>uwDu5w#rQnNufsomNE^r}kI!26)C>6@&BsgrA$*_3M|_is-pVRI>-lWv zvzyOo^54j3J|7__aUQo)`cq0bn}i#%MqOa@xaSHNlhsz9MWQPqVrVPRb8*DucM%`N z4-S|T)XiqNZgLuM)|mfX5%J-;F-<^^vza58i(wvvt2)CRC!d`7K{mrW_d=Pot=8#$ zs|j(o%@n81NFr0Wh#ME#TZDg>iuLS0S6BA)YX z`ifb*QFegdw;6?)i6lpK(9kN?h%%iKsgrQRhs>_6sl0DW41rC&u>4_Ku^HaO{nKXr zmc!mrV+g1@3dT;I-Vep1coYD3$EVj3HGmiZoQrIhO7T2bj+1lukMKLf#aI(xfZJbd zX6a>P2+mYn;Llc$X1}&JzQ|QjzFt@3?$($CKI-ZcQ<*hYzb76SFxTB_<&cXGCqy<^ zErgrgQd^ngqW@xR|6h<1aIV>RYD!oG>0s-W3<3iLauXcT*%Y_dsq9dJyrVhbREFNc z9W#{QJLI(0MT$dOAvC}T9jp1Ksbr>r#*^Ky;6%v&~w zg*8#GtrsH!SX$f5iA`PrmQ;n|r^23Ps3r&?5cqh**OxXc?S$^6$PLCYzz9*CUrdw1 zIm=vulMKH4PQkVG@L5-@tBB|LY8G8WtFr*)4mdqbJZE2Sw%3{QJ# ze1{H;lx21lw$C|!?#l9!nhP6<@g1B&+9k#B8!OW5aj z`pSi|SdZFgFg&GjcBXXrh5{6hBq&*?QMRr|iy~WGJL4Fgi1Mt&UZe#s(#tB#XBQK- zJ6zSC9ICER!OBykor!7G@I6;?x%C$SOx@vYfm5I^LDK5DhCM)>I*8}-2E$mfy25*_K?O( zN}^WuUe?&Aq!y5~)RGxwT0eNsUS{K|*H=AflgJH~#~i?qb z`D#9i(JIb1(O?F(+p{CJUctPwc+C)f0`x;D6FI>1f9a4^AVn*j4y~5#@eX;V9;ZW7 z@TM|+rc%ux@Bv@V6X=X}C|~f|v&mPzFLDC8D?&B-k$&=EPR_3~zlq3A5%4Y08m{kz zu2tp%LED?8H`LuLhQ#I=C|6}cL=i{c3Y=^g z_#b`;Yox#;o)QIwIn>{j644RdCFR1>!LsJiV~)P@0Wb)h=*kN1!F=kW?l6jiKaOzE z##TGVbyB3MzbT#;qn5IUlRgAak@f?FoVEkU=x>&j!&}%EU8SpQoah@Uxug9hNz3rQ zQaOn3NLTn|DL1*|Sl3rQH2N@;_2U(+yiH4>QEhF|n^@!l{!L!=F>CDSJ}0tfPv;}= zg+|He=koslO)sb3B0l5z+{|Y+pC9=2b3XC5CW0rE`Ap#>WrXJx9hMLIa5od{#mAu} zoKBs4FZ22W*!7Rc!XFvTRnvCLi0lNh$WNZ;^THm!f_*J*4*mjImQa?5Yk zIdCB$mxQ(KWA?)PINr*RHCjJMQrKqIK8gP$m9-`h)Wz8h5M8o%!R`a@eK1 zb2neI`ErLvZIV@K6~iGoeBgCV&>M-j&&bIn-lC#6JD-l>Ly;TxKHIb-{ zfhZxvh}qR&u1UcCG&*PZ#yI1r!>;%fB6BQk;{M)GAr}*89|0o$<(Hg{Qy5A|eEXqN z%sxbKvlG3YO`Fyv_U`z-*taAoK@P`0?x7Lvh~FqZlrH|EfL(e%*Nn;wsdo83-JH|E z^&94({lmJuY)uUjTSsLf;ABQxzlO&e@V6=u@(lsT_ovwl^>RVTcdPq{dI?+9yP|A= zP3D}Q*zZJ#7}f7aPb6HP81rEG6`H+spJ5K$X<*)4_F?V!Qn$~%paT~Gz1l{p<$-lL z%3ocSGmL6Yz|5k(8gE}l*##>JPz!ni)!lNoFxMn4k$4Y8d_;FNeASv>wyS1@58v!Y z^@oJ2>+r_bO44aa0y{YRUx4EMN?+MJ{{RC&fkw#pA=A(sSg!Pzy&H&Dn3^1NZCq1f zV3O@PkP}u10j_K?AoMU_RJ zTPH@YcIa(r;KWE@@IgpX@y3af4Ch(El#OS&8XWsgjI@#(AE~_Q6S@dnxvbcRiIHbh zUL{uO2}bq#9I9)MQ7aWnWzByIzp?NZ47BS46_u8_N_`mtFBnjstbxlDOQ1XW%Znt^ ze=avtN&qGbI+1PM+9!W1B$hs=hcb!I%`ly727BrUGWExlT~w0|-DTP_BTsKn&Z3>? zc=8-e9*){}9LiCqw5`P|hsaX2 z`oEIUmFo8DN_2AqJ3v6#t>LRW#aE0(p5KG0Hbg<(6mdH`Dn~2GICdVs0s4;0kOx!NpR)8I;|EFJY_rns0yAsjpEpsNz08xAD1=&jdbW`51i4`INQ=g{PB0o7i6q z!>P8Oqs-$Z@$%)r0Y4MP8}&xfWHc}eH(OgG-HKY#jq~+bDp^+iHGbp-}Sz? zy)lo<#p2I+?_0B@0@Gmar9EOBRlITmsMJPWrAFqIwUlENr%bIZT$zbZk@{SzhsJQL zg3g}*JdPo9LJFm$od_95%nUJTv;H(hR;H+;1t8&LU?WF}Qh3=rQ{J^2cqa#;B&tr8 z+=-vI{##r&Z(9$s6b|Wa_4#r5$fZPq>`A2t3gB|)&gCSzcb8GNMw|CBWAxzFa*zjy zpLya0H(w8X++~}l5V~_1!SOn6ntX}@O|Ak$*0m=qLV~6_zea_7UxHsnubG~IX?Pfs zmM{1Z6%tPE_jrfpq9I>-MC1_bjaB3ucH2lrIbX(zocOGSq&pcvl>J=+@us$9zID8(tnE2MB3)aD@87W zv>Tl?DR-azD~)F9F&ori_Rr``DE>kD>^p>6bqA`JdhANk)@_q2ZuFT$1uy{LpPw%? zvj_Ra)NDx`BoWN^F;{FY`9}3R#BlAtkOT_%UsNSNe7!Wjm|jILF8?9wy`GYDJQg%L>?Svr3_T2B&@~PBkIzfHo4P zi>&YR08cDfN6T!mrOFw`s8S(e!To)wAR|TS1g^!=Y)Y{aN(+t4Lyamt`#jVshwWpo z_fgt~h~|{oI&&QIhP3Dy>J%~nKaE~R3YHt8p*FAjgajWy{lCu)&kJ;&J zrwf-9C(>)|bhQzNOD;^LPqx$5J{c|~DD{-h(M-{u5fN~> zWcx@5vCwR?p2fJ1v~S{Ra`FE#X~MjZk8i}#W9YltV%)j%7MoxaLz6YOi470mC3Z5; zGH>CMXXABMm@7RdR??f}Ad8ezbNq+m3wCQ~aBjH^=nFy=Z&aS5Cr18?pva+e;o)f` z`nZ~p;pl96huI9&;1+^FW4`fs`3etT$(OR6w+hHW`YvMK^L4=f3i5hQ#tif>>Y)U2x^d zHNx-@boORCO-K2+d@KJ1x}o0mCpAGi>-?Da^y)4x`U?` zNnYwC_aIpbm+h{$SPwZbcG7)&U^0Mbom63*jhLq$5Y=1&SVDI{i4-tA{N;-QbI9}f z0$&EG@u41DQ`Gz7xd;BkB%)`#2dRRuY}@SZQQWHnNHY4|ljiHemj0eH%jvK7>nC6~ zLK7dU-=b#fgArZubtoOR7WQDZwg9?QXm7!l8H5NnBm@q*8BU$f_HWzw%-Lq0&T6Y0K7xL@1D6rD>xbcVBe}vy zBi$BN$LF)u3eO}T$g|DzP|RGFvckPi#yT=0{9wNxyi}@6F77ep5VCtcIqYObLzFHO z$)oKSmJkA3wXmB7V8cUYlUo=mokzAc84JlJ&L$9yyyjkzQO{4-Qg7>Xh~JtFzq}R5 zOFZe~E#ioA@(gjrxXM$%CveJ|jLS(E^3z>O&rXZ!d$(4YfyW`7%5l}$VO`*A3a0d+*UVl?;*|oL_+ypX zi*{GD=e>y4d122ka9!wRX(!8?j0?#DJTKr&!Sms4foHy?qBT4+>>JS|lyTrfh0g=} zkqm4H^qk(yHMLN-IH<8WzibD!vwtKPennfz(K-#GMaEVVVi!BsnOYFYaY^XZu{Q~AU+k#le?`F={zwv5}Ul_7As zd-ehz*)>9Z8KLa=S&iI4vuk8*R*&3sXFS9^b`3U-08g@K_}t(7%Jxp{CHp)+Igu(L zylf55d7Q$-OQk9^+ob%OjN|#?@}CUaymPUGHi!aklD%2xpdkY&o1d}0E&L*Gml7T6>7S0ZX)nN3?Zd3V~8iiAiCl1a83$Yx*IsTVEQQ0GM@FSt#7L>(oN zC?Bv+cHW%zf4F-Wz^JOLUpzxHBnV-GfJWpI6p)AyD56A+FlGj3U`C>dVkOl!Vo|Fi z&PY@qfk`BX!vU;CvA$^4ma46MJ}^dz39ke}jY1Vgd5Gd3M-dQ10L}b=zrD|yM-phg zU%z|r|I(T{XP>p#Ui-E7T5GSpHojmZoW#TL6Pq{on}&5xfhAxd474L;^*oxv6)LwL zYeT$XvFk!r=+|flPw`TMNP33#0fLC5iY=1>zS0DzTbXJCQeJ1K%J9;t^T|pe2#*zeR)l@IwJjfXGN!exJ^*8;!}d#Xcm)Q;8;8Z zOkLcyltjp>$U--YE6!I`Uqq_a2Q*=gY&Frzq~`RbkIUtXD!wzj>lo^#7cB$-w~x5voa;>D zwoBZKw{!!!u^DsgJsp)-#yz*u+qf}UjMeHCV(15g)s3Y$a;%BU;A z3QP;TZeK1D;2k2Wd2ok^e?7))gJC8nhd57DoAflyqI@P-F9FS9AmZ;tMKkO7NI-?= zf^Oz{1jS-f*3;6=sj-dlua{qh_so=0DJlI^4y2^yr`!ZL(zAGKx-umL`5mt9LmK7A z03A%$Ft=Dx0o&S;FDfZ4L1Jhi#<|D&=3K+S2x1oj1-Mm8c#AinOdj-=CICt{x;%f4 zcv%uxHmJgB7KW|M1@(uV;HQ9c;gr=EkXYQd!@x9qt!L1aL?Vlv^LvYshacp@ElEH% z3l{AMqd#=}jUp~B;P5Zc*|UKY1P1X#GXXJ4mIDHI2V~DNvukj8FkTzQD!&Ob zc^v;Nw3rJCvc;UMIZop3<|ums?`WB78wN*JDZVQ6!Vb{M+^3;Cei(*uXmw&I%2%gX z5D3y3whO6LI1a{=1HY*z0w&&uL?|U}XIV|Abw=ah=#^~MD%Kr|w2ABk?2sMkU+;Ey z`rUYq)6 zsVZe}Jmp%X;A|_-nkzSj*vVES|L=ejHq=m+=P0`a92aFe%5G7tR}5si6nGCfLRTX# zUi3>h<1O#N^yi^BN1ijaQEZ3n`OlL9K|jtCuj9ljR`8`r;6IPn>k&Lk!A5HGYTpC4 zI^8}?W~vEZF1{#0CTPmw8vR-IujRXavH}P|?ds*hGcIAn$B8IGENNs8`=x}Sfgo`^ zCBC;mfbcJzBahz5%hewOVsiv#@>>VsiVQ_{P=|fLuXTK)(8ruABf zALSmPcG#?TWmAZLY(I2xN7zf?Sy~fl7lk1(e{l@$6AJD9CR&s*!+bQUzjgxR`+$1E zh(*MJtxeN*sX?r3q?8%O9%zCy0`?iHhzm0#PZKj^Z_oh4NDX!{Wlr*UVF{|y-PV)Z zh=>*Y8#6byJ*CA5Hq(T1<(67v;bxiVCFIIsnJ395WK28>qmLR$;8fHow!^6BhhKxc z>D`Ea$8YU;o@m&INE!kG59$HlGFI`eD107XrGgUMMuCitxgXoJ#sFKmSItwb31E{D z;cy9%dpZ8Yr9kc$p^R>ko{8{JtYMdLl<{F~qGt%M6Kl}1Fhe!{)-nHL@F+0P-yorC zD&R0D#bXF1!?AQ=o}5&29W-sX;zgwK_^~{A%;OTFb?v|&Z$f??qJ@sKqm+wM;1b0C zV4|3UcRj`Md=@&IN-xwjG8k-y><8>i5;nLa(jn9|+)+-!k!M>LJ%We2a$Y1&(h*a? z5RV(BhnCGbSEgbIYi7HZ(TegL@d?V1w|Jw^c+pNLt~XGnlw4RGK2`-$bGid$m)G2P zn)q-I$q6-`9rzry1U{3&1YEWQIC>4MO|X*Q1iCB_0u!-G9TJGxFu$HF7u>P|pbtS8 zP7@U|Y}<)#YnaQa%O-Gq8|PYs>l~{j(OhT`;S0n;R?25PB=;!|x~yYueV-eKOFjHj z{Jq!qVeWQFl#=#Fu^&wYrw(bPdI>1z^cG!Xh05l<*(@Y)dvIgqOsDNL^WBvvTv`MR zEfEKw<2L$d?%eOp+JOLa>op{S%d8)Ivn%!QBoAHS(u5}4-?6wHDUpt9$nYrSw;)V> zF&iU8xBs-;S~eOGpBHhr5XlBjld!@frV;X^Eh6<|4l>CBe(eP90J>~QqqbI@0uL%4 zw4L2WFd!rv4xZ1vhLZaMvAJ2zflw5##(-)$MJhOeb^COa6wD0K2@Rx`{|L;eU<%5w zUJ0tid$YJG((}Wxzw#ObgIu;9w;H#jj5iWlKqZ^G;ynQSjLUX-Yrjgn(s(tW7+gGK z-iRxN<>1c5tJn>6;b#C#CV&1|y(~WifF8r(4}|JGTQEbvyU97?;sCubJacO)n|bm+ znf`@Gdy;WA{l!1Hv~cO3K9v1aJX`mAYxmo^?WvVF;j{CttaIe(7p#f)B*Uya=l(>q zoTpAkLPahp)oZrn!;CqSA(YqP8F8W*))PO=)z1?3Q>uQZsh^wFPa%G;=keNTS^g+&M&4$B{%FbG(pO z#-9(N!Wg#cl}-@aqTb?9Jw~9{%Bma?ocoEm4Iv2B;dX>y{>o|lROUkf?8^~L1E%v^4{sBhe)rsD zYVKfLT>Cvnly3hW$gmpsCO#)L?kK*io=a@pm`-9X1l%S6-ifW^Z#k*dF|704aBism zDw|fr_P!2q#bbBvKc_8>7=H9aNQ#hT;XEn2r!90jo&*A0q7#o{SwrD>1G*@BQ-(#h zG@}+`3jUB#nIL%kxzfD^h$^u43l?R@i`s&RMBpKXy zU}KqH2xwcNx40&X{#8gkb!F=a!hdGIWp!mCLh_$#{g@5kWEs%Jr=c7%8QLyFl

n zybr@13UCFwS&qq_Vlz_Ew5JW=*4vS2;c&C%%DD#x(fXxxFb^gHPgN&qv%>Wwz?D*l zIGsU>w1Oz=WNjribv3)mNfHRGD=T0d$giQAc0uaP&*F-BIW|Wz28V9{gY`b#leayf zJnhq=_tTpSLJ_MXWf{6+eZ%D-f_WeL+^nofN0C6pulITC)*Zkr!s@x9&l{ z^IuHZQg$y~XCPfi+(R~<&~*ei54qusg`=o`+Xip-uAZ7hn|#QHe7Y0bI+Q){ozut6lgT>Fz{GOaMD| zgJU|cHrO4aoKK_bmlz%f=j9L%kUqWIT5~q|x^T|qVvnp5S1>ybsh2&;W@JsYc2L|6`@URN7v0@ZM@nTi;Nn*H z89R&_e}&3myB=G<>{4K0?`iGB3=jfpa7#5F(5q$!)vFSSz3RYtMX$<_M33H+-}oGE z$1XJNFM|fFknhm=bzD$XuwafZnA;Hr-Rx0po1!-nejPiu&^G~15U++Ly5}HHy9p>g zbUK;e#jRvus7z|q1^lBgC;3E!ilD}+=Y2BEjj^N1+(Tnt6<#7+(YjNQh2z_mCe0&L-jHma_%=!!jV# zpOmP96PFwxje&o97SXQBLU|VWMhRZ7NT|Uft0g{%yM_mp47qdRceuBJHjh!xTsSI^ zaGCJ$GrB(kT(ntI=b<@q77)?he%EwquJneQ?b9zu5PW~$k>JIC+jrnu7$Z?LO7eH& zX$iN%Yozs|kD%R~x8dIQ8&fU?XOOontV2Y7-Tu}Gaj}&aayEOS#5#VOl2~QrY8sKo z{}7F;K$ΠnDg4Nsk;jD&VqX3=+7Jjmn_fC^>>@mZL8!^LABv!CK>aclP=B@_vNd zh_vnf(JyA^bQJujSZ17v+N=7^BC0(0P1?@j^#~SKv<@@o2ab727u=8ObteS~hkIug zH}Pm+xCevLa*R~;iyKfjN*fA{FcL*`m|u)miM`Fln+BR#QO`l@Qz|}Tfs%_Wq>jM^ zz?ym!85le{jWs+)&ql*}nT;a!?cr#|F0%0>zW!boxVASCD6nXu2ff3rR-4ZKhKni; zB-AgtH1GTdIajKj70gMwjkySCnKI=O9IkO!V!YH~ynyljiVV?O&U$kek@1~&L^3}4 z5rcw^Pk!Swr0lfd2CSi6ufpFn9)`1#X+9JeC<@wx0#v$?m6r3G(WAgwphF!Yz0xc@ z%2)gh8QEBU^p{K$f@)D+-o?NterB#5GIiR8b3X}2~l z1Di+BzQ?HnD={zbrl5i&bn@cv(HV84(*~oYy7t(Yu`a2y2P8Z%3rM=SJM)gX)n0Ae z%X=MufQ8!__WRxtj;;cds<9M~&Y?t3L)CU9d9bc;gpF&5_K9N=w=)obxDY?E+CWFv zCa%YcAoRr1fjDQ5%N0}IywcdI`BNg$jB#KGSND1~KYVm^xRfJ++*jh6JE^{|bJ>nV zjLh3S`+Vb`?r&U&l70FtI7ee=i(8@Wv?{no>08 z*e9HRxTj2958oDN-iJAp+K-OjxID3xT>S<3pAJ#cy%d;=hZsO zI7pmtfx$zjZfJBpoP{utf5%%L9`R#I+MYVsI<~hZFrQe^j~h#)E(0uvg=15AX~}keoHcT#^5Om{~q}gSPZ?D|GpnNb$j_4s2il2XcW^!a+?C^*?oy5ZWCAl zBy{{5C#l>;^J4l3l%DGni~`Du<#RCrK-l?8;yG&6vDk}Mv7J$@l;C2;x}oYn-y^BY zkIQ0@iEVq?II`H0tS=mz;ueD^O`w+mgcVh)F|D;^L||m;mEX!rFUfAJ(&r_Y{-Rmw zYvZM-HK^ijbVfFBSvm!BiKKOJRzQwdS$N<@r=CQ?%*gDC+|`_Ea$f6tya?=Ut}=cIeuJXdB0x@1%PzmZMd z|8%RV3kPz5;W!@Yyb6PCb#~GqI}G$3Wc&8Sdi&4swH#y&5kR0?0_pa;(@5#8?a@L6 z3~B<)jGqa&hPymhB;JZhY90l=8g>>nyGhLijJ*p;O?}8lh zLlrf7ikjV^<^&@VXP;#phGubrBB(vGVD4Ge2vB1=mUMsO^dyS1QJC1YJJvWeB!gKO z%HIPS!WKLqe4&Bz4ERD{;X}(|iR7J)`Bg|2OW#I9o&9+{n~Wl#=;MPUhv;u3dfh&) zyKGj0ipW7lx#C6;FebMX=JS3ELz6o`F zSCWC$gCNxPwIbUyq`o$6X%|CkJykar+?V;~us?ic`UTg1odzH8uG9|U3w-<9Ok_~2 zo1Q+Xy(x{}$q9CQO{RJ+3Xj0MTrTha8rJKX8;(WAIqjRHV(V)B@jiyie*{%m%*APD zv8c8kHbR5=aOGvGDWU>)Kr!^{G%N`4z7vD?9fw29i}?D3z@H=7rxzbSgs)$|4dBNc z@$|yyNJ~A0ukWn4BZ%*DJUx8@p5DcuqVQ&{5Z3s#d=!Us-&K392K-T}a^p6}R5^;T zq4rT)Zj5RCe&ujJaXKAJUF}C1Gyh()uV)O&13|~jN zeCJ8a^WI1{OIL`UeON9o62oJMwSG(nreo+k-8REr)5Y)unWJodxG<7k*=%3 zLCtH*6hz$}dr4=hdP|E)KoRARvi^A`i zD!yDvFo{a!>9A&T)eWq@jPygv3>v~p7X+)@kk53j{#YFIvT26Bw3iV907buz{QD%u zCE$ZN&Z>44sBOecyumC{nFZpvv(=1N<^WG6C(>X^AmRv2;+sMw1$pb#k{gO7Pc6am zv{_k@q>FeTFftrvLO`Eu(?Z9tnu%jO`PYL5p=ocxPxW$O6Jg9E0w4~$ulN{3Rk-uM zo1N`7X0}I&fq%09a?o0C+XdkUfTM5y>YIVPiXj#QfGq6C-?UHh+kSNC{zP0DL>@g@ zFDS|();s>f=*n9XY`4@EL{CY9^GR_N0l9+;|D}|aQiMUAerY6MF2Vam07>5BE7QET zEzaC`Jj*twrJl0Ug`@7;r~7vLl!XWl<&t@9qC-Kmr(!7LM0q&He3 z;P4u=t=e1-O5NH81aWD@TS&m1FcZo@m>tBSb#$X)zYPow7gAh_nDB3VYd_CI1p3*N z9jkiR?#*y^_yk{mWpj1F)@Zn0!Gcb@xSaq?dc3+0K!yy-pN&8O??PK=# z!0poB2hR%a;k%8wY|?Qm3V030rwT!(7~ z(+1~rr`%EYUrZ}Ko*%TMh{$PfIIVWUh25LG&OJ`FDu@iOxNYZH{Gb9o-%+OFDOBGz zpAZ2@=-9|PcX*1|M%TJ3CZ}hFj*SX>-P*fVqwp0ok2iJb!Ae2f#gGr6I9A9ryxKt* z9Ab6QzmV@v+j>j{Tt9Eyh{l1%7d1H@HGvt(o%fStA(m-u07lSsUql|jg*gq8ARdv@ zLGA%E1*6l`xHc7?E~^Y};p)gp5aQCN)LTS6fTBo*0x1EV2VDr7;B@Iz>fO0pKm|*m zRRghvcFRm0N?D4Q-{km1O-4Nib%R@*lA@jNf*mxp9wF6Z+Y!t}B$1sYg>R~e$h&+u zpV!8googm6=p5-;db9%&mmbY={9zra&&t>y=oEc>!Id^lva(J0?M9n4{JdSer&EW`wUI1bEmOO@eTQ1NW7UVw4$z#NuBhml>sL#EdsV+LNke z22O-nmLfJjiAlqd3J@f5bUc-%b(hBE!I(dYaWf(#=m_IJIR*g>Tt+av$cIYKGkU)y zzgiV-M*V}of)0^R>bb~Nm*P*AoWPZ<@EGRFc%MF$h|Bp6z@KzU0@ji0tmMiT&XFZw zF2cQ~Lco&7IQ5HJSVSht4XO4Fs}Q*un3g1CQpMH+lNh*{_Ti{l2pYrhvfR1?nx|0Z zRJd0L#Rw1^_B zb^=ILNEsbLO@Zl3;K*SU4S=bo8Y3xM)dZL~IDBCJ_aaQ-g>QkCH8lr#e?fs7PqL6p z*!HGfR0=84o3c^0*Rqlt$q7Wx%H8-Y{17@(O6x&}Gs^?v=_h+!Mqd(LnM;M_|2-a& zC8iHrs`^K2On?Z40(Q>CUVZ+hC>rv~W%#MiMvn;ZcB%`c5+(sCF+eHzrcwj#abVo3 zIdE=#IIU9M0TO**-VT8$aqZ)>z1hB=;%QSw3OwRlldUvUH2`n&gi3JnNRJqb3xNV- ztb;0^`>6`>64`Y_;6Z`owdcZT3MHY$6a{_;p{!CD&=;Ove6>{HR6p6pw$&ugigk4J zPt80v#y-{x*w>h(@Si|%9c21hO4gs7xL-iQ;qS9xO>hA~ zRMpV~@tcF+9Q-0&FM?9RH2}X^qzFNyyxNuc57Gr&5-}3m>m?lXzvARO2iNdqM_d?= z1Cj|Ez=2iClNsULFxW9K>;R~8lfr4AQDv!PR^qr-p+w{Z41$k1CnrpT-8Dv>>W|K% ze--zuKqjUWb}YGd0QoA`NnPW)i zIsjO_&@w!GeA;G28=wF~8C`}({Rz%bKJ0}#9l2w2_$Ld0(&g?PX=g|S{9+!^&E;vh zVu8e5Zl1w^6c&rq}c_=Wdyow^*nKXLG?j8yu1BO~=KsC{shM}Wa5$Tg~KECD5H)v;O{ zK^-8GZc$s9SXd$G1Q2KSXf)VCAD0#Bg!rU(DUWL7;I#BW2H7->>sXl3ny1N#uG|E1 z>i!fgOI^bByBdOh!*2t>Cd9e8@w(p6u(UtoHl=B-ViqiD2(f}mjMZWqA|d*&4la$NCeGB zxS-RxcFBcmm{SkR>G&s^#`}SS5Fj#7NyegyV|j}%pRhv_28g_4F5uBr5gh0%D8W~hCeTP3+PJBnQ1LWd<&AbWTMEPSV(jMMiqfzG{0=|W+ga$C4-Q8g3#QqE7Zb$| zSWNn-r#Nr~yB&mW#Aq@yF9xiV0Aw3Jk6g~mPw_Xbwi0)V{>Zf=%Tdnto>;nDSVB#9 z$NXJPH8P!~%8E`}SHK}GfiHZRt7n&)q;7KuN!@v*?f|}vzr9a4oO>j@k+a4IXzXU7 zn;EWs?*txGxgDH+m-q^W$}iG+b`!o}I|wZpY>%eO!9f_Vaa5a7I#QH7YhT z^9{%xS#P!mc&ej}yB?^qtWr0tN~~;nAikV${`VeuUcLF>he(S{2B;I~4UCEEgaG#S zc10VI0)y>6C0L^{yrKvR1F+(0gT!Um@yCB+tqesCT(doz1t(wn7b*su{vvHh8F2&bRlfSAtcQe1j zn37qY{8jc#<*oQC`hU!oQi;i-Iaw)z_C?|LKwT7m8-uLnT97Su=6cJ?;zzIEvtMJu zsTi*n$U~KQ(NlN;qiOIL2l{mb9|^+4cXdCOs2nhGS01bhO?_t$z#ts}x@eriG0P#)8wG9WUek@(f6V>fm3MrcG4rC~vvFY%mdK4_@Kv<;%SUtk(~pz1-(lAizA_`}6Dk#RDzHyAq>yNNaQ zkrMBqml)B*Yh2S0_h#|@0}Or9LL!y72|9Ck`9P>I6%HCUxP?nh@Uzs0xQuC0ci(1r z?vdI3B#Jmya6MToaRjcD<{jH`v!bWLWYurDx46!0tHJ4iR&pFDaN`n>ZgM@33~W_7 z97<9qqR40Qc96nP;tXn|C)azmcVIX~NHW-1;T76A>eQ^@Y+mfL2&YU_oQ-4d#x5s$ z6gDbqFr{Trq3fpiM%UeLXV+~-&kbphp4)_;6QkcD*Zl;X)ERoK6dBRy3-Q-$yw33< z&4vunT?9$u6LI%=N;r78ePTx8j@;@khHn~hpz2@C7AonZr79K@UJDdTi$vE!`9Ba| z8B0NtGF-394D3EF?ACT;(M@QC@c9rYP!w`ul%W*V{Xs?WU(Y zLvwI7U#7Eeekn8HUj&?h5j`f>=i+8anT%Sec<0v1+7+XMG?)OjSb8PAZlydVz0yum z8U6LP3?V4 zFwdn9cVgH_v8@nYE8g?7w^BU@f-jN%H$$>P3F`1g;9R#hAaV&B53@S65Je~kKL=&X z2!hVar&!kO+sNR*ji6P@WN@O14agHHQdGC3BXt@~d5Ei;dl{2XX5mzlEil~K=;{ZW z{rV)>hC;{NP0!=yHR!YZLBp1I77bHK!yPQFl3P>}=a3z2BRQE>8Q*z*o`G@xD@2xE!c3Q_|5e z)g6hU=i7&)2%`X#&%!hg9!PrLypQL=5~*!;4qtc?(}I(tYoqmfZ_oUOb;kV5t#>Tq zIY``Wq+)0|7j*0AtT^2pMI<B50f0WQb;Wd_k>>s-=W(Vg;$#& zrC%zPP5C8RjGxD25iv1-6Qn6qjMolvUBvzIuvPVth2>p0HQ<7cE<3abwwX*Rccz3LUa)ZA#$CSjNT#6!=Amh@WCbkak$nqcas#u`okO&g{POp zh3JlBrm5OtxAp+`^>~k3j;}9rhmEx-glh|f2ggiY}1rB#Mj_Q&Y_?0}&LW(h| z4?5xg1$p1=H8(?y%n*>P$@~oPnPUHwC`<|#Qz-RiZ4$eQ6)j6eVJic?cs{JP50#y{{d@ipA)5z>~~);UAWrMh+!U-a9q8 zDjwUqQks`#=85I~YiJYfIa0Xk-UC9VcpmKhdR*}pn`q!F!iGe)%0y$gP-=L1BfZNOsWuCSDt{Xfa?o%o$BQGBufFioqDvXK}J zJ{&M5H`Cp)LzPcek1$7-Ps1Zl9Axtc^JsY(_E_zJw|G6id5|cTM{}E0o_1v)AV!-c zUwj8}ig%0;fDkrikU&jjfz$Pg3xN^7eM`hka9SW37g41{@ysT$i>2n52k-^jtd%)i z2IZBY`^DWR%ylX^F(P8-Lh+!PJ`(AnS*7i!7puuCSN3?FELsapT6tBkqRnSaft6*S z$TATfMYG8=_euN%%;eA6A<;V5h*_o6pBaJ;7LRH#uXZ3X7CVZ%Y!}o>HR~ESDI#7W z*hiV}Ux>)o0T)#q1}#}q;Xs5tm~C)0p(eUHxXYtSaO?)1Gh~NPR}Gzn(8Lt!Y=W9V z&=%T9`bFQ3){Jm3#EB?uC1h%~3w)VNDiBtBEsFRc)NBjxguJdv!r(%v1uL`z9kx5l zhl6P&@(V|VOP`t{&%9#va}bCsxH-_EBt5LfQ}CCSM{MnfpNo(DZt}6hVWD0#W#1kJ!0b{HRdJI7JTW0BLye~jQZ z(P2p{$Oudf&DxeS=MHBS!9RA13sJ5!Z-ZlD01YWAMbLC3^C@6RDEc{B^wsz)w!X~; z5qvdSq(h$DlJl&Pd47q%5k#iV^d*1&tNcpgE%Kt`_4aG;?_}EWJcj*Gi7($IzFhJ^ z0@%F7mv`bX`j`?=U1=%M^B)9&5_7+5;!Q`?rCw@%h;=61EIjhgn5|yzm{%VQ{eNyL zv!cbic|&Ul`nZ4|@@oyzhVU_bU5_dNSF74onCfCk$Zm+IA_|4d(aS)_ZLm z{dwQb*yPiTpr^T4dTr}`da%YfD7XTaT3mp-(Wg(Wqf=kCh#}207VKjf9zRC|q7nTo#I9S8L}M*jYOzcGFiisZ$-_oI*#HELqRz>J_82FjV)Ft47l zVX)^R8)o#+ZJ7JahB=IDb}(zuA~XfYTEsQ`!Dp5WL9Zg+n8<0mD%*(J51r`sbXX0`UwiWok64$?aYrjpUQwWsmW@l(0+-VMm z4yHSvsn4#d*_~eD{s%fRV7WnK$XF^mTaI&tR8OG9jn9% z*#M7`N##VH3jC3KtyAb7ja4JI5|8paT)VI`^dm>C=L1<{18>2>7=qv=*)TQ^cxAMl z6|feIto)-`K6m2QY2wS>juXVV?Q)$r7wh%9;99Huvroc8Vjc8_) z9X$pO>Wc9$?oCKa#hsS0wLr=eKjvChp1YoSOvhUI=4O$xsvWnF0HiWR#lS&FqjD3G z#^YxA%tUIEmNSgw*kJiTF`FOl{+}Hrt!DGZDBxcXlK;WkeAU_iZ_MU~e*f8yYBihh zLIEf3D1>8_$2#KTm#3I}NAlWMaLM`^10ZQ^_vA7@W|9~t!u^j%eW}6iQV9FfDkb?C z3#N4MyAvkvt%)zMCcZ=yU&c;P$g?!@Wq0DsphO07Z{kaB;>)v%sE;HfI1~emui1!G zQA!mb|1kAw$vtotR4=%C$4Qp2y^vCi5tW%xj|g0^6S6FhI3gz z7C~k7bgq$dE&f_LpFkh&jBhcOfcsw_>61&X!~>5z`L9OCWDuoT`j&W&vVPJO4sA28 zLb>uGc|djQ+vG7W!*Wky)|Ey1i+a-tK2*XFRtjXM?nJ#w(gNXS;tJ4%<#P!nuw{i& zM9cl>-%xEFqlrn*|5}0i$4OYFZk>keBHy!TqTG$txJ3?< zpv+>sNUF2(BNmA=avRM39d^@6W#s>!O6$b|U^JENq0l!OK0{MI4k3;jE;?uh`{>K- zWgq4Ij6V9)N&Dy*RB{sv_Z!#YzUUh#fooVqK*B5JNt#>DvaQZKq4d!9^0@wgPYbqe zIkVxWP5s$}`}vbLTy8?caZ+MnPcq9!gE_A&6hHk|75OjQ>x9zQ&^EMVY>;?D;Zhg0 zWS=pQgGBV47+03JS*5j7mSajwYXuwN8z~oni};BteGJG zJV{NQ0^q*TRKNGc)bEe_mx8LT0vc&$hlYZRvJ#zP-V;J$Nm`@`~-2XS)|p5Cu15OkG2^bS2Xg$A4Io*VW|B8tY|9E zvZs>H>G)UUDPQL(XUKA}_bhDhQq)9z@Gwxt#SeVTzrEI z;iMCg=IWgxuM6NlT=#!sH_NzdptOY2bF^`V+*4Y#oH%jKDqW6^aT#=0(Syt2sUr?E z5(Wa+(ftvk#3$m14oIjR``Mq*yHE7BZ1(0ag!e+_hIeL}~x9rLci zyQH12$maUKED;Herbe({Uj8YueJy4J56sQDB+kH1M#h9DE^V(3f@h#{XA_LqVBN(B ztdjQ#KfvKL)vL*8+))$9vtL|9`i-J`ge7O+QHL6e8p!JKEb{=os4u!~PSG6+7T!Zx z#KoaT>_adwQYk;74R#?31);s6q{A2qa&f(zX^>$Th=06*!-HB~%;fy|*27V=8@>~Z z_#&w>X4Qz&*c&Ji)A0re8#wbZP-Smbf|$(I)f5jR9nl$))X=&EPVG~Spg-&J9i>xU z(gP_`#1Oy8HBWRJ_CB{Ih@`hAzPy(Bl5%?j*to=(M-pH5B)**YyM#P55?|IPzGU8! z05&P{<(b5n{fRGmcP8X1OMH1R@ukOI7MRqh3vm}LY_ae=F3}67*6xPI`v^@~$HXV& zj>7m~0-c~E=9(krY-biWT!SMF+>CeBHe=|JO$hM|q5tALk47W#cF4SZx3%;1GzLKx zJ%ZucgMlorUx|TKgH1;>%U5?mr_<(V;~OlpnY%QcU(*)n;ML*{Sh5mNy!!OQ62JaO zLipj)eFis8aQYF8#z#0`?ZdU6T8%ThH8LPnl7$IAYM@_VAhBED1LLjZ)I3f0Y#+3LV6!@@f;L$4;RhMDI zf|SD>Mf~wkalI`|5yd<%aPe3^3pl!x`5}P)^>JvE5YT1GEou^zxxR;UmLJ=aCDI`) z$5FmjPEKw>T;?eI3@@=Y$>Fi=vVpt23RR#UO~T*8#B)6>#Reexc5m_g_!($AaRo>tHmabgPSzZ#Mh#U z*rcJyVz4sO!*BTdO_JsMm8}p>yAzj3Ydg7jbH2Cs%hc8&U`C)SMvZtPp+Va)T>k4W z2|S&E!R$xFo|-tVuZ+FKbx`rZEt1}9705>lWFWXkE0BmyV!0XLfaSHeKPS2{ItSy zh5~t6fuzDP&VOgm_uE#fEdA=05MU|CPb)0T6iBTCIdw)GAVCFkCB6a6(`|uVtw44tkn>8~z;dAi znTl_~@h+#>r)Th`HV$616up!94`-y6E{I&TYa1{YVp+2rSUE=W&5vL`5P}7|W0{xe0!> z0MC3-f-fR?FbnS&U(M_aJ|}eCE)$33#S=RsOe(SQpXp?CADve+wp${^bNEuV7=N6V zyc|HB1_7MTD{;Ok*U0g5jf^j*tFMajM`@VDh5;6Iw1L$C@c%RH%|B+Q=$^FTNO<}p zK>mzNRI@a0Xcs6(jc_Jd2|$G5O0?_nxbLul*Y69Sj#c7Y&CDl zZ0~MN%(k*Cvdu#_3ykGmA##r#iM9JIJagfaBG@5*A0|F-jDOF^_k?~KFt=k$WT=>o z(yX3~YzBrdVq`*+M^X{%%9Af zbfsBF9R@swcHMngE0|=_ntU@6Bxp!{z77W*WjvTk^#id@1HVH*-`>;`}9}n91iTkKSx%3^f&oNxS?mZ2g*3| zWk~10czxrlUE-+EmY!ojz}~}+6BUYrr#2)(jB44gg^%MaGQi*o7^ur-*3Dq_apqq44m%zgTxMd z59^Wj81-Lu-0@BKi>lwfb}9Ze;w5%%+u;3(UQ7sNRcL$FZS zNc{*wo8I%})a#}?5524(9rv@$%2*YH z4K^G_M!GS|17V?c88EcMZ*iJvQ4L-#jB5C`?;K^n!!sg9gql?iCg0zp2Dc-@Q8r)I zV1TNDaS`r1_yOiYR6!2kL*nhHPz6c%-1Ty{Ne_IfDQ_0D!E3{lRiTcu5qPj_C)+Md zwjJ-qO=`P?NN|+hrb>Qs@Cn*(*>db~YRAJo;l+W#rh%KYqvCrem|et1Wcxk(XE`*= zKf<^0TX1i-T46g9WGg6Iu5C%n6iLfuMN5vNrHxkT2x7v^S#V-2po?J@74y&vk?UhN zHr0aScSuFJ9yzcb$8=g3z=*xw}@4|ki$jFVwQ9w>F zAaU<@))j7rwz7W1nP_XWCLjFn>ccfC744=@m7`wb0&-1lm&F$x<%p*Nvv4wMkJjwx zDO0!-H;Jw&!a{H1mRq;s{%BmXp_5i=CzvU#v=rt1TUFY-?c`O;MX7FWe|Qp3oFr8( zfRd7`cGkbDS_z73yK1~;#}cb)GrR{Jt}$?d*Qn-Pt**cy@yQyTbkeK28o(SrP@T2( z_Zh@%WAK-l93NW(Ai{0I)ojujdArH~jnPdw-tU+n!d!shy^kE;I$kd= zTVB1Kz0d9Su0ZU|6A1qcD8KfWOa}$tyeCPFqihb+o%$NCgYdL}ax>0m{eaUnV)kP^ zn>Alj%rSZ!;Jo^4eD@YFmEc-kSbzjZ0UFP*b>(tZB2_r=HL82M48z`Hg*UGm$KxDV z;{Mbq{(4j8U_jsnPws~-un;t1_F@vN$!=_v0gOUL1LI5OHj+BgI)EEsN%l1z5Vs&NIidomoW3S1rP**fz+Mylay zVnYNwhmK}B=J7~Ms77eD6}J~ujB`1wxsZo>+(Z^*)qXh=;F)qs5yl zM;m(IlZyec50@*VdTqARo3NpSPD{8`<18{V)^BpQ5XA*R0YG*E>T1QBIL(V-aDMHt zvJ2$^vDg8`Vwn76#`7g-gG2Ade~5(K=6_yrqDA;`3;w$t49$Z3r}=yt@|m0}L83kd zv{(`~Vl&tqzsXE#9A$3@;W~J=wf8~sI^}ul@0NI-{yN?;D+cLDxs5R~Sx9!2EkO+v z1m#BztlkV0l8EsibZ?1ad~KD&`0)ZTXT$zTYLc{mo&{(L?Tz9J;7k;%Ihxt9kxMOs zJdz-gzr~0HF@gNgj*|%F$$Xgcr@?`tdNw1#j;}+Lql{tD{Q51>LU1^WrU9pZ@6_6T zxUg#%rYECji6dT+Z`fBto&l4-FS{uk=_;nH#50G>#AlJ{)!_Ss0pZok`en&UeD754 zK&|LwJMexJf*RV^0j<~ggOvDzUOcT(43v4x`eh)GUwgLS0aTps!hPrr#fBilCL|(M z0z5G?5E5!I&e{%?3I_*OY$r)t-QV_V-}9`hUIN3|Vj@F0Zq%dLr_U!A$Z~<}Xw-ycXQ*(NBQIfuZEbDA4d9m=GGBad}9iGXdmOuk$4xfHe@Qh z^hipGXzkIjD*?9a%wsnh!QXgvFDQDMXsGgahESXLVQ`#B(`1tVGO3f5;^(2BxocT@ z1=ZhU%;lR$n@gxj7Lv7je8dm4%Y4dSC|BGzdYbGi*3*AtyFx`^t@#iATOU@lC2)o` zqV?^Bo^`nG+MTo~#k(|dY;+c@{=#u@UysvAkxt@e^)?#TDQ4kl;BY$WC4d*f$F%PF z0>$!72wI5Ify#b#mTH;tcVNp|3wZz+*ReT-=pi%^cLfknm4mIDyB1<7way~F9AUCcv*f|)Z^Ej7AeXFPFaVAWrSzj{FyMk5m?|3Dxm zB>IiNuwtB4`P?#_iO*?BND15r^-h0~HE@(2Mgmqp8ENGhG!d!69zmk`0b6PRgSm#q)UiQSl=jGw|T3 zp%n1|v^)x~XDZpt{DzZ(SZW?!Kz%7NMmBa-l)nr|2-F9+S3PJc>L#HmDg_4>^~~Da zH~>0$M)(_oXJ9=Yn6RD#O{h54bk0Ref}uCO9lpd9c75344x^EBT1g4JFz`kN*Ha$EbKx$ zao~~F?}SH0sdGBI%x7*HE2ff@0C${1IdvMNn}_TOHMMule;kQ!?RDl4Gsp*$rH2oP zEaKS6W)9rvHQwUjMN}T_k%|G_g+ZZD!OS9pL>8(BFFzB7uP{9mZ*P;mIFDggUQU5)FPJ`N1v4KkUd7Aj}DyRKU@MG zg(+RhB|OUjjR&V+V*H0kB~AW=&}b~%$h_u@OmIlaiW;5vcEQ}31+eH(QlMyqAx-)R zc1x6S>`div zLXnn%%S^A62bY6*8J?;eoJy?J`;kh<*^QAEHAK0Tiq_K{KN0LD$$>=DCBICd0p6^1 zlBCB~GkaFKwmBPX(t|g9^w}l)z3>KZN}rJiE9L||Irs!?DHi@5(vMgp`s*wu(936J zMqfOFApD&BXAY@Z2f)70Pz~Y+)vUwE=`Z8sWKLNda4WVtgWgtuWsO%$r`5nE%PLFd|+6P|PAO{8mV0F+d8H;r;(bB4hHUtY=a9LZq@WWYI<89P{-pwt`sjDz0NC zO`?=fm@83nFP`A7$k|{&bx$VlG;SB{NaY7mIVip;yc=oYO}nGnX{sFQ&(0?z1ek3L7fe888s5x)+~6yo=i z5!2zPH3_mxlanF;BP2+~zGTFP{gN9Kwua{=zPyw8l6_MQ4Et=DYYc@@=85gbvFb7F zOw6fhD>zo{#KQl+Q;X+M#mtf;4}IFkX@vjwsl_e7jc??g%riCnf9TZWT`2$mg;R^~ z-twRAs8;8k?mz(+pFd$oVQGyYb4qmRJJBigH>Ui1rxr&PS(8R8lZ{gNR%Z)e?SYz)1x4iTcH|CNoWxWG~ zhw&W#;f3Pb3e*JL@@GuA=i;t;ZNyI)q)tf4f@5yt#$zlTyBe^k7fuj+=Bq+a)VJXO zr%kpRA1}X7e0eeP}jm2NN{ zO5|#rU`j~P!`e6_wDNzb^E{#2wAM$ukAcXa(O0WZ+E+5xg;fp}Rn`j8bC@P9-Tq>cr4?`I zrE5iqkb;O`UjRFhiDf_x=W|-$Wi-HtUXf9)evhB(R{$eA-%q=H5Qpa&i}EX64=W-l zSgK1dhGY06pb*F<)O2Z}TmEvq1iFWsN`h0It4HA_(%HGXl)vqrs|Vs2=H%J^aBXaj zL?AtG8SzkENkM`_i0MPMPhPpmP>4rdFoDnf8=9{6n^gI_Pt1omHScg_+~Qp?TV6YN z0Dsl*@W)w6rB!@659+UOe_^s}fD!KPL5Do)HaKQa5SJfQH#|wnG}N3L=o4yg7Z{+l z>c-%?Z2V8rMl@t%T0~AoU_aa(Sx};7MIbp9l;|m%y0%evMf^h6MAp`7!Mye79P{Tu zJn>QgJ2u0tc*3Lp)fOwsPEdtoBgHhL#3nDc63oyn6f@f9y#JxlEU1&kbK~JzKHc)4 zox}(MgK}DgXqkaRtX64j5=+z42^Y_SEj{58qQw(ho5nCLGv8{89sA#96_IGumy)z$ z|IMTX9{%^lm!`y*g6l0XbDd>~jlw*+SSil@aI;yJn2M1&>SEpce?nOOeV6~N4AkmS z{ty&kwebnN5h8o5x%VFmu~Cko04JVz|NjZG@u$=NvmMn+SRI7|{$)pLSiLv> z-xF4^z1EsUk_Kh|Z~GC#(efBHG~n!_@BxH$l#^DzeTz7;>Ww!5QCBPqXIl`4eMgJT z_taV7L^T=FBU@&Ee508Lx$ZiPPF3;{+-Msw`O^mLEncz<*SAUt_`%0B8}`+SFXtpO zl;0=5{1ktYl^gVxRRpPxTFCWyftTY((Kt!{MB>|T!`53I{?V_kG-A9a2|f>(d&hBo zwcmP+=YA^*qR4tf{aO%iKiHUns#EMOj_Sx^6T+|`X_0wYQk^=qQEQLY5r+L2F@~)A zsLA>y8*qzxZzYbFL)3&OD9(IWGx&52~+5_^kh-tbP0>=i9CU;ABR=40Efw|M3m z`(v5+w#e+Xh>~P?Z-eY>%yvjzO|t#kyMApwFU&>&dbvRgEAx&(e>x8hew=|zWqfZ0 zR7MI7_|L=AOI!I~$P$o<&8^eWzK_ES__XFLEm`eEn(4elK` zP}fCh zGae!1FJV{y7ocUUITmpPpGkoWd1O6sI-jTF84hF>X!b9E$4bqf3TThvUt+aBLgb3y zKP&6&_Z5H7ue!T*tlm>F|B}HeDdY4`->?BtqPAAxEEO=y`dy)={S6qiaFd@u?}wRn zx;qOo+@U(Gp&b;W{O&?al*gTFcnxm|V-4Ue;J#{uB<7W2$i#0}X$Cs)*@yA*D0RD

hnez%L(m}Jx{9r7e|>zcp&aGk0n~-#zH`^JW(n=()1Kq7qT2OWSf6>TqPvu+ zcz|2Xx)Mp6ylVUzqJ9a}0=@H?A9wfwNN&cdOVVhARfAfbay5Y*i>3juOLs4X+E~ib z!T#1?V`<_OiN~?Xj~9##r@}vUm2T3=+H?d05$EnB-Wt^ zAC?^#K*!0iR)^mIdzp^Qhh(}qjQ3cF&Wv?vS7%QNq8ocOFoJk?dRN6CA{ z5QMTdPjAON_3QDnQ$P17bn1J6R-MXfC3Gq~?<-N`lbxqfu|Z#B#TKb9e1To4KDFJ8 zu0q+>A(wVcb)xJ*GLyG}fxR$A^%Vk5?g;cY`^wkP?5u+bBCa}XG{KC_DbFO;_f}Bs ztmHTr&U@qt4)+3}_^+>3r!jhScdVmX+{VO3w4-j~Ln^Mui$%q62{EZ9gzlJobQy+K zARQMl91R3d!QFc0jU}ntjDe;P2se!A=Ht}ck4Oz(24!BBcMZzJ?p#d(ZYSzWohwj- zfBf01!EZr!75^ZZJpP7Xz#jk@$pBL%z$^lA-xl`|O60>VM)Cid}S%q7X4w6p|c|Udm1o0J=!xk@fJ?4aG;D9y=}SG zQk;NQPW*9J(l8~S0~50b+>j5X9lAvreicv5DQ{bIN<%7_b_5W^tQdjo5OPuiD0i0_ zO^4OId(wjHv^u`P1+^S^T!B~PYDEm@O!3UZ=Ggs}hzGu%l20Za2{8wSbAc@-f^F7D zF-fz5ht;8gU}uj$3nlR`r{5wkU03?bF~HI<#ieQ3!t-y3Z)LU<_qBI)Y4@bb3h#Z| zs_;{+@DsAaTqDG*cbThVa#%CmV5=QuT$;DFTBru-N4C6WKK>BqV_GRuXkW9HSY^5b zpcgvhCbS%UhKK?&tgQ~z$K|bvc3e`#Lre`xW8YbBRHOboH z+9EShni{aWdHJtCvM9{$aL$UDhXby{z}2KiW)MVFlM_~*BFmr8^0)tnUJkRxJfVv2??yl zQ<1=0l*@$2TuX2T%c$YZ+s@qRH!?Rrj_CZ9aV0ZJo}2G#4a(h4wkBF@*Cuq5K2m6K z#i!ecG3+16PA&+(ekjhq!@;BM8MT11(8Ar9#e%FStdG9A>NPut& z{OSe)O3bEK=*OdY=r)d=6C*i4j%3RpEhLY&K;i=uxv;9nh2iPxGc(Pj>{92(xW$cRxB*832jiW~!ceb12b~rTV0&Vx*uDW>puthUadr>vEb_`j=thV~B+oHC zJ6}#M_*>2yj;)z$2WX)pcI*0P2>wy=&X#7Vt~iWhItj-BJODs>kf*|Sd3;RYSny)TLMz|=ArcN-0<$-63J&ROOZlV?s5 zU+O{DO}3aokZxj-Lpnb5FqIy_kv-BFPYf^K zh#D-5Y&RQJJ1&Ny9L}khB8@{Zf6h|L`6gv0vo%WOzdHLw%N97LZjrggaM`nCp z5sf#qR`YnQQ!h%HdwdsRaW`fDU(rc9e5+WNOS5QpCz07lu+aUZpSMzQum&3PLu7$FkL(m8s*W0wB)xn8KSPm24 zN*?e8ewQ|7n;W+tUUxtG4rUTn>7Lbfs2AG&v8A#LYw;uQyn)T_PJyD~Fc>qgx*mVR z1MvsR8MH-Em`7CXnLVqYQu(h}`42Mx1uB2W8xSH=a%=NGc8uT5Zdz?;MQH9U{uq?i z(>d{m&v0**J~6}giBp@H;k50lWTw2ej)kj;Sf8~LkSoM-QjK7D7S(@OrSAQMq`D(Z zt^8$->RH*<|4;yH6+jjN9wmS|j3Yrrd28obR17ev{BOMQ{PWLy952-(h*e*s+bFZ# zdTru1QQD$tx)P$nrYg)!@FVh*imp)rV-&zr0`vrcD|Oa36pub*GZv+=^BL028bIu; zNEhoZaX5`dufjkeuj=H&?aJMY8h)sX+5NC=f^jV7wd)T@-Khg`Iiqv#k8)6-S^cpB zdqaT@BG@8==>yz(Q&NEE69uqL0qnz%xB~znZ!vTi4pUqiox2W}ERIrJtu=%Ra3^Ho z2y`M0aW0vddTxj7N2M|(?jU-Lw*hDcJ6+tm!w!e%DH(3tSCM~OD~ombV3Jebu}upn z@R$7(tp!hVEQvVl=f{hOORl5r3Org2tWq3YO$Ih6t6d<+SvN+WE%7RgB3@0dHK(W8 zaUVzi>9oXt;8^sC?1nLEd246&;rRc(Y{swfQ%y6jxOEbT)9G0K({k6k@;-Mu#&0t^ zwVQiXa=o*VV6w^cK+Ki0IX>*T}e?aA} z1mV&v-K&kkjcsGHaak7UcpaG$0={WH*UxWluTXqve1>}9++FV(4YN< z85A1kz<9R>F8%q6?u!W}=He5uV0bU_8c#UbPVT(JGv~q0M)u2Z$rjc9f(!${H~%t&tyV*N@(i?HYt}Oz~96FB}_g?SN>2&0AY*Wr<98Y2SzT z{s=(M*amRvwIu`y9Z#K^<0)R}EM1*`J?fYrJQZ$6c$vf($I@Eknl8=G+?|1b0I~** zzZl-`vrzM`9RJflvSUDh!j3QhKn^^IcdZlVYVEpgMA*>Aq?Lc*(x*II5`Pbv0NoRA;o8;~ToIAw=F!6JK2cxDeB3HDHT~ za>OezdPjQc6ELg-0S4mbQnO(?hHWY(=rpY$Lr)!1kQR7cZK{1GaO(!<^L=56>|Nw> zkshH3dZq-_#oG|;6So~z)iY6KOzKbg99~*wbxTKpM0T9h9E~oxA?MCE8U_{-W0z@1y`ne2o?K&=!m$jw3uveb)n#+P8QU$mS7|pdMy;C(RmjAXn}o+H8$qE`T9|dv z8;32V52y8>9MlUAOarBq5v+$fz^~6xs*rf$Rjg=wZ(Lal9b@(osenUheYJfJh{gz8 z|C+VpITke|iGVH}Rz3XWM&`UnnT1!KQ*QYY-{k_%I4|UDqtoQ;8+i2^S7v*SM{4j0 z$&+F^j~`M@$hTzy?HUHpfmkm*h{D60(IGp0?B?>iUbss+X3Y@i(5>9L-v9yjPiYM& zNxjQ=%)St@VyGA<5}z)KrwBQFydr!zq)5^=XREh(gCrdH*QslOG1I^xbr6Q*kXT%5 z9E*9%jHZo4Se@P4myzCl`4TS??3P5u4m`Q^JGQw7;j%S{3q*0_KJl!e$-<(-^$MD? zZZzu1q3~^FTT2eg&S6_pPIwIb0!Qm%!9$}`g)`;9xqL(jco@!H`XCA+E>CemnlpEU zJMT-kWBfNB*% zA}DE?Ko3j+1qBrl4I-{Lgc%bxK*A)DrfFeSR^64Ay||0J`mU~mAucfiOacl9@PeWe z@z&!Yf@l&zGymVOs%J6-(RcUzzW?)ld7eynRoCUzsj5?_&N+2TGTQKPV^t$T)96sw zo!ZGP5g9Q84h5c#>Q@MkaAh#gCH^RuLtp3Y#n+i*;3hFuStfUoXzW3H(Prf^va5EwsQa zJs}sEz{Ngz+*GPKwwgxspl3Jh*O!Y$r(!AGhy`ge$r5f9p>eu(K3G26P@TfSCn;2d zc*}DW7&h6ENs*8)9@Vv41;&M0hqwM2TB9WE0Ac1a>my7?n{~(pYXR0F5RZujFW6Cz zGem)yM932T#s7O0Aghxr-<(xru%9nQgYtShdg6kM20TuK%YON5mHepSg$7+BLYM(G`g5lNg1GK&tLIT&QEOI#M# z%7)iLOf|XGSTWezGf>CstOvZPiQ>0wru^4S^RJ67CrSO#8VLI? zeAHH-k@5;!$?;_6H4qGAS{cJ0MIARChLjX11 zE(>akENHDPXkuhRD_GE48;IYrpfWMGYlZEmvM3_K)E zo0_bV3{18ImqrE#GH{{&B@+Qa|B~RM``z$f1R4&&o)4dXPtH1o)}4s6?r)Tke6$4x zjk5!9M+P=CFu?w@9s!gyO;$1bw20ys%PO2>BjWC26<=+aRXoUo>g~YYk%3znc*_2A z9RoY;Kp_J!+ks&Spz>C*yciGE05CWiAfo?jzK=le zC_su&BO{@|n9#py*EfO%mD_c!;(;5#A#{>=gb@YDDd9w7@6XMJziXRx5Hc3=?$S$5_3 zGjN3+n9YFO4oqd>Jv+}h2ClciT+P5sc3?0AU)zBJ42-d%KZAh>>_9RCfIdb-pBxGO zp7{d$gL(w?uOrSfRY`t!ypDqYUAm|z+&J9H47_bN+E0eVl(`#c>BVl%AZ5 z>EOs zRJ7nyH6zYxl%|GHpiW;(g!P$^M;)q&u~v)(wy+(N;!K#sNw%IoXZ+Xhae$ZZiV)Hh z(P*`R>@1BLVds%9Yy{fgNcZGbd@34y?Q!4n*!kyF9AhIry(*50MyJg1cVqYxGJJsl z6xd?G{|e!Cg-*;qk1YV;{U;uEKEnIaHM}`%4));tZS%cz0Hy6?$(eu5doB;bo`xM0 z&K0*K3B+_(Oau15dIuFMVN(nnjc~3h?L;O|GWu7XScm9jBMrZ^l>~rN-DK`3(++LNBxJmymTA>!qN3TB*48tyV#B?Zq$-PpWENl z5X=q*2b84iha;2ClYvk&J2;?ZUO1VV@TubzStn0G>Tp={1Ed*{OFeQMU@S5`InYu< zWVH^01eXt5Gl;6`pH;;>#P5}>#QUP@F`lzs#sl!vHYQ1P)VtymH6iv>mK32FeFmJ> z?ho(TGuLu=-3vy_N&1_4TOixhRO5zepgaX`{T|#{PUW2GNu0&~)E~RVlY4$ChpwhELR%`uv{1P|vX4!p z_qE-4fdf^|(Oer3`A^>VIzF`g!>TgoeV19*YnE0FF_#dV4Y$`p*zaH9u2Ln+i(*0R5K;w%I3@rIu+-k`$qPsEd- z?#3q}Cu5-V4^mVnJfb&^$zrSg14YVvT8hj?xez9bLrhk}EGd8Uv#rLMT-f{+81s^> z`|?HnBfCU=B0O#6qDhIf&`$+g@wG|ThJQnLXy5}*Y8RJ6rXBR$pz8a^E}xP(YwU7& z;;p0cQ#^XPGx0XMA;y`C?M{8WN|#NIxObvcZ_z)P|JB%PBp+QpJ+XLfHS-{NTe#E$ zXi)cY9J?HFeU57YhqjjE+}7m)i2~Lkw-Q7T%#;#Ehsy?OGPbV-tRTtdNJJk_L))P> zzo*6j0*F=^uWzn_v^G5){5OKYj1=NUC^JqGmY4D#G~7D?ldpuA`-abUATJEnl*+$A zF$>p#a_~PveYNjlj{OyQm4;wT@CM_SN3O@yWsaGp>B8qWWxUYRslG+iVmxyox<)IK z^0wr^sZ9Jpw9#FB0ted4(Z`_X@T&;bFw}l|kRXmpg70mPY!{3UM}>y1%eVpBvoV=) zd+0gWrJo@R(Tq)VF}kc{wFxl+MK_^N2nH^)1>K=ZpmH3dEp)!*)SqPeGE4P+OOB+e{=z(z&wC)*iQiiH&5)yVIEsSYzQ6^V2*)NEf}S3jRTzF(0(Qh=?9Id2 zYlHVteIIVfEGS%_UIUm$sTFnV&L7e2qqx)GbL19s05rmGi1GQ$4X-;V92-wu#U|g zZzN>MvFGm&fzoM%BtUzo!;N4&36#_u}I5=9GZ|4^H5K7v6IX|(Ob1`5tUR~lu5t- zBkgZ6lL9GXVh5beB3{8NS$m(NOn1LE;!k)Q2|r|p4?B5>%86eZq5PKFq^8|kgRJ3l zRw2MjUbAl7aMBqt+aeT8VOX#~SPJ$_rh-+PkKq$$m3$9lrmJpakbBTwNnBP|7T|N> z5+Sx{zrl=DsRZ+gmwDdI(8`&~GJr-GEJ^8cQ7n6Y+Q-u-nu;0V4*Fe9j{^#`kRm2Z zeK1W5s2Pu|NN|8ed4vY3G8U5#_Mz_LyR!T*;}sXPz_{adt}9?L#aczhw2c0-hGpoZ zaSR4WKu})_>@sCBlzxX*!x8=|{11Up2t2Y#?a7d|{Pu8qYZ_A6GWf@_-gDSr0^VFM zTY}+jv&P>j$bUvycVQp5g)f_L=wKvTT))cd3@z{`JUAbUE{9O4qg?Q|J42a73goDPp8 zKWaFZ(_m#*kH#9sxAf}Kw^lE>t$K2Chz2|-I|9nRIL-9L&64YIy^O`V0h@j}pp+0Z zSd5r}Vvm4!Ys_y6#YydkFB0&S^Q3Q~Nqs^~tOYjTTv#oYUPaI!j)%z~DNHPep>>^* zp9;OmjnEEOTW8$K9@?)rTF>AU=*;Z^CmpOjcWp}LpU{hPH1Uj_QpG8N30hMc;=1oc zL@l>AY7I%U-;@cSh)$r21QYRVeSqN;C_x#X=p?jRP-~_z$p$2W0=e3aWua~oVyMsh zYz}K4>S8WVKb~&?&YIywX>>kxespQ8L}|0|Yt3b8AZK6gz|h_Yf|ipJB50O36%z+| zohS4?R_#lYP7P^`K3;}HDLkKO4SGkM`Qibu5h~UZ`xFK4bt}-g)0!)^#%OtZ~ zPYO-qcAh}4*xZ?E8y*P3KMx6Ny`qA@;MeLHMiMduhdXQ;z~aF({15*&))q!ER1y{X zLsaO;sL%yZ*!g@-gRL7801?GFT-~65HI5A9VV2_IHmk622vYMOgUQ9i zMi?MB(xdh1KAiT__j^;w$K8n`2X4UF#Js*>(DQ(mHk(tj$-3?z9JrjTUQm*>>%Ae2 zdr)TWTKuRrWE=e3@q+}HMI<DJc$F8eLYYDC-UUTCZNgi5j>VvwaP;E}&-RwWI>pCy!vEGlz~rP7=B6 z%WXnnO)Vh7NEn|Un%FJg49x3_t?b4KUd8(0g$PDOoEgn3(i?@9!8=3t5knQo0TU73 z`xX?kJxg#6Cnh`E4!f{__o6T-=s6u<4nL5_ZXKVFiqW9+0oKQ7q|ycZ^XO@S++5oS zC2gb-&bs$5U=zKc%QHGX3@u63Q*%f}5)BR4wI~8D6u}8W9T*ltld_`3PvOBi2>|1q zE6iO~{ReEXd{-9(mKbj)gvLu*+t)ogY!W6QmX(eMXlE}#zY&z$LrihjWi~uIjCSY3 zs$~|ok)^3_eI5w^)qR)|ZL30aoI09S~ct!*6&41P4A@@rw`c&HUATDaD8dyP`C|Z28s;e86p?y zJznd#a5NEEfUdaV{!mwt>ekN3k6JSWzt+Ob>?KaM;Tc}oqEvyPQa)Ue{i!8`cbI=C~2Gd zJZalj8zT@_8|#Ta>*Wb@mv|8H(8gb4jFwR4ljIi)j_hb;67?CYS(!D{PVu7Xj&|#b zt&lr|7zm_uA30>Vb%&isn0^_XM4ej$qU7q2fpOm^wkNi1E^LIQ#|yU&f_cv>bObio z=pYGe4;xnQImGJDOSi1O=v=Z#7a-QoK=2RQ(WfI?4Q_P~f0h-MJ?}O|Cz6>@2OPc* zRUCja?-K&+Re01bBhm-u;=qUD6+*ACz9y1e&@!|JWY4>5V*%52uA@EiS5_Uq`#O4y zf}FCTG8QCU3mo_r4-|Z5J%vOY(~&K&K`X|Y(CG=Q7`;T6jaGwj$^>jO%!JmWbfVK_ zrR=dy>3D%?99};PaklQ>$!xf1C@9>jIswlE*MXQwAZ5huGJ++Gdw{Gdh!7;s?j`G5 zpviv&q)e6z)rGbY@-Rom!Db9sxHxj^RRu_*>N_-jb(VO83mB65**(LPjf~;fek?kW zaw^rgASddW$LY6cSsRwTpuWb5tWNy}Hy)nTaeOC8^g`G7oEV$*>-jllN-~@9nFQi; zfaeHzRkn#v{s6t{G!~{q=x9{2IHmGmh{B#Z(_JhI){2`oObdM4h!0o=p5^UiU>_1L@UOyh^D01)dQ{dASUjt%2-dl;G~vyru~JNIo3*P01mCKXW7b9V}c$0*1KT}c!aqw>mF}_Xg4!DLAjZ#)rprLXB^hfbZp?r!E2Jpm7+@o?=*v&HH))2-1xKlT5wUW$ z@wP-RH4R*9-VkDXo`Mm=J!6=a2t#jQN1;;nv5ds_WtepY2hqTgdT3FO=f<@Fjb&5% z;xvl5c)@k7m^>J$jg}_ppl2ouMgDo%>wje({7e$yZQ;taB)F9dv5S~=-&uR`P2Um# zH;X{2w0omd zmEpTu^C5o49%@qb*So~mFIYw&l;M9E1P*0f5S{8Fk?I?!`gRafO+~6`3g;6ruTvF%foty+i$)zDb;+2#R$Df?xqY58G8!e| z7fMkjj?q>No%{Fd|M;^j-igfML^57;Y76!Mq`KVm=S0Kh%SZU3^ zLC%MoHN-AAYD(pA@eOx>`G&q2iAVaq7vG8cy4;ugs_Fx{=hpjkx@SkntT z^kLxZ*DsWtvMelc{9xrc*e#{pyF7(&pg*s~V!&Ml=Ks0R#h&cmWEQiqqn0)W8^D zn#b|$C$j=v{|Q4eM7?Ol&C@U_1MKS>@nx&J9tA@)_ZTvv|JJd>#nd0i;|H&UoddLnG> zkzK4MIS}X*f&Gyy5`iQ=*7fJWzbF$zF@PrqM-WFrWrjnyMQ0GyC`V?12Ipa%{)7%^ zF#dC?+!BfvT*|bcp3EkJd@jB`0{IsKFd-{`5~a$Oig>pNSTL0O~1N9e)9C^9_`?d>LxeyjPHd8Zg-p(XT8^c@d+=4ZEf z??uPWxiy3_ofzX}RBK9sF{lpBG%floXPsJeH}QG!JjjqR(1JY7kd_slZna3afa$g} z9RUcu$DJQ8Al#+~cl$azy^Y9c&5EjBmcN*_|A8Y~NNIS7B$;9R6yeo&Zw+-DYf0KD zdCTL1fTB3JT7NH;s)b^#z}r3!skDaVZ7@^=gAlHhD|)T0QzxvMp*DrmZ=t;AQf@{6 zNt1uzZeShTa}D2HCsl_N{jr-sVZOEAHv4hyF*Ku8ORCLuH} z9GZpD+;C_fLZzY5tL12&raw`QM>uYkjAO&YacgDVy2v=vJLKh>6;4+#|T(@yz1 zE8;6wiIeID&cb<1qrUdkjAiAb%_0GV#N{bzBu>L=h}%=rtc@;*xIQI~#CfXb*AEM+1EO`z} z#!aU8p>P-W+X6p+7=dBAiUZO$KV^JGSGPR`>kIZ!I!Z#~NkmllJv1c@0J$m~A7upK zi@uTgn6V|IhqykTjg^YUo`&+L@g>=}I4j*dh$h2k+E4HiAlpmh4ZB#rT91T^6|2j; z(di^+A7#2ZOeZk=-p{sju54u%(gTWFKi|rG!_`phZG%Hb)uQo)SnU2^jKjICnBy?( zKOcu5!K;Qu5NEy((LV{%Jy8%vjl;i1XOh@@nVE($lfaf7hi9zoejMH&T|#&q7DdO) zakzmce{%LOj>Ea9j>9W$N&(ZB8q%>C&p^@yERYf22)iGRjnhI{F_6#33U!s%RDkjS zq@PCF^x`Vbs1QUIU3GEA!vdWDytgh6!*ypDT)PO@>t{v671dkEriL0LGRfY0mzkC` zQ$%mg{cHEV^=fnp;of>CI$rkHUY0x@cyyg*pu2{O29E@P-iX=XSw$lyLQmf-9=S zwCGH-!`hkYgEON$?A5A|OVV;11f`0CSo`ibu>H{L2s5Tf zMj^3KN%=ZrmCDzU2-Z5-$Dzaz5HN%jyQ+hDC0jpJbP){RAsVIH;w}-EHiw84J67!f zo}*^C1Okp8qG(ZVEh^%MgEgwcwdV@P2=~-n#Dz3*M+Y_7|>TZqz z8_7bPxvCEgD!8`_?f=Ey&&cvtbQU@G`k`Q9H}pTzU)gnP4fU8p2DmEvD-90S8nI2! zW_5zltc3k+CO%M9??Zjlqw~=6QLUjSDzH7ogR#dWc4rXd3C?RUC@DLei(U>XDf-Oo z7W~(};hmXSO$GlX*nvaWg%HAuY=lfkZPwz9$Wa&OxHd&+km%sq0BZs>h$ih29M^?^ z6jL#W99Pg&2s7~oyqTmdx`6OZoE;r6XW~sP_=nTQOr%K^mIQ34_+HW1~=0-GF*7I<^zOZSmZ(nzofto0n4Dk)% zKVp@t3Y4S1PW*6#JJ)4gfxVIU9IMx#&=RuK3@eqC;){kMGeusu3(H|H;~HxLRwLVL z9=Cv-X(Ph$QiNc`dlTW^d>W(=@K{LIMWjU)4LKxVFgr7_bVMCOz zB8gh_YbKnHgn_^QEWY87mn<$uAMri-=kZ+@uHiAHwc&r5HN>KZ{}A86vydcB1-^$7 z-xGlEc<;h4T+g;~eWvv%s@g)h_P8aUu^l}L&nY;i9Es<5CWbIU2H1v^`zGtA-am`y zXQDGnJd??_28v7)&qSi8mxROt##sBUsfQS@5G-hBLLzc$dgut1W{iRwP%F^$_4{$z zVAG7?tYIvMawpuiiOV1|@=LTb9FQDapcU^l;;RF3##md#z!jddcshd7nhIM{GJIRX ziXvoJ3}jg6Vc@_k)J1iKQ7FJSN)Yx#r&!{W!8=m$4WT8bXwW+x1#0?Ex9)8&(!VU!4;JY^Vb5vR zS*!~N|JX-<3pYqb`uB98xCx`dps9WJ&7hLl@rlhLbpL}awxU&Fnd4( zUk=Ax!AYecgDm9s3xUmZM4rz*cQa<07!FcfD8%ic2I7FKI0@hvS%vfJg?^6B1n*Z8 zbYaWYhDza-+y4=s0t%_XI1b==F9d+~tHJmDT%*u^rJ9j;g~*<)4KIQz*sF-Q)4>h3 z{}c$JvJQ$;*MIpVZoT_G8SfquA{LVZJCGI#fx(T7vpP; zH3eQmpp?sY7uTa*0z9670768%MYvZNNU`tLH4;{R8E&K(78M<*K(@u|S9y{}1@wc} zC_-`;G=eY^Ty`;{o1Ho66r8GB$5iO4X?DME_?6wSUs_MILG_+XC}9}_vmGYk(G1y} zv`K)2&fqE*AYCQ?7UME7PVzyc-R29T%rLILwGLv;Fy*(_-AD;s;glVU>p~V~%~ssE zOeJ)LM#AbZx|-g-)#?CWLd+_8mK-y8$1K`4_DO6`g$;b0+9Os|3OC!bOEc}C@@qji zUnM1V8zrU2*txt$7nUcD00%2j59{^1c1~su4}D9KSx4;;1?6ktO~qx_O+jY~V^$nj zI{GXkUWtxqTAB&+59|dS0{wkQ9Z@{#$&-`3yb#9iw(TE2kC>d-W6;*JFnMjUbI_mY znpbOD5~=_mo7$QbrRr-&o4+F<^h1uhy}A_jd#<1oghpCi?=*8FbV;8ccIO{cs%n@6 zhX;q$SJYA`VkD(GLQ zD-Xu6>*oPvW$8A7?IT))KT%!}CyNy(-2aRkn~eG9LK7h!&BH~@uN3kYMm%khq@;ZQ$k z+)Hl(r%qiw8a_)lDw+{??A66HfA4~xYOvA%tQi7Ez_-e62#^BFoaaU5Py)LgTgRK1 zpQpj)ecl0>%T@ENioU-{f5%#T8i&^rbPH^!4c5I?vw?Ory7HP_zBh6ueTVIkxCsC? z5m&DKt+-anC@R;?5jeSuOZmRj^0tErSz{|`7>TPVL^^=5%57c_MJiN6pJ1u9l6V~6 zs3IOT^TqIh20%xjt-*HK0_@EPPe-wYIX4-R8eI z^3{K1LB@*4+F^}`nz$P1N3A4L`x;_;l(NA&JUH4+{Z%d7nzy~->r5Pa{8UYbU%&%- zn;VYz*LSt=!kC>;uW0F$oJ0GDr1s!!|t+R~}ps3qq^<-|6R~+Ulp%`*R+c zFOs}SdScvzIq~h$XYoVqFN2)9$Q*mnRnb9{+xgeJDw>|h0`KyDRj<|+Ae-HX&OtAd zFcdjJQNMN3Q?Gy;-G(7i1QzLPmZW#Ut#47@;i5d8yZ^wg2Le6ZhRNoIrhxfU3+j<$ z+-Z*3t155ftPZc@C-`jai-NbxlugV zFnMCxrGMyZ{}9GaE`9%KWkdXs@n-6!nCZi^o7>s%TEo}F+IMGfuQ*VS?8%#9PY6rL z>WoCy_fvsVMd>Au{ero`jo=+42Z&S9$;(pFb|G9KX>jX%tep?@noi7gm~0vnG-+To z-gI7Ca`22J}vOa!+F=cc|G7$>ZXUmAn9uuSv$rdiynXz%m$F$0U#9 zkx^H$(G`5VDF3ihbqSj3*6U$*$p({y2E-#d&r2qfB*NLY=BqEz%zyVMie=~JVJ%3}$(Jrs_hm!oeci7o}8<7x`-Prw}t#>;G$GrLnw@#0L1H`O`dH8!p=WnsF~%rca1 z%&5RY!SzYXPA0)rDbyFHYZY6<)KrpNo1h{<=J}OW(t0twEAIiEHi0%)vyW9XHNA$^ zHxH&1V(~KLdpMe1?H`RYGqP0E6CbD{tum*lAIy6*?}*c!;>aj6ox^a(4CKpLLvk}# z*^rv0f8xx3Pv6_n(O+FY~I@*l!8fHgAg2d|4TUTh6!hyQdNv7+&U1WR4(dCy!e$3YKmYrZcI(a zrt;|=GCGJ%7Ll%=$qlN$B8OC4av<}uW%iv&SC*W`lC~Tsc`Z$;o|ft|D|6WIu8OT; z@+$V7U!p(KIK#LJJ!It|pE)|m*LpZ_um2qY0eYw8RmB_wCz4lnxI;Wz<)Z};nw}~v zXwLyR^*JmW>yuT9JFtY?Sg}EBK{1-SiOIQeK8+Jke%gB>ZVBmLr&)2HseZ6H*tD1*x-s*ay zDgS+C=~-;EIq?kNrz2IfFqjV#yPB0MzC?ThU1LgIsGy4%WcHKvslLV>0DKrvY<>>= zM-t*<+z}xVy0HLB*l}?sIGj;GN4YQIH|O<;!E;3d5k5!xwt0@SSO!33z;t#Lcv~Yo z>-}GY8k*~wx|XG}1N#Y-vb4*Jd;agGRcz%XrzQ7tQP`SrVTfa&???*KcoaS>>w9UF z3 zGR|=Yx8poF`1UR7Zn(A9&(ZXoEX}y785}!Kpp84M8IWVmOB$zpQaZ-z?vzl3rq2hB zhwmi(0lUga`(C&CbizCVvRJx?>~`gYURH^5r#RnGji<%bSM}+Sl{3J#i-ENa zkkm6!&j86h1FZ~*QUB%RFRh+%sq*Uh!E^KpgK>K**1ZY2cxK_5g(ud(37L3e4V;ipk-u>>&@?m2 zfbsQl9`wc*>u zs(nsF^q1!v44kzbPo^n*KrBxXmKaxQ`hy)!jx0dd6jP30EeIcL_3$m-0QfeiyYmmt z|6pT(d~oI+tJx1g^Ba^g%}&R$27iKXz6B`ItsLPvB`2nV1l(?h5rW@+!w+a;JN7|r zB^vbFfDTOV`}+89>4|%PJUBF8H4UYALCAqm2us1`Vh)yq<$SQi7t<<%J*wO{%9^9h zYo0Jid1v!cW$`GhX;cRrFh^4sy{#F~9L92{8LxNnp+AJaIa@Ssv)#0M(X_R|T`SJ@ zWhu)>p?0V7EL)^De4e6KY?bX1EkL($L3bPL*)3=YTJYfYXp;E?$9x@?J75E>f%9Q{ z2TS=x5d4}QEKwIFI`djFm#dM~o)S9AWI4jYX1mF@ga*7cQgYTH!8$zL`G?)cCeiVV za}&E=HR5v`TH$-ilhdI&8bJ+M@F=ryejcSWbT)J50^A|h=;p+*d4YjgFXnJJl0xF3N zqJ_hhr(9-F!8kPq{S-(cF;2gq+s7()ywj*ArF9ysrisUs)5T-$EIf>w+4xnVL5f|A z(I5sYw(_jK{R6l8d>Uy4_TPqpNHwOI<;r&b^g`Wjf-Foi*CI3-7YN~v!FmRh3iatG zNW&DfmBG|PeYOeWFvW~vFkRKl%$UZ}8RbrW^axF#*3lFL5ahM!TxtU4TKR*YaV z6s<-?z}VHl4{_v*Tt-oX3k>E!40D%WDHu&xQ>EZS$utV)-2VdJz^giq`{7`xGeueU zG$P17DV5YPfz5In52gPS2dWwKlR{jm^+)6xWsVTsl@KN!cj`wZPxaoOFV(zuFjEhl zu9_uh_`V!zP7LPnT#yjltmeJ#+nnP&aM+v=HtEQoFE?^$khcp23XA+#hgHYhqfF;D zSm+mG*-0A#rqq^~cu#|@gv@({ti*cjo`e`MvB88Ng24|^&@4PH`yEI9qIC*TV81Ia zs|RTrJDqBg0k0LH6_9bb^8+qr?8g}T5MYq9jK2k}vEvh0-p5b^slLxg7Ug~6xrR6D zHGG{YlUe;ybCCn~h1k_w{nWUzILwFthA-k^&XD1B_*ET`eE)*PU_HOkfVr>C3-O=S ziHGb8{U6Q*dndG4p{Om87i(t1AIGJ|v=#J-_2N1k+t!@tQu^jlU0|QtgA~ZRc5gf6 z;K(rRU#T&g;@o1JupwsVe^^AXP!ZnfB0|DnYMjCFoq*T3Qb?S$>JE!>({A;-J0Zqc zFt_2$IMKZCtjpIyJk~oZ>ZQM(B$i%zs}M_*8gA?>3X)>!ccLSjmTDN*=-dB9EZvN9 zTs)l#ONF1X#rttbc#DTg0BI^C*N<&huXSFv#t%9WDoEn358@qV%Kf+UYe z9jd0G40IR{5W;>&(24^Xl@uyYSksOO3Q}7U}JfWDj?vII)v_e0ULFlQ$39 z2FJ48Y&}7rX7QS-W}|-4EyAiS`#m@moZbDW%lBoy+w>6{m*Z_$-dm7exkq5XJ|$;= zoe&7V*Kmje!LQZiADsH3yq(x&>)*BGvZ2+4GJBUZ`%p4P+?fcO6S6sM^R`#NGJFDx zwB>}=j}M>7komIMv9c#2Eyh0e=(A$8+Gy>AYyjK+oK{;P2%efUZDq+(0#>mVzONt~ z{M?oeItRVXZYgp=i@1sHfx1G71Gid_vLL+`m$^V3h?S=RUyE?Ji6P1>(vSK7ft=jS zmlDvnKuV2+4cqimoDvU^d(uo9+k%z?mq9m8&eXSwTFYc)hz^#j4P5-Xp07U)YBgWC9 zi)Vhzf~4RU`@6A*y$T@7ADaaE{D3UmstRH_0n9AGwJEd_zbcYz}F#Rwu2grp=3^+-Z%&6KJD8sN%JE*%kZ(wAS?s-20@Oh2F{X%4H90lMFeE=ZWt1$ z3}hIFL@EQB1AN4)n(WN!OX~2;GIC#20e1Cls*Q-iIB;ekQB!~f zRp*cK1X1D4{!UGqk^`AJe~ed&5odOrn&QcU*qlGc>qLw*yIoBw%i;D3KgKfR$C-Ut zO>yRAs5*a)XNV?e_E9xudJech{1gs&mDnmoVSQBv(yI6zO5IUA#qOw(a(C3B!2J`7 zrCc5*DR3sh5|o{V_}CW;voJ*iWtMbzztGzY+6F2_b?Fi?_qOD&1nwOml^1i&5c)eI zmCwTH6;k0jag3$gX z34SB;nWG0w3H}2JND2Ph4lqV}LdcCrxeRe<4XUFmD{f`U5fc3Ia9_|R!Jm&}u;XNM zN^^_h+rd8uIgl3;e7L)_+YHwyZ1c}b@L_J$tpxu(#79W*>${cUAGx|)34Rh1+Y&=_5$VIitV49BENKMN1CnSg+tJRf<#D7F`ku|-l{V*9ArNU^+uq2ttmpC#VLjo-co~dGk^X~H zITO)RX3sofnf)3mF@}c;6l7EhG*M>%N_R4Q7N!cB{VO?~?5h6CZ?iyuRO1yPcxRYv z9m8C47$y;Cn5zv|fZvugz-5MkwG425VW6G?E-VbRG9cDp{qo;ps{t8580Gtgj6WXa zsQN}B<4+K;LdKscUVo~-wX<5KKyLZWORH~$jDIF%{5L|zKNB+k8zJMLnT2N-o|$+; z*fJ9`{u?19J6AIvfE*dRc_HIJD^kXO)yE#vn~8UIIMwZQ5W5Q||M z|0IFaH5?`ot>kVHGJfJv%J|dq_Mgc3*kJfw_&Fy5Sy@u%Z?s*IlnN6GjvyZOJ9@e>k|JJzSi zy7ga6QUB(!sNa>p(*|5wG8;gLhADQ%GAEH_`Cb+R{xC);;J@TXu^}wLcc)QKnhZJr zT=7_Sw|KlbPdsWo;<2_A52Lz_zpKjetG*T!6NiON>IWl;%=3cC3;{YSH<6A&<{ek4 z%Xh|+mLP64#QrNpfRQ99jD+z2aS>1r=caPTK>qL91p4CKw3fm2LcMGgD2#JcJ%bt0 z4r~IAac*j55NxY^6R3=HQw)QB!K7}2vLFk}f}5c%nAs6h=rz$0QYZ_CZz7U$amml3 z&-t%Yl?PmaKpNygSkGYr=HDI+&vGzCDi1i)tYJWSwDO>Gy+jZ72U+^q*3m|#*i-=W zv7a+wBW0{b-9b5{{~H}cR<}9^G1jGy;a}5E)-e#!lXMImAj_8v;tU;wpv=@U2)Z1h zV-Uqc$B=F77zAPrfuAlNgGBTjm{i^B7(RMY=orGo)G}^}&@t4>ueOeXU}0j+B4%@X z2pvOLz6CMRF~neuVqZ3iDQ-hVcRGgavAR&lAcTt0F_2FdI)*H)2>*qS;pced|F3im zgS*u+fH65m$FTR+XdMH$7m-_#xz{JeY=_%0_)``-hB`dQ*gA#}@C-@Eh4afO9fLRt z{_{G9#pC~X9m9#IPtq~uK$DPT>lm`6jv=c{#{ieazo292g$hs7F%Wo2OF#Nu=n7il zO9=YtTS~1VxIGGVPZ*e63oh#bU4NPPRA9}pK7&gs&3tV(f*a2iOmZ9Kz2VvEdIS&FE+a<9nP?lx|(L1vb@gU*1= zh4nOk%{ZT0jaMTO(++_oO;9N!GYcU=X|!O170&P(0CG7#vXjuWXT4>;bCmm^DihfP z4{1hWjSJ$^(}X--sHe`I!lkIN27*Z;3phlJ%%@mVRMoJ_wabON{1a=S@S3%s8=8BF z2C5%qGmlum26+xBLX77{yAD_#15jGivQU>vXPfAh=U(aBv!5pK5{bO--O9f%V#hB0 zbHlwD^4)Le(+eRCEGezwIPi6z;kf}l?&~~Lsk$GS7n|Thn6eeVi2t?tU*$W2eed%? z1Wq)_(HFFC2lQI;9@zkE0w4wYVWiw?twt05RA>55z)RH)juKyA!(qrctLLUvYpHs(OJB+cyUeBRZt#O*e?&#GZJ`=7%PfFnfq{_#sI^;+&9adY+We@u)~a^VzJncA%6;Tbme^1IAG zur_iURbqU2SA}J_9+0&MG@gmV&(CpauPzv zy7ylp`nT7c2J$e8#7`Wdv+kL6a$lxHRRt9QH3l$enT;!-GGjb5j0G7(g0(!ZXU(1B z0D9n-vduGwo}@hm@Jr@4Z^xBj@j1rij3I5}Sf6w>YE8naUzaf=M>7^=YQ>W?tU@3P z_mF3};^K3d17~mLVbb(4R8jO6Bm>8^;9nRn$YGt$14K!pJ-}mO3&7-&x?)%;2fZo8 z>?V{CpQ)NshqE&c@hu}_OQ3iDDR$xQnweH|1`gD5F{_)6pW5a4QETqUuQ*qIWAxXD z#Mis=Yi)ZUPQHwUl`n;7hEnw%*k%cNIO4eWKd2cWO`S^mO zJQJC*4$>c{vmUKJM#@&1gs*CFhZZcXhMgEx7Ertut`jA-S)VRtBDdjPYj~d)Emo>7 z2M+w)(vLUeUoSGt#pWwJiz^_Mm0zGT--+0=9IbeZtN3j#uBaSF*@>{WX)fPhUfmlGo3;Fo z#eqVztbb5lo`^JRu!+YJs^fbG;=~bhT=X=H1};DY7ceM6+N}?}LHlYCS_ph-eIEZkMqLvq z=_F;vDpUv0{BTQ;;j_IrZVCJfF;29(=dPnr4oX+h<%r{{pl_X$JNYAu0OGOgL$6}B zUrdjbIOLT7h6nomZ>@0{fq^qo;P($CgdC5zTP;Y2dO_7TJ|CuP-fJX9n-;+y^ZM1Z zz_gU33YPx_G6tH}*MW>+08HA@iwGw~kTHS3S^dV@>xsDcC`%k#ljul6yIVC~K}mZx z^ZJ9DS%jn6_125uM9S`=q;s^ zYeV^nxEQ6n9B&}9iv|p-M?|^zbk5{I@^e{SFhMGmMRWZHDfMeCqJxOXC zPPaO|>DCBT7r{$A;Y*%%c>wLh2E(}$JKAeeUwIdPj#DMw3 zPL4Hk!$qN5?#{_dauvU;>DM;{9x@tBTv)>6W;8=rXcV=;IYJRsS~zfz2CzLa1&q(} zz)&a~*ZBG8V3+{uL|hFNx=UV%<8aop&a-WbLVF%mDDYAo);sLe*gk<4>NQl z%gANpDdM%-cYw|y)7hLz8f2UruAu^MC(#*R^3` zr)oDCqqEky@kyJFxcW^LfD;7u4PTWJK&&$+H)AdOiXagA)aHZDg zJ;DC^w%TqXXZY8+9VfZ>rPUTsVEhkr6f3m7<+YrDXAnMf)+H%bPvYGr_zEBtEt-nD z-h}N^7Odz6Px1+Hxd_u!gG#?|VtH9CB>rD&4d5m=q+Z(A;P6h8hdJ6BV!ef`aGcZD z5bwQ8tpiIE)7FsWy+o}8dy3a|Z;mSNzHV#C@}8yEk#B5kDDd_gvb%DdT8Hg-j8k!a zr#A#rFm3~GUuzF6yiW60;cED5Oc7`GWmv*+AL2!tQIg~?#<|D+yhEYK*o2rGa`iMV zY{ltE_n=^Q!>DRJ0QDdYIO%UZ;+{TXQWr^~F;ezOB7lj$=)PL|(9kMQ04s|Z&*5Ce z$rDas?`f~IW!6VPw>^7{A;E$*)x}^ad(?h}j}Oej5W6BZG`8t@SFNdKuHWwH6fRj3 zit^9*4B~LU0ObU-YuORV!>w=D^`UAmxjPS?!Q7#vu} zXKL_ifvLPM1ylK1Rzl|n3tOzWA=}_QDbb3r2OkEKk92xry;WPtJ*KzWMyP*JD=2S0 zaC&xUc0)CO#k7Q}kNz&N;P^%*yN;9cVlIH$K5BjY7K+wC0n&;v`;$mf;)yd)T#n!{d6t3ji*_TITjxjwCbDW&_JRO2%A=Mm|5DJU6%`n%|}T;Yzzwf zl065AwxB0hKhkile}liD1JAg8Wzm_OMD&^33m42_Iw!)P%PwVgy>v(*AY{HP-LT^> z!brJTD;|l6Mdxe9n}_UvDX8UdUYM{v^^CS%>UpW@-Xz##Yx&2^z8q3txebDv88Boe zEa6Eu2^^bmQT&*f%a31DlBR6f?Na{SqAXd95{mMFSok}BYbigT zT(Sy@r(EdJ_mppGDL;{1f-?Yb#3G5Zasfu9*;hAL+;kX>>!{(WXDBOfK^)$CDJ!qX z8&PqMuOp!(-+cV0EDT$?kty!`d$(g>@H5}$%YDZ#Rf=}$Q!@f*`8L0;PfZW>)+eS0 zQuT>Rfgbuqc$Ei}6NGyM+z;*RNK{r7pv(YVX~AQ=ys;1WcdN_e<3|kgoHODg&zU1` z^2V#a9S$I^F#iWtdA!NL6Sa=GNOX)Ub>RV*Pm1XeX6IAM^-~YY-p~Q`{Y#ySp?=&k%69ww<_bU6AP7p?sXOK z0VG4(tVa(>`4+8G{4pr83IFfnAA0}b0sMc3e;U?{HIVMkAvK%f-vD@`MiM>w*cW)2 zGwPd0$4gP=!fG0j+-BrlzH9fs>E3_y< z`ZbYbGLm6p-L$yw-lvcTe;ByZjodvrI1EhG;_dr7L9$+j8HVJUluBBT+0ry~VGB6f zC#^Z3l2FPW^$DcM?$w(>M>}U=VFMdaHv%(}hOFg2d^bjCnA%R?v0`P}TO8cDXN;*6 zRo^wIms|#twFB;(UMG7|n}ph|z*bT%-WB3m1Rp;(w=${eC{*H$l2Dq4+mG&S=wB7M zR?|1bHV~$Q9RnRLch%3%YjEN+Q56iVF+SC4Oipqd=NLC*>>fs|{+FQuHC5Q096m0GyeLxbf!RVwy9${ZSIAcp`no;;Y{Ne=K_nx&c@P+go z^GUZfEi**Z(teJnQSfE3fB+hO(k`kO6oS1)a^`AH>{u?4j%D#if} zdNawAw>Tp!EN@$2g4`E}B?WVeQGzX5>gjGry=LCzaOWRc+zTs@z(7yzm**cqp}rFi zoXlpS!5uEg#~8|4B&hf@;=;vgmGz!X(AELM=M)I+*&}XJswRolZ%Bv)jlBjj-O^Y= zV2J?I>7bymvB)RbRzY8<-+x5k3yE5?vg{a8O@jNKzBxo)zeJRo@q6>>Ns_wu1$Etx zICXemP}gR>+0-?O)U^kx>pq*hZi%L@$z_iT>N*x^ilVNUe=Mo%#rWWV042^@l@EBw z;@^$`oAEyj|Cpx1U*kWT#-5M#zf5B@(FYV9%pcJ$jpe0R-O$(`1zj|jCH$8(Rwxn* zA}Q=%lGiiDm6+BvwTrw8KNRLdiU`(PX&-eF)^|~BcZ4+oX-HUkk|~;!4hALtTTF%OyWsgx^y0a z5F~RiqHL1Mb;O#`z%7AIB@3ctf12*^t{HQex@N3PeC#wrLSD$jK z__jv38TWtsI?nW@_&PGZsWbf9NHfF#YCBzdN^Z7`36+Wr3qH;W(}QFQu(P`cYos^L z`ongLWW<6w&i8P9rZ)o`iX;Qq!w0RaujWYhE(}~|obKBkOXLTwToLKXau?&KnXPd} z#(g+uK02v<*wFc0kDu&JhzSesKZj`bGiKH8DN6o}(svuZ?~r!R|7N1vj1+O6PlF?D+ghST=4c#;5342pR|cMB~H z28ED1^TNZcQ7pXxdbsqigTB!kgcyV~VJt+^G$eh91`gV+%6&({O=Icx@iuQ;3Dwmy z$Zt+?o6_Hy5bryd=@|tl8pqD`UMj^VP!P?W;eQN@dgxRv!kvcZ+cK$yy&ReF07k*b zYH;6MMRHr>BC}qI!NW1Qfwq{kLa~)A9|0X^uGnX7FZ&Lu zP*&gqj3j>}5+N+9tNtG2&rsz~;U(OIsAjbkDjVtx;dl#OtW-XMfx+q`Sfdo0Ho}~%6;BkIAU-Gn}@VD#t(*}?TEq4 zr(fEs1$X*zC2M@;K98k2zSA6s9Y@;sRcA8OAe^#Cg6811X1v=TWF4*6xF%uwF>5Xjw8!6E(L*xXHL&WmAk!pLxPR*`RK>XM?l4s4;9bb z!JYgVU%A`!1*0{`F_+_5AP##G^zOj65376oI%CUzfSPl8|Wdi zNNJ35jB1R}ih-9NxRbQ^93Ryl4Z7nN){tFb%sN>7Ut*4 z`!3P>g3M%vy|$7{CAna*3bkZE+4U3hanGQ=lj3PJ>2JEHSY%$ib7Vx?b zPsZ|ImD}Lx9G(TR|HJ6UDB6qbe<|F%_fpEz5Ofr_1SSX_MIb>81q_f1)FW4S>I&4F z>sY0Cqb(qG<)7<;Fm}I{JWO1ZEa(i#uT367(roc_vbC5)8MOc}QuySFbLlYWg~L?6 zN8pVvN}3hcLhXArq=mA$Nh7YXiA-7y*UzDCVjfF1hwf_!l+@$Y((=)IasyEUzgWOQ zN+UdSXifM=Oiw`EHqSlilm}C^_I;vQa&PX+}K|9F+@NBWcl>oj_T=GI*410xcu+De&MT3myWrGbZj`` z6Fkxb1X9J1T0`qh>jJE5L{r+K->|XtzGr!pF~;N~W-Yr!YNbf4uQevdYfbf7mx4Ix zf!v;+AYa}h(9}SpB&1sLnVRo-(&BuQaW=nS)$T?8DA&*$zJxEN)L|OV%wh!PzhCxE z0K&9@LT49;;Q|J97ALbCPg*0eV2U0)3U-zqVCh$M4Px%|RNAa~((y=&@g#Eq0|1vTo3;SWmp3#;Nv+FF8i}V3i!rxaKZ93LHh<( zwQb~3P$sfNhqS3;^>vA*xZ*_2UpOiTjj5vG#06bw{ zG5?(M<5`|F5O^Jty~>Y|EZMDW*bE6}!-8$WZI!!KMf+|!HqT8U$o0Zw1NJvKj*Bq^ zj>U8qoGyor&_#jsc{skWQbmohaeCY4IHii~6dd&=L3q1c5dKBy4rwbNF(k%&MtRu~ zM~qj&BQ^%&S%@C<-z)nZ|5JR&>tgYbb1n?^wdd1bp?z>dn#P z|2_RE6cMc=t*5v9|Iqd(@KG1{|9?Uf2uIkcpg~204GNxsMnOcfl9i1ncpxa+cr;#B zsffFRg@oWHHOsm{tyVnRQjeC_wqI}*tJI8z8^PZXayyyLX&wH=~JCVAYxX5L(vC*SB&xa2t2(<Eb zPPrAEJ0yh36Rmlj8n6%4{YM6)??%4u9zMb>-{GeE2&)KX-Xss@Bl=|eny^{Op8CYUNd%1>Cgmk{w`Ppy>l$Nfvwm?9S7ygFXQz3S-)Pp3g9T9CA*D2s#&Hk4Q>#>L2}z??&EBM4 z3+bRS7$sI)GBJ;tWfgCUTE5v#Y*eZ+g9=3dWry;A$$mYT9>dvo{};m@wK9f#lSD5f<+d^C^3gD%+q|;P|o#gv?TY z!c>dNXE91(4dQ(-kg$%IIJ&f&myg#mtoYF{K<|EXWJI3=e(Cp5#Y=J85>3n>fT1Ys zI8C+U6Nc)VOUei?vD%wmssWBlYTJl4>E4Id_lPS`S3SJ__VHWJ9iu)SHg+;aH*KMl|hDdIl!4KT{2XzikMAtFu9TEnMYMD4v&phtRGeJNJaG1FwsIP8Zdb- z3C2%5C^#BFy`Qb3L5R2E^E7$Tn`A6&;KSdjrIx&!++|&Jud}($e45|>7cyP+)8tr6 z-Pg608-TwH#*yUS(KYu*3*%+Ms1yt~D4C!`-77|&RTMfR=)x{*1BWs7FukK}#yMt0 zy>vsKcHzcOqZQdTs66)Pned5l--@ho24SpmI$0t=Xa!ZOSPJW80@l`C!cp3ipe?XS zZVL75<`g8yGVOG----e%8d!*=fE9ky5;fG8dRvV2R8N%X-e9kB)+x3uYo#GLIH!S*R{eme`4h3jP5#uo@tM6?d?x{WS-D_sda_-X=QYtVtL|7=kRPZ!Flw&lB2J3g z2S3_wPWTJRy)y!ACxNwQFw<%H8f!Y< zmMms$4{Pts&FYI=jKAiq`TWU!1oU9rBl=KpP6EDrlKO#5k&cf$v>otJNX5{7*s*hG zT>N}4mCA?G@Q3A@AN%ggq_EEQ!!q4U_%c&6O*ofKv1uIq;*bHjJP++`o5l z5y8}bcm0T;x+qoY5edE8ypo0Syt|x~xG6MXa+KpDi8B(F+6m;C~{nI*8>4qG;El#t9At+Dy14s^w zTIxJ=#`^AU4!*rrbYzFFhGj82nLB)UH33<@nYz}u;1bYFAoklXMt1M>Ef_)yqdy># zp2>FfXHm!B_y(Vr6@P2Gf6T78}XSxFM zTOdpLOtkVrf%^|sU5bgTcl$En&5MCaOBgD6xa@>5bl7{{*Wi zcx$KiZ=D9uwpJspfAkgmt$#70X`FPv#{?FCw^!`wKuo}UOZwlOt<4V#9K$PQ5gwS~ zy^csmrYS{Q()C<+`vgi^Q*`!$&ZESlsA< zT(_(X65_gey@}Ud3lfABwp@2+I}+gzB+7(D>3=}NKAoHPY1`}VivIw#!tKug8CBUH z2LX0jCErUCDPMfNeTOWA$F%Q|yfFYVK2~tZr@C<#d66N{@Z;BAE(L$hxXe{VRR~sn z4RfQUip^88QLDpSl5DkkFZ?S_zz`KZE_)SUO~dabseC4Xzt6PkKJ&Y;sV_Aknt^tg zp!7uQLf3N-b#xt<+WQ~q`enApFg>`P=-P*&NYk~j9k*uT=616h;r8hh|7md9&+_pU z#0LQ}X@mE67Y9z{ARQvd-=z^m_j$Uu{WC2|J~A^HOfT#;&tOzo%9V<8FG0CrR@xqB zE>O8qFNHT-(#_qLCS8-z^Yg(Y<3g_j^w=1aeY88Gximk0LbTJOIFKw-*sl58LhN$) zoRZc2^%BVaG=HZ6ipk+q<2}{xMQZWakNzJtfAZ`2|6B8S>((@JrU^+$oJm4;*y9>I zG=KlDKA`3=enf}n?=m!hb9W2h&_SLCFtWQ>_>wM~KRk7J<<|7DYJemPK-^@}G7Mz) zcUAzNnN|R{{NELT8VA#GOoswcqihv`jmmmX2ucHTKKhT8IlbTiR_}M-N9g??0fLy& zir+eA$RVBdetQQE;EBbW-z89Q40d z^Mwn#sQJ{>PHMivM|x_$+V-Y(Lh#glPpN4?O~b9*)qE52${gT(=IFYOGY^Ywony5e z@c3YKM0A&wG8pTk8wPKt>X;@z!T~$3GHm>-WZsO-=+2Vb?M;o?kW(eKsoL<`$kwBq zw{|b7{djDN@0qq>&kwD-wvnwX6`Z@T77({Tmi!|izu@bb&3uHXdmyuB-&;CwJgSV< zR8Pa)SL?Il8jW>}ep$PvsdhIha*2;@^)+wpO~}hdUglu z2a^)nn$^6uz+d~3P{+w_^T8H%+mkh*PEVSc-zDT|kH0`#8}ijnD4X z#}bn0V@^jOPbMX@HM4o^QU2Pk>Lam7Hy7AG+AhCBAL%lE>^yj_|IOfa@6zRrY+t0A zxo+=lX)l(Zyl;Km9G~rGLazf^UU_1E-5;muA{Z32Vau94g@% zm!!eTySyv71`nK78(MIEihO-GH{cTCV2|xn+b}*e4ZK^UKqO>>6RxSFGiLlK4P0}% zEASIM;6G@`_28l&eZEKo?^EP}cWJ6yx~Z&20ZeS?!#0)5nt{>GkwufOYg0|6h%8zs z4qib~R-awzrVj4Xl-DpfN;~y2E8TE*qrfL`OE;!r?%deyOR-~4bajs^%Ix!9x{-n| zjd)FZjd)FRtF}{<+36;88r4WAg@mM1VCvHLnxhEr8^XJ zt%%i_n$#4G5A3!Pk@+u_LZcuJ=ZB{LK~-SW>zKTS^7fL3BZ+jphhQaE)@o&WPB-yM zs8KNhC(JbBfhrfuAnI{g##CboV{(=7sF*nJj4K) zH}L)RHeXA^vPb#wH$Kj%JsPLp>yrDB&HV$P=Gljk%Ds_0790~2B-%$bZ*|v-ep~Tx zd?tU;QRuf_3uyxR8<+EGrgVbd3e%O|;1JC4l8FBJyn2>0w?BkS9+L#u<}feJ?Znwa z89UA8WYBHo$z?v8eSVJGwm1vvu~qB{{NTw3f%XPIDBP^I&98j3*1t!C-Bb=)nV>Z_+rFM_*Og zQkDoPutdU(SsaV3N>?g=`7>-XpIxleDz=DOh2{m+0i0a*6y|yAe4s4G>s7JZR@!D( zOUGg#FvVwK5xy>%^z}iGUOr3eqe?xktKLFG+ zIpz5qtrFz*MU1Y~TlwZUvs5Cxx&dpUuigr-ZGrska8G|MkR1)YmOQa6Qln>+f|Sz| z*>Vy1#wO&)4uUGLMOT~W-*LW}@@*9E^Gb4yvd_v448TG7%^X(NV)d;cR{fg!dKGu= zpg)lFYPatcKf_X$u3z_PBT-MYdAnqe{pQ0|w<9;iqU75VU&I&N;Wx>H$| zmYVTUfGqTq8ZX??M+SQi(hI9ZVTZxNzmJU#z%%$&j!-5G_G};vj1)c3`s9R zYYhss3ioQ+F=qZ0DhyqNuKNe0bum5EHR!DSEC&`pIE%4vgrT~!WmW&i6%M|@l5Azl zv%{bV-h*2JiV(4jQg9l+Q7RE$E0#0CiNJMdAnmx`8E7J3&Bpt^wL9cMYu9dT@B^;J zq3Qm&E+}+Xc1hVS<-qaN854JjbO<&>i`*U*U2;jP0xhfc-(ddC^uwUP5f1>*@p8XI zeJ6$YWfgD%?8T`0?I9lqT-{*q!C*&2=1W|ZIr)W}865s^&Gk41+s__)Ww+9-@K9Y! z&hH`Lo4n%nX$nL|0WExgK-+kiY$r~tie%C_3CEMRP zg->g#JE?1~10kD-dFvOf7imO$buHqz0IpM!zfi>5t?ghOL3b?MzwAI$C(ZU5M`x{Z z!ziDrz*_j8ug;Evgr2S=6j~w#^3OnIGX|lo6Wb9oHncS*up0M<8?1z-5S1#Ca@$~JfrW)sG>Kw*F`1e`Rc9C zDqgu3)?qcmd(7;g02*a1?nsi?Rsq3H(uL;dSXo3t>FQyFFts*w?B6U0Tx&l6xi?SC zs_Z;nX!b#u_Br}ni%H&VYY#w}_sL5<;|e_4wScPm8qqd|JvVop9;nZ*^Vjr?ab-Y3dLtdbSAvF6I)s0}q!0Dn|h@B-{_{57BE z+4&ZH4+<#4kq6!`sQ1j9Ct2`2UvCF5tIK2wlHy+g{v?Yf8|SHGsqH5%ioS!Fky#Ha zth9z&%Gi;M1#0ng&!^EB!kyvE5|Xyozo6!ferxteH?z$ zGA>s?N~2ZTIHV1fxN{9bO`I*sMI6EEwlEkiSeh9awL|kFT+DzXwJtVMcp9{;zgbAd z^R9cXOV9kk^*6rFXJRY`aO%+dKs+nzfuMI*w(o9B#mIKNr*m+y&N#2C525FpHUCmu z7^pw_#dYk^ovWdfoE2UK3JvBcikHVvx{T!HwHn%2574wYPU0oBXZ{u4?0D+1lrSWe zM#F!i`hARja&REC&HJseQ_24R=8sXF*#f^+Lbec!RsYF)Z_lNnWnTctd=}M4=3Wg) zm>3qT_*0bl1mkjpRTY0)ot+DQHnS7jIz3-29L@xXT1AwyUI#yejP&8y1NGr+7005K zGG}DvWcZHGc;wqu>UQ*HTlxQM{`&D#o=AkP%X^CTHoV)%)?A?-Mf7`sJhbLo(Fw zbGwn58|=xU*5zjrekdvD_+6UQP@uFkSEf`5kGRLU{yBhSY)-U;q)g{KdFXFHr+W#+ZAuI<6vvQ zFv_27eZ%ofoYuEoWbxNw@&NoYt7dE6rV>q*9q#9pvm<5E;+D?4**HQ4-g{ zu7$n*IND0M2}wWukdbuNYs{BykwjdoO!O5^CHlM*eWfz->V@tmV27*T+)pLVs=5!alKW zh3Dwgic_}J4jzwT;V@LlZ-OJbhVirV#hz9*O!*!zPoR=VuNjdCu#Q#!(O2b%k0sY$ z-;3GD!D7D}LY?UQ-k|;vcI?mm0Ds8#Qg%RM_lt5myxaM#@z-NtMC~UzBXs=mjc)CE zwc^E-9_Kc!n<$4+Ftuv5eGO&yhSIDj)Y;gt)E(aQ%XbW(sbxz4X>SAT>$~q*)L~iX z3xx7$3tszBj<*Dz%cOf&K5;d(QaL3|%@=b47=7^)K11VCB#fK86|W|nT}Y_Q7V8cL z6?g!ZIsNwEi1%V$Ps5kTY$bEhUv=(X?F!0fn=Dz*B6719-{)F8{l79jxm45v4VNlh z(HC^CJAg_Kw(!qNWor~Xg0g;4dUYYBHlXylW^@Z(Tsri{*>oc4o`b0=tNA{4cRt!q z-KVK7>Z*#RZl}5qi6qXw_GOulG1ZK>^JCGbM?$v>J zk%Unt;e%gw8_^R!<8j0i#PO!k9jKz0utiivUpHZvjbu=Cq1Sw;87g&}>lrh{vK*~) zg$w6Mal)+jEugy9u7jydDF$!~-QTQ|iW};0cs-E$4bmK{bG(rWJB2*CBv7|)<`2Cn zV=D`N^`}6B_yo_$x_jUZVhHAJ{J3X^Z+Uk2$gWh0@BY=AVrcu?Ue3hYSooH!OthRY zWJ*gy!IC<3SVXm||48JF7dJF}2(li*kHe@x^_IN@RNvGH;b4J}sU#ZxwwJnvkK{{Z zFm_>XEY~VI+e{nmIv&idZ^FLD^@W(9n+eqmbp!hX;u)FJxCWbs2B{(L5@$fT@;P6p zY#VNJ*mgo=QPV7zMM&zKJgT_{2n7>;&n%=BPjfkMt|E(0$V7MP5G-r9u(;%bQq31k z==#K47UxM#{@QK6HlDkVR=0)@VWnX4p};(K?&cQ5xS~wO-NBCi<>-xA{4e-i7+(2 zQ!Ba#O58A7vzN_@Te)9xUksnOcJZp=-&bKA8PZ3`)kXv!ESn zdwliy)TNR=ZKJ5&*J09*ywq7`yYO!mAgpFePBNcE`^o;(_AthJ89b2nj&K`($E}$o z6|y(=diWLW7R0{!kLM`6Lov5T+H)lP(e7X@r)_dtB4;439CPHp)G|pij;-U1kAZN&#>lI^60$G_=kAsk#nztr{o31( zpth8K``7NCc!$)6iWSk;!L@u_p%3B-PwyW6q9{9=FXy88n3J~j%$S!wvZU~fCD(+8 zF3AmF2}c<~GnN|w6Lhp^$hr)zR@mg^ZA-d`CM#r8y#J2py$4wJ)@#cJ~j%AArdNKu-@<2VuHF@w!QAiDYv)&+@5} zc%>l?tTF?>&h~<@U;xRlnW{Pr>p#t?^2=u1SHPQ2=_IQ zqWH4f66B9k&t{cl{`E&)1~|cO9h~w)Lsd(ft5BX7vFxzbtfGS@TIHFa2uQmM3s-~h zdG@MY_h2kjcl6=NgMu-?y{_37z5Xikr;U7On!En;${1 zVMl7`+mTmu5Kqiqry|L>m^HYu%J|2Tc6Ic9c?Wjf9#U;&Gp-zr#!=T?icHRhCXNTQ z2rO_1muaGE_!@h3Ln zo{Q26c|W&R7Iwg>wFx~tVBBgGZtH+?rA-KWFf7lJzdOc8FEGDT8Zq#vQPP}2P3slF z4)aGQz6%w~XcE)CWQfGdGKhoOI<=PXS9n9*hY9`-$ePU@Udp4Vx{xBtTj+Kh4n!-o zqL$C(W7(~I_#5?UEe;#H<~qgb&B~RPmSK5u!=L*JHpAHM`H3@BLvz|!$Hl)4 z)2l~^U27o-1i3pH8);gZEws-@eh~%4U4BWXbEGIKgj!AlwA1NBQOs8-tuxGK)3cC8 ze$qDD{d14;&Gfwq-D6~yoE}!VQqQTB7^*Avgi4to+cr&)-YhEN`d3>vFRrqd&@)I_ z=I6t6`<^@l)1%%jxT$LqHx{z^+p#F`n(M|w8hSexCwI-2{lVY(5T9n}9rC2zY3}G{ zW1FX)YH=AtRn))jnJ!(>oHB#yLRp-c5%Iit$?iN1e^UO4soY{JjK1qe2WlAOh=~Wm6TD+x$s3f7;t4Q!21$C zY_7-bS^2x{&AiQ81*aj$ZI%T0J48o*qld5FTpk~@ z<8sYN4A6Vb?H60|UFp$%W_1O>B;DnD%>94pp6k~xWCgEZr>Pf@TKg()KATJr;eDVE zoq5-H|Jx4PfH)VM6SGAvd)6#+o3GiHBbLp-HY0h(ojLF0ILMh(Hyn?Cnqjr}4oymL zw(Zm4nGnXjPG{Qo7)Q>FFMt1WbRG5W*U?EG9X*Ox57^N&cK%;GIxg#b9etpqqkY>u z`XsB_>*(o!Pj~dU9UYZZgGt@~|I$&#%^!bPO{2xd3@^0Vj=y@F- z9Sja`L|4+f*U<{JQ*K11-tk7XLLEKyzv*Zo`i6Bo)23+NK&Q@HIMcCzb!CL&f&^nT ztt(+q)9ZE_yA?j<>fF-kuwX2Rx^@dYJVB_5xvn*c6{jm77t`)pMj!$Hx$XXtGHvd5 zgU2bVBsZ23?IxQTKPZyf2+p{VMp9YfgS5zkF+_!#`Q{x6P-!!rjw7D;%B9+H{gnbf9sWP530} zm9S`(l4j937Bp0`UFdj+hg1A${NiH@DPvw8*Uq%VGEr7MBHLS*C;6Eihcdf%Q|KfU zWIytPX%}iQm*?ENGVAff(-hk=z{@bamcxp?(u!ADT5K{GfSP@=;xAsp*(AuZtS9iq z&Np-s8lknK%%!B_@^UZduGOu}PNv8HTQ;i^d zpu5s`bFyzugvzutRBYa*yZlRfC^)J1xkH!q2>0->?#`iImjnfC^v7yrlNm(Wc(6ya z4e}i?&F#^=E2}hf*Z1{`-c%Cur<)VpRieWo^!0z?)C8bEzv{H1#LW9m+W#y~GbC;_ zDJ~|UqoSAM{lMV^r4AIhMq#l+hgwxj?e0{Vu;!~%uUJB$QPy{Y!|drf`zUsxivLRU ztKW%V)$-wQe3sAT3>12y9DlSac?dA`YR}HNvzOli;ebv6ropArCIT!Ktcwz$8LdR_ zyzZsL)=Fv8v)P7?dd0?!TI1ijAvmBZIJ^}V#;&r_{vlyKJF}i1J4V^5;Wug6d^S}( zLb4Ac1{xXHUuHrl&lM*~#Ey2#q|sA`geH|mHNJ6-Kpy6zWP$8s(Rm8+=MkzdepT8m0cVDnMN$`<1HUfMiQ#y#waz;>k zr{W?IC%R0c3hBr#=)7FZ&c<>9&L#BUIaxfQG0j)vV?MSCg(c|{#s9DgJJUSCF8OBC z?2#&tYi#Aw}&+5_V?#V=r_?+x+L88R_mg7)E^Z_V+;Y72Y zL%n8JbQR~D`IkVQvdCECkGW__V_+1hW*TKl*ktG{yE0J^eRbPJ#aMMd8uHfip&y$y zEB4w`%WI^|kI(wSX}3mURz8$Ks~?-qTQL@3qc@}JC~C8xAg}2+=XP_J`p#(5$Uv7n zR%!voaBVY3lTsSJ8X3DDqU+sF|ra0~@-k5cVTqByTRLp?#oS^~MCpFwOM)?I5^w0m;A9KU&gql!i$@Co3F=yGCd~nMMVwxWi?D#)~uCe^wbH9YEeO(?qP7bj; zDoWdJCiq1ZFPhMKr0@gvUM0jmtH^va&QftI&vvm?bYS{S>D&m}K@KPHz^I!1(1|7& zC~1dS`50o~z)b>q{B!dG^HnEF`7;D!HSB~~!`jTtUh)SdqyJN54S*!}(64pgoT#G` zPHWY8;yRtbWE-5A^cY8eS=CPS%!_VHJPa6j_?MuCf3!Vv^?v|3Os&>VAT)r# z0E$}_;cRH|47l*Fa1jQBl&?W2Ol`TErZi>KY6YGNET`aPw!W3cvWv=NBel@37pT~@ z+=?nR4PTkcE!i36nWrW%U{g!>6D5*;W$#HMNA55)iN4La?q!ldATwI4Ii7dVAJRkn zDlK{JL01V(@J8m0rM>eh-`_Kv{jDq(%r%*t*lpK9=-)JFu1Uus19A=&AYvC92ajd` z`(h>3rx{{=%vPK58Pmy?C|+k1UK;BqSeCh*G|MujukPSC$VQKoV?Kev9-|zwz-{|rRg&Ry|MYNh^Jq7 z@=Fs{B`$I$=Jz3O_{NsNYnrI#u`zF#^m68mCPe@eR?*7E%-mu-<5$H3uZJ~w$Aw|dAL*9m=RlL0r1t!kdyc! zP@>Ix3u!q&gH?ocEzM5(p2@FUH**kh9stgO()f>wh^kn%JgoyHT*o%pI~Dk-+Se8D zqAnd-%34egU!7G*!|*_C9QaaNU#`{Q)~^Vd<9UsvDAUgqG!8ho`%fb@eGvhuihR%P zB5}o-lJE;0r_H_(SRe?%u`$EO_R46;0%$UakA^Jq*VL-OsLyA^SGz-7c<9n(cd+97 zP&{XeprHV(;YL%>sKK9!WL3GCC}#E|%Go9`RxHGKkIu$afrG><8O%*)2_5lA&n;wT z7Rpy=fymQh{`@0tfPqEY#{JwQh90r+>4LNp^R4{KhwX509Zhgx zJb0D{pN8Var%+Dyt3c1WLk2t9>V>_z1IN4MTCJhV#7%tnR$V!#(aOXL)U(Sgz57a9 zR-})cZGUUdSB$x-Yekx9iivY0$yx}V7@T9UFwrx?&nzjiW+Ay7DA-%d977GbY*SJJ z*z}koPl;@H0$7)D6!4A*ndOyg(B&Cu3lE{XnnjMyDj~` zSj&*g#PicT|GJ6;{r=QdtYrvX#<3eZ%AVCzyBzXKxO@67le}Biyp0#ap7xP>@jQ*P z)!$8I7l#cU8XUT^Jo6*YMKuIw+!UPKvQ#sHD&{xhDa@~)wj}%gF?tB(2qwz_+o?@v z3cObh_b6-WK`nRCJHU`=FSl-UG7GTrbPq;GXN2&#kTbuTMosoBw@swQX?vr{ATWDd zS4Gly`oWStpti@cr3 z6((`$pE#tw<_pve#-3LL<{k&&M)T&47Sc4+?cQ#He7;t>S-0u?teNJDKib3wB~BS@ zzc1AHHr$Fk+8<8)_H1G&nMaFw-p^qem5I&c(~Gx%txcE$d-K-&tu~=~L^`4PN}I6g z442R@Y+l%|JkX$B@2qdWI#HoK_M|$5%p2AO83+I~4SW<=-!cABy7-nZyJSPb^c^T01i5r4g_R`(tnf7|3As#y!^Iw5zJZVbL+$j)9%1 z7t%HTiVEg(YPXM-W}FVfX-(7qwK2;$-LrOwD^*>Mw^t_=dDr^v(bv(t%EXE7;(Y&0 zY{C;G(@S*BIGd1%Wa1Wa@d%r+?bLKa-g`E|px<;Q`nTGIYdT;&YZKO-oGwxPJDadL z4a4ry_mXD!=nwwv_Gr*+WAG~z@ea`cvI*TgK(Dt6Kj{Fy$|eNTpyPS>T8>`U0b{OB zSm`kxn8-AnaC`@ht87AM8iqyhe9|m>V?6ZOOxd)8s3K#tuob7mNPlA{LSYjaW@ltD zYSZX$hNffk@VT^52Sl%H#vKndoI`9Z9nwb7_uX+et%eH zqTl--F=OLzWNorDG=;J%Q=8MzxddIhU57b5%+`_9!JW#aqIEX@aROos7qh9tOwHn} z(@; zpV*seJ#oDF@rR+s5RpMw!psCVd&hjDm&uC4;eTd9d30J~i#%&GY@njfM)0;Cnc;4g zt11%4mzlQ)8wu zPPW=WULcTCtmcr&uFFGx$Ec-Hk1-m@aJ~zY{RupQbJNpFH8ZfA{7h|AR}Yc0=rwW~ z;Q6HtFvkaUPU~$ji|d-KmE?1?f&ypF?f6h71}(Y-=0f(N61rTFR;v4A~OD$iM`sOgI6c3<6>svWHz9aZ0XO1cM*#(e*zl2yrTw&&{R1WJ_anowb+NWXTX)yCt=t4zd zm8{Hy$tsWCm~VbWB_{R79HLZ6itQ?rA|tcIs3(ami;{5&?y(ToyH1Uop{(g7H}; z?A2qawp>$t8G2u|=S=quGrdfnaW(Bvm7~pt@;PQI-p+^y%s>5l6#Wdp>`@}eERSl4 zXIWW~2iqLj;~Jo{K&45ukJ_R=iSn^0LC2(;E9ltu;(q}ZXBop9#$D<#)a&QzvWw5yt>fC;p5OA$w|ET zM%;m}HC@~CkxO3Ism34wfk!Hx9U{U^sfeD8+ju7?%A%n4)RZg z)7A@Yq;5Umcd~n}>$0s=arX?#6D>BQy(}ZSoEX zdH>JTgnS4f%N!xaENs}68C`ST=-XxS&;)e5yo#82N!KEd*3$rBW>7?fmec>)(B2+ z=o+OQt`wop1=R2bX$tN!tJuBRln~?YXF{vw1IM{IWLHX@Ej-v-di3=*N=k~j!I3YU zXDr&VO+Z4fjTK+&)t*A_^wC4t;GXw9%D&fKsCLxCG}+$-v1PyK!{4a2V*C}NQF2YJ zhh5bn%L2K;k66WU?1-Q3(>G!mG5(xth_^w zoN&KJ?y!>ZIl)*%Bcv39VCVIc*?_XnN=VZZ9SX7h8Mtd??VHJQwewhe|bG$fq&qYrAwauiY7001teF zZlq<%GHtNi`1G#An2e0rcKW)0w}whTQq5XZ=|!1v5qBg%U2lD`a=`_JUN*Hq5+EZX`s zZgtdKXUg9MT*{(r%;y^%I*YSylOBFqmKAF4<>^B~=t%pXk9UIo(Dbyd zd6SvMi}lGuV2pCDubScY-n{j$g43tW16S%)5@^*OC!&fJpW+HW)Lw821=ZclZL5JM z&`h7r9{z#l^k@Ting#ZI&53ry2`^2EPXX?Wd+fNJ-wtky2d=jRN4u!!YM*QB-e?}Z9oO2azwPF3<@&=pd-PicU(t) z&UscRmy*XbMOM^F=9`dQkGGqPNs`I-D<1^YZTPh%Q(PPt4ihwoHxIN>&0=a|mZ=Ye?V^7;Y^|S3j3-NCdQZpv z^>&>=6}7+SnDTg4zHTyvPO|%1Jecc+%_PbnkTa5Fyf1ngcAJ-%JlUS<$AeU~*-O&_ z5U&yrs%D%;mY^HWxuvl}dl4tFW*yGHM6)Pbg1v{H#x*MX5?Q6%X@6IFVe(MMW1XB=%(IY z2w4B2Zp|MHpQ!7WkQtgWp?KFNhN}mrCr!bWE(7e<9sL&hU z=>SiBqpP6tybPAP_q5XbJ}a#M2QH6L=jrsgkZGEqc017W zU$^f-r*__f66O}BAoI(KvU}KfMZW~(78nfGw@*c2xsA1On<{zc4sJUC%&!Dk>s6W#D0)@TS zMErbi*%dzuXy$!Ki(-vIk2;)}1|<5zbJokKgJQ{ff$9NhVyf9@Q&H~KiW$8+vH+@jJA zRM;Qorcg{n4lCR_qsYE%%y)08=eBnX>Omnfnl{@3#q;{P{=9gbfCOFvNZ(FC%!?h> z=WACQzOk&TM{v}t>a)sX7qI*G8-QoWs8!FM31}PcpN+bmE&$8EfmJXQAdWV3niJ2% z<=dKb!fZZ>RMTWVg$dxGI;C{vMm@i})f3gR^y^hcTZ9$DrOwM`ZJT%_uF@o}0R2Xz{* zFokJfL%SC)53EB~q`-qU*~0S8-=e(qyeTPU=T=MVFE#5{xtibnjGE$6$~)4l`TPBA z!nnz<^{O_ws&nUd>cEy?b#wrwEhH_mv^oT~vp=nNz3FDZe4Xr`dcpYpY4sp}c%s!n z*VLh%o4TV@Q*wwR5<$Zo>Os7?u@005bt2VywybadI?9p1jC@whRkx;*qE|P0*!)#R z>>MZ=<^&z}xq7M-bnbHi;+E!w?Z^T^ViOvH(K}T~)^7_&L&?dIY+>Guq zDM|1GhsAq8k))Gm30vQ={LTDflBAuAwQVow`|2OHU145EW{%7V1*v-#^rQ#BqHbrh zn#ZZG3Gr#VMr_*1WfGUw@=mbyW>?*-=>n0NB^jYoKpx{jp0_{9i#(7IrfbBem9&FI z4DmpQW)mDjy}%FLlJ7#{xs5*h8)ZoZ0rkgxz7Go7j=880^xVk8T~+j805=X+$ji z0XOX~#E>98$q$0DMT@AU^Xg&G_2iqC{}sF!kuCK$;j2&4@wMMF<02=l)$@XSRI z0m0KxcHZ9#*zVbI%d5`jwgIa;(BzMgXL<(2CM!mL=Zj0zQC9U*@W-vA=5HMt3R zPsRqDcOR4aR_2;`pEaXe!zXw$%nneVRSgxlKIrhRxs8)NvJedM5(vv^Uaf&7mO#J4 zig>6fvvkyTY!!LeovvA&^X|?32ZzS6g%~Gj0W!=6ZcWJ4@NeIOn~+GPRVwaBGwD`M z$TlaT={`rF&Wif<={6lCf-Zc`AvYMy8FpCu7QZ&9OW?nFj0|V(+V*_&&$o*ijrB~N z@7jnpGVC9c7_l4_7l{ECkgumlKRi>e0GK?lTg>6p#kWTmUE-;=nI((OH|sgKSN+o% zgfsc2#3wD)gLxdFKSW8bF_+aNeGP2WBH52~kuJU)Dp+wJ-{)yVPUTv%HgU)sI${*`fRKKPsToJpaC|6#J z)wRRd`RA1m%s6XKxL2@hXHfSsbl1atVhWVh%_b*`!zd1CgTaIwRx5U$n9G20b%cUNRi#$>y-pSq@} z(AS22EYZt4_v?skyL!#OEEt=dTRQKD-Eg6vcVw^HRcmX%?K$HduB>oF zrDx5jzU95*eWJeQ(=+3bO!xu?R^;0erSbbFT!IK*>Z^F$xBR?ru0U34{O=QXP{JSC z*ZU4G{uF;OC%y77{iRlZCshm8vTe1?bK>`$FSx$tmv@gJ`7kZ@D2>-$>5``B#!q{O zoSvoedu~?}mc_`fKC^#7v0l+Hc!ImmHjE_6ucl}{Z_Kbr-2!-JtUF5SnF`JPjkWdDpH3xP4r*vztor(w!X+qg^C+x zZ%QT3X4!XH#~uy)%pR$?p`l@S(Xe0N+Ldc-_w<}`jH6+1(Qtz6?Btx%_~Yj}8hzLM z4(SRT;jWH5o_c==joOa_zU6&?yvD#$eao-Rym{lbzU7m<#rxe`>RWzpR_3emJ`)4+ z`*N3ZMxu@GmY|b+#P2!JQEzfCMX3n&>Lz+gy`(oXm%mElSc*DIdUZD*FEJkBliJ5)Gn|z1xZ?UQuoayL4|8YQFj#tL+98OY=Cm_(rd5p_sqsBUau-4{t8aA9h>mr=oZr6H z*e#+IfMt=hirC#>oXO<&)%}Ln0`c+P!1>p+H6nRyt`*l6^GElwM~9_1Uy@#iJ1gt+ zwO0_9IDS%pI%v7x8cvuY!Z*XrJ~yTGSS1lRU!bfFm*=V4R+=qbcCh94nIkFZ-Giy6 z+*6sbx@SS*Y4j%Q>38>{bBkFNG2+IH3mj@E3pEchGfG%_mwP0jdcEl8ie`PU7d>q+ z@Ov$b(f7 z8JSTNpo4dvWS7|p%CZ=7MPwCj|4~jxnJ>Tt<0ZMsM18PvLv)=H{$DZ2msc>WG-DlU6op&D$o6_-LW%Va5=7({e zGpvsP#LgO)-KH0F16f=mDOwMEa5!Q9UgyDUt>IIDnqDfBmA$2c%YBCFiPu_}J*Ug! zK-FU}_{NJ*1p)%s&SnuFtvKq8muAVp(NsprH#&Se1qc|i{2Gl!qhD z&G?5~J(s;PX9oV8+7{BxeCy*pVXS39fXcFMIT+Fx-31s;@rO^fveVb7@!OlYz8#@y z1v-xW60m^S+_}s-9c2pTuu4Q+u18WZ$=fT%E$O1>aLSQTg&M@dH$B@cUO0@5M^$o7 z``O66!;{A9LOEim^@^kYvnQ&r@0<~`;)6AiwUeg5eJ(y+EdDkkh%I0yAh|CARwmzsF+|d7`i81He z%*pwk@J115jsSJ5FHD&cG>4PT?70Y_YdfFpW_^XO62UpcNhIyNZI>A$#ao$uvYy?< zvTD17ydi-+8eZ$yqc=>8!*aEzauy?=mitO~+3U^h2c_JW;$1+qWq}o!>+Yu-RnYD# zERUJ^=&n?xsYhhj_&Jwz|Dqi0fV0RvDno~5xZ6>Wuf=Rwf#vXWcl~qzML@BrB+yRK zZ1GgjE@BItQz>Q-j=x!DpY!mq4rsd@dlFpc0+<_k?z)oytZuCM{H{%zZ|hle?4-5v(oCJ!nl#X(d6YSR z4-m?#Ugo$KZD?p97+PUwbM%$wPmXThot60(VoJPE8ArCElJ(=oucP@ehrt4bdd+QV z3dX{(na5b`9APWRaacR0A|B?fHnoY)JU7I4<^hZxl=2ZthQ4sF$e(IWn^ zz5b+h{gPZ5I-$IXP)ULJ+Y6j#3vhx4sdvEy$_c6bPDnLSm^#bb>twh(`LP17pM-F; z$}NxIE-|~Ts^z~sZuhgS)(zl1pqbFTy(xz2k}(+-qxMzA=fFAh4nEEfQ{4~wPe*Ez zf!67@zg_{Zi!+6=~S=a{(D#Q83(SY%cqq`IO& z&#Dv;rMfbw{SU}ZIYe-HyJ)$3PgJCTvWA;+%ev=rBF zgSID6bVF80P#&ww^)F`{+lVv8!N{sYTuZ*tT>1O&ve9>i26|KH3HOs5w?Cj%0Wx0r zAIa>}*zKD+rA!tnry!Q~Sw$!Y>B4Z*hN_3Fpj%E^OPFv!g>>hdUCqA2uK~~_bsn*Tr0A>yYFuI_*nlVkUoP|edYx--%4!( z*U(YJZ9F%WQlGdO^Y%qQL}p*zKVf#5$ie}Cta=EeF-RiF-$BxBA1bv6vE@)&NF7=h z3lEXZKjpFP412{MXeNWZDUe<=>3F{KxWM|dNHzY$Be-meZXMTf2JA!g9CvZ3tgjCO zOE5=>%|=!YA(%tO=y1X8e}JhSH2biTeR(3m?yh!`*xEvJAvU^zn)nLzyhej`HSrO@ z)y>2A>t<+p&%r@Yw`!5Pv z9PQJ%;w&9Bt-qH{hnD8yZVf^_?=9p4=Tc~GXxCE4-}o+{$*ZJ6ye1gK6L3vvO6n~~ z>+l7HZXqKmp;2GPI*`^w=~V7~TVi9)GkVg22Bvjwz;7FnlF3vZ-)^MK?IbTQ{4ZGZ z=g8COsZ$M1{@?QVvX`c9+W9xe4%K5VecM)NaoNecp=YIqN?>;|k;+wVE4zn$3=Dc~ ztr(nzlAAfT7tZ|%7Y>P)RuZU86wxI3HX&d*g2*1U%;7tLVKsjnDycHLL^#OZGoCkr z6252iuiv?{dsZ0dZslvdQ5lIO!4xUK>aej=^GoFSjRw~)mZhoHLv zS-I-^g>TW9py|FX+P!PAaqkEH2`gDvh>PfLdI zN+5G95(h;x9N+~09L|qP&Q+a>W_#M79@Ubfy?2@qHa`|8W&?`@CDzB>D2kSG_7UB=*T40jv8(egE! zbD|1Q`ksb3&DkvHwha0!GxJ2tR2D2z0S2wWy~D!-#T^q(yk!J2WkxGoOQTb9A-Br- z*Qp04nkqFxy{s6FGi31}Hgh)|4=8P_u&jgFY@GjJ=ulhnb7M{ttQIjou2~XPs0CiO zp<;AR!R%IK;#LiVZw1;V>oISUSc@}$hOa({;t4sS;oxH#n?N#`Iw`diS`QAx{W8Qn z|6~821gNWJ0w;(bGmj@)@#u34s*g!`tvr4f_jIf{bZoi@`;1jML$&=7ew!=B;VD)l zF^QQ~=DkOiB&4Mb_wPFOkuqI=uUhy8JZKnyLztTc zOHIATpN~JKX>DqQ#Gzq7l~g*E-eKZHm0S|0d*&A@Nuf2v+`V>E7(}HZO5?vVqfjHe z!%PO4u3>C9Rpg->c}L$*Br=c}wgwD4b57NCTult1OJ1UvhnQoYtg7SFtEyj`6%hx) z6*5QkicLrlP(91jJRvhIct8$ZlvDIMiP)J#>Vo$-la?YWVUEhUHCo#+l zZ9|%5O=cy}j_k?_jgZ44(X&UJxtAc4W0V?g@*ZQJcwGBn8;-_YNoSQcuLvgLvTPqJ zSG8o3l}di;t?TFXKKcP<5!O5FSY8}*XVhz|Oc{4u{6q!qvC#rpF8DtOqF)%RzE8&i z=rr)SGE}d1&pmljSiB0lB!~HhNms)|Y{idaEn4;y(qx0Ve30X8Pobl44Mquk>9yzT za`H9(?Cd`^5dAb6v(p7;=YiF|P_(y~}N>MK}OdHl3y z8JwlPsT_*ymqt(m7Evru^V#g-xZA-NB5g1Y|b>Wc26w)jJ z+x$lfKfh7FHYa=YJi0F2;Q3O$6q2u3hsvWXaY!T#d#jl?1pF`s(}jk^s1zD5*)7qB zuXxe><%39mxYbv;n{T23Rs&0ckLY`18$Ue1D&h+a9!nSe5e!S*3gpP!sC|v^FB8_C z`z1>=I9IgO&`z_DQuyPz=IdmJbvirW{MY#|gAwv)${tKvcrfZRn80{p?9^cs-7ap9 zBFUWsyyWMt*In7>%-U_I=6A zK`_Zt#G|eG0RxWD()TT4i0)-v>5YD!x{xKcS_|oYbv?8`&~t|ZoD>xjiLJEfE`LLI zQE~;X$Esh7RW3mlKJpRKlvjG0RF4U_Uq=IvBM%a*KKhEGkx|UEv|szBbk7NwrVq(oC)6hv@XgRw2FGBeX$YpXve7@J*H1>OdDkIN zD4AMXR-10Pj_5q#$jKTmP4>^==dr-!2^{59t$3QDsZ4#y|JU+=n7=50SbV>?aJeqY z`A=sdf9!Muix-3jIyMs7%^kNV5H|g>3Axd)=WcBR(PTaW?gs0dgou7XY6 z+|8P2&8Bx`b7rcEmsf$*ohQXLXJf}%@g#$lgOUji(bUCEAqsR`1{^|*MZaqPq+8^p z%+yLi@?J(uH2ebD`P^C>-WHwoNc}nzS4ZB+FDcw*t6(Pf1>TNMs;g_lN7)znlCU@0 zWWL&EH>jHdZ*_QENt7DzbJBzEWgfhd3%jt%VB9L|8H%;$xNl`K!mjWaxR9Hf&Hhnu z`WF0}-vsMNO-G0ywbTGaY3d%1Rj(&NWNgw>^9?Q@Fj`GGU)}HMxSqC-RlLyFoDcV8 zcJny63V+UYTSHm0^mcHhdNJH_j2a+vxv%b2zEMTm5?+xDQ{fXk1DBXTvKp1hMLCYtX)kk-~2}z z8(C>|HK&;@pftF-8rKWBZR`h@K;3Z$(cZqp+)XK66inPeRSlL18$PbIC%HPf`mK_n zlSV!9%5EFyCvh7SVwQW2~IU9VgP6i}M7X46ex4)#5(97N<@{!@F zg)c62w%!u&bLSEOOUzvlh^0?1v>kBRSioffMp(p|_DwrFI}$7T-%WqieBFs zpYM4Pr@le1inJ7HGCrkNJ|}^voH^&+!A!FLY-$NQm{s=?%!$X#QF_3xL5$)nC@#%O zbyH0M&Qc!zmeLFL#B9~XTr-9m!K!h&!Ax9SQf#m(Ghgs2E{%->>#Y}S-eKk)Ap(7v zyh7E9|Dg%V3+z*uhEG$i%WN|>Ln_!XBCGT9IE)=iI@9eAa$K~d)A&Ya0n>_&aECbq zkhHYKoXi(IcNc5$!c^O7rgC4XE$~9VEg`@Y1s|ekBovg zva*${IZy%za4zT5t?2u@7|_BPvY1O_qw(y?itOq)qt|np83h@>$C{`2bmw$c*=Vqc<0T|H-9uSb~suOkI*!d=14wH!$lJp}I^ zZkG5;x$m;tTy=%kc=C?eVHN;y=!R}`;0f#>*x8V81wt-xeXr&p%52TEg0aJbbMG7? zp*q~X?VS94x%Zxv8#_D+#@uN27sRIYgO-H9Z431cR=sT%oU6^vKhJi-(hG>XTaQPa ze+b%@`ldObBtqSHg?Jl%dTxt`Gb6c9Yr6h=a*{0<@p%S+xA7O_uZ6$gdEfP0 zf6CV&OuP_(U+tW$hQ8{Xz!1}!(}PuSnXL<@1of5TiDZL|c;|yi>Zm*Pq$;?!uy~`@ zJu`x_?B{F^d}sd1q>$t&#za-hxfc*SP_>dcJxXOo-K8i`>Z zZt3u6fMR{~U^4H$taT28cH_TN3^Fz;-yb`wjG@u3qE-1}UQ75iH{e^&#Mi+YBZPf- zKHOCIo4sh`LVl2;lbPRl$9bg&MDTM=wHwU#k^~tz^J)WFpQN7n)UvSQx`3 z%MC`8B`<}iu)a7YnNCq&P|h>yv3=p%P36ClqZgl?zlA*)IahRyTkyP3ahFPaBYw$q z-MkERp?T&ohp(8wAX`lZuWkj0HV3mRU?~+%wbkzca-K3HySvTy;Rqh?RXa12#3f3^ zXS*wMGDrFwCxBdXCb?~uT~MECb4$oIZ})H4M|S1|)LGfJ&Y8B(xvKLU>Lg#2h7|Ub z_fXezGi|9OZ}k>crQ|VwV=MSFeywC!VMOhHqSf zSc~b!+;|ihd^5m^!)mTQjegDHqC8evP%^JNANYe)-?E~(h!*d^peN&$){^n8Die>* zy65mUcH;O)ZQ?E1^5~?+e(Sl+2Jo(?O9fopw;UUA^%8H!u7D3O>NI07^<#s%*nf%1 zKS)!@JvpT{I%(R@bSS9d&_{s>B-`bxf))bZsKLDzC*C$zG{M-|cc;2i@wKO{EhkO|6+llJq_ zAV)k7+@IS+>)WZf%h)v0&T0N=kI4>tr-xFXwP>avciMQ#xdQf*PUr>cIELv^q z9!KqPwm){6Wf~eQG>^n@lmBRwf8tG<7fyuazrqJhq_#pot`5*z9YNxCvE(56?8^^8 z^8O-u7{R4PW9vwU6_1m@KiVt~l$unSz}$fhfndii)$VS#@C>gU_reR=^_R=80x}iR z4~5T788@ZCsJDlaXvvurUbGxCS~I#R5YTX40AMitXi68%VwCnbe!*vABjcv^)!W|| z$mPmP2z2LFzLU_w+YWu5&H<7(wYk;JLr^4IKwS;W)d%~D>FZdqtP-6iT_gX}K#x>uL>#0mIn2_ene0}A}o|r)^ z-#y=sZK^JPx;|g(^o%prMT}U{)RccH}fNmNhK5=ZgVdD z&|qMZhT}3}K$ESyEz~z>vL(kaO3kwepn+f%AJ~y;aHaEqNpqSey$M6wQPtm<9~x|A zv66cI9UCR@<{sAB;O|b7jFf%9)A`@ji_n44fPzfSi&81>J}1z+Q>H!hcL3WJ_(Uh^ z#3HEU(@;4K!DO1`{mwuG8B;@WC-+8A3QI)33`D-;Fu=O*udmR?2O;_!KIWyVFxiIQ zCG)l^EC#3$eZ&4f4WuSZl?gb=`l*x99){N5l^)vAVM14j#+pM>U@+9;t6nV6xU_M< z^P@N;piXgWr+>k-t}FH5O)M_fLp3W_{P2XF!Go)YHs@>beh*AD*0r%~AVG2HkRje` zW5dkYwSuiFhCEc!seJ%PTeE19s|gH@Q{?zYhudZ_Eq>&QKyrhCiW(YQ<^@Y;oh10! z4t_`zXjoBh!(6J;MO@sc&c=#A9iP*3H-q>rXKgX-{fC?tQJtxt+BNUIXaOD2N%LQU zMyn_^R%3$-y*1(bJZBjDf~JYQbn-nh>l{HPcOI+~srSdH10U*$Z=<R#QGajIbqzzM+&|feaK7w!z2n$*3w>Y6sLARE-c!&=YorJp=g7@l05MikI zN)~4$sz78l9PjwW>#Db~Fu&RGcK8J5ivijr7bu5BQ22p>76KG&h?=t|;vFr#WM=+4`;eQ3e>T^jipj9wiIKsZ^u6$4tr-D1n)w018ULhvthqxFRHAvEONEVHTsWTuM(!ZvFZeEm!0zN9JvEbd zAY)o;!kfC1PNXv|b(T2^qd!?WP~AETc?3KSeoO3aOoptx6+G^B)R@C>4Yo}j5W`0X zVQ5OsVuzTSi-0XOsm4AdXz!>v28{_WZn?`2x7+_x#)aeAj^$}7+^%@Ou~|iOY0wcH ziLkNjZ5Tuq&((sI3X!UUHFcYH_K@hLDG0u_(CG#R$1TsvAK&qTg09=_fSBL*_(vo} z_V)F>=IlMj-}s*JB$NAwH+T|2DtQX6Blr08GKtH!7+fj_Wqd0Dkf&ijeY2hvgw^sm zeDm&r7L7fNvw%gkMZeK_@xYJE1;4<6ZxVR19S49YI>TFF)icAN#3!oijUvX35tb8Yla(Gb z#;*QVc(jBRBLc0XV77Tbj5^;KbC5dMsm`am$QBacVZY)?JoIfzq;Ou%%8w99t9}-t zuOT)$g6-s;{By)gF6JNgk>n-bvwrJe?+=_`9Q)`07UCH%j(kHT(eBB{mNB9E>5Rh-2@l8j5?=R z!>CJ=rI|DSeveg$vmXbSKHj+o#DcmZ5MbZ>nfJ3#sO-$eq0{kr0CJMe`Y@e5JGWwY zuPM~P9HCCeXoykvmCKb$$mraLWKNaX%73N1JNLv%)4H0Intufg1lzhR1$iTLp5(x3 z$@~Q2&vT&_;uwpfz0HDOu$nNiz4X+g>N|CU@TGs{U_t<&WTX3V&P%M;KUO*3pJr%VW8%pyMcGlO(qp#u|Kk$Ulc7*7d2G+ z7O7VAFt8PGU_!C{FtRTO2N6;(xTMDSO2F5aIE7;S&(EpR9j#u#cHYiMhEs{h3d2U8 zA1gRXf*GuTB@`1a!WGEN4V3BZU{8cp5&CjDBzD|mn7D&~+ZA>}idrO^jEH6r#Opkl zk1KRpeleYW@IgyZirfNj>$NW#A($fzcfc-JYHjqC8q}SgS0?H{L2+}dn?|fF7|5t! z(-gmk*+Boa@6yNk1b))FW7C~8II#>)&J!u_@5IzV?ezz%3<0H4mB0WL2?GYW(V1dc zN{oKWH4^)Th8Sa}DOPlJft(o_X+U&LZ#%fzijFCfqmjBXrM15IdC?aC(u|Gn`*nXf z1+9W_bm0pjC8PIng@5Nicub)G=5>J7^}&K$T~4bym8_RB^qy8~y1B27<5 zDI?qM{e5Bj{x077+yLWRo|05TUz%f;KKKpRrz-mz44A`<%yN`1)0Ov~)RF{6Nc4xG zx*CCXu-^vA@+=>WpS(}ae!!n)vWaj>3b zj)gCa|BD<@;bI{s$V6Krecke4-Rb?$kDY#w?y1iiuj%M-_?Dc(e8MJ~1;ZQ}xYKne zP1B8Fcu}H2=|SH<#+f>BW6>-@XU{tNBt5@#)jD^X`IX*2cpzDDe}R)kt}r&Csfrl0nSIC@(d=WXvk3HK zZynGA5LeE~JqBKC!b?JZI@T2V8}H=BYYCKlA{$DOW86Vv4O7eCcqE9L^I;w}8YuyH z9vVuQ5wZ+*o72`N%ihLfhFo&2^N3^UqRa@eW}9`^-}srRDpvgO>Qrwd>W_<0$*tle z-BxDblQg@emvcwbOtC!cV&u*+3eE!(-=t)qFYyM_I)Q2;2df6h(s|C6-+!Nse@bIq z*O9InCPEkImN!Lhvj$?5$R6{avto<6*KR=ryi7-#yWgZL($6#bX1{|~O5&HGHLJlo z^KhUA7h4gf>Uu>DbrvEappn8yXpmU#?KG4|{;TRBxL7A#D9*NvVx#Zw^xDkrGHa1$ z!!s%z9S_s7Y1XYYmSuNR8>f6<$X}20V7L0|l22*aQmPahNHch5xV$SidWrbQZ6nf@ zuQ*n#jVzD11_lGrH>p{ntmH5F&Ns}qIK!)T_Iz!-A?$pL`{wq*oj9Q$+Ei^P%{HNTkE}-Yg>dZ!2 z(+tBG&c}FfU=sW=pc#x9LXAmnrX#&Pfkv}<|F|4d1Ajy=e0NqZR#X0{d1qYgUr-b+ zDDo~Fb!~eQzkAuI_i~fwbsO4Jzo&Dkuzrs(3?k3t#J)aM-eGY?eM+Ft>JiBA!Y*?} z^g=ez;+-SpE#+2?t=&2)KKiSjN!NG1S*W~9#3HC>25Dd*dVvAh4}hHr-(6Qz2HzFJ zKrdj!IRuIbJOT}PUi8sHrSNdYAmCn^h>fmJ{7D^^6h0wPS4rVD3Sr{8B%b!&PVGZ> ze!w1C)H>2Yf;>|3Bs`lLWAEJI`eG6M>pl2ab2CljT0%cH@W-X#pO=PT3Vd#S_F3ql zJV7g^gJSO@jT$L;Ot6ke#Nz05eCLF2Q5>)7Y6n^KOh|HeIqi@+Ry^`%xr?=rh9i%< zFc3XbovjH(K@F&{G?+Tm#ngt-P=%Ba57zc`nDLB#S|EznNEa##L`N3Y_*`cXI&yZ7 zo{xw8o(2J#DmzB`3gj;P+(15#BJADXjq-$X7$tEQLmJ?3&>|Oz{;bSg>yLxoIJ=h+ z)kE7*vGYsmIKP#qK2ogn)mVZ%MW-S|URQ)Tref4?hAz39pF;u_FU|OZ zcSwCY!UN&&%>nW0%G9)ycI>jh@L@IgV)&h3aU_;<2qsCMQ4z$p{_}2V^InOigQ4YE zpJtP=ZF4GN_+L$ewIP*I{yURU+MY@%UTzZlW?(#K5*B7){J|uA|5B<*`8<=bd1ES} z_(_wn^}SR=pG79&!VHXiOu};+7_&^mf((pDOv1ex826fl;tY(4NeE|P++q@HGcX=7 z31c%bnoPp_*HaA}ew#@cnt?IdBot*}yl4`7WMDjP5*jlw{%jIHU!MY6{u`69_SIBE z@pC4j?O&;cK8sC)m4R`eNq95^<1Uj>pMmkXNodHxc+ez#zbOTDc+@0ZlYw!ENjN(L z<6)CfnSrsuBs`aaG20{@n}P95ld$`hR4v5|O~Sr+Qwe<U{A!c% zbOwfP5}GqGrkRAH85q}^ga?jV9r9%zj+rAAXrh7@vW0o=G?< z1LIdFVMqqXl_ufQ42&@*p;rdRIVQouV8N}W_!^V&**mF(J{OyWYceoKnuJ%-%W;d8 zpK22Rl7aD4ldw1gBVZDa&A>RrB-j}kCzymQGcbZC;pZ6`XPbm~(=&VcV3SatfpMfs z=$nCYyGba^z_`vNJdlBLiAnHfV2m;eThj|l@f4Hr&fBTp_PN|7jL*P0-y|$wm&#Fo zrb)Or1LG=_aDN8ISd-8z1LItiaC-*E$tGcJ2F9c>v=&~Rfl+G`UdhbtKbVA5Gdbp& zgukbAlz)6S%kMy~yqECdwCrFbV;4Kz1Q{q}Ge$Iq0z+0nBe`*Tv z)WN~sOD4s4?A+;6L$r&>1K4MH4`^tml5R^q;ZQoAmU@bgE={MUo}#16(rKwDW1kw{ z%>kL)x5J+#l!CvyrK8g43u7=}Geo;CHV$DdSX;)zFiHk1hS7y%7y=V#bLRUi zEMKbjbGTG=TzdCM*`~<&9r1-a*F?_D3r&rDhmEUrNQlo!oI{jh&~lj{@O@QlFT9T8 z$@fu;uwz&96h09Rv?}{mI0`v~7}-_FPm{^C&VEnK^@9j-f?ap{8?J}dvpVw7wXY%3N zY`~IW5xu3#e#xkC(fw&O(`#+Ip+O=n-3MF&mB<&I`5VU4W0;g-P?;y+b3L{MqD$3l z)CmGn)9Ik?B-`Uxs#i$p?2R2z2LI2q7+I9C|zHOeyf7np8TAL)LB*LDAV>$I!0J>Qt+FNrd%K-~o>%=+N|{f%L_N&h;T z0T@{OeKIkH2L8T6M(cFJe#r^VbbTQBao-?U$yWW@{R_GI26O7KzwthU}>cn|WOhtAij5)$z` z=$~)=O1opPX@K{Ln5Mx>#vHD93uB34jC!Z5Gxg5JjK4v5zP0w_6Upq_cFej>cq|D- z8%6K2%1&;xIRSZ>typPsr}u_)F=L73Ere$X@H zyVD@E#SE_7f97Yp|69n__-7K(etDR$Ag-!e3HJNKyga?=&0|1Y6*|hvYXtw_iT*fbQcpWN6@|MfKG()XFWv|24bD4mmKsRj zMGJrn!{^hlU!MV4y;k!*Q^@mJ*4Xkq4a@Vq46xX(UFR-#XH_GqR8(m$tmdrM;+Q4c z(>5^#x{zM+oq(gC^Gj(ARgCAz4*`wIFkCd4 zx`EZ5AM1d+AE2;68U^-xLQ7$%fNKET~Z`I4Wc2GlHC&WU$OvEDq>g?p|eb9}d&8rlE7LD+=B5Q3Y* zc_5IL*p8FNnjIRF>$)60v>QoZ{H^VG<&tth@-k_6a7 zEqC0nfg5umv~Hl%gG$LW828k@)ly#d(s54JEY&)wk| z{G{~1wSb@gy&2=mA7!u-8LipS(Y_o?UX?<>fo|LnBX^MzD*1^;4bGb{qC)^cQnZei4?%kP@#kjjRRX@xKt3e0sO zEWvq0Fw3bF=V6tK1!!5^nNVeRkZX#WT$QjI&SOBxQxL8MMbXnV+{O0co;OS+&TUAm z+MRoD0|l2F2>?1oq$I;FFfTRQ$Plu}Pi0&eM>H<% zAO8UMX~5Qe)m^>pb(yOtuTj!0%y+Q|icRZ;k&x~P(KeWMxYUJWGStxPpZ#C^3Mz$6fY=x^TuX8g7vojjpjdL@1_q=*a>%%o$%vROT z8Cm2nvIUl_gzqDJ`!KfcGmxha*z@1r^Om87;BGXZIM0lfMOSZs<5Q$X)_fM(+k5tV zH03q&(O+!L?j;AvLyNfa*9N_EDTN9Za+6w2<`!4-xyKbeVH8l?b$4ir1UY`QlkIoT zs51RDVPc2s#nC|DJXEN_L%PYd)0v76EVdK9&(`W0#EF=>r)7Qe>cjqyFvWV+Apg_I{& zTu5JKBSBa>W9<`Z`34Yw1q55ccX-?SA!F@;3G{I>v#yOT*XoLsx&DP<6@h%BSjv-# z7AITq00jyFXFsGo0KLd-S3l|deQ(?~O*@qIGu_H!a_wcWP4qXeou700j$I((>PNc6 zHagBy*)l=olCx!I6;Tv(cr&V^SLz~*5%hb2+~18*1@bXS}+PY`@rw8`Nz>LD|H zEWYdEs{B=PlaSY;I6aEC)H!iO%61=#Z?Fzum5DO|eFMk=hO~@*;r>Bf%4jRt{=#-d2!u}^Zd?D#hIaRqgR&qU?k;BTq z2`cJ2*q5P}abxWrXl}c+*61ThaU5S9Lp70XNk$x!935w{(m9rF*7K z(DlXcuSModibvolJ@qpq%z3tR$H<~iGDS1O@=PGV6FvkvUX-#zr&PaSD^0F=H+~6- zE~(Ge3IZqNlb#^H_xK8kxGF09eY+ilGU%L$11`H6=B6PMGbKEWlqf zs?6VObQ#}6_#VP{CEu0)lDn4BAAc_syPMRpq>knLO1`h;`)0mxCRe?iOJ9NLT`sQY z>Wg=a^wn#w`6{`q#r>r(mvoqdB?0?3(0d7J9y6qtkhZn<7=~i>m0k|}HU{Go24&3H zoHEyu%J7YuR%_3#2Vkvzk2}7m>Qv!p7iH?QpVcs>-rVPo=d&%Dw1dnR;{pP@*1Z8l z>1y6FkFAc;g+6Xs2sQj{L7wY+*E>b+ayrib-c|X<`G&tyCbMv$VoG$CL8t*fSt8*o z9)s(xvJ+;h`Y1Hqb*i3N)brmtUiu1suidcz_(5&qzTTF@9pV?xuc<^nY8usR?yGc` zk;~9B%A$?Yr^l9pym>u(H3hejT2L0*?w?ms(p3Fs3PvCn-s04{K*FO1fFPZ9U1}=U z`tSZF(>^hbX@pW$c>#?y=AWsO&S8|YBCm9+*!nyf@xD;?ZlW9gNEDjiM)U5#36Ra+ z1+buEC2t*Bz`=xBH1mEW4tDSbPTe;T2Q*G8JEWR4zrPMH*i+ZUs`|?|YmuvkUh~|! zl+(XhpiMP(uUhppdL+Ar4-F*OTk8sX;4Q-j%qqDui!@)83OZBV&tNy#f+Y0MfJ(?)i&z1T)xqj7pw2$ZY zIJf2ff}(9!Q;%~43dg#;(~OlhGQL>dDahXUC|9YM`x`&jct_26N5{Y5+=V z9a5)Rhw*R_*T(4q_TPgQTM{*MRQ6$wU74tKYL-d4&}v@EXQCe>3^H7mo8fmRgC?63 zeb@Dex(Xbb4Kk3mJcF{tDvBSMTU>ml)hwYxt^K-F0|XZ2gbV@p;7Bp6A(qLgsqGxE zTxhc-7J}r((csH=5s}7=+^xAOhoSM-6zQz8s%#Vtca3C~s_RxUCcqs{#L?H%|2jk}p}wm!(QEdo$h|SgkE$2^gW9|L$vn zV-5PoRo#(ju-g8_TJ;6<`4j84{Uc)q$1riLDq5Tjlj6O+~q`Ep+^I|IJ|6 z+8goe66^Dq0i4V1HE6mzGqy3Kk3lM%7`*IHWHFPuA@hFP)}5%{??nsGo!I^cLd*cD zx(x=o(~O@7>ox@I)@9G?P#;#z|I@U->i;&a7rWDX7p)WBGmO#kYn{JC2#qbMYg+aO z9Ofb*Y|9L!{~o-iClkY&NX?v1+=+B80K6If9FK{!n9*D(aM;bBL8pUn%#kFgjulVO zE$q(rmnrN#w9TFEuY*4`+XrUNc1l{gCEbbs2TIl=)4P(wn&?^)N^>(>WU-pXLpWzD z7ea)@@9AayV#r;SnlrasuwgF zeOu>zKc~!Cxla(D1_G0M&1UVx)d&J8I@uIGhb*5SOBOAgj&-qn?;&dy4;tDcc;ln_ zH6ToN^ttKvZVbVv&ZvJ1cU2PVWBXCJ)HJZ$?wtr{8#O-g{v3G=hb>{0V}0gR38UQ3 z{9B>h0wcAwaFWsZ5qZ_1V@;*SW69`FOszZ1G&`;4Rz4jIt+zyXh9xnC4~~N=s_C_l z8G%3gO={RKr{@zQhw@hQ^HV4JI6tF>?f=M`jmiXQ#uYwpk@W`E1M z>M3|kv-nN(z%2os4&eA?`3sZo;j*0OTBf;TkeuJ3nil^lXeHP5gXLPPTsJD$X>P9Z z2g|igxkf2hF}duAgjx@g&Z`$l4!_2JNH~lv*L27WO$gMz?c6)jSn_)rWe@EI_X!|0 zc>i0o(KWolU<8`SjUIV^^-srH(A9PlCbu>^eAQmuYDVTrsyD$Q9R)GwwBS?#x;D0O z0ht&Eu7otEYGt0~iK4MRT!)?^MgkW(^D%zlD2Yta-%v}&Y#MOh`4)ooW{zf$N7~L8 zC!|`hRe>s0nQMfA1nNq3nFa29y^9)}_b4F{TPREf?60a^8gx3Lai_clz{7jbQu8+d zfFe)x&bb(+SY=$SjQCmEXlM!Wnvl+=tZtA&9H-A1EuHU1Fn~umnBT!UpOr#W)tEWh z8;loGQQt+6r`I~U438}}!^q(|R(vg0VG1<`&c$8jLO8K3=pPx@J$!_@Z-@=AK86{p zHN|mijlAay%AH7}J5h9+T=p9cKyxQ1kyHA*nGZcpA3k;V|4q)#K_l;`q z^DuQ}5A@LWL>KcWI?8Xc;v3S9Sg*FblUxRz&gC?MGcN7e8z%k;#aI@nQb{k z$r?|ZTxMNyRx&VdHF#wVjjye9oV&-%_Qq?AnFjC)M0C(Jcnfs~4S7r;{twfjS#u#p zqUZN_XTxAB@MeSRIrwB?Mbye{Cd5okFj5oZ&`jgaqUdZur^4BByw~P~5r4f$r(4yQ z=tBni(W%6A&Huq1a5nC7JNTI9U5fapvWA<@mdUbRk$=fqfS0XXmlSOPqM)Zbn8f<;I zZ*}R<485)it!6Qg&Q)|Kj`fYk-)p1ulMX}5dtcUc{L(pXF|9z7#kG~$V3qN=?z1oKfDWU64&B~mWzWC!KbDHu;)07c3#kinwE*S03^R)Qj|9o!h z@#6o}x#yiU4|%2vh0oihJIRw>fG1Gh*u?C z$$FhE1_a^ca4pwRTNeA)P%5mfM0|5#Lsa6S42!6h0##<7g>>{*5)-mcaM!p&e z<}pNl${P|s+=`7xf-=(xPhl+7AU=CdSIdEAqgcm^$ zT&s)#1uu;VP)%vO;bSXpbf0@HpUk*>rL3=aO6WI>IVGs{p zZ;LmGYvZ2bBUOtdL+ZnE2GW!FJn2c!IqUSp|BuJ4Yf{Iovs2QOv;PHi11{yIV#gfh^%k zyN-TWW(!YJdT;5)fLkF%#klB^cos@;(!G|9r@1w5t$y%K!0M);2pcHY$Z&7RHDz}f z%rAJWyfIt?B24#fb@$da$esrx9Bp!5AMJADLK6uKV8a9Us3F1FHEhch%7l~OjnP`j z!kwKbI$=m)(CR?`gtCCG|4~C~Vlzve8&K0Vd4*fZs3kDCdI3&7mau9AaG3KXd^`6r zUl=|2R_FF}w7XSHi7ONqHzMvVGOQpx%dly6B}gKA&6r6)=K>Jh+@JAfHS04j>Luj@ zlcLYK?!!qr-=yf11wJv2lrbhnpNU`abFBHP&%~vGeuM{7rMGA`>oZX$9hhnsq3X&+ zF&(QEf8^{K0T&D=oqIc^ak)m zvM!q6=LBaaT8;No?Wj7Ae+it@i-qwe^U;w^XVZw zWlA)bzCm;E|JYOe2V&FdK=F?#zk;Jia#q2aSBs z`FbSn;1EV5Q4h$+cMMXeg8oB0%xkl;u4He^t{E^V7zs<8EzqEp0LfraO3%fcWdGV?QE_{Ynx z=Mme?t-i2~a<{8Wv_Q7|pE2{E?S&cJJ#oUa$;uZie&>+Xun3`6v!RY(5?m5K3KXKQ znr#NLY^@|UKSf2yljS^W5;pxgl`#B%lW^wmQwimBO+v5#N+lF;F$sM#FkUnX^HVUu zNNo6pq;XuE6d!yX08?tPXQL5AB` z&`9p>E40dxZ35XK8cc12AhkPRPK_~D$%K(%70s#OKDT7w|4@Nc)u`ax{{OLp?Dbl= z_$<~swaWPXpUf#a+i3b54>gfl@}~Y@JhD-Q{ND?>&-j_S$j7o^#jU&ZM%gN$+9<^rhWi zo2fDu5|JS~uJXC8EM37b^X*o>?i{{E0Vs#9kk}wG%wIBcV4|njgkg!p`8~|?_v(@$ zPSNy<2~5RCPGrAyZ;MVcC55;$lnPNGOs$&n1`y$m$EVIkM++;dcWVOoC%#6Pk7XqJ zJN_T!|G)W1a*}+8|I{)sOE|^q%J0c~cqNTnrbWd$vBm6@W^TS63X|c3Vlrr&8JjVu zv&q05VTZqadi&7hkoP*x7Y_vIN4X&xHzBo|#b-+ifDJUW{rDu4hXKzZJWL#Dy21u2rS4}La zE(BO5pe8H%CUe_D3T?GkBW?y`(pkx#&Ih*Ky{tnI8MUtHHDw%x{0(1H(A6x*89vX@ z%eL;&i^jlZytXXYv1y$%5Is`Vm>k~`(#yhblVAUGUS+w`RhRaGb(AqTp~j_%7X7DP zh(^W|>m$8m2{ICBs8Y}G`N_h46_ZV=KM{Ofq6F+CM2=R8D<%)Ouj~dC6r-)=#r;c} zmROz|ov)z%OIU9Cb|4lMCpx~%pvcmi)=>i~k+(wLTI6OB0{hB2ghfxe@!5>G+HNTx zqMba;UgE>T7Yoy809sgyBZY5R)udBGXGO96*yW6dccW=ICd(3kq>)T`Ird-^tYDY) zcdiOV5j&p6+Jf6s{Kz}^!D7(uJE(ivBh&>h?|4CzwVG2)OXzfF8zaODV#|>H3iXpcKcTtom`GQZI$cleRuN|q@XmKEFf@#P=(-4 zIkVPXqUjfi1>84gRl!B8(MebLWbO*f9UW1|&}r24yOawW(`p9M1YL$uEJ9u|cGspc z!kv)Q_<+I4bzQ+o!o|pS+QB`Hoatgjho%flE>syA&~gt1mJbtms^5cs`B@>f+`SD> zFq=zF`GFp51j;UY-VXhQ=zf}fhPy6wu7=z>oCNI~`{Qik6c0nRzzOiC)*gHSvT`)U z43l*6ILWKu#HNG=x}&v3N{2FY#)Gu;@nLNHW6U;*v-;J}Pf_mngw>UXP(R_W zwi_w+i5s85ilpyH*(jK7dc5s0k}6Q7d?);|+am7siw6~@==ybFEVKBqnswH3f-n3p ziyD%47X6fJCg?3pEKG~pol`8;+UgYb;afZBYXC%i+qRdH;55N1(8iL*8i6k>zlmO> z8}yK3ZT#&|E^o8sQ$a+a39P5HZ~TQpzG06P^^mf*>5Kb?bRfsK9`C?r^BinwEbJ1T?~Kc%ng_dk;`LGWN$-^M8FU*%b__|ezKPhwKKe`kTZ3D{UQCz z#BVHdif~DkuE<$;5l2vnApcOa`fGta-wOWSoi0q#uGD=z+SQG|^XunCyYAX_@a6{QeAXlyvhkuHt`}mW zg#&+^CgF}33j(pi%c%fG^-6vDtG0K%SVZEVcEh#Cemu@ibU3Qm!3VLz6W-b)+bjJI zUkh+-=Asp4JUBmp!X?>{;N=lkEg0G|*?&{vWBt13@m>71`TlYf&qp`AX#-l^?;8sj zP4>U-@aEge{;gk4_J?-z{QYEqV((=CzR!5Kf3p8Q-X(TT_RkI#F2a!v(xKgD;nnM^ zTWCS~Qw7p(2NO_Lt^N2kctLhWXTc~JT98ykxh$UaZpq0U)zb{|4N1;F2M8}EqDyel6k7BWm~xSa%^4)Zta z_S~AYM~WN%#s`F%*wI&j(fHqZp0jrlpZ!U2Y{T@wzz1}t+^@0?#ei}3i4$nO3A##I!Wvv(0?XCD{YTM!x^ z*;^T^a#Q?`c!t!(2In8s$Ha&^dmkoeXvmzsic;fm?4ExAhTb3N=3P=zke4{jeLn0Q zo)ts`7>|<2xq)^VR?kYZQ+(>Yv;d4$wEFMf!67VB4my9LQHu>fm#?_-h8{cm3q~Ry zpi1ueEWQACBftRb9HoB6%HQmyLNgb6B=a5jT%wwQy-i-fE~zq^Hjv3=;F_K{PNkc? zEtSlIq2xg%LoW5T_9HqKBK(_-Ns=)v#ry?rjY(xp9-KWbAh;0ttA!5;YPS#<=Hb8A z9-7VC8H1^nJ(OA89fRYaf46?c9?^)H0Pw65ROQqf=Flx5ksJkxN0J-|Gv2C$V-afQ zkU|p+v(};La$|yckzYR_(ldKy_+3uk9tzZx*=HH4`nP$hb!Q8JJzh}CoX!zTje$!1 zX?`HoULgCCHM@aDf5Gl*Ulw*vSe89PYaW&)ynT|lE?T4Go1DZ5llW{pk!}9XgQTr- z(^^ycoTuD`H&Y4TApL=4mpfo7_(TRA!@px-W94mG898toy|Qi2jbx91O84kSiF2cg z0nXz05}Bc`jr#J}AgC+90Az?;ZGnokxSZxze?|(bbDW#7DwSX?t>aF2H~INgGR8$s zPKOu=&1L}S^!#1Dh?V~{mD>Zd&P{$alguE;oqv$5xe^W61D1$Y53;qD8j@g=9|@qH zf9IMo)#Q4zd+utYg~!J-*Oz@1f@jWJZ4}x2?2;cHu+OrY1lWsR{bpCg>YcmOdx<(k zOjMRMQQ?=)ZUhV|)xD2}Vf&#)hF3^BuNLXmI&(G>$BZnDQ!mG&1hEE?qp95K3A5QRqY}}%)$bGxfynRab ze()r;i97qk|Bj}S?{C}yO5OWoAvbFP)VwZkOYWdza4N>E7j4l@CLHWi+A=n`whg8> zd23EAfR3L}>f*ximRzkPTqtqAv$dm58>=7oIwz(sK`oW$+J%QRSjX-cqiHuTHeapI zdI*7^3&f~3G?CwBai8?bAwQEM?hV^1UTa@QiG`*u-Is$VG2T}58W0iRDWTk*{MJm> zh|Xs{O7xE`f0`U+3z7Y zL9ut(je=U$wB3#^;lXNJ>v5=9BpS>(+lpPOgn#}Kw2q5^^%SdFn6xmSt(FT9&e}mT z##)EcJC*^nE8MoBZpJ&>cLa!b9w!TyI!6cVq&T)oZ=y?8ScbC;%*#+Q*U}sY8p15S ziIdNZy-==v9<=gJ(5y3=oYwxejV(|5XtlqwimdTguobA=fJ%i914J^P*UQ{ri2v_m z_HJ|Y%immIF2$6p$j&afLGsV-%9jWI8Op@J zhxhdoycRge8d&8!A%0D|d-T&Q@(#}uSl(;8no50(R7OJE`MuPYT4SW_Apr6Zm{J>Q zB#jMNi%Vz*?Rgq961{zVqPws>Bdo^CpZAhq^^%Q@I#&G6o}BKzVY(-W?oKJ)tBH=+ z3i1caW>%2bo;Cd*;B{v8T>31TIT_{qRqcC%G;nucE^w_;R`c5ckFV755CkqagXA$* z^Co5ZqsdU-!cr@MlK^P8fu)+a&JL2@feT%Px~JA$cra8+U8JhS{c1uqrdLQLgh;E4 zU?iP$BQ*F@rN_!&A}xjUJ$I2l!lW0!%gMmK{xb`!m|L7bt6^y3C7s)mlcuCCu4oY5 zT>2ic4H>fh{q?TQrV$%H7n*V^?xZfc6Y$oSfE{zm6Pe0H!@{`-O{7HpLaf@K#Y363 z7?}A?OGV{6b$0FMGVQ%oFtS`(@MP4QC z_~Y@6CZ?4Bg{#bM2)7D_Mv4H{u+nh=h)aEkgLdS*LjPQ8N}Lya@W)yOYU&DpSL@r6 z+-~yM?>W=o*xP&k8n4%lOy)V8!2?nab3X#axQt(K?(%{(y@?R0sk!nMiQf2tMOm#!ZLLGw4ek0k;+1voAthRO+4~gM&?{}PkVN0Z~ATgwV&!A@A z68Ni(>?6^ynRezSO1;`lqRD`{s2V_A56rgiHvJ>2R@-o_`*9?Bhz<&!y^rdqZaPbretqu#GMC>yn3L~mvfN02 zfo9JAlj1LtB{kn9-RvMBtTSYUE0vhiNm-3@z_k>S4RkrPgEdp~UpU$Q&O>>Uw22wx znmJaS{3bQK#n+gC(^hi}kIwOray6sN9+$sPI$OO(V=xc_?(Czo1UKWw&*#FhC}TBC zf!BF&u}%)CwJVn04!pt#a_CPQ4G52`F5iAqVC>o}q)mqZqI~+sOCY%>iIRm6$|sFRzPxz>7LCHqy%%MYg^E@qhsYuFz05{5_yTqH~T%~ z0p;E`i3Vr&G48T07n_7))`1ZB&qG4p#Uk{a6o0A=lIAjF;VQ^?J!>zQwF_G?9~#u= zUDCVyDZ0!WzP!FGVtCdJ|1%iTgTJgwe?IZNmuRW&sioAN=w14WHk<+g3O1glgrjf~c!W!W`SIE;shop%& zYOMdbPj$+`(UltzY00f~uUlvBf39;)-)vl%I^QDcz&b_idv`$ErJ5m?tf|iDe=;|x zVxr1w?bEo=WtI#-ip|ZLbBCt>NYDuLZ=WdrJsZd%zWtKsygXr3z^oave`la&`-u%<_6QX-xI(tdV?jHWK+l>PY zq4f}(i$m&a$yCar63Fe1V+^!GcR33$ z#to8|{*FYUoT0wwbftH+wlaNt?CIA8Vv{~|&+iI@v(5NSfY76da)BU+-)F$1yNusc z8mQ(4d^*K{7U!ttJfm}yQHh!JnYcGp87!mLi&N&s6he^ISkEd})5_k%k*u|{2gJmE zZT)V2^G9u0(aaSm@$9N-H4N^=N{;byYnRm|!i>3oH3UCveT+78IsiY_&5`Z&hM%IyZ=H#$}i+8`{(W!lMySf)hRsXbP7vjoZ`u1KsLwzMwwe#E413ice^#V@a5{r#EQSt2{Q)(L65{gmZy$?DA-I)B zrnl<6i8LZ^cp=oQDXjp~|G@cnd;HhbVOV2M7*pEfjmo;hN9Q$rBWnoB^QH4f6MK|~ z+O&6nmHm};-i|MkUDm8qs_m2d$M=f6<4CFLm%)zCPFC}W!p>h7ft{D!T#x7Ga&Z_Z zSA0GhL>tkW&8RT9rUK`*_l)^c<6ktS zvEuqKa!}fA`tYjya23UzP8e$<=|G+`4W*???aofDdAyTdSz8aHTI}AXnz8o7}A(aMt(9L@n7=jVq6Mvgck~+PwOAlrPiL!Maw60 z_Ut^x2nhF|iS}c~ZJ+0~dx>ecZW7{;3P<(l=J^{|xmh2|&8lO))qF3xoL~MCs?n2M zxy(SsekPsXuSk0%HQY=vRXIKv&a(!NG}Yoi;e!mP=Vn-IGV}$F@jh;bLvu5j9j*Cq zymLN!h?aD7bAA3oq@m?&3a+4EflCQhREXL5^Krr0+sHdnUXU8{M@Qmn5zDu zs`{!b9fHX#^-ekMx>I+!Ria9HC-8;#B|=?p8M7^ zZ(pRXiAlV@>|k%#>+QL`9iIF4AEvBdv!^HhOq@ZMBXhI3JLF!WBJl?n+gSO7!WF-b zK>j=Dua9Wo{M1?aSD7PyWcZ&Gxy*?y*Up#>_l!2`N=mEmp(L}LFDAQgS}aO%yQ9Jr zd6c!EUA@377pe@_;TD6Tk13?h_$Jg(?sopx8&uja!an(%u47QpUAG3cR@?ik@~>HJ zb-XB7l97+g2w0OSMaIF4L>cp0Qx5kprqLbIg=!dfgzF9yu+~7GX&?*QtcpOapfV79 z@I~!fY&3zok^5@ucA>x(uuqGQ+d-jUyM+|CDYC|?I%}yqH-oT5)3Z}V60 zgpc5pNJ=2K#d!y0GPzpVJQoD&#y2~!9b!)V^#S`BtcB?8{6`Egk-(|nM>^IKM#fCU ze!mwp$vubV`jT~ek`O^HO9`T265RLup|{}rxcHBs zrY64lg=MSxu$s?-&Yhd?H*>E^8Qi%io9n@Uf`Ku;{Gm@jxzXH*@IUm|NAoZv4_C3x zwHx&<_%HOfMBWJb*9GdTUjQL_AvsMsI=2DKO#^DwfG_T2efVu*61C>Y?k;Yn{<&%) z#XccNnv3KLuRU@m=eu!AB~HO7Ih_*IYBj^l=Q+OzW_*OkC^r6S<~KeQ|-)f#2>d z1b>Y!UJn}9z+1Rp*5b`#GZcnJlr6Cgle#aBH`X0GZ!9dyk+yf%J5{WAw|npY=9c>s zwFd>ZH18&P@BZk%dsFYYVlwY6@7-_AyW$6V=dz840@jdfH8%=bQ+@}s zku`}Yi?h3p!4U4EU9hVRAFp|P4B%pEaN5F_>7ZpbAIfkg2G!QxqeEs*WKZw#0J2`4 zoAn8kwUn&RY1EAJTUB-JLLY#u?E6%3Osq%E1+j}amWFy;b|-?>jj*dW_6@Xlp(V)# zky1__VPCwl?+CkgW7#NP^>3z-XY7(b7fT8Chr?SNo6?>c+Ao}Nv4%FtnIUIvUk_Al z3twr*)*Y;rP7nvSJ?q5!heyyc`-2opb!u5=nU3k8U~Z{z$bIXM?HRmv&i-wd5dRwO=LbQ_3-Z%5Ep6Sc>LADQFhe+g;9d9mKd z!j%X^$y*x$;RrI2uqMU0)fP73gV3fVxu@cv>P zLEFpA_!Y1h?k0OY2_G7Ls8ZRY%S-iw8v|a{#Cjt)ZB)U)V1kHo5n+nO%I}20oPsj< zKzA~Tnle1+QLV!P!@U_duS}cS;)~>uK;%9iiWqR4eD4^89oO$P5u0L zE4XMDda zs?l?8{!+m(g)>9{GnHJIa7*?!B_C3@+KLbT_xz6EA_9M-4KB5LHVUcGg8?Yl^QMu| zSs7)b4~ZJ7T4czrTwu^k`DQ9vgM;w%C73Ik=9<#5vLb21(m5ecT4D)g#>17GzoE)> z+02|2w2D=?JRY#y;=0ZRajHL90VBOVw+a484|+@?%`j}x3l3H_1LM_R6^*IM&Q5q% zwcrd|;GwS8_aT8=Yb#I$Uwg|F@uh5(s5(U(MX$*=1Z`fY{c~kN!(#TB%BJLP-g>98 zIchE#{`tRM3~w>5TWAJTUcnLnQlW>=q%)jsXPKe)H{|gu{@>(>o;Z1;05w2{XLI&+ zqdtQ6u8r(wAL(=Ndw36@%YvxjRI%cd?}1~D_Ffg|=0!sxL~(0fJLoHxHB}o=u!8cU z)VydMqOW|@Ao;Obs^88>FUp-$Kd@UeheUPo@4SFxU3(Op z-TD6+cj?wh|-%-Er z-VAp3(`D06wL7jKuFI~N25IP~m3b%R<<0BctA204Tf5cooptL`@zJ!nelM5R=kVZv z=4;$N?D9v{Lxm@+SUsaX3ypVzI%mVDZhzi3180WciuTq#b(XlV?zxGYyCw4&_Y4)xNXU%XXf!8OoV8vNxbaTpCj9js5>CoWm_mZ{GgI^ILGg`3PR}$!H|nM3HS3?elYroRZF4+( zM89-Bd5-q-+(UY5a_74QYn!PajcN1f9@8r2Z`fzD8Ll8u(Jo#!&mZ|2U*6VJJNOYp z>=oW>u*!euYVyR-B8#R(=%-l?I9&~R@M9OnauXulLG%@Eko^T7*^4r>$-d`Mch=2N zrF3c_oigXbEY#feHh@QZfOWF8B4_u{^UvP}SxGcu)~M|Hy!$ZjR`=5u?z zMbv1=%=#8H5sRQr)6LjIp#^ffG!%o%y2U?ok#%*G{VJ%*JWh`(en$&THb}(*k;!}8nyHE?_SMcH7k<3R= zWFNAcpCWhZ!QOWp|N1_aomk(g|KEDQCy_Ummi?{t)W6bG&#C;W?^Kz;uqo**Bx}1g zk6tA=23ZXHHQ#`$v|+uyht1F4owfH7ub!>%)~+y#_ibgG6`PH(yh$5h!7BHr-<)W; zW1MvyDB|u5RpY3ivuF5_dXCNE9s%NS;Nrk!`+qIr8H{1EVszyjA(~*cXSM&CiYj|= z(ue&kl55gO0%Mhbq_E zHOUQuIUqEdH*0g^WF-yaFgu_HNcNGokAzvJR^-z%Yu+LC-_?iD4Y$MxZcB`@>f8G96W7Xi z+bT!+X7%n68IB9aEUvWLlWo)b7FkUt`aJ|Y=+{=oi;zHa*zd4c)vvF&nu_dI z$@SCx@L^U{@1j-T@p}F2Z-TL^JTx1-7!51#;fJnoDr&-iMx+JO>|%88T+-y)>o`NH zk?;D==xLr-ebryC`Gbm&VDs%MtA!w8e-b9>p5P{9`u!O zT}7M8=C57ng3kEvBY=Hm&#~dok=aFg#4L?oQs&K}O`(d8RX7#K#r^H4w2tm^4!}{N zB19eIGiwWGPCf;a?@~W3FWk9)8p<%;$#pKd_?M;QZ2Hlv_9Mz&>!a0-?Nt-;oovEtG_RR6BTZF#ir8l94I?bv!vL7ZKk;-fEG@S zjx4b3(a7a+HDN*`lu;H*FMS?aQe%%Uab=9InD(IhVq=ZV4Jp0h@8R~|=4M>CZaUSL z?8|40tgWs%u_k&&(X1XEvceZyxLfxn2AVGtBrodo_~wGV=kCyEXO#4|*XwTZT`oZr zN3a>(!`o%xUWUo<&o&nnNULk?E4U7QJM^P!`$X4Bi@HNq!McwC;vx9i?`VKr*RLxm z%S#Mo@fZm#ckx(8BbQlxV2BEAXDx?{pnVfI(Vth@ilgxZ{7o2Vmcx$Fpp`JldCs5s z@Ra)wck6Vd+RX&)#!u%6UbA1?Thn?Trr4zT^}H}Ml)*q(eq2e{2odpRI1$6gRQ>UBDA^oooWap5do zhv18#l?H*`i3PF-aAQR#WVL&k@*8DyJX#ecak;^GP?#)tI3#ho{=p)AR+u zv8Op(q{M@a!eo#8Qqx5EL?LExpzcsB+S6_)2tlbzE0UDcfu;wT>>>&sJgOj#L(_Y< z*kP!9*?V9xw*53EzS<5YT{l5yli`*X>ZX?UT}~OI8Q%2&v);`7=L&VmoSrzH%V`LR z8MaAcnc_3~GGnCII|&5n%)wfNI>KHZXH{?K7KPYNG)DnSoF2RK%}}NyWTpaSBA0Xr zi=`wTA9MIQ=XOUP!6qfFcVhjBl@BI~8>;w~5xCfbQZHzf*}apxjLEPp>W@C!+>n(O&={!F6`J%fO<^zN!j$A}%H zxn1nQoC%tUdb4gV#1)=HM1xrQ^?+PCnt$xQISrE!+FD9Kk`!4Z`P#C?~wLQBR9{HNC zY@O+PPv}}xag4v=L}h2fUdM7AKQcv~Y1yd>4n!=`H#};kZ-*f`$`AMPCjASI67{qu zCLL&ik2&zabS|-WXR)DIKza-IslT{SUOr z-bbS0PU?FY4Xas~=}zm6|6Pl0F`26ES6u%AiijHdzR!&At$8n!9&h8L%C3G|gH4zw z+#!AxJ|4>#rZ%n_@X%|}i$x5ICa#tgHZYXIyCl3(c(F8HV>7v9PLVVBys^s}2hG5n zzBLqmR>hnDfa6L!cKh#^R*MPD2(tYRzt*o9`Z#f&@gR$m*1XBo znCRv{t2;ckXdV{UR+Pz&#;4A892lTASFcT3vQ8-+vu>nCE+@*BI=TH zN3nw{rrdpufERDb7K@P_Q@a$wV%Nz&R)P5tmkK2Rel9;;QMFR z=gmGLUSj$jZVC)GV6_JB`WjBdC{@9BHhyWkZvu4&P+g$yP52ay#zHg#;o&sC0fQ_Z{)MDOeR8_An=^Fdsr+a)AUF}`#bp;~ zmVvr=Sq9?#at@zn+_#wV`j`YWUTF>TLg$t{G|`FRV3r3Q@$5`551q|A!Sc`?UwL3j zf5Tq|{d7v}s+g4`F5aE?3B}GuoP-(lbE@sL`)5^FXeu+uU{@(gH@fDCJB~@oF$b#W)58K)V%U`a0{j&`9|E=bX$L2+grTc~Mcu*Cw; zLHi8LCVZNhJ|;YDs;Lf2^Tn?tvu1g~9$pbh`)-RCo|OKP;_kH17a?*nx4+KsK^oni zK;j-G5u&DFxJfsV^o5r+!A-h~r0rhPNH^(nlD2qBLr9{zY|0ax!A3GsRX@Ej5BD&U zHHB=f+j%FwRd}!c&Y9$`aSx?~x$kOiNxn&eLwV4-FVT&>i9?$6%Cra+UOT$GR2D(X z|G;OO9k2xVMwZ+g=~forBNoK7gO8mC#pi8Ru!gs3nCa|U3Sk&|zY~@%zTgopHM`nt zyBFqDNA2;IgpI|4akR3;5VqR-3Be7~hjdQ=bbm6@uNHoSJ(yEh=YeWlR)%l6SmsPn z7{EQ8Ye16g-G-jg} zzW|NC)#Cj=L6Ah4m)yi;+_B& zNt$D?adiYjry6?sLN5IX4x(kI)F^nc0E^RVLwJ|%kZccYvb&cbc+wa*Hgax(Zt=%( z!dZ`*ZPY4?9#QeS|AN;8bxbk9t#jV~JU=gS0%)vBODg8lC*vE-Y97y{^Hsw$KJ8XM~ztF@|sfet^Gyc>yUdfqtl zXQk!G;2Gj~Uc_yuvbZjSmayR3YpQ$+-6Z8Lla>qiFP(OnoX#iU$z=&bv%sPWxFOEz zfv*hyu9j-Dx$>xuO<637qKiPYSUe|K=IUEPJJ)@|P@s2*ml@Qr^=#DD(k=PIIf0fK zEgQr9e&7tl&@*8+{+nn8T>d@5jHvPucVw>1Vga0f+%BcLa$_q60*zz0*O`TpbBXUP z%_Fh=X39zT!F8CvPzVgz-2!!x9^L}vW_@N8G3JKJ6{!zP!Z8DpD@>t)vkbc-NarRp zHi=3yb1dbY(0qsRC1bJB#8ieKdITopWkLa9ZfDbKH{0l7z~#ei!Ekj{-|q|m zTqkUprF(RYP2AX8-S%f5s0NbiK;-Yv%)3bQNJ{#g&L3~_NGfQ5p;myuUCt?tmLaih zbOr5i6Hlv-*d%)To)bz)*il5APG?UH^-#f4%jAU^7K3d%T8dt*mcw(aD)v_SFW_K% za}oM{&dz^(gns4!*s7vbs{}~P>_gC3Tr8x<%QFmY3)m>DP1+H#&kEFSNhwbxEkj2r zx=Ew;#8tA})A_|1KlV5G0 zVY&=fM+NLsv#eI78$C;nzS%VT3O>!UdP447%e<}Q(^+$K=6rXcw>};3cbN4k76ySm z19gWF#cNF#s$NaY3Yq}sq3U+Qy#cr`s!%29uERP+ylBefrVgf_{Bbo1qCP3z!Wn9zix-`N zjEZs3+_x@XME%a+Z(_fy20%jM0kdBj0B#l|5^f@knt6ClvV zA219@9P4wfNx1*KRKoBHCIMYzFGqQ`NqDo`O)&WO*6-44{Pfr_+ppW8x~!4Q_n92Z*R05cc?kH&>~OAsT0CKBGPZ}@PFO3%R8;$`caae@ z2l>Qk|F>DquThGVU?eqyVS+-kN-<1MpHEoaLiFlS?J4BG2@r2!Ch+JCp2CgS%cfDq zGY*#Pa^4xAvw*qmU>UTwB-jaBt58@x>uT|tv)EtCPriw3rI@5IUpiBDI-xH=A^kAY zmGulSBiEvQvcu|ytbA(4$F zN(B_HQM@SPtEIZDD6ilqHOsnat5j^OqOC2yDr%t-1rxvod?H$lpaN=T)+mbA0HW;u z{$~EW$;QNc`Dph4pZ}SeGiT16IdkUB89TOLzouR0b=JaY(tTiD9skF;BqJSoyG{5h zi*(0(!)Mrp1tXFPgRiy;*N#di6qG>B>iD$wGWy$u_~<0W@Plo_&)duBVH5g$Wu&Np z7oX0v;W;Pg0u&D^W>zMK9NxCMN3NYq6fw&rG;c@MZRtR`7qsB+ueo3*XGp^AkJ= zobQ9qK>j>18GUkvHm2Hub*#R>9h0o*|x&^2Dq!lTOOpi?LY8?J$EmXei?a$DCN4 z26fhah4PtAN2v+E`a}5;ULmKcWTl~>dN6^QCF;ta;7DBZJ$I<6IX?3T7^tOAS)@HB z3%rca{ufjZ2WWmAy-y?!5d-pbbGPjjLW2$KXX2mjOE@2`sJ&4g%BgE2o650!qt+3{8q_7Z#ACE3defTHD9%e6E0hT#EsDCZWDww_eXJ@<=0C ze4Ae$}_av^qhz#*Ek&EU1|LFKM1-TVe72t*qT) zUccBeX$dtd2A%5aG===+@0Ry!*HTNg`W5!RkGD?Nrp#iDzpPmHQNAi9GZnNw;WFGK zH0u(xPxH^Uycayd+}0{CX|9Tdh;Y{yoURi+xBu=-ch7^CV|L;AJW%Fh{v_4R7s@Hh zOa?Fz$u>7!55q`-f@y}Z!zpG8U2P?|f{~2jl#4zQt&jy`lAp#q0E4kV(K-yl9xM0; zmm0@TnBD=pxDb(N*;;pO`q6XvA#DG$S>u(^{tOf;`w zx((C&Iy2$qFU?G@*`npsbTl3VmX7q5m;-+4=y4I&K4@PNZic6(=0)2sr|&R!L=WMS}# z^sI^oiu}=%aH24X_j5Rr6B_Psp)4l;o;;{nap}R_-7fnV8Y$t(O4)8J&5LG4vTVJw zH6TL9f>z(^)!KZ=N<|O~z-abSx*Y~j6Y}!b*Amv=3pvoV)qR<$wnez@{@C!d*J?v; zu#{!C-VVr;t)=IuncrJJLyrHNO?>dQiVp~a@7A}z+S@@|i^TIse3y9E(gjaJ)gp%Y z>89cNd{xA8n7XcOU3-Xan>nUc!g%(XY`Dpf5stZZI@2^^%dI)7 zRd?4tLOCzwQ_f1QeU|&%oAB^un$+5KJ*l;Iy?L3g6Y#?5q@B@72@@~)Z)L=8)*x1# zRiHi)SvnOF7KqHMDT`i#N%}elac=gMh>a$JaoTi8KK2eC!g4qIqOL<&D%$ zqk4L}M#Jml5RrFcmrN2DAH}AGMq-o;s;=c(StL7jmB;<%^%ZlQ@1#KG8gr{oAoc5~ z;TN^dQ8?CUOolEFOlZ5LiVdS7#)bCt`_6sWH(x8snpyQ3TnoZedE}#ji~GtXTvHYO zndV{Ju!c2z$^9Kp=oV2eXxk8*OR)P!vbB=p4*1EeTJ}{DlQDW-jd^_|qdeS#@tN4k z;ng_|kIY~;$^y${s$v*uRwR+3TpYv#$c2)XU*W(xQ)jWfS`5f&?wDz?>0f&xx zM;wNwab>BXzQI?8-WylauE-p~6!!gap4;B;tjEm#bZQT&7S59Y6{Qq-rC_s@+t`9> zC~pxQrdHHQi;K;f#K9FihQBfI&^=85zWMcF!3LFss8RpW!P9}CyZ0${8vhC$#52l# zm95~fizuDU1+;9e5{uT|< zZR03-4Rm?2`SYs1i5D&>wPd$%^zO*4w=$u~;Otd!`2(bymS0FclWEjftHYYy*47w^ zJ!c7GXH*+vn-Ge)Ge25XTWT%Ek^q<;tEr>i=t z{Uc12=7m=jiKoRpzcd+wSCr*)6Evk%_*Jv;>w9Nuk z6!C+uNg`yameB+CYr?;^ zOFg#;7-4ZNU(8HR>$jMv-pb}kQLj0d1j6Nuizu0)MniLtzH4v78a=&|Yr86WK*y3l z0z%j&OTNIB?3;h0S`oVmHEoMA`#VzoQ^3*kMJz#wM9XXNA5`p-Mbw>PZj z*w2V9P^ziuW%ck-v5iiGO9Nlk8#Xj|VgjK!=;dX$D0W_~-Kp>*iEhxcZ&~hbk$d~< zLU$WUJFj^h)0vUXIJOkgz>bKY0@XBy4Vc=y8qS4pU~I zf;dG2KEikOVARX^fZ!C>R?gx%2cZXlDglhvlH{P*F6hWXjqc6kpr`Fy?iqvH=R+oo zt*F4$JBVbagE7ygVXifkzu{~CwjL*Z4*{Rn+krc_D>%C$o=*$o#To@OU+X-(&i$0_ zVZze9ipd0t?|cXmtwnpqmAQW$m=djW+Oq@wE+0$L7Ly;QapKhDB?O|QoePq#5d*(?k63k=T$>+6d!?3~CJE^Ek}`B`}d@Fr4;n``WeV#@V5W4c(`i;87i z8^Gv}j$>nyJu>{Ox0yRM++%}%DuL6&WFT}rQbs7DqzXavyCMkPA8CRPuJ!P=;()!l z#}O#9$*M+MrOWm{S_6Id%!(*y`rCrQTNtzOc$t{yl%Bfz*<_D~KyCT2`QvZ! zgS*{i`9=Cy?JW8m2>s)x|KaIhUEWL8?qerdTeY)Uu3StuGwVjWD7HeRSSbURxmF3$ z+!s%3XF8{iiU~Tfof-E^Cq@~I0)~&H^$yn_#g8=t&V`+r;{7G>b5q}c*|mTnwQF%H z5wzkKgVBU+fk|le(I6i1aqS;rdh0&(`xdP6H+_^v2ChhqY*Ofi)?wo3z2v1#UEqFI zdCAAKE(hNuEWSgS++%~kY0xR-4=jeM+*nAYpypE>8dd| zu}mOrNy3bHIUC0!#zl84HC+?9H@vS`aR2bW1A+&K_Z=BJtTHxuDP^}F!ox#)DCFS@ zJ@oV*K=Mi6UD#tL#zPYX!$E?`h9|a92x69eeNF4J!Q-}mnA{vqjPd32*i3IZJ0!!mIdsJ@jrMa~-S4b(NV-Q~WJC zeR^4zNqLcXRMXh3mph~GJ7Z1mE}h$FZeArFvBlgdjNSI_(2iQ<9@FnBi#HP?E-{Qz zT?SN%GHs>~K$JLb@-*m|)FwYzmh9#!>SmeW{S8m6n-4h8(ljVF@uiyusNlL>$-mgd3Isnh_itm*q=6I?=%%AHaVZ-3I7C zd(a1Cikyn3(BSmR4cC0D)mi99=wa?T*QyPR%zXE-#MIdbYwoa&C@zEr#ee2Y>VnPc zSl=bg%LuoWwnUIi{`u-25jNZo@DIgkY4c*V$WLU|L==OlzDBDl5NBG%RdJrm3y#77 zgr^q>#wIM*DmH1nDK9i*m{I{LM(xI-Y9K!>4XPM7T%X6>xGuaqsJ2_;q$R2HtV~+ovZStz<;&=s9GTz1V4T!jjfNmvYCL9mNa! zOQnu19Vo>W=f`O7TR%w+WxS3_7Gcb14_Yx~{$qdZCXsI5;aPGWzYv+8@niXjZOm3ReQk(m0zV^zn=ZB%GEC?H$ z?Vur|%!(O&G|%(S!nUGmdvQP-7Z<1?IAb|I15LY&12I>D7gywC^9P&TSNjq`NkqlB zQy#Ur-l1cMOr|rj6uHS%^QgBSy9Q}u{*D_d2XjRt_F--7qbo!U^Wh>%>Ceq(`@7w| z$#3g$al$&DP>w9QSJo6jz z^E+rSuHpH%;iu8?eK4x+Ak`kBCP`(94eKFesl;Ycq9PNrB_PsLQ4%YLxo3@h%17yZ z*pQ5svUF0A@K!;kwji(7zFK#Ne^g#GK#l>D1T{sExSl_l0;K+6Azp}aOR_smjSp%#M~$@|WV z4Li1C^0y$amQ-XbCVOO)d2BU|6J`4n)u1^iubmxSW6Ze4s)5jhzB@)htoU4ELKxsD z(^$h#s=wh)dMv(Gi_BO-X;%R6sY|avTSl4p;x7S+(MmGmWc~RGxq5Y#Yln*E#FZy0 z$|Kv`2eZ|0z0N@Fn}_Zfxpx5*2l}~5~}+n@eVpLxNF6? zLh{v$6obc)rfRR>l6|WMYY8h=4QvVG^f5fqjp2=U46m-7{NE`fTWSZpE@dY$t3yxa z&|tG4eSk-R-*?AfDNB8JKffFo0BNH4?MH{JZL4hCe6{_B{AAlC+l?S2zpiafUQY%l z$COjvM42x&=M-}F_EII-Dr!sY*mk0-N2bv7HORSV&`Z%s* zf*uqmW(|97urbw~4n2`b;&9tWGia3+Q{$wQ9>TM>ArUfiqN6^rtsO{Fc5{;^a(J-UB&tb zsAcI;u9JTRRQw=Yc2bWsQ7rqO1IPl=t1OC*eMPx=*0EF{%$vy@GDuE5r31SJIxyL3za`s@Fc-yIuJ|CBY#7Q z$ncs2nBNtEjEiwx3lc_Q3OiehF~)M{g2QJr67-svO@#QIVZA~{&Z_-=FLpZeD{4tj zWadX)mP234UA-_>yR0+zNT9!A4~;S-&$8zE)+Gpwni>0@7W!MwjNT`P9>mOEK!FFU zKrxM3^Fpe$RgWecYfHP@Ha15C`>S#|L+9xcr$wzjhxOt>eq!~!QC}0?|4Z2nO*R>Yt z^#Q$J6mEVb(zNT1nr%66eyn5sM`gb8#-70Bb=r6Clb65CU(XMr3BrvzC7WjcC4RJH zmdhSVBd~M%`H9+jR~hZhbWlT6P*;HW@+&Ph6cH$X8~|zDq*!#C)gv6$4J)o7*Q_YkXqutrp{$3USdjkxn=?;&X*@=;{prdFFYJO`wt% zsvG1az&@mEW^#E~#l@D2Hzd=}x&pxHsexEbh1wfkbmQSl9G;c;1vSB$Yp_zQQFilW zo7}q&yw<_kvuTrUi?z`dbB=7W1*!?Y&@yu&POx~3i%asaqQVXYFf%Vl=_Y~d-FD

