From 71656e4a6639a9e75fa4db72b1ec9b5db63dc76a Mon Sep 17 00:00:00 2001 From: Kilian Hofmann Date: Mon, 5 Sep 2022 01:41:09 +0200 Subject: [PATCH] Reimplementd IX with OpenSSL --- CMakeLists.txt | 3 + build.sh | 6 + format.sh | 2 +- ixwebsocket/CMakeLists.txt | 123 + ixwebsocket/IXBench.cpp | 61 + ixwebsocket/IXCancellationRequest.cpp | 35 + ixwebsocket/IXConnectionState.cpp | 73 + ixwebsocket/IXDNSLookup.cpp | 195 + ixwebsocket/IXExponentialBackoff.cpp | 44 + ixwebsocket/IXGetFreePort.cpp | 97 + ixwebsocket/IXGzipCodec.cpp | 120 + ixwebsocket/IXHttp.cpp | 213 + ixwebsocket/IXHttpClient.cpp | 772 +++ ixwebsocket/IXHttpServer.cpp | 235 + ixwebsocket/IXNetSystem.cpp | 461 ++ ixwebsocket/IXSelectInterrupt.cpp | 53 + ixwebsocket/IXSelectInterruptEvent.cpp | 85 + ixwebsocket/IXSelectInterruptFactory.cpp | 26 + ixwebsocket/IXSelectInterruptPipe.cpp | 161 + ixwebsocket/IXSetThreadName.cpp | 83 + ixwebsocket/IXSocket.cpp | 453 ++ ixwebsocket/IXSocketAppleSSL.cpp | 313 + ixwebsocket/IXSocketConnect.cpp | 152 + ixwebsocket/IXSocketFactory.cpp | 64 + ixwebsocket/IXSocketMbedTLS.cpp | 361 ++ ixwebsocket/IXSocketOpenSSL.cpp | 849 +++ ixwebsocket/IXSocketServer.cpp | 495 ++ ixwebsocket/IXSocketTLSOptions.cpp | 93 + ixwebsocket/IXStrCaseCompare.cpp | 37 + ixwebsocket/IXUdpSocket.cpp | 126 + ixwebsocket/IXUrlParser.cpp | 395 ++ ixwebsocket/IXUserAgent.cpp | 89 + ixwebsocket/IXUuid.cpp | 75 + ixwebsocket/IXWebSocket.cpp | 614 ++ ixwebsocket/IXWebSocketCloseConstants.cpp | 36 + ixwebsocket/IXWebSocketHandshake.cpp | 363 ++ ixwebsocket/IXWebSocketHttpHeaders.cpp | 74 + ixwebsocket/IXWebSocketPerMessageDeflate.cpp | 96 + .../IXWebSocketPerMessageDeflateCodec.cpp | 252 + .../IXWebSocketPerMessageDeflateOptions.cpp | 185 + ixwebsocket/IXWebSocketProxyServer.cpp | 137 + ixwebsocket/IXWebSocketServer.cpp | 229 + ixwebsocket/IXWebSocketTransport.cpp | 1197 ++++ ixwebsocket/include/IXBase64.h | 124 + ixwebsocket/include/IXBench.h | 32 + ixwebsocket/include/IXCancellationRequest.h | 18 + ixwebsocket/include/IXConnectionState.h | 54 + ixwebsocket/include/IXDNSLookup.h | 67 + ixwebsocket/include/IXExponentialBackoff.h | 16 + ixwebsocket/include/IXGetFreePort.h | 12 + ixwebsocket/include/IXGzipCodec.h | 15 + ixwebsocket/include/IXHttp.h | 134 + ixwebsocket/include/IXHttpClient.h | 123 + ixwebsocket/include/IXHttpServer.h | 59 + ixwebsocket/include/IXNetSystem.h | 87 + ixwebsocket/include/IXProgressCallback.h | 16 + ixwebsocket/include/IXSelectInterrupt.h | 35 + ixwebsocket/include/IXSelectInterruptEvent.h | 39 + .../include/IXSelectInterruptFactory.h | 16 + ixwebsocket/include/IXSelectInterruptPipe.h | 40 + ixwebsocket/include/IXSetThreadName.h | 12 + ixwebsocket/include/IXSocket.h | 99 + ixwebsocket/include/IXSocketAppleSSL.h | 52 + ixwebsocket/include/IXSocketConnect.h | 31 + ixwebsocket/include/IXSocketFactory.h | 21 + ixwebsocket/include/IXSocketMbedTLS.h | 60 + ixwebsocket/include/IXSocketOpenSSL.h | 68 + ixwebsocket/include/IXSocketServer.h | 130 + ixwebsocket/include/IXSocketTLSOptions.h | 54 + ixwebsocket/include/IXStrCaseCompare.h | 25 + ixwebsocket/include/IXUdpSocket.h | 45 + ixwebsocket/include/IXUniquePtr.h | 18 + ixwebsocket/include/IXUrlParser.h | 23 + ixwebsocket/include/IXUserAgent.h | 14 + ixwebsocket/include/IXUtf8Validator.h | 178 + ixwebsocket/include/IXUuid.h | 17 + ixwebsocket/include/IXWebSocket.h | 180 + .../include/IXWebSocketCloseConstants.h | 37 + ixwebsocket/include/IXWebSocketCloseInfo.h | 28 + ixwebsocket/include/IXWebSocketErrorInfo.h | 22 + ixwebsocket/include/IXWebSocketHandshake.h | 54 + .../include/IXWebSocketHandshakeKeyGen.h | 171 + ixwebsocket/include/IXWebSocketHttpHeaders.h | 23 + ixwebsocket/include/IXWebSocketInitResult.h | 36 + ixwebsocket/include/IXWebSocketMessage.h | 60 + ixwebsocket/include/IXWebSocketMessageType.h | 21 + ixwebsocket/include/IXWebSocketOpenInfo.h | 31 + .../include/IXWebSocketPerMessageDeflate.h | 64 + .../IXWebSocketPerMessageDeflateCodec.h | 64 + .../IXWebSocketPerMessageDeflateOptions.h | 47 + ixwebsocket/include/IXWebSocketProxyServer.h | 24 + ixwebsocket/include/IXWebSocketSendData.h | 128 + ixwebsocket/include/IXWebSocketSendInfo.h | 27 + ixwebsocket/include/IXWebSocketServer.h | 77 + ixwebsocket/include/IXWebSocketTransport.h | 276 + ixwebsocket/include/IXWebSocketVersion.h | 9 + makerwysxp/CMakeLists.txt | 2 +- openSSL/win32/include/openssl/aes.h | 92 + openSSL/win32/include/openssl/applink.c | 138 + openSSL/win32/include/openssl/asn1.h | 886 +++ openSSL/win32/include/openssl/asn1_mac.h | 10 + openSSL/win32/include/openssl/asn1err.h | 256 + openSSL/win32/include/openssl/asn1t.h | 945 +++ openSSL/win32/include/openssl/async.h | 76 + openSSL/win32/include/openssl/asyncerr.h | 42 + openSSL/win32/include/openssl/bio.h | 801 +++ openSSL/win32/include/openssl/bioerr.h | 124 + openSSL/win32/include/openssl/blowfish.h | 61 + openSSL/win32/include/openssl/bn.h | 539 ++ openSSL/win32/include/openssl/bnerr.h | 100 + openSSL/win32/include/openssl/buffer.h | 58 + openSSL/win32/include/openssl/buffererr.h | 34 + openSSL/win32/include/openssl/camellia.h | 83 + openSSL/win32/include/openssl/cast.h | 53 + openSSL/win32/include/openssl/cmac.h | 41 + openSSL/win32/include/openssl/cms.h | 339 ++ openSSL/win32/include/openssl/cmserr.h | 202 + openSSL/win32/include/openssl/comp.h | 53 + openSSL/win32/include/openssl/comperr.h | 44 + openSSL/win32/include/openssl/conf.h | 168 + openSSL/win32/include/openssl/conf_api.h | 40 + openSSL/win32/include/openssl/conferr.h | 76 + openSSL/win32/include/openssl/crypto.h | 445 ++ openSSL/win32/include/openssl/cryptoerr.h | 57 + openSSL/win32/include/openssl/ct.h | 474 ++ openSSL/win32/include/openssl/cterr.h | 80 + openSSL/win32/include/openssl/des.h | 174 + openSSL/win32/include/openssl/dh.h | 340 ++ openSSL/win32/include/openssl/dherr.h | 88 + openSSL/win32/include/openssl/dsa.h | 244 + openSSL/win32/include/openssl/dsaerr.h | 72 + openSSL/win32/include/openssl/dtls1.h | 55 + openSSL/win32/include/openssl/e_os2.h | 301 + openSSL/win32/include/openssl/ebcdic.h | 33 + openSSL/win32/include/openssl/ec.h | 1484 +++++ openSSL/win32/include/openssl/ecdh.h | 10 + openSSL/win32/include/openssl/ecdsa.h | 10 + openSSL/win32/include/openssl/ecerr.h | 276 + openSSL/win32/include/openssl/engine.h | 752 +++ openSSL/win32/include/openssl/engineerr.h | 111 + openSSL/win32/include/openssl/err.h | 274 + openSSL/win32/include/openssl/evp.h | 1666 ++++++ openSSL/win32/include/openssl/evperr.h | 204 + openSSL/win32/include/openssl/hmac.h | 51 + openSSL/win32/include/openssl/idea.h | 64 + openSSL/win32/include/openssl/kdf.h | 97 + openSSL/win32/include/openssl/kdferr.h | 55 + openSSL/win32/include/openssl/lhash.h | 241 + openSSL/win32/include/openssl/md2.h | 44 + openSSL/win32/include/openssl/md4.h | 51 + openSSL/win32/include/openssl/md5.h | 50 + openSSL/win32/include/openssl/mdc2.h | 42 + openSSL/win32/include/openssl/modes.h | 208 + openSSL/win32/include/openssl/obj_mac.h | 5198 +++++++++++++++++ openSSL/win32/include/openssl/objects.h | 175 + openSSL/win32/include/openssl/objectserr.h | 42 + openSSL/win32/include/openssl/ocsp.h | 352 ++ openSSL/win32/include/openssl/ocsperr.h | 78 + openSSL/win32/include/openssl/opensslconf.h | 203 + openSSL/win32/include/openssl/opensslv.h | 101 + openSSL/win32/include/openssl/ossl_typ.h | 197 + openSSL/win32/include/openssl/pem.h | 378 ++ openSSL/win32/include/openssl/pem2.h | 13 + openSSL/win32/include/openssl/pemerr.h | 105 + openSSL/win32/include/openssl/pkcs12.h | 223 + openSSL/win32/include/openssl/pkcs12err.h | 81 + openSSL/win32/include/openssl/pkcs7.h | 319 + openSSL/win32/include/openssl/pkcs7err.h | 103 + openSSL/win32/include/openssl/rand.h | 77 + openSSL/win32/include/openssl/rand_drbg.h | 130 + openSSL/win32/include/openssl/randerr.h | 94 + openSSL/win32/include/openssl/rc2.h | 51 + openSSL/win32/include/openssl/rc4.h | 36 + openSSL/win32/include/openssl/rc5.h | 63 + openSSL/win32/include/openssl/ripemd.h | 47 + openSSL/win32/include/openssl/rsa.h | 513 ++ openSSL/win32/include/openssl/rsaerr.h | 167 + openSSL/win32/include/openssl/safestack.h | 207 + openSSL/win32/include/openssl/seed.h | 96 + openSSL/win32/include/openssl/sha.h | 119 + openSSL/win32/include/openssl/srp.h | 135 + openSSL/win32/include/openssl/srtp.h | 50 + openSSL/win32/include/openssl/ssl.h | 2448 ++++++++ openSSL/win32/include/openssl/ssl2.h | 24 + openSSL/win32/include/openssl/ssl3.h | 342 ++ openSSL/win32/include/openssl/sslerr.h | 776 +++ openSSL/win32/include/openssl/stack.h | 83 + openSSL/win32/include/openssl/store.h | 266 + openSSL/win32/include/openssl/storeerr.h | 91 + openSSL/win32/include/openssl/symhacks.h | 37 + openSSL/win32/include/openssl/tls1.h | 1237 ++++ openSSL/win32/include/openssl/ts.h | 559 ++ openSSL/win32/include/openssl/tserr.h | 132 + openSSL/win32/include/openssl/txt_db.h | 57 + openSSL/win32/include/openssl/ui.h | 368 ++ openSSL/win32/include/openssl/uierr.h | 65 + openSSL/win32/include/openssl/whrlpool.h | 48 + openSSL/win32/include/openssl/x509.h | 1050 ++++ openSSL/win32/include/openssl/x509_vfy.h | 632 ++ openSSL/win32/include/openssl/x509err.h | 129 + openSSL/win32/include/openssl/x509v3.h | 938 +++ openSSL/win32/include/openssl/x509v3err.h | 164 + openSSL/win32/libcrypto-1_1.dll | Bin 0 -> 2408448 bytes openSSL/win32/libssl-1_1.dll | Bin 0 -> 536576 bytes ...ibcrypto-1_1-x64.dll => libcrypto-1_1.dll} | Bin .../{libssl-1_1-x64.dll => libssl-1_1.dll} | Bin socket/include/socket.h | 36 - socket/socket.cpp | 46 - {socket => websocket}/include/types.h | 0 websocket/include/websocket.h | 42 + websocket/websocket.cpp | 104 + xplugin/CMakeLists.txt | 9 +- xplugin/include/main.h | 2 +- xplugin/main.cpp | 18 +- 214 files changed, 44919 insertions(+), 99 deletions(-) create mode 100644 ixwebsocket/CMakeLists.txt create mode 100644 ixwebsocket/IXBench.cpp create mode 100644 ixwebsocket/IXCancellationRequest.cpp create mode 100644 ixwebsocket/IXConnectionState.cpp create mode 100644 ixwebsocket/IXDNSLookup.cpp create mode 100644 ixwebsocket/IXExponentialBackoff.cpp create mode 100644 ixwebsocket/IXGetFreePort.cpp create mode 100644 ixwebsocket/IXGzipCodec.cpp create mode 100644 ixwebsocket/IXHttp.cpp create mode 100644 ixwebsocket/IXHttpClient.cpp create mode 100644 ixwebsocket/IXHttpServer.cpp create mode 100644 ixwebsocket/IXNetSystem.cpp create mode 100644 ixwebsocket/IXSelectInterrupt.cpp create mode 100644 ixwebsocket/IXSelectInterruptEvent.cpp create mode 100644 ixwebsocket/IXSelectInterruptFactory.cpp create mode 100644 ixwebsocket/IXSelectInterruptPipe.cpp create mode 100644 ixwebsocket/IXSetThreadName.cpp create mode 100644 ixwebsocket/IXSocket.cpp create mode 100644 ixwebsocket/IXSocketAppleSSL.cpp create mode 100644 ixwebsocket/IXSocketConnect.cpp create mode 100644 ixwebsocket/IXSocketFactory.cpp create mode 100644 ixwebsocket/IXSocketMbedTLS.cpp create mode 100644 ixwebsocket/IXSocketOpenSSL.cpp create mode 100644 ixwebsocket/IXSocketServer.cpp create mode 100644 ixwebsocket/IXSocketTLSOptions.cpp create mode 100644 ixwebsocket/IXStrCaseCompare.cpp create mode 100644 ixwebsocket/IXUdpSocket.cpp create mode 100644 ixwebsocket/IXUrlParser.cpp create mode 100644 ixwebsocket/IXUserAgent.cpp create mode 100644 ixwebsocket/IXUuid.cpp create mode 100644 ixwebsocket/IXWebSocket.cpp create mode 100644 ixwebsocket/IXWebSocketCloseConstants.cpp create mode 100644 ixwebsocket/IXWebSocketHandshake.cpp create mode 100644 ixwebsocket/IXWebSocketHttpHeaders.cpp create mode 100644 ixwebsocket/IXWebSocketPerMessageDeflate.cpp create mode 100644 ixwebsocket/IXWebSocketPerMessageDeflateCodec.cpp create mode 100644 ixwebsocket/IXWebSocketPerMessageDeflateOptions.cpp create mode 100644 ixwebsocket/IXWebSocketProxyServer.cpp create mode 100644 ixwebsocket/IXWebSocketServer.cpp create mode 100644 ixwebsocket/IXWebSocketTransport.cpp create mode 100644 ixwebsocket/include/IXBase64.h create mode 100644 ixwebsocket/include/IXBench.h create mode 100644 ixwebsocket/include/IXCancellationRequest.h create mode 100644 ixwebsocket/include/IXConnectionState.h create mode 100644 ixwebsocket/include/IXDNSLookup.h create mode 100644 ixwebsocket/include/IXExponentialBackoff.h create mode 100644 ixwebsocket/include/IXGetFreePort.h create mode 100644 ixwebsocket/include/IXGzipCodec.h create mode 100644 ixwebsocket/include/IXHttp.h create mode 100644 ixwebsocket/include/IXHttpClient.h create mode 100644 ixwebsocket/include/IXHttpServer.h create mode 100644 ixwebsocket/include/IXNetSystem.h create mode 100644 ixwebsocket/include/IXProgressCallback.h create mode 100644 ixwebsocket/include/IXSelectInterrupt.h create mode 100644 ixwebsocket/include/IXSelectInterruptEvent.h create mode 100644 ixwebsocket/include/IXSelectInterruptFactory.h create mode 100644 ixwebsocket/include/IXSelectInterruptPipe.h create mode 100644 ixwebsocket/include/IXSetThreadName.h create mode 100644 ixwebsocket/include/IXSocket.h create mode 100644 ixwebsocket/include/IXSocketAppleSSL.h create mode 100644 ixwebsocket/include/IXSocketConnect.h create mode 100644 ixwebsocket/include/IXSocketFactory.h create mode 100644 ixwebsocket/include/IXSocketMbedTLS.h create mode 100644 ixwebsocket/include/IXSocketOpenSSL.h create mode 100644 ixwebsocket/include/IXSocketServer.h create mode 100644 ixwebsocket/include/IXSocketTLSOptions.h create mode 100644 ixwebsocket/include/IXStrCaseCompare.h create mode 100644 ixwebsocket/include/IXUdpSocket.h create mode 100644 ixwebsocket/include/IXUniquePtr.h create mode 100644 ixwebsocket/include/IXUrlParser.h create mode 100644 ixwebsocket/include/IXUserAgent.h create mode 100644 ixwebsocket/include/IXUtf8Validator.h create mode 100644 ixwebsocket/include/IXUuid.h create mode 100644 ixwebsocket/include/IXWebSocket.h create mode 100644 ixwebsocket/include/IXWebSocketCloseConstants.h create mode 100644 ixwebsocket/include/IXWebSocketCloseInfo.h create mode 100644 ixwebsocket/include/IXWebSocketErrorInfo.h create mode 100644 ixwebsocket/include/IXWebSocketHandshake.h create mode 100644 ixwebsocket/include/IXWebSocketHandshakeKeyGen.h create mode 100644 ixwebsocket/include/IXWebSocketHttpHeaders.h create mode 100644 ixwebsocket/include/IXWebSocketInitResult.h create mode 100644 ixwebsocket/include/IXWebSocketMessage.h create mode 100644 ixwebsocket/include/IXWebSocketMessageType.h create mode 100644 ixwebsocket/include/IXWebSocketOpenInfo.h create mode 100644 ixwebsocket/include/IXWebSocketPerMessageDeflate.h create mode 100644 ixwebsocket/include/IXWebSocketPerMessageDeflateCodec.h create mode 100644 ixwebsocket/include/IXWebSocketPerMessageDeflateOptions.h create mode 100644 ixwebsocket/include/IXWebSocketProxyServer.h create mode 100644 ixwebsocket/include/IXWebSocketSendData.h create mode 100644 ixwebsocket/include/IXWebSocketSendInfo.h create mode 100644 ixwebsocket/include/IXWebSocketServer.h create mode 100644 ixwebsocket/include/IXWebSocketTransport.h create mode 100644 ixwebsocket/include/IXWebSocketVersion.h create mode 100644 openSSL/win32/include/openssl/aes.h create mode 100644 openSSL/win32/include/openssl/applink.c create mode 100644 openSSL/win32/include/openssl/asn1.h create mode 100644 openSSL/win32/include/openssl/asn1_mac.h create mode 100644 openSSL/win32/include/openssl/asn1err.h create mode 100644 openSSL/win32/include/openssl/asn1t.h create mode 100644 openSSL/win32/include/openssl/async.h create mode 100644 openSSL/win32/include/openssl/asyncerr.h create mode 100644 openSSL/win32/include/openssl/bio.h create mode 100644 openSSL/win32/include/openssl/bioerr.h create mode 100644 openSSL/win32/include/openssl/blowfish.h create mode 100644 openSSL/win32/include/openssl/bn.h create mode 100644 openSSL/win32/include/openssl/bnerr.h create mode 100644 openSSL/win32/include/openssl/buffer.h create mode 100644 openSSL/win32/include/openssl/buffererr.h create mode 100644 openSSL/win32/include/openssl/camellia.h create mode 100644 openSSL/win32/include/openssl/cast.h create mode 100644 openSSL/win32/include/openssl/cmac.h create mode 100644 openSSL/win32/include/openssl/cms.h create mode 100644 openSSL/win32/include/openssl/cmserr.h create mode 100644 openSSL/win32/include/openssl/comp.h create mode 100644 openSSL/win32/include/openssl/comperr.h create mode 100644 openSSL/win32/include/openssl/conf.h create mode 100644 openSSL/win32/include/openssl/conf_api.h create mode 100644 openSSL/win32/include/openssl/conferr.h create mode 100644 openSSL/win32/include/openssl/crypto.h create mode 100644 openSSL/win32/include/openssl/cryptoerr.h create mode 100644 openSSL/win32/include/openssl/ct.h create mode 100644 openSSL/win32/include/openssl/cterr.h create mode 100644 openSSL/win32/include/openssl/des.h create mode 100644 openSSL/win32/include/openssl/dh.h create mode 100644 openSSL/win32/include/openssl/dherr.h create mode 100644 openSSL/win32/include/openssl/dsa.h create mode 100644 openSSL/win32/include/openssl/dsaerr.h create mode 100644 openSSL/win32/include/openssl/dtls1.h create mode 100644 openSSL/win32/include/openssl/e_os2.h create mode 100644 openSSL/win32/include/openssl/ebcdic.h create mode 100644 openSSL/win32/include/openssl/ec.h create mode 100644 openSSL/win32/include/openssl/ecdh.h create mode 100644 openSSL/win32/include/openssl/ecdsa.h create mode 100644 openSSL/win32/include/openssl/ecerr.h create mode 100644 openSSL/win32/include/openssl/engine.h create mode 100644 openSSL/win32/include/openssl/engineerr.h create mode 100644 openSSL/win32/include/openssl/err.h create mode 100644 openSSL/win32/include/openssl/evp.h create mode 100644 openSSL/win32/include/openssl/evperr.h create mode 100644 openSSL/win32/include/openssl/hmac.h create mode 100644 openSSL/win32/include/openssl/idea.h create mode 100644 openSSL/win32/include/openssl/kdf.h create mode 100644 openSSL/win32/include/openssl/kdferr.h create mode 100644 openSSL/win32/include/openssl/lhash.h create mode 100644 openSSL/win32/include/openssl/md2.h create mode 100644 openSSL/win32/include/openssl/md4.h create mode 100644 openSSL/win32/include/openssl/md5.h create mode 100644 openSSL/win32/include/openssl/mdc2.h create mode 100644 openSSL/win32/include/openssl/modes.h create mode 100644 openSSL/win32/include/openssl/obj_mac.h create mode 100644 openSSL/win32/include/openssl/objects.h create mode 100644 openSSL/win32/include/openssl/objectserr.h create mode 100644 openSSL/win32/include/openssl/ocsp.h create mode 100644 openSSL/win32/include/openssl/ocsperr.h create mode 100644 openSSL/win32/include/openssl/opensslconf.h create mode 100644 openSSL/win32/include/openssl/opensslv.h create mode 100644 openSSL/win32/include/openssl/ossl_typ.h create mode 100644 openSSL/win32/include/openssl/pem.h create mode 100644 openSSL/win32/include/openssl/pem2.h create mode 100644 openSSL/win32/include/openssl/pemerr.h create mode 100644 openSSL/win32/include/openssl/pkcs12.h create mode 100644 openSSL/win32/include/openssl/pkcs12err.h create mode 100644 openSSL/win32/include/openssl/pkcs7.h create mode 100644 openSSL/win32/include/openssl/pkcs7err.h create mode 100644 openSSL/win32/include/openssl/rand.h create mode 100644 openSSL/win32/include/openssl/rand_drbg.h create mode 100644 openSSL/win32/include/openssl/randerr.h create mode 100644 openSSL/win32/include/openssl/rc2.h create mode 100644 openSSL/win32/include/openssl/rc4.h create mode 100644 openSSL/win32/include/openssl/rc5.h create mode 100644 openSSL/win32/include/openssl/ripemd.h create mode 100644 openSSL/win32/include/openssl/rsa.h create mode 100644 openSSL/win32/include/openssl/rsaerr.h create mode 100644 openSSL/win32/include/openssl/safestack.h create mode 100644 openSSL/win32/include/openssl/seed.h create mode 100644 openSSL/win32/include/openssl/sha.h create mode 100644 openSSL/win32/include/openssl/srp.h create mode 100644 openSSL/win32/include/openssl/srtp.h create mode 100644 openSSL/win32/include/openssl/ssl.h create mode 100644 openSSL/win32/include/openssl/ssl2.h create mode 100644 openSSL/win32/include/openssl/ssl3.h create mode 100644 openSSL/win32/include/openssl/sslerr.h create mode 100644 openSSL/win32/include/openssl/stack.h create mode 100644 openSSL/win32/include/openssl/store.h create mode 100644 openSSL/win32/include/openssl/storeerr.h create mode 100644 openSSL/win32/include/openssl/symhacks.h create mode 100644 openSSL/win32/include/openssl/tls1.h create mode 100644 openSSL/win32/include/openssl/ts.h create mode 100644 openSSL/win32/include/openssl/tserr.h create mode 100644 openSSL/win32/include/openssl/txt_db.h create mode 100644 openSSL/win32/include/openssl/ui.h create mode 100644 openSSL/win32/include/openssl/uierr.h create mode 100644 openSSL/win32/include/openssl/whrlpool.h create mode 100644 openSSL/win32/include/openssl/x509.h create mode 100644 openSSL/win32/include/openssl/x509_vfy.h create mode 100644 openSSL/win32/include/openssl/x509err.h create mode 100644 openSSL/win32/include/openssl/x509v3.h create mode 100644 openSSL/win32/include/openssl/x509v3err.h create mode 100755 openSSL/win32/libcrypto-1_1.dll create mode 100755 openSSL/win32/libssl-1_1.dll rename openSSL/win64/{libcrypto-1_1-x64.dll => libcrypto-1_1.dll} (100%) rename openSSL/win64/{libssl-1_1-x64.dll => libssl-1_1.dll} (100%) delete mode 100644 socket/include/socket.h delete mode 100644 socket/socket.cpp rename {socket => websocket}/include/types.h (100%) create mode 100644 websocket/include/websocket.h create mode 100644 websocket/websocket.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 93e16a3..2a6373d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,6 +13,9 @@ set(PLUGIN_NAME GAConnector) option(DEBUG "Debug symbols" OFF) +add_subdirectory( + ixwebsocket +) add_subdirectory( makerwysxp ) diff --git a/build.sh b/build.sh index 5de6927..f952a70 100755 --- a/build.sh +++ b/build.sh @@ -12,15 +12,19 @@ case $1 in ;; "lin32") cmake -DDEBUG=$DEBUG -DBIT=32 -DCMAKE_TOOLCHAIN_FILE=../toolchain-lin.cmake .. + \cp -rf ../openSSL/lin32/*.so* Plugin/GAConnector/32/ ;; "lin64") cmake -DDEBUG=$DEBUG -DBIT=64 -DCMAKE_TOOLCHAIN_FILE=../toolchain-lin.cmake .. + \cp -rf ../openSSL/lin64/*.so* Plugin/GAConnector/64/ ;; "win32") cmake -DDEBUG=$DEBUG -DBIT=32 -DCMAKE_TOOLCHAIN_FILE=../toolchain-win-32.cmake .. + \cp -rf ../openSSL/win32/*.dll Plugin/GAConnector/32/ ;; "win64") cmake -DDEBUG=$DEBUG -DBIT=64 -DCMAKE_TOOLCHAIN_FILE=../toolchain-win-64.cmake .. + \cp -rf ../openSSL/win64/*.dll Plugin/GAConnector/64/ ;; esac @@ -35,3 +39,5 @@ if [ "$1" = "mac" ] && [ "$DEBUG" = "1" ] then /opt/osxcross/target/bin/osxcross-llvm-dsymutil Plugin/GAConnector/mac.xpl fi + + diff --git a/format.sh b/format.sh index 3add914..59aa6ed 100755 --- a/format.sh +++ b/format.sh @@ -2,7 +2,7 @@ shopt -s globstar -GLOBIGNORE='**/XPLM/**:XPLM/**:**/XPLM:**/nlohmann/**:nlohmann/**:**/nlohmann:**/XPSDK/**:XPSDK/**:**/XPSDK:**/build*/**:build*/**:**/build*' +GLOBIGNORE='**/XPLM/**:XPLM/**:**/XPLM:**/ixwebsocket/**:ixwebsocket/**:**/ixwebsocket:**/nlohmann/**:nlohmann/**:**/nlohmann:**/XPSDK/**:XPSDK/**:**/XPSDK:**/build*/**:build*/**:**/build*' clang-format -verbose -i **/*.cpp clang-format -verbose -i **/*.h diff --git a/ixwebsocket/CMakeLists.txt b/ixwebsocket/CMakeLists.txt new file mode 100644 index 0000000..74b38a5 --- /dev/null +++ b/ixwebsocket/CMakeLists.txt @@ -0,0 +1,123 @@ +file(GLOB ixwebsocket CONFIGURE_DEPENDS ${CMAKE_SOURCE_DIR}/ixwebsocket/*.cpp) + +add_library(ixwebsocket SHARED + ${ixwebsocket} +) + +target_include_directories(ixwebsocket PRIVATE + ${CMAKE_SOURCE_DIR}/ixwebsocket/include +) + +set_target_properties(ixwebsocket PROPERTIES + PUBLIC_HEADER ${CMAKE_SOURCE_DIR}/ixwebsocket/include +) +target_compile_options(ixwebsocket PRIVATE + -Wall + -Wextra + -pedantic +) +if(DEBUG) + target_compile_options(ixwebsocket PRIVATE + -g + ) + target_link_options(ixwebsocket PRIVATE + -g + ) +else() + target_compile_options(ixwebsocket PRIVATE + -O2 + ) +endif() + +if(APPLE) + message("Building ixwebsocket for MacOSX Universal into ${PROJECT_BINARY_DIR}/${PLUGIN_NAME}") + + set_target_properties(ixwebsocket PROPERTIES + LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME} + BUILD_WITH_INSTALL_NAME_DIR TRUE + ) + + target_compile_definitions(ixwebsocket PRIVATE + IXWEBSOCKET_USE_TLS + IXWEBSOCKET_USE_SECURE_TRANSPORT + ) + target_compile_options(ixwebsocket PRIVATE + "SHELL:-arch i386" + "SHELL:-arch x86_64" + ) + target_link_options(ixwebsocket PRIVATE + "SHELL:-arch i386" + "SHELL:-arch x86_64" + ) + target_link_libraries(ixwebsocket PRIVATE + "-framework Foundation" + "-framework Security" + ) +elseif(UNIX) + message("Building ixwebsocket for Linux ${BIT} into ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}/${BIT}") + + set_target_properties(ixwebsocket PROPERTIES + LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}/${BIT} + INSTALL_RPATH "\$ORIGIN" + ) + + target_compile_definitions(ixwebsocket PRIVATE + IXWEBSOCKET_USE_TLS + IXWEBSOCKET_USE_OPEN_SSL + ) + target_compile_options(ixwebsocket PRIVATE + -nodefaultlibs + ) + if(BIT STREQUAL "32") + target_compile_options(ixwebsocket PRIVATE + -m32 + ) + target_link_options(ixwebsocket PRIVATE + -m32 + ) + endif() + target_include_directories(ixwebsocket PRIVATE + ${CMAKE_SOURCE_DIR}/openSSL/lin${BIT}/include + ) + target_link_libraries(ixwebsocket PRIVATE + ${CMAKE_SOURCE_DIR}/openSSL/lin${BIT}/libcrypto.so.1.1 + ${CMAKE_SOURCE_DIR}/openSSL/lin${BIT}/libssl.so.1.1 + pthread + ) +elseif(WIN32) + message("Building ixwebsocket for Windows ${BIT} into ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}/${BIT}") + + set_target_properties(ixwebsocket PROPERTIES + RUNTIME_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}/${BIT} + ) + + target_compile_definitions(ixwebsocket PRIVATE + IXWEBSOCKET_USE_TLS + IXWEBSOCKET_USE_OPEN_SSL + ) + if(DEBUG) + target_compile_options(ixwebsocket PRIVATE + -gcodeview + ) + target_link_options(ixwebsocket PRIVATE + -Wl,-pdb= + ) + endif() + target_link_options(ixwebsocket PRIVATE + -static-libgcc + -static-libstdc++ + ) + target_include_directories(ixwebsocket PRIVATE + ${CMAKE_SOURCE_DIR}/openSSL/win${BIT}/include + ) + target_link_libraries(ixwebsocket PRIVATE + wsock32 + ws2_32 + shlwapi + crypt32 + ${CMAKE_SOURCE_DIR}/openSSL/win${BIT}/libcrypto-1_1.dll + ${CMAKE_SOURCE_DIR}/openSSL/win${BIT}/libssl-1_1.dll + ) +endif() + +add_library(ixwebsocket::ixwebsocket ALIAS ixwebsocket) \ No newline at end of file diff --git a/ixwebsocket/IXBench.cpp b/ixwebsocket/IXBench.cpp new file mode 100644 index 0000000..75497f8 --- /dev/null +++ b/ixwebsocket/IXBench.cpp @@ -0,0 +1,61 @@ +/* + * IXBench.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + */ + +#include "IXBench.h" + +#include + +namespace ix +{ + Bench::Bench(const std::string& description) + : _description(description) + { + reset(); + } + + Bench::~Bench() + { + if (!_reported) + { + report(); + } + } + + void Bench::reset() + { + _start = std::chrono::high_resolution_clock::now(); + _reported = false; + } + + void Bench::report() + { + auto now = std::chrono::high_resolution_clock::now(); + auto microseconds = std::chrono::duration_cast(now - _start); + + _duration = microseconds.count(); + std::cerr << _description << " completed in " << _duration << " us" << std::endl; + + setReported(); + } + + void Bench::record() + { + auto now = std::chrono::high_resolution_clock::now(); + auto microseconds = std::chrono::duration_cast(now - _start); + + _duration = microseconds.count(); + } + + void Bench::setReported() + { + _reported = true; + } + + uint64_t Bench::getDuration() const + { + return _duration; + } +} // namespace ix diff --git a/ixwebsocket/IXCancellationRequest.cpp b/ixwebsocket/IXCancellationRequest.cpp new file mode 100644 index 0000000..fc43e4f --- /dev/null +++ b/ixwebsocket/IXCancellationRequest.cpp @@ -0,0 +1,35 @@ +/* + * IXCancellationRequest.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXCancellationRequest.h" + +#include +#include + +namespace ix +{ + CancellationRequest makeCancellationRequestWithTimeout( + int secs, std::atomic& requestInitCancellation) + { + assert(secs > 0); + + auto start = std::chrono::system_clock::now(); + auto timeout = std::chrono::seconds(secs); + + auto isCancellationRequested = [&requestInitCancellation, start, timeout]() -> bool { + // Was an explicit cancellation requested ? + if (requestInitCancellation) return true; + + auto now = std::chrono::system_clock::now(); + if ((now - start) > timeout) return true; + + // No cancellation request + return false; + }; + + return isCancellationRequested; + } +} // namespace ix diff --git a/ixwebsocket/IXConnectionState.cpp b/ixwebsocket/IXConnectionState.cpp new file mode 100644 index 0000000..8a559f1 --- /dev/null +++ b/ixwebsocket/IXConnectionState.cpp @@ -0,0 +1,73 @@ +/* + * IXConnectionState.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXConnectionState.h" + +namespace ix +{ + std::atomic ConnectionState::_globalId(0); + + ConnectionState::ConnectionState() + : _terminated(false) + { + computeId(); + } + + void ConnectionState::computeId() + { + _id = std::to_string(_globalId++); + } + + const std::string& ConnectionState::getId() const + { + return _id; + } + + std::shared_ptr ConnectionState::createConnectionState() + { + return std::make_shared(); + } + + void ConnectionState::setOnSetTerminatedCallback(const OnSetTerminatedCallback& callback) + { + _onSetTerminatedCallback = callback; + } + + bool ConnectionState::isTerminated() const + { + return _terminated; + } + + void ConnectionState::setTerminated() + { + _terminated = true; + + if (_onSetTerminatedCallback) + { + _onSetTerminatedCallback(); + } + } + + const std::string& ConnectionState::getRemoteIp() + { + return _remoteIp; + } + + int ConnectionState::getRemotePort() + { + return _remotePort; + } + + void ConnectionState::setRemoteIp(const std::string& remoteIp) + { + _remoteIp = remoteIp; + } + + void ConnectionState::setRemotePort(int remotePort) + { + _remotePort = remotePort; + } +} // namespace ix diff --git a/ixwebsocket/IXDNSLookup.cpp b/ixwebsocket/IXDNSLookup.cpp new file mode 100644 index 0000000..9a2874f --- /dev/null +++ b/ixwebsocket/IXDNSLookup.cpp @@ -0,0 +1,195 @@ +/* + * IXDNSLookup.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +// +// On Windows Universal Platform (uwp), gai_strerror defaults behavior is to returns wchar_t +// which is different from all other platforms. We want the non unicode version. +// See https://github.com/microsoft/vcpkg/pull/11030 +// We could do this in IXNetSystem.cpp but so far we are only using gai_strerror in here. +// +#ifdef _UNICODE +#undef _UNICODE +#endif +#ifdef UNICODE +#undef UNICODE +#endif + +#include "IXDNSLookup.h" + +#include "IXNetSystem.h" +#include +#include +#include + +// mingw build quirks +#if defined(_WIN32) && defined(__GNUC__) +#define AI_NUMERICSERV NI_NUMERICSERV +#define AI_ADDRCONFIG LUP_ADDRCONFIG +#endif + +namespace ix +{ + const int64_t DNSLookup::kDefaultWait = 1; // ms + + DNSLookup::DNSLookup(const std::string& hostname, int port, int64_t wait) + : _hostname(hostname) + , _port(port) + , _wait(wait) + , _res(nullptr) + , _done(false) + { + ; + } + + struct addrinfo* DNSLookup::getAddrInfo(const std::string& hostname, + int port, + std::string& errMsg) + { + struct addrinfo hints; + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV; + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + + std::string sport = std::to_string(port); + + struct addrinfo* res; + int getaddrinfo_result = getaddrinfo(hostname.c_str(), sport.c_str(), &hints, &res); + if (getaddrinfo_result) + { + errMsg = gai_strerror(getaddrinfo_result); + res = nullptr; + } + return res; + } + + struct addrinfo* DNSLookup::resolve(std::string& errMsg, + const CancellationRequest& isCancellationRequested, + bool cancellable) + { + return cancellable ? resolveCancellable(errMsg, isCancellationRequested) + : resolveUnCancellable(errMsg, isCancellationRequested); + } + + void DNSLookup::release(struct addrinfo* addr) + { + freeaddrinfo(addr); + } + + struct addrinfo* DNSLookup::resolveUnCancellable( + std::string& errMsg, const CancellationRequest& isCancellationRequested) + { + errMsg = "no error"; + + // Maybe a cancellation request got in before the background thread terminated ? + if (isCancellationRequested()) + { + errMsg = "cancellation requested"; + return nullptr; + } + + return getAddrInfo(_hostname, _port, errMsg); + } + + struct addrinfo* DNSLookup::resolveCancellable( + std::string& errMsg, const CancellationRequest& isCancellationRequested) + { + errMsg = "no error"; + + // Can only be called once, otherwise we would have to manage a pool + // of background thread which is overkill for our usage. + if (_done) + { + return nullptr; // programming error, create a second DNSLookup instance + // if you need a second lookup. + } + + // + // Good resource on thread forced termination + // https://www.bo-yang.net/2017/11/19/cpp-kill-detached-thread + // + auto ptr = shared_from_this(); + std::weak_ptr self(ptr); + + int port = _port; + std::string hostname(_hostname); + + // We make the background thread doing the work a shared pointer + // instead of a member variable, because it can keep running when + // this object goes out of scope, in case of cancellation + auto t = std::make_shared(&DNSLookup::run, this, self, hostname, port); + t->detach(); + + while (!_done) + { + // Wait for 1 milliseconds, to see if the bg thread has terminated. + // We do not use a condition variable to wait, as destroying this one + // if the bg thread is alive can cause undefined behavior. + std::this_thread::sleep_for(std::chrono::milliseconds(_wait)); + + // Were we cancelled ? + if (isCancellationRequested()) + { + errMsg = "cancellation requested"; + return nullptr; + } + } + + // Maybe a cancellation request got in before the bg terminated ? + if (isCancellationRequested()) + { + errMsg = "cancellation requested"; + return nullptr; + } + + errMsg = getErrMsg(); + return getRes(); + } + + void DNSLookup::run(std::weak_ptr self, + std::string hostname, + int port) // thread runner + { + // We don't want to read or write into members variables of an object that could be + // gone, so we use temporary variables (res) or we pass in by copy everything that + // getAddrInfo needs to work. + std::string errMsg; + struct addrinfo* res = getAddrInfo(hostname, port, errMsg); + + if (auto lock = self.lock()) + { + // Copy result into the member variables + setRes(res); + setErrMsg(errMsg); + + _done = true; + } + } + + void DNSLookup::setErrMsg(const std::string& errMsg) + { + std::lock_guard lock(_errMsgMutex); + _errMsg = errMsg; + } + + const std::string& DNSLookup::getErrMsg() + { + std::lock_guard lock(_errMsgMutex); + return _errMsg; + } + + void DNSLookup::setRes(struct addrinfo* addr) + { + std::lock_guard lock(_resMutex); + _res = addr; + } + + struct addrinfo* DNSLookup::getRes() + { + std::lock_guard lock(_resMutex); + return _res; + } +} // namespace ix diff --git a/ixwebsocket/IXExponentialBackoff.cpp b/ixwebsocket/IXExponentialBackoff.cpp new file mode 100644 index 0000000..91a5dee --- /dev/null +++ b/ixwebsocket/IXExponentialBackoff.cpp @@ -0,0 +1,44 @@ +/* + * IXExponentialBackoff.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXExponentialBackoff.h" + +#include + +namespace ix +{ + uint32_t calculateRetryWaitMilliseconds(uint32_t retryCount, + uint32_t maxWaitBetweenReconnectionRetries, + uint32_t minWaitBetweenReconnectionRetries) + { + // It's easy with a power function to go beyond 2^32, and then + // have unexpected results, so prepare for that + const uint32_t maxRetryCountWithoutOverflow = 26; + + uint32_t waitTime = 0; + if (retryCount < maxRetryCountWithoutOverflow) + { + waitTime = std::pow(2, retryCount) * 100; + } + + if (waitTime < minWaitBetweenReconnectionRetries) + { + waitTime = minWaitBetweenReconnectionRetries; + } + + if (waitTime > maxWaitBetweenReconnectionRetries) + { + waitTime = maxWaitBetweenReconnectionRetries; + } + + if (retryCount >= maxRetryCountWithoutOverflow) + { + waitTime = maxWaitBetweenReconnectionRetries; + } + + return waitTime; + } +} // namespace ix diff --git a/ixwebsocket/IXGetFreePort.cpp b/ixwebsocket/IXGetFreePort.cpp new file mode 100644 index 0000000..af87eb0 --- /dev/null +++ b/ixwebsocket/IXGetFreePort.cpp @@ -0,0 +1,97 @@ +/* + * IXGetFreePort.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone. All rights reserved. + */ + +// Using inet_addr will trigger an error on uwp without this +// FIXME: use a different api +#ifdef _WIN32 +#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS +#define _WINSOCK_DEPRECATED_NO_WARNINGS +#endif +#endif + +#include "IXGetFreePort.h" + +#include "IXNetSystem.h" +#include "IXSocket.h" +#include +#include + +namespace ix +{ + int getAnyFreePortRandom() + { + std::random_device rd; + std::uniform_int_distribution dist(1024 + 1, 65535); + + return dist(rd); + } + + int getAnyFreePort() + { + socket_t sockfd; + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + { + return getAnyFreePortRandom(); + } + + int enable = 1; + if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char*) &enable, sizeof(enable)) < 0) + { + return getAnyFreePortRandom(); + } + + // Bind to port 0. This is the standard way to get a free port. + struct sockaddr_in server; // server address information + server.sin_family = AF_INET; + server.sin_port = htons(0); + server.sin_addr.s_addr = inet_addr("127.0.0.1"); + + if (bind(sockfd, (struct sockaddr*) &server, sizeof(server)) < 0) + { + Socket::closeSocket(sockfd); + return getAnyFreePortRandom(); + } + + struct sockaddr_in sa; // server address information + socklen_t len = sizeof(sa); + if (getsockname(sockfd, (struct sockaddr*) &sa, &len) < 0) + { + Socket::closeSocket(sockfd); + return getAnyFreePortRandom(); + } + + int port = ntohs(sa.sin_port); + Socket::closeSocket(sockfd); + + return port; + } + + int getFreePort() + { + while (true) + { +#if defined(__has_feature) +#if __has_feature(address_sanitizer) + int port = getAnyFreePortRandom(); +#else + int port = getAnyFreePort(); +#endif +#else + int port = getAnyFreePort(); +#endif + // + // Only port above 1024 can be used by non root users, but for some + // reason I got port 7 returned with macOS when binding on port 0... + // + if (port > 1024) + { + return port; + } + } + + return -1; + } +} // namespace ix diff --git a/ixwebsocket/IXGzipCodec.cpp b/ixwebsocket/IXGzipCodec.cpp new file mode 100644 index 0000000..4ed8a55 --- /dev/null +++ b/ixwebsocket/IXGzipCodec.cpp @@ -0,0 +1,120 @@ +/* + * IXGzipCodec.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone, Inc. All rights reserved. + */ + +#include "IXGzipCodec.h" + +#include "IXBench.h" +#include +#include + +#ifdef IXWEBSOCKET_USE_ZLIB +#include +#endif + +namespace ix +{ + std::string gzipCompress(const std::string& str) + { +#ifndef IXWEBSOCKET_USE_ZLIB + return std::string(); +#else + z_stream zs; // z_stream is zlib's control structure + memset(&zs, 0, sizeof(zs)); + + // deflateInit2 configure the file format: request gzip instead of deflate + const int windowBits = 15; + const int GZIP_ENCODING = 16; + + deflateInit2(&zs, + Z_DEFAULT_COMPRESSION, + Z_DEFLATED, + windowBits | GZIP_ENCODING, + 8, + Z_DEFAULT_STRATEGY); + + zs.next_in = (Bytef*) str.data(); + zs.avail_in = (uInt) str.size(); // set the z_stream's input + + int ret; + char outbuffer[32768]; + std::string outstring; + + // retrieve the compressed bytes blockwise + do + { + zs.next_out = reinterpret_cast(outbuffer); + zs.avail_out = sizeof(outbuffer); + + ret = deflate(&zs, Z_FINISH); + + if (outstring.size() < zs.total_out) + { + // append the block to the output string + outstring.append(outbuffer, zs.total_out - outstring.size()); + } + } while (ret == Z_OK); + + deflateEnd(&zs); + + return outstring; +#endif // IXWEBSOCKET_USE_ZLIB + } + +#ifdef IXWEBSOCKET_USE_DEFLATE + static uint32_t loadDecompressedGzipSize(const uint8_t* p) + { + return ((uint32_t) p[0] << 0) | ((uint32_t) p[1] << 8) | ((uint32_t) p[2] << 16) | + ((uint32_t) p[3] << 24); + } +#endif + + bool gzipDecompress(const std::string& in, std::string& out) + { +#ifndef IXWEBSOCKET_USE_ZLIB + return false; +#else + z_stream inflateState; + memset(&inflateState, 0, sizeof(inflateState)); + + inflateState.zalloc = Z_NULL; + inflateState.zfree = Z_NULL; + inflateState.opaque = Z_NULL; + inflateState.avail_in = 0; + inflateState.next_in = Z_NULL; + + if (inflateInit2(&inflateState, 16 + MAX_WBITS) != Z_OK) + { + return false; + } + + inflateState.avail_in = (uInt) in.size(); + inflateState.next_in = (unsigned char*) (const_cast(in.data())); + + const int kBufferSize = 1 << 14; + std::array compressBuffer; + + do + { + inflateState.avail_out = (uInt) kBufferSize; + inflateState.next_out = &compressBuffer.front(); + + int ret = inflate(&inflateState, Z_SYNC_FLUSH); + + if (ret == Z_NEED_DICT || ret == Z_DATA_ERROR || ret == Z_MEM_ERROR) + { + inflateEnd(&inflateState); + return false; + } + + out.append(reinterpret_cast(&compressBuffer.front()), + kBufferSize - inflateState.avail_out); + } while (inflateState.avail_out == 0); + + inflateEnd(&inflateState); + return true; +#endif // IXWEBSOCKET_USE_ZLIB + } +} // namespace ix diff --git a/ixwebsocket/IXHttp.cpp b/ixwebsocket/IXHttp.cpp new file mode 100644 index 0000000..4650402 --- /dev/null +++ b/ixwebsocket/IXHttp.cpp @@ -0,0 +1,213 @@ +/* + * IXHttp.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXHttp.h" + +#include "IXCancellationRequest.h" +#include "IXGzipCodec.h" +#include "IXSocket.h" +#include +#include + +namespace ix +{ + std::string Http::trim(const std::string& str) + { + std::string out; + for (auto c : str) + { + if (c != ' ' && c != '\n' && c != '\r') + { + out += c; + } + } + + return out; + } + + std::pair Http::parseStatusLine(const std::string& line) + { + // Request-Line = Method SP Request-URI SP HTTP-Version CRLF + std::string token; + std::stringstream tokenStream(line); + std::vector tokens; + + // Split by ' ' + while (std::getline(tokenStream, token, ' ')) + { + tokens.push_back(token); + } + + std::string httpVersion; + if (tokens.size() >= 1) + { + httpVersion = trim(tokens[0]); + } + + int statusCode = -1; + if (tokens.size() >= 2) + { + std::stringstream ss; + ss << trim(tokens[1]); + ss >> statusCode; + } + + return std::make_pair(httpVersion, statusCode); + } + + std::tuple Http::parseRequestLine( + const std::string& line) + { + // Request-Line = Method SP Request-URI SP HTTP-Version CRLF + std::string token; + std::stringstream tokenStream(line); + std::vector tokens; + + // Split by ' ' + while (std::getline(tokenStream, token, ' ')) + { + tokens.push_back(token); + } + + std::string method; + if (tokens.size() >= 1) + { + method = trim(tokens[0]); + } + + std::string requestUri; + if (tokens.size() >= 2) + { + requestUri = trim(tokens[1]); + } + + std::string httpVersion; + if (tokens.size() >= 3) + { + httpVersion = trim(tokens[2]); + } + + return std::make_tuple(method, requestUri, httpVersion); + } + + std::tuple Http::parseRequest( + std::unique_ptr& socket, int timeoutSecs) + { + HttpRequestPtr httpRequest; + + std::atomic requestInitCancellation(false); + + auto isCancellationRequested = + makeCancellationRequestWithTimeout(timeoutSecs, requestInitCancellation); + + // Read first line + auto lineResult = socket->readLine(isCancellationRequested); + auto lineValid = lineResult.first; + auto line = lineResult.second; + + if (!lineValid) + { + return std::make_tuple(false, "Error reading HTTP request line", httpRequest); + } + + // Parse request line (GET /foo HTTP/1.1\r\n) + auto requestLine = Http::parseRequestLine(line); + auto method = std::get<0>(requestLine); + auto uri = std::get<1>(requestLine); + auto httpVersion = std::get<2>(requestLine); + + // Retrieve and validate HTTP headers + auto result = parseHttpHeaders(socket, isCancellationRequested); + auto headersValid = result.first; + auto headers = result.second; + + if (!headersValid) + { + return std::make_tuple(false, "Error parsing HTTP headers", httpRequest); + } + + std::string body; + if (headers.find("Content-Length") != headers.end()) + { + int contentLength = 0; + try + { + contentLength = std::stoi(headers["Content-Length"]); + } + catch (const std::exception&) + { + return std::make_tuple( + false, "Error parsing HTTP Header 'Content-Length'", httpRequest); + } + + if (contentLength < 0) + { + return std::make_tuple( + false, "Error: 'Content-Length' should be a positive integer", httpRequest); + } + + auto res = socket->readBytes(contentLength, nullptr, nullptr, isCancellationRequested); + if (!res.first) + { + return std::make_tuple( + false, std::string("Error reading request: ") + res.second, httpRequest); + } + body = res.second; + } + + // If the content was compressed with gzip, decode it + if (headers["Content-Encoding"] == "gzip") + { +#ifdef IXWEBSOCKET_USE_ZLIB + std::string decompressedPayload; + if (!gzipDecompress(body, decompressedPayload)) + { + return std::make_tuple( + false, std::string("Error during gzip decompression of the body"), httpRequest); + } + body = decompressedPayload; +#else + std::string errorMsg("ixwebsocket was not compiled with gzip support on"); + return std::make_tuple(false, errorMsg, httpRequest); +#endif + } + + httpRequest = std::make_shared(uri, method, httpVersion, body, headers); + return std::make_tuple(true, "", httpRequest); + } + + bool Http::sendResponse(HttpResponsePtr response, std::unique_ptr& socket) + { + // Write the response to the socket + std::stringstream ss; + ss << "HTTP/1.1 "; + ss << response->statusCode; + ss << " "; + ss << response->description; + ss << "\r\n"; + + if (!socket->writeBytes(ss.str(), nullptr)) + { + return false; + } + + // Write headers + ss.str(""); + ss << "Content-Length: " << response->body.size() << "\r\n"; + for (auto&& it : response->headers) + { + ss << it.first << ": " << it.second << "\r\n"; + } + ss << "\r\n"; + + if (!socket->writeBytes(ss.str(), nullptr)) + { + return false; + } + + return response->body.empty() ? true : socket->writeBytes(response->body, nullptr); + } +} // namespace ix diff --git a/ixwebsocket/IXHttpClient.cpp b/ixwebsocket/IXHttpClient.cpp new file mode 100644 index 0000000..00cd952 --- /dev/null +++ b/ixwebsocket/IXHttpClient.cpp @@ -0,0 +1,772 @@ +/* + * IXHttpClient.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXHttpClient.h" + +#include "IXGzipCodec.h" +#include "IXSocketFactory.h" +#include "IXUrlParser.h" +#include "IXUserAgent.h" +#include "IXWebSocketHttpHeaders.h" +#include +#include +#include +#include +#include +#include + +namespace ix +{ + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods + const std::string HttpClient::kPost = "POST"; + const std::string HttpClient::kGet = "GET"; + const std::string HttpClient::kHead = "HEAD"; + const std::string HttpClient::kDelete = "DELETE"; + const std::string HttpClient::kPut = "PUT"; + const std::string HttpClient::kPatch = "PATCH"; + + HttpClient::HttpClient(bool async) + : _async(async) + , _stop(false) + , _forceBody(false) + { + if (!_async) return; + + _thread = std::thread(&HttpClient::run, this); + } + + HttpClient::~HttpClient() + { + if (!_thread.joinable()) return; + + _stop = true; + _condition.notify_one(); + _thread.join(); + } + + void HttpClient::setTLSOptions(const SocketTLSOptions& tlsOptions) + { + _tlsOptions = tlsOptions; + } + + void HttpClient::setForceBody(bool value) + { + _forceBody = value; + } + + HttpRequestArgsPtr HttpClient::createRequest(const std::string& url, const std::string& verb) + { + auto request = std::make_shared(); + request->url = url; + request->verb = verb; + return request; + } + + bool HttpClient::performRequest(HttpRequestArgsPtr args, + const OnResponseCallback& onResponseCallback) + { + assert(_async && "HttpClient needs its async parameter set to true " + "in order to call performRequest"); + if (!_async) return false; + + // Enqueue the task + { + // acquire lock + std::unique_lock lock(_queueMutex); + + // add the task + _queue.push(std::make_pair(args, onResponseCallback)); + } // release lock + + // wake up one thread + _condition.notify_one(); + + return true; + } + + void HttpClient::run() + { + while (true) + { + HttpRequestArgsPtr args; + OnResponseCallback onResponseCallback; + + { + std::unique_lock lock(_queueMutex); + + while (!_stop && _queue.empty()) + { + _condition.wait(lock); + } + + if (_stop) return; + + auto p = _queue.front(); + _queue.pop(); + + args = p.first; + onResponseCallback = p.second; + } + + if (_stop) return; + + HttpResponsePtr response = request(args->url, args->verb, args->body, args); + onResponseCallback(response); + + if (_stop) return; + } + } + + HttpResponsePtr HttpClient::request(const std::string& url, + const std::string& verb, + const std::string& body, + HttpRequestArgsPtr args, + int redirects) + { + // We only have one socket connection, so we cannot + // make multiple requests concurrently. + std::lock_guard lock(_mutex); + + uint64_t uploadSize = 0; + uint64_t downloadSize = 0; + int code = 0; + WebSocketHttpHeaders headers; + std::string payload; + std::string description; + + std::string protocol, host, path, query; + int port; + + if (!UrlParser::parse(url, protocol, host, path, query, port)) + { + std::stringstream ss; + ss << "Cannot parse url: " << url; + return std::make_shared(code, + description, + HttpErrorCode::UrlMalformed, + headers, + payload, + ss.str(), + uploadSize, + downloadSize); + } + + bool tls = protocol == "https"; + std::string errorMsg; + _socket = createSocket(tls, -1, errorMsg, _tlsOptions); + + if (!_socket) + { + return std::make_shared(code, + description, + HttpErrorCode::CannotCreateSocket, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + // Build request string + std::stringstream ss; + ss << verb << " " << path << " HTTP/1.1\r\n"; + ss << "Host: " << host << "\r\n"; + +#ifdef IXWEBSOCKET_USE_ZLIB + if (args->compress && !args->onChunkCallback) + { + ss << "Accept-Encoding: gzip" + << "\r\n"; + } +#endif + + // Append extra headers + for (auto&& it : args->extraHeaders) + { + ss << it.first << ": " << it.second << "\r\n"; + } + + // Set a default Accept header if none is present + if (args->extraHeaders.find("Accept") == args->extraHeaders.end()) + { + ss << "Accept: */*" + << "\r\n"; + } + + // Set a default User agent if none is present + if (args->extraHeaders.find("User-Agent") == args->extraHeaders.end()) + { + ss << "User-Agent: " << userAgent() << "\r\n"; + } + + if (verb == kPost || verb == kPut || verb == kPatch || _forceBody) + { + // Set request compression header +#ifdef IXWEBSOCKET_USE_ZLIB + if (args->compressRequest) + { + ss << "Content-Encoding: gzip" + << "\r\n"; + } +#endif + + ss << "Content-Length: " << body.size() << "\r\n"; + + // Set default Content-Type if unspecified + if (args->extraHeaders.find("Content-Type") == args->extraHeaders.end()) + { + if (args->multipartBoundary.empty()) + { + ss << "Content-Type: application/x-www-form-urlencoded" + << "\r\n"; + } + else + { + ss << "Content-Type: multipart/form-data; boundary=" << args->multipartBoundary + << "\r\n"; + } + } + ss << "\r\n"; + ss << body; + } + else + { + ss << "\r\n"; + } + + std::string req(ss.str()); + std::string errMsg; + + // Make a cancellation object dealing with connection timeout + auto cancelled = makeCancellationRequestWithTimeout(args->connectTimeout, args->cancel); + + auto isCancellationRequested = [&]() { + return cancelled() || _stop; + }; + + bool success = _socket->connect(host, port, errMsg, isCancellationRequested); + if (!success) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::CannotConnect; + std::stringstream ss; + ss << "Cannot connect to url: " << url << " / error : " << errMsg; + return std::make_shared(code, + description, + errorCode, + headers, + payload, + ss.str(), + uploadSize, + downloadSize); + } + + // Make a new cancellation object dealing with transfer timeout + cancelled = makeCancellationRequestWithTimeout(args->transferTimeout, args->cancel); + + if (args->verbose) + { + std::stringstream ss; + ss << "Sending " << verb << " request " + << "to " << host << ":" << port << std::endl + << "request size: " << req.size() << " bytes" << std::endl + << "=============" << std::endl + << req << "=============" << std::endl + << std::endl; + + log(ss.str(), args); + } + + if (!_socket->writeBytes(req, isCancellationRequested)) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::SendError; + std::string errorMsg("Cannot send request"); + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + uploadSize = req.size(); + + auto lineResult = _socket->readLine(isCancellationRequested); + auto lineValid = lineResult.first; + auto line = lineResult.second; + + if (!lineValid) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::CannotReadStatusLine; + std::string errorMsg("Cannot retrieve status line"); + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + if (args->verbose) + { + std::stringstream ss; + ss << "Status line " << line; + log(ss.str(), args); + } + + if (sscanf(line.c_str(), "HTTP/1.1 %d", &code) != 1) + { + std::string errorMsg("Cannot parse response code from status line"); + return std::make_shared(code, + description, + HttpErrorCode::MissingStatus, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + auto result = parseHttpHeaders(_socket, isCancellationRequested); + auto headersValid = result.first; + headers = result.second; + + if (!headersValid) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::HeaderParsingError; + std::string errorMsg("Cannot parse http headers"); + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + // Redirect ? + if ((code >= 301 && code <= 308) && args->followRedirects) + { + if (headers.find("Location") == headers.end()) + { + std::string errorMsg("Missing location header for redirect"); + return std::make_shared(code, + description, + HttpErrorCode::MissingLocation, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + if (redirects >= args->maxRedirects) + { + std::stringstream ss; + ss << "Too many redirects: " << redirects; + return std::make_shared(code, + description, + HttpErrorCode::TooManyRedirects, + headers, + payload, + ss.str(), + uploadSize, + downloadSize); + } + + // Recurse + std::string location = headers["Location"]; + return request(location, verb, body, args, redirects + 1); + } + + if (verb == "HEAD") + { + return std::make_shared(code, + description, + HttpErrorCode::Ok, + headers, + payload, + std::string(), + uploadSize, + downloadSize); + } + + // Parse response: + if (headers.find("Content-Length") != headers.end()) + { + ssize_t contentLength = -1; + ss.str(""); + ss << headers["Content-Length"]; + ss >> contentLength; + + auto chunkResult = _socket->readBytes(contentLength, + args->onProgressCallback, + args->onChunkCallback, + isCancellationRequested); + if (!chunkResult.first) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::ChunkReadError; + errorMsg = "Cannot read chunk"; + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + if (!args->onChunkCallback) + { + payload.reserve(contentLength); + payload += chunkResult.second; + } + } + else if (headers.find("Transfer-Encoding") != headers.end() && + headers["Transfer-Encoding"] == "chunked") + { + std::stringstream ss; + + while (true) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::ChunkReadError; + lineResult = _socket->readLine(isCancellationRequested); + line = lineResult.second; + + if (!lineResult.first) + { + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + uint64_t chunkSize; + ss.str(""); + ss << std::hex << line; + ss >> chunkSize; + + if (args->verbose) + { + std::stringstream oss; + oss << "Reading " << chunkSize << " bytes" << std::endl; + log(oss.str(), args); + } + + // Read a chunk + auto chunkResult = _socket->readBytes((size_t) chunkSize, + args->onProgressCallback, + args->onChunkCallback, + isCancellationRequested); + if (!chunkResult.first) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::ChunkReadError; + errorMsg = "Cannot read chunk"; + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + if (!args->onChunkCallback) + { + payload.reserve(payload.size() + (size_t) chunkSize); + payload += chunkResult.second; + } + + // Read the line that terminates the chunk (\r\n) + lineResult = _socket->readLine(isCancellationRequested); + + if (!lineResult.first) + { + auto errorCode = args->cancel ? HttpErrorCode::Cancelled : HttpErrorCode::ChunkReadError; + return std::make_shared(code, + description, + errorCode, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + if (chunkSize == 0) break; + } + } + else if (code == 204) + { + ; // 204 is NoContent response code + } + else + { + std::string errorMsg("Cannot read http body"); + return std::make_shared(code, + description, + HttpErrorCode::CannotReadBody, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + + downloadSize = payload.size(); + + // If the content was compressed with gzip, decode it + if (headers["Content-Encoding"] == "gzip") + { +#ifdef IXWEBSOCKET_USE_ZLIB + std::string decompressedPayload; + if (!gzipDecompress(payload, decompressedPayload)) + { + std::string errorMsg("Error decompressing payload"); + return std::make_shared(code, + description, + HttpErrorCode::Gzip, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); + } + payload = decompressedPayload; +#else + std::string errorMsg("ixwebsocket was not compiled with gzip support on"); + return std::make_shared(code, + description, + HttpErrorCode::Gzip, + headers, + payload, + errorMsg, + uploadSize, + downloadSize); +#endif + } + + return std::make_shared(code, + description, + HttpErrorCode::Ok, + headers, + payload, + std::string(), + uploadSize, + downloadSize); + } + + HttpResponsePtr HttpClient::get(const std::string& url, HttpRequestArgsPtr args) + { + return request(url, kGet, std::string(), args); + } + + HttpResponsePtr HttpClient::head(const std::string& url, HttpRequestArgsPtr args) + { + return request(url, kHead, std::string(), args); + } + + HttpResponsePtr HttpClient::Delete(const std::string& url, HttpRequestArgsPtr args) + { + return request(url, kDelete, std::string(), args); + } + + HttpResponsePtr HttpClient::request(const std::string& url, + const std::string& verb, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args) + { + std::string body; + + if (httpFormDataParameters.empty()) + { + body = serializeHttpParameters(httpParameters); + } + else + { + std::string multipartBoundary = generateMultipartBoundary(); + args->multipartBoundary = multipartBoundary; + body = serializeHttpFormDataParameters( + multipartBoundary, httpFormDataParameters, httpParameters); + } + +#ifdef IXWEBSOCKET_USE_ZLIB + if (args->compressRequest) + { + body = gzipCompress(body); + } +#endif + + return request(url, verb, body, args); + } + + HttpResponsePtr HttpClient::post(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args) + { + return request(url, kPost, httpParameters, httpFormDataParameters, args); + } + + HttpResponsePtr HttpClient::post(const std::string& url, + const std::string& body, + HttpRequestArgsPtr args) + { + return request(url, kPost, body, args); + } + + HttpResponsePtr HttpClient::put(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args) + { + return request(url, kPut, httpParameters, httpFormDataParameters, args); + } + + HttpResponsePtr HttpClient::put(const std::string& url, + const std::string& body, + const HttpRequestArgsPtr args) + { + return request(url, kPut, body, args); + } + + HttpResponsePtr HttpClient::patch(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args) + { + return request(url, kPatch, httpParameters, httpFormDataParameters, args); + } + + HttpResponsePtr HttpClient::patch(const std::string& url, + const std::string& body, + const HttpRequestArgsPtr args) + { + return request(url, kPatch, body, args); + } + + std::string HttpClient::urlEncode(const std::string& value) + { + std::ostringstream escaped; + escaped.fill('0'); + escaped << std::hex; + + for (std::string::const_iterator i = value.begin(), n = value.end(); i != n; ++i) + { + std::string::value_type c = (*i); + + // Keep alphanumeric and other accepted characters intact + if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') + { + escaped << c; + continue; + } + + // Any other characters are percent-encoded + escaped << std::uppercase; + escaped << '%' << std::setw(2) << int((unsigned char) c); + escaped << std::nouppercase; + } + + return escaped.str(); + } + + std::string HttpClient::serializeHttpParameters(const HttpParameters& httpParameters) + { + std::stringstream ss; + size_t count = httpParameters.size(); + size_t i = 0; + + for (auto&& it : httpParameters) + { + ss << urlEncode(it.first) << "=" << urlEncode(it.second); + + if (i++ < (count - 1)) + { + ss << "&"; + } + } + return ss.str(); + } + + std::string HttpClient::serializeHttpFormDataParameters( + const std::string& multipartBoundary, + const HttpFormDataParameters& httpFormDataParameters, + const HttpParameters& httpParameters) + { + // + // --AaB03x + // Content-Disposition: form-data; name="submit-name" + + // Larry + // --AaB03x + // Content-Disposition: form-data; name="foo.txt"; filename="file1.txt" + // Content-Type: text/plain + + // ... contents of file1.txt ... + // --AaB03x-- + // + std::stringstream ss; + + for (auto&& it : httpFormDataParameters) + { + ss << "--" << multipartBoundary << "\r\n" + << "Content-Disposition:" + << " form-data; name=\"" << it.first << "\";" + << " filename=\"" << it.first << "\"" + << "\r\n" + << "Content-Type: application/octet-stream" + << "\r\n" + << "\r\n" + << it.second << "\r\n"; + } + + for (auto&& it : httpParameters) + { + ss << "--" << multipartBoundary << "\r\n" + << "Content-Disposition:" + << " form-data; name=\"" << it.first << "\";" + << "\r\n" + << "\r\n" + << it.second << "\r\n"; + } + + ss << "--" << multipartBoundary << "--\r\n"; + + return ss.str(); + } + + void HttpClient::log(const std::string& msg, HttpRequestArgsPtr args) + { + if (args->logger) + { + args->logger(msg); + } + } + + std::string HttpClient::generateMultipartBoundary() + { + std::string str("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); + + static std::random_device rd; + static std::mt19937 generator(rd()); + + std::shuffle(str.begin(), str.end(), generator); + + return str; + } +} // namespace ix diff --git a/ixwebsocket/IXHttpServer.cpp b/ixwebsocket/IXHttpServer.cpp new file mode 100644 index 0000000..563dca9 --- /dev/null +++ b/ixwebsocket/IXHttpServer.cpp @@ -0,0 +1,235 @@ +/* + * IXHttpServer.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXHttpServer.h" + +#include "IXGzipCodec.h" +#include "IXNetSystem.h" +#include "IXSocketConnect.h" +#include "IXUserAgent.h" +#include +#include +#include +#include + +namespace +{ + std::pair> load(const std::string& path) + { + std::vector memblock; + + std::ifstream file(path); + if (!file.is_open()) return std::make_pair(false, memblock); + + file.seekg(0, file.end); + std::streamoff size = file.tellg(); + file.seekg(0, file.beg); + + memblock.resize((size_t) size); + file.read((char*) &memblock.front(), static_cast(size)); + + return std::make_pair(true, memblock); + } + + std::pair readAsString(const std::string& path) + { + auto res = load(path); + auto vec = res.second; + return std::make_pair(res.first, std::string(vec.begin(), vec.end())); + } +} // namespace + +namespace ix +{ + const int HttpServer::kDefaultTimeoutSecs(30); + + HttpServer::HttpServer(int port, + const std::string& host, + int backlog, + size_t maxConnections, + int addressFamily, + int timeoutSecs) + : SocketServer(port, host, backlog, maxConnections, addressFamily) + , _connectedClientsCount(0) + , _timeoutSecs(timeoutSecs) + { + setDefaultConnectionCallback(); + } + + HttpServer::~HttpServer() + { + stop(); + } + + void HttpServer::stop() + { + stopAcceptingConnections(); + + // FIXME: cancelling / closing active clients ... + + SocketServer::stop(); + } + + void HttpServer::setOnConnectionCallback(const OnConnectionCallback& callback) + { + _onConnectionCallback = callback; + } + + void HttpServer::handleConnection(std::unique_ptr socket, + std::shared_ptr connectionState) + { + _connectedClientsCount++; + + auto ret = Http::parseRequest(socket, _timeoutSecs); + // FIXME: handle errors in parseRequest + + if (std::get<0>(ret)) + { + auto response = _onConnectionCallback(std::get<2>(ret), connectionState); + if (!Http::sendResponse(response, socket)) + { + logError("Cannot send response"); + } + } + connectionState->setTerminated(); + + _connectedClientsCount--; + } + + size_t HttpServer::getConnectedClientsCount() + { + return _connectedClientsCount; + } + + void HttpServer::setDefaultConnectionCallback() + { + setOnConnectionCallback( + [this](HttpRequestPtr request, + std::shared_ptr connectionState) -> HttpResponsePtr { + std::string uri(request->uri); + if (uri.empty() || uri == "/") + { + uri = "/index.html"; + } + + WebSocketHttpHeaders headers; + headers["Server"] = userAgent(); + + std::string path("." + uri); + auto res = readAsString(path); + bool found = res.first; + if (!found) + { + return std::make_shared( + 404, "Not Found", HttpErrorCode::Ok, WebSocketHttpHeaders(), std::string()); + } + + std::string content = res.second; + +#ifdef IXWEBSOCKET_USE_ZLIB + std::string acceptEncoding = request->headers["Accept-encoding"]; + if (acceptEncoding == "*" || acceptEncoding.find("gzip") != std::string::npos) + { + content = gzipCompress(content); + headers["Content-Encoding"] = "gzip"; + } +#endif + + // Log request + std::stringstream ss; + ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort() + << " " << request->method << " " << request->headers["User-Agent"] << " " + << request->uri << " " << content.size(); + logInfo(ss.str()); + + // FIXME: check extensions to set the content type + // headers["Content-Type"] = "application/octet-stream"; + headers["Accept-Ranges"] = "none"; + + for (auto&& it : request->headers) + { + headers[it.first] = it.second; + } + + return std::make_shared( + 200, "OK", HttpErrorCode::Ok, headers, content); + }); + } + + void HttpServer::makeRedirectServer(const std::string& redirectUrl) + { + // + // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections + // + setOnConnectionCallback( + [this, + redirectUrl](HttpRequestPtr request, + std::shared_ptr connectionState) -> HttpResponsePtr { + WebSocketHttpHeaders headers; + headers["Server"] = userAgent(); + + // Log request + std::stringstream ss; + ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort() + << " " << request->method << " " << request->headers["User-Agent"] << " " + << request->uri; + logInfo(ss.str()); + + if (request->method == "POST") + { + return std::make_shared( + 200, "OK", HttpErrorCode::Ok, headers, std::string()); + } + + headers["Location"] = redirectUrl; + + return std::make_shared( + 301, "OK", HttpErrorCode::Ok, headers, std::string()); + }); + } + + // + // Display the client parameter and body on the console + // + void HttpServer::makeDebugServer() + { + setOnConnectionCallback( + [this](HttpRequestPtr request, + std::shared_ptr connectionState) -> HttpResponsePtr { + WebSocketHttpHeaders headers; + headers["Server"] = userAgent(); + + // Log request + std::stringstream ss; + ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort() + << " " << request->method << " " << request->headers["User-Agent"] << " " + << request->uri; + logInfo(ss.str()); + + logInfo("== Headers == "); + for (auto&& it : request->headers) + { + std::ostringstream oss; + oss << it.first << ": " << it.second; + logInfo(oss.str()); + } + logInfo(""); + + logInfo("== Body == "); + logInfo(request->body); + logInfo(""); + + return std::make_shared( + 200, "OK", HttpErrorCode::Ok, headers, std::string("OK")); + }); + } + + int HttpServer::getTimeoutSecs() + { + return _timeoutSecs; + } + +} // namespace ix diff --git a/ixwebsocket/IXNetSystem.cpp b/ixwebsocket/IXNetSystem.cpp new file mode 100644 index 0000000..c8bb7b1 --- /dev/null +++ b/ixwebsocket/IXNetSystem.cpp @@ -0,0 +1,461 @@ +/* + * IXNetSystem.cpp + * Author: Korchynskyi Dmytro + * Copyright (c) 2019 Machine Zone. All rights reserved. + */ + +#include "IXNetSystem.h" +#include +#include +#ifdef _WIN32 +#ifndef EAFNOSUPPORT + #define EAFNOSUPPORT 102 +#endif +#ifndef ENOSPC + #define ENOSPC 28 +#endif +#include +#endif + +namespace ix +{ + bool initNetSystem() + { +#ifdef _WIN32 + WORD wVersionRequested; + WSADATA wsaData; + int err; + + // Use the MAKEWORD(lowbyte, highbyte) macro declared in Windef.h + wVersionRequested = MAKEWORD(2, 2); + err = WSAStartup(wVersionRequested, &wsaData); + + return err == 0; +#else + return true; +#endif + } + + bool uninitNetSystem() + { +#ifdef _WIN32 + int err = WSACleanup(); + return err == 0; +#else + return true; +#endif + } + +#ifdef _WIN32 + struct WSAEvent + { + public: + WSAEvent(struct pollfd* fd) + : _fd(fd) + { + _event = WSACreateEvent(); + } + + WSAEvent(WSAEvent&& source) noexcept + { + _event = source._event; + source._event = WSA_INVALID_EVENT; // invalidate the event in the source + _fd = source._fd; + } + + ~WSAEvent() + { + if (_event != WSA_INVALID_EVENT) + { + // We must deselect the networkevents from the socket event. Otherwise the + // socket will report states that aren't there. + if (_fd != nullptr && _fd->fd != -1) + WSAEventSelect(_fd->fd, _event, 0); + WSACloseEvent(_event); + } + } + + operator HANDLE() + { + return _event; + } + + operator struct pollfd*() + { + return _fd; + } + + private: + HANDLE _event; + struct pollfd* _fd; + }; +#endif + + // + // That function could 'return WSAPoll(pfd, nfds, timeout);' + // but WSAPoll is said to have weird behaviors on the internet + // (the curl folks have had problems with it). + // + // So we make it a select wrapper + // + // UPDATE: WSAPoll was fixed in Windows 10 Version 2004 + // + // The optional "event" is set to nullptr if it wasn't signaled. + int poll(struct pollfd* fds, nfds_t nfds, int timeout, void** event) + { +#ifdef _WIN32 + + if (event && *event) + { + HANDLE interruptEvent = reinterpret_cast(*event); + *event = nullptr; // the event wasn't signaled yet + + if (nfds < 0 || nfds >= MAXIMUM_WAIT_OBJECTS - 1) + { + WSASetLastError(WSAEINVAL); + return SOCKET_ERROR; + } + + std::vector socketEvents; + std::vector handles; + // put the interrupt event as first element, making it highest priority + handles.push_back(interruptEvent); + + // create the WSAEvents for the sockets + for (nfds_t i = 0; i < nfds; ++i) + { + struct pollfd* fd = &fds[i]; + fd->revents = 0; + if (fd->fd >= 0) + { + // create WSAEvent and add it to the vectors + socketEvents.push_back(std::move(WSAEvent(fd))); + HANDLE handle = socketEvents.back(); + if (handle == WSA_INVALID_EVENT) + { + WSASetLastError(WSAENOBUFS); + return SOCKET_ERROR; + } + handles.push_back(handle); + + // mapping + long networkEvents = 0; + if (fd->events & (POLLIN )) networkEvents |= FD_READ | FD_ACCEPT; + if (fd->events & (POLLOUT /*| POLLWRNORM | POLLWRBAND*/)) networkEvents |= FD_WRITE | FD_CONNECT; + //if (fd->events & (POLLPRI | POLLRDBAND )) networkEvents |= FD_OOB; + + if (WSAEventSelect(fd->fd, handle, networkEvents) != 0) + { + fd->revents = POLLNVAL; + socketEvents.pop_back(); + handles.pop_back(); + } + } + } + + DWORD n = WSAWaitForMultipleEvents(handles.size(), handles.data(), FALSE, timeout != -1 ? static_cast(timeout) : WSA_INFINITE, FALSE); + + if (n == WSA_WAIT_FAILED) return SOCKET_ERROR; + if (n == WSA_WAIT_TIMEOUT) return 0; + if (n == WSA_WAIT_EVENT_0) + { + // the interrupt event was signaled + *event = reinterpret_cast(interruptEvent); + return 1; + } + + int handleIndex = n - WSA_WAIT_EVENT_0; + int socketIndex = handleIndex - 1; + + WSANETWORKEVENTS netEvents; + int count = 0; + // WSAWaitForMultipleEvents returns the index of the first signaled event. And to emulate WSAPoll() + // all the signaled events must be processed. + while (socketIndex < socketEvents.size()) + { + struct pollfd* fd = socketEvents[socketIndex]; + + memset(&netEvents, 0, sizeof(netEvents)); + if (WSAEnumNetworkEvents(fd->fd, socketEvents[socketIndex], &netEvents) != 0) + { + fd->revents = POLLERR; + } + else if (netEvents.lNetworkEvents != 0) + { + // mapping + if (netEvents.lNetworkEvents & (FD_READ | FD_ACCEPT | FD_OOB)) fd->revents |= POLLIN; + if (netEvents.lNetworkEvents & (FD_WRITE | FD_CONNECT )) fd->revents |= POLLOUT; + + for (int i = 0; i < FD_MAX_EVENTS; ++i) + { + if (netEvents.iErrorCode[i] != 0) + { + fd->revents |= POLLERR; + break; + } + } + + if (fd->revents != 0) + { + // only signaled sockets count + count++; + } + } + socketIndex++; + } + + return count; + } + else + { + if (event && *event) *event = nullptr; + + socket_t maxfd = 0; + fd_set readfds, writefds, errorfds; + FD_ZERO(&readfds); + FD_ZERO(&writefds); + FD_ZERO(&errorfds); + + for (nfds_t i = 0; i < nfds; ++i) + { + struct pollfd* fd = &fds[i]; + + if (fd->fd > maxfd) + { + maxfd = fd->fd; + } + if ((fd->events & POLLIN)) + { + FD_SET(fd->fd, &readfds); + } + if ((fd->events & POLLOUT)) + { + FD_SET(fd->fd, &writefds); + } + if ((fd->events & POLLERR)) + { + FD_SET(fd->fd, &errorfds); + } + } + + struct timeval tv; + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout % 1000) * 1000; + + int ret = select(maxfd + 1, &readfds, &writefds, &errorfds, timeout != -1 ? &tv : NULL); + + if (ret < 0) + { + return ret; + } + + for (nfds_t i = 0; i < nfds; ++i) + { + struct pollfd* fd = &fds[i]; + fd->revents = 0; + + if (FD_ISSET(fd->fd, &readfds)) + { + fd->revents |= POLLIN; + } + if (FD_ISSET(fd->fd, &writefds)) + { + fd->revents |= POLLOUT; + } + if (FD_ISSET(fd->fd, &errorfds)) + { + fd->revents |= POLLERR; + } + } + return ret; + } +#else + if (event && *event) *event = nullptr; + + // + // It was reported that on Android poll can fail and return -1 with + // errno == EINTR, which should be a temp error and should typically + // be handled by retrying in a loop. + // Maybe we need to put all syscall / C functions in + // a new IXSysCalls.cpp and wrap them all. + // + // The style from libuv is as such. + // + int ret = -1; + do + { + ret = ::poll(fds, nfds, timeout); + } while (ret == -1 && errno == EINTR); + + return ret; +#endif + } + + // + // mingw does not have inet_ntop, which were taken as is from the musl C library. + // + const char* inet_ntop(int af, const void* a0, char* s, socklen_t l) + { +#if defined(_WIN32) && defined(__GNUC__) + const unsigned char* a = (const unsigned char*) a0; + int i, j, max, best; + char buf[100]; + + switch (af) + { + case AF_INET: + if (snprintf(s, l, "%d.%d.%d.%d", a[0], a[1], a[2], a[3]) < l) return s; + break; + case AF_INET6: + if (memcmp(a, "\0\0\0\0\0\0\0\0\0\0\377\377", 12)) + snprintf(buf, + sizeof buf, + "%x:%x:%x:%x:%x:%x:%x:%x", + 256 * a[0] + a[1], + 256 * a[2] + a[3], + 256 * a[4] + a[5], + 256 * a[6] + a[7], + 256 * a[8] + a[9], + 256 * a[10] + a[11], + 256 * a[12] + a[13], + 256 * a[14] + a[15]); + else + snprintf(buf, + sizeof buf, + "%x:%x:%x:%x:%x:%x:%d.%d.%d.%d", + 256 * a[0] + a[1], + 256 * a[2] + a[3], + 256 * a[4] + a[5], + 256 * a[6] + a[7], + 256 * a[8] + a[9], + 256 * a[10] + a[11], + a[12], + a[13], + a[14], + a[15]); + /* Replace longest /(^0|:)[:0]{2,}/ with "::" */ + for (i = best = 0, max = 2; buf[i]; i++) + { + if (i && buf[i] != ':') continue; + j = strspn(buf + i, ":0"); + if (j > max) best = i, max = j; + } + if (max > 3) + { + buf[best] = buf[best + 1] = ':'; + memmove(buf + best + 2, buf + best + max, i - best - max + 1); + } + if (strlen(buf) < l) + { + strcpy(s, buf); + return s; + } + break; + default: errno = EAFNOSUPPORT; return 0; + } + errno = ENOSPC; + return 0; +#else + return ::inet_ntop(af, a0, s, l); +#endif + } + +#if defined(_WIN32) && defined(__GNUC__) + static int hexval(unsigned c) + { + if (c - '0' < 10) return c - '0'; + c |= 32; + if (c - 'a' < 6) return c - 'a' + 10; + return -1; + } +#endif + + // + // mingw does not have inet_pton, which were taken as is from the musl C library. + // + int inet_pton(int af, const char* s, void* a0) + { +#if defined(_WIN32) && defined(__GNUC__) + uint16_t ip[8]; + unsigned char* a = (unsigned char*) a0; + int i, j, v, d, brk = -1, need_v4 = 0; + + if (af == AF_INET) + { + for (i = 0; i < 4; i++) + { + for (v = j = 0; j < 3 && isdigit(s[j]); j++) + v = 10 * v + s[j] - '0'; + if (j == 0 || (j > 1 && s[0] == '0') || v > 255) return 0; + a[i] = v; + if (s[j] == 0 && i == 3) return 1; + if (s[j] != '.') return 0; + s += j + 1; + } + return 0; + } + else if (af != AF_INET6) + { + errno = EAFNOSUPPORT; + return -1; + } + + if (*s == ':' && *++s != ':') return 0; + + for (i = 0;; i++) + { + if (s[0] == ':' && brk < 0) + { + brk = i; + ip[i & 7] = 0; + if (!*++s) break; + if (i == 7) return 0; + continue; + } + for (v = j = 0; j < 4 && (d = hexval(s[j])) >= 0; j++) + v = 16 * v + d; + if (j == 0) return 0; + ip[i & 7] = v; + if (!s[j] && (brk >= 0 || i == 7)) break; + if (i == 7) return 0; + if (s[j] != ':') + { + if (s[j] != '.' || (i < 6 && brk < 0)) return 0; + need_v4 = 1; + i++; + break; + } + s += j + 1; + } + if (brk >= 0) + { + memmove(ip + brk + 7 - i, ip + brk, 2 * (i + 1 - brk)); + for (j = 0; j < 7 - i; j++) + ip[brk + j] = 0; + } + for (j = 0; j < 8; j++) + { + *a++ = ip[j] >> 8; + *a++ = ip[j]; + } + if (need_v4 && inet_pton(AF_INET, (const char*) s, a - 4) <= 0) return 0; + return 1; +#else + return ::inet_pton(af, s, a0); +#endif + } + + // Convert network bytes to host bytes. Copied from the ASIO library + unsigned short network_to_host_short(unsigned short value) + { + #if defined(_WIN32) + unsigned char* value_p = reinterpret_cast(&value); + unsigned short result = (static_cast(value_p[0]) << 8) + | static_cast(value_p[1]); + return result; + #else // defined(_WIN32) + return ntohs(value); + #endif // defined(_WIN32) + } + +} // namespace ix diff --git a/ixwebsocket/IXSelectInterrupt.cpp b/ixwebsocket/IXSelectInterrupt.cpp new file mode 100644 index 0000000..df38bc5 --- /dev/null +++ b/ixwebsocket/IXSelectInterrupt.cpp @@ -0,0 +1,53 @@ +/* + * IXSelectInterrupt.