gtNgP|;Q`AAQ}>wkDk!E^Tu!wnsjJJaxNC;7uUm9EVV zy`GkS-(q_H(dzk~wVIz&h2C)d5S4Cd54gfkVB9l)v_sGLis}?yET_{n1 z&^K7GTFmX%pIui>Em3#D0hb&X_=zs^_f zn$_8YxRsB@L7Qz5c7Nh+PMlqiv*%(};xa^9!Y#TOb1LO8zh32CH$oO$ZLS3`XHs7X zY-L2YY4U@2r0x|`e6>=Kh@NMgs!iC#$Xmv>o^dWmkPdcmI>OG*eXS~}=!meTdh1`( z8t12Ie?w5PM+jE89wx^@Dc?*GZwwN|+V+T#nd}lYQk|*vJeSaJD)p0~CLI)ADmqE; zI*BCx?mAOT+1xpYxb7KRzTQ`N1;Whk>#IjQuxoRjie%leLWITk#!y#EAi7jUl^ObE zWwk`I*Zn-OI$o;DC0bR?Y8n%FyZu(Dm9e2G1==rgj7|!)6?{VUsOYF8_yvvNiYM%` zL|-Eackl4NzB6_F?@0n3U@#v830Fo%vWbIPdjsGR$dr)5Vlux0xna&;CE2)OE7*d& zNSKt1c+NPvxYNqTzi`SSDHms3DQeqZQPLdh+p!hqV|hqK?{f@?)Z*r{ipf>qv+Vb9 zh(7QTh~6tipFB;LecMKVbC0B9f0r36Iz%V*MmHCFR$yb`-DCdFhYs?18QPnC53O+b zF4)?kL*zcZbfM}sI5&t_LDo(03nbT_P&UtAZed0vIK5QGPftNApD9EPQVy{(oa6A# zlfUzNBim+jy&V7Cu8bVW`GCa7+Ju4wX{po9?2wf^ioap5T0VNXFpu{K&NTd^v;3R; z=|Vt}ABY3XI*|ndI4C)J=DvMUN{)b;-3~3pIx1FzO1|*bwTb516L>8q0j z;^U@8kS?PbK^Fv9v#A6Qa|Y&{5ka%(xbQ|O+Lm9LVPgQ-oS9RhH1cl`a#P!q%lFaIKzPq8js`=9y)(Zvsc+xclk4hL~jmWRg=R8vT1>eW*5ez%R?XSP<4!7}L z;a18~M-R8Dv?{4e9F)RM=N&xUbeX#e{2*>R8ivM@FpW>!g|)`@QXXSOKp50k^3JRQ zfytXIGxriIZh$UolhPRGJBos@W=5holpjdEOw?mSa)64uC$*(h5h3Ca-cJNj#mj4W zMhngwvB4jMD5oK-<8QJpFXg=x*gHhI2JD3-*p~lze%0^*F?rCph(|_os~p@t!1?X) zvS%?~QmC-={O4VrVP4}%uJkTK8eJ7y2N>=V1q{x-2ey3bzbvS)Uiee4g`p6jx& zy01IrC#KcjiA2Y}Ye^LSqesaI0WrIvWMZ=gyF3ZD;G?c7X&l@z;JT({Z5lG2Dfx)Y z{@owC%YM5HOXzh(r?&j$CB=vzy!%gHTUMaDbKs9(7>PCc(b@pzF5W<=}qXZNGe) zhD_(SjCa}3>o)sWI+>mtAU1m2pf)p(*$uIzxlH1$I*vF=nQZJGq*_$78aiGRN>;N> z3qWr%SFV+hAeZmSQLwNgI>J2Ym#ggvUCYP(ts4apk16qxtZ-XVrwZ{3va9+kVhTo9 zrO}wt&(Qz-wR#|?_JFqcHupe*hx?lS`xMRB=FbAZyq;tP+xW=~rqkFq!@xy=; zw{1%myK!BNw{soX{3O_gTf1({pB&tjZjlM3A=9}n)h_!_y3IcJi;n%0WSJ-Xc4CkR$(KUmL%Bpce^Iu!Drgy9ssUu;$4~6`p(4LIKpP1)NS@(ecF+D-42=8t86(< zxIH1Zk|MwL|Cjl9E^}>q=C4tt+qRF7!!XkY6~9r?_SoPnlVGQ8 z?wX3DU2$gu*EJQ7PHRbLD(1QD8Qo?dkk*#uc)P8$n4E}M@WMCrNrc-iv@ANQT!s^jx`?V@4#xK-JSzx5bhmz;M2HqC+MCc!E;cHRC9 z9o&0&cE<`s(i_leRd%S$et);wOHIf2ck0W@F84xmTixc@n0LBp%Pm=AL!p8}$ zb7#El;3~RB=Gru5I%mJ#W$)E(_Tcs(Xv?LqTE2WRDOn!&wD3+%9^$}mNrFA~cGqn= z+QFUItpr(=hD_(SeDI3JX8&%pFXljb`v{lSLxGVvdxic^v?5snu*YCOo%>|KhW#1W;`io?w=Yz`8uiIv2l4V?I{Ai}t}fUw4_)I6TD+-Oe` z2j{BD>s1O2@LFWSD>A`rXEFEL%y#1_hQ&pnX%>G``z`(PlSqUDYyyNvg;yvCyNwDY z?~G06FN?A6*)tEZf`2pIU4v$;K{xQn-!NSby8R~@cojh!g#bfnBgF(uqSahf*oe7< z;2GAw{7vK?{{$=^zvaFXn#@sgHv8(<16;{@HtWF`U!bbncLns(ZgZw~1xB&WS!T)7 z$P%lN7<>qi&9|qGW1MQ^W5-g{^%!N;-4V_*d~R|9jw_OZ>9GON0q(!?&3{1kVezM) zj>vkLZs(j+5>p}%V0s76>=$qz2}>JoC>!ptr4WyJ!M@ly)qWYEivP;~A+aIpLm_)I zk#az`C=J=@0tda#BHV=SBZ=^KQ%r`|6R<;8BhNZe-WknrRZD(!oNV0q{euf^8_j)< z+re}ko(-Fjb9)z8bhJlae4n#NrYSMtsN;Yc&$6h6H&Uw0y|UV;nC*L6=<@GnnbJj; z6f@g?bhB>efA|Bov>^tALbqSg}rrB7NxAQ&YDltNs|fF`?)#xEVny0QO3r; zamK9pXuDal5^S+7l*)oI91DVTZ|!5<7mlK?6F7x*iDahMgDHY1BTtI^*E0bL)(RMhIpIX&CO@92P{Ul!=9*3 zpKvJ^yGFRBuXlUIW6gZHTCCt%b$>Uj-Kx7{ezLi<)LiYUu;Z=fUVm&i7Uxbvu4}$H z17_^ZeJNJzEEfy90QRP#?znrCcJNZ%ZTU`yX2n^;+zf@DZ8v%!ZAp_n_&FYq^<4EM zGuvJD{}D?P;^uZj$mQBxb&Lq{Lx$(XlU6+J;W{y^7F@*H;x5#JjSg%>5^T!rT~DP= z4(?Ily4H3lU@K{FeCMh3R+s&nZnIZ!>6pFKe1GM0e2fhql|*v>?k?L>>c9?9g8kvO zuG=!e!F~0c?%EPbL#A_EK3Q(DS=w#(-(r7gCq+m3GsMatw^f4!*lyf(uKh+LC|{>} z7{IXwOEfMbhkElK0;s_z992npWn}ju)QZQzS`w`SvCaH~R?0U5sZJJVJtGa{NPWM9Jgu|6qC~J{VLm+VJT2tX&SIOm;U7tCzlGSo@TKHrZL5qu z>_j&Q+&EKZ4&lTbC`n%LeB2Y=gfTCb=w{FIB7_2!5=2m!IUF@FIXq{8y{D4R=h3`$ zq&AHHRJ1ua``If?TPAI|8-+9-rSpivo`LZ6Kn8cZ zAm);O0iWP>Q5D&P&S(l5doXt)LC2!RD&`glPzuCm)vO!~8oK7eMmsm(KFP+79Z=XPF(g*hZuI=-QFgvXxr-p zc8d!ppj$I$teU+MHCv(jA=eRM;TGZq-8x2#8ThgrDo=qa`Zj=SHhOt%@PBW`nfP7y zSDbgq?2FBJk6BLC)O>Cr8lr+N+N?eM3G1+Mnk84XbgD@96E0PEy8D*IdfpFCpUOuq zvFyuK&JaAE7clz}A?0+i+d;^4ga@N;ANYQ5^Yr$p zJ4HvRyhUHOI9*@S5uW@eHA!9`YM&(UMYcIg&J-n`w(!0vS;ifXKfFIpJLLz*Nk|=o z;f88Big~)PMb6&2F%Ui}OocY*46KHNJR22Z3a7T@uJi`lk=&K;nZig1g*=Qt7e-GX z>S6S~6LxmxIItq}MhBjTKgH9A(FOOx(^@(fOs%mz%`w47bLm>Uc>JYZJVwfmm<47Y z1c-T)4&WH6Zc&JZ3?n(%(>(po-UKr6bACE3EiXXkI|{~xuUlIB5d0`=>z zTg^#&u$(whCopYvs?-cOHm!?SMqC#^cYSwVeAV<$T}%W_gt&FgoO?ri7cZ+#A}HzV z5%h2&c-bM{bg@Do0c$NG?c=1F8#7{6Z}}svtGF7&ULJz*VBuJ`k&|KXnvdD!QbeQh z>MzQop^XIpc^8K}t`phCnOhD2d!bIr>KjJU5rGs|wZcksfWP58{@S1;$ESb2#eUt* zU-LwfaBe+J^%FjnQt{@YbAl92=j>r$ThcH!l%%y;g|^z>@2=NDZJk=@#amP?S&pThgE$oj$hRMOzd)VJaY4^|Fmw9Jq#`P3bFaj~_7^sd0F0Zj|)zKYGiQ@FHj!u2l zdw=FqMop8sSMGEOTfabiQoyp$m8No#IzZ>5mosG9AESe6%p$$#pz~ zHn--Padehlz$MIK2Y;D}|BRew?0hHlZ1k(@_$6?&?X8Zy=q{C!w`y#b;gWSKCsLpf ze?}|_(|^KDqp^xAGKpqraTJ|pOv6FA5tY2(KqcIlxwXY}%HW-$c>} zdfr-?zn1h5ZF*6D)7(8r?p(UWSN9o(0P}^*wzEUFFO%8Ie9NBrFE9S4{}lQ2Ut|{Y z&;2f=KlyHZ)8+ok<^H-u?zUuZ-?9a}^!!0l{;Ij(WWavD+x|p0`qx+YyvzTY1?FnN z*rz;Mq<6IEkA1G^Z6K{+3lXx=-E$C^jvwktSgy5}zv1_ogl%wv%Tix!^i`9Lzaa~Q zxn=HAsjoI~(0;9x2U7C^UTBNl$c_%&%_UqYx?5S7t6MrUc*J^&o)zoI+1J6XbKvz} zz?NYm81W;=>#VxP=S;}*_PgR&;`6N>sFa^gkn@r&xj!n z3`0W*PvchB0R^{Gk!!qdo*N9ksW^THtW*~H5SUBSVH^qi0%NxAZyOmu9gYDOmxn;q z9uc5YAwyu-Tlm2m68{>~n9VDl_RT^?ey6_qcas{Mj+Quh&um)!q9}K6UwKD6D~z?^ z#a3iUcaFu>4!j<%U$7+SCw^||>hU9Y@aqkV;xtG_w0Dn+h_5OZ?1BEeR9J+qlWR}k zZ93uXniQor*X-L!TP{O`zhQ%F??aPX0}kqnbSS58uM%e*d13 zDA^(R4{;sR9yn#2`V~uH)Vh#MJKT4wrq?axMy9Ykst#y*TYN@eE9 zNqn!zgH`|~0C1#bbRK`s&9{<(rwe*DeNdSHl0NL$w6!RI{qXa~`A-S<99}kV+$o_W zC`34}Wb-@2^ruxGcgEk9aV}P;kIkjNj43UplB6xA3?DdA`1fl_u^`PGp6lUojkPF znO)3>1!6dS9Pit$%sRvUDM*u@cq5I?*+({y%G}vJDr;%;sO%*KoE(#*XmUZ{-K+Mk z@;7eHLFbJ$H|^jmp(cM*ya?V6gjw$Mmfq^P~DP``3>;pnmd!rS&%)R8~Lc;6P-Bu<+I10Sb{iO$AOLc_+tq&;0$M zBwcM$MS+XhDJl@tzTdZK#Ey-@v zl(5_l<5MKyGJNbsEJC_@)w)`qVcPa1%0%acuU=6Z0?`$sJ04_G6aRd*CU1qgGvD^% z{7}iazPd@al!Csgy5^~_8~NjJxJh;0-3I{?*%$wrEzY879>v~K*NDuslkt4%v>x+& z;?Qb#9BcQp9QYOuM{WE_Wrn}a3?0^7=VR_L|+G9(OXF6Ses{1fah1hZ}dd4@9W}IsiKBbQKUB$I!D$lTQg` z+gu)~>1D?!cl~%1*NxckSzPN4!}G`C?i=1$=)2Wf&w9=)s@dB!ct*`${P6!uH&{*1ALb_L3t*G;Q`r0l zYAnA=WOnx?ztbC>Lu44#26Sdfkx%=lL(6pUZxH*L$AG5dco`Y|kwM&oo8_z1xnrda#NDh9onW%9P{0NwC!G=Xw&#~C|RET z4UY@z-$1qAXlpwq=(Dw*5<0WJrc7%xJ0Ly3qseOJzeo8`CpxyqvKK%0C)D`CjcIr} z1#6vhTtN=k>(&R`(}QE9dp4PDG@M>_8-l)AS?P(bhx4=_hcH|BkCkPVwibk2d`+L{ z#CpFFEAxAoingoESOg*yUa>)&bSWqnB6D|iuQV9b%JvnjQ!ezup6ILnFG!$D`D#Dm zA-uY0Q)_lbY&`L(W3$$C)?qucN`q0jD!o|gZs@$?efqoislS)yA71+JRp6{wGJ>Zn z<3R7LG*SlAOqK_lvex|3okux1#$q1-eO=S}m{;JC_PQpyTxXernY+NgjN&NdXXfzR z^lEo)k5}aEfjTo?q%++8E28834bid7vI)C1bPHrxJRkVhT6dYzIiX~q%%MV0Tq@v< zc_UwLTpzjMZnJL3%aERs8PSZmPhURM%jYJa!WaOABw`KoJzGfnJ)!^d>oh4BCPsf! z8M$J;Y1&`C(QK+0A^;+*Z4aDC-FEIeR!AH>LrpuYzm@k2GQo`AyB~kX_sa}4eUKNh zYD;CmtU%MY!a)8Td2*_Ve=dx zAoNtyO4W5`oZ|SKOB+vGAenZTODiR9Y%)z6ezJg&jp{p?XEZzeJb-6a^cO19G(bm=tKZC?+UCx($msH1EDuYWxg$;Crb0WmWcScjyLF9`s<(W#vcDh|*S3_e z0hx^WX}lAi9T6OE?Af&Ys3vnnqWNdh?V65 zmR+(jTD?Z7`0h9mx<||33OD+icIQwOc_x})b&+Ri`CGm_wxbvTF~n4L2l1kVC^aW^ z2k~bI5it4PLCkd!W6k!^_i+~~PqD~c1X!G{O$h!<{O5EF%syxu%&zmB1$_Yb1cdwWY==$lIW%Z?5 z{GVM`KQ^biGF8b~E%D_c>yV0N43yow|Iw z05?`l-i>Ei;mi~KO`jh=Di$2pvuPg_VC8U@v)mqWV8*;d{PhN)FDoY!Yvlf}aQN$aN7hXs6wTK#sU8JfM_lnNVagehL?-f8A}wz{xR3XPMza{p)0W{ZWERvr$Dpmz#Ihj(X& z%B5qRW*$b_^)h~al|yI%8HG|>#xKpDDK2C0L7S`czw#|ut!o(~8#Odi&W1?Zj-QvAI?q08{h@OS!Fof;I<4$z#n&^_Sc1~U$xax}< zq?hUCeY1gFZ(tk1+IJ~;pSgUDHU*%K$@(3gL@7m!K|Pr#_gRt`v*E2@s) z2#Ks{vFZI?djIyVCkM}-J~WwDSRFqr2_J3=1j5Y$JBL)qHwQZuUs~izC|6g9?oK*5 zI}_#8|4Pz-D^dqO-*DGHtn)L90+WAHY#QgtJ~N@wUKeKvxV;YcUMFae`#~y&pwh=s ziOsLvO0SloyDcP(oNhxlTZ)x|nZzj2D zy=Ib&0L9-IsbMmC+OQ+v$z{%U^lAv54)d8M&7xCa!L(!Kt^= z>tH@ZXhwf2E-9sXy2ajo5rX#YlS;VAD}meLnc6nb(bT7nw4mP&LG#RSn9~(2ye&9R z&icV?_`8o#xb!5-=s}k!CyyEumOK02MUciuVc$Kuo3G}bUEj*5p^75jOb2oXyYVW5 zP&x%m)4$$8E&hfJ_-cMn5t{4{jB1;#&G!IOv=J=|LVbUFXBOz6+|vGTS5rntc80I^ zDT-m$)aczfi+(}a68>=*BecJpm8QL6W7Ybf2Nc+9F2X@F4l%wnxqEep(!#rmu+I5` zK|o-hAaWkoJ}gzU)&>u8%iv%iOWfH6?1Aa5sX>CyjwKnl6yQvo`9V1DqqtVdl(Qa< zxWT-){##B8Xt*t93Zx(WCGYxTXmEsix~_rDGI6{D5WQyglOZNF0#OB0zPb;EUUb%a z^WTU&D|wJWU>Aqaj#=&a*phUMPNNY8giUCKu<$2XblaND&plicWI6eyDy~BLvSm!?Dn!D96 zhWBO_twU>}Ul*(@e#y7&r2%Yrg)+p(oz^$D8&tSZXuUnT8qp#Aw=o4iS0XaVdNG%W zxo0kf+M$~R(K*HDt$rMrgdW#OU)%qI-HG8^Z3fSH?hGJ@zl=&58q3v=hoKV(_j_(A ziT*Gf=fmjM=Z5k2NJd6hM)0SBA14wbWslZkpbzZ?-N%CZ+s?|$3|jrO6N|c`7@6?J zu2tg7;8AYSqCgBWbB@6r5S#D?QwuZ8F_7A8f5&UQ$Bi{J)>$qUpFH-OjV(GHQ44#edTQ}!0iaw{Y3gNWr6HcF7Ci^8&$i7!n5~quSH22fR${qQ4 z%7t*#t0{?$<&Q0*QV3xwXm$Y-HEkgGfi+ zRUBFW3;GV;>|&`XYgPI)y}@?hG_f0@p!rekgcYya-18N`nBahwBx~(rZI)~|b|y^y@mdA!TbF8Os?GE6dCp zp2^jozSw1IxV!fZE~afmfC(NSE6pTSEsCu<4AP3So7L9I_o;}A>`SCGE5ulK=`mupsUt=W6&_2@I}nlmnLF3p@Cc@5k3$a#nNsGpb> z-sT%QuXkpBAR9YFPHQg4EAEkVBzUT|r&qjKAb~g=Vcvh4UD1*j2%|=O{W`O+4X6jr z2VI<(5x3G82z}*_$YfRWN!xe^G7h4&`emCOvtd#$7pmlQsU+x zfyiV99;p)%Bn;lUT2ZsWp(?K|dbEG;x3({Cf6DqI6kJf9oYpj1E!X~+zd?(q)*Cga z<_Dse=9$4ecP6SP@4~=$7~oW+xWRW(?#Sk{Qxh4jmsmy>KezVN!XVYf!K-ZkufN!t zh->l4fD#mQ;g*Zj>h;@tKj5#K_XWetyBzP;GNx8J$&GxeU1=Gw_RU?Rq1!=e!I5OF z5IB*-Z%r@UHR^HTTOahmyzbGcevqK%t$#9iUip2Uhk&A1?YYoRcL;P}ZH!_nqSf&6 zs3Pws)Y#y|RiQ@O^7Hv)=6$x4CXB)Q#Pz5MdnD3q{x)oulq#(D3$~*f9;Lr_x&PC%-O=h5%XMOGW>HX z7N48NOpwgxl@a4acFLk=7f=-4QT;-dzK_M#_mnJ@Nbv-V)zsA6-`oHs>}A(j4<62B;kvlt`1`|#kz;dVZ|#O~_*8!)P5 zv|bG43u%zvVM+CA>j=I+nEutNTw#4J_I6T_SnfiOX#=TsKTogIeaGgg9Zv1KAJYOx z{0_6(lskU`Gu_7j5A*+O{&y?Qf=8NqWkmZ9YGhmWkN|?OwjAie$^&}m<^lkmQm(7x7iu0T-7oW5JaY_+8f&N=Ml;Ff)j#M&s0D_^ZP zi(9e_MHhRu^npJD8E=HWy_U?;F?o?pQ#`}sCZpSx=FZg;sb|^q9v34Zv3;0pUbL;Q z^0%CoM`3oa?m=8zQG~22I-QN@xqn zMJ-^Vy-VY%i?L^Ky{(RagXB*m%i$HB=yZ1Hgl(yWGjTf_XbK=C6E9?0&=gslWI^{$ zMDFg}({Ms}-_EV<;u|6Wt@})gf*#fJdR)trl0r$=yBv;T<`_~PpKyKqSI6}-Ozx}O zJcs-1cbVar+Yofj-OMc?oX_UbM5u4hCODI~b~_oF0*TpPIm`M%P4|oWDkCGfvK6lD zz0h)q)=qb#`n8^eMEC>cI3u72gC`9yRJkXA!le>&Pq`@_1XCij-X#L*4Twq`NomRL z-j0lH*>t>4;1tphM#vwDr_KIMAa=wt!haft;9e%Cs@<+utQi#>cBYM|tF&pP!O>dn zpQx>6ygWi1ZTMR@bSTNrt=8GTZ-#Smcs5S6PSrH=Bv0a{zv(wt@XUl{GjF9%ubEo3 znn2vnn$`}FlXO=mV(_2JQIv}Ctip_7|BCR6MP$qfPNLi?sdBA@!${Kc4&|?1!v@m7 zUS+?o7(uaA-H8nhoy)V62|y>2|wT_s{Yz5gQ~&41qCsha=9vpxaN72^n2I0ot9!tsfK`?R-#NGfRWYJ`-V@`dqj1vc~Ot}<^?<~O#d2+%n*5-k28 z`K@dWt*?k$dYhMMsNJr%um0GL+{i-`OyiG^?#~t=uKcs|D`MpVyVa}*P+!HKzZR@bsdLn~MYXE+NIb^dn)s_`mh5K$vK&{DlRI zGJLh`d6eK}ovMwBN;Ni8&UHgb*?$Pkp)A#91YO4fKS!&2bxX(o&`AQktj&4vNdw}B zAg$TgucVm?+dq}jD;oT4xq?s6>!M$Dl)~KjaTla*-Opn; zv8dNcLwZxctPLOCD(MfcpjSn#PE9~3o}TQ^I~}|xeQuzP_sB}MkRd%Y(?{eb8I|c0T}=-&h`-VhLUz`FPHPxUNa%z<(nRuNNxi4wYG@lwQvaUJ;v})}>2D zhFHP5Kj&Q4jLkbG9TC>GcnO%Ns7RCQ0r4w)*@pAs8hu#E2l1dTL7bw4Sk-HN^-ojr zk26>ZimB@UV(|_w4)4qI-F^=*Ww5{32tsw5RTPnG`KrYJ$yQ%1&`4X5m6R^Y3N1E! zFcpIP;@HGYOiEr6vvO%|>yOQ9hQDQGI&nRK+O|zr19W-ht2vv^Nb2%OEQ5O4&B-Kj z%bVl+#LI~8L26TEO@~o;**-*s8+ElhHj>QyU+UB@-}&uhuVc^6<_K>H)VG^SgvL=v zJqU?CUdEpvkLZURl@hs6Y>S;HGsLxqFtv{cv|gC3#^{tOlF6TlN%Z++msm0+#Pf?i zAU~uOHwLW~B$&zjt(SINleUfM-W`bvHNxssR3WR*Qr?}dSa!FY`509-guT)gmG}cQ zjIurP3mWkM6^$C+z8C>D@ag>uMku9-MgHi0!n5_#RBrPgO%Th$D$!~E?2fc~W~%hs ztY9yZa8Udz2p&0I_2Sb%=3(%VW8&GXe>1wtMc zNg|H6K)%>M4CnFh+DjkFWBikzpfc-DB;|*^a-49Xt|qP3+QZ4pMr7((@poup@CL6) zY)R%Y&XZzpERQ^_7FQ6*g&z;^{dsiKr*(?$)e=^h46q$lT}ZzhXuX-f%@SBMYx~3! zuL8O95?et7VkFO%}T zu3C#iuoX~DNiF4z^w3hixCcM2Cs##7{r%BPikez`gg-=U8$J@W&7cd>V3lN?c>UIugRm#ZG=Q{=U9E#SLwxMTMbLu{2g> z1yA${cMRotZSXjuy(w$ef}x-op0y~$Wz0!s?Eimd%p#-I(IGfBM&9AjaPKhZy^G+& z8xC)sh}a(Qp@8_xXzfSBfiP!qgg8qgF1)pv)(21Wpo)IDzQ{Yi+B-N_exyd1WcLSoi zys@rvPC@)*#s^#wmzIFf4D!u`vdYwKAQ9QR)Qgza%!I){`1Wn1v)1|Q9wbZKnjBy4 zPk4}U`#mS%nX&cwDS=!OSxD0AB~rORJ4r&QrC}7!K^`+>HS@&iU1B!yiD@32y=mbw z(O9zDSNCVZ#co0#+x(iPe#ysZX`zNjxMd%O%Di`>5~~&s4HVjFFclITTm%T)$ z$UY@V-pn9mmiZ1_Fx% zWEum4Yr}@PU_riGZ6KMs%QS(nsfx`mtccELX^+j`%z2mfR|`@N7Qu{t;-Jms0n4cZ zj-G=J7}7MN(dtfzzdxoyH^-l#RUgiLn+(Ch9uH%wqv7SO_v#vXBvn+>zs@AmNgFwe zsPT-6^NR(5Eqqp^+4_Vn{}ivxGs)d`nRW(F(p-}t1>()^3LMy8;Gus{E3owcS74DX zaOonTE%N47%lw~HA#%=FyW17R8f}4K2y@|_NdnOo(w)r>j1e8l39Szf@;Wj(;G#=K z7Sn5~#+;>8M`hyAuHYe>H(>{N#nScku=eMCwY7Y9Gwp93VE-CcFTO~aH?n}69?#k-M>Z7F9z$V>lvEg;;z$5->ajdmOTJUnD)4~*SFyAx)`(+-b+Bh}ajq46?~ z-^+1O(P8^F%nC1u_h!z)eWEQWi;_OyVn1&;Yx!)as4mQIDGFf-DXPE_;&jy1%6uRd zBk=vPOZl;Cc)OJA&o^cjhm2cS(>cN1s>t@%>zOguV&Fh67*+I0Mn)cFzJk@xQE-A3 z`8g+eoN*ux_XMpSCa7!c!Lx(Meqw7?VM2}6>pgN(Q zW7?1!^jG{G<}t8y7aVrz>eW?|ui~fiQ6}KD_!c%|!la6bc1Huz+@VhE z{2XSPJb(C`gG0y1&iZ=LW?iCln~pvC{y7pe{j5z>BBRO3g_NV)xRxkbEgrKLmPIbe3ABtZ zR9P)Oi})LeNvRo~=k5_}GP1@nN%(5-ArsD%IR}R>^sOvkAIqunt*m+@cDMfv2L8%Z z$XfDctky5TFJILvzAcIMj`&ticq;b%*#arq6}$ax_w{vak1Sd1yL}{uT6u@@iAPXc zj}dl>d7vs=zPX2N&R-ork`Lj1xxP9Z0?fDa`po3Lh`!shl*za9maNDgcU7YAw$H(& z(zo*L?6SzZWZGsm%(wEqoX8u=Bymk3)_WQMpBq@oOU5t@^yJRKvwAD7WlU!73^eU2 z9u+$+5~9`{s?z ztRJ1}kL>h^oAwdFDK;{zX2?mQX)fiv;Bb04JKX&3pw07g4$WCVEdQp;0P>sV&YYel zID)PYZJ*LII_o0(&R^0LJfJM{S|D>(U_f(xf2whxV8*{cp4^i)p&wgg^CauA8pzz_ zAMg$#U_HplDhh~iqygrHvpr`%8y{9vxUO%hjvqkl?e<6H3%n`0L}pbde@3QEIl##I zlI0nD3mg$C-`bi_?`<`wR%-Q$F}-b6VQJ{-=qNV3ih`$ycOQ&ioQhthFiIEn!hph7 zXELId(gyWKHEwscO8+>|M}}=et<#L*0vmqq{C`U`LOrpgmSzM`X9E23h~xw)>-cin zm~r#c6!#<^SScsuj^iI6;vpFXzzomg2QOsK5KKptEk^;HR%l{xTHE0;%3e1-t?aqB z?8_*-^&!4Kmj3lt`xVE6jMm!a7x9AZmDBb!j4ur@UCOvz(LB6#nG%)0k#rq13Pf)h zVzTIS66b$JqV}MVv%vdIP`VH4pOJ2-!hPm4FKH7=W&tY=WF9*m91$ANho~QLESq+W8I@K@^VcgSE5{gVCDrfmXxob`KqgadVig#Fa_K+MRAkZ zR!0LxbKGJ2kfb$A0AE?`zMR%ES3m~l%mH>0kQ3A@jAf;$oB&Zi8iBACd^9taYbO65vct!xb z2^&WH)|&0?3HjJig@@9q}~*3yMqTEzvl z5v&ex1R{hB-1mYeTpPhOleMfBkaJrMY1Q$A*kDOZ_@|c;y-mvyxBVOWXZv&XHYt(G zZQQ+1{V}sxQ8R+g7rsI|Iv~_mxSTmh(rIL{`=8=(jFDW4BlLFq4 z)RpsR@90)(RRSBV7bK@1Hw~Xqq*Ff~S#rgrH(5yQGSNoQ*67-L6 zi}Yi&#|EEtC7VaT_zP0BC9HJ)3&id+{MfM|-F?$L?94X?BH=IeF%s6t4(NIt^qkF+ ze@*0P=rEB>^C}`2V81z+rQW5*{6Ekic|b#>BJ#iz_alUOTjYKgx}UA?XQTTO#{;s~ z{WQ8CAwi;$Fo#Xn^O~y2mHoBBe~K2R<75w#7+ZKbAK??QDCKurMdXe<$t1Dw9slg# z`ZM}*``~0h-oa$ojlgw{RQ3?1p+l|(sj;LgJVL-%mizoec{F6S%)0cf0JpRQf<1@3 zZ0gfkHoWZE<1hi+R4Lb9>O@illr)LovF__-IjOHxNuB6YZ(+6R<(Wq6B&CALP>aZI zH4f>ir26XA=(y%2&{}?47sR?3VtJEcZj*9GMl+gnKSkMAqj>BKhCG(?_&L`e@yMal zT&+%doLJE^dJ@?vKldNmHfbu48(G%!bsCQqC3>`2@s>ElzSX-NXVDPArdxK^VTixI zy)$)6QUU0Dc7^g=>fhhuYo(?6ZOnCD9`3Vl;8=7Rx=bl%6cUf|I2h%p|DbhkBa1SF zCq=?y>&nP;jrQl6wZbYos&o)~hr8a*9wlZ1Aw6EZ6nQLkxTBqNIMYxT`PkB{s@4cd&mJTWM( zNyT|XU@o!X4DHv*;MopYe+zehH2P4Q8rn)La(s1ouc{KzZ8n6??1Ub#} zxs)z8>KYP6PH2n2OJ2Lzwn&G4`A0!4HOm*Hf;5;OghOWj_ebjl7b$0>puAY|PF*=m za93YUe8@$_hioK19x!mj@G(_iBtRsCPDtXbWW`Vs_97C1)BN`Ar#4&<XBaw|Pg!rs4x`{Xneq*3{^`{hz3smLA?Yf^^mGTXt!vNZSVLH@Oo27DJZujV4XP;62Nu z&f!EW1~(GNGNoYa+-H7c1E2>F^K9{*YnLU(gIqJ!t}*WTkU~6s^LXr(qizjpaV@p{ zZKDHO!Q=QDo0V$evER>8`vAaRYhVU7sh* z#OQUnUW=!=6{o_SE!}}x#J*=7cw`ws#hp9!4}69m;-!Cb)q-Lwa4iO8>1wzn9UF0c z|4IsCbQES|cH)ngo68Yd!9!Z?{L;_XgR=;eN@83oa$}_PV`N?WrMZ2II4#JMw|t`~ zU8Wc31&?xh5B^@>9?pd9tfJrdSJbTM9mTH*zp$0;oU=~%)~<-Xu$bhE*gu!(2j97h z=sk;gWX>8`#so=0e-(nY8EF-Oi+viVQ01-({BR|HdavE4`KNP3k5}*wolW`m z&npAdf)HkcW;nOc#)++{3h$nf)NZsX=Ba}3!~156e6}1CZu6=w{s|nRmSg6})8$>g zwO3|kJQa9|)^Q1EqII2JKSpjEh!Ud#1uF;K^zW(s=!0(MIzpHKM6xx<9*?8795GA5 z%~GnP_n#keqc!pPrTDD29}x4_gV8x0ELc~a^lR4JMIGJ(k+-Yk&maiKLl)pt)PGzZKo^Obs#Wd>2e_`O_Lc;utzR{|M zZT>)ED1UKYups^jNsG~o9^_YWr$x$%g<8Ha5N)WTBy**Qgxqf;)vplf3+eUnRFGh^ z5x1p^=t{xCV^3 zbt(_*-H6k#$ki<)vIo|VHj!Dyb@8%yeBIh}t*d^$*w=JAr9dVHiz?6rY9I(7w)AG* zY#C`Z{h5H;NU7brOtk5%XE%<>4IPeRh>d9V{WhDV^!~=fQ8O&0E$p~x0J5^pd_Yd` zH?jeVZtHm)8F1B$>K_v8y8BDZt zVr)=g@@(4arLr%WUO-QFS1k34j30WpThAY%1d#^Pzk8dd3-3hgpGjai;z~912o2Xi zgI@RcI2ySSbyd&C(4jya*8@Z%YorRksNrG0)!`W1b0l9)yx=9<<73?6$IFsc*g+&L zJbfeCR7WKGeF-Xk%T}P!USHpl{v6 zVi9^f|GLKq>T{P!-Mir>>pPkk#+vkS=YSQKnIjB^WE?^LDKjy=Kxp$M(T`#4eMjHcj+%cnfq*>9}Zgda7 z77J0T0L8YI5*xhv6+4??fB54_{ku#|Novo&^|wUi*wS?ix*(cGVyi>E=uqhdP4WmZ z96e;6zkgAv@45wNsQsbw@%_TfaYh{LOIhm{jK(1Y!8MIjOOXDLi2K6J*V~TrH!}&b z>yJ#k!#vEOSagnD2BIOOLJ1{8g|v|Mw6r)>7^&}w%?BY{ifL82{#}1$LdkA#$FKQ9 zmh3$iUb9wztzD!v+d+r{S1`~Lf8*<{I90x?FQf{wbHN%nqYti*Jm)xEw+fy6SGJQ& zq{&%~+nB1{wdr;3bfVb3&{2&3rNu(DrcY&Ed(P_|GA$1732(bQ=+XGvZXl$kMJ!XYEpJ7^)0jv7%nbxHDUP%At{)ZMNB|u`lhl-UIzOYXfUB#w zSJ!%T=O?NwxVL8IjDF^DTS;Ab^VFwoBkNy}53p_L(D$^4I3q<8{Njg;3tp zHge8k8ERkLw;{Y&Gk&_+%IUc+<+KUfRqYGv zX@$T&@5%au`>M#_wN_Mx2PLtRc~wvo<#0o^aQ>j=IS8%X{+7l(y8n|W)=-;0D(kGH zFoGIL={4<21OcmKiSnxpp}t}P1CeXmls!_n+jfD#x>t&PO>6j86Aq*aB7h(9Evh4t zx5606n#LJux&}IB6*EOzDru{_TV>U%7K`IM3p1u+bdoS%-el?B3o$F0{G+QtdZ>Mk zP5PeIL6K5nJG-#?jLB#?^%3UU4Vv~d<`6K#23%$Xrr&4Hw_3Cbf@jc3;yJ>egKj9m zivbeMc6HPpduDgkYIW2z|KdC=*VK3SdWLB|3^#Ev(GMv`Xefwfe1DO4$A0`(M_B5Zz!)-?a@jf>6241~TAFuEP zmNRsWTQKNoajPI)mj8rZ2 zTC`>9JHaukE&8{GFG&tTZDC_1)?CskcmYYJk71*0b(bT!nS$MPKj&6z>2Pl%b`69_ z2=KkLSl!qp2)j8Uv@TYG zT425+Oo_sm7R0;bqGLM%9o8mh;GqEoCS zJRC5M!&MA74KY4TgClFphXwIZwchkf!?vr1%^J0su?{@hxYUMA?U}(XpzBorks0M5 zUR!=yL9kR6JU%Sd_yMU3U}KO)xDinebb^j0Zc#<&7IG-_KjrBTNI{_X9cW9}C?-cY zt|~;*lcNj0T&K>B-Tf=Bgtpz!MfI`OM{c7UZ)p3up?#w?)jDrz`2YO(uGVnU9q&;iOcegHjO+&gM*22The7?C~ZkxpjJDl?!Ihkr- zuQBy@W}PNZF_u`YYoL$PS4A8wZk-z19=vAa$IL@nq~0>5 zYmR?$-tMqbUu?}m-wDUdC8Iq^KeBPtW(%C}=;gJMBeYhwgssTjS|Lx{l@M@9Vc5V) zI=J}THK15%RXpDU+^Kx^IB<^3bdYo+s#VNvtga76Vx&2d(!%q(O}Kg8ls;AEYo_}M z)h6yZA|y&pp`waIs(nO#Y)_(+qYhfJ0J`3v{*mkb9bE6@?$b{EBKmtP{_Av4)3G}K z`@1~j`~eG-9J6GmGk#q$rMi6ibU(*K#eLA|C4UjG!GI>rL!?2v=5MbS&yvHbtzbW< z!Cuixa17jfPIOh|{2~dL(5HQ`!>|4538YyuxAZx4 zY?ZwHdN;?)d_gEwP!rjmnH?%L7f^y%%UDVjcO#GgAfTuKI~VLt*xz@0RPgyPFO#$kv!*vs)RO(9qISIf^`7{W}tt@T%(YMI{;pwna?3C56qm!fUbO=(-J+gaJ-gX&d>dD&*X{cHExU)rBfkP@5 zdP_@E820}LSvZvnNETUcq^$piEY+Ni3%_MY=Xa>x_8&0c+#+B#O!k5=+#Xeje>AtV z)zD@RG(35Q?4y6QW&!UENVe&6wdrCZYfHJ>v?p!)|J0Vb)abQkVa5M$i$i?Z7;N7; zJCDl4oQgKzYtmp#L77vZ)1)dK-xEk6fE@I9RxOw`7~NPxP*$&?z2sv<$GK zWxYP?nqzrSUCH^4>B%91t+zCjogA#WQ!EnM&(_5b@hicGMb36&?v}E++Af`us(zBH zue4n%b20PQW2z`cKvNnhmMlbus6Ernvajhb@?jLHiV&Eoq}a7{l1G5BE4$mZZ5 zfE^-+(5BjsIht8P0v5cWqCO6q~z7RQgHj4QE!Uv1)hc10tJ3E9;Mj+DXN zvzOf=9N?yxynY4u#QuO3Qy79Hd{e+EeZL7NOw`V zG!uZOP!1C?8I-v~On7&zD@0FPyUi7X zM&HrP=oMdJnN?kWZ7L~)0VvaQ;7yu4cr|xD0Lt>|K%Q_2#Tq>bkCWT}{zKjYc0%0we(+SK!uNOGp&Chn7)X8KOfNTM*evvh&aP z&|M5zIf(SuFC5lpS@&(wAo$**G+7dCiD37}8F;e0FG;E-p^^`xs!h(w4npPv#&!<) zQ|EwJItLuU(&Qla$~dKSz$fU8U5X=+Dp2jaN!=E*2084RNRBNX@2I#yee8auis|wR zc(8N8;?4nkWWh+5>pKTLn+gyF0rMH(+k{|17W@>~Ck6iu_U;J|*d>RoK9-jPMsfRQ zeTB2Wbh%|Z-=HK!jqOF|4_gIC1>StB*Ow%#k3~Gl>SJMMwF=8za$;}%|GeasP)Wv; zGn7wn$vJf8|9Q#Tg7Ck2^)?9qQX>8b;lE{Dd2hM0b6)Ep*GcI#TaT)Z3}?bZ@xxQ> z28$10Qv-8e4D&9fqVvw!MEWphvvweLS6RY-kS?3?H8%wA23 zd5@`tPk`zA)cgSB?Xi-Bs88&1=3Y0=68!i5+4~2i$a27v<;@0$Ys>vvWybz&+m!fD zO0&y{e}`m0hSiU*lh&(~reY!XUn%i6+M7sk2ZmG2w%glji}CoYsdaA<>$+X{#E)x> zv5Y=UEq!Y_l5b&e?wy2vreJqFj4uUy8|G5m=DW86_}DbySMC4b0N?t4Vmr-#w?*1= zKe0m^2@VE)b&B>A3yYF15Et(4Cw9uE1)KkF_Y*I^k+q*_eRNyx%3!m+8!ZtYm>Z#M zxZ2y42=-&`PE4a?sr!5Ots!D$-VTS`iQ9HN)%nCTA+=RvulQ4Tn%Idz>(brn(oy>F zGv4uQ)x&2k%E=jcU1itO1LaAPnK0S8rTJ_8Nzu$?s(_cO9$mC(Z5heZG}Tm~?({nJ zV6i;I4Ms%VFpZ$8vcT?#ntaLbi>Ujq;>X`|g}U$Md(=@W9snxs%q}`}4v)U>IENw2 zx57E3rlyYSa@P>|Ygr$17&TeqHHDhiwHIOBAVd7a%}!u&(l(5}WcWkvmlA_4>IRR- z5pl@z-5XiiSUj^9s-N%={l>!mlU92gg_57{zpZG z?d5a>X;)~ZAPki;8L{Av;MIDM)zXNebFQU`_&7;R%qGBdW>oPD33au_W%$W?VRCht zJHD3WRzM&=Mso7KxgyBACY=}LD^x~PUMS3Jik}#N%gJiWIxL_l%glWQ@~8SD)JJ2s zJjrU8c37|MU1HYWWk2h568z-Un}?rbV$F-d17=O{W#f@K3kf{$pJ4e!$KlYlJypO_Hn4FDrDmbjHrQ^XyoFYZ8!cxiOzdoX8>zjm2a;D7O01r2b{Nq6$Uh@ntUe0%?k!}PbC|HUf)YA(PN zn7i87;F{!PcyPSIkN#h_x?ae%>#6Em9{#IlJ^B`smV&F)Rk8)@puC&fhFK zq_4rPeZyVDm8h^M6$HX)D#Mj*9F8uKs%l3%D)BaG&{I7&_D;|DVQS{4j*ASoEu}fz zTcZPB@|CrNA4{C-V?D_1ULCiNI2tq$_9A^hy>zcntU_av?I<;!ruhGmW{A@Cq#P?e z-)d0^wYe*RWZfFMzgrhK)Gs81#m)?fP-L|QyIP1maYjbu=>HZO=p0EG;T5eXy?>K> zzg4||?QO}$$k+5V0i4s2KEd?Am}NzKH_iW>32E2agBorGk8wsIhF^$q;fP5hvq9wUk0(r`l%^?#A0Eu_C~GJ zsx8h~a<|{>;IW;4I|wMmMy7{_ZlyT_+)1+@$^P+0$^(&|!W;JOB9#rkaDsh@wKd|R z>?c%SOoGb`>SO2L1u0E^UCLL+jP+#Rd)Gwg2^8qg(LFq8hOJVB`&%~hYl@-*czO@1 zovj$X&XTQ!x$RPMqtoRT-U^-Xt-vs~)kUug!IlbD_|y%|C&N zrVdh5CGGmRAY^GMpH>h&K@D1Mt|N#BtyJUIS}wq@9K-9vat`hYeH64}ZtsbyMyiJ_ zj?qIusE2+q#{3^UPO#+6)A&6vt8PV!8-MSD9}R?}7wggq43o4-7sM;n5;?wj zLK8#|h@n}a?a&!t za@$8200y>&+-xaRQrd~cS`h`qhgE1w+7InQK~dKc_7}vnN{XH{ zN2SG|wj=7cA}fY1H5=Iqh{r1gc@S!RV`mqBA(yA9YoxpIW*^}V`u!ON?9F9jdni|B zW?I+Irnl;28^X{Omq_+4JERghL!ifPqGcp<6V?-LS)DQ?EISQfQ;fEO_3!61ZbiJe zo~0ps_a^JFRub3A{`R~Q!Wgd!%&KVL$CWfa#D7wHe>3Jrnq5pT7);5V&Fd-|Ds_q? zBBavab+-U=wD3HYAq<%}RdsSgkhy-jO8OhNSHNbOaesCyzfE_^@P6Ef+GN zwtJ`!H@bZblrfE4S1ZfCO>3lMNzPe2V}7ATL3M_M>TRwl&49|)H<`?_b7)uA>~y|j zu>9fd$2m*P^gl^HDz<*A5Gb*P0i1jVqilWxHnd{rz#(bSKQ+G)z{G_S?C|_eEHO_Y z2w_&9q`Vq``FjhEMJtLnFj!JxD*uL!HlACO-~QXIa1UDoRdJ)OV(R_a_Hd+T2UpE3 zTMfS0>vWi81DKoXWI%0ksOD2uxJH-(t$u+`mV5iTZ1evCX&&fGe_5otPCb0ztZbx# zSxF(y6-t^$nj4kASEEB3oH?hE2EWHviEokSM0#DrGaqaOX%12u7HOtYvWGM}(QnSe ztSpH%y|PpJEz*RQY80u`NYi*hC!|@{h2qmlqq8jLf@`-#nl?ZbRQo!p?oqZhRIa|e z$(%x(VN0_;SXfmnmp}ERgOD>LWDaou(*;R)E*;@#8>j*Y9>M+nFVh9QV$SS*uQvDN z8&lSq>ZfRQ30)`q!0>TH}d0TruuvR|F$ z?{;T^1o57SCpQu32P><(FF^N+U3){gl~`OgGW71$e*@jkq|3mdf#f!O10C}(_8w_T za!Ga)9m+C!BmwX?4{#37Y&17*urnN82oB?pW&=XrgOoQthk7aRk{R1*{Ec9S*Z6Q( z;Y_sePYFa9X$1Ev|4j0W&o4#-9Y2UfZ)7LxuS65QM0XE`K19oI<&SubdFOhvkIs}O zYn$#gcxLd~B72MRSAC&sNH=3&Y7k4XdHR|}26Uxf@M?l>=kP6Bt7PuLFH zA8rTOduNv{k4ENE@+ZgHVuvedqk#$VI%rDJqQ!AgPtc+wjTT4JKo2eY*}-Xb3#&cb z!ink4U2{wj3IW9xS_}hCS%Ac6RE?bW?$oCNX*y{#T2&*E`T$aVFCx#(jx1N?`f0X2 zbK{vAlFiHxCg0HPe3i=gGWj%+hcW3Hqv8C~+OP{S#h=Swx~}Q-$2BOdY2pwpbQ)ZCGqn~4$>QPHW!|*C+ z4lysCC5pJ%UIllFm(?5s&SEP+t-dz=M2?_!MN0T^phf3b{EgFcazpT>(+bR4H+uAS zu~{9l>-k`=w)ysIwIcry6Vt?V zn7!^s!(pfK@MQ1!R3JS0{ABL#9-EmI?b()I%{~ynMUQQ74+3I&Ygt`ux{B-} zay%z}ugqWo$v#iC>i zdo#nDT5h#(A1$j4ruL;M6%jE+j^PwWpAyPl8|(r7Sz!8nkLg3>qLjyyAGgSMlFJsY zz_I{PaM5u#d2C-r``$ns>SG_nHP`@ZrUew?T9B%(?hvFBWJY9B=Q^9`sM}qgH+Rl?en#YRo$EX*BQpMRCx8yf zh`gtB&ZjO)*EyhbowsI0e$u%UCTB!W?p)^|Ga`p{uJhU5(se%8Ip-Z2kr#BXbNGOC z&Odj~`SYxeTD9JXN+kWj{qciNeeqL9>DzTKy*JL;lKp>s=hAaBa?Zpc&Q2y>_aF@Y zV%IcW<(-S2o{{tD&N+{8K<|+O^gf+|uE;20MdvY^U~@X8Ikz*=d*y9Xm%LcOAI~-3 zxc583KF3D70`Bh&-dA010T*U~*R68_3o{@%y>kH%xdIN$fZ)i^1ssq8!9O||Fwqqd zD@>1SkIn`7Gaxvta{=8S+n_$UIim@cnAv2FUo4}5d$88aid;O~7O?7G{&=0(rE>w7 zJ)lU}iKlihpxG7R%Ya~P=K{{lfZ)E)1ys2LPRoEGzjFaU+@FTvG_L^h&^lA&?AzCx z#7y`PSfo9%3E>9r(&}MLVTG|msLA1>=JHV`e;N2ZXpo>lBhLOl!Ll&nuIjwL~D$cB>`_+e)XGHrW` z#~s$N^dvf>Gk{}yqzkyCa{;4V0e2Uq3)uX2rxqRvcvR9&f4p8ey>lfS5j`ZKZ1E~d z_ril!S-tQEiM?L9fwW#Pd`Rdvd!f~~(Dm}kof|Q^(DuR*?QT2(=XGwxDBD6;z|Nfu zIK&ljTlaJU(Xx|+W)^bnbwSn9YxnLO3Mnr5a zj5+V$&*MhEXx}4#?V2<1Z1_rPU{;!<0cd%3sF@W1QR-LR`zv~X-o1aJ_b1%@uX@*M zebN`L;r%xEzNg;9?tMSKPjl~o(EDZXeVE?Q$p}Biy`QM?I`=+B?{2d?;7+}lx$tN7 zKGeOxrS}2u{cXMXcJH6)J>R`=*88vU&%oLLC*I}gllO!5{+WBP)cbqx{V2UJb?=RO zf62Z7u6KJob#y@QwYdWjubKI-XN_B-Ou+ z=PDj-;cdHa;4jkk#JxO^^336Ro@W8iYdr7re8TfJ&ksCyHHzea_Xh|KLh!iZLmWEWoP4WS+7)Wf-KjKk*sTgA;(rN+7bMtoqwi2>CHViaat0 zT=UNZI-Nvt#x3&KfqpF!JlO1eyj4H$s{{4~BJJ9r5cF*3X|%~zN0pFw4FSq~g_pO#@{TGouMkew53#A32kDVbg_S;K>TQw) zd#%@PBD`N9Y>HH-d(FdDJ2s8qmPW@Rq$;?4pYXKhfk?$&&+9f--CfIli)PWWvb~J@ z3%KUTSH-0>EgB69D6L-@-hko|9d7p-eFJv{qInGnxcVF?%AYqsWr7^3sG-2dwhbus z`UAhTyA_9cb!;yX%=gD(ZPiv#zpzD$MtA7&#N(~y62ME#q0#K=5ASZ}@Ya&*7ifVK zq(#ZodNn`(mdE)uA&jyzEvb@*W)hg!hF|lH76ak&Tm!JqAO79^!c@=&2B5g~ufalj zLoHS-!wYo6|piO1SLvzch0;|Kzn5#NX9L6d0lh}5c8bU$r4hoHlMwr z%}J#c$nG{|f8*D`$>;W}+^QZwHZJL+IC772o*Ym@puDz?)pi@venOzzvXj&h59r?BuB26|y2=7aY5RFToQTm*?`!D&DjbFsl1$E4=X^tm5eQ-D(OaaV4;OdD|BX{@z>no z>HKyLU1$d3xdOkn+r{>ojjd>Uf`jX5NJ_C?=p(`%@s@aWnDy~g88o1@nj$kzZ5(diwoYG}L z%indXbE`MspgO+zLipcqR=vJS$_;CS_zV&A?8y(c+NuUVG}paDLaLf|J7E~{;j8Us z_l9O~1#dLv!3Vgc9+!dZ+}(HmaT4ZjD@NBw_iu8ssJt~QW7ehs0lkM5$_%!EGFCMbcO3P6BZL+T5p-Bj@Uumh1JRM8%o*?}!uXP%$v>66^8{2-idDY?HVke2RVKR|jnluFd7IlB@ z01{}N|Lf2eeC~!e|F!=ywEyb(-$UDeU)Ip>by%vqG_;So*ks53Wy_&GXQ!;8{klAv zpP`*4QYE*lTN~Q(jGGVFy9bKnd!hIT@BX>MrWrnIdLEfyM$8<}KJ z5*>)A~9dx^d|yOpNiqe>W*Dr*@>} zX^zw!@T|{vB?!w7IhE8UUA<&4W*R>h&xtFw5S&yp@E@PrKk&v95QdPBSAh5Ch&VXHarBNZ_;? zIQCHyMJoGm{FucTS%yIK3>&MV=7$C9IqL(k51zfn)F4wjt;n-FmdeW%{#lk2vOCE< z`_76JIUNlQS|K>FUR3pDcPa=5Sn`rikiN8~C+*^1xg=>?hiT#FE}@fc0a`M~n=dXF zZnm3wUniH0=LpFp_!IK2MYEiupZHC()6P}H&f~}5ay`GM1XVB_c((umJKhHoG1$-8 zt`v~$oou^}_jH6elK;%OltGL;_qC zUh1U_M`ctIe$yOCdR9Cc**B^8=dUVu7uWQrM+4D=3+(MQ;K2#NLBUPmv6`qsp;PgE z%SGcj6STDh#2FN6ePpL?2BmBM?lfucxxp{`tWua=ss-Ydp$cRAJ~39TAt$nPPFg7 zq^XTW)l2>p{Nv4m+fgSvLYp-DtS;a%XMWWsXa0tPv%7^3*JxvW7{OAUtC;W_t8q7T zu~vxhV%vUu=eW?X){>!FJJ1Xz_EZPrKUM?c*Y)t)ktb9Xie5Np#J|yJgv!9c-q z7HJtTbt_y+1Wq_XBt5UjVU@w%b6 zc`41RiaczMff9?bJ4oWPISGKO!k?AT2jNGM)ptXG1~h&i#9}C)j;$1(XoW^WEUa6B z^%y@%yi(XLJBgN6f6JZ#V%}Af{Ydh~S6QX_ZIUu2d5R>E3lYj+USgtR{{^GpO(J$Q>CEI+U7UJ5ntxB_796rng2UtSXtLS5+&qOc z8aV#lbSy92aTxDflX%5{eKkIzgL$J43$3XQ$MG%F78tr#hNyVu%|Xf(<^}>0q}DM) z9`>s()2nMIeqkN^N$fC}@LGAmNto?E?~+qnzDmvu=s^mKj9+595D1FyD2W2aOd>fF zg#}Cr>yp!)WdmxX6=T2D+&-tpcf(zb3q+|PC$xi^euU^6<{_e4%ZPZnA3v=zek8Mb z@f;y4dw;tJP)56-Wkyz5X6mR45v9r^e{^a|ZtM46uD{q^cD=mP9&`zEH(+}T<&nF3%~?T>=7tm(*GTPY{kB@3)1^Id_sGE z3yaUwoVyx1fLqje6cqQ-0IjBOA^rVaw~p7x)_QO70@1SNpVNrZByZKG(M&ko_OIBC z>7rron+_pNd!;xqh1ydGJJd!e^)qvc z;WQr@T7$J_#ND>CgTx8uZX4zG&6ZMwfodaO<^7+`L; zrbL$e?a3-$7x{BhUF5tGb=%=h2}hB*ENUNXLFEfi?z)E=8D=qGT|&JXjRCwNuHg2* z;+#;PKRnh(1-p@`B;HrQS&6tiM~O<5-zFLo--$$=lS*V1H6&qE4RNV(2ih;rLNT`A z>@Fb|oMY%7jx#l``kk)oN1D7~PoUIXX6S0R8^`T0V>uKtxm5W>eIZ!5iVg0~7mz{> zN^?T+N$br%G)APrr$#C1E;!ca+HCG-yUZr;iHl*r@w#-9eTy8f;oq6zeU>cdE(n4R zcYZgMGErpjWil{^^3GDScgnqF463TTA2{X0xqyMT)$Zo1UOhD{^N^firOmhRu#_@;ILorMPw(_jyfgAx&zRzh**J;SW{YcQhZz5P zw=g@d9;L(FUk1-I`G<+{jw8A)c$Q>~&lAOg7eC9SJ&j`h)3gvMj=$%e94V{0+zSYXCXg$Jt4kk|#gW3^{Ff(59< zKkb^+dNlCY$4)rI3$?cvVy`tK+2u*Kr1XE5hPo7u8;T|mYW2Ex!6eu;o5l8MGRwVW z$?%v1ovDQn=)?qqZqAgmNw9wbJs6!=+50bO9EVnWa+yj?t%612lkkp6+%`ouCcwiK6cMFULzaZ zOYrd!a{`r2tH1(!okL+3Bhm(emN?>ZVCNBb90OrTEqBrptDl$yDHk6WXvBBxGrAJ5 zuVR^Ar2$(ps6RFkevR|M?&2`^VK_}<71>+s;HF&P-=NnY1%@tQ59^#weY2cJm#Nk) z!|XV2QoakykCvJHA>mdkfPdc(E^Na+nZIG`fCRUCR?6h<#-??3J@KRaZUq}^d>+-qD-C1xv&b2v*E3y$PGMf*v9a9swWMr5a zfsg1b*k)Fe$bnGz}?8e0R2AI+QGT zjHU&5BLwPoJRNU6w|$4VI_GLN->hUGRu?|d;-LBoSGs%IU5pl`^c)q0I(bH2Ab$Rc z5y`#xkC=h4GP8%lLRu#=I3l08)RMH~wdIS^?n@DGm-Zkuba9l02eVC_{>S_ij(hinj{WnuQOLOa_$Ha4(Tf@h+^yt9G;uY zH)!3h*xQA!XT;+D;294BL(I;@HRSo**}_;YNtd{{C+y}rvr=Uyz20O`32|r)4m?0< zee8$#LE1>g60!*yoz`i}q0&0#qjf@tk%Ka;aYNpW9Rd@V1m=I%EfCE=>?{o5a+i2V zb1NcbZfx7c7V>y9dI-???dSm4M^pAiUfH{&HET1oXo1#acES~ZAckB6$R$}{+2?2W zK!lJlUQ@>Tt*ZU`(fpW79kXg&G}@}jcJ&JEZP6}Tb`0BOb0H0`NBObw?@syQ0e3_o zatOzXX{8d26|?rWYipw+Qxo1P!r}Xh50=Bvv)fs+yLcvSi=!1UdO<6Twe)nO>I?#! z#Acxr4%tY40UcsW@CcIhdlCj{Eky?a6{KQTE=x6s5j$!c+qs~a7)E$6;=t@WfT3b5H!?g`n!Kkg4~13JvjK&W+JPAA;ynO1t3jmuq} zBkYLHBp9xJ{ReQnuU%B!99=q&zf-lLUKo*tcpJrD~XA z4!=ap{!Iq*ZHJq@+Gycp$}UmKur{+26L%6E&u|6+!u*7l5@coThsh{n9}?EbJ{z;y z5t3-%{x;x`IC^zMTv1>H7NFku#(e!5%5oOwa>$3uSJ5yts2GB zga4@Q;z`Ra8te`l=riCxeRYw8OGwvG>Xc>iOZ*hF%1SM@6o~8W6?OL;NJpe=1xyb6 zKwSo_)3Ynhy-*BT8yzwA-EbZ>O!;CBYCyE``}dMaat;Bl4oQN%no*~KB!48yYuQPp z?D4l;rzHJJ5{T?rYke4Kqh)dAdeW0^HOK*uG%L4B^(ZCRWf=-RujpxK1RMCYaH+^ciB417wVKT`YhsQIz&8$Zj9_nwzC z8n|A4vrAGT8b~ZeBg(;o-5tA;TKuyofgIc6u-ZcMdWT(z0j8$$w>;mqLI40dS^%+o zumC+n8oGKPQsiIG#i(UviWNl{xVPKb&~bp9@3&4i**`Zf%yS?F60g-p2H#Mc-G&!C zwV~VA+5q%Ip={W_Q|JBa!mr@^#R{6B6q|;vGkZ3}6*+(Jdq}w&9M3QEk|nl9y2LJF zzA0uZ!IoUjNY}la9BIvq)=B*MTXb2N>3^af=?|Kv2l~$Q8w%$bvo0IjtJ_G*5&#kW z-rV!FObMkw3J$7`p3_E;i2s>-Cc$?|j-@WTiLbiIekF3Z{+*c2LoMQ%ws(`6-Q9e( z;R_3}kO(W8XzaSkc(lzQn&nSg6;%8Pz`lK17TAK_-!f2OpEcfseJ=^pVC$sZuBRgj zT4Aa7dQ*!%mSFk_=S>2I1?vZM&UkGbHZW^DnK=x}uFY?28?4%XJ^?!NSoW0VE+p$O z@fSvf6Q#jYE_#uf$@!cG^M+<5+v-40@B)9ssFKm488y*h37eahCV-Qj_!QbV_nl<> zq;+b&*4Bvd%c-^Q$d0|n#_HFc4LoUaO?vv-O|DkeIH@cNmdoTshtOb**7do^+M zFSeK$KpL41(s>r7hXhi052W!Hr1^lXP@Si;Ra@4sh-8P548ou3P1kyPMcD z($}&hV`P~>xah13$2uhmutQ72Afo&}I=t{Evk(oY$7X0&W!l1KVL}c13#_@)k-1PbvCTjNj9Do4hj#PWM9ocXXQTw>U#v)~x#3~CH^k1&$ zEc<_>hUQj&{4F<$BA1o6mBSq*qovLWrVFY|6*MbdkX8Bg_X=`7u?{gd z+h2(QQ~*298KpQ#^7e*o)05E%sJDoY=HIz5+tD!jxmVE36XrN4*KgN`#}!NFR2BAl zTWambtW%ld)R7k&!?Mcajmv_?X8nIe!{xoe9eXiLIpfNdE8db(NRgAm9(x>r&lvpnD~4b&9)VJ|!BYh(sFt)Vvh@Dw|ncddJHEM>*eCaBvE@)l_ zKpODM!Hj`5;PE-=UXE!E7YTheIZw5YdL-0xDy^8avP+7e3n`d)wR3bhg>uOB+tRE| zmypxnqUmXx$y5{RQ&MML67fTO?Y3-fyX6gzr8>4{-}6P;$(`9Au!L?mhRh>_m8L5H z@!EBd7@pjQ_bs&nPwkxys2FGi`tP0$DBIo!{J5vLQI{@kt+4&n$Vh0`_(VGms-^|4 zCkf))11Wx-OL`E+Ox#hU*vO~^CU)gUlx{iJC~e17n{P{Z)X6I0W=yHvb}}Wswi566 zHFn3nELEMEhRMITgzcf?e^c?|!PkLEPq*v5IVPekI^QfIVYKk!CCMJP`cgk-_*+8! zTC1t+vSTl_u@bYGd|~eB= z+D#12F?%6TjOKsEwhkh)p>-e1dLE`H$IKC11y<*?+F-K~saSNqlOamZcawQ!kF=cc zpTvOoWi-YU&0d;>;Ry4uE38ksf^d6%Om{FQ)fv{r*qlX(YC-$Kfpvy(e~rrn#hX2K z_K9?f5Bznjn?xzCv-$D2Xb%t{#sXwlm|o;cbh!0hyvoOmx01y&(#K&?<}Li*0%O&; zPWRI|GGQ+XGNmlqK!uaZ^FfeP&kucLZ^g2w4bplRe|R(4b)Wd#u-)yAqDRkE)pqP2 zRX09V?Yi-Z=b>3(At>(EraVWwhpm0|eLVC@`cu%cxZI5n>kfhZOw zfvMw20vEUFl2i88OzgoB0xn++O%nCrSfJYtBt#AF zg&H!*#Te_&*SG=ohf(FozA}TAjeV`Ya5V(GwacM~j6Q?7kLa#* zrKH5?Yx;?<8I|X2YUi*2x!h6tp}onW3p@VBk;C|e5}(DQQC)pauPbT3uW1o~C1=7W zhD(CjHefxKyEesFA6gq3RNcg#zAywT=X6K8Oq_k3D_UI3#R>)F{wo?^%Z-UhgTCi3 zOwKw@wbq;X@we#IomqiF)vy(DG+keEf6?&W>`E%#P=9KXKEt=WIDsI%`5>o6uC5(9 zNOFkP=DuB=9q^w3;01M0d}!;<6wPg=>lPP+Gjs@3>-qES8r$u1_Pn4iTb7?p zZ;bhsY-g8Da)DC;O(gBM`(4y;42v`dkEqyT->KvQHa}_4rAQsdiWbhf486d@w>Kr? zJ2BMLdnZ%$WYcdRC!AU|I14B(xku8@5n{MBxN9=?pK$wYbN%&xip@PXOTDlML{pWf+ znonKgO)9R%?Leqg7v5l=eG~L-e1*QgSb`k$9|}?S&9qb0Haa>lT>Uyzibze3M~P>R zXq?uO6Wp7XBRMH@&!!4|T{Fv$q#9FCxhiKa(LZCK>= zCxbSC621B4s5@2a=bD&1*rKNYne3nxm9$0bUN^7NNvun|i$DmOKL!Dxf#w z{rC~Wm#a0O*vLhq`LcO!dMQbyCD-&gTgykkbhtfz5POJl$$z3{Co63~B|DWLbNVQ4 z8#M2r3ynwQu!j85SHs&~q@tvzy_!^DQ8-jk7d{6ouOlRee_?0*ih*2GoSY8;UAGCq zC;$+%aQWdFeWR%^T>j#=VC_v(Z8cb$uzw}}uoYUz>`FD9Pdh(5TPD=Um|k{rxD5h5 zbSTDlOmg`Q{;dKQF_N_K``&(e=98c41FW&URBV~P(rgt_6w+4(GrO{BJ6Q}$v}}I> zua6z&)#j!6`Z@(3LSP1uCtW#`Qu^;0+0L|^yYBiuNw^WitTzQK)={_kTI^Y(g|EDj z?2;?#Qg8Sqzcrh&r_v^Qy}9V$>$C&Voj|EA(H8X_^_T2=?*AyOp88ZhQ_}VPQ}x`Q zswZ!2^;mTpyHCxt>Q%zRtIS~})K}H@BQe*>^*1E;m$8n&;qcPXZvN}X=JqNcH6^q| zP2=J&Y=2gX6S?$b+JG6F`})_X>zIAWZtg&)-YqA1GIV&AX?lWUqlHhmCcES!fqFJS z{+2iRwe0$>*|8VfSWy}C2KH#Slibp3_f*X^ zZ9Cmx_)^1B`ML4ufMiH^UDEIRTb2uwTaqN%O0}(7&br{f<}9I$+q4XZ#986lPiDt7 z9XM~KPU-v@?_p8K+ty_s*bzZcnKJd^UTfrlm}(a>-N3>SS~5|9%bt;v(ARXd3%>n% z7yL&r_)r(zdYV+q)(B zw&X2Iax5MZK{&SDcHEic*3+G{2b@%7-eH6_=X=(KyE#Vtpe?of&pd0Z@9nC8lCO02 zUtlF~E8K>`OrX8GLjahSTxgOsm+3-NYcb5?>Qrl629f9L@DjV=%6uaB7&-8;*df0tAwO?@JsKb2C>fFVZ2~^vZWv#^E&HteH=!{&?C%_r*@2LGkC)%Xej#l{B z%hoSxF&8d$nEg0gN{kfvp|&9PBdTH%#7h_kq4aBijcK83#P zIEb65@%`f!U*i$HnFGnAR)nD5ZL+}#qQ@UEZiSlTBN)*JhSDK|$bm;hLkYcsnYTa7w5yYCc*gUD>f_AWl78yAAP0-=yu_6g6AbDHk zRP4HVeb*)i>uvzW#Npzi0)}Q?Q`?jx4q;>Ca9z?qppS3vhIu)osqPEh<#^}5;nRCv zUzyABG_{3ZjZbJ8sgq>Tpv03hW>{R4cvH)E*%;s4QNy=oHu2YVd89`o_xhN{Rl{YL zv5xYza#%5tlb&V~!=xcA4HO;J{*>x`O*46^j845GmtJUm1~I5`(%d+lfn*jQNg9OP z(?=Z>&AS5r@+ne)D!#cR1M`2#yS~@XGq?B6-LCO7-}SwE&pbMJ@z^eh(LhYDIWY5P z2ub>a+S~<;$0TyBf^HDG-H=M;=ponrs&4`&V;SUnu@{@#bIYM9^A@N3V@ce1bdHT+8S<3#%# z7ClB#+p4^RCH|S+Y7&b%`_rKVNxr%D36|Pw-WxU@7DUH*PDizG?m6~Qb@T4bc;>>t zpU&!nOI2daYqZ|1#uiKSV8FpJl?RGR+`n$<=DP5~C04{8%FgJw8Rb67{F{ty3!Uvn zCM&7Z-V*9yl9ZiW-S2PtiQH+6DJx*rkt=$3Bi&Owaf984N=;^dApitKA(c{1S6<)i z@L_FDOM~%-Uk?a=?biL3$z>$GY2J7$8TO7YE5M&EQ%VJ2H$sH5U5wK%M2n?}mi^LO zlzqK4*Qa-@N@JHr9auI@>f65?ze`=27 zTa4-<{B<FZ*mbfUNXsv+LaT`7O>7kl;=HHyN8J&(PLZwhXrh|kp8~bTpI(Pn3qhvTSqiht zBYfH1g%x%M8n+xB8L28MXdKZk2^*pc!hvmj!M5JK$+1#kdjT^w6=b?%b>?(h*}5CY zjKTae-pT>z^foP?77Jw3#`&+sI3Yg|>g}9BmF1*Igw4|*;j0DbPIXNd_)B<(k z*STrWihZqfsPK}(i5a-4u3jX)mRKXpAaw~H9cY}kq|4>Ku30K#+A#6}926mGnawUH zAJca+2RC=;k3GRr*V117ZXpH4hf5k0&0k7Su`5!rW?OtW7u;jJWbmRqf{Eo98`^10 zazawDm}k@{)_kpgHWMI858&YL*Yx`$Vn+^Hj;~4jN$BMqh4%oZWIQEvvo8sdC|hAw z<)xv6?WyHR^&Dv~BcVkIOc_IGa@XJd4+_SvL*+hI;Osj7 zrH@x=Ai^K{Yxgz%g+%MBJ944qb3(n?z)p#GQ%rCo`>XrSJHss^T9N~|G8;sUgx-bX z_~~p*aYhmZF0P#JD9$4O)`m+;=79>DF&>nNr7VyfcomSq7knmO2o!P1Ou`%lNL69O zzy~Bssn1sMqmf58V{uW3p|n0&T*U2CHZHC!8`#KPSY8hEe} z;z*z14HV$N#%K*uPcn0?foY~`BAuJh-vY8IX?^T`!fiEa)r~bputIUT&-_oiB{li0 zUa(Vx0ubF{>03z|%$Nazi6B|1BULE%OUQ(?NjjGj?)FL;S-mP$n3QMQiEK)7Z=NC= z%m^$*MAFD~Zo1lehf$I6v6t5`X9ijbu}YcRXf?9N(M344?x!#&!s9*Ew1mwy>>cIX z?^z4zn7~9#DH}H?V5x&AaU3gH8mU{31Bn?!xYR9prd&y!+uSx|m-zXhgJ{zb<~2px z`_$Y0^H+1`I{%G)*B`XT*L*KkIubYp0SG2y3n^B{=hbZi&{;p^MFj4=TK}C@}G; zKCZCxCBCLVgPb+FZ`KT5j69<#5DgZ#4PC-uP?*_+lH5t{H^^(d*zOIBtzl4Mfo((& zB(+9EDN-L|aIKNu-sT|;0z8raE*e=)j*rZypuJ(x>dpR23RYdZV;%>U-D!0bLS>@m z6hj&;EqB)5~n>9s@GVk$6@ z!JP(y*=$|~vk+fOB=ScIUUNSUBo^09WV1Ile~$T=jkOfxmVG3z!;UUEs=EB^(4pp4 z>tEICZiiIouA^}fqLotR3~;UMBYb(5RBlQiXA7X2A9PJNGi7B`nw(n;%>}sbO!qMs zCYx)ceZQHleKfneRopi5C5UQjqjld(T7~uH`)2=tbis9BUg%&BDnzQk47d0AAW~mAfxX0#eHfzT}xsQM5PX3u=bNw@q?ovH-Y}d31U|T!#@c0gEG%t;%uSr^I zQI1Jno&5Ypz8Sit;C!9Agb1s&i5{05FBIq7zhTn>D0~wOuK#1AVblII;!P`py&5*{ z7y7p0FbTq64MZ=?Z7AQjm7;Q97LD{(eL(mcneO3B-zgdV&npIEAnChlnPxTY1G)D= z(0tWJw0yDehRLKsHb6nvFxt`2&O62cr^9sar*|ewd5k5xJJxov@ynX>H$qd7iq;;G zI4XL=foy=Zn_jCmIrr0Gb;GD#Mq^6HA-;xD{YQtsa);iA!X5uuo69UXp{uwI`#QC& zibGEofQ*#`8dPpjO|)u&cq4X&#!^^>1>cze+^^l@m!c52F50>~o#W3%8*}BDKsgSa zf2|4sbj3dW@LGL+e?J}VyOkXfC+DidZEYs6czI~Mn#BB?#H%&suTK7$ADt$Gg?Tg1 zjR};2Aq!}Kgn!O1*AIkyNAzBGeb1^9uLbuAf7mep<*E_$Cv|ODSX>oe>V4(;8|D|2 z0G3nIj0FL9l8fw8u@!Co2n!nQ&#zrB-?0v-8BM()fenWp5ZXT0g*O}YE2C8t9mB#{ zJv%AiSy2~$&yxhv9dI-)cpt6p31E)KWBEZXJy0G zy>kzs0j5D=exDdhUSLXRu#O~zzNRgDN0%V=IDYS zeN7T@;A?PmO?XpGw8PsG?jK%WvNG@GQT?wN1O^8$P)9e9wnZ+^_cb5FTcWzdK_5Q_ z#d2=&h?>UV^DZxUCmy0@dp(RWF1)M`dhqmpUDyS46nEPFHQ|p$*qNr5brEE57Bsh2 z`Ks0d#YWs!Qk1XxeIW5SzL{5pKbgcEb>;8+uH68AC6daYClWPP7vBv}@}{;oJ;F;Z z294|&b2&!xe%;Vd!M8&acw6vYCn-&B7=gP)OZ0kZHh9Sa*Xr;hb2r3J60iM8qjRl^ z1xN~5ewNe@{gLsRQv*pv9P&FGHdqhbd{kpHey*2ky=skwW+RmdjfSa2j@3AA4&;1V ziyEnU>uY+4L@;Xezwg@kb#8pTMg8}o@*~nbPOL8lYBeBF!wG3O=+-BGDU{LE_bX;yt`76Ofi<-6Np*f));-~7b4G13FaKt{r zqv#Z0ZeVD~^}g_{4GTINHuk)HFTK6ouyL2mcS8Vk+X6PTOsS@iLWK>#?jI~@n9tU~ z|74#<{w1Nswlq(?ozVol?~{0Yjhn4C_Th)u>g#ve)@;?3VrEYMSksgB z9tP|K%~s0LWwY>(4^Q)3&YKj659?%$V6QS}>^RnXwRCLgjC@U2 zP&je8JxCz*k(w12ySThE&(|!IpvDb5h0a#*+FQ9-`4b#}UL3!O6?2IgnL+>1+CAlJ zh6WA+LDHw4(}LU_ea2k{tLk)aTXFdgyGpAtdo}dZ)q{|098pyccNXdh9U`g1vv*rr znWcV+QCtbTsf3-ax@+Qav*Aixg8a8?IY7k#?sTT_R%f&!F!8FQ=f(1{YL>s{YkG)R zXx$-=oAak0(U|DvyYUu60u$eC7{y7V=4O55egN-+39gxDWu|MO)R#8;i}K>d zxzv+zNPA*@LQS}1*izrzqVTeYg&hr>dQ8r5T+qQrh|iZBHs$McX}nOM_vv$ZY_&GdksXq&m;h?%t`avMh%b%}QiU)3iurk}SMTZRXFmtQQ09jPeK>B&uq zLs?gW2cs+I!CnMmnXsK~v!Z2zJbl&2e#2VH=7|=D4v;P8zj`DsE&HBr0|syQ9JEI( zj<*5P|c{93g_E^^V4O_u>qgqR@v23ai0ySNtZFp1{9~u7+fkiO44QY zu>pTim(kS*7G=X`dWWMX3CT5*Cduu*2CT-bFKGz^jBeD^8Cc( zF@)}Nb9h?|K(LRb(#)@sHIYM1FNy*~@-6;o#>f&xAF(+Xx~4X6E||O%b0%7dj1AmR zHZ6QoLHN-6g&=+6e?4~OsWdOrJ=_hsi+XD(3ha|rAPT8^ycxwe-h?%M;(tB1ZH}*Z z_V4!WPQ_FEa&G!t9CaxQNvJ3{Cq-e&)|=}$SObb7Rz(f%o5eRoLiFky zjBb!MIa%9Tgd=PF2&xwn-?yi(Nx~DhrKlBKS`Vyn~I0`TBMVd_#8)dnZ0H75f0OGZeeT z#op}B8cSZV&Q$dhqZ?A1610Zu%CD)-+D8l`lN0>kMQyEqe*7(C;W^A2Osyn;wRAmG zc%4F#jO*qM}fVU zh27V@j4-4qz9!vdBSlIzmBepN2%=d9GqT2z_^Q!KAEa{(D8+qVhX`F=t;ee7!* zKza$BW4Lx_)NJ9>LTkfvumx}W{u)`G_8-BwHzt)JgR(zJxk9bgraO_K)_Z#ISVKZI z4Dq9BrLHU9OmfW+raMhqKY=Ed8^^`MNv=*O(J6PU3p_MCb_PlO)}5Wz z1@_O5)!}V_i+m%Q)fiyWAcO8txbsh7Od-Y=3w}xpdd;^($jlBq^mBLq(Elg{bwWk2vPL(}!9xO zNu)MTg(SGQx*#O$)R`x0^Sj=>HHihFHvxqyAO?`quEwcV+cz-h?~Kc1Jgq#h@!$g@ zA^EHb+CDrIRi?(w6WnMqg>5i>zfUd(!J|acUj5Oo-@)V>`X=9&C?eEmRmA6$k(OPn z;^Dw3+2#BnlB;5r#8BQ>;$>jL#dLyOwXPt8M+zTcT+PUxAcZp5J`7Gr4gHN0Qq-#R zGA2JFD0IRb9c>Q3ziro3sB5$O zzYxefQ205CGE4-F2V&6#F2~C3;Rk2npi}v{h+vhu5||{w<9Ih*Vv2aU6K1>q)t)e` z37?J)=ZfF}jpFT5Nv&5RUkooWwKwaOnXmaXOEn7D;y&DUq&Bf0=1G7SyMZ6-cqco7 z>#&!Fn)hRr7n|x*{VO|_U%<93Ays_&ypenejP;Z#<-9nMTM097t`YYFA}~OszNn@{`V%$DOn5&2BsD69Djy=xcsU5JU?<`+HW8Sc9*YUua6~Dt<`N zmYqOiYk$i|B{+p2bH_hf0D<*l7z9Kb>UOj9LaW!aTzEU_TXT^fNLC?s_DheaGPVcs zC95t`zIA3C`QnGsdD0-1n3GoXxu;VDe>U1#>XaxshcSk&i^*ujv~tUj*Qvq1s>6FH zEn<3RLp|9-y&Qlov-IsfS&bGI^0&wd|-v?7DUkx{O2vTPVPX?4)jfC9dP-I_T$XdWj6Mg|(6Mxgv&DB#|^2k<#XxGn0xS z-%KeZ7*buy+>c;!*zipo&(LeTxo?(KT8pewcqcE}6q{_N*%jfKU*=+824|RlKL`R5 zhhV5Kd>)(C?f~gw6@Hvzme+5-0!ZlA?e0zv@Kq%8=K1yN)(?Hw#yx%lslH-|=cs{A zHI1bHmP?fCKVGVRZJ)$Bd4e^3;j`K4{Wg80(l^@ltXK)t@V!>9)n+GJ#+GqQp_*lP zC!#eu3RWyRDAMhoY?aV*S)UtA^4!q9vLMx}&mNy?ZH0=EC!1Pog}T^FxSdalBHNSJ z`h}x+?6Pp$0twY{YN=!5+Y_1xGH8LuwjpuOP8AlV8Z?O{UN>FNt9g2RsGW5D)*2Qx zz=TElO7+LND{z9qT6sI4*w0*bizd$a`_ZZ0<8<9nG_J8U#~mpBR`3sz@%NzCyI+Lp zxrjabdn6Fdx-&Th84yIN*Ur;RvttFBzeQtZb^tyVH3zTZ%rg4yjn%Htq|M&XZF^5f zWFy@#_3X8^lA2V{Gp4e+la}y(*Q4_&+Y^{zZ5cAEuX?%g7DkdL?Gvds;jZ!hDZZU; zgTtgtDbwr7lLY7mg^&&rIFnCtNo(^A6`?Z?hFeBCV*>EYD%o0NOe{4+KCqM&Rz7~T zb{OLUVx9S!BR&G=s6yGHa(df|uErY#nb(4TkYY+gEuC4^C&4_vcu%v23Yw1?MZCVy3;y^AAgJV zyXI8v$n2H#+$1$pjK9aUnLhAwu?v~hGLYLbn`*?&D4>lN&d4tIN?WXi2_}zXWBZbu zsi0dGbcCTxXprf>FF)Ad2B%l>g3Z8%$%(@>B+_D5Jtlt<`;gHgg)ZsS+2Y*4^K7KH)+cY9@dg2F|$I?7szhE{@xA<6$kJ)=#tKI ziOV|X`fcv3e44MZZW1rfrR(C&x6ofLoSXQYT8iy=QhWJ+CA;nP!ivbTp0lt_iaA;Q z2<25CiHsl1`|Anb8P9p*{o{VlXfo^@Ly@+7kkZiD(fO@r+$A~!5*U#;XjiiJD_SCM z?D@noiWM&lP!iF>mK;dQM6ROBSxEbn|B4`C3TE?nU7Ut=0g&vrWVO@UK)}#*1ElKj zjEdJK^nJu8%;Et@mrxS337b<7ILC@-*n~ytchc8Z#YeyG?MNvzYW4j7i|KiE!bN(% zf_EpYdj&?W3J&B~5m8jwQ<5Pb3D^K%vI_E{ZzYrV%VihtOz&>a%%o63JUzQj&B~2D z-~_F5UxriA%=c3oycNf0U>zp6D#bp*I}K#uQ&!k1%-huk@jiJ~{D|*T6WO=aCOq+ZDxu_9n^2H?*E&{wpiTH9^;CMS-~e7w zuZo**Q&svF+JxU{U?eRuEa%Nn*KF~(HesFz!`Zc_khznw_hRf?!3rMiwD{PTxe;j3 zO@-tN+?`svlCB!Ve7I<1W+FzfRz70Pc9&Me8Ku7G&FoC_lED)3m=Q7*J(ia`Ll`@K zXZ|(InkR*K`e&dWD)@v`yxW7N{A|?b?r&Jir)3h0JLX<#a~JVxTJka-Nm~b2Mo)k# z29IL)6f#gToHW`p+6i@pRBs`zQadlQxh~w7tCpMJPrKIr35#7$0i!E)(Hp$DGIByf znz~t_*PKf+u|7dQH9f4gHO}fvvOmI=&aoewx?3bN1+TMjPY^3pdw2DE(PywXzWSDa z;v?AZSWq%wx$9;M`klwB)fc8ad43bhl|Mw>V9;xdZ%pZO+FkO>OdQ zLBSdwUJs;=MK`NWH}yNz=EqofsfRaFI)%@@ti6;yEToUK)5n$zUhj{M%ZZe&v0Eg( z@>}x`8OQ^`fdj;fH`A&MnlODB^4Z)w$R&!dntS0W(YXq>`pN3e&QPwfypmfLI#v$* z3)nNQYc=mR0a)(>-2Z=Z#Wa`T&~&*yH2rKY`@r_b${WEv2_YNI=2qdyDU@y{O~c8x z!|}}>&F_}7$H9ud6ih~{>X^kH9|;O}n>>K!tDjC8LI*f0@frt|K|IMw&3@A*&msaM zsML-c^i7Is##-1>g>Gg5Y&#Xix#BZ`(wT+6FxYbHv)UaPAX&E3_*88^8e zeus?VlJk^&2@-#OQ)T2AU)?TpEJKMEe><0~Q*D;7{#yFQjdx+~NsQ}ebza7S-;lh_q5U?#4w7LwC%&7?!;LjHK^~%Tl|Emt>6fbC%nN@-=xve=LdXsUEwU$nkZD9 zXKU$ADNIxve03i%X4$G^oi;xZnZSKO)g79~Gd^@US&}UQ7b7+dLpPbzNww>_${Y0Y z8p2<0bc6nZ4!A+Djgfq z0;MRlTIx*+QoBv$eFx_nlI)@&G%S_0C|(u6i4~7%#*=RY#e_PcH?BkT;sL^Y=NiX2 zY-hbQP6$XaHpJSkCN#}ckP>w#)S3vmk!ycb5SNlt&FJFQj9fz*tzJbnAz1MbiufuYkmF|Xb~=ij2CAYS~oqy&Em&}@&kuTBdaI~zPcCbfEWL4hMfpcJMF9cnVd@2l_p`!4XH^0 zZBO1Lv}xSxj{4`TD^OwdX3?u>dn8cKP;E4rY_xhhCiv=Zw1u!Dw1GFf{2RRh^pH3a z&IYAtB}!##yTSb9aIHkgbViCD#7h4C8wU7+4khYyh2;_bDdV!a(pE{Vegqm;1IX>+(P@_-Xo>5xo8)qo^++o=~(JO^8F1D zsMLv+l9j=QuHdka1#h(l=c!;X3YJIvRdUTt6k({*2Hd-4nw9A{+@y0_!AyRo+_hgo z%8Pe(P(O^MI#~~>#@j5^T1J`}tnu8^iD`=!yx6gn-w8X@i2t^md}xDPn-Jf(hw{+TrX?4e|&Yik~IQBPLn8RGm7l zTo zN1U|waK{4I*aET_jbBcI;UC2ZI6$F}1M zWOO{gQmDJi8s)n+s_Bm_D62%EvIkO2SIM*)O1Ej}%Z=X##F|W-@qioi=^aaz+EE=v zo*70d2a;9>kYbx_rU1bEcdX`6b)l+l-?mp`xPlFUddr{!MszX1QX~2+GGW~6!(s)^ zw|2mj>&>?`X&wWtH(i!mw7~=Kj*b0ZqghNyUU$BKSiaiA)W zpkhJ~haZL)Je2lNYC@%Is%3n03tlVaj8{6x^;y)h27m$$Qn@Q&oaE6{QJ!40Xya$mnq=#6OS zN|X$<2{+*o;}VMZw+Uy^0}sYgbgC*oDFb7WO?U^E;KAr&6OPZo*lA%DWMJH6OZ3XX zxWXpP$-tOm6Mk5p0$M!YCMSZ7X57c9XlhjWBgI=0tJ7vb@Q&{&-_CCLYgUh7C-D!g)<7a*ydZ#+X9Ey zxh<%$Y^0|wC*lV|2-GQ|4&eTIP^N0S$iJztiE4iq8ItxG-KAbVxYCLVbH9RS5qer< zW849XExD?}w%BGOl+n(NcB(se+$CC9!67A&^T$_zv8^b(lri}>s2Y8`Qhg$1V0pppyxZiDb?Un)TA2apG=kirwh7u19GnFOVE9mBnBscOrPY6 zSn<2Z(!1Vgkj!oU;ls&YZ!Ub9Rq6>RPtj3N0{MEPDsM2C{B&AWzEeno8r`{j!0)VDDy2ct@d`a z`F?+K6^)>?nwV(2unc~tc{B?M9cG=Th|h~)*5P%PJ!u3_9t>iC#_D0dd4U(zIc?e_ z#3=Sdv7(ECg+w;@dVWhIs$(G%J~t~&)OvFc*$B;?POVV^m+JH7NQDfU_&9^cH^e0m zdsk-*XDz9dw1?Lt-*&?5N)cDAWG)NQtbUW_^;6LU`TU3WS z9t^ZaFG3LS)WXCe0@(8vM;o0Md;KHRzKj@Y>;N@(al6K}yVEaojcaMHbo$n>zKLaC zwg5@cz3f9Ix!tCULQdVmkQMy$XATP}XnR|e%gtse`7*g&mAKM3`%xhAd~Id)8g+(= z`?i*eyZlOf3#A|%Bz>-=Nj9lG@(Huq6natTUiJPKyjAtE9|H~jJuz9yAbWwCiC1@h zQ>u7 zx8Oztjx7k^g$evg987P&=;2ECpd?XLW5w@z2|HVVab>mqXQg&<$;zJmEk`A@af@3| z8&_)2+iV7|vYX?jb_O`6(qVLFPMbbrk3BEVH&@0wEPIAQuf9AQ zq#j+#4lQ?M;{RD9=lO1QL7u)xTJ{8Z)B~0r>)s9ac2yr{KIEZ172NAlB_1I^Jf&WW z*gVDL9Jrqvs7bMJ=O+3SRXp|4fi!53Nmrqg`@d93!1?7#3n4| zp1_j?{$mr4$iR5iCUnZcD1sEK;$1Q@d^Vvr17o*s)-2{Yyuv{fQsiYY$=~S0gqogZb(ioR?o{}cpBwxL?v}3vIeE(oB=Y~VY zFQcLP35CYx%Yp=aL0`CUc3)b}477YGkw-y!!pZy=kMagUc|uBpXYUHGoRM0R4`-I- zTUwHp->@X{qk*d6Evw8ia7O68W1IpY4DATvkAU$vNE>Fl17WX`=Wo2iiY{xfwDNwC zUnzP2nKrh(NNQU;Q!6@kLnc2q#b0LK{$Nhc<1!k(NX>8Q;`#J|jy%e=XtT5hp2Y_( zJiUi2FxeHTZC@a23-osdPICn=Y+vAy6tFR^EenVhkD`nP{=Jb3H#~iyt6S{q9@M_> zQL2j$By^%WIqNv}WY$sP>HV{24MCq%m=!ue^=GN~-$+d4vG;x3_5Rx%J#*R2omJ*W zL62~GK|QVfR4a^QN)x(?C*|0gwwfhjsfL_|lzj~M**CQwYK~9cVlLn}B1$1)u|DE% z-LocGW{x_^lFT6O2%F6fl;R@uZCessF`(j;+($pn>1v{7Jf?H@ULOy=l<=A9sCV@t z7aN>O3IB)gs<_`xTpYs>?K-{ZVy6&&U%z9;oyZfZUPv+<3rnniE`+3DuI9hDXiRVV zUxRw_QO88{da@J~mGxpyc_<@a3?bbb^=Thvw<|;&$=fPgR{W}^B)Z0|R5(z(odTOc z$G*CM&<}x|vDEPo>4xzCS|g#z*<^H&~m>?q5O7 zXQsONj*43`CU_ou8LuiKOrHY)BSp}GR9j>L%(DRg#-~|<-I!!i*&Hw9x=RYc&8%VayXa#I1Eh%2?#{DPiTcQJ~A>Z^MR z809>8?W>oKr0A?C9cQlRO8tRQMUn)n9;C_&rZRdI)6Ltq$t{)wDkJ(Gyr?uXa}8&( zaObX2!K^Ks+e80gS#J+Tf31wo>L1#a80n8r^&Uq=Zu;@J@GxwHhz1*;#jA*eu&i0* z323w5Z~|Jbi+HF2rLp2`o^kR>Z!%L66n}lkrxmHIF@NpJV?sU4V^gg~>%Sksz6bd( zX?CId^rrqGjgK?dhvvZ57Av-nj4(8S&s9Z6=xe0au{0q<@Ju-`<*Qk^*&hF`9r`N0 zWduzGnIxxlq)r&0|1xu_6MoLB%Wyh{hbuK?|gBHp8F@=wW}3fx5Rxa@=iv>Z$Dm zv9$OusUZDEXsZs4U1{T~i*fwu!k0S%rupk&AQ4}2${t5>_A;VQFwHwf5(AnnM?P1I z0bFk?fk87VdGeO7sq4zOe}fpX0f!2UkZ(=fV)}+C8(C(Kbk=c_@2hCc6EK@8phM@2 z9s9GSeGGf6%&>FpZyR5p9V(#*Yo&D)UtWZ8ll6)ifJB|A)@@PK<~)8c?v~D${I2ZT zWQTVWmK!Rp)UJs0^ud^8-OP8z_24oDjJDHWBtNwzm&j`nA5T+kdS-FWv9U;Z``gBq z6BFSzq#g6>L?voB)rv2b>nW@IXSC8^WN0JCqnh)rZL)DZ|t{dGH~pMtJI5a>NMM{TJ$Vh zo?T4q;T)p61X`NZ1v)fFi~N+qY%H~>mFF%xv)usi0RUqUj*b@Azgu&FZti>wdlEuu zVt7Y(a9`iT$=QMC&+-FZSCmI4Pt-H^<0fh(8bOW>=Nc1?xnHEftwZ$xa-tBH4){`jeA5K!5TRL{vC! zN^ase`ZIEiFc>K4yj9)muAc(o~SMXuSIC&D!LX9rh03 zdankrvjE8JD*q7>co86VYG^U{fAve!T3x29?N2qPGLf_`Rs7zpP z1uF9LGnN|5b5t)IE}XIc!xsW$lVmafNArIy|4-#V`(*lmckjFYiYdYkhsDOTa=QNc zFnp1CwC9fpxEGf2#^>el(gp;R=9s^0csucwnmxWst2~((*+%q^0eCph>d%X^u^wZ1 zxjh$s>9s8!>3F$)c$3}vf!Pn3;ij#y)%#xANxTEgjwhdKog^9f^pJU$# zA)`G0r<9DM>%K;r8+(Fp?+wTTO)|7ZcU*d67rdCF};xRX{G_JLLm`)#WQ5N#E zuWmaDEo1W~3%8BU&p|&Fo!;M^zn&7&=|$#DzKGf67K;gv?a$%4$!tB&{wRX#eRY4O zCUTW?RT1tujTidEU+#)d$S3%1Y1epod5*e@AO41&eA@d; zJvs5K+|A0>edV)z%aszu48Tl{qs_0wwNUGZz17+(n5~x1+da4AQ6D3#+0Q;ub)10T zPVcqP6hFTdi9a@aKQoAAjFN{1Zr-_o*$92b`&9vI=wF%?(r+nrL6V)H9U_#4eR2w3 z>n83Wnp#cVU+o-kaQX4u_@$0SySU{b-=g%lBKIviKG#b^W--s4;8@4Tt~~HiwhQiX z6omBoIJsEoeFMKBuFfuNeQn(oO|X~j9tiJ)jS*(*{gg?t!{Z-w&p@D79`N8fD2zOa+<1gwG>Ot&} z{N^~X+hj*ty^iCgpE4CRb2obXVA6cCKD`g-e*$SYH)#5Zo-M7I*=0RyljbM>a$vqz zx*h@pZZ#*VP*dn=394B3j0=Q%Gjsbj&`kn;u~icANhv)V4pmBR&BUx59U}L%+)YP1 z)*7BqVNcu|#7=y<+UsLV2mhju?MEh4;$j6!TjL&!eP;tBh+Z$5)|@cVmfYW#3|&}( zJZW7FwD3=U(Ter~DO)5BjpeuYu|g-F6!8 z8aon<-kHZ-JC9?hNo;HF1FEou3nD2m5Fu zA%WWI7iHbJ$LkGl9y>Hbr769Fr=*&AkOmuq&5f;o}qNNajALt3^52m`UYWZa{gDm8^@=KrYD`PWr` z-4es>Z<= zK4nbk7%Q=R>bni5-*FO9ru73pTlpw{Sz0BKEwzZH#o!U`(A2RpYk-b7b|9qO;K?in zOGw;are^u@6d~mViy)+dc2puESm=a{+M0_(T@@7E_drv&cv$L5zi5}kJ9|@|4&4#{ zdYUzgMF;ZwMGP2khtD503FEaQ~a zuFP3I5Vg>-fs6qo3sLo>+?$y}X)wR<9J)WcU!FOi+>DIU% zbyB|hM&D!ScgnM7(f0Ca&1Ia$x4*Xq5Z06N&mG*GtB%qkT?+n%l#_<%AyQyw=rTC5 zerRs9KLI^_?H0^crsgX`anue;!_KE~m?0ASLLK(q)|XGzc=dWGCv=7x{4bPor&dH? zx5J4QjHeN|N6WsZ(a(p!K{A-R2MaH4C9ex@S)qPnOp3^{ZU+U*V`aFem(9}|1-4u^Uo+=IAz?Z>iEEz92h5#|JaRaLR?3Hd;*ZVDZfvAB zD9O2$89nsf)Qq|p60IFadG#mWw6#@sa9jU5Cu2Wnj8?r3e|N^AW;CN1 z$uB}u-nJWl9GCEf5OmiisY#PDk~e9O^VMv453{R9uGCd~DX~E9m-TKG%R*ucj{f`fmF{2{%5MN+{WE6Fz++ zl~BCaCNw;gN+`JGdsTU@F_qBwESpfAfic!5Je+}Xj73Pyg@A*5%^<%ZYm^n4esVCt$JIthu9D%Q5%%1PuS@%hU==q%Ueg{Ex8lg0clFyHH z#UE91T?GZl1Ncb?`1>ReR5XD(0p5k%0Vh&oElT&f)%+P{H@~l>`0(}+@3atW(2_|m zIgjj%9khS6hxTs=jfbMHFBG)a`>mF95XC<)?BpHbs{W0ckHpT?*5%oq6FJdN>HS%}w;kTE`qAS3 zm0$M2Qd5=1(mpm~s)zhrfAEmMS5%E==$eKG5o%@?q`eY7U;kL~evDAOh9+h3(Zt|& z{d$^h(Kok&>gCZBl;u?aLe9@+c0tU2$Y!$N9rZLjo4q^I-cUy}QMA!^i(Bii{Xp_{ zKP2do*TRcZ%I}rLqOukK6o#G&|lC74djC?dzqIi={D16c-WVXzk zzZQl(c_*6J@>E*TL8=+T_N>L}qjPk&T8CTvzWp$l!Je5xd%^_@!_4+WXY*nbQteI|Jsy?=3*Jf4e zueW~8B;GUg9?xv~(%Nda&!7cO>qU?fibk|4t4NjtaRNC~AX-})U!68E>+Xh*+gJAp zzla`#AH?H3wf$l-hZc~Z_u8L`73}d(Qi!GEt9w|D#Y&z6&E}22TW!CuPWO@(ks-R7 zESC?Ty%zZT31*s*)z%9U=Ptr;Sp}d3$GEmWsCmH!sa^O^61-(Qov-E`jI`Lo;=1>R z5;yQiSnLB7>P_od&zW(HoaNY7tgTlFQP3_5PuN>wDSOOM7+USsEaDFVyVw?=%6(F- zpo(AgC1n|LhwS#PH*x=Vb49x+dhPznwfkPxUIup$W#apR0!QK{7i`fsI_;4(0ax0D z)BoWSa60Tm1(7AnBmLOwKz}o!rFB?&yTo=lSFB{2m-HG*$7XXc^vqHGAyJFH3l|J0R7;Zf zDC1hbnv=2HvQLkCJ<}DlXP1M#;H#HBXK6oHu>AZEK<+2U-w+m%9m|or5G@Lx>{!Iv z%*;@cbrji)yTtf$mNXuRCLoPd_?4oIX--W0`dd9UfSFDduC%x40p83nrCe3K=5Ohl zf59e9qE^Q@u2DQ=4XPMCSdrq?7c05(J0`D`nyJb2u>dt@q4Ly!xC#70c(4{%*tg9}o^J11H=A=Fvs;Sqwm~c_jo5}%g#!{Y zl9#vWz9S^Dl13+-%ih7XwTQ(~1Ckr!eW60i+!?BCo)nvQ+#W2`&%x|Jf@SyGLny+_a0TGq|1QJ4pNAsQ>VHdv#Gw3A-Q;qhW-9ogq zVjsIu=RU>o6^p#3OD^9kh^wUdT?wJazT@G1>ae2?#L8NonTr2)W+N5t39|dj+zl|E z-SK0u6g=J|#Un|RW~8_MTed1Zjc2fm)RffZI!}A=1(y2Cwj_GLqT^4ZyMIwJe_w&< zvm&j7I|Uycor9%qFc%$Wpgg)*tjvt%$#nMeV%=id6yPb%($Kf&Xv(<0hx*F5+g0jG z0oc%g;r72)oeQIBe0eU|P_g*{3KhrHO}ykU8a$cC){=};*{_@N;e@$9qhUA&0^u7K z{M_!@;Tz>W{Iq%!CZx(?JakeP`7+em*+^)+yM*x)o&7ZpJ6IUrc66wwEb=wM*lmjX zeX=>1cIfk*20NtiuI%8sR&8>M?N-eM^=DQ-9V*+SLkDI$6grfCVGCEJMz?_1NOO4m z(V-%>fY`Y85!=MemZ;I@rtNMThS4$fVFp#y7ai~e(_*Lb-m=Eh!n^Sk;)3nSr}?gREsm@{!^MH!1Uw)X^Ip&PJu#C>%_;UxqMuZ$H(N(r>rymzw@8zKg*miw+LS8N%TsM-v&-9BiR*><}kkh?Jw!;O_-aIW{MxSJhC); z$r|5nioyzn_R`C*=8kuUqCH1kgR3CN#A)17sAPR+ht zw`MQX1BpHhueK)1Ln4=`VhcXiNTR3mUDQ#*82sTH6a&4bIUzXgIri{0`vbb+*YnOU zBWYgqGMdOJuRgoT0``xZT;#jGhdLLXh3EGT{mt1Y@`lqE4T2t3L@&jDPHsuy%)V`9 zej%T2_*L;TYd$J*$X`1v`)FVN68ANSuOb5^uuis;i0Dn~X>aUjUtdzn3ogZ1_dI1Q zhH}~LtGn4kIO(YJ>OO;g^^%Q8uBr(H9w^UlDIdCyS||n*N59&OjKmb%hr}70h1!#k z3LW8(cJUwH*@OmCor` zI%0LGbKUaLVZ4^tn#%(^tvsO9TvQra<$myf&Kta+v)b;Ue%~p`6!tBVWr5_1(CfpS z+?gBR(Z^_~OrQ+4EyenFvI!Tb1++vn!q=Ft!>LIsDYryzyHY2aXpMVYt71-40&9g-3wR=rGkiEMen+s8Wndh;rnx zs+jq~6@01WiwvfpbD;jy9@OguleY}PsL=|e(nnw2Dx2a!WS#kay)G22*zuPK z+>R>yVa`2>wU=OUZ)Mk7vaIYnRc0r?Iu#-QL}((hC)D*N1XuxzwQrSs6NdzQbTP+L zapaPjrvrz*a3sHw1TfraB3d4O_}=IyH@Sp$wc1AU#w=CdQ?1Z51lqo!;^I&!6_H`Xms?L1y>S#F z#CW6Mj1d(-+Sf@H`VzZSS6;BStz`&^y9GK&?zae_-;>m?i7qx5Rz6_s90vU@;Qd*fkr zqcVEPaA@s|(7xtxOLXK~S{XUSE(e@D+&Lmr|MpfX2?)*+EAB5$t64IjBF#FV1)= zI(U1Ds5h_aZZ{36;C%H5(KkH?NmzR(tQ`d^jtly*dL#8%?qG*+?ZB_o|HYLZ#_Cj2 z=c!*Z;Mz;SI=g;VyMAT!E7hqJ=oEd7V^7O^kjlhtn#Gw(aiy*7bE+f3ijGbG&7$IR zKI2=UJ`UlSmc7)(6l>aE4ePJ7m&#)5bg)JQiDpG(DiRB36XdS%_KHr<(%AgvWh_<1 zi+-Zj@@P*5nO2?Z5rIyGaE;#U0IxSSNQ7iW^8=kMq=?%is+TX*`;fG}reRAme!uHc z9uzZ|%PXZ{cBojmW6^KZi1w@c2Kthixd_C=Za16GztIj5x+r&4EZvumX`&+IPDeKJ(HloBp9$N=S4&r2Ihk2d>-db7K~*)3{gC ztnH0KAMaWFZl4a`eRUV|slF}P7utyxESu0_;*0Do=v)_fey{~kbS&Vv1^%o8<%l>; zQ=YKl1C5%W$iqUcRm;jfT|;GFeh-XSUZsxt?j<`^W`xi&By^k?q6QZ7&O8u5G+!Q_ znwZq+0&Y^`-PCTZphw4!U1vL1qmI340dFw-LIlE4%NR|Fkkz8UTCXe7iMCtYZd6jO z#Amw#|L$0zh*THKFY(7fi~m>fW_2v?;4P<8VpN(ig!L2qgZ1$1np<|wF|yY{{kFHt zYp87Y#YSx}i!XAFWeS^)vrM6mU#Z2{xOitWY8fL-Q1t%^XE!c}%w>yYmfabkS#eZ? zNi*t5r<8X#8|Z_u#I@$)dFE`2Sp^OoT@OfpJipCFw`*J5V6`_@@kN@)jA2G*pRig! zS{y%3%dfuCve`l5a=O@+wim%#vtId%56$skpW2dKJcJ*OVVknvB>t1RJHL>+yk8d~ z<_(&&wDEcoDIChj6=L!*4Y6mMG8CjMfk~Q64NniSR60QXrg2u0kGRit?G+tUbx&M^D-Ii3DgK|8z^T z@fIGPvBB_#Fa4^B6eWm|UDkxtgT%1FZD;_tfr@KgfmFI7T|K*zWOo{0pw2xNOP$7_ z_1$)bW$MKzza~s*K2D_tkp9;vrWcM-QD zUwBtCcoB*yf9>hzi0a=2k!`*+_Y+DNF(5cji>ZZc`^0EBF6%TC(-(e_`i|>w~eV?yEG$VAf%yg)F+jERQ0t?L#GEzr z`KIEnUUBtcgzEtmO%GzBje$sK^9|H4i*K2#(Scfe?R8+po)5sHlXTbXczDjtH-3sT zc9d?TqywBO9iY-=Dm3!a{LpX8ohTqV;}m+qq0WZ6q-tl1p;KI8QMcC+mnkbU+T_Jc zxl>87<)W?>qUg`K?dv0E(!b$$5hr~}Wb@vUYZ+U}4{3mcr&dZj`)d3uvX~+rpBQzj zeyg}hd~2z6q6h>^G^cLZm2B&j%cdWlE-AhYg^1ZYoA$7P=l5aco6Y*2-gwHM%Z$N3 zW{=OF>@Y%kQX^ci58^9qHPgP*Mj~^tP+sDE-HXJE`;28)i&Z%Q`3=tebqB8iPlWhYAi2Q(_grc7tny(d zS_OsSuv&$~ET%AD1hxPC$RkBh&LZT_1DT{psc+4Vk_Pu<eI z5TPe&pCV4Ix+8PPxbo=!;_tEI71os2 z6NrvM)D>1GPFN~GlNy$0NysygP*y>%!%K?FMqQRagFDGt)-hJXlcZI15ao5t@fS#r zUg}gPo2d9yey4ueyESoF5SQ1Ml^^2CR$^vRVoxHOQVK7MR6by7I!#dNICSwz`+gfs5czYg)-qF^Q`w9cj@|CWLR3e!)qwCQA9Nx~m880#^sHo<( zweU<_=?{_Ca1-9vWebo+?x3~VzS%mnl*X>`Y;XL@|4K(9LF9SM&Xz3F=9M-cUjL@s zh(E>z-|qMoG(Z4^fDLorwk$u?j|-#h(#WUiGQ-pIv+Ye-cy*Ru?mevetGw`M*%o4~ zPruUaA0V^-f$Db&$By4?sjmWlzAdSa;y=rK#lG7W07V0-f0H4B_~9qB+I6$jD6u8re2}Qw|Dts}8(SohA2W7n$YFESggONSY zAB^yM{@_Ai-9xlfUj1{Rc@qZ~93KzBrYUmOU=C~p2QQY)Ww!qhc8nLZgq-oLGmD1v zsive2q*g>eHP>(VGRCUkgx)|QI9p-}^fbb1p|FrOr`2i8(}jVF;**AyQ68H)&{|+O zN}S;q+77$mLH&>Y(N(&P`_F>H?FT63^&S@++JDc|` zD+U*FUoo;d@`kTswR}+mt9Xe$(Vbr4?`iLYv{dTbV&jsLWxm_{GjZa$yvoo-@Lz@j z8YZnu{D!0k2_G2BJ9GKr?h(tLsGXwete_2q3WYKF6dg>XKqP6_rOP z!*t#a?vsXL`UAkyTq~pWZb82%&X>ZPR)R0Q8%E~%>PLZcHv&MfCSL=S;7+I2oQ$vD zA(>%O19_pV94_0kvT>tv##r@>g@$)6wMIi6EVxwTk&9Pp7FhL>NXZE12oGk>hz{_INml%jPDG=F~@|BUF0@bbfisoTY*<(u} zb}pWZL~z*<+)q<+5Ga(4Ggv1ZwHYnaO=E24eBG6^FlSuqObK-H$m{TJLE@9m7(B!r zI!lyV<3+t6!onI#O2x=)ITUy&%NAe?b}Pgz`d76rAcVE^RynuNmLkelm5#bRf5tpc zP4mk~ws0qezMSySNLKSv`%^V5(Hn*4U--svKyuX@n$N;}KoZA1;Az3=W+NpMRhQ>$ zycN-_^0%nW3|q#%+bb8YT7GNR^Kccg2L@l=YQQ>&uG3uydAB!d#(Kb|JQJI-{$HfA z6rl+n+Hd_KC6R^3>m(9{%V&8K8=H@cyv>H8NuE_6t)z=0xBy{TdH@sU5|O#tiPUpr z94yTO+ij7SS8uaZv4YlmSer{Wmg{C#obk zD`1s22nR({0GcKJMR@6ycA9S3R^o13tWE2bHUMi6Ag_oheWk7FTM{jItYGI|tbX#B z_~ywZfA#-o{+~gU9ptWw6^IMvk^fqu3v|9KJcn?joro4XywS!GLT_F%Ry-s!*y0=w7 z%7!BNbKocJ-w(kU-bfUhZIWi!!+fliNR& zdkDFOncPFk&Clcl#)CR>C;=k?epuJlm-vyOlog(vXh96lnH@W2u}2aQfS+>k4433r(Vaj{P4QJ3@FEbE)3z#QN#w zW#Mhv!D1%5EDLigCVFP}rT(rhzWRx9nZ!V=7l1Q$xCLf~haX|4V#OF8*hw;7rpdK~ z-J~_1Lq&a&F=zbeJvk7xIE91Q9o`f6(Y)5F>FZZ12lfGwxaCSmjd#TSxwx>!{DqOS zXF1Wn`}&q@aS-po>os1JG@pWi4Q88CP#JPDzs%6~W<;yb%t11m|0 zR?T++PO<<_FBF9SERWh0lxXN#^GIo?ThCC-Rq0NZN)GkrHtPt;_P8z3Y`O(r`R>8p zC$4#EcvfKRr-A0LItQ+JBkTM_@=$pMhBgPTSpHt+9|{A_@k5+?wfIB#hT36+&=yDy0B605I}lrOpuFo1cav&H5Ieek>nn9|PrcteqX|Rl7Yqcu?*3 zPN6P~2QU(-mGG^i3PF4x0OnOHCJtWwH;BnR)+*-0){!ZbeUC2uR+xJzmTGvSM&f8> zCdqVrga$FDecwMlg$t^x$DO_WCB*o`nk7Ay`#)qTr%+Wm3fN5FZNFn3aLN5qFn!4# z>SK4iJ$8L_MejXsv=HPx1&;3_4Ip)Sm91Zy%PZnSTu|3F%k+B;whX?}yMTlVB%$!y z_#la~;(yiaS5JB5V|UiHE^iA4DJ`-gc}8JHD)EFOW@E?_YoU@u<;8}eM?km`*8<|axX8{Lw1XM zLW_$o=0mq`Xaug{)2yY(5U7TmF}n5)wBRUcG@RO-x55i9`zSS%=eQAZBRNxPu_|;* zZZy>hV3?9@K+Q*gk`ssMpcU|yO+dtHrJ14*`YbhMhZj&}HFsNO%J(|5ixIxOkqvA& zvVTHUZe*8fWGHVK*-aYRF07wAjI7;$KP0))N(xvZrR&S6p;0*TH&{!T*KGZE(*Qcq z?O6GWt@(HmGWo+4LLTXwLdYqkaXMMWoG`sScfu4i4{gQ=Xo(ph0b@by^Jx2k6w+OK z>A_X;)1`oj6|6ftHKwaFeUc5Bjfe6|$J{GzkB=nRblaoH?xjI*3MCfO?J~Ok_YYFt z#RC(!^@zY*zMl1LpIbu&4c&!Zv3OI<5!(R z>U31J+f}Ih8yn#*g9Gp%;r0tm91AAyeLsbXPoNw}(KnL@CfL~0n80h}eSRi7>q~0v zW&rIYm!seX?+9bE>H0N!r$SR=8O6mwTaW;$N%KE;a_}OY;OJXKjKE}a;)s;@ zBJmJ)EbUwoJEGR+Uk~0XFedQ8sj=M4xg=~~i?VcQRf33w1@|18!tu5AvT>|M)#*aj zm-p(z?Ei2_RLlsw=y!vhY3owRX_7L{GOml27OQ$cwcM}wmV0tyksJL5o~bERjkw*V zDtVC?yhfmH_(XdpZ7$ABv#;NBRMkc}LY;KH>%{MNNQ-Y@jaz<1YABa$C~k$n%~vyk zp|lUZA!gz&QnAZu!NRqv5$v`kDAxO!(qh(F+p=G7mOO^lmYg_@L8KOEJ9aTF%`Qf# zJ0nivv5P+oud#d7ne^y!_?=_hY)PIi6-r1Utacxs8p@wk+s}u;;TsL*^p3StxFZBm zyKV&1-FPVtNOmn=HxwY&bZ!S|uiQ1!DUJAc`^Lr{95o&87k!h#ePy~Gne=$Lx5k!_ z+`R{P^|rnCb6lHgDmBMXLHJ%fliRiP;`pIK%Oy`Dj`8XfvZsLHYbKUIGEGga8CViylCstV@m+A4K?ba=FG zwXBQI7}3*6Csv}U_Nyx;RtNoPLP=e3&ij+aue+rZpE=AcSocRVqTIbbdKdBqH=5=F zePO4*gTL|-&K&F0yF-Vac%2QD%5^51wmR@6b`nq%l^i+Y+%@@u$bRaFIn)g%bRLXs zmFx;&sDB*_L#4Iry36)5bO7Bl$96-W;K!(heBRAqekP92)XDq&C-Q;Kakertdax{o z-oDP_Nk{uJ_SpPuuBVm0li{dqLv7>$`#2p zUTx7CX#PCMszhF@-38#1N+weia~`xKg>emc z>#^(Ed6VXRlI%qS_x|RzJ7kd}i=I-xu~nJT{B>I5mFer~uP%|)eUd4%WwxeTi5K!a zy|*jLN*+?ejstwq(J)a)T$C7>>0D*`P?P_}U( z#h|+3wxEj(eR`n!J*z?3WcJI)jIX5(F+_^snT4WWU3l~r_MnXuFp2o`5J>`k~GSkCcQ4nx&2 z^MTFSRvW23oPY%806+`vX@1&Fq!;mCC0rLT6ly7S6rzc^5tYT&uf zScrG!uILI{sBeli*Bru~LV4`0fk~@co-?pp?aqQ=UhU3qp&o(c@<8mm?7+y~vo=Fw zU2SBNk?nbIkw@zKET%ovS2}cLO@0^G77xaxW+f zO?KB0_3uXB^3@Z+0^@YtHlk(R0F05I4==cvkDKUwd3{?;K1Xh6z}~im8{!>IhHv2+ z*@0wpyE4Jg_RV&bU2ygyDcBUzJ;azX>(jr=(hMaX>pRx?y<6PGqH7fi{yKa z%eU~xY=2wswER%Pm=Wtj@eya_1V0%wdmRsy=a9fz?487PSJ0n5VwLZnCBgG)K6gx{ zCA>L5G;w|r94gq`x6qGbt2qZyIK@O(hQw8MEb-NM?ST-!E=z;c61*+JFl|R^cn%sC&VCI^|@=re!zE1xK89KDDf+ zz?Ep!!`1~3t^x~Vqv4QtpTb(6hH-EOXAnQK+gr7pZb z5PeC@*Yu(ua#XZl%Up{nc!*ceoXE9|#ErhGgj=~vA;DMIp!S&&89hXwxK=e$F3+Mo zes*G7{@3;CtK&GB6$^{81gf`a=|A>~on?~C+bzAb!<+htcT=#AJO7^nQoExnSWrHaL)$x{H{+j^!sN6DN|pVsE*!8FTSf zJLXu%-KG-7s@X{m{W^K4=KhmS-FRkIl^8-pyIRzgz}MmrI}h@JX_WeVTZh8ASO zB3VgF0mwr8z&vsYyE=A!Y7vyW6TLb3PEuJn7>!zCYd~P64XzjLWiICi%w~Cy3P@RS zs1g#OmJc=B3&s+uaActq43lwqFM< zx|3#7m{@?dR2mc9?%omqQ73rj-hA<)T^F?}fj=3#IZ+3&NgaV*0vLb8h4dl*JYOkr zT*m@#&aR<=Ifd5T^y;mvg6?}Oc!LV=OF?dk=BY;_#PZ0;@pJ7ZfwzP%nU^>V2+Id` z7?^8H50;sA^%9#dnHN8lB}d7>cPx3a?X^|Q{ELzuP@o3mUu)Zs67E5aR3>7r$bnI_f&S#>#r(J!EA7&b6S4Y76WJ_i|DO=DH*k59iG|!oYny&9lihEP9 zp1{w0!JH7TR%yN7#g@qJY*9e*J+eSC(YU#;-CZPkxteNX!0*GC4-OcbuvnV5YDiYjIaJjdS6+MJi)m+$R13&9Lzev^cnfS`gh5#h0m7+yF7YYei|NK3BKsOW@9u6I2v!uy$(?FNT8w85z9h-%0`q9#%QWe)oH7A z_Ob+QagA%{I5mS=l9qvV;5$$$9s}hT1xOO^flI6jDD>xP6 zM*2_Si4R~v^bU7g1=_R=9!n*1(jX)ziMFd5g^x)O&|g~P4dVZQ-3%4BwG;*WNs=TSK;M4qnX*j{c~+cU zZ>22CFEbBpvgWWz4us;eOm4I3agMtRUv7(4&9@2zJ$HA>JOo*pEbpG8ZA&gP_NBfB zi=_1t6;*A6IGjQtuVUzr3Hv0(FfTD$Qqjas;lHSi^)p0fGnFmal@0aMRxY1hi`NhN;vDs+z%r=+Ft0V4lcwvW;j~9G*{X~jYR?r= zV!3o8@=rR={lNKQd=WrcJJ#UGSNBH&(#CW?U#uCjOoi(jDI;N$Q+RTe{}ZZ;gIF{0))< z6McV`Y#sDs1^cK=KVt|5%kwE{F@}{m4}iZUcG%9cD$n$uA-3c^67ozgza%v5V)9Z0 z4_(!6(7LnpH^^q5LBFKuqVA@JMFk|h!p0$SCx+TxWYpJYKRrOB#OA#-MJ!(Kqn1PS zyY~@d6kZI|nJZ8OkQPC8wniKr;(32u06whu$3=3aur}?9-exGqe~IoKGYAy5NDZUx zT6?9N>JgOe)LOlYEuFujWFA|P>}e^Q!T*i&clJd~%Ek==x7n@;b! zf7UUlk}$OI!YHI)sG>$UPx>z#izjlEQ{8U+lKQ$#+*5t2>#bPHalJv*O^ig7i8i^#>a_D#??{?+ zZz9oU?L{WH&d`^}UH?+5aBD4i z=ETHEQ}#PiEo>Pnfk#`}9oe@xBv+G=3>4{N!F(`Hr%mp0R_P14Y_$m`6V<@e)Rz{d zXMWu}JCPGPa01nzrcz#^%+D2>^js^Su$8vA6Aep;6O_lxTIXRq-D=96AwWe7+lk z)XwQ|-oZ&8RAuqO!dB{*RgJWd2dDDUDLEe-@+z;w4!cwbG#={i|AOkZBf=3@U_pk z+0Iko-exR#n3)Z%aWj+0nc7h%*m^JxoZ~3wS&zX8Zk#d3A34xW#I5+qlilc@;J(?WqIdO zPLEKfo@7{-SFV&j2$<=zSDCxanad>%i2eBL!gS8liETA+k)iGX8WN%7zZWo?F&fA@ ze3;MwoDnT}vNRPGr?XSNmYjHpe z8GraqBs?8?$K@}p)g=YZUHw{lH7_HV&9lxc)ohVv3tGz7NR=sJyKMgOCVylpo~6Nq zcqIMiB~HirqZ}wCHZ24pkq=mcJ>n8Wl*~&_YN5RPV+7dJ*+(cM8__=2M|i<$Md{Gb ztbVEv7LMOZe%Xj4_Vd*}K~=6d=F?0F56Y7cvgf$qtrginigGW57)!G^2CBFDYiFF4 z?B=V#g8B9@D?KTh)oJEyjk6dDIO^4dE$G7QGzU&{JjbGDW1v&nJo&_Ndcs3uLOxz+ zR7i9yPc~18< zEpfY?M;=>qAkm--1JzuUjBZtrc%FQ%`5qpR_iYh_;w3$O<9w8bn+D%FhlxxxD?815 z*^Soe<+fk^BdfAfA(dBFaP*pF*P&b7cTzu61-;^UADh4wm92t#jZgdRE6q|9&%QAL ze{voBQ4yHeoOaRX3F)8X{SK(3*tr#0{YZ4%=@c`=^aZ~Qly|bavmx= z^3OC%;BRQ>ehx%9;as;=9L}ABenVpx1JP5poBHNXwk(}Mne$~3%%)0!V%&w$p zRgT;kYV|K0m+YqJX3B@^T7ZeCx^7C09c<+~leVlp^{47e`vY`j4m%Iq_WR-~b2km!ZycJAgZB z@8GzOXa}xJWZXXCVFy2WXgk=?$c@F`VyFjC@m`7^HcN6)%IZNalC)J zU*e5i_knD4D+AYIK%Cn*cOFUp$jAQJ`Ge)fHj_-rSk+xBqes9(zJYnL`L+g&nV2)t zK1_&?-c*6z&fU!wBfs-9uV9)p&Pv73?Aya8{2WLnlcwh7;#lmcD+q)liYn@T9?`=AZ}d1fl1Z>~)! z%fR^Y0hRby2F7PLp)LdC_qNLH42+33Av*)(WSekB2F6h~VN3?b|7=2O2F6mG@Olaf zv62^T!oe9BkJ*G>r=+@GaOYpu)2s}PTAOfV2F9Ok!lxyvD#aJrgoX@^Uu?o__!!u8 zOswzMHla8J<0G5!a0bQ-n-I*v==wMHV_F8rwuhAP{kRm+lFc^ZoD7V$Hepx>Mx}*u zTn5HyoA9p;jKgh0-wccaHsNc3s+EGcP1u6xqBoZJZNe297%eto_2^WI;)OP0ehLN# z{IP;l@5$%z(^M6&nCi+|(&ms4a0Tt_gqRMD0(MdWA2bs+@c z(0MjT=ZRWU1Wg-xcv?}G-*?ZlghHHtLu~8C2avl+*8q)DX*zEWdl#^>W3Ia?m_!+S z7x4Vva;wQTUtgvRT+WqVs3U7*>eOi(XJV7ksSQAnQxWKBw?Rt|Bg6_;g6+}n_-SLx zGe7;o! zNPfoj_qY03Q@IHb$4E0TV;5QI>~$`tb^HQVh!wP8O5w011T{+G>u*@Ek>)Vc_y|e~ znn`jnk zV!s9ZPLZo`<-Z30v$c}F=4;oi~K0W3;Hv*w`az8mzxhMyq(kAH&GH4 zFvpE8U0$|8p)VkJ`5#)_2Qw_Cb1=gSw(5#55DT8wHVP9|XY1h3AHkUweHIM=wSM7b zOX)gD;NHsGT_^<#r#%cD3^f<}!A}~ux zP)_xd>2E6SQtFP}QepCgz{yLiHzUxf=5T7Je#p{=^zCxS?NSzw#;ud4`}DH-8I0FF z81F&2L%0=(i-Xdw;Yby5b0-15^T84nWEdhcM(5Z5+h#knggc%Ht=5^7IuncVNUC%}VNIo?Ao+hIAg5Q7sO!ulry}HBjyGOm+i(dUN<-4(B zSi(JNYi5+8$k7rv^D;#XI8G;0dh#NtcnXYfZ+vK$;J6+;*bJQ&*Pcw*XqVa@oKDH$ zG*LMDr7K06yY=kAC(AU?2j-Rw8}2Wt+$EH2L$)*S?+0*6q$p2*qEMDXLwkGNvGvv7 zzIwu0*oiW!PkY#h)o-ydev=3prICqbE)bB821T zWdFcw$qv%)8PA;Fh#$G9tv8b2pu?5xuaq^~dj95edywnyuaY3V!tMGiR#+{Lf&a5; zgrb|qE8*ZgL;${8#kx=2pd+GXHB{Ahx+f%3K8EZ2sJYoA^n~$*qSVWjdzW%;a8?wD zaQ&VXOJ1;9&ScJ1?SmeX5F|bd@6PdF(}Yeh_{F~iboT6iXxnpD{Ko~EhA!0L_yxaC z3;BUFa~5*$zB|F%+nzg5wq(b0sRfxvoWyV}y4*i{lxc6X4RULDYm4pv0gk;h*g{8P zZC1N>+Zh{2ACm&iM8kzQ zcH#J#si|w4QZ;Kjgl@ixnzVL{{z=DJ6Q(H`0r7p3kl3ljiL@_p#*2onGt{&8*LPw?+`ktJk!y2i~@1DcU|obPaZd<^GK# z;d=SQxYfvT$s0NvjH=vHUSJwRspJ6^Q1h6&nX7Tq*oA7%hsy9N=V3$;RrG5s!|VoS zxrJfYJ{_07(pJlPxx)o3sOANPvW(~D}>IU$SR`s>Wj!=dH z6^Tc6m%uC|7WC{2G9VYCl=}lv%*O=U#_Lhl29wLPo8y;CQ0-Bc@Q;?ml8cX4*%J*< zyLdzqf;{r=R{bR|wb{M@Z)xZQ7btc^St222U*lwk(I}?7?iDGbm$_x#I2`MAJ3(KI z_zIkbuSL28Qtw(h&CFKc%440;98BDf&_I()pf2yAjs=tHZ>jqe0)sVDFH|$)4ft+|oe715LB!;7xI-OHW zYv|#VB_tXTce3hpJ!Df5*Le`9(V3oc-vB+l@uRcSBV@Sq=4gXAyM@nCWnaj+0gC;eJX*br z8+}sAo#TDkQnZA0v;jW}){?eXoxMromRU-(n*dksy2pneG4emacn>zd1(`n0OWHj=(y90LL!u8kl*TmrW zH7PkjQz{YLIIOixDD`Q7^UMQ7&h7%c!%Mz%F%qY7~ zXSZHnC~aykeH(yCnw$xf^h0up4+U+5T+3Jl!MI@_L$wc323FGFG%$^k?#6fyhEw}! z=9`nms+LpLN+@n`X4z?7j!oJl1))0aGg~L$KwXo%+Dx}!;nj6NZaScYlU^a-Y)9Ue zo9j<{9U!g%hqELR%$bl04|t5q`kFPF#p+qIGW1#JApR_(>s)Oe=pMbnX1w=AKjWhp zXkpAXP3!X-jYL78-1f8*!u6lgUb0*#g0XH~Tal~1csv4@Zq&q4zKI1Bd=pz`o2Y#X z2tt-qK2<_nvw7FDP0u}lBBz_=SNt(YW6f^5f4UJW&PkoIzf15UitbIhs05NLbD{Z> z!ZC{rM*IQe84BQuffK9ZB&_XILbZ~9w61>M*EHoiZfi&~?{Gwz7U#&&9zOF&zk}|0 zBFi}(XX7!*oycIadp^XER=cP-0n}}dPb5FHlVD`#y4{}>z5F>+04)+>>jfW@>Oer% za4V6YTiu1U79O~8{Ef2a|6EoxVFpX{NsxDkqCgPv9<*=3pSLdIM@vv@QQ!TjirxPK zv)}$jCQQ|Eo!EL7ZVxi;jFwa~pgfM4d{s~P?TH&WgQGj!_t<w=KE~s%l{w>4WaF^|!)JT_ zna$;{RcpJ`T5^dF{6xXcxurarY^Nz$2g{j!hEiI{@2Ghm0_0NW+v$a{LvPVhl+0Yq zegpTRDNa{P>YB!0>)v8M{A@4Z$7cJTWE=?WH8y(bBs&IowPSF#oo8aD$l!soo^(6e zLaT0xLt*lLh_zL~2C&o*c03kLH7(j3x<$Xd;8f7Ccg^Ok&h;8Wl zUt!~L0yq=U*aI670BZ*@VnsADRZv|}t$IGP9lH?9vf6EHh0x9)=XcYN>?W=0iUb^%Zqz+V@(%H$IbbF!74jza$yF=l1Bu$fxB6+ScaY50==w_iGV%WDzv7 zz7PzU8H@2vmnc_Bp!`So@q)nvROO7o`BE1ibRtzl!kN>NOS}X!9GHUkDg{wWGugv< zqo?5uKHbzZ&9S7D$hfuuRNIKq2G=d9E`KAb_uz!&o)_s>UVW(h?`6~{(Y?-ML1UH2 zgoII6G=h0v>R8{E)YRj?>p$P#EWC zDPnzvz`)O(BsG0LnVm3}$O=4`H5(MYM(cW23MAjFKqy@@HnuQ%2c_)04Q@kw2S6hD zJ&vA~8fyhmsVqbJoWU5T3ulBcaO^i{1aUZNY`^EXR>hqQ)7TagE2{`3wIPxV$o80h zqXGeDaNSfIJ;`I&y8`Sg;?HQbI6OnOvXSTjUA(&p2yTd>>7Q7VDRuyh>)#}HielNn zN*OU4H4_Igc9I+6D!_Mu+h6w(60;@eVdCUg-{p)4+A+3e?NSgxko7X4Us{tdRAZsq zS8S9f_H@Tt>l4RIG;chF{aI-}t%3L)Pm zir1__!Y?Ti6_KTvXBn*M@pw8|Uwqp$+`aGlwzu<;dRt80UtBMqjnxS1f^;CxLIuw( zGW}L)+QS@_D43)}OI=j6jtiTkCq>WlQzd53eQ@nY1G_EoZCJ-K{D{(iSfev+0N%v# zs{yF8sbM*f?a4TpzNu&)21`9#z(UZT{u_WLLGP9kWyEJb^JS~Q%cLgidICoG&yfrZ z_-U7%!Y#)X7KZBnV%!?ru>rMqws~A^vmKeoS zQSi(UIbHD$R)db)9gwMKz<6q=h~ea0{aCGT7)Ft)F2W?-i#}m%*g1~;)|vdbnE%q0 zUcNp!POQS$Gj&L#Vj2Wi*0t`&hcw1VO1D$#h6lRRHMm)o3|z&#Pb|xEk1{O;@ZzLy zc0>5^r+4%fFkAI~8u=SES~5q3>vc8KMr&zqZi(g27v4vM_y01iDYzqdhBv^RET=|> zntTn14+iI6DS@Eb&Ei$eG#_ye>yY*JfXLvnXDI~q(d@+N5^+Hk`rO?YoaXYmErT2I z>_tA%U*(vBPO|fVb>+Kxmf*p#X|QF-^hj7HrM zY_)8R>GPBppRn9Lc9gMJ%lW1n20Bfx;rN74AtV3(4vyp{&Gnii)vMCw zwuv>%>3Y&*-f9&mUMS3MyKRKNzks10+`OxL0OKpX&IB(=XKz^IRjW!=`ZZDV_6fnPkyBRRA119xKdf}y` zSa5A?J~59>H)F5sNfk3&-Sn!MPxVteu(ekh0U|PzzEbwpGgQ}36RaCwQbp7>aaQ$} zo3MB{2x4E^+(a6b%ZvnNKv7)kBfXi-6%?t;Ez-q`w5Z7YDk7cR z;hQV6UPYdzh`Rp>!vf2l;{a{m&KZ{p-U7c9(3v}m=8n*5&<+{yu`FRadDnog%^xoE z#^!K|@K~eHny&WAii1KmIKl=pq*@+g%%^?ir+>B;s~Y25j^;My6$Fu!@OO5H(inV@f~~Y#(>=5icBMRTYy8g`jLo|9V-`2ST;? zs%)ZQNNx`zuLkhsDtXd>DXJGj&(5<`PfcKY6}wQ#!2{x?e_V&?1a*_jy-|EJvqk zFs375)4%EWsef_OM3(*9dziJSuG?ed@d;Dh)E|2H~v!jfOlh0B*m8pRdzJ+1x_6SahgFK??T3(*RpEvciPxqw3e$IJ$ZG z$!2&u26s+w*#awjE@e|o-Lo(Hd+RpMZmhaPcO`zbd8H)dx|{L;VZ`L}01<>XQehv= zw0)(%AWF5jau6WFtWqL%gU&p` zC!Kjy3ZJYCVh*Aiipe+zsP#>wHc+T-4GdwjhewUf0JRD-HbRY4PpBO&EI@6mwy2F% zVivWoeExq>BVglZCp;`f&8Z1Qr558=z{p|l^=&mh69?;t%>;!ynL~o9n2&H_R)@S{ zPu49a6eBapqV_95apx~GMUW{@Bj>4>n5@a$$Un#IJD8Y` zV}qxT)H?1;={A-3;ghD}+gRv(d3;bJy5Y3j)<%UbakX38%mb}D%{C6TzyPp_TG^U8 zi%9p({p*^Gxb};Npo+Sy#K6PJ_#guuQM9aMP(SbUAPi6=h=L58zbV+Iy-vAT|Je7;tDzDQ( z+o{#bRgCtP2_U-!^q0lTn$ZV??b;rdfmQ zx(Sa;Q!0LNglEhS=2QckWM{qRveu3ISVQhzHVz@v`q*CYx~Y&m_5(i{hm%D#kx-q= z2#Xc&K2%Z~r`;@zKwXMC=ML?vmFS%kWWH#8iqr;?e~si}HY}mqPUOt#BW|eWJbxG+ z`=sAlJ2omgQ(^y*Z{$6oG#=14M~{K4`B}<&ylo>=dno5$%6YhLPJNIwSvmVNx|w$F z3vw<}&R)uy#2=wt8|3KZ_Blg?oJ)h8gO#%zi5Y0agPa{Qb$SPN4h?d|>M)2R-IF<> zgziryK}z>-5GibRr$MSNK`+cx1+zoEQ0uXYJ5O~@@zM_?Gg{^kjZRnE)&3Vs@iC=ctU)!l$$Nli*-m=)5{}1Opl4W*5IYGZP*sc0(JrgcF8Sp ziw#<575Iri6j=X34g|4(;rgvrK<3Vh*fTRhS{vrSOGU}Ns_-_;TIoikt zMKKYV#2-~>HOKeC8QOA^;7}2p^*rg}mia|^CD!wkfVZK#H)*vjK3m^z2Vmk$q~Cy^ z{v28C!^AT)e-R#H9lB7WrB3kkqX+RgQ<3g3v8XU}iN86WO8`RZTF9A}TB7*lXHa$S zf9;0WR8O5K>4N=&f)`UTZty@WiW98v&RqoywbDI!zGUl_ZqG6=TZ<;?`rk&14Kp(138bAJudd5mBnD%Gu5UCZ*V_${p9`UKjMP-S5mryp)Dk}8s zOShOgkdyN0JEUCHh)1OoJPE?<>4(jA7#QLD3m8=Q8lF|jg?_^K&n>?(JE~t?s#tkol>`b6i|e?;a#@~jQs@gX!^ZcAd!7t{GXC;o8A7g zw3HjFy`Oe-jHsVXCo?fiU2e$ZfMe1H%&ncOEB_NO!ktoi&qtW8{vDq7CJMxv;+MCPn@GA#|TcbedTG))DHCicPzc` zuSYftv?j*cG|hU1DpdQ4hKK+;rpw#y3?s^+x@DHS%q@S%Xrd^>d7b?t_?9d;qoZcu zbA2mGP=RnzpabZa#G)S>vx!xp#SJ2-j3_EdDsmNybj4s$9zQkT?R_vLi#v`jr5_eX z_kf5-ckzx)7JfQZE3%m``)7Y9TV!vRwPy~!E zo%GC$qX<-gPivxNW%wpH*B=dvk7x|byxiRBYNK9UyG`<=xw&D>m1~6Sx_=vnr7fdP zi&y5>nq;+>s@A9bX_>8XOWLs_o6?81zfKm8y_3F9w%#2-M^j>U@#`9U06=F~ulb(M zp6|cKUhMy#k|JXS^f4Q!iTi5v>VSEYZ{tE1x`~KPI&3f3_FUn{lf(A>v?TVQmW5c0 z>O4R>So~!n;G<(wXs!z$dpkX_*HR)7Ns{VFh>oO=r$|k1k#UqmRZ0;XzYB76rAZ0b zuNHuJaf;$Pz^fc6>e`hk(q+s{-yPh%;Et-ZC*-!&B9CPTi=&`YuSocd0tk4aTB*Fe zZnOU=E%qLvIx(T_1>BS@#HL%(&!4ZCgH1_n_S@_~5J<-v)DhPE6U~8_Ghd)~OPvZK z-7MmxA~8Ed{vjM<(bv@yF^c#aq3HvG$z~xDA+NFS&(?vTMm_?1QiP2`JN~WoxJqpq zELgo-YlGG|H`g!N?a6g__0ghZmvuU`Lz}bj9P7dwRDBwqHfJAAefMTgQ`ga6xPEs5 zs{mN)C3oJl{=ge_WA?y%nNq**|BEcjGov>bo0N2{T#9t zV52+s`=U`Oix*bTQ#S**uBjwcvW~hI9{q$|oV<{*GnJD&ngqDoqKJBhiwC+>4#-h} z)G*XFg+sU7g@kK35tBc7#on)rb9x-M9`{j?Psjht&VhF~S41{ucNj%PW_Jgmu-`#| zV*qw{!v&-_Y~~W%{g27R-~8GSV>=R798GWc=ep$Eex2Cyuhv+HM)|@AZ*HPG_$*Ocb1!L1&DLdW?_br<=JCyCl$;WbV8{+Y1e-TM{@_?^82ClvV0y{BKalt|^Ok zEvqgB_MYIvKD#7@#mPU07z6|~ZP>{pP$-#_X@h&?skA##1pC$?H~3W3^SF5@NqXp@ zsUGa!?XM2|=!Ivw`3K66K?g+S%JOP90hDdD>|T+HPe_cFzrJWd>cpn4dB>2&4P=$}EJehdFOpF@0W{ z={hnOEJd%x8*EtpSQ7iwH9sU?Fj8c?>;_nOKM|j~TH4I&_w1JC`v>S9+?Grhm$}PH;eiS<_E|XA>~e>TYI&?P@g2)*-e9?!Tky9p(I6uhb`_Kk zcK1m{>dY^JAk3l)yCHQs)AjTMrfW||w6TpSQ>N)!wI`H@2Yd=*n=4XD5nH2|Z7%mj z0eB7oIv4-hNzAwp%C)i1)E4aqj{OXl+s^r?DtGfZa#b? zYEV{45i-abr;E0)cCWu+tHiEeJTfnhvK{B=gF(1n!Mg40#Z9@np1S{CSiXr@m7Pb` zn=4{N`#42(9-RQTxf3NKnwL{o zaJXz{?n`6umd57$2(J4?(E z2FQsec#OW-08V1bujN@~KgVtOO3B0Sl_Er%6@r{7sLUUGfh`+YCZ^_N|)BZNO?t|U@oLeY|C{EPg82 zd$q1ReFuQxsg`e^;}qB^7ILuK2pA#n$FJ~M){5g|mZfObJp=$Z@%doY-P)8Mn;YqJ zuLuvM@$k!pm70C6=&j7RJGr@W&tNRti41 zgtdgg3eKg)mT*lLM!h9`zA9a%_;E}4cL2kOr>(D9vFrXDRj!=aT{PBKBu3b(YQCh#zvrULfHMB!&P!mfhY}&*|McW5OAOAm#KG?1e z)bX1snl;5*=&SYOAaS}~;l6DVYmZiLB0=9tfMNWOq`-#l&d1*x8+zL4`x05mv7e-h zusasINBM;4p!zhc^^;bS=U_}n@jp!0g^d~lcaapH)a_m~U{}RX5hp!1KaNdu`fgG- z`ElErO#1g9D`VW6m}dthWTVsEKekBAqFwM#EtE^7gqzu;Ovx&K zeb#XOG?twzuy<~xEqeLU37&8QZKUMH7QJv6V-WnECLdrB(u*l>Z({VD3v z=$)W4@lFQ^*w`J=smzOP2Ae#|1*Ew+PHzI~OdzFRdX;JrhlKgE`dj!Cwk2xB?CN$2 zj$fPveLtkhnxFD35+i5$6$lH%>mFtC+jYUaBsS}E`{&n+xWNja96o8d8?-gRc{^BI zAF(fj^wkF$NRz^{$4Q>bLW(B@Cp7SGe2wNY3(t<^8YcjL>Bi3D=vfBHPyF z++6Q7rbub-yB#zW9-Z%>`b+CONkocPcg(F>kun|pULsCsC0R0-Qs$&7Ga*(ty>&!%*(g*UwOF4dk2T~ z7W>jDUMW9E_rp%Z&6Y&L`>&-tCe>tvx)iP#_vLzndJJ(C$!t>I;f2~(s}sH3j8ce#PPG1OJn z2~@Sh*d}RRHiNf+wfnL0Sz7Hlr7fcCN2fnog?=Y+oWq)+F_Yz=n@fhRzw-}&ka*IY86LOtnTzTr z@q|`FxMpoD4=6Nu>_rRSL>@G*>9?VJV0+;ZMbEO#tzJ#z*?a18E;<1C?pOiGy)5n4 z^Dm6Ru9!qNO}x`St2||f7UGp>Uf}9b8-$)7O15M>HZ-x~>K@*G?6& z{d;9+7;(E4_IxeZTvC#P-ABJ=w9ngd_gu=&Yk&FE-#lOndfPJ#yl``b>&#{P@@C{@ ziK(*tZmr>Xa3+w5xom#Qo5)}3kWCyFcq6}ul!5Boj1}_oUG2tv4#|KJpsc+N@4iTg z;gW%2E5?NGoEolK-^x4ZJaLol0uD*mi=;aYV?H9jR!QtxxX~{9_0FnHhq$8Vg(dFiO@NxsM_D2Ow@060y$EQ4zAveb%%LgI?NKZl2~6tQK*l0 zR#LjZ zKCZI2P&Q2;*{@keZX4p#yEMk#-i18y92;40JB2IG&80ezgL`f ziG2r~xP(27-5sT%oBfkT94e1*-AgR|1(mU6dCgoz0|44tspHVZ%kDoR8>8g)AaG9W;s zAO?*h1FqvKvH+}ha}QS^jw>WASkG|HhVIc({u<+s(~(kqy3}N*3%mQ@>E4Y7M9{nA z`Dwba@tey%T5UDTuS-`VPRlK#%@wYfVC()x5$%URvBKHhXX$BH_iSn_9gCO;MG1F; z`CJ0?`K8;X8(W-ptGnn+;?Xa87$sN?&81%gABV+$ts((PFzEYGSe3@sl*WE-jTW^= zdk%M}QA84kOneiM5D>vXj0OIs8+}kP%f(%TrF-x5>2Z(@5R8L%zWcC1OV^IZT%~qf z0$WeXl33+!XkQ=TbmZnXf->)0OyY(&6wy=2WMHg%bD>Ev8k^7f$*J@=h~`dU(2xL5 zY@Q~us0%21;jv-5QmgKSQAzCb-{;zM^boqs@=Iri6BFB+MN)~WtyF35utcP|HMZ)m z@aheHKE@DaSKnim^|6s}M|uoPoOu}Ur&;C)sjVd4^yfI!3`M6T1|JM6GibwN9mXcy z92Dd+ zHx}=-$L8@;Jd{%5iMv~Tm6h%rJP^yPVY$9+|gGC?{nyJqED@ppY%|Ire zdt56`&kGk%rD@oeU=`4?&-v*Jx0EA- zLRHK})eZ-+%njPoNMOC|Z$C_kcYFK9=iM&+5C?byV-pB&ZkT=tr0j5ZhSyAq^0hgm zf=CW`&6qL6j;prkyIp0hTw-rZiaXaiu9t&=VEYRKjSaV~*}fqTkt4+;pQk6}s*ID@ zRIuo#bT&!gI=Z~-$#j>;P%8-NDb-ri)Dwh}$SvS~xz444TaW(}etgna5tfnYA6g3s zc+e<_cKN2bz3mTcvb&{+YPY4d-Y0XtmPu&y9`Oo%tI9PleJE>bg=*)LuA!d&jkx#F z^qDlvEO7s_9vF+rl9==&xjM>qZS#;~GZ`opYxn5+symm*E>qpoa*P(eo2FNM1D^U= z--OaJ+K8cBOG;&IJ1`kIc9cB z6qVyc-ogBJa)Z&RyTT*>Mv(OrSw<8s@C2*njhQ*CB@8?+zw_6v#KS6udZ759chPCR zE%qFh)laI$bE{or)y%|MPc=jbF?bi|7LqzHTrZ~I{ewaXtLU}>rvdAxTQ{!5T?|mL z_%(uFJ_q$cKF{>@_XoLzW5Rj}1b^U5vk?M6V@fvR5Zi7!4xT1XC3ZZo?Zvo@LoF@E zg{%@=islN~msGz51NC~oRx&fT1<}g#C0*jbd%ZVsxS#wZ(#jiad5qT}_cug_PM0$N zHETMBZXTg!$@P2vlL>(95B>p4BkD_84M8vJ_O&k_3;lSJxM00V&ST?{H2J0`k5I0! z)-I=-RA_DX#3HxkdnpX&YnX5+`N+@U!#?hTpCot9^CGSrrPOsMO zh4z`*=pT4fj%K6SMjb-BE$~eif;#Zp{aQDv@7xRgNPRiu21>uof7>xjZv_86!N0k5 zn%l_?HKZC-GTtf~4Z+=CW;6soN(pwwy1w47IMhc&!@fXNm$LYYY|z_>(^7oPSmJX2 zh4IE^?_&Lm-HT6qYvdqz?Xf0!s%A<`?S7A@_ofu}fd%peekKnEAM2$VF_^LeZfhDw zmwC&9Vt1SE#m+P_{)sBwA2^3rh=DoE{viPPYht+UC$-ep~!NuY^6_YjQ$RvLNAYvk9^v1 zJjT2%zhBd!Zqd`q;#Xr?<3Yd=*RD*z-*H=0DhwjqXAsf7o8WG_1WhyCuOSq$H-uTP z#8@9l)9nbFsPy6mUw@{~Z&@~|a#gf5^Ec{@s(EhQby;mnI@-dh(%3uZMe%NIhJC`}jeB^JIDsK^R^^mop+QTpKrp^WCM(p|{OP zLn47(p%31rfB5b+P!w6-6=uX+BvhbKUGO@-*Aluy9*P`h?ysVAWADbKEaO~5dO zeZ?Wyi(WK{NV8~qtY7J?w|ShQM{Eai5GR*ae*h#A-9NxPbrJ)RL|F67;cwJ$2n%Ta zOZ;_RHgHKxS6UWsuE-M<@mCXK%~0hbzl$nQJO(Pg#O?74S8JQyC4F!|Q%6`z{C}*S zyK>8*Ye9+`i;a#)y7@IZ@&L$S@qJX+ig4Ljq*Sy=Vy!zuQTNmm? z>`)rp$IfkgPa@VX>%+3COSs%0iD9x{FW5&fD2;6h&;4b$(smod?{7d!5$RH1-ORJP z9b5Av9mJLV=bo8{3B~&jr(XccK>DON)znHB(tIU7urZ{A zz{yo_3aPEaOBe+@j`Tx8ov!;Z!y>@EhHBR!ETy?LnMjrd_DdcnXrR!;*T9dRFJuUeN5b)dz)!heaqJVY6 zOZh_DZS}bo_Hq2Z>j~$+dV%(G64bxeIY0m`RC@+Lj4JZ4uzdalkLBA8pqa2NxWu!h z!oTtWXD@dUs0|Sp8mjvTe|0Y+-w$Kl#>^edKzKEHsP+Re41)O#&~Z|hFbh98OmpW4 zO+QDO_=Fi)Zl=Y(2BGCua5W|+?$uNyhr8W?%4tvt&#M7h&tYw|c(t_v4sO;>3LS7} zul(RyfghHN4{Z)jI}Bho6Q*>JTF`)FSi-6O;(k`+rM0v>Nz9h@L2*V+RT4hM4PYCn zMIyFI3C48W`O$|4k#J;`eTLcA;B9Y7t6Ama7<#uY4Wo$BvWVN{`de%xN!D%1d}Ez# zU9e>Ue^rsYJugT19Rz@}^VvPf+^ZFhc5rl0^8;?q3>VXk`^3z9k!y1f@M(5{KOQz0 z`cazQBWVVPD|G?HK5}>ZB$@=^2CsTJg`deFpv;Ke0$yaSqCo0~?2x2(k#I;*8t=L1 zzT(+0>s9QkBB^u|#TS0&*Z*Hjkm3@%d^lB%qxV)~(XSxYM)Pa;B|qyK$-L599#IFw zrFZ3E=mp#JDBzaii)F0S!%MQv!Zw=*r*Q{gu@S$(O!rjei%k3nb_paZbJYP=gRVM& zI(}0pO<`6{#)|L`148k^y%fa=9RMPb8%~tea11qB2YD|MW0sfZmbnwDwdC(6~q6~7!|+si@vIoVLnA|z1Lj4M@9S?k>PNO zmPrD7Gd8y>S%ZYBqFEwn1~@EM3$WL7^deucmT6`p;$P6G!+F;W159h=B;7$nn`Ax` zQu^#UN1D6HvB(Kb4#m97E#?c?Zz?2QzUaw+rDtaXl><(uoS#W4lBgEA>28fx4CC>D z)qg@nS7%_kZy6}>WE(jPDHucgAa~z5X%7yz;eGI020u}}cx}3~EMP>=MS&Y_6&+4H zddq$G^jvgwEQjmQ;ji&7gL88WELV%&-S%H87nZr}Zj?CcUE?=4*#rKlzVZjX`pdMJ zW%quT@Si2=gds(ia1tR&g0nMZ34Pv9Clq{a2?u0hEU<*fvM^q!no2BZq35@#S(7M!uZM(x@KX#Z3$ztFkZ8S z$}Eh-4_4<+%);nn32(leMr=q=OX#14(b*EV%))rq5(=^~?zM!QvM{Du!Y}jFK#Q-p zgaw2P^2?#%(nEyD;?L3v-A}WGqp~o{EaAy4jKeHpau&wk#ez|nh0)y-HoTJtI;5i| zT$qLNyTKTeh0$Oo!dVzkSVBV<#+{b1M;6A-mavupKtW#)JXCo6^=Uex`!1F+CJSS0 zOZa+Tx3F$fK@bV6+7 zgl9HR$VXw5Q|0Q76YkkKq3DTpl_Px=ryft{B)G?@v5Dihx#9oF`xU-5IpwEvzP8Dr zro5|izP`-)+A4#QO5Qp%fLYVbS3HdzUv8JpBBH@6s!E=oX+20dbK`_b8z+3RaY9K3 zuK>oC8z=n!c)G_LESmjK8eIaPlHkTsV>5$A$yZC$Rd3*{G3V=toUdUSyj1eJoUgBP zzRpjhW4N4^#zly%qTr^81XIj0l&jQ$N$D-mnb?N9rLW0%ICR42ux~nV>ckd96#nIqZ zQ~iNlxK6$h1w|J?fA_6v7WP0?XljIeBHUEkWqP%nN)G{OH)W+S*6n=aiBA7{C1?9` zxSfr){bhb4s**dyrD}0z_!Be&ErfdU?^W~+zfOLuwP&oY+n*qQF+z?JC2wp|oAm8S zM^hTE`)cg)x-Z6dLM<@1vhIs!6NoqRBXAL|WI3?R9L=HYiOVCiBtQgUaGv^s*Xq!BiU2 zBRkA|z^D`CPz~$h-;58R8r#_C#0OGEMdEhEJvn_-IzdU_CLKZCX7;!>H^0fVg2+Q5)>^qbhR)Z09U6qg7RZt zzN;;=fPpO+t16{XM+P8K8i@rBll!*Uz$-1tL4lxyC@^jN>i31@I1+n@|wZD@*>-~yXR^|;M-Lq zlM$-D$;!+Z25!F|0xZWd|3cUt^WVCwyRMUZv*mT}yG26Tzc_t~dzA?ex_M@KJko1T zuojlNy)Uwbz@+OTYB~Rv#YXWS%ni8W{^Hg#Ka6^B!>%%Mey{xKCLp2nV@lhMoxqLb>O#Qo0oaCGlBE%R%z*kk<7msT zFUs>?tzF4C20mw92I?hlG8(0NKyAr>WnUjV;kV3sR+U`Dmp?y`De_lyaJsJ-s%4?l zg=Mj0`nI{SbMgozNTUerB`dN}f%Lii9Cn6R@6m}Af%gw1w&1c)>`hlO#uHUdRgo>r zKi%O+X|GM}8pcb#6GM{`8guYBdg<>$o5;#aUFS}utK5c-9!Xb<@G<<<9PH#G@Qs^# zG(D_dBKJw04%fOyxLD{;d916+)=-~lK5n@*2q{9lv1x0%<}5K8gDkYZ0+-B+#E{=Q zfgv{ZmidLzLpeEmVmv3F>c~Pjf+6*BDmqd|$z&HX7TXO|qza6vLDha=4CzR-q3Pd% zey4S~-SMtO=;i{|s_uAmMY}bv%T={OgptwP?O*~_y$AG~H3a(m5+^Voo~IUb@4cJaiY)1WgVhR+!z3}C8r+>+_F1)mX{nxsj_#d zP8LW3>zoG0{xIp-9iXP@d?q}b+ldr`S;^_6Ix3p{01Z!~thHus`)hXAi>tL>W7pAC z?>yW{+2r=L+om7F^t}>o1cm&#r35(PK~;sm#{|0pyVQ1}m)A7r4Q21`#H#@P7K7UDT-`y=pL%q=^45j5P0=@#dc7h% z>4>~g?S=d*ow9esR$#3aoZuGq(Px`C+oF;IyNBvj0G5I#{~HdyJiZqyFjSp&6dzjK zI(AzuPdm)nA}?N1pGKgYZ~fjgGp+00kanQ(x|)nsihj>It6g42yH%;q3p=1WfniCE zqT^MILNAYPO~akrxH-6`S-5~~nmnOt5x9ivq|emwYv}}wHrc{&*+<}T8r4B}K0{(; z_#uWLzw|EzUp+ghR8j$oW=GrBN&9@R10bN~k)%UJ@@!COUs8(a|i zrIr`iH(FQM(K}mL?BjjuQ0SH)w4Uz4+^I2Riiy84q>!AADjpGRzG>~(OKB(1*JDv~ zRW6xycwg_O5PEsb+QnnHkPRkv7LOT*rhNk6QuECXiLmYN8u^BnC5~z@%Ovh3M%*!k zbcnqR`N8{e?uz{K*o5A)4TWAlsKK8ELa@;TGS~e(>3VT8UFKf?-gN3Io=sfs?%~7yqVzHKNAA{2ZTur^fyhQ_&Lqjy zZXzF#O2-T3t{SAN)7|wMJ5U;U-OJcTlMABMR}eJwM;HCMy?}Cnj`gJjgyK zG`SZ?3IUUhx7TXl7EFb5c;ObTnvT6v2s%T0bcE$y+u!Hds{5DfNCdamX5P@WF1r$C;kSp5CbH#1V6-w+&F)@3KLeH%yUm{gw=|8~6pl>&&mz zJH=iIWZ95~aDf}8ui%Pq@KVv%ZkQ!@1_+~agj{yG1nLg3R0*?ro4o{TL~_WO9-^#J z$ovDciza>T)_wJ3hIpf@F|9-=cRPs{u|cBEkOwK7Fff1ZK77$gVYlD{qekU9N^Xum z2Lf6UHfzYMrmMhmuH74^B1#}6?;l;{8dI(8-Q2-5Flx)h(0sQ8mDD(Lx{p$q!b5SH zYfo}XY)zUBW-jciM_zSyHUPeec5{Ej3!8JPJZ1?IPRACUkEG>-8h3L&{;f@cn#d9& zhe|2(+Y3g0_T`qTCUMn`?LB*8cN~JCAL8A#NH)B;vNg3O>}Dt9Kx_uu9#I*co}@+v zd18Osqd*^-5_7$j2rqms;=V$vo`o=#O&yc_zd8~`p@V*V1pd`Az1WzN0161z7Cam$chkvH_DRmrsn`(=yHBJO8$cNVH^ z?1aO`Xu6`OKsZSf#Z^0FKt30ZUrPRmhh*@OD_-D#_yIr7^0|F(?!|`XC;WAHe_}>- zsdduo4z^`k+Pv`?tEL{h+*$?0(;C^vqiLE|cOQ9G1c%G4NmK^1FE^^ZN*|dxs$IV? z>XwGeKLsFe+C5X;5?B0{YAr^+^3>|qpig6-f+sf)CBsIzLs*x2(ZjXzjLIyr;c43c zhYle27*DGX%P)x!z@@KU6m=t(d_p;}yI4_MX$fJh_Zw|ncPARqFdDT~VR()(P3O4NIj0fmyle3_bU_e>iK*e-kG6Ei?kVR?p|C6J z1*o`m!`S29InVQYG0PyG}}*5T3wG zCv&O!KTp3bTSnxf(nYbieDEUp6`g7|V|(UBySu+XDb-n5UHS!Ts8&)sPp!BMGf1OK zA+0QNE#4+8+{dh5EBKfa6@ZP=>dxUzRMeiXKAk(oatFD$zt%zC>V846DT{RwGjml% zygI*>&=eSjA~)c3+CDOlzwM%@@-F5g)~r`#xijgT)cP@;$Rt+|2>AMweH#(Qr)Z6o zxl1t22bz3)P#Le9X4eN+gF)I?_7NT0GusSQTO#jPTW!ua&t@>KU%Syy8JqEbY5`03 zy6e*mP`)b-qxlmYC%?Xrp#D&r?ifR3+&AiSJKqm`B7MFqA;Oiw4Q?9)9oetErdj)8 zM}T`Fx9tJ{F>Pqjb|Fr9I!ME2B;d6Bc^Tm~2u)>A!|5R*B#J$s%7|S|8d{t?6|(2^ zPyK2APlF$Q02S3t^Qx_|q5aYIh019WsDMW8aKm=u0p1cL52V4QP+0sz2P+&IEvH+` zb|pu_xD~VtF^)%{jo&MWvaX3Vq5?HP(RQV>!@mG@+SRA z6mCcP3}Wa$HC@;OTkNo*??ry^c?r~9B-h6bY)#0053fiX(T)6|8J@lqN+e7QUP zaH7*?%sncEeE6fXfdeBPD02(T2EKpIZ>f%o9~PYbiGmfr_+Vdr%l}_-=ZhEk;-~+g z#k0q^9aVo-#8Js0SECe!;`}%kwam5}`ET~sh6qg;X)@;Nr|r#pQIB~x0uE(so&B2BL;)Md%9bhVRYXGmv;6-||Jb1Q(TSgRov2DSNgMzE6Xac!= ze5Sxp9H~dK5YXAJPmqEHR~|pKL0Uh7`rL}2k{_-QQh<9kaAkNYfq~Q-e~>bIJPRQ1 zBtXF9JX0P&85urNd^Tmn^%4kxrb;2JM5HbL$BMVjsw-lmOJ@a9?bYyQ(^+Ei8wy>X zNAoD5d4sU*KmsMS_y+`qNd1{NdxO;HiQp@Is63BU&{>eX_j4H2K)kWQz$Wu2iuW3) zc)fd_vktv>lT1!moWYK)X_oK)F62olUq-B8WsM-q2%brnW7cZB6mPvzp#!bZn0)hY z&=z04l37m_uVZxD0^7ouE6kL8&zDPXRPO83)#w=0JdH{jsGYVBK&83LMK2IgynHL<}~ z`3*K)XX^dH$t>I>X<3WBi8=N&%M2?n7$sc1BEv$+B0P1KQd%j3HV-6ytfyM-=ki^;6hY>f}0*~^1w!`AFX1qIEI z=hv)l7daL~%c;5#)^F*nyLGtHkQ<8aGIbO^G8geyclhV>kl)zd6|l>rzBm8bha>DO zL9xkGZ?^fxW@d}F2=(#^as5h6z)E+-twt~J0n)EP$_(N9QHFRe@=#A+tI!Aj0HNva zQ3LB7#-xOg2J8M0^56xap^IQSYywHInori}%8GHZ`QQvnU35{Mn0RIJGf>!dVTL~_ zv>9Hnf0){B{M0VF<~OE&TQC<19nKXokOjxHz|oy!xP_*70hgLVh@Lf?8z81jRjAbA zL8%`Mr-Rkm6KANiyr6DL-bQ__`+l$VYP-(kvTAd<+ziZIT>gsC%7>@=MRWro)6I8Q z^RERNc>REzdh7@Mom)H($1A<&`ku;M6zP|)`?Y}H5Y+XTW1--2|18k0L0!GHWDnK( zL3scbxy#?nBhq4Hp*q8h+7it>0W5kEn&OG(yOe7K<4nPr-z%8sc-8#S^rtD&%ItB^ zbNxdiV>ZXrWGEAGX5(yNwjr+HxEF5rz>j5`byJq-L~NDq8naGM?{De6GxZbz{m#@r z-HBu)uUb%#kfnY>UO$^+G+3$Av#BTEOL39cp6-0ZYy5&FUXW;DTaxedZ!XQ5{8Mj6 z%aoZYOTY@ba}?*IuI8fc|Jv1}3iE2iQ0*^txgs`ti8Qx!U8kDmh2>k$4-;q;I?^(~ zWArEqPkX&*`gMfIP_169Dvxt>+xHa?;yB{>m-9ej=nzT5x`6L?JcCP^FvIplGH`gn z;|~v!)AEAnLv=dljm!`+OU8q)>8;?UsQxjzvEIg?2O%k#k!;A{QWx52tP;z3?{kv>OQTR zT-4)p*BYnlKKoMdU)Xf4Tw`wW%3b{@w>2~~(}krevsmQMx6FsA47H)3u!t4IMR&Ar ztKA>>`=S5R8pCggZ(S-Dgda&WCl&V{sTJ`e2|}T|oeataO-Z=`F@`T*oim1A)NcJ` z{<_f%05+SEZcTo!Ef!q$?EtpW&_uzw+?ujQgzKlN=E2k~t6t~w@Wr%av-nA@>VdtH z+Y9ddcR3rb1x9f$jIhDb47ru_g*1yofleveB~$WpvV*%TEBR@{|Ib&YdtrCA{RP#X z>7jcZIKCHxCKa729`X%pai4R&d)bKlFn}sH8HS^o0S{*3!QErzl*JisnEkKaN>swg ze%m9Mln(r5JSxNs2*5(buXuE3s(0EtqT3>UU0u6XasVaXfr7L|XNGDI0U?#vw5)a& zf~>1e1o_}6R?P9^J@-e-L6+If`f8H#ZU78pFtJm9pwp3)#3hwBHEMc@4aCwp^6L$) zEyKz>s+*BQzjj)NjVcP&b)gI+xcJKS7+tCnl*k#bzf@yXGmq)$0g!Zai*XPTc)`;8 zn^_dSgk6GRFsx_W8W=pGJ?7p&TN78=&l~vJs7tLvrrDidzJU(4^H_vx_5KMM9FxJo z_Ul!K!A$h_Wo=AN^XWmxhf+L@cJRs2S98uR z=W}snpPGRkqkB}uFJWhY(=xYxbhN}TdB;s&?B%aB!>_bUT>*{{Uy&ZA2#7UIHXP-; zVe70eH+PcdPS6-0`G$G`#n3A{!l@0#2sGN=Y0Jz6(7-9w1Q$XYl-ImdSX$c(HA%KC zXkQU3Nrqb%bc_yT7$LB(j7qYr%F~p-5hoe$1G4^8YiD92tZ@TS_wW|0Wcpzv_2k2H z#n$xUiM(k6a1eNfP~lfT;ZNho0jC_})9gZK;L4_BsGlp)!oD zN_=~vKQQ8*{&`o{yt|F}*zDbA;kmte#C_v_lp*q%?pVDU82~^mH@YY@fk|%z+(2Bs z*~+h*i#a}G%mm&^()-dW4VSt&uiA1&?({$6hDJG8Q9Y^6$&q*-$`2yE8RWw z*>IS}MH%g${5JF-@A5e;F+`#_tbOzZ$PH!HU!dKdAt%d+=!XiCi|g0Df<=yo5gFRt z8+sFZL~W@eBdJQGsRSl+UB9h4b(z?f`FC;}*wr_t=QQ(gW@_Fbm7OJT%9ZXNrk>1! z8vhmUA7nB9pQQF@z1)0hdO=B5*Ki$w!u4S-&2XdOstYM>8SK_h>+fhYGv1_-qeq%n z94Kw#L&O!kOLS&Jx%}n814-gG;=!{?OcbBa@OY zb$+t1s^ls@RY#W#!Pl<_bDRe7H6mwy)ff4fx+7l8IPYRdX^HI1#k|x|I)1Fm^`=PU z#VQ=;PY_bE43sb#45i0AwjwccIBxC!3hDUhw51Ya9h$v=FEfI=xu?#pVW_-^<`v{o6vUu_OND?=+#!2YaZO~`4C)ZwiLWB}f(pm4@9m!OKl-`{^dkf8?|ccj z(%4(2u{X+Ni@B_++r;3JC)Yqu>ZVKc!Xv^bIjJCNwxqRL?x6h(f zf%t%(S%hZ9v+)$3Syf!Af+fq5!XoWrOl!eF0YM(Ojhb7?cT{d`XNWG^bemqa{v-y{7Tfn5&F^L*H?ta$A82eQ!&T{^zKfKoe`?RUaERI~cOV zmhsBp4E{V+wc5SfErb7o;Qz17()b&vM@9ruyW?kmH>tAB61 z$VwRC!$k;fff!Q545|72H7052&E+m6*X;6I$*XAW@l&+wqfJBMmc8}J>5-cZ?GgM+5LK&A-7~dL$ zpcBnj{RNwYFjx?(fq>Kpos061%)7-pDTYzsZ{6rVV6fNb>PuDa_M|?Q2l$w2)#`0$ zYr9F2drqNl^5V^4U!l4yUcqwAKIKqb?RxSWwArn7G=sj%;c#ZgKmE zh|1vLVc1|aaIa&*w&Djr0y$?h8&kWvUz4X|(ocu$`NOSq{k=4A_;5!wY}LyWv#hHo zZc6@RXKrcW0FA(#=V`Q5hk$(BLtz_vSZ<3^byNXaQ|!#Oyis^ttxYl~|q zVYxA`iJ(S?@NR_b%>_BQUUE@-{KanuxQgp{7rne$TsLksi|e)<Pq{*H7l8&?Ns>0+Fig#{Zgy?!5{v^lr z%$ngfi?YLdg`HeZcwCtdw=R*wP}ZAp%Q1c0@zy|M$O@a24Q@)atP(fmyUOX()1a4| zSPah@zZw^jmIxk?H>h7FWCDouH{AL$oag@|>`dUJERw&U0O3%=LePgDkxy~xR3&*`)TwmQZLr@mVU`mB^0)heplt@l5`MlC?S`dfwPw(;*qGv z*ppZsOS~0hY9=SH64Xi&scY?5(^DoJnCJdICpgh0}dLxVZi$c^3&dAi7-3vR5g|!bQXJO@K zV=O?c{|z926$6}!NvJzQKPJ&|r-xBEPlDSAy`SxQr5F84It`EvpylJkIO_K)XCUr=5%1tQPY;_wUwPo#y_VLZsNqRd= zZ&R@+Y;f$FjChXK9$b9`H~Xz$KpmmH%fvzm(@6w5dL;{HCo-xB5x`&YYR2V1I^(Q< zB^%6z->ixX{u@np@~6=zo*UJbsi~gJu`#imUeHts(Q{H^;Sq?A$s_SGnEHH>My?mg zb9(Cxgepjjvl<0mdkJM-4 zZKQ4sK4DTQ;Y3=b=|kifINwcZ)?qP``cDB+ot%KQDNV_gF!?oAacxI`h;505N39%p zLci#c_of{a4bgh?v>dd~GPDi_E%*47T9!)hCj;m!A9v0^Zf~O(5DoG9x#Cas#c1TS zmWyDS=1enyqe$|XeWD|&63(h}Yf$TnW~mwuqlT7Jvh?3vmLrs9cV+2LO!s~*9ZXbD z9@%>qj*<-LN7rOk1Y4Q2S=+smJD=Xvbj`>Qcph>u!5i$|xNte}h1@Hes*vh5g%G7=ka)|cHMlb|`TW;?kn z6EKK?wztkt#0HlqE-orhlvE`q_cji*k$-Edz&)1Xf~lUT3TPMLHTC7^h0mY|cmBPr zTNf34PwXQIYl8e4=WdF(_!fI-vf7#Y#;L-`3}U=S}i|)X(xi z-zNW6nf&)DH97pR{BaK`W2*F4o>6X%*)2aW@TuYcsQA9_tzGi-Y6ovyv#o2kr(QJ? zH-{%X$6q^S>v-2i1!a`YYXJW|KVQXlf6|8H9|*{`pKsudYg{MM-Ln#ylchVUdMX>G zs*}UJ3yrOKHV~dSXS`|+mevM}A0u$<@@vk}Y1q1dQlD2{*;E@r{mOKduVW4Yrc}pQ zhU;=y<&z%@l3!DDa`@jAhU&H;O9z4fJb&Plmi+~Y;NwEJCMa>IFLAa?oE4OK8_|{$ zw%dmRp@2xdGDA+NYn54fuUZy5l-+ynN_ z%K`6nj1NhHE?(}&a5@PUsvheoVJIwe$Iz8f=Rmx-{zFVH2%|UkHK8~1_GI_d&er%l z`RMN88OhYNbQwqAtR#~het|$F3##iNwxNTGbaA9FeTq-tJClB((o;RJIT^Cvg1S6e zpQL5{=D)KU%hE??0(0+C37ecm>NWa0D#w%O8r18FIrFUZ3z};)44y;e1;eN_QLrDs zRjDVIl7-`xkRAh{D&W)(%pZ5S)bN2qt$6`nm6)(O$ucjNno?Zb+ILdNXypD4mlAIQ zIsP}7M`z<3SQKkr5dRco%iJA+gbUhtG^Dv;aSM}>1ZH>qF#7N{jbf_wLXuz5to5D z>_}o$tN3F#6_!=_dF4qC|7H~sR~BnX0|&h1jvtbyL4Q9;PG-URW4@Id3us{H+Bxdl zyqZxgJS~SL3x1;{v&UB3@<{o*mWwb|JVTZyZ8nX7K6XjKs`P;dOe^cJ9;up-2wo_p zW65BIY`okF>oj~XN9TXrH(L8kezM?ZUyauQS41lQpcl&%zst;2x(nZoKwOl1_>e3( zouv3lGWc;<&+s!fe5um*BxZWL@GKHL&lvt*T0OlB{qinPZe?HV=>dGy4FPoY-C(MY zZclZ|f=U{>|bGjF7bbIW63`t^vp`bxH$z$=16=pJ4xOg{K$(aiU+V*U2R8W0( zhMC4l>LU5(ujihfiFj5lcE1rmKJX(rul3b|Z(EeRwcfLW$?*m8v|WGB5Sop(wMPEK zllxXB`t=L5nxQ{g%_Y_!xdXWO-Wy{lE0&4-lndi{*W<|?yldIQ$gQQTKl(9$UElJZ zbaB$g`{1$ZH`vT*g&&(fkhyE3d8%*{L+!DUNGOVR==xX7y>bfwY=N^_YE(>E@OL%os zn4`3_CHylB;{;21C=26IOX!=0QECa-WMTBPgj2IH?y`h4voNl;gk>|rYKLEL2_v&G z##_R6Sr{uVp-&dZ`Y52)gK=x!-SqYTf(tf7+YDw zf3q<1Ea9dsjKBRL7`J6%Tx|)FER47%Ov=JI%My;r!g$6Kj>*FKrzN~PJw$ByUoBz( zEQ}eJumv#uT`Wke)m>m4>8@EQ!z`gb3uRAB_%O3loW1lW@)!}Kozy!N^$O&gGU7es zW?8eXcNEbsbZ_^;qd*TXKkO?bPLX>?NjijQCl7niII^hNm+*d*p$Y}`KRXT~Vjn7L zlE59PA5H!1aFA+wQxo3}5fUs@y>yg>zj!82E-H?1>$XJ^z+t_4gpfa+%UY>&Z2HOH zeg#K=0d+^d3qnRaa2lukQn8lWUkfH}hbWN};Bj4N#q#I3ei1V-gE2)d=MR6K^qP~0 zcW0UANQh7GO-OSb8*7JlsHp_;T{DQ!6ymq@6Kz<I(Rr7Ib+)&z z!CMJ$=pDkYKj+5p;f7c8?=}A26Fh&+Uo|4s!y$eC&X$M3DDfT|zK`Igp2J7#tU+i& zCNaLX^IEt7WD@(_!biX>d-(@tVh1559Hi2F9K+K9@*H<;I1;8u`nxsgMt)mPFbQM? zPvE-TopzERjh=Kj>sK2wxLdyTrLFNjwIJ-wIG7jO@5kf-_Q#*@SEpMN#{yNQ2)=U>HywT?hvoOj1B*sZ?h~&aGWktm`=Qe58 z6+SVL3*$~bss2b+FU^D!TJ1(`_?6EKB}JN6xft}Dt|Ffz#Y)ZGhYZkuEG37|0bFeC zcIksbpUP@aFIvu-Uf1sR)xlK|0g0hEF1S`zg(SvCK=MbwLGH3e34twY# zayR;}U&y2T3TG&J-Ep42@R{6PetWBtb#utoQY6{Nzz;tdT1+h5G`8D0H-1AuPUoNg z-ps#Gf@k%u>n2p`xdNtHRzZ}RJG)?4PQ_N${@TIjj_S`e%+qsOQOl8j?v&-s9dy+P z(tsb23Y)2Z4W^9THr;xBsMvvb55RPW&}`C`F+uFa=6&EP*+O@v=$U(OGW1|)gxt}j zFbia8T2r$tRH&PJTiwu)GOB*g-;r?x~3Svw>z!o3$> zPn!|(v`59=qV{v<^1A$Om#uxL_SFJefv!2;t|oW`=`D0~Nqj7EE&az%o;NFST}>Pq@*W#@DDVc{J2j7Iu3>_XAnQrFS!Gx8?s29! z8J7FC4WL5-6rPi_UzRqS(%tt* zrg^6+jz^QCs|8K`!rgA%or9m}loeD$)ul&&r z`1pgg{nR7EZn7hxwbu4oqRH`hF{yAoA|e=L`zYpf+*|y{d1HB&VRd6D8H`FrtafN# zywF{DsaI1orS@Yf{(B3d{QF*{<5D)FeQ3S7!ErS*W5l~lT|gGq_Qj=&)hNc8vCw3u z;ol*z+I8FLUb0>+0GcPY^Ln@JotZm2f_hDL*sK}g6->2<)U3baRwdHT9E8s7ATaT8 z(2bjhZ6)2Jez+>v@SHYK=9Z~>Xe;YU;O3|}o=5Wk`r56zSB`Nt`^d^d zfus43mE|qX!}r9e`F21v;55*uclHv2-J0`ZRfz5bd~Ey|KhcIagzlGj*b7DiwL7PZ5I|)9Ra)sfK8Oo3r_cc&a+6N_{P;T<79gEPe$(Ti*rWqPId_H z>iHOP0hU<@4<%@=J$@ zy;7%^coE|#^~!6vZ#0Oaj-T8fbc8yY`%d(ql$NH95i@T);=bF~2SZYt%}wudQme3% ziv8&LKI{mvXhR<+sQU1e>$3+avmF^~?vHXuU}O*7 zmO*0r2q_)JXDRfFK9(0h1QyQpsh*%Tn<_`?e4x6wDY6xW7(RZVET*~K- z+fjefrtLT#0&CNb-fjCCISf+z)zzdj?da6D9ZwJS?YILN|7SbwthCu}+0d_bQ|~nY zd!6R^$L%&zgX8ulc2yFELAlx!DUDHk@CyU)>W)bbZ;Z!Fnz%n>9IK z4+T85oA*WgS+VvO{|q5_aRNuTXy?S`9b(PVB0wYgPW?P4o9qe5^GD(h-Sg-T;$Dkf zXSf%`UKVQiYg^mL_lqT2siu^vxdrYcE*s@-uzy=IK>4Rk&g0VV+66In^y5!sP8R14 z7>+=&Z^Lj%v>8BbVWQ?ufEjDqyv#sPC;O0<^XEji7+#f{h(&CzyW=^0>jg|N|E{L$ zz@<|AsVNxgg;Ht)>9q?6sP@0h%}NC_M0e~_Tz?fOpjtFAg=<&zs&~>*5rASvEL%fTP!BspsTe ztNVfd5%zFaig|HdP1ajg9hLL; zWX{_s;TxuZx8)Ci=x_&0YD{5^J*B{kd%NX-_Tl*-|D?q6c)o7}$}sJL8-0NHfU)WL z>b7r}{QTmw6) zVcGFo6NStQ*jN>h?rGc_z1Adih1QBSVuAjCtraUhBhP$nZu9ZhRsJJ>y~ypc#1FB= zZ^*4x--3Rsw0Vte?(KroMr1Jc^4_?v89!Dh&x7LQlw6i@YB@rzV`!`}2;uqw{E zTEZP~XA-{og&;Di!v9+Od+!E&wNMfO_1+ktEkGm3rEy0X>b994@2nj zWm$xdJt}Hm5vYJ%L_I;pNu08ENAUo!&3jAz>ldUE@C#}yC;B2P0dxXpK%DvguabdH z#2l1a56xtLgK{68`izK~^>@nb6)5?ud4HF7#=%XH(-V290FdY3LnUYcb&nL+n)RAIuCCPfCgw( z4*A3%*!&N@#t77&lVi2g0Zt84TdP%3hpcCXXi3*DxHmD~1QfGVdE!?NO~tnlHr#8R zOr;=aVLRhw3^)9t4mad>UMm+>q(a0qC<)q8TxM>0V_nW}-@K4!yMM zSF)4yGuI2M_FRuzrMvuVMcBpC90nea8zdYpN~%jJwOm#0$1-V~$}R6PU0={F+ctifHYZ($^bG5nnv;V1PsE7k^@}y57+6ft zB1UcmG8xtm3s}zY+}(S~+Sek_>1WHs#_8Z$Aj!o7mDXQ*#m-L);IhSB4g z6+Ft_x@rjgZ+ZN4lX5&)(5Pki3A-_0vJfqf22pd@5F~Z$Zc^94f4Drdzvi_`%=?Sn z=9k3_J?ol@T5l5qMCjM-FarGf|B6c(96l(~2?Kv;a^`TP`-*}Z#nW&W=QhFkc%t;o zEI_UErq`&dAy`E`tNnf)iL>f_|0ix<9Q~%F9Q^%j~F^v|5g^7V6l2l;bX4ZNC!~ zvr7iqD}?McL-rRTJ7$(KpehULw=oT75N2T*%tZ8K@UqULCPvT0jgP6M(+0>k%iSm& zQ36ttQSVLL%AtcJfool#Gqo>{T>mmP5}e{G?9{V0MEcf_Z!kYZ;UVY+@6*Ik6vNgt z=)^U4n;Ro6r|f!o7FU(ummjVD6itB2E+UiMiS^vbb9Bhdy2o!S6>ul;yDq&QIOnq* zzsxZatL+w_D}D-9CM({ZT`YGTPT*Z5q?2Qx65{P);|v3z*DNfK)XQq5WOfA*+k*65 zy{8J7mWAW56|M0aexeNr1IE;=Pv?HsLKAJM=BrzIwNXc+qCpO^74wkw!3Bn=a}eFD zhpdd_g{?z??m$MerL)HILDn(?el_UGvQBH@lU+Ju7wHRDyYo&*sRb4FAnl?(C3-G* zqe;sI#F@EJL)V5Bt&82YCzF-@C_aAf+s&Tr{?v^zYF+joJ z*SbGW)8I8*(XN*PQ`jLx>DJF+98UF#N^rs0Tb%zUM zAO(j2G!RB(Zm2?k+N~!F?mZQv{w_K8-NeW4K|H&dv18UO=)k_0mTd1^f|`{#=({iP zM%drEF~uHx1s(C&e|M^3|DNjf`^+@4N2L~mRMPMG$MmcGRcA4q8X(9K2ZscC2SeH@ zn_;w}2QXa?&SkOG9JSV+!(g;r5EjE zI2l@z_};DDLg~zp|BylSx6N3i=DkG&au?p7cS=Zg*MY@eS*0WQ2X$AS;%T5f@za_G zW$`V1=!;VDSkrt|q+T%1G$^JI;T~=T7pcFO^t1$iI(hG5;Ydo++2}j@b@khsSHU1^ z$g;(sW*MO@GKsGongc~5N3=mcjcx~J*^Mjbfo$4bxVHTj@123 z#<{QY<9a-?nmSpl7P))B^41NDhv{+kIb_k>Cr?R)V3*j*%mF9KDGGW+3!zf|c zT`ij)xc5>U-vpnGXK!%d3>QrhW@2g0MH(JlvNkX}Px!lSPZlRQgkGph6bt@)AG1x8 zskru_u#fKtR-+8r(T1{N+%5ArcQFqN)Pp(7x2*Z7^JkgRN zS3)I#2;>?+t4&}0!&G7Mqg%>p)wM&yhRXsOkZ36!#m${gt8@_Z+}tec>}bPo%JO%z zsJYK#?}iKff11mNpHqDjTW~S>!|k&Z_(N$-TujJzfo|_)*?>gFYb~8PqDC!@DdGM5 zQC(tTw01o+|58Ro>+2CG`n7Wg?+UPDEBR8}w2XbK+yom~vX2*Z0C@v3=$&H3ks+T) z>es3bwd?ca=c|fIRYrNpHuLftfJhY_II5Fmq6PkoF}||Lc*kjgq;iCV<)jLIbo#8u z?(`!(FH$s|Xe+1MR=Y>Y5goGd$~PoAv`jbfHQQbI6P5`VX_+fB9g< zyv9|PSliXJ&=lzgBU1kpnAA>vEw5&$47#|1N_;AZ#ZTM8_>a}PRVG9DHHeec)sW+2 z>-U+mf<+h)wLdbd8w5#(hgF%t$lyTJqv;8$U+WyEQ57R*=ma+(ArA2J;{#B>~K4#~r$xwRNdP z$}4zA8kW6YaQ5UC&(P^rz=#!Q1^T9MdW-33&p2&J_&?rY|w?|dmy>=H8;0Cn&7 zS6cVxo{9IPwu*vJ)p*e+Jq1huNZAS$RbjZP+;Wm&2DafdMhr$O2h`p?go0U4KJ-t?7r2;)K2iY?jrLze#mMP;WmkWH5F**E|$v8Fchrqz1 z8iWn`4@raoSwES?ROt&-eb|t1c@+VfuH2GdP7VLy z4XlZmR%w@Hrk0vRW6gOQT<<@*>H%4POwG%dHa{4aqUJK41Ywkhx*?DJ-a5AzFRn>> zQS)Qv_h$VOVSmWerZLJ-5K`n9(B0TlFK_M*wZC(`mYKJ6WolYy_tckc_qy2QXcJRv z_Kb!$PicM5$W)*aYP`)Vc!ytii&c;jW6P7BqB>@?_rQ4-FoOdXmmBRh_ctnJcQ!OP z_CHL8$z#x9Z`BfTYL@>_vE-2?b@Str>?Ba#fPN~H$$MEi@d1TU&wf+rsVh*a9}{+s*>>r z_X*#t6E*$HKx1}g;*@@aD^sWRiwVn{Z-VJGm-my3EpKhbyLpfdxo(W_uS*d`8Z7BWOc6TA?ERftqM(?cjFPJ3)d<@KG#SoupuVkDZUW!|O~# zn1D7!k-B#b-Ltvrk3hU!lOmPW!J6#~`OL8XwUhr3$pO2UN7|>q z%g{S@vD*vs4Sf6`+V^+UoNT4FS)e9RM!WI<+S?iajosVrTGQi$+@rrq>nG7EQr8g# zjq$8;&xqftRrn1_=X=bNwv5$X2-?w80tKc!DNqQq)tMZy1$Gq z?$21Rh390WU=9e;5zVd`cR`wV{nmO<4)sL4j$$TlaZaOJE`3KU)AY&dZ~4Fhas!|Qn*8dQPX?Ev2^@m-pT2FLsZJ$SHHe5z$Gbj;lIEWhU=&ERT8{!nVTmW-S zD&Q2RsUNwn!R>dJs+blJhDoM&;@USJE?JVXXY3M_&Hlch7Ky(y5KR12(Z8#Q3Oa%- ztod|I<|Qqsh>YmwCyD6mR*)04nlgJ7Ln~@%-3nUnhl$z;t}xA2J4R4M@b=+$b+Nz1 zDb_~N(*8JppIY%h!(iG`NI{i}Pf3v=q{_4xAF{Fr!&|HSkv%b*Ai@vmDq!8_L_7xK z6~6b>YSL>4nMl(jaJNxXQq42q+C78o1)$kjYq-wmH+>{*X72txxsUHz-HMW`wbd@4 zrY`Lv_Z9;LZgrFLSm52Lu|cE2`EHq^15de6(}jb=lo$Dzb&#GBXli?ZrVUh5KZ*CW z6BkSs&d6+Z3?oUp(FUC&bI;&Mm41m_fto{}rpd`=FzTYv4Pi;mS+V3Dv&pT6e@txL z`%O9w%$#q1r*_?jcpob0o2lSYJ_S;=mcN!_h*4IVKL&@3nB|y2Hp0(p00)2qqtMpN z&Q{u{$M|YY+085Rllpr~&F#|f+rq#F=P%9Y$7bnTpe7N7ZSZYnZBm0KjWyTx_rMCn$v-I zLZt3ndP=vL#+nAHVo1`+@a0c!>aYR6Qf#cXW)ypoc`bjDR>eI`7~oJNqFdCtDz}3b z&yaf+Hx+$jAR^c6bcY1%)+b>+{}Mkt1-o1|bFxekG6L7>kKMmc^IWci{4{r-XONx2 z>IGypR#F(`7w#m^`-+Q7?<3^!U+j6z`&isl1bT+emr909?vE8JQm2c$xGq>#9+C1p zCr2@~);K0B_1n`uu(y>ef8u{kSl#NmS64P}jju@7?JoHs)aYo|sXV1Ma*qc9WaQZl z&QTN2h4%f2`bXtW7KkPvc0$U)`nMO)tfY2qfW#%zmO?=!%&|8)E#rmJ2tQ zgyoHK+_COa=uteiBk^8J%yOaLTRF-$e<#SL6mpf?+>wM#s7t7ER$EiEi?&JK-MVtW zBtXIa?VHwxw+~fue>c-wcPAy;@HMnxmS}Znj5KKpRixG(^RWtet5+UN4|WjZrM!+E z8yGK9!lG!3gckS2ILIaAKX*r-B9#)sq6X7PVkDe7^rgGKi_A0=(IW)cg;pVmN0WnV z@f6q#Jwt0CpW7We8_DNfowGUlyi!iZp?vN|@ng_0Zpa33<*GKr!EXh_g5S@tRsk0l>FY&JBYOH0O77aDmXYkGvEPq}3vb|#} zz3>*S0eqAyu%#O`tk3^s&vN}XLA5>YF11KqC*FhBXssSdUFmx$T%DXY z*$glb@gjsgHg&H48jsBd*5+wt?vgdI#c}Ic%VsqaNE>LSy9~fGxzD-c@qQ}wAv37g znN;_gT4i{@dzk0o+8Pq4t0YM}G}X6LDO7z<|T zE61fJy8xlgef7(4t&LMa!?q=N?h7Iho)ey5iqySk`Hp~+mNQvEa`56c&}m!gQib2{lT$isr3pWu=ZYyEOU)6-WYQgcEex!i(n z)#SeqU3(hNL4U%;l}m6?+~6YNP{`Hb-aT%*d^(QaI~*HzLZfC#w4sy4?z(flU1TjV z%^zvE+^kny)^F6=Cz91SzzYl<_-eZx2F}jEyDsap_RqgDHMH0(0vacFVWq@3qD#3h zqO{D|_?XOH6N5=eN>_~w_`3ErJrqiY3%y2kn7(UebEg6jY1x6-_S1Xu%GN!vrI1&Y zBD`v~wa9M0-KQgLNqLk?irrFP*u?H*l@!yR?~qVCI6tnU9jvGTTT!mt_C??IyTZY4 ze})>r%9`AI09@iGdB8^*;1U2|L4s~!WF4+OC_lbK3@`JnzD9WV4Df8}3g@>^bcL_F z#O>~@ej2p$3@v@5rp~UAFWfCTZ`u*s*^)wKN)rt}+Uz<0ZjwQC#k3^QYhT7v*q&K# zt?KMvJJ>p8VT(oHV-a5KW-P+1Q39{-ut8y)6>7YYg%6L!QZs)k_|~2WhpWtoOtUeX z$d67J;c!^*EfMtOWBo4p-5YXu!RT2Qx!vCeOJk*RMW|i4M@Wo!Qb(iTyABgEt{n%3 znUJ5pi}tH;k7JweYm`p#9@^_OXho4PN$@e?@7K8p(Fv=sw6mSSHPb`4j?@$92qK)w z>8hzWy5m0a8%c#n1(^eLk?}KQw2(O;Way*xRz735+>AGadbGhpZAHnLZs9%bnzwc^ zotI{_bU*8c+U?-B94#c97}nwn=BKq3WT)Fh<2t^DiXZY+vg}PCp%rG@sk*Fha)w>( zZ03NPSlda@@^qaRB?13T!0j}gZPbrLf#BJ?^|x>0d1~S{XIc|g=CFg|$1XwY7m9u|48q;{Q5#+>H@%}0??e;7 zm^a(N6>zYf-E$lRf@q=SNZk#pV%$$6)j6}(1@VHGX$*!t`RlMRYfdd^*K<~i#j$on z{ft8(ZT&T>Bw5VJt17w3_Z(C6^rp!6{ZI+JN|u>W3{U zspHl~7VI_%J-a8UZF-hE6r#-|Tdp6itoGM}kY?ta?@}Q`-8KL{rv8cE&Sb&OqCD-M8x00Fz=i)C%c-HGw7x56eg4}C5y=me|(ks#T zAXkcCXyS}qfS76yl+OTqa~`}1pD?e` zw_^dbtE9MJlXq479iSLCP1XlAq<$u6ChIy(uHj;c+O=kc?uBQ|F|S<1_mmt5TCj}Osw?K425pujpZ5;0mM{F&j$tYQ{;i9QvPb8ZzMOK=2APN5 zbd}zSvcCp5D0|?L{|{x)d*4%bW|O;t-p7R3W|R9rc|Pq!MNPuB@h?{Kk*c^O73Z3J zY!$^T8>3)SXM1E(=}sTjx3T?|v=FOZYpUsABXu(c>cHWUJOnpM=SZ@ezVTJbnX~z> z4aO;z<36yPDIidU>S*iIP}?^$gW+T34YYkzc+6<~cFN5$fp5`<>HNAwa6ki5&HCK6 z#QhIC7fMnGv^A+v(VRxPK*Ms9Knxx$CPP>{p_(fEZkI6QmD!9>C}V_-HU~31{fu?k zA2pHxyn6_#+)wyO-ChV_G_ZCK4g751tgTCnle9m5bbGBWv5`8nE+h$;T0c*l^O`}i z%MlmkNJ;h6*pV3c1U3wOH>(kgT) zX9Kx*UEF?VnHH((+q6tD#wV{n?DKBf-p0C4f(s*+f9)<9Bz~uR7cklU^*fl(NwjOx zPC2-WBSjmes5FO_*|}e%_SIUlUJ%CmfG~_I3X&D;16?&Ss*y@-`kOK%RoE+o(e)tHDB_Mb?5@5&5R7D`m!e4; zH)%9V+GstB+nSX5cmhk*RynX6i^IN<2oS(NSg@Dj8|7j9bt*j^+ltWID?n>{rl>ZE zLD9oh^gfC=H`nklXAY*6}Gl|Hj=#fghcY~{976U^0Og}&wJ9#B(L zUGu08+Ly$dN7?pRVTKdiz}Mhy16+suk+9?e`F`K9jn}FwvDs+D52|YIm;g}*u6SeR z4`giTQdIoFEXy!gN(@|Q0+yHfUlH@4Gn$fx(~FO^%sD^1c8a3WGXb>y7~<&_{JKjzKI9fQ)snPF_ZY*H)Kb%a#V>$wYK< z13zITC(@T)35ejijP+&II^zNmcYAYbB>dx@|LEY~a(_L!l&-hw}em>bnappJL9N}M`Y_9;Yb-I}XMM0!a7k6sO5=IIV;I~Ai z)GZ`M-YHys)*DT+7>}?ZT_@Ft$ZP;W znnVVTd8E9cl?nTkHfbLZ^u?!HPJ9t8yTW-?jbq)q^>bJcTbFBsTH<6&&QT%+^2+wu zloo-9YqEvSZ+}ksKOjl09u|Ol((+9$w*3qNGD_Uemr3-WTI^OGCl{4C1YNJHh?ZL7 zZAodkw=Mpku}M>}W>sS8rQ55|PA0C#l;XTdorzftVO8>U1{#4PIoK6nwYs%H?1k=N zC}OEW#$75SBiF`;PArMk->-o}hOZqQiQMplUQ&fCwhM>*8WI{Myhj_>gGc&RpJ72J zgY->}cUgx0#YzsM_=B0R*Xe7$eSLyXvq^JJ=Boj}%D#RJa5wu{Ere#?+PJ9;0DDAk zK|kAmR>27rY+1~1qImw-G|@)Ty?FMITD*l&kKB?It;%+w>q>oPC5grl{EOsQE)h?85(0xp43Z?AAKjxD3Wdn^ACXPc zSaIxjIh6z>+mZma%Yo}zlJ(U^hMMluY}pAR-86j1=VpmomL;OWNynHdPqm(eSxvgR z0h%*-Gz}mh+X%$J$7q_oWa?$C(H?y&w427q3TzA4^$roR;qcJA(9ra9pW%Z{2E%Z? zRlii#uREG)I@zATn3`Npc$>O1VtrJMjo{ zrK;rk-qjceah;?=Us3^$_QGA<4hu!x0IM z-L>rH^C_r(B}-;?vVvVjz~wYH-v)rhn=_2=3+|(6)Nw!eUbQw_UJ}?03?OJhpB(@h zYqen1Pg)K7^yC|%T|Cgb71jZ~O?O>o!}Gkl>p?km4Qx$o3lT+c%g%zycbt%!r|&V4 z@f}ffIx3Um3Ita2=ghj|^Zl%Q02tCRz=0Dlxsogv6FgyW=ow<6O-Nv%p9cQAI-L8% z8P{c*EH!d zw*+8bIRcvD7?;ha>b5W?uRN}=3qk3e8);_iF60}=zsLEPGvQEHt=E#veA1=7t*!@k zgoGvAcV+GL-mD~F=+WmJ&rWEy8(d;)T07n(U+rPMvvrcT7#Yu)+z`rm|LZOJC?j!o z@`8Syy}Ay&Y+n1w4VC1nPM(d}xWZrYWig+Y?QXz_Nq;;{v86sEL6(K~HCxE2&?DX6 zP@9_9ZaSK?3UjFp;ziv{R_a=$$V)kE4-ka!2w&7_!;c1UM`hrP-v>p8yQ2g0mf z4lOgrWaSHPAhh|R1w&4o@rMS?K#j8$3bGPJLsWYYeMD-QP{V^ znLF7Qf+N~v&~l<(duP{Bk+`%nc`73JG-S1J(UhaKTj>7yUiuXLlpfIOb49sNRo~Y% z6BMPqsFvs;*PJmt-I4}Ja1cFNYcIisp%lV!!%LPuTI0pi;af>;$Gn+61 z=*J4r$%T50K|PP(^z{^Cf1zUk&KC3i$#!Dwjg_fWi_J9JAV{S<0I5;38V&6bqlH@G zB$gD%94^XXET5|6q+D!he0GgIZ0~dDP4Z=S z2pYo`!0LCMMM+lNsE+S*fzKfidQZPL1Y;ZUq~yBkzf#bhI$A0b^}WLCfuVSc$8M3k ztJMP-Ng9Xn@RXk3xpo9n&G9Nah@zFvqdEgUFI}!;slwfhat0-;nj6Gm-NBW9P*!l$ z1J$Ru@degIatioSd`1NdDbR8`FyG0|a*n~Ap)9Ln!9c6w^U@1RvnP~f*2eVHq^Qk_ z593=#Yo`r>&+g;vot6vKOSbn5=&b++N(iInLXCiRTt$O6%TN;z?T41&O-^=+28?LM zQ|VXqK*-}yOA}vRpRigD^fcoxyTCqbI$(C$j+tBH&O1+RW?Hcu z2sJT*iz${TBi`1`4(SnNWYE&I72j2q&27c37A}UKI?KKAk6*=>l7+Q9iJy3r{}_}g zW3ro@1)k2_y&5W!Ttj*m%bEEAb4W8iUek1_dwP`q>c|zxHPja!`ne0TMJ}d@d!06A zmO(|c%LWUOkE~@!DLeLZ$=~Ji=&A zcdx5XBGZ9`{M)pF$ym~I>Lnr(CnsbpP@O|md=P_Kb218(?;k;7^31kbUHBz)w*wcq zp9hRs+Br~;w+v@w4+mKNhQ=_1g3$i;> zX|jl}48v5v~aD>Zy~O1V|rXdopt*Nm{~I<)2_I$eir?_D4! zHw80!Y5RT~T3uZqiBjWa?AP$roaj$2RV6O&oYszuejmSOI4Y71gEeu68XL!1tmWK+ zYZ{C7wq(AAU)()LyfQ|)$rAsKDHUD!bu9y%$pgG`y3RG$xrJbhh28!X^7cRm#SwZ1Ng3en)Z5xfGGO?{#c$r>&8+UVTkm zOXRoo(uV>Ry@|l9&uhVCbdwGodr08bCoiKh%-2}5;Da4P+2?!WI6j3l*W-cnx7Jlk zj>M+_I3mweO&m6OfM*dS7{Um#zN8`#tV$cT z>%=_3uj#^`$o=}DeU-_|#`=cbuhZ@827cY&kuH%~2eSHeLTu^`QyJ2tC9^e73*04e zMkEQX9*P)qtqotZJ4wm-|7_<6gWGT-_2m#1aN84@Lc3H z!J-WVKrVf%m_Vv9hm)7xlclvXIe+8VgM64kd=d6r60M`SL#)-ar z#vmd3g<4;k%IcoS9`oIU8x2PvnmbVipD;@#IdUT(dQ2fn-6uZ^u2p*TL!H=Lx*bt^ zKsha9uER2z{)3{89#cipw+YuL_p9%&%lYc|9Nu<)QF!80AB1^y>1p!}CR=i{x9}03 zmTNWP5T`M86OoO%z?kLa@-4;gbTb$MOJa#*y#d9J4?lx#%ug6$)A(g+84`F=T9?_ZWry?`e$l0_<20d}7M(uZ^4cddG&mz0KeV+Em^_@lc znrL6rTd~yLC3=Vb&X#Y4-(T}8Ye(nv{6-DOR5H#{M)$x^N}F~r??t>b(A${>Fmk(Hk~8?7__O#kiUV=Y44+b$0+8)*VYe zC%T9wZxvm*A>tceUSGkWkoozdGlOA*Doduj_;nC{4y=yt>Fx9BUO0sgagqFua3$grxi!)Ze%JDB_4`| zX3y5VU^CbadK@mwjMN`vNh6V!Ik%!G^hHQpWPOG*1rP402Gmda{9|pZpo_u&9D#bixiNKeptO{2nADfy%@qbV;CS=8Cfc zlJxurJ(-g3#6t$KvyLS<{0yt{q~d7u1bFaZGux)>1whdIwECPnk^!UhT~LjsHSC;y zq@x`7ePycZfcDggUUG44?V8G&8(M|WH7FnRV*THW<*$hi`5{2^D(zn(>TmwY&udIF zsSMEUr$K7g{w{ICiZ4p>pOQzM3Z~QrUlLEPqMm zkj0U!?$v9mq60l!tcJ|mM|be9SsI;nXnyqC@_zaD*iMh_>=7T*udBKHqjq5jb6{Fk zm8kDcNw?R(=+C4*R}D2_m+e-a|4jor`quLPE}9y|lvwHR-cu9EveB>C_oe=-)D!AN z{6l-_k4|?n9E7O+0T&k64lds|O;NSJBZ`@=F6>kjy=@nleve*+_UEq;XOHBoU`aWV zTFj~9{@kz9i$xpcZ{{8#BYQ(fycF(fz9WwJV;l)Q(DMU%dF4{9&y%U6_Na zr)6+7@_dJW!CNdu~U?CRgdA&p{cgj{;ON- zmPP8v!mR@b50#OFM|v^S((Q|=T{|K_zMCXT^rMn>%X;GyWGVvJNme2@Y~dZ* zQibRL8j=??KCcm>n+b9xzwXTa=pcN51hY#3t~e~Vf2NqWG(oY`Rcy~}u}J+4QvA|# z6t+5)B7q~3e2934QuwatSokdGK`-SCW1g9ipp-m_yBuo9>O|~Rorv}4Lj`h+%H$z5 zN)AodP=UUnGI^L9YMx1fs&MAIu%TMd1B@@`(Or%NX!TL`Ufw{g{oho)`|Iup;Q zN*@(xfpySMzJp?&lUvpPmS1yl14GkV|8^W7+{-(s&%QIGvHWdqh{lsyG;S3dKMrW) ztw^D(gF;owZLInEHOKjuYwh2t-2YA|JGR|=T2a?>+-p@nsFMdGz;bTWzR8H5>w&5nl>V~IHz>rb-a z#LgMvuR1kpfL5M{l`y{B;ZT#wGH_Y#y0XYMKT)|2g`JIhBJ;rK^5sg)l|Yb9-v( zTBvLMuxY3;$eFpsm;Sevmh*DG+Cq5D*f`EUB~!kE`M$%jn_%U7P6#tFH@YrI>Y$|7 z*%dxw{*t|Y0E7$h*is8!jF37ZozX#qJ7vUy_*T}}liP^=ZV7t1P&*oSx$cNiY&x9x zO;IuYfdqTKee<*j#Nac9>n~QIV2jjAa%q+i0ui3<=py^YqHD<8p1j%@$^wr9aac!n zR84Vo?IQE9PY#Wj_=7%jk(X8M;oDeRD(JtruJ(HMM>^oC{wt6JRYz+0qt1sowgN(2rI| z^78Gn$iIN>_8{xGxROSLRYp>}+Zs_B$w@&JH0f4;Db4g=@lI~L3COBD*8W~Jy_5Tl zQ;aQJ)&Aa_=jD1XaR1{EYKdU;BMiRB$Jpj!-AmNLrlfPU_TbidF^U8&me5qWhW=lF zXaMkk)&Oh9`i)VmyY5v#=yjx_-eDZqy8Aka;-*bN>`0wGj})j-X{N@WTEa%D$W7Q< zBN(~fgui6PVvfARwPGdF7c@A`HbP~xn{e(t3pN<3WAm#i2Ia*Y6lL<;*~lrT`yL2r zbl-ooIct-wq|GF=`E@+@ReX2R`<1@+J)PQ{IvP#cb=~e>jwIp(gw1r|z*ulFUFXv$Zg+GZegTts=#(qjsOK+Abv}!AAI_ZFC zQA=m;B^3=r%()g{meS0cs_HN*aY0Zb5+-h=<$71iuW!YYM@xMuA#X@*=)v)Cv?EP! z6&u=1w+fEM44z%*SZ$MiwVGB{rAn_{4f#I5f8_aN^CQn6-mX0I{K)qF9NvMSV+;5> zxg$SQun&FH88-)}&HK>WYFv^`Rs#hr1$yQ7mDfFNlNXw%Kf z2-eb$t@BJUMPm3RY~1j@2NLYDVqZV`+Hr^@Rk|HX=n*1#Me$ZO$On7O*X3T<|f)jE>CU!=14&m=p0W-Fs-Pk{p1h(r+f_S!FDAMg0$Yo!K zt!WZJjZuE04af28%Bga*;)U2rPETj++`lHOD&Kib6H{@*YYL@Exsms(#89j7Zk9t| zp%kYXIBfo(;xVzvw|(0)wc;8gYI~8JPFy-8P{sM`o38O52Q&G&b2UuT!`nZ~Qm-mV$rJ$3fB=HElGYTx|H**fJ0?B3n=Pn$og zx39B)O@nDg$`>U@6`O48(+AG0onD-W0n)!RKtX^NZ*OKANIpa5QhLa#>s#HhR=m!F z%jS%v!(!7*#-`7^GPv3b$zg2zqMWx|bKZW+c{^=t+j6P!t+u(uy~xYP0ZKVY1^C}T z^@YTE?3NbjSNeie#Id)P{uO7dROw{a9NWSYUH_G*eRS_j?dx*svr7*Ub1pqC%;g>m z@*F0;A9J!Nj7u5M9E8BREnLVVeo$mcrpQE!kWiXQI5U88MF68PfN}Nyz}Skci~bcL z#KA!H8Jpmw`Sxgno`6od$Q$3sYC&J2{Dt#6AX1_iE{@*_H z5Y^}r-VKC(NQ$<6$M;s7sUA$b1IjZq-KJen-ot4(jcPpIU6ZA|D$(63yZkBL1=B7Z zos69vCi4FC8${Hse9Wph4^c%Ex!7$Z{uoYBC^DEfG4ZSgte+Wf_V)Sz9|m^ZsX3FF zAfLzBB=!vKL9KVjz@&2y_{j`4taj%=ZCHrcCOsK4j$cP)y3#X_4@k%`j)9pvug%tJ zTinS1QRn}UaV#CT5#zYNe;dXzhegb{GnK7Vwnul@PJiCcfN^Zv&SKB3p1s#ZcyAon zhOOgXR%fv>tIABBb{^6%4s%uK?*B)f#h#sPT4#x`^MtaTzAYhMiuG-Y)%o6cVLN4~ z4#x9c)%i^EpSQD3Kq=#S;UXB!jQE+EuC(9tkj4;QVD;dZ=x4U(+C*T!CCG-PZldWHD-o4cK&l|k)3aoj! zIRvKUB48VdRyW8aP-HzmE`z|tECO~8H~N1d5Kwd5C27D$OA>yY;gYl|F%0&^u#BLB zZC2>P?vCB8Zw4D`i@yo`MjpihF&qesbr0bS_Gi+`;6Ee4GGAx&9}4N1kqXM(86+^d z%dF1hGIidNty6Iw-G2W^on_$~8iowaS$bnI`sU+VdgrgTr8fp-iI$-;o7FHjHvJuO z^E_MB+fO-f+r`^{o1F8uBIm99WkJr`=9r7}vYDk9@H5^Imfkkoknt^Ai`==7`Gp8v z!-ePw;hQQQZ5ddc+{hpgUE-Hmt=L=X#jjl25!y1jPo_u_MT|l+`xjA#sTgp=BDAd* z;C1vqD6GKwog0VUbA;;Uyi>s>MQ)uw3r#?>ha`fJEt?!R8p&xDy_!jSm?ZKnQNl6_ z^sVj|gGYSvJJ$TFZQ#*Wsa>1+UX|K=$;tV7glSPgM0R(s%jK$hnodN_B(Dqyv}uv+ za)%Zj{{PN>J(-R{l>xZJ$ig;nu3^xU7VfHUSC7G|8I*dEpkucZZca~@KDS5by!thh zkB_BxY~&Fv#`MUSMOnRg%Td~e*6bnogRKl6joBM4-5ZZ^HDv2T9MRTUx{zrkjS!%< z3ySL3Tu!L-6-07QmG*x)MCDGtlkn9^VM2lg8wS5xXO1+4LT#G?`NPcnGZ=f}b=W$M zu6o}&4{SB^*g+otmtm6YPlB@FM0OM`>bq5YcnCjblV+|1R z+m_kSm-%>A2>Yy{%-uExObffe$bJLwuns*=gxFF4=rL_{zd)-fSBqG*$J6?Q_Kx6t z?}PbyX>}pbH}kB4TkSd+?xnLb75?&t0|NvYf1Zc^$_`V&a00co#xhj{>9 zSB6a)LV^Zvx;lY@^VlqMV?%82ejv=+&6ho)ZRP)|u~tpaRFLM(jo{rMz#GKzMU2mj z-1l(lKqDTJvM6ZviSLq}D*f-r`nuem_G7>gcFR=zHz1PZ^Aqy(OdS)Byc zkTRYHYg5-CaOX@7_<5@I7pQ!$G);{%vA7jI(bFW1ItDZ;SqPlSvVo*uX|E$GRUlsw z6yK-wxHoK($BWH$`>>#y=sKMojZuE04KkXz#oI^$hVxpRH6n->Grq4WQZ?>dnYvJQ zUV5rn20>I)g~w!oUX%s;7Xh6JQ1%}6WN4BaO)cNKz}ycKALjC8ZzTxtXZ&5-OPtKm zc|J?y7-OA2O+x`5`w6PZySQs3?Y8h0jSMRihKe2D)Qzut`Hos!xS~*3gFxk;r#-eDsbP- zmhKZTt=a|BL2nPlw%X_AL6xs=8QlJ!ZCplR2uwZ&u0LVfL`{#%?4#pRhZi?M=rVko zuX@w}LUgYZx}MO#5xUEJ$TFFQ9q0kPJ2syGpsMo)WB$$9)PKiFG>v$uF!f3@y43@yQl z+HDzsotAYq-~QUhWqp9ed!|a^>np+r%XKSgaD*;#-{C3CWSCCVk+&{);YO=GCzH8;B;_9fWZ4DV&3tJ8$&!UN+{k~;@+iiOV z6#EuC!vG`jUcB>y#}Gu`#lMsxS=8+4R&6JeA2~psa$@B;Ks38wPBeMtFokH@(Jl5l zh(t%IsmgJTWV3t6=LpUM$@DSa-RJX_DPN>=oCUFX%<{z#r{V$bMlzVfc#6kr2JZ;z z9;=D|rHmdp-Rx@T_iG%D@B!Om$^WWa_dn{y!0q}lP#U-*Kh3jh zAJ`!wtBL5~g-b=>OgEv=GU4+0W1|>6d<)#20>#=1Blh&Zjh*Ncz1y_!m0hY8wR!+C zhJ%wY7jx#?H&6kZg2{D*8u-^DHL%TM7E4|;gFL}_Ca<|M^McBBL&r&-6O&@rgpJ0S z$bf2ZCQ4|*sseT%tTq)(6&a^Pi64xiqq)GL*msFF%v0yW1Mn-z-*+|AuW zfL(T6k$Q}NGXZV+--w{%&!V8v% zG$6Snpn-q$&850wR6GYc=LE6@a?VP35Oz7c3Z!KupFU{&33;m3^0lBK@A(#=T8ens z_H!QQ^02CH<{vTqX((5^J*0n56@K+u4kD6&q75Gjkq#hIS^J`qNS;o3_e_&FgVAkN zON+KuC)(V43EHS^_9O)q%%0EM2l^`UcTZ?xfA7xbNr^MamMMRg%D2fW5_P3}`$WB9 z`X9d1)3Kd)DMBpqUcaipjkrs*x@MYH&$mYJb9)zZ_M^Qy9~6H5Y1nwnr4=aJ zaD;MoA{Q-oZCm_2Qg%~>Jn0wV2w7rTO;5Th)+8S*<`Ez?(S@QM*BsmldkcvHO}r5# zng4pS;y%sH!2fl3E~*!iX|t#+5XLZ6(bnVo!Q>^TN9w9Q7;Tp(SYBophpLAK`N!jx zaU+f&w+H1;7cc^YQ9;FxI!hf*+I3hJvmz(Vi}W`?4gQ=?fAHrhbxU)_3{cOj{k>!4 znm2hsa-M~ku)euBb~VFpM28>pUbvuBUS9iHk8;9vMO){UCu3d9iLqRs>|LH5-$BMm zQ6F6lgr}MabAptMU2-&*$xo$UkY)1rs?-GqPce%RtXr+>MQdg2>%#`r{4#8xn)a2gFP{@7Qo>2z`0UQOR;#=1XOM{FPie-N#f0b56};uGVgj=mxoua8L5{Z<3G%Rqm*)1a&V zmgV7d-I3zkv)2#rT6tWV6~{)pRAlwlZu?+trD(V7E%c?UzFcBoYNjg{fg(u##HXHT zcZD12eCNg)Dm9~{Ys&jowF`DoBC`Q4BAgn|{feFjyIStFHqpe|u*ecV_%>P4zL z>zRLSuv||u<~V>A(_wajxLb9kh$T|@H~TQcon|3270-E4KNTGEAQ0jFw!-h{x`GqR zxc+`QQ1Fm$qy#-)NM0X;q{w~srK#CIs!Zjkt`FYl*^3wGO=bP(8y@|u$YJA&JNelABK0@(PCNn~Og-GZY#=(+c3&0s6HOhSM ze^;(oNaAE2qQr7n`-Kg};Se#eDVIn?&mD9D!$#u|yxy{~nZaW9wy@vg_XJUZVzz=NoZtikq13)b^6QnLF#CJIUlT?(+R$EQE~AWzEfh>Qp~b~A(CXH8)t+*->#TOJgx|PVVb%cZnhPjufC>TB z@*H2kdpE@1s?jzi+OW00N{6#_b6>X=5}5P?W+3_ z>fjToC8VT#0goQ5GWEP^9((ZW?&8)(b@L2f?DUTGkrp@_%|*Et#&4Ge?MyfE%W&ja z_QFx);Q!>_?xwpkBc_#)63M|5)$jSlcAG@=Rnp|nuEUnh7yQBWEM zaNM#sg1#cx>R9{Ch3eS0f_~!er-F{qHdI6Z#yi>0+fCvuFwX`y6xnZ@e&2d-k|KMyOqb(p(?u9AWtz5Y=gj)dd`<$3t3-( zlN$Zx{`y?M*ubuJPnZ7T`Ft!nM_9X6gmJSWdPP;3>%E=F6C8gYkFH{pFWFht!^zIeDbB#AuV=#Yx8(%)*?xcMdYV+>-`)<1 z`$94|p2bh}|FQNa@KIJ*|M(MNOi*wTMR6Y#EVKp*5FiT5kOXElfk;5HN^zK(kkM?; z!eUvQL>SVs^nJC}u4-#*H>I0Ks+fQhzzvrwi)^mXFpAhJo67vZ-*cbmnP-OR+t2S` zG|$|7?z!8!=bn4+xm$Yy#JGOC2Hnp8xxNbr*wkWK>w~hg_YB4znyIm5_7wC#4j21S zf7PI#Hle57m4{rBL$Q^^JmwIT9L6$-KVtV5rTq|8D=Rk6)v!v*J(y1s;n5xB`5s7{ z;KkUPw->Kf2yF3abr2mO4)*r}iWnrqRlS7>t3F4iIjkd24MI7jgGG+$j}20T9bQBG zH3!u$qv6(RU@fGqpB+pm@tPn>)&pot;z$=|%edS36KfHc z?Lev|c-uUI|0Lq*d$8jpYuOWapP|S{*~-z4`fj(R4k_`CT~x1S$?r08%0l3_o#Z!I zvaZrk!K#5w49hV&EMJSi2k^HBf6Kd_ECM(YoeV!C)DO>J!PigyXzJ$>iVYy|UB%Bf z{E)Mnx8%t}mZ#*E*hn;u93(id{{?(zUP#jEX&Z3uo2){A&s8&V!3B@GuG*ZG^Wa=n z?+dcs6yj;>@tvvs3fyS@GNzkcB)J1}1SDf;{1PNY58jM?dC4fHO*KNHxO<`G0tpbB zm!?znfDRzkq9tFXpVYt-Wy6vkVqp(Bg+P2YG*~9dU z0EB$~p68wv(EoW1d)S&dp&gX@Ftb{DHr z`8gM&KdMML-n%PLt8|t>=Sdhm2UQQx&m$%h=)g|}Cb>)pQ+Gh{7GgpIXNi(LB^5sYo7 zW95z#F4Q$(?xJK8H38!lP#(@sQYSz%1<^~X#<*CLp>C83iycZ(a>bNoi31TD%YCSJ z(JsX3=YARxoJsFeDY%@iJUdd}l8&B_b3sbhK23Dp?NCXKLx!NjA{ZMN<1u%Iq+e=; zE=6cNQqX7s?fca8W{KIs)=_zLw?Btqebg~n5Y+vQ#;}aKGdumsd!Z77e2*-lGV-xL z<(M@6%dc8Z?`-`a0`!CIXYqoXg~h{o8{%x$M%%;2K3!gd9aJSg=?B%tIi~RW*#6DBgxS@Hz^^ zcNsOX(qlPOYY(a^5Y5 zdp^l4yEEFcG7F2#s~`ePT+t>QBtjRQPGc4pbX?aX6G3V{mRSQCfdL5ea?I zK=BoG1=&>W$?o=5^{ii3T91Zbs-v@$ z(Q9Gf+*Z*xjw|O_gSlFd0|jC&_7XhU-*Gp+<9fxOVX8P2HBg^^gyxpmqgsOjdzO5$IcJcxY@ zNc%s@+qUb+OqCn2@wPpZ!mkQXKK?J%E3@6!LR~1j?t?djdeqVq#UI~|jV2eoz&SKd z?p%L~YyxuWFV7dpP`#cBaTCzM8Gb8|13sNCWII} z4~o8yT_d=2_oFCOW<&yJTlEMT{x<1PVO(K$-!uv}o*C^PDH&nS1}mYg+o_bjH=#y~ zdvWV0*ON}#qOknZy{V+xF?pgL{KymS71*W5Oe*GniVEyycRGeKlc1Rif`qkkhj{V! zGf{YSeU#~lKB_{dGlR%DA4)m7ZUt-ac@p6KWk)I>Q=Qc5MIAUOc!+3$Ltq5trr+!P z)R2Dzv5g7)9n=_r4Oi-=Q4cm_#c@8MZ|4?jL%21gQpcQ`D~9WrBY*B=L~a}OYX{MU zS*&$%1y2h9FManCa+%{UiK=<7D%WFYh**LOMas*@Dg7KsGLsmVlwzid;^7;antm_R zVMV_``AdvnU3}u=ZZ5FNYiLHqahkNzN{Opb5v1=^oB2uptqtxE3!Y^8pKn)%q9 zrzW$=H&HxhI1qkuEktDcx$=^aovk;5TB_dJBAT^Uof$*foC`$l?gPHM?|d@*hEzU^ z+;0psEiOjhs<#jU1X7Qi1YhSlvehx z|4ZKqwT#GrnvxNuHcqqlb@4`rMDe|!BDXs-xz+3YpJmo^!u?jBkTx^#|3g_~;XvHn zB^_Wc->!lmN=7RnqGXKWda9Fru?kP?;sq+Ojq!RxC2*i#yaWY@r>tX_a{JpysK=g7 zW<7eK9yE@2@R64@P!W`H`~6A-{5#TPz5Y3wzx$LHWsSZjL$i6=wGnaMzfrXx-E0x^ z9JPH06x^Y2;|*{bO5S3X;6e5$gOY17?lVU}ac;CU4tVWZb8XQ*@sq(zpdkc_veakR57xH{gAymR&=$G5cjg2gFOEE3?}KY%p9y{1vc>T z^jJ^)P5mk~p=_^$*!>oA8E)m0P`UgJ5ly1qj9gLT0wF*)wsIo+Z;_D;O1zmKVdG5(y5B5_~D zE4bzt!;0~c>*X9_hM+Yb*l4!-TSyC~y$U}FWGBMC>OPviI0Tj6^|>+foP0PGH*K>( z*gHGm?90(QA6{>j1}fZ}`UX`R+M1z!pJ5be(d#sS#0pYAiZ7 zjmMDXQPov*$WY07(epM+tbrOzN;GBi9*(?ObMCpyA;!$^iSfT1Ok%u@6sr&*}ks!(fTf#K7&j(4pPmkRk2LM#E;&noVbbJ%wKx?cgqX(&+X-)Ose zh^>!cIUyv_b-VOO9_2Vq!)WZA$S-Q;_Zm<^o?^)lPiSBnMt@)qx^Aru@*nHJ?8JDA zP}t^@iVdg~PWl^|xS<%>_l!%9QGU)b zKh`~nj6vY>KbMYFlaP;Lli?7b(mi2qtC^93@k;g+8g@D*F838C#b-X>=6&K>x+XFK;RmU5B*v zFDp-ot*ml0>m#amBc3=i2FT$k?NwG8eu4-n?V0#7MSd-cfIgO_<)7r@y(cm1r24l} zn$`|Xe-WZ}m2cyZ^KO{>O%D!Qyo%dW3=Fbi`DRKP*%z!|f#_64_}md%hg@|V2!k?S z4KKLjr--ZHs6Z1H=zj<*6Ogm@`^brA0NFrPq+fLlM!@oIsc%@Y3-xaR##~eVEntD( zUl3n+r)9-kpdC^4>1Z@i z0<9C%JRbjtlST8e-b7Bcg^lh2OS2EhR8utt&21EqV3zq>aj0tlEQ1^EeP<*`rO4k_x zjB<$y699uGn4MgPcac@Ln9UtS$m42ykl;^zE7s#?Cj)rcEemIb1mfbX4YQL^Uzrma zQwdbq68J@KCR`iz@a8Qfa0K&MqjGObNgv%}0tRdnz&CKYuTi-Ib6rxWo62?OW@4}0d1eBMzJHODzOvaY`hW)o zaP8A3U;@iMJNXw(8C7kImkA)=Zq|Y=cROHGx#wVFFz9yi^^7<_ll18V_!w9A8g%=z ziWoO$lKxNt!?Tj!4wxi;o0+s(?QWQ2T5h%NbbADwFC}L)fo|v)&&|Y6x3^)7H7a*p zN_u~n2^f$RK>tkTSnk=$JO5&06n6>W`X|gnkZykkOe&Ya+pk8_(}YY{XOg~J08jkG z#F$VhfQvIpUm$?PkK2&-I~m5n+bG7x9f8=vD5AMW6YxW zRdn-hG64qNcA9bk_nixwCjHsOFz9w}R^=?Z&BPk6LANV}2&ZI{zDNMeGD-Ipzz1v1 zD8*k$Uh7S%B>hx3o8N>L^tG}#0J%f{mQ$hM2rAlICBM9*(d_l#cOoW@4) z-M}_a9VV&oczDa;IQ{&=V)vExh)Gx(?h&p1p1aC!?IFWOJ+zDg7inrSC~fq)lovXaoJHBYGyr-RqD9_24$7 z0vZpo2t$wVLNTjV$b@O#}D-s z%K9Gt?dz#FKfMqws_UN}OY2MIzIa$94Ji0ruf$rSH!=DGPdxSrO0C~?J&eNsLlt@N zV=0$Wr7Ao1K1aoF08Q)>y*PuzdhXOe#>mWqV4jkM&mkuIGxJ zto-N)ry�Nj^iGKRW}T3m zL$PxkN#kg(v!xRbw1u;UtD9nJc}yHQf%O~W#49)J;Tvf8#?A>aOjMtY%#7*nJoINQ z8N#Me5#Nuq1luZc4fLA9Y{Tdc5{3yew({*Kd}@Sn>}H8xt@p^JQDoq?&D?AtPLl*; za%JtE*M6E#oleDX7t>EU5TDbDv_1ue;xzIzFN?!d?l7Kz-Q?y4VMbm{h#8gCl>Jwh zQb)r9HgvXpOCZ=AdI=o*oinB09YXmhKn?v`6bF>xl*rj4I}FDu2x;SNSx%hG05LZW zP^w{aunpXWc^URJ!pPadH=l05RETt&VIO#ocp%!hu?K#$5afMi(+;i8cq8hJu;AZJ zHfamOz>0A0kz`sQHZct3X^%}!xiL#d{m^5W6_ZPqz@M5SeP}i=?+k8BU673-urnoH zBtoX{38Dgr^xZpyRo<&7Jf!yrdaL}V^?mY-Sq9!}`D(h)QigH#UdNxU?ysMTxL89l zdU?xKmVaSB&P{Mm=uS+@?>u^Or+y)}dFAK3JHPCSzWd!jq3>eaFI&4Fd)?~3(3`=6 z@9VEtqIiiV%gGv-W4Tc8#7vx>2Zi6H-v@}-zZ*V9IlV!wdeZAZ#F8OO!bB2Cgjc?U zx_Nut!*+Z9|73b@K{lg~Qc?AX-{A7iZ0WnmWRE^Yq3K)jYxG?bZe#@#ZR_h;%lfO= z7oDKmEF0DI`%s45ZVS@k={VS}DLlI#v#3|pA^o+)&wc|AHs0SS+Xdia2*5Nc zSn@|ua4#sRH@!yksq-I)0DuGn-Hzy=;^qQ9ev_gb1n?&P)=y~V-m9NCO=yH#f+h8$ ze~YQ~UoRS_SH`^%FtW#?sU|gvnNMgUC^QlZUkZSJnLUdyk*Ns36Z+|(6f5v)xxE5q zsKC*l9&Un>vjBfZTe4M#{PSSi*t8%?{}gbMmTbv?2+|RK0`jxu=m+|5C{8$~ZR;C* z^lRFqpdzO|U{B*?l4uMH(2t_ixe8Osv)LZK8q(dcbCu{rL3~3xx)f_x#PMK+bkzA5 zlhJXnHYoZa>PSI$L|=;NC{s5}l(`%+POhwmeH8Zp&(P0BcHxQ=CA)qqd;nAV{|E#E zJT4H(_T}P$w1?#%EK>P^C%$B@{?jU!n}eXUIv~Nx@^} zpE3neGS3Sfh&Tvu%6hyzxV91x5wu;zsybT+s?fDG)8N7!HHh_8K!~iEiYAiIjCxtU zikc5BY4U@(XSoAZG!a_s6vBR#MTBcx3>D%qqep91&?a&HE8pm++T%kUaj&tFLN*ac+i!=)64@1~qeYI6S?7ppcS???0wjLdAs z1|X4lYvebre+R#8=O^*YH7#7rL<8kGTd%hglKOFU`xAt87Bux!W{ibnWC$8?Btd~w ztpL!GTx2Sr=5P-_{S3>t42N1(O;(+%{{;fpU{JTd5(Pr%2L@RfiWiEB!3jM2iGIax ztaY>x0^QBa3N$`6&C2aU0_<`hPU1p!cZSy4NzR|L7#2lAfB6DqH@it0bGrt&RQ-Hk zz8G?_b!f>^cGYJw7=YCM;76OC(ElcWTr`W5d(F=c#Gcgr@N21FxWf4mj~bu6dTTDB zVCjCs6-b?0q`&1HMF)Oh$e(Bp@K-PXCl$@=FnGLozc%+i1OTgug* z9P&%`7V%&o41C3u?&wIF9Wu0?AJIR#j1iPdjzxm2^yI?;P+8wc2N>;a6hnlFrHLC8 zv8y2aFQiJl>UTzzKdHF=^tWG@is(D>3!!MMgvn3XflzQN?Pe&`)B8R{2Zr7Ech*>> zZ~l!~WA*B5Sc)#aYAAmKh?gVvC;DfFK*9P!@p`TUv*>@oZVfda zMbE=dKgmX(v%LrtwDYLrwrQ!elnEXXtYxH=6ObZpn62AbsQAwh;fK4Z^v`iE79`Kz z9+)TFY1adejzF+p;9;>LVzc*l0^&~}H6n5A`J0G`LU`NqS8L;MaJKvnQOA3ot+*V; zxK|sq2QcVCz32tAC7mrpkPEUMs8J6XT$B?Ry@p&w8Jtt(*N0;h!t%@edj8wFEagsx{)ukiAPnL z(%A@sNTq7^pu};m5^W`p+b}j3m~mc%Ofm`o3Y*&`{5WE~uaErov9y?~J@EwjfGKY# z71|URBnm5kh2@ugqd+)SAZ+wEFg9Iuo<7R7fy>#WYQO~$9cRs{2az(Pm+kz4~|gt0Ee?q#$=CdtqS~3nDi)wH*nX{0c^&hXFI?ktGQI zjtLOkT_6oGG&`P=aOw=o{H#paDzGr{O&-PXY5g5MjDsRDLw3#r_P!sYKN9uF4}yc+ z9J3!*y&JRa*Z?lnu6ULbz&38_2PWCHBi!?~;=^rdADQTLul@N(3h{EhmSC zJ$T?yxazRJEFa4_8(ViR#1!d>zF`oPmdn(yGmwg2MV7yr$iYv}mqyPaf5?F~=R@pZ zOECgXDM$_BWhh&=9>k51bUg!?FvOv&)EM|E0HQ#S{##AS^B6pgVpr>O&ajz~+#?1q_3JayHN6BgQO*q8hKI z@aD(iR8Kj7^Hl@8xjMPfVy~wjvW6dFueU`^P=V8{G0d4V?+4%*a8J`O!9AAf(_@=V z?oslTSMf~2%I6dp{s!U?YioG&E}jn|HxNROkAscEWtk9hX&qM$QT+5TvWmRn zxlEA{qf%d4WVf>)WU>^RJcQdXkLXWcWOf8+3oVt{Z@5ud3An;4%9k;c|Ci-d#Ar%=jCBjCMP7-U-i%CY_le8ha==)gsNv>{SB^;a6) zLc3(Dy4u$33AlrJX`@YrqYXzG+@x;(K9IK4{IN?@(=gJ4>V?TpZ`#Joh`p2 zAJI1S6LGw%&JDwMW_wf{Duzpt<$}@py#?@KxH*aoKkyV(1s*vAAld{;qz1uF`Zh>< zjzru+S)srr7vE~_A8;UDI+V8{zkFgI-txOdB7}g#SD1eVw4;cApQFrGQEc9pDW^jXM387 z{4gt#889&%hmAxsV^5DkaWpA}x9wvSk^E&yUg`7A$V2~@WT1`&f6Njm{!TKP772Z1 zCW(qTPGq%`8!F=CQsabzEDUFRxPnEvBQ@McSW*>|@f#G6ayv|`fo>q9Q<1OQq)O14 z@hTX`*Quxz>c^JUC(%tTKA+)71LM8Z_b{gM?r?hajZ{gVW^3qw9i1WWZ^iAH_478a&|6k5!;;Wv59HIc1-K^CBUN?z%Ht%k)Vd% zO#VukRx7vROjqKZ0z;C+K9e>fCD2MfLTc!WS>k^|+FHg8nkiB0mizo3w=-I0YoRL|zl z6J;gIW#@VPueg_wKN~kodJ@;>Rg}Q?xpnbJsUGoHP!D2U;_+|sCeDJrJUwZ3uPaMe z^}71nL|I9m7kgIHn=48-FV?NCcVA&DU-98lv_S=g7j#6}o45;*ssz>!sM}rhQ)}?m zZ@&6dh_`o*`IRvTbGEzydWwZ|BOD?*+5a#iIa~fL4hYpp7}P8?0E~M|vO-4v5Man6 zP5>*~t^)JMt}tYt5--({EAi6B=t^pu;^l=gN*;=Z7v>E8Pq?}XDv18$kqi*c=PJxl zadMG06I)M0WhB!>eaC5H`v{_^axRIU`VV1S=qR+NV`^;#l#JsWX=#0Nk+S$i@r$lR zom&43hqN}wxj)HtpP^WrSn({0YU@2bHZ>mcQjZ{YT71%}2lW3Pi`x4)ctagG%$x~R zN~fnYd5x!2cjawP^qE)|?-;fjYlPAMJZp7++3K^~S-x^?vplP8^+jc?Z^)BrLFyEM zz_wzGxuLqke+UChqVJD(W4W^<)qm3Jv&Kwbeao1<$*X6K>EUhO)YJL+tMOMllRaVu zEgi95NUm>uGq|Tjfwwijwe!F!y*I@A0s?Id zynRR}@eeYg0`yh@P74*_=w87nK*|d60RWktY?cyF{HQH2s@7*y+$=?T@N1Ze?p%-L zvaKsD8Wa-V+S2?FsR15xM*bMHsWMH(mBA2!^O=@DAE!_g>!r^m{>q;UKP+d*^*@e* z9+_CrVtW#Qr}qv|?@s4Eoe&1GTUxe6XSti#8&zs%_6dicS3p^dQB6)Q9MP}G9%*VN z<;c^U_=PIv5&g>;uf90MTF)Gf(sW6okcO7zd1{h(JY~y0kCW?XmWJkALfk zGNF_#H|>XiUz%jA2ZaOctY_>x((+Q_e6xS)9~PS zMajSCe*@=RjZj&Uew#S!6wbFQhW)!T?^B>H*yl|=W8{P-1N}DSr zn5nhe(kT5FCUTR@IpmR}u10=tOndz=dgD&DQCdhrE#K=`9jpWwqEv44#`nf9gC4T9 z9w#fkiMt<>6ppVxcjQgCt~$??-rz}hV#tmiOjWoywVc8tFNY#Bth4!8kHrH(F9AXD zrnh+fpXfu2Kry6tu}V$V@c8PRI!2zGm71{S=h9_%B02s3upB6NQdHsijjrwDiE87O zNZ7`+s9>}+u8~fxB&k(zo}FxcpPO-%6l`}Pz}P9ucRHbe;&s8daATKEO6nKz1}~lj zMb9|BtJH%yIrLZ9)`i+S`lJ=(A|r;kZT?W&oN*UBHmu^=-z{Rruw7WKUI@b`j?Bsg zPtf4_?HBrelHx`Y05JK>KdYc=bLI<{uPyNlVO=& zI+TQfhNZ&-W=pmoa!8#K}rFRz9;gUSH*zz#EJ_ ziHgAk!vj4llHzOa?I{$81TN4$!#X{!y=UEoOKvt_pNY}$|BB&Bl;Pxh`~|!Xc{Dx3 zGi=|+HR|6?OFE&whT>A{37?!=z{@>8!pw`)v^~y;JS+F$Ny_+!ava~9teDXNyW_86 zCx*N8dI&}GQXY9)OhRy?L;q2;hcXO9B zbzYZaC9**u(c00Z>Etrx=9YV0I`uw74gua9RlH?z0VaO@aW{Y9ba$rC=0vOWJ%>B~ zg1hs>p7EDD5B7<_*!fZK75fooAYO-F!8PWA?)CU;&+zjPeqxtHec0m6+ZOL^-VYV` zaPzTK+|GM8#rhA~hu{hPIPcjw@rgXDf$rva&T}`v=W;i{JJB6K$j(g!c3$DbZ1K;ECwZfCPIlZsT5izh*3%eY1;3l6mPq+oHfzI!Fk!$kD_;fj@0D_p< z)wB8Vvpu3kiAiglk6!FtIkyKx3lVw=LX%^~dmg;!Sjf&+59rzDC;;?gBJmo~F2}L_ z0_|*gyBsOFc!pm}+B4$pa_k1=T%t}z%;w{#I$N$1M=xh9?Xz7Ds3F=wA{2`Eckq%w zJZ%+&3leT@X6@qw!qoS6~4n=6P>MW^Z22| z&jSA`I8{BJtu(NeQw}}`2U-rM;8m9k>|JLo@87Cvebu?@N|0^h;jVrto^l~&w{rDx zwoZnt%i%z#%s=@6Vs$wVpHcvwkwu2MNK8bLXFFHULkC40^&m5tZKN)(@6VWXBxVO< zy6D}?=mW^XaZ{zW_gRN3|qSjxWlkrOLY;6X3oG?k>j_2DJHjLGCL?*;+4$rK6!9Ymi?|nG)DZml7F^&z+!LcE&jBdD zt$E*}=A-?hOPi05aJIGpsmsw0q(N|{p7XSW!rJNh6Z5_D_NABX;c0im$xe~H2;MHo zcMv*DGvM*&kwu~0HS>2j1Jl+Bi`L{l{%cRE*=!O`XT z7U1N-WHFmi%EK}xsZn}lzAricT)YhF!_d3&0sr?hID=-FF2`H&N?jg;S0#nfie%b^ zkR(QFTa^G^3utPQLS#(=`Z+;0Sh+Y0g61Dw7?l#CemF%W;8-73Dpovos^YOTRODL` zSvnFV_kuwpcb&i596qOg7Q*3*^eyTj*WcgK+;K(E9(?@xDda~(H~#t z*F3=q*T6_M2fP9}FOAH@P;K9f*yTv}Ea1?qrBAMF%>&^jr^(Tjb5Qz!bsNhN!{2qe`GWaJ5ehq5DZv3sp((4aE zqp$nJRWIq%9Gs=_e+zME;qM8g!@otq!(oIp9{NaMgew;_uiTlOY*ZwK(H z!EeDE9lon#Z~$w0f%xttyLVxa2U5VI-!7!Vd;qCXkS&0u3U+TV+C`Y8T0wlHJRRG& z?AWmV`8}QDk0NB^o~`(f-t+v9t$RB6d~#$L)7h)9P$|!1TnXQTFH@ShXUm=>exrMi zDa;#*SvPprF5TJI1Cnva7P_EdX}fpqI7rOB$=G>!4rJWD2)UmWLXLDNlzSqmQ-|7b z*_9mF!7%s_3}lX=Aifp&e&}p@SO~N0!yVWVc|Y8)&4Y1BgQNNGJ-c`BerqqwH4!9R zOGJIghFzUI_8)E;{3N`~LF#?TU<(TM!rlWrw(i=ndndC3`U6Bq3lRnAzY}ypl@e^+ zE_L65-#r_4Jilk_ju-Z9-LrqkR?u?mo-I2L8vnhp$e^)f>s}Q19VWYVZwlLn z-~w;3B@u8J8yH^x>`ftySvy|X@jME!6&3p)P2{M|F2-c`DBp5`P@PVrI&paI)p>sJ zhd}SxwQ;w!IU=lKgsoPENUP)oMvVCZdwqvo+O!_glNSr+Vz(wR@)#d6r2Lz>wT-n$g*9Zk}z{R++wk&g$4RDYO^dg zyapzUZ#bWRv-w{aC$2sE+6OC+0IogRia5hw>D+(Licb1_AB(??iAB0|U%%c*Yn%-o z8*7{ww*UvD?RPO`n4KHHRXkCKyGHsRUxqOx{w9o*&Co|I3@?tPwo6PT>}J_GwtnJq zKK8Pwq$`Hk)K2t>RHUx=lx(6W-6L{Ms>~BV?&&;!ji=~M&#*TMTwLUhf8y;tc1=am zOBKUjVx+|vVM!?FfY~V3({p5x=YG$T6G#zPmv+gJi3ukuhy0CPpRMP0+XnB|E0zdDa!T=d4UH<;TcCEH@XIrm#u^lGZ$$R5^d z`Ta*u*m9H%GxO6b*}u%iBv1TH+#`+%sQDhR^DzLndyc$^O{$)}e|h6CR5%}d&ztvp zhE80sDca!aeIRxw77lxOns;c<=HDWIlHJTxwAs^pJA=N&lE!WXQJWDpr~;Q(cOJdQ zTlAa<|HI;VF6?hx6)j)!6ussd_L}G1R~QjyLr?P_ZSl?Ae21f9o{~MDb6;Lk;VIhY z>D>`K+p`{Z<-cW~F5KS(H6gw;bsi?zM|OG6-RzP1Dk3hY^XzVZs4y zi$G4EKR_>>K?H`)Ls-#axiyT7kub3g)Nf`WE+iPJ&xVWaW9)!j^-ZQEA)`n-URt0( ztdfd;TiDb{1lu`gV1o{(sRMP52v;EqXX|^4k@+l(LWu8hr*U{d?OLGdfl&o3G9GLb z$Ns?%Y&c2(Gu0Q1B^>(TbEp4_2CKkb3#b|n5^!RHI!#2?ig0HsCSSNX$(@FYP^@=# z9@(zxPUEl{Dz_KWxdUM)mI3fw%s61-XN0F@V{DQqfp>P+xscwI5KdfBMbOZejwmjW zE&lksB;A0WACPtXzKI{Kg}g34=tQ`TOtr|zNFUZr780Z>(EDI|smS#=Oi8g0`@_Y? zIxILj#zQx?Hj}n~DUi_RJkPK*r=h-kl~@Lc)p(psH+Y_u0CxC6ub86fPzNj=W@qpB zj3@6UPsyPOP6KYkO6@lt+C*eL=*^0fuKC|gOw3FEf&`Opt7(Upc}hCNxFJqZhosTC zeYK_NkBeh>(yEo0*I5IDWdoLdN7uA#i#;ojo!$#$*zER0C>$4mM=fQquQVl*6V!jj zGw2f!USaF~(v#O9uVJ0(4h{^j?Z;|QB{nHJ@7;if8z+HqCdS zc&Q%IyF8r-Mkte$^NEh$+cvJLLDl1LtiX#K>1Bz#AkexJX!hmpC7UCc#dxiC;>niSHqWcO}X!i{jBAREmF;87+ZiHyF;jiRGRnY z=oui^q)2@EbC zo_md||r_2g!4u7s$ilbSVZ z{K0AiSCt{0jwl+>M46o}2{bm!4dWRc&L>WDr#HKskM>%CtH~UEukl*{S<5|n8`5vP z(_7qF8*@9KIHl&0+xcgwafJ!q-$6{Y%jwDI;qbI&CBfa7xk=z2)dxB%qng;>WVv+4&CJc`(}f1O0kf&pdt{y2KJO zHc}qYH-T(eTfts&9(*HY9Uw%#9H?C9GS;8S4_pR6pxhuk@V==O6nrfA0az zY+rLHk*$dl8^lTq-b*{=N{@AoRA!j!x<{dSFeWxn*Pa`2@ci+hDYdWGd(na^%E zC>!N_b`+$8erJ*FE81h({!Dvx!nP;vVN!oQh?*hwaPfU$rkK1B=(H{6{;dQo_wSp4 z<^GxaSYk4awv;F*9INxOA$udWHCz9-h1ay@Lue}mOP{lax8-lFS!45i09eE2B6POT zyY1D>u!*iBF&g}cN9bT2#x^WZ+szoBkLd06Vm&OrQ@ZX(v%J{Y7VS+_Z?B1WjomnL z)!3Z!WWsA!A}rorcmd=0L@+`#_#OZ}C*jL-*9;0cXc_1y-B;xCy_tqQ3JWBj{Y5SC zEb0fQ_6^~id>0|{@l6}oVE1-9_s`xQUlAXbbw05P z^v{h;fA{feowf2`IW~T1Bg{wX+`q5L55&S4{~zR+(f9uk5=Qo9NceXQ+!bxu`F=a7 zXi`#tm{3fxFgX*6ZfzIHs^1o@mWaR}qw2Rx=&Sm2kJYCXZ8_vzdyey-4bdK}PFeK| z=8SGxx9Aam2cq7Q+U>kp!rOU)tYpCyN$HSz2$_DL2y zbJPFiKTf|*%CA!Ik(2m;qx>Gpz+;x*las}NP=0H97y?-O%%@+~XTJ9q8~k!~{*U!% z!Hkf&e5FgCx$qQi<=yI@BB+{g#Bi@+1dMPMF&_Y?8fwn;#(NF+#<5mL_$t8F7&V(i zy(KR){EM+F!|#VCIy+R4Lwo-l^w0gX+PnMyiZJjw$&^1kz6S}g z2mW9AXZ1hoJ73it|K6GDf5lk3F#2C*-pAfEaOVby&o=l#znEd&_CnETGv&>q_r$|{ zG9=HXHT@^kJ1hQ?Jr>1l*8FGjv*>kXk3sSOi(X$*ept8;nI!+({QqNmH}A;M`#G!) zS@KS=7=~dlS#jO##nywascqM(nQxM5P8nnXQ``K z=dZE*hv)b&%JH9`?WcCI=C^1o{=JC5-T3f$pH@JMqpzpHM(bc>uNh zhv)b&%JH9`?WZ#GAC_kb=<^*reW1#i^ce*5pg4z9SEG!ekL4epoi z@Qc1a9OL;s6q$d&#NRXc+lxPYd9wKX>r|p&y^-PX_psP(%9B9{y@PO7f;FnY%&_h_ zThZq~;O~MQ{-N|od)GX?_3s!*4zvdG?qo=~y5OYWf&fwTX*Q{BacUS)4ybLV;QuB$d z`SMzs&lzal&v!Gqtyz}$fOY_+KLodlH=v@ea4{?g-ZUPUDh$I_ z8E=4TV8Ua>opcW)}UDL^z+vx7Jq;py*n$0z3u6IyC=?i7MrnQ5|r591lKjVA5i7xYl629Xk5}xvuSkk8%1S7Vu)vGj5kGkY^)3&MDhHiBg<; z*&e&GvhA{K6N@j+*QhU${ zAz#dOXz3v*d9FOsiI zzL&^%uzW9*?@;-EQ@)qWces2<$akcCN6UANe8^4%cc zXXU#|zMJK{RlYCC_a*smlkcnYeOwA(m>{>2vBpc}Ji$0bN&~-6g-=>ROV3SpJaqDz)GF`k2E;*jA z8|WHISAedebcN}C(okm9=cAYi_7Xsp5v_LKI!CPtRB=pPZ!r5YIo7~HeD&Y z_zZ3Bak^fjs{kS-iKo0lA-dMl#f<_uc>o&T6Lf5TyJwn$FbUjWN_a@dpOV=d2UZHCoU3=-`&cE8v=;A|U zwLLKmB+sL(KVALkx`eJ%=qjS?3+yGVOQ(xNh`h{Q8>8!W!rJKCO4l#w z>Y(edbUjYj2DA`5(Df-@yXiVW*N1fR3dLG( z2v5F2S3kO5pvy%UU*xGBK^HEYPuE^U*Q0ddB6}_QYr1Zy>nC(Ap=%9YKcEW_0i|ny zM%QAx{zO+8E=}`?7d1ueLUV`vwWh{ULo^t64VvJZI?(#(& zj&Se}EfDc(Vf+Q>H_geQM52x1pcaYL&GAPUs$XO-jz};PK`AWv9KR7FkosV>wlScE zeGTd}QVRs<#^%kb_tn)k`n5^kY1%xZM51#^k|2Gk*L=el4*CLtP*|H@?VdBYF4PbR zHO$ijwONTE$w(t9iUe=hf(`RR4M8my(t>{0CFrN4R-4;^-#Ja;;2eKreUqjtB+i;p zQ$*uuq*foSM`PhTCop#&Ttn&tuDOe%!HBCa=({}_KqI(@1YG{wSi|ig_RT{^j0{|9 zeP+9~A;onuR}GqD!jQ=2E)*D!z~wG2TFaVD7*ZF5ry*89HyD-x)GiGAO&Bs_T-~fw zHJ2Ul6qG1^iUNKJy3E(f`5<{yoiAF`7_Pq(LE#0VhB2cH7mgb<2S0wl$(d!|=~ucg zxgr(`UjZWf>aGYz{Z}-CF~Jd+Xbp`~mv26p(1(0Xo&)ttr{7dHW7-_F=o~O&LvR7O zFA!X4hZAVDTquwm!1l~QBPto;=d$w2bKGTRbG%c_%4ccxO(~x-r?kRdU9C;_R#nfb zZwv(IAcp3hI%7`R%&Ix%v*wh!XSl^bd3t$y7GP@mjh3H`;9_(as}+egH8qB#AX7u5 z%P6SJkG2F6L5I4zKCoQl97aNg8|RRP#WnXf_B_Cbqs_IMDCcA?hT7MFCD0QhzCa{I zu6C87f4ZuJ{#ZB^U39t2+u$FrHQnxyd{v;U>blZut+EWv8W@S+V*D0s(@RHdVL$#N zzVZfjwQ09gAG-(;+`P($HDM5i(3ec!^dzRYMo7Z)}*#u3rjItRWg+B)$qw zSPfJWZ}klHS&)5NxGLN@Kh)q43V52<7@p^A2;J$UC{&=CSukJS%!W`@LO=ka?O63K z6kZ~+#}-CH^UyGC3?nSqFh5ua7PrF`5-M5VO<*82FBpktr63JqOJNj5*LA@~?s?&0 zus+xj1?N^5mX}U~IExep{d2`%I$8PsHHIJ5X1IT@U*VUPEBrvv^dns+5D1Rayk+HX zX`oOb=#w}Kf&~ms+!S1mJ;(=Ww@P?a) zYYh=bFJBn7;bqcuApnw=9l9Yx{*s!QNh<*&AdA2T$-oeWCKr{Lm4m>U01z1DGh>)U zW(<LRnPm9LxDhU_6LU<_s;on-(u)&&U4$RUAHnlR-;GS-;U zrpO@(z0Ks#s!7+CO&%%92(pouk$jP)q)3@fArjXmpoYjKUnDpa`i@0D0$hYNM5YJl zV{l``WMO2$241Nz1IofIb-OYlR-zc=AcO3AP7eyqO0KH0F63X7g@U9M)Ih3^)Kx=- z2E)SAR_Uo2D!5AmP<=2MMT>=E0u*JcgLlM&5T3Sh8>d;JV1QX>e_SYiF%&37tVnF` zZII{?V%`990mlc!BFg8Fa#gD^7Xn?jP^g(R+2>3&1}i{QI5Z#q1px6^1;ZhziX0e_ zT9pcv)Fjwtgd0V0*D0B9pqrTk91Noehvo+rMM9BCEEvwg_6pE-67pPMB;+qe$Bc%3 z(6=LIVZbCIKRRnB06OzjQR7UM(&-g0140GZkOk6)AxHwFm^Lw?+LvKI97u2E@DEDZ z2xmm$adipJCG4ch(n513-0 zRibe82x=4jVc#1)LNcQ8hm+&bl&RW0P*{z()l-mnDpC%j zKUH!1lOX~~We)`T)GFv5cBMpv=71y((ndp3sF;vQ{&1*?DQl(f>KVmSKEE## zEtcXb7|Eevq=Q zMMjz=MeJ;$r%m@(l~9O5_MIeLs(_6k5o@7wV@b7dl&q5KrWm{P%(fC!IOY__D6vAlJ-BF+Z=PtZ`W7W!ccG1QLh(FIE8^JM5i7|;g8D%DV zy=$rpB-vm*Amuq?(2jr+qq@>t3Dw_?w5qS5+g0jo^34s^VZgu;NIG)9sUn+XR8vmE z%yy*6&BdXhw&O@!pWM_YJD^uBj82E8%hs_>1seSgM+Zb4+0p_X{ziX1=FPvE|;F;A~A+t&fi^poSN`}kVU$305(n{Ag z!kI<#EmqBCv=l2BsfX|^gjpox@kcXmpU>v5o0swUZ4n|(ch~}=p^OLV7W(TW*#HvH zo^xR%Y(ZIo`pCS(`J=L7m~a)!Xd#oh!g1riHn?PL_raKWvbY*^XJFk?b{5^mWIrPT%lpOmKxi!?!n4Q2=W zd}hf_=C_E9Ajl%IOjY>i2J122G$n0?!` z!IZ?;WJo%hso4X~`etSv_E1Q%8+>&!>4S<*Q8;vC%q^hmM5W+1PC}rO-t=HiFf4N+ zdvX9^^o3Zh3I}Vl3LjBAh+VGQBTC-J5KWxyJS|ORM&s?lhOBhSvPfGomDk4OtOvrN zsnv&~oYb8}86#>#FkE5GT)Rsd!L&)76x0ZPER6QZW<)DjWi>&+husYpb9-HxuZ<3% zWOi*Co|y@E8|(*(q}@)A8Mfx(Ux5JipURx*awnCG2}7A7LiYvth5fadymX%e8(Boh zNwf~k_eToxv1M2{uduwj%(DRY4N*lhB(jBIXv&U4)CFNI^JJj|?PMTR&qgb)tnNNO z0!~W8A1JH~*fW9%7M6-&tVg%bB%KvtjPh3Tpj}HWEG9J8Oskm|4q=HU6E`P#`pIH2 zD>{@vauTSfLCwakIl=BGlmmVHD+^Fc^E~GRm1Uzb&mB#~rrSdc&Ee|~kx3!> z0xs>~Q-hYjUYZwi87ClO+vk^`J7AIr(65F)rdL!LT-XG|O(<#%6bcxs?*?dLmW(os zQ&ebSDxi#l;d&7|YDAR6(0My-xu`W)gp9m$p|&JcUnRmFh7L#5P1r1DHvyT*KGSw7 zF<4ZhQ+P>VVj-f9{zf4_LmK@Np&#AsAZ84IebdMhSOAzCYQzd)IOLbXYLe;0yaVIh z9e(s+Okt?qYCb;(OUy3HF++?lqBrUbW9f)9H=mC~L%0!!g~;4_O@*N*nqMbzeMkW? z%r-VO);Go?m=wWOprFvPVGOcaRH9Jp3@sH4HbH-RL%^6sVa+J$cfoJYsw8|ytf2v; zo(eQP5|0E?5Ot7g_8{NVRhflwF>C?rV}z$jTbtoTA<$`&CNz!-13fnsWo!3h@Z z>P7YSZpECEE^udpF>$r8p(zj=17-t-o{<$y;O4s3G;f)i6AWjT*~B)~vuIf%N=Y!1 zx?PpH$`|(4BT~0e;Q%B9xlLPnQ*9VFRRh!HaWr5}C|qwqF#^+fqc0St7&f3#ljp&b zPzlYC_Ck;?9Gq7g#k@s1%_*qPamm}lA3GkO9?d^C!!h=s9e%{Vr*nFuqJ{$vmk!ln==EKC=X9z6|>7=?{x z2LlwSCBqbQj;2gY8F*8p5FE0q5S=m_iy0Tq|w-j2~9WDMC(l!6l>Ymd`YU#*kErOGlGGtX;o(Q z0Oq&3u)44h7?_SW7G7SIg4U{Gim|P*>A?tFTQv(tDVb~-yw4Ui1cZdh zTvSOy2v?MYP^@r;F_O>Ah0lZF6c!^Aq^`6(#y=TFuP?1$)DZP8ESz5?gu*1puQ(k; zV;BFW?eUD#m!ueXS&v8D6Ht7EH0A zz?8EzT!)@20I_hDVJwk$!sY}s7N+GE%$1d11PlG8wLuIlMv^Y&GnB?s3^X-0D$EcV zE(3-kfh*jih{K*H(P@kW%w+;G{;-_`9QR@oO}Yy$sR~&Eq1s@g+vEekU>!3Oo!;0O z)szKMoDdkaC)Cz+u|Fd>V6_`z1x31Bc`tO?!lzB2!c}suY+9KXz_i}$p6b>@z6M_= zrdDRI-fQ*q>Z4jELg%S!`tL2$XH&O~L%tu_K&)*7v>3u3(j`+Fe#(3fb1Hxx%2$Ka)ehq$6f31JKkXyGFA zudxorZf00>%rz*2atu92k3(-|&Jj&|Rg*0HVPwo*Zc&}kshX(AMl0fOw=D&&Mp zt*oH;%erR9R!3WyfZQ5nWPW0jw7GkvoSpt9`eU_y*`gDKD)%u?)-PzK9xQbw3z&CD&z z^dQ%ePmW^1sh4O?u>QsTby`!X4&qO~R-curc{WImNeWMiiqbl$q6#pD;~6v(cQFGMb^vG;Voi zkYso*=8Q8SsgY|#&?o`M5v+;$U^Wn|m04~yaq(&_Cq0x+n%m73ZvAk8Fh|k)CWGaHH{`HMm z=QycGO&CnWxz)^J2T9((!Od4^s1CPram}Ox8hEEZyT4WHHF%UChI|!o@&j66xL$5EXotl7%5W}nh=+(inn1iHR!kw7<#{!KFi$v4sCQ<2bL037o2CQCUtH+GYOb9lI zAaqb+gFm-B8W^5wW!{FS7`AguGVGR6 zl(F78kJE5Fa6YD6Ujfg-$LgLG6g!Hna$s`^(# zDY<5l%yQUrH9;99xBre(UpT-avNFQ;R}x<3#~RxZg*1TKYhfWqGKk0{E28B$iz)zn zDgwyP%?`?nms0>3JOkOeSpX}VK(g`^NKS@!Sa#H$EUP&GMV>aY8Xy}HCi$ZNT6ds6 z)R2v7hi4UuZQxa0k|AYf(0#|r(CNW>lc8jzB{G;Nm&t(SqGV-?ig+9D$f934PgrCk zRe8%`NTtBTATz1l}*Vn!vL!D zsxFb8p`Gn)RkVX`Sy>EbL$%n+DzfSYsFanlKy2y220@dvYz@Y^km0JFfGkd)RO+>F zkTW7-aDhpzp_H>xoRh)8hLK9zdgQ*CrI{c+fpw@?h zKOhzh6XXYNM0YmUpiOC1dI}!v26s~e* zlAbYA3@=ftL$ttkE=24igF3vMHNO?YOPX%pUZ;tRXJg73c3P8 zvA$(t7K(CJ=*3~6LLLYr0TrkWM{{7B$pGBoPplU-z`zxzRXP)LEw+|sd^dz}&Mf1t z#GE7;rb1x@PHmhIgP-g{Dyy6&`!Wmj98Y_%y z*G|I`rb6uSDOAwgxL39iJAkmJ#Bli3hG%xoLi=1Hf<1b+FqeG-3B@{6T@Ql$QOt@) zuIFY#sgeV;IoPu7)arB(Q8fu?8ZG6rO?-a znSH~&81--nXIGu+F~UO)m|TUT?m8?|Dkp5bILhFw=e9u<2$oW;t-?0UE%j`qETf{8 zN+5`{d|Wv~G8s2bq1a3Z8ge%?eoi)s8YrX2jV20yz7nOl2;IKcho7%R897o?!OzJk zS>@n)qfD0cWm2avlMv>Ms1+y-W3at%sM!~G))d09uPuPI#b4n9DF2{IHTuGMa_qt0{vAcTIJif{jE6B_M zNPt6-tYnekBg);qn!@PnXJ|a04pbb4PgC1RoKk zisk!HzKar^pK95hpPGYFf}l}?f~kbBmaPN|dvO0@D(t}{F=wrc2aj_V4<9UDV%;-7 zyjWUVE<)PAfh|8tFhT))eE&n_czi#l5{lHP%aO|XG@-y_dIgM;4cMdQXu;Le(gTNC z$jZA~O6{{yz#c#FQmz<|l!H*DKFu&f4qJYZauA9fbXb(K{3NG7NvRL-r&L0bIc zjFQ?xp>C&=+5w=2p+Z|20<SFFQ!6*7D!Gfo zYOM5H6o;q0>LW<_AR>0q>#f>sn~XUyHOma5S#A)`ZiDD+4Wh4foCMLldWnI7*>Rcv ziVV~Z!qMzz2U(>h+17HNjz?tT%H+nj^?@L@KS1JV#mW8M`{T=#i*vL9{mKVn8zDYa-Sh(5cjv*w zrKN?Z4_%m>Aomwg3tXyRYz=nno%+GUMZ>98TU`JH?FWi_`tU~-1k&kf_>LCMqN}Z% zn5lJYugz3%OKM)F+|%ujCe9XoUxf(#9h-|Uz)>fAL(mhR>A%{Qha1GF52w+dJ}i(@GZwmbljnva>nPOm z-i!4TgOQOW5T28s$9)%-QBxZna5tJB$y~!UMlOC{_MDirFLV}eETKVK`7ub{AA_{| zW01D6`M+FP;(tG)Z3+4Qk3rt)cjuJqvw)>Gug`K~(;c&YHV0|8&*mV__Sqby**=?t z^ae@6Ob^V*`%x{Uyqg-QmHa(jWywF>SyN~?HEIg&d)w4h`aQidRUnu*Rn3Gj&GmBq zFYK>ye=Sy{cB_ShSxAAFSKZT?>#eB2XVs2 zt9`R!${Ey5uHiId2+FR^1`A=5h{3f0$*x!9>H4V9NH9POhBvA#4l8{$OyIp9zJGBI zw*9BQ5`0j)%kbujZLF(>+tXzlQ_vG#+?(4 zG^K@;NL*K+Y50BBVW*(Q8{1Jd_`;S;2ID0mKb?Zrx;c&s2BK8X;k6_4IYh&>7*Xgm zGukK_j3a6F!CAx(G2G%PMjwMpp~DTl2T(bgz`n2}si-?}gh18zkFrwh_Ow7h3z zSTw!FOYIQLr5EbOY##1mMNEy2MZFi=o812t^M%@ez-2o800K`xIA5axGYK-Nzn0`t~T3vSB;DpriK#_JR}hbcIdHX!WIC&_9fh7AA-9QTe97=3$7B`-3>}b$kzkpCQ^8i0vwzyb zV42=+VTa1D5j*Gjdvs5)TPwd9?vF-8AX0Kx6wOu2wcrTD8iAx;T6n}1=c0HmFoV4_9xCJwej-jclFPo*LR?j?oO~CIzPID z)7FKrKa4-$&5lF0U)Pvs$~o)%(;+#^LhLJ(o_B{0LORlm$>g0hLkxy8;q1A;Q};gwgLV2GJx+6g}Ac0gU%;^_$nNn z_BUVPvKEJvtU8>hw!k*AhV(JoKV<^Gdgh?xbgqSUjX4?fl8gsu%NXTFh(TAVyZc72 zTT?JH3(9o>y>?LOs`xWJJ0EfuogKbU0QQ9oh3Q3oFMsHUWkGsxq|=J;*4^IDW@lZX z7i-I>^4VI3EoYH7M7g(>J~==6I39j`4K-MzHQ?bsE|6PE-_FGCJ5Fq1gi0G!?=k`A zc>|am*RV{kWYji|IW&KfMfTJiQU1`?{8Kg?E=*=4Lqywss+`_VKKU5?v_Pg;SbAt- zTxyd`&R<#?Lg1iR!QZL9sxw+yU2!EGq1YmTP>-PnaX@ znTmviI(9|#=$kqo=e|rEb5&Pe)W;L6&#aj$eJB^^&oy=tu1JpjKfy3w$2~As3H8VQ z%VQZD(8_kC?^8b#>h*aMng9(s4QEO*nmrS=_$T*C?G9|pUyDHp*rZflMy4R=C} z8J?Bbdh5N7s=KwZy|>#NezVy@v1s{t*y|cQMob3!-2ty=LD~BvMu6lQzUsXlZtt)x zt6q2Ye%H20uw0#;&c^cY+wEQnQ0}eO4BF|xo&#aKFL3r& zrceO1FjU9#wyLA1=97FEo&y>lT?kryeSrV|XfO!C}>Vv;bt*cyr5 z#5OQhx)ov{=@aVvaIJ}1COM1gTLVtVG1DA!Zp*UIs%s_KCOa=d=jbfDD!n=%%Jy$g zA_r#)^)7F^(#CAthRkQzP#cBKF#32q<<-KvV6MiHHTk3LoZebPl;CU9vU*3#r~FMF znUJ-BW%*~lUJQAWep5YU{n7QXvc9(-rQc9bPWs+SKc^K^TKtS#U7NbSc(w7q3EY3CQ88%&nledZ|FaPt+Kv9t^m$D)Pp zTdeJ`^Wi#{qZuk>G?q{NHjKTLYkvz3Emiz&oS$O)H$*`MQC2Hi*1dBRMf_$=BEy5v z(L$-pHc5I2Vr^$@!{3U?ImGnvqh4q6RfC^*u&FOC;l-C~oO*9|cREw$3%%95BC7mA z)AgHn7$Am3;iPmwEYjm6m28*Nl+Pkg2w6F*&AFe-eZ#D^MbKVQG{ct$S7nv$5j;H= zk!YePjSg@Qk?`j4*ty?4$Bjru9m4qqw;i!pU>lUjBc&CHM%>$AdEv*C;r^8#z|keZ zdNsq(x!W5}kegfXBn^<0Ge@Gky^LnR%IVEkl|kzH*-c`q4{k&%K2129kqE5NlA7v* z<ct&xksI53XT@qxaaNPI_3yZs1Uc;C>E(31JZj%r0#Fd> zRe+j1%klELG8q^D6^lf~@wR9Sc0q5Bs&^>I`7Bh2Zwq?vH>F(S*7~ZhMO=yU#bsNI z3s`p-8EY9C4v^#|z-o^yy&NSE2VjmG5nKWWecY+nROSWCQ#WOoU zs{N*WaD9ZqcX{=0s88drWlXMsH5ZN##wW5{Vdf(`^%xbG#Ir8Jepf%Njf$$7@4CQi z!_3*Ob=HIv`5>uuqqVzpmKRo*d3kQ-jOk77!mfnr4Ksi%b?vNF)E466PgU-IApx4D zP}{1@m?;5{FiZs*%Q)-67ki5N%Pl$4qh{lsVTogr0X{CN1o?Z(N#0$4dL@M7;F8Ls zbTFbR?9O@wL5$E0%ja0&A{(gl;Kg8p?`#TIBv$e`a)+Oikz_a@prU+dhiFaI&fEz8 zNOBfePbC>0C<`{{miTDH(1DdwR8^}5(%XdZb9Rl_kKBstV$2MsrP1bc7A$)=>FqKx zv~Aq#eQ{`Fe|AXlVi-RkGfYU}0}1Oq3Z38}q&}ivnBwuiQr#S;4a^55tt+cNv(Zyp zp0>Q%jNzE+&N$WbWY8=$T>~L&S!piwX09#)at2R?iB8mIYr)pi_y?* z^*7*ROf-u-XHH@4^yBcp^7+*Irg`N({c-hTkoKeMo!ggl>RtZISK1G?58JgLRWF8Z zKMwElkNXZx;%3X6x8u(lj(KRa`^p@wIXiU5n$&T~%-c|J{h@iTz1M%$yXWRmF>C+i zLCUuD=+VpvE#CUWO?&$A_(~Fu8ser#A~5KX@JqdpATIz)KnE^fN3bpDkE@$2e3&bI z^8aOpJ8Rwg(PK8$_JKR6$8Nx!v$M~~oY%iMV9wdI=VPMMW1VlbSZv!jV9q(+=3}B; zGE?Tt0{cU?vcSftf1l`Ib|L;{f2m$s>MKj-Us7LL>MKj#UXZY1dx7uQzlasK7dUJA zmt$17J7ZJ0Y|0o71n(~`KX~})@mEitc2>H2_!2Z-YDjwXboh9A$aA;5oz1O{KGI)@ zbdf1_x`-Gc7y8}d?l)VJkR%d;7BY)Qkidnrlq>lCv;P`i9oMc3o6HZ()rSYwX=VPK zE*6ss@5N#^;$2K;yrjw_er2=S993K_I-QI(54v-R55#J}lG6nUV%fm65*!8|R1OfmEq~%CpSwI%+1zytL}%RS!b_(@SzFI9 zH)2C1*DfLKb+fKVuiJS3w6O>ck8Q6(MjVx2q%CM`-IbVKgm`=MtVW+f^Xl#`YuB@i zc08+9SW*{JPWFXcl-J`_#|QTzn?yrl(`ddsf$VwPOEniCIaHbVGlO;DA~3jAxut3t9fepJ#kf zl07Uxw1G>}M~}-WD=VU~l`OP8Orad`tP)d#(UT{bx3~~|_r;{v1F?UyRHOGOg~#D| zUz0>3h9*KTZx&2iR{@;tpX=$`?n{Ka!)>0|mFCIDs-(k|B|ZqEVF}_Cd(Bc^ds}Vv zHntGZN&BV}za$Xb3=;txj!B9&EE7SD31SQs#iI17_zv=9QYv9|)?aMxNCr*=6<^uw zBOTlngHyZ}ff@#?Vx>4+@m|NI-P$R#n0p!?x=2=<;qRf5)15_kaETok(6RAnRcr}B z!^Dd0@Afv*rwWHBebBcbqUZI&(xs+be4_Z)p|K@w^K_d6CKg7q#_}n}*jCfu)=DUw z>j|@8SHeqtG_a+=VTx{N5*ex;B~Wv4X=qBfHzy5~3i6z+(ny}4la%kvsC|BDip_IM zwM2XOu$9Ownje=R%+&Yh>4SDbKBHzn*ugh^@^s>C+e?f&t)EG5x8IZJe1Ru4-yl6T z|3rl(53v6AGeBZwb1PNC*tavRn$}Zc{3rpf4K0f+f1iu$==;M^;muGH(K0Mh`b`2Yi zC%aHX0Utbe=rL^skKPYKS>%)Vers()^r4wY02{rSg@{^|o>; z7M&`^UQ4b==VRwMdWR%7DMi4Zwj3NN#>X6;UMv|K7zMd^m%KNNQzxEJuSTce&WF>p zVnw#lm!PaJc`=cb4@0S7msZE9m%YQ`5Oc%vB$<9Hp*FhF;NQcJ{up?{$f&V zoZ}=CC)gG?x5048ZampPP}G#Y`tyY9Mn)_AEt zqX$)^IBeD1Ah%Hp#;qKLy@zz;E47A;Sl zCR+p#-+v&qDS-tijb+iyjZ}IdLRwD*(;;V9Pp3^p-asg$(>AEiDt6oIqWYFi?gHmw z>~z&JtFMwD#7;7rLydp(fy+z-&@@@M7kPQ@!4|SzL@e7Hcbb&L!WRSUUJGv_Qqt?+ zv@5MeeRWdgFYb2bibCm33Q)A5oe zoQ{{dw+m-ix=!ezRv8gnnP0?n$;K~otA+B&_bpVjw2RZ9|#m{HQd_Jm6r{QTfxvypCZn7 zO1~L~jv3vJm8!B@VLzypba;88YogqAP+)}oiU-$DSF7r>LKB$uV8ieX?e&4(O*EVq zP^wmxvLgsj8M*u^=$Ai2wpu5lU@{dKO)2Db7qfxoHnwcg(YckM!a=nOzq}h+at7qR zVWK;eaEnWjqE^B2~R%bt>S*sYU5e)8SPXg>&Bw z9Gs@+86wYvvk0U!zv-vy46cL8 z>W!NA0`#a&oSh7F+AeY?8QPQwVcJ?~RKnHlz}i^5qfMh&0$`MkqHSY^{L=n?VgJGs zfkguUh<}waaf>XR*hRJiT99vjRkUEN1B=@_93M_XY2LV1Hpf%54U!rz#Avu<8hZma zp?Z832cSdge4&(#6ZC+liRw7SVpu)ys5Su{P|Oa@8ET%9W9c;=9(0oIE%1}z_NGZb zt%Ed?1nG)^u|c-e+T7bf)R{YPJU5&QJ?;WEG~PCmP8Km-1+N@y_Fd@o47vih># zaC0y5+>CKZz;}scK_Hgt>PxSvSV=GQie@p#c{gPs5K$?(ZTEURUXbxz1S%~Cz!VD) zwRziii00K!tEj$-=Lzbo|7C0Oznoh8#ET_HG350*IKzg!#rO44RPAXk zHj(ClawQ(nOBElYv2?X&<7;>UDlbl_kM(t;mi_#Um7PY%cy7Z z&xlgh6?;UQ->EZMu(^ZBhwqDx0dp6zJ+%Y0=cfT|pD0eASF3Aj-G<(ZJ;=plm5qgF zs`HD{$i1}0zanj5jn)eAKKmHPrNZ`Itw{L%RV6y9)dX?$DElv!@C5Q_Tl7x zimmPRdc(cl{(1svm%!LoV&W**KBc$T!8&c|CXn7(VFnK+FakZ8+!jl5#WynfAq0-fm|FQ=^^U3qFsnB5Luy!f3Pt zf+Z>kUms1XmkBZUQ^_nf`-U%j>)RBgcx2=RTHD5)VQ?wpqN=>ZdiNoEVBn2%{cyTU+e0wYteEwy266A65F1Zzg#nYftYnSTr? z5bqb4&90~|snpFKy|?;WAntk7XdE%NiD;+Pj;iz{gcJzhtseNzvZ>%w5_Z{MJA3lc z@w@9_$hMN$cdQclfow7-7^Fo}QziK}Zri9nD`ug|3Z|19V%b+>+V+}#?fl>hCq3+y zm!t1c298a$`r>%>g~S41Xlwf-^9r>}QW@N&^j5-&wRGwVZG)ywF_G;C@BvLAE6YVd z2^5=$_k!M8p%d7+6_108fla4c+Dl1hut%^o2-wD3rsRj*lsdUSd>_+5(b%UmI(9H0 z;S-ng12{spHAfE#hVnMPy_#4Z`&S#7*}WwuTq35T#wqRQ+=Zp}Li2TtlY;)SJgaEf zlNGy#%wBy9MIU&SvDgOHz3a*4JtScJC-=Je@7=$=cMcbmP3GRx;{C>DPVSmR-!(|IzvvC{f+dcP-~G%9$(DzuPf}eS#Cbq@guNR*eDOisw})Z8 zomx1)xEh=vUD@>YuVtVwa3ye6-NDMxwx?n0J=|;EtuZN-%os6y^Uf!$Mfn-BQ5mT7RvK#)eEcRJ2l^yuEyJ44Z}FMAz0Sq9REqM~f`bO@he0UD`np=C~rqt^jXL|Z1n|Vy&-o znrPzqw4_JZ`jCj0%R+{PyQUs->< z?%|py>Pg#kf(3DKY42ZM9Q%W$XS%jJRo2^DlNTM=Bdh7`%HV0W)@RI_IUwcnM(BR% z!#JCaN^U2Q+Yz zzIv0)I}gf=V^XxB{0y~(;aWVg-oPc*Xx zo)~0O9RYrKZg+D0?dr+5=kx#%(_Lv!%2cot+b>6cinZb86*!aqMOdzj6S>O^PkDfJ zMB*E6Y>UovqX3Qm?(NZH`u{WfCHgCNRdwY4p~+#9wJn(5i)f1emXU7a;#dbB4K?4@ z-JdaB#C;a|_zQsdaGWT6`D6yH4ibT73;TyEcJ14QpTO{h6 zhB^~-)*?|?pBod8&zOW)O$W3ZbUD5_**_c?sYS6kR7T;xNGm@D2YXZLMNa4f=)jLf z-Z_awsn1yHMWTNv-!t=_3`KqW@pZlMb$$B*Bf&6ouhjU6HJL2THAYIYfxlH5p{iAK zAKPv=@hfS0mB3qijYA|O6J~MFe-&Enh_9(2?T#WulQ3ni^UE)5Z3EBl-TUsl?-t`S zwaC+M_u@iv?`Z$q#rIdIyl{U|eRp8@Ii1keOMFRH_o_u`M+1t8aW{A&ixKVWS1f6n zRh-n)`8MdvTW)35NFRfIcXWC14w8BzBPe($dMudZE-wFC^g_sRmI-QHtm~A(@#I=` z^a8}V*RC_V+TPiGVRv`Q*eLoQ4_MxV@gh8rl;KH=Ao;j=d3|3!YhpZS zU8Gq|Ty`A1&~`20;{zjCE3p+k#B#zttB36apWVLybxi84)0b9O#<33xCj34@9^-v)SUqKn4dDBxe@$kb~;8O}8u>oi6K@yQ9Z zpvloXE*tQyPF*f*ySLHcp<>WPc(oqWGFEePZ=3U&o?cd)$YA!Hf>mZ`b&+<8H$Z*1 zX;pLfr!UqEWEYYhx)oc7OT8;cbP(i-#Km7VQN1NqzkbjFOvib-iTg|m{$wGd7Dq7F zO@pirzGl{Kb;2O$<-++ zEp;Mc4Nm+ki@7kpAyGpK(ox6fkUyN`+41InBis7SPCCJnf5@<`vT)N7(x(#8!_ zLUb87JEuw^lX~2A3&#)rkbyh^W^Y|IkW0G{&UPNVfyjNf`r$nT?{qDNRWp(Q);{jH70sZ!&)TkTc4)>x^G@@c1E!sYi$BM@RL~XI*t$XJ;hF z^5%hRVSWAFCldKpbakwJXH(V9aSh(ocLik|_3@Cb+=fS4_0MWbyQ!%z5#`Df)4kIh zZ1zopW@0*z@@_=TQhBOxr4Dx=w&QwZLP%wvbwqK6Xf8d_*ksfzBNpSm5lrC9GFO-T z82L!QZA;36sJ%EM2a3SUIum#S8l}J@idbM8p!r;4XyMt%_r;q>qBFG=56vT5dwGhL zH;pIBCrc;Rt);HIN!FT{SSoqdOmWJ(dTylE!eaZ;HlVswMnGl}q~>k0G*pDuvb};_ zodwA4csf2beJbS;QuCRPrw*gr=u*ST(c#L@)+F&7({Vd06a>3_b$fKXHo8dC}#y6N~-yTp&o zl_h1mS;$l_Q;*KsObb?*peA2Zn@t1j@u^Y*7#1?qndRABmNQMJo&GO2S35mKb`(2c zYqyDSvDan?=y6e`vDcUwzlhre>uznog+rE+94H>}G*F5QnjvvkS+a`-n}TD#S)n3$ zhiQSj=D{237#r33$W{`Aa{N)lqD|+~@FNZpSYK1n*Mg#GxUAayuhC33^e5)cHWrhu z4mHs9PIkJ>5Fan(J^?N}8qGY+^N0`Qqc|*iVnKIIBs(r~HyCwJ0Y#mPycN0X##>HF z7$B`MB`Rx5I+G2U0Ev3^bJ}oPbvl95NUKwZ(DstpIv=l`KBzoQOR^2f*NmPTi!=WjgVa0}&30>J+8ApKiE2fBlr2T8G4Uz7d zd@*JK-)scEUGt5P4}nx)AY}6n&^k%Ql+?ejzO<^m64dB+%z);g*=w*fm@q4pS@jt= z+LhG&0~*KrIT@Bi;@CG$PY^E%&L1LB!fEhRavqb4iI&Y#D=?YqHs_>v(x#A1b4H%q zf(OzbfA}OZU+7OU^+W6o>*XD{E`zvbYD%YHiUA~t+8K$teF>l)tGO(tn>$@VKHrt* zrg}MC2HiAbYp4uCL`}8Y%*a}(g4c?&FFu}@5 zoIW-M{ytFP0eUFCj=dp+hrb@~Cc4WNw~lIM4M7N(D1T9g_riHi=ny+v3)w^Pidg_k zmWO7v%Kg8r#hnW5(qE>k6zN2u4lOw|kC%Ez^xWXvaEZY-o1RgX28O2qr zg8>$blL=;N$Pm$pygVK8+?n0I{AN^Mrw$js){V;E6p9;GfG&CTQ9RIU7Z$BON>VfJ zd6nqs{8RnA>(dLdiCIdn9Jc@a&zS$pL5al7i*_42m;6AN$574DImS&-fCF9hFCHc1 zHXZkI!)5B_>#dRAGdEmrOk&^3I03`6Tb#1J10|v*dJbB9bQRtBR=`O->*Pt-wd3G zH{jT74!eE$+WRKJp}?i5)$)C!Fm$XT?0)taO4*~34Uw%^k35_E2ST88W ze+_RX{6zic8{;xpzu7}Rc=D$DP4yd-0{-SV#;J3sFGX-rKiPOQQP#oqVw z5-Lo%FOLr}YJz_~{+8ZH=E!u=%}Rg6`-A1~?Bcp&g$G+IQ;=HJ`4k~2309NO9k`V* zHupBraoc=R{mTCRgrxB79j!Gb5-ZGf?eV6y^VXY|<9&9q1_L_O-&)Ebud>=%-5gY# zQtS9+1_=~yC|$l5&?kBe5OSky`p(XNDf@YRufLkQLBZ?|jtAiM_>}d*#f6^ZG7&ON zuAdV9V~<8PSf30#dvA)EX@($aWFNg8TNgud>`$~h(NPNrUFVmm&arPH^1`cu=iceP z=H9s)MWOB6447WT{lrdU#@+dO)m0RsD>**c^LMbMnjJw3=C+E~Ef@7q_9gVfW^Z@U z?QHjkgY8$mW?Dx375>5SOrhtLCKn%g<}?PMNtN-s`q)A5mwOnV^{kKZLY2x?uk+lR zyop$n8R1@BQ?0CVFSM&@y&A*~8CTCWX z*YSSa{ZF?~KA|QgJpDKDDg6v7yu}+(*qDh^R`;3ODsgFfvhCWTf_BpCLjg-kds&ad zgntdDwWX6+OO&*K|JnWfUMOUMITu9y2N3|7o|l$ojnCs`=_T)j6AE!3T_{B$Mu8cA zd+G6n-ihg3bkB5Os3&InfqNuG!=~x}Vyr&fVRtt1K_ch#cdJ|a+S`-dV|`mHWgos4 z#muT{I$FKE30dcR6FqiIko2EYY_F=-mro{MV!db2^VafSCTI*+3#>Wx@j+cI#8hU& zHtB^#zGbB`I4rQbOjq7P+PYc;yu$U*ghaM&RktVgZKS)d?Jz4<~qIrXu6$2SU}kRQB0<~dHlFu zM**n5!$xzrHN|RMYiWk%(TrN2OxERh#Wx)d2?(1EUjy0P+U!-7S`MmeWpk>FmS_p^ z{qs`zHXF&-q%Njh@eSG#X@ymXfSBuiUSb+REl|dEdiwytK8DuF;XZO$_QpPqsmm>+ z*c>Fv+1q@zx%JH^I8(a>XK84gtAK9WQR{&j=y;#qFehn3ETZZPshL#lv_C4y#VQ5i zUl24W4^mLxY6E=TAM~ec z+1uoa0$7Eul2$gh%Yr+bZ@u05&}z3D^?0oKI_O5c*_C=e--$E8vV@hbEtDuWy_DTn zY^@b5dvLfZpP^P&s(4s51%iQg*?75~FAOj)W^t^ta+##)LGtgP+ZKSzg8luuDX@QS z;lF#U`gvz%0O3UZ8O=B9sMhs^jJK-Z&d%1(GdKk&Q1P&TetmoN+d4QM%uNd3JJW-U z_WXvs^O9PzPSv}dMW!=%tI`+NUQM;Tv)9w|F%14iD0_WoiZr?va0*N0lkGh8E!EiC1o=QJ#Nu5^{#r7@Me1e?QW6<>z&GH z)!;=JdYH+uTOm(o!6-vyHfs2YRb)2=NM{p8Q;12I`}%l`Z)YB3^2+b?(Jp^E<_@*mt&<=i<{ zD%wCi!v1b-NcM?jp)K)s9%(nMsGF)yR{E3F2db_44zxff@IDuMA&`8=O54OA6&@ET9J6e!tS;RK4uI;o`X~8!Ows z>>usmoQL|^nW*CsotS(k;!;;nRqL2bXAytHf5v(~ia46=NMf(AY`>3_g8B%l+5k+S zO^R2XgZd>DouqEJ%b`^@2Uq*3ix`S^w7ocJbG+iT)h~+O~|w;oAmI4mY;rI-3f;D-D;(?T0;fw?dT|=VcWYeIZH!7 zGV4Kb0zbmbR)s0f0{4dZC(m^n^6x|b%s^oypc$^KHMU>um@Su>#t3<)YGeNCY7+Ka z9PGD8)vuY+_3GZn_HUnA^U@qvo?;5K^dbFq=AHVVkM*y)p47jsZC8khEzlJ94!Avn zv&VrJ975@svx7gckUJg0*?C^=b89zRCR(`9b>8Ad?HQI@mjTiBooy^Bd5wx0W_g(s z;Q`gffrwoVj^8N%Yd)NJky%E3YkggAZJ75P{armyj~$e54vW1LGyJm1rVWcbEH)ffY9&%Nyuc#uQ15ro!*$ zC*&H~+aw?y4?jL|Oa$Y>lJ&UTJ(*b6st`v7g zWwRMV6`&GqFrTYtsO0gzU7ncsR|^fG^2E+1pXb=lj2|8>bE#Bo0<|JPv#h_mB$Z#@u}67VrEcg zdkIH`ThQ6f$q!QbkmHqb=Ba&Vvk*&Y+HVfirqpaKRff$V#ZK1s-NR>v_6Dn{C_!t& zVQ~%2fP>HCl;=ECE4)bv`^1cxnvx5OrsTM$TaMU#@TxLwFBOr?OeBk;Twk4UyDA_z zBr7R#Hsspg8kX-`0EYN!<|C)FI72NJAT;t=-UyRT)f>+@1(0sRa#v|~qq2*f_5$lb zDb_K?#{0Z7mtgwT{_?6L7-6L(Q&@BHhN61Eu!$AzRASRk#Zo&{IPyvIU^_EZUQ7LM zyR$Rs4R<>)xR1RERTiXnyhWjf@v(u}y73)>bj9vVE&^*j0eJ$#vQ-0Jg=CN8-yLz0 zxWU$^k8A_AK7vstwYB?XaCW^x#rC&dz+xc~F+b%6z_)}JKs$m1Qoz(}w5L%C8(nB^ z+i@>F1KcUQCWX#_-QU{4>rat<08Mg;oMB=*G_zXa=^k#zfQAEAUL9bPW1EVI9+z1= z5me#*(KK}2OnoLfbSB{PA`efR=8Z35zvaMVL?i}F!xcm1vO+hqTo{7ymP^Rd_yY24 z{OQmQQ~ccL_Ufu2T4+{Y)(@y$J%&Bf6k$w3+(GI%btcoGhP|TOWgr7FKujcHiDw*Z0bntreG>#F%JlBdJSWH;R9z#A&0rHMJ7tA^T?t{*w1~1M>J3jud3e!;c#& z;T9<@4`fjnyLjGILh zYbE7k!a^gbm~PeXS2{!Rf66FdW)y~3u6$B@tXf!O<|sA8Cs;8jYet_N}C9U1|9etxq$KCjmy-cUST{%e2KYdY;@WwKe1djL*)m z-@UJmCp7($#BGJD*@y4XG4Az`7ui1dK-4%MrZKq8B4+Ld}u5lf2y?k z7zZ}AD_u?J>{tf6Qp5^wz1Z-&z5(T02kqC{knWVLX-OBa;vj&cTj?!(qAM?#h#y1A zN?L(1iPNWs-WBW}meWxvIm3l`ZEDx1#37jj9YTX4%FmCnw+d?^wdxcAtwND4oBAk- zJ$OK+h(b`bT`e7q{#w5)pC}GMH3Z7HR)qj-=>r1~fmbmmUgyuXAUkAGg8?`n7s5mBZ!X3G-y zO1Avvp#lX@5i$}X!>Y0!33gkO3?b9#E_4yU?O14QbN#J2U<?tjqOkAU20yp!jX_KZ^6IOuYhIcOWgyvKak@2O_)*@{^+GsL~~w4)h=9m>2e9Ego1 z9DK8f%9LVjxE>ETJ2YN>;cHq;S}9`K6l$clvk0C(RN>q{yMu})C}?7OVy9yxhC{f( zRojN!jlp0Gd#ZjbrB#AKrmzNVTyDdnvJ~rcNwW$E95qc+(^VGAz2t16sZ#A?Yd7Qk zg>6vI-hi88b%S+LA;*_&AncZk1+NnxN=E75Ng_o~_um~K2C-zQqJDL%1yxO_ai!(J z$TVBr`Pk{~dg50_$OtmpovQ$VHTeNf!@ij&e(j-lMqS4C|Im9m&LoF+<3 zk9d`obV|zmE{En7ACIeDsdg$7Cl~~pV$uf4gek`Ji6{e(hBQ7=(p5O!_Cwj!NJnT> zsrX-fkW2{kQ&&qu40QR#ZR?xacHo^ z;_S~1xa6$OilK$g{;Lno4~YCf|y*cq}wpdoeeKXIW&c)?ssYo!tj4hAF)&z0=WU%GA z6=R0Mhv!(c^sI|Aul@59bNh8buy3$fAa%11xD_fbR&#+YEkJivHwBk|gg3x(TWB`Q z*2~hXbF|=0qPjh=p>tDnXBMe+S`uwpi!6z^n(Rv0K&+3vV(+f;r`%)C>DBq@2oa}b zk4yXghQUx$Dz8Cq4~TFOL#Qo|GC)>s&b-~Jv^BDTp>th;Bv+zkOE~y8CG@EzaWJRR z#j>43ySTnYuSEvEIOL@vW99Z0E-n$9nJ%oK;r9 zeXol?5C13fkM)_Wc+xEA3a*Db(;8RbL%kf!dM=?b=d4xS%d%Q(W(K6b$$*$&^3OMFGn{I&uAEc=yGy0#lI^`VOOvdr7B^XxwhZV5} z?(!3~mKl~}lh6j~i&N)vi42lIWWwwXiyTIco0sl@V)xxtp^8fteGi%mbNH0Jzs##p zWi^$iiO1>Ex(Sw_`2P(1;v5NFVIrY}ifzcna-LYNX1@aVW$4$8Q5WW1q5v_WuYae-y;O6kZT#+UHb#S#Y%WSEGqVNK}VTzWZ&-3fY=eU_JPJ#Aa~4DQ6A*C~se#tsy9 zn=NoFsPtYixEA|hM&CBoZ`_yN# zyO{LSp6XrS8Z?DL2wKOor0Q*H>iUDF+ortxGI@K>E3|itU@Q4gZWeiedk!oFj^(tr zZ9VNXjF@Rt^o^Kqb)I{d4!X(r*0j&qTq$OiX>`U$f(oWzm9H)(VGx&ragtTI-0pSl z@fZsZaLtQ^Ak^K*`lxE_Ko*{6W=4`b6&$01j_!Ys+QUV-+v~7LTM6s(P;b5!ISwEl z_o1mPE~x_10!vm0Olos>FYrW198`(20PJ#`>X*jz29DiZA(iVNP`=Lo<f(9B~?9mtS$QKF|uGmXKFGtG;AnUc=*8nykUqW8Otk z=uE$8)0L=!$->?tixJFT4SD1}+)-d z>Bg5hf7p3u`hg6UMhs1CnYgTCa05GexM%MHQ3N~q2hr&SkM|#Wz-2e3xe>Mn*d_gZ zdtW+3J*^%*U<24>s~DuG#J^S{Zh>Z8sx@r0dOQk!J+9tXpR2bRbn{q5b%YiHEFMrc zw-}a&q4lL!>9ZzY6>hh~zW&o0+W*OiHO{On=^2OeoxQimC!+z5n*Lh9x6^&O)$ii> ztAi1uoEgqZ>*Hj}lDp`e%l*-?x6$FTEDQDrgFP(hkQl(m5?ew+x=~AJErrowOToo~KJ0Y6Jo-cz@2U$_pNyL}cY3Iwv6XKddoIIa_z8Wu-R%$YJAkFv4w4)3 z>p-+HDb)a&Y4bHrnb7|Z3e$=VFiro^@osVsH2L7gsi+)=HHaY|53lk#->wg%cZj-1 zT0?_3a0HFXhv*dLi#8zjLJRBKF6$10(BpZSB4Yp?=e2!RGiwIb$MjK!DyU)2?c#O{ z-^b?(HoLnD3PIq>^Oob(WcHSn(_7B)R7!t!+y8FEp4~z2)qOQ^fK6HaOzc|JcxmMZ zugo#_H-I-#)kh!FiwjPzm-j%=w(Mwr^pO?n35?yBOtx^$@cMx-L{5~nx)QvXI}4yb%U^8Eh_u-n zU?gQaOp1bRJmQO!dY(U?naj;;ds5a)s&eT?%(&<{MGkkeQN^R{+gft_6YT47fsx4V zu*3;{y$sIvPA3F+c3-}aQyIq>OcUAEWJq@Hb~!q0pz5!TVv1eqeZDqy7SESbs?R^E zDc2`oam~)fg~P3sG5V>wk7vYSRQQE4hO0>oK0+#HvVU}(6VrmriGFj68$GK*OgNv+ z<})8Z`1@zazxRuhE^_H>#9}ptF%vL~JFWX_lvCUm3h0REGk6b6kl9ZY(AY1^o6=7h z{A=SRxQ>%$ZJ4LzNf(M#c3Y>;X5K`;p$qSRp)cj0Uy4N$ZOU~fHhRL3^nyLas~>h{ zFF;(>ocTVLD<->^6qh<(xp|=_Uw%_TJkW*bL+ggz45WnD+%m*uif&27KajL|8=f0m zXc~poCvy`afD6`gp#z&Id15=~#l>~qwa_xe_ng+XJAB4*pJ@1bTf4k{XXI6HwU3~8 zS1+>mk~yan80D!ts3a!P3vwEsj+sJpePh?Z`n;)CIa)NgJrU-e?7&JbQ;XE`=osobmxtn?n6*2>BEgo+-#axcxN#qY}7^))7IaMN) z3}&C51=Y`s4*9xzLo=+-URk5OB<<~>FmrrqiMQWWT)$I2Kab`4b+wc0!%<69$Fuo$ zOo7W9r;_YOhadEchUgD%v6wdpg{-DE7(M1^YOsJT8~Uti=troE6Wu;{XlH+02cvyh zGf-v>W^cQKJ7NBTEcq1ES$xE5|Kz*<&lBBQc+ymfW-VbCBlK`~`dh1bBq@B{C}R9` zTDy1FJl;g_=jWYXaV6}^5d0kG$JlOtO$^>}k=E@LkK(1`Cnm3%uGcg@?*I`cNx{8$Db$+=A z-6{`gdjmEHyB5Xmh&z$$+qTV>;t0!yMmO%#%!0EzM@ZZ}uYbuyDz;p~^G%t}C(;pqkw6aAa9k9EN30Bx}g8FgS#S=rXNx3 znf7RWIWpUM8B-DWOk&&lV#ZL)Vhb(P&nghl5nKgufd{*2`y7ItJr;h9I@JQ=J`tas zpE6|L41}=8kkisonyI8H(BT1ypH8+2*&J>t zARQxqD9pPEB}>D)NJWDxrx%Vw#1u4t7ZY*B5=*sFskSsYVdj-w4HKR+F%c|F2Tkngw@dC^N99U{VRP0kFqmyd2|`43iH6F-higQryEY+5z#x z866aQ*?IC9fC<7Q{7Z~Lv zb*PvHKFET)J)g3;bdG`FR#Z1A@<+u;&2;w`MUXb z=<>l=my+;uBqG?2E@E_rQ#%qAK*C}|FoC50GuC{FE=)D}+zDW_ky_76cQ4WFxLo}7 ztdfY}nR!w{`~L7VO2&v3z*1OGo<&eB>zGCJb0(h}w!hsn*Q3#q!MN zX`IP*E!Tb@m+sv66M6ldcLG;|3at5@vn4<;-S%}<2t#!l>po#9cls|;{mo`6Jtl6GUuS0kLm1*#K*^*kAkL$5fPH8av@b29 zxjHG4!F*=1@lt?ufRt6Np3&sIGTXcmkQH?M)50q%TB18+y&G+zZP)DmphkDuT-_!)n2!KC>Oi+*GN}!%5;2rekNfJ ziZxL1lF*T!I1B`x57JyeLVB4ed1rB4LEPo~mph$b9NNzGdt%f>*?X;SXURj6%Y z;lk_B*B5w85pjWxW%G4qiTf8?q#r*f=dl$e_?eEy&?<8*B4A0;v95l7d-7X|T3kQf zs(!7=Z*NuK^fw85GEgA9Elgf!*utGpI*<^d*Z|aKL9X4L7_~l&)9JqT zKUedpvsqyBixEIVLzh&S0G~evBxa=7tURW998vl`p{5~deXPwL-x7+NThMk9CO`D0 zlnch_9}S82l;KXJE-gHHSc^(dNm65W#celN};@spyuP zIWLUc(-4By3}CE68^0FZw;eCSiJG)B4c9^5^D+2eVV8L_wY3n^K7qGN|HDgGUH2>%@s$oj^#~6-Ydzvq(VQ%9fKUc@q9afnPq-iBN#B-{ zk-3YXkcw+$UA@Pn9BH078BN4lOo_%6k0%}igT-=yBs9?9x1&~}CkaVkcz9_~!+X&B z2B0>m=mF7`5u~gXf?A2-sVfF4e-py1oAD+(a>Qi)kwQ&ZaI~)N^wC^ecPUQvAU!@j z;>qx{(aC4g-lpAgQyS8i)YZyos^qj1o^9mtn?j1=eGj5EjVBaAoWQi5%Q~*|eAkxC zyp+Y@ay(TYrwLzf2ZkC&b!OB^^;iX+mCa6|qO}{HS3T)#6?4TvgO_a}R~(sTroyel zi?3|&i~0gY^V(20pPUQdRt+sc<7Xaq1IDp%eNpy~&h4VJ!b6;BOrN(=f56*~@}o9q ze_}^8-C*k6)~qMFL(TX|Um=-0enq5gTrOnW+U(n62x4dQLoS_Wk=8n_(kbRg8%~ya zMLC~vANAOD6h+I57$05lqt?u6rXXnPWbrLgKwoa7AI)%Gf^{a6tRb z1G*87;>mbdzEDym2jFgBUF+2zM_Mt@gt2+M_&P;sIA|Y(gDoCi5p_X890>2u&qonV z1~Fbp%ornv`z}3<`b9m(<1^kNt)2*#XtKZ?9bF%eM;H@Rtik;i(((^o~qIeT4y z;H>M9wcptBTvEkXmo6(a(}M36LPraq7{>be(m(IHr@Dgcll#@fhYuWbC|@g66-EbbGD>c{Bt_y9>)3(5P5FLUhjw$n7SZl3*V`1T6+@hF!|NEgp{VYv96oE8SE3G{2b3|4(*$VOjJYrC6oNU^Ex*= zvFP19@k)q^MAg=?SkwbJCh5~2(t4Ff-0r@cHE57)A?O1dFblYZ4vYbm-ubD0{<=NC z>Ewp5S7_iJAP`BTgbPJ5#F35 z-WiwYwBm5zsIX)~=we}7MUVMrnIX}H`OuQ!i5%{1CD3iAid&CJ67O;zRf8L&+W?A> zFD;iu=*-+Q8!{*6)Vb@|+D$OYF69(M4!3X`;&YZzlV71rBpEU!_ zUzBr)_8Cd%KVZ7q&44bhuS^el%nMT)Pe5rZAeIf7Px=CAd^)B-?gfRzA{~bKnwSXo zNIT@&Vi+IiAB;%_g?%_ak#THxPB?uwQA>??FdpX6iLRK5 zPb^0P@GNO0G?y;Vsm)(buC9-RcihwI%4s5*LiP6i8YhXt0Dy@E9F6I!Y~z$*1aQ*84a@a{w^oEu!^;kMt@q`N=DiJ}Y#RAZZy zA3kC-qYJOa6o|QS_2EiMEVh%=YN7pju6Q#l>MjGP~ zQiq0Q`|<=j>w{N1{%qtQeuTY@k(Ilza&>j4#zU*|@PjfPG6s4cNBaqC30#{hTtFg9 zGIj=5z^>n09iAeIJ(jQuw_`&;`Z{N$fgNj5dGcSXlr5<`7Dwosd!kiR0qvS^&57j@ z?L59L)uX`eogo)senPE{y3Q5qOYWg^B14K=jXRlC7FtnhJHhL1N*S$+T(x#zVy6ZT ze}0+kp$*RPoo)a}`>x)0*-3(koW}bWAEn?PmR*k-^{F(sigE$?h%0ux-3$|P+#b+ZPMH9^K z>@0N3&GOP1XYNr=(&g{TY9- zzZZ~5-khQlHj#28yql)`!f;^E@fH}CJ!t^pRyAFsBO;A!6XxiaNJ}@?2GwQXv33dx zxGlOQ?knqXKItZBAg5bXz3k*hN@W>r(EZ z#DF(ot9#lh44O6E&w@NjF|%I+}2Y$J6rP*E%JCPvca2 z>g2f{lo5POR6oxSrH;~&gw1vU%j|yMh}zw6Nv-W@Ub;3V6+4KRZ_GWW8et1q2G2PH zYBbQ&bR^B(YDi(eUPXLAr{z zaGZ=etWm530dlh$E0iUrO=1HZjlZE)ZPltaQaCs?HGVNlm~Zh>K0{g{>%-)ZD9LDB z7_H*mtQieopTzLY@UG;M5v);P2?93XZ#0rX(DsI}uiwv}W;_KQF7XR4cs;{#jQ&?r z!_qv0g=R`k%CCt9V$$dGl_7ul$>6EcDBwY+IDSiu z2{Fd+5wL5!!|E<^I@9tnp>pv?2RnOPPbuG~T)aOch-Wt3n9^DuP#6#a{vJp(8=9Wf z$F%AuDXRhdM7ciu?sESkx-=qbuFqWn1-czy(uY#O6r&Viy9y9pn?j}@q*Tq`0E$u~ zhzaHRTABt@t@%TYK0bZl@0L9vunQq44FDN%xK_9x5md~cKO`(CH`3M>`6$&~sSy~^ zZGKkuHk(tv!Yr|x6gjDhnnETt+}(P`OQlkE`AR-(NJTlp)y@gyi)U}A(|v2Kcb?Y1 zgjq2QKEWbm1`Hz=Ut$Ii>Dh)@(YV>B0Ed`3uZV{!Q%)~GqCj)yiQGmW_vC@h-jFAM zRlXH38yhDtj`m^eGlZ}+$4Y_($F+~NFNQp}YuFou7b&x4(j*ir{BZy72~;gpT=r1~ z7{6R_=?j1xT8S_-AgUzc#T!yQ%j*NQxa?_-KK{nvm?BZkSJ&uHg{4Fk*r!2W za|-Ae2+j_eF3bg3?Y67eo6)sectcTc zcWiop)5jkV@`rBU9W;ZSq;K}|YpP32xTO~-HaCQ@qg& z-AOv!)f^jxMDbe#vugbn?{G;F)l@0SHKIm}=i_n%nf%x3c%$JW2~;bmBFmenB270r zmTh@TLvGGLU0D)hgi-_78=eNf!t)G=*Xyj&Gs3XR-M8=#DQX>*n%qX*l8b>uSqOKF z`-{jT3Am-Ia?8p^#VM6LaG|$48*P$XtPSgU!kY|c_`e-3-l|?eB=Y5pDd3(uQReeG zMUy9sCL1ZJ7eB98Xemy3_lK%Yv>Zq zzG1q57w0=MUTifjR`g=E!FFs;q1+asnBZbC6c?^VJmfO7k4~=7c>y5p!9o9L_JY^a zPSx77OAzz)hB-R*#jJSA9SXJMMXaMAjv$g}eihc!kI{l@b*cu#PW4t1F;afOGgj#m zV;W=}2`JlffQ__QeW@ctaou(-9y8GpWas_P_n!1u{$V!GA!gm1IFqpY&bJ#NX}9^t zH=6>&hL-m#IoIpJKjlw!n1ZVkCB)9alqEwa?*VB;ACG+Z<%@iWACG#;CLOf~6S=lB z`s#`mqV3oFL}CN_g@5ZmeqL|xt;g~4oJh&<;iQ_@^3&qX6N+|&*4!awpIx5k zzQAryH^s-90*Y&PIyhJrJCPb;I0m^qpRF#eb~^WXJPB^nq{_51y8|XHwl8={`+`DPeWL-$X?}RDZB|yQ zxD~Dtci9$0gZ786%rc>A9FNjEbX~S=n;njyHT_sW;(Fkb2KQ38szfSfR8wPVp+Eo@ zR~HeA+*tG{-P#mRw5P&T7bm-L>arLX$zhEwNZcvyep%ka)XNg6(90ZeSnTSmq!9MO z5Xs^|WkT8eSJxpYk*y1uacI=|&ColQzV)5fbZ%^2nmdRp)}&MUzFn3+>cRc5maFCa51&*^j~+a(mhLYx!v8 zxd$h7QST0n7e5_L?hWj)2PzL3{_n!m`}Y^`FFts>xO{JNd3X;|w&)qldBL2xT)4ct z2cPy{Omz~dUj_}*`u5g%%)`d)`FY*l-ZL2$mRxVN<{>ow z{(*ROAG&KD*||#{Xj3m(ch|IUbz!DnjkPtJ;{N7&_xu9+z#0nB93@wuCB<%Vlw)q9 z^h@4stVj9)F~`}vCR^75x$xCvBgN?B7vn3JZ+F)S?!p-AuTp{I&xJ%;AmLa@FHcnW z26l8e!v;qVQbL;x!)0kf1~1}02J;73?!F3O_RLaxe*XVwIE^Y!`!)OOh5n*`{?EPi z>O{S8w9SK=3rA$vw);{qC=N(x*Wnt!)7ji5f^U)G>iSxDlkm&V z>z+r3FYAT<%ft8erzekxj~~_xTMtNIM;^A??|}M^?nzBe{mz5s;b72PE?_I0cx&Dm zZfsdKsZ9m+(JbUv@m=6CF;s4+-Rn_wWAYs`~f%{SSoyXW)O% z-~XEUUm^VO^Y<@^|5d`j=kG81TLJrT`TdW?{}-Zvm%slF@&Ay&e?)x5@0j0Tl~< z_V2|1rP64E`VR z`>*(}cf{ZF``-xviogFEcz;hY(*Jj0|2gshLUj=S%l!U;-#^0dALaLt@%!)i{XNqE zb$B`%`{j@VmqBF2A4h`x(D4`7Q8Uz59-8V(sHap9Um=bdXNyO{yp$(nYX>O295nX$p!3QB=C9 z*t;kK7F1L$AQo(37ZJgRs9-}>6g!9t=le`DVc)&ZS?7Jvx__Lt?#G}( z6FMOZc^%LLE6{}`lzSt3fd%k^`~}P&Fcjv(d{_(jFm@e0hC5ILm*6s7g)49i>Y)Li zz+I??`|toB!Xv1JD!2yM;Rf7<+fWUS@D!fGbC?ZtAOYsWJeUs)APt(J8D79kcm=QF z4Ya^pXoYuRgng5Y?U6t<1v4-Q3$TQKUidJ@6C00|V>nKrBOBF48=Z0ci*X0gQ!l zFb0C)EV^mIIZy!`Krw@fF*t}i$m~JXMbra6=z}rJB!K+opcL6;Rqas5;z9O z;RKw7QYeE{P!6Zz44j2?Pyy%R0$hacn8yytg`Kbq@?bY;U>=&F1=`RDWpW@73ZMu| zpbRRY3Tn_7)IkF@K?}6uIJQFvQ5W=p5BgvLhF}D%VGV4>-1egVJ}^c;6)_FcAp=ZM zW(sDIiF_%TBW(ee&=0J@8f?H8?7$xSg98kJf#3*Epnz?3MjQm*Fa&&HDENXO41?h? z0!G3p7!Cdq0ApY*jDtWBKoA7Oc$feaVG@a0-(x$Uz+!(GxN- z_Eyxbg(6r7J5ja^@?bY;qa6>V;Q$pldeW5M%6ty|52dP__(GAQkqbtOyRk zK~P0m8l*!8970(!9EKyHhO$h^g5{7;wjT;%4;Y}#5PY#8{9qUihY>ImM!{(ChgEP3 zW8Q{pxC1qC7i!@i)ImMmhX?Qw9>HU1fG5xhPvIFXhv(1)&F}(V!YguIdz(u$OmmwP}p$e|RRk#M%;Rf7<^Vt3i za1k!SWvGNI$b;RG59?q(Y=Dih2{uD9WWjRCh83`qr13tifO5PKr{N5og?5yEhA*%R z`5agcSJ3AwT!ZUy18%}CxDC~C2WsFh)WSWegL+WH7|L)T=?Cx-9>HU1fG5xhPvIFn zhbCx-7w{5Z!E1N}E$|jv;T^n(56}i5;S;pOXZQkN;TwF1AMg`8U0gvY(dxx+h9BFfLt(ua~Pun&IA1-=eo^6KELFdfSeDHqmq2Kb>Jk@j`RtQ(jTP$2HQWZs^_*PSEx``@0lD8I_hhzU z3gp^P?$gM90J-jyd$nU2>nN1KaUl0rCWxkB2B)x|av$a#$% zTjZFck2P|hBgYvz#;9WsaRu6K0zZ_K&-ifgg+V|*=j8M53@$JNh5`n3(0+T7yJeKUYnfTXJR|!U>3v! zIXCP>8wr?;^$kRRE84AsB$O>hSs#=!k+w%10CGUiC-YEe0>(hDBjmb3t}!Pd3l^hX z5ADdkwl3m2#Py(qG#@NsFt~v}^aEGefHoV!9ce3wg-DDQfOrz|1ZX2o?gjq+>_zSo z4#FWQhQlC(wu>;IM5L49DDvdGMy|Q{fn0aV_3tv!*W+ZQm%|m9hxXp!1#@61(Dwx9 zsPBt0^AR-=HG#grS4Y|wZ5Lu&<|FNdbU0!S+Fk{6joyi}MAZL9dIDlN^44e*4D|ix z|LU2h1%1fB@}!C3HvVK4^919@HuhEX7ZAP9t!;0q%_ z8FSf&_y>Li2du#Y9Ki`V7}^zN}vkbpa@!^3@V@r zYS0%nfD4m=2O$s&lVKW6ff9@*KzP*ESrz1Tb>-~uQCn!Tc9x)TzP@jcJ z?yu;3tu3gRK>iu(p29BV<)Inrk5CV&W=H`O=^Wr7od8k5g=r81v1m9EAv@e2pNXsEEK%9lPJk%e6*&q!EVH2!_jj#bW z!+JObL*N_wzJ*$thOx>J%i$C>!3{VA6>u7^!+AK1zFKe&R6rFpKok0cI;g=`uz{%< zdkSpEJjpX^6w=YK1!HZ89gqt=D`A(4|5>_ z;vg0xAqrw38p0tILLdyL!wiT3ZSa6Wpa$~b0)wG1sDlD{f(|HxE_i`A=z%L}z<98R z0I-2E5DY;u1bl!G`d|P+;GM?^cAjr2W~--39g=OgY%+ahR!x6lgjpc!7kOLzsZ;SIEa5&A|z2m0q> z+Qld$e7Fd3$T9JHg|59oy7@D;k@GyH^K@CUv@4}5_R=z_oS9T*t< z-}m$M{rYND7hwJIupIP|Pe&hJ#C3@4K?i9*Si)d%1AX{k-G>LDE*WFZL-c|&SI21LLfKP2h~O zI7D(iI{~FYu5aYJ_7UTK0{R+8U%%+<7P($+0&@K#*DZ2QBiFG4@PR^D2IRUJhWOuJ z8^|?*oaf0kfLz1L^_yI?Lm&#s^@4ncJb`@X$Y+gw&d6tse7@*w#lO$L^yid(KFMd3 zd@jjnvI1ii0r|X<&*EAjpC9s~pLt}FJ`HDpd=8$YULW*eHSl3JT!2_u2%BLI_Q89s zBLV5x@CJUsaf~q$$n$eB;w+Tu!2hk!&L=TPMa=aa=C}>%eb^>8@)MAri#QN*E9zE3 z8q(=t4+CI3M8bHOhqm;y?pdTyLphv*@90|v?QjCJAP0RGqb`<=fp`-B+vnD8=(7}K zB_jT(&#l>Le+B60)4u4NkGuxr|LoZ`1M?%#rkQAy0*8@zf~7DI`Eb05b>#3n2H)(wJvBgh2$Xh3PN@j$yk~ z(1v`sr2?st4rxF?`(`1X32Lw$B+>8xe+K@aKLbz1{+WdR!-EhAg~>1tra%eyw*(>! z`hYzA^Er4MKJ&S-9b`}!32fMle*3@~>A~O*Zr}Ps z!&7L5ckutE=i|NDFL$ti+7PE>+n1Aw_iPQ)CMY)rGYCSSh4MC}|NUG%4t38^{uFj0 z-HccbAAvj2Gd~%M1VGUz#vcqd2oTj&==G}0X#tm6hRlfz#H_y6*OQxSVI8V zz!(UIAQ%EZzz2OWfT7?EeqabjU<|`R6O_OW+(8R$VIcH}aS#X&FaQKF97cc%n1UIM zgi$aW%)tUI!57=*%Yy3QQ?UQ5D^U&9szbvn0uaM;20K zp=c?|!z@}PqMZ@vvNKb}GPliXYiAPU{M^A=FPliWt3r{>A zFC@#4nbqkf3QSR?rlBcX8B>DHrw>`kii#v;=!7gO)}p)9{h2JfgiR+nbV7aLE=0rYN#RkuK+m@?1m?GtH63R28SxL@8+;6vA3*Ht9#&Nweww z#9<0_v;;b;0v&bB>8KO!a9QzzDNE0mDa)kad|B}kF3Y6fepx2{{>w`Dc9!n#E#2E) zy0^b{?*P)`5qK)1Y4B9(gc?0Fo|^br>`RwP&>vL^IbnMo_|#s+{uV}YAJOs7l%S7a z33}QR(xRQiVv0s#^5g^@a{2(c78P+ndqbozdH$(K`U+A0voAxC#vM zM^{1oW@381mTEa&t3{F>hsvqhm1>~N|2;aFG$h{4wB+GU4cF+l5V~45=&A1hOv}-lghnG@lmV5 z5+An;EVbSSeS4GYy-AJUBz-Q#inV%6wR@A~T!JeTX2$N_eeB-1h26XR#1|;E?cIIs z-rdLU-F@QEJr1qjaV2`kmFz8*{6}f;+9Z45EXm%rNs89S5}l|RqK~66hzccyIZ0s< zeR9be4W~h#Fp!TXax%goD+~D z40`-NqV>p$qP!?72qROpUZ!ZhOwoFAA){u?6s?yjS}#+yUZ!ZhEcz@iYR?w6$F-R1 z&lb&#Bic@mXnnY6Ym!P*^f<6aJuteiXiiVM-^P=sM6m5@`s9s7`FD0s% zqU%N5D<#@qDbe;yiME$MXrx5jOCL5;qV19ry?;{V#t281l#(baiz2y(l5%ndC9$t4 zstY4mG(R34Mf2o|=E)PylP8*|w5Xl5sGYQ^owTT(w5XkosGTewMeSup?QQ8O>Ss&8 zAGY-SVN1Usw)Fd9OTQns^!s5;AC9*4@n}mQkhV(sUrKII!HOpRfE#T^EQ~Q*!Z|Z?vqGDmE1Ivgc_abODELnggKqCpc9sKqMtyA zoc(K@gtK>|E_ukYdDuy!{Y39BIx^`5n@(`(gfyLCi;LJ2bQ!0&y||XsTPrDUCnZji zSx|2pM^2oQ7pD}(DJ5}AS)5W4r&Pr$H9ExMiE)&m>DV`rwJU^y*eoXQFm|SsR z@l2WGeZZ6v*UE}heZ(p87BR(J#1zk&DV{U4cg}sqebvP&O>s&~oYEGjbi^rLaY|2| zG8U)kw>pApDlRhrCamrSlvJYU^Mtc0E~gL*sa)yOzb}<_8$}bkBNQ9#J-cj{*@w7FNJ+9g*H-X zBZW3n*vC?6Cxv!W*vC@X$5PnGY_w;iJsa)WXpb*b$bu@N7F0Q@U}GdU8$+@2v`XcL zOR9kcm6kx7ixd|-oofJwfNos$;vQX$a~6|&DLg>)1RT+2 zSaj88ita*GMfZxTctF)fUtEY)={rv*eKXIbZ{?ZvjXYCMbjD@TCv_HmQfJX8b=-|w zrg9=JBQ42YExE1;uN;Wt0^y|wC8CQ8^>l@c2=!=1B3&-J*icVYq+E2dVF)iaZ0bRZ zl#{0t63HGRk!%8q)Hel)WCKW^Jcf`+9#lyr4#LV+w4$-;;%jLE`;EKIS3IZU!(lLhuTlOsVEI2f25DYD>_1&=JG$wG!KWbyS2 zL!hHC&>3iv&du2|0@r_B`o&3hZ<50nc}!7M6-9GVr0dm1`F^6v7RA1zh;MXw z0v&CEj*dmTX3mZw!X<7fs2px6gi%ryg*R;Y@{T$#xx&X{^0g0j6q1DKh~(mpjR8NBHrza^4QdHmz`|*Vx_`(i+VF$jj zgT8P~ePI)QVG~1PKSN=ip|H+SSZ5@xGZNORh=Q<*im-_awFVv&&%k5{F(s&CL{T~3 z1*#nH0u`y}19E~>WC?Uc-yLyrs>7E_@&b;6fTJYfC<{0$0*!uA91Q_S zQ^3&@aI^&+9RWvIz|j+M_yUf;fMX!w7z#K>0*^j~xy_ z`ooBA7biLR@{;~4OZ+_#Q+x%WPKa*8Z$Mf2>`-5Yk_3xDh65_Ce6PDs%S zE}h`f328bZLnmbEL?1dqf60SKo>U2iEI)VZ1jm$N;C#iz0~lG7Qyx(UsbRJ@%D7_nTk0?!kCqrJOulhgI0%)BA?d?F=0not|B)em$?uPj z0_jWAB|!R;^f4fPN%}aDz9h{w^od+ie5bwp>Dg@y0__z>4ROF9FpfWBDSif@{)49M z@Fzjp$MgC2j{H%f34D87JM!xx;R}B}&41M%f9B19+urWK>F_vD;nV;iYTHJo;G6 zHj=sM_?7u`Z&rLGb8;!Vl|klZ*}18k%oc89H>> zu;Ih;cY^wl88dclU|?|Y`0ja?5tUFakFRRuk)S1U_nyS zqD9Hc%a*02q^D*KgRcY17uN+qUKA?%I`?S5Qz`xOZ<+(SZZS z#Yc`DJ$mfe$&+Per%s(YbM|aS#l?%4FIQGxxpMvbjT^Ub-?>v$Q(IeK|KP#HhYbx+ zo;-cp)YRPk>eZV!EiLcfy?@`<*53Z*%h#{pzjt(WcK-hT_iuMMt`^j*TlCVyOAfDQ zyuRSY>=ynb3QWCby=J*Da$gYi5agK6_~#4rizqPly7ju{@DBo&VCvx?Ii{Q_Fq^xZ zyT9Nc1S&y3h2(dkc<~YW_(UU*lN5uAJd;m;oT@-h++5TH`5%rH01jSAeW*uYTR=n};|pIbbigDTIIB?!A zC}Xo3eB=@Nd?j>O03~!&0Oa||qa5|1g!L+$`R2Yb;y%XJtF$!ox}ofFb9!?Nd1HlZ!m|4JoPgUtRFw+;Bc`%@{I`Ch5mp%4|$ZMKVW@atdEQJA)-I(kViTC1J;KZb~%{|Q*`6LdUjc830(K~pfQTK8 zJnGR8>sP?~6|jEf0TJs*9+M|8oFT9v{|a{imx~A}BJU3i_2hkFp&oe-@`ykV6SC)U zM!`Xe$V5Nj@(=;_)Q17})Io`Qro@qn?F&7V253 zN1lT`B9NaLvp^c_W&wVGfIRwP-7G*o3-v72vrv!r=m)4r9ue!NHh^q8gGr`?%_0Ag zsWWi|qkwvAP_KY`>kkx2J2=6*Z$2_SQ-Yxu#Gc%bEAX0AxPPHiDBg02MAN9xsBI=PBR+F|XaI<)M|%V00TK1clid!87@v#r$u1yAneYJMklhN1s5e7B*+k@7 z$ODIu_JD}-(cb`hK*adS^U)pZsJ3JX(pcDxbj0|gF{m`D!;9)e zwM8X8AJNcsA94l|&5@n}vbbE3_QJCRStm6&YM#_e$>?MtvQ1?5XB@Ia*pvLIk9%`qyGCh0`#sPRSX78a2?2*)Gqqt=ZIYHVtlf6PxjA8I|K@q}}w*7wi(3+F1Dw`jd& zg&bUKJ*c;XI^5{D6uSxc0l1webx4yIK;2tV5#`idNwuNg7Se(`(l8$BOT87OjP%5d z9t$;OT#V&G+K_T;Tw$8jdXTk|b>cUG8fW^ zj7e`3-G^#{G03o@J;=uwbbJOAXD0?1X;dMNIzCc>a->Ne)rQpJMYW^KNFDNYUtu3U zil{!qv5}+37qum6tW!9qu;+GQEf=S6l6%2;Xy@e zEYcY6~a1dp29S>K57nR9$pw* zG=^v{q>Ri(JU`LAg!A_xJ1d3HV5IR=L@UM0kxoI66hu-^z4&N@QWj8=l%tIFrOQx4 z^`-itoV?P=f{%8jFZz)7DJUY7q{kNKu|z#7BXy(?d69LIc?j=n$S8C_VVaDY#utuB z+L32MYVIw25 zhphTt*muW-AInerD~I~bTFpycVt;l;jt9i0~VaQeoYkQ3T-gD$BQ z<$QUnH2;>K%Z1nXyj<_w?iqZ_B>tk@lcCX4!KPnzaw|4@vpW^9|6JGZ_Exg$fz6E> zx{tW6@1LiP{nU|hDBN#O~Uu9QD0zmCc@U@?&mS8?7%1DEL0x zd3*ApOvBTqi~g_%PBIp3wX>Siwe8i)4M!!K%oQSMp1oPmXu10$??AtBHKzOcmn#nT zadOZq?%#9loS*EpGso{(U;WnT`)1$HMCtwfsP1K#$^WXwU;;U+*}(aivEKjP_t8B) z7yz$-MA19P<&k%A*btxp_zURl7`cV zi@uppqH?X%-5G%wX3D;EC^tWR=~+PX&9Vm>?tOW_WepG1Hfa4$TCrco?%v_DrfrQ0 ze{IT}G;2SWyg0pOsY#5_y5zIlm-YMNyS>1uW9IskFTXOmYJb*bKITV7-r4JWdfE^fYYsnS@9@tzqNnES<#|P2 z)88@k-OtdSvXP&&>x=91$HYY01U@z^lHanY|Cr*LGVO7%T^1<^e0Djz&Eoe`o#|f+ z7BEYk-6q_ckuB$)rjhk2r*wC`Pu0GRB^Rcya(O&IzIiVHa^~(KnjZUOE(e7jsvj+x z=sqx^sawmHmFs2nsMgU>NxHWFy?kTtr7y#7CXAC>thGJmangO`j_0jEH3Pa|xr|IY zb-sD#*0YkAIH&v%UcM5t+oLjX^3-sn7>$zn-%(}bX1aYi;jA3rHr7RN%%55PHrwV7 z@ky=bou695seN_f@9_T5rOf1KoE%}T5q#kGCHZ+be4MAr)HVLDKXd+4l0e!%MDrS> z;9*iiKaXzX-I3LM^nQ1~+qb6Ez`n6bZT?`@*wDW>bOUUP$4VUODs#0DS#J2(Z?WCD zv?hkzx!}op`8n~otb>+oHb(bt`gy?XK~>LEvupN|hvy3XbB>u#ioP-a*10KrdS2u! zem=d;wM*f2y8hppWq*cGs=sHI^m^Qm={}vODu%78TetQ1h$mm4z39L6_Fhlr-(juS zUe`Ri#cyYhOdQyqx3soY?~CQACykr8tzUO^&YC0d^B-)Ct-ZIVw%Pc4iOr1F?z1j`>JfkKsIOD8iGAfRbX(1TU!ccY zC10KYrgdI?*~4##)wjP~QPb>yptQVM`ERPrmE?v4N9tx2PE(Ue+?=8^w|Zluil+W_ z{*jifuCl}*UV+!|4%qcuw&c!-{1tAC>$N-|4qK{w)Jo2nG4mKTEf42<_&8B+a&$q-OXW98aEU@htC~-%gXoU z@PjIg$1=ufshW@5;T|mi@b$IaiUoT^EE)4!Qp@7ca`oP61;@5+`KsE`$3lO4_^DIB z&b+mjaOjB$%Dg(o>e#q~wYv{)_dUyvk;;sFH+#{DA?7E`ta z(m&TJo$i;Eywxb-SW-~QijoSw#2wESxEmXkj;=as?SA*EUV@UqXiltk%QMY@<##f6 ztNV^$)b|N@Ud4{x6*)^ryc^WEsI5yUvvGzuFTAcQ;)<`jc00F0)!xy?`p{wSolSEDqwN$PCLT`B)li)FC1?OA_WGVjF6xSddHaked~8|! zwd?nnt^F>Z&5IkXsyo}~Ro3zNckiXA%4MCjaGR+8Rxhzj(slHir_;^lb>41&xWX;P z_{NN}3vZ6Jjyb8Y^Q@fewT16rZW=fE&%WXJHEPF>I{@Oan=Y)s?^{X8IC=r zq}&nLedNOoy{h+{eJWn1-&nl=p5wCPW<5E~_Gk80`zFr3kf}d@I%`{Tl>EM$PcEBn z8jmb#x5%)Gn`CxMUv+keANoPJ+kt&IoPB8B ztE843C!J|KW+Ka?H!vBEO8Cnk?q)-X!UCAw2dDXQ z%l5P57w*gW5geXipw&~Ap1WmerRE3elXn7bt;fCgYglV$S23&o>xc30d#*Wzel+Wz zJ2?4MgUawJugW7@Ri-F-H7mREPrdx)^S=1d9##LDjkW%_yS%=8T`xNq)2`#DhnwoVtFw%1CwDhIzN6WmabRW}es( z#JD(#x64oC$h_lWDh#fm8)-@+ju8ippf)rTBL_}^h+-7ppJT+mAM>5x zzx;l=cS$HC!1|}N?oc12t@Hf#RXnm+UDWxrc~r^zvMu$`zR&it$)C~2tGJlC^*psYOwe`nj6awe;uOL^7LOu|p~@@9is*Iv6TU-o;NC4c?X&0kXTdK}NaNxmL^9BCIamY@KkUg!POL-Bi9gjJqV_^N;Gc@q2~^ zcKIz?Zu)mumF{Y{Z=T`4((`((w-?974|4q5`90*R(t*xr9|}gk(AwT7Hm*@Yu=tu| zzsOlG_oth3T5F$P?_>UDPYN@%t!g?-@6yj*tw*!M&|DN{5?}u8?tSb&lw$= zH0EN`ro|r~x-2+p?d+H|L9u%4OOq5UJL~U7N4%n3EMu-!kDRZh{l$8rqnA?5+c6u; zTh0|o2890}p{@|C+4b?3;^Xtit~aY*yquusH6%+}Njk1gw!z|k@q^KkB@xpOWIf4# zckx1Z)$54hl!{$hmpVRoE?yWiDuf*}H2v?rV|q?MIY)gGtN#pq)IZiMeNM6N=jEO$ z$EHnX489PYpJ;Tn_560Pp@LBB@fX*AA3wVA@3XH??eo4@o?o%N>eq~M^VXcaA^1AK z^i0E_p`j)p7G*T)tV)uL$#}VW+WIvU;)c!+F6FNmJjfaOoOScXVVN_v5^3lB!VW0r z9h^7+l*Y1h-qVB41w5-6{fF9LVd+h5&AITIXPm!%xI%ZFj*jaY&8EHkWaPhQ6-0lD zGE09_{Ad=dg20bu`~Gn2lU*NQkv}qOYI}fg zXG`eu29?ah!OCN1zPtbVK{XdG20Grj_RPV4$0Mb*@C|Fa%*&kiaDz`-J5E=wxb)N7$omjmci-OHuRG6%UP>Po^DZ|) z_08IclOoRkDl{>BF=$Xx*5-pF-h~O;>)UOvKj|3T5gpHQpCH|psCw{q3N!22@*^$0 z+>LMCTqgcq_ipPWhrEXJ&;7=%vSbZ9{9wzH{Y#h+-R|Bqvs#jT*Lb&H?&+^b5=tLV z9Qh-A;+(_g%`N*hn*Sa?=9}BK@#E?%^{v&xE@tL49(0;nD<`dIPFpAlng4N!+?I}< zsr9e!&yr9*JL`M4acBYi{O1S>)w~Z?g~96vw`rPgwU8QgFn5-_)(`z~-QP2I{?PdL z)Wocz|NI|+1;^7Ig4pKOm*?J4M(cS^lcrr=Bcey*!W$J>wob# zR<2w0zGku8?}!@xG4>by6PLa^bzrEgc~$hd=YAm4wBkU` z`-F2D5nV@>W~}y&AAB+Vb#7hW6q`V;#LAaYMq`)Kd`8BW=9TOe=XVW*J^*ucZE6?t zw~dT=x6s~xv)=Be4fV~I4*B)EU+1jwoF}c7JL$=YUnu5Y|d zi_Vu<@_|oAzFGhHiSFH`u$uU#Zg*xJS67qJ>G$_)-P(-p2ETs>e>41HxWInD-GBod zS$C>~!cspUF8eTl;?{v`an*C{vNwcnd0sp0OsdwpfRQRe*XEqReyv4XWs$vP?F*kB zi@#R=9e3y^L;gV6%ZtY6e%75IAQ7!J$AHB-k$m^|Da)M;?p$(H99RF!LoMWdvD4=x zzQ#NGPG=X?4DGmDP?8uDGM_)X`*!Bz)vYU!{W`R0>7idECs+Du++vZ-fv~hbKl*GcYS>>TN@__~~>@Qfvss$bzv?j=)*0a9whDYNJ8|RE7o1RgO=XGbS z4!dvK`uOtJ;pIaXj4g8fUeTiCKOKcx6v6Hq%m&i)xcN7&U8l)J+`v= z)bVHIm9P6;%?zKiQC{)E%5lLPInFW7j;<{ye+F7iTe5IaS^k2sra${NV)$N*9^C(B zzFuAH=Ty^#bCIb5ht?~sbNV1rb}i@j^$humk1R}8hA)rZc(1S|tIlG5UC^Nr?-h^w z%%ALKl6P|B&5SwfRwo%VRnEPfJGkOPev)HYU~!&LMA|BQ_q4m}iTi5`Cs;E+aatC3 zuL$53yI204W-sCHlzQW8c=W@Gw-?-;xBdRzKI*p~q)9pboZNL?QMGENa^BkkwdzmBZ)y~18NIrH$o>4@yD#^=w_=Ur z=N&daf8(T}>HW66^AAqgDZQF`AH_G$SoRk zsCr1f#b?ini;w(Hu9w&>skQ!fn`euCRq6dG19r7^$jwxC>)Cbf^YlsAAA2-5BqhqV z-G4vCcb>iW@x0qc&&~&GFa0${@$+#xqq@H*=Wh`>9^O-8ntXrMv>Ri#%wHGOqIz!M zXAXP(mwudE?;SOnjfXC-9`1H_Kz@(O0N$v@RSj{r6*ElsZ8Prh3)&SlwWl`xqwL)i z;mI$2WM+Q}c>f^5>|kcmdA*X^eunqI$t*8Q8s%cO&9m9-?Z;Z#(|vqRMy95AK8hLT zJ9(;X@&paTd)pGUoEpE^{TP>(UTmmq6PLGhPWsU1_2=V!f_BLAouAIRii^t=%Pl=y zT3&FAJ&&JRaVt6fZM3GhUo|V~YDeLc?|EK3)fRgV`+RdELw@bEi_=plZ&KjvO)8RU zUwZddbc(mT^P;<<-HZ5FKW*BXEf^#DCn2f5=*WNsozXSn6Ca!%$a&swdu973DcNaD z8lS3vYkyd<*rqIBVqoipO~+I}@fv#GWif_4oiJom`^oC`v%l|DHK%$$xp&-x=W_YW z)?bV7w(M){ zq{X|tj3(Vsev!_&a@cr4z@urQ?>hqRRKmhX2>R$NMopPeHRHzIyWy^v9A4HeU;6mI zzGdX()KERCWnmr88Me9uU4lQn-Wy>Pvh&WMhXaOIXj!pS^JIT8O-mPLY)@)>m7nu% z=GjfQ846PmIvRJ!$A8yz=_!c$ox`7(xXAN*kTAEoHS*se66*3u&{OeYr18$5!rta6WMB>t}+8 zS0iT6_%KQ)BawOFRKY=$#tfCnvgUH{&-x+bYu{wpehy6d9xpkrKy#14_vw?1Q^Lwx zw1T2G#okJHsf)8}WZrE%TU)<>vTMpIUQuGn$UUX~AKqB(yxH>QRL(fLX`%5SQzN|J z@)s&kEzJ#Ae{N8qoqf+F@=R;du$0A5$_2wy`6<~-CoXF& zC*WJ=4Bcx?hi{wv71{=Hi|mx;H-_}h_%(OJHj{!OlOx&=Cf*pkzkkmi&%T!Vg$-wu zpp?>bSr$36VEdIGCVu6W6%HpX-#((a$ylzpr&QCe@`Hst|jJ~5fKiR!D z;x7F#>~_DSE-@L|3p>{S44Lw2ZcxXf#>vlYF59UUc*p;=4Q%T=+4X3dYIRa(`}pT$ z?@j${)2LBnzjo2D7~4*_&#VVK?6%8yc~u_!@Ty31*qUpyhEGnL*`}r3`1btioa58# zZ)mOLhFraLq4nmT&{01QRCM89b-Q(%LFw$PX)8uIJg#uiUe%(eYn$}W#dQDso@3We zH-tv}onW}v^pv}pJ>^dP`NVtM))yT%j~zwm31yYQ#s=0cv%6Y1VO*dB4AIXuNIye(H}6<5iaVk6*tyIz6!Z zK%|LZh(_l7!y|I;hd8DGYBub%a;ekIVRbFivLP8Kbmk6t?0fC_)AvCm51&ju?{=(M z&Tx5!Q$*MCvd^xHs{UtDEL-~gievsO_U($8>glt`Fr7X5jLQ_agw2nv`-p3eWi6Lhhi~7ND$u^MwII%lIoxb`_SHG@ zRn^Ls-lxBKOU)d-f|ow+*+=<+)@3$JmtA^vaajP1v*Y)~+B)ANYmG5#ZWm{lq$pR7 zx3=9j?MhX00;^PBI<0+~{E@#~a*kT`n=)+2yEUh?p9JK8H_ccVd{}o_X?&9E)3Ir} zOU}11nUJvmvB!ZU9G@RP?0HkVB&yt6HRrGQuZ#}b;Q6lI(E1De;MYE;A*Wt1V9lHU zchiZ?qz$(l7o;snO=PWJU(%V^;WxTzR_I!}j9o9&m)K<7cq8kOcIw;~zvHDFiwE1b zo0a%)%PrZR*eB@e2EOhngX}|&8C#y3FL_!YWcn$2-71edy|P!ym);hX&UiC5^j+01 ze&^s<_cn!i?%8=qZs>x^F5BKSQWrkF-!ItrZ^Or#9XkyUoIiAAiPC7PmEP+vZPi=Z zsKvdoG=HP&EvGX*gO6?Pyj1Dhc0zOY7&)hi-;1lGvQ6b1Qklb)?)SWz64SZ#naaz; z1ySt1XVz|>vZ1TTdBnS;&Sz!nd-l3)?C3Jg8aAt|Vz7qK{4mo+-zTT#uR0%k&rA2- zcg~TT4SSX9?NwoepU*VP3^rv)O z%qjm#mzT&D>v8pts%I(8;{N@!!mQ_)V)cmVqmyF{N8Ng^bT!AlU$<3l-Inp~olnNz zeH}STb#sp2@L{qCPMxVpTRYh&wtj`L`?K0h1McPcN@c6ZF$C^!3M=lnoKZ{R6!v!t-Ws`t|HyT% z{PX^cI}`f*R~JvYn!VuIe)7jkFWyu)pAp=deePEt(`!Y~z6h^oR(PgmLt{d;*49tY zZ3^Qok8-EY3SCqZx%}pvx(|AHD{r)i&M`jxrP4XA`t(Ts$b0E;j)%EDEw4GRu*_+) z^e@*TpXIO3iVGPwC@{qDvT3l+%6FDdeM?swU3kHlf3l^-IKwCEjZ6CWB|d#Z0yf&1 zg`IRr=PT+oHB`xA&@>efq$m?M=+9 z{R_0m)xS%39Po+HIl1fkyHk4Yi!T&yE1X-`xY&PqaL$nkZ_b#^dvdI(2y9zR{fN_?#52_mhoz4ZgGAlvsXS^b@_GTyyRxdGGl40 zZ>&|kq||foUmLn8nK>PK9<6q3o@$uZ@}_bRZT(+)n)?)a9@}6nS;8C!Bu} zbnn%J1+D%bd)C`LZ(S@Xdi|c!R{2JD|GCmpJ?Deo9**w+Y{0R;ZKj67lE-e8Y+qk> zBS<@SdaOpM%GCL{Gvip7q%I^1>?_;8yRWdid2y1lOIvNZW=gq{%dFMy;n(?p_RXkD zF>~4}VP7M?GVtc1>yHZB?7K8M6T{SW`mJL|1}>VP+mU$R&hD7W`o{R`fkRixT=$D< zX-Jy*Cg{V+7*@|x@3Ex|*4pe#`PJvuoq1UwI8Q!uE*$LJ^j*E*u4VJeOaBLZZvqZw z|M&gRV$6(fF!p`yV;}p@SVBlbl7x^XNs?6dgd|ErDqAW^NM$Q)LI_DJl_Vj_o`n2A z)0OM$>i4^!`+A=HIqu{5AJ2UrhdI|dzu)iY^M1cR&SB1TL8ef|x^eQTFJ8eum&&b{ zeRueakse9%sDK<{zQKL*Z4{4B`x&;c ze6O;2feYa|exEt<>OM9KlV_%WAFF=*-JVCiag8^b29Zh&t0(sF$$9rNVDIdCVa4vY zPVQrG>V0dlH=gI1v~4D2CN#!rAs;C=m3B~SZqrL2dj9Tm9=q~zsQ=xtl`V)dp{|D2 zBJn0d#$3~NwzSkEf`}(0!%<%X(^=0cxg$ua@{OycoFdL+$>i{~>hS)uOT{u1tz@su z@3zU!DqS5lxZZWTZrh0wxl2zA?B6pT?_hYw%j=3npT-7%(awIeee<wV|t>z+(SOxS?HK8gO%w%hqXh}(VH zGqk*$uAK|5Pck{)<@BmtnCul|yz;C)L@SE=r9(Ewy3z4&)RTb?OyuFizIK(m-$jIC z!W>l6OQt>%_m{2q)HlT#JPDg*pkrzct30q*ZeS-%CR>QgmDTXw74utq1Whi!HVNmV zaDSU#!nL!_k0AIlPY_jG1D}hQ%d|y$Xljdpxp8=<#wUCv_d|zB^Awl4#e<0Y`F2CD z7)|qQC7f+M2_IJ9T(?3pn7dxT#ZI@(kuLFWvWuE{+i=6u-BaS<1*#HJnFUn1TO?nb zS5no;ob7%I?)=ogPxSQ+>G^5bE47+-e-E+tSeTtLj40l<`4ZDaLh5a{xUJ)ZB_Hsy zn*-kVUHwkpAV0j*15wwF!koJCAYeW?MMeX|G@};dh^lcHZOt}%7LiLFc;bBLKwSoD z*Qa69(^1_eyRwO*me%lV(vcaddWc2gZ5ch9-x*goFnz>|)0f&PUO(tlX@f~^PCjt; zTFGjT!(>D5g<&cAyH`Anc7G5?cn$2tH?iDvcs<}i|Au@%Q0R0}d@;Ac>1O3!XTQcr zj3Jrl9LzSg>fS})GHGGDJ~ex9O#Mcz_QivySV!sI`DzAWwUV6|vPM%3=A zSecb%9+@yoIo6O*cUQyPgX`}6#-W{NGxh3^PW5B<5>H1@f7du1xAb&jf5tq#t*V~jusUp^gu6T1b;o(DLSO9Q z-ra?dcWR4v%*sAojKN(p({I~FK<>ebj0)zy@k!_ocKkB?r4jY5@nx9d#@@0vYg`I< z6-!@9@1ZgVrX|}Kn_u?5d0#C~-OTvtY`23WVejzZ+nPJa+_S_Pw$xcJoIMpMHRSGa zBr5{-s*y8z7pBj5k7t>6vPs_5?VTq)r|XJ)!+gFdj#=1fTvFPtc2_PiCL+f0>uC$r z&8dUdqdK_r0!GsGXU$D2to8=7lJWHqU0W08E*uZ_cef!XvIQ#)%JP@(zny%YyDwk2 zik~Z#HM!_QuI#$vCr~?8*5BNZ`y=rvzBymeBP!6=T9nwy%|Ub5WlGk$BBk-N3-g+K>cZEUPOLB9R5#MQ^8ij~fYlb0daZ9Oe^IZ{ zmyq{g_8f~067l->xNA$zLY(9-y7jYPzYz9?U&zibTxTb}XKY*E#KFOEr5nCa$h$NO z2pl=*BeLqC0s=L7BI=i{lfa^9lCR!hVr!U17Y`m69u%l$S%kqa8gp z2Xyo0HOx)Itqh;udD+NP<#&}=3-{u4RaQx7zl9x>_Xgwzy=~OW`<}Z!SmZihgjU4` z`hVQf%sA42enu_vwbizhiBG5A*+o|DOwYl!e0;|jUu-2U7Io&jU5#o=ElFEv$kLdL zUhCuey^W)jFFKOH-t-fV$h&OVh`$gvfW3D1O8fSs&R5C=MHRDs&fA}e+~rTc^;r8@ zot=Yv{PzxnyTnzqk7)-Z^^tKED0Nvd=6hPuWX@eG%4qwH|zj#a6>N2X4^x<+4b8mK5H zGdA|Uul_TdA1)B zA9YYfx@MuE;G(y3ZIH9`Q^bm0*_NS_HU?2bG{>zZVO;0_9^!i4_MMb3Cu?E_=;M-F zC17srOmR7k-l!`g;G! zQN#>~rm^8-UW5JN3ywDX?k$c`UuySkZ8(-aXOD3RFReMM=G4M@f1TJiL%=rrsrjmC~5yO__D2YFZaecmnVG(_Yh55uF=tva)v8ToZ+kR*)rjF z&bcX#KjYI!qEiZax_kxsE%6j?{>$C-S+!O=g+ngu)dVpg9G(wmPh0u+j8B-%i>r;5 z+)t{m>DX9L7BayX@6Nd07KR?uMl*;az9NVMzJ&K8L#2n81H#mmDO7Lohh3i zcKU}W%CNU)7UtmG-Uz>x78$uGh2kQ6S|b|2@kAv|Z)9t`CAV!v`PNLTy5$>e?5!{N zT(id_sU1wDjf3~6H@u5%+*KMs@_yxcNys+il>{N=Mhk1IagCzL7#Q8~Ba$JLHIAwb)Thpm~W9#l|a(w&naQ&9i zs&)4^6eVm-TIXs^KBU7VKAlx17&S-uQtY=u?xW|KA+Ch=_GcPxG7%FeuM{5gZ#{p$ zJfD8=-k4hj@Yl$=cb;0GdX23)o&Jb(cj%wb{yc6wnFP3VDfvp zr|Eh~(cpVsRLhj@*4eM=S(hcb$gA3vGgc|y#kPw`m=tyv9P{QTJ zNwzI5(Qo|^`6gcB_Sl-eu)AKhL72Y4_4wzp1jE8HtGpU4B$iU zR(W{dZG}y0Xk&!&HCzV$gNbmxNm;+BgU7}y8~E$lVwC z>l6x3m~$GAaP`S;#Tbg7f0A;(R(`0`G!`TD%1(7JIpdlC>K=>Z7Fhz=iFX6tM*Ayn zhP~nC+pLc{>0iVtuxH0ks|Nc38Cl#%E%JEERLLvun=?5-TR z3XOJJ2NistA#wHDJuF-!IadZ|-p4%A_eo!ueBd>Utkvd&K{kg}v|Mb&lyh7Jl=aRI z&Nm`cBrO$DS^_aTtl^_^zJ7-LwE0O z{ANI!GSs_yzpl}$VT;8r^(5PUJ*CH@A5RcozD$g54#}Mv<$rtD(mxbQL9u&0U3@r;z-1UEE`$eu5*ue9o8kvH5IKd6mM9r;q+S}|Xx-r@ZKU&?z5Jf-h?=qdNG?p_&lm!4`;(mo^p-eAHG8_C)y72=o5>p49o^4Dz`?)&N%siB|W zk$Nbf^FmBqn&}7E<|B^$oDWvfB&N$XA#>8F<;Usmc4SsFjC`l_Qx#ZD(C_|EdA#-UjHrVnKi!*dn8HiVV6 zH0553U_LsYq;=LthRBjyZY&V`S@AwmT{QO*{cG8j0gd=5@du6Lvp34Wa5}y|q&n&E z?mhFq&Afhl!(S@AH#{a18=N|0qvzyKPZw>cp zB9Z$Y@4aCOBvL$`ZNg5Uty0w87{%`Ix&Db*Q0lqhw@HWV7fB@N!{;huyREe)$pcKb zRar;pA}2i9ioBeTeB8Sq!FNWq!Iqr+1GP z_U$uNIvH`2Nmqqna4kDdT1gqD{HnV{aBk+I`hk5Ws-NDr%bh(P!-+#PGTPgjac|pb zC9uWLlK)<5q8@x%6e%u3CoaIsB(N{gSS39_b&NMaCp!~eMl~+!LN$&kn zv(&!*M#^w28FYF|0)JO`J=?LU6JTKhvkZz-$F>!9TS>x?sJ!yHm zL+`-;b?S0r1VwQ%tW-%!gi>5|0wWWOh2>ga0{o#aN_5YT4GPIA(L^h%HS;ca3-Zx@ zR=PMO9*;vYFx)FkGWayqsW>&;sPdq`33Dtu7R$j($FV%~Sl`plMEup0$3k+VEDGkv zmW({?419DbdU_EOlC;aiQr2_FI!Ocyg_@ggQcFG)#U2-Rf`JLa#8grit#Wk#2K}zC zI@Uw`*K3;?n_j}7$LP+c#B!@rFlsH0 zZH(;=k6Cn;m~{6AP${fzNVW%!&Dglec>I9?Q?;+NZ931NJmUL0)uMSe`54C*TMOQZ zs3_Efx(9U2vz-R!R13T&1+V4lVJ1~qSBGeC>?AzxY38mdiPL0469^}xPO%so8KFeP z&|=A_BiZ)2S;;-`Y2&|~eN0?ciB5HDx}IWgXpXCEXh7}puu;^dFzd;YnB@%(4H5Tl zozmA;X3@V_a#FXhz8-lk_k>KvtrOZ-MjKe{ZB02fRTy<%b+rrZax<4c8fas1A^D`h z^R5;ibEEYP_M6sm9SAhj$j*)s`83!eZ(_8L{&s1MnzR_Btf#xF#MhZe+HZ#%#VShU zwMt4ODHl?bgtu+lAoO**RqOq`hms|?qTpU!NXqEDM>2cdt>w4b*$BUX`#^kZs!plB zzJoa~A`ZvFPS2&O%%HtxqdCvht_K`$JB&o7Nq90H8jDp@L92|uZIR|7GV;Tn9x;ak zEVPo7BUpFsST7?j${>?|<^&(4ND~ejh2hG9v@b*G+Ceg}KmsKYz6y}}4X}tC4AmY| z@&K%E0wLN1^4SG8+yc_CgC^aeDJ2-%ZD?8=hMNrtcnfL23`psMkS9Y*SwVVqU{wJK zYgCwLtrs+u$mmCd(Lj64B#&#<~DaI6&Da zko73wavMnWEZ~v{Kv0Vu$MJs$x2SRr-ofS+TK_6m^iGT`DUNUIJ~tprw_ z0~^Lcigtk{N&r<|fL0NZ^HZ=Y0&FD$2%!VH?E}m*TW~G%NC=d5Q@^oOauTUlsV3{e9yfoNr8%F8HV^(dh1Ih39jK>sqJ zQwhr3S-^oO;7=Dy&uy^ydnl6?fcc|P2AH5cZ3Mh&0(!-vJSqV?k3kvO1tlRFu&WB? z?LCx1alqMSKxqqcNf1K+ z7OejcWKjoJCW0MvpxJ0hB^qQD2*WA^3lPCJPrx$oAnp4goDpDa6|jFc3{M#(+YNS} zfpqT!DZYj9oCb@b!Af=@!;OF)J4kOSq!kIn76GKNf^7o<2gx8CR*+R4$ZZCO-VIh2 zf$$80)%Vjv04YuZOLc?&q96tJfHpS>??##>AU#8X4J4%C7D)OGq|q2cR0i_h1oCSD z$?gM0=7Pl70gHJc#cr^hJ0P$TBv}Fop+cHBft>@uK9OK~1R#S5wmePK1IUyOtc!s3 z*a22%0cnFEfoYKNen8R>G=cm|06Wo;b`)4N4=k4pHrfHHP64}7A?@xUi+vz{B%~Mx z7A*sW4uP#^0WbBC@@SAVE7)NMtm6hKe*$(C1=JdYz1ac5C?rXQ1o-v^5kssQG4 z0qe?OX*QIoh$xg6B|!KTlz}`zI2B}Q2)Ky^Ob&vCBfwfIV08*ewh?660Pl;Rywf=N&o&`^?9ptQdQR1pD%NWfVDl!0U@ zEjs{(qEHIXK#Fj1NDB;?8Kiw2Le~kBc?=SWhVaFK%#&yqfuWj0N}9pyCJ-VUkPpp< zmLUB`XwnFpLc`EvplLh|Hv$mQ0BMf}q%=avBO#?okRCl)l?g(55@bRTlC%WrcET{? zASG5{|2RMf7Sj3vhD8t3c>pPC0O^>5Rq6pz4*?SdT6!R*r@-!UfFB&BVgumfA?+76 zz)cK}4D#%RRJ1_28A0mnK+5Z(`eVUr1W0*3Ab}$h8HK zWd^o51t`FQJ(~c1Xh>ZL;O97`Js#xS3AnHZY1KojkzmCpu;B?v(Rz?XB%rDu(24*# zH-lAawnEX-A?QGE=3o^nq!|lRZUgit0%qa?M^upPDUi=Yu!#krv;&Y$g|tV2Oxq#l zCjfQPfR+TXcOBR<5-dUhi<6BKui>1suApJ0Vp*GOt%9n zFktUCCD}>pwWOZ6Og_&JzRi6IWPg_HUVmnfh8UR0`Y*(b%0eo z;O;Tl)ez8(f)Z2*w%hb_+=>>ajfRYyv)?5c=%@|5w4B(OuP!kWO zAp!6k0hnt79GHV$EC5llQ105H^sxYPq5z#pC|4)JQjB0n8?d(-luQ$_Y7~@BW+<5$ zC>yj#&?3O@>%jIMU`=x<3r0|0+5oE?0A-J$^t1x{I{=*sC~q-<15>~s6O^9gVDSgE z3uVB(6_f!MC{KofH$0%19?ByM(0L5XfCZFlow+t4Gd5U zVxa`K0(PyS^hHA%P6Et624pb;p4LNYi>2L8;n$xlKPOuMX_JwUx5$Pdza3ut|JkPy zw0k}LI{kIi59*J*d;Gd@ZF%iIwEH*Ewyn)++fkqb4BVxf5y1?%Xe1)I5rXjj2nhrk zA&XFiC%o$*^x*!}X7GGp8-yJ^5#Al)h46+aw)?@Ir^6A^@a*6OL@FW;o=2RAxC&1W zE<@ab=RemYnh?#19>f4*2r&%LdY(i~BbGoVSR^x&faFB-BKeULNEM_8QVXevv_#q> zoslj`cceGc9~p!^f(%E-AQO?Nkr~K5WInPOS&A%2RwL_?t;h~!C$a}QfE+=NBWIBd z$Q2|W#fTC_iJ|0CDkv?K4vLDhMA@PoQBEjVlo!ee<%I9it%KG>o1q=hPH1PeE7}ho zfDS|lqZ80c=rnW=x&U2-E<;zMo6&9PZgd}d06mPJM$e;{&?{&x9iEOr$4kdgCqXAg zCr@WUXG~{GXF+EJPnmR~^Puyg3#W^uOQ1`kyGWNuS3p-vcb~4Fu9>cbu9L2pZjf%A zZiQ}@4xapjVZ^}i@EC3kKSl~e#wcQJF^(7)j29*t6NyQ}q+n7p8JH~0RZJnK2vdfs z#k6ADFrAogOfRM%GlH4LEMc(p%=B#Z-1NfqV(?HWMS4AYD!m!K1-&)B9lZm+Grbpm z2z@wxG<^*HMfx22Jo+N~O8RR0Ci)Kg9{Lyb1N77M3-n9$EA)6Q5i5+9!fIemv6fgH ztS#07>xgy7`e6gHA=m_LBK9IS3wsA!jcvrXVmq*%*dA;@b`U#`oxm<&F*pK_6Gy^{ z;iPb6oC?kWN5$FV>~Kyv7o0232N!^g#%1ENaQV0*+&Lyu4dTXdlel@@ zA`XMc;sxj!7$7)!Z5)w%`nS=W@KaJWaMWQV_1X)NdQY?xrYAiY|mMo4ePAo1gzAOPOK`fyxu`Ed}sVtc+r7Yzvl`M@c z-7LK<{VWqKlPrrYSOOz~nZQkuAdm?Zf-%92U`?oAPi&c-+fYp}Ohc%Ejg!Kq(3~Maw zY1S0hi>!I9`K-mPrL5Jg^{lO|BdpV`v#cwu7&b;WPBtkvc{VLJQ#La;CpK3$4>lh* zf3`@rXtqSQOtu`he737>g=~#%O>Et4eQYCalWg;BOKi;Sg6zWVV(esgS#}D$20NAA zjNOjil|6txkUfMwls$<(jlGz?jQtLKC3`J5#@;*L}Q{U z(Sm40bR@bEy@@_VKjIN$Br%qlKs-%MAzmbA5sQh{#71H-@da^!I8K}(&Jq`it3-Yd z5{Dv(3WpAdDTg(O6NfK{KSuyZ5Jw_M21gc04o4|RImdmDHjZA7A&wCa3@0Ne8z(oX zFsB43nNyZigHw-_%4y7L!RgBB#p%uI%NfcU&Kb>_#Ce)CjWd(;4reuIJ!cbV2WKDW z0waQSfgartuvaiwsjab1i@?;Z5Vs;LYPL;4S1W<-Nn(%-hM^&pW}p!i(m^@Uii6^O5+(_~iK%`PBFf_^kPC z`F!|%`Ht{~^2PGS^QG`zYBRV z_;vWH{AT<%{0{t1{9gRN{DJ)8{L%cU`7iQc<*(&$;_v3~Rm3)~SX7ibk26qprQ6u=Ae3z7uI1l0t! z1PuhKf|i1If-Zs{f*%%1v3P*1oH*23YH0$3pNS%3HA#P3eF2I z3L=HDLX1L0A#NcFAz2|sAw3}rA!{KUAwQu2p?IMrp;Vz9p(3Gbp?aYvp=O~rq1Qq~ zLX$!ZLMuW@VP;{1Fu$;tu!XRtu&uDSaFFm3;TYl5!fC=8!WV_}g^Pvn2v-aD2oDO6 z2#*WT3a<*YiSUaEib#o&MdU?PM9f62MQlY}MLa~jM0`YoMM6d5MRG(6MM^~~MH)q# zM2190L?%QgMV3TXMVLuMk{XFhvLM-zoJh_jS5hD;loUfsC8d#aNX4Ww(j8JgshQMA zdQBQ8jgh8F^Q0vbS`;rz5akyoiAspdic&P0E;;!P};=bY`;-TW< z;xXcx;yL2Q;&;TW#hb+2#5=_M#9xTN79S9w7he!x5=Tm4C5RHd5>gTr2|Wp82}=nZ zi9m@+iA0GMi8P6e5?K<35~ULNB|0QJC01N?nyImMW8~l&Y6%lIoTklA4r4OJk*(rHRt~(!$at zX^OO-w1KpRw5_zWw2QR6w6}DSbfk2ebe43r^nK}i>0ap<(*4o{(i74P(r7Y<%tj`W z#mEL^GqMZWi|j-8CkK(E$+6@lawa*4e3e{Ct|d2;d&zy|A@Ue`f;>w`$`EA)Wh7)2 zWo%>|WL#yuWPD}(WCCTPW#VNLWYT0V%2di!%QVS!$h?*rk{OqomRXV^%1X&nWL0GK zWDR63Wo={~WPN1)Wc_82$R^6B$!5sr$>z%z$ljOjkR6d7mz|YelwFa<%Ms+b<;3I^ z<<#V~r>@g+_%Ag&u_wg>eOpB3_YEkxfxb zk*r8nG*z@zv{tlLbX4?L3{nhLj8u$P%vUT_EK_V$>{RSl>{ooPIHEYAIIp;p~8X(;I^IVd?PIV*W91t^6mg(}4;omNU!%2O&(s#K~~YF27f>Q?Gg8c-Tmnp9d+ zT2Vq%@DyGOi6TXjr)W`(DW()liVMY^;!W|R1X98&rzshfEJ^{Tl+s9Pru0(!DHD_h z$|?n~%&E++ET~LYR#SFTc2V|F_Eq**4pI(QKBAncoS~ehd{wzfxlFlSxmCGMxl_4Y zc}#gic~*H*8LJ|pBCDdPqNYMsF;j6?aaHkF@l^>_2~i1GiB`!`$x|s(sZ^;~X;bM@ z8CRKBSy4f%5>$z*ysG@F8mgwM4yul-9;!a7eyWkG396@6(^N02=BpN~R;#wE_NWf3 zPOGk};?=m-1l8o#RMd3TsA{%qUTXeo0cyc&N7O>qBGnSrlGHNPGSza_%GK_x)v7hB z^{TyA8&R87!>D7`+0@0YjqoSJ9Q^@cXeNNKlKFlB=sWoV)aV(YV{8F zZuKGcG4%y?qy}08tHG~fpkbsF9~ppi!vNs?n=4pfRm6tFfSg z(PY#lX{uj+l!s;k)GO30*1Mxutyizts@JJEtB29Y>l5_Z^ab_B^vU{)`YQTVeMfx{eJ}lB{Yd>- z{T%&D{rmd0`i=Tc`mOqX`u+NY`Xl<2`m6ek2FwN;208|M22=wl16Knt18;*6gHVG6 zgVP2@2DJtq20aF^4aN+{4W~sLt{fzLl;ALLvKSr!&t-9hIxhs zhNXt(hW8Eo4F?Rz4Hpa-4e?Y)DjSuPN}{Sz)u=jD1F93%i|R`arXHcDPz$N$)ce$0 zY8!QgI!T?SE>bZ@SR-B|VIwgkvXP>Zv5}pTgORh5yHTJ~s8O_0j8VMNX`?iwi$-^h znvB|vdW>Eh4H-=vVT}pK!p0KDQpPIA8pc}2HpY&|KE?^giN-0$`Njpt#m0Ax?;AH8 zcNz~Gj~I^|PZ&=dFB;=b7)`iM#7xL0Iwl4trY4pqwkCEaP9|O^{wC2TNhUca`6h)X zMJD%6YE4>A`b_#w7EP8+Fs5v#L{nK)iYe99!qm>x!PMO}*fi8M+%(BF&$P(2*tFWT z*>vqQg1_d5e=Yvc(tjF(wa-@m(*ytKfd6F#*5XLJe<^Lk{4x7^3vPIF#?N(*pL5Qi zbHkr=>d(2!&-t3LH~w6={W-V)Id}LuUuzfj+xmCfhh#9V{4x8N*R}m?JJ!~JKYnd} zdF{ZT^PkNj*4n47ubqQ-2yK0>PrvV5+fUp6>-&G6`p+3{|NrV7wD zK405LJMXW@|JoZNDD#Yg=pYUyBdz*kAifyO%9(->-3_ZCjgYI-%`bqP_9w zw5A=}F*N zd~t1bf3*G2-}fIJ`P+cjj%p>m%q8t=P<`-lM?%Cafo?Kt1MY-(`vDYV%@rMDrl{?D zT*xU^y4RDbyk#BQ#{5dM41P1N92z!*YJPsU4W{p7?i}2)J?!C}mC@K0ZFP~g^RCVR zuby9H!k2M%+ub?(@`=xyzDrxy72fN6%cGu?rt?j>e)@wi< zt;q4H#iYM9R~K;TIq$<|aBW4r(>2=5MeJ2x(K&$~vztX?HdSBhC1dxUJLl)kq_$!G zy>zQn7VtI^NA!+`Zo+K=l)Y$Pu#e^Yi-_pU}y(Z`Vt> zUwl0DM3V2xXWwbXZ}cxt;5?rnLQ+2`<<8HuCSi6jOrFC(0=l0E$(ac|B3&9WBf@tB;S5r_N%cU`r-o4v)-?A zmdt3B;@Lg-PM7cOF4eo7j4vgk#~#T%wHocOZs@0bb81oH)G~)~&7&*QN1ej_3jWszN&CzNy68_!^_FZcNV)wnJu&HZ{qfcE zSIJlElC0;{T2<*O8Ebi8oBvP#{~yXf>ew0e#&5Tu9Ni~b|Mb-@H_3HxT7!fR>Q!mn z|GIjXzUY!2%W%J@B2@`_vt+m3M6%R#3U``R$?>i6JTLY8$2&7QCQKghse1ghn!i7s z!|X%5gr$mzt*vZdv5|kp98%-tlUk?fN63ekXFg3Sf8^}mFNmIt>U+HR!1ph`+xIE1 zOJ|C@bIp*F%qVclX{0s0rg?N$tl)5%dV5?ALC~~(b<5T!%cs~|vQ+!)?MZ%NwdRA* zIoh{BAw+1ry_&}Pc_wp6nm(sDp}gtk!TF8X^-c)aPL1=nm*x?Bx4qol`blBtoU&&4 zXy0C4x?OboNjnY9-9EF|$~!Y2IPmPl*+n70c0=(s-LK96NB{q$|Nm$7U&H2fAn%Mn z`}g7Zn!!i!7AOy#d|vaQE3lGMrPHE(H}PT*;(+kg+7ruW6A}l%r1)MI->F^babfHG z`CY1Fw-3lpw;mEp;%XbZ=p{e2Qc<&f?8FOEQ3blo=%ZNTxZ^cGv8iU&z-7-pAC-J9 z+ggq*M#sGVcF{6Cw=Q-xWS0th!uho}y{zthS?-}LeloUDa&LfJYsBmHiJpNq z-2Q$l>EJd?EB z(R?}Q(PGc<2{cUkrKTBr8R+QplL+dnVoMRbvQU&(oGsrEbJa%6Y@^X-o0=nqTES3Ab* z4W;g$-W_kP{W*aCdxUGFrHKKYFdTkr5aRpkiFfj7eV|RW&*y$D!oFW8_{`%*;EyBz z$qN>tW2GrKbU5eCW#pxUO6qg-udTzX5h*7Z)hJ1?CVU&Bj@xmoG*0Q-eE!)kt=Woi zTmyyYA939+Lm<{-veq9~yN>sA9M8^uI2gN`liN;b_N$8Nj}LBs?PNHt{JV|I2!XVk zW&8Vw6TEJG&5C^bw5ZAJn<--bxjVZ~%?C=a^Yn?|)tFF8Y+H^(h+UC(pzJyu>h!9W zoleYF<8afG@-KayYgv@K+4Cq!)bU^YSecnol2Io1RtkT4t)sTTcju2d{@Q6+rfuAZ zxIL)av*a|MQ0ORSLATR->pVKH3bE-`i7Hu}Elk*EnqO&w_aepQu^-}l@%Nb_%FMa9 z0pFMx)8)QjeQKcaS052-LLz_4f$NXfVxT;~)^|%+?6)*nM?sv(V zWp0Acy4?rftR$}KP7oUZF@#?Z{B;pJIqdhp(ZRnTib3Re14(g(2RBx{~`&?;ct9JNUWh{}NYP7hjD&`Q(1= z(Nsae!K~7Szce85v;X%4RLwGao0ngi-pR_VEKJ&cHlgX)anP23>D!