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSelectInterrupt.h" + +namespace ix +{ + const uint64_t SelectInterrupt::kSendRequest = 1; + const uint64_t SelectInterrupt::kCloseRequest = 2; + + SelectInterrupt::SelectInterrupt() + { + ; + } + + SelectInterrupt::~SelectInterrupt() + { + ; + } + + bool SelectInterrupt::init(std::string& /*errorMsg*/) + { + return true; + } + + bool SelectInterrupt::notify(uint64_t /*value*/) + { + return true; + } + + uint64_t SelectInterrupt::read() + { + return 0; + } + + bool SelectInterrupt::clear() + { + return true; + } + + int SelectInterrupt::getFd() const + { + return -1; + } + + void* SelectInterrupt::getEvent() const + { + return nullptr; + } +} // namespace ix diff --git a/ixwebsocket/IXSelectInterruptEvent.cpp b/ixwebsocket/IXSelectInterruptEvent.cpp new file mode 100644 index 0000000..2f8f774 --- /dev/null +++ b/ixwebsocket/IXSelectInterruptEvent.cpp @@ -0,0 +1,85 @@ +/* + * IXSelectInterruptEvent.cpp + */ + +// +// On Windows we use a Windows Event to wake up ix::poll() (WSAWaitForMultipleEvents). +// And on any other platform that doesn't support pipe file descriptors we +// emulate the interrupt event by using a short timeout with ix::poll() and +// read from the SelectInterrupt. (see Socket::poll() "Emulation mode") +// +#include +#include "IXSelectInterruptEvent.h" + +namespace ix +{ + SelectInterruptEvent::SelectInterruptEvent() + { +#ifdef _WIN32 + _event = CreateEvent(NULL, TRUE, FALSE, NULL); +#endif + } + + SelectInterruptEvent::~SelectInterruptEvent() + { +#ifdef _WIN32 + CloseHandle(_event); +#endif + } + + bool SelectInterruptEvent::init(std::string& /*errorMsg*/) + { + return true; + } + + bool SelectInterruptEvent::notify(uint64_t value) + { + std::lock_guard lock(_valuesMutex); + + // WebSocket implementation detail: We only need one of the values in the queue + if (std::find(_values.begin(), _values.end(), value) == _values.end()) + _values.push_back(value); +#ifdef _WIN32 + SetEvent(_event); // wake up +#endif + return true; + } + + uint64_t SelectInterruptEvent::read() + { + std::lock_guard lock(_valuesMutex); + + if (_values.size() > 0) + { + uint64_t value = _values.front(); + _values.pop_front(); +#ifdef _WIN32 + // signal the event if there is still data in the queue + if (_values.size() == 0) + ResetEvent(_event); +#endif + return value; + } + return 0; + } + + bool SelectInterruptEvent::clear() + { + std::lock_guard lock(_valuesMutex); + _values.clear(); +#ifdef _WIN32 + ResetEvent(_event); +#endif + return true; + } + + void* SelectInterruptEvent::getEvent() const + { +#ifdef _WIN32 + return reinterpret_cast(_event); +#else + return nullptr; +#endif + } + +} // namespace ix diff --git a/ixwebsocket/IXSelectInterruptFactory.cpp b/ixwebsocket/IXSelectInterruptFactory.cpp new file mode 100644 index 0000000..c66c14c --- /dev/null +++ b/ixwebsocket/IXSelectInterruptFactory.cpp @@ -0,0 +1,26 @@ +/* + * IXSelectInterruptFactory.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSelectInterruptFactory.h" + +#include "IXUniquePtr.h" +#if _WIN32 +#include "IXSelectInterruptEvent.h" +#else +#include "IXSelectInterruptPipe.h" +#endif + +namespace ix +{ + SelectInterruptPtr createSelectInterrupt() + { +#ifdef _WIN32 + return ix::make_unique(); +#else + return ix::make_unique(); +#endif + } +} // namespace ix diff --git a/ixwebsocket/IXSelectInterruptPipe.cpp b/ixwebsocket/IXSelectInterruptPipe.cpp new file mode 100644 index 0000000..75c42f2 --- /dev/null +++ b/ixwebsocket/IXSelectInterruptPipe.cpp @@ -0,0 +1,161 @@ +/* + * IXSelectInterruptPipe.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved. + */ + +// +// On UNIX we use pipes to wake up select. There is no way to do that +// on Windows so this file is compiled out on Windows. +// +#ifndef _WIN32 + +#include "IXSelectInterruptPipe.h" + +#include +#include +#include +#include +#include // for strerror +#include // for write + +namespace ix +{ + // File descriptor at index 0 in _fildes is the read end of the pipe + // File descriptor at index 1 in _fildes is the write end of the pipe + const int SelectInterruptPipe::kPipeReadIndex = 0; + const int SelectInterruptPipe::kPipeWriteIndex = 1; + + SelectInterruptPipe::SelectInterruptPipe() + { + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + } + + SelectInterruptPipe::~SelectInterruptPipe() + { + ::close(_fildes[kPipeReadIndex]); + ::close(_fildes[kPipeWriteIndex]); + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + } + + bool SelectInterruptPipe::init(std::string& errorMsg) + { + std::lock_guard lock(_fildesMutex); + + // calling init twice is a programming error + assert(_fildes[kPipeReadIndex] == -1); + assert(_fildes[kPipeWriteIndex] == -1); + + if (pipe(_fildes) < 0) + { + std::stringstream ss; + ss << "SelectInterruptPipe::init() failed in pipe() call" + << " : " << strerror(errno); + errorMsg = ss.str(); + return false; + } + + if (fcntl(_fildes[kPipeReadIndex], F_SETFL, O_NONBLOCK) == -1) + { + std::stringstream ss; + ss << "SelectInterruptPipe::init() failed in fcntl(..., O_NONBLOCK) call" + << " : " << strerror(errno); + errorMsg = ss.str(); + + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + return false; + } + + if (fcntl(_fildes[kPipeWriteIndex], F_SETFL, O_NONBLOCK) == -1) + { + std::stringstream ss; + ss << "SelectInterruptPipe::init() failed in fcntl(..., O_NONBLOCK) call" + << " : " << strerror(errno); + errorMsg = ss.str(); + + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + return false; + } + +#ifdef F_SETNOSIGPIPE + if (fcntl(_fildes[kPipeWriteIndex], F_SETNOSIGPIPE, 1) == -1) + { + std::stringstream ss; + ss << "SelectInterruptPipe::init() failed in fcntl(.... F_SETNOSIGPIPE) call" + << " : " << strerror(errno); + errorMsg = ss.str(); + + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + return false; + } + + if (fcntl(_fildes[kPipeWriteIndex], F_SETNOSIGPIPE, 1) == -1) + { + std::stringstream ss; + ss << "SelectInterruptPipe::init() failed in fcntl(..., F_SETNOSIGPIPE) call" + << " : " << strerror(errno); + errorMsg = ss.str(); + + _fildes[kPipeReadIndex] = -1; + _fildes[kPipeWriteIndex] = -1; + return false; + } +#endif + + return true; + } + + bool SelectInterruptPipe::notify(uint64_t value) + { + std::lock_guard lock(_fildesMutex); + + int fd = _fildes[kPipeWriteIndex]; + if (fd == -1) return false; + + ssize_t ret = -1; + do + { + ret = ::write(fd, &value, sizeof(value)); + } while (ret == -1 && errno == EINTR); + + // we should write 8 bytes for an uint64_t + return ret == 8; + } + + // TODO: return max uint64_t for errors ? + uint64_t SelectInterruptPipe::read() + { + std::lock_guard lock(_fildesMutex); + + int fd = _fildes[kPipeReadIndex]; + + uint64_t value = 0; + + ssize_t ret = -1; + do + { + ret = ::read(fd, &value, sizeof(value)); + } while (ret == -1 && errno == EINTR); + + return value; + } + + bool SelectInterruptPipe::clear() + { + return true; + } + + int SelectInterruptPipe::getFd() const + { + std::lock_guard lock(_fildesMutex); + + return _fildes[kPipeReadIndex]; + } +} // namespace ix + +#endif // !_WIN32 diff --git a/ixwebsocket/IXSetThreadName.cpp b/ixwebsocket/IXSetThreadName.cpp new file mode 100644 index 0000000..b1e7737 --- /dev/null +++ b/ixwebsocket/IXSetThreadName.cpp @@ -0,0 +1,83 @@ +/* + * IXSetThreadName.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 2020 Machine Zone, Inc. All rights reserved. + */ +#include "IXSetThreadName.h" + +// unix systems +#if defined(__APPLE__) || defined(__linux__) || defined(BSD) +#include +#endif + +// freebsd needs this header as well +#if defined(BSD) +#include +#endif + +// Windows +#ifdef _WIN32 +#include +#endif + +namespace ix +{ +#ifdef _WIN32 + const DWORD MS_VC_EXCEPTION = 0x406D1388; + +#pragma pack(push, 8) + typedef struct tagTHREADNAME_INFO + { + DWORD dwType; // Must be 0x1000. + LPCSTR szName; // Pointer to name (in user addr space). + DWORD dwThreadID; // Thread ID (-1=caller thread). + DWORD dwFlags; // Reserved for future use, must be zero. + } THREADNAME_INFO; +#pragma pack(pop) + + void SetThreadName(DWORD dwThreadID, const char* threadName) + { +#ifndef __GNUC__ + THREADNAME_INFO info; + info.dwType = 0x1000; + info.szName = threadName; + info.dwThreadID = dwThreadID; + info.dwFlags = 0; + + __try + { + RaiseException( + MS_VC_EXCEPTION, 0, sizeof(info) / sizeof(ULONG_PTR), (ULONG_PTR*) &info); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + } +#endif + } +#endif + + void setThreadName(const std::string& name) + { +#if defined(__APPLE__) + // + // Apple reserves 16 bytes for its thread names + // Notice that the Apple version of pthread_setname_np + // does not take a pthread_t argument + // + pthread_setname_np(name.substr(0, 63).c_str()); +#elif defined(__linux__) + // + // Linux only reserves 16 bytes for its thread names + // See prctl and PR_SET_NAME property in + // http://man7.org/linux/man-pages/man2/prctl.2.html + // + pthread_setname_np(pthread_self(), name.substr(0, 15).c_str()); +#elif defined(_WIN32) + SetThreadName(-1, name.c_str()); +#elif defined(BSD) + pthread_set_name_np(pthread_self(), name.substr(0, 15).c_str()); +#else + // ... assert here ? +#endif + } +} // namespace ix diff --git a/ixwebsocket/IXSocket.cpp b/ixwebsocket/IXSocket.cpp new file mode 100644 index 0000000..dc14bc9 --- /dev/null +++ b/ixwebsocket/IXSocket.cpp @@ -0,0 +1,453 @@ +/* + * IXSocket.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSocket.h" + +#include "IXNetSystem.h" +#include "IXSelectInterrupt.h" +#include "IXSelectInterruptFactory.h" +#include "IXSocketConnect.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef min +#undef min +#endif + +namespace ix +{ + const int Socket::kDefaultPollNoTimeout = -1; // No poll timeout by default + const int Socket::kDefaultPollTimeout = kDefaultPollNoTimeout; + + Socket::Socket(int fd) + : _sockfd(fd) + , _selectInterrupt(createSelectInterrupt()) + { + ; + } + + Socket::~Socket() + { + close(); + } + + PollResultType Socket::poll(bool readyToRead, + int timeoutMs, + int sockfd, + const SelectInterruptPtr& selectInterrupt) + { + PollResultType pollResult = PollResultType::ReadyForRead; + + // + // We used to use ::select to poll but on Android 9 we get large fds out of + // ::connect which crash in FD_SET as they are larger than FD_SETSIZE. Switching + // to ::poll does fix that. + // + // However poll isn't as portable as select and has bugs on Windows, so we + // have a shim to fallback to select on those platforms. See + // https://github.com/mpv-player/mpv/pull/5203/files for such a select wrapper. + // + nfds_t nfds = 1; + struct pollfd fds[2]; + memset(fds, 0, sizeof(fds)); + + fds[0].fd = sockfd; + fds[0].events = (readyToRead) ? POLLIN : POLLOUT; + + // this is ignored by poll, but our select based poll wrapper on Windows needs it + fds[0].events |= POLLERR; + + // File descriptor used to interrupt select when needed + int interruptFd = -1; + void* interruptEvent = nullptr; + if (selectInterrupt) + { + interruptFd = selectInterrupt->getFd(); + interruptEvent = selectInterrupt->getEvent(); + + if (interruptFd != -1) + { + nfds = 2; + fds[1].fd = interruptFd; + fds[1].events = POLLIN; + } + else if (interruptEvent == nullptr) + { + // Emulation mode: SelectInterrupt neither supports file descriptors nor events + + // Check the selectInterrupt for requests before doing the poll(). + if (readSelectInterruptRequest(selectInterrupt, &pollResult)) + { + return pollResult; + } + } + } + + void* event = interruptEvent; // ix::poll will set event to nullptr if it wasn't signaled + int ret = ix::poll(fds, nfds, timeoutMs, &event); + + if (ret < 0) + { + pollResult = PollResultType::Error; + } + else if (ret == 0) + { + pollResult = PollResultType::Timeout; + if (selectInterrupt && interruptFd == -1 && interruptEvent == nullptr) + { + // Emulation mode: SelectInterrupt neither supports fd nor events + + // Check the selectInterrupt for requests + readSelectInterruptRequest(selectInterrupt, &pollResult); + } + } + else if ((interruptFd != -1 && fds[1].revents & POLLIN) || (interruptEvent != nullptr && event != nullptr)) + { + // The InterruptEvent was signaled + readSelectInterruptRequest(selectInterrupt, &pollResult); + } + else if (sockfd != -1 && readyToRead && fds[0].revents & POLLIN) + { + pollResult = PollResultType::ReadyForRead; + } + else if (sockfd != -1 && !readyToRead && fds[0].revents & POLLOUT) + { + pollResult = PollResultType::ReadyForWrite; + +#ifdef _WIN32 + // On connect error, in async mode, windows will write to the exceptions fds + if (fds[0].revents & POLLERR) + { + pollResult = PollResultType::Error; + } +#else + int optval = -1; + socklen_t optlen = sizeof(optval); + + // getsockopt() puts the errno value for connect into optval so 0 + // means no-error. + if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1 || optval != 0) + { + pollResult = PollResultType::Error; + + // set errno to optval so that external callers can have an + // appropriate error description when calling strerror + errno = optval; + } +#endif + } + else if (sockfd != -1 && (fds[0].revents & POLLERR || fds[0].revents & POLLHUP || + fds[0].revents & POLLNVAL)) + { + pollResult = PollResultType::Error; + } + + return pollResult; + } + + bool Socket::readSelectInterruptRequest(const SelectInterruptPtr& selectInterrupt, + PollResultType* pollResult) + { + uint64_t value = selectInterrupt->read(); + + if (value == SelectInterrupt::kSendRequest) + { + *pollResult = PollResultType::SendRequest; + return true; + } + else if (value == SelectInterrupt::kCloseRequest) + { + *pollResult = PollResultType::CloseRequest; + return true; + } + + return false; + } + + PollResultType Socket::isReadyToRead(int timeoutMs) + { + if (_sockfd == -1) + { + return PollResultType::Error; + } + + bool readyToRead = true; + return poll(readyToRead, timeoutMs, _sockfd, _selectInterrupt); + } + + PollResultType Socket::isReadyToWrite(int timeoutMs) + { + if (_sockfd == -1) + { + return PollResultType::Error; + } + + bool readyToRead = false; + return poll(readyToRead, timeoutMs, _sockfd, _selectInterrupt); + } + + // Wake up from poll/select by writing to the pipe which is watched by select + bool Socket::wakeUpFromPoll(uint64_t wakeUpCode) + { + return _selectInterrupt->notify(wakeUpCode); + } + + bool Socket::isWakeUpFromPollSupported() + { + return _selectInterrupt->getFd() != -1 || _selectInterrupt->getEvent() != nullptr; + } + + bool Socket::accept(std::string& errMsg) + { + if (_sockfd == -1) + { + errMsg = "Socket is uninitialized"; + return false; + } + return true; + } + + bool Socket::connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + std::lock_guard lock(_socketMutex); + + if (!_selectInterrupt->clear()) return false; + + _sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested); + return _sockfd != -1; + } + + void Socket::close() + { + std::lock_guard lock(_socketMutex); + + if (_sockfd == -1) return; + + closeSocket(_sockfd); + _sockfd = -1; + } + + ssize_t Socket::send(char* buffer, size_t length) + { + int flags = 0; +#ifdef MSG_NOSIGNAL + flags = MSG_NOSIGNAL; +#endif + + return ::send(_sockfd, buffer, length, flags); + } + + ssize_t Socket::send(const std::string& buffer) + { + return send((char*) &buffer[0], buffer.size()); + } + + ssize_t Socket::recv(void* buffer, size_t length) + { + int flags = 0; +#ifdef MSG_NOSIGNAL + flags = MSG_NOSIGNAL; +#endif + + return ::recv(_sockfd, (char*) buffer, length, flags); + } + + int Socket::getErrno() + { + int err; + +#ifdef _WIN32 + err = WSAGetLastError(); +#else + err = errno; +#endif + + return err; + } + + bool Socket::isWaitNeeded() + { + int err = getErrno(); + + if (err == EWOULDBLOCK || err == EAGAIN || err == EINPROGRESS) + { + return true; + } + + return false; + } + + void Socket::closeSocket(int fd) + { +#ifdef _WIN32 + closesocket(fd); +#else + ::close(fd); +#endif + } + + bool Socket::init(std::string& errorMsg) + { + return _selectInterrupt->init(errorMsg); + } + + bool Socket::writeBytes(const std::string& str, + const CancellationRequest& isCancellationRequested) + { + int offset = 0; + int len = (int) str.size(); + + while (true) + { + if (isCancellationRequested && isCancellationRequested()) return false; + + ssize_t ret = send((char*) &str[offset], len); + + // We wrote some bytes, as needed, all good. + if (ret > 0) + { + if (ret == len) + { + return true; + } + else + { + offset += ret; + len -= ret; + continue; + } + } + // There is possibly something to be writen, try again + else if (ret < 0 && Socket::isWaitNeeded()) + { + continue; + } + // There was an error during the write, abort + else + { + return false; + } + } + } + + bool Socket::readByte(void* buffer, const CancellationRequest& isCancellationRequested) + { + while (true) + { + if (isCancellationRequested && isCancellationRequested()) return false; + + ssize_t ret; + ret = recv(buffer, 1); + + // We read one byte, as needed, all good. + if (ret == 1) + { + return true; + } + // There is possibly something to be read, try again + else if (ret < 0 && Socket::isWaitNeeded()) + { + // Wait with a 1ms timeout until the socket is ready to read. + // This way we are not busy looping + if (isReadyToRead(1) == PollResultType::Error) + { + return false; + } + } + // There was an error during the read, abort + else + { + return false; + } + } + } + + std::pair Socket::readLine( + const CancellationRequest& isCancellationRequested) + { + char c; + std::string line; + line.reserve(64); + + for (int i = 0; i < 2 || (line[i - 2] != '\r' && line[i - 1] != '\n'); ++i) + { + if (!readByte(&c, isCancellationRequested)) + { + // Return what we were able to read + return std::make_pair(false, line); + } + + line += c; + } + + return std::make_pair(true, line); + } + + std::pair Socket::readBytes( + size_t length, + const OnProgressCallback& onProgressCallback, + const OnChunkCallback& onChunkCallback, + const CancellationRequest& isCancellationRequested) + { + std::array readBuffer; + std::vector output; + size_t bytesRead = 0; + + while (bytesRead != length) + { + if (isCancellationRequested && isCancellationRequested()) + { + const std::string errorMsg("Cancellation Requested"); + return std::make_pair(false, errorMsg); + } + + size_t size = std::min(readBuffer.size(), length - bytesRead); + ssize_t ret = recv((char*) &readBuffer[0], size); + + if (ret > 0) + { + if (onChunkCallback) + { + std::string chunk(readBuffer.begin(), readBuffer.begin() + ret); + onChunkCallback(chunk); + } + else + { + output.insert(output.end(), readBuffer.begin(), readBuffer.begin() + ret); + } + bytesRead += ret; + } + else if (ret <= 0 && !Socket::isWaitNeeded()) + { + const std::string errorMsg("Recv Error"); + return std::make_pair(false, errorMsg); + } + + if (onProgressCallback) onProgressCallback((int) bytesRead, (int) length); + + // Wait with a 1ms timeout until the socket is ready to read. + // This way we are not busy looping + if (isReadyToRead(1) == PollResultType::Error) + { + const std::string errorMsg("Poll Error"); + return std::make_pair(false, errorMsg); + } + } + + return std::make_pair(true, std::string(output.begin(), output.end())); + } +} // namespace ix diff --git a/ixwebsocket/IXSocketAppleSSL.cpp b/ixwebsocket/IXSocketAppleSSL.cpp new file mode 100644 index 0000000..f58e0c8 --- /dev/null +++ b/ixwebsocket/IXSocketAppleSSL.cpp @@ -0,0 +1,313 @@ +/* + * IXSocketAppleSSL.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + * + * Adapted from Satori SDK Apple SSL code. + */ +#ifdef IXWEBSOCKET_USE_SECURE_TRANSPORT + +#include "IXSocketAppleSSL.h" + +#include "IXSocketConnect.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define socketerrno errno + +#include + +namespace ix +{ + SocketAppleSSL::SocketAppleSSL(const SocketTLSOptions& tlsOptions, int fd) + : Socket(fd) + , _sslContext(nullptr) + , _tlsOptions(tlsOptions) + { + ; + } + + SocketAppleSSL::~SocketAppleSSL() + { + SocketAppleSSL::close(); + } + + std::string SocketAppleSSL::getSSLErrorDescription(OSStatus status) + { + std::string errMsg("Unknown SSL error."); + + CFErrorRef error = CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainOSStatus, status, NULL); + if (error) + { + CFStringRef message = CFErrorCopyDescription(error); + if (message) + { + char localBuffer[128]; + Boolean success; + success = CFStringGetCString(message, localBuffer, 128, kCFStringEncodingUTF8); + if (success) + { + errMsg = localBuffer; + } + CFRelease(message); + } + CFRelease(error); + } + + return errMsg; + } + + OSStatus SocketAppleSSL::readFromSocket(SSLConnectionRef connection, void* data, size_t* len) + { + int fd = (int) (long) connection; + if (fd < 0) return errSSLInternal; + + assert(data != nullptr); + assert(len != nullptr); + + size_t requested_sz = *len; + + ssize_t status = read(fd, data, requested_sz); + + if (status > 0) + { + *len = (size_t) status; + if (requested_sz > *len) + { + return errSSLWouldBlock; + } + else + { + return noErr; + } + } + else if (status == 0) + { + *len = 0; + return errSSLClosedGraceful; + } + else + { + *len = 0; + switch (errno) + { + case ENOENT: return errSSLClosedGraceful; + + case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx + case EINPROGRESS: return errSSLWouldBlock; + + case ECONNRESET: return errSSLClosedAbort; + + default: return errSecIO; + } + } + } + + OSStatus SocketAppleSSL::writeToSocket(SSLConnectionRef connection, + const void* data, + size_t* len) + { + int fd = (int) (long) connection; + if (fd < 0) return errSSLInternal; + + assert(data != nullptr); + assert(len != nullptr); + + size_t to_write_sz = *len; + ssize_t status = write(fd, data, to_write_sz); + + if (status > 0) + { + *len = (size_t) status; + if (to_write_sz > *len) + { + return errSSLWouldBlock; + } + else + { + return noErr; + } + } + else if (status == 0) + { + *len = 0; + return errSSLClosedGraceful; + } + else + { + *len = 0; + switch (errno) + { + case ENOENT: return errSSLClosedGraceful; + + case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx + case EINPROGRESS: return errSSLWouldBlock; + + case ECONNRESET: return errSSLClosedAbort; + + default: return errSecIO; + } + } + } + + + bool SocketAppleSSL::accept(std::string& errMsg) + { + errMsg = "TLS not supported yet in server mode with apple ssl backend"; + return false; + } + + OSStatus SocketAppleSSL::tlsHandShake(std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + OSStatus status; + + do + { + status = SSLHandshake(_sslContext); + + // Interrupt the handshake + if (isCancellationRequested()) + { + errMsg = "Cancellation requested"; + return errSSLInternal; + } + } while (status == errSSLWouldBlock || status == errSSLServerAuthCompleted); + + return status; + } + + // No wait support + bool SocketAppleSSL::connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + OSStatus status; + { + std::lock_guard lock(_mutex); + + _sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested); + if (_sockfd == -1) return false; + + _sslContext = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType); + + SSLSetIOFuncs( + _sslContext, SocketAppleSSL::readFromSocket, SocketAppleSSL::writeToSocket); + SSLSetConnection(_sslContext, (SSLConnectionRef)(long) _sockfd); + SSLSetProtocolVersionMin(_sslContext, kTLSProtocol12); + SSLSetPeerDomainName(_sslContext, host.c_str(), host.size()); + + if (_tlsOptions.isPeerVerifyDisabled()) + { + Boolean option(1); + SSLSetSessionOption(_sslContext, kSSLSessionOptionBreakOnServerAuth, option); + + status = tlsHandShake(errMsg, isCancellationRequested); + + if (status == errSSLServerAuthCompleted) + { + // proceed with the handshake + status = tlsHandShake(errMsg, isCancellationRequested); + } + } + else + { + status = tlsHandShake(errMsg, isCancellationRequested); + } + } + + if (status != noErr) + { + errMsg = getSSLErrorDescription(status); + close(); + return false; + } + + return true; + } + + void SocketAppleSSL::close() + { + std::lock_guard lock(_mutex); + + if (_sslContext == nullptr) return; + + SSLClose(_sslContext); + CFRelease(_sslContext); + _sslContext = nullptr; + + Socket::close(); + } + + ssize_t SocketAppleSSL::send(char* buf, size_t nbyte) + { + OSStatus status = errSSLWouldBlock; + while (status == errSSLWouldBlock) + { + size_t processed = 0; + std::lock_guard lock(_mutex); + status = SSLWrite(_sslContext, buf, nbyte, &processed); + + if (processed > 0) return (ssize_t) processed; + + // The connection was reset, inform the caller that this + // Socket should close + if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify || + status == errSSLClosedAbort) + { + errno = ECONNRESET; + return -1; + } + + if (status == errSSLWouldBlock) + { + errno = EWOULDBLOCK; + return -1; + } + } + return -1; + } + + // No wait support + ssize_t SocketAppleSSL::recv(void* buf, size_t nbyte) + { + OSStatus status = errSSLWouldBlock; + while (status == errSSLWouldBlock) + { + size_t processed = 0; + std::lock_guard lock(_mutex); + status = SSLRead(_sslContext, buf, nbyte, &processed); + + if (processed > 0) return (ssize_t) processed; + + // The connection was reset, inform the caller that this + // Socket should close + if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify || + status == errSSLClosedAbort) + { + errno = ECONNRESET; + return -1; + } + + if (status == errSSLWouldBlock) + { + errno = EWOULDBLOCK; + return -1; + } + } + return -1; + } + +} // namespace ix + +#endif // IXWEBSOCKET_USE_SECURE_TRANSPORT diff --git a/ixwebsocket/IXSocketConnect.cpp b/ixwebsocket/IXSocketConnect.cpp new file mode 100644 index 0000000..9664d84 --- /dev/null +++ b/ixwebsocket/IXSocketConnect.cpp @@ -0,0 +1,152 @@ +/* + * IXSocketConnect.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSocketConnect.h" + +#include "IXDNSLookup.h" +#include "IXNetSystem.h" +#include "IXSelectInterrupt.h" +#include "IXSocket.h" +#include "IXUniquePtr.h" +#include +#include +#include + +// Android needs extra headers for TCP_NODELAY and IPPROTO_TCP +#ifdef ANDROID +#include +#include +#endif +#include "IXSelectInterruptFactory.h" + +namespace ix +{ + // + // This function can be cancelled every 50 ms + // This is important so that we don't block the main UI thread when shutting down a + // connection which is already trying to reconnect, and can be blocked waiting for + // ::connect to respond. + // + int SocketConnect::connectToAddress(const struct addrinfo* address, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + errMsg = "no error"; + + socket_t fd = socket(address->ai_family, address->ai_socktype, address->ai_protocol); + if (fd < 0) + { + errMsg = "Cannot create a socket"; + return -1; + } + + // Set the socket to non blocking mode, so that slow responses cannot + // block us for too long + SocketConnect::configure(fd); + + int res = ::connect(fd, address->ai_addr, address->ai_addrlen); + + if (res == -1 && !Socket::isWaitNeeded()) + { + errMsg = strerror(Socket::getErrno()); + Socket::closeSocket(fd); + return -1; + } + + for (;;) + { + if (isCancellationRequested && isCancellationRequested()) // Must handle timeout as well + { + Socket::closeSocket(fd); + errMsg = "Cancelled"; + return -1; + } + + int timeoutMs = 10; + bool readyToRead = false; + SelectInterruptPtr selectInterrupt = ix::createSelectInterrupt(); + PollResultType pollResult = Socket::poll(readyToRead, timeoutMs, fd, selectInterrupt); + + if (pollResult == PollResultType::Timeout) + { + continue; + } + else if (pollResult == PollResultType::Error) + { + Socket::closeSocket(fd); + errMsg = std::string("Connect error: ") + strerror(Socket::getErrno()); + return -1; + } + else if (pollResult == PollResultType::ReadyForWrite) + { + return fd; + } + else + { + Socket::closeSocket(fd); + errMsg = std::string("Connect error: ") + strerror(Socket::getErrno()); + return -1; + } + } + } + + int SocketConnect::connect(const std::string& hostname, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + // + // First do DNS resolution + // + auto dnsLookup = std::make_shared(hostname, port); + struct addrinfo* res = dnsLookup->resolve(errMsg, isCancellationRequested); + if (res == nullptr) + { + return -1; + } + + int sockfd = -1; + + // iterate through the records to find a working peer + struct addrinfo* address; + for (address = res; address != nullptr; address = address->ai_next) + { + // + // Second try to connect to the remote host + // + sockfd = connectToAddress(address, errMsg, isCancellationRequested); + if (sockfd != -1) + { + break; + } + } + + freeaddrinfo(res); + return sockfd; + } + + // FIXME: configure is a terrible name + void SocketConnect::configure(int sockfd) + { + // 1. disable Nagle's algorithm + int flag = 1; + setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (char*) &flag, sizeof(flag)); + + // 2. make socket non blocking +#ifdef _WIN32 + unsigned long nonblocking = 1; + ioctlsocket(sockfd, FIONBIO, &nonblocking); +#else + fcntl(sockfd, F_SETFL, O_NONBLOCK); // make socket non blocking +#endif + + // 3. (apple) prevent SIGPIPE from being emitted when the remote end disconnect +#ifdef SO_NOSIGPIPE + int value = 1; + setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void*) &value, sizeof(value)); +#endif + } +} // namespace ix diff --git a/ixwebsocket/IXSocketFactory.cpp b/ixwebsocket/IXSocketFactory.cpp new file mode 100644 index 0000000..0273d68 --- /dev/null +++ b/ixwebsocket/IXSocketFactory.cpp @@ -0,0 +1,64 @@ +/* + * IXSocketFactory.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSocketFactory.h" + +#include "IXUniquePtr.h" +#ifdef IXWEBSOCKET_USE_TLS + +#ifdef IXWEBSOCKET_USE_MBED_TLS +#include "IXSocketMbedTLS.h" +#elif defined(IXWEBSOCKET_USE_OPEN_SSL) +#include "IXSocketOpenSSL.h" +#elif __APPLE__ +#include "IXSocketAppleSSL.h" +#endif + +#else + +#include "IXSocket.h" + +#endif + +namespace ix +{ + std::unique_ptr createSocket(bool tls, + int fd, + std::string& errorMsg, + const SocketTLSOptions& tlsOptions) + { + (void) tlsOptions; + errorMsg.clear(); + std::unique_ptr socket; + + if (!tls) + { + socket = ix::make_unique(fd); + } + else + { +#ifdef IXWEBSOCKET_USE_TLS +#if defined(IXWEBSOCKET_USE_MBED_TLS) + socket = ix::make_unique(tlsOptions, fd); +#elif defined(IXWEBSOCKET_USE_OPEN_SSL) + socket = ix::make_unique(tlsOptions, fd); +#elif defined(__APPLE__) + socket = ix::make_unique(tlsOptions, fd); +#endif +#else + errorMsg = "TLS support is not enabled on this platform."; + return nullptr; +#endif + } + + if (!socket->init(errorMsg)) + { + socket.reset(); + } + + return socket; + } +} // namespace ix diff --git a/ixwebsocket/IXSocketMbedTLS.cpp b/ixwebsocket/IXSocketMbedTLS.cpp new file mode 100644 index 0000000..01f8c87 --- /dev/null +++ b/ixwebsocket/IXSocketMbedTLS.cpp @@ -0,0 +1,361 @@ +/* + * IXSocketMbedTLS.cpp + * Author: Benjamin Sergeant, Max Weisel + * Copyright (c) 2019-2020 Machine Zone, Inc. All rights reserved. + * + * Some code taken from + * https://github.com/rottor12/WsClientLib/blob/master/lib/src/WsClientLib.cpp + * and mini_client.c example from mbedtls + */ +#ifdef IXWEBSOCKET_USE_MBED_TLS + +#include "IXSocketMbedTLS.h" + +#include "IXNetSystem.h" +#include "IXSocket.h" +#include "IXSocketConnect.h" +#include + +#ifdef _WIN32 +// For manipulating the certificate store +#include +#endif + +namespace ix +{ + SocketMbedTLS::SocketMbedTLS(const SocketTLSOptions& tlsOptions, int fd) + : Socket(fd) + , _tlsOptions(tlsOptions) + { + initMBedTLS(); + } + + SocketMbedTLS::~SocketMbedTLS() + { + SocketMbedTLS::close(); + } + + void SocketMbedTLS::initMBedTLS() + { + std::lock_guard lock(_mutex); + + mbedtls_ssl_init(&_ssl); + mbedtls_ssl_config_init(&_conf); + mbedtls_ctr_drbg_init(&_ctr_drbg); + mbedtls_entropy_init(&_entropy); + mbedtls_x509_crt_init(&_cacert); + mbedtls_x509_crt_init(&_cert); + mbedtls_pk_init(&_pkey); + } + + bool SocketMbedTLS::loadSystemCertificates(std::string& errorMsg) + { +#ifdef _WIN32 + DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG | + CERT_SYSTEM_STORE_CURRENT_USER; + HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root"); + + if (!systemStore) + { + errorMsg = "CertOpenStore failed with "; + errorMsg += std::to_string(GetLastError()); + return false; + } + + PCCERT_CONTEXT certificateIterator = NULL; + + int certificateCount = 0; + while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator)) + { + if (certificateIterator->dwCertEncodingType & X509_ASN_ENCODING) + { + int ret = mbedtls_x509_crt_parse(&_cacert, + certificateIterator->pbCertEncoded, + certificateIterator->cbCertEncoded); + if (ret == 0) + { + ++certificateCount; + } + } + } + + CertFreeCertificateContext(certificateIterator); + CertCloseStore(systemStore, 0); + + if (certificateCount == 0) + { + errorMsg = "No certificates found"; + return false; + } + + return true; +#else + // On macOS we can query the system cert location from the keychain + // On Linux we could try to fetch some local files based on the distribution + // On Android we could use JNI to get to the system certs + return false; +#endif + } + + bool SocketMbedTLS::init(const std::string& host, bool isClient, std::string& errMsg) + { + initMBedTLS(); + std::lock_guard lock(_mutex); + + const char* pers = "IXSocketMbedTLS"; + + if (mbedtls_ctr_drbg_seed(&_ctr_drbg, + mbedtls_entropy_func, + &_entropy, + (const unsigned char*) pers, + strlen(pers)) != 0) + { + errMsg = "Setting entropy seed failed"; + return false; + } + + if (mbedtls_ssl_config_defaults(&_conf, + (isClient) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT) != 0) + { + errMsg = "Setting config default failed"; + return false; + } + + mbedtls_ssl_conf_rng(&_conf, mbedtls_ctr_drbg_random, &_ctr_drbg); + + if (_tlsOptions.hasCertAndKey()) + { + if (mbedtls_x509_crt_parse_file(&_cert, _tlsOptions.certFile.c_str()) < 0) + { + errMsg = "Cannot parse cert file '" + _tlsOptions.certFile + "'"; + return false; + } +#ifdef IXWEBSOCKET_USE_MBED_TLS_MIN_VERSION_3 + if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "", mbedtls_ctr_drbg_random, &_ctr_drbg) < 0) +#else + if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "") < 0) +#endif + { + errMsg = "Cannot parse key file '" + _tlsOptions.keyFile + "'"; + return false; + } + if (mbedtls_ssl_conf_own_cert(&_conf, &_cert, &_pkey) < 0) + { + errMsg = "Problem configuring cert '" + _tlsOptions.certFile + "'"; + return false; + } + } + + if (_tlsOptions.isPeerVerifyDisabled()) + { + mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_NONE); + } + else + { + // FIXME: should we call mbedtls_ssl_conf_verify ? + mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED); + + if (_tlsOptions.isUsingSystemDefaults()) + { + if (!loadSystemCertificates(errMsg)) + { + return false; + } + } + else + { + if (_tlsOptions.isUsingInMemoryCAs()) + { + const char* buffer = _tlsOptions.caFile.c_str(); + size_t bufferSize = + _tlsOptions.caFile.size() + 1; // Needs to include null terminating + // character otherwise mbedtls will fail. + if (mbedtls_x509_crt_parse( + &_cacert, (const unsigned char*) buffer, bufferSize) < 0) + { + errMsg = "Cannot parse CA from memory."; + return false; + } + } + else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0) + { + errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'"; + return false; + } + } + + mbedtls_ssl_conf_ca_chain(&_conf, &_cacert, NULL); + } + + if (mbedtls_ssl_setup(&_ssl, &_conf) != 0) + { + errMsg = "SSL setup failed"; + return false; + } + + if (!host.empty() && mbedtls_ssl_set_hostname(&_ssl, host.c_str()) != 0) + { + errMsg = "SNI setup failed"; + return false; + } + + return true; + } + + bool SocketMbedTLS::accept(std::string& errMsg) + { + bool isClient = false; + bool initialized = init(std::string(), isClient, errMsg); + if (!initialized) + { + close(); + return false; + } + + mbedtls_ssl_set_bio(&_ssl, &_sockfd, mbedtls_net_send, mbedtls_net_recv, NULL); + + int res; + do + { + std::lock_guard lock(_mutex); + res = mbedtls_ssl_handshake(&_ssl); + } while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE); + + if (res != 0) + { + char buf[256]; + mbedtls_strerror(res, buf, sizeof(buf)); + + errMsg = "error in handshake : "; + errMsg += buf; + + if (res == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) + { + char verifyBuf[512]; + uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); + + mbedtls_x509_crt_verify_info(verifyBuf, sizeof(verifyBuf), " ! ", flags); + errMsg += " : "; + errMsg += verifyBuf; + } + + close(); + return false; + } + + return true; + } + + bool SocketMbedTLS::connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + { + std::lock_guard lock(_mutex); + _sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested); + if (_sockfd == -1) return false; + } + + bool isClient = true; + bool initialized = init(host, isClient, errMsg); + if (!initialized) + { + close(); + return false; + } + + mbedtls_ssl_set_bio(&_ssl, &_sockfd, mbedtls_net_send, mbedtls_net_recv, NULL); + + int res; + do + { + { + std::lock_guard lock(_mutex); + res = mbedtls_ssl_handshake(&_ssl); + } + + if (isCancellationRequested()) + { + errMsg = "Cancellation requested"; + close(); + return false; + } + } while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE); + + if (res != 0) + { + char buf[256]; + mbedtls_strerror(res, buf, sizeof(buf)); + + errMsg = "error in handshake : "; + errMsg += buf; + + close(); + return false; + } + + return true; + } + + void SocketMbedTLS::close() + { + std::lock_guard lock(_mutex); + + mbedtls_ssl_free(&_ssl); + mbedtls_ssl_config_free(&_conf); + mbedtls_ctr_drbg_free(&_ctr_drbg); + mbedtls_entropy_free(&_entropy); + mbedtls_x509_crt_free(&_cacert); + mbedtls_x509_crt_free(&_cert); + + Socket::close(); + } + + ssize_t SocketMbedTLS::send(char* buf, size_t nbyte) + { + std::lock_guard lock(_mutex); + + ssize_t res = mbedtls_ssl_write(&_ssl, (unsigned char*) buf, nbyte); + + if (res > 0) + { + return res; + } + else if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE) + { + errno = EWOULDBLOCK; + return -1; + } + else + { + return -1; + } + } + + ssize_t SocketMbedTLS::recv(void* buf, size_t nbyte) + { + while (true) + { + std::lock_guard lock(_mutex); + + ssize_t res = mbedtls_ssl_read(&_ssl, (unsigned char*) buf, (int) nbyte); + + if (res > 0) + { + return res; + } + + if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE) + { + errno = EWOULDBLOCK; + } + return -1; + } + } + +} // namespace ix + +#endif // IXWEBSOCKET_USE_MBED_TLS diff --git a/ixwebsocket/IXSocketOpenSSL.cpp b/ixwebsocket/IXSocketOpenSSL.cpp new file mode 100644 index 0000000..7fb6f6d --- /dev/null +++ b/ixwebsocket/IXSocketOpenSSL.cpp @@ -0,0 +1,849 @@ +/* + * IXSocketOpenSSL.cpp + * Author: Benjamin Sergeant, Matt DeBoer, Max Weisel + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + * + * Adapted from Satori SDK OpenSSL code. + */ +#ifdef IXWEBSOCKET_USE_OPEN_SSL + +#include "IXSocketOpenSSL.h" + +#include "IXSocketConnect.h" +#include "IXUniquePtr.h" +#include +#include +#include +#ifdef _WIN32 +#include +#else +#include +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#include +#endif +#define socketerrno errno + +#ifdef _WIN32 +// For manipulating the certificate store +#include +#endif + +#ifdef _WIN32 +namespace +{ + bool loadWindowsSystemCertificates(SSL_CTX* ssl, std::string& errorMsg) + { + DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG | + CERT_SYSTEM_STORE_CURRENT_USER; + HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root"); + + if (!systemStore) + { + errorMsg = "CertOpenStore failed with "; + errorMsg += std::to_string(GetLastError()); + return false; + } + + PCCERT_CONTEXT certificateIterator = NULL; + X509_STORE* opensslStore = SSL_CTX_get_cert_store(ssl); + + int certificateCount = 0; + while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator)) + { + X509* x509 = d2i_X509(NULL, + (const unsigned char**) &certificateIterator->pbCertEncoded, + certificateIterator->cbCertEncoded); + + if (x509) + { + if (X509_STORE_add_cert(opensslStore, x509) == 1) + { + ++certificateCount; + } + + X509_free(x509); + } + } + + CertFreeCertificateContext(certificateIterator); + CertCloseStore(systemStore, 0); + + if (certificateCount == 0) + { + errorMsg = "No certificates found"; + return false; + } + + return true; + } +} // namespace +#endif + +namespace ix +{ + const std::string kDefaultCiphers = + "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA " + "ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 " + "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA " + "ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 " + "DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA " + "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 AES128-SHA"; + + std::atomic SocketOpenSSL::_openSSLInitializationSuccessful(false); + std::once_flag SocketOpenSSL::_openSSLInitFlag; + std::vector> openSSLMutexes; + + SocketOpenSSL::SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd) + : Socket(fd) + , _ssl_connection(nullptr) + , _ssl_context(nullptr) + , _tlsOptions(tlsOptions) + { + std::call_once(_openSSLInitFlag, &SocketOpenSSL::openSSLInitialize, this); + } + + SocketOpenSSL::~SocketOpenSSL() + { + SocketOpenSSL::close(); + } + + void SocketOpenSSL::openSSLInitialize() + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, nullptr)) return; +#else + (void) OPENSSL_config(nullptr); + + if (CRYPTO_get_locking_callback() == nullptr) + { + openSSLMutexes.clear(); + for (int i = 0; i < CRYPTO_num_locks(); ++i) + { + openSSLMutexes.push_back(ix::make_unique()); + } + CRYPTO_set_locking_callback(SocketOpenSSL::openSSLLockingCallback); + } +#endif + + (void) OpenSSL_add_ssl_algorithms(); + (void) SSL_load_error_strings(); + + _openSSLInitializationSuccessful = true; + } + + void SocketOpenSSL::openSSLLockingCallback(int mode, + int type, + const char* /*file*/, + int /*line*/) + { + if (mode & CRYPTO_LOCK) + { + openSSLMutexes[type]->lock(); + } + else + { + openSSLMutexes[type]->unlock(); + } + } + + std::string SocketOpenSSL::getSSLError(int ret) + { + unsigned long e; + + int err = SSL_get_error(_ssl_connection, ret); + + if (err == SSL_ERROR_WANT_CONNECT || err == SSL_ERROR_WANT_ACCEPT) + { + return "OpenSSL failed - connection failure"; + } + else if (err == SSL_ERROR_WANT_X509_LOOKUP) + { + return "OpenSSL failed - x509 error"; + } + else if (err == SSL_ERROR_SYSCALL) + { + e = ERR_get_error(); + if (e > 0) + { + std::string errMsg("OpenSSL failed - "); + errMsg += ERR_error_string(e, nullptr); + return errMsg; + } + else if (e == 0 && ret == 0) + { + return "OpenSSL failed - received early EOF"; + } + else + { + return "OpenSSL failed - underlying BIO reported an I/O error"; + } + } + else if (err == SSL_ERROR_SSL) + { + e = ERR_get_error(); + std::string errMsg("OpenSSL failed - "); + errMsg += ERR_error_string(e, nullptr); + return errMsg; + } + else if (err == SSL_ERROR_NONE) + { + return "OpenSSL failed - err none"; + } + else if (err == SSL_ERROR_ZERO_RETURN) + { + return "OpenSSL failed - err zero return"; + } + else + { + return "OpenSSL failed - unknown error"; + } + } + + SSL_CTX* SocketOpenSSL::openSSLCreateContext(std::string& errMsg) + { + const SSL_METHOD* method = SSLv23_client_method(); + if (method == nullptr) + { + errMsg = "SSLv23_client_method failure"; + return nullptr; + } + _ssl_method = method; + + SSL_CTX* ctx = SSL_CTX_new(_ssl_method); + if (ctx) + { + SSL_CTX_set_mode(ctx, + SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + + int options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE; + +#ifdef SSL_OP_NO_TLSv1_3 + // (partially?) work around hang in openssl 1.1.1b, by disabling TLS V1.3 + // https://github.com/openssl/openssl/issues/7967 + options |= SSL_OP_NO_TLSv1_3; +#endif + SSL_CTX_set_options(ctx, options); + } + return ctx; + } + + bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots) + { + // Create certificate store + X509_STORE* certificate_store = SSL_CTX_get_cert_store(_ssl_context); + if (certificate_store == nullptr) return false; + + // Configure to allow intermediate certs + X509_STORE_set_flags(certificate_store, + X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN); + + // Create a new buffer and populate it with the roots + BIO* buffer = BIO_new_mem_buf((void*) roots.c_str(), static_cast(roots.length())); + if (buffer == nullptr) return false; + + // Read each root in the buffer and add to the certificate store + bool success = true; + size_t number_of_roots = 0; + + while (true) + { + // Read the next root in the buffer + X509* root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void*) ""); + if (root == nullptr) + { + // No more certs left in the buffer, we're done. + ERR_clear_error(); + break; + } + + // Try adding the root to the certificate store + ERR_clear_error(); + if (!X509_STORE_add_cert(certificate_store, root)) + { + // Failed to add. If the error is unrelated to the x509 lib or the cert already + // exists, we're safe to continue. + unsigned long error = ERR_get_error(); + if (ERR_GET_LIB(error) != ERR_LIB_X509 || + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) + { + // Failed. Clean up and bail. + success = false; + X509_free(root); + break; + } + } + + // Clean up and loop + X509_free(root); + number_of_roots++; + } + + // Clean up buffer + BIO_free(buffer); + + // Make sure we loaded at least one certificate. + if (number_of_roots == 0) success = false; + + return success; + } + + /** + * Check whether a hostname matches a pattern + */ + bool SocketOpenSSL::checkHost(const std::string& host, const char* pattern) + { +#ifdef _WIN32 + return PathMatchSpecA(host.c_str(), pattern); +#else + return fnmatch(pattern, host.c_str(), 0) != FNM_NOMATCH; +#endif + } + + bool SocketOpenSSL::openSSLCheckServerCert(SSL* ssl, + const std::string& hostname, + std::string& errMsg) + { + X509* server_cert = SSL_get_peer_certificate(ssl); + if (server_cert == nullptr) + { + errMsg = "OpenSSL failed - peer didn't present a X509 certificate."; + return false; + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + // Check server name + bool hostname_verifies_ok = false; + STACK_OF(GENERAL_NAME)* san_names = (STACK_OF(GENERAL_NAME)*) X509_get_ext_d2i( + (X509*) server_cert, NID_subject_alt_name, NULL, NULL); + if (san_names) + { + for (int i = 0; i < sk_GENERAL_NAME_num(san_names); i++) + { + const GENERAL_NAME* sk_name = sk_GENERAL_NAME_value(san_names, i); + if (sk_name->type == GEN_DNS) + { + char* name = (char*) ASN1_STRING_data(sk_name->d.dNSName); + if ((size_t) ASN1_STRING_length(sk_name->d.dNSName) == strlen(name) && + checkHost(hostname, name)) + { + hostname_verifies_ok = true; + break; + } + } + } + } + sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); + + if (!hostname_verifies_ok) + { + int cn_pos = X509_NAME_get_index_by_NID( + X509_get_subject_name((X509*) server_cert), NID_commonName, -1); + if (cn_pos >= 0) + { + X509_NAME_ENTRY* cn_entry = + X509_NAME_get_entry(X509_get_subject_name((X509*) server_cert), cn_pos); + + if (cn_entry != nullptr) + { + ASN1_STRING* cn_asn1 = X509_NAME_ENTRY_get_data(cn_entry); + char* cn = (char*) ASN1_STRING_data(cn_asn1); + + if ((size_t) ASN1_STRING_length(cn_asn1) == strlen(cn) && + checkHost(hostname, cn)) + { + hostname_verifies_ok = true; + } + } + } + } + + if (!hostname_verifies_ok) + { + errMsg = "OpenSSL failed - certificate was issued for a different domain."; + return false; + } +#endif + + X509_free(server_cert); + return true; + } + + bool SocketOpenSSL::openSSLClientHandshake(const std::string& host, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + while (true) + { + if (_ssl_connection == nullptr || _ssl_context == nullptr) + { + return false; + } + + if (isCancellationRequested()) + { + errMsg = "Cancellation requested"; + return false; + } + + ERR_clear_error(); + int connect_result = SSL_connect(_ssl_connection); + if (connect_result == 1) + { + return openSSLCheckServerCert(_ssl_connection, host, errMsg); + } + int reason = SSL_get_error(_ssl_connection, connect_result); + + bool rc = false; + if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE) + { + rc = true; + } + else + { + errMsg = getSSLError(connect_result); + rc = false; + } + + if (!rc) + { + return false; + } + } + } + + bool SocketOpenSSL::openSSLServerHandshake(std::string& errMsg) + { + while (true) + { + if (_ssl_connection == nullptr || _ssl_context == nullptr) + { + return false; + } + + ERR_clear_error(); + int accept_result = SSL_accept(_ssl_connection); + if (accept_result == 1) + { + return true; + } + int reason = SSL_get_error(_ssl_connection, accept_result); + + bool rc = false; + if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE) + { + rc = true; + } + else + { + errMsg = getSSLError(accept_result); + rc = false; + } + + if (!rc) + { + return false; + } + } + } + + bool SocketOpenSSL::handleTLSOptions(std::string& errMsg) + { + ERR_clear_error(); + if (_tlsOptions.hasCertAndKey()) + { + if (SSL_CTX_use_certificate_chain_file(_ssl_context, _tlsOptions.certFile.c_str()) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_use_certificate_chain_file(\"" + + _tlsOptions.certFile + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + else if (SSL_CTX_use_PrivateKey_file( + _ssl_context, _tlsOptions.keyFile.c_str(), SSL_FILETYPE_PEM) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_use_PrivateKey_file(\"" + _tlsOptions.keyFile + + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + else if (!SSL_CTX_check_private_key(_ssl_context)) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - cert/key mismatch(\"" + _tlsOptions.certFile + ", " + + _tlsOptions.keyFile + "\")"; + errMsg += ERR_error_string(sslErr, nullptr); + } + } + + ERR_clear_error(); + if (!_tlsOptions.isPeerVerifyDisabled()) + { + if (_tlsOptions.isUsingSystemDefaults()) + { +#ifdef _WIN32 + if (!loadWindowsSystemCertificates(_ssl_context, errMsg)) + { + return false; + } +#else + if (SSL_CTX_set_default_verify_paths(_ssl_context) == 0) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_default_verify_paths loading failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + return false; + } +#endif + } + else + { + if (_tlsOptions.isUsingInMemoryCAs()) + { + // Load from memory + openSSLAddCARootsFromString(_tlsOptions.caFile); + } + else + { + if (SSL_CTX_load_verify_locations( + _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + + _tlsOptions.caFile + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + return false; + } + } + } + + SSL_CTX_set_verify(_ssl_context, + SSL_VERIFY_PEER, + [](int preverify, X509_STORE_CTX*) -> int { return preverify; }); + SSL_CTX_set_verify_depth(_ssl_context, 4); + } + else + { + SSL_CTX_set_verify(_ssl_context, SSL_VERIFY_NONE, nullptr); + } + + if (_tlsOptions.isUsingDefaultCiphers()) + { + if (SSL_CTX_set_cipher_list(_ssl_context, kDefaultCiphers.c_str()) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_set_cipher_list(\"" + kDefaultCiphers + + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + return false; + } + } + else if (SSL_CTX_set_cipher_list(_ssl_context, _tlsOptions.ciphers.c_str()) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_set_cipher_list(\"" + _tlsOptions.ciphers + + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + return false; + } + + return true; + } + + bool SocketOpenSSL::accept(std::string& errMsg) + { + bool handshakeSuccessful = false; + { + std::lock_guard lock(_mutex); + + if (!_openSSLInitializationSuccessful) + { + errMsg = "OPENSSL_init_ssl failure"; + return false; + } + + if (_sockfd == -1) + { + return false; + } + + { + const SSL_METHOD* method = SSLv23_server_method(); + if (method == nullptr) + { + errMsg = "SSLv23_server_method failure"; + _ssl_context = nullptr; + } + else + { + _ssl_method = method; + + _ssl_context = SSL_CTX_new(_ssl_method); + if (_ssl_context) + { + SSL_CTX_set_mode(_ssl_context, SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_CTX_set_mode(_ssl_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + SSL_CTX_set_options(_ssl_context, + SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + } + } + } + + if (_ssl_context == nullptr) + { + return false; + } + + ERR_clear_error(); + if (_tlsOptions.hasCertAndKey()) + { + if (SSL_CTX_use_certificate_chain_file(_ssl_context, + _tlsOptions.certFile.c_str()) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_use_certificate_chain_file(\"" + + _tlsOptions.certFile + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + else if (SSL_CTX_use_PrivateKey_file( + _ssl_context, _tlsOptions.keyFile.c_str(), SSL_FILETYPE_PEM) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_use_PrivateKey_file(\"" + + _tlsOptions.keyFile + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + } + + + ERR_clear_error(); + if (!_tlsOptions.isPeerVerifyDisabled()) + { + if (_tlsOptions.isUsingSystemDefaults()) + { + if (SSL_CTX_set_default_verify_paths(_ssl_context) == 0) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_default_verify_paths loading failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + } + else + { + if (_tlsOptions.isUsingInMemoryCAs()) + { + // Load from memory + openSSLAddCARootsFromString(_tlsOptions.caFile); + } + else + { + const char* root_ca_file = _tlsOptions.caFile.c_str(); + STACK_OF(X509_NAME) * rootCAs; + rootCAs = SSL_load_client_CA_file(root_ca_file); + if (rootCAs == NULL) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_load_client_CA_file('" + + _tlsOptions.caFile + "') failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + else + { + SSL_CTX_set_client_CA_list(_ssl_context, rootCAs); + if (SSL_CTX_load_verify_locations( + _ssl_context, root_ca_file, nullptr) != 1) + { + auto sslErr = ERR_get_error(); + errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + + _tlsOptions.caFile + "\") failed: "; + errMsg += ERR_error_string(sslErr, nullptr); + } + } + } + } + + SSL_CTX_set_verify( + _ssl_context, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); + SSL_CTX_set_verify_depth(_ssl_context, 4); + } + else + { + SSL_CTX_set_verify(_ssl_context, SSL_VERIFY_NONE, nullptr); + } + if (_tlsOptions.isUsingDefaultCiphers()) + { + if (SSL_CTX_set_cipher_list(_ssl_context, kDefaultCiphers.c_str()) != 1) + { + return false; + } + } + else if (SSL_CTX_set_cipher_list(_ssl_context, _tlsOptions.ciphers.c_str()) != 1) + { + return false; + } + + _ssl_connection = SSL_new(_ssl_context); + if (_ssl_connection == nullptr) + { + errMsg = "OpenSSL failed to connect"; + SSL_CTX_free(_ssl_context); + _ssl_context = nullptr; + return false; + } + + SSL_set_ecdh_auto(_ssl_connection, 1); + + SSL_set_fd(_ssl_connection, _sockfd); + + handshakeSuccessful = openSSLServerHandshake(errMsg); + } + + if (!handshakeSuccessful) + { + close(); + return false; + } + + return true; + } + + bool SocketOpenSSL::connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) + { + bool handshakeSuccessful = false; + { + std::lock_guard lock(_mutex); + + if (!_openSSLInitializationSuccessful) + { + errMsg = "OPENSSL_init_ssl failure"; + return false; + } + + _sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested); + if (_sockfd == -1) return false; + + _ssl_context = openSSLCreateContext(errMsg); + if (_ssl_context == nullptr) + { + return false; + } + + if (!handleTLSOptions(errMsg)) + { + return false; + } + + _ssl_connection = SSL_new(_ssl_context); + if (_ssl_connection == nullptr) + { + errMsg = "OpenSSL failed to connect"; + SSL_CTX_free(_ssl_context); + _ssl_context = nullptr; + return false; + } + SSL_set_fd(_ssl_connection, _sockfd); + + // SNI support + SSL_set_tlsext_host_name(_ssl_connection, host.c_str()); + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + // Support for server name verification + // (The docs say that this should work from 1.0.2, and is the default from + // 1.1.0, but it does not. To be on the safe side, the manual test + // below is enabled for all versions prior to 1.1.0.) + X509_VERIFY_PARAM* param = SSL_get0_param(_ssl_connection); + X509_VERIFY_PARAM_set1_host(param, host.c_str(), host.size()); +#endif + handshakeSuccessful = openSSLClientHandshake(host, errMsg, isCancellationRequested); + } + + if (!handshakeSuccessful) + { + close(); + return false; + } + + return true; + } + + void SocketOpenSSL::close() + { + std::lock_guard lock(_mutex); + + if (_ssl_connection != nullptr) + { + SSL_free(_ssl_connection); + _ssl_connection = nullptr; + } + if (_ssl_context != nullptr) + { + SSL_CTX_free(_ssl_context); + _ssl_context = nullptr; + } + + Socket::close(); + } + + ssize_t SocketOpenSSL::send(char* buf, size_t nbyte) + { + std::lock_guard lock(_mutex); + + if (_ssl_connection == nullptr || _ssl_context == nullptr) + { + return 0; + } + + ERR_clear_error(); + ssize_t write_result = SSL_write(_ssl_connection, buf, (int) nbyte); + int reason = SSL_get_error(_ssl_connection, (int) write_result); + + if (reason == SSL_ERROR_NONE) + { + return write_result; + } + else if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE) + { + errno = EWOULDBLOCK; + return -1; + } + else + { + return -1; + } + } + + ssize_t SocketOpenSSL::recv(void* buf, size_t nbyte) + { + while (true) + { + std::lock_guard lock(_mutex); + + if (_ssl_connection == nullptr || _ssl_context == nullptr) + { + return 0; + } + + ERR_clear_error(); + ssize_t read_result = SSL_read(_ssl_connection, buf, (int) nbyte); + + if (read_result > 0) + { + return read_result; + } + + int reason = SSL_get_error(_ssl_connection, (int) read_result); + + if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE) + { + errno = EWOULDBLOCK; + } + return -1; + } + } + +} // namespace ix + +#endif // IXWEBSOCKET_USE_OPEN_SSL diff --git a/ixwebsocket/IXSocketServer.cpp b/ixwebsocket/IXSocketServer.cpp new file mode 100644 index 0000000..5d7512b --- /dev/null +++ b/ixwebsocket/IXSocketServer.cpp @@ -0,0 +1,495 @@ +/* + * IXSocketServer.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSocketServer.h" + +#include "IXNetSystem.h" +#include "IXSelectInterrupt.h" +#include "IXSelectInterruptFactory.h" +#include "IXSetThreadName.h" +#include "IXSocket.h" +#include "IXSocketConnect.h" +#include "IXSocketFactory.h" +#include +#include +#include +#include + +namespace ix +{ + const int SocketServer::kDefaultPort(8080); + const std::string SocketServer::kDefaultHost("127.0.0.1"); + const int SocketServer::kDefaultTcpBacklog(5); + const size_t SocketServer::kDefaultMaxConnections(128); + const int SocketServer::kDefaultAddressFamily(AF_INET); + + SocketServer::SocketServer( + int port, const std::string& host, int backlog, size_t maxConnections, int addressFamily) + : _port(port) + , _host(host) + , _backlog(backlog) + , _maxConnections(maxConnections) + , _addressFamily(addressFamily) + , _serverFd(-1) + , _stop(false) + , _stopGc(false) + , _connectionStateFactory(&ConnectionState::createConnectionState) + , _acceptSelectInterrupt(createSelectInterrupt()) + { + } + + SocketServer::~SocketServer() + { + stop(); + } + + void SocketServer::logError(const std::string& str) + { + std::lock_guard lock(_logMutex); + fprintf(stderr, "%s\n", str.c_str()); + } + + void SocketServer::logInfo(const std::string& str) + { + std::lock_guard lock(_logMutex); + fprintf(stdout, "%s\n", str.c_str()); + } + + std::pair SocketServer::listen() + { + std::string acceptSelectInterruptInitErrorMsg; + if (!_acceptSelectInterrupt->init(acceptSelectInterruptInitErrorMsg)) + { + std::stringstream ss; + ss << "SocketServer::listen() error in SelectInterrupt::init: " + << acceptSelectInterruptInitErrorMsg; + + return std::make_pair(false, ss.str()); + } + + if (_addressFamily != AF_INET && _addressFamily != AF_INET6) + { + std::string errMsg("SocketServer::listen() AF_INET and AF_INET6 are currently " + "the only supported address families"); + return std::make_pair(false, errMsg); + } + + // Get a socket for accepting connections. + if ((_serverFd = socket(_addressFamily, SOCK_STREAM, 0)) < 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error creating socket): " << strerror(Socket::getErrno()); + + return std::make_pair(false, ss.str()); + } + + // Make that socket reusable. (allow restarting this server at will) + int enable = 1; + if (setsockopt(_serverFd, SOL_SOCKET, SO_REUSEADDR, (char*) &enable, sizeof(enable)) < 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling setsockopt(SO_REUSEADDR) " + << "at address " << _host << ":" << _port << " : " << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + + if (_addressFamily == AF_INET) + { + struct sockaddr_in server; + server.sin_family = _addressFamily; + server.sin_port = htons(_port); + + if (ix::inet_pton(_addressFamily, _host.c_str(), &server.sin_addr.s_addr) <= 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling inet_pton " + << "at address " << _host << ":" << _port << " : " + << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + + // Bind the socket to the server address. + if (bind(_serverFd, (struct sockaddr*) &server, sizeof(server)) < 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling bind " + << "at address " << _host << ":" << _port << " : " + << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + } + else // AF_INET6 + { + struct sockaddr_in6 server; + server.sin6_family = _addressFamily; + server.sin6_port = htons(_port); + + if (ix::inet_pton(_addressFamily, _host.c_str(), &server.sin6_addr) <= 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling inet_pton " + << "at address " << _host << ":" << _port << " : " + << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + + // Bind the socket to the server address. + if (bind(_serverFd, (struct sockaddr*) &server, sizeof(server)) < 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling bind " + << "at address " << _host << ":" << _port << " : " + << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + } + + // + // Listen for connections. Specify the tcp backlog. + // + if (::listen(_serverFd, _backlog) < 0) + { + std::stringstream ss; + ss << "SocketServer::listen() error calling listen " + << "at address " << _host << ":" << _port << " : " << strerror(Socket::getErrno()); + + Socket::closeSocket(_serverFd); + return std::make_pair(false, ss.str()); + } + + return std::make_pair(true, ""); + } + + void SocketServer::start() + { + _stop = false; + + if (!_thread.joinable()) + { + _thread = std::thread(&SocketServer::run, this); + } + + if (!_gcThread.joinable()) + { + _gcThread = std::thread(&SocketServer::runGC, this); + } + } + + void SocketServer::wait() + { + std::unique_lock lock(_conditionVariableMutex); + _conditionVariable.wait(lock); + } + + void SocketServer::stopAcceptingConnections() + { + _stop = true; + } + + void SocketServer::stop() + { + // Stop accepting connections, and close the 'accept' thread + if (_thread.joinable()) + { + _stop = true; + // Wake up select + if (!_acceptSelectInterrupt->notify(SelectInterrupt::kCloseRequest)) + { + logError("SocketServer::stop: Cannot wake up from select"); + } + + _thread.join(); + _stop = false; + } + + // Join all threads and make sure that all connections are terminated + if (_gcThread.joinable()) + { + _stopGc = true; + _conditionVariableGC.notify_one(); + _gcThread.join(); + _stopGc = false; + } + + _conditionVariable.notify_one(); + Socket::closeSocket(_serverFd); + } + + void SocketServer::setConnectionStateFactory( + const ConnectionStateFactory& connectionStateFactory) + { + _connectionStateFactory = connectionStateFactory; + } + + // + // join the threads for connections that have been closed + // + // When a connection is closed by a client, the connection state terminated + // field becomes true, and we can use that to know that we can join that thread + // and remove it from our _connectionsThreads data structure (a list). + // + void SocketServer::closeTerminatedThreads() + { + std::lock_guard lock(_connectionsThreadsMutex); + auto it = _connectionsThreads.begin(); + auto itEnd = _connectionsThreads.end(); + + while (it != itEnd) + { + auto& connectionState = it->first; + auto& thread = it->second; + + if (!connectionState->isTerminated()) + { + ++it; + continue; + } + + if (thread.joinable()) thread.join(); + it = _connectionsThreads.erase(it); + } + } + + void SocketServer::run() + { + // Set the socket to non blocking mode, so that accept calls are not blocking + SocketConnect::configure(_serverFd); + + // Use a cryptic name to stay within the 16 bytes limit thread name limitation + // $ echo Srv:gc:64000 | wc -c + // 13 + setThreadName("Srv:ac:" + std::to_string(_port)); + + for (;;) + { + if (_stop) return; + + // Use poll to check whether a new connection is in progress + int timeoutMs = -1; +#ifdef _WIN32 + // select cannot be interrupted on Windows so we need to pass a small timeout + timeoutMs = 10; +#endif + + bool readyToRead = true; + PollResultType pollResult = + Socket::poll(readyToRead, timeoutMs, _serverFd, _acceptSelectInterrupt); + + if (pollResult == PollResultType::Error) + { + std::stringstream ss; + ss << "SocketServer::run() error in select: " << strerror(Socket::getErrno()); + logError(ss.str()); + continue; + } + + if (pollResult != PollResultType::ReadyForRead) + { + continue; + } + + // Accept a connection. + // FIXME: Is this working for ipv6 ? + struct sockaddr_in client; // client address information + int clientFd; // socket connected to client + socklen_t addressLen = sizeof(client); + memset(&client, 0, sizeof(client)); + + if ((clientFd = accept(_serverFd, (struct sockaddr*) &client, &addressLen)) < 0) + { + if (!Socket::isWaitNeeded()) + { + // FIXME: that error should be propagated + int err = Socket::getErrno(); + std::stringstream ss; + ss << "SocketServer::run() error accepting connection: " << err << ", " + << strerror(err); + logError(ss.str()); + } + continue; + } + + if (getConnectedClientsCount() >= _maxConnections) + { + std::stringstream ss; + ss << "SocketServer::run() reached max connections = " << _maxConnections << ". " + << "Not accepting connection"; + logError(ss.str()); + + Socket::closeSocket(clientFd); + + continue; + } + + // Retrieve connection info, the ip address of the remote peer/client) + std::string remoteIp; + int remotePort; + + if (_addressFamily == AF_INET) + { + char remoteIp4[INET_ADDRSTRLEN]; + if (ix::inet_ntop(AF_INET, &client.sin_addr, remoteIp4, INET_ADDRSTRLEN) == nullptr) + { + int err = Socket::getErrno(); + std::stringstream ss; + ss << "SocketServer::run() error calling inet_ntop (ipv4): " << err << ", " + << strerror(err); + logError(ss.str()); + + Socket::closeSocket(clientFd); + + continue; + } + + remotePort = ix::network_to_host_short(client.sin_port); + remoteIp = remoteIp4; + } + else // AF_INET6 + { + char remoteIp6[INET6_ADDRSTRLEN]; + if (ix::inet_ntop(AF_INET6, &client.sin_addr, remoteIp6, INET6_ADDRSTRLEN) == + nullptr) + { + int err = Socket::getErrno(); + std::stringstream ss; + ss << "SocketServer::run() error calling inet_ntop (ipv6): " << err << ", " + << strerror(err); + logError(ss.str()); + + Socket::closeSocket(clientFd); + + continue; + } + + remotePort = ix::network_to_host_short(client.sin_port); + remoteIp = remoteIp6; + } + + std::shared_ptr connectionState; + if (_connectionStateFactory) + { + connectionState = _connectionStateFactory(); + } + connectionState->setOnSetTerminatedCallback([this] { onSetTerminatedCallback(); }); + connectionState->setRemoteIp(remoteIp); + connectionState->setRemotePort(remotePort); + + if (_stop) return; + + // create socket + std::string errorMsg; + bool tls = _socketTLSOptions.tls; + auto socket = createSocket(tls, clientFd, errorMsg, _socketTLSOptions); + + if (socket == nullptr) + { + logError("SocketServer::run() cannot create socket: " + errorMsg); + Socket::closeSocket(clientFd); + continue; + } + + // Set the socket to non blocking mode + other tweaks + SocketConnect::configure(clientFd); + + if (!socket->accept(errorMsg)) + { + logError("SocketServer::run() tls accept failed: " + errorMsg); + Socket::closeSocket(clientFd); + continue; + } + + // Launch the handleConnection work asynchronously in its own thread. + std::lock_guard lock(_connectionsThreadsMutex); + _connectionsThreads.push_back(std::make_pair( + connectionState, + std::thread( + &SocketServer::handleConnection, this, std::move(socket), connectionState))); + } + } + + size_t SocketServer::getConnectionsThreadsCount() + { + std::lock_guard lock(_connectionsThreadsMutex); + return _connectionsThreads.size(); + } + + void SocketServer::runGC() + { + // Use a cryptic name to stay within the 16 bytes limit thread name limitation + // $ echo Srv:gc:64000 | wc -c + // 13 + setThreadName("Srv:gc:" + std::to_string(_port)); + + for (;;) + { + // Garbage collection to shutdown/join threads for closed connections. + closeTerminatedThreads(); + + // We quit this thread if all connections are closed and we received + // a stop request by setting _stopGc to true. + if (_stopGc && getConnectionsThreadsCount() == 0) + { + break; + } + + // Unless we are stopping the server, wait for a connection + // to be terminated to run the threads GC, instead of busy waiting + // with a sleep + if (!_stopGc) + { + std::unique_lock lock(_conditionVariableMutexGC); + _conditionVariableGC.wait(lock); + } + } + } + + void SocketServer::setTLSOptions(const SocketTLSOptions& socketTLSOptions) + { + _socketTLSOptions = socketTLSOptions; + } + + void SocketServer::onSetTerminatedCallback() + { + // a connection got terminated, we can run the connection thread GC, + // so wake up the thread responsible for that + _conditionVariableGC.notify_one(); + } + + int SocketServer::getPort() + { + return _port; + } + + std::string SocketServer::getHost() + { + return _host; + } + + int SocketServer::getBacklog() + { + return _backlog; + } + + std::size_t SocketServer::getMaxConnections() + { + return _maxConnections; + } + + int SocketServer::getAddressFamily() + { + return _addressFamily; + } +} // namespace ix diff --git a/ixwebsocket/IXSocketTLSOptions.cpp b/ixwebsocket/IXSocketTLSOptions.cpp new file mode 100644 index 0000000..5800ccd --- /dev/null +++ b/ixwebsocket/IXSocketTLSOptions.cpp @@ -0,0 +1,93 @@ +/* + * IXSocketTLSOptions.h + * Author: Matt DeBoer + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXSocketTLSOptions.h" + +#include +#include +#include + +namespace ix +{ + const char* kTLSCAFileUseSystemDefaults = "SYSTEM"; + const char* kTLSCAFileDisableVerify = "NONE"; + const char* kTLSCiphersUseDefault = "DEFAULT"; + const char* kTLSInMemoryMarker = "-----BEGIN CERTIFICATE-----"; + + bool SocketTLSOptions::isValid() const + { + if (!_validated) + { + if (!certFile.empty() && !std::ifstream(certFile)) + { + _errMsg = "certFile not found: " + certFile; + return false; + } + if (!keyFile.empty() && !std::ifstream(keyFile)) + { + _errMsg = "keyFile not found: " + keyFile; + return false; + } + if (!caFile.empty() && caFile != kTLSCAFileDisableVerify && + caFile != kTLSCAFileUseSystemDefaults && !std::ifstream(caFile)) + { + _errMsg = "caFile not found: " + caFile; + return false; + } + + if (certFile.empty() != keyFile.empty()) + { + _errMsg = "certFile and keyFile must be both present, or both absent"; + return false; + } + + _validated = true; + } + return true; + } + + bool SocketTLSOptions::hasCertAndKey() const + { + return !certFile.empty() && !keyFile.empty(); + } + + bool SocketTLSOptions::isUsingSystemDefaults() const + { + return caFile == kTLSCAFileUseSystemDefaults; + } + + bool SocketTLSOptions::isUsingInMemoryCAs() const + { + return caFile.find(kTLSInMemoryMarker) != std::string::npos; + } + + bool SocketTLSOptions::isPeerVerifyDisabled() const + { + return caFile == kTLSCAFileDisableVerify; + } + + bool SocketTLSOptions::isUsingDefaultCiphers() const + { + return ciphers.empty() || ciphers == kTLSCiphersUseDefault; + } + + const std::string& SocketTLSOptions::getErrorMsg() const + { + return _errMsg; + } + + std::string SocketTLSOptions::getDescription() const + { + std::stringstream ss; + ss << "TLS Options:" << std::endl; + ss << " certFile = " << certFile << std::endl; + ss << " keyFile = " << keyFile << std::endl; + ss << " caFile = " << caFile << std::endl; + ss << " ciphers = " << ciphers << std::endl; + ss << " tls = " << tls << std::endl; + return ss.str(); + } +} // namespace ix diff --git a/ixwebsocket/IXStrCaseCompare.cpp b/ixwebsocket/IXStrCaseCompare.cpp new file mode 100644 index 0000000..833815f --- /dev/null +++ b/ixwebsocket/IXStrCaseCompare.cpp @@ -0,0 +1,37 @@ +/* + * IXStrCaseCompare.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone. All rights reserved. + */ + +#include "IXStrCaseCompare.h" + +#include +#include + +namespace ix +{ + bool CaseInsensitiveLess::NocaseCompare::operator()(const unsigned char& c1, + const unsigned char& c2) const + { +#if defined(_WIN32) && !defined(__GNUC__) + return std::tolower(c1, std::locale()) < std::tolower(c2, std::locale()); +#else + return std::tolower(c1) < std::tolower(c2); +#endif + } + + bool CaseInsensitiveLess::cmp(const std::string& s1, const std::string& s2) + { + return std::lexicographical_compare(s1.begin(), + s1.end(), // source range + s2.begin(), + s2.end(), // dest range + NocaseCompare()); // comparison + } + + bool CaseInsensitiveLess::operator()(const std::string& s1, const std::string& s2) const + { + return CaseInsensitiveLess::cmp(s1, s2); + } +} // namespace ix diff --git a/ixwebsocket/IXUdpSocket.cpp b/ixwebsocket/IXUdpSocket.cpp new file mode 100644 index 0000000..d124828 --- /dev/null +++ b/ixwebsocket/IXUdpSocket.cpp @@ -0,0 +1,126 @@ +/* + * IXUdpSocket.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone, Inc. All rights reserved. + */ + +#include "IXUdpSocket.h" + +#include "IXNetSystem.h" +#include +#include + +namespace ix +{ + UdpSocket::UdpSocket(int fd) + : _sockfd(fd) + { + ; + } + + UdpSocket::~UdpSocket() + { + close(); + } + + void UdpSocket::close() + { + if (_sockfd == -1) return; + + closeSocket(_sockfd); + _sockfd = -1; + } + + int UdpSocket::getErrno() + { + int err; + +#ifdef _WIN32 + err = WSAGetLastError(); +#else + err = errno; +#endif + + return err; + } + + bool UdpSocket::isWaitNeeded() + { + int err = getErrno(); + + if (err == EWOULDBLOCK || err == EAGAIN || err == EINPROGRESS) + { + return true; + } + + return false; + } + + void UdpSocket::closeSocket(int fd) + { +#ifdef _WIN32 + closesocket(fd); +#else + ::close(fd); +#endif + } + + bool UdpSocket::init(const std::string& host, int port, std::string& errMsg) + { + _sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (_sockfd < 0) + { + errMsg = "Could not create socket"; + return false; + } + +#ifdef _WIN32 + unsigned long nonblocking = 1; + ioctlsocket(_sockfd, FIONBIO, &nonblocking); +#else + fcntl(_sockfd, F_SETFL, O_NONBLOCK); // make socket non blocking +#endif + + memset(&_server, 0, sizeof(_server)); + _server.sin_family = AF_INET; + _server.sin_port = htons(port); + + // DNS resolution. + struct addrinfo hints, *result = nullptr; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_DGRAM; + + int ret = getaddrinfo(host.c_str(), nullptr, &hints, &result); + if (ret != 0) + { + errMsg = strerror(UdpSocket::getErrno()); + freeaddrinfo(result); + close(); + return false; + } + + struct sockaddr_in* host_addr = (struct sockaddr_in*) result->ai_addr; + memcpy(&_server.sin_addr, &host_addr->sin_addr, sizeof(struct in_addr)); + freeaddrinfo(result); + + return true; + } + + ssize_t UdpSocket::sendto(const std::string& buffer) + { + return (ssize_t)::sendto( + _sockfd, buffer.data(), buffer.size(), 0, (struct sockaddr*) &_server, sizeof(_server)); + } + + ssize_t UdpSocket::recvfrom(char* buffer, size_t length) + { +#ifdef _WIN32 + int addressLen = (int) sizeof(_server); +#else + socklen_t addressLen = (socklen_t) sizeof(_server); +#endif + return (ssize_t)::recvfrom( + _sockfd, buffer, length, 0, (struct sockaddr*) &_server, &addressLen); + } +} // namespace ix diff --git a/ixwebsocket/IXUrlParser.cpp b/ixwebsocket/IXUrlParser.cpp new file mode 100644 index 0000000..9963052 --- /dev/null +++ b/ixwebsocket/IXUrlParser.cpp @@ -0,0 +1,395 @@ +/* + * Lightweight URL & URI parser (RFC 1738, RFC 3986) + * https://github.com/corporateshark/LUrlParser + * + * The MIT License (MIT) + * + * Copyright (C) 2015 Sergey Kosarevsky (sk@linderdaum.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * IXUrlParser.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXUrlParser.h" + +#include +#include +#include + +namespace +{ + enum LUrlParserError + { + LUrlParserError_Ok = 0, + LUrlParserError_Uninitialized = 1, + LUrlParserError_NoUrlCharacter = 2, + LUrlParserError_InvalidSchemeName = 3, + LUrlParserError_NoDoubleSlash = 4, + LUrlParserError_NoAtSign = 5, + LUrlParserError_UnexpectedEndOfLine = 6, + LUrlParserError_NoSlash = 7, + }; + + class clParseURL + { + public: + LUrlParserError m_ErrorCode; + std::string m_Scheme; + std::string m_Host; + std::string m_Port; + std::string m_Path; + std::string m_Query; + std::string m_Fragment; + std::string m_UserName; + std::string m_Password; + + clParseURL() + : m_ErrorCode(LUrlParserError_Uninitialized) + { + } + + /// return 'true' if the parsing was successful + bool IsValid() const + { + return m_ErrorCode == LUrlParserError_Ok; + } + + /// helper to convert the port number to int, return 'true' if the port is valid (within the + /// 0..65535 range) + bool GetPort(int* OutPort) const; + + /// parse the URL + static clParseURL ParseURL(const std::string& URL); + + private: + explicit clParseURL(LUrlParserError ErrorCode) + : m_ErrorCode(ErrorCode) + { + } + }; + + static bool IsSchemeValid(const std::string& SchemeName) + { + for (auto c : SchemeName) + { + if (!isalpha(c) && c != '+' && c != '-' && c != '.') return false; + } + + return true; + } + + bool clParseURL::GetPort(int* OutPort) const + { + if (!IsValid()) + { + return false; + } + + int Port = atoi(m_Port.c_str()); + + if (Port <= 0 || Port > 65535) + { + return false; + } + + if (OutPort) + { + *OutPort = Port; + } + + return true; + } + + // based on RFC 1738 and RFC 3986 + clParseURL clParseURL::ParseURL(const std::string& URL) + { + clParseURL Result; + + const char* CurrentString = URL.c_str(); + + /* + * : + * := [a-z\+\-\.]+ + * For resiliency, programs interpreting URLs should treat upper case letters as + *equivalent to lower case in scheme names + */ + + // try to read scheme + { + const char* LocalString = strchr(CurrentString, ':'); + + if (!LocalString) + { + return clParseURL(LUrlParserError_NoUrlCharacter); + } + + // save the scheme name + Result.m_Scheme = std::string(CurrentString, LocalString - CurrentString); + + if (!IsSchemeValid(Result.m_Scheme)) + { + return clParseURL(LUrlParserError_InvalidSchemeName); + } + + // scheme should be lowercase + std::transform( + Result.m_Scheme.begin(), Result.m_Scheme.end(), Result.m_Scheme.begin(), ::tolower); + + // skip ':' + CurrentString = LocalString + 1; + } + + /* + * //:@:/ + * any ":", "@" and "/" must be normalized + */ + + // skip "//" + if (*CurrentString++ != '/') return clParseURL(LUrlParserError_NoDoubleSlash); + if (*CurrentString++ != '/') return clParseURL(LUrlParserError_NoDoubleSlash); + + // check if the user name and password are specified + bool bHasUserName = false; + + const char* LocalString = CurrentString; + + while (*LocalString) + { + if (*LocalString == '@') + { + // user name and password are specified + bHasUserName = true; + break; + } + else if (*LocalString == '/') + { + // end of : specification + bHasUserName = false; + break; + } + + LocalString++; + } + + // user name and password + LocalString = CurrentString; + + if (bHasUserName) + { + // read user name + while (*LocalString && *LocalString != ':' && *LocalString != '@') + LocalString++; + + Result.m_UserName = std::string(CurrentString, LocalString - CurrentString); + + // proceed with the current pointer + CurrentString = LocalString; + + if (*CurrentString == ':') + { + // skip ':' + CurrentString++; + + // read password + LocalString = CurrentString; + + while (*LocalString && *LocalString != '@') + LocalString++; + + Result.m_Password = std::string(CurrentString, LocalString - CurrentString); + + CurrentString = LocalString; + } + + // skip '@' + if (*CurrentString != '@') + { + return clParseURL(LUrlParserError_NoAtSign); + } + + CurrentString++; + } + + bool bHasBracket = (*CurrentString == '['); + + // go ahead, read the host name + LocalString = CurrentString; + + while (*LocalString) + { + if (bHasBracket && *LocalString == ']') + { + // end of IPv6 address + LocalString++; + break; + } + else if (!bHasBracket && (*LocalString == ':' || *LocalString == '/')) + { + // port number is specified + break; + } + + LocalString++; + } + + Result.m_Host = std::string(CurrentString, LocalString - CurrentString); + + CurrentString = LocalString; + + // is port number specified? + if (*CurrentString == ':') + { + CurrentString++; + + // read port number + LocalString = CurrentString; + + while (*LocalString && *LocalString != '/') + LocalString++; + + Result.m_Port = std::string(CurrentString, LocalString - CurrentString); + + CurrentString = LocalString; + } + + // end of string + if (!*CurrentString) + { + Result.m_ErrorCode = LUrlParserError_Ok; + + return Result; + } + + // skip '/' + if (*CurrentString != '/') + { + return clParseURL(LUrlParserError_NoSlash); + } + + CurrentString++; + + // parse the path + LocalString = CurrentString; + + while (*LocalString && *LocalString != '#' && *LocalString != '?') + LocalString++; + + Result.m_Path = std::string(CurrentString, LocalString - CurrentString); + + CurrentString = LocalString; + + // check for query + if (*CurrentString == '?') + { + // skip '?' + CurrentString++; + + // read query + LocalString = CurrentString; + + while (*LocalString && *LocalString != '#') + LocalString++; + + Result.m_Query = std::string(CurrentString, LocalString - CurrentString); + + CurrentString = LocalString; + } + + // check for fragment + if (*CurrentString == '#') + { + // skip '#' + CurrentString++; + + // read fragment + LocalString = CurrentString; + + while (*LocalString) + LocalString++; + + Result.m_Fragment = std::string(CurrentString, LocalString - CurrentString); + } + + Result.m_ErrorCode = LUrlParserError_Ok; + + return Result; + } +} // namespace + +namespace ix +{ + bool UrlParser::parse(const std::string& url, + std::string& protocol, + std::string& host, + std::string& path, + std::string& query, + int& port) + { + clParseURL res = clParseURL::ParseURL(url); + + if (!res.IsValid()) + { + return false; + } + + protocol = res.m_Scheme; + host = res.m_Host; + path = res.m_Path; + query = res.m_Query; + + if (!res.GetPort(&port)) + { + if (protocol == "ws" || protocol == "http") + { + port = 80; + } + else if (protocol == "wss" || protocol == "https") + { + port = 443; + } + else + { + // Invalid protocol. Should be caught by regex check + // but this missing branch trigger cpplint linter. + return false; + } + } + + if (path.empty()) + { + path = "/"; + } + else if (path[0] != '/') + { + path = '/' + path; + } + + if (!query.empty()) + { + path += "?"; + path += query; + } + + return true; + } + +} // namespace ix diff --git a/ixwebsocket/IXUserAgent.cpp b/ixwebsocket/IXUserAgent.cpp new file mode 100644 index 0000000..89dcb0f --- /dev/null +++ b/ixwebsocket/IXUserAgent.cpp @@ -0,0 +1,89 @@ +/* + * IXUserAgent.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXUserAgent.h" + +#include "IXWebSocketVersion.h" +#include +#ifdef IXWEBSOCKET_USE_ZLIB +#include +#endif + +// Platform name +#if defined(_WIN32) +#define PLATFORM_NAME "windows" // Windows +#elif defined(_WIN64) +#define PLATFORM_NAME "windows" // Windows +#elif defined(__CYGWIN__) && !defined(_WIN32) +#define PLATFORM_NAME "windows" // Windows (Cygwin POSIX under Microsoft Window) +#elif defined(__ANDROID__) +#define PLATFORM_NAME "android" // Android (implies Linux, so it must come first) +#elif defined(__linux__) +#define PLATFORM_NAME "linux" // Debian, Ubuntu, Gentoo, Fedora, openSUSE, RedHat, Centos and other +#elif defined(__unix__) || !defined(__APPLE__) && defined(__MACH__) +#include +#if defined(BSD) +#define PLATFORM_NAME "bsd" // FreeBSD, NetBSD, OpenBSD, DragonFly BSD +#endif +#elif defined(__hpux) +#define PLATFORM_NAME "hp-ux" // HP-UX +#elif defined(_AIX) +#define PLATFORM_NAME "aix" // IBM AIX +#elif defined(__APPLE__) && defined(__MACH__) // Apple OSX and iOS (Darwin) +#include +#if TARGET_IPHONE_SIMULATOR == 1 +#define PLATFORM_NAME "ios" // Apple iOS +#elif TARGET_OS_IPHONE == 1 +#define PLATFORM_NAME "ios" // Apple iOS +#elif TARGET_OS_MAC == 1 +#define PLATFORM_NAME "macos" // Apple OSX +#endif +#elif defined(__sun) && defined(__SVR4) +#define PLATFORM_NAME "solaris" // Oracle Solaris, Open Indiana +#else +#define PLATFORM_NAME "unknown platform" +#endif + +// SSL +#ifdef IXWEBSOCKET_USE_MBED_TLS +#include +#elif defined(IXWEBSOCKET_USE_OPEN_SSL) +#include +#endif + +namespace ix +{ + std::string userAgent() + { + std::stringstream ss; + + // IXWebSocket Version + ss << "ixwebsocket/" << IX_WEBSOCKET_VERSION; + + // Platform + ss << " " << PLATFORM_NAME; + + // TLS +#ifdef IXWEBSOCKET_USE_TLS +#ifdef IXWEBSOCKET_USE_MBED_TLS + ss << " ssl/mbedtls " << MBEDTLS_VERSION_STRING; +#elif defined(IXWEBSOCKET_USE_OPEN_SSL) + ss << " ssl/OpenSSL " << OPENSSL_VERSION_TEXT; +#elif __APPLE__ + ss << " ssl/SecureTransport"; +#endif +#else + ss << " nossl"; +#endif + +#ifdef IXWEBSOCKET_USE_ZLIB + // Zlib version + ss << " zlib " << ZLIB_VERSION; +#endif + + return ss.str(); + } +} // namespace ix diff --git a/ixwebsocket/IXUuid.cpp b/ixwebsocket/IXUuid.cpp new file mode 100644 index 0000000..0d82ef7 --- /dev/null +++ b/ixwebsocket/IXUuid.cpp @@ -0,0 +1,75 @@ +/* + * IXUuid.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone. All rights reserved. + */ + +/** + * Generate a random uuid similar to the uuid python module + * + * >>> import uuid + * >>> uuid.uuid4().hex + * 'bec08155b37d4050a1f3c3fa0276bf12' + * + * Code adapted from https://github.com/r-lyeh-archived/sole + */ + +#include "IXUuid.h" + +#include +#include +#include +#include + + +namespace ix +{ + class Uuid + { + public: + Uuid(); + std::string toString() const; + + private: + uint64_t _ab; + uint64_t _cd; + }; + + Uuid::Uuid() + { + static std::random_device rd; + static std::uniform_int_distribution dist(0, (uint64_t)(~0)); + + _ab = dist(rd); + _cd = dist(rd); + + _ab = (_ab & 0xFFFFFFFFFFFF0FFFULL) | 0x0000000000004000ULL; + _cd = (_cd & 0x3FFFFFFFFFFFFFFFULL) | 0x8000000000000000ULL; + } + + std::string Uuid::toString() const + { + std::stringstream ss; + ss << std::hex << std::nouppercase << std::setfill('0'); + + uint32_t a = (_ab >> 32); + uint32_t b = (_ab & 0xFFFFFFFF); + uint32_t c = (_cd >> 32); + uint32_t d = (_cd & 0xFFFFFFFF); + + ss << std::setw(8) << (a); + ss << std::setw(4) << (b >> 16); + ss << std::setw(4) << (b & 0xFFFF); + ss << std::setw(4) << (c >> 16); + ss << std::setw(4) << (c & 0xFFFF); + ss << std::setw(8) << d; + + return ss.str(); + } + + std::string uuid4() + { + Uuid id; + return id.toString(); + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocket.cpp b/ixwebsocket/IXWebSocket.cpp new file mode 100644 index 0000000..7aab790 --- /dev/null +++ b/ixwebsocket/IXWebSocket.cpp @@ -0,0 +1,614 @@ +/* + * IXWebSocket.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocket.h" + +#include "IXExponentialBackoff.h" +#include "IXSetThreadName.h" +#include "IXUniquePtr.h" +#include "IXUtf8Validator.h" +#include "IXWebSocketHandshake.h" +#include +#include + + +namespace +{ + const std::string emptyMsg; +} // namespace + + +namespace ix +{ + OnTrafficTrackerCallback WebSocket::_onTrafficTrackerCallback = nullptr; + const int WebSocket::kDefaultHandShakeTimeoutSecs(60); + const int WebSocket::kDefaultPingIntervalSecs(-1); + const bool WebSocket::kDefaultEnablePong(true); + const uint32_t WebSocket::kDefaultMaxWaitBetweenReconnectionRetries(10 * 1000); // 10s + const uint32_t WebSocket::kDefaultMinWaitBetweenReconnectionRetries(1); // 1 ms + + WebSocket::WebSocket() + : _onMessageCallback(OnMessageCallback()) + , _stop(false) + , _automaticReconnection(true) + , _maxWaitBetweenReconnectionRetries(kDefaultMaxWaitBetweenReconnectionRetries) + , _minWaitBetweenReconnectionRetries(kDefaultMinWaitBetweenReconnectionRetries) + , _handshakeTimeoutSecs(kDefaultHandShakeTimeoutSecs) + , _enablePong(kDefaultEnablePong) + , _pingIntervalSecs(kDefaultPingIntervalSecs) + { + _ws.setOnCloseCallback( + [this](uint16_t code, const std::string& reason, size_t wireSize, bool remote) { + _onMessageCallback( + ix::make_unique(WebSocketMessageType::Close, + emptyMsg, + wireSize, + WebSocketErrorInfo(), + WebSocketOpenInfo(), + WebSocketCloseInfo(code, reason, remote))); + }); + } + + WebSocket::~WebSocket() + { + stop(); + _ws.setOnCloseCallback(nullptr); + } + + void WebSocket::setUrl(const std::string& url) + { + std::lock_guard lock(_configMutex); + _url = url; + } + + void WebSocket::setHandshakeTimeout(int handshakeTimeoutSecs) + { + _handshakeTimeoutSecs = handshakeTimeoutSecs; + } + + void WebSocket::setExtraHeaders(const WebSocketHttpHeaders& headers) + { + std::lock_guard lock(_configMutex); + _extraHeaders = headers; + } + + const std::string WebSocket::getUrl() const + { + std::lock_guard lock(_configMutex); + return _url; + } + + void WebSocket::setPerMessageDeflateOptions( + const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions) + { + std::lock_guard lock(_configMutex); + _perMessageDeflateOptions = perMessageDeflateOptions; + } + + void WebSocket::setTLSOptions(const SocketTLSOptions& socketTLSOptions) + { + std::lock_guard lock(_configMutex); + _socketTLSOptions = socketTLSOptions; + } + + const WebSocketPerMessageDeflateOptions WebSocket::getPerMessageDeflateOptions() const + { + std::lock_guard lock(_configMutex); + return _perMessageDeflateOptions; + } + + void WebSocket::setPingInterval(int pingIntervalSecs) + { + std::lock_guard lock(_configMutex); + _pingIntervalSecs = pingIntervalSecs; + } + + int WebSocket::getPingInterval() const + { + std::lock_guard lock(_configMutex); + return _pingIntervalSecs; + } + + void WebSocket::enablePong() + { + std::lock_guard lock(_configMutex); + _enablePong = true; + } + + void WebSocket::disablePong() + { + std::lock_guard lock(_configMutex); + _enablePong = false; + } + + void WebSocket::enablePerMessageDeflate() + { + std::lock_guard lock(_configMutex); + WebSocketPerMessageDeflateOptions perMessageDeflateOptions(true); + _perMessageDeflateOptions = perMessageDeflateOptions; + } + + void WebSocket::disablePerMessageDeflate() + { + std::lock_guard lock(_configMutex); + WebSocketPerMessageDeflateOptions perMessageDeflateOptions(false); + _perMessageDeflateOptions = perMessageDeflateOptions; + } + + void WebSocket::setMaxWaitBetweenReconnectionRetries(uint32_t maxWaitBetweenReconnectionRetries) + { + std::lock_guard lock(_configMutex); + _maxWaitBetweenReconnectionRetries = maxWaitBetweenReconnectionRetries; + } + + void WebSocket::setMinWaitBetweenReconnectionRetries(uint32_t minWaitBetweenReconnectionRetries) + { + std::lock_guard lock(_configMutex); + _minWaitBetweenReconnectionRetries = minWaitBetweenReconnectionRetries; + } + + uint32_t WebSocket::getMaxWaitBetweenReconnectionRetries() const + { + std::lock_guard lock(_configMutex); + return _maxWaitBetweenReconnectionRetries; + } + + uint32_t WebSocket::getMinWaitBetweenReconnectionRetries() const + { + std::lock_guard lock(_configMutex); + return _minWaitBetweenReconnectionRetries; + } + + void WebSocket::start() + { + if (_thread.joinable()) return; // we've already been started + + _thread = std::thread(&WebSocket::run, this); + } + + void WebSocket::stop(uint16_t code, const std::string& reason) + { + close(code, reason); + + if (_thread.joinable()) + { + // wait until working thread will exit + // it will exit after close operation is finished + _stop = true; + _sleepCondition.notify_one(); + _thread.join(); + _stop = false; + } + } + + WebSocketInitResult WebSocket::connect(int timeoutSecs) + { + { + std::lock_guard lock(_configMutex); + _ws.configure( + _perMessageDeflateOptions, _socketTLSOptions, _enablePong, _pingIntervalSecs); + } + + WebSocketHttpHeaders headers(_extraHeaders); + std::string subProtocolsHeader; + auto subProtocols = getSubProtocols(); + if (!subProtocols.empty()) + { + // + // Sub Protocol strings are comma separated. + // Python code to do that is: + // >>> ','.join(['json', 'msgpack']) + // 'json,msgpack' + // + int i = 0; + for (auto subProtocol : subProtocols) + { + if (i++ != 0) + { + subProtocolsHeader += ","; + } + subProtocolsHeader += subProtocol; + } + headers["Sec-WebSocket-Protocol"] = subProtocolsHeader; + } + + WebSocketInitResult status = _ws.connectToUrl(_url, headers, timeoutSecs); + if (!status.success) + { + return status; + } + + _onMessageCallback(ix::make_unique( + WebSocketMessageType::Open, + emptyMsg, + 0, + WebSocketErrorInfo(), + WebSocketOpenInfo(status.uri, status.headers, status.protocol), + WebSocketCloseInfo())); + + if (_pingIntervalSecs > 0) + { + // Send a heart beat right away + _ws.sendHeartBeat(); + } + + return status; + } + + WebSocketInitResult WebSocket::connectToSocket(std::unique_ptr socket, + int timeoutSecs, + bool enablePerMessageDeflate) + { + { + std::lock_guard lock(_configMutex); + _ws.configure( + _perMessageDeflateOptions, _socketTLSOptions, _enablePong, _pingIntervalSecs); + } + + WebSocketInitResult status = + _ws.connectToSocket(std::move(socket), timeoutSecs, enablePerMessageDeflate); + if (!status.success) + { + return status; + } + + _onMessageCallback( + ix::make_unique(WebSocketMessageType::Open, + emptyMsg, + 0, + WebSocketErrorInfo(), + WebSocketOpenInfo(status.uri, status.headers), + WebSocketCloseInfo())); + + if (_pingIntervalSecs > 0) + { + // Send a heart beat right away + _ws.sendHeartBeat(); + } + + return status; + } + + bool WebSocket::isConnected() const + { + return getReadyState() == ReadyState::Open; + } + + bool WebSocket::isClosing() const + { + return getReadyState() == ReadyState::Closing; + } + + void WebSocket::close(uint16_t code, const std::string& reason) + { + _ws.close(code, reason); + } + + void WebSocket::checkConnection(bool firstConnectionAttempt) + { + using millis = std::chrono::duration; + + uint32_t retries = 0; + millis duration(0); + + // Try to connect perpertually + while (true) + { + if (isConnected() || isClosing() || _stop) + { + break; + } + + if (!firstConnectionAttempt && !_automaticReconnection) + { + // Do not attempt to reconnect + break; + } + + firstConnectionAttempt = false; + + // Only sleep if we are retrying + if (duration.count() > 0) + { + std::unique_lock lock(_sleepMutex); + _sleepCondition.wait_for(lock, duration); + } + + if (_stop) + { + break; + } + + // Try to connect synchronously + ix::WebSocketInitResult status = connect(_handshakeTimeoutSecs); + + if (!status.success) + { + WebSocketErrorInfo connectErr; + + if (_automaticReconnection) + { + duration = + millis(calculateRetryWaitMilliseconds(retries++, + _maxWaitBetweenReconnectionRetries, + _minWaitBetweenReconnectionRetries)); + + connectErr.wait_time = duration.count(); + connectErr.retries = retries; + } + + connectErr.reason = status.errorStr; + connectErr.http_status = status.http_status; + + _onMessageCallback(ix::make_unique(WebSocketMessageType::Error, + emptyMsg, + 0, + connectErr, + WebSocketOpenInfo(), + WebSocketCloseInfo())); + } + } + } + + void WebSocket::run() + { + setThreadName(getUrl()); + + bool firstConnectionAttempt = true; + + while (true) + { + // 1. Make sure we are always connected + checkConnection(firstConnectionAttempt); + + firstConnectionAttempt = false; + + // if here we are closed then checkConnection was not able to connect + if (getReadyState() == ReadyState::Closed) + { + break; + } + + // We can avoid to poll if we want to stop and are not closing + if (_stop && !isClosing()) break; + + // 2. Poll to see if there's any new data available + WebSocketTransport::PollResult pollResult = _ws.poll(); + + // 3. Dispatch the incoming messages + _ws.dispatch( + pollResult, + [this](const std::string& msg, + size_t wireSize, + bool decompressionError, + WebSocketTransport::MessageKind messageKind) { + WebSocketMessageType webSocketMessageType{WebSocketMessageType::Error}; + switch (messageKind) + { + case WebSocketTransport::MessageKind::MSG_TEXT: + case WebSocketTransport::MessageKind::MSG_BINARY: + { + webSocketMessageType = WebSocketMessageType::Message; + } + break; + + case WebSocketTransport::MessageKind::PING: + { + webSocketMessageType = WebSocketMessageType::Ping; + } + break; + + case WebSocketTransport::MessageKind::PONG: + { + webSocketMessageType = WebSocketMessageType::Pong; + } + break; + + case WebSocketTransport::MessageKind::FRAGMENT: + { + webSocketMessageType = WebSocketMessageType::Fragment; + } + break; + } + + WebSocketErrorInfo webSocketErrorInfo; + webSocketErrorInfo.decompressionError = decompressionError; + + bool binary = messageKind == WebSocketTransport::MessageKind::MSG_BINARY; + + _onMessageCallback(ix::make_unique(webSocketMessageType, + msg, + wireSize, + webSocketErrorInfo, + WebSocketOpenInfo(), + WebSocketCloseInfo(), + binary)); + + WebSocket::invokeTrafficTrackerCallback(wireSize, true); + }); + } + } + + void WebSocket::setOnMessageCallback(const OnMessageCallback& callback) + { + _onMessageCallback = callback; + } + + bool WebSocket::isOnMessageCallbackRegistered() const + { + return _onMessageCallback != nullptr; + } + + void WebSocket::setTrafficTrackerCallback(const OnTrafficTrackerCallback& callback) + { + _onTrafficTrackerCallback = callback; + } + + void WebSocket::resetTrafficTrackerCallback() + { + setTrafficTrackerCallback(nullptr); + } + + void WebSocket::invokeTrafficTrackerCallback(size_t size, bool incoming) + { + if (_onTrafficTrackerCallback) + { + _onTrafficTrackerCallback(size, incoming); + } + } + + WebSocketSendInfo WebSocket::send(const std::string& data, + bool binary, + const OnProgressCallback& onProgressCallback) + { + return (binary) ? sendBinary(data, onProgressCallback) : sendText(data, onProgressCallback); + } + + WebSocketSendInfo WebSocket::sendBinary(const std::string& data, + const OnProgressCallback& onProgressCallback) + { + return sendMessage(data, SendMessageKind::Binary, onProgressCallback); + } + + WebSocketSendInfo WebSocket::sendBinary(const IXWebSocketSendData& data, + const OnProgressCallback& onProgressCallback) + { + return sendMessage(data, SendMessageKind::Binary, onProgressCallback); + } + + WebSocketSendInfo WebSocket::sendUtf8Text(const std::string& text, + const OnProgressCallback& onProgressCallback) + { + return sendMessage(text, SendMessageKind::Text, onProgressCallback); + } + + WebSocketSendInfo WebSocket::sendUtf8Text(const IXWebSocketSendData& text, + const OnProgressCallback& onProgressCallback) + { + return sendMessage(text, SendMessageKind::Text, onProgressCallback); + } + + WebSocketSendInfo WebSocket::sendText(const std::string& text, + const OnProgressCallback& onProgressCallback) + { + if (!validateUtf8(text)) + { + close(WebSocketCloseConstants::kInvalidFramePayloadData, + WebSocketCloseConstants::kInvalidFramePayloadDataMessage); + return false; + } + return sendMessage(text, SendMessageKind::Text, onProgressCallback); + } + + WebSocketSendInfo WebSocket::ping(const std::string& text) + { + // Standard limit ping message size + constexpr size_t pingMaxPayloadSize = 125; + if (text.size() > pingMaxPayloadSize) return WebSocketSendInfo(false); + + return sendMessage(text, SendMessageKind::Ping); + } + + WebSocketSendInfo WebSocket::sendMessage(const IXWebSocketSendData& message, + SendMessageKind sendMessageKind, + const OnProgressCallback& onProgressCallback) + { + if (!isConnected()) return WebSocketSendInfo(false); + + // + // It is OK to read and write on the same socket in 2 different threads. + // https://stackoverflow.com/questions/1981372/are-parallel-calls-to-send-recv-on-the-same-socket-valid + // + // This makes it so that messages are sent right away, and we dont need + // a timeout while we poll to keep wake ups to a minimum (which helps + // with battery life), and use the system select call to notify us when + // incoming messages are arriving / there's data to be received. + // + std::lock_guard lock(_writeMutex); + WebSocketSendInfo webSocketSendInfo; + + switch (sendMessageKind) + { + case SendMessageKind::Text: + { + webSocketSendInfo = _ws.sendText(message, onProgressCallback); + } + break; + + case SendMessageKind::Binary: + { + webSocketSendInfo = _ws.sendBinary(message, onProgressCallback); + } + break; + + case SendMessageKind::Ping: + { + webSocketSendInfo = _ws.sendPing(message); + } + break; + } + + WebSocket::invokeTrafficTrackerCallback(webSocketSendInfo.wireSize, false); + + return webSocketSendInfo; + } + + ReadyState WebSocket::getReadyState() const + { + switch (_ws.getReadyState()) + { + case ix::WebSocketTransport::ReadyState::OPEN: return ReadyState::Open; + case ix::WebSocketTransport::ReadyState::CONNECTING: return ReadyState::Connecting; + case ix::WebSocketTransport::ReadyState::CLOSING: return ReadyState::Closing; + case ix::WebSocketTransport::ReadyState::CLOSED: return ReadyState::Closed; + default: return ReadyState::Closed; + } + } + + std::string WebSocket::readyStateToString(ReadyState readyState) + { + switch (readyState) + { + case ReadyState::Open: return "OPEN"; + case ReadyState::Connecting: return "CONNECTING"; + case ReadyState::Closing: return "CLOSING"; + case ReadyState::Closed: return "CLOSED"; + default: return "UNKNOWN"; + } + } + + void WebSocket::enableAutomaticReconnection() + { + _automaticReconnection = true; + } + + void WebSocket::disableAutomaticReconnection() + { + _automaticReconnection = false; + } + + bool WebSocket::isAutomaticReconnectionEnabled() const + { + return _automaticReconnection; + } + + size_t WebSocket::bufferedAmount() const + { + return _ws.bufferedAmount(); + } + + void WebSocket::addSubProtocol(const std::string& subProtocol) + { + std::lock_guard lock(_configMutex); + _subProtocols.push_back(subProtocol); + } + + const std::vector& WebSocket::getSubProtocols() + { + std::lock_guard lock(_configMutex); + return _subProtocols; + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketCloseConstants.cpp b/ixwebsocket/IXWebSocketCloseConstants.cpp new file mode 100644 index 0000000..d8ba57f --- /dev/null +++ b/ixwebsocket/IXWebSocketCloseConstants.cpp @@ -0,0 +1,36 @@ +/* + * IXWebSocketCloseConstants.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketCloseConstants.h" + +namespace ix +{ + const uint16_t WebSocketCloseConstants::kNormalClosureCode(1000); + const uint16_t WebSocketCloseConstants::kInternalErrorCode(1011); + const uint16_t WebSocketCloseConstants::kAbnormalCloseCode(1006); + const uint16_t WebSocketCloseConstants::kInvalidFramePayloadData(1007); + const uint16_t WebSocketCloseConstants::kProtocolErrorCode(1002); + const uint16_t WebSocketCloseConstants::kNoStatusCodeErrorCode(1005); + + const std::string WebSocketCloseConstants::kNormalClosureMessage("Normal closure"); + const std::string WebSocketCloseConstants::kInternalErrorMessage("Internal error"); + const std::string WebSocketCloseConstants::kAbnormalCloseMessage("Abnormal closure"); + const std::string WebSocketCloseConstants::kPingTimeoutMessage("Ping timeout"); + const std::string WebSocketCloseConstants::kProtocolErrorMessage("Protocol error"); + const std::string WebSocketCloseConstants::kNoStatusCodeErrorMessage("No status code"); + const std::string WebSocketCloseConstants::kProtocolErrorReservedBitUsed("Reserved bit used"); + const std::string WebSocketCloseConstants::kProtocolErrorPingPayloadOversized( + "Ping reason control frame with payload length > 125 octets"); + const std::string WebSocketCloseConstants::kProtocolErrorCodeControlMessageFragmented( + "Control message fragmented"); + const std::string WebSocketCloseConstants::kProtocolErrorCodeDataOpcodeOutOfSequence( + "Fragmentation: data message out of sequence"); + const std::string WebSocketCloseConstants::kProtocolErrorCodeContinuationOpCodeOutOfSequence( + "Fragmentation: continuation opcode out of sequence"); + const std::string WebSocketCloseConstants::kInvalidFramePayloadDataMessage( + "Invalid frame payload data"); + const std::string WebSocketCloseConstants::kInvalidCloseCodeMessage("Invalid close code"); +} // namespace ix diff --git a/ixwebsocket/IXWebSocketHandshake.cpp b/ixwebsocket/IXWebSocketHandshake.cpp new file mode 100644 index 0000000..53b3c80 --- /dev/null +++ b/ixwebsocket/IXWebSocketHandshake.cpp @@ -0,0 +1,363 @@ +/* + * IXWebSocketHandshake.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketHandshake.h" + +#include "IXBase64.h" +#include "IXHttp.h" +#include "IXSocketConnect.h" +#include "IXStrCaseCompare.h" +#include "IXUrlParser.h" +#include "IXUserAgent.h" +#include "IXWebSocketHandshakeKeyGen.h" +#include +#include +#include +#include + +namespace ix +{ + WebSocketHandshake::WebSocketHandshake( + std::atomic& requestInitCancellation, + std::unique_ptr& socket, + WebSocketPerMessageDeflatePtr& perMessageDeflate, + WebSocketPerMessageDeflateOptions& perMessageDeflateOptions, + std::atomic& enablePerMessageDeflate) + : _requestInitCancellation(requestInitCancellation) + , _socket(socket) + , _perMessageDeflate(perMessageDeflate) + , _perMessageDeflateOptions(perMessageDeflateOptions) + , _enablePerMessageDeflate(enablePerMessageDeflate) + { + } + + bool WebSocketHandshake::insensitiveStringCompare(const std::string& a, const std::string& b) + { + return CaseInsensitiveLess::cmp(a, b) == 0; + } + + std::string WebSocketHandshake::genRandomString(const int len) + { + std::string alphanum = "0123456789" + "ABCDEFGH" + "abcdefgh"; + + std::random_device r; + std::default_random_engine e1(r()); + std::uniform_int_distribution dist(0, (int) alphanum.size() - 1); + + std::string s; + s.resize(len); + + for (int i = 0; i < len; ++i) + { + int x = dist(e1); + s[i] = alphanum[x]; + } + + return s; + } + + WebSocketInitResult WebSocketHandshake::sendErrorResponse(int code, const std::string& reason) + { + std::stringstream ss; + ss << "HTTP/1.1 "; + ss << code; + ss << " "; + ss << reason; + ss << "\r\n"; + ss << "Server: " << userAgent() << "\r\n"; + + // Socket write can only be cancelled through a timeout here, not manually. + static std::atomic requestInitCancellation(false); + auto isCancellationRequested = + makeCancellationRequestWithTimeout(1, requestInitCancellation); + + if (!_socket->writeBytes(ss.str(), isCancellationRequested)) + { + return WebSocketInitResult(false, 500, "Timed out while sending error response"); + } + + return WebSocketInitResult(false, code, reason); + } + + WebSocketInitResult WebSocketHandshake::clientHandshake( + const std::string& url, + const WebSocketHttpHeaders& extraHeaders, + const std::string& host, + const std::string& path, + int port, + int timeoutSecs) + { + _requestInitCancellation = false; + + auto isCancellationRequested = + makeCancellationRequestWithTimeout(timeoutSecs, _requestInitCancellation); + + std::string errMsg; + bool success = _socket->connect(host, port, errMsg, isCancellationRequested); + if (!success) + { + std::stringstream ss; + ss << "Unable to connect to " << host << " on port " << port << ", error: " << errMsg; + return WebSocketInitResult(false, 0, ss.str()); + } + + // Generate a random 16 bytes string and base64 encode it. + // + // See https://stackoverflow.com/questions/18265128/what-is-sec-websocket-key-for + std::string secWebSocketKey = macaron::Base64::Encode(genRandomString(16)); + + std::stringstream ss; + ss << "GET " << path << " HTTP/1.1\r\n"; + ss << "Host: " << host << ":" << port << "\r\n"; + ss << "Upgrade: websocket\r\n"; + ss << "Connection: Upgrade\r\n"; + ss << "Sec-WebSocket-Version: 13\r\n"; + ss << "Sec-WebSocket-Key: " << secWebSocketKey << "\r\n"; + + // User-Agent can be customized by users + if (extraHeaders.find("User-Agent") == extraHeaders.end()) + { + ss << "User-Agent: " << userAgent() << "\r\n"; + } + + for (auto& it : extraHeaders) + { + ss << it.first << ": " << it.second << "\r\n"; + } + + if (_enablePerMessageDeflate) + { + ss << _perMessageDeflateOptions.generateHeader(); + } + + ss << "\r\n"; + + if (!_socket->writeBytes(ss.str(), isCancellationRequested)) + { + return WebSocketInitResult( + false, 0, std::string("Failed sending GET request to ") + url); + } + + // Read HTTP status line + auto lineResult = _socket->readLine(isCancellationRequested); + auto lineValid = lineResult.first; + auto line = lineResult.second; + + if (!lineValid) + { + return WebSocketInitResult( + false, 0, std::string("Failed reading HTTP status line from ") + url); + } + + // Validate status + auto statusLine = Http::parseStatusLine(line); + std::string httpVersion = statusLine.first; + int status = statusLine.second; + + // HTTP/1.0 is too old. + if (httpVersion != "HTTP/1.1") + { + std::stringstream ss; + ss << "Expecting HTTP/1.1, got " << httpVersion << ". " + << "Rejecting connection to " << url << ", status: " << status + << ", HTTP Status line: " << line; + return WebSocketInitResult(false, status, ss.str()); + } + + auto result = parseHttpHeaders(_socket, isCancellationRequested); + auto headersValid = result.first; + auto headers = result.second; + + if (!headersValid) + { + return WebSocketInitResult(false, status, "Error parsing HTTP headers"); + } + + // We want an 101 HTTP status for websocket, otherwise it could be + // a redirection (like 301) + if (status != 101) + { + std::stringstream ss; + ss << "Expecting status 101 (Switching Protocol), got " << status + << " status connecting to " << url << ", HTTP Status line: " << line; + + return WebSocketInitResult(false, status, ss.str(), headers, path); + } + + // Check the presence of the connection field + if (headers.find("connection") == headers.end()) + { + std::string errorMsg("Missing connection value"); + return WebSocketInitResult(false, status, errorMsg); + } + + // Check the value of the connection field + // Some websocket servers (Go/Gorilla?) send lowercase values for the + // connection header, so do a case insensitive comparison + // + // See https://github.com/apache/thrift/commit/7c4bdf9914fcba6c89e0f69ae48b9675578f084a + // + if (!insensitiveStringCompare(headers["connection"], "Upgrade")) + { + std::stringstream ss; + ss << "Invalid connection value: " << headers["connection"]; + return WebSocketInitResult(false, status, ss.str()); + } + + char output[29] = {}; + WebSocketHandshakeKeyGen::generate(secWebSocketKey, output); + if (std::string(output) != headers["sec-websocket-accept"]) + { + std::string errorMsg("Invalid Sec-WebSocket-Accept value"); + return WebSocketInitResult(false, status, errorMsg); + } + + if (_enablePerMessageDeflate) + { + // Parse the server response. Does it support deflate ? + std::string header = headers["sec-websocket-extensions"]; + WebSocketPerMessageDeflateOptions webSocketPerMessageDeflateOptions(header); + + // If the server does not support that extension, disable it. + if (!webSocketPerMessageDeflateOptions.enabled()) + { + _enablePerMessageDeflate = false; + } + // Otherwise try to initialize the deflate engine (zlib) + else if (!_perMessageDeflate->init(webSocketPerMessageDeflateOptions)) + { + return WebSocketInitResult( + false, 0, "Failed to initialize per message deflate engine"); + } + } + + return WebSocketInitResult(true, status, "", headers, path); + } + + WebSocketInitResult WebSocketHandshake::serverHandshake(int timeoutSecs, + bool enablePerMessageDeflate) + { + _requestInitCancellation = false; + + auto isCancellationRequested = + makeCancellationRequestWithTimeout(timeoutSecs, _requestInitCancellation); + + // Read first line + auto lineResult = _socket->readLine(isCancellationRequested); + auto lineValid = lineResult.first; + auto line = lineResult.second; + + if (!lineValid) + { + return sendErrorResponse(400, "Error reading HTTP request line"); + } + + // Validate request line (GET /foo HTTP/1.1\r\n) + auto requestLine = Http::parseRequestLine(line); + auto method = std::get<0>(requestLine); + auto uri = std::get<1>(requestLine); + auto httpVersion = std::get<2>(requestLine); + + if (method != "GET") + { + return sendErrorResponse(400, "Invalid HTTP method, need GET, got " + method); + } + + if (httpVersion != "HTTP/1.1") + { + return sendErrorResponse(400, + "Invalid HTTP version, need HTTP/1.1, got: " + httpVersion); + } + + // Retrieve and validate HTTP headers + auto result = parseHttpHeaders(_socket, isCancellationRequested); + auto headersValid = result.first; + auto headers = result.second; + + if (!headersValid) + { + return sendErrorResponse(400, "Error parsing HTTP headers"); + } + + if (headers.find("sec-websocket-key") == headers.end()) + { + return sendErrorResponse(400, "Missing Sec-WebSocket-Key value"); + } + + if (headers.find("upgrade") == headers.end()) + { + return sendErrorResponse(400, "Missing Upgrade header"); + } + + if (!insensitiveStringCompare(headers["upgrade"], "WebSocket") && + headers["Upgrade"] != "keep-alive, Upgrade") // special case for firefox + { + return sendErrorResponse(400, + "Invalid Upgrade header, " + "need WebSocket, got " + + headers["upgrade"]); + } + + if (headers.find("sec-websocket-version") == headers.end()) + { + return sendErrorResponse(400, "Missing Sec-WebSocket-Version value"); + } + + { + std::stringstream ss; + ss << headers["sec-websocket-version"]; + int version; + ss >> version; + + if (version != 13) + { + return sendErrorResponse(400, + "Invalid Sec-WebSocket-Version, " + "need 13, got " + + ss.str()); + } + } + + char output[29] = {}; + WebSocketHandshakeKeyGen::generate(headers["sec-websocket-key"], output); + + std::stringstream ss; + ss << "HTTP/1.1 101 Switching Protocols\r\n"; + ss << "Sec-WebSocket-Accept: " << std::string(output) << "\r\n"; + ss << "Upgrade: websocket\r\n"; + ss << "Connection: Upgrade\r\n"; + ss << "Server: " << userAgent() << "\r\n"; + + // Parse the client headers. Does it support deflate ? + std::string header = headers["sec-websocket-extensions"]; + WebSocketPerMessageDeflateOptions webSocketPerMessageDeflateOptions(header); + + // If the client has requested that extension, + if (webSocketPerMessageDeflateOptions.enabled() && enablePerMessageDeflate) + { + _enablePerMessageDeflate = true; + + if (!_perMessageDeflate->init(webSocketPerMessageDeflateOptions)) + { + return WebSocketInitResult( + false, 0, "Failed to initialize per message deflate engine"); + } + ss << webSocketPerMessageDeflateOptions.generateHeader(); + } + + ss << "\r\n"; + + if (!_socket->writeBytes(ss.str(), isCancellationRequested)) + { + return WebSocketInitResult( + false, 0, std::string("Failed sending response to remote end")); + } + + return WebSocketInitResult(true, 200, "", headers, uri); + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketHttpHeaders.cpp b/ixwebsocket/IXWebSocketHttpHeaders.cpp new file mode 100644 index 0000000..5563430 --- /dev/null +++ b/ixwebsocket/IXWebSocketHttpHeaders.cpp @@ -0,0 +1,74 @@ +/* + * IXWebSocketHttpHeaders.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketHttpHeaders.h" + +#include "IXSocket.h" +#include +#include + +namespace ix +{ + std::pair parseHttpHeaders( + std::unique_ptr& socket, const CancellationRequest& isCancellationRequested) + { + WebSocketHttpHeaders headers; + + char line[1024]; + int i; + + while (true) + { + int colon = 0; + + for (i = 0; i < 2 || (i < 1023 && line[i - 2] != '\r' && line[i - 1] != '\n'); ++i) + { + if (!socket->readByte(line + i, isCancellationRequested)) + { + return std::make_pair(false, headers); + } + + if (line[i] == ':' && colon == 0) + { + colon = i; + } + } + if (line[0] == '\r' && line[1] == '\n') + { + break; + } + + // line is a single header entry. split by ':', and add it to our + // header map. ignore lines with no colon. + if (colon > 0) + { + line[i] = '\0'; + std::string lineStr(line); + // colon is ':', usually colon+1 is ' ', and colon+2 is the start of the value. + // some webservers do not put a space after the colon character, so + // the start of the value might be farther than colon+2. + // The spec says that space after the : should be discarded. + // i is end of string (\0), i-colon is length of string minus key; + // subtract 1 for '\0', 1 for '\n', 1 for '\r', + // 1 for the ' ' after the ':', and total is -4 + // since we use an std::string later on and don't account for '\0', + // plus the optional first space, total is -2 + int start = colon + 1; + while (lineStr[start] == ' ') + { + start++; + } + + std::string name(lineStr.substr(0, colon)); + std::string value(lineStr.substr(start, lineStr.size() - start - 2)); + + headers[name] = value; + } + } + + return std::make_pair(true, headers); + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketPerMessageDeflate.cpp b/ixwebsocket/IXWebSocketPerMessageDeflate.cpp new file mode 100644 index 0000000..1c5f195 --- /dev/null +++ b/ixwebsocket/IXWebSocketPerMessageDeflate.cpp @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2015, Peter Thorson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the WebSocket++ Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PETER THORSON BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + * + * Adapted from websocketpp/extensions/permessage_deflate/enabled.hpp + * (same license as MZ: https://opensource.org/licenses/BSD-3-Clause) + * + * - Reused zlib compression + decompression bits. + * - Refactored to have 2 class for compression and decompression, to allow multi-threading + * and make sure that _compressBuffer is not shared between threads. + * - Original code wasn't working for some reason, I had to add checks + * for the presence of the kEmptyUncompressedBlock at the end of buffer so that servers + * would start accepting receiving/decoding compressed messages. Original code was probably + * modifying the passed in buffers before processing in enabled.hpp ? + * - Added more documentation. + * + * Per message Deflate RFC: https://tools.ietf.org/html/rfc7692 + * Chrome websocket -> + * https://github.com/chromium/chromium/tree/2ca8c5037021c9d2ecc00b787d58a31ed8fc8bcb/net/websockets + * + */ + +#include "IXWebSocketPerMessageDeflate.h" + +#include "IXUniquePtr.h" +#include "IXWebSocketPerMessageDeflateCodec.h" +#include "IXWebSocketPerMessageDeflateOptions.h" + +namespace ix +{ + WebSocketPerMessageDeflate::WebSocketPerMessageDeflate() + : _compressor(ix::make_unique()) + , _decompressor(ix::make_unique()) + { + ; + } + + WebSocketPerMessageDeflate::~WebSocketPerMessageDeflate() + { + ; + } + + bool WebSocketPerMessageDeflate::init( + const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions) + { + bool clientNoContextTakeover = perMessageDeflateOptions.getClientNoContextTakeover(); + + uint8_t deflateBits = perMessageDeflateOptions.getClientMaxWindowBits(); + uint8_t inflateBits = perMessageDeflateOptions.getServerMaxWindowBits(); + + return _compressor->init(deflateBits, clientNoContextTakeover) && + _decompressor->init(inflateBits, clientNoContextTakeover); + } + + bool WebSocketPerMessageDeflate::compress(const IXWebSocketSendData& in, std::string& out) + { + return _compressor->compress(in, out); + } + + bool WebSocketPerMessageDeflate::compress(const std::string& in, std::string& out) + { + return _compressor->compress(in, out); + } + + bool WebSocketPerMessageDeflate::decompress(const std::string& in, std::string& out) + { + return _decompressor->decompress(in, out); + } + +} // namespace ix diff --git a/ixwebsocket/IXWebSocketPerMessageDeflateCodec.cpp b/ixwebsocket/IXWebSocketPerMessageDeflateCodec.cpp new file mode 100644 index 0000000..0a52d4d --- /dev/null +++ b/ixwebsocket/IXWebSocketPerMessageDeflateCodec.cpp @@ -0,0 +1,252 @@ +/* + * IXWebSocketPerMessageDeflateCodec.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketPerMessageDeflateCodec.h" + +#include "IXWebSocketPerMessageDeflateOptions.h" +#include +#include + +namespace +{ + // The passed in size (4) is important, without it the string litteral + // is treated as a char* and the null termination (\x00) makes it + // look like an empty string. + const std::string kEmptyUncompressedBlock = std::string("\x00\x00\xff\xff", 4); +} // namespace + +namespace ix +{ + // + // Compressor + // + WebSocketPerMessageDeflateCompressor::WebSocketPerMessageDeflateCompressor() + { +#ifdef IXWEBSOCKET_USE_ZLIB + memset(&_deflateState, 0, sizeof(_deflateState)); + + _deflateState.zalloc = Z_NULL; + _deflateState.zfree = Z_NULL; + _deflateState.opaque = Z_NULL; +#endif + } + + WebSocketPerMessageDeflateCompressor::~WebSocketPerMessageDeflateCompressor() + { +#ifdef IXWEBSOCKET_USE_ZLIB + deflateEnd(&_deflateState); +#endif + } + + bool WebSocketPerMessageDeflateCompressor::init(uint8_t deflateBits, + bool clientNoContextTakeOver) + { +#ifdef IXWEBSOCKET_USE_ZLIB + int ret = deflateInit2(&_deflateState, + Z_DEFAULT_COMPRESSION, + Z_DEFLATED, + -1 * deflateBits, + 4, // memory level 1-9 + Z_DEFAULT_STRATEGY); + + if (ret != Z_OK) return false; + + _flush = (clientNoContextTakeOver) ? Z_FULL_FLUSH : Z_SYNC_FLUSH; + + return true; +#else + return false; +#endif + } + + template + bool WebSocketPerMessageDeflateCompressor::endsWithEmptyUnCompressedBlock(const T& value) + { + if (kEmptyUncompressedBlock.size() > value.size()) return false; + auto N = value.size(); + return value[N - 1] == kEmptyUncompressedBlock[3] && + value[N - 2] == kEmptyUncompressedBlock[2] && + value[N - 3] == kEmptyUncompressedBlock[1] && + value[N - 4] == kEmptyUncompressedBlock[0]; + } + + bool WebSocketPerMessageDeflateCompressor::compress(const std::string& in, std::string& out) + { + return compressData(in, out); + } + + bool WebSocketPerMessageDeflateCompressor::compress(const IXWebSocketSendData& in, + std::string& out) + { + return compressData(in, out); + } + + bool WebSocketPerMessageDeflateCompressor::compress(const std::string& in, + std::vector& out) + { + return compressData(in, out); + } + + bool WebSocketPerMessageDeflateCompressor::compress(const std::vector& in, + std::string& out) + { + return compressData(in, out); + } + + bool WebSocketPerMessageDeflateCompressor::compress(const std::vector& in, + std::vector& out) + { + return compressData(in, out); + } + + template + bool WebSocketPerMessageDeflateCompressor::compressData(const T& in, S& out) + { +#ifdef IXWEBSOCKET_USE_ZLIB + // + // 7.2.1. Compression + // + // An endpoint uses the following algorithm to compress a message. + // + // 1. Compress all the octets of the payload of the message using + // DEFLATE. + // + // 2. If the resulting data does not end with an empty DEFLATE block + // with no compression (the "BTYPE" bits are set to 00), append an + // empty DEFLATE block with no compression to the tail end. + // + // 3. Remove 4 octets (that are 0x00 0x00 0xff 0xff) from the tail end. + // After this step, the last octet of the compressed data contains + // (possibly part of) the DEFLATE header bits with the "BTYPE" bits + // set to 00. + // + size_t output; + + // Clear output + out.clear(); + + if (in.empty()) + { + // See issue #167 + // The normal buffer size should be 6 but + // we remove the 4 octets from the tail (#4) + uint8_t buf[2] = {0x02, 0x00}; + out.push_back(buf[0]); + out.push_back(buf[1]); + + return true; + } + + _deflateState.avail_in = (uInt) in.size(); + _deflateState.next_in = (Bytef*) in.data(); + + do + { + // Output to local buffer + _deflateState.avail_out = (uInt) _compressBuffer.size(); + _deflateState.next_out = &_compressBuffer.front(); + + deflate(&_deflateState, _flush); + + output = _compressBuffer.size() - _deflateState.avail_out; + + out.insert(out.end(), _compressBuffer.begin(), _compressBuffer.begin() + output); + } while (_deflateState.avail_out == 0); + + if (endsWithEmptyUnCompressedBlock(out)) + { + out.resize(out.size() - 4); + } + + return true; +#else + return false; +#endif + } + + // + // Decompressor + // + WebSocketPerMessageDeflateDecompressor::WebSocketPerMessageDeflateDecompressor() + { +#ifdef IXWEBSOCKET_USE_ZLIB + memset(&_inflateState, 0, sizeof(_inflateState)); + + _inflateState.zalloc = Z_NULL; + _inflateState.zfree = Z_NULL; + _inflateState.opaque = Z_NULL; + _inflateState.avail_in = 0; + _inflateState.next_in = Z_NULL; +#endif + } + + WebSocketPerMessageDeflateDecompressor::~WebSocketPerMessageDeflateDecompressor() + { +#ifdef IXWEBSOCKET_USE_ZLIB + inflateEnd(&_inflateState); +#endif + } + + bool WebSocketPerMessageDeflateDecompressor::init(uint8_t inflateBits, + bool clientNoContextTakeOver) + { +#ifdef IXWEBSOCKET_USE_ZLIB + int ret = inflateInit2(&_inflateState, -1 * inflateBits); + + if (ret != Z_OK) return false; + + _flush = (clientNoContextTakeOver) ? Z_FULL_FLUSH : Z_SYNC_FLUSH; + + return true; +#else + return false; +#endif + } + + bool WebSocketPerMessageDeflateDecompressor::decompress(const std::string& in, std::string& out) + { +#ifdef IXWEBSOCKET_USE_ZLIB + // + // 7.2.2. Decompression + // + // An endpoint uses the following algorithm to decompress a message. + // + // 1. Append 4 octets of 0x00 0x00 0xff 0xff to the tail end of the + // payload of the message. + // + // 2. Decompress the resulting data using DEFLATE. + // + std::string inFixed(in); + inFixed += kEmptyUncompressedBlock; + + _inflateState.avail_in = (uInt) inFixed.size(); + _inflateState.next_in = (unsigned char*) (const_cast(inFixed.data())); + + // Clear output + out.clear(); + + do + { + _inflateState.avail_out = (uInt) _compressBuffer.size(); + _inflateState.next_out = &_compressBuffer.front(); + + int ret = inflate(&_inflateState, Z_SYNC_FLUSH); + + if (ret == Z_NEED_DICT || ret == Z_DATA_ERROR || ret == Z_MEM_ERROR) + { + return false; // zlib error + } + + out.append(reinterpret_cast(&_compressBuffer.front()), + _compressBuffer.size() - _inflateState.avail_out); + } while (_inflateState.avail_out == 0); + + return true; +#else + return false; +#endif + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketPerMessageDeflateOptions.cpp b/ixwebsocket/IXWebSocketPerMessageDeflateOptions.cpp new file mode 100644 index 0000000..f7dcc35 --- /dev/null +++ b/ixwebsocket/IXWebSocketPerMessageDeflateOptions.cpp @@ -0,0 +1,185 @@ +/* + * IXWebSocketPerMessageDeflateOptions.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketPerMessageDeflateOptions.h" + +#include +#include +#include + +namespace ix +{ + /// Default values as defined in the RFC + const uint8_t WebSocketPerMessageDeflateOptions::kDefaultServerMaxWindowBits = 15; + static const uint8_t minServerMaxWindowBits = 8; + static const uint8_t maxServerMaxWindowBits = 15; + + const uint8_t WebSocketPerMessageDeflateOptions::kDefaultClientMaxWindowBits = 15; + static const uint8_t minClientMaxWindowBits = 8; + static const uint8_t maxClientMaxWindowBits = 15; + + WebSocketPerMessageDeflateOptions::WebSocketPerMessageDeflateOptions( + bool enabled, + bool clientNoContextTakeover, + bool serverNoContextTakeover, + uint8_t clientMaxWindowBits, + uint8_t serverMaxWindowBits) + { + _enabled = enabled; + _clientNoContextTakeover = clientNoContextTakeover; + _serverNoContextTakeover = serverNoContextTakeover; + _clientMaxWindowBits = clientMaxWindowBits; + _serverMaxWindowBits = serverMaxWindowBits; + + sanitizeClientMaxWindowBits(); + } + + // + // Four extension parameters are defined for "permessage-deflate" to + // help endpoints manage per-connection resource usage. + // + // - "server_no_context_takeover" + // - "client_no_context_takeover" + // - "server_max_window_bits" + // - "client_max_window_bits" + // + // Server response could look like that: + // + // Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; + // server_no_context_takeover + // + WebSocketPerMessageDeflateOptions::WebSocketPerMessageDeflateOptions(std::string extension) + { + extension = removeSpaces(extension); + + _enabled = false; + _clientNoContextTakeover = false; + _serverNoContextTakeover = false; + _clientMaxWindowBits = kDefaultClientMaxWindowBits; + _serverMaxWindowBits = kDefaultServerMaxWindowBits; + +#ifdef IXWEBSOCKET_USE_ZLIB + // Split by ; + std::string token; + std::stringstream tokenStream(extension); + + while (std::getline(tokenStream, token, ';')) + { + if (token == "permessage-deflate") + { + _enabled = true; + } + + if (token == "server_no_context_takeover") + { + _serverNoContextTakeover = true; + } + + if (token == "client_no_context_takeover") + { + _clientNoContextTakeover = true; + } + + if (startsWith(token, "server_max_window_bits=")) + { + uint8_t x = strtol(token.substr(token.find_last_of("=") + 1).c_str(), nullptr, 10); + + // Sanitize values to be in the proper range [8, 15] in + // case a server would give us bogus values + _serverMaxWindowBits = + std::min(maxServerMaxWindowBits, std::max(x, minServerMaxWindowBits)); + } + + if (startsWith(token, "client_max_window_bits=")) + { + uint8_t x = strtol(token.substr(token.find_last_of("=") + 1).c_str(), nullptr, 10); + + // Sanitize values to be in the proper range [8, 15] in + // case a server would give us bogus values + _clientMaxWindowBits = + std::min(maxClientMaxWindowBits, std::max(x, minClientMaxWindowBits)); + + sanitizeClientMaxWindowBits(); + } + } +#endif + } + + void WebSocketPerMessageDeflateOptions::sanitizeClientMaxWindowBits() + { + // zlib/deflate has a bug with windowsbits == 8, so we silently upgrade it to 9 + // See https://bugs.chromium.org/p/chromium/issues/detail?id=691074 + if (_clientMaxWindowBits == 8) + { + _clientMaxWindowBits = 9; + } + } + + std::string WebSocketPerMessageDeflateOptions::generateHeader() + { +#ifdef IXWEBSOCKET_USE_ZLIB + std::stringstream ss; + ss << "Sec-WebSocket-Extensions: permessage-deflate"; + + if (_clientNoContextTakeover) ss << "; client_no_context_takeover"; + if (_serverNoContextTakeover) ss << "; server_no_context_takeover"; + + ss << "; server_max_window_bits=" << static_cast(_serverMaxWindowBits); + ss << "; client_max_window_bits=" << static_cast(_clientMaxWindowBits); + + ss << "\r\n"; + + return ss.str(); +#else + return std::string(); +#endif + } + + bool WebSocketPerMessageDeflateOptions::enabled() const + { +#ifdef IXWEBSOCKET_USE_ZLIB + return _enabled; +#else + return false; +#endif + } + + bool WebSocketPerMessageDeflateOptions::getClientNoContextTakeover() const + { + return _clientNoContextTakeover; + } + + bool WebSocketPerMessageDeflateOptions::getServerNoContextTakeover() const + { + return _serverNoContextTakeover; + } + + uint8_t WebSocketPerMessageDeflateOptions::getClientMaxWindowBits() const + { + return _clientMaxWindowBits; + } + + uint8_t WebSocketPerMessageDeflateOptions::getServerMaxWindowBits() const + { + return _serverMaxWindowBits; + } + + bool WebSocketPerMessageDeflateOptions::startsWith(const std::string& str, + const std::string& start) + { + return str.compare(0, start.length(), start) == 0; + } + + std::string WebSocketPerMessageDeflateOptions::removeSpaces(const std::string& str) + { + std::string out(str); + out.erase( + std::remove_if(out.begin(), out.end(), [](unsigned char x) { return std::isspace(x); }), + out.end()); + + return out; + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketProxyServer.cpp b/ixwebsocket/IXWebSocketProxyServer.cpp new file mode 100644 index 0000000..4b78c63 --- /dev/null +++ b/ixwebsocket/IXWebSocketProxyServer.cpp @@ -0,0 +1,137 @@ +/* + * IXWebSocketProxyServer.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketProxyServer.h" + +#include "IXWebSocketServer.h" +#include + +namespace ix +{ + class ProxyConnectionState : public ix::ConnectionState + { + public: + ProxyConnectionState() + : _connected(false) + { + } + + ix::WebSocket& webSocket() + { + return _serverWebSocket; + } + + bool isConnected() + { + return _connected; + } + + void setConnected() + { + _connected = true; + } + + private: + ix::WebSocket _serverWebSocket; + bool _connected; + }; + + int websocket_proxy_server_main(int port, + const std::string& hostname, + const ix::SocketTLSOptions& tlsOptions, + const std::string& remoteUrl, + const RemoteUrlsMapping& remoteUrlsMapping, + bool /*verbose*/) + { + ix::WebSocketServer server(port, hostname); + server.setTLSOptions(tlsOptions); + + auto factory = []() -> std::shared_ptr { + return std::make_shared(); + }; + server.setConnectionStateFactory(factory); + + server.setOnConnectionCallback( + [remoteUrl, remoteUrlsMapping](std::weak_ptr webSocket, + std::shared_ptr connectionState) { + auto state = std::dynamic_pointer_cast(connectionState); + auto remoteIp = connectionState->getRemoteIp(); + + // Server connection + state->webSocket().setOnMessageCallback( + [webSocket, state, remoteIp](const WebSocketMessagePtr& msg) { + if (msg->type == ix::WebSocketMessageType::Close) + { + state->setTerminated(); + } + else if (msg->type == ix::WebSocketMessageType::Message) + { + auto ws = webSocket.lock(); + if (ws) + { + ws->send(msg->str, msg->binary); + } + } + }); + + // Client connection + auto ws = webSocket.lock(); + if (ws) + { + ws->setOnMessageCallback([state, remoteUrl, remoteUrlsMapping]( + const WebSocketMessagePtr& msg) { + if (msg->type == ix::WebSocketMessageType::Open) + { + // Connect to the 'real' server + std::string url(remoteUrl); + + // maybe we want a different url based on the mapping + std::string host = msg->openInfo.headers["Host"]; + auto it = remoteUrlsMapping.find(host); + if (it != remoteUrlsMapping.end()) + { + url = it->second; + } + + // append the uri to form the full url + // (say ws://localhost:1234/foo/?bar=baz) + url += msg->openInfo.uri; + + state->webSocket().setUrl(url); + state->webSocket().disableAutomaticReconnection(); + state->webSocket().start(); + + // we should sleep here for a bit until we've established the + // connection with the remote server + while (state->webSocket().getReadyState() != ReadyState::Open) + { + std::this_thread::sleep_for(std::chrono::milliseconds(10)); + } + } + else if (msg->type == ix::WebSocketMessageType::Close) + { + state->webSocket().close(msg->closeInfo.code, msg->closeInfo.reason); + } + else if (msg->type == ix::WebSocketMessageType::Message) + { + state->webSocket().send(msg->str, msg->binary); + } + }); + } + }); + + auto res = server.listen(); + if (!res.first) + { + return 1; + } + + server.start(); + server.wait(); + + return 0; + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketServer.cpp b/ixwebsocket/IXWebSocketServer.cpp new file mode 100644 index 0000000..90593d5 --- /dev/null +++ b/ixwebsocket/IXWebSocketServer.cpp @@ -0,0 +1,229 @@ +/* + * IXWebSocketServer.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#include "IXWebSocketServer.h" + +#include "IXNetSystem.h" +#include "IXSetThreadName.h" +#include "IXSocketConnect.h" +#include "IXWebSocket.h" +#include "IXWebSocketTransport.h" +#include +#include +#include + +namespace ix +{ + const int WebSocketServer::kDefaultHandShakeTimeoutSecs(3); // 3 seconds + const bool WebSocketServer::kDefaultEnablePong(true); + + WebSocketServer::WebSocketServer(int port, + const std::string& host, + int backlog, + size_t maxConnections, + int handshakeTimeoutSecs, + int addressFamily) + : SocketServer(port, host, backlog, maxConnections, addressFamily) + , _handshakeTimeoutSecs(handshakeTimeoutSecs) + , _enablePong(kDefaultEnablePong) + , _enablePerMessageDeflate(true) + { + } + + WebSocketServer::~WebSocketServer() + { + stop(); + } + + void WebSocketServer::stop() + { + stopAcceptingConnections(); + + auto clients = getClients(); + for (auto client : clients) + { + client->close(); + } + + SocketServer::stop(); + } + + void WebSocketServer::enablePong() + { + _enablePong = true; + } + + void WebSocketServer::disablePong() + { + _enablePong = false; + } + + void WebSocketServer::disablePerMessageDeflate() + { + _enablePerMessageDeflate = false; + } + + void WebSocketServer::setOnConnectionCallback(const OnConnectionCallback& callback) + { + _onConnectionCallback = callback; + } + + void WebSocketServer::setOnClientMessageCallback(const OnClientMessageCallback& callback) + { + _onClientMessageCallback = callback; + } + + void WebSocketServer::handleConnection(std::unique_ptr socket, + std::shared_ptr connectionState) + { + setThreadName("Srv:ws:" + connectionState->getId()); + + auto webSocket = std::make_shared(); + if (_onConnectionCallback) + { + _onConnectionCallback(webSocket, connectionState); + + if (!webSocket->isOnMessageCallbackRegistered()) + { + logError("WebSocketServer Application developer error: Server callback improperly " + "registerered."); + logError("Missing call to setOnMessageCallback inside setOnConnectionCallback."); + connectionState->setTerminated(); + return; + } + } + else if (_onClientMessageCallback) + { + WebSocket* webSocketRawPtr = webSocket.get(); + webSocket->setOnMessageCallback( + [this, webSocketRawPtr, connectionState](const WebSocketMessagePtr& msg) { + _onClientMessageCallback(connectionState, *webSocketRawPtr, msg); + }); + } + else + { + logError( + "WebSocketServer Application developer error: No server callback is registerered."); + logError("Missing call to setOnConnectionCallback or setOnClientMessageCallback."); + connectionState->setTerminated(); + return; + } + + webSocket->disableAutomaticReconnection(); + + if (_enablePong) + { + webSocket->enablePong(); + } + else + { + webSocket->disablePong(); + } + + // Add this client to our client set + { + std::lock_guard lock(_clientsMutex); + _clients.insert(webSocket); + } + + auto status = webSocket->connectToSocket( + std::move(socket), _handshakeTimeoutSecs, _enablePerMessageDeflate); + if (status.success) + { + // Process incoming messages and execute callbacks + // until the connection is closed + webSocket->run(); + } + else + { + std::stringstream ss; + ss << "WebSocketServer::handleConnection() HTTP status: " << status.http_status + << " error: " << status.errorStr; + logError(ss.str()); + } + + webSocket->setOnMessageCallback(nullptr); + + // Remove this client from our client set + { + std::lock_guard lock(_clientsMutex); + if (_clients.erase(webSocket) != 1) + { + logError("Cannot delete client"); + } + } + + connectionState->setTerminated(); + } + + std::set> WebSocketServer::getClients() + { + std::lock_guard lock(_clientsMutex); + return _clients; + } + + size_t WebSocketServer::getConnectedClientsCount() + { + std::lock_guard lock(_clientsMutex); + return _clients.size(); + } + + // + // Classic servers + // + void WebSocketServer::makeBroadcastServer() + { + setOnClientMessageCallback([this](std::shared_ptr connectionState, + WebSocket& webSocket, + const WebSocketMessagePtr& msg) { + auto remoteIp = connectionState->getRemoteIp(); + if (msg->type == ix::WebSocketMessageType::Message) + { + for (auto&& client : getClients()) + { + if (client.get() != &webSocket) + { + client->send(msg->str, msg->binary); + + // Make sure the OS send buffer is flushed before moving on + do + { + std::chrono::duration duration(500); + std::this_thread::sleep_for(duration); + } while (client->bufferedAmount() != 0); + } + } + } + }); + } + + bool WebSocketServer::listenAndStart() + { + auto res = listen(); + if (!res.first) + { + return false; + } + + start(); + return true; + } + + int WebSocketServer::getHandshakeTimeoutSecs() + { + return _handshakeTimeoutSecs; + } + + bool WebSocketServer::isPongEnabled() + { + return _enablePong; + } + + bool WebSocketServer::isPerMessageDeflateEnabled() + { + return _enablePerMessageDeflate; + } +} // namespace ix diff --git a/ixwebsocket/IXWebSocketTransport.cpp b/ixwebsocket/IXWebSocketTransport.cpp new file mode 100644 index 0000000..86ec52e --- /dev/null +++ b/ixwebsocket/IXWebSocketTransport.cpp @@ -0,0 +1,1197 @@ +/* + * The MIT License (MIT) + * + * Copyright (c) 2012, 2013 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/* + * IXWebSocketTransport.cpp + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +// +// Adapted from https://github.com/dhbaird/easywsclient +// + +#include "IXWebSocketTransport.h" + +#include "IXSocketFactory.h" +#include "IXSocketTLSOptions.h" +#include "IXUniquePtr.h" +#include "IXUrlParser.h" +#include "IXUtf8Validator.h" +#include "IXWebSocketHandshake.h" +#include "IXWebSocketHttpHeaders.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +namespace ix +{ + const std::string WebSocketTransport::kPingMessage("ixwebsocket::heartbeat"); + const int WebSocketTransport::kDefaultPingIntervalSecs(-1); + const bool WebSocketTransport::kDefaultEnablePong(true); + const int WebSocketTransport::kClosingMaximumWaitingDelayInMs(300); + constexpr size_t WebSocketTransport::kChunkSize; + + WebSocketTransport::WebSocketTransport() + : _useMask(true) + , _blockingSend(false) + , _receivedMessageCompressed(false) + , _readyState(ReadyState::CLOSED) + , _closeCode(WebSocketCloseConstants::kInternalErrorCode) + , _closeWireSize(0) + , _closeRemote(false) + , _enablePerMessageDeflate(false) + , _requestInitCancellation(false) + , _closingTimePoint(std::chrono::steady_clock::now()) + , _enablePong(kDefaultEnablePong) + , _pingIntervalSecs(kDefaultPingIntervalSecs) + , _pongReceived(false) + , _pingCount(0) + , _lastSendPingTimePoint(std::chrono::steady_clock::now()) + { + setCloseReason(WebSocketCloseConstants::kInternalErrorMessage); + _readbuf.resize(kChunkSize); + } + + WebSocketTransport::~WebSocketTransport() + { + ; + } + + void WebSocketTransport::configure( + const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions, + const SocketTLSOptions& socketTLSOptions, + bool enablePong, + int pingIntervalSecs) + { + _perMessageDeflateOptions = perMessageDeflateOptions; + _enablePerMessageDeflate = _perMessageDeflateOptions.enabled(); + _socketTLSOptions = socketTLSOptions; + _enablePong = enablePong; + _pingIntervalSecs = pingIntervalSecs; + } + + // Client + WebSocketInitResult WebSocketTransport::connectToUrl(const std::string& url, + const WebSocketHttpHeaders& headers, + int timeoutSecs) + { + std::lock_guard lock(_socketMutex); + + std::string protocol, host, path, query; + int port; + std::string remoteUrl(url); + + WebSocketInitResult result; + const int maxRedirections = 10; + + for (int i = 0; i < maxRedirections; ++i) + { + if (!UrlParser::parse(remoteUrl, protocol, host, path, query, port)) + { + std::stringstream ss; + ss << "Could not parse url: '" << url << "'"; + return WebSocketInitResult(false, 0, ss.str()); + } + + std::string errorMsg; + bool tls = protocol == "wss"; + _socket = createSocket(tls, -1, errorMsg, _socketTLSOptions); + _perMessageDeflate = ix::make_unique(); + + if (!_socket) + { + return WebSocketInitResult(false, 0, errorMsg); + } + + WebSocketHandshake webSocketHandshake(_requestInitCancellation, + _socket, + _perMessageDeflate, + _perMessageDeflateOptions, + _enablePerMessageDeflate); + + result = webSocketHandshake.clientHandshake( + remoteUrl, headers, host, path, port, timeoutSecs); + + if (result.http_status >= 300 && result.http_status < 400) + { + auto it = result.headers.find("Location"); + if (it == result.headers.end()) + { + std::stringstream ss; + ss << "Missing Location Header for HTTP Redirect response. " + << "Rejecting connection to " << url << ", status: " << result.http_status; + result.errorStr = ss.str(); + break; + } + + remoteUrl = it->second; + continue; + } + + if (result.success) + { + setReadyState(ReadyState::OPEN); + } + return result; + } + + return result; + } + + // Server + WebSocketInitResult WebSocketTransport::connectToSocket(std::unique_ptr socket, + int timeoutSecs, + bool enablePerMessageDeflate) + { + std::lock_guard lock(_socketMutex); + + // Server should not mask the data it sends to the client + _useMask = false; + _blockingSend = true; + + _socket = std::move(socket); + _perMessageDeflate = ix::make_unique(); + + WebSocketHandshake webSocketHandshake(_requestInitCancellation, + _socket, + _perMessageDeflate, + _perMessageDeflateOptions, + _enablePerMessageDeflate); + + auto result = webSocketHandshake.serverHandshake(timeoutSecs, enablePerMessageDeflate); + if (result.success) + { + setReadyState(ReadyState::OPEN); + } + return result; + } + + WebSocketTransport::ReadyState WebSocketTransport::getReadyState() const + { + return _readyState; + } + + void WebSocketTransport::setReadyState(ReadyState readyState) + { + // No state change, return + if (_readyState == readyState) return; + + if (readyState == ReadyState::CLOSED) + { + if (_onCloseCallback) + { + _onCloseCallback(_closeCode, getCloseReason(), _closeWireSize, _closeRemote); + } + setCloseReason(WebSocketCloseConstants::kInternalErrorMessage); + _closeCode = WebSocketCloseConstants::kInternalErrorCode; + _closeWireSize = 0; + _closeRemote = false; + } + else if (readyState == ReadyState::OPEN) + { + initTimePointsAfterConnect(); + _pongReceived = false; + } + + _readyState = readyState; + } + + void WebSocketTransport::setOnCloseCallback(const OnCloseCallback& onCloseCallback) + { + _onCloseCallback = onCloseCallback; + } + + void WebSocketTransport::initTimePointsAfterConnect() + { + { + std::lock_guard lock(_lastSendPingTimePointMutex); + _lastSendPingTimePoint = std::chrono::steady_clock::now(); + } + } + + // Only consider send PING time points for that computation. + bool WebSocketTransport::pingIntervalExceeded() + { + if (_pingIntervalSecs <= 0) return false; + + std::lock_guard lock(_lastSendPingTimePointMutex); + auto now = std::chrono::steady_clock::now(); + return now - _lastSendPingTimePoint > std::chrono::seconds(_pingIntervalSecs); + } + + WebSocketSendInfo WebSocketTransport::sendHeartBeat() + { + _pongReceived = false; + std::stringstream ss; + ss << kPingMessage << "::" << _pingIntervalSecs << "s" + << "::" << _pingCount++; + return sendPing(ss.str()); + } + + bool WebSocketTransport::closingDelayExceeded() + { + std::lock_guard lock(_closingTimePointMutex); + auto now = std::chrono::steady_clock::now(); + return now - _closingTimePoint > std::chrono::milliseconds(kClosingMaximumWaitingDelayInMs); + } + + WebSocketTransport::PollResult WebSocketTransport::poll() + { + if (_readyState == ReadyState::OPEN) + { + if (pingIntervalExceeded()) + { + if (!_pongReceived) + { + // ping response (PONG) exceeds the maximum delay, close the connection + close(WebSocketCloseConstants::kInternalErrorCode, + WebSocketCloseConstants::kPingTimeoutMessage); + } + else + { + sendHeartBeat(); + } + } + } + + // No timeout if state is not OPEN, otherwise computed + // pingIntervalOrTimeoutGCD (equals to -1 if no ping and no ping timeout are set) + int lastingTimeoutDelayInMs = (_readyState != ReadyState::OPEN) ? 0 : _pingIntervalSecs; + + if (_pingIntervalSecs > 0) + { + // compute lasting delay to wait for next ping / timeout, if at least one set + auto now = std::chrono::steady_clock::now(); + int timeSinceLastPingMs = (int) std::chrono::duration_cast( + now - _lastSendPingTimePoint) + .count(); + lastingTimeoutDelayInMs = (1000 * _pingIntervalSecs) - timeSinceLastPingMs; + } + + // The platform may not have select interrupt capabilities, so wait with a small timeout + if (lastingTimeoutDelayInMs <= 0 && !_socket->isWakeUpFromPollSupported()) + { + lastingTimeoutDelayInMs = 20; + } + + // If we are requesting a cancellation, pass in a positive and small timeout + // to never poll forever without a timeout. + if (_requestInitCancellation) + { + lastingTimeoutDelayInMs = 100; + } + + // poll the socket + PollResultType pollResult = _socket->isReadyToRead(lastingTimeoutDelayInMs); + + // Make sure we send all the buffered data + // there can be a lot of it for large messages. + if (pollResult == PollResultType::SendRequest) + { + if (!flushSendBuffer()) + { + return PollResult::CannotFlushSendBuffer; + } + } + else if (pollResult == PollResultType::ReadyForRead) + { + if (!receiveFromSocket()) + { + return PollResult::AbnormalClose; + } + } + else if (pollResult == PollResultType::Error) + { + closeSocket(); + } + else if (pollResult == PollResultType::CloseRequest) + { + closeSocket(); + } + + if (_readyState == ReadyState::CLOSING && closingDelayExceeded()) + { + _rxbuf.clear(); + // close code and reason were set when calling close() + closeSocket(); + setReadyState(ReadyState::CLOSED); + } + + return PollResult::Succeeded; + } + + bool WebSocketTransport::isSendBufferEmpty() const + { + std::lock_guard lock(_txbufMutex); + return _txbuf.empty(); + } + + template + void WebSocketTransport::appendToSendBuffer(const std::vector& header, + Iterator begin, + Iterator end, + uint64_t message_size, + uint8_t masking_key[4]) + { + std::lock_guard lock(_txbufMutex); + + _txbuf.insert(_txbuf.end(), header.begin(), header.end()); + _txbuf.insert(_txbuf.end(), begin, end); + + if (_useMask) + { + for (size_t i = 0; i != (size_t) message_size; ++i) + { + *(_txbuf.end() - (size_t) message_size + i) ^= masking_key[i & 0x3]; + } + } + } + + void WebSocketTransport::unmaskReceiveBuffer(const wsheader_type& ws) + { + if (ws.mask) + { + for (size_t j = 0; j != ws.N; ++j) + { + _rxbuf[j + ws.header_size] ^= ws.masking_key[j & 0x3]; + } + } + } + + // + // http://tools.ietf.org/html/rfc6455#section-5.2 Base Framing Protocol + // + // 0 1 2 3 + // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + // +-+-+-+-+-------+-+-------------+-------------------------------+ + // |F|R|R|R| opcode|M| Payload len | Extended payload length | + // |I|S|S|S| (4) |A| (7) | (16/64) | + // |N|V|V|V| |S| | (if payload len==126/127) | + // | |1|2|3| |K| | | + // +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + + // | Extended payload length continued, if payload len == 127 | + // + - - - - - - - - - - - - - - - +-------------------------------+ + // | |Masking-key, if MASK set to 1 | + // +-------------------------------+-------------------------------+ + // | Masking-key (continued) | Payload Data | + // +-------------------------------- - - - - - - - - - - - - - - - + + // : Payload Data continued ... : + // + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + // | Payload Data continued ... | + // +---------------------------------------------------------------+ + // + void WebSocketTransport::dispatch(WebSocketTransport::PollResult pollResult, + const OnMessageCallback& onMessageCallback) + { + while (true) + { + wsheader_type ws; + if (_rxbuf.size() < 2) break; /* Need at least 2 */ + const uint8_t* data = (uint8_t*) &_rxbuf[0]; // peek, but don't consume + ws.fin = (data[0] & 0x80) == 0x80; + ws.rsv1 = (data[0] & 0x40) == 0x40; + ws.rsv2 = (data[0] & 0x20) == 0x20; + ws.rsv3 = (data[0] & 0x10) == 0x10; + ws.opcode = (wsheader_type::opcode_type)(data[0] & 0x0f); + ws.mask = (data[1] & 0x80) == 0x80; + ws.N0 = (data[1] & 0x7f); + ws.header_size = + 2 + (ws.N0 == 126 ? 2 : 0) + (ws.N0 == 127 ? 8 : 0) + (ws.mask ? 4 : 0); + if (_rxbuf.size() < ws.header_size) break; /* Need: ws.header_size - _rxbuf.size() */ + + if ((ws.rsv1 && !_enablePerMessageDeflate) || ws.rsv2 || ws.rsv3) + { + close(WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorReservedBitUsed, + _rxbuf.size()); + return; + } + + // + // Calculate payload length: + // 0-125 mean the payload is that long. + // 126 means that the following two bytes indicate the length, + // 127 means the next 8 bytes indicate the length. + // + int i = 0; + if (ws.N0 < 126) + { + ws.N = ws.N0; + i = 2; + } + else if (ws.N0 == 126) + { + ws.N = 0; + ws.N |= ((uint64_t) data[2]) << 8; + ws.N |= ((uint64_t) data[3]) << 0; + i = 4; + } + else if (ws.N0 == 127) + { + ws.N = 0; + ws.N |= ((uint64_t) data[2]) << 56; + ws.N |= ((uint64_t) data[3]) << 48; + ws.N |= ((uint64_t) data[4]) << 40; + ws.N |= ((uint64_t) data[5]) << 32; + ws.N |= ((uint64_t) data[6]) << 24; + ws.N |= ((uint64_t) data[7]) << 16; + ws.N |= ((uint64_t) data[8]) << 8; + ws.N |= ((uint64_t) data[9]) << 0; + i = 10; + } + else + { + // invalid payload length according to the spec. bail out + return; + } + + if (ws.mask) + { + ws.masking_key[0] = ((uint8_t) data[i + 0]) << 0; + ws.masking_key[1] = ((uint8_t) data[i + 1]) << 0; + ws.masking_key[2] = ((uint8_t) data[i + 2]) << 0; + ws.masking_key[3] = ((uint8_t) data[i + 3]) << 0; + } + else + { + ws.masking_key[0] = 0; + ws.masking_key[1] = 0; + ws.masking_key[2] = 0; + ws.masking_key[3] = 0; + } + + // Prevent integer overflow in the next conditional + const uint64_t maxFrameSize(1ULL << 63); + if (ws.N > maxFrameSize) + { + return; + } + + if (_rxbuf.size() < ws.header_size + ws.N) + { + return; /* Need: ws.header_size+ws.N - _rxbuf.size() */ + } + + if (!ws.fin && (ws.opcode == wsheader_type::PING || ws.opcode == wsheader_type::PONG || + ws.opcode == wsheader_type::CLOSE)) + { + // Control messages should not be fragmented + close(WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorCodeControlMessageFragmented); + return; + } + + unmaskReceiveBuffer(ws); + std::string frameData(_rxbuf.begin() + ws.header_size, + _rxbuf.begin() + ws.header_size + (size_t) ws.N); + + // We got a whole message, now do something with it: + if (ws.opcode == wsheader_type::TEXT_FRAME || + ws.opcode == wsheader_type::BINARY_FRAME || + ws.opcode == wsheader_type::CONTINUATION) + { + if (ws.opcode != wsheader_type::CONTINUATION) + { + _fragmentedMessageKind = (ws.opcode == wsheader_type::TEXT_FRAME) + ? MessageKind::MSG_TEXT + : MessageKind::MSG_BINARY; + + _receivedMessageCompressed = _enablePerMessageDeflate && ws.rsv1; + + // Continuation message needs to follow a non-fin TEXT or BINARY message + if (!_chunks.empty()) + { + close(WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorCodeDataOpcodeOutOfSequence); + } + } + else if (_chunks.empty()) + { + // Continuation message need to follow a non-fin TEXT or BINARY message + close( + WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorCodeContinuationOpCodeOutOfSequence); + } + + // + // Usual case. Small unfragmented messages + // + if (ws.fin && _chunks.empty()) + { + emitMessage(_fragmentedMessageKind, + frameData, + _receivedMessageCompressed, + onMessageCallback); + + _receivedMessageCompressed = false; + } + else + { + // + // Add intermediary message to our chunk list. + // We use a chunk list instead of a big buffer because resizing + // large buffer can be very costly when we need to re-allocate + // the internal buffer which is slow and can let the internal OS + // receive buffer fill out. + // + _chunks.emplace_back(frameData); + + if (ws.fin) + { + emitMessage(_fragmentedMessageKind, + getMergedChunks(), + _receivedMessageCompressed, + onMessageCallback); + + _chunks.clear(); + _receivedMessageCompressed = false; + } + else + { + emitMessage(MessageKind::FRAGMENT, std::string(), false, onMessageCallback); + } + } + } + else if (ws.opcode == wsheader_type::PING) + { + // too large + if (frameData.size() > 125) + { + // Unexpected frame type + close(WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorPingPayloadOversized); + return; + } + + if (_enablePong) + { + // Reply back right away + bool compress = false; + sendData(wsheader_type::PONG, frameData, compress); + } + + emitMessage(MessageKind::PING, frameData, false, onMessageCallback); + } + else if (ws.opcode == wsheader_type::PONG) + { + _pongReceived = true; + emitMessage(MessageKind::PONG, frameData, false, onMessageCallback); + } + else if (ws.opcode == wsheader_type::CLOSE) + { + std::string reason; + uint16_t code = 0; + + if (ws.N >= 2) + { + // Extract the close code first, available as the first 2 bytes + code |= ((uint64_t) _rxbuf[ws.header_size]) << 8; + code |= ((uint64_t) _rxbuf[ws.header_size + 1]) << 0; + + // Get the reason. + if (ws.N > 2) + { + reason = frameData.substr(2, frameData.size()); + } + + // Validate that the reason is proper utf-8. Autobahn 7.5.1 + if (!validateUtf8(reason)) + { + code = WebSocketCloseConstants::kInvalidFramePayloadData; + reason = WebSocketCloseConstants::kInvalidFramePayloadDataMessage; + } + + // + // Validate close codes. Autobahn 7.9.