-ASNnMk4D-+F z`)v$E3=>^h;XGA&^G1`B^1j;VRZ@&v#$pbux64_W?)%=Z4Ob>6SFT6b_iS!p6IE4? zc*eF(kaSKa3oevT(k?ab~x-rU22i1^*!ftRBWciag4?Hs?a{>aDL;C|ovZ`OZ5ez}aI zc=etB$ouqD7~i3<^1M8P7xsRSq_U$qa7i19v0EQ*)=E5~(0x%Rre&h%lg#Ax*hiu@ z2^fu2rOiUKB1H%G3hL}gxSE;nv_O3uWiO-YfSPfsbs+E2w%@L~{~$xTI`^CP=OpF) zT`r~9o;mZ1{B=(7zVvyHqhl{A#5+?JbqsE$j|IabFCI1)JevHG#r5Cx`NyVa59`P| z4f%mBe9X7ZORgUN^oe(OdlNZuErv!vW7u^m4nY>Eushf8&8?+;?0WV~&#K=={2#UP zA8-FJpJ5qco2p;weoElH@R{?Z?7K0BpL1XCcg`r|oUOPWfBMukesD9dmhGpolp|c5 z>h9~5)?(EH2jcYPRHr9Rg`fIvG(aF8#+;%rr=uI|xTN24{&<*BbAYOmF(P7%6&A zIHpSXM2dVIB%SO1Ef2pk=ht0p+m}5_7~bIv5hH}FV}<+0l`Otjy!lkWuCkOT@fu5s zQu3FhwIbujIdO=&Rfd(QRaSN^uWagS%gaL^tZWm$;vKz#i@`ZUA?9qqo;>5tS9K2G z*3#Qgq$$7mnNpze4wco-oXpRrpMhnadcybc?yv8K<+Z;3w)xNP%k84i1}eAtO1!_o z?BRKNIGssLJC|$M3%k#`RU?BIhm2<41p9Q3wZ_-&FY@s>N3Zuf&@Je5_tRl-*$Nq) z-powNvCy%7x8896(!h7u(yQXHBB;mBpTGW>K0ol;Wuo?`?9hX|+X|e7WE?#(=M{c= zFKzKZ?XxJmUW3+F%%iJDdN%$dF4vs`T+$xxJNP}xj;$zu_^`B3P zCh?rpEFg$_1Zt>QTD-cu+plFY?Zl&l<^{$jzqWgLM;E2V!07B3!%xJuI1Bys@_U`z zZc`OZb#)~{A*aqpxP4XT4-Nn2&3`OM{J`HI%m2&0%f84xI%Lt80;a+Epq%WhWLfjXhf&^$etz?(67QUM~(EAALW@;Bs@X zq5UH}#_V`rf;4p5m!K)7gpG zcJ_Sk!x!duT_4=4zuK3!Zgd^n%7y(9pQOb^e^1aswg{f4;otc_VQ=KIjAEXli9NG_ z^yEi(Xgy4G8K;(A!5q~!Cav4#WxF;m5yT(A^F6qzjypa=m$G~3p+VwB$@0jouw>eM zf9{6aAJZS_`|B09{_VH3zxJ#yZ+)ot{JM6^NZI&(hlA6TBgs_8_wAb8NK_?7oK@)WPJTm!X+-* z$10A#l!P?)4VK*FvL@32cFkKmG{_c5Ubc@IWVzlOc&pS!12~Wb?v1T#E z#Xxs|wYfqLY@gbWdIBO}T1hHo%jaX=lLh9vfu-;oV0hA8nsk?5N-} zOGA_uwQlJC?rlZ?A+@SX@Mrr-+@VbIbHyotwNLy14_Z5aUecyJ_Y_sVB;D3dd-unK z(rJVLF(H|;IsEvmzMDxV)TG(flM?$XP~3H!S>r4{DjznJxehJ%P!W+;i^2oxDh~)3 zc!v_leU;FZ-3s2X=u$9)Ap?~QM zdiYvAZ{MTkTB<9yf!iza7F~tp?sZL@9d86$4J9FyNN3QSUp=2$+(;?%k{3(mFWY&I z-h9gMc!*)Xy5A*9m$7ki!dhRDKK8jPbeRQ7fAobmTH19jEiS*cOWTEL{qg$S%UXv2 zwi$`~POP&#a*yrCb!=bCn+<;3x1Iewii*b)N?bHowUF@I!|W9lT&X!M$MR#(lh z-;Hm$aFtam^B?x-Z!!3}fxYG$?;Wjg7=BJMi{n7fMc#8Id|iK_XwQKEo4H!|kR5jWpVu`FA|!?~W|B47 z+h;#s(&p<9FDVn@-@WjdAM-a|G|#RNPBPJMKf_XG@o)NGetS*ywi+!t{#`Fc+5W@6 zBRyuf+G;dB*1s}w+?$t?@qvDaPg*c)UnZip`ck~q(`Qy1VKTR3b~|$oO_qNVH0HXA zcyTwBR{`zaf}VwY1xG#NxMHiuaML|33HkV}%4TdM-3{`{o23_zkn`sjr9`dXbnf}J z@5rr%oB0v;#P+A3GkX8h0qu7cT5A4XKmSbGujlzI{{L(VZlO93x#*dxCNDtM}DM>H+>?$gixMehVmZ?7)cP2_I3kpd`BUZ69r1 zv}r9j5kJ;wFNS|E{kiblss7ylPZp5m?7P=u3!=vY@o`sTrLNuTmV98<(0)Y5%Yj!( z?bSgFj&54PKC>Swz^W8KqQ-jTR?sp<#^qtTm)+DOk-xXFHRSulqj$%I1q81l-XF?e z8-q9;Mbpv0-_5b5FBnC|~IP}OQ&VWxRa>sPsuw93wt62T!!(6dG#FB;^ z;#(}F)sgKlH325W>F=F(sBchZa}Rzk>h!Nyi(@wxx`Kiw zT~@=-nhMbiap}6RX^=Kfn%08fl?3h^Cq&Em_1=|Vj_aVWK34O8Y3xYUkzEWe6;6Kn zmy1vEW-A#yN?SQ-s+5(RA8Eezi=;k9CnR?sv#2GJSpGVBFvaHNzLJ4Y3KJ3)4q-Pg zM7$eJ|JqU0alBN-4(+|m{<}DbKxNX0r?;3|KhE@wKKqmxBt*tHz1!nkQU{&!x3&Hp+@{JH7BqTWAG@(&h}2)8L$ zuOy55BJI+6LclQ+%L+br2-{*Mb)&Ol@ypSM2W~u8?|)g3#x916i=VJEcHRz)@$q|>(EQrJw{_qn>epu$UVHpoN;pCO6NZ9d0H9Z`Mx-3tE>5e|J_LPD8(v*n0c~ zTZHXq^vy!IkPY_LA?L0l+)FzPeTQddYp+KCf9$k0YSdqyfUY7y92j3uviiq5$oX z6{bZ$-gyMUjh`2pD*H&5}Z^8wI)8zBwIaP5#2c2z$Gc}c9|9>jwL$~ z-n*2n6qJJ>;RKfa;_oNl`dD6SbB<>qg;{nydOMrRQ{}dY;0myfq|20i+Eyz1rcl16 zvHsNQ&6jsX6}Vo7<#;TROnsU-!6%?084UjY-n{?DU(vA@7WZEmue?ntnn~~z;(W(6 zDZM(u#YvDbSFLm79%t;03i?qtzT59RCQXjUDK|3fYYA%xJ4^bLY7_UY8XKDySeqFR(0|OgMmkEb!yZ$m~Eesct5+sCykD!=oi7iIzs82 z@uF#NUgc6aY8y)$`ureI+x!ya`5OapD8@dQRBK*!pTZR7;<{T#>^40P*z3Sqc-lDK z_WkWmEuZD*XdB7`Afs^r$Nx;3i}-6nurR+!Lq(*zQ9^l~7+zJ;TjfWLkRk2qm`nSL zcBHesxDu4*c#-Ye|9VaMa}D=>Yt3*N`&Kp085SxX+k!NNpm#RoCFY|IK1G)ayP&|0 zM#isl;y-NqqmMTBuYG5gzpyC?28LX$Mns7%pJc%!)%A#_FPVK#Nf_u?^no5HL*l*V z?3E^ZHzaGH`DqHK+%hdi43+Qc-5Y56T*6UU8^3}FLEEInc$#Kqn~wy-PB%3q-h8Va z$o^g_{2oASD1CwWy|Qo0+kdw0e{fU|kby!H{n5PFK+IptzWz&&AlSEA?p>9zEmHwI z$Pvg7ycO}kIYFD3ZgG~&Nkj{}u-?9r#}B~doF@XvDD32FP;KE;WfQwXktrN!(rvn7 zvMpri&4Rm!$fG#pA@E2;=SQ=_fR2bZ!(kcF<_q1=tkyrPZ z9AREj^ziYM=c?tvSZ1q;FVn23)gXgUp|R4oo-c7;+vA;UOWbTpsF2e_oS%7ltIHzH zeTXDkQxbPQkDhBDgsNxPM0}`+wJEVBaOfBn!FT)uYUC%!8{AzCln3y)spxP&`x#hw zI<~vJqw_Cy_-_PZfR(iw>J(@lL7z;nx{*|`R0rvzjeZ0`cUm02#ROw6ww?72)kfpz zt8Ms&+XEm5vm?|z?HzFbEvmZctHB|4^n#Rn8epHVoIzhUJJC>s>0?;Uu{cFrX{AQ@ zJ<~*G=V#mbCm8C_CureuhM{jL%6{ta`@Q_{b&DMOfC}XwHdbY%d=VY&f4Bc%0|bc5 zOxeraT*=tV;@DJWkwTEt+9c~#$;h1H$(}kP;9+lG0gIQMk~gJdbUX+DGGv?M?etkL z3-o!{!Sl~mxEUM?j}Q8!7E6%awAa~K-=6ESQnRch=RO%A!`?(b_s6~z{3TP!T;%x9 zc=Nub#`@pd)!*-Xedqk!^~`aPagXc|zie5U(s}6r%eg&unbi%Ih-n%mzz+lD<<*Y^HMr30u`fC!!TQHUlNDG2EtLh0u!cU%cSJx9=Q__wyS;3Prx|YP^~S@S#~po% z88d(S^N)VxN9h-TR0ac%^+c_E6}tZa%JKI-zfI6#0l})nc&jj@af{W##+$1hiwN__ zP=>jBps9P5x;=%2J=mQ-OsqiL*?Y^y$aKWwjhJ^x*csGCQWA}+p6HNvk;LE)pZf7y z+rjR1^|)Pa(c0HL6da((VtnN z$O_*sO43Ls?GH?tt^9Gl_%7FX|Dh>JW1P?b;Xk?*=9H8^{(naJx%Hb|!b~7{^+NND z71A`dbQfdtPs-@!FlH1cPixgw*7Ow~Z<-3Fe)u*NSk*4Y_<=#-%v~v@=7|#{cyp*$ zn(BN+E*`M#`y!qb!gk{}Ru9yE-eW#?$RNZ*^;hq@^D|z1su1!F=H;vThhk((^gphH-{pe8`)9$}|6#91g6vuMb0Q)C zpOXAJ_M2QF(l8e@D|0tnGq+QZHMe(`&#}zR*22te!_0cDvaOPF+#9m3L=>NwUMWKR zj)xuNbZ^%P)vX9Un0qAXaI!HXOO+uPk-)pGjBvdHe&!=wDK^g4iZ>^hk;tHhTyCd_ z4pk4x4(lL)zR}E6gFWPY+=n@d@bt(K@%^7dsU+Ii)On5!RHLnzxv_s@i^vT8SRt! zBRJlY90G*v$M0rfbd}yE`=IMa=Rfh+3OUtI1~5hOVksr#w7LYZMeaTvTbio)aB{j@o31MZDr z!9MfGhhgn0^PjrnxRc-Du7LUfp@;tz`KOj82shC88`8uTGO0{Cq>YtsWC)iwsZCcI z-60KPS#$sF2~ow?bLf#2KO6haAww05c~se@)S)=ksp`A29G|F%BATx+@%&UmDrB}o z10T=!&rPS%n7`0UNH?;TQz)8s#zXadZp2AgGYQj5fsKaJrps$yoVjQ?b_7R3ax>t7 zw{nakuHh&b8P<4Eps^QCyxzUHVah>hL;bw1L%d?QXp|vIyz$o6l4q@Cy&HBb=_ zJbFDb>|r-ONSOHTcQ?JH5`Op}%AE?ow{^e&{|I+uqkjtjya_UU`ZOOQ|Jmwzhl2++ z7H}jjwZGkAj123cv-SSrk1^Wo)`W7~&AUmg-^ZW7hwpj)7X7uGc)k8x+P_=;`6<@l zPyc!B52B#$O;y~<#~VNM`rc3bm%M(<_sT!+C%`?if6D#$qyI@8zwi9P z;d?fJ6_9>7^>>@?oO_GTWRnp!Tovm5uRK4n(Jw_jF)3>3RuY-B}I!d zZ)u%2H_dcnnh%P5;>LDzo{I~aWjr&+oHi!@nTKY=Ck1N3EQ71x=AnHj{-1dKJns)~ zh@Ps}wr`ZRy%cxoWPM6J5p+}!{VShW@}#rvwR8EJG;BeYc9`ChdX!B#MtOVV7=C+> z7fdGNPOQ|wQ1%n=UwM32psMbuG01& z_PUSXFX#WtI~jf4{$kt1g23W@u9}CvrQ^~nZofYINWUFB265;df9K&oW&} zv-%_nK@NHCQR1B-?huS2y_A7{+i0>MX%HS`RkU)obZ`G`iD>ftZr~Lj6Z=!$rYw@M}%*);4CVn&c z_{^XfCp(@K(s2qRDk5}=M}&6D?mk*@u2*zS>bobdOhTTw>zDqj?G#^hY&N8%MGu*3 zrhbh#e)eun3C5(>Ib9sKe*XpgHX7z#)YzN)L0|PjI%x^UtAN__`Z>zQ{&(6efF$^E|cep=6r{9TH(RrlO%Lr-t?4S5KMss=Q)fg6>#uFe1 zK9f)@{9%XxR-S*t`)7Gw%;*fem?q`&Z_Emv`4HS{Ta&iB${8ietyTj-HygB&d0)49 z+dr(=I+LJRahn=SmcJD4@+@znefly%jR76%i2k`vARAY=t)CakqL`?VuVvG_Ij#{( z;L+=^huY-*E&r7Nzm!CLWS};A2`%rLlgtRB0SikL&v`uyO z39WMfEdwS0GJ;xML&aIp`>jv50z7rOh3x3ZTTiFWaF8oPZi|l+4_%9WLXoSLV1tq~ zubYHFmf?g7T146}3J9^Ks8qjr&-`U5{0UcpytO^msIQ*)qL#-XaV@YIq)6xHuo<%^{aa&K3r3Mb40=hR!-F3xCE8=T*~tMNXCOu z0@z?*quR*B4f-y4SiDEKzhzZFA?lVYZdMIs<$7q8}piI>EvZLzU-rwB*LhS5bzcCz$RvB%Gr} zz6y|1;Qq7)S=2jAGE7DBV;#j+qk{QO)SI!^XA$PhSOG&g@+#l(o+?>N z0qOp)(Y7X(vB=zRhQw%I-*(;N;3Zq>-+h&}gi$CQ_C5J)C`+S{(26fH%Ew%_K61GD zC5dZ$5)SZ$AH2(jeSagC467mAQI$a9+NzzUK~42<_}{B9!GHKy$!uob%tlv~z^Ao0 zto>IogG@1R-}a9oPZ(zmIIzMx`pBjO={*+0Z-!pdtmXNyQ3c#G(g*g0P?Z>{X>dy% zdNAcNM;Y)$EU`E~DJ7NZP9B_%;XB7fEn*WI*i18SqTkWgDkA583D2lZ#!wCZ(RDGF~l+u^b(;kqXjHEPvGde)aSoBQ= z+GB_Sg?kb<@gDs-sPgLw$rMxI2!$Hr_?4oHKdSr~0INGaTN9QVm{AN^{_x+w%O3ae zxzC>8yc?U&Me#3c?XcrlEP^+eiBAy`1|)9ALH%dB*bxoi6J1vV%; z>&)=yKQD1FoJi(2In6uJU$Td;!7HIiy@+R@)>f7tPdP3}$?Z#gY!h6%*eJ(@Q;W&g z_JH|e#vAbP##9np!N5r@&raRo$%*5*lME&UTyau-KrUsaDG6Puf2@Ox*>fDRJO!3+#RR|i$sklg>zDxiRxEJ#& zxA%aSSpCS7=a7JIxtY5lsw<$Nf@DZN6%0V12EOt98~|uXvwk|kw7eI;=OH0aY04(> zDNrvSFn|Rr`$ku|S!RK}5VsaJ+9aTLhJ2InJPY_1e`ug-CIl1~EzP)XUjsDIIN$vF zmF~rNrgNs4WefyRbn%pf@N0W#|d`w1cOGuywWuz#& z*acX~i(o6xtOFh)URs3p-#te#&2kB~xeBOS3|wXp^8ss`tpfBn_&_0Nm>^gW`Cfd# zudJlBRnx%9n64)}lPFNv!g*THy#SEOcOvN`4g#;P`@Z=|xdEa?7oD%Pu>pmartpb? zL?D1OVxAe?buYdFiv3fjlsX^}&T@=)qYRi1mbeT;#07$jUy-z$VgXqdy6agq?tp#! zu(?eWDZnUKSu{f+16ZOPPCd+Bx)=ZLUQMjGP%ssR$YEQC!&ZMnS+P5uFD+1r8WF z5w~yHYXa1P_Zv8B#DLxr5|3Ob3ut&tDjvSs2X0NE4Co1Gff)!49+&AG6ffMpm;ZmLTK|?LmE&1k3e!}8e$OE4GkPk3l|LhsM>z~IUs=i4 zYJCLsD(6UM--iINt++i_9}@#TNzvCIgkA#lC>u=JTI~1oH=Qdflas^+cvt-jWv3^A z(Cyc$)X&#}<#+>L)lO4DEUAJJ!SDhomx@GC>DdQf4}N@)j@u1Hc3|UaKZm#%e=o%; zR?Wo&fQ(tb#HkJiULdI!#zTJrSW8<(tx`V%jOf(c{!X;OAwAfNr=$e{&{iTReZBy| z%Vl(Oy|H`ouP+$3)Fl#ucxDozVcJsQN?BF(<#a4CZp3~KXaoYpX2r1>Ph)_Xohd&2 z98#bLGdY_$svOvycJDx(nYj1Ul zf{_~+FMuakSQ8y~Dfi-AwX{o2K#KrI`TbEt;)wtQqt9bK&0~P!)qXiIelsuvM<$M; z2MIWzdN?c|QUgBn^t1+AEThaoO|(~4i>2_*=Yk54tfG2%96m*+-T(+!X;o1 zPRE11qYJ=Zec8C~%>>lhf-A`@nSr>hAPejbap16?)h^Vu_g;Kx%X6~f8y+A@fxu)s zSsb94Ns&L%odckx9V3Q(sezKts;!TB4#0RN?{T%W1Atksp=Q>N4rtt%Wx}T1-@b|$ zk3NOkLjf3cD_A+)>49YY6z&X?WT5eZjxV*R3UEfEEfm*B1^fjK9~jPO z0~O|3Z>C(;zw+zTEK%$dC`vyD-5<#2iu?D8{J!4cq3j%z$I+wR_kpSm) zwyquf3jjY|UVq~_xvH@t8$r{3jZh*-P7t`Yt8~`eLM}`Oi>R$ZR7d~(B<#z!1uH>@QT^%5O z?~q3-)*aBR>E!c(ashh2zBBX|X91!>DC*Cws)5lIUwB)r1OVAbrU~Wz?i1|y)Z!?} zNQemVaIi4YP>|re!Mfi%Grtc}{Bh>b-pcQ>yM#Z%{*wNG{CU?uNc|s*q;{lDKH++K zl*773AK(LaKM>3}UR`TC6BnjiJQ&5YK2~gfY$5n=a9EGoTAg*67BdUQTWV`PHr)^R zW=VKi{!fbe3y#J!7_rql>+!yXre!5OlGJnLb}S5*~c@)H$HA6e)vak>vbq&ebqzkHv1=jO8x zpIi1TJGY+jamKVubG@0}bY~w?7VRacepX*ZVD+LfC7q4$v|NfiC6i%smsu$2HMzuH z4gH^kAIBq_q>Njqo8|cZ=EtCS#VPJiYDEh3)u~D1hEEEV0o}f zGl=ORVA6Km)9D(0IhIB;=b&!oL|Y6r+4Pw_R`hym46Q1Y z8p(#abSt`eIXB}r{x*A6Au|Rfcmc0iw;dU5;`s1Be9)ZE)$Ks+3WdHS(t7ZacY+B2 zQP9!X+)beeRZrY?x1O@$Ixk`M4?KA%N_9hb5VC6nXuMpDhx2ORp4oD`-n*1Cp+bf{nw#6+pU`E5%2=7u^m z%y5KsmtcAG`|$ZAz0Dz`kLaymfgxZS7hGm;dh2}jLzv5E`<>jf+~g`6$?8lEJM&+W zB=FcTzPJobQqJdwolYZOv-(G3_R_6Nf?MP< z*qxMGq}uOWpK~3Ot@j~*c5Ggw4K=)~h*y;TaC0Ai>4#4*QEk{<@(U?K+H~g2J#T4G ziXd3fa91GumKtUWM9;tz^yN8mSU3(czSavIIjl3zN=Hu+ubPn6LS<1!?!#a8c!czz z=3%O|OBXrIT!k4oN4eFdm=rvI?rCr}MQk-aUJmg|#TIlLidPim3S^tb$;8bN9=geE zK3Q48hiw=4;s58_<9|O@L{kf!Buk6?-Mpy|2Tnciv?Cn_i?u0nL^(;hp!KpJ=w*f_ z-9w~tw1Y^m(DAn}`vqTMAdld($vEDTYkYdPb|3#(Vl-E-VyPk_(11$?@v9Apja+PQ zgmCo&_X0FC1#KxoPI(#6=}m-8+a(;8N?RjAAEU)fNQ$ogh_+39G4!qb@B>)#DdBc5 z&YQNuLKt02dg^@-i#$_>JK;&J@TuzpVEpyFH-|-nw3eZyR(Fxl!r4p`(BxlMJxhA{ z@LS9rqUC+~G>m7by1g53xR0)-!q{c9D9|52KB6}|#^UI;Q`1+DtW9PjDa|?Wwseb@ z31wX!YE9IF#i3ew{5h(^BDhTz@;>~j8uw&6J9tFVF557p*8KCQ9YgOVixm{y0{v<| zryHRArzJK=-&FUZz`XR8j%=QD*fK*$mGlvgth7PCwiVaD47@7J z)37LeDq(hc#M-;Vna}AmePReb)2tnsIb}SRoRUQe{IsP@TOitP(-ke}m89F^`Vm8i z7!OYZZySo+V;dS0<34B&82j3i;QvkbReHh%1Q=H;aS!;kU1(ifj(2ZMftPTOsTPUQuo+kYqcd zkivn48D-C_M$9B*-p-ami9F$vF*@U{L-mwP(J(Wv@>#`!i3-%j_%SW%-xkFFYz|V2 z+6ig5x)J59!~^v(Xtsm=!SRj;t57Kb6*E=OQ;=cE>$xP^;B2A~&TC72^wl_#gMB(t zz4hU;>_N}___uu;BTWvHBiFXr^h`kXJKijDwMPj@D$s6a&3pf1i)>SO8h=n`Zdu+M zw_7M_??zUpH0q3;+2#Gyk<#vjvwQu&#*NH@U3z6#gG6T~hk3*oBgDRWeUzjc=B1OS zw+i7ZAKQn1`yuUIIc#sZU6SHx=odG|Z_^kH!q6MZX?aGbxsv~mmP+z$FvL@4P;A$Kz*EpVNj-~!y*#o2&w`U2G7d^-K z;XlY4M{$!&j@B<@M148v#;H~!FnQ6bl3$NX#9BZ4nINK$44}jXy%hb3So&pT1&WNu zYU>+Ojgluh7RxsbszpOeT`q|2>#X~`6cbgQ&!-%-*^78 z{`UK}z>oF9KW+c>Aj~hA|7G-l8{z*W?~wbqRlxrz63m)cJD7caK{o~QT87`~AlQ~; zE*L%00Qa*zlg!q6ke>9*20mG9V3HQzS7JvV6pt>^LoKQeicO=x^x!B2LqgU<$ASR~=>Y)ddEsG2&4mrRuiX5%N`Ipr)>L}o40h}xehfi=2$Zch^Ie;r0EMw< z#-vFFAg``-^eo#ekeqWX?Nw_NIFZ}Wq;r`cc2>4g~9Kv-E!S&5MPF>~sKv&42y93QbV7Fs*5=IabtVBC* zm>FmaAU!gEcOrjxf7ANgc=Dr{00Y&OOY+$mMEx$bw^O$eMCQyTYFJ_@xMjYA@-*n| zZ<9+_B_x3tF&#AXEYmwr#0VIpfd{wn?m{3D)L19aegG1z4OrmX93c$5Ew)Fo&cGQQ zR{n4fhv0E}>~e&|cChKUu?Z4XIMB`$8O5OPLDq zjMQzfLm^JzLZ$8MnL$iY`0cB@?10d9v4XVO#lX*UMr4wMjQ~Zx?IG=m1khCBHT>i7 zB?!-gy;d~RD)0?D^wmemQIOxtDH^VDA^_@k&J!qd2auXmPrAvQ!G_PCjIRjkfR*K| zgt3qYKp6_$p_H#n04%OkpB39E5NHSr%N;=nqR`;8*|_5M-)67oM@ZJUiL)Tfi^wl$jv++O8im7JPaya_f~W-*VFD!J6gteO-wvjSrlHR>=>@BeT(oV%ID^!b zZ0g%!0zoRwiw3qYQ$b7)6m2fUYv7VsN^-QVvp^qnD;^mqC5TGP0`kk(Eg<)k|Hla$ z83<(hwF09BJunKlPr1tuHPFm}u}yRM_l*y6@jOrKB{6_}*bw5Jif^{4iVRFDcQ8pDkN|wDT7rtg<>CtTXh6%JF?9o$u%N|VZ_2WOc;Jf+v@NDPH#mj+ z@+G@c3Rv$QdAbxX`QK(Qgd<8k?nn&a3*p;+TWnI$Fk9KCmmLJqF!Qn9N_6J#0gK0M zdF{_3Y6pWrhJsHZ#27X*kQ<#r(!|7EE060TYCx^U9FVU;5|*C?F*$?4D6D?St)(#l z_F-oe39$iqf(V+(T5}ilmMQ-_1gaSv#Eo|Cz9R(^K2^$c8P)=X>vA7K-rQXe5~<$~ z7e)MSaygSxy`8|J0S%K@V{0a~0dJs0>*Z3oAv6q^Xf3mqfRd_wd%TMXh&{2qU70s& zAj#Re%b`hepzh?Gazyld0GxQ#`kD*_;LdsYfW}!3g4JBdjI&7*EN&uosZf6kRweF8 zzPN=41Z$@AM~u}Wf;!~sHy%I%HXF#(S-$XK_*N?JDP9@Cj~FM6d&c+glWQ$p%Y5|_ zsKrlB55?yZcoqH`9ds2YPzXOI*^+w%HlqqeZ~it6wvlrGz?b+9?8L|--_#NeLDvYO zY*J+fqCp;>P7!ztip!;BUlfA|t#@aRzs4H?&8MioxZWuTRTeN1hp6v^j+U+DCsxV8 zPoPIAj{PSf3Mo&@P!cIY!6!$$r$KMQ@H`&APzw=%TYcC=!Mjz@b_fi|sHK%$r$Ho= z6p2WTb$}kg;9ZanB0#LUV$<@?3__43pQX9RV*n;*RU#$JufZ1W2u^-SgAnPp7)&7Z9IpM%9ICKF#VYJfK?Tx;j?TObCL8S;it*?`ak zwYYDE?BFPTU9}CETClvK_NG|>!@o@~Rg%*WCvIX89>)CxrzMcu;4W7>Rj=X|kvX}adg*FG#>a30B>?i=LiN_EXNDu`N z5WI6*ItL)eRA(#2ay1}0>?Jqr`CP$!-Ef{s5PA@a6d(+~W<)SeFVea>_frsqStR7+ zN88{Snoi(U!SrvFi?YF&E%N9iFp2k0(#$v(cpK-A`MCZg05|64`VdDJSP-4gd!U>N znk!jryu!5wVX9F$>$eI)q<>VJr~` zSn_Rx4s$(FDqx`jl#Wqn)PxxbcvOerB&a~pfqjci>dHRISZpUN7Y7$2;DY8TL{#W+ zD_?Bg$kr^XAYU@+>M{V=@X1O)T) z*VIXsJIxnd+U|t5IiPN`5ks#z|cf6T`D%rpsx(lP;ez$ zfI3nzB0xq3gzh+s=WcxhziIA#4c{FBLRDQ9df3JZ7T$?nR!-jHYu^_QsUHzRv6~OONgSM-P zD;Omce!W*q56G?h!g%*hI8c}1-7Ue*IdH8FSwS^i420TglWMrM5?EtPCll3&4Fs5J z53JM~Wkp)kVA!mCnVGN4?K=UhB#N!VpngIfnF`z+L)bELevQ}-23%&?Ko6MrVXM?u z-^Sm^B#0r^RJb^|llJTsD2N@vqkb(dokq0Ast`Iha#k;RJ-8xskV-FpG;!e=Y=p%y zHoH2C<#wdNGTaL4onLGbuaV|mrT^lxemp7_qd05)Gsqo{@ z9K4us89g!{C zg1var+~%R(574&Nz7ok%#M$+`3KbP{4J> zGHY;4V;<%o5<16cnC!mkn@?85k!=i@b;? zp&E!JRZj6f_JjM(AZ<+E^&aV?eTbzwJMx3HELDL|O--7$Daxhp!Onh*$ZheouI$TW z3@-6OE*9ubgAl7=7Aw^V^CWe z3SK^SsUJUtt7o2{c>n%*Xqy|8JtO;r9+Vd}3CpAx+5LPCXJaAI2v+$TtQ%k5d#@q& zh1eUz3X}71NM)_)5lw2?xgSnrZDhKP=;*@4@ISRsSfN*TJ3F!?WXSqj*!$R0P$Mr_ zKX632l@iN)ldiltL_F&<-vBI?O--4Rf4%C+Sn7x#3oT)9<{s~5F%pDBHS(}3h|`w+ z#jK!$E0S%t8119;!Ow;dnXecaNxjZ{2c@eNJ}bUbTYecXDY^Lo+_Ul1{x95En)LiDx=iuoBkMS1+F6zG~@TF zyUexyn&HrB7SB)BI%AT(VEqYqSjtumIbAC!Jt_LvE>HYIwz_+9Q7;cvi%O)QWBZdm zTEzGe4BH)P6cxdxbu3z}@3nD_(W}KU%H)r=Q+>1a?1+XA65YA=&1Ye&kDssQVYm9n zB&~W+8KhrDW;^Ibz%|qYi5i!+v-UkBJdHA29SC5fvq7tBT|Iw|L?rIimi?uAEHI^mRI&u0frRF{+0yfHA{}S5nY29Y%Up3X@%U^* zZ+9-s)JVJ~9vT{qw8tWE(^x9;$*NzP%2!Luz04c(?ByPsIO^uTdZ$zqO*PU44~fqh z{eE03y%m~3(e<5BK6m=#Y4ZsuLIcI&CrDxux2ooryr)ZRSWM#Ur@XUB2B*B47RRyG zVON!BT`|eeSzgHn+-yuy8EmEH;wREyfzuGLceXE{hBJO{Emc_#Lvt| zY){Nk)G!`~f%h$>z26Ln)JLkDzUhK1MXVJ4W?`|-y5AnlO&io@wKp!VK{X1e>he&) zP2K?Ryvvxe6D(p=`H?r*8-wWeyUgH(yq;Hu1IaPwu6fST+9v!=v!7-I`yJ2U=^_AL z*NOIF_Jo7EjTFghym>6ny=N{+>WHYCFOPkD=KO*&uWQ}-NljK5T>7dz_Sl4C5r|jw zghLTb28yk=qT@l_rsGN;Du_(H%%`5D)@ZL+$j&^gql`esw6*EPMH3o&e16@~c+DdT zJ$CBqW2l2G@SS{8<2I(2?A$p+$<1%JR?%;0F+T>%CH3SeE;Y2lKcRSKJNqCDL81nB zIJ(@z2HrhOZQfC-h5b|G3C20UY|%&+LsEGME3mCW$Sce8V^^S z_)m($0V5H^w;H=`#4O;3?w1f#x6E|2HszKzm=_;y5I27cOt_< za<*!|EqR~8tQk8IT+%Gt>7U`>kv}Eeu9*{_JXtK3gm8^1 z(}9^x8e9Y=%iX6W+nzsU>IYN zG>|nSp@OlmS(vwXBpK#<_+VgH-Vih+509D_XQY#tJ6-Wk{Dp5HgY5ac;VJb;nk?=; zUQ*%U?HhzsP#Nvc2c5V2y{`%$Ef1=`jAJZjlF?l15V^U~9*)Q`@g%?9@G;XEeWO5k z_#l-%{R4(UJVF&9&F9k;vHYRv5ZWh_>{{SJ{=zvtth%+^KS0w3D!y#0HW{aaZzd!I z%Ox`Uzt(#V6!!`qK(X&S7Rbt$sYP(l(-`kXUS)6Fy{~Tr~M!oblO4Tdhxr#@|z{ z5MbNcBqJoV02+Sc>I;zscpfZ)wroD~8@Rc&9;t)ky{}klPc22sy8{rbpLed?xXwe6gFeBfsWg#+lWyj0L!eH_K|M)17{T8`W0MAp|)gBq7 zh^OAG!jPa3yzxSnOHTikw4q%v#~!jA7vcxL zFv%Zrv7#kLI_gn8lq}FoE~5&qE-J?@mM(V+U;EO|)D0t{)-Jt>@Xu;Z%@ECB^PJlg z<9&OZ_EcEenzli`3{&uv2z`PzoLmR@ndwP4#j0@D=wBjqoi3`IcTir48zXC@!kNnc?5Ws6 zVwXUM{#0pS(M}XYLIs-{Qw%frwn-I!r;s0}{{cF&l09P`-?PQ?FJn!rl|f2kBAU}L zFO@%_RmExx=jeN@o-rsg$lHu}k)PXBwJY{f>~5k&Hu|DYtdBXwb(EMIt&4Uo_*Qb@ zJj!=J;M+<`*%Yu-#SKzpT0d`$B45+qgK2%W%iNC9Cnklwg*3}lTPPX4t20N7oztCC zy;)sAnH84px;ucq>ThB7q2uUKW?umGl^nw}##d0NE6(arEoI=4uu&8+zz7iuwlaRB z=puzE&_Hwef>66-U|yQ|pfYr30aTh=li#8JLJpSB1|q;MF^Fnlz;m6YkDpqbvsZod z29L9x;CdM?5c+-e2P>vDmUhjoQkt0qxOy57!*@u~66zq&^j;Q<*WDCuAfTs5boyK1 zX5m-B=Airq^$Jqo!1KkZ&%W=L?I(sHVoda%^qKIg1dO`yc38`Bj6M049WMAU^;_uG zUSkP~o2w;DK8B7h5!0EF`(!z4JW}*=93bZK9?jjPd^T9CJR6DknpOtVT=*g4MsUvN z*5jg&SCQ^#?knD)Q$@2V&r7j1NuwMbyT~0X3xY4bQxQTOq*ts>T=?coarO`opW8PL z$sm3ja78|AWPe#scUwl1qu7I%TBa!93<=-G@^z&V4ipIa9#X~+cgvh3SYEK0*i2Ou zzGm20`DDoPf;}j`Kve3vW%||(&e_FhB=%3c{%XA9xs9UJX2GWK4rge?{Cn|`5*Slo zy6&^D79MNt7%qIaW6g~qYRmV;La*jp<*sN#id|-DloS54OyB@*vA61Evb!N2kajCR z3%5|pe*3||dX?}zn|bPE-A=6HH$Wl-OfeXkz~a`K5~Fq%$d+#m)8NL>IS%RV@GL+s zkf}bcbODJpAE%pUOAfkB zVZ7P#M>FMp5m^2vuHM=y?o3+PBPSo#-$61MS(M0}nr4E=GhndWSmoBJwEo?JZ%t;| z+x$k!$5;j9VswPeWwt!G9bx{SwYO{@9EY3s)tr?RuC^2=<((O@0|N zwZKq5a9|tE$l%X6Zt3HlSPpi!;OP9>ooUSFvUbsr2XY9y@3GCTaQCfM`F zkoi6c24=tFR#}CTMT)MjW}Urk9Dfo!=7;Y59`fQ^fTwq_hbHuZ;F$UNTtG1Q*tzLy zVVq4~AOV)hLg^rduYc2UhiKELs=%h2b4Rg)Qe?B~i&1C^jjodpb-C^I7o}K6*Rh88 z(^v?^>!>6wfdu1dPyO;{x!;Q}1~|xn2y6+PczHYSWHO6vgAfs6>@muZYnNMA!Yg6? zkkX#=+TDP0N+xlQ*G>#R?WPclkUqY$BDr^;4zegPoP&5ZEs%1k`~&lpVBxdl1^5@x z-l&>ehi_-#>tajv2vYddJYuUK)D#)7bsvBuk=`?7E;%mUJtybx8vlX=R)@2S^{g5h zC%rqK+P^fm=ZWEq0F0b21|wS!&lv7fqL#7?RwnuetpKcCX4B*R8DYvyqDGVw)#VMk znfc%dOlj7=XwK9yR;=MiU%wGOrpQQMJJ}vgIxfFa(+Q4Vy#}e>Mq#{t&wwSgT9sC_tbTvMy%gS4RWkH<*sZ=!$f#fMO_ghw=t% z7$QKz@d^ZVU&GWbtXIkE{Bi4=KqKtLRf5;LPwaMkiec?pvtUYZ?IuZd65}nAOMi_X z;#pd7{8?I8;tsqm?cUV!a=0dW>$xN=JqcC5&9jX7zYApDJU#nl zH}qmPZ!NY_F&Oh&d-LU-*T)OJ)enhg>>z8e{R~uNVC-jHbC1jU<-%FAP^-q7KblW- zxP`o@qtz44_*r%##Rap$fK)2MPSj*m{{BT1XkG+|y?==>Sh4<&e_1n<)#dTa=&+xg zQ=RGz+nAe$NzXJ}48}Y_q*gpwUblsT)GZqP5r-F2ZhpK!$%|VM1z4cxN627;+gMFa zdn$zMMzAnB<89^Idzwmwj{N=i6P`NnGN`*6NiT3&0NBbktX<6BkeG7yll47hofb|HGLtoUJHyzo13xUOB$|vYi)=v>{2YPK2@j=3ssbawjTSivJ#JeF05|__2jlv)`aR5<_ z>0DZ-v|10{EggsKY>Vfjn|})*C0{B!&NPHdB5%a?C1HPpCcs`)NZh_6YTR7Av7leB zC6Bqe{4Z#e*3;MJk?4N{GI(~Na~FL}@nPNHz_XWx_()HTD!}f-_aWw1H}rE=sz|vd z7(k*Ez;cC$V@0zA9E3qSW$G(Opn#gj3MVci^!8L9^(AcyG?AtMkIP7=0Dn@pY22)b zPPEL0;y2)R1yax5P~?e#7#a5uhp5Sxs%hiLAJ}ZAbQ+T;7vfIPLH+DtHpsHO3mA@p zB;{@IriXad=TXcd4-w^-ov7pGwZb=0|D9qMw?sJV#8?Jk;wYjPa z;2rU_Vb}8S)SK2adk?mVLUCuVh$H8rH?(1t6^yP5SBXbGAKG!4f4~@#hIryN_ITR+ zHLM*};XyW!b6@1zz&f#%XBP>~39MvL2K_*V#wj<&CvkQn?~Y6@4Fpmx_@vPV8RqMFf0CJJJ|=lws(1MEc0R`Ka;PswL;uj#dGzM~hF|DD3xB0OmbM4h?4HxI&@D7G)=_9V`JL=x3CHRF6&|A=ec`|@=K8NHKc za-ua$tL3nAXV0qc^#Ndu9e|ZvdE|VLa@v9WK`QMaO6CFVPt;s!pRG{;r_9~gKK++1 z3}n&|M)~xD>n0Q=Iv}WyYAoN;7gWM5@;eQ+vL+NMx4LYF13B*X1g<9ihq~mx0?d}S zoYoJ51_T%qQ-$dg0%^kEr3so37W#j0W*3&tyfe)M#iKBHy5#L$Hiie=T~%X@dA!q{ z{0<<)ru|;y?;COF2ppb z2bS%UhO+?E9PAYCVUqWz7VSxfYQ|#_j}$(ihW`A``|Pu)0Ku30Eb+oHaXg!(&WL2$ z=}!bLM!}$hfiBfkOX=y61Jm8Mgb5mSu}FKXfPXR5C)5=V>>g)i8rvQGjgniO)L&i9 zlQE-oHa*pq$*zz93G6{GFfeGa?aZKfB9NBJ`!ZPq9olFOxYGMF48f*B^V&v{*Pv+c z8#$p1t~yJ1jbo*_#@D0^h`k5%91%5u8OOadz`nzXh&y}vsb0{=g}kn4J?j}c8J&u_ z!{ZK%#7GA)Ex|^o2YkE+b@NwkZhS*X{2Hn1&xaM)TP0Gw!3YHHq-`P@C)-B3&_gYa zbz;q)5Sw*TCt66zb$S=%oJn7|ussaHc^(?3PuKisp#aljz^D%obxeozP08)wgZV73 zDH>ykjWlsX_|nKJbP*R+ToL9M>3U<6<-_te+9#iSwGZL~+GFEb>ic3s?C ztdSU5BLUpUx^fyy|5JqDVqxM1nO`P5=HErYI;Y!Hts68yidtfOgUo5dj)@WDI)Wz} z*C1i(RipW|kI!|O|0DQHfSW2rT~|*cBY7sq?4CPK9I@T!p!*`)kzu9;Y)vw7qZe&A zUbfQ^msjINFz}d+?Hq6-WWMWU!yMK#cTrt`G{YvS&bdTZ)ksyMRjuI0fTtirgdJq3 z3Sb6-F@fwj6hlBu-Uns+opS;{%-9vR5VFtMDBWgY8@>LXoRLMa)AS!4qTfqhLemF! z)funlUxW}yRQGfDyU{+dlxe*+ghs_oW8)pI*~%c~0Q@8LEZvqcpnz@C?$Qa{q~{Cv z*Y_d@mYr6A^eM-da@SvyPjG%I)N;G`48bJnOEDpdp{~VU4U)+Pr{k#ji^WgAeHbU4=w*g#s26W2tFMk**}Qq1OQ8)UW@->!n8ee78NxQcyc( zAs-gzaSB+xq*wfOHB%D2;oTLGz^d1D(XvN-O9Wk^^XS-eKHu?y;}E?fIW8 zZ;Jk4Hx(Ae7!z!4@W1AkdU4RA4iE%-P0pp_3!6@nq0hym*jM8wR}(9{D#PrT5#5Nc zF@JvzZ2msG{TdCj6*)jya3-n-%}1Bqr)kM|A{E$Gc!!myyehMZQ8=QWiJcq_c8em} zH`*9nn-RP3$Hm+B8OR$Ae_N2|2TM40NQTX*JE{xC$KYL%!uvqZuu>T#dUFPZa3&)FaoU{u3CWTUObe|?H)=)a8QXz&#nN^$wV4i$0Jc5t(=kr{BkwcK# zYiaZWho~15>)@Y6n(g90y*54X63TfVLf)l*K5WC|p7%EY&9#_; z_xa6LU0#!#t{F;J3xQ&+#%WH} zI~?ebibWmKoqtA)d})qb>K`R?_q<=X#l5rauI2E5h%qzD8Zn{p8UIOLzHem6<*E}b zSb&+~Am|dR+myYl_Zss+k7IWH9jNsaAHYxRtnTrFT|y6UUIJhxHpp-jb=THsONj;O z1DLi5CIN#c1^m*$&k~X_Ksh~>ro!RSAHt9-8Ft+9Hxuy*vX~OTmj+(U@1A3wAuwm# z%WsSxxE8?)(Ba)YGu0v2)nb?cfP$gZTccMq45ZDXdON7|CxtNh_D<)D zwQH?yE`b`6DqCzl^ig0a-q^&J`9aLwOHSh93cxNg=d*=mZs!uw`1n#BciSXBO>Hkq zXhH7dNKsYUA$^r$acnBF&4UtS8D!y5E`q2(zjMrHF=I<5_BhPwuCAx=I{o=JJ7WH@ zdBC6H{UbY6ChvlTm7rv96D3#)n{hYxBQ6x7wwBe;6br0cGsdc>Uez54^S$VxhAP25 z0C}CbU(_@%_d3HB_BHGd5kTtM3r?fn!CSl%9GOP0Ny&s|XhOM{jMJ5^6Jm8-P8wDT zMu~rO@~)(mp0;=#H^!88_2Zs*=@qn;9H+_vq?%&%_TA=rn0ldg{y5APfR)ikBgi+D@MhK6v zA26RTg!!v{im!vKUcb~aqiQOD0lLp}(&M13gS-k>Cv|H&4u>bR7f@AnI(~terZ)2R4+$t**g?q7X zQLCc{ek(V}(r>`NbEa*Hx>Zm2*=E%NvEekLy@3f@70$QqT0^X>) zi$Fwwp#8p7|MMz(z8#C3y>d#oPpQgL?3b2@V@rCIxz&dz>>!<*d=&8YZcpTM7XWDt z=@Rt3iXIk1fg;d*I4b|P{8cwOP-E|H?NDL_GRG_JL_7d}~4)LEs>yll{4vw*L52uE5>>iK>e^G9m|Vb}^v*Tte<&Ao837 zdO=g4qz#E9K)7g(sHmzpb3sriy!3>#4y|O{zBMFRRP{yUp)~-s}36Z9%h{qcTX9LUTuc=q+Edi`}J+vF)-%+a9 ze~dwfa#|VpcL{gD`j3O_t!H7#jx7OCyQqZ{>OZSKngcb6*1`mkF!&^0?q2Et6Lw2( zsiZz4y%PT43{#qOw&gBdkC=g$-KDCuTx>c)a#9=<`UBZEm5^%GQ;uz5NYn6evb>{H zpk#H7QSZuz8n;w}2+;4f3bc&6vt5)0Mh=i!T$OW(q21xE?A~Q6lQs{QKq*zJI$Zw| zmNr@*e6SUQ#U!QS@K~FS)VSY}^=pL&v|?7-oCIEA$AZs3qwY4)4YO7;!>n-ur7jnM zO6nw?@b8Y?cE)laPVPiKUfik-=8qklm!|k`049ximmG?aV8HHgCR_OkZcfSQBElzx zVP#qrSvfOdJvU=O`e?(O&7e|>E#n)}f{?|bmnVCN_9ffP^_ziugGmAj-q_JkDqjwn zbmx64VjEFKd7z~age`d?U#0563xis7+x^>yIcujEZNqDYgoc&UaD0rOk0FXMH8CFVjS7e)zr!X?i^!iDq^9k1qHO zYqOA!<>$2(CPvaYWLgxQX8icE2g~8{Hrle-uuV)D+1uLHRCbv?`PCS^Jx6^M(N+&W z3JHd!ppA_BDlBw1yy#O?Cy?!+?tVg#i2!>?K7N$+CgVYeFp7lOibg6**El?IY@&Oi zo2dmpUgW8{N@j2R!R*#SIGQa=M<(MsWvw|9heNwerz-cn6obIjAP!|Whp*HQ5jJJ` zJyoSVwdZfx(m2)Cs|~P>XlR7f8l$~|&$ed~@XX`SeC8iaY~V*v&w0CxDH;LM;?@kgb*8l zO6zpE{*T$T+e_0LAk;CyH%I>1MIs1ad9I)I)eNNc$C0uR+mhW4bHUkZ zE{AE?NmLL{b%)zxb{&x!o)7-#~vxJVLmgN-;x9>V&IN?yPXW!f7`ABY`oJh-0XC|2ohSuH6Lf6MjFdN z)yMXP&ra=Z(L)ajEu8ydg|wX`Z+Sgwev}QpcPRNbr|wW0EGgNv2eT2}Rzr0c+Kz{6 zdaAqMrHZiZO)1N898i1@Z;Ong`)$lkg}9>Ys6vLfHk#=8U*9^1_KqA32jtR(WO2jO zyD33I4UaK+`wKhSYMi4XCifTVsls%fmna1LVMkUO{M01ozDkvNP5p+hxZsvZxf6>V z$qcM#W-|D^LlOlTpEm&kptty~`=^S!vxz{P#)Zy@=FPgq`ar9GmyHNyk&v@sC$`1( zQB&0oG>;=V(#bI$+rwssHUIT!P@dLWItFY1+Wa*X^YFjk)?1oXt}zqfb+_>4SOoT?HvP?jjJNjCq zc6S?H|0P$)zC>i8zGI2FEM^W5bT1#raLglXD{Em~RM(3Nw9C&ZMIv{yDl?XY z|C-5K0@){#1UutnE1=XA(-}qBDCZEv$hw5QvxAAt4;V;eIAJ2iEDJ77wDc4hP@~)5 zRH}jD_l$8_=kSl!&!`8r(-hkb`PkYE#g0e4SE~8tP~w-tDOJb|-S^mf`J>jpn!V#ql0Tin<^ZTbq4bi@jR&tc z6CO?Ug;Gq`35&o}SxJ}Q^`GRmp?zO-Qn-(5Giztvn%lNAv!ohPw4jKKRaMN@+fs*k z3B6Ly*ql4G7Hesu!l1>TdgVo32v0y z=e=?p*S1C7YMzo(SUyQQ}q6|7cUO6e{{wl*RB)!Rzgzr$)TZywCm}mTcHq}rCIw%=_?Of+P zt7~^IHY3F(9|+@+=yvbS{(`n)xsq+Vi}ewXi^O#!D@@ERkNRx*;!=8l4Kr5$o(j{H z{WSSeRBI%SEdXjxB;&?3B2bL%-3?nS-dk^Xzgj%yECqWtU~xclZ+bt!aThmPvY$!} zL>y4khd@)Xhv8BML^4cbA;^5cx7*G7BF?5&LGL%1h|4HKT5;A-{nplp?+&5b!hUEo zqL%Bx14JTXb>^G#i-gfKcJyC!KazQr@Y^`&oF;kq2BmR4I?5VzjS{jxYolyQX3{7l+{qT#`0G4uaY85nT)2$cYD{Kznx5UQR+nXbXTVnfw^1Ig5-sminP-5PG5$n8s#f9 z9#R?&DHvA`Hm);=Dnjw0;QH$pJ{RxPw1V4i)$G$dgZ|-$dOu#+`OvrZsvcBNo>xj z^mwexaHloS99TKB_M47KgAuT7*KnXg16U>-t_GcK+ER>U-7xzBx6z;bQY@fMnT9Y{ zZx=C>2CHj@7XX1PJ#M69S;$DA=*MB6sdc!DWwaNCONVbMZdS${{M`J+Ht%haqoF5K z-bIN)Vpm`3pWbZQ{ed3IAl`sP+J5BQTDIbCIS)4ppuNZJ@Jl^dm~sXksFyZBtgw0ipJ!Fvhb$cnO##rQ)tNQr#y44z+}0!3~2r z6Bc>(rOH1N(rb!KZTLpT`HH4)BQ}j-`g3U0!4qvmjg{nf&98v4k0HX@)U`jY=qMLl zX5ezwvrWDp&mdk*SZZ{rr!{cgxuH&eCYy{@xz80kS@ROmOEn>GUT%|*jB3m=-`qjM zwFFK0iiZ1MG;a!-W6NT>xnWN4ZwMxGB?*r<_Qv%b6Wd@C6Rh{N`a3o2Kq=_%H-L!8 zg--Il!~cO5OsK`f^~-htTR?A4p+CszHOk>GGdypb=nEtR ztts^*$lIm9nEsl#g5KpXmR2Z_R`Zd?VA~2=3|OcrN)$@RA51?WvzR1iJ6d)*Yz@!j zkqgQ^tj#*xqEI`P%Lp%zC>qa0&n#FJB&g}`V7!a$jY6QBasr>nRMqt|W$e`)*k9p- z&pI%2reg)1aj36qH=oB}yxh`?&C?8Z%b(jnFpjVoL@x#Z6d+|SKF@?u_X*Wb6!`GH zewbVG)AH~;^f%a4qt9`zhH^FZCX)UqxL8MmU0bWu-@%lSQ##UJF=#zvW_shmh2Wau zdvbYPSG6_`-b%Bt4UAZm3+Zv;t8!Auz@&x2xL^`B+AA5;XGJA)TWoMZWyzC;YRG-bVHKEY(KZc zR4u^IGo0CM@c}jP?fYx z`M)(&ErOup$fnpzi8xfFtwAF`TuzLe1d05q^fb>GpISBRz7YPAYz`hVKarTLk~jd; z!l~(uKEd33CGI=Lh>4di8#)xa&6?P?3TyN2rNV5b!Q0VgY z2zYMWjC78i7w{apYG559NK#IR*Z>lR>ebXp`3i*j<{s2`K$mTq9g$rhCq#zOKbg^tWgp zizkC(_tPmqFnX;q$ICv@SE-y@{->9`K@8QvmLz{qo9CZq#P4UBJ=lTQ{f!_jUBkzc zc(Ytou6$4SixTO3Ml6OOz|1f`$LU_k^v6E9YQFTQANf2!P8>XXptHUJ3`OtwhdxXV z0JFm4Fk8O}{*()#8dC2hlBzSoGF@opGP@SvI7Id4SZUy?XvXWs&G)ZbNnaC-H$|qD z_|Jag2?{k9^PLy>SRNql?7Cri={zUwE-t>4)~+n zvR#4R7k%7!!C9v4*Q3zhNpZXVAjQ)(`_!tkOf!mwU??5)EDxkgqVIEPJ2$%#EV48L zRHJlE?cHVrEnV`(?%HUn`9d+aXJ`;$Hq^G)Xe@2b2SO=?3<*#7sP3_7cLWr5;^eMk z{)v8HOC}8miFa|Q#>a~s-A<13p%)*XMg~t`>fm_W`zj>-c=3n@i;~61$sUq575$*M zwl%Khy^-5n%w!n<5?)9ww5ph^+Y>$!p(GG{p_@jX-a0Ktz&DHZBaH`Kd^hD%H@Qw! z72Rs6<9VX{fTyk#@U;OT@@%(Ti>r|+@D#ci=F=Hslcs`^(;3TAu9WfNTui42znF!O z$Gq{&BJx;qZ5Yk~;~{H=J6$IcEik70HJh6wpf+6MUqIOf-(9o5*bOp%AFwO1P3j<{ zZDhki2BV1+f?fKRZ9R_7k4Tqkl0(6^&KK`*F)Ma6*+IDcXZRP35jB2;yCF!@pD$IC zOOvOpMh?eot{X9V<>avN92WNiSiUjFjZN;`y>Hx`2?dL<46-XV%qt1GMkUocks_ZtJOja z(u1=Yz+Z%TpYIT;`S6{(y;C=@K>7V06a3r@xq`PE@R0>_7>FwIY7z1y$N@yb4fB8- zrQ`c8`*)8d-cjeT4CO>x?;+CM)SP^ob0k28-qD8rGP{JEpxipO)zR4P+!1<>0E8^F zbjZyzbDPG;czGt$SEB5?VM6L2I$E8C}3zt);NWSK9 z>c8_KSZQIcDv$Ozp54+A^nm+U%=GI z&N9$|A4Dhe(_06I%X+hDdfSrkuia!v2Z{5?dr;}o-e6>PxlqV}#aDr(eWb$fuCs^5 zf`3j6KU19XspxGSBTnOVX>+|7SE-Ls@fOnI*(9Ob+F>IRpGb2%f-zncfN4Nutkv+? zO<2O0BF8V-<1uvZobJzWC#kN$D_$G6jxm%n-qnw0Pky-MII$|D0}Joaa~DN7;e*LK zh35B08dr+vXfE`(14@GZwR$13k zQvA^9E5O)~|(x#Qnen}h}I-pd&Df3Wl(#0s4t5MR>QG5u%GA7#`4CXwnn+2kL zRY%#B&CUI>otV`d8%eR)qX+@o4$LnVRuEGIhX6I_Xh7ULKVxC&%;|WdI6|oh^pX;?DxDiV(Ol1T9LIj`leEF4@krc|)cuVid324cvp#MB0B(H+m=4|AxXM9am=RUu->xa;bJ$Aae)_@Ym zO)WV7Ms>Ztwdkigz5XcjxG@trs{lhB&U~i{2dvIF^HzQ&YQBhKV;k}`j|Ic0$aKp6 zodlkd>Kpy+ZTOKHj*V#Y&3>l%&_v${<`B?W3rpXH+4T4%48=6~SFQoSpjPj8>2o8) zp{$i-QxghIbE+p0HN4epUe>ko((UU#A|#$uD{&pF4(v>s)Md{dW*s<#DnQ3ndoS%8 zU+$&d)}=q{3p8QOHiWiMo!vvE!1KGgjw*dSI4%xQ{8v(UTO4Aodcb^-3Uo~T)__D}~-Xlv(H-vzLC@uzK3?8n_Ldb?9q zS9AJ0Rik{!H&Mb>P5eJ!F*RL2uPQ`F=qUe{WJwXZVZ&`Q`qP!nBkC;t7$4g79a(*& z(A=88Bpz-JGE)F?w$Vg`VSZ-$maj!*phDn$%sRY{))a*;pj%oCDC7yDPQPIZw5+E= zSNdzEYByQhO3`Jv0!5MQe}WaQ=DwF6R`r58+P0;{yJ+-Awe49Z3?MCGS*qsexZvm+ ztRVh9*o-+fxL?FDg~CCKv%jbYVcXpGHKzIKA?=vt$~SRvIRKv|*fco8aG*COtBd2atmlK1dwBw`@1BIBKkD~h(k;C|{U&0XAjpD!=&Z0QJW+G7jOq?ew z)VSd!4luQQS%1n?!MBFqJiTLmaI+87s2#$tgBR-d$#}Qm@sN`>G*vV*E2QF zum2X}wLt9gFPXPcwf$4+p@%zRYYp$aGAF4}?hF5Keu0+lNG@8mFL z0g3L`kNrKl%m0srMuyqb7T!$;sxm>+ zO5x}%4Z3cW8T`vfim&svVrJ|9M>IFP3SqVS&aqtc84l*1M7a)s6%^a}Io7{nJX_4J z{{v?sK^@ejrNSIeBJHb>e^c2ShlYV#4XLRu()V-+@eP}b%y_1_MgJ_ry&~tr*`)$< zGxfD`zqw8PX)k}pmEi$hc1+XSwlzkO%RkWzevDW;c2g2{VJ$4LftM*<*xJ{*fyCMO zz>Pjr2(C1WgAs!rF$l}V6%-y4j)gM#mtP71g&y3e?sQ@$UA9?Z48V0zxz6gF>?nBo z9oMQo7k7A*sI?r0zdUbb0hGmquu{{;P|q-}JLmc1+A0r+I^!(|$bKHbr7anX@-R?`MlUu>L7l|SOB zTRGbOan5cD)ebW2&lcTg$}6dRzI|Hz#%t3EM&QsbZCau3<7%UqkL#nbbspY>9LyA$ z^*_Qh9I(a7RyIMZZ=@Y;sZnJy-gF?pMvrWDAA4?wJ8SKg6xb(sa_8KFwnIWWvhxsz zbxuXNillOVg@n#S!VfpU+i?vtd&>9VcsKf*|36ZD>fq5C0YZI@1q)F`DQOh)z;$%DCYVmHkCa07P2;=*MBC$PKy6qK{TFBiiknBsAhO^AU2LXd6 zw$JMHcq0h;R!KVFOM7=6bbwF~x?uN<^TTl+2?ASUn-A49mSNt>xI?$>10YA|T~rcv zw6Yw|bjk0XpYJlg0BTQ4cOs93bN7X#td3Rq^A^|IQ~7bkldv>L)VDR)k|+&768c@O4X91>h2_fWM@1el+CLzjPhfL7&XYQyR3%~ zs8o%e^5B*%V_vBMOb({7Df;OV;6Q)zE+cZc7180q_A*Ye6k;sws*L4?J=lm=)7x={ zl}risDyD)4b{T&EPkca{<9BefOd;d&Pe;XB5C6zC8>Td$7N;A$QkD?^D?~L|gSR78 zqJp=`3f0wBU6RPNE$kv@|3bElYeDDyNZjMsX^ffHG0?8u$^?L~+dKsw*g^ptfW{7E zS^SByl#VQRuQZts5(K2i{iK?rQ%ISRp&sDa8G)AQ*YT_TJU1;9P7S3YGZA5^>0@X~ z&}F=%24UU|jPH)0{7GzvuR&3N{|+@~Aidvh<%vd$Pdb<~{s#;j>dUx1hhlUwE1x2h zE!^#mWmxZI4^6M{WvIstbA2d7{&0N+J#q}ZuE{1X**T@}k|t%flvjl31}y+#2@kkj zK@YLqc4fuoiT+uV|AJ||i)bdinp=73PqB|@9yImTwYj2wd%p7lW(8N!-WmDAAEY#ajZ@7BcZlA1GjYOwjK z2};I@aTROIhggw`L};195buI+?J1&JSWd6&W#c&W7OrQlUWXIY473aHR4CGO9LLC| zbTLu2OlqxZe{dD>TLpdkZ$3rFN{*@4shh;G0tG?Sz?T!c!^0?oVeRNjgD z=uGW(C1+zDG%FxD()(BA>)GmrsTxfSV4!Y8QbeCz!y9#Qqd5xxmN;r-e>MkCOv}}F z4!1v)pNosOsJaj}upfHRo(gzI!or_aZ50#+Jj#K0U@sox}pnyCM^wSX#ro{!fjUkg5vBTc} zP@XW^P90orO%O`)+(Hv+Ra+)(1;?EPkpzX{=nCSx$@M7{6SU3T+32&#mbB(h`#AVt zjPT6pLF<}Y{Kin=`ee5kbbug50N2A)3FznFID#fOAxoXND;0i0>MhUbb{rpMSRB)zC%x=ba{YZwVuoSLPbDr@FPv_MP0ddD%MeD5_6c{EbF=|@!ebFjq4SHIiQqPp z{R-N~%j}V`LYLCfT5qf!yKeU!sZ$;1fae|`(-Nc*L3hvZ6S~8PEp`n>-?U3NAFGWR z4f5i6Uhjpt^w5r$;}2I9bBA2icz|ia zGZSXv!OBZbLT@-*p58!L$cIiROeRtl|7wy1m!RYbYb6bTo^AN++3SQ*vEREsv+ z!S_57)y{~&-An$P=?v$^NNzk6|ATF-MOs%;3;hWyOKI^#@|F zJ`8C2B?|~tLkVVF`5gZ8d!@f6Qu>&ET;c@4#bB?R0UW&&2?`3~6=g<+8HNfy%O*&D))C^^ zh&d>o3vTwBv#4B0y@*Bmr3<)sz-D=C;B3Mt+JzL`{@~RQ{yNi;()zGZ^GD1JqzS9B zAIJ=LwBx^XqLT^Ak31m@_Xqyu6Jt@Z{gS!OJGL1s3=vC6jN;?+s$YT28np4BxHVaj z#^H2sSeSUMMa65cxukF^W-yG{Zp8 zQ`{$XH`&1(IU0E2o#6*KX;|p4kH^e`PA5}_ql8<7Z}Jbr0@OG?4SPcbwmpKOT$qad zvm^t)1Id0bxHC#<&tca#?tQ;0pAO#vT0K|>6Y~OMXf9%WL!b?@1;~492M?;6ze7%s zkNZyPC2hhz`nSn7ip2x}mXrJC;Leo8>q9txr(oV;gOz38&P6quq4pwt(zJ9?eOaa-$qvVYpldMhr@w7 zg$R+gv(9dyj@jHl`cv1;#)rFLMo+fp zAs`6pnm_w%vlFLQihtB5SC-)XtACmr3$g+2o;OOjPSncjFl}b(Q_LhKdoKV>k2`27 zY9RddL3#}!!pw>@I(qav&vl6s=li5NWzT;+!xS9D&MPv$$D4V!ek1lqX6f{v5t}L3 zRHY_*d-6s%g4YD8bkcJlrI!A!{Zc%yLu`O=rb(s^K241wy%I7jovy{<6yqF z_X#V09G|LCIVv|3tc(UB={O9=DVIec!H*ON?vh1ehu>x-&Ed=(-GfeT9`QJ)kA$$nEvm&344a zSRMYU?^3x2(Ww*v4qJCzJTSRe;JQL2B)tr`$<$c%>6*CBqev9DX+qa74)#XwL6dX_ zKt&KgR|LaUo&Qwfu>y5EjcP;CDj|UyLoKRG?(Gq8h^wuF|GOA^R>8|?T^ zS(f+}7-e`Od7P)lhrQiaoA9CnuJar(imbIc6Ak~JgU4yL@;#*K{$%L6uucZMcR|Yd zPh+1X{Sqiz6q;yn_^iISI$mGX0VnLQn~|zzLS;+^C_?^T0|bMyq{rSlmgcaBXr-=F zJ+1b*^b?92m&}ur`v*;vOkJK8KPkMd39;!=EGf}capq;~2tHi5Fp2f=Pm>%;l;SVA z3%g>kiF!Az*q`KumXH*+*BO6F1bdpwt3T0t8Vc<-8`f^fJ|P}pYw>mr&bj=N+Tkaw z*LzSXo_kxAV^yUYd?%Rvs-f^hYmr-}I=xRjM32Z~X=N@emddaV&eW)#6Hjc78{Gvz zxg?ki828_tcelq^uH8SPyCNl%8}dR^G^0vwRsMjS{b9Q$Wx5ABpfiaf|KSj@IC~LN zs#LaS!0P7mlpq-tj=mOh)i>S}|64M`ksgkR@^5b!)r_9F0PthnKv@w4H0~ z{Zh_;P%>1>vJz#b{06<~(1CH;73xO2#uw8~I3%`GIUwpmRQtkxPVNo&yu;`yW^Ms1 zHzIWkwrAF$2jWgN3LA9=&+Oid5lEWA4o1#B*iJo5Zf^Y2nQbwqLretER*8w7skdJ~ zu2e*Se3HJa`ysLBvUUJ7;rmb+C=~#Sm+XNx3H5jXb?x1;X$4UbtBtFa$F|A1Lh=&`WJj<eIX99MKSdM)2HK zxx*?%^C#ui(|s_Ox^(n+{SKjH_wXNXYS2q`U7m?|rz$9i(%w8j(2v><;xT=&P`h=0 zYUG_aZGEpLVVAsU(5QPc;EtF}CaY_G zk{+@T>EH*Cp`rYzyMQbG0JUe$l_!5VAomBC)90j#Th0eWi9fA_k1}B*Y?NC9pgX|^ z`Nw0G$0e|PPBD*EUlY;B>W^zoD|S4A4xB%Jrn&UtKYVe5ISvKbCK*_USRilk_Y7q7 znZoO4Di#7^+z1|ec6Gt>QX7YvSsD&z1(QZRZDJP>YwCOLHz(HT@NFVnx5ro)#XDh< zA1H>XK;VqCyQjLHh=Hx#y=6;4;2&qni#pA`{&iCy?pLGv`RUaF1o}HF~W_#PZD0130SGNCSMDfjG0QfXvPpZl1`; zn}Qv_1B+{OMwTx_z+ih_)-Oc0-lOO1-J)s#eFsybc_J~-0+el~Hwq0k^6iSNi<%94 z19tMm6RupwM0}NG#)ul{!ihk%h-4M_(R3-n%K zo6tp;#sb2+apz_mYC7;0p~Ov(6*^Wd{*0#*O`x+C_c|dH)JO_{kK61^z-@pvAoYiZ zU71SL>~T76pLsBhP4=jjjb|z<8x0K+@_n6*#Xq`_&((qM-e})^48Y?nq^e#!)I#?r zA%&Zz-)09&1x5X95;k59osWu7IM@65q0Iba)%AdOF(|2k@>NjENY8k+C$fPH;1s2l zDHz$R5L3y$w_xYpLgzFW&h043GsdJTX|ncMa%;ChWaR~KL;NI4+RP4 zlE$cye`qP@=`89t@R~t!y_(u6V9enj7jyMd!W#ZkQ}maqKW-!c_+OoLrOCE2*uvsa z;~g%Cd;{bR9@#)*#mn_{X?L*R`6xFWmWR4feHbM=S|*hE)JY9JgzP*iQ?-Wz3v*m8hrAH$jUwe&gAUY+&Ou9uzc?h03SpV1;)rfM0 zpY9E!PYQRJ*VuBP>n5H;za7b7b9sWVfU~0ja^u|Ef>4nhYLtgv!>7~c4&}O516XA) z1pOj2WQ}QApJy4SP!+CulOCAK{9>-TWX3cpZ86rJKM9&=e;mZ8**xK@zwG7<|()p9EnlRT% z&<IMx@;bl8d0vG(7 z#^~{*QGsJAa`njc-{t~|aFBp-zaYg+_=MV}CEaoQ@$= zk#M}0{hKC&7u$h@l~CoEC3(Lzu2WGsUu0lhyGVctb_IEIc(n&fmdz7*cFhzY8l#~>l z7H(xKE2(;<({|kez@$DTrcX|WqArAq+ed71g14VXVb|B+65RH(;8rY}J7-<^*D8j- zMijDw58c?X1IEh(@%c0iMj4*h7z11`^Y|A*sJe)Vi+3h+z}z=Hk0%ct9O)a<5XPYQ z;An(=)ZoDEtrH^fo0*HWLK1zd3zk4aNL^;j8~a@Q>(+dPiw)7#npUpDhbCv^4I;72 z@gcq6KWIDz=U~)%PHKYCOUt6sOPJ;L5pH|_w_rh4m$E+!K$;j9eICjvlz#u9BAbv z%1R3GHficU5PNJFcIa-`n)eTmQ^Frbm$0)0W(k=1l-JKmGHyc=V`%^_K+?ZYB0;^U zv?oC+tl%2bwF5U9)525&nsq>|`%~Db?&b4+@_$%y%4n8{98v`uZ_Yat)w$%p4*gTjP%Rekqs7)0A;=+;2fCgA zKA9Y-T}xgp+T?}(Gl1LMiJFlpi7UUJfne376kQ=JkW(R~{nt@Y!)k;w$YF)JYRnh^ zO!qUP>lE@6xaHI|IHFq(I#$*yfnT}+X2t<4YVUZn|-u#>6CMGGg%?|oMsfgSHENs8VujA zU4|u*Cxg=qw?3=d>@=TSJ-n}6bzgq%R~iUJ`Y%T zK`_g&sTaZ_yZy6gnlFE$Z*{1_MWP`jYbuc<@Jf^?zGVIcSSrS4yFNVgUa>CV4m8;!ttAPaHgdXU}Cn+!`+G2esEtvOV% zKLl!oCfGv|1DTWaM6uSusbMFCaYsggwAzaggKnGu7vDz{n&jwyjX9S5bP1^SqFbZ8ebZ(D^lD>nEL1E$*Tqwt*(N@tJZyap1_ny+Uk1YQzRly3 zTm5|x=66toa3=6c#n-xjWtY>T*nNre)On9{ zz+c1I(icr6eRzZhgK$M-{O{#D_vGD{+g+teB^R+2`;L09MI!D#w{AZ15$YZWq`X}p zurM7$ceN}PE_fu1XsWsbHNA0;U}vCp-n1ki^iJg^Vf|j-jj%sd38W=RNZyqq%w?F3 z86TqG4sLNbibBU<^R1$nmQTmS%J+FZqyd^`(+^p2U9g%hf4dCxCyCR9`HZa5BS1xZ zi2~DJ5;6rsK|QT4SNo}g`s4Br0CRy=3i0V^2u!6s3u|ZmVOtDDu6$dKCBZRuD?mYu zz#$o_!X~>LfI`9Bb+vwyQiuc=xC1;=blD-YM}bv^#IR12Cb6?aTJf zf!Az~k<;-5QJQfw?n?%&4)wxKTyC=>gIC5hUNVbAT;RKafYx;h(RPsIKG z;VTP$^?UAr6Co|VGpMMMwJkQUQlihaIrW$yJkI`+9Cz;E9j* zyO9Yugbf(La(vvwwVC^>rKzy4L^vG}ill<%XSUt9cyXGgBW~%1IYroAvH@VoR7#3` ziTg-@(+$}SsSXgPieC+b)fQ+hiO8i)QSZR-OY7#IEa!Q)jz?b&#M{~+%9~2|^nga(W_`S zUx?N;I`}L@0^7dsoN-{Y_cD6^(b_k7Z1Aw4K~$+%paV=ko4C##X z`RyCy3tR;3_SjybH!4w5*o@~nmLqFSe4G_im)Q53K-a*dI$--UaR3ZG)wnp4gr@f@ z(P(*+UBBlC2ENX8+NxCmrJBo(e!9zf5a?e2^rg{p3}KUSpjxNlE}nd(U8hR`gvtR_ z=RHw5O$U+{F}qgxIQbzoqyQLp8J5U+ya!@aqB(XF7YYh-k0%I^8jb2kgtB3#w&TBn zM;P~c(&in@QFmgtp2gOc|M;ig(^$8VZ5UMdwBNzDOAg!tC@X9ATwG07R3B30VZ{@F z-SA+H`?SZH|1&U_g!r6x7ti|t8I}sz{TucR3HW3FEJ8`4*%a#eZEs-1RI}v_nxeIO=kn^ma2Jt4D!{3#0{Osv6&9T%VA!|R@^ffO*6d6D`Q;gaE!8wGz; zwe0DVkKcoI3@OaAu|yWI-YQx}5vME+p@CLtOO_)xz|NVS6;JAMGVdiKQw2##?!}|N zF|q^klyFc_rB_n3n3WwuEk3j=L1&z#W#|&A!yF}wnbKX>bPNb630--VRhT#ANE(VA@>uy{v zW4!X^-lJ`H^y;>No+%v%nG#Vl!0r+r>Tl9H&C zQBEP#=!+9%@Qo=p!an-mG_i%Q>Bn`{vK!E`b6^d?V<=u>t+~WXUs63uDV|TynojB+ zE5nVr4W-BdA3ki6+63xwU9diYW!MT0OL1PyAesD=)Jv?R$CCH4L|ZkI?7Wk5r=nAZ zH_eA`;9dt7V%l?o|IU!o^_fgQuq&)I_oiwPMJX~zT+#$)1-0(4dEg9^MOhz%iD#e} zZfNCNO1J2~W?4p!B_5)4rZ|-x6oc}?9KD9*mJUzPE<1Sq<#d*)I?a0ef+P&VUO|8} zP=FakBNdXf6w`WwVek}d#FmJ#aJl;g+x70Wv9NS7Z&RumHDgNVI zj|Ds`vbT(*{x<@{(kvIg7cP31Fezmm1`OT_@P|b0#_g<10n6*LuRF9Hy-A2REht=z zy@9V68t{I&+8jFu5a+~t^C6Rg{6cnCY+76ardDu1b@W6ETcKWg4+2=JSc%ujH;=V- zwxpZrw`1xW!w(D$`?M|}|ED?TmF@c!mSLmyfS9XMag+l8w%*&^XsC=4#apG$AWT&t z+Sr=b#1w9K!pfUjEn>kU%gj)_sc2KS-K4ZZNgGk|Pb`R~`);%u|KZ?8gT!M)12x3o zDIPs8R7LH2pEQxnm+>Hk%8vkAD?8Zssw3!L7ksuduQeg`+*BS`)+Yx;p$p=%bcbn}xa3i>aqEOT%H7GZG0=(3}_e?!cOC&R3x z?WT@_%{d1yE1o$*>EbHoU;>-dXK5ufWsuB;CDc@T${_{Tn+>y9?SXd)qEEgHO5^zN z!C++X_Jj-suvUYFudyU6z9Rq zAR5;AH)@DdjxMb;ndfhKSHv12Q7q0({Jfz6+9&CW_v*`JmNPEGe6l^3`pyZ5P6}? zBXHEHM7a@?0Sh*>3xtxU@+5ouX{OveHGBZW$=>|dAlesCI-xJVUt%b8!P^?Pv7#YX zQK`RWi2z3bAjUZfX-ORE7l(b)Ef|+MZ0a>o&RXvaVZy4KB~&@xfIL6D81Fgy!(Usu z5NYn3;6o7g;{0V+XQ!WR)y`qta@ee8;t*-hpRO)}f@zoufX>DdzA4#Y1G!QcyK<1# zN?MmO87#ot!JkO=qATF*kmS4Wpb|H_1L=X!mvPu_9Nwr(ea}p2)j#xW zuacn(Hh|CWCM$w!Q~)p!mc9Pin)O3GdqBE^oFx9`%7#pIVuf}mKLdm==!?;?ULNl+Sb7eBmWlcy>890(_Pn|Ydeiev?%!p^leA@N@RTsXHFg}D zi({W&@MdIqW_Bf~O~43fugv_+k9Lr@F3MuFHMo7#0`$)O{o>HT`VNrUIJWQ2$?uDr zX3=sh@hZK{bXUAK#WN0vH2Vn|vM|b8@_qNBkHhuzfxj#8#dLv1ey^^jB?YcjJVUyw z(ul=YYJl5ym+gJC?ZAq2Ak$GF%x3Pk{Uvq{U=SA_W~_GY(Y^D*9+UAy?ipeo!DW}7 zf?z&;)m-T2OPHgPY|_0`42ubqjqvK^7QkDcyp$_F)Dbyok<(QXaC6sMY={*HuplOO zH{e;ifU4}t0e?}BQ)n7NgD|fsf#~sY1D8v|-jUnGTw(_?tO0Ch`ToOt1=V-esIvE6 zzLJ?@@~|X1H2~$vdG&hjK@*cb`nXA*wWlm6BSNIaxPwO-%RS@*6YT*!K~By@e&HvP znQi;6vom$ShVIIiswL(xkoJA#s^#QBHMfivN*j9}fHG;L;wPTTapjls*$}{X%RsKc zXEBMw2*dJNdF#`i@20VN2r&F@BBwS6-+p4V&}{8~!+UJb`%WQ{X^jOc`E}!FC3ksD zZCEzyD&ZPUk zN1u?|hqV(eF+uz3VrBl$@$Xsck*4-c`~`YPFw8yu4+~)=W1&`AHCsDx@u4K_Btlb- z6k93*clmoxgWSBG#dDIIeCnT5c? zEAO)QLX&$-iI(tjj(qa19w7WaA4;E{NAm=iDsV!l_}~nr>$A2*{p!%*!NDn?bNOCS zonabBkpMm>e4Un@U%@lJuY-khOA&<{CuAdqc4&@{D>cmdQKFP{zd1eE!|X!XrqXk{g}KCHXTvcm_-N zU_@F+kflkDEUcir2e=2cK>Iq6|7k5Y9-X9Q@5_OfKBKa}TT;pL3h30BI#z zQvazOG{ZsA;;AO481CH-SSf`zsHM&0eVu^}NAsM|VjzYk@a?ee5WxB(HT15rq!Tqk zF)&NHBHJq9lE+)5>Y?e1J(*)19?jEit%{0h&c&ykQi)Tda^38u;aW_M?} zBiEBa>U;TkvrTg!jdO}R{o zm9MM6{Hj4BYbOWXn|q6--CJUV`Rd=a{G;;vcUfCYECugE(7y1Ibp~;N=%2?<@*>J} zoX8uWO6H#WH+?52RuvkA5GORSL&6iL0W1lI#w%7_6CL*P1B(?G%EE#jxIQgxmdQTx zZI4R7D!@Cma*x+bvv;t93^tD;_OH^pRgG+Nr3(AM>6z)<3fwB^x$m4*myi)L`<)V3 zbr$(YX!3;li`};jv)_l~xV)V2aZ#r-{lPyrn>fcmf0v-Wy7VirZV`?=5%;}ltNteS z-nV4%4WH7?QTA;yi3#N0j}LkgGHkq? zYNEwlzM66NBbWPN_0K$6J%25svLTiRx+K~d%jASJRKp-5ZWt*nF^J$~FLF|M+!vWD zD3porg<8LRMq;3L0P#@9HS`OmvqL!*|H-`XQyL5tGI6)Xu=iu&zcI{|sZM>G7qDAJ zU&ym$&=O(*ZjUIFB}duTb+`*zPWH#VlC33T-6Czh!?}(FShmO~y8G6!%>Z4*Vh}eI zXbgQoGcAl;QP|I3yNsS`kIUHC2*&tFLyX%1KD!Eq5iA*EJC%ax z1_$qGQbI0~2y_HX!<$kMxr4KHNhHv-P)BlImJwJ(r1Me7jhu96oEPw) zJ<|To82?A&C?GR90mON{zw_dN;+BL8h|s+k1olyZRw_N8JSGw7EG@GYzBVBpDfq&` zZG_v;pLoj-`dpe@Q`hajphfYT)|LmKj_lmFnpwETr!k-4;`#4IZPQDY?%eU7^gNsY zYzXsA<7*E#qdAe(+lU>#zYWZ|mL5_ie#^i2<-wSpfhZKRM+M8B>Ux~raL34K9R$bJ z@UEzv%M%!wE6fMRhW>WE$A6WYDo{6*duwB>P0=UZNEyCI;M$ncog@OHfvJRLHRy*k zi8>hFF*ONtT*#0g;Tu{jrQ#m`(vz2KZS3N|C4%0i3cd8!_MBgzcT~$+6p{0>u7=yq zNmg3UCO>&K6EYq{4^;x8iNbG8xO3XiomJPwI_?=bmxO|9VDjcw9<^8d@{nP0U*de@ zq_HY&@2mzV&t080PKFk9<$M@xo<}{hmO20>t1S0z@s47cNbR*)H}8y7Rv-Z}UGZLq z->278wP89_#ekGT(N32cZZ_7uz_TB8AZ8d;#O=h{(IK5m%)y?8TLAE4#Gx?u0pG_U zX!7%H&=p6%gf#9Xf1fXq3`&+h^Dk4x3tCt7y#U)dq8hK?cq8&4XNBw_Bqxz_d6rw* z*(z8Sigv~9(rNG zd;=hah4vCY)Yb3>E@%*kAt#h+!&&^&d_PUP%Y`b^JbEdYZ*rG|VoKcAjGyggF~Yez zxfj$UC=$P2U;k}HN@ca=@#F0#P=bKSy_tEWven9>9Zy! zQ1tF1SOcko3UYP<&m97uSUrzf_)si8*0KM11m6eEaTUF2fQ!v=me)_J!!Uo|8k9@@ z=p_*Vc{1GV9X;@$KRUhKwq=~=J$a-yCn(c99n{01Y46@^q6f*iGqs=JF58zKfa36a zhv8|0O5DB;Sv^r$9BfyUPVQ?jV}x`wvw62RZPVtWyqn`QXtag}{Pz<%i8mQXzh?Ip zQ#jmJ7_*aN#d7{(kc3WcLD3U(1W|aav%Z$eK=5I1e?$x&i(?HjZO|@K(YilDisFVp z0D{YQT48XjAv)) zru>4=n#PID9nh{(WDwFa{2B1~v>Vb=46yt?V`N37o~@cx6ORQqGW$@!qnW%-O;e&J zmJFl*qQcSfxJ4TLFr}d(>~=KQTb?SMtV@SAPJ3$CmRaN3f)Vb`MF2hV2NJm??ixW_ zG?$kyMP|?pm7i3w~C)3H%LA(HX=WFNTI5ja)WyLp({&5;J zn`8KE2J+@RnK6u?!4#V&Nr_h@*{O1kMj`A5#iWD9%Pg1vtkH1$KXO&$RVCs?@x%sgZmD4oh=<*%Xh+rL z2;~(xR23Cowy|>O*9o96Fs#;{Lu0}p zJWq_CbTS3}Q+NuUye&7`RFsoXeHa@KfV7>?g68OGUKZGz5~*8wf4()B;t#h1o?8s` z15@Y(?lqE@e4{I4)-)i@MqgW0td_EJ?^R;3k$WFp?5iQ@GrPy(c?uUnpE@YC1iM;C zD*cc0;SIDjL^{u$0WsWEc^VOcMWd&3N#hO3+Ns^R_HdTbJq6)SZz;N_uJ_&0-e#z=U0y{@<-l2(J7=_ft zwhkYY<~amg`qaHZL`}GUzBF!l7*xDja-AXNfMXEXnAK4OtRSRKI?HB3EGHk{ampJ0 zg4+*E_1N-xZgiVIS4%d>e{MifOZ`Sa&~7qEh>`FZ+|+-{u$be9 zj%2ksJeWl>orR0MdSh%CPqF5E|H_^FlP6kgrZr!sn0*QR9pQu$;3tm2x;T(>45`8E`JK&_R5qvJR}i22OP0mV0>aqYPvzC2F>N-)JaK+ z7Ab&e_DTnxWHU8TsOg2sz`simLHrXT<+M9drg#RoqufIo+ny>)>XO(kZrc_jWCE0U z)t|J`MVqb>oyOa6P7z;OS4f^7{E0uK90gYDgA9-#w5f358p`&?i?8m9q&{{&nB{Hu#aQ_=%X}pPM zJOF)k=taky1tq_42=cOJN&0wTk%p!Yg!XJ52yh^Ftk*?`GPN<<0Oo*-n^I$MkpVt$ zeJxl>4(NQ!WY*{p>nRL7wC8(c7w~2!%XS9Hb(-0dNV2i4c8^8=2p`P3=X%%&Nopx` z?-}rmB42T%aDh4M&GW$HtK2R~9}8SEhP$+OuRCRw2oT_9kkppNcaAAtt2>pw zJsGCMHg=ihMzWOB_1<+PYbd!`EV3(xfXz8MxuA$6neaNu0x(SB%j%mS;BA5g*R76d ztZIr*N_#5ljd1U7igk0{wsk{1TXItKOX_GSk%ufF1Q2>D3GbD@v9St<^Qpxnt{F?u zT~Rss@Wg5`_Lrl~emt*8|tBKuXTp8NqaT|qFG5w$qX!@u9y_~Cl zorKDExSeq_Cp=4b;_K?%2=e1sGiGobTUImJTZ|3-H<$km$Lw&8nYfFlhSA*1G|@;cS`^TN66tBKTDm4ObqGow?)jm zrlE@SgxkT}{jwFySv%-u(Ldi5Rk{&~9|oz`pGg3p@4w(5&2ox=vekp)nc>(8-E-=b{i628yo7+lS`HsQyn-`G`VTs&4>UT zAXmq)hMG|#>D{Q#HNBNM1mg{tRfXZf2zFkRH6^LvXM&5PE;3gN#?-a=PJnlLzu@HT zZ@?(44H})a=ae3q1=J|3ZE(`ILdE+S7OA6+BFpL=eGp_pP9pKx_0Y50pX<#*ZViT` zE5Jr^ADhK;YG(_uY)zQm*8hBsF5b$;`OY?Z9Aww^yP+<3kM1zCl^d}otmrPOW%tIn z7&`n+u+Cu`}3hmyx+->(@0Ewtv!Tk1UU*eX?QQ{FtIYNt&gFu1Qugin95HynXVop;Q*x zK>eHhcsjZm^Q&I@DKOYB6;S%uip6)`!JijgSrZj`rC+JDVvlG>P`R*GF#jZ5dypmZ zgqk&8nJ)Xhn|^7}+K1zoZRpm)(3M=Ll`TAOa%CZZ(yRfHJSK#KCBBd;T zixAX#@5EV{?q9~Z)If^3V!hUNd>O_|3W6g{QI8hWKtrfrm+rFWa?;EK6M}L<%6ySLj5r z##kYJeQ-q2cAblWITO#^euQN z@(i{_)N$mlVO||d2*tlP5+U~L(@&bb6@K+AVyiSP-)J^ZzgZ7YXP$FS^VgeZgZLeL zNin#=io`o`22ov-J2D6$2y{Yk6(Y+kNXQye{O@@*7ZSfQXk3t#bHtBQqRLG?8;>dw z(u57{n=QfLWY6zLrFgCDKSS}(b9=)cVjmTTGdCyJ>}vMy*a548AQon8=ouM-I)mG_ znbJ|BBVdV3@Vhz;yY)nxbgpUZHD^2C6Gz2Z;Ly!XJuE(1^8IHv()~_Bj~nh4Ao|Lx zQr-V0mc19XF+PluwT&$@$zGIFZ>fc>bG&M1pkeb{s)9nS2)__mbxHi~9EsK69MTZJ z_-A{yjFBd%|5kh&T{e^6GGzqCH6#MfbS4m9{J=u7yPWv^QErk3#jjd!LmeWnyg&c{ zYj(KPRsH?KNHO{%G9$_T$5Lzi8RU`>|A}`=B_)~L);y;y@f=~Hg)Yepf!usl(ybzV zC7q8&KkA#Y)+fFnEM%sE1QfOA2krRa(uP7E+G^FGiVh+HlI2MojBu|u$pZiSODpaV z^I&0Wj)exTH)hau(?4f-OwRk>h;c1T)j4KsYV}ak$*A1nPqJPQ{8&u#b8GIMubu@5 zWiyLd4XG)|F0aL6Ti$N7!qcwLa$MRqL<7|sjD|(we&Lf}V2H8RrFZVcV5)M&U^~*k z^}IvBj--iL4{M)Je4vETKV1~wC#w+w zgTu^?;4}UyNe-iPyFetZrS!^|4@tkmhTa&?p=ZVkk0^~tL>Pv+OEy5T?ao5_KzKJB zV_MSvX%c;le54*9c9dpf97q=~4E(2Gsy(7^;e|*LNs=>Q*v!`g)bwL%FAQ9UYTw`Y zHe-h>z_mO^DhlorFTdxT;;@L>x@H0(qVU(jBas7s_$Qc*iZWH4W+5p>@sb0WYZ&uQ zm1E3S(9`xtS{GRT120&GRS~{U<71`IfLreEKjG2a0n{L&a_DE)spuAVWm1!7jo`MV zjl6X}a2vb14>x0jGt`E$b7%j1@9cQf+8Ek*R+;UG$Er&fHw2670Z3kX{&OI$F!Xcl z<&I4iWU&r>j}X}Ggb0`hQeT$9ZVuVF_eB0N24uNtTBH0l{gO`4Kuu;#TAV$2wt&A> zl#~z(GCKYN=YX;~3K~jQ8jahB1u{L=HWXsRR%LB&3H5$mMdHAtBfR-Aa)4CsdOH1r zt|F$-p_>NR#hH2qI)lj-BZNy|=!+6Br)HWLgV4=$%*|bW$1gDM7FK|YxFUlPtLKkY z3H!}(5>XAS){3jyBx!oZ_F)Liu8?xS_n@SN_YKL1pM(P)ug?{n$0yGEW5jj#`MX1< zTXtnEP?6nW>O!nM&KR@oLvF0*&gJW_@@Nq00y*r*@S<-;Nm8mI|1>RG?zQ<>Q61aJ_%0wz!if9uQMm|^=d#fAI1jq zDhzx%S48o>UDDvXyvi5QjxGjMfxv~l)z}}Ghz_bXxT0XeYY(Dvsk>FaXwg`#63OT=V(}7Isrgef{hzIo;*hv zF(IqAnS7_Bunh8u_`8R+Fl;~)MLk$wcS+hPpk{LV`~<* zUw&!)pl)Qz@zA;mcXOpIsS#gvD3*GbhMHJ;^I>vOW~wZk^P2A@)9<7&GI%k)C&QF8 z6+N)pDKT;K)q(XVfb>EPF2@(=Hif*+K&lU&HZ6K(TJ+|0f9k})JFxAIa}5~8s75JQ z-r%rX8gF$LsEfHU0`b%{D-jIy#xi32|Ja=pS#<@!S+qwRC~9_RJNi1k!FM{BDR_Xh z2?qsbGNUrGCXBy99qw|H);RhqXfzD>OYJU2`E|X+pC?YV@(roSc zHfR1unnk;X%ANoXzfkNUdWTY2f(w*-QxB&U1TdnesUbkR96ta&ly>e;f>2$$JoxPV z+n~Vnw3A4IQ~B3T@;;;*1HS5VUGf-I=Z2@&~EL8ko1^>Zm!lP#)}=m>7pGAD}&L_@bO2)H=`@vl9ZFj z41oHMpuQaylS>|S3f}nh41yDV4;eD2)4o6Kbl67X(l{-}IW{*bW;l9js=4P6>^0mZg{%X@)4k_lr={?#i3Nf~e zCyYBX+Y5xF4??gRxehzl;R+y@OQ#*>PS*@6bf(Z)R5=i(AVv?9Ofu9btos>FA1$oz z?VHNzhCsNQXPX-#-3-M3kZ^q#a9Lyg@%qW~AT+d#j50biZDC6O@mEYXWqmrwaOrCol~*S=Q((W&Y@-|e%?W^WeEcTE{PBx0c(|F>TJd?b=?h0K%0 zi^1mt@c}2tksx%d6Gkh)AjF*LC91-HGmv&Mr2xlY0)0cDzS7*|Z*GPA7BdtG#hUdB zQYRxqj+%I0`Td~9zE&#V=eJ#+72ka?0{4&p!OF4f?vrQ{MK_EXK!E1lXW5FX=zf`! zygKK34*Jp0WFY)3GiNjzWw72coHOdnJ1W&En{meFYMm>{bnfPk^15EoCkZH!ah)vB z&Vq>ov)w*54GSqQ+x>UBOa7ky3uKVFTe}D$_JVifCel{j{{n>x@JqF^p)87ZR(Fy9 zg;JwpE5kt1oQ!HzyzL0ET(1+LM;`L%JO?1>r@XElsTa5^3*lpb;s|A{nz;GhquZx+ zFne+-3^NJNARIG(&tJ3`nQKDpT$DpMdFB~CV_X#?{1|jpNXI*-uy`#V8jg z0kQl!=3q#Y=Y1ss=EB#;FYyFq@98pKJ1Ph$PfUvIXvZ$oT86f8`x6^80<0&SS(U*= zdjl*8ys!bIM}7C9S;lA z$JW3CyBone2C8_9RaqjWI0-M>HH2x#LsQ%kL<1Om_Lc+)QG_Jq!F+wY-xfbqp@x#x zTU$b@ACf%KJ+p4h%$*+fL%7-9frXwt*MZAllT@phUJ7~X2W_isI?oET$4wFL3m5aT zdKBc|ub(}RuL_lmic`zmv-)v3@ouy9T|h}%jR?!>^zj`(vu4vI&6~hQ$pnni~j zz(Z0dL$^aw)N78{wN)@hbA)}mR2AEg2!VBzCLS!Mpsf(>#Vy1)@c9wEzmx|CX235E z#L2rbrobMqUzEsw<_u8lV@K2ubDCxitHB}Spd|B1hh&puJ7ke!JZ+)cf*DCw zyo>j#0B=q>Hhk}U1IJYC zA8bf2s}_g>Ccy~of?9-xpsNOLkN z7<-tt$ETrcoTq-ks_MprIlt!A;Fca37>_IV8U=jQQ-zj9`3viqsp+Ab)v%vWgy0jn zujW|QKbQoV)@91TaF#9qrEcCLD|0(y*k7p&WY>ZhHKt>cVV^@#?yT-7{0jmPu`Y9- zL9PY+Ly6HSz!@s46aV)d@NqJshlqZ2karM-F=h!fQDMT zAuu9J_gNfFn{P>q!ndo?Dv>{P8tt5Ar2(%HsY0ua)_dT_LO93@*LFDiS1aqPQ#_~# zXNnlxv}F**!D7dq(6al%;*C4fYbFxy-@~?jveladeUjQkG7$0bvM-r)zJPn6RrshU zpC8UAlkNB3n{vmQy`YEZTFD3WlsYE2;o+M0TtF3WXV+|3<;ovi+sjy*25aTz;^WCFpK6uOL&NHxEj! zWxV4ti(n>5d?pfW3~}*Hm2vrI$x#)e3JsIT&atQ?y@rWd6(5E!MfsfhFRr5M3^Y8I z-PkjeE-rOaH70HFhK2d%)D=dx%J-<0zt-@YYPSlS#WVL>3A(cibW)(4I3$YRM8wOW zZE$0lZ_LjXC2OZar?pAPg_Qvo#BrD2gXT{SHF)*4&|@SO)-ekS&imoT40>BC%lqvo z$*MI>*dR&XAn7LFv?8{k28{FF=dX*^P19TD=E3bBg;nR429_39IniHmB44ru1C(H> zqOf83LvMk}d=7#V63>=Owh9tr7!o`%)sZwj9pHfKNZLW}r5wSePtT4X=QPLR@p>h_Dlw(>Qz7fkuj86tBLLTgT%B)& zOpNr?2m|FUGl>LiroiuJ<%yZo4PiAFtkGbk?)cxpq9FUT%Y?;9O6Q2QuRu_-CexUK zb18v9*QS4T7b+BDqE!V<>R|rGh##~|QB!O}gMMd4*6k$=MwaZ$*417S+-T0wFQMu{ zcxlo;yu~pdGp49^n3jO`FGm+*!(fvW)Jg@HBJ`4rJD~8M*-Q5HM8Owx98g6`Mi{dR zkQKhh#dJ(rUTt7D8Zr@ZSS=#Zm^iV7;n4(sYD`i`pj%}NRYfZv`bVXyz)0}g8I(3M zBz#jTHfD$_v0Sl42hE6KWGk9)8&<%;!e*rvlv$eagAZ8l1sM>%x9fovbuuqaBhkI#DC+r<`Ztk^6$!T(lnlx z7@I|Forq?u7bQ>K@4eu(XYm2#X7go)m1)4fJEyB?qgo*hBzp;m6cPrImKZZKj5pC! z{^8DZP0L|J3=qOJ<+AmcBLhmh>O|hBF@AfK zR$k#@Y(*FK+-QiSu&7FvF1%H@s9>irRpZ_at#hs|L<10Fvd%~6|2O%rdwA$YHJCBp zqlPtwjEmbw&HBsRA;!CJCRyo1qrK0yM|JjkXNvKGeyN9ffhdE&!pMaQSVgbu2j9y@JIMtfjmE4@d&mBwY7mC5 zrv&_p9Za%Xw4VLLLECgLvea8kBU_4<74qyoCEB3hPM~gJ;AasVb?D;aN7Z?8Piy^A&4opLf-CH?sA4gZX=SFvs*xMZ~YcC7}58E zj=fvk`uSqn0$L1S9dINQU>m0 z$S@q`;HyecB@;!9SZ1Y{(E0(teiU7S4q>Q1h)Gu75sJECP2_EQdV+4=aH$#m7hWV3 zRKA z=W0E&uIqY`nz=e$Xs8SHYXVS3=kcD+0>~$zb9*&L?@xS^ikc)683+vaw&9V$PTsq2 z62yd!<4WB0-{FP%E>GK6Ki=J;M$|V$mNfQvo`s+n@_Y3Y9gZgj@sB62?sNn11fyE| zozX{LZ~QBmt$*Wv0NeEyH(}9QASj+viFhez9wm5==^BJlaB?!N94CEK82I%N^tXOn zp~#aX_JMCTbi`{hLc&_y+miLK^xLdp;H$=tnvniDjBb?67GdQSX(|ykM~%IaVn~$t2D3Edmt_RqHpaDRc4X^^q&*C)gOmGn{mhc7j2fLbEQtQ(sK%@(F`|f zXR^x0;xr+jX1@jt1?NVP-X69{>HAqGW|vU_Q=r8p0rBnB%UH+;Y~AEWCf>j}t&9kP zFEiqb)@zV{8%Lujjt#OutX2(6YZKdGMz!RP{iYEfIuh@hccbe6+eCc9YR-4LKt=DY zV6UiiQAvU-963!WyPoI>gB4>)-Mq@}@q_FZZve=~U1>KgKB0$t1xoN%wApcch1l24g5Vj670Tn&pX##cJeL6U!F8~tHvUN4sy zp!EyK6i3l)sziA@0U&;0E;GasmUQ!fo& z>9HZr058YF^sJELU+X|Zm~O6!fFz9rY}U_kP5DYDO@MyC6m#zaxV-}HGehD{wU5~~ zRw&?M1ayOwUN*?G6G2k;-amsZcIv@axkoN;>`tT)Vr9M**rQOq*t9D~)tYcu8L1Wv z92jUSL3kYg)a#7&-@v><1FmN118~npytW&pB#P>78u7v;Owbw?2UKW#TiSin$zt~J z%!oBYmM&@S2a8X|l!XlqO~^dwcok?UQ~y;EPJ3FJ?6uXvNTXDmC=^wlOTTy5`&gz` zp_?5^gc_*VZWsUwOkpr9nbb?d0KFm6nA)Mg#D2(4Q-8cP+&6UgUrN`ZejT`$!DtB5 zrhtJ_|FJhc7!rFseG@RV<7|As3=EiPl} z&7`kzJJ{V_t8oZJ=mn^BFp&Sp+0q6K!%p5mY{Ucbb11UhF< zC}eTAZfo6Ehqy9%x#(d&e(_RIz=vA%tp>4O=9$J@_%ZjCDq~8#N0tT$(_t%Xc1u9o+ z<`ZZExePTPuFSL|c*{^$)>F2JJFDLiM@T}@4`-V<<$lffi#t*-u}}&d43Upp>j{8} zbrwp3uQm0(Dk}S&UxN=~>-;J)DVy~_IGq+M-0(4yLJOq~M7ORKNJ zn+4QIGI&;RTt9;aHZ6@XW;C@kgiX_tcsPTaLD{Vjvvb+#{Nt~g5X!v9stE`cgBJ)9 z4-Zrt^0xuVBbAUDlEP&{$DyN-WG|*#<;h@Ajai6#G*1p26zRN(x%oAOefgTUbp$eE z+7JS4N0E^tZU;Oxc>F}!+aPtl8>_+oENf~w31!^AWs2{_dtHD)RfTf>{Sob!lQ`OT z2xfFPz168T|6R0HeAW?^+V!MJ(f4XG>$|`|OpUuLv7zA6>!*ibsS9_F_)Z?n=_=e@ zG&76?gvZKZO7(IK00Fu|rRrwL(gUKios*d0-mCHgY+ybtY<=TH_8(Go6_WC!{NmTd zvw`-{H07GWa5ITLiI9jZovr6NQ7&DT&%W_cUS8(Uwc%HRF!0^0M-j^Ndk^D?b z%HTe1qG3k72Zj5=q##x-gr5Ye)I>`w=s*?K#jDO%@x~SX5N9xQ9ou6ov#`B<$NmzCL*}uy>fJ!&eZ1G^wJ5wZsAid zE4foH^bZ)up)@Q4%$vo+Ml3@4)&n@As1#gJ_pcZzi=YsIzphn3Sv7H3eFVLF=NBSQyPT;g@Zl>FRvWM}*yQYb?}r0>!vWyWLqHPV+q962=3d z#kK?$%DIH24H|ghyu90Zs?jG+2-as8J~brR#b}u$sR+b`dgQ!AFFBjade9mP6(rOT%_fZ-Sqw{>7V(n(-9jyrBfm_nv94pUqLBu7=;c0b%(6R6X z76`|c8=x+i5V}3dxAKf*P-Fgj zw8;NsUQHY3AmTbp8#m{8s{}+8i%QhYw;NDQ0 zU)(h!c8Ufp_EX6xU9kJSM{U1~Az+%gV}3X>;JK7~wj!rS~s35{J$4 zQ_eh6ZK}eZqgL^4*O;+!^2MAvJvf1HTVcFw?mph=I7OwA4Uwxjb;nq}c+yzBz2z~k ztYf*~O5Qx276Mb!ABeGw?TM+N52lRnpqBqwl$oJDC~T|)9~8mU{`zf=KzDYC6=pe8 z7N9erZ*mLl6`VZUR-0^-{R|293dEzXOHbqRDG}1!>S;9Sd>|f5XHm@g9y`b+J1HKt z3v3<}Jr@@>ZFi8BMgSQi`Q~jj4w&a6n%(rvR5gcDit)=Q#ufvCz%no!Ws^-!gGM=V zCx0M-zs)eT*9a_OD&K~*PkIxgwD;@>ob93iLeP8SVC1sw^LDBtyy?)|8gUE8p|`5D@cYF5$NO*7VW3bm;p1@a4jm}?;vOBGV#5?ainHqi5lj;2v~xJI&FCZ>DE8DJls*y z8Df!&c06P(ad6k*x5Ie-K5WSL;o4D$&DP zA16W`#loe0XmMZ5dwB)MP#?>%PSe)e4(%!H!h=RfTmI!nd_aUgL+Iu={+ z#Yh6}FZz>EIrcH~3X^BaqRJG(mv^UPeyk_%fNoOkin3TH=H}t>{>ihjcwu9{kY8=! zQg^SLbz~ufOLmOFp^nJ*q_J ziZI1<)fK>MW_mFPmzNqN&WOlZNn8!)!9nqJV~}CxeLJ<4m6_|_x{ZZ4T%M(}N4tzd z==9vP7z1W{OS%%x92UJQD9HG$+L`kW6SD3)V}})e-8kABF=eEichh9Z?sZ>r!DOv= z1YJBRM3E|S13`x={Nj+2sFr}j>$4-BuF})i&w!=d*1eEyAF##qx7$+Oq5|R6-j3$* zZR?qLTX+|Fw}x|3%)=&*q!(m}*YljZR{Ddl(*{g@3msX}-Sv6f$!zm(<$&8PDs$D!J*OP4hr4#SIPf(exI*%)c1dT=ko~ZJ-YZX%@cpMQ7yND?FCvngwgxzG zuJ>%pStMHS7gDI4_K9b#h1}y_D^SpJ`QFv>z6S{PD>Ia%KWMm%b*ZXA`^n7 zJJx$oe+ntg*ZQwvw1xtnoIq=@2c-X>fU8(@z>3E0E)v6jP4Z4qp1&6nSSmi0my%rp zE|3Ce$eU47sK`0mrMq?>m6Y0?X8GwD)VOAi^=eC`Ce#;n5Hk8FVBVdnW{$^Xxl>Am zz!n8CBVhkHon`!&$i-M(UbPC}#fyWonNXNG!Y{@Ao*f21+QDilCo6FX{)3W9fo1#m zqN=!*tW-%)=dypKt-yt_CYiX7sf+GguhAoY)A{6H0h_w{+sqVrasGQ7NOZPnSU_d2 z>m5#ghK$4^C>sXqFgsB-Tfu3F5QjEq7D_w+u^ns$2821l)LvX!xhfYjt+6%goD6?N~(u?uZ z>)RY6)u{vVCY3LQ*2I!gFwQ{D?-F(;*940ouAFZ++T6Kpg;?+;P23Iuc|wK1=JI6f z-wE8666if_@|!n@L>ttpHSuk2EVfW*{w>F}igQbK&J`UbE0Ga%7Q6pt4uU9(IUZW;{MJIH*0B6Wwb& z{@QaM8jC!vd@)q!td~TyaTij#3Shpt=-;rOKrXZoF+w@lXKFYo%rQibjZ`Hh#a);} z@z19+zQmKE^j~8KXiFvjfS)OVzmAIY0=NG zrr?~{nY7dRKP}|(9Nbm1;lsvkp8EuJq-k#*mgYx$vqb&j)78#H@S zsy&SQ_X}z4C}}T2Y|e%wvz7$St*sDM9KHeh`n5~vXHLL{nOxy`_PRVrLdsA@A<>Mg zFx}^Rq#C*;?vLg1-GMLYu*vQ=DMbU8>N+HWJKT%q(8Cq487Z1!gOm{LK&GD0%nNQ? zZOB?c^lZZz*^>C2aXHC1=+mxbiy^?$2z#*IkeAN7%NuWwn~`Ac)`Uvy`N4{j2awqB z+SLuJK}q<7^tm^r4Fz2;*LfpX>sLLO>0bMy z>$U01I2GZdjAQ|Hc{29)cDpjSOF#d(6pu44nyc4pB27|Q>H2*Q2>_hJ*inZ$^`#3f zCb&A?y!?tg1fA(ACplL-l)SDxCQED5?IqimH;Y;-6})&q}{)6iyu7yeOzEQ37TG@H@1lDsPOlR1c?~NE z9d6VMJI{+R6BCtX z@U03KJ!{T)4j@3Suif6$y&~G-at$%`+TM1L=)y~UfbU7A)om1!5~yqGS&e;q2c)4% zvn_zQBB!GmX z<~>Z!9#_ll|FvVO=`Za7IrZw08Mwnrjmh5r$PAt$H@F|#Ha6rwnDv3LrUt;oEc zf#GWaG@RJ>1l({6gtVr#S0zTkA-!PUYD`p1RCD>ljF9_tIFc)2b+Q$LH7m zXHwjl%&)_U%o#~b&A2VFYA&j(KE}`l>~GXEsQ($olFOkVV>;w`(T!)bh{rw6;ad9y z-gj=0`?P46yKV6Bypnkxz!$_5YHo=EzE-&`GnS3HqB=o3$uE$l$e8>U*`%2_5nomZ zl)_Sh^5h{8X>vevVE+Qo2j({1jM<8*EPbR2X7%+R9Y?>Qtz_~eX863eT%M|j1`M}s z96%THB!S5_6sFW)V~K&Lj@hZNxR28KQNlnfe5Sd+MB1WwQDPeJEtx zX9N{FxU0>(-eKWBnuGB|m!799AT4FW(~Y~9efjD4XFhw$YRj>Y*QHuT4IRpkKB51W zzojePm6A4I@UJ=e(TmpdgV!ech7GU5uR8p*SvpjFseOCWfzLli?p@MWppeNd&YV%W zb!R?f*b}ZF_nQ1%V8KUkN=kR=1=24?Lb^sxQvK7U?r)&Ntl@1zMsglPD^4@<7C7}J z056h`k>yD(GRI}MFqK35v%#|g%o5Lq_HqG+0Sm_+IanJa?iINt+ZUrd@co*^|F{=f z#@>fe(9`65Sw?^70A&E}!J&W-1HX8dDv*Ro0aj3&oL>7TBsOD`3a)KH4CATv?5^Bv z42@B{huFZKTbRpI5g3_)!+YnEIkcA*`i4!T}fOaMnx6czrr zb0duQZO%HZH@sc`-@|qMCCS}$D#JYs?qx4Q$a%KwzZ^xCGFovdnr`=Kmx$R%(u%Tw z&LHf0O^E=+Mv>{KK3<=EeMNCG00TH;CVL5}f}hXkYJb~0M~_3f?42>gRyZhzvpS|5 zHfpdh7vmFb09t+A_*p4Zr~7rrC%i45EW(GfdLqHHXrgg-ANB^~oOc9qxoaC8%dH9$ zIH;`EvZ}7U;Cd+&pZi`ISvMCfmg_l>sL6)Zq3a%AYysbT!?p@Z z2a2NGN1>u+kx}l}AZ#QR2Z7VE(P&V)V1aau0q3z||A6!QvGoHUEX(uVv48K{r;+@q zIkoCxwfXZ0x7~xJ_kI2m;!wpvZ$Ad|2hFFPhjuA7Hr}w>L09F4Klrshtl0Bj(y2}Y zpMhd;2I6mIrS#6ixw1;*E&5-UT@@YxEvLhqp|B1c!xM#DW;Z}LM#cocwz4ld#?1(B zO~XZ&*B|f?;qg|uXEy!;f%{Fs&>@ghqV3?T#s-T2>6ChcsG7Ukusbaf{RQmhwfLMd@{y7w5Bg15ve-Q<9D^22Q)hB)oYBvFW_J~y5-mS8x)Yk(rxjW8xVlm zc5=054==d=g9vu>@54)V-q(phtHNDF2DSsN?pxsBQ*O=8B{RHY=<)Ky15bA$c@Nzi z%u+=ma>|!-pV1utY7JWJ`-Ab^6$zp|KrDkmOWL18R6@Spj&m{^&+N7K9hye);kzh8 z|5{6v{0&!soi#Bih6wOA;)|iF(+;q@53{Ad_|0>46UH=`XT_^VUtBEWiYmB0`RrWq z`)H{_zCC?Ce_R@aMLp8TsfWOzX^-;CaYRRPRM*1nGPh1jpX@g6Ys#^`JCtmact!Hz zHAU72tm60TsDz7O-I*lQY?I(uPS6g1Jp~e-T`=T!0NqQX@Mj;nC#5v%M(mvMN}A`# zn~PPX|JWyRh-BUL=6QSRDPjw4( zMg>2;C1FW-Rv5o*0ChLWBLMrEcmp~w2M_vJ>Pimlwjx4W(q?#eUfw-#sy9gZ1naiA z&G9T6Srt<}XihCbPy1~;AMQw`K9YXbuc8I_*#wqIN$Nl|N*%s0y-c+9@kLvHb<9e3 zgRfurkJe+jn$M?8Kn~w&FV>3Rue}n&GhfzDv3H{t-etoK_BoC_M)hk*f#xhN4Fh7R zL-^+JXIR-6uv+g#0-DnjUA0QV*wPDWkz+x#Jy6Mt3}*MRB~C5Z#U$djvkZ0_X<=xL zuRHouB@~Slp}e2<>uGlJi?JHrCEuGq_2yMn(QM1}3(N$7km!|3?^{{Hno1C;S(N@V zyXnlzi7l;#g5LMxW$N8ay-~9@jO}8l84e6K|4>0kPG2+u$m51=CORN-AM!gBA6tdg z5aD_kB_;=IuWDWKC_RDU5)U3DrPq2L;Q(NJp+v{;-q^c0qDJt}GC_h=N`JU6%1Z zJ`^oS*m$6Jqsagbj!MOIuzTa=d1Lj!V!&WP&VfSW9eCRG-1s z?tWWIEEr&+->G`dPL;vU%3*)lMSG1)^22?p6(p0**_%72&`B^d~t<2*b>--0cn3om+x+>?f%nOD;S!tL9TPYzbpwi{O4udh3=B;P zp5R5LyS|c(0Av-%gmS1ct?2ivyXTi|w8XdU^sJY&ry@Q;wy0hJ#3lrVl9o=Ul`>v% zR-~p`ys9F+LRnu-aVfd&f-(BNXknVVQb7=9rWPV-W0JN5jgUtBQ4(5o*!8K$B`3$I zM|YN<=>IY0Gh7*7lVs@+A)R0+BH=HnZ2iieMkWN7Tbr*u7?V~^;GQn;ZxqNgql6Im z(b29mnPirbFji3WuWnY)IWDd6S5P!0A%h=V_Ky?|&y>&9i7o`QSPW8x?3*zSs$o+m zb|xyVhrEvhqi@L728&#)(u4d)tWN%-g{QH3cW;Ee6_dFIrJnB=*fGzA+}9Oq{*fay zYXP(bD-$orv>X`Ye^e=rX~C`G*Jf+ba?J{pZ2-?&HzH$}O4lvA z^=h?hM2p4ow7KAeCMi&(|LPjFOvB>Ahn1T@AQy`aHPPw^l2vU4mVf&dqGl^}zft~P zGEfMV07hP(S5KTJFWPo0xrbac@9S^i;P$VC*i*}11i1{K{UlR+R?2b z%>uZ$XmxeS=Jx=3msNG}(yR|px#&1`l&T9tLuEnT*!y>y<7By|4z=2D$J5X}p2E~*8PQgJ z=GuTS%>U)Ts0VX9jBt^v!MkPa4!kWLFm(syi z$T~uF3&q-p4Op*Cb7@$gxUwkwC{Bkqxucmn_wyx?ku1Bn)v1ISX`dN%19yHUBffs( z?>Gks;X?G%f{@QvKcCMChhYifX`gYi`Gdh^gPzQS<1W%cY z_bu+QMG`0I%AB)LKjfFGq;MYw4{(VsC1Di<8fxl1s6vS>@?1tOrIve%*MAZ8J z;}jXzGkwa?#O4ZIFT<&5m6mfJ9m=VGMyDDvJOr4=S{veA=Q8L$5;9WidP_0ehOT9d zd@u;@Xhy1B7Uu>z?9;T1MR2i(xtqbpJ}yn|1Ou){Nb|)am!E8)m3EN|9IH$hbAN1$ zE^VC-l$Bzae4kXoxERxgIB}N*GDRZ(K%}TkgN;URdAh%{S;|;Dr)i~^i;|%kYKY`T@;c~B zr?qlM)p?0$>G>JFCikFDzx(J?G0@pSeQ>uO_14ee=JsRRgfL^Ter8qNoXzcT)kH2U z`L}ZvE0#{SIWGIZ{Bibfk3fC9iAomSO=HXjz4Jb@E2MP0?2SUQ+kg_5g)Bh3_5)#3 zS6VfJ^(*>xW|RP^mM>O2BA{(;p-fICs?#W+fk*y|&)@iUFzTKqm}Zr#@Pwk+KYfN! zqWrTSX`Lotdvze*rMQzIK*I8-ZNTeUGx^gqoO7~1DR>d(hSt1r=cCdz6_m~NNpGhP z9LM8pKsOEJ_m?}DlPwqC(0{!-;uq|qYe{cW1u5g_P^~s{F==Y`@8^S}IpxI9wBZ=% zHz#%OL$7EollP*%06lPyMgmp!VX!Zcm)zy8704(`kfF(>Rt!gtQ?JwQj6E4&yqXpB zju0SUBsVH}aX%s+2p9VGz{n6Q`>-cR1!X|$!vZ0vzr%{(WJOt)t({OaAP|@niqY{u zWQl3;TKw0Mz3w&Guj=}035^Gs-t*o;lc={kr}FHLZXha@8C8y#V`>JXQ;oTb2x>a2 zBoQrq#^($?5t?;z#?DCkXKzo_bF<@nayI>W)Kyf04LqUlD5T{pXoeif+f%qIE6}(n zCylq7GQ5uMoA#8EFQKtsu;_VoQtY6B3by)@a{_2y zy|ETw>i%of3gb;6@K^y%e<4mtpnO*JHnvEYUtn!pn6~C0Tlcm zlnY06HT0c%*4SDQ*kuo?xX(<1y??6XfX*8V(g>BUkuoO+D5*kgw8ZsFv}&mAga(25 z$qUL0WRXQwU`t&5&F{4m-JWg-iToD%lGoHw3!UO^5d)hX&|jpaWf#abQUis2wzRae zsp2051_J2t4bj2aSb)6zt7M(K4=Qo8xkHHr?>##d+3t}4b>~c?I;(|1ki2`!)L&rx zUB}{Nr8J9Rg*6aL$^SvBC|sU$P>L-T>&Hy|pcUy|4{eVHtMBQNo1W3BN2}XR6?Ote z*ZzzR-u^7ES3?!=r1cr!Fa}Z&HiF}PpLHcySigwL1>3f4)L3jC))y&y%OL%cVCUQ|8{+Pz7^Z&>%FG}1E1JbfS_k&Ga13D z4!>5ueuH9XL?p<#LD(RRj=eHZrMTNj1$q)T0 zASApBrb9ohl31jOQhgeJ_sqtQcI)GQM}$ zGr#@mUhC4=TnGvk5g@bsEO0I8jL3!C>)^H*)&U+o&Z8r&GjmpsVL>o!+kO>~{m`Ab za(J}@NB1Y;UwvgyYw|8YJu!g5hg0lYNZxKO>fb| z6{Z5Wh1;rS$v@1n(Fe|R+G{v?L9JNA5GmO77beZmf=?1~7isT}UN6kd48yokC2)dT zSB@I$YK41Ql&i7tFM_*{<0S07C|L+iOOLwj0t8)))wBS*)O^5tej+K=|BYR5IKMFr zP1IpcZ(b8C+=k@u5R~WZVhL!qhyd|J(;KFShT`IOV5e$vh`EmuJw|~4YR9|7^(M;{ zHsJf+j;qw}EziK4SL?_@t~<#UOaRQXqwG3euKPx@njR0&H4Jc$Swq>RH zlZhgW7=tX5^~(&G;qyJKFnjo@yh3&{i)FYM4}emCEdv@wl)ri9${ht$;-XaUxTfop zR!G#XoQqt(>4u38q`iblv<)w$7H!dpK~14h0LYH2dit0LVY0GLs&nwFBR+O;kib(PzwAAl)r8{Ne!H1Kb7y3 zqJni=M#a4aO{S0+2T|ge#CggeWXl+QyA4+Rt7c1vGL9Vp2?JT>Qg6~4l!R47_TwH{ zS)W!gH#=>m+lfanrt+V+$+dD7xcre0nvZOK%SQCI?6*0=CH6?T8Dbm(=(@TiFRUop zVx{MZ1>z<$hqU2Q@LG4R9PS49dH?!Dt|{8!=`Ljwq(Q;ZOJ5mpe-a+}G%p8FtHvo3 zfkZHO6nuMDhNI;18nuEDP%$rx0`e==jHqrOprpwdSbingl|J?sn^Ck7`i|Yd5UCB| zbBXP#|TekB^)+Uu5vFgW^KVffR+Ia&9{Y4FQdfjWkPK|by|`-x zA=A%St$@s;glH`{wyB0S{3m?P==81ax?wc%LULgmB~~5uzE#Ny(try`u&oBt$^zf+ zPsd)7%h&Kkx)Bj|Gf>ht%TwQ8b#ay(RcJF3w%k;tC7{Txn$~7T^nT~YM(Jym;FYP- zMwxNg1Rmw~Na$q~F&=6FGcV=?DBB2PmQJB)=`P z2G=Z%;|e^v7mzhuDgj%r_26=h!$UcvZx>hUXJL5Ufk;_>iTUNhAh^%i`d(|^7*N%d zkQcJfR;&v$eXTix4*V?OB2l%fo!ItaMtl(o`ee)D0WCJ&O`JYXn=opzN$RV&pO^Z@ z#^Mlt(y_F9-mfFX!ePBw(}tJ$6lUvLbZ>uafn7>_4mJr-q%q`7kqN^xpeKyj!fBU}CRbEhM zij@)(2&tg&AB9b75PsGU*d0Tu5kR=vY%p`me0=LLx3keH-TENYvp4=*i-m(+9VNDt z(M-Qm*-{hJAIcn2!26J-S7F9BhPjD2rjU8zz}|-{X{zM_owN6i?F|97pwCpufE#-# z>iD2`xV~l%&2}^~_192IIgPMo4n3yEpGQ-v?g<(~=b7}8n683m*r!|&xmc?-JKH+q zXDL{`!0OCLM6QYTYV~`3W}K1N-1T6w7wnq6t;*e>duiq;RVdj632G8A+?uLc#wppoVIWmUVw8&9-%8q^S$-b<+DWu2fLY6|k$VDLicoPYBD zJ1S+Lb3Hp;w!OBWu7B*d++FKhZnp0fCtsOTT|{Y)UFqH+cH#*}Eo>VW*C~N99AYx6 z!B`3L2|2K1uk;%Ejz*03&87RFLM#?>lRI@oBWN$zoF89Ww8|-#+eNagBNkVgnb$uF z+XuxmYy+=S_AX9bjsXRD%HxDhTjGuT z&q>IV`UBg$X+h|xLoOtam2chjQTpVKT151JrzL4gi4EycD(B{qV;?KyNM^k$|8mOE_3{g}=l52P(0L9|!XbeFldTecPSy~u|x@$SOoi8|WzadbSJ zyOrLQ#S++CA`f6|rFAP^e2`Q%4z`W(#XPAQGlTlpJU(>EgBJKfT&;b65Hy_G=fQ9X z3BIN|O56_9x6p<)aMU(n`YR^`+IEZ-qzDh{2TBW5-N8jEO`d7B>m4JQSlr6s0Dq^) z{7K&qT0W=0dj*rxOnL&%ev2;}0TjlwG)EC=d}n939iZn=KPP@(zS)WI2$%>i%O%nW zL7vrpqWAI1xejS< zI~(Cg6}KvXEc(~L+#M?V);%f*cY9hew5$nNPMu^fO5I9sQWqJpqEpSpO0*y_BPPWi z!=k!sbSOYf9VujxgE3JF*;?*V@kqacRv3F(f91?V)Ko~Y!8&|#!IQwleOP5>EA%8J z%X+TMmRXhCiZfap`B7kXR_4gD(6}hNA8}@o3c~`qprv2PGG5)_{MD~|3)^^x?m{v=kS}7OSF6;$dWCB z!Ktoe&h?`GrBsozucFYV9e|ZgM=nT9!V$L6a+$$V^Qd5Djz%3JWY2qPfOYGU#QTWu z(4FiuE^L**(pg(h`Q6-PXxwvUcJ90(BVPT)2AW>)__U{0_<(ZV7^(Y+#;%KC!m7JM z4?r^y@Ux@j=JIAKx-C6*lTetH8uzx$Bc#qB12d2N<_Ad7jhg^WmD^n9&tp;O#zD^) zkIVyHl6wOxJn->+Legf;8Jxr97;JmGBt3#p3m=dZknb`s9F+L+U_)pw2`DU5|GEw@ zlWZm9(#|JW`bv6r)0RI_!Gz?) z6bjxWnY}pcBuX|SbQk5Ijqx3uiqqJFk4_hn6W-?l#+NSLb-|%fm~h24P_8ndL6DYf z2%>g7Q~k^S=)%_bapn=evHcECHRNgv-^2MlRK>{K}D zuHk^kooE+CzkMorK(9Xz`~<)(h7sSMF7UFmx1pd9UJCJm>^6xbrmQfU4fFy9zdZO& ziZLu`#DPY1CY%l!R#%uV2}c-4(0RV#0ljz%NFJ}b9i?*QS<`K{y07CQIL>03F>@ET z<<7;spZ#ytFpJ=~5XLr{##?UBV&a_g&qMRU6uD?MPA*dAvyu_;WTz}V!(nQl8d66=S$zLSScm-DZi-xw?f zlyn0*aR8B%qQk|N3wq;EBX??R$zir3n!*BM&mI)k@v6g9FS0wHP?eEa6V)OFbXh52 z?R!%qI0zf?iE`jIZhg)FZrE*%#FQWUoDb`QAG^qXxh@;#x8R;JPS-Rp{!&`Dn)f>p z!&0M<>;9`+Z2y-9bIJAZkG{VMMv$lG90=A)qWr`(w;WkBF8&$Omrb^QivWYI$Q2_PoZ>bauyAlm_?;%cp zXSrY?@FK+>bN4N0zIQuc_@@{0eFWSs*;!u2)Hx)LP3Guzq}sazS)5tX11-- z726R4`_}N%N4Fo<8qt3%b~7+p`B1A`ukZUCaegYlEAKyeGC9Y-`SuM&qMzaw((iG5 zb&`D<6!QKx6caHLWMIA8kRT+KcYm+hiRDJ>LwJ%Jcddx?&dami;H3)lm$rM z;g)mQIxsNNs>L`++>2ahP>)<6;XppUYb1?m=hmwM3Ns_SK&oh0lc77-a5$q1wA1GJ<4+uL4`PnL45ibhp}Y3ruE5Xby?9E! zP>jGv+=x(-Q^jeTmdE@nb zNNtvokb77s0lG39iWzFG6&4f+4sxgR@@|=#G(Vy}%L_-eWMA)D#ki7UsV1cl3Uq0} zsuT>Rz`ds9sX-0&u1K5)A=Q^VC44?Gy%x{G?fpj@OM}cVt2#I3#$t2-koCo0*iI&J z7}RFK*+zN^x`#)xAPl87M%3d`eqI>d*y1sO;Ip&Y>3N}8<6nS4#!X~!<8-)zGf-7Q|~Z9b{|7a_tU z5qFb2Sfc2nqX_zmU@yKB5e|>-)d@&m33}S2NGOF%X-r|`q!UaOIuwppugNmR#hT)ocTv1=g>)y9 zdEo_L^&4yj`%-Qep7G=*LfWn-%UrLDa`bQ_f0VM(7$IG`ZyhKW>LhO$>G7^N( zo$mv(pYBCteUrN(1aOX~H%rXb@{iwWd+l7Z)xe}#k1)sY!8c{-_%}NyYR)Cj#_Qgj znhqB%*C>Zlc>~?NQ~`xm4qHTfGpBN{cCO_Ti&NeOWVG(x20Z0Zc5XU0aw-L_fMiO z4fg!u8F*(cIZ9#ZDO#$2Oy_$)U&v$5{!ptov&u%P;-akMZz>Xq18{$+1S*IF_i5W# z?Rw8$lXseL$dQeFAQs=4neAh%Ny;yl-+iY7n2Cac)$Hl)@fJ9$b?!Ws^;8Aqkb+qREA4Fv`boVCZX7 zQLfeH3g~vR)>ddQk?TV@a>B1axpkGz~Jv*2dE$- zWCCPjoGQWn ze-l+(Kjz8QulxrlvTii)QZ|;itS{_^u=;%_-5P1Q@;fI)Y_#$~Mb|K8(8BUQ=ja8= z>Mqm(iktr;ogkM5(#tO_>J;Ak4|MAo^{%KB`5(uk&-DMhbo_frV6(OiXciaon)ja0 zEE^KjvmT%}$n(E@2YFv=9P3cey9A)tGK{1h_GEn)lch%%AP|#(6lh>}CDD{r_QevB zYrM&)aj@@|>LYH&pe=k|-J#UBMg8l_29e~(8L+Sm0iB>k|dn5Tpg0LZ%shKEg3@7i1{+n+=NVp zj(edW)+XKvbbJ%G+-AhuW}-H>*EpIRzrKS8%k_Ta6wnX9%gyDWWm)!ZH>xmR>9gy? zi2h(8Z|-Jc3;i>o@IgP@+$V^T##Rg@or=F5WVhX|T_!*)W@|dX1uIgUj7PEl9c@ON zMuZe%X<@3LkKY1G1-1=QzqmXC%6r4;95*3G4Dzz!sVrF2I|_g$H)j2rpP~^-p~e*_}_X8&UHKW9KpNQ zhrIjDdb^+E{jGZ@jzytX!a3k*HnbdF{TFId zqMS@U6M_t(*a5VGL4IwLC8erTvD!FW=NThmxM6`P{|DOWU(6TEpZK`Z!DqaU0HRmGUdAN>ZY*3m` zV%5CdBz~yyu8tu!`rSlFXyrFY_p{o?#m}7dZ0R09-@%%X3rIVmaRm%Kdpb+iv%W8x zyUkr`Ho!GHTS2ni^`KIk?Gr?_S$EaNqA)$!N9G^gfr|Hj_g4s;N*WV1qty}hlhY~r zN~ypa?55faTspk%*V2fSeiFA z4SnbhE1E%*g#OqAkK~~`vIxcY`bYOkHPtm5S2yuExcU6zSYDs?JpHHcY#7JWp?K-e zXt;L-ExCF#i>BjZxTS}bmjY28)L}Zq1_od8CX;U`z7!}fJpRTM98xb)bKk6eO-2_) zet&n<`SlQev!5nwVUEt_E#`d$IQObkLETSv5uvM_v~V}NSyxeEIzp=W>j{gJ`$5g2 zMIu=?iANBkmm26Mqjvbr^uXm%0 z=T21N6QPv5iS$(Hw=bDA))9|KL!_drr)dEI4g!_0)JYu+5{}>^SCo~4BGaUJIODeG z3Ia%-0&e3_x2ZS#M_Aw)IG(aBfp+-t7dq086Rm^}m9y}GM0;)Ede$%WuBhMkIx|uv z>OPIkT3xYqAO#J?TY_HOku-DBVuQ6KTUT|d?m{x8!Zs56NRIK zrD_s;h~3SbkIA`qD ziE@{WYwtjanxC|z88k(j$rOx$)uQkWTPXlscFap1`xHb{@ras5(vfzs4-pObV>0x2 z^ZBc{;H9l(^-NS-PWjNU{u3wt6*{4`^mGg*Zhf1%MNTpxb1#1h2!i^r*f&d={HiJ3 z3me13e_%R#QAVdd)>Uc#!MNerf`&oJ6&P-DmmSG{e@Govf@zt?X-1$(E>Na}6|0={ zRj`fbpaEC{)i^V{SeI7wg!(G(s=&yw(PCx$(}ihIdeJTu6(1ip{$)eJw9pPwX7I7) zIDz@2+ymb-)|H*Sp3tiqZqGcZ+kWv+!IwY_&IU@>c*Lbx{a8v={lnZXxKn|iJy1#1 zn-_F<0{tX23=-Mf$VXkT+m!k=VgZKh^an4O(Y+T~>%4o?E}mEArsWY|A9{p_Nbo#- zRnnfbRWA0T7i0(FqJqyGkF%O<`6=sq8N;_rMtUL_qkYl#0F0Ioz1>r*3y2H=?591T zP12fbB$gw4&|vHV0R${z@m-$~lLXOlP<5|>FhJV-v#Ghpl|Q*K7?gbgaqM&qAC=o~ zWK|cGg2Ezyc%4dLmJyA!l?aEoe9kDM^F3L-8f5co)LV?l%srbu3m^h`1T*7{GC#)+ znz#R9eb|14k`ZTZPM2Kx5B3(`3J???mxsfZS`EuZq%8uQx;v5>Zs_N`ndmF;zh__} z?hqA9KF-yIRDq1ykSi+r@OSqbBvQNUS+3iboSCh7CS=+Kdi(%&VWplla4x}F6nK0FvWFFR63rg~{61Z+z zn4yT!3zTA48#c%yT-m_+mmlzEuFXS^auG&|!xbyHf0|hl%#{s7Hg#GP_TqY9_wdav zqHX%u9d7&;wn5a(7QjUm29%9=x&cq%itt`L!c!dH(9hu{ylF4 z%1@{GmO}W+g=N$puz12d`>48q(92J3)NJXfUkbK!0ul<8$gZSSAmOSs@Iu$ybeaxT zt7wcO*H%P%#$Mv2XoxRKnDf}OtraO~Q^|x|%uze>))%>3xC*Jw;ohT8U{zsD$iY$y zg-(lC#9y}{m8P-k#N!M!=U;ey4;&cKY23VTKT;z2lw)PES7fm3ogIa|Vxl|%TJ1?^KMmuPHnVRl>z z5LVnvT*!Kn0kfVLydGw2CHVoBf;`9 zcNvN=S7sXo$6Ynrd@9b45)FjQbtbcYpREA48*iWoGok)?lwcpTX(9t%syFO|^*(h6 zcJdSJR3=!csU9b`VrAwe z<`tG;Rlb&_eRkn~uSJPu zSu*j7oB+rr{iQ{ojH_WE+3PQ_g;OVrhP?Jec`g+4NF#ZNiX-O6S(4Zno1KG7_R=F)G)g&hrGoXhsc0dW!x$;pI*7V}2XrW%&M^Y*mN_KE5+WJ@*X@Qp=Q96LE8{l`|F8-V;CyA-B7al5Q zl|%s`(cva8YPEH7pReG0m7h!2fGXm`3I+<<`}q$|g@E(A+b3#C&ue$u0aP$Do*-Xx z_Rh_?x(jMUHxIgDNdSg+2%$eF&q6iYj=8>)IF*FeO3~D!yrJn5Xq}swXfkeJTnE`< zIOeRGscI}W|3eRwRZ33Y7r=AYN)+Vf>IH6Zt`~G>R=v^Ot`;<55jSau0b;XW6sa0I z1jTzTby?hYnG#wTToTAX^56jJb%+@ejP{;Zv=gCYW7`stW>McQbQcB6C zTwZgk2`Zkg>1B&hOqg0g(V+2d(V^tM+JL&>p)-^kF0DY6`7asilKz=cmX>6nN~I?Y zT(;dMVcL+z-Fbo+8ff18nW=eHV&Ojl1y1PD8%Hf;lH3u#p9l{8MGOnyB|sERuoe3R zCz;6;!e1SxHS6L%;OR4EF;K2hs^O*AOZ-LgSWJG|XDYg3>B_Xn1 zt}msPPPQBlU?HguS_9#dIll!n6f=f9QAgS>+EjlT-+0sSPA@4Qb1E!C=vn67_ zEhWz~YmfW@!uWg<=2DKLZ5}sFo5&rVC=c&8bq2o9fiEef30>e_gD^fdlQl4?yQw#R z3R`iZ!>*4j9`;s@0-pq~R)*BxKHc;y32ByzsGCIR*qG#QOnGp|(hXqK)8@!eynm3*?YKG5D;( zI+=)tDTtGg)&aHGOnu!x?k8rM$2855VoKCEjXs0(nRGI!Qv>x&eUTV0`(&V#YO zdOrl}pWcaUX1ZtoBb_M@G%wGSU5_a5n8 z!_9oZpuwKDzfEYZm)ReH@_c?am4)1}xAUP4E}tEr2u9u~r-I$OIluE7NF;`3d1^Iz zQlRZ#n2-nB$ULyjen_#`0}r{(ACwTsI4Yd_?am}; zBRFhzBLgiNSR#-*jssrm8Rby1k#$1HWhlDbG6#uxeg74LH9=JFe+Z4T3+9aXXrqpfyS){|3!;oelw^tnQ<% z-^Ul6E2?9F(`?9e{}e`Zv&5B!%wi9j$^hP@xL`2kF<9xE+ z-EERsW=c2hxD|kqNiB;LxOyMnd1Y*fdJ6)>pqh(_RpXXAP6O=In!XS7xUglqdNv{d zP>xInZnOjoq>fM@Y=(SvNg7s|VxSlW{^hZ|2sYg8i%$O_CqNh=?aftx@P&-?mF#nk z!??qX-=A1pZ?+N-nBA4W0gf{c2^zii7+H~CPuj`eAw>`Gx^kFjlMCF6nU`bR{xbDJ?a1BxunP1k^do%V3 zTlpM#vVEC@0W7@@2JvssH0hilYwC_qAvu{2OMGus$3JymB%?NB=^|jEgde13vfI%^ zc-R;WobOC6KvuUZVW)p+t2Ly4B7h|`B>No23Rcd6!> z8{f&%PzJo%`Iz7~QDi;uC@t5vg0A}mfI!&wv7O3y9Q=-@|11%TO3P%$9CnRS&b86- z4s^9?g%|7T%sFszf;06Zke}i|T*=34R=QM<4;}gUifw?LC|4?|@vvb#RA<+eEdxMC z#x&SR-nBj_Q%z2L_p690cNak3zh=(2vvE*yGHbe@m>N2*Bs@Waldb6B#K?bJjfSgV z?wV({^F}!<`qKHa3bln++?R+&^UBbPFv*x6k}hO;Urbgx7_YqznsRp==7OGAA_o`w zrC(9x7Xu7v4|xpxg#TRlWd|;8t176+GAqb6sk}yXPZ(oust4v>rUNJ@s74xmHGsaZ zJuw*4_)$E^{XY?sY~<$>gWxzz)oT(~dZW;31b)DCOEN$EXL8z)XD`B_k9{mnQ2;ED z<;vpA)6PY_ck=M42hYagn3}mB5+gahg{;UtetT1OJ9PrxS6_0CFW)z}Wd8;I9aGZw z5{Ld(9I&=(sRYhfBsbZ7i7KFJn`ws6HLQY9GP1Ost6~)7T{ZXPFYzg>biBLn=Jn%)^1(quJO6z+YvZCV(kadIeoSlt#sf zZS_|XK355wrK@YQ(f_R?umh_sgY#+K$P%PrIZ(1xi|KalO>ur`(`W9~l(hhRNS1Sl zn{e;Rb(cZTKsq2Cg>Uyjk&pfA)>6|j(v4S@J#87UJwMEM*RxCND|n8%1HGj}4U!}V zK#Y~F$oy9POcOY`UM^RO&rIxw;CtkoCN;!qq5de#*nK-PK}T2L6PX!qMrqU4J+blClmU@Xz>WEu zh2K}0@WZ@KB-t8V0ak!CMleaxrHw>D;zQ$3ZIUVW0i)=Uz41e1KU;x7ku=Hg`(}^c zBcy`(SD)MG^wknNCrmgzilh5|v0%n;{Y#K~9I|sKvt4ZKN#NfcX6{hKDGyXc&cLdh zt!nJ0tF~9XsvCR?!{~e#RxA5cr2{&$cz*>>=Rx6Y*^uOk!zE>Tb$%M7C0EG{2K^us zk!Qso)(eY3JUVW1sq5?L_iN2DaJJ^Yrff2&LktPc9EG1fh&e3r6OSHN^@K}c>58V9y^Hrjs(!AloAN$GMKp15tZr%Acyqd+O zgj%HBI7!OvZ#g{>DL;F;3feM7zowZPrCt-n?(%D1T2QGvli*uF2Jd|LE)_$m_@L33 z-60$rziJI5Y>98V1#J};99FXKm*$(01j~}ZBxF#vv zcU9Ab!j5h=Ih{1hsqs5BGCj6%v8K^CD818ph_U1)*yo*UxuOyzL`g4>up@*t)RK&yl&N^2B^-C=MWf|Ql zPElL7ljD;i&*y67mrX?V;iTzc?KuAcmQGpc0uK%fFHP7(A&NQfL9uO%zQw%bu2zb; z>R>cCFQpm^o3RTPRvOwMgaf~2otaeo4j5WpBu$}l1bcHKd)q|3l8)U07|T!Cd9+0O zdz0RPPyLu&nN(0yCx`GTs}kEDQ}6Sog0)yoM)D_v*fz4iAoG1qs=uSd@+4rnS!~(t zGXze5Q#vX95N^*}D>Xq=!&2t2{X+xAe|lFKEqU`wJ%Sdm7sjOF3SB}o&Cn*Bf5dy6 z?U`dR3$kl)GcS26RS*%F6qX?|i_-OnWWY{_{dXdkku5n9U+rqULV2pS*_r1@+>`(a zo1u#!j9B_ggz^%F4_D{YntAmC=47tRl9WqP@8|2@|Cqw%m=7>8A2xV4zG3wj7MjbL z67w(hkkn#Tyu&kM%cA3wp%waj8BsRo(a#%}u~UpJzbV~2xOvy%j-MI#Uw84YH<7 z$yYEWxIF1F4l>>pYDi3Z1Upq6~d6FYz?MFVAY=D1k0*FUQ}iKEh)3M`88Euq3=jm_ka_Pi=+bI?{8z-@GyijNQ&* z*Fo}`RyCDioirK%*V{_&k>rW0YQHrLMs;r!^mYJ$J=$cFx)_?#i=wAu&C;@Namita zAC$VyT}r;Ai&0P&47bo%@Z#vuqdODLE@7zd>}o+o@NhD_X3#abBs)Gz1{yGkOJ=#;-=0UPRAaUyDYgpBtW&$1)Yz6)VZI4 zt}2=GSz+-zIH;%idGbK5U{+xTF{Z8&p>H3c@#a#$$*#gZm1zX;5eEp^$-Z59cHiEg z3dXMCCcz>4wU_7YGAHE)kBM%^+aG}l#A&-Zg7C*L_#Xa?I6+SrlcVRzm>-SR9j&PQ zTm90%&d?#eVGZVPf|`R1QzFu@Sa#2#QPEZEaCY zLxT4VmHpq?)L{e8SDtY$Tii`Bh42TE>Y}SnZH!(CsVJR4w9PYG128D!*j%}VGe>l} z8OYYWgI9n2IQ7LTDL%~Y1(Ztx~K+9FIb>_IeXHk2X zdybEZW4JH4QC7z6AMl866i8H7sdYLgm5!3I+WaCKZ-chaeA7EW+Y}vTWJayF`!_fp ztCUawIJIAV^0q1-MXA6_guSmvAiko;Z>il}iXpj=^b-TuEEL z62%m7JW>Z6Hrs$l`eYm|&KY7aS`aK?uz`!iVB^SLAWu)L(qetjg2~e$P=UH5o#Hkh zoE4^kQ*ZgPDVeY1`EV(1eQZg>KSu$u5T zo)oh0Te}cS%46{Zm?4GxHK?9cRiKaoAYZ>BPHy|m7LO33Ci zRgWT^ny19=mPA~|(0zQv(yO~AS7WKBWAoRo@?(Bm-|=%Uf;Y~caUZ#|YN6%fJQko^ zBbZ3!trg|=GMsht&+Zk5`0?VUQPtk7=bKS<5Jb1gxLDHzso4+?3$XxAw^G_Dv9OY3 z1j%&^n4&~yZ29-7uCN8eGWjeR9YQVy$~H!xP+k1?jK@sY$wydud$Mes8)8swt0I8k z_?rm_9okO7>tgsw7Cd0#?J_6PP?VZn4-Tjq{In^wRDUJn6$M5`#k1h`qVq@hgz`*)Z=-MU5*%XuZo6v=#tyhZWJ_XQ^H!yMB_sz+s30vq zRKuWuL7gJwG5R6t)EiTjQpPE%34+t6CtwwXy_ef-bD!4pF*bu1n$ZS{;~UijE=;3n z*c?#~J6KuEs4~I*{cFydW3BJZ z;FyHqi{@E|OCe1Ic;$mxc=qUe|*jdBRQ)~!56ytm?w_`wUjrvN!1uhXlhM{d}> z`|kpU6097NX;hZ%LIPDSegWVql6IdCg_xIRj|V?v?@{+mNz{k?nn5M}OAdMA{XG9m z19C<-Kj^k4hGW~v(r>M7BcH}>xr@eYTI3l5G;@C`ws}3|e92u#Xj4Renv@GFGU}d7 zAS07Lc&xALs2QKcL0q`hb%;~X_HM& zCLRO}ae~{WK=A+LnVJil0um>D-65~a=+X^O;j-ei$9gvkPkesom?3%%KP(_=xDFsF z|F>E9PBH%6?Iv}|na|ZzB*ld5wm4By&MLLB^rQSEjQ^)vCK`FU!xIbt7K_!*+9Cj! z-qNa9l3dl>8Rif3qpGSq{T_%7Mk7m_Dqb>1z!qds)EHa?b{;s9uormpzG%C%H~AJ( zzqr2@Ly0EAhNWbD$f6m9!(8HVWArtH#IV+%4i4_*zu@`jT8YatBcS8{xeTP@#Ls& zaZZ}g@E2`H8O!xM5Fk+h!0cks*q6`T#0uDfui3zWb|^ms*l~C0+rwOa#%>s}9lXgq zfV=2e4)$(u%#{;OphRLA)?z%TQ(FoVBVUe@t9~1F%6LfaQ9j_?8rL{5Mlw99w*&%& z&9u3oX<(}%7(&*uD{lJrkzv*I4z1=L$0-^Ah^h)#wTBL5YfRt9%nV<~@^p&c0nGO1 z)i0NeF=d1cwl@Dib>yWG=0$$G#kNI34$+~6ooxhO8u|C}*O1;slBO2}Ucs61N*x-N z>pj=WMu7K`Pa?SbC@9EukPBAl{CH=o&LrrkVLk`6sOv)3JZTO8IPc6|dgbDLMy>H3 ziO0f;{YHZcB59z5cfl{(a$RvP9nZFf9oKDpu$=mH3T+C;sr8F8E}7Hqf{ZMK(A|K; zP`{v}5Y&Rv+bE^kICPzTlsWav>7cRbe3%&y{^i!)odpXS1K+r;pArCrGCFWm{X4{H zVs>L6Q9$JY6B)g{#i;drV$3gr+J*ZmU!9ge=vhZ;3gGl|wW7g){%W&r4JtO&2rl_y2s~7 zvUGg<3A}s(JWvYtkQI|WLaJ+FU{A%$51%%&fYWT7QDMg;4X4wW#;IbM{MMacQ7kmUSggJ?al={A0|dP(wPlY&LYwgs>R_X^SIc2c`G zxEJP*6WsEw)UyPzH7yNCcN^>eG6;DFoPTA7Ib63Z1OWEH?bHj`ivgP<%zkd3~T}v zKuQ#kg%7oMZ8~+lq|{tw=po$1cmo|$>MbV4ZyW&y4vs5;>KRN6yPTmL?5gnVwPf2N zoi8+S=}tKx6iUP!?h2ukstf%-8`JKmWlj|xPJ(=H?&oHif%+rv4U)G7s7mZ))T)pz zEk;Bw)p{r2mC;S~p|(c5@o{90kWh&I6VqiLw0Ef!^#G_d@8OpRA=jy_7i$0fpoLnR z?tID~^P_N?<4aJks)mw_u}@tTivmez zT@3wZ99Z-l>wJZnX0fNNhT%2ltRk0XBHfKA2Y|L6OgxaF0u=H{iA8QUqP=Rl6r8j% zkTF2u2}_(Z{zISAqkI{c*n>$Y9^G?*k9=`e-a8uF(fMHmqD?*h&f$GbfzUD&5Dsms zqxXKBN*qu1b1vH#XI0ZouKzu+aZYdL2K1t;$3M<`o^@u4#@MJu&+3$w4o-uSi@oEG zAq0$6Q_AG8#)0nUR_NFLIvR;<>lR3*`%3%G#=aOOHgdE--hm) z3ZGoT-7S1uo|u(FG^dB(+K@vi-P3fib~m6=19?Co2Y_HId-t&`g)tT3 zPmjeVM`Uhx_F~`WS|?HMzR|PqKS&QR$9?2o-@d|^j@dGKq4*gBCmF%jPANL401|bb zask4fN<)ZWYEW;Y)1QsfNX;FcG0l*uwA1u(!LI8H0FC?)X%ia#IC#}pK*HI%VZ*v; zCY_Q+rd+WlV9+dDMnp$$;e$L&G*KSzcy+8AK`$Q3*7X>qi`G6Niu^WdBvJ}d?dJ-H zQ=9PKH3Md2jmdeHY*golNOnL_JXg-Dhtk+*yPc(-(01`f5_M7{u;Pwm1~4G z*g3+}uM&*`6>cB_2x2TN#)7z`QzYcz)nWmqqi{rpDyA23cytvA$5#V_v_HKVtymOq zt~nr?p-QwR#q%ASfl@u~R|9x0)YN*%O@7Z<#82P(n0cDiULbKDwWwu8s#KC>rVj3) zao2mR&+cAJxnjaKb1;W&=V6^ZNY-22(qI%aRBb&Y%v%}!CRPm6V~f`WSXo3R^N#En zJn12-ejvzu|0F z0#W0AO}bn{;?>1ik6(0a-!2kk_9{S#iJF)@?fH-~Rx!HkhttzarD?>+*;+X7DJ*0^ z-hqO!i2DzbhzPzQMkOiLO5IcQVxo70-X|76IM)2`6QKH~!*|SdCiXjzUiC<$WshMp zp6l{s4QUWgld0c`2od=!HXH36Nrv<~%FdIK#gB6>eKIurZ0=u| zH?WsxrFlTWpj}8WtfA^JHCNv(o@G_NAVidQ3<-8aE8}x{8d*CQ;ZM7U%J7!K?HWW7 z71>$@N*_Zzv8=D8H?$FK*t`94+sCjl&041IACp41HL{YN=;o?Rp_4gl4!t|4G0;6} z>|kxs9EetN8@b8@OINcUFNPJ?8V0*$g#lYg1|Aroh)F{ySI5A?)Ed?-1N8YXTJ8Tn zDUc&#i;c;R4YwB`9s&j;6#!Ac%D}#_`VA9+WO41E_1prAwZd&Mzz?zhAZGALQO{Re z)#1^25ce(_T8!_l`7v}mOTDj%o(v^q2Xr5P2keWrjWIE9PMi27xWrHWDr&<>h~1@S zr@AEY|I8jwP)4cC@*JWf_f(}q?w!(=y2LI3rGtrrJ-4lk_n{JjIT(DRmx$_lgZ*XD zr=@9$yr5#Tk@uSPCs8Y}wy56xye&*t;S=c)QSTwV6rCecl5*ut>pUFgJIuRBXz*Wo z<`I6q9&WUT^d1C&Bf6#zE;M3d1?4Z-)RfXO{cXI8$-;ONq8H%1iZY3_3Hto8wQ(2F zV!SUhzeTWMW6;0^0WIYa+%9F?CuZyeER*k0<52FwEjt_D4XHQW#l5#$mOA4x6LO~h zs+lQI%e8`J-SEq}#%xD8y9G2C%lhk+>}ezA=daBb+qX5@q+2c2&7_$e1YnC~TU529 zy#Y~puYcB^io^0toJ2xIW8A8-xKFJ!8j|VYf^BH36C+hzY=&J%`Zea>if-;0N+LYG zFW^G$rbyTB2+efV3X>1#-%9fT?50k4N)1T!9Nyvs8qbQn$L-kgoLVVp12aDIeW^yp zXkXp>v8?!(t(R4a;@TT$)k)pG^h4btDAoKH8Wb635>%w6TH;{CzqaX&cp6#}5?yDkY7lirC73?z<1y;gGZWbo3H^QVc=6g%zV9)wp!dE-g?J71#&5P>N*<1OdFFl=c9>UyOdU+E-q0Q zw)lG&^GU;9KL5uEx}+{6T@(@Z7M)L=!+EnaqY3fMmss+lh{N;%5C>*>8E%5U$nt$7mkRd`rA=_{Ky!*g{WHo4sk!c>mdcwJGh*3E z`>Lib)P~Xol={M;>;{&=vk(6x)zE2(WepY3%w>sUhi?lhJjGPS1r(9MppO^2Mhpt?jsmuJQIlVYR~OUicESv!Ra?^VCUa$e27RVyjwb| zBT)tSbdI}wCGt;|x!=Q=v5G6iRDl-Hut}v=k_NTG=SXL*%ge=Y4|sJa$k)l?xPYrp zR?XW#;o518&gyBI`?TgqTFV8eg%B?QRq8)&M9L#hXa#}vhMcaneez-|8@aznjKaFv z$+X^JOvC1Vl-QD}eOQ!4S%T(HTZ%s#PT@|Gg#&OXsy-3B$+Q(AxdY09(aH#kI6W48 znim+V7@-o$fiP}}P}iQ|$`MB`Ls;It9FZ3qHuWq%c znaG{*7IW`3EakuehKhmyBu*Y%N4_}44dOAKbcxnJEtBga#D`9N2)s+=@0#8XZU`Yk zMMF;$|D0=%xegm~A1sNMRJjUx$npib+mZ*O31i}{CgFqzv&o9=MUr^ z!5Z&-^AUww#bdDzGeXxx8HRe6BK{?2We?iO? zTt2rWQolDa7(@Fj*CoezwQU}@*X6UjU_kwjj!3NA0Y?EYNu&xkn$LBt2u)*o1^o=S z?-l$1ZBvn@Y!H0Vf_1~P`6UAN+&?L_11sUMTo*3IWWT7;y2DBK#^Z|X?~ht^!y7VK zqvh8yNZ-T@=PPruSWxQelX)Q@Mb}S0-W;d*yIV|&K2ywwf-u-=*~b-WM8XwV1ud$k z8_a9l^$AB_A)EG1syPoWP_l@jM_H&9 zyBHy2`t;!a4^qD_IpttTDW49c4}Y~H>rrZZN@Re3xigxC{*~|?Z_(vY0`OJrPPJ6m zm`ZOWBD?!sy8vhg=~)a5ba$FskDA6xNXfp|1o$&6X2j+)m6CF^bDUXD4{eob%rRUQ zpCo#uPAJad4G-8P0k4ag`yGPKM`p3xeHt_7V7W{QGp)EDrMw%-ILbU(R&-V-jjT#I zkYr212?P2-_Qb>(TvWjoDa&e_kNLEh)v%LyM zU|5Wl2v5BZ@Lel3j+258&1g|R&|TlK&cW?^7A14#*~YtTrm9_FhSa~uo@|=Cw{rbP ziTfm>v44c*y#Lsuy_}VG?uezxWuI3^%UX-$vVfSIJTfx zS_gER3uvCskPu5Q`kIYvd97fBGvbvirbL)7sbHmaX~B zl_W)y`88JAl=M3oiP?KfL*LZ`l@LRv%!N}>KJ`QWedd_msWc2wY#JWcVm*pV#zsq8 z(nEJ7(8OtkGvxP(J)yHJNm#xC5IVAAOd36=w3apKK0g?J>VHl}9I&q!Va`8fI5tci z=H+EhTf}tlpB4300uE$Ys*~I+7v7D!A;m1r_4K;uDd8<$}W6F6jN?HG!6t-_7 zE2dd(0_?9fZY=Ev^hWNRSDKT3H5b}getFT40tCfG%BId-d_INPU(H{mjZkGk>&je7 zjNfI6VyWR0P^c{r#2nATlp9Cxb^8bk$eZ!bku~0d^;k)8h)?f2viN5xUz(rlgp+iQ z^huD6H&r+rw%C$;^GNAiYrW#OU2<>PO+}2Aydt7EVZRB8yBfyljqyekynpaU91VQv zdU{s-deHNJ$YG>}n2jgd=Gug|h*51R=vy!_=lK6aFgjBa>AMn-H$$HK9X&pe8Sqj6#co>rHP=+Rvk5!Df z6Zs1`soJl|>$<>0(`oTk)nR`(3-VvC;|JRKs1B*9oy2ywA)BIuEC0cPcGB1?td}x4 zg87NMFA@PTNaPr2zLeMD6K+0yf)s2d@3kgf_-Hyfv5?%Mz7xAp;pP)ecRilA*)y>E< znZzS-k{Kd&0XghA*X6IM@PiJi%de4Etd5Th1FF11)o3P-`Cp6UWf|Cd8YmS95zfW~ zeEi58HUwph;^w}~2$<_|g2s4ouj0rH|^B2c;SurlsYQ0iGtsEMa-D0hF@#FCWv z&!U*m!b1siIdWI|(7BK~^-Ki1N{I56Bj~7Fub_AW?dDB`61^o~n(pDqak6@Es?J%G zb_>vVqL*!cDuXwq>TV2N9k>Qo55h81aXL2=nsSgcbUc>)!LD>CTD*zxj!VX3>M1hd&r8&^i|_b?aXvheWQ!zW?7?{T{9PW zqK(Y`zsLK7Fer6fglWmy)EVSxfCHog^f{V9ym#pzuMd=nrrwT^OQ}G{eN++c7tJCb z;=})0&S-_==j7hORU4{cW3zmN$d`1+@+(>pibMMbAdU@C#C|m}5ZiDDT?yG5{d_ye z1)5lYC~XahePBfO1Mv=`v6H$Ndsn7wFp-6=pcJBS_8iG&r45-UY@F2BomRUbjqKU% zGra%q0wqhmX9VqQTFO=+jB;aJ_n{VfX7!{~eM$M$5NNfRWJYs|A*PfBblTzgXdD5J zlWJ6gV!;~58Ou5!J`Js_ocj1uL+ZD*BV{!eC4peBVXYQggwd`~f4ID`U-T(Z9cv?B z{ISLh2X-vfWZkl3g26AvwqEH+Q4L-{W~QLveMCi&P$6P?Z>j|a&o9EjcO30&rtmNj zIoAsx6`%4kg}&bA$BB6@n0{xDat;Sv)gR~v(|dsmm8|lxFxU{mPUax1TA9#Dn$0P9 z;Q&4lMrl>uAPiS3O(BL({k$!am{eiU;!XiAZr3n1=CR^c(bf9wrr@qxLRRW~zrP3)H!O!|JF3R@Br^F! zgWx9DSQZ}!rP@>&v(gOT@ofRX-cUV*KJuf&7cjlM(t);fz(d12#BBsGA!KodeSUezQsjHpBErFZU!%sg11NJiu=j} z-bpUP%D)lv7t8i zXpT=OE=wI>{Yay1nE~;rc)rslF!dD5Sok%CQ7)KUWAW#vV!z=w5`}z(7=%Ovj>V_; zwn{ho12;cdML||>m61<|P;F8oNI$$YmZV}5fIKpvnrZ|;uBVr(ngfd8J{a0?rVFZ4 z9QSBjEu2LmQU2hYwp$p+~ z@!WJm8g1`wxI-uRW*FP+a28wASZ@pkj2=nE_1F7{tFq!N?D!GUom>t+VCTfQjX%S@ zQ7SpTk(w`XE$K4Bm8YbA8x^q&;|dEJQ6l34$h!Vic%Dvaf>1i@xIq5o!Tyisp3mUX z{E}7p=(6X)4PU3;PFOX;&lN(zDhXFFC&y10>I;+WcX%h~S}L$!%dAXLn;Rtc_Xz&^ zRHrNgPtJ5bIW+p#X=zUJH&vinToX)~d?@ zXI?7V-uolz5q~rvta(YwTUfwrg)J6|<8VBzuT)~)X||WL;IvJj?3) z=ipZ8Hc5_=olj7;f;myL_Fe;JxtvXJ!k|+H300`RRt>Ri5!yncw^!LnXmTrO-P5EN zYpDW-d}Dq+J4Ow2D+9+T6lxRX7%RZNzcP+zotDqK13aAFqlt~lPt3j}3PO^5TvkoS zcptRXm4fmR0G*bf8U;PEc7K2Dg{3X29$u6PZ$d^`eQP#V9YlR3iJs8sNWX7$O+X7# zeZ7R|&;y`{aT_uV~{iG_r`uje5rwKL1oJSmh|!|WCWJUsNoHnCHCKp`_Eaxrn*RcC z@GGuglp@Gwoh;H?&TaBao>L*LunvI|pGqr0=8>S+keckko9V-Z6OMv%OTHJX9s z($@n`f~U4ao=>hbhNg&|2eWM<+3o)T;E3IkKuEn3pW1-3LFY9Vip!@mrvkosiU1V; zFyML{G_$Wi=?vXk=Lpq*QLP8o88XOnN|r#43Y;PjqK$_fHpAi@05?F$zlN)_>OyD9 z;Ma^(K9PoxMN_Q^j%*(Qr~egQzvjlcQr#620i-m7R7F5rJuRJD|BykDO1AF*u#10S zNTjTzRVrtoFkEK6jA$@eLf|y`hlA$!^Xn?w0!Sjk1zkRNYy7ULWsf&7a?0iCakYTG zlO!d!vm6AgQ!Z7UY!d~B8)i;Y)hs|w=r>t^^K&(Sqow@h(S2+W>-?~atW>3CDXexz zCv5fm7a-U7tl4WXE@np}5QvZbLGL@&g|ifTQPHP%eWfSk+Gm1+#ATq+YQej~H=7u$ zGm2)EgYI@A^oS^#}cBC*-ml))OrLl=K8$b#LkTgngGU%?ax->o;UsHa1) zbWC$`o}sU%J1!4JoPI;q6|q9%Xa0j&O2ShaEW*7*Q6Pz4{8Ni7R0!^znyC3ZHVAG= z!w_FL0@83^j5|~}AhbYMV$8e=aXT!=iyj5R%jzaSfbCyJ_#`AZ>#NSKYx(t4YkbbB zqM29vGUh;#&Qz2rHmVTpQ$I|!pXnBPQRDgT?|kHMh_zq zM;vzvf58b40(`TM1&ib5{!2Y+tH8@sMjz{mlJ%S$)vHF&zONwxp8}k!(saTN>C*SA zHauFnNT5!hklWibZ%a})_CYpR2IE*T~w?k?uz1J zYL(6L=9C~OGe2h-4Gr@Wbz~I$TFRvNGJBW1YgSeXF92d9sLDrgSZQ;>8m(x^0=}#h z#znaDPD}-c13p&QLwF^XtH+(%R0~b$Ch|Q(wL&0=o9j-tsNeRGS%Oy}ta``vA?ud* zPp@;bs^r6Y8u7C>lrECIDSD#W*7$ya|DYm|cRlK?f@ySKTj;V7`+e>hD1d3Pz%Lpc z$@Kpk0T@IQttQc?m0u|?=cR$bF?HMY@;WHHHe&S7dJj|;(QI_~Gx(_U$I6hY{$+3E zA*rz4%Ei@RkyS-ucoy(My;%EiLNr8gGz7xi6gHGqfPb5oTK*v2^O~cX=vL`jolDQu ziX4})@wkusFJOp71EdQyWjw5L@L1P>vX%vnK(J)Pn52%!=e3F+1*OEQqyms#NMP0B zxm84jh>B6on!r|X(2r=!K-_~?g%QhN7vAhR1CkYzbT?L@`7xclxg93)v{_V~ zPPZu(RZ}0QZf`CazHy+VY7*bk#}D;({${3qQyC=~#tW&q;A_wSXm z2tnpMK6R!z;K6+otRQ1tjPviEa#Jh~snn0(x6^zcXzZ|bo8_g z%`7=6eOf_;p)h!F>Da-9!4Ig@ff-LA!!jh`$U(^9{lVZ#fj&DRcyl@h2)n%mSp{et z5YZj{FiCByNxUP%Lx(^YdO>m4o(OQ6)u3qKLqn`J=NR(s|h)d9jdb;KtuDqIhwILK~=Gv3^6z7_l;C5dkg zpEEyT9;Prp5X0@1c|L^` z3*lCAEWl_S*a1KTlC>4F$N*g;?eYh?gCd-NBf#QtL@)EA4wX*6Si$!tw_{YUvHHp# z4+Q+88;4QtSxsFL&=&LH_L&uF(=V}rQ9%lSQpqxY6~OG^s2vCkd(aI}zly55ZI&h_ zO~;9{nf_$>+g^3Id8^aPcCq4gX;;?W2I9WkHEpT$FA?3#=UC@!2WS~Mh+QAa2y%XN zEp|8ThGMIOU!kX8l$~U%m@^6QayRUE^syI=2_7r;W{YzJ*!x)Qo}_B%t$Q=HHAEN-yVI9|34r@edS&kn&Zv9-dWHCDFAg1u)P7R}Yi-OMsNu7!y%<0(}d z(L|KGdK&sCBm(VZ=?ZtDBrQ2870oZl5-iSAp-FbYj-*pXaZ}WtMUcX@7!a{!dla`a z>Y@j4E~US5xSKpKp5+p8w)T*!MCDNO`v#Cxy}0dq_iv_h(VE{3JBJa)`0Ahb?Wav1 zbnIul1w}&<2r>`fN3oKZy9dkqR^%ySkLd^C^AEajQuG7SVtJi2u=l<*Pr?41wR<%| zm<4A}!&$qH`b?;;RW=7PFA2lYIsnCIP<08<$L|szaGc7Ai3D{2*6OLz-@f`-i^rTy>xb)!5 z-1@acLlY-~V{s#JsFNLG_bqL|N7vyYy^Nc3Mt$cg*5K5HbRVqSVCrrTgZH8a+JwZ| zBU@9-P_PtdiJN-a>qIt<+_ZNgvHJOL5S(32Q)Kj;_X{?wrb(kWB~Nq=pi@G{$95W# zSuBMxV}yppsuiu9UAf=4-#I(R$mEi*;}H*__YG` z?Y0Dx1-Wv!8%*Q08RF{8P+EkbKY*POleM4qj`z&>RAUJTh~ke!JDa-mFP8#GoL{Olx2X#+JT>xK@XJTe-lc-9q80b!_=@oZB0;8m$zTw{2?SNI!!1#-Mg=VD zRz`vH^RJD<`jqsZl{&QghhGrI)Ik=B31z*1ZH^D<8nC_QzF#6|onY9+e_1<2J2+P8 zleTT-;o+fXkyuGjA`aKo_g4_!x8H(kTmMr*Z?)TEdJvqYMdzTQEXIHgZ& zREU#~W88ZLpqxSGKgw6?sz~-na2KolL6C~%RHEB!S11dP+T8sr$Gq+b=)ZR*^ldZK z2PFyOzeK{QVrS^wkHeb5kz;T;-PNU*TJ|Khyfi8D@1a_%3zkz-7BkxFGk>Ut;!o$@erTRk)JA`t|V4#M}ahr_twY- z&}!-diw9f*m+r5})2^aBPO0(DM$)0vg8}72di38xwP;dH)x7B=PB70TKO{D85*GM} zLt$+TI|FK@CVY1-i$%yAubk(7Qn~@eCAPa^LexeR4#!J-C`-haOD|SbQpb~oWgtqT zxc*7`BR{1q_0j(87gI?4yuKT0n_ZxIVr%~wR=u9dW1T+e{ z!pwm+qztiOlenH^a~r4R;U6=)PZ{}gfRk(eZ!(Z)WgI6{Zq9N-@kC@GXEazdvZFNj zz+hYvxU){`?Z#^=zIW`7NHa0HL*WK-v1auj^fLNRWpa_8Mx#H%K?Dy-v@V*M z!LTlIw5Ob+lMlMfJd8pa))ZVIZiW_QvsZcBkWP!NMIC7}1W*G`_N-Z_2NxxmoSfJc z1;c;lsDBgz7ruoctBVURo>xvNtRxs^)nqn_bR|O#iKA#<#cp1Fidx7yLksB=zg4y( z`GsqQF#y-}3r)^cnw3JK@jB@A*ZI_ivRsvKk-FOdnc%Q{NGHXu-6ocnh?`}?&$g&L(~=&4IbA&VP|Zkcu_Y$ys6lqNQUeA}gi zgGibl=4~N_p94_WeTB_Ktp^PPt69bp+DNW9l&w-!=Ig>qWWm?@EF4UH%&X;!sPM>xI9};P%eJGeyg#D$*Is)CyJCxem6w$Eu zej&qziy}Xhe0oQzQi2Oa{fct-US7TAY+2YlTs|!<^7Vj=k;QDgw?I&hHXNaqCZR%M zws7hh>pEDhU^gVI4w$=qG00RVUR8|1jDIlL<{)J){*#G9SMx{l>G5p+(iDB1U$Dzh zEo9K_qxV5`j`042ty~dfI-nyzWJ9-F=Bs#$)11idHL-Pkzi9OhQ!aJbJ%Yvv<9141 z_&3jr=CW0pOogv9t3BUDrIYkrqV>a$OY1LU8e}JrO-a1m@T&K;dt0=-aQRW?edVGo zpXBq<&+m3z9|?!$?5=rz7Tpe#GQoa*`l9%q1Cg&VyTArw^jT|XBK6|+A7&k;ZaJXz z5hi+lfJGE+P$ZjLbp==2V4g7=A2Q6ykA2oNlua#UgO<{LYLCmMe+S-so7<6PSNj&1 zK_xvG6aPT7)ty-|>cw{cu$NM6{M=fPtH@|+9F3A3koCtS_X5;&mm$LgLPy4D` z-#p?gReIw|J%?^u3+TT7S2^d{d*r_C#dW`9u9QjCc_WGYI1kW^7BDeW(BzKPbu-^w z+p2d@RcU8wJeKH|Gfrpy)AHNhFXiLVneO(uyKpbA%TWfoQR}FxlLfrQ@0s)+-HC?H zj-_YwBB+_}8pU*iuDONOm7KFMeMQt1Y=Q5=ybG!Ry6vJ_qzz(k!#66^1ny}qI!S=YG)K4G;dT;j${u;A9nUG zJ~m^}Hk%8RQ=6B>kF0ZWG?!J)UJed8ggHF^#A__F+=7CAYRZ@)0YN z6mU1ZQ`=ztTC2!KMx*k%AXOs*st3gn&PKhA@&30}T^dOu(>&mvR5vnPbOQFZ z_qO7;8ls~zHh7=)4vD%u4Vo+E$wOrP4M!AXa+#LL9kC$3vllr7??^c~v0ZbL41Imw zz@jPq!D!GvK$o_KWZXN+s444XMTrK@}WiOal7@u*3w#Ta1^46L)G#hKB@X zH`;e9BE}n;1rh5&Phce_OH=*%~@v#$36<6pee#~0`GAUN3gcU(`(P00C!O^BB(ef zD!*G~LEl*&)xe{t!2LoIsP1EMOl``3q3qn*VC{#v3soeoAW@Fe*17_5rU+y0>j|1Tc=Kip81<{XS8H6ns5udJK;(x^-*J|5Ukn9+uDAREe*tq;F|O_UxFf20$4> zIv{$cBKEVmK_HNj0F4v0 z4Qo0zf|R8)s;a8T*+-marCy6t_5Z~qFEIil^P!{vYI+pt>DA6^vLfd40l2a4Wu{sz6AYA11Q~0QPQ0pZ6TG~F#k2dDQ^pl_XtI9 z>O2&TXVP777iAveOBjR{2*fzw=Uh_vC#128bO{c(A2US$UZ7CAobp=t6{g2Vc&I+- zURNx9Dw;$JKcr^mLOuMDtvgIdMOV;ai#@(abdtbMI`JHxKIW!?^Hbyl7Q#0an=#~u z3kqQ=@A7j&diPg7@TV!KkA5MXY;JEDJ|vZqk$Es3zOhd|6>uu1l5sDL)-*otGPkI) zo__*`*XS>@#dqsBypf^Sx$rb=Mi%%5ny-n901ClEefub|8MyYdNiWIhf8(v7rNDfU zSbQ3tRZ&kBv(^rI*|zUyP&;|5ro0S#r!E9OB0OJ_8cT=8X$0?G9NNLQb9exQ4tiDC z{L+QbRk8D61a^FU4`YDkM$0M%hi0yRkbo;835gtXP2gy-JRGb=-L64-sJjiS4Gmn4 z-fk{Xf|5y2NpPu1>V^D zUt%PnHLLI3s@w&8&Foa49qsr+)XKHfvKZFmi{dP6;Lr{t;=rU08(*4ff~Uj4arFlA zKMWW&4O$Oak9E`6A`TL}PIWd>>CA#xUT`YNnG9HUB20|x6~CV~=x|;^d$^6XQxsqf z5I`c&svR$7jSWPT&+kkVW7 z#Uo4#EhNPic~Z=?Yvd+f>yj*x>3|bTatT3*M+BPwGOK9=inx7}j9`rh z>Oog!l+QO`zv{=f1fl}eN6T6AYL&uKMT_ot?dNfeX~)$G^U!+G%UgaV)R}q zOxX7XtIntsLzHrq9R5tolC0!1<$9^7(14F~iCg`ErHG6O>`|W1Ld+g3VJh8Uvi(4q zk2(0~0l;|LJb+Z->^ePbR2B)-fTX@uS_a_Cxq0;DCGa5 zh-Vkz{H1B(C^c$O+&anmdSM8m4hRnV17Snb9_N(SqmruXmUO&O?@c@Oz_d*fWQ?V1 z&eRV8eCp^Jf<%a482ep;toy5170Zx*&EM?5uT^HzBTB4X2p=c&fJZOp(5ITif8|ID zM$sA7h#nA+(!`ooSr+J;%IVpGc>{vOnk;2FT;+ddSAY2Gh89#G;&Q}~R<)Pq=bZEZ zDyvRyB?r6PI*F@=f|7<=BL1!%1S%2uHH%CJrQ-tMmGesg$8I%aP2R_Y+w=$uBe$ms zhj6kd$}PQ`%fw6^4e0(*b#BHBihd;boX6ChHs`msl7uc+b$hP@SfCB<=NSKG=TCG_S@LzcnF_)iQap7)Gm^VZu=*?@k>{v+4Rqp$*t2Jj6e2&Au zU6mDPR8!H4I4pR;Q7@I?#yZ8Mo2cI*8!C9_C&Js(PCbw>XoD>~e8^e44mFd0oK47` zj@Kr#4zMAcU#@#5uawg}Vr9kq!q9V#?C6aQ!jJ7fB1tI`8eGWRkkZ5VNvy&29+$h{ zsH?)qWlT-8uY~Hw;^z=X9koh4mm6(AiNvK_l6vHO> zTtUOKBT6;aGBuWhIv6Y&s~?b0DNhzKaQ@3*?51lZ;s_)$&=m3 za#{NZ5snnXK@<=6p!L*!R51^hW3p14?O3y=uKY}PJ*p2EdcvD;##?a%Dh%4uun zE#%wQ^0MV+hV$)eLL*mydlQ9tRgl;2j!JrJK-h5Is ze{HxX33Ug7#0=+{1qn7PY$WL<@KRoNrpm9houmi);E)%CW_`}X71prJrcm=vTWMJ! zw#2VWEKh~U_5wdvLP$H99o5ci0acfjnb=md{@0tM(Sa-~jOj{~<_|PPkJ&2y z6eg)r4__ESb4IHPbo&60FS3c^faZ991<~b*s4N2I1LEZEof;8`JPSq%cpMI!TgR)( zaZ<=p=gA$+$0$yeiwOEW9r_<2PtGA{K3tIe0!(MK(Asb<)uau97|P|sU76i!TywI7 zsia)qgeN7rW5nK4$a0t*FA3h`!jm4LDeLr@W zI={j7SVCZFeDOE0rQSFtN-Uzw)Bq-=o|U;AA&HmbtM961{82T+Amc)SE za5a?u;vhkI@MCLD5F&9_Q^6})e|N2j_C^xC_UYXf4+Tsi1%fMI4XAc{q+%=RVlYi5 zyY5xVKHy)V5jLAroo@86e)c_{j{y^_RhV`$nQ`M|#H~l#%s3P!{pyw0BS$ry%C(8* z7H(qBNQTgdvBzXvYe;z@vXmDt&>az&agXU(i_F9M+y!IGkg$nB^K$-?R{wx}{P7x; zVC7NkBBH>XpqlWUszh?Tzy_ZcfPV+5HV#(Y-JY0Si$fnSQ5N&k8DjqktyIP80!|Ck z2TZss0paA-))nE=H>eqVs~SE;wnfeO-hKv+@Y(}jXzBB6nmen!g>jlM30nuca-3#7j1`bZx>bw!iKvU8KHjPZSJ!?m zvt`wbZPo~1fIH^&CAGo4!wn!ve@ECQuxJ^8PN?9^hXkyzbdc6#ek&~PL%7W&0`R-G z@BY(-D6Ty0PoyPY*XGP#262%0Y0i`)Y-WZ_1YeGt4Ue6+7dY|>Q1{y3#s2syJj7_O z>yJ`rkRiIoFfvv+TkIO$9~totRCr9f&s%~w&r}q#zJU4fcV@7`V3DbzK*ynp_<)H4 z=-^AjcIhg`x%3WYMb5nY1;?7AiVzO~u5iQzPjYcfh$URR8RGrad}#=T=qj>zWQGR4 zUs;HTsJh=45iYxJOD@Zo`AfBPN@k1AK12Q+nu^qCDhVht9O9`T10H8;%}S#~ z4k|IjzSBqVRXJ9Z9qM!HkBKCpUb3$>pk%X0f=sn#Ql^K;+>adCAjM%qJOHZ> zuv0Wk{bDd~(}s`Kb^`xHp?6YjVlMP{uikWlQ>@MhWQM9|BGq!`a#3T~`s*-ry7wA} zt5=4NLC46Upi-JBAj=_$n5`Jh%pxUoc_-ke@r^&SYLNW8cp_i&h zlF%6Ra7U58NR9#q>Q0IK+w&qZ;TTIN&h~kmzTc`?%H^G;g;8@z5mnb>$225K?>Vq(L>U;m>?xIXlB1hyU}8(x=D%F z2+gYo>BmX)5f1Qs?S<(~MLU37wVqt7tZl*LG3sbEuoAy>(mf$0T!(mAaqBo0AuZ}1 zb1zDc87h12bn58F+dW&c?XsQY15=pztdW*SHZ|NFb1{CYxV#!~%R`;iVXua#6WKW?vXIXnHXve-8e?QoCEz0;0C_813SFD7nNv6lc8iWv-4n^t`4vcb^ZICn_FR#TK4xv@4s9Dm)}uQzoo=twDK5nutChNAuOan z1Y1-L)~n%b=~SvA{DA6FPA|ht=#5>QCGbVAJzg7+!|TU$yM1A<=t`#r#^T9@fKBGW9u*CLre3wfu`jSj&-`k9rdg| z&&Lom>vI=99fPh%cM@^ts6cCd8DKH=F#r^n&F;)01!z}O_7QI+XEQMj?^?_+a64%h zeqF?TBuTd^$4O2|{SPu2vVHF?QnQn*Sq1cN<#7-gpAouWBG3*q6_sVZGxsvv9o1>R z#C!-y1ZZ|lCax_*aX*kStVh530A{jLI0J3nY!TBAKqMsn`2Klb1dFL{`bwAm{W@nJ z3_g-QFGnSRmzBeU>PDs>W*Xn$%TZJa zxsk=p#}giQfns?Vf?SA}k#AX7+Hk%9C`srSyl>NSCP4~r9`*cEK`e)^VN~aLp0I}; zL<#>*qt%^x&~dS*h(u0nc9O^O5fY^a+&*06OOvhw>Yhdn>1|EQ9GC8RKeV&+y*QIiFg>Q*5$;fWl9 zS=X`=jQ;VQ$iNKd1QR*7b#>DvMvWeU&SK>zE&M|c1E4mIU`q?L`xt>zNG$kIV-Z;> z&4u7^d?=4KnZPh8e+g_}W?rdaF27xPn>~F%2ltwQ#lg$Qs&?&@;ttIXkip> zEBCvnQ3NcI=449pcJP_4FraO`n0hhUX25D$%ky{m^cnF)OfB|buoiT;={EIMMLX86 zj9JjY$EmVd!_K$T45MF^MtdkTKaq!g)*xGW_z1l>mSK8I#n*Yh7>rreRN;JW#LHTq zh<8{Bi?>@*nov-B3q7F0`ZZvZ@``glee1AnD$c?jhI!n2k5wryZ+2q=Gf~vUVUUp3 zT7WG5*`YSLvN$)W7+y7|WX3{r|ybWS+TnX+Of{M!tM;qKnU` zby(&r20y$mO_-b@Uq?hs30liQx$TAWN)Ru|e3I7&XZj`u18jH5$Uu?WpmuML`tal) zSu~yMcVbscV8{!`-hDM9P*JG^+96T`0Mtfd_Oh7bLnfGh+NVUC> z8>e%EjFQ8GTh%p$lEf1C2!I1KdGYWZ2TBFns3a{+$6RZ~LjiIQ%k%HIzg3aGJKvIhcjq#v#X~_sdXw}Yry7-&sP=r*yOIo;{{QaJ z-eg|AMd?FKq^ZIUkxlif%qBlT%iHz?ll#4kl6>awsUDR#Ji}p`_fi_xJ9(O1Ip#Q` z2`x42VJ*r)X)#uZ!CqV*ebFEr9xQYj9&RrDBM8|uMoE#C2&pM8}UB5XHtY+zC{ zY*%LQ36OTBQ##N8?Naz-ja6?7JOu61w4R$$65gmf+nQDi9>nQ5UE)VKFuy1jhmFCt z^?c_Dq9gfh%7~m2ou7jOzkeCOyp%CACou4vo1LYcGmBaUJ0O*24-zA5v?O1CNgtnh z837pZs%Vr+oSfBZi;xlSa(Te?td*71i%8H6j?Nz8J{WJ-9_)tR>qE{T)@zVmB2Cx6 z=++0TT(??W{%J4vLOI+BPIIpydfE@H!mASKOS=NY9?t z$M`nmibS|FC-j9+KO;A81_O|E6%qGxXGTxA}lP& z;%i7jiZ;KX{veb)foZI5rs;0evxmuyGK#?6Z((FIIxNjQ3cA}6*qy`!am1u}ODG!H z`9WFLOzFkbrF-kXc@PPzFm1 zp3>{rQH~cf8EwTsQiSG@xeNy#P*@a75}Ljb)<0{!lE`6Kq{}C7{#Zyj^*eT+wfAuX zOJ0szTd4*{J(7Z?1)E*k9!A9e=Fl;B+HqLakdrp!qm6AA20%b|=>r6*iGnu6wKvxB za)Wu%OFG5U)t+Y-riVMv{n)(3UQTIhwi9-3uH`5E<97UDbndIlm4cf_aN_}$h^0&d z-euBm2L{~QYqIzbT5BV*4EgJF3BTQCKr*DPB6T?3@pk`8bkCQIs3bj({{5OY(eo@& zkt@2RQeC%A2&ghREXlDj-rX&s1Ps<6MJ9`(@Akf(`7X>A12^~{_@3^@U23<+JWIIccx_T6&lhoOg5k*y2n%t!@pAvHL zZp-`PW?{h+^fC%Vt}o@Rh|_jw9(@MaQY8AoOB>AxkE({k1HrO| zsf_cuOg8^JjDWt(gLUO&Qql`r0MXo=CE9%rMr*5F`a)J5N{IaApSjz6E490q%qWgQ z39ca{p|npY*iN>GTzvpHv0_O)#^E1RfF;`>n28=#P-`np{h^T(+{#birWZPCzytCZ z0Zw4Vve3Ah3S${xBt$GB#;PFPuBcKEQdUmwvEzGG_;vM2{+M6nsm(KR3IGAc7^%}m zOWHvlrfSWmvTHn(SM{{JVElg#E4_|Wr?w{6jE$?Ko?2o7HiV>ef(Yek0Y#XFh`maw znX;R_jB%#0`jW>was0oYY#Cdbqf+5H5{_mO=k(vWyI3WOR%3bb+pB&2i&GNbvs(UH zTdw!1H0vNUe&p{_*K*J3RwxChaV3Bmgho7PyEtM$yOgwbaPRe+s5XMK{J}_VmIo@~*j1p5mk8t0G9@;C= z%z|YbrUP8Z*3s(@{2Y>E2fz?e*dqu{(;v@70L!X6*NW%0qq|u_`#*1j<@d*jA^{o; zSVH&eN_jg%U|m6g@I;~Br_CZJ;c_I_S(ZuaNfS9ASMQN2w2E4?^%U|D29KV%Fongf zN1|n*2lhP<`843-L+f1%U8*ENL^N9aQ-7ZfYiNvOs8%*stenDWoVG{Ky6Yb!TI`~w zo{0j^y*`Cwl&l}x1*&+SP*N;`mXa0~S8-SS(?lGO+4vzR>*1R@GKXMLz_{3X*%4J* z+JI;E#$DBZbM&Xj4FoU^;sY9#^#OCv0y_9G?G;k*kzd%7K*4`rERT*f2Pa)C{1 zx}q@8r+wHkunA%ad1hBhwSeev}a+L&3=dS(p^6Ad&rHj^O?$u0bxi$ce zm@-|6H|fyrQ*FGtz6UdY<7j7Gp9i_C=?@n2QPs?rL#AyrM~sL7B}2|{lG&a=I4~*N z1jo^xfG4s{ik9{EFgR-$co;sd`5Y`g z*?CT%Xcu2>ZMN}GvXM1F_{WS0xgXxRW7q#plq*r z3pQ3CU@@b1T%7Wx`2S((s!5HH)9q%T~$Y_sW&$xJV2`_<&rT)d;VYWIf(XI+fG-4ZQx5!j~gv1 z?hHla%!bg+VG@c&s%J@&_p_1CtL>!-8JqAoMdv~g^&UbJs5CkY?7YtP`kJ$*Oo#ms zb3)Va0_}49aNCYt*ZDO^>rtwB!dD?5!N2}Hzcuz*#2;YUYqanmI&;e)#3Lxt$)go1 zJmT}3K0q`av~n!S;9r^paemG6afv(=K003ZELmW)}b0 zCDxMGo&{eO_2gedPY0n-m6@uF>GG>;(Te!6mY|ExkZJ-{!GcGBmC{zPQZxtdRC*M& zMO2>nyljC|njtR`J$Ej)Iet+HXxN$-X(3eNl30acyK&ed*PH*;_O9#XU_N&8K^X|4 z3r8~UQNBek%3pf@E9`R7W-YPMbT5yJQrvL9+BhD6;XIg=pB8gn9Wg#a-%1#=Q4kv2 zu90#<%el&1Vw1{LAn=%psbFY1RDR`3rNs7APMwZq?vS0)~uOjt`%+bo^H?_9nUk?#2| zUmPd-vyZ2}FI4=4kFSB6;6YLQie@;m23>~ZLk~#yIN3+v9jJHRa`#^#OmXR`^4N+9 zo!Cj#MsILk80r~jl45_|$Lj)qyL!P+9 zY?B=uM!kb0ZQ@cY*+w;x*ICQF`Vz4eJz=L2VG{P$v;KtT3hXH8V2zumUNCS7RE3EL zZ2logtOTo^WEA4ui_h)sC1G=~hH@`rwc@!raH=N~4tM$>taGyO&|8<^d5idefj&@~ z8HVy}g+}Z+P#-nbv~I6L{KZlVbUzxqEET&rE-5sq7yg;+!*si5-SNv$%KYf%&DMkm zh`ylbv>Z&x-7lvVy$w--hv6{nfv@qrL_P;$3aC&X6t0K9M;KR?4RS+j_ZJkVXw$<7 z#)p1>^)mBPQuz8h1k$8Z6(Qji%(O~PyOQSKwxkv~pvZKqwkb+EZ{!*Pghl(6*F=Nu zTcuT>w|#ChSNz}1O5i+G$pre7Ij=lNQ^@o^p_A(dd2i&)m-bOUr})g|3gJ4d(Y!rd ziU>tvB_|uF5n}o8VLAG@Yb!x<-|zF+E4Zc`vndT2X%)n|u;txM0a8W5?z>BSB1>W{ zaPx@i)57Q#D+K-bq;1SQ?uBfuLMnm)owxG&9j4B(Em$7jLaWls*I~PFEhg1&GzqUS z8kH%Qvo2vJe1N5>FOX#QeA)!AFkw0B4hSh`bw>yYJ;n72Huls(QaK$6%VQdrcMv%H zwESkfDuh`K!bS1|`FyHCJsxXQPBtg8oKF+8nc5`UUat|*Txp!WuYHUN#|q;Xnx8la zG7wj`T2p#J=YLcQ8>?>IPuKY(BTe2gbS?7oz^SQ>=9VTn8E9CJk@4^G7X(6YST(k_ z<3U5bKY;me6i)44TYxN|H67%FbWU_NpTZ=v^X$W#nyyg%k^ZJ(k$n0S#%spRiCXb8 z#}tbui39CtwBq#Ed=9i$&S{wU`z)T4~`PVG&?Wn`x??U}(vcUiIknI{I2v+^4 zf#|QX0N8q~l~N5cK2~rNKtuf539;V))0Bl8(UDyE$hd9KF<8=cF3{h#0;7DKf`&X4 zX}-^i1oZP6Q-{uc{dS z`-)_Tfa3TSR@qR|xqjpUb9cF!vfcUlc@%@UrF(j5cIS|MeQ0#n5Va6;lLP+$dhRU3 zC`&%?TCP?73E1qg?`mBt4Ki`+Ojl#u0ij>}oW&Y$^H&RAIeq)eHm#|T0Nca}Q*hsG zk9Q>Pl{b1)Q4tf;TQKeoy4R4LkRlt@Zqt^Ad|0>k#eh2KJgDlp4R1?JvN!&h(hVOi zQs}Q({@L4@j5dcgmnWrEl*%T;YtX_|&Q3Thq1pyUUVVw3cd!!dbFfD~rLFN+SGv0` zMz%Np%JK>RX%{Ze?7tp8C;bQZJUG?CiX{x;694x#fFMtWAbMh3tL8Y)lpF*mH)7r@7MrE z`G}q2^B~qO<7hIdlA=j?VxP%Ak%EXfEc*S}?f#5!?mqLDucfFz+~qfCz#TfUural3 zBd|B{i7B7uGgB&|*{8Mn6A-iSQO@=a4Zih_m9#Ef%UO;UHYuJ();8m26uIK6f;Ofa zK{<+L`!lJ))Wz&laknP$Ns4t0@gFe>%a?zH^k2kN$HW5r-Tpwx`L=<|80Mq+u$s_s zguFd-=iMq6v9>yHBOtACa3*7=vh~`G_^!w`B7NcwS(8 zpVAnlYr8BvpbxMh{cku_+BeERh$MeQ^FQPZ|2(scq%yP+>1FqwGAN;AN%!V2zE;&8 zto);(B>50_Rr$k#==6KxIGL;s?XOR$YZ$riS;Hct)V4zP6TTgs$5+%P-;lmV{xgG=SS)8dcMNvP-oYW`jw#6!+Wc6=6ma4u5AT-Ib=Fx7pf9a5Hla5lS78M zs|ze1B`Q2@3bs z58nyk`}v`(sjY{bHXoEwa>m%1HNp+%Yfgod`_L6A*VJ@W4Y2pp%Wkr*4J!z$`pKg{8HQvZ> zW)?zH?$sXs8@908L7T;s&AQfx(KUpMWt9<~71A_)8*B8+B4Fe;Sx^3!nvdN@YEDOw zxinOg_Z9C`01^a2LBE&YK@yG6arC}`yJ8UeclggLkV`r_aNiGX3JlU{4?feDAZa^LHe=wyK-29dZ zC`Opk%t#ivn|3ky0MH;YWreh!)?&QMO!Req(XsqVw}OA5G*nglyNCBWEck=sV$jrX z06{>$zp$ValA)i7B3HD>^W0ttD;CN=-QY3HuDqoaFXg;{BgU7)x+eo`E6hsu7rDjC z;VMtAMR?Q)NJrpuS`=aPzN4+0IQZamKttRtfC2FyC$@mPleu z1DnyiknR@1QdV=@{)ca4IO`LpH33KXGG2o`lg|>f0|(|ue;RJLThJ9GoRkbtUV`}6 zP;w$xo>o2qXk|L<>AUdB%IhPfCI-A5zy zw7NzO9A|rTc~>f=;M2yZwh$b&H8Att8T*x3#F;-dHq+%-$W%B<{$bTuPOiQN)x>o_ z!@JAK*gSp5Vv>sRfpQ}#8u6x1KL|4}x}P2dm5AStL!3$K-~2?n?UBRWcy{nmy5fgB zd+-~Kltb@`IKe`%KoQhh6T+v_Zj$o^QI20}_K3?cMDifPb8UNL;0%u*WB%p=+p?%3;>$_;i^%oNMDNWT8+mhR^uYZm;_@dl^_JAI(Ia7 z(RO+dFzeb4*){>_we9?U&z(#p)pTgGTx6m;jx>4hC!xC?UsqGiibx(7=75EM1C`KF zCMkoG^0K4l}llknJ`BQ*YIe?g(kY|JT*GCnD8t&9#%r zRZr-aC#DfzB7!X87|YS>Y+M?p^@I$rfkViouYc1MSv0_^kpzN(kv&W%X+9r^N0ZI) z^t3$PslMmatv+YarM=j^a|O7;GXQKzqFs5DSS9DatA<@b>P`1HG?8P31+i|H+BRf8iw?57W0sJ)&#<0DuPIn=3LIqEEMVLM| z=U{+sHn$E%L08|~H%Q79?&NPV)M=aRWv3-L^p47nR0QjY=vquppPZSj=~hv@I&&$& zYPujit=f*`qbt+Xjhh|mYJ{09bFj3m!>Sorgck`Al%4}# z&ZiNf%az0l0I+{gJ#Sx&@{cEMIk;VymmEW`sj=1m+2yaOd!4q0^faIFj58J`5@gKU z4ZQww)CCgSP^8J&jbcz@I!rfMDbWMb$7wI?2RKkZiK3Adw7uTp;np>R6JA?%Fvj5; zW=Nh8lE`!>E9&d#7mc;nD8q*j>;RtsdGJMsg>9`~5g9%t-)zrMtV=#Q;T&7?DV)#_ zmMjH|IGv77zF8~x-q38|Mh!?OG~iv^Be^|FZIjKa)AybU3k%E{g;npDaDw>js6Jiw zRM6W~lO>7JE^WM;$b@`q365!tR9sz|OPLn-ht&aAgr)W|6;1HjA4MLsDtXHGt!1)% zwa9a=)f~$YL}*XiL}BJ&$ho+_VuY%OvMPUhM(_WRYs_(^$RMN*f~>E9|97DUu4#AL zwZAz(7P)$>b1abM1HGONl(JqchJIxAnoEW~W;{Iu^GDpf2E z2||@dh5sC#d87ahAJf*ghzdq)@}eaOwD=fuz47g_DeP{@BuhKRkj z$3e%6g8RI4452A2mz|NmIb^N-qC>E>^GiVJwSwQ;<~dBgmtzQIaZk(a9)D=%eGkFE z|I(qwWmr*U%S`$aLiboDv%rXoHfAn?*P6neQ(N}-IxoHSbs4I1uO79@KH=h7(XcP>Ht;ZF#dK<#cdq7&gR98+zgh6+IGdTugU!?KJ>&Jh zC%dSU7yxf?HRe9O-+IjEJHMT*(K8&#%dXsE=;jHz{^SAp^;4urqL5c^G$+dn#Q_`4 z8b&T8DbA6KnJ-Eq-2{8`y411h9w#Da!syW_Fn;CSAQ)U^(IK370d*`SZwLv14*CZa z2Jk6y7+`ngJo3<+-VfW}y9INE*(EYaFK8!(Wn6{+2lAo+W3%^QpQ&@P1~Gs zks^?jIK3r1d7AK6H{?s>pYzF9`Vx zU|m9QGAD`8l8my=egghdGfvUussxZ5S#vKg}M1Qzm}`h zlBM5K-@DbmEdhNOY~R3Rd8N-O%7zpjQ3EE0q<|2;1;v8Lfetw%Q0AQ)8Nkk^!VW8#Z1j{%+28ADWUp&T-EW*vJaqZ z+sw=3yu<|nx@yGFGSV>H98m8(iq$Uh+?`30;D?;g(gIgvmn_GAUEJN*Pz!FDM`S7y ze}MP8{fPGI3a~1I$ynegJ#A3AziLmPLW+k(r_c#zQQIqVNe17wY3EnECb;sd#~<=t zGlG@blU!%;i6iEFXJ~phtXUhC*&+Xhd8f`C0fqZki32xIbGyq(j$m)HlmLk-Gan0Z#`tfBvGxII2r55gSEArkh}DK%ooB zlW8-$Jmn(|)ZSxYMnxr#kW@_{Up+BAJV0XpzMdqeat5`aPA7329YvXqf&Y2Wd5=RT z=z#S%&T|vrWug5cI{r`ZM5mS$RnPV3@pEfujE0Vh7REL#M2yEM9A|wo3SL;{<RSGRwP!T~)Vt~9=#rqh<#h&p=7i zzn`Lnlez^ZsV~84tz>RlxFM!BJD5q#Pmgj&b#h=g3Epk~zxT+@6fZp{lwJR8Rwpp* z^DV~dw6(gXZa&r5@syih%BmWLx0jbYaaJLvic$7q3KhrbS2JlVEbQXvLU>4}XlP}x z|BZqCXyAgqW7#uzk!6cq+GHqmBzymmaFRj7n9`@oOCkMyfL6Mfw&UCCWJLma9PhNV^6(`IeTi!5|%$0&qhGyv*h1e`8v3wfcD7ZS8M!qI? zji9pD2Z(u!YL*R`{EkxicgKks0dgU?09h=Q}lFIdrQ5fhtEjxX;ZAu}%< z9{D5P7b+x&R?ixpjmm`)k4VzqhuM9{@~tFc#9;6_FkkeQ;Bj>e*X0lAU}8{))q(}l zQ1_=^*EwXvx^=P8^NcAI&>>A$r}L-MQZLN}FBn=@-{P7S-cR?kpQr3z47iub-6DG( zNvnS>F~%5d*O^xuq-s514a%TnQ_&@JAaTM{vc6@aD(J!}G3)?GtCUGUIF4f2c5Le; zFu+i;Hr#2f+EaIwL;E9^$BjyMX#BGKK(t+%hFcBp#mv8XXx7t}G9;HpcL#z2V+Le#`j^AL{nkhi$rJmX$sl9$ZfJ8-tk&yJ_Ws-prN%P+ z{f2?Eht2#x%|AY*O0t@c2)H!BCf({rJ-x|I@1<{QOo~{Y`J!y39WPbWtKHGf`Wnvo z!*X~9)ROK_4B3=BV#*)1i_#I?UUU%${7_hR$US|n*_~t_owWNgY0ml3i^-y(cWkkI zuWKo$xnd$M_so%B2G4PjV|nS!19C5O%lU;!t_kxLgYN7*d|rf7y#1|00HfPC?R z(+FEhFyrWJwF51PB9ijB|E~9ouf+B^|CNk=#UC{-<52KKv=>soHD&;L7o~Pm(F9V5 zh4x3g9Zqa{6~-b~M_a#V7-@$C`lisvL?~8Wf9-uoq63@HGse~-H!VP1zV_y5{pq(Z zF|Xl#LFdwvCnWXf4wrGfLjNA5XIyRE^dDF%h#-5LaCaf_E%YDI-aVmc)9h&CVu~N*8-16AKQ0jQqsGgf!9+!6`fZ z9fMbg>-bW12EY;mF9K|mn|tnQZ$I?fLhqn00}12}_=DaG@OhVPBY|<-5Mm#A;67Vu z_jGa-%MT|^!`={Xr7}Z=nU&*N4nX);}OsfF(>PHLG13r@oxYxmDG5S*FVBu7YUH~7_ z8IZbiN!)r$nhY+NrXkl4gg1{RETw^+>B01$RrtUc#-rA!;RvT|j3h(-n6s2ODAAGK z{%;7Ug;;Ge(=LWjrO$fWNaM%!Kh< zoz&^+m;j`G2pPt~PR&>2_O8VTojkZ?kDq7)nuC8}*v4Y(>BZ!gscQ9!mUS0{w7Y3W zMsR&W0_4AR6q1ZgH7Z*ZzRIT7=?$DA6Ck9ouw>AAQz{44I2qM(PuTHiVjFx?rwD)nLxc z{nfBq4S_>#w2;i@*97_4IcGC`GYwc890EXm=4fIOrT`xbpEo-}@0FFS;^_ru68@YS zUoVA=S7#GRxGX6H!1dUDS2r+ZmG_AL#VPbExPvmmz0D@-8=Rgq1e}JTpIG0SH?cUC zJ_9t+mC_-L`i08eoxMNz7vD5vw%sDpEAvbQi-o6%?^T!MsanEm4If!m*g(Ua{Z+Ev zg?Dn_bjKVnz0>yT%w5p_U8o@1Fzdt#?bEyU*IvEBse)XiLVYbKkeHR}JCv5%INN0J_Dx2*A*y2sYvKF& zlcIRhvBtluAk_l4^$&VEIm5ki)|C2^S5MEFeSBe3ArWT{UVPN1#iuc*8JkTfMS5Zy zQOKDMrllNW77WWsUeAcD`}YX$-S?tw9;-ZmhUd-*y@Mw{!77T5Tx%={j~Y7ru6J!BXn|A0 zavmOan)dNcS?QWJ1de9}OwoP)Uq@W&L^!d+qP3Lo65U7k%7p+u2JxRN%^ndmgd-{9 z(j7!{(Q}>P@Hp{P#*apK-aZ`SAl&s?M6T+Yg=+dQ+W-aG&oDVGXc49o!KHN2G)a~I zi&n*B@Vy#DYyk>Hns?m$)|VLaBMhu+ci@N3rPJH!64!En679*;;0rAoaP#m0|+`L7D z(VP?NRr|+x&Z9Bnwe>yA^3o?oYu;aPvYRub_7Jv(O$3hHg&tIX8I%ZmX~U>a%csDM z;bm_AaimaBjH8@G6EAvnG4P8q2f(_f#8W-X>>cGk+NiM>f>j)|RRzN4c`pos$B;bj zj{Z%bW}7C#`rycpIdC%g|`UUnpdZp%zlRHx1p=fVemf z5d~KblVy7s52p1sV)JK8qkXv+I2e54^+)tdIonrDX2*&5HgH`bx;b*RCoc}l(nhz0 zI`{5JCd3_&NMuEIyhPQ7&-4fS1a(x!{c3VEt`D&ht&HDpSj3BjRF<<7u~8~W%}+PnKz zZg2HHY8HrZ7a$}`q#XaXx8I2UYLlSU5r#J;OydI~6oz%X|9(yUG#?wf1ZN_#!4Qu| zDtzgzYK#!3vo=uBpmnFf{HroP<2;vkQL?umBXDg7eeJ}O{x z@iy5m(|;yGODJg1tqjN?m8S?VLSvcX2MF{eD^`$1ts>Fooc^@2vJDU$^}-DuROJ5? zHtRcqfF=b>EWOqU8&+MVdQwu zC{;)x$y-&<>q!R_fmEhzw%?b9DQ}negc}Wd9gTqmS$S5aZ#o0M`q?#Ip1N6_52SZ> zB=*5^7t1R#rs>K@DpbYTEmdGOOQRM?c@5xA`TdkIVw|ZYVbrwfuV`IEw^pH!4QxOK z@+X*R7;_YUw-OIYd2~kI!`lT6JHSGi8kLs3A$hYq8;c4qAS*_*bEQ^IB}ZLmu(d)eEhO4Jb5m)#JKC1Hc4y%b4$6Bx1IRS*D{D|;MWOj%@b8<>g*JUdA zBJp}`Vx@N#lM|%X_;BmlwbdxHyVvL4S~oHa91Mnw=rO9>J{QDj_0a;~SyY4kk`;cM z%@6y)>MII6M;o~Prm#r-=nrp9BI8@%e&`O+3uyIx=O6-KI54u&LQTM!tLb-bfz#5F z(Q@V47YWMRWEFqyj~`j9PC1r1yMK+U38Ie4YQDMiWL57}HrE9m(&}`L*Av94(P*G^ zNo@!h;9)A$=0*TD+JhJYu4ttEJ!)y7EzrrNxuF7stLw-4FAFxLOO(S0ub7_?UzsLz znT5uSwQ=CBe?}`>V!c{Pc&!Wsg%uRHg41D_|rL9Gb&Gt^#Y&H8U?GjFu~5zegrTWMgJe6LdC4uLGYS#jYHMP++6i*>%f-}iFr zpVoAK1uI1tbCP;-h13j&Hty&`Y>6$x6G8n=@Y)kX5Jb1P+ZyVW(;uN<{pC>wP8yV5 zBWO_p(HOqZa%Uq&m`~60`&dYb? zsOwAKuI{jm(>J!>c6sQS#0&dJVQU0Tl(GqyANMss5{o3T5f0qT|rH0u(=? zv(sb9do062G*@muj90`SFiU>*+6u(UZ^EO_lXU$X=ayC!_!>V;UC@tUjB1K1%G!3a zB?tBg?^9O%BzV&Mr3ZJAC=(b`XEaHJ#NgGR_FHv$sG&a!AhYyo&#L&xwV;JO(O;~>8i83UC`JMgIjOA7!-CvaKyYX=B*^{P|M#WE>DVqhO_ujpPYUYcZGyti^K2wzCB z6gYZk8P4)&@^+K$ZnF<#Y+?gw^*h%LBUPX_C(cQEgLv^(Y^q=_c@5IV$JPDY7y~Ud zD+i~IkF$#7jeFd^X*EJf$)Sf>Tk>G7Mk$1{)v|tY(dn%zPlX9ZYAoDYQK~nX7+1iQ zpNRuorSwtUYR}cO<2Bx57ba1Af&>yU#7sgI0>%@eBF$-)d?XsyFV4!oQqgk>rCHP# zr(+RXgKW?3eHiUkWWwi(&Pm`l^(VCqiOe~LkQkvVJlLxVi7?YUw;C%H)9i$+^|M*O zg=)s6zVc`aGCUttq-{9Gjje_e#J8|c^XkNxe3vN!cpUno&?E=x;V;O~V-J-dM8+Gi(ISsTj_eutIDNXYe|TT|Gn?O70U4qF+>{AQ zZC^RFe8eWWQtn(ePiqR38}(fe5It#+W}mDtQS@|7Y#`NvXH-ZoP0Q5OA38;sYq#rLz0t+;!B}HI^Gmm16 zZ09TU?I@G=KS=Bvizy1}=w~6CZF4xYs+dIHHGY63O*XfkqeDGYR$s{pZwWORiiF5Zwem1uWhxOcge#>Vt zARibgx5xiWM1nJbthzNjFbAQ2JJICi9v*-}=inrpNak?waDEWR@}-mr(Y+E>WuZ