* + // 1014, 1015 are debattable. The firefox MSDN has a description for them. + // Full list of status code and status range is defined in the dedicated + // RFC section at https://tools.ietf.org/html/rfc6455#page-45 + // + if (code < 1000 || code == 1004 || code == 1006 || (code > 1013 && code < 3000)) + { + // build up an error message containing the bad error code + std::stringstream ss; + ss << WebSocketCloseConstants::kInvalidCloseCodeMessage << ": " << code; + reason = ss.str(); + + code = WebSocketCloseConstants::kProtocolErrorCode; + } + } + else + { + // no close code received + code = WebSocketCloseConstants::kNoStatusCodeErrorCode; + reason = WebSocketCloseConstants::kNoStatusCodeErrorMessage; + } + + // We receive a CLOSE frame from remote and are NOT the ones who triggered the close + if (_readyState != ReadyState::CLOSING) + { + // send back the CLOSE frame + sendCloseFrame(code, reason); + + wakeUpFromPoll(SelectInterrupt::kCloseRequest); + + bool remote = true; + closeSocketAndSwitchToClosedState(code, reason, _rxbuf.size(), remote); + } + else + { + // we got the CLOSE frame answer from our close, so we can close the connection + // if the code/reason are the same + bool identicalReason = _closeCode == code && getCloseReason() == reason; + + if (identicalReason) + { + bool remote = false; + closeSocketAndSwitchToClosedState(code, reason, _rxbuf.size(), remote); + } + } + } + else + { + // Unexpected frame type + close(WebSocketCloseConstants::kProtocolErrorCode, + WebSocketCloseConstants::kProtocolErrorMessage, + _rxbuf.size()); + } + + // Erase the message that has been processed from the input/read buffer + _rxbuf.erase(_rxbuf.begin(), _rxbuf.begin() + ws.header_size + (size_t) ws.N); + } + + // if an abnormal closure was raised in poll, and nothing else triggered a CLOSED state in + // the received and processed data then close the connection + if (pollResult != PollResult::Succeeded) + { + _rxbuf.clear(); + + // if we previously closed the connection (CLOSING state), then set state to CLOSED + // (code/reason were set before) + if (_readyState == ReadyState::CLOSING) + { + closeSocket(); + setReadyState(ReadyState::CLOSED); + } + // if we weren't closing, then close using abnormal close code and message + else if (_readyState != ReadyState::CLOSED) + { + closeSocketAndSwitchToClosedState(WebSocketCloseConstants::kAbnormalCloseCode, + WebSocketCloseConstants::kAbnormalCloseMessage, + 0, + false); + } + } + } + + std::string WebSocketTransport::getMergedChunks() const + { + size_t length = 0; + for (auto&& chunk : _chunks) + { + length += chunk.size(); + } + + std::string msg; + msg.reserve(length); + + for (auto&& chunk : _chunks) + { + msg += chunk; + } + + return msg; + } + + void WebSocketTransport::emitMessage(MessageKind messageKind, + const std::string& message, + bool compressedMessage, + const OnMessageCallback& onMessageCallback) + { + size_t wireSize = message.size(); + + // When the RSV1 bit is 1 it means the message is compressed + if (compressedMessage && messageKind != MessageKind::FRAGMENT) + { + bool success = _perMessageDeflate->decompress(message, _decompressedMessage); + + if (messageKind == MessageKind::MSG_TEXT && !validateUtf8(_decompressedMessage)) + { + close(WebSocketCloseConstants::kInvalidFramePayloadData, + WebSocketCloseConstants::kInvalidFramePayloadDataMessage); + } + else + { + onMessageCallback(_decompressedMessage, wireSize, !success, messageKind); + } + } + else + { + if (messageKind == MessageKind::MSG_TEXT && !validateUtf8(message)) + { + close(WebSocketCloseConstants::kInvalidFramePayloadData, + WebSocketCloseConstants::kInvalidFramePayloadDataMessage); + } + else + { + onMessageCallback(message, wireSize, false, messageKind); + } + } + } + + unsigned WebSocketTransport::getRandomUnsigned() + { + auto now = std::chrono::system_clock::now(); + auto seconds = + std::chrono::duration_cast(now.time_since_epoch()).count(); + return static_cast(seconds); + } + + WebSocketSendInfo WebSocketTransport::sendData(wsheader_type::opcode_type type, + const IXWebSocketSendData& message, + bool compress, + const OnProgressCallback& onProgressCallback) + { + if (_readyState != ReadyState::OPEN && _readyState != ReadyState::CLOSING) + { + return WebSocketSendInfo(false); + } + + size_t payloadSize = message.size(); + size_t wireSize = message.size(); + bool compressionError = false; + + auto message_begin = message.cbegin(); + auto message_end = message.cend(); + + if (compress) + { + if (!_perMessageDeflate->compress(message, _compressedMessage)) + { + bool success = false; + compressionError = true; + payloadSize = 0; + wireSize = 0; + return WebSocketSendInfo(success, compressionError, payloadSize, wireSize); + } + compressionError = false; + wireSize = _compressedMessage.size(); + + IXWebSocketSendData compressedSendData(_compressedMessage); + message_begin = compressedSendData.cbegin(); + message_end = compressedSendData.cend(); + } + + { + std::lock_guard lock(_txbufMutex); + _txbuf.reserve(wireSize); + } + + bool success = true; + + // Common case for most message. No fragmentation required. + if (wireSize < kChunkSize) + { + success = sendFragment(type, true, message_begin, message_end, compress); + + if (onProgressCallback) + { + onProgressCallback(0, 1); + } + } + else + { + // + // Large messages need to be fragmented + // + // Rules: + // First message needs to specify a proper type (BINARY or TEXT) + // Intermediary and last messages need to be of type CONTINUATION + // Last message must set the fin byte. + // + auto steps = wireSize / kChunkSize; + + auto begin = message_begin; + auto end = message_end; + + for (uint64_t i = 0; i < steps; ++i) + { + bool firstStep = i == 0; + bool lastStep = (i + 1) == steps; + bool fin = lastStep; + + end = begin + kChunkSize; + if (lastStep) + { + end = message_end; + } + + auto opcodeType = type; + if (!firstStep) + { + opcodeType = wsheader_type::CONTINUATION; + } + + // Send message + if (!sendFragment(opcodeType, fin, begin, end, compress)) + { + return WebSocketSendInfo(false); + } + + if (onProgressCallback && !onProgressCallback((int) i, (int) steps)) + { + break; + } + + begin += kChunkSize; + } + } + + // Request to flush the send buffer on the background thread if it isn't empty + if (!isSendBufferEmpty()) + { + wakeUpFromPoll(SelectInterrupt::kSendRequest); + + // FIXME: we should have a timeout when sending large messages: see #131 + if (_blockingSend && !flushSendBuffer()) + { + success = false; + } + } + + return WebSocketSendInfo(success, compressionError, payloadSize, wireSize); + } + + template + bool WebSocketTransport::sendFragment(wsheader_type::opcode_type type, + bool fin, + Iterator message_begin, + Iterator message_end, + bool compress) + { + uint64_t message_size = static_cast(message_end - message_begin); + + unsigned x = getRandomUnsigned(); + uint8_t masking_key[4] = {}; + masking_key[0] = (x >> 24); + masking_key[1] = (x >> 16) & 0xff; + masking_key[2] = (x >> 8) & 0xff; + masking_key[3] = (x) &0xff; + + std::vector header; + header.assign(2 + (message_size >= 126 ? 2 : 0) + (message_size >= 65536 ? 6 : 0) + + (_useMask ? 4 : 0), + 0); + header[0] = type; + + // The fin bit indicate that this is the last fragment. Fin is French for end. + if (fin) + { + header[0] |= 0x80; + } + + // The rsv1 bit indicate that the frame is compressed + // continuation opcodes should not set it. Autobahn 12.2.10 and others 12.X + if (compress && type != wsheader_type::CONTINUATION) + { + header[0] |= 0x40; + } + + if (message_size < 126) + { + header[1] = (message_size & 0xff) | (_useMask ? 0x80 : 0); + + if (_useMask) + { + header[2] = masking_key[0]; + header[3] = masking_key[1]; + header[4] = masking_key[2]; + header[5] = masking_key[3]; + } + } + else if (message_size < 65536) + { + header[1] = 126 | (_useMask ? 0x80 : 0); + header[2] = (message_size >> 8) & 0xff; + header[3] = (message_size >> 0) & 0xff; + + if (_useMask) + { + header[4] = masking_key[0]; + header[5] = masking_key[1]; + header[6] = masking_key[2]; + header[7] = masking_key[3]; + } + } + else + { // TODO: run coverage testing here + header[1] = 127 | (_useMask ? 0x80 : 0); + header[2] = (message_size >> 56) & 0xff; + header[3] = (message_size >> 48) & 0xff; + header[4] = (message_size >> 40) & 0xff; + header[5] = (message_size >> 32) & 0xff; + header[6] = (message_size >> 24) & 0xff; + header[7] = (message_size >> 16) & 0xff; + header[8] = (message_size >> 8) & 0xff; + header[9] = (message_size >> 0) & 0xff; + + if (_useMask) + { + header[10] = masking_key[0]; + header[11] = masking_key[1]; + header[12] = masking_key[2]; + header[13] = masking_key[3]; + } + } + + // _txbuf will keep growing until it can be transmitted over the socket: + appendToSendBuffer(header, message_begin, message_end, message_size, masking_key); + + // Now actually send this data + return sendOnSocket(); + } + + WebSocketSendInfo WebSocketTransport::sendPing(const IXWebSocketSendData& message) + { + bool compress = false; + WebSocketSendInfo info = sendData(wsheader_type::PING, message, compress); + + if (info.success) + { + std::lock_guard lck(_lastSendPingTimePointMutex); + _lastSendPingTimePoint = std::chrono::steady_clock::now(); + } + + return info; + } + + WebSocketSendInfo WebSocketTransport::sendBinary(const IXWebSocketSendData& message, + const OnProgressCallback& onProgressCallback) + + { + return sendData( + wsheader_type::BINARY_FRAME, message, _enablePerMessageDeflate, onProgressCallback); + } + + WebSocketSendInfo WebSocketTransport::sendText(const IXWebSocketSendData& message, + const OnProgressCallback& onProgressCallback) + + { + return sendData( + wsheader_type::TEXT_FRAME, message, _enablePerMessageDeflate, onProgressCallback); + } + + bool WebSocketTransport::sendOnSocket() + { + std::lock_guard lock(_txbufMutex); + + while (_txbuf.size()) + { + ssize_t ret = 0; + { + std::lock_guard lock(_socketMutex); + ret = _socket->send((char*) &_txbuf[0], _txbuf.size()); + } + + if (ret < 0 && Socket::isWaitNeeded()) + { + break; + } + else if (ret <= 0) + { + closeSocket(); + setReadyState(ReadyState::CLOSED); + return false; + } + else + { + _txbuf.erase(_txbuf.begin(), _txbuf.begin() + ret); + } + } + + return true; + } + + bool WebSocketTransport::receiveFromSocket() + { + while (true) + { + ssize_t ret = _socket->recv((char*) &_readbuf[0], _readbuf.size()); + + if (ret < 0 && Socket::isWaitNeeded()) + { + break; + } + else if (ret <= 0) + { + // if there are received data pending to be processed, then delay the abnormal + // closure to after dispatch (other close code/reason could be read from the + // buffer) + + closeSocket(); + return false; + } + else + { + _rxbuf.insert(_rxbuf.end(), _readbuf.begin(), _readbuf.begin() + ret); + } + } + + return true; + } + + void WebSocketTransport::sendCloseFrame(uint16_t code, const std::string& reason) + { + bool compress = false; + + // if a status is set/was read + if (code != WebSocketCloseConstants::kNoStatusCodeErrorCode) + { + // See list of close events here: + // https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent + std::string closure {(char) (code >> 8), (char) (code & 0xff)}; + + // copy reason after code + closure.append(reason); + + sendData(wsheader_type::CLOSE, closure, compress); + } + else + { + // no close code/reason set + sendData(wsheader_type::CLOSE, std::string(""), compress); + } + } + + void WebSocketTransport::closeSocket() + { + std::lock_guard lock(_socketMutex); + _socket->close(); + } + + bool WebSocketTransport::wakeUpFromPoll(uint64_t wakeUpCode) + { + std::lock_guard lock(_socketMutex); + return _socket->wakeUpFromPoll(wakeUpCode); + } + + void WebSocketTransport::closeSocketAndSwitchToClosedState(uint16_t code, + const std::string& reason, + size_t closeWireSize, + bool remote) + { + closeSocket(); + + setCloseReason(reason); + _closeCode = code; + _closeWireSize = closeWireSize; + _closeRemote = remote; + + setReadyState(ReadyState::CLOSED); + _requestInitCancellation = false; + } + + void WebSocketTransport::close(uint16_t code, + const std::string& reason, + size_t closeWireSize, + bool remote) + { + _requestInitCancellation = true; + + if (_readyState == ReadyState::CLOSING || _readyState == ReadyState::CLOSED) return; + + if (closeWireSize == 0) + { + closeWireSize = reason.size(); + } + + setCloseReason(reason); + _closeCode = code; + _closeWireSize = closeWireSize; + _closeRemote = remote; + + { + std::lock_guard lock(_closingTimePointMutex); + _closingTimePoint = std::chrono::steady_clock::now(); + } + setReadyState(ReadyState::CLOSING); + + sendCloseFrame(code, reason); + + // wake up the poll, but do not close yet + wakeUpFromPoll(SelectInterrupt::kSendRequest); + } + + size_t WebSocketTransport::bufferedAmount() const + { + std::lock_guard lock(_txbufMutex); + return _txbuf.size(); + } + + bool WebSocketTransport::flushSendBuffer() + { + while (!isSendBufferEmpty() && !_requestInitCancellation) + { + // Wait with a 10ms timeout until the socket is ready to write. + // This way we are not busy looping + PollResultType result = _socket->isReadyToWrite(10); + + if (result == PollResultType::Error) + { + closeSocket(); + setReadyState(ReadyState::CLOSED); + return false; + } + else if (result == PollResultType::ReadyForWrite) + { + if (!sendOnSocket()) + { + return false; + } + } + } + + return true; + } + + void WebSocketTransport::setCloseReason(const std::string& reason) + { + std::lock_guard lock(_closeReasonMutex); + _closeReason = reason; + } + + const std::string& WebSocketTransport::getCloseReason() const + { + std::lock_guard lock(_closeReasonMutex); + return _closeReason; + } +} // namespace ix diff --git a/ixwebsocket/include/IXBase64.h b/ixwebsocket/include/IXBase64.h new file mode 100644 index 0000000..cdfdc04 --- /dev/null +++ b/ixwebsocket/include/IXBase64.h @@ -0,0 +1,124 @@ +#ifndef _MACARON_BASE64_H_ +#define _MACARON_BASE64_H_ + +/** + * The MIT License (MIT) + * Copyright (c) 2016 tomykaira + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#include + +namespace macaron { + +class Base64 { + public: + + static std::string Encode(const std::string data) { + static constexpr char sEncodingTable[] = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', + 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', + 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', + 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', + 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', + 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', + 'w', 'x', 'y', 'z', '0', '1', '2', '3', + '4', '5', '6', '7', '8', '9', '+', '/' + }; + + size_t in_len = data.size(); + size_t out_len = 4 * ((in_len + 2) / 3); + std::string ret(out_len, '\0'); + size_t i; + char *p = const_cast(ret.c_str()); + + for (i = 0; i < in_len - 2; i += 3) { + *p++ = sEncodingTable[(data[i] >> 2) & 0x3F]; + *p++ = sEncodingTable[((data[i] & 0x3) << 4) | ((int) (data[i + 1] & 0xF0) >> 4)]; + *p++ = sEncodingTable[((data[i + 1] & 0xF) << 2) | ((int) (data[i + 2] & 0xC0) >> 6)]; + *p++ = sEncodingTable[data[i + 2] & 0x3F]; + } + if (i < in_len) { + *p++ = sEncodingTable[(data[i] >> 2) & 0x3F]; + if (i == (in_len - 1)) { + *p++ = sEncodingTable[((data[i] & 0x3) << 4)]; + *p++ = '='; + } + else { + *p++ = sEncodingTable[((data[i] & 0x3) << 4) | ((int) (data[i + 1] & 0xF0) >> 4)]; + *p++ = sEncodingTable[((data[i + 1] & 0xF) << 2)]; + } + *p++ = '='; + } + + return ret; + } + + static std::string Decode(const std::string& input, std::string& out) { + static constexpr unsigned char kDecodingTable[] = { + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, + 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, + 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 + }; + + size_t in_len = input.size(); + if (in_len % 4 != 0) return "Input data size is not a multiple of 4"; + + size_t out_len = in_len / 4 * 3; + if (input[in_len - 1] == '=') out_len--; + if (input[in_len - 2] == '=') out_len--; + + out.resize(out_len); + + for (size_t i = 0, j = 0; i < in_len;) { + uint32_t a = input[i] == '=' ? 0 & i++ : kDecodingTable[static_cast(input[i++])]; + uint32_t b = input[i] == '=' ? 0 & i++ : kDecodingTable[static_cast(input[i++])]; + uint32_t c = input[i] == '=' ? 0 & i++ : kDecodingTable[static_cast(input[i++])]; + uint32_t d = input[i] == '=' ? 0 & i++ : kDecodingTable[static_cast(input[i++])]; + + uint32_t triple = (a << 3 * 6) + (b << 2 * 6) + (c << 1 * 6) + (d << 0 * 6); + + if (j < out_len) out[j++] = (triple >> 2 * 8) & 0xFF; + if (j < out_len) out[j++] = (triple >> 1 * 8) & 0xFF; + if (j < out_len) out[j++] = (triple >> 0 * 8) & 0xFF; + } + + return ""; + } + +}; + +} + +#endif /* _MACARON_BASE64_H_ */ diff --git a/ixwebsocket/include/IXBench.h b/ixwebsocket/include/IXBench.h new file mode 100644 index 0000000..c4f904b --- /dev/null +++ b/ixwebsocket/include/IXBench.h @@ -0,0 +1,32 @@ +/* + * IXBench.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + */ +#pragma once + +#include +#include +#include + +namespace ix +{ + class Bench + { + public: + Bench(const std::string& description); + ~Bench(); + + void reset(); + void record(); + void report(); + void setReported(); + uint64_t getDuration() const; + + private: + std::string _description; + std::chrono::time_point _start; + uint64_t _duration; + bool _reported; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXCancellationRequest.h b/ixwebsocket/include/IXCancellationRequest.h new file mode 100644 index 0000000..8b0547d --- /dev/null +++ b/ixwebsocket/include/IXCancellationRequest.h @@ -0,0 +1,18 @@ +/* + * IXCancellationRequest.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include + +namespace ix +{ + using CancellationRequest = std::function; + + CancellationRequest makeCancellationRequestWithTimeout( + int seconds, std::atomic& requestInitCancellation); +} // namespace ix diff --git a/ixwebsocket/include/IXConnectionState.h b/ixwebsocket/include/IXConnectionState.h new file mode 100644 index 0000000..b7530d0 --- /dev/null +++ b/ixwebsocket/include/IXConnectionState.h @@ -0,0 +1,54 @@ +/* + * IXConnectionState.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include +#include +#include +#include + +namespace ix +{ + using OnSetTerminatedCallback = std::function; + + class ConnectionState + { + public: + ConnectionState(); + virtual ~ConnectionState() = default; + + virtual void computeId(); + virtual const std::string& getId() const; + + void setTerminated(); + bool isTerminated() const; + + const std::string& getRemoteIp(); + int getRemotePort(); + + static std::shared_ptr createConnectionState(); + + private: + void setOnSetTerminatedCallback(const OnSetTerminatedCallback& callback); + + void setRemoteIp(const std::string& remoteIp); + void setRemotePort(int remotePort); + + protected: + std::atomic _terminated; + std::string _id; + OnSetTerminatedCallback _onSetTerminatedCallback; + + static std::atomic _globalId; + + std::string _remoteIp; + int _remotePort; + + friend class SocketServer; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXDNSLookup.h b/ixwebsocket/include/IXDNSLookup.h new file mode 100644 index 0000000..fcdd103 --- /dev/null +++ b/ixwebsocket/include/IXDNSLookup.h @@ -0,0 +1,67 @@ +/* + * IXDNSLookup.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + * + * Resolve a hostname+port to a struct addrinfo obtained with getaddrinfo + * Does this in a background thread so that it can be cancelled, since + * getaddrinfo is a blocking call, and we don't want to block the main thread on Mobile. + */ + +#pragma once + +#include "IXCancellationRequest.h" +#include +#include +#include +#include +#include + +struct addrinfo; + +namespace ix +{ + class DNSLookup : public std::enable_shared_from_this + { + public: + DNSLookup(const std::string& hostname, int port, int64_t wait = DNSLookup::kDefaultWait); + ~DNSLookup() = default; + + struct addrinfo* resolve(std::string& errMsg, + const CancellationRequest& isCancellationRequested, + bool cancellable = true); + + void release(struct addrinfo* addr); + + private: + struct addrinfo* resolveCancellable(std::string& errMsg, + const CancellationRequest& isCancellationRequested); + struct addrinfo* resolveUnCancellable(std::string& errMsg, + const CancellationRequest& isCancellationRequested); + + static struct addrinfo* getAddrInfo(const std::string& hostname, + int port, + std::string& errMsg); + + void run(std::weak_ptr self, std::string hostname, int port); // thread runner + + void setErrMsg(const std::string& errMsg); + const std::string& getErrMsg(); + + void setRes(struct addrinfo* addr); + struct addrinfo* getRes(); + + std::string _hostname; + int _port; + int64_t _wait; + const static int64_t kDefaultWait; + + struct addrinfo* _res; + std::mutex _resMutex; + + std::string _errMsg; + std::mutex _errMsgMutex; + + std::atomic _done; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXExponentialBackoff.h b/ixwebsocket/include/IXExponentialBackoff.h new file mode 100644 index 0000000..79e19e9 --- /dev/null +++ b/ixwebsocket/include/IXExponentialBackoff.h @@ -0,0 +1,16 @@ +/* + * IXExponentialBackoff.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + uint32_t calculateRetryWaitMilliseconds(uint32_t retryCount, + uint32_t maxWaitBetweenReconnectionRetries, + uint32_t minWaitBetweenReconnectionRetries); +} // namespace ix diff --git a/ixwebsocket/include/IXGetFreePort.h b/ixwebsocket/include/IXGetFreePort.h new file mode 100644 index 0000000..868faf5 --- /dev/null +++ b/ixwebsocket/include/IXGetFreePort.h @@ -0,0 +1,12 @@ +/* + * IXGetFreePort.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone. All rights reserved. + */ + +#pragma once + +namespace ix +{ + int getFreePort(); +} // namespace ix diff --git a/ixwebsocket/include/IXGzipCodec.h b/ixwebsocket/include/IXGzipCodec.h new file mode 100644 index 0000000..8a5fc11 --- /dev/null +++ b/ixwebsocket/include/IXGzipCodec.h @@ -0,0 +1,15 @@ +/* + * IXGzipCodec.h + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + std::string gzipCompress(const std::string& str); + bool gzipDecompress(const std::string& in, std::string& out); +} // namespace ix diff --git a/ixwebsocket/include/IXHttp.h b/ixwebsocket/include/IXHttp.h new file mode 100644 index 0000000..2cf4f29 --- /dev/null +++ b/ixwebsocket/include/IXHttp.h @@ -0,0 +1,134 @@ +/* + * IXHttp.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXProgressCallback.h" +#include "IXWebSocketHttpHeaders.h" +#include +#include +#include + +namespace ix +{ + enum class HttpErrorCode : int + { + Ok = 0, + CannotConnect = 1, + Timeout = 2, + Gzip = 3, + UrlMalformed = 4, + CannotCreateSocket = 5, + SendError = 6, + ReadError = 7, + CannotReadStatusLine = 8, + MissingStatus = 9, + HeaderParsingError = 10, + MissingLocation = 11, + TooManyRedirects = 12, + ChunkReadError = 13, + CannotReadBody = 14, + Cancelled = 15, + Invalid = 100 + }; + + struct HttpResponse + { + int statusCode; + std::string description; + HttpErrorCode errorCode; + WebSocketHttpHeaders headers; + std::string body; + std::string errorMsg; + uint64_t uploadSize; + uint64_t downloadSize; + + HttpResponse(int s = 0, + const std::string& des = std::string(), + const HttpErrorCode& c = HttpErrorCode::Ok, + const WebSocketHttpHeaders& h = WebSocketHttpHeaders(), + const std::string& b = std::string(), + const std::string& e = std::string(), + uint64_t u = 0, + uint64_t d = 0) + : statusCode(s) + , description(des) + , errorCode(c) + , headers(h) + , body(b) + , errorMsg(e) + , uploadSize(u) + , downloadSize(d) + { + ; + } + }; + + using HttpResponsePtr = std::shared_ptr; + using HttpParameters = std::unordered_map; + using HttpFormDataParameters = std::unordered_map; + using Logger = std::function; + using OnResponseCallback = std::function; + + struct HttpRequestArgs + { + std::string url; + std::string verb; + WebSocketHttpHeaders extraHeaders; + std::string body; + std::string multipartBoundary; + int connectTimeout = 60; + int transferTimeout = 1800; + bool followRedirects = true; + int maxRedirects = 5; + bool verbose = false; + bool compress = true; + bool compressRequest = false; + Logger logger; + OnProgressCallback onProgressCallback; + OnChunkCallback onChunkCallback; + std::atomic cancel; + }; + + using HttpRequestArgsPtr = std::shared_ptr; + + struct HttpRequest + { + std::string uri; + std::string method; + std::string version; + std::string body; + WebSocketHttpHeaders headers; + + HttpRequest(const std::string& u, + const std::string& m, + const std::string& v, + const std::string& b, + const WebSocketHttpHeaders& h = WebSocketHttpHeaders()) + : uri(u) + , method(m) + , version(v) + , body(b) + , headers(h) + { + } + }; + + using HttpRequestPtr = std::shared_ptr; + + class Http + { + public: + static std::tuple parseRequest( + std::unique_ptr& socket, int timeoutSecs); + static bool sendResponse(HttpResponsePtr response, std::unique_ptr& socket); + + static std::pair parseStatusLine(const std::string& line); + static std::tuple parseRequestLine( + const std::string& line); + static std::string trim(const std::string& str); + }; +} // namespace ix diff --git a/ixwebsocket/include/IXHttpClient.h b/ixwebsocket/include/IXHttpClient.h new file mode 100644 index 0000000..c4b0584 --- /dev/null +++ b/ixwebsocket/include/IXHttpClient.h @@ -0,0 +1,123 @@ +/* + * IXHttpClient.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXHttp.h" +#include "IXSocket.h" +#include "IXSocketTLSOptions.h" +#include "IXWebSocketHttpHeaders.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace ix +{ + class HttpClient + { + public: + HttpClient(bool async = false); + ~HttpClient(); + + HttpResponsePtr get(const std::string& url, HttpRequestArgsPtr args); + HttpResponsePtr head(const std::string& url, HttpRequestArgsPtr args); + HttpResponsePtr Delete(const std::string& url, HttpRequestArgsPtr args); + + HttpResponsePtr post(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args); + HttpResponsePtr post(const std::string& url, + const std::string& body, + HttpRequestArgsPtr args); + + HttpResponsePtr put(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args); + HttpResponsePtr put(const std::string& url, + const std::string& body, + HttpRequestArgsPtr args); + + HttpResponsePtr patch(const std::string& url, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args); + HttpResponsePtr patch(const std::string& url, + const std::string& body, + HttpRequestArgsPtr args); + + HttpResponsePtr request(const std::string& url, + const std::string& verb, + const std::string& body, + HttpRequestArgsPtr args, + int redirects = 0); + + HttpResponsePtr request(const std::string& url, + const std::string& verb, + const HttpParameters& httpParameters, + const HttpFormDataParameters& httpFormDataParameters, + HttpRequestArgsPtr args); + + void setForceBody(bool value); + + // Async API + HttpRequestArgsPtr createRequest(const std::string& url = std::string(), + const std::string& verb = HttpClient::kGet); + + bool performRequest(HttpRequestArgsPtr request, + const OnResponseCallback& onResponseCallback); + + // TLS + void setTLSOptions(const SocketTLSOptions& tlsOptions); + + std::string serializeHttpParameters(const HttpParameters& httpParameters); + + std::string serializeHttpFormDataParameters( + const std::string& multipartBoundary, + const HttpFormDataParameters& httpFormDataParameters, + const HttpParameters& httpParameters = HttpParameters()); + + std::string generateMultipartBoundary(); + + std::string urlEncode(const std::string& value); + + const static std::string kPost; + const static std::string kGet; + const static std::string kHead; + const static std::string kDelete; + const static std::string kPut; + const static std::string kPatch; + + private: + void log(const std::string& msg, HttpRequestArgsPtr args); + + // Async API background thread runner + void run(); + // Async API + bool _async; + std::queue> _queue; + mutable std::mutex _queueMutex; + std::condition_variable _condition; + std::atomic _stop; + std::thread _thread; + + std::unique_ptr _socket; + std::recursive_mutex _mutex; // to protect accessing the _socket (only one socket per + // client) the mutex needs to be recursive as this function + // might be called recursively to follow HTTP redirections + + SocketTLSOptions _tlsOptions; + + bool _forceBody; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXHttpServer.h b/ixwebsocket/include/IXHttpServer.h new file mode 100644 index 0000000..7de6763 --- /dev/null +++ b/ixwebsocket/include/IXHttpServer.h @@ -0,0 +1,59 @@ +/* + * IXHttpServer.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXHttp.h" +#include "IXSocketServer.h" +#include "IXWebSocket.h" +#include +#include +#include +#include +#include +#include +#include // pair + +namespace ix +{ + class HttpServer final : public SocketServer + { + public: + using OnConnectionCallback = + std::function)>; + + HttpServer(int port = SocketServer::kDefaultPort, + const std::string& host = SocketServer::kDefaultHost, + int backlog = SocketServer::kDefaultTcpBacklog, + size_t maxConnections = SocketServer::kDefaultMaxConnections, + int addressFamily = SocketServer::kDefaultAddressFamily, + int timeoutSecs = HttpServer::kDefaultTimeoutSecs); + virtual ~HttpServer(); + virtual void stop() final; + + void setOnConnectionCallback(const OnConnectionCallback& callback); + + void makeRedirectServer(const std::string& redirectUrl); + + void makeDebugServer(); + + int getTimeoutSecs(); + private: + // Member variables + OnConnectionCallback _onConnectionCallback; + std::atomic _connectedClientsCount; + + const static int kDefaultTimeoutSecs; + int _timeoutSecs; + + // Methods + virtual void handleConnection(std::unique_ptr, + std::shared_ptr connectionState) final; + virtual size_t getConnectedClientsCount() final; + + void setDefaultConnectionCallback(); + }; +} // namespace ix diff --git a/ixwebsocket/include/IXNetSystem.h b/ixwebsocket/include/IXNetSystem.h new file mode 100644 index 0000000..9639544 --- /dev/null +++ b/ixwebsocket/include/IXNetSystem.h @@ -0,0 +1,87 @@ +/* + * IXNetSystem.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone. All rights reserved. + */ + +#pragma once + +#ifdef _WIN32 + +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#include +#include +#include +#include +#include +#include + +#undef EWOULDBLOCK +#undef EAGAIN +#undef EINPROGRESS +#undef EBADF +#undef EINVAL + +// map to WSA error codes +#define EWOULDBLOCK WSAEWOULDBLOCK +#define EAGAIN WSATRY_AGAIN +#define EINPROGRESS WSAEINPROGRESS +#define EBADF WSAEBADF +#define EINVAL WSAEINVAL + +// Define our own poll on Windows, as a wrapper on top of select +typedef unsigned long int nfds_t; + +// pollfd is not defined by some versions of mingw64 since _WIN32_WINNT is too low +#if _WIN32_WINNT < 0x0600 +struct pollfd +{ + int fd; /* file descriptor */ + short events; /* requested events */ + short revents; /* returned events */ +}; + +#define POLLIN 0x001 /* There is data to read. */ +#define POLLOUT 0x004 /* Writing now will not block. */ +#define POLLERR 0x008 /* Error condition. */ +#define POLLHUP 0x010 /* Hung up. */ +#define POLLNVAL 0x020 /* Invalid polling request. */ +#endif + +#else +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +namespace ix +{ +#ifdef _WIN32 + typedef SOCKET socket_t; +#else + typedef int socket_t; +#endif + + bool initNetSystem(); + bool uninitNetSystem(); + + int poll(struct pollfd* fds, nfds_t nfds, int timeout, void** event); + + const char* inet_ntop(int af, const void* src, char* dst, socklen_t size); + int inet_pton(int af, const char* src, void* dst); + + unsigned short network_to_host_short(unsigned short value); +} // namespace ix diff --git a/ixwebsocket/include/IXProgressCallback.h b/ixwebsocket/include/IXProgressCallback.h new file mode 100644 index 0000000..3dfccc9 --- /dev/null +++ b/ixwebsocket/include/IXProgressCallback.h @@ -0,0 +1,16 @@ +/* + * IXProgressCallback.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include + +namespace ix +{ + using OnProgressCallback = std::function; + using OnChunkCallback = std::function; +} diff --git a/ixwebsocket/include/IXSelectInterrupt.h b/ixwebsocket/include/IXSelectInterrupt.h new file mode 100644 index 0000000..de6db12 --- /dev/null +++ b/ixwebsocket/include/IXSelectInterrupt.h @@ -0,0 +1,35 @@ +/* + * IXSelectInterrupt.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include +#include + +namespace ix +{ + class SelectInterrupt + { + public: + SelectInterrupt(); + virtual ~SelectInterrupt(); + + virtual bool init(std::string& errorMsg); + + virtual bool notify(uint64_t value); + virtual bool clear(); + virtual uint64_t read(); + virtual int getFd() const; + virtual void* getEvent() const; + + // Used as special codes for pipe communication + static const uint64_t kSendRequest; + static const uint64_t kCloseRequest; + }; + + using SelectInterruptPtr = std::unique_ptr; +} // namespace ix diff --git a/ixwebsocket/include/IXSelectInterruptEvent.h b/ixwebsocket/include/IXSelectInterruptEvent.h new file mode 100644 index 0000000..d965661 --- /dev/null +++ b/ixwebsocket/include/IXSelectInterruptEvent.h @@ -0,0 +1,39 @@ +/* + * IXSelectInterruptEvent.h + */ + +#pragma once + +#include "IXSelectInterrupt.h" +#include +#include +#include +#include +#ifdef _WIN32 +#include +#endif + +namespace ix +{ + class SelectInterruptEvent final : public SelectInterrupt + { + public: + SelectInterruptEvent(); + virtual ~SelectInterruptEvent(); + + bool init(std::string& /*errorMsg*/) final; + + bool notify(uint64_t value) final; + bool clear() final; + uint64_t read() final; + void* getEvent() const final; + private: + // contains every value only once, new values are inserted at the begin, nu + std::deque _values; + std::mutex _valuesMutex; +#ifdef _WIN32 + // Windows Event to wake up the socket poll + HANDLE _event; +#endif + }; +} // namespace ix diff --git a/ixwebsocket/include/IXSelectInterruptFactory.h b/ixwebsocket/include/IXSelectInterruptFactory.h new file mode 100644 index 0000000..5faf1d6 --- /dev/null +++ b/ixwebsocket/include/IXSelectInterruptFactory.h @@ -0,0 +1,16 @@ +/* + * IXSelectInterruptFactory.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + class SelectInterrupt; + using SelectInterruptPtr = std::unique_ptr; + SelectInterruptPtr createSelectInterrupt(); +} // namespace ix diff --git a/ixwebsocket/include/IXSelectInterruptPipe.h b/ixwebsocket/include/IXSelectInterruptPipe.h new file mode 100644 index 0000000..7668915 --- /dev/null +++ b/ixwebsocket/include/IXSelectInterruptPipe.h @@ -0,0 +1,40 @@ +/* + * IXSelectInterruptPipe.h + * Author: Benjamin Sergeant + * Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXSelectInterrupt.h" +#include +#include +#include + +namespace ix +{ + class SelectInterruptPipe final : public SelectInterrupt + { + public: + SelectInterruptPipe(); + virtual ~SelectInterruptPipe(); + + bool init(std::string& errorMsg) final; + + bool notify(uint64_t value) final; + bool clear() final; + uint64_t read() final; + int getFd() const final; + + private: + // Store file descriptors used by the communication pipe. Communication + // happens between a control thread and a background thread, which is + // blocked on select. + int _fildes[2]; + mutable std::mutex _fildesMutex; + + // Used to identify the read/write idx + static const int kPipeReadIndex; + static const int kPipeWriteIndex; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXSetThreadName.h b/ixwebsocket/include/IXSetThreadName.h new file mode 100644 index 0000000..de57c4a --- /dev/null +++ b/ixwebsocket/include/IXSetThreadName.h @@ -0,0 +1,12 @@ +/* + * IXSetThreadName.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ +#pragma once +#include + +namespace ix +{ + void setThreadName(const std::string& name); +} diff --git a/ixwebsocket/include/IXSocket.h b/ixwebsocket/include/IXSocket.h new file mode 100644 index 0000000..d1fa969 --- /dev/null +++ b/ixwebsocket/include/IXSocket.h @@ -0,0 +1,99 @@ +/* + * IXSocket.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include +#include +#include +#include + +#ifdef _WIN32 +#include +#ifdef _MSC_VER +typedef SSIZE_T ssize_t; +#endif +#endif + +#include "IXCancellationRequest.h" +#include "IXProgressCallback.h" +#include "IXSelectInterrupt.h" + +namespace ix +{ + enum class PollResultType + { + ReadyForRead = 0, + ReadyForWrite = 1, + Timeout = 2, + Error = 3, + SendRequest = 4, + CloseRequest = 5 + }; + + class Socket + { + public: + Socket(int fd = -1); + virtual ~Socket(); + bool init(std::string& errorMsg); + + // Functions to check whether there is activity on the socket + PollResultType poll(int timeoutMs = kDefaultPollTimeout); + bool wakeUpFromPoll(uint64_t wakeUpCode); + bool isWakeUpFromPollSupported(); + + PollResultType isReadyToWrite(int timeoutMs); + PollResultType isReadyToRead(int timeoutMs); + + // Virtual methods + virtual bool accept(std::string& errMsg); + + virtual bool connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested); + virtual void close(); + + virtual ssize_t send(char* buffer, size_t length); + ssize_t send(const std::string& buffer); + virtual ssize_t recv(void* buffer, size_t length); + + // Blocking and cancellable versions, working with socket that can be set + // to non blocking mode. Used during HTTP upgrade. + bool readByte(void* buffer, const CancellationRequest& isCancellationRequested); + bool writeBytes(const std::string& str, const CancellationRequest& isCancellationRequested); + + std::pair readLine(const CancellationRequest& isCancellationRequested); + std::pair readBytes(size_t length, + const OnProgressCallback& onProgressCallback, + const OnChunkCallback& onChunkCallback, + const CancellationRequest& isCancellationRequested); + + static int getErrno(); + static bool isWaitNeeded(); + static void closeSocket(int fd); + + static PollResultType poll(bool readyToRead, + int timeoutMs, + int sockfd, + const SelectInterruptPtr& selectInterrupt); + + protected: + std::atomic _sockfd; + std::mutex _socketMutex; + + static bool readSelectInterruptRequest(const SelectInterruptPtr& selectInterrupt, + PollResultType* pollResult); + + private: + static const int kDefaultPollTimeout; + static const int kDefaultPollNoTimeout; + + SelectInterruptPtr _selectInterrupt; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXSocketAppleSSL.h b/ixwebsocket/include/IXSocketAppleSSL.h new file mode 100644 index 0000000..a693a18 --- /dev/null +++ b/ixwebsocket/include/IXSocketAppleSSL.h @@ -0,0 +1,52 @@ +/* + * IXSocketAppleSSL.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + */ +#ifdef IXWEBSOCKET_USE_SECURE_TRANSPORT + +#pragma once + +#include "IXCancellationRequest.h" +#include "IXSocket.h" +#include "IXSocketTLSOptions.h" +#include +#include +#include + +namespace ix +{ + class SocketAppleSSL final : public Socket + { + public: + SocketAppleSSL(const SocketTLSOptions& tlsOptions, int fd = -1); + ~SocketAppleSSL(); + + virtual bool accept(std::string& errMsg) final; + + virtual bool connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) final; + virtual void close() final; + + virtual ssize_t send(char* buffer, size_t length) final; + virtual ssize_t recv(void* buffer, size_t length) final; + + private: + static std::string getSSLErrorDescription(OSStatus status); + static OSStatus writeToSocket(SSLConnectionRef connection, const void* data, size_t* len); + static OSStatus readFromSocket(SSLConnectionRef connection, void* data, size_t* len); + + OSStatus tlsHandShake(std::string& errMsg, + const CancellationRequest& isCancellationRequested); + + SSLContextRef _sslContext; + mutable std::mutex _mutex; // AppleSSL routines are not thread-safe + + SocketTLSOptions _tlsOptions; + }; + +} // namespace ix + +#endif // IXWEBSOCKET_USE_SECURE_TRANSPORT diff --git a/ixwebsocket/include/IXSocketConnect.h b/ixwebsocket/include/IXSocketConnect.h new file mode 100644 index 0000000..84a0858 --- /dev/null +++ b/ixwebsocket/include/IXSocketConnect.h @@ -0,0 +1,31 @@ +/* + * IXSocketConnect.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXCancellationRequest.h" +#include + +struct addrinfo; + +namespace ix +{ + class SocketConnect + { + public: + static int connect(const std::string& hostname, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested); + + static void configure(int sockfd); + + private: + static int connectToAddress(const struct addrinfo* address, + std::string& errMsg, + const CancellationRequest& isCancellationRequested); + }; +} // namespace ix diff --git a/ixwebsocket/include/IXSocketFactory.h b/ixwebsocket/include/IXSocketFactory.h new file mode 100644 index 0000000..de1eeda --- /dev/null +++ b/ixwebsocket/include/IXSocketFactory.h @@ -0,0 +1,21 @@ + +/* + * IXSocketFactory.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXSocketTLSOptions.h" +#include +#include + +namespace ix +{ + class Socket; + std::unique_ptr createSocket(bool tls, + int fd, + std::string& errorMsg, + const SocketTLSOptions& tlsOptions); +} // namespace ix diff --git a/ixwebsocket/include/IXSocketMbedTLS.h b/ixwebsocket/include/IXSocketMbedTLS.h new file mode 100644 index 0000000..9dd73f5 --- /dev/null +++ b/ixwebsocket/include/IXSocketMbedTLS.h @@ -0,0 +1,60 @@ +/* + * IXSocketMbedTLS.h + * Author: Benjamin Sergeant + * Copyright (c) 2019-2020 Machine Zone, Inc. All rights reserved. + */ +#ifdef IXWEBSOCKET_USE_MBED_TLS + +#pragma once + +#include "IXSocket.h" +#include "IXSocketTLSOptions.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace ix +{ + class SocketMbedTLS final : public Socket + { + public: + SocketMbedTLS(const SocketTLSOptions& tlsOptions, int fd = -1); + ~SocketMbedTLS(); + + virtual bool accept(std::string& errMsg) final; + + virtual bool connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) final; + virtual void close() final; + + virtual ssize_t send(char* buffer, size_t length) final; + virtual ssize_t recv(void* buffer, size_t length) final; + + private: + mbedtls_ssl_context _ssl; + mbedtls_ssl_config _conf; + mbedtls_entropy_context _entropy; + mbedtls_ctr_drbg_context _ctr_drbg; + mbedtls_x509_crt _cacert; + mbedtls_x509_crt _cert; + mbedtls_pk_context _pkey; + + std::mutex _mutex; + SocketTLSOptions _tlsOptions; + + bool init(const std::string& host, bool isClient, std::string& errMsg); + void initMBedTLS(); + bool loadSystemCertificates(std::string& errMsg); + }; + +} // namespace ix + +#endif // IXWEBSOCKET_USE_MBED_TLS diff --git a/ixwebsocket/include/IXSocketOpenSSL.h b/ixwebsocket/include/IXSocketOpenSSL.h new file mode 100644 index 0000000..dea1ffd --- /dev/null +++ b/ixwebsocket/include/IXSocketOpenSSL.h @@ -0,0 +1,68 @@ +/* + * IXSocketOpenSSL.h + * Author: Benjamin Sergeant, Matt DeBoer + * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. + */ +#ifdef IXWEBSOCKET_USE_OPEN_SSL + +#pragma once + +#include "IXCancellationRequest.h" +#include "IXSocket.h" +#include "IXSocketTLSOptions.h" +#include +#include +#include +#include +#include +#include + +namespace ix +{ + class SocketOpenSSL final : public Socket + { + public: + SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd = -1); + ~SocketOpenSSL(); + + virtual bool accept(std::string& errMsg) final; + + virtual bool connect(const std::string& host, + int port, + std::string& errMsg, + const CancellationRequest& isCancellationRequested) final; + virtual void close() final; + + virtual ssize_t send(char* buffer, size_t length) final; + virtual ssize_t recv(void* buffer, size_t length) final; + + private: + void openSSLInitialize(); + std::string getSSLError(int ret); + SSL_CTX* openSSLCreateContext(std::string& errMsg); + bool openSSLAddCARootsFromString(const std::string roots); + bool openSSLClientHandshake(const std::string& hostname, + std::string& errMsg, + const CancellationRequest& isCancellationRequested); + bool openSSLCheckServerCert(SSL* ssl, const std::string& hostname, std::string& errMsg); + bool checkHost(const std::string& host, const char* pattern); + bool handleTLSOptions(std::string& errMsg); + bool openSSLServerHandshake(std::string& errMsg); + + // Required for OpenSSL < 1.1 + static void openSSLLockingCallback(int mode, int type, const char* /*file*/, int /*line*/); + + SSL* _ssl_connection; + SSL_CTX* _ssl_context; + const SSL_METHOD* _ssl_method; + SocketTLSOptions _tlsOptions; + + mutable std::mutex _mutex; // OpenSSL routines are not thread-safe + + static std::once_flag _openSSLInitFlag; + static std::atomic _openSSLInitializationSuccessful; + }; + +} // namespace ix + +#endif // IXWEBSOCKET_USE_OPEN_SSL diff --git a/ixwebsocket/include/IXSocketServer.h b/ixwebsocket/include/IXSocketServer.h new file mode 100644 index 0000000..fe0f7e2 --- /dev/null +++ b/ixwebsocket/include/IXSocketServer.h @@ -0,0 +1,130 @@ +/* + * IXSocketServer.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXConnectionState.h" +#include "IXNetSystem.h" +#include "IXSelectInterrupt.h" +#include "IXSocketTLSOptions.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include // pair + +namespace ix +{ + class Socket; + + class SocketServer + { + public: + using ConnectionStateFactory = std::function()>; + + // Each connection is handled by its own worker thread. + // We use a list as we only care about remove and append operations. + using ConnectionThreads = + std::list, std::thread>>; + + SocketServer(int port = SocketServer::kDefaultPort, + const std::string& host = SocketServer::kDefaultHost, + int backlog = SocketServer::kDefaultTcpBacklog, + size_t maxConnections = SocketServer::kDefaultMaxConnections, + int addressFamily = SocketServer::kDefaultAddressFamily); + virtual ~SocketServer(); + virtual void stop(); + + // It is possible to override ConnectionState through inheritance + // this method allows user to change the factory by returning an object + // that inherits from ConnectionState but has its own methods. + void setConnectionStateFactory(const ConnectionStateFactory& connectionStateFactory); + + const static int kDefaultPort; + const static std::string kDefaultHost; + const static int kDefaultTcpBacklog; + const static size_t kDefaultMaxConnections; + const static int kDefaultAddressFamily; + + void start(); + std::pair listen(); + void wait(); + + void setTLSOptions(const SocketTLSOptions& socketTLSOptions); + + int getPort(); + std::string getHost(); + int getBacklog(); + std::size_t getMaxConnections(); + int getAddressFamily(); + protected: + // Logging + void logError(const std::string& str); + void logInfo(const std::string& str); + + void stopAcceptingConnections(); + + private: + // Member variables + int _port; + std::string _host; + int _backlog; + size_t _maxConnections; + int _addressFamily; + + // socket for accepting connections + socket_t _serverFd; + + std::atomic _stop; + + std::mutex _logMutex; + + // background thread to wait for incoming connections + std::thread _thread; + void run(); + void onSetTerminatedCallback(); + + // background thread to cleanup (join) terminated threads + std::atomic _stopGc; + std::thread _gcThread; + void runGC(); + + // the list of (connectionState, threads) for each connections + ConnectionThreads _connectionsThreads; + std::mutex _connectionsThreadsMutex; + + // used to have the main control thread for a server + // wait for a 'terminate' notification without busy polling + std::condition_variable _conditionVariable; + std::mutex _conditionVariableMutex; + + // the factory to create ConnectionState objects + ConnectionStateFactory _connectionStateFactory; + + virtual void handleConnection(std::unique_ptr, + std::shared_ptr connectionState) = 0; + virtual size_t getConnectedClientsCount() = 0; + + // Returns true if all connection threads are joined + void closeTerminatedThreads(); + size_t getConnectionsThreadsCount(); + + SocketTLSOptions _socketTLSOptions; + + // to wake up from select + SelectInterruptPtr _acceptSelectInterrupt; + + // used by the gc thread, to know that a thread needs to be garbage collected + // as a connection + std::condition_variable _conditionVariableGC; + std::mutex _conditionVariableMutexGC; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXSocketTLSOptions.h b/ixwebsocket/include/IXSocketTLSOptions.h new file mode 100644 index 0000000..e396b38 --- /dev/null +++ b/ixwebsocket/include/IXSocketTLSOptions.h @@ -0,0 +1,54 @@ +/* + * IXSocketTLSOptions.h + * Author: Matt DeBoer + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + struct SocketTLSOptions + { + public: + // check validity of the object + bool isValid() const; + + // the certificate presented to peers + std::string certFile; + + // the key used for signing/encryption + std::string keyFile; + + // the ca certificate (or certificate bundle) file containing + // certificates to be trusted by peers; use 'SYSTEM' to + // leverage the system defaults, use 'NONE' to disable peer verification + std::string caFile = "SYSTEM"; + + // list of ciphers (rsa, etc...) + std::string ciphers = "DEFAULT"; + + // whether tls is enabled, used for server code + bool tls = false; + + bool hasCertAndKey() const; + + bool isUsingSystemDefaults() const; + + bool isUsingInMemoryCAs() const; + + bool isPeerVerifyDisabled() const; + + bool isUsingDefaultCiphers() const; + + const std::string& getErrorMsg() const; + + std::string getDescription() const; + + private: + mutable std::string _errMsg; + mutable bool _validated = false; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXStrCaseCompare.h b/ixwebsocket/include/IXStrCaseCompare.h new file mode 100644 index 0000000..8a55de0 --- /dev/null +++ b/ixwebsocket/include/IXStrCaseCompare.h @@ -0,0 +1,25 @@ +/* + * IXStrCaseCompare.h + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + struct CaseInsensitiveLess + { + // Case Insensitive compare_less binary function + struct NocaseCompare + { + bool operator()(const unsigned char& c1, const unsigned char& c2) const; + }; + + static bool cmp(const std::string& s1, const std::string& s2); + + bool operator()(const std::string& s1, const std::string& s2) const; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXUdpSocket.h b/ixwebsocket/include/IXUdpSocket.h new file mode 100644 index 0000000..9f54daf --- /dev/null +++ b/ixwebsocket/include/IXUdpSocket.h @@ -0,0 +1,45 @@ +/* + * IXUdpSocket.h + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include +#include + +#ifdef _WIN32 +#include +#ifdef _MSC_VER +typedef SSIZE_T ssize_t; +#endif +#endif + +#include "IXNetSystem.h" + +namespace ix +{ + class UdpSocket + { + public: + UdpSocket(int fd = -1); + ~UdpSocket(); + + // Virtual methods + bool init(const std::string& host, int port, std::string& errMsg); + ssize_t sendto(const std::string& buffer); + ssize_t recvfrom(char* buffer, size_t length); + + void close(); + + static int getErrno(); + static bool isWaitNeeded(); + static void closeSocket(int fd); + + private: + std::atomic _sockfd; + struct sockaddr_in _server; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXUniquePtr.h b/ixwebsocket/include/IXUniquePtr.h new file mode 100644 index 0000000..d88ce9b --- /dev/null +++ b/ixwebsocket/include/IXUniquePtr.h @@ -0,0 +1,18 @@ +/* + * IXUniquePtr.h + * Author: Benjamin Sergeant + * Copyright (c) 2020 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + template + std::unique_ptr make_unique(Args&&... args) + { + return std::unique_ptr(new T(std::forward(args)...)); + } +} // namespace ix diff --git a/ixwebsocket/include/IXUrlParser.h b/ixwebsocket/include/IXUrlParser.h new file mode 100644 index 0000000..40e6b6e --- /dev/null +++ b/ixwebsocket/include/IXUrlParser.h @@ -0,0 +1,23 @@ +/* + * IXUrlParser.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + class UrlParser + { + public: + static bool parse(const std::string& url, + std::string& protocol, + std::string& host, + std::string& path, + std::string& query, + int& port); + }; +} // namespace ix diff --git a/ixwebsocket/include/IXUserAgent.h b/ixwebsocket/include/IXUserAgent.h new file mode 100644 index 0000000..367ba18 --- /dev/null +++ b/ixwebsocket/include/IXUserAgent.h @@ -0,0 +1,14 @@ +/* + * IXUserAgent.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + std::string userAgent(); +} // namespace ix diff --git a/ixwebsocket/include/IXUtf8Validator.h b/ixwebsocket/include/IXUtf8Validator.h new file mode 100644 index 0000000..bc92c90 --- /dev/null +++ b/ixwebsocket/include/IXUtf8Validator.h @@ -0,0 +1,178 @@ +/* + * The following code is adapted from code originally written by Bjoern + * Hoehrmann . See + * http://bjoern.hoehrmann.de/utf-8/decoder/dfa/ for details. + * + * The original license: + * + * Copyright (c) 2008-2009 Bjoern Hoehrmann + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +/* + * IXUtf8Validator.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + * + * From websocketpp. Tiny modifications made for code style, function names etc... + */ + +#pragma once + +#include +#include + +namespace ix +{ + /// State that represents a valid utf8 input sequence + static unsigned int const utf8_accept = 0; + /// State that represents an invalid utf8 input sequence + static unsigned int const utf8_reject = 1; + + /// Lookup table for the UTF8 decode state machine + static uint8_t const utf8d[] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 00..1f + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 20..3f + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 40..5f + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 60..7f + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, // 80..9f + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, // a0..bf + 8, 8, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, // c0..df + 0xa, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x3, 0x4, 0x3, 0x3, // e0..ef + 0xb, 0x6, 0x6, 0x6, 0x5, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, 0x8, // f0..ff + 0x0, 0x1, 0x2, 0x3, 0x5, 0x8, 0x7, 0x1, 0x1, 0x1, 0x4, 0x6, 0x1, 0x1, 0x1, 0x1, // s0..s0 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, // s1..s2 + 1, 2, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, // s3..s4 + 1, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, // s5..s6 + 1, 3, 1, 1, 1, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, + 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // s7..s8 + }; + + /// Decode the next byte of a UTF8 sequence + /** + * @param [out] state The decoder state to advance + * @param [out] codep The codepoint to fill in + * @param [in] byte The byte to input + * @return The ending state of the decode operation + */ + inline uint32_t decodeNextByte(uint32_t* state, uint32_t* codep, uint8_t byte) + { + uint32_t type = utf8d[byte]; + + *codep = (*state != utf8_accept) ? (byte & 0x3fu) | (*codep << 6) : (0xff >> type) & (byte); + + *state = utf8d[256 + *state * 16 + type]; + return *state; + } + + /// Provides streaming UTF8 validation functionality + class Utf8Validator + { + public: + /// Construct and initialize the validator + Utf8Validator() + : m_state(utf8_accept) + , m_codepoint(0) + { + } + + /// Advance the state of the validator with the next input byte + /** + * @param byte The byte to advance the validation state with + * @return Whether or not the byte resulted in a validation error. + */ + bool consume(uint8_t byte) + { + if (decodeNextByte(&m_state, &m_codepoint, byte) == utf8_reject) + { + return false; + } + return true; + } + + /// Advance Validator state with input from an iterator pair + /** + * @param begin Input iterator to the start of the input range + * @param end Input iterator to the end of the input range + * @return Whether or not decoding the bytes resulted in a validation error. + */ + template + bool decode(iterator_type begin, iterator_type end) + { + for (iterator_type it = begin; it != end; ++it) + { + unsigned int result = + decodeNextByte(&m_state, &m_codepoint, static_cast(*it)); + + if (result == utf8_reject) + { + return false; + } + } + return true; + } + + /// Return whether the input sequence ended on a valid utf8 codepoint + /** + * @return Whether or not the input sequence ended on a valid codepoint. + */ + bool complete() + { + return m_state == utf8_accept; + } + + /// Reset the Validator to decode another message + void reset() + { + m_state = utf8_accept; + m_codepoint = 0; + } + + private: + uint32_t m_state; + uint32_t m_codepoint; + }; + + /// Validate a UTF8 string + /** + * convenience function that creates a Validator, validates a complete string + * and returns the result. + */ + inline bool validateUtf8(std::string const& s) + { + Utf8Validator v; + if (!v.decode(s.begin(), s.end())) + { + return false; + } + return v.complete(); + } + +} // namespace ix diff --git a/ixwebsocket/include/IXUuid.h b/ixwebsocket/include/IXUuid.h new file mode 100644 index 0000000..1000436 --- /dev/null +++ b/ixwebsocket/include/IXUuid.h @@ -0,0 +1,17 @@ +/* + * IXUuid.h + * Author: Benjamin Sergeant + * Copyright (c) 2017 Machine Zone. All rights reserved. + */ +#pragma once + +#include + +namespace ix +{ + /** + * Generate a random uuid + */ + std::string uuid4(); + +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocket.h b/ixwebsocket/include/IXWebSocket.h new file mode 100644 index 0000000..37df88c --- /dev/null +++ b/ixwebsocket/include/IXWebSocket.h @@ -0,0 +1,180 @@ +/* + * IXWebSocket.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + * + * WebSocket RFC + * https://tools.ietf.org/html/rfc6455 + */ + +#pragma once + +#include "IXProgressCallback.h" +#include "IXSocketTLSOptions.h" +#include "IXWebSocketCloseConstants.h" +#include "IXWebSocketErrorInfo.h" +#include "IXWebSocketHttpHeaders.h" +#include "IXWebSocketMessage.h" +#include "IXWebSocketPerMessageDeflateOptions.h" +#include "IXWebSocketSendInfo.h" +#include "IXWebSocketSendData.h" +#include "IXWebSocketTransport.h" +#include +#include +#include +#include +#include + +namespace ix +{ + // https://developer.mozilla.org/en-US/docs/Web/API/WebSocket#Ready_state_constants + enum class ReadyState + { + Connecting = 0, + Open = 1, + Closing = 2, + Closed = 3 + }; + + using OnMessageCallback = std::function; + + using OnTrafficTrackerCallback = std::function; + + class WebSocket + { + public: + WebSocket(); + ~WebSocket(); + + void setUrl(const std::string& url); + + // send extra headers in client handshake request + void setExtraHeaders(const WebSocketHttpHeaders& headers); + void setPerMessageDeflateOptions( + const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions); + void setTLSOptions(const SocketTLSOptions& socketTLSOptions); + void setPingInterval(int pingIntervalSecs); + void enablePong(); + void disablePong(); + void enablePerMessageDeflate(); + void disablePerMessageDeflate(); + void addSubProtocol(const std::string& subProtocol); + void setHandshakeTimeout(int handshakeTimeoutSecs); + + // Run asynchronously, by calling start and stop. + void start(); + + // stop is synchronous + void stop(uint16_t code = WebSocketCloseConstants::kNormalClosureCode, + const std::string& reason = WebSocketCloseConstants::kNormalClosureMessage); + + // Run in blocking mode, by connecting first manually, and then calling run. + WebSocketInitResult connect(int timeoutSecs); + void run(); + + // send is in text mode by default + WebSocketSendInfo send(const std::string& data, + bool binary = false, + const OnProgressCallback& onProgressCallback = nullptr); + WebSocketSendInfo sendBinary(const std::string& data, + const OnProgressCallback& onProgressCallback = nullptr); + WebSocketSendInfo sendBinary(const IXWebSocketSendData& data, + const OnProgressCallback& onProgressCallback = nullptr); + // does not check for valid UTF-8 characters. Caller must check that. + WebSocketSendInfo sendUtf8Text(const std::string& text, + const OnProgressCallback& onProgressCallback = nullptr); + // does not check for valid UTF-8 characters. Caller must check that. + WebSocketSendInfo sendUtf8Text(const IXWebSocketSendData& text, + const OnProgressCallback& onProgressCallback = nullptr); + WebSocketSendInfo sendText(const std::string& text, + const OnProgressCallback& onProgressCallback = nullptr); + WebSocketSendInfo ping(const std::string& text); + + void close(uint16_t code = WebSocketCloseConstants::kNormalClosureCode, + const std::string& reason = WebSocketCloseConstants::kNormalClosureMessage); + + void setOnMessageCallback(const OnMessageCallback& callback); + bool isOnMessageCallbackRegistered() const; + static void setTrafficTrackerCallback(const OnTrafficTrackerCallback& callback); + static void resetTrafficTrackerCallback(); + + ReadyState getReadyState() const; + static std::string readyStateToString(ReadyState readyState); + + const std::string getUrl() const; + const WebSocketPerMessageDeflateOptions getPerMessageDeflateOptions() const; + int getPingInterval() const; + size_t bufferedAmount() const; + + void enableAutomaticReconnection(); + void disableAutomaticReconnection(); + bool isAutomaticReconnectionEnabled() const; + void setMaxWaitBetweenReconnectionRetries(uint32_t maxWaitBetweenReconnectionRetries); + void setMinWaitBetweenReconnectionRetries(uint32_t minWaitBetweenReconnectionRetries); + uint32_t getMaxWaitBetweenReconnectionRetries() const; + uint32_t getMinWaitBetweenReconnectionRetries() const; + const std::vector& getSubProtocols(); + + private: + WebSocketSendInfo sendMessage(const IXWebSocketSendData& message, + SendMessageKind sendMessageKind, + const OnProgressCallback& callback = nullptr); + + bool isConnected() const; + bool isClosing() const; + void checkConnection(bool firstConnectionAttempt); + static void invokeTrafficTrackerCallback(size_t size, bool incoming); + + // Server + WebSocketInitResult connectToSocket(std::unique_ptr, + int timeoutSecs, + bool enablePerMessageDeflate); + + WebSocketTransport _ws; + + std::string _url; + WebSocketHttpHeaders _extraHeaders; + + WebSocketPerMessageDeflateOptions _perMessageDeflateOptions; + + SocketTLSOptions _socketTLSOptions; + + mutable std::mutex _configMutex; // protect all config variables access + + OnMessageCallback _onMessageCallback; + static OnTrafficTrackerCallback _onTrafficTrackerCallback; + + std::atomic _stop; + std::thread _thread; + std::mutex _writeMutex; + + // Automatic reconnection + std::atomic _automaticReconnection; + static const uint32_t kDefaultMaxWaitBetweenReconnectionRetries; + static const uint32_t kDefaultMinWaitBetweenReconnectionRetries; + uint32_t _maxWaitBetweenReconnectionRetries; + uint32_t _minWaitBetweenReconnectionRetries; + + // Make the sleeping in the automatic reconnection cancellable + std::mutex _sleepMutex; + std::condition_variable _sleepCondition; + + std::atomic _handshakeTimeoutSecs; + static const int kDefaultHandShakeTimeoutSecs; + + // enable or disable PONG frame response to received PING frame + bool _enablePong; + static const bool kDefaultEnablePong; + + // Optional ping and pong timeout + int _pingIntervalSecs; + int _pingTimeoutSecs; + static const int kDefaultPingIntervalSecs; + static const int kDefaultPingTimeoutSecs; + + // Subprotocols + std::vector _subProtocols; + + friend class WebSocketServer; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketCloseConstants.h b/ixwebsocket/include/IXWebSocketCloseConstants.h new file mode 100644 index 0000000..145777b --- /dev/null +++ b/ixwebsocket/include/IXWebSocketCloseConstants.h @@ -0,0 +1,37 @@ +/* + * IXWebSocketCloseConstants.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include + +namespace ix +{ + struct WebSocketCloseConstants + { + static const uint16_t kNormalClosureCode; + static const uint16_t kInternalErrorCode; + static const uint16_t kAbnormalCloseCode; + static const uint16_t kProtocolErrorCode; + static const uint16_t kNoStatusCodeErrorCode; + static const uint16_t kInvalidFramePayloadData; + + static const std::string kNormalClosureMessage; + static const std::string kInternalErrorMessage; + static const std::string kAbnormalCloseMessage; + static const std::string kPingTimeoutMessage; + static const std::string kProtocolErrorMessage; + static const std::string kNoStatusCodeErrorMessage; + static const std::string kProtocolErrorReservedBitUsed; + static const std::string kProtocolErrorPingPayloadOversized; + static const std::string kProtocolErrorCodeControlMessageFragmented; + static const std::string kProtocolErrorCodeDataOpcodeOutOfSequence; + static const std::string kProtocolErrorCodeContinuationOpCodeOutOfSequence; + static const std::string kInvalidFramePayloadDataMessage; + static const std::string kInvalidCloseCodeMessage; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketCloseInfo.h b/ixwebsocket/include/IXWebSocketCloseInfo.h new file mode 100644 index 0000000..409e74f --- /dev/null +++ b/ixwebsocket/include/IXWebSocketCloseInfo.h @@ -0,0 +1,28 @@ +/* + * IXWebSocketCloseInfo.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include + +namespace ix +{ + struct WebSocketCloseInfo + { + uint16_t code; + std::string reason; + bool remote; + + WebSocketCloseInfo(uint16_t c = 0, const std::string& r = std::string(), bool rem = false) + : code(c) + , reason(r) + , remote(rem) + { + ; + } + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketErrorInfo.h b/ixwebsocket/include/IXWebSocketErrorInfo.h new file mode 100644 index 0000000..16f3215 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketErrorInfo.h @@ -0,0 +1,22 @@ +/* + * IXWebSocketErrorInfo.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include +#include + +namespace ix +{ + struct WebSocketErrorInfo + { + uint32_t retries = 0; + double wait_time = 0; + int http_status = 0; + std::string reason; + bool decompressionError = false; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketHandshake.h b/ixwebsocket/include/IXWebSocketHandshake.h new file mode 100644 index 0000000..0a275e4 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketHandshake.h @@ -0,0 +1,54 @@ +/* + * IXWebSocketHandshake.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXCancellationRequest.h" +#include "IXSocket.h" +#include "IXWebSocketHttpHeaders.h" +#include "IXWebSocketInitResult.h" +#include "IXWebSocketPerMessageDeflate.h" +#include "IXWebSocketPerMessageDeflateOptions.h" +#include +#include +#include +#include + +namespace ix +{ + class WebSocketHandshake + { + public: + WebSocketHandshake(std::atomic& requestInitCancellation, + std::unique_ptr& _socket, + WebSocketPerMessageDeflatePtr& perMessageDeflate, + WebSocketPerMessageDeflateOptions& perMessageDeflateOptions, + std::atomic& enablePerMessageDeflate); + + WebSocketInitResult clientHandshake(const std::string& url, + const WebSocketHttpHeaders& extraHeaders, + const std::string& host, + const std::string& path, + int port, + int timeoutSecs); + + WebSocketInitResult serverHandshake(int timeoutSecs, bool enablePerMessageDeflate); + + private: + std::string genRandomString(const int len); + + // Parse HTTP headers + WebSocketInitResult sendErrorResponse(int code, const std::string& reason); + + bool insensitiveStringCompare(const std::string& a, const std::string& b); + + std::atomic& _requestInitCancellation; + std::unique_ptr& _socket; + WebSocketPerMessageDeflatePtr& _perMessageDeflate; + WebSocketPerMessageDeflateOptions& _perMessageDeflateOptions; + std::atomic& _enablePerMessageDeflate; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketHandshakeKeyGen.h b/ixwebsocket/include/IXWebSocketHandshakeKeyGen.h new file mode 100644 index 0000000..56528fc --- /dev/null +++ b/ixwebsocket/include/IXWebSocketHandshakeKeyGen.h @@ -0,0 +1,171 @@ +// Copyright (c) 2016 Alex Hultman and contributors + +// This software is provided 'as-is', without any express or implied +// warranty. In no event will the authors be held liable for any damages +// arising from the use of this software. + +// Permission is granted to anyone to use this software for any purpose, +// including commercial applications, and to alter it and redistribute it +// freely, subject to the following restrictions: + +// 1. The origin of this software must not be misrepresented; you must not +// claim that you wrote the original software. If you use this software +// in a product, an acknowledgement in the product documentation would be +// appreciated but is not required. +// 2. Altered source versions must be plainly marked as such, and must not be +// misrepresented as being the original software. +// 3. This notice may not be removed or altered from any source distribution. + +#pragma once + +#include +#include +#include +#include + +class WebSocketHandshakeKeyGen +{ + template + struct static_for + { + void operator()(uint32_t* a, uint32_t* b) + { + static_for()(a, b); + T::template f(a, b); + } + }; + + template + struct static_for<0, T> + { + void operator()(uint32_t* /*a*/, uint32_t* /*hash*/) + { + } + }; + + template + struct Sha1Loop + { + static inline uint32_t rol(uint32_t value, size_t bits) + { + return (value << bits) | (value >> (32 - bits)); + } + static inline uint32_t blk(uint32_t b[16], size_t i) + { + return rol(b[(i + 13) & 15] ^ b[(i + 8) & 15] ^ b[(i + 2) & 15] ^ b[i], 1); + } + + template + static inline void f(uint32_t* a, uint32_t* b) + { + switch (state) + { + case 1: + a[i % 5] += + ((a[(3 + i) % 5] & (a[(2 + i) % 5] ^ a[(1 + i) % 5])) ^ a[(1 + i) % 5]) + + b[i] + 0x5a827999 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 2: + b[i] = blk(b, i); + a[(1 + i) % 5] += + ((a[(4 + i) % 5] & (a[(3 + i) % 5] ^ a[(2 + i) % 5])) ^ a[(2 + i) % 5]) + + b[i] + 0x5a827999 + rol(a[(5 + i) % 5], 5); + a[(4 + i) % 5] = rol(a[(4 + i) % 5], 30); + break; + case 3: + b[(i + 4) % 16] = blk(b, (i + 4) % 16); + a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + + b[(i + 4) % 16] + 0x6ed9eba1 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 4: + b[(i + 8) % 16] = blk(b, (i + 8) % 16); + a[i % 5] += (((a[(3 + i) % 5] | a[(2 + i) % 5]) & a[(1 + i) % 5]) | + (a[(3 + i) % 5] & a[(2 + i) % 5])) + + b[(i + 8) % 16] + 0x8f1bbcdc + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 5: + b[(i + 12) % 16] = blk(b, (i + 12) % 16); + a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + + b[(i + 12) % 16] + 0xca62c1d6 + rol(a[(4 + i) % 5], 5); + a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); + break; + case 6: b[i] += a[4 - i]; + } + } + }; + + static inline void sha1(uint32_t hash[5], uint32_t b[16]) + { + uint32_t a[5] = {hash[4], hash[3], hash[2], hash[1], hash[0]}; + static_for<16, Sha1Loop<1>>()(a, b); + static_for<4, Sha1Loop<2>>()(a, b); + static_for<20, Sha1Loop<3>>()(a, b); + static_for<20, Sha1Loop<4>>()(a, b); + static_for<20, Sha1Loop<5>>()(a, b); + static_for<5, Sha1Loop<6>>()(a, hash); + } + + static inline void base64(unsigned char* src, char* dst) + { + const char* b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + for (int i = 0; i < 18; i += 3) + { + *dst++ = b64[(src[i] >> 2) & 63]; + *dst++ = b64[((src[i] & 3) << 4) | ((src[i + 1] & 240) >> 4)]; + *dst++ = b64[((src[i + 1] & 15) << 2) | ((src[i + 2] & 192) >> 6)]; + *dst++ = b64[src[i + 2] & 63]; + } + *dst++ = b64[(src[18] >> 2) & 63]; + *dst++ = b64[((src[18] & 3) << 4) | ((src[19] & 240) >> 4)]; + *dst++ = b64[((src[19] & 15) << 2)]; + *dst++ = '='; + } + +public: + static inline void generate(const std::string& inputStr, char output[28]) + { + char input[25] = {}; + strncpy(input, inputStr.c_str(), 25 - 1); + input[25 - 1] = '\0'; + + uint32_t b_output[5] = {0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0}; + uint32_t b_input[16] = {0, + 0, + 0, + 0, + 0, + 0, + 0x32353845, + 0x41464135, + 0x2d453931, + 0x342d3437, + 0x44412d39, + 0x3543412d, + 0x43354142, + 0x30444338, + 0x35423131, + 0x80000000}; + + for (int i = 0; i < 6; i++) + { + b_input[i] = (input[4 * i + 3] & 0xff) | (input[4 * i + 2] & 0xff) << 8 | + (input[4 * i + 1] & 0xff) << 16 | (input[4 * i + 0] & 0xff) << 24; + } + sha1(b_output, b_input); + uint32_t last_b[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 480}; + sha1(b_output, last_b); + for (int i = 0; i < 5; i++) + { + uint32_t tmp = b_output[i]; + char* bytes = (char*) &b_output[i]; + bytes[3] = tmp & 0xff; + bytes[2] = (tmp >> 8) & 0xff; + bytes[1] = (tmp >> 16) & 0xff; + bytes[0] = (tmp >> 24) & 0xff; + } + base64((unsigned char*) b_output, output); + } +}; diff --git a/ixwebsocket/include/IXWebSocketHttpHeaders.h b/ixwebsocket/include/IXWebSocketHttpHeaders.h new file mode 100644 index 0000000..7ba8c4e --- /dev/null +++ b/ixwebsocket/include/IXWebSocketHttpHeaders.h @@ -0,0 +1,23 @@ +/* + * IXWebSocketHttpHeaders.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXCancellationRequest.h" +#include "IXStrCaseCompare.h" +#include +#include +#include + +namespace ix +{ + class Socket; + + using WebSocketHttpHeaders = std::map; + + std::pair parseHttpHeaders( + std::unique_ptr& socket, const CancellationRequest& isCancellationRequested); +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketInitResult.h b/ixwebsocket/include/IXWebSocketInitResult.h new file mode 100644 index 0000000..d60e4f8 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketInitResult.h @@ -0,0 +1,36 @@ +/* + * IXWebSocketInitResult.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXWebSocketHttpHeaders.h" + +namespace ix +{ + struct WebSocketInitResult + { + bool success; + int http_status; + std::string errorStr; + WebSocketHttpHeaders headers; + std::string uri; + std::string protocol; + + WebSocketInitResult(bool s = false, + int status = 0, + const std::string& e = std::string(), + WebSocketHttpHeaders h = WebSocketHttpHeaders(), + const std::string& u = std::string()) + { + success = s; + http_status = status; + errorStr = e; + headers = h; + uri = u; + protocol = h["Sec-WebSocket-Protocol"]; + } + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketMessage.h b/ixwebsocket/include/IXWebSocketMessage.h new file mode 100644 index 0000000..25a00ce --- /dev/null +++ b/ixwebsocket/include/IXWebSocketMessage.h @@ -0,0 +1,60 @@ +/* + * IXWebSocketMessage.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXWebSocketCloseInfo.h" +#include "IXWebSocketErrorInfo.h" +#include "IXWebSocketMessageType.h" +#include "IXWebSocketOpenInfo.h" +#include +#include + +namespace ix +{ + struct WebSocketMessage + { + WebSocketMessageType type; + const std::string& str; + size_t wireSize; + WebSocketErrorInfo errorInfo; + WebSocketOpenInfo openInfo; + WebSocketCloseInfo closeInfo; + bool binary; + + WebSocketMessage(WebSocketMessageType t, + const std::string& s, + size_t w, + WebSocketErrorInfo e, + WebSocketOpenInfo o, + WebSocketCloseInfo c, + bool b = false) + : type(t) + , str(s) + , wireSize(w) + , errorInfo(e) + , openInfo(o) + , closeInfo(c) + , binary(b) + { + ; + } + + /** + * @brief Deleted overload to prevent binding `str` to a temporary, which would cause + * undefined behavior since class members don't extend lifetime beyond the constructor call. + */ + WebSocketMessage(WebSocketMessageType t, + std::string&& s, + size_t w, + WebSocketErrorInfo e, + WebSocketOpenInfo o, + WebSocketCloseInfo c, + bool b = false) = delete; + }; + + using WebSocketMessagePtr = std::unique_ptr; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketMessageType.h b/ixwebsocket/include/IXWebSocketMessageType.h new file mode 100644 index 0000000..c7ee45d --- /dev/null +++ b/ixwebsocket/include/IXWebSocketMessageType.h @@ -0,0 +1,21 @@ +/* + * IXWebSocketMessageType.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +namespace ix +{ + enum class WebSocketMessageType + { + Message = 0, + Open = 1, + Close = 2, + Error = 3, + Ping = 4, + Pong = 5, + Fragment = 6 + }; +} diff --git a/ixwebsocket/include/IXWebSocketOpenInfo.h b/ixwebsocket/include/IXWebSocketOpenInfo.h new file mode 100644 index 0000000..3eb32b0 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketOpenInfo.h @@ -0,0 +1,31 @@ +/* + * IXWebSocketOpenInfo.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXWebSocketHttpHeaders.h" +#include +#include + +namespace ix +{ + struct WebSocketOpenInfo + { + std::string uri; + WebSocketHttpHeaders headers; + std::string protocol; + + WebSocketOpenInfo(const std::string& u = std::string(), + const WebSocketHttpHeaders& h = WebSocketHttpHeaders(), + const std::string& p = std::string()) + : uri(u) + , headers(h) + , protocol(p) + { + ; + } + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketPerMessageDeflate.h b/ixwebsocket/include/IXWebSocketPerMessageDeflate.h new file mode 100644 index 0000000..5d4cc38 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketPerMessageDeflate.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2015, Peter Thorson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the WebSocket++ Project nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PETER THORSON BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + * + * Adapted from websocketpp/extensions/permessage_deflate/enabled.hpp + * (same license as MZ: https://opensource.org/licenses/BSD-3-Clause) + */ + +#pragma once + +#include +#include +#include "IXWebSocketSendData.h" + +namespace ix +{ + class WebSocketPerMessageDeflateOptions; + class WebSocketPerMessageDeflateCompressor; + class WebSocketPerMessageDeflateDecompressor; + + class WebSocketPerMessageDeflate + { + public: + WebSocketPerMessageDeflate(); + ~WebSocketPerMessageDeflate(); + + bool init(const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions); + bool compress(const IXWebSocketSendData& in, std::string& out); + bool compress(const std::string& in, std::string& out); + bool decompress(const std::string& in, std::string& out); + + private: + std::unique_ptr _compressor; + std::unique_ptr _decompressor; + }; + + using WebSocketPerMessageDeflatePtr = std::unique_ptr; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketPerMessageDeflateCodec.h b/ixwebsocket/include/IXWebSocketPerMessageDeflateCodec.h new file mode 100644 index 0000000..8c0d6b1 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketPerMessageDeflateCodec.h @@ -0,0 +1,64 @@ +/* + * IXWebSocketPerMessageDeflateCodec.h + * Author: Benjamin Sergeant + * Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#ifdef IXWEBSOCKET_USE_ZLIB +#include "zlib.h" +#endif +#include +#include +#include +#include "IXWebSocketSendData.h" + +namespace ix +{ + class WebSocketPerMessageDeflateCompressor + { + public: + WebSocketPerMessageDeflateCompressor(); + ~WebSocketPerMessageDeflateCompressor(); + + bool init(uint8_t deflateBits, bool clientNoContextTakeOver); + bool compress(const IXWebSocketSendData& in, std::string& out); + bool compress(const std::string& in, std::string& out); + bool compress(const std::string& in, std::vector& out); + bool compress(const std::vector& in, std::string& out); + bool compress(const std::vector& in, std::vector& out); + + private: + template + bool compressData(const T& in, S& out); + template + bool endsWithEmptyUnCompressedBlock(const T& value); + + int _flush; + std::array _compressBuffer; + +#ifdef IXWEBSOCKET_USE_ZLIB + z_stream _deflateState; +#endif + }; + + class WebSocketPerMessageDeflateDecompressor + { + public: + WebSocketPerMessageDeflateDecompressor(); + ~WebSocketPerMessageDeflateDecompressor(); + + bool init(uint8_t inflateBits, bool clientNoContextTakeOver); + bool decompress(const std::string& in, std::string& out); + + private: + int _flush; + std::array _compressBuffer; + +#ifdef IXWEBSOCKET_USE_ZLIB + z_stream _inflateState; +#endif + }; + +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketPerMessageDeflateOptions.h b/ixwebsocket/include/IXWebSocketPerMessageDeflateOptions.h new file mode 100644 index 0000000..7cd33c0 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketPerMessageDeflateOptions.h @@ -0,0 +1,47 @@ +/* + * IXWebSocketPerMessageDeflateOptions.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include + +namespace ix +{ + class WebSocketPerMessageDeflateOptions + { + public: + WebSocketPerMessageDeflateOptions( + bool enabled = false, + bool clientNoContextTakeover = false, + bool serverNoContextTakeover = false, + uint8_t clientMaxWindowBits = kDefaultClientMaxWindowBits, + uint8_t serverMaxWindowBits = kDefaultServerMaxWindowBits); + + WebSocketPerMessageDeflateOptions(std::string extension); + + std::string generateHeader(); + bool enabled() const; + bool getClientNoContextTakeover() const; + bool getServerNoContextTakeover() const; + uint8_t getServerMaxWindowBits() const; + uint8_t getClientMaxWindowBits() const; + + static bool startsWith(const std::string& str, const std::string& start); + static std::string removeSpaces(const std::string& str); + + static uint8_t const kDefaultClientMaxWindowBits; + static uint8_t const kDefaultServerMaxWindowBits; + + private: + bool _enabled; + bool _clientNoContextTakeover; + bool _serverNoContextTakeover; + uint8_t _clientMaxWindowBits; + uint8_t _serverMaxWindowBits; + + void sanitizeClientMaxWindowBits(); + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketProxyServer.h b/ixwebsocket/include/IXWebSocketProxyServer.h new file mode 100644 index 0000000..7a55e47 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketProxyServer.h @@ -0,0 +1,24 @@ +/* + * IXWebSocketProxyServer.h + * Author: Benjamin Sergeant + * Copyright (c) 2019-2020 Machine Zone, Inc. All rights reserved. + */ +#pragma once + +#include "IXSocketTLSOptions.h" +#include +#include +#include +#include + +namespace ix +{ + using RemoteUrlsMapping = std::map; + + int websocket_proxy_server_main(int port, + const std::string& hostname, + const ix::SocketTLSOptions& tlsOptions, + const std::string& remoteUrl, + const RemoteUrlsMapping& remoteUrlsMapping, + bool verbose); +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketSendData.h b/ixwebsocket/include/IXWebSocketSendData.h new file mode 100644 index 0000000..1a57a3b --- /dev/null +++ b/ixwebsocket/include/IXWebSocketSendData.h @@ -0,0 +1,128 @@ +/* + * IXWebSocketSendData.h + * + * WebSocket (Binary/Text) send data buffer + */ + +#pragma once + +#include +#include +#include + +namespace ix +{ + /* + * IXWebSocketSendData implements a wrapper for std::string, std:vector and char*. + * It removes the necessarity to copy the data or string into a std::string + */ + class IXWebSocketSendData { + public: + + template + struct IXWebSocketSendData_const_iterator + //: public std::iterator + { + typedef IXWebSocketSendData_const_iterator const_iterator; + + using iterator_category = std::forward_iterator_tag; + using difference_type = std::ptrdiff_t; + using value_type = T; + using pointer = value_type*; + using reference = const value_type&; + + pointer _ptr; + public: + IXWebSocketSendData_const_iterator() : _ptr(nullptr) {} + IXWebSocketSendData_const_iterator(pointer ptr) : _ptr(ptr) {} + ~IXWebSocketSendData_const_iterator() {} + + const_iterator operator++(int) { return const_iterator(_ptr++); } + const_iterator& operator++() { ++_ptr; return *this; } + reference operator* () const { return *_ptr; } + pointer operator->() const { return _ptr; } + const_iterator operator+ (const difference_type offset) const { return const_iterator(_ptr + offset); } + const_iterator operator- (const difference_type offset) const { return const_iterator(_ptr - offset); } + difference_type operator- (const const_iterator& rhs) const { return _ptr - rhs._ptr; } + bool operator==(const const_iterator& rhs) const { return _ptr == rhs._ptr; } + bool operator!=(const const_iterator& rhs) const { return _ptr != rhs._ptr; } + const_iterator& operator+=(const difference_type offset) { _ptr += offset; return *this; } + const_iterator& operator-=(const difference_type offset) { _ptr -= offset; return *this; } + }; + + using const_iterator = IXWebSocketSendData_const_iterator; + + /* The assigned std::string must be kept alive for the lifetime of the input buffer */ + IXWebSocketSendData(const std::string& str) + : _data(str.data()) + , _size(str.size()) + { + } + + /* The assigned std::vector must be kept alive for the lifetime of the input buffer */ + IXWebSocketSendData(const std::vector& v) + : _data(v.data()) + , _size(v.size()) + { + } + + /* The assigned std::vector must be kept alive for the lifetime of the input buffer */ + IXWebSocketSendData(const std::vector& v) + : _data(reinterpret_cast(v.data())) + , _size(v.size()) + { + } + + /* The assigned memory must be kept alive for the lifetime of the input buffer */ + IXWebSocketSendData(const char* data, size_t size) + : _data(data) + , _size(data == nullptr ? 0 : size) + { + } + + bool empty() const + { + return _data == nullptr || _size == 0; + } + + const char* c_str() const + { + return _data; + } + + const char* data() const + { + return _data; + } + + size_t size() const + { + return _size; + } + + inline const_iterator begin() const + { + return const_iterator(const_cast(_data)); + } + + inline const_iterator end() const + { + return const_iterator(const_cast(_data) + _size); + } + + inline const_iterator cbegin() const + { + return begin(); + } + + inline const_iterator cend() const + { + return end(); + } + + private: + const char* _data; + const size_t _size; + }; + +} \ No newline at end of file diff --git a/ixwebsocket/include/IXWebSocketSendInfo.h b/ixwebsocket/include/IXWebSocketSendInfo.h new file mode 100644 index 0000000..c66d4a6 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketSendInfo.h @@ -0,0 +1,27 @@ +/* + * IXWebSocketSendInfo.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +namespace ix +{ + struct WebSocketSendInfo + { + bool success; + bool compressionError; + size_t payloadSize; + size_t wireSize; + + WebSocketSendInfo(bool s = false, bool c = false, size_t p = 0, size_t w = 0) + : success(s) + , compressionError(c) + , payloadSize(p) + , wireSize(w) + { + ; + } + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketServer.h b/ixwebsocket/include/IXWebSocketServer.h new file mode 100644 index 0000000..6cae633 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketServer.h @@ -0,0 +1,77 @@ +/* + * IXWebSocketServer.h + * Author: Benjamin Sergeant + * Copyright (c) 2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#include "IXSocketServer.h" +#include "IXWebSocket.h" +#include +#include +#include +#include +#include +#include +#include +#include // pair + +namespace ix +{ + class WebSocketServer : public SocketServer + { + public: + using OnConnectionCallback = + std::function, std::shared_ptr)>; + + using OnClientMessageCallback = std::function, WebSocket&, const WebSocketMessagePtr&)>; + + WebSocketServer(int port = SocketServer::kDefaultPort, + const std::string& host = SocketServer::kDefaultHost, + int backlog = SocketServer::kDefaultTcpBacklog, + size_t maxConnections = SocketServer::kDefaultMaxConnections, + int handshakeTimeoutSecs = WebSocketServer::kDefaultHandShakeTimeoutSecs, + int addressFamily = SocketServer::kDefaultAddressFamily); + virtual ~WebSocketServer(); + virtual void stop() final; + + void enablePong(); + void disablePong(); + void disablePerMessageDeflate(); + + void setOnConnectionCallback(const OnConnectionCallback& callback); + void setOnClientMessageCallback(const OnClientMessageCallback& callback); + + // Get all the connected clients + std::set> getClients(); + + void makeBroadcastServer(); + bool listenAndStart(); + + const static int kDefaultHandShakeTimeoutSecs; + + int getHandshakeTimeoutSecs(); + bool isPongEnabled(); + bool isPerMessageDeflateEnabled(); + private: + // Member variables + int _handshakeTimeoutSecs; + bool _enablePong; + bool _enablePerMessageDeflate; + + OnConnectionCallback _onConnectionCallback; + OnClientMessageCallback _onClientMessageCallback; + + std::mutex _clientsMutex; + std::set> _clients; + + const static bool kDefaultEnablePong; + + // Methods + virtual void handleConnection(std::unique_ptr socket, + std::shared_ptr connectionState); + virtual size_t getConnectedClientsCount() final; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketTransport.h b/ixwebsocket/include/IXWebSocketTransport.h new file mode 100644 index 0000000..bdfd409 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketTransport.h @@ -0,0 +1,276 @@ +/* + * IXWebSocketTransport.h + * Author: Benjamin Sergeant + * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +// +// Adapted from https://github.com/dhbaird/easywsclient +// + +#include "IXCancellationRequest.h" +#include "IXProgressCallback.h" +#include "IXSocketTLSOptions.h" +#include "IXWebSocketCloseConstants.h" +#include "IXWebSocketHandshake.h" +#include "IXWebSocketHttpHeaders.h" +#include "IXWebSocketPerMessageDeflate.h" +#include "IXWebSocketPerMessageDeflateOptions.h" +#include "IXWebSocketSendInfo.h" +#include "IXWebSocketSendData.h" +#include +#include +#include +#include +#include +#include +#include + +namespace ix +{ + class Socket; + + enum class SendMessageKind + { + Text, + Binary, + Ping + }; + + class WebSocketTransport + { + public: + enum class ReadyState + { + CLOSING, + CLOSED, + CONNECTING, + OPEN + }; + + enum class MessageKind + { + MSG_TEXT, + MSG_BINARY, + PING, + PONG, + FRAGMENT + }; + + enum class PollResult + { + Succeeded, + AbnormalClose, + CannotFlushSendBuffer + }; + + using OnMessageCallback = + std::function; + using OnCloseCallback = std::function; + + WebSocketTransport(); + ~WebSocketTransport(); + + void configure(const WebSocketPerMessageDeflateOptions& perMessageDeflateOptions, + const SocketTLSOptions& socketTLSOptions, + bool enablePong, + int pingIntervalSecs); + + // Client + WebSocketInitResult connectToUrl(const std::string& url, + const WebSocketHttpHeaders& headers, + int timeoutSecs); + + // Server + WebSocketInitResult connectToSocket(std::unique_ptr socket, + int timeoutSecs, + bool enablePerMessageDeflate); + + PollResult poll(); + WebSocketSendInfo sendBinary(const IXWebSocketSendData& message, + const OnProgressCallback& onProgressCallback); + WebSocketSendInfo sendText(const IXWebSocketSendData& message, + const OnProgressCallback& onProgressCallback); + WebSocketSendInfo sendPing(const IXWebSocketSendData& message); + + void close(uint16_t code = WebSocketCloseConstants::kNormalClosureCode, + const std::string& reason = WebSocketCloseConstants::kNormalClosureMessage, + size_t closeWireSize = 0, + bool remote = false); + + void closeSocket(); + + ReadyState getReadyState() const; + void setReadyState(ReadyState readyState); + void setOnCloseCallback(const OnCloseCallback& onCloseCallback); + void dispatch(PollResult pollResult, const OnMessageCallback& onMessageCallback); + size_t bufferedAmount() const; + + // internal + WebSocketSendInfo sendHeartBeat(); + + private: + std::string _url; + + struct wsheader_type + { + unsigned header_size; + bool fin; + bool rsv1; + bool rsv2; + bool rsv3; + bool mask; + enum opcode_type + { + CONTINUATION = 0x0, + TEXT_FRAME = 0x1, + BINARY_FRAME = 0x2, + CLOSE = 8, + PING = 9, + PONG = 0xa, + } opcode; + int N0; + uint64_t N; + uint8_t masking_key[4]; + }; + + // Tells whether we should mask the data we send. + // client should mask but server should not + std::atomic _useMask; + + // Tells whether we should flush the send buffer before + // saying that a send is complete. This is the mode for server code. + std::atomic _blockingSend; + + // Buffer for reading from our socket. That buffer is never resized. + std::vector _readbuf; + + // Contains all messages that were fetched in the last socket read. + // This could be a mix of control messages (Close, Ping, etc...) and + // data messages. That buffer is resized + std::vector _rxbuf; + + // Contains all messages that are waiting to be sent + std::vector _txbuf; + mutable std::mutex _txbufMutex; + + // Hold fragments for multi-fragments messages in a list. We support receiving very large + // messages (tested messages up to 700M) and we cannot put them in a single + // buffer that is resized, as this operation can be slow when a buffer has its + // size increased 2 fold, while appending to a list has a fixed cost. + std::list _chunks; + + // Record the message kind (will be TEXT or BINARY) for a fragmented + // message, present in the first chunk, since the final chunk will be a + // CONTINUATION opcode and doesn't tell the full message kind + MessageKind _fragmentedMessageKind; + + // Ditto for whether a message is compressed + bool _receivedMessageCompressed; + + // Fragments are 32K long + static constexpr size_t kChunkSize = 1 << 15; + + // Underlying TCP socket + std::unique_ptr _socket; + std::mutex _socketMutex; + + // Hold the state of the connection (OPEN, CLOSED, etc...) + std::atomic _readyState; + + OnCloseCallback _onCloseCallback; + std::string _closeReason; + mutable std::mutex _closeReasonMutex; + std::atomic _closeCode; + std::atomic _closeWireSize; + std::atomic _closeRemote; + + // Data used for Per Message Deflate compression (with zlib) + WebSocketPerMessageDeflatePtr _perMessageDeflate; + WebSocketPerMessageDeflateOptions _perMessageDeflateOptions; + std::atomic _enablePerMessageDeflate; + + std::string _decompressedMessage; + std::string _compressedMessage; + + // Used to control TLS connection behavior + SocketTLSOptions _socketTLSOptions; + + // Used to cancel dns lookup + socket connect + http upgrade + std::atomic _requestInitCancellation; + + mutable std::mutex _closingTimePointMutex; + std::chrono::time_point _closingTimePoint; + static const int kClosingMaximumWaitingDelayInMs; + + // enable auto response to ping + std::atomic _enablePong; + static const bool kDefaultEnablePong; + + // Optional ping and pong timeout + int _pingIntervalSecs; + std::atomic _pongReceived; + + static const int kDefaultPingIntervalSecs; + static const std::string kPingMessage; + std::atomic _pingCount; + + // We record when ping are being sent so that we can know when to send the next one + mutable std::mutex _lastSendPingTimePointMutex; + std::chrono::time_point _lastSendPingTimePoint; + + // If this function returns true, it is time to send a new ping + bool pingIntervalExceeded(); + void initTimePointsAfterConnect(); + + // after calling close(), if no CLOSE frame answer is received back from the remote, we + // should close the connexion + bool closingDelayExceeded(); + + void sendCloseFrame(uint16_t code, const std::string& reason); + + void closeSocketAndSwitchToClosedState(uint16_t code, + const std::string& reason, + size_t closeWireSize, + bool remote); + + bool wakeUpFromPoll(uint64_t wakeUpCode); + + bool flushSendBuffer(); + bool sendOnSocket(); + bool receiveFromSocket(); + + WebSocketSendInfo sendData(wsheader_type::opcode_type type, + const IXWebSocketSendData& message, + bool compress, + const OnProgressCallback& onProgressCallback = nullptr); + + template + bool sendFragment( + wsheader_type::opcode_type type, bool fin, Iterator begin, Iterator end, bool compress); + + void emitMessage(MessageKind messageKind, + const std::string& message, + bool compressedMessage, + const OnMessageCallback& onMessageCallback); + + bool isSendBufferEmpty() const; + + template + void appendToSendBuffer(const std::vector& header, + Iterator begin, + Iterator end, + uint64_t message_size, + uint8_t masking_key[4]); + + unsigned getRandomUnsigned(); + void unmaskReceiveBuffer(const wsheader_type& ws); + + std::string getMergedChunks() const; + + void setCloseReason(const std::string& reason); + const std::string& getCloseReason() const; + }; +} // namespace ix diff --git a/ixwebsocket/include/IXWebSocketVersion.h b/ixwebsocket/include/IXWebSocketVersion.h new file mode 100644 index 0000000..3618e90 --- /dev/null +++ b/ixwebsocket/include/IXWebSocketVersion.h @@ -0,0 +1,9 @@ +/* + * IXWebSocketVersion.h + * Author: Benjamin Sergeant + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. + */ + +#pragma once + +#define IX_WEBSOCKET_VERSION "11.4.3" diff --git a/makerwysxp/CMakeLists.txt b/makerwysxp/CMakeLists.txt index 2fd18ff..3cad92c 100644 --- a/makerwysxp/CMakeLists.txt +++ b/makerwysxp/CMakeLists.txt @@ -34,7 +34,7 @@ else() endif() if(APPLE) - message("Building makerwysxp for MacOSX Universal into ${PROJECT_BINARY_DIR}/${PLUGIN_NAME}/${BIT}") + message("Building makerwysxp for MacOSX Universal into ${PROJECT_BINARY_DIR}/${PLUGIN_NAME}") set_target_properties(makerwysxp PROPERTIES LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}" diff --git a/openSSL/win32/include/openssl/aes.h b/openSSL/win32/include/openssl/aes.h new file mode 100644 index 0000000..245c552 --- /dev/null +++ b/openSSL/win32/include/openssl/aes.h @@ -0,0 +1,92 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/openSSL/win32/include/openssl/applink.c b/openSSL/win32/include/openssl/applink.c new file mode 100644 index 0000000..238dbff --- /dev/null +++ b/openSSL/win32/include/openssl/applink.c @@ -0,0 +1,138 @@ +/* + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define APPLINK_STDIN 1 +#define APPLINK_STDOUT 2 +#define APPLINK_STDERR 3 +#define APPLINK_FPRINTF 4 +#define APPLINK_FGETS 5 +#define APPLINK_FREAD 6 +#define APPLINK_FWRITE 7 +#define APPLINK_FSETMOD 8 +#define APPLINK_FEOF 9 +#define APPLINK_FCLOSE 10 /* should not be used */ + +#define APPLINK_FOPEN 11 /* solely for completeness */ +#define APPLINK_FSEEK 12 +#define APPLINK_FTELL 13 +#define APPLINK_FFLUSH 14 +#define APPLINK_FERROR 15 +#define APPLINK_CLEARERR 16 +#define APPLINK_FILENO 17 /* to be used with below */ + +#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ +#define APPLINK_READ 19 +#define APPLINK_WRITE 20 +#define APPLINK_LSEEK 21 +#define APPLINK_CLOSE 22 +#define APPLINK_MAX 22 /* always same as last macro */ + +#ifndef APPMACROS_ONLY +# include +# include +# include + +static void *app_stdin(void) +{ + return stdin; +} + +static void *app_stdout(void) +{ + return stdout; +} + +static void *app_stderr(void) +{ + return stderr; +} + +static int app_feof(FILE *fp) +{ + return feof(fp); +} + +static int app_ferror(FILE *fp) +{ + return ferror(fp); +} + +static void app_clearerr(FILE *fp) +{ + clearerr(fp); +} + +static int app_fileno(FILE *fp) +{ + return _fileno(fp); +} + +static int app_fsetmod(FILE *fp, char mod) +{ + return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT); +} + +#ifdef __cplusplus +extern "C" { +#endif + +__declspec(dllexport) +void ** +# if defined(__BORLANDC__) +/* + * __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. + */ +__stdcall +# else +__cdecl +# endif +OPENSSL_Applink(void) +{ + static int once = 1; + static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = + { (void *)APPLINK_MAX }; + + if (once) { + OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; + OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; + OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; + OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; + OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; + OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; + OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; + OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; + OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; + OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; + + OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; + OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; + OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; + OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; + OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; + OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; + OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; + + OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; + OPENSSL_ApplinkTable[APPLINK_READ] = _read; + OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; + OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; + OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; + + once = 0; + } + + return OPENSSL_ApplinkTable; +} + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/asn1.h b/openSSL/win32/include/openssl/asn1.h new file mode 100644 index 0000000..9522eec --- /dev/null +++ b/openSSL/win32/include/openssl/asn1.h @@ -0,0 +1,886 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# include +# include +# include +# include +# include + +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/asn1_mac.h b/openSSL/win32/include/openssl/asn1_mac.h new file mode 100644 index 0000000..7ac1782 --- /dev/null +++ b/openSSL/win32/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/openSSL/win32/include/openssl/asn1err.h b/openSSL/win32/include/openssl/asn1err.h new file mode 100644 index 0000000..e1ad1fe --- /dev/null +++ b/openSSL/win32/include/openssl/asn1err.h @@ -0,0 +1,256 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_EX_I2D 144 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/openSSL/win32/include/openssl/asn1t.h b/openSSL/win32/include/openssl/asn1t.h new file mode 100644 index 0000000..a450ba0 --- /dev/null +++ b/openSSL/win32/include/openssl/asn1t.h @@ -0,0 +1,945 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/async.h b/openSSL/win32/include/openssl/async.h new file mode 100644 index 0000000..7052b89 --- /dev/null +++ b/openSSL/win32/include/openssl/async.h @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/asyncerr.h b/openSSL/win32/include/openssl/asyncerr.h new file mode 100644 index 0000000..91afbbb --- /dev/null +++ b/openSSL/win32/include/openssl/asyncerr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/openSSL/win32/include/openssl/bio.h b/openSSL/win32/include/openssl/bio.h new file mode 100644 index 0000000..ae559a5 --- /dev/null +++ b/openSSL/win32/include/openssl/bio.h @@ -0,0 +1,801 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +# endif + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/bioerr.h b/openSSL/win32/include/openssl/bioerr.h new file mode 100644 index 0000000..46e2c96 --- /dev/null +++ b/openSSL/win32/include/openssl/bioerr.h @@ -0,0 +1,124 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/openSSL/win32/include/openssl/blowfish.h b/openSSL/win32/include/openssl/blowfish.h new file mode 100644 index 0000000..cd3e460 --- /dev/null +++ b/openSSL/win32/include/openssl/blowfish.h @@ -0,0 +1,61 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/bn.h b/openSSL/win32/include/openssl/bn.h new file mode 100644 index 0000000..d877660 --- /dev/null +++ b/openSSL/win32/include/openssl/bn.h @@ -0,0 +1,539 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call bn_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/bnerr.h b/openSSL/win32/include/openssl/bnerr.h new file mode 100644 index 0000000..9f3c7cf --- /dev/null +++ b/openSSL/win32/include/openssl/bnerr.h @@ -0,0 +1,100 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/openSSL/win32/include/openssl/buffer.h b/openSSL/win32/include/openssl/buffer.h new file mode 100644 index 0000000..d276576 --- /dev/null +++ b/openSSL/win32/include/openssl/buffer.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include +# ifndef HEADER_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/buffererr.h b/openSSL/win32/include/openssl/buffererr.h new file mode 100644 index 0000000..04f6ff7 --- /dev/null +++ b/openSSL/win32/include/openssl/buffererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/openSSL/win32/include/openssl/camellia.h b/openSSL/win32/include/openssl/camellia.h new file mode 100644 index 0000000..151f3c1 --- /dev/null +++ b/openSSL/win32/include/openssl/camellia.h @@ -0,0 +1,83 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/cast.h b/openSSL/win32/include/openssl/cast.h new file mode 100644 index 0000000..2cc89ae --- /dev/null +++ b/openSSL/win32/include/openssl/cast.h @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/cmac.h b/openSSL/win32/include/openssl/cmac.h new file mode 100644 index 0000000..3535a9a --- /dev/null +++ b/openSSL/win32/include/openssl/cmac.h @@ -0,0 +1,41 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +# ifndef OPENSSL_NO_CMAC + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/openSSL/win32/include/openssl/cms.h b/openSSL/win32/include/openssl/cms.h new file mode 100644 index 0000000..c762796 --- /dev/null +++ b/openSSL/win32/include/openssl/cms.h @@ -0,0 +1,339 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/cmserr.h b/openSSL/win32/include/openssl/cmserr.h new file mode 100644 index 0000000..7dbc13d --- /dev/null +++ b/openSSL/win32/include/openssl/cmserr.h @@ -0,0 +1,202 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/comp.h b/openSSL/win32/include/openssl/comp.h new file mode 100644 index 0000000..d814d3c --- /dev/null +++ b/openSSL/win32/include/openssl/comp.h @@ -0,0 +1,53 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMP_H +# define HEADER_COMP_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +#define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef HEADER_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/comperr.h b/openSSL/win32/include/openssl/comperr.h new file mode 100644 index 0000000..90231e9 --- /dev/null +++ b/openSSL/win32/include/openssl/comperr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/conf.h b/openSSL/win32/include/openssl/conf.h new file mode 100644 index 0000000..7336cd2 --- /dev/null +++ b/openSSL/win32/include/openssl/conf.h @@ -0,0 +1,168 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/conf_api.h b/openSSL/win32/include/openssl/conf_api.h new file mode 100644 index 0000000..a0275ad --- /dev/null +++ b/openSSL/win32/include/openssl/conf_api.h @@ -0,0 +1,40 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/conferr.h b/openSSL/win32/include/openssl/conferr.h new file mode 100644 index 0000000..32b9229 --- /dev/null +++ b/openSSL/win32/include/openssl/conferr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/openSSL/win32/include/openssl/crypto.h b/openSSL/win32/include/openssl/crypto.h new file mode 100644 index 0000000..7d0b526 --- /dev/null +++ b/openSSL/win32/include/openssl/crypto.h @@ -0,0 +1,445 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_API_COMPAT */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +int CRYPTO_mem_ctrl(int mode); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 + +int OPENSSL_issetugid(void); + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); + +/*- + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(BIO *bio); +# endif + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/cryptoerr.h b/openSSL/win32/include/openssl/cryptoerr.h new file mode 100644 index 0000000..3db5a4e --- /dev/null +++ b/openSSL/win32/include/openssl/cryptoerr.h @@ -0,0 +1,57 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/openSSL/win32/include/openssl/ct.h b/openSSL/win32/include/openssl/ct.h new file mode 100644 index 0000000..ebdba34 --- /dev/null +++ b/openSSL/win32/include/openssl/ct.h @@ -0,0 +1,474 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/cterr.h b/openSSL/win32/include/openssl/cterr.h new file mode 100644 index 0000000..feb7bc5 --- /dev/null +++ b/openSSL/win32/include/openssl/cterr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/des.h b/openSSL/win32/include/openssl/des.h new file mode 100644 index 0000000..be4abbd --- /dev/null +++ b/openSSL/win32/include/openssl/des.h @@ -0,0 +1,174 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +# define DES_fixup_key_parity DES_set_odd_parity + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/dh.h b/openSSL/win32/include/openssl/dh.h new file mode 100644 index 0000000..3527540 --- /dev/null +++ b/openSSL/win32/include/openssl/dh.h @@ -0,0 +1,340 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +int DH_check_params(const DH *dh, int *ret); +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +DH_METHOD *DH_meth_new(const char *name, int flags); +void DH_meth_free(DH_METHOD *dhm); +DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +const char *DH_meth_get0_name(const DH_METHOD *dhm); +int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +int DH_meth_get_flags(const DH_METHOD *dhm); +int DH_meth_set_flags(DH_METHOD *dhm, int flags); +void *DH_meth_get0_app_data(const DH_METHOD *dhm); +int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, BN_GENCB *); +int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/dherr.h b/openSSL/win32/include/openssl/dherr.h new file mode 100644 index 0000000..916b3be --- /dev/null +++ b/openSSL/win32/include/openssl/dherr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/dsa.h b/openSSL/win32/include/openssl/dsa.h new file mode 100644 index 0000000..6d8a18a --- /dev/null +++ b/openSSL/win32/include/openssl/dsa.h @@ -0,0 +1,244 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# define DSA_FLAG_CACHE_MONT_P 0x01 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); +const DSA_METHOD *DSA_get_method(DSA *d); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); +int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *dsam); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +int DSA_meth_get_flags(const DSA_METHOD *dsam); +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/dsaerr.h b/openSSL/win32/include/openssl/dsaerr.h new file mode 100644 index 0000000..495a1ac --- /dev/null +++ b/openSSL/win32/include/openssl/dsaerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/dtls1.h b/openSSL/win32/include/openssl/dtls1.h new file mode 100644 index 0000000..d55ca9c --- /dev/null +++ b/openSSL/win32/include/openssl/dtls1.h @@ -0,0 +1,55 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/e_os2.h b/openSSL/win32/include/openssl/e_os2.h new file mode 100644 index 0000000..5c88e51 --- /dev/null +++ b/openSSL/win32/include/openssl/e_os2.h @@ -0,0 +1,301 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# elif defined(_MSC_VER) && _MSC_VER<1600 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ + !defined(__cplusplus) +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/ebcdic.h b/openSSL/win32/include/openssl/ebcdic.h new file mode 100644 index 0000000..aa01285 --- /dev/null +++ b/openSSL/win32/include/openssl/ebcdic.h @@ -0,0 +1,33 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/ec.h b/openSSL/win32/include/openssl/ec.h new file mode 100644 index 0000000..24baf53 --- /dev/null +++ b/openSSL/win32/include/openssl/ec.h @@ -0,0 +1,1484 @@ +/* + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/ecdh.h b/openSSL/win32/include/openssl/ecdh.h new file mode 100644 index 0000000..681f3d5 --- /dev/null +++ b/openSSL/win32/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/openSSL/win32/include/openssl/ecdsa.h b/openSSL/win32/include/openssl/ecdsa.h new file mode 100644 index 0000000..681f3d5 --- /dev/null +++ b/openSSL/win32/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/openSSL/win32/include/openssl/ecerr.h b/openSSL/win32/include/openssl/ecerr.h new file mode 100644 index 0000000..5173811 --- /dev/null +++ b/openSSL/win32/include/openssl/ecerr.h @@ -0,0 +1,276 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/engine.h b/openSSL/win32/include/openssl/engine.h new file mode 100644 index 0000000..d707eae --- /dev/null +++ b/openSSL/win32/include/openssl/engine.h @@ -0,0 +1,752 @@ +/* + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifndef OPENSSL_NO_ENGINE +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/engineerr.h b/openSSL/win32/include/openssl/engineerr.h new file mode 100644 index 0000000..05e84bd --- /dev/null +++ b/openSSL/win32/include/openssl/engineerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/err.h b/openSSL/win32/include/openssl/err.h new file mode 100644 index 0000000..b49f881 --- /dev/null +++ b/openSSL/win32/include/openssl/err.h @@ -0,0 +1,274 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 +# define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +ERR_STATE *ERR_get_state(void); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/evp.h b/openSSL/win32/include/openssl/evp.h new file mode 100644 index 0000000..a411f3f --- /dev/null +++ b/openSSL/win32/include/openssl/evp.h @@ -0,0 +1,1666 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +# define EVP_CTRL_GET_IVLEN 0x25 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/evperr.h b/openSSL/win32/include/openssl/evperr.h new file mode 100644 index 0000000..b4ea90a --- /dev/null +++ b/openSSL/win32/include/openssl/evperr.h @@ -0,0 +1,204 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 + +#endif diff --git a/openSSL/win32/include/openssl/hmac.h b/openSSL/win32/include/openssl/hmac.h new file mode 100644 index 0000000..458efc1 --- /dev/null +++ b/openSSL/win32/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# include + +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +size_t HMAC_size(const HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/idea.h b/openSSL/win32/include/openssl/idea.h new file mode 100644 index 0000000..4334f3e --- /dev/null +++ b/openSSL/win32/include/openssl/idea.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *IDEA_options(void); +void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/kdf.h b/openSSL/win32/include/openssl/kdf.h new file mode 100644 index 0000000..5abd4c3 --- /dev/null +++ b/openSSL/win32/include/openssl/kdf.h @@ -0,0 +1,97 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/kdferr.h b/openSSL/win32/include/openssl/kdferr.h new file mode 100644 index 0000000..3f51bd0 --- /dev/null +++ b/openSSL/win32/include/openssl/kdferr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/openSSL/win32/include/openssl/lhash.h b/openSSL/win32/include/openssl/lhash.h new file mode 100644 index 0000000..2e42d72 --- /dev/null +++ b/openSSL/win32/include/openssl/lhash.h @@ -0,0 +1,241 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/md2.h b/openSSL/win32/include/openssl/md2.h new file mode 100644 index 0000000..7faf8e3 --- /dev/null +++ b/openSSL/win32/include/openssl/md2.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/md4.h b/openSSL/win32/include/openssl/md4.h new file mode 100644 index 0000000..940e29d --- /dev/null +++ b/openSSL/win32/include/openssl/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/md5.h b/openSSL/win32/include/openssl/md5.h new file mode 100644 index 0000000..2deb772 --- /dev/null +++ b/openSSL/win32/include/openssl/md5.h @@ -0,0 +1,50 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/mdc2.h b/openSSL/win32/include/openssl/mdc2.h new file mode 100644 index 0000000..aabd2bf --- /dev/null +++ b/openSSL/win32/include/openssl/mdc2.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/modes.h b/openSSL/win32/include/openssl/modes.h new file mode 100644 index 0000000..d544f98 --- /dev/null +++ b/openSSL/win32/include/openssl/modes.h @@ -0,0 +1,208 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MODES_H +# define HEADER_MODES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/openSSL/win32/include/openssl/obj_mac.h b/openSSL/win32/include/openssl/obj_mac.h new file mode 100644 index 0000000..53516a0 --- /dev/null +++ b/openSSL/win32/include/openssl/obj_mac.h @@ -0,0 +1,5198 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/openSSL/win32/include/openssl/objects.h b/openSSL/win32/include/openssl/objects.h new file mode 100644 index 0000000..5e8b576 --- /dev/null +++ b/openSSL/win32/include/openssl/objects.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#if OPENSSL_API_COMPAT < 0x10100000L +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/objectserr.h b/openSSL/win32/include/openssl/objectserr.h new file mode 100644 index 0000000..02e166f --- /dev/null +++ b/openSSL/win32/include/openssl/objectserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/openSSL/win32/include/openssl/ocsp.h b/openSSL/win32/include/openssl/ocsp.h new file mode 100644 index 0000000..4d759a4 --- /dev/null +++ b/openSSL/win32/include/openssl/ocsp.h @@ -0,0 +1,352 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +#include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/ocsperr.h b/openSSL/win32/include/openssl/ocsperr.h new file mode 100644 index 0000000..8dd9e01 --- /dev/null +++ b/openSSL/win32/include/openssl/ocsperr.h @@ -0,0 +1,78 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/opensslconf.h b/openSSL/win32/include/openssl/opensslconf.h new file mode 100644 index 0000000..3f1e84d --- /dev/null +++ b/openSSL/win32/include/openssl/opensslconf.h @@ -0,0 +1,203 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslconf.h.in + * + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_SYS_MINGW32 +# define OPENSSL_SYS_MINGW32 1 +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#define OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# define BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int + +#ifdef __cplusplus +} +#endif diff --git a/openSSL/win32/include/openssl/opensslv.h b/openSSL/win32/include/openssl/opensslv.h new file mode 100644 index 0000000..fec5f57 --- /dev/null +++ b/openSSL/win32/include/openssl/opensslv.h @@ -0,0 +1,101 @@ +/* + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x1010111fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022" + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major version number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.1" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/openSSL/win32/include/openssl/ossl_typ.h b/openSSL/win32/include/openssl/ossl_typ.h new file mode 100644 index 0000000..e0edfaa --- /dev/null +++ b/openSSL/win32/include/openssl/ossl_typ.h @@ -0,0 +1,197 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +struct dane_st; +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/openSSL/win32/include/openssl/pem.h b/openSSL/win32/include/openssl/pem.h new file mode 100644 index 0000000..2ef5b5d --- /dev/null +++ b/openSSL/win32/include/openssl/pem.h @@ -0,0 +1,378 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/pem2.h b/openSSL/win32/include/openssl/pem2.h new file mode 100644 index 0000000..038fe79 --- /dev/null +++ b/openSSL/win32/include/openssl/pem2.h @@ -0,0 +1,13 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include +#endif diff --git a/openSSL/win32/include/openssl/pemerr.h b/openSSL/win32/include/openssl/pemerr.h new file mode 100644 index 0000000..4f7e357 --- /dev/null +++ b/openSSL/win32/include/openssl/pemerr.h @@ -0,0 +1,105 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 147 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 + +#endif diff --git a/openSSL/win32/include/openssl/pkcs12.h b/openSSL/win32/include/openssl/pkcs12.h new file mode 100644 index 0000000..3f43dad --- /dev/null +++ b/openSSL/win32/include/openssl/pkcs12.h @@ -0,0 +1,223 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#if OPENSSL_API_COMPAT < 0x10100000L + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/pkcs12err.h b/openSSL/win32/include/openssl/pkcs12err.h new file mode 100644 index 0000000..eff5eb2 --- /dev/null +++ b/openSSL/win32/include/openssl/pkcs12err.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/openSSL/win32/include/openssl/pkcs7.h b/openSSL/win32/include/openssl/pkcs7.h new file mode 100644 index 0000000..9b66e00 --- /dev/null +++ b/openSSL/win32/include/openssl/pkcs7.h @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/pkcs7err.h b/openSSL/win32/include/openssl/pkcs7err.h new file mode 100644 index 0000000..02e0299 --- /dev/null +++ b/openSSL/win32/include/openssl/pkcs7err.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/openSSL/win32/include/openssl/rand.h b/openSSL/win32/include/openssl/rand.h new file mode 100644 index 0000000..38a2a27 --- /dev/null +++ b/openSSL/win32/include/openssl/rand.h @@ -0,0 +1,77 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/rand_drbg.h b/openSSL/win32/include/openssl/rand_drbg.h new file mode 100644 index 0000000..45b731b --- /dev/null +++ b/openSSL/win32/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/openSSL/win32/include/openssl/randerr.h b/openSSL/win32/include/openssl/randerr.h new file mode 100644 index 0000000..79d5790 --- /dev/null +++ b/openSSL/win32/include/openssl/randerr.h @@ -0,0 +1,94 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DATA_COLLECT_METHOD 127 +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/openSSL/win32/include/openssl/rc2.h b/openSSL/win32/include/openssl/rc2.h new file mode 100644 index 0000000..585f9e4 --- /dev/null +++ b/openSSL/win32/include/openssl/rc2.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/rc4.h b/openSSL/win32/include/openssl/rc4.h new file mode 100644 index 0000000..86803b3 --- /dev/null +++ b/openSSL/win32/include/openssl/rc4.h @@ -0,0 +1,36 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include + +# ifndef OPENSSL_NO_RC4 +# include +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/rc5.h b/openSSL/win32/include/openssl/rc5.h new file mode 100644 index 0000000..793f88e --- /dev/null +++ b/openSSL/win32/include/openssl/rc5.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/ripemd.h b/openSSL/win32/include/openssl/ripemd.h new file mode 100644 index 0000000..c42026a --- /dev/null +++ b/openSSL/win32/include/openssl/ripemd.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include + +#ifndef OPENSSL_NO_RMD160 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + + +#endif diff --git a/openSSL/win32/include/openssl/rsa.h b/openSSL/win32/include/openssl/rsa.h new file mode 100644 index 0000000..5e76365 --- /dev/null +++ b/openSSL/win32/include/openssl/rsa.h @@ -0,0 +1,513 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); +ENGINE *RSA_get0_engine(const RSA *r); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); + +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + +int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +const char *RSA_meth_get0_name(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_get_flags(const RSA_METHOD *meth); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/rsaerr.h b/openSSL/win32/include/openssl/rsaerr.h new file mode 100644 index 0000000..59b15e1 --- /dev/null +++ b/openSSL/win32/include/openssl/rsaerr.h @@ -0,0 +1,167 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/openSSL/win32/include/openssl/safestack.h b/openSSL/win32/include/openssl/safestack.h new file mode 100644 index 0000000..38b5578 --- /dev/null +++ b/openSSL/win32/include/openssl/safestack.h @@ -0,0 +1,207 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/seed.h b/openSSL/win32/include/openssl/seed.h new file mode 100644 index 0000000..de10b08 --- /dev/null +++ b/openSSL/win32/include/openssl/seed.h @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# include + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/sha.h b/openSSL/win32/include/openssl/sha.h new file mode 100644 index 0000000..6a1eb0d --- /dev/null +++ b/openSSL/win32/include/openssl/sha.h @@ -0,0 +1,119 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/srp.h b/openSSL/win32/include/openssl/srp.h new file mode 100644 index 0000000..aaf1355 --- /dev/null +++ b/openSSL/win32/include/openssl/srp.h @@ -0,0 +1,135 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef HEADER_SRP_H +# define HEADER_SRP_H + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/srtp.h b/openSSL/win32/include/openssl/srtp.h new file mode 100644 index 0000000..0b57c23 --- /dev/null +++ b/openSSL/win32/include/openssl/srtp.h @@ -0,0 +1,50 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/ssl.h b/openSSL/win32/include/openssl/ssl.h new file mode 100644 index 0000000..9af0c89 --- /dev/null +++ b/openSSL/win32/include/openssl/ssl.h @@ -0,0 +1,2448 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +#define SSL_get0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +#define SSL_get0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +extern const char SSL_version_str[]; + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/ssl2.h b/openSSL/win32/include/openssl/ssl2.h new file mode 100644 index 0000000..5321bd2 --- /dev/null +++ b/openSSL/win32/include/openssl/ssl2.h @@ -0,0 +1,24 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/ssl3.h b/openSSL/win32/include/openssl/ssl3.h new file mode 100644 index 0000000..07effba --- /dev/null +++ b/openSSL/win32/include/openssl/ssl3.h @@ -0,0 +1,342 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define DTLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/sslerr.h b/openSSL/win32/include/openssl/sslerr.h new file mode 100644 index 0000000..701d61c --- /dev/null +++ b/openSSL/win32/include/openssl/sslerr.h @@ -0,0 +1,776 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_PSK 639 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 294 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/openSSL/win32/include/openssl/stack.h b/openSSL/win32/include/openssl/stack.h new file mode 100644 index 0000000..cfc0750 --- /dev/null +++ b/openSSL/win32/include/openssl/stack.h @@ -0,0 +1,83 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/store.h b/openSSL/win32/include/openssl/store.h new file mode 100644 index 0000000..a40a733 --- /dev/null +++ b/openSSL/win32/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/storeerr.h b/openSSL/win32/include/openssl/storeerr.h new file mode 100644 index 0000000..190eab0 --- /dev/null +++ b/openSSL/win32/include/openssl/storeerr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/openSSL/win32/include/openssl/symhacks.h b/openSSL/win32/include/openssl/symhacks.h new file mode 100644 index 0000000..156ea6e --- /dev/null +++ b/openSSL/win32/include/openssl/symhacks.h @@ -0,0 +1,37 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/openSSL/win32/include/openssl/tls1.h b/openSSL/win32/include/openssl/tls1.h new file mode 100644 index 0000000..76d9fda --- /dev/null +++ b/openSSL/win32/include/openssl/tls1.h @@ -0,0 +1,1237 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/ts.h b/openSSL/win32/include/openssl/ts.h new file mode 100644 index 0000000..3b58aa5 --- /dev/null +++ b/openSSL/win32/include/openssl/ts.h @@ -0,0 +1,559 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/openSSL/win32/include/openssl/tserr.h b/openSSL/win32/include/openssl/tserr.h new file mode 100644 index 0000000..07f2333 --- /dev/null +++ b/openSSL/win32/include/openssl/tserr.h @@ -0,0 +1,132 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/openSSL/win32/include/openssl/txt_db.h b/openSSL/win32/include/openssl/txt_db.h new file mode 100644 index 0000000..ec981a4 --- /dev/null +++ b/openSSL/win32/include/openssl/txt_db.h @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/openSSL/win32/include/openssl/ui.h b/openSSL/win32/include/openssl/ui.h new file mode 100644 index 0000000..7c721ec --- /dev/null +++ b/openSSL/win32/include/openssl/ui.h @@ -0,0 +1,368 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/uierr.h b/openSSL/win32/include/openssl/uierr.h new file mode 100644 index 0000000..bd68864 --- /dev/null +++ b/openSSL/win32/include/openssl/uierr.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/openSSL/win32/include/openssl/whrlpool.h b/openSSL/win32/include/openssl/whrlpool.h new file mode 100644 index 0000000..20ea350 --- /dev/null +++ b/openSSL/win32/include/openssl/whrlpool.h @@ -0,0 +1,48 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +#include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/openSSL/win32/include/openssl/x509.h b/openSSL/win32/include/openssl/x509.h new file mode 100644 index 0000000..3ff86ec --- /dev/null +++ b/openSSL/win32/include/openssl/x509.h @@ -0,0 +1,1050 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +# endif +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +# endif +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/x509_vfy.h b/openSSL/win32/include/openssl/x509_vfy.h new file mode 100644 index 0000000..25c79f1 --- /dev/null +++ b/openSSL/win32/include/openssl/x509_vfy.h @@ -0,0 +1,632 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#if OPENSSL_API_COMPAT < 0x10100000L +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 + +/* Certificate verify flags */ + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/openSSL/win32/include/openssl/x509err.h b/openSSL/win32/include/openssl/x509err.h new file mode 100644 index 0000000..cd08673 --- /dev/null +++ b/openSSL/win32/include/openssl/x509err.h @@ -0,0 +1,129 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/openSSL/win32/include/openssl/x509v3.h b/openSSL/win32/include/openssl/x509v3.h new file mode 100644 index 0000000..90fa359 --- /dev/null +++ b/openSSL/win32/include/openssl/x509v3.h @@ -0,0 +1,938 @@ +/* + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_NO_FINGERPRINT 0x100000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/openSSL/win32/include/openssl/x509v3err.h b/openSSL/win32/include/openssl/x509v3err.h new file mode 100644 index 0000000..3b9f713 --- /dev/null +++ b/openSSL/win32/include/openssl/x509v3err.h @@ -0,0 +1,164 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_I2V_AUTHORITY_KEYID 173 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_LEN_VALUE 174 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/openSSL/win32/libcrypto-1_1.dll b/openSSL/win32/libcrypto-1_1.dll new file mode 100755 index 0000000000000000000000000000000000000000..8241c2a11b5cda8cf6cb6392ba9c5a91932fda97 GIT binary patch literal 2408448 zcmeFa34Bx4x;LD(X`4dI-h}{Bi$sl{q6M>?Dy>#6rL(@Ge4Y4aV(Jp2jzNcd4-&m+EBqnR>n_SA7f0UrnY($wlJiT~E z{pDyhIl~@yJ~m_OV^eRUbl{4vX*6^3jQY!=aw<5DaU?R{Kt9N^ZX^K@pX9SE_xey`Wsqu-VgQRG=WIC1|SIflAL_P%ihz3~ErL`5ldS zE6Vl7b1I%ue>oaW?u}9=Pq7e!BF4NIo^vl!&L;74H_^k4a_M+hUZh-xjhCw(h{qI^ zqe1=PBIR!46xI|Gew8Rk_^r7}xtniB28s}Gy@7Hx9(yiQF4IcIG}@u~dJpA>;koa^ za#ZGj@~^D*-9e(#@z4Gm*O$8b=}X6tE1mE;;V$P{Os)>C;RlJ zLXCnFYWp+P_8Y(0|< zt#Tfghw^4dY0v|wp?t71{_nhlfva5$H5zA1<0!85-ZT?3Nh$cYk5xMBsEl6bwKxr& zDQ}v138PwKyIKOZX;jqL+v2 zQId_C!sm6z^a9hcjO$SUw~RH6{dWRtq&Eo_+h0&3 z!k4d7M=r^i{Z+oaG(S3LsBJa>Bf72K#EpR*3?I=8!=X}M&bDCSbgr&gM?70w)8@RA zlLnOj^qu}1Rv)7A-_LTg=j{N?1o6jqfWc_w>jBUQngO7+J8+|U7Ls+AMsNv1R)pnL-(26_y`{gXe(>}EUj4~FwSENquf9^{Ck3cmm(z%Vv#a;P zmViQ;HElxmW(t>BGOA8jf~t00pZ~dyy#A{0)WF0!~BY)2&D&D-^g= z%@3y;D6N;8Pu5n>5;m~g<*_h4Qods&Lb z_nnxy3b8(HpYM=9@fb=8i4F1$OD1y~@W`k-R|&8}%>k%b*(tHO@Qm0Ut z{n~Y3Bl5i{)ah!j-GN}UUh0sV&~-Fu@L2XhrTVIl1B4c%naM_r(i&zr0=Nqs33VxIE8mFHTIq~Xw}v3|#t!J&MxTP- z=xTUNP0|jspfO;_Ojcl)8rVFGw2D=vGQYHmjY(sueGXW!2w^QXvL>I>=UTPhO5Sd> zNoo}8d{G_p`O!kSFH$G(jgH-AmDaO48BCE{*~m=k1RIx4$ea&MsOySua03Bf83mke z;^0$MQq@ams!pN@dQPl+bEJK2R-Uw%m5t^-7+oaPVYGBL9RFrf+QBwlgm6-aP)CEa zf)nX`eRKypL&G7;6G5Z9?9_=8wG;PJCno+kI&mJ2%YKv+7?fw+OtuCZ5d;GNiEb^C*v(bYei7y12uCrTT~Px$^^S?w6F;! zP_L8jWhc+WP9$1w^Yg-4-P+6V)2*F@^Qo{gM>-v4H5 zRPX1Mp%GFTGkD+YrJd)sbBR8)2WPRn9lXC8D&-HU`bnqu7wuA$A{#XyO)gvjR?wl> zo=PNAi>Dd-_A*H&+sXEUdp#tXz(G%@VFR%lr}_cdor{h-G&@G!sJ4CZyiwmMHL=%7 z#0dv8tKq`g$Z_z&`_Qoy;3YWH(w3jsRu7&M>QKw5^7%o%L~R{oD@a(mIs7{bERC_B zJx5ZD(KN7E-av@GP7+Hf<*=u@&^EHqNob{W?C_&;5gfYuGEx>A8!&@)@2& z-TIz1xrmaHK$Dfe!{8|6%VbBR%#*ZIT2plba4Oj=UIKfXz49eJ53^UA@U&qxUipd= zysj@(xYsFXR((SAXgL5=&jqh-us)H&= zzQ8&1Adn%g@DU%(Ln5@oHlc1)6#dX+Zr8F^zS%Cd+g4oNjQPrffC$p*foVyAoKYPH zObQ z;W$3G4{_gtm`|XdHNxOZd~4(due8c3&#{TGw6g5y5IZGLd`^exDYoD_9pW8`>k;oj zT#xu!#0`j_Mcm->o%KAW%UZ)uFQ{{UP7TEf&(23Hp5hel<}a1Uo?_eC7GD5^kn$RF zM6{DZaXEWM(YO6YTlQ;3AbH41qYO$>C}ne)I=1YWi;keieI4xAr^ulT3Uz^K&{4GJ zpp7qc(8dtx>=hiYafJ#u`)}bWfU>b2Y?VCXER0h<2bry6dnu4BRBX?Z?Fob7*m{ZO z)sz~-mW@3tCo_z2S5Go@yLVJr*41!Sbs<#I=MY?72wRmwY&uQ?re%uDt9ALrTe&|k zJo_RXe#y(FrduM^^%2*RRPb&dOhmS9mG9LF>ur*-)^?vxp05`+*nX{-?FM0uZLC3l zn}%@HIgjor@dm84#kDF3BV_iBNSiJU&f{rh)>$j82HWZL_o+HSvc~qoZ0qFT@qVY& zSm3^^MY>pLq>%hJ&rVabI|u?i)(`~wW1gAKGoeG!c#2Thz&(Y-Cdj!^*90Mht^W!S zF>Hh7N?uL(GH()QXA_h<%m)c8%n+=r0n%?vdD()Q1`U$n&W8gsuD5bEq>=;rFR8}pZx6L|bySKwO|Ex`PdCmUDb5M{(3-ZlKIkLk%VpJp0 zslG!d-_br*->G^#?Cd0-V3>Pw-5v5J5~G!6;t9^yGb|RH@okJwl=ci{mONX@-)Z_=s>3ApqPjd0Gf3_!a0CzN6Jb~2Plh#C z;u=8E69j$8&EmEpJU&95Of~`hgBoZ(!ve3^cR);}IiqUb;R!dv>VCv=@`28IwxYKT zu!ds{t}jzBA@6A*%xIL&kwtkvI$%pCIoHXv^pO20xnF*-fmDD&exHkcmq+(QNaRyp z4M8x82$2^ClMaA2fGZDMZ|df&54p0+s39fDU>Yoj^Q8H0ULcJZ0ON6;8l?)@cKP3^ z1Uqh1l{0x=LfuI;Y!>R;@krrHnAjERr|K8tB3`Zzu?)b<>S_Y9qShO=(<83Q39kPN~CaB zI)M;K(}ssB!rb!jImDDO-Bm>adYobkg-JJl33j9P7?aKTH%^5aAWt?A5-~s*8|o8z zbPz0V!@x>3tg4MwZl0HHiK z8X6&uYlQ9vM68^OT4#TFhP2ktKZ?@MJ;ZwdhBLuncTpZv*BdiHAbZVjq55XHilEZy znxIgfPT@RD5iP=BhcG~wXoTu3D7nOPZ_Q?*TA*-|WumJyMsW2*q^({MYN!N8;h4_V ziS_xnp=Yuhh3Zk{Cf+ZyO>93P*+pT=BIJNCM|&2wA~nUr{dq7sYmk#|r6Lot7HKOr zGP_P5tGAV!m|ZX5X|Rn+aW#tQJo;B+w=2EW-pR32ygX7TY&vd0Ux}Iv}G(Q7a_J2x5Ye9P7V@{2G)ZWSfDSr%=Q);yTwEpgNc0 z^ID0g*cm7@%+mp)WcpH|&FTd)UvxEyf|w|jHVMg)`+Mvj2#Z~L@H8jAoFK)@1v+V@ zPA~{#P&!A{^xy zxlji@?$OKh4Dw_V5|$!QHp&$y^4{ddDV)S}W<#=4F`i}yW+jIWYwbv~_^-iW$T3j% zDRQn353`)B$HOA$8t~A`vqiR1zQ-t!Hpw|DL;=?zsCy8={kztW5NGIsz3O!4+NIT@o)Uv^bF7vAJ`DlU&CkG3ePooo@MemQR+;bt6Q-dm>0Gj|m``E3A0Ldm)rQ&xf%XLqLUICe4^#y{RvDu= z5uGRf1YGf?cnU^AsJRETF7)tTmcYj7V9yx{4GOUWuKZYmQO58Un2?t0KTDhpu_4T( zJDj6oAUqN|ixHl%S-hngz;y;68zWIn+J_v%(jXn?-G^5vb;_s=*Az>&SU-y*KthMg zRWJ?coPnx^IxUhr2x3@33?tPAdO8rvL=d70z&ox(qgJ3p%U?tfB1Bq*03$*K06uB# zMqXsHT4S~k$wz`f?kr(Po4}FaNM%ihg-H*Q`=vrum7FtG$<5Nfp{f>g8 z%(P|edXvI;i)}urp|`1U2Q*L$gvQk=%6A)uB~y{;j!93bjd$m2(+jk<`C4~wOnN~~ zZGMb9H#WT>wl+W3ovTYP(ADPa+_`b-1#z|caqiss^n&=>eAG%vFG#4(PjKhz(+l*q z`FeM5VtPShZGNIVw^w>WuiE@x?%dw#1-)zYd%JTD=>>+`e1khTDZL=6Hb2Ro+b6xC zPi=l5cdn3LAk^jyV<${d3QmC4#)E_gcYJ!T2;2&jt;Je*VP9);jJvR(wK&#YXtWmV z+=czE#c}S!0oG!a8E7p|a2J}a#d>$)W!Bmd7OQ6r$&xv}0N4n1`LJxoC(;X& zL9X;MeQS$jkajY?pdW~Z(5dtSBdCSY59tN{K`w;a(hCNFUI?|P7Yqc!5b8)TFo9wS zb*2|w29hCkI=$d>&=DSXb7E6FGvB^5IUD$FbHHrs4KnTO3)3VV0yt|5H9F6 zf^>%CTog!4mI7@dIo?%I-J?$A2zBHVLrb~N2*NX0fuCIqMG=&iA2bTC>!9!bC7=L! zLs)Vb0-h1AkP|E9L}(R~X}3@;LTCsGA&7<6ka8D26Z^E1Dgp-M?8;N8RAC%1x{C(1 zx@QbHE{{q{A8oFM8K^}{df8RA&;Yf_K!FqKqpwCz0&-3udNO_VH3*(WwNvS378Ddv z@D!pyq?cWbXm3P+K(sBr>^emIAlim#dwSWg5bcF%JE9%wWvPfJA=-gxXL{KXL=zG1 zbeCOkoiX6FyX*!$&bZ6c@Hp!(8;Zv{ciAvJy4+hNQJ@xU9 z7b=wL!VEv2Np`4_>B4S==bY&^UD&^Nx)4}*LJ+?a8hjR^bR{218Y&E#$*!!0tU=ID z3Kg-_g%()8lfvRyS3~P`VOG;I@D5>Pb#;MXo+SM@N_2IAC__nw)B~N^5MT7>Tp>GC z1hH5QGX`&EfyGp+OjBEN$6I6F`C98ptvf%)Ix@zcA8Q?n6rFXX&Yd4;9U14&kGGDD zcjqTqM<%%Q_12MkcYdOEWTHF2mvv+>cYbf{$lmUJgLS0Aou6bKndHvzV;$MYoiA8N z3WS`umE-5ZpaH+>OS>_=t5p#D5ji7#OX!ud2Biry!&*TEDh#PH!}}pX=wB+aKST%G zRG9an|7J4!4;nrBfQ1h-M0cUtTHNX`yvka9++BFJwfKa)@EU9JNq3>eT71e~c&)Yg z2Y2Ch*5WpI;jgU4?e4-Zo+m)M+g7$Zdq!A0O*8Em?fn?1;?k-5T=AUpE*sS>{-31xe{8R3N zo2>aixC?H!=C`>EhFkO7-36J}{0?_PmNmcAU2uyv|FpZ{R%`wlcR{u_|E#;Y7 zUoM{LFGiiQa2)~1k-vt4f}PJ`WakNG^<0CApKJIPPS3f%OrdJ7Bi!t#pnO_XIU_H3 zM=X^y^*sM@@$z)&LfH_fmgh5vpZ7)n2YeH-nkc(z=>ZAwhTwA-ik^GSLg~ioLgt=L zcM4)J&po2^1Y&zPfznVhEvtoOBKqcN{C*a^eLdjq|1o$##diQsb|HiqsI=@5#9Xtd zq?fsUCl*^dZuGTN5DmRtJ~M?m#weH9tJS%$y97deDQoYJXncPX{yt!rxi1R-J_52Y z3Vx^rQukBV{vU^rJ~UsV52(E7zy%$lRMeo}d`)4(XU|Sv7GI$*QK-2d>q8gx=VI-3 zW4te_y->#hYF|`)(Pfbp>LP{0?a|=S7^&k!?ct+z_mRZ5$5^5Ao&)sdzj$XU3-zhT zYbe~a$9rH&dUTtj3i@6N?xp_!e0-}6Af)mgw? z5C^zA%(HJ3#7Uy#Q9+yzry*zdB0)qO)wDG&h-joVsN4&{7lG$LMV{tQm;%)Ee?{d& z{Gr^16_pS$|A)vpum4J*JD-sEKi{LwQsu8$13M2H|Kq%YN}$|50Iwqg(){EAjE+Vi zM+4AQ>%T&O?JuDJ$H4C5^q;BHpQI^F|F>|;^Smz8cn0RF`n-oJKHqerUSLdj7ndqG zbVh&$Zl1nW33SJa-hr#T3zK42*7h6^VkSs3H}80E#%DJ^-{Nx=pEi7glPBQ-YDnK+ zN`Bz`q_Xc^N3yY0fQ1xd?OXA=Ockd_Y#;VXGBm>Z=-n$(kEcE%K2C?HAvQ*<`4r== zk&a@egBD?o_|URh3KZ$5B62*}V_uPF!Pj=un?o?8$kdz@#8EgmB8WG`5DDVl@E00{ zQkdyc+$m6X=mq-nB3{DRSfL#ah#__8nF~m8dn&dI$-}9kt)9iA^96Y-UtdcVk_Uq% zKZjhZ{`}ubuLzY$YlUd^3b<;lZTu*+LJ>;aa!y&zd*0`6-{k)w$ywsh)e2Ac* zFEu{I%lE3hY^O!5>PMhqiK%~rm1%K|SXo{Bq$NMj%F~5g2AshJ_m->A#i}A9V1&Ya zRAB^j-*R=m#`8EYvraRT$F-yAu}-VTV$@j7bYU?j8#ERxflxZ4MV1_j!g-pt5v)0D zN2RMHURZK1sam0>D=bGSNh`!#hpZ(raw+iv?NXF(M&$}jVG#7AcFRTtj#nbE1A)#Q zk}X7<@gWa^292DUmJW(Q{zjQu#5?7_TF6&X#$Y2r5c|+#yimFc^K#5Cc0hme){q2G zp#qqP&DwOKs|g?8H4p?=%nBO@gB3uK%xhG?h0;^p3YMOU>OJXDV7$>AGK>g=5K6q@ z8b~Wm-gu$FI4}h8YQX(zIS!#ge5d9 zL;)gCpamzvc{I?j#I;?luVTIx-9*pP3xza(>G5!H!$#b{hCoDquCWwr1R?(TDML(( z?*w#|pAOAM{59oMtaJ$CFxVQ9cq_@J>Ny0a^7Ve@fs;M*#YGquUZ(W>Fm8dYZiJNH zSWY7)D=re%A>4)mMYs0z{v6>?U6n~Ab@5Y+ibRQDA zK!$Un5q><|{Nvfyi)42IxGMc$uO^j@w$H!~LDQXVCm0?6X6Z&ervr8img?YcBG8P$ z+#CcH1d8nlv~uxkAvFXQK`C&}x!A)bBQ}-BPZfRGb|g5s#-V8`O5$5tPTndPfr@dJr-O} zoW2U13V7_~5~o99qjf)gVqr;tt_mYV)e{1?S$k$zpaVUNz>^l1*v~7~d44HSkKB~S zIEx@uKg>&$#s!ar1`4F(aG|zZIzjv>Zx$&=OL&Apq3{@iNS?VwKu&mo%R#tZc?oNV zLMo|GkX0pVDW@lt3@0b%3Z!jRu_S7G7Tf)|6HXCj!|l5`fO|Y!e@ezknIsS7PC&&v zKOI)#`b0=Q4u+#Chi5J{2`L;U^B8c8);*rZph3lY{}-qg-8}5CkP1%Y^=ZQ5nG4Or zl~(EZ%KP15NH<01Kc2-PW5tGmgX14*pXzgBV7}v_i4L(DDwZBo3R(!E2%R{v(qmzD zM;zx_46;_N570W^ELXE2RI6IG!cW>EAVu^mDJhYA%D`W76Q zcWDL7bL~*G4pq%Y4S(4G`IqQhXj*Ca+X6Ah%k^+9hwS*didWUts?&NA6-)xY7 zdFq$@r~fDEU%uuNt$+7L>t9-V$=pZ!H?+8-ybb{ZR~K=G?)|^|w}?#FzexXni|vO0 zQT=L-5v7G0;8fW25nbB-E#daRR5FgNw*FT zJ7TJ*(9?j2RCL6$2LQycYT^MGQN$OgJ~rKPOl%-2b)mLYyilpb_`*HzIp@9*)HVzx z^#PxMu}Y`&=2+jvS`5}St>?SNa4EDnJVIVZZ+^1mK-H0IkPw=CNV~6D=gEtI1BYMc z!=x=>&sr*xrK;xkRnWc~=Oe;rt6ZzJC4C*qhA3|w4gyacF5-LYa5KJV47cLjF+9hA9nE4QF5C2_AmFXo zvzUeF0982AKo9979{5EPXdLeMV(irUH-?PBW6UsMXvBt3c5iA8pGl!TV>C%T3<2TP z-G(Re`+juDPt7YgA0&mp4XXr5B0*m#BpZhd$>^iMgxZSq==}C>KrsDFm{iQ}{HRrrJl4FiAv!RELH13TX};DCCIaYo;}VJ*fvSjzlk2)=5Jg!iO|O zOBC`iaO5MCmO~ut(iToc>I+960p1}njQo&yhWEQv{`mi_{UI%eq1uQKS)XQnNMKs=!8*+^vok-k+ZwSmw}MGQ z+-^HV?1;uLWyZLs0zbjlpwwD~U~drm3L)4Wgw`PhyMxergkXCR+JMmiU+vGOM&zeQ zBW!DaVjPrzHlJr}E;$Co25Ue|<8TC2;)@8W#5W_P65ooDO8j47f4DSW%=Y|*M8f)z z=MW`dKga%5V4fSXL1cgSbA^B9o@l!xlpa=`iB1`l;%40W0}jzQN<50G|%i2 z#D$?b4VIgrq}W=an!#!csn`G#XW#Eq#DJk&>(lwo+i87NozV!T9eno@ybdqC$L`}M z{9**$Mhm2XF{jDp6`ckl^)x86**I$z^=Eb%;;$BJz%BaVu(dvBQDiMf?v} zhh2Dj8DTU8H)1LFfTVc(k`Uf}qv6DoBW=Jn ztGhRTbyKPpF}qNT)powRid_I&F~;&FmPDyLeAO81Z}VzFAR)EG<+TgX{hGv;_moy{ zQ%}%=*QeF#I&T6B;A;6Tc6cmEW! zi?E*C8p0AJ-A!oX`7I%e=TWTR3aO+A+CVe^_tZp>^I?&rjThBMT^KU|2dISe6T7#Q z3fUgo6idZcPRnjkTSz_UQp|o26^b~o&>zZgc0|gTen%Ll;?y1?Hkrg6Rn6Es!)B{B zP(tIU+_jVXigg4rAH%U7nOO2xH{keY8dc)Eg=z<}*e#@zhB@j|astUqDH|Vnb?W&H ztV26{qglkgffVrT5H8$a&S>n=5YBaQ?2Hzy0E;9MC`ns$ILx_FgQt4BBf@{<$C1SJ zjl&&o_$fy(JQZ|V^ML0Ms}c4L)%*>2^@$px^jrA}9ZrZ=eTS36~6Xl=f!T_-mcI$b~ij8+Vzd-Rvtmi@bc_6U=U$HT|=Fe(Zr8^g99^HU*()tsW0D5-G8{I%@~aY|ECYv%R7H zs2xIsk|!izFEs2b7LxC$Q_X>QBm51(j}!Dq%zRWsL$a+el3<^4+J^=e63hqHgjBfE zb2?~HFAUU&vA{C?oK7l3>+vfIEe`ii=U+HAS)tkg2FVBbNf7b-LWoUB432^zAFE86 z+bksC(@NY6s{bKGGf2fdVe-W&i^Hig3h7&3R;N4`PSq*&3r?P@SH^`?^-5VdRa9;Z zr;5rw;Z(Eot8l7W$quLH@cShBVBscBe>2iK{>goRR9?dJbP)3Nwa{=7@`T6gcW?qE zB2Oy$69AFO)J&vDfcoA||DT{chKERvYB6^@?!Y)~ByNCa%-jq9sE8hr$jGPxns{%b z=7=$<=|C+X09FXLh+dQJ*0YkApMTTv3jh(Ma{PWjgt6MD!+e=v$*FvSvvoZfGKbcy zyYv5qe0aA8EGpD^op*ckda0g;UPy)@(1CkT4oosuPxa`@ZZCbU4y7jNVAH&?HEZKM zoV0=tKsIO{Mp^Pkwc9OC-J!65ozzD#M1SJq6LirZuqmnX$ma@#qdy}?jWbWLm~Fmu zreoR+Gh#!F?@Tj~yyrf9$(Vu>caJka{A+XeL$h$Fb56yqX*1`{nK7(l_M^A+-%ijk z6e_j)Bq2VoPmBQv0b>(%l?lCt_+C0~qCPIh&?hNYIPXt0>-zg&RX$j$pMUi|OPfDg zqq%#5w9u+8s`~2OduQLTT&KC+zV`V8e|SIdhwF_qpW6Qy%{2#4_y5{-bIZh-f8IPXt0rEc4hJO32amwmqP zsu90!*BtrGK6b@XZL?wGd+$G(bU^dXvVxpHf17Z5=jRXJ|8dtK&0~jMdp^2(^1Lfw zJN4I;%f87;(70~?=+wNGBd&Zc^{mINR zmyaq=zH&rif6cVGDTiF&JpIz~e>*jM;Jm(?ZBPGxTx?3s>Z0F`u@Bz5Msw%(BW&QU z-f4e1^TF$BlV)rF{ryAxzbajrm3Mt@zdy|UL9@2O(ti42_Li1?{gX`65KZnsUU^~a z)f;tRpLnk=|GFufNAFwrzg~UG_xL;G({DEfPii)PecdZBoXCH#?H^NhQ*y7?_}&Sw z`(NV?>9^na>f!bFpje~>0B!j&eZrkuX%Z`mX(1y(e`y3sntg}cU!w8PIq{tq%vn@M?nk<|a zM7e2G@HJ`{WuhBu6>7AocMhWH2e7GM>UnJn9GM;j9OosB7+MET1QzN(j2hai7`f4P z+{&w?GXRASSN!e05Gm1b&$GSXz%GklM$%H`JwjOD)fz%1Q$rSv$aoE&Xr$sUF_J|t zX(XTARkZ+G35`Y10@M)>!G4hfd<1S0jvA;Cr@6`=z(!>c-ao3i5lCD>Z}`BR-Yp;= z(flIxjsaxQ`!bc@k4y<6L93P(BWK|&nNo;-IJH;8fzW_|LDG0+zMKO)h35{>gLq*5 zTBqDWn-`=CJ$`JW+WC8OzB5Qa(cnNVY0;t@db#RrxDVnB@fvV&Bn-ye?%W@(@5Yu)Z5N z?(ceDt3(BK7&E}Au0lAcAl{>}!*U;HDWiY;oE=cg=6WV<4c65-2t$~(k9|o?~ z`bvB?(q<1f8F?i@tY{GW9*6!ws04Q`@bp`RH3Ga(VKcs4I#G!_af{&9^5H?D3ha8$ z2|^esSB+3rL|Rs;hwCb)5$q>6;tTsC#Am8p6Tgpdra?p&=UFb#5N?`mRd9JmHfJ`j zKxmdgPHv3PQi;%bLIIP3?$%c#pGNb-xYS68U3A{J7+CZvvl9kd!1PK+$3Ds5$*e@(FrAL8Tkpi4)qSy()y=;ZD zBKe8(Gig2$K0oi7Xla74Yf_iqQl8m^)io>KHx%cpk7K_l`|`0BUvvZz%LrzimsYH2 z;SNv5WgFhmFHAuHUjPqh%seHRt1lB^zD<7D0kiA4*)#M@Tt}jOjh_`o!H(D`g6|pn zCKWl3TRZ581V^0~5BaKL2z632%6^nUpA!g>y7|S=S9pd#MD^eQ>H7FB&PD2(FBRTIbFJcdmO$m9rp;(1tH~FG{Vwr2G)ZnBZxKHOu9m39EG13NkieT zhiCE-U9N%52!C!8TsI>|zn_o?$i=ujO;~LkXv2*!8~OFybc8goeVcW^*_Nz$wT3+7p8kLvxai2Oml4%>Mw;5jMbqyr&HA3 zt?~<07|C2`UEarFv0T(KIyFp}{ipeBHUV~FxZSMUY}X=IEm_{bPPq8PvH&x;$* zc$%SxQ-m)1*%8Jxa=#o$lwbX(HjmrJ&H%0fcfs+>x)oGeS|j;z^DZtymbOWL-%3$f zjSHOBi&_D8uY85HmafP&Mcqg*f58#U_7EK090)$cwI*xv05|xWM5)0xo@C63>yYU- zcmDew+@2b~&ruFxO;_6y2wL z7OFxV#Yeb4%v+mqvF&=?y}VI6Ev)gaiSX7+sTCY+B>vilYm0OjTn0T`U&5f?BR4^ziP1szZ2dh=#6n+)f4258pw(@XyV3;p0ipYI1gnvobhu zByMB4dJ(S)=)OHz>?HD!3nHlqO(@0IZF`ujY~}XNMTt=pi~Jo*+o)Gb(O9 zsXD+R;gYyhJt5&*WiO2+=N8%EQHiJHESlI#S5IELlc>9ast{fWfY)lebq*JGr>GrU zi#wxi3(dCi7Tc&)+k-siou2S>{$z;O1E)>Rz;Sg#3uQ9bIbq{#}zHOAe^p(qr23j6%;8U$Q#Cn3o=Fq zB&)WNH^N(-o8&trCPFMn#Dn$F#vd&m$V%8>U{(Ml14q!pcXM(`x`=WT>S$-&gsWmzrY3!bu&PFo8By`jUeNZG z&Tj(UPdc3IkdQt{j!?JP2FN^hHLl{N($ZmR6_oI4ywl>Gu+Fzmls5T%c;$e!4!8yI z!VX+1hs*1C&~@GX>h5(kAA+^VANK|6m(!Z6&p2;ZA-LcMc>;{H5r)4BY)C9y)#;;* zKDab+kx4F25jF^`13D=vttM^13-&7&5@nEIw}LEaj1*MV-N?MsrTxE&%LNVVpyj8Fyb(hCG#Cj!fPR3vd~T` zc34eJK{oWs!6fv+%(K3wEb_B(jc-5PM|~g(^depGtfd)Qq{jO}@AG7m>Srx`s0Ln` z6mE;Ijm%)D!)@)L?1>;buSsn|5($Z~)p}{X9?mp!8uJ*Cp@bY(k={~3I3=8URs5|r82q(8+U>CW9xDGE{gjO zC4rYR@mh_4SemFY@>P%zVr7R>|B}+_XZ}Pc-#1Cb4Pe7RTD-{cwe$lEX868K!V3}J zwb0E>=w>Pb8O$jTdGTcQ~Fr8tloq0xi>fg8pHlxfGD+T6VBD2!JWz`Ohrx zA)Q8GuqQi_twRZ`gqQdr<6Wvy0%B7p?!LrDPM(ZJ4(lz-3K1HO^hF~kp0SKF9AM;D zs-t+aui&8GKr+#uu+@1CH?tr3aQ;y(&2MENOv2?c^aTrK^2}E$Q?)E;UE9XtzeI`f z%|g9Pl#cP_r39bQ1pEw-;SLVqSt?62Ly$BU*qUg_2VsOPd~|Cm8{QqE8jHKXd6vqU z)sz)t=~#eFfj4?^5U*8QHeku}no_T#ZUVHu%0Dgpp3;+HH#OSgdr6N}T}06VZ7SYu%)9Rsv}T zhe$)W&T_JCQmCcDK!S{Xk);H1b!^+FW4`YO+i(?y^uwkA=a;o`)DI2jlQBCyD)N%# zYA*RK1_6?Dma9XknTPZUktDNR141OUELTK`q?F|v5#l15YeI-*kmaTz#3d)!j1ZTV zTnj>8o|}pgci7%->Idsc;=u~jFm57Z9f+Z)7UA9F{aCIQlXMS1dONArd5(n}-k=o!rp~k*u)XB7{gZSgsu* zk_DDqg3ud0bT2~0@ho>DLd4!IcM3wp(=2x?LY$3r%Mc>oWw|pD;%=joKy>!#MpLI) z?kuEpzmca~kdAkB<);e57)utdngmJsF$&0>YbNzd0={XJA3otT-y#`kVIsp}rI8UNSkEg|9t}Wc zgphgu2$DjcqED@6BIy;Lt)m!j#s=q@g=I~o8c7~VI9U~O1dRi*NfDN{4z}T%;Hp!U z2&V@bd6Wo)R@H$tMi-Qm8O#a6F|gC@8Dce%ClxxcxgW5G>ym`W5|TvUH~nD1%%pjf zV8wpVnf1GVq%;7EPf3#CYQDpnyCq3#hXwJX;T|fUFHtgRcSWA9Uli4<-2O6D)r_?0*OR zpH7;2uy*Mf_YQb%c==seXMztTKY){rRH;!~>#G-`^YwsKeoAe1EpHcX<#t4amJ83q za;!A*8H2P5^N1$Nj~C>vly*pm`D%>1rn3?6L8?byfK23NSn@hdfw4N`v-|a=S;0RT zGCeokIyM5Xue6`uP&1-~J$csiWGfcsUA|@zWyw)&tl=i@zVc`t10QVnHJYT;Xa>`$ zdXt1Mh;ojeflNr2Kr*b#!H1L=8`v2tph)|PYWuP9)B%cZ0$yvSjVi9Vt#bn~KLh;N zV0b6AO1rTBH0czZ(82Q0(mRzzKFZx|r4;f%@ElhDBPR;^d>wr;;^nZngXK(esO{-%&f*)u;t3DdU5)^rgz5@1Qr88kPr9 zjP2agY|gtesBJ;FOe|A`0ad<5m7lm5YoMeg4!#XI3(&7oXUJdY({iRMl}6soChQ{{mK z{;uFHhdu?D2e;H?H7BoK^3p+0Qt+&!@?k@(4;K*i%JMHtke|YB-p>2zxF=Xp;~Awb z`wO1D&oo!Jj|DEN7*C~x_nla>f;A%1BL&Q7*%+ z!@3)<+L72=tGiLYg};odCb;M>woNY7yBZ_!&#KJM(l~Eow|h#1U?Epf%eF5L1T4IK zU{KkAgfS`~QAWS^#jswV#)p*zN_XCB7xstg{m2GrPrYX>r_Cnxzs-^2I~|)fU{Qa0 zt{$;I?VBJKz;D17#nr5x6t$(b6zqsjh$_CD9V38k&1%Oja^ITGcw->-oo0d9*9`IR zhrz7Ig}7Ba<@UBMSEpp54_Vt6>Z*4;4oTkX-NH-sMyROkV!u+^U76d+C zutlr^EM+d&l$YC;`M5_9+5$ICp~o85Y@eX4LI6Aq_NwvD&*V0$1P10eI%s8`2OoRs z*x+U`C~FK{QGP|)GZ2LGgz_gquhZA7^a=)m_c-OuZ({*TH$jPchd0hTR9V1YDD8i$ z(g=18w|)RG`z;8yo=vR}M(bu8XnCFvieBd-QJ4^Fy&(`IwUsKbsEvf=ESkQmyqlFg zlpxm2fdXPWi;{;?l~zkfC3=&a9zV=J!}bo@>N=;N_XHex-RF9sFyt6()$V{qsrNtI zOO-{hQfKr8=n4SBD;=~uCfGsAY-J=i(m6e9yua2%gI4!Lff_n~r(1NncE7Ns54C)5 z$ksrgZuN`zN9+gl%CmG@S`HV-dmxVX@Rvyqu`S9W7Y&E8+WYG(*(xRT#@?E1gSh$P zwm$$%p=L6yvohy~-WsOBKM{xgpxyfxuDz#&?`Ylt`VmhFHJhEiu{UPI-Wa(ftYe76 zwhXDCi>Z}%hwy?IcTm>SB{J18`}gBnvm37!*5u$cL2ft3?2PuXu*6E)c;|K#og3i? z*~9z^+h`ne5{#?64Lact;RWB8W&pZBs~%H3qzVPC9^LIkGM!@OqsFO8XBlAFjgXcV z>|}RyONlx;I&H@|mCAcL2SY6`x<}hMq~6&ac#gWr&QK?TnQJ;)^>gEe1Xm~4m;VmX zE}zzKBvX9Y<-@BT5)p)!s$GICYJiqKw1M2R2E;ilmyw1le;nMLmdd#~m|;<*mpLZ~ z`j^jC`F#X0(Mv7y2^xl}cYSH*N}_yzAg=85Fud{+f%nU{A{H1}zA*5|viB)yD5LgK z>_E6!8I5P)nX*5I6Uu+%p9`>2^a#s~DOz3zVw;4dmCMUD=nh>oYK)SXdmu1M^7q6< zA`8jP!!Pmfgk>hA??d|Hrte5!jQLAgU)Z_6NKy60=>NPxU%ZU1^@zT>0~n|h+pRC| zfx=Lp$36{V&=|O~{GO1`C|i%tg3$HX^-vpMz8F#)YgHT~YNMw+!{3)}2iKdyc&2jA z_}~^UpNmRaWBJu(uakXN^p}NgDbyZ>9~w?AS5B{!H{)ZaPw50@(QgO|6BJ~2`A}Ya zf^y5{ytZl~hL;cK$>n*0#PVy@;D|DsE1?S-wF?2U{Q6McF16)u+p%<<9kM~MmNbM1 z@Zi{c>`EM57ibSSnvm4nIbKHKWTB6Jta9inju%`rFD|?B=pJx+Z@2R{P(ZKzR&9pf z-mZI~9`;`i5UIlc&O|KDv_TLnKr0O6xZqaM$>r?@-Te_K(l-OcL>dmG3$l>3LKEri zYFUN_$piMWKy4eTxrTBJuUM*Ft~L&_7{pV`N0e897$+@!JiA?=p87t_zd*|CmUd z2sxNJ2c3H5Off++upeiYlspP=Y))L`5XQpd8F+)_hl=H1bD zKz+HXY_;llI5FHyu2vNY_kbe)67fIj2j~WpCC>IV8UlY$E~_t3<1p;XH^wmkKgb%H zpTq=&hpOP!Hi78lO2;d=acyMaW0qC#xJzn_CO7;USf&hZ!w|^m@NxF>N|IVWtKNBt z*9lx!K1@Y=M7aYYwLX^q_#@zK;Ab=)Km=Ua+&`lu2a z?ok@|qj7CtYK514@T6W{iJ)_!d6Tpo6JeO;6#qRaC9U?4!{fu?#{?_8a&98e8qTw_ zD=8w>458R=R~Ie{9f+W3QIH!US5Pl3Q9U?UbBD*?K^yq7aB*rjJ7%*ru7h3eIJ4KX zna{cr@Zz&N?4RKkDia53@I7@9&S_0S!H4h(;IQ))od0_WpTGg+<_*G>e`e7j9LAl3 z(})k@697j{!7;^$@Ckf{mxZ`i#yH;#BvA|DrdHEhKq_jM5Og}|IR$40AHpYqT1Z99 zkraZ7V~u$23IaHJIm)FoA11P=vEv++=HR7UOr#Wz+XMWH< zK4{%Vul=gqtld;w9K@UAe11Lh9k;gcm%LF()Rn}cD3x1NTM{4i9mZ~KQCyc5yXdP? zwJ5%eDtf!X&|9DkQ()4yG(o*knECuCY@e|bi-m*RAVlUB#1fd93e~d^l4ITaYMhHm zBW5^S36HjBJTU|2uc!5M%u?GYRNPPeQ1*NJYKBTI+ec|h$YDl{>tKgxb_YA@3>W zwL}#fF1FY8O;88bnupjPrdK zXsg#cenq@M059MWBii~I4APKgv^bJoYqU!-6BZNqxmIEt>^xc1M)VV^X*D{1w08dW z>f2X1MfMVH4&n=Xt~4d2Rl2>C7398a&p84#X5g228RrR|eU*t=)M}49B>|6`u~Da zlf2pvI{)+z%}uesKtIXwo=MPlX?<*0yP;xsy`_aqsCV{d*sE;7K{>iAd>)Dh zhO$*~$ecm9J!oA6>xB`aSHN!8ZmFG&rLLe4FP2w}k4AB#fBQZu2)@%pLq)MnT}f8Z zx{@mHsx7%q)o&BCx~w=owHvS|-qr<3uEwscF0S8n{!UCjX^_IBwHh?N1UJGzQuQ4j z`mta(5--~zWdoEpunl#(7coFs(tukUypB{kk-T6`0}K!}J^S7>1Cx@m_rM$5Fq^~> z%OXPU@4!^c=im#{r;ib8UPh3#u2)+Ie?*l!yVBJw?Bva1jaUmMfkr9F@ldp+tHj!1 zUsC!>u%^_gN=N(HQYB{yUv@=dEl5{JZ=T?iOv|e#gX*v?;tP@S=vNH00eku(W-1mI zvX)OrJApX9z*w?bvT|g%^(1Rs691CNyCi_2n`A z_p&I}!{O)jg+o%tx#Zg+k%#nT^n?`X~)573+*}Fxz)s)_{yBLmB;$ zaTDrPCa!dvsCFglGy*PIjlTUSK;E*%NJGs?E2A&}I%KHx-LQSf+yldA23Mriw9UVR z{}}uWzF!fw+68~Jw#0x}k_Fih!m_P+|F%ABJ3qg6*$FIB?wft!6XMvw?NSh^wsRn? zD@u5~>z@&pZ878nnY-|O11!Nytp9Mne)FVyuI4eAo-`UzNlC~$B&;+i}f8sru8 z4d6^`@i);P)|#q=#8a-*F-}{%k3c)K&BH7F$14S?lxEQU(tZz`Oih1LzmIA-Ft z+Vtka2{9CpbxaD!V=1n46qB=T3Mc9)G0u@CEZd|Hr^QiPyyM#FG*aoo1V=KZadw-V zkaz-1&zl)uM67ZPO-MuY1=kV!c{Ux^;^Q519HiBs^YPvuO<_&#L_-4GDlFTJ^Z$Ab zeAYfbvAApt3$W9(4`7^JEA{O=X^rSjRokhf6xIh}{tENf=J_LWVx(*E#Tjh+(x1m) zAX4XGE)VNfCTkD37p{Mj^H)olzxEM-bzO?TzJKzP{1smB(97fX&|9hO05sch{Fnxs z4NP|>j1xAnJNW4)Za^_j>t5^NDSXi*jNi}Ek8C?z%b9w!BZ1+ha95z8U3n4418vgo zpHTf*aM(Cy){z)W0vg6~%AB2{h%=$8SVv+sPWjVzp5__dNA=k|h1q>v-ULrs0)X79 zVC#!}i^?nlO=~Cv$0;|caNsr~Zfn4PL;XddAxs~LGxpV&lMr81puu`D~QuNdY5Y_D5>A8&9!2Is_bOADOG|EWu4)K^2f@)RZ(vj zRq@5fC#v+|_sID4QpV!fO6XJ1{4hWNtMn!P;_|r!c^s7)%E{f zc~tTLugl{_@h_cuY5duD>T)4olS=}5o60J=y3b(@;m7xK4t3q4TTF7=OL-n|Tu}wY z1jh(xEjsB$n_5)JYo)z8S|mI>iC*Vajgf%274~0xDNph}gY(A!eEvjx-TWEcby5DT z{q`5~XK9~H@~6swbi5-CVvq-PQ{^nayg`cvqe-u0A+}Um#*fJ8J$D6ZE*0zQjGc3@ zv>7{!ZICZB#GiYhe%k0cZw}@EI|Rlp(42lLLeg$Nr>Auw&#a)UOE0+ShuG3?bzVOa z>8@|i0(2W+FJPO5I%5VMKBV8cB;r>p3o^8c+l9Ir88LKPSA?^bxD_wo%^?4(L6>#X z`4xW1AuPlDuQ_6ltF(tCO#4IQ5wU1#SE78qHfx6y_Z8rc=X`qU?}z5u30gt8zk_}P z6pQm7HM{9YfkJgQUMvm_doRe%Smo);x#?(3=bwQQ{sJG`6-gz#h=pejHc9>4@ib$xRHzH^ zf+G>f;?(I%iU~Ct6vcD^3zt_R$U(TW!81#a5indd_kD+_w1c0c#S9Hv=^d}UC(A+&yhH)0!;6L)~&3Y;g~ zcU!d4_K2#0f&SM{%W)*1S6C8Bw7Z5auB*AQ~abZD(>sbT95fWz|%&n zk^7i@MLqg`!(blV38b@Ni;H%?=!Hf`dMXL{a^Zc$5&xIgnM%MkMc76e9op!0bp### zp-=5_=C7>sXG%ms<_JOuZj4Yn6YK}Ah8>wz*k35dvhQ$Kzv&FnySJuo zak2k-Kq;SGmJ*9K(>D5S>t#j&{n;IIn`me{A@bmfehmKoNfZb0#K)(8UEf`I-F1BxbcKXK0$xGa zD_%fW?cvA@ULc4t-}6+TGm{|ue*gdX>5t4geY&fwtE;Q4tE;PLGi|7MGoKszJfMAB z7GEC23${76MT&x1+8I`JyQO`=0-O!A4UR0)$kpFEk9N6EpWg$46m)Q)hwcn@zOLUc zhN&yyi3O18SJUT63uWI-(|eq--`qaJeye5Hz|bx}XpztPB`ji}8z(1$Zn8RxV&ej% zd@Ok)I%zCBEjoX!4?ji=y;Dkd*g?@p;_G~6xR`Do(h|N=#(E3ZwB6Apa4HDXQvj=+ zhRxQxfDPQbYIVX`hcy;WwAQg0{`nmAjAfUDI3vII+HgHNnnCLHV8P5VvMXlWePp}9QsAjW&=ahg2T_`vIHrkYZ(!yIK8>SEDAq zyW#y?*aq-!G?i1OXrgQ2bVbI(Ixn%jUn7T*7|-eh#?#rNx>cB zH|Gc?y&4ZVLM~5#H>tCv&Q!M^l%==(faC82Umx*isgK_p^h6hNvp$lOS`a`L56_k= zu#Vpm{aO4#Dtc*R0(Wrwf?-Nh*ndCHoQ>gKtG@Y8kGw8?!1uA%7C0VgAYm1oMJTxd znOZ=J=~w3t5d$!IBnJvi_N@U6w>qY`=-~@QsF);VMj5ES^UAoxg8joD%&zy7<6rUQ z#cZftZ2io5Dis@0tGG*(q$9a&&BXM=6aPcfSJ0dmA=tqZGDSID@arnwPr$^ZrN z5u4Jq@1BPqI&yv`!1JJj4_gL?%0^?gv1TW-R@bWEz9y?c)(ODq^4Rd?@9`;9IsIYK z({(PKNdH>(Rdw2<^JZkmkZ#);Mh1Va8aK`PggQZn3^|PE3y`&SA{v6|7;IskQdU|Y3(m-<> zv34tI=ojBtXv8Z}xnwb#lV~WoldfWZbx)OxFT!jzm$NnRP|m6DwVE$FaVP1@`$Fg6 zyC=yOdf$zA!h(dOeeDObyq%ax^Xe_KrFCL~@Svmu(}J-2 z%Pu{J)_~f5lPjQ9Sliia@wPy`d*A}vtIon=Gkx3u{;uzsjT&jc@`MFpD27J!2r0X? zav0UMvQJ`&;FTdb31Od<4gXMwDzGcSV}bkA+|X}W8aNHB9vse!?`yC+7IF_a;N97> z!@@4{iP-;`VceYr5#dR(_}JEo#;%9dV#mBeL+9IC!Yo&O4In(E#7b9Yj%!&1E}P;<`;Tj zFTu4IH=MT~*`NCxU93&JlXz-12D$ z0*y<3BQXiX3j#E2ui1 z6im)SR_Mn3Aa1WBz25w>Kc%by1Z~NBYmDX+WHq00!Aw&tcM6jwk3>4NTHEb^g0WtY z)M;>WWEF6Y8l3%iQT^m2Jaj20=im!a&UGrY?~g3fW$#1T?+|4F#<;0? zP5uI3dJ?F@BW`4z5#*nG`LEpi3ufj!yPOmrv2tu{$vVTi!A*W`*h1FA28&)%PiRwC3J6F9}&$UCq+EUgPz1e)z zrBj`{=j(t6E>u2qA&6Y7?v;Eq?MquW*B8-ktVtKNE6onK5PUW3L7qwbq#s^FYg6{| zk$&c4fe?0T>PkV$i~-~gF!`|R4(~pwBWuG4={}UNV*aF*4uSIv6N9Wk$l1B|wPG*a z`Vu?0)phFd8kt|4+ZGkBz~&R>nJ*`HEaezmSt#+gQ5DE=0=UZ>WFIS=sHW|r9yZx` zK>p4j1bO-*1c6Ww<%Rg@{>aBFdo<{9CHkcleR5eM25mGty>apBDbJ#dFdG*`Uh9dC z>yDYBAl^CUQT_IX)w=&?KXUTist)# zT8lqGbK72xrW^*+VN*)l?7s9A=!oVumgh9W{sc9pad8e%Qf5AY+ACNC&n884c2CUp z#*Q~@k*qm8Pc?q!u!>fzxp5As5lEm3ods#YJ^X|UActggnXx!l>V2J@En7cB_L_@XD9W86Z}+lDxRXcZI$Q#bk4 z0gYkfoZNlrMehd|j_}M1=v5rH--#dCq!{hSQ6%dkPx4bti{=a$1laS|WE+#FWRhHh z-rKE(hb}LkGmj!`t?CD;=#Jz)coY4S+lR*?#0M6y!=CcTYGLLXV$OFV)~XpA%UK=f zHEtprbe>K%&2$5+1oOwj_Xr&zcUc0wSN&8(11% zljzYcVfD|I#HH`aOS3mM!*0*SQK}8W!)22MSpQrKv`oLmG3u}hY&7E z$yDTR*tmjLh?X6(K`UsNXxSX=BNd~+MHtC>MxIy8gFI;P!HJTiF)?)anrx%xTRvWl zU5)ygC2fv9y|KImOIo@lH7>>&Fk0Twk6C!6n4}5)-NhfofAB3n@y>DCOQ9!w5;qP1rds=SR(!oq`^Ns1dcn9|M5=P=@{?;3_d0K84v@7c@O`grsNPO>)4FjrG zci#+Esz?<$c~M>&&u5b!9WFic|J<7%O4FmeH$75pu}hO34o$GNDMWN>BmCmdPm4n) zx6&U&6BFF6T*h?^{adkvVGqghr?m;lm31z;1ct;jJkOrexUV64EF6;d4R1K=MQ%Qky%~IQ$m>Dxjj3189E~5dwlif}98%jON6H(S8g1{>H>aUkp0x z59oG~z!|dknUUko+c8KZZEsP zy3VngI;Zul^GBeh>*V5Jl#oP#nRHS>idPr6{`!~P^yw=^9>6w z$OK=c%E`0sbDam18qTf(C~YqT@C(bcAKl{*v#?W#R9KD#zq)L^7#m55ov2lm6u&xt zLOS(Bq_TTiJWLB#Ky_Wjx?u1!n*V{X6km}m1P>nn+@P_AKr6Ct^y8xs_PTLAG0XF^ z;{ssNayZMg6V2bEIL=f}&~NmA#R~aCd5cuaN&_O({6>pR?9*WPWe29Ru$q1z5%l3G z7vVr7>G)D`irgRxup&RJ6IeeK5s@w~!$qd+8phd!(@8(mNjYw%-|mu1?Rzp~iQ^l3 z*vfGO$aa(6BbXpbQN$BgTcLnJLB*#FNG95-di_%sXkL769?wBM02n}@e*7JgB@Q;C z*P*?Obk+3K>Znx_omJj=Un^&f0QDdjb;r_Kqh<$*04xwS>T3NMR*%e=G$3^j%$F5Z z$R%ETlzdX5M>Xt_o1DT6Vap5r@oat zU-bk@ZN2sy3_zeoM{>~?TwxPCjV>}gVc|<3tv%T$P+oXTRCPr`sW1mETuznC=?mNg~6J$E&{T^kk*Kz%k zr_rtZyqAV33VWDbNh!GA!jz5li^)Ak#DqIozkokc9`WZlik2Qw9w zTR#nbZ~%q;bowuyojL!8ob1AFn0xcGDTGu^V}VwMs?`kVWnHxzCRqEdjvDpN!!m#| z7DwYcDG~(HYGMZMLA1Cz`?dU3L0XkYIraFye+~55uyPSU zEb`%@jI&>lKgJ5!nWClGw4M5nl>D8@&wg5G8}8?qx1u{CpVcS(bLCqH4yn3yOB1CN z#euP}?1TCXGM(wkik6d9BR@bd`Rcg_@HzM&ie60s(vx0dv(?kPTOpb{3--34_Y=?q zJy4o>T8|DJ5d!1euw{qiO$BgBZ*Skyx1X}G-5e?pt5et$R6!OE^>zZ!3i?rhKL$=T z@Ce@z<3c}aiJfJAZ>grW9Hs}^5a?}+^3h>vLy*%T&hM^=lV}`557*e0?P7?74$%zd zd={oNl;HYaZ@Ektagn=n`D+jrnAX1%1&Y&m2jfOu_Y^^~f@7@CY8=EYf0XPhXA6H0 z=TvrzoGo;BNP3wQDm{qzpz#|{{KB;nFHp==Y9IS7_)`p*r{$LPCCVsr3{arS2=E;H z1O~CsqOq`)6IW*?j+iAD`4B;+qas>Ur*0B+iP*?jOH~}={%{ROSfEA@K*hvAO? z{udZYC&FD8=Y?UM6{;J}?<2#~O(^8|z7Bo~AYjB&I*6^{l6e&#Ji9vzV&$zDV`qNY z!oroQuSc9@Jh6BFF~+Jpo(5FxH*LU4(ReCgOxP)XU`%MY1A97T2dahhg7ssc7Hwhy9I&rwUq0;|^C!aJvgyv-Y07Z+w3l|RrPo^o~PSG1@2|E)a$lY>*^ZiAwuxzdAVvASbz z7&duZDZqq)t(_bF)70vZxMGANwrCJKk@2|#mMmzH zNa>Xx|K&3F!`#p98{eB1JqDgJvEyL0hz^sO5YlmG3u;I{0xpyjHqCh8p8X;+{9d1N z$360pZ8R^%gYm*lIDSlrs=|PT2+tn>jJBZAQ*^Az2cr}iEjJ)vNvdfZ$14wNS>MlD zUiLja!s2_q(TT*Pig?U5o}a+*#UPLI{6#v#vK7E{O%`1cU$Gd~eF8iKef>7tr}bR! zpnWV0p0$rk`#)XeLELI7Kf#MVdxRLq@}St|FW9C;^4F;O!^prKpi5ss|Bqy3$AEWT z0-kGVf$;+NFbZBpIQjO^`ry>*$_fz2sC;D%v>ao?D`QjGPQK~1usIlGE;68XW@v1+ zDuCTHzBU-?&qay}{xku9CFOCl4{DJ97>jbAo65rGkv$52d8#g$)2m<(3%-UwnI^-( zzA|(KcrFz0Zdf?jcmW$n{Wi@RahK;ffU{mPUU+49`_H4J8TaaH$eQE&h){EJ;b?pn z03%+o<58TE-7hQARUZ3_J?%N@tLVJ28A3_7U6UR3vU{ONUDYlI-_5{mmyM$_hk%M! z_rRX|3-V6!zDX)_R2VH^?Z>QrZu!hu`yAPGjINAinJ1z0q;DtR{u(}5ej>qvOKuP!G+|bw>)p)XIvusWX>7Hjl!b9qNU<;?)r?Eux zzRB6)W21RBUa(=8e+0OWVJt(~PZ?mmpt)_%vAYl*p6r$&yG=YayUhd$VT=JkVK?mQ zK9DTO_n!QHFhBJ!Mt%Ylw=kSo(u<;CoDdnO&=bvf7^i33$kh^U><}mrRx%radaVdi zzwZg(W5Z<24f5r2{hZ!m*3rs>kv?WIm=vCN-%vAy6p2=uXG+RkNudgOg?WyoT$)a) zGsjEHJec0P`p|g<+asUsl-d%35RVcLw}-4q z;d);?umW0W3T`)^0*^M?`xTcSxneAx4$T3k z2tYeMF(Vk?mQ}I?XZViXvFDuuCzGxt%m55>sd>Jdx@lFls^DEtXE+^QUy#VLk6A$% z%@KW=F)ZIVzT-@H4O?il%{xf77x~KR7CUQ}FO+VG#gJeBeB5ou5VsjWe^QcwY=^bw z;AWKSX7FQ%Ju%;lc`Mg}9XrYlqV?**-w=}T2~9eqnKB-NCuAX7^cUD*txH!v)UEtq zPe|of7yU>e7vaPAyX-5a)aU!?vOW_)vZPf-u`G%fS z6W`#qrUvbc%*RmJl-kFMmj*=eypOdWHNlhf#!MG`SU-CyPwI&8L7#fz0^cnc*%3;rm}SFdv#X@HD=%L ziXeC7#9Bm*!m3k~5B_0jvuI2S&nPebi!<*DPof{vdP#@ZUR&`b0Q9KCxTd?ov z(ez`s(`Zgd&o-Jdn7|*NQ7l5TZT4Zzv|=F~0wK4Lxk!m4|Y8*~yo?2N2qU zoP}q%me)0P6<{L5a4&~v?^1lew(Y7u_jil`+jQ=mVT9!(mI#~Exd!iY5J{jLcR#B^O(E6^-vfbuM+Cjy@wPWn&rBQ& zMyt%l=Ve+!73n{<wT2RA2N{|5F46Y95jkjev8H(^*^y2Uq zyJ`>b#t8ECYad?VFx-3K+Rm#+Qko*teyeXz1C9Xj<>!0qWIBmZ}pvq z7v8-wyuCZiyRkKQ9mmzkjozJ1hw|N1JXH2ztDY>?#3dWaIaVHYjJN;uw;atmRpji~yu_iV-@6A8>_wqE_6 z%*Sq8%VvT5FYBAKozYM3%pcmg@6y;gIG2Kmsi@G+hA2Djd`7=}5*IO!jdrrsI(b$OKw_jSv+OEK|y| zT7Bb0RDkq6#8=Q7_9iY0#BcTuMHb#v7BVW=j0v=8p|K645-(b4yo;Bm5G)w+fK@p> z8}TAq)1r+Ra3gh0HXxVs0bW6$W_tIzWN<+JuZ;1v>iVx_ z{k~RRKlfIC0VIQiJf3UY%DwB2=J`lMbgB4Mfvyos7X{1zX?>Z@rC z+mSns;d6Kaz;i&Ef8CX)3@_x9#By3P;A_>wKyA*Fu@!w8cC7l)XWVb2}`~s3w>k$x1ojVzv#V#|pqJ`LHMD#rNf5KW!%Rb)8ZXNt$)LfWUO8ES1uFfrPviE*km%a^#`pSU=eUK-KUo7ySLsok}C zdBPgL1OC*)K)A}Rgn+fj(>uE?8J$w49spd-q4qeDWY~VuGOGQDKHfFguDNPt`=Nl$ z0+2{b0*;JyZD0D|;|cD+o_xf`&|#63#1s4zxCgD_p?dQIjCyks zYBB$e)|wx%$ph7qZ;M)~qYXme`48a*{SvV7k#q$m*tF~wT(DL>BOgh*(;}%_?o6Jn zYu9In|3m!`z2(%ebM+Lk6{1ffP(^(2(5MmLn-?>}YUE$oB40w-sjIj>j1i?Uc^=agz5{%dA9L+@?P{=eFO@!7>*TWTL9_+%=K8bkp zUc{hW@L?{;T^o&;n2sjed8 zq@U`lP#^#sa4BvaMf>ey#Ifwv?7;~CKM~G_1;Ef#Tc=){D=pSr4ei!?Cnlt8&vP*L ztGCe@&1w4ZM@RB+Ps2Y??|;x^ZAzWm_8FJYw8KJ?(2+F3fgrF?hTyhpb)7(gt{FR$ z$s|*?nhZcFMp{3I1W19&@bR3B85MCpuZGMFR)^J%;1p4p}Tg;*c|DwqBftPQYsQw5_tvcQLblsBchpjrt4xpmZY* zZQw@1vhG;GJ{IS~+x_9oDhEx(S?F>@Ehv>?)9<82uW+b$h@t&7h=5^i+iW#7~KE{@EHZ-t(+2x-#+q z^{eH=+&IRTj{J$!g)@4y$H9XpewI0*+H)aX!g+e|B443Ic^wqiliAWkFt@I27!56Cw_w-^Sx{! z1=`Z7VRh#1uC5e?F}m#EF_kFdwx-XX8yRHoM_+?aC##=TaTEng+LBM8s5}1hp&4Na z=CuY|pGM9XKf<3?Tk*%J{6>O*voJTX>F`llWqzi?%~p-jn&N9i_VoC=ZxEWhD1IMEBi5Tn_T z*jfFp&Vx$N;1IO7GE5$#Ku=SXg$K#Z42i2F4d9sIpai2IBajp0z4TzRL&+d+8nXA9CA`d z1>MIFvlKdVBMG1dt>X9r zZ_H@f@FLAzM&%}idz#gOFh%ZuIo-eDl;J8(py5cv*JU!>^^0Dz8w z98L6%uSc{P*52UM?$fo8acW1VuD)Wqh*`M7#Lb^4`45xBb-;C?lN-*-!%=DM{FdEv zYll(U33pX{Y^_S1#MYpCxHPb8e;QP#YNz3Ch_1ngBa=1UTIhPa%4R=&>%XUd$oQ{* zcUSLpu1sM;8;5paf ze4ACo8u1OC)6DTedm{oxyTeuOm?0?1#QqB?Jcx;l8Ts(U7|i-dsh`2o3k{oq0K?h# z02RioSP)A|F$4XJU03w*QKXsG9Zgg1JqSBC6vywl`{=Re`D~mRoV|w0GPmOgQh@d{ zum!3(Dn2?GI~cFl1t&HTUbbC1HmMcI-8jghyVPl%P-%%4K6TX)JKj0O^#4SR>XpC9 zlOFxu1RGdyW^nwgxiJP8{(9aUhzm>mH*Z*UOnhsD-m`cG5DF0XjM07CG}~R?0qM47 z%h)!sX6#%UY&>fBneqHISQFx3w5`BmE!A|Ok>6j7ZynygH7EYrx&2;Q1yhx01*B(6 z-}t-W3H#3kwR7wiW}WST%3l1S@%((RwI}|i11iyTPW#q? z@j`q2i*wt*$m!R~O1@bITcBHsoP~~`jf}~0_`|xo$L_>;g8|t+PJKS(t`Ycps5)_X zgnYR)%lg! z#BO~CrHIjwW4i?-*r{EN`WScdG|QneV)#$v`JNbEty8kCk6j$AC1si~gX1`)#J6VS zvT4EbFbBr~aQyt-_Rn+r?I*6=SM}+MYXNW-J7G3TTW`j{JRmb#Q|d>-cnA8~p<#}3 z*QZ>fAEMukmUZ%_C&qu*DLpWLT&MW3Sa%z-Op>Pc$uwdyQsP^&AAF27BF|~WVNN3g z{q{p<#MjW!yClQ0O5d#x%e=EU;6<2{>?iz)Yi;jWgH+b2X75ZmH~r zbt}jQm@17aUB+EMpz{fr;V%gyFVL;w9@Yb{Q%6s{vt7J>0*)kLZ(#BjuunK(A9lbV z6Y>Ur)PVDP0Cp-7z)mIEJsRS3E9oP^QAw{IBC!{#GY`XMIrJ&LkaJL~SbZ+`G|ZBV z=ZW?cR`DOj!=8&u`gp+46><-cOo0Z z+iVyjXDe{N<2-?dK)5+C5LghZ#?1r(R70s^Y~9wXr-#WG3Bd#%`_#x3dq!lW#{6*r z#BqsIjdrD6X$JdFS$oEFqgIU)1gM!fW~E43G8asdsoZ*As=y%(X?~6iXIGoH)1>T` znHf>9_j!e0v149i2-&xR36_9`SmtHNhVGsK`VNj%Rz1H*+9Gl7z!lT2b^6?P@8%S1 zY%SY9T_61CXL0wj1Cg6`?{opK+d7Za{FJm$pBrEiu4V)33SszQt@=Qs@A-IwSRbp= zaeoB(dVsT^!8L~|d$su+!WNV&?T6*4Px1}OhF;_O@m%aOV;~OHT=NqN+AoD1^z8YIs=#!j)%%CP@(b9M^u7`{lZNldEM+=b*-T3-ey zim?WA7*_AyCX}One1~z@D+JXQ@5;3=t5)GRwKC7M z&aY#s4Q+JqABhK8EP5iMa^YeuWjTo9xF+AC6W}5 zeA<2IEJqOE`b!~P7)c|yVQ?b9#RIzR9`E-e{!c!>w{3TcS|wQG#DRS6Ok5kNQGa_w z&@0;+dtS~=)uaw@TSOBr(2G3*6;lz&3}lgmH8czpmTgZ$C+agz6Zw@F8s;eGHkId!qn@d<|~m&oyVac}v) z-sO?AO`exBt2vbZjwd?^Krd)7PbNnCnjE;19QC)CNXA@V*-DgWb<{cxs~Q|&(W9M| z+l2-70@%%+DVJftp8gb$|3v1a=s&eGpK0`1t2+8G6o~BY8|2iHoENcj;1WWfgM&(~ zqV@{LwAx*-l&o1DVB@UlSo1gtPyv>@DWG<0Q09nCVo+^%62-@t1gKT(brRRz%YTAT z;?E8~`tYjYB=>1SXY*S}Sa7)5kY!19-J>L&v{WBf--cyUfcpxXasuWA{vKt1g+@3z zHn}<2SVR~*bR$L`su4&0v=P}(BNzj>hmQ#DIW$|1KNNx9)NSicpckFQ9t8S>PSWv{ zuw8~-*-2OW z7bU8$vcgv-s%Bf^*@>!RD_oqYDz(C;iK=odT%M?^u)-CIs!A(dnW&mJFVJ~HMP*1SVZ%f%ojf?Uv6D61^14--zDsv zHEza1?=ug2AKmkvUE{MZm}{M9{sdnK-n^dqajS6jp!Y=wy)W+l-qeWR=@9!5+V8WP z*k3*0mmc(fmwr$CR~_1)%Jfv^3{=0DnVnOQvw36A#Yk1dpBF)I`Uc|VF#RG7mC?Cr zA1VONi^2CrC_fd34p@QJ{RRcM-*s%|Zr~#gpW?i2S+GcX$9!1pvq2eCM~63LoA_JHHjk=ILq;o=CRk}805@Q1$S7~C)ghY&{wBMJhm__pUVV>2Vl8ocpQVifP(fF9$C7|2zH_6L3%?q)dl|Dl7Gfrseq&?5+nQJ%B z#k8zN2PMmq6I&2G5?Bd301l>>jSB{2T}ADb`*FN8mBAWt-091JFb6Qb*+L&;|K=8% zSgF<06P||^;=T|fi~*hx`)>NX9|w)BAE*cT)KxMkiQc~iC8!(+)H92miPLB{kq9qp zmakFo-7MhCIu`#Or1B>(!AG1G-;r#`!%K{TXnh}F=bL7|r=DIw{=}t-5xSHGQ1^#_ zY6E>3xznt`k;=f5I6L)4D!i~xCz!GUvjboMXn)J&kad~=kXG0y${M@;4snyGbW~E zr0cQ_{jy+-C+>{Gwn&Fk*COL_5%LJwsdH4 zY@l>UwfYB!j6J}4xdAWIFN@B{s8q$+-@q6ci+vE3vpxnKoMzoF6!!_f(Ic&6APaB_ zg&&m1{+X5b`Lb-O5+T^lSBMv-Cda)FF1HG3M4J~ zteeldt$|g8?jPpmZh|-vC)Y8JCy;cL=_w&G&m$?0!m!$bJy@^@ZsIUnK7pYZSjJ}u zcJgO(z@L1TJ7@cRvH8dlyDn@t8d?IPrNAwCx+4XRmfs?y*_p0~8glYwrjZ$??u_)g z`L8mZIC9Je$T&pAJwi+x0lUz=3;C0aS@Jcvq+Y0k^b}p?x^S)Pc!roGf*sHHEkQsq z^cxP(4~qXoOKk+NMIt(`0Go|-B(t9<_Y=AtMpFS~S5Qht%aE^#d+9JyO)t-Y*WpdOq=mfI2)`to_+@Wz)HoQ`m0@ z3aPQ;*YgT*T7+j@YiV=5vl4ED!y8e^lU@I#bx!K0oxGeBmJ@ak)_NTX_4d`6N2Fzo zKhp8R$S`&4wZ~ocf0i&|C6sJvnl2UUr=m48aQJ|Dz}R9-0?uoh+VxofraLjLl(Rh162S1C;BSMq^j>vjg#Og8g23u>hzi zO5r>A4Ja6>qBsxLPE&7a0+QG8k6{pV)i1HUM5{RHAVdm5`NBG(4}6%|+DLXMDRxx4#wDB9$yz|+CK#-X#3Tem!Cqn z#FBN@ssDKrPwIKyTBteiw6-wii9Fae5)}~cv02I60Y8#$-hok2trBk5=oK)p4A%S0 z@vcBqitw@jyPB}GV_!vZkn9D4KEo{%d$0A5-q52bTkTC-8D%y$BCH;mOX5=78h~rx zciX`gIU~_DtWElPowF{YxH$ekL5i}~m;zFy0^=k=Jw(`?`eS?DwFrH@u{`^1eP1~v zrFF)>##|v9pR2y@fkA_0`@<@ByC&P=nGQT?NfI`VaY1hH#x7|rKiw0pHgQ3q!yhjrpUm`-Bj5c=gphrT*+2b# zO^@&Y)ZeSkJ5U)URP-Or9}t?**2++J*jH=cv&p*)ij%K3z#Bd-Ncc|dgB^fhBaN_0 z9?$5L!fh_`?!HpixMLYQ6Dr(~P~oU^$IpT9J>9s?f;1x33zOUMioxN>0Oq~ZT%bUb zaq4qagBW1TDhW;JUca1m&sB_l3jC6{p*$-{+|D^J-kobSKS4qbg3GP-OG)GP>%V5U zT3=TVpy42ioF|dlvsc;ZwFj584pr{fgX_e>rQY?mkjN!(t)w22WazeD)fg>zBi;NM z>3T^2g|DJNaCXC#L4JG@k2pYf7kZ{z)%-)m2^Abpb`hU>ucVK4(^-MhOhX4o+Jo}# zSofQbqy&@B!;;=FlkOu5a5wVU(+_Gv^Ph;x!4&&75?f`8cRK2AB%q_D)2U=Vi1*|g zY-5=d(ye<8X)Z%vDb~W=m2vD?lvts0UMpHRbkPYx?bZU6r>x3zyr; zGrT|Nt(6>fhsa|eg>Qp@`iU)CKx8@_n0lUK+0<}R$nB?9^Aimt2*R(gUC?#G!@=xkxJ@53G>kZLjRgYC~50Y2Gt{ z-zVALL$a;>>dI0Dp^Z!K;rkoCK?)7cMYG`%4DBNd$s zFP{EbyLZ2!dqFO%AIMJdXTwv!Y;WuW^uh@dFQ?}M)qXQq0Qw?m$jejAJ!rEuEHVz^ zpT2e9H0imFK~w(mdm$dzyO8Dw@7}%k8pyS}jVufek@IQl!Pid2$?DGP)Vw@(5A6OT zyrO;MUB1{hLP1k{Ou@8|_{LHQ+?0)70LaO^&_O+R6d>pQLIQ-PI}F>YIE6d_X}-kZ z#m?BP z!!6t-I+@~%QUvo7PdZS`oN=Jn9Qu5JL}+Q=aPtXq+iTo*Jo3Voqu+WQ^cV|<@YH{j zq_&ShiiU(dCP2*To__05Qz5z@uJQ3N+N{1-2|g|R9F#+1LHzRq#632i_l|8uN^GRI z@N)^@fp?HcHXLDn-vrFy!(23SeOX7tiS{JUWe9VyrJ;3x7W_)aVP6$f>Mm<|Ny^Pu ze_Z4;lf5cN@yPthK?v^2lpe#>v)2pzKQgC*hSw&5r=jaaZ*kFWic; zTi39oW%HunvvTjQ!p=vWVP?>i*P*~sb}4i)oFs*&*lvBO!`v$dMPccMr{6K?spy69yyE!o4 zmTix8eMj(3clF{U&>L^eS&l0|nWj79n}s`H1e-OCe8t;dwo%F$Q`#X^GgWZU8u#o7PIN~O;pc8 zhyq*K1OlfT=8w@kK{Bd81t4gX1J%aIWK<nASS5b6Uzh%cj5SDQkki(^t$O z&5Tr~NBB5X^u2*$JpNk8HD}2;t z5)*vzWz}2lb;TkfD{wFxICzqOC^TwSADuj_=iDpvBl!(hDDoV+&772O(*nPG zQ{!jd>bFkkybXIoFZ}Pm$ECL3Gnwo=B>szjqjd=4FVzKr{|HnW+&wYSn~-S1r4CV2 z(QJ&23@vL_h5pieytwq3f=yub=wJakAa!O~wf~oBABU#XcN+EH-BqhT*2$ogW1kUx zc@#B}Fs${Xas(;NDnqJp%!mE{x4#G{V<3Eip*m_Jb)?L27X2pS$@nK@qSUnF>G?{T zII*AS!%H)G%zgL&qSeb_ia%>a+EI!;U zI*FG6yozv}5S0ikN#{%SJ*%NLjiGEqgboXITd4$yXl%o=8-q*~i*}D`T#WhQgN%g^y9X zfVa;7azfrIxz&+Na{*(L7fvcDrQXhNp)jX{0J z-G3lrpgmjubNGT>4hRJa_@E*SovUT&Vf&m*SKYRP@uN7BmbdM9rwy- zFf943nLADC7QBbZpt`r0ovK?9Y+59D4#yY@@1Fwy*-WPX%*44no3XXwHZ&fH_=>~k zo5+bK`_=cGUA9~H7Ep)Em&h*bT>LJkwKfv6WhU#-GT#-@bs9838h4+EFUhA^NH_I3 zvf29id$ImoD~0*$$Mv^|I##tc`<>`|1}S3kADuqtSd3azgJP zjM(H0ziiw$a3P5Bt?|V7^FMXa{S+A-biwd&gS+AAG@aii%6!nw8TIoOAQF#G;b z$O?U9ITL)zQBDhbb}t%I6jr+)k(r;3ps6L@yL*pH*UIe`5CpqAYaeE2e{wBy9)er? zI3$tX(swYZ9B9(HPh|jp4S-Fz`e<{E9gRF>70J__$@41m{AW&iRT?Uz=eNk%i&J8Y z9TpLgB^o5Tq~XeB44KUjgnix@vih|^2f^OpAVs&U;hJXlIP>?C@fn>F<c9tjp6(hfSG>Kn8QS0Gi_hGM4=uIfYZ}M|$@o$p7<|XJANjAXKZb z-)Emm+g@U}PA?)7_!e(A_sZu27fQppB--ZE7$eJHt;Qdj?lo>%LO~WrF3Kd|hvYi- zDttA;7Y?6Qs{xq|os^E00uU7V%^QFj&S*XZ#WDgHLOOpG27|HeYvzVX;;_i0*eKAl zLtfQCzZOZEo(HWQcxv0zBLmD1v_+%5JTHy%9srA<3qf@m)N$Ovz|*LKjEtyO|9me^ znzxu2q&aKxhsh#jj~r%>15D}ju^J>cYY1gC(n9JX;d5V|+6YA+O|MaBX&O|k-{=Qa zMkS=c^3tlKPr35+Go!KFFL9?GPbvFv{1vXj%ag3begrk-n@ip5PXU&C<-FT&lhY%1 zhva*Kf31(@!X7?~XFxDHldavItkOSI@Z;(;fGgWYX^rM|IWO2dnpCCkFYZI_;cf@) z>^P~Cg$^?&tY2{)u!`?JW?|n1uC^&e)FJ8v&~KZ*Y6Jygw|rxFbLf6N7Oe1(IwH8z zi$7Wh)~fH1kgkb$>7G5n=fe{NQ|-@MFMwf6vCJ+G72!ZFQyr81_lf zB6D|lRK$*qr-m;MGrg4Qhw&+&PkufX;zu z(^}R|t=rlg-@3=@K3-b8SGTt7C24Kpair*eGiw?;T$QX9nxl`j?I8r{wFqG8*^xkA4n6zYiPt7DPX?-^Tih_Li0% z^~2oq5a4}_i0uMg6@+SFR*BiwILCjbe#en&ndY16+mp_WyN8%r22xLgR(N1{!}gT} zbGXi?TLRjVlIo;Pd+KjQTaNAtz|*TK&mPniG&cGPkh9)aYjGt7FlgQ!yT^VMhVF|= zX08t%O0N~xfM~BD7)EOz(An)Rnz7(-COv_6A1#B*M?d9x24T8hv*Zad3>M8j0(wb& z5hx3Jkf^kV=0YNeYRqTAZ*}T1NJ{q9Uh5kw#f;7nQb%iswmNIf4#{~O<$h?=&BXYfxu>1e7?nGb zgoWFR{@|LI$U1QH2BP8J?G?CQfEt3<1-WsEsp;rQ0qz^wJ_v-tT{2|h%b=X%?z%n| z0EgS}ri5@w-3`-2qvjZ!*CTyc80q+hi~Utw@q6-Y{k{u#-hGevvGe5p$2XB57k__> zJoXp3*Y2ti?z!8H8}Y8fE#UU{ImVB;GH|nv9DM&6IcA1NbykMPc&g0+(5_LtHcEGy z1@g8{-WUznS8G;C(ncr4CGvKdu#mq_t*lNvpHX$f^s>X*dz&gl(aRGRMd<%ptabf}?Gwqu5__Yln)Raq zl54K%iZ>dAqWY8ur5#d(>d_{#ha~SK&vhR#TBwZnWZw!;(|)SW4TbUjKJ4)CuZUi# zQ;e3!P{{lgc-t3diY#y1Ppxn9(5C%`P;(nD)$g&J%&(dASo2H%9A$3i&k*xn{A3C{ z>*49@Jt2bsWe6{75{O?uO*`0i8h5>lIW!r^m!|zAQ3GPi$usqDti|N{J$b$e&$u++ z6CEJ*#+%1});#G{Y5R1wK-YnukT3UP7MeZwFqCAEMhjNG10uz{henT!cOMZ8H7yQZ z^%@|=My$T(WT0NUx)ndGe$D5?)id~WY)MK&0olXrRA-gb`{Ufc>|fvljZ#ec@J{J0K~Zz<;sTMj&@bE z&PkH%e94u!5)`1NdOChZnwvbBW4?<&5a{>InVVc*)#1ig?xEl0L5M@GfCrK%@pPyN zKaemvT__5QC)FJg$>bYa;$gPN`XU#Mf?sFbKUBbspmJUq^qe9df_U0ERi0S#c9!f+ z%wTx zSqtu@W(>vPCUen4ObM86XM2Nn$sri-`cXZ3k>F;EUnT{lxd||^&CKA3ntX5efLx;? z)6n0vmei8T*?~1f!@`)mKU9iu>cIf%1e5C~^OH2VR|)?a67MwN<`Pec#)wSW7izNc z`9TekG&q3rLN=rMTRdV-`Vgt+gNm7}R!@XOv_u!{3n6TkhD5s&Zm&_FiK@WyzHBo} z!Vd@*A5@FU+2euas>H_HX1oJeAU38J3Q|5)&;)D&pcp=&B`5}Ci`JRIA8cG$SsJiZ zyiB}$pvZ%*aHmJVRx_*Y`})J}$>7(Z8n1Dc#D+5%f<3Qk@5v`atQJzPFkHcLVKqW> ziC}^);h_1bqz(F|A9C2m9BAex;Vzoe`+==faVavkX{|TvuYfjKI#ebRQEaVsq7RCG z8l4KpJDggVPknGfnl0C&KGhF1M_AqGlYvi~zrc2PaJ0$BN?6??no`g%Km=!MyRm1X z!~{HPO%`51A~vvZV6^-l6IM^^3BoIp*y<~ax8*_kJ&kfz75&OF%rk@0+>A;g3jIFz zj9>Rp@-`H6nCx4PwfSFZhT`fac^NFAC7ZDx*XYCN(aGQ8q-)E~fL?do#WMiM?w z5_TcsE3g}6Neuh;CZk@>HOGMaYt#`BrUyUsnwLnbCzG0B>WgXQX~S}nU*D{U`GWK? zpYuSEVXoF|-0iUr<}38O`S&z5$_tEju_4LehbET>{|gOXXhVicew68j>oh29mpjy- z*6kYur`Ugp{PaY}JHFy-qt2YTOFmd2)hXG+WYxHjjpX$u|4gUpjx=77{%$=@W z?VBtekwk1lY-r2+qUkG2AlNl?&4RJspi<)n80kJ6dj#+V<$WS>%W|enjBz_u(uVLt zwDVXWgw>n@oThx72wQeDuhCqHk}}X`6``JV7#h-J5WZma9Enhkp}dGctX7;&PgTFT zfkDXik(tL)c1m`y_J%;*{^9_J^O&9RYp5*6;p2e|`x#Gk8MnOx+*_+sh+eetv(`Xq zygiTZ5UJ1ujgZ0us{HKOdJF|0>|a>!LTn-a?*s`|`6wvWTYoG+&S<7~NW2O(UZlhQ zNJ3d%F7{z^4&KWP^<8e_@KHX-Xqip>j;<%YUQQRn?TnDA1m7RO1m9jJ%|?qq#40$s z7a)ZMf~4H&rtsb#5UxfQ-6vBR`f1sv zXg4$pA6N!lkza_gw7B2C2fd6{+3{`=;(25w&C2DZ6Zce_*CDABH^Q?>s?1*S&m=QR z4X@mrt^soKP&K&r4Hy134*ZYKayl9A1wVm*6H?fw=*${*jjp2PEtn84hI_$JaToo{ zg+IfAzc>T`X9vT_9vAE#eQ>pSAf)a?w_vXYBNR98aGBBpjp~?6M=I;R6s)U#U;yDl zhlVox*iE;?0N_&oHz2P2{4AcO4YO<16ZZ(2ATZjvkxC14YyPRa51jpF7k?_hr2jw8 zOw(r-l6ui!>V}j-JiMpz4L`rdPfJSDqsJnzRTQ$1bQ6l5ghHh1qE2(jdz4gc#%hSY zgTIsW-0zR#JFb`ygs7E!jOMjqM8e&kd=XFh`73^$8i5+!kv!4C%%SZ5mU2;c1>;4a zItAlT2}@*7LuDD>l>X(7BNy^Iot9_d=+B|qGebp22pP?{AVc|a(Mpmrc7`iUJ^{np zXCF%ba56yt1>mtH&^iRoTk?)G0CzzFC^=x~tT96xs= z353XuAKi8DV}T(Ia&e8iO@k(r8_SxIzbB*j;P2>U!hXz!9i7q>?nj!hCxf@gp{txu zFq&^bMbZ(;tMO#1k4BuSzPRDw zM&QKUCY`ALO58@gRw2+cji^=st@G*g%C0%F^gfyse*=>?*d0We1((>c`gb4dCom-< zPGFsCtCppvtYnTh=>)5-gxAYj35&{eZxuz1nlep{vqihX%I-@611<8L9|XQVOk%v~ z(&OCHUR~O8o}vp%B~Eh!!4*6=ss`PbOY3?ro~>QVhm|&&mf}k$j6>4*bH)Q5tLa;( z!kQLnT@}<%iETI8+yF&0tRB28t$wz$T_-~3=vAMrCuPTUp!(S@2P>NU?-WJTKE^yQ zT>=IaEJ*PO6ggR!a1_sTbyp+zuyk%&RXVv-Hw%0&%A3}*(LGm{S-P;vbVTtPvX7+1 zDyjY?L>kFMqR=ahlX&m{D4*P%Ng+CNHhd-))%)A+N7M3!OAPL5CHmoiPr?INAp-&u^L2IR~NKNVHcb;rIPw`1+O8N-kS|0VOP|GKa6wZhi(jmTJbf>)#S9O1)$%(5t z6Z8C$qFQy~9cekkYcGbDIeNy)&Kw;bY^<6@M`>HR_*#gB zx(kQAK5)hpJgwg}R^@Q|JysWkqJj%K(WC#eaX+j(yW{dN8GYkZ%(@#UK51L*)7D8@ zky>+{m?R9-VG`$($Bx!X-f&H|T5vmC5$LQOK8 z9}0jdBWIPW^4%^!oc2YUAH)l3U0A(YCJjmRLpP*6&XB-lmX?=bj(l9Py-sra6Z3qD zMYL&)T2QN|o+#TpH0Ghh4#$3W&jiHr0*BP8rPU-qozj|@kP|z?sz%pLCZu->*JD_L zx(YvD^Y{vfh;uWgAdKH!P`Y=CE!W+#yK-6SCAiDfkhx_g{?$$bB zZ!Q7RYSoMuhpnT}m`##0F`aU`*&->W>69DHJ0;~fH^pedrm6?=n9b$#p`ZI9YMKv9 z${xXu;XaU&2Bf;A!o!^9J@9`#?&2SG@Q;=x*B}>K=#v)Sy_O1$4BL-nvas?wgZwWOM1cQu?LsMfurX8=gi7w~&h6M@%Wt$00sf-JxoE>qdcx zcx+NnD&{jE(KVS)O}mLSHgm5N6ye|C;P)$C64Tma%MXWo_SBhL=6JP}&aPKMY5M2sMU6sn|xsQO+Y3Xhe8LV58q zxKhsn**8Ag6U(xS5pA|Ea;!jz%(F*Cj?jon}synQNh#BLLC?5hu_bwtW_ zZP%M!8jk}v2p-O7&Q~iu#l7w$<2?%)u&98CKZ2|Q+8bho!8rW@fP~d{_-e)1<~jN^ z)*lEs4u?^b2V%fm`D%k?z%E(+5Qn34!O;@e$!875_~^L+`QPe$Q0lwoKh*atx4ujM zZ|WmI#J|b|9~NT`j+@x`{hQ6fYPMSaRj(c_UkHxL*dBb2LSrWGw8J&jPvIFhi)Na) zx$A2*{}NBFlZqkE0Q^^+O~pwJ@YMK?rN^hEHvTc8$Al7^wTuTy}i-ShP%=H6&fAqT720vc)f9oO8M3auoNe_qth}%g)2_E?4Q{jtuGe z0D~=NB#3h!1L{MtPJLG|^I#Z?79#?K7QN0gNdF1^g@=Ow);B`FgW!|@!T_IFr<%~2 z9OCq1ZpJPcCR%iTew`}R;H)*RE!Top@$Nngj|PJ%G6-W7d9CpUyit36D9N>8eE$HW zg*yz4dCU1I0TX6ctUNKk5G@|jdSNj}acgy{^>KV%dCfFzC2!==hOl78e@6k_M09JZ z$9S||Leh?0ZvjA`*l_C|>;!)p$w@6JQn~0lhk2Jt71nkzZfp_SFMdUl0rt-mKnwUG zLeF?aA@JFyF1Ce&ZIL|!D7iTht-xm=hCT~fKm;)l+4PFP6ve%E%Xh?`Fz=|=}k@Iz#ghB_{CBc|qG zM?}Cz=1O9n`n5)Z$DObQz-OHm7B3;T@k{=VXae(TWd>O z>&tO*X|;_0#KaZ>^`_v!4XQqS3OO}xS;PE2-9KWU1Q-8JfuJvY>x>lD>OfAlyIy!YzDQ=^A zN*G-{2J7dbm-AY$FKwMz3^_Yz`N+#X^{07fjjn^sS@BPcUWcOA2b4l^H*9#zKJg`y zcm*^gv`#D!Q$qUd#47`=l+U=2qtR}h4h8-)b#jvH@t>CeK@7B_#N`M`Y&3t2?D1QJ zkmzsYDRQnkh1`>;)?B8Uq*J{Q*N(9I>%)$?$;yN`^q_L=}_GoAUY?5}**og1o z)9}e1o_BFNAQP;FF4f7pqif;jZ4Ge4|bNytsoSb zVisK^of)cW>1Zh5e|4E^yRbEmUE>Ht`37;s4W@-Yvlhwq_eiHl)N=wqU36~o{1ijm&_ck zD?nXrPY3SOnC}?<)kdpINZoaK27(69kIQznEltvIg2812L2aRcJ|1oo$jKUqqDw;1 z5|8*^Hm!AvL{K?uweZBgjU^^Wi5+G>oLs71pJd^7iSzKc&(`_2Y{%eHM3EKc3 zk-*&II$|K6imwz>Vos)@^Hz4}qomU!+B=DopaOtJYoNz!4D0h9vY_o2z!$$+@&1x}$hi~If+&-JYNco3Vr znrlex@dn3B_}wh{OC@|DrV}m=hcW}Ax2!DgRRRm2N#BxRIT;ghrX|KL?t%-vZ1GJj zg4>)EZ}Syet6yxdldWl~7IQhpK^zMgbog=ye2<9EOHc`Kij@qz+8qrKgAiULl2FRp*>zh$ypY4&zDnZJ zV341%2nCrVbg|YV{uu6JGjhcWbSJn>4%nYjS|xQghN$W$$)7rj>ybm^MLIP|;^p*6 z_@N1pVad=(^ZxFUXH9~d1FYd{)FYc1AH{n^Jt_m@<-gDy@6j10Kq}3LfLJKAT|qqw zjg7R2LKP(8{HTgV>)Nggk%cxHo@o)PKF|0GsA?%K6dBSBL^tt=AIl~$te@@djg&5CdW60M?{Ne~~m?Yr7)j{?~CQ5$IpAxc6wRjF? zLF5T}h4G6@BI6z5Vz|XawIc{$nBHE$n9B+evSozeaiRIrQoL8G*jov=|9@G?8WUpx zI<=mV^;4Dh5g6a_j~H2-F+pNx+vR?U_GVb)NEQU|%O=TnHdeaX*n`4ifL2G6%&=n8 zCW|>0ra=}3hEq2Hf^a>=ed2?NUm@Hd?^NRk^X7edlq`r*1fm-eFu@kO)-TJ>f0=0JMF=0B9R=PoyOc-VKzEuA-)>L)oa=k*Ti2mxkL}MUg{_vT-$kDf6WV z(=ZkpWNDWz{+Xx&9!}Dr_8PmwwtS6|59e!n0Ohej>1M_^(g2Nnq?G+&WNHVEP9}8# zla*ltNz1-lB`>X*jW z&gm3eeX@(@@`VSrlwBc3xnszQgfo%GGg=d_XNI~N1Lv>D4yY9`;hrsJ-H;EK!tZdt zT!fc_u9YJ8x(gcX=J-0VJ~>Buu<_VlTpT-)Br& zwqY$uhuhCIP@7Y^e*r3QgAy`407v5a;Xd_O!CTJi7502ot(5JfO!W)OZT279nla*2 zkz4z?38ADvei!C`eTv}<#OGN#w%&0M%@9nten7K-CIkR5xYAi9dyq}EC8d^8dAtJr zir&U;B>w=ZE?NZS*X7k%W^o8z6oZHo#!aE&zfV0;WWqZQAye_*nu05j>CsD7{v#sp20%e9}5Nb zN3BPx;C#%c%WmM=gly{l_$E_H55=h$$W+eGN!6nJOcuXLwv`G3EFCUm3&N3Z#pIDK#~FVqa-`09{*svS zm0}xIzgS&}VGK)5_j`>&U|SOyz>_iuFE;2J;;2d9pP1dN(QZDEr!@fc8^|z;;=aRN zJI&{wnC>)-aqtOJ$LxcX&e+=7n9nD=geS%)X*#muD^KQDZRhF}-N;lXl#k=1cgA6! zHbr7-E6SpWfZfDk@cGg^T2nlKcxRkDP+azM@~0ZklK(Q@$$qPsGQyfbsgV zz4m6F^>Zj&eAc^0)08c4qUCXALA_%oHgaXaIH8A)p2e-xiRj&!)wH3RgwizMdlzAUd!FZ89bF49++^Zj4noAZ6?Pm^b}IoBVGr(T_$D(CvE=3H+=Clf>ZPf2f> zOm6LMn&&6MOE8+s138%MI63jyR?Walv5-3>r~ECLT;r~lvvLuCM}5vH%~%{IZ>Pzr zIkly7Rz_>^S^La9WaF2?`J4$;o^m{8=D3AFqE&A3WJL#7BL!DJjd1BxU63orBlG};LzsJG?32jd zIW`=RK<|k7Kr2{ag&Z=0?x6}5TP2bZaKp5o9}(?{G*5%n>#3bAH`8th4H+OC(m-!0Y-hkENa_pequ zD{aNfd}ahm3R_MWLnqL8M>G5hne{ovFUB&~lJXM0tIiP};Qgj|3OqAi!s~uEJW3ZE zd7IAg%=}I<*o0?x%=~GnL;j>TsPu02l?kO^Dtt3t!e7USI(Va&Pu z8^BaTtQu0Zy7c_u)#5Md@(5T4O6Xv{fb$^d$kg`IdrEtQy;AWd(`9=PUP@^x?WOYK zXOOYX@iFUjitmfh)n3vsnWm#E7rjar#bme^dr{uBZlVjH%GIyK<&Z=C7J(8$ib%f( zsbFz0lO9be-y6(VF9GaI@ifjF&?w{>1LxCFP2j1p682`U`Eq-5IkqR16}prUB(3h5 z&9sWE`D^LJaO2M42x9?G0^fR`Z;s+@YjI^Yj78r17jHLk0>-Tki2IN52Y?uhNhbAB z)Q^Bjll`q0xoJECxZ#T>p;C0Yp79yK>>i$C+y|9GYJ77xw4NNd5c^5)R`^^29nd-+&+F!m$OFp4mn zu|wizbESzFN)3p2uH|9n?Wf6R8bau7GQHA!3jGZ4$^EtFx0x>K=l6M(mO?+2E++Hb z;`wIgcZ$D{<}N3}qW(2J+5tYjr@()vM+$s1UBVxDHhfAKEj+gvzM0=CMw}DAwLb~@ zN&q!ayt2UJ<@exz3Y6|cy4X1rE7&AQJPTdL z;YvUFsa5H95R}I8w`Tc`Zs|g?ln=eJ$h*m+@5|M#=mt(DXsy69(Kb_#W{mSg#PEuXXHi?c?8>R;T~r@ir$NeA7sDx=*WVZ1~Tse*>J3~Ey7R?!c+@Gwtn zRi8kTc;*a?GVmCR<60PA$pLxqXV$#EoIgO{bvf1JH0EOqWK0Ook|J&em;>o2#gWq zHFiaLh-6-EB*c?$0i4~4d6I_uV13{D3=@czd)-H<3$S2ClHkbDg=CH+R3<9jNZFtQ zgeTHG@hqCFO-Up^f<#pP{@Bzq_sTNaC^KTs84_+n!-cOJ^FwU{%K2L{7BO8ZFN2f)^l z9>6oE&dW1++|BHl$m~^O>ufoW9ql!+m!VKkS;_?njtyK9HRBgz9LDY)*!N@9lO?o< z)rG12lioqs@qgk==pmBiBQss{uerl0Erowly2u#Ctt0u!%+BPooRgpsR>F7v`j&8BCg282BPX=er*qcF?rCuW* zA5nf0F}XTaS0y$uV}SBNy42K~MQ_|8&{`~|P0cshy&=M2r8slKoU3AM1;!p61ZTGK zY^}&vC3dJhu`tE&M5~Ib#3uQHIbkd`&0jrJ44x~gcm{%rJ_CdVCmDT$WB5^p!hxcU zmdb<$>KAy&IPb2IERvi6wMFj+D6q)4{~TwLHhdAAuj*=xH>U_+l2~LF@4!UY>C`+g zx#U-BT4;Wife+qE8d!&z`(sLE7Wqpg(ekaMN-#Ch2+dp@?+qg-hlDe$gkN?{bNImg zDrfPK@_34&%uc`?2*^SSq!4U0KOqi54L@3(dB&u7rKSS8YQGNm);q&BwNw22sd&$b z`CHtSber2p#|!n5Np#zGDmi=nYa;0s8jH_<{ewj!*j3oAyFibpGMpKv#58l96 zUP$1&X7S~55dXwyF&`@*b%mBItyz5wi-P#RUD85)1~X-6tuaf6?qO6^i{G%!?9>K| zY_pc%Q7tC-f7Yy}vzT=ZGz6j**P~SpsnYUCGRI;0Rz|2d@)Y@usngwLI>w3`7!`DhjCfL2o_@zvm zr52=_vUI_LfXI+7sunlMVwK|NX-p=`>xR^iCgQo@sowxVxBZAS5;jS35DR-G$t>a? z6Y15E3szjm5H?)XM86><%OHdx<{S|HBZY(x&Pgi{=r^aJy(>;gm0H|nrs%GVF@%c} zxrX8^mU$