O4p%?M^t;v-abX0iSY|E-qoiuG5Qn%^2 z$K#$_YxUojpfbtj@x~-jW23}pHV7|&2pBb?UN&9iHqor=xbca}u5*OspvYO0EEG#J zTGxf)+5rL3w70yJdYcPQLq!YA*!!O7{1<*Q}2vP(DkBmMPmz=-i}VNFRxC=Av3^OjEWii?TVLOUY~Or!m?fyw+xS zAsvtrc82V=%}QesaC0bQa%h{vC?S0ABu!}8pP|$1a=<&?joTbZE@4vGWExc0;k2v7 z#>A|Z?*K+@3aahWHWiRZcSD9iDPa)WKQ!niuT=8ZCH;-r`JXk2i$;8}MhB)L5Yg)`IQgrwu0_ilq}thdbAG!#wLk3SeNLn<9(d4CI18<_+KMSi)>AL;o)RlbVWJlvM|vzu z%jCJO`Q$Aux|eUCH9eQstO|x_Y&59&!ga$$w31HrUDy|)pT{xZjX827cviTxy1Vj_ z=3r}q1dFctQApC{lANnXAjfMH^L(Lnj8RN|hxrP%PXD{g8L5zsR}{9gUaZ9U7=q*$ zAXG=i%%e$ze=?5rTLMA0JoH9$>GOpU4^ZE)E8JBu1}}Da7FVVv89})e*<0m35}`K<&TKI2~a)RJMeQX{(+;jc8)0r8`Ck%*KMy!s{i zGg83KYkyVjf9Kl*sNh+)X@GTmw7qn_kNMsbUL5XMgiFR)oQC(Qeotu+Hl>fVVDz8B zcI7tvw<1W@aBCIg`aAJA(m!eQ-^)^Xc{BMIwI%f>-`c65d?>AVae4qU6soPs6xmt5%~iv8yIsoY~CqcYl-}n7=n_g=TKoi*pHW z=NUPVBbLL8Z0BaPFsQzQq`;Z9P7D9)xVL3U`%Aoo&5mz(^P;yb8<*dTxb&oUA+$!M zAHMZ{VY$*91I-B4GK;_%wo`r7YaAnaB5G{(B*bLdlHK0_19S4LwQ+bTap@ga75Fly zNRQD~z|-}Q^o37oC3PnhDk8%SHfNwg*wDsjk_#rOMM7iv2hZ^niN_?K4NZM!}76242G;#SihvK z06V@nulk^>_Nxf&Q!0Ws^kv}^8=(PMnjLl24&p4Ur+C%iL7ILB;SK5|P%vLVM=+Ot zoEDwnI^E6ruFs^p)m#Heq-6_4*IeFY^G9ly6Wqa9gDdDOdj~3f)#=5wu?#*o{{=GZ zOnUFBHOfu;5c9@pfB90gx7%3H0t-+(cMREg_b<;sSu4W|MVXMg;R#c`<;z5J5P;J(kA@5_U=!T7nL zJy%fGK@I-=Qb+#JRUzZR?&nD2T2#xQ!w*jMWq{GREK+Q_%Wx`|JSM3m(Yz`)G~kWp zDm*CLAn^y)_WntYqq+S+@gIUJ{juQZt{^Zk7QIOsCCk*M7fwAKeouqT>nbM&dy`+X zj$oIWed|XaF7zonrMSeIrt3Dfk>GJ0k{{K(CR=-+;>>`iVLR>hj(UC^AG$+;@8#N! z6&M$S>K6I%pIIx4cL8hs1cBEhsc7?0Y1-dJ`dbozX7}5faZhiv(1`#{=FOMaECe z-wsAN2j6R|@klqPnlX2ukjeszpNsFmfOR>6C6E~>!obSYzt|oX%E{yj0>+%Cq1m-c zbb60}lN5^t>86P#EP8 z)@5>vC7;$tk!-;5fBy@EI_8kCngcI1V3c!u@;HiLc|VL414n+TftGtlwHuVRuI!~7 zlK^}(Z+M+?w#|Jx1n1Hmz}fFFTvZ@HN)IFQ3VaDAMF4h=+k{7erBnv0$djt^tUDr< zk@tL+$`L@S&3ID~WKga|ai4TJFnay0)I&d(3>WXy-B?M16ke#?a-M?ay{Axzrf-Yd zX$MIHE>|+;Wco3!877_Is{GAKv!|*ph=+BjXKXRIZlAHx#qSzN5X-U#xZwB6f-s;bE zIz0lCdP)zOvnf4Xv8P$jyr~G1-=*Blqh=}j@!JBAVwZ?E|2j4ZU#Lus_Hj0wA= zMBuNC)L;-J?I%sRF*8yB|hHI?Wa0a4V5OGE*J!(lVQ|3K$6gmba?J zS3HJ#*fJ-Y#J8`U?JAfJV==5=v!A0NK3w07jx*cn&1QmO@qjk{axH+F6;5(cZks#t zxYxm5dpid?A@y!KmX_noe5EPhu`1V%HqKLfq4Ht;FF8=v*r2q5=>I^eI=)|>w?L&)5{a$%k z^Vttg>zxl`N*0uJYOLFPlEwoMo}c%P!bPd!*Zdx4XejYWqyNz8^nBnrg*k-6)N2`r znkbQ=7$$SEab{p{dG9jDkdWm@PGb+-tHU z5;>;@3hVKcExtj~Ha}A?KJr4O{7uxeOXxZRd~1!Q1h_jKLw5S879QYo)ZML8R2wJZ z9u4PSKz*5YqW>Ll{7^L;Ilnx`8Z~Q)L`1k0`hNQ-K>06Cmt=iNgx=`T-0z#1NGo8n zMU00uM%co;{HSb4yg&D|veCdp^vJgb&>@@?z(8j%k5R#2*9MGk16H4?Niw&4&n?~O zMdCdj-GQg#*6T~$c=e#?EZ+l(0!*y0Ih=@M7>}e1Y?nBAE~0; zQLg-+s+*8OzAC|boK^JV(%Cw9pZrlvFX$ZTb3i9Bai{#2wfn4ZC%_E%gr>=#fgRwn z_sQLVv?)Ltn?(cRjWv@#0b5xdi0soUQ%RFdS5e+Zd$UEz4u|4pqS!k*UjeM1%Y%6SQ8 zMZ09&6JHbu9~s$+#pDSN)IY1JwkN4RF?TM6Rpg79RUhKfQH%V$D+Y7j7FXW$i%#Vc zJYze)g&Vea4w|OS5eX>=QC1IGrtg(x=O?Q=4F@xetmNg@ESf84Lnd>P{2ZJ2?@~X( zr;wYZTxOWL@3UFjjaoqyF9j`;dUm@&He z47-MJ@j)U5)VRN=6W-W$1$KdT0U|=->R6j1_OB z%@b}LnWNCIFEkY-NO^EsYi8bCy7S$(YO=iMQXM_r2!`jOi*|-(2kI)@FiH9v+~*Wm zSJ@Yc#rJ)`#~*Cz?%B<(M{76ijOF`xq6{j;0_PLtKM_&Be8lc#7u`A6K6~DL9t6PQ z>0DWK%TN-sB`FhyRy7<58vw+W|9n)mh=9FJ?qiA!o|^YEf7{DPBx@Mdce9%zaMP-S z>En~7qQd0C%mz>La|dN;!*U~(g_WmGJE4yZ1a&hVzl)K{P}*||Z*t;pErMIkuSjus z{UD2R{NpHM=(#;`r`cTv{*Nu$=x?T^=dS^^XP{W_0wVxDKB< zYXT&Ugjl2@Yg4dt+=1-)TQ00>h^^3v!2?CMakq+x7F?@EK*w+VeX#Ay0C>M(V=SX` z$+@*#DI~gWntYD<=EkFApqK<6DUDH%;(zEY_eKK{Re1}+_U>F8syO~sh(TZ|uFrF1H0`6}3E zZv>C>`{R^H+|;xxr=!>{d|XAJcL|N1(ZjF3li1&;)>o8Jr`1(rE|vNI_>BLGn%et( zrajFK7Az|EBTVn=kdNcV<}_Merl}cKhBZBk(~qu-#0MvZ22k3r=eKH;kQ^iL2`o%9 zdFZzO>@hgW4*P2#hoD`9P1tDr@UiB>9fmot49VB{lyye1742xn?=MRV5=xXU_0=_E*yp!>g;UZYXH?lOf zh45%WEQ7t0(V!hC_Pyijc6zlDiMaZLs8Y2K+qC3GQ^^0rr-7ydzN2Xb?C^}7h*9M! z=%r~B1D!#t2NwLsw9CPS9VDh%taa|-DTu%FL%@aMrH*xvqk^BkeAu}_+KU0kk1by3 zWuCK;R-<%ZQ9Z2XdD>6UN>g7UForrixM*&5h0rdGbX>B0)8$xlF|fqK%*7gnHD_s1 zojq&GeSN)D7yS_AN1@f-nbVYRDP_E+kG#;bwf1`_3{YpSUW#3cpx@>tMj=P=oR!@E z{ZTT?pC}7M$!kB{o1M?_Z{yw$>R8K%;V(Z6kXj(GX6@GWsb7nh-~i`hqc_fGKrM3T z2fav_nyJw7qz1r=331rVK+ZMa-qk%RLl^MHRjVvcqKZTjZ+5i2Utsuj*pwRp7^Ud& zWup)81f8~CVD2SNjk?VhIa+cw5w*DCz(m|YXN%}0u*(cj9qvT*zqh8I!%lE3MaNqH~^J^v^rZ7WXlFo&|+4?Q8YzZm85-F zJ=ZftpT8CiS2<(y?5)$P-`4`+cHGg}!|^t###C5JcV2tcl0I^_)Y_ny*YFRSe!c>W z4&Qhr#$T-f3_UD$bwjN~+buxqEv2kF(Wo})T6+gK!5udN5* zrVjHnGSX@B4d8!c%XgM1GCpk2pdAi;i67m&)-l-iQKohbBN`d6Vckkzs?Bn8QoVl7 ztI#$!b;{h>3paezy?FkU%@@KJIl|)R+}cfgxn=l5P8aLcPT&eiA-k%~krXmx86$v# zS`?Z`dsx?EI6Upp+ySGAN}nGup+4`oqD_wECb2WF=lD0`l=LzSNYLf0 z?8`gPM6 zBhH%wTXZEyjkmqo{mv5yVRTZzW)ffb7IC(l&(DZ*SY+#ZJ5%Nfe=KP;L!ufjG8h|lUAr@j3U#+GA*sxql} zIq(YEhJ`p32KlK$9>xtxKaC$cU1k}2CwYDGiwXC zl7(LoJpL46+F_*qH~H6UCQMQ06FlfRS%oR6W8-p5<(-~g>n^$a%peXsxxOVD<|SXd z|2;hk%o;;pWq)DLWH~*|whUmj>E)q=vT7~o$DzfC*Hr?)t=>odE=_2VMXVVD=n?P{ z^KmA241rVcwn~lf7yAD@W(}rY@AKURS)4(kCra|F|K? zd!BDi@Tb3Ma$iUnq^m#2XjrZ8;CtJ`g`YK%asNVi9#Pkj>c#1?23j$;`X+Z=ax0*QXHtX1`M*ug;N84=&;-0 zP1vokOOs~%oy2kn_gQe^ad2z39XfD; zE78MU77jhqjy2ABBTiz@M?Ht2xc<4YD}K2Up5m_PMlww+&I89zpGD7iz`GmDwCTY> znGW)_6DF}9eFV9SS^Sw`14S#wM3>lQd=^6I-l;PV0}S2ChG7Bwv6sPT(tmaNI`g_oAiM)32_hyrDU9Km92q(ieroNVU@$(fLY&M z6;yg8Z_<`Z+p+-Bheu9Mcb(EVh6gTgo*HW43SKQfHXKx=&*?r$lXQ)_bbqrvgmy=1 zw$zbj%DRjSMg*A7QnXc%c0)$eFlgTr|9#kg8T9wi4M1|VA!U7-N z^$M)u9g=g4Di#2Qr+y-wtWtC#&hP3@D(-oIV{J}^VZJ*kns~hNkp%QM2#7tb({e39 z<%pwR9I8D>%+({olm&xic3}d!O|90Nm zA1HT*QBVsjkk7ifgEBiX+c&jNOO3n{P<1WziOieP3EjJNJ+x4x+lt9+bY&+Q9JP$E zPB!dvtq_)F#}gn7)c7G$1TdSId+N8DEp5#^`{s1bc+LL%&xW2_SRh(Xhh9 zspbG~%S#AkkR}{KS3Ce@RTEVQ!q21Ilu}R}i=ZCUeT#;o3!`+(9+?iQ3)i{AV&^Or zP6;JBpO-#(9k{27Os@(P{T}-F8~sEfTvDD|CL084DND9x+qpEBj_rz_SpzaI$Tjn0 zH9$|Lr`oGHECQ{F@SO_NKf7kI&*e@v@bB7bkwR?aBsEg_oPZs^RROb4Zxa%yyB`6s zCP<;7Yf!ZC@NPb*u6HqulG#oqs$TMHzv4@_H$oCm2#p8*?Bkifj%e6jg!T-lxK|~k zq+OiFkAPxWSfeW|1F43S^6k|nXttZe9z)xxrM1Y79y*vh6uTQZt`g3a?lq9w%!X_i ze>%$Q21b5mI>z4w%|n2r<(fttCG8cB?3-j>%E~ZpT^|Pz@}D(3do+f!mkx~1+7JerwO&_d1@q2@v@u<8DFm#(&4RG|P;uyX3OqcMGNP`omm zy^DA-iRG6nvE(;jyvT93b4msb0Bg{vUv?tDwG(htY8~)ffLWN^fI^+(rDx+DYj7bYQ}TRloKO+ zzQ)xa^C$lJrdl?S$n>5`s!AVnun%i0`{UK8vuGWKk~)0}h^G@tZ|RDE4hFoFIvR7n z?t&WJ8lq+NyF&dA1Mj473&FdWu!qN_dL-I+4E8d{jf*}~Bf@IJ`)|*AMKlrr_N4Yu z0+>8yC0Mzl8oYi9-Lg6}pf{6~hzB^^pf_<|^&ArxEO~!ONG4(O&ObI2(Ap{Ss}3E= zIbz~#C!OA5=Z@2A+8#7|YCthNNlLnB^Ghc1_nT4*@>ENam6u}RmbR=m@{4V`+RYQ{ zCG85w@=xcx%Yo|&9s0#Yg+_;r{D>DbYiSK5VH$t z=hoBC)YX?jZ{Q1~5_M7(mI<1riRJxg*zv#qSk4LXk6^K(BDuCv78}%Noq?b(7gaZK)}D2Y*dUCH3|GG^xJv*N2yrX*33yxjkLgk zRlSHTu#f+;bJPdvHB!g(iWs8B8mmvhZdaGQqYncweSQn*M#<;^RxohP$)!NF6R^ms zV1jL2sJn1aFlYl2)1aiG4GFEm?iD0(=x}jI>S2WbHM+kz8R@~A0eNCyLHru?ICi8D z4!XR%T*fv?EKURa4i*CB*<4|B5XI&OJS6c)z>Z0bJ$tbUh+01JWyK6(p4nXf+EIAl z661m5VUVY~^;Yo?SqzAAE7pLa`Z)@3bjiMYAMMD&shAz|Umd8mJLCyUd7uqw5AfAC zs2XP3P#{4-esqvde4nU>HY&EeUchZrGmbDv=uO|bJGGy?kA_p-_uS9J(g`cH%0F`B z{HZ~seDw$S1=({|6^^X2pAQHzrKg*OjtG2z6q@aZRnrGH!$_~IMkru;4$llS{UCGy z(TlN|2Y9LlDc!FCU|NW*6eu~|MF9%N;Vcxe|nxNN;GxKoNE zUu`4i)@E>SQwV8c9I68en673G+HuLOFPg+_sIvij=aMkMAcQ+swQqd@a|Hs23iQ9B zvO#Go|5yeHV+#~Et0XjILx6{w;!#&oy;A}@KAc2$&0EJ^hmU`dKWmfYkzaHIxTa!DIp@ZzL7b-$?^msZYFk7M^rmj>cTx;xGh>Kr>7OynV_!HQ z#t#c8(Y+#s3?)IrLg@+dQ_*K#ts%e&4U%A`flYEoSDzx8GP+xmxc|2@FhSm-QH)Vc z*)KeI{+lZO^pP<+;?2vUt=7{PJ_$nxmUdY4c|{mpVm8vVsFW;@eM4Npxgu%E^V!%V z-+F)a7JRchDs^}|Y$`D$zY2qiSV>s%WEaZ(M}4Mg40Ku5U!VgYzT_>Oe@ z`o`Z5{@bW04>0!y-{0!VPP+bIRR(>R`X!!&Z^aTcjGNN~Lil&v?Ikhh8;kA5o#XaF zB)?mVXI*OMZV#}T>d;ruZbiC7Y~UAI53by*OIr`*J!ApCxna>kLozIA)F$Coe;0rW zj&yb(Uo!2&y{XSi02X0rw4XZW2Zk+R)(K!IK35K*#So1yT~a!r36MKnv~1Eybe-P7 z&9Js6d^6#8nVgj6Xg$}x-l}ieXt(hch83P^@Wh-~rQagf#*@Am+Sbgu^#rA1Y=$JE zO=*ohH6bC!xIh7brEDA?0%YlotwqAKf-3{M|2w#tnD0l%Afoz;lq{IWI*oox5-q%u zAgUkqU$F(8HMR#Tguo*mEerDsdd*x02yZ_9|m(lfoGW0Z-UHPQGh(LSmywPP)I>XGX83HimtY~2+I%QQO`<^IM2A&xnXHw zRZ27r{g-OEcxM{p$HeTx{Xp2vXxkQj&Ypx?My--EenN#YHG1@l|`{g;8?LGXt97kCl~E;EbT48pnSo7n}J49(Tms`rV5LAhK0Hu-+?*Icku2g;H) z;GuL8+hv`S>gp57jA8=v`{YSN;@R@I_=Mw|{r!|{j6!2nVD)9C3AB*11#&MDu0{WN zyLk7qQ|`sSMKGcMckcuL6bj()i|_xR)tqP|-kKim@OU+-wrFC&KA-76JR9nfeFdUQ zI)b=Ua2hQhManE{GrOx@yBH$lW+crmcFV{w^uanGA&_>iDlvXgbkId}y}9c@A;Lz2 zOMD>g6InOGCDfT9f{~DDLYNgdu zN&moK^~0!}#Ck=p?|-L6oi~_#Er=X!&nr~J_p|6)7r1bQ3afk74QM_Btx;0Pdc*V{pk6i3liCX^y` zpFu14M8)aTFrQ{g0aVB%!lF_F`%PmM?x|h#X?XPTPX}MjI+LS~hwgOIUgJ+u22tjE zE&=g^lqXfTEW0&T;)ICnQ}zbQ4G2a;s$puXEGHpDFgI^ zlY$}oJ6BSJ+gm%SwtH$ABd4UmW!eZ|2J2(0B8|m`))gCUSr-?J*k-cO@GTKqltEdS zu88)mEGc~BhI2?5Y$B$=Df?dc$$yh?FYoFL>|vimRqCP(cOWWISBopGd@QGXnBs_ zy_9T)(M5&YN-$c>xQlb@M6QAk;fLSjHHu>6pIf0lPh!(lLcSE6AVkciF1)?G{0@D- zd&2}`GhiPqg{4;YWAh50QbSMsgqWktJX5 zM7J(iabjLS(?>jLz4Ic;Vr@-U_>Id;rXXS82VHx>#+o{Vm-BvDl`E-Fn>wpBp(x=6 zFD0=Dh`~V|o4SCB(0=^gsWQdh#*M5AXe3qdoPxg(=uTTtcpDG{7V);bMVY`JfYL#} zov>G^GAsr@ZDc5h)K(+`2m^f0Q5`T#9CIDLzlP+{% z7UCfHfA?QO)%FfG5ybiMCy|zuNv3GYU>)*Yhe72GU2bJF!qcHn_~7wiEdT~tqs*I9 z6&VH$rY*k19vES+yQp0mZ-8YZxCEcLo43?`N?`HGc*s)w2I#KnxJQim`_lLrAztucY)A|LHR5?$v_ADf=bshf5g@&)k z#+6^H0go@v$idVqX>=trzDvYtprq7zGyu5UJjyQR#*ciN(**2mu^sBq#Ve04$Xl?| zlSlM_Q9X9hn7s(N!BIp&@^xj@97|+y(sgq)>j!DQh9dgCzQ|TaD`Uj0(i6u*0@km3 zLfRKbbzI4}WiT<`qZhxJm?QWg1A|OImbdfc12T}HdMt$ddNSt<$|A3}33ir}FyT1y zSao$``?zz#sOJ^V0>s10iFv2sfuKa87yadGDGs-N`#b{%4k%L`8Td15LMTLuULL~%QA zp{*>un5%Jp;(ldr$!~g0iwK$2+etN`z|{q;!&vc;-^)UU*6oL|v$j9bWblUe90wxh z5h(v3a@Nv}u7Camw}IQc_wm#3bo)GA>&+H+&D#u&fNEAMWI0dPWB@c&M7IKO`X~j; zt-JcR3;fee2gBqU(w4WdxGb~T9dtBLU+Kg3_U&jTAt8s3%ekWDt^<0ii8}Rm!_y4h zD2kM^`HBrsuqu%BqlV8d078E%wycU${V(?Gg=r8Fzn51|wQ%O|3gg8IQb0@TwPiyf zddU)#Ambm-Mn(|Hs0TUrPsuJd#Nj2D;LZpGy1%J_uv(sCx&*Hw?(7V z1AyazG;&&~&0mk76OR4;TkgHYSmpC~pFiXDx@^~J8Fz7{mrOdR=G^v6=qK9I!sZi} zJvaa9rdiiK85Qv?CemXiaGO73(0nm5N_N>YgP$3Wop&$`8?hD!K?m5_uC92Ws~35W z9s4N0oO-r1+HMnLH8C!1sBxoda0>yq=0sgPzF4rk%~K7Ev{y8DJ*uj?uPRyEx2oz)LS5^K~$O z#a$+UMRb?Dh}*`%4c&?#h#s_X@OT-CoK=B}xMoG#E4~*Xl=~D6_ zpwmbaOR-n4DO^k(tw+Coqi=pV$)HIFwdZCZ^yO%VmWVERSNS#nn2oJ$s_}%TQ2x3dz5QLK45)e5?oFewNxhHoX#HYnV zNJOejPM#?0N2%%Ap_>G}-pGT0_k_NuY0Q_%fIT3G52A>T1HP?#hR!Hh95VI5!5?>HJEo*oM~@`k^vh`t?7QCPD1 zy1|f$r8pjvwz<6?pf)KCvej*v-gec`j`?tLzlOEfFD=9p56{edy*2wB<`;(s{N^DGU{gQu;eX9Vx(;p~cQ;yvW9UiY{E_G3(w@9B%tW;*+{o z;V3Q}xA?iaDvFkeqGiq>%ezKt&c)*}Kd$GwHOTlYxN`p{?zAt0tl9hBM%M2wInZZYB=dWy%k^j#q%VMXwg>i79?gTF1&Q zAvkonHt$b4%EvfrX9Coe#88Gvd@T27TB{~bMmo+Wv}{g6_;M?jnECj~Tr(PxgfWcd z6Ip7ySu|D|DYM664U!wJB_yD>xLSaQU;vHU62&V0!1cUpgrscOI3cXqQR=Tl)J!x* zb!5vxkbS+6?kNP8oST8(qGs+y*Qeek?Dz&bQ|sa}_| z>UF#HhjS1z^UNDA2C$l0k`H-bYEK@mW25mtuo1b;^E4Ua8guA_6-|pLad#jjK5thNK)ysu^4C-kpGElQKqz7j>1Xiy+xY2+t`zZR0y)4cj%v-Pb?rHjqx*kINU^O6y!mR2 z%lK#8c66LbI4m;OIHgk0{ve|(?X0o_FiGGr)N5f07`oqZzA?i@MjTU6DvP`nd%kLyoU>`SRbo{{ABBj+kaGx#g2d*re%}9$3a!kI-)(CF{yya{_zYwpNspvKm{}4VQEkc8oB*DDv z(W%gl6TK`%rLp}d#I=XVX#DNX(nHc)%nuqTF%4#j3;>Ws~LuMRo zKiSq@6U$rSjVMgNe5;+S9Rq{#^}9N-{v-Z{%I(c&BpaWMQwbUnw+j?q5fNTd=!&eK z^#gBb|6>jNN+W$yRbF+$k05?d+rnX8ON#Q&S(vI11Ftmv)YiSR9N;@`qQudBpgJV{ zPobLvHBhpt(_HzhlPY}%ym{kjjmp&N82mmeLA!wLSTzV}sYRARxdYix1*V&}@R_8( znl!jPSBoGV{IoFTv#L9gNm9$Yc@n~t}5(gU7Gx0DB$Vh+~@h8KWUc*&Xgk{1_TYpC_^ld};gPl(upW$#E| zx*5NEb40zyVj!eU-k63|oX%l@>vf6qasJoGR}R%U&X>H9Av6_Zd+<%(qPb*6hER-Uks=)JDjFo2 zI{2!UUj2Ce5Oyxg@qt*I#w7UXN?4zXDl%0_v?4=sBN*<`SV>?~1($iYlGpBzydaTji zhQ<37mUlqjB`GK>BueM|{}2AlFj z5TUtUi6JNl;ACKR$PHos&>&ksZ&Hr#T4Y;y%5iT05DtK!%N;%5_M8}E5w$i`bFphM zK3XilZ)_?)&4$4SdHGBF7DcB4X`Lrak4sxaH&-jPS56GJhU2y=vi)@@tlpXZlV`Lk zCUMW|N9^w1vct>7^JVE-Wn4mo`_YZsZ}1A{4#0okR@pNpl8ou1$h}WB^BxbPj+?hd zQM)RL^1r=BDg8jVT^QHIN`Y#cV1&SLoifB-No)}oLH zy;u9?_ok*it~o;xit8^b%^#dHbn3^c%qy4nc7QNUk_#K9Oj{~SfwF)pJMUpz^>{B& zL5jgjbU65i3O$gn>Ji3OKSe4QyxNp`vhNhy-LagLuevM^sbfQxH+SqT4#m4o!pgapSu8*A+s%V}@+MSN;4Q8<5sLIMUw3 zeOR@$`$;=uUt$N1phW#*x9Oc**5p3=(PIsL6Xj%|*r@_iz>j4KV?$7MNQp>c+L+b& zFs|v5uZw}v5Z5js3~Gx8o_^v)YZ@H;+$bL0SFF}#%Q}c~|Hi_Nay5rFBHYC<64rV7 zcj6fX(Dft7jP2bePUwCLh|OcLuc(n=uXHuWr#?SIf8GLw-24nup&GL!IHedF#G7YAlMls*Wk%2x--;?gO-di=r7Z98% zsuqTYF=Emo8pGcCgDkLf)!Awzi;S3M<9ns9gXvRFgKuO_b7<+CFs5CP>Nk-V&hfz{ zrt=UX2}H`Go+@~?@kU#obClnkT7t?U?=_OJZhynUD~_^m6wQ)P+d9K;`t; z_@$c=_=j?_-;+mD0YeU3rhwg<)5881hZjfgo->n9ApCa!*j zxU2iqKD8H5t^q3>0w?@}hDgtcE=GulEnXq)mf*gd;zH7z>M!dk{2{nsTbNzaDjwXI z;nIm>x-gKqX0=tuu|ZF@LH*-lZK=5~tT?yyLzFhkXN7-2qyzXZVwi^9^x}^;VpuEA zTe()p0L;69rfp#cIlx|0LLqYIE*5#xlBkAbD-%P%V=^!DKix}0q0pQ>bFAJ5)E zVwT(q(DnQr(jptx+aZua_5~_~Br()x)eekrAwFbXsd-V8L;c%jo2XC5ut@>Awvj_x2I;S(^E1|lC&}#-j%uz-!U*K6mpGr^KZAu82O8LZ z4uC^n{7K!iDuH~#V?!KL}Mm4Ts%lR zlFHnm5S>52Yilj@z1e}v#UQhl3bjZ7C=OzAGw{voh5uolGyx#suOnCLzIeyW&VW#2oQjX0iH zP2>&11QOpbC162>9EzZ&Ms~rPhMLN`IW>u?`JK#QH3e#u^YP5Iif!uwW21v(uWLnRI z_A_QQ%cw(OJT{VReuf*4RbU?!5t2g=ML{oP-Mr0<4r9y#M!()i2OAD8VN~|H06_A^D&y`n@e^i+2dDac=K^yr#h72H2VVN_K&Mr zoQ$Cv4bL;NF%Jl*7&Qpnf|gv~!wI*hOg)G2xOFvRLa1cBQ~?4X+I3>9@qE#$jAxg_ zl^T^_d3lEj%=}Peu{GT>@YpjamT)p$*o{dFv06N4rQAWog~7I?Dq`5${^x!BZ5xo1 zP3W13(n@>|E1)no&(kle9mvO@<%!=%l`+vXXGzV3fxfaULDQ4#N%YknQ~o6z8>D_l zRvl_Gbb0w2P~IzYe+Gt}=!FcxffV`1Td??L(HMV1`+iPVn>cBvp!+>RpDw&+ou3#z^j}BnpNx$HvoCxch z*+MOSJtLg@!fQ;GKaFJb)2-pCgTvfNqhwEN3@r59+b{rc7riQ8A#8o40p(4+WSUDK zd=N@m&6Xt73V)~j--vc%ta$s5eUoR(q9t(W^r+F%vgrMMl2mg?+OzdFS0LG=28QGp zxp(2ld`GOBBZH{Yb07OxgNw}eawXx0Papf7UNxO=?DN_9mA8r9m_xPkR=y|I?(IL< z?~oWk0d1TgfA?bK4sTf$igt9iN?sA_WS72CnstZw;ZzIFtW9{2i~tsi7SrfJ<-C1NQUS(&%o znL*yA+QtL4UR14@+{%*VG-V}=BPbA>K$V5&4Cr&4#a+;5Obuy(?j4wqdtb>VtX9|* za5MDEO;W7g*&9UlnFL>jJqu)lq5ajVgwHvkm8!B;u;&C|7~c&FKjSGwYd=D@bS?-F zE2;{)-hLrf>dS*QKe$+MT^PJg?uEpXX~sA&ed*^2Se>yGRkO(y0sJXy>ctW3hyd>QO#-EG%`yM+F3uo zo>#Or0t?T_b|h^jyBuu@55t}2HwaIdZf}sgbwHZY=V8Y*v^ymbuXAo+WG>zu6JHEq zK$^IJ1I)O^Kq%2iy9IPxIte|vNMj&V!UAHaJX*#4S6#nI?>meP$@Yl~mI_)UcB~_- zLMv5kJ-y%dVIUJ&B=SBMWq!%pn@-oB^f1C;lXr+o>U19C9qgu}MYccX&K+13KS+;} zBk#I9(Kpfj-7RfGI&{(w<;_%Qe%a*3Pos(DjNlTp_3;zRvhb(4Kn17;D3}3v&r5{_ z>N_L-KV`Vdw6Fq)hkK3+7t5L-CUqv|6bzG)of-z}tMK07Fq^e~>;M9$p1~a}6V40y zqx81mCqD6z-qpBo;jJI=UhcX$&&K4cYCvxlm^RS{{!FXJP}T2;{?83LegAdGSx=p< zw%$>(QzfuTcZad0nInPW24Kn`_mIwaZY!{+V&#x~r(PbdOmuHmOK9>|7D*$KJj z$95&KD~o{weQ%43qxx0{?W62ey9JYM4tb+tFvok^?u6GA2Gwn8(^kEyikc!xSy$F5 z?3G1FkILNUPpbyO1w(-rKlCJMm&3?5D?d^;U!>x@lMRxSWL%jmWATu;+OPOjSt%UN zzUz5NFIjopJ-f%4>4;x@Y9VJn83DYD2_M<~gWIvCDB1S__L1oqgyU5-sevgz5s@n1 zJFx~x*2&96|5XR9wh^!s#$E&%wM=gcll8(eEiF>sWiB|c;mTTXmb@otFl1NolW`nf za1vgQh3Gp+FZ1xn-^P}GJzRKQc`?5rN?X^|Stc}l@vM=LH}FI>>Xzl55>n2Oa1}*` z_40WhemECs;oeE<($8`^@+v+fQs5eD29zDXb)End^s6|>G0JQRnZ%nN)(f>ByyEqY zN}EcogKw1g#cb;+tN-i#liDZ6$RS9UOfl;86+Eczo#c%KF!OpK&t!TKeqzb%zwt$2 z-?>yK28)L?3tXu@+)rMPT?4|(H%jG<3-W-e&4-ZWtr>$O9QHQ&{fypvC~tNJH*YjZ z8G=Zn^yC&(xTi_|t?gW=__MhcsIrX}C{~Y^kM;pn)wjToAc|-w9+wjQH2=_+w)n}6 zaUv4pO@bgzD3uJK&l7S$f)(5wbgkmgJOotVrsEE?5=7XWNBVeXkEWunuNS;Vn&64ntt4y9U6ki89*O(4r7ooR`;KdIOw9 z*%qPG^U(y&g9(arB=VoT%7e%_TjD5{iKR!S+i2rQtCwSX+^JC#atJ9h5&=Ry`g zA}&xO=hb0Bw&ZUXQ}5fb#W$VD3p4m|?G*uuC#QAhP?!_K%+CMp`qwA+_t{Tis1`6x z_Sj5h?2^P$dz~kc*P>WfQpX>~AMFemFhh^+ie*0QS=t3Ilwk`ZH{1=QU_H8re=c;< z95H-u8?g57|8rzQ#VTn}U;~5Gk$WQH|9SAe`KlFTKK2>=MDy`w<(~POks;O}W*v$g zpUQ5oHh?i?0vvi8yh-v!Q{HKP#7@WGBu=;XF_G^~5O5@zCO1nDfUC z4DQ~;C7#p3t@M3>pl8G&m|;LzTF+sVybeSF)+$1#DR)w)YqzmC32e&TCLm3Pt1cP} zuGtwCUU9J|pv1bFk*)C#d+G)AeUN%ifk2yHF@PNR8DUBlj!x&Q5DZxXv1h_R8#jMe|S;+cm z=GK*cX%K8q{dNeCLyp6P^U{L{!|+ARGzqcn!aN}EMx87JGYUd{y z&Ei4Vgfvc%&&at-Bo%}GZbD?E-jw`AjtU&Gpw`;I&B!$GJP`yyIGmCC4@niI`!fBv z&s}-;kkMGLi&%pL8}R=+KNnLw_ZGS;KpiXmx%rF~5VJ48_ijWE z=20z07aqAA0x`$bneI;{M?0PB!NvNvNXkq1n(Dh0_4RN%C`^~7RUdWRFGb55B`|JK z2J=v5Y3?!ENHvoP<+HF`@38bwnv}S`^N2hqgNq=EnH}3Od=#q#-_%6?6=m(kurB9y zFQFIPY0oxod09Ic3};s9?imt}4F`JnK{Ngg`6r_b6L6ajj^PSoB%?MsrocucrXe8I zur9_ISQ{miB6dvQyuXKJ9oEeSwTkywh{4GGQ+kXQbrcqF&QqqJS;juXlEZmRGJ^ z3;%QRVd_aDIebreRAqSYj>aI(H`A55ns?vj;qhpwY0tH=k+c+v{^Ka%yKH*vz^cXM z{^939QGRKq?MHtfl2o)e0Yy)Rfz6eKUt-&X<+9D83%+#ZZC>4c{p7AW7ZB)uLs3Fz z17fV8a&2ftlhwAI`{PTwb?c$$M2l_=!KIO-o#TWF1dp?j6wEh*-YP6Z8I=OqqL2}T zhiIF+f)OJWePShtZHi^8P_=F)bDYnoss$9uNQYc56i3nE;O$dSeq(t^I*`Pmv|7_ACunk7Li} zO$E$9zzexhW3U*f5h#=Y5xtu*vj8u2Nd&ZSiV${Y(ov}3xf_7Nkcq#(na~Y}DdVfE zs>N6*oYhb&-RTbnb1;qcAC-i7n^J};_#BD+wQ38Hu2bRmAGO}oIkqyTT) z=-uxZTB3;^;2yz#qA2(K4e{kVRRH-siR=Q%gPIt3ZT2I z3dLEoX*@F7LSQsW1V$`vT5%f-Zs2Nm)E%T>;zFH{h}X>^TC!GjUpWtc;sA%P;NR+# z0F`N}Qk}3sjej!B*(Eh5f~sFVs;Op*)V=d!g43K=dveQP)89W?F}= zkcq@cdN9Mx7qyH7*9 zElJnseoN((6arbAr!%TOZN21FQ2a^IQMFnG4^#=J(?Uswkj#oZGAJ!C@ERjy!IBBA zj75{QJC2BPj_)6gCXBwNjaMfC>;>qO=Znl$I2^{VdnPG6{lQqBLjUWylM9T%hS(xg ziQ6r*0A9+s*#5&80W;6`0i1#Q#+uYry$?LSrrK@KqDg>gFm#cD@A9u6n19xQt{5ma zO=ZK9s45#oP|$%WlL=8S%|w8*hi>4aP^Z z@nG0FSwL<|P3`r(9hyG9ytc`nVIx16L{4+hkmp{z`Py5tG^p_Km7+|i-Od7xH;&6I zsu@P4ewfTeGGXOVIjFnZQC}Y3>CL zfUC9EtfdiIKbG-h5FkcZVeYyLA(o{{rr9=(6Q>(vL(r~vE2yL#eSy#EYk>0(mWEZe zYupKme71V)=T8x!=d4n2o4m^yc9_lKrA%O2{RU4n;k|9j6t9qEGK!QUL;f0UEK9_u zEDfjrefSQUXL74|V`(njWDhZ*CV@<7F0@H@v7pYwM5GRaktWOc-KbN`ow~d0bmsFj zoo3jmcqk2{wi(dXHMs;v9&bR7_*}aY!B<-rEs>#k{p%Sa`~#S&WOu-x93xLv&|A0e zhBDdS$>xrIMX7_3?1x|#S!o1D&DL0o-NqEsG-i&qGq#*4!yEWVP%y#eccCWY;O!Dm zZ(0Uo$}BT`NWN#yex$=3?MDxXu^x03i&^JbZswU1|IlN~LI<>h?dkxE=Bvc_YkaHQCp(aIAf;+DmC2+AL^oQ6mtHyNK%>>)YS7G{(g0 zP42XE%Jm{4NK)o#qeT$17%K%oik|J7^kKQNEPtDDmH>OfF7AJAdQc)%hYd9yU$spU z*Be%^ybChSoES`ud~~EfT-ghMYpb5$EQN4W}v}@7FSBN6tXT*DaHndTC(n8qdVr7!16zUHYX3O8%Omp(CO*!kB zzQ7UEB?E-J;I5BUGvU$u2Jw3@9E3@+p#c*=7|8zttT;H+&e zlMPH;AHe53{dU=zzN z9DI^#-^C0!BUCA=N!AGhe6yJ++wW>T1n|WtTAt5ToHk`+eQZamtw0+Y07a1ArZ-5QLgd0+c+)F?n6$MjCbkNWN;>{bHrFJ`urzi9q8hHoKK}h%#9bX!o}K(b?uM}qVZYU0G@qTH%B=QXrh7hyls2e(c-oy)y0wnC z+W85?8%WkOAp2SbA*Qb|&h&P*X7KdS0Q#uHuN_81QLBlVnK+}@o-;%PNg=%PV)!rP zR#mWt`G_nY2xl~o1(wa~H^%LDL27;6tfe*yJ#^tFce8%ta{XpEpn()lCi?ezs`N$P zJH4MGK74jZ0Uqt*tLK7w`5|`rGxkMt-0m4Vzc*oC6`STx=}tk;6Rn^cWeyx9)#HBXK$3+Ex1^t)}d#(Ek3Nss+bq8zUE?##YWx_ zn1%el*T`vkllG_VHG6|6c~v6}40+(#GpPn$^?wJO4t#=u<|ezCcb8L7wVWMv2vb?_ zQ>;o!^rOrV+J2yiT-*`J0A&5oyg0#f+T|0|fRlT+5EPH`mU^xZ>^5pReQIQEdY|30HsmV0}$ptkUeP6P~fCOV8eV^+bP#P-6xW~gJ zjvrb)7@0rtRnndM7_t4PVt>Mri?O+p!EQPCGWY1KhUW{BElN`Lpv4OBtukGd_9d6r z)Ki;@x)24%b}9oz73=GxkpqOoI@dmoxVJ>JxNIeQu1nGq%ar3973+Mc=D}OgW^28_ z2M-C$&T#CBb(4MVLPb?N%irnnK#Sj1-0K>~{7xiP7E+ z)FN8Wr08(vxx_np1FoK1MA5%~)C(F6EI;xwRfOR&yTGYyKTHZ>P28PC?-eY0t@^#p zN=Sb;qE*fnA6o^dJY@)@bBI$Uhx#t($KkA9o+$~sGUKggtFH&Qaov*k{o$J&u~=7G zU7MspPi4rHD1{40ls8iJ_CB@@XTblm*q7)Cb$sP6?{lBX4EX(16^90K+un8?&4MDg#0UJZzr6U}W} zyd!0cmpl>t{jAYIXtulPWWlgmgtc-WF!cBA=s2dP)SAMXhPOsxiL3QcN0knAdA*&+ z()nbF-XQ@lBZb*Qds!}b7e!OW!?soXxtvi) zB0ev$bJBAcFpRRA?;&?~5Yo&!+)%cX!b}BT1c+hYMj~d>z=Lc0QcI9V&FPnC@-3(2 zC6|fKLu-g4|4G=07G*0lMe_oAn@3Os??JviVQAL#8;||d%C^vuf3brnhX>e53D6Zs%Iec`_TkjDY5q?NU)?4k%APF zUcEDt@#8FV8!nGk9eSKYqAD3lmSd)y`fS3Cfut4Q91C-VJX7u12wb#jU_Sx1!&8_+utfH|f9&EZ_9w6;A zcxnbKMi2QJm)RL%Uke6e^fC0pSI~R3MsKBMzu`x0%8fMt@w`DkcsQCE2XWe|GhKT2 z>IyE0nRi-;(J3uWF^9@C*N4VF+z$Gi;4x|;HuIe|4mH6|cc092NpG22uioo7D0oS=`W^pn#ofe#erMkTUdv;QV71NuUnF*8BM7D`lNQ$ z22xmpS)@4*Jg{E2YMV*kKfH2Od7JUlfI4oRTWhGFfkJHvbvNXr=svqpHfF(J2Qsnz z6zg^NG}w9u$;_zzFX`rVBx>qdXN?b){c@e%2aG@g;e^W}GUBEEOA)y&bWZ8wUyC($ z4)m4mcLf~Q^K(5>R2A@Mn;X4n%~hSpV~wwPZs=q2mB7=hG}$?EZMWpUVX_2-X+Gz0 zX)YZR%U@nQvY&^LRM+2fY)}!w@w{P$(3d&~a9+QH9Uw!eGJ<(8#R`AaWVLR@%M~Xn z4p*Kmb!?4Y{q>&6M*{d1wLaBGYsSM?-iHqXv}TsI1IEU0z+%oq$xnV@Ona^woH}NA z3#>RckpxTbAWh2?Mrt(@zhjFif#7iVt|1Z@Ys*Sej4kGtc%CX8(>}BUcOO zt}hrXaRvdgIXv#L-2A{FGY3(+R1l@yxu0f&cAYW%0a3Ex{rc5i0Sq7z_wx6kD^7*eCH8af??r22C)CEd<=Xs5tW zZ0^W?W)UjM&%E7QX)he9jzJo6IrmYLy%F1=*e=?FJWDmCC+y@!=C=(}j3f~D74T^ET57?DQ+3ZXJ%!kNWPJi@WPULZq4AHy?m*vzsblw3^A}#%OaoM&x(H| zgw=($p@AK{h+{#F^@UxHPe=YjT3T)mPF*87W+#E?m@;ljXT4$^$Xgdb3}$$PP2H~- ziQxoIj0UKM0T!q-g_^RG;pAA`JBkg*hFhlSJ3yeAPHzrha3k$$gq9KrChlY@D&NDd;7W-Hnbk&|G<+T|IOor-yMQb5B}0WJF}ku z4V&S}{-tTPKa|YKbuBd1)Q|wJ0HEy3OA85t>k!l%e`q<%cb%1G_YJ$}nMszM7=qV1 zQB*;)=wg4^2w~U0bhq#2(C{MYq!FM#_ymVq(RyUO4}!)}HCr*e>}%(@J?uS($G;cw zI$i$(DS~U4IYb2@I}N=HH_Cqo4?SLgWZpgY>6A<=v+vs?iYNG%{_wxAJ$VB)v7oMi zDa{67DS#ug%KpQSS3YoMQ*b^x6obPC#58Ao>ruC$9uJ?zHKgd$m8hIvQjmQV-*O!3%Sdq(ViOcARL(X2AL#rCjC&&>C&6};JXu;HQK*5#vte!-h0MC3V)L;a_Yvdn$+61snob4X>{ z1SvO4+NRny#ioN|#?NF0zm=0p_N1TCHkz@n$)1jAw7aJc#q2movSoTGD-+T1QbF@#ocr}<oH6M}#0qaz*tdmkSDk+(@@08KNM8f6HnthHoYjY` zsbgVl5vs~L!&smHdpLJ7-kifq`FB2t!dGQqK`^K`20&0}Y#Hx$%9b3PKzWR?-h)E( z7Q-kJM3$g_|DB_1wX+blj7^T8qCK=(pG!=h{V~p{0X#6lCcYpJ$w%(!f^ira0fD)F z+k9x*_D|uVO%76ea@977x(Jv;W41&|4W@jfe?CT-jyb*+bT(?ZcmGmeXmLzH5xn;@+6G#^tHq<-sawmHes7ay$)AMCvPd z-m3Z+$O!#b38QSan?F1a&(nxY@(OR2IbGa^C;KjAA&H;oN5V$jw$1)z+w z9uD|kj&>GpnMO?)7xIf@YX8Ka4M|QFlv;3idYLVaDBYHw#ByEE*xBNDPjMWOP`AzbCfs)d|>P2hB z5)QEk#VhpxCzL2nKs+WA#EyitnHXO^41hq;5ODbsAnOk>DfPv)%l(wzk3Uq*Uhu-l zIrnPm;gTkZHUM6#=}HZiXj{h#dMcB(@;&xqt$7LFE+tqdF_z}FKQtLCYi3(g0dHhn=X`i^gl#rbesHidCFsxKO6E6F*v#?#Kz!UGbc*&A==>&Ww;#BK?T z>KsW!GUVzllsA+Y>&9gyLugnaW_~7J&{=V?Z4o`45MqhJf2Ienc@>tshfTQ)Bht^#nL^=>yqG#<5!1VJ50R*_?L*$hk>{ z>V-4KKzSVoy%=rqgQyEWLkMuPQ{JXaO`aNAXtrj#?VwM8XLa_Idm~3f8*u_!j$oAM zFCGNEj6L^o^$@RB_hfau_tezV=RE1NiF(r48!S3qb*Q!XiXmGiplF`5RA={!euFc$ zE~}qcb6T*`g+tfup;ZvH6_H*?N_jw@L)ksnzqbR zxDoz5a`(s~I)c$JRq&WHF9(0$Zc4}g`DO)-LC~~Y8Q@9fP}m5Px-dC>E0Ch9{6TTx z)0+0=nb(?A{hvR9ls`qL_rhB@NIZ?jmQKc9t#2~3RO3LhsmiZ9spp}r0|^@)ptund zXP4_tj)f}YNj|9Tt$UEJE{QTsl(e}nwkovM8?LJ!;y&JgS4s8C39Gde)z$Uoz9_K2 zz~TcSPzH*ULuf~5tU7s+pb!_xc`lS*)UC`XHcEa~3~kR#R=lEe47k@OLtpL*880c+ z>DzE?7;EukCQSEMDzy7G_pm*}Kmg%t_PqwStaC*KOe66H)4C1?(wo~~zoms{%-~bo zlV$6lF~Bgm7yry^5c7xK5L{KCtLpkqs6LXv!@=5pweNQg%pdfW2=?anJ)#0gb#E$>Q0xkTfUALf6+Eu%Df8$ z>TdX|;OY2iAOae-bw29}mWMQ?Qm66m2_sp)?V&1f*J5#9(tQ9A?X|zIBHf7sWmu(4b+at|22)Qbu%`m?f#~k)=!s>p#mK$(_5YK*F?mRYS!T+^-B_ zJ1W**YlJu(H!o2KVS(eY3bz|q(gmk2Te()Xn2(^brmgrs<@@a2rz|jq%>^-(a|Kfl zT_vd@RZUf3DuDCyp)aFjb$Cb3u*JwVp)J&E>R9xbEhKB}fN(8?M&fZhBhU-eof9#> z8<{6?Q%){Mk$!n-S{P1i3gSOP2e;Wme#Y{G8-e#sXcx#OUAbEXUI0_Q{b-JzzDf4w zAVUNjGX)RZm@~uRv+4czuFuG3n;`U(OPzBX%&*bu-nfdQU#G4K(DBCVwO=petv^`BsnR5rz8aljKHpR@>Oq*8Imjb#m)j0E|xq==P)n&7s?l( z%Xzrz=!4h1Uleaz6pTIUZte|U=M~=GqKabNa!B%Yle=Mf{>16i;IfBdDuUEj`6igf z&lhC2o)!osX$dCEh4`Mw2A%fpj}v{|iXQ_2CilD!=0-da4o5L!F}Q+62_bw)%KB|@ z?`Gy=m(B_(nLvD@q->4OEZ6^I;P(ffn5Th?b`SZ!4d8NsE*e#b=~8& z)I0_2#Y2qMKCxw+V-^*?y-BUZkaV z;oghLHe)6*e0FwN29xq7mKk%#afJt*Q7KjJvXF+zv;`-HEi6wbEma9lM2)|&(RF2* z>%J&P@^NhD^UEyELMtf!L4ESNX9*oxRM<6s`583Q_g8d-yLMBcCo zR-_Pv?m_WwarD;aIiSI=F433~54y4xtmW=HV4=b5&SbgZHb@^pWX=_+mEg@rwJ|*9=EP)RCQ*V$FTw7@hU@k z#@;R7k5%i{KXq4AA1yh7iWT8Hmush|k(r4~|GRHN&z(vQ{rzR065mafNS?xbW@v>x z*^(N(;@_BV1!+7dxTgBe807qEpT=QOBiL(TCtmkzpq11@A3BF^1=Z7zYFn~uK`2$P zBSji3$N#{_1D?qtdx99N8)-C^r3(m8t5n7fVxCJm3Vsq}f`{h$jrFGnE;}<8@ z0^Fqp!Y-ugFHoVU* z7hc}1Fsx~%*R)b-(3bhoRIUj|wM!l4VbHD(7k#5YLHoEggodbM@nrj+y{w{{^5IBi zUK(7tX`r=28kL#)=O#NZiEfo`M^cB{V3=_9quqiec~Q|i@Pd5-;}AjCUXfa#PF}^o9z+CUH=WzDQ(p{|&uA_9 zu?4ovLZQgh>O@)H#scdw$iEPz=adV(1}9Hob}6}&rwBBaon@;PCJ z`^HxEW#7Y^){7r-#%15Fhu>H?9x|U4x_%pS6!+}0DlwxmnDBk!fz`y-?A9;av!Tw9 zZKo**DARhVJ_9&tU{eIFwGW{-JSlF?EZ%jeVkL)*T*VDe5J($5ZZq-@GNO^-k1g` zU&tuzv4g^XM*A@%Gv;R~GWtu?708?lf|_u6r7vEGWNH4lwZE92PX^2-#br8492Kyh zWF#0Y4)h;Gebb;E0#j;VDx z!c^5yB>8~c2Xx136*Nn1fd)b)kLu;2SfmF=6#5%f`TN(FdVaiJM+#Xn8-;3Q_-*bL zx`mztz(2ItF`}Q*1P+=h=!?9BI`9qhHYuGea?}Whfr%7@d~>I=^~&PDyHS!e=2l+7ZPlEe(47EhcKV+{Y*J@cm=`mAl0GM(-0j ziDdzh4PdGfJg3rhQmeI}y?IkFXaKi=q*I>cr>ROnP(HSI@AyYl0-`I}i@K z#G^4riy6XTqGpNutAzi>_^*|$BED`d32mgc+qRn=jZf}V+G3DF@9&qp&_a-Vz4i=) zfbfS8#-_+_n$clMssS$`q1vF+)%#lVbQTe?*&zEG&(;8K#T#cp08nWYo9cxm+^{;4 ztYPn-2JI^!Af9<`7lI6h-okM*H(x=M5Lr)b=?42+A>`@A-%^Tb+oq}FqgzQZizfM4 zJum@APw=pQtqnWAZIf0+P;#VB=hHvan1`>72scCPiHgk}tx)}k=;QyM-^3|vRthA( zy?zeLnEg-eZed90I(UZlnW}roj}5S;oJ{kyDcZ^ktRv?Seb(AG9&E!orBjX_LF!8% zEi~Qa;N;2cHD3K>1&EMWkRR}t-GJ0yJ?go&&@KHw!d+}OC;FXk1>-O6;+K(blIV3s zT`Ewk37l~eKOrCJ?0ZZmSH$&IL6RGE^z@}kXnU-9eOttzqHrDgRrB?*L{+dk*)aL; z&TH@y;RTHYUDAZxQ60>><&J{{3*e5PhR&m%AKGriS0F*d^upO>6S;t{|ELh4!@6j6 zL7g=>HvrP#%*vi&@jN<6Lj zHrfRu*(TJ{L85`jKk>k`sA5ys4mOECgb}I8V_4A4^rxurx5?0(ODd6yQ%&xd{TTJU z_!VB>;NfS)_*(^PR^o>hOG~~G$svYj@)Qi&!IGS-QIAp8JbTpE00C-_bzyO4-GJ%K zgErXR5I+r2JjcqJU9)UEP}PHAiwtv9hZzdrXO|VvvvaLOQ_sJIlv)E%AdFHQX{_!u z_wAHIKr(-UgFYy>u_a#$S;_swBJM<3rHZfb-sIierJE++zcXRQU~x3#_^F^Q0P-HY&c%REVu ziQai*yIHs@mCHa$ap%e;M_mS;|Ai=nGIs zBqU|xvNi8`eRkJvZ_>pHdp}L5nx}PfS)^Xijr}MDZFJG4e7PJ^coH4wIXN~q^b0i* zRrxK?g6FDWIdp-u35aMu1rb#QA$gWSK_vgRL$NdqB1g>+{C4t!&k3Y&CZCb1qRk2n6B$9}YX@eI;I6 z1Hj#hv*ls~5)H1fVUba=$AkF?=P^=U6;0{F6O~U3?JDxmwXo1?-H0Wy)!fh#tkGw= zY z%kLtz$uX}qYqDG!&cyNsDQ=QFY?fA-%ib%!6>w68I;$34F~WvKo?wBW0suAIENi*g zHhmlVkVXZ)ym=kx_3Mz_PEM8x`L;pwOwHpjLxzKVJY&4H%R2MmAD85g_yy^Fb1sccfS3>W&ql1>9}!+gF&;aTdfFBvK}`SPd*Ze*FDE z+I;RNR8l%RsKWx^X$TuM$iF*sLcb%RktRhHDgYHdF#7FjmtCP_rZ;I>>&qTXZz)OAgQNo zUUI5%>mM`WH`w)k^~``!AujiS9pK93eWwxx<~}6ZC6GkltbG3lFRclcO5#OW7{RCpv6Im2hO##SP~ogZ&f$s0eCdHh+0*#oxTM8m5u52* z`Nc-i=lujN%f8%4Wp{lAU;1{Mk@dZec;(>@l?D~i#w+*f z=VKHurR+HyL4>CNFMk7kFois4+L3>B0H)T^>3GY@;X{qE_0F{?M8?1m)-MXC3Kkt) zJK@MEQ?88p(cJB_#1LOMtp?6qe~atX@8P0=MW1H0nTEYv(D{?q6K$90$)qS%(eceQIjkT)s0($*`)YJFDQu9hFWXk_?pjZ_Kx`-`!Lf&57qYNDwQVX8aYr-Eu@84IROy}BUQ^dhAjZL$ z{LTqKNW`|&__SkM6|W`N>>wV%PtuhP9}?%9lyuYI?6-I9a@%cvuB1}~JDmsq(#UEq z3g>1p1zc_rLt1N`jGN`{^~TduuF1~)!==_R@2S8~B7E%a?QFr7gYXX--VffCkL(h@ zGc+xQxEd1;krHr)e&DP^s9``E**#nI1%RClS-Px{(YbjZ zSfuP<9%@h>Cse+Vr_VVgjw~yqP7B?0bHQ;I##Eq06oR5R@l%UV8wz%To;&&ZBtpQZ zJRWDyG)s6Gl)0(R((Jo|NI0vqc^QK^Ej-}zxBgV``iOx0r+gXD#g^PnM{+^|c5!zw z3RTjg9rp}Pn3zUW#;PhhxHsu+n~n2Y!yWnQnJB-=gRPh)7Hm_s$!c(pnB0i=m2})d z{7Os`*9=J}Tz42BgzQn~O0WI2!=^qt4URK^Lo**9wdYe{D}(zv)fAp#+5+cB;P&p# z(X5<>eE?!a=bX7?xAnD5rAVu|=iOfQ(sRb1+VA>|bbnUS?7W8vYa2L5!t;3H&X+`K z%VuI8<0WNY6J&j9Cf+ewlhjxaeBbzo5wO~atxg!gE}pplw|AfeEkXgr3@ zw}=g}WlbMF9>E+slU1k+=ioT%=&roTtES2MO-W**Z3(m?F!ZC z7A(NA$y;ODb?u_QFI6ON$B<_tX3+6vqw+I6F3kLGK1M?-VK+$IIz_{bD`(YZg<#C* zhx|U?%hrA;uTCRrX!G(J3xEq;7elX_;-+njiF_U(UdK+k6-WDQ!Wc0{U)_+^OrsYc zp`GLuRuozzIjbO4J2p@+L2_faZoB%!Bi0proaA)ku|V&j3Wl+kLzdu;k znm&H?5CtSemDRElLqjE*SKr9)nRGVs1>JK#VJxvcDiExFGr&mF^*MK^6HgV-La)*z z%ZNh1&!OZpw#j6w^9Z8Is0WPhKRM`cnMn=dGCCjWKbn9K$YU>n9Bm0kNVicYz z>i&tCeijDp2|1bI;=sw(#)?o@*r5DIgN_?dM__`HQ71~8dWS4et^Vf9asa(?K^dwB z%#GhTsOr9BOiKq^?a0o-G+EZxy#u_ep0w#j3L*sMTi}a z$(aaj*V-+01a%ddmx`vLPuC09nfqAwsiQ}5Exr?EX8J zqbJgd%cp(bs(O@}v8ib8+v%PiXv2tLTTsD<&zxhjw%_%+$zjxT2u5w;wOH` z#S^#EHmlp5(+qphpiU=-Yl5!{^MFQpquz21dV|crbDL7uo&LS30)VJvD58pRxkVkx zRGNBhR!;!^yEq!(Q`ow=CYp>c=jtOjqs~$-Feu7afo)9%5yXv}6n!zH+TKn5{$hrp zD|ubDIu$DIMCr!AYQZ&d^BfldG+4a0wgS4bkaLI!!6~vSBBs0$mV$chrrk^VH8vK zbTU;Sn@N>jff7oK()oZII(Eq7SjXN?E92YIX+gs<4IvV*Go`wCQ>k>iRPs2aZafn` zTkjhn8dEW(?AK}bB3>yK6}5jgWKTEBv;Cv${|1DLs4YL=NaSh|q3OsokP4fRg;=d| z;zdRy6zvKeBr*s+MlFCF? zwDL-qcQ)i9J9#j|j+G#M^FZhpg{Tg3&u84l{2>ec7*{}uM;6rxx1QwBAHr4HA4=U; z)ukerrMh9r;!y9&KCA_mT^ho`KL&h@Gn#9!!Ffk7IRiJw!)JkG$C=+E46|K%cK&bv ziAjZ|GcAHEr8-tH-7)a~e`b8uf}gM!@pcQ$&JqL1?1~Y|=BWg~Gtmh&8MOR@P1HrJ zg|mtpql0^4B66VnQXA-4-B4e!|60x=Q?-p9bErh))VP;0KGinO|o~bK}J=mFt=3<}zQv?B_p8b!dg4{4khZ(rZTRG#p?zg zdIZI4f%i1jv{2>8(tC1T@*JySuod|nv8_ukAUU1(?5#~3{vAy5rW_mQAJuEU%z3ns zFziKu0puirVh-;mqnxtJ!0Y5m7L+beSnbRV>_F>9m`|h)oJ-9m#u6BZSY+TsQTEOj zRSo!=Q^9S{$v_iVAysDB7g3E9O#uf^yhYorkqfqjIJ-129+K!P(oahC;-M>vjwm^> zvVg&{bOEKEhuo7EW~*>(fpi7u$*Y@wLEM0x@7;k#f<`G(sSSw?9XN1ndzUb6$K4;^EKN7=yG%~+t5NHo1?N{~iqT>X^u8csb*QePt5rNIKhnqE)* zx?4r#&e57nTbMR$llQkVQGzHb~n=VXSH9aJ8aIr210=$Uju)dB>$Jh=T8GN?L3zeZoTv0Wi!uN5A)n)oN7 z)LFi&+7{>s3?5WnlC~J8Sq8eQCSWEPGj}poQg!u}{Gd~>$*`tf_evx&-dE^;IxjPahz*`Ao^Ig@NnoH>^bpxnNH1Bbchr7Rc-Cbjdy&h9 z(U^%$lN?d_kEITC@uP+zu$=<3CYBgbTDQ&u*`_yR2h*lMP{I z`KriDu*ytcu>qk!`%B@S@-Xz9ory7J##|4fec_Di`vm}5woFtcFOfIIz>Wy_N{%U(%8Uk!MDYc7j0X$uR4R%&Lcym2^Yt z)C2x`jd0W>nNh&d@|@a?RD|dHBD^n9f}wKt->JR8a4z>Zu?{gR|1QUXH_O$2ZN;lPrm;cD+TRnn+V_uOf z;*ajKRmW@UQ6>@ROk!7N%399a0r7ejXQHMN^1S`T35J}+K=a+&WlCV_QlI3P)hd3I zkmu-|@fU6~2qkWW+`zjFdH^^-))pSIKVSpT)$u}f-~jm6tK;Bi(FayXM?l867Jq<( zJ%~xC*s(Qq;smqT2gY$tRqB(J?hP;IDD@72f)x?k^yu* zTzar=vu)#FDx6-vMo{T?deynr@*uj7=Q6BRQlq(XkIE76Sf-f&J~v)4XSP0q0HNjo z(lQt25qn2h4*WPJDC^eW#qK#f%&6 zo==Tz!&#HGd%BwSoiJqD)!2?)1P8N`R^Fyz2w0mhYA?0cr&!6DltJzes!SettD4=- zz9GDL{au!W^#rxEBQvVZ*rmdYzH+RJsz+3y9nM~sS7S9V&UH`(O zb<1}uv=5diD_n`3E2QnPb?FS#Cd^_QlT)buQsBT)mYc>S^E1Z372hYKNPVswNQlQO zJqLXl`FMCpeSm+K8R;u*k8N%<*kM?9LyA()OqaNbQP5ZacM(zvVHs-sH-Pgm)N0qG zbh--s7wo4c14wp!$eV{qU)M5q!E4S~z^s1i7Ho-*w00rL?GJSblj%I5i^n}|U0s#R8xa~IBj2&K- z=X^6;6x>z7cU%Y3-<;TiCHfC4ugm>!>J{jWXNY9`c!)xy`&CAW&zW{7K|W13)>~Wp zw;Ucs#(?$#XMGB{W**i*X3u!c+@fn{cmLaObb$f0Xhw||+t5voDmtqj&{dQr?5yL> z#bkx`cCxJ#B^eZVWj`>AU2=U=dyn(x$+q5A`*8ZPSGHUI06GWQ5A_H7041Qjr#de8 z4Rm#xU5StOYAUW=U?34NLP&=K7;?P<(|hE6kvKv<_C%FyV;alllpJ?8GJ_msxF$$1ROrsg`;@2v zKusAoo1?k30VZL0#iv*3STD~`(w!jmhcp9PZRWXx-MQ%GG->0(*LNeNoh&!fJLEbJ z$CTVrZ%;=A9(Gqu7^7Ga3eDQwnmPq|_4AxI;*G{JP~OAFpKVJ#cBNBBmt0P&THS~i zbUdrKp$h0*gTiIJeE!aGk#L3v6JPmPJ5Uuw;uMji=@+|9#`llFX35^yO=tfeV{bQ8 zuaHJ{y@y_;V7yVM7tYU1e|sa+N|m{-nKx(-tnL-=oaDG zRgOb>$6n;i*HZVEoqTwaFRUr?D^q`oEaEm=$hQa6^SGaMbq17?DBFJ((3MZoLr~>v zDbP{=;eDt?kLfXq;{N0b#vFg;k}U^LXFCQB7DEp0xtOVNM#^e1YjaBH$Cuhq^84`Y zlZ_WX%ViIwg+kvJ1U4lW;%ddvySmA+!_URf87l*GRv>i=!{wLcmfA}ev}*|xp-s1- z86@N$x+XY4Lt?{^VCD(jX#kH5$y0K|f$3+4MQXE>`>v)1M!UD1HcKp~djj_nb@P;i z51kNSoX2}~3dW3Ec8b`_XrAy`Yo^73tbP*qQPflC^~Mfcp>#{cxUz{-r9E%iPmGvYepcf~Y0?9pJPuLn4} zq;~rFu~RCykwnVFuuPHIA||vyl!Ov4)dvYstNxi#qxSF|6)_A zPkM{tw>{ko8{lAqKR#!ik<6h~p>BP?B`X-MR#B+IZ>&}C@XKG zAatM%-TB5#=a47M!2imvSi4&^q9+f&jH6!0R?8n`d`-e z9#)kQ*gv7j5}tTb-!U?FDfu(j@7>GieV^Y(s9h$@z=_BK(l$e{5Ut_-ehO;*_6-q@ z+$E%Km>WagzN$1BtFFY&{I@xTB(dIvm{}@3Y4Mha4H-vyv`3Pg6mVG)rP;Yv?q(Hx z4cDE1WM0k7_js+8GQiZE7pz$Wt|G#GueuRC66kokgyN>AprOtrKLwJ5krZMxO3r)9 z>7F??G~2O$(HiLN?|45)4Lv>f;4jxf{9>!GfVd#$gM$^5$!iIcY;TE=R}-Q^tNh%@ z`r=+22jE7P-p>kU2QIL&NwPyjTp0ax%uX~pmy7BEY?QJUfV zgP)>WE_EHZDAb-C^%+R(PUU76TeldV?cZ!+3wz=|zSS-fP2R^u8H4isgbn84h3tja zc<#3yFn$AQZcRJ@&Anw?YMSDcIyUDsY<18GVLDrxOB1gzT=*x~BX~0%_wB~|w75A0 zP^!6^b>Ot(1hFo1CP{olm2#L#Ex4&hrmFgydS=fAAzpBl*EKnv8-XhPd?pEPfC39vJLQ1)8PT5cX<~Z@ z349{(nf0z*GlhGWyzcL4Ly}t+=DL@}^)zkGaI?;A)797=`FoA0dBy4~VtTf4eF0@% zXFtUkPvppO2~DGhPzn6e2T2p>R-*ji71RBIoT5+St(kP#1I_?Q5xkE z_TkI9mq-;}1UR4CXyckRoHS&i{s#|7rMhB;$xJWR^9?C0hMr2tBpOFUHL9W0 z5k(oezDATIP1M|h0NujAEyyaw4}U$%AVshJg|Iyz^4dv7fIe-zLR_sGik+7A5f%O0 zJ+V@7V2~?l8x4sOEJZY|gE$?hv;{bLTLn0zKC&f8cM>E+?YjX8l)<&i1#kSxmW)9UIA-M9-RGls7JyT~&fOCJ^$i%$9@;1Z;iM%_5Ua% zQ5|!?jupB|qOOc}h=G#=O#irAZN=?1R$$>Xc@30)Nz-Xs%WZ}O0nkru@6D4)SC6A0 zTcN}HkmvLJYmQHPF6!5AhRQm;PwQi*_friBr5*+%KX^v<=HGxM9%Kqy+Qy61Wr^M{ z(L4$J&sDUnv`uA+?ycb_n!h|j)RZzeWH%ov{)2#IS8{m(LBot7(**S;L++r%UXEI0 z|CpF(%Im6dRz1dDNA>BR08O+1W_g&-3Na>L8Eg3YsEjH&gj7SG8T=5_P%3m$u-Uo=!U%@LlKu7AKvP{pv)`vt_bR;u;?1&3zs+may34ri?m{ zm`Pw#ux#Xwrz!_I*qRBExR$Du9QhX}6E4bsYjMaABZo4TUT+YmB4sWn3&hFMl)$$_ zhW@&_A;3cwokMdNUH!gX-le+X|B4<`Ui@RDtmJ1=iW6!$F&T$D)fbFZ=+!D5__C zFY9Ira%p&47Pa>ipt~=MS9SY4AeJjyBTpO?zDBQaC++jUBO@1n(Q`zbMq-~cc!(ZC zG8UvIdRV9rlWbd~Bte0|+qmml^{E&uoU-k9S2Io~;!%9a&0Hj}6k;AwTLH5c&Vo1! zV8t=J1RlZul)GVRpriNijaz~{CUf7hI5)$-A4*`Ed~~g7nbbR)G|5!a2C2s!Z%{L= zj}BIBl2f~LL^(btzWgX;G;}x|)hHOj{}M|+;Y-jwd}fF(`Pr(&&me&$_}neUGL<+g zE{R&0pkKH<8?va5~^Y_L!JA5EMvZbF4;N3qV>$QPSsR8CnYWjx=jQ$xO-7c+4K|%z65hWjNb9=e)dn*1 zN89x)QUN9%AT(_+n)r`DQ+Bu)Sfr0P48vDZHn~qN#l;tO+>BA?toI`CWO{_Z=7Y4} ziTdD@SVai+)C62AI+6TorN_>nlcTXR&Kj} zEe#J!PKuJ>UXBCCRMA?GA(lePk}W^-Vl*LY8-Al_^jV+!4Cyi`r@46?~o zFTg6Fs@T#zuq7LNAExjo&I#c33SR1=twB;O&0S)zzF>?3|yESaF! zf%5Ik2Nae#RSJ^^A--F_>kTpqe}R!CwWa^3U{MAM*|f;!snYiUk~vSTy}{`^SfQtS zK;nGkm~F4%v^c9M*+N6*%9tDq2T-@@@>nC_uZGU=C=!zDR=Bt^{AU~r5*aE5S*@<) zq@D(}vpk@G;?^=Uh<)7;TaJ_4UHr=|&C{5?u7s6y}3?wIC*0CSQEMXnxXP zud3KYEgi=!R|jq5&5)2vf|H`zvDYH^-;J~cOt63ZLvP{hr_zdIKwu&u zwZA{j#I^)cvFtQ#h`|HNPIbUAu*xGX2x~L!ISxANDG5uUxAM2Mrh4vDhL8hpA$g-Wy3C&%fGu)t2UTxLKeYv8Ssr&o;8S-Tcl?T1oHFo!Ev}?dDnP`MB9c%Dyj#?-H65m8QK&UA z{+94KC&1pJbc;sEy4=T4=Mc~6Q)8g?K>s!BX5Dv-`VCAA8C-teQiYp$Y$d?K35K%z zJ#^Ho?vC|jJIQQ&IQWiEJ-@L`CJkloVc*_!37sEI?F_fS*U9&;9^OF~eo(+3c~Iod z$6S8Rw_1=){73uD>G2E|2DbxnQrd#G1r=zy9HzeX0* zzN+)iE8RLpok0ht2@#aZfXZvTVjidZ^D)E+6O0u!dc-T4yuM0VpE-Ezk*5A_q{~7- zHT$Ya@C1AZuVu~c8cBrcW}_(@zw#j*y$;1vHGtEGnX0|^f2SLc8%8L!GBuE``V_5iIRQqwX&U5S^<9OUsVax4P}(*tPB$Y=?9&ecGF@ObImy@uYV9CeR2PkdA*o+|rg z{e|YSoENzsZ!>AmLPSs!l$}$MD6qC*+kM)$ZQHhO+qP}nwr$(CZJ)O0+?n^P=J)0& z`Ps>?N+ln`T4dNd4OaOG9onLMZ8QEF3`HR8?XOo{ABn?U79b-^gtxWsEQQX*GwH`M zDCR+%b7Rj8NWN%m?oC~5i?+uDPn<{wd*@!TOFpx#>Ql^b$ry5ff&$la1(%gnmxKaO zH0&M(OK1x1K}_gc22*(+(Xj|ykD3(~`Kqfxr+|=G!=jP^CXbmg1a_>^=|)N@GEc4r z_kn_~xxl%z8iGkT{s9eKCmfANuLwmATYx@5xJ_(3pes2lW3AE3g7}OIE^$7fY)>~8}cLOH1Vm3p|b!DI^ zNdO_0&I|G{S$>*-v5ZnK)*HyzDZ^&oQ=V-ve4x{O)}U#+B&XhamzX-{fG_X}q5!>> z>qi%COCZEg>88`G2Z>dErkHp+F#8>mC<#DKDX^~>#xI6En?SIZp1f^mb@whZ3spX= z;o_=+!Ah74cRaPu=i2XGdh!y`Pk~YUG8T(eo;68=A13OA@PK$T83dj-w>dcDf$z{7 zmKYWmOprEH_Ic+$hs=x~LU-1wMRVEN^iK6XS3y322kzaQ{|XBYsl`m79jxCZ%+e0v z5!Jh)0Zes+H$IBhA_x|~;m6DcZLDL`KH_NodN%zG`^_VKn;#54)W_E<=>VgHT!VUi z%7=^dBfCu;g~Y`eR^NP>!BQ)ko60MM($<%nSr%7TqX=AUHK96SFIWi>drxg4T2pDeM8rz(HT}JDWV+q zZJaejF+uQRqyJ<-7*{~w93x4(sCFrMtAw%4$sVI?<-LDx&Pw%XvHc_P>WNj)O+-EF z_j?+;F&cirIY_Tn12xkfnu)NuxjhR1-0pJd$mPe~mi)NGxd)STV-4&45UN%aa)-=z z-WQ<#+)7;&&yjpfbbTQsP;e>sT+1qUDg{9n7@NoneJE?gEh3kiq4bR5Ify|hxp%o? z34O4iG0@42_#mp*(}3%ml6;sCg`eoH{gsXfY*hLkgh?It!CchH?AE#Vj={U5g5Sn^ zt5em`RL+Rn9{H#-Sm8mrW0!xjHJP*|SmBb98-Pve{&&n-1AoW4NE34nMoO98HS=1m zW7lsnTO^SxTf`vXu=F|h)}>VZMo1izDBS6VT z?whb}N*mv*=qc)#Md3L|#iEY9SD3y}Am>J_l^_3vnXULSYNK;I3;(E#Qu8){{#kgfKXbs(0ELud0=RxN4*S@mw2hZ@}5X$Kb== zM6aslwys>6iHTc`H;i$(HSf~8`H13J=#u-uQJ>HPR9P#JKqpebKn%SaJ zf8(2^2~H~8Ts~W6kME^mqxZg;Svx$GE&kWf^@?6Cj`-JG-{893AMjKW#!Jk6et%Z} z-DQ6ZW9gwj%~jc|_S`XCWhA@~?0rOei|?&Wptx%b7w(|o!^{GIo6=lqgA#=IXBS~! zNb>=?&RLlTaOeRC`T{L->e#q6G@xc0-pM9B4-XRe$6{cwns=^l`e#WXx!n970Nd*DZmaoPAqVF zo0nix2qz#w=3!FgJn-GWJ8=PXWawn?a1Sq_tmC73PDBdGVN2741C#R1s5T>**M+Hw zidH4f+_vw-U|_F(k!}KfKF1=QvAw!6nu7WS@TF`#k;#7YFs z9Sz2Esm`3us>x=C9;9IYJ89x_m2%#aqud2tm1&;ZTf0riV6iMz69jkAwW(XGIDdEiw> zNd_-p6J2T@S-%Q`4Cmcyz)~}ER*vOI>68c0_$ej4TdGv@w#t#>lB%jRaU_M}HDyn&iZWra&XV|$eYW6CUKt0LQ1otx$E*@#uxwLq4C(@ZL_ z#U^DhA-le=#zKN>BUOWlxWdc!XEsT`xHC+LFw77?i6cryKh{iC6t};W@5ewFlN8u0G;mmwm`=N0WNuGL z%A8IivntLMl5k9UH1##Er0&_*J|1Uxf9v0MsUS67H*H<+AK59M;JW+<_?heh zwRR;CUYUfeg^8Uj95=(R@m;Tg%8`Uhx5U8O1frnTmQ;zRT&3%(5Yk1MpU`;Vf0F4BK*Q&YZa2i~`PJBOD z>s<{7p5}$MpI^56bz^Jn|L~BU#v}3~mB9d@s6yaf9tOcPMV}(O)sRE>qKES+0)1J{ z$g4kbBK%{9Mefl<=_UD8AGJw(=kL@^0nn*r2o5D$??F)PF7OVSx}E#$U|PCvYOQ{ElPD>AS#BlC9JKa((gmB8a=Frhpy>>rg$ixf5LNVZI&b2?$aVVp?ui8^W zqxTEdNIYtH$B%JT&(H~&$#>B{;L=AeHT%cw)jG20X)qb5=B>vt7Zv~_V8E;16wp8R zjs&u+L5ufxA{U3eu$ib@R`zXcSTzwm3->AUh#fLNqB+ktT{BpYI4(0D$@L6)eBRBU zaZ#O?mC#8KIRnU)Q~<`}3nCqbU7ZQij6bUi21F}pq0^VAG$yK_2~9T#_&g|$pEqCe zBhUaEBgD`;7GN0Ozz#~XeM^B3W0~9|KaW)P1RdPXbcuY=D3Kk;;U0V~EX!93dl^nX zZT($w4-Q5=oHk-P_-r^sW1$MzXLpkGnDB|*5}#MRn8hV%FR~q1<-eq5rgG~nGoM-) zAd%G*Sh79XLcWG8ePPV%O-JQ;bv?QTk~RxMt1P>q1QJqDqYE;D%P7{`EPtXvWsLpg z%r5aj?ZW7xmD$b?r6FyapBoz$gUU{wN1k0KH#k9RQ!K(;YUN35SK(prYdblYHxF{a zQ|mfS6>%6_q|u_md&(iP8Q@MJiHK9xv@1NY(dtI8&G`G=i&VT9TzfxstrPTC4_R!o z4t3h<%O-`vVXR?dA^9hfM0LG;|At7egXvgXNMY4d?*9DzMe<;k3|#?XtUo0X9+HCx zwG-FyIQP&&)XTvL;w!wQaM^PI2dEc_kZKTQR2?NrV*CklRZ6DIaP48Z%MwV#YsjeQIM;&wrBDo&nu+L;(bKpq?5bH*~27sTiZ zzHTgIY27xzyh?zwByr2D`$V4@`a^L?1Bv=#-dR5EoUgUTX-3_SzE!m7>bZdJyw*?0aj z%t+;!JWKq@y@GPZ;@_djxYINy$cxM>>b%|Gtf*+%oTP1I1~ zdS&3n{q}y8m{OwMqtc{Ftv`UhUm3TsDgx4a@VmmbpasoE?ZsZmTV(#?WGJOf$p*uhhe8K<)@f>RQ1&M zwiv3_c*tKc_e#Omy=!)R6E?oEpCyS8lk*d50O9C~a5lnA55_=2E;Lzsz0{UzcGUTLT?|%cXc@rdLb3R zF-q&RvtyjS+5FY`xMeiqt$5Ka1{uuXC;b(5UxNg}3Ln%|>@kH;Xj}f2zOhI;93@rd zF;}U!I5dEYgsF8?`Mc{T*3ZU`V#-cxg)!Dxe0Nv9%8Kr@={C$?1_j1ljxn$+JCYs} zV`eP!R@cl)L7#ERv*;{?xuz;rvx#5=p%pGY|20z8B8_^`DUm2j6NF>y_2ni^wI~}ju z&NTkqRl``i2|~mZAP@b3N#GB@!FL-ITlDFMolSpcSuwH-QO1_9eN+!>VUvPxj^CAC zZENKX()MkUOtK-0kv+IjJUWq;{adXdv9iwFPFuDms5fQo_PzkrY`!eU0L}jLS_@_c z2U5F4#t6;eLFwbpjJO+(H)nz51mvjPfycluovcs!Y8E@ULe_8X1Z74krr^ehpGrPeXyS6n%GflR8`vDM-L_ zs1W6S>yyP8OT6zTqvV`-ye9Zo|IiiC=hzs!V#1klxCIyCy^3MM%OP$rW9S9&M7G#A zrqo)XgrR??gdfZdiDxRkdp%t!mkj)I27`sK?}AppL`cU8RE0hXWubYFjI!w463gk? zbHd&RzAP}Hc+;^wdt>Lp_q4yWG3PA#vn+CpCH{F!%Ia^<>t{s5=7dUy?mhfFc{)YQE48o|`UopO0jA!=h4M5@Xvxhscu3I8r}PT=SC zw~KDnxB3~vu&QKhy|?DQq++dw*nAA9^p)Jl{xYLt5=s=oZTdJ7TL#UmlcsMO-Ly)I z+hZ~6%75a%olQ)NG4oOiXp*a(k?6SM^Jbf|P)OCtwsYKp#4O1mg9^A!S?y`!TyjN_ zxU-4%U2`-(@c!P2aLbSS);}#>T=#t$NpoeS1|TG>Cgj)KiRZ6Vq?Zadnd@-WK{48D zZ)4=Q51=x!X{9|mXKjR6t;k6kk&>PYmb5Quuh?ONnM{!!V+|`{D0ywKv=}nNWd`F; zue~5A5VQ8sfFGwe&mtm7jM>&peWum+*C7e%MqmZG?6h`mqVH^x7%Mi(WnTiA2V;au zPAzL2SOloSjV;$|KL{PQL!3Cz=!)IFwm_`G1DD#T+ge zWM#o$?0IzbZHdTZ{(4NqB931nFpihpBWPoDHD&X4kjspIyl?WE>!A+%gev80-^D4R zwN{tr6FX!oP&^;V_`u8+3R2Ong>B*IJ zA&DR!lUo32M{fZ9_4-_kK@#<>BK=d?@L&r(v1CyT`^<`+qjKAYSE5XX{zjKo@*_nH zxu4{|+(=1^LbJB0$LA-=9~mlz5E#pbjPj@y^fGamPH3UQ6qHk|0(dN#Ch4}mkhHF= zqpdt;^dD}rqQtftxjuly7weL$AavU@jIywvG{v3Q34* zD?%3I@D7UQwP94%X>Y!wQ^3v5(i(f&9B@y9QE#mQ2=sD{RpoJiSc)dF%Z{_>l34_C zw7(|a?(jo>C^3`3G(L!uX%!%1ce@WgCD)(+)$ATL$yqn?zVo8+G|wz!?R{gT+qN zdgoS<9Z?58)+RYKfo3c`4D!+JBWKKA7tVdNdNUWA-CWU7vy))I)g2>KSML4}m%HsY znN2(BQ-FHN8O1_z*G>R9L=N&Fn+aw~U14!YcLlLvja;5P*a)7Iq|`kpxI95TBYDwr zzGhWps8)sr8$>!7AFK!%1+`%d1y4%xPQib*e^(7(-|TTV3jy=c;Y8<6rAJN@StMH5*y z9uTr1&Nb@*HvF#r`3^P`d#Y=)|NfnQynW^Zm$n~SGO~R=4D=-Zg)Y_o@kQ0}HUj&O z{YHd~#p>rk_HPsLh5cARO2QsPTtGp8?AYkkb{jDhfHg@s7wXf3%?9ZDjrLApCDTKr zub*5kC*q8uVd3)^5!%X?K7fvlA6{M2Wh0<=_QPCtd>V4r6m_X2qhbwqHlFgHm?J4D zzEPmvM5o{nqgwD#0U(~+k76(?Km$*KwX#c|eZj4)Rf}Wj)=Gtl3F#+y9Bw>z+6{$Q z{!v1xk8DS3>+$u5y-V%In3q|;-nOtf^?03hv$_AKa9R5lOb%XA+8E`{Ha%CSQcLQH!*w2nZM6qHJt)Pcb6s?ay5q_2beI1H5at?bRlKQ#0rOn4#nHcABtLMakEcYH_~oV87J8Rf4&cDw`m zEGuF*%mI0Q(C88q9dKc%lZ!f5k=aW_MHpi3?_bOX-tSoFM(E7S?I6@WJ00|Ujz9qp z7su>ovrg72f+3aRTdLXMC_XS%z;L^9_Lv}h0oNU+2#qpqIZz7cSXuZ3jtM%s1kI*F z%&hDUp zSQsOlm|aLqWI-boMtefmO5I1&@~E&dq|hF9PeL{va(M3kRw0gEnU=0PQX@SYyRArF zS?2@whq=s(#(&bxu)F*??h5T_&|TH{KmyNPyQD=HLjp70qs6WM{pzzJ&c{9pvT6lv{y=Kb0^`(X=pgP4z;pqAsREs-=1$H(K&?Kh0a>+*Y%tmr1a8F zywp-h#=mT+Ha!@CzrF4ltn>+T-9Nv(0(2>!O+alCT&I~O!mtYOe8}5sjAnm371uxs z`!Nz%+lDRZ2SuxaP`-x}jc7&x5MmWJsOcMNVL^+&GAqe zZnVa7O|5dG{ABh3yzQ*nV9H?lK1}v=54_wC=`qHRyr47=;S>QVLpYo*71e=z$D-2I zjwKhM1@plWaRoSv5nYoBGo$Ij$rxFV_^mZWDkHenfz8UJRrv+UdCQf-Q@3uIK@tw% zESBX%AST)i@MGU=%zosfq(cqyr!Zux3zEOB1{G?+NuW>V)oupkIThw}nGfl2wDMTM z8z6TXX^(^Ug@f0zCO0hVJ2UTTD91PWU>+pzzc{h^v9!h}`E46ku2Xry&5wL}R8V(p zyN_pZ0{t@%p0n}v>7zIu5?LA4!r^Efhr;(DCugDt5xW=UUf%axrC_mVV+|#Ag?P27 z-HAh0XhPdnan)Hg?CyrJve7uzz@MVTb^`6$vp+bzmPNPTumM{GQ@4t}Rv!n*cC@;# z5NvqT2~u+yk8h=iGv6308GSB%X$_l;{s}_RWuQ8mP#cQYqSfMWacU^;06Ji>NcPQW zfb+VFA4j7y#aa#0B)pz-<-Q#+0(-K>qg*0Fec)ETFfuo;S~(@v2GH)6j^rZiI?XPj zSlPB~SO!t7tQ(H;Ao3uUG_0@kqqlmoISENmeWc=!2mk_hon0%&_)3UV$*d{bE^%?| zlb88un&r1B%IenFufrM)ch_Kp_e}(sE(*oyW8Lt-kQ^F-pIb&=%?V*v;^n*@pGViy z63bpum;uLw`C~*X6xCij-#=kT!917{I)T~h7oJ=k1WEareF;s5tf2Y~Bwl!4O0PJu za^witSNNJML?9>X?7+qhe3VVnxBc@Dbm;943A{gf0fg9>OJkRCa_VBen{)Oyy!lY) zi2p3ZpVj62C&s!C>7tuw46bGhJW|9m09`>)1QVqF5oCf`NkAZ}K7g3kq-b(ibuL3N$p287FzW=OBt zj}og3tT`Mx6uOi3VCyZ`_pJ-7piOJu<4o~7fx1;%g*^?cwlF^UA+M*iLzqTj^@78N zQ(p2b#|T^iJ#G5hllDA?1GX2`p?cV(L9QzPbj>e~w6X>rr%t_+?r+|}GionOz)EGi z$(&Pfi6<}y0kvWNs+}<(7n{eNI|ocl4iGF`{%11V@Lp7D8n|KD>St~25`7O9dkLSh zvyOV-9GR<8v9#Z9G zFOZ&IMMU4_lBIufM=p=<$+$-s8Z}@w&Ul71=FE4xzDh?Fnvi`cJGTE`K|DWVhgsGy zK)TB~J}D6hur}}H?Y6xXcaBu7F&;V!H%*r|Gm|abdceCU#UpeUIce)$Pi>UOsHN)( z;GPRaEji}8t2*0e5MmoZx|hC9g^740s|V2x)(%Osvw*&o937Jw0VJC_PvSfOY&Q`{=BFwAwndK0sEKRhN5tM$H5m z`zJyyK!#b4474hadys4x{rT5bCkQ@+{p;$!Z>4kAg7v;(m2>#y4F z1<^nFD0g995S%iNmEKO7=%tG9;NajNL`pMJL8~iIIiuRw43-63>ZUbqsf0OX^p{Ki z(h`F%tVsN*y`h+r%(d24Kf}9mtMTD4IwIj84iqpfqW4p#l&BQVM-ZHl@pB30cWCt2 z%HZ^r6!VBu@h0%2tdxc@Z)9#YSd!E?1Lz&jPuN;r#^_01XMh`fzTfLq)C6vvX z?rNvIv4(s6d_XTg@dBfyM#jt3IATwS-phy+H3sG-2E%L{W$wKbm!c$#A4*H1B-^vt zanl2Ugty@&{4hC~?^t4k%l){^CfHhA5RV)fkBB-~h+AtKI1`ykTyUXGour~4C@%7e z#V^wbP*aN*T~pYYCFv4y9pAG#`3)gR(A)SH3)-d4tDR63=e=(p$qh@*7+XFFq>on@ zzmy9coSe_x456G^ z?Kg{}Yy_UWD(5i>deHT4)}W2YAz9S(pS8O*5%LQ$nNPqW9#I6LqU~&$djEK&HWaL} z5wUFz%hX~QI`7sRA#Z6m&udgADnYDKO#?S_D8HD^Raf{HuiWqB<1GkSAqPgQo# zZUQLtE%^(|WXax$m5~gx(3^p#*-tL~A72r#T8>yY38V(gb zWj*#|$vwbx`$vx+D#x*%&-cGJBW}J zUXkQ}X+tXTis-P0xF`${=96qb(pf=^A00&#erl|aCnAD35BS6Q%H?E@S9<=a=t`5_ zTIpQYJ(6;B1g`W6{}3SY&vlVMp`KiXeN>5cW_UTJg?@*lLH}}Dn_GR39YT=t9UTdw zMc2#uFr=|@0(p#2lJZboAXx~06amiI-I(Y^W|2!0Wr~hrHu|C-MWZv))rd2zI{EUq zEowyo*)=TAzg6D#Mq=o1C#r6Ib+y3@zkM8nSjz+KT1V5up!bR-UktJ3gQP*xV)!cW)KQ`> zRB-Qn;k@RvM9PqKdtS+I$zlWdH%VnF6HvhaZK|kNRuLy%qt95W?L1c`+fxvKwE83Y=pn z%7Q4~fX@oxt~}hm&$6 z-hy?qPWQ_)LQgO9pfJpS;9W31^*$Ll)ia)xJN-u9VFiQIfYfB+9uiox>>b?;`Wo&? zPC=0sA)FB|sRv}%OTyp66_6f<>bwB6y@k8gFo}1I(JQ<9az#p@rI~c?6%d$NE+#T7nvES~1achaRnx6Ee7rp$GW56x&H8Xc!=7IqkpOO=4v~ zwk^{YO^?B1ML^^Cm_osPyr_OJxyrn~Gcs6ovIcZJZ4xe@2D`mf1E)f?j!(TuIol3w zn}GYGLClJhAI)1gk*Y$8hwEBdZQJzFE!1?gz9+ahF1Q|Jn_h?511q7sGedIC9K8+D zaxIp=X=(3*XWgYGEvgX!3z}sEpT-Wlh$K&zW;r$SpB?ZM*I?~xZ}Q}6z!%UB;oU3Q z6$ZKraSAEuDB7PZD~iR!^bV~z!*B@V!WUu9`2(XHb97I?fjhmeSl5OBPiWJ12VY|Z zRP{BN5gE7eWs{4sjt2H{!RK~pEG};U=iuA}Ac&ATGB4c%;S`a+JliA9A28lBa?14L z`fH35{I0GksdJ@?hLSVlbX%@3!f=>})X9`%e_~HDyw&iDGv&{iClxcDw#;mHSFI;a zi)Xxl-+Z?L!OYTAnvAm{1oI!Q#!Vbf>yp@p5j3I+u&XiIpC3u=n)vpxHcbCr*u>14 zZM;qOt<9a$%-hq+cDjKsLLo`*fSc~O(J_DHcj^kz0EL_o&!?>+7%L0``cv=gqX{#3 z7!s+MjrABj9s(rB$8%o^*K7mrC|EYMu~A4WodfeZxmIcX^hC36LxjOyC)bNM`Yn^$h#s6+_OydFIxH}>3gt? zDcFO`S!56R`8SN%R%X7!wj6}TyFr)ri}8t?FWYDgU?hhEnHMY#6LxxGp0}=hZVfR< zsx~e0TF%ks#sej#WNJH~UGN-~K!}DB*{9lUcH}#gEv2qlNuk}09p9-z8a@8UpqnDQ zfTBNw107j{PGq*Y_3ZAQi>6AT1e<3&p_2dAPaM0*WsD9;}gz;YaO^ zPpp6=5*WMYr_**=oM}{uF5L>@Xwn}cpNeb;4Hwbe?6Yc!tFTK?mFyD}w&661t3{A0+$(c=0bA)1lORj&3J=Cw19M;`71uZ%<; z+i+e-mG!#oXf){<0VCe^cazT(RkdxIhVL&lLom%zHEtyU*>T-n_Yu!o$QrK2iJloq zDQ&CfR*9s-=$-)2A&?0x_kJwMIm=uACT1K$6rU#MY_JH|HF>+JDYfnN2&{8q?< z5K=Tt<)rZ2+6g5(amH~Q4rZoKST@bF^y>I6Er_0iS5vPZsu#qvjLg#=*x?2(}zbOd%mLXFz`NuRZ1z7*YAo8 zkQkqtFEr=&%6K{noo_Q)qJT>UvNUrmTU2y7Le#3S>HIbcuRm`ztgd8XSjYDK2{RFJ zVl7uSe;(({K6A>hk@7pakyT+r?T>#?zF_0iyRb#q^I)9fNt!kevQ{{-|2Cw3pd*M>z3Jqnhl=C_|z zxcv-r(4A#OJbO~KL5a4)f%<~rh8vZT$!WRSYinNsK@+@yKIeHdo6Gc8|GD>79Ym2+ zs0I@0J_Ep(sE^u7x(>NkdQS8w!50*7a6Kv@$OMB(y+wIbgA)DvTFAWw>drZt^HkV0 zS69$1&jbJhsT(C_Vu8V?hwphd@)Ho1r+UzJ;%+dKFEYI!c->Nvv^ZyrI+*aA`=!#g zC(xiPeu59$c+wHF*i*1I+aQY09a~TtCXYrdN>Dsy$X)QT3+J-cAJoW^d?<07OhwNa za|+eCk*Ca}#YrqHoJI6w9|BC6lx zRmh>hyP&Zj`(EDKz!&CsMzIOFO-jvx#t7@ptisElozSM=p78na3JJrl@rlPw4WuK2_Z-#F@iQ%Ik+E(n`$lQb@8mA_V^E?11d)>~Y5 zYtEUQUk08}{LWE8BrS>6O;{9qX$7xupZIdc5@*xYLNmBotl1>nAl2Oib{yOh8EMHFAr^UJY}3BHgObU#ds#xB-5 z?-fh3gSYxwWPvWW&c`CghUTif3JVM$Nwa-;o%)Exh1;J$>B70h->kxA3ETKzdQGCZ zfRtw5R+ba4`zm`1a>3zIV2eq0bmq5fHZbL4PLZl;`L_7{;fxP4f3eXHW|t+}&h{ZT zSoyWc@?zPgW#Vv-m}kG}71k{Lng~He0h_-c_JiEz1tKsqX3KwQJp^2|*aEc_meaKR zG~|59I1}X<<*LD$;Y@t8x;GTMIU*OrK1So5w;1S>*57a&YKQ9(gqd#!&Jb`>GPj{Y zl}I(p>$(1XZRMUNsD6(HSSMxza@YwHVP$tX2m3`~mm6cCy8?oHo5X9f?W-^_L2>vD zU$v5sx{jXjuC|FW8Y&rzBUDbmLV7Y1Z@=m zm=!+z)#+PvO)n^C`)V~JZ~G%%KG!S9=1TIchrcGU8y3z8!{pCgk{b%Wx37bCsmiTH z_7}+=lS;%wAMZ-L0QM+VNKBqYKw_W(Rb4Hv$?8Yz1iSZ@zBX070>h9gXtxw$aM~zH5_vr3RyXAF zTf^7PlRFgHc&*X2a?uoVgNbl&8K|Kq5`W)!Z4kse6aLzs^Xcq5>M1)CletIP&U`$? zA;&2l#Gn^g0mP%rVw`;X^L1;t&_gqDzRz?;wT-G0iI-ah+y~G>N9LTn53x=WB%iUg zmp#tgI+Pud4+Am7O z^H6GVA5n-DtqLFJTsYP}2VaQ|?q;pq22Q+Piv}t=#6H;+hTTwoSeowA7!}I^D*ZBG{v{BoFETp5azFNOWWKzrJc%RmF zKYL-zYeqzTTyv|Pw0m!#0_!c*`bwDM3;*G>*zLFax5-ztW^pkN6rlh@a@@?pPMXj_ z4I?MJLo3nsfFT<{vNHz>XR=Z_6!OJC2b*W$CT?~t!fl=^ zN7ym~w0GNskTb|>Q`=rEicRwQTv`fJz90}vKu|xlw4QmbU-uIG6t1yK*ZHS^g&=bNQAH)tg_ZpNuJam^XFVeY2AQPn&mz>H&$wTGi0i;eo&-mzk zMMG$ZSPDne(#Vz?a^s~vbYFCi6tV;dkq*iViPlJ2-&{r?{hgi``+U2=Z9Kv*=9BA5 zWZWu(Z^&D-9A$0UWQ#nkIF*R?I?pCM8lU}+`I)wFG%n`aKTaY@FRG}9UFCqQLZp7H zWAyNO-9JmXk^f!aFC+g@hflq9zJ7)xnIj!DO(onKSCKi(Q1dJ4tJ;8S68n+?zw>a$ zc~^uU(i`14>?vpc2?C1sca-wcjiM}KVmwDQ@HVp~@0-|0Wa)x4fOCf_iKSJ|J|D)R zYHWuQ2JDUaT(E=WLQtC&U381ao`Cq(0p}2v4%CSYbwH_;J_+{uO9y6VUw&Ew1VbXvJ5JqyL(E)vuPloAc1ua zlZ?br8}gU+Acf#zpBB@p(NDh279-a-))O>^6%dIQVPdcd<)0RjwQDbp>K33WVB~4C zeZ2E;yw0QBDs-?-x*YaaG&%EWzafs8LBaT}?%QDOp`_hMxA&7kNQS)>Tw#)#R(kmz z*OHf~sBvsk51%FVfLIJA1}O-JUK;DPS!gioCyri@`9n2OawV6+GUl?Oy{LI!VwYWu z1?cew42;3-U7k3L-e`tbTGRs%R!uncRxYeg??zhy1+>woA zMFGgOK{13voXrAN8GNgf^w_n;6o@6Fn0kt_&5NWnaG`a`1(FVY26vsSx*qOVH74lK z$*UEovv`L~WG!rwI}Njeib?|b_6Cm5_;#lFa`q;+N=nlB47BvLjCT0=jBNNa29EfQ z^bG6(|69z=Ol<$R{hwO+zl{I?WB=0@5&G|X5VkNiwJ@O(H?g+1F|hrwQvZKLg8%>k z{ZA6V|B8cQHh+XHe(;z&PcMo@_?{P^ymLc z@BdaOjZK7Cwz?t2l-}>NGI1f}QS;~;Ic_vXbxyGh#fGbqg{>BVkbO8xco3d{qzg-3 zA>WJ$VRGURXe&CF);`z%N|5FHDJSS!hGW$?qXD5JJ%XsfS@^n1sS0T0UfPi|*pMRs zTJx{^$yci{%D}&YW^~*M7MqwMGJg-POf3}4ox(%^>!wPpXAIr;1&HI8a?@T zxWrlwIDH;bK$c6*@w7}BrJbR|LOl>=(SjfyI}(g^G?GtbpX&FXhn;j3gwFUE3yh{8 zxacs11u+UwbH2~mh(m5?`lO>c=da))zQQ|g-!bftIR%o@C+P?vp8=t6g+z4I8;}RE zh9}rFMD{iPNgM9S-v_YlCF_o&hUy%B*H0QZO*(>nk=gzF#Qq_FNLH;;(fy8M|Ly>A( z$m23UF@`C`8_`H9`_NyVuOLdm^@XpwaxiMj$Yk&9o@E!)RPx7zcXP=2Ns1X^hQap# z&jfu?;bAPrw+A1v{aoz%Hcnn=4c6cqSN!k{m*MdP`6{F!;KxIjD?$^1Nf_0C=|8;$hPXYaq{IO zOi--`OlZ4ux2`+-BGe-idRtZIw^fl$MT~{?SOn%P|A$_02l>X)mzEiQ=S}6DB#33) zOF|G7vBSs-EX8@lvi2zE0ZlTp`M;7t85r;ut^;e9tL1?4y1j~_kcQq3J|l{Gg8*(h zPE{Y0&}D#li97eD9q_V}fu%>k$8&!yL!IlQGa|ftcdg~CzvHx_o^p;dY2@x0`K!}V zFmW#=A+{zV?$$os*e&!N5Nyd7Q4J95(g)~;T8e=M0M}fM9$kju&y*oki-rhJp?V+z zmv>dkQzKr~+WSfMP==$Y0ZEeOmEe~7zd^Y~6 z|5F6z(uC_%+>lY2gUIiiA=aFh4^bw_`WCH$I&2LmEoB-wl72TwMx?8t?6EAqAh!Aj zdmkSRZbUaE+K9uWD23kYJ32#-95JRy^$x>EKJUkNy>Hyb#nOZVF{6fJJAa*F0Jyi< zwb<4XP6CQ6B|eV)vxM}2*t_dEsjjS#*ITO_YZ`ZG+}+*X-GjTk2KV3)+}&M+lLQOF zLU0Z4?hx)e)Nf~oH89D%|J{4LKGXTqwVpcVr>b``O{d(c&WF7_;P~LJm5%kBk^A>(g3h0VmW^XY3}-gC`6cysUI>i_OPzjw#;e(iMZ_VY zy@KzB@X-+!3YIHbIK)5k{_7oAv~1Bz#Y4RB{0Dm3q2nrr;M-5}T){F$D^+R;pCqom$gzpU$_EJ4OiaxIp@gw27d}Ez#NbGgqeP7sJx0t} z{!_+|6E|M`1R)6%B~FqwS@IMqQ>9LmHeLD*88c=6G%s4M!ausWr7q4()8lqR?{58c z`0M%e=|-fZ(3b4rVbA{My(9kZ(1`vVp1u;$R}A{fjW6#w@6Yb=-?rh5S8sd&beo>{ z-$?%d`oEDM_k8?shrdq1PzCn=e|+mb;k?7wHsGE#f7g&tTlv?MjC=M-aE}Xjw(erM zhm||ID1hzu^EU+F7C`%hwgmb$-dTz>=1?>GO$B-c1W5wV~$S$w()}W z54C6fN6$F_i6Y>%?sh7G?|t5*?%xhU__Mnmzt)IwZhQUkJ>Qh{mhtz_H#+VxoVmF>ChxDLe);%*mrzWjch3*hFi{POM4{xf#l z|5_^)E&D$_oBs7$pp!IE>CZM{)Yt^&(~|*r0G98O<)A?5H>=DFm&$zLzNm;>J=&Uk52vR z1clqR?cAho=d@LNv~Q9tq(S@kty?r|(78psw&~k7>eN1M$0i-RH0jhiLRja@G-=zc zbMsswNgLDoh7}@drx5yIi7Hhpq^D&i?-=jUuP=Rl^ltCC^c9Z2O3;^g@QQu0JYK`f zghI&%QcEeMj1(Vjs2#C9c_duO7Ch`T44@SQ~8AH>$w0S2L}jq zonCNX2M8UHZc-Cg=!tZV#)K2{IbDfr5rlmdL6~eo!X6D0I(9@M*9HsoI#{U6boTus z2^BYrFw>(5u`!CU{i6!8JE|}rq6#%6nlSsL30aTc^vsAMOqrNMUyCVJq}W3K9#^Qm z@q}3rPlyKbh1wmT-lxPTn?UHKA;O*x5$c(2$4UZkVlIO^{%LpJxd9d zqcq*tWrX~ttPmmPgj!urn0)1hOjkjOUn&Usj-Di8YY4r&h7e(D3frxwklShraj2Hi z{b~zwu(q%T>WF|WO@y3Fcix)rLig$+#DN|{hVLaroL)lTq-O3dY{YMcIQp$n_4^39 zps&zN`U#b@KW%@2&`}2o5r2@7aR<};$iZ|Q4iN#Z8YnTlfwDy#DjB)4(t{c+8?A|w zU79I-vY9fz=1RnGuI$gvl`hpnnf@)59N$u@{VkO^(NdX!R!SslrR<LN{k+&WV!Ql(-pQ*zEKrP{1k^1@+dU;nCPk>BWaCzaW9QrTs%l|J=W z$%(;QEDYANKuoQ+#MCl4M2i6lwThES>z#?TSe01IOsTc#ms$t(EN@KJ3PyCUXk|SmHcKm8gq$5U@JYrtQ=n1>e5xL+)&#JRmaNveXXd~-ffoY2V3)MuoZEJSk-ihm92+bb#|x~-wm@e@o+2NkF>V=C@W5kvbyqUYtxLe zV)huT4~(_4;aqF=JS&5iTK)4*P!8R*$ZL{i+ZB|a*Ztb%jRyNsXwcKsx`Q6rT z*<)3+y;k4eYweXEt;zKhU7nw{j2duny(TcQ}tlWN^Zi_osiicJw ze`Iav$JXR~V#TT_*4%$(MaTymu%?Jlit@gI+bw)%K}(;y+0rM=cl4P}9ewI4HCrd2 ztlY(?ws-N#NnL$9NjINO)ZHgD_Vekm{eAMnK%crZ$S408wWU@CZ8I-*(dIA_Nla6 zd?NoApA6dS)0?*X#ObYc8Gi7I{y+Gv*ya=8Z1>5zJAES4E}x3K+b2rz^O-06e7f0w zpDc37Cn_EC$@+(V=H+3ZuJx-=bo*wuU-HRlcd2)MCi*>}x^~YezklEp zA&-1=-bbJL{i9Ev5dreMFahF0m;m`CC_pri7@${143J@>2I%@x1I#9BfoK6TFnWM^ z89l&Wju9aHg#_qy2?J!Lv;lTk`T%()bAX7ECBVMS5}=P|4X}^11&Dgt1Ju;)0VX6z zfL)$5KwZxnAfo09kX!QysAu^D#0P5T0s$g#fdJKsx~4#Y+*L3@L@N|vP8Fi_FBYKt z6bleziUr6r#RH80HRyxJ;)8BXFEO;MvQcRF5S3nUlKX@nO`YkZA1LXyr3bynyrtK< zpcul2qt}K$vFQCoEMZI0YeK7dLdB-ngfj7ko=dL}59rU~5(xP;g-~VaHK0~Xp=zZP zazHv^E~gWE67Bb|r5Cbm24SOT6tZAup`T_KHhoSZ0}2a!tFX{}i_pHbh%gU}2w9Ex z$AfAKwY;{FX<7?)x3!QD+X=J2y%04z2$Q}ez31sDWTVkSL>(j4fid)+XRI(o#tNBv zF}-Fj7OL+OA*b&YHq0)e;_Mb;>TY4$@1e`GSIG7Eh3NV~$OP|%X#Gy;R3C&|^+AZT ze+tw3Pa%gymSRI>sai*s@MaI5T-R&#Q(|%GU8XyCjZjz$YCMm=JB1N2Eq^bXll($bv z@%)6ef1H#e#_v)!|6Q7ar=)m%O3F8vq{wku$~jl1IC)jt%6~}H=9-j~Zc26VmK3RO zOFQ+p6f15^dGfv#Pwq>Z@ud{8UP+ns9i8@_l!gA3_R^oy+@^Ow>7+8`CvO`*M3 zqMxSyyisC~QF35_65|4t{3b}LEkR1`3sO2)L}fojRI*hRrH@BZCQ($SCPh>FdNie$ zMpv?JEM?-wR-$!mWy{4;=Epcn*Ndyn%D76tOrdm*G|EIxtHj{6%Irz2RN8b(s*+0N zEUE0PQc9I8txW1NN<1#3)RMAF6fdXj-f~KAFRx6y3Q8QRpiE#zB}!IQvQjN2de)-T z*H(IE9cACtRU-2@N{(x_;Cir+|yT8)&A+E}Tcjg=VDSji7f=rymY(&?HhHLRHu zlbR`+h+aqg(QE2HdQCmwQpx`GTKc?|l0UXqYF=BVo3~T8M0=$ZcTl2S2c<@JP&!RV zCGvMvrb8#CV|P{}cW1iYIxADWixN+|DEVrT(nSX=xtLyKcTvmH>+B7BjlDWliJHTd zO)*@FWy6)Be{4z?8mUC1k;?u?y)u$++p$Unj#H}1I3+raQ#StuWztSmV(UaDD^8)? zZiy;aHO+m%kS zLy5{elp4Q7>5My-D6&(TuDg_&yi2KryOeoNf3~}oT>X<0*M3rR%04Al?o;~Uex=49 zQZ~%5N>Be)sq??mWjUf$w4=0*qe>MzrbLxv%B(v^=7bVsPAJ`h-U#RUogN>jl&F77 z>EBM#hwsNaF3O2_C$%0 zr^>c|uH^6+N>zEO^wpQj4t=dm;y3ghd82H=TP4oERkpx8B_hA4_eAfNDE&d%bsv-% z^ry1-{#0VeN4jt59sf(AZC%<`jFMX2rM{EeBv)DuRa(T>T6NP}4Aa_dpg%{Yz4KzD zm9bhxv)UB2TFs?D$Mb1B+^5AHpH?5JK>^z23eaj=fELjMwH*+sWtK2n?Fggka};eR zhtncXc&&Pe*Y;(2Et*Eq@<=2te37-u5JiguQM9}nTbtr>w5T3Oo4~kQM2V~Q5bE`~ z+9Zmnb+QCnj7*@-_5@o09->XXgj!6X_jMl=YC9&8Hfa)T@qJ=#D<;)CNiuDpCDS^8 zaxH2n*Ros+t-ej6ZHbgxv`wkarj%MmN~OinR9dY~rR6+&KNvramYdRP@hY8G9n#a~ z$)HvEjM~o1q|NV{v`U^?i(Q$u4$PuWu`F72$fEU_tXgf%s%_M4TF1{$*CV@DeX?sk zI)@h1b7=iAhc?M_YIQNEHZgN)dozy~Ca+f2@@mm2uhuK_YIB$V94(*Lne%H^Gr!i4 z@@o;HfL65%(EHc|+FYkTq3?4P)HZt|t?CxidRkF!4j0urVKFW87Sr-&X}TTD(4Wg_ z^&|C38LeBErOR7Z%Rv>iT2?{J0adjvTurN~)wC#6UCTqwwAkBR%R;TSDBoJkKJBzf z-(Jg%9kl+~QH!XZv<}lno6=phs7M{#Maz_Zv}n~wt95;}ZQEC?iG8&m&|j;U{k85n zK+Cm*=rJ{jZo@%Zo*Jxet07uU9inyQq1wzEO6NCJ+v>yU@(j}=V7QjQ4cDU02)ZsK zv`F-wHvPZTa_K0oj*g=1G)|js<7wLyH2rX?b(x7;beX7a*6+2sAZ3T(wy1?Mt+Izl0upOSK%bREzaX>9Q}=s^4<0FE6LtZ-v(LR%knLr55v6 zYV%>GmLJw?5ow)P1=nj)ZoQVte$cl3Hmx&k*Jjstt#j|t;@cfs)!(Vbx}921*rV0H zJzD&}N6Sb*YtjE_t*-p6?WO%%_dh_7;R9N3IH*}y&-zotdU>sr^msYTd4E&9CHa_oC8w!Np@=TF)f{i)^2 zkJ`}kfjno72(m`yutpXOG@@sq(Y`Q7ZVYE^tnfzc4R2J`2u5}fGWuGOkv~SF?<3RC zX3>o}6vOC_F^xDH)5tWjjF=kB$XBtAC>F=4_Hm3@k-(^7Ax5kWF-j*gVpJj{>2D5* z>WOLlNsPFg#F&~%jV_zaNR!5>3Tcd7mBFYp8I9eZ$*2;U>HISr+c&F`2eKQzHkT2( zavSq~Zo0gAjCh#W$oB<|2vg9gQU#6dQOJn>g^Ug;Y-F?|Mo%kZ?8&0WBrRrS-V#Q1 zC}Gs}5=Jg9ZN!~&beSs{^GyXK=T$W3B>lYFpsEr3sv7lcH6vnHH+p1sBWw+0AJ;I# zSCcMhO}gyV6*Y}{MlDgxm@&1CzD`Y7+vtI{jR~w{MBF;Y9H2g{V|3oSM%4Yr*beoK znOD!~WA%;6*1(9`4UC-J(x@FRjr6rKW_%kXHn%ZSbvCL|XJa;YHlkD)y6k<8$lKTG zIn?`ojcwh}i0=K2Y1`k3`2&m`@}1Fkq%qY;8qs#7(H}+{Rf86q8jm)*>KG%+jWsgo zcw_I4H*(elBk137kg+EkQGcS5J!czHV~){l<`~gyu8~>h8&PCFo&N%3;xDA@yvW#F zi;P&c)R=_JjI6NSm>-uLk!^)BOIH|qW~DI|R~b2cwJ~aqk-63yvwp47KW?DwxY6j$ zn~Yhs$>{Ezjkvzq=(<~sXt~A6Key6j?gt~EZZ{&`4x^XvFf!3^#w_{G=t3ur9C*)& zvG?dPbKl6b4~)(B*vQk*jkxyQ$QLh+>i5#f;;)TZ_?j-~8zXAHp>=={^mzI}+o4a4 zvj{8KQ0YeknN3-U*{C6l%JGSg|Y(}H0RD+BUb5kJ2*UGrP9B)^pdideIIZ6}^46xUVAa!#)^@36_3=v9 z7Na$iA1Yg$zKYfJt5_Ses?{T_TKl3Zts7LgrcQM$HdnW{VGV0G*045mO{@FWv}Q|9 zx}9rTos-s9mesauC#|nEsZVPc^{tB2fYv%1Tal-+l{=}^npjz}snxfd()Dg;#rkH} ztZGizwK-jvmR6i=Y4!D1)--Hw#hf-)1-G@LMq4ZQQZKf(Hd8w*2DP*DRc9*(bg@Qs zwc>DBYo1ZFceAoaFDusdvMO6|x-Pw~IMCb5IkdL3Y5?8uv|f{FxV2Bcj<9kDt=U`{ zZRxpS_0)-0zL;ipzUkJ^n@(#y)2+BMoz`$>S#xui72nLJwVOFsES+QJ+j&;_=36;? zK3&cQR&-ckWy*zCWL;?GudA%MyvmvZYiJ#4ja6@`xz}3R=~pWfAF-z65o^s+tGgYw zV$@Nq(jBv6;3-<4x@yIRt5(jtX3g7cR)oE7b^YsB4!U8@!5dcOxMgLFM^=1zWaWkD zR@`}R<-zw>9Di@+oj+-r>7zBth0o3uK9yDa7oO=y{?Nn!M{WWCdQLwbK8QXTpwAL$ zDO@z5&ZG}4=*L8{mj3Dh{Rkx<(vNAWjL_$eP>JaCg`8H{X;#Rs0m2p!6nb2su=TCRt*k)+81(5v|`J$Ry;5 z%tCCT_4{=Bg?N@<*p3B-DNsm=^o51oN9#IKXg$YQRHza~>GP?g!i+8|^d4%pVnU59 zCUm0WwANHy*ykl^4ZWmLFH6!kY3+VNSvucx!X_;*#Bf@_UquGSZFBHb|M8VXs57QOm37V=C- zp~`m>HlQyXq_yM)DNg5;!1TV zu9Vy2NpU5fRMFx~`7XXxof1enK19+Bkd(U;O7$Y46qS=mH7tpg&#A4GN?kLVR1=d) zSu(j)gOW?BQb?6Ig_J{6O0hVlROwSmc{Q~Z&r(ZOERD2P(n__S)(0P?mEu%7X||`A z;&pmyk7kf2az-hyXOb#XW+~camUc}RDSKz7+as&AH?q-sT{bCO<)yW~yi&!^Cq?X{ zQa3Fs#Sg`#`ao-qyNlD`t)jKYAtj{QS4N6+Wu)#?R@&_4q-j`AiZ|t?DqLR5-zrFP zt%6i(DoWF+q7;3ozfqr1zpq5+S4qn6s!RR2x-?5`NV&PL6hGCa|NmD#DYn+5^-1b` z>azM$HEbZwqy|z>Z7fCPCQ`L&BE=1AvZhiLYAR*NX0+beOv=p7rJ3JcijB>s%GpAS ztSzPL*;2}bt)z(1nyyD{DgS6Ib*pyLCT}lgx6V?Z?<{5au5|jYQitm%MPPSnr*xNM zWp}Ad_mFl%4=J`$JNBaW)m~C<>Mc#dZ>6~Utu!tANR_9r6yMT%>fydp)*c{5+W}Ih z9Za{^U?~d@m3Hh7j$D|E8F6HS{QrtQ%<@vL8|DL1u;PX-rxFl_y%XD2XOZ|-2k2BHQ@gFy( zsB?>+cekY2M~z8q#)t0EW9p7niSN?m<}UsDu2h-tNipG`)GzN#v-5#ewI0&_^H8e% zkEEIXNQ$M8q+Iq)ilWcyK71)ff|t^+eks-Emr`eYMdwLt&y`+FG3m9GS!oTr`a7v+ z(mHhd4^mY6K5<{6~F_i5RQ^_N-l$FF|E>jX+8Q4wMsfAmZwuTLk3!>&7f4OjI;)sQK?xOm3~5h zUY$wlkjzRA$gISx%u096qHMCPO5Mt;Ozvz-RHq*zE@xA6cXlPtWmhUe4kaq&P^J%c zQVu0M7F1$wL8XfoQlft$B~KPpqHu8~`_fu>srC?#HxQZm~Fr3X%+&wghq9euVEb!IEu zVvbUq=O`10)}RN{TJ#EPta-FXPV3R}=hOP?d?l+cp!M5@w5CsM(QoOq=1PlceSWbr zH>hWqDp`LS-DdQ;bI&zOM_#Ms5L%axy=|pyKgC3{EkxFY3=yj zJzDR-M{CXZmHqKPeZKKP$?5b4Yso`pLLSj$;*ql39?|xnD)HM>r7J(9`|!EaSzajl z;3a*2@rwR6Ct632_EyPxfwYE8YquN2Xz^PZZR&>AVsu!oY&crGqIKM#snx^N`dN4_ z(?q28)reZ1p#}tNHHbcUpBPDt6_K<`7g>u^k+p6@>${VqYV|0pHqoMKu`#-qy<*WC z6|MKKqy^{nw8lF)u9nSdeYbN0t!^dIaz=<2Dv36ElW6@*5?T*Us?7;n*FBYtKD$q$ zMadM}+)SZ$7Fy4(PHVY6Xbrb@YORi?)+Qyb<6cjr)rhp(#G$p^cIjvhExp!NX+3vB z23o_*sMV>AS`?;r-I1BJSV?QUfthLTk=AyDXkE8YR;^_=T06|HGF^(mKIpEwWA4_UU9Tf2MWRKw3wwF;m-LsPSiM zJ#-eW0neuOJX%j3MtwvLoOyM7MOwsKMAwTtoGKP;5ti0q`%~9Z<1W!6*%GbCQWwy= z>~U(DrCJ@Jwb{MVhe7d$J7Qb z8*bEk(?+dQZldeBiLUQnZBPEFW#wa9&pM`M(ciTB^`w?zX`OW5DXn6h)-nREla@K7 z)x0xWhd)cVHLaIcJEzUsbK1r}uhqcwTBp3E?Ws%jxxpW_K7UP%D%Z5UMXhy5n~Ha7 zJ^!ATRaw7!|1);Dj4H6lCxov+LhjOZ4@n1vCHxfGN{}&qf{Yj$WK_I}#^wq( zqFS&CI1+54^oeaEABkst-^4dz`ouTBwh2t&tPm3^D4_`sN@9HJl9`C3lbfJfsf_Q> zR3<{X)W)|nwFw`ThQ3c@0^6oFKKk`BVf&;vzCIaD;KK~`eMS@bO(x?zlEnn(%W8b9 zvYWv8IgD>~E))1?F5|nDn|xjqW>#JkP6Zlef_*A1t;>d?zn>ODe-<&Ls&MqZ2@Ih> zhgbAhzdjvg&q_je50=5<0|LiN`usff_|V%S^zlFo0in+eZ&wg{JNS2qp|?Zm?GXC< z82UaTbUzTf9|+wKgzg7I_XDB(fzbUx=zbt{KM=Yf2;C2a?gv8m1EKqY(EUK@ejs!| z5V{`--4BHB2SWD)q5FZ*{Xpn`Aap+vx*rJL4}|UqLiYoq`+?B?K{U{G+O zpqPb%LJ9??C=`^TU{H=CLG=d)jP#A7-w{4W4^e*hwg10X5*mBky)weT-NN242=NZI z-GV_eiwE^n1HFxW?eyMhy|2fk{HO2co%Y`j-YgG&RT%A`)2|Zw?C^KnO@Y(JaHpcn z<^A#RP8W>Red|t#{@v+n;B;;O;px2V=3U3JI34|J2>;1^)N@rTG~D?bZmJ z_3jtCzY7M13^b$Zj`7Z)eg&>r14qA7(tr5R^Dh!Khkjivdtm(S?J?ee{t?~v!sh?( zbQvc2Pxlty#k;M%%N#uMe|tQnq0@M$y^ZZIq(6T;{B=DG2Bjz%lwlwq^`0+7U(Ino z^lMW5hp+f7H0@1ax8dix>-(3d=a;vA-^kCNSKjG1(AU^W{_As}{`~3iH>dNii)V*T z_MguGTmSth_5SP4!_#GO^T_`iefpC(r(ZGr*F5M8bNbaEqC2)9kZP%dz2a=JYFy|2qArC-1*q7H|8{Y2NQE+xPBA`n3*!&Ange z^XcHfoV4F__xnhCKKL(h5%P1eJ^EEdpB=pOYfSUqnA5MI{_Nn*2hscr=HB=Je(=6u zK=a36Iei|Q|3vfPDgOJlu{-g2N%HU3%b*z-kkm~_o5%>-gE!o z58k{8&3FHo(>JEMnCicL{Pf=Ad60Mhm=ALs|LgYt*YjZ1r(4_)yz|{or<;P)C3L4l zz4-;2Z^1m|3v>FllHv^JU%Fr78v6Z0Upajq+Fl--$DHQBUM=1B|A*VXH=Vu&PM^e` z9`!E&44OB`Jkb~C+i5-w^N=shFVK7m=84(dyZrBIegO0KZvH=9{yg;J`WmNi=T47$ zm%k3pn@{)OK3|&CuelRvFmLsR)6bxJjv4;b|Fu7b^Dh5(n%~C!|8o1kr_;xr`Sr^e zmwp}Hu>Ug8L-W^|f9dkqp?Qs2U%&jlX&yM+KmWg6{_S-7960@#Zr=+uU-Dn(?`a-$ zj{p3>bot}bd%o_Nf9dwmL-Q1K|8JK+D(*-AbEfyW@xBURyL1rVW4r#pk&hwnfB?sQjhx|r^a(7!vKJ3sF>`uD@vPM3v{XOH3hynk!y z)8QZNU#k$zG0%Vh{`I;>`v>pzN$9Kdzs>1a;rS1=U3wqyy2)de5PA!Q-U6Yw z!2jEBf#8bt=FmGd^}hlQZ{hFmEA*y`4#ld4`_#14{XYqvoXmeB`ZWHJ{}iC#+5YLU z(ccQ2(Exferb8bz!zBOlA>}`R1-#M~r~jn?^`G{0{6Eq4L)^R>m>Z4x zB-A@k&oyIiIp&*D&v;+$nLCX688j?h59S_V{uK3Ig}wV^0CN$R`R`ZP@MOIEWFT{q z;i5TD#=B1jGZ%t+BGh}e_uMe%(qWzf_0~Z>_Z@S2F)x66KU8^cG;>ujuZDWp%5&qG zYleAC)LS?8+(hR3WA64F-lN!iY)xivFr2IR^QCtmPiO8sIM--oy!&@PbCcj)>7VTT z%K65?JPGQ3uHoG-aoF}UVxALCi}Ov)TtUoBq3OPIzLha|O^@?U z!M0Zu&NTx$@A;8|xu$Tg8R2p=*A31!6I>zY2Ew^!hAYk7I5<~t9nHIZRhXLz=b9C+ zE_18kT(iM7Wo|c|Yj(JH%$mb)xu3y|}kms8mF zID+|Uv>+MpaWIp)2bjM=3t@YUm=mk~w{sv`7;ZUpu`y4D7Qy+hVXgq?u0`RtGFKd~ z3R(>3yO+7fn72cVV|)9V8-V#pv;^ES=4N5O3M~nDmbrbHpFvB({lVNb%*AT|?N}P_ z9&^z!PmGp8G5?5GhKt8s@EZT^n+)|n3-GoV!dx-TtGdD^ zX08k71JP=5$(Wmm`FgZETuSB+V}1&)0hflk+nB#cYr>^xF6LVQ^-Yh`Kh5*$`etIT zJm%HV+T^^)OIGIUV%`|7L*`3|R+x80>wXE*aXm2ahko-FHx%=cXgzY?`}=(C@{PlM z8d@K&5Oa$#Ux_v#_oc%I%y*#;zl7+xLzw@HHlpLa$5kQ$=n~9yEcI< z!yFy`j}G^+J-N>RcxXna@-AO_w!IL{Q=`qvc&{Ion9GK_YYS|zI&+2LT)oeOz4NWb zTuC_BR&aHhs|r^SZB5R5oYrTq1?HX5He|kZ_!je_XxlF#I&K{1(^3Apv^&{C%w5~l zz`J}c*yY;>_Y>NIjQ9SfBXh?vKZ|xG^QFTdm_I-}5%TW09&CGWF#mvhpLKfY+lRSu z>-~?DXlNH~Z!mLo^glWzz;@E2-RM-_TFnTyy?mG#L%Wml-mi^it{mpo&>m#Ibod7I zrfAPEAv&%t=3UWVUvYgfAAt5I=UtB}?D9>;d=~mG8Sm%DSdyMucWnaQB$If%zkJ7~Biy!f*87E|JmU za37h=fO$4_1YDR5pTEDVhIt+IJ96HBBMNgpFdu-9B;!3^;xacA^Tp^WxCG4Y#Qaxu zG+ZL)E@FNI9YfCBza(YuHRfS9`EQ@GWW4($6>|wO&xnqL%feg<%&Vc};qo!p4fDb1 z1h^8+Ey8>=IuWiCbH8DJ4gDUj4s(BE?n?hm;iu<$Q|9bu|Lx&A8Lk6!vEW>%!1ZP> zA)M<}xS`CYfODM&H=emnaIVwgW-?a@&UFSk?{T_>x$Ve6}kj29CP_GFNZFLi^^Oh z%-f^O;Nmei1oJWIa&q3|AQ^MZF<*zS!1gjQ_Y>x>E6I8L$(+m`gmYa5mxsCE;apdf z^Ili;Gj|@&bq!oG=B~oMK-ZG<9xr8?i@eo;f4Q!MtIAvqxP<6>xVp@x!8`}L0j>#i zMKLdlZY1}mLs`sgqMHaw`f9_r*8=nQ=w>qB{n3`WftU|Rw~+B(XF4!92J?yNRx;lE zp{~r$#@zJ>GT!ano4JK>uG`=SF}ECUExMhY_dFWO+!oATcaZTO&)+lmGo0&AxY^7d zhjZNpx0JbyaIU-I)-!h(&UFvm4(49Mx$cGA&z%0j|2TF15$-s1!EmlWk@MacpJy&1 zoa@hUH<`->=eiH>33G+vT=&DhXRbP&>jAicOrP&3yTZ91gp17F_i(O<;Nmg20nYUo zxD?F&2IqPhE;Dnt;9P%&%g5Y%IM*X^C7Fx5&42&89)+vITnaeXV{rAD%LC_n9IhpE zRp4Atz;$7+J)G-raQ&DY1?PGa?mOm|z`6boH;K8uaIUA|<}!B)&h<3h3g%wIxt@XB z%v{9n{`>P$3S30y9>cj_g^SHxxE=o6+4T>&q|7CUbG-(afw^LEuGismGuH&p z^#)uq=K8_8-h`{j+)OyvTX1!l+X?4-8?G61m*8CQz;$Hq1Dxw!xNn(@xzm3;yWWEv z##~M~*ZXi2n5zco`T%YgbKT%vAHpqVZVH_1Be)IBt%GxY47ZE9{cx^N;0`f&70&f3 z-0#f2g>!udcZIp&UH;qI^*P)<=90p>zJPnlTy{9umvA!6=g-RuaIUZ5!ZX(#&h<51 z4CZ>kxxRr*#N2o|*SBzKnOhC#`VKA!b4TD@-@_GV?jfA(2e@*~McnPbKV1KWtI1qC zIMJ7_a0{7R1m_wEw}QD9aIRtC)-$&r&NVFD56t}l=Nb-f z4|99qT)qEqvv+?SVD12%YXoxM{d<(Ti*T+%aHpAj3g_zm|Jc3lU1ly|kN@%P8Vq-f zxwvqyk>DONmjcc;GTbZXGQ+t>f&0i@NjTT2Z~<9A-(S^(bBzWUk-3&|uF>IQFgFm+ zH3nP)=4QaT#)M1G+&VbdSa9i?I}GO<8!kI@XW(4pz~yJ|I-F}`x^?Vt(Z>M@rFbJq~KX3XV;bM=1Tg!g!E$6OIO*FQn)e9jf9(yCWD*I+zQOMpvmE8Gxsy*N6{2;iw3d_Y}^x5L_ST?9cxD z*R?P??|C_txyW#?Mc~FTmlV#mDBNV`^1`_mgPYA zZDwv5oNFn#UCd2`b1el*Gh07nac_1S{W`N`{(<$;&852;36_t2hO!BTny$~ z!MRq0OTb)TIM?cM$(fq~=UM|UJ#$OoTx-H*XKp8)Yc06^%$PY~ zC->uVfYybp&Kx~-|Ir~Dw&Pk4+pEX6ml)2qK3p^A^250{fNRHGO*q$vaNU^e1n1fa zt}k=L;anTT4P|aFoNE)fG0d%kb8QMYnYka}T${noX6`tgYje28%w2$UZ2`BMxqEP~ zE#WpZ_a|J?0srHs72Gc75@4Pj^?vu(r}ux%rN_J=+J>C>dVZ9-s+iYC+rph;t|{iN z(ROfGnd^@ENVGlNUFH^Hz6$LC_l&vim>)tr!o6qi66O!kPH;BI=lef((0}_zLOa6+ zF_#Q;*Di1|m`ela+7&K@xr}hR(Qa@lnJb35Yj<*n?zc?LRe*EtLC*V}I2&_y;aa0T z$tiNVnH!1uShN>8`k%^GQycjx^ocDQr8|JEEUKbq(*NwTxn7a-q_oYJ% zxB=)0a^B;hKil4P%w4}D=RFPvF}DzIB|4IvcYTL3w-HnQ!_!`yWeId47o2j*76xlV@L!`yy2*C}uZm^%gMI+fg~p97e? z3gOpqOt?qPMSydi1^0@%m~gJM;XX2#7|wML zIq&`m$ocu}U}m`7=v;E%^C*b9a+udb=fTBbt|{gn(fM#8%=N*11iAn&C3BN7pNB4l z%f#F&%zr=^!R2OdALb{}#c)NKyM*~&bO~Hp=3Zj1e)ZqaOW~?97le6ibQxSd=8|Ea z30)4?oVk3MmqJ&-bzrU<<_*!6a6Or8i}?U_6*+HzHITU}n6E%rlk*-|Lzvr(`2}@;^|Mpu8H<7vIn7ghcNBRkZlJoX2 zic)bKM4a zfw`q{uG`^mGPe=VbqCyI=Jvq3?u2{G+(9_kU2rDX=liu2aIU-If|xrE=eh?jCUZC8 zT=&8yV(ulJ>yL10m=j0+k9XIf;Ic6n70&f%xB|>2fpgslSBkluaIX8|sxVg?&h-G? zH_TOmb3F*xoVn(3t0C$YJws5Ww;m$GF3(oZs+;!%L zz_~t#d&t~WIM*j|ubEp7=lT>*<@x-1{xh8GGq~`~orZIL4i}xdYjCbF;6j+Y1Lyh@ zE){d{;9Osk^WL9kVJ`TD|8W%yeNE2$xjQ>^i7GuIi;^#eKY`c`9Z7@X^$a5b5ulm4T_cx-Pf>MeG9>z#Gj_O@WY z7nOv(%l8d)$1p#SD!2yBJ;dBq!!>5^6`ZSqYsQ@V4f_|=!nI^BDdw&|xHinChjR@e z=dG``XD%;Jp1Cz}uBqWfUiLl*?q@U&oMG+^=B{bs0-3uD=b8>K zJag)l|8d}&9xj-<*l?~H;G!~@0nRleTukPQ!MSFFi_2UsIM>W@A3w zT(iQZU~UYYYc{wv%*}^$%?_7=xpi=^IpDG|cL2^cCtMEZF2K3wg3H6)131^*a0QtA z6V5dcToLAiPx~J)u6f}~Fqat4H6L6V=CZ=M=7+1mTnRYW0&rEBs}JW|5UvJuo#9*y z!PQ}I7@TWixcbb^gmWzd*OsnwF2Bk=ElOgR)m|v++sM_N^mon+Xm-a8Ey`9hv8hSz%5|z5}a#QxFyUzf^)3~ zw}QFAvv?e!)#27KmjrXy8gLt!%L`W)tqHe+y&<1 zz_~VpyTV*XIM>E-*O@B}=h_7BHglEWT${q(XRZ;PYcsgV%=LzIZ4URGxruPDE#O`= zw;0Z~CER=Fw!*o#f)n{ZfB$z9&b2k1VeTs26SNInAag=Vq20)N>vh?gyNmg2v^!j0=E7d^-*55I9&m-3OOJU$v?p9i=4xQx672<7 zp1A>-yY?pMtshin?t3`bZ{cb(w+PO)4_sa5cEh>$g=@gv5jfX=a7~!I2X z;amrh^B&J_m{S-1_eVH%AUW^v3v^^ID(0?($a#NXpeJ)F;nJgn$$jaN74xF#kgvF^ zn0G*jlB11f+!f3ppd-F=`QBn4aLIo=e)km@ z74wAX$gj9`nCC`EeZ`f)yec~SE3P5t?a(n_alJ7gjE?<^8;$v7blg|m9L!gt&5kH-ow6aIRb77BJTd&h-bl70mU4 zbKM5Ffw|#uuG`_ZGdB^=bqCx}%*}>#-3fP?xn*#!yWmbTw-L^DH#zV9+6Crz!MW~% zyUN@_IM=;!H<|kl&h|-zTz`gp!Q2x#*L`qrnR^H4x*zT%bM_BB zf6)VQroiX>@rana9)t_STr4=(LvTUNC5ChT1uhD6Y2jQC!^LDSJDlsUaPgQc2zdJ?Vxb3@@= ze}^l|+&DPbQ*fo2n-1rC8m>HZ3*lVPz*S*xHJs~NxSGsug>yXz_YHGD!nvM@YsB2I zaIP2NnlpDA&h;W(8|JRUxn6?n$lN_R*UNC-m{ZsM&tKOoaJ`v}1?PGdu0L}b;9UQJ z8^T<1IM-`%-!bn*t1%x!~ny$!d3x!>Si z@4zi(?jGC=^e#DXy<`=00oVQaTXgguIq&`MI_A=1o)5hbw~@ITm^Vcqko(f14d%Vj zhhK36FrR=vBIo^HwJq#?7ht{-eGK;_bNetqjXr@p!rX1l-=I&)dGE*1G8guS|MrW6 zK7+f;TpG;tqR-*(Fjo%qdgu$dC(O0Syg&L9?hSL}F`tjVf|CV5e_h>x`9AbDxi1~g zV15^U^A-0V^Prpl+vn|9TnOfw(05;PMKG_1zW<7Aj(Jb?!&lr$%x9v1lJoB0Fzj|& zh50V@BU~irj$wWk^`1nZetu)_DdrJw`EM6V&U?NkWG*A-rBDTzgt^w3_dzvWa^}8t zUw-MhDcH_T)YA66_2N|j$L)RTJic_?Je=QhG?32MyZth-^WA{?4m1p04(9e@eiRK0 zSAe-Qm|sQ1!Ifa{F6PhB@NgBFdyl#Aw*UT(09S*#V9b-CLFBxjG; zGItTqH9Fif=I+C}#vtdd6Ru}Y-|^pHt})?$U@j({YbOyzZQqN6L79c$$3A=CuHsdoNF?;WX#=!3wzi9 z_)3oRP0d_J%qycQ;4(7T9rFQbO1SLIjmLZunhGv2b6YXri>8Jv%-l)L&!cJJN-}p3 z^QUN9xbn=2d;Z(QH66Jx9m2syMbl$@RoV8EVV)h$09Tv2(wNsnGr~1st~2IC&`fa6 zn45~ZYi4rZ{-q6bJKg%- zxq5J}IpHQVHwex(7u+o7mcqH_hFi$o5jfX8a4VR5_y4f>Ch$^@ef z%ekA=DbMfsfByfw*YutD{rz0u>w7Ktb>DN(a;TH-K;2`WuFbdT7uk-~J?ZIAq)zrQ z>Yn#>7f~l0qi%_(n?#*#C+gntbPK4HJ)F9CJ>5st$sR%7N1m?wcWAHdk<_j7bZx1V zJ&L-oJ>5yv$sSGJYEO3sb+X4$_p7J7jXK%R)P;`7KQCmdlRcKYI-c%x>SVi6*U-~7 z{2u)x+m*U)JY75LWRIh+nWsCKI@#l?Yw77Op-%P$>e_m`G1SR+qi!EhcL#N{aq8N6 zx?<{Hpgqy(?DflGo^BQW-_o8$-7%i7Rw?=~OnWkQ-8@}e`n%DdLfz?}?rQq)p*@wl zo}TVq`q$8&MqOV|*Zc?Mw=?bOMpx0cEB*V?b~ieEy)np(*Hv+7&oDY0a+s$ZK>sM( zGmXgh^KeghJN>d}G2V5aZZ>tYXH$2*r+b1r*>k8HEl)XDaw?q*N- z9d)t^>Lz-+KdF=LMcpl)uHI^lo9wyNP4#rGsFOX9x;s2w2kK;dQ+JoAJC-`x^QoKe z>3UHo+lRVYo^A+rvVEz$*VB!rPPQL)_j|ewb+Q*w_mHQXN1bec>WV#G33ajqsC&%Q zy+@twh1AXWbRSVCJCM4Cp6)B^WG|xbX-~JBI@v+gJ?H8EqE0qR-6Bu7<&T(GvKLeL zqNi(4o$O%hmUy}YsFNK+-K(Ci8+EdmQ1`m0>rI{PrPRIY>4s4!dl_}hJl#0zWQS7s zo~OHuI@w{={oB($K%MO6)P3aXo}y0n3hHv6?hWc>hf}xG)2*aV_DbqL^K@TRCwrCA z+4~k>db;1J3$4L?xZ3C{+G^3iHSIMqx<5SK!Su^sOI__F^RIJ` zqwY-F5!7wz>H5%r3GH>%HT85U`ejE_*TU0HqHa3vDC*jJx`*h0iuQWy_VaWv(Jy-g zb?rUfzp49-cC^t|w5_K9Puej7x_UohT$|9|7@*ske%Y}`XXndNUVaBsCp(V1xTotv zo$Pq(&hm6Us2faslhN7tXZm=$G4j*iY;<=1_4jm>=)a3LP2CVrH;4Xtv=fZ3qAg4R zQrd|Dy5;nLN;@e)x0?Q6g8Y@y2<&$EcINow{2*-3!#o-a*}6p6+exWT#Pgucuo{o$Q^| z6??iLsgu2nx`m#u#xEEz*}JJ**(JwoPx~)Ck zQ`E`cXLR;HW;0LsAL?Z9r*3CYS7R;5m-Yeb+IYHM>6d+wy1hJISL$RRGCF&_?eFOZ zQztu@@j7_AJE)U=n7Si8-D2uwi>W)-(|t>w>?725^K?yq<@tm5QKPG9YeB#4V*$E- zs5_Q+UVyF_{g=}|9-x~*|9!Oc19Z>R|0eAdMrS`)f2!BsFX&%KyMVf$o^I=P=$F>C z3#q%n({-f3EA5li4e@k6=^se@l+oGq?^T}edirmneVV$_p6+q_U!Z-4x=EfcLw=BU z4ebKj657SI^^eAJ{UJF-j?xw#1OJh?P1~9Kr_t`g{rzZ9 z;r=}Km~A3$ z>D`!j_OtBvVK=KtK8F2v=rnw;$BW%uc_?AZcfj7?Y%Mku$$c6pgWd9TSd&hLTlKHt zzw~?9nrmQ>q&=Co)i2oJU>)qPzrj`*)a=}by}EZw_Wb+M{{sE>|CL`}e*5`$yQMw<=`3$Q*KW7S zOZnyHx1VRX+hWgu70cVtvD>ZRlKk>>=(nF=w_DN6`Tp1Gx1U?L+YNvb_CWdb=I>X2pK{d-Qf|^;X4x`#bb@`3`>!pT_d`bMbadeUR^efqwgWc)RucuwuXc9K79n zf0Xb4p5^W5-|hC`#})hS=icpBl*{+;ur2z}e%{?~OIB3ux8HBG+q9MW{$p6)ey`1L zu~ilO?f2R2wkp7HzsF{`(Vym*AH?|f`)hV<^;y1u3jOwbYj#^6;J4pbv)j1OD=u%p zS7x`^7y16@7~g)M%x-Hu|L64E?~&PU>6iKC<+tA-v)in%D)!s&dD-pCuk-y|HpTeZ z?|0cP@lC$}Ao}h1y6krLxB32_^xN-q*)9EDzW)aL?f1Cs_VoAp{)g$e-*d2A_=kM| zd-Uh%4?4bA&>yt^*zYsgEogqNq(A8VX}`Zt^1n% z@+WPN{O$c#yX6A>_CBlK`u&t&{z{g&_gC#!^mE02dtcRVb3FfSmbdp)?Uwi@zr6hR zKC0cCuFdzCuzZI8F9Q7bzNy_7{F+~W9n0JMrOv;uV!ypl>ioau`&;dR{ML z8DyQ8=8$!snM>ArV;))8Nl%h>-IgWmI^pBd*@%R4+H$#69+p_83oo0_- z6JJ_D7iQ^Uo{pDEA^Agdw{=PmPg$L+y#~vdIlL#sz4)HHEZ?iBTicA0naE$?%gwoY(j^jT4NX7ji z-44`cIllhVoENisf~W zQq@KHq_@{D^_O&Mt|#i32#;&|@AEs74z*(h)ip`zQ5)_i^*rxW^i#-v4L4VlZ$xZ98|I_bl zHRJv0ihIkvm$`}W1D^UX^v@^n!H)P4c4Oby3d#@BLZL#}hY<$&ur01^{dzZC5%XU5p1czT_ntL&XTo$6DZ$aCobpw}nQFmJU(^@wHn2*_LYseK0o==}C| z@^p%$yhB;!t@bJpwRv3CzUFwAFfnPoV8Vdk<~bbK&nndm*jr zudKbA<$9fuc!Ox$UkJXHb{1{Zf!J^FLfZDIKPp?_|E)UP7CZKPT#oilr|obBI4JM2 zp8ts9`T99m<@4p&*bdnz9)|BSipHj$H!F#bc%QT zL;3Y-KIr&}yny3F$5oOn{}9%rc(Tf)(D_owS)ub*gnb6QwOe*E`gb%i^y{OI_$=T2pXw)NQK(&!7xUNAspLZKQvAw} z$A7CI{No_>FSJkVzw+MX_W1!7m^QMNA-}3nISMvSRZEicA^`w?=xW1}hPidXhI-6XIbye%E+9Us|QOpDF_iYh(6uJ&l zJpcMe`6#Z=lPB+kdW!?D7o{Kld44}Bp6Uy|mVbU9Mou%p{;Wswf~^1ktgll)oXL2) ze)IFmvHqa`KB$uURJFf@^7gM!mACX7mvaN!CtZY3dQ%sD9sRF(8kZ#Z+u!6WzqKJ8 z#q!Mz+lMxd*Vg-Ceq8@M#=rWXum}AGdkO6gv@g1EONBxWtJ`l)nco4U-J7-(?QOIV z(JrI?m3CMSlvh5ZJ=XppYrl_bAKLUi)jj?%YtOBfY?sESaRc+OU%3_XNH&Jm*!-`wCvkcA2H?a!)`W?T{rBSqBfPSzx^?e z%V>?nZB3P&b_Cd7X1|TAb!l_OjhUF8%%ib+l;3`0o;3y_??$xcHTLBX(-#jVpbKaa}BZC)-{^E6b= zi@QytYH`yh&W8Hok}AfXP$2G|y{eY)S?mY9uGz7}st^i&b1vdFIWIqMXD)#Ld@x1x zwsQ>Geo$ORQQT&|wFkv28@GoSSKske+$X9S_iPi_wqNTzR=xH8@Z$MZ%XjB;acz7~ zvrzXwh_{N?xZJj!wow1JG`jNrt8=R2e$_WW-^#|_%ZsaZPjN@}t6JPvCT{uuwYl3( zaVK3+wYa;R7>euq7t3!b(;x9x)4Iycf1_2gcF>-7VSfGX&HlXp_2NG7=_?zzqZhZP z7q`Ym`FT_}Zp6e@KbWVXYF^y^230NY9*k>WkCpG=>5Ny^{_S9MG!MnC!F(0Bs{MPI z7gznOxK-`n7Hq%G*KX=x#jR@pPUN~C)DNqxIBt^)#9foD+I;xgwB61F^}|+Sybq&( zXg9cWacv)#-|XM#uxqa#)wvMQxfJo@m*vN86L1`tk7=LVzrUfFmaBPjAF5(p`*$C- zKG={oy}0#;RxMxqcRR|*t>MKzyozz{-{r`QYdgbi>ffPNjBEey#)jg)GpuU;VE+z_ zZMvOj)^4u(VE@jF;+n9VZ9dq)?_v8v`EIWHVE;Z#`M8^FKG?s%k{8!@hS@fCKG?sn zvZ1(Doew{lxOUtk=CL{FgZ+Ctifck|w)tRha@c-|n1_wOx#olYJ3Qs%Zm#)Y|ISWc zT$8iiHg!JOzoWCExK*7GLHA=?U5@qU1X{GhoU?Qxs~rKhm)URg_3y`QYTTJ7sGSFT zXg#~}D&*Ve>il)G$R<&VEhz3-##?bs)#A=5m#BIuB}@C2E|prRgHTik7M<(UT-Sj1FD#BP+a9()wtse zHDV<>#-~ANB8&D&`v$SNT>o?!6{iI~R1lv$@u@pt#Dns_WV8 za`|q~^(-i^@~!H6Hizqj`ge1!XF+k5Z&lZ``@DQN*LoHdSNT?TJsZpQLH)bA*0Z3v z%D1ZP*-ZuVt?IfH6j%9HHLm@AZ8Igx)`!ito(08KzExe%9^m>AF*)0HZF8+>L2;FD zRoAoo%jIj*-E7xqL2;FDRoAlzxjsZpuC{+S*LoHdSNT?TJ$uN@cXO?0L2;FDRoAm| zTp!fGn`=D_imQC9x}M!!Am6I4J3(=kZ&l;kzXM>VL`eO+xz@9wxXQPx>zVy~6E86EP7aDY?xszPYyVD#&DWlfH)p;< zaW^$z`}Zw0A2w&cL2)-VU;FnOl&_r=7dN&P3eCS6<92&Gf1H~J%!gejEz;Y=$xO*qr$W#og3=Q_NS#+t9}LnfZLvMD*7=lk)p5j_!Aw^8d}gC0`d5x7CzQ zi);Vhi%mht+vdtQDDI}_YyVD+%{O8m_ITS|`3A+^)O;J8eD!{;wfpjYvMr`!+-{~d zE^GnwL2lV?7}t*5=8W5faU+{KZe0`C9tnEry86*O&<{&#jl^v!+CpXv6W4Z`;_CWL zao?Ke9Y=)%(qGSutLs$79e8Ke;ue+b2V0fyrz-C7yQ&s9Zer>ESZlRxf6jPq?#_>! zww0T$(C1598;y-;``6ko=3%#cGKlvnE%uu0dCuP-r^7#N2JE9V^XuQ$6wtWYxLp}Q zacj)V*H<=f8!zs0UfdZ~jJu18qkgal#=Vg7 zG#~Uiv2L@`{>y2N%xxoS3(d2OjIR8AP;V;kHTP=I#>E}v#kJ=QyD9GWbE+11povj_ zKIn5|irePCs>OB5Rq)?r#=D#LelLCnMK-w0=3aiQW;%bIdDw9+zb#@tCA1$0)LYrl z3HL4^+&s5$$Cd9#x&LB44em!j?m#QQY*p*s%>-y`9{%T|+q0f7wB0wc-hN7yHfC%m z^H9B-j}Nh)r)Xc^%=OMRCxpArL*JWFy&tijuW5hX#CnIZoiZ6y=QQ((aEIz`@Bqg3 zpQ?Adsq;?rhjI8!{{fFyqWv(mi7IXiv z|E~}0y@Yl|KzrAh2!0kbu42!9xMBOye6CLaOxE)V?Q;S3wtf&RXNL9?#b?9SMD=ePe0nr0_v^Ie2$r*em`f-Il(?uuf}%@>$!*av4DC~U7*X}pf{%!mEE%fuxw0{$9#15O0{T_rpbULm^TwB~;)7bs?+*E%5 zk%sN{TFl#jlwtiY@tAe%&zK2@dsVQ1qS?1c1^XwNeY;n%f3n%v zx`O?;n0@C~uz$MQr##m&rRCw{++l#?`EtvJ05P!(gqm& zy4r3hp3e^?1ON8_(J$k3ull`STW|TTh;VWr#L@4tN~c+o;_p+HYl15&e|wfM--qSv zIfs7zewBQ--|bdZPc4!s-yXyA`FsCP7gN`n`T7dAcetnX+nZ!QLGA5V$$ajh&TqH! zQa;nE)9(e#@7pcs>5L7JpLb{r^rP~QlhwN;3*=qde4p=)`J&%T_VXzA@=!Z8Umh%w zhw|0$4e9sH6h}6~CrcSG*+?a&fNeuuM%^&xH#T2Zc0Kk1btMh+~}$j?LdYyNz%d;{ja`u!K`G|&8Ti?JRpNyTH=e=pV6`2x%P z{h;{azWM8j@|2Zsdrzl$YELQi(0-LyFH~cB?GLiMQm6H=?8~?T1!5d;zh6?^U)g+o zovO>MQVXzWFRvYi$|u36B! zth}_|1fBmhIt!U!(E1%=vRUe~0oMy{s4H|nh*CF~f9F-_gE8E%`Ph#9GV9g4DV^qD zjJmfyoxRqzo7U6Lz|hCkEpLe)P<`sRVve8gUoPi5+>hmFvpg}-d`VqwYxQ)#RO4CI z^M|6@{O!FPwR6IY`SaLsUyAuizm~j!0ULO~_gZ#ctO{w{_QUx`>-%`mul7Yfo$`@f z{eBR2(dPN%BAt4%19iIoQN4;AVSyv4)BKlT^(7i3qTjwYEZ>0TgO1l@>5njubgD<~ zKhe|4UzW!<$V2m4?UjEAme>9uTWDQSKBE{<*Xe%yRd1o=q?CDU9w{&N-x;h&?Ui4) zvg=)CkB>s@nC8!9ul;_05hi%Ir}O(s?Yy75eoat=)*ZDo$|rt*%I}Z+0k7fsZAXFf z)3{_<4}SgK{GG0CQE#03KFmk)gY2W!66I<0s%f19DbpJlgm**?(v zdpT-fq$%2?c{P&xM?fa1NmV4`t@(FE+eEe~e|G7%$^BHw<##0`$ z%I6#Ev~I~St9t$Z_UB2O^{5|J9<4FIzg{43|L<)1^IG{fxB%w?t%It^xA!mG@Ode= zeSSZu$!hP<1@djdJak@Ae<%;-+s4aRI@MF^<)QNOZ_V=B-{eBHe|y>;X?LdGg|;p2 zUbOqt9!Pr#ZAaR}X;qIu|Fqw?_g;j2v|raT;vhTEE9cLfpmK}7a=Jba(rf=RubjWW zO6S|pymDGse4WpwUb+0)=&RTB?_N3oH;&dT^Pklpls^u-PoA&(JGJo2;V!`6b^e~H zS8fMi5Wt6dwdlJ)BT6;E!0!;w zTF(zF5Pv~|_$r@Y>)&bC#poZMFMWm1m-kW^;{8*Ni{^D?XSBDhJ>#)r$$z-Y`xSVs z*8_$A9%P~WX_dngOd+i7*CUpDzk>I@tlzF> zPt$MnwsRy~PH%Zhxp?+kZXe6bmAB{m56SkqeXJzg`t7;v>vDR_-;=jA&ut6; zDyO$x=Q6a%=4W%>f^6RfwY)9a)@3z2lIxP&kZpW>PHIQCWi59g+p_k^=v1z}<-3@V z)!S>5uJqfsTRyE^d3)|Uvs`)0y~z#Cb9*iwOt$@D`3kbl&tALSSgyR~$z+?Ky+)Z@ z&Tn}J*~YhAT#oHE#{_;3X{Sm+I;IU#jQ0|5822|Cj1H;lEUmJ@#4E z{}J>4!&p~zoTa@iv>xkqwyqH3a`&2h-Ft$7vuRsI@PCqzVmeQ zE1%SU8_wquFQ3s$fL8UaRXvO+o$8aWW-xOhXA4}ILKxfbOc9U)g>ZbDZMj98b zm(uMmrYWq`KA6qG;=+> zKgP-47bw4J9G_+XtKH=__W3o8KkR_~^PxSi>{jgU_shS^_@~mbynx;>FaEuby;ERb zrx(F$zi&_Dj!ms+O5F|DQ-c#~Q|s~b_xU95&^++{J~!SLdAFwZ{Xu-Dao9P~u1o$n z2kHI&J8y@2pQZKvKI{0_Jj}M+@Otv`BRKv~VW0^0e%y`a7n)T(&RQ4!c=|kfYDeTN zo!X=0ayUO1D_wU6()G3<*XOZcZut7q*NeyT$v<7sH(Y2owx0W&SKQyq-?!trqiM6s z&C4e?GJc`~UN30;G#_(^Zg@U+eGK#QW|N;iZi)}7Tz-E0#5HzAzYL|-{zCR_<`Faw znvcDx(>mg}H(sE{&_|D^kKXV>s4HwRsQ;`r2U5ba|+9!!Gh5Odc`kf zA8d(nIIUIwJoVe5ILag5VZ-@Kzs)?%8=bFp9U;H^XGiLCjO&kAi2MI`zGt8ZDmh-e zdHI-I$8OU&D6jd9*X}U1)6XYeARm=iJe3#Ac4IyvuO9i;KW9)^s@0{N5_$S2AEPX%u1;#uXl5A)OY^F5wUDE%SS zCz-eWveF$xonE)dFROW!Jbc5)$0?8Fxag~bu?_1b3$nHM!}0sl0r|(V^k?V=!9QG& z>eG2yto|!zyLEkiBL$j2(mhL^|NRBUll`b;etR`v3*Wl2K%FzfEmlDdXxs ztNKChv+t4G?biUE+M{-c=41Y=zZ6gH()fg_^Xt`lM4vxu=IQ)?&9Fc8`V`rQLJ>ac z&Ah9dL~Rb~Bb0%Z8)xr32=nsJgY)O7AEnbw^uv9uUwOB96#JvJ>gSH+<7m~dXOIWd zsvlG2v9#*9Tgea6s$Uk7-=@{;^lDtMx1rT>+J<}}tzG~8HkN0tj|-08aQ}Yx1ls?I zDQw#kIcmfD@^zGdKA;==zx9b59*3Ju$Nx9#DW6+K&wppTb-m`7W$r(jz@j(MaQG!>G;!e_b=Yp3A%319*g#BT~{9Jg)@2F zYrodhsa>UzC*NMqa$hr{WEJmwb?=VxikwmLxaHUScN)Vyf{q9E=QK~J>8*YYv%TtH z)g*s^mJeFr)E^1P@#80sLw^Rve~R%Z=y)j5|H{v|+nt4e>`CkU#hOoI+1Hte=96@4 zkNR_!r;}g(6*^(V?LA^4&NsKSLyFly%41_~<8#pN&wFg#JX+N(|GcO6s(!Wi6y_V$ zFKYMMp3d)=`0?nMpyP2rme=*Z@{sLK{}RTLPW33?%RHUR`}Q~Lbo?lebc$E+N%T|T z{jUP!y^QrJu3wM#H)1{NXYH3&K5eMWuwKQ}IOGcCvx50d;rxqs+wgj)`U}~*eKG%5 z&`SS=Kj3sM90mO=w9*%{r;V<7ojbyz2|?wEa-mNl5v<%{mxWLKO*?Or}NvX z*A*J)OdRF4u9lM9Fr4bCIJ)`19FKp^H^q@&^Q})7`38N?Q1x9zUDFehmyS=xQ{Mjf z)%3YH&13b7zR#KE_a*)OA`Co~^=3~-Nxz@s%t!l`Pn1vkJcssae~|V2%h##Du46v& zQ`C}trTXC(uV4NCQt6Cz4YemfUW9nRbOFEHqH$VCoz^qI|J5&x6)&J(Wf6ZSf1YX_ z)y~vO$Xl;}r*fQP3^1gU{jcjny`Qf7W!3+Mt_wpP7k@q}-%*v!$Da>=Jmpiuek?kz z;_*|xA5*u0I?Y%4)6Cmn<`nhL0(txSs^4UlZ)NB2=b9e@^G$jEM4jfF>htY|1?Exg zR7BKuXpXFT{a}Ii|G_+TzW3`_`}I3#TJQYpB8`W}E7Aga`QsJiIQruiVa3lB$k!h) ze||+7$Dd!mPVK7fI<9tU9%_A1f2sZd?RC7A{i$_C`LyGcH#V|ARbE#8OH^V^RMdl&%cTzi>yN-|M%AX_LZ=GI?hx+!Y4nleJUrv zYy;)%oj3IQdd?ZjL?!a=pNy~j;PyK+<+nodiwayO@wG1C+k>G{kbYO{V?0ml`^rK3y{IqZ`lsxI^oK~#an+}sgY+j-pX4~{`^-W5 zGpSEAzW@G+`lZnOeeAw6Q|S26ydS&-$A_*vb^W108m23yI|n@`o#K>ooc;A${ks#( zE3R)-^4C|1e1-DR_hfWFR31_*pP=u_$e%eI^#tX+i}F!m&sO&J%7Kg%?^$ub#o3=h z>!Hef)&C7Eo6q6Qr*op>_N#xMrB1)QsD73|$Gn63Pxbigpb|fk@w@lPA8)O5X>Y&E z$*O!%{9cT&d98AaUs@o(%B!4j(;QE=Kf?a>b$4+`+H+_=U(Y->pECvYw|M%y3+QK3 zug@O@wBhG{`lQmAfFdmPv_lHZb||DTh#0O=66s(Q3=tiKUYw% zc{Q~_{BNnxa6aF*k^0*=QopJF&+0-SzqaA)8uf?&yFmW$_UL%_f49d!-b*;nn(xX( zqrV07(SG0l)V6Z@{=hgo9{f1UH}pE<1?iNR|2t@YyHe*u>8~RZR=jvlsKx`$c{~sK47&SM0SD0dSsq4&fR{Pbi5|&pxR9^nWDw)qv)>G*9 z@kr`4Z~c4{=c7GA`5afte8#h$rhI=isDGwWSIm0-d`b)CbC#D+njNS(8i)H?kM2K7 zr*=yBgx5dvYg|%&HrziKc=@QDZ(m?Ndfz>$f8L@_{it?neuVpOIG;<%BKyV+{*U*^Flg*ebs(hwZ9$n zDB--7Usmlu(rdrJKC1oQsB3xw_5`*6j6&^a`JndCE-?NVDv$okOf7;{`wLyCsQrbm zQ&dZ#>y$Y2@%t~r^yYc(3L4)l)ql-VvvitgYTtF#>3tySbiAp3H&Um0t2pvU2cRDR zcvQPz@bb>@?NG?SzweK$@|~zW_<1Tnj~w$*{;EfLz8;XrSB$H8Kamxub_v!CwXZQ* zc{V5Ob;WLE)qfya@%1~aiXS-z@ulB}pBt3k|NP>ijHi73&nx<$Q}jQdsLv&;Uw>qM zX(iySLe>1&&q*MK>_de=U%uhPa2OW10Q@57= zsrnQr%kn|%O-+`Md;O>OHljZr2J+`|ow?vTTQR>aPeBe22QAehwwkKUy!;t~PwqT=|gwZ}IIx{}RSgdG&MX z;{5)XUsmOnzxKv$~S`tSyjFX@Pu>s$@RZ z-p^nEl(#?sil__fpVVNCQ&9h$Sjl|0tYkiosnhzVyj8!(We4iCp6EKjKOS08SImA@ zJpXvuH6TCDf6eSF9a>GXbJJL(Sc>ecn7)`u8%ov15eJdLCJ zBRmA-RF`_0&V167;}j>WKc!33KkSnH<5I_KvA194WK~}5TmO2=_p7~y?jMCO-SB)o zgZ<>k_j%xlI6id$K>aD5^0|sS-KUjK{hle1&yWK7sGb{GkABB{v=X6}?iT9wdk)em zFXFwf`gPv|gz_ zl1GPbcz)aykcZ04u36UkUX-wYf8HwJPYdLudb+b7eco_1 z6H#8$>9~ztfp+`#CIa>=pBn$h{8l@ItUo{fdX!HOjcdT?uvG6L>cSj9%@ftH`I(|_ zE!Q9E)DICB7*AbsKzrLzH<7wD$H_mQOIcp~l~0sUntA=De58{tl(+iJ&s*(MKSi#r zcwFV*-OESy`*!GqjodEHZ{M$c?qdIF-3a=;*+S}q*2QAxt@DiPYsV)Y3*_z3Ha>3O-|y4~tv9i& zk&k~oYJOZ?$$VaT81ut#x1UeVkFj3(_uZsZz54r5Y38T)$zQ_#{`}B5+z^nr`lYhh z6Lpzy=W8nNr&PdxORCYZ5>%-BkP6wfX&|{Nmj2&p+k8 zra<2Q`jl2+TII1b^H{?A^g2=bs=hs`)A8qp3u#>abV2 zYSwlC67q5e*y@AIT|abIKD@uB_A3wd*XCMZqSqmBe|*)CdlbmqA7AAut9(ymyXLSy z`DHb}{dYE_8k!PF>LXH8TqN1f5?87RX2aIFj{*c-|Y$4%GNcHXeo$>~_~h0C{ouD> zZ&^ zsND+-jceH|9C0o_ypbGesv?qM|sMY9WP!U^2=&I`2FPPn;u*7e2Os8iURrm z?e#bZRQKbR&l<)_rIndH`SyrOIufwo&o?#>UC#uJkG3++Pv>HGbM)-Xx-N)1S!-DiJ*-yFQs88Py3(`la zZ^P>becvlcAEQ3R^MSta6{PP*{Q~M=E70Da)OY9ly%h%_DE<)Yi@3g}8DB>IsQd7G z9U=c?YcOA)rd>|^3GLUkf6?y!EA$7^9z%N~?HRNKXjRV$vgY9!vaUZTll3`{8DxE1 z{xP!V?_x6U3YxzYN7nd#LstF1J?Z!S^S$p^znx8;jwk;(iA=&gQ@a#Lc`o}6^=N;P z)%vB+llVI2)0g=qS+DYuUiA*4F6i~8j>fB~Q@wt?2m@b7oqi9||NVtF)cJqsT=A4w zG4uA%<58Ah>GhY&(_Lo9d3gt2?@kWTDX#Lm!_)cx++_4v(0cflmv>pBd{Wu*^~cSR zqkR2&;OjKL{_i{Zx(Ij7VEcpan`?acVLQ9uf*RCMimP$#Po3tAuWQEw{`}MVO7UWR z^29nENBZ81=AYtrrmoQZOEYi#_Z7=;al+39#!+SN_2!G#G5K}8&ZREO&lM|Q=`@~? zQ5SR{J27R$^RGI~E3R*|^e<-|KM&=*lsf-=lzzOeyJ+QwNAc92@KofhbumH4Uh}sd zS&x6csCx8y9gVm4%PL=ge*1Z3y*yN2d2Uyr-=u$@zn|xy2jo{iZ!uo@Hnh~wC(ixq z7nN5&yL!tjz#o+F))%3jG1?$qW%r-JIR6QVH#w3Y>28nZ zeaPEi{~&mJ(9WS<(+>N49s=9CJ#257_5a6eyGypxdpWL2aM2uc9Na>j03ReyfxC#) z;O^oQa3667e2KUiJW`wm-y&Y0se5*QDCF|Jhknx@$Ik@l?Q!;Ox#J*|uI&!}PuH=1 zG4L939Q>C!1FrKM^$GCy;v~4WI0fEE?B#Frb@jKW-?YbZ*8sha|FSTpbzEz9{i7^@ z$9suGMUIaW$7?(8Ax?lV5huYT#VPO*^WtLoUl(WKe@7ev zegKXC$lgg6O4Q=9@{Do%q(iNkeWf8Hui zAfJr51o=K9&cgq^I1c_mTmmi?=fI)A*uEU%Z6z*7J}tya=noN>LVtod4S#QO2%Hp$ z!B>bQ;A_Ph@ECCf?Vlo!!arSHHc|1!%y-vc_t9_WyW{!f!Q>aomyzEg_aUz$_a*;9 z?nka0!g=iia#Qj}y4E@{U z7IEs8v5XZp1#BuOYaRNL}9NN;gZ7iYmQh)cj9 zi*w*##8LF;RyCP_2)v896#CBMDDq2+L-kzyZWf2ZbHoww^WrG@TX77$T`krh$9z3P zoB*FKj)E^0hmr4CaSZ-B;*u>~e$R@N@c&yJ#{69;j)AwYt?>jOAWneK6(_+X#3}Hd z;xzabaR&UAxENfk4(m&yfA$3hZ{9VNv_=ky$!8eFAsBfmY z808-kXTdL*G0Oi(9D)BAaS8kl>oK1a_;(hE(f$uEIEQ#wi%Y?`iF1fw zEDmA5zAP?5ycOacc&)e;9Nt3xhw{6MBj9%8DELTm0^D631D_|3gOg>9`I-`^kpF$+ zP#w%SaTvT*909*Cj)FfICsE%TaSZa%@ua0hV&$A2Gj0{+XyN$^eL6nJJCqrL^= zH2g1$GvK$x#o$lHX_Q|p&cffk0rSnk-$`5oe}8cfJW*TtD77;y^a?-u7UJ`aoIsBe)t0e(ZA zhCU}w!vDRv82&%S8Ss`{vc28~k-1)T^RXHI=6cKVuH-cN5VE=cbp8{_6UjZvmy(B( z&ENZQ`blJSJ?c0^HrI!aA1B{Tev3Sb{0Vs&`6u$_@X|J`JBJ?;20vbmmiyqIjRryajVzJmN8@<{TJ667sd=k>tVTiRA0Z8S(`3qvR3fm&xAY6FPGzwBy9a_+(6WTi643fSs}v z?6Q`y{VuEJLVVQ*{41>=H;}VMHLY(p>kUQfI(|YN1}_%JYCHei;wb$85tky~kKz#g z)gowDCQE-tR)@);n`L4Ub8j(o?66X5CMBzU1X1uhY% z!JmtZ5r3^X3$EXS?TaA4X5v!#_Yh|g?@)0T`F9aVQT}9c4BT5B2VW&lfNvEi!E?pM zsPA9mH0t|69IEH~?`Lrd{7rUddt%5xD$XKaH*pF0LU9f}MqG+`nKFj|ad8IzrQ$I1 z`BEH$e~XsPCk$>Yj)0F9htU3W#ZmY#7stTYi4$mFTAT#W5~mSwfj9$RB90*6<>C~| ze=bgg*NKZ!zCkOtCk1XMjw8Rl#R+gbaT0v8I0fz@&Vh%E<7}VUTL^mNwteV+`px;y z&4*{m=6vM%WwJRRIsSxf&PR@aBAfNsagEk!pILt$Hzk|(*72TXbG~$Z4B4Dd9iK)X zNghl#=MU!}Pd4X2$J5BO$qUFy^6O-CK6Cmn$>x0KxY{nr*PJgMZ$~!gC&y88ntUWV zL)Q7+TyHpiKl;azuO^%Gf%A_iPbc3=Hs=rLe}FuVyofx5{1(|(PbJSF&muogzK8rK`8M)b?3hgrWI-%P(*pB!s_@R}Q%L*1?q<9K-d5!gD9!}|K@0_;DG*7y6|Gm3F|<873? zZ8_}MA5|RR93O3MjB8jf6a$YH$HCLZ3Gl<>H267j5?mto5;WuI>eKar84t%APct7J zuV8sIK8`hB{mB|1GakeoS$AkmvaBJU!i|ye*=5$cd(OaXV7}Z z|Bi{;wd~H@R9_r?k2nK}*)-}&Ta0r9@&{;{o)_r0xQJMIE|+OGNSxu^}e z^KSY3mFDMdvH$Yj<*(b?`Vt4Ae?npKAaMkIl{gB%K^z0$QO31hynDrQ@Dt($_+R2k zk<-5^F0SMFV{sDtAH^wf=s@P11~(9Az}tzVh~Gk-Mf}~x#n5*UXTisaOTed!b0~jq z8N)wRTnbK=G4x}^A>?zrxETDXI0XG-aSZ;~#9{c~6KCQ7OdJOPB+fuz`ylpL1l(Ml zfxeA64L(#Hh5l%941BUU4*l6>41Zs70z6op1dkBsP=12A6g*3u1V1fKq5R9@1pLdy zCGf8(WB7j-r@(dEY5qXpM63ga)*P>HKDMOatZ$AFA)D(J$H$Wglg}lePwr1P>x0t| zC!5zZj&CQM^}=y6*{s)&-y)m!)A3hi^ZLi}&t$WHJFb5)+Go~l$NQ4adg}OSa)0vq zdqN)s?Dut5=GYdy*s?#Xo;bM1AsoL1xT!b^ZY@sNcI6KdXTV35 zaXsfhNt`QkJU|>lyrJS^=x-=v#JfwJ1wSZGqx>`CF!&8|2K>1=TF2G@t2kWWaot1N z-VnH@I0k(?aT45FoC2RBPJ?@k6Lnquq2eU?W^n}d%@$`+ev!Bs{F=A~?fF2Qga0RS z82#IzJ=+rj?;uX0{O)Cpd^(9s;XhfN1NRqaF+Rh}82-`XV(^{f64XCW>`hd2{JZ|i z(m#s)2KjpO7vvkrzmZ3ix9ouSn&aEW+l6di|2u9^9!oxhZ0_GU|Al08d^=8&N0P^p z&HWkYzn$ENTue5{zw^IJHutX_e@ae~*OATr8t31pBl0)vh2y=+X1#FSfo#?b$34hq z{c?OM*{q+AuO*xNd5-md-x%^O^xsIHO*Z#$oPHtM++TCNlx*(*IR1ca)<4Hzlg<4! z$3K(PdR7O`^3Uc31K!))xm47bn2ii=#zOf15Z7{{!Mw9p|4{#_<13 zoCd!k&VWA^7lVHirxCCE(abLke^^`sZYs_}-&$M@K0urWA0{pVcM)g6r;2lk-%DHy z?k^5OKSUe`Un`D)$BIkAQ^Zm5ba4#*`=B@uep(!Z{xxv~{`bUT@CtDV{DU}-^6SJ2 zaLr@bze#X?v7H>{HnaXlEN)A`IX)b>BKINhM>g+2IR7!^zT}h1=6<*H_adA1)bSAV z1?20=X1#O%2gzo=b6i3;>xE;jUuOMtyqbRVeuv{)ozY&i9y+d1HtV6|CS-Gc=Xf`= zS-%_~PB!a{0a9ttNIHNPoBSSeJ@!f?Z7e743O9WB-+D*vDuU z7VmzBLcL#UWwXn&?%d^`M~&?;Un<~NSG%5=Lev> zfOaTtUB+9)cz1Gt%ZH#pcP{K`+8ZBceUHJmmJ?F!TGI@!t6ax_K*Mk6i_updCtEN*ntW{wry9d^G5a{4(6H`VROEdhuE0 z(X`Kb{;fIx_Gi4FU!r{SE7%*p&X4yHdD-{aA1%%IZ^QoUz<4LGhJWiHVH^IOuiu~C zeI52Mrd9sEw%Ecw9YmX={Xlk0_`jzO#cQ{+1#Ub6{S!)n?-s|vbH%EN)~x@oe3pK5 zK5_gm*_=Nde@8x_T&ElA>rHM!_QG4NX8-$Tz2D7{I&tR9?>{tI&o!-nm-Xy=c)#^r z+xok%=Q@_pU(ZFBuUyY{El*j`uH$E|XV;;Rtmg(+|LS^fX!(=%yrtzo*K^o%(-X_u z)7Wx!Jx45eSkEmicUjLnTRvkwx3t`UJ-hzDVm-IE{)y{(Z_D?t=Ups6wVrpi{OWq% z)AIZ4c`wVKuji=cHS5`8*~Y^=RQ)8hw+1~8$Zqh=zQ$x89-(GrH+aV1lI#Z0@a|+c zc!u{QyTLPjC|O6-5o8<WH-2mUn3u4p4)91`A}f! zGje&Qov?;syVzMo87Z#V!S z%O8PjmDtTja}#bhu4h6q_;tPy#lhc5p8&5FC&7P+Q{bAX@OaIDw-6VDw-!g-@)g=n z40qZ8DLyOWfwAH=#69$B%*;1wRiN85*q@@E`z-h)+Q!d;w_vkp_&<6rKaS!({s#8v-h}P+7VIQi=|b^(?vVcaboOUx z3&-ok@gm1tbf-T8e^YT5<=co$!BKG-`oqMfbzQt};u7e4iKEaD5XWje{gvV{^rOTH zu%Ixha(;wa*OD$c_Ht2hI0a0dG$j{J5PhYUcZyNb=s~QRE}ZH&Sc4Z$7{3;&mX8 zC3hp6`(e(14%vKu)A1m(d4I(5736;8v1D_<(E0BroA)Ce>+`YZ{R+n~(r@m!IsTYD zfxMPHk=&>k+S{MpmOP8xft(>9L!M67=Uwk3pGLpAU+3ySpL_#(IN5w2+WDuD2aq2k zoBNs0pCz07t&ZO%oBN-R*OATrQO8@Ji}slNi;j09oBM^1JCW}vpH3b~9!S23d_CD) zjzYT5D>)DKU7N#o+rX8uzW%1qvA_41uq$Z~_zE0fw5=-=eiJtHDs0gcu%qvUZFfgg zr^`_{xdy(76gGS9qk1^u{PlOJ@9Y>_2j;&huTRCYN3?=od@JKd%#O_&cV0lg*YAV+ zBm3s(kqF4QR{MP2{D6EnHSQ!6*S<2bePFkuP{i4bjz#?|Xx&cpUz=KbmT#ZvnxAjJ z*SuXdAO3S`<)1_@rS0)V#c^)s{yCm~oIGs-%5A%_;_|BR_&4Ey=PlUCro3t zRIrsVU!28!PCXBsd;>Q95^Q1#Z1iQ=&?~SdwC(1D7fgfgcRTWom4KUY-u!tnj?bP6 z+_5mr7Juc3||1WU~;=NbK@P8`Kf!B&l!L_ecdyCxoH4#VAUlDNzyq7o(eMfNwe2O>* zzCauYUoDP;)8aJRH%DAr&*d{;oPd6@I0^nloC5zY&LG~FSFwG?Y>zk%{XXI_^c}tczwkg#JgBr48B2J0{!jc2*zu!I0k-BoJILJ#3kSl#W`@PxD;INYK>=I z*MDJg7`&S}0zOzA1$Pn0z-Nl%;J)Gnc(^zT9xpCMd+rja;D1D%1}_q4!0(8Q!K=h6 z#9J*+gZ~s~p|5`p+g}3SMqCPRDUM=1_Yr3?K1Yc|n13gU!{CHC4*ei;6#lEkG4MEX z1bn+V4xTMefFBpksPA=g68;ax8T7|@;w0MlySNzKD8>GXfp-?i!TX9+h~Gh+ z26q)_z`ex9sDF?+hyG59i=m$&&Vpx%OTZ6^%U?{G=MRKJZay!h|5fr!AxkL*Vm4JA@?CyyB7UnUjI4&)@1Yg%yDb-yW~B|=JlHMA44{;uNFz zq5pmI_2hx%yU6DCiHoQE1LpO!;|J-VOMZ&{FY+toBw6QW2 zA57kE1oAic8=U_DvU$DhxC`059(CMHhN zc`W$}@?B)}`qb$kBAeHzju(;5{TRn9$qUFolNXZfjzs%X zA>`M{*OH$kPa;1>o<&|xevEt_`Bk#H|K;L;L>@){fqXqVJPP@n`vp#~`!(i%p5vDE zKTVF3Und_*euEq*mymmr&HXjb4?~r?vUm;&goeT#+1y`q z_3QiE&y%00{|@qdZ|?uO`UaBCDLH?OsjZ2g>0^8 z9WN)F>siO2kq463kj?e0^EaG;_L=K3#}Tr*esa7Y*<9Z`?nE}%ua3Kr&Go5ct#5)yhAqlmX_8N+{+I0jCL z%^D|1@z4_yKV#^iPVtBfuQ5ZaiM4->ip@-zS^(%JJ9a!Q{WlX1#R& zMpMvUvz|HLgKS#5@t$tiLVvN_(Je*oF6e~zyroAt|anrvS0IKGQ))=$TC z$!2|aoF$v}+wn58S+5;`N;d12W4%9YUcWg0nf{UFnp4r<3&>5$=Jl4-A3!$io#P|O zX1#KJ7TK(~j)#y3kW*x{-a7wGvN@kPUPLzQuVelF1GD}+ew%)CzHs~**{rvY_5Q3` zZyo#0$wxZ6=%e<{N=@#Y}p>AHDDio^Y>Gr1XQBPMyR(so1H_Fo;!~Ndw zzu{xd>u(NkM<2#J{t5K+qqLqZ^bPk9Sdc%SzD}(1YBCf3tZ~=)H0OSe^CJrzxuUJO zU*p=Ad@!xXu@kv7t;X#{a(7ydQx9@KT8&GRJc73TcN*1}itK3WZ>LrJ9w0wOtMUqBn#7u@+EmfH)qdpp?hfw049*Y3gn2gCMj z4_nOg?PA~sj5Cb7&WBKU4D1)=?ni-BondoF!$#PSFSx%m%f*j{Kg)7!yMmii*RLD+ zi{oJDbb-w=k0nQt*`5sZEn&HKari^AdOO=On0OE7M<@)QDUN`j6KCo;{eQ&8;IG7? zy3YTzI17KZ*^Hkoa{dNo41H5^4BT3r1$Pja)^_Dj5~mSAA&x_Ti8uxS4dM*ypDK=l z9~H;J&x@nrSHua#e_tGd|7&qE{J)4}$oDUC7QEHH?2i!gYblO^4;DwkUBo%WKTRBl zzrVNyJWQMej}e!G?-GZQ|0Cisc#$}Y@qb4gNB*CSi=qEboJ9O>=CFMU=yxk)=noSo z;qNR?pnOkp9DK331nnOsE(MPlr@?oLqu__c5%3~$82r9C1O8SVLi_&^$B<96``ErL z+Ov;1jrMdBr@$wPGvHq0V(?|+IO@AzoI?Ct%NY6HBhJA;Ut9`)S)4=s55y(lAH-?s zYuwNFlzb+mX%ny7M1LHrMlxFC zQ^^C!=aS9!z4H$vo9lVUHueG zvbq27{I8M+lYbza*IUm27umeNalF-Bv~MzbSF(A(!}&Xq&HD$Ak0+b=4;&99oA(PG zr^x300>?AS=KTW4FO$vtA&!3`o7Y#4>pqNp%$bbI2pegUG|k z`h2c=edzSp(|<2n_xneZZ=>H^UdpiUqsVU?T3rvfAV+DdvqVSoakRP~K7%}vR@cKR z@>p7358q0Dh*sCbi^y-&>biF&`A1rJGtlHz?J?$0TaS6RAsruCjr?=Yj`V{p$QMaF`xBaI+wDBLM{xIrJ@btD{ z%j-X-zB_gOJ-zL3jkS&6>;&XLl)CFYy?tF$z7LP1ek^rUJiQ&a^6^in{toKy_4IZ; zHP+^7Xb|;}Qum^#H@~OqUf|sL6vrh7o+3_wr;C%|hsCivuKd&DB=~i43jDD+4gOpl z1+Nju!J(&_PXZhkr&0e7;taU0xES0{976eH#aZ~z7MFl85{IF`Mx2BHMsWoG+r*{t z-z$!T9}(L@D7TsOkL#}|={M(d$4kk*$vN`*t5TGw2_)UOR3>Hs?df9m##j zXOhkN+4(OZoAa&Xi^=AE>v#frFj>EEV$Q$LKaGBKz2W#CvbmmcyohYBKODbH?nhot zF4r~g>7mb}UDKxEI9frw)l_hdwma?q)3N_l+WxddXp>&NWwW8LYP|Bt7IF{sGx1@+ zDHXC&RgZ;I)>l1LJ!XvA%rpI~W{!6MpHn!YRh3Cqq!Kn1irDhiL)Bttb=&xVuB3^GJ{CR@01BtENkose9*=#x;S9$zhMP~f%*=^(hnbJ1b|9||$p;Vm~wlCW} z&+}6ne2_R*BWm*y6x4y#X3$NIY5NM2VMZ zY?1M|YV0fVag9?XzNm4A#E$#M-1waSVf`Z7%Y7xEsIb02i}_dZU)&(e1N$KYf1)tf z`vNyrI9_3WpBDaz;D4w1*gp|CT4DGn0{^No_D2LxP#EhufoCX;^_RfA6vld1;Ij(% zRaoD*9HH=C#m9P6$h&Qn`RS*yzVFyyVSV2b>voX@5%>cYAL~njzg2jk!uq}; z_Dcj`-#5g1THqE+evrcYzTsen^?gJ5cS63ak{_k;V1==s75r%m4_7!#VeC%`zP_&r z|4HCn#mD}Ez(opUzd~S_O|pEj-yrbI3S+%5@COQGe@WnP6~_L7z-<)9eu}^W3S+-P z;2sLYpA>kC!ghtz6~=yn;O8lf{RDweD2)9Xf%SdIIEAZimiEIx75o|s!#@?cp2F}) z1#YD<{9l2)DIBHnZwf~%oTxDTXCa@aF#K16*C`yM@IHl|x}JP=tNJ!SblfWKB}-+2 z12t|WafHUjRRq7E#sQL_qOo1#RT?Ksyhq~H(m-vdtDH7k+I7i~=wki93W%?g! zTqyZXG%l97qsAoVyJ_qu@vj<_%>O8jYf65q#_kelY8)W(HjOP3AJEt?agoL;65rD} zL*gg5tNhfI>A$M6yTo-hE|l^<8s|vdMdN&lqcpBi!5IHUef^^N7_S6QR2bu*z2%N7l z<`03-DO{nr3GbKI;;^}URQ(1>yjo+6#CaOqB|fEbqQuuV_LaEOUZpQZ;ukf}koY5w zb0q#kWA`e;o>m&?OMZaHH6`DsaiQe*)wq%5kJY$X^593b%-jol=^ zsd0q@M0*wXR@x`?i}oq7_7BiL1%68LG5-ntvci~;1g@hn+PlE56%JF_q%h_m!SAgw z+Oxpp6h?a%c#gto&jRcD7VTMJy&sMCEbw|IkM=C^UWL(~1=jPAUEx!TkM=G2Hx)+v z7WkC{SsrNL0)M7(jKZD@qkRj0M}^V81-2@T_ARiU@6f&l*7F_aSAhp8dCb28k5w4+ zr@(U+Mt=}^g~Avg1lISH;uOwT{0h}glvDYA4!ffH`4U&%uiASfiECK%ZF<|xmW&_ zpWO>}`9CJ`Hx4ZMtu*$P{9ug>s|oqvHTISA<24SDI9+3l#A`LSOT16xM2SymoFegE zjWZ;E>4dU3N8rEae%~CPb&M}r2ZNjTO|JzjqMVDu5qHo9W_po_$Q4sBp#}9j>NMx&X;(t z#)T3e(l|rfb4}x7$#*@a?4_!ryq?n7P2!I1n8`wBEBSzgyPwoCq# zXLWm%{7*Dak$fMGNtW058oNmxrg2RfzlX-|5+`chNa9qDeI=f&ae%~YHMU56SYx}y zS2RwPxYD1>{uGI8YV0oU|3>2s$#1K1j>O+>#*TqdJ_Hkq_F_}~bcOpXoT6~5 z!Wh4Wy!KZxeha)(@i89=ykB9=2Lj(yxU0f$MKXVL6|Sx@<_jTTN8x!2dn=6jLGZgM z4F5#nUlfLaBJgB|;hzY+Lg6Td^?nNc5y9W7`0z&r*83-^3LjQ{_$Pv2q;QPFhI2AM z@J|H4mcsB)1pZuM_$LClS2#oA7=_`l2)_P482k@`M=L)34}oVY4F6ByZ3@p<_>98S z6fRYGy23TiOM7Q1Tvy?l3O7+0{-@C2Sz-8}0!JvkRAHOK@HYj2fWnIuPEr{Dm*A%= z4F5~ubqd4(5?K463l!G-J$8lleh>UFA+Nt*hW#;tw<~=M72cz8UxiO7+)v>Wg=Z=J z*acZWvlXtX@M4AC74EO_R|*eMSo_Oq3b$1JfeP#Wqd^L5e|e6=KPvgb3R@K(qOkU7 zhbr7x@e>r*`!mB79yG!}H8aI--rN+Jz2Wi|$+S5m4Ux^bm4v=`V z#uka^YiyS|S7SG6&q0lAN_;`%L@8hSin2dI+Vir;7Kv+XY?rvX#)%Sl);LAtD2+2D z9-wiK#K{`xOPsB7p~O2iE|&O=##B|*&kc>;Bz~$`*dAH0UGB^ z+(+X=iAQQ&Eb%Ojb7cA}HO`lKgT^HDv)6&k_aKbFqP)*2KE_jlOB9B`A+Yv0Fh5AF z_?T}6e)gKozg^*X6~=fh_+KfE`B>oA3d4U9xU0hOUj)|Y8JMpH9-#Q}X9S+3F#H*T z*DDPFMc~~E!(S0t&u8#g1U{|!nC}JF=L4AU1uj*5%x?lee_iGe{*A!y3d0`|SkE8u z2Lx`U`0#%O*83q*3b$8$%j6ox+_ z@P36c{|kIlVa)#m-&7d>mB3Gz$o$4AtoQrNx1KUo^@fypQ9++8TuI>og`ZM*kit(Z zoUX8&!lxB}M&ar=rT&){4p-Rut{Af(-ji~@>PyK)_1E>j3{O)yNByl?9NIuP+{^PyhV8jYGd@Ipz`#Clz)?Rq`8`}I54)_?xC+O1$w z>Tj2Rc)9t!+pqO+T6N>A*F)C*@NUY4qVeAKyUnu|K2`hpC#6lkEq(68$XUInExGa4 zN0q-g+U1h5PS@T=19PVR-g3&Fqy77SHek#4mfhXYM}*w7*4%#B#_8`T2haN=^qm>qN8jx6?xkk; zhOC|ahK=@48Me%0%aKP$wa;D-X#Q>Jh;LlGx_%XPpy>C89^1UQ73vNEJMeRHgUt)YMX7>x{ zJ&G@mYPrd}+!B`ANGj z9RB7|^}*i{$fz~`rP>E;C0_FHma)*_?)h26!)KoIPhL=Y%)`>v4OV{L3{;SO` zZ}vF)N>=)TlRGUR1io?U&o18$Nd5BdX}O6hZO1L1@Iy}bHqAQ!^8T!CYu#}mS+r*y+9XLC1_OoBb z)G$y*)3S={ENKFFs>Gul`b}u{XDWbZo0%tLWk%HZC18t;)q|eQQlJ4tT2i$32rz zeYvy#r%iuM^!Vk?>f5SD*si)Jt!mMx-VcW{*2Y-LJ zd&A3@mRBxW_OFMJcfZtN*15*5N;duWV^EK!{ZD(Z|1L7J-ifvio;O{KeC#9lSG>O1 zvE=2kSB|>Y9p1ZYi|^i=^xT)T);#WF%L^M)wT;UMyI(zG9~!i2L*4aV-<)>n>8-NY zKYXa?134O$jR)^E%KN83{L>%)pX(30UreZ7`JeId|H1K4*Z;OXU;Hy4{Wr`Cnb}WY8@~Tu%qjDv*mfqr$hVKxJKbmMLF1OCW0u`Le6F?K77OF`%gbunsx58A-`v>nRBYed%yHuxIFJx3v1)k3BO1D>h)<)^MDP@-}$=W zv%|H<)%|>|;ds=IgvlR$bARXysZ);nxBRwEk9&(Y9**nVuG!biR-Sr1IbhQBgL|*o zvZ!ucesS2vUxv6GKT`D8#O(IV>|Uk$DPJabdf|gU0jFEe+4SA9?X{xXo7$RM=e^uA zaL(m5_Ez&Jl)N_caQ4qLUK;S>)kS@3eZC_7t1DAZRlbn(*=w7ocJb=b_d&z&?oXT> zHNIr~zRz+ZVk&*L>QdK>9iIvfz45`u{?&K={K2I5@jgE+3SUq%eCM+L?E*6oZ2n>Q zp}_&K{mW7grpPaZ5NEZj6||8vd1Y`8b>{5acj+x{NrcPF>1JuUh1uO7w@42%gV z+Bo9QW2JQ_?;o~g!HUPyFT2}V;GYusrv&~ffqzQipAz_|1pb#x;F&k6W0Q`a7Po*{&wvj+J9+te zTB`oH{z?nH{L228+4QKV{~3E(tJeHK6R)CdnH?25kHY2CET6vn-j1%6jB~dS3qhp7ifa{-@{p|8D#K&uM%A zch|#z*4SF!%c!dS9_cS=`cHlQ@2|6p_3(FPuIuFQ<+-1C`de@D@AUrv75<+;Tm0u* z`0rUJTgczl=l^&6`QOvl%hLTj%Mc#$Zezb@mPYNo{Jkvhe$D+G+pD=*ss}vdh2^HV z{Nw5Gsj&Uos{WpKS0+y|=?%l}Pgb?m6k}LpOLa^2a!(vmkteNsG)HK#RJFYC*91S1 zRL`h|9~%34{Ro3RVX3FxSk=-=SoH(j=tMmIMZEH3Dy*oAA7P1lmUepimAAvKOVf_- z2MzvSoWT2t;wBYUh$OO5KFm1@#F1*7AXFxuUpe4KWp{v3S(dJsQ&gu=rNj+6wloCs z^Y%w=S$g@SHu!J5#`Y?1C@3F4AOFUFP5l}>{Xn#xXBSw3!g%DbpEsoc{fiZA z+W&n&XsA^ZRbAcD{2Udp z8Ur^^M;JF4r*P(Qb1sue{2mB~qaovqR# zPI}76azbT!al}$wor|jfYHF|Uu8PFDU>rSH6o~A%QVA%AANQ&OZ*ZU2N$9_9mh-bJ zLUa}NBMPl52EC?`^u%8-0H$1+{M1D7JW*Ip|K`^{&ES+uxzrFYe>hYXzS0T37+hE@ z(iUkoLPusBYFZk~UrrG+(vpVgs%3d$eN`=u)Cj55eAHi-w#pc8o zI**$&4aoa>R`~H2nq=8DQ&yoCER7Ie_FJBEqYM-yY&7VF4Hbc^`d6S=xc)c-gDL z1c3MLmG#31cz_oRGQz;r1EQUq+P~rF#&~WIU&{V6Be=D0?Hc)>sF zj-Q_b!So?VTkr` z+`-Gg#lMh}y%$S^yl)r90gK!$HSM2rC`@$IUN0BC_-TyEs3!cKCKV@x3fL3U@IwPW z^t5}jvL+yZ5%KhE>W{@nxu3@N7g(N4F5r3hK~?Rw7}jUP#U;6-)?Q=yI1^NH z?)*!M^ix*(;Pz2SUNCZ)VKN0;t>ze;DaIDX(pzL;P#<$lG~;}UL&AI5!s~FrK^cI2 zM#nHNlsGcb+C2uv#6d+W$Q&7L>CI)tfyIu%$mkws9a`!LwVG`@(C#7(vsz-pqimr% zbdU;l6nto4cm!)s)Qp(mK!=Vb8EA`+i0+9(f>;WN1O`RN*chb=6dY`}2$&(DEjpZe zSq!*z8RRes?iv{_&=!FrqOBsM`3@8kF48#Y2#AOdBV4aZNDA@29ydI$s#7v4(yeXf$->Ho5Oks5xG`wRimN4tuovNXhi18$Cn7GdZX1-b7s zJ6~b+T80N1I%;17bPDIHD$?PqZxl1OINEfnfTGK@N_%DI+PZSf;5xKg%)#NI;i3f% za^`h6V~l~6tnx%>R%EQr+{>iLyQIIeVjY8FiZhe@CEJkZ9Ehws+mOM$pR8&)$zr4% zagGKR3Sf&07ZU&%qQt>HLSv#u&pjvuda9wPkf9az8x$p~vq)fb1jdqgYP;8SXA_HM zSX78j^vY5RZPv1eXRpFq%(fmuv7*lp61Z!uEhM_996dxpcvxVtEj(I;B&m?7K-r80 zghpA}X#&EoC^?1*SfN{H$v}+ARx?jwurx;p$@aEIL&?q8P`0;&3OZUxp$fq8!^(;j zjB-k#*bydGmO8N1X|Ku!VT*}TEq;)~m?Kzaq65YXoFs5>D_ZM2O+5WN`m`~5cWUR~ zhGkQjXA4HN47Axq_eql>C}$m#AwtlVIYJhL9-(DJVh#uBflA)>F_@?ledI+`UD{H9 zHGk^=j5iH>uBnf&zX`LCna;f!Ot~+&ZbBHnrdO%*SCbXwkXmCt#i_H`i9nzcDePW_NKJlcb zbuF}^K@U3CFo=$P9!Pt?2&bHH8`CJyFxu40On0I?(Y$y=2#xP&h^Adb4ZgH%rXhmv zTsE|)f$Ln_P`{HdU1?{5kq1c=*LO*Qv6*)pZ$HmgCQ3bM^r5~djW!JHrcktPleIgg zo;S9mt0l&kevRvyC^N&gRogbrOyM@_f6w)M{XF!ZYp;6lpPOj0)D~ z5fKp{Xrj4Iy#3nwH1+ZFZ0GIUwv~^UkGH>x1|BoEZPV05ahHs(Y3Fj+#y-v3v~SI- zAKrB(m(ITJ+Jb3pWoqK%-_GRQ)~8K7#M*blNY94R4A&@{R7sXsr4ZU($x6E`w`=a_ z?b*bqiHUNmssRau|MqH_t>xe{?XgH&^@NzV4n7rQrv6WdTTPMXNcatAc!}s#=bpAu zh8qT>kU(3YDazc_6dVD^i{?HXOzF=?hX&R5XlOD=iOQj&Eqd9k&H>X}F`~3qRkU>`3?LCf@K$MD)$ouqw5}RkNcm5~DmwZM zxp1zLuW^->EF6VZ6*U6pm4&Y!pfqItZEVt#_Y$;A)@7w z{V5}jZUEsF2)mRMURG5LB|K@Q1uV1`LarEmOmwO$Mx`>vqpJl|Qnjvu@aR@mBV$x- zq&WtYXuoQfXgJsKj0ab96yxw}M%vHX&M|q&WJ*J>{FoSXl#LctL&siR4TI@&2+nQD zGE9bl4l<3&d?qWHZ2Fw2GQ3lN|5h~UF< zp*1$bY^CER#;9mhaCB5?coRr1d9F}gvRs;hbuDk30o{XrFUL1()Mo=%*#w#{zMGT zd=XuZL(Gx1{Rz2--0&0(K`|V7!bE$YHqt5ZjiIqoVtThyJa_mqIPl33b5JaL&`ma%tWyuj8&xb2b`zi5HY@ zZBkCzl&8wsI1OTxy&<;SyPVkCr*xV-k!Jsz0q zvUVPb={5$RE6t#IS#ywGK2RXbaP-rWG!Hr_wlH9%Mx9YA(3X~vTGZMhwc%-A%5obG zj|z>ZJ#MJW))3j-2BfGB7b?z9@sb5maW z0XH$H9C3qZDV)X=&@jm#8q)ls9LqG3u!**~MO&l|J0P)?C34z>4Cn~5naSiXAbI}+ zIrRe^jVo@bVhi1M3l1XtGpI~6IIHogqALEa%vhV`KGPh2!Ry}MnDkCGZSBK-b;&)K zPHnu~(Z<6@KXloC*Ie6qdbKq5FvnQgZ=6<&uIoU1pP_@$n;QnbXYh$57g65Vp5f_= z_bqx6K9A>O3Xilzm?JT|1Pb4C@UztSIU^Nwgo?bG&(Z@_*NLvsn1hcZRpM&FM8d_d z>+{UBLBV2XyxPo0qnpcVl?r^+e3{-76GJ%SKV)*e8%Sz*kW)-%Mt~f^*Nv+9Ver`V zoEM$%)~1 ze>fB~i(Tol2wMI;*DO7}ZV;pMsuBaQIWYcUYQ&&!rP2~ZC_N}KSZK}-12?r8lXQ9? z-Y|#npSkc-3PU-hE){ntZe&LGyXM9|fs7&>`N;pmHIY~!4Qz;VIK z9KvGpLy-{bgKmN`VyH+Pl#I6M$napEcqro~HTwicghgXNp=+eoL{s{^Sc5$_~ z%$bL<#dC$6DBlUMh=LS@Zzj^2HlH>1U&!=aI@4XtnciJ)FktAR)rjA31;;l@E3LHm z75W3AiP<9NTBZpbm~P+9a`1z6pBVfqdq5hEnT1liC}hy`tTgS_px&qqlr5|x zeJj&7+n65AgF0hf+WKleI`Ep82iYXsl5fmu9^D2)-DEaM`(0RB&~g| zX*jRzH@@b>O=SCPdi)-H6De=s!PeE4OGdd^iH_l2<`u8iQ-OijNM}a+>*zxHY|7ok zOotp{nsb!t;A5gpsPHwK^SZ;Dk*}9oGyZjH&6L-LHPc_$)=Xk+ZXv!aWuIWWO;GzO ze%>l*&S}oNiPpbfn})tYN8fOyaNQ||+bV^JGKKzc=oC^ph0L3*FLjCwXojG7lkous zl;D^*=z5vPjc=6My!{Pn^X@l<%?BJBXS2pFQ(0HSG^UdTJv*JBm&|Z6deH4R>NKoN zNpIGx?Lq6_M9MQcHIKT~zh=Gqw6G?pJiI1du1Q9rJgugx!U1o}L=zBc#4Ksz@|t9S zlPU?pA}v@_QwrXxS!VI5H+7~Lu!&a?A5C~R)50{SGv+Z(TflV1LZ({<-3!VlrM^j1 z-%=)JD@z8xrA!(JH2)n{yc6G1#hUVttjJmKxYC8o z)gV6g3e!;~O#9uaCZcA)L)q_=t7rp9-tlVJ$wb$+hEeZI4N32!4w3mk-=RxTHufef zxN!#xun5H%knnCWCBMu5NoYhMMw)f+V%WdSLIdtGO$NpIi-lkMyK3lO3XzTXnYrx& z)3}FBN5wq`zs$$iyLFS=_1)>_yIyqsYkyCg8R*#tj^w1P2ElMRi7Rfh%SaF3rQ7e3 ztIGGx_sUwypYO>WTzXGr@cMh0L53g=BNlU!AxPt|wRYk?YapEsq_av zDxtRzdkj`yTgo(U8Phe(nGVf@P8c$%7Hz7f3UgsCWlv_U#^E;gyt0XU6@T*wu#R?p7#c)ZKIDBx+WZO17qYH2v6SiN(#PP^9sK|f5=Tbf zZhU~1sCvE&%_oIi=53a~e4pz8NQYnWTu~5nQFvMI3?#)M0!F1{)ZqsVR zZ0m=09M9)I#H9Fu^=R&?4`qoB`;;Bc$B|CT;K#wQU)K?7@JEiv10TWP9K!ryn)wlS z=A6WiB2gH%=%b)un)XRK4cp5!?1qMY!#SO8qnPHUGEG{@I!#pkktnE}C~4uL#(gYz zfd?X|NsCx=*YXP1&HmV7-2zCR&St68YgmfwC--9y{K2{#ydxW#SGt+$jO|P}>|r@{ zhv-Pr&WbHgFw*nC~4 z*`Gu@o=2lxQ|7VIn5Ba5U^-LKlzc>U#da8uXt;e0{4^T9(nJ$J^%9%3ldc-AT?26v zVQRvCWd!%qoFg1R>nPLw6P#=`j=U-BQ}@s7n^+Z(^~jBIr3csL-4OWZTR)X4jP#%< zqiOSJW;*&=FpY38*DZ40%k_q>?vDO5xwh&s{XNR{x#b>CeQvc!4CQ)QDW#5c&)rpr zyM*kyhwC`n?}5+IRK|P22fTdH)$y1N zi)zCgxcG#N2PM|Vcmi}@h?NNXKnMp@R_*d#;w19nG(_#MU9Q6%ftEp+*t}7KP6k!& z{&sEI?jJ&AmSAQGx>C>$g6;%$%EuxPr+oB913oCEP6~Qa$jX*M1s=m+Cd|WF{MBOPsW9syzk?F4RwIJzA6NEgEmYH?RM#~e3 z;51rp<#s>?DBtNK(gH!33%X7yVE)xQvbWxX+;+h$5cIg9=LEeD3iGrvbLu)-nT~wN zUtyyr6+=o)F-3KGxlXGyT)e!zvH5_$zL8xt)*ZEWAJd0Ri9cAZT$@r;ok zi>9sh#BRj-dS)6^KbRKR4-YdtT3||ppm39Oz^n#6W3aKw*3WMc8|46t8>sF>YZ_>8 zu7sx*HG-e6SN>dMOan}~S2=5{`3jYT>MJb*4X=-4fs88^2+80ehh6jQtKmKidX6*K zh|aOUzAeW2tYl&Xr{;LDA-UA1qWWcLE5jSW-7bUi4IJtRL2HRfdD1mbf4!jR1RZ#t zLlz2pe+$MKIfHZ(N67mXffjE)Eo?v0iG zIU_D8;Or%LpX*Pt=2(aq?!(TBCx$>#FAE#`dDRtr^3e&`Cu*_%)#0eJ9o?Rkg+de4aK17MqC-R=xbgv@zZkVuVcP_G(L;%sEfT{>r(uKC8j*X zw$8vu&s{uBbpGqQ)c0GeY^Leo=(fD>n_$}fjgEBnoAUF^{crTha)(D2r((|jMiu^r zZ(QllHcqD?kJE8#wP(I5Hyz!AWXVpJOgY4K_Yq;;ai)__Gd=j{Gw@f3eT!WsHHap|xS7@}~a&Kk%oo$%1!w0j!18G@mSg&qm8I7EBe-hmM{?EdK+2fyuOu4B08!6+D zK||oRf(QEz|*-2BzU4|Qd#o;bVydhG5T6h%pn8Yw8vxr!&tyjv9R1S(uh!nJ zTKRZ7)}z;M;hKTY#x^fAzWuJVP~sI#cf88C%^6MnO}4-w+zK6a%T?#@BIhoCTLtTj zyp;8qz0e)-KiR=;JH>P*jzP*d6!M67ro2Pu7%!u1gEp!SRco;?o2@s3mV^-L*{_$RxWKF-xLE<7_R!{ z!lazO&lya9(Xmk&s%HZiibxql%0gEoG=B)IN*T#CXC2eko0*Q>!gK+sJaXfaF0q-J z#x>K$k=ZPma+*~r&I`@32gZ?f?_1c+smNA>n{=2J54^_o=Ah@x*W&SJiGehe zwI;7%dOVxyxz&yW914LU8ys*X;P7oMQ?Qe1++L=~_AyNuDhulhTT1KBwq)xr zw$#>LYpJb^YsE%QZiQvtevZ6N(1HW}oPCH>W!HcbA+Yec1C9f{a*Ad86)~N6f$3>b za$yIYR<@F!IORYxy_mVjuQ8WhlLM{bD8_^a)8ue+38OQu*j6}M@L1T7G10A7d?f_C z+&HeT8-zW;;jM!sz@p8q1AFwMKU$*`-GDa9oTr#O1oJqU`L{$;BFZ`ux|c%-z5p{a z5}4YDGcBAbo|BoTfI2)5y4zY8Ra_e+wo1sYheVA)TGBR_^4nUexGkuKDAPBR zR{ElD{d&*^zbG2yA50tkLu07KKb%Ik3!=jIV()WUN9^)?1Vz!Y?=4jPy`IFUbcvzq zT_UVq!$WO!rAy;hK5d%#;Jz7c{#W;yXk5^peEOKwuG}?d(4G`irm}JBfjj zRvPao;vQnvQTL^1~v zh$C=6cN`pAZ88wkdskjV3-xED`hD%OWSh_0_^ui5<(VnoUtM1)<#{`40o#PjZlW0H z`C}ZJ(JqSb{_pC{n(>6o7SJmzIm@5c_+#KgEX5tolPV`#sBG|g|18lT^R4Lj~n zJKMuW<7@4g{W*tO$kw2Aku5U~ZHLV)F5IwaT+ZrEH$t%CFPOYJpWF_sqcxCUp24YX z1Et5XMcf{Biro$mn$;d{%S5L;Sm|&_RI!N?JE49}w4jrP-+ib@7XtW#v2zkv1H$N5 zK(nSE2!*IeFAtg;hzlirEswR*#P;DmL>{d)E&x8}B2IftCer~+*=`&LtZ%QX*<|JB zJFp`LOz==)%Y>!Nncfm~QWnPvkK*=txqTFspd!wSFb^8g0f#mitvK1EUC0$LUQkL0 zKCIdEJ;qQv_!=sw~=ENZDP7-Gt<3Wn9kqEbn13!Gvaj}y58}p7!&Qr-8>sE-qoYgC~+qkQH=pzFN4g1}MT|1esLpu%#Y9P+yM~8# zrR>h!I%FdK0_5Kz0m0FcL4lMOAbR&csPDg@%|3FR>C%&IN14KOoz&9Ku;U_&oV?7m zZ!yy`r7x=CZykoF;SV@0?jgc{iVes8)6CsqrrvY%~u&yf&qMPpctv9zjawa=?XsImY$Aj=($w-tEVMdj~MxH;Czy zVNCCjWO{JyOPnv097g~oTm^gND*Cyr-opMWSvZlr6w z$a&;J7rc>RiQyM8=o~EFH~|(wO_-TZA@b;C2RsM3FqyS%6?Ez}PQEskcA;TBhATMm zUo;x<TOnn$D06fI&^g-e*O%;bc{Ee$^N35=vg zKSc8^VWZ_g@VP7t<*z_S(Oq*9QnZ3YCT7c!0)#BiW))>gT>U{FGEP8J4=V76{U~`; z!5g%SHH{Kkr{LYjtFgHDN_&3fagB~)#5naQv)H&(KhltJ zc;7`LfUf;WiExcV12Iuy^r3z%Gu9+!N0?|FWQ$5z`>OkhVQk~Lps~?}rLexOvHpm` zr>z4WJZ(Vxg*+y`2Z-gW`eiAuj_S_(Ky|=G)$!H@zTJp+G)Q=ed&ojzTEQSjuWvZh!)pJ|?;b1^aGe$CKq~bP&ffnImxN zh8NR=f`v*N9t;puFptum8OGOC`ME5)mEt0aqGWLQ_fti1*jI4|goxEd&0G&4OQ9Sw2vD6SyRSx8{=?#uN4K&H0`F+Dm0F)ML0 z$!3w}46{gWu9;KIFbDIwe-8T6u0$4JHj?QzL6?oHVbJ$&H$h_WIOeSy&ve`brZXlo zoi-Us7z61BE}ex?LZ~G=qPIsNZZK~Q6(00}(3ltx4y2i3I6t4ySuxSrP+A*Gm04~@ zD7S&_p;kJIm0k}T6^8dwX))Pee?LL&VCp>(!}Gaos%J>o%l;-RihE@StJcpsYTP?pD8c-MTcPTSLzB z)NXLp5CdIN(2If&isz6Sg64qo`VmJg%JJtxdtdp`-F`DR3H(%P`*U*GAml&vOGdj}UyOXI2UW_+UL4+?&iENGk*`{q1e)ACT zESYftZR>3@)BI=-(C-dlQ15{YN2}uu;t8t{%8fJd-C*jQV9+~)53sA~;@7r4ZV;dE z-jr7Kq-xyVHb#hkwksl-=0x!&&J?)+d>~=MyScOQhB4;m#he_C_{oBv9UW=G>x}HL z<5i5FT?0iSln-9g6MHWSuV4_o_&ZwaaAeh$6M;FA@@la}yYLEvP2PYXE;1x8XOFe< zx+p@1kB<~#lWe#tG=j^W-;<)uNI#zrc-u;3@d57AqMzpAW^5!4>`70G{7lE$z&X6{ z+>^$jv(L6g(h8f%%P|`l9qmBx3!xP~!f9g<@eYayU5GOTMPUG7cWhw1fmiSnjE*

8CO!Fo%?LUd>ML`!#=I3RgR7o{Gya`_tEt>$Xj0xm( zCU#`#WQ@oMzg40dgGt=Myo^=08HHoTRaDkv45nF@sIc%T)YOy>h92sCii<5c$RzIT zMDRV%A$&~_O9&ib@j|zcxV@G+*$_e}GYx#AC6X5RoiccO#jRRPv!)c+t7jWe?BCC@ zqr#k85|*5@vIqafkwv^^w_V}6Cv*9^C2`SgcLWrztm5vmETAxXUt4Crc^|XOJ!B|X-tQJVxdMGtR9hc80m~r0RNyFULj~PC^`0&`2fbuGx zme}xu_u3xV4w#1!qhr`OXbbF)7gBKE3`ZxfCnn9=7!oGWhmb2auJD!$Pw{y3Gqwd5 zE_|Pw$I{?vR2=MpCv0lg)IytMrG^R&8rp*gp%^pXdBQEUa*=2-_s*F}2qm+Ct^BVN z=-=bf2~0zdj)>S68rK5_I2i$13t8#-bXIDi1suEt!8Z|r4TlV-nTwcCShk?J!iHt`7 zS~jX)#pQjMm}u<$(2U*~Z~m)loBaz_5-#G7-rSC`;l8(bF#XY6j8ohtX+$3}#*giT zc8?rkgJuQFM~$~KO5Z*_;tuX3?h=;k1DS}m2J&#b1pRX*m#wU+v_5LkSO}p7YglMQ z4%0oLJf9!zgIUNav%`M%Kqlz|vL|gG{}Oa29vY&MaPD0vetv|?1yFft6D#|#ia7O`M|UwgGYS3c7UIKQ z+r~6u2h$Ndna1y9dgB;tSMC27ZvRNKUl9kEYyZELwSNd~fB;-~L1$d%=V2vGXW!(A z?02XBYK8MW`&V2Gw7&{Yx}cjtF)_%dvspK-DZibMLYC2F4~ch*c`_xjf-b`sxMMG!C*&3L+ z?>E#aDuY*gXTdlO1~!ofF})z@!od(V>Q0*QyM?xnGl;2Fb<2f3l-*@1csEnPx8vm( zozq3Xt4_4%ceG75chm1>nahLQHE0N@l>#b@ukd#+zO&%mNnp5}cRB|eekZ5YXRb1@vW8!9@4$LxkjdW5Gr{_Ig4fAtckL)Su! zs~0858RW}tdMjgouEEdGv6XSLgx`46yd{%y)Zsvj;@~#lUJk`8pbY1Hf?nOq*}{^U zhqOQ9@OqhemF76lYB}3ju1L@Y+c_K92aXe-9u9@s$HN*Ca>=_`ZgW1<>3D?&MSO0%b-aOJNn5(!g^YN|xSeO4wyk~mlLIH?4PMm0uc4`rcPoBz zAN%N|*db!K^me>KII0ih4G12<{?4F-ta$<`xirVew7lAR3l<1D!k(=KTBn@1lxMi(qWYd zUy3-=-{6O<_ETn~a`Ms*?AC;I?M3^u44$-Rp^JET@4+S)UmBT*4>pV`bZK1i8V6m= zGq$BW`yF3y;MdY<=s}~uc&O51{iQpZ2b^J6Ms*WzfUtd zxC|wR!rU^zAn)0=#9{t|p=BjYTk%Ssi=*)A^Z+Mb>QFSX%Uq;YaY(Xepds3Xv%c6M zT*_lT_lFv6@@TJZ;}+gt?dbFZmq3#zonPP*td9H+EpZ8gMU$o&d*Gdz9Y(7PU$+k* zkMO3;gG3da<|-JL;i!TmTm@t1%PP3F8C7s34{o@LtHfjrveMWCsF8#dkEoGSu90yE z%Gby^T_a1lM)J$m$bm=J$bDTSS7nW?x*%#KW$+_vWJ&oNIVo%8s;rT$!CWJSWi@h4 z)ySd2PBoI{TqC*VYviU=KcLxMBM-So%IXY31R8Xw4_3D%k4KcKDjAbhA-QfcFxdOLTbB{4Mm${-RjvXr1Pa4YV=d${JLj4&* zZwhL^#0icZ@EX?HMeB`NTMXsL`}|lq`Ze&zk9iHopx-*TuUkV6LEYrbEWc?Ow#*I=huD}D7Kon?fyx#dHQXS41iCxifQehZ zVRU(ff!D-xHGF4;p=`;VkZ6!+09kN>aZZHJDeOrft{Rv?Gw@<9w(rC`$9W|}dBY8~ zhpjk0o2^(ekIlqF_RMh9PzJ}6*4!A57p~(*K=3+5up=r2)#Y8zPx1&uS>kh9aLIfY zTrKEzP+Tr`l zGe42X6dFGcI`)Cj$HYua1idflpbW&*s}71E`4>;&+So^X3Z>{`k12QV0-}lCn4zQj zZFAZ+#=r}Uf-#10Iy}a}ON&Wk4Uv>O)}Xwh+_9oP{*Ci`Ym(DGPT$GeC7&<~(S?&Z zbrhQV%u!N@SV|7b*vTf`Cf z3wkP(OH?i=ZjUmk^~6KgKRAoU9tb*O1s9-+=8ZO#Us0?cYY-N=S43AKo%Td;^ z;wZ-joxX;judZc!Z8Iy8tAdMTkSDsv;{CU9u=BcL#8`u4VK80iNhZmK(i`<uGGGsjOc!*upa%p!c#gwQf}%U) z+;u2iqLJLZ2Q7FVjA093SBx28%w@)zb<8-wUNcsMk;{yYxy;zOff*ijY@7l6=Gw`> ziTBpAgRS8mFzaiuEeVlRHX<5c&mA*fM5B8XFkDRIr7>dB420q}(flM#LaK-C7?1Iz zc>JTg(gq0PvIAz2)8n0*^!f2fX#r9~8{qU@L>Eg)!e<@IZSJn&=wjpf5p}&diJK*g zK8x+n-6Be32h+q;Of!p_W*vD0`BApsPJ*qICp_BLVlEnCYvKeaTgOe{B83)=q^wKY znl+)Kt>-!V-`RQ$8ilQ=S=-^`tZm(&OjqAyI&w%&(B!N)%WR!F5w>ob_-I=vbAFGk&EJnq0 z!vgk|;L`I8^?ytf35J-(C;PBLE$$E_ZcKq^p>6`vz+^edW2nPN8C(#VhEFjFxx4t513J;fDTX>U zYYJ@0S;r~ntY=!7i*)(o+r}vdKDV{vnq@HV(lnr%$q-H12sZA!(77oF9D53VamfZH zM8ky4CRUWPSzSu%$zvbVz3frk+ zrf8Zw4+YuM%fGe>U$^4#>fD@a!24NRcwQRp-jMbVvg_nZjY`2ngl432YsJ~sRD9%O z)?5gd?q@-)V6#&&_D1Ld?C>n`Hl29Kpab$!5U}Tj5Vq0r6inK)@%{leGj1TF1($fG zeUuC9@X~_##IcT?%;mtRP*jl0-?oq^L(`x!=L|Gf6yNF)-zCJUG!>#dAPVP1&>I{L z%N<-hJ1_$-T@C}Jj7<>*HIO`s9e4D#5C6C8PtMHUO1Bj`?0cyLj)bef@$ znf7z36kJ5k#f{9iShlw_;iUwuN9j6iC@yAsegUIsnn8S|s9&ioP7`h;3f*Rjad%ka zuhFMWH~5Nr^Y!Ca!)uGaWuF&7Z40 zNjid0jNsEYSbW~rO^UYjr%Gf}G<60VN2?wlb!gg5Llo~|Eu1M@8x6%rOpJU^g3k@j z5Dku2&NQ%XH)la-ZQ3});6dYN!i2>SVS?6p)uAy>Y0Oj_M?#~E)YxyP)R-exCC-GZ z$*gLT9bXop?eRzz$gp>DIM$L%W*WR( z@2}h)}i|_)Nmp>)WGC01bJ6^qAeD|T^>?HbF0e@Q@L(W zJJSsOWvt7$u}|jc-*jxYT7%B!RpzKwQcW?dnU0$?P%|vedGw%tQq9ToYG$S>HH%rz zbXFr4tLxL`I&n)HFIKnkVl@*?%v*x)7xYhu_*Er-ONj4e@lqi&cr_bVwxNg1& zSO#sKgCd!@8YM&-IVkxusWnbg`&eq8klL7oRq!hDc!(c&h{t~G5LfTCnCRY|vfTm` zjpS~@i`=1eIV0=YvSY#~aVjnXS8?DC1fs*QVRJE?t)6R;?^@nr1?)a;rYwQWFCh`j&tUYn&;pqF*gNVv@Su{2)aYahlbMfd6-F7 zv(PEQm^z+ChbFN)Puf4vfQ`cheD?=SiA(bg;_@7P@5PHy`F-!;(_om4vgczSy1D?f zbWhr~P*&!}g^n3%p#j&()5SbgxX6J0FYHDyHnde=RlKa*Byq%-q*MM@VIa5-U^y@u}@-CGRP$4!B`Mtz+@7>T1^N?m|yZ}9@TEa&OK zN~`Xm0&2gj=XU!uEIND-Cb3pkt*3_gq zZA!;(BHiNnJ2}{ht=MDf_~^%E{^-Y*tJt8%PH;LZe`khj3^Z{Os)M&R2WA+2m^F=`jsXy1D7jJ_`c<_Q=6!bo)VdM_FZINn-la`20Gp^*}2U&jRK_r7E zF@(l1MqYU$zPdrsq4*?SI4WTzH_RPJSiuoNFM!GsFLSZ%Br6wl zO80q8xFbZ;jS%oyq=Idhg9S1Kx2Z@|TER1f)m>w)<4Lpd9Kz|y$ z1nf-{@huqIKB<;sq=B)J8M7ucW7ZUAz#*XAB}f(Hp8+oq(t{;(<03oLpso2%gQVTLFoP+WG!DE8-4xdn1*sjR3?%j8xFF02T@ZqG7Ay~E;_L|rE@n7)al^xupiS}Q8B7v(SK z{G+|^XNf7BSz`VcrZ+)l54a8)@tt+<0l8Z_*vYFLm*v!g?Q5ZB?RFNC69_HIGT;Rb z@lMOhEHJM-GxN)sMa=A%$0?5$be5pY1s$*x8gY+k@(Rbiv~Lw|9SOZWXz#n@s#0Ne z2-8(HOjqYuV3TXXN=F+$vJ%tR$(3UII+iVq^hUOxzV2olS~h8F>h!s(t_RIr&Gjs@ zJ&r#UsxR!_U%}H=YBrj`NL@}>V^)gkYW7M5b8)BQVdpAjX!kD8P|7|o5Op1n=e3P1 z#r_{S+Rg%_A%H3tv{(q2mE_4avLr9F;J%eCctgpkl3V^dPArI99r2Hiq5o1_SKk9vM8Kmcsw zHA!$_TK!qxdvAgARVafhl=lwhz4zXG@9kS_=ef5EWb30=ox5}Iojdd7NuN9KKYXlG zUc>T(rvGO5#ocez3pQLAO*FJ*khnhh-)zOIfq};$f3K)|)L1ij3&!&jmpeE&S5qr> zEmlxuei#!TbG6X0JIws%w~|_eqki}7%)yox>7Ey#UwSV5^l;h6LCP9#YxGF zDf0aeC-8=9?dZW;O)#)?hJoF)#NIh#_&l*iFlvF%-b=(v!B@+C_FN%`3C0Pg3FZhE z1J$3h%?qzXX*jCGyU(uI-@{nFE-bwbGCNh-iitth*UEh!m@(RHwR@`eTd|abZ!y13 z$_~~!I_$(JiCzg~3BtsJnjV4qYm7?1IPT7sQnQ9Qk#F`-pWq6l9mI`Q5%GmA$N%cZ z$1uIE;ec2I{eM6DKs12?8$sO4s4Tto|6lI|9}uP`pa$RoAYv{|nNuD031YjLmL2P(7A?&kX+ zpf0z&{n^K#-c*YNXd$jX_4Wq+saG^2TK_FXOSj|F@hECU)UO+L*J7#>u`e_tcKB1h zt7@Cxh;G~ZN;=ySZ!zPo((%?=<6R#xv$B*~nS+>6Z7@E|JvD+za1zn#KV3yNfu%=S zJh#bmUme1j-{92IV|=Sf0A4gMNw5ioG}+0FoLcXMWDR66X)KcRg02|LoAgJs#TX{Z z0biG2U4^eS@r|I`gtxzgCc6jU;tbGZl{X0P4bkebL*0Qu8XnyIrs1>AU`&)i))g>^wk4 zjGFWdo_xZU0&0B(X%jcg%dK|5!M3RTIR07M1%bR13Y?r#n_kuTYqR_25w5AyOl#d> zns)p%1WPTE)@EI3e913r)alP4p6*PXcOg!?5*^(C3>M&Sm_Bl?`H@!W51O8%RP!V| z1(KW@N-PHQpp%YQy=q6rVf$6oZmm{SMLQ}q&ho3*?HISvVRUmlbk&KLe%C0q*lA~-1Gz8T@Zqb!+tw~Gj@aSikUQ`Uu69REU+MQy298JU9^I2; zqnCWsdL%7txT`fDSv5{yX{@(uthlam%BJy> z8XL2iaL1R_`>9H$%66@?$Evb_z?S6QEA1s#?U$@)Ftt+H!?|~rL9J2LM`Eicz9R9J zl{lq|MI>HWiTj#ZLE?Ni#EnmtA1nGuo$=55bu_WP63uJ!CFPjW=2AD zW2jR(u|{xEa9VIn(7l48eS&3`e6APl6I>M>t|HyFnkj?dA|A(4F(_~eY+U9+MwMOt zXXvS9k@ zi5IM5c zm*B=0uSO;ypM;r4t2lh#Uz2~VI;nl_Dp()5I=jxJN&RFz1tTiOCgO$QS~H&`TBsk6 zS71&hO)_6h@d$Pp!viv9kHCY`TPuxfCSkOdgn7X|!KpS93U%+7l2+41QO^_f zsk3$%`?M?|Ja!4J>kj`Ny8_T{$(zN?lgU4iNj)ioF0_n*LZixWKngg_kMl_=5jXOqb6^(ot| zM)I89le;*>ckljJ*b^|e0-}8KcN^VkSKLjS8Perkg2I&Ul;bW2mec z3kr~xCvX}PjgpdXnx>D~Wl!75X}to5j!Ni~;I3f13p4JiS_0c6okv;BBjq%U1wY*7 ztDKe*H3mKh({_))RA)0#lkLXra`Ip#_s}_4VKbN%lnjnxc(*6RW4(waUPyu}Avx2B zgi#=z2*Du>R@~LrjNQLmpATmAVBBXF`Ne&CEXe>kTt)A`VihV<{6wcJWqfv~{6?Lu zU_$Gma#$5hm?pK&%xj|3KY>!5hWt9H0h z>8C2-%)(s|f3LEgZ@mAD+p3`c23kkNf%YwdnQ~8MEZAYrM>#Gc_JBmtjC-n1(@qyq zFS#=ymI0Q>Up{<_Bis6;++5&hiZ|ZE{sLGRz>0od5^*e@xRyyg7R)c?a}AKqPwJu_ z=fjflDZcfF@+DMC-%-A?$f*<@Em_eQIH`yg+eqpeKSZx0s%`?xyH>7Cx*_pqRaIQh zK<5f#tzaim{ootbzGU~gT3W*JS4GEI^vFP^#$Y^(+c3EsD)AXcuHXDf<)3030w)(| zAo1X#y?8j;W6XYij1&Hd@x7nn#XP;3WoUAsE>lMGTE5<_T^J`o@sr z|BN^uPh1k*5nN0rt=N6TQaQs!Wg`HcBng&UPYtY~Mu)ey(o?1^m%;AE z#2~?P!DhjxdeVbii9_wgc_7*(-XSe_yW@B+T9;R>My^#LMf?U{byA>Ca1e;C=Bfi9 zcpn4zh1}Yu$@3tulAPX68HXNXA8s+gKwmI@4vc^NSXHf|UEN&6B$?AXzNzQyn7A5P zNAZr^!023i9xB+t_9xuW-nD@p5WF>WW&>{q_58q^ow&Fw+puFhumQ4#_p!0KtmD7{Mv=SJmUPU74WE)hjwh(~b?mP+FOAw0`#@S?%N2T2r{`H`KuzBdg4P&S}17_q0sQ3&FzbsJ9@gBlkci{M|a|6DqdCY z$hv~Q#0reaa2$$br)qkYu66#Gdef-e`CGP zXK>dJKh*fHEtg+%;q-X|P0bX%%;d964lyfNa!-xyU{d$VQ|yA>MbXvn<**ZH#}3Pa z(IlBGan4Y$hkE|pz~`4wB@KeH1$>SyB#sJt7xB3Vh&&aqVcPckUAu>POUKmUQB0mn z!7;&r67rju6RjieUGi;Lk}s)>mzdgS|+Sw9!DWC+L}|$0~6j zbqy|_c?6dZ)*gN7A%)3$)0_)D*H zx7<~eo)+|K8iFmhOUqS72v$m_LM+_xrcOh!xhE>r@+;Xa@>99Mt}hfPDMv!NeMmMI zOJ2Fzt3~r`7nJB9*>}Okb*?;|ZTfPMIxm zKbd%Hu5m=2BXg)f|5WSuakAR+S&*18`^e{=r~qs&t% z!vF^>N-Fb$UBzPv;H7BhOQ=Ms`OEtmx<@_EFvLI!LzxOWXK_`F=N#86#|v1#&EOli z*q<#sx2Ce=+|0Z_gjI9Otc>{iyP_H%ViDe`&eRZDBDP=G#{V84x)4r>a|@;3jFTwO^QH*i8qE`cui& zu}f>FrUdG}C9IyLd%PSYIl^aq98fxqkzO-{WeR_>%;TwyLN(*2{p;NN#fGk_5f6@jEXz^|Mw zG9|Rhe5@l`_P3fZe$g3aO?LmQb!Urh|JrM7DG6kLY>NKYG)BB9_~HfC-&Z~^mM`z9 z-C$%SycqvG4nJdU2FILTEL_U(3xx1#23U=&uwfT-B=|X(sPG8~TJ%DZ`8$e2nVA&g z@CAbAYLl}oN@9%5PmP3tvmp~10iQ%F&=tSNAcuj>OIpX3P4&vv^36kes$%*# z@)^QC2aT>4-Y&E2gMF&Ft<<^%x{642>F}`HrTl2orAVUNcZn-?AFJ0PNHVVfaq1`0j{GIy5{*b9v} z?kZPL(OBRq8p}MjOZj00GK+&fsX5XUdNL@>EY9{s7T0(piyOfe$~cNed%a+f;H2Q1 z;IW`vKkWzxV#ZNzdD4>(>;JewMD_LkuP}3gdquo3Lcs}-OT2Z&65?eM$7VC$_=&rk zRFaqFA8^vc8NZRqC0=55yO$)P*Gt>n=tY}{yVJRA1~3A)ghhj}%M+Qhl8_)Q@R zac{5c@ZmK(5kUy{+QFx+hAH*8Z>x15%a>o@xoiLRy}wg_nFtQw(Yl>{b#A}(7xnfk z$X9YZ-4FeWyQ;!hvSYcWHVqkoOO|`5}4F5MN$`PGS(ABmBVEFMLOW(R-As1gf|0 zst!M~Yr{|M+Vc~;+DwDaOoNvEXwZot4NCK;K`S(9S~R)rQ(r2OHhB5Nh6Ln6iD^R^ zo@4yM-6DMJf&mAV$pbQPhW*6`w*axhCqQiI(Rnjrn&O0l&b-<6rzt@JG^IL#rfkua zfrIOLv%$PMmN;S#wOt7Tu&Wg5sWR<)iRXNZR)GWSZ-TBzd`=T=72FUEJSII~a8U3> zF!qG>YQb5-Ex~iah}^$I=&oQ`KA)2X^97Ic{|du1^ZIYr<=q8jIW4#%caYpy_*YWm zmjfkx+=3*teE5wcKTZOXAGp6pIk2o=fEUw0MZ^ffWWkXN=)l{q2@)NPTE}`2@9tzf zu^WW4Eln>tPD6&RmYOOL&lqm-{2IG^&TtTl{%Kuy~g<9Ub3EwVp5QJBjvrxfHbg#Y@vx(Ku2Vu*0dUHC@9{qbAjTo_S>5ok!(BiKb( z;gNcTlpDpaZE=*oVxcYyTaQ|zY)8I|qS^KjM_XiI@G8-I;H2;cd+9j7q-N7$0WZ!7 z498gDK6hzWMj<&>3ozbzpb9~zyH%S9C)E;;{jsVk0&*CP)rIp=YV-?;OhW|I_lrz5 z7YDD&tRNNNs?Z2$$B#J?a*f450%|cCS-sRt}Nqy8Xx={;?maCEQxBk30lM zS~zunxev}cavE=|7m-vo5Q(=G7!7*H2K32TD(MhyGW||kdy$r#@7wd8Mlt&e zHYm=}4Tic$SwrI(>a|HT5a<|X`4^Q!Qn!^9LQ*D4DO*hGx?t@#pM7?S(}J&d`Me;w zA$S5rPaTVm*t$0zWid~vsV2N)oJxl~8Fd+D?$v@@R|$WtyqT($eJYDSAT|KG9I1CO z>K-+GuHI9xAi@lbeGZ8|;ld5{(H7;*GK7n2Rd2N3w0F+p5P!%l(B}=0qtW}pq?X9f zJf{)&RVc;ml?yzq`CB!F#%K+m>CmtM4RG{+M9jP(dW8QqFjO!-na>k~At`?io2@&> z#$(KZz+*Mb?>r5m=rR`&T}p_~rNjWiXu%7?mNL>?%83JlZIyiP6C4*@7CaVos$!^* zV3=T>;0wWA!7{-*!8XBuL9c4ch6ttz<_XpcwhN93E(`7nj`mZkaOkfw)BWh-Z}A0J zb6{0Fgba|4(k3?2c1-oBV>&KqIA!VMh0kuiQJcX1cl6IJ?Ld?r-0AUKVZ<)d34sIKQ0xDQhUqy~VB zZA*fgf~A5@qcj{V_y^Etkli;vGS~mhsxqPDytMs zT}AS4|I52S!aZOJa@?i~H<{I1;M`PcBRI3R>joPJZ2QEa6XJ~En&5$;!zt-rf+2#> z1k(g_f$9fesGS69C_ECSjqppV3&zFvXfjdGF7G7j#^(spac_uAlEfa7#Msna669Mh zkT0l0))-Te)7wy%AXwwV=OkC6kK5b2st%&aocr5S^iq;w&bKNZHot}ABDng9C&(s} z^h9q`^3_yBXEG;nT{6t3O{XD%{mObz>Ux{+0k2I5oFyS~PRR)EV5lL}#m}y(YZi4E ztcXUzfgzJ$|_Q2)-8V_Ilfn zZW0~IH0kxW1-k<7V(R^oI)zaPaA&}}@SX~Kdeiz?AU<`e22xUWWt~aZR}x$=I7}v; zM29pa(Jk#NiJ58EB<7~+Bo?PxlUSc-OX5}o($%%G5ztDqeO z9Wf{{jX^Fihy&@wDZv%N*bGu?fo5knJHzZCckqKM%d`bFSp)hQFqTcZHNoCIGT{#D z3=XrE6Nlbi1)6rIX&$6)fQFv)4Dq$#bkL7b8suW{>P*Y`F80P=x@-4(pUfHRPd~;@ zWR}lxM$~fqrdp}6+)|mVxEJS_zqt7+eD;5!##SxwsmL|UN5A~=L$$GH`K8KVX9Eex zsqcMw6StOIes=RC@P4R-bUypVVaRR8Je6S(aE8Vlpt)%CTiE?_S26e3FA zHjkU!us*Igz??5(&OB>b>dL!cK74Q&i~Dkf2kYx;D;7E*c)5bbKV>gt^a-V18w=MBC{4k*L{nV*5ss*zR3y+CHys zuP|+YEw<0HV9YgKH}bN`qFjp++X2Y**GP0|0*is{Qdz~8AOFa#`^Gjbzy9Q=s@ev3 zaf_9s^BTvD=BOt}GdXTZmOGVD5SyVZY|5}6uwl9OZMC3?i~HHZ5}n!OC6cV!5=qux ziCNlDO6ZXieYopcryNQ#+JsjepHegRjSGBL6{kq<2<(7|3Bj`#d=ut}@5bWq)ylxk zHe$Qriw-_N?_?h7+TUJfmRjEZJ8O{%N7nz4JMouFF^~GK+9(x6)64j2s+=;~_ufZp zuuRHM%c@RJ*D4K)X8vz=F@_Vt{BAyb_DN=%jZIP+3UT=QcM7pO+Je1qLt^O&ae0h3 zTAQfuvTGHpI;{rt&^XyPC&BhdG&rPO42~)ngX7A@z_B%L;EdE9S?4#nAC|SEA7s{A#UB@xIt>akUW+voP@ivw5 zQV{cPgja|)E+(g!aBecY{Aa+4t8TE}vqB8-sE}mLX^B=-qMK!|Y?gJNg9~bdq1hjy z-!oAG(*~UJJ7bP1@tkKGK2w(!mVf;v?(Dm1kE&iR??QHX9Gh)^SV0 zurzn{?h#OnD!hHs!u|9MW=(#`CT?cmqFXDq+_`f-kr#EL1NeT@2r=BJ&Bk>Q2d(b7m^=uNH<-mY#xh29;iD1t~~E zG!;OyKy#Im%h%x@a0NNOqo+R9X0?0<`_<-W;8-K?b;kS*mgF;t=X-5*qU5X#aoCkO z;0`UuXFtW7TXGFLL8hN~G_G(fZjZYJQSqW2+*L(27FM|HS1C;BKYAwI}8%&|)8h21}yA>I~!mq=2L;b&WU=QEbTHaSNeUd?Qeb|(-(ueMmOFyp6PU}a1C}RL~&2vLC*MU;x zJB*&s=`e;j(w*US%OjOOf*OERONWyvFXi)=hj$-;i@uC*z#D= z-)>8sA)8RA;|=&3lx=m1Ne14nz1qsgo$WkeqNlkQa&$9Kk~+#USlxa45iVIkMG|{< z1K4|pV!_QA&GifBKu)p2$*%>5MwPGX~VUiNF;c&);n4H>_{L7y|a)HI~0!J>v~ zNMnOGWU>K2UbfMYhxWfj0ar&27T)LP&wfj*1lTLjMvEHi!)6^!XE$1Yg>jG{3(P=^ zc~5=pW~sWJnk=|qULtNrIYq=FjCeywd@2!dm=UKj;>+t1S4+f^ zI^two#Pdy85l2bH{)~7@A|7MJVxN1njSXLTx7ZWbY`M+%+l-@Qf5b_ymS(dNZI;Qd znPw?VOUmw*tooAlYiXL57cXb7%iA7SOMfF`GaN)R-%R$ki|jr zJ{uyA2}TU_`2`SOyl|&SUW*0JA%FU7?L8IcvgRLgVb+QrW?@3uL|@u-XObKG)cI@e6MI@j!9WbHeN;;&vcU_-lB71MsD z%3=PRDz|y4igksmW)D+UgH_c9RrO9$RZIgOv#0sEN$-wHGklDsi@1ncKA!Q>caD#N zybr-~o{yD$Jdnp;KCUb<{k@CCj3r_@5M3#_I1KKv(6P=Jb!YVhf!jQ>EtgI?hh-Z1ub2+*)DhaNRY?A4UH|8INu@j6Wfp-hRJxm8W_LJnp3Sjb z!r~OiI!t9J8QQBbDnfB%$(hupBm=v=;SLBbp)5CTBpHvDS2C+$6_LV5gWZ*q3IjQ@ zh_6#VfL1fg?k;A~G&3j=reb(r&kA`2=<#fUX@6$OTCBNfH0%-Nj%S|#*Y)U#fEAz3>VGpWU(CXrexRD6+L zJ(gQHrREApnIP25dv$gV$r4YOoeHU0|jqN75qFD7_W^mak>Z%;9=V z8opHIem`&8h#urx@ku{wM6|?C1L#K84BA#w)l{s3WpAAE&<91@;|(}4W6|GB;QLm7 z1LzPq7vLEQ!>lvCLMIRCbq;5?Uu9w@-&Xa2bT^+ZSe~l&I79say?0r_I3M6Nmh>k5 zU*h`-efdV5WiO3y9zIcxFRf88y+rcIpcgfh;E`aq2PutS%rK4@aGV5woXQ5#^`*s} z1j5)!c_u=7hFr)g%_N`h_8{t7=_ty^%+q)SAMc&7K9Zx*%8^;_;7#4{qEFy4WclRX zTc4_&5hT&a*GhhFk_$mcHYpsd`AEy6gujjDx8GsO{+{xf zK>4v2h{JqCIM2y>A^Kb*n9XlX1(h^`s$q0eiYq@NRXky#4<}VQfr1$WPAnjiABP~p zIDu0{IH{M-4^r(`plYy<7_@Ku+(|kArK^knNn3TX@n%i2_tK#2GjqH83F-~lYduMl z4NK!9X(OxP=1KipIwxUJ8OT^giz3DY^=UI5+x8^C0_DquW=I&tJ*Kp{-xS0TlPNfr z!t~ty?DqTba_X*P3R{D4n>~EMb4Sh6u|@7+`xIxV9ndFz>-HxCJi@wIOwC^^JC4!f;htvlh&9l+K#1YQn63 zCuy_%0-QNz;*iES6DXJZLi3na7GR{#Y@k&!gn3!g;)_kbH7R6cAH@sKDup zd}o5u2P9cX5vUhb79lAuco0!l~JQ*OC4ime_h$9o$ zcwH7P%8N@bN3#q#oFhgq6XVvIKAf#EM}TFE798&78cic64B-Zb%XNiYWbNH1#_Uil zLZ%kk?~w*CbeZPuB0ySe*CqWrotI@oGJe@|50i=;WGW()#kww|;+8CTe)Ep%!OWjX zR+*BXS~68j?oqP(h=%e?X}Q%|O+i$7IT$#tsV*IKk4kNu^8S=4KcT%#XGHgN;*jIt z0_OzJo%mesLUeZ{1`B3H{w*xTOlkQtx00&*6}->~@7z^w%h>7qK%G!^g)n`N!a9RR zD0Gtw98k`tVyNa^a4?q7dxH5zRQcU?s)QBna=H&c4m>38v4KQ5TX&9s)$01^u;LI?e`$veY zKxM8ysFYQUb?E_T#3Ac5b}h8-T4*3cV-boTmtd7(m*BMEj-c~6G+Zq_s^B%-x}yrP zE<37hPDzA(hqdw=YnYAo1zD59ih?NEC^#gzEO;X5Jwcur!7QMzExgxtZUwHha>-+D zQ7J5)WU(#Qsh8_maNwF$Bv(SFB=9qM68`Q&$;B25gmsAzn@CNm=akyE#p<}BV|CwP ztW}KFX_Dpz1F=OwFZah{DPxc;3rW|hd7zGyT0pAQkX@#_0Z~^^bq%6!P;g1`*v5Wo zvb%0F_ExfcO)>Up!A!vlpw|9!QyZHv?A>JV5SB@@SdH!3v@I5@S4{2J_0X+rp+yXJ zoVKd>H5UnkWsz`@>Vpu7V@iVgg7ty}f{TJjf}S(vj1tTcEEjACYU|fb^*f?|nd&Em zWmC{$mI?v|69n@F>je9OT1}q0(o-U9L;F;-AS{Q19&=O^DVQ!;CfFu8F1R6h2}GtT z_Z>{BzK`jiUz=|`pDRC~eE9CKKf|oKircY#X8*~@Xzo?P6l#xvc`a7?U9r+P#0Ia# zS|}E8iXD7M3?s$;LLDrtcd zPT>*91s4Uk1y2QCml*0V7zxz-veoXs1=~N=4A+MeCD7#COAB#&vQEFZYF zK(Aq(V6jPN0>e(VwwP0y34D2KZV!?Hrf;5}0eq1s-E}pZ$HDL(Q&CXK$QlF(1(yVm z1p}&RtxO%Xo$Bv)i3Z?;_Aeg%Ud^0Z9>d)do?OmgVXSbQVHdVAFNW133|(Qt#A-f= zwNW=5IHAbi$09-2nMGWsOgrJrap^_ijk}M&`a=8P89y_97Ae0=POM_R^5rEK!7bxt(&+i{(XHEpUTv<4@WmL|5i<>47dU8+@jol4fR7xXI|(*X}_QGiOLQ% zaC4R(Sy%6vp z>0Z;iCxW0mS9CjR-OuQDY-kW!C5cyQm!?~?MD3QWk>R_;w(urv_zNB0&hY95zP;pA zaG?gnX6^e}_{6)g&Ws&PXIzd^UtD7CTDh=qyyW_0NF})a7*cdR8RuYJZIT;fW!aYU zW4I*YXeXNjTNMA|H{`Gru8LRy#LB45 zR$?oGasMIC!8(E|zm~yHb;M_a$AXLXq-+C~>{sq_#0o9lCCcaOWWdB1ETkTdd;?sL%M4!>tXt)C&>As*gLu42 zxtq!f>wP%eA-7TD2t3}5ehhatOyYzal(lbZ_E*>0gRj^dZ0vJnpD@{{ud!o|(8dqn zFIEA2%(t7}EPpq>)*tG|ir3*1pV1~1-B1qOj2%}Yx*5N{_XV#T#V$-LlcyRtLzBu$ zdK>NdZ?M6!2U>?{OCW^N?C%ka_leCw-C#Mo>loeL8KWCx91)gP!81YM11o!u$zCYz zK4gD}K(tq6!3O!?sb<*F?~Z7zC7|()!EFwIkKp%lQ=_}_oof!&8k_5%C=U~PRk9nIs&f6fiIgjtf zwxeS^U~JE-7@MDt&D--@Y|8)pk!5%?vUnX?79-n|$eIwD^m^ODz)!!|lX)4$%yD%5 zd!#-HD9z*BYSok9&D(0*6Y_}?I^aZ}ZD;aus@B&FPAa}qBmF!}`}5BV#A zzY;H!zsZ-jB zqd*w37fd4pv=KqNxn4k`f+O)_xvF#OYrL=g{S7XCWia_MqdNIMeuj#)a>e_B>xJfe zMXuK-S1!1oTe%v^^;&Zkk!xiXDf{T=|5DEWtR~bHxRb5i`{W+i+!f@0F=ldm`s3Hq z7*m}(PHV6Lo9J(FK3$gPUXy#l8d7mBq?sYU6Q<1IwUADRW0f9*)WAP#0BVesXh`QyLfW8opH+J9x^$ry zn4&->1%@dg(FFyX(XCt;NV*oA3kGP_x^&R8X4%pF!mTh|qpYuORX z?nFVhYKqx~k)=09yo0Y|>7vM(DUuj$Gi>8ck;-c#0~CpzW4Z#N-vP*A|cGC`6T>}a#0;-{QMK!Hbo*8|(G0*4s5k3dvCyTo0=+&w-I z3p(ucxeADW;4jQA;JAJ(QaFYMM4=n-1&*qWv!lUwxiHGW zDSRwFM6pM*K#@jaW?-uj*GN3E5vPP0$NDeJ=_gR$;6e;?V-#1NEae7cHf#ok;3e-37+566G8g4Cu8yOB4!J22xfVc zk`X|>3?#aT5HmxG)nUY*aH4-C(sr$=?#5izZjQ0WuYN9FoW58@mKX&in0NmCwG(ar z3gs`y7%Gc<{)RGPZi=-jl;0gTr6Ux~h6r9_95GR_CWE(v6d!1R_`+1V+}0hFb*rlWiqOJS;iu%qMjQ+GIwT1>+J(-;<=$G zRGllZZ|Kpt4>3gduh3gwRA_~{o(o?zD!u}7^SV5H%+5R}C6()y+LZ*a0)+ef=f=12 z6X;n1(_Pz`xO2g%4(5~I9|bo6#uGKk&DHdv3+Kbw_<#<6oWcD>I8+e_r9A&qXYS?h zii5VkE^71WChh|@%c9BB8xNL~UXri2CSlJdc46`20C<_he39OMsDg1WQuHTbm&hHQ z2Xjw=a8MtG5o-;o_c=lF6f+L+U6q8ubOd5BD>y8;(1&+MuNa$*`Ox}npT7bI$Q>_u zG{|SyA!5*wDHF;F6G2m)P$)|M6a zJwIdSVqg+B;9;H(&iR?2$Ky0HW|lZCSUbn(sWnPs^HmaxsT>8stvsk9&0PjF*LIPr zy(G-EV9I+k847zhD83_jwk1kXojz7B$=D`0Opf$zNjjE{qmpI&%p}V04O^*TZHFOKqS-_J+7}yL6UWXC?>5(4W1e)G$cZu`xKoJ+!S;;ASLhsubMHhgI{8D zNi`U+SE@m`8v&_MktM9ng7ZKW19+0rTNE=>B}aTK!RL5Ll`%k0CEcZ8*p5^joRFtJ zYAO|u%Oi4d)9z}jAyc9aG9@azmrha*mB%`u;smD2NlLRVR$C1qCq?}Ogzr9m^avYE z<(#8>m1c0?r7B`MosRzp7_lx`pZX8tfwhYPDCGjLs;Adf^oM`mQ<22vUDYxon@QkD#*gT6gbMV^oM{d1OA9H?^Kh; zZlLOaf%l_YGYo76UC6*2y04~R7;vD+=ijTX7Y2PwD=+@U-6e<`8$@tl;)p4 zSAEQ#pU=~^OA40^Ch8TFW3O`4seC;XA0#d%PKWZYOlu018|+d+S-4yl*NvGq_GH$z z+If{Rm>Wee(zP{FRDS{WXghO>akU5OBKhkOraJ7G2f=&hP=S43{;KqmRV1x zI$`P-CVjuhRED|nRGpWDVS+)1^>xA*fPqPsOhfNW$YL9z>n;_VX`ty)(U}lB60NRz zj2g#{iZabDHCPh3ueO;OmJJ@RYRSYd73Iv$tU z(#g<9!G6I7!7agaLC-GolnT}fddyPW^-Z${FVXL~+EQCXqtC&GzQG)E3#csb-T#6c zJ;q)d?|y-ivzj5B|2!Es1$!3wye(L=$mb!!%q2cMEK>=0DeA7n2WV+j4yw89mK3sb zn*=AabA`Ai=(Q>oAPTCU^L?yVvUwuS`fG0hl1=0=xHuyfQV2GTbEmWX$jQ;?uhdiy zUM}mWq#UWO(sLkrCNVUuF$Q`Ls?L!rY>i=M>!ivS=#d=r&^?MZLZUZl*Gs__L5EFJ z3V^Vbm7?1#LsjEXqKbVbS{q(T#n?j?%Ud*=QI_h!HXS&`z`|{6YuX`(?GtAOXAbzB zeaKkM<%OMB`jbAQT-y=DGmeSpCyW5~l57M`&&4M!?y`_c$}vxRX?%3gL#|*ee6FER z@rSixwjqtVoWNJ@xlrnVN=3}LiOaxz_@wwuhcq~|O zL31e|nUNq6o9 zb#$RbuwV+1NsP!h)I9#oX7W|OB(W&p;9jw9N|lmRQrep@mJVOjJ4udK(Ksf!E_fm6 z@5=b%1YZf(0vW3xHgb=0Gq=vz)B=e$t3YC1=f3R;a!Rbt1rlp#!BuMd$+0OK9o!g4 zpkRVvo?xBel;AdyvAPr*svCc1tg(d>Yht0qdQu3TPVUxNs|qF7`ogPNTgeds4ou1m zW(t-HHUSX_3(sC5J51&#bcZ4c4G7Do;5iv(7?4q9Eq&6}@F`~TGy5Gu#VmkAZ!AJf z#P5w?5I>C_3BwH$hH~Sh&cnGPNzDr5^Y)-IELGhAg z%Mu4|!d_G?IX_Y?U*-aZqkU*Lqwmv!Q#x>sfddFctbW7>!8(6FUkb(q^0_&P3Z&kM zDzO&s>Jme`*A47mFO$Ri1?QJ&-cp8?1yjSeU}89*3j{qPAR+7S{-wqjDzsF08!}3b z$6r2ua_`~4f1_TN8nS7ks8q72qEv<%*gN`2tu#S(SQH~=GnWi$TsV?S>OQEbQlg2y zf`>qL!`j2&1+N}J=?YsNBYwD9y#Gk=fWIt-gKBQ}a4mzjXED@MBRC;=Di{$^TBs&1qlW#^ju)N*sfeiI`|NtUz&**c;dS8kxQ(8r+c6b9|25i8S) zbAqW^Ci7#pP436)P!f_&mWVuJR-s@iu}rX2a9nUz@L15fj6A-AVS;0V7lLu+D6;I1 z^s-|+T25Zi3Sv}+8M4lhR-tWLX^!kvr&p41NN`y&s*02%!9KxlLBDF!GX$Fi=YgzA zI&c8?a36g`%nwCW$)u5EwQ>8_&pyKa6~?XGw||Kn18{jPHpzc_3ny)>kBplisi7mR zOJEO!xCvBc$HoV@eg@x1s^b)9In`*@FRBc64%I(|>Qk-Sz1ooL%i<1n6rP8FAc_Ww zV)KnCYHU&TF^cDi0#itW!!^h!bD}-m8B=iwLJqDaOO9YWQ1)b3RZ9wA)uG<{%Dp zhOERHO^hJ%%t}1e#AhT%Hksl+uf>2Q5-UK&g0SF)V01GnRf1!JX)UDG3(g2$0@eTZ zy+Q^LNp&)yay~#^=y_n=Qz>SF$vx-+C7(($VI+y`^rL zJM}~B#lE&9shd>K5!Z1?T;IYFx0Q)35gZph5q#EW=31>@7H;5xwaiK!)WkLtC#}Ra zP3$4@%t~}@kW3#Uv8vtF8K#L7B#v2$8JajpqCax6G6=+r51NN`5b zt&5aI!6qOY4h(@K8YLeK8zomgn{2~fe;hKmU?ivqGwF?na%LmsF-$EnKvp@mjqs7X zfv_8>voY_p)M$2N&Ku1UXlRo;Z4^)Gq%lg*jo~wwqk+*RMvs$NCg?iB=j3U@8RAR9 zV!^>VMvIysF*l(y*Y|Ht&{CN)9fJ8*>Ks+iK>(S%M2uP^9-lykc>8H>)^EJK84a`^ z{0}zEw7__?sWsG{`c6HF zv7Y}!@6oAcNS~*K0Il0&k6LVV0(q^N6DVm#mySczu2#{gCv!t7ob4rM0%=-6E8b>w z8~R(CCCe(<)Mmcc5elt{(4Gj%FuA2whRFl12z2tM#sI-cAh)KdjaGCLWYW+d+AZdc zhqIY~s*hSzMPx}Z-;YXqfix=xGE*W4&xcZM%G-1nbx?3hnD_lDG9N(P5IhtN3?k)~ z;Iv?6Fe%>Q#2BEG??1F%mxkzee*Y2N$B`v0m1MEVPP=Qq%o^Ga(_^5$IK_w@fhC=P zkahbztc7Gvi-6W2Vyib?D0HxRVFcHO+Rd$73Ry_+)oJ+0=INX5Uc7{FzR)|(()u`k z0f*gRJ-|FgQ@^T z{EhB5?yGn*Oh}MqsSYaYHt@D873yIuM{d`cUsY#q8lDmC$E= z{_x>f>SZ5lX3Wy|L%_eAtdWBA-OQ{nR9PPa+ z2h!T_XY?q3d-pQ6bne5gp(P6zo(Z% zJ?#arGZ?|(tk?v-J8eyo>)8y^VL^E5&Pe$V7<8Vbf;mOjfdJqV(R-D+Bj~%v=jYoL z!z$E(!NJ}=^?VL8={rai_ic7kL-P(ft9OZs2MGD-eYM1Zm_w2-kBL5>{{%&!;Tkci z!2$-2_iulKqabwrUHxWQrWv-*ux^IQiM*~sT}ccK8eENQ9hR!o5#?_NJjgad7cV}C z0(Eh{G^JdJ$o`D%DZ)}D*yQz3*wr2|3~PtwF>DxxPfRQtGH(C!z0W?qc@uuk7FlVi zI*{O;1uWvD!(~`obW*zNN_b@9rJZuh|l~~RQjYy&qD-!*wppQ3g zjs7AUpQJ-TLXR_u)kN6FNkKj}_H2ZlLx2;1fKr`wo95bk%F#h$I?|vxH z36n59{3>khT38yx(inzx(^K2!RUi&YOyXVnEtu~rY*NP?Gs$=x8E*+B(KHE;3a*JR znptnMw+eeZ+0TW=Z<0dK1#^J9BmX=7eY(U@VfyG~JW zm|!XpU%ylebyJ4QnMOJz*RP1fAQqCCPU2hAIa0pUQYg!(weH$!)(ZCbzLl@DeTFd| zI=`juO){C%r%B$X0cB8yQY1JoxFL8c7_h<6c)?ttR5PnOT4we5W!5&to0*k5)O{A+{wh3k5U0`*E(;4?vzVMyOS9(q&6i91Ae77+k0r+j zW|6;1zWaKo&)vwV*jrA5LbJ11{^=2Dw~`~ zlsVrE51BW^=NVq}-EcT|G#PlD-~4Ra=XLbG^Nik;(f3I7vx0kqAvrWC8K`Y`TF^os z3ltisP@%9ilEw0icR%?AWkF>u(9gq_--mI0t7!8|7trQGZq~&ttlg%%K~d+!xr@UB z#^_OKjd9OpIT4m1vTT=-#i`WF627R7ie02p>0~LWBufKOH~6njmgYr6HgBj-;eAHl zLE&8zJf?(2YRq4&BY3OeR${4vu3SQHE+LN{+pjUkFa1HreKH1JV}zf`KgbDxuuJA! znO)LpSzcmVa%f*7G@y$rST8t0ol+$PEo=6OWwIBNeNkABgyrrXq?U*N;XR2Lnx8Mr zG61Hi=-c57)v_!f*!(hnangPgYOrrfmK6?{VST|g<35?jSMoKk#>AYwI$UA$muUg| zPIBNUdPQ5&v0~17_mQU$Jm@K}FrzS=f6tyasM-~2BIUV>Y!zU@_+pj#Y@L_}ga{2< zU6EvNlQDIJfopnz9Ts7Zm_bNsvavyy7noh9pGgYr4b46XNl|xq)gR5q* zYJ3&?19qu@Y>!yt`9G09(WYG24BL!{_nPq(YZQ9x1E)X&*C5#nZmggQI(b17H*O-k zbtL&~Iuc27DcR$}g6t7SY)@J<{?Ah^Z@_H=c8qVrR$NI02OMg7jl1hGjM%5pi3kOF zQ#3`eC>$~UF zb5I+%y6A!7?mDJl^cFbt=Jn%sSh9+Eu^t;i%#Zk=s6V~n%|(3RMk3;G)$AMR{9~28X?&x7cAad3U=Ev0H_;-n2ybjcSDEO-#waVV z{e9)Ib;Z48<=!KASPYZ1F1QrS=j~_2o#({Fc(F^qn`r28rm<^6#L+*vtJyN(RK(gG z_ArZ)Pfc4gjoPsV<_j>R8<#*mBC)j_LNdncwhmzauX}f9Wxdz|5nGZ8MKf8BJXZUayP@P%=q4PGMXn zsl@y=8Y^iI+d(~|CvOsVz_#>)3@@mWNtY@$C9?+3f!cF=y2;vnjTO5Zh1Xtc{32OHQ6C_z!)C&mfB0_uTazPT7vdW6Zm{R_SmIpFwMc_QIYR38=8icqiMoZ!Bo z+W}RE1C_;0@$wOlKAj)K^t9__hhvZ!LYt zhGm;!$qcJ`BMei=IuP@mr>4#WW&Valxm z(jO{5@Ez}rqw8P4>0sCOi+acT1_pPeotU2j z_irITmps0O{J@Ff4WukW!?#~%&clyg^2w`#o~oEkGkcopRbeYURk#(04}orYgG0z~ z;7AOgGMtTlmPkG2LGtr}BEjU>H?aTX%Qyqx!cM$EI{8MalWEBVcY3`iWCHJ!(PVL{ z9HN{fJ$eHzC(9eN>F>)e7D`@k`Mlm$Sh(|k=(Q;jwIm1);0p9Dlta`#d?N?40Q=)v z2qUJM)R}00t4?LX7!u?a>r*OwtIUNNl<@98=>-;mwxFk8t()t+nEZ<6m~bK2w_I0* zd`qu1*@!iKD+CShhM`^xM~#U<-57~^?Or?0@VZ|89G;BkeH8f0dJqJyjsg>vKUW*% zt_~2Bmc!gt@my_;yE*}8IKo8bM9fHPG{#zygqpM)bzcsu|8YzQHq&8u6}}w z^x1P6ssYEt#CDLjpx26P-0K$VkvphWk5Sh@MLqT$Bdg6{m4^zwJHB7>*6)o|E6%@0 z%c2_8Rc}x?>HC1b;Cj^^*N=Fhp6B|I>t#=LxeqGY&z3HFsU!Nrr6Rl!ro>yNj~hul zd`usdgqu1umP(I(_-Jvgugb3;Hu$Rj`VNNEZnmE~w(p>U08*8o%5O)l_lN$L6c?b5 z#!u!J2B_1eX8|fif}dT1$<=`>^!{K=;a6X!sz82JeG#ZG>E`&Av@b~QJAT{{jFMj- z=fX{X8D7uorQ)pZBZ0X8z;`j8ctMi^FX*`AGaOTYnK5nZO!x$0ZJzOd*X}?S?t8!^ zH{vUJ2LhqOYOv7o%5-?Cx3}8gX+Ym`eVyQuD2NsY6|fNJz16WpX#I*egedmL%G%+B z;igJYz13-OHN!uvw+(ZH4_SEosQAWeNC_C7(Ege~W@JkMYF036#B$WNT=TeY2owyv8v6#FXkM8qHQeJnv`tz^NlR6tljH>t?P-P+@+V%x`e>ooIfV zo0M>^;_9^mYY&F0{Z-yj4qA$!zgH?ur1;BGT4aW9yb(j7mu=pX98{g0$|UX zEiDfKzql|=?g-ZkP-wt#QV&q)@dp0@TM3?3aBq-~1^g!uQa(lyAI`UH1O|mY3T|p( z!s6?r6=-kPoJAK;bLlSk<@_Ukbvv0@Y$MMs|T4R&otK--m&LRK-2c zV?1jvpdKwoeZ@8D2E?fuEA0tZ`$H>JN5OXi;kkX|3KhPA5f}!ockIyq@CvHYQdKl; zj-k@2V0GY_2}Aos=ej?9o*Uc-kL){cJXn_ot0M;whu~oRA__9|>ZXW0YB|Jxv^MS> z9{0Ywala68Z(Lp{?y9 z3SFg6o9Z@uI*gmGf&=Z|)#_Afy+K_BGicoYm=3L-_rk6lR5vMqjf%HmlGdqW)&bZ^ z=hvz50hI;t!5iK^hrPnMo>xe5$h%C#H_z(i8d3_W%{CnTppbmW3kwxHUQ8(Nc&Bj3 zTM5O1n`~Gpd@npa{I8A~K6HSzAESfi!BBPVIH+d0AA_YoP-|F3hS_9zx7M%#4GU@w zJ)mMBMkndGu!Il(t)MtzC@2a#Wq3^3zCvVe&k7aqC|+5|uRkz{H+T*!xq9Bl+(v+k zPvgF&P~KrUejx3RgR@KRl>QCzc(RkW#bZ>LFsk)D_)ZM2d@rpJQ=!4EictBd9r#V2 zc*u^p^|LEX9gov9kB38Hj#7vVJj9W@A=cD}D5nqw7@~+m1cYN6_v?gkk~TmPx=*wr zoTmcy5Ux7$hevN4Xj|k> z!&5#VUpM9K1fFt10!9^uQJv($uW^0ERe#Tv@(qfrGzQHR(0m1WLVt(rHm=#V=Ap47 z<)~ORUyJ62+~f|Lh{q?k#lm$PK0blH!_YX`8=)H*3*$SuO83iR`Teu=vCz_<^T_d8 zhss#|rmIvP3#TS}5a$hA_}#}0#d6)qbuZUEu2(_vBLk)fHqzo${uIZyI0*WXo4n;F z+_fOCPUh0$dFC!d#@67f$lQZCp1CRvAO8R=3NsfH&odVp|1NX!@nDex7SK`QdW7p) zt~a%zTg`0=)ajOO%R!TfI;KI6E3T`39q?;m31;#x{_xu z5*C+nRb+0%N}jp2l@LA`LyG5rR`Sf{uY8xeLbN!~Q@F*olB>P~(_GFq0km$-d94ze z3s?m~H*%9qZUP?~g%{XKYgef-DJUdSl{9$9I0Gn^)t+|Y^UmsQH*s0$BIT{8Ya?lS z5@a48MJ-vS!k64#q>^>O^XB81OP|7t9y&{sXCfqc8k53tUa*Z>EruX&)yConvB2#g z47CG17sB#Q1P!K7hgq!P z=jIBp_nYCytn^~XCtJWfj-Z`4aP!hP=f;cf);YU4+>jZI=_}@>@nr@w!nKB^hqF^KMz7( z5e()E%u<8)5eI!5xUC4KGOVKw&8xlwt3GNuntOzxISu>ZT(9HnR9qCS6BWtF<#N#8 zKMd{9aDBryAsSt_fkMSVt@1kpHIOC@rTAkzjE+GA?^x8hI5flU3-3Tlgn^I?iO>wG z{thQ%YM(ptUaNFE5%xX)8KpCr@YRIA;tjWVk?tm7hQ%IS$%8pc)rl(JK$YHLq9rRa zxwl+nSMi{{g-2rOnpNl-WIzpEgEW&vhr)16;k=qkE*#BwY7O zL4C$`a~iH+;~Jcf>seecY{T^vS*Wo`QEwHX#+-)aEpg*`ZotH)xDBEWzutfi6Ru*D zRk$8ah7NrAM(B9VpFRVw*0*lL77X75*`$hlj_~1yRCSc=jCo_n!UxdP)$!wo4#(XL z-Y~yddXf&s$vX{|KsP8OHh@DBrVOXK4IAJvBAwU>-+?yWDTrWcqn+kTIhf@0Gg!jNvycuLN}0)~(H*+Yb~6Qz zAn?pQ4dzL{8&!VWm=A;;fehiNIGv>YWEI|&Lt$Q}fHSS%Nmg;TCQP%H9;HBftIuJH z;8IiaftbN)J`5z$XHin2nL!>lr@WVk^7rx(T$^l8N}Xig(V3FHno^tWQ%v?~Ar`an zJgV;n)Yu}_=a*0)UPWDb4K?mM>M>9W2Erk_Meyx#*rsz`;WhCa;YK}t{$&$XBEA8H zGM<_WDdZGmxbr0tPV=sYBGDAndRYpd*h09|@>J;1{pU7# zTq-qADJj*I(=tprz6|3|;kt`!HrJC}FLK>djw$m-emoU-47fd<22FH6v~d`dk4#hf z3l0}Z@oDNWa~8SbK>eCDtUG**;f6F7E^y)gos^b_I}KDYK9wkH9A46}Ee*190g{0E z2wZ*d;`(Z?ySV0q)+XnbZb~j7y*9Z}Z0|g|sB}|u3F-g4}xdz|ECRTQ|B!+G zzZ*M#gtTru>=XPV?cQb;zqoT|J494j8^y|uI#H~`C`vGjz-{lMNU4n?J%dM4gi(09 zn{rW7CkiJi5#y-AI5OVF;UsM~MFQ`#;jzGEY;fWiDM4Gr(KKue_WhHw?;ioN!*QMK zPOe8WJ#N02%nx$&bTlvGCgo@%e>bk*r~yAoSGK4_`+qlZoV05zxg3(Jf3V&yGP#A4C8NvMO zZE(ico9eb~o5=jbZJ2o@<|YwBL&uS84%Z79AJ2UBc45A9JDTU9c^Nl(!8O1OgT{jj z^BgkIJl6fFr*_BXP2X;b4=ij;cKmX;eRXUuk8IA#XF_<%<(AV*l zCr?zVL4UZ7#=9=7_Q3Vau`KAX`0c|h7nd3E{+wAeT%_mw_~reH{pwgL_#liOOW}vH zuLhGK?jBJG&XdA&Ocyunj@CZrdG;vW)|v~il!p#aN-pF_dXc9N<+mpL&T|=C=cOe$ zTk@{2W|UOntAS6(`fEnREse$V7q~!~#hq6EvOTbh3e*hXGb?7e48XS=fKz&)rmwUo z5N;;TmyYblYZ|(*+JDyk+0ffU8>1h1^E+%jBB^XQ+#sJ_v*@<>8B)G@NT9D1U-3bq`#qO0h;b!|_{qHG53A^dygc>I~YV2An_gyi3ODrn0(Gw2Ovu033V7f1b9iD5^DV781BWc!DAesg3_0R2 zcdFS3rO3uo;8cJc=sXWT(2f%uVMf5yYzX$Qtv$=anmmO;-tsyQ_Q(3p2Zf7am|L?R z+9pN|-&sClnoM)?DD30>{&Chmx@&xBA58W?0Zj|3=!qpMTkjZ-fK;`6Uc*GDr49 zJh5RI&jqe~Bd`e2SHHd=i@5KA3KQ2dj=?~7|NqfwrL_m(iXr&`RIKT3KiFJEla_pq z&~u@N0v|-nhlJ9jc*$VwVAlb>x(_yjgF4r4eUxGr{8Ve33OFayS0XoXA zgKFR`C9#l5!U)O%i>e)HaUc^drb{V!&f`Z-ekPLAPeFy@>;X887UZZ?UE$IWE(Bfb zoXzo6l!vDx5#m9P`krT@Kfd^YW(Y>VJC&|HDh}OvlREe`w(sqDD%!joGxT;3YDN~6 z2aXE3CrdkyLUykmLHE@;b=*&)d%`hv_s+v&;HL`USX2(X#!B3W;PKC+{8so1Bup+a zSEZA&6pef0lam~g{TGRQI8d&R&tHMh;h>yTFT8;7Yvmi!GTW3nI7kJRrr#% zKV&~2%;1vyG8!)!TD!-?*Sd365m?GU0ij@@HO+Fu@vv3L_#h`g%OxIzEZu<^UQzt}IHN~lYp2-UJf@mv1C<|BXa9G8Pyn7~PnBWt(z}=${$^kQ zP1oHL~h$KPdR*9lYq=l%)YI%jYr<5}+XaTP0AOby~E7%3XhFMIDnI^raYug`dU zT%8MNYFP6Y-2rLk2^GE=0f$huUR{BCOX0eW>x#$dvZfMqi}UVWq%9DD&pbPZA-t;4 z|18%VT#r9P7yWY#A-ZmNAgi!J_=)Qc1_}UA7@DiW9fKy(d12LL==+2FGf&j>e*K|- zX}{T?_b!G#d8*5Nn8}QtLL-K%3PAgcKva())Qsg2R{jHKV9bMe65(jcgFHBR!7~JO z29l1Rfq>7z3?^lTqVaSo_N4kh&w#i+0%2c)FHiA#cxfk9-tO0*hQo|FHC#Oj{S`i& zXNJpnFhNPWeO85Kon{7ctP9Xc^>~ME?J2QYdA|oYMDi*1H+b|J_d7Ucr{&k~mazrU zMH175Ru|yLUW>cpCCDy}T8d1=VG1US8Bd{aGWz?q#P7bS-XgA2fOT^vS&!F&r~Ist_{i{X6ZF|CcOQ4bqX zJ=dUaO2Hs?kA}4k>v#biLg}E0u_t7pDINA;R0?XSszBw(!`d+6uodAYRxt4I4r{)6 z;c{j>rn7E8YWxA7@p>$%QaqF}n~N`k&xj2yJ1p6jZ1}hv-Ei zgu9F(_;Xxq!5Z!tl%lKuOP&Y}8N#Qx3t_MnK5hjAg;nSmhknY88NW%F3*k1HbfZw^ z9|eAZp24p$8&O<0aV_S0>@~Wd;ab7fuLh#g!n~pA3+jlmgPn$sz!A1_@R{d}s_9Ke z@LJ}pFuoO9tcuw$;;A|*{H8i#;FzIYYTyd0h)2n%be_AUy1?_{ z{DuUiBjsMEOIzH>&RwRrF}=$nd_$363fJ5h+spF-wt`)_4?!E}?+VT>!V5tsIFs_K zjJ>Fex5nUcDejUgZZsxc5-kaD)NQ>4m7RrEXl9Bd{NjJ&SY0;`gDH;GI&oxP!ZJzw zF{)z_73_Unjc*`Ye7ib)Qsts3{&R>7bH=N;OcckPiW7LB&lOs6A4|0bN`=SP`O;&a z9ceknejH;I&VH9Lmr?{eZ+VM}?%|rt^$gc6{Qz*!;hN!&>wCDK0mV7lr!K*0(WOhU zM_h(jZg9VQ+)wndt1j^#_6yifFn{3`8pU{EP`nz5yv#e=@t5IaQp%%bBr=}1|7 zQ&c*0$8;A)D!Rj4%F~CUrM!B`tJeJyR&733t++QRo(w3uqQdva#QMuCkgJ2%-eD%F_>N;fl(sdY} zfmbL`g@+owis6V2H!|?1%-I{XH(b8~nXcj4HASCsy-xI5|BXJkHu`fI{i8b32h@rF zqAB{@H~7x+98(GK#kz~;>h6c@fn1+*eap4nA8QuhpIi zZz)%Ko$uo<1?K(Fb8(ZZi=nSBMPtgBd1~;`9rsvq13fmQ$Dtt1#vFK2k(6=++9wR8 z9YyyO@7xcP`$=vej77-fdU!dmpX7R*>l3cmLeRa8>zPo9A9h^d64-IWOW^9T1Y*Ae zu5h`*{lt!&TEchSt zj{B+vcU

V0@7qlycRFVZh~}@OrY^quYMbiciumcvkF!7a!s-cnrHS0pS=dJ_>{3 zX}Id9Xzwp>Vn+g|o8IKR2YfwPY^e=*Al;n_80f}o2xR6a8E-*1;}_Gr&^>R%ppyUX zckR9Kwu+C>;1?zIcd!|XFEt?h+<`7Rj#Vsx*RJ1!;aU7v1h~J1Ab3Y#?9f4A#Xl4b zAGqgz*P2_9hY|zkp=u54fwjDf7QkysQ*Wy<`}H?yZ7>LiXCo(<*)wN@M;>N8ejON! zXPK8u$8N)gm6U%Q`WBaOgJ)DC#uc$1^%*F%p{a0{^#sZ?dk#FeBXY9_Ya+~aiGw^pkl;T+v_{f zXA?7LB#%-!BjXXzuN1R<6z#(bP$P>W6yJ@umhww4DYH~;%l)Nr3sbzXDjP%j-a&i! zQq&7vJ<4!Bq#QNx9_p?8s23lg=08GRUV*v7M^xc$IY~ z?~a-`?m`t#6_Zg)@4{>V8rsG_Fn_WAgS(IiarjLu=c9nozzlaG@hVJE!HbUhFs%Fs z+yjvAl;eE?H)+@1|3k~Ui~+Aag@7`A;^GZP2t&*;u^Lms=aXTKeCBNErpDb>O?$y% z40GfehT$WrTki6@*oV%?tFh?UUZ9?SiF)r9uZ$Yh=7YMOP3a&WHE#G0gr`NK@59Wrx)HtP5#6p6 z(TO?{J^XJ(M=_#G9#QIjSoQS7+(mF*4=NtlPJ&JqyzL4NvT7aoa>t|SSj_EfxUTWX zP~S_J?&Iv{>lpujf6Qpe1E}Wj;j#kV@1lD?cTdEwOEH9kTUT5?0!-Od# zYaO?7#{=lN4;YWd-jJ z=pW-*s}RpxX%H#253c!K?{Iw%D#B(w7GZZj=3%pV*vlB!Zv}>p<+_pUL9S;&McDfk zwo-(x=3#GO*qhw)30Lnhj3)t9()6D?2X4M)RjL!Duqrr|ov7l+N7JO4nIomwRbu{= z>tguCJwC4Q@dP?Si=>B@*inQ&AOF_QlS;Lp^s-W2BI&E(Qqc$EnuCK_+%u>Osxv+c zQ(Y5_x;`GY$bee54)ty#(foINxzs-Z!oIA}NNnetBRs|;?oU{aa6gORNJi&ZG0JuQjgjxtHYA*SSsP*(G z;taI?3DyIA$`(VUqV4)L)M8K^##!owQ=X*4Cvelt1eejcY&V+S*@J300DC~ckdZ-Ba;cXw6e~ysHb2s(C)68+`uH@Qk@=E`03j88xQ7r?6elJjMJtI>G(1 zSy1IT>~Zg@$nxW-5c|zjm@hh4-hPVnV&S#i;ISbea}rR18qRe;*T<*P9`1MVHVO+&zr1hmXL-W>0g08_}j-f5|g-06YU}!m?+OxG@RME4Ugq z;CgW;YQb()Ll*ZHdKIEHca*Z8tDj4Uo~vI-xzE)u(y8ZaSLxhywVQP5x%#D4{9NrW z-Fc2NU&FA*J6s=fea7_-SD%sSyPRtj*Hx$$T#X0#y5A^p(d#FoC0D&Wu4iy94#M?< z6{vo1t^?faXc93%SkV*#h5q;{R_x_=I$wA?Y9@T z`U-0DHPnpjsAa{dp*K-;Z=o9Qpl04j^?Qh#@fx+P2G#f$wOa2~H&uA^{EIrtKF4G; z+?~L%zza3T7tL!w5QxKxi7(Yf)8O?rFrbXM^Cbi+^G9Q2AgUo4wP-nNXb5+SMm5Ir z^?1~b1k}t`7�Dzf@tWX2>h-Zq!zX|EoIr+VTn#so>`CEH>4(*o78G14bLV7PWXC zYHpY_XhAq?Mg*!c616%CRUd=u7l)b|k7`UnEm+CjS8*4v)m$@Ha~A`uVGXK&tuvfu z_;Z%Um;TAYdtfp@h>)4ySXpdYOWc3(4~y4VK1&1aShGF^<1v{eYl>< zwSsH%esn1Yg}%vnm{bRc*|<0AICw|@Pq@`f-oVC!W$GK1T&}!<4G?nxgB5V~Gvd0D zYc7ZVNql&*Rl1}P1`2JFO|D#?r6&g3($I5lrxJu95HPfZF z9vXQ1jnCVdBR%oZ%$8nyXyE(>b24GP1s}+~hp(`!#U{G>9gT&4G^w~+d?g6dEh(4-K2w_8knd%9qQ!})(bo`02M6VhF2G=@VX}H zp@#-ew($Ifv<{R1gP+yXyfm}$V}#ob) zN-I4zkns>SFRnuK+$TKyPf^Rb8lH2PYVN|d;3cjXze25ejjDgcRX-KhGr1bvaox|8 zyLh37`l9A?H3Z;#5m#d%uIqzQi@D}5$MuX5)R@qzn0>hTIstWsy$N3=#a@69xSXO)~ zuH@^dfxAv{LlfYIX7o)d7>|F2epg~j#coWs|1OsL~MJ;}g!G}ueFjuhd znfP=7>?U~o9s=e2!*Pvn;E!5Br|JtlQ`Hzp@=J^Z?xB_YYX*KN-Nc~d7EGPz26vbC_obSrn?hMKV*(|p&j@eJ1RJMp|D=#RaIGO&O`?L@l; zi}C7ahLjR4jx7ArsS>R+vUr?{)4{gjI9GQUST}f}Ry>;l`UDgX%W$NT?gVR=@Rj=* zxSD(GpQDi<*HBPN(toy!S#DIrS+cx~>FC!?SHDpU-FTY@TAi+GOK;}XV7;8q%xznT zGD~Yq=Wlw>7(cdK*Y9K5;8^xuIxA;`CpC0PP?qU*d90iE8-La}M(Lvcqh~Zrm$Nmq zX0~i&*dmVO?HdjsrQ*b z3zDBIPuYGJ!+IT1T6Ya$A>eDhy)f2IkGWuaLW0c56Cq z@*F=lwC})Qy&$ixvgQ4s*zAKGG(64H%@XB&R`5lePdYXovq#lB8=0TQNmi;nQ#@?) ztn|t*vq)91RGTHpsfwZA4*A=wZ6iO7lB49~7Edhn4tB3(gVmB4)u{bH{A}vD+r+YU zOsCa0{P^RKTYQ{ue%`D>&kChNHL_x*LStl(p&Eml@lCO8P>SVNtyeQgz3kYhRVzJn z*4LXEYpb^}mNP7h&5CU*Z1rlNKF-druAwZH6~kYs94Z%Ui&=$SY_GQowKdwihU)t0 zKQy*6GNV?{j2e9_W1Hfx2CL$F#q|uc4X8HDy z8a-;%;KPqw80DQxgp#UkX35ZCF0cdgRXJKtlEXAdnXfu!FRUDt1LQSkUS>ztRP`$B zH_Xv7klm51)PriIx`uwGk{xEoX<=Bg>ca z$UEjnt0ap{O<$|I<`c*0cCb#shOQGu+iV zzq+%F%q>MuhNLc7T$J}}E7=;h!u+MiZNR_*y`tIB0R#P55p$QXtH;&L%5Ns|HJ>m0m8kDVASokD3`+E4>O^6>yhTidiUg z?4vg;&=`~en;eba-XQCBPysRoU`A$8Dip_JSyelZ@7d45o~wT!m*dn0GkXnyXZJ6$ ztXv{fxSJP4eFZ01`WFfZFV=C+1J7%AGWQwai`BMEIzQduvn(mcIUst>df}T zhmWzC^z+Y7@SE*21%7VLoI1AG_36^(j~pdhwqCAw@A!pF^W(}1*^^aisy|kk~8TeR9 zfy~`uKTHTw+1~W~Z3DdHtC-K1!GpDNkwMq)C?Mh@Dnj!(Oo^ z^~2R9rM~s}iPmk$54W{0tv}IPFF#@1%_i?+Bf^=19bitu@(MG9k_iW-qWa!!lAcY{ zwR|pb&?GfX)OFe*ySLuYj7qkAgso>^4*Q|)+YeUTR_gp%Q|pNn!x)<0srS0UIbEk! za>8fx!sLI!C`m4XmQ-E;j9jKXQ1TrQvy`Syt=nE_*O?a+fxOhJhN+gFGL>A*G>gre zt+wmTiZT8j4Ik+Ib;BR90C|3ANWzz$RJ*2|SDEFTt<|L0^R4$U{B*m`gFiG_Oz6Iw zbs4XR8klBedMFJl{=pt^RN=o;tQw&y7K2AI)634zeVh$u#nyUDXZY#OjMmv&-6ON7 zW+mqP%%ik60~3`fc1mmYP|>x}ejhJ8wzjtRRpQlB^KWD2e7WngIC&pSRouNA^BD7Ft?o1USz0y>GOr(CmH-(aUUw@uZaj1^lzQ$6+rde!zP0^LjrB?0MC*lz z*+a8mzJDT*Ji?A>HnUOQZ1SQ6HZqglR!=L*$`y8$g_@U`4PMmJ27Zlt%?Z?`v9e?{W~ zO~HPmb*DY-7uzb?dYwGcI!H5RP{Sk!SIpOy9B2Z3^SAhRHLKtM5ldmMzv#RP&cj+O z3wx~=OQkz*aYlRBV&pW35H@VYYt|JV^O*-5ny=c}yXwl6b;>ZC4|FXiTb)uKGOWRt zdQFVn_1AAMFuMqg*YXbeoBI3ZV=`pr#|9sNw9MAJ-0r*9pZ*ce`fO0$+?6LvlB{QQ z=FHh__K(h#6Uc`y*L+&n9g4XwL5^lIa*TY5tyaQVpRQIfp{rtH^@iC`xgh(n63C1P z8_;F+W7fs(N1fK(+`Owho1DRHoTqgDptYS{_a0C|_ICEr+0bfrRyy5}KL)WNc1t-b zm#R}g7`2!ExrW`ZH!P2BRIRLTC{sqxa=apUXknqXx3`BrQ4*XaR>~(>FiTRV_57f5 zFT0uFHqzSs-z>p;vfXFS4M+a(R_4_D&DqNQ;Rv=>9{TmvKcOZYv@A34@$)HWZk}W_ zRcp3|S-M${?fshh$^F_oCa`}-_v|_+l&xf1OG{BW%S%ulXIVZQ-mHpsKEdkOA2O+f zMd$kMAF~fySXc3+>;v=~$C6~$VN`0iWX;J-atyM1O~jBmEvvZrof-^PuXwzmF2=c62u+j+?6 z>m6hhK8Rzn^6eH;Y+5;s*622ywQbm0#4NJHkkiB8!VY_=%+^ZO4BaU zd`{2rns~q|d>%J>ml8zHJG^ywo|82Xq!JQ`DaNI8yXIMpOb7%Kdp^6 zh$YC4CpC6xa!J0(zOxBecgo{i_WY<+v1}8-wz3anl{Kt`?blMi}J(QzeSX;j1X zN+Ye-)>fzM@bjnL&d8rPX%s8J(AYIOFN<#Zr+IR(Sb4eZlp@D-r}jQ_Je17|y@Qwl z7hy{}=9c{1Avr^y_q~UlE&FKxzh=Hsz6JZzpL#e@9#h}QrEui)XOq@38=C>`JGX~_m`)Q@R{L(I()3v_d$T?A z_p4cyJRMDHOJiwise_hZ`yV}l`9E0Hy4SUV^~3TP+42`f$_}MXo7TQ^^G*wA+1+D} z25ZL;hQDFsM|U%~av9QLScgs>2M*Civ41~LmpgZN(5x}eo>@I(<`!1AxRb%j*}~kSo7P@uV~PLn!@2ytvTRJ_5O!I% zddx;y|T?B)itG?V|UR94AuHO%b{9JZS}e6&;-q1cuxHLOL8 zfA-kbG&ZvS{o~l}`l~Jzl{{qyTVr7rCI_;k%9N#FXgA3LO1|8GXr^law{^Ab z$8t5Wk}2bH-g+%-eTDtuGFRKPP_BXFWr93ET6Tdfu41XI`PeC=^EF)#t1Drnd$XCb z_2ziP@+|z{0Xx7SHO%F@*)BC!+-+U2$g{6-?94u5mc)-n*Arw}Xv%MDb)lFItFyvwJl&xpT|UxNc%?KA$|VhrO

mp0*2zJKOx_~)WvJ9n& z8RcljUtXnIwpR63qm-3ws7rUN8r6#}sbIZYo>r}5*N!$9z31jJY*hQ(F*B`2UaJBxuv7X4iY2?Ip-;t1j1BDf`iO zLZUoyxc2Wh_8oM(2DT?2w#^ zM&`0cwry{(b)9lh&QN~2%0`CBMQj}AHASi2V!meHYJGIu#%6rka=EItvdUnqRbRPU zhK;68QES-ZOtyg?ulL6Kl)4p4b<{jhlfV*~^T!{53qMrT|JI{hfAh^d5bLecq4j7~ zaxew!YBI%TH0!uW?b4-7tlT9QI`&;$O`dPmb8voN4=3X=whz<_+J;rQVq^7_%_>XZ zdgqicgOr_cR!h?EVevF(vt%V4OS{hXmK_`%8td$0ncW5Ov4cjxlg(<`H#mRnzlFsBM~(%eqAfaYpjYi4h?*nPrd7`wVj=n74(;y zz!3-ek`2(dbVx*@rTWuH^0MrU10rJ zLqEOa&xhqa*6y%uwMNcXA{D)g=MHN)ZVzhH=Ic&&pSMMUAn*U$atF}1@BIxY4|MO3 zeq!;F(Y!$-Ty}Qo)4kQOP{np=cMGlg_!fywcUiftY?Ej7T((@RJFB$$N}J9yS=W7P z4%0Sj)BWSFpW17!tu3tkHp`G(>a2a4tA&LZYt+hd@~5@~^Z9Z2rzGV(oJO-)jIte$ z6D|)}25Zv9X~@u)EgOC?WJtqNqlVxPo5;es`JzA;$ZQuj^J6{YSzCL{QGT+oQh&1? zssuA%Wz;@dJG@P^S+f%4af!+=M)fdDXC=zWA(?C~w4j-G+Li3763ALEz9}!g$CeZ` z+cdbe3NUl?fs0(;-xr%kXp4=k@8EGieD0Jb$Ew-tc4a4P{Z>>6%zm_QTfb$Oc8wa~zN-Tsf+zjvSX!(aX|`m%)$wVyV&dvE*h zzfbGd=dbOofBSLcVEf#F-E!dPogA*%wQgt;$-X{o-urWJi(PCJZ0q@-u4fH!v+{#+ zzTDtjooBsa;qqO%2(GPpwrbBwrcD0tmW`J-YnCAYbXEyq?XqACo@9kExVxDRXm3B( zM{(^9`yuP($IU9_rV+idkQfQ_S|W5$Tp&l|(sM z-Ll0&qIeE9XfRIWsYX2)$n>TaBABEonp63 z$_cgw#uRc`qPEIxhq_PQ4_&_va3J$#xPvuqI&4^ic>wF$p-`0d{b>I$xtTb8Ku^pR zu#U@FW|zsFjj*A{tdrNWF4{(O=OtSWZS2Q9SrczI$5$Ep*($ZM%e+W-Sk^6R-ozz@ zE%S#KV=>59&mPGOb}OAbciyAiU{B0XY0K4I7N>OWYPFiR7%=Gb#mm_jVeEq=@^iWK zKb`*xm94cNtXaG~(wjlg11?;DYzK#F_|@k>JNx<$4$Yc{sBmR-l@0MwCfw9mx$S`7 zoGIh~AC~--*4X0f<*eTk<|SW|8?R&|KkR)A#>ZWL+ROU6xO5zcotz21GgvsAJGAwr zrNNBX5O!4QNQ-NpurcsVWM}7~XLg?Km;%EUyIJ2ct_83i(=Gbe$mQ}Q=Bo*Z!MYdh z(@(oLT*sV7v@g^8!!_TyTdG#;FesEwA7x!Gf2l1t%YlJ@94sC2kA1p4D33Xqe|(#j zt6%^8b?;s->(p4*C)xb5*-rJe#ga0{yHd-R!!`Z*ZOmnz`9(I_$NZ_~xbAn^q%F*G zeq$K#my?xDrN3P#J2#7l-DX>~aOkSj{i>a5VXgfY{v2$y9jP?d>GDjA9&o`A-lo5q z7K^ou!3g=C;omEicr$l4Gn_fPvlVRk&wu?pEm*dIcpkEGZaQ7V2M!_fYjdA^HRj*> z!8pJ<_UD8S!EB!#!xlYb-%j}T3Y#}+_H1wHLAb@i=_wQrB^e5A^KjOTpUxWNsROs- zyOsY};s(#5C*Y%aLFZ&I9LzmflIqU13x*5|U|%PhC(4V4Y8UQNUzqJuf)yWmz;ufa z+t@DU`)6=5*w(UPr#{wGI$Ez_E9GX6%D{~J1!j6?3j<}Y8M3S13`VhK+YC6M7AqNY zt5&wQqd{7Y?$gJyk1GzAg|a^IbLE1g`Y^7}`0)OJS8Q9^_HlHCfpCfctUi?_TS=8Z zfjfq{G}3Zbwk-7k9$p|zdRWGs7t4eaS?U99RWAHzHB`9W&rQTq?W9QfNx|)oiqs62 zMcssZ*&LPI75t@g_ZSbs&TGW72fQK!)ANhc@O+$GtC2nd&fKh#+QM@9PO+@mE0!5P z^`utdZXQvO+hsJi;Nh}A6w79FEV#d`kA>s{cK5Rd56`oZx&kk;)pGkD4YWMn(Sx-- zU&%|va#oO5`V7+z)k==A%!?4qh&ZuquujY4-JYW5>3p_L%i~p#Xr)B3cet*VhQQMG zk+6$+p_Q_M2Mo8A9AG(QxurA!man5MMgEUl^6;sr#j@>n;qF*Y>}bXF=Ql(w%O+ci zc%}=^inHSJj9zQS%N3JsB{hKf+rAe5t!l_l((!mQ%*4{%TF1l1G!=Zmg<$huI_YoB z=QJIU=iGE1PjB?!VwoJIla_$LU#O0kf5|Grb9z|w^p|XcB~zt2w*@aWv*FwEH7!Ti z6I`GZOD`L-oYPP&mkhGu^>6!&4NrHwrwvc1&psO-f2L8m&pIKv*%=$2&%aB=(&a;2 z9u--BG8V<=NKfG zb7*Ox<-%a$evX!1mkW-drAvrl11*bb*(#L6(Xzn`!J}yzLCerE;od4-EK_Oe8X?#< zQY@t?u?(W+=xD*CW5lwUmUChSJI0A+t9Y^ek(NQUj2OctYbHq%blliLyqb6~aT;+U zv3q-dn33)h?<9UpTtjRzR>berQP_V#97g;pv3)1u--FoBQSdn8#4dv85?gl_yp-6g zyI?=!Da4V)$;8RTPkIRZ-Na5k1s^B=sF&a?#M<71?-A>XUlGH1-1x8II8ojV;?Bf- zhzAg76OSeC-A{yfBJMs^@IqoQVt?Ya5yC%_7^c z{+8oK{#z2aCjN}LJMo{+!hQsCkEw#E6BiKAA@1~x@LxjQo7jVRC2IHidpCJw>uIDcN*AcfN-cIaAe1!N0aUt;t z4-x)0aUpRvaSKo3ul-5XhZAvg;zZ&O#MWNI{%hhe;!(t-y@mfIVtrqQ*Y|v4*ZzV7 zfm^_)DIO>|f&2}F1ZSAS4-uS4_O9OvzDoYi!v((}f7|Z`TTc|_G0qphHQA>M|14sC zn&3R*&~(99h$}7%enM<47OeYOl($c%;I_niMdj`1Gn2n6co4Cq75p8s(Mqt3iJJ-j z$7J70a5S;=5W(As`%Dm={~q5q*-sY!Y_iC&GjU@R9}@nK#05tL4<(+{NW;rBnb`QF zU^imDlVDHcPeKH*BW@Hcco*^2Ji!Nur{)VjMQm(n#?!k(+^VVIyC!Zf_yw`_sbHHa zqI^<&!7YgUbP@aoFz&x59!UPXdkFuD#8NN8^NEeb|C+eB@Q)-md@Fc8v3{`N4C3M; zf{y^Vz~cw;Me=VvO87q_?lVTP#);b31i{wCt(FLGW#XlRyAVr%3LZ>sB%VO*{I~G` zh4`?y;AO;*4+{<>UfZx9-yZ9T3yF6Sf7eL(pCm3KzD#_*qws%D+^M_Z`p%+!_2&rw zlKB2Y!9$447YUw7eCrRvvx$FREcj32`NYA*9!rJ4f%ucZ1aBq&n)m?mP~u$TRm4|_ ztBEU!&Hfhg)tf5H)1J5~@iO90#3zXR5?>}BNnB3+GjRc2*W=HXxV^7nFXA4=Q6}~i z{>j9j`3v4n>>MQcDDghxLgIzN!v7BOLE>uSam$6j`7}}9C&Z12w}lA*cEt9ff_oCT zTp@S}u_KIE;BO*vL8RbciKk@>UQF!2Td)VQ_PF3s;#}fY#D00gKZQ8&q~P7eD^3Z{ zA^tL7@KxeD#7~KL64#$D%C9RB_N|FOC;p7s@v89eNj&Pd;DN+_?+YGBe2mzM_!jX3 z;!0v);^7ZO_*mj3;tj;#YRq~4ZYQ2>CinpH(q@8>6PFTSB7V_a_}?d9+(NM8BFdje z+?4n^@mItnTMGNZ#0y&q{*m~6Yr%7fKm1VeV&bM91qTq%?Ibvsc)X+F6ykng2;NS- zVwm7u;&I;zK2Kcpqu@Kl4nGNgL)?zoZiXoDFyfBHpH39^gNV&133eh5BA!be<|_RE zBp$Xvus5;&62alb2mThkhIrmG!KuUsU%^?#hXVv3BVHFMxS04NaW(OWLBhY$FQR;Z z61OJq94-7i6E|BWxF_-YM8QLd9~1vTd~Ln(|CP8bN$?WlA2tZ~B=#YWB90*5MEsC= zAMuc65&i^mvqOS!5s%LiTti%PL2%QVqP!kg1P>%GBA!KTb5;23iF1kLiC+=#A|8EB z*k2?rAg&@_bzS(sA~xO<++dc-kG@oJN8&!^f(H>B?g@4xmMR4QMO^$?aF{84rQl7b z@Wcm9_QXXdd&PnuFCLlfiOu0U7{|LLRrog}b|&sdY$P6S;(EeLo-adb<;<;3S;d>el+iSK?Q*!)+K-xtIV#JxWi{_TlN+6(SO+-#iS zpNNMLFCbn>97Jp&P9n}D-a&kUIEUEENyLAO*w$I_HR1^3hs12E@P9=-l34qjDBl#~ zro`)sKO_Ebnh4*^WKTSdcnTxg zTv6V0aQ_B>O^Ck?5ZsRVAL1UwacRQ853!mqcnI;wn+1<2-myjS4B~n_1TQ3Z%oO}D z@wdbQ#KpvM#DRN+{YK&odj;+wRzYt#` zUPyeGSjrXlFNmiQo6i^JO(bqYyqmZqvC}aTzBln1;t|CCjtl=O#A}G>66@jqApZ2k z+5*9$#LbD<5IYlZA|3u=c#5;-o;660|a)@6MpC|s?UijZ4c7^-Z z_=BP~-J4zV5aW8x2qUH%mIUl5N97W@sd`EtR7iL;5nC%#KOiFkU5u%AKvH_R8o z-#p@N#7l_nR|tPE;wHo)#BGSpP53xJ(5#mu{BE5X#i^N65bHj!I z4dQU(yTp~mRm87h9t{3o5x0mGtS%PypBE+AmROAz+>|(yxE=9c;?Ien5%(g_hWR%5 z8$?_}{5^41yzrk){7-`5S;TfL1-lVqcUMyo~m)x=@M8;Khlg#QlW zuZfMsOJJT5{*DuGBrYU=OI%LeG*Q?;B|euT*nEko-=-S{Hzal@ZcV&~xFc~U@mIw8 z!~=@!Ow{Oj|zT6tUoE(e5t6v3&iz_L$3(`mc$Q<+Y=AJD*U?< zFCgwi> zoru$jdk~*{B>ejlJ5~t(jyRV12jb?Bg})2&*h;~_6W6a2{1379Gr|7EU5O)!e|#zY z4aC{Rsl;!HcN4dKE9`TLZ>g5NJ>(NVHWPe}c&eq~3gY?1R)2~5)DyQRzD)duiETvq z;lz)Kor&3p!hb&TXP*joC!W<=@CxFwT?DTpzDvA`xNleCzmIq~aX#^v-Gu)Q;&kH2 z#N)mc{+ho<`BoA)A$II8{5umHi3bn|_YnRQiLVp?LEQQ);U7lafjF7CC-Ht_aM(jOH@FU{z z*@C5iMfnZC3brS%ByLAMVUFh%1R>h@ZF$`*h+S z3j}8qCod9wfq3*Eg6|Wj5wm5YJle&=zY%di;ts@%iTe^4E)n)W5Vu__cn0xE;@^n_ z{t^D}#J~J2IGi|;cn$H5Wx{_8ac{lg!^FQ4pC!&EzDX>(3;QbKZp85J1wOtV?jige z66X?sMBLp|_D-ah?61(R}i<27A(7q@><3SZb%$L+>Ur{obc~K{87B%LBv~$#}nrf z|3Z8wLD>IEJa?twK;pkv2~Hp`CEiT@$!g(mBwlY2e2Vxs@ipSAHNwA|c*$D9_8y|V zTh|G0MywG z&J`vv!5&-W&3G~1f!E^wcq=}NPvKKI24BFB@HPAw-@zHSYX6UMZu|n*#BXpj{2BY; zpLhp0K6hk){T#t*@OkWtAL5+&KU^4p$7OJaZR)oQ&W)|OIQGI-aC_{9yW@Vi4<3aF zj={uhtIyYVD^0tewZJP*IaOYtwf8t2`v_5F)W;%&GZ-h(^i2<(R=@jv(+UWPB@ zjrbPciyz=;`_<2Xxcg!GH@=3Qr|NvyII27|zJ_z-R>zbV#x`6U?>w%&5`Ktlg7V3@+C_N|_Qz|n^^)?f_~B)FAKrgeK91vz&#Rc* zIb8R;d<`$c@%TUd34g_wX*#}>;xs-j9`Z~!?t5f^z0G?m=fQnm$%XMVTpCw;t-KCy zj+^1}AC$Mnc|OX0aZwzIJN;EY8~;k4-oE~&czkL(98b$8AI43x%NKC^+;Re*iBnG3 zdg~Wfo)24%&jFcRNj$xr?1kOS%LA}eO?evLV0?ba+!o`ZP33L)368`Ey_Da;Dg5Mk z95z}`#3jedDQ2kuc;j+c&2I5rz%42XJJRM)&qrTi0Ka7O-x-(8e5&Q$-EF3Y)a zFI*6}xTd^3zI9!$hqvC8o8!~p<$gHomu!4U+?Eiua8amlJU7Zb32On zr;~4BPvi4;=Jo*Rbdf*e+?nK*v$Vgg`Q_YrY$3T6K2=1nj_($e+v1)TWk1}#wmc5U z)|IE@R1M`&+{0H6$6bxj1De|jJQ82Q%ke`Tj^E%n#^(sl?FU}nM@}y5_+@K0P3 zckQeC#&}$RxgAd9C-=i`@km@?fbwa$!C-j_{@)mRBla^s?`UrOa40^FU*hYy%tY14 z;r{pyu4PmH15cYIXPBe)kDV;%#d~oXJYtIS8rXfV+yI9epT{(}wm5!)+yl>AC=bMA z7s>y_Q`XDVaKsjQIUXD?Z^oN&xT79lz(-E1{swkECCB4@QSvuD=!5JuSI5KUvz!I* z{VEs2o&U&X@tEWp?dz|N%Vv-pVdHL8_Ph-~;v#p)O>)XZah}}rINSzL#gFnRpNkjg zlS6RL{BkJnRaoAR^AwSf;zUpRB0k()j>U~y%CGRBj`AP;t-G9lo{nF)9&&En7njDx zdnvDqefrAv@LTMS`}9}d1N-^OgK&VqJPrrWm*?OG!SWKkcd5J;TX)F&@ppV0F9}zE z5x>KC9piT^PjJ-Z&v-9RK3~VD#X;4l!+UTx{08U8gCbOK+^g9B^eI{1O+qr}_TkfctWm1zOKr zTnwjpsN545d@R?&d7sK1@%wmrAl~s_4!}!4$y0FRXL&wO@l{@qx8g87Ad;#Gf?Kg2cv%5QO_)-i-f;_u%b?l%K#I3d@)9Q&0I3PE|op zz~?H-pYWC{@-Mu)n(VYl>*-QM&V@VHl8fO6wdGp)A#R8>)KT66@5g;{U#s%rcz#`Z z7M{~oUWlLLQ2eEt@~t?cxg3S_wvZoT8~%y+;B1Sv-siYH&eKxko8jiT9qx#G;$e6q zPS#4}=i#1s6CQ+5;v%h8{{W|MC%?hP+sl9OIGlEg`oD~G;XAk_eu8V@;T<%e7hZ?E z;3PZ*C-12Gi8upZjD38RZ^7=J@b!VpZTRRYc>#WoSK|6(m51S*#(g-E>-;qylR;oh@aqKoH<1KYHY>3 zun#_lE3Q-hIouxK#sl$FJQBab&g(V)FRqW%glN4>Hz_ZIZ{kYWx>I>weCMd#6nh)@ zLoqjRJQ#Pxp2mGq%xxGRho|9`_m!`}!B6EKIQq4G6d!scU&Kit<%hUQW>@?E-rxuL z7j9fYx$|r1byazXsnN3MjE_mi993%CcqJ3#qh>^)GPhRY9@*WzL$ z);9>Y3{xDAYZ`^pi?7BkhD=|@a!|9Cs&zPGhUN~EBiJQ-r z2Vtj$@;|sGo{Wd#`S=1}f$JOhxiPo(I7f)Q4{u*7pT=+TH5|WP`Ad9eulyZ*MaXGa zYQ06z$nH2zyj&jd`zF`J2Qy}}_tzTdbCJ8_-Pj+`D5!io4k;;zVqZ^rC-y5RpTrf) z%Xe`0`tmEBrJ4K%=WQh$_ZPKauc^AonQ@7(a$&p{SH~Z5L!7g>>b-HdesU)qHc;;6 zs2?H^!G-a7Tn*2`{qZWi8SldT@kyLzsOG}uS<%G{1(PkaS?<2dY#KVlnpTC4TN;9S_%xDS@OmBrq;0k+{zI1&%T zo^v&R4i3g!a3Vg7z2~X^84kzB{ZMuPgZavHU>h!tBXNCf308e4$9U|I!|`;Sh*x1x z<33&Hwg>y;XvcW`7`q$y^D?(DjvS|3NB_qCz09ouj>J`PuyNlnb8Cq$#{Iv{t+yk` z0odKRADFq##i4jT_BZYmW^NHU4qtKP#(l%gEgoBp`-hp^4{XD(>(#%vabGcWD~2O+ zbsU2`;6&_?Eyn%F%xw|2;xO!wkKs^!!?5}KwXW9qIP8nRnKo|yVQZJ!K7Zj2)*yrnoZOP=p*xyASjlJ{9f!MROJOhU|lo#R1rt(^c zo5@?T)l1&%7~e%chTXf$(b&>WzJXVDmmfIB&zIwH_*(f5PQ)oTu>Mfx&e(X~lKpt( z!d6_+;c(@}v2C|p21o9ZD?94<%8juPI-n<0;sNgR%R5)vt5pcqjHh zp!@{39F#9%Z~O&^WA}|ZKAsV(_ri(zABPXIf9!vR`5itce{(oeF1ShaheXL$vFjPR zB@V)UaQd^#$KqfdjNQ*E--M&^QS2A3{5p0%FDKw={0lF>pgi+t_1ov7Toi|0lB;8% zD{@Pm{;J#;N8<5#RE+XPxcN1CD=vIpK8b(fSR8jl`8(`;Q%)JCe&cX1JouJ!<5t)9 z*MAajh=Xn`?}FX#$o@DCPse>?m9N6?cjetU9-qZW?WP3wuk1+dR&<&|+9_QHN&l>1`mukvUdhG${lZ_3wVwn0yj}e#{F3uxw?A@u9QIdkjQx{kwSPV6jxEXMKG-#*JPwEBNe<^yKGRX3TMos( zdE`yl;weXB4_kKo{-d!cj(5~gQvMO!uw{qV8;Ubx_sOcyl;W^Wl55d7W058Ta}#?NqguDk*J<3l(cpTph@RG*05 z7s_dOsXt#_)U@%ZAHFGb*sq`RIL=9~iGx?lEwIlTxi9v|V{j0ji$n1`9D(=a7L(nR z#lE|gH^hm!6AlemJ`~67mZxId9(e`!*(*ojV0;(5?^FI7H^INL4QJV-e&cW`}?0Q4vUtkZMe!uo_#pSUN_QC!*5C`FTI1aDFRc~s4 zJ8?KZ>F_P(u{Z|5!%6rT_P(uprvvIY47*~>9pyQ(4=#wqaVhK^tNO~=7uUuSxCwT> zt9ozjhkbA)?uFg%seUN-#{oDRPsZ-|RX-mG;59e~Z^IrBR3CwD_$-dax3T9#)yLx? z{1L}t<1vQz_y4MoRPTy|ac-P|OJnO})z`rxxHV41y>XK`)&GM-@l2eAS7Prcs^5Xb z@Cj^rs{9)E!SOg8f5XntRG%h7>-ELCaRe@nUE@_>2m9eRI1=~8ZqHTkkNt5Vj>dDb z`wP{tzyWv*j==}8$4k|p!8Uvy$Kog0GePz5a1j23<8b;zoc~v<&x3<;37mkdVe4zv zH^L#fJx;{EaFhR3KOBeRK%9i*!73%uVX(Pha>T8?DkXj->^S6 z9;anLUeP!mcK@aNTsQz1!ZElE_V}&(D%ggtI2O0To_|!|2M6I{I1Z1;RsX7f1`fsx zaROe6eT}D(nA^WN7H`Ae$&~NK(fBB~CRctAN8sz&GllYpI1DFX_ms-N;t>1?yE-XP zeN4wc2)klSD&_fb0QSI%xIFewt@=9HmPT%aozu$wu|E#LmUPPJU~jw{hvS{tnqKu$ zI1b-&UdBJd^UV*p@|}fs^n8?3-2jW{0!M z$8jRQfkU$^e}yA*$iJ|=o1Ec<))RtrV@pou<#8}>f~~of_jlxY3Qok!u`Rdi*I=Il z@*y07uVVLt%HQK~>=dbfeG4higIx>Dm9Rf{?N7hQlk#J#l1Jc^vkxAt|tYb*bR!?DvT^e54+Y?eJAXThvG;)3H#Sm{R$k4 z_hZin%1=AoNPdJP@NXR1RC%`3>fhB%E`>vIL+smJxi9u^AqQYfOL>7K$D42*j>e(h zs=tjB@e{}R*2=$PTN~LmO8thkm5X6ZJGn6q#@(^Cz4HIzI6T*pcTm0=C*sqN+(-Fc z9E0ECuujTTpHY9#o#leq50}QFxCV~wqWY#d5&JmmyDIm`-reM>I1aDG!QGYb!-@Ec zV|)+gj~(^+6L$Aip5m<5(*)U$|4f_;0-lW-zl>KNZg`8G#= zU-^`y9>-!^Kjr^n*Zy+KbLu}7=f>WC$}2cLKyK>rK-m|24w6UWI6NEs4_3Yl$Kb2j zGDP`%Y{SMAH0|H7c@9;c8%JVK95PIKLu~PvyE;5v_Q$?>I!?qZux*6u!?Ei~`8*CE zB|moLqvd4hIi9#M_WVbAJ%|4%cgK-DG`=Vf$CYs0V&zS7@DjNj_FX2A!mc6mR7Z{%;7Gg;doNf02^@!GO&cH8b6utU zId;Qeuscq1RrMY?EB3_saaCLaTX8eo1b4;Wcp$dnQ8*aSz}D63cO~}6+wds758H4Q zwye?kTiA-@abl?Q&)9RloFYc+w{DZOVB1c)7*51h9Nwe63HCfFcf_H%KlVPPJOEn{ z%d;Hycnyxh;g0$vsz2?>@g?kjRQY}Ee@y<*;p4K?HLW)QyWvn=9LM1r*z<(Od*NW* z1&5zfJ{ZTGmd829N6GUX^=IYv*!#S^5BuP=xGTPoeQ^Q~#!1+6LGw9Z*LpoK$vLs> z6}brZ#pQ80u7fRCRo@bO<8C+<55tK#5L;t3ejX0SYjGUji9N5W{s^|=^Ed|I#opId z{~8D5UpNuF+|coeys3J3?0QG`#4)%Dj>YY;N3805;s89mX*5Ti(uZwMeWp5meyJG)jIqknc z^LLC-E>FkS6!K#1i#KB%K7eCVs{TB-q>&#w#%GXUWB-iu7wqmTr@F262WOJqaCm0f z16#7lm9aN&>TovYogL0055{ph<%!rgue=aj^UIrXxVwB1Cl-*;593H2g`@Fp9D|?WSe$_4@OzwyzhX-xo$ue+9Xs9E@w8$W?2B_^ z8!m*yacP{0D`87x?XMQL;%3+vcf_H101n4vaSWb=V{s^s!-sJ^zJU{P0#3w#a1ze) zK*!@dE`*(%Xg%d|dfW)R;!Zd#9)jI*Aoj%bu@$ewP4Ir~jW1#!{0RHvPuLGTJ=A*q zaaJ6FOJEzWiGy%U9E`i*5Zn)k;^8<92jXxXgd^}`9En45G~R(@@DUt~&*M0J4=3P6 zoQRzs>3CS0>U?I$uDAwv!#%M(9)~^gN?aB1z)kQ8+#FxR-uM>w!B4R-evAF_2ONx( zaCi%?C*@?tl|;PweieeghM6VuPk;SB-g`M+z~gyeQiPd<;l z8GcYp&#&%|9nT{lhCf$TJ_YBlCNIJD@Mb&%AHk02pGV`z%y$<%o~Ql-?_~TpJOHON z)@H8nIOE;$EnFI3#Px6^p6A}iwDEZ~Uq0{EgSso=>TeJE6#9wAy(eq_ht#{Vo)6?Bs83~F24??_C#gO+zCA@Q zZ`%0J1oqc}+|oyRcigA9JQkOv-zAK<&?JpRahfABvzzwy~d zbNs)aI$l*x8$(^0zZLmH^8UC79#4I2UiCAdye0X+cr5n=-H-k8Ib4V1cMlI3s{Y@Y zHvTg%x90y%UWR(}+BN%cF+}wR@cUtMCETj4*4NOq5k+$T+LG5M?}dML(D;Aw6dc6( zB*ur37a`w5?p{FsMv-^(*L?SJTl^8HWB+N5$Bdi(1u?(7X=8mqSZ@{FpYbj6!3tVm zcl;8Yk3~1fpTu+V4ZIQm#K*A<_k+BHyOO`aAF#!E%(6NE1#CVB-Sk6T8apvxBb*cW zz;{^xSkuP({kWbMk)I{sfhU&NdQVXw!|VGN`B3s#csR%F5A`P9}8;ESBCrB&c(OrcMbMtzHnTN z^_!1bG{-lmzZbY4b~YY^V&-1VpBI0o-?DfL^Ebq~c|YlF+GsVD>thIcTJlNc;k>_^ zkEJsAH>Qsa{uw|zD} zp4=4|Xa1tN1^aJ+XO7VLwzvk@Z*P2LxbhMB+8&*M^RWl!{>tx`&D)lnF2VRCIF|9| zZNAOCB>TIEgBkxFpW^z?YV6jm-^YHx@^5(Tf5v|pn|T{ubNoE!&xaXK1!OG3sB%1jV`ZI5fX!;KGIT_!Un~t?;em9&Yg%J4cjvlKbMsHS#}rLNeLB zO_aI6n!mNbwKzHR@4yw;ss1>Axlg`~C*empW~SzQg?%}n=53nH{pIHRax!kKVfr(< z8;<9Em%`i9YkzgHmHTP8!BP8_o3}kO=gYG|`yXlA_#Vo}=QSshKjY^)^EMvl>)XAd z-oFo$Unjqg8~Ye1%GeU9ui8xYzsM_-XEJW%VebFlyV^))-&NjO`Pyic=cH%zj<(DtE=Fdgy!PGhT%SChBGe{dh% zWxD43AI@ri;WoA)Y?~>s#?_|Dn{m`j`4rxb&D#=~{T7{}-27O*={w{u#>c!(S0gWo zf3d&HxCGCKYmN8vJisp4{etHA!(GWo07 zml|)B#9ca6G$UuLRZi!(Vv4jlefJe^c-aybN1jY5c!s znjbSZ*H?=76Z2!Vrkhi5ek{{;*(sXe{8*pqk(?j%V_~Lia(vB?<(Q7;_@*`9CQYB> z_~yhnIljelFvqt79?bEqgBS7qO!Lc%IbSr#w>@@Zd{11F<2?*Ns1-h+qXgjm(va8c%4hMn;qoEe|T z)$eKiLtJX3{0d+HSN@9Ek|#HQ;cXt@U+a~-U_a_}gUM=6j?aW_{8rxIc_O$#KFP)?PC*d+zl{@Ft`Y)`MGvh*QWp^C3 zOfHMv*2q=x&rrD;zO_Pbi+@MU-Lcm|xgVZBN&St)$v7T1+=TgpaCLu;561t|-*WtL zhUVLW+a#!dKc03%c{DElS@|Q}Z>RFFcqGo4U&qUai{iPsHeP`{;6_U|e_#BK<2?fJ zJ*#{Iu44Wo+}Nh$xtxzBxKO0}TaSHyiHE>#ZQ($n{+j+b*eJD_(I?ZiZ{%jyMbNNBwbruD=QR4D(IL zO{rgke@{`r8}O$a+TSkxl=+U}*}Q+9!xee|ip6i1X#7i@oA=+(IQd`Yzwpcfa>_zF zUJ-ZXOn5M__gwfc|NdDH$MWxU4RNTS#fHJjpY8IW64jA z)%R~f*fLIDihtp)co_8uapgeOpT;RC$T4^zet=W({q-xnm+@cm3hGl7*70hDT}>PP z`_DIi(O_%^v2~bS&f$@=)nW4&AI8?o;c;?zhbPKI9G)VNcX)<8+u_;r3e(Aq-?vAk zw9mgC`yZ1dadq<_VvX$zjtiIL@P^&;JKXMsoV{p6)M3*Ly+;uE+x<1gd)gEamw z{y=>^{ytFo2mEEQ{KvGh9ydPEmA$AOfIYDfpC4<6llZ(~U+m21#m1X9&d;JL`uTn# zc?9_;^2y{!@CJOFddo~5zyGkS`GcXcr7NcXJSNBWGo$6L)O+yxx=8FhTKjv1!=}iev2CiH!9)GUOq9#v#L03iYzdTy;OI&6eC$77 z-h^GrPvJ!Rd4hwP@24Z5rt#T}s~`8Va#ie0-odnS{DwTy`bXf0aq?`O?3uic@e%Vh z-zoA-)ZZfyp0E5hwow0<`g&hAU!fA(|AH@aBh$w97-ZA2BkXOLXKP&ga+3;9gnSR&c5sZ(-Td!*T6I{srhX!Ly zR!aNZa!D?TGvfw$C?16Cv;G-)fcXy-#ukQOQhx?_=6F0bo!K% zX@&BCu@m*-xD5FbT#xJfCa%Es^BP~B>S{mVzwqZ7a+Y#h-va83;3Itfsfge4e%1n) zo2T*J@OL~Ie+^PT0f*tm_zBnNcKnz99mo0q)%a+@v{DbG=EWnTO4*Uk6$1yk_TbIxuZp!s$si6L@us=6!p}q=!N!|hHBp;0< z$>-zpm@-uiTeug*TWEIs<5YC4^*Qoyz_|bZ~wrMAeC7k=?dXxJuaIs%sJ@B7k zc?kX&2jIHfl`q4?=gVRE$Xxj_9x_k9h)e8}pWy=d7yi!kv9eUs`ZAE0!6|SfToHH2 zIq(=qK1chTinroLI1Bx*bBt&IdvI;$yM&wI7dUK(=KqPGGd^Qw_3yMz3Yn_LaQ z;dr*hZJ56YE=a!t_&=Vn7G&BupEl0tQu20HH2-$f#@82%RbO8s$?KEf!ab@PlNeh9 zE?ZUpjwc$w*EF|`RkWUYxDYOZYvR1PGhUDV@n7TjzUDR$-^SbUD;$k2#_tu)?Jh2# zO8q6`k16HURn_0El5#G*v#eYWr>rQq#5GFGeewHp@?@Ng`Ih2lcpKhk{^6>z9mgB9 z$#?KbH#re!$s(t&rhXqA*S)zF!U?IBSI6Vi$Q|)*S9vI|u7{LZX5)$Jm9NJh>Esi5 zmGOOvxy9fxWg7M-eIYW&DW8+wa1aHZy4Tf z{2XL%}UL(Xl~tb zQ^t?Qp9?5ojJIT$cVY`ZgY$4bJ;XQMRR0=RHh!;RZr^bS`f;hPer@#Qj-PS8mdCX? zUXAfBGmzn3<*LAVFk<3#*6lg{@FJjQ&}HMS$TcLw=3zQgP78#e!rz}(W* zQNP!CKXAv9#?Nu)Ru1pycr?JdiYRY~qwzqT#OrAsp3duc5kAlP+>Hn0TaJ4C1CPOZ ztm?N2*Pkcu$@SJ2AL4o&gxhoe=VLbmb0E*-D=0`a{_c`?pJz6rl4KY_O}-!;?5r5V~bi~aaLB9ADO!tS@&Ei$>?fAEkq za;ExP&!rf-ApUqnu8J2I)qM4Fq>J1dheoNsH}*Lpk8;RjFU!PwnH`wPUKbELH&zd3mK>oj(U;AJ1>^*F~Dc^@uIeH5;X z@8i55R3DGs$-m&YnP7KbR4!*UQB(+Y1N04k0sxMyW+#R1wN0jY}I_XaH%cwV?1-C`~mw!$Z4Bu z{Y&S`Me*BBa%~*R{H^c;+!v?Ytoori2M)v+FDsvk8{uU*j{WVzdze2G-wI1(zkXtH zk?rz5Jc#4*8dqcdXPgFGnrXeEj8AXcxc;qN|2fGsl6#mou7^nT4-bv4GWn(}+J9qQ z6nDX%mD1Yl2jhPV%j0k$o{Q5^zXoT=d$0#Sh28N@e63ts`~IHcR`>(XRY7@bFRlNj z`N1n=%Y@y_$a!$V(sEI3!L{+S^2)t&x{C4uoPqi=csKbR9L)Zf;tR~T4!8PiQmTK7hj_}Lad!Gi*<9;y%l`7<^7P|@PZreps`z$Zxe+c&?t`=BRz4hW zrhW=;hgaZK)bGWk$*J2N z6&{L<;AyxlUXQEcBlr})fOq42rqdg*AD-`%Kpsl|4c~gIep9tn|An5(Zup;gxj4>v zRj!Y{SZ@cMbWQnCoQ(P)oRj*MxD@#gJdOPy!mDw#qn>{5;a2SL1wKvw*|c%~Y`nju zXr=XaE0x;*`pa(GI6lF<_5M&{BB=Zn$2K zz-QLUSFzjqRQCSfTI&by=<(ymumnW}*ov}Age@XRy9l4M8Hy$@KKUi#R!T4uN zc>@lm-=nzdJLNZVzOK&p@o%upDLG|p^;`Ra_MZ#yD5CKtaIx#k8{=Woa#!4)d>{_v z_>94CE~|b9?#1z0iVs{>z6)Ef$)|D882LW-EusECV<+--ZM2?4j4zD6a7|o?`t~@H zd?1dbpULw9NMbAD~~Cw(2h{$GZ$JeMRf5hdZ2=z46=p+TUOt zD#yd(iK8e3SYpJdpQ~>-c%7#y`U+sQ->b*uP5$^*?SH+)9RJ<8GUxju-WRLu=`L>Uq495UcV6$wI;!7wH&yR~r}6sFhx6W5 zUJ75}{jfT&!TU>7{NT3gN8NjH>`@4phvA%D(D$dhM{Vs{r z{u<#Nco;6id^7QP))$Hgvz}e}IbSbNn>N1wy6??l|N3!@{3dwzeyJ&qsD$CjM^Dc5>JhGEq5$EeBH^ke` z8#x$TN8GWy?1!uS$N{)U4|x_I>npFueeppYjW6OM)l~lkx5Gd2Rr=4|RqN|U|0S?9 z{ny7!>AxGUOaK4i!t_56S7v|PaOz&_=Q#e@Q;x;$$=~3*Rh3)1sXrH-6E|c2N_Ylt zjC51M#^I>VFmP$Lr@1e$z+!Bm9Zi(;qyD`EvA9KYf|698Ti>qZtllzCm~z^Uc5& zYH5E<@q3QXMm&M_@5dgj|13Vh`HRIpS^q2CfaCieH>Ce`z19D9`pu6sRZ~Be@H^fw zTH*d}mG{QM^g9;kqu+)2Jm+&8?nu99aB}*6gr9RhzhWo)%iKr(F64Zb!EU_X+u;1X zo`>V|?bPoae3JES!96%1$FL{)HT)RA#TJgwU)+W~V_)?bgFWy%Ucb%oUOWh&!AtN= z#&5#US>GxAhV|XW5xoC=z-KtVsr#v)wmw>aKKzICRTYMiPE|^t zfP0uXPBOOn_+e>z6W+u46F5_GC%F1Q&!eVl5yqf*B z!|Uj0AWpqGgT3ELcrl;%UWTvyakA&zajl6uey8wC{ys1kALQ?|-sAW>_Td)i0qVCb z|2~r!zu@=Z74RW`U)mJUEvWtZ;uFu)*e48d)bsQATwIl}Kb!FJLOLEt@z(3|b^OM7 z-J4qi?&Ifb_h0jZ+NKcvr^fG@Z<1DNXK) zotkR@jqqpkZjAR_p`W)#kUt|2!lOIt_=ezakLA6148DN7Hdp=>cjkU7fAE%e%Cihr zzqhFOz$qRouZ^S38^IY{TReyT`D2eJ%BSIGkL0y@5A}y}RqC%`SN8W5kD|Yycq!xE zhN<5ctfxGFPk*hk7vqQE0n`WKK=!vDw`2Z8IADePzl5*h7kD!DN%#Wux%#WWQ1YU9 z3$BHm;}&@81MROr&dq!iaR-iPFdo48RoIvH@4%P6HQz}*lH+|1pT+UGO$*h3#f`0U z>fu_?gu1dDE>c_ez!hnb+zc3DMsD3Nq)3_=A!1?Zq ze{=l(@pbY^I4ko92O1Uw9k9*(@PRhq(-)!=H{G9qtcr|$xK0_XdoBh># zKH|*um--*|dxiRQk~NBkM@ zz!?J6?@H`}$KZN6{(z2OTm0^j+!xo`E04lo_sNrSG+v1}P`@9?Wzh9=4)@28@QWjw z?=wEk`AR!R{ZGlH@wu^^`AwLymBS0L7cQG#c{h9@ojeM!V}G;o57xUJmprI`!tf`~ z*HPS)`YX6-gzBH*Q}`R6#e8YUYCYRoUtS!HtKc=bHJ*$I;!*TJ8^55R5Ii-j*1H8~ z!YA+s-Vbiz&41MYOMLXV{1aE;_3JWD{m-M`1E)@<{nf`mc>Q+4KB<+D#IATAu870% z8|FKW-!k8QT%P<3&WbaQSAX8PINpjI;GwuXo`Y>T8n4EcS#LNlNk12H0sIW##Xs?G zoPC1&JA*y(YV3t`;NG}Co`5Ui<+wH8jmP0jxCefLhhXPG^)nL}!P|H}*TVz%>w56U zr+7c^hqGqU`5lATWtJDOn+|LKJ9rB3A0KdfuJ05R)$cW4PucMhUT>vv zCGtA>I{ml7S9rf0fd6v+1>iY&4(>@mEAejn*^1Yt(Rz>IGWZ&vkyiO@oE1CUv>w|o ztv?5@$@d>c@E-Dtc-C&!H^dV=%bl>>a(MtAiO1ln>Rl&my+i4z0NzYq9{bZz1Kff6+T(Ye4}V;r z^D!4&8NUYaVLiL>Q|3E~PvBeFiT++<51fR@P@iUs*0X>-7hXkP5>KF?TKEq2EpbFI z9ly@lhkpCvGvuT2V{F6M@f>`7l;&HHKjK69Ilhkn;#c@0{)=OAwy9cg`q7%dB(~yu zxB~8iTi_8mCl10z@fzG2@5A%(MLY?|2{Pr=^?sK3SdANIcyr=>=fmf5CVUU4Vf`=h zy)~Nu3tqZS{)2B|=NVf6EPg)Cf*;gDD=dTJbf?MEH9W=i$F5FKZifycKJT6B* z2YcZaxHb;M`?qMm-S{IujA!6;*p>BM!y%y>{{+v*A8<$f2hXD4bU`{keaLg+KwJzD z#}#o}zTVWrIdD_lv#Gv5cEOD}e#3BAJOj62Jxg)mO08!Do{jh8jrcSU!PoH5_8K3L z%Wjq5;=%YE9)nZN)bW^(UGO5D8;9azrk#xYr_ai6F}I53ow)w$JQ#~bkp{(k6?X=A?FN}BH?`A+gj_#IBfF*x}wt#=&GhA*ae zu{Tg2yJIiY#{L4>Usv*hj30_WXVCb`cogH;;=8GoN8m<1G> zIQ^%etM!#4&yP3S)PH%?=`EI|A?l|-`C{_+coO6LQ*ULx|0DM&55lh)znXg6P|Y7s z9!nmDhjV;yQy*#G$lKUnko%Hn{2t%jCg2PHauBwWFT_X4*Wv%s-wxBp z{E^Imn0%`Fpgv=Z#F_CWJm`PQ@8GpK9*^Pm{|o!!Ec10d!<*}Pd6+hiXGikdc>XdM z`~JP~WZW6=<$g8;@zaH>AA>#cH2jA9+bqQ&=c|4z&OT2*h7<5rT%Gyuir9b=by=^I<71?tyAUIZVmk@;=*7Sb}Pid?C49?s}zK+l1N4QQq<^SPV%%6mPc)xUBtm9L#gX**5s~n#K zxO{u%W$?->uJ-@K3vb80@faM4yH`^EB0P&c9Q)yDTnWF#jc}?Z>bD~Td|0$NL zzpz27&urRwKVLvz5dW^M`D@~ItgkhGLOuW=puchWJ^2!R18>D!@L7BiKgDNoie>6= zCC+EsIKJT=pEBed*?%4U1Gk|*xR2J`oBS2|XgrkpgYiVX2{*?laP0~@KG$(K^0&AK zP7$L1ov}O4iEH5!xCj2m`50%~Sg(6uH~aNIhrBfVUxRCQR6l$0;D+)ge4v*67{9_l zaC+)9ELXp2YO6j!j>qNkKe#E*%6wgLd*&N~C)4i?)8_eOJuAqElkdd2SpO;N-FQ9S zBu_*B5~t;Q|4w~OKR5gFO0z=i`Of^g@L62Ow9${1dMo*U^0xR+Cmjzz+>-rGWV~;G z?Qb!8E%L4S1^q@+?>SiYH_302zrtm>KL1ePq?hV5t<-w*k{7`xs;a;GxGL_7GvWYz zoBrnEJmlN41)p)$^ZI{|M~x z^&gkh{(n>_AKE#c-Cc0j8*(77SX}+i$BE4UFOF+$v2XkE{&0Oi9EHv2yqMeFQ1#Q= zYRY1H6)F$0nzC4ahsyudx6_h&o$TI7E{enXezyjW!QMEY{q@Dy=yxQ(m|ycv$8J`6 zIbKKq2XQTq-#Pr5{2q3tzgIXf^Z&v(aQgLHPX)*Mz{PPT{D9-#2wPd7k7+04{BeJ- zf!K;CQXj(a*XH3*{C)Hq)8^L`K99Ja{3-bn{3MT#$2si5^$>^O-_!N+9shS&KVPQ# zSM&Rt4^A_-9Hx_5EceKZVq1jjD^VZgq568{!^pjH*(0j&MZL9z>PL|0BcFoL-%$NR zy!5xc5m$|u_u~)vJkB1iJQgQL$uF?WIr%HLk~?kCdOdI!ToD(-^UiC06vdR?Cc~z#hv*4!6&>u zt#ap0>i5V8&F79Me3Yx;rk~{IxYJL$3oi0Y9*RHU88`#|uE3|?s(uHq9xETgznAEE zU&hzdso!|~j(#kg)&Jek8lMxN<#?CFDLCFO@xrgFAAp;3yeHv6j`t?KhyD-aY#i?^ z_z6zLE2aeB_jDSR8>!Ra_&-*FwzSK6)We?8|THy)8f$GbE2B#|7|6uD43KIOne^-i&+Vs;_i@{c-Fd zc{cXq{H?+N;Rsxr^B05n;a9i^=QGuI^;?Yd>5j8@C^6n{3hYW7MbYug_7~kMkXDI=%7pSr2`^-$>re zS;yxfd1yD~=g3==$KrhW9rbS1C*P%hGmz)Namh7*Nn9y~To<=VE4RizxSwgG--zz& zXDs<9=ATdQL%yDT3Hkrod++!xitT|rpdbh;sHj*`Y*#FyV?hZaKqyH_0-~Z1sSrss zg<{2WZRiE;SFtxNSFv|R#a_S)cC6Sz?EO7w&Ubfb_j%&){rmmAd_JrBo^xjAOrM>d z-REAov9rbhGJH@s;}76%(f%=z!zI1c5uYfn{V>}x^ z6kY(|)YbG?!dq@+d^h|y{5X7kZ_~d5UxvS*!Mjj?f5W?NZT4O7u=1Qf#maMQWm!-D ztB2{c;UD09_)q#z1^gxP&4QO~W8vq)&*AUI@YUq^MtB$WkHTATXyIRl`*tw?0)Bl5 zD^X!gzU1G^cY4zJwH_%e7sd>6c5 zerGrTJq8b1-^KCE@WJp$@Qpv3{zv%aUyL`o%kndB=_W4x4)CytjI-eb9yC4#UUw@k;l@v3fBVCmIe*?j--!KZ=&wNk3p@kv zdbh>DV6w%xqq4NO!_oJJKYqyK&&U4$NoJoy|0?>K@DcDl>^n^~`zz3oL4PN_==x2a z|F6PZqhCk(qEZXr^&a!DBl>^ASHi>Klb$huk5HEK>x93J=>LQL>F_7mFM{VkXyI=s z{IFt6e<}JC(Z34627d`pB)*OAwe**kSoj^3rF@^jegHganWZ-t9{RCy1-u9Kae}hu zhx)n@{Z{C2gXd&fe|Q;w5B?nP18;Pn`7`M+OK%tW)^Cgl!w)}UTmYZ-r16pPLh{=L zAN`!^&w+1w%J}MlzczjZp8L4*a`t{z&E^Wyf1t! z?_VDbcmCA$MeuXK8>ismUmBkP=TTp0!q@+1`itQM)*D|3_r`t+{QWPcUj|S6%J?lf zMS4HM55k*2VEOA#`Th%DMSTrbmiDmCgl$~^8HIjx(l3UW(mpES!zu4$;cnE&0(hI} z&A)5l6-$lpfy1aUOg#{*=Jm z^FDM9ocF!i&w|fmd|s$5FH=pR*_Y-yO`qVano9uOa5oB=l#ZuY@PE34L=I6gV$eb`VNm-c{Kjpcxz?xZ$ZBKw+H$kkFxdQ0m{qCVWvM5-U?m} z-^uq_o`%QfnEfa4l3e3I;9gUVH-EzXy)n;tPx#I;#v|e7a1GpdnCZ`gI}JC!32qr- z{3QG^>Ae%!lfUob<+IKHFL(^x^-1$@Kk9d9xEDMKJ{TSYcZZLHmr`Fd;XA3XGvFW5 zUkrCS$Naeko;b+(9(b#v#;?HZ&o+JsE+hUm@XCWs|2@3l!N%Q}S^hqvJ?sJh3=db9 z{-4G7steJd&F`a?!T*D2!W;d%p#;jxIt`wQ{v!C2Z%lt3{5tvv;Cz0M<{7yEc`mxF z7vZbnSK;jzn*M$GGx!U*EBq_`?0mED_>|?Z*JvBxwp4DHm9_kQ({B&wUu?V=ycznz z@c!sW!iz65`vUm73yr714TP_OO9+1)JoN&zKU=wjjKBDIDf$C1GyOI2mX{hYfy;^S z5qNv-UxYt^Uxzoo#KM0B-%I$l@ZQ+Bd)mrpN7C!2+(DifGC%Y}zvMp_Umy55%6lMu zHTn_ofaA=*NLk`r$NAtR(f2*t){ph@ux8_v;8QQQ_2+!}9rkywhOa-t?EeRUUu*mr zyaC}?!1clYD*X9`?#{ur@b%-3e}|7QHtzO}mCx1VjCX^#8*AJbo?K)+6uy3v@p!oU zNaHH_^C`y1!>h4B2i^|84DLSB>~Dt`lo~%7*rR_BzA9z<_3(;H{e|$e=x>By z+}ZRG!S|tm2A;Z$>EDB2hS$P-^)~$m&zV0<4lsW>q*0!f(Lubg=lp4eSRRcYfad-{t`0 zUEsGCmESJ=}OP{4VJ|34b-z^zXoV2O9qjFFwS$ z>kH=ZQ@O@{;NOTp2fpNB(;o^qlimz?OyD0pf%F%_Hxd7x@NOe4zNg_W;dkIW{x))@jptka?W8R2Wdp+Zhc~5s$HQX?UkyJ9p9ohDGJh7pwe5_rf{%jlg4@$x z9)rKiGW!+qclh%j{3`nOa1rsff64sc9qtJafV1J@@HluIxE%gBJQMzq^v-~Xk>4xf zCFt*f4}zb8pZm+o{~hJ7GG1I@<^37@)#PtId_L)K__F2aLE`HPze#+3;gRTb;aBnR zF!*8Y>)`nVtb9+0XZJ9^4&Go(l2HaA`lZw0S`KitgpzrtS;-{#BB|6ky};X#|4 z{ZRNP;yV<+th?#!;SO6FUj!e5{!VyL{9OTeg};K!yIJ^7E6kto;a%ZD*yq5z;%^1K zE&AgF#-9t}rcoCEHEMa0+T74v`7&KBQ} z@Z;@`2g7}dZ#=yDo~EycFY0YP7w(a5d=b1g>D>%>gdbBD|5jaW{=JI+$C2IL1o|0# zHvVP3YW}Y2WcnWPTkt;c0favou0~%9{|kLJ{0j5MT=)g-FNCj#?|^TIUxFWjzlG0- zJHKZBX5s%X@D%hz;MNT-KNI2iH!`k;tKie&cGzDHe*r%LA4z_e!^Ncc34Av7`KPj! ze=o{^lh@7PZ781|;qAJZKLg=u#9s(^A^lpo1%FS4$HSMy7nA<|@JWPU0e=sF27gZY z-{BJozvUa|Z~Fn}Umtj7f8#^oli?D0Be)t~KG^I}g5P4kSqQ&;_hzm=-T+^Fzwur0 zY3QGY$KGf9m2kT|j6YG<^*p~P{sa0C?=gM*H!VLy=X7)FZ3^FXlJQRPAb2o*X@lv< z!Qa*!PlbEd8qb7xI@)+1Jn0zY%i)PLjPHU+HX1(*AJ$_0Hr(25{4sn7`k&zE@UP2C z%ij+0PVlTc3qKHk2LHyuXW-9N_`({quYot4X*?JHqt*CgxSsso2(N=5h4&!*Yj7p{ z&)`|4_b2=>^0&z<%g=A*e;4>m(jNqmz&;N?g7l`qhrrG7TZBIYz6-t_J{P_lo(4Y; zKMj8kUj?^+%lthS-Uc2F?+b4P=fNxS{|LAc{R!|+@cHms>~Df!oNo1T2fPYi3U_TX z{fqEm!hZ~J2Y(Nbhugnx`I$xeb%$T&dBrZuGQKq)yp8KmebGOTJ_kPFG%=EY~rW;lHrI7Jh!E>F)9to#DHl7S`u*SF!&i=^wWccqt zj4y*PT5WtQJOKY+go}yqefZPQ&HhJtqc4m%d(Zse>?`Bl;Q81Oh5ri|!pDDV_S512 zkp67A2jzVZ{1WwbC0s#z_re=}WAVKR*TEmaClKEc@Zr>7m-o&8JJ4?jFM{`hkAicQ zrE6qwZ2f5h`YE?se<_29-ePt;p+6Nqe687E z0yjTz{6E4kA^cMG<>+6Bmp@_lpI|?13rlZ3`bW{X`_S^U`3q*>Ls|Y@y|vlzfxaF3 z1K@5inSBxb(2K@Z@QK(T58rW$mGAlR6Y%x$qQ0ho7~X3ykV=Moq+gSPcP;Qr%HJtL;4bCG!{oz^bt^9N0U%oS*1Ybq|n&AhUExmK$Rqze) z&iMBzymyP)uY`}m{u_Ah6{i0K-i!Qf_KEpFm+(8n8{*G?%HryfT`j-4=u78Xd}Z*H z@JaBT)FxT_?|gV9ycph{@_q{50)8KE2mh)p>96AZ4_!Yse+Lp@FZjNb&7Yz0DtHon zGJFg?^))O1li{CVHC_N8_aBSz2KXrW2{;E{4etp50{?ujh2Quy^Y_p@jkkwe(eDe- zdBpT1;M>tpg13UF!LPw5D2wY?b+h_8AN|M2T6}lH_s%wc1-|__<8|;c4_N*?tTBJ5 z!rQ^y%`*Fe@ChdvPf(Vi!$`jheIenGg>O0D>@R@F!Al6A)!qDm2L0$cX8$gH5&8KA zt|32Les2Djlb>w(%snmqA@Du;e<*ws<53NK-J_QO+3?ZW&xg-PenSYnSU2ZeJ34ZM^3pUbVmR8*tNL zC53~NWT@n7oHEV#owFY_u(ht zn@R5jcp3Z)Tta>}`PRz!e#&=SWts2az`s4=OWyA4=DQ*A4e(faOZX`GKGHi5zKQW+ z0em)m3)~1l4qwWAz5;#${uthNk4>FFKf>=`ZrpLL`Tyss#yi7r!h_*w;i7<9zm~)I z!L9Iv*w2F(z>DE4;HThQ;Wh9n@CNJ5zqRlV%2Kq`x3c!VFZvrue;E7$>z6Y4UzFEe z_$caYzOq(TSBq~E`tj&*hL1VI%I67qB)k&-_hF|01)dFW|DE}Nz;x3OhR;KPD71V^|Qa|UzM`3>(yw7E3|2#Ya{U`7UxWjr&zZbj{JOn-j-V8nhes8kHe?0sr{#^z4 znqvBU;Li>>ehywvd|$wK!5e&U{*0hJc7(4)KN!9Vo&a~oz7Bo>f6jpS#{O#fFZ_Q5 zeg^xM@FUoN55IxF>ksDN>*Qy5_%rk);6k_@-tTkEvpfghZ2d{>~q z*!X$)lK&d7hMN}}{|=w9yYW^(n!lH@-rOCYLHijBcfkG#_(1f>!27^wz^B4Dz=iOm z@R9KA@ErJCxWnz{-(T?cON=-F$^5On&A2zb?;Xbb!@Hs{gfD}u;N7r44juw8gdf8G zYWU1sE&d1K7g!HGt1SJ0Df=yNpnnkk$MB6$S@`xpoBy+(HSPruc*b}rJQ@2b@UD-W zz6I|4obfquJ@MTHPbI$R;qKV4fvd3J@E7yvXwusmo=kcN!DWP>1V8$irC$fXzRdXF z@Nw|9@aM$86uun&JMfSA`y2c_`mKL8|1Nye;vWJpAijz4esB|9LVV}LE$Hur{|mni zp8|gcKT3YP{$}YP!~C%mJmfj%XZZeSjf>zB*dGN?Mc)9gVE<<>-02+4-^K8+`x-BS z-|B1pB>d&r&D?zaI=qPW-N*2iznJ}x@FqVQcl_P*v)8Z2J>YzJPk18n9|&)PKPB)F z!z}%2@FM!h9C*Oq7XPX6hegJh!r#C*!Tl+(2jM-hH~VMcU7xh_eFa|sqv=0_?~GY=S?EuNyTg~m?_+-lJQe+u@L}9Pz6HNd zd3_1*I^Oc%@h|hg1LeO1JeTqu2>-(U=Q#Mi5(|GMd=~4?I=FOC)1L+Z2;Ttz_Ak>v z3|HgtYj8Kx`&L=1w%3;1xc>4p`g7=yo&GleFL}o5zbCxyy%v8zxbjZpQSc#m8y^9; zr+%v7^`BdOv*9VnT7Q`bm;T#$F}ySUG<*a634AQvKC7L(UswR|8t@#8??Cv4(~Kv> zYvI{&d%|B1KY;!rc>QPQ|1)r}4~^f1&slB!Iea4gGyLv#Rz6+YnZH@AuXlu}P+r;a zgeJ2e39p3@gXhC_a54LlC&GUoW8p7^8?nC?J`??;a4*{1bMO)HDmaV!`zGKumfsE9 zTYfgDy=@yX?Y|$~8!mvyFg{O*pQ8QGg1>{$f~O9${9Fbcx46U(xUTZ_{_#!1B}O4C7tl?RefY6kdjY61@I2vp*VMbf)pC@V)3S zfP28V!eiiNa2NO;c;HDE-&gRjCmR0+KLT&Mq4|H!38vo-UI`xr=VCt@o{zpBK5*}i z-1u;=vQ+h+w{PwEX7qcZe-{1pC8l2mFTwsx?0aJ0zJtX#`!=)RMp^FnJE7kX{Sv;9 zy+8T~&bR(M7QX31<0d<#4Yei}X#{tP}3?zEBlvk2Y` zz5yN%FM*GMr@~F}(eT-D3w#ayAbdZ(5BYr!&Vj#%hhX2SllfPJem8g(`eAT4_)z#G zxEcN$J{Rsld^f^Bp??DIiT*=)Gx#rf`rK}={(E#b|BizD!-KIO1NVlf!xP~%;IZ&^ z@NoQDsw_?KOupB*Qh5`3UVVkl&tGG|Wr2;if5KNEDn{~e^Nr2Fijl^?)|%s50l_U@N{@7>)&R0*a~a!r^9ns8($i5=M9}dOW@V_nEpjL3;rA~y3h0* zb}|2#E;il*zUp@4-Ql_D2g1XSl0jVljfS(zjE{h)7MnjULHGjWa|3?M;=c}F2R{U7 zKWqAz;U!CrKU9{YTtIz&kABWIR^C}%EkEDEo5KY+n0^;{4f=ubjD1W$9B%1jTm-k< z+c*V3jlLfK2>o2R2%Zn$y`6<$1V7T%_$GMKRBK;P!4ru819&3-eGi}Um)UpO#PVB) z{ciAS2U+|F!_OXJ_Qi1TZr1)%0dHd50Jq!J_*8g3`t#tcHZ%S8aJR!cy7q7{yl%0z zhv(p;jZD81zUV5`e+ieuzrY7$-*HpR-;I};eGmBbOO1DiuR6%$9|#XCG0uTk6dM=9 zSsNOc!RL21ZiH_m{gdDg?zi;Lfy?hRz7lS{*Z3Z|*A^Dv6Y$bqj90?%-fs4v!2|Cw z{uAzSi}7YMIqUqqM+XbP1H8Jg@t$xN`5g$a?QZ%J@YkCdm%#hAGcJewv^Q>nTRIw_ z0zZ3$`EwzBBIR=}-0MHqKktQCoM-$h-0ceEPvPu~jDLYECR_X5q?_fp^U=mT!AF%E zXTyz!uDN9mRTkCsOKrR!4-dJ__(<%Rooe$*J$&HV#^=C?o@IP9+!KBhZhp%2@51e$ zHvSo2hkoBp_|(NxWhuTKNzkpvH5ipe8Ijp{>^}w^))^TKJF;v zg>Vt}H^9GSn|>+W2(N|cSW(!W20 zZ>E3!1wVPAwU;hing2Tvw(z~+??3JA29$l_!Jioqg&*Wv;GXbZ@SVi>G<@=%mY+A^!?FJyUPXR> zgE#D8<=b@|%U|{A?ykOefV;p0;K$)H@PK#BzjAmq@wLF`z-Pc!w2v#{r%$%_b31$r z{3LuHzjyT}ye;kVbNEg4f598W-FsSonz+B|4Huvv0N;y#G<-1W9|r%1eg<6qx|Q!4 z@Tl?D|E`1Q!S})Mb6)HPco)LI55EF`2Y<|Y_^fTs{|AdL{>|Y&1FgJvhY#szJQz+5 zFdhdtU_S*u75h5)8Tcf)OMeT$5H5tThu0AQ{qRck&%x)z@50+*zaG8|e>U3A^7ngR zOK&^)TI{por5jrNJOsX<@9`DD*|d+_mmpKC2V1a7~*<#!3+tLq8x3GV}c!uP($z_sY7!c)*U!B@d& z!9QSs4gBy`)<5rnPk|qU_i1PPRq*v27_WmZ%unY9XE4`cry_%Q6RgRjH>0r(mE`_u3w z!oLG=4zGo8Ut<3K4bLS0Eq1c}Jx=_)!>94RfWGiB_+a=l-q$XKKg_lHpaMQ_u+i)k?`$@+x$`szsq@s6X3h< zw*1e78{jM8Y}(fn_$T~(96pWwyax9n{D<%*q_-A+o%7{?!k5Au?_&Aw!TND)WpTae zQ@bDCO<7!RTyFdC{o!t}80WylRu~t-tI?<61<#niL0R?(a_8H6?%#0LCB}>3*6WP# zB>Yt`Sop^Se%km=>_2L;_1zEfDtMFLmfm+M)9(zot2Q18udgu9hlkb}SHKdQ~zXTr# ze*vFA&FnkuX6YYFetNu_bG>3@SCKhk*5y)6BwQpO|T`;RuRf|oBgo)2$-i}4b;{g<{s z_$0jR&&F@Ut!s_HfO}A%?fY2z`@!46IiH&S7`S+~aTEOLyT%v5-@&)R^Wf*nZre+l}9cmwjaR zS^JnjKf&9=7sG?#&DNNGIXo5p@$fmHnSL>R_{YXC!F&8}ycV8?e#d<+{UYjjw6e@k zo$j;wU=sRGms|J-c-~Id9?ymM=xlr`{76sZyWqy{Hg@CRWAKdSHXpsHEa?ro*V20r z{Z$`Xd98(4uQTqtpZPoNL*w4?)NhOrgqN;1E{0cQUlWA?#PoCFt3Eb951#sy@y+nk zKaHOY!hdi4Nnro2@gISHt?`!G=5N*-<34aN(i<8u{*=I-2U~g7!8P#d@R&iSzXblF z%J?4m_X^{e;BN*Re*{k$Z~P0KS7_X|ulc)djB#)H3+#u$*N-#(1o-A0;~Mw~_$2t~ z9=1Na6uw|v+yB22UU8s3U$_tMRcQP)oHfdLCA{(2 z(KYZ;_yl+d!q12IVZZtc_|);{@9ppx*gp*)$^P!!@I8e80sa^J?Og_%|8F%}d_Cc@ z==;FG68;c4pZ)j(xF_iy2`?nSv*4%5-&yc6L4M%z*xw7ER%7-10(|dc<9Fc4sh^+V z-PnKcGRX3?i2e3m;7{0ZKM+2K{mmlyA@ieEZ-w8!$o8|&g8Q+*dIh{8_e;0J z9oN|W@DThd<+B358vYRemi_kc;G5x&gDpP~u>ai?K9>FEZ1@-UBSyl1Vm}$)g#GI2 z@I!<@9^N0G4_{39MesZDE%1Ey-yeieVt@Q)cN!19}jN_&xcQC|NLq=h5k|Z|*&&B?2_yX*|f>*(R!rQZdzS)76zo~F<_!r_I1b>cx6nq_gIJ`IZ zjqo!3`8V8^^#2Rrjs0!#E9}2N0zb$8`it;U?7zPaZ^G~Ad>q?b#eO;b4&%wY@HE1I2ls|M472>~%Jb2b;z~+ ze#d_P7Vv#=FL-y>tNXyCc)#dic*R&-pB2Krzp(MF626b|=OlO@`i1b8Tif&6#qd4c zzdZmiXMO%MyrhfSuZI8F$oPA>E5CQrVT9%H#(8!gwweH-o!uYtFPe}eP*-tJpQZ>C^wdaG&(cgV~dspFKDa+8lgx~M^9WHvp z_JcMaZTb7;B-?M=CBcIdT$teL2|hW&7s7K-wD@m?v+9lSfqTs|em>v^;eW9?-kymXQEk6JkEWZ5K>ec3^m67_8Q&r9&!;QbKnulvLHJ3oc*`^$J8JP-aGuK3;b8;!C2cKh478~gyg zJ={$EyTPCSY4+Lh{)}e_2YTWk3BQGX34BGCjb}%|zmZ-AoQJ*4_)YXD!}+9l z9=sa+Mev{4Uk|^I{toy~^bf&3;AQaM{Jz>sc*pN-y!#B^fcfGFc+VG2-+8Q+?@`^X zeQXCW)=HIs`@$!o&sEm`HQ4%JA>3_{@uBc9dmER*(+@J90dF(fcs9Ibl<}ExxBZPT zfJgKD7}vr>hME3Wcm=;#cRxIv@K3|{?`!t2z*iCeBly`|(|-w1&NKcVUQK)(jVt#84nJ4ALHS0FZ3nwX!2hPuO4ak&G6@x*J8b1_&vaP;l*Pt{5p6k`Tq?bO?`J9Z~6b6`sk)CL&55qHh%Ypm%{zvtKb}X zDm)p^h8y6y*VuSIS6RpVc0FBtTnMkoGQL(>+T#$uhjxdsxMPEpgm^r`uO)a*f`3f# zUkUD15Rbomf_F%8p9CL};L!;_G{H3qK0d)`BzR$huT1dG3BDu243M6o|oW73BEqT|4Z;a34T7o?k3!k5BNa2|iht5vRy? znq2>u>vXx!kn2pj&XVhFx#r1rj$G%;wNS3}g$P%sq<4lk0l9ZjkFnxfaWHlUz5;b&FiL%Jo0FZjr=TtlWUD!pUd@yTwludm0VxT^^IKL z%C%Omb#i?t*Lu0Wm+J?)ew6Dcxqg;Q{>^RcI#u-lk!!wO3;qvV^+V(N#r{9+|8FDz z-)SSgvQjy@xp^fesS$Z4xyAWKrTK*gsp_Vxs*H-7mW<;1s#zk>D@m2tq-v&BrK;*H zn&vdBt;j0MD-we0^1l6sq|4GINt>3Yv~ZPGUP@IJin4I{n7rK5R7F!&S&I&> z+FFr$-XaMjfxT#QOY_13qhLhd$f!pY`l_guV&bT%Vq)I|KbFW3U)qK@QDGJ3mQMBy z#<31q6;(|wsp{IYX*#}Y351%A!uq<*#tk)rv$1DV zS=LgPkR%gLk5}7dWmR=qYi&!auB9Ju-ewj=cEeqN2JT!&XPvX9q$6S2j3QA~YNct@X<`m_=uezZP+3!5jhBx7gmn&%(p2)2Q}nCIg^o%* z!1y%iq*6B1s_Ltn%4%zlt*UIPsSA2h>0w2A-t6Si_ea%Hi+5^mf3he`HB_`zwZvxJ zP~C>g%ZkS9c@FjsiUt0sbhJUFr!%o2e^Op?NzST5VooX|H~}9*836NWyapiQf`}U{R5JlBCZghh!)m={ZQfq(fPh z`lS4l{ETx#ToFbR7f12P!0V=>x`xWu+MqR-*T>qoD@17n)iw1sEqZ?zjMWu#vm+Ct z-g;zGSN5xs6?_AYNhutrD&>BvIVk^VVPTy^(x{iHgU%TWXZ9y5ZTb!6M^{w@G1T;{ z^iom^QxcEsQj#`71N6NApi$B<}c$i&0ek&L$Zq5g?H{ z^)@|+^)e`{*iR{uOk-Jihv<^^8?F;H*G$u!PMsJ-PF1u7bB>d>)+eKpyVaWNU_z}c zw~m>rh$h)kCY2h_yjFdwW*G-bQsa$xk;by7=141lrz%^+$y~gzt7)m3S>+dbB#iRj z*xHh+Y6xyem10e&x$2mdmnFqm9=$?oDVx?Wx@}gH%;LS&N@K08&b=lPioE&_Wl>dy zqR3@)AYK@;VvcqQCYFvaEY2@IER|m{vM|_y_vL7Jrseanin+S+pM9~CW4wH71GUArIBB(!tM$TGVn z)l}8eBpuQTBYXMFxg|G|m11&Cs~dm=Bd40xBz-(Jt+lMFtiDAz@j`8*4EpYtK9n?7 zsgrF)HY;XdSykRTEfwU!Vy&FkR92U&Z>UdI%i_B>Rn^qgAbm-rw@x1XB~2j`yCFK% z)X1QxyHW{3JcJo}0UKq)Dyxx!PJ>mu>I(iYFKezEG$16Ysw#Y{PF2)2PLHTg23iYW zFEd=KB`nM8RDEkLRa7m-Q(IG3uJfuhuFRa_>dI8}^oG`2t(LInWU{SH*|OP%b@NK_ zS4!H0#iR8f)D)metS*R3ht=dbjRS4^`kA zauh=~4MSDcH9^fgqUiMRI+?@ETV;V0#NyYT_F**Iy}Uo=4$cK=tt+o;a(yo*(C*t( zMN!M1vUFzj?r%ajHsFYx|M8(wHb0{BZES6pTUSj=rb}uka-}&o+%?-uN{yT2rPJ)1 zmG*Ost2q@Ej{FrCO>?TYfyUUZIl?t~eTo{#jLzuJB)iSQCI^$U94AVQmHHTD<+*r}i zk?3e+aq5ucyFD|So@V;a&W!sWw2Fe%@NxMCBiy5dhI*O$)YWvM+i{4=r5(r|Axkq? ztzHPy_ar*x1O=NAw@lael&aCz?Wt-qcw(|NN2D9Y!}`_eMXBO8Qfoup+9<=J_MC#0 z?nS!W9sUmUs0ztmXhdCGh`=>9YHlf`Xl1)QcerbxF4U-z{p2x;ZhJ}G22D-<8XIc0 z$sv)OvKUCC)}biUrYdV@rU}xms%C4K_kxKa-AW2NZY6?rtGZTgkzQOPNVjTksFjuZ zF|BU+@{A*ShA_t@GS_@eQ${N*c2{OnLMbtmInXZ|EyaF;WPD*ksjEo4`w-VdNm!ks zB&^3!5>#d=kOt)nz!%6ECUdVWsTdUH#mA% zBe&f;7Z;?QBD^J@+;~g|X)Hj{#`I2qRzs6HDbMHnmFrAVAj5Zk_^15kRz@PN?{zGT@^Ny33gLHm~f%Y0X1h6-U$+~$D<3fg#B>eWpRb*Z|B`j%-8byaRXT#%YpVa|r- z=Ss>Y8W#nnEqy#YRbL|+wKDCye?P3_@_zjWWR?#clu_P)NM`$i{bcV=a-&118)J3$ zH4Jksl@SzA*q~~38kTzo+NNNXvjBoTgOqV^f1HSwbIV zEc5@if>!(HR=o|f!jr!f35IP$dS}o!LMOz5P#=spu1RaWL4ytjK}(JVG~rMXwB1k; zG}`)liP3pkFGm2v)(}ACMRW&VpzYM%!||8hs0lPzwN^Gn!;8l%oMzP)jz0Q_FOQdO zQ`BhfPiwTgGzf+%{ky(uTAA)Bxh$x_>w$`4DF(F^REkzeqzuM0*`;=SY0)777jYow zsj!pDJZS~j8jO#vLEJOTYFn#P(gmGiv_~;Pt zwQcB>zniKwUQIzjZoxu@{9Rj7rmfHvwH0oNHmLW_>gC~9Rw_4VeBQWm`8m;EN^VYx zJaSI8=v{EO8bm0S;G+zzKK75J441xkU>s$T^|f+G=P-77$RzRIASVlVk{reMl1vip zCOJy%Cpnom4!4WsD6FGgZzCx;uedaSWPYw3Iw>j~m!F$2XPa!Q%B0a7hfH!;d%5Ft zWQ$GKmf6Il~GkgcCqy?vMa z>QqjPob@Pgm1!hZBHPDq(<~vM4_^*|w>Xc2!k5LN*>kO|IO9)Koh~?(~M5 z3W?Jdgd~&OP$!#Y&CSUWGQCS&`SsNeL1{YUNE$^D$;hq78VTJv6cmdbXmh*&iRAL? zE6N(1TXmne(hnOXB6>Z!_J1f{o})%54u|2KD%`!)a*V6e5^@2g`Sqp!xezm}Y8x7H zJvcLBarv4cuKeca)~cqQ`pOcir?T1t+gu2=WAn!5>n@wri)=Y~(qbKAYl6ZL6;*R` zrpa0_(q;&pW~0^T#ZW4vd2?6UHElSmfr_hU%IvOZ0=0!EqAeBR-{?hzryvRVX$O03Qw#$>)^1x2fAV5EnOJc zO&Tw$xGL=Rc8(;Tj$66u9Z1+FVzYugShE#wiFJwCEWvo>8gA5*d}*vTIlC&Bf~D?I zq~^|R_kPf5SP_HF_3jkf#G-K04w`B~*`%qgYAKTwH;jm`{L&q8VrvNUP$r5_+YZ^H&$_&j^3bJ9o-d>&=ZaJt zT&5UBnK6VDX7Vox@K2G+xX~Jn8gd_8rO!Lm(N-DD?Pet4WTxAa$2@7RPX>!QlUW^> zR;W%ZuTYb@#C)|^W@+NgzGf`9^srvZ`Q4E5IBH{s1$vI7+S@H~5;^1}`!e#JOHN*h zfubJga>Qa+72=F;k=qGe>6X>9c(Uh;&Qg7qttWX>N>CLv%d=beYE5VoJaKk{8ri^- zV{jUE@Z>5@ZYIR(2e8M{Y4)wnO*~&uQ@OQyA|~ykJT!