HOmQ#CP0krtdJabNR)j#P>F!0E;Z<3k8*N5F^2_6Texc5+EG`-aX(q zlm)yd8$2cppJwBojtj2AugBs=c%OrJ$$M5jMO|Xvv!0-2P@k$T5r(ZwK(ML56qq;` zcE`dlF+NfJX%vrzv)LXrp9C0KP+Z1?;Dv2MEIi*>s2)Nd$y6eEGF&o}3yozs$r5B^j1q(kNkz-764T5Q2cW|14*VfpjQCF(F*GL+WkCFy#a5@b zxBe&pW>t9s@`m3t4q-p1UY@$1&^x*u|0jOanJ6*7-!{|bdeZ$uN=sQ!C|zviImYs^ znIHRK*@zD73F|vNq;G&}fI_GKUyd}%DRc$e!Ty8r3+pt8h)w6FfRzu%C}y*+5HHkL zFc$Eexf^(z(pd@os_{>lX1)JSag9__Zma>@}nRT3LxNt@JWVxSzta{ULJ82?G!(!Bp+B-{U(0A`W+5d zC}ZzageG_*t!M)1p)$6lUG$AZ?2CYSUE^>eBVAu|l;{a{rzmi^emV?< zMv|&}@(q*}Z00i;=jt4Q5~4*gz0p z9mQY;w-a7DYOy-YM&?utZ&x#GXb^QlEkfQ(F_9bQGRmY$RvGcLYLS=8c_Z!FtHxD} zgE*Z75Iw(I?3RzQ{Hg$-)T!gSmQzs5Mz&^wVKpj`H78_sk1Web^L8Q zPBDg{0hxuOr0qg+$1pyZ4n$KtGD0_9`Zzl z0h1)MZa2oJzTA#!3#HI)IAOqCSqsPfI~u=4WC~^Deq~yo5B{lZ?nlN*iv#12!xc&2 zIA0-3ICeNe1nuF=fa+d6M1(Iv*4L;KLl~6!rIv`nJh6xlX4gB$!k5SuFsnEx5pa8V z1D>RVAvjD09khodCLM5fleSU1iw6TcYDAVslnO!=Qu&`)Gn#Pajy?n>Pn^byz7qyP zcO!q5pq(t*tEX#+WBIhwVbd>0X7W}gZ+&BFRh5f3=RSe-O zTzWd(i`|`0B|&MS{#pwvbNH)7uZL+}1`o?x$1;b}U44!Veub5jVe3;JI&Lk25!~hU zt2;RH9ZqyZ!yw+1U}YQnbZEn;$gO=_B_8AaF2t+Xy|o8c-lnTgn!Co>BpycoSLfdkn1bE#M=9Ge)30XWsajkk!P4AANb#eaiq{<}I(GQoFA@E%-mwdl{v||E zIs=&SN7c-uU~It9xVi9OI+v*`?YTrRB;Q@<5M!1Wpbt`T@taRuZ23;4sV<;n+RD)S)2-YOF zpCk4LA^`vo`P|5%YCtvle)>cINW+pZAPZ1^w8>c21(q}y%GxZ`Q8^!oo*<~vLHWDb z4{Is%pfo~4vz>0!h=-0d|e|06KDt2KzhFsVVf^;Vw$Q;>kY8Uy&f?i(kU-Zyj#Qj|&9N!9zrrJ6<>BAW zL2|rV#X?s_^c5sv_dsD7X9E&37#13h%azUWT}JKWV1o1Lsd82|yA-=7O0FURc%E78 z9V$jTHi^v7@f0nfnt{0}`K;6S)waDoEsEGu_iH+B(i}(rQYOBS1F6oMXKm&|nM8x7W;_4U^ z^00pqEP)COwpSqpG2*+DkuRm#GpI#i6~^RAKcws3FEo2Px;Wwe-+_oBsMV}#g13SwIw802Nn z$TAlW^{>ZhV1>N^XR47_4@&wG^}M)w#niSb_ViFRXd~-MkNCQT>ZV0y4=#}6lUwZI zPlW6BgBh^#vRaDTB(3}kjf>t3n*<)=Wi)K;mjnHz>0&c-$S5IC%$8+27m_IEOREQi zOY)g+__#H}S}8(^M*r3RV2{(zXoUn$OP1u2#;M6bbc9Ffy$%N2yK3U{H% zRd76u?q`$XCuR$TcY!&T>cg%)Y22(2ttu?&O1)0Dq7Byi} zg3JOcSJwRkC3T(`1LfSIo)8kWCK8oy4%(qt^U*kDi!9kIn6H5|)t*5~V=8dqjkJ(& z;|j{;79a5Opi|qXHCaeWs;3eeZx*|$dq7XCooo6VYO22)H#cBPu>7yuJCGz}==z)} zO$+oK6E6bq%AIvrEiF>DS2=K+b^>U3Rna{3(-JXHyv?oiqV1mOeh`&Peuj)r>Ty(J zF-`Ip0(2*)C0vs0hKpa0$r+O0T^HiP3*R)2qTiv)P3Qs3I4- zfcm{r(z+v37p+ldkG=R}e?Rvv^su4@b~ePUyVh(Ed$GOosI;0$R6I!aY;EUyXeNRZ zTq~}`Obm!4AnMT@}EJKs<(`_OigxFD@|b<`rEE3_nLf82EHoKed_~9An&$u}!mut_S`p zVhu2giun8$_`{=D+zG%$G>ymvy31`zhj|Oy=VYn~`4JIpc~@|ta0YRo&@8pxs-E4Q zKzsD1^#Qk%YS0J>R9#0g>MWV>hGz9BGDXRKHsrAjR6B7j9*8Bz8{lO$r8Rp4^4N?w zVJ~ay6OTr|n#Yt#YPMY96npf1u;v`SDobDC*2`VcHm)w}6wU)r%ht|BVy9jM2=FNE zById?j8e(huLQOt+5;eP!yElWsIyZ_?URJG*wPEszs57Iihhlct5?sFA7LdAxRF($YG_h^foB+P0Flbm~48a)8XuAh1o z?w=NAq4izqL@g(rqaLt|s*eIEMq{M?G^HrD>?pIG_*!}k5Z!xinXe1n!t(`I7_4Pt z9^^xz!Bx<4XX7f`L_0P9AQE%GN1zsMr?vx_$TMhF@a7(+ zXZzb`rElc^0F*tjA5snQdXM@ZN=Z&cYZ6P~XxbwqB(wT4Qsq!#gB7|i(%wb6Z!D0s zX+HX*JlUi~XlYQtj*nn7Dv6#19Rf78@VOrVY`*;+J6ZM8nR=Engc?;}SV~MQcaL_A zKhnmHP0aA5F>xx)wB3gp%<$|?QMV`-H1QP z4s-ZZ;VUWlO1KZvf|y>wTb~*dbTkT02ygPm`2d0&%83EIQcH zcf#81-qztdjC6bFm_yG4T60?{AyI7M{Baj(GSAvjR(COUr80&Os zEzF>rL3Y|P3bcpz(s5>1bUTI=u7{LbI^j|_rfKQXN<3Ljo1X^WkVA_~HomG?#K)cF zjHo{;XWl5Q6XX)z7A14bwx;yZ05udZ^Z^y>&k2C|54;h^Lms#Zg2kgvh|7pWIIJBQ z0)GAa=Ts|HC`t_#wnhTfm5zgPwbrT{Cl_=J6DO)ZTqC5BSme~k64q?d2nx=e<;P0f zzRql8c%iCWMR5T7CUSs&_g%*H8xW7LXQ=Y7oUvRjkLL{!77Z|w3J0Rp$-L-aSO zqZNL+&;y+R!ewpbOs8;HVB8H;eSEbfsvOPEsw(b6cuKSf2}sMVDie*Vkd46zyTwjE zJR?#E;acvZ3l4A>rvFc=4iyL((RD~t99rbxa3DZ4<@4#bd?VWt3Ps(7G|27o!EQa2b`L9gR# zcP-5>Ms}svAegg#C3tfxwPcL}@z8;Aq4YH`au}h3)93h#F3$4N0VU`>AJ(R6bqG8g za`>|A($O7?-0H^H46qu9)`idtA<0<>O$NS|VY+ANIGK}YA<<0$fhplci(M#Kgs3Ta zbrTS<psD= zdaK3a<#i|G@-r^sA)ziAS2SROrY%94Ej-fdsJbFvXagDt5vb!r(N$JK@{fmi>&eTR zJimaA2F@-pxjzR*u*674{&~6=+|4aj5XYLyEn0~DE_pCc9_^zwpEUwtTXP1DaHvmP zvorkT$dNRxj|~?fA+py7v!H6AFhAyZBUPy-hY`wVh@Wxkk1V&wk-{!UEX*ff`-(7_ z#amW7?I89%iKz5v_!Ip(5di9gXE{>Y6q3ddBaz2ytfD{_)j@tBFdD4FD&>0wKCOl8 zBd@Z!9(RE{jw+M_PIMJjiCc3@O#n{;ar<{};ye)UVLPyL3?QVqmn@?^YmagstO3qg z6&W!0WrI5SS<1IcuiD2E(Q0VJL<=YYtXmGGXvTU}?1201P#>B$;R|rJ#irCuLq7Aq zBUTFNpRhJmy3Kh(@-`!iBspLT=ko@miMZjr$a*oVgx?5Kt~qhO82pyn$2;yOq)Pa! z?lZZ>zwt>WPrHeA+gN_CQK`ZVEWzoS9GM{!B#CU;aw@gYQ8g>9YG6td!3PlR?}p2@ zpM){3B}&>Ap+(&`tutYiN`6J8es#QLsa5hOSrXdmo77w4$zwp#x5wY&nMcXY=$jLW z0!seGS};VhG=|idvp$0R8@kZ`O>PUMg**@rO-px@g9Uj5M!nvuUgho70!*^R6fxtk zCd6W84n1Z0#Vp9^nDcclHH}OAl1N#G{%2_}A4bAuOfu=MBfqE% z`TB|va=O^o;(>VYX>MIj+ufH%_hK}uaJ_46ZWI-9O5OLXKgq6}?dwcUhkTh))27t@ z6*(~goo%5BSO&{FDfOgAA;Bd>`wr8ef~I(hvYg_#Bzeev`V+E#+_eKfqW?hx{Hcv2 zUo%lWLxbz^DK&fX2zTJ4G+fL&iUU&p*OqKk`zVss;TA*08cK>3qf9&9)?^QN1F}6@ zj@;OdQwLbtDE2tOF+CoWd+3;uNMeI_wr*kdFD8bU&TWC+Vg)j*)>?tVV8aPXy8IhvF)7Fjf^n zxG;Wzq$g-%(Xh0Vy(Ijx;Jh}GxXMbzna9V$67^vS0@dQ_zAOb`Z5v8V3;#%??4+vA zm1~MD2Mjs14C7D09F@e~j>YKrj-lM|*J$-IG^;;+LgE%z;G@}@8dPF4?=R(`FBRyM zw3h=TL9ucAM7Oee1Qymz_;^xkW?gbhR~pCO-<3RXaJTaJBPH39Hb?NZ$8eV=|DP481#If zOCy8rhElf(FhZG>77gMNU35_wb%;Q(51BwHLj%iskJ&)`1Estfqe8|%*rtH*x=9yT zT?NlGxb06h*3e-@WECmGFT#^P1tGBI{VM22F=|lv{=nc_-$gtgm-nm0JN(Uw<8eCa z@#4@xyh#;pb#XU&UEEF$tMIvALbDKvyqJCCC=dJ{pY3$1iX3!A8c9z&_8u3y-Wy};06(%4eh zit*;5$X#?Oa-r2)vr=d|Hw3w^IGe2wc8=`^oPw`O=_n^B zbqS5}RnH8FoO_wY;FE)-96BiCuG6^|u$N7^;p2k<>@C)t0h&PpHurz zeu2RZ@|W);@mc#}&5;SH;c32n@?g`k7M>g}%7a^+JCu!E*vo%zlXeul^CHD zP6~*-37uP&OM~bt-l04|+a>K?IR&88sS>j!yy6zzq5O9FL%<2yZjl#L8cg`hS;bVw zl*OCW<~H=)EnQP#c%8i5E48GSjV?g#gbBXV!wvkdt;ro8Ks1`UZzcy{^i+wzVh={# zzBxJ;1!Nbh#KZC{SOpf)&@I%GYV?)emU+b(*$x=xL9BJ47_+^T;EhCcOy_vOedvM} zT)BxM`bN@al_-|gn*t+^YxGt8DLBAd5=L6|Sy`P=DsEd>a@V;t%$u8t`Z2CGG-w1C z|8giVDIt)!{B;Qi;b|E7V2ItwtvP0kGr-j zZmJe9%Qu`Q0U0>E19p>DcHk?UI0sP!&2)5<7&gVi$@h!tID-I!F~HU0E?E=8F7JqL zKsDMA(QWvF{ew(sI+O+*CwUM<>!V*>-9suFK$FCziS4Uo$IPn>0TGwT9F#hNs>CSa zpQlhF^hKp3TFstw}!nYx}}wq@BV7> z{HGE#+g#|x->b!A@?HJgBX)NXPDn}om{vfxXk<_d13cN5r7|0Yh7qzIu`q6`Fkt9n zD7#B9r?Wzdr)kMh-lJB6YMq*$2FMY*9RAzl_2pnl9g!AVyGOxs_SKw#n3ia3x>-w$ zt9aY;!)D|eU=@vYiTM(3Dyc{;WO`vE!zVw4d(KrNb1|V}>R|j~Ps7yX;HgI*LR|8l z46Ec}bwYM#`#8xz-P&$iEXY?NcKe55T8ZVOU>A%?P7x(@ zD>%Cgv4M_akk7H-XM0pSL5BZKI8AnFALJfWD!vcE2D3o?=Mo-lP-|H$EKF&AVRIIW zU{7Zav^Y5Qm2Q}KdGuA}bEX@6RQ({r?gX0G4y-v4>Y*1SA$Rr3PT@=SRSvDlD8OBY zNX#A@2DuLkvDhgLR;FI86~Xx2@UU7#9q*5X>X~cc*$|># zIHRr9iw*x;=$ zvtMo7s&97F>HPJ{xaa`vK|(%g&G(N%X_qN-}t|^lc=% zWYdaCdi%_AR7hm_6T0Wg!zP3n;Z8Kg7hWms^g6@1OcK}+yeEA+t_=x;zUw|6wlUlV0c>dpqo0UPo4(=2eTI3^HMc4#F6rT9orU8DY?2FO5Qr zjH93+v7PbYiIQMOp>ApO42p`JDG}oz#h4 zvJ+$tjal^|!=S5ykQmYVbnZM(pQZ(`GN70Ul}cmeF&GeeUNtOa_>J*Gc*=m9+Jhd zDD12fYxi&+z*8%=+Gcc*%|wZSSYwtjx0P~#5kSjmv7n=MpgPnGPT)X-(?RGr=(9+5 z8kigVL?4CeXA9k-_l~qUB3m4h6J3@}MTn_4fhJO0A-)-A0XnY|g-Gm;602Q|J>zQB z;?`%m@RJF5s=H`*HPcyY510&v`pv{`pZA$pIt`!hN99oLk}=V*=Qg87eQ~&>Wz3}u zkmS}J92YPJ=YH7umQ*UpdtvtWJ0_$9cZ~WX+o|?_j&)0 zoUGQQOZG_@ip}x!XuBbSPsCOY^O0g}Vm`LPUhg$fvW@5E3;6-%+WDwjDAw3}5z>q{-Bsi~1&Npv3y!+ZwS z7QsAD@2zK@%H{Uhua&acvI9tQuuL15T&LJkGPD5`9z{(?d5ol z_Qs#!J!%cGgDS+7Oet64G6KpTM;+Yp^xs7Dl4aoP0Fez zO92{L*!@4jvaU;g0-w0j;LXve@yyVpq|v25T_*PJrapy&kUgUhQQkFH0iwh=WGhVS zF>XY2(c}M|;+cnYQ`M;83tSRHDLWm3dZot0>J=b_TZ2C?;g$`8JI6092v9xM;u!@h zWdZf!L=sG8x{0y!yS(_-@kC?(ddMp{0fi%A-hzDq-zsI`Usn>(%0;Jo>eJ|PV0C~{ z?~Fc++OhWIQ&;m7t?QeJZ>*lsDclc5X6hMAPN#g3rh@37Qyusonr>9;S3BxwGNU^H zMpuGl^-_$N>^9ueR~lRb%v{)$QEVJaFsS+155KLvnD%rA zrhRw_Ty!cM5!~S+#ZJSUS`CWsKdX(VQS78ECL>}u#<%mdoz4g^4C(nHHfzV zqzAV>#TPZp=fMKb$@JovI89=}^VicVt=kg!VeroJb~M~q7*vMArSuX9UTT0$ewXQ` z^sU59cb+4izFFys_$BfBOX-`H?mkC(`c^{nGgeL(p1}gLYq!64&Eo^yO8IeGSK-@k zirpSg*XMen6!%nvF_2M#AaTMJsZDz>4Swj~f*@FkuAXEkZOhOvx^hWe!-s{eikqCk^0a@Znz#UpG{va$f}q3APB2V(@FX zL-HIK_G(dJybNY^&q7xu7n_={prOn&BnK!pgNP&Ie51{lrqrGyLc9{A96g37`Pm-2 zu6BF4zpMv!l?23(5>+*#xHD?|BLX48ram|NG}X#6!iIsZ?9n~MEXp97WORzR zq85307Vz4XTt8j)M^mK%#5`mp0s2eo^c0u@$!N+{AO4YVEjm+!?iTA1l&;}tqoi-H z)IJ7EaPj&xEcV|b;`DJT8`9kYN=6SFT!v=!=0-P(Q(?Cts#I^n;CGON>2*DO4lZ6!z0 zxQ2xiurX3EpGd`eFzCENBR& z(1>oxer8R_R1aa)dOFiM6(tkiTI_4Wj}JF*YX_fuYw-+QGg7Hiy(QS zl~BnjwHrV{^>=&~iREbDuKLKp30{?%>-0L#RdAqKD76t}Lr=1FXF(%mLz)3_X{405 zw>6b0Wzc)c)%bX3Q|Nk(Pc9hM3Y;dPp)|WzPQgqbR;|9k;5{?AVz4=naVZkIgSYx+ zW@POLKZGxGzU5W}Xofu43^Q~q!kL^8=6;do8tEmruMSI#*U(fO4tgs#l!WJj#(es% zF4Jb?TGHr~ErEukU)YDjWFtHi`YyRu#8E19*&I4>!j!t7WioGcf#eH5?E})DpU{^| zx3snmC85V<#o<3=Q8FtGJ&%p`+zpQK;3~_4txCN9j&$Ec)D#=1vQ9un~LTrhd3%%{-~5P1&Ys-Y;1YukyOiT~b;%O;SoCA8w^ z z(XCaGCMyq!eBYsXHj_T1TZ1GU=CB6kBH0_0Z>zr`zDqJxKop;*D}=5%sieq9l3x5Y zC1#1o8d!|M#F=+#0&Q;VOk~eTamHi3( zxt*3gWzM#H9O>cy`V?2>P-nl|pGywrlGvt#;)~58nOo1(13e!`7BVaQf>d$OB@K7H zu%wD_r!g=jNFRoD%e{jKzhHm$GE^VT6N683w}Buj&`tF<2M5Z;QuQMYIK;~CPD`w` z+6#G<%45V`!gh*lNWm8dt)o2IQGUexx#Y#1BzZ6=eu=taDxf7nQ0bl48|$Cw*Glvj z_dj5!OO?^OL(E!}%HuMCrqV|eU(3L#Pu`MZuhOuz13Y@SV9~F5rX>ZQnJ(cCJR4q` z=$ish?*Q+Q9pKS>3cN9?@XT}x@2?-9)xR#{X+TKyuYU)4J3GLm_Y`4j%6nI@y;hE_Y-paG#^%i%hz%y=6?cYB;z@zsRc)w{*!Kaxn;dMV7UVo990&iId zc%OEFNAD@{hNr?a(bpwmDeb#1wS8u~ zY~S1a2xjsL7nc`{MZA4xey8~4({r|OX$Sc9o&taWYg8`2ewyj#_@51*(nZ@BarkC_ zr}*)?;s3D%e0ooTe_bkkGu`a}UV@X-e@YjN6Y$Oa=>L&(_W#We@aa7T{{GD={WsIi z{+|t>(nZ_n@&23n(f@P9Z%>8a;G2+2AN~&S%R9XPt;74F)OVHAQ~J{-wLfOM?9a*% z&cY|vmr{Pmt10*}(`EVbX8DAQ67n94k2sJnap(?vlBmV<6`g<4RVcFJcj`STpsZtr z<{E(*j+{>Vy)vJ7EliJBAI}JNT78^MO<8rC(KZoU(G2#g(~N4^s0^``COY-&Ty$nV z88>c1x1zf^H{KrpfX}VTM9OxbtFyT2dst0720=BoIe4{NSVH!g>>2@L?da2)5XwDV z(s+!2jw(%sog*!=@cLNcAn_CmgXOe3aO_I&I0Dth zXr)tX$g|r@9ciI{`ZQ0g!%3C2mN}sX;9n=T(d<8WA3{Dt4kNl~sDx3)m#!{vLu`uB zW%^Q&N*ihJLacB+?B`kPZgq^8)r~i+9naN51?Bg4TF#t0StB{&%ljy}SE>KkqWV>gsVCqytyin-+3{(?d9JvfNF zZ1j^6q9pQzi-7r8Pcr7?0cY4g99WY9xT-h+*VTB>mRKxfERNUj_C%JC$I&tQBxIk+ z*e>^tg~r2nay%WX+$(|WW#b+8av4+#8(CaR8Sl`#rtG(PgfM2hExi=HoX$HqoFchF zka3`(F7w2y5eOBxd*S%YL0ib~tY_}!7ng`LF{7ux61E#kEgkL{v;3m&8Qu+Q*kI3~ zqYwq|oJrM1gmEoxyJtWzymGL<5+S7>$)kh)NAZ+Xp;?huFPs&Gf6!NY;LBm@f5rr7+iLOF=z}>KRG*bu1u7NJM6u=p#npeL=p|5)OVHAQ|JGtl=*L_ zoAZD7S^R_2#pj3VJNt7p^E<_?gY>QAdZ`lp6nNLA!ZXt)ytj9CgomOIZnOBsd#uw+ z>KmOG(0(0SCJ#FkBcoc5Gz1gAP%-&AgHOJf+MzY&$cc=c&8 zp2hjuY_P%tEgwmpD5_-|j@eN+9kVk(wAzm;Xo#o$1dwG6yLU? zvs|nnni9Lq5i9VE6Bl#$kS)pMTSA}Eo=X1>S*0oSgHD^A;%89L!vQoYZOH!~FIF|w zNE@f?6v&xk^SatfJ@zoXRBi(m7#V(X1%3&Iu&_p4JMb5#Mi+Ggk)to8YNp=Y^TAwH^e9q6}>No%!e#{W1wf4n*=M zK(WO>(I6oOhw_(z*dX88@TTFKRQhaK-r@c64)0q#yo(O+u8Ar1-jLtneRk?Q(|d5G zx)h(GJNx=`x%4+_GX4Wt8aP;Rl}s;Hb%~xmKbYuA9{U7-IEot=0hV6+f~$;AnI!9= zGH``5TC1g{6_|?6@+Z+wL4H=mBW0TwNtPiyNAeqh04LmRrx;~6yM?GpI$_ky>FjrM z{d5=Ioz=deo3rBJr^G5Lx-N3Pg1+eGS^8Aw=WR`CVe(coSejr_#k>M@h)A%&3~2^( z9||GYcv|*xtab%Nz15L@wuQ^3e_t+k2ziXEV77%cD0PXZp7>rOEoPKcX_$%vW~dhq zFtBF4gc-Q1cnd8beRnU+q}JSzHKa~`4~4lR8R7m`RCJB3NNcy8KOEZ|orCgx-Y(72 zfK&WG%|myvaBDZ5!85#hXA~WOcuV#Ut?Aglnq4?uz|91h{gdxQkMMua*h!ksY(GHq zKQY2I-L~l$K+8+(@CV0Lv3x#u71tIL!P9X+##7Q$d|-a}={f1CBWiy3-Tz2W!5oX2 ze)?G|F`4!aaT5|C3zB!7#1j5V67=MvJRl@fYL{-bnV|Y62epE~3bPbV{1E)Cf#)C`yFi?uqk}(YaG7cEmlkC7qZB7e~$LNfy z-G28dL=57LAETb&ofzi3jxth=QD;$7wM>C~>3*P|4~~7@_YI6|*$Ma?(Z*|Y9ZaeT z@<_%eU_(fi#^m`Ysq{&?34?^_02oK#QEyO&Dp!**rw&!!M;0c z4q(KUvZKnzX8$ZY%FhxP%E>erp=9F-r}0Rpm){b-{Mw`!Tn}oxlr#`Z*fGXCzUYe#o)Bi@g2%GG1%8 zFLgq6*tM#ck;ygSu}i_O=n~4hC02h=4A&Dshdp}wB76p~X$wyG+_6H*gqta+UH>qqe{4 z%Rw-*i0sFGJv;w(@LwnYb@ShB{#$~-_AP5p(it%x@jxaB`~V?PK43n|2bg`!hivPi z#Clk5J)k0)2NjtQh%Lnx!f@Suz#dVbShxV4ywXQp8Z7igGxaQqg5Us1o zhb@_NaV}69b@Ka}$cYOU_N8|>zn_kr=({kp$?z5!b#wAh+1pu8hcZRVr!>D}`RYj! zC?=sxe0V8P0_JN8H~|PawnkeMZUjpKN^F3PvFICB0 z66E!qA<2t;abtlfk?RAnG>xRD=f8`?oSlG~`(I$*)dA*@*&2)4ByOsAA9m|W)d7sMrUo$`Uzwc1qj{9HIc9AZOEY_3vhn>J`HJAhb zZ|M!84(+G+l=gQ?ZNHf=+rP5;toBp77@BCmnIG}b-ac3R8y@cfpWaj8uVqi@ar~L- z68;%J+ep#pQo4BRU4q5vcx$?JRPFd>s(R&K~E~)U%bhH0w!>4pHGy&ht zkN&?U``-b+)ZN7ww1B{lha|qf@RL!5Nx+8uu2?Vs-2>vLph@eWlz(ioUbB&|(LOS> zb+UshHG1L!zqXs70Eff&2x+DddAW&V`APIg+7^e+YL%Mx+yJ-uwY;Dp^;z;$M1F!A z>xxeSD$XC~I%A7mu}UYGy|JV!`g7*?A{_m%o>T;R)punf7R&i^G~07oV!WiNOUDNDJ!K(kjSS8XImA|N5#*6 zDuwvr!Fl`{lT&PvwP33Bng?1#2pJ;IO0nLoT@I!x#LMMB!H?uX)b3}Lfyle*calCL zgKp!;`AO?!vLv(N(qb=S4za~v@k=O@z!O-6PSSUQ?wP}QxI)vil6<$xp*g*eF&+;- z2wjQHKU+4SgF$+US=%U?D(lFVFLHm#@;Sxcfai*0WAPxB;@3)q-4gr>5Vq`ylo(>s zyNFV0Vv^J-jy%GYDp?hIBVxk--NSLh=8DKvTh@mAWP7*-QT7@j0}*V%S1SG>I|S~l z)X-*LyB)T)6uCj*W&ZjEr}*Ukc=7uwU+aJ26mgA1oGM0%j6X9JSl1RC;b*mvqNF!b zXT%#<%3WRm33oMGM~SmLBrcMPYL)dpAnueMGOkZ0v1u}=5hpRsopPBqHadmGs>LPp zyLP)HAO~l`UT!H98>k6E@0j4!pITtiQW};|4|7|!@5FGl7HXZF9;1Q|HEd-Jh@BE+ z(GqYvYdwN~n6CBwmN57>Iqa8LeEj03r?@U<-K{`-b-bBlg56squE{6iXNg)1I z44uCH_p;Ng6P-Tr9+QbRVY0ZOQ*4EjTh5gI@;)JjHjp2V^9Nd>+=x{{Q$HYnC2N7I zEl%*?|JtO#P$%}rYU)=K8Qzr{Sd;9LRo^aQq3U$71(LbJonepXMPa#rNEH7?y#D^O za6!Cqm&j75E#!!lxXwE7O_ZM%FYlA(zkA=pSx+wCO-3=!z|ogB)!Lz`wvvpIqPHMw zqVoW$W^7j9BQfoPgZx?bl;h=I`6BoHmN@ig@B;M=QiCoraTnt!NmeI$g3co#?Smus z*2m+ptq50Xr~vr?ZqCm`9cQQO^&7p=)KZRW;g&hHk8y_adSsQy7CsDptS@nZ z5*r<0hcm{GgbV|C!4a}aS>pM3tsxtOMLiqa0QT8HYI-^v(Td=~QS&>2jn)$K32oE6 zYE!*hdSsGAdeo)H1xL#2O5s&$q*%aM@Nn1`45AI)W8DoIz=uY#E(fYRKyVvfssH*k zFB1Aj?ndi>C@v0vONUSydZ|-OldQkP`7zf=H)C9SrW74e{BlBJ!7i$gDuSyXsx|zB zkp;YVA(trQBP|XX)V7gFRJTlh|D5&Hc#w%WotiN zrdbwO#(Ut>)dj}47QO1Tyx2h>((iHW3q6272xHnGL()fI=+JN<0{Sat2!Cw6D(5eb zKi-7G<#qI8D`hF5JM=H5j2Cr|Pk6@Bz!Yr9<%AxI{q=QT?Olw2wzfaA%wrFITRbLg zMDB6h!=B=uI1`%a)k@);#lV3!4OZ(!UTERMfqQ@e;26*D>Yp&SJc@qt@=m4+;ERwkf%HLHgwu#jJVn|B)O{GAzfVEcWXYOU%jk$s{ZKj zreeQjZ`Nz-r$W3fXx1P66@nVu?7I<__Ml$n)P5-VfQo^qlj9o_BuG^Un`@;rT%?IzQ;+&JTLY{}npz5oyMk73|TLf^XkA z7s_Vlf9K>6Ws*OXoL_6l{a;%P_JXz+ogehV^Mjs$e$eyI4|>k|LHC^>^z8G4o^^iE zz2^trbAHg>=Lg+&e$bug2OUoE{%;nmpQ5fxKeclGMo?6 zTMp#PA{5T|S4NK8%-C9=wd0GE#E#G?y*n8&ygS@>yqv9TbyZz;<2z+F}UodfwCa_raWY#XeiRI0I*KYZrG~8*u2| zjjn5NPis2tTzk8HZTGX_9fKXyS@5DSqTUEM){Vw`LRaY-`dmj!Ll45$TyjBlmkt*^ z1x*F}Ik%>0)eiK_jef!VnAL-SnLP*v&aQLq|5j(y4tHI3M$?z>x+R_JP`hGuZ`$sz zyBhs-*WGTf>u%6B`Ej@dsM!%jo_TpffJ{6we<$Q!jDI=!HyHombjU_3Zjx$y;9ny9 zIiF1b!lYfMxRiN3?zp507g+GKZVUaCocPfhEu1b5rTvPs(J>aS%NpUxt#b^obBx6) zY2=H}q>1@PsUhngY#{dQ>B{RGY%nGP-M}7Sa3s%Deo^rsV0^YO2ij5?X&{xnpi{0% z4&zDeKW+n{yhKy!ygLgpa}c9*YgKSLSNQlb|j_<^!9Xje8~iQk3ka597Vq}XTyzOwPUPI%71 zGyG`G>Rbn3aj;&5(_?$n=ia8z+?oHWtMJh@$&8{xZ)Ovc2)`cuI<%I$IlfMm@rXN< zoFBT$TXNGOXXf6_opt0u87FEOEEhV2C|fm;(5O?i#>*1JF@L?X(K8OjpFd*u0P@9L zSchM8Jeuvr@OB?6z=-UFc77ZN98Sir|3Tt{YzXi{+rjwLw%`XAIykpAp2e_VrtN6@ z(hDS))b*xEcU{0#dss2T3@=t((!QZhl7HWV+y8Mngwo6s@7-t&+qi zg*hXCRus4~Tb+u{mYRcc4TwiR=JSF`Y-+<)^iQd1wTqYPf)jjf_ikja*FEbH<5c^o zeucfbb)f_0ef2lmi<|KX4ykPXDQ3U~pt|V`XXdxc#*1-9H}kZW%w`2+GrukPKwG}< zROEP%P&cF_^=T?>Jejbv;)5#f3%Cgz%jd#08K6d>VVX>C7>6Xj;y{Q$yYRVt(r35) z?7`<_e9p^tOeWhCRFZ|yhmt;L%g;W1-k$V1M}E%3=f5X?&X=DH@%gt&pJ^#T-Q)1N zCh2pD{9N`j^pZ(;`$QojWxw}x-m>4%jx?vOIe7-hC<{MKo`JzU_09mFByD-k zQububC(TK7@G_ZHs;4M`d->92(&m6sq^w2kaB z&9h|X#S!x(XZnP?6*S@(#zl%d4JsdZn&Q3^S*PKjsY6Ps57W1xQF&3ST_{{So7WSk zh@9*bx(wzU;cFu?M|gH?DfZYny(#6PZ!P6Rm-(#-|1@8_D-BT&N*%`VNX#7`&dn=z zw3hOLRck4qpCM--&Pgr0pwzmboNOD!_$Kr!FWTbzNT`RPds1G!V1DF8pU^<++=;Ys z3A8qwsUf7HK@php!9B#FNRx9jDJBwM$?qU^$sh8pVHFG%Kxx`&x+akX&pAJGyiX_t zf78O9low0VaN;WWAAW!*7uhb$=h-3hBHkN7FzT#FO?7x?*(V-d^Hn|?2)}0U2rt|= zLluUzz1oK$B!I76tdg@8s_E~tX=YR`x037d)gEZ*g8G%R=J}BcX`84+FJOyd?w3l5v#QtR6rvNn>g1&+rTytJuLbRw@3mgK*&R7gOXd+{_P;R$lBpKhn;KXip1gC@)S)qr3Im7s`u`{#dUNAkmXrLllk}(9icG zG`RH@E@;Ghsb5>*1L7z1$XeTlV^X-;QNOhk&}bM-Pc;)eqf{qyrE@7;?;`6mcxDVQ z#^>eg8LJG=^&WbaCxWySM~tm_8V+ohC8wc^{(5IMjnwZn4gF${nT*pdeCuQ-;4YAf zpo_Q5NeBxR%UrUc(RjtuFP=UAFozVq>8$pgj5XTVki! zVfO;+xG~}CNK2Yg6dY3}KHSTBarS|i?eeAgXy^hJk?!OOvhy@pQRg#Y+(+wGMwU1*Wyi5w;wGKt4xQGWh&-8Vg>q!xCXWkW99i zb3u4rVX77`L~n+NFO~XkV+t1H>?$$TgxX9NdrA#_r`WWQwQnF|d>vhcg+uLOL9eXR z-avrF7jAIDBo6Zfj^I!``MS?SK*wJ-W;e0p6I^vuYT+9o2CD4>$3Tc?GJbg2)mo04 zaWp=I>ddn0grWYAP@h$sQhOOC54VzorO|HqfUcoqN-eHH#Eb`6KmS#h;)VqVx|k1E zR>=OXz%Z2y;J*@*6@fDSWo3cm#qFyRuPJqig&A&p!tphQ;S+z5v+=p|f8f(343r&I0l z;ib9YiA2BR8W2@tddy!R3ul9AAc{)Zg=l!O4}i!5ib&(cl{<&;X{sYsHsmDS*F;`t z=fgi3Z>kSjXi+0*n$c70-YeBNtnZlq>_{+MNu;+L4Wg0I{Alp=(pEpmHwe0`m{FX-aO|JHYmi=vv|*L82f0aL z-1b%wj0aY)c0{iKW-J6>rG`$R;gFtWY>)E%HvBmJ>My`$A*^`S`|zMrn1xF5utLj% zSHny(suQ5(dJEFn=qjprWJMYWp$cy#*7>DubVU=|e>Pu2eJb0deWPugHBd}ht@Y(NY7bdK3#k7+wrZ#lI3#Emb(xYDLf z+EG`LH3*ew+elg#i5sbj?>}7NbANBU3+7!B|e)g8jpBN952^xK`S!Jlbr313P+$vW~nM>(BaVYzo?# zt-$)cKlnhSQ9|<{<4fV?;GG8FhgCoEHySU07WfFbfgA4mU&k+8$k-#>+>sV{q}e?d zD~M7v8ig=CZY|G8v$yFm#}JvxU%i?@aC z-IriA)8%M#12!XYOnfwdFGq7+e~f0UJ^BD%3mVsKrQzezl=jkVzM6^;`YSxqG2hAg zYVv$Cs~4FJSfz}%VnfYIX3 zMx&46fF~~8AcKy}m?-B5=!5u!q>qs)^nq2+-U19_rrPcBA%}l%dzKH(0QTN_1PeJ( zXO{9jggK2%2n6`U$^P$xzZ=@z|mh*g1-RyD0KpHtT*u{Gnx$0-yft%u} z_U`f*lgZ-GCRtF#Bap?zG|7*y*-BI($s!^Du`9W_0jrwbZg-2l$4R=R(u$2;8cA256grl?>H;jzY;rvkb!~q`qd}+^G*EOMTYHI zp>UrW$Mk=|#RqUmBm58JtZGK4RFmUZpXO>vB1V^a%sT2yXwjwpIA18iEiSj_@y)_^ zk2b0(b8TY1_23icMIQaU;>*Vm9J+bH*yIH=yqnuQEQ4654#l~}LpH%xR5pArN ztMq_sAb=F2svN3{*4gc$2?Wzo!Z5WK^&aR1)Yq@&Wzi`<{2OmwjEmK<^?jyjl^-`l zN{bm6%mN@Us%V;ERzb8vE$%=oOs`Tul!GPSi{_KwtwMvMvdlNtlIGST?k)v2BJs{e z5b&Fg=Ev_e6*S@t^9F-79~4l-0TGvc=F?7>L`7e`61+(LF*0bc^YV`@k#;D*i?FA{ zwV#@N{6gpEwS{R-Av2C~W4kDkZ2H`uv1GTh*?@P{Mhqv*fU8dq3DqGZD;vmpKuJA# zh+m9Ak1=Wm+ff0zV@+w(tJDF|aP5ugQ1n7n-2idT7TIOChsj=Y`b-3QKy58~sSbG=vsH$u6KSKr>Vf0K&z^Ji~I%=Y+ zWm>F6V+{~OtOx^v1T8AIh~tzh!VC|E5IRZabd2TpY9F`udFid~<@WYrEk0_22;t!a zROBUy+S)UYB9F?mGQaOy`^*DGfBpSGe?A{F=j^lh+H0@9_S$Q&z4qE8H&VpoNaOYD zo%9h#DOxT%DLSR}?MIMkKXy4c{gN%s1qxXKeoF!PdMU(A*|}~xPbF5<+Ago%HN;f2 zM`5O)<--%Q^h&ONEcxN(*8QIcqbK>VXchN^F3@Pvgh`x_5`5AJwAc<^yu75Gll-vR zy8jSlpgScCF=+qiHK{6?9C~Zi=I(p%# ziM9EJd`$1fb5{wW*~;8(;!9(DLr(~WgouJ|dL3B}!F`#t%tNn?+XbFXUz1|GJy%9J zE&VX%o|MWmD5Q`&)PB`;PRXe18tNjD#HwDI-cJ@+m1EHKErOlUFg-^qcljuGQGt=t zl!K9SRC$8DC4Z4Wa_T8}Pny*^kmBhr5H86$4{{^Pek;&756_cXaLV*vncGeJblB|q z`jco~lc#ls@S2MpuyIw)Gx~J~KjCIsM5f1q!^zd>Zat9u-Q}93(Tow?#rNnKk&uoZ z=LqIKzRU#eTkK&reJn!Fr_Q7x=1Z;>$*AKj0u0sDW4N%>E#->P1fX&mj&yeN*`Pp` zJ9s&QW^+G_tdd{K5m6Z~{U*ySdW*${_$n>5nl@VYF`A&GA3Utiy}VI%T`G|Nn|wf& zcnqZUFQhPe{^T*pVwpcfaZlaj#c&7u?Z*;-5xMk)F@GItKX&&MG?*2EM0?K53vEYh zrXh!0`g#}gUtGxcnw7`TI~jNm0)&tW)exg!ix9>o!|#Nm&jxc~Pt7+<2&;1|n`G(# zU_40+PGigmZqi_!_N#_ASv2;DjfOqWIeUzTOi+QcSw>Cu>hQYL-m#j}1is+LtaMl9 z<+c0t*&4GA(?ZiO`~5?&AEX04R>Ow`8hLO5M6i!{?wC8w{;+yy@%2ng(28c}nidPv z7+0G972FsE(x>}iMW*4}Ly4C%Rj0};qSVbR7dA;0oUL4k!u1#>i3`#_Qu&7(lZ5wA z>9(Z(x_&hqW`rR2f!p}nV_bGQHp6S6`omI6gXogl53CMBAExkI&v?ZKk!MI3)!IV! zjV`LpzKPYD(F)|f6WaR;aI~GK$s*~c$pYv3jO>C0u)g?`UW{Y!S$2@255~>4$E-20 zSHI4Z>UFE5f3Y|zqU3)FECcqJG$h%Lm8EuP;<+53$S^U(qnmBBT>FaqVp0x5{LYby zUFn|_0vPf!UtXd^r37IONKvc5w~~|w+c*34{1-SzHtv*Ysw}!xE6oEH12{`{sk+|w z5a|H1%5^q{yZj2;omr2dGm^Ikj;vx?Foa26raHN5+GoFo_M_KZqLlbi4quXx&_kLh zMx1YGSPm(Pfl-d5!{eKX=<3mda@M*-Vpu%u;AyX(_JUmSW3CpE_&V%B+PkU9i*i*d zx{iPaYDoS^TAQ7!|2N2bbx_VeEBX+@SvO!`uPxy!0790lnk#XF*a%Pc;<}33wbuPV zhbm%Vu3ej$b4~Ub!s~vq0QD9F685>2g(4S>HX{C1cViQD=6{LiCZ_c}xqTN{nJ-4K z%71tM{THg(X?TjUT2((l3``9`&mGD=>CT>RF&9Z3m~vydPW4hV_thgyW}Rto);=Y3 zqF3t7uDKq2LCIo&F9~45eqdB?t5ZBMRDBmTv0^5FZwyth6?#+F2Sy*P6Me}>6ip9J zX2CKE;8Dy->#U|1sek%!MIZDXTvbmOmnS~m`QF^n!BxEyb@ry@8(uk`%GZ@|l=9V| zxe~tCy`9WwcoOkja%hLDG-o;TNtW>T>P$eMW#c}Vi3xg2^0;sLE_ARbcJhbd0m_q0C=4FkH|wcoctsD7b#C*MTR zWLMoE#_)1M^7WFg>pe63vz5F#dF(9v#hFhrAf`X+TP|48{0ggKW7mz@J$@vm;2EGu*@UOBU9$_y%$kv*PojU-le{BxK}mRQfMa0|#xW^y|sU`!4F zLvHKwktm!P;1e%(X4}5Piu4rt4bGSTb*^-LmR=*~S-2zf8H@!TfCAVv7}1b{AE|U! zzF1x7j)hyzfsupr!kHp-F7}tk_<0{C$(6aXiQOi2Rh3{J2Xs^V%$=$HL+DKRK zE*0r&G6eOAm=t!ox=`5a6#i!#GIgwEXDsy_Qgk?@HJ&~NMw7~|`@csrI}2y<);lU( zp6t|=wmDsitnEnV86*?tIeu~YC0++guA=_fZ{4^ar}^5Ai4Sb2dLyyb9gHM1Kae1q4n+(UR?fl&U(POx^b_pEFG*^m*L`0Xc!CM<8>d-SYiD1m=$xzQ@Sf{$ z>e@ii0jO+@uMtG{Ta$Z#pKqjWL_<7(|7oj| zAD;FU@pv%1@8s%n<|dsCD?=zT-gs@-h^)PhruNo8d!ui>HheJGa`*mk=(9>RjeYdj zw(5N>jAxyb8JjDkqagh}6<|j`+;`>|a;5X*Ny>lH|Kv*g6NC>>v)W z_x>pjNxps(ewX|!_??!y)?hO^hr$` zTvvkY3UH-cE(kxBQ(|94*mVtK z?(r=AA&5vt>8JQ+)aM6(D;OSBE&&TU4SmC5DC3pUSi9(u!md1a>5 z-g@YbmGAVzWZC8YP7!Uq=eV@$=xy*BQe`_&p4XWfcj!&1R?UX1G@`eCm{q_sW>DhK zc;X=iZ96Bx{8j-(rZiP4UP!*=vGV0yA0qc`XZo;UCrOC7romf;qa zJ~s3DG^!)hd4v_6k{*P%b?vFDHCqj3EmW$6^72uWJ zj0K~V!;YPz`K5(LQ0ur+NMP$VbLA(2JB;6+3r+-P4h&vE^AiHQSRqk-2A>4rPdNbb z1&T|r1zU4KGM`6=N&r_qp(co+5T7SdA}0ZvnFlg7H6(NyOD_uFKNj z0*1X!nijkKB%0h(Trx<>C2-?|!({FBOhe5j$<@g3Q_TyTY6PwdN0+O*d(xou1EjJToN*m)BDYTQh^k?~^ zJJVmu6;0p769OssPnUPD@x1+-<-a*MP?ETFO>cSd=vB{b7FJ0JhjpsT`}HN-izR<{ zU_E>N^vPA(fkSyRLE#1?P9w3?V!fR2{6ZHz>ctV20 zJ~9HSoO|YiWVFhJTth-mc9#qc;n@}IoTA~etSTE<{KMJxG&0N5NQpNUboX-q8&n?wf zgbxakzZf9y{kOWm)1tcCCsOX)kLyD6U#Hw8Q|Cu0S8vjvf&JKza^vkpXkpH|4W8(b z)qD<}$*1bbl8;5_GpFvzb^m#aj^yIQ-T0!#dU0VJ4pkGiE2O8Ig;0ZbZK4L1)1oGXq=MQc-Nf&rIP5mX!AMK*i zTI5_)#B^7{)ad3l`=!R6I!7?1q!*n*c9XpJo8!hu`vzFJXE~yXe^gZ2dv0Hu*@**W zh$Byh2@(GmWU|5z=nIDQ#K1PBFUejsM84(c6TPOILIM3ha5^6)I0uKO=unsb zqI_t(BC+1^=5;?;`b!3lcbt4z;r6Mx@_b zGUm8r+NrqX%|Cn`vl43HRKxtge|8G)p!5FSq-Sn4e8LVjEmm{5Q>Fb<;UX2U7w(v< zgVJjPcgXk?`Z%{dtVWvX+c}Dm>UWwJgLtvyxCE&;iw~WWiI{La{bdGRtMi6zh&}5~-@seG zKaKsS(tb;V^Kt>6bBuK@C8@#cSPI$%@WD-;X`@5D3Su7O$!wNB@!|f)%j7NQg}AO( zhnQ+*xhEP~tCRS>bcNSm-R#87qsQTbH~|-hLtPee&i;2}$TFA3rlcrwuC;(K^>yyc zHP2ogD|(k)#nr0~p`qEqPWE>K-Is2sKrHKczpjmY<~WTL-9?ORZigS_(Pc*;?D*tQ zOot!JB@>P1b~^m$CS7|q)7&$X&y`{L%SF7_i)12t( zxuj-ilG{T1+xXiT2H+B=4qr^XVq<-jzXmR5L}}pPhwzQTzgjk!C0JL$_J`~@#zotv zdD|J>xq&zD+*1#_SAMLmRMXKzE9eF{zH^IAEF7V}DEhS=f>BYMjR*=lkL1c}5$Y~? z<+E&rL-wb&^EtLLjvGV=P6b)v#WT^C&Yd|tdV3ybC)qQTQZUUIjGv2`ar2InzX z+`kTRPCEVi$jC=|H}XHf@hhb`d%QgsycFx>?hrw$R8=L>EENs2`%sf#D#N zQLYu!DC!5h1Mxaj4~$Z%q{^-2_M%F*KVn)v&43k%nP1X`3hrBcSup1$OS9vBMIR$A z0E>XJ8$pL_4H7Aa(;x5D;Uptzj*wnOXY4MwnqIVJmRrr;nijhwT~9WZ@3Pw=bc;}F zd9!nGq0(=gN3FEUkZG*TB0mF77kVF{4>ZuDVmLAtBr=xrsJNgj|4=e$SWrVGsmeq|4m!`8uM)o7%sMxB3sVh01yfz_!rxnfFX(;4g}*PC997o( zG4eb#(Ro&*<)Pc2nYdw7Ci#}f#)zc@v(b;tCzuvGG0 z??n883I^z_NmO-gslyqFhK%M2q9tj<9sxK;Jf!HmTE(u}8mV92B*Tjj!> z^cF_6%P;H}1(A4iuBWDRh3Hk-cHkTlf8(5IaN3XoWTan%sV#m!b0iztu7GH9n%JB* z0^&xYb`U);>wI;ZnVwUFJ7a$XQnNKc6gzspo*XhSi zQu&2wM4yvShs4Iwy?peSPdJY!;~_$q$%Plp>EZywFby(mKPYuF(Nv`F35gMCNYcF;%yM70a+*h`u#<4U!zqF;ib>evE zE5A~$%=2OOF;88nw5`H!69D#+C8dq!<7A2pW@l76*PbI4_$B61+d{s34s#HTx~h-Z zV=5A_pvVe-J&n>C7-ZFdj6f2RW z&V*Rl0%gxPn7Ui6KOLe&Bo_)LkAgSku8LW$&Z;v7wl8IT(fOeJ*azd|3)%tps@h%b z_l!M8z`)Xxf!2sE+fV*xr_7*BwLZ_hK=nL7WM!-SK{46bYpXx>9256k!NJaO@$?Pc zpg`IlzmRO#TRL;3F z8|rFDe{j3ejlI}2QpboJw2{u2>FHT-Ny+%;m?teafp<0iFnMGku4^zSApQXe!=pbY z7yN0z>IC(86<1})ZqLrCa()L$*$iFN>O6kF;-8L_m!0ng{u1lkQ3JgfS=0Z`G9{I$ zNKYUQ21lH9UMG(Rk2;gHUpgt-Oj;Fb$psZ9)`Kw;3+K@!q6FrH_>O@86Y1|ePC9%YKn)GLtFz9Di$K&K+QJ3(> z5-rXzOuEi1eC+%oAJY%L`)1-D3NjLcA%t2%69C7A^CiRFSUT!R_gZ3F%#<> zPtsm{Rr1ZlT{92c2Qb3p!rFPzt_&8My!E4kXAeCzljwng4wA-jZk51c}8@_X(K z{e6F3fu3xgOuynE{GECQTRQP~rddc-jrnX-cK{NI6L;P`6N)|1Bm=WYDov4OPb)R(_kVo6#qy5*eGR(7vD{tG#i zyb3w^eI8N^O6;v^(cx-uE?IE3y(KCdcQna-)$IJSLl=e8PX`6SnyAi*@(~H<^!cV) zGbViYQFaLuzMK%d+21_A#X0bErMUKHn)^9Q+;QNJ3Wi`!bF4qilj%)Q_K!HP>daP| z{uOysBfZ=rpP(1ZZGUJ{)`NVo8$!PM7hk=gBz}H$SOH6%c3@28D8rHx2AX{>uYa}7IjJma20xLR!xqNw(; z)o}#Enc$12Y} zb{qfizR0l84vw-Mr-Sb*57W~{8T13(aD3%7YsT6=Jh0m~W93AX(zb?xWG$W}1>O^R z9Ny7hSB41f_Utm-%zHAQyE@^E4~SluBUOuYiD^qzPOB>QV#8uHQGv4GHky8s5=(fy zu*nj1Hhx2ir}ooZiHBKILQfE1RR|Q7XXh4^!yYB8w_!b8pd>l!igMKDa?&FyD%o|yTLo#&QR zTPPOEmmT7k9p|Q$I~TYq<4p?pv;<5_Ph&{X=xGFZ`B9|Ybq{AIPna{8&;rhGBL3r_ zg6(zXoS*;YfaUV%AkIhT8(H+%sO_NRLt)ej1bW!Sh9wchtp_ubB6HE#RJ(bN*W`Vo z-Mqw8%xZR=GgMx4aCbig$18)Q3*Vww?Tr%uAh38ssI>iPzj$9cyRdfVd*O9#YL&{g z%5fm}$?W|_@$RY*+Xz(lHZ)Hn$iNiwo}uNbo4wTsm<;{ZTQXb~-yzfx*BahaBfVtg z&2HL`?*8^;!mXdchS+Ro}9tF&M=dbUzo^<;Fa*VzRPcu=7- z!%pO1h!C*%W-iOs*NTy{qX0m#t(L7FtoJBq;?u^4Q$px9I6JG#xtTr_iGem{J(v`H zM-tPv`iS-50CZ6h>nd00tt;~&(??mHxUGVi8Go%Djg!5tsOxdt7j__Z!;vmj#nd)MCGo$F>ke%3N+Ie9g{ZRRW5p+egY~PLsbNDY~w4r87nL zmC_grw~lWiX#cl;?;0oIUa58r<=yFkx9K9 z|CZ#lzE&q@YSsaD68EBinehTF^uv%6<&*V8LHi^8-j_%&P+j<4^eLD-2usP~g$f{- zqo%7e<)3o_n$Y(d5IrN+H0{p#>)`8_@#sww);D?hcB^BOJ|q$g^~Bqvqn;`@ryr2> zj0k|I#-Up zEXe|)~b_6PhZtobN_gl|Q``jy*l-L1|us%v>=wWw7o^KNT< zQW>{G4EAk5%nhc@(!6#xO6ea6?*R0}-I+E}?A(!-Xby46-vRK1O-!3%YVk0%Z#ktUM3?rgQI?Mfjtj?G|hNl`su}PX2tL#C8 zVC+Vdz+CZHlky33g-jLZ{QXD9%a$@ByN;LTl@O;01G65H_%K1{Sr)es3Cj`XMf}7U z%QMDOnGU#=XjVvOgY7=USdEAi_VT@LVWA%X&|*d(Zk;G%u~C^%7o_tVo1Io&c*w-z zB^+O72wHY&%oB0G{pRT+Gt}t8augR#KH$rykT9zJKGv_<`If0q#L~%&DddToKQM-Z z{EqmYGWwO@Zj~V*=dvi2tL^*~YpcuE7QY0^UWrrh=(Xdx(6EZ@50zZ9oSrwR)%k%g zSG<}2vC~?efA&?Ff{j{o3-aj<_?5MIe>z_+B($k1``r@`(6C7@DCo3`EM4 zNBr@jLUlN!B6;NYL|ED~)zsVEV%BaS=#;E$x1)H{fQ-o7FAERww^@ReykxS-dqF@f zK{<-b@bEb^=jDcn+&t(tw?_8Vd&Qt-4-54S(}=;!`rWZ>OsQef|DdB8d?UYU2H(ft zS9f{rdMzUN(N*26HT~asSM5Kiq}Q2xTHEk%`-%LUpPy=lc3g`ZhMfLXYZY$O7mtgK zcb>|1rcm+IeYE#loz*INlxRw`Vtwvo=es3Z8m<;lFYAsR^WD8CgDOxP{w%b|ppZ^#BU@uL;=J;c?a-s6ab{+g5<&WQ+EGO|t0pB8i{a%4zMP4j=S64fa zg$B#C^mHgFKg)1;()F`%V$`9JG>U%2c};JvVFAokaoxr)F9!>JPl&a+dQ;b}+~d@H z&N-Ztl?g8!`q9&rOHC}v&h$q2^O%|3^}RN@F?p28z1ID^VLf~+eA&>$ukf`c+Hv!s zK>7nxiSV0R5Ii`-<4JwlYjySmTJ!kU=m@?u5N=cyD$;#OcA>YLFV`C6((f7=*;(H4 z(W!jOOmB%U7vQq4ZHcav$F6)mc3nuTy3dPJ=}kSN?H9zX&fR1}40y+jEQk&=wQN&U zdPVB%e&lQCcgVsatD8%-wz$dixMnHOOlyvAHz`XsB_Lq6VB+S?c`eb0`Iza`68)vg zw9sTS8R}xaxJzU%8+b(JX?4E-kWAdZOl_->qS_P~qXjC9aMrT%XIq``X?{vhbQUWw z`8#&#;J2>ZD+frW%i)!qWe;0gCr$K6Kcpid@j<=YrqUqthxAN3&E4;l`0GLEyWbLV z!Gw{Izy41Ua;!y~9DVjyUV51qBXDx=K+nN$1g#I;fym;%+IUW6O+n+DjOJd!B?%yA zu4ul$aj<PRTukz{CRyuiF4OulHL+VwmPRdES(Ih4$&#Ht z+IbjkAV@5xd0U*`2`z1IV=WfgIsKqacQ?5$ym2tcViJ8a{bjmWVl52Iz0!?xQ*I4=EmTETINEi$E&Tq2FlZDH*#a*567*&6w1Mq_70lNLHiL4Hak3_a)h+IlpO z`RPW%=wk@j)z}mff{zbq6Qp&2N|Sv-J10Tc`D40B`FDL z)-FAx{sh=I=E@34&awFIxA7^vh);}ux~vqVG@K?E=ju;^779<~IgE3axh#V-Aaijh zsNr}7d%bzKs)w!WStKkLNsns-T34)Bi*i$DtO|O=^7CSI87$RpsvA53;j`RzEHVRb z`;6hX6)sy!08u~k(`OHngXLZ zhTnpAG8Uc2`eaLkb~4v{y%ZnMF_`fx1nJ~&cdnCybo31+o$KbdkJHW)`-|!5d^e9Y z-K-u{(dK-I%}sv}%;nNBX0ZxN7nR>kXQyQoS}RMRFCDoyeKtQjo=@(-AAWNG!MoxS zDgGy5huJFrd6l7`NzUbp!%I+B**H}`UJ<_rKE6iCA1i5%c~!cKw7xNOZq&}BJ}-6` z9kBY|LI=pOM#+b7KWoUp+a-U|_{vFj^)8fwEBw4hyI@qRkBqMhBQCz=(%t3|gPC6P z!|ZC%yBf-l*~-O6pr~FxN^kLk>W)5?$8m1D6><@N%N?PK)gU*>esjDIt3pwOhxOo9 zu4Y#)_qQA}yIHgvJojyHzH)ip=!rD{rcgZ-dfk!Q z9&7Aj4y>@=!EHQV5xod~t;H$POJNuh6f<=N69QA1#6S^y zxL7NTM54KGm+{0vny3S5aH=T?<*VU=ATmJ$cUK7Cp%1+j{{n*T3o#E&5<^>&DIha6 z+K0I&H(%XBKhK*}7)zPk=*gR55pE=taxxN)o+AUMf#}vv!Pbe*DjNei_KpvPp9V&# zMT0=P6`cuI1K3McAnpfYc$JlTf6Wuy?=o?&{ZL;;qNpi_iM+T&^7orgQDO{DHPujU z7~8J@jKrlPSz3hQ8{wfwoL>SeUCtQiwn?PRSJJW~iC$13N>t>i@c--rT||9AY2+xf z5iuonu(-whF|G_|Q^1|Z^J0dTa*5DesCI==tp>#iH@-8Ja{fH!&Vh302x7vMXN)VN zAGNKEAC)LP&`>_cO2!vc(bb29m1F&o;sNIkWw&DE7W}B+PuK4&PxW2Q+kV(iY;aZf z{w4ON)Oc(Mi9`0VDhO9|oCLo*HKz)%|5)Ev zXOhX88imJEybm^AyQ#`p&P(lKH9e!MAWlios2ce(W^%c%R`!(87tuW#3EqRlD}0Gh zaq-W&#ob+BVsBLZ;(av3K4{cC6{)n#a{3_6(b%3v`lG8~OE^aK38_H%Dc(di{*IRt z<(bbFs#ub`j_vGtO)3mM4%7}xypIM~JpRmgzxm!dDE^V})K9C$W-sOo(VyM=tF(S2 zKMEC6%^-Vks%>y;Ht|T#IH01I!&z-_D?v=Wsp*V&Oq1emqw%HADwMakroLWfcgyFU zLe4{CSntsY%iv*kh^1Dn^Abl|_GXA4J<@MCvaKJm8w2dY+KuHnBG|-<9vQS7gB%`+ z`6oIL>*l}gdqgnxt!V1Hp$W0+ce+a4Rb_mry%&q)H^fbPt_aH`uK&_nr4alxqsnfq z5zg(?>NFZ~8iTXNsnUZm+)M<3%L+|VeVq2p8l3tvwCH7WakgwB2KvO?u9kIDe(i7A zYg|S0P3yEsMe4dryQxwJM`8T{{<2t?{}Jb$UfP0Uelg#%T`tTLVC;kg1xrL!bYl`qa3FQ+$UXx|$5}2D?=knt=V=xd|go>WV4^3K!ljxIASK6lwC_Wl`w!|(r00ukZsY*#P z6URexN=J}oYI2tMHNlF-LeBMNA|3mPz~H`6$e&vScETjcA?Ds3$5Xs zQfkv-dvlzh%>r%y*tO=I>)2KH8RmSCTa@*>p9tQ;#$Ev>ah^W8?`}YE+l|a!{2kd) zSf7)h_agfKEBKZFEBKXT!CvtR_^DyT9`;fE!KZM4VXi&g!e$y;VBW%doLI^^{wU zdDFmRxIa?ugd-K_gd(B`0`aW9mur29hZYs7YV6B4MWFN*{=lq=+{M=;il^Cu7B zVVs>)VO))SMpYmavOOc@h-o%Er_!0YR4Ljs%4m2a)JG-#1Hh!NSO2#MdBkecYn*eF zp1-X~C*|X;^7L$e?GfeayX1Ep@iEOdUV1pzfYexVlnrBRHVhLS=4}^2(ZIm>;4aUAYR=h z*t2U+d1_R-IInb#3fSII^w(sLuHs8}PQY1wtBT{EQR;vb^T^J#Z=!S0e@dI#LlGHu z^(car{uGGO-{p!%oUx{$UZ`u(`a3z`&uTF(q(;?)T4tU-%9n|!=J+yqC*L?k8#8yv ziP5jL-{CuynJmU!_5}#AKB_@-UoYS8A|aLiawUBFgvH*dF>X(HTuU~;zZ{< zkC|>piHp-|E~&7}s8^NQGHoC0^JVsC=S+8&rOnW|dwOO!Rx*2(H$%|l(i{#^sj>(1 zC4$*GL1)*`G&gWzl{4i}uS8$HC?WInXM{B}KTOT>X1@E3%-0ei+^k3Pu1v~5u16Dg zaUpnYhI4qbwgIRYvEL}0L3m;bG`lg>Bd?g@3s!yR%_*kju&C_EFi-Z}Y350mBqA=@ zKNU6XEj}uj%T=mY$E&=iZspFMlev6Wj?1|{o_{@~6wBCj!w<6p&fJ^L^!#-z(V|>@(by2IopQs&kQ>GSf|oIs2llYm&S+Ru00TgkN<{!pe&qb(*E;KS9qg;8b`J({Q% zy{-Gj;e{bFoqiD8PoiJ4O-Lm{AEUpfE`#0ddM9DJsHd@BP>3!od~0xS%zbOnZ@(#g zo9bMX`!-d-{kHHe>YShZ7L{)rZ!>)x9e|m6(GltPc-wNkKuVHF`ow1^kFb&V40vh2 z%(U!m&fosT@NT!fG`laW<)y{E=xW>f!8*w%=h&={Ex;4qo~Y9!gUh}0)+fCOi;jkT zG$h)|Yx*Fc!Yf+wO2Eryc6oMoz$w$7u6PO*WF2A}L~A3Jf^Z4i7^(1{tZt1Tq^hAf;pWmY0rr4L=3&k!X8v6G$6Ka?bv zEA{f$^CS1Ip{I{X#5A|0x7mT{RvC3(XSgwQMANwf zvDs;H7LQpIoj!lp3S3XqXa&hGD@=7_HyP>JXu9<5!nde1CihLdw5zQtJKNtXP3nA3 zo5aFwg|+x4YLv63C7-8rWmCfHkb^QrT@*?ID9$?ADhod3^v>DL{dE!`T(CNBe$&;2NSm2pi5S8h| zWRfGMnki~Boq~qP6Q=mTk+s>G@;PabE;Bo&EbGRdf6Eb)aaV#-@dbVic-8R*htmxB z%-Ck<(~v3CU}xm0uGg9Iz81E3A{nct-(UQJNobrZZ!2>=5$)+C@>YG-GG|P5w!Wnl zR7NE>yz3_8>T5%%pP;X){)0vkm2~IFZ)!<<#5PjhiUyy|?iNWO+CGRQ9b!1e(|WATy}N8Dv_} z>YQ#KP{EVrxet539-p;VUWxlbq-aQ0*b|6-GmewV#^{r?-2)p)1|M|^S45mn7f^H`BQF|-c5L~~r!(umsvMy^At=#i{!_d9g#eH>ce!5A z)Zz>`ATWsa^)%`R)-Byp4{VYHcOT&1`$_>^em!>rKEiqt=Yw}l!=r&B0QUl5SrLGb z!$&x=#reGfVerwt7Vrrcfm;B$n~T6HKEgk0Zxi8XS(R;bH+v@m* zJmXX*8rcuz`PNX6(HfKYc}wEw>D3OV<@00rP}70iOv^>uW@4!kzSQ*rdwun)#HV8Y zTAfZ)({lYfy7nDw_&YW-{rx4SBmA{%?e%}AiV|!1=IV_&+}h7qudZEhHNIauqI@Eo zp^wcpK8z!L#AhDitA0P;*Ru!knN{xIsBBRdoiEL|@BKG~%K7$*_|biYvBYTQRGq8X zuyNM0Tt2zYmB~^zCOH+-&SP!b8lFxy`W4?y#YyWOOi`W;7)|K%4^7<_s7=o~-TpAs zKX1ROUd@TRi4o5F-lL7EzRSmzL}UD(ba=(pV*>HN*lROS6<{vuY4lSkQ(5)<1ZLul z+xf{h!mOSnzH9ZSIjP1#tz!*$?7J$Io`^6VW4fL-_Bm0hxYJDOrvACTnc|qkPO#l; zexrZLhCm1<;~HTt>;7l?%kVWPoWw4FcW(L7`7V=@oG?P|=-f@Vv^bRMcCFPRLoHPw zO3uZrxwD;@%IbJqvVAQ-s_%=0-E+S@VN|( zf554v%tJjR6GIhx~~BGVJ64cWF~OTiv=5wCEV`3!jlc*6;&TL*VtI8ma}3)Msl1-j?!`E_JH(2o(%eb*i{7l53mow-2)fW ztyYI_pMRbFIVm9G>%E(m@PcJFy^vBL#rmcK;P`#1u{mUu^8~0WHzx!Az5%Mto<5zf zc8?FGKTQRK|2M&+_U3@qaXJanKjm=BCd!@ZklAP#q zeb5>?{|SA?{;($9Lk^PrYVv=Z-pdp zUMDbzkX=Sd;&ag%IbP2u0?xTyi6KajWbJ5m$o9YMeeE)=jN;^dTJGL_IhII&8)M3i z&~jUa-$&qRDL*<0q#TR~OKajtUBcK`_lz*_W+q^WP$5?Un#KJRj^3NqwGP+?=`WEW z)L9?S*6z1P9Irm=dAat0HEMnJ3&P)1_*@z(wehNo^6x&MY0z(qCAdP7(vY~;&FwC{nx&FYi-y|mLucc;$QfHt6)uzUU zdZn>-;i|(h6 z=-|6iV1mxwH)t<{&Kd5y+bqYsqX+W2hDBxiCiD24j7%){mMZwKH$}6#BCL9xD+~h0 zH%Mw@Vc-N!q9EM+JHpFebF-d&Z*h8=uf@Af=u^v^_*k^#fW1*toWE+E8bX4De8Jv0 zHR9~hNlui~g1zxiTeY@R*&D@vfF_x02_>)U9q(`NbN-{Z=)rAG%z=7$C2O>Sby&yP z3T|d?mmS#7i?QgvxJ^f7XLey_t26#$cQp{VV*Og2m(4c(8Tl3jYB`%iW2Ekn)H^p{Z)?8ZP^+{3qFlYF$4+Z;zUk%hg<`Hi6 z$i_MUc+Fpw@~(|VdcOY>lhUXH)irLgdX{y5>eh;tnf?TuNdKBQ8RHUw#uXFc9oVU? z`wx^i#Yd8bbkJAsW@PFqZM7<=(jo= zfn?;36pN%U=RNtw-r5|iql!2Ch`ry{j?zgq2*blW|%~eBvzQj>}+qWRNlAl z(oAA32tOjniJSh!F^8gLKG#hj> zudowp@=Ev!F;b3k-!J4n`Um-w8^e>oq?9#ANlE0M#dpnI(CBv$1gSqY-V=_M62vvK z6!$oGnU~dKt6NGd1f@s#jmp`4w*sGY>^cLDE|oZ@`HJ6i)9>;N7p+!cUhISb$eo$g zHe_asS+mh=UT%l7>3uM_7$w?Gq4XQ>dx?36@=aphNWHT2>i|LtJe&;%qn4MMbT>gMUDTwuE=Q8v4l*UXE$i>di$a~h3 zIE9{(7=VBgw;*rox{y80-Am(p&fd8NhsIcCa#gu@l&r0An&5kiQ>fTF`&jp{WWd7Y z69UXN5FZ6sje1GNp{gau^xd zC~>;KrA@WF^#4(^8Dr!jirU>64tx3vlcjg_M>d8Qzbtv!7{caW z;cPd>Q)2_kb>4BT{Av}1-wl%ji+t7YHajEeF3CCi4{Pq7TV&uEmUM=9O z4S0cl+%`y$65p|o!_pK=eE$he?deM+OPrfvu1pg#6c?R`Fi`VWX9r}G^3N2Nk1vq2 zlTRr7Y07E{TZ5nUM~%j-7c74!ZJx~7;~?<|9KRIn=Nvx=tvT%a3zZa#RRpZWnTbe1 zJaOcB6#GDenY{;Kc!5q%pD6>_ME_Ikv&wHmKlXC|XPk}<;70$Ajt6-3ett23jxd&t zp1vHULLR!L>v#^uxS-Jy?<#v`OLj9~@i+FX`Lgp@WMP7m)1WF;q%C5nP5&EzqOSl> zheGU**eukf%M1o8aXW=s(lP$H*oqxeGaF-VHu7=UK5VQZ>KI_4&sONqn-a?ON)4-X zCouJFi#j@MW@GOZY<^_&yQFiCquT_FwK-HKD&gWEi%LHimFIE=aLE+V!%YcDsl9Sz z`Ws~62%~g{xshCQRemho-%ruT)1jXx(B?c-PK~5e?yqCrukp)Gm*5DPsfzhqoO?Iw zXzA%IQkFp>L)rNSR2PybUOLGDy8PXlC+LqYQAu!q@w^!b;=3WCZPXt-7Hx5+t6s^G za1p2I@2WzJ97-OU))wd*_k-loi{_Mb1nCi)*^O+7A59+VAO9fZTXf{}m$0(Wpy(GE z%J?gaFa3R?oI;meh+`_2QmPH=|5>h5nYpypsr#mjSn6wBh<%26YmuQs5G(mVF*~qB z6hRK5H9KSQok4PR9$feZ;+eCTIL8h4l{`GH?b5EMA0&@lL{g}0$P5MnhbgZy1q?gd zXe%OtZ|-KpFTOi@xPN>{=DlmQ882o2YV14q-+8aW3a$oOYwz}o$=)!)<`)W$82d^d{CCf$lu|6)x@6Sh&wmuk2@X1$M zln>Lk_#*lhy8E7d`G&6qh>iY^8{@kVmwGi1zH^m>NT^aDPX(dcE?6b;BBK^p@21gIUJ~ zYBxcjwohfw3Li|5r=`jJh7fJW7eB3bQ=*}E#E|*d-nm|o)dm$e$Fp7*t1;OT@<&dh zh6z4sEtYL@MjEb$$%R8pICSmVk(wQ(1lMgHNh-^T7bVjLt9tG>rup-gON7}H7vlka zfo4YQtVu24)Z$|rFEAixpwo0LaPwEp(oaX8bD3)1aF?mvh{`aP_244uJY_6%2@cHl zoG=&m#oeZ$VJ`a4Zx0J%ppl?s3;QJJ)s(bdvs`-f(49l>95z@xjtKX}ZSUh*uUEB6 zgMtKKEF!`j#)cun+^WKj>cX#G!mo=nKaSSSVnA2itZSL{KM>Z@DMagI1)f<#o^@P+pPPm z=x*pRlm*iev6UeN&`741zCw%cXW|rr zoBss>z4HTAB$o7ws+dgG_7_1R{Y(CQ6#R*$+$fBTzd>F|6FAlI9(2;^ZuCAQc8~Nn z2#}f+N^j!VzB^>^NsAdaxiC1(>XbDE$}8DQ(#v?}Dhkhjt87$N`p3Mr+8dlV+m&v$ zj=jeky_ZS6VQ&kUMSbrk;RAnK?5M5I^9wZ7Q!3nuefT9}9uf}9S*_`QW{b~HlSuN3 znrY~%y-E@x`Nfo5DZhP666NxXw&|DOeynuFf$pinpw;TkFu+-Bn6PrJH=e174%NHT zV!p#4RBm%ezLr~m>idkSbJH}hM26sr8z^Kun=w)@0ZMU*PG77@R~Wd@xJa8>-bLL1 z{~7T^)b)%Yo|!5Z!1#sY;S#s9vx4>u&h03f_C8rKm~dR9Hx8+QuP7~q?o%6@b`Ew2v&x`nZx>ML+ z6zKuKQO?UR71d%Il`XZXK$mm$yA61SnX~FGpE~;_{YDa;)z2z4^-VoNzj@#V`B2br z)E#O@&xyZeocD*An1KXO$gIi39vvKOgF zCn!Yj`c%C0&yRS(Cg-m{oQK>Sy68;6)$X6aOlP&>?*+Sfw<^4 ztj|quv#1m--w}NOMpVLlcbRy$sAC!~;zqELfH9c%im+%Q1_W4)&SQ~Yox`Haoew{X zLnvXUz?~-V$vAW#ROU+jy?rbOxr3S4^ZR?n^G$iH@}bN(o8dSRIQ4wvqAhN`m0dN1 z<<^G-IsU56%&NrKqSYAypX%^wJHKm$r~T@Fc6Z`UtdU#S5OMvBD4;FQ(iW{Rr~tGp)&$-%lPnch2>)H%foJOR}7% zP!7L9Is6QBPdwJs$RrUOg-}=Ri1bpH#CBUbsfaVfQDPU+GFV+Rr2QXsvP65A^KaxXtM&!ZxPeDU(&bnT2+|}ws zU?DDPB_L-8aDg6bUXk-2pVOftu4eHI^eC6xM&TW8qr3ly_ZDD;A-Z+Y+}fQp#p|!x zPnUB`(3rru?`{zh;)DOcGSTTfK{|*#XqaLjS^-TPxLB?TGpB+pV0-DYqE=Q|sj=kh#wcAOh1g07vgkaAptJ)mC&GDHEe# z;csj7CjQ2HJN=vG6E1T>2`whY)T%z@@7$_95-l=97vSWim6; z=7h45I@m+QPJ+oVGem)u^{lpsz5Pc`op}DNfSHHV5Wmvw@)PLP>U@!W8Os1w(wW1G zc`}_C&{fVCK_2KWwmaXNKIkn%_5qNX6<5zVp$%PA5`cGJ^0^CZ12Hggx&7Zg?|GJyT`LaNx~*cn z_z-aplbs=)UM>3WoO0dfz>^{UTi)G_V)KYNztD^X+|F8^|IWv>IQpOvc6^f;jQQy{ zehrrMsNG;GW+=f@td=gct9Xn!BL&M^9#f|ahYNz)af4yLbRA$!A}K=zwM&arh!x;V zR}`lVg^d&|i5%$iXC03&e|`%7yz+~NKc5hh;c>Q(kyl^zi{whny;=GCs(>Y1KJ7GV zE0UX?5fpiMgGXjzH-1U2GbdQ|np_d7b!MO8O0^qdcED?U=MKUiGQ$KtA^v&dGR>2z zR)!_viLXG#C*%CF8a9n*uw^4bX`%Qu5Sj#1We3K!xG#O~M==dikY$A;>^gMh@IKh> zOAN8M9on?~H?;cT%0BTgJn=i8mj6Ls2^v3g<-zVgiSwgnQk6)_*zM_MfIHaT>xpHO z@mKt@8dlnWLz|!Iy!DFej^M1fRE3uRkEBs9xL>3vSw0_AyA=1WsSr51;l8p1f6EKeI3)g6xeV$m-X&;+Y+m8PU#Q)j zPX&;x3HCIarkePuc|d1IpOyBwkbsh35EY*D`gLx-Re4I}@+I?!3YYutJ%N9g4?Xcc zum3gCV$|Gu{ac;M*Go@w4M$W8JJ9_GcY-{rkLlKs51{J&sk@!O7%NR^gGy)EpfPjL&Crmm+|CA2DYS#&q` zx{b;Bqkql6wZ#%Nt;{sdRaKx6TKLT<#hLvD7RcGlWoqZh4!fI&kiJYu5~RImv6w4w zLW37L0=yi6ml6Phh!nX|caDy_iyFjN7U4Z1#{_`lj# z##GtDe10PEj`KUs3FE=DDS6C)vBkvijG{aL+=n(>pL zX)~hgbs<6r7Zc}ORXPtwe*{P!ysWQGQjv7b^QZK`z1iLnn`H*N&$*Ong=p{UiFKFV zgFnbmwHCd}{@U1mCLi(LOg?**NXE-j76w{+vuA{!^l}Y`?ukR&J+7GfbZl=$vqIZ`^v zE5^G*1s~1NGKZxHlPN|KuIB4{Md~Xo@s~fe;Dq_4B`OKdMZeQI;-mJtcR7tMYsB3C z-FLE)F4NcS<)w4hx(3&t!QlPKe&$apUSzcUxcy8K zcL+x&KUt6$IjI@ropFxS0GYr4y^+%g7k)Nxyt}A?deB8(7GOi?Gyh@1`-v%{Vn>aQ zSn&Fb1<$nOwanj^Nc}nc-Iu{4Z@)7xdd7G+P+jE|i<&$ZpK*eHQq_KiTd%Gy_$pWm9FpPHW~=BHhM>StJG^;7sC;eUNkyXYbE zucv*t{sIQo8oDBWc-pN`^#LCDn#UlIC2jJ(e(=fdG5Q$2pp(7u-!}#7Q|Ynn{ zyg+JL4KMYnVO9JzrG^dRr!F;2!T=3U4Xfj43eiINiKNC&pw__xU|fW!8hx6~Qx#A4 z0~#_mb=@SM#84An$9>E5L!*f*J=9)H;!w%|n8|fled#iT%b14bCb^PnGELDIaTmb@ zME57}=w4nPWkyL&?&Y^12?^8i=;Lv@c`WDgUGo^=QC8$+sO0gV=COjuf0)M*k8&o1 z3_%`C%wr9YPn!%?JgzX0LwIz|<6s_zBPmwL<8Jdfl*iZ1V*`(e&0{@}56R>FUZd@& zLwikX6RBIx;{+a6pP$?-!sAktI+;hmL1z+=!s0-f3WUc@hAE`JVjidSD9b?5iSqcI zd5rV;fO(w3)^b$A(^W?T*lId9?4UM>b8iZ)r$1HYGR8nj+OWS{@og4RTQk zmygca$Za8QuOb|3JbQUsFQcPuOKFF8OWBL`YGwFXc=e(WHhtsm|5~d8@mb4Wt)RGe8ln9MJfvOe*-NE0Wk+$Cs0??9 zH``n7?bb3UK`={o^5lL>6K;})m>1m3bVd{Pm9G5o51*jl<*xP7X%^tcDM?$8Fq zzr;HCypGV880ht7drF@+JmE6ugiwP$ZuEf1lxJW}UwD6t75hC+;p2-Ao;UrAmo3`= zK(zM{skXu1*!${VuJ5q-E!x!in>(HYzvsbj={vL~Q(=Dy`zl+pS2^HmWj4=F8v|t7 z7AW8g9|w_!@cZ_M*3u6Gq}N-^4h8tqz@=&EEZUMPV6L|}T1&S|OXAkjmpw$6lR!>` znbJplHqik?X-Zw$-qHt@T?ce11Cx6w5t?NrhF7N^(SaD=u;{?o{ygm1q7VLiTk<^H z>3!MZhmMmmK*wyEdEl-(yDk)76+Uinv6dd94f`vAxk7m(G!(cp1U#Fd@8~kYaA^4X za5uMWE!!#BPX|Zol{)YWc%&BskgaTuJtP!9L>rD+OE-B)oo_8Y>VbHJg^{>urfnr; zh;Ye_)wY&~OwoqOSfWB1U4Wbb{vtlY-Ly!>#`B9ln0J2LfJFz+dVcqp?d^+J?fb&H zw*s`>b_QPc!Ps9=C>Y)nUSl7%mhPt|homJs6yu=@bnR|w$q}%bRQ4)eJR$r+c!Ryw zTIvMoxd1IF_iW>;PPetg58knfb^A2TX1sg9rQu>e% zZ?LHu@PH0_N>ql|hF@07tQ4y3f-3eqQ04jXA%S|-XDxkELVDDIr-}g%Rf4Ao2gS2S z@vICV2(Kj?>C$ZhU^ZFHpm;}Uu~2D`N6-v#zPfCK&Bcv}!+XQq1@uZmIBG53s0>6E za?jadPa4MYf$;pY!&E6UhHN2dE|LfG`DpqO2*_U=IXS$Z{NceY5zd_OWsw|O9T`IH* z750{*5xaD!52&L{U2%yI54|Ts)RSSvjn)!FY3#o6HhV2-39m=2Wk;kZ>Z!@=c>!V> z=yC~81w5rA*Ac?cu$FH2FiPfv%_IV-i!AaSrNRmH#?-P5Oe69brkTX_CsMlX0L`ll zZ>6vdsp(;%`gDr>RnW=#%c`=qe60#^(VjqzY^E2E$~}3L5Tq)}x6z1ar7ofVBzud} zb^`TI4{rc!U6}Z@?!axZmML4+@zw9yK%-?xr>aaEQx$$4(e{oEU2Ez49&*$`D4ju2 zBg*!Aj%oK+LWe2JG*c)#1WNH2baIrR4&|Q@_k`cEk6TM$Rb&Ap%t!W0P!;C$yiCABWg(aMLtd`qWV;q>Qg|&tB88bRzus0@b>T?d#|#32N(DV%k1}{dORW(Ob^BF zcObJ)>GMNT`v~>PR9`v)zGqFRxW+?~u=JxGfT>rK*Mq-bImb_ZRb?B(tHZD3P_*EW{dbm$POt`BbpOvDV{w6csliHQhtdz67o1&rK{ z;a&DVcjOLsC$XrERr?5)sd#uS)DC=mFWfFNqEr|kj;E7lQfmkcJsJRA2M=zb>Hz1U z`J3{GU}UbL-W=|+_ks@nu!eRV_R$Z*Fw`P*m9k7X=nO48q;u7W(4&DqSg&&~aIIz9 zj0R{D&^`#H>SSW8BbsS=8*>Q#u-2Wk_IaR3yMaE}K1wGTjU+U~7XFk$Mkh>yR+H(7 z3832qYW(Hi%g0o_gYet6#Q^!U@e?G!qr2Gr^276OjW|k(Uy1)vg%0p%A?eY*4F-71i2ikydT6k_S z&_s3(ctquvM>MCoWkUN2isyD{2{UX8K*OJs4>c)(GP9URzT@&n+XAVYP}%b~j`s>b z?AWWUrR!yuZOXAxs>A3%kA&JO>Dfw7Va#}0+Ev+TiD=PaBm#db64Q+39&(oJtY1u> z4R#vQ0ez$$+k80{YC2(DnnS{SAh@U%qTobPEdn4nl`6_TG69!^O0euh zNE{6B%cK90;_9{_PL`o)RDT71NSm8n05QY!0bDr0OhlzjLG|I4v><|%d7m;~&+~v4 zLtaJMM$qWCR|{`$1@8lbx2qNSa$14h8#Ywud=x)=@&zPS02F6f%jg4<^=Pl!OWv{% zfLvj34<7|(W@XiH(1TV9<>!ObWJc8rgYP6ps_0LwU_=~wUS<*y5v7{cB(N4y%wI5W z2=4@2zek3E1S+j6+k;l7dcqN~-s1Bdw#ak`9-diKE+EnvtOE zAy?GYL6w}S*+q+(IKunv=dGn5BGg|Lp*|OgN?%4H{GgNfF?Y&n2t^q=aX4ca*n0J% zH;HRrp+ZhH?#&#YV~R+F<57_(Dix;#X_=9VBG>1_rXr{ zcLs>>g{Y>(gr}<%@+wHY*44g-%=-38CrsMi@{gjZ)!7(KN&) zuq^ablHf<9qlULa{c_J9s+EnCU|A1i{iqHwP+#w}w=ui9Gs6^+mw7=2&!n;gAT|Yb zp0_jBQufQ~cx%~eBe-R$QEnerf(66tA&4v|MLlP^#QYC>)Z1k5XJS|iNU9z}&pyf{ zv(8+&WCHCOtU`OR&eI0TeL8v-=Ze}E*~nodpg%S3ogpqq@Cr{5v2 z5xnkvIT%y|swrv@uA~QHlOb@qu0K>suZIl5MFO#GTR;NkP5NlYO z01wqw2c5D8(psnb(PS=H)XVK7Wg@JCC!o!8T+yBi+CxG6HGyxqdpD2JdO8@#Rp5!3 zjv%HHt4!^AHI5ck7@Gb#eg7YzO?(qRpCtU+kCS8vh1%{e|5?;f!3cXd3urS&u zqFQt-ub#CiR?D{-QnRi=Oj=7{S55)5NjcHH1>~lnc&K>Z$2b*@i;kUyNZiXKxHZ5H z&x3a;EVp#aea?PQ4_S=HENVs-oPCJp!pjE#Ez;si@VBU+_8z)YR8O-6wLes_Se&o(xvU^YhcmPf1#*`=J-)7U zJGFSVU2?%?g^t_`M&(v_f_y-yKb0vDg({!{xYa;oWpdUM?nFj=h9C>koXZ@rlNj$! zv{y_Y!a1T~Md$}Vip&ILxo~?GBVPqWLV=~6^Y`&Ft2SCP9O<@Ru1y<)Q0^>sbC3}sBI^qPR^eaP6~ zm@akAJXtXm)jR}-{H4YQ=q)xRxePR?p0j#?8CKqAe_$NSM-0xXo%XGvv!v`WwywhXBB56}(R1lEQRhj$8f6laVWs@zT{TiiYj_B!=r zOS1R5lYgm^P~i{l)HOiP1+$^d|GJoF?F^07 zYL1fP$++f?G8v@8p)z&ymnJlYw}HHCsRj88NW$Bd%2UllgBdMq82kViJ-uOdKBunvoDP_gB#eN0dEj z$Vwkej|~DAyZAC=6r?)p_&?;meSBPHng5?@4=~8+Okk8jXC*A-Zn{J_vkjU`#6U}0 zpp=xfNySjRd~40diUlTErL>euSdK#wSKLL#huxo#EV{1ZE>CLG(58T;Ev58HXhDTD z1Zc}cAEEiZKi7TEBoy5JzJCAy`g%2U&VA0g@9Vzq>-oCQeGV`jch3Yl7-Ix2e*Pa*L)#jvhKjdU#a#I!}ICZ?aP*8J-MZw_9Z2&c?9 z1jg`A*?IN){3fu6`XD;`{iovo2#aa?l*ROOm*F|~3Yh^TcuA~!I$0+vE(^@;0ko6Z z2Xnxo7gNB&GdyL?*8|xE-+M!8|AgZ2Chf5?;L!nrOojkl7_Fo2S;RW#bUjz9#p&}v zsaI!ln;b!lsx9=676Acj85VJ61?2U%LDNU1jnGD+HTY z5z}etApQdWLhO+(AU$%>Looo_U-P#sd_q&FSz0Co1 zC&BU?F?+tpHKL}Z+%2w?W)d~#Fx|{$(_tmiZn`gn$so0XYuqIez{r(Gcp_;G!s!(rbbrF;xG%Q5xkge z1dls1Mlcy1#xdh-US!BXFuelyHYc?=L&SIJ9Q9MZ7XkSyCkV&a`2j$M`4&6XprNzD^&%3p=ErwH(G?^WC6^{kWMGBmT}XqJbDUNwa`C zBw})@#&<6hpY+FO#Q3ThU?>7;LWLwaI!+=bwx#+dKx<{C_{&6c$S?i^x))OlB{JH# zL+a3o%w02DL?Qmm@T1X(Bw&5D%uMA%au!8xMV%iVh->wqvM`*-dS|NTRw;Y2L5l2o z1zV&AlHXq)W6s~>knu(3Mk~&|Fj~Pni>+lokyFZAk~&??>aMmO)f2{~E{Z;aHMG<6 zC_uhG4s)7(aQ$}xUp&h1zYxj*(KEv1LHI^%cq&hUSNj#0xXa*!<_i)W}hu*UWPc(rY`QeQBf}O zIs(OFWeVWWaCA+d3(QoT22Y~2&Co)G8|>4-QfQf%hz-B&6B|D0@NH3B1h|>#iZ?H{ zc=K&SdnYcaDphhwp9?QSw}ynDy<#uTmu!h8gB0@ZS` z;-)Ld#P%}KC5OpL5Cyhs@^3(wiXcgB&oRPSjQfl*1!D^duSv#Y-mt2s+#WFHMwC?Y zq0@hbJ5#oDE^dtjQ^1>iNkVBa;F@PS`8|-pOUJ`qf85E2UWO#R>7V%W_ z;>ff~yYV`4h#Ukp3DS#_)SKeAUIXgNxttGh7@FQPlCqdb2NiX-oIi@jq_xsJ5uT-Q z6|Afw&}ckJSS1RD4=Md$;N}@Dp{ZZ&V1&kl4)l4kohPv*0NrHBmRGbme+a2ulHCc?s-C5fI@+B0Ph$xJu~~MOTP1 z%iJDNPcF@DBqBq#-qcAWKI+a&S;&%5A<7$!qBg9bh2@p{VvLLDO&`HRx3+M z4}7T*fGKps`$po5{v}M5jEj+*D1oA&4!887G+D^aB5{!;=$1Vqk_1eJ$Q?Hr=9R>f zg5fVSSzu0sgsW6vs^sM$CHAjf2TZFhH4Oe=j$_imHq~pG$?xbD#Ls}{C1;Qu4f)sT zi8zlU(nXBmMi5E_?g1Clw!rwBg632U8*A*iCH^Y?`hXMCH&Gy|bp${x$xk^-A0WMl@? zf0SoautpJc)mIqhUP^`+Lceb)B4rY#HF?+O6gGweugokJlN1~? z>Ys4hooupI5v`F=DcFFaVvaaE57ZiEIze+Cj?njLtBCX^P&_H&FoY#(6R9^vRWT%F z%2ARAuc~)5-m}$*F(afl)gyCxU59cmpTs0)ZOj|S^fRfl1T=;YRJHt!8fLn`QUtYB zl@thd0R@(4Xn|t~8L9!WrP-^uhVfSj-z1kV;jBT${AE2CgXMKR;F(c1&iqCy4in)% zB5Cs!Ga$8pmoqOrVWTi5v>HEtF_K+cwSh92o%A%*Dak`Ju88?tfy+z)^DMF*CQzAr z28v(fzZ^<-OchJ-3utDNgI+9jBCjkSM%1e}Fqzx9fyo@;hfYNJO%T3p|Mg6SmyxaF z$_X9``C5eFIF>bU@Q)hgF0-|GB3@lKD*G!EM^XRCM#Ha@?MCw!M{%JUe=8(u z?1iJ|Z^Sv-1?+hCR*e8`b+#A0TE!atqH zu5|>zcPr#?PBPZ41tz*|^(20rVitSX67qMZf~oz`7GDNId=CKqO-K{dq`3VSZI&)2 zcQ}JMZ37*NAw(GbMJhHCwdOCwq%5;wayL~7Z z!hx&folR22jQW5HwfugQ3exmx0I8`KU~=}A*(A=RX{;7&$VS=<{9>X|0@ze?79NPh ze-+y|)UL{gM8>IlmW@|KsnYsz3RZ$<@E7QRng0~v4rm1OI~K`$fD^V&t4B{YLikx^ zqjDoM+4XgV$Xy9Fs!DswC?dH9^EPE#=FnppLR6;3GUsBqMyu6HbS!_J{6A+H z8u$o&o6bT&OIujZsc(&?rB%8C?jjgUkW<0iNNX)dj?cuLQH+@UG{QyHEy(-x5k083AJ+Ql0gp%G0Pw1P{q<8>dVy&s{CKPz%21 zSpmP4pD3h@Vkrd$WJJzH=-mXkW=GE8*2M(l!gz_REusra<$9YyeMBTrg71{+!c+-q z6Zl>Z)gF~{Q{+b{uL?oLb)d1=HH7S#nf`wB2xb_W)jMO+Y%%g%2EQx55M^7>@(i$o zS4kq7bfJP_i-Mtxfk2_QC01fAf-G27x}+O0i?YoI7G+ZeZa%7N4VIaDNt=#}gn+6I z_Db~`7jY;(ip0h1A&JW@veKuVKV-BKH<6_PAQr$utoQ@YiWl^0f7r^XYA6S1 zlT4!@>TSZ@oaDQ5bC0Wc7oNLYhlFTiBS@JpSVz%u1r{qBuSD_Yuuu8F>QuW>-FWVz z7-Hwh`H-uTDB@_d2OC{MI(GvjURT77OG0Ke8-C1P!a3OMQ+FDW?uzm&k=qgGDj-5E z0O4LnODBc&&O1W@tYuWAcEU?mgf@-PGky{YI_WymVhwXyOi+Hk0)?)eo|RMqo|#8< zNz)tyD<%JP(iEIkv*IMiXU^)%l?(tgcnXuz?bY8&pE|hW1-7NSLk6=qyG;Vt7LBpp<# zOU8t61MNi|JOy-71wL7d)qY)$Jni!`c~tCoD30Z%_3(uML#7h~?}mvk2T+N%9D%pC(hX$3$Mx2P zHpAis7>ctY(KngPOk*BMJ_wP(rRxEmvU2B)(u3?CE97o4JGRc>WR<(5VXY!U(z_7) z(z1loF6n8Kp$4ym53*R{jaeub@%o-X!kK^omRjUR)H~C{F0XP4dX!;dR83)#g!~!BQv8B>`L@ zK&D*=1-nV+y}3e5Lv^pv%;Hd>$7HGIDwV_V)$iOKOmRA4z6`;uG7e`VY9T@sQQXh` z1U{OnbO+tZK9wqo9|6%; zp*V*gL~>FQP`b!2q;w^Y>#$G*X9EHqAs4eyrm>U>BdA2RNTilA=j4NNWHK)#6IJJQ zLK)vvw@(6ujL)uWrL-*+eVa2b)Q&X{XwD{IW(pMcFNI-Ut45H!f`(9%4m13&qYKzc ziZd8yxX2@J!POZ6j~nrX7!*Zs<*YNpI&+NsJw7J*PFQ|zXo4?+^<{#00rpHrF#Q0F z`iD`^(hx|Q#iTuRK)Vpa;4eHNX=MPvB?7`^XHrnP-rpm@m7v=zz<&Tr91t2tOhF=D-77WRB`->ryrd|dDMcwsYGpZ%)rtgX zd4AKMx=zxx0+|TnOU(i~%9axMD(44FVZa z$k}ulVAWJx1cmEe`3o4)jM{Ff!1k zd|xm>BcK&YDmqayEdFSeMq7`?16he9$?X><_U1t4+-RT{5k7NO(n zhY^#%(_+h-cE$4muNM`TVUdT1gQ~XEF|C0szz{*zSQ20@bXul_7+M{K7a%P8t#e?w zN~})|7cc@=!4o{E#ISN+!~T<41_Xc)BkkWv*$A>TTs}}5SdoP}qBBQskZdzdhQcEZ?f2vUdUxmZ|BRm@q;CoM2w;}P9vVH=*m+kqOs z7QPq$bzNg_ZL*R{Nl(lHd&AEKauk59yuC%>_JCRSN;BR=XT)Vrg$lBuR5|l5*qGOg zh~#Qz!2ca)=z)6+ZRrwj0?REkMx4yc|8GV-&H!(+Y77w%uZ-yRt-CaBmpghvGmt&e z5LOn|q3Iu0sWZyTh44*ZF$|ET&02FlHb$cR)LMn>e5ys>cD->qPm!Whg#<^i+N8+5xg3#DmX1}sh* z*XCdeYqXbHHi}|;HUU?4t_ftsTH_`l%!CuTRo#c_7bo*#k3!=QsM*!#5&$AZs2VCT zU(ZS^_@a#ID;6W*6-GvIxl*x1t%Z9C!ReiPUZg97_s!M&naQj439<+Hfv99#LPr{i zOeRTq3?nq41vXFwJ5w=2JM2DM3mE$L2t#HjU+PVE5?JU0@80BhOb$gfC%~6L!@k46 zRF*k1Yx1Ru$>+u=Lj&AjJDI#S04Dr%(i&efiVGbVS}PQELO6f{r1pl&jpg6x~& zch|D^%|0z(s-NuG5*##5zMuglh;@+c_5PRYxvR;)KzgNh@>PwK?{=Jk=9qjz6L)IK zS+Z9Dsz&Zy;9t;$z^f68m$Chd-l$E`E~{4K$rktcRU9Y7Z`L22(rcSICHvO>7oSLe zP}@7XZMwq!(JVSV+@fz)j1IT7>ZgDC0=I8ef8yBU;DY!{z%<)DC{y zWoq=lcF`WJu}{uN$H3`sg{h6_>*d>(Gh=AEwwu0PpYL} zNBl{(H0r3aO9Hn&czBmai{Asx0(xj{uRI+=L2kdVu^qg$4Hy4whMSl0h_>uX+2&k2 zs&U(NrK~sY-}%=4xmuRo-^^pSIoEtP=c@0YRqwmax$3n!*FV1+&c2k+bvFl}f&X<|$23H%2_4gV2}5HUS3sXviT;KcUJgg)cY4BI(#0XKDv2 zc`Esl!2x;k@s+P=AErTj9XN4}Z6-xoYJbtTVv@+r&|4$qm5Z&?o4$xxVJW|5a7`La z*R9;IZIA|sRs5G)IjjwkFb5731fR!4nZW@eJ7ZCdTFOsQw!1}8faT*H)_ zV!_~G1{$OEVn$fRm>(QmlVP0n%Dvj9XmBvqf3Nl?%I_W=N+a<+o{J-(Vo$DIE#MJ1 zaTSa4Un?O;GDU%v9R1f;uGXZuBRjZC=+DJAtsD}-$Q$0b85~ZV7}7KqIrj2ft&ow| zp$FHT!XtwNr^Gg{9JH;G$ga_8ZR|CWIWzzK;3}7VPvoBhFSK=<>sX8EX^0JijAg(` z`Qq~+T7zpZ4TbPhc^nk;+ERFcbAVFjSi)h=<2l~!jSXT!uLT6qAl0!nw%0;O4bnY> z!>7(N z!nPY~2nGkl8oJsU+h(r4@K|H-Fce}Vwt#VwM1Cv%QjdXf1-H3)GO`@32w_ ztufJTOdDOu5X(TzMhh9)z1Zz?fky$svXgy!;~}G2x1o8FQgk zQ8f+@XZ%ARLy+nM<^e~(4?5}NK4AvWd4X>+hzatxx0lv$vu!NIiuD638OoF}{ZNFXSD(ijS^ zp-H88P$r|M^Bc{vu7&vkE*^W-Mrn{4#Zxq?=#{MJFpo7mc5O0bHxdusC@ePR#Mp{e z%NLT5oiI97T(bt5Fb4qZVn-M(r!sQ}atNt61a0O1EEKaY#FBdvAB=K;Yiuwk<9K82 z3CR|4A#=rXl-@%FL`Q;*w)UV~3r{rfyjP)TNo;-oFbqn!3$=2wjRtOwSr&1l z2{D?IQEB`sYGWV_6P)RgG?mBU>8#zGg+Ma-bqskJa*-%#gtjzQ3Y!O4E4Q5!Wu@{@ zY4Hpx3ZNw%Vdi%_f#hPV4LsUqCUhfFQCpO7Vj*S$OqB&S`9sJey3QJvWc?B90~I3M z3@uS&FYA+qHI|{9WrjYsOM)sFn^P#JjGMS7_K2u*)1)y01lnLf;a=nNpKz;zD^Aah z?je5&&(TqHY%7co%}O|@jZTsBwLlk-?FPfJIWz<5aPK?@T?Oe&!)WNb*jidUSuHl@ z$ZzIexC5F=Td9lCpEcotM^8@>F^_0w%!%ig#@1T4HRtQK>Ls!5mgK6@qJiQC%-n;d z9p5J2%qxs7MuENPrvR)eBYH84h{ALYy|1R984e_9TwIp%_X}D__qiCpD5nYAphJ~8 zbqtp^9Od`o7^LXE8M2FQ%@0dyHpz#N+j}~3Ol(NWYjK~Gg!!_l`C$-}DUrQW(5njymV++ZlUzyV_i_)|5QF1XGuvE#gXAL~OKdoQ zkmgp0R9D5+sEB~m$q^f&2ZTWOK#`nQ*gTH-i@ju=rDRCG1`%=BA-{Re!ijpj--9?K zSyv}vg?5Kfwm3Gd50`0N222WiAq~o8B!i+CPRVnH;4*^@MOHE} zW-yCoj(0L4rZx=@Wqe*aM0slV%-jh#k>_SZeywDotx&tpXDMH` z*E<_IuCWm%PsDn%@%X$OalZ{AsevTK3*9R1okfSOK1G~}PUUtKH~AiERsRu~h}LDG zs2`WGtAO}(=-`jCc;8C@w$T6<8` z&?%sj@x&!FV%r^cdcXunf_=;nWUbWz#$yM;yX_MZ%Cnh9qi*@0=XqtxQN}PkQg2Vl zu>PZt;e}6sI5dvdrDvfBhZ#J5G1xmObJ^6MM5qV+Y0K2PI-Gil5v#&V57Yva0kie^K@jWvy|ISAeH zl?<9FhCj}T%R|Y)0?BAevGpo89Qqu?SAxw<^g3{o|t2&$%yD2mzjE( z|Io;D1yJk7UeRkvQirG?L{uHjSj*!|I-wq&rpbs$(m2~ZptX9*mT@toHHv;{p$Fp= z6Y8uomvGjh`|b2$j;DfmGD_-Wn~VgUK9wH97YI#X4@*LES5&LLG*}@i5upP5gEqw) z%BY`2#7kyn%;=D;uZ?YkB&LC}hv^V2n8+svRKR4|c#Y{v0?*(^_Vtqt)jS-_n&r#} z96%Rty5O&Ie8HwMk!fJXYwQ_$gr}WbN_PuNC~JMvsX6wVCDj!muMZ`ut+rf7qy<1I z>MZldydIf1p?=nMEx2!%Zk#Q0u-Hs4O7L?G$X$H&`gu4?8%(i%tx=Gn zjWD&4p}gfzBsI(-g2={J@lt|<%K#_!u_X40y%tbYSvlPSgz^a%GXbJhAc$p`Bn{Q3 z{|aKZz{1XCB6|^*xGW)E?FOW^v_q(*7M}!Z7$pVMP7V1zjyPNm6Gp74eJzm5v4@52 zy|`MD29iS4pc#W-G%2a1mx4VUVT)8KJiz--JnUS8ni!0c@#}K5D`(r3$6+!`ga&w! z*ZEi?oYA=19I-Xr*XeAPF+^uTbokmIcB9$u@UKYqC4U%vOtXpY_4fdySZks5qY;oC zP6xi_c_Z`LtoNod6IyAZ1jK7<)n-mFOEGKk{7seHf=Y_jLmpyJ(*{bUuwjj@t_%~< z3dM^#z^E8P^$#vp^-(dUjNI=X07>O8RU_VL8$T2bexXKdf9fPKUdocPr zak7FLXKe+utPi_ChE^+ES;$INAZiIt>;@vFDhi2<4CFfNRmX-HFNlT=$-{N|-Q2yv zaRY`oZ(Bg&4G{qhD=<@M&`X-u@C3G?WCSCn5ipKipc9LG*~CZiK%KY(EQctO+)T?B zWljBMorIBE&*aw_7o~WLXqgRI&rq%ONW{X73P(>gguYiE(UQh}0{b-9#a5a0v9J&W zb;b7LJ#T})#So$hUXZ3oIWF*{u=4%n$7YEi2@t~ zS2HQ-bE;D6tv;q&qqI3?jD}K-#GS4v=q9_lQP(q}!qmGLE}+p6uBP~PF)nzZg{nXT zay;8u1j!S|9c;mH-xP4Hi@gH*HFE!)*t*yogzR=})t;~@TbA0y)uL`D*9`m36Kn#P zS1<7`5sg^VdYYJV~F^|>7o`M>>Bxp3v^?9^7J7X>+Q9^QS zqwH`|>0hRbxlGbWc-f9oRevG+Q}Ug-A+u;OwaBB*hM#7W73T8GY0nu&Bt)kg9Ltn} zJ4+-H5XJBbkzNX707R;yX-rCKeg`F1WG9%-OC$jGCXAgj~_3oMz~qhMtTJW{KQA$q~_m7l3W6`-oiZ?d7|!muG+c#wrv&p0)) zoq)dBO&V&17JUm{rmbL${iwt`dTTz-ebclqB94ku6#`hdY;27o-oqju3aw#zjPX1| zi3qr|3zK6O%z$?g1mY#-kr{x_B!In;#lxOz{n+FyJrTnODi`FVa$f>B0;635!N1a* zJUc!aJHY96drgd(pb_aBpG)T?h~G0q|BDGty(u^Oi}18h%#%-;NQ`|^&V2@fVE3i{ zFDkMrm?ob?k)`J8pOcyV4_TTd!pUp0xIX7D)ki+{dZq6M~wm&sfYRURjv)zUEpnLWIlwZ52o{ZVJ4_fh2Mlbm5 zKp!3Ct9iHFZi9}yZr?L9d~s(Yc;h*{vx6@vzijuu`4i=f`2I4tacewy%-zaof4lx* zUxKo4EZ(!=ZN~pmcx!OP?)3ir_}7h%f8rn2>z^P0lFIl??c+;v8^8aUs-ONvDtTYc zdy~a_Wn7WQ#wmD+$t!R$le-@(Z(&uEr(VzBs^k@!W1VMmwU-qcO|d5 zDxQ3GPx6W{C6ccmNIw2>@``z0^6}p%ujq;=AAc!%#ezig@z;~f@dup5RsWDz@j9X(|jfqNQ!Wt85OjR0F)|gUby3&}o#)Mz(oHiYx-BzB>QH92WC=JeEPVaW6D2#%M8xf6q3FDx^UD)&bOHq zdXAn8?M$X{+0oOXo%s~bJ92=M$fr&*wA8==thtZ%50H za&3W+T3v|h=+&K8MgF|9zMUBJSeb^MKOJyiT4Z^jw&jghHav^gG&&7eGdc~|F**%b zFggv_E;EfYl<(%3&)hdqy+=4;-8M|nK1IjHvx1};UBa}(UZ{GMTHJ6 zPt*cf7ij?!l@=hoh|i-!WYIkUcTwRqEk@J=d>0jxT85|v5dA$z2V#V{C2*Jn$Tg!Z_k#dr*v53x93XJ(>kp6+v`fxGdisI+Z#&LvpQ__+na>KHOEzg;D%Ps12Vxub)u|Ko z!ORZcoO@I2g8VEKNk#CvPMg9rN-fw8SZ!@)v{0qIp zinp5`SK@_Fzug46k|ui9IQh@a)RxkHkNAIGuSpR;CXHXOqgtc& zI=VSrucMp8^*XvaT(6^>!}U74Ib5%!oBwat>&?#`wO&VG99yrqT&b+rTdq{r>n&F* z>-Cl^mGye_75~D_|6kYZPoc~>3Lz&H*LcNYuQ=pglm-~0{5Z(g z|M~jI{+H{2@jqTKl1!;e_I`OHLIVf2_y#A}agyxcf>nDT;8#t0-rsD3bTcRSs^zWl zy5&cE?0x^(^`mCb^+dAw2#9}s zByc^I?0stN`cb&xdOF#w52XHCl$5{6RaUd`#nQVb4WciKC(?kv-~`}{@31rA7O2Gu zb_SFJtawOEKZ}JC7{!Mg-q{|HBJ^yHQCN#fW zy@yad%02Lu8!!T9m1}&_dW&HCFW0!$8Y9r|bd5vS7(w_Q*Z4DQi~#*7*Z2)=$|$ z@!@XkN9Le)brIjxw%%k8T89_$#a!#tOaPO*Z?0!mJ!!lni5G_^OxfA9m2c%zt*w0)YhvelHn4wL!u)-_p3>h)A#wWOgdZ~j_n(Y^`xiJfd=WBJo4%M zz{pkpOCy&R2S-cq6>ieG{vI#?7{Thxs*<;@I&A~h`srNsNTDIW4}Utpqtx^Z@{8AT z%g||jY`nDW7aqk0*BL^#7FWlMYbH$D+q1=gNdx)E#-@71QxmLWB!Eb&59ar z_ROx!^AAi4k~eMO8Icxrn1v3Wfn|&ilD%T$(g~&a&xOcpM^(KZpWPNzJM!vJ{5#6V zt15g6==;-m`iCcth`5Ggg}*G)9kcbbIVQ}4O&an~DGovp#U`|qsA0m za3=`lw)~F1eKzG%;ZD!rGij@Tj#nIv=Lgh0a2hk8V08Paz@>GxkS`9ters_`RnK2> z00s8EGV=be5}6C=sCmR($*gQp2}&5rCY=vr7IF`?f&78;5K4Pepy`eS8xw#B{Juo zHPz#F^_fSKGhdM<4`+*M*NN^f@izrau8%11Dnf}V|Fh!e$&jr#cl0Cb0-k>1Wk-2L zSpALS>2l$Ge>Wk1;r>2zDEK96lG z9sh0>{|-->auEJiHl)@+4stap5K@R_7&vW9fQxr+0ty-MSGTv7{~ct8VzZ;YJJ(gU zg7vHoHvI4%l1qI9$=*I@;I9du`f;+#Z^@}ef)0=q!KHVqEd_xjJA!XtClq`Bv53si zLd_|DQ?0>`VRMVed7GkF9l=#m8v_(R-tBb+&DTcj^UiK>^qNHQ`CF`ExFwCG8MV)n zcYnY^cTV>rsO{`u8numlYV^awiS{(ldBJhfVLW*KO9qg7+Z!F`f`4WnfZ2WN$jRMj zjPLNpUs#9Tb=KG(yy#F6eheLXq4;V%So9N{^ZX%;x5oSS6# z<`W&}f^-ByI8d(}X#Sg`ebcI{6u%}}QT%un{^WF_PX(Uo(#7fG!O_C(BD)aiu%_pt z;)-}xVfw!5nF&4TbVG-2`qL5oJL^<@FvF7d*-Hrf%2L|hm%CYiw)-=nasPihrrkI4 zx#8)0#@YlxfeXreX&8NC%Iyff!8huUAaSX|bd_EJ(9CGiE5RCDU^o{nsmq>Pv<`FD> z!=lap8quEFVrN(NB!i!Rkq05RWbe6BqRYLio>XwV8bxZ!-a1;rSC-&?-;Tn&TZ0#t z3No)Pc*U&+!5!VF_e>$zI@qL^DNpog)d1y0zaWZf-6U}DUEF+L;VjolYt%{4LuD{gRcg^7XJHO8WJBpav&FJ)y7!v+ zC6|nDVA)0*y8Z&t++tnXbv;k9UekZ>$bL5Rt237i9|7;n-yM!$_%I0xIzIzB*w#9G zcJRk<>WbJgTRN5pSi4|D)Yjv{y>X<|OmIGf>8|;L?lxY!KRS#DKaUO*!4IOtTyVh; zLS70f`M&?hq(*+!KR_2p3H)2be1_!1N3>kTLXZZ<<>}GFG?d~yZJA|o<(V5Xs#1Hl z@3F#J9hYblN#yLvSzQVSN94N@bTs~lBj17fpBh3|aJ8!PXwT{n5UPj&jkmr`{EcI= zMGl^H@$9NXt%38GfRizB&IFw0uZ!vg&R;rV*7Ko}rniiL&(GdEekl4NidLgX*URte zC4paQlS*}50%HXqbxZ;5f>bRBF#bYFZ&lVu|GTUBn+o2^+*ro(@k?iK%*6Jh9uvwt zp>&Rs{(T~8X(+Opr7N?j_1>?ksnwg(5l`NHt&T7D{6wzrv1D(%&XiD?lpig!Vb={G zpuyi#eC_}*^LaVG4n9!TfAIkdghnP7hhlvX`JHI1-X7hxt@!kj{o58LKmX33V+UYw zCO`jyT^#ZI!9Dt|sC)Q@#=VP@hxkbS=Z`E(9{JdSyYY!d$*Z2><-)6;JC*kWJHO3+ zJGOH)=i79%V+*ea(#Bsq|2%gedG`i;^2n>vlh3**c{ee9vYw+S?8zE?vc5P(XGhi* z2PY)^3NY}#X{3@19|fGXfOCuk<;Wl%J}pposlz!2%0`Z68YpY6D}loKltYD@QXS>+7uEIv0a;Rswzj6OYjD*<1prn!C18<0Jn?$njBh06~m_K8nBu_kZUeon;Z+l&Pqjdf1danQUZLeQ%*H?1A z|81{VP2l-6i(LQQ+g~Se({*Ma*Dree>z=OP#Ptt`*DFqD*OvwRnKxrF)d%1Gc4#ma zPDpkP@Xll^SzR^cY-GFTobGOx@}@h(r5svx>zkhcROR^-$DSW#TDTA1cDR( z^qk2F(mkb5)togw+q0-Y(Y&$TH}LBk4Rv0*-}@;CRbAT9BwW@1_+~_(7w`?3=@^BD z)ZnfOt)pK^w+HXK*Xkd--WA(KP z$M9lzbPN~HkB;HLOQK^quO&K$=RO)9-{@HFjOg@xOrkZ&MyHOk-Wi=beme3w2g8ky zjdn+;j(c`Rr;cehMyHNfR=HDu&oSbU*5DWJy!-}d5bEDjy>y{hd?wjbSMnvXMo#Ve zI6scO&gqgt4dvDSz$kAdTRMRdV*W9)%G3mObV9%PPyG!m%g^%6@YGuVR(1VBe@rlc zuDig)yT5M_mleWq5AqIx?s$9f>uI&gWjy2yCH8*txFDy2U zbjLe_e~p?6EN&ia{&Lj3up{`*So76U^U{vsM`O*MVe@Zp2KJ7if9%S+(UtGnm8-|D z)J9jdW*xyN#;&|8x}xRl2tGb`<<;eG#=p@@b_5?7yRtpHqDAcpP8ho~5M9ywb_9Dr zTbcR~qbpkKj$q5!m7Coae}5zv?;pFi#9gC+z`s%4I((znUH^(_RTbXl|6Hg3)$#tR z-bkEZ|7wqydg_Z)Q>o(AM68=N{Fn*Z`1OlYhl^8dVm{kvo7k-AZx0%1 zJA&hEV6gOSijEyQ#exH+%R5}kW>iHc~H+f^RHqbMe)_}S%Os!{{?9)cWSU6V7EstV<2%?apXvTAbie;!ok0TBCTEGMd&OlpykP8Fw=BpIuK^2KwyC*UcVv z^J%49y($68zwe-2EKj)Z2%b7*CkQrN9{4Lf#WC*)R#i@5!e6-)x$Zy5IP+Hn+7k4$ z5u>^3-=JB6<;xU%9xdGddQiQ{FmP`TKusF#UwSG}pMRil2eH5!Lay25E#K!#{;}Wi zS9|?tiicx`WyR-qO*%kuFy#;K=Su~HLHu}C@T!O+Q`~h#VZ;1mMCBB{ll~y7P-ep>2c^PSJ$`)et3sr|ZPSaVy+Pf(yCL9Q-zdr|+&=AV-f2gQt0wrbOd;0Y z^Gj^|jD_F}@5F^DdH+I>dwlO-hR;g~#@U)Q|Fgk9xYQzb!fUek+fpUxd32jDUFrEl zlU@M_*Ae9%nJRe*^sTdl%Z7%hmtO}bAdAzykzWQV;;mN z_qWmI;!>-6UQ%k-78ea}`vU*mgx~Fz-b?6~9%i)ibbaviv8V6n>An|}x2)i|-}@Q& zDCF+-H{Dnqew~PU$;iwil<6T4+^GybkVW%x(oj41-@kX_qI#w#i#kK)HV_TRXj2sxBpqY@~a`Pg%wOrf*I; zc=ZYWP2ZSuD0#!TXd!`+ykfwD0Hh+C<5ykGBSh@6XK;)Ycgjz`Q;s@*^o|Yq#)+TE zP5wzrZu6aZ-&~eA9$lXK6Z6P_QeRx1BHz?=AB5f%E4=@I?o2bZ`^LZ;?>84yYfkNaVrPoAE+ud-FX^Y zum7a9>`sq^Wj~?cJL7f~=O|%EiQ;N+%1F|HU|F@84gQRTxO|3Zp-o!4usY5V zd%|qT>>S6SJ*bL~;6%%D!IZ@ZTTNbzcSoM9XeM{iRki21iNO^)L}LtULn z@8IHZNp5>xFMOAibKQx%Ug^cjTkSEC>-OdbPyQdl0R#4&#Beo=x<4E>6;A8UcWwGU zTH)O8Ytaf%TZaUE1)|H`NR=?7+Thc#n4q3=q;RaiXUa=Gic!@Dr-oCKz~waMPV@U* zEOZrs`$H1h_i%(Bx!we_NrNBKGB+4qAm}_u6;N;Ju@mN;kZ$vW+1x&ILU+tg7Jeq2 zNZ|@C>4atH|5k_@IbLBG8VXYcLR(vK|1RCA9K(4XbA!uFH8Esii(MCsz~djjT{jUO z?HL$(KW$l7a>`)gU9($*9iNT{axrT?7PPzRm!E-z#*%fZXmFn{FeL0d{RiXPVeeKe}*p-F(;7d7#+$5$92 zB8eVI;?ZwZ425Xij$qr>;iSSEI$l#Ou3&QSKnQKkKej*53yg^Gxk1gRDmShKCPYy0 z&HS?52_JO}0LpDNw*|-THR@^$9<^+o5ky-s=uV(V7ENT7nZUyb6rT8N9eKicqBuGs zdGjpJVRz{zQH2Ee$n36vsmx|k`Gd&5?pQ}~^Hm`NlD&^{t90J+ZpDp_%O`OkkLv{+ z#qF9k1S8&ZibmwvU%UTliPkHpL53+wVXrV_c1Q5w!b-m$x3<~72r1`I=pVvn!{XD=8N;fojuzKmaBt=fO3~@T@%0KAu?i*mFY_8{B zNviC#k zqGR+``pOG?cNAucxH^JQMgR&s$=;JIKP`O0$`|fplI;5TI6qKI zE&G>kP)qn>X17x>JIOxiZX0m7nYQV?EF4Z^t}VEza*CLn8=M`T7LqF;)F39(GKjRf z!Bs9^CdU5`3)~TGywql;hP!A0kW72RmB4ruQ(AB*M5&x z_fNEz%(7+HE6-t%(tkGiFd0tRSlxb*j*y=C71s}rD(36zQa0^k=0q-Te$nvZPrJh= zJIW2#8QqX_yQ85scz$W6ucx_6c4rE&_Vzre;pihPC+Z^S4kmBXiU;@13p)`oHGyy5 zGGv$R`vSm}zeO)DG-JlZqVCV3Id1!!(;Ne3;kG+AH#jkpErm~8aw`|yYWl(LOjuTG zDa2m>A(%oTvbnUCr}HN`lQAo}Eqt_nuI$@XFbk~1sVo!BEHRVpI}^E3KFP)e+FWo3 zgRFe;Zst)|Fe3j@c^}70y=K~2@^o;)eBr}n-bSu4{rqERqzETf!>ozo8>knb2Yoz@ z%SO%G0{wBbo>c_c{|O0*M2UKlx;v+gT>Wl(PV{HLp@wd6%9F_({-|DAoZ_wn{qqj+ zV)u&^u})QyB8_;HuCkuRKOEV=>Yyc<(`_n)`4E0^D5X^-e#T2>Q$ z_8dPuSa+Q!i@nkNywOR?%Z)MKkPW{N#KsCAa1eO1^=Hb~zveL@SjGQ`G4(y!`!j!% z!aI?vnJ9D@*Xm;e3IEAStNm5`AF~&7xKPE_80AEj(>Y*@ zPt?O#eK5LS>b$|@#?FUpUO=clfJ` zvVDHczTHl9qBD6rZF zgmM4*P0th`jzMDJCVAfTQliQ8G+p)v;s+k0YuG5;^UINB)NMGF8N;^^unfG2O^G0V zh+@(`IgC!C)$Ofw=gtl0nDuKMuIP4gNXpmid4|X0AwsEj4V;P*x#9IOB?@dj6DS{zT!9^E{?>mn%UM7e5_*aZY!_nLHC5N zeu%55R<6ES{!gxkGpbNjvhSCu%JL8RqpFp7hrIqeSC4V9_+Tpk7((Lft9)B*F?6qP zzlJ|Y>6hOzWt2+5kBs5J?g&|u*suF$nRG{WrS&~%o)_%ixxwM~@ZQ2-yBuoh(OicR zN`A!&AxaZgKBzIA-}OLl7su_v^>g&7tn;NTew-aD_t4%CCR>BM2klx%@L66k<))6{ z?*b=TyE2MM z#hp&8yLU{d)!ZBDwD&-lW{Te%>a^s|B|3mt6XBSQm2GX436cuFU?UpwcWbifaDNc> zX7b2HuBkTM++?NaM&ep|;{(DzXKGMPCe{Vhb2TOIiNoCf`^S6%)l|=Hq?MNIidERcnE{97iaYFY!zcz7VJ-$Vp zq@6f%IO#c~go0WcYcsr-+-~bC&3fN}1~%Nv4OdWPhcWQeN8G&#mO0!ne&Y5Qep|WS zrzMgxX^u^aNygaRlD?eb@_jI~WX(At_xK|nM?>(9sLR4f5iH3YZr~9rJy$I-j6kXD z%0Hzmf5fh;@QbV8uUsvczrxl0X!&BU+&b6)6W(y~k9$_Wa4R7B&z3Grw*@UGsKm*g zrSnpy>*A$mom}C!H2GUgmt{-WWoY3QKJ4FT92;*XkbMnxj3ug^RT|m%9l9Isp|ej^ z3~3 z_WqOL8=g%Uqdke%;46lPl)v11SxE1WS$P-n&|j=L%{aAq==c>UJ3c)$VZ}SC^nEP( z-GTl@6{Ur?u$!L4HJR18X;**ZeNzr5XRVJ7_GkMUh`?)qGe0X2kDeg3%vjM>9GF<# z^?I=BR-(pF7oXna|Bl$|)clU&mT7umxMhZZ@{jrJ%M+QCq{+9CN#&`+ zVq1#C&HdhY{gy6&dFyb?VqF<-LCy={CI0+*!z~5Z*6Dth0t9y~&`;^SbP1RI_SdVH zej*sUhzZYXg>pJd^HbE+1z)wehuOU|xt&i5?I>RtXL?6X*R0R{W8vgOROBDxZe`B% z51kSB3BF=hD%0sNuj#*b^j?mtile-Dnoi!Z#G32R;BC|8In8LAW|_Tx%FfdA%+npMvm;{9J_SN*VdYt*0LknG*63DV!8;;Mqb zv-sSR{X122D`5pUO8e*mPnnLa1A0`wZ(QLeo0MER| za(%BX*Y~ET%&IpI!m+9Hu=1qB|XOlmF zj!-f`)!)+9p{mZ-pw2}-sMd!QvZ&h9tU2sBF=a4$(OQ32y6>UnEwYkI?XB!a(LZlg z`HhxDepIrZe9Xk;4brp4Md{Z|v+7`2HTO3)k0TdRT+=$W)7YOlwK&-9&#FJ8B^%pX z9BB4i8uFtejHq7ByN^A<+iQLAn?Cz~-pi{#4VG%SkJo+b-4U<+)aXb9p1_tpYkBpL z9ZrU(EKm3RRuRuaV}Ig43QrhB=-R+IrS`i1^w$MNeq2PA`lRf=eg*{?+c0H$qGxYu z*5a|*lh#k(A_Jf_s|$kZpE_Fn!^Gl&iB~5~a1o4=>Fm#ME-p&EUTR^0J`K?CT~b<} zopeC_!W5@zyK^pjt95bGfv}C2x6_jj^?UENI~u6_ADZUR$GpoAj75BbFTJuff2N^)QOzd*ITiCPR_ zyO?ANIre6JN!)=ir{Df(e9d?pe9<-zUz{1fW`y|q|AM0l4o7GHZ#Y7ozZE}FUh&{D z_sIB6P95}HmQ@tiC*8_BqMHfS{hpCN%MKON(BN;a9M5F^&!vqGLYjHgez>Js#_Mnk zDqUoi7|F2yEzR;`TNcLrmgcismL+?!ZmOguv?jA!XKP(%2YqJK+p@e5T)$~qYWf~p zevg)~k`TvYSA8WzHWDAAI4FV(|vpYdM%Om`G7wZnyKqhJ~? z{3aYXaeiXT@*3!Ehz)FPWPOLCKXGrVg;!Z_*Bd3SKYs#*HL;z$(>;62_Fm`wrolfP z13!IZ|MEtEBeL#39v$8E%%n&9uRWD0#rcQ#KV}lfpWjqG{PeQ(Q7(s%DP5E*o$p!u zlt->R6Y*4hZdYkmlPspoQYGYMLbT)E&f8okZwmUajh(eTecd}t%WF!@zU%GVw&}U! z51h84e|albaeHR;n#R`AYiffFP-3AS^dzV)w$zPEY0PgdE^n$z-ttG<#u)O}(Vom~ zLft{y9Cw@ckMtD&^Q=_Q(?D~^tj7LNoQmi;f14AM2cPz5H7z^G-#&Qg7+H%l3=?+g ztoFoplZt=XrB=+0bjiDQ(l!JA(%4z^6M#OSZJxd+(4RSe!|4c-`Ca5?$6&W$umzSs z1z@68EC-;w2E&ZHX*0w7@}QOig6lFP=T;OV64pe1-$AyEDL>7h(s`NI*&ROSdOVok zEfONiMYT10;p;;qaqGY-Q=X-<@3(sLNBkMXPFR0de4){Q6qjR;i(YMWu|mA^OURHD zL!EJ+m+T#p%|r8V^xUuY zN8zCf%g!RkKJIO{MYpouDHhD=X%7z`I`#DQ&yRn;|B6`t4Wde?ts8vf)YBLL+&g}= z-r#$sXR`}r-E#C3o6AeJ00ZS4MQB4uR5#D!YFB_`E+Sg@$jiV z?~{Y&^$9jgCFTbAVDv(#<$9j)zjXAp!|d&e^XKo`4@r-nHas|bYH?qTL^S2-Kb?GZpU2)fNv;Ftadukv0$0CWl^s;-boM1XzRWwK zr)%HR4gMik-zznJ_w;4C%<;RAU+-^Yd({S@JJ66dFn0<#XLSW?7Q&y7K+g%g0J8n0jpUr;gi9L8>##W(4^?l4*VrI zpLffd>>T$IHpyi%!;>Vm*o-@ zuDYD36sckDn4zkeEc|QeCsfmBp_)uE$@PFzTAcGNRudl|t04faSPcQ--Ebe@B9NXBF*{H3nh?W8U_|YT*pxq6!3X7r7O_#?6#0WA z(cQc}RRdZ?^Tc)U8GGPHS|lkfFr4P3iaC#q*=z-6<*$Y@n~z1GJpo&sy^GUF~hb?U6oTx&nl1_Ee3LMre)5?p&tN)KykgyXUqwW(IkDN&)D9@g8M7feKVc9IJ1?0gu$=2;Cx3Ne(&8{cCGZMkXzOVJ)}nO zzFWe(HMlbBiLFey0o^xcf6oBxHiJQ}&?gO?TEzC?mG2JXZ)b~3Y9P|vG3vMydq!3i^BV1vYq_(cM8<ccM$LSn{g}8ylRn`{+8f5BKT&xWJ5i&hR6CZ=8X)c^@ z(sFuNL|KI?w|w%rw1{I)G4toz!lg;UeP^$U*h5N zazV#bXVZrkJ$UK-aGBXDhX>A&a*rmIIQJ;J*wN{3Xw{bBw`3340?{aN^TkAHJ1?i0`m^tHwV;*)WtPV@~1YUl!6&O zDJ>-;^Xr2wf`_V-#*!$0gL?P!ZvHTi3AOMV!|Af>=F1!2dRf<0H($P+KUNd!>i?R- z^Fo%hQz;5RQV%`vYzvyEgtDe^;_z{rkSqUec9wC04dMB=y+19N8$OPUSlCRWGq};7 zLY(!Sq|EFWqSIvWcKT=!KKzhL?e^e}hwXq4s7=`uo(#7Ke+mzW+Jo(tTX03!RZb|} z83<2Sw+Fv+huVxF*}IrAK>8eiZQnyZ?+m`d=xSEA2m^VVr}zo2^A*h2HVE2J;k-K_`bM;(x7+2$RC{+KDxA#OjjNDYono% zT1w6-usPoFs|wi#O4l|}n6S^9Ogxt8vLjgikr3_4-b*Gj8wv_aRQ$6-9pv4&+$XG| zO$!U=2JbM{VP458kb-|ikl1=cGCl8sL4S-Y1s_DvHQ}48SSbzO);=4lajhHLWJd2{ z%o6`8@;k}nQ747O$Vn`(r(>0k4LG3mY_M>xEnImwgq$C+yPq2QQ+v=k9Iou?Zi$6( z@}uDiD|JGpo#i~@dhuEDSHi<-Iac=B$_Zq#&7EkiCQG2|BQDX}{u+>M5p}`KSrJ|~ z=onj}7G`ASM2X-W*9!Ra<_2l>lfy^v>6$bSH5WR;aJ((pKSr;|axvWBN4fi+6Witn z^UejID(f(XeX`*ayEtzPVT-r{iw>6Vr2fn#ovqHdfD!rGU@QBvsyM;OulyrzbAv5s zMyuUdq`}@E(Kg;02D{(cL9F$si4mXF#z0*^)$NwUyOx2d41G5-q?dnaGr~O*LN4cm z^gjEIL>=_}J@p(BIE8hZE{|RKUm-2^++Y464p-IMHn2e&W;jW@XQ z7_4tDa;&@u;se5y+aMX$P_M$N458f2CAz{R{)=-ANbH=y6mZL)u3JHENcE?TJp^cF=#&^a5yHd?Tzr(IekNgHXT>d-QJ3o-$ClXEeenfKj zEdC%j6B54_IlUO|IEPZ6r&NVXg|c%l)BVfzuF;3x0wK#ff(y*Ylp0;2I`o9Gu)ljQ zJX$+9xWfbywpHOvTwFk5U{L-C%^A92)3CbSTx!t2@XK(%1?0u{$-3-8fiiz;G+}=A zK?d!zuP+b8*&e<@K59)B?+Ib3Cwn^py>Ex)fj|5kBnC<~>F+trtSizjgO7lNGhUiy~WN$mqpcbiZ zqd~rf!O?RfcYoyLx@f{?BGOBU=+G`dyuy_*>h_Ht1`llpM-rey=9unwjn+MW%c^_+uV1z5xKy2}(~w?hqw>j7R9O z-Si14#h5HvUpelDy{Or|mx)OJgReDiWnZ18=8;2OX?yg}THpXi{r1;s5Hs=NL$WyD1iR;|bXL^$xNCqzL>D_G3m5rHo?iJ_u)-B4BvRJaK zt5YR154BQtu2#QKNp)D1jCc>Zd40u%bY*XzQjWpI;EabHhSjk^a?N$P1bTqmVX4R_ukH3))TB1?#wwGT>z3`8@r4nsB7~1*H-y3OhJzyWxUuoa$UF)gROV6deo7reX7=(A zUjhw7doxyO#!QnDdHlP5Jxcpy6UXBv3_*Re)w*9jOJK}wM>6YE!|L4=d*4s1t#e=0 z<;V>L!+aPAJVAixb2i3a&o)dWK}l-dlGn65HSVEhre92Ijl0{t81g+e6C`Av;xXse zUn$xMwJ9PM=8#pmfUMbjpx) zN+6w*l}opO9SC74bbnob#(PO;M|p>)ddbjpZy%E)v|IGu7rI%QNk<-~MKb~

6B9?rNteS*X>^+#*^)0j%qhAW0lv!32gkWE?SwL2ZeBez!sZx zOJDMxG8ywNoewMgX6xgj@Wj; z?ABtUU`Ys!o62gwGC%2$Tu_$H^H zu=~iL1f`WfTSyyHJR^P~-V}RUl4H6$$D*(+6cMN8G&I3|_V2pT zlCz*Wz2<;#$oWrpS2lY!ON&ppCSGJYOc72{H}>2H^L~M@Zs}5S>`u!!|14}`N5;=A zUZ(mlC3l_8%}%7*$Nq-D#ksrV*IK0;Wn-Q@GF6O_?>u~HrjzF7Qnt4L{cN1VC3jI) z^UU4rdzG;N1VZi~FRw^&fIQ-s+dKt+bCzS8lT6S&5l?C)^nyLtMk2K_bKNwioY{ z`Q$sEF+r37C}O2f?(5wROUNhKD0$aN-jW#3LUuXJ#|twO&QFc%%WUr3HNz@=VUt^{ zj?WZ5r)k1!q>f(#v|=kH;atBQGCTmr-($6gB`%uBBIY zGyAM?P2=Le#B?>2Um4r6y%f;iho#_@MX=O>IPV5h`a$g)>TKV>e^!yNu=;$CbF0}BA!++)DW)(LdQpP^Y0h=b&x#y2lJOuMkZ&*yR zhU(w3u{JiyT(P%yT<6^<#5^wzxJf{FV-_)jaBsV|$h0<5Ia%H11A(qxP}Qz2VP?RGyLQW@`>t9Hcm9Ha8&aX}UpeG)A;IQI6UtZKv zt%I2kG_Q@E#(FE=h(cRQzJG&r#MwsW`A$iUIOcl<-DP|ScSN4*OvX$8BK~>SVkY-- z@iNK`1CR6Dtwr=%hM1ndbpIvHT{%@u0C`GEUArld*}`9ho?6%fe)@up89%tP(^T+H z4ZKQF?TBA&B}(w=Yt>zbtTW(Vt(%4JNTbOI2I3Q_dH?(n{tytx_Y}F?Z#J5xRge^W z@f(bg6AOn=5sjrz)=pH3tWO*TBdE3lrEPZNcYJ0kJNwWj6onuk*2J0dvilfT2|6-h zO{W}E;)Tzus1(4I82>}H?1@hwzKki%VSj6t`3W;fF)fd05zNjiu6*V&387-^8GgdN zs_6^A0sP}6rlL^bFI|fV=ES#wT|BdRUFq7$lkxD=so%_+b`~IvqvsPri-SU1w@@Nf1V>`+v!?4)SP|F@W_Mrs>lhu*6GOIglW7gg* zS07qdll*sMo4+DLh(-7F_HwYr#GG9Rg5X#meak8KcHfUHS4ng z5C5c2EhVjJZ-?@5iU*SQJS)J4@!&PGWh>9xvQ4D`O?rLP2_7hDD24yVR2zTo{JqXM zgpSiEIRiqbN_`yanVMQ0*uEs~zffaW&Php~n48RcbANZ%}jil zKN--Je`&j4rrR!rdDF&&FtO)nxi=!`5_0_@QP>!VfL0SAHld zj4$dPuk&LV?;;A}}IfF*x&dXr!MbAR0>bSdn#H~cF-RK5k= zT^?AvkurVZaN_Bw#Xb`F7Q#Q~90OmK&s0N1s@>uX2Ew<~%!UVFab}U`H}5s@y{^u{ zx81;Z89)Eqz_-YQulyFd8x*!7U@JjfbeIa;#U4m{Ve7>MxSSm%Qt$RWB~!u<()MS4 zF#Oyrz`ZAcafLkG0SpP z$L(jmg?`Rigw+KH&l)IL$%a`r|0G>M!TZG1XQK}<+Bb}l)AMvTVKU(;y_(8%+{@CH za0ST{p@HmpQTt%lf>`~<4rI(dDKQn5(*z*vnc0ZKOWXITNbecte4dT#BT)-1bOU`g z1;|S$%=vu+^}zX_=$WC=nR@rGzB<_F^QmVX_3%@O#x;WdM1|PXPRFW@pK2_b93n?^ zzL>xW8psw(*)!d*qlp2Y6zr8mq_LdT1%bG|5?O#mZukjwsDv6q6j9s!uyBf%FqRL( zL{H=tVL!O+G#>A*%pWY(lD8;Th?i8F>f9wYI^kzJB`iHg-cLipihAS-CxC3Qn|=+H z;=}PXYB!%N(n)Eg2ze`m0Zib=F&RbLbsk%bSnERj76J*IUux{12m|YLsuKni9 zc>q7#5f49OKh=RnlH+my@tmi}a#?it)zA6tr?w#xd+xCC{3ZF(buz6o@?;foH}VEH zhr~R=hQy7{KDLU0{ov~piImKEbGIMIXh{p2v`PWSkS2uHH&Ohw>+^@$&EMk*=U;62 zH+SHP;K$2lGm?i@vNdtjCdeg7K-1M6V+MHpt`z45H*Mr^ryZ)i%d*=xX7cw4TiklT zJ&wI>)+cz{POX=%>@L|b7m2CX7vTD?f6Um$uBC zE>i+-$->IzS;kZr_cOYD5G6=TF3;KV44wo_3;8W`I!GJGce!2~N9n?p%%;S_mZQv5 zV1+34;aBY(K@gBAQTQJKDwqgAMyVqDmzxOxibuJN%unPzIuZ42nT3+l-8vb(hvlKN zbdUTDM!V&~meO7FJZ7SBzz?nfLyOGUaOqb2!Pe4U1WbLf{XP)B>2jIErJyNqgL6T6 zyZMj2oi-zXj4^OM4Y{4&{19omhv>CpAj8EnpCspVbpAHr0)QarY5OlbWZh$jX5169 zL*YeseFyWpC}h{S*u!}pF3%w=#vIOwNshb8!As@cFf@B4&)rNLZ?R>8(&f>=0zbkO zt&g5$!bdT7B3amrMXxL=nm>GXS~x*VtRKtSn#!Xmx$*E_fG|)TzFS~s-h%RmLix(l zwZJqeat6SX8#x1cShJWD!Wb0?WAWf!#ld?>vWjQKEG~U#+{M#92wE~gqkk~1AxJ@a z@4}YFZ#Vymi^|0GQ`ueY=`CCh^b8V7^mdNe!p{h;3BHJ+*nV(1A+1D?@;mDVCWxoM^O8Mrhjq&Ghf_@8!)LuLibqOlu`#m$3c&3Umq@k}7027ho|BC91b;BUQE1e;7a7=TjwVN_LK}U}t*>^!?MfEmbE4=+57(As-5GOh9PTc9 zQdzqHH22J(k{%m(6>oklW#qQDf;>nA-pEaN=k0Vhsh+GO)RPme8G7{Uvn1QSbU<$< zzx#&iXL@Qq{?R+{{3WEFf;jh{cO+n=ciwqo(m;N^Vua@Q`0>T*jGT9b7>fM&!v8;= zcb0Q8Zq7RorH2Yc1MWc&EWJE={{^b&Nue;YdHBD-%uu2$o={w=amSd+P)al&N(6OT z)&m9TQt~Gh=Y$#&aC)d-?)3mVGw9b^MQWt#Ze_d8Cn#DdRq=?AIS=-oXE|@ZHSC!A zU6CFO_mLC(%`dsXZLmS-_xy%c>5R;;pf&Tmce>86xM*#7EB#qv@uZSg^Mifa(>fAVcnxYN*Lyv1E>L^GYCw3_H@x0W$#QxoTKF(!pEtBRW zkRfErUop+syC0h>9L`fay~h>kJDNuk-iud!>_9lj$RFn^^>_i%v75wo2K_NO0B#j2 z?o4nmFx^mnqGUdqy!7J!=_imbo!ajc&s#x}EIK*paW}yd*1L6HU)Vb?@*bff#B1q& zQTwG8WOiW1xex%ilysIzv?`WGWzX4Wam1s7qk0tmDcNNdsHvRZH;jd(iazRtN`3+Y zX3PDal2d^1F{xJrzKOVqkb{O^Xr;yzI1&Atu&w|`lEXC#EtXBp6c97xCCqftPTWih z2w+aVXcAtcBwIU^B?FblMDZ|G=bqj7X*WgmQ%FJ;jH_|)`9SAfdb5si@hXk9x0^6~ z5^nDZL5^zOk?9^Q_k@pE>cg^hm;PFVS+!n@8cT;vqS=q{l*=k7sGptPH2 zf^+TEX&figuk%iz+{h*IvPDjr-WSUU?rUY#&zo%y-peA`5#tR@6wkGU@U&+fpf^-U zu0^`u6^140&J=5BPL{q1QD-b)-XBmQ@pCXZ6-swWQXJt)=~W*^Jf?ri?@6AV{2KR@ z<8^94OmPn!!jpCEKru5BvhUgm;j3{w(-~yiA_Wb(R$2mdOX^y}f_~eU3S*8pXgP90E}sC_*!oRk%oI1J0$PO z6eW4ZTR4gTLRYiMByyEcGI(~b6J>U*%-%=`xMET~iyzO`X3MTI1ch(u={%r}x1yb$ zxC)ZPKrKbNE$>UU(#c2leNFHCec%xl1|||7G^G((Kku1MTdQ%3i0O%j%C{x=AZ zIVwI6B=f77UK{CzVn;a@R zSV75MOr&b&mM6FIh@w-+P=#ljSrT)@e*A{W{{lMYGWN85by^zc$p6miw;v&2?ab2L z9=~x>IwSkh-DYyGn{4=v|NZ5E`#HUU1jzqpriUpg>Mr&`(z~y!eu~`35XF=u1AvE=yyLjTR}~hBYlW)0i52sIKQLu>!t&h4U5gp-d%2%-F{^~^kbd7s6+>4 z3@*$SEBJ>Zp0j%YX4F};efH9Ic4a4>x;H$y^N`;K=S6l`;@)l8B`3LlJK=7-xd*W9 z2Og&_b(ka%0 zvp_u!iX_L|e^r~ie{;MA-G+0=-m)WOCQR+tOZA&~h#k-$AL6p~{vx74kr4oP=QwAw zbk;u^QYf2$x2l!gTdPVvz(;X&24Pw3 z7n{eIfjFwEc9XiOl3*LiFgy7)HpEG{@{o zPHXa6KG(Uw(04vZht|3eq+cS_UZz3eAJNppDB|~qH=>d~!p79kl{%FP{64jyJj;Kd zVEJhp#4#l5g0byGQdv0J68|CW0ao)|Xa@^lT{333n-ChTUp#nk6zfd8YNZq8#^6VeW0 zyj!1;dRw26N?M=LQpzv9@HCnFRlxE`-l=k7jP5qH?1tf6bkK(exGW=I?46$C4a8*m zFqHLH@djsKOER$NsHlg(q+i$d6z|LHjO`3$9W3652H0*Zb|BPSaIF-yvfe3PD+M!R zN3B?g6ljTU&&cX7-p8FvY-0~gvTs5>enQM(3Q^63#oAvUvh3zZX->5F=F>D6s}71} z2x{&<%vI@r`{89ySIZu32k9Dp>+M=s-aBZX6nCkn$f6$Uw%o7!VjFsj59NIt`yfz! z$l2Di$BG>aDRqgx-BY|RZ%^^I*!z|g%82z?u};anrua}Mn(rN=wG!Krk+l+sb@bg? zp7c{|{ANNRv)Kjg#XG29H$L&01MS1l9V&73mlKxgYdC9)*JCWo1xAQCnOUNAE8cId zuD4_F=lWML?qIy+-t@3OY1tJrgX#t9CwXY8pdMTNiPJ$a9_Fh5usZVgGOVnl#T^{X zcYzswv$0$XT3KDi%VnA~Vh4?y)Kruw9+%b*5`w-g2iSmezI`6|H5l+wt=7(6ZJWdgDW1AD57~--y?R_Ak$f z{#*Q#0Ncp^<$>tPhP8mK;dRiGXcHfwahxwTyy1<0Nspc>Y(Z%MRJ<^s+K91S);Y5A z1RCB=XR33j7AosNJZf1F@$%4EmZ8QElzUEzPfe8J5HuosQhf0KmO%8(hK_XUYByj? zYYQVAK1_e${&Bolt?BN7Ze{j$E4n82ZomD`(%6;0_HsQF_d{+u|26DSSKmndimz$? z046|g=8?cAUA^Bc8gF6iy6WrR*2Qot0aX9;XALONX89%MPaara_Ivhvpb{#*CSWI) zQ)tm4{`uz)H=z$@CK_iYe@>bQv+Ib6#G6k5_nn4p`l-`Z?f#`e`>&=N-!UQ~TjMF7 zTkpO$&9DwK?RR+7Jv9`FUO8aCj{xD+6%8ZObvFJWb$Y|7^joz%&rFT95PhscOjot( z#)`%{z~=mOJvP!XAp_>;yIL~joabB<5Va+bA5nQR=#A%U{0`tTGR-AvBb83x&!N`{PGirOzB^uF7 zQwxr_>`>a`8r(K7LLX6Atc8c8zY=*r3O1k``vAbKDJmrTBR_c zgOc;9Yrulg`;IozB1onqojI=5I5R_B(0gtojTNGMrn1KNMiq1Zo% zWqs;=GlaHYZ0E47gHE+5rkM4SUhnxzZ$bv~AT0kVQljA*5wuT*$-#F9^g?7PGd*RQ zgZ>4_L%a@h+s4(Wj~Y$<;Mn|tZ-FiB+bgOsA;8ELQtefT7}T#;RcxV`cxwFY!34AS z_A_A#^6~z?D)JRpUoNXJr+Lf#i>ZGhVcaj``dXYf9`ZY_3w9?r(6a#;IsGdhnXsG2 zvI3kIk6578+gsU!rG!1BVB&{8j@#m9a7Zex2spv~1*g`}ihm=xR3| zpn!9`<+E`=VrCVKK9QZ85cRJ6M5k< zw;09yUxC#kfEwQ?`?K~+22|zqJEwVwgKKvSk`R(oP@RV zVOcGv-We|(=A*{(p8wT&Rv&wSy}{f?hkenYI0{68s$;<(SX+2l3Hcoz>kTAz(lP7m zgnu)XVihiQy;x4d^F;Q>FVt<}ym*GJtkL~f*1pq^^8v6B7*0^63y)b{eh3BM!?HO| zW`+H_Z-rgv{*A&?Fwxg}rQdSe3c%T*2Xc~}$71Ni%Xn_-5gqw`jAs@4A0SG`HLdOC z%F2R9eesP2>tG7ic2{s$ZsoY;k`1v{HNN^~PTwcSKFW38R*!cjGu@x-y{g5%a?23= z0?dGhv>eEc9YRS=c7f7O^Be5YU~aNO6g(~?IHg6{(D|p(TJTHZPbM-%#dVGJL>$KB zxb^HWYe##?9sUEE;BmYzAle8&p$H^s0z6NTp0Dl7HE0hsZ702DXND5s0@xW$fp4|Y zO7Gg*ES|OkG;2k^hp}2=elfalPKS|)$$HKbTam-@oZ%P}B!Wk%$hSU)gS@=;;L5!@ z1+bDADp>SIdK`|bo!Ig*M(~`qQ<@|&HauzEKw>^=ce>N6bq$TJM)Dd*^ri= zOzml8R&3cYVuN(svm*TfB@B=UsN#>EvVPj(Du0$44dC%0mF{sO_;Eh~-Fx+f9TkzTxwFpb<%fEy-2VRsl{=m( z`JbrV$zumnx!?Aua%*!9m3yFfzK)?!{%UuQUYUJ4ebV!%Tvy{X*}^H(WGj-%iICI( z2wl(6$y4Hy`wk~=?$5J#(?$St!c_QF;G_>IpUE=}Eb3RX@8wt3&_NR2=i-h+w-`{n`vXv7y;y;1=-&(FXQ(;titxfI?q z=La11vgOE$qgAeR7E~qb{iX8)3r=)!K3eNut7~1j3o#X8&dCBf5p`o<=Ebl-1!xs# zTqa747f!;(JkF1TPOS;JsB{vyo!jFV`?9PTJ-g?tzV(Iu0C>Y{0gY92rpS_zL;Il8 zS=Rh>UK1JD`u2E6UfI)FZvyzyir<96{lflqp#X_5F{9R!^_XG!2kd8k`M*wg0@|I4vn<@s?idsKitZP9-oM1}TxfN5#E;9v z>Sq@ANef08#(aO|jB8pQNtwSpo}vAHTKjuRPwc4QS<8O9pU+1&ff)hCn= z*>Zqj_QvV_9E9MOGdunPoZ;6KNa?*4(zYN zXEapkZcgbZCKj0tf$+ec^dgT4!DILZgSg5pehbUt1I%49#?TiA?$3oXA;Rx|zVNIrpLHch~Er zNE8I@BfQwGiE9r_G^q^nDYgZ+z;2QN1F`pycD+};#e)~xc)>^c7k&(lJX9>VpoFO* zoHRA~7@w|wOtkeRtdqXZcvN1o5!r$w=bkkrlR~x`noZvyBZ_Mvwjv|?#C}Avk%IrZ z5lfn0PCeFRrEd{&?@-rz!XQOP#|vMI2VX5t=Cu^V)Vx$2d{qDxd&}=%6PcKvKj+PO z@TGXptHo>bT8lS1!Iz42$o3LfzOPzd8gIn3<()VLrAMM~#ymMCQ32?k-F%J6ahlWj z8_4Bf6cN&*gFO>*uXyf@%YZ8{r|?qn;zIMnP3?l57jHH%LwK=^m%Ui6uRd7%xuTdD zh#l;Sj27wP<9wJqOvF=T{2iU$r7P`=TUwo!N*`psd3&(cwm!65fK;fn>ykuF^$=QBWLkeFmKBKzwG9B=#XQyQLwIWRJipu6ovkDZG6TN{@4eyC^=rGMljV@@~x03GW;9tJFXz)C`XOuJ=>vTNmh^ zcfTW-D549MEj}M>?-Ch`*dcI(L4brjxjcAb$&rlEi$(s-kX^YF!GBLD`yCWXxBN8G z>QA03@kFBygrr_=z&+F`H3wBEs{*!K;`invcO$Wzu*<{7h3c9J1smr0FS`fvREQ#I3;nWp2^)GD%Ac? z7*eO~8L#=+dLP22u1)@ZNP_iDknY|E=~NC0@?oX3xsVP9Z=#SJ0*5Q(}7-jqPejQ2p^0vkc zAIMvg^|@2{0E~INCAZ4B9>|YJ7F&G0@c~P}^2-HIdu2lD3}TGZ)zR0aN(>deHY4G& zS0{X9tp~C;I@SYZm707`o#k=w>Oe&%q;v%;rB~{V;lJzzoiT}`CNr;cI&VEF`UwS4 z^fM?Z>Mjh`X#>5p&1PS^aRO_)Bz~@7oL#v!J`RTmmAg52ALLRH6y>;`Ly$qx?ncn=V~~&7 zb|7V72?-VvcPTyo2NoXaL8P(hJ8dOp!uVS(JiiOI7+dla|DJ-b;#H-egAS?%ceo?qzmU0Ubm*C3-p98*F@F zuef@b1-SDloy7~khID~mh`=fMbl!o4H5!2eoGbXDAsqdM&pK~oBogQ3b@{Va-a-GS z;T`m_c#FUCIg3St16dY^_||8#qt8>0s||nT6lxq>_B4THs0&p0&%jLO!DU1y>X7K) zVxpn~QM+jos8i4i^BMNpO;7S-I!7OhS4l}D&!G8|yYjXs!o%peh2K&xWc+iRsdIT8 z4~cW{vGTV0*GjF!4~kiYRlLf7`Q3D|Wg#y;u};((GfEj+^l#}d9#6rsIrrd^KId*g zSHvddZOKYh^%~c+aTh>&#q8$OU>uU);Gg!;jF$k9fA6C>-hB^fFBpwh-6=m%YzAdV zDP32mRb1hI?|Ygqd-*l3hLp3TFdsrsp-QNyWZWuQ&|_P5n?5K7zYVQgTszb2?9!Ey z5jCQSaQn%!xrzvCc&eW867I_HN&>ucWIAxk1(xBOx_Sv1z57n7N>)&zvsVea-iGHn z%VTrCK>9DMtyR)bwW#XXxZgG1=~KpSV#d%Dl>JPOIvS*%+o_9s8xNb^O}4jNO}pv6 zs}ErP)<3bN7t~6}1HF5d(2yLnSC#bk{QvgaSNPIj`f4U8WSRpSxw0uk2wvSQ@PQD_ z87UX-*P`SCAk*DGcFVm%`!B9^*f^*ZXU_Ck_SU95(vYtBU+k?kf2wS}kyC5jYgD5T z@k!)(r_IAjVta7Jzp53e?6<47nilHav9e%9rK--&{+G0cmA_=`gKZx^$qDOfXn1R6 z1d6>`A9{ndn|@Cvphu353>vpsHdMixlDUdnEh`@fSt9!_@|vp_#fb5n1;LF~Ve!azS4LnItNBDb}ivV8Xhx{QVvPw^z0 z4>&;!GmG%Uy1r)Uq7a)2xo8i^Z_g3;*VU!-t>{Ii^Q`F9dWqLip_8Gz!gB%^N+l}F z>#KWi$?l2zxZgV4Jr5cddmUZi$jEqA@a(BUXG#zaRaHGsHN>l|%&C?iEkfiNSJFwW zS_)?=6!FhCTOUN3kie|%rMn~NgFE?{g18%d^*ct>XxQOgfjgVY^nqFSv=1e(`;!j?;opa2R@@?77)8)UUo-OZi_#}=0 z`hF9+kDd_Hl1Fh7U`l>qO6K;KEaGW{mdw?XMTEMeAOhkHyE($PupeCVN4`OKh|YY| zAk&qj;(K9-bY;6#c)50^lcyQl6|vt)^MlbsZHW&6^FbWphi$M_gM39D%e`EaeR|qxOyewgb z@GhMNV&F;Tr>%KwoXS_!1`G*HYid+`l?9slbRLsW%k*6X#)%`!oI1BimDX7h=9;2u ziF`+}A;-B2E&#;9D`cq3jKWj zDLiEMpCvNkP5I9>;%l30_b_yvtppD_>mZ2{k8W~AtXFrkS8 zrTe0PE#eQ!aTkbXs1B&SNZxZg9n zqoAO-f)p?Dr4AdO{15*1tsrwh%MKuyEuhQdA1P6)b!)Kz7GlH6EpocrUl0SiLlw-K z|Huep8*OHabKIv?w$1fSty}S9Ei-UG`l9^Rus1n1?pV`Qjl0Vf(@p=Y#J8d&)$aFt zo6@UsC4t%Q`Celf4E@6t_p~p2Ny2|4e;BO(j70uW*C4ka4dpEM#u@HoL(&3-Y3#QG zWw=HBPoDdp4ka;_QGd-mvxh9hxp$6vYoE$mL-TNIx%m;N{5b2qrnMo-gQ>ov;bETH z!X63tUQ6_s{VIOyeSJF`$DDhy#CQMxZePn!r=Mx}x90hncBNqdO4IlMleD(^Tl#97 zm42qS8_e_msnh+4LL}gZb{Ts>0}v4{HA&Upej&=cWyCi!#bm1N=4Lr5U7cUfey&G0 zIMp#`QuKS%)v~L!gWVHi%d*9J#7k;H&k?tA2l#ZomeAgRsrH`KPi2HpEnVU z8q3khe0YYpsoPC5TlMZkn{+HxG9k7A?TnEU_sPtUf_Ezod#a%EA?-ePryk^u`ZLYa zUTKL}u9teXgh*^80(7_<{izOCpBa4AQV|~ zt%m0?g7gAP2z$M|TvtjUK3H9Tedh5MpiZPp&5l$A^{sR(#Ac8~Zbcw|OOCUzpk+QP z5gD07MAurb_^%pkG;L(EZVu?lrN-^h!zON*v6(%k!ByCr3+K70jGbBEx+?iG$pHk^etHgsfLW}-9 zw%+%O-vebP!JomlFlq7gYTVPzBfRl(4)zU3S9SpP$<6erkBJrEj{-UD;O;X9T@ydf z#$L}u-L6sXW$BjF0@|K+UsYG6+s$Uu~6K3pOYWISd< z^(8OA0YY-fhA0*;Ah7LdsH4(g(z{JZ?5f0pTI?Ce>z|-@> z{j@q3WXR%_UmTkRlA?J@GX6<->JO`|kU#MpC9AEFOqdSXmk3bBUn70E8`zEO+B8#` zXLS~wpL~U0{SU=EF798PYR3s1t*lvH>Ko~TX^&MBze4;j((ca&6g;L~{ArsE>_e77 zCN=ecsO-W4l@06#{))|4%2QVwM5^HdAZfWUIu6v3;05D+(NjQ~Fq5{BGhSp;;=<6( z%c|Ww8gwg5eI4cO=(S|N%48P&>dkyh;=)|XeB`?(^K8{AE)SsuNsmM>luP_IQ&aDB zs{;t`6HIdQ?~GLIEZLmyg9xkgi9L->iakym2p$ob=iq#^ewjVIyokSC{suO5o9V?D z8@kTxTwNll2&X&MGdX6bq9N0YK#)I-t{+!|oFhmzpen^A6_$~YfH8ASzTP}F)e=Mi z3!O`+OJ@bkyAx%pwFe&r-6XjNf4ae-@phudo57a-8>^gHEgSR`Zqx>o9eep%%K!HKRGJPxcE0Q>N7uDYk0yJn=lL_`m_#x>H&F8FGinBT|Fp6C9L$T(MNU z5A@I1jYm=Y{u|kr(s|`xRPqKT?|1v>JuG>f%E_CUB95m-Vy)GOydohfQq)((Dvq^< zVuV2ELdkw$8U>RX{7dVE780~lc$(cl&l$m!QV26vno}V1S zTqMGOcJ>ssBZ=Z>>#{m$t=qZPgDeyJCt|05T9B%#bJ}28o;P2B2fogq^{45YeUIKa zGDTWFJz%mXZ$2?d=qFH=vjIEWPkz?G7xpu1Z9 zdlm5)G8K$574#MszE14)OYqH}X}%S&ON#jLOIqKlSU9ltz6w$o04BuyfQzF?>cao2 z8;_Wpdb{z3F;u&^k>OdtP-fX3g6AW3aKIe^8~su5;z(Sa%Z}y7jrfdF$g(V~aqln* zaSO1==+Fe^K-5t#mzVGAS`GWV`0nqP9Krm818KJPx7ocO(vp8=3lSj!o@qa@{JZ*)NVrCOFstJMMhar?vHvSLwdw z@1#OJl|wURfUyJif>UD$1=q^vef2WB9u)k8@B98CX)Tz>)qk>IW_9obP1lr6e#|&qEJw%Mjdwj zWYwb#Dg8~98H&0G8jR#VJhPTF+B1DQpu;0(*2CIe43T3{}*#+y{FwUAmd*L=j(S|_HP_nT+$xK?iD@kah6 z5XZJvhJbsk-<+oaiXF+AH%N2Ga8w12Z5?pI?@Lr2N?dff=hn}vrPxgO7Zbf=gCnaF z^A0Df4))yIt>5sM;C<_{=Kfcr>Hr7Bo?8!l<*rYc3q*brThX1E67YIb?Ox!0lE(1@ z9qSpiz)Ai9kO;o%{g=>GU0U*6@9CqnP2=CIQ@UgBx>ep|_EWJxDvbZw;v6tfR)PAy zj?7|tmDIagSLzm3NV(Fzk$}^Nfpk%HWWBrWDpMKf3C7$9d7DfbAC>EZ|y%I}&KATCF^JrSeqCZ<9k^qZGQM)@nJu?N81lJrN!sI})<* z7nM+~1MT}oMw^(93yTc<9$C9kG6@z*Q_e>Ff)&;7U)!{EmWe7#kbn>BUE6fn=zjOEC(Hq2Sn}N*;KHPm}v6E8cF2HH4Cw_-S#(nhw(2-Q4ZRDrY}`Y<{(EsvKNH~ zVT4mJ*D;ps7|+26XX4uN$InM-=k7N%-~<~~uWS2%T9qU3Y3_}IQG z)1@NclLIHP{kPr}iFjrev_k27ifd}+^xwbf;|!@LPXJA57XP^Tl;GLZL_Uru_F;81 z-Fw$~!;1`2h;!krE@|DKD-?zzF5tR~liV9`yzn%8cfU)$7heCu`^GQ4fAocS-ya5) zH~2RL(qYbb-}1%9zsEUx1QosQ5e;EV)Vkl*gD3MlM=<-w2I&U`t!#^Q@oMc|ttPsq z>70?=`Dbz;*pz{MiL6g(XtZ>6(&Roxw|e(K&FGWw^6qRZ-4pqGnH zZh1(zuh`M!7v#m-4mx`i!KPSC4nn1u#7LuHxoQzx!ws`8{v2UESF!En_?M$Qz?=sC zBUPV(i7awN<^g^2w+Tlj`V6E5;y<+fpNm=p6g0CYfaqPHL#lW%{LPWD!_E&yz7Lx! zht~{eN+5PQu7WaWtBN1lnTK)y-KHFnid*@aWTgX{3>3u;sWOwRf{}va;e4tLIJ0rr z$)_3&elxk8lgvL1qvx=Y1u=XD56%z6Dj|!UlCUmdgDq!58wXcI-(Q^sX+caT2+Q*% zQLsu;uu4!cUX|^@NLFME9tOa}6|&*}%iv*lb?r>|g`plE4i!8+;NfAm;GxK?Jv^K{ zERBcb1esL-CELG(sRhZccus!7ctyO?E5-lhn9M0w>>Xj13WaWhm^uEn=1xuv1Pk_# ze#^mkCd;S0rF%@~odH2LE^)~&SO)KqDF>AYTMD*;Rn8p&uVP*@8-w7eA2Z-?6b^9|y zjYF#895T!{?6jq3%o(Zptsf=cQ1Ul`va7SV3l<|9{B+7N2epB!wvbXi=-i={6GsnJqN z$Qff$Tn>!YB2t9Z;>@4AQTY=?gd8d(po!TC${@qIcJNWUB@?M`r;p5`kz&&TCeYUq zYHpi2je+~T3GK%?41Wr|j6;u&7Q;>#DF}2BSxzuXCA`X_D(I%Y@aPSUH{e`pWlj#n zHu(H2*%5-cl{hel&IdWgiNA(1emQL9I&ZdoJjTC@Wmb4HtRLFS{*^eTJ1Tpm zhhkfNnRf(v@pn08`6JowoXuv)L8nblQ2T*Zjz4nM z*xNq7=JPdkW{4O6X2y{_5`{=7Dc$PA7;u-+iEP?nWD2#T!#e_u zamdNCi{6H|3!nVEhZ{=gY(mx1!8+_l)F*F*XXfyGvJkRaVF5ZY&Q6q^EKH^U^N~S_ zSGLfa70$}x-B?VvGo<2WOh%=d^>GByDW@N0054pyX7pYem-B;ca#$nTdcTH$+Lh(@U5t^BWoi4N`1owe#kek|wU}8uHryuac+9IZjnh`xGlc=W5)>*QGbc zL}=0LLWz=pKO~2ng*@u{Y|%$TR2ZVFWItt8vM1`sedH}Itn?}SN!hr^o81+@QRtKG zS`EUI!eRJ13oUwGD3-TULjkCPKA-@@dC$Q;Ih>^gPl%M zXa|j*65?|CcSDJCK=6X2EFtlIZDr0Da^&AId?i%~bu09*bu^8DmP#>1AX(0bK=C?% z5)l#WNT|*RmTL*0!VsfiJ}CunI$fjR$^2mee#5_FB$Pur3L#u{AU8A30jxv0NC*tv zt59Hm0?LR63fe}mhTW9`K(i?q^0)EgKMJQXPT2&~M6MK;kV<11WscbI3!NMXHG@;} zA7YgUojv|N0+xb9(Ab=ODkp29KP3-v%+Afh@z51vH?9at8jkRx3PJy;y!h8s1H7~$ zzxmEC=n@&Swf6{RfmJ5)mSNs$#4jXDxR@(LPS<$EJ8(RicZ6}h0L8jGe}*bD!?2+B zI#M`$1t_M`>i}E8p9E$QnOqqig9`Z%Fj(C&vYlwSV3V*)7iT-W&4gBCSPd*%M#5cP zlAVTzIOM$Ck*TH19REHhN2V8uWYcbo8C}rd#Y4d!Ml9pcoRcF1eTQzz#v^uz%A+yA zbfd_Blzu^UnFX1`IXUAQFI~A=(9FM9j}^kQ={AQ``4)g#BvrG%oZE60%$e5;)Rm9B zHlLgDHTdt*+6(Ra#Ea-|Hn1!>DuA6` z$fF>tGrJIqTL9RS4X;< z`>Cc;YY3m^)$rdlf6EajN>0g+!}?6giC5%0Q*u$Ebf)0eVVpB%T)d*tnNrwZWr<=)t^59~ z(!Deh7IK?>=V0Icfp}G$-`1 zZO%*en&{q_&Zz_!ZMH>FOR|3QlGf07UivZV;@0=T%laYtP2L?BFDY{yhu67dO{$RF zi-p_{`#*VHf+4I@a$BY3wo1uum6F@4LP%}As>rD*idU656(#Yi2~Nd?cvYEGQ5LT% zcPh%Al`I1kqGN}K+xK6|F)eZDUTkHM=Yy&CU7~!|du^8BXi~ad?zVmrTlPkxw!Cz? zeU~VCNwBl-L`66J!JbTUf{3?-Oef45j&*0x`XMHjUE7M+p-}vAIiU_7u12f)A>6Ob zcqm8Gu9LKzC9P1>%Ir|n!wad^4&DFo68YuJ4Eb`ke0kjaB3q|?xlz8%jV;fOwOi3& zXb|VK5@ip?+H(@&hpWlt-_??zKL`i4p~{TCb|{!ZsUdsq;lUxXWx1s|iu*toC5Dr= z&gO#EvE_T5ZLtqCBPaISqb16n%KL+uj&Q(tMN+nfnUh*{ULr~qwj}B zP0ZjoTND;nM>oX|<+78t?sYb*z$7R;StZ@_cCz(7!;$$0McJBv96s%Fo%W~>yRGv< zG+ftZ+2cgrbuSUmQexq$xwtyB+g1|BW2J=g=p;`Ezn@4R^k5eta*>*f?6wy2v`C%~ z@?e{4@^omPLTR#mKs{)Gc3{|RT5HkP%831e*`+w-oB^>8Ec$MFk01$Tym7b)xQC7x zTn;r3ZwUWM1qx3UYJ!M8Smt@%d7E&;^8d=(j#m^pQ&5{Oai)~SD<(Ko&~7Sorj*6O z;wj~bW`_e-{9EX-thcmf-Ft+mx`ELC0)EPlr$7{L}(G$6>&d5Gq?M<0hXO4SM z^`?~7DdXin+M7~bXDGnECPmbNU#M=wy0EGRBb3LNW`_95eNlgk{;oeA%jBn@jtKH@ zc4PG3&Vn4t=|2=NMR`6ljy2gM=A{+LY$79iZXv*CPY0-?2VZpW)4wxGpNRt=v8w2m z2VuFEUnZI&zC}lWJq-KWD_@4Y6EDY_Uqi4&@=-AP(zkp$k@8#3@XJ5P#bNB^T4`xyKAdw$F;%B@bB`>RrID%OpW!(Pzl z2B&h8536u|Au@~6^~GDvL^SQ79v;iaEU3dv#bu^mTlDGe=l>%0IlJw@e6C$v^Ed69 ze`9HzeNP>;C48U#yjAMoSiG+5bLY+2!Hii~^)>Qp@*Fa~DAQ{CS2^@3>S)hDb0gJK zVn2qSw~k+QKzbA}$;W1&toHMjL-FiFE@|B4%9u3>8l8Goz~NSTy=cY7Zpgk{G!EA0<<#h&heb@6FSnS=x;fOTEnfO&|a9 z6*8C+jrqd-f4y)1j{?>&ng64?cH(*F2B^&Va;R*6wjWeBlJ$#FkqN)N4=k@HrM~|L zEHc^S3{31Mu~I)4AX1&qbW382wdha@tJrC^@4gBcB^^riOTBHbHWSCmQCeSH>Kix{ zQr{ZWWMu4@H}{kPUjj*qkVkIY2(<92ft@VVHYN`HuRkdqSd-Y8Ht9q(`UT<4g#AV% z5ins?LBM)&FexEa^nxoUP`-=BO7;o%^G)aL60LK4&gq+&#=p#aEr2_QaHoMTgGyCa0FkNuBON?!|L;R06qI7;~LF?mv4W7r8`G zTvn$-&i#=_G6*S@D9|jP=9Bjbq+~Km@>L4 zSF*bZjQPuUV_a7#*^Z7)K1X&_M@C;AkCTXJSG#G0eC47=$2r~IEa|U@l?cz}S=yV? zKTE#*e7`K;^s9HfGvBiL*= zE#*=+d9D;6h=KFY)=_Ea-et(gVBo6M&_qSXq60e9Ew{~jO$d1(1}yiGtB{T$g=P7v)x<6A?ui%|5CiR<&3$q%4VN@#aNaaj+3Q}^Zp^H6 zZ%=_LveIZ0W_DRu6>ULqWYZ<4Z- zXV$s1y+jC+Z<1jt>)dNhVyxTnmam+~NBd$I9sjFg*@7=;?CpQKWA^(${rF|BmWXFn ztTT-xJ7Gs84yxE*z9+canh|}ck%XSk1kCZl9oGWZ~Tiy$pDS6#r`?)~Sm9pDYt zZhD6g_3pc7#_HYQ=uMa95VGbG?-5R~-i`OZ)ks{!fPN7m$Fh*BQ=3N0Zem0 zR#K(R*=3|Q`e8va*81tc^uAI<=0 zH)^8{(`(Fg7`SZG)id4qdSj^kxG@9p2Hlg*G|=+ZlE?W3o>whzRG-=vB4GI4=6~mr z5rk{JiSeUTq7!3W7vP2g;DqtOARMtaDC3Pfiu`dxooP!ywxxD~KGES$d+L`oA$5`Z zbm|{0_xlCk7-LA4deqYZZ(;YF6lO@AwknN0A2IJ+d=XYZU)1XIxz>Q`CzDt*-$1;) z=e1d0F#b$kDYewQzt)XbrYr?!=BSM`{`^+-L`un!TUURZ@XAH`|2B^9!l z9!d>ff}eM8`u5PiY4b}uDb1mu&wU^s6jKt;^{aqd$mkdW`JqMslztGYmN!m7rmGJK z3)ANJ#W8U>vGG)eC0?d~z&Uu+7IO|>1|}-)?t@mJeluDE_3rsk=!_+TGx3gDf-%+gzxGmu z2u5zXp*^$6$5CIf3gis9mcbgHEqA5Ko2qEMC=G`O;Ly2Q;oy}be$QI%4Tt2PnF5V> zXm;XLnJ-vnZv;^lX7%nma~gBD(#^q%+5Wc7GwR(p4aC@FNfmY0p#MFz`u6tRcDUiE z^o=d?q^}%hP02~<-bDZdzjzbju$#_jzWi-V(wYCmWd8VcFY_E2-^2bkvPR!cj+B{J zr?E@q`X-~)T~ONKTm9%n=m&A4#-XzbYX?1XtWw$NC)Btlrem-wY((UWv}Km%C$FNS z{!m+MKrc{B?iXIAA4H!u--xHqGr+P?;xQKi>|JpQ^&iP&~>MU+%I))S#$^< za?GuAr(c8#UGxt#-CsSfNR|2p4lO6%E;{A&M{p_l2&KF_DEbzBsJaJh*_D}?EOs-v zpOi**JiLZ6sCre{42h?PLRZ1(xJ4*NvZ>=;T7?qH)LVq)F%?G3XL?Hukqp{V(2}tu z*xDp}fgHxdPTAA3)^5PbM%yit-_i{P?23wg1lOJx_t&s6bk3qW8Hp2+SOt+GJnQ8s zLr=Z|;L_(w!`}s|FdquiBs9~TBfCjLKYYnN4VYj1)yh+_^Ti$jZp%#A$?Tlz*~*P> z^^C6QKyK;;+<<%UlVtWJ@z#^!J~3I;D8*t@Snw-_da?-04@M zgh#F&ox2j&I;Vvzyp}8?1#Pq|*T!@5Qzw~lO-M6Q*94zsLfU%}h0d=^SWE3!Yki55 z$+5N$k;fm%if-3sNBqC9>5`LvXVMs)S8SZ76z|t5Mr`(6G6@K3+|_0q6i_(X8ly@k zi#sQ=OtX^nDc%S1C903CUOJ0cEj<4Wj35)1y|BzKiss!n-M?^E?!p6eqC#__EDMz} zV8qdp>QauRp)_e`$@qk!is<|CVTvQ~;a;2>=l0%spi}(h;^@VHKiX66uCEcw!%Req zHD0ce)gU_Qjn(eTZz)kCD?FYcfjF)C&E=Y3oYt7?489A#37ZJb39DV^$&LPo#~^Ms z?k&WHhX0bY2*=wVx>D~ZexbNPtCCOHgBtgO0r`YYj^AW_#ELVUcHWsJb*TnFgynMO zAG@(a8#Rf(g=X9G`Nu=-*{Lkk ze|GbJ`CsjqU(URywP*aO(CrGxcA~`{J+*mV^dxSPlcCrSJ9-Z7UfwsIH!MlqC9Hrp zeoMc~WCy45=V$!!AjJ}kdNa-Fmua(RlJS`qgQmqCTEtx`p={DER`<2ouRVXiszg*p z=V$z}+Z5~9;^w+EOrkgTA0LkEWPHPD?Kl7wJ)NOV>OY<*`U;+H3X-iK@D`cxsz(aM zqr>1eV@Le<1Jgm$-WUr59ZdKZPTEVvA76A#+aP)HH|92$H#{yN3^nW{!CiBzbT|Bh zyl}B0B(iuFxGMOne{L3IWs>{&<=986vIR=!VnY05`(6>lA?U@v4SZiPA7UPewGI(e zjLg_ShrDoKrrVqUEqm#V{LH3Rw_}PB?Ob@^YqKr5(l?*(S$Lr4*0xl8 zV}Yr>LMwl()2lpnGrjIC^m;x2MEaNSn-j)+_?AfC!q%P_5a#)aUbQ7P?Y<$YY`yyt zh#WWMUV?J94e>9$)W7g)zwAT%J9As^wRM1zK?`S`*CVIk0M#%5r3^Ia`8#U7!oacK zUEL;t#6*~nUtmX}zcQbSG3n`)U-w)kYeDfpD&OV2FyQ;B0pArL0 z;-5Z8oOW>%<1j`1;z!bSD8KPG1G3pFYGF$Lqr*V$W5P2=$CuiGX=Pb{Y}rvr&YzT(6(T)6QFVlbN7D(!sYty>v3}&A@xjD>0@-EbsNlFM z0Q?y0*fcG2G9$)`&la;OYD2hNek*wcH8lL5W=*$mNq2iE7eXwQsl+@r!?SzxGFS6h52i9b$>CG@wGJH0=H^bXxm=?(< z&shWe+MJZ2!VUjHUz3;8l+fq?^BHij(Ru7YWnZ$s3v}D_)_3psfSY$rVVQ5|eX)rD zSNEciI+z2$UWPj zx3KjAzNBydSO@{1-Sl^=O8ng@+`%{Z(PzAY{2$c)34D~*^#_bUlMKm32cAI(93(>2 zQ4@)pVWN^6HAq;LB|);F0zpMg0SUqcup%K&ka_Yj80*>=w@O=Ut+*gXMVldn9c5J( z7Z#Ui2#|n4!j`<>@4YjVNud38`S6bC+|^Irp4%&%MvR=Ndbbh2n`(=qDCj z;%vYl+=qRrBPDi%8SPjwn*Y6l@74)p@ovZaV)@>J33(|(^}QC#&cew2oO~`oNl&iv zr2r)2G-9XEcPXpAEm| z)#@;8!Mx>(RL|G~;|bX^0J}wS`_k1-3%yT)0vNV5RF1n=;hhXQzpJ$$w z>~6agPLm?U1C?AQLfYt5aqY|>AuuhaB18ai#CpbKa6p8dsTGyT^Y^zGfM#^+j1 zpj->6C_xtH0cpKvCKvJ~8~QjaTv6zmEE2vBQXIfWJhoNDQNZd6G z!_u-wXk^`;1;#kp(TGwYglp~_7(5G%VWHI3!DsOfcc!OUTQwU$2>rC+n9(QCk`PPC zO(`&Lxt#Cj=#?MiX_3Umb__SErLnjQ0GFY$_w+2Q`wreBjE%{{rK|h2RTnwFiTRLF z$fG?4lo7^9vW3rJW?O_Pt_GVEadx~aOs(fKDjegG;*Zm45*mz+EHJX&P9z-0dVZ2b zl6uEehOPfa=3g+}*y?wME)FhY7qu664Hp>KNovvT-P~D?`_Al){3!A|NAhmMM>|A| zn%!GhU0Ym-S}B5mlK2cZ>?a)7(s0TdCl;^(t9^4zp?TJixLUCq*RAi?cz(ui8Y#C# zwe#?z?$=3zw!oj!7YI^-5!~Yu#t?~wux`OT2qwaBPc~v2H&OMcC=LOLnqx`@|_ zb1W0h2+%xg@fmIB=Abs@%`?~tcpAge3S7yOvKcp;;SjPqzaDbtAKKzC#myQBTDXL- z_Ql>6XEHWT>*Tk;$)~T>Cl?|eYX@drPO`5l1-sZpyuvlOykW7o=Ab|IO>gZ%&F*a6 z#!AW-AiinK6TZ8JnrYNxFZZAxy8h7b9gw` zQ%zovzgwB`wW!ODavvhn<&>@6#bX1`(qtShU8v(C6}Y{g6zqXc}NnNzH zr#8yh#DLLTap^$W0rWs3E+7zG#N1egbxRCiF2+l4LvC!uA5KPrYy@8N{Rz}V8na+i zG6TU58qUw(!!vZI9T*TAgqaoWe}&~RdqNEN-;!aFaI~3?n|Sy1)M^@c^Ntt`4jI9d z!WohG&R|hEu=P;FcW5V5?{@iFY7C5}->Pe=@8N1MG>;2YAQ4$OlqtGvE;<<2-Qj-% zt1)K4F=HffPUB8mOOQckClnNKXa6S~8e&^c#ztu*S3}HR@vdm_r!V%dI*1MV z>l=5w)~bbD)WY4U@HPHzZ|zY?l5+uS9fS~Vgyd|5ZlpG(gZaIoDmkkgXgu0ya zIc3CJ3Eb4=jT!4pS3x-TWn^Qi5=aw6AZPa6LC=3{EBGp=Zr!ivEk33-;fT+dcz13+ z%+xFK(I(+r&9k@(F5_y<)gen~W6D0?x=-s$aS&p`ewOE=LY$m>5%`NurU(Er+$h~H z+)0Ge)dpH)N1L@Gxo%Tv)P~#_e3(uaCL!!UNq>QHX$Ar5Y&4YRAKVl71nfYUJ5{Wd zHg%v2fQzwUs7waL@R!132r=Zxa3piMdJ2#57m{HA8+Uv6^8f;jc;gN()mU)BArD$k z!WZ^Qe?Frf#$5I=Iy_;8e*5KLLM*ub7_p1yp?R~GzKo(sWTu;Ond~fzoE_kJUf%2< zfQxDv)DYsEJS`LBfepA@gN*8j?d#L<2O>v^U{gr$IJ<_((X$NprO4F;`E?W^X(}OM z^RR!%)PVOy!teI>2!aZc zgZM$@P#gmMsuvr9zwoEN51WjoPSZ^^pL=2Wv0sc7pB`+O`J??kn1-by8ei*?}!z@UMv`pp7N9|(#~&wLu9 zV8_O+S&wV!A#tOqtqL5rB&?EsSczIVQr@`9R0}oI)`&$7b?8RdA>0Q9;h@oBEat>% zgYis+SW>oiT5G;CrHX-nB^pRTKZq~%*CS60hpn1)|Z;+FJ@d&lz|CB>2l)DHi1ac#b!5_|8Pcz zs9r6kA0~B_u)|xS64;)L#I^9l&(Idcz+<7km?s&)d)AoNL=I_tcb|l1Zh}$9-BvcUPhHi3G7T(q zTup9@D$|TIvliIA0SorFmA+Hg0Y|UWoxIZnbb0Oy1s3wI;cg&{YIDX3deLdCRs!P6 zmqNIS#>Eh_OHJMe_#k#SJc~MRxVJA*lUI@#_zX3hR}NS+f@GOG_d=|a$WCCYmbm~f ztk4cPiiKfw-BpO0h|DRs`$YOr+H211cz`#{|2S;5dM9T`nSquL`UG6vlyXvCK*OBz zrKiVm2EJP6gKixWnw{qy1o0*R`SnL?7e466QQmM{mic1{H8#>B3)Y{Pf8|MI{%zy8 z;_~(co~DA^@G<^4w3CgSaqRbOIBa=Dw`@?)#A&HSFzADTaDnb;Ac3ZX{h%n2XOY(p z&oJ6I;*a*Z>10Sr;Id4+0?dJ7ehi?2I zFXZp3|3m(~HfSgIM3laB0w1PKp24AO`n+qY&JKv(1*G&}mO1i^a#tQDchyL=LGHj3 z#AINn9`=4NjLnVcfvpCzF?a|bYoHS6CwFfBk#%4W?69Md2`&9i!2k~C$1{$29tKi4 zY4fpn1;6`R$!&sfRZsy~ta9L+?VB_&fGOZL3!|03SU11PLI)6qFPsJQvN&X3Y^9%) z?l68_$gpVU1qhb`#Bh#Dd`ZBESm9cSof&cKN|s=xI`;!8Snwo%#H38D?}%kI3}Dzp zlL$6=SK^R1;x`G2l(B`{=vVncDhJ{Ta4w=Rbc)lvC0OB~{Wz}uc@2pL#-h#?XLvYR zv-_^}!UE&Li)8{n&5e|gSnRxAV-7~hHlG8U2izA5cDeO9bqSv(AT z%*me<0TWBRBeszht9#y+j^GVoJkTZ|f@``6Yn6uhuw|WdN1)V?5O43wq+kL{Y0!LF zFx;BNs0H6_KI_kXCm)NMPx@H~%ZFN~b9OJJ07aW|2A>buSG244oqqFgsK$4bQ4e4_ z1UYrrFi-V;0A~2jJ82tHDmp@^D%OcPXju#Mx&DgfU#yU@vfunlA=kt#x!P(2J<2q$ zh@xfe_YsUiPax3VD@ZLgN8eZs-+&H=lOy^R`aGms7>hiF@9OO)R%7n+@G#>ac>@-r_Mi|#V z!D5&rm3ACq_~lX-ni&*=+baThvM4@LmVku_lneMM8?QA7A3-kmO&~nfgLne|02|E5 zBkl|6C|W2mzUw3&&}U%xmdFeGr#A9pE-;pbUd&h;emjz3Eihh{FSJSgAObiR?XaMJ zE?Q&oWwnBiD|$Fn>=sWnCJ8o*71ei1x^-qlni+opChDoVMv{5-2afxW|vmgNc zMz>h8ANFUK;(~W^$jVJHjWFJdqb9It?$&moU?u{z0s$;tZ4%$SaJC8?u7sUO?6|kZ zcR}Fe;r2{hq0vkF9Z0yMxCpJut||#8(f2rkueu3{|NFS$o9hG#Gd{9PE@G}McRg|K zmyt}c)$6PPPZVn>#4_D#ToA$feQHijvXozF%J8AAa6FECH>Hg$o7IA+A=)=exl zyfX#Y7)6oYV>h1=NoY9qGCMXHG<(uOx=)fHOj+q z@Wl*P|8l!*2eR*N&7Li@?Z$Lr zAGnS*w>xx{HsVQs)%EvlrifvCB0WvHH5j`_E(!C5#8{1G0-~*s*kw|T&_%h%(Pttg zc4a%@sv2&l)XqJ0kmnZsI9jH@733-^s*^)z;~HTPM2GA?4JcS-QD*mwf^PJeO|r{A zLJ72qMf?`vig@TTPi&7Wibsbrz7>~B6c^d};bfgG8Q7XVF)Eug_oU!jh;VThm=WwN z^Q^&speOXnf#VzfBWz0YaJ!#Fgu>W$t!)-xLm0SpPACb-E^yH% z8;4VbHawj#9P-W?Y_h?@fl;9{;VsW$|4QPE?=7DZ8SdfXULFk14u0{FCj;`0KTc!c znLkNFUP=vCb^=?mjiAu@++aG*?^G?(iBJxRpIxA<=uBQ-#QmQ7tlu=z`^h^fyf6^r z&~cpoH%;o|TCF){6?eLxHkIv&uu5A!yQ?1Wo%PZg#d8g(9f#|>x=!F`_7ma-`_AJ- z9xYGx$PL_-$0Bn$|EIcdTL(Sq?bx|6@0EmM47#RNkOQ>2eI;nnpz*@k>my$m4G#*# z25??-QrIs#40qyF0m|WOVJx@R-Gafj>Xst&6P@*VQ~FE(`{eH4sR!#WFTK>?&xD@& zT&OSv*JJk%G@JBzE&V0oY0G;zKvz_3aKSJ32aLZ%l;Q{CfW#V8rANbfcyQmX;TBey zpnGep=rP4eXFga(%t=j;5H%gF+)&* z)XVf(eX!X-+@y^#Yni?}mA>CqlF^Y}bdhg>(%%%v{tQJ7cC>00{8)_T?@X|oac!K4 z&lD?V0#igzvdH?8_?vHB+CgN{`N}sshF;95VUo}CcAz+vrMZD)n*|L_(@x^HurH7Z zwzEMFF-XUvE7Jegn!W+)z!ApBYRq|)Ey0d|hD7KdKN;r>zb@5S1pgvrpHl}8 ziRnnbQX>KwMLa!_l8Tf^BLzA4NU9qOsk+d0BHyq`R#HFZj<$Sbdnjo&_&WDZNMpXS zB9v4Ud%?;CYbUk^hP}2H6fZ*A9sbR71Qwxk119(y!TVlu$5#vv2qr8A;D)ys<8^IYt;58RRgTzZ{Gbd$YhgwxWrFEW!jDuJO6S@}~KCy`b ztet5u?aJBCKv^5#s$g_Bf~}qNC&Y{}a-$FmX;kF=>O8rDk`CSo>nZH#!J(9T9>=pd)k`0&|xAqCuZ z=!2*au2qCQyuc_8gY*pLgf9vAK^_f@(Jin)j|iAJYfUR%)}{RHPuNlE?{C7ryISq7 z23|@(6u51WXsAnTa5sBhCy};HrnP>jZ8h(Lekd|GeK?6|zVX`@HjGcP9$f3_xda;- zPLy6z=gBvQn*VVrvlS+?hoz*W3)7_TpJ9ctWXs)0h= zJ8#x6LFhqj85n?*YDf*}ah}o)r0ARI2 z4iJH>C5$T|;*~)eMPWgRE&LWuh)o}W5U~Q+0k$@Tpn+&g&;VYoVZtQU438%23aS~K zRlG%0jXfQXFxBL76xFsiRHMCUvL%Zc3=$y2EV74R1&bWvw`dlj`x3(}andGM<{3`gF7=Dxd6oR4+N@V*XhC14EkfIR9LBZ|_2PL~BER^hK z1WMUALdY1GEsDWH%(UVpwkXATfTJxB1;bl;C>S2$p=5Z3iIU-oZFwrhP#fuN&(u~v z38uF4Nia3SC&|?IjACVNP;z@lwbCva)k?cyRD0T4S}RU%PkSplg7)_0Fk2g$)}Ea9 z81h{kl-`P=kZ93jA8lmjeWQ!8Z?fwD%l1U5p+hTNlwI$Mq?zRM@HHT<4GH;7g$2=gi|T*T8SMPP?e)` zqr$dg5T=6|w?YZ0icuqqg+&o_7)=xPvlU{PCMt0&#BeH=RWGo%or;>tt3@1u%FXy!V<}@C=h0+C}MV^k&>KD2O9++1iU_4 zQOL$bEg)y%bkF~5^o4RpeL?@XR~X@gg!n0yHDWHJ`AIE+yoWVjz;kFh(l*Ei9q&Pe zMD^R1a;%=V-0n}kD0G~&d>`J+)XAIF$-6ZyGrKmc^@r5@@9AZ`4j{#= z678@^RVUk*Gv{cm%&A|YPPQUbopvNn7N`$I$|Rgq#(GW}^_(&nol~aEIb|HtWz_nW zK&ZPaaZ&4QflLqYN~c;Mh&o|Z73QBmbuK6kvoTW%H1%x5Ny)=j?uGd#Ifgp|F5f|Z zUH+Y5)`|djA)VZOK(H_HQx6~(jBz2VKb>pZXUYSwT2l7qHB<;!As6lgSMydZx$nk|iwSY2BMS=+1zf@9`PC$&98v(2<7; zVKSCL`S}N9yMJ?4>= zq@ksgJinYW>6Z`Q@A+lPQ3ktFQ0Y^QsOIMx$1fuo$G5JUARtI)BHGb!xw0uwFcZhPZ z>8cipYD%r^K>0pK2P;3y-<0j%AF8!IDaKVw18CgmAJ>7q)-n#xh^xDZ{o!BaWR6Tb zieMUJ%=$2kKG~{Ix9K;5Q)aBpbF-zDb_d%??Ea#&)Es{Y3WEA^(xs|*9@d}4;qjM$n3-j#h@@`~cYRpJ-wa z;M>4a?+>PwQ~vB%%?aD}+trHOvKywWXlJzd-0_!9z&+-YL$Yx9DPo!X@NiL(%7 zr12-fu$v4344(w<|MY>xnm z3Vr}QQG^Y*vZ;%+7bg4fG^3#;>^@5bbxyT{YtecJ*+`*xtwjj$xFA>SLj1xOG%7<= z<4;hIByH>F1K$0nzR0YA=|ffX0-|IxBm?}Z{Sd3=7VPh=5scjv$&X?I3JLZytUFnk znybh0YKTemVUp%2O9p7`$*=+P@NO#$!t@IYb!dd3a(-ec-RZwGMrO74gJae@ncJ2x zux_|6iiC%GL&l)z1X~u7wpk0zAPXDYQIuHCCu0#DImvY>V<&PvcZT@UieH3Yf2xAQ zATcZ*n-tSG2yRZ^K;*QV+1s@3rY+p#vWu>C*jBp+%r6oEs`bvds+Ze z$OIS@#9D7l70nLnnqeeSMcWBEZ{u%v&wgIf%rD-lXTM;ECOuJ)DC-DPh{H=O;3DDs zm4cpgztiPiYs8xo>pM(2~iXhf5xLXzFACrFGx1p;*a^ zi#NJ15e$;C_f@}zu``Ju0a8#YY1ve-cG1eke)N~O z-g>KXulAJ*yNu7A=x@bWo@r@DuJ3C6PuDE=flnK1zD7(ng!LCoI6&RD+;70bFf7!uV3w(n@*0l?TTr zJSgfTPSiN?|Gj4<|4-EIX_d)#^do@Ek!juZp_Ysz(=H3q-@AAYXq4AA3q&t5HPpqk z)!6=Kai{X=_6>s}9}9-;i)Kjo;&}ihi62giiUd>aZJ5%1o)Dw+Fs0+~&%=~NQQRh& z;y4def<@4+VlCXR2$>ac{IM#;ir`>mw{jyKFN+_}xd}cA<|vW7ELQ*kzaSLB!Sq|x za1smq{F^LOyZY_%8AsKpxSh^#kIOivKIP;X*Q}*F8@J=4o7LW*;ypdF>wLGg-|Et? zI6~pGcf&W{jPFVtOgmF>TgKUV-R@MMGy!_brf8Eg$HMW?fCbds_H6#&=IM z|Hk_6Im^Fh-#usew}bDV)BGFfyXO@D#{2F$iEXsrKvTx1(q+Lv04?ktzyUa-DoEID z_-D3gD-c}Y+Y&o9%e&`H;|_Icx60dm8NMFs(tBDeXPbPFwfM%E@X}m4JI41|vu{ic zUd~p|j`clu7H36#V`8~;vD#c(%Sgeu1GuZYm7&1DTV-aPF9RI&CC1^~C%&N81syB~ z1}3RbavvaZ*yAs<`BT%pwGA3i-_aMQk5C^4jQWc6EQ5I*?_wO8+Bsewy8~OWcMm&? zADoxM&v>;MN3*7^Wzt$Etwqwq>#=otNEaM~DOra)=N2f&`I;$PSZ53C@R;AjBKCck z2Hb|_U9pGf^GdxsZlkO9jCs@Hc|bd$)p~zuN(pK;DO+)iNllYK{f74FW-GvVwiS`| z&(r3^Ysaf!UdSG*X~K5dFEeV@xvOAs@R?00uc<$ z>RNT3u@c!BWb8e2>x-f?rlK={6&^&!WRa106f)94<8bcXe-c0X6kxeU_4d7EoSN*i-z{HckF*Cdq%YEQCbfE4=LNz zp0e-%hm`GTPubW1L&~u9*4D;v`yW!aCYmyD{dw($SR<46!Wyy{YP7j%66V4Mb5YgC zUSN2#iUG4GvVK5&;XTNs)ZBi;y=19j^{2D2CN%EGV}GKSW6=t&d z{A@Mf67*pXy&$nJLA2Mnxp7ORCT{V=^<+88T48F`SX~viH*X}sQ~0zRUb%j=h9yyK z%LPSZxm1|9|E625=MLSLsG-{;y45O%Zi|b&`ER<_+W*`dF}sIZ+y%mYIhO(dmGAO@FhKe)Q4IL6e3yUD0O`7%!vJS_GsOwPL@^bj z@cIAFcWq#mR`i^f^O9D$P^%5>Q5nmxb6~%k(4c)D*sE#--^F{v&w)dT_l75}Xh~q7 zns6lHfR?jND_nm5I@Rs!tc=uIqZMvAf1N$;>UkQHc4$+I|=s6X7p-&$;pY>JN?+mud`l?p+8u3K^&aB^A%UJ{# z%ldC>1K(zy9;_1+*xN(a>7f;E!aM84uuhDYvn{Zvhpe+h8~FA4+G*2Bqy@qIo}r82RWyP?$8Rqrna412f6^oXszRn)ZzHS?!1_C z*)g#9VkwswYp>E?Ac>;ck)qjAd%A*2doC8z`J#{ZWZr!I>P4^VIg9kdH+3oF|A}6l zTc^5>m}@yJBa*&G8@PcupQ}p{+cvrcu?^{x5L+A)!tiI8rMbrRTh>7cS8UF4K#a^GmQQ?4mF~tPdOUF7ZVD&cc>zg-e7v zW&LHEtkXmElwdjQz!o(SPt=JKy{i=-6CKPtOQSsR!}G*L$|4dyW& zw8&=qXoZ>V!gI~`ly+v@6EWK}wSlvi!G0+I7sXkIl{T@OBG*esh|wQw2=D-G;u|K8 z4)n%ho9mZx7db+vW9h`xx%_lB0C*D0PtU>M(#}r?pqP}%rbUel{K+%nSm)zbH;y*1>9o9kD7_GC`*4Io&TzRE3ckbMY%EXB%QrKVV-(R`$#vA{j{NWEMdfRWDN=62n z$l0!J->wWBHf*#qdNi84Y^Snwr}EH458bQWdoP;&^>AhQaOKlaKb@pZnuMmG(iL4- zmMvTMTjjUE1qzE#E2mE@Pe1+iyUM%o0+m@F#p6-x>gsway?Ozqo()PvgYx<3pI0b| zigDX*w|%F4_nnfKmbPA5zaA)lovx&(D@8>`)0OGdf$Eq?lt&&>YHMr%to-@UK>5PW z%I3|=rI%i6R?KFg{ztoFw<~-1?)`=Gi(i0*jBk~1zg5<)Ti03X+!>^7@2&LitqdGE zaG|nrAxIiMLK!hax%Jjtk19uxg0!8@N^`SfGMTYKieZ4{Nn@32f&Kcc}iX$HxKksdh`HG-rb|@*`r){-F4%XapS-mk4>@Jl#4FHN+ka4)vMPV z${TMeNl8hiN@*!r)ljKaRx0nk_uh}nk3WKC6$wg0g7TZ+{N@|wn{U9n@8&7<<|#vl z4Dl*nFIc#Kqq1?MvSP)GDy6CltW2M#Oq-_6o;~}7a^eJ7I{jtk<(HKX9XkA7`TO6& z+DGnI?!H_3+u#1SL)ozdEdKKvWz8DJ<#Mf3R;>c7HtiE6Bj zN#*28bV=tMlpAhP5)%`bC`*>0YkJRAX3kVpRgF{P;?PA4e^P$>N$J|P>!Zq}kD{wa zY*V&vQydP*UzET61zmR3r}%uz6<1v0SNwi-UGr3B>Qp5=JNqN$qmR&qUovN&pil%8dLa8AV4_Kkh%8M_)*cVC+(a5WZ z@+$Y;ci*#6T8K!GZctX``RAX%97+mN+0zNii6as%!=RK9nQ;$68I>(twtNaDgy`6o zLHU%GD_1@ZrK1SdLD`f+g9d#LC4(rvkp|^b8XFsnpi~g4(po5!vU~ULOQA#%t;)Sn z9wjz5b{&)kBKG4zD2uXd*RETkBoH+OJ;2Qgx8HvImrx3b+&2YK2IaZuo*N1!fauNZ z2;o;ojT$u`LJtx2Zh){WF)=aMLC7JB8!v)zD|g*>R}zF8B3bnwgjsRB-M@hlLo}xi zf$%C1Km70t2rWeP#B2zw^7GF>cYu&WRA2rZgi|RiD|108A+mqJ1j4B7+qds42q8rG z?vW5a<#)gP-Te?ci13c?5H{uNtFKOkkU^B!s1PpY=9_Qs3Za5XuW~?`lv{4O+^bShM0c?&vIS+HQi z7IY$1BV{EzPdR@4_#ku|RODnMI!jr)bm?w%5>(}eSagnZ_UzeR=oF~TlH1W4%02ho z^Bg(>sxxyGn6JF_(n~R5I#ej`E-)Jx8BB14$xx-A9tLxj0Rsm745mV*9xVeim5)FE zcpsPu)!OzuFi*Mas;jOB)1YF1xf#q-?zrQQTfii!n(qZLNBRBle?J&Zfy((m12dFU zr%qiDCP4M3J_h2I`1ttwAQ~$8(PR*-+ySJZvPXUoWRyjV z7M%hTP~EI}G_E8kC+DM4sPNXqXiRzh@y9PfBT(f}?gVgU?b@})01B1v*9X9qKp?OP zK%m-Pl2KXNzkmPZs00=N>sl06jvYG|Kq095jQz+|R4AY8T19Q$^T!7(}+VMWbgxtIn z?Byu?ErvZ>$$k(kO5rFB+tkXhFwB!ntI_@RK5oNsK`A(n;ht9NX{a@&@?p3K^iq1l z%u*{I5Fbj~YWIv2wltxiV_!yL^=z|7ODXn;6!lwSz* zNh|pf#F^gK0jL{C)i)sa^t#@`Fo51uUV(c?t9=mWiq?D%)QeW@I*0+iv563SYW+n5317ft$xsrVeUHExQ12jqrZq&d@u(4DJWLzjxs#(rYMz znsc=FW7y{C?SndVRO^J{jH6vQ414rq=D~gAC^rmlG`-Uc;oi~f`!n1_j+$1u&9pX; zVYsJv*BNG!)~pO>iq`xJm|J=eKfzt4b-4$_6GykbaEoa@cR{T=s@)2=nO@Es43iw4 zF2XQMZ_*5Rhu*3OZXdn2Jh5d7;ZU7 zgi5#6Qa4+a>KEUyx|6!P=*Xo4ZOK*8IrU&%OPh&bk ztNJnAJf_u!-|2J?q=(T->=>TU< zA7DB{EBrWyEqaS5F-+5o`5bN@z16?N4d86yJ4^@Y9X^U-fZk;ahIe|s8{sB%Rx%0h zFul}^;pWlH9*5zVqulQ>e9>!t5NFra$x|Uc@wlvy^7IpPYr=3-^}Z z?c10h(3{PKyG}1^2&Rej7Gg21)7!ie?l4FFpW%*hmU$)ICVGp@;0AJbHyZ9fN8Jf< z&p4a>HKw1O{cXoIgWl)maM$S_Wn&u2S>JHD@thT`g1bU*=Lt+-IcvFm0fB*8$ThdTZS=t>kFD2<|Yw?JjVqISWjO zd&5~%56-eNL?vRFrgz^2cY(8(yD=Qot3(`>T+RaRaKAVk3Brw}cl;@aZ_bjw!E~6j z@b58QIE@Xp!55xC*>a=(OI$JyVn;I?o!@Cl}~^aA!{nyA1u zXJPut*?5llo{Y_^-jmpR&oGG#&*1Yjx6?DWtrOpklCkx%+WTX*|5xQHjg8-x|5VK# zDU8mSI`2p9OW_`Fd}npw(@r8j?Ihvb6n0?Z7&p}zJ5*k;Z)y1~i7JiVZTjdWeQ1`R zKi2=(IY=5-T8Gx0<%h&=>>jjR#jPdY79evJ`B+Th-rnTEzBs>Kd?arSV0Sq-aB<}Y zmlze9xyLfcg5z}IPc7;id~8wIqncCfg!%Xze0w5j?5>ett+aS`UF3TgoA6KPPIQOA zPz0j%25qtxQd9c-#(;{pO0N)~&qPa6`)Ihu=4G+`vv54_`ePfppV&}7Wqn4Y$AYvI zKQF3_^=GQsI$F*B#V3A#s|cVH1@f!2ok=Vm%pg%*j}B3aeJSMQEhwl~EF-Pp0zQ^U zKHi1)`b4NSY=)VUml>Mq5ecHqeR=oP=GldW+l5vCkP zIzFmcdZ->Zxkdel-EHI-!!xFVU+L}mOIK)o8m?hbS^`|Ch2_; zWGP+oJi@>^3@3rByRPPbHg&1_7QjvHZBFr-ul1R4!S(jovWZX?8HZ&YIYd|3rN=@5 z@ujw(8Go_Y3aBTG=$8f~MWTUZ?Ap^2mU)d9i>6tspSkW0>{FhIhEiLXVXKgfud3!` zb*c51v;f-kS+9+1(sK)%+x?H5^Z%3P7LjPJPk8^JWMYUJ4lu$FI&FGq*fP6QztgO) z1uxCoUN9yRE6a$flm_5+@pzbL7I9uAK@3k!f^fOnnH!QD zDue4SH4zcD+MhXvsaGNUwb)Cxhw<6KY+|AXbk9L@9Du*T##(Mo$ zNyO6;7^I^WMz75FFk&;ixf=ESB-g3Rq0X%<)TN*6Hvfv?EuIQ z8J+7oT{$$5mA?>DwN<}ScEtq2Yo zzSji;_GQ`*T>hzd6bRVMBM7`MERWrR1F{0pl$5O!P>3H=`BUeqOIPb1h0>*#M}cyu zwgc5G)!{lWKxGxX7y~=8^3G82wAz4%Ue>=!Ll)M4(iqVlX#nhTIL+H{tZ7r_;BoBU zHF`Qs(1s94)1Q{6RB|-^=}2X1O4CiQ!!-0GMy4FC96X9fXhp~vX2KY*3K@`DSgFT# z-XXrYGs`1ZNbsdsCTuo<6(xvLI3+X>qcXPx5#Zq-6W=tUBPVekmrS}_z zVPWtPNre>jR7l5$(6Epi8Wx0A@0D8Fj+RuD>#W`{E5)cBoE;5TYa#{LQr~H-<6CAb;wf@Is_x!sW#U}yZjua`fVQI>x};g}mz)Alq(+1I_sFQ%`z1l+2RjKO)N)AU+nHoBCd9%*NAQRm zB>OqoBZ<*?{M$WZV~^M+h}JRk-|7(yd&K&0_J}U^Bekn*W94A89&0k9$)MTUre7w_ zPPFyw)jB%GTH{5&=I_V3l6;E&qiaV#~{~ESkYrv!iyB1M8jq|r!Z*`Lf*D(&4RjF%So4l(m>RRkE z%$5f{;Ys#^Cuz+!-WOl*}k$k zUs1ewwS^(spW*&!?wKV1S|ceycrduUDKWqdI}oe=V-TM*PMufDgtMmOIAD6hwWY=R zvI74>UD_X4iM9mxSk$FM#nWC}!kWmlBVmme2$fNn=8FRRED4*m&m%=pTsz9Qz+RLV zT=al*z{72Jx^a3z(2dQGpxJ`6d7mB^2VOw1*a9hh8EuWP6CZ4v)#)2%^39IXzQZvi zVP<^8%ygP;zA+tq)8l*v@j*tl7R-N7FdrSp+npFr8SKwew68E-73V-g{XjpJ!-%?3 zUSDEYKga5W1*Jq#McEfmoy5-i1MqjqAbN)UfPCPJMfOcC5l28XM3@vZm4^%n z0fYw33Nz|hlVFs%o+xfcp0*Phk!5Bu)ry`5k*4Mr=iEeeqi=c(FWwQ7gX@e|wZOIU z74X3~O#Dt3`2t^=A9Nr`$7q2Oxb8L~dSo|yK>Lc)EIVeGubI5>k5k4@Uw?Aop%`EP zSl>{yZ*+&cRBba6lKkkeNPhG;`5uY!4ULuJ+}|v*>fgav8t2Q8_pWpZ#lse3i>=>(iey9e72V;5m*xt}eYh-Ukk@ z(hOg=(-ip85%|HDaNIY*${%)T6H}A8oz@ zlW%g2Z&<7tai|s;d2GI69em^Cd;@p`eKx0pGQfC*o0zYK?#pc`KUhuQiDyWy;@p~A zRw1sb9nS{^dE$Y~YvLh^de&qUi&g579XJfR;35JTYC|+-5j#~Kx)oO#o-(UX{zQqU z4g0eEM}*EO^A9+qtq#=3fDzhh@BUci;X+1llXdDe9F~=bBkQr+h4n04=wt0B&&%Dv z2B-GsFKhrXUh~rpH(&7>T_{;%h-BP76qPLTMKXwrN*37H*l^E6>B|su3pQC@@6TLV zzM9ZuN87N$4#yT%oHj)Ju~AiVcNZ>P3Y7koag@B`My;VX56%aM&f8-y@6sxk5DfYX zxA`4LSjW>Bstc>Nd2^7cOQ!1coyYJN*y9Mmqy~`MBwj5rlJf<(VKDXQoMx~zu+NsT z4yg=KOpx6J_o8e`3_A9{Af$~5>=AArBXkj_|n&>+5feC#)4(zhEDu?J_ZHe588zZ zD_3@~MB_G#Hr(b<2mL5g9o#zTAbMoEJMlx7W?Cn8=@}5_a3_As)*xS4JwQ3TzBGho zp6h2UJZQ_E6>JB^01<7BA`mq$i;9R2696W*VBXQ0TfcoGu-L(sK(%dhQEIbL| zAcw#S2>ixlA3amjz1;adK!6kJTrcoAM@FMR5{}Gg;a3T|c{D4YAY~k^*35cfTT#pq+v| zP}nSdfP}RG@hNVrKr$jGGu;bFzmx_~h{u3q;UlmF^M%CW4aG263=s^ZmPqyCnb>sT zGmA_E`L4z&=A!jU?#~1q>JrFhrG?HlBnbUMcA>g!7sh)Y=9?sC2mJ@CSF#YqMxb{b z3DuzlGCj|kOGcBvRG2<1(FHUqjK!^5o8~$a-605741yzlkrbxVL(YV{WhXeC4S@n^ zyY>Z0w(634${R6;rPZ1voecVixV`|DfJ#q8PxO;u*$+ew^GH<5a%YNkP&pHY0Y|s` zNt-yCW7kf)aL)ZC6nr_T#CVDJmx!C#QJoTl3X!=Rs2}2fl9efQXxD8H!?w87{esEl zH|{5O0~?gXV-_DJj;Y~Ci2+=YLHfr6C6Cj?#)#HQ2q<|XnAH&C4lX@K*la*ca@+la z8JrsO8O4BB8kf2@rCffY&3C?u9HyeG6ir?968M(t z0x#C%VG#2vksfC;#Ud;PVzm+C$SkVGY5I7b%J))>-0umzmN?%Ad|J?T03>)KWaV?T zypSzNn3Npq6l7E(Lpba>zRZhZsrOl$yqO7yrXd}pbf7_jc+UA6;co))v0(tXHqy0* zW|`Q}cRt5v&`YATg!R?}aAzQZb4j$iv=*SbeP3G#?xr$XptwReivn=bl3W~N$wTIn zd=#Wdr>Bb|sOJO+`h+@H+YD>PL)koEYjaD}jWQTyWY3`};L*ys-xZyo4J805%1DJU zTo_-;1$ULmt_UfhECD4z+e6$w!T4sHv z=0rC{$Vx^uoaIg*>T?l?3;a@20mj){eNbz4AwRM@;AXlj#2AJ@-vb7Q{yF%=(V3!& ze4;_d5?`*s$zc^}27F+B(7rlOr|Us3IRy8A)ndsb0XV0&IEbLMPrl>d{Z2UKUjMH z71kM0QgqW$i)O;}EWq$q+jtdfUtX!ke$)C|@H8hX$BK9MoYt38UlEmK$2+8Ui zFDfSy@1kG&CgEv*RE`tx>?*BqGM=iUa#HcmF4Ov^;pw@koOHa4{^(16d?_j?6YuOI zt#1~d7DnY{(oI}%TCM&*pcJG)TpI~GrG zN9ByeJ3C72Ta2f7qjDzUo&Bcuor0$&Q8^yGv;VZdGx4-6Drc7ep<`lZ95reCPkztSAOMb)^3~2E%LY&li)YQ)7R#g7qCwhv4fdf?W%Z_rh3=}6yXQ;DW6<`hU*kuhbV2D zR_9s~SYb15c5$mmdZ3080_~<9t`(Zu8CXFRZ8mL2%{13~lM$$icdbUtNrBazF<@;4 z%_L)8KhN1GP|Iiw4wHcrs1#Vux)xKj@XwB$b_8nU0TfO>ngaoL(`KNTDw@rd%_fRw zQAxII747zkv@6?mn3`S3Wm^b?C)%>IEwd9%opOa6l8q#W=t`3fIL<>?W&}PtD%-FN zx{?H4>9VcF^U;+SX^uT1n{)`eaHtvV>?51CosX{cNV~GlMA8L5rm;QQH|LNCh@?G! zusZh^9D_nJictrOQ7pPV7F{08EsylN<}m89-QQ! z=5&upb3fikE4FEalC&vKEjLY@*#|OUM$cN%Lp*^+7u``_OEE1EP)N&HQA7bZ4{%4i zCz{=ZE$(Sn_XxZDaj|wh$f8ZLYPoi8CfAI4+c0N5seqLZSed|f6tFD@wvzzG11PiH z6BFHolikx&-6PW7k7xSt%hHMy^;9Rrw@ZD|rle}Q>DtUpE!m%yW@rhK?g02XyM(^c)- zQfa=v(w^?0Zc5wa%XYO4Ec=@Tu|1jix1t;J6>%LV4VnIr}`-0;suv7*CVD>$=>nm z)XlgLcpht@bs%_nHU3Qozv@@wVLVt?zmX|vc)%sp_22lXXJJ_`9{+M|_$dVM z%Zk$cWl~K43T?%L==m8>X>c8?G^bYDulGM9tBhZ8;!r%KY1PzuWg#~kEFczR7v;plcYj@@)<}yCQ)XP zgK^D*KjlH@_}><;8jAj+_T-cr1wZTa@w4?U{OoS2J=vU>HeT{j7JeSd#ZT#2{5&zGc4zZgq?L_8 zk+S}QU z8({ueySIKD3Jk7d(iSTo@7sh@EAa4mE{oP4XbK9cdig`nXV-SllgF_OL6&9!#Aq|qb5bd!< zmLPV=W0<%Z-{B|)z@zL+{F}&*gFuRc&}W-8?aM{0u) zoUT1NAy6Bfu(fvWq%UgMKGIlwa?+{VlaK7GJyJh@4k(*k4Qy^g%d@kv0Tvp5_9p+`lLsk-! zFTlUM$x5&$P*U{V)8o)ZU2yB`ZYyFZ6u? z60<|dDm!Bx`bZmvC99|shNA*a3ogw>BpgA0Z3h{wMi8-5DGyC@gxfN-He_W2n1k6b9Y57Ay! z>#D)BB=m9A26B9OHXDD_E!Zz@&NUXmCBj40re5B^WHDZ#e=&fUBX(LnzzGNn7blc4 zHLhx0(i9nu(SNf1_(=IHFaxrN>a;v+&o%xcny_dAS2dz1KactXMtHq|)9#ijcEcRP z1Xrte12A4f>A4Pf^IJ~5+ zeu~iPw1ZS&2blTh2){Y`c0u@U9N*6L7A0E|YNtPxe;o=MmOr6S*zhqPZO&=a=KB&- zsLe&;H__$`;WyEyuYH?<^}U2OAumMl63Mx?*kmgT!=a-yu#w~Mf`yP7EPu7!+~PI@ z{mBAK%l$1k8{S;O5N(yepV^;dF2H84NdrWHZht?gKgY?0`@#v?{+w(k+!an3=g%3( zgbbOW&tqenm%kB7zK{AV_y6##oY;p40p^hjrxOV$Ccuyhb_Um}pwtDyP!6z?lc&Q$*PHR%R|D~j36`0m)LB?Z6qGS{1 z|D)pj<2O4#AMg87{EP`dyHu=UU{OG%e2te91F2_`Rd;Z_`sh|HaqLEn?lTDEU59m& zGlx(D3n!6`x^J*{kQZ;p@2GgYw>l}Kru6CYYHf9V#xBp*KAcV&U*-Fua$L{;zP;7K zc;%2~qi<4AvwyHjTc5G6^!rMbs6H95eD7_xeL4>`ebOC2YW6o+u{9^{bnQ;t>l<>3 zxpIctcNBbp>{w_0iW?xCV^G54^EhKmySS=-N9(f14ba*S?@F7nPPn`r>Bk{|m7e$x zm3i@Tz9SI~;+@)NzMQap?(@W7<*knKZ3pJtp(qyIQeFwLo{KAo#CPy*tUeU4Y_S~h z<;6RF>#Cdaas|fUv@d<0o=)7G{N44!IJA}2UAKn1-P5gnHKi2tkZ+voCv;0|4vvL$ z?%Ey9fi#Bn0}b1~p9q0gEB=NWpfpj8YrOybO(tNlga&^xM2H}URiSBft7i|;c50_n zYBK87f!~aD9FX#%$@o1ISJ#Q>9+)%@{MPd|Bi9~yRr*&hqv@L{v_Z);${yq zeaqG}&Q8D5TayiZ3JZ9Xb5cv1@nodXH7RFJ%^7EB?5Ab%4;+_|HnPwL;A@KsU*L+n zuB!#}Tg5L#UoPlzz#@GbBJnj0q@ai&H4w=Am9c8zd(MCI=32) z;HKsUgOJYsSr+xl<4_g9wU;+AF5~3%PJU}of4(_mo%-ZANM{kK$?vI6JG^`L_y_Ib zrn?UK#4vZQhDiMtImq(vYi``-S{sdSmV(1-9mlD*Ass!cEw7_lE!@NujOYQivt7lg zuG&;vMMom0+U9rUmp>MCh6<*Of_Z8ZOX8Y=Eboe#(!T`vq1Y+_o`VSfvo0|Ofweba z!hPg0TEmTR`wCu?z=vVmLIgIPOQ4ek?r0_OkN=p!5$7kc9er)l{wMThhv>^YKYiRV z=vsRMpEf*K{tFz;sF9nlPt-U(X^3cxK57cB&mLuUGk%Al8w%H`7h6?tz>=}1^hZ__ zA1PNgerftv+l6ZnJYA~Pr9(QHdk^U_&S#DHR-3#lT1pRkn`4C}sZTn2HJ{H{MbmS2G(Fd}qh~}RE;dn&-wmQofh{Pt zjwm!bUMnmb-6%NW=cscQKl_`#%Y-6(y7&iWLvP zUc2{-cJE8ty?@{CJ-MMRypiqR=eK)b-u8V24vZ$DljIjHkJ!P~ha1_t_;B+S{&w_@ za$@`q)OEl^O!eMajMK6BmTNOZR<*tO9_7HBop1P?h(Fw(iA%0$hYFJxp=JU z5*v=1jxwJ`48znhh+in=b=ig^ZShb3xy^e4c3)d!ORoWnRz0m{dXiB&Lkwyy(-V!H z<0@p)+%ny1to#+de6tu?qMh7jd)mTVmUz4k{AC+Xw0TE!=GfBCXwIT5EmJH;ciEf( zjQfa|nVZ^_hx<&-K&hS~jEJ`>)|2dQGL`l)vQjWV8R&pV*?WR1*D&2h#4W1_+69w1 zVQraVHxB$!(lf(h+<*!oLd^O?lfPx(w{36PkW+2i7yOAS{e{2+;cL7nV?F8KlQEtQ zxXDhOd*J-6aC(SkHY4#^h-D7rQQ2^aWqOvmcsmfQv+#)r_=}gJDa^}Srr3-hdT_dA zJBPhh%VwT#gU_-}?cV2~ZJWQWxy?K09}piol2?29b>HR+&sdVlrCPifo52!7|F!wSeeV_D3{ox z3=SH{dW6+TzewYP)jPMtb+>X-8aY;%j`1q!4YVhiZ@ zC4c*`ui>{`4d~8#`{VisfeQlw7HiJ^-3dX7Eo6QW;%TX3h@A zbFrv8QHlo}o9D%>HF%f|FK(he+5pBuhZnl~@pzPxmfKhUsyfu^;?+40HPDN$0ml`i zaT!@~S5cxmOKxQU5a+&z15>%8xnVSvFzk40L{(98y2Gy;m~sK;@iI0=VEUuso7{#I z2SwD=f&zk)JOWJL*bloSyHdCB_ZiE3;2V7y*9YZCC!?_wewe*5YO}JqSIE2{;F#Py z#RsaTRoX(-Y3igutf$F=r zC?WlbMAG1IgAoxe_fQ|}MEFrzMNvpFweU#R4A@;`YU2P(D!(hD^5geI0Ow};)sADO zK!Nyh_D89&#;AYJF7@F$S#x3rFm`rko*%7)si(zMTqGb~?xvAJZYXYPg4;)=E~c)W z!+`>!4GTesX}-kCnP63Bd~kRmiGALzK%KgIu-;lUCt~qB^EhJa9t_1E7O#~r*wm81 zSnM#3vCa12+~BIZ+}xlVecg{3neO)17P}&TrmiqwD)iG8?9Q_Bj;S61pV-03c0PFy3Gh@le!OTK7nlo+%Ppj8YDfLCv&ifqv8|f^dvs#xSZ)uCQ1=}NY2~uL} zKYwG95I2Wgkbp~1sf8h5qO@&n5TCxNRzo8|Sy%-Qy>_0!PF|p4pu@OBhkD~)f;@Bs6F9lZuP&Cc3*_9B z5Nhgt_~|3)bHru=z^zS|9j_OtNUMnY@BnrU7E7E00U~X6sbM$L)<00cDH_6XuMPP$ zL@-|ktdFvLF#>yCksU;hGm@YairtZ5}*h+6^1_)bP-&h}Eg8S`9T^d`L zQDFM5(c#9N^-;oKv(D~ny{!fxiuw5OCyH1&Prmdhn9=EIr7wpi^xX$Xz8=4dqpe}d%6^9Nm?^ZO@qV#=0B$#yq!yO@5)9oJph)EbYCY@%PRE~4%|S{tb5 zI=blQ#E}r-eO_ZZzg24YF&}ZOgHIVJ9UOPY!I~B2pau_c>h~nkr#vD_;md`Y=HcJ* zH&0_=J)@P5vq~Ab3mQ>fN`yd&AVjLZ%9eYpKd;vvcR~!JHYB0;Xn*Exzjax#a2%J1 z^f*S-9Gs?4WUM}--WEG!(3%~_5YBa5lC=%v_!mkEg3asjD}F7;@w+~H9NHiU%VCe# zrTf&b-pTWI$8DoUa29sH-N<*IIE)>i>vgOgtwaf&6W|TiQFX&4IQ}YA9L`ho_>|R(1-oU+Wkf%VOm-7^yf1ITWm)g}U*%?pA z;!x-ya|LDRWx~D~^Gy}*m=OB%#_0X2(<-rEE&Z;?M!Xh=6!Aa1;31ns5N(U z#!&+poSC4{BXPyFIx}$!{v1-zWhGu3$-M=UliIa6*)=|1_rB2HAL~PB+2O@c)oE7> zP63h6fk+?w>HV=gp0uVS#}m{~;r7YYB0SSR!+QQ8Z&zJI*RFZBU3-{lO^_i%?osgt$bC@fimugRfO6gx5p((Rs?r;h(YOO+ z&0OKr-02 z0`<8K0)9gnsxi3BNb{Tqh;8hLmek~J?BU0vJkE?Xp|D!?=@e!{Wj{JM^5(aJ*aKGA z2-70D*?u*4I7f|6jr0qsgY=4sS}|V0s#k3n3Ab9;hM8fF4(&ue`b8#Bh=alboG@Vd zu+QyCN8s&>12r?X+i|l6?P{D}Wy{&wj+K6Db%LL7T7WNjk2soD;G)aBmS7-@NXfb(ost0nd$^9V^ zQ&KPxmdVQ?XFU%?N-Sx0B~Ee>rY4*&FggE##sCN1#>>zBKEX! zeHvxdqmsT$7~hWweD0!dwY8OS#lx;`kS|fLj+b&9bh*r#eoI_Sk}|{g`?oX05*I_^ z;5EoBE80p)BdeZ_U1`;aGxdIbzBh+}1hK#&JPwu>@OU@W8H{3sEZm>)XBGvb zs(XvzA9E{*z0G$AQBZ~K{^oFZu-KPO2Qi2C5Y(z70vS_(+wDzbQK`*6KwOZ(jXISPQaUU{!EQE2t~^EWb{i$1ppnGxr*<@AC@`ZKEyoL1La!L zHv!Gx!`_sJB=Kf#I5Uw!Axbg5IeFWNUHCh#Ko^*A#mQb6KW~Tx$ifleKu?1f^U{JY zsGXyW32qmT{uM`V-7Q%8$L?)tVg8A72)_MAVkk9RZAxuz)h6UXuNW z-||=Sx%g2{T3(OkPB;A!x{9c6OQcFo`}6Dx>C4|n&3F;$tHTqy>1p~|WyY4LzT$1) zuuO1Kv?6$Z3G88lK01z^9C=Ato zojDL$#0DXkPr_qU%O;|1;R)SBV>65v4Gcg@J`Dkh>6s`!bghw|&Nlzzwi!3g8!#vk z=%M|E2eLbn1+R~Yngff@l2-!w%szx7nMMB8B3K9J5cg+e9sqK+zea1*(yyR*fE>F! zHTl=f`T}e_x^?*YaB@!O%wTFLqWxTt7R*=KwP+m4?43*~#ypnr!a+IDvFS~`~bKH_`x}^Qy>MfmM>j~6Fa&tqf z`!#zwtAV76<_53QY`4-)Zu90gH#4T1Gzn_jn}A;Pf9N!#`j^QWUp5Kt9LAyyu8!_9 z-*M|iRJM~tHl9bKfRId_7{0lY5YP!{`GaW6YBT@iR?E!}=VpggQwi&atl1$bCvpg2 zH=2yErP0CdzaT056}OPQHL8((1@8~MXo{j>7X-v$ZDlPUV<`c-UT68_M5R5>_Tf0E2lFZCT6+fLqCC6il~`*9MfuZZ-~oDW;bRdP8mF#WLxf4%5im zJtJE|G(;Gd$+qQh2z4|4iSYl7Xt{0VE07D^Vi5n-=r05SHr3E|P3c=!}o+^oP#ZmGQ4O zFNy;*xmx}4V<@>uRNt-RoTNKp!R}=S?MaZJ+*+xtSQI7C`CMkN?5KR|Jf^D7-!jeL zqWzE6I40t}=4+!LE?K-zo@^93WD!>5|`XlalV%FW*0h`d5}wlXnQnatL)9 zwB=By1PV1b{$V)!o)u>Z`aWx(-<}$; zj6>b{;S#9{AbVs=;+6El*m;q2jAb`_sszn0n1e8AHdS+ z_$VZM$1imu;Mo`;7_T9yX@_-@u%T8!o%|!$hoI&_Y{k>;k^6C?3M(g&<;26~JjJ=vw1hRFY4~_@HZ)a;Q z_B72E5%u}g!X6Rz55kV4V8-`oVaF{J70 zu}=gM)@tDkOy+?mrKf`p+t9}<#DKQ+{t1~tPc`1mp=!~r5BmzB)%J3PwtEAYBcOBN zv(f?bI2YOx9<=?iA3$^k)f*7k)#I=m&L3ZI5m>#;CV8Jy7vEfeQeT}0qE7?Tr_)XW zpulD~>(f_SBEEMkxs3}~`V}NwI7nAF={|Uu#8}RgL@nRz z)E$x$fK}071v@BxhI*P_{o7Dd7QV^4J{G?9+3S#KQhEz%Oo9xxfL-Z?zc3+aask%F zTV&pc-=Nik&JL|=_$Ufa_|$WFtpNh%^Q?5Kp66#&y`w*^U8z@2)B6%}84}u4p|c;Y z$&u90`H5K+;lrtG4)2s414}4WhYda4Bkc3cpS(WVon2#Y^Aa9nLZ$hwm+%M^ z43h-cND|h*51&BG#eR*J9B7dJd@s(Zj!{Jps3iau`(=m{4Qdtkr@XVH7PoOMR2UC6 z%cvO$c6bV9KV+7A3IAZiAE=I_nF?IXlR6Ew-1wy_&Wx%V4#gAI=0RT7zoBaOY={Z7 zhnGfWIXebvqH||Y#jm`0zebQS7=8=Uu=;%={1G?1J)ds1 zV%YmRRrIib#B9{Vo&=!^Abb|VF2TQn%y>R=5>!jkko75K`y|!vCN>td+U%3fp&dXL zj|^aXPqD^yyM3@Z+ABdExg|buO5{{u4dH|@1VZv6*587|AgtH8Swz#q)7@l7%0(?+ zGlQuk*;Spn=f|8?3i|Yg5DsP{!PIAOrd|zM_|Xi(Dgs|0)$}!|={4sr00JoMGz^lN z$F65@mGyqod$}BxUuFGUb}4$jFVF{Socs?&h{5HA_F8P;#J`J{l>ntx0{sHBp_lw2 zHL`X;FjRSg0EIu;|4aG4hy6l%K1D-|-~i{=nYd_@T zAn~jJ>-rB@7t}8t|GVHXs1sdo7oKp(A6Dha06=h@hrN#vMetxf%USoE6M+nDoO6PC zYh(asNEjq(iHuj6^SFT09&B<$32yr$R{{!P0i7!TiO}rU{)YFgqPEiJ$y^+tRZqX8Z{lxqb-iW8@%ekw{#$4TP0I`4GeuutIQ6^QAL%A@iFatRHSE_N{L_1s8=qt~21l<49v0W6_Tr+Z z=(M<_HE=Sdv1*Y8n)+d{*g;$xmzTiMiFZZ z3Yq*L);#taMTjNH45v`yB69;u>0xqrGWcuh$ju&Ot#<2E&5BsBPhulwx)C7kFd!me zRb%*|5KrxCbIo}$1*b4yOje$O_yzE0V$KK_`!2eO|^ zZ|qY&&m1*Y_m(jjP?55k{qn2>ja}+CW~8YZJ1h$-K@zJ+W)n35YfVkNv-e2Mu2U<8 z4bVu#bT~EEsh(FzDSV$*hxLUYWNOerUFJ66Rv%oaF1b`npm;y)vM_B)b>k!jLZmXL zR>>t)zctq(Tu)0y)J4u60Tiy*h4Z$PyaB|87Jw*oP?SAh!hyIaNK((&w}Cn zKwif|3jB$CNWWZiuM0UqCC;r=N&OK~Q}hpO^^#9ZeQ>dEUb4Fw1Tk)D&J3s`iIa1o zrOyMZ3#9gwKqHoq4ZHNRD3_0Dc{#rY{>S@EH>q6%lBKGlr4$<{M}hShCiHCP)+O9WIrp0oo*9q+PHw`lgGuU2BIkYIpX zD>|_3=B|deU8mY!kZq4+Fff)+L2Aur(VwDqYMtbQ|!&vp*CWr7e| zlx09JgA(up#-H~%dbW|KOEX9x!2h8f%zW9i2~#lDQUuuR)G502p)Ct;mYs@cx{@E1 z->4@toc60nI4mTpW1nFw|8MrIB`k`PcWjXUw7#Y;6TFQ5MDXI;uVPG$smC@mwS)ai z^bwed0Dyi(bY@khIvmC81d7YIvPM{FDfpuNE%aZCsUKb?A>NUhh({bihhA_hO8i;t zb|pN^CpwN-LCJ5LV5fF>o@?MtWd*b>*q}1A0`@g0zK$A+%TL@N0whVx z6xIcMI?OGpll+M(=CjB(r}ctX#_ha#7~Au8DLn6jL;0XDQgIwdS$bs2flf&`PdLN_oo#p!^W#_WaL)fcu`{*B)rYWxTYKRPYv8;D<^e8I zWX)>$Qm%VINReu`Q@c9P9f3z%HUadgdg2J#g8+eN+9v$#$zbtC@hgGq_V1(%dn)WB z|CQEIs=s}5e5z){Kavet@O7tPbyU6lrc*F+5H_8I8#F#)j*hBlu+s!YXk#lt>=IKe zuXc_WFw71HYmx7AUIV~G8t{TSvz<7XBO3ckjqcyNJjB$XeGbl9QVV_lMC6x{Cx>ZG zm+`Hn3cMT%cuvUPjiE@BLHHoD5r1k8)jOv^PkWK1hEr?u)e@Jr*9I#S7n?RDKM^SoY!v^ga7G;f4h(=`^-=ZkVIpnpDnUhJh)mKvo$Ldl3P;swXeHDXTkT%( zO%z&R8ovT0-0xeDoj{|XX+T~)lJxyf?_Z{N`{%OvO7u>4rMpgYf_;{z$7oFt`iP1X zVsfB8%-jsDXn;h1adU!>f4{>MB2t=5T3H58F!F^{`{cLWaTW@gT8S6Jb?12X?R|w1 z@tWRX2com7d~Z&kpIwZOG+1LbSY>SbY&f?d`y_k%uK>1dyMqz?WGPQoZ*#KD9xPvo zRf3%%q=f4~bTyy6q$@%5{@o48EwPgPi3J$pTB&#PDcG{{t4_bZc8 zM${o)<;T$NiL;pgZ8so>x^1{1?F9>0GKxj1Hf;KW!{i&9qttXzJCmLKksC{9k z^nFV7RO}PZ#JO${?yq@*d#oza892Z_z7C(gg%YdAZlLw!hvp!Z_nZ=tsA=>$=HovCZb$|Eh_RveD+g0!EL$^mC z--m9Gd&3vHQObaB$9+{mx3k$?Ox-Vfv!P0;vafP}mZ zmh!#4@(e(oFF#2woF_ODM6+Tce~h}z!-(dOMZd@&JWvA7J3Zm>hOwNkYBk$%pgM5I z3K&x0Kl7NN0q|bHOO4eBN~fB2)(eXKV4Wyg=R=J#VI54v_T-D|z`p^}pkeYUd*H9I zLi?9mDwUaomV`qwRiaxF|9x)r^7wG~6XgFpe>OgPT?_w*?C!F32>(BX)KrTfuvKbM zx$)vv9U0>AeAA+T%6Ol7w8MDI=N622v*5xT?^hZ%h2!o2aKU(gnO#b}@jiY5$JbFIL_dzo9{9+ak_qY%EpTa!sYRda+fO7E zB1-sSpg_I)-h*@fc#&Snq5TwtP+izuR9*MFWLPKYeGed2-#jl9$J9CI30OR|<}}KD z90bEWdtG_+jN!v-alVcLgjD0B?uZVLsCg3vQgnGF92Buzg9M%~=lwWNcY13vN4c$= z_n~c^j*fE^uCmB1h3^IK$csQ^_SKd-q!3M1eY8vtAkbiu7bwkKr{y$BTUfzF|P? z_LHoyY4(qol9X z=@Rn6Nb?xlTGLjFkxTrJ^>E*18&Bb{HI`PEw5(G^jXFv9mEpT6stC~Xm%d%en+fV* zR6-I=;;GgCNs!^EC)pZ(YA?r|^)Pm|`RKLuq1BmEKK!dq|rzh1o{r`SQqd|yvzsZ$^xW$GA>;xt@b1Mg!w`xGjI8F_jSo_TAl z@P6E;o>LJ}; zOf9zsc{MrbY!#xnCYQYu%TN3Qdv$!e1Cjj#Twsq^_XXe6--$+xLKwcHih-MH%{RT}T;bfz6CbE_F<&Ow$0G5dyBx592my;n{ zaZWx(myf9LZW1<%s8wT*Uw97T2Eh#Pmp1NX5VN8R?Bj=M_@0n*-WDk zioxP-q?=fAW>pY|LTil*{7;w|Fx06LVv8qRNiaU%5yYhn9vAWsKg@e@@dH@LiE)ws z@k8@|96Yl4Sn6Xj-ItkaB(*W zsEq3$&;SL@3-LoxU#Bj7j{_CktAH&7Fw$?K0_};AP5uZv#APF~C_agr!pcVaPW+^2 zH%eF&STJA(vPZJz0dDhh;}z}^{k#MkVNEWkV8wBtYcaezA5zae&MQe-ZNFpkzMO!n zZ*{krC%Xx_8~U_)s`oVm!Z+r9mAIXJ`kC%z9Y_+f-c&`O3C7Guw`je3L!$uej}pes z&IJEqWaedV8PHmRn0mH-DlFL)R`{XBame#+ywKV1(^KtQyC;G zk{a1C8{v-te&o-;LU5USohO21U!{Zx@gi(fMMDp9Dwl-QoHsDnw!Fi$TIZb#`Q9-TM>%jZO&1Q zCseb}YQyN^DQ7gEM?Ako6qAfNAAH*(zmeWU1VGF{|=~96<;~H!WAL360<&uN>!X26uA`>iDl#c%g*e4%=n^X&MdB6y=;8R zG2=T`t{ss}o@=ZuZJO}o&>eFl*x2w$+$xT6_f)Q4+#d2-pMY`>vY~u8qX&m4g$Xf} z7kuJOGW$2~I03y~Y<*&W=9Z4tt9RegQvmNpuXXM9a=t)jRlQKs3zpMCp}~OONX>Vy z5I?@$QP_JXra>v%&c$e^T#T_VQpY~YHGf;H%wtg^61Cb_6xROV-5@pP3Ne;$D)+U4 zwpw23@nO*z|6j2H#e1srbwRmLjHCa4x|31b#4%7U|5%R}W|;hblcy8Z<)A3ikDxa; zEj5UE3-6`e|6~J-txHeYed|=~dnYwfU7$`f8mshX{(--^!2o*ucpcK)XAJF8m~;9l z{!qD)JqUe=LAVf(_)F<0ay(o;n-jRN=0|8Q@ESf!p^ap^SOG_&%rCHrFU95{%rYU~ z@#g7%Z$x(St5@_bkrw$V)#KPly@&siqi?#4*Z{TXeP>^RyOtOO+OJY4U~dmA9G1{G zphaPZ%y^u{s$HXrg}oij49JP+;yKLPK~dG?W)T`u_2YiBcdApz9!?JOTUS(CQ!CWg z0nk9lRke+)Mju#p6Q|>7b})}-lc%?pkgV1R*hnDuFno*W>9LT*lGC!Mq9cdr8@gt}Q~bQv{Y)OMzQLx2kkpFqkLvJW(tt>Cq0oJ< z=9nG~Sb_P$J6q(McXw+?%|^v)tj>Vz$Y2rZD#=8uA?U-o%#u5?PaOyTGSZ(QPY8gL z$?iM-Zg>Z+DB|&=}l_QW-`VI7JeV1yfewgqkFUMYkNQ~y@RH^M^ z0St>PsR+qBweT2nm8fGp^+(a5$}V*@!R=vTIY8bx7#wUKjuM(_7NeIe{XnAXE`7qA zrTYT>4>kRkI<2@oKCcvPVh^^)ZpWFyc_vAM45Lt@?i-)FLxvF zW!dpGtq0ZqcL3e|ok-xk=B#^M+BIfS$esplRUugKx9VJQDGFV}W02ZFJeM03FNq%$ zQ-?x8%BtFMnnUSYAgu8Lj12Kjgd8MNBk#1~mM+Oc%&F&ePiER3J+AF?zFhZ#%ola% zBbdv$&+vjM*ZTIoyC!pgof%b$i#+;lI|n=bqAA#S95QKgymKV?K9+CByC^fiz#z1+ zU1;~f%+Mh(OxsJo(xme$`rS|Wt8E=EQ5xtG;sn5{LDxHkD?Pv=Tmpf?Brm3(68|LO z*0mhTdq9)g`#Yyb=MFWP7gI~}HF#^>e4jO5b8Eb<{RV((_QAZEIx}B`Y-#pqjXT{M z_jjnlyqM~fuW<}(9K{-@TVrI08qABqU%^o}jWjvjSUtVEnBVb&6hQ9MJy>q1+BprLI(#; zqauKpEsLXyAdm*)8GR&-37$HEniVd*$OZvFD^%HIGAD4*FdxVj{u7>G`6`j(-o?;7 zjhHabdS|_7y$O%ELo^C$Eap{sfZ8W>cG&LSQ8fX_p8cNI8a7AOM|X+vryRHe(87v- zaDFv*?CCgv)umt)jl&CVoqPpwj`111lGHW-Ak64)-rJdR0fdUn)nJn{<_;1Ff-Lz$ z{8;sel#nYMe*Mnkc`DD?(*(e&VQ?^8!^J6_g=+jEx_J%)BDdB^tHJ0{IQS`M3)}{0fsDg5`ZGx>I!Mn$03# zv?w1HzXVKl&fCI7`c65yN2XY`O(3jOaot~mC14HOx9`#XMaVO?)tGvEe(P^Kmpk(v z;-BZUw_GPorYEBW5JJ48FjV*s`vgFzxs~dEZMcHH{WVFm##iR%R;Y9TC>pdi zw*u#0@DG6bfj-X?)9L^J7Q%(c+dsen_p>d;62v}$NYYz~SDcTZpAZzt50K!E#V!?% z#-BLz=J;vlW4x5iI9jR#WXIbD!4wS3i_z+~dDA9`RZyTldrEcxy%WzDnjH>dz9t}UL;H-eB z>@BYr((n&=Y8qZpk%HyJ9a3sh1@8W3`_txwQS#GhJP2RnA!ao4{8Q%ICAT_UYApYe zTd~b39wN z-MCdKjzwryV>{784juNBH@e(GGCKGZtt%Yesykc`bw`)2LznwZ-O!sdbwOtitibr= zP#&*}fWLWN5_SyoIkv=|GqWn4pfJ4uIIF^{q28@?5H3dFiVWdaB*X#MGc8{j4q3|= z&7bsenvN5|fekKyV#ybu&OY$T`-LU{;y1LEfhWY5H+#sh1h)!b2KctwV(^rYx9NvS zR6v}18Tz3L@TjK2W4bE2bSt?ure2T~NDuWnLhw=IZ$Snx#aCkUvje|jkOa+V#?(z8 zJ8P+tE=RwqMb!vclo?;CgI^t{gI`t9?YIxAS9f~Z%NI*0&+c?OF&e)H*|Tw^ zLijuKetfm1mo^@5pqHQv#72n#DL~MoO9{A0Z`i0Jm{T!kS%t9wf5}}8(=<{e90j%v z0?q0 zTPeL@?uT^w0^#B9hWE3es%{=cQm?Sn<96J!N$JI9PADTr#ZB$U>)o9 znsAss*&OO->KHN1xBGV3Pz8T!ANBHjX#ne$L;!?;xVmwI%uimtjfhp%oaVNj?|7N6 zXCGin_#BQssv7m!V``>u47LXQar5$g?d){m&AiG@Fu7@UhcZOBXkP8+M%8h;z3f!f zDpZhVy_WZ0Txq|MjL#dQb*fTx>x-x(W{+8*0#4nag3h_dQ9--ScYcIB%TP&>i9)Q* z!YcSWmZ=Ov|5 zw^nsVU#XFu7p$?@VE-mDBT^&%3s%}Ix!y_S2$=U89<(3aXTiC5tqji5!tnY6-a~NV zYB;WDvwgq{fhMFnd(a#VXhN!ohK3i-K0D~W) zlQZy!2s-H5xUQjA`UtE0bq+>+yvU9x28B?h zVco~JaeBqej?fu~kA;$S0t!bEUJ~LNg8Pm4#n{X)h9kp_xV8Yz{0usT*>_W`W(Guy z&Ys9(w8uF69MdUtg)SpNA$n0y7CXT!cC}k)o3*A$PZb8s&r3SgOZ26y1k)}n4?Svs2d(|!8W)G)DXN+M<>{S~U zV8NMUT~=*<@Em~jsk6Q!8W93;G*2dZr(}`{2D~gLtz%(qsKzzyG3F^QsBlYmhCO$U zpvLYmSIF%{&FOBL4j7E+V(<>Iqw27e1!(Ap68_ImkAVqVaCq)Rn6FxXAb?fFTvhub zTrzk!a4t@iW#pct9l^?qbhzT2EeB3vpDte6sat`&a}=oFLHpLPEcb**+-K^NTtSP%z))YlUuG{A^cLB#-4?mFLB6pL>rH7%r4u>tz}6v7|iCN7~@Od!|f4YZtmegb{x^oQLS! z7QY;9yuL-VF(8MME9>bhKYUWu$FJhN?`=fZNLQ8P8^fPq?fh#|BBrXB@dCz^qjam{ z_aol$5%uV)OheTCTc6!NWIce3(8`;7vw*?r0H(1~@=vXHGVX$FJ zjA2VK)_~7?)`7mG$4SCamG}_*6{r)JN7YCvhH+I?_18d%1@S$Ycm`L^ z?_!UXAM=hEn}stZ45k__f8ctQAu>y?#tv<90{1^&b|(4Ioe8*%zUV-_3BkPp=RWL7 z`!?cj=+mvlVc66|pghbWB@g1gN^oMm>MxX``K`>_E8eHhpL(?ycaumo$0Zf}5AHW$ zq^f{~4CCbcbzuWidj{N9a2t;%%u4m((X!SH2Jke*;im{0Ft*FzV1ogfhp2Qq?)qMm zXHU>Ork0(?!idxnQ=inzPwYZZwLTtdCqJ`Cn_NCLB~4r|8K~}Btud0b4>!Abd6!7u zA~z2%We>*Gw9|FV;5+(UdiFtVX2Lk{)?-EdzgZ4PADFxlLoEl43$eBN>@@*hhS~vMq7NihA{&kRRj0{>d9pKkE}2Pamyl$`n{ZBG18) z);8-Qxl!0-s#SZ+q3g5Td0zw?1#^QDgX ztyeQN?LGWn_;dW$tHU%I?e&H1s_&0X0e&|p>Q!@_Gtp+?-i9+c1oe6LJ{NgsK>SyF z$gU9_27v5H2V^6tm4oamAiKBuCg9ejZirt4@E?A$5PY!J+2|KD#{R~UmwW+jO4S6g z^%m;Swn3|%g#^w7lNHKC- z`a%5QgQGDu(3YOKs6U0337vvo7uKl<^@oseB+SKdH*@R<@bh?BGUbvIcJmRn`)f85 z2599)sgHBeN*dt)2{`$&^MW?B+n4`gI-!Y6aMGakYJRUOm= zOu8c6%kAyf)~+%z`Gc38w@lhwDvd@SpNK7kGXN-XRS>lG%C83vV7dNR;{P!* z_02&vEXl50G?Ig`K*iMjBbmxOV~mNmA4E#2IHVK*yTmSqK9)z(2jZLRI|G8lLo}?g zh}|#){7VE8+V++Jf^7l#I+a`Ejpl2PCTEB7eo~$KLZ=UHGn(E*I-GjGmlRx0fdA^v zf(@SM;5=}L^RcKE{x*X=ve3I!j$go^UH&Ef=^`F~gUFRIEc^>Sz8UreJcxsLJFul% zIvXRQOt_3#gDnMHu3aeS?9bFSve076N7b9d^!!Gk59_<3dy}6*UmmKA#*a`u%jyL( z5r8ay-kB)bM&vmjkf3}mZMJk$1O7(nC1J;jyn08JCyxcq!gO`$grcY6{h`q;60&wc zI`rc5R<7P(!XzkSB=%{T9Ws)6(=A*XUr;rMBls(tZy!??prvfEk!JK0wHVd#zV=Yv zWucx@qWj2l%NrEMHkiACmyY5H-1#q@ajAL=>$tA|eCoRS9$~ zUe$@7)^`#+3pBv+Nb&4ZfR+-FbI z0kUL0Xkx)T@DEDV=@RzHn0i$|etTyOyggw>%7N!EbL8zA*6tiNb}sTB3gSs$pJq_(^$ zu0^OO3IYC>t7GLU6mA7OXG@>R6eiJ$yWtwj+G6s zB5-X}zqwczJZ!Im?yND=PqHXnq%ngIgr*~!YfP<2JUFaQz6~!*HBNrdy$LK=ULY_vm4 z^Z#kRROIZV%^%$o@r&H-1vg-kc|a)`w-x zsXKIW*q9Pm0cPG7!sct{H7;ijtl38WtzONSB*;6g_jj@q%tVRPgrQE-rNL0|dkpoZ zz~M5~DVm0rF*R9)B^l~?xJ#XgrNa>_5E%pAFO!ORd@e8${inlT`{{9c?3Eu4<%2$N z3S+8+XOF&JkBK&quHv*B%*-lB(8_jFUk%bb4G`6z+J*Im#;baD&3sSX(}5A(=r5v= zGmb-{s8pkjV>*{(z-qf6K9T6?1JHDUI0%$ubu&EwyBnjyyJw>$1#w6s>b=_pFvPb^ zLZ7_-DF@7m`e~kv?uXIwAgZ;{^XtUN2QN8K%D;QEI_3_|?Sr&*hm`dBPD*w5)E zu;9E+EP#~3EcGp?5h{DnxGmUz79lba4^y`Tk8xGHl1(CNAe}0%aoVTC7F^U-z%tTw zl!yOp&bYT3b0EvtGR%uzs>K&(KLbjnXyQ_8GyemEI-;$&)}Mf{dR6Lx3|w7>dcai= z2SVWLZ+{T%3U6SGM5E$=sx9&6EOJr^qju$*Opk7^|frCEWs7ru$_8&EHQ19#16*?J& z07S<*@HMtCI@h#3TFtVD3Zbyn1d@I66VDWtXVt-(^OuhPK35Nk>;blPcF1MbU zMne2*%*iGzwh1CPM$grrfm(THLn1N;~Y~aniIeB=NBCq3o zhFFQIFOr&QILG}MB{0hGB}Is~OgD^Ui{wW1R0V9d$-IYHN;V@!*6ez9lg##@cFtcT zAJ{)|Ex{cNou}=V?Z%C~v0*Y?wiZdV?D?*}Lg1-);aNBtuw0slWv||g5SI7yJ(m~u ze5%uPi|+YHM}lr%)L%_|q6B_B=1XqB8pT%u#j(e<_@}w_d~No$|L56<1izzo*TnCt zgeyd5!$Gc3AwqfIJf?2b1>jLb_#c)p!R1LV{GAHnUn)9@gSm|6cQ}g)=4R?VoQ3^G zu!q~`?{$FR1T-278mWk4B8p9hdlZpq z4B!mCC=>N(CI_vZtH0@<`l86X#z~-~*gsIT?c@sli~VlGn1t)DpYLY#T&gaC7tzzt z$}GXxIq)$N`wjdnztk++MoolAY*_E2>P~0df&JY#16+NxpQCT~F+cT2%Np@n80ugD zp@)iFd_u3NdT^DrjPA63>^Mlzg1w;qDuCq#gD%l{D)In8<7oU9J0zwgCgW4tV~`M4 z!}a#een87lb1c><;ZkuWGsWL@pz7yG0@4H#FvcoelZTnf!QCe+XCPTZzScnq3dXmIUvi z-^&vWQlt+yh>$+GH8O#Z1nn22KLuOw3j0Ct6VtaqY;#>d9RdP+PAjz7TgKSb#0+Ppl7f6B-**AxmUx(Az@u$ zG!P@r^_E0}9f7Hk&f+K4@q3P^}*C`+w&dXRI7wlW4EVjj~|65GNJ*B^Ee@ z5oCFo_*e&F6U*?LT6eg3cX5Z4=mh@4`(~M#AE4qkQzAThlKS#F87;D2gb2#nr2e&-Nl9zK} z_uiF~jU`X6*=p7TPv-6tX44l$T@L)xN#ye5u-yAPDbPe>__lZ(3s_xZEvM4zA1;Vf9&cG=uHYrA$12EUPHR3__;~fGL^Jsj7pu~v}Y*NpX zBsf%nK52?y410~L*L86Tem9I0IBKo0i>PDpJRg{@ZJZx%_^gINj5ps`EEZgXaSeX% z5F&t&8%EZv#B@EP_gz@vUApB?frWu&>vT3Q%5QQD#8k7+_jYDnG*(r2Tu)X-I)2CE zaWe+cG1Tr3>`vSsP#$1LFj;WZR^s*)L*QR7rE&ks>FZ|!ooF!O!qL0U$Byv;^A%{k z&>O5{co!Y-3-bOj_-Fnki?n_!nJ~rF*BT^Q!=|F9jt7nQjfmP`7uV|>W5#&;Sn8_@ z5G~U%$)-T^iWZW&vM}6t6{(;u++SOX;A9UAY!(h{lpFduh25K1^u{u352rRn-(9#n z8)<}*1ryY(SN1p>g^~UYN!S)XDez#@8R-H0q0kzLGzr6o2@li!Z1e_^1%TwZfyGWm zF*)BwBHDn;1Y;Nf0-^ym>uNUIv;PmQ8APVo$@$EIoFY7i>P^4%LI0sc875sw zcY#BQ9oE;l5)Us@Bi$RN;D+2Zpsdwj#<%sVoBU;|=1v$8SBc8@my0m$LHI=B1~hHv zpb61D6HxaaL47NTr&FjL)v4JlHP^Q>uF@E!rE;B&8@O#Zo*C;q?i<`pFjk&kyky5q zC_bah>I~lAYV3<_Yj3LcCq^oPg=WChG8bCMocNQ^+L`qsJ1@RgVEbYpU-(VwN?0B+ z9f@M3KNcGB>>{cvszfEkn73=dsepgcza!kwOPBC1z-n^_U|ulsm*KU(Ga6~|CP3AF- z?T4~L1&=gtZMKUaFM`Aff<%=Jt+*&?p9BJt^C~5W5x)l&y#+@Q9Q$>5*jT%FvnbPp zF5Nt@J0}Zb=(PLC;{@zs!1{O*St5-m8*c|=OL5b`Y^=|E*~+3q6rfJQbzOeu(J^C% zvGNDwnTiIOFF_=uksd_tEuln}v2s#TYIRY19)8(LU5mI@2CAUVzQDepmYkkxFqGcBrrT;Up zi?Q;xcK;cHjJ~tT8geO_=rT$w! z1A%>$rS=vZH}nU>jg@B==ZH-1Y1;kumBuYE z8)LQyUNstDgV@R*4byE0Y0~~OENk#b%8fV=2VW2omZQfV#xVPTO4^HH@ zv2wlfOmIT#Q;cqRDB0CmIkgD-LVEN3t?__49}>7u6+bCckRp@Mek|T|qR}|9Gq42) zZT0zW%{zfE{S{S(JpdQ$3fu2xtaM7x-)iq?wPv4(a77&%No_Yw(ReC#*6fBY_@(vj0G^M^^K+QqJ~TnV&zLXXW;^^R#}a7 z8QRjaF!TgRhJ!*3WkBOPRxr{5fK)e0J^39VJFRLu@+m~V#r_$or|s;J`XN%YZ=*{D z5yb&a7s1U@_y&E4fT4VgPdYJK<6?-q%e(;^OFu)*frW?(0wXMo@b3<4`eErIH^gxG zIRfvAmU@GE8J(f*5GzZWhwRFT;>&MT8(N3MbdWf}Y{+A+;wFvKc06Q@RgW6H+BJo@ zhm7>;Xevsn6H&+gmeO7p(?LkJ1{W@+)m>#NmFstn@9Y8wx?>ZL*#x)EDR_7fK$|G_}ZrnCOJEV6jb@vgZJTrVEM)MB+b) zC$STqVVb80qva9jCk`0Obprnzjh8|iWcwf)UX^;*)of&x4Ir|t#KSYMMFa2(Xd1W6 zAv+A&z+M>NL%tV$XeZOrC|96%{Me-cSAPccWO)-qzl0=uUnyK(%2e`?VuAqIhysGY zqNTumb)5MY*vRf|^5kDnj8RhM(nh5I?H*( zpbqo3PCYkGa(JFUvO*U3IyFO=#$wyN=p(d0y-r2Xkz(e%E^ndzYW2d6(!Ms?bORC* zGN8*Kv1j2%4@L*Ya4=pID}nFckcfF5@0qu`UEp1Mvcn8r(q#kI07Uj$^FFVjW`Ywt7PN<%5B{vgLAnIyUdXO6sjU|> z(NA{>NIc(R57c7`QubfaIZQ@u(uFUv-!dnAU(*G~mvvPSMk+99B3lXctz!HIyPJ!V zRZH<1DeSjVSB|MamJ5q{t+0iUff#d&*WD#qg@pWhG=shd%*Fk%b;h2xtGwzE)Z365 zE0%!>5CZ!{aznXlMidj{8ULu%mLl$ZU=J}~M1fTE2K-(O^1%LJJ_epclVP>Jj<7)J z!4s3tl3{MS5icJLLFyHp24O$cOQ03cSoOp`CBA++10jdm5@Hbi6@T;~uSP_vzjO}7iGC6G&g%IWjE0I!5kQaAsN%aI=<*pFRtQGd=Gk-=dg!&(Ck(qC-Bm9;gS>Nmo$BsD(309! za`j*0ZczyR`aNNn+)P<{h959Z2gF{%uYH7m#GQ2>3KA`DyAMe zQiO|+V9(3^fUwZMU~O2oKNQ4ThO_Ag`lp(Ujg=v!3^Z15q-NLtG8deeodu`dSQ(*0 zxvAYhDUjHhYA%w}^EbNuqUkjNPTH_Cs(U(Vk3u6ohpXfoNVhRj_1a&BjHnD#%N`VQ zs5p^jKE_-t2fJ5+J?O7C6B~k^c28c)#?7*tjYG1~7K^?tdLMJKdYO@4H}5oSEtCap zK0=wv;O5{d?W=2(<9Dv6I&L)n6ZP6xR~n5w(i_BPo?j@*sCh1=qJQzi+_nYdAmYrDyKt8uN87n`)BoFDW z!Bk$}lN~_g$)FRf4#Qt8;e_34Nj%q7U%c$hVpM$`6{)xzjR&BF)nea^j>|v~>-|g} zdg_gyyne#Q${p4w;4*|4b=&>3anzffG9;UPd&rf=$w|=SmuBsC()ZGA_EpG+W#g$N zbTd}2ZTFvoK6rP}TD^GnJsZ|7-rZ$xPh;gXpS$*;DVadxE&&v%<{nv2Ge*@_lgOW%9K^|yd=R)x!Sl9))TDpKmVG2mNcvrI5>}P1R6~i3H z#;8Z4L^&GtLxqA16TFS~gedEg2jI0)^z#MAQ%3gw2 zs+JZ(e0O4RON;OgIbozXpsR?Q{}-83{dX3%bz10Kk}HDQ!brW0JRJVsUgS+N8fUP8 z1(%hk@fZS_eHoz0V;}LVT-Hb6GGwQlliO@R3!y*%(ohx;y5&d$3@i*l0)>Mz(uae2 zSbwX(+-KecP7@J}auZ-8d_fy_k!_Wj_qmyP|4pZBP2qI2!Oe-AcD0%Ez7lXJ zzTW#9g;j)MSM{1Q1G+((I_)OCinQ0MNx8k$PpHNWa713MFB)q)IcEpG{k2H2v$3C> z_dToyoPvq33h`mB9=hS`kg@VWl<3klDu)uGU?Z8|+7tivSpAxUVGgdi_( zr@=b1r*-V7G}OX=x(elfZa?)-1Npx5;*v6Tyr?s*=)Uj#3IvRL>_(2pZ>B5o@hAPE z6&0_Ag7b)OwU6~d9AAWLYQyxfRzJY+`rIV30MF&g8R$Val?>gEb3ZOYzHGzkuCzPnoDZctv8U zIUb$Fi{sP5hp)(J!a7nbPjeVSeT+WO=7AGC#)g9uqoDJzl{c_o?OeKsNC6zuY@S;w zkM;VCz^ITT)#{A@kHI$lAM{r^*fMXhr|7|!;>@*7y}w*fItfeb4z>fobk6v4)57|K zt6+(5ZIr2doQhOEb$RGI8a+ILI}<1>M9-UFFu(U|UkVBH^R~Wh(t{<;9=<`xYS5J1 zkV-%^y?~~@3xM_*3KK92$=o0i%cbDt6tg?l77g`GTqP@0i*-*?^J4H-y*ZWKyQt=6!Q= zKlSF;Tuvr8o*njMF3QZG0z1VP1pKU1Tnbb0bZ=F2SQV$a^z+Cds=!0|TOR|uy6K@| z4qafi8ZY|dxJ_b>c8nN_^I$-!$vyu%q>syw#*1grGlBU?nC4v4cE_zeAitizASIC;4GW%x*fe(60zQ& zoO@Sv`NUXa5_f2@pB#tq*SWJOuXytl3c{lPYo8;EcYa2EzP$(sK6f=$i~=%Iko7ep z*Wid?GsJn7RW7m|(|Uvly2jiE%bcl*MMPxb&yfBh?~Cf={qlktxfFB8Sw5^U+y#V7 zB1C*Hf;}9)C<^w|K(NR!_`NXRJ{lD9TBW`j?{0`k$y!oT(8*y1ofOI{bP|i^BIQH} zcFg|@=;fogc<5`ol)~$#OkHQ`!FfVeDEpWW{&bE8-H()d-VyIj{5Q-od*IBUhqkdjL!T(>L48;G0anhayHgkzE1 zB)u%#L-n)f0!}Hs56jeWr%7?PYT0K6s&KPos-{#(A;t?&UlMx=C;3GqMM@Mb9Wp=n zwU;>XzCG6EjdBm(qcQ=)s%Z~cPxH`U8jl0k8?X0B4i4OhIl5Ns5#)A@+$uIB2WQ?pm# zhgxs^m{ad{$3K%sl=$H9QR>Uy*45{8G)Area5) zAI~20*GeP(ca$+_a)pJv=NC|*p(${Cbu-ctoa9|trZHogvJ@$F2EO{#Zd6{8w7daH z@M?f6v4Wdgn7osc2?r;}2(|oG@qtnG$sdSAaxe~d`hRR2)E}biMF$hDx#Pw_p;f)z zb{kHr$*rh&Qmb@>)*1*8M3uTxDhY&lf~MH1Ipsb)MW7nmwqT764ZHn|$YpP1XqYRs z4GvMIdVHGDstef4`k3yTTp{nmkti2YaX0xl+BP>)`%o8^GhHyS9;wzEbE~AEs?%}! z@^4skUck{2N@MB zs8Tm0&^9iF&V8u{#-io*J+?)kd+c@S*!egzQDu;L2)fs_jpbP+-#>xd2b@&>1s_>D zW4>?&{;|8gFpGamczpr>R_YoU6G2yV3sME}x_A5>{7D$0I}wpUF+FLviuC*w~A_1EB~~2f!Rg%&x8zG()!?$El$Tb%m6CH#0hl{W02ch+uCa15AD@!>$QkfZH5Q|t@65pN>v_JcN{_R0Ram0 z|9;m#XELDn*L(l}KR=Vt%$&3L+Iz3P_S$Q&{aOnuMT(Pr*x$n}t1qjx{zSbNob8uh zkD-eWTf*m?NnAPauV^UA>_Pw}1J3eYYm0`KlYp@t(}aH|IZT6TUvfCE!trcE(c|9m zNop;6j;wG;duKsC?F9X~83L6ma#9jE7-6h&vCRw(DiM)2<|d`2`*B^U=+ z5Kel0#2L3H3${&Qsnu8ktrLWKF?@``)P{Yk)kcupQGW~zJ%Vj^Anxz$AlyLsot1~% zMj(7E)t4nGujTI@(_tq^OG_OO<3?V`eLKu<-1iRu&5m=V%m1zSE6VqOx%^XgQ1THg z_r(`U^}BN@nNe+8s5pYd98Jl|nH=YcR(eyxAKNwJ@b!vriQrHA0%5P*3VhTKY*N3} zL8rLCAY$f0?L;@=Kvf(v5@s@^dhNpWRN-l8vKec6tzDGd~g@Pr1ux9zuu)cPH5|^LO>GOq@=js|PS!3Z0$FRWahUmX=W&>SC>zC++9HNhU z_h!CZ`VGS>Wqm2r|FKTbqs{63EO>@l@Rfb`4gqh)Gfb}^1R&`Osi^S!FgjT=I@y1t zTJf`A#&TdLdttqOX#1A%X>ly8@gvQK`lP{|qM=ZMQ^}e+$J|v$|=qC>`divAyBr zk<_zruQ}QmE=Ctho(X*sP$eAtF+(dCmFK>?9*&mHYQ#gL@^uuAiFT#TcS~_ZE{o@V zvUPa~L|=raxRY5laf-(b;-h`wlf}H$(b3|>9DLzr5YNeZHhnZ!uXpreHKY}bp)f!c zF2zZqD+TYF4IH%W(EaJ5#0jauQDFnYtD&B~p51iHKKB9rL-SDm*(I z*98YC-+W;po=ewLM@xU?Y!M1EHU_ljtS>ErxC5}mw@h~U46c6zK(uKrJ%D_bYU)Vx zYa!)l>qV2;^}_j5HYEmgL>B$x(*hVaWVz&D#v~j`4Fqf{ZWrXv&60zS2TG( z9f2rcd}LtccE>9=vFJ^>xr$06r&iu!4r$O#byYVc-UjpB@zvqDD&?P z-6+LyIJ?2CMIA`cF?xShS zUM=%zOpSL#b2a)AoL{v9tKT)E74JdQypCV&K90p2c;w&Mz);P`okza$L{}p& zezxWtD(Wp4i#YEi-eYoQN)xY2B3Z|WXu6JvSY2|Duqre|&}| zw@A}=6g>?Om(lr8V~zRZj*6$F-7Z|i7x;K~Xp{x6)Xy|H!ba<`u!8>)9f+Pd?%Y}H zLg(w4QEHYIZnwtl{u5Ju&q7|3T$RHY=S$b)J5(Oz zPw=MUXqmwe-i?j2&Xj*mwD(-k_}8Po=gh^?=YjrC97}6~H)bre&Wu)6m1A?&n29Y% zSL71xDSMu)%?hYb&z1&+TO}r+hoi)vn!_E&Ydm9w&YCRxMLWs}sLSq@aSUfEi+~GO zEph4@X9Z!#1!ra)=4+nk{2`nNi%NE!X%$6RtuuS#1-`MHW?hiHG?O7J9U;tyrlmn) zA>bCgP^mI|KrpJ|PmJ9(y8tI`>HliqcF)rX%`WF>12-ohp2YnP&Tvtho-?5p|u@^>8&X+Zog;Ct2K za!}nJIk#iHtPMf8s98CkgG)8W>H#~rXl^0*H7Rnf#@i`JxcdcI)3 z?s={>1V??xOE#L`E7zHONbfhkir(0dIEy6`6c?@!;zj5!^@m@+C&s>E(|Z%?eHipk z+VnPBA_MnrlqwIK=GwRU^m*>2OJ2=s+`D!mE4O~1=WctQM@IBpxe246mhZDZioza( z`935<^zXZ2q{{pte%!TSX6WJW=>AlATxxv}4y!PubNIpuY-(@?ApXoJ3f&l6rMm++qNtpOvYJzaDU8%v}$5XWTp2*Dj zWLMjMUa**Z4Nizhw;eVoyE>|JqFeu=?z{&qvOT(exB1`9rQU3EPszw8d?s#NL2ZHw z91~71Cc9^L8yI(j{{Xi2s;XTE4mrR|KOi07{#?Wa`b)b0Z66n-VDp2}=c&QJ)|IQ_ zz&&`0ei_qI+S>U2X2h1+e-CRL_0S5N{9dFvFs7 zKs_NC7#;JR&dzA3)aa*oqeeTTJ9e9YYes^I801O~UX9}7jT|W#?gY^|n!k@<$n})h zbH6NAwYXs9V(adXy4~h0iI0rv3MckQnhY($quUSfd)vPzzQ85&_%lz7;hE{Vz7r3V zJT5$~nd!M}D<1CJhOhgK%keeoaxbE*J>E26;glso^_%c8cJ3h0bFZX)9S*cNntsBKj^t__ zaGxDn!M6rSayfrzJCe`vcY-7Nd#gEHyn%)wWk$2w1{OnO&g}l~05luaoWXyPrl0pM z1rO_B7+r=JLF-Uqp3R`4!qG4sN2 zq4mqNeMmnV>A@yG{3N~bF>@O7#Rh0JUC$Zt?~z0i$4E4@#vsbb|VE zn@HSHwwi?}J?820%B8-4f{YDTnWFo%AHIVCY!og9u7M_X$%&RA^0aS31mttExm|HX z4X`oV@}c62!Q=-5D9f{4LIq$sgdv{LC)IxZ5T2WonE8#i(ribCF@Z|Mnfn#h4MMgN zvcks&W>}7e=R2GS%oAu3nU-eDF!L@6-4%?HC~De`qIFm~@dRY9&Kt<#NZ|9Rs)*Cb zjN~QIwU`Lg>ia??)qp!h!Ae$#8g%gNTb}4JwI6y8liEmf(BWpA8!rK zM+MKe&>km&P3mloGq)vE$sDL6<^>|@()d!?!~77>BwAC!6n6J%J#)J%7hyf`MjSup zghV$D78>iyJ#0yMJ^Bgok&+rzm#z|LU7!~1+kA>m1CR%I7xVNyWKHD4CRMRqyu&2V z7K^eP^*k(dJdB)h$o(-pLmZ!&gZf-|n=}KpSQ5Gm`dc7xq*|qQGf>YyZ}TX-!X>wA z{cZjTyo}T@N9k`(q3OZVXNtDGXNEKaG8u?1_0P`29n@UBoW`BK(6=;HRWJ&SfXIJK zZUwUTLZi6Mqe;Dfy=0+7MZVhie}@LkFT(-l^VOgIGGz$OwvzlrC$aDM+VCTT{Wv}` zTO^vJfl_mPs{ivsu%O$HhJI#ef$>Vx2Wyc`C2UK<&riXtr)D*}(Q&|@q)X37vEMjO zSIw<I>2!$XVYgs>fmlBBU zUX!r8dwGr*M(oQ1%Bf8%K2I5gxbvbdxZZuPEFgn}FV48L6(+U@Ws;V;QQE_$F1Y8&hv?rZ)_=eJ8r~ve{d2nnCi(UOPpUWI)Lg zP-~r>ILb7d^K3E4TO1D>!5^ZoIFRu4J61(K?SEl>SMXOl;s<>Ze`LhA2HYF{h0OM8 zKL1I(m}d2;MRQ!Ldl{iT@?e=3&&D)5Rj&Sgj_?b_;=)G=fc2)m;Ul?Yn$CmVv2*E{ zxZ^?{t6k6vt5=D&Wzf$P5;DtZDoZ6*sqVC=Qap^Q)-hn}dj+tI0Dfju~E4K%15 z$|z;9Pyuec6s2_DAf#2vzfr94qEu8;6iY^FFE>%e)+DBB;{xS=}VOF)UkS8AZ@Jk07tE-^2jUo zawuwsIk4MN44S0-Cs-BhwSE4nWPT1yWY}cbcD5`BfgBg{gba_LV1E@6N+Mv)2Q&hO ziW&oI9F$4jC6CA224H@z6T^V(Ya*?WqKA#S zM(9l3gXQU|p^LI(H6@ECIAb-XjVfC_4{{29s=43u+`Uy={#@2VW5%f!JCERG9bxF)C>!)n+H-#x%Kgx6uccp{_Z@;PHT!KdS`Fx z?&JorShZf?<9c#&M{VjN`j?(F#J_jhB#aQR%+sb{ z`%yjKphpg; zam7*BA%y!ZBh|c{q;A+vJ!Ho;sM+Gh)h(41Q)=;AU%a`zW3)HA>Rg^_dl#@c5QlP3 z?Iwd6y)PbYUqKOocnW z@iHIW*n6m=!Ci=Jgw0M8dbI!z8uV*#a%HYtMCL#})uAEg9fC)%7TJIAe z_zJ8lG^v+ISi^qg#b$Meg~dn<**t9fMzYLub9b^Wcsdk8Xv%W#Bm=)u8b6FJyiU;{ z8uM5zPtqbnld9GE^;|-hO)E!fdCCa@=B4CTdlG=|{U4 zdxJs;gQl);Le7|abWF%Hac~j-=ri(OXyx7QMD~&891u97_EaKGqk2wfLO$Y!b^jJA zUg`@e_Pi!F&p7?3+v=;H_6JxG2%-VFbjmzW?)d^COW5nKEO)MscAkq+kGM+{R57eJ zs>v3%UGsnE-#{eVz?%^14=h786Ld$Z=roVm{x1YH||?Es!|Id7|uAg z51--0=VIc6g)G7662WJpFFrW~AF_e78yA=apO=OUFJqMdT^sPg9hv*Ti$Z$1_9Zm1 z36-2Eui|0G4%4{LDHD;iaD#R?8k~is((|B1yw@PoL(fBdIP>Rn)CT;<^Uy{elMlyA z;)XAV4Vev|h077{yrAd5@FP_YUSVeidyiAJ9O9r{Y_coPl8IW+4Oc7;a$d`EoJj zi``w~wB};a9SO!koN79wSLWNNU1l_%;u>zAu+*#Fr6oi+T;+4}E> zW8ivoqSu^UAamtmI)|#@LLdh+K7O4Rm9$5eaX90M`SEbfavdeq@ZllWP+y!OkD-y0 zRg;R;3ogKqJ96;H8@CMWhmQj_TxPj&i#AD=DN$rT4EUTh`~ZQ!(>jJJHjMfb$a!7s zyn;U8NodGWw=BV5R$z|LGzN(IHsZf*Pw$_dx4?Q$m22So1;O2ax_XoY7T6L!8SvWbsrgfKzWwD4qk+` zjlm*(!++vW$pqex>kJ8Q2wp6~ztq8$DI=mQy;hPdCGNXA4p*hn7$I+CbI+UPpKB!Y zI}*v$yRA7b8m9TQF#Fe~TUarv(c}-Y>fH~Pwj}c2dK}-^) zB+MIcDU9DToC4jHdmU7(Xs}WYnSyo7y zDzHMztPn$GSs`aj2-Yt(K1WJ0NAS+;u&l>ri0wl}V>?2?Rq}WfHo*(AGcDD+8CM-f zsvl0Xai;j_rVPhv^$Pyz<;gyYWXT_+yGo*AA$xAVSv6XNg(m4-XNG1X*Q#``eaU%$ z1I@>~xL)-1NO3e(96klB-Ga?cxI#Ko<=g4FLV<=Y2sKMINq6XSA)PthZMJy3C-$L8 zSn9XddPEV^MaRJ$6bm>B%cWKUvr)j~&6fO6Hb90IhQ6({pY2vZ)!BDXfSv;qOwfDv z6QmfuGPg546uUmB(Crvn6Ix#q7T?(0CtzBMgXQ;nWu|u>E#XO#Rmpf?_0#g)lHWz< z_`>e-lD&2Q9B^yyup976QpJrtDjw_se5m+IosE*t4+f8RY2}@va>M*ePxEV zq{rABbmH#XVr1#)uJ!4k4BBl8kEafgDaeI-{>-E>_WSrwO~P7C+rv5L9X^~F`vp>4 z1jIFxk?QkCtIaI(ruEaK>hm9Vy4374wf0i0K4s?Y@_(T|R0X9_Osm!RbmH#XGF_2! z{qr^Tk%_ETpEp0Y>QkocQ;z!l+0Gg}Jz>n71_(kX`Y%D(tqs! z9j`BD{=P5euk{ZjUSG!e@~?PlO;9csnu*}&+$ zGOXrB=aoBP*bZh;p!V>ahD5CZyM4a`|N7F_?T1fJ3Fp#oa}sT|Ws zFRMS9bz`ia(ovs^9>|(IFz)Us0RLH`W}PL&`gmQ_lkHJikQ%t4Ay| z*W0j0fA;aR$P6(Ht9yurGTx+mW%R|Y3xVH9V06J~XJjnP!pT~&+&uv`_zKZS^_H0W zaFCr#1e%%F4if8Ar>`9 zEcp94mJr>YZPrvI3s7f3qRz=uJd!4I`qfZZO1XxdztfME#VmH2Uzlq!b#MzFrex&*F_y+0KgcwD!B=_ zU0`e1T2|)JE`Lp-lY&05L8x4{RcmR%d5>JJgY{~OstUEB$Ihx333TL~A#I=Z2F@3L zDogIz{A4mt8z$FCmZ3AO5co5;LQ1TV0(GVpQfh@1sX{B{ObKaHF8wa|`85BD!DM^7 zW%D6!f6&`6>>*EOy!Zxi7!xAb5lKLogN=H>eYJ&cSEW^`BFqzBfVI zjsnq~Sb*6DR;={`t8U#Qb!Qp^yOBj^OR;D{J)4;KmYyHsN3Xx)Of#1&xKW9%cegK; z3SB)#t(ao9l7BA;2jDyJ_{PxH&FTp&qHEvAL~cgQVPf&bFDVG<_UZh1uB;jQcft(Z+1g4Qa}KD+DxLAEf`p?OSSH=(J4u{7 zg{{AL{4g4YAnAdPszd|pMPy+v>hFWBEPBxdBDZ8b68#qXSA*IxKsa9faE`@RFgD3L z8jX$`m-$veeIc@sgTdfb#Gz(BB9h5m;1Kyq51b8Fkd}$*^=h&^Xl&`HW#;&jzO$ti zm{LBJ=0-J0-=abhXQLMtaNh2V*Not(Cr#3-9gJg1J>xaraT8%JH2?{UkyClDlXZ9$)E`G|B%4{u74eBB<7x`y6U$Di zDVp6s6wwjkkfBDNDlFs(;MQbEM8k)A3&E&ss?aF0W6ZK~JoY0t0Xl0!G5c zZz=+xEeG!>40gqFwPJ|gf|DX|vC$1(ZlMeRE+`4fdnQ24WSs9ue>dOYs2Z;w?cX5F zvSl1fL6m;c1#X9@eF$C`ofs?dt*Z7p9r3w^@fk(t+lh|~V^e)ueDLBSJBDr_yVjRu zz6!H4pX%6LJ}@>fhE5K0ik^uE#X->G$w2K8=V z9QGukAghiu!oHb_POO~c@@*D|=Nr=y!!mYR8r0M*ec@5m;s1 zV6L;pk{+hh-+KPY8EzpzxSuH3133A*lBS)n_1Mb7c(H$gvrFHRAXf-ymUn4Om~4qb zSdhl~BMpuP=}pOjP3ooHR2dBGAQRUIkC^>Hzr-3%F9&z4eEzE7Crnjv^i)~;YiLj~ z1^D0re5t>@CsH9pXI|2C5Z;iW$e@TK~h666YH!yf3-^}9lY+x2@_ zFg>b%Y1;C^(zo~DH+P`txd-!4IQvBUs({eN7+~wy(cb&!_V1|sOLYIqv$LbSi!Qq-S;9pJ^E3a7QRp!y_JXHEmh-|=xu`7a2~6<7 zZ8!i;MM>pRDVq%1ShJPna zu~*?U%D*N#Lf*dT-;4LLNP~M?u(y113LD*?rI*87Z7Q+NmA~Gzw1Ln0uXvW;B7yH? zy==BTec;XCl>xfPg2;cZXDsB5xe*$U4~C;kV<*S%ahh)>dc3jAvJ%O{*wxvw@kZ>1 z95W$dx%@4RU6zL}K1*@a@;mx5*I)G7Z8c208$JvkWvF}wR5_5$MZ@3ibiakl&p+~h z<)|whqcF5l(%Hhe%vJ$K6SFFq-n1@7?zo?#LvO zH4=ieaCE*KN?xw#f%h1Ofyem8HH1d zTsRqpMY!0hu@z$? z3$i^9j1cV_13$V(j;4Tl$Xsh~RDUg%dUb$`y}5HE=Gz$fJ{g4u0v%k=GGEHK(Cdds zly#8v@zK86MBXYyS#ikxJ7M~dE>`&*u%6A;2~`*`@WsZbqAOA+9M&Mfn;AgpU`9$9 z5PZ2%26q33o)+jON5~u9pSk2^?;c{BG|y6FD4MZo zq){3(&WssDA;zOS@?_c9)BZ7`w?y8C@02SIU``HYN4Gz^ReFUcUbHicHDaFF9Znuh z_r{vDST;M&mD#acBX+aZm9ET1rDL^u$u^?GV>v)&guOmc1e~zY?H*d506sDInHeaB zuLC+;{y93|`Cp@RKgnj&oQb6%>iKi@<7wcsa5Povd5AVW%WYaT9L1qT7k@&OQilZ+HtCO3F+N2^rMh(}-WJ%~tL>Z7ZHNuba?6niJ0 zX`=B~7{WXyUT0vMQs-&^9j16=-|#%}EBu1x05dvyMy5dKfx-gkF6T$+Ma3{{KGip7 z>_?vaBY;Q97#!oRK${idQ<-|!*N$S3{6PcO1=Iy4WNNQ-7p6Ls;G}$ip67v~%mOQ# zaC?K<7vysp*c#@!$L&aRrA!Cv+S8JJhP$*ron|%3tD4FEz#|{7`lXwHn9lO9V-p;wTP(4;)h?=|1rxD^AV4+dP3Y0<_{^1CTj z&0c7mh}%w}EKF-8&fK5B9z0QvVld*F?=k7EzHIX&WLpI2k8n_Is!war2h8;w-}fwq zOg4KFrSSS;z5)&fz!io>r=qs&7(tX+Qa8)p1 z`WYMvQuhI;CCFN;9ev=q!>Hf#yGd)XKsb7^7)bM8w$BvzLG4s;$loe@uo7nz@fvgc z(2bmSH_Fo8h~{Mrz~=_ya_qQV9hZkVb~P8`^6j{Oe6Ty`Xv7}bIqle^y637ZtnP_H z(CV5yrE4b8C64Tv=zIz3e9()&rejV;vHzrFQp{wTU)wRg=qyKc%t^iyt6Q??+1*n5 zETeR%WEVrHoR1E308t--HYMokAE7L(L%xNYO+`P4;K=Wl4p~Y2X9ehBkTdWZn%O(0 zQ?hrW+v(mZoszv1z0t}uk6tmBVhq4y3sd_NAG+A(CJ|->`{W^F(eudZ~GZ;bO5;8rff*BMcW|O-%KbQOSpx&IUCNbApk40&9NPP(34kZGC7Q z^`UXphx&>LpNH(Xd|mcKzb55~l>cuDjX9`SOtASXv6c%B-+eO&D z@5+C}g2?Z|s4xZ;D+I%pU@lMw)ur5-1RirQhm8Cyd2R(20hyxm(W@V0H*$g+o4{{s z%r=B5&jK8i$!tvKxuv(_bTQf`dZ5_T{w5Wa1CV^L;sK$>CZ-M?qan>eD;oX4x}4VF zffo8+L4}zRHK2lSue=ys*FiNv=alyX5mFUd5{2O(y`BTD1XyvDq+Y59ls=3T(W=wY zwYwb$(NkT)04rTiMjT{Mbp->gxZI352%qW-23T>F&UT)ZKotzI;#?VVdGQJ#UX7lY z(Th=UU!0{IBn7Wv_B@4P|C*i~L8!4S=ZrP?114y0G*`q5WAm&j<9K_*f0+>rS;NG5 z86_^mC|xO|G!)U%no~>6gXZSsRa_5|iC(NWg=u$eu6#H1o6}9qaO_8~1#zE1%-}cJ zn-Xob`Kq+uW->jQeFn#AGCRj;Sdm4kM=<;4r`XKC25eUnJ%m9y56q5TE4fX;B@};W z%Joi>Ja%WKz3f4xHj5L^PSWwFvUEHLo+xs z+6(sNLM<8rwUG4z02cxkH-tg~)mNU7MK!>N6=fK7K14H@+3ZQp71F;91EG${LMrOH zN=6^B=lnAAYk`ib=a*%(2s@=_Pn{0zIls)XV{(qj6YM#^OtYt;lAF$xBV$=^ zW}ccob)I0)`DJ-_o|-vz3=aDFP~l=SX!113w`xyklyka0LW7Pa1j@ZUgFC53~@3B2txfu1r5FA5x#9&((&&N41i;V3V zj?9g6STDB?k*hzE`0yJ-};d+_yC1To`R6nvwpSV$C$zR^@H zCW^jqG!;vTV%ayEiseLc^f#J{V~AqKH=2r-M6voCO~pE*IO!Wr#Q;&9`i-XIG@^Lz zH=2sq6UCdp(Nqi)#aqA8RJ@ZYhQHBNoJSPr|6imc41)AtZtla8KYEyc5xe4;v=psh zYwq?RZu{W(_yhg+B|1-pG2-6g|H%GFwttnsJF%*t1{j4u0q7oN9`<*)eduxQPWcb} zdlReN=05+bwhwmW&%e*VJF(g@v&?&7s>(HE`q5_#(@Jf|Lwy{68RGTSRM+@F6-`y^ zsg{=dKi5#H!9qi&@(TSl?)Hs(LA1Y7FNp3JuX3?K>YZ!+2fm`f|FOO~3i>Dugeqzk z_^dAQS*t);NW^`jV^~Aj8o+_)V_3st7Dx^6ShZmZ3#7hwtlAJ4w&V5GzK&H5$FM-^ zQpc)>l`N2&(Xpyw9SfwMbF69@V1d+Hj#Uk(u|Vn|$Et?cvp{MT$Et=w7D)ZzSk>@O z7Rb^5Sk-VI3*^{+Y-$+A+1a`Oum5nOa{%r`>>e)D+HU`<#HthYJXa>ZG7-*~9AsjQ9M*R$Y<)Pc>v*bw zGd%2)MGrc{dFqlqw9=`j;pPYC(*^5a*X2kuDd$8fN3vx(-TgFx6ik3sgY@)S=F^-$ zcf0ijTX5$DTjtZVjO(tM!Rv074%8RhZ&F_#a41Tw%7zbzM0d80;Veu=`!IYA2l#>E zQn(9CtmW~9g2e0D<{0x%og@4QA`@35avc|+ZQ!CtqT4VJkXVAj0peHy95=OnVBz>_ zqI&>v+}!q|)Z(!JKw`xS*rWfnZM)QSvwu^fJ74D^gkT=8WG7zFGH27pkk33GTa9!! zTZS!97xtRuv@RAVR57+r8Ae)T>(pSF+X@pnT&`kRFZa%I;({nAR%M~`|G&^Z8wk&s zeqH8u?_*9c9M7=mg=05q+VGSK=&&36g=rdE^!l3>CN#9@wHjgnx9G+FOKw`maX2VG zDt@og+ysNWJLFsr*#M`0>cJJG0}avr4t zhc|Y+Gd3Ve2~Zh*xyW>ySAmDI5SKBh$S@#MNj7odmV%=MpVRQcQ5*+OC^&c)VGurF zl`bO;_7BqSTlUrMTL~hL3G{s(-OxM=TX1AUdqJcE^({>UiT{d*uJ}?zU+_O|XkE_! z1JclaTCSyjsi6x|2Y7CV7JbQJxgyEU6l@=@j5dv7kAPw_F7}Da8 zuoA~Gq+#9&#z(>li!duc=F!S<9cIA-+`@-xtTJ>MVFgDimw-%zkL1x;AHkKdz(Mj7 z7(gMNmuE!`htt3Z#^an07_P%v5QOm=;k0RoFNPU3Y6lqn5|+;h!;c2(%R^u!TjoO; zd?6hm`7BA8Oo!R&7{VeYZ>u~h8^Ho2*<|3C#)r5_0^%l*QXVtItCa_SY`m>Uhr70MO5C81E5W{?#2Vod4 z`RZrJRrlbL!lmZ~h%f^ZMYCI&|E;pT*g^#Y2t}nnf1&a-*tJvXm zfpRW9BMqJrSBxio5RPZY2@K=#CvXzRIFjE=tJ4%CNYd!M@h16OuzW_DI!_&UM0qGP zU9K)q<3(JUzs85p{6kzCH{^*w)PXps>%=qy$2h<`T$K(-Yo&xTqF6s8qO#c0N@)Dz zQ{0L;2mbI&c!_I8ID!O*>00r^S4XA%N?wF%MIb&%SDcPxo`jV!#_4Ba8%MZgU@v-A{ zn4KOGI*xfWFThE8f&-t&BX27Y3m1k7tc{eIPNcQwF*V1cy2}Jt@vfQ z{1pQRp;`FIFT)YWw00OmB(0=DIREbFS25t27HJ6IiXb9s=dIuIjd+GJj%oPEvWQ1k zG1B0-m0|d0F8pTL{l$F42hU6=_#uR8Bn)v(Be>w1G z(cLxdkH_!hG(~1|AL1xEO&m?BhfRqXr_K5D_|&JInxwBD4uJZquO2qZ^^eKfv57`( zrgiObvRpfyhy%Uaw*L4x@^2m zmKV>WIs-3t^5R`omxGt_@-lEyT`pcK~M7AD#-E4NicwNu3Xtqme5I> zBRP!La~#Q&ml^yyei_bo!f3~`T>j)N!$OFo!)-(p?&TD+r7Na{9QEqPQ{);AOsm%6 zY`+^9iLVj6;k<@h3DUs-;TyWeF+l-gt8wJG2%l_TM~U5pv+r`b4`v+n9iD!xs(t<8 zm~uHW`eSR-&2!|ul~M$+Nv->{qMIFmZbj5Ge&Kyqp1FFR!rc<&Sx}K>9*Vxch-Q~1NMz-f+82dt>DMvurX_H1HpwrojM7VIu z8RThGN6XE`jsh;#jOj3zAe;OI%on4u)2hn=zrwkp!&v0UO`NF}*~M=o-m|pbxfGlf ze^B!vP>dM^TMv?6(F5*qq0j{Hp8Nj;iz(}po~5t$`~pv_s^C>+b=%8iU^z6e?~|}& zPX$JS_!!U90l3|T!`n?+JS2|aZ2aPmOB1^fj-20)qt;Eic*c#Orab(5W4PD_yB@f3 z@_{S=b=0Cb2GbdwHQ^=#FCp*_mtiUZ<JT1OuZZE-x_=`+Br9@F zE&`oJ!o~hI(MCG+VvkRV5Bb(d|4GQE?i)=1hyIuJKa2F2>p&D4uoYCQEqvINH*w7l zG$u8lv8Y-1uTyi<5!AHl$<8(jPNlo@JeR%|-H&_WcT);a#Z9MMeSzryVe`wduqKZ1 z@XIww-krMd0y|LLVQk#GkGG`U$zpkZiBKCqi0&`mx5-nz+r%|!rUg|Taau&j_=0;_ zi?=#4WOU_8W6t+gCk|#WD+WmEYGhT^QMDC6h07}K5SX8Fc1+-flHxe%fLj>Jv-{Ya z_7_&*elCK6H*VZI-*dhT>k#G&n6&pSz6V7?dbvnJUcBV}0}Rwc>uI1heEz(sWNFa( z9s~}reDI1Wmr-y`$DIt3&?e>DPkxzK07(;huz81Co1O+8&TR z#^f?;Y&x%W=^m*eq?c+4x$YH{8!@2MBwR!VE@htfZZ0D8>gjTM7&iYj@I>Lpk9e^N zPX)MexzT)E!j!zfpF9~CM9O?HWrQ(n0|iJz>w?XV zUicw}jubuM>X_2&S^Nlj`G8nTU+~?IisPY0;Zml5XY@esTrV1K3>uE!HsfW!n*Djr z6WmAgq1Pgg)*r(dc`2OCH`Jo{(ZC-?VZ8)aOF%~hHwN9f#?>+bclC2)Go7>$H8IQV z6|!Z=CL6Kats7|*bM@`xiFrut9VOk8jm2fc6}^#Y^70OtGJsu@3C>NpA2gMGPje#L z3P~)3m95-`?@^Ei0R(31Af~YV2vbY$`_tn|0TlFdkeNnq#-I+P7p@UQXr3$gfUSbC z6o3vDJ)Hd)YJi>z`yk9{L2L0!yrO$RHR)+(%upz@C%~d1_<&AZ4d*KmFfQCVeR_qt z%k%UXPS}`yo_XxsX6`9nzrM!_y9%e8uO@a3ZCiQv?0*>MC!VK4MzeRhKy5F5%eluq zRQksHoz6EBJ5M!LV(ZY-l_-$%-+3rr;3I_&IDvaf%c-zib$C zJ4b3{!r+y5D*jiozuwovOF}S^Kc=Z4X0c-Yc1V+=o!%&I07iDe9vo_n7nv7o?+tyT zM4pyymAQ3#TLGxy5~gdBc_)Nd%;i~H=d_;dFlVUCvR^R6t;@DwaHX@(uwRh8F2{bs zT%s=5e!(rxx;*-iEqXIsys@N8Jm zXW%)}okeSr|g?!hR;XZgmpcxyNZk#{}BB)k$cC3l8DP@}Y-^9%jCW z2OQQxH!Md8^F)ZwGkoQ8=TIkuoCBOzP{neDFfW8yd6h2TdUz}I+H-i1mDdT&5kf=| zLPY$XAjkJR#kpoX5Q4d9aW{qz=8j%O)^ddBVa6#6wr-0^7}xfl)^iZgS=RHlc+R$- z19 =W0CXSkGhdoNGP9LdE1f>lyA(Pp2CAvH>3-cu2ukw;N6+ehQ4xGyHHOWvw4c z|2YbyxyZ@J=oUQN7|p=5jZp)hZH#L1Y-2PI&o)Nq;@QUNblCTmZTk$2XtD&JDe}`u z!CxWAb8fB{#=X>JuzF(n*SBr+;Lra`Vw>Sln41zG4B`O}2V4yMKTYhy3v}h}gZ!_w zZI`h1iI4DNVtDrNY1`I_KmY5_HU9PH?u2srSL60?%HdC7X71l@zPdi??`qp2KyNy? z_+Rxb-3Sfee5-96pd5)LW(%L;GIG*r+W|a1`LE`0%>N8)6PEuZ)9qWH-G+Ya_CeRi z%@K~?t=pY{$|`vy*0XU}>nkV6)^FTuzJr&YFd?+V{4~1#5_3n z^0>ASc(9=V4|ZROfcFwR2S?xcB$6jYca-NR`xiX6dmMs6Zm;LLxAH$rym~75xColA zS+omN08%>z3x}wB;+2!lsjnMtAF}pvm2Mu4?)Q2YzNdLm=Khwv=}F?aLx#*{d$)bu z3M}F;_-L~f#>~EtpYB?&(mAxH&IYwVkLz$a2L-deT-m$OrhjL`FkfliKB{wjR_nIE zcJ^es*7Lp5v7vR_@7MLw14Iq#uBRAL5Nrh=jq3PM#c*)5`e=VD)%G%bx74d|>=F5WM139w5b7h< zdQw+wg02>|!z1h1s0L@$F^oETcs|N`puC?(9P(gNj^lA}q==ZKN~pxPD>OcBHa6xnGGsQi_fWmm+Hk6&&;RW9(f&%ii@l-1FLuK6=eOt6MJV49$C zRHMVcXVew493CIdwF6hjEI~a(wi^ zWnO9UOwM5sdO*Q_zsKZ_)*}9Z@~A(dC|XS6@@R4NU@lf#-7qWn02g^tm@m7`htu{j z7z*5qX$#}A-4*|P%a^YoVfpe?%km}Z#SIIf2cpzrK33?b!8OCb2ZE0^MyrLKFsc6I z&1^LqWGRAO7!k2v(1JshiN!vU)ytV6tiOn5FSEsfsma5MU4^1#0<1cEIN$T&AuzDi zeYCHS1z}Hub>C>d9+$~rF|B9zqL?CpS{5vQc=h7d)lt=J!fYtofb-EwKoBNI|FH=z zZ~#cqwpKZ3rPrbXu^==GHN(dh8ydUMGLlj&Mp9;Eo1evI7_s|uDBoe(L~Lr#$YXoK ziiOwnP*6{vX#X-<4+EcT^{h1^wo-sX?DN<hb3eQShKdPsj=X z8R=JeiF)#R#u?^H==XU&*Rw+&f*Ubq2#{gk?!tH#U*NX$x;C9y^134ZioCA3@}g<* zyq*H)b&yVpmMzs~Om~B!3`e*!zQEUqVl`3BN#`Tk?v)h8*w?J`Gf+IShc$x*bhxkk zGYW9@JdH1+>{IntF}M2!rq8=4mZ3~X_r!Ak#B0g~5#V}8@F!{TNO?f*UdUZXpvq+jSG=a& zoLCOy-LT`1*3g6B5-_|0CO{t!8Stkq>Sf0Eq3CnbkGcL=7VXW7S>*>|OLB$eAFd6KtA(e?|L7&%!nVa6WHba-w(nAbfeM z*CWA;U!abjnvZ0-fi&SFqpLwpj?mEEkplHs1;}o79(YY@{}{$`y%)Lh!NL) z09(R7iwsKOO&Y#Zn}X*68ku_4#ZQP=H%_m6kp_{?!Etuvu)atx#UYX%8O#{0wLuO) zo=(3^gMhz+lkMpD`l7}6`b6KtPIFIq2(k(Uud<<@2NcL&2;BtjG8@+%@S|bAW5Yar z1k9Cmq~mEn1Jx4(VVv?d06ABaxmKMS78(WbLE0uY=`OyxqM(2aL)Mn$U0l@cYoUd7 zq#SH!PGqY__(aQ57kr!pM!`lPIYUp(A;FFKm6(&bPr~Tqg~{BpUCS1si04gwd8!jM zC0Y=?A1_nX1LsIPKwd$;`=$Bj^JXj-+qW%VTRygHL4D$*><;($I^35!_du3KeiLkE zB6G9)`JI9*TP_3SvAd;I*3%LDa5MP2d?U1$_Y_i6t-3Idpm zx(h&z06Y(>*Y=RXXz0%Ejob_2%@t8sypDS&aYx$%cL0qRzRiU1AwaLiAu4na`b-Jm z#wxOqt9LL9E{}?FX0r>-r@nae0NKK<6(epBl6O^`0Af^kH>b)QRaS*a7wv%Jve3oC zA8>Oz#42oiUty7d57p}EApD-@sC_*a|M*i4>P($2{45S9b{IaQmVIfspCiw~r5zKk zuoER;4NcJzw@JhkIwJWj^=HyE06L^Sg+vNf;bjL?^#2gP2kWFZO=iK1$$JoBtYtRX za25t^c!~MjCaE}p7nt3m>0Z5^^nthgW_6!D8VmQf)QQGY<4%>Uw|_vXY0zmSq=y&h zLkj=EW-G*09Nor&sdz)OJal{VB$W7=5JgJ7Z!x@Qp+^W8lTg ztuE9t2(M^s5q^ol4TnzZOWo;HC#3;SiPsj!CnL*()SU&&*_Wlbj{-VfdVHt`3kC{B z)%ME#2_;+W4@dJmgo5VxCa~gPe$L7X%jJM{U*h)nb}=4XGQ#hF0p;Lwngc3%nHenJ zN&vUSkfF6J&#&tiH&~py?6|&eaf9mjheIi|7Vcm??OaVpqp3G+o|xaP?#1bH(4Nsz zMBBaL^D)vuP3mBsG>|@tQf-y6sjq~{PtAS7E~M0rJ}Y!P8vTP0q|wd84eFHBB>yJ$ zjLwKHt<9|m>HkBg3Q4LzSg8&sSEv2G2>)9?n$*x*&G?@79}-pciue_UeSJWiK8IJb z&F*wR@GO1+pxqM;Fe)lnh+c7Lp<1=kqJXFU8HB?Q$5zm#@;z47Wp=~=twt8qK#y4c z@6sd0nGkveiM^tI%*Qk$QwJK2v z|Lf8$w8o90rI1}J@q5uOGPEDaa~u9y3!dw(UIfy^m&@v3;Su$4U!$t}GfN2G@QClJ1K zjUqjEwkO#Irf(8VtTCyw5@qea2sQ6L~@e&WLOgif*U?u0VYw z#v{VZ&^-pH+mNdZ-EZvor2AdO<#^A+JVd}jh^HhcfZ3&IAn-LSd^p)rfM|#M_obz5L?7rY0A*=hn;Ch zp&ZFxv3UaHE zJaWPfLN0R^hD?&5(=+^&N49Jwv zYpyBJsBW5TmQGL8>NaUtz#`{zi$s+fY1E=LYI#*crHV}o;xR} z(=N^dBv?)=5(9PtwMVy)n0fsTLVC8N9sPTI)}X5anL=}09~Iuf(zHc|-y<3W4{820 zK4NCIa1B%iJcD_ug%@;Sm4iqI>ZdfQ&8WVfM-y~hj9ZxUe#MD)6e!6hIfhA3@?^c*6$M0NyM&U3>FX3Fh+x_ ztI~Xgv<>POya49{G!!x`BJ^E=W);4JUsSwE#*OG^tLq_;Vo&?chzk)5xN<0bO)K{k zq_YeFVb%L*N#3}CqFOyNK9 z(6uLlCNFcv7Bi%WuEg!IoG_dp8kTI3R3Nr|3Mf+`4!W z02){jK1FK##Zn>gKta6D9o@D&y2fSJxvg%&;Z-`ax-2eSjJ8ifM=AR|Q+a#N#e!Cl zm}rrHC!F@?s5{;fkq)#M>PbkjCk^3H-&!yA4rYUNI@MipU7VxF>Qvyg8CV2Ym*wY? zu7zJCHRIPX7ZI@I(OcO*0Z6Nt|3-!sVR06M8`TcsQ0#cXp7`gM;7RS32XkdWg%^FT z3@Ys_VJpN&lUmlRlR?z0M=@m~kE}urJZ!2m<^$HrR-bNxayUVll|v0^75J3tL|X0! zPN~_3THq!502CR-*VmB-uTT$>9r%fz;!A?`k*m`+egfH`!HTRA4Q~N;kF+CJ@T65A z)o;PuY$BVt`rKHxzG*h`6v=oKlEHH$YSZ&FO2xrGtWyL{I{|S}e_AVT)u3M3CKv|e zc66h9M91~~5gR{EJp<9t8`Pgp5H>~2|Hpqz0z3^YVIEkxRX^0R!9!_oxI)WFbe-OB(;q#z3(DQNz!TSEZ>Y_sF#q zV%dmUCbJs2nv7Op;k2DDzBz^0>btsd99uYCg$XLkH=qwA0IX$q46N-3sR}56Oq#w) z=BNciC$A__a6s@Bs6xW_{2C9zj&ucXlM2+nE%j#h>fVhuy|#^zN;mZUm5KNEe1|_< z{5u;PzErvIPLs+J>pue(hiCFTO=_T2%joNK4QkhGgmVj4SOR?LFgA>O?#8-{GZagfyAyr&b=7zTc7Qt$3ZjQ=1wLE{4 z4YMj}r6>YcMc|Us3$uRfyPK z%PE{AG)p3y)%SF8vVW6$4hW-I|Cbyh&RoLPdafZ=K%kC^Po_TS!t8`=dhyBJO2b^B z1V07wrqTX2a9ej)yrm2)*S`21xSebn0u`Zzm|>U1hfTU745vjV_J*cH?c9cRh15=j zM40fM`$ytFMjuXSC$>1B!s!NJqWiPLL+k~VQuQ*fVVDWHE?mQ%g8@#Qxq#xhYmii= z8%h)IP=IS4ncii&9<*#X+Bd`BU;_^u*nPv?28I7>q!OuzYtlu&yny3~dY8?9G3cx)DsSS-Km7X;;|MOnz%piV30h{V?+4J?PbohnmYmpH|R zcVbE3q*mJ~r_PeX%wAcE^6)&i5HU6r1N6li<9 z49~*f$^+Cw3W>d4S)liIn%;9lccUf#@`kj;SI|3DZ?_BKeyHJ4O!$#dgN~UiIV`Ya zio@-pMjaEDm>cbwN=!^JR|_@k*x3?WW5*hv_Ny6tm5#kzV$ZN+aU8FPvDfI>h{WdG zu{e`ghS;78eA)ALy&gvY^HlbV;8^t)eI|i?Fcl-8>UU-z%bbgVCN&LA1cqo*Lv=%# z2As$rub-JLA5hVIIaK_bj8u&o{w;1b>ybmLKqCq&QMHd-E#GoNYPKsi+pW&CLp-r0 z(vVNE5fZ9Q&BprQUP5yyj&ZFmLN4$&A%2$(h-uVLEV#1QXqU9 zIZgyYevLz3o771*xdNqv54N;YI3R3oX`v#Z0O~>s?^REZAq?sfUPU+e$JtfzEc_V5 zTh9)B^{pOZy+`vq1eVttZ_Vwv7^oJ42BO}=Q2AwaUFKAG9j{gcim5#huB7bH_8j+tQ|0w;D{Dt0JWXYcw&*)>Oy*WUUM2);i8Nan6?xRpD5}^c{GDO4=JNpdE zl-GTBYXx+&*M4IqLrz5^PsD>pyvm0pXEb54I)Lnb4a#=`0oe{GG^hvugD;eTWF*6C z*D4$Hd8ibkEisgF*vL9xq8`8+8dcEn6=t_O6MNfu94i8rPKS&638?!KjwWlMOZ1{< zH5)Vl*PAOF)EJ2|7VZoi=3)BUo-0deveA9bbs2*T$_qNK&&^Rkc#91Rgu}VQ#$CZ6 z#uMdPC&9tW@p#G7FFHPrw3Y{Mkq0%E@ycT4kq@*eVN+W{>N4riG(CeEC7v-p3}>6N ziMT%4q{fyAIhvG16Ud}^_+0Zoq27|#jV^FGB3|{kA0cs#G;o47hC6G7u98rhosa>e zDd&ABho%O9HW7p3w?iSY>}bKhpyxq}&H;|8tjNis!en8n0t7VFs7HwfIpNmOiOGTx zyO*Jcq(hrR{TtMP^lL4n$s_uNP9X=rz~7k#rcU8f%;vHYiSccRv=YJwH**;L>rbQ@ zYlMoN7`j_ynJri@UaLD+3i8pW%4HyzaEnFNBioPk*XPsh#SW}*zTo>gs)@f!&jb6Q zWvCN|=E`*WBfOZaaFUIxU;Ifq`2`1;f54lXm9%GJMgA?%Gj$u=2U#qIeAWSnbii*A z5O4QAj<@)OJ_>CVUN`R-LwEzL($Mdd@Wb$G>%Ex2SgELlZbikc1e#Sbe#<0l5U2>i zqb=YHCI+|A{a!f$=_qr7Ph6%JAXR@WM`%pX_HI;PbP@ z1q%dmxt?N}o2MXCH~mZ&@Jl>SqKttVWzc~vb~sPcWehS8WNYuvRtZUXqibIinf`ys z@h@leVNLJ5?%c=_$&x6uGmcT0_XPQKo{t{c-l6S?6JO zvq=@CL#KhjMWrjlmpZ#}5i|pfJw;a5kwwW-9XKtA(+W*$%c)jqcxWRIIsWJ!9?D~9 zgp50PjhxVvEo~n32!0PJ1)o7LXS}+;QzjBks#bC~%s1O!ZUuyBdlsp`y6Kum2%*6o z^!4M8?l$^^ji9+l=y8+>Jd#;|aQfG@cX}2+jv+N<1j+3v)uldKEf|8>ou2BoJtm^l z(h>g5$z7F|sp}1>*wxTC<@!E$5fQ;7WMq2syaU5An#>WeudEL=rKY%0Y3>2H%!h`4 z&>23@d@H)`Fs=!1XsyV_PREL2V5kD0b1F{IZD^ejXW2)DMLV;`CL$X+J2>9IMkh%O z!yY?IAx8L=%3gwVcLP>Z#{5m{fJ0r7YS2?ue@%9Mk|xt4n~cvOHnf|9_{2)?A{RBJ z0)j4P%Pr%0xT$%G7FnyJt8n3SH@@lm?u*hxEvI%EXEkFXxqFKg*a%)xKhuSyPsqV6 zj8J_V%aUcSpmRn5G5^(k2@`t$LO-YPL+J5{lZGPhdA;_KU~i%h zjQ<=p>=i9+_x5ZB<<*p-hf*@x=Lsm$LOJ-{jVNXozq8QXw{UOdB=zI(VFc>#gCtY~ zp}_p{>)@p;;!)=l2Ce65UyHo_oqKDFoZ(YDYB+Qo7%EZ`coE(vXQO1vXdu#?SmWIr zzEK^(IdrC^tTk7KjOKv)@K>ybJ6=->9gj?hESfNyVC)aLqu8SSf5?0P@FR2w+W^pOK5;BB|MFY{(P~Q?BzIT7h*HYhWjWGiw{%IDu|p=!4#sn< zO{uMFACLQt9RNn-FnG>ZD5Y(NoF??~V8Xr><|>POpN0FG2&uY%r4&|ui9}y;+rKF` z4=VG~HfjH_AebH`eiYoCa_Sd-0$`_gp#oi^H$s_Ox#cN5Lw+#t9pts%9m?{zao=cR z>n&<=KGXu8sXFnzT#XB$Lu1gBkXZ@Qfm;kO5#Ix>h^QnC0pv-hE5BcQtPb*X?$<`!BXczv)=eTELzTJpVdvfa8mMTGLe{u9R zw5UBWH+4$XxT$$5U-Tn4l_S#G(J9iYGxZMl_vULe?(St34^IM&uEyyLroUpWO!7Tc zf1W2|{#wN1p^V`!=ans$`PpiAI_H;RQ~U?Pe4I7<+;i!87R*kGG8*KA>iTw|FZ%8% zH;?=~DfDcsz)TEDE-6!om0d!R(YfO)$h=i>h-v(XN8_LB>tcn`4>*ZTH#_hs2V{jN zF19+Q@{cM?%&SlOvaE_qKre-~edZdRDOjW>WL4zD^MrGWAN@qgK#{1mq&#(1?0iKz zCDsTfv$l#Dd)9))*f%qC7HCdvf&lBxf+vK4)Sc$WKM#bb&Z;N}&aw4o9+Kb_&0>_E z7P~w(AXcV`&Xy+5Rz#@@A|w)q;jyW-sxCIje80-!Y9w_w;Ca=?~Y3I*%Lmt&b8*LgeU^~bh zTC6h#SYX^|kn_mTay$DLdCg|c!jmusx{INvuhRP-I6nkoUbsgGCKh_F3veTY_Y07S zSmOj*=CcNne_8+G!GmfC;rT`XCv$t^*T5VIC$944z7oF*4$*vUJ#kll?LA7&0;Eg-igu1((;fqWBXfy}f7gFn81Cc`K3d`A)}VC(gf%d6dC2nicfVp*p!)%4t(Z43rIpB_skOy_eNY(*nW;8p zk={k&WitA2*}sW0Zzg?6M~+MTj!TD*O9%U>LHgmHXH@3f`j;rnKMTEuGSZ&#pF1Vr zNu#}TcawRchu0^NCVxO>kC?Sh>^OA~d(S}uQom2 ze}TWB{@Uez|Dyc=eY`6D{q*0)AN&{i!(YR1Sj%VZ#rQLJVYIyx!=cQa_`i<2UBC{2 z!_kXfSeZONv#rd-!XYcuo-Pv+~EZxMT zkJ(MwkvJT6K{OV?0T3Ij(8emXu?jSX$>~t*=CC!>X)ZB4h^RLxeqt(PG7?jRRz(o^ z&oFKiQ}eNK-!rwKy`rG+_Cm9BshpQ09D?UH@tKLK42VcfEk+_7nqG@xm8U$%?#ff4pSYnK*Te6=y}56Vi_ zW5dE`ntpEX!;L?pk{w@1UEd;4--IgjOL>+lz}u=ffljjC7tgDX<=2`C!-T1xvEaVi z{QNUG`k}sAW&sf64IOOrmwMsfj8BFm6tfmis(y~_*8K%I;f(m}H}O^-L)?6D#qq?{ zzF`+ep)B*;k(6^m>S7$MqI?0akcH6?U#SDcMV8#mi?AO27-9Z3=bp*>h42NOQ)hlJ z+X)0}7LSwOQSv*wNQ;Qyiy{e!(bGMcs*Vl6uGO$0B<=B^~2(~Wq;>uor z9IiQRuy4e+2S0|Vu0uy%T4nx(6ID@;_?4h5kT?O?Q|pc2Cvr+uusct{P4^Q9NdF>r zcHg3qxn6HD!4QhBM#t%pzBzU)hP3C&ub;mi{{lQW__7@kO~uzAU{{nTt_~)eL%7D8 zhz2nx$9+~hAbv$@cGF}i0G#6fwwEBB*1H&ou@ArMacAT)G~e?&648g<*5}6-qV*p> zp{?V<8|tY3tEr`E?c>(F@T_AGwt8V8YDZm6Cy|NSO}p#OPPsVhiN4?-p&HN6m=8{XAq?MOx?#{6-*IY9Rix zdZVv8RHNSDM@Vv@hXE^@(~Uh}pec20tX$T|cO!fKi^hX)IgmtNFmY!PlSdhpR&KE_ zJH}DzUr~jBt<$yfa{QKGIJWmM|0Sf-Gmaq6C#{%A{mai}>FYgOd;}7Rh_o-o4)FiT z13>H2e3Uziy4LkdPtS))uzI}Ovd!5ZUJ2KFc>V83&q-;oV&#^o_1KsG<@e!-|LH{q zJv<<@78LdT3V#t@l)7g5YfHS=^`$+l0T3)bJgrPjD@|RZm-4v^^(`tkbG4VP1;wzv zziVAz0w2w^V(YT3#G;ba)qRT!&E}_N9<~+~rY=uRD@0amil9UrC9O+CSxpyM*XIjm zsRHYIy=s#>EzNfJqP+I&3$(!CZPQ9XNS1A#r#p%EGlOI49)ycHdOzr^HeKQ)#c;tL zM%0S_QJ{ZFLwRZweOjPv(oo*rk8Ts_57W>MguWrrg=y%Y2>nc;*QBAl2pxPmX((4{ z`oW2B)|*3}bVI`9SrrX9_nT6~>&>facsAg%0kQl#b89iRlCcel9o?WMY;3JZau&Uh zNy@4WrG_W&K&)o4Q5Iti*$c2pi_xGJm!?q<0P56(^=5t=#4v``s_3UATMUd_V$GNj z?)a0;2l7;gqA5w&8HhSPS3_}W-!T3a!DUtEhVhK#;+B1!n67kISW>x@2 z-|XZ7m57M(#ZsPYd`Il0=n0TnY%mVb2AU)Iye8LwnzF>-gPB84C#PB49wRE*>bD52xRS+!xDuUsdz&gxnQY=0vF|6gQMJ|&f$M%zy_~gW} zwyzdhBt`aWky8@G+P_+46^o2>-}B-8(14>O+~IgYyNFH-%)xJi(g(LizXQcDiZ6 zxXN~YKV$HwpZqA_rkOwc~cH@kbSGXBmR;a<0hnh2jDgBTly}l^s<%JXmD=gc< zL#qHZ2v14%#V54(4vb&W+8bzEN~O}+h5#yHv&`aW`oJk(%%hL#OoE8r)Hh-iZ4xAFwUd<^fzV8$ZN6mOr5V-c4?+}7$%&)M z2*!~;8K)N?+n-+r{@r-W=Fqs${({M|ueBLA|74kcCdkY)u5~G%I~r^L2X}@!*m%Fh z>O{C148;*c*@o8|^cPI7S;)PY>kAGq7X?k@{q~jc_;lQc=gTASKSWVr8bv&jQn|cu z$@o~@+;Xk63S1!v%ZaIx2=p3&%a6i39V|mk%cCN$*b)JvqSxI0 zpcr#?rdTgJ%k@2|)U_SB!GOY?1elj*E_1m?xiWX2eH+ADb*NYsV+`(_amag#I$N@s~HrnJOiF?$>B<$Dc%dsd6mc z_8TU}R8(K_vL&7YsHOpYJoHA`&Tr5MU#r^{@X@0-+v1D|^Y+s_Z~~`Mkv!tY8RtuD z>~8b7(Y!K0krGg7f7^ph&&tuw;Qd6 zC?D`pEZ<8Fk3NDFLU6?_vOAloXFI4heT~4#ZF0cB9D`H+2#noYWiX|v{ z>#xWh0w(IsJtqjC7#&sD$mo!e3HT{th1HtR=Q1}V=<@Oef-du;V#o$Y3K9b z+3lq6Q-55>c+mJuSxVgTK=ovN-P|)ME60ByGOKmcvi~ErLt={{gEdS>r(4o*dPSVsSK!`DnU)lAu0ARf^K<0(GeFt7Q=7>dVZ=v@4ro; zbXYaxg$}u-`*SS`K4CygIiG3DD2H=ylnaPbaxq*?N; zg~-JJ-yNx8pxu1lK8!SBVZ&1y>MTnu1J+kZzt^9t`YrQ64_Csv$xY(nZoFx|gFNHP z7EWFwu=n!&A}d$G4wKCzUwwUy{O-d&EzeAR$DqoLUXqJuY0F^8(low@eu`~bYa!ay zV!Kk)(sTt@x$PBR0^>azZgQ?oV3m&Ju0%=>F$nq=*W>5DrVYb)GEF|$)c(3OX3Nw&8aU0%_>+93q?!c${n+69Zk}*1PeDU8RrKwe_MO>eIke*{?Y+Wv*4IaEC?Ml)>B7eg z+!x&=@KzT-O5lO$8v?&M-2^_}K&|wMy<_j6qP{EP0MW~6^4A;{t#{*T?0lJI%`Hnw zZ|3(y>SCuvKSe_^ugU(otR3`L*~ee`nl%Nt8-|!ezmneKxmbEc;QSPw1y|;19CQ_Z zPh^WoUNc&M#?BTDb!MyLzOIA*^33x{Phy;N9O>b4B*qgkVzUjLW9dnO)AuadF^xAn zwC@<$wpD*xxT?=`P4770x3ZJNm)0F5bz55X7&>JKcM-tP=g= zo$P^Y|KWUQwvDjwyI&2<{UWTp5Y%OI-$({Q9>P7Z(ZVzI*s8xLr<1OgzBRZYECD#BryHy1oa{*9d$o zOq3M>M=rXAa}w^m^SwvjTE=k^E;D1f=jMrF=Dd-}tMEMODu72Cru5>$=FR7E5;V~K z8Gm?d?Bl=4VwLR9;iZ0dyS{}lxBly@usjbFPD^A4bkEP0?cWPV?{Y3<%H zu5a>MBthJ<%r>p7bngJb!4(|aI)1pUi*;>S}#)Hbg@ z2j0+5>H+_y9V=HvHUL&3)4(>(FNqU>flZro^0z+I?mI{)#xY{_pyLf#AL73XBV zdEP?56D6BV+yNNK~r*jhp^=6Hmm|t&x>?Q(MDegfo)ik$+m(X_J zdP(cMo1l{K&&4R&+E-h}Tj2Gk;8hM9pGL*;?FJl^d7gM48f}@w`|!3cj@1@A;={Gv zl~cPRfjLPt5HF?j9&b0!+=}?47eD4Auc5X3%fox|V>Wsx0Lj4Xj#PA|=M8oNe#SBV z6kEIMc{%q!c_vQm#zpW+`5*6S?aoG-e2h&G^s6{NvU+7(WFsYQt~g4|imvy2Z>BV% zxYa8+N@hI@t(8I-JSN>xO-PGC!V1CJKp2`Eb^Wm|ZJzs3AiF7dWhJ`E>RS3C-jTyP z1`$p3vR60=GI7HbMcN{5%w(yDrPOPmxTT&&spYQ$Ss355D)Haj zhXUiC!DFfZAH2(-xCkBg|A0;a{9GKF6Ta`gHWw>AX6wA>=aqlT82h(;y zo%!znx|OFWFsII3sX$d_dFcfzgtg%m^c4na2&!ntq$`fW4gwm4Fkv)RWcs2+iA!K< zCat~c-(0U@MGk|`(4@>>S=JZ-SgOKbfD8ZS^=UQu+d)?i{+EsPLJfSpDgK(YAdXVT3iT{_F$&h^b98n zd9X}6{AconCz@Hh2<$BX0WyIpAMqA{$VL_H z?<1sCx{M2sdFXm!8U_gNL%-`X{R~-?`|J^T0KsIwxkcuA5!dg?AU!O&KR(ZuF`wMj zI`owL%-!PCm!|mjCBV39@_(@n?Z1WQMh{WQTr>;i_=yp9Ucj+fYxdmET$%&3%(3f8 zY`yt=w@YXkHSoQRxH#uh=aQ6ahZSf@tAVYXTXm?`|$^o$#Ep}ri5pbTm*%0 z^|$eUJEE~zjGMCs-w`@^D{`*$GhnW^f6{=v_68||gEmkTHZz;X0mYEwoQIvhRV0R0P_Klvur=z z0gyvC{+JjZ6qG&KrC3&d(AX|OC#{!7<&LQcTHC?GYa(0lXZeRs3qdm1o5|hyCtfpo zE&epsn7LbES1(JR1;nllSyOJL3f?h|vyDGcs>J!hhV zIfuvwnj-wc!yauBa==khYbLK3iw)Ou@A48<9G}v97kp`xAivj9D(lX1cp#+6dc)Z{ zIE~x8Y4iI2&p{gp?fod-GX{!jHvm|9GJ2guBar7;nPK;+QJ%DV@fo*MqBl6%=%su- zminQE$6b!7ae~;dN01FXZNJ7}r2}X@Xy9*X46C<~;~seqRlpL&p5?5E)GE8gA+GJ; zh+vy}a~aGu7_-Fr1-r80Y;;4C6n zTkvSwDYOG|*oHOB+G^f~pzJAd8LTcB3uX*|`yI5yaN%ubLu4WJnWG=$Fwn!uNv9|9 z(MqTv9@u&Scpad5x?)n{#>FHb za%DCLq(f%ZQeLiW8p*z$X_kJROG(+$F!y4j;E^2WC$T*j3vV-xCGV@sTpywc@D)!q zT{#I1;QfGjWVY0qYtH$#pXNjj`Uyzqw&cRl%EpDc23W`#1mDF{ZFeDeGcdMFvO%iM z)$z#O`dC@DIZdKas4@3e>&Wc}#h7XHNHG4#^ESKJi6+trgG|XO-k*}^1Vo>kgo#*A zwMnLda{$DQ3VV9oONa3_ONehewPpD;kZEcB6gc4=sU_02&J|R(CW`eI>IoBhI;96R zxO&BVH@I?0Ti$gi!oPu6GICq+g>~9ypE$zgiA-dsDU+vNMUXyd2)e6)`_htXQz0z~ z{fA&WSqJ=&qJyhyao_TJS898a!}lA40RQwA4lSvW1Xzu-=`hM{@|NF#Sy~>RE3Y+P zH7hZ)Fa!`>hqj3aIk#LZoKd?c0}5jDfxIM*{2V|z(y=bj+U}Ok1GJu`SE6&9dBQzV zrW+aRpMoAUu%1&yty%fHOXuq(A9c!wZ*zM(XESo7Y4ga9b{ic=ru^e=D4zfibRnD~=0LTt;-8E&Ak#NP%hsjue-6l^-d83+F51CWML zq`(#ymjF>075qo{S7nFu?BRq%ky=mAV31iIf+BEESPT1%jZcCsqCrQ5v z=FP}qb29VdM=?E0Wp$?GC?zk-#ucf~T&n&k_BF%s+$j_s`K>`v7gJS>PJ>2=Vf7d9 zaXW4f+eRt*@SxSv!&gbHRL@MOVQP0V{)djtNHp*L0i}vAKy`aTaK1Lpfnh)tc+CmLC=}r}D{#h~}3#`Ik8PzP{T7<_ras zQ#0Dh3D8i{mltTL_}l&g5-4L{U4&s^_(#8Di~yiPIKL^i^0@whC{ApHC|Qe-o5*J% zKm>#5qt`(P#FUz8Uj2cXD3czJbfZdqcyx}FS8JZuyn1ut`xGKBbIgB7epH(qzAwDh znS0)(deUzeTDFCTq1cMjAR0@pj;;qOYPQ`fX4}>GirGdYQ96qy?Pt_wOCoE_jS_+i z@gg_uU*3Z^bEO=gwuugN2#hUE{l33@(*E8HU&9S2D&X%cgbd*ClasN&ZgVO&o0y!T zC3;aIu>=nLrc+E)9SkMhsqwe10ZHi@cNOB);IDj|yowdYYbEufU*H+)@>b%OAgo%y z`2@<%uSVD>^6wxi$1Jss2u71Wvr~4fwEP(ehdct@=diFj_U`3QQB!jqOr6m7Sr*nrt08(@Ug+q`$M z9#L#h?aUMz=2lqD>_ENWk9eB#(M@z2mYB6m9bfrWH(oMge!GnElEskgG;BnD=3G4e zix`F{`mi58ixEI}(B!PEMK4eeL6b!Yn*65Xor1{VA*N=9D1qFZjZMzXxkz(xtB7RO znTuM4iqsNQ1k;Q`lSROZpviGaf^PYo1cD~3a2;owB05`|IGB(oQl(IY4C)v;S%ApN z!KUnFhd)G47UGrSuZ^7izKX|*oNUl0DpLRHXFPT+KLcij^D}6MI6p(CZ>E%uvQfKt)+`YjGCHIM zP#S0+H{LSx)p$$&c8A<6*msp+J1#^L2kKTg#|!2MF9v#6rzgVaR(a{yd;>8W7>L=M z@Wx;)+njHB{U{i{?Oz68Ns_M)t-B#e5t#l0jI^Uba=AI{l`XZl+cF2{?yYVq3Ji<4Fk@icW zY71JIVCT8i3gW%03#(NY+b|`V0z0vloifT!bZ`ghZ#xEw;4|56pYZQ%iD1OvMhmyL zx@s2odne$2FqVJ-4mdD3HCb=s6B@m#$henMr{JT)xO;=WGQL}#La=DlAZdQ4KmkLz z5D8gRC4|(Pf7c(F-}MLHE7l+NrdfY*wt60{VGNFY$=ZQGI`db+cEVRjiS0Vo9i;EX z@lZvGH|V)4`K!!S&610Zx76#`L(DfoKLV=oLL&?QMN4nspQiunp)1gOGj*Z$X3v%Q z*}5cz_#OP0E=%`Jmb8Jln^B}^9{x!)2x;}4>_So>X*?9xM~Lj7#nbwnc-lZlJZ(e& zc-mJGyM?z57*E?1uSi@K7>er^@yUFH5&nEzcdqy1qQ3;tPP8El^!_DRI1O73nA4oX zP8coDt6{GQeb`6+AL3zo-UVXpcwc`dqV;$_3JQ>DaAvoK#SlVrrpo*_APX7`;^6(O&JYf6;7W0iVjxhx@0$Smf2 zdp<_I>{uy_qw1gAl?!cTmZqI}*$WhBk;!)Hn}&@PW;cJJEbPy#I6h)_f+8+5n?@Z^ z?b{B%HGr!8PaI`OhqnmNIAD76{!veWIx zqRUh`|JJ6$*~E!2BYqYA{V(D>(~F&~pQ>N|;;rrY(TJYper@^xzs1Y;8$Y&u{=bYr zF322THvWQtA^)^}LOsTKMm%((md`XU@tgho;JS?WfAqKO(%A4&|M!CQygr0##kR}! zsT-kgt$4`Z-^TZ~TbsEH`knk@aNYy*i#K84#4q#uYkhrBVVf;`q~(BMRh<1TnC64c zO#YeX!86B~p!D~UM{E5?)*6J}C=;_;0SEhMzb3mJm?7AIkF*n8>&yu*9ENGOCRi`T zdf*g3TkZo3t!~Jq*g6Cgq^Op`p+AMIM;2u)*W4~57cBCkfv@jYpV?iZlXAb;B2d6L zvCB#>IhE4jbE%JhT`{x~q}u>*@n3%>(a5Ishirw^*j3|NRbTzVJDsNEQI>_7fCooW zw$_|jDKx-tcs7Q;YX_XLu#Ir98u-nhGE!di8%=R-Dgj-%yQ+R8bAnhz;-(o0q;7!; z*oPmIV-e($BzR2FM|G?WuLGL^vEf?tyi>@IrBUkX*6|_C*4%=_9-HW2p*|ioPUJ_p z-j(omCAbwX^uGjZ241_ zA7;wyu$C5EuSn+-IXf8kDVF-jpm(?>K%t5X`j>~{^|k(yg3gWWi~a_PqhDgJsz%J{ z5HoA3OrQ0p@fES5z=`$IIJ_j7`?9^oUS)ST!k|N9T8;bgsRcli`h)ckX(07Gz290R z{frCQa2xRgQpk)3DIlc7{a)VUNU;VwCZ<6@;?pITqN2()lna~I*2&~M9$fZCH~;#U zeZdPK{^kF`zdY(H)^hsL(uL77fQ6UXO}K%)&{=t|r)-DXb&n!IF*Fg8--+_$Ra9_h;?1DX6{*stv=7K9yGyp^{WWRxu_s!BxR`D{3FO(GP)SK1(h#MewZ_HtN%(O9g9G!h?D^Qw3?0HzBc&dR@wX{(o)S9hdNjjnL< z=ZMl=x;U*g+*%BHNrnN&gQ^}en=htHZ{WAb9Ms=EzrcgW{p^pgdw*)ZIA6Zv=hQozi+YB8?_lyYcPhnqp&S!j;Gqh~>Qs&hHiGTiX~ zyjk?jG7}Hba}>|T_ZnWX2U3|Lt2Pt#N6$ix9P5>S-z%g2h3_rDXwE{9fV`WrRpF74 znF@6Sb+|vF;}Ut_w6^l1(*MZ#L}$iF^DEv*H#?F)Nlr0B)wQ@Xx?22^bg<+50CxN1 zK7$B@<`u<^Kq@CNB*TV`of-YK8r!>&*&K7WcNb!k@?f}manf4m>4w<0mEkx41o=mv zfbm&VoHtq2FqN2AygBY7ywycm%ZV79Z12B9dT9`mRh>TTw(zz~9{)f{4fGT%BNtUm9{LDV8pe8= zOJo5*e)EDl@ZfHUXc%0+`Ohw*_oYr7_nG+^??#}9?yobyLc!FadUJP5Y!iNo6&48m zTOb!hhmU*2Cz!uVdCU&r03lHIW`-hzd%NDudRpiP$?|r`4Ms3wuNbB2r@eYJ9k5wKKvG61$?nK}t2TER*S^5+E_QtqP6Aw0xvAXMJAo9?v5QA#f zPBsA@TXF*GhcHMieH00L3)GIk7DE@=zT?p2F}ARxpLn2Y6wim`MiOxs0QWk@4KzZg zyWU9mg`hhD!MQNF>?p5qEgjXmxv%x8&;O%uV2FwW_C2vLB34&5DM0t%N$7D-}W>w~uOOOelKf_OxcoEK_$v3YRu@D~!Sfb~;r_`%b`LiO zs8suV=_@pt`JE`J8=nF4Sol!=i~2aLOr|kBKrqDYyv=1U9pVmt%!VR9Nb%AE`r3J( ziqjvA0&Xwx7{#+kB|gFo-^eG*<7L)1?198DKZI4VT;G>8lQIrq(E0c_xGYUh=p1eDZhbV~0O{+9=Im>WK0;UR%A`;jh|l z^?V4z12hL^vQzFxJKWs}?wW5^!Detb!r^YQN>#bTeGcGx=1JkNz~Qe4*Va^$xVIaV z5C4Wto84G{?w+~?`1RQOyMdA;d(8W|M^fT*0CSs$a(W}w-1-Sp{ ztl?$Y2v(iXlSH<9A6Pe>06Xw19?64!k)PGH2fE9Je=LsL=uOfwQ7%YM zrdD{M6;s`pZl_s?Q?V%VDeeU+xW)D76gXT)n|!u(S2^g`H0vVZO+%0MWO6?WwAGWxbaULhV@`KhO^?| z(4cx1DtO>65xaZTT|e5qJzv?Ul@IYmxIH zQb&|A9=1?Zzry^*`2|%^1^-@j$B0BAF^li3or0T-FKLgR+MzEX2ys&(?#Epm6!(*E zDu&Okk2V)MbV4V~9Q@G7{Ep}cZqcbY@fdCVZc*1Bv*|h6rpNzTnJ>Gk6rT|WP2s+` zqdtef*wknn&;iRch_ey%vxCI5pm;Hq0T~79Aus1~9K-cAgRu`EoLHET(9b$)=T!O3 zZ&NP5r*=8t;~iF4#r+}6<1yaoc~0AP=G|;t=uPiO`Ozguq^CqrbyHIz9NFNB;1=NS z%xH6}Lo0$>#h#Uk6ZoM;oGnkl9hWIn>S*@t7;VG%l)2>!{7E} z2qaM%;a4bD^Cvcb^eM_FmtN&|nrc>uUc@F0zAcb{c*?=SKCbxHm#0p)*?L5DR-&KFsP%oojyQ(zJX&+=*Y|XsB}J?j6nd zoeE7q_)6h78`JDh+>0-o0%Ph&>F%Ak%3%QVEU@J{h6tI0Jn1UezM3CR01lDfqc|~~ zxhQVf`_=Odm1C{hglP`iAeZGU>-t7)y7N?y;2LXNY+-aAS4fX}T|TxcE_}{Pi0dz@ z>TB|txU5jnB!Aoegg1pX)V(QolU7{-gLSm|A}S1~&W+7i@J#}KPr=cxXrwOs6r0L1 z%Vg0H@cKL^O158To^O!uR704cYV)Lm(7%20!S#J3nnAUFMvUiggzPEO$TGX_$6|{V z+$i9f4c7ZIw3o3SU^S>3IVTaGsSZ_>f7u7wVr_=RZhJx818G#^huc}zf7U2p28v_jbTLBM)B z27CY`y_DznZ(Z^@5%PT)TT~#O zPp~+o-w4vi*`&*a&6^II8N(xQqfJmV?H=8xJ^JV(G8?dCp<7VJzMoWYym!hL0w1V2 zzuxpMvbQI=Hq}sX4!B8w>>}**oMe0~qG+PKsPd{Emt5_bZ~Pi)mHADx;1N5cwR2#U zetNrT&@Flribi*UK-{-k!16vRAAQ*=9Qz)EQ%9Ri=VkPiYmex8AmeunF{Kw+UAevf zwv}LvmtlCK!pUkA{^D-SOXgmfoE##(0AT1Gc@k}88D6?4bTCrzo(#q1m(viZh>Mj? zCnfyWP<|J4st0#|cu^DI#l&4reKO?~RJbS5a`b$E+bH~OIojZF<2NJ{^&zV|kf_hM zs)Ie*07Q9&pxrYy`a`q{er~(b=BH;l0MVZ~C1x6fNCt=j6Uu0L$F%3yEO4Jw0Pz7% z0e>5j;e(F2o)g{V6sR_5t8}AD2UKr{D=0N8y4C^WWo(<4_vQ*Md=Wz;pF5&F3Q>aH zLP;$YW$=k)Rhy@03#C01IP?C(fybuEH5%My!_zV%h5STyc==24Z`Oyc>TqIF#JU}; zh?O6SkEE;W_CPLJ$lZ;1S;o8qS7>W8CnXnKow>W4 z2IgFmk21+@{KZHb1Z%4GmA;%SBJt}0)TM$-In(^M&QZ!)aL`R+yrVDP*jX_kYu>g& z4Gk+R24HOC0T+{ZhiG47s)y|~`Q(Y5L9KVee7df)e9(Y~)=fF7`sj3*&08@jXSt~< z(I08Y{`>}~WBEl|-24T7Bk@2U%+yDk>?VAjohy$T9UOBYdq=jxJ;x8QZt&8sXQk&G*0C|qR?mXJTN_yE8Q)nx zFsmW^O^i@RGb3`4KH(|wMg~z9s&9QU@zo_`trx7FV_u2>kM*&AKhOX8>20sYf8KKJ z{P+-5YEAYv?N8lf9Zao)V>wZkPvZEb6z=TU#5JUegS}@R8PhBDb=ve{C12?|-}*%9 z`+Zylu+lS0>3a)pphG+$Q|JpNX6B=8hjq~UhtT(;O&=~}wV+u9N1v9auhXUP2EC3jOIDu|=k5f7?fB9WO9^%9+ZUwEb;w5!#Wskdt_H*fn_Dr*Aj=GCIos{UuiK zteCfNS8Fe3Bpxke;wfghlb2p%L`HjI1;RCp;r@;4z7f-bhzA(5jz%v)5gmrN^>9zJ zs;;_k59caQ2{4%QCvLrMe@;1Xmf!x)@wHcOjL?OMn629>b$r_!H^D2(<1_eh)0Do6 zFZi!KP*;yYz3Bkrt)N?_b2>c}7#^9LC>N5oP*J@@aKe`PHdVZrFNkM_JLP+ zfX!rTLUbVtr%rL0Zf43AK|4~m2%>xx3R1ZLdL8>8T4vc65+EY5wjPIfpSvF+|JVsk z;F(JF6(CWB1-Sp{Oj~2D&U^ggR%tnMetdGvk%p$rT9#%v#7k0>qc6Kv7GO4d%}q^- zwkt(LZHhkY34$EdJHKgg>$U;b#p5m6L&jTmA-qm>zH?s;)p~A+O0jxfNb%