~ht2_}^ZG%2uaaQ`LS7r{w zG9yzm*LX!kw?4&(6_pmI^ldSF zGfUEoMEX8fC@39WoR>2~j!D^K*sLOMib zw!^4adVoxX@*pSahbkKzWbf7W4~th?haY8tL73)@rQhOXF&QS!H4B3{5vHK4lTPLDq>x_#Nm4Y%^z;SWrFyYW?nI=fA%_8&1 zAw+VNOb$}%JytAqyme#iw{ES+pkJqt6{@8=SVaG`O(j*BHt6^fX~F+X;9 zf6@4Y7T|7R>SWM#TWL`Vn2D5Ca8xZQ8d2y5g|tdNG#Lxvd}F4LQn#k!j%7)r)w0Cn zMP4sP&!%kyIU|`lT|Mz-=O8l&j`Yc1qa~r*HXT!C=18?@(mR_*s2a_X*9Ya^LSwSi z{CZ%IysKFViQaD*o_-*Ni^d&1^#sy--M*C-x|%qNJFJ;Bv*liB=})fec(SeNgUE{5 zpcwj_u1bu3ol}-J$l^^u7@oWbCb~)TrC)t#N&_w+7mby){r~@Q8=5RI_(74aw}-1TL*c&c4>l z;o{T?+g2G)H_aqY70aD$rMA*Qn?s~=y#`3i55 z<%#_zRw#}wjXYPQ={hitKeG*`;d9$SlGZ%~g;tE)QLfh#)<@ zRc`(R495v4h(Az96y?$h+zV0?zaA*4X_1=(C$*1U=%3`MzbPa){o@hD@}~i+Dy#ZC z*J8c|Qkg4)tVhP_ewul;_tlHgI`NR($?Gd*cSx7^0dbTR)ZEAueUD@z>k*l&=8GGu zkr`)}%nDJ-YY{cu=9cQ~W9>^N8T=AaJiB3!)BufXQRtb(lvksAazq|yg|)AFO!W&k zA87?n7|1MJu_go97OlRAY>X$uWNXnf!iV5_@5rSZU$4>Z% z;&4X6OxRloicrWItJDjtb&?@U75h;t`=Q)hY7(p5rpQY@F5+;vVZ>-x2(mM)uLp*t z+Y2FZ$SKZll`~@WOoCg0**@jVvCz`O;=^L^iH=A}UATnIa-UyPG%n|`(!9x~K~;JZ z3l>=fLD)4(706MZC|FEN(3mV4-0sn$T^RSM%EP3+tC&Vxn2#vQDUyS)a>`Qo0a~exc6mq0Yw_T-b41(=Rhf=#EMw<%v#VFDCeMzkGXI5D2 zce)G>4|&w`B7t}u+|{UWVFpwlwoFk3Ei3rb8kJDSmX17@V63gHL0CTem&W7TwbSU! zn(9v259DvZ2%}C>k`wC{AyO+SBkz3yc_@?vZt`~Hh*Wu1gAOkxp`cQpxy7)$!c}Q# zU@wn&CUPF8zPULbY-U|N)>$?6y7{7^@+rHtvXdD!Sb6=< z-SB8&c5mIEZdXPBa`(r<*CN=(4CL{M)Kd3DWrdrrh^k(qtZgWlH|J^_8fI7x6}oWd zr0n|X8A(lowqvg=`4KdhwM;LcBjY_8%iLt-y&mx>?n=DPn1vRFK5Nyo(LF^?I%p?( zxiWY%R}GRfb{x)Dj$(6?lVmEgP!Tp^U*dHdC(e|iP!W&8&yh0;o3fC!a+;!z3o((p zS=QLdc3({8NO$)jaFOO29QL@ z7A2%^AQeSItT{@`Fiqu6PL0SZ&GBB_aC-~(&_6FXlRizSxyc;LY0~Unvv8*hyaZe| z2SWF*4+j~75ln1Hjcjyh>%$olneNsEFmgt>y~-fI+>yXzeRyPb~O`Q4~U7nTg09@eR=}IztND5ot-mW(NxxeY-le zbBg9FUFZ8Udv{$2p@dvsjFy`v7UVEc!l0INo~3a+*?So|uO+@yn@}hB`UgnsV7l>h&2I^Oin7OjXP2&xDPZ zlx$bZ8Y339e&sH6#M8^%Yg<*pq$clT_|tn1FU)IkeU)6DHhHJKWN$=!Q6WX>(jgE>Lf zS{Lz_5=eE)7tgEOrsq|q@!YFK-dOPpTP2yw+R4+4IxbF?$)`2ybqy-xfF2UBlJ!0L zi58;4N=`=|Inyp5T?mIYcU-_;T$5l%@*bpXrYGI)rc>(FE=pqnTzg4wJ^4z6`M|8fKT(xdFtMB3j>+R zy``FvNd#W<+F<_Qm9AQ5EH|b!bFWP+zjW0|$6tGYB~hbk(Y0xrj8ZlW(q5=&puq1XL6Y|ohwG+8&YU1 ztT06Jxot zh#R;&jhIPsPQi${AQ4B2Y!K$fEbI-h3?dnn<>eV&Ohq1=vDT6&lZ?tHsXhYnrBXuS zbLN;P*icPmCKM+;4&-UM_Y`deNh^&YhoSjpKLABrxCW-^Wq1);G&4urz^5E+W~%tR*NoIF#Ks>tjk znzjOE_EiIA^j8)C;B#`wj%7%f4|;+=y&5#uNZ%ww-Fzq5spF zu>VJW$IilpIoEZUSHBLu8d8qcCW3@XtnSpruQKI$O{pYV4o;Rfr#flIIaM`GY_ZG) zlU*WHp*Z1rAWzGrr)VQcTBd^_$;=1xOj!0OaVI1x-HQ~N-otTIqAgk_ z^3*azU|l*&l(t^6&vBSN3b#2Y!9$c+Fx;&|n#{|ITaW5|;~mabA5`wXL~5C+ttoFR z(=RXux?s_Ssb$i4N$RxDSmn2NxJ7{SU zxED*(pM=Pw`|tXtQ;5>z9FrTgQ-o{9_Q4kmkD zoukT}ZS@p7`PfJijfW~r9t~D!R37Eh-W>C4N`8t=znhbiSF&uI)f2Ga18pRwF2NB1F7O!;S z;d5leyR>1fe%B#SI5)p&wB$iQ6y#nJk|*EpVRl?)6JuJ4XyYtl9(&%B(AlPULTLMH zabd8@k&xQ%SzM@7iFaTkuH?2lA)Kj?>fDd7B#J?IIoeQ#rRbHK?PYlNOf>lVQ`{ndFWir3E%|6gCL1S{w2uVU`faVoEDsjQr@wkBEPSO&ftHlVcp*Bzp32gbWNt5IPdb zWWII#H&HlVzp+eURui^Y1nzM~6ecm|V3Zs*M4TKJMC1<%A;yLSk;b#@c?#i;0uhUd|L<1+cQ5>J05gKC7pi&v$wSxW`gvMFh$rfbn5{fgwdSHO9P z35qbusq&_V8Sboyrlk+c+_(0^c`PQd}ffjeey{UV8RBO(JZD zh~s0Rv)9fSUowRC;8Ypv!O1h!gUZ{e2UBIL2i3Gu530&k4=T@G52|Ua9#og99s+rW z;!;)SdWbY_)k9>Fh`6S?Szo!%I2gz4M^_egWx>J9pdDn$Um!}BmhE;qtv^vCPMepI zCnu$5caAqaKJT?}$zx*BG)ZhMbfUCD(@EolrilEdtTw|ylvpVws!=hS^=RSk#*b*} z?J%uU=~Ic;hBUpW#T8!KCGr)Rk<&fo zItXF~Xy;In0!UVr!qgn-_lkq)^-~dXil-QSN+M|!mMk&KM=PQ%`ZC`O{kBEYmHtuQ z!(dS_LX_rH)O|vWwB*y0il-D7xx_HrOF%zI=1Qlznc}UgsBD&BkyoKC>i8K*C0)4M zJQn=!VIZ~HEGccACGSAUF)lsKDZy(htIDE;je-geD5z7%Vc9tfGf-Da)2geKU(e8( zB(Csf1Eqa2689jA#(STS@)A@rrG0$=10Nh?TqfQ|K` zgZ9~tSv=pvO25w`MP$!nQ}PNO@|s5ZMHBaN3C)gsWh?a3NLpjip`9S~%~9x_uDlX; zAPWggC0bF)U+%*dE;0E#SWJlA{Xh=#fqf}eSvT3&DOE9RdQDSpV?%>Jc9~q7C%;KK z!o3ePu_R|y@YRJ33U|+%Zts@PBlC+&bonH`HvCf;ky$DE;kmqGd5o!N?t@oU<1&pm zE^$%%BKyK+OyV{=V-nkYh>6@yaD)CBLV?Up@np1TWT*HRTr5=5A$x~CX5v=tiTEVD z*(sNp9ej!faLPntB@>627Uu;e9+(GG--|%z3TCwYqDodu{~Lb<5J}vvV~Do44pAEz zyXQ{Es@eT*OXl!T_i(^b@aQ3bM4tEaI{J)RA0~TW*04&*pwR4O5W5_WEgn8Fl~Yul zH(_|;h~U+bgiymLM2WEM97aa&<#7)^d-+9a_oA`6Yc_!_N-2=U1LhT!rnxDWfjAaC z5T?ZtbJjw8?jndn<&MtF9a|zl3+*`^%EA;wNfc0i_A!~!KokZG1hG(h7w9D>HY)MM zC`Uo$)t-V}@5LHdrjalV7>S~=rTG$hsh=E@Fcj{9~7sEh5hFlq#$B)SE z7sVle2X4rpLBg&?_uTwJaMzZh|*q+Fp6bp>>XIR-08`ilDr8MrKtvEYC&eDE0oNtc$^ZIelk(!N4I-Hj)Ra1Z7kM=E*@>B$eb(| zg_FbsmK2SZQ9t2^31dM`lomEWrN2fmJB4nd4hu)DO(QGE44U-h^4+RZ-aeMiK&gzN zJX}0UKk{vih#N6|#)UdDWscLfo#NKE6Xd0?=j@V2<76?9oWu&IPzIH};=GYTppadF zkesoeM|9mtwt=$rHwBEs{o7CyJiJZ_!pGO4TsnvskGF9`pX8Xi31VKm=U8eM{8m@=H%Z97hRWQ6OaIU( z5SE%g2uJG)EOhkuHbxg{!Ab&(#!Bj07|0lJ4<3oSwPL}zZQw|>2CbZi86C&#aT1Gm`2FDwn z5dts!NWy5~cpN3AIi(YW`++bbq_LpLyx_&-!~;J;Cx`+$jO+{L1|)AnrV5WVUPT~G zt7_z4x=1oqa->O*IAit31H|h#U6-iXgaOYiU7?~1%La}LM@lBYV5EFD%soPMVFFPY zC=kR#P0W*@ILOe6#5hoSc@Ly%r5Y&W>AM&*lxtv38PZM@(s;+opp3dr24$jblNNsA z20Fi>oagBU#e^4>ue)(`g*RO`6!ckQOcO5*XDm6+mWQm=M@f-)KSDCd zVj-PXJYc-nYl;*5k*v~r$% zlB_t!6$UFf=aDB3!+SC>xSZUUF|#<9A3cn1!YFVk^1~L48YiP*=6SC~?%^Y?*K0jR zTF3QtUUT)N8M<#=n>iu6cDxg(2aFGqne~aToWaQN&7RsT%dljk!Yr$(sA`nop08?d zl%J88ooi1et1kE5l-8Dp>S|A+-+rpF;nIG>&DFgpt#7EWkQ=3>Sl?4<)g_kBy=HEU zVNVdOgq=uZmrYwQX(zFG>}hUfryubM7C-L3GUdBr64|q=sdS%>ws3l$DQ4AF8|!uQ zb74|6?wt*HI?;s+ey}kBH=5ZYvOpwH=jDfBZKKc0EPv(eOeQ0 zuBxw;40tnAAn_)fP!!H8dYe~QHal`8IH>OmNsnmQPhe$BYxNqx)Oo6TW`%rcp0-_- zS0G=Tmc2)LThSGbC(x~X$rX}2;UW! z!{zUGJZcgh;0Y+$5p^6L=n2sFP6P6d-IkAAw?$6IWsw(=+_@Vm%Juy=o!I!HJ55No zOTAwlG06_H^#bYJ4ucac z&)vgF-P;iE(_ijcWK=pX+iCg8=$IU9Yg6tH*TwT8=II&H7T~$%8br>-$w`sRW>HRl zahjrdTv8-=R-VY+h=tkKd$4#7t0Y4$J8>KNLzkWz6lpcC@-}N7Wu}@pRpxa5&laG8 zldT|-`7I%owb>e+MY3f(p?6p^R>T>bg@$OW$ppF#%?4HGQb;r(waw6kLUE>M6e(j( zDHMmzDV&KktKRTxLs!_U4C75Iknw{L);tlWH?mL>%X298o0kbQwXIN-Xjp+fL)`z= zq%4@%o+1H_$rB{2KcmX_ro*yyZFNYdHb`i%0V2tmvkWcF%vBL@UZFfgSws!Xtm3W8 zlO>vzuL;_dCkq=>TqX~74)q&_G`e}Ga@o0b1l)m$2ofpuvX59jJ)3?BdrdJvNg}PHV1m!)+C&^CAa&gLGH2UQSi|w zQmJh-DR|dZGVaaAERO6#d*f{PJ=PDJG8_1A_e1QLvcR72;3x`6&ta2lW1xah+ADQ$ z1x;QH)_VVRz^N3%L6r%Sz|KB)C{_rzT6HeEak9Jkp-VLmGDUrq9g9_ng%MziUqCr} zTo8@sFRyp0JlsW*1HK_Pp_~N z>i{gl9AShmrq??^ZE|P{%^-HYDl>XHUZHlsaeZ%{qhd=$=ipscTo@=mxKQ8|^jI z7cjp0W?7LT!P5=wUqW~XFW=ZDTaSoXmv5ks(81XJtMV?mvjx)x1+kr_nvdE|X>xXR zzaw8E))C8?vrz?s5)6aYuh6WSKZS1 zt84{Ad)_V5mKSrFJfdoWi3_*vV-%?4p!1pSfmMIsXIG7+A3KU_A2-2@OG|k(**!mp z4I3OrlupjEZ?J3g-c-pLqc_;X`@qA*+9nDV)wuwrg1vzmQt9S2-U6%s0%<++{dg$8 zwqb&`;EjNSHbTDPBnN6oIo1b94rcETCBJT(hvuem(jyx`vUOpZ|0eAJBzg{H=(~nC zq@`f-oZI2aBpqN`?kAX=$E*htkwmItBye1KseW%%{0DJXZ^5xf0IKpFNV0^S4r7|} zh^lua9+Z3Pggd$=gg&~?ZM*a}&ZuuACC(^SN*iv)Q^*+Jkj3cSVPlR#@J6C-@>)=! zn{@%uTLEq$e`vPec=qZuIJznzrts;-nbF-fE(LCna+nBh8v#DHf z&5$a}6Gwfxkhkhg z{D1qp`+4A}fYo1tl3xzHMeW&JkOFB4RYn76IbU{9PN3r8t1T1ZSQK0fCYix!@=lL` zhd~~h_@f?(F3Fr79v_96t#nD;N=?E~EGC{@`EaO;a6rCfv=S#t^C@=d=r|M>3!0=|Ym&>hAD9Bf1v>P&fK}Hx0(d*Dg^Jk( z(s3oLrIuz#Dz0etz8P_}Tnny7X744Dmy_}sG#!aI-6c3Z#MarqE{>JYxD!wT8?mZ8 z-BPGvoOzu}UOlI5c3e!2w}n`<^3F@;iS0>E*TC`*dqf#WxlrC&PNqM8?#SyuCb((F z`(K2GOpbRCVA+W;5yrj;{5Plv+hA6wc`k!q@cE=vY$C9XIgppY5SO4L?f2haJfGZ5 z*EiA;VMOq7);$dyqEvBi-Xa)U2$=qh6)&8AXNnYSo&3V0nC7bdZLS_cZkQ;xqA(j% zYO}mk)z>dhm~R1yIEHTNe+Qbq;pF@QEed-Xu(wKvl2CfgoV;P#0B+AwV~*u93(BO7 z(~l)`xm5NdewYlt6)*Bay7xCM*P@$F$|L>JVc?W#J(U!-3oPE%6sZa z0y4{35(e}x5k?Xdz*jb^!}q% z&mK($Te|JD1FTD%F~bmD+^yq+z%p#e)r=d4#9}}$j2twHP_kAavrL@}_HUl}CJwi9 zqW9Ogb^Q8FeZJh$-OEuE@o`rdgMsq7QD6JGt4Jd$`PcPf^1x(3@&Q-%0Y@7HGPg47 zkONt|hHSq{CeSLAjwC^smEnU!NsR?vB^GqFu^`gQXkw8BRVkf_>_2(_a)>ABv3Um_ z58bCd6CiB_s<@!YDxd?eV_UMRICc zJ=xW~;K(Hz_AX=AzkR=d`15{pePs5TjN7gxS>slb}@oOneO3! z))5$uEI_%G0gVzPAsIdliFgwd+Fj(dy*zCSS_nh8P??g)^^|@d@tCe+BZAf|+*uld zED@DWttKQg2GIB3tfrTkf$k9LyeW&XjHqtnbJl@_M>--G4*Xxg}mT8F!RQyQ-g6Y51QId zcB-h1Fvvg_iRnQ@%$Ktdlfy5(1%7Vpj1DXHGc&SasiUjN^@O{%B_-ot6*CmIF=MvV zg_GQYU={pWh$KXaym;7(z!|Yxy1IO%jP87OA|Pt{`Zurol|+-jaWLg7OK4gbF9dT4 z?q=_-8-p%6!MgG^gzF87j^>)~9jePhEoSwF(Pn7K7`~fe6V$}$7X}hy6Vd-avHNSEWtfUWbvlzfEL^+AnP+X%Ml&p@W`6pUnw0<1)C zSa)SY4j$Ds5%Sqc+>)p<)yY7F-WD56#&1)!g`*-f^WWifycA2jKmj(T*|!YPyM)yk zDm{Y=f(j4wr>IhPyQ#7}ftl;aI}t~xJeHXIm0fN8Mm}V$WJd-)O&N-$WvoqM?9n%! zZUMWVx8mOY7NF^a3tFOC5SB*MP#Q{f$vv3+#L~N=op-G_ zO=rnN@xC$fVPJu4bIF`DJ9}XDVI;QDh{(<}K5*ygarN+5*q_ThOv9=a1lr%_DJpFufeEd0mPTnmZW1F$iV{@?rwozH#;e{P2-T=gT@nrAxv$`LY zE)JeX2(ZD_QMlw`m$Q{H^aA!qIKBI`At}gFp#-t#gY4=!M?;wiovd*XmDtN^bH@5) zF*&A=p13q^Np9SMxY_1;7O`6EI)}rCs?zp zq8n@pp_6d&DugDJYpiT&FRaYzTs(A_oi-OI%*WXTS$sHzHqwUC#0?ExSZ}JI2jMN+ zg|gKv>bE@AEkXr9Vs|^SwT16JcTMqRm-8Ca4WTb{n;nAW#_(uTo!$%30NHS`!$|_v z;UqVr`mAAK+_?>4JW!rJeE0Pn+WOdIuA&O;Gyjg+rV#@fKD&tRp;1qqk7*&Yl`7j? z9W`Z3iCWH@0-|C(^Kta<~MGOnp8ctSC*e((A!h&s5V) z*N0dMuW;4i3Y7W}^T`XM191Xdd4iHatehKfbXOmAC1wmLT4|?z=O81jdJ3fV_~qdI zW6=jw7SpSvEh~DEXBcUJV3i-W)W@=9N3Dopf1~wqLF|}ky}`W%Z0J<@E*ci4YE5MReJq>V>*(+to!#z_Iqqgf8M>B~n)LJ!{)?7=`4cuHOgVaud$J zN*}Aa0%dW!lWQ@#Y4vGhhBk`irnK*-kC)yvN>E#xO;v@scA%37c1ZnvtOP}(E2rAl zena6?!FldeS!P6nfFu^Hr{XmF5+yX_J+@-sC~Taa$(mFiiiiL1f!5 zBT@yMEqod@aapznlKBS7THkCQXE><#Y|_jR_ef3;{kESx7xa(O3N=cuHENVx$KFJ) zH7)|J(v)wam5P~l|6K9zQDhz0}Lk}-^nsiW^glbmh&y85=wn2nSj~x@nPrdJ6VbmDs zLPQVt>?Rhc^t>hD>mklZNm|T)GO=y@ciL)>)yDkC{NFR=@z6b+hFMd7$uzSfTa7TA z)6}z%j`t7p>c}r9=edVjEa6nZ(^&z$y~>NzEnYI;`D*q%P;;yTy`v^5F_n;!#;w3kkENWB^Ho?k#FPLj?aCf91 zlL}UHwIDTLeOtw@TY2;wj0w7bEp%QKLRl6Ja#R;UHbVl7C66!XF)CO$6j3)J? z=ogoGc!$ONNGS?UcSZSifS{{Hp$jPWR%Ao1z=Zw|r`Sm}JDo1HfQGr0DQzYdN-lp7 zw2fcRCi*Io?+IZsyyQ(&9Zl)TM2-$4~YJJxQRQO7D!dP>?FoXre)h#YVLUn9kS0cSmRR)`x z9&PR}xce?LZh+=)pUx5*9W|u0^J5rq)pOqQfR;%pc*^0*j1=QJq|IuDff4h`Xq8(S zYziH5E0QH7k2;-qkR-m;xt=b)vs)g$w2$av*ZB{Wf><+W5NDhLV0h2{=k*^I-az=sFKI3 z$8xh;;t&Zz;mD{~rc#)ws;CjG+vta?G*QNjne{vEfi!-$WH!C{2EZUUjW(8#q$r<9 z{cOu&`tk$1F55`)92u2pr{p7^^0c8%u63Q#i7-cUroi6Rrzwxw@a{-#PnXKCwn)WUNu4YSmVv}4wvdzc~l zaeBc!kg8QZ75CsC%51tJG8b1(p*G|kSF_+@5lR`|@DtDZJtQvi^n6+$^bF0qY(UJN z_<)#8sUfyqYC~$;Y(v>n5-3vK0vTp9@n!L&Nn!BwmvqjH`26Q_5!^MzEcS5FxJV_tFWO zx69a!HD_Lu8Io#|0j1`IGu0M{IN^%U)1cuB({Y=HG;z%RT-`&%SDBQhvLu|GgOx_J zT&+u0r8D=8*fHiE^*CI9Msc}l1A>07na&y<fpztkz;4wRlsuLOR#$06hG$7co0WA1Yz{Mj#O?o-dn1c8dMV|bwmpQ~aY7!V z+?KlRtE(>bhio3pS_PAyz>t>qTvPIfUf6BxcDg4fGk5#6Wrl!DHn`n`bi^dbfYdRS zJ5QX7!5mGQ5mdqeY#Hmg$J&qJ^8ShIv#PJ~csq29?busI4O+5%5ms5*5Q#U#yHkZT zQ7mCBNL#;&n&&?QzyI8zm%hS?p~oywa~jc zUc-z+r01qh5*TTBf`{#kaJ%`%#u?$^Gi`d+W;?^PlZi){51Oi&x7t$cYT(os2l%9( zgRD2pB~FjA0xUaz9yCWXEIjb?g7P|?;0wf!j$*ei5YAmRMTtCZ_UvM9Q@1e^(&_gq z%qHum*pLldVHRFSnqIpnl%BgMlx=Ge23yR))DC!zNby+;2x)uRI0f|a2*zy!a;Na) z1yjg^u=K&*&mjO&VrFr76L4i~!foMp=t{I`vcFAU?@abS!lVg|7MvcQ;rYnP`QPK| zwBNUp)n#uZS{G~7uczM*YzZj$`@@6J`~JX{3C9x`=etM8UuZGVr#IrvcnvM13g#c> z30%7^%gi-(xF-`sDAYH=>V?{(;x~Xy%@CbzqPXs#A)H{?sdIH#aePd}O{PsA*6Z8J zv)^8$gz?G(##h>Z)1xFtLJMtq2}l5J{9JxtZ*ZDcIfGCPE_9^Ukk5cv4K;Kmv+ve| zZVBQ=A3khCyx1nFu@}*bo6qJiux*kI7md+>l>kZTY!!7f?k}aVJ%}=JzgRKwFqU-B z-klLSWFKV7Ra4qgf_QW3&-wJbUDs>F#hhlc#tZ`smX>h;iyZo8(m~u-D8*P)8`Sa_ zL1ChSYB^T>yb9|obSrO5moZen)@g25wTsVSwu!r#~$+{qmC1C>t)Q(pS7Jg z5;-1^M3L|VItR?b^zc_J(luytAhiR(gIHGbh~%GbX0C6hP^OveLwUy5oaQCLE8G^) z9C8YK#d=u=!wz%;o=m1Y3j+?0zJ574-Nhr#2`uIq3R~EiA@Jb-$C9J}ZQHW94{{{h0=%p_GhX-q|C}Y$Gs{1DgTJME4<@ zx2vA^xWc1O6!Ji$h_M#+=ue#Wr+=O~|DObcg#pmf9|WO6YvB>Nu~}EDMfs z#9U=;@XyC}a7U1Ys?6omOdZ;N4`$Q)UIua&RQi_V!~F4#kHG2qJRzDitX8}=BR7;v zFb#u6nd*tJG|!-gDmol21b0D@53VB8X$LpOiQ6W2*j14A^ap0h=KMLi=xIEW|};r0X<^WavJ7|HxGDE3!~mG_Nq$cIi0~$2BY1Q+ZN)MW$(*}y9?;! zUeToAH;&Y|k!)=|ems4~nJKe7wkX)rv8X@kVurv;^J8Fx@C zx_-EW6++RkamF!Uy|QoQ8TW+D#YnRH)PRUEtEVr;UYu`>^Ja04x`-r@c8l)p{$X`T zL#+vdwcHIX6|$B%$|yCCNsbjobz+nqLpejF#(nwlXC!lt;~^~VES2kj!g@zdQ*m0F z=uBbL*#<(S27=X8UsQyGVU3pF_Lmn1jrL|nYr2IBm2LqI%)0(}ht+mi0ZZ3kkQg#- zjKL`k*SMFkxNpsgor}9=Mm5~)3A6yFn0A^u|4Td$xG!@nyYX6}J;JEgG)85=VU1vn ziq^_dL+E_AB{V0Xm%>IT>(#(d8_t3C^z+%CDbsoPMPH+&8pA?XOnRx<)WPjQi)BkY zonOuu7|UXH%bF3OpVuM-tk`PK4Fr z4BJWC6tX>AbSDCaE z*q{{MMFArsE%jg@0D*b5aQPfDv-+lmzIj#!<(Pmhv3oHL22}~RG8N^TPV*p=^soz~ zf_pN-{wvKyVa~$|*dFYNp2L!@<21CCTbGyxemRMmRK;*t@?bZ6&2zHC=CiKDe;n+e z!?s!q$teTDhr6$aSQy$Wa*w`#{+xtGYcKTH#$bVEf@t^M=NyrO4T3%6v*t&82b0~S zKT=@0oz=QJ`uXeU15sV#&;K~dQTST=uM*R*M~682I@|p`5cTzZuam}mtOK@hhi8XK z=m2*ky(J*ov&t3oktMw; zCFda?Gk{vnA30|r;^gx#-Z%flnh^&ftL|=sm!GmgiUh7?ycENe?|a(iJoO z6{M!MK_i9-dwOdMC9kI`O{T)AK)U5hp3=%5)bm>LdF$e-gtU z+VE@uj7&I!O>pr$`a50(*+1CV^OIlCc0YKlY!{0RCnKJ1429xq-7uk_PT#$n?4D>( zm|m;<-SNJ6B!;0q@v*1u4G?zxhDhgi@8iMVr?anL5+i!5P8g7q+X|3f-CoT*Vc609 z6djrYpU!Jw+a5Jzx(W^9oc?iw#W*am^5M~jI0BuWeA>klyI})%*g@R?c1ZX8PY>R^ zbB-5+r+AqF{i7jzMq0fNjY1_%U5@uuVj^Isg)-Oa=cqnnI>uH3ck~%U0dP^>yhXmE zb8V2blXvJsymq+1vy)mV1!@9gjA8WNYo7B+{j>`b)%n}u9$ujFyb~+y^zQlB)9k&z zYVXmDcZkhd-U=>GDfNV_y!Pt=jdEjM#k`OSWqZY}0pcyP2J{EO8mx3;E-BizTRx32 z;_092w>v$!GH1EJR3jzCo{H(=^6pC}G^xewAl~gW zvH5krhAk5s5B*zx5v~4>iB?+ctBpeKXcePG>>h*gH0c^lt&{d5K|JE%Jlmc-$Yk^A zh`%wY)O6i{H^|ko#=VY=J(Z`XrX69?WmF~;)Ic>;S~$vr=ul!Ht?z;+&+Iizu-OcL z1*kPka~*JB8st)R(Z41a^kI{$6&5LnwUf#02B+~wm024z zvzxrj16SJP0eegQ*-&A&R-2^U5L!bn+!vb#w#4tb<2Ak0^NeFChe$97lOJxtO07_= zzjdSEo!Bfx)Ts%3tJB~4rEQqrU{e|UwJ@}N2fIXbZZAGQ!4oA$-AeEWj&xcP%#LYu zp~Geu*iq^*+i%7e>lO-PvW0@J!2#uZ^?>bJ-+NoEam;>)eJt*NcELKMX(3||hg{;6?NE)9wD&$Ldx7mA+9T+^;n)*;5-`|C zp?{5$AD|91D)Dam9jYi-@HtG$SlK*WKJF|ZWDTf`gwP$(2jPoix+~mw9LrQ^87mAU z{n8&Z+tPsDH5>z=PUsb)u^9Rm<|v67{~yaCGtOPM=DOm&#=D-|Ggt+UCW%v^HPnQL zabM!Z5?zruB7coeQEw==gXsC*P-+o2u*Y35nheF&mgkH{r9xt?PXDsn_S~pR zrK`-e(M~-Wa9X@IHHEeY6y@^{~s^JM^VHk|iOB^@gd=?t9-2L~q z?NA+`3zzjQxn?=95ptt)0xRu*!_*>gLEsQFcUqWD48rtQs9OoM;fP%#;(WsayXVO5 zIijRW(RDKojgijdUni90X0Yz)O?_(w4{Mu~n~}PR8y%=KwHv1kX*h}$Qa>UWf+}(v zkXypoc-(W0`btBgm9s*S?(F7~Rx_Mcb*hx;dSWWOnW%+ji>nRc%|1TdS0r_J-CTsBvxn(` zb2Y!li=FA{p}ugQ-{+J00+u7^g2W+u0pf&ov2#&1#N_C< zUWJw2PHojd2X3gZQ@|8BR6Iu%5@0`f%zJ=UA)zvcLP9~>WV_daLPBBh6cP%a6cQ>H z3JC=+^KFEl)0Sb_`4+<9A2NekI10qGk zK*uW4`&s%6t=B$iJla7<1G)A=k3svOfp|vYP}M#VN27f}LTK1kTnhtJTT z;2EF5s(nCb(mrsfYaf^^X&(r1?SuM_F8_l!0aqfZ+6RfNXdfi3bQ10{x(7P3j0n!E zeNYjvWSI$2)jr6ap?y%X5$%IYg#HoE0;@Y~BUCiB5jrHa5n4EDBUD0@`Zt5IOqo!+ zI=Yf7f)sii0X;G2WunzVsFS!YBwpCx?uo=Eq*lM7X5*+y2GB?`7X+@McNGqba+SG@jq7^|t zyh^H&9xv7u`oKAOG(iGuTXeRIkWa{}@}*{}{}6TZCma zn`6r~UynAVy$~&|xddrQ+<}yjGGjq;c&po+*t12PutU7UPHtR( zF+(4`MrP(u%#FRY0^l(R-16f_*)2Y8124W{O$ZyQaM^YtKH^~AyLvEYpa*EA$ZeqezfSxvJap`$95DFYJWm{%qo>>L%rpu)s4s?nV;9(lCkQ}ng z2d8;fVD3*~<4=g&C12tW>&9Y>IJm>2XpX1`PD9F9Q{5AFz`{3PKBrNnz|0;lw>sDI z0Zab)ws)G{We?n8&r|lMcX20sQ2%>k(+q;R2Wv)n%AK#U`|a|eobJ7>An(CXVD(`> z4Q;5^0tGyK{`%QS6=M6UTj@{K-qN-w$p6y5Zrq~eUNCk~D~=800mfU7J1gvS_sqa{ zNE{I28s(6HlZGVa)$<*X3AT0>2_lF?>*A@4^f@xixJRBO^9E;@HwIAwOVSvd2~751 zFLaKwM*GtJ`O;Yzr0uMAiCwqSo0ck=yY34sohK6@JenG1C81|#4va7_t|w?;5VyF7 zGM>J^qkEh~WlTqzYr3qnET484nob&7#V^}<`H)E-f@(eZh?c`oT$Yo4A91V60L8B# zxX?jcBKTEHvEM3ciDw)|RaXHjD>)nb)rR-}3EV8M(DwMHXK3)Txv!uEmXBbEL`i{x732{u zGFx!>>&asJ%HNfPjQh2j^2H}joAD7~glpm)z*V*@JkS^%hz>7I_80%%mOMN}lr%;U2&jHI7& zxXAz6{Z&VfuwJr1znY?#Io;gP!87F%@B}?S@)MJ+N7Sgvnt}2Nv^vG>b?}Gny$Il7^3bUuYxG+&vZ<#^bEp;b0`?{ByzpM z(~T6ke#8^3E7Tc%;)z-NTA`l~Igbyp2f$<4>4o|NR5KV^h4b+N^#SG^An5W222Sw9 zXJh?GrW*y^K4310%6zZK@t}(X^URkw7&Blf0{J<+#VixzXSeQscI!DY<6Uj!*6eou z7rL`6r(ewszM4P4JMO{DO2(BQgM}N1mZ)Ydzl zC_Xl;1g}wxV75mjnz4AenoW7&JbyHKcd~7P3|c_p22tR%BfHEpMsmHx zCHbobLJN>>I_wPub_eC}pNukcw#Do`zM`xa)rHvA0RCx%krfvIHjxEjsfO0t4{C{E z4l)1J##H3g#Xa)Jln4In`LkEg=(wLfa`ZwNQ3m+_aj`+Qs&8arOt&Ya0pfN#jTexe z*|x^yg^!lDRRx{)MG{)1fX4^U z#nykVQAYo@zkB-k!y~@Vdv=8J_7X*7Z=F0|B2oT{+JX-ADvHr6^XxAeW?4T%g`bU? zEj=zDSUu7h8<6L6gE<>ZS2hRHH^Al%JNe1ykGp3dC;T%2_m01upr9X&Q+2UnM`d-l zaTb}r`jD+j%)Gxl*Z%SD=g*Vf(+}uuE+*pyYAB+!f<0qf@p8^|2@M$Z0bBqV6YO*# z1G8~iLS!$7C<$Qd)&h)MMVvQ6L>@*Eh$2*2U}lGbYt`DMeT-tckY!L&M}i14x}KE( zv%$)R25MmEktKYT06V{`aGOfbZ`Y=z&q}5s$r|SNNJ$RdDgAQo&?(AUq zbnhdM$WJEk(V8@^A0^!2HVx~2US^CgKDg4*de(m7#9(^4d3>^k8h5A`5*A@h!Hw>5&Eae@4w^UlTTReFe+n@aazmZ_ z#8^P6-c8nbcn%{(6bjVVIcxVN62`+Bh0yHRI7Ld4u%L`7Rp;k!dVkI3jls|qzJZ;o zaB2aIq1CKkc@ezr-I#Seu3?oLQjF1auP|yp`QR7Oj75@BU@~Orf?50JcK^lgbabZ; zy||tJvZEKb)1mj+_%Cj!BfbqCZU_3JH#U|#IsqA5w2uDC2!U-sI_VLz_af@P8#22G zL`?nVD1m~v5q8EY9+>&EzARPV+D$oFyTRT^G@R10(FeflW8%%M?8AB{KN%2Q7AAdH z7pv03G$==bpm%tItxRd}zW&*wbbmSC$GrIjubM%J5GoKSe@xz=9)H16{K31g?@=x9 zF;$~sK28#K$CVg&yF}Br7yew&pO{^|mp@Gr8!jkszpXCh+0R6T(_OLS`^2Cc48t}V z6&ryn8+Ls+xF5r9D}s1}>k(lT&wz>o{o9`&--uI=1+nZ)X83+WXWfJPiDVV}D3-vH zNHy{~CQqLKd=BYl6Ip)HC-ex)t3oi+hrWq@cf}y9bHdBJqnd6rqA25jD!-qIM>ci9N8AfjjHu<yd&hs%?XfCb-*9Tv4wkf}5=YLQEr@*&s&>;_U`DaTUe#!7yIwP%gKl2<}#NF~qPvPqs* z49VS;MZ%-J6Xazynx!nNQ3C38CZL|<)vW)h6vr|ms>^5z4-40C-}X(Qfm7i&crM(O z*=@$ABDByW+nS0Vv7Rlit|rfS-eMV)q3Zho+D4k&Xxxvg<{i@gH>IasTuuaJF$$_& zU1leosNBiL0%hA(>cn}0ZUd?y?CWH6+B&>O7-!^e+_%Bob~#RpfhL7myyYTne52C) zrBZB9!l8U`6UYk9`+NVy?4|J=7XSx@@WCn3sE?md8W_{?BUEJ3;pq) zf#h7EuEp5gz&q~7`Gp%rIMj8&E$jQlhCPLK&wg8RqZYD}5 zn~L(w=AwpSf@!)zoIenJfKeglm1U=lbm0+*^nx^wBKz~&tIAjz`bV>wphovap@*03rNiV`&wIv(%`9r0FZY)cGqqX&kRS>Nrkk zHkdu*$PWt#rWR4Mvk&?~&Eqw6lzzg- z4zFTz<{DIh#&=hD$z*kxUsiYJQR|ziC>6=F#uicJ9IT=QcFU+LGR2=cnpzBbti_1C zT~!In>1B&4V2S5LU~Ca8aq^_FJ?rM><1PHFM_5Rv01@w3dJxie(RRl?fNKHiS%&IP#5y^CrR@NBmXa{4Rb72^luKT7S(?zg1>kN*J=c$$sJn=~ zOv8|`t+@fDXpGidWKh5OhcLv}1o|F9k>AF`D=EUNb<}eUnX1!snj)Otpd+9Hxjw97 zL_UWrS4D*1)x!hr&bLj)hf6cqGrG_%IF;b|iG*jk(n}5^RufBk79pHsU@MA;trPx2?3(-J|_& z{?1_g{a_mr?^ocJ7|brl!?f3nw~|$F-Eic%0C8lUW>yGRapfxYhxjI5iA4Y<+yL~P zE1LBWb%(H_hZ)=DOZ9@*T^7h>LBoYSIzO?lvby8=uOjF}skXxc_hg`}<&l?p9pbsu zbsyd#Q=JPvXX^^~nNw}B376V7XL@YVu4Bs}<WlYu~j@(0NI=;fjTQS~TptiwEY@(3y;o++{(z!@_ch1?CP5 z%^eEPzb(ArY7>rW`I5uN!*sctJm9e|%x12j)yO%a3SAe*>`V8*rk8k!$E$z^oGDMFBE)vA>hkO03X#a3?WTt&v33qvIM~~yXL8ki#3O( z*S<}(eVcImmU#QL0GtKWB9te}&+Pr8_ruf!8MVT}g)V|kq?txNv3xVYo)6jXJ|J`N|$J0cmA!_aD6_)GVQ~hS!Qr>krZNSBZ6r0lnnG>8VU|A9yZm zG=L{?`j7z!RQ;=iGPv%q2=^0P1RfGn)n(0(yI0tngr;bNwZfgTmG5911k*{syfphhc@QnDTfuU5MkSiQ|_E;g^K)!-R;~3gJ2=)k-;|{b0Mmql+&Sj}McM4++Pw$tI;0 zZQA!(RbbEU0)rye{K-3+)37HI-kHJ&+U1C5KPP)!nk$$kw>nHj`5fE@kS;8m6sNk} zb;c&IS19YG+4@awnYx{l0J#PQMAi!E;mD#&a=36IVQ?imocs<0pVBAu5*ToKtrlll=#y@E zoW%a|$?{CSI zzqRYYew$sM{n~JXZ`yCx&_Wy|4=hkm(JIj~(}A{h&DYZ569J-J_@Q{H6mRDj+Q_1m z*r9aHmBfF1w=vz?=6Zv+HUTRu2b8A9wt<4{8$R2ldJ( zMn1v8u%^c=R`Va|m`$bM5J&=1FKz2fY-VUd`*0oybmit`$oww8H8}gIfXk6okW^hQ zdv5BXowAsrFXdh>uTeg(HZ&KnANH^~7o^L)Kd!8Dcts)Wzzg_5{JT~(H4SbF;!*&ws-r>BrQu7Enq5r15`v7@EfRXet==j6S(Zg` z_HeK>S+YmhJwnWMjp5b)T74$H81+e(${A_pC_i+ZY=z|bpflRsf4_hDlNWcWQ;K3@ z7sj3#)+a9KC^;r(ekaQq-e1DFikQ6kky9#j5gOU=~L6qvW=>&KYtADGn9@m{fU6;@!>4>~!T>!_gxwlrVP0W@P4T zCtr3?PGIEx%xdibOq_VQ8SfkH!ZcaSJixWGYEb6F5XFv)&l1p8kj0i(*}zh;pfK$o zF8Z))MTCB2w26&WA9y|so!^=cs07_^P~vW&$&?gW{ln}Z4v>B(Ykx3Ug7+FR@NVuE zt2xTEVABmYPRRUZa<+Fq`FwbG9=#}n4#@Jqy7*-!tIc4ToPk80+Q|N{+52h$0kCn0R@ygLQ$a zujn{*`TdRhz%_bWbcHMXG3(bH~`W|ZaT})ve51uR-7|>(L0O8gO3!mtHd1wgn z-g$xLc{FP^VU98Ao79mzk7CAN49jg!Z^fs&>4PP^9MzIYyse&KLy?Apc$B%7Z~+Tp zFjRmja_$hOxd#5xp6+P6iE2zp?EMT7G^jbo`)f~I2s4@KhKJ|Jdf>j}Y z23-Z|5rGe_IEoY9ld^fUq&X#eQ>mE2Qq@~WVWg5E|`?{)D-I(_KnzVDEC z$>)|#&0L>cYg@N#D|V9Exv+hLB%Y)QYwkEytSsO~dnn?w*$xj;P$N~_!&L+;0^1-4 z2IPP2KEoCrY}BnEzoXo-QQ@tXUyk$ha=C%08LR(8Y`~i_y~`J*tI%gRSL>@CI&mXx zaZDrp4LNQD(?@h(6)l7gEk!5MhldwGsixFSSxnq;wtWVwc9!G>hX zE+>nQG&Ir+m;)$a4x@lMm;yG5=rghjaX`!=4~RJi17eQJfY`+7YEH9=>;ZGuRy4<< zqB-!2=1?m-5*)Ah4TB>(436k9IHJSgBsZ6=#{xTK!{B%(J`9fNFgT*a;E0Z-4qd}A zG=Rgv01m?fI1Gw1hY9;hIJFT=F419FM2CS99fl^k2+mt4hY~5quSOtr3QJt;U{9Xe zr3cLn!pO0mGW5*x3}fmQ7M|#4T%zlqIf#B1mK|?3khA9UJ#nlX46`xC9UNISlZJH? zUT)KR16L7tu$!{54cs_*dx{TCI57b|_yRvPeSG!s6c%Ltz(^}4T%g6p$T@kt_XUgh zOP$|fa)y0N{71xY@BL#PAGca6fP}}NaA7gwi6yL%*wO^Cf2thNJ>ZW_18Cn@aKf<1 z>L~WQ^FM)W@)-abRDXb|@7Z>P8shk8Z}3X|nTHlAoMI|0?fN5ye_xB-#_C%!F} zx)vb_$`vhD+7?0O#r4K70NYb*pQ*%iluu9J@9E)6JeT$5V3HrG?B28NIG;bG8VHvh zkeS|~e2%v)$tuW%5*lOW^Oha!uU@?DSby~hX2<%gcQHHGUpIird1-_ker^+-58K_i(wfAwl|xbIow&|5+n0LXPgGx)UH zeu9@ZR-Q)<_&5ZA+Zo~fZD+`dzG%n^aD?;K>k-aZuZNs3c1Gd}aD?;iNa*PFhMdr7 z9EJ{%oSY9V5$DO}1}6`81i8kLh!t%RsS7qj{C>h0qMeE3`WRDVDWuwH!QKQ9 zCFzUJ0tU*U^W+z{cb;Bri(q!cu^iLpXA?}~lIx$13sb(?4aesR6C%#y5@&HGPNXVv z!j(ATBIoAr?k{8zBK!aT$(uUT6yb!_UewVCQ^{1O)W15aRvZl>Y29Zsm zI%`J1(qgD`LrfFmmd~amEvD%RCh!uEy?IW{pLX)gOg-}<(4LP~Uo-25@73!8A1e2N z50UHn01f#N;hv8zU-Ho1et6I0LF|dmaoP0o=7EKT5_bxX6pi7Q`owP?2@mV7cd?!Y z<>r$syv)0Mbo}LT_cNBJ|C~I6t&XX?d*?WlKEr#ulk>kHcMR_j4?gc7?sw?k*VAtY z1;ayJyQg^d4r0zS_$k5IZ(*oN7-ps4cFzxJ-|yeXWjed~MNC0O(}*VcCu}tEEU2U{ zqMn2#NIqq@3aJZ^%J&_ddv7h0()*7Tm(fsLw$WJfTWJ5HR&b`_Mm&ZKT0HuM^={-; zi>jX?6tD6%d<6`)Nqq=2Gv-G#3yxd&e3^UTmMjoQ;?|WG4a(@dF5dMZKBE>;Z^>}KEMDhLLXs28CNt@gg*K!>q&%`!ZDDR=9@-SjD!0h z|1B5B$Nzu}5L1^IvjSAcKE!dZKE!b@gs8o-6=qF- zmK5%n&sqq2__8__cls}J@dC}0`Xsc?z*F?wr*==Dnr#g{zn<}Oxo&dsZYBJ2M+iLJ zQNn!z|KOb*`@~fo`@jvHLVRAnFsJ6tMSA3~`NNmI;a9%mb|TJJ^xULz#eGCai+o)u zjF^<$g&ql9Hmos%Bm06PP4Wg;O@(d`W{-FyE7B7;3q4WcM9PpScDoQgC{%v*2%m0k zF_;FCum(|J4T9)&zIbqFc!U2CQt8g|Bmsx0(84mh`Ox!`OGQ;8i!l^Wd!~NkFYV{Wm(wO~)mK-j#(3HNy zh?sD#SF1*Kk& zi^kuMT6mIV*E!WP{L^}Ab4Z?js$xkCohJ795U%~c(r*lcx|Ajxe0VSh%a!;xh|8lK&FSsWYs=UAlIs8vei zA>G0n#}DziiLUx+g;6eU@qyISBP6$_Y2n`pY8*A@@xXZ-eW85gyoKWiS0jrrmk%?k zpeZOY4t$DybZ~yQw|jChIXn5ZyH}Vpd^kiE$+LsMeZ@{jT@4mbEx8Rxr5kagC!7YXohv7Yd znybg>A6ap6&J{U!uz!dMpa0Q-`B~U#M;S|brHsy6?nUz1?o z@Z|jP_^2?}dk4xC=PaF4C8IT@lCZRg@^z8c!YQgwNJ`bkPt=ODukX%J4^knpj*WRZ zIX(XUk5K=POfpb?hY~VutEMem_|Zt-*ygDbFo+x-)D5cyp0?fOkfMS!m_>4MiXLYl z1ITIKI5Yae(YJ%o$LKNJc$^;W9iEH@lL#pkbY0AubL`J`f|!cQmO#A2>wN4VemKCP zZyO&DcHGA~s_ow5FTyvZ?0xEJjbv@YvekFkmTz)1ARFcyIV3p0VBpx_J>Tu|ce@|z zuAqB8+kJlkyk~VdS2qiawU@*pMbb-*5sd)UgsBic67vW?`%9R-uBTV?-n;hAnVY-k zUr%e%3sxsqtDUgpqk}v#iEa0$*9!1!E<6X%PTu`-jzmXJ7Z?{Hy5LU_&Q8#*y+?A! zZ^xg|rysqqo4O(}s%Pg&1NCV&F%o=+F6c8Ne0DMnuqjw^YtR`oqmN6yi^)AW{f18Y z^KqS62&axN4i4r#+km-6s;53(@tX%8etbb);7q^l=}>F+E>hlgiOKwbI(_#FEoiTa zxr}zO!@W)`rD9KaL2m$@nG-M+1D>6OCfSmwjkH1c#wI? zi)jN9%4V?b#ubhx?BWj`DJOIE==U1;ZVGGS^G3@oD&!JpcpML_;i!3BvY~FR=Xj)S zDn)+0Vjw9N!^rlSR|YMhGR_2Q_dPSGm}Vc&}tAa1WaERPr1p>6*$QJ93jNQ7$!bt)|=d7l{ak z`o$G4K|r@&LxR_?`C|FFe$Tt0ZSD|1#U)$W2KKX^#c>bBhcAt7c3h5&R!@B(kpe52+==(lF?Wai3U`n<(CA;Fb_)1%_F;1Pg~LIe zH-RsY*>GYi{q=NruMP~rFn+ePJYYFaQH3Qf4XEK(@o*~d^UQ9JnXk@-C}Ny@aG{{- zaS;4ba5FUS4wyGFHwH&u!RlOvtlLD5PoDontzZmmeKm|cFO4$dbw+4Tqiv!{PyaYM z$Ml0&{c%BqyNL<1ksFv@IhHXZ+}DE}*M+1;a{TVU8_(e`K5=%Rg}bwmaiE*Y?kr?J zgTWhlcp4Nh((w4z9*fC-aK0)TjVIf=6F*KRn=ry%_`~wHcH-nE5Z`kXW=EMh;EEJc zuwVaxd(Aov%&a&Xq%-qj>ky5ORUIZ#_zucbZF{GnZ#=;?hu);109D=^51$~KX4oFV zpS5Kg?x6=}6psCmJ{%rl#+s@@f{HJl3EJi(iysw3h~0^FB+dm<$D|GfqZ!!BG_&4T zfOtu?3F+No8`*G|U}>t`j^0u8Xh1C-_KUmlyh2|bICV@;9ylf^RAHc5{+JL-gu+aC zH_Oe{J-xh~FB^XJWQiYYP?Z^^Bw0p+;nulm&f5Z%B+~RQIbg1K1$}!Sn+7!CiH6FX zVmw7PKhW#)8@G`XZ6>2qJj~XU3m&Kj0rd^yVS+EmDcmKv;C{f(JoMDkZVD0F=#Qg> z#>`u6P216qP6>WN_v5x=CQkf~rO#eM=D-17vCS6Yx;oMlC1m!)@WG6taR8=>$ErGX zF31D6)RS75nS^>8#xaH|k9?sY-)zkJsLfCUB_r*92;5-j)m+}>$n4=R+!zeKCHa?Z zeE9Z$_Gw$RIiN^cF-;SZN3+54I+tqd!u@i_cT5sD>*@8pLCx@qB@#!$)#gb+Arzws zhYLpI+lwYm2`b5A{ujs3kb%*LS3`5M3Q)KsSrGx<{PvpY0+cN0%MhN*<0Wz1H_4$? zqy!VYCaDihP+`;3IEyMkVfl)^_$0-hg}i|+273+yQN@%h^M<=HV?vVY?#$#ot*KM3 zm`iD{B?BMy38C6mk*8#{F4?xB{gGFeAN~rX8bY-baN%k*J z=_Li{>zCfx((N!@)}8-+O6wlwf*7ue@#YisXwhq3en+#yFv>6VQZ&y1l?;19L4=-1 zx5*x`;>%3(Z6XRxCyk(2M&7aPnCxB~t)CQsjRTviM`vfBdGDCl#Au4{DeNFXznQ8C zn9TkO?M7T^y@TTJ06_11vEhJ8M!s|oS2y>~n5MrO;FWK4KP+jL31dH|t#;vQ48Ox9 zO2#-aIMS}p^nzvy?1MQGiKXEJ$wQ3q78oV&@Eql>U%nqQmsvo zZ{bCTNf@Oynl0>YxY-5vPmnyD(N@Tp{g+QMhyJqvia%!`cm3zN|56p!2pH`Ai|VX~ z;S`x)U-tL(`w`o^bmO?;;LASr%IWy~$HUXlC&$O1>A+z`B<`tQM9he6eG%#zpNpnkJzeMtgt?VIwNg+MaNmY z3)RX8>pPiAoMo2eusmQkX9>GGsL1HP)#ZmnD`-y6MMGDEuJ&Pb|M>J-`o`2!^L(^P z)cdGqS~yrm;mluJmuG+26rto87Y?9egvZPQogCYaO@a-j1v_*573NWZ0nbnM9QPHXiG7%sPz62lshljT%;NAebW_(}Oh%95jgnp?;Q+{z7@AE?cu* zw@0Fx>@bCHbWvs~@W_i-M%=+(KAQ0mPN+=>-wm79jMc2uB7!i>x+eha7}>@krNf_7_;Tz;wbfN^Or-io@3jJx}*#`hR%Y+#QSi z>Nwk6;4Ti`tmO#Srz#vV&G2P`mR@17a=;A{Ssvl&%EO=-6sIqCaKdGh4{0?H~| AiU0rr literal 0 HcmV?d00001 diff --git a/libs/mac/lib/libssl.dylib b/libs/mac/lib/libssl.dylib new file mode 100644 index 0000000000000000000000000000000000000000..98369d7cdeb62c89286c634c7ad647bdc9e1576f GIT binary patch literal 376408 zcmeEvd0-Sp_Ww*0Fd(sm$BM^lf)PPoAs#Cc&@@b-2PYCd@j%c39*YoRMo~E?Oh%?@ z2k<~~cTrT_W!-fb4{(SQ69`Fw)s4t1ib}wPZli)%xS8MQQ`J402K4*={`dQXC^Owv zuU@_P>eZ{NSFdXRv-jJB$9O#6OpnLY5&w?EzcM65J-K-Dcuv8;DH$Hms8QFJjJQ@L z9rBTN#CM?ZbihA;^KaCs;Mgfa`7Gbv_{zG=ywYn)324B(3v-qyEHdnmQKKdYL$^;( zB^^rNGxte6^EycozI#*99#6K7k392F;v046*zpx(Cy94AeSN|bpDh*--yxRvzr*M& zpB$WY*MvK4h(qb?Gf(3C%$6zN)A@Db298mq$|p{k+%CXF@#TIg@ijYS;yoQ-JE8Jv z)Tq#e`|p}CX4G91#!VFX-TbzgHa=TGd_RKpN9%U6`YV`971ei>hx4Nv^( zbdmi9X^Jyy)P(V)CO>e`?Gwk3st8UxjJ`6PKATMs-w(z2ybIs>+kOq-Xd7Q`7fB%B z)A5nt#V&mJOk|_p6&y7#G@<-3`tow5yd3%PJsqFjT~g9GT<_fN(Z|NOf3~`P55r+yZyK1xh&6}XL~%kjai4dZ;pN;`P^rz@PDaT>l^PitaX&-?2xDwus*cCRz~{PaNq(uAyY zI(t0$cdqk}Z~n1cjKDvZMfLbQOfG}Qjvs&9q?BkVj|(S`Ds*I2KIwsq;KW13B=GhH zwsyQ0cJsj$D1DZ!O+o<=2@WC$loioo6kcvjmBn;;WMxfSS?jK&dyV z*Q?j5*IuJVzUk)IlZ8oh(nvtZr`2luF*V%9R&J;@AGtBpV_tbZK6>1o>1h;FDK-9D zh7GsU=og{m{Kl*bJO_+L+4xeEL(UKAN%Mhz8J@QKKEWKmj2AD(!EC-{o}JEx%-(@dEi9xQUT`ilFVaH z7wmT8#lx4X3rKI}flTp|j~D9|Vu?pb3l0jES$SR;2g461dFF$uv=nO*3-#M<_>H-J zfJ8IGOHhHPSGI_}A=yZ2!XsEqmgPokm8!4MfHln^x%xePkmVM|YqR_z8yBp$Aje_d zZ={gabayc2S!DOsm%GiSMak`@ROm;JQ>7-zeUcwPrlEy-y@~qpEdt*o+Ip$ zsM%(vFzkDC$y1+ncy6@{Bi3cqlmj4-#bHKYF~ zEt(9DPOBqeRP;4#uYm&UjpjOhqjADO=r7->#h>V!D|$&%Z%~sT9FEMKWfwH?jf!JK z*e|^GT5>gdi5A({QF-KnWHM>}%m#=@TO658l`3}<_)@BBKpI-7J71z(C_S(Ysd}t8 zWwBH}Um63_8le{8rJ<1O8qEq;w0LNvIr-#Fi7@smQkCcmHhH5EE`eD? z9}>0%giuig71M6Y5He_#h|Ir!DE0mgQFw@!ixMg3f>w}B#G`qR+B^g%)4G6WXk|X5 zctlMLidApL2jyIj0Y`E=!N$to4W(HEA{o9f2`jx4*_HE?*bYV1-SuW+)z74*&uqYkL2uV^W&OR$O+wJ3oB7;`oW(q@XXx$oT zBAihCwXH$Vx)mkR-Llc$8t_=PR?#Qo+gd?P#@u3jwbglTf`TWv)j{+6KnBLVT%d_= zK;Oe#W0(Oq{9|)hu3kJ7uE2u5uf~UOifLL+EzD z@l*vsHRG{tpkvZ72@XLAZ-n)xQPPYDrqI$~+*Vwi5gcU3ugdh)wPf11T{CpHr{OQI z+uCv0dzD)mfK^$?&!VR3Cy^871abmx#f5qE(y%K%%Kr&hRRh|%0n-cv8UfTxJ@;{F!sa>p>jAa9* zZ0)Bc&7yH#tsVwQYd<8h*~B=OSc=k~;Dt6=yIwvB9O3LdYqY3`?9`&LBO{cxOZbjm zT93?tF}6vG&i)z0P2}w^BMC?~F%}Xs%b_pUF21AvJM;lA@6{f>A`%^{gAt+Z78HBX0xV=sL4e)Nrqg5 zIW-x1qH6tPEJO57TBN?)&FU@cNcC2A)X3F9+QW@h3ZoJ&Wqo%rnUrg})N*a>r(9<^ z%e8CDG<{#?Lt@+yovs;!oauLATj2(XDOon9agdgu&)%2HLpq4azIkMFQ5X!cg7lSM zU%!3;@}YidjU~1C!Z1*x4afx+rK$z51CHlo^i$?UR@Q=jym7@OI!jy{ugWku(4w`$ z?wavR49@|5N3xkSp>EI-C3Yqxt~Qp~#w5yqsu>G*0t*1mJ{M*1Thl+&^i}3*D+Ma0 zssoDpjd&PPSaQ&u_~Rwu8AZjaqpi3iBiLDOixvZ&H-riG4)ghDIkDiFuU1YI%d)8_ za^k|=)pyCMn1|#f8>~fyYAn&ZfJ_zkJf`$ ze|%Vmrk6JPjZz5g(I!;*T6Wb<6{>NaC)Ba1dD?NUg+y}JVXKC2QKz{s8O2uN!t7&#VIsfo2@6Bj@c}p*yf&4ma3O<5;_$t>Pxa|=>@QKB8L zuN#g?)Wqk6%aCwoNP%2)-Ea>Gxju}!p7k*Ys*;VgXn-@}b4inboxsOAq4g@@X#Jx? z^NULQi=M%?gE!O{t?JXa1@t}Ue=q<>b|;mprvM+>?G2rd?#^DuF4@l;!dypSz?-M_ zBzyi2wY*Qx-)}=He>{{O$Q;{5UyNpSv^yiL0s3Qh=z2&v(5poQZe=bVBkjUC&rSRy zLHvX0iq_9!Jy#;^vebI(1k_~Dsba9`{r%b^6M>gt*cFkvgH z`a-Gd4I6v5Cl7Sc$mZki?JUsX&s-S;7n%`5^K3Jp!no--mN5x^r-Eb~u_gkcmXB;S)l=S+D$GC*uk0iSaZ9Dix5cQG>6L@9~A6vP6qw}dNk!@Yr2 zHBm`8#b!#2m)4@ffc}+V-)O##<%M9P1G0VkRxPu%iKYvK%@UNwD8$Jn$ft%v*;??X z8O7-KB}-`=&6~hvw08Qr@SgD9r+;PMk0e;IrCO1e8+=Gj)(gNwq^d>rQ$K1acEJc2 zQ&_Bk*g6t>`(Dfrp3H(^wMau2eJwtiY6_dv+jg;B@5Ug-ay>ER0Rzpb7FUI;YQ0t~ z%R6aB>(foo$?oD(Ro1ik);-B&)!N{Rg&V^Cb0LLO$bNE_RDro{0_5jm- zgNqL_9Z!5rG=Bsd*`xuzg;N{9w_f(#Py)TTvM&b!B|4Z2FU|LW1DFWSI0fS>9dFqo z1tX+~Y39h~UQeqZ#)6|{n>rygcm{gWweGqj$ivhSb+?WfkR+;0Y*bmH^N5OR=G?z} z;UFo=PP0C`m*hcp6IOzn63^KSH*=cG$I${jYPi-nA5DVhpWo$6f6b4i2%kqgaW)jG|5tmlHngW|V>^?7Y^6>vI6AiLKOx zF9u*~u&xajC@iWLCwsdkJrtm>$eQ$NOU?HO$#pZAQ*`Afr9E0od$b*Sa9Z`$jI!dky1al=vb$|n zhNhHklD287IUf+TP4AR~>b@X23^V~fu>@+@dLue|8Qvj??eN>CbqOC*)x;DE^%YVb z-5kud3v2oUQTTNG-O&p}Zy_o@##|^?!g>iy!FGcdb=OcQYB-iP3_}gB^#j)ego~dPs&lnw?J;*yKmUYhT%t0~VIbO|(gi#O!5(o4v^}so& z;`w#^`FK3Di$Wd#A(DLObS6v&ig6sHnq@7~X zDgnLCykaRDsoWgY;JXC1Vxj7}i7GUGWU2Q%f3m?Jf67ygjCkorWU|1P5-$x$@TOAl z_CT-QnsFtBq;o_T%TO-X^i|2>T*nncoM{3?R&rh#fUP%!o0j1&Zcczi)I=V*X+7Ur zO^}>_?qKaXuezZn?>zx+{^c_4;SCbY_Jmk$aH-h7US(@Lt4_LhLIuRS@iH-D2MYzc z4dw-Hs0B>j3QX!@RHv^#HNzkawmYjjkIzNJ^Fkfl)NZ-Kr6Bc~6sdnirrk{b958k| za_P5|+MkwNhFtU0q7);roMOQ%Hb&dmx|QFUz=(}a&FJt-E&C(wX0z59?Fr721xc;k zjaj)l5<;Onz6`u5(MOJa?2D0*@?Y|>4zh|7LOkb_)|5Z^d2ao7z6cZ1{cxa54*<8Xb zHActVFEkkA*rt1apXrHf$JFgPv(EZ${Mzhe>h@*^^qp<>Sw@_|T6vxRM6?1=!A_Aq z8KJD?s@4-qqu&OPdLGF0!zWSuUGMD}FP=&Tu2*Ti6nLkk^OoUxRKM|op# z-nhSIWrc>e4L-#i@@et;Yz8`Q&MUGfgr8=U{W?vLYoq{Eu=~-?$FcSVt|{(0UhzGMMS=?C8A!jdh$Yvj=-I z8OXpi9Ets+Q}8*xe_?GyR!5H!XWDsjrfJFAqNb^q=51&_1BfLCtz5L2Q<21^=|9@( z6mrSe%&8S7D{x=4_#>yXT?5x5jAQ#L5<7Fz0b)pc= z)B+8Src||Np$Q@@mZHTl1-%oa02HMx%2UBFc-x(9j* z`;@s2d>3wZ=-&bo8aie+4EA~qq4Tl97&D^m1F^xGT6}sI47O%0B(rE;Dh2#b0sU+9 z?tYLTi0FSYjf2R6e1^t@7i5(berv4Q|Zd{aHwK)!12waZbMCPNl?QaVTE4Rx;oR;UBp!mRkwnIC$%J=DR0cvt=ZLl` zRcnDOa(PE3`mn9swqnyyrbO>WVnAP628NyLh?yKSY*r4*V|xL zTqNZ@L|}a*3?gj-+ryZUvw5=(mgfRnOlXNsf?aHb?V;u{kU)%twxG@5*twe}N21Tb z_Bv2f+L|HEwE3kC{7(SSj@~0g9A}Z3ceb!%F%{Bc`>63i7J9@DFz1gofugp76&aLZ zmQV3*O|#%2sHO|@(e!X})9*e!KSjU!=!NVgDRWOCF;B8GX;dOB64G{+Kmaf!f7M)O z#0Ru$VmWPBU&x%ct4!D~F8lr`+tnyc-h7h%BBHa|0j;06)OWS}mv>0C%_n{w@HXA_i>b5MZzy zV4nbBgpGL_I1xKD*7*|jG&ks}s6kCUNL&ZmSdJW@ZRQ(8Ew~2({x^wt4C3#I_qi?N z9iA*~93cNGQ@mrV`enRp`p7Wk5Q9r;o~B>70MfTU<+>k7{~voPq0PQXS9f=q75M5DH^Ztf%k@fG@FTPoo-24yip)sof_5 z>W>7lgaFq`fEU~VvJY${-%o*T!MCLYR8SA62s+*lbJg$KIr<)T+Ikq!m#~8oq6QE! zbitGP@^||M+cP47C7bb1JIol8IsJN+jN^T}z*^6(vvR&aXcxPlFL&54@Hov1qX32< zP93@QQ>rQjUE9rW02)AhraUr1vRChO3F!Ao#f~fZZyf>g{l%So9!jc-FPM87a$`rz z{e-z(e%yVe+zrSzZv_>Fn_DN*fQ*I#37+-q#>3hoXEoj27%vsHt|P`Sz$khP6gIU* z`Po+b7C6JqrhpzhkG27;PJT<1ZO%kFXKOM6#l!%Yv+6bE8=bU%rOit8HA<Y_X(}vZa#|2q4Ckv5q%>jTx{QuQP}RlB=iNq zR1;z0+LFTB5^ghX=OFfxApDZ!QFC=i)YLxP2gVKOk~^`CF$=`=Y7D1h-o`2xunJm* zxqK)WLpQ+12#zZII91B3oQ|wp0XfQJ56`>_Ffhs`(7p#L$3!nq!d?`!q4=1BEcdcb z*lnx!2Vpx#4Ri^spJ=$?DFM4D% zXHoiR=A+MnD){|llav1P&$P^u&CE<2O*wT8b--3>Ye0*STqJ{hP=%&{Y%VW=FT*Hp zj^&F_IJu2!&03@pvle_C7is02{CXoHb2*0D$cMy(muJek&B*4G_&ChErZt&6hh{*- zU_AnQXo*tw9h+1yNpQ{g5DIfbNtJ?Ejd~bLV5*FLLUS(iunk+-hIjK$2ndukNtT6E z#TXuh6;|V2vf{zctZAuvK~HIcs?cJZab1%>5}N}9A)}$Gbs*%Fsb>4jKheCaDUY_9 zbcE-H&I;&O>^!*4nqwN)awW|fs1`HDX7gLvO*OJ6qZPJKrff!vPd6jA2V-Y(dN{J4 zWS4lq@p)U-WFzT)9`ve3jmjgv*^{ti<2MFlJ$lt4bZF(JOSJfj*%-WBNIB4v!tEl>7>tUGv$gW8 zMr(0jHn%LA8;X-~t-(nW2g7=4bK%+;D&%_^-a*eHZ;`>HvshDOv346&l1;0%PtD}K z?2zqiX#WXt=1arFsO)N}J-SM9wrzBOzWfNeBav%bV8O19+vURAwJu8cSyh0D(3xpo zw3_39JS|w_UO{EbO9>;8?yfqtyY=+z2PxW8<6*||qDQ<{69$IrN_?!Kv2`K?>Jb^B zRIL&t|HEO_X~Y&`=!)z)HW-NP$yK6TQC>CX6yqzhHM1Ido}%}Z=x^mDz?WKtv4a$O=5oo9;a~RCNGfk9h$`JZsX_KAluR)?(W;v$W_ZW!4Pj)3{(a z^cZ5q_b{N|nyq!J!}F*Nt263M4{Ty>1N|VhDEAnN7+9>pH);6Mw=Uj@lztnBfk{wZBX=^JS&hnS-r`&roU-981y%6@+%QB$iCzRWz|qN#gKeZH z_5p{bN&pkC*)&dP34jj;r+%Y`jcK0qB?{^F!1ksa_+bH@OK|mLF-G#MlhHa&_vrH6FjfaH=X~|q6EJ#zRH>g|s>)O9uva z0m{KXm4HxhYy@+3x)Dn|^up*%+!%hV3^1+hf%^_OZb@H0a9jTbHn+iq#~s}T0cM)f z;flYJdgxRMrWcH^TKE$X*UZa@d3zKeD{=*=9@urqhBCSeGf6Op60ma7o`T-Epx1bm zO99QesaxA>FZ@~EkQX|yZS`@%vDos-P#*aj_>|?jb=$I)oep< zR+tnScEza3!FxDq?-Vc|=!*@w(0$-^8dmI5iU#1SU&e=;_#5c6z64iot6OB`g!z6R zIHSGt0Z-fN(Wt}&Vw5VspgcsR? z%+2WA%JOWOS7kYdS~^?wW#m5|?3&>(LdYz4tvbEu*Wa~xQlM>hcIfWHHetPks40Fu zpgsuoEZkt-!HTi}h4An+c4*Pm#A{^dH(*B%uUrB+MC!eZPk_&GgFhj_uj&Nw?GoRu zM*--rZf69Z^mE>sXYXEs=ZO0IC2O16yhJ zzy~&r{{}cl3saV`fAGwu@y4cC6Sd@RBx;7#u~RNuzHoz2Z)+Wa(Xg*tw;i(OJT9dd zYW!M-VpF1*pqSd}KWb&N61bF^mr1(scGvTmsOJZgm4^badfQfKgidK&ofSGQVEk<< zXcH^wKFGt`u(#-7Iq=*1t__SKAA6ez>yU?|e>^iV~>_yd&T+u$A8GpfQ) zKXfHZ<%SBSjcn!vupn5vFx$&S&P=XJ#V23zE4*rkS0fotT9~y_BkJ?6e&K zDmCuNvxGk{p7S_7ylLW-sxcZ(Y0f$WA<8{LFXE73G32JU7^$$ILaH#V4}G7tC(WmU zm4@TT-vT>UR9K;IHy^_b7l5~(&h9T5vF(==+}Ppl7o}zBSAxYU=dcWM#QGG(rVTj> zdKvtg(J+V!7zk)fngf9wBH-fy@z@BW*!8f4Bl;Il6dZoR7b#0sDFa zK%fm6%ZL#^=~CS^zkn1-%2`nLRI?V#X}45R8L0y~TUXJ08PC}TZ)#fGNGtgORL*P# zvQ)EJ4`RsS>IlB!MsxqE?aFZyyNI!p)IuQK=U4zs?4vUYyIy)ssx!1`J_w`CZvcQbPf|JDO(lj7bin&)3|3H{w&{)>>^w@Vf5np~$Wf502rm67~U{)ctRGXrrA>+stDAO@>%ptC z{NuX4+4={C2X}2qzMKC6iUc}&eTD0j>+^pEPFQ4asD^`i3@}!f|3K*X3ikkdZT@?{ z!go>V-MWKkcKT7x``D+y*Y=(-@59;i*}8e_inI5svD|8ucN%u~>A&&iy+6C^BmvNr zy(yOU8}_rv-aesEIDN3=tn9U~jIk1Za0PV*1}9n8&5n1`)m&Tsr5;UzigDpc5&seH zgEYmM$)-t6r-rkVM!gGJYDFcBVZEt0Fi33+RA6ZQtpUtRFw2MNkn)}8GNfZWi-K4|T>)=c z^Qg)B#E4#8W1}$_LAlh*gI**nGkuc$YIqpZ`11j+n&=3vwJLxQ1Dr4ybfm2N4J}4= zCu$JZ?*%+S$injugR&jj=zOui%ImN5L$^-Oa zjxFZ_ltaYLz->JR=&H?1?9U+F??h{fHJmvY4JJo0+n6dq5dDgG;gN#?2;MXV!3#dXci@^lfNe7WdW}X+{JIo0%yNB6TnkzF52-~h|jbSG7Pr4{% z*pc+sr71Nk@acP?(g>g79H3pL{pGvNzn%j5y^b9t)_tz>)?4vQ!*9YsELBELZqX-(e*qrkrFd>8hu0{brZz?Zq#7SH*>4M2ISiNVyxb&y4BfP_24x?a}4 z*j=Is6{(2@tbGAW*wdYFt&;%FF|w)|IDPt$f%xLz)>9ec%h($sZ8|mjq1%<{KdW`$ zVoeiehA-CB7ptIwUxl~AwiOwa6F@UCDwo8@7aWB1mjiA|ELcF9+S5Ae&!)rT%@e31 z_K_=gn zc@{+N%u9QKAkHYRKpKbmH}Kvrm!%-noQ-}ar@O%u0g9Q7d9r|>(ZQ^txZ*-wXq(+) z6rP_A0c-Ji7kriKJIy{_IWNvrqO*WIvXZ%Q!aax=BT5)l8y$}~dr-w5fy5)48upiF znIt|57D-|uxcG&ED85h_>pYMxjP=K^v8aaWv=}=5|99}n@D0fTiF&-NL@nn$K&qmecAm3E1aASR(Q z!yy(dMVe5rd5(B?bVb5I&Auiuf|xmr-|z{YV&bR>Y!KuS`xdzYuaLd9K?ZG?xCxYl z&VwYd2n31_`Gtie@nq%{H>{kQ&7rb=Lovm3cEekrrj5BmN^elvz5%&*Urkzf{U~g~ zIydxr0(uRhYXI%&<1h)l&<(sr0Oyd-M~Qke-mPooM)4#!sKm>wO3ZN-n*N!!Pwoo& z-GHjVc_#Tu%9!GwZUD*fldSY~V1jUH#D_snRJJ`#f(43x0PI#F#5*V+_JxN3wy za-cYLPU63?L2BkPk=+@SPlcB~roIIdJ?ct+3f`<)c;ZfiJ%be|84I=ev@oNW^!1v) zjtiQDoxJj})&;DwxiY=QrVD zPGdz5vnRlpXuXf>iG;*aHfKWih(1^5K7$N8E#}a7qb=|ktx@LAKAcu1dL}4QjbjGD zw~h;G{)o58?v6?o-42o6L8a<7JPeQ%v^G4d#*C~Q5rdSuJj^-!BfrBV}h$1LVP!qFJk4bh z&_6$-a&AF$OCW=3UQE*ch_JM*dui12fK63r%{#@v{Xm*TMmuBSO% z-3fw9^&P@jfp$I}F03^5#G)NYE?_&C0U7}Gc&7nKLsLM2-TC^EI;XyM9>A<&64|kCSXChV17KSR0@JtoE@?a@axYaO@$F-VXhC(T<*b*xoJtC7nwi8(0XjWE6< zE1J-zNMjt4IBGhFzMgYpvzc=l6*dSyj?2B?X1vQ&M)6A) z!ZTVu4*S7Abcb=-92_E3sL=>v8jr&paHPQ)b8S8x?D%3YgpnysL+kwz^sOi^mGeT7 zQauJAYT{y`6Ols2?%Z;bt0C9CxKrw&LIQm=*?KOJb#;TQpjb`ZN$?Ks;8>1E>T_ve z#9aa@0gF4^D!=Il^8EUKSf}^rO6!C%R;@%N_s)FkKdOM)eXF2?aQNmxi;4K>b28-h z8dX(DsNCmC(x6YlvlhSP0eIA^?}two6V^e;&|=69;u}Tw%ATO#oJG;aS7xJo2_3^6 ze3O_h|K6#^oPjzxd}WAY_VVfXTKW69V{Z3Tm{Z!G)otXvv4l!1%+wCE#4cHjl%h?_ zT+yraXp`tLPCcBOo-Wwn(?@+#8Nz}%g82w;@Dl=D@py>(oaY)`DpW7?} zY$6Cpw@!mO9(Y0SJb(PzT7Z}xf!nU9niFaIH+bVhotcXqw$JV01B@;OG$LB5>zW=n z$)g@6$7{LdI%x5ZtMgC7|sR9hQaf)h~ zw1`R=YKOMHmJKF@eeOlv&ZKN@*JoP%+CCXISs;`RF&rVokm&dMeBEV^%xV|?YqA-H z?(U&}Q(x@%XHgMItQk3#kD!bbKsO5=2%|mwTiR&vH>yOJnjKz`da;g_G8vxY-kXwM zFsrb(6&EEs1=jsv3#|RW7HIl~0=85G@hJ#pS}7Xyq3kT2LCCIX3L;ge{k_nL@*CMGN%WYwI~Tdx}H{SE|IBf5Rq0m@BO7 zn_2m>Hbl9oTvqaQW~#H8Tc9OU{W7C0kgj=GLtUiy`4L@rapzt;^(fiX5O9`dbKGGs zY-(&w=d8qDv_q!MmkNSdcr7A21p?vQbbf-D1S{%&@jSk#zSdV4JTUqWSM!uL5Yi%2v4{RxGMpd9xyoj@o#7a;#0j@ zu^aZ!jvNoAj}196JJMA=9Go3t9kC(Uo_viCC9V8%CYWb%P!Jf!O)WLQp#n0z=LbZm zrDY)PX7yJ4ZkqIih)fj+__TP3)mSsim-f?qsXI#F6~hlB65H=6HK8HqU%{X`6HVKQ zx;gayPj{65_bYGv9i>g;#lE9-6ih7cS^C9WN!68{)$>MD>oxnqSM;M&^%uP0k~dsW z3VX{bFnWb^J*lPRRoHs_}1Nj#7b5=M(E zan~u1aC`j93u}~_9uTu4b(`r-v8#r6{y{f+murN~+4b0>7Zx@5~C**rpF^rcL{LngKQZWP}p0harsp$jCs|)cV!aE_H z01k8W@+Z4@R_4vXqzTuC0hK}uQlW8?#3Imeq7v6+k*~(oWu=q{f94bwR-kyYcs%+v3Q>=uub>9RS^%amF#qChrXEk~Hq(Iu z`;aVw(!R|!e;*Fq+DD8AA-{$c!7`is5$-7Fg-CR6GyQ$7bVZ$tH0ersuA_wFg@@Fh z^$`iN8^n?NTu3iP{hjDQ=qPUS=?l1=v;G9Z5W)Q?ISR4LMo|V7Ks6dX3WzPg1Nh(U zmm9E7l^yhP8+L=TI zDDE`9-?$&!`ZFL*t!P(pqS>&EYsVqoTF0>L6EHTitiiIjSb~?VAU~o-?F&5of3USp&^=6Hywww!hk(?K|PpLqB-0g{e?>*zl6^dJ&Kn? zV(P~(szkrSexkJrA8OJE?wZI>j~vrw)_B9J7iX+1EYV^|g7jaNianPsIK| zw@+|uY>EEHV$hAp{$gAg=Q0TM{a&x9r05MQ1d7vO1Un|f95LZ#sK#!FUmw;dSzN&Y ztvhAWJY=TLOMq6saZVeYyBO1F zqCH*LpyX1yqThia%yV%KN(H9h;yM!g4$d^P`yCrPB{Ie533YY`A>62tScKYf<2~-+ z2Iq5dJ1gz(U!iE6EXzxpLYHXe#uCuKs}8WZS>j^nIV;%7yaFy8O&^rqn8~Y}R`5eN z>H(n{kB0$ouWETmTkxd9wc)oq*CW*vx=>5jX^}l=-uEpoMPd?mtn=_iIu>jdmV6Gp zK!Oe%2W~CFGU48ApK)h!c7(?ehQ_bGpnGiKXR{-$F*b0E?d!uOF5E!T^r5@)xKTdt z#3L&LwttJ1fhGW2A`kUPKYR=+4d^^@Hn%SyNOTA*PhRO1s>SshR;wrG7QPT^wbJAi=&x1d-KnwTgC$a3pRko{*_j&A<~%Jnb$KK`Jgb1h6HJWH=Yf zOz|N+!WY9)!K-l(z>QSyNHSk}WU9n+jT?&(m8*$9toK6#v@_t3Pxq?0Fv56Eu#mcE z%={8VE`-<4SZO@i5k7=1=CLhac;$a8jZe>DK%NsgbT9UWsVmZ++>;0x_tYX-C6&kfWQZMeS@K>(!6jK8B6*XU*%YVcxF@6j%9wEVn zYzeJbQ~F&sV1^h|chz)-&Zo5(vg|Y1-xDyN(+|#R*?C2KEJLcAD4|^5#-q?@gb6=| zXY+)+9X;kfVJrAyT_hINIX}a#kcMTOz`~)tbt*;c#JofrG{^~B0&fr9w~y_iNU1wN zlp+GsyVrUS_|mV*;oJ;V&UfRNt#>c+^YG{W?%d8oLz=50S_9D0dP`e_Nbqc-vl zP7&=dHU3dR9kdty;!ZwX2#_7@qBd3))FMZSI6m_A8V-Qf`S=hsP;9ecb`9T@v)w79 zj>3TaHFFvNt0%rWF2F-g??>o2ltMA|&rk9Odn_npkPID)-SQDbay=7B_^# zhViI0&Os%gHhL3mY- zE(HO7H)8*FgdAoU{ScbkSM!GMcNoUaJ=m0e^ew>S@pwGGE+66Ls(`oa71)0$_oIvP zMS(###2@^dXJNmz83Fm-5s8Q^LH~|)5O%AZu=Bx=n)s9=dI{PAfB|j*sX6ON`8l9G zL65t7R#pM}8j$Wq!D6O%i z5vwL8+|pAk`xkIogoArcQ>RkGTo<9M2PgWC*M;*^i_{deqToneYM1ag;t}<`Z?h{! z&3B@pIK(Tx+?aGgmN>47E9!F5)ta?TcDL>3K7^c;(zMw#&s?y5T8LsZz;xJZBVKOld;zfK+T_qCZ;HkIH?tV4)Mw#&Z_s z)7dN>>-9Ld+H`jpma0)l)#$PVvnc&^sRyn1prSUcF48L64UB4n7b~}xsKyfo*{HbR zHFx4-=*a5v{`l(!ykVPW|B;_4%~D7+I2CCA1*q0X&r`tE+yxEP@CrIP^&nzKMtS~&SFFBnF6@s2ntu+SwB?wt>OFp`QNr-61 z{e0d!zy1#U8S5|kh=T#n5PxRg0xmEr#TEh7u@0C>w6G*j(i{uFC1wcXVw!eGJ8lFH zn}p~$2;p82+eO1nk+0i;&&iVI%g{XWGuxTMqC|5{P! z7?yZapcER80nev@Z~p#xaTP^h-rig^4V|b?24}tM#xYsc8V3&Z&)=Y-F2uWaP>!~< z+@PNe&?rIg1*r8UppG!If%25|MC18buA|x=D9)(GARQ;NXI2=fo%69>g54r}jtlin z{eHmJd68{-_|b&mN$su`btQGk>H;f-6SYco5MFVhWrXSffeS*pM>&%6;T692X;s|e ztKl@5)@c<|eFeC^CXkDxua*+M8IVXuB}&y|Am*7@1Vmx3iHp3~WcrK#tIWC&b){nq z5Sw%O^%h{m=~wTk0(3k;G5a7ET(nv%4#3tj0Cd<+8XlaUrfy9nl=qWB(OCEep27<( zU=tP+xC0fc|CRY9h6cjDiY%mIPWJ<_Bi2lrc?Z>!L6B|c@J<41E@pNZ_-4^~vk({W ze&g*hzRZ)k7}D23X_vwJO9h$-F00uca1Mek`s~+O)lCP;V{Q;R+`mDPsQ^(|a+F0V zEta9JR|CA<4Xz4|D+yi-Z~(%$%%G}%Zn$R!Ts`5=7HFw=0@}7bxCi)a^ZRE&pS_Ax zSAu73LvArIY~>E>c5^%oi)LK1rGi^cyUg1lTb#E)f-S~o~3Q>wdle_~3Qsofshc1U9bu3`D#zF8B zP=B3PT8cN>O83L^IO&aHrt=TN;ss0;upUbwLD~nYr&gn^g}vnr)PSSGxbI_1Nva9O zWuE3YL)lDI#vlqVI0}N&54uFoRU*PW*iMtTQ=%Lug+xcY0e7+b#JL0c z73c${`uUjVmSc{8sF*sKWylBSH3!_7`8#REJdBuSF#3nX8QKK}sP zk^+7Diz9(D-v%{p(2)7=5kZ;Hzt(HpR>$OxB{+A;J#k3>N^IQ7ULFTX^-uUv6LBiV zC6IlixGPR9STeGab~A#V(q_rzk6eWDZCe<4k@93I_GBEcwW|sZ6X$E+XX0v{KBBu9 zM}d{-f5ig=GBJwS^-*I%+EO_C(@3KuMNOQBoh^%(Df%Nx+>7^52^w{SE)t+?z=bs! zpr9hCna|?Zu_Mq<&m-iWjoR5XIp+3lQr;q?G0Y79Ieey#?Qc`C*6b8994tWhZa7BL z=w5_W-0DPP#1D`u%S${M=y_Rx$g6c~&?*mB0z{d)5T8b{2B@<3Ub*k3w|jJKItmx*Xyenfg&|Anq_;V?ts258`YM^Lm9m55yvj$ zxg*PM+_4ZmJhK!1q9{ymuymn^<3vG;Xhw^1J;TijN}JPQ#hJIp1-)4pJwM=a!$ zz9?~qxmjZS8b0PUCh7K56CKc*tiJ;rPm*CKh@yxCdkAjc_8tcT{nK4mw&mmO0lZos z0C6_}Xaw?SAq8|W6 z6v^AzMo1IMBEbuPchKVL2Y-B823TYqS)Qh^>?ZUX@%QhVZ+yy$<~B_qm?sdQ0(7`q z0_G8mQX(GbLX4lXu$6ieaVG^Cjp!&gR$M$_jsZ&cl1)x8IRIh;-XHx%Ta-B;umn!k zgMxr}7k-cv;=D9Xl+!7B+=LIuMjAV#Pzu5Ctnw8+nk5v8xHFlzmNwaRZ=Y)bR@HFz*9;M}u(@93^jEh$#)Q-f*Ns<5@^WA!t0B zIkbg3FV6%zw-KIsq;kiSp|#jJ2jYWR`KNKL3Tk?g+$99~-z(z+$^Jjx_{Ix-Z?nQV zFd%jlXkOd|wK_|BGLN9xf0MXwcj2NAOcCgKi>2vDb7KM213X;jg0mH+D}f3GkeI8s z-_|W|2h|{4h|QSa9}hLCkF;@uVSe~1p0O6{0l{J?59bL*V;c)uL|(jb0Fs8m_Va=%ns8ejNJn-2TgV`mijgzAmk3y%jNt}9C?_4k;I2y zjwnbdU0M{Rn8Vt5Q6sN&I_X`xCf!I)RhCc7F#BQKhh3GkExUK)DDBN4z*)P~U5(g8 z!IcQZHXlGPrtX}+o{C3I;gzb(psl$2#Ult@NnrB=fdn_YMZ!W}X%|Lf{tD>r=5`3d zzA*A8BuU$g5ES-|$1!T8shYex@)oMvO`ugvHoCg={EuXJhP{%b)DQyc9|gSMi+)YgQw-FogN6?KmBP%>B)tb)gzX|tS9^*o8bDTCG#j$Sbkg3{n&w9C6O=P* z$;y{K^cFY3gCJ8)TmiAQ_K@N&LlKDJVmI7n0*-S@^9(eK`2AyykJdqnwWAwaS|R?% zfwdG{??Cq@7UpS8OMo>5xK?_*>W>5vCcvEpXg9Vv3Uzo-$1$v4O=1)i#yp-Aa-(CY z89cp2_j_T8Qnnj6Hy;6=Yy*2>WONEx=7YqjA6jB(3g%zKE+S zYqcCF#=u9N)&RMJ`T)BNPbaanee+>^r{0Z{=FJ~Cgws|Dl@p6H94*JYvV26QKR#r? zR9}t&3+Tk*xcQRKj}SUc6y{u1!OoE*BsvHoE>S9bN{O+0vo*RHzpn`; zLD>2~@CE5FhCAml`iD~=dGCikS!=W4uTKf=&~EzZf29q8OGDZKAAq&^GTLm%T+dxB zDSVoEjv(q3sXX{BUl6+U7HK?EBVb(>gLtjye}$~Q8`G_aoWO83B98-e>JQX;g2v)( zCQk2y#eEy^RH9l#HnDGAvJoLQiSI<;0f1{lJ<<&-C)AGt)Et7=wqBzJg8g$tsX|%C zQrP)`62i6zGOGpWmrfo323hGtm`E}&<&sqfEEC>-tY@8g|7M^c1%6Weri#Q?SjvZOv&{G z$AZ(-+=%ZNh<^lPvx7sYm=bV|OP?D!Q!s`V{UQYxCxC{Qja`x_B73}{PITi$`g(&8 zn+G;fd*!u8Dx1ksiV86&_&2ge7d;z!c8t*ub0bpO;d0XpOo6lWJ99p=^wpeBEF=(? zVL{pWm%$^I)>4weBt?6wP{JeF8mKufk2x13lr6u&c`L;@=3OXkfU%JB5Yr6It>34{ z9|@1XK=^VDdCYj@dvXpGAbeyco5d5nCRGv_pvvPv+znEqGa)*&4s8Gm=<|{bW(F#t z)yBfLo5s{4q+*&(^Ot}%z;Sa9qvON=%wG&=egbdE#yKWevNmaI@OIz z4zaup&#DK2to3IqPdsM_oLq<1`YdZ5NE>9tDI0n1Cyxf>+Rsi6^fAC1ky-O1n1<4# zgSbHs_{4>A-w`p+`Zg$YKj&j4N)*@*7fKuHi(ix|5~ywI9wMXPlG(WU%>x8?ict7K z{6)G2?cb2tZl3IFoC?8+*s7DiA)(^8j~QBJ|A@qP^Kq$Sb6^-a&>U=X;YmB7V)lv=3k zp|%2(2^O%9m2;yd@Ytr+$El^7SV`0PShLu=!A$H|@r=PW3euHfYZj+&J$8UjTYso@ z)_O5BS|;e1s|y@&ejPPXq%V+lr_ZK0ue}fvZD%eJ(9<6{43f?3f}9{BhuMjTG;x{C z#W8!~vqmoE=+l2dBMDI!+AS^4zRTWX-42FabJ&WnTyld6gWPtq`>jSB(eyq44$MV7 zXNVh64o-V%@|N!ueZGeqK=%3f*#f!$ah$}QI9n5`hU?IUTne)tj=Z!6lnT>ELM|gA z-etMq&YoI?a_nhEXef@J-I0=H`rJ;#ys~wOtBNXj71$LAub;At54mJTC{%aNVTo8I8>mvtr;C01Mq%s@aY1XNo4dH z{??s4P2_$_WXAxR_z?iH{O98LlS)irH;W$@PmjT%&y+KB1Wq*ZSy;KUm|Pv047=^EMH zRs68yJ)gTo^AhBvCVm3F)|F5>6v&VTj*sj{MV@SUbL4o?E$GC(+bt+mj7M7{@4t=rmh*L%!V-BXZs zT<}aXq*PhRLTlEdA7`8At`+VQYd;bXm27eG5-cxxF=Jgz$6d{5Q#c)jgi0VG#zq1m zqFWiL2Prjqu+zpzqXf}ZQ}WDrn=om#FM;^=mF9J{5{Q3;b2qKE{wjC~kO!_cBD?dI zC?i7cx<*1kD3t9kBwIycp|JqqfIhGQyxCWqeu!ZPQS{knA&3)xqNKT8(D`tfsO3gI z?zb;iEB7a1i)VDkoo`#AP-}yyF$shybH4y)CmEM-NJ3_`xTp^TQcV<*kdYkQ5dY@} zkjmJJ0Q~{L#tB}RYM4hG|F^>HCb4_m*#9DgHv-sOyQA)HaPzf`7Ik$D_N$gKqX1(z zKnB%xZduiG*nh=Upjx&?35lHx0Q<)W$MSs!-j85}5Agb-QX`t6N-#dPj61x;ogH3h zd$(R}@1B!I^^39z8pBN-0`cdB`s4)rBh*KUGI%O&|L-llLKnpCEKt2KP>Q4KS`3Ap z;%vmbbv0m|%aW%u$V-M{T=A^d3D5jqMW!z8V7_V zK1}Slh{Dbl634-q+Q{*vu6==AeH&Zfpa2{1PvSuscoD=(X4^2Dqjj@Tk8Isp0IBXs zt`mb%Z!4xaIbXpCl$NUkL`~elHA5xvyAi%95x(XwVu~WeP{dpaF8JdbRvF5cRAF!* z*&MtAKPW%DOGo=hlVgu$a0d!khX#svPx`9005sh0Mkr|*OBxPwhl27*azIHod;XvZ3+~%DABJ0#yH_BRK>|HhPVV`t8h{C zzm-`W^U`qK3LL8uRVDIvAWz~8)wTy=eXtJt07VjKFd1=(ZLC1i_evCc0(0^%8OM?m z7bsw)Y%-O9i>a#kF#fiZN`cD1B!w41g&*&vAsX&WkNV`<#!Ax;CCnJ`CeLi<++ zPQ4O)3fPxej5ay^R|eeGeU6P4h~j%Viqk|<1rqV=SCk&ZP3)hN&SRxYl*Y}CQAaVDbaPmlMII zsMFlDN*IVRlBK1D93hj$zuDsuxWX@(DgNlh7k(UUzZV0%ZCMe@%4}?}Ek-AnzsO*{ zoMOaQKLo&;&)zR&_%b|FX)=rmQn*$(p8^$V5NilZL)cYrK*{tf0!|@;xI1WLtc`=TCV*rn4k(h4ytzWKSOE%$Oi)swf2227q zN)?Cj0r%oDIATBrQ=;>cf)Fw}CRB#emqA>xyJox+!!x$fM4WqUHmXvpo&zxA5__^@ z?yjA6x*VB!ry=7NiCK$>HfizeT9|+KZ;>wU+ny2-)T;WBo@!A;2#2UjT3FE#Oujd1 zh#0)wDbI4hyMU%AI2@S*Pva$MUEzg882RO`MWg}at2`rTox|F(J&m7e#`!0>uVo9< zRaJdAJ`jJz6~(ezu@{TBLxsF-v|x>BNzlQ!jgT*{91M0L0YgtCVQ&LfHT>Zu#_MICkMwGx%z z>;}bt@skyg43;~d;u@uC;!wI0Jsx2c9LfAfDVk4QZefhTy)!o=B^m||sVFvox3)UC z)4AAbt2<7q;x-_n9_{-xHRI_egl2@wA0ga;@n#DEuw@%MjXh!PDTJ2y_CIh8>lE1A zJcwgwU_GVu?Mm1H`!@i1HvuQbjY#7(iD&a6q*ZWTN+B&kZQKilkT!INkp2NH#RBtC zz&cshz(p=6Q-UxIk(hd-f-Rb{fa9#7H6M6YBU+F5n7Cyh-jw4p&BqlWH5Z_qISCp> z-%dR|9Uz)08;f%xcht5U`#2e#w^5xmV;(;?2az(${sqvU#4iP|6u7>`#Ei1M1H_OcFUrx6(h3f&0<;A> z3HK_}I*GI--+)MKFVsSg=IAmgx5K=pLKL~%UF0XBzpn$xYNTp&i}piUAt)*X!B58p zb{#{%@f)}1K@!0n5^y&Oc$Ff+O^9x6l7PJ+!0c#~+n>-piU=i@c9NAK;t4;*PnoG2TV7e_t^N$_`(BErykhIdY<_lwn9?BE01$L@mp}c`o7HA)l}gXuzHX^ zKgn80SzYWM7)-SxtDp~%i95I(Gm@-Mjucv4IEtOiMw8~rHkAzM^T(&+RE~Xh_kb`; zDKl%4-f&FiY;m7=YzVR?*7!}C*6YZFN<4#=Ut0H_+g+Vhu#2cI42uLk#~lga z3Ig<(0N{dzDX$`65I^GZvw##9vtd>xUT~rf z=5PfcHQWk2Qv&2X>P96cT255^sL%K%pd$fXN`QByhjo}6KvFva)QY{H!XxDdk!zmz z8eKW&#jpH7#@+@#s^V(=-^~joylqerd=H9B)GDc>q=4p{-Q=z$8bvIvqO?&5{a7icL0SYj;vOFU#nZ` z(0V5Xrqr{LyfHWVyA+wjszUNPQYL+09XDK}8fQ%y$f1+4!X9Usaq z7sBTLc&U5Kg=qg-w_Kbez1WV43gC}VI|>l&`(*pW!9I)|XZMP6a6; z!9uElvhb(?qU(wv)Dt=z^-=HtAb7r1A$LiMCM$%kGTYG^-67SYhf2qz(34FikI z;oPtBtS?1XtjNO@)gfP&jIYM~*0;N~c_Ict#kB0OKDvAY0td7Gd6{4B}VcX&a2Y_6^(PvWe6Q# z>~V=uZeqkCjh>9_%bQ{9dT9__d3wR%iH+hS?XK(zVFLGzu#(%$J31h5L8U4$<9#GAJiphaexbzpLkLj6I zbudvoGEdz4GY;O!xAN}qeE&&RT`|Ug=?E9G*pyYUb0NuS>Cc)?@(e|IG(rfs9O)?z z*Kz((lw=v5QT(O>l5wBk^haq#?LL34N~7$LFx!zE?*4{|qmh~(k{Hc6a$xBrXB=gg zhzWwxULzRYc$pzx=*FI|Vl@M))rPI=0#1#H?lgsDGTT1l!pkAv=9qE@6fYRrta#Rl z`$u~H_C|pf>D=!UP15BkA4asZATtDyV39nlM)Y{IM|yqoq?x@Ma$7 ziuiSX@@xf^ZnxCaOz&8@H-2`r`iNJ1)iwof`GYMvl%q@2mVXz@uNR>y)G^}sQipM; z=99V%n@HXCdhM4Lk(*&<>0NJc|Gxlym(c1BByH%MwPS#2VV)4g@?@lV~3YP5JN8U1B_Y8s+iZ6$vIc8*^aE>!j(tl#Mt zI2opPHwZpwDyeqD>g@SbsDd997#;7+{#;F=k*F=`!!BRAfqPQ)8oD|`qBh?!)t9Y4 z0TeGE?ecB6pudgiVjCq13Gue_+V&JbSx zhWJO(u5833yBp*Dg(GS~OA&3_>nn*7WoVf5z27UXOH!Mi5tE1fv6A;o7ID^n69WCL zm3>D+WfU=;8lkyZK*b*zt|vS8aULD>BKAu={#jyjy)t{FI-gaQJcwV|NZ?%cWx zmH1u6A~l?({<1j0fHuzOOAWsY^=cmvs4ZUwb+$k~36%0nlbi*@p1yRQ+Qs6kB4yT- znEH0xe&Nhdgfo#6$kuGm)J6_6s|(tTBaooat)CD+Cm8)afA&HskPR+P=Lo=DPQ4up zk|*%pYxV$w83eF<;PB9!cxu;shzec3p9d;P`W3ifzRx-;ZNdDH1*0tNhN^|7f?Y1f zVF7MRkz96y9dDdTaqZ)!{n{K&#}8#Zl+P-^$RsxCs7M ztF@1TG+?!r@SVJ#Dj?gR^?JX!_c{!+`wMHJU#g9Tf^ZXM(q4$3l%_WA%T4=| zsmbYdM%DD}7dEibgae2Rl*ODqukUc@1h`NuilO16D7QfsolRb!l-Jl>;WNqg=AK-y zqkOKi)-JgQ$rV?n)}EZLNki`IKwgVAqv$z6h)VJi#W(Tm8m&OayeA*gyXES(*Le-v z*E2Bvk7#h+SIo%6*-`ZF65?cG^g!iLylki79_uZRSne+0!8k!H36+OkHRyhYLNTap zZlE%#eLLKi^a=gUr2>O4kqWi;Z)BvbYxs%WgP^o#nO*FlB+-MXglhw_f6uuz_~Ylt zYJ5*Fgghl`-GH^Pe-2Njv&k}jXp}=}Ddc+%@CLvl>qViWpj9H_Ea`&$MYF;-< z{O5?m{do{a2)bjekmWR4KEFiP^Ea^r6)4}0lu+sqEB~8O$++szxYoGVdE_zZVo#Xq zVp%VSNDFj`7(E^gN+A75#wghaOz$mk&%AG0wrrW^k{X7|%A(5nXw!Pd>`0by4@G=N zUc5d(y14-Fz@0T}%+q^_YUG=mJnIHM(zTSbE39K$*za;*t%I%egod&X^T!>SC=J|x z2a3A4qr5$uo^SfD=+G(fI=Zm-697Xem^e1!CE8j_>4$~;*o`B3aknk6r=GA=AM>WD zV(n-V>t1A1={)$Go>rOACc)AeKSAKhZnzS-JmR1UTE77 zlgg7iaW~Z`)yw2e*2+c^$0mX#gauEMFVJ_L!_z%=8C8B@Jt3b&-28*=h$2C(BTl}p zH^NrlxMhqQ;A~t8^)4oT7qt%mASb*<6ki2@p_H}dbTyY{)3sWvj|7FzS&}~my7m@HsLHP@*E##~o&d)qK%HtDBlV-ypq|D; z=_#caoyX6X925rAUZN>(m!=+548^iie?N`Y3*nByA>0;rI=@zQ>%^VP;gib9ULs5R z!rTgKT@I8)xlp>^T&Vx%KuMJRZCmmu3hnWgEZHxQGVWzBSt1R`>t4V8+=qlhx2{ST z(|}+165Oex0HXMtvMRQGRCcj-#k$FNoqMXxB+&8Z8Af8Q6%znyBJtwgJ8+8-+wHZgQ|Bp7IbZO5%4|hM;YyM7JD`9x3oG zS*pMb6HE-uh5;)OA?f$jS)MSNN`L;OM+W$sP9`68eo8%OtQ5J}d6!rfVoe#F*;RO8 zQx2U5#2PI>lPSkg(ktW^dn1DU=)-za^#PMUqk9RJ?!iB=#H?~-7C}ajNyi*?SLxX? zBHh4RYsQr17P6?bp4&t6abOs zIxk@Vo^+Vn;#+M6FJc^gB)Yvo+SiYpP8Fz?HC#0%<-{IQcwW=(#^u3(qRO0V`ii+C z`P!GGAC%~RG%nF=h^8bm3@eS`F}~3U)%Pn&(WPZCxf(O+E>8#rX2n<_#p4!g-FZgG zKjgI6TyIrk-UN@c=N?&Zs7l;3fqL~SZ|j3F5G+vJJLz5FU1md|D_JEuCN_)e0L{h_Z5X2I>wt{-AKET9hqRa_DwOzNVt?CCZ2{#6@jvkZ2}0bZcbBF^HzAgvygJz>-orL+5Jkk#z!e&Om<~#3tEHBhDa$v z$yepmb`8BKVI?MdeUh75@^C9m+BvXRRn+eVmUDr=n4hG&d`-(Vf{0X%)?`)v+)c3W zxysVpo+v2L=2R`TtS5=f3dv8mm&YD%RGjXM^#>jOk!Zh;mcFXc$Yzllog=JufxOyt z=BU~}nGfglUy2HB_^`(15Zxe&PYj&K7LuNEDA|4mSdEsX$jtX30O=u3n0${V8_0<8 z?zdOUV3d66OF^9xiIBhK(>alQ1^(CBL8Z!8pX}db^E)g1DiUMeCE0(U?4_0Ff0vt! ztgXqLRC<@QKXPtaqw2T{DCgDN@f$lFZ}NOVSFXipvw zh#Ck)CW*NJ@h=!U-Svl833EpoQ;#xZh;>I9Gx<7ax*++2T#~O)B>!1Rev0$}4E!p9 zP63cH4?dCl5d4MC{XZ9#HfSx8AT5Ozb$61LQ1>et*wfq132AciEmGQlV&I?PjjT$$ zT++6DE*X4-SLb{GtExs=*g5YR^?nNPP&O+!;dzSm*CnA?d;lP3ELoU!b37sdj3)w6 z{#5`i0`R{8NUdYtcYueg^*p!MA0|MGvv|4mN>x~4*I2W*CwQ9;r>tE4K(k7Levz6c zsY<9MvR<1DrHTI=Su3AbD{^D$)!=wcV�=&vIjtg~VIf!xJD4B&8mX%==t zzKqD4@eu*L2uQsuTzUV`saMn)+%9QRYo{YTQeY_dEvndR5Uta&k*xo3CBQ4T%-~gy*y7MZjfaQ`xy~&Vr45g$U8$o0|_`{ zye#=|dWVF)PH~dw1H3FrNQ~<;@{_Qi^PII2%{%5+Z+C!KxL4P_6J%4Og!;9+f^kdpwif z57|6i_eqK9{Rf;sOG-RyXT7-Ks_2ovq06F2#)kc9 zmR$s=#?f19p-=b6BqXmh_-C}#4+3Y!{ctWD$r%)tss6nm)0mvAMe`i1WFhe7pv6Kd zj)9*Mv0L7rxN2wg(B-qahIHuD^hNalX4CtM=>KR2J{ggt2S@v2@@6KYt4R|*I?fjp zFTO$B7qq`!WLow7TK0CJSQKdIL1-zVI0>@Vpl?N`XzKQ^^h?pB1AR*l zD9i&tmq){pr%mt9^uAzpfsC8tN|t3uJ#H@K!`VuqnIrk`y_2t`7?ajo>t&EhigLpH zetEx+_lV8LtA{nn_0nWXqc@1@+7yDc)PH!HyO1G4s?5U_qO|kJ6^J@5?3YYJCK!>+ z(P%g=K{nj~PCAOH5g|U`Bb?@X81o6;Trp`bziO@%+5Sn&1!I0Ix=M(7Rsk0(9~ms6 z5CoYkB}R<5nQO{caUIJ|1CVRszCoL-Jw&_doBWxIUoY{{?`u-Fa`u>WhO;*DCu9&a zPl=Pik^*%6Fu9_KZQfX6AsdXTZjyQM@P);nt7ufsWS zF(~JJ4S=&tV!umlz^a~}e2o{h^WyT|sZ(8jT*#=kHaqw31hAZVSDTe^=NH=vJcU3_ zuD}hYt0#*IGVNKiUg{@oE4Y%M(ZJv>%u4TPCq2YLzvP?5X%tSKlxIigdz;fP-$ILO z@`RDamC7OaG_YvKZlEk_JsC#pvG##%3<;+Vc zvC}J}mknf`o6c7EL;S?a^bpqF$MCzJAO4BH@;93}59u}#pZQH;T$NwuJM$cH3|uDs z|L-}Rbm#H=6TcRIyZQZx-?8are3l(;39sjQr~7`d`;_n%yg!uny^{A9_xnYjd-?sB zpIGW{$STvZ?|&zMu@Nfer`OguiLjcQe7ae0!LR~;^x}o3EO(El$=K%&jfo!Z6S^dN zw6FHUV_MftOU+JP)e=2aIQuO00NG_?>|1JjKS|@i?iYJWm%1LX$`otW*VL!3j2<1s z_HI?df7 zATOnvjxg=3ORSxZ`}mf#YmJ8mL%3i3g7{V57J+gXlR4t1_L1~H`Wv;jS}El6lrFs- zR~bIhXb#*llI`nHfHmK6=GuG@ZKA zpe=Vf1iHE-a&o93bc)&dvIn7JHtx`mo%->TJc4%h@H$QnVA<2X)f+laWfoON@(kp^ zqxeu!na4?r*c-m(9az1XvBSRQ?WG(sZchyf#t!hILU$5f+TmN<(X{*SQ_PJo8D`?Hs&U1pJ)JK-2ra2Rp=vN2tDON4QpPXWLc;0wS$y zaXd6uc`K;3=eLB1N^)%K^OlJ$4s1{1?P-2XnvKG=(*{O-+1>Lr{XTU(zE`-XL;?SW z2mz*uxQX1F?aL!uIqeQwvUK2~f=zq%XgEM7FtEw8vAi>KI?povxDa+k0=273&K|lB zyVA};WT-pS!jSEN@e|oFG<*+q$Q;aM7tORM@0E*K%6By1*v}g|k{=ozIg%F|5;@`x z4^e2ib5srAslrW=f~35$A2;N5U?wqjuUXMCvoqCK9K3=HTBM#b%QJTUa260`GB@uO zOZ%FTTuW{s7VbIX zxb^wb?Ov!KC6fRfb zsgj2-utC_707gZqF({1OF-v!!_9GXOXc9KSW;EaXd5OVVxK0r z()3ncdaw8#44;)7@66?hFo%LCx+WPZPHn^Q7QR$`&MiQZzk$OCc z^5v#7qa%*kMp381t_7L*4%n)6?DVsbsmp>{X0$~%g*>5Pw532*d}XvnmU}$mOQm@> z|43a49zGWfFu9%AP1qSxsQ^o>Rl9UV1|Mx#goBu#ZKLuXQ)Ld=Yx;EEB*Wrz**Ag~ zN2iWB?^|D6w^!2~J-Nx)B}7TJ_Ey8kU;4n95c z{8YcrMgf$+oN2LW+>FaXmmO3mG@}bgdqStWd(q|X-Cl3l*V!nQAkgmUsK!9OU2S&C z;K;GR9ifX{Z=~{m4wp2UX77<+MvsD)2-`c#`CH?m(e0Gc7jSpMdp6z7#t%icG~`l0 z3R?JSKe28V@rfyvD{b7XBbFVc=b6^>>8kpIm8O*#%WJK@O2!xVW?1!3O!!~fQcMhe zmPgyCV0OZbSxRTf3A2^-h$DHaJ}M?2SXGW$1faTPciq{P*Qr<}BjOT)LzelP`of;F zH9H@^bkoCHtR(CQLd;G}A5iOEzNTN3JVSD4HfJ+zWbgmo*S) zeWS`<;8gAwI3@SAP^HuB+@;PW_ebw{b2oBwXZW$5iI%QijK#4ivf+J0~2I8~9@3($CPu2ZKX#!^{NV;Rv1bHk&hpuH9ijZxF zC+uq~jSVsz=-yn^CeQF7?8~EfkMdUf9@rM$*0*B6-&ebL-bvAYMIHajZ`vI$5%&=S z!1%Ql<3>#5bxx;|lbw*fqlZRtqw1mKxLF;HRf$tBxgs&3Au+@V+RsG@sZA{2svb)p z=RtZY4aSJ-VtM8O4?LQgDKrxAt_WO6*^>7PJPW~J1yBq?>P})O=f)bOVg4tvlj<5i z%4FyL0>VNNR_c8-F~r+Tn$T36SSl2b`}v1dH{y_!`?*N{3h8u^I`2nBd81eSt*`DC z%0c%zuq5_1ja!8Yq<>GBUWlJk(J}7jprHrc0hAn2p4%2&(V5tk!d&smB_41b3 zSj5AbC_LAIk)JX^7N(j&k8vB;*ECiLnY~C6qEpD|w$0fEZLxL^gjRyY*CfIs*zlT* z6w71D%xP6XzNURp>PG1UhW45%691qZzxm7Y(iP|PjTUnWsmD6Y31IA9 zrt~YSzk!=17r;;E!PbWTU_&iU2ZVh<| zn+39UFF=qi5!>@9yNKyJ(6~AKt*3>0Mvyp1jg(MJJX}gG%AkJ}XqD$u`IyQFts$Mk z3Gl8COFs+hV1qaaT1JuG{r~9aCB7vWNgj#N$VzIPDaAf#1eNPVXcYKSqmhpB%zR-J zU(;DqGB-F8Rtf&#M)gzFJ}1>`He6pKCn+;@EO9|T5Hhq(jcT(AcL>m@P~Ug>z?KZa0&a^7)4E(1iJ2cZNi zxnS>bBgHNjrifpeIAs*qz?9UEyM5V$^Ln!q*x4?u9MThqo%p1X;1(D;bz(0lv(-8m z@&zD`=(hdA^j1OWyXQvw8jZ5DZ3r>WOx>)C%6gJys@BiD=I_kP)Z&LSqk-(ht!oy% zEo@Qit+DC3v4)Bjy~?Sb3s$?ZhFv`AK1wRf3|20w`_f??B>ZVTm_Cwx{0fsuZzoSM zxhL2j*YAoQSMVMBgC%FTw=(u15bc*NCH-Dv0YIlV!hN@EbT zoe?E3cyp&jxgrO5J%$*39u0tfP@Vld(XQ4{p%keBe2KQRzLc+EzA{-9N1pw}4m5Q) zEKrD2z|2RuQ5GDP2aYYgU~#I-FA>l1?YDni5VXgSbpAmq!)hn5T9nApw+;4wLf6nV z4;lv!`mOo9(9!)?yT9z9ae&DSJ+ondo%b_)Zh@IUm&NUF=TsP|mURukcNWwAFs3$5 zV?{ml+w*sEQ}*yH;{GypsdQ*6%i*j%Od{0>Vh6H_teL#r9JJe1>vr=E<)O)$0HICv zxg^h&!32oZvxeJ~3Y?dPY3-^Ku6ZA>)b!M~Xtbe;!G`_iJ7h?3%mdxxB6D1-xs^st zr@l$8*ps`UL&1m7h#vNaPG#AET>>tNiEhOUPDVFK7F~t_*kQ?XL{_k}$~}e)MB$gk z?*Yz`yL#I?V?`;mR7d#N@k=a48K9ulEEjRBQ?pmsRt%6@RuC(_PUopGw;>DP%F;|W zmnb{ejQOywj5Q_u%S7)P|E{LwQMfJxBJMvllx*6)<@|{JGjW{}k%#ivGfnHUIcBv* z85~E5&73!VOJ(geE-JVAFKi*)yA3 zU<)z)S|)w3rL)+AyRNF7!L%5I*U%LRoY7FQZWcp;vx}^H$4jAI@p&CD6yKUMieD)| z^!F)n#uRE_wiq=%?$Nor_RP7t+7Q_E;m4(;1XqH4(-V`sIC%UCxTT}4Cu?qVOx)gu zZ5iu;IJn{{XKie6D6H1w;MJcv7f_}QRko$5vI^ep$v3+mwBBcO$s?Yh*U=J^$;)K& z70`4fIfe8)1r9?zxsJb)SpGwtTPBTTBv^f`4T%nH?|fKqXiL+$p|p?)WpE==7MM$ z&Z?juE5_%>YV=KlpcDkXZmBXIQgMlCQElZrIR0|XQi9@~#t-8VS!-=EtX)Ct4a0(i zzhKmP<%o1k(QlX`$0AZZ*P*6(_WIbFhu%j!exK#LNM}HlVDisE+S#oaI?lNc>ZE(# z#M57~KXjec{nUHtS~GW1=v$X(YVB02WSw8t%ga)%Aj~ELXy6r!9M=zkvUF|SDunk6 zANr6cGn4r#bfLFGD{B+#c%m$Hc7n}yD1X4&#)lST&cpiEd6K7)`7}?fBer8s(|YMe zYWJ&r_kmAX(qbnubdsKd$OtOCWaEH_A(y5A&G?f#M%^0jf@}xGU-oHj!x4Jvz3k(< zN`v(A|H4>;=5b)$V3~x_weE4GA4{B+*i1YuIg5n+f?!k^xEO`-Q3bPL`qz-KTt~By zHKsZ@CGj5N4w47N)jpvJ~AiC75U$xgW69X+$74RRo}=a4z<-10-H#jA@VMqNHgwmvap@ zBD^)3Clins!jxNyxY%gnwn`?d!G?Euo57oMKj!kCdEisLf|`0d&FN~xzM2gfwJ0SN zThFrvVOZ>O4JG%Wy+wO)K^!2domX3vvg}*jZ-@l_hoVp|t(e|D zM#sO4f?h6po*!wQsABZo5QhXYx-ClqiFt()*yoKOa9^@Mu`Sb+yY51V^!^iv4N?R| z#+8^?ax-*O8wS^I*xu)=nMD3aV;{KuXQ4seJjMUjR!vhp2=zWtz z(Nb_z(`f1mznQ3u{Kz{gttc@jJB3irs9qXtSM}#x`aDHe{(o@5FWDdUd(+`UEcOZnQLtgs&^obt+UkMQ-Fl36n&LH46z>ij0%` zsm}K;HxdI;5zyVvZZ~2x-#F(QZrI=E@a_DF)9OaZE{Ft(BG>K2+|c{o&`i0WQsE00 zenpvP=%`z05%D*FCOuJ!`0#N|aHN}NiFc@Rkh|109Hu}rU;U|WF6O=Aq3nsk64J2QEOC&2BrFk42Ns^5 zsQEB@aMbJo1Jh4{>p4lIY*kWbG(CC2@I=i+(SyF(=L7R$HcT{K9U2i$*Mv@qrt3q) zQl~M@pAb#=3k^;kA5C8$>K9FaH(b1F6ltu3Q@3oQ4b!R5Hl53N>Z9A1eaPp-?r%TO zuloty*TrRr3*7(p!&EZ;LDnxj?N_}EZ0-N!uL`(hf6_=f!?jE}EF4pP#vsZdBG zjp#r7;;%c_1R9wEf1fj;g$A=f($2eCEIPkyHtdg#zjRpm8q<5!xAvxd{Al~uUSClB z*T%y_!_10c!y8MmwvT?z}wDizG#m592zN_9Ph{xZ!R-|l?Vb_kF zF~1U8f_7-+bh84JI61anw>?yKMWUd>Z0JJccE%{CuVXUuv5*4^a+ z8WxxgD^dXchIfS&BQ-8ytMX7eGMMO*JJE0PL^45x1eRZ!^Z1!E!`$p=3c9E$k&bcTCg&oT-XjWlGqH;hE2&X7h*i@dyl%9&m z{Qyp}6|U~4k*fj1{Nxivmf?Nb7jt;YCd;mz5ycoM)YemKXlUgSzwE4)FD+1iD3KhiQy&8pNg6i3okQT+D$mEeGLIPHBmi~JKB;vy7> z-pZqm#`HMH{Ya*siz8&}x0Me_)>`6{3i0fGhv{VZ*3qH9Ms&gXp3vQJI>(y2? z=YvS(rnTdblSEk0U*TwnMO5KuOEOjXYe3ie0KqG|Wcxe~W^5FOp#bat-6NEJu{!qK zWHBX=443(a7(O}O3@zKk~+96aJPv^uM+dP8SYY#I7w zg>0Bo$m>=+-=Itk!mH7kDm~$=sVh8!!mCF2VwWRIAUYQnTyR8j!2##dGPvL)#VSi9 z;PzXs(hP?6d~y$=X2LEKN*8(fxb48^w9gmVY;tRkYTde3Ok`}Y&~qvohZo4Spx-S* zP+*m*dr|T}H>a`W#Il|gpzRd?vCIY8PSvdfUbi|i;6(zdjHK_^9g!V*ukJ;4J9jaA z7k{B**<1kiiwz2Pm1#+yzNQhxm<@Hyu+A=lO3vN+%iv9r4N)~~OeV)9BW5HW3I3RTm-EwFuCC2VRH=cA1@OawP#~BG8^uC9TQO zuhl!Zc1{Gs-MmOlr}3QAsZ!yiYboTos1((AZ#Dm|z~ic>WpP8{Mn2Vg_d-NGgWV2* zJ*JdL7yC)aV(*}81p7X0`Ruxg+qZmc>u>h%jMuX^yEsA;`L5VGYuwSwoBX!qJ2@Uc zt7R%NW@640L3^zLaX-e{!@I<`5X-8s8R8v;j4a8 zy0vxd>RRtU?fp!8_w^uPAD>OI1rq~h|KL2bbnbp`$HRQWZ~fixJ(7zEmyu@v>;Bhq)|FVnX}=O5Fr!zW86y>u3-27f74!25Z? z`bW}Bk?G!dlXk&y8Qun|g(PRg&B6xZp)7Q+Qu_kNG=y|#!AQx`MaFO=BqcXuq02%) zaF;PGIKvcV9{~(_zeqkptaA=>DWhn~!3{*vBM|^9Y?0YMF{Gy)OQf~)!UN5U`{m6S zdqzN>k=EB&R@5fOoW)*xYKXMDNEEMP9?KTKaaJQdGK2L(RhTp7A^@rsx$ul|nVJ8L z2r&D81^>=XpgKdd!Xp5!i}25Axq)6>YklJUmU5^$oUPE8b%c@FYS;lxXDsN!M};hr zw01<;Q{8I5fc>{D%nOM%TCN7Ob5#bdTE^G52OKIvwp-hQ>NaK+h2HPYD77b3ZyBrB zv1&z=WuBvTcAI2tL^mn27|TDD{$Vll$7ke=T)EIi9z`aWN1uRl~GLL9ybb-GrZXQ>3G9}4rl23JH6PG0a0 z1j24M^mJQI2ijFB{{ThKqi{&_2|#gJDLR9jIdvhWLV~^4sm5T*CH7XWb^GejX?6Bf zQiZJ?c}x4tlF|422E8vD*1f`isf%RJ|PK# zZjzw&8LFZYuk%>VQ%GktU*+Y?Ycwt}2M?yD`Wex-$Dz#=nr1YgX2hrF1rv2RE>ms6 zK1eKWG0<@{Q0R_a`QQyrb>5unuBPG7Ff@S`we=wKgvYwcofn8Ne@j-{>h{P{|3Qt1 zWL?NUzPH>!v1r9D7{Y7CI%TN^bw8nBR&X z9X5Li-KyQ=du;!#etd=|GgHP=JTcIkm+43kkc-=q9u}eZog3)u8{inp@G3V$wedfq zL{RVjvOQMx=n3KPWdv*dAqq;zt`|Y|STWY6TUgg3VD%Nv_mr+6vMN5{?4bP%sV}=( zpwl}n{d|E%oahnn!dC!qyfUG|**r?#3La~XtREQBh39*GO=(!T)^h#Ts*99S@7(*T zU!)jDca5Jl=X3g_cqJsAujvxrqlbou&WRoxu3i2_51pWIn>7>5gfO#EsA1X$WvSx{ zT&4oCdn8c$tv!}AUuB0XUh-Y>5+qipU-p-E9(cXtfUo928Xi#IrwqGo6e$undkyQ? z^42_{!XC?~H9S7xTSj{6NW#+F!d+mi==3c*O~_TgAex>d5810M;XHTrV7|LI>5FY3 zJlguW(B+Fg#edhN+jq~SDn`gI@GX*QcBEBG!r|e#`j{qZLJM90CI#UzM(B;Il-6RQ zLv^5aw*Vyh`UjySEJaGl$FQa3qtql{{1bLJj82sT(9HPHWd`2^IQf@;(kbta5EE@x zw9Fi+>7b>)PsK%Br4I9ai~a*h!1@p$A5Tl&@_gbxo}G;nFMn`RrkkE)Hg*V*VP6Wj ztR&L3hKwvvuN%s%ZjU2q#iIab7kOi{Uj)#I&^mTR$T0H8QIvMf5F%EdkA73 zpkrT=zxZEm1(m9_=~tQa8j+(^++~!;WhIxV{nn~o|G9pMb5c^YDoG)P*8u@#C zAyY>46&XwHHGG@V)>TwDb$T~QO?zTZB&T1p7Mc3q8p>tIg-n){t zBJ-$1F(1++E|;E2ExziuUuWZXA%|#Tf%gXhrep!)H5Mi~`2ho;+sM8}`xMR6A!BdI zE4NdvOZz;Y5nXU^_&l+&K3lPNiwD`!>M4cz03K&*OvDoK))E;G`5sShM*7>MGyK*_ zE?B!rg=tk2R_i8(+aRu;yDzqnu;j;p5g~O&i~E|E!mR8R?hcfr1h8j;|Lfct-sPAA8B;iY$#poOKf-oc(klgY$)|Lh3Soy{3@5uZjU#7g=?K3 zt`LYjUXewdv@@nl?OmUBOt~#IaA>13lm7!5oM@1l=2sg1f!p5cMC_l)R4969X*rCVfs*+D*(8Fcv$DQV5WWZELLE#J~V za44U`D6eoq`{wDS$yD?+LzO_|e-`a_JzO|F`>Bqjc zvkHn|H!M{xXwB`?km2L4Ev(2Ezu?>Sf-%nLi#>@b9FHfK(|NkYvYsl`n$h+nCKtyq zIg2P&sP-cj+wM9;nHy0Cj5!*Uy`^~nAn&>jq%c~^u9*&&LR?OcC38-Rj7vx>`j&hS zgA*#undLD@Iq^=HC~dy!Fd$}hqqG?fBP@+>-^GKk*W}CIw1@@i zCqX7IEOBV+ck`sSjp*mb%;9Zskt@r14~2+K4Bg4Ysb}^Zu>UMVNVZ!8`F|E(3RL{V zw@5phQ8_z5o&+A8VSAZJ&+_%|;x=8T_)G&;1Jn~0#*|olo8~01zT_QkQH;eFvvLtA z`<>)dn^5kPQ=I)$9F+<|iz1-x9|23f)#d;B*veurk=20kGSo#(#RAs*p0iJn{%z;CNO0h!53Q9MNpm!HHaQbakT|VV&4$UMk%|tctr7CH1#W|s3laYOi zI=?J0PXU7a4QsK;WQ5d=Sa*21t@=Q^ol`el`MW5IHkW){;_anMu%lowgI5Cu^L|=Z z{#P_sPi1N`inHRLNBkaiQX^qmxa9V|A`8&+$yg3B28g?xPZ?~z9)D=G z1Z28Ndh<9r>*<-fFZlsJF~AoT8v+g|qhL=b%Vd)Vcq$j*e-yxZ0Hkh% zmiuyJ&s7u~Lh<)hRtQ~B$^>wFE}-~ZGFoE%PyUr-(E!xs0&G+H*h2I$g-M2oOrxQ0 zIF3~IV>)gB+_WoI+J8&hx2~1~f0KaJW`q6X#K3oFZ}K_;$WrgzwG#LtdEisc zY4a~;Xxk{7^sw;Ivpl2GD)GgZ5mR~8AU8@3Cpz}lf(335q+dzbso3MYVoxxCts0!gNPsm-iujmgMYh!afm=PCpxa;@T$2mzTxZ!G+BUH0)n zSZ^mQA)Cs3^rtzM=a=*?;&CB4L<2PT0H~h#0|ju9d0_G8kb=HH@wn@ZllC( z+eES4N;`Wb5Y0ygo>L3YcVK3S9?9H8?O)`sI-y8*3EISR2eigop?~UH;6oap3GTePqKNxiF!vyiMioyQW=q}{ak#c?ClvD;2e+hB1fx| z zl;;B60!}Uo5!Nr)042EqqSP5J`=r==slIg=@|`RJGB<`}4ow(jLW zA4(*nZYGxP{|Mm2CA0fkn;Z9uni)Qcz;{%jPs!o4Jf)K4GZO0Kf>LS8;h!jiBWxRH z6Li%2d@R|An}xloN9k#Q-u|(o$a&0R`aPT!4QlfD5Fa9@?(} zigN)phC%@-))*Yj6SC+M;#rjx07olPJ&buBbzxdtT;6=wIU~q!o#x4RlRpq$I5F^- zUxjU^VEZN50Ju9B;D;)^X_Uwb!fncpb@FZvdQ~o{F54_XlkFd~e*D4J+3UxK7;~bf z;FntOU0ZM94xj0(tVOMt+VutYL=RT;Klav~N!&spT?Ot zo6JWK$KK-qCpH^`m$VKcmtg+A5t4&3T|WwC=5BXNW;H%QtUgVdT%g{&urW*jig5LR_S^y6g#^ex|F(380(-2fxe}`dLGS?L?9k$84AGgr94zNl5;%zRstn)dxG<-zKJTF%Q_AduS^Sjp4wq8U(d zsO;JzWfllRquoQtEJ+B?j(;+pxK9|V_&;q$m4f!&bQcGWdznrZ{+OGZ>tS?d;#E~| zHcYz3%œr)#Ix>t(X$)@X^TjA{!!nC$P%mQKtM(*$WF}uBtxu9J&jdL1dGpm%Q z&8g#w^_+7l5|nkAFnB3TPgxCBSoIJ6LX|XilCg<)PN$CZd*|L_RZZjW`cxkch&98p zZIF64sQt`(UdSNkw6#$=MFt^r5oIM&$b?5dTEj|!BSz7dNWV;;u66Y8d`0k57% z+ZtNZ`6E1*u}4d^l`?#|m;^^098^;TK!3bt8j-2*GDTJV*kg6xgZq;oDBS<$(IyrM z&eb`%zn6>q{2biBkw{e+`Z^UEAt^XSu)*xNX3<(wQ7Td@B!`6bN}(`YvfwKpyMV;h z_ge*#(Nf9(%=I9h>Uxk)3CZl5Y^NnWq3?7qRxiAp4ZjviP+M^%{A1<0sd1ag4YAyw z=~r99O)`Ab$3JHePxo=rkJl~dpV2ZHe9l}JrPf`}VYz)cc3r3_;S zGVo8ia6eUWqKP`^37n{_uBv;$5vO~wT`s$^1ybNCWo!;ckLWi44k($E-pHd(<_*qs zHDX$_HUciQr_D3vd*I3*yOa0|)#No9L?s&0@q$Qf_nkX(5V;MUK{PQNk+iSw9LYL* zjkHz8Y%_cchx_Svl||b;-p-n7;Pkjo@~v;1YR)q?nU5kM@a~zS9yYKmL(z7;DAK~6DxW5#RgFL&U~o>!@6!H!=itrsu|Wg3dBBbifK2l0Mg)n8lJLl6bWHXWla`9 zqarjCi87GnwU}2}lXunHGm7fC-*g%_rgiks9p9C z(vzk$axMLo^hSPP<|(W-&3n;^&KoIC`aEQ1L@wj4TL2;pyu7CLYaXwnC=!~_>tEy* zgRN=g0FOO1QU(%4hFk=o=0^6#BjxzhN`g(RKo&@4_NEv2*k7*W&fr&*CM-f1q=?ETWiAv*Ox?6>>uhd!lU9Il!|j}<2q`uVW(O4 z0yHgPxm#@g8g|!u|C3c6a*>d#kbRP+Jw*n^Q$v-79W{gmuIrM;0Nz$0VzZqL!K_?wG-%GnSRaKhq;c}uZTM2-tdPc8ROvPj zRwG@>?=tVn9C*WiO*q)M_9`z+pe4LqpU2feMP~6%-fzk`i(fUzO>MtR@IQvBNfv(L zBctUvg8vM`FS8eg|FEdt>{y;8wusdBtRc?a%hVE8MJ8L*S|JQz2RL-%ce|GK4{>l_ zXTc#o99zCS`L0&uN9JbVS7rZ4$^Nm+Wl*GK2_Q3rjvUKVenBCHs~p8rAng<~R0Q>n z-czu4ns6>eEEqQ78XgPFCY;A3GjSXmsp44@Eu|agntC+#2{Kf`4t0y&Hhsyz`@(EJ-P@&w%B8%W+u|KYg z8SDmvS;@dP%UROHqX)f#6W=$Yy9y|S-1dFI>87Y`LyFBrkC#z1QG-T*(3m~YOcXx& z2afspTRxwY6G zI}S8Q@xYY{y?Kvm=L=<5`YXnU18`S~7%qS1;l8f5ABa0|0EcMYiY(>4(t86A;BBr-6N==SN$jJ2&6KyGyit)u{ ztuCuUnk#3FENXZ1Ib38W{OyI>RbsRQaiSUkU09k3SvH9QqkCHsl50PgNYp0g4a%1T z6o;KwS>K=nP`h=*TaA)et<_q>L!A)l!frx$=`#s(+u=>A)vGByJpAR!jvDlx-_g@R zeLUl^a~flV#RWK6jBB54s`Q%kTopl;n41tJf7gwWTZ&~u3-_R%ri!oOI@SDy0FPpt zEOb5Re7V8{t`HYYG+sX`MK4#(75cCFRxej1Y|Rz#DRa0&aJCd%v3-`tqPC2>GAJu$hrLg{o1z6|0# zPn2@0O%LvYUqN8zLs>r@Q&rN7q^jsxnW~Z=r8=IoUz%1=1GoiFb?0MhOWl8z?(o}J z6_mI8D|XBd*4ou2M#8`{erh@HiU zI}V@DOP5jB;kT|Tz#(FBpXg3+^glEj zJ*9}%Q1P3Phf^YVGb4*y}If zTfE(0-rjNW^aEW1{O+`-1*n2C^opIdAwB>ma~8XwVZFdH|L(+){^kF%4wS!J{6_h^ z9qH2#ykR7U^rKyd3@-och{FeVH|`Xxr4e0bdRux&ZN)n?U-Yfr-f|S2W!uRky=BA} zqihdue+$^;Gm1}(Zuds_A59H9@T%b@IFQwEzWx|yi;(D^`jivLH*bq%rcW6nctMu zvYw##bp6)01MdVA1>fXbVry+hh^+@?MZKuC&pcz3@1wl7oHH@FIC!hf>Zr-4V+9#-#wVk9sN3r@e_~ z(-88}!v!-3F!u;C0jUh-mDBOQ!nxaY6c=1kc}T!2G9>ATRwQC{(FTWf7})Z@whJVE)%E=$zt&TQJT0^Lr-buW@RAgQdeeh9e`rN^*m$N*VWAU z99$P>;i?n@*GKrjnj^X~DWlOUB}o2}f0;ZQ-8@j#zc!C2aw=rYy50(r;}yO1Ug+W) z`hVbh55>E;>_5%IrPi2K;^btha(LRbyVAFO8{XjwgW z_UKQHhi7S9`*sGNzY%w0x@?Zhsf8eOgUNp%75o7VC!KFeMy z-)(IdnAj?bwU#gAL9fP1y9)gip9z0k9@h~0t&O|*@|PX9UN?MCeQH!Zj|o2uDQl!t z@rq3R8~~1g1g)0?O_&8dtgp6Dv=i)$$=MMaVjA6`yt_3bl%to{3!_?}8I4C92~l0{ z2!;#jGB>gV*~V6^$NAP60&ImXkiZ#>Mxsz)?~2!(e>wS}!4jpsJ@Ra!N ztE1VTPa5);3OHw~1}MAgywvxV};xRAP9_Gc^Ec=2D9pH`?oCWd11jLI%-4$r?c~4PGW=i0bk7 z8Y#MOu^8HL%eP1)W_DC-3t-F$j5NOYVuI96Ts*us@!P$;y3O=~>>f)D4fdckMqQDm*N@fuv62V&Fw&L$-Y2EY z`4-6%8Fek4)1R10F;qK=C68j{GK|9&FLURor9uqrH7?%6DX{f8e)!HBO+?n;40z?6%MX! z9zU9;QS#=bSxgFAz76k{*Ic{-2{DusR z_@NLT!Jb;`Te=r+m98GD^V=Ima=~%az}0pm5pIV)>>Mmd{rxLZ3O`cPc~)W4$0jr3 zS}G#fQs<~LNFBHm^hYk~B0&`n4eQ*l&@8}RQ6^ZGQ=%NWaTMDziIFph8j*880NT%CikXo@?hIFn3U7Tz(kc&ka?*bS{0D3YZt2{E5Jorx@U?&f90)$-21B~PWcJd%6@*r3803&&Tojk~iJjm78TyuQ9 zx}>@0xOny8=9f@SgO5)YW>%7a`n`@Wk#|JFtkr%IB?B(g@nb$mE36Fef$LPVL z@SDBhoqgj2wl&vw_KDYS1H7}4XCBW2p7}iUc^2>l-L^uWpxf4`c|a!*jvs1tts0$~ zD7?2L&t1lAOv^QHp%WU@a=0Zlq%kdC*~7<8O(sqhkIz@C{~`XDxA!C;yE&6Q`(QK| zZlv)THi>4%l5o3e^;PHT5S)qwo%7GdT(a+lnS*L|_V4QvlDOpy4`OC4D}c53N?FY@ z(lzJH%IbHq_>tq!1LdPmeN={6vc!&>WeXDG?RT447jPo6D|N;Ck~2taDPse{maYt8 zqBD&y#3~+s~nbaL%;>ktB=S zzNRIlYm?k$mhv#sEG7kl*3E1f-`XYRUAkJ9#(c38Ns+qVXncPE-x%VeU*ydi1?_&4 zOG%uEd1}+(IhPvgtItnO6ol0vOr66D>EGF_(<^f_e6CaL2`z8&>a1ZgOVcCCWaB{A zvj(>1l`6!{q|;r}iNEXv@ay^K7o1w1n!HZ^U%>wi|75cax3S0(dbtS3T_!+^%JD8~ z4PR_6w8;wfo>cGgwWb$P(A0jN#MH3cVQq;X>Cb^l!h`lr)0?aMaopJVTvgF+>LvyD z`U36E`FKZ)FQkFSb42A?o{_m;Y?uF_-U>Mou#>D!{^hB6AB0XC4=sTb%D(gt3>0 zq_LlYUBZ1!X7EO3{+w-ZU72@DWn#C+a`VmnPnH6}h-%oEHKq&bO!H1g|M`LJk|%~* zJlcK^lrx;(pg^SGExdrU39@R@U3o`77da#bUYd)3u0k)?^~nyjL3IL-DhglDQr2|e z+M?)t3p?JEt6t}LjpCOLdNGRdOtHKC$jqVhb%-@u#K<8zM-W9n_i~d(Vqj-3Sf0x7 ztUSQ3QDEsJ-;w}8wmfnCJWax9bQHF+Y-(^P~n+FxTaM) z;5mwlfe!+a)%d>x)@WHKRd6O{q>kp~0?3Yp(UK4VX>Nb>^a3L>J5M+`cD!(~obCD# z^}vNB*u8JdGwkbUL^tDB}eN5_CywmU9o2V`6Z;ZQYhA$=?u|fN) z`r1Slt4SZ#+CSuqjey6?KUp6N7pi5Aik-fySMX?Wg-_#m0>450`jovAOw1eD2M;mc zZA#`d)7VyhHnmb+CWjW977K}ZCXLMN-yh>b(|V)%y8Z*=CHx;4uV*dbFuUP-(amy| zNPca_doy28v9~(#tm>RP*KGGssZy~kZ>}nUhno6Pet2q8f1Vr;7Y4$|gIB&f`^ZR# zZw_qp%t+oY1I6xuw`C~74Vhvyx*J!L8=h6LAp<9Fo6ui^;V z(g^e`@owF>6^zz>vfYUXQ`vx{N9(;gT<|(?i{&9))AVzxPpi5}EwoFUHhsgZ{k2H! zVPb`>k`c&_CZtIZcq<^}ZSun${7Q3lg;O8QAa!CjRZt zA4c_9dbmDPIwK-!NdF$LEDP57Pr$54`n;a20Kp z1yK;DNPR>V>VY^P2+1c;MR~HL1{1|1!-1~oUd||PO?q>Y<%Oq$Oj4xE#=~QZj&O+} zD+w37l%xj9cR_e~CSSF2t0hlzwV0?XfvG6)#U7CW7w7Qa7*-ZzI!2MMP$Xv&;`|0# zE?b5uf8THYD(%hGK0=@Tea}#gF1O?y8MWrG$kye4b0%usG`6&yap3HPX!IX@qt@lp zqRYj!E~j=OjdTEA?qg>uOyTNsA3KfeL+NrKJHtPg;S!&?^IHsis+n3S|NRwz58V~8 zZbemNAaj+ekBu}Nbb#C#w3n|W+g=MrVM=}6n6tWdR#Hwe2I@0lY{DT+3Zq+&)N-jo zk69zS14}&uZlss5;3IiDqX*XRM&swFAIGRX%1Gc8^50@S%~{JAfgnb#J47q|JYQZ; zPHvMl1XpUU@N-YSs4mA58jNln4PAUS@x?B^(HR)a_c1!6DpqGe8Sw?9^U)E{bsj&J zipRT=XorhQ+@l>XBtnG7vx486S}%3mx-UyTI*ox#0&n=8mJWmXCSS9J0=Z3-uAH7E zJHT#TS^gF^>bItDud~-kPhuSmPF5$L-uJ@J;VMD)+hUA`*;(W`d=>& zfz@STrx7MsWOF%}zToO_BjtjtdGFy088;q(2kBW9dkD&1t2|leQx|nK?oxg5z%~Ml zT17njeg5~%34E5c2nX}I7ow$gg+(e>%c)@;O1)!5H-1PUiMGXkl=Y{%@N142XFylFI!1}G|MQma>9nZ5i zF{}T!syy$us{DL^d@eRVA3GD7@W{Eok6EygQwJ^mG&|0@djLtIb4Z9u>CAYzS-(;t0@=MSwID&kmOq0WmJY*T!MzYGinw7X=>w zCuOp&-{BMuh+tl{I_~wy@AMjpYVLOlOoRPyA)(Z)n0Gw#xEM5cC;b#oQDaJt!_2V;HK7Q-z7ZL~8Op)mFuQy;8Fm^wc3^+QwywyxU<~X=$Z# z#piF0H=G}@`bLl?qJ}-(4CX)m0us^$)!)*MeNgx%5jxGwHd!$73+d2;Gf}tQX*r4P zS<|tO_?kWj%uGxw#!wd@uG^{#(O9&OFsV=c$9>}yMb;FUjfcD-@I^lY{I<^g6Y>pv zqcDSYxN)Cs`*DdMP5i%Je{*1Kh)%K@qozVV`!?Drt!JSG#wX>)f1DqmSRjXadTWyN zm5_!n%1MvOI1n%g)4Q{(*?9;CmU&U$ylSdeWSdOrs-pAT;e$G5Kjv#%%P=LHWOU0> zZFWpgR|c%`v_Qq0ITQ`Q9`^h!EA!8WiH!pL z2e-VI-_||(~i3rVu_en5T3)M&=bCsN1wd#k7)U7Hf^;wGaJn7v^KK0_ZH#0Hmf9J0Lf9pGwYH&juO}Ulcb;L*4lz zOp_QWoA6oW`W5tf0xfsLw|`YEVIF7VaJSsTKdBJ)n9nShM?qeAtjq=<1k-qG?9cLq z=hi@<(H#>_9_{A$^2JVp3=Ymhm?!xg;K=c+o*Y%XYfW>UK)so%X{?Ffs`UjAN)w35 z9LpQXLg`0;MX^8+efrm0_fdN2T&PugsF}59=@Npfd74Xzj0;XHR(h$E-N+K=8*ZdX z9%mPkK`Vgp4u}jEjll9wC?HDN>Mv(|nT3HFJlgsSd>Tf>4tHpH5Y`*j81zvI=aa~t zJbdibjL4cioFfyJmQuXo?585g$E12@NU!P@Uc_5N9zUJ)mdRpdkX)%c=_(mT|ViK~GCkg`!&Hyri+knf1XatPW+qOp3ghhq^ ze*e0+dm1&*_q`uFeebRH)TvXaPMtb+DpH1DMcoH(5_K9Ml`2>s3cW=@1IGIG=x`c_ zhwR3wD*cZK#CMFVJ0>gfyRqu3_|ap9i^K`)JA;)K%&ght3SB92hT9~GH3+>ylQTG@ zV-svxe_=r9L`s39K^ZTB)#Le5?JsX(JXNzq2hU9NvUN%v#rq7sJ2q3TF@NgEiWuBp zR#COicUSR2Zfg;noE%Mm8`q=>b=Ojg_I*5b%b3Q58Mf%9NqK3?hG@hEiVn+|bM|@J zlD3I4$S(G>isp6xdBvZ8qqudUwv)h8CW=bm-2)j&VE@kwwx%*E*v6XQ>-jAx*e=t3 zf)VzBl84IX^r&q&7LuvGZ8cQCs-7Qg*6`l3cscOIha%=LJyz0YN2DV&u=PmqrMmU} zVC%G!*7HhneqP3%IiJC`!n*9@+fy=+GNc4so9NQh3Qx(Lc3a+p-~QAc#7EusAM|3f zO>U_C)|5;?0@$xGAI3CoO6HALF9WyR4ph{En)n!g>*HT%@@xXk_*aOkA*ecjvWYm} zD3^5CDdyA{R_Ev4qg!tYwq8);0V4IH3_M@)>_pt3z;K{gB*2|+71XIkNJa8)+-VL} z&~0y`vJxLQpm_$cgy$|9&WZS}NrRVU#Fp;(%=P;~VY=7bY^!>dISXJ{|AU`Uo6WB~ z{U|i9zwNfr?1rYY2%5Y1e*v1m@BY7s=2Q=wD+pz?(aDX*5nE@2HMU>x8Io{-frg zGVG!9!@?`S{i!iax$gaOG-NWPx^90YV_lBD_;l%qGLu5wQB$jsI@^hzZd`s0QBx1@JW4ZfG zZ!x7j|G1Y@)I(mG9k(!GIlkirZ1|HHjNvKF@VU7-_df29-X1pR&5`ALGnVVh+noC^ zdU4+A>BVE~7}`c#abRFVbjaIk*=*h);XQFg+W^Hr$q#;KByF{6?PbiH+L*9C*`*CxI*|FP zVr5~JkyPB)UvEjhNk@^L-8N8c`<)i^EaKp8T{SFUo(F&a<*Viw z{$A$qb^iX&pBaXnE#UAg7Qi_1OMZf&{aXM*DB|rA-Xe}UhrX}=ChkEG#K%e+mzKqg zYBGe6K40BctuqFK=ZfU2G^K5PAv(yi*+}jb1$Ke4hzm{j7Qil4z#0T?0svgY{zZfx=ip*KCEY`H;Ap){Jcp2r#h?XK- zGu}Y3kMu{AK-EaJON0e0(%dO-9I^Ks*A{ZF7VqWvLUPs(0kE4c|L88SE<-|pAmBDX zU?f#!e^%hHx}DxTeUZGIawa0C97A4zYHo(T^?a-Yh)&m zDUGx+hrcroym*IoGoyG#!QdG0sU813I{7vh3wYv8H)2|~)4c&|W`9nqfof6~lI?rN zOSp@K*x&4Q&n2N!y(<)Xd!mV|y-DpE)+f%vrTg|qr0N*goBM(6EGlWb*By5X6^*+h zoekT?B0`2y=pcCc)h4Q86H#4?@{5VzWs>OHbsNv0n`LlO3*lkmJ7<@*;za20xZ4ta ztreFCM@_yhn5b;1dnGF^-6 zI=TPYJC5hvSGw1peVlZV)J3v>UD&NZWbFU(lQJGN}{%lkP)lPU7N z^z5(D+z}Pne5}5Qj&aYa(qX7h5zXy7x5zDdn{*pp9sPl-(HZlQI}<&Cw|&wPdGSpW zj*Hk^V}n0TjEYvh60;Aq4!N>5d?iYl^|87vcS&&w3#Y{1oUpP|CVitDgYVNH7)}oL zrV{S_%eg-z&PbR8ixzCfL^lh^hu)!rSlV196YT{5roW;*%+OssiZ=sY1f%7zQzQVM zsMR9NTH~8K;!NC6b+V5!28Ftv=ryxYob`E>nM>Si5X2cb5vSM1_dyg~hGI8jc+QP{ zP*yXwB@Z1nZ+0X(`ndQHV$%-A($}?{i(8}E=Z6=T6`=tA3A@3q^PIAP`<4${NqaQ=!Q<}w#@tpST{$~7oo8_$__h~{&^v% zeC1++CTpGTiE6|a2%tt-G$i0&2LJ^`!puJP$13vL6=uAi7->FanCv-fSo0w2?N5I`C@Q{wH76&kgk4b>9D!F=4W$pciyB)*HH zd1@eW6-m`C7t{2&q}lz%m8%i*)Hls}D-geUVZ%R2GOFPn8Hr@i@RQe){B1A!5HC5L zEAh5h>B&@zb)eV&yvSy%%jn{D4~XopJSy@|i5U{+3i8ypINR|)GjElAs&2rVVtEbk zkfzox3kTJ18+BZtcu&(MAI*w^)!sCYMNJ#DGk%JOPEF2dMjS3G5svejDd#QCF&U~9w z&s~ND>OPDQFn$E%RiWHQiYuA@fH#!9I~Koe2zjD9)NIDkK{$rloiH4ae%(^8k-x#* zvbhvQidL5pX6Sse2}r!#6YUCzd{AykutS1xeNqRD~o&g_!=#W@^i6?z&W_1WKGi!?<13yG~s=H%k z;zTsqQ#F4=59qFs@M}R3xPj0t{&|}wnP_wRjYH~2ydm@oML$8|U-!$@k+$sb3KVEK z4000uShu7)L1-yG;z|kXlfsNGuxau&{6B^P=US!$cra*{v>xiORN7yWK*Z%( zu&Z?c>dzpgp6lY(o&_O<A*;HFby@lCx4`$TK0UaJ*YbmA_(2WK;rXze{IDpu_DoeRg_vvn zm=Jf|3}$gtR*1PGAJaKrI?e#oclWR;Fbn@y*^vk!%Z&$YRCkk7pwkdRvOu-rDYBDFiMy+k>?B=2*Va@5TSeP2kuG?*jryypXj5F z;1ArFD$GXk>yj^{2AN{de8JQ6T%Ikzp80NANGX#hTAvv#xS;rnGCf>=K-XM9N!lENeZVg9DM$)*CBY z&)4Q@>$IxY^Nxt5?>;gL5vfGeo_F0=W{ipHtIt65IfXj{o*eQh1qQ5^7Ji|QO~@o{ z(7xj)xT93u?g@pn9Eheb_$)H4BQlMpMcr0w(L)ruF~CS|=-OBxWP-+uG995YEITM> z;lyBTq+}u7y|Ih?)gZ4fS$YZoj=8kDzhC~@YV5Qrn)1+RPeObz*mGVUr7|g$* z7X-m!9Fb@&XT#o_FGa>iZbbCj*R!~N2q(xHtvArPhAxiJ`Ej~crYmfM=U|ZWm}!R2 z{`7|#NU)CuvuYvkobdUq9wAMQY3kniwT*N<>QcM}S)`Bi1_{TQZm*DZIX?$y--wYL z#J4dNL;?{}UIg`B%9CMpn@5){4T@tr+#anVuT!reW)2i<)|ITt5&*u#jg`=m!6{v9 zYak9?NvuXxy(v|4y_Gr@%*wsY7&?{)^Tn!A&9h0Zpor<~_BiXGS(Sl!!di)ZF=FKj zT29h3#JRtJA~$u5OlEBC>M6sNpett;Zc1=&L%rWAc%BT(+RdvAhaeG>XO9*;AB5{U zWe&s_L>v>2^cv?Jdlv6_UNIc&WBTRz_ML!o3)BK83`*Cd%Q8Gi=qxkn)XAT2bYiT~ zjn39PJyf!UEkYP}#m5!^bC#QS0B=v=75<9(?qRc7&#~GNn^T>65ZKK`W^uk5BtSWZ zX=|K($YL$T;EUDmv66iaz#ob^r7xlXx6=QJY8%Ps4PJCNMa;>5Rie)qsMm0=RuL~_ z`pdh&G2nqOuK6C=WvfzK;$qqRdActX&uw~Aw#*G-5}A*{sMO6UjwNBI``4UdtoOfYP5b+Xik#ziQCK1NRPNKRyw7j@O<%hcUyI!Y?ZyU@R*0!;} z#C*4MCd%N*Xl5fp-6r8<;6(%B+;INxbd7y4iaGObA|uI$E-;O4)j!?e9g;=Lf!4vy z54u3!FJm#uu%=pPs^%(>)}f|4*sRG5(c(eTM@>4><=#p$N?~ZBf`+kQDO!+g{rP(l ztZFy6GRd21$})wfCmBw_{Nx9lW`!0m8nQ(APEVq_mv*&hN}6^Dxz{R!5o5~`$(W2P zO-+G#(S$BXbxfac@hc(5?3{c_d|yK--QtGGo}++-iiiBJL;bATR<#t(!Y?Qy-?(8k z#&4WvVf-c;V(&|EH?jBjn)rV)6W>T3s{0$J?p~)2`V!7N0Y!V}Q5NI{U>@S5fN5@z zSj6|n06qr|qETgZ4>>x(Lp5_{fo3w#!_x|-T~H`3gny^u;550;8_MUHa`QvEy13ks zIHi)B;Vee;_Cn4f1m0-S1z)JRyyHmznUu7Yfkj?$9eej9;~1C_oHD#$84> z?s5D-q9er8Ntp53JBFDa+Hn3M9t8GHO_ zUD~k(YopcJjBjGHIimHX)^Wj1n)16Q#^dAW>b20f{G39ZirgFmGmDqo}t(HVTL{zbwfz zlDP9f?v^Nv)n#Bx70_=|L&(fEntWCQ<@?{2K)L7kEgn9i>B&QoD7PX}diY|^@HvT+ z+XB8YDf=SzR7SK!$~WCDOti7!b!vL@iGH*;5T72k|5XskgsxfJ)eCPUlO-k=7|gkl zYfk>GA*e|}o{f2X=})WPVM z-lrc;{{rdA^g8o*WG@nYj0wmW5@>TavrY*_vv5Z`g|XeF#(7&^_}Ak7_@ye^+T-Uk`9fxgx@#W_@X1;csHQz`g#w(}Y zu6Is}fXQbelw6l)z2y`n25rPkLg~jwd%v5y#ADGt1i$b7%lXT4>R^0XEte=4y=sJx zzaw=y4@x&09kwx&KEH?Ix6cvUjsL?YF4B~Kf!575Ma+K~1+6FwBw-^)KmG4+j+}YU zpwoxsO6n{SBH~Y!?;=9{-^3rs5oRU)?8TlJ`Nv8fOCu%pWqu4P6c%6l)RNs;QvDutJpl&}}X$%Iu0-9XLo6Na;fsqCz;A$))Y zyCIpurjjYN@Kr|oVN;A{9B6yf%q&%x$NcvSusD}KnZ3vdkVCA;AD)b-XmE~J9)H~iw|(0BHE9|H<`lqud~T$-+7BV|0QT5 z&J)`Wbt{i!@_6B$NrmfQXL6VS7Hayn`u8)Ai7g{1%<>Yng>;`lz9M9YB ziOprRN1!inDDmtD8%wJ?5Z?@pJhbQlObX>L=OO6vwxVWT zT3WTPF?}7Bz9}|r7vvtcR(=wz+ixv;nJh{e@Y+8mSjF1po-QFAJ~F^s`C_AU?{+>V z(s43icZ0n@*JVAmKDqxSYw-g_a4kl1f3>w>z4D}c-6!1SmBe_K=5WnzejRcP$I;L0 z$~mnFO>@4HY28}c&WTcMK}?B~pCMbHK|%CD6<|%ko0mG^!dz8HD7oRFwer=_u-C0c zCn|B%yn`5qaKZ?g^&XKL3@)`xpUJh$c!;Wo3n-^a@(_j}wCFUj1BN=?86Uw`>b572 zhR?KP1{kr|xi=6-A@{el*lfp>BDAY=Gv*AcO8*T^zWGyiGbZj;+*@~daJ3vdAp*R? zMylKAUD3h4rdGRIwNj_mGMc1j8AvTV+<)yc#8L#>#W{Nz zo41Zj)e%-S-v3*vgIZgsPUO{e_}jRKM2Gc~`#K{@dOTXvxLn9+AxY*TR5|oA+}F_? zlvIXQvp?vqR6S`FsDr9Jr&Ls}H$8vQ>-oC%)`CmO$4J>PWH}?Y&H#<~fFYfZdX(Jm z^+K0@kBL{c52@OWM^cUD*wt96>U`DIQng7KKLi^IB|8s=q4Cs*=EI{2EAeGaIvXjURLVoe64zLe<9f#0HTPruSXONN& z`ZB2E6Kc|y+DF1Fy=2JwpYCac#3>jkR%#txoq3UH?E~sy!fy%C!Gtv;sHS^0hXga) zQvKY(F$ukcvSvHQ?4{g61@809HTa%M9_XF89z?{iIeZZHAo3jo-;n%Q#NdZY{c=#FTd25c#3BR$#;s zPTy2o(lG1;3!8MVkysy1ZeVV{ZW9&=X-^IPK0MWs)aj}z_&TxevC-Et@x4Gthlkya z*3IJ{+$?Kva4$qQNVRjpxRtt-Wlv^BF(I`{R?wg-cPG3R#A|h=*Kup?$XJPk43f z6I1gI6-O9F0W>1u!^ZZ@h|G<^GncBm5mBkh#lFW&)gC_~7W_NDwl`TVpCXlIwX5q- z{L#AS;%9a?ymS^|IG4V(mSRO%?vEandCps&vybAP5}36fxHU2FQVxwD;0+-(g2_oOo9B?Bw9&!F7+<;d$fxlWKk_K|!+(ORUH zt%OCLD?}G$)U1eEPY_J^UK)_+b6yfiWv^g_V=el*VoXi!2w5x80~#j`SKt@@nOOP; zOBY_~-LK{M`oz|CZK??{0W{2N7L<>mtyv)y_B zm8m7B`vBKIcll3g05?yuhv;<<#~@+VYI)lPb zF?)Qoxd0nm7`_rC5i3u!Qhl@qksi_eBDQY&QkKj^hA|@oTk7BJ=Od5w&Bs?0&#p{z ze_t#0DshCr0+TD``;d7;`PL|(w=pqX$xjc`Y_l8NLpRV3s6YkEJ(l5qNcchZ2%Si=@ zKbIJ&wm{;0P(h3hNskIH6cx;LrHq&z|Kzg+9&X&2lGYuYrf>2~k$4 z?MmgjMS0W>hMfq2^B!QijRvM*qF-!F%E_^Vcn(lI8=UKJ@^7XR=j|U&KO!LAjc>r+ zzyUXP*vPYUuooT~+Q*cG71l9ifNTt_?uD@{Jbr=Z$L!Z*?1E@5!WB6mxu@(96@4>X zlh5}Q`GhQ0^jAOM4ScT(1nRj=DlO*HkvZB=ZauILPgTNc)L9wfQOVBHr+7wx9Xq&~ z9Hd(f8+pD{3oX8_ttGes=TxJ1yF2A%p`VGa&1%^OS~_->LF?Pu^IKhEF>7|ZWwei- zeB%Xi81)*M{ZdejZ*m7w1bbrkpM{R7M+=ONmLF3bvuH1PHC@u#D65D$?V*KJa)+L2 z`n2SZ$q{Sqdb7s5v3(@lFg=>c5J-$|Oh0B`VM%i+?*;c8uWJw;;5cS`)UMzdO^y1a z<+ViLQ0IcB%ETuXH}S@8;?!B)IQlmt$(cXQR@air5T*~B)|`l9%46(leOsx7ylL-I zVTqn@>n^o+q-Ra(Ylb2!%g#{AT?j$c%pRBz+n_JA353}Dhfcie$*h#cDEmufFKKsZkB3dx=25|BuiyH8n2 zHh?LIB?H+*oj8b4IsD5G&~_Ix0;TrMM<`CF-b%2sVJAf71K}9Cz_Xw+hLnFGMU<@` zQ@yj$lPvHYa6jQ;XZ|kA<^Cv_2Q!~6N_Gk)iGT?e+C(y6XX4)X8pk14%-IRC-N@eI z>eG>6+y@C%^Grg!*;B4?sfY|wn5dY&I^8+2egwXq`E+)(G%TIX()Q>dW|W;38sKc{ zdUoPpv@qhW^Kt%Q*ii-ZogVDdu8TSife1uHCCo$a2q19sh+G#yXj zo{}qBO;lY{YOQ!*Uq7Cx^7munQ)R)6&F)h~BXArljelK6xQS8DrEe8@XAhhhctB@Q zBHT-CL;!Kt42Nr^gEv%6DPDIJtd{+2*}&}m5vYcG)TCC7kwva*!d4NoWzR(ZrMJ|n zhIMCVdjYp8KtGuq3HX9S&whr%#SBUuK$>RwMr78a3f7RQ_?E?-ujeUKXNE;YA$!pf z?HUwm_i!Hdvirt%?R>wRPhO_K*8VCo#O0)d7xwnGc;gY%HgRJN zdRnBg52eXV9j}7WouL9|QKP#zH6t~&bvA4OJ<2`a*9=~OW>B{gcp?~UE_NPS(Ol=% zQQ=AY-!|&AmLXm02LN69O#JLd#w8fYpYeXj-eNaChLqQ6f6!?EqtV`w>v9?&YqWQ< zsB5(GtPdnoul1hSAf?{oKIFyWgtRg(CxhPUtQbUR|zF>=oUX;3iN1?4E<()EXg zvkWDp#+zF~z`;;mC-){360=bpwhU=f{oU%_a(CA&FsbnzOY@WkE7@Ol-z6;1hFEC% z?8<5xPo;EF57-rFFl1Dks)p88s zi~w{g#+^vxOEkhA_$W2o+f(g^Xj%@CCUdcA;O7$V_=%?F?Mjwc;kAi)I+a6QJhZUE zcxHGVAf*6#NnuT%iAXTBlw=;YEm62{5QJTytxtcNBuyam1Af(Cp6u2hAFOV^f>Z_A zfg1--0@`Z1jEKT!rb)5hU4{uJ(Oz}KNN`G^-Y02JvYXn(WK^4)V~%nfa|4^r*9@hb zrBmg|V$3YwDcDAmC*P*h%(Dau(iw!toclIWW}~!4EBLP6tm@;(;H%wQF}c6dBK?r? zbgWM>%&Dt)__0#+OwQIWasoRO_fjVA7d;?CxoyI4f+RBEnME4+l^4y-{o?9l84XO| zf7l06?IbX2x0n>-7%kJu!nD1VX`8b}o$f|vpoI-DhFTe0l#(9|-CA2=0faRMpYC2A zHroHR7N5(`P<9l2++VVfp+1jWhN#0|vM&J^_eU?WWIxX5d5!kJJsudXd-+S$2=BP( zbLnb9MkrPzBtvlObkW_9j5s8^RD9 z+sH`J>;!JHR-h1FH}@O(C`6rSt*Dlo0c8Ty*H$?)G^upvYi_?tdU7SX*vi^!tr(YM zN}Kbw&|2EYI=Ou9l^(pt<%v9f>hM$Z2DPt9vS!{z0}vU8`6qj0va_NB|GR8<8^vk@ zWb29fFOr^#V=E%}SS#5H+dun3cBZ^o?#W3WIGMYnf;hHR3KbWzKbp5TgLjDBbXfuG zEJVl?fs#*51q`}!vS76zZv#0I`vLi`j@c<~Ge+z+%XlPnHP-waz#%pslHVffH8W6p zxaUE#yl*0jyKk#EN$m28=Gq9pJyb;cA~2Lz8l4Ixn`{yvZ{=I3Fj49_red=--ugVH z8%>i=%4j6+ARxoSk$uHH$MKGdWgelZX!@}s%QcRwNfB|@s0Hp(|Kn*lR+2S}f4O!+ zWT);^+?|Yc)tXlQeltvFZiWC5rQw{X`va0u`@QEpl{M>xG9Ge zGOx<2zz_JB5a=iT2?@K2J=5kT+e9564t*-`1vHrlh;&bbSo4{$R4smr?6XWLkGn?` zl>Jk3jaVOkf;3AeJ0sc;avsnacQfR73}*~+uVc8;J}tRMgbSNs$ip7+1(C}Prz*px zaUGy58V_+&Dt%gsoIv3r2U71mVu)FK=gJQc0VHwjcES>nyf)DggohH3DcbKrD~5Ki$B+>eZOb# zZlp)Ii&0`~u(ub^!1*Yk{dxVi^N5OoeXxUcL2B=;`rzKtMvpb8KH|*5>&V_n@MFPI zwy?CdM<<=8lS2Vm3>zS6#WGD3rJ$BG9+G-R-~Z64^3x;E5A#dlOZh z%*0xOEMhMk|%zKwc?oC_E@^S^=VmjU)^4Y69MC!zGCJcEb+@iP8o3K;w3iX z{k~Y$zWC|Zii?8knXxV8shj+Q$s$wc(wQIDZp)TB{a%oHUx|IRj)NYLIMA1lN7uj4 z-ssMx>tT95%ybVC- zoMqRFl(^s#|46$Di5*d9AHl(Yydrc5RfgR+LS7N^|2d6<)KTn4NP(j!i0XLj`(h|`|)l6%2s2v%IOlSo+_Yz&le%m=5BGq7}= z#hqGA@NY)xfivM8=ci|%T56o)yEnoWGz}~u-&(=T1dGblVI$*#YfvP3H@n~Mw^@xn zS&hYFsJo>`+2A+!L(^F8TRpr<Rb2;wS5Ze%oX7~4v)Rr#Qs~c!?kBJ{ZA4NhjZFFIS(IIXH(v? z!*l!#utRNfi|ZZ&&?n%2IdiV5p!-RWNGQuGBwXEJ>Hdo~9KE3t(uL>C3a0Xn<4gL6 z7B2WXjR;}w%d1etD_1GbE%$nB%`@t)xwnH8cyfO)aG4i4+jQS5)dASjv%fSIIONE@ zHAx`4_$55lg{OubZeU)#RG(04cmIXjyzH149>AGe=K|pneBii-X8(n)%px>~2@kam zra9)Q*N?v}_B1s%Lt_n6)Rp&aWEy${X`|44k>>YY6$QVt_t29_eX<{qij+m^y<$8J zTRq$t#OahoWAeTr9SYz4r9d%^Ot3m%D?&5)PgiaeAG1fkbai z0K45mX#Wy-5Z21Q#+MV*bX&e!;_GoDRM#IQEf~ajw>qcCg(Okp+SgRR|y5xDpq9X58>}5|7V232M_h~rU2Y_rhB1ew6%!Qe?LM&m9s5YYy%Ogz-ez_~TMY4ao z*De+!2o6ur{u9X#ikIxrh@vbP zpWuW)F;d1i@ugQ8Zsl?rj_zzMiE>P%u`V<7*U33A1>#%*v34p0z>^7{!&I)(HUW+H zpR^v!nmbV*C!7{#Pa(CZK#?ly5ihj@NPPtlZ-?32#)mO{ag!u}8n{6g5zO>^*a>To zI4d;(!_M@Z&`0NRFoSO%sdBB94Qe9J(Hsbvfo@d$+#Q+H@b^AkdGl*4vUh_n%?F<# zk(ndvAL@mCXeUscE=7=tpo@B}g)w8lA-hjGoe-6hF3OzCCKXfXGOi^KQhdXveW9Cl z#@;NyLu>Xxbhv_cI~&ZtdG;ImEa}M=Ga}AeoGgJ4x%*${iE)fn%SFRfTYg&?rxQZmjcXZnGk#zYh zwQ}Y&q!lN=9#w3M-xzgLq68sh6av(XByo;gT)Ub1w5w^%5haN#YsKs%f^|E&aKv|g z;AW4uHzha8r@z&(Df1fTd+G5I1Y#aokMcsLPJ>u1}-g+A# z#^7Xl5@c>avzlKd(U+3j&>g5}KXC8#>MTz_Q=hF;DJ@?oQHb02%O`wWD=Snb zy_$HUTT)Xr@6eR9^G&HToW9 z5~eyzCO1xH^1$uZz2e}_2XxDX)$*kGPH9$44}Oye;#O)Gfo-%ekU7AQDAUJ6^Ya0X zAp1l6`S9S~;kw<{{T-DZ)`||B+hGedID2pr{q^5Fu9iFFMGf4;aaT1yw>D)fnm5a# zGNmSt!l*KFWb-w{&8lW|w$z?D+_*X{R`x-_g2H|^`+v-$DS4nG{@vt(;}Uf&J+MDc zEOmbh_uadpG=5r#Tb0}uOtzP1&-MF{?u2NlFVy_@JZ9UBOmApJ^JeyY0@=I$($#UI z!*fW|R_`@@S;Sd59872ms&sxdlGkiMyty_J?fmdrP#9_M=u)3-o7+D!ZCmYLYsHw_ zx=yV}aHsXkY_8A!Fk4lqOoz;q^THzag&S88uPylNshBoF zhA7VSC}{}_!RT%_WDg>;oH)F6Qx@N;UU24EDO>nZ+yIc4iLh1%kbD9k-3%8X zvQpbwTkATWw|Hir;in)vO_J}QL!S0F`DqTtD-u>urXH4-N22Ym+phET*)uWRngygn z{_)&SGehsmb(OVyN0+cJlIOg2)sedAXYMIzi1VUrzAA4DH*QmLQnAnd`8uQ)d%fZF z*uqIBY91|t#7ec&4{#LN!6h{aNiU;T`X6DmVWrj+2ueHM{)n91b)1)p-j^n1WT4Rs zA4C~XVm3k!xu>qkuRpAopHrr1lzTsKQRgAE1Ge`(-2J!AC!}f4%Ynqag$=Ka84y2q z%)msv?O4bl+h3I}V}~}h2G9c8DQ$y9X^tao7}(9G@?SlKY^Y}i6FU+$Z%8Vn%(1#Jarew~_f3qet z^nzc(fhgr8+M52iW`84zNDaYOwb`!dLX>1_I49tSRxu`M^fWfLf_BHD%`AHFxJ(Yk zE($GdL<|_!^Qc6{sPIui#5t+E>pq$J9@?^818%3@iVq95#)kA#-cW0JNY7|GK7@7C zY^EeOIyXWEAL?zc1dW)@>iv{N6|q3g`&G z1IBs6ueKG~8)*_^oK_h}#GJPMhR80eN7pKkbljNAIlTMCuLxO2h|^Tbhn?EQd;Q*x zLG8P2q6qu(&j_*CC1S}p55ng;=46G}h0r=FR%Gw0B3YmQ!vq|*<+uzl=+6_}n7(O< zFRN$%$#?S2L&;6SFP7CsoTnS7L?*WMh__#7g}030)pyZScRvIqm6sCIH&zSYiD^Qo zJDO=)&?tf)jHaI)vYl7X|Nm`^pY%NnKz-Xzdp_?3ASFP0=)_ zwkcTw&IUTMU>bfHm{)ub%xk;BoXV>U#Jaq_TBEHTfD0|MAMR3XoYp-e3T{tlQjASo z)>Fjbq?9jg4;4Q+l3aUJq8F~{*ciV=`)W-B&apk4n~Um0Ys(4PyROna6TMl6CGQ*> z zM=+NW>gflz0_N%vKcTibB$J&)QCHUBr*PojLKVLa1Zo0_%lw{lDyb4TrfW2A(S|FRdp(GQJk6l& zLu1Y9YiErJpCrq8u+QrzD2x$wFB)Z1?{tq+u4x9Q#%Uxp=!pc^W8v!)fz>jMw6HJt z{IdkAA&o}o4?~*3LNuM)z=KeuDrtWDQGNM*jW1EYE%1~;XFWEEIp$CDO$RZ_|tY)`jw>fA+kG7-Ip_AFlm_TKM{^h z^<3GjuE3ui)hE}e&nRQceK@_FmJ&#@^poYPBHP1Hs&OZ^Y-fELb!b9$f6W;gL-AoJ zEwT+4d`BX0oj<3j$PZA1aujlX==0&xTl+_gxnuJ z#@=BO&4)=FY8wTT+>aka(RDS_n!0-kT|(-6zAQC1asl^grT(f?J8Q%+fB=Ye$~Q-h zI-=EY&j0Xj$WqSu4FhqiQHR&8m2Yc5H$7`;v)Ru(Us3GVt*z(9Jsw(Q|3~!U1@!a+ zgh;a`?tW^(T~l2Mc$WZAhRWDT+cf2gSH7g-X8ZG#ztWUxr1HB&9hT7naB`)-EY}3k zl{uXZZkkbXn8b;0@CGvq()%eOY&WzACz>MZ z2kJ@1Zrzgy%@UyH9fPBWq5g0(T18~krdaxqN{I;2#FoGjvBBC24~CMj=R^$X&fj(K zq=+2L=EM%O29+(NGiA8F{lU<_&+L?N7j|xrM5p27V9rSQSD+MO`fw<|?n7|}w3+-n z#eW8C4)1hK?%;a1Oud32Zm)GIqtl$GR;Sb%oKk0oNe%Q~Yj~|uy)Zo6B}4`s&A-&BZbj*srEYuuKk^QAU$^WOQOO4 zAMb++VDZoB4R^a>|z~(nwjXpWN37jruN6 z<*81**sS+=V5#SR_!qBDUlZJ3ee7zwWn@xQ2b$&>fIip*U%)>= zVZ?b{Lrhw(qGakMcd?&LmZ2mQ<$f-iI?%nrPxe!j43>6yQR-PY?5FYf;!Q^t_0lnZ z^kj-~rr@}ZewtFxT<7&wcgH?1B)WtAjy9Qfu9mMRV0G^+P26 zxapeL{UqKP%HyfH^#(~l^pmxlq4pn<^nE|sgI=;ck_L36+#u;ZlPvxNmh1*WMeznf zCwuXi0kCy%t@x+cv5=v`f&B&)yd+!F%zvkU=R`Fc-Phg!}M4g5RYhy7_t{kFoBf+%h zVwQlX0g@T-P9r+kOY6gq8Nv$(4L?RpQQQURHYGmf_6jdNlfIz&;5pj))|S-O36$$%0~Kd3V~C|Bwjw=ITzLNItG62?liW_G}PisfTxIV zDcN5$;a#1pj9`yW<954MizKJKk=rCgSAD^#vLe>RVlDVnwTS0=z)C2^98FA|c(x4m=hU3^NvGmq8gPo zdpFI}8rn@$V!oXwV73BSbT{$z+xbneEN$Me9Y|U3)qiAj%K5X_IQML$aT7-kC4bJp3t`H2k-y%N& z%go1QKD?FDcUiZouheF37bP)JXqm9RAQ~HuR!Fh ziBxs*sGi=@QOSvP9CoNY$dA_Dzdp3E0zTH>8p4@zkJjrpw}y`3lEL!U5ZOevpNbt?&iE}bqoExX`f8r%FEwM~je~SwCamZ$y$9uBB z_S0LfzaW)+4F#bi8j>Fc6^Ua$4q3O3ubytbRDK3(A-?8~uMQ>0m+j9J@&@vVvX0IN z==Kj0@=BiQRXJ;Jx|xX`Zz;)7f^iFu!NLc7$|f!s;v%QloQ5Y8!zkmF(6I4k*%NCw zXOBhez5@D7wSz;A9BZ*oouWO|%vwJ0s~!)*d^XYN3)>&=ned9kC$)O)q(bu5{#kx< z;2@frMC0tAYiGEx``T~3cKw4Vt}Eho+>{YXep)g6 zIe6xeH|II3CZN?}b$Q$GG-kK`S~9q1fdXs%LKVkR#cT04mMF`_O>d+Io^pA20k6mo zOgD4bq`i~__Ius^lql<}&W6|NG>CrAGItQ^oQBu4KP@!d>@zpNhs?k%_dF(YW>=mg zEal_AQeeRTeo6rs)uQY7ziJNhv~;TZ_QMju!uFamJYx3a64zqs$0w;D(rdIVbDsnr zq(`Psf*z32!&0mkja#a{GgZ&0ptM>v5&1b;GIhrw!zrt3jtr)V6#gdeAuVeWmF3<_ z@lZOHI_u;-yk6f-bk5l?ak^(D-Ov>twg+D|b9;IP19~8PULL|qgE20%^B~r$J8f2$ z?jL?7T*j-yb-$8q7C)jpdvuz)gx43tiks(7#-srOC#AcW1owU5DCRA-8;4;5_^`NZ z*tw({yMunAHBx?}E0Mi>NSlco9;_IISmyx`uLm0JJ?KU*$r%KPF21DpHPkehxG(Pk zBhU^A$T#L|fb37dqv-XuDxEl$?hYdWL~)(Wdu(14!uEYbR@!js(4uE_kDC6T{!HXi zBrm!jF=!7bq2znBLiWpSoiAnZP)M0yNRdiBnqFiStg&>PCSAk8)8_JxNV>i!JNSl? zGtb1V@FAIAYr;coNsKNdA-03tFd9zAPqo^@JZeMIH$Li(w_ACN4VtO{jE$nT{_}XO zEtj|$rE7IUjdNjWX1Vbp{qPO6TMHhpM|La8%n=-W$}$Xafvs4PEXN>;Dlr%I3E6Ws zD!oah)l4GgnnOI`JFJy}b?I_vA`{8QOeAkIk!<0?MAFVg(ynO*-$hItA?G_~_^1S! z_X$~I92NCw<@#K#Y&4}bYzZx#P~O_`43DzbhG*G8T$cEr#A(gy?vuYLl0g!9#`?hh z%1zoAj5h%25-xgXMbqd^7}(%kSO!CAiwiys->Z0Y~KvxSj$qXre4}^gp6<^vsOJ(IraG zDyGY;=;i`lnq>+@BJar4DZkav&8o#MJ)XgsKgjwsjl^hrp+xs+^SVbxUyMm^`&o*x zcJ7A5B>2MM{QmIJb&7kqy0i7KICm2|FNx${!g5J#Kmm?tzHjBv*5h`5lYtr>J5PBcsU{{t^(~T zZBP_83v-xBQ4n!ixEVvas1@EgF+F=|J;fZUVzyEY#cpy>P(l8}D5H@nH5aGc-*tO} zPrSc#oeQ$wJxzk#y8?Wo9Xo^a%^l!+ujXCIW5+~BS`+Q?8I=?5o@aFDdeQ{P&OkP9 zeawF!&bz_2)AR>F*HD#K15wf%m%&sWKdv=iTHiXkGz1UVjXK-nEWl@%j&pAXZM3Cw z9c{rtQ((K78b-}&`7WzP0zL8j*<~%nk1+9;@zYP-b;_%?nerav$35=lySzB=pkWZ+ z^~X{pKRrmy;|<*Z6!Y+g+Sd%@4z*DPdm{RUi8FXNaXqG7w1g&yF3%;};oQu#A$WJ_ z5_e$MBO7l!TuLbW=VoT76WqDHW+x&#TtPFu#n>piXmv;xwDn>O$o=VmNxQf=`z=zP zb$F^6k$;hdtH`GIf6&(Q(TI6RW(2o=ROuV2n1wU?P; zd(8P(r4iH`5s~hQIY)sJt|lK;_hP(vlndjN>xMVhy}>5&w`5U%8RiBE^47|kCG5DC zBzm>H##Kw5!CSy;_8Z!SO`M*5J~%yO&n#(luBuU?Cqf z+E@}YBcs0NRGzL96fvbw^?IW(@GkhycoS{IvY0sxhToi( z0wUS|S)>lPe+yVm1ja24pTRbJ#khrKXJDTkT-dOc2QDkSc$BiaUdAZy(y)a`7?(iq z3TQf3n&<*HTCl7neu8oA#*+QBwHng>5Akq+0{u-NN4rYc`<^}yj#8p#RcjT|&oqmI zH%-hpjT5QH{l)Oc(brd6^EXRj$DAFrhnuEpiSZ>A9COB3>aajV%)#O8SU z8RzBiawF?0x-QSS8ab!l{qBQIj~u5UoJ$|htBl$cDkX<;C{Y8h*zhLeoU0W^#gxn> zGWi~BGyo$04V8B1lnfnm_*62fQ5OO}%euyZq5~ChQC5730m)BKzGE;OU8@IwHdw}% z8lPKkXAmA{wbJ~l&O665&7bQ0dVF^?>cBwY4qTqf*a0<(XGV0cHqAb8D7#-^Dt=fx_R8_Zh068vS4}5bwjTNW2d!fOGo9?3?=3 z#Pk)jukBMk-9Cm-iW+zlygxcaW=&;>R@Sa(WKpnF|II=+?`h9K-cw ztl!F?A$9ghUUsm9C93s$nt;C)%Hd-X>ACvV-092bbz}2&6f4v4Vt$B4)>O^!7?nrt z9%jqLy1d=J>t_tHIa-t>l>Y4Poj|`j^0e%GkA|VODlQsC7IV*(geMQa^tae z-sfI5$DD6(+gQ_lLg0vMn#Ev-jUMdVSc*SJCR`yc$A$)sh#(j z5UL5~?pdmOoNq@m-(zvCmvCLyYPp&Z?uU-74c0IPsz0bLlzWMLqa&Gfm9leum{0|~ zZ{s9T&*w<1=dBkU@(w`UJBqcCFPL;TwUe!Su*n(;c+aW%B37KB{pwtX>u^+bWRl{a zQoR}3`nGJIb(6gX3k#9` zoZ90f8M!Y-9cS(U=ZMOLo`*2xF%*Kt*G?8V7@B-)0S(^rXl7ZYd7Ur^*q-O=OBJ1- z&{MORPf-h-lp>n`jumR10MV^5WcCvUVs(e7j-75Rl+kq5f4#C{}bq^t?%fCPipf%L|P4yRd z(83v&^>@b^bw^5^GLsc$52D|-=LUV39;_oMUi~$ z)W_nxsEUtA%*QqKK`5QN?+vUl(16c>7s&Z;%76Do+~j+P|DAl3>Qw#xx8++S&8*P3 zl=AZQn*0>=@7Kr*nW1|(hF4Bx#@>#Sd`eHWwlA1!r4AjEA=yuwfDt0A2B5V7p;~g2 zMiv#|r&(1)3a$+_+i+f@%!mr=Za(-m(XWoa5=|PlJhL*HWMvW@`TrXW_)`DC*n0p(atjYB+BoUWZFU_63m! zd+t=L5g-dkT&W~H{_YHx47D0>rcs%_%2Uai+$p09PKnw4C;hbkak`2-RSfs;I19EprU zO;b%xwbp{AfK}8^UG)CBhRy#|A*_Ia#)LDX}^PWdbJcfigKwC!wQy^Y#4jC5DyiUcc z0P^7AO=AOyG`Qe5nehTdRng?!NrA-a?ho#jFz0Q&{)PCps!*)`A|iw-)flzEJxPdi zF7edLt%T_$(gjm#d@GgPt+RpK?@wE&O=#QPh+s~9HR;_`nCP8%bc&Uj3ialwT>UI{ zTg_nl06{75$7!GYvj>fawnb2@@~63;O#mIqw{ldIqfkaXgJ(dK?5=^{bNuyrdVZ%H zG*6^xBBx3SsLqaH0dQQVP&Q7-RNX~|{J&9`_!OmV_bJhy+y=4 zn_WNwkzGU4MI+nq4*V$Dt>;h_kKx{fjd=q@1f`oXRmfz>N>grO&(>2> znWn%NXo>@d+22eB6wS9$r?)fA(2wOdr zI)v#O_DAyBp8&vID0jh`ATQo)ZApzuV((xHVsz2P=g|!nATk8pBW=GQQO~TSsG(Gp zr~YmcJNp{|JM(bBJlw3Hx$b|{(8IvUrtiC(BNq9;Tk*U*42nu0`v3mdm(JJUT=HqH z`oAnsUk3MPdHNRia%Oq@F?*|rEl;-)Q&_A1iu8q#Cd?kZkIyYmwF9{RKC?JQt<}9a z{Tr0;J_Op_JD4FlK^FtZ`OPE{=Pynd%;4Q$oQ84}%-P#5Xzw_iuk~ooU1L7XdNk)w zzCz>2_W{6)Gw1&3D2*F)qFsfDa^Cs+wOxJqaK01CtWhX0X5A@v)nMPsy0f}4MxX=M zouvG+Qg%*=)F^A`gsFVeyLaFpdtMD!snzYXTD}7vxX<4sRnLThnTz=HEfJ*Y)ch?r zqE~^oudkvPwDMW|THV05YRX+ToF6OP5wa&lsB~(k7iD-8jUdka%Ls83BK3UKzLu%h zrzgu3Fn2Oj`wJ>yu`E9&nsfdoxqq;A&o1x#KJ#5>C9h*{5)2QLTF+}X=GpglDpV_* zh{>c>KC-hZ^Xn?3`JlkG?!5|HrGj0iK-LBiP$1ts{O@EE3Cd`F^4DZYA=o6=N7gQ<>eYYYM~NQ#W?l;UvyqV}L;}S4{bTHLwnUO|a+w}h zAztBD%W**H(J){k@Us3plOUl;0g>cp`im=*%Vxfp=JC0jctO2?T^^qY{E)j$V;3}03WIOSCNi#?p@xd?3zCzD zV935OlDS761ss!@_s`Z#Juj#8;z`mM3y#hOc}ZF=6Ud-N>?>D)laZ|_jHI^D$<~Iu zSSx#Q``QS@A%QdpTOEIH2z*?p4TLbe==7KH5g=6gc+SOTN=cM!63 z?x_(^&iyy=%kyH+{UO4EB;UWQMZl@yT!8Zi?h>cT`R=rr$f5*$$(Ou`cKrC-z=I?j zbN0ZH{m3%CEb)YPgHd~lM7_*KUT-wzd*e*16bM7uh|}}L4f$S~MvPx6Vj|gsZA*b` z)qSQjIx@2A6V~8KXAt5wfS5q$ zOtU)X5Ed56UXI%Z2FO=|#;0c<TV9_E4!z~IxVfr4{U`YX&hpx^hX^q8E_S6V zZV$yVD}3VP;z=}p%JwzxM)2zWRH!4NkegXX<~%Mu4&abst>RYyoF8TVa8!Ot-0o*x zt~$1b?9201k~bbaY{hN=a63R0aT5y5O)~55?;F$>*o--7V`6JWmU2$u3$i(P#3_JT z=hy3F^K+9yA&r7xv>mF=RkY*m{kNh1sRjgmc@De}lA-il--g^<6nA}NOG z;GDvWq=ahVLEI0aN=r>9Ei+ga8+81cT@kSPp~i&x~D77>ehdjLT*YF{`!S3g4%^kHibaXfN}dlauZyv0V&eT~jF{g}Oo zf_nclFYO;7{c3NeVL|-v!g(wRhLI%ui^GzL6NK8{;n%&MBq9wh2z-hD!n{NecZLkU zT%ynC3FR(4Q)`bjcr^L5Tzw6KHBY%G7NdjCX5;g{Mp@ zQl}+eQZIS#>54Ni^D}?vu*?Q+^S>;!HmW~$w{R7ms$?e*u#>_ARSJ9VP~|EFnSSYi zSdam%NW??pU!rw_#jy#U3(nu?(? z4INNagfs~QSzz!q11rkASioTmVmcv@WR0Rff)QMps6|$Flc2JOHMHYVK$vCit4hMo zvQ{2Wljz-C-MQ0UL)nm>kZOjQdnybsc{f7@(lWU2G`nsZDMsrfXAx?{p6_S@jhTi? z6t523Ug3=|*{v!+W_!R4ZD_ap7=U872aIiiQ5hQ%W~OtG0%ZqgacB2=l}=!++2tP4 zS*qRdY@aq&Y?sbdKk^9}pR_pLcVLzu3J62yy&{^bI(NOG|J@N;a<-G%O33)bS?m4;UK$+&DI0$++CjSTPQ}@HnSa9 zS(zcOR+J_FYFZ%M0a}p#d!B$Uk!uZOBUqrHWZNW|Yar1p*>;6qtd_<6VmZFu6ZfB! z4B$ATk*L!nQrE2HvoBBdaxUFf_d{iwSDwYbW>>`di=x<>R$$b=0239ijp&Vsv8dfU z#9rO7F0_o5cj7r_Ga=>m<1DEiWfzjD9{W=S#d%e_hGsk&D`Li~h0Zo-f0!+@@2e62 z4{7fLUsZAS{U?M#0)!J4Fj~~8Sivi()TDssm<0Bb1ZnX?ThUk)eY~_(&Jp^^<;0Un zcD6_HQ42n;m0J7M$6ln56%Ii|xJd9)Me9>hRPeq}PpxPb@y2<-znOhb62$laem;Lb z8Sd|`4|-8YL8Vj|rTOi};#knt;!r0t6tVn!qIB_5 zdcS1`2~QzHURd$9@PU6hC*iaPf~j>N)%}HkMJB_PQYW!sbpKf19K>)e=;YifWh?vO z#ClWNvC=u+OAYVX9qm>ezBqO;=Je&PQ`lyz7Fr6RC1?(uicx6i$vMh`l6Q0JR3)da zp@qbD`-@pA$TeVWyAq3bo0?86+FKC%C0%24d7zJ2rSAV;owL&4gzfpZ5D+SEn#$~s zn$ zNmmf028lIfa;4sJ2RRNGLmg`47^IpYTot6bVR&^B+Ypt6hgR1XhE`9te&%NsVYr1i z`g#4iaxdbpb_`8-#Yq`jGp}@xd;P)QykhtIp`q0?1_N0aT0MJ6xb%g3_rFFdkHlkL zJh)$s{SF}?9u1XlKt_ZoG%}%^DG;x*pu_A+KBvo->lM`eMNOCtmKyHDj?6F$HWxev z>C=d>_YCqx*S|O&a>K~A1Toxkgo?X!-|**^aJHp-7x$48EQajn$u^TE-T1hod6&R* zyhDXr|3itBE49`zZbu>|0ZuGj|CYE5Jsr63)nr$Uh z2X6gb+JdsqX^5j1(C9_{Q2+*Hh1T4xjOI+ZS*!`Q9zzrt%Ed{>+_XPmEajE)aJ)_j zh_p^w25Ear;#)4?W*_$`)6g1oos+yBmSP1gMrY38JPGA{F4X!m5Ob;%%G#<0cmp=& z?8@NAA+)rEcv7jXI{(1&sS}}rHhos`xr!dZC-+#TOW@V7=;zcx5a(xT^G_cyOd~x<9>`*c% zAux`;Gbb<}Apc;mi)Dra{}yzj;7%&~9w)>1BIORCTNxi2i%b0I4HAW#N<@z}ddX}4 z;6qd&=+}S$k>YmxhXa!Wx!LW>k4(9F-<}3}U%;{j)7(A&d5kj*<))6Lj<(*bY?Eajx91w#Cj{QM_M0_ko#P`YB$`5E-<%-MikdLR(d=Whi>=T+^L`Et;! zOVq(f<7-Fa&qLsOlTNKaYwNEAL5$J&CR|?&KB2 z!p%nLhQr*Rr~~jF%W~x}B(_7F@8Q(HMC7p$*)f9eU{Ug2fA7&8Xxx$BL9F8%9~mGO z{@$mb#_cfo9A(R`EA>#zN&w91^NR$@txVg%iP%zQ>a^E(zWg>aGqP19RX+53g`#fU zz|-B7_&m%te91`zAsI{RXOcP$PB-z-`!T0Oyg!Py;SKMV)EE8Hh^XpUudmD>C%X>j zCZ`sLtN$|ZTe(BM{bDD=fz)k%IIt3O!l@I4_h`~|pbg{Al=)^J)iDJ3pcoZNu2#+* z=F(A6_vJcWjr*lP`*fBk$NW;1WH_T{NgDHNy=&eYi~hJj%$z4JSo{4VdCpR|Q=N=B9G-=I>PK~|zc*J&`y{$f-d08XO~!7&KiHtdHkP{)%~ z%)^Iipjym%o3rO%%TZB9;{@8>;QaLsC-EeAM2yJ%kQ_gxHS{XsH73U&s1|S{-6sj#lR$MrcV}|&D$w0H`N`G;@GWIBjpELy@5r*tp8Uev2^MlMb&ml z&f-y>tsutf^>=Z6&B~>}@MO(0Ugq2@^*ae8m_z4} zKu&dWV)fVlyuk{HUV!uCC`S>?2Ib4y4+aME>JmnCe;y0!;ZBOALxfiaS(_Rx#2DP( zs1QjUG^@o8;pCD+EqXo?z4n~;TgF~R{5fqyPKzL8 zq^NkeDn<4Q*E~6glzldlEnKoqIOajjxk;M_|K4&d)28&G8<%Y#S?%s?`-MT6%O1bw z6H>x={p*~N#7XR9CZ@XV+VV%IPaTDkd9@vHYtu_Ma>Gi_volN zPXRkcv2#$x)DO8TI-il3G7DH2QjH9ulI|m^5seh@u}^|!ONsyV94n8%K>Db$kLLt3 zr_JxqVT%q9H!mDz=O5()sKw9(E#_9SCC8pXZw-65Nk~LPiBCtYl~9d_(xvE~so}gQ zJ{=xCGLMxdk{09bwL9+9e)W%&SiwMJ(a3ap4q=t)RZzXo>TNs!GgM zBK-{_xfD>AWya+O8msCmIkS*`RK2zL=ZsbV>Tvcp)s;NhSHF1u^L5+^Y@FprS)O{= ze_|@^($%*Ka_M2p{jjnic73jP6Q&Ifx&E?vN~9IWX2#bx2_$-+e9k-w{{EPdaU-Z9 z*)=(u{hf}>fl@|8z5$nh2bYwIDm1ZHutTmdi?0< zF06bSMEWe?>6r_Dvm0FVG&fidQCo2DQYQ5+*--19XzA$+0!<47-Ls&}%|P}J0vENHCBrMlV%w<;+RA+%S=`j7Iaa;}^tlrDWnfZOm-)1sfz4jDOikrxlD+!s1Qm%9gUP9(hv)IBMy%m8H<9?WyQE^aGve*e$Z#&m%ZOO+(rE;&oxY*U&&74!Y-WU~^2nKzL8 z=To74T0i3#rQqY1obqFog112!PAvg%`W?mt0AA<|P-g(P3E**Ui1)O;{1D0zo&Ga% zBJ6w!kromgaa_Sz4PCvo_@iJ1eoJP;^41-TFGC7QdWXF=>dDpHL+5Od6s<80*)#gF z%+u~>U`;%x(YzpbYLH^g_T0)sp&1R>TW0wx7(5`*2nLbuzLp+o3zcOv(yDx>)K{89 zadTyX?m=#~sEwWef6Zc=!6>MY zOjzvD`Lz96maD`61Wk~%+rNgSO3u}t99htF;a62H}Afxpg@&70i zhT{zk{?bxZIhxx@lkl%c8B9Nl4MU!$UL{qVSVpM^D>bO*hb-BYqyNM zJ}aL;$bGW;4M~dFAq2i=0}pL}y`WNE1tpGD;(hv3?3W?W>6^Qyf2WH2Cu*w$?Xzdb zeKS*(^zk-bdEazz0~b#HT*WH10Pm}oHT-q8eKy|VU#neCghlK^p{!GK0#NQ15 z1|wT*_%qWOv$yVemz1zU7Y7H6o|>p=g<^=m@dsw-*M<*fhwLhED)-GzW3I>&5)KT> zk5{%;XRv-`R^16z`aCvPkl4tuaBRif#UyX4!)uKVt>ING6dBWy4)K$)(u{a&2eLL175tTZ4w>dqCSF9#%}qz z!T*Grei}%^G^%JB%RH8i*27(<#RgKBo4~+~hi@BeVEsdPQpeqr22AxhWFGAF>w*CM zsF*|QINy>fLbk?8_vnDcjVyD2ht>N+LKboxR+%=lZAA{DxE<5@38x04Z~3=T5h;3k zHt#{pbaedneuyiyTwwYHW$*6H&KS!Y!V4TpPnJEuxDQU-ICR)6^I(1&+n2%|MOt#X zlhn)xe#WD-N`$;ZQ|+!*r7)T6Iv^25?KeZl^p87CXsrxtFOuozxfe^id#yv#4lQJrdM1<`Nw<|{<*7CY5){g1y-nbFga$_2co z09K=Xp4cHst+$TN#Phl;$JnEdV$(o(DRwlc%Rz*+u*MBcqVv@W1Z*T-P#*rHX<*z1c+!H#L+PF1S zy0!#TIiv7|Gy7AgXwlY)``A^GQ1AZcVjegGNJZR7=8C99=U!93Gu)@N$av2OQo~|r z(KKYVWSg60QAd)WaB7oSUrAo+8%gaxr9Gn8FOe8%RR$5aRaninVdGWcz;rt7J)(>Y zUt`+6)vT?U>L?Mjw6w=Xis8amOB*G(Sa=90%dG>$h4(137sgILRsY#?Rp~$ZpwUS8 zYmX0xqxk<_)mF>t@*qr|xvdr-jyK1F39WH1nd43^^=iKF))t4`TWL!~&{m7* zhMRM0F&CQMx{^fsD*`be>$B_E=zfsh7F2RLVK9_YEy@VX`+-f&x7*P-qS;o&ZfKfZSy&6D6>y( z3~J(_?v9&Iz*~FUb|Ft*@XxkE?eUj*Z#$>3b2u?;;f^}2FL&iu>t?q(PGIO(4UX}Y zQud1-%=Snx1J6I6Ps_KrfT~BF;+?+Mq*UxkNnu_Yj6{2V!G&| zxg7!)wVR&FYji9d#&HrbXBN&4@33!ryJ#-`u(PB_Xm@6}Wd_;O5e%o~Hl#c+?Z-V4 zTHQYsT0LxN)wcO(R&AXBJv;~}J{`EwAJ@etoC8CvFB~}Lxxx)8<NmsG_khVUa9pE#6JJ5m_^duCL&t9qkJg9A>y6myx> zlEa8Ehz$ZZfSR?*82@BiQUxGS|2sbtu*RApapP!?MZ(*${+kzwr8idjH(h96X4<`g znTFFhHrcOp^_4fwn8;UNR_Cs14ZC}^+Ps8ep8nA?glDjA=^0BM?XiW>XgbGHZfgbA z?Z5V2oRDbH9@k}zn<9BZ^qc;Dy;AlwfjU`fv3phiuZS+}Vhek;T1#?B5f@w~ z>xzcB^-r%=2+oEmQj?^~+mys@+?M{5;4rt)RdoIu2#WLN|Ms?(=B0S8P_#`O&^B#g+q9Bg($ZW~q=HF0d9eF( zT2nVuzB4c?xSVC)lPF8{u*9cjp<5n<9f=Jeh26%>RpU^d!Gndp@yc5%l2yWoP|vNE zg|V{h_7~INi|Vm;Hih$UZv$}5#v8a>WypLi#oqT9DaBxD%(ch{Qm95&l3|}@6E1i< zbhG9ZCtmPEy|<_-T>WBQXv$}-OiM5>sS7!KMSQ6BKCp!o*&(5uN`S^4Z#a3;N9-#a zzPh)IuUI2Ymw|9(_63)>-)-1Bvb_Cn!`F+;3)}BDjJ>$LU;EvLJr|c3wcl-6dvSUH z_PY&lFD@@`zxzRuwOw33p#ARuwr>O5?^Zs9m9*deKlZJ({q8^6w?XZ$vTtiBA1o4- zy;C$DMFryvydZt*|2x{aG4OY9K;rA(ujpj4=|XI$%+;znHXX+{FFk1S=)A3tz`lVA zGe(Uu4qU(Q$HY~6y=oni8$B`?VDMb|Yof7t9aHA1!L<~0?W^)k>>x_4;Bz0bp zvw~=>Tq51|O@s#<+?*D!A5C$j;C^M_JusD)VyAZPt&o`?1N#}$IhLNhpB%an)ppFL z0M=R-b{jKK<%YB7K!V|Vhm;&j?jytwBXM4cg%XqS3<47B}UnoDErZT z~EAXw=vur zCx?VN&s`7=k9*!-wi!9r`ow}E)om+z3$>n)(q}Gb7Ol2*;Gu3v#BF5%KfVGOi2!Fs z`T^EL-Mdz?j^-x+%x}Q|6mf)^RTjU?EOc+v}x<8m+QD$L;Bn-q-Fj8nZXbVF#<=SPJ4{jY=-JOZ2C%4 z{6y4p{I$L*-C{;^E3nA4LbnUz6taXp(s?ue3&AAJzX~wV)R?D3}Hp z4xRI~IVOPysRAeO+6HuX`c?LDQh(rZKpPpeIrjKEWKY&y0vd2Jh9yR8N|+kLfK_jG zLX$T{syBz0{)Ms|lL3FzAlhAUdGs1WJ7yYIp;(zZ_Af(i5n;84Fz=$7y@+9A2qBml zH&nlARAw9|w(eMRMCRWNrTIp(G(^kYl=-1)9qiew+O^Mo1h}P}Fvy!h%kkDWsoAi3 zHjF4!9qhJ%XPbyuz3Rb@1i|TuUwy|`{{1YjDbpYD9gNC3 zkOc}dtc;!<@h-(PudI3kGrncE0X%p8ALmp*87rf8HOVBVrIJbuC(c3;U=jhw`Vzz7 zwL{3=R(XT_23*!a&CHOkj3J>`*g$iBH&;jBqz)Ur-^`@MOpt&2LZya>4L8Yr z0@ZNIAk#)#wy0KZlL`z#y}L9PL@^C$jf0qD)EsAVW@bjS$Z#WhT6(@9D&V>7jM8WF z6YQY1KEL3QAaV6FJ0yuuFxu#C_(3-Vfp?pRh4$qd4%*7`R_bi{dpV1X9A0oX{IjH{ zZEn9dr>OnjPZdA2fBU@}Oxk7^kIUAyEf~PxK>kYFrk4UasLjC>;mjco$)60#sqe^XS2s#MMb>E{8+<6F>d zobE1FpyQQ&{}}{Ea5v7OSn^0m=vhMBgn#$UOMYQPFulBxg-U$DeqKG#vBn`Bae@ES zOSbf5QPr6I&+*!HYB6w_(p}pGLhi%WND(^~BiuReD#f>5olDSeJe#zg(=Som)UOB0 zSb(}~FDG%qmiRJ03UyLonY3?kOX1e?h1A+|v?6ojcFz)Ot4oS`A3=#6TlI zK{l?jF+yW{jF?z*Iqsj3+8<#ggVc^;6V!PpBdmW2-5@f1NfVum69i#`&e#`EZZsnBBc}Ut8Ja7&I-0K@lC?3*pZ^SGB%q8xB~^d+rk0uIM?O7vid>E4FD~ z=sD$uPn_tCX7quA1}0`>p1_7W{K=&Li%# z?r!vP_QP;rz70FSRD=7iwktZ@CJzh*Xh5%j53Ld87zn^QOJ%)#W`nn&geE+?z}VIp zBQz&ex82H%1?!)B*+{;HQiYhYm7{ z$iF7ynnb)hyebidoHw0LtyEmw7tTIiSN(eIa8SmTulJpqxP+z};%0Nk4bNmCQki8a z5-l)y`egsXaO7?Yjjmsr%M1U!th|D<&T$QmCTC?fI-gmD%*-wjkT&~9 z8ixZLjULh+SE2MzB6S@T&mt zc!VGSwi>Bt#_VjN%#4o!a0$Z(&=|6>!s8C4@zocS)DywROAlQj=kOB0(0IvX-Y zBp9s(-8R8lCPBBZj~;Zpu_habn5gUH@aK*NpT%o~B9e&g~nS zb>+rZhAy+Y6{`%!_1K}IH7P6aQ)8*VZ1)`3d=sqi{n}JYZK}aFZK}a-Q+v{K7zTj0 z$C~v~`>H7-hqiIQ%3lqCRs4sbZZw9mvY#R_-J*80B7O}9~4@b)- z+*?FYkyE-=K)m+fu#3le#ibkOxYGceqRWm14%c$vq!M@qv86%mpq|*lHn!4IXmxL8 zZNF!wf60^~Kg#5mVU6hV;#39_NNPfZx7KtO1l|eW>2+SSlwg*+R|>=&DC(#XnEPq4 zMs5;&w+k$J?t7R?efr+n2=b+M1k{ICUs+g>vFV1lOL(8(uQs`G{2`j!ep9ifABWpR zTpu24*$m3~r!tr#oD=so!l2z?n#-r`|8_ji+}K_8f@)s(W_ROhau6 z#q{hL94i*oztF4v>mjNjV8I851!|Muo1`m(GBdC?IXKqHMd=q6VZ+Ary#A%nP4LvP zV&Br}@W@uJFJu!6={f3{!SU56{xFc3DPU%>K8yMMno}ZXwTh~PQ1B#nq30IHj?WEA z6H&c3UzSt7#zAn$kN63v`Y|8N=(^_r>KlvtP3#x2ICH9q9C@rAG1f!B@U0pm{NqdOzC%UdqQiLI2$f% zH~is^tKpXv+X}oINx{4%CMl8V9&Q6Kuz^jcM%OAYQ>~x*yIwaUmoa=nZLj(~&O7~p zbs0`6ZN5>%gVVNPtd`KBR8_cUtFZ}eDjter+P4!m|6?=|5!p`5fcdwZXrQ^3t9o2# zUBL*}SkX}UdSK&Ry+QuRZj*}9*${@{>JOaIlngbR`zOw3fj2 zpq|5SXt*RYp`NF~7HYkk@@68O`6w|etiK(TE(ZEse9O7So8=DnKCt$8+)e&G;dNiK zD-Yl^GluT4`W*7~r%gmAw~}M1R!rYhQuMaf)xR~2})0#M}?QFpQ zcJ;)<(idymCKht_S5Pk`UAQg%Ac?rcRtrNS>Fbw|Sh@H+qy?sbx3XS=9==73N8Raq zQoAoDUdIK<@X`kh3)+Wp%*s&Zco#M~8$K^88G`0e&*-qx+3;Brw}xgyjyJh!OaJmL zABs9R*-)8vHhfyddBufqHWcnk>=L?-{|&nS<-$|apYw^0I>o(&`>-axGz)$who5;V zO1M@N{JnIvAX@|HEpBp>VQ}s(Y9BVxPG@)aa#TO1#`>DxBcV~wA zI*pm5J@BsSB+RN4%Pg~)QL_f6mgfJ0;h6N%i9LFE6U|r)P-hpr#0_ zDp(MA5^K%!O>`pbiWAoECN8Q|!&45FayGGst0^sB^ja;)W`BAlIe(=87TZNIl9jxh z<7$m=Y6VOR@@jAm{?O_}T(iQ^cDoP4(3)CqPH5iCE5px&m%gZ3Z*kh|^1fAbDWWMju zH2_lkq^j*|7~^LKNdvu_aA!q>H)$MNm~^~(bQ>pm#4&tIq@JsE)myXyM7R2<7Q>Yn zObAhL99-X2PO8`onF(BTw2eVg`r)ssWkzzh)nsmhItU{3#^kl5&>^m%DWP9O;#ipS zU6@jpuaNPoaF%pn$|lnLd*HdbNoNKqGCBe@q%SN}TVPiS_DNvP%y7RABoe)t=eo&& zfsaJm+41ip5rk)c8SuQV7te2@jhkRNGfK*<;+Udw-;Qz5q;AEsdEC?!;dvJW#4iKZ zYIZ#*d8jdKq{QJ&?Ol&*@E#IQPGxbCMK7EU-UGs^a1`zLR8?0@6brM_6UlQd6PKd8 z>US2ON725(YRERI)5SZMbSPSXely1jEbUQB!2Y){7&;qZc*7|0?|>zSZJ8^RLkirD z8~#2p+;(WV?YzRqyqYB*9(ajIM!IzuZj&@vTnJ;qIiGA08 zOH}EH=BcN;3Oa249mlKj_7z$^x$prR*0BVHRu4rVFWnGMbngpSKO4IBBm&u~R{@wU z^g|I)H~6N`KG^!)5yJ;baQ4Ag=n7k*JE+hdk?xjJs!RQo?)B=o(T3bD-UTnTa;7fb zUa0dUSEM*0-j5snwk9_2<1RmCUWYo&fVlWXE~sNNptJaw6-G)oGjReBRyh7fP&HIH zl|+Yg6Lo#{Ckx-@cDJqVh1_@5`h13~SQ}I9O(}B|Vk7I_ecVs>LhRPi>aF4Iv*Wtz zsy~g+heaRF%(Vl*? zE)p8kVyMW`y|f+MSN24wa|_ZE3G${qqBBSxw9OwY8~m=UH*AfbJO^Efr90DO+G|R= z04e`b!Zk=+aERXBub329~syA8o5Edr3Gimj>!!q$6;l2*ssKOc>GLwO9?F(r+m;};r z@X7V@yp3u6Q~R9{sRy(+s&VB`6&-n8%yNPYRjK83QRu7jBLkC4QSW^;KrvJB5i zR_?qNyOV^!>YMONz{08DD&cq~bZ=G-2Fn!~B90@_O3|`)`IL`SmX34y38w~QnBgBs zE6ZKXW4(6a>b|5PI!9BgN3PehSoBbg-!#ef_g%*L+HH;kgF#M+++R}rbiiLeAe8PU zbsSaInThB$=&jG^dOxv&f%YrB`VWCFeIzM?I;tw&LPW4T)P#M`-iJ1 zSEUM?v`xvt%sD9CHX$2AkGu!qp<}a%3EWci44hjmo-XNL=KuB-hR^QF8q+n#_%HIL zXxn)RpxA$n3@M)i^pCjRJZ#)X8>ayM<5qz#GSfe5tUyJ9Q>U=NXN6TZdZ<57`2~^P zW>gZm(;eRhhx9L;SbP#jWqIpVZWIpeTFccQn8KKqP=%t_%vB~63ZpMWdv-dLBHK_r zbd4ZY34`92^b^4_nRBeO4NNM-NWbn>NuG5I@c(u)@7)Q#>mR{dP_}R*Et~@UKUz4w z>z`4?Y<~{$Pq6&CPiekl5$(8VCeC7|p}1B%?#Z%q^a#~$ZSa=DPeSmLnY@UVA8A$o z=%0#$uIM2SmSIJVgRVWuZ#DO_k7wjMj%FVn@9+~&Rf5L96i(+`u{FX*z?jZ^6HpOt zcDCFt@{{8q5|%17#SVmLf&UK%B&K0zE8sFhI~ApoWt}8LsQl&%ph5>Fw3hcMnndio=^`OamYtcWzJnwkoA?Q*P9%AHfCU)Q7vL=e z09OmrvR|XFOkN80%n^S#u}mM3SOX9w8pYf*o^#xU!T^Nd1#Y5*U%X_SWAzVxS2ZzQ zwt<}t|?JBZG6!mPZSEy%<0#}>a3PMmyaJRh|Atya6}}VI5*89t!Aq`^VU>BhJz;)od~+3f@fRxElbyqdiHk4Kxqcwiu<5NfvZ zNw{B$jBt{7^da;`;Mx1DRNYiM6K<@CmHBTUuL{LM3gP~r_0e5hNfrXcccW0VP>c)_9q&|>rzT)k{ml$N!E4c0}fU|VjaI!>M${9$~DTvg!p%UpLfE} z;PfP6Jwwz4RdshFH$)M)JCE`x8>ayMBd$QaGWlO~jtSV65BQs*cimjrW+67Jje6^B zLsltG*`X&7@oSr;Dj)D4Ho){Ia$)W@e*Ht(9Gs6t0hPL!a4USN!YA5r(+Le#-?0d6 z!&RO&Hef}slrg33XHwEAX^*r{S|;_gZf?Fb#g_O5dD1>%#T*E!YPNXysrvIa*4v4e zZj|`!=<9WN?0+`qTI3Em*KrVt!>JB_{r=P>n(jz8=(YZ)3-yayA@ z9Ik13TrcF6}saP6_RC3o~>U6ncqEWnueE75O@e z8!PcfteZ)9`oF(Ii0;@1K6A!Yf_^y&a`Lm-|0$)*iN#`n=VLlF@yHf#?x=t8GAT)Gzk$6)taGZa^>gZ?yrt^EejS-0TpP{xM&w z;9Q@UBQQty3oNlB%SJfWwG}azsU5~sj6b_;swgTs*r8@nL$#Q9#?i{ujyL5E)t@lv zRGUHP8$>j?H{z9q(;a;cisfn8>gl{y*tec#%Nf(V>p4xT!DUIgxzN<#R7oa~bhwk8 z^--q|%NlQrhmM>W!tsVp;U{Sf+ms7RwrYP|#nl^r$J{Gf(5r?fA~C z0%FWr=hKN{21N7I8D|-a8CjHJZNKcVQ*vUwizFR(HTNy5#-Btzn3b;FhFediSlc0N zC(P)6s=xiH!h%V~$dcHx3Jh2=?g{@kBI>Gl$2d$jAC{x}e3%*MzfGtp{;hc$ibwaR z_yfP0n0%6#{r6bF?;*J|PqH?31Cphe`R!Eh{};(d1v%9}jvRVOuIM586(-p^k}L8g zpB9k(5wUje6Wx#GXNbYp#3p&o|8^geubZ6X^2Q#Lhf1w|k-GT`$%rHC(O<3WXlM2c zqvclr)d`*RSEqQHI*y(G{TpKzXB?&e1qz&PWcww*Q)7KD`7nLh6+)?5ISj0v?RQ4Djm=pZlH zJiQMy#pv8G+CMz0PvrEcaFBGUD2wZ9H-`TY?_rm$L1KxBm1>- ztTo7<5we+Nbz^xV(8YpdWj7MgYZ@^A{80%)(MlDW`W|M&P;p_+ThSE@$msT$Yi)>gT-b)si_o*s51pl9U%^c?$tp=aRN(i8N< zE<@##vD{p=XG&c^Oi#=uQ8i<;yG+d|%l`Bo}5e}O-7^kOo@z*YC&D@8Z7o*!oJ*;_;g`c zBb0SXuUN|u`F8SOI6Th}%iShN=)Eb96@!WOS|4WBv*$9Y?kQ}hse&aGo2Co=z)%47 zfnr8sv7xNb+LYLL`jS%;`^JTCYXL4fc~@d@X=v%Iyf-9^MSo;=|9C@T7t9;H`~ki* z=O^|xEcEuq=j15A3&<19~eCVxIEOd-T?dv_gVtb0Sy^z z1=%CGS4y60S;uT0x|muU!kpR0@(vv3xav|0_qLThgt%Z6MO?)THpsKhxU(sEy33cD zXhW_bAjLkmAp>tJK%H_X6`WO2Fu&4WzLod@UC#(!LdN$~)0@=JZE-f44&aR2=y#q-O|USgb$eA2}Tctw=92X=aC7E-){b$ByX50*y&t zjs z&1O%z%AC65Wp3Iutl3kpO}`5ULZa!{?8`#qh8lFT97;c70!?c$cR~`bj*`~sLvvAX znMJ%PGgxdN+tUAGlZhgCxuGkr5N`^S_@dF78}yc$OSU!cMKzf#^^&=ahA~?BW(F_d zGv7|1Hg>})tcHxYMKpzV4Ha~q%uysXeC+9dnZfRIEfJ^qL#J9+L%aE1uRlCpWIyMx zKW(LqzY+W$#h)x>M)N#_zYVaw@=ZcH$HN-FCZz+FC{(i<^Zy3G* zg0SE4_s9X__J{rd`;9qd_HFX)-4|+lcw*bxF7YSV70#0l6dNpCoiW>xB8GXLV8I{4 zZd7%=jMs0;X~#5D2k-$L0{MSSLH9aZGC&Q2y{AKYp9?k8U`u6bufQHFi~zdpYoM8a z^@3&zOot0dQ|Ea1+8l80EnOzf5W}Qqv6hrMS?!lHk||4UHfl;T`w=k{B6h^Kj_b-F zD!@S5@i3SPcA(}5J5bN!HroHMOVsx5RVGm^P@nY|l39KmDyB*1kJx&*V_z9%?a;Z= zaOz6ti~jaQdK55nA&UZW!@JEeg@ZZCHKriR<%S2Y$@28CWLf%^EI+5;*(^gnSuRkP zSM z7S@Q^o($G5_w?(R- zj)dwqZ&B@RwfcCU(ngHSC2N0$Uw*M2?<~?Za0lTZS&q<__w?VH62BGG`TP=g*H@T= zb1H;Zbq5ltwTo+Atc#RJ_akF9e??c&%6?5e=N!g5txi>pJ0s{=txiRZec1Dug*%lR zm$2!4C(G%E6_LWt;VfQ%clr}a7Ovj1a4jZTU5(WrkwJ7)V$stDIA2LlDk+m?S5KPw zW2+#&U_mKnVVMy~$Ke1?=mms^nIB-`as1F>NX=c8Bmh? zUgL1s_>7GX=9JIf;ZOE4u|183-ukUvtNRrxI+pVjPJN(O_kMXW&+lDXb?z0Iv}L0Q zH+sj*rU#R@cl~)NN122Cu{AZB7tpyNEeVU>D&g(#GpNaLxV#2C6v? zAcQj=2GTWWqv-CT7Ngp^YagJN>p^_0`c~uYeH^3cRc0=$*jE%Qj!!6vop?@s;e>rm zi1fsScXm%yxrw?kh~hFeY^k)s*)b1V3qO~1VHHCsi?;X+N2sC1YSO<6_}Dq07daas zQFd9J58z`*q@U!CJ3frQ8)_}0*p~mQVUX4repEN%ip`;0rXh`GO@!_jWhz-uE`{lP zk@D0*;rKpv5Ejam9R3=smp9KiK

fQ2KjH4yyD;7SGxPL5>HHe=N+!B8)A0&MdLq zFvv+vz-ILb(lPt?uO2R&Q;Q_p7fFnQgj2^0$!pAGA}rWLULINWPv*#J$AyH+WbRj+ zxHIY=%5-vHG~Y95%7tb*Xl$aQ&g`r7#g1RT9O7p3lPi6vri;!VN?`fSDPG6No;e zNY-UlAH_z<(-{u5yhRUi+}fXmAg3V5)E9nIU;X~|&vT5Tu5cID?APDzAUO;Xz;5Nz zF%hmXeNuB6yG`XxY^Z&3+fW2URWI`;s|_z*pc#ZaK#VF4tzH`EQ^MBm7cj|PBlPHK zT|Dw(TWy$@b9(qQV>*XMb8Fb^dRD!c4yF|)$A9-U_M~@Fm31_o+ZE;}ED$#ma>CY# z$bJ5jgX!Y#!+SwZeHPmiXX^QHZ$#V ze_dvdyJnXyt)DM#a3+8uG!DOMJoHYE=DVwy`#A1UeR8DUXz*TKu5@$k^af7S?*EdZ z=8EI!z+iPCn5S$tl~;3BprF}e=8RR^NaxqH=YV)?`vo7cG)q%oU&(vNk6F+5Ck~P% z)d?_eI3~1HQ5uE^Ba<85Gcl2LFRkFZ&KgRBHPe*QT09}Fiodbp?9aLs>`vjl-o0^J z5}{4}&E$`&y?2?3wKqosV7@M0K;&HhxX@#%W}0e%f;GwSEwPW42KHVJsgb~sD*%91 z+4u$aG2K2K`>5gJ52C=_tumH(nrNuyb<->e5wCc3*@whCU#sln0UnHv%Pf=L<>42X zi#1a!4H6wi@voFva;GppgSMRz4980%7#wl5T~d`>3#i<@Qm+L#=lhiyzQe$!8@b((VVILc6cv zz2if*`?`UK5n}-`T$P=mY-Dn`s&lN9%iP94cXBS(UZompQ;p80y7>U9BJOP~AT8W{ zTLlj~a$)+9hJ>;fAsfbf=YR9lv6-K6>N4=ATMfVwv-<*+2~Fx+0JLlNBzgBr9X6?t zE-{grDKxv|`ljvy@NXljxN^!HtUbu!`m>Y12A6+1pbRbzeLM=0Vr$<1=xyJwuAki&}z?A%SH=Fkl&Pw;UKjRnKy7vE8UQniQs=BFv1G?ixvz`~WCPlmC!hV}x9p4|CT{r@9G}U<<%0yVcK;Y@W1_8Zw4n#6%dffW^-TFI?d@qDib>5ts@P@Yrgg<#9-27Gn z4LRJrSr4QW2W!r&(bT?lZ|JW2%^acD^5I<@Vh7_HWvDMJlMTB#nXoJL%MERfD@cL0 z?0M7kDYovPVmO@0r&v`ONi3O(vc#hat(jxmR~4|*8uknq5^of`7o^(iUuY>m{kUwdbMjJn#WtPU-8tH4cw(;+;abepRfryZ&hbWtd8>uOz}R z?~CW@dT)8$BzU7RR$M>siOfhKXA;uDwJL8GOEA1_$qrM}I$VV^e@NBa#mPuw{a!!| zqKAxoo_Dd1QgEK^jZ&1L=fjD&`w`q_Kt?%u#Atp-RYcfUg)uICXcF=AnRa}O9QVa= z;>~`Va@^I0?gzu$XKk*0s$^4W^}n3beR2798(d%dc6;Lk-mIrHhmOnI4;=i1F&i8IrY(q|euX_@#7heVzMSO4&yuEJPJ z`votiFCcdm(-mm4Xs*&hFGw|dzilJ9yI$jmwXQQa75VcJGHXSyZh~<7rSuvN$+!M= zcSGX!lH=k8xQ&~sbLv>pOuHN0H#Gx1kF<8`7v-GpyZ#0yLat65z3acjtJ#!7F-5g9 zyLZF%4(GrpX@=OifZg96bW#Wh9e(E$op|_UjsljJi zz}V=NnYPvZ7X#4zguZBS`a(}BZ*+fL!L9O@5qJJ*R54;sAdm>gcw6}k7pT7P@)_Q~(q&!sh4)Nx`b9_cm|hao7&n6bdpllgLq%uQ7))jOmi_}&2uIWjd;Leb8=7C2 z!S19Y3K;qYC+MYa(+isyy~fjgjr=Lzv#k7Zm&ta zwPcl`Z>Zjl$(uKoMbsyv!*uj+f`c=oJG(PwhN+oz?6r4ZNqEB07{kT95*vOH#mD?a z0lbB?7vhK)!(t937RK;YJ8g6ZSK!ksv7y6r%2z68#&oTOqFdo9@M!;=Ur3 zv!~ICPm5xaMl8fkOIBC?-%lA2H)u|T7tYv9(zYO%t9LpVM2e2cAL zY#!Ju@~M{gPQ~>ya6g~ZH72FWDb%X{t~}1~m>7<@fcv#ZDM7vgZ>#j9qLx$)a&Y?|MgiQOnNT@1KY75FJ%C3EaAYq)R&cV^*5VU!5sBp+H98-!9>wp=Y%V#R z2{pT{L)x9f=d!O8{7-^27s146wOR3rO(1Zm0?(QBB?2gV#w6WyALBBS;^!31ZIs0i z>jlfM;`{V+7%xZbrJR??^nwqA;@|PYKIc8u2HF@yIDpVARP zxf%+!tbursTXP3^wf%K&PIV)zt^9d|GMa&ww?BJ{`Q;USe8sd2w36tWH{oF{f50uo z0-k@=!IBXs-hUF_1y)@2sZfhtPCChlnTG|2TxxKyZDYH!+#I38q0`L|2(f3*P?1y} z+_OiSIKc>Sfs~*Xq@JEvW8obhVfR+^rICWP3W5?19)6N;%>f;~Gp}5(PVObD002%8 zzNXtRJ-oyMemOFz2UmNx@#uXz#9zg+LltPYA_8;V!y?IP<;K8#-1C0($3zGMTOL8M z$i#7Qa~gyzsnF#&ROCP}w4kxFG>hpFIk}wLsPJk>Q#qr(+LL&kL>-MKbgY-qegTB( z5h|~(f)A6cyjlk!U>bNdaI~?BVp0eVB*5wslpW!1*wJDHdHw{-aR06^4J%TB8nWB< z(sLr^AU|pWx-3BSIwDu7XcX&O{~{A<98aC!=yobXn&c$}vsBceW3O2n)M5j+SsLW+ zbSM+3qY~2ym&`5KY1piPJfEC~eJaC!;qUs_8OTrkgK!CV08dpcvd$&DKq}a2ckt2I zWYg}pk_-M=C|WNoM^M<-Z1$yzW1ko$DUZdBjbD>67srP7*C)haJ-*8_u4ltLmqG3s zblR{{*zwj{sqL0wkqMVpa6v6wh1Vdwv|5=t!XL}4y4rWm)1FRj1wV_hm9WSNeCytN zr@xo=na&uI9dOC4iS6`c*uX|_ zjkFnhi7M1Tm;sM9N!u#e8U8heXMv-tAbJw=r$&A6ptv699G>|uH(r(qUP&;A^YmC7 zC!OOB8;mn`#OsDCr}$15L5qiIwJ2SvG>P4LKjgMveFyk2EsYjG}kvy$bHflfseD~i~I znzW;t5M!EUa8UE-BIpVh7FnvX1nDHhtiRye*EJN%XC00bwU^ynk;cfW0=r#GVs%P= z{b%sy&JTc>-02IZb~#Ph4i?4!I=Yz7Zsccc);5J* zrd=Q~vm>PEtnBNCP}!}Vhir4Ve@!Ho&o-e{)~`)?fXIA8sexacuy3T9siIczlN38$ zt?754ka$uvD6ZG+cryFsR z3-UR8OQp5gjJ+vU_5~YF6v~3NGZmFC&vj85+x$OTvH26Ims#n3zq7r2#&qw98GmO# zYsXJ#p}XHTjQVC3BRKVUCvW~+|3DBQaf$_!ht3-TlD+4+CvfuZzXuWSCijRk0KhOq z7?`>Q7=A7c_km&mGb`@rekn~z``-fj(l8JI<-C7j-{X3J+rF=WEq2Ca=FQqI8K1@? zVEt~Yt>bAy){=>XMFO4V#7+gPr;IQ|EZZktbEz8KIS>vi6Q^6b&8euBLS(kF?jx!r z%uhJ=jBpYH}|c{;fnQq&(j_{0ugo&v9k zrHr}Gn60cy4P^ItAd`@=JEa7jwj7;yN;xl;dZ|QtHcP){en#BzYOByQSna8;;aNkh zqpmX3Uu3eL!WUZiXW|%YvEwZmt?0x3`~OaeqUJ*u`y39Q^hO6Dl>!;zH|IcJ=>Z}8 z+UaC8os4D*>|p;wn-O1NTVpe70;I{Sy^11Sh4Z3qPV(pKIE~4NR`SqLmOSoEEDgZ2 zU05n3F6Kgs?vZv-)FdBU8F1nD-)|HhUhOXRrBV0*-%hGs09&tt#>sa$rPWpeR~q0O zcU#(CfkmY74Q-lw;6xtW;7i=Nw;+0&H=$#KN%)R`5D5V#A;mBT#~znDHtywS3I2?e zjXg9@?sCU-SXCtPIDh*}Lbp`Ya8#qGG21lTxsJHyF0J8#y~#GGI-#0pvPVYVx|s@2 zj{i0iwBvk2{JYZzTreiBJ25-=HT3;wz@vM{=_-h6AC~s`miy8XIl)Oo=(Rtpws|?BG zKVZwhW0n$3_YH3ZU>GSihxwiP_U|ZhgBeQ~z!Tf|%^Of-tWDH7y zgVLn()-C&L;??^lUZ}*o-Z6;Pm{lms#mGC4V*25ptXndC+PH>lkn>U#U zGusa_7iUp!CL5hbSQYz+OG>b%ssa@ITginlBSDB0rz~oJ5IE^hT6j-k! zvyp_oH}Lbmr=;`cm76b&>Etg+BUo?zl|N#P+7a;tY%@$Q8%_i41Tfoyjz#Ti_0&I`Z2BBSx5GiP zpQ52683PW_0gSJJ!zq0+0{)FfNm^2k@SBSG@-2a_o1PE&hYe`T2kfu`bMpaD+JLe7 zfVDOt*F1~;gAoHDU6zL^v;iyg0XHj2a@{Hd{EDg2lw4=3dx+k9A5Whpz}zXk^m%-l zinjYcaO=##Yduz&vGe?Y>JDt9bj8l0clOES43TsPsa)3B?kpGbC%Vm?@=ESPZNR9!_okVh+xWku zp)x|BNITb|x0zUV*vjcWrq`+o&=7z6h9%0bjpUe|b4K+E6D3U@rbUvI=VB>bT@}Oa z!h({5*c5ZcWLFi}OqMKsHL zI&hQ|aR=DCdN1N0Y2V&d%aY|{HhQ^}*jLE$+{C_qv6+r{sFOSo-HaPm@T$9Z&2>9g z>%S9v=t-#IQq9HvGpDigp{=mzs+{Echt72p-!9;|bK>72Ib=xQXi0uYmqZ+DGPDg# zlXJt9-lLS;%I+aR5!$nE$9r9?v?35P?Fci>(9-sd1(5Q0m8a83|Nu+IYk} zE7ubW8TR~}k)Z3;6eHfmBdv`2v4#{Y{I-KO_BL}_z1Y}7IvWAI@&UgGJpq0`;Bx|K z$jUC=$h+#vop1NLg5GHx4&GFZpf$dES%J}q&MiPR1A@*mn5CKquc<=2X`1?;pj_bO zCevO*EmC%fvrar-6MK`7`3Oyp9Wc|Eq1r*vD;4p6Q$~}AH}~3R%2)*OJpvZOFA!D! z10R|XcZ;0QzC{Q=?5cn&z63K5%@*_sp>vX8J<)pJ%`@VyUIlth4fohj$8cj0635cx z-)F+Dn>(*rV-8A2bUYrcR_fhCaYyW_)Z$;T5V8&7S>gg!;cu$S^LNo!#^i7s3hDMX zF(=+qfU~p^Cv*SvH?@Je7q>2AYrZ4p#$CC|$@({FTvu_k{!e&ioH{qR*nPWN0R{Rk zctq+^RH3>U(Ve_)Q4V5bpyz~!%AQ}F!iyJYf@N$7t;Md6lb zg`qYlVR}}T`nXRyO9`H`3D8I>UXZ}CMp(9)HFKeCISu$&bBpb<)^a&E4wyKMQlXC1 z%61VvWtV=bawbss2HS&PUR=0)tw%I>3#P}>h+Ug?%>JugoQY12V5N_vt&!>`?m%Ty zrDk%P*a$mk(v<_bP>DsZ_Nht%wUU?2S!>f7enHYv#~IvTQlFIJVcU1#3r`A6&Ik zDE~<22oypiREe5;6f_c?e0<_R^fKh=@C&iU{ycJqe%>C3X$`J#D7LCK2;~@+Sbm=$yea`C#hinb9hGg^k;}h zD)MOaw5|Ndiw*hc;()jt2lA>*qtUaI!pI0C9m72Qv3f2HEN{n zws!mLfFM8drWQs?jW`DqR4roFeMIXz3KKDdh+vZjZ{7YDR5tL$9`tXa?br*JICQgB z(yHu>!d%sChpwP%jE9N@z>t#}EVTd{k5&QlwedC?2HEYVV(c|dy-kk#^0E0J75zzW zh7-JVjrpM#EcmY9)_^lEZrY33+iqCsx>^*KiiH~c)_$yJvX;EbO^xwET8v!>iZ15H zy=|lwb-#s(h)l@vbg$QBU2#8Wk_=fxi6@0j2G+V(@?Em1Aq)Caqr2Dt9mURWowSc! zLQ6LS2shP$KV}U=we=7|NO6&<+)v8q9&`O8;6Z|&n=AZ7c=O6}2lfXfy0MS%97Mu! zYACsKU4{QGHIL-@zYq=6ck)1ptS3`wk~^V)P(a&5UL>repGjOEB>t4h%t=-bnf^3I zxtN7D1I^@R%Gk{9mB@D#{W{?x@{&f;G$>A~sw5y1QxrdR1e=#hePVQ>5b;8k~ z*l^uC)Vx`Brr{}YO6;FSOZrN^l6ix-WV$wfaPcz0F2vSvMN*R&h|RrgYJb>P1;V=q z9jl&lb7GNHr48O3T_1!&wFN-Y*b4)^dsl(LNQbw=p}V#ima2khQ)>DJ7HSu4#Z1b& zMyPN5m}`p?Zx+^-W};`Sv2d=;p8^J|vGvd3OJjN@?w4kBygrM7VCV7s;>0pIk^TZu zBUg=+IFwONJo$5AABQwS8ETPmMLjV$AJFnXCCWd|@NnHqqWq0;iQ&461y1j=s}L5n zo7V_~Cb})UkN+pY)VNxCW^p87p!{}V7_gsIb3^shVTtUoXi(X*}N=ZO~E-!eK;IbvU*A`b>KoVr3qz6V}%w?&ZUWv0)+SBG$=_Q|qW z?f0p8R1_Suv+>ETV_a;fTKQl2pj#{#{3PrRDC8QCU6oEJ8OgS>z$x6~Y}i*RvHKhL z6{)?cItd!_hB`?$FlDysj=-3jdlvch2DB}}-Nb;lnf;u^fFfa^Zz^Cx6-Qi^rmnDv zc}H+r+!RW9#+SJgp50Ta-&6_L{f!c86gucYAg2gq1t65e3NbbX^DVwlnbC>S;W2yQ z9GXmD8@*E_iA5|~oj`9%?CQ^nycnf2D?POLhEV-38PtVZpMU}QlingeB+J^r$WhuL zN*^XPoN5;t2SEnL>HUH2Cd!N{k>K#^iv)1JOND>AVZ`FeT7+3tK_f^IAhE_^^cuaN zj`j_I13W%18!Eu3#uWtxgF~&7Y<`kZU8e$;BS}PCdo;pD-D+d^lXBb+(vI?5_fLDK zX!#DI=`(4}=1v#y0!s4O_MA5Vl0Vtx9Gw*Q=JzP@ikEDjK%}0}@`NKL(X+Vo?%V5( zklVARJX-Dl>jmma4fVRu`!L5g)IW+j9{~bm9yGk9^W6G0Z)QFGo?Je%^=D{MRx9*M zL30zTRX;#09d9~R*01NOF;ycP^z@5PQ41SPC>?Bq-m{47>}vG7!u#n>VW!^=f3} zc4(M=mD2zCvp%K2*))yyD*c|nQpw3jEXP0bpQ6_~v-kS)$Lg^2oE(1}NyqIlLytz3 zC;k6a3N(XT0Zm6CKG&9YxRL9-Q6|}CNtl(T=1rQ|wPG!<9f4pAZaE1X+zC?6PE;Ab z8Og7ec7Mu%N+EI+p!XnAy!hvH!6s=h-FVqDWsGDWOM?8QTzLj;_wMmg7S|ttLRgX@ zxIv-f1sfzPiXx~e5u(|W$gU=ew~80k8mm(hP*+8)0-|P414_=$+%*>fHGiT16xu3ZeRFjeE zi5>WjOV;h_5%N5=1`{7vt>owt?d>b~bd!=D-u+3LP>=+zr)nZ$_Sf*iAaoOd1>xDk zM+Kon<}hu)b&6pOpJ&;xa%99L6~%3QO?v26$3MhI^jPr2Ugc}+*3#^Jwq6T z%q;f!pz-JtutKtDHXiw?0DP1$KFSv#<%^Gs!$-y8qvG%>x1ZsB+WE-(#eBs<32GK|!1=&SKo z&wMU8kTSU?<%6r@e-Z5NWLm`5md4X|#RDW$GLZVX?-NQntOp3JJBi9RFGGD?2MrH` z^#Fkt9)_w9WpbgB=ieYA>e6pSHk>llr&{XP1BAa=1jA+!xSO;{!s3pxc-9}hsKpao z#l;_oocBZ1UzU>?Llon1VuYNoC6p>`o`K|9l%=LNz~>>XML}Whc+F(q`ZE_#9dBxT zjOaR1p%81VT*MmbzG2a=M-wN_;yri#H!X{ogSI$8#sZC30=hqf?`lpO)V6O7ckGD0 zwO_lg-vlBQpM;`O&5QRp#4e?Z-RnphO`b6?8^1rpV6~S^m9hAp1xpKv;$Eee9lx{p z(jju4Z(YHq#d1~16*H&iRVJT%_-FKJ*~Yy$zGX1dHSBYrp_>Auug3s3^QB{@x5tgn&pZmNGQ>A!e!!v~DT0*lG$7JRn>yZ{epL?hEupC!*ug4>!sV1)> zV*C0(K}H{H*d7~Q!7Y8=W^{H~6&;(omUOa~1kJ|0rf=W7|H3vn-7H$oELUtp4Pf`; z7CxMBWY452LU;G2+xzcAvv;XuOH?FfyT~2Ns34T6PnQuTe?lNunPX2r4{bmBd+1(yhu`Y_1im z^$}EtS8uhoio{u(c)vcZ1dK`I-))%G^Z<9yyj z(#4em#(@>byfjI*ie&^Zg&y|*C6Lsrqh}po8yC-nS%evIaje{@MnI{@OzP8dcb8D0nLPo$0v7b zG_XDpJ5_C@%xbCuf!INe5VcryoXJi&zioN+yY3U$@~86PR^3?LJIN08nVd8zug<&7 zOqk6lP|My5OE6J?6@`PBw13QTZL6;N*bGpsN;gm0&pzpwoJtYR9Zt=(D;l;r^_LT; zDsG}m9-VJ^eae0Jzq{LLaaGQe@dQsie(3sma5wKKJumA1yFVifT=23qV{=8qUpGM9 zD>R+b+%X~=TcZ3(c|6cmQM_#=W&6rsFC9&g=rW0tI%zErFbjNEas1}xXReqAV);(J zE=*Q9fBmNd>SS<%5iRqPM%fD>*_*w6~HQl|%taw3jo&hFZM}#%hQP z)>c~!Wy>GRp6X^nudJy8Q#)o?Q!FZO8ObD4YQ8G=tYyy(QK^cRU-kD~-ct_W9*oCT zgaqqa_&eLFsz4i4>P%rSq-!=Q8#8>-CBo*&ai)k@e9^Ip+S^hQ52J`))Yj2~E)li_ zo>k?!pODhubK8p;9$Xo_ZoF5_iV^dqtRhEgrV*buAsAmMMWzAPcKRK1d>O64tL#)a zU`^YsSg4ce?e^F~t6U%1kAq!Ow<;Dw{dIL_iOOGp6`ppPN`jv?pW^6wrzCZaRKz*hbX6)pX8^!QOPar&7kB&CLt&qrD>Mcob20R z_-q|T4e?uHMZ*&^B-v0uiN8o^^Ns>;INj9?sgi%nPwA2}{fCFpwc5kSU3-j4QOu;X z*sLTp>iYO5b~jJ!0Sfz>Y-bO(#z{L#nYY-^Xac z-R>1+L3*~3Y^DaIB_h2uasEUc*i`MWFq_(D0>0(H=JtlMM#+m-MPfm?50FHV3-N|* ztIPhNR)tHrRa8|nME3v>2|4!)yUO{yP<8OvxQ3+qRXbr2<5eZY1#v9U1bO&N2SL~F zb$sIPzkpgd%7J`My?Ln_z#5ZWpSWMMk536Z;BS;)X<}++CqLGZ>qp zvP;oj7mVGjl8YyoaY*05@r&7IPYel`uHk4jPYYt9puq&N`sPemRIcmd&q^-)LccN| zeS++&IgLU~6>4t46>TS9fO%hi&(S1rJK7Bat+r|h`5)vhdS?Y=tNB2>Xn80FT%PP8 zOQ)-VPc=)BrWR{Be?M)7RkBd&`(bP}e4Z*!2mI6qpbmw`qq%K%6*W!xdJ*m}e)r(d z^Jj|i7zoqLgpUsJ-s3#HDGMo`$>ATa_t?FGwl#>9d;K?vr(WgMVrj>*fN3!4?NPIn z_iLyGxz-9bI^{s@^tRb*a1f1fEtT`BSw8koh%tW7QOQkO*E{AFJ4P`xKHK=vW`A}& zHok=_zzt1G!d|*HvxH@AoO_E3Y}%Vtov505YIqi2k^4JsuqVt3a&p$5+abXblM2{J zU~=}@%gRQ0V568~78i~t3w9X09IwUO_!BU%;kuR08c(!u{*o62=Q*k*$3}0z21O7@ z(9J|4YeU!bmCoDK*LlwKWifr5l`7&d1k*Y$7^7jfp4XYlu>+ew4SBuib-omzo@gR} z>r;K5i^prIZF<}wS}31qaW0`V=&-7!KB+r)w3r`F4tC59HcLnE;YBle&K&x3expN? zofKCXV+g{C%h@!#_RWu(@Eic6k~+y++IsWo}%Um(t7 z67gZPw^G<4EXuhv6wc(_L}&{4*Z$!d*H$=ed?zS(QP8=)AXM`&>EoJL;IwXLolk7b zw4=ndfao@!C~CL71j>QeGPWVn@&c2h&XsEWuYxO3)=TdNhlnyPrD zCFI;zK=C=7K3>)$r5i#Pdy#I0Y5gnhnoaW7x)%a-9&UA7%HU> z=)^`FRp2931FTKvD9sgL>Ih>=(antUHM8fz#u0>9044YmiW^!WFi0ZiyhU6^ITJV2CW*gxeYnk;-VtH3OYMET=7^H z@#DjOM*?QqcODWeb-V}Kofd6U8f}t?rfX1GPl2hP7f$E_lwq%FjQbY*6Z8#2J3Bky=%R`uwE_lT4udIv|dZ)^*8Ia*?K)EuRmC?cdge#c{$c= zrS*DRUbk7Vm#o(UdDU32e_F3U%4>}EddhnJPF`i!>tXBlpuCQ?UiVwC+4AaVy&B}j z{Nw!>P{qDK@`*O` zHHs{=LTAu_;h@qy!J;oV=n40W#X?^#SG;Vn5canSk9r8N8HB&d z)qa%~aV?VBq4<<-L3@fKQMrpmauze>VeI&-`%j{&OvT{rV)?<|FbZLJdLAKc#$hkZ z#0bWqLC4~AM=_(1Rqi4g?=>f*(#z{UIux%AUzJKNb0vRR7%Z?Iy&0&uObH8i*&}fw8 zhaxroI~{JAS}nkjh0E&!be_Xs*I${+bv}I@v_dvTSJdwY};Ys{0_t$I3 z(OA_;#%;7(KH*zMj4X$5766LB{?|g(^aZo>_!SX&iGX4SMikgnfoC-W=A=e7lDVAJ z$VQDNQ^Oj`SWarNPB)nTdzD)z_B-q7WI3_0CUv+mdXehUs16kS6B>O|_#@X+tFf+Z zUv}d>KOOOvECPO)Klxxzt;BuWYzfsIHm53gxyPE+dBJE~5pQNh+lnLk#!^P=^k70+ zg6Av3-E2MR)KfwFt`1A<(YA6-ysS!9+RXQ`nfIAolMBDe#bM;)5E0>!WZ55{;T5it zGo4bAV(-1|P;g>hX9lzn5<6Wzos3mVi_^hlZo-uOzd>h}d*^dr$-hv^pUQ!Q{yK9E z1KNerQe3@>X6zwpgk!rt|2=J#q1`f)UyC^C^Z#J<2?^TKHF7Mb;fAm%@-LOud7C`t zZ=$vQ8y$_D+v6Sv+4(p4<&k4>3<2sA`Kd+!cq8b4Nu$?`yl8`7R*NHYWG2G-Ho{6p z_@#}Y%NQ0}w9}|Xkt&P&tWeMOP>)ZeTDs|s6h(e)k>?5d2#Xx%mK2*X_S)m#>wTVK z*yKjm7T56mkaY^Zr8Wat-}Enz`xGYc!rQ@b0IT5ZFv!yJKhiPocD}Sa<|zUU$gyOMi-!ZZm-5#oU?ih>RlGiL9GB-d6&gXRnfGiVwSqS~E8?q%60gY;`Q2k>b4YwS-=wP_<`;zC~!r z*~H&GDbs4g&r-OWsg?`=K?wc<{6}W{|IYfC3|(QO1_oR)A#ywh$7UyKl{xrf^kjc^ z2G~Bq)rBlzWolPjV8EFZ3fE%wVnPVhW-Wxr%5Rxp6w$Qe)Ai}`i-dlDLFCNEcS?*K z=lW1Smvqa?L0Ldp$%Ic6+$ASGLf^cc$m#Vf*x7iDdWX_zZ5R0~TCj*WFIBQQYN-59 zR1Sm+cm*IBqb&V|=~T|c2FG~i7McH@WM?P#xOiTn7{3>aAtL9VH=IDu60<0 zlU{?f{>oKBCw@E3cUq3rX3F#W!|1oM2!!WRbY5;a{GdB{!BXG7?40-?sC*AFX2E{} zHdydoKy9sn@DAYJ7HmMxWc=T5_vaB`-y;^~P0jgBeZRFXZua@Ewcs0oH5Pmw@G1+w zCM8qqyVSZ?172srm4Me+a24RK7F+>%lLc!5&$i&gp({##>z`I`S?7*L9sYOtqmye|snh7A%6UQuyoNT-s(!Db zW#|gb^fkO0jCTzReAj>t0^c!U%h0!GRW~$n`Qd}E!9tF}U(_(G^6iG@-1ePS`BtEz zDcJmBw@~xu{7~UqP%GbTST+m8h7GSU7@bx5MxbHY(6(8Xua`F@hOVDg`C7yBS(U2; z4P1X&F{^TAprN@^-m3x)%ZIkks$5at@Tvl88=7g3wOUPf{(}Xd53p z!I%*-^OQjlhh);cW-tQViVJ}T>NI%ue4rtbqpNE;V)m6uHg*vTqHFg=MRzm_71hQO z`3c>z&^4huMqUD?nVA;_ew4{r74&g-Pa&ScjrcqM6GGh=$N(X2K*#pivuFm zxK+(gy9vQKcZ0Et7>J*#&5pYc*9n`8%Y$t++=-+SrmSgh2V|;vO@3hLIX=QbPkDk4JU^HjB@)qQS( z66o1L0(K21OF)OyCAgoFU~)d}`5!54e>=GSU!m=5LfhYD&KmF2da-))a4(L;>7Z`^ zje1Bh+^g7g?hYR#=Ro7E>i;UwvEm%!IbRPm7&w`QUItO*IodoHdo!C4W1zGksMR3D zl+VSKd|-9Q1O6$#Mi|DHz514dBaQ4B&!H8&F4cl9%ly+q@pB8R=H(FTT?tZ2CAh`blNa?*w_v=3^F=|uC70sAv2U2}|)*h7-ZV1 zRXNp7RWec=s~kuniYsDMFd5&Lhlz`79hYB@E!VYXz{SCNjPsfymCO#9Rpy%{oX$n) z;%XTp?u+5tCTCgngS;bmAunj?MkKVQDt<%Xs`%N4Zk5vl#aGxdtK#^2?9kgIm8CUf z{PhPyiFC2T*Qz?f+M&O`92#P&zh0a7q0+V7!7LrOCXyeDyEcztO3SUe7NR^H?bmXmpr%M2Io z%>o!0{t3K{bghP*$1;vZS5sXw`^c&1yGsj{| zL7s{UAYUl5%7Il*_CBoU7#YddowiUcpC$J`x_yd1i50{`V@lWgtJiUCNI9TgI*~P1 zHQ$^QFL_p~n?_c<2Axuaqk=7$=l`UZs!L4ah58Z+S@v#aU`iW zQu%hrUa0MrGiQ|ys&KZ{HowHOf7dm&-ySkCIkNl2kB#3W@_So;?~cs9?M?R5 zf{y9>DD^y48#&PcC_+zA&0UH$&_!l_{yH7IVn8`4P`hi;S@Eht=#+Ymt!0mvEG%S0 zU#zN%4L8e8E)l({45uQ*IhL0Y!X@fvS)8xpu*xF{2V#}~liHDka>Bi;W2c9ruNG)W z`R$~VgA4SAYzELJb5CwXxG2=WIkJD!jO_8Ev`#Zf^pOUsvPp+6K*Gpd$9kq zNI`OpDdaMO%5~%*x+O1sIL3_gFyAESie16}ugeW;idqjAzApdiTcqy81Fqfv>aN`I z!NzMv9+Q5sjUVVND_Zogj?~nUMM5HDY&OSVx0!Y=5l}@?EyPn*smfG!whAwrXIg~L zqln!vkX}x1QBIHK%K&!VvK44?UjhP+uOg_7Y5uvIuKM^Va&pdzhX>_qj?jd(gO-y; zAd2&x_{oFXy;66y!(4q?m{h;fS(Z|#7&%{)8mv$QH>HjctV|nsW9k4K(-y?|&Es#T z07}3V9+`~X5Qu(X5Gh_P-I|uH_^^}Tq!<+%htPh0P0(KDy_zv4<$ZY-h-H72R;X`^ zRWD$g?^G{P6M8k^U&MLK9U~@x6ZAj6eA4Hs(bW7&hy`j}?<>jDeDyrUi^fy38`5p8~VGr4HRuv zv2}TFRpcWdx4wE{pxfb^2{ zZZ#Wkv`Gj=BflWtRLIz4i#(4TzLTsJN6y1Pgnx=<=-uVvaZsv-WTX`TO8H*~P$1xZ z^0OZR9bXSVS^4Q^onpxAsX^cusl-R5BXT~yXTB)FjGkLp0>F%(F92ZO;f!gVeYzD! z?9QLe_ENu5FDnI~Bi&we@0Kg(~zYFDqMdE(v z3n&73bU8piz~T6WqPwQ4_nLMdkl%lwG)1UwHI970y;m3?b^>@5O|!(aYI@AG$A+Vu zyPKu?P-zokyAU7v`@KGlpv`*}q3OHK2E#Z3Y%qAlr|+_x3>%aZjsimJyTK9SUqVXB zgMmrE$X`cB1r^&%+d$?1`uFhzQ}5pz3saD&#mk;<5j`VLe^g8y5~up7Y?Ln)MJieW z44D0OGd)MKuvBsgKP{|>fYnmMzocxZ;X}X(K9Zf(?f8v0em#SpAM(x3<6!~o?1J+v z>MK6%emqiD07C@Oa)vcY!gv;b*iiXk*=blvz(9b30)7lIi)MnU*0^sC$hhC+!7RB?sBI-c{^ToZoPT>&NIvyy)Xr>EJ9w|bJ9Q>lMcB)T?ko8wFe z-&XG{Sidj%jUfCPy5a};>4ijn)4x-J3((uo^UdYE!TSoZ_OOPR{7HAj?-V8uo%R1ojeGUjs<=HriZLhcL@zZ{2_IpA@fHVBNO@`x|h(z?@>m8)W01f#fH3VyLX` z48{AE!6;Wet|EdwMj(SHz^fGR8$i-~QSmr_%)#+If1NgE%8bsdS1iK2Dx9O)6sK4e z9u;VcRR4F2VHBYTl4V6EZw&%_39P@*Vk{DkS@P}*OTv@Ne0(AisNYTq9dq1wkO0<( zeTPZs{0!ii0>%PJxuwnphzmFq;86i|XTBjc19fM<#RBNge3Jywo%wQwBLn+~3ZOgl zO;r%xnQs)7J?YfSL*D2rn&V_Yi^uVvgMVgs+<0I18#Y3TjjK)ogH02 z8#!?DME{~DXlt=HSkrZSFt?>`Gt^rVgXC;HLB3?_Advqs((j*n3_do(pu-n22-N3PCgQiw*^Qv zUK1eENC=Q#4kH;XYeE7e8E`YK)(O$cNjQF@*B+WRDR|BLj2Unz`y?~r>|%Z z^#4XqzlVqB_8HVWm(!)f*teXPD@9LECkWM((_005a+(s3C#PQt_T=;^!JeEB5$wt7 zDS|yYEfws^X_;V8PD6s9v@&>}U{6jj5$wt7&jfpN>Hr%#jR}yP&K4j!eL#TZ^tS@q z<@9YiC8rlJ29TU?mXGB0a{-dm?*&LsyHQ>vr~L#-PEQaZIW1z4`~M?3ZQQ$myfmwS z?EZXOp|ewJPfKg~e+2eZ&3ZlOMh^O`Ike8e7t0Q<=D6;erlxy#h23`T2Il509>t$P zW01ebrsY-`ofR4|p;i2Kum81{bTUVBvzNGaXSA@PJv+dhgCxFj|EZvIlM)}OLm$|%R zEQ|#jm(VY`1L?i1oslKg&QTmTDG<4o4)(sYJk61p@LH@JU4h2?6k{xjnS;H5?}(y7 zVxaLsp$zl#bAy;?AE?`N{B9U|;RONb9eXXr-A>cfDa=>+dN+kmZ?~&uc)HG=C?u}l zR0X1}c3#6@HgTBIv3)EKeGJFA9byg{rEa7Y`)9I9$DOwRb2*^pFx68gC`Q-Nta%7y)!2h_fTQw&NLhwi#qPaCb0Xxmi24 zHE*%?h;c>^fWAheRvyEB$&q9+!K{)~E|QUhm8Je9`gL=<%yh)|U{;`UhEl$blshqc z>LsaL3Tk&8lFYQbN1ih6?icQ_V5?Vqtlw;Rry&7LyFrxd(Ruy>gwrVQy&EsnNO!yU z0E$~}?nnZiwHl!JyeN~o)dYLZ6?x8a*C7H%LQm|75+E?pC|&L@5(+xDr@teL@)2l! zSSa@kMOS>>=aE%bM$HT}bAM{jX3k>yVUfc_?FJf(Wi0hY3K!jxd+_?`s=U;JIt{nm zop;V|>OM8-1^V8$=yz?pcD+=KAexY~ExOyC(H^U-`w3OcZK#H)$yBgrdDRW>@N?tW z3`R@XP3SRh1oX6aVT%KJlc;<~0aTp@)Rp@vRLEktNKX!v7Q36_BZ`BYbR$cI+Zz&E zzkZ77=f)=tMy98j{P^4zkU>YV;?eU18hVzF=nitA(dDn(l`6v84Zn6B!3?SALSoof z1D|siTLpk9=eQ@6A$I?c1&P-Wvyp5ysf%{~28oN06=cG@g3~_9H@oZ;sGLxuYYFH% zsi!rT*-LM{G)s&~xN*Mw)ElP>Y2SL|K_!!|H{N61U`zHoDSKAKG!Ahug%|C5=L?sF|SK$Q;b-jmw?? zsW&o8;~r#Y52cact~4H?hK$l!!oq@O%xhvyPg7uC@yu}pB-@G7*jG<|;}d)J)KSty zU@pxh!Gt#5^iNWe)sv0v7#c7cFh;AIsN+3*>g*2Yp$01`*YNcO<$}FBm|j9cP=2Pa zC47gv8Qa19KsPWNIZjunmJoW*VRCMn#43GSdPa*$hbfQilki%-&Mh7Btn_HLCskuR zn6K12J-N*8U>;-AVg;oTt{Xuq=}5~8$|a(u4yId&&_LrjW#&G_!wSktGxsSdt+sbiOrFdWkWulVpOS1n5K^X$B6kNsQdkM-U z-D!^Z9GXeuFG|7=>87g45|jfwh6X?hG~TTY{DwOIAwjv3PEZ-SCTI;g>_^UFTZ?f}-vQwb!tWQ3S4|tb%#IrK-jtX^aDE82Nka!zw zAs?I0zugigTgWr(xoG1D1i3kr=mJXQ3CT_|T#PV2W?^bHOT`XVehz9~CJ%LZ>VtJaWgS|(_+P$!f>nC6svAm%pWh<5= zL|I~4-61s4c!sj}UR_!&e|h)+63ZbOnfx?e05p z%htKSE&(F5PYwMaHJZ(xLy9uG@C_lNRsSh~Gwz+GWBKanwkE4XexY+!9qC)*w?f=9 z#y)zt^b!+|NHS8sgJVIgOT4V!`USKGc{1BCRL;F<70askiQ$QhcG%nl$dS&Ng~1x% z5sP4iWeFeC9(3L}i$RH6voEA6De>T@DFI?x6SQO z&cvwEQ&mT9CtHf%)FR}(W9kW`BUH&7BxlZ`y=s7u{B;aK5p)^zV8XZ6y*$@WuHL~r z6n{9~`s2S7Q#fFSHwSuUok`9wjZJpW{#a9N|%-u zI*Q1F#)k-Xe~Gkd$tJVf0Iime*p}Asgk1%8io4T2pXi7ZFa#e~a(^XsX2;M96Z)7! z?<4dV9Yby0`Gh8K@)oeOr{nLL^&+0|{m4|yzo2CfM!ybF6+eDsSE%}`<9FqEHQvz9 z;bvtnZ?ytx-C`o=vGSWY7x0;!Tli{*+0$E)De5467!O=F0S|r4|6FP5Zf=>iE#nkC z=24bS{5?RNxCU4`p_geytkWUFOIjlbtT-lx^pPbKhk5`$Uah$}P z(&83d2eCM!w@3NiYU%5?)to_gcKGYHVr@8izsa>2K~w$IUBD5LfX*&_XU~Dgdq(N& zZIe3>RIk%tMH$?DdNgCR`l^m7`EV=H_@+=kB1bwb0f(_OPWGq#QY<6mVGFdlHwb{` zHGI{f7O18!y+i6n=O>0|ou8o1{r9gOa)Y#!)VoUR4x3c!AqGw$uI`9fPu>HKTZA|U zM3rv>ECBKGj);=IKw~S2I#$%PzGG;E2~8?gL!Rq8hDs^}jbA8{6s4iyI`6Hta%@_s zcEk^u+ zJ-2W>H)y(6lzz$eo7^=zc6~Z(AvfGpW+kE@pb&O;i8KZh-A<$gX2sAfgJmBk(j{Ti zHL5+eg*CMeDv3y8E-gp#xaH={I`@*%l^j5qB^Zo&24lV_*dg&O1j0^pUH3G4((3pV zE+j(HC7b!=@YGLqWJ!*{?r_3_&a=Z|TwrMtA;I{P*$kE|oKpkF>~w`QjpLa*;62(t zC+Ys_Het=xkh;P-slvHa;S0IHfXSJNk<5B95~B`7L4#O-jjGZaRg6{2&GM;7&6F2$ zLFHxgSy?)T=VB7|O;Dp+i7ta|MGbMqYN)?fahu(ORFOrI_%=LY!+x$j$101Q`fWru z=X#v_{{V*K)xCpGTobZII{c5H>oWL+I#&X^bkI`Z*nbSd z%ix`t3D=OGJ0~0U4THMFpzdl%RjY^U*zBVH(V$BGChB|h*Q44Ouqyt9D#_?CBeg?Y z-2>6F=wp_!;!7l=ZWlb9lrlcjdslm z_tY5q6ZbiJ=e|l)k|daGZAK1ATs<$-Omh)(F@-=S?{=L@X?zI-?+TDJi30f7f^U%} zJC3;u!M@JLHb$y@!uTi_MJ*-{7HJpaVvC{5Suzk7ga<%oXoifMkW)W~0LT=zlaY_e zFq}1I_y+B16BauWZ5w0bM3eu@-0hT3(r9xlStOapOeCL)bh(Z6lp^IOlw0{I7O^Es zIT<-3_AiO;EVqejXwPQV%{C@_iU<-?o1BD`2n`;A3vF_zwI?SZf|Q(E1IlCW z5WL`(YF_sZm#9fVD-T-KxJ_M4GZmP|+IFkSI8QD_mq?Ip>XKh#yh(>@(bYTKTRiae zMH@$jy{bKR$#xFL^x{h-(!{=>*y+L+DE>zGZX1)dB;I7;*$NeCZjiqws}gadj?IeN z!$uwLCEA6j02Fs|ks+|#9jpK@dBp0az%`Vst40KzxjYKWZ563$rfg{6JhL5aECFzN z2#ryJL9W(YV3}3-+B#f!ySjM>h8x}20SQrKk@FSnR6CJ#k#(w#$oVInwt>*A+M6RW zpe1UW?koal<&_losBOrj=xfM0-P3~--KzK!iFA0dmrI*Pl`qg(D>U@l1vZOPvr6g| zs6oZHBMw=Z(%E=wK$&>42gj0t+sDRMV^i!MlTGY}VCL}5Om=Lwo2=MsF7Cf>2Hk6K z#9mG84sq0Svf`)-xsMZv!KhN3ZBuLPBsDdkte9#w?k|W5)6~=yyUNBkV!cORCB9j) zB}MKa8(Y$@*u8D+*`1_q$C|Z-z~9(|5@PrBn@rl0e8ql`?i()8=_IyfIV)|+uKPC| zTavHXb8Kwe{)cton4QskX(I({tnMu~x_TQ$zraSf+Mr`4NeyHruGa6KXk$xdDE6T? zwrOE|uuW|#E4EsQ`=1+4!PW8Fu637bR~lL;CCf zPFoOeJTBQ{Y@*7-Wt+5j#gHpOPJWPwdFt15(s4PRGe`N&c+Q$>l!UsZ!imZj-Dplu@RNhe7A>1-X>6Qz-m9SVEc}q*N((W3@G7TQXNXFdDzNJ3tKEOHNDz$EFi_cpnK2eSQc;{Z%ai zry67JQ?Qrq(S6fhMdYm7icXo&Y-Ba)s+d`QoprTaHr0Mx>#vsrm8-aRMb`$7FYGC@ zCM%E75t_38IGq*d5re9ctLpg;eQkjm`*)4*D7@>IM6T4BF%XmbIjzvaMYTOa)Z|k= zjg=ojf1M0HPyco|q5isSfkBl6)aQgc71Z|F3*~i#@oG_zl)MsHNe*ptaw&U(S9Ug5 z*C?~zl~&r2&;9N7;)NPH;EA~T&b)8%C z3;46VZvE}0(eL_4%4w_fv0<`1IOw7V8Z4J`u}wCZJin$)twaj~e*&zg*U&d9J7tt& z1mu(3=^Tg;ZPOCPYxfNGp~}s_2~-NjCKs{ELxO`&4dzWQ*6nWhx8tp

8D7d2k2 zGioP%3I#T;y9UgVQ@_TP%>=r?qXeC*kktO18PSN#i_i&=9?kIRF@OC7`{Gd!i5eaq zsuFOWw-X)}rMd98PPkBdv&V&B{}31Mzs_>u+W*OgabQxYmMktjKps2i!hW=MVQP@V zJbodc^tc4^>FExk4@{q(@q|aOWlL}#k6hiU(0qBVWr)AwNvOdT?~+<4j7f^CSuM3) z*)oz$-h(7{8fer1qrcv0pUwpLhD;v*kj}#+0G(Bi*=0!A&)bH(lF~?n=3|K)y}Hq^ z!#*W+`_FCN+zS#+YOJEysmiNl8Lx7Frv>oWm(n1U2k|GJ@{tT+y!IijW7@}&>C_7d z+-K@{c&Wc%uy^V~Pbo4E2n1^$G`%~Pj{W!CPgY6VFBVs}^kT%J*U=}yHsnP58E$1U zKlwStF$stq$vdr1P$l8fwlmbUoxhw9=6(h}0rPU<3~F-}WsjGow^HqJ>b?K(v(E8C#N*2!J!BYKH6ohgAQxk5tEIQq}5#NmXZe zJ55#hPi(5QNm2hg72~Y3&fiC>A6%U-YZqk9r0SEfb*2oqWl}ZM1CwgDq@8ai?J0l# zTO!dJYbRxrJ1?D_cHKKoPNx8*X0!>MmbkNI#U-?==bcvU-}$s>C6k)iZuDtE-3%SIUt>8q^@(UourhMT zdrIIxe~zE(P=nZg)?ope5R$f2_Nqgk$5Mx-@U8&Vp2{AqF_TAJs+}y3w^u__OC$m3 zqVWvqC%6UbiLKgj-y^+FqZplV(~kB*gh^@-^|kpLVk}vM0`- z>SCDf>4L%JhmvR^B%Q^R_LW5=b7sjzgsD=ug8a}&@_aLvJt{G2ly7hQRy%`}t4x)( z=w+$Y)b_gTFZWID?jCY$tl-t{@p7Nj?mkWK)7#yZax+g!uO18yAHS4Y8%GCNM$_S)=F5Zu z*y^5+zgA^gzg&(l+p^|WjfYUoc3*fY2;LEys{q|Esn~rT3p9@sb3%nZ{E=u=cGSm0 zN9SASLK~U6_ei{rspU3UGPR`rsXZ1}eLqs1^izABUzi<*jaTV-!cWZWdJ!z{_UR49 z)Y_ae9Lv$X=CB#{CB!79~n7>^j{^=jkKvnAd zgw@^u9A{95{Vqd0?$PcKZ2}e$pd|11yu0Hah~8C#l05-a5)UgLM_xFOaUsTBl{+1s z3VPV@!#}KUjkvs|V&cD{7WSx}?1jHbxTuY{)W&2}n~=bomRgr=YP~bm7I@g@8EQp_T8>9;ju&3+QDd8GC?);py;&tK$WXh&!~PnzU`yI{ z;=gscZrD?GmUBT5V~rF?eAr*0BZdz3yk$RBHD!9~`nO2w79z5j`!A4xtwc?gw~n2C6FUUlH&ci#~M*pc7eSznFvWZ?-Vw9VCk$VS;^iD_D zTO$z<)jrkwK#A#{vA~7M4m&iB=$`9geTb}uqA!-19uWJ7@nOe#NtSvT&BBQN(_jS1 zxq67_X)WTHOxc=tzAoU!v|u{_xK2Zr{(5^dxY9JwmQPT@v!&v z2I-*`=NK7FX$W>+MeK~K_>q?%mTT%bksIcs^Ic?=#mpWWKRt=kV0>^~pf%COhH;JB z3!7@giZEms!Z;HLKKGmW0;lDwI(e!}605i9G+OgTM_?UPyJ;~l3cx_};rVyD3#+AL zuz!SqYUI$jV)@a{yP_?*PQIH%g>ZuYz+g=a=Q#61xmZM6AMSHZUaA+u8ur7N0{bdz zDvuFgru6M~$E#819hdJo806~uE@udirnX6oBKG0PBEFm4_wdq~sB1;+mcEuuQRXT- zf_+8<0u!Xd7hfewopC<32KvARUP#dj%*vMYl_YzJwU6J^Uo74 z4U{8YQ^Po75u56zvVf3~a|N#TdOMCWGFm6(oLQ7A2qn%eQhBVE)4k8v^GsH;PA|y5 zXKR?ZZL@qGL zmdqWsP<(VQ4Si6^UzyOjFDLM#)L(_aVoO#0_S~WCYlk0S<*(d<$A=KQ$0PK<8J~pD z<-Q5;`~Hr2Qb#Y3QJap?zT4ad7nt^a3_aKlczYKyc#wW7_1YFb!?Q!L8wWFn!|^jw z$`^@TsODvpJ&gFQNn?**%Gie%;9dqQ*DF#32r)G`I*ZN;rgk`3Pxo+j++BG?`$k+3JoMnI$5b zW=)rB9wz&)HLnXV{g^HQ3w=EwM>K=Z*~760UEYnd1!HFq3@io6tr~#6zMkq#mL7-O z@&X&P&RVzP9E(_0I5d+$$oVSd>@b7_tvOx7r^*;EMk9T1l0wKSr&}v8XV*eqrj~Zv ziB>spj7xr1%_gaOByS9mF0u^LwYBCIhlh12{CBJODtu3qLvi4nCHvrjweFE2$*P*= zr#}<*yOlpcch~Yg>BjugEdx!N7Z0RprEl^iPi&g0qh6{x_t7=xzQ!X><5FD~=3<)3 zsJHg!g3$vLof7gIh`1BIvu{o$pHFd4_ap*S{ExJc^fUdhcN}`4v>~V6HEMW_1YS}q(cNu4`N}Y0R$=Y8 z$A^2@emf{~P_V6XP21}!|5CO3RDpG3`ye*4T;2G1XUgiT*!6Td7d2JHjtE3Q>JhAA z(WA1Fet=5~f!Menf%^BuCyMyNfzn7pZEsa%$T?{>SMW$X7S^EFF7!^GW_;geV2 z{m>(l>OMk2s~sf0vNmLDK~|qPxvOwwU*J>Q+3jw}SE8d(PwO3PPOpi63G~&c(_bev zc5W0B#Ce`!lY8eL^vrlXV01g9{N(6dY+XB78wt8zrbn~2F0Ox zj3};89pYBvwe&_3_tXg``^x=>v4*+JB6Ez{qZ!)kQW@EHKQtK2jYG-3ZQRXN7ybIt zI=0R>`vsgUI!!wLM?8oDJXD=CnxCe{85uQ>= z&L#imjiUW02X$ekk8a_>+`GA2f~i4gl_csn$I-lF6(zjypoh;#1bIUvS9l|W#r}FN z1q*BZu?WT2IO1pip0iK4oftpUF%_rPNhoW>EJK+H=Dx^*c)Bku=Kczf_fdv2SY89$ z?k=xjNSHWNdds9$idY0|)9=B z0wT%X^hLVSbc87*{bg6fMRz(ewYs3)7cq>HVWo4^VIjvKblz~s4bYt2DC*&%*lnl| z4pgcVZX<)tGxMWVx; zw{NJFi7zL>9vy`Tk8&C^=u0NHhSq(eg@Cnrd7dp=S3pY-c&PHZG?W}KYBg6Jmb?Z) zj7k0!K-ItLNHf-{lMza)COL|4y8iT#V~&zlK9=rhD)Cc|xwrpBe8EoBc6Tdaa(_j3 zRs~}LsbXn!pZn|~;?5`TOISW+d`gYvhGIV*;xGD1k-t}J(fngn*@~o5ni9G(wZ4=#uicX zyMSd#kx}HjFYUT`!Mjv<_fSke8Xc7B88gb))BD@q%k!c&ALsi)C1T8q^d@L%}ptKaV#et*L6bcAsp^?|-o)=oet+Y4EjYSIr*q}BEc3gJue6t4HHZ(}aR&p( zA(UzH_55+Si$!#j$C`zRy%ryMM#edtrHD~OoU@DVsCEGDnf9kv`VgtD(ZAfvUE(7&kmDs)?E%aqd_ zx&_;~z~On%mUqxstiS3$UUeTI4VVr#vD%sfPPcY8>M<(2FnTOfw)kBB1awn}Te6gN z&q3(x4oiJg$NCrjD1KIMX>(*kF!qRYblUw&*)u{(T9WiYx3xwHZF$V&B z#Y;s0NbX4~$MWSG@eGHnSEi|02U^s^L+^TSGa17PxQ0K-C1@eUJvL=R#}(OUaHNjm)0Cpm{r_aJ&dyUWn%E!d{tPVH~B2x zCi0gdm4xwLt&LmTs5m(hAxBH3kOzY-tL;~^Uz*Rw!HUvkVd zXLLsOV5lbVL^19ue2+=^((9}KI#=b7y)d>5nOHc|z-A5iEDMj9|LGRKMevChzFqK9 z7OoY1h=m&j?{DGRg1cCFj^Nf2rgTnp9`_ET;@!}%nl^ZA`5q7K*Jleu*1&^@sX2B;| z*cCj$!rKHNWZ@lx_p`7LMZ0aM8JY!xzX2v2PSm_g=|ts;OL%+~m5-?LQ38CFCLd*k zk8;LGndQ@DKaKXY(0=CgNkscX(qlm}U}r3_OXDbiawMxPI@D4Xd*&8I$83cKa0mQF zGlui^_cBbCGiaSk)D-3aOBq738S|h+QN)lyY=$!Ln9O6Z@+t+ZlFjbQXl zY-xjs(912d2s3 z;BeGQL)JQ7w}5pEh2ums^_#p8e>6h!@wA>Pg-?qm34z9i{B;LdSu_Njm8d7{msxnN z5<1ty;*>ke!eWYhs)bd4caViuRQJagR_5IUEo@{xAJ}VhwzD8-=XT5)N{pOo88i7a zZxE;YzDsg7)0S@LJkr2rIO)tZJac9mraLoDWl^>5)4n6pGzvs%D-LoS80OtZ*Pw z0sjN9R_1b?&X?yEazy3k$o_U62b&#ck!ms%d-h*XmJnVDz z)hsS>IkBPygSPbQY_9#g3hOstBjmD&+r&008y*Ojo-gav^0O%fukuuDpJFwO9x4h$ z;nTf_A!!`o4povYb`JD>-Q!FiOqnQW4(o$VM|;WB7F7G(0gzQjkvNJyYd6IjZJLS# z+^zCR7|m{}=-}Tfd0KU^#RgGHmmMlw-6yiBD8QX(sR&L}`NXZaROG4kd{Ier7%IEn zE3>E=iMZ5K5uB#d=AL1x$g|3M#y+HM`bHl53r0=payYaUH95=)`+cM`#JiBJqC05@JX<$Vzzg*WFV@%1Y(Jixo}FFB3&j@McD>Z_;v13?w>Y&xvs)@Y zVn@$nEHW4`fq~{?YX!9bl4T4|HHqt5PTFDIi{|4dvu$sN9BaL3v-NK=&Dde^x9Fiu_hb`C%;#t{am4(uhh{Nfytk|$G#A$Yih{6( z)))M&)v@r-}9-t6mNJ(Z0bN_E*q_|23_0llwN2 zQb(})1NZe#{6`*x542tx59k=l7z(~>=NP_fLOPn_E~L;YrWAtCWH=}F2AGWmigO1;dcI(1Q`?&M^L9^TFD=vVOje#XoU#Yymuu~Mx!aE(P#F!zW{QYZ?Eb(S#?m^+<7GQ^ z{KT+5!mr8>Z`nJ1Y<9R&fgS13YY%s}EoC9!o`e{ed~)vhW>tz^^rh#ud*7G#u6b|i z7Lwn@)4qc7UA@eVj|W2h$3 z{AGc&ygAi1`k^0-AhjR(Yj<{Y?kXv9!X<}=2iETNM^1B=HGkThx&6*SG~rJjlJK2C zGAR5U)9ojxky_v-{^T^fJ&xSQw~!)UUQ(d9srdw=pZEjKsUHQL*8Id+2LQbD!_Y&CP~^rPR_(Z&Nt1e1EU}2I@_X~i<@0vd2s?Ryurri{t$y&^A|Z*1#(k%Bj4_%R2NEOUD+B5c6#vOivv2wUFw>3m!O!gbC47f^SgG3+ zzI-@Ak!L1^++ z<6MUGpbWC#T+d1P7UKJ3A<4#a!uKf7AK^^+?g#1vWOAA}$)E7m<8!c3b#yekv%9}; zgaNwx>qi14eAj@`R|s00O8CyhDftL$^cxSf=?S~L=im|jmMCTlXsicl&o}7!jso3r zTVF2l*KZx8FC@BSoPVaaEUBX| z5{C57cF?GS0~GU06LUN5ClO*bl!{uY|9F@IwXP*mxKp$M@Z3BJeqX$yZLQGU59e_;BEa z?_Zv8bZ0^MN70>K!~JA9?}&tNSsMLE3Ev`Mi7`f)e18U(AO#y$`H}~+_#mDM-%S2e zLgcRw2>DwR`_P{E{PyVx8Kz zGU5?z^aH9%PUxh2lB?NQeM|`^QAY6Mu(JbDCNsZ^)ud)9yV7hc&fXV zv0gTE0g+8ZLUT{O1Lzp-s`Ug@6MlUB^Hr`+!iw_bdEW#?(yOKCt2c?S`?p;WVtn1TuWS z4yUQCOL4LWe(0|$aD3P?=F{`{d=?)BC2CHQR~<=((= z=67vv_raqd`n9shHfj%?skjFbcPzi>prfDOmK`d3d`IxrPwruajpKVAze5PyMkD>9 zpNuPMAMpzCug&@jzS#RkvS8uK-OBGu;>x|}PvHt%!8aXN<>B7o`OBU5OXH-!b;J{% zerdnO9xa6lR$Rg9@a%6ot{yK*`>*wIOZgtlPj12K@a(Vr(|BqBG%bDg^O3&jq{H|8 zD(uj#{HNm!Pw-&E>}ZYg+6CC@)Mmi?1tmieWj@9BQ>4#bB`4z}83!z1*Tmm}>$a?G z=3BLH#kwtgi`I`Uaq|X&!S@cn>zcsuo&BI7!pDRCqPcyvZpEhLhP8OUSn@t8h6k^& zD!C?hdC4`-hV2{HPbe7(1+9dL7U|$qWqqEC<&9*Du@fZzTo#JfTxVLIItvJUbJc7(3XpC}=IiV@GN%?}O`o()W2|>y z4$bZVVed`gqpYs}@%ucJuuBk8&>{{B6qF?ii$DRhJAn{l5)iF*$TA_3kfbvcwxR}c zi-1k7wQ60^TIXOBJb-|M{MK?#we!G9(21e(d{y z=aV_-d+u`Xx%=|mXOi?d?IK#2Dz&utmcO5Xe~+pr@6Sql{ExJ^SV?PocKsve=F0tJ zE9k`Gn@PWWYxO5*tebi0jlZw@jNH`|*HD~MuWkA3z*Soy_x!x^kF>&X-Lj`&&qEbS zHJi6qB%Oiv0?oGHqbb8-Q2{Rf(|>6@;c=Q$eT{F?4?S%ep;RP9ZsT^}Mvh5}=@)(R z@il(zOZwFxeN$ej??JzbZHMyqU*MbaJcL#|bl(0fU*lolmc!@yQr_~7dJB##Q*f($ z%jf6irM#Lq>QzKqIV5k&OZADq)@^k6^t0W*+kBrLA&pmbr$nfOP$Jt=?BJshv4xdwoyr z{jN-TeSeS7b|X&>w|#cRks>D;-JcfF*)RVN-ambfU#7o+bqyJ{J2&Z9&1gB%eIQ@TGrpet>QACqeQe+AKdYqGKd1OD=w`l@ZN8p6;q|4R zyZRmSqN3N!AiUPS<N+BivJ9}c09pGRo#!w&C%oP|{NF)A(&Q|to{?^nqid7&F?Wcd434HV!n zjsU-u0LdKSIUV2?M}V~wU?c~)PY2lK2(U;3csT&>`BB0D90Ar%e2rN1B?y4z7m{Df zr%#fVWD|7;+W9qK2v1zTYc3*$=0lHJ5c+ytJB zrVeWU;!FzqEmDzm&EHVzbT2PVCr2Eh@z3e4^zNqq-y;}$=un03w)yBG%8B&jA9UQ_ z`ltOTq_nnR>LV$=^-ok`d32|mvPS30*jP}WTCYdUC$agWt8?kC^dCL>+9myNHXR-B zPH%mS>Vr-}DLM{x=hEqIYcW+o<5ptyUlq32XZY5IhowE~C4EmQ+WP1aBd?}c*+~Dx zq@UXCBh%4zPxuwFymg5Wu|#VkdRKA<3Zd~M(od(HFp?j4^+3+KAomOfO1$T%U|bpt z>gk!uvz3nb2b$+lAnJ0y-=j0*N5^yZuuPRx;Y+&W8Q&A^fet_PH8T_)*i8TD+jRDR zzxP?M`lcKR4ffHXzNPu>M3qJ<4t*yl(={Vc*$!fQ%cpZS|q?SD@F=HX~6I zl>xoX@G&lq^?db-^QbUKZE4+%iQ$dEW~aPPulb}W{pcBb@AeIP(enTd^bI|d*K@U^}z`;zsMQ_|y`dv4#_R6$v9+_4JRny*}UEe&WdtfOjg*f?cd=&Z)= zTbfTudVCxEpFxxE5vw1~rz2KvvC@vT^8ZyPCz@A-qZ?n_(sIJ8zap2bUgT_ENplN@ zuKzBV5@}hz$FjCHZrNY)1ZL$`G{RhY{?d!Kd^m7p9kOyD<;B&9PPvjU;=!0J)v8y? z4D|#h%h_!F?2W%uo4ux$^0>Ki%NrjyevA~~Z>0cPJ)alTPHo+?zZ=crWZss2{d7iq zzLfO%Gh4-)mZZmZ+3$asrt~bDHvZ*UtW*2o@sXdu`WpYc@ypd;_6QGI{bfRUG|d_H z8GI^a2R*AlPpnwusi50k`_FQ?(LaL8C8vH4r#1A3Xg56t@Uz~=om-j{=%+th2Bd7E z@}jDyNE=q(f! zPpU4_*9B18^jwYtTrL6XDF9o)e^Zq@#1{MlQpA;B zF4eB|x=d?D)88ltz8?sGom@|p?;zoC5??|7_@Xa^=y*K}Zkv zyGW76sgF7Ik3~&=oI^*&TpykT>~8!~4j=*Csqa?&1qEw9251DD7wD+KJJMETt3cyvFZQF2+;m z(Sr~7oR)m@X?=;#mzPq*OYBeWg?=NciJy{CX3~-#dwy%vXH-}2ud_bl#HY+AJ^nnE zzdJ7E_T%GpHj@5z^p^crIzDQ3f8(S_g++6GC(?_q_wlm`M=8Qg`h6YK7tWylL*ANm zd}|g_DVmaOPJ%0KuxN7@d+R4Ae=pM05+1N8>HN`;F>h)8tM1G84c$^+Jdm_uVA9Rc zgzf9QUH=;G8PoZ>g&q7a8tN1GzeDdtyg}uF?=ImV5;yIy^{D!3K1g}7;y}``IR#He zV{8(8IEh_u{U3K){~ESmYqwp>zY6>5XW6NMe8zsCD~V3nA9*}X129+k!FYY9FclR( znmYeS&12~qAC0*5P7l3UMh^ykDKF)&nJ~Ua{cpDQQSON!a^a&6{@&aO zzjk{euV#JD*OFQtV>#awPKji5CG@madlkvTqzQ3pMyYzM16VtwrHlK&+EiE&i%%Qc0 z8Bd0Om^+kiT1IB|De!BrW$W_kMEmaHYTprA+IK{j_8pO>eH-~JYTrFw?K>*#_8paV z`;N-GeMjW4sD1ZzweN^5?K>h%`;N%czKz`V_Dvd&+Pfe6*j`)9- z?fZxHcC%^UwY{V5yXS|wJ)Q0QBKRFw`%ZSX?}#kzJ0eT_j>yu!jr@`y zM`hi-zl#49g(GdM`UT=5n0-|k-Of$NyAawchtZA_8s+azkNsj+i%|y z|F5!r|7JwAeSg14w0)<1n498k-^=0GUi;S1mr^!gOQ!(Q&*~$da4$M+s83{{=esMX zZ&T9->)P(atf*V-tMpHMo%`htyq}X`?eBM^sWmmV{&97yj*kmBwBOaY66pt=+I|pE zhaW)mwd{{2eA2^h_s8_?x7D%Vpmg>vQROOfeny(X)li>Bz778A_U*E+D7o z2ML>SC+DphlSd~9xvkITHIB(3G`q2ejs~WG6CtlftTofelXG(=Vg1l4Jd=L6WA>B} zl2+e9`N>`PoqoR6|8>B(Zo)f<$Qs}3=V`gv+I&eQJUxR#zFS|OwQl9#=|=Cayit37 zTlRYB*JCD{*fflB?A&#DjpvS@Cat8a*Xy`AhFbkX5Bw9yz0EhXKmEMb^jooIr!5`7fhV|uqfuDZt<0)zv%9nKhPT#sr`hmWk^%u@wGh*htm1lKt#(##TCr;s+ zzIC(cpNMV2GtHqd`x-M3(NA6s!fQJ84{YghcW?7x3Q13h=-h?HQ;|?3C8U2rP4D!Y z|3!~>n?D8lmu(c7NCwRtOrZqmOndW4Q)VbQph zzqsPl@0{$W9}Rpl+=qUE?@;qelq-a7-Ad1uf_rgF&Sw#qwtNn4t;3&gq%)r3cwE;y zd^6K$m_Ez&d8XT#zQhzy{#u8>%5*!^*O|V_bO+O&Om{JTo9S+*dzkKJ`X1BwnKm=s z$MgfHA2P*r%GTkZFvXM7*5RKrJ;W3bIa`N+!So1IMNO=AxXm6=(-BNZGCiB=Xr^PCCNoWCI)UjVrjwaYWjc-N z45n#JGni&E&0*?eI+JN0(|o1{ObeM7Go8nDKGTbtUc&TJrVE&sGA(CX!L*X;WlXD? z)-bJO8e|$~x`gR6rYo4PWO@bD2Budry_)H@Os{8p1JkukZ)DoU^d_b^GrfiBtxRuc zdI!_Hn677fFVp*&-p}*_rVlcGi0Q*jH!yvK>7z^^W4e*)lT4pxx{2v#rq3{amg)0M zw=sQ*=_^cMWxAc|>rCHdx`XLXrn{KF&2%@@Jxup9eUIt;Oq-eRWBLKp51Afd`U%s6 zOh09Mi0NUbUobtwRITCm&oqH)H>N$9_F~$HX0qWqn0lF> z$#fXg5llxiJ)7xhrem2VGfibWf$1cslbKFsI*sWJrfEzwm}W7}VM-6Fsb9}zn#VMs zX#vwhro~L>F`du!Vy2fcy_D$!rlm~FnN~2ZWO^CXYNjzD?ahM6v5x{T=xrYo6V z!L)(tRZOpDdM(rIncl#3Ez=vBHZi@4>CH@UVR|dm+nL_M^e(3BncmCvKBo6GeSqnM zOdn$UFw+f8A7T0^)5n-@Wcno2rcv=7t1O#3nI&vXFOQ3pUaGrffA zrA!wvEoEBHw1R0R)61AvGp%7-$27<^%ybFUWlUEvUCHzcrVUK5VtO^xYnfip^aiGD zncm2>iRn#DZ)SQ6(_5L|&h!qZcQIYh^j@a-F}`R6s+PBbl7aA)xpFShHlS*tO+dJu z+43mRoj?x)Jr1-Uh%R=jmRo@K1FZ%60_ZBB0kr;a!86)Q{1{pbe#x)$JfL!*0-%e5 z0zd^o`04hR9H1WqO#}KBP%6;xf#_$(C|#f-Kzo4(0O8l+T6zKDUl_IEx4bG(2Ktnq zj#r)oglFoNGl2F26#(r73IM$d^gST_rdMSX(33zv2f}^+$|r#Et6i1&fxQ;|rdQ=2 zpqqg3qkk>e10~Sal9nrgP6NUZ+f|MNx(sLv&;lSI&^(~|K)8EfxezD==zBnufxZuf zo9&f%0}TUu6zDXd7lHZ#y$93{=n&8sbXUHzH(hLM`2=VPP%}^}&~BiaKyLz-0=)!u zIS~F4dF2m)9s~L%&_h7mfbIoq2D%mK3!oc;`X>^?`va9DfmQ%z0@VRs41_lzD(itR z0a^=G2y_RK59m>#89-ZsCIGzwgxmj>%|KqD&w)+>>O&XgTKWJD2eN@C10AA`YUOO8 z4}r>n-UC_dc~R0{M8(B(kS0R0GPBhYVv9tL^? z=sutifNlr!^di&*bOzA1Kofyh0u=!Tfr3DlKsN&6jg87*02Kqh05lWmzkt$!5_%Jw z1at<_XrSppX9CRw8Uz#q>I?J(pah`%fDY4JJC&P&4gkFc^ghrhKyL%}=|kvspfiBB z0i6r938)b0QJ^ZI2Z2@ttp~ar=oX+Sfz|@O0dy762SCe!y3^}WEj2(xfy#lV0bLAK z3{(JA3zP%Y2s91oKA=>fr-4QSy$&=4=pKpr}?Y3T(t5J&-~0Dby7p;TvuL3;<^eoV8Ku-dF4735LKfRsSazD^HKz9J;0^J038PN4WtAVZnx(6r> z^f=IEK-+;90KEq^52y!SS8T}xIvpqjXe!WTpdz5LKy^UFfNlUf4QM@3KcJ_8x&gfg z^aULYRki?q0@RHTL0X!D1_SK|ngH}B&@7;rfJ%Wj1FZmh4CoG^hk!N%-3zo6=vJTu zKsN&QpeL^_R|B05v;rs}s1B$Cr~+s;&?P|YfeL{h1)^8ZX?6jc0kj)v0?+}Vvw;%n zaes>!=uDtffX)Nz15^xT1C;|EqKCef-vjy(==(tL0o@I>3uq(IcA!51JrA@S=xLyj zfgS-$pz8-M4*(4Wx(n!Rpqqg*fo=f02&e(58fXd7Dxhkh9|4sD-48S$=qaFlpzT0e zKpy~21?o-jy0#<(4FMVflmavuC>y9h(0rgCK;H#A@+qN4po2j70__9Z2eb$1OQ0P< zC(#r4mREqr06hbg1+)>!5A-ll80bErn}BWydIYEm=ube`0(}Iu66gfF_|y^v8Uj=a zlmc`q&@7;0pzi?91gZf_1G)le6432Hqk(=4bSBXAK!bqZ0_qF24=4fXOQ6I5B$Pyp zy_N$&X92wrbS}`_K(l~e2l4}L0}29d0=fq1QJ{N(9t8Rw(0ZWlK(_$>7tmUuBS2RH zol4jAT9yG#1*!qM2&fz=40JKj4L}7z>w$8B9tWBRv;!y==n&9IpwsBiWy=ttZvhPe zDg){TbS01ix)8@x(T{0G$UE1}X!(3<$S~TNVKQ5@;UK%RqTR`++im66uC% z%VeNoKx2W<0~!WY0CXBqDNsM4D}lNJ{TS#Ax-3%p7|(1Ub?xaCct ztw1jU?E=~ibP(tMN(MR|Xavw`pus@j0_qPm2dD>- zALs~Ot*fj7ItX+v&_19a1MLC&InWNEjXZL%Z0~G_E12hw8Do`4b4`>q5JfP7)6+mYK zg@FbEtpe%`^nIWNpgVyM(>0XJ=TN@~fZhOlA80So+dv-!y$*yQz-ZY9)DLJA5MJ?V zc@$_6>f=G6@j&Z=@_}vv!h1zNv<>;E)qNH5=q19n@16i`e)b;yVrQbKUeOrM>dmzSIFDztW-p|P#A*4dtW zd*PAEcwyUQLGl%w+1OHZHU7(1pWC#SUI zOkugQbi8Otr=!WUm||+J9cO2$MMKAyveUi2@Xk^;VGD|8ai>9N1s;!Hlbw|v>9lZ^ zDlq+6oS?!u6=i22W>8W(@7bnGy$S zlZ>fAGjwrA5w%T*;24vFZb;4~v`d>bVp^QBIO1rsk`(0SF z?}{3mA6LwX?d_)NXz{LiCKK&MGhQw`GxPF`RZ-!*LM;BOt4j4MFi=xQV6jS985t@w zGZUV5i?A>ZjhPV|KW4_#n)=1wY16&A`NjU(>GRd_a#d86=PjuY1jAnPD-8s_YH>-K zKUB3MfPmTa3J}mgJIh~`dvP`tmez(VNn=$U@3K z<)c(6HL^rLKfBng3TUO^Rle->EW&dMX3oja&(17H=`0BZLshjk&{LdO#Ce{VU09Sm zC!f{G`WhN_X_r-31!}_HimIBbP-UQ8g#tlR5tYL!5|CgvP2R2XHAq6vk` zkPw%SBF)~wvbvHQWKNY;*4Hf3!C=TTw2Yx67YD+XV`h-#uc$6r81jzrQk(E+&oB1p zqq<R%jM=&vjf zjs-`G=XkTI&Qkoo*?v@RcA-fQo`_vf*n}O zWBPQRQbu}~pPI+0^Ttor4w;!nv1yNLo3JBKM@z5$yc}H}HKN6651851$dT2xH48^c zDNz~gVjAV0K^dhQ2nEA+RPjZH#RYyn$oVs8`)M#w@lQ@}*Li%Zno}33!BCMhHhFAn zt=F4+u6K4x(3_f^GFgQ})zT0s#FA8%o|iXuX!iVqIfcbjhvv<>aO%(!7&diiKr
xHI$4=28 zMHmI9K2TG;v!+Tc`)8VX55McG9dgS-Xl zg|z=GrV&ZW0);v43&vxv$2On7sf^7QA1iaSKwykH1cA+NCgK@!Fd-J!hQhR`Dys=A zUil+dRr#2bKuD%2kz`g#TCUTCD3m7SA5H?LR?ACo#hXEr z2s8#NLog~VFnp;=L`E+7nn4Re3`XCUx~HD4Xb!@c<{@Ddk_Av4nwZq=?5y0mvz0IR ze4on6EhvKT7}OROfjO?^{ck7S^eL)QKn2-GK?iPHK~Zs`UMrObXqE|JEk(gwe@#RUT< zT)_(OtVJ;uF{CaqSyTQN^R3m^?G`q@Fr%$#}0`AHH7>0!U#?L(rh$Uo{9M`^(V`tJQ!}cSIkUVd$LzvF zl{)^yOzLOMGKdwT*Adf>#K>}@^C*j8BvE)sU>Ry|{;Ui0y=rMmu!c5xs)F`1)#^f( zqvop2d_~g(@>!WzJQ(1uBbHJ9DVV(_liQh|0W3Wf!V~ zc`CO^gq3D#NGd7O1(iR9SUxDB!K3wqLQF3WerZ>L7t~|6*$Q zB?|+pl&Xq$SGB=%FIEfX1Q*u@$&))uNmX@yFrX?+YRYNpxhUYR5SN--FII+C6;)*@ zUubd4wD+j5!%R-w52w2WQ>sg97ttot=|<*N1zm1tb()38%Js2BY zUZ=Y>*+uarC$-eR8c_WvpnF{y-f6oq?aIMUML)_D&w)I zE?66`Evv1@@|X9NRg}L9$~$j|Y1dg#JKE)nHd=vT4VkFb)>EIOm2yp40H#riMMoD5 zXwEXCeP}>-tI<;R*4NaQhD)kyN=mB(6dajbSVPOoa&HZlfV^KcwKExsI7lx zNvP7hq@=nY%6K>6r76u@MMV;Z`Gr1Jn4t=@l;eX%Z7@_q%Uk^^$}XfWU~YcS9BIFQ|(;kDd9mwkJ}nqCE3n+S5FC>pT*wCKFwT;J z%1~QpZzWZ@(LgHzFDe{0W87#jM&qvTO5v)qMS-xlx~d`&u38+BxWlWc&XN~yYBf|FQVAJ#=D+DMZk2d`|hXzyPitns43BPR$nJT$5o z*4CKjQ^ur5AP#M`TP-DE1T2?RRCy?*w=HCC1=V-i;_~Tgv~Ez-RS}&vlu$Z>^y-Cl z4i>Il98z@tP*S}xq%!%~sJ#$+`k>=330O~)R7g>G0>hH2z;yPILdnw38GcGPm?G++ zG?wa#TA7ALyLNP1N;cY+c#xqGRZD2JqRPe*kt*UTF}J3oHirfeTDv(CE3f2XMwQfu zYZue1p^Onl;o2%z-(f+Y(VQx6K!5*vAq4xf@hK`=loZ#n=A(3Ybx5UQtG zWZ#^c!pLF+!$Fp>h%!TVAlm}x)`Utb0(ms-l`W4AT~q6)u9-@s3ix<%oF*CWkD^pn z3cDx(Ms^h_E3c&T=9Cag=R~g#Xxy(*7-Y+q(}vxwgkYRF>R_aZms!wBgN@|JUt6Oi z!MXkLdO*dPp-QXRaB4=GzU<6de!bc7XXY08aFUfv%ks>;T-poxGqVeeb8~Vt(~D_( z(@r@wKNtD3vyAMcXT&r)YR}o}MRa1|pOt-)Do?HQ(^y1@d3>Ir%4_}l%#BwLDr*jW z$NMiVq-~GVK6*i>S1JDVtSnC6Up&X3F*iqC3FS}%h1r>NXsp!H$|?h8i>NTUFXH^p zxO2<*^D@RbN#W@eFFK;7BQ!D}Cu_MmWHTQME~GPFGebuM&Zc~%pP%i|DNH{f`y@wT zJ@JVHrt9i}F~>LtX!Ixzl!Qg5L4!_E`FzJ;R!OsrWUrtwyP$ARCM6Y3N1I@rbpd2& zNfFTD42@YSe&ao7Zn1w(4i)+Zelge;Ag1K7GV_-%4^w~FS!V|ei9`8 z(gAXilO`u_&VD@!`t^24hvhK|$@ytK@Y77J=Vh3JXc)0%{?$#CtfsQ(;W*M-bXeyo zrd?zZ(?Zl1I@XR_R$jG`*3e`#rBzM^gG~l43XnRD#4fvOTcW+F%(3Mf?>|2~Kf91d zeY8b?M&6vvSvo+Z8uUXSzdZC|y%;wg1soYEVm!H!>ctWh!!Nx*8nW$(;`Y%I(KnV7H?q zbCK;I&bM_+`PmnmY1L0d#;k05o(QYj&MNF|`iJg;GTyTf5BL07f*xDO8|XQt_Kj03 zPS3Ul>-2TjGrPwtAg8CJFr3cqr4+8OY0v@VRc#2Xh6<-%rAAgiwn<* z9A7)ovnV_pMqEEVCU(x;)L+^gFLW?2G0p&)U>0=&JP3`da)hBNH=Y;mZ}>SH$3>bj zqr57pO$pVPUPfmNA%B>bc40gmGC?Y6GLIL=a2 zkNy7A`l{-f;^QzVZkR3uX?0admk$r1<@I%3SS--ypPmp=_OUdj5uRqv{Nh}!Poao| zP^aY(dX%lx`wlb<9ZxTLc~0c{%TEg^di1R0^T3QtuKqw-nN}y`w~nlr$Y!-wI5&?L zC528ebC~Kc!Wl3OEvu%*pAJHY?7CS*_bH}qI7@T#bNsZk)22|9rRmODBCHMLJqIqH zFY`#79FouM^jX4WHKoPPlvqqrzfeVOpSZAqtoSqg;jJ&XOcv;y82)p z9c;z8nNbqYS8M4gh8nmt3Mz*>KcC+?-NV6pN7`sSju|AP!R78xFUn7e>&feBKbn2q zAZ8x`_;FAXV+n2jqmkqLv`sQ5V%r?*ZdgTI>KLU_ z=V%mK0z~E&Zf%$o9g|(ejdrC=%nZm{9qUr*fmzw}-9Eg2hj&DeHbPG_b?Ay{5J;3x zA8P0-hq&+!jHTG0%9xDWsIH|UL>5b#>CsG}HA4*@7NFfYhSBzh+P0w_qgY$dHshEM z;vDMYr{WCNCKab=Oe)B$nX74G5ug-fv*lDJ-cDuW4K=*f2B0QG!$9slEakGYGYc;& z(1Q}Y&&|lA4M%o<)VU}#JzsVJF=HcCv7cVy$M~TNOz+1~&0+PXA5AJouA?&}y7Utp zh=!CD>MoIS!zhd$&5N)TLz9C3_69GwRq*XHS{xPo3vdWw!a7GRgbPYQV6ilm}>Oii0&eG9&BjYxI#f zN+9YP$9YLDSs3v{0;X$8u=^Y*Qg_Kk?KL!FpIptJv*D)kE7S-CZovj=nt;iW!+XVwh z!;VPl>5@=ZZvOd-PCdMQ!>_8w8=V+R!gR@tp7)0F^n_|Ia-L41 z%Bygt0T&X@bdSeS`dX))hp_|wuVXynpa)fSl<5sGuaie3T-x%O*BinH6v27PMu(a# zz@P{q3viH5k6%h1H=qzF=Bb$uU+G=w)weXGvVQi$5h}fP^`*E1=?Y|AV}rT_$x|HG z#GCAx0HG4P6)LCkoH(r``6-+T#54nhsBwp&Nmf75q`L-G zvIrAn2d*x97cZ)E)H*w%*l5FrMokc75OiEm(`Xg#J2BO#kBks0 z+UR%$LwgS{$5FkPo*z?eQjNR0rpwS}Wp7o8t|rjMOI1qQsw!1wRP-i;-o;gP)hJw6 zDXzGCgiD&LtPD>n%K}wPs4vkVM3*ldOKx+=P|kqi<1H(dXR0jersGgwNylQ;oB}W> zGAhV(A%5uXAu(0OwSp0bKp7y{KqnMpRfvh&h#hOLEpPEJ`6 zd!qS^?ybn25OmRFZil0Jitco)qNlo4%1i0d8I5hUO2MNlZ;;Qbo#CjIgC#+_;LO*$ zEDYAx*KsbYX}qGl6l9@pZwhnVa%ykX(c|@M8Nu3V zZrl>Qax6;u@rD=IvH952XisWUkq#$KoQDc}8iJ!m%C0G7Tw7JtzJt_}ao?U|nj=ZN zKtx+49<>`k`^-VRa}FfSnXcZaq|n!*wAjShk!?kj{-2+#*8s z@&~^lp^RLF682_LH^W&o-N2w_M6i~651L1XoR*U_R<|@Z>cv9jf(v=jm`5Fl)^0L_ z=%ya^s9n66`h!!ZZIOPYA3aewYHH{rnU_va^!*IuYF7S6)*B{llDUW@x-sz65{Iu4 zL>=k=lJioBQKHxXXyK8$BI3md8r=5jN<(B+S`;jus6f1WpGuX7VWx)K16^4eN%vF2 zi^AuPiU~s7V=ujMLN_fP@p$v#bXdFy2kqXGa(l>=Ei47t{4OGN<@QC7ei5r+# z|J?b>4riKjqscie7;}s*<|3EVT}GTXR+*78;z4(uzR7O|m3wgwMv9!5HIaNHahF+e z;v70{ZO=&K#%DCfLcMv43{H#dtHV`wn6wv`(WpU-njl@tsG%8(Rz6Eoy=ZFmxQ=d* zVf9HKT+)(lEJyUx-sRyfp^C*zG;a5J;ju`H)y+E#N=J0)OQqiEiX+;t$hJ@@HW+p# zuDE)Q7l}o4Eml~Nd5yx^qEg}0ZkMZ>0ywl|ITB5!fcB|8{h>nXNk`a=`_9gy8qGs; zbcUn5ZMaWp`UZw$sMiL>=Dm(y*NF`Is2dDFSmmJpqmrJr9p#Q05x4JXWfEDZA$WZ$ zEdvl&Ru0&nn3*@ai>V4BFIXwmlbuM1rfme1sW<9CHO)7eXbTy+!USKLm9d;=tEJ_c zXR(S$eXOtPidj^U5|BEj>r_;pdft!;7=u-$8O8WJswQHJH#T@p^>Qz+UC^sZsbnwR zb)+28%xvaEUUJkTRHp*bn%1eMqKal?t)i}k_I%!g!W`00B^aGfVzzNkXF3TrYvj5T zdPy-dO47k%kS1!q&eb`m^#q1DGx~4{y|9hKI3cJ&j^@MtOgXeTuUk6O)caC2P24Zz zi3-=Cs+Lh)apNT{&kf{*wXIpYMspUdr8WLyDl=Ms@UW;aG@7HakTPu;OZ1RAk)!je z=-w9fTTx3#ZVJxGob=~X;~?W|898v%=Z+$Sv}^|)9+VI_nNW!{xN*Yitk=1-V+Xmw z6q#Syk@t5pZtBvKRla*F6=yCLEO3>>LBDh2IIhM>5N#S!59}!@Pqlc|iA<3a^UM-n zH2UiS51pMyA?ZyrEl_adF1?5^GDo{nG#pNo&=5>*qG(nGg0-X~;)U%q7o*cd*Dco1 zQLj*0Xo=U1uim9};6zfya6Gl;%ZBKd+)2zcNqZmapOk3F*O|6=^f1 z8vA_e>AZG|97s6EENKc+FYGgTBGlWRm|ml|2UwST>6DDm9(dlS+YuP{%6LD7lEE0m zdoF6pdL%UCVtZ#0(VFE@=DIO@LF|bIo}Q$R_m}nz@8`@ywri(Cyz*< zqln|V5t(Igpo|Z(D7Vx?5H;3YR{&p}K8l}i;2gkFJ+XE(zL>4EY5&E@%c{^ruW(?8~vGIEpO86rAsniC4Aui0}&&Z}aqcMZqR zh|$*$BFnW{@Ah97pfH$HaY#e$myYx*N@$Vig)>dT{2Uj!U88Xr#m6MBr8^=x>d(yK z=Dfk}O*frsjlr!cCYp3tXS;CvBT+O0*-W~$#+=g7Sg<5T+D+^$3QiwXUF3BImxt>W zh<1EsL~#1F^OA$pJI+2jHb{G~K*WZKc^$&(Mb+sT9_fOy(=#$xnp$>xO5cgR;o#OWBWK8i+WUXEx#0FFtW8*v@V*=J*3*U;W=U)nJ4(Iy{R62r2{ ztdEHaTVWoWOE7%PdR4EYY6E(D*Y_srWh=Sd8&VO7=={=ENj0XB<+PjD7l@FI>C3tu zQ2EgDXP}xbXm>o-yAHH>Iu2Rx#cNEu(S|sVHY&2T!wV?o+H_|D@sSf!#||=jp2f$` zW)_Yd2h!bsTGG;UA56wEi#NTrqf=X)(NX~E9JIScVj+6D#pM&(Mmzne*n=hXu3&V@ zKec0i{C))wbTPnIk>N$gDdSm4R~wVtSOG*Z5(AadK8{tcPA7MYcAP2--b1tT`() zf#e*|h_t(-sZd`P)l;+a!C8RIMYf5Q1^seUFtC`G8+!1I4T^#{g9|k+ddGsAA6|Qi z9hIVo_wBa7Xcu;#Lr0dHWJffFY*8iiQFpxNO|OH{xi!Dn;*4U3!5BR*%Ofw@$>^l@ z<1r~#Z&~`e*h@+#Rlz)jr>F!$IHA+!|&1X>_cy# z3^iSXe^X`UN-utdWBiyIw9{KsRZBn3qjzC+uR#Cg4T5zXNv}0yBhk1=mnZQXBz}Kc zT|HgFD91yL+MvFSF)jnQ5({f4H&_2R{2Xto#xFfnCmaTs34nvGfDe6L(z3lN5G=F8IiD*lu6l7vsg(fj#U?B=A`Q_ zL~Ssij>%PKP8L01$fT($9JrA79~roSnO~b(TeqD23g{4@2J_{4w9ATyL5y}ibAq*t z=g-a)fBjxqG+L&1h$zp}uXWN>wDSYudHh0TW)8t(%6KllRg|N{x9cLhC{Q6CeU;D^ z#BoK->A}L{XtmJ`>_xQOt3owtzj=DOI+mVW(L;(LUR5ivFAIw^{UFs?{-akc=?)ET z6=+@wd#Mi{?e}N&`>9$md9WgdgkrB8=PZ zSmlw&sKaf40mYB^q2IdYk0m@oxGg-*#gznX5O-xF2&dCDTCR7#eqN)5UZ?LH^nH`Q zf1>XW`o2Zqo%H=PeRt9KFZ6wzzVFa?H+`R_?{oBhp1v>8_cpR?8}S$E`x1TcCi!LJ zuK;_L`YC;XMqf2hovH?_Z>T})Gh8RUg%p-UuC_PFDTZNh(S8Qzxn(s+;Og zxl5!R+X^xH^JTO0CJ#yO(XHFr*LZBZX9S%RK?5lb`ayL0#81y6(-ftPln~=ovcxv^ zV4{a&-Xwet_kv+9p3p>VtMB)_KYyIxc3!Pit`;p^14UsqPi+bZGr zZ!2rzZk6!2-OA2>S0z66uCo66SEc^>S7rUWnc8}@vYy>XxYgwDmw$x>#Eo;$OOWirvvc56NQX?l>)+_0j zI+AYLl^K@0Ji|)3kN6iEmgoK~%bJpHdG5@%)O9&l!l4{XZT4CAjk#9BZ8I&;oIK0w zJKOSHHQP$OFyHc&&atei7g*}O3#`QSVoSYJY$cvJ&$3q5Tk5CvR>Dt~Sk~cXR^sv% zmS^5d%lg;#mR;9qB_3(CZ0{ON{dSFIU9`^f{NVdm;^8LCD!kS5{O(o?cbnz8I zdxlN26Yia4tDJM~gdd-4t1ai+p5>Emb=wp>;rCN*b#aDmKbm2yb(ywRTSojAD8PRRYPZ6Exu?fF5_w!I-c@uwkM zjSSlfcZO|yR=uq*s<#t&F0nlqEVb?5EVb3pWwz(0Ww!e1GTX{uVXI45*w(qLZO?|) zw))*_J7Lh(w)*zfwmt6}+d6n1>2I`Eb)#+7{lHF4{h_U%{2`V7&9=SaN47fs7CWKl z7F)f2i=8;`R@**wtF0<;v+a*=v(?Vq?Swve+A4UbZDrkKt1IrYtqJr$$A0~UZ4G#m z+QhTAz2;fldhXzjGE{xpe>dB?Wa9aTUw$9<-I)i$le~$-Mu~b=e<4Z%sw9L>AoI&Z(onK{v=PrpaC9x z=>U&!q~vdU`tM2h zoR~bp({1wvPmevsw@>tRSLb^A)t&1}s+;QR)-=u2_rP?|2`b&wZ9%%H&j#Y&3{UU6 z43aZF-M43Yx)o%5dhW^gbla2T>0WR?$v#i_%|1`Jt}ho^~?8kZ^-v_J5b>1 zzTg5+x3oeEU*zebiaovT9tn0rzixJ~J_&YDnsdB_)t~`(Z;}&wP-h#|ho>z14>tU< zRun30SwE{^pYA=HXvX?K_x~%0|7#Dl0Q>(*znDg&z+n1ro=g9fl0HrJkN^0S-nU;y z-$5CDy%~K+X7o)??>jlG?}F9c*LGW%cw@r%J=e;@H{N(LjFdp{AU~^Z%`}U7(wp9Q z(D{8E?A1^bFFxYpJF-;AUrN~df!{RxUN8P;pJBpuq<4YD8)zbsU4R|M^GUqRO+4Wp z#cPsyHJyxyydjUFX?^Lj=f&im+5jX(^`$*^uFHJ2{%&3Absp_nkC$q zQs3>QpVfE0)y9Ah%cDZ4pJehSc61c4a-oiQ*w`%`Wd)mkmD<0v?E&W_i0hSjKO@Ya zNI9qX9hu%Yd9}29gwLbzdI|rq4sFVh`b%v13FN<$zTPTr*S#jc5&hJ^pugMNn0|$L zkJ5MBWjfvmg!$7!JmdvoH!srhPSmj?6#jk42IEivxi97e|IrTrzA?VKtn$czgXpLK zk{I(rzpp0$_2Ta{z8O58Nc;Le{vVmTnZj+8aP8UgXb1jpI{dlwnzV>R|3UKK7)L+q zaR9Yx;~zPD(snxPaV_-+ZEqHZ-zoa&KZC`5kRC1d)gkex|0fmmfj=$9)u3u!FOZ!d z$oG-|Nbz^apGN-AlD|*<%S~iwd(h)_yW;`$<6r+SllbW-zHs;tBma%!kG}8xz(0%p z4;>|bIr&dstn=rNkM?{u(ii{hjq*r&NBhA#E^!?I={`;IwoAOBCZ2HkzfJxJ#NXSF z{}<%n5C7tsKJIcw{J{xyMk@a9_|wRL8u=H9|7Ax1F_imCir*mdhne`ok^UXzzh3;$ zY{&m;^4}cCKF&Y+?-BpAT=8N57v!&Mb^hy&|1sD@p(`TmeV&RtxuM{2>zEb$L!kdKOF8n^>4-4NY{2Ae|2;U)mkMMoM z4+=jbyvHhSUw`3)g^v)PEPSf)EaCaW=L;_tUM+ly@CM;G2)|kQUBVv_{)q6Wg+DKR zyYOAY-xL0!@I%7wt8_m42tP%*SNPe&CkUS*+$X$H_$9(Cgx3jQA^d9LHwwR1_`Sj( z68@O*&B9+2{-*HV!kdMEBK!;C-B#=T^b>xX@L|Ho3ZE=ILwKI>dBPV6zf5>o_!Yvh z7k-oQJA~gae1q^Og+D9&RpC2@?-l-m@K1&F;)&XSFD#YV_+!F13x7%Y zo5FVsZx;TE@GpdSyI$v~pYYR!4--CC_+;T3!t;dB6TU$BWx~V4uMmE{@SB9+A^d*f z8-zb8{8{0z3g0Pwuka6qe=1xx>U{JPK0x>o;Uk5o3ZEvt{6-zGMtF|67YM)DgcDvP ze3|g8gs&BTi}3Zr9~Azm@J+(E34dMq+rr-$en9wP;R!crJNpVBB>YU_qlHfro+f;z z@M7VY3a=C%6uwgUwZfZ(-!A+<;SUSnDEt}WuL$2Ee2?&b!Vd~RBD}{MouB@~2MZq| zJX!cu;aS4-h0hmWD!f|w65$QPZxDX7@VkURAp8;GPYZuu_;%sDguf^JL*a*n+iP_` z`UpQoxL5eu!Y2ryA>1c?nY6pBgs&BTi}3Zr9~Azm@J+%CMb9O|D}>hxUm^Tz;WrAu zRrtNa9}@nU@Xf+s68@&}ZIbTm!rvDDzVHLW4-2QGaGsC*3Lhl=OyQ%2?-u>d!aouI zh460cw4Q##PZK^&_*mhSg=YxQ6FyJ)BuOt#_)Ou&!Y>tGDSUy%yG(dk_!Yvh7k-oQ zJA~gae1q^Og+D7iDEe0lzgBpY@Y{voC;VaI8-+h3{8iDnQ}|xt9|-?cxRUzlC47MJ zA;L!rPZd5*c#iM_;TH>kMbh6Pe2?&b!Vd~RBD_bF^mpNdg^v*4kgNT@K0K96<#lPwTQg47Kckp{o)F}30(6x9sX3&*V%j?JYUEE zy5w_Mvd+g>l~0quuUma?Sapo~)WOxP+jRq;ExbUuN80sUmAajsQ>D2__>=isUN&Fz zynyDrgjZH**_4;z3$N4d<5=7E!E&wdi10V1oo*HR55m7Ec5M`S`*)Att~;AgWB=DB zpHCI&^7yLqY4Z1VtIxqwk6%?jzpmr);f17`Sf+rKdt{I`P^K0 z^l?arW7RZ3hkM{8%{TYg-1v7iUYU9~{rT%M4`)fc{;J#e*FB$KRr~(B=d-izyKbOv z&)1)#`TCQOt$mwv_`0pXZv2Yd_kT)0kGFmQr{uG( zPh4T^c)4QNiDLJ*pw3Uced3q@OY&I|I(j}^r9A)B>$AgrcCtQAKmNM3+vX2-Kl-ZM z?bkh@9oACL}4wqNu;R>R_i&vV(!m*(PxJr?IemtOC& zL_SK`i(GosjuQ4*ycW3hE;yFRM+sZu(%W#9u*c%H_}`>A;A&@kj>V{>gblmwRbSD7 zw%o1vD;jvNaO?ew2Fk15dZo;cw>TQ(=sjMum%7@6sp8|+dt)4Xy(WP!@|)x6J>F(< zdmO#TJ8#?-NAK~D!}rC}o7Tm0HPPPvN$fmi+>cl9FXGtSU=rve-w;Rd@s2+mV)1~r!JiW)+FfP52tO-s3e?6o2R{2a}%RU9G=QI?&tI;d1)=qYsE(EtbzZu-CLZQ!bt5|LQ=m z>3^No7YX;XqnAVEhsPojItLOv(Ch7-nl_<&cc3?|iv`iY1HBDhH2BmG^lnaWlf_Os zoZf+6{?WruX^IUrtRuZ$?8wO->Fr`ip4O4x4w`pt?xWJv9gGhqo-a(sUHn+b%iK=dd#vMS={=pR@M9e&syeCH>nfLy#Aom7oV`X*XWQFM z{Fvr3d^+1Mvi?naCmf^R&bGIrPPQ|5QFT-v7yg^{UfM;y9rcriUDVrAKdI}YUaz~r zU2?dKdedBb+~W7TsJFqb$R#&)pf~Pwrw%&wH7>oTo=y8S(T!|)FPD98@y;&l9qLx( zl7HQSUSpq|uQC~N=`-T%-}?f-q@HwicXe;T3vU;L%!?+7>LHt?I;{cqyl>hixx{QEwv!<{VL#Q%x-4;J@x zT>hVr)bY+0_biwH^ikS>mbe?cjsCmDzc`Nn2jYK;_*V)y<$B)PTK{5kU*_`vvG}hP zcay$}|C0Ex5&v6V@y&B*q(VPkj1T{mgqh#*`yS%XSu*pp!<~~d^Q*(1r@Cn}KjL>g zL=O+mX5MtT^APbXu@7N6d>R4z{7&5Q{EyvbKzT*nkys!4w)R#H#MEoz-kY#aSC_~; z;tnIUiZnt>eJJkVAgtYW4fgt#E`PXbcRjP5B<|>^+FjEj;(jW*!yfweCZ>i=7JuYh z`|A^uw6^YSu&=E4t)*u`z#*|2hPcb8LD8~wVRzANr1KWF|fck5510Q9*| z+@s}@#_l(X`v8)hxwO&9x&-UgEKHQ_E5z0^;Ss@LcUZcm& z>1V|GW6Gh9qz4@3&>(tgY+${nJat=dYp2oQk=~m{FXfl@ns~>n_W{vMznjE*JJM&; z?a1EWiQZFOdQE#VdfdDty|0U2>aQ{OnsPSWold$WWa_Pf>I`2KZnx;Aak^c-Zaa;f z&Y|h|z&4XI`ncP}N1}I}=r!pXp2o4-wu@B~!02tDaQK>dhedC)=r#E^^_NCr@iBH9 z-jUuuKhPOU5xpkf@#-BSdQ)BHYxJkFwa0F6is&8h(re18t9r9U?*x}#Q_gYqy4phn z%;RuV5DHp@t^~MS*l8JYz=$#~bjh&|68d&SG>#Y;L=Zaoq&++QL zO7u>4m9Np?ReOIVdZ)PbnsVx@-UmeQRF_^;&T;j++Jn2^9v8je61~Pw!@Wv>Xx!(I zNw1@Meyix67DsQI=yU6Jx3dNchp(~cHPJggj$VYtrz5@Ya(Gwt&JevOpQfFqvDS|D zHc&WxjlBm&?|Guvw6EjU+w&$}v1y{$=rj7soj)CwLj#4v*Vuc8=uMAPz9yha$M998 z1D|;F#W>NM5vP2+sy9dUX2vPsuIl}c=*@~#zFpN@FM6|GdQJIvRqr~{o8!`J+HqXH zQi1X6?HH&!{Ydm) zBYKTprk=X0_aV`Ht>`uO9IxK3qW3z{YxEiYUA6ZwqW5~2UQ8|#G@c5d1o+NtL#L;W?xOuuLF!t7w&IcTNM~dFH zarCB9SbW@iJ6cbEOZ2Xbqql*zcC6RkFY-n2Euzw~AgoHasp!2;^csCee^>3jUi9AX(re18t9ow}y+3j3HRT*v zuVg4*z1=T*?-0GlPQ%THC5`GDACsPGzYWq-8psb{6K|vFy)&L(F9oJg8q>CVl_e=b zA$^VBmqhPfu5vK`UA6Z;(R+71yX1?g?9A<~;wd3eD zL;pvioyz#6>^m^jxHG15WQ1m9o(c92Ty*xnD zAZW(HF`~Dd=rwxMM4wl<+un}qEkpEnkE6G%^)^rR_K2g`ZKshts<&Fv+cS<{Qyxa2 z;T_f6wW7CI9K8*3%Ga&eU2k`a-rl0uD|(K%zx_(|_KBmntM#^7^qvq$uPIMA@2K8( zh~B<&^rm&Pd>benzNTO76TL}s^dc-iZhJebw&u%?H@<4+fE~QRBuy7?@4j=ro|}-clkC@IDAdL%@Mr=;^;+Ke2krjyY;&J zTe;{x*`?Q%tCzL5)!R|Mg+%Wuar7Gf#!kaKdLFw<^bU-p*XVKcj-JQfEP4mU(VG^h z99GHtA>RDrRY7~rPq{4TDbw1I--Yw~%w=p7bEFT&#EW!m}u{1c*gxaduj z_{KiB+*x~H7ri6m=xva6yu#gjn3yY%yG7tu@e zDmUZ?r9Tn9U9|Tz(VHTAMU62t@_;u@CufFx)zNs?Uw(%_HJ;vMv^S|$8!)N6&hZ`c zkCzAb*7E3oYX3iU)ABH}Hzh&KW5gcQ?owUyfD?2$^E+&aj<65?Nh{hVe9|#~E;+`} zfSlNIBwC4fq9?&huoFBU%VT>ywq@Hkg+LyVmo)lft?^SL zh`63O{O%#1Nc>*n-H79h@L~Frle(1zg#Vu||DKd4+R{_<`;E5zUhe<29cRR`gPi$O zC+}&Z%<#ERWRzWdpS#50^y|)YqsxRhay)Lr86Gd3+nt6rZdY#iR{dCh&dB|={JxRBTK<=jleOIE5mP@}9%AGIEl)S{0xf^r$aPv? zVdMra|Io-yTK z)As+|$m?}_&lq{T4*!agH*5bLM&6_STa0`_%SVi?dT{ym{H>HngKpm^8@WmAJKM

ak(KU0VIwE&`d%B6b@=s0PSf%uMlLvk?fHE~*8VR>WNqJDMo!c6Cq`bN z!=Lb&r8+jpvwy}CRn8u@?@pKD~*lfz$R$eXpi$H>XLK0h<^9_^p>gxGgL%U&bz(d9kf$Op8XW90Q( z-^E5Q(B*f9k&|`!+l*YN+w+q~ZqV{OM&6+HSx<^R3$(uBMo!cE(u}P1d|hJX&3b;X zGjc!ee~pp1>-6q2@*XY!!pIA>{DhIcI{vFhPS)~YjNG8@``E~JTJHOlv0t~Bu|}@b za;}lnw7ya!7ihWK$a{2t)*5+%_P@=@4O-uZh^+meFmiz|uQ!a`r2Siryj{<4|1`2! zm;VV*i~U}$f3%S|=<-Q3@_Mb$Z{z|UeyNc+X#YkdZ`SfX5n1coWaRDI|F1^gqvaz; zKA`23e<${--rV0)BC;<3*+%ZC{TCV8`~R``9{y1k@B8=cCUinqKtT};U_puv73p0d zR6)@tBnw2+Ora=h=pYIK6hk!>Arv7L>0%I-B4DV}4Jr^oAT)_cd9HirI-A{r&+iX- zUf+d#Ht)HootZh)&soDG9Ij<}uEWZ-&zl`CW%#he4UPMM91b;HXd}~;Vy@>whpU+K ztL1P{kccEUnMe`zEXyt zbU4$LM{|d>jQ_32O2C^Bm4J{IkQgOnkpOoNLnmm%|N>{-(peiL3b|LMdGzi~eY?rhQzJwaGE$I^?0`*U96^kqmDRxg_=9lHa2~ zliZg2U&-;*A15b}FOn0q)Lc4kOnk4`zBglRqST$sdtFCMVPX z81l!|Pjd9+IpiVarR1UHZRBC(Eb?&jDe?&NHS$Pu;jQNS1~ENV$)l*RMIKFVMjk`% zLB?|uy1pin@qB~k6!IVB`Q%T@>&R~~{{3V;Z=n63CD*0?HhCQNPi!;kA5U&bP9eWV zevbYV$P=g^MxIEXMV>^iztDtVk^WavpGZDT{+#a5k-s1p+iv{h=Zf|9JWR&VeQSP> zT%X*Q{2Dom+?YIq+=QG??oZx9et~?J+>2c37n7dJOy85_2dHmK{*wAIGM;HV0D z=M^+hCgV8+&5Oz53~w_TKkuvczmxI&faXFwOnPwcU-N_H2kE{#c`*4UauT^cxih&p z8RznKcpsB1P@hWfLQW@RpH92~nS4L_D0w*fZ?cyhywjw=CAlKG8M!vOJo$BUCGwkO z{Or4qzaRM_avb?#@+5K+6L@)7c*UP0bOUP<0Z{+4{6yo&7JZPL4%T#mekT!Xxp{1Ukh)8CT3 zj{0}V>&gAet?7O|c?0$P$s?#gL;jBX|HvE3MfRBVeouacoJoF(+==0xU1;1lB{!pf z6WzZ@9!ULAGJeKemwy`h2fANI-c0_H{3Cfc`6qG?xf{bPyw{{>82Lr=2jsWOHONEB zEy!u)pBer-@}ExpzYUyUFdzd&pk$Uh+WlOHA(=@;>Tk zl5y-o*N1P(2gp0fPtyM}a(nUxawxgb0h9g?E4^lsfe2Dxx`7rq# za(DXQN-j%2L%xrElYE5!EB|KF_a*h!$@p1hefHzX&KpC(TxA7}VW$@n>TeLdUAH-ikHB;)6-wO$=E z>A}yrYpz1Z&t7Y8NG?e3NiIbmO2*G+Yxim7(&UZg%Z&dJ89y7Z-RF`2V)`o`Ht9J@ zZa_Xo?m~Ws*B?i&NghuwO`cDFmb`_0n&F)!<7bd{dR#|L{P=lf%@2}qG5ybxAEdq` z`7v@7`8D!b^0VY6Px(&-}<&#qL7cH#g&;R%L|K-5{<-q^t!2jjI|K-5{A9JAeBRzXg32NN4QX})f z6Tf{H_@k4b+V9VMxb*o-?i3o=vQs1fe;pflY%DBha*0xL6~w5LJQxnUHtN_Yu5iaj z9bb3;>P8#qyJI_BBR=9PywNDGO2=AxuFj1*H%>n5f=%*I?!q0ED&5f2w(0Yp&hcR} z3B6vbl6}wI?8`bu6Xl&{{|H55%&)2RKXxHue zTJ=25x^-^Wu2ZY_?R)`h>voOWHVd>d@s(-l@puvv!@~P{!u$5~^hpYfkC0S|WrR0A zJ`NBuC@KP&)XUQ=G6t3^MZMP(SJbFeyV{;s?K(GW(X6AVk2g{5``Y#i#y-xm508yW zNJLy-#26XVJ2ECR(d+TXAX4?-K*tdR^ThUg*Bh?GOm;c;#?F%v`988ry*JvYh)eSK zkRtYtTebIuhebv8($|(4A0<9geVQn5SiGlqR9K$`u}|~a$Hoov#CQiLdg8r_@q0IO3_xAKk>fPI9RHn}o4n2v3;&jTl`fPQntM{_}Ej&oJ z#C*`Pl>E@?ff<$%8zahWM;RG|{AAK{9Ls2LV&B;O_;MZl81De_oab;{EJ|3tm+WSa z#l<7I-eNV{XO)!DS1eNUEfRI6r8*W!lrFzC$0EUlVvb?)rRUrBj*QZmpOJ4B?Twbe z*W}wI#D@1Xl_t|?iR<^3)mEQvOnz#!9Lq#6s+Z60LC1PPJnET5l&x*rd75spN~U&RFFICdyEUP7*8m5>-ut2{re7}_NVBe$BgZ`a%t7Z#u3^+ZJ`=(}dL zw(r3%x7mHdLrxLbuQ z)i?D(iE53X-bq=epItO=)!1-xxz*p+8_j~q^0SqI{h~hTr@|fNgp=)OjmFd8M~F3o|DwozyR^*ZUcw@ZrVfpTo3mES#%F#rpHBB*$(g}-B@UYZUwPmM9 zXmk7MN|EMR^!LU`_BIWqST$>McfvBL@bkVV-zqK} z-|LA9i`I8?)?NAtZy(--2Lp6$3}bb>mK~syGU+wQ3OR>P+BEC#XI8^FE8VZJTv&*}kb{jHh>`7o!WOUpz<$ zq3toQz_pn+GdsZ6$^M)GTV8H%fMslWVx72H^k{N}<^`yV|c+*0gKUsvU+;7_6`>^s|+VNJxl6vl)qTfG6A=kBdr*2~UhP{dB6ITN&+0d})4m zQL$kdT?GapZql`zjvaNQh>=)qys!Psa8#z}(Ms{M#<7?9J;o0j<;a*mqRn))I>zw$ zL2-$(7}kkecjsFJ^nQvgM-k`s_A|jscn1Tlqr%Yd`cjhZ(_vudv(3@AT|+%hT7|a6 zm{I!R@W{BnW~7vRFD<&(7<1p`-Am13PjX=?zrcWfV}Q~3QnH;$xrfdvq||%q`g@|h zF?|yCfGF)A4xGErQuUI)!#8ftu(ZCUuCWx6{?TPxO0@odiP`GY`Z6>t(5e+GA9@pA zbdIK}SJ#8)kuhO<#F=d={QTrtsxEQpj&(zv>(fN`!RSjO$P2Xcg`Zr61=UnL)%Hx& z=s=akEFq=bZA}lUftpU}pnUP9-K}#1Ob=A$Uq*(bXciNgDQhf+U#4VQs{GKlI-0gk zO+C-A$yv6F&D_Cz*z;PmZ50L#Ci8PFO$16HKGuv2EL9}4G|#e+)-7FfQ5FpoEPa8m zVvhDx`o;@>c24`9>ez)!$EWXa-lA!DX`FUE{Vok}qKp7VSVBx~X@X@cs;8i9?pEub z7PHD&sX3XJ-WkDc4X}4c)mZ_y7`@3b6(fyAZ@g|D4+iRGni%LHJHSDNxv?Z2Irmav zglXz`uBF9b!0VB`M`NomGcUk_*VIi3H@O%KOy@NfzHmneXq~)H39v5b=BzsZk&R%Ej`g;z5&dd041)}NkZn`ie^n@043?$dbhG;r$(a5 z3e<3zdhjk=U(RG(Dzlc56JVP^HqE_Wc|NfFf|8lH%v{oV;_z?F)AuD%s(S??o#@tE7wt?J#^BV z=WpkY@YZz{$ssJTh=c^4gQFb_Z+Jw4o^q!6Y%sElNiyp*sg9+L0ZoDS8stn*()^XC zSo4+XjxsXB8|EYum%|3*CUo& z9ZS>0MD~e{z$%;>7-!u>hdHC8KIo{UVw_n+wqu1^M4bdZZ_aV7u!iY4%XRD$d_MEE z)m_WNXzfeNrG#Q_x6|vMrmZ?UYo?=ZduK5&#a|&4g_s0AT1zd7HQ)A~I>klCypBPs zh-5%opmmoR8L^5YU569rjX}gsBXtlNVik&&CA|XdM7ZWITP#_bo;X0`TZ-Fyx3%LV z%TY<-j^#ny5`C9ht&ntP-=z&T6YDl+l_cjbJvxv;C%Jbyk+pLPJnx0ljp=H!0EjWs@< znUMR97&0A|Zzz;+VS2$V$0C2ue$cVX?-R4dO7BxRH(CyD&{+6xzFfx+y@lg0k9KG- ze0IsDO=z;8;kX;E?K)zn7#0=o(fxc%fK_A3)6@VfPQbY+mKLB(@M7gC-dRIQ56~q^ zP#FPMX6etdGTpeRktZ4}>g~jJrlo3}uiEOU%oaz#nAia^o<8l&uu1%8`5fpmyhmqi zBofzH2Yt{{OP>x}>MeAb;hx9`}@ZjzJB zI5Fg_^_W`UW|I2R_jXYmJ33)zRXpY1F7j6aQva8Of!KKQTY62qhr38N?CJN=$)K4T zrc3mHIPqJ7UGqPj_@+IX|HFZ~70`W3L|ZLKdUS_XAYIs&&MAk3mc3q*L5mwEt46xL z$hKVY&d;%|{Vp0+EU~Zlo9lDbwOPkj&AWR-v45Gr50H0nwW)A%W^E(6tWy&Lf{2X4 zVvXrrN8j58)0uK_tqk`iUsC_48b!z?r2TI;0gf_w%T;>KS}q8|378OvVpd*k&`Al-08WdFp-y5cLtSoqcm z*BHk3QaGmA*pn7VnLbOY@3h=%Eb}+7dxu5pMXW4Qg!PIwx8OlZyk0zL;Z5x1eJ=?e zq8`O$`xJ7=`Vx@ivo>4R7>07yH&-+fbs_^cz9o5i0gCobIydX=>D0Mnt9C6!n|vR= z`R(?L{bN_A9sja<_1sd4%BBBxo=_%zwq2A$9ykWC7Mu!d5WtF2T7Q;)4 zC07$}Bkn=xX?6yf$@fb@&NizC%wo)Dp{7L45ha*ZA=L21$Y^hD?}#wH8kTlHiXpO2 z#9gJA9-y#GFT>GVrMJehck(pT-@?k%tpPeGPqV}}sxMl+C@eEc!Vfw&vDgmugvIN1 z`)pb|SDr(T#DLyZ@m$)l?agx#o5pCwqII8;T;4<`#|R?5{dIJs%OjtnV*B*cxt1c7 zzn__^(YKMA=AhYt#89_KYYuz-pjQVV<9z>}yEm$rU8kCP6$HG1||{xA0j3 z8HG+t&rMLx65_n!(y2%gss1`N%ARmN$`e(ZzbYF0w*!59-RXC$l6(`e41cBEWD?jK ze@kS#e;P7HhiIK0<*kMXI9V*1fTJB|DWZAARd0 z$rVkAF-f`s7)@lBrsSiqa-=$TJZq9hW_3!>M~^Jc%Knz*LWX1CH?p^>ca8-c|4efK zu&5-RZ(C{M^ha40B{Ps4F}meCs4+1@pZOi)z?%n2Ti}7>!7(U@`%_ZlJq4% zAfYG5$M}Ue+GocDB0lB;5n*Y$5CC2->cRU)LprH1T?uNVJ4QAN>&j}XT3I?V3X4^X z?(6(|r~b7)YG1{0jCNw9v0;#?R#s~YYxT*K5o-HWvi{*Lb?ALYy+P!`h+rMo6WV&z zxNg!c%DO_QW}W2dnA-Y|oSsrEdp5)VqaK@z78j!T3O9r)cc<6YTo>kNYH2U!?yr_0 zoogRe?mB9%tFA}gb}6?<{V0F_cfSfU`|s+ai&Hf6RTrma=yI()Fr@W`(W#s5(SIX?RF3!`*9@UtVzW;3J1RS*(* z5h)#7tPcKKUS5?7Q^~;zYFcm~ueur>t~M3!8x|9R#jJi_k6E{vUpzv6Q#?lfT0BnO zDBfEw4KemxO2m8B?h;6c+EPlUDcml`Dw`D7&Qh^SiE>I!?+=^F()BVJXC+|3uXi*~ zL?q!PS#PZCgnM||bG*tO9**&_nj9P@gR1b@2(S9NbdZ`R7w1)rg8L>VMqq}iHkD9r zY>lYZ!HH@_aaFJ{y24mA0%*)I2EG`~D_3a+!_~2ZF{oUH!z4(xvkY!@3~;;=>SUQ9 z^<7T{oaj*#3-IhnH1>5d@WkzaoTRL*C44cQD--QaNC<sO^j8a6dr*5#%>F0Mq;Es4EGOQT{tGL23VSjMv_05Xbr!_@AOV6| zd1Kv3<(?^G&iz_E$n;6y8o1qLWi=MF%)ZfTZqZl_8=cLPZ%ar8^A!*Z!K;$-$l{U% z63~hhVjem#!THB~yl6me_^T+3;4BjI*9Gx2`HGn1CI-R$b-I{$W{5d$4xaKU5fK}3 zwgZ#?JH=%Bq?VKnSHsFO^VEN3d#mLYFeyFskjy94tcT;&swzq9%8R|!%x1bp7=UrJ zb2M~Z>)3v3Z<}~;TvQmw&3(ggvSfC9b2NjQe+y6V&5{Sf-B3HNP+u&FVq8lMUvFRFp-O9xk!(DlM>ao;*sjVQn4PDjpsJchzmD{gl3~6LH$`AXF(UB$gb)T z?koy&>C-`d!{XHfG$&s5d5APvrn`_sQleR^8yY!MGA9J1rr9Nf)x5=$f}JpxTLuXm zLa-8a2uWM}4T3aVALh8<-coR(PKV$~hpfeU^sxxF2~KY;)xM+DjgWz!a5b_-uv)!B zf*t#dC}b0PMu~u`I|oh{?+_ca0fDW_8H-2FjYZc&8?$ul;jrQ`lbo$Tnh}BoSRy$?h+U8?eD|yy5tux_y1<% z!Om7FpUDXWjHtLaryG2%UH+e_xYQ0trM5x#Su=wq#O zyQ{*w@4HqO4Z_G!87uD!m8IEzq2|n%G*AiZaHyWtWrt!~lc-LG%JxBCDB8p;a^+!B zVe!#snd-}Ox^Xn)hR-?%tBKbneJi!OCQtrOz9D`Bs>7~w{&i&^s>BjFLK}G#PJ=LB zxmiw**y&+ zzB(TDZ)H_HTrIobS-f^yqg4+|Hf(sXxBB5hugZBaLEWx|4lf)WJ zlxo3h^lizM?}ikBd3c1FV@4K025}TNuYBO(b8-2=!RI_Yw0&W^c>87sycG@$*F(0U z6{M30SEDO9XWKtM|KTBdhmmy{zOx)O5I?(Psc-kZ)Hd-C3fL7V#-}!vrI#})6DqhxX6LYgRcWx_? z-viu4*jHhVF5|8~U}i;`Ft0$`ZflP_wrh{F)3pnhhkubUb9VSFx5DzDonkrWSA1`M_Mta zT7DPi`yBzlGqNQ03$?jgo2RvTRhvV0i*}hdH)?Z-Hh+U@y2PUo$_YFFW_B_v-mpF5 zZxKutgi+V0l`whuq}o8av7~#H(>BrQsNy4WI4`{#<^uZsGq#jvId^d-*<5z4)bdKf zYO4Fxp3?I#eB%BkcH_atIShj`SL$|z;bj8tAFy^E9nM6gOZAgMx+ zFUJJ5a#m$b0OnT?lk-WDee~}4ibpZ7I3&?|)P~9do%(P|ull)ig4*|p2|YpmURmFL zVNsD0k%@!U5=8UWG1L;>W}dGctd1X-44HpILexX7$q(tSS09FAtZLOmDk#oLLB>P) zOKo^akDvBF6s$fuEkUfzksy#uJ0HS5pq1YstrO0Ray?8v$vOEDdY#`oNJ4KuBS0q4%}u9vsD7pe66Z4mdTF<#B$=UShgaT{a;8d{vqo}UVMbLX*}w~6>$*cs3uqC{Ad27`Q5`XI6JrO-tl{) zWMH?UYJ&QqYOvbA$`_ltY^LX8)%gDL9&dPfz?4IsM44_|EAi9atVaW~;{07%u@6}> z?>o7$uYVEqmjhyE{)RBhp#G{Ak71$ai6$zwI?mnxRwF@OeNOto#r1Tzzq}qQrrhD- zedShnCU&T`>tDuWV!IoJsbdW>Ty8W#O>2zlc}sS6YGZ3jm)g@dG6B9MGu6uWQ7W^2 zCzXu~=26=ptL0IfUa9SbsSbBi#S_$`$K%zUR|lvcUhS>+zZ$1z*B7t9*SEW+6OF>v zKTW*qmzJ{ZgHxPpK`S{`>3g0|ecS52q)6F9a@HRfw^jvMjJqE1tM(zL@h^JS!WVI{ zoz3<4Ez#*5loHX6iaPx`*Dlty#zGA}-+J7co=j{Ota1-aevUXQ=7QhFt7$8yKcQx$ z7M%V=6x&aUc`--K#s9()7C)r%%YH(4`L; zs;MBE_o)Nba2FgF81TG+k48vCXyswbYG)Id~U)s^};>XqK=&MV<+enY8t zN1N;ECCVHR?#S9Rcbk7R)#>)@95=Bds%>35$q5XJ=`fc3*d?oJ68^U}V3EJzxU@!- zMrvUvWQiost?zF?_3j#aHA8Lgf^PVGagpeaF{3u$ICA)t_w4r$G)F#ViWgbsocyFm zO?pZdV3peaB!&{dJ!$R%r=I=zRN&xY$}_&f!vu8Y8zeAi81UIsfqp-GCeUwIzTYq5 zclajwb;gAoEx(g2zXzT{hXW76DouMsqk=2A_EfAVLjP$-cn4}@L(zZjb=Nysg)~FR zQO|^{ubzoeN1u`68&gwPj-PAlp7CJKzG~vLQITrPvkB_XvuFuqoQ+m(U|b~nY_+^r zJl5!HnfZWPT00s$+tGOyTZMMQ3ymAKV)oI!Yg6FaFcDv57YeLe!WgT9bC$K`S| zwD}!O70kyxw?CurwedCO*4k53-+&zVV^<(r9j}G^RC}9sO@deg^RDHJVKrmbnp)0w zqM2YGt&L3lN4!jjDYsT?O|_$@jH<%DI4X_9VdhcWbu|;@@f%WRO|%Yq;%)A~VxG|E zk(=`OmD>oYfHN!k^x1Ir=d+yj{8h`zm8-S64HO?KOHqT=<~m5ikitkc1{6^^Js^9F zSYz4rtZZ?G^@*0)bpicR+c%S$QWsGVg(o)_QDfAxXJh(#oPzid0Ztk&Iy0F6_u23S zjNA3<&M5f1A-bSMHK`U>D(X1x>}PeQ`Ajs0trpjcjpLsOk;9Wl6vp*^Hc|q`;jjEe z?y1Gq>l|d~M(A-HYV+hM`8#EdM1_NPDy24dT+nO0C#BX)j=nFbohT2jM`J--ZL6c) zW}-c(wrsYentg|>SUXb!*|}Dt4U3D@>+o1flIg(q+U7e8@g83%&XPBXc|@DbH_P8A zein1_7BQ#n6?5a>!Y(H(hTwv+B#36(f9X%wW|!5$V9Zov$MH3!X6#=Q#Lko2%n@_x z8A+L`8L}L2{3NI|b)3?^2!HF~3d?_I#rz~!%)hmHU7J%bi_HRUuF&SSYZ7XrT38o@ z$mva_YObqWo9Dd#ds&4fs-K=qP`6(4O=JB!_@yt$sZB43tK&`ev*u>q_eQg@sJIxc zQZ;uvWc5dL(^{*IEvycAYHQ~p)0Q^T34QXr=E>~?yXrM>s9-(f^f-eVb>TUEGUnpT z82_uAZCI1Xc2To^WSoB}Ra5cA4;B_vwha~e_JENChe0lXrU|vmcAK~ql)JLVa$8Lm- z%JcJR%!@jYuIW5lhWEHF8G)>EW3-M7ljqnI)Z7=5eV>O1tDi&_B$tlrrAPF1qxQcj zU7^mQ!_7<|xDUPLKk$I*-$*gjM~iuBte7`Hl{jP@C^7~?sqruA)kw1lr&hF7LB1yo zzk8{FEY2wVIJuQMuHv&8*$NZ*@e=Bc6iFV}al;b_s!K1)j0i6c7^tql)Jq;e#4RC@ zD{e#;_ z7r<0*jHf5Q;!*QnQ|>r5?-l?3g)Ob5Ne+uv>t8Vkj%7-{6S==mdR zmPyz$5>*%L>)JQ56~<+I{~yF2gGlt{lJ>sJEEa-)~_}XSF0sYxQ2ISEV+Ru1UA)3F=2w z(g|xMm^(0?K_FcoX=E10^`g$F&1A_0x9g!6W&yKFBQt}W(h=)CYbA*B>m)9$MK_Wi zQLKpQQwD19Tezzt)cD4}n??PM?3xMJnEq=&`js9F8;9ZX?%y%DT((|RQ#XkD?*^0! zL(0Sj4gF5aC=2twuwK2e_agg05$bGXXS*O5L8pHwK6hy|8zxq9{IYIx6Rbpe`eHV> zq&=qin?$eA>Mm%4lMZr6!V1$+ZSL42*&;0$&Ul<{5|W8A|H%0Do6Ircql@yO9A`HX!whGM4{aC8PW^_}Nvj>~vA|w!Z zf^6quHDOOv-@e{TKGf_FA~cPr|?qI;oHT}S#2Ks zMgIO}C;SJ=AWtraor^B>ea+Aa@fQ5FRZ=7#@Auoh*oyA&@UIfW#{DQ0y-SkQ3|GHj z>}DJg^U7}~`C$>buM;B^&=pFH-yFAq9$x@vp$dL+P#iCSiAGs=&M~NHp6_HkoP4L9 zEIcF*zdS7FB5nSq%?U@eSDaWKpkuhh(H2iq@5cQ*;}jApqa6M2kqKBKT6jt>oDGhz zX;{+&iQ3x&CvY(B`lk)H+TaYiB;HN4uoHfdYs-t;Og=3RCTR2Li;@ttET)FE#IapZ zob)2|TcQ-Pqh)ATOP!Bq6eg{f`Ucg0))fiox2t0QcTLPg|A=`sPt23rya*FhCcHyH z9cqat@S-%L|BC*no1%%$-(XfZT4I|j72Ve^sE}W`#N4ONTiTp=TWq%8!Ie38^CaBO zD@PQC^(JlZ(&iCuUf1U5BSo756YYvR*$UHC%qnEeF&e8sW(IV#75DnYdMJ{(Q+qnE z&1>4crOkt*C9nx&#GIkc1=?J$&Gp*+QJXu*6xHp3n&HKwrM8;=nNEo|H)?Z>Huu3q z>+E|1VR#$!x*3$^3GHC$IPo}X975C&VdOs|5g9R1C5QTZ-ef%Qgy*^1+fUj&pv}`T zrL-~8($yum4Nst~MK)g6PHu{mp!ftl8^{J+EqXlyLpFy_z3vV7=gSzOrj5VLQ+9x- zzb#LB@U#J*P-V1vO`8)_#AXRhRUpo|Oc`iP_oOy-keaQ2fSW6ebb0hr zyE~Ygz6+Q2*J80WU4r_%1MYQw^7N}N`ubJ$;lt)aV>8*oY4I?zA9m7uR^bIDry`=9kK8GScZm5JOyxEwEbAvVy9v7R;(_#)iC+4N|a?!GImfc0&LXgS1 zj>V-e>N+f@!2*LhZEn$Kwl>debK@n^?$>4xOsPq|)Z(scIfh`LTo&bGZC<=0f1kT1 zPGn6>?dz&XS~u{^>e9%=*VV3E@W$V1Z-`ccLM7Sy4}3YUroNHyYM$e2xl}W_LN}|; zQ`*ec<_&EQzb@JdFwr9QQv2S(Yhy5}SK076Q|lIKbB%V<$9Yv3oDS{g3@&=9(cN&? zE>A+*0aI2zr8$|^jmx^fcGJ_lfc4|e-TYURw;_N-I)LPVB>+qY16*GUaD5%F=fhpF zI;G9@8{)^?9|MB!`u;NYX9-4;Kim;#pN}dAa~Dh%geUF8<0Iqrdylqu*O|SmyFM|v z4(|V51UJFBGTrH)@2=NGu5{P0-}tvXYU&*ffrqb_;5KXXh&HclbI2NacDD`ns3~va z1#;@rI|?UsQK*;RMA@RL${#pznKmzLbLu)tH1=6A-P`$=It9;*{j9RzQmcDlkzu3w+XNGf zOL#k^Gi&*zhvcV2b9y)-ec40JfVY%Q;%$RAb2b&j9=b%cOf*|Wvu1~wCw4%iw!pLQ zRetLs4{WPra5Xne^ndOV^T1wlb>4Ax%eWebp7!WL(N8-f=Gdd+YSP;bYtGv`tOam2 z;+W`v{9VkI+2U&L+gPcRcRe03u8zKKIumWT1S5eZC&cloKgB%smw5Tx3HYY*G8C?U zIwksBIbxnaBd#W*;nRW4en&^24p*noivFwfVvfHc=ITputDXG-{jq<45LX&(J3ftk0= zgMR8Z@j7ceyy9r#0JQ^;K<&XqB~e{4dyd@5`=TeVS6sRET8R1sr<8CC3Lz~0MM78y z6Dd=7JXk8l>(U|zs%brOvHA_A<9lLRL(M`E=d|PN+8nV%JYL*^1jaQ{baos&ryb@ZF|)bIt`Zzqu&pj7wskzAORh9_=g^J1`{rv=?&nAD?Y9 z-mnSVk+7YSCqB|{i23auF*hcMz_%xEfSS`wEr63lLqlLabGTUh8d9~RR}=m0I9KGy zg-bu6Hzos*lilp)Z21M8bRUXU&D2p6@U}5xe)^f1KaWEsL4DNM;qBBSY;a=xd>I^G z952f8DUt%+Qfvy>^Rq3`Erl)i6+~CSw_N^dM4Zez%f>@lTb9{gR*%oAd6{X@*GKlR@y_1~w&Ovw>56(&DfO$!$;98xi4 z%!3tMW>&Zmw9&Pv^4x-LmK7cS*s$U!++&I#c7I`YL+ZktXj3GP44f4Hr+qTHOqB0r1WOj%e7AgEeP7}I_`=o zp6)97?CZHjzbO1pdeBEb`_Bt5H@ZONFNN;E6_n#1U$9uQAB(SXZ!En1kqp;H_kXUn zt{nH`pjxwC*9%>6RbB1c>Dub5+5V`jQ;%lG^%%X9r6e8+t(=uXJIVoBp%@fof!Tyujq2EBjA{k3~V@qQcKVMAP{cDb&W z__Wym;N&9LU7Leb3#@W2E6}vYV%LJ8?j6fjT<5O%LdYv2B}3L%dIc#McYmvpkQOD2 z{o<})f0FC8E7iTg{gZ3Ct53!EYd<@1k?Z@y&AM#}o=|8@#htDRuGy})ek(Y}J&> zgL*!eu(#0R;MZIA=yBauT7N=9N`D^oUeTgOn>T-dg=>YYL4)F@L-4;s>Egvpc6f4) zD}ITqdQA1cCEGTS^b~pGi89$ij~6{w;IXIc)U5et?}Q7k@$SD0)OqHBt7^G&(b47V zJ#(5}~$4*smz2G=+4 z_Mt-9Hj;);43*?^D4G|CkcQmtBp#w&w+?GT5W1!}y%&HcSQ;cwT}pzqyr z?~AMvT%-SpOAneF^r?G&!R@XGzbL!?(PY=v!l}Wx+&{PyM!A}`DptFAiFfPPZQQu= zad*?OcAdJ_J?5I?4tXndz?(HTx{tb_*jQwsr}}fBxN=?FT`Piyxre#GC@{t~4YlNk zdzpK4&^p%wR~3B9moIl;`TOp#71S)FY*xW!SE(w=uDA?$Tynt_ce1-whAYFB9hBj& zQl(U>P#9H08#b)fFs>&)DXxb2#Azc1d6DeOa>d>KN2w~M8rG_n7F5MF42%C%>U9^I zkaJ4Cgzq2ED^)?74*Vd>U-(vSU8)qm=i&#rqVOF&z@_!0@q=DX!PD`)$?N$3`$0E; zAPN3@x>a?2XZ3QcoA_Syv0MAkSz^9BZ+5GOun#`sR>}BY{D)h|)A^+N&U`pXyH9yG zNL7J8r&f@94Bw&82dOlCm+BCtD!4J)3ky=Of{TZn?`%9>Ch=GCn(rR`PT_Y%Z)5)> zzaQ&kcsRd1_cfft?<{_oilje&2fu5$A-{+7JGq~+FBN6Jr}MjKwBepH<~x_)gJTUh zjN|uv<~xhuJ>m^lNig4~63ur@eh=n%YCAj#gGYXns+#g#Kz@wBR*Vtnc{2Gn`3|{qdlP=%U&j6Oum}0Xq3iCGWuxaLH#jdHH*Wza`JY4;0DgCvxUu!-vQxmKi=l zp1scSHFC&$!^QEN1ybH^HW+@GT>m@6FOfg~$#7%xisOdgAh*KfX!409=Ugy6l-%ux z;c4Xcya^fw+e~^DIjHkWuad$N7Emy>FWpWg`4mrJ;(YGY4N`~Jeudiyj z54lBk!vo2oFB%?C9{8%^h2;Ah8vcpgp^@RE~p?@cuvOP)F1@cZN~vkZ?X=b?R+Pda(Rw}v;7i>@+!fc)_~!xzatzBgQ;vq|qm zI}KMN=lyE<1@g@-!yU;-P8se={^6|Q7;=XjhR2XoZyQb{_qtE!IQ@QIP#a| z+2rlymE`$P8TZ@B@ih(aBWIw$lFxB+@!E!S$aTn<$+_syA5kmr-D zbTj^!lS8{3-U^oXDwBMI`ph0if03N^w&7b2zhgM$4Rih3f9pr`>2g&CQIgMPXyGdUyjECe? znH)#1OU@v-BIlAlj{ivGzdt#R{3$t`Jeynv<0|>AA@?Nja{QA|l1pLyC7=HsJ-PIo zOh3kB@~KA7AlD}+W1J?R&g5Kjq@%~UO+FuyOJV#bpGo8tayq#u#&z=9NX{bfbMzSJ z$>%INm#p40>5aqqPd@jP8)6(NpJ&J!3MGht362_x2*{6)YP!GeQrw!jnP9ZlSuOzo4XOiD0A123;sQk-Ugp;BAwh737NKO!9NWSl+6I$F1elnOvcS;h|(z(r^Yjm%N8u7>`QJ=c=P8 zKlY9Z|6pl`PtGi3cpy2wtl{b86g(3upAF=+`wU+okG|h<6^{u&uDs!PltVG5;=u@i`*^V z=tFwZJ-HG&nfwGfgIt@OonZVoC#NME#+&MN{CVV&g zjel3T313YyT!CDQ{Dg1`%+ts?+N?Q~+>V?}4ks6$YQh^xE=3+eE=Qh7u0Wnmu0mem z@In*b26ACtdsB>eMG; z$gA}KJUNZrhJ2CZ!7xY9`Nm*!@&?H{^!McMWSM44_@~I5$@9rFEfjt87A8M)$=jM5 zE{kAApW1}^P5yVkiLV{`fn$a}AgaB@m-C46FU`8})W-~0BR|6Mq?r@_1Fsl8HqSMG+rV%X`47%7hmogpem|Rh z{&xg|&n9x_3X`7)$UDLfpC@m7({N$*a>ERFC9k9Y zU2-kzhmqr@BH%NP9K`EcOuaT5O> z$xoAelUtJG$YJD`QoWW=wB1`RfiQ{Bh*rjDG<+nC<6gat-FsN%DQ<;y7m^@gEyw!h42%o!pMxxs%a{ zlP9qLeM~OJ^n6ABxuvkflfKW$ z8(IHnlV9d~*!Sc^%+I6bGNXlnA zV|YBd&o#q~$=xp--a`J6{!f#eT`~GX=$j=y&*d7fLOylL@N49f*A4d~FQI$c!WRE+ zc)eedS4+o(&ua49{~6v#Zo1I$DRNKd?=5o1BBOr*V=)PT>O8}B$$iNk$W!RvORmlE zJ|I6x{+zss{=X*oc+k|ZHRPkxQR1_U98Le{$Yba~7-KO>UkmCVAS-fRa^+V|c+JRF z>KlH8eC924ec|MuY~TBn|CwR*Q^`xF8~&c0lWq6_Ipt5om&qHbFH*{+H--E-c`Wbm z=g66CA6t<3vA%XAKg0F&Nb)O8e=@mpOB4TC^2a?4r;@@HX<+ zj}7l3S7-bACpm)c^Br=)WrYI{m*u zUc&z1b@Hd=KIG+2e?UIV^nFJDfbq>D7w&4(yM+8tW5YYi8{aj2f}BgfK~^l^V&zQw zkFmdglpOaBZgPBHA^*tqwI#RX{?t3$X@QFIk^PlCvH* z?O7`M3hVbW@*i}+jr?b86W$(jKi21?AeUx)wt~EnhiPmL8yb{Qpc>jGuF3s@L$XUGqz9XL{ zA0~U5ALqymm>)qEOnPHkUggP~-Z0nm82QpF!_Sj@aD3N+oU_L0qsULMH9VSJlsuoj zp7F0GKh)UNzrEz{jST0KV|o7sS2XF}$oruzc?s{gr^(ltzs<-sIlk#h-a!5PyUS{JR1mO3|NZmf1%Vj`^flzle~=WftTE`n`xgvAjh;b{0aFRavHf?Ro$GcZ^@zL z&E%fsgXB5`jQjJ#NZ-L&ECk?li~7EFU#yb3zH#I#bsNs zkmJZh$fM{#i~grjf1c+t7LZ@0`%Lmi@_zcyYt?k3OSKnxU#vPI!8@@Rv^E9 z#BdGrNb)P>=eWMomVD%xaqo59Q$K)QriiKEqsebQxjT4DTclc**c-^3vxFyB;>_PYE_$mONb1T5?@p?;di!k|zGY$ZdH&*U398 z8GWfL=K9uA{~Wpf^G4r}T#WT0np~9W9YwCe_`f7iV)_@7qj|j>gt2CpoMY3yM)sV@(bKW%Qpdyc%0?NMX$K(=2U$ZL4ssxNsb`F-+L z^5^99Jg>EwyqWs%$%nlzC7)l&x2Zo#ex3SDD$}*FGc=`{3v-EzU5Pk zTrR}8Z$ut@(&)R8ziVjp(r(K9xkwYk$>hV04bLVoe$DWDa_wNlyU9;qGvS{j*IZ<{ z=%Xh578eXZB#ibqyQyh^pQe7;m2 za>et8=aQd3Wq1Yo%zne$$i>{|`c9I|)-rs9yuYU5`yVscH@URo>g2KHSIH%68+{vc z$vY;#F65mBjXsL}h0E}V{0szqMj!MJZr9#PA11o_XdhKG`$t!vWr1$pj7qhCz^MmCP{*+{;#%jl1g zFT@zmC0EZiT=)r--aVfhew=)0mEl*&c_R#WBp>GW^(C)XCjMk{TjuX4l05sW3IBWY6ZF56d_U{^De{FY#{DJoTa``x?rJ9d!6girB)eFiPm{az{%cOI zS>L!1BQIlm63EGnZ!Gz7*4OFeZv9PqR*;*tGrWg<TAO9HuloN=GxFw1`)dBtl+|0B5%>)#RbPp=yN74mxx440{4(zlr9 z_Y7GvzZ#LJ-!SgqAg_GcTyHG-rB@A)Chxvv+<9-ME7RU2P$?Inu{blmuK8A}wWzuuvbHh)Nt9@a(Avt4$;jZLIKQ$adj+$sV zfjniB;i2UDV-2T};~4$|axuogk=&HLmmD$K_&-A)^|fL5(-DT=X=Y^*=#?4CST_D948NE`mT{b zXM81Vn)Gg1Wa58}+-<4hm&yOVZ}?5}tU-no$!}0Uiu~a)qn|;p{+;2ac#%Ai>_$5%0RI7a5?fP35Kha+blBt8hHZUwEs9Y8(vQSjp^G!F0jPt_mR(~ z8a_+@`fI~?$eGOlGIh=ME#6@CPm;fiG5iYoomj&i$X8gO-zB$RVf2H^eU=%XL@xG= z;RWO~QHD1Nqd&|zW$v$CU}%gI_fNLPmn|;+T%h}^7C&ckGmE=f9BJ`K7LT@gipBFS zUS)Bn#k(y2%i_xx2R$Eny~QoQ&*Dcce#+wKEpA|OJB#16*lTfu#X~Jlu{h1*MHa8I z_(zL>wfL~bXDq&C@ePaJF9haqF^kJuT*cyNEPlb_rWSX!xVOa#7JqEmP^TUy-1;wX!gEl#m`ip2{pUT*Pvi?><4*W%wTzGU$& zi;KM!m_H9#T-V~37Wc4tpvA*2o?!7ji`QDb$KtaVt9pUyFK+P@7QbY1sKtFO?r(95 z#a~&x#NrJWXIcE0#n&w^_;TR&J!SDr7I(2Y(&G0mo?!7pi#J%j!{QSb=UQComB92r zZ1Hmzx3<`0aiYcJES_!gT8n?N_=LrI76)Sn+}D@ezwJSgf$l;$MCh zEUs;FV~aaj{I12rEuL)gHx_TP_>jf97T>YBG}eLquje6)U$MBA#U6`gUCBSZQ5H|N zc!9;=S-ivIV-{br*xfKN{<0Q7YH?kQn_BF#c(BEvSv=F?r510u__W1&7MExgcs-9< zT-)L%7Pqyyo5j5?9&GVMi_nIKT2C%+2R@&zhZG~ zi@RDJVexwwe_-(^7N=S~&*JqK@3r`Mi_ck{XK`?o!2G%2;%XMxv$(Zkx8mnbi=!;} z11%n9@l=Z!TD;NX9Txv-@lA^>G!4Aorz~!4@#_|Mv$&td{Vh(mc#Op}EnaT%28(~T zc#p-$Ek0xMzZMs47MLGpEq>hMIuSHk1bBIc#*~HEk0!N zC5ub63`}1QiyKYv1yPWpDjm2+S9Aj~^#a~*SZZUph zE?_*k!{Xm9{>Ng~CeZ(V7C&Zj9nB4W`P0PcecamOjuv;fxTnRD7ROoK-{KD~9&YhO z!@lyEYw>!EcUXMD;&T??u(-hMf%#e1;z|}*v-nwy>s#E~urI$mSlr#>FpDECj<@)I z!@m3)Y4HS$XIi|-;&m4PV)1Vl|7Gzdi*H$6v~A%1`mn`yEpB1)+ZOk;IN9Pc7EiEv zs$pOL&9-=v#Vak|VDUDKcUyeO;!_r1wD`Kkh1&(z*D@AAXz}9~*EH;_k1tr<*y7d} zceMCTi+fodYw#-fpmq)YklNZKJvPrHz999Tlj zK$b!>Aj=@jAuAv&A>Tq)K~_W7K-NOmLDoYyK)!=)gnSRlglvNR0ND)r5%Lq{XUG=F zR>(HUcE~S~9gv-nU65ZPS&-e3J&?VSeUSZ-1CZY!2O)4ghL`A_{A308`1~T7ZM417t#+R?EWFlk|kcE&%kj0R1AWI-iAsLWmkmZmSkd=^cA*&#(A!{IOA?qOPAsZmyK{i6Zhh#!F zL4JU2hWrTm3Gy>!3uG%~8)Q4=7sw9CPRK6EuaGRrZpa?UUdTSke#imHZ;*qKLy*Ie zBaowzV~__Rk3t$jnnGGYIzhTZr0j-5hCz-)@M+ip_hUmyBS>RN6G&4?Ge~nt3rI^y zD@bcd8_4UBwvcv^_K;9W2S`UqCrD>V7f4sg8<1|0?vOVjZ$WxM-iEvb@j!Y)!XUjM z;gAT37t$Nj2htZ333(UN4-y55hQvT(A#srRAn}j{NFpQ&(jPJaG7vHd@;>AP$Y98a zkdGiALy{pwAVVR;Aj2UeAR{58Afq8;AfG_SLOz9j1{nt#4@rScfJ}r;f_x770x}u$ zB_tIx1u_*f4Kf`v12Plx6(kKZ3o;ur2QnA(HDn%SJ|rEo0J0FW2(lRR4P*&qDI^23 z4D$aKc9qd_BuQGw%>0h_?j3_~EsytRk7Y?7d&jnPl4ow_sIJsqE!DbdySin25BI%e zW@ctsW@cvIV`gUhzKF=o$g1kyA0btK5s8%<8IhUQ`AE>CK#vAJ2J~3a<3NuGJpuGY z(33z<20aDzRM68vPX|2%^i0sRK+gs}2lQOf^FYrBy#Vw=(2GDX2E7FIQqaplF9*E> z^h(gHK(7Y92J~9c>p-suy#e$_(3?PS2E7IJyP)3#{XXaqKz|7OBhVj%{si==pg#ls zIp{Aye+l|4&|ic82K2X}zXSa}=pR7;2>K_`KZE`S^sk_Q1N}SbKS2Kp`Y+IbgZ>Bf zzo7pEZD1_C9q8>r?*Mv7&^v+N8T2locLlv0=-ol@0eVl+dx72?^gf{X1-&2W{Xri9 z`asYJfj$`YA)pTheHiG&K_3D7NYF=tJ{t4@(8qv27Q}J;aiEU}eFEqcL7xQrWYDL8 zJ{9z7pic*#0euGOfuOUXP0%^e9ia1|2Z25lbSLP+pw9w*Ht2Iep9}gt(C34`0CWMg z4cY}=1YH7M20a9HH|PrJD(D($53~>ZLeK%|I_Mq{^~)E5?gQNq`eM+RfW8#;WuPwy z6`-#Gm7pWg05k+upb_X8bONeD4+Y%-jX@L86f^_PK@S5hKn;jGZ3Q|7-2~kN-3C1z z^p&8m0(~{;Yd~KM`Z~}fKwl5~2GBQxz6tcrpl<Lg^eWJ+L9YS5 z7W6vM>p^b-y%F>#(3?ST0X<-&xNv!|(2FzVk#}eG+>{Y{ykWx!;*}W!>g5{wMH!J1 z@5?B5u3tICEg?0pb+j8370UwQ+KOseCaM{xo}v0_jeA zt<+j+?H(N9HX7Vh#CwRs4QIvPg@+VJ4Q@ss;3ivMJ)*aS)~L|_?p0idVi6AYLM(^2 zuPhRIy#UGIbmZVp47pp&-v&|;iFbvBYG)UK{p&e4m3t=@YkE*Hb(a=ck5N04>AD5t}*J9oOcj9O{rkQvg^{)iiN zk~}W~%0j$V<+KI4n}AdnRSmbexjHyhZncTB^4h{xu9h~09gG`hma~amah=7o-ngEv z*LlY{1G@qS_XI7Vwxj|0UOKl1Csrmn$}gafQh6=Wg>V%YZ)_duZN^bfIC>Fw3rn{~ zdxqV_C%0qfcxW!Yv$l`N0u+OzR7>{kaF<;c0U))!-f5O`@++Y;R_jXXj7Pl|bYo~^ z<{s{v&V<7yZ{c>HKBnFr+sBbBsv|?xttB{~4NBg@)}$6lqX#eDZnFzlzQ;5OKqW4P zeEUTP8>^R*F38JMa~?!;k7SMV!8{k^QdcjuS8N_e^DIIt`W@B)tj2reCB$;q^Us7^4ZzqGS$A={16dnM*2sn!@ z5bw6kP>h%CYTq_9SIZ%J8D+dVxFeny4{j7KeAm2&BvZE>463;e8)w_%h^VAZ=&jtZ z9A((|ZBkwxJ+vAu-3`quG^XX}Z%yro^{Q0I^VhES!!F98gw>3@$E`wPQgD_v2SB4f zkJeDlY#9q4!0S3KmsN42x^3_n?y)`2rc+cg1X>FTv@Me*Kb#dO<#gDblsD{k4Oi9& z@KA&svZZF#t@#X%ge>dnaWO&mi@G$A02;NLQUMpuYEH4rdVhMkGG@fYQcEgG2=3~kX)=1q_(6N@RHH6QGc~0vHL<)$`lmMqn9N4z57*$sj%-#^7$J7#BZz;D3F4cgi zn}oYev|cGKlvu&)$wmb;k_+CGT&6XIueWO#_nm*>gNwuKdk4ERkm{kip(aBs**Pdg zN2yVv=%#gZ;+h%4qgiW?Wu$pk*%julA7+e9)kjV@1M9Z2*NP~Npn8Z^ta@pExs77P z;NEh1#bou_Kg1VUx=B*9C{&(cX~PSo)jmT820EaXCKDaJvRKCD{>yF?7x4fZ%Z+q@9(fHYqTKh_ zG6A!`f~HFO8N)f5PCPl74qQ~tYV2NPX0cK3X7>JWhIe&RHdHnPbb{kB?&IWIH};~m zWaIj1Q7&$yBL^KT-mMwo&}Qi!3quB4T4$tgjFTmL{S8fZUQLI{Tm$S^;VG)B4p5Xw zM~mvzsWDvB8x$J`luxi(Qj_aqrzPYeH-DH5nv|uA%Pj5uSaR;%2=(X(?AfxH^M+&6w_U?Q+cdNi9awW@KbOnZBhC+)68p;*=xf zbquH$*h>dYiG9L83Rku#sgu zg(}-lD=%3qowTLEeTa?1g>^!90Q3ykwGslaXEuic*ha#3jK|ff7;e_0ip=fYDB#Qt zp>WO?)@3vhTu2Ssw(JB8*5xq@ps0FTW``Hk)g&_1tuiSFpyCHreG21FlgcFV=CK>w zVgz^05|PajeeO5_2GnDFK`EbNfexSrl9CiS$KELRC@;FN|?iz#NFmJ+7_fcqDnLdax( zbbDFBNLEonMkQ7gV$PU8&{j?LFm{_GtU@N)6%R@pO~CoMSz-T$V-F49YX8-qhXt zI1I4{(2SuHOO)2F;F_{90|O$^+hJ^K2rJgQaG}A@=up`A-!_6`veD4j9Y;;mlWIJM zd#E^GRr1XgQgh#)R~R_j=&c0R`d2C6JruF==>nnM0A;mBKvtXvvmum_aD$I!t22rn z4MZ(kV=|EepkaMnH8eJLutiY?0^6;`IEl&Z6hjyKSv(qL(8O1p$!C;zKDFyqUbcS4 zF~Dd>O^&GtPM|c6J;R=bHDJJ`HPP=?0*Z8spV{ zfw8CJuD^gQid7lQThWN`;7P2ngPjYlCu?;>YvWMxVM{YhZcxm912yt&Rmchr>D4qG zmPlCYI$~TH1C=eutTGmA+^gvViz;*@YRgcEam_6UDM<99Ciy88W1_#a6VOIoh04l6 zOI;%-q_Vc;g9gHE;IauL$BTD|(mCDR)uHK3M<1&_ZnHS-I@K+0cNa-phT1t+Y>i~p zw^5MGWx*R$x5}mBeeM_ob=P*|DzFnaRo7oHV-9E2o+!S%$A#H2?@PY4q^w79LJ=iP zy&w~sNVJvPxnj0j&Z*M)GSOr;CPk5qI`3Rsl2As!0z8Me&D9T)X{kTu6(MO;MVJ>? zupz5rHODj(D!izm0H7i?iPdOC>%EIFW z@5^haV3+2)4yP8lT1}zl#a#=oi@=$|BZybP zmaJNSiJJ`)J!+MYD0loSysy+lWr+rfb%b<{L|#ybN1vO!)VjbEV(Tk<8(Davb{3x3 z&Eg2hDP3#fJ=J3vqpiA%`ByA4`Kfx3lZ{Hk!oYzpDjNxF^&|~&;0yP02I62*NIQk5 zBs)^9y2Ms*AO`EH%{|HuT2Mpb$d2yMxFVqUSmAQe%9Vqf78l=Qu840r=rOaL(U%<- zpGGCtzY87?jN)4q6@Qntr8u_-&I77_@epV&Hi`7^W_37^DctCPj;uc>?zXvnl;k_&rT*3tNkZ1 z*#d@vkG1hm52MMIRIjXVG6}4QjiG2@=ofIkhBLKD#etOFh3J`6m<)|f1kv(q)R~&xJOxKnUE1=k=##FP?|NNsSEs0q@4S9PBi@tVu7({8dl6mxyDTu>9aW@PwuoEpgZ3r!x%57E??yI7m<#nvD5=<+xl-Y-f|* z+h9>8W;UXw&SK$F&;D{-Sa&ivc&Z8v_GN9j6rRV;&V&(~4%?DIIkG60xyJ&~@3qsN z(R)<}HJuez%wa|QyjSDEQq=j!^3v)IRv32~QVnFALdKg$rQ$M?pwHv_mPjCqqyrVP zIgOP8ioj;zSPHOt(@5649o_vO+Ew`#;XQ*F#w-R8e#iX$p*q7GNi{BO3Hx*b7gLbx13P+@jRzwl(iw zH+qkrUE%Hn578BuuU+503twiSL$?sr$`Bop+IgU^sd_6|n&`oj1joWm4jUPu0W{LX z(al7JPFWD)Cq%6!Ac17A9F0q!77zfdJstq|cKI6S+P%SS;cTkPrm5`b88*ufi?$ip%=-)1 z+>tX2Xt}Rp+k3is#H!*EPxO-Us5Yr;egbyVDx zm2m`Cn#esDi>vs0$s$_lcrn8c>jf8*60j_WY5EADSu}GzW8cg_PbIL;?^JX~RpWg7 z;QsyVd*Wp1s+$3jhJzssy&HvLS}YgnNU)Q%V;P1rN+*OFXDMX)P0-P1P=3ZkMWjV6 z$jI$<(NnT0)GbkF=aMW9uEKdZgthc|h`Ld724r>~2GxD|RshAW>4ElWcLq`Q2hCyx32%ZUb+o33_oGw$?zOuvU)!~{I7n!aZ<@xF_fL}jWkQ@QVhpj) zTT#Homyqz3^(>$bO=7B#?1UfzCT>#U3{m`wa_&&zl+OU)e<&6-bQs;Rub*?NYUwL`H%mvyCnvbdP;N%Wo!A06|8PX?pkFAkPMA_o8 zDDv#nNI=R-Fed9G<=KeHArxFEErRX1zBs$nc0CNqGBC_Xyt)&=;*6akU^0cWvJQy# z37D(^Xq61YDedKA2Fu4qtz*4Sh|4UFPhH|(F@#kAn~3QR6lI?pReE*orV%pz;iY2l z5}~r0o~1s(dIv2@CZ2F8h6l=dwTz+DO_WrFAqFum>W69-4qJ2lh7@Uj^mB&Vai$n^>$@ahmhupGkVBf0T-(^knTl$j&8e= zMeVICS6UE;!x|AwQdUiIcJof|=$b$RiW62Jr-je1XKkK;P|iFaa54@lKNxyDKAsvli_(yVlmh(?!e-2$dzFixFbm2p_PyEnu=>MAy#@b zc-q{wSbPpI1<&X1O!)b;SYo_%b!$6UhY``iDM9N(@*LHxgo0wdx^uoDX9Jq^d~uz} zOw zeYjs7>>lo4-Z9&EZ-4h14^Hk}K2WdN1M2w&gf`8T$HDdv59jst3Ys8FApafCeRH*m#KHq`ay|({rKi?uER3L5W9T>Gvo1F zjh484zOi-BeH+EW*0mjdXYyn#>-p(Sap?esc}yO~K;o0=Pd)@oI?e+Esu>*>J29Pk z^oc7HdQ2;g>pH)#8TLnH-kS{6{cEMx1vU6iPyE!e6uj#a}IG)MSV1DCvv7#DVh$Gesf(1m;N?!o1Y_ZRzH2U}sWri<&FpVR;7GVAFH zY=cnJEWK2S45kIsmy(uoO*UlC!-oppQjopWbMnIEvVJ)Dp!ToAx-ly&{LKnWnxWZs z$2MpPljTx+&^R*iJf4*$b$0iX*le&0R~SP&olA70^VLyGj{wyb4kuw}N7mJ&AXe7+ zL8p%&I!x*v4$%&8F7ZZD6lDX&f#uF6rnjOvdU&R7wj&8=YL0HTgj+@&sUPptm{M^B4Qr@QIMX9M;Y$?kF{Y8tqCkJgt*dPSKNFW&yJ5!nXo<@7Dlz> z0k0-Jz9|prdmF`^iC9khEIG{efHn;~$XGy31q*~Cg&@4k5+@m=uup}14UwTI#w?nw z^V_p}PtZ(a4B>6?v@+ETq8fwZ=u>W_JW*ZD>L{4%AS&BQ2Uetved=l zMRilE++ZW+Xo`l!r=>Eh;=eWqAEY7hAeGer=3+3wv;X)nb<_VT#$5I=fJ)=*f9?p# z8k|IHPU;a_i!2%8c#vOu5=d1`gVIgW<*`ICz#%x%i+nyo^Yg!)w!nXW41q8fo88kg`lErAC|u5P{9O=ZlrIDd@0^l8d$x3H@C*0O8WHH(*nBQDUzpYzoTCO&g>U+apWk z)xjtQ4zsg~Ldzwj+teo7YHKNmPa*=X6e7MZ0a>Tk4IfOEVmC<~eMi`fmWfp$z83&- zqk4=V`@sy4xfX698okDEc@J}DUjUV+> z9FtOp*v5j8|ya+c+Onp@?{NayV>{jWJ zS#Sj8NZN|F1P*-0t*=mac5$vogx@F;MWN?OHt@#etB4@0(~%wQD74l)ds|no6k7+d zt5}cOoQH6rEqL@Qo(HpYYWQeoe7jhzxP$F#2W2i>6k%%MNYQ$Sx4|fo3aty{QVa)u z2e64{;A+k#=f?plJa;jQxamxtrlW*!rfG8H~q zMSQx7_=FYlDO)-|=}?C(^$7Y5BIxsopwA|PStZ&HndR7F`kXsVUxE(Pm!!kYN;InE z<5hUEzG)Nc%aBl?c|v`z3GK;_Cv3Xe5$$G2w3{8#Zg!Hcf3sE!Z1Q!puN7VE<^OK@A+F|vnlW!p7~lAx-R#6L%Rc+`m|uUM zsU~y&L=*O?d7_zqAWzEP88GE_zfjcroFj8Ra)t&NQX{Mp61%2}vpb$b`!gSXP)In1Q)` zR-7Q8fhHe*szDvfGkGwRIUAZsWkN8M$x_ik#@}pJBxKiDlaNiuvjXym*<_8NCy$I{ z@)_1DQPwK40Wvg;flUte5wgm*&@4uue1@4ce`y~-;9==zp%0Jute7K*uVk@JjLA_H2%j+} zn)c2XHSkXS`E+yxSi-st0tVvni$2|0L@Ax8ZFLmqG<;!orWrJ+R$X-$yX-SK+(7S^ zuBmOZwRZ^d