MeupKwCkFwIE_oRpK3kwBcOk6)W4-m%p?Czm!u^kfef}BO5Tdb`uD#n+0WMLz~xqB3=6+)U9Jj4wuc<3HkRTEDGA z&c4KD^80NSAC zD#zg`?9L^Mb$!H(`zdgJUaVNHgC;%^bLGZJFW^|a4w-jmBE34ovxb%HBb5XnG;bj| zW95p-Lrfj5GvNotEr()Z7TXxvA+_twV9h{4D(>kVHC=y@YVF8HS=Kgx0th@1w5fY= z(bUsjDSZ1bTMBr+;E$*WBz@7 zb>s^CO}_2T-Q3!Jda^r^+l3`$J_}A~1^_$!kFSVaX_ua1m)@S-7s_SGW&?{>Nl`Bg zUWK2zUCDic+?~jsPS8x|0+3|UYNzPx$SfA!k$gLpyBz_aAr`I4ELxW?THCK^ltpJt zQM9=_QqSC-$+rW!n}Mj1&0H;Y!3~RkJ6-e|yJ$#?2K|q(i8L_x?}6NBS#OTi6HcyY z(JpIy>)WRTHAQwUA*6LKv3`d|9kv)>m+Tg5zROZBTcs>|qZF0gxy*HGtznzmPBrCf@_ELti>g(5ypk){Zs zw#a0uYg2Sdy6DArQI(#DMQOK)+7Rod>7slWgjls`K8u!1QE783b3su+h%aK@%cQQY zCDYPHVJv45A7D}15yB@lteBW-L)bF9g2nsw+U10>*9utoN~bRCUFFnU9ht#Wu8e#v zI#Y@Yy;aP0do9Acv!t#qBThI@uaz)&sPrl7u80g_k9W21I~^qZ|GZk}7YvRSk;gCr zQhj|aOXX$76P$|cBg0tnK=Qp%?rv*+glj5G2c$GGuaEdy;85~CY++z%H?w-4RF^@! zIx;+6^hCR82u0UN=;dbVU}ou)(xpfAE8S(64oPX@>0}nrQBImhN>!VKQBJY-kyBXA z<$&R9ES>L^wpK^z%Ofl-FyL;BoQ|KCKIub|tdE?*JTSSN1Ty-SzWGzvFo7H&p4>QtICO#@8jNzGhO)P5$jus4UkuZne#{-tVFKK;^DzO-G?!9oz%*PvA9}R}aKZHs- zZ8GGbTZ>^Tw!V}F{o@lR*u90V1Bdq^$(;l8=hBqqvq24q-v^Wf)z(OBuasM>kS+Xk z0A+S#AI4`15GH^4{p`JYhtL)?hpÐWHBK+x_s8_;I)@VKBW(q;?rhdquPU07Hp zr&=AVbR;UDDAAo?OhyM=fr`q;@ z#lWjMg@@k*+@^^X0!P56gLI=kVZTdgsDTjh7=`G`bO;*{tsz|wDsg}&E!RXUQH5{U z2r+ClOG$Z7k%!UXE;$*jLWN-VfxK5C6lOw1EQ%DXLyVOWV>$jV#NRpi8%Gw2K|zv+ z6m=fWv6{-#Zn)Uy;DF{E{2^bELxaeHM-!+=-w@zMqBfNZD_2-PdL$(9cN9lA|MWs) zQIS}gmga$sFgh1e0;}cC8Q|Tk?S(PsgNNS+yhKZfsI02klkfqSi zRW?O{Mgi?r+@C6x1E114pwRsarObkW7Adq)prI#8p7c-jb!{41L8qgZmhrFZcaTZ3WvMN$U zhZK<`^*2qC0BFHtWVG<75{(pDK#Gh(L%wc+Z$uVoXF=5qTL>kff_lLgkk9tO1trO; zkyHRmngI3bq5?Q+1^gX_7eHG=qAlGDe_i1eFh#jnp?^~-1x#t~Q0Q|CrHm=fE`@GU zC}ms*s0SL3_OkFtWUN~8xoTmr>L#UJin5<7^ngNXx73KP>{qx^coj5%w&=%vAf|MH zn8Ij)l2oDN8$=9T%+l&a1=5*WXO*a}P`2ujUvkz$sj2FaS+ZrT&Zac8WNV``yCKai zm3_TJA5$m?4B2{^&}|^f3vP5q2_N1k`qK*yU^X;>m8cJzB4VW24D#4GQvXDWzD{i* z1qg@iK&z@igv}`B#0fJDE~`XN97(WSQQBsaFT(2L*q=$hA73bAq(7UK9R($9LbJ4& zC_W0RTl?;Hh4K^Ib7c|PtMI=moZ3QB?NI1*3Z(#R0PRxf7KQT2V7AN%d@q)30+}Kc zycx{Mx=6n@!Y6i(vqEr5(K)_NBfTTVIDMJkF@CVR)xXBNC*D7%4Wxl=jWyuUR8Pq(Za3V2cwOS)|T}z+x0>4s$AO zf0{YWgVII)>E>clCj1EH=xP-u7mK+v{5PtIHz=HTflkxw75fVTC@VPzqr- zXmb{2(prdgK4@ipUPL;e5Gg*QqEmaiJ7{gKhDgBkD*QnSF7Z3XAfggE;$_>jMZgF0 zwnKg_3~91zh6p`S_d=wp3S4^gK}R`ok|uV0A(~+oAxpcRh$wJnMxNf%u2&}4D4a88 zsfg-6g|Ak4u{%qxQuqpm^F(*HFkS>wc$tYLl!1f*(m`pT=AztYN6IG}T?Rr{D0v00 z6pFDMP@b6urpmw|8TH~X-&G0XcL2E9oh2~Qb&h3Wplc^R)A23DF1J(Ll+qTZluA=0 zO0!tu%?js8VYiZA?lEY0;SQ(Og|cenQ&yOXwNp^a3pxr|3N4k$-hiFQQ1A#!9YBei zyrbyuINRYK2pK5u!wzpTh+VchD=Wa46uqSU&DPyn)?xp;Jwxri8%(6R$iOkzV;mc8 zvd_vs(z=7jQ#(K~o*u>@0KhiOEPFdEtGjQEVjua5rI@)LO}DmQUM^)@>viLH(7$fy zP-{=}qY)^$7Fcp%9^ntTXhx$^R0U)q{vg$?sRA&BR1y9lZv{$&i0tiPl?d|4dGoUO zNsNUfEtCT47F4x4ULR>gLTMlls~-(pfC5QBk{8vIGR5g=))^(l2eY3!!w&VH0)w*S#>*deKTIdnl;; zl%5c4=`I9hm1xs@m5|r9NU0K1rg`0(_m1Y3YhI=1P1jVFrnqGR&I4L%RmhZVX&+t1Dj<~#UqP#+;h@!$NiV2eIW&c_Cfm`(EhMe z^q5k#UQ-)1wNX=>Gs0mnIf_6XS zfjp9d<>1Ak)`4X22&^!koHdbVU<9=R7y^sg#+pbA+km;Nsdi1RKvUVr;6wG~@o*=w zY@aL)z&{e0v1;Pt1r7_b_;3N+*}5~!de*zW4`CyX1(ZNw{0jA-AK?u*|#)}BO*BXvhc$!YExo+422lMM0cd3 zflJY;t#yDviv!2n3>{W2x`&@SV1Ug#@O0|ggdsnkkGLeh8(TU$qz=Loe~Js zzpiU2CejeVDod=r`A7f*XJZ!wXJo~|<;%fPmc~$upDqT2GQhw&&&99_3B~X!emNMb z(io;^VmN>@z`(h~#(?=lt2dw=svji_0g!65;LBuTHp)Qj;%?pPTDMo5mbyjhrVBHh zo}+aax^?Gh-6-HryRQR}-R@qJxKB(1+pdYjSar3q$mzGf5vq#N!XONo&w*_?-a3FP zWr1?17g1Nbun39>TWz4N%K^pW=yD%**$XVPpdkR4)(8-$v3LYa09Z=XSZ3Q;lBp4@ zKRJsdk>Q9!2BzYE)k~%N>?ej74&i4#x+yj~r`sZxC`VK8$<+696Oz6p*j^$>->SToyYuA(2od^2tq_?q?nc4hOMZuWujh)Ps zT7^&U#C0FL7!7~lldY@%A@v&HWELdh!>Ep+)(gzZ-ihWbhvP}&v2C&rjas262kz_I zmBUx4I}-==WUN=%1b4eY^a1kM`vj>LySCWc3En6j zbFny>iCkI0XjgPUYWtX^SEs)t!-m(4WoALp_-D6~vONFvxeUeRPJjh2I zX=YgeIA$m+YjOMyLxZ95Sz+b{*y=&x1T)VHGuts}z1Rh;BSTnHu&gW| ztDAyR*iZqAOpaEpQyjlYQFusECP)!Edcd1UjVnaYafDb0GJCjNA#M+2RN&$nhfm`+ zYOjcRuM|r6a8R;Em)XOmjoU<-kBL~`QH-uwNEyU(&^nOr<1WJXWQc`afG}Gu;Ipwq zWU>uoc?N$^34tsDZ`~;e@zCY^Te5 z@d>w=DY3>5;l(-rZS0WY$EGOA%s$>hT8?6D^jcp&K?+4vC@#ni;na=Wq^GGb&k=Y) z#^>R;8{ZOkUV#R%55Ue_!p^Jc;xKxu1?@l`L&LFY!cX*a4T_CgFNZ+L=a@ns#}87k zYl^yr6orXAiYYspw;K@7{^*x5pj;EMpoh@;oMhe3M<;WpZG2HgL(cY-)`&^y?8eJD4Jt`g^{p)rQ zO&%Kos>?_cYrxY8DN&CBxepMeXpevhgFg_@e*6))L|NV|(1N+@FF=cwFhox&+ROPG z-PKErSdjBn2Fe&v(5ff4BoH8q~rl~6>6i*Cj7}hn70=Se1Q0X z1XII5vho#IF^uV!5@^Q{RDF7L!o9PAA~jFPxgzr>0B&^y3Zw$g5}V3&7Kg=p3VMs z+lN}6N?Qr+g*c{{0@w`GfpQK}t`VmS+TzLv_1LQ|7b6cT&hDtS7(Y3OW$!`DC3&A< z!7gxZ_wYy<2avc|t)1zSLfY-y{p&UlwO-JcgTS#6Ez??=gO=xN%TfG6%kOB*-A)5R zX&|E35b%x!N=!ACjwQ5F*ZreBh1uy}mmF&CLigwJizWCUO%#E?K-!q99JvQW@gbl` z50=?I2;Yg?g_JS8Cr3tLfPRkO{&hQsa`nYeTe#RiqT+0~VyRZ#oCMpU>rfetQdy+6n zcX4lIo01$uFh~o*DfKwbeaT4P-J>foXzg{dL~Jaw8`_OdLI+i1@}-clsJFNnIzT~C zFv#axt-a1tyc5G?zO^^KdQqETIAB(j37V$E8e-e)tXwebprC=qq`P!cnH!Vt(j|@W zb*4vq5bhrHCQ#T57f<+i>H;aN7QJN#jX?YI?R5)eO>g`}=FWrQd*RrcNWN{I>_oBY zurA9n0de?ZI%0pp)-1wY!~w+0qqt7%_9<HWw`)+~iE$Px}ADY$-+82^`8nQO^G)Xwiz(~=>5b0+2knRC!jMPZd z?J!w5y3!0aTf4?Qi|W!_G^{CJSWUVepot+=bXm{Zc2naE!pe(4-GZWHUbXiCv?Do3 ze+nS@D1>IRn{8vE9X|nCfj^w@HN~NeIeb0-KrkK{A{+PjqvA&(99I-@E9^?}s2B1zEk#`WujW$qM6JSwpZ#V#Yw zjh!MCifb>D{dNju54~KHW`;Y3>C&{*k8Kg!AhKB~$k;4!DMB^jhdV(EG-I1|^{hINP&6kBSIFN*4Khe|f&;1VY)g7hj-5x~!}>*YuR6c%FD%$|mQ-6wJq{8N4p0Zt=ktM#vmE9E&SijbNsM5toHmXIAH3dI8S%OE-im-9$ zhJ(RIj~((TOyp5dkmB5c6h}W&97jm)#~(56=41D3AEF?n24_{+Dj^S~hFns^BvoZ% zTX*?f!m&1bVXHl)h}(!**DPd~!7`dV7A7EUzKvRd(+vu6R*{zT#q#pny@K{&+Jzx) zk7GA{)wBx$^Bgo=1ndj(dp7=-X79=S1R_`kys%>eXmAsMqLkVtz$iu?ZdfkcW*=(Z zhY~7(N|wAG843q8ETm%S%WRmzKJ;O!+k3!4s=AJ9S`KU8o5eQruRTZJTkp zy0)2&BwT`XYe!fcpRRJMt|k#qRra1+mBK~C^X;l?=4kDOQk$9zvO_>O2V{pqcHFMb zLvXn`sRE@J@Ku^~yZ!4rhgv&fg<{U|pu^cgm^uo<5T&SMqfwYYau?*ttHS|nhho7i zpVmPV@FI;u8k~-Mx=`zhuYKeTP=1;SvmJYs&c#DwMAQ0xR&D8YOS4CExRj=S7I51) z9+Sm!4@TEokOj`dFglyDesjp9sBKH2vl@?yowp}#PGEX&d`)K1T>#45M>A-ywR_A9 z0LY9-tASGnCgd{k=xN++8+uq58V|7u1XPC7vShM)89ay3C)Wz%SL}qCBU_ju^rU4pWHC7L^q1o*~ zjT0DZ7lslwF8gR+hkf}O&O~c31-r{eFc%1d=!9mF5CIY@({s))xpfepCNt_z zHo97;P|Q=qam5o=I2XXYS)uL9#IjzdA++1+;($*>_Ts>Rp^t$%pEeby`ZcIG7T;Kf zox3pma9+}8R-2*5JHu{{wH?|Ux9?&D3CHA)q0~{>u24?Q6LL+Pjtgw}l0&(nQKvta zRZ&~XM`>#ZH=-QQ&|6?Fa_KBmtk!OJ5B4vhlvnkOfq^puW|2+!GfHm)!|}3x*?WQ% zODpAiROrF(4D?`bkSy+kFaq{4%Ow%JFvs_{t8pi_7+i2@2J+w=v-P&|AaxcQoN9b| zJUUF~&AQM56EMw3Md(Pwo<3Yl3t)Xiu_oZ+HgMuP;wfGWEyvP)2uL!r# zJ0ocV2y?@YK7^)W;_V)o+uL4oCX}eb>P?!Q_KLIkcW8SB?%X8JaGGi>J?-rkqm!vY z?bn^1>^T8t(MQSd!MR=S73ZKp)au%4+A9i@J-O{O##l#^J$WdDeoA(GSms=m2@{*A zy<%*#$JaiikZlA3_OA3)wpW}7@=B6saC^l!l0AOZEnwY2tb0BR2_*yCD~ggmL)vGI zW8D)0&R^+4feVOuV0*>*WY4hn8O5lKU5bdUz3#&HJHDCxAb{{S_$u}d%-z{OV*<&` zX`fM&{CKE!qwmm1r+=`bPQw1jD?E0r;*5bPG>C=V7)6BZRSfn& zKEs>b=gmz@IVi{+Ky&TTwHZTDX=uMn2uiE)IXF*1O_Ugxj%Y)aVMRb<&g%T>NH)Yf z&d9Sv@G6FD_KE4RGT@jI)W|h;Q36RwO3gSqGiYtb2n4L*`#F!#80jDzrN~Z6BdbLA zsY+LVIyS8UC{J^^3TyW1X|fSzS#gGweU@gQna)N?A9S5@jCGMTSBT!5akfK9fo7kR zCWLg3ak%1I0VL-sSB3q!I#G4NEc$vJLy8C zr|&dQaypXUq#5L-y~&5wDgeAPqZtN96l640fOIIM89Grt8O`vPW`4RE-d&7jG!sEH z?4TUL!x_!cU@y*SrWg~9FWEELo)|v%=rXx8rGaS44+kYb%8|7ZXT-Fq7yz(PRzw@X z+lN8%gxG*M01dM80q_B;lmk#BYn_y^-C%0o$P&kL%iiVkj2S(E8l_wmVB}fGS(f4Z z1iTpl+lbV2GZ=(4h5_dC3j%qM+IB4&U41_QEDD(HH;iLQ(n9XE%wNP({18RBsADtl zw5J9Js?m~4donc?0AMjg_d2bv*3ASaKu%$Morc|O|2q_kZN%z^7D%|m!WGL8!F2>2 zXCJ_d96*BiZW%#T1G;D?&>#VCxarRdFirW#F-riZCj{Wn6>Liax4M~b)8p{or)Yp2 zPN6i7LV)QvaZM0-C%0O?e-&wbj8-F{AOJ(!ZP_TUclgIOgQ8|#Jq9R4L zMT#Q~Dce`V!H?8Bmc%XwLS2~6RYFZ@uT2UzGfFCC{h-#sm;gW zbsEA3o~JS(qXhTg)&L(TUbbbQ+vA2x8x8!3%7Hw+2;9(`PhgUvowiPG17l zx^z>Q%K1#04iKe_P6T^v-!lR%Ol$memVwfLmuxEM&0SR@dfc@@X7(l97@cGLUPohSlsogH@?7$Cwn`v z6r)Tj`1YW{bl{PRnMd#=kc^i=Iggn?KA$$-i={f ziE%(jX&A*8k6j#Dh}|*AsSJxs*;$6&nX>VDd#}rFRH1OT(48_HpSL;FFeMoSkGa@p3qIm6grz;;yc9*|!?!Wrojx%`%VesIG(OLTA)CIaQdE3i znBtYM8dRjSyd2uPm}AK00DbIp`=dD8ywUiAu<|@8YCuzQXb)E%S<_ud+7jK|Kz zGuRVHc9b$4Pg@im_wkTk-<7!PpK06Zn4rz1}?%SkBk)^f^3e-gViR zwfA0o?fc#dt>;y_X@hFYm=o`QrInco0`dF4G?&*1)Af|8OYgIIjMs9=Efvf%vQ&rvy0DAc zAo2;&vgmq+8+oZY^Acr&@ZHwVtxgN%|f{!7GzhYYD~o z#^eSX6_MYswX?jfCEmEE4HP}>ZHafSA$}6^TM)kq@tau*l;J9Oj#xpIIltzZt4igW z!g{J&juE}@ugbSV8Verq%WTK5Ijw?<=SQzOuBt?A-5gh?Sc$KZZxLTbEQ*py^o{IB zatbMf!5x;!>86(4PIkJqeoE;HSCjS;fYiM%?n3yc(t1yeT#+p)@9HAN0^!~5)Kpfk z4qdAcelf7qHD}zI$Z`%_YF>Fqun#Ma9w*ULjgPdJvk?JN>-BuVRA33Mu_xVby{3T| zU2Arjysf{qx`5wec{56*&FnjEoIJ7Ojs~RZjI2=WOpvP6bUOO^FgK-*_s%3)7u}^l z?RN5K%c}r#N=%E&F)gu}R9%O$naZ=JPYhDmEx&w(82c%RD(byHg0e0?)DxXL$|YL4H!i6cj=){W&{ ziKnIJUmM%2Tyrav&^{S|-u96kb$e`H)m$J8A(W;JXo~o2;`rSLk~~dCvb@d_uac0io5PYZ0zO!oOxrxKP%0}7}358W&;m|!Q1@l2SHn597f&-f2 zQt1qTsg?*p24~$u^`H5?AwfJC*SIZ<2MU{AePu0U zavg#b9m+U%1+o(1MjmMjE<1P6IuB}Aq= z$Wo1}HPk++U5SI`B@-UtaVsYB$08%$KAE39wV`fK7Ym-Y-zV{Ad9{P_k2IIra+V}w zYkv<0$mycLpC?|LQ1#MaooZdqn7kGkSnyyczpZv7&HKRO%^7u7- zq;5#B)2%5M75pU18EYBUuFIH%Y3f&dFkZ`WozbPPPf`chlrdh)kV>Mv)&xer2Xye7 z1JXZYR2Ar+`6#PjPe|*qPw_&AMCoAo!&rd~w0(OhW6me7UF{G0#@s*a)#zGXFy?u6 zI(hW8%XTc|#m$9aUpbTNmFvgeL6uvo@dr6S^I&<^qTBKv(^_SDpAR0Tp(rmH<+O4U zy@M)NZ7Ua=I-*U|7&4ycBQq$wqjA}#-692HNwwXYExlCHc59?9z0h0}l~9BHm8{op zcGHm5zMA0~!&fKDYZtw$+VR@OIoKYC3vTVAQeW0ClA|wQ47sk9{2{u}l*w@0xm>O^ zykN%Y;R{jndQ36v7fkD)7wpwcK37bgKYZ2swsO&})rX{3A1=V{Qrv3g;vH_~f@3)U2s z-1i2yaPcc{;bPXn4lOa9wff-S9~gLPKg=L)FFsGMPKckmtK*#0!}s^Um>KSEy>R3} za=4>4lesH>j;CdfHj_J+2PbAPf6%RTG~Dg)7d@vVnHhede^+Yw=*Wp=|4)z9ygCeN zaNr1dH387QFqU+At5k}Fq1GA@wasM+-1fr8dH-{X&5UqGY8c3+C3oiseii% zWa#wo#~gvA);gbZlxCC8jVwO4zE6z^qYYQybte;H& z3^_l=XrD3Ia=9-$bpv{+0Db2DF!nVW;FZxGXNA-meSJz0dZAZAbVdWy`28Pm@%t(7 zw?w+4FX9`WllOVXaOJknm0Pgy%BZePbw&2xGMWxfEQ~HR^vB#we!AghSAV7|&%t8! z)PJ{Z*lf!4YRId@`^bwP@~;?O)oc30>&E3Q`1g;!MSs>g{aF}&yUa=k`#PgFW%Moj zv)owHpPiHXQ^J&A+ft0qtISjk?1&KIEDLe<8h>Byk%5=`d1@+L&YkJ~H-0Faxn=aX zdFkzarMCKOGd(q2#$AjqdAGaYn(MP~-T<@z#^20k2JeusD{~}gjPSXm^)mV_)a=a6 zA-C~g-`C;n9&)?t(KCTZpzvQh*L?xrbS3Q{^RfuROhBfBo#F*;sTJ5=b$C&OHKdW$_%7LM&m zb0Mb?>gvoX3rCWGSUBP&hFrlUR=e{(aqT!7-Tnoql9bRZAGOlo>W)1-l@G-{E`{4; zOd%+Ql3k2`7<<@U7)e^Pqd&q!iJfCCIHTuBqmRU)M{^B84R47ELO zc~!cyG^P?la4eeP!}!Gt7wW#~bq^f!z;gne- znB_^qguJk~M2j+X=gC1z`K#d1xdEgQcywd|o54`yo zaTG^AaKHomJ@B{(9`L|U4{Y_ocLk8U3!~$I;L-uIFZ!lY_eEOzAt*k121~uDGxmC zfqOhK>VYjD_>Kqu!2{p)z*-N49=OQ^U+_Sm2R`e8t2}U}2Rb}3-vb}?K!XQrJTS`x zmw4cv9!PrN&E;|0k9y#M2ljj5aSuG;ft?=M>VfZi;GaD3cOJOS1Gjo$l?T2U1B;{W zSD4mF?LQ0k$A2nov&L!vV(`J;r+Dh53KRPEgrZLfF>@s^_b}&e%NaP?Vnu9_$`sEauafNarE`rm0Aw^eZ^?i z6oPL`K5sMyf4&RoM3jj`q`8?uyNb~Qb3=P5H#CGh^x5nhqmW}gv`KWHs~AkCYmYE} z-6F&6MnTLO}JRAF!s2y)s7Qi6YNIE zE*kq0V=psyJ?uKiUS#aO#$I9U8rTKLUSjO0#NJ$3Y3#g9NSCqpi^ZWEV|CO{AaS>` zUJ#1~WMj40?uE4!7FAHW!1zF=7Cp64SMT@SPTz!F9fMSiCXQdI%l!4M$T-;?GW=i| ztXtIN6Ep`}4eIiaITg?>sLLznLO@$UUEZ*W2HFJb@`808(0WjpcALzt0aaQVf9IJL zRN5H#cQD(ov@m_p&JxE|*}cX^zcML(XEfJ~z3jY(Cl5R{$0c$--JIZ_o__Vc^7EZ? z#z`k5#Eka+p}X2&xlu@j%X5FVVAjZi^P0w%&AU2tc*OOhH~p@|?{#<`{9kkU4;(({?=v^O+u{H0 z@LxZcx#>KIZ_^X^NBVE9U6;A(jn@?7rkGOmSmvhZ9pzgw<=2*EZrbB0t7FQqUX;1% z$By!sG39-Knz`v;9Hl3w6fVo$^tX=E8B;Fr%G?w52rO>i(@RoQh>51E)_B&|hpJkm}5jhFqD+FbqM( zhNd$=TJ4;ca&reyWWF?ec&(Q}C26Y;E{M$F=NM!j`cz`1c69LgtD*d^z6#Q?1rQw1 z%xa}9x2B!P%#a2syM_!y?t$ZaO7!zno(gjAO}@-vj*yVAc^k3vQp*>-TqG=8N)PZ! z4<65caW?5lPv(+bR}7p!$#3SCJ&b}6b&T#mhn&hfAv3Fg2rU?kJp_BMUNb4*%<1Lx zp$+0w0&RB!*#ntp3Z<1|C)5Ye6iPl2>P;t9vxNF=oDT_~+Fylw;GHCSbbsX(X){x$ zg`S%#?s{(vID zr~;6g@s;M6*dLruu|M)SX@7+M|FAzeFWVml`!@Cm7BX&A;J&W>a{HsOV*4XcnIUg~ zgiVpphgP;f@Rea}D?Plr^?L7XCE$#~5eXABgCK z*&kq*h|Z|wUo6`nm?UK2$~Xg+5SLJIQzqROub)q8W?Y>+pC@iW3~+fQ5N>nF^;2y2m3x_SCx_p zh&x2&Rw;AX3jcQFXG_Txd<|RRKVtl5_#2JiV*LAzzt{MU@YR(j`X=L#8~-We7vOI; ze!cM@5kI~`hz+O4t1Bfntl29byJ(D9Ln>bYEG4t>o)V8c4)I$WR$z&HaX}u*c9C}uc zdFD!=wQjW2GyE8Xt?&Le`miHO0G4vU=3_;l$+BWY_?cQQ{?sxFkjc&3PX{ua#cyd$2bDh74YtB+p zRu}pe2vZs`m%z-LTJzAhm_x=?`>nl_ah>TkrWPFW*$A^6W?W(VjJevF1(-`=)?2X4 z#I#f6FnVCbRb_=3w&zmyWG%j}o~#sOv)i=+zYiZ)N%}1sEq6j+R&q6DNW{q+GHj@? zA*&7bHDryUzJ{zd)Yp*P4D~f+9cWxb)(f;6vO%ELklO)kN6{B$G!0qE>tL!5+f3+H&)6nYNhnmbIxf>aZ2IlBv;Vr-z+UXY5?d zj9Z=dqGP7N3!~qQneoacvvR*yrYJ@tRt;GkWsUqxRjPuQBgy+IDwP!F?Nlmd%;{As zZOrLaDr?N?RVpXubShOP#&jxGEygq|mA7clRH=f9lPXnXs8^{vL%mAX8|qc6(NM2a zO@?}vY6gu}szsowRI5N!sdhl8Qp#vls)Ns&D%A&NI+f}c9hEBbMWys;`57wpTlH_F zQpc~EYMHh=m0BEC#?GZu>rAEgq3JS-ozYK!)4aqg#T4!%Wy%zlS{VJ%$iGyj)+6be zDz!nBw^OOxjXAwaZ8YZeDz(X&)2q~GF{e|hEn-ZkQd`BCMx{n9nln{uhlrCZHD;(+ zsrwA|Dm8AXSE)w~^(wX3P_I%?fyOGeU!bYf3j$50B0#57%4k&TB|c}WRQ9~-RjNXC zRO$#mP^l`=GgRuC_rHxw{ljOcQ>jg{bE%ZIv1}9YR_d!U(_5*<(Lk9pMWs5UYmNL% zRjLI^&s3>aQC1iFF?4Tj_}Yy*y-IZ$b9$938gqJ;S|sLlDz!w6=~SvqjA>M=+oCyB zrIv~~sZu?LdX?%m)T>mVpQ!oypu+uewqp5z6(n!Ve+NjbimbN2{EiB_&>V8b z^6J4|rv^t(4Nja|e)o@9f;oNj&%bcdfk$yNIFbl<-Td>+@R*QYiMVwyt#j!+@SMV$ zB_$+V7}%0EZpy|t@+&U)l}fvE-Q0|~$DfW_WqVw*o64isGDCI9ZE=>zVl>AXdk$T< zeMPB%jC}yXt0g9fiqYTAwP;K#?R_IKP1AHnKmRYrViPq9Qu1$^c~0y(;@60~CAQwk}8`H`q z7zJg@6!TY3!gak%R!|qeXx@wIEzLsfz5{|?W5Mb+8O?najF}bF zEMY#JI`^epZSZxQeDN`7ngVN2X#bHm-oq{%#KsgmWU576#_6kNSisG$tU=SDI#gFM zZVPBDXpNywpv|ClhSq~Ng4P>a16l{#XlMs$0kjEp&LVc@taaC&BDe&E(hj8s@aIpC zAIjYIurraZ;MW~pQTmoDS!vY~RW(hEs&tCc|C;5ilvFdgXJPc^nDVu%hjGu&X6Pj* z^PTf$#$?)DN=A0%h}`*H#QhViT_P#GtlPuo%AXBK<}&RzPdN?1vKp-wFUknKv^ciY z0d^r7TStYJF;WM|c3Qx$Bx5(iRz|_DcWkEzL+++ql|O7{9BejjfhgNRI=oU~#Vw#3 z=Q|5R!j>8>PdnHQ==OCvZLr<-QUTK3BG$Oqgdw{vb+x;JHQ3HI&Ff4XXbagWRRyX{ zqP5I|>O~o+4Xh7F6|&hv0KxDp}n)h5=Vy%TMzs!GCpKZuu>$f<%H)c)Rv+tKF)7i7XH7+u)Kt(3)ncX2& z#RY7)8Y6r3pOMY?36kD zv;`a6vOG-LvYNNpvI0dqIgjtOH@0ORXs^xXcl>7z*&MF8WFw$cTMQU>sfAK^YOCX` z%UJ0u8?idjdQhjf=qYFosMHpdRq#d(jRfs@8w*xy{L1K0&n;Cq4s2IjSsH588XV?H zIvF?cT0?sHva{{kXiUj94s3JFVP~1Nzl-_F#&fgG|2x~bo&qgKw;0FOE0w+LO}g^2 z2EduWAy?4>t55_9L$Rx_Q?eWZbcW?jJDA0RYCjHaFRN3cvPo=#t!#yDds&?-l}%z3 zY-O_)XBv}O54+yjwwE;)w@WlM1-6O--+4@;6$0w&^r~zQ3(n?caW`oWJMbwRg3opr zuT!enB(e}F$7fqbtM=6XbrzHiORet3s0LswX&MbuR)r`NXckl%1KJGQ;`NIwcR`y# zoqn-a3R(}UgyJ|4syDurFzldjAVYd&ROfb%#CKrTBs@1BNYJubG=Z_Kxl;N)Tv_1c zpVVzaa8v=8kk8GSbDm)kTh}$UR@ad;N4a)xbRgJbpX_dUKss-%!tq6 zMSt>Z__KTe*(1IP?5}KF_sIV9>RSspT$^Vn>cZ%{``u>bh9}vsuy%W}*I!DRnbl8C zsj&MfS0I1z(@wlFrUZ`u?Trhxg}J{_nE0#K!mPrF(k;V$NyA<|sjnaX>rT?N)>VPh zM!N>+K=dzJgtGU3)PKJ+dg&5Nj$PeW>Y_LJ#Ff!wMh!Q**M)-v^z^^VXuYIM5l%!J z&l78l67u0$*S4@;ci)8^SnEf!vkt7SG5N>gpw%zw!-eO3rkrpb7Rnl;64t-L-B3J1 zR{bNWOP7IUpq5SJFX_{otZgQ=+~D8ckwe>E-2BL0Hx)bnbx&qY-a_dT$KO=^ZH~X>tK-+i->UeVkH1a&HgJTM zu&}qdO%~jTE`9vX#a|jw7nI}wNbxt^eYGD?qReV_d7YW$0B}N?jmK%_VN7wGjR&7g zP)SxoZ5Thc7mm^q+|zJ$_O^z{XfuYy(Zwpg@SL5~-Tj4_FG$RGm@)=|nAK%wwPUKw z+2onIGBf9x%V5e-IG^bmDpC@70)}4y>2Qn|7)3E22p1Ka8XlXyt3j6~H#O*Dr!JYi;1s5g z=NP;t*s`kNX?Qh`r_0c);JpT~F6_m`z5=h=@!sG#eiq&v@S35fTx|6&Hr+duBFEKm zb3#NV7r*(i(eCcCJ3z}_nMgAI?n_}02sgDBUTH+$F# z$G4f|5jpme+i1nbFFMtFoj&#?C#G%`UeV~CqmG?Dmjl`kS_e8IUkqJA zn?X++x(u`))V0}kvp{P=lLUt29t@L=O>G1%WwfR41W4MDZg)~7Ye>uF$b*sa8vwn-_ zM^n;pmm0TNnUvQaVI~^=%>K>I+4L4ydS2SnPJr(id=y=9aIl6Ts`sRPbgC?@p z0?>_HuK*a48it~^V2rD@4bNHJ=-(3K-8QMr=XaeeGHCdxv2IRQoK=HUizIWmW}x`HW5bg}bC z^D#^^~f?ubJzLDG(;X-Icvw8N5Md3aS0s{vcY zUC9a}1*}@q;xJv`xP+Tz#YqEmC%uE~ft!N}7?;7Q?m??aaBU6mEu6*WjGO{n&ZLp<5hvtD$=xknm~dabGa0aG#RL{gccsqG(O>xRn{luEqj*0ec3+SD_7X~k&fny?E)3acAiG`z%t`Q*PVg+L z3&xbrbGVa-hwo-!2J=)FU6zKM(EyvoWp>`pW4PHhL&G(yPMvpy10qaWhMmK0dE7NR z1JkNCCOvKwN0uU_v=8Y~9POM@*;{C#!gfuDlqN%DHrC?}FbB9npleKS2SWX1-;~er zHi=^05GvUgVfK&@x;-Lnqcblh-zSYOZE}9qlr`f2b=)W#P#Llbp-J6|*A8|PjQr4) ziE5;xgrjyvHIQ8BBkH(EpvJHlj%pZ5??H^XN1)@LOW~*nk=|}Zssco$^@LyIK5${n z3M<(E%F@>04&Kg$Dl=2^*5|u0sDz@yAB+;2o9+R|8maBU45@{tXbXU9odLBOyxTxE zFiQ(m65Un6A)}@MRc5%=OvkW+ng?EqC{(jyo@ov~EqB zX?k7|?Kp$YCLG;geamL6d=`koZ6q)Qk z^;3zJjaL@1%ECGbJn0u;oz|Ms5u7-~ulz1Q>|IdHtWM}^Gy5up_-^yKSx4_+rj$7< zO6w8gC1*bSC|oHe3>kYE*%A#pdQ6r&6}A2$l(brN^{wpPEx;6sk>08)S4V5JEumO% zF-R6%Gu}_INTALdK2@Wv8CU6ty@i@Nw92&IO~7@)^}x-*dEf$Y3$Qifz3i#(EhM4m zptoZ^vW$c}Fh^+yCdE0jG0g1Fad!wVacx)^-LG~Ds7C#X=)Wp*)v*J?!G+NmXPD~5 zeeZ)&Gcyg>=BZVyaaWAqxm6Ph>RFm{#PbJEtskR?ppQ<((!Lo ze16iiiypYb1HbQq-}XSA2QK%(WgeL6fm94Ej22ilm?A6?vc1BNW_RVliynB&0}p%P z9uJIqV2cO7IHmuLUb1DieY&mQ=D4}8M| zYdmm^2X6Ghau4)+;7>j9M;`cu2iiUGArJhH2j1_2f(PE?fr~tFz6UBiaID^^-vcjt z;3*G0?16hcFzSIV9{7$2{=oy^^uSsVgdVub17Gk!p9encfvY@lr3X4ZFy8|o^gx3L zYCJH@1DAN4CK#2t9C<2fpBeJ`a4>16O(AN)L2+V7>=F=z#_g)OcW)2QKlzJ3Wx} zz?;7jC+DaK4tQX{2Ojsp10LAvfvq0+t_S|f1Apg%+dOcq2UdCDiym0!f$Kc*Cm#5u z2Z|oJ!UMnWf#3E(od+)Wz-1noDZo|b#k2(~d)=M$=KCFWUv$(12RyLf1CIlQbes2; zXu69LeGwWFbpqbf!-(h8^UUefZWU;V8v(-)h93xyFv_Um1q_-ZnjgBZYt(wq*T5&~ z$eWG4#gS7qwT`O&OE}h!rtmuMlcbr#EYAccq-1N{# zJ2}u)YWxt?L$`NNI^Xe^`uc>7gb4; z%Vp-bj}J7ZhsRTlHg2?P=kBD@CX8k&$(qnPKBeT7rR03%&Eq;=-CJw(U##SZ|1%X* zZZ1irTtV5eRb|F~ycYIKg&il!^}ypv5PDwD*8N8?qT(q!sOdrkP2$5-L(cRZ~l- z(fk(VE>6yRBi$yFlB1l@nNV31N_xl4vC)Q&W+il=(X@~imk`}Z(bg7T7mXozS@=2^ zvg^~9r)4ccT_!=RBw(n@fM4bGl&E%CH2gDe*@vhrvl;!XLm4ZR`uVu+kykEW-0R|a z$%v7NK1E$7=@OGP<=owFwDm?)is+(?wzlw;XiOiJrLT8BUce;a$j$6vDIBfdV#`}> z&5pLoXdCsh)Kpuzd5fzM_T><*2FKc4rEF^comg?k%YTe3Mq9=w)Gip4V#26LL{(jq z+U-?{ocq)gbP1VitnV~dPb)F*P%uMx;Bo*XeQC`+%j z*+eZ-t}#g)9c{njFHf~widsz0W|Py(=nHC@-rlhtL-9}t3!&>X1Ogvn@t2YGlXhIRAqwZ z_&~D+tuxwM(U?IZ0gC@N^Q}=2E=}!TGFqgM%xb*ji@dh*P`fWX#;I`%mf+sa?)4DYBIkLn#ib!KG)s}ji9~wDXjVkMCjC;Az*5vNcbavv zve;qXM);KVZOGOz*2XjCFT>+b=u+>86`L9I4GP(&TA-0OZgO_TRfGB!e1%d6Zzp^u zK{N17qJmkG+()3uJEn*&4Gcwbu>?%z!RjX1QZSQygSlUC?p0Y>VIzPE(Uq1(6pu#O zRzL6tB_AB(VWibcKX!|E7}fx4I_cs%Z6jL&MXG@tsW#X;!&FVdRB7SKBDyrqKb^7F&Cr0U4#68Y-hRVQ8kUrR zTixmyF6#|zmGHLQ1+U+*AwG#`n2%_meBpx$&bq>-jGO5lwCK4prd^rL&`S@8xqp2| zaA@>R-QC^AR+b+8BWX1O_W{P6Tfo*EHqHlZuVJqncG9pKsv5jHKKNU2qD#@hMhx3w zn5s1{RmtJWRDosrBu)g6&)iF{R=e5mleI{EsU}|3Mcd_MPatWNE_r{HtKH8-E1Q^W zhSotyO{(lnC`piYt`7&X+pwj4z*IxvslI@zeuJsDgXJX1IyZ>~CbJ9H!Ut@bVJi&V zXxJvho-*tOVaS6_9WxKvbUo{>68%&xItkNs`c7_~KToMN(Q|~q70;xyn~WH2 zTL8L{s3XpI&723%WH!7uWAwDNrAUY?i33%tqJ9opbQ=`;M%Pz{zr(OG@$}#`(@s#A zD&~!DdKYZ1Ve2FZ^U8)jV%QPGCJa-@1AlowiG9dhocRmvK~=0N%IFTNelB>rtmECW zj=vGhoF;}O-mx3|74%RcCDGQp4hfjLCtyqXfOQ!*Y}jhUHW{|ruyMm4F)T9dC1JGs zWP2Ty*y))Q!R}aS?WIuHqBupltIEoab`VYreyYg2)+riQq$;OPr}SFE zn^a>h&rmE`VstGzJyR2>V8Rs*TV&V@!}<+dZ`kdIjTm;HVfzhx!LSL#P8y~`78#`n zh7q)$1m{(Q5jaaN-X05#s0hX@)XdZ1j| zqcg~-_PFqm1c~4iNms?@s-Z0gbG5!y70k^B*GMaJ!Cdu1)4^PI;IhHoeDHEa;XIA9li@s#s#D=SjiS@xygZ+5 z_=j;PNd=LhOsYpGE=};>&}E4UL3;&7K%@_lb}}i1a12WumX)({;8Jd+lq|AeV;g0e zIN_eq;34b-+2IA}@LbICOIh#B1&`}JkJG%ZQ8l=~vXtC1+*YaAA!hK3MsP39lGf=) z4_-Ljd2Voz-VHfjIePe#Qu6WPwi)pY7QCSm3#BKxQ^7NFhzH-rW83!Z_W3+$qGz`+ zApYZ*5pQzz&^v~&ddKMDi;?cR8RwrE?o0z6JZHG`o%&ud+0OEB;0Et z?-@O$NS>W>{u9Fsc(;A@z&XRbNF7};+{V)y7Y%pL8r+dLMak&CMXe_dzNE*lYW}K& z)xoimiSve8@yU->jMT6a1zgpb$lNtDICA>x%=HxFtZNRAplspaEMetp@MvQ8Hh%hF zJtuS5tLzrV%>$#SW`(73xD9(|zZ$&Ou!qo-;lFi3ky6dx6_y?m_tn`?G`J05;SamP zXYUUGZLjF3Wq;ZS(XF!=1T@H-Wsg1&S1qYXRtItL@3%*>V|f8A`j{qa&9U7hKBj*YsX ze___unI}&|{oZOvee!kSmLfmjx!nFUg(gV2i#pdX3p zJE4CkZ*+wiDQWeFE4-&%(s+qH8r-Qe<|VIL;jJS$AWxGGqq7e*XkSPnymg1ss>`(M z@Rl)X4db&THoR>MZ;6B*!2qS8sD)04-+M{El7)s{vtMc072a}0PWHl9w=ao291WQ) zrW=&mE`^J5r(%m!D7s7GN~6CXr%-g4!rP3l5_BoN-Ei@rcPZqZ`mw=Lr4Va0EBtm- z7jpHo-Sg1wd&ze+>pRUN(M?0E?r+!`-qHe2;>JiE)bQ4B@v#C8dq|Kg@_WKtm&(zr zVAA(O_`M!EqE@&Kk`Ew`itug~;j=2jClKfv6~TQb;3zIA21kEdMfkeWUxiLFI{Hsk zgjvERLk>Vc1pec^;l~N@K9@kQ;f)i>drq^$TQ*6sy|c$uMO|*E!*6dEjRY&TTY#se z_SU`P?NOn}+MEw>eM)W^la{r)F1&TW+?5lII1iG*6H4IEl)%Rkh+B?txTO_$2)r8? z+hY1-(EqX5=s$!0Tugsd2^=>1Vd$!ZU%$<8g?HQ~@Vs&Y?^Xi8SM%w(I3AnL)=cKG z8^c@bpefODf^Vr89+3$TG(_RIi}JyWcEi26uAcoG`$50H$Y^y9_sl-(cFvN-C8Alf zUv(8bk5DH_=EF+nb4un>#5#hQ-`;9s?!(2?&`IhuJCw{9j7}1z0gmnzwSut8mV?lx zsNc&PuJ9hmPFMB6n#$aDw`uBem(KMjO(T0>9|-OzrN_e`Z!lV#{i}x?9uL2KJGk3; zs_s>qB5w`{#zfnz?trUq+fm{r;lO?7vo5Z+ntvD=7ftyxhRZRY=%#N?me-F&%JXAS zG`vO~(U#+Mp*iQ(MrvuOic^1u=!=8UMGbuJv}f(VpCPW97R$(XR|(k;B^I(e7Lv^AFsj56RpOAjy`s8o(qO0> zJ<&JmNdtZG8^-0wDRC+im-FchvQ*@q?bDiL4*u<|{ux$8^t-=qX(p9tH zl&mA*_{>q|ej!PB2xkvZ!vrx@Q8m8*0+gV+05RF%K2@_PvF}H4KY%i!P*wU8OA zwc&BmWPGz%fk_>!kd6X=noO*3cnv#O6MV9o>O`)Qcl8ZFainYV0ivLT^|VQHGgsRh z7k!|^P2bi8?b?x91T6&Z+HBbl*b%hXW0WR9WjhCsAOHqxMWf7I1@VUiIsMXSZWwbZ z8~Z?`f~^TY*Gk1r2A^zi_(gC{NAO^<2ZO!`BUV3~#tjpAKPHgo=oxy4Ps$|j0+s+@^3|^BjiFbDP6?Epr$+&ut0k zwa#JaJhwHR*FJ~A^W64uUdNnygKz8j53ab2O2$H%+FEBdGp&EXZx__Ty=MLtbor-VCm=U%uf}ykN zZOO2032;rgK<|uj9zAGFg>7As^5KF;NYx^x!?tcnRpA0XR+1Ab8!l)L7+SO~g^?8{ z7hXk_J)mh0kF-^VH@1dtS~5s+e59>9>}(I)Bwi8`+6cWPY+DxWti3tIj;uqL>^9k$Iz52j2z@tFClCGQiaZ{lOu05vZla8*4NU!D0)oOn~k{O z{nulM_)2%1gF}f!EGZozjJ*5|xe0a_xFlhdh0?50q!&>l!e7z3?l#w5;$fWF2p}JQ z=0g+lnDN%c2=13S_rvCX$T%jvW|xWhHa^!O`LE)*%Q>zv$68>)D5hL7(FW0Nb>-8G zfz;Hidc#x^=cU@br@7+E*Zm1~Fd zrS%Y;X=RL*b`ci+5kk}CJ#;Nkkb@?ZdP(-kv!vpfAh?@CCdb#>`Nbi()JXjG(1zUk z7g!z0blq;{z#`{#y#+39Cpq%0wGrHp=ySwTv_1kw3pHr`7!j)Xv#7ANRCj)$wn}=Y zhFqs77wJ~uhf3A+ko9GP>z6Mr6EAZIB&IC&s>&f=hjX??&TOwdv@TaQ_KIe!@z;(1 zs!ON(IZ5}pbM%^GPYZ*@C*o9$Kt+NptjW7wd)zoD! z(ecS5d&iz5+;L!=&D%zOCS2a^H_CnbsK8pW3fo<#m^$t-{#JdY>?~Ly@)GAl%Bgz^ zD2tfa4%`ad%fuW7M>3L?8=cu8Q?gpAp!hJDD**cm5~fNHY`tMp9x$mAJn1#Vj3gAN z>FN!#^B9h-4nbDI$tp-Yj07eN2sXk8Ou7Ij)dO>is5XQ~i089qpa`Q8PL0CoV9iuZ zo3^JOstN>bllfK&gE=iC0QgR?H1?oB0;k==Ylc%)cy?6<*c$VxA_P-`!gI=jM<`E0 zA-kGGPDPkqA;k2>tDU8RBD)CI!zZzK=Bs`U*UpfFIW1tm-i{j4Jf`tqAP(6jQrJQq zvQ1D{Dk$>aFqJBp${3#00X#z4ZxXc-PBk1E3&LrFBl7{J%fjh4Or{v#8ew$#$i)u6 zOVoA)OJQ`%A%{O18ER4w>k=|MP-F?gWC_968MaR)*2?83$~FD z!ldAD5;#g-R0llCd7gx`-awdsolUCCY(OaziI-8`ZpYJIB|Jk;5u4i@@N`&R$ZXh~ zaMKd$#FIgFfqD#yVX8u@miwjz45%&?EuZ8#8)5qbDxq^iCa%NR4)8imQJ} z3C;cS*d;6XhcX-PcPFywTm^^OxzH559iz0WgIAr)bAs`Bxp`~`Vo;Vf2+$l0pxK(5 z;6xm%U*Ek~Yo#PF$04$w*rkr6^WOTvHk3P|HPu%#8y-Dx^wg!5bp>)EJ@6ciQ*;eU z{9Yb-H+Qx$`M8sk&2Y%LwCs>l3=TSX=de|R7uj`es~Umw&dJHzN2gg4M5+|I(rcN% zyPR=s1{f#PN{tVd8b7a-YJM&5C@D_jBU{c#J8gFk1;c4OEyfk%BPNqQSRhnK^T^nef87HI<2= zttOmXS2;HswAF=k>nrD`g0}i_Ze!)#bkNoq&TXn>$*-*`oZDPEHy5-uhjUvh=T-%6 zE#chO%DL4+TWdJCy>f0oXloDWc2v$S1Z^F3I7=K_CyMBK#nV{~FAUp~rRJHaVNGyj z4c*XEb(7PatLkd+2^j4!Si%8GjaS=JrJNe=ygR0n4m#_@1zllV+NjlznhH7@cXWqs zS)@Q?=G5kb z*6_x@uq|IoYb4TwEDPGhPMY2D&*?y30xes6G-&T&$Q<-(i8~qeE#i|7`j+rX1$|w7 zazS4=mZ&OdUmEoE1WS5@6@5W*8Re(Um?NF82N^Mhkdk0K49f?7DX=lassrZpI0uqEO*v{7 z$F>hUYvi2B*XQD4h$2)2K;Z4pz4~D}7tB&4_c*eamM!!(Mpmmp*+Z^zu5UN8nuoAW zb7V^$+0{YY4pVA;kL!`yUfC+tq>E%|T%p}6sW8dTINOxUbt=k(^5p`y0XA=*nacZ3FO`@?4n$LBJu3mMwbF3Z# zp{ajBH(0{fA#6R3(cWWq8eeGi-YBJTX{jSQw&%^d=0iqVDObI; z1)|!fETq^V>LOj)^^onZ&bv@Hnkeh}kaOK`1d+x0Q$}~)s0j%b4;!#_+I47qERj;J zv~6qdv)FqTk1y?E(b!AP=enIre-q^w-^yVp_i?Jdwd9gTxJe(|@_EuI6Z#w@BeXSj z2`;+`jVt7isQb&{fZ+hdenm?IR8C$8?ybwdf`m22VXAjXo~Yiqn3a;qX!}K5Miyu< z`H&?7`0k?5RYdSG~3qAUB5mG zNj1ZEzu|6+d^1}@>FLlx2XQp(TByBl;OvIhNGO%0Of4YU0-X0!RxGo)C=-PFOv?U zYB7{74!~r1XrX)P2>0^sY%=2TfS)QT7qZd9Z|2%2!27Qhgg#M zY9ugXDdI~;5sDNAOlkur>D9I|y#OWE?PFN!fd7~SkfJuwN_VWQ#?EJWPw048u|EyZ@%|;<5tJm{ z#yF4F!Cs_JNVHtss}Wp?CZvuO}JlvbOr0$XZWk5azQ_F>w^6Ljm^>7+F! zwg=UPnJ40ib(N6pWL2ESh~%SnyZN{v8jl@_mQtUVAgdI?MjL09w-VPuBw$>--GZrd zW>$q*zF2S6Pp6B1G!8gRU`z0at}arTL$-T(ooxagvJn@XoQ=1Z50d0j&q6{MF=b~? z#Id{))DG271N_CK>e@!=@Pwfe@&R*oFz1v)VG!7jJdV0mSu&ZBV4^+_(?k zX2Z4^Zz~^{U0pMe1t(loNU?-#LE^**51+lsZlc_=-$%zjO;TDc2@<9DO?Fi(*Q|4Y zLY@1hW1nOSJKkx>^u1Q)n7r3cJ0|?yPCFVtx6zL2{_5a!`QVdmvKv9Xvu1#8eWINV zxa$wu9@BR2=>7|}drYH0mgsL}X}pbZ=lP@0y=!#;J4b(Z?)kgV*9Ba1{7x7b;wUrv zvx`QbyP%Z3>HLWxS%8{@i~G#zbLXAE4fvAL{qJ^RHiJ|V5N_T*`rNsWRt@bvqx;j) zF4N{Pd8i)UpL5J6kY5?ye*w(*mXd2!i!*m!HDmPoOQ57jpSu`A^O?J@f5+&H?|?FE z@VPIIK6eqsmP9;uLMk(>6pkeO9|qxgp)}2P|+Pu^)|V+5sD_ zfw=3;&iZF{f%s}JQ;i}6?{4!d^p>1H$IboH)!T7qnQn_&IqowYh6yVPyEB$ z>sd`s@j4>Etpw1LIGPxp!w$HQRr92)s$o2?ceye)BQZXQhBh9-J`gO=2OlmB?r1l? z{lCAS)@$o&pZvePo_1yQhuq&d$a>m`Yjh5_7|o0E1uIHdu3$Z_7}XnPaCdQVXOU|G zPFxwi*GQ}s&ERiA)&?KVHrQzK>uU>axH?u|So2G5EQ&EsUV?V~pRBL7sdwd;**X{n zjEF#uT~TlU5h{ z&EZ@Y!Eg8jR>otOeV{F(X|>$Z?AG=$6=-$6JJOceK)+c0J@Gia~y!T8C6&6s)LDx#=()ghL?Xpd!oxTYtFN8mXGk1zFda+^8<1| zc^g0D{oToen5aw=hiSoBsdVCjFj<(n9eb8cJP08*b2Rt~w=s^|jd8p1T zmZU0ZUK6~cvp&xx-45eS(6uH%dO)`=rAA-TeuQeh6OXwY9MR6L`oV34;aC)Ik` zHhUOq$~%rN-PpzWBIi}7r7-icV@vO-PVAm3uk;cJ-#jOn$PE1ysS!|D_PDUG5VH!W z6A7}_LTe|qB`&lpYFsc?AW5Q0mIGT!_cJr}4dt*8NaIHZ^!j8#tpv2l0;+QX<)#ZL zxolB65G~UvkRy|Uv=B(q0;zX_WTy+{+|12712L&VYm~PxXO$=#k*8}P0L@<(=%w$Q<+-=z1P0&`_j?cMkk^06YurQwSEgxAOe>Sl5! zYb&{`VSCNsizko$gu*4h;NHRK**SOpL#6aAC^=aLCRj8>1C_l;gQU) zv3an^`D4>$@4n2gz2Ju*YWR7>leW|3@C$r@F72co>ZBjBK5(7w$~&uG%iP#n#U_+L zA*j=ASb2Q{dh4A;@aBVZQMEslo5<`M5sNK;Z;p$-d4*V)O-x~lu(|K*%p>f@yfJy% z)Bqv=Oup`HlB24#ecf4)19m6en5;U>*RjFv*}+{WfA5XV&FyUP#~B-W`*ytou0Zq!4XaFb(QbWMH$eM+%ffO3Z=$un7kvnH`v3iN~&kU;o#9@g@3Ij z9+oLm;n3E8sK=IW?xrUqJx;V>Xq0v^I@Jlxgmk!SibJSMFx>}8bF4HW6tFbLraWK(jFiiy0?t<}-np|k9 za%c|^o<48+JDk1w$$=O3+O>Dda4Qb*g~m9qVx) z&-PNEu4F${k+AYeSIy%4XSDBRw}5=`aPaDs0CFsTZI|V)3O@Kg7vwzIcZxNC>@yr1 z4jvz^V_f{k%m+mx$m(N%TnHXZ?7f(o_T!li2a*FXI&Z8$ZA%6etAe^V8HZIEJ?z4Q zT7B$KQiS&~%|_z>nQu-8R}(y5iTyklJe}F_iVyC@8NsFE;A%z>nP`7Z=RA0nz!R^| z{0X|lw3_saP8HXh6??TLQvzLrFlp9G?(kzE#oSS zzaD`{JCzPAE9bWatAvL0la=#ZgH<~moT{AP9;_O3aJq7SN3iNX2WKni7lTy_I-H-Y zoWCeorOCH&epTiCCBdq_4z8}8-xaKS%E9@{`Q5>){SGcv&R-g=dcnapmGgUoRgr`1 zD(CkGt29X(&abbW-xsVp;^4;0`OAV;uRFM@a{h{7)r5naE9b8aR-FVcp(LLuMjzqb zCNfnjLqkx79bYoXZW5-4Od9~BYmQB!5A32V@SErA2d8n>eHEjU7{!$~dFAlKW+u#Y z6Q$e?wFRm=dD?u?1=l*z?6afYy5XIhcq*O}*fa1`RcD&6eYAu(a#)V)j|Z*rWs#;I zagkw&kBc2GO2vKE1f$;*2t+4guW9oGvO~0=H@t7eg|3dnzT4P+$^ov=KU__8dSr(A zMJ#sf9M%j5wkbuiMPZ_&ngfamK8Fh)2X;G_4jE=NMN!Q#oKDLeHn$9n#`(}3TWsbW zsuL3~1D0w-ArXxd4r}mn+QyVN=W2{VstBYTexn71{CAs6noiC{^p4T}k<_&LpWh>? zZJ1LaTV$=%B|A=EG9@oY|H^b3)oJih|3aC~h0*6|dni~0dJlgeRX#sS!v9v834Awj zD5ZwEFc0A&2wz=qg!%OlMj#Asa<2QHm+brJ3`&uK9-8yj{m$i$|16cK;ErCI*)_fZ zU_X748=svMO5HNMwpa2;GOqvI5$EpuA4v7+3%yCS|4UVYr2c~J(h-aIk5ga+qsaXs zqNi7;CxKj%-S~9k=)krK$GCBqX-n{+tlcqU`}v&js$vl0cU36}jUCCS9_12L)uVF$ zA5|KT$Yn z8sj~%`=G56Cj<5<8W+$WSR=SN*HU!-c^{fh*Xg>dlg5)dV7=;!EuG5_*`kb9nz@tq>x^QvyC4)K_cSf&&Op>H&h?0w=&l(+>i#`8z z8+V*9j5b^2w6LdT@4Id^el=)6Q#WbmHSK z&Bw-PPxy3CX6V%XtY9Rj%(UHEJ^e(?3n!h?_do5T={bW;mJxCQC|A0r z-=OT4ivSK)O-6tvV4v#EcV~uX=^D?8i*TP@c5%oI<2|&o|3Z~PJ5n+XBd6h|8ctKD zhkn=h_Xj5unZFqsJe|y}9nFts?i$4>HT9K%zcsLr|&td0_2S+bb#XL9My48^n5B@AsO0IC6!Ze&Mj`KUy za3&n5ec<>H3H~oG(Q)TV~nw{h7?-7c#XQ zT>Gu>2>GS&rue%){z|z-?|0v&g}zMf(n7a>iu!5MPrZKfr6s42jsJTEFW~4|mD(ZJ z?eS`$ItMX$L;)FfKOo~$PDC7jh`%Q@i(k&vZglH@8m`8u^*Iioo-9j^UnNsFp#~iF z;Re}Ky8xQA78utrdE^E)Pa7}E zmz^GZ1MX(G-@tL|%bXiF#{$Pr@(AUew3MA3`U#%bx!swLQ=H`Jtmei`x+e+uJ3?QX zaD(rg=^zQ#O?l>=^iMij7x&lVc$CA=$(pH7tbZ0e5#pSzpLD|cfE(1;*z5|946!7; zQmnD0!+n^)DM{Hh>EFr&e=iPhKRq~-7}z#~Aeo#0kbV=QuVnS4W}{om&eXDGm#Jln zp1^#0f2p@n#2I@n_+`PGUz=IX)L5#eQcfGeof3hsR}A1zzrZ)exDy(D1e}0O&54XI z0l(Zz#xLnTtU)&|%JsAyeIvMhl6Lg)z4&kr597oH!Xphm9udntp5Yc=>{fiHHTku* z_Gz8NcFxxo`kj3EC^{cX-n2eo$3EnQuFQHqMQ2z+v?y4Ne%&nav1g{FhhF3+m} zqw6{R+xL(nV2u&~P)Xn+PJp7EM!@|@**(sbpJzBT0?x*#IvY9LSxlhd%$coK6WKVC z#V;mce=)=KfYX_qzeUgV=F^#*zs8pqgtmKSVd-M)p4~LhnSDoIOuMi+YPrHu7UMU& zkd~`DIu*I5FH>{w5n2m1^O@R~deHr#fT-TN;|69)|G6W;NW$f>lSVsp^A*H?;9=Ud z9?4IHg<`bhkL?EXCh}R!$MheK;@dF)zSd-aK+4Eu!@Z?Xw3N^Vccn}7!svtVk<>}T z=~w7*K0(voYLZhKEBX6q3*8us3jJ#Vov+FFk5c$CtteVvwC*ykTeN!7`pUGvQk#of zy@KbNCZT~Je5JoMI6}ml3~h`Au`c|mF4RcbgWPT?SH6V4 zCY;}mleGEUZ~itYJ`J`0Y-uSugSg_}>^ip*1u+-)ASQjrQ}zg^I=Mu*#k}RikFIcu zn-H08a{A0)S!&ihcj|4UPffK!f^9akavg4M7F|gXSr+qs`)&O8NV$*g#&3K57;449F6aMoI^Ae*Ix(TH@GR== zD{+UL3rZO35!8E+*kJ8oX4gUWiV6PnkE&P9F@J1m4;i{t-7^c(&5gh)^AnsIKeYqKlCtzuMrhC%A##<=00bU$Q6?r34P)v@ zXErj^`9^K8XV7Rpd~&l{_x>-8s;gY>pbS+H!hVW_SXC8FL8XJL4Q?b>=Exd~qdF0; zpXx`5II0<;S*wqY{;3p>KcN86JytoM*(g zbZepCh0VYq)fpX`>w+UNb-l3}|J^(;Ci0{O+PQFH@N~30cDT;Pu#geJ&0M;JbwTD9 z#YuQcY|9NX)$B+SQ9f;yYg-mapYL)O70(kdS%Ni0S{Qw#RZ?hpvft>P5Z`D1GBun( z%ha-aKoH$e+6X}{nHt*8Of8Ecnc8HbGkA^Es{lHYNMlayA9E5&xRCrzBI3f%Xpd3C z52tpuG*w)iaGBrrJ1!3vM<4io0m(vts;%kT7V^aDNwoD-)(*5RjPCRxO2Am|?>)LW z`nrLxl;xB7iqTC*JgdDhO(6TDKQaCp(|avb^{0U?zUrUOMpK#Yo6r!)W($&HSn^RU6 zmT(#R=;>LM;HM8+(F{sYU}qQhsLiB3{E*A1U@yHqy8-Dp@n;hl$@ZSLSJ9 zbZd;VbeYFChzg2TyzgPPE*$E@a zgid&&hR`7V_+qzf#hph`{}9>XALT*r7szQgq#7K+K|4;rrl2#qE;gY5@aj6&7C%&e znBSpbu7EPQzM!5w0B{gnNyeRSln20}bRq$8oLCIO8gQpHnoOkaNpLM^!cqR2 zW|Z77MS{S?az!GcEgGKy(5BmzW+w=+ma2BQ` z`1b|;l1;qt00BZyUA_QpI{YbAU9T!Qiwyi``4^u68TZA2PfeV;z-vIu!$oywRvh0z z?o;H%eKng9NQFG~AP<>!qkeGj*78SpR0|i14c{U65pfScQ*e=jy_p4<$!kpUW^+ilw4k7^&}d8p+QmQ%4MZye+8dz99i{k` z6>Es9+^OrknLoO}=P?+P+H%t=@(~3Y?jh!#dIP%Nc8#jM1!qpX0;u|WP_IKCsaCx% zjhz}a*psoaZTsgB5x5+mTwRS%mOd+6%q0)!wRk5M@(>FJe#RetoiGbTp7nyvt-822 zfXssLOMp^L2*tA+QhY*oSqtW4gx@B~DMWvPNkf)b0q)8WOz!&yCX+$)a$wSW<}!%ulY;@J3Dn&y(IM|r%&sU!G{c}xEDW=f3ZF3;Z#RYh=g;x z!H{9tCZU(mrA*F^zeUZFw@l}?=TS0QqSUrC6`O{zOblUhdsP54%!U1&&*}M-wF~Rf z9_Ye!{M(7xV9VEB3fjtttS%C-SgsSMSK67r;<_`>l47pcvZ)amIQp75kwetC*uw({ zVG!PkHL-G|uV(}bc-!dv49_3&8Ea(I4=UIoYl$?}>47skp}{ijZE&(shqjWwg^zf! z>uIZ5sy~8F?-I>R>sb1%oD)Pk4a|)I(`V2m| zwosJGp5w|4d@aD2+ijh%Uua}1xzc2(p{5s-tlcj8D#J;$XvxBUX*5{@WoZ|){lUhE z$Ow7M5W4ezdtjUXFW3a^S-R?Fqwi(R? zc|9xBZD_-*Z2#qGkjZGjC;%Is8Tne2uof$2C}H~10creA2zbtXl~IGW@LMs;p?XHi z3Zw5uEJMBs#7!9>tR(`&&X{Nb^a0*5SlSbNjt@v?_#8o}$<80PL?PkSHM7LTGn$;fpZxcUZfE9rl zR+5_DV_++^_AzY+-BMTRQrp~8(a-$kMjJ(Kl|*z;00j?N@rM9lTz2;Y)kjok&w@ma zR!JZWqJNB(5mAToc!{+~*Y+&WMUQxqR&H(I{xYw=fWGSqSqzAynJXLAAK#X_Qv*~j z0vnF`&4;i4m%7FZrme1gzG-2?fd{r5ES-@;P0(+<}6SDluHl%=IbA}!a~YyDCi%p^Z$hWge?xHegJ%$z!x}h zK5)KWxE3qdFg$oo!QLhj>hI1PH+}XcSKS~Gt>x48Ia)w25tDm=WPzyfbl7>$p{_xP z)hl2M0Qjo#Q+3WSfPuJj3$k)52Mfb!$ro5D#JJHdMC{p`O;MXzpzB+J@E|K~$hQ&s z;PQa9?o)Y7TEMzhW)_m~9wEDre48b~&Szukr8#X4_EDH5+c~yqy1I+&8P`5@pt0;6 z1tM;=A3MJ@3*W0^l5FP)I62T>$Pw1Bdx}89Q+5ubK!ffAwpx#6ua;xp25dnC!h9{Qe$Fw|cj&Z?282N5|R`n zyRXjYjuUy1$zVLHev$`aFM@xdA=buRKu7lTCO<2Oir1x1D=o*Cv@)wAHPc(#;>9!W zW%Q<PO|J7nfTC=^2~OgA5T{W}^bObm-7~wje`^JtB<49XdIVIU6W*^59UTr06`j3{zv`LmNYr zE6VkzT!ZH?^4DwFAF(+hw^(zO#2B4b4s^V8#hvt7A0SHl%TnnZShpzAP_A2Cz1r@X z=xXj>m=a8y`N9rwl;Hd-7B3J1Mx2WPB+%NRUv{Hk!hKzUA9@P(j<6_mq$UaC-Rnu* z*X(IvPyNHux~DR8Tm?r<*K~Rg4wuk%8^9kw*CC4u_$GEe%J)WaB%`+cE3Pb{vaA!9 z7ZyY!-^z-@f(s)f7g(FSo)Dj;xe9*F7dqaK1*O*Wh5366-aI^jnitTLWXqe>$!`h& zHWwmERD6A$mGgsCH!6!L@K$kud|lT^Y9ZD7lY|&-+&dah8+Y6)SCTE15ywL={Y>M_ zH2bC2UI)5W23DrjA_e78D7Hko=2wST)PK!Np$Y1(x}au{gt427bE0fet44_^oz)zM z45I1@4g9a=yR;>MTZMLvKUie^R8>E&gY#n15C7ruWjyk~icL?WDh1Dv$DhoRh~F9y zzl(2O$kCJJa!+#SF-99F70I3QaiLk|xQuG^?$iW7mQZko*C=f3vevE7^n4KTyqf|D zr@epLo^2hPdCK0800aOM4<(mxu`r)s%zVbPYph-Cai3&z^Lfb+YH^gZcl`&}SJpfD z5XA@~bHvxU9S7(LmE8J`35Kn%(oa#5M-NsG#AeC!U-*&~m#c_%+24UYt`>R+V_Zw|jAB?n} zUB%xl?7fF2y}x_gTNT;GI4ZPjtr56z*JfjA+qa~OFSdWnFYhpAixKeeVnT zsY~$4|KyP5^DTJF9P!h|#={!|J)g<}92`$f?sD{LS1~jp2z`PQK%W@U^QVHNdOpBc za@S+GV8F8h3gE{fhCTG@16!YZw}1fj2}snZo$EiPY8u#Nh|{;r*T0X$ly6XeCF=nfi47KJ-a4X?@y=jQ?wWI@Ry$lW)KON}ouT`m~w9 z`TDfQPAFj3|5BeMJM>AiL!a`=QJ?%8dM6$r__ewkOJ&AA}oM#;qhPELc+3c z21M_?H78eiXjLseK zV~j9xl=YCz;U>%x2BV{1i((3?A?h&Adb11P$%8b&$<{YXihI1Kf#(LWa9h|FAs|f+ z*1J*lnCt}eV{qIInA9FQBH#q#8Lh`VXC-~In?HPjuKi3qH+TnIQEo*kiK=gV{*Rfk zc8~#-4hGK1F@WNlP{sSfW2WstgYjO`0z}c}mJ^!32f{oE+=N_n3?>+y$adKFW6BNnDc*3?NU;z-a@ao|%3xMpw!oR;bpfP5Ko*Yq{#a;`;JY*iiX;nPx(4MQK*)k&SK`^oW?( zd@`iVTeBYrA&cv2x7N_!S~%Pl<31KMs;1~Nv9GA>;#zDu;enQ5gE~xC4&eQ|L9q*A zml*h4^Q^Go`D9@~$EJoR*^jhLLqTvFcLM%dzcTLvMgM&Lr~&{5+*QH4|NM7& zNKY+7duCr8eWIZb zM;rAk_L6nUzAmuTD*EWV*NgcZqKNeM*X`&EUVy8a3Io=gaTSrdrdN0+;||Y%1Uuh&807-G3-w^()5hJt*e(<>8+2I(;U{S{+r> zq=$HsrTsusX#19}-rkKVMR5Lg%+PZ-R22E(gZFG65?*aASq*Itb=7zm_EWXH+PqZE zD17HIR~Mk+M?EbqEU`Yw%NQ{lyUh^l)6Z~Eptkf;Fi9RCFh*bxkk8tgLWvM;NKILn z&1MD^y^Rxq|7qcOFZ;hK{4vy#^6mEs+wFHCe3gQ*Q*A4#GpU0_`-Zl68;hnPX^+1kqD0Hn<@`6sFl(?GL8WEi;|KT+keG3_0?6pc|T$A12DA$8UN*Z1@PifRX) zmyrd(2V%Jjn_{PP*Zz&;Yw_f6-6tSQ)O&Q6@nMa72FO<_)a=t3`N&=`%n z6DKrRgBlLvZoWx?02MV?u@J2HBn7l>;}O}oS`0$4m)7>Fm-bfRQfmCnnTn& zdw_l3LV45xna4^I!ychG!ef;SQU@ zTV&O`?U;d%4wb8UCPY@DMM;r;JYT9vk^LAbol}Y-wOUGTE~PeS0fwh1P(26^=U#A$ z#FHf=IAh5!#y+yGk!)*N)gmio$b$U3pm}JUxLTTP$!|a;+ZxKYLVfPdf&W3;GcjeX zYfwj)iujsmBCftDS9Q8Tn8q`<2237XX;7!?TG;Pu^GVK7%J_JL)rEH>im^WMXZGGku6eZ?K1d#2RTzuuL*hwd_RF@a8ev1h~!UX{-;oaC^b% znw;^u+1il zg4e^{`6IUVShE56?Lx&{$tFaigOA7PZ z3J_I)IYFd>ccHC*uivqLq#rQdhT4ZKvYF$X)S~M}uQG;H*K>5?6|fF7b(-a#qBmsy zO1}Tbcy9@`&o8&*U0zvP1&`R#{U=YN3rD!w;sivtMRKd^G#*huA4V#l-27yp-(#sb{YBVvU1+ z_#M0&OZtr^>#dif+16r3r`CGYR{U;}G8GBLJ{Lo+UsRrC6 zfu_zYTf78!eL4BrG|Yav{#t?)${3_-@er0h8AeHgQNk5j>^mhOfX;?FG1VK5TG3sx z33pwts(3YX_)iyi6c08Y-sMa7Z14HPm+bZ=w^t?3Pwp5p=i}r~W6pc2#BFk_tD@U@ zV9WZCxAugMF@2bn`<@1|0%OcqSmg2T-;dtt-~VgWC)rbsWyj2)oaVIezvZ2CC8-HD z)=RuXYfRX)QSZA-HCADj2iFJT-rO3!q@J2kiI4jL^oG@HU*!WQZcN14cV+J_Zmh(% zn1iN43H3%I-dgDFPSrb7dBV6cBAX3T6N>dVFy0c4JBMK*jntTs-kiXF%K9QRE@KIK zxlGzY3*^xBU2I%Ewb8Ku!Y1ak`h*W%-VI)Br|fUAuK}Ha{qx*yuwA2j-mKWPum{~^ zOLBeIdN+4hSkErpm5DXjh5b(AMqGkyUs2byz1XuJw~;UGmBh8UBobd>vM&hh*@?Xj zSZ&)+(q7HV4dJ@JJ-dqwgArbNJ^{PaB>j!7g(~9qx;MPI7G1W5^z10cP3T^JVQC5u z{R-N;tThI_;*w;q-v5A7cv})LoxTAV2RUW62CcRDl#hLT8tRF=r~SM)eL~1C5S7JU z%WHXQzHFpmX;4a(wjZqUmLy6-F+E$aJZ2&q=~FCWl})-fC6x>y2FJvp`3zitc2ilQrkk2IR#X*2CY@BftD9) zz#I8(VL^X;vZz4~ZoJkt*pS8dw(JZ2#?)9lH6h%4J*L33RxZ5mbyBe)UO2^z8>-Rd z>u_QAo9;z$-il3y6MVq-tb?W)_rGL|9hY1)kAGizaJP0L&T{P|53a;6oD$quo*?st z_LV18(Oo#D7}sBmI_7lHngUZ(Ux6!8P2O-VaBz&brPvu6e2FvpNCuGLVbBqe3jLvYj<1RyLX_og$(0A^vhK*XJki!R*&qM zBDf>F%t@`yQT01<6kM&dKFim+oWGm=tfg~IaO+xQNjLoEKt&c_GNvimc|(6-72dGq zC%&_nznLrS`-J<@sD6B&PLFfQliY3?qt_rjZ~1RZ_I(Hkz>7^H#ZU(OtdiFw*Wti8 zo$YUL!3dq)1P8Te$1u1TC>jI;xTUxzg1Ij2a&r4o7CzJqWuEh^WOn47Mc5YNTgEAd zQO7WOqyJd{S;mqb6`L@EJg{s1ClA2|d3PD>XpGrmEr;vj-GAf$C>pX!?@-4eG?q?KO`9Hy0kF4vv5u|L#^|@aJ`?Fwv1o9Jh;?Ad(xgw z^p;L??b$?M=_J>lP4t&ea_!l~Ko!rP~#p|2_jE;A9;`=VjsU47Z{KS8A@~p zYn)>sbvejmpMJE)`3B^%#^ubTku#6^~AjYPcG~~T-fb4j5kR@;&0p~{G!O~bpoQYek9e$)iZVy?qjfXH>f5XsYy+6VWVAG zwF^7dg&pt0j&fl`UDyy8_T3+aeF*+*{RH8rUD&%W>~$CRk_+o`VNcmG5oug)ztiFF zZWsAB7rE1gEpTD8UD#DF>?bblViz{ih1I#Rvs_rY3p>Gu6}zxQT$s;=?S4Sm2h-o^ zCkWzG7q;1jz2U-Mc45n1*iskvhzq;lh5gQjEp}lyyRhqB*i08@y0ED(Y_bdcfeWj3 zVQ1PfYCqI#&hMQDINC)na*_9UVcGkg*8i7&f*>+3>^&E@!G-UVa3)^*{BZDvX z6J+p-3;Tx)TkpbFxv&>p*poI4J)jQW!Peh84REJUc>b4+nPC0{>Xw`9M*WoR8`S!V zwp7{%JmqGeV$-F0sKZU=>Q0>md)1(7ZQ92Q?KYT3F^(f#`ojj$r(x7Ynp`4?NB%+h zM**-#=jsH8)XU-M=*#yx4zY)p5D<_`hz;Ad|l`AR6YH#X{ma8 zUYDfm>2u+eJM^|Dr|RivMN{?kur5s1(}Su{)pIgfm#QzrPi?Bc96vRw+DbTwWKk`J?TbqLAp052Ycxb#+64KIE?GBA!ueva~4{TK!I=NqmQ>kd{9L~6BkZlw+>9nvn@_7UO&@Cz6i=mAmy-^q9v2^UKO<|KgkV?Hu;J%Ez|T!ruTNf?Ho zFPtkxqBar49W)WIU|(osBQ(<^ANTVK_Ek1EA{!dJM6gX88(|cUT`bu3HnvoR71TAU zv#}*m!f?<47{=&%hn4~AJ z%)FTT#Un2?{`|$Rid75y?|$-^M*|C=J^jRZ^zS$rwqfWROD+55^0~)tdk<2<0tGbx|L)sMUyv`6Fng zxtc3KMBw6nGu}FL0PcYH@q(~=I(^*g>$klx?JQw3im@E+{HCU|X<^@=Th5vZ;>M%@ z0Dm7_eV(^4yIhHYq%_hNXsU1MdW4B^sVn0|Uqj#}L)U_9XgQf62HFc4@T`f!yYnM9 zh6Lbw= zeaW2%8|`0XZ40OTJJ=cYXJKJgcq`Fj_6x*$?8}BO#C*`cMhIfSZ)12&BlrP*LO+J^$S#a*yvRbj@WYXA4e=71`4ABeGV7wHt>*3a|AdDqA|& zn|!Chn&-8);j+2HnLfl>adI>HZh8;@Tg#5qpE3)px;!3zpr(8dc1 zUP$mlHeRvd6$@UmjTaWYu;7JlJcip#=SBoCV&jzvUWwq9*mz}vS0;F6HXgrXTiQ}C zc;z-8qtG}GDtMLbWY(7BzplIZFCI^7loxuzk0362)!Mf36ZTN_?Rnm!7_`5e;T}NQ z*E}1ndA_1i&`$@KeUrHUq8NIugS+_5Hy$BwplB47+rhnH)5I0T4Hm_q&<-y98gWBK zqtI1|i_S5sxF`nICJv8&hKoj_*EngBq8NIalU7nR3U;Kkwal7PR&*`c)2Zdwyz-)%mEgUwr4m=Cp$)AWmDu&E`wPFi zfqsC_G9Z9l%l?o+e_&Vtvbjo4U<3^z=fPMf#Nyq$?0)`d9-NGrJHm|HhZRnwZY=D% z=A2vJPI7q!LAb)PJ|x@7G=w>1F4-*XS#-{?-pL_ziN;2rzG_4)ha3cQvd06=g*{6m zkDpBjH2n~e_B;ITGm>1@(bXt+k!>7)j!BcXF(P|nl>39~D3m(k#G(XSq5B4k6ceP}b zy9=MgmeB&^{C{?}B6N6U`{#*rW6AlRp3T1fdz0UJ@a+cVw2r9mn|TawJ6Ll5pq|YE zrVKLLUxIVvq|W+*v83j-uBo2t-dX2hf%r6`z(v$x*VI7(mJleJZD1jQMFbZ1Y!1nC zD*}Js%piQ;ZJxIxTirKnlCh-tw61GB)i3hVCfO?_uNed&LZ~)L8(0V+wlUZw1qhPX z4}GZpVVS8I5asc}Oane!$j7`|8_8c$4o)$7HJ|SmlUMUA-C_jDV&-8h8%X{rS8F`( zUF$I}xx89K=6lsTfLagFTuFHd<(YpZ1BBWP;PLxq02=arG7!o!Ae1!&gxU)9%r4KGd-ufJ+8lN?4Yw@eP}Lb6%&S2d-72TYkaV>xYTE%w+I^w(Abh98-OrWfKFR=q0OyAqL%D%2kr zQSQ_e^O>4Xm$wuFl2*MtC(iwgF2#vI%9<$ z(ZbG{wxlX~WBYeR_wS4y&=EbLGj?D{^uW%T zza#4Jj2+YwJ*YEwa7Xmu&X~~=H9BK~jwt94?T8NTj2+SuJ)|>M)DbP}j0HQQ!OqyB z9nnKOV~2G_59^E_-Vr^#GZyNIhB{+MbVQHnj2+n#J+d=)R7dov&RB6rw74^NbVu~) z&e$;>(PKJe!#bkFI%DCEXt*;rydyfiGj?o8^w`eWaUId)I%AQJXrwcCd`I;7&e#bZ z(GxmjCw4?n?2MIkL`ynjBRZlZI%6kwL{I9Bm3Bl+J7Z-X(X!6i$sN&?J7cGGL{I6A zo!SvSwKG=U5iReGRdhrvI%B7GL{ICCo!${Wy)#zX5v}ZuozW3Jqce79NA%3j3r2R- zkIc<4v_A6dj+K~$Riz58{^Tc~ZSQh(hB(;Etw!ALpXXy^XM_0IeO9ZtsKN2E0Tmw` zyOw-Kqa7a`Q1P*W>$l!1YH+;lT?;=DFMB=ae#O?5K+#yo(?*JT+A=G&rUZ-P^tLU4 z#nom8e5-z~H6>IOm&xf)#DxM@Bfd$$wkS@o8+Vd0ywn&L2)t7b@mY-#fzbOF9Iw>~ zM`L5r)H3TU!gg6x%8Vsjie}OW_w2S>G0=7wolhTCwg{c)!CpjhRK1bZ1e}M$x^IsM zn~HEm$ar|A#~S11b~J(cptHr;&@;@M;7^SS;4P$4^hZ%2UWa@^I`YQDtNGDmovo3d zNR%KB2$D3Hu22eTM~sKx^cW9+4QL4~`Y?`GwU%R|Yuu09$tP4MSA?b4f=^R?q;)a@4Nc$;$4gZ#?^`+$%FMG_T$@+{c-h( z{fGbo_D|~<=D!4PIA;8^irRH?88@<)HL1t$A`RJ>Sq+3HHEE>~g+JMV;0tcJ2j?Z( z7VZKGHmRXcF*VTMEly{u3=8B#kS*Q>YCMNn&VOnb%w2K?Hs_$++k4X=q2?8v(p&HY zS%p)ccvE96yO_pRXc=wvW9_8I?2LM*GDH9xtoc27Y(zC8*_OISHStcj#246{A(=Y>IC^?Roh?Y! zLH3*kKKANRZ4Ia!Jl=xli_Eo%K{Q{J*}u6_KNgzzqfX5Mb#=CoRm|d84{zvIrn^lzDS5i-Y$&8&5V*heSRV-BHzG=Sf4)!AfmKcl+n9 z2dak~&<9=w3u~aiXxeYJY#UW?lNK_xx=}50Uwqb85kJ)+sP1)vqDl8c1dt0g)%jP0 z=Nh#v>1x{zz=5(=b%c_;yomskz3QwNr65#cyu3H}>VkWcJrLMR{O#FMXni;0@5|V8 ztG_dDDFzkD_;OOhB(f1FWYnJxT$F>w3#df$MNcLMMJ!8s?7BE7aKZz1pW8!#5mdKq zu&ZFS&4b2~?t%hO`f5Bshq9!~9>rb4KJ^m5=Zr@8sAbEMayAC_cIj*%d)F%hi8}JtvM?AYS zxSS`F;Ww76@ZkAJBRNr%?6P~8y+Jx(w;n3sD&1zNb|77}JDZJZ&8c%VqT^f991x?# z{mQ5D(|<#dLF+qj=cf2hBToGZ1OUKde&EtWc+0Q(D?@Zfv>aHwZRC4rIY(>*})zz92Jcrf2U=&Pc-b#L; zMT1j5z~SIRh2~30U5|Qb+xmjopv+RwcSs0;sW1C%rV{tVZUvfDAji@C156&SNuL50 zr`QL#PJkrTBRx_iwDZ9BO^LJ2Nn~Lv`jSujk{6V{P0*2&Jw}mQkZDx4uSxFe-qsTY z5r1+O9W9oSmZH4@*y)4t$BgG>(;P_u6}l_yV`?lqkTteMoh!d}>P-2qPsK~xUriJx z=hqb^4qAr149$40l~a2!Qb}F)?Cd%<*Lkd0SL?@$RYcR5*Qk|-I9_!UP z`jNPtR$%mn-uZ}spB5hJ-{Cygt1kU0lZvrr{bOsGr++NvktGqVm&P%c@Dosh?5vXP zoD#KD?3+&?y89#0v$N{5bL!Ol8cyxx_?(?ppPf^$UUr~~`Ki%m+#@u;+?rIL!k)}Y zm8tPn)}*S`_!?_cO=^6tHK`W2WAzLZt2wM^$9^%={nVvUlNwjH7ec*S(Y7ISQ>HU(ZdRb)U6+q{NNtMWP&NLpMCufzQ>E_@i^ zP;}zgN7Vr?e8^I&?9|?h?wo!B)thZ8QHf_o>ez)eAmA(eg;9K{V$*ZTOTYCXwS7D- zpp4q*$JGxeO3t_%s_g{|o?z+dTYXs!-er?I@mIFA6Q?(+)z1mOIFPsXW`>*GODUpg z9%cRqo*{?$R&AiT`1*NVZO}zDs)H|-yw*l>E8PC1e*HZAt4}SGU%$FpegmnvPxn{< z-u-pGu10pYU#)Z=1L`@ua(nhypSsUM@~bd|TWa7sMP9 zo7VEWieA4*`}+E8r8FEcY6+;L#KQPQ6?%Uv>lqjzL3tkRL@})H40f+5YqItQN?X@t zE^-6(+-d=#fBDtpIvH92jfsABk4{Wo8c^-%x!7T`$VI6l3jAS>(mzfP%IThPv^k7s zn4O_{w0WP_fXUyuLlpbHyB)?jEe9WVje|`dg3~mbGsmV-)F4(Nt~SZg zN}S`&u`bT}<{xx9pM5=`9I86}5Evp%u+~D0H2KZVxRSDGmAq0+QgO&?HP~)Y54m_t zn{hnzw;C_=SJ|&G@umne)zP;BeR1M(81emiPUQ<5G6pt+taAZJHpbO)SJ}y!Wf@C) z?UB6~1nS{BbNV==-f={DtQ77|IIf=i0qY1~qs{Iqun^eK zaa`58FF2_?(tQcV)k*q=rju9xpX|t%X`UBqJbOQXiFe5HAJp^X>4p7FsJ>YPD1GeCc@{F+?+a`#=Rm(=41dH0h*ix@#rv% z1oYe-lx@sfvNpx)_*_B;ij0bIPE;&4ai_aR+Zv=bG&ZWOx7v&uZFE{m2GGqpDE)xA zNCD!3{!NR<5nW_}gc4_i z0Lq`{l%F_>3=9xg;&4jkTo(hTu`c~78nvMT_%1wmuc*_{WZXuY!E>NmJO8PK02fhgKglmV z*LKQV?AN)dc6o9xEKenjY7`_BsTIJUH1UhI!-p zj$!Vz8wdAKX*G?jjOL1sgZqKq7uer*?hCe(uh1{gP%$iC{*ag|W{uJSlON3_lWd!D z1bd-dLC(?94_CWMWqQ{Brgjxje=+p?y>Kx^+p=i z0lH}$)jC~1B!h_03jIR9t=>j^|STNCq5>+^;fwCC3}4yUw{(-2^SMr((Iz` z5fByok{XO!g|msfFup|-unnly!MM4$`rXzKB~NA$+;7a$?fsSPE6MIMWRg?o&I$66 zDiqTf9N>+^e&z53ISZ%9lK|&?OeZn;^!UkDSF3+4% zV5bH&7%gF!=eA29*ek&QmbljC0U4zuX->wP)Ga?@8+#$TpP=!P8OIKi zdK~Wuf573yd*lE*sH7jq4K8tp`$VWQ&QlP(T0~zeRzc}*=TS zn}{r!6{s1HIc>6<%OeZ#5HUe6k;LJt@qu_O)|g#u=Q)GLOn{Eg;#MZC0r+6|8?(R2 z^Bs6k#7`He=D^^UsK!0ZzyENze8&DcaDMsde^dS>|A6wJL>`up!V&q$;2uEX635g$ z-OltesNWpSc2Ke0ffEt{%C1bR0 z)slpC8bmaC^foz3zJ?fTIzVtn8|V9Io-mrJK{t_bldmFN&t_}P_MSU4I=@eXk@Bp8Y= zhT(gr7!?jOux^P^G~TFwel_ik-*xpqqFN1gOha?PJQ}SA-MZohT3`0}o|>tRSX_IHlQSuvnPud~i;wu|sfA zCL*{f1hpENF85k;7-;d~BMi}80lc@yE+D?=q~@QCQY4=-c!PUzCzoP^JA!Y6GTOHF8*0C1 zIuwfyWO!pPjnaTj2By<0rMzMid9v`_TxITN%4F~`Nam{X_(cOG&GKcda<+xzHs&CH zRp8`K%xmT%Hv)Z#|A>`_nm&&l9BTZD`c!2E5h-ws%ih?NHfVo|FMhRJzlaiJv@CYj zca)>P54~@zZ-YAdY^|v9)1~KNTErqUA34k7ynTSnF(nwt#pK%OEpV@x7Z*?R6B@y2 z?4l;z;ob8mKSUbTq1}5?IqXvj0FU!KZ!`vsN$DLN1ktpzBUOD-ga#95`BZB&uza}S z=L;P{$%fJ>y5sovA~bNgmytoab=n~N(Df(n=$D2RYs_nxqo8DT!+B$|u( zWT!u_(>WO)d%idnoSuZROE~8++Ws<|B$ApN%461gzeyR8fcQB^TasnM_4)Qxf_xR9 zqfamDB=AR4EvyHvmkNWC*$BR(i6IUj9HZ4bM|=1DOAvNNm_m3|y^98uHl*)ul9@w8 zv{CJTkRlCPJ=%R;)!KkX=GF?bFiUOEW=?IM>(b zZxdzku1l~s9l_cpPLGcM36XJK2o?mfcJEo0?AhJkEqoYbdSIpX{9d{_1e1#5iX=32 zKy?}-QQP1C-_XCu?;wM={&Cv8m;SB!c%c4GAG){xrAk;los_c%=-=pyJpH@C zM(?uK_4IX)y3WZ{*9P@_CsX2TDAa{oSr5BalvOJ#TMbL<_&(6DDPC;IakTYkCXJM> zZ|A=%1!N|hG`Ip3;bbb!LSSW1Fntbk^Qg=)^C0I9-!Ifz&4V2fIz3mkA@sNZVGBLE zqJ~P9uTL}_0d*G6h@gk&&EK*uA(c2qgvR}dFtZ_b+gN#zs?3jcg8e-kCq3b$zogTb z6`(HXFur+X^|Ef%<(wP&eDbmdeCE9oHx6HhsZ7B+@ACQ3Wl=u=2cP%Hp7!)GPtUp? zxX=?-q5w2c3MZ_i|?KK|;*ipOJKnxOi>up;C=uovB7CE29 zcoK5jJI}mfet>jn778hfs{a@xyyA=7-R-N4+q!#oDLHfa)5QqC!HSdGOpP2>e`=Im zAW;Jc=6cxjaiE7N%L1%s;wk{r#=v}$;QL-cjWPRc9mG2X-jG(b`^0;-)f}W_6Fl2 zd)upz4FN^6g0N5P1ane`a$3J(qH<>xt%^y)#LX3gry_gemqI*R!}E+GVEXU@+7 z4}}M!u?FRRi~0OAPPQGsABv}1m8)khx7r^-4A@0WyB3V&&eDZ+0C# zm6^jO)|xr6zwjQAkT#%W5Rtiv!wcH;IpLg4er5B$=0{QpJ~a$xC}zkI|C8U_-Xu2q z0#;oHOJg#)EeKIHZnGYT5HCQ#Uv;yHp!!9l?PsVy{4HEVzxmV<%zYg!e2v^wi4qIc z^d^=^qKl3KQR_wEqUdsX7eQWKpO;6Cc5&OjfVef)0;ud>RF7~mJ6;5)(e`IZmZNt2 zAMvo1a!%igKNVZkAEHa3zz}#1=XiYxv3#3Xe&ZSq6(-+L@fmX)n3lG`;Mww%6CXLD zR=|4<;>J%uyvIg$#=9aB(Z@gCBJwzgCeUc#N?n0QBzNqW*gv@gU9BFFCe`pmSLfhp zVW|}Mu9gkzwO&+PM?yL%i`DoiQX4VeN+Kcc#ek&m#-G$RxW%ziRh__mOj@)8>SX>1 z%-W;k(W_YsKSM9t{Q#2lM#o0=-SKW#3u#e$ZXtC=6}h1k8NdnZq ztv=n$*-LQWr*s6br7uK&2e9m!s;^!6#`iOvDplsH^fYjI7jW!zx$E=zAq7UkIfF3X z8toiEwcc@36;O}7M-4d(-B|P*n;)Ueg4R>jW6)z_#ZIy)*-tbA|nz&++h+lk0%;Ul$oEEMgr3f0v0JF-@B#2Rf6NOa0DZF(wA zI?|yjGAuY}TfOSNA<`}wj1S@KX~>HT^p8RJqE?~S;k~ruyO_)LUx5X;n;OPDX8nx~ zYR!YTk{E3_BNfnnD9Y0giTVHTD2l8LtD$eQ0zQb}TadUww&#picb-mO6K7%k200(T zzfno70k#7PVfCv8B7~-9L_ySSA*H<$aGQZRDn2(~aI}ZjRm=NC0UOn-jly{P@Ex$v zlhKPzNC1MSyxO|K2PibE!ZQSm4bZ4gzza~rY_K|-!o*LoQD-VU3>w(SuTLbyw1o6t z$Ep6Kph+*nVEC}@wiONX>l0YE4+~)zo-a=@2V_q@cN%kX{pc9Ny~&zLf${Taa6~3^ zm>}G#5nx^ZpfSu+hb!}T)Ya(|udS0lkv<;>ZJG-*{n5+{@h8bT|AD~cM>;jk_pg6; z91Heq&(~ZF1km1<{QkRC(-IH%Yu#OcFG_WKd#ETus+SOA6S*hL$c3ff9M)$U~EB&L*jV zzR~&zAcpY<*$a#|ZYjngO@G8(fXbo`N^oC!(@u5{792)0F+EEkM^tFpv-o4wt$h9g z{I+c}>UevKUmZL_DjJQOe+RrtopK2Cb5&;1W)N-v9HNRO&NM$lYTVo;I0xi#o&`?V zSX@mGV#vL?lU+pCbpC)8>Tco;JMYJm_m!b8{RMVjWTgqg8d}WBp16W;0|;Jv2dn4A zpIfiaOf*}-mY(p9mY@O}IsJ-l{xkC+jkv0=5~lvkFtk-eZAw1OQYVE(}Yv)1bR<UlYU)ELJ#KnG8220acSwvlS@(%2^L1u+%LAMWGY26Vb6l)9wIDdq7 zY6>^r7r=|rdnq#A_#VS++o8bT=99Eo9%O-cG^&e1is18g$pNS27F}}YW+ym|U)ety zSFeu|Nk`S&`hhd?g*$!&)oDE;IlrtR5l+r8FGw7joL^axI4n88svvPNLWA>b3YPu_ zW{eTR-lc!W6Yeo`ttsOf5)bfWx|vPX!T)uNY1I$sNC`#B8&SeRsd43Ce{k|f6mfKO zrMU%N5Iii`V*A@mA~tRjVvxw5xvxt6)A9(+*5ADH5UaK04^g#WetE;Byd#n~f+LiT z;!t*#F1vfHO7=FhJ$)78h16YhmP z9DMM<&+^TxGxsR(M+3{V({*{T{9&*1n675$%Cqr(>ixeGH-Gfc-#?1)1YxYidI5&R z-Pi(lxCly}tO@B;gw@b@#*+FOhQ;7xwCyBhs+Zq&`2vsG)77nOrHf`~dDX&|!gQlD z&$m0K~o+1i(TSPPr(bUr_86|qWx+d ziON*!uSntAM!^!6?Spqsq7MKH|821>7^UX>7#!LF&oOx(N_mA3_&|!$#u>C)0xSz= z&1m}-i+m8Te7RW&M;kEdhK~?b!*XRVhgXN?T7RS3DL`zp8G-}e=Fd@a=}pKGimI-s z_3$IKM~f%uAV8@?>S{Z^PS4ke1B1#&%G|z&ouvQvYiGT%<90ih>dSxXyjS zQZ-65h@;VwOTlU_&ZFg$u0~P{hfv4)81qng!(^if=S46}0SprO2GSu$)SrBROLDc( ziegPPf?(GZzoD#IKzldx=|Hbou!GXP3&h;t;j`J7eiG_pzT^T%nY=C@L&KUr+cQYN zN(|}x&q%lMN+Tv_F)aAov7$cKkVbV(tvp86@%lmA(-V_7z@83I-T?b{RBB2k)o}#~ zCU1b*J|KBR4Vqa(@!XZ7OowTO8r9Pm`}M$1*&VA=$pyufkrP-^E3?i5$dWp7o_?51sTYqYS&EN z5y#1hk3Hv{B^7fTjDS~2f?ZgrLR*X9xD%d}Ht|JbPH-kb^kfUFgi$JlJCV7i1NR`0 zVi+6Ovg65@8DpM>64Rf-zXJ6Tx-Uj@_EqZGA3;-n^PH=5^jg_DqH5UV(xHj;IDi$| zbSd`Qn%p; zsMO>e*;FePNbAQ&wdFkNooudqAzb#|?`j1EbwcDg7R9N(UCo4u-KLX^CFQZOA~?!? z(=*TjJ{xUsAc4Cvp#m=-$7;gNew`zJACgn^16X`N_%Utq$BJ@te%+`}s~1cQ&GJEeeWe?w-+0XXlW z)L_KC6LpYXBjSjvXcf8iV(uUwN8(S?yd1b&&oFuD!Rav^ykXKBdW4%a!$hgE?ED9d zxx)9z9uRW{t-++PSc@G+wT{I1?9O#$`!jqG{u*sLuuVL1Mw7bfMrS%u($A?tfi<6d z6))}8?g9tspUYJuK8wY*evmn_NljTPwKgl93Yrfhr>yg$j*oV0iIbza8m{ZbSxs)e z%-LUxeWNLwFr#f92qdctjJB10n9DJqTTxO?IIE>^LP!lF-eUyT%gFZtA20GUod!R7 ztq++N;|Wo=@|fyyP6_CRC@dn5^C6bZL~JZlS31c!SL-v{wj&>cN#nd&Em|~PWO5Ge zgN3yNqm9y+QOjtL;Sp%5i@m9{7iNDA2^hCd1k7CE3ghRXl^({|M*P9p^b;qkd6vn` z6Ck8cgw3Fq_}~#gd4Qo;7POq`hoA3=u5F5`p{GmZReav02J1)YpjVxAiwtOZ_Nims zXTLf`KgZQ?HFAU65)@2JIdf_A3b#6i>8r5%XkL{AIQ9GV`Mv6wz6`izy;fT6FfxKj z(X_uxM`hzME_F7O&jg}FLiw=nI|3!2a)m!vAFrWs7 z)mw~3@8LNr(wp{6)=hFuMGn~&qsHfe7XT=6Tc0{32R+?^=B5};N2A%x0XNrzxbC>K zGDn)PyKe`*j0qq-Lj}4N(t`sMN!6mOqDc}n#3nEXXnyMuMH~d1OT((^F)_nAeDga81)X@+ zBa&*34U@2JpheUTLQ7rX!#9y<_;5D%?*~Ed{?u3&mXhm9M{!L)lAMd3Fl`@D%u*Q{ z-nbDWIhQtOHJ@m!dho!({BzycSkPL4pkp}TfLmuk)>u-2FH!ST*Vtixdo}wqKaXZx zAqe2hpAaU49Bmt$358qbMIO0K_^i?qz$F5;-n>t@I; zkWTS2?%P3*cHiR=$vh)94$BTqelNRvI}ZGxfE?)`(6WfAA&3OeC-|dk$e(QXTaPkN zWgY)WxGL95*M}#m3As7X>SbHSbX)0TQg;E&xoML+ zQo@^lS&+U(phC1sEp#X*X5rjmAwt-8x1!$?Rm)+jF@Uq_xt-a1k!4IdS%6&iy$Nf? zY;s}FC;HQV8g2?>sg3G>N%dQ4Dc1lzeJK8zl@tm+Y;(LT(10V*Nz0^F7!t)&Zq^** zq7?E#W%rkR_d525=df7UKvFnwkS}pXD&irLEFJQJ~*|D2cN(V@--7@N%kGn)@5dY-9 zQDyFR-{v?4T&)YRJ%&2HzQ8`j9opg4fe1)j?}^7G8$SOzhprDAJyCDj-**$|If+LOsMxKV6e|X& zOrKYXVkW5NyT6t%V^AXBMYA3GUJTQA31W$x5`$A`%aOyc4ujIemo(bAuP!;?2j|G2 zz{dX{o+JY1#^L#}_uwDjSs@;S1~9|PYENrLf2}l1ro_a7Yg^s{^Ou^RE0&17(-k1h zjGXDE24m`)y2i^e*3)>$eIg-N&WjU4YKeY~qM!cdSe7p3tpOUh=XdB9$H@S7jt;q7 zigfi9hIPaFO@|~mI{#R|z|#TQ%Hbr7T$F;*z5?jx30^UuKK$shI)Dko4ws!# z4m)=|se4TpXP?Hx;SahQZg5aqH3|@p$At7K7r_7fcEbvS|&n&bA4(Xab1iQz0x*W{KPfko?R? zRG3{<3(l%H!XE~0=sG8_^A}(f44$@*4h?EOAbA}}P%dl=RrP!631TKsL32WlM*FP6 zT-n9K{v#q)@xX>Lv0q#mPLJ9SB{R8Y>CvHwJgvphDV!Wt4}K+m#~Ld+xsfx4^g*o? z)H#So*^|=mPz7rRHZT0Yw3{0!`N+u6JG;^(p+tPRE3 z~*dD)Z#N%KQSO6+NJSQ}=0)cnB5vCYFyQlsOs?X&T_E41?rw&q&m`-^q+HDIe=}y?G`K!^`2~I0Ktm(V zdA@p3tdgf2dx4rgD(x3zC|h(d*us_iVD9|t(r*W@|1DinIbeNn>1}5Wd=K+Ix8SSe zL%gj6-(}XDWw#dKzH)B7g&1%y7GtEL+6$cpAo>QDH-bGTF&W!Acbu6TLnAhuM_k5> z7f*j+(ITKWs z0NfAsSJ9o!Ma{=bV)N`wWpjysoRJyPe3X71<=}T|e9Wr4E3%nk&1E|MXHNRnZh98O za8#WPK4E~G)Cw6X<-!BKiw28a+LJ_#c7seNux~f98gDxOLpcnQ72nL0&FAW3u1(j$ z&gX=UCoS(1h?XJeO~#_j(fX2Y>HT1KarMPp62a;a)}i|bCA-7P-3_gurNh8U_GMMp zf3+_N}eC#KM?;SuLEu1;*s`KF-M-yHHQT5?mGUk5{Vx+WD zccblSwlVb2vmI!NR}MrG7h)&SiPGhrD>!#)9Om9cO1Op~xw{AigGM_ymH^kEU3@3% zg8kUXNW*jM4<<_NTZv&Q4>zO8w6iH@y^@WFtS>nNV43U@WH&#>tjK(#Mvj3!iUOJg z)+=h|UkVFE?a^5R0Aito-G)#2#k5dV)tlz*!F=7NFv`>vR0r~-kcv&fmKEH6(m}_~ z(aVfQkMNrByTl3|VrOe&R_4DYrYltz;mw=Nv>fDyKfn5!I7ZkZx4b}G7l=dk&6MW` z^_+fyjDqTM_t~c&aGwL}xB40TXY@lm28hsyP)^If>CDz=P&A8pjG(YLq)P6VmhfEa zRhLJcxMLXd!4?!c%{NOo1*6Yw2BA2BMJc&p^PZpr3TEl{&3UN7fydV8d^ z8G{H-ofo=#+;@T;Pn9r#puyLq%ISwZd$XP_hH_tduM>enWPtGDBpq87>L4v%95<+T zetkw15@?@1Z@R1-WEBG4#v09 z^iy0NB|SC%Tq{fdD~mH%+BQ(l=MK(x)ExG|)eNT1n9kOiaP)Mv>}HQv$~nFq&?-Bi z@kF&ZRlHEhUXeghPan|%Q?-BAySkZs%EfekHeAvuRGK=9x!W%}br)KHY5itSGEKpl zd11`PrN8L2uMhgDk30*Pq?fLyj+XQ3w^M_U{jd{qsc7|R40P%pOW09s>hG4BM|IZJ zzwpQ1+5!K2r00~t}vA19M8F>v+i035SErltxMO_kG@BB+0+zi1M>U{ zG{V}RwWJO0#9vlPsZi**JPbv%L2noP=s7P|gC|Ub=Dhd>f6YnR=$VVXPj-3w(=EFK z{fWk5D*m+3rc)w&YgRYx&9X_6v-@Y0vS6>1O+>XP%;9eNNp=sUw}Kbo^jY4pM5IGnGzP z3`!oQwsWRFN7Dx71f}{pQ*E4jmQpJ?Q-9{vOO*P2j{~z4oO+E?Z#h%x%-f*crqq+p zR63h8C^kyn?M(fcQy)?4dS@yb(hbTJN?qVgP2<#8lxosaO=g4Qnt_zzGDY4(Gmnv@ zGdTE=y}uljK5{U+$x(=wugh8S{(3dG(*8^AF*0`#|d`6Y_v*W4s^<$X$rJ7{lb(qu}) zVx1_$oQZU1ghcq&HgqP^nGq5Jv63^frA+iq6t88^s2MhRK%8^vLdbj{90`nLD)4&Z zf;#b{hp%G=dql$l`cipvZV!b0<@HLxv5mXDY-gR|)A0R#>qeLNHJXjBFRUBq$r&}U8{%(33%Ul7Ba zyX!4{^_ksK#MT)9Nvd?`a?2FiF1N{{$30vxLo-08e_S6C`VTM}yKq2Ir0ekcpc4bF z`**4PH=Nz4o&!Vlb}{!h&pu!4*VgH8^~*fR{<*fP0H0NxNT$?xD>LWvKD3UdfRHZw z5BGOj@dWRhN~?zjiK2ouXtMcV^Pdp?za#&b%Ksa@68{442dLMe5W|xgDlRS+JjMI0 z4A3626pPMW#hnCf;m5Sr>y$JLJ|4>tnXh&4B%F&@V^u^cY`3vqC(^~Vc`}9j8o+(^ z5F6P>DNWz-a?@M8kTT#K$2M4E24}BH)7P+6N#U?JsrCqc##$6&KL1^x6XOg0&RoJ? zO23G9tJYEgS6*J>C}p6SPCBw#Y#7VEVFS0R670ZfhftXMEX!oY_{SNH?xI>V7LJ8e z0!8YwvV;j)zdw|wFA9LuS(3hRikE0IlEtwxR++LMn`(tmLAmz+1J zU?O9kfayw~VWi)sL)=W^Dw>ImChXI|rxh?^Dp!yp7UWkkkHZ&A&t(h1vHH>BF@8hgm$iBfix`Ji`VpATo^wL>M zqjWe~GK=7H-SVcW^-;zHChHSyP8*;efHI6jO@to8c^f2%?1K*Va3Il>v`jhQwD=p* ze!9J&zYEy5Gg)tr=|3rIFNOdwX8)pZpj0t^D$J_oK(KIMe0mn%kYS;j>!R#>HbHYI z*`BI=Bm3F(BiYYG4ttt}56Ty=--$9De}&Eyy+!07FQEol@L)oQ6**8|X29}`Cn)+S zV=&1{DuoQJ0oAzI_?&KmeGo@MmXqqZnv_K0@h(pYaKT-IY8~SV%V$NZcuvk5zIWFV zQUdmh1WIqr+blBHyla`^Wf|kiff%t6dZ(v)x|jp(zI=W_SA}FsHG2i5IKRu_yi3nW zg`|4XF_5>!fwq6If9GYHf*qf!FD!L>;$P>TAE;0|?U-x38WzTh%gsjE6FMQN1+ zv`T7Fa53N!jk9Slf;=FGM3|iENC>eMATSi7>3N8TymSD$)By6`=;t0US`Jgk)zm9#cV7h#3jd8(l!eT;pKAs)am#sn|cj|qxK+VFR2M?YIxu2?&HX~9M_8e&xk z9b(^8IcjPO?Ohjg}LNh{P1A{!)t%=DR zP$xO9qI9?+A+-bL74nRcP0X-wQ%JU`Qhw9){HP*`$^=r(f{e!%ylr#?+sV zVr$^Hc=muutj}nK53(=B%8??Wd{W9{T&$CRKD?b0Pcio}f~02|gw656%F$L(*g#e} z3XqG4cL1`|hv>=Tbs^;=bhP~38)1!CDL z3?HxyIpxCXYP934lK&O~Yd{)bWdBB@TRx<5jvoeUzvbzQ`8+1Uo62v>$ zdPoi(q}9eb%3a`&suo!lB*8JChctrWMr@)0m#EX>%S165h6aF8L(1A$7rj5^i8<|I zEoBY&L9fdpN{+gcG@#XbjTF;Z!xP2FEWF$;IhGhtmc7dnYn0;sJL8u`ll=8?$V<6= zYw(GxMc~&X#b7$N^FS<7xT?!6fKwRaV|piWr%^-7UkbKNnu_%2AbEg!#tTUuxKo+% zy2%kKEzzEyuA6)}Set&OdC3}_%hDB-6HDkez#+sCJy`AdRh$*bs53$SsSz&ZC$Z?kGgoLK+{SR-U*!P6Rme(ukhU z{0cI^hA%S_1{u}E)qKByv{xpA($sv|E1#XM)7cN}8{x`oCZQrRa?SO?L7D&@Gl4>9J~kzRUgDy7n=GaoFnS?u#)$MxpHr@LrxR+#xS);E~$%v zL-*f(;sNMXC?@dBh9yz8JaNsY##FFWbc#7a!k(3-XhWWui!Sh*-D zq7-?N3T?148()2>tz4=;5A~JbScsJBq-J?wRS#Mh?IYO;fu6jBt&vws5CxM-9!~rO zFS0^YN#1TK(;aOkD-^69Z7ovUVl@opk1jfX4t%#b@udq*8oq@{28?dS@#X!2H3kzE zQvdouXfE{I6c`5*5-GjJ^r4KIBWjkZ1me*ycK~*SYrqo6R|GHaXy(pRl`LoX41FOAv*NXg*&$?7_p4=lOLMy;VZQ7@AQ-iqy8ciAl+z7BI z7<)>15y}%Jfw0FGGi%s3(`Uk4ncHNh(ZJ~ju}$J&pCt~zk5jV(zDr=zCyHErqAzF} zSE&nP$cGFM75PxlaJF_xZcR@i(1RTRmRRn{`QKF5pgA!G^E@*S!M*EI5{m{JiVY+d zc>h8^lB(W8Fq&n#82d$Sd?BC6zX``Hpu3Oi+XQ_#+>Z#9`E+V8T&vPq?y=pf5AWGX z@Fk*#KgO0W*HQ_eJ~ZLjDS^=QwEEBiqYmzb^Uxt~l{YHT@S4-s_QiH#xS9u ztC24N_>$bNrT4@G_Z7nt@h?Js2G&*Y*#$wH_z~E&&N^3;+Qrwmr{OwRQ)ND)X2j#f zMG2VJ3p7qslirneCqtONVx+sJtG6YR);L~Y)b-Ezt#7&h&}j)jyvas7tZ){CzoloO zB_@b$&Rm~eDG0QsYfDRH+akzeeWXyb(%%B@!{4H$b%ML4IZD(193LK*U_wvkcyf-9 z%<vbF2)}&)UV;^7eh);`x66$p07o{EOljXbENv!hfPHd?;khCQS5{D&9{$PF01G9HP`fPU>(@%+QiTs;{Yn&SGRh@r^!bEpWO=Pr@Q>>bVIo9rFtSNs+;z7uI z@@Ir`Eco}^4eVG_8$^(#{YlwD3jIpbKh zmtV_oa={Y339RRyzL`&!n09ds5`?cO1aT?Q~M~kA9i>7@XV_HxC#IvA8rNSwG zM1rQWsBtzY8Wn@^ktsw3)^}8UCVZRFm7*=HWGK?IL0o4-kZsXHK-NFtPG~L7A#mQI zZ9%A;sTp5$kgbk@MneWS`4wq2f<3D&D8im_7!0{?YG94>gyw0DO0vWz;eX=5YT!Uq zEzrZiAeI@qz)FJ7_9)^3BWv4iM3HtkGNQ!iGV$QU>X z%(NJ}&0;Y9q3eB!*cmbhWqS%V153GsTx~N2dlz=S?W!|xNZA*Z? zkss=5u4Rqm8*l7GApM}}x@yP;eMThyDn}h-Ho`c`MyFhH;vrBWu8$oAw9XZS2t3L3GoGH@+4D!){+V*`-#HooM?&l1+{u1rEs!uoEWiMUfzlFgS&N( zqt}t>btSTE+|oeAiKY^2L98#*T!Ih5sA?@uJMO|HFNHl8SXf5bF2Qh#hut%(5!qP7 zpyA3ai%(kt@*MjMhrA6V4#YL~NM)r11#huVVhnWKVh~GPN+Hg^rKb*We*|J2kQ^>I z2a6naqTsJfK@3!G1@EqQd_@?ifp`1QE5f_E$_6bP{w*_@KK47#`2qZJ+++>5#1@qmAIARf zswn_IieuUDmU=2p#NFA9K?{y*A`WG@Up|t7kHSCnUo3yc?7=kO<6toGfdR2SM4`7e z#vi~)yP`+bzzz#~FptyJE1cpl#yGb8&H2K&r0Xbju_w(E9`7jQcy!TK?P8HT8t6oO zoS!-%1|hz&2G3j%??ZLtwk%@qZ{S7Iw>ikkGD12d!8<}oj4Mgk2i7UJT zBa(P2bPmEeD5PK8OyDoR%xlK0Y8zDJIo-C^XN*7=!b%2$qoLddvwe*oD#arT?jk0R z@L-A3kwEzP0rT?lA{Fl1lFw>d{ty$;1jy0={ykW*n)l{9wh9u6hj4WQp)dgiw}J!J z3giceodsTQ=?|P~!Q3!`ffvNEFgb`+7h4W0I@tm16^)nWG%neR=3Tis#n$x~_2oxa zXIBbMd=vyb`#k-STS$KDV6pcK8)y}>9G3ruEocVu(>4CV=C6!z&=judmYy?Jw-U{o zBj^UzaEU%aFX+NeA(k#2J{R=kexl=z?X%Ezh@>{MD4SjFGlH+$Q&1~Gxb#v>n&?3T zD)=!!$4J~71$#pRF0&jsPI%B_8*Cl#A->1!S#fx(>@!Dlbri&FBJPMU6(<(nq|)&0 z!w4=%B*CUycSfL(pr>k+c2bPqTeO@OyDz_l&@W6GB*MmXS5%1&K$x{6cAU1NH0Gwn zNG|1}+L3V~5H(A@RTJ+E1FF_2bcr-jQMCur;bjJWs^5bg-*}rL8uBCDo%#T^2%FJ3 zgSf~ug6M)v3f1ITawnJNqDz>^j`dm2Uou@4f$vh75+Fae%Kx zoSH3%vseSg;1#h~qCItgK{mK>wLit|acVx>nqZWQcN)4Q&ZVah_DlfxnFI9xT;l=EGIyyBY(?40fT(s2!k*fS8#4;L00Fm@U zd9ox^`LadI*OTS1q^TGbE&pHOZ~eFO{{{ZEe=GlA;CK1A^8W>XwSOy58U^*YS&{yd zp9&~$oBc2SrA3FzhZHIQr7XXA%s_Km2|S*`?tG{SHgZ(5^atW(_yPq|4*Mh3x50PH(8*7AAFi)pPAnBpPT%AjcS-nBd9Hdlz|P8^l-Y49Aqk z`r-J%p~^D#1478+NXH^G)A6B0yhQnN5W-(RDyPp_iar5p1Mcs8(OWK_^m4s7o{Nct zjll~<7?1CkR#!TM;W&e|2;(snEjvyI&NcJy00P6@Q7b5hInn}fREcCS(bJLSP0v!d z#W8cC8RsV>fd%wVG#9{>Gl)B~%c$ioyg?F@Yq(k|9~I#a*dJLtk%T&L?M8N@lh#=t z)`1>Szio2i11{g-^!BRb>oa)Ze~#(h7xJjAHDUtlz5}(wGgNPCsvLqRqf{1XJ8{7A z6=|FZ7RjH*EW(CzC`cGCFKZtfOdsoP(y(+PFU>89xsFC4*zp7wcY}wPx^a-_6&S*o{>dXgFX{PdIz_h7u_#{& zejsg>T@KhptFIhik;W7>Q$seRG;ySlu}#B#w^9rq5Ke9JjCl{b!q#@jNr8URFch>O zaWVkeYgBrUEk@7(j>F37|7UvID3ZIg!Ns<<#lLwu_OMn+pVl3L9+zqf!)u!qpYZnFN43R0-LSCAxDC-1~}tfsF#J0})UV zbMII4zEHh+w z9S9IQsgAEm<7A){<3#7*h3`Sg+Wk)9yOV|Q7sZ9IYL8O+Il0JqG*MuUFCzY}j;~1N zoLuyeq-X^B=aA$;1Zn!2W4uj8;5Sx&bU>u;9dmp|8mFRrqy7ugf zrKgQ1-Hi+bZ?&~x8NuI{_^ZR;Ad8nDEC7LW+Lp5pmF)Jjc?(>vs#8>CvllNw`ixYm zHxRVK8y2{aaLnWo&_J*5KdAqB^tAy1;*s2SE}=bK%z7-R_aq5!gxoj%qPzyWHgdbA zhXx>sJzp*u3w#OpI;=A8uotqwth@S7 zk7K{&C{KG1l=mpS5ho^9XR~GT<06KS(>s9U!!YMfl823 zpmw2o5FD)VY9CZU`X{ck;li6YuVexUILXk6zG5g^#c1Ox$|Al$&dKSZH~K}#>VS_e zM{x&aFajxoC4Wyx01fO1<$8$8KGNYF>@A&xOU#Z(&^;)l!B*V+Hq}Tk&_RDgeD{0o zSOoKB0U((lqL6X8QfdPob-WqLgH<@iM@&}O71%g}vkc<4%qn)8q1t=WfAa-e(IBG^ zG!F-@!!W(tfQXBq*cNb-j@c-mJ2nPE_j@fV~nf{%17ulH)ot=uSLF+ zUpX=xE9NzM;XF+%&G1_@$cErB4$IzMpxNq$g4#J^`d zl}>Van&Sh#o$UC)R$HH8$3_CL|9W6ZP!k))dayb17EGUUhw{Ym);t*j3b~oV@&ng$ zO3+r&M^xswNkKh*2F3TKL@)7%pMT^;3P^>!6h4Vy51&Mlq2&;s2&{!%BYetcu|XA6 z?5|eb0B%Wm%`TrPmP?xxMyx79_DD<=ySONnSQ!KuaOgcw+8?^_QKzRqBbVXI9@UYs zQ3M6W?cI(-6ts-cmBre1qL#_O(8qvV$mL?`6AsY+VsVh{bU_@=LJB2Vt9UOe0Z^jM z^AIJpJcM1wlBcF4zIr=`Pk7&=bVv_z(V2Eirr|veXWBlQhWBWkX%tP5V8VmfU951X zFLb7Rh*W1fdE=|);qUHDAA)pv8qf;kK}TxlYUnxb>^*V6i{n3H-sm%0p=*{amit;J z{<;e?p0FI$XN&_F-l|($QXn;03iJyp4K`Wg7+M2;#PuldIubmC=|%`nc=2>IM*DN7 zxu;A*#A3KEepoaKUb>J@X)*~8wAP+p!8vta1Ru3@@(S+hRTMFUctOn`@c^F@b7YQ# zoKc1%jc2j)Ddw|1RypLH)^?+Eo)Swcd5%OkZLa_Fo+@8pV<%R%_m;1JlDxz#f#kIe zDYV;Bii!j%mkFMSaz}z?e`&7Z0GsKk;6s)W4{_%vi>Y{V^%nmyh{t)nSlH^l0{-^_ z$ws>|e$L01NWUojvFy`o%2lrt(exz=!F27(@7NckYiQ9VNmqZF^iR6tg1~(03J)wD zMb<>SK$qEr1}h<+c8oOGnI#A%8gYpd>58^%q}7x`n(ZX3Gttuj6VDi&!UDm5BUmK7 zu$@gigYuZ&9tpikk%C*Nm%SmLIcsv4s6h)yRa*JQkAKoPu7s-&r&vl4vF@np+bG1~ z$rm4NW-Vj2{6wISnJSWH$~#VOa=lO~H$E;Aw(a|TQ3ri6Rf|tV6UMiippx7OR2WSk z3kTX`!C=Yg#vl;9FNtK=7AzjHepDu*{J6RLsn5tK4B#yN9!PRwj}_WxB4`#4ZAb2sU-Xc&*jk)Z%8v0^O~ zl4E)&zOW6sXeDF(SZMXNZ3Ma+HalHG-Il?}{z)Zw>MoMu%gle_xr$z*1rXiK^>kLt z?_=BX$45U&>u&c@OYH}{cpvcmFkFi1IN-aN5v{3U4II^%>sg_L4BpHc& zC=XCv2FO7l=}nqnkU-a`=ou{<@ss!q_;lMa$rT${sQ=ywmkTkBF8C0pmg~Xif{Vlt z!k7eFM97KBr7;~8t8SI$VVqdmlv#6MDO6~G8W*`!+9Iw!e%A)gQUWOykxTmkw3Xt! z4=H%8uT#o9>Ce4r9db$kxu|`{ayBie@Ow%>e-|y_GVLn-(G^6mA|P<(3mxQ_ILL=Pu z@ApE6VnA^oSYxy{v(}B`Nm4q!e;U7p6l=b&JEJbQ}M zWyH%xtl!xD1>HQrpUk)CZ(%M3o&QhBWW%V^JV3^U^n6#odbLE~ zSsoTdFCrSaSaeoQJKP$yL}$5VMUYhWwGE=NiuUUpC$39Y&>{qq=>+2GELF^B3gPJx zeBj)rB7(q%lGe#3_92l-X4Pd|U67nKnfxu23tR5Bld2Jh_am5Mype!Cn+p4+T zl&w}nsj+w@5`U7!Ry$D_x}OA2#$dI)t7$&@muYQLB~)1jpZ!&T<0D!8%9}URXEMkD zL)9=e+1k+XxE!{HLlog1dl1kz3jD%tV_M@c>2gUz`AtPYpOJ^=NTQ`5mh21@j(&a! zFd}U#7=MXl!GA2fd8dzc$Jh1}NV-KsSb@Hl`?MSZ72lBO`uBGtN7bomBoxn_WWS&i zG*FPCh7l@kxgXJR9!%!b>hxI@gZnsT0S+2uX$`o3mcVQbs~dXcHr6jF1nZza zb0n#S9Qm524#?wexhPf|@P6N8siW&`KA<7d2eVi|zluZ_BTaoVHz497XHXpNAduf+Gn1KWEdC9me;~Y%ctG&+0|mT*9}$6KKOkHYcC9XO`UfF>EJqJLFYS^O zlyk;L-L~p>>USTr>gL0Y7)`!PgA#=KXJP^7*A}Qx?a-CBLBi)DWpJ1^j3k6Ap^er8 z^_d+(D%(9IQfb;^CUK{eMQ2tRnJfQ;Y_JQ9JFTXz6w%nE4We@;@f{`?AG4MPz}}*| z9AZtn+CGGBMwz7*aV}lAl4R{vWZ6TQ+oz#u5%FOgO;tzyv+8EG>PRh%8{WV#q0+ug zXRAdu|Io6Pjp&wR{gaiocEC+GSCr;e+QURMtRMXob8kCHeDgWu1wy;nF5ov0mgxbC zIYw7hW+Gxl%@=HluC2W%C+&%9Jd^R~38W6rR?xYI0z16&#rrm2afDwdWrp|>&A_AD zyC7Ug<4_RpLDNXRU*RqG^`-k2KEyhQkPd!8NR&(|87YxARNx}CqRGhz=1St*Z()$k zv&c)5EEvY(exrEJRtiK;+2jOph5+DM(bPL9wqjl*bSp z!!sR!wao%^5FTh*O9flYY7xp2S?wO*Gx4&~!x~whHx&N^7WUfz6NaE3-K9tncQiuO0HH8OnNN}BZkq5^Rr_bWc*Ae0da(U7{w@2b%z`o$ER~_Eqzo;F{-eTE zwWxyDX>2g$3SYR$_lEH zJ7vA#2k|2Cf}{p*CUjegmuSD3p642ZLgwr7qMR&%>R^5v4t)kOSG;)q6W63F0YAj!<&8aC?|e|mQmY__XA{JpFD@wH5AJ}_ z3)gskgfwy=+-oa{N}^qgWpXkbBs4jQcf%=6**_U9_P-1-V6mBknUP6VN!if&UoCmOcu8$e*>(UjVV~8x5M$z>{=5Wly7f^<@kur@3WVr| z;@;?kO9I58JT-_H&)MX|v>+cJvXFWsVrnoGnCVD&|DYIt50ONK_AE>xeZ{M=O}q%; z%Dgx<0R|Rp22>RB7%Cul$IXGfaRk=D|YW^knWI?^H?X&#QWrjE4dZ2Ln0P1OlesPCW@;fsewe*$yZ zj?nNH+Wv$k487A~HJ+AK(p-lACcEgD%bR%eK8$u=M(1M)g@cuqf?4|lu8-Bf0<%4UC9miP z!NnGe#oU>)*cMRyTRZ>4*$Vm;L^BTTBKs=Y%oiuY#=bZj^?X`_y4l^?O&oOr$IyzV z+QvAwo5mSr|LN!GBcGz>S|`xSemUtbt_yi%K25MHlLd|DFJHb#H!s+0&Y3Q|S?#Sn zF}Z-c>Sx~pZHGjht$BZROpPz##QCl9=~rZYj84QI<5Sx>PD6Y;5bxkb+@0m!=qd>w(uB5?}I-)*$5rOh(zS2&J0jyLYjilNGcwKQO?ViSR#{>N&Y<4d$z0 z#wN;N#Kpd%uA|w?G)YE6FDZ1jM0m;bLt|4}E`ndL1L@o({9>2=aGrd3^D# z#e&%K^JDO$sV7NxT;PuJk$0=ZjJ+7g!W6tC_SXYy8$}@5%#HXO!auqYZcy14hmyF# z1{86x#M=_%&0R(!_XlFY0}qSA7}5bk^}sPk1rFO{!*2d*9HO@BB?@JSjYBylQ9P30 zDr`FXr1Ms+gy=V(r8Kn?559xQ%_mn)Q~km=xNrIc!K7}78I)BRNesNV7`2(+i^uwD zY5*YeJvayb!F0%*5uBgh#X(0XzWSj4>Ju zBR4mlARc|LwObW&g^(W#|M>eKsgKv2!|Zr7do5~0@36O1HUVAkxJ0W!qII>ewF1dPDc3nobjZG?o<17uvgcPl##$>+w13DPh20JGaw zs<#!}Vwzd5d~=JuOZXZ?F0PJ0R_RA~NBT-MXnPBEy$IcKFY82ae&fniBhGTo@(L~b zaEq4f7CVskb+&9kN73$kvR$5z>`x@+GubuhxQKgdo#mA_yS%HplEr3ujCicjVZaPF zx(Y(~`mUoNR=41*p|L*t%s3>n8!Ps;NKc~0dHHE<>4@jKjD3XV~JEYk(udKy|kIpLMGZx zBrWwB{{g~q|4(9(>29k*vsiD+ATe9YMw)2m)l_%OP#@cN{LaQIR7lwhg{EXW zVhBZHG_#5&1yK(58Og}94E46n#9xD`{2qx71Qrh0^BWij;VM(wuSdQgQqPSd<6g(B%z zIMGAwZNxh-3{2({%BNM!jE$}9H*&Cf73+&Fy_Uf39KRH;S=2cKKxZNiR7^&-X}t;i@oanq2=wBXk{wBlUr8b`czjl z43=!Z3pGzFvC>T&JcXvBeS^y1*gk-h$(_MdDf21uvi~qL-O&orMXA9l?>JJ%D(yK% zr==j4HJ~Y7IQ3x?*Mv_nu?)$I#mJ<-CW@df>I^a0!uwby)R@xdia5{LKJ*z|P#jmI z6p9vPpQiW&YNA*rp#q=5N-(Fq|5iKZkGR|Rj<_E?pLq&}d#3;94UN}J?_V+rb5vh3 z8hg%`e)h(R!hI;=NzWB1ZfHqy0Ylgkwu2H%Ai-FQ*F=M`o+M~IHGzf#liNAzP5y8u9F2&UV z)p0>vJAY?=84Q>xnpfg!mDRZdOaAm1`bib==yp~=5`kSV=e%+=1~A-sQMIGGM49l+ z6i(&EJ2kjz;4_SL1(Md5N7&L-juSJE$o|q93n_IZ>V4zMQ)k1US|@^F#UzXkqKQP; z9$^gR6j-yoF~%5Fx9)Pmsc#InR}OhZarBaM7_>1Q5k=al0DhCG$@j9Lb8G86?I%f- zq5TW?1F9*{a?ijnm-!MEd290lhSrkndI+(mjQtoa&NDhlGSaP4bfWUpTvu~_%deIf z>91VPoo$QS+nqMZ$8+xM7A&2JPR_5IepA0-3H?O%oD%aBU9%<^ z0*+}I9Tf)`*-b(|=y&_HwOq@2pwsVO&b2G1-`4AQf5^XkyXtrMZR=_|pJPY(fta@ zzoa>@B@SIe!5b1^@#Rm?(0-=IKZ^ zZcsW_oSrhtl9wpz$<=u)t%;^)@(F_kv5plq9<@EFV~7VMxW~tf1nD|Put*0;5G@Zm zfRnuou^`ES5rpL;LCj}MExSdM>W#pP3~0*U0!Rzd#BvO112&68wx>AVk689i@(0&W_j9W z(4tk(l8;H|jY)QGIgN+ArL;jbU%^A8E`+(#ujU{7X$Wz;V}Q;v3$Zv7u(<;=T_RTf z?-4RcpYa98!E({^BjVeA>W~$TO2(70QtuO3d;xB|YK$oF~@MK@TP7 zP$JPzfLkp2=nwu7fiKe!SS|373VJ1dD`7<^r-XM=hw2W*-*_=z?$Bt^D3Knhwgkes zp2B-H9n$fj7?-x>#8w5Z zV9E24cR0fn$i4~9{Jfc(;Yo8ACE&kUj@zXJH!H$h5`p7Ec?&Kw)|5e>0m#J_|{xG0%4B2$)BDYoa0dv&QlJIfTxwzk}DaB zKsunr#w3{|uQ2gQi-iBY90ri%*J8A&af*7(w4lua(EOcK$ zEe9uFj=u62iF-?FOAB5r zP)G-8?luZ-!*SM#$U^qU@Hvz@AnX+R(@ldk z(FqBS5;Ty~L+mTVe1zZdf0n<43q!7%5C&PlN)>&dOKlisyu|`p##RLz79$=)CMIyS zQC_xTivxLz*lT=2lV}{xunjR$-1~wjGc7Y=U&?t6#&3#AV9BM4)*QbQ#ZBjwCr4;8 zXNi1Qq6L-97nML!ODR!~{>13gJGkgG!jVJu+foTkTJggQ2m^WM+m%543fz&wXS#IL zJV9*xL81bE6aF=&5P845Ul^o(me-FM1ecJ*sTGQwe_-^XJrbGeb>tBlCZ_RX#A_nG zgN`Bg&e9P_u`3&160ehfvot^8(@YdH52Pi7O*xy~c1)7LK?5-5xgTQbk-m*@EA z%(~^1L73XKxFh4lC58{W&y~IHF*>d=a5;=yT9+ikk z<6daIUwvwv89xeH=maeQbSCJD+yy=k&WFKXgRW-2Zp@h&N)PHFK`*UB2Z(63fdW5A z0~B$AfQzWol*W{&XH?(>R++nvsK($G4Iq0nGf&AtdoR!kWXtZ3#U=s5D%!|(Q-;iA z4vd0V_*W<_`EeFvSJSkWkXYt;$N=YDI6_h34v}!B?(54ki=XwCP#neDsKsywiZjpQ z)G`U3w@OuXmcnecg;LLP58pgUrCm-V2Vu$fDDyxYIz6OeS;8mOJS>DeQ>{EWQl;8r zz+bYIRROVZjPIyycOZlk&Sp@Z_%K>j9hHjodc@l?vU8_;K#qkL5^kEDHC1^xVeXhs=} zE--E7bvp9>fQ0f2m0AmJH>OF$As@i>F`nD6I?q`hb3Qq+fIC zS1bCp1iz&CiLixG0_|@gIM+DRJu%LoIKJGpasIZglYOw@b0j|6z=6UZ6izn?cvkMM z?y~r%EMM};HC9u0Kn}=PJjfgaUR5M4G9@e~vQj)Fs!x`Oe<>c~D31La+ViIN{87HP z)}AlOQ~ckV^dr8x#zsZjek0rdt&N-~Xq)vzwC_vp6Fh4FU#jeNRH61E8>xJtTE2Oa zCe)3H#ZjK<13skkZ5{o~caY<6iBf-Ao;}^@j=VROZ|T6tS^l*w->7JL*r$c}lNX2u z+59_twigNxqPmjFi_Zu^7(7~GG$J1NLCQv0VS{K3I1s!fMqkTHmggje;W6_IY15^Z z6|$v+tyN;Nj4q~6L*7zMKz&9@@QS!-eOb6S0+mP@dLo6-sawX2_r7(A>B_`ZX($7n z!V^U0ANZBwy}n4%mMN-z7~k=tinE?Cv^9D%VA360MRajW>y0=76yHqc`lzz-4MC3L z)ODOns_8<3)I{;iLPmgX6a@ZjLav|)9@g(QI2m724W$zU>MOx(n5hQNgFw!OZww*k zw=aI{7twK>ji%b(D15(F9`~#s*v2FCU((^$Mxj3A#T6+aBdUW2Gg8fD(-_a*L6U zL=W3Zr2GpBm}TsJ{*fco+XWYLC+xw&4;;?4T3LHrEOg%5mpVK|ZXOneP+(^6tt`h+ z2%SG$NM630AdbG`r3qcpi393y=q6vwpNV3N{9zD_EK)hZaw(N_wC4eEPCmwT#qEXI z{Z3v6P3F+76NhiA{F(rULQ0r$nWC}ULQ>XXv-ae0hg0Ik6KHchdG#6OAO?q{G&F-+ z;j)Fh`?RVVHIN@Kk~QcfH0Yn2wIU0jL$X673ZuJwidhzj7B?S0M;jP4b3+?x@QxC5 zPy)?F~!cOKiyH=Uf%Ipm#`V+7acExoX{Eo8qtsu@>7#;-VlU|B#mLE6(kL;}{7mQ)G<@LmMy&ia|0-3*qMC z9nA%^cxTmGiuTTGQwH$^wg^C;Bzrw)OSy0WXTk2PERzlWC&{k+lC*(S5@hk8q_`w-`~@J`tAb96#4|CZ=zTl$@_x@;Jx7+2Sc7gDP=Rp zL)ni14C3h|M;3M6dccp4k+VAC#-Lw%UP%i~#LuoHs!I^*2k!daI&a*WN`GCrHyhRW z?ZJQg=;OWPl${K13qymZl-k8|d9P*u{Q1vrT3)+eGj+LFh|=WIT9MKBr)PX0=i)Q8=ZqsPl}a zk5}Nff5;L|h#0YFM7jZ;ys2L`{?V^$#rhRoC^-;*zG7%P%xk&Q+MW$y;*IyK zLfkA0^fM*lpcx|zqeOKEi2Z@7j~D__bZBdevgC=gk6#wX8*m=v@2+Xuy})kT*@m}e zQXGy0jD4|11|Sjrw#-)qYZl}m^RYRc*=58xWqR_9h((_azKltza3;~a-U zJ970F2l<56D_2HCU@XTg=@QG^fvN~7!mOHp%kaEOwFgYkxZc!%Z!uAWb^;I-6&j5q z`n>#Kp+#%s3!laGS#d7<4AMQoi+;gRX}nzU9-m%ZnS)U*AjN^))F1&8#eXEJ62|SgUP0N|dYM`y z-o>99G(Xi4gMm{BC#4ZoG4$id0H%t)3`kv_`5L!V5=Be~SBw|4fGft(>2-)URrMj+WFGH!yp>YWh#lqr_Zs>!5t zjwJYp$fSdgq;8_JOxos1>WEW_4?e^A5!WbmhL4VwS36c{kIG)Z+s)HnE8BN3{#3;j zi^>i{$?Uj%H}ZBS9}gcKE_qox^)vMDgHzz_k9nTcD%wN#1o|;LN&`4kk=L z*zW)^;dxo&DgE&ozX2+KeK1DQ@$pV0#G|&JV=U3Up0LWd2s+9%b%xIkHW~vtP7uwn zPz|NT#NsH`mAiW$4B~KwPSt@}n!kqFg9H&(3^B)g`Tzg;{}u(pdNe%wq-(E5;;2q3 z({*6ly6Ga=eTq`;6ZdaxH;=MhZh8L6p6?z;c39$CYUaT!D=VF^eoU7YpYG-V`@(7` zm)uSBx|owSY-H$W-&%K4E{!btYS7j-({}~M`Oiyx^W)8L3O9BNOI_=JDCd)=+hoqb?Y_zl0hj|SNA;JX>`-mN%>*hN3>`){?3^;wQmKE zT$ONpA8Rf1ActCdHd53I!2GJ6qI%Re$0aID_*Sd_UsvRq{I4U4b}}m z*KOy4au*Droy%#~q{`(7E32MpJ}OT?^VcmO^jM$W^nu@n3tf(<)b1Rb-gno%)ajcC zJ(#`WlafFEw7C3NZF-(vbhhl~cL(knapLH{M!&U+-?gpzUwe#Sk3Mbintd_v`23n( zPQR{w^6Sb$k!O6ywO#lk{GPbzU)>!1XHZPX?-sOSsjgX;A+UM^R&ccmrWD^5wT zw!LwOZ+*i4_VUf>HzRkMk~FB}%m&|?Bg!5A?avhh_eV5$>8aTNxU%A&%eI|0LSp_n z<~?iAk;ntqG99+AY?}YP?Z!KSeFpnI%d7I`J40duFJJ2M&Ewa1%wa8;@BLtDt4QmS zqho)nHLBJ5_oiXy{}5ifp*irr?&PPF(pC%C3Gblrx0d+YMN-LKobEZBNy z_|RUz)e83?Q%4`yVCDMyi#j|W{Y&e+*;id>y_!6$!?T2lkQ*(^-|jYMMu%~~%vv+9 z)y}q+m!@s_&q23!duAt`iV3S*@bZ=SzEbPUOzn7R+R*n~zv z4*YZAns=}Cda`ixgBG*u?HwDocJt}kEyu6C^`@-#=KJYOnqC|8^})}V_6nM&Ea_0H zs;yl8(x1;?GIre2%fBc?Iz3K!WN6#yj3vBZ?@xwqa?fAZ^4$3T`f!beRX)_!x`P5HZfk53=JAre)K0hUR|=^ z`my}Vy~~b{D;1iYHgVCMo&9bUeBaRc)1E71bE4bcY<-|?iw3Us7au5lc;o)R?d7Vs zUDe>jCruhfq=)VckNNZI>-fFXlUx^MeVcgs&(@RbHtTpJ%Jn`!w_0vGjH#{ ze=Gh_^YqCjQ?`A#;)~xu3fy$=r-OK^CARMBxKcw;tj;^ubizf&cw}S=m_a$<$w7Zx7fU6}hwbwRcbcxTng?%2@>o?MzkcweC>wX5`|VdkTKulW5OX)1Dwmcg2)dwZwSGW4s(6-I#!ks1S zR2p&Qn~&0$S32)DJ#FQ{Q7sz&9rgIx7fHMSPKXZL*mYx4@H5w!JG16C+U&L`wd389 z4fgatopo(|ddS~vKWo1`!qPW)*YAGGC*oh1T{3pO|C=0J)utm7nm+E_=j+kGUyHnO zeP(O()q(A|zPHI9+bdwunV^T8O~&K}2iD%5YnXDUt^Qg44HT-w~ zC1y6WZ|P?2|K0Nx<)`<@&imzvORrN`pSH|3m2kgWzGc?^E?t9$*7))Bb}g3;ZEhUC zqFZlE(6PnWQzlmk8}$94hgVYW*Ngn(voS9|I5I)GR&K<`f;%(HS~Ba;%2*xppX?uI z2kSFDR!#b{d-Tpt>5KP&IJtD`eeVt&HsNN*S6^J*IH2#@`vrkBMs-^-d!&C>-QVUW zkAC;}_$Hnoeblm7{)+Icrz$*ax8PyN=0gKKx*mAdmd+UhjCZV)ZAsTW6Mqv^aLWRm1K5Vpb(r9cnw(?dX@~&&~gB|Db(2LEV2^UB2}4 zvY**M_w3dq#cRs^sM%u%ubo$O%;3Gctp)zx6E>_qu=>d#6Sub8eRtKWMbpRrT>ae& ze+bWwGm}$)ZQQ?x?)d11`tsRUlI4|xQo}z?5U;f@(lR%<6Wc7Yj00^v;2qj6Z=vIHW_+t+5QTH z(?7k}xqHU@5wYD?_*u62>OOn4aJT)(u#~(Jg9<+{AJDJPfQq;Ll6@|Eui4fyvVy&N zhX<#I9lLYye8>1rX#qZmR=?Zl!y&&+z18aDUEkI$b9RtV&#UbQf3R%Un|B{?v<;g) zHRnpzA!{c0%e}Y0cH`kyo?qSHHZAdd?e1NDgSJkeI_%2gJ-sf*Ou84bYyYdbH#hfn znA~j6djaJZf4?BK-uzEz4WGB-*vXOpmd%YK&gBifdct=pW`JL|Md`>Q8yw~owcXAj7|TyAH- zi1o2wmVPqx<8ssAS@iAkG7mB~y!>Tm*tKRmo7g|}e^Se%x<{*q;g9Q%Y%=%pGPlpV zWh||^>cW*W#@8e6Zm4kU%I>rK4i-e#4M{)P=4smD``7ojSij@a?FnlJJ+B@c@ZGg4 zx80AnxqZ0)yb57?Uk%&T)ez_2PubYj-~G|j3zg%_OlcYW)t1?x1ytTMV8w{xkH7e~ zTjTBb1IyQ1Irq-^H-F9dnz66b55o-S+SC}4T`uKB*qcvohvdC#?7cQ=^@Z_$-dxtr z_gNEnH?&2^<9P!=8rrJzh|lXxt!6K5HDS( z-9GsAskV2Io6;k@iAAve^k_IgYWTIZPfM-p+;4o}cg7!_)B5P2_q#nCFk{bOn}*cw zbMND?cTe9^_n|U((VY|9Cq9aQJnO-dkDo67xNo(f9bKy)GJe#hl68DRY^_g|{cC%i z@6dnb2Td#X89REU=c|VQ@%d_e^t|`WcR0U3?NQL)>`Sp3O2FghGb|sTOE(!51*1+r6 zKlWzdFyH7rVL^V_q*arwRr*z(+-OuC!;$(`l^-s(F4?W$r!|uAR$MV4^z+5Lo1`Y} z5B~7p$)={=YkTPOI;}0&;L)&p?NcARCcaFm6q^if>4$|)m5R%MuYRum$egPyKi

+M${FrjV(RWKQu3F z=aYN0wfBnYuTr+}x0UZ!N7wY)^mmUXeZ6-3ueC=k=;xiWeCxJ$+fMA+YWJAgZq=HO zhI+mG_3!y4G3h_+oPVeY$^&+n=t$sK4QOXbVQ)(^vzH!Re z6yv}KhG)8r!kL@ImbqiY{XPsEH>-Tz zGj|>x>Dgf9Fte@H=u)p&Dl10)wxZ1BJ7qh3kzGH+OKc?-H3*VTUTz9m2Usby+MSv`JZJbOc=c2WVY>@`}Lt+ zvlr~CvHezVNdFtN&y1Y0dcd!JZq<%G{H|&GXY+IYCUl*3ZPS0AzaI4RgYNo1%l{0V z5<6X7y|K2-{DJcZoGtBFDm}D*y?b9wdt@q6=}qjQl*!MUcIy|KG-FA#^54Gal2+}D z`3H8*xU%P3^Vs1}^fAl3k98gO>Q2D6$sHH_M7q0xLli;d@t|V;Kj!c zXD^30?%iW~Zld+t@Q+5Hb+asQ8<_K6#N*sgKZ?4KNJfU3{qtIdSMcuLC}jV8RUZG? zx8Cy6zm(n8;7a|Qf0UjvBsWMI+W6FxrEVU>D@LW=t@PXNUW?zf9cN2jmfoO$$BuLI zm#r$3R_GdCm}2ZcWyzIF{nxn6oL8#qvq}XIbr-UfysR|OlU|*~r6^C=kB1#TH1f^q zp`V=C_`INW#O=pFk8_=p-=&Ld!D*xK#Ju0XUVrStZzCsu_~cN-$Ojk3``&!N!dgCB255KE)m44+#gY2K*JsTVRPZ@O=A zpQ_A$RmC^iKK9v=L(|gx&v?*eYnzxqhkv~xpmV<~9&XS6jJ02KTbp_Q(xuc_)$6DK zTxz|p{Fud!8vp&{3R~4)*8&$`|KqlM*=&#gjnjuOb2*<@J@``92?d|}Rvj__tBUoH z?VGZBSkl@4adoeKae7@&>sc>mj6Sq#U-*TKF&{3S)uv-R-I|OY3y0|%^lg!GXj`4$ zm)3kZ?s1uUd9Ajr*qOYzRi6hH4qW}bREK-_6T4l?^O@4Vd~WT9y((R8SEupl!^?i| zzU1VV)|N|Cx0t5AyVM>Mn(@Ki{06^2I+-)6+rl63TyaS|aQ)V>c-@?xmGj1?m^OM0 zeDvsk!9e@LhkY+iA3ZMQ@B{bgx$f^+|1b@;C;dMFH9*S0)kb50Iq8uK7mL&h+@`B) zy!hz}8Nq{}->qyhl)1%sgVES_>k>QwG3u3dGvhNjUN-Zl~%Q+j75T*hm(9AMWTyS#H1G6nIGwrT=2S0E)HT=)p z{(C0bI37|5FLHs*(;)z3NH|2eHS$m8GmNtb46HqK=;O0P#k4Z?LEn1@I=E*S#q35f zz@#ZaWLAopGGA>x2kZS}Rjqm|E?_&7$QkXH$hux$Zfm0EcA z{Q(dCrQ*+2qbtEMzHJ)Q+gcYxMw5XIg#;7YwBCV8T)aY_ZES-7rBSid(mjHLw3e|r zUCC9;pXEo?QV(`i>^ZhT!^Nt?Fan@x!y;o^jACs-#oh)fL|rQw3Z+9w{$CGcq&%Tw z%Wxg|4#~bJ4u^qhOzOV*o7%RU(A}UOU^s|{B~$J!cT<9}h#7|}cY8NWO!SstbD_Ij z{C>ObZ?|uqRo>IAxsEmuJ?e+e88aQI?)=T=Q+wYxNiB2rHr+zThz<4fx-Nn3h$oHZ zKZ9Q0V~=Mmh4U(#CO#|TDaBqP1pZsO*r$8n&tcZDn-|Nkk8!iYotjl0J{=b&$V71| zFUSEqitCJ7 z>PmsxHHUp|vX5ss9}!>;?KIV(dq#0+8EMmH9Y^tg7TD~&Qp0;X`#odk zf*}7fkR4u61e*A=421uE;_OQayWg(Gugi0snGcH6ONai z*;CWpV?Ytdbe`FR0j@U7HJS{y6$2iDS`@FAI*md^^GR-sRHogR zjyEVeZN%M~h4+?Yw4&etffu17u|r!a+meyV#*HZ*ZsSBg`hl#X2y|0K*MW zk=8L8*3AwaQ;2oA`Dl8iK8@|V1+;A7MVvu2B!aJ+&z{mJTz|96<*l@ibe-h7RkPDF zykZfvq=N9+{CNX#u77{XP_@2C6fxHpWl}r4LO3ILO*jh*VU(<+$=8`rG&+dr9SfI8 zZCqhYKf-)$V*uS*uFV$;At#s>BW;9!B-DQ!I+#+!U^CXi{%EL4J$_T}4eg1Vn&zQL z$GY=#TkkVbj30!i?{}0f*4mGSjMKIPXr5QL*&2+s^kF$EwYLoorh$i4z{+O{${_PM zegi%+j8TaOf%bcg<4@4I3^aV!{3ZARrVtek>mqUkc^rftJrJ)$ZP)D(EEFcxq3&#d zQsjfoUm8o$$onT3EcTEBw6J4*6zrY|VC+SO#&$wa9A8L(hwqF8BRtwUyzB|u>zi_V zv>+U^-7aHt*RlRvAt?LnMKOuxKA?rBmfJ$rv?q8Fpv!4!9(L`#JfQ>-fhtc@cpk1= zM`?lX(-azL8Fi9!M`3W!mNllk0Ixofh9aACilGJK``j?q-9{hwGegl?#FL3OYI}C4 zKy0y`&N_^?)zJ!g_6Ym+obGfDIZomaJQJ0B;N1ZCJ4w6XHomyw_Go!xU zfMlG(ulX8FRcDAdH~*O9o~ceBp)zozyWDQGZT^pRiS6MNJdX%C%RZPtS%|DO#wocSb~5=pk*&P3-iJxe2s)ncOCcvd=M$XQ>^Saum* zNJ_$oA;Ud7IK3eK!=|e;xX965rL<&V(ucR{!Yi_M1oUo}nOz9~qeY6XeD0J^MTV^k zdR&kHD6>5HUb7xt;3D@<u(iEV6To2>%JzV zy(+bBi_xJEj;gA-jfCfAKwv#tw;b;X4sRi}<`CLhnh)l>{q29j<9fFtUC$i7(pkVU zrHVO*o_=b}hi?J8qy}p{U1)_7(keWTI*f~1pi298h2}@Y^u*@Od;f6*(ZT`bUP&>g z4i}q3+;!Ie2@7o@M*cv}eA~*&x@3dX_Y1B6{o~n5e_cqbtmSkn6mMi9feFnm8TD3$ zsO*?!Mw#rsd^d1AJj51{UF8L-ERimU zu&FLGb6gc3z5&VDE++H^E#Sa7fnoGF2%x|y3bxeDEXLH@NJ-Cjkt0!&=TMZcw-qL; zg3y=fUaI`6U}AxQ{r#_H%qb_8tyZ~(W=UeR8uV1hU4L`n(#RN$;Af6^x<_Dnk>LS!I+V^=CShm`fVqeGmCS2R}yc4 z5hxdZ@g}MT@ot8g=k}kR29NC5EwF>%BY-s1*Z0*8QW(w0=M~8tu2|2--6bmjrSokd z{o4I_FccrNN8>G2huko}LBL2-f=PI-{Uoi{!4w{#!99Xm0h`10_a@GgP!mVs^ZMCg z8GsV*b46P;{IZ0yKiqeYEwf^|11+{H7tQ-r!d|)0)&=6MKh97Op+0A5MhvT=+$ts? zA{(d4J8YL-TzwiwN|};{hc#??ov=C9J5pe@y38)=;gM0nQpa6{l~g6&%|JDw$bSEV zRi9+2ZlFrp zsYn=5u_*R*14O3=RfZZH2YJLLx?RqqmVIKUA@HZdkpnn43m`y=MibTmIWQd>&SOa#y+EokP^)AHQk)LnGLAf#^98 zu2b=KOgMAh9G;`|+$q|N*b z2Bu!dN+MQWe{j(F=9YKP*=cMBtg4i4R~sm_2T&Q&hPvkFF?1b0=;C|+$w7%ATWY`< z7Vb6rRy96Tnfr~dbx*~O|0C5x^nqN9ae5-KYej~p#@nWY0Vv)$s&4pN^2|KNWq3E} zidpmii_P{iM%;24_j9aV@#Fo4QS6dB^VhPKQ+Y_!DTM6B3UL)uX=>rCX_UfI-zV6y z1;i5S9@=j5^@^x+bXw&_TVMIGR$PVmV~riZ>3o;zH?vzySN!x?geFx7#|r*hSkTxR z^a8CcPQBp=NIS&VBRXTl^%q71q?!=%#k+?On@?0#Yga823#XiSZD+6p z-^QYLmJF;gyrNYj0j^O{)T_|$b@7&U^)9YbF$)Tc+e}SNfc)2J1yo0+#Ia+CLmS}> zPyY-8_W;z5ZlNKOV(eAba&TFCqz-s`haYh@JNF-EjF9rgnH+#$<;YTVHBG#5>p;mzijNuDsq9OLQ&tE{qB0-iyJ$82@(vGw$njaM zmyd*Lwz*$~>GJsr_VF>-8mJ{QU$Liz75WFLQ_dn_wGr2m)@e10TYXyQ24lr~J>JLd(JLf`3%7Q+O zyyA#ML=88a(fsj6Mh@ZZkvW!qyw$N0Ra8k&813v>+p~RSjr?UF@Zi8fz!~cn7I8L+ z&viYV=AeXBCS;YG;R{jEnpI#;ogFuEsFVsI>++El{1UJp<6b(uBHkdeSnmt5!Y}IB z+Z{S*d%Y(5N<2NihfKOx-}@c+CSOuc-J3XK?MT6{f2b1$3ID*;Np&A;;CYn6>Erb? zK-6pgO>Ts_AZROWv+=PU{gV`bHJjB36^B;2MIvN#+cY)G6;7g};(BfrM)mP<(>g9V zo%Y5l)qlr#EHhOc!tt+;O&cOMHIqlBS+tZ7EoLNdSEQBm*YjDOz}lzx@{N^t}b2I0&{nX=uX)wX~mwWSLs?}PUm9u3n`DiXICgyjK zc6tKGP$)ppL}nONQtx>t!ggD6l1aMZ*Ye$0;CODf-3=gx`81woYo9?R;;}04i_#f^ zb5>e}(?dYGGCglYIMpjLMOmJB_W)oQFVmkaA<@p2DORF7LB1#FR-K;sjCpoj|t>6cS5YDMi zi${&PV=rMEi`3KpbAnpdsYX_(f$7@07pKS%Bo=BC{=;R3cdLm+8>5T;2lRKU;c+u` zliZL~IY*4@7~yK|j8+IQp&ughz!J^3-?lu~B5Yd#58Gy2R5eI9jCpj?uoVF!I(!$5 zAO@QgZtlOdtN~%UC}oaQ5>Mb?{M$fmq8VgKddJ1cQ*PC0;bG;6!kJl2C&<0{-fn5htDSdVdU-6`}~nzws0&gSrpYBnz=0R zBzq8znPaMg@Equ%0Hvq+z%`x{7_UN|*6pqPU?Wfx=6B9^u7 zySp41ib*{W%p|j$wj(Z`m*+9~Hf?*M@dDm_t#@68d^usq*FSI^;SNdk&8z)QFUPl2 z{O#*ODu6)qNB9+>Op7%3YPc{7P3B;?Bx_72--9>Dmbx|CDNf2#_d(N`C$gUG%o5yp z{Sm#ryIu@8Dbi1UT$inKlS=v*2L~qZrztMm_F!c#g}x_E_bar4^*SA{C5vFfbvpg| zO^|wuI`*mX5z@KaBS4)q!@ppaoNuXuLgi;tHtJ|(B!xzPDjI4_sIZ`%xJtGzvTO8X zpH#JP8})I1`0uik;?HHY0-JS9`D>vhJL-Qi2-MuG62Qu2?)qUI4v;45>0B5bwc&sUK8|uT`Kn3mTY3cYn@EaS6ia?hCJW&3 zX`?oEK6C6-AT^HqK=93Q;pAkA6jj$C=)J;)s7+CpCsa_!p`0~RAB%6IVm6clu>r26qIq{f5B&8UlFu&1NfUSf}>8_{VFl>bZwS;ocRISRgO~Rt|AnBz*@vHBbqLq zhKAK<$cx)aU&>ceP<21+vE_t9j}OX*&#)H;21blZgx)BGB!4qV=!u6P0tZhvsoaV} zw#S@D)YL7&7qI3dx2_GJI11l?bH9@r1tY(}Q!ULta{+j#+-!v%CB;-|mBAoo*#U)p z$+}}hdLz4)I(98}9;{|QATW(LWIV@jHn=ok(zH|uQf&GJ{wr|<1DE_t`AtL``PWP3 z;rY2ipj)D8NV@CHPE||2K?$gkT*l)d43GSN4o^KtWk4Qzn&6L*>C37FxY>~~Dohtd zzynM-)7v2Bj&O%pPm0g(WW4VWp3jwD5l?zGQ;dab|8g5OQHl7JWtZ&!y#Oga=$0d- z!h*t zH#=b1D^sp%_((YPASmJcYV2+iE-YDMBZ`8=Gke@KnL#N}p>8@z6C59-AJPJO;pDlQ zq)_TpmQI3v?qvrihxwgF7dK&kU%Ap%JVp2HGYF$WB#*LnLAIhH{*-mylF zC7Bs*_v0eiK@Zih4aPr?HtvukX9LUQuf+HwAJ{&W-xJAC7b1+4Yd>Hbz51W#Lq*{V zl_3UFy;xR+RyOlhSVm%Ov!E$j{IrK(iKVM;T13UjP=nz?)R$}su|qQrI*T!(u6J>_ zXJyx?$!toSfYraQ51Y;!qb9}~p^XyR39hW4ORKN;#hxbSBg;Nu9zCJ#S<3N;4zEXF zs~4HQha4RM*0Nbv-AN#|k@yVpfW|kH*DL}JM;jY!KVZ-yn@LAJs)Ixul8)?SK-QW_ zd|sF2@Psxn5es~IJOAHz_Q~5x-74qGnp^MGgyKYt?@kR9*1NhX0GEzamn6s zHoUAcT=*c}xUK`!u-qqq#sAuhHZ6~?z4($Sjts-EPBZXv+pSH(?@}Cu+zs=qxeMSJ zr3T!1L31^gH-x&uP735r1^%6MXi7Ek6{>sw2uHGnWgQKl=imhS9IR%ub(W7MwkcCm zPM zcRsL+Jr}*z4clU;2WB-H693QLvk9YETMdVHGbosmNUWhEpV~G9iosrNE<%nPeRXNF z&#)ALsFA|FB#$MUo}*1hRZ|5F_}k#_0wYW+rN3sRN2!ib()jfa56K7E8kB_3vsP1I zgB>uols5Dha*S>9{IUV)PH>!|R;hW2vmwgyYJRb%0<8OKyguG~^ zZd$c^QQGx&9{#X%LphkY9v3z>6=aaMgF}zawv5E&?hYKiI_7RfbBHjY@R#*o66)F4 zwZ$FB$W^;6WJ6FDaRSr%wC67mn4X6~Dq#jh!bh(}Pu-)ivW<*`meVRY--lfsWXMlE zLC5%HSf-oH&3D^4=P2AlVe7puGy2XA0rzy3iZC$c=Uo=rEy^^p$E7 z)s-=S+cW&XdcNfPP#Yw5oA`k=$otwnZ#$Z@ZO8M|E>QCkI`OjBa|7;`Y^W*Z}1Z-gwxw(->MLLy-)= ziyMeYev}2!?9y>2$8hV4g8@?8<#sU{6cdnJT9k?6PAwPqyl3uF)BuC!7^PHf(t01; zZ|#2vyPrD3j0E|bRpW5;HvL2e+4JFtEGg_Ti?`k3taX|* z_fStPJTPf#gv;s5-;DxYFmaiC)v{IHoG-2sK>=&`mE+pu%%m64Q29(TD^B-GyLFE! z8J~%Jcz{7rT3jB2lb=svmMIJ+v*!PXka!6M`6@l3)o7><*+Bu^K>`0Dz+($d)qr?{ z1yN!N`4PR|zc^Py{xaJdQxH)i;uN}#v1z~yrKm{{unC>nbs^JrG59q`$ka!jhwDI<86D3gf!@eRI!JuC> zn8HmzrU_RYb;gPA@V&em)9P-529Qs?VXV78jFjqWSSBtPc&!wqc@(|Dc=@{#evQ9A z$i->bT1-oZB~0l$!rA!0UPe#Kx+Pe1f&z*`o-L^ev|uU`EH6D?XxOPP9Qxea`}^~< zX46;Z3G3zb?Jc)D&S@>Qc^a9W$eEv;c+`q>)rp_l-_XiyV_F{IF9D>`V!&Tc+0#el zXmgB*P?7A83#af*G8w7>z2qRPTmah`!2iL(kD`o6k%r!>3AKjI9e+!G7WN^~_^K8l zsjNQlR_+cR)V3M?t39S}<%Nm_Pew z2y9Q4g=!SJ(+~UC2YbG1*}C4Ctk~s1%~^klJWl%lzDOap zK-I_|idNa|C9PgD^YT3lR<$4q(*l8$DLuUkoF;VJYktv68XQMSG`a|SYO~fm&?r!$ z*cXLit0W@Y$g~>=E@yXy+;9C+rRX$cy{@jugdJeWkKQ8vg|rg11Y75|Sol_EqqiPZ z(AyHKoQYfd^ylLAoCv7CYvayph_!UNNveCzycdCC;wW!R=%iJ}9%&(u{ix8nZyWxM zUip35!oCl0y{D8APT*R*qd=Nktq_-zJH4lMcgCjPLI6AWwo?#?x-=h( z_k}TccDhvuYk*x8BT(-Lk;QR3RYaY?=BwU(-Qdg2!FaTc(KT~`oJ9ZlimIBF&&g5z zr9Fn$XK@?bgR*C^7tRwKdW6WYX@2ml#f&!+Lo;8h-p@>Pe`|mkCvsxwJsgyg`ZMnn zlz+BU9v!4X5ek1|Zl9m*>4)H5ySxiGqVs5qB~A+@Sof1b?FQtnxl!@w;Yyf_LwM}8Cos`TJk98mKE50|~89^?PHYcU2Y;}w+ z$qQz3BDts4Lr(Vjk~0 zU-d^79|Lbdh5t~AE^?1t4Pk_hijOKse3$-;mu%G>m-<=0EDueEe;DKH=-yiMXW?;v zfunQ{^gUYa!Ow394_ae#3r1ZyfapDHJSnffb2O#H zzl@5*Fp00JEhsg8YlI^r?u>#2y(Us7b9Mza4D9z*vKMISXlJ_(m>Dvs+xhQ8=fdJS zoUXguktl+QBVkZ&VL5a7YVPx?EO-rC?Xd`tB;~iH-({L|Iys#5L)?m^J+&Tt<%1Ci zt73kvt5TE;uisP{@xY%PGXmLS!_2QT2{m`Ea@MsiulYIqmAm5pR4fgO9s6gO6L zWIYP~<&*&l$PK8H+C#)a$~-45yTr106Q-~Zmuj+u#SNe$7!@4hF_BaZT$XaZ-CQ=RrBSB2e;*ULxo*caGFawtozl+#^P zPX-yr4hx@H#y{##gI?3jL{+25BpK=(7{M4{A!lcGe z3PT4hYe8hdHIFx&*LbVY+#h#Ut8vJgm;fmpt2|$Vmcq!J)M!6F=2}b~dr_l#=njf_ z+?Zp4bTXZMI(by5Or%cyrHZ5(&V;*)xsysQf?XZ>FNL#^GGT2KGpxK_I#fjjP%tpZ zSibGup{{M^-tA+b)GLi2Y2MmZKRf5hbHHdAYP0*!uSN>YfvA>kwxo3PjFl~+{t39- zJk8u&4lVzQiv4=&X$##>o0Meawq0rOoc88KbJd1NV|PAus`G0fH^1+q|At|B#I?Oz zLrH)Z@=WX=2M&dsq_Q#o#8?74Q;?w%L_l4i?IouE0hxKOI8(a(%=%UTvM>E&-TzSXzXyh%S z-dqM8h4Cu+b40w;S5FVk%s}g%HICmMN@37uwHD4rz`p_GvQfHI7%Kl6>OrEc3sBR+ zYMih%Z=lP^#(7;AI!vP$+^i7rB(0iTseVPx>8*zZyeb7*(c6Y1K;N#6b|EvJe1XMK>JK=RuMkGOCBcy7?1)qSviW!!F1 z?0Q@*K5t~B5H$C3$bz<(xUnj<1C@1*8 zqP~lfYddzMxAlMi@uc&^Q)KU#hL(%Ot_F+fJly~Kt;@?(74poVNcmT4&9d%Bz`uf6 zVA?Oe-p4`9@ij1ryLM~WhjxEEDF~lBr9_rm zvv{e#_g&fsH<(?%ZtPf7(WTdV7O`2FLN|6B)-I>qMW&pbnIsM(u9Ri#PGrNdtQkS^ zVr8;5^)K7f@OT+D1aF-5uYqV!i-r0zBL?d?hC@-a(kj>0sWZC$wGM5Xk@@E*xBuqn zG{qXDMLTgchkoa)bjAPcBac5_9Fa%sK3`g*!c2P!65Kii3=>xZWLm5C8o9G38=F$S5!|$%3oCQ04v~Nf-I*BgbuxW5aMj zG7Ct0*#lA=^pMtV(){cse<3c^wO~ZqgRnkzifRd~s82{dD~T{E+Zv8&r&lr6`0cDQ+f^pgVWL8 za&B8ojX>iqB3Yg8zC##djCUB3^`5*wi+8r$T+7YdHtO{qo2L`++R*6OvP{MqJ$Ee) zt>iK!>C}I69mZ~heYj#|otoDZlalc_n9oFJtI=U>2&X|#H^FE7d?Js%ld=gDph#e^ z+H)(TD)UW_B3pVg=F0yLp$Zisc(Du|MOkPn zH}Xht*)sS1+`i-8VHdy%oxClLBpka_zBgGghoBVo2+z^Xgr^T_;CGA-+=AtZnpg$n zPu*1>ZjjYHrlt@i8F^4(aI_4x~BSqK&8}>M8o?=q~mvIEOJ5<}X%P^4?&Xm>Q zmT;M+?P)T{w-o=t-Wgpn+o!;Kl|5T9&np` zVVC%E#I16eLku%8EV9-ijk_C#f+Q4$m5Bd8jEI(?_}4agH*Jy$1a>F6)#?uipW#Uk z(VRxjD|%P9RypNaYa2Pg6+2e-!U&f2V@xqKWs7u9-l!npd?)Uabm%0r&!g1wxfnwQ zT@yBf(Z3dnNQ3aqT)TCCalmuY^#C}35SZ4v6zbDI5947PULnvCSZGJ`<>_Ub!StY* zj-P+Ne$cjvPR_xL)YFr<*z*hXbIAxV&)B`D9enykf}aD*Ry)5<9=ry^H~ZexspGC; z?wj!9n}+akE#Oi#+`51LN@R=m%038q0f@O|e+3UMrw-60pUJ25~y1kwlw9py5Czbg#v7_aj`@H4o3uIOOZ7%jji<26h_Pj?QuB=nJCEl#KP>}xRS2L__9gK zGFa@NuvxE3@8}IoR*m;punE4xYGTBP^B@Pw<2y0Tjn7>e04kr}fEs?4lhM8A)M+=C zyKu!khmZf2m;RMjd%6QXDG%GwWl#91^Fj%=fi%XcV7c!;oy9^Pd0i{=Mh)wTgpaLY zX;(=zwB7y?Wo1#XXrRu$;cf%rU%Edw%IzSP`u{v-sIhCsk)YK!I2<_X9UEs%7t<+{ zq9=Ae;wCpLEcWhXK#CkI!P6+v&n?15^fy{#`xs{d3h3fN_Z3H{>Bt4V$B*#C#hOkH zd+;EPAxW7H_cVkx`w=tNMie~pvp1}DW9J$fq)GBv9adFjMkW7!kTfA(0HLU=;FIUt z5i}j63}>$OU~&}S2=;P5NI^XSSo;hWfGyc_N2VZZbe;yetY|vt@fo-aW(Q56wX5oI zq2EDvg&13Jcv@Wu;2YQma~>AU+XDEOWM##{QqH^@}qK&C=reKgc{3ZL*ZRP)5#PA`GNAgWKGuBNz9 z_(k#Z(bCVz@bpwS-1`&XIKn^RS+$xECx_J2-2K`e`rQ)Xe>4H!DD@8iS;xI<3{-w$B#uxe*i`*6>`bV(@HJ=m%E~=%r z?mTg+|B$ppE*5}{{swEx?1)fk7NbVqk7%QcE0&avKhgeWJBaC^GV~`teJ}g_SG_ zc!g-?AR~*!^|IT+-Q{Vdm#J(nIwc$=RF^)DVPT_S_0mp|B?bvGdzQ}3x4dJY1bytG zN@dd~;lKHa>Res^>0o!g@}LosB+8);1$*LsA}-R&OL)!SzolhE=nTHT^!Zk z>V|aH6;fIJJ$oEK6zuZIJcz%E)g!}{JSYT_Y&JDZb@<%#|GJE%$A!fjFiU*JFS#ld zs%7Jn+~Ms%w*L-v;Iqj~(U$y4a=x(0O4abQSSdA^)Lh34Cmj^qw_JX0!B(k&a(#8e zF9#^J|L>=MEgSS*z%bFFvtn`8kI&Z=R**X^em4HU~TKa8Nr=g!2hv^ya97HAK3Jv z)PF4-`KEXpE-d2Ai(k9BfH5+qU2s{h>wtP@ZOWj3vDouvm6~EjK>_X`07uREF+mUrCG`yW^%1te6vb?c1-rc>}X#s7rv6=q3%E= zC2PeCZw9~xj3Xp=>gl{JeB@7h7QJEn$X;ZBK?K=g|; zM>|Wj=GaRdtOKjwE@PHIC!sPCH6&{33v*#k*xZqr0g4S_>^Z(Wxp;T#s-hAgl9(1J zJJI@C?}0dT6LKMA`KH;|)CBu@-oje zDQ-4UTY_Wq+KmEX326#Pomlhs;J^vlJB{_a_QddIiF@6XYi=Q-DrVr1Vz5bIqewzx z%qAaMI(w&r5MRdlqQD1xCMFT$Teya|X3q-DZ|DLdOcQn7Xz+XtMw+5b^-w?gyaBPH zD3Awh7io!m?-fE$C>SZ7=F589Ob3^#x z<2vO6SC&+~ucX!5ot=w?0eo@;{y9dg1k7S_^`&Rm{J^%Abl)8Q99t!>LUjOfJnZ~D zdk^eH$LyPi^*u)w@FluK$Y>Q$>os;Q1h<>Grwy~T@{@(JxPg4uU%kT2^bVLT22?Lz zNtBa#pb9fCKeDHR?di6)hD)WuQ81n2pTbs>YnIB(Wn2#Qkt>PxCsiibdjJ_9XHG*T zfd#k5K^i$dKt75Clw%vQhqmET(CE7kH*)3PhQQxj!o~_`r%VI3*nb_fC>&dPAwb7W-CDA>0h=#ENfXCioAh-kPKSVjPxEWJg z#-JFE4z~S%=YERoOf^amQh{g^SHu&f3w$)cvokcj zu%XT2TdU#!f`w~dsh&du4LCF5yrg%EUR0>h$#%W%t zo$Z5`iKlQ2muZxB7>Drd<+cKVeUX-B@JT-qyKjhu*rD^&ISuf&9vM;)M~D z$MO$%yL{~+dgH}*{{+Y8dZGSUQXA|iyVNIq$4dJLVwpDoZgDTYCI5|=6jmdD6NwPm zDIbwmQiZ3}1j*tFq7SMlv3dCj^b}XbRM%;+H}HUv&UJz3bq{}WSUY%An@V2HBLtod z*Vt*0-!_?$)A}{{6J)T!a17Lkz{=Rlio=@vb2J#~I)y^T;i|QVtV5joeg!q{ehoN+ z7k?t6J<|=*{|abQ(id5(SH08f4Ct^T6Int=G+3z?#h-|ebppR*+9g=5f_)#DI0o9-EDK`8$v`io7w9J#OaUwZ_I`G{u}g>;@&3+;MH&Ck*W zIMrC9uWBeE{Wwm81{GlYi7Imbb;qQx)H;fNoiGU{C~_I( zt{uOp?{(1Q+zZhcoW|c}ntYuLnmv!O^-)G^5)J05I<@Iig{37Q$&3HvHzk+Ykr(aH zDs4~ibY7C8Erg~C#QZjuR3)D4+3H#W3{=~K0qqO-pAC;L?tE^u=ja6Qjb8pemO5qA zvJrJ0Zz|I!A73>B3!gY!r8<=vi+#kBbfD9QNv{0?bG z3szfLK-t7Mn@yob*sDzfF;A0L&?cE2$1B2sw7qWrq4$pybS$W2u{~`vN`PvA&umet zAv8`C8ILpk21W(&&+*P6;6U;U(DuyC!p8?Lo(djQS-ax`$RM9Q=Ir;1Z9EUN6lPpe zzJkIF5M!y-e-eljfre)M<{^G5ZzMIQ>)NPR`8!7sZH@D44g;dsBOs6tC-BEfzt{ zdu8EsfliOZt>Hfmr@lDt0%!I59kA6*;n-rywfKa@QCAcZ_gZ^ik|{QNa9faTd5R9diFOZcn%wLIVSxR)-Fn zGCI1s5oVuF(XbJ}M*Pp^@9|;ltucHJW(}zym?HZ6EkZ^G}vYlipi5(ELB3Xn_$Mes}d4j3e;427i}?p zPx6!&WnwsXI(=0I*%w7(v>h=tK+}%-DNR3IC@$YHJxS%O{P4S8qES>K;Epw6^zQ}V(DRM_F&U~UqsId0bs(h z{4YUF!3J{7-X-9SG`Qfh>jhn&e)k?E%^MUy8xz1}I75}Xdtsp5;PrqLp~Xm&#nsS< z40EpHv*>V2exMV>#+-Li%81Y49{+6O!!yo*K7G|UBMG;?x9plJ)=%nrBuoi(oR>QY zAA-!T#6Qo*%dd=y6?yB3xdW@l_-<6*P;SqPOFv}L%W1;nKuVP21p1pw_A8SN4)|!i zZfxe+wgf=*V7$Q|XCKa7O}cof^_Bp+VS;6{9YVN>W<%Nj;D+yAP0Z_8nky&r&uGI1 zl1)vwMt=RbN=ZDcM(X=~CEG`b`sj zLKPxqCJ5T9Q_t(sht+&eW*mLV16lY9J{y!wIacfaw$S-@i(PI+70)MsX_^3*zJOl4 zS_SGA-9%}gWX-zrZ)Xt2p>>5{++jmB!%_y+>7U=!rk1R+A>ANGAcWTQFoO@%z&4I|3R)K*juuZ?_jia;rt`o@0Ov-Vb;W{+jA#@r zD5AEL6yqq+m2Y{G19gI2AVv*SKrD!2q>R<^!N1;Dk+P;{De!B!UU*;8c9`;3!e2-q zrkJpYQxhE;r{AUOHxg}RQ``hCx$Ag|dvMZiMU6#JSI4ri-Et3~8!2IEwMx|K*AVB; z=pxfp3=1-MeLn4Oc}shlAD+JF5`2_493YC&tJ;3?BZt zIiG`1vmbs_RAdCB_jv(v&KM0xPOgY*=O#{B?m7d)O$;gUmYu+(vx51=_=~P+M>*UO z*9o+Shx&dD z-pj8u^&AS$dcglARMVOdf_CK&g0%j^tmL|*Oo|PsJ}Yr^U(z+xuE0KTXP8l@-?H@5 z!9(H-e4w`f{J@CiG$46U!vYBaCaMkxA7#7aE)_qy75LbVC2Y6X~+=xEmPrvmLQ#3 zbgq+XT_xV1o?CqG>xWco z!_Vwj&X+DngiICm_36|_BOve(+Lyw)vf@PQy_Iv!lmiQw>jS}2$P}i17%-vQqs@3{ zu)%DI-PTe|g&j(&MC?2N0N9=w_^eNJZO2Pl6@`Za*zxB3W>?P!giyt2l*X2_8aD<# zA@Uxy=gT&WqvM32nlaml`LOQ>{;-NNQ?x;OYxjKjoWbg0^L4Brl66E_njoYg;~5+c zC*>}^6w5$A92tE1k`o$nhp%@JP?839Ep^~7H&o56%gTHXW>XMQaGIofc876FRn(({ zvjpv_)`Wc;WL@`9RhM2SoC87%7SrFz2e`B8tf`rUGFyY*e=Bgx6$vvAD9MS&rbp3M z1VCNV7acMoZL-IS6qv?X#LC(aGTq_fnk5M_7V$_x9K!j~y6gv(>KD&$y!~*ryFjkP zuJ=~;6IJ_5fnBTeKi8+`&lm3>aT}6n)6(sU6pxLA?|;f=ZFv)4ZuwoBXjE}rodbMx zdcqf*T75+%3_%m*%iDX#`;$n@(*bBdHo!|A`ky5Z%+U9sdK9eJZUCS0z});h*}rK0 zWi)0O5|El+MSRv#8BM)OA^NR?_07mEUgrL;3U}{Li6L=uKaAH> ziFyra3CM_?3}DK4mg@!U>tI`GQ7p@k$~zc2D396~n^SQnsTunoO3)OO9PZ&E>a!L{ zuTbUX(;+?CY_0S@t#c z{e703gE%n|q}Tf>@X6#eU1outF`DU`UU2te`IE0Jy?CD7Vc@CJppH6Uv2o{~{ekZA z)?@5S$}q3CEvhY{S~#`FKVM@=(-`aHHp-EPOK(?ZM=#FgL?-0@jNWwI7Y==D&xsCy z31#@}SO7i68x+OL$|$_IV{bd8Vj~XK1a=JQ>SPc)b_3SxX;KuYUO;{n+ke04_VC?a ztW`w&DDxJ}?T-)vk*q8yMhsEb_AsL~&|Z`1PQbLA!RR1;w`kq*#9$zo-CTT|>cAp| zEM<7T7@=Z*21%CQ(TN5PHK5EQ)AgoHw#q{^T0J?H3zfdy=3#QaFBu%@B3>BDSxN|_ zgZ>HFb?ZRo7jxK=zgU8kZ!v!I58PY{%Oc zy0{1U_>r=VCb^y<|{HVaLdcUPVMX%?7 zL18oqZV3&Y>X5!-d^nP)WBLPt5X4hP3q*+OP_}~j3oVmlf`BVwJ{Qs0Y_YVx{jD4j zFu{1#Um;0UdI&2eJIS{S@;8IPLv!xdi;@-I{uJ^1i%Nx!c;+@5yE1IuLw2obkOGbJAy{Y4Ii4>kph@>32x`fqzbF!RBpM){fEa8-4K3_K_$G0uR zsjtiq=Es_+2IE1vrl^|dcJG5)fTZIL1fmO(Gc*^Z0xc4RXN7CPIt>=`W(0BR?54X| zLXvRx4N}b>Ez~FvXf@fSKnXDEyRUa+Pr6o@=#tF3+vMQi86j~aJVHzSyH5v|IZCfCv>u+u3I|x!r9^Y6geGUW565e#DE0-BJ|fN6_57|P zLY6yMk=*aQ3oE&DqALXz5-s}Y&WqyA0=gdo?W2}m?u-YyTU$=EnZx| z?PloFeX8%u4$ycji3fJJ!;(TegdKsw=o+}@@k7jdSxuh+{%YkyaXib&MHuk%ft^~n zjlMCkV4|a^`%S0)aPur3Asc@v)?|lEW^&d=l&e+ zEDNeKc7n8P7^i3%wVvcnX^oJEs^dHRh~nrcWi|)1kq%mGpAWr(vs7hqq%4lwM+DCP08;Vaf+uh)v3V~i zf3BWfHte7(^K^It7j!BiPq@?WzYWAt`76eWjTWT?OZ1ZqZ5= zN>;HGNsRPQ*Xd}k2{+T0A?P2Usm4@SV+kH{@<^UgyR-35EggAj3Zkjq8&zU!4a}Ue zUdT*OVm!p7wB$7GoeUdBU})6@*Bd-~m<-v6D^HhOR%NgTZk`4=4$`4g^{OlEy$`m! zNMlz~;{a3jce13hL;*g}=_-2l8D2v+;5b3N+O^PW-_ius_&7HlkTCK+1LQx1ESjW> z08U9HVg|IGGm4JVy&Iu}3#Fo5&#`5Nk{_@xJF@eD|D8ci%_Ru}g|nzh5)kKHloLx* zQ#G8tdaVQ*REoSpbMXoyb-z0jsH8_+l}KQ5T$(vt+eGMel0GXt8@C~t;fFG>O5@r} zM&1=n+{R$$*ODm(AtIZv#Mf%-EP`Fff#PR{(iU%nsDfXQ^*T_x1j}|!fEE&RsBElw z@r;wJ;I-V*r9ci)h|--__Mp^7&+ir*q^glzqmP96J}@6&Rr%9BxMaILk>m}fLlkxA z?2HmtG_a|zlaVz1c%y+)MSY)rUdLWh7y1HSviEsQNzxl{{ht4IbnqsA*JZHt3JlVs zCYS>zwP(b@?SRxE_I?*s>)ykLQQG(A$Nv0rgMhx?OWK2WV*~@;;NVWSGS$$|*Q(85 zWTx1j#g{Ox@q&+h80;_|Ewkj#F-BGKlA_Vf0dj^ zR%mJsZf0>iQPmQDSvf7mGt@{XaLHr?9OVc6+*Udswn$XX=;A?j+D-U4<4 zV{<5DMmOPgFG7#*EQEqXLoKNjP)1bkcD)cBo1sFNXv%~x9dCwbueTt1=v_rR=hAGp1H^5rQece6oEN(GJJd@iW0H)yYVszLosF3} zCVjO}OvVl_;l|6DlX07>0YGq*D(EN0Ag9s>i?AupPb^yAHODHBr>+9}j!pA-XW+|( zX~qTQgyU`kY&(-MK8Y;HrGBbdSta)WR+>t1zlb1>QC2Rc_s@F1#l?jHQk6Re=m{jo8v8UM^Os9-Nqn)4q^aaOKQNDifHQy~&?b zg$KS=r%cwCeUBu0XR=~UYQb!`-030XC&yF&=h5n5s8$GEDGCG(+Inz|Jyk!?p6Yaq zyzuclh9c!ur*Oi}xSvj+NT|Sq4Reb;{2=tcdESmZCWYQ~(c{&RIdMjey=W*cHVtOM z3zj|+E<_jA{ta-1mLN1QzVP*%v|6c9YTDar>hGzl2Eb^fVH->M3s#ZHZ#fm>%)cu( zmJEdZJxdAW!b=5S`Y?6HRHeN|9u#uc{os##Mw<}_Cj;Rv%nAWXVZ>p024AWHTWHrQ zw4T$i$3^fXuPDuyBVn?%A(mZ{K5?}{@hS9MMRyheojEETIBhnUm`sHH_3>GHj3N8H zn+%O$w#4I0GfxCeC(@wdaSLrgjk>cDn+KPI0Y|DT)XW0YhK9A*UA)i_mt5tn##6I7 z31}|N^FzAr6_CE2>!kZiAkPrFN13pRCb_*!_NBcqtr~Uc|Hf--F~025#5tZj1wSOZ z@l6a21z=zz3>yn$3uf?*4Pz#2F{A6^-;* zmqWQlGG8Pu2>$Hy@iduwW<)*I_kz#LZ&RNNba|UaTL+Rg#`MvUD`M=Edj*hnx3<}A zFx{IfGO@a=8f+`r`#Fw)m~7Cq^LFCqUhdE-*H@3j6U#-AKB82J)lk!Q?JcHI5o@rv z@EyrL9V*&hLqzoNKF6uxZ9F)?gmSOyU=;%tcek?@OuWBUh9q;BBAr>FId(YFA0@D4 z^AKn9d=c`_zOP;`#lZpkfcb~~T>WNH0m1;1gb&>O5T$NK_5WCSMP5+8AIH{c;sbe&nGp6V4Mu)jRiS??!c_rF~oHkzgTQ;@tVpF>1zL+KIJJyW`CmbI2CqbdsWwG3TiH{jNy zzs>nrf1>?VYN3#&VV+;;HQqK;3u09$po_YHz5Gi4#lbxyQamDus z6Y0G!EezJLR7hCDkvH^VI+lUlf&%}^_xGQlDABRwD?Nqp6@ojO7w&)4rF=mr$xP{b zFrURVugDyVe5Ul=rrT)2p%buFNhL$T)RWe5Q$AnSLT-4t6$fgO=Q~EZqJ^6B<_&LMf)oLO9ROTqe@zTx$Lr^dk zO+3&X_I}W$hUfLd2F1jv;?u{^y{n(&Ld4Bw`qRzdRm9G2==_!s;*!eVH+;!}N>u6n zJWGMN*&6YYU7hbf(Rkt>4hdr2#<|`py0BtNQ?`wtzfE_f(F^b~F6D797^J7mrZ6NC zjTRwsY8l=O}5}FL&zd9gxxNa9GwV-&R#U+Oz^F{z{U)qNiTrv>z?L)LzDb3rh?52K6%vI6AbpJD3hMstznI&d zAFmI;_YzNOPKOEbt}0DTzp4l zBAQ#2zd6mm_tDKYbl>`20II5jZJYRMQJku($Sk60S3F-3qI>SimyKLO2n{gRD_@P> z+$^Y4Zt7uo%5}q5ZWmDw0Ja#Q<()}RAb1{MKJ3FvLG%8JWUNe0sB=#-#NuLUD?s1x z?eJnw!)46N@4+Zxajd0@QhPF4!WJ517_ivnD3bq0!6a6OW+Qt4_cJiu(S5II5KG=Z zN^rh08aF8J;JRgted-6!@=-m@vNPE8q@c}HcKJqIg87{eDO=BW)LcjLm;zcB81i9l zK4gEs6Bxop(uWuS@c|26Aq{hy>w?6Zv*a;ESfc%Q_P%d*%)8^Fsdx`d9Y-xPEJa?; zj}zjWoubZjR3N}a946ika~xM&njF<-l^Lpvzefq^FF#Akd;Lc|(b1TDBG{7%RG5nrx2t!lY>*20 zc$UWJ@M?Os<-+eIOjow`?&WDKbDn0Aozx^)OLA!TVzdn7y&nrgZ24|#WMpZjZRa?j zvSl@E*&u}EUyJ=%t6$+v_t*93uIRyN{tU6=P|k(IkcB7g^{Wvn5mcw3e|mm$G2Tvq+-+e}+Ds(X5Q{KDP_fQexOQn(uks%ZDC4oskl{c#08MmPC## z(&J4h?7Ht91dUc!5p=-JA3b`lc}ZELap3idiI2}7V|S5}@eCZycL3KYpJ=?coijtS zN^(9|CeQ$r$xO*pQrY4$#eep;!Vpnsu46TH%+v+52qQH&j`6!4R{vt66MF%5ZL^Y5 z+-?YVB~rhd>WL4Q%z4yu&t-W|K%=f_41$FP{X>KoBzdW)eIgxf|UH*%j2c2)Pv zHdiDT{1GRrM5M4-K}M9vJDj8BiP_tGWNCz-$O&)v@K_L5pC<5h40g+%MLp+~RHK9l zwVeOkx?*034G~?I2G;EKKAmR0#ANLQ;H^JSwC@((?$!V&Vsr}NXmU(#VikvK@Fkx! z9g;hvr162@sO_(%jTsM`U9~zCYd+!iKX(V*=a&e)Lg>^oR_6~^R z9bCBa#EKzyAW%QEi=U)Lo(EteET*x-(#yu!>6B*s5Ob0xelbGyN_DJwL(9O)u&=Zt zk5M)cTDZGJ0}0Ui1juuap>`+Ua`ZZRV}&vatrFzdkB%e*Pu@AKf#_rj7uT8QVz*Nu zpSe1@v4Q$-Gv`Xm*Qfe=zY7YPJjcE7$B^1$FvgUWYwo?b4TiS z&rx_89a>^9vqO#bohC0zCzc``Ovu@DOELiwds&6rP?8r#)F027_AF_-Ln7QZG5a3q zR3r~1OwGRA*duA;m-S|{W^D41&=nM#M`f3=@;)^Q(mes3v;FfjMotl{h@J#(@Zp_E z0VKnR-&nS7ZBMxy6Yc|BbvY<8kZ?&5affy=tcbAoY_D7N^XDaXjHC3Y*pzt4cfm+( zV)iVxL0R_Gt{YYD-_coPb^~S8(9O16j~aN0cn1_e!_*vU*cBzpb`>Oj?P)5t1kyXb zda|wrQH3iTus?0QpvM_Nt94OJs9M*x$Ef^D c|E;Ug*1wli6A1)SMFR1CxZ3d@W z?FTvJe!~GRm*l~TEVQw;e+uHCf;R4(cD$W8-(G>0n=8avAZpUbwu0uOQgceLH(K^< z#4A%y%0w5R9P3T;(XchD!~S&jZZEli>BYPNdwH;4b((#%C}FUb(q_ua`KQ^dcZyo`WVl z%#(y56)uG%7ab_H;*TvNnP&ZJsOGmB80@`N!pyg{YY^SF<2$!^zh-5EYQ_yF=IG&; z89nT2+Ii9_Bc1BM$z0;Z)`uxp__cBMAQf~()cpcPhfQqN%3$}Ru)@6 zG!EpH!>QC9o}>`Y!D(AM$4UjvFX0T&=}{&{0|sNHvIgLeqrdfh8Q=amD43xm z7HPzvAmlfcW&B{sXTuM7R7OWyob{ z%qO%BffSxntKD(-+0Q8i&8~0OLACuI55IB3V3@hUZi*~@>@lV48nNWUHp}qzKOF-B z&8*O!E~CU$Np+B{ejdY+t5vWx4c3{pK-%3fS78QRI< zdY24VVJz8$xv^6*av*tyf84nK`kK^gJjcv+AiA8n8vmTW{fD&I=w2df89Jio;W|!KaJjm$WVWeb>3PX?#c-fYUuon+97ZHMKoqVbNo8#*Z zL>`<8DGuu3cK6{q{3@-W2C0!@RsT@YZnyal4v@vcTzxvXe;L6Giw+B%VX z_S@s?kw|w+qpO^mNgv70=Pu*tcx?w8#t2B*ApaSPa~;N^)Ri;$MXTxsKHuJGvbOJW zw9yGmLl!j}w##^9%AT6zhO&-(Xo;s>(*_}kl-{ASI_S6hSjETz`c~u)YwKNS^kdXS z;^#vC30U9R9k&#btcXeWd;^jZv}R~*lqw>xrm-n1uHC3*lmLPAjD@Mpufz+|kl3TjG|1%0aakI7+0_4y;}2L}MGcf!1jp znZ?`P7{P5QeKt~psu~aho$-4KX;!f@qf|Ur`GSlFS~4xbe14H_b9;P63oI&6JnCyJ zgm$ZqOk8B6m!DQ31^L1t^U!L4eG>d2QeFR&uTFoDFVJ%aBMHtCz#B+?5m5#X1(nJ| zafhR$!6*2!B$7Cl_K!PobQzlnvq|Y!)XrPotCc3{a3Sv&-8PBkp0C9y4AW<1y!#jz z6&|Ozay|VJT%y6hVtFg4xgT@p5!k$RY(Ch2HqiiJ1y+f9sa#;*yB0ip`T~3t9iUx z`KR9~b?P*0CEiIJ2bCE|hDLj6FmUXg1-8imXb?-pf|O8t-6+Z5-KuSVZTz_x;l}?yKgR@`Q$)XGI7HX0B>gqI5>u0)l6gU}Rk%tmihi%`qr= zlg(7=Lc6rH6><_Wg%xNzF*Vl74L_huHUrxIde+Vi^%NssW(YBV=owzI*R2gYFwv2m?Zt# zJ1tD&js;uYM-LfVVwBcyMcA1`c%ZT0Xo^;-`z}&W`XTIM6!nnXi~^_sDI&N)hgjN9 z{j2MuK+gPFMmIkMPBwN#Jp5F+Z%bxsN_dYmh6m(4wGW0aA$~;87@RI=m;mmnHP^LsP8w-t`}*YSrTrGD${TR%i#?1Fga} z7LNhUiqZ^gvSM?YwRG`IF1(KIz*Sa2t|an)AG)2y(P`7VA%peAzj&5(q1cQyx}TsA zwQ90*Qu+dMyLn-~sqP|t#jI;mXRE~0jV2r`uMDKlwGo+3B57#g#y*5S>#fOKwY0hh zn+md2iSn>tL9~k@F)5T%9;d{@m$`J6qcHmdcL7f_12m6OEf8Vu#V?6MJihH_rg{*@ z27a>)h&6^{m<{94V ze4K+wOA`I#%NuYlpDYuChiJ-RUcfG3-tudB3S+9An_*+e449H=$3y^Xc0-_Hd^chm z)SFmY<*s;nfbex_o~r`50L3#6>amdz7gv@ejW$h*ltRg2ZuXxy?xjmT1_N- z&C7VHJzNnETG_CB#6E-E;t}a>ii;#D9eza{1zKyD93>TmTtAgW)lWQ2Qn3qav#w4X z63-TR*UK_PIf(RLCMoBW2pJTJk5rKpwpY=I)SdV2n<8tGd7W%BM@o5BeXNI=S(l}8 zyuTapZ@Ynx!tZ=zFMv0;#jaUiS6&}F~ zN!#kFV{y4G&B_{N;g!DOWG=^96=C7|MGq=Eh4_31u2Y24=kANYdUB&z@xl^7oRi@M zf!@Zbu1{PslgAMqiExG0Z>v}zKXyfa8PIIOL8)X4d9~o4yiX7eto&51&$!V2o9*gU z1;0;`y%tJWsoFTXKn-JPgMI8A=6{^*7ETM$k+duXWw;XGKmTe7PG#Q-rRuS)sb|u= zb5YVaa{NDO;y(eDI`<YcYYOY$pr zBKNO~Uma_*6P|?iyl$;#TpL{yu;ECQgPVj}smBJ-Pcpv5KA zM9C+7x&i(&BlnPyybZ0MB6r36@($YNe6+jm)cvsgN=zy;ErHGNbUbRB43$_V&^ok) zkEQRek=HG*VXvJ(1E{N{X4G>!gbhq;%DoIc+#NUS=30LhzMaR;y+)VQ2N{B|SUEYB zT}zG|>GAfdv;5}ZXe_(>*_**>^IDH*)tnI?0w5s%OUa937n=Gn8LR;xAfc@RUxz+A(1Q~f zQ$YSEnL_$hsDgQ?M9`jDWOwXv4$Zl-!s0oTx6##SpRilmP>UDryn|#lszX0aj8=no zqH-|j=%0u+j*Ss9j#6MbBb_>(1(>xe$X? zdHBy~f*tD4hR?&4@aXh_i-eX2F63Atm_i!2j9oAlgXkC3xOk&ZJ9pK5?!4`@MJe%RtN zP{N2{%Ht!3|J)22ySf3RL5c8rRe7eQW_w27tgf-%;U0}*!Pe_JFC9=PQ_1SK(~+Cq z!Dx)O;a;EWzL<#XsCV{hWUHC;dI~0Xfj`)prU7g06bO*9b{0CzGz*a?>Fnja*4*%^{qpI|p`Cv+4GJof|HL@>o-uew zzdt8&;d(Pjk?4*ZX3wEv!eTIdX*D5do2MLd2G}T+Zf)=)g|uvm=q@_N+~ea6in<(E zhVNBsBw1c=N4TxU5dXd{lL`J80~Sq6niV*dI2c8z&*T=c*7Vw$OxTg z4@k%(kyl~y^8r2zqfBfxTbMvcLc!};SpOeOU-2m}es&dB7o6u+2_g!j*uU9CNvR~) zPZ9*87#!SGz#=C+>mLHHvoo@ygd=vwE0j~Nd+xh|WQsrFb!#luV690E_+?}ogU7kq z0bAa%cAFdxi7nL$$EmvtR9w_szr0=mDGM+eb7uWN+teG>z$e~GkY8noJj6rLNp@s8 zh}RDMCsMJE&?hN`<4L&;ElzWlSEvV|;agg^yrF;nOPo!83|vf0LU6+h!HE*JMg%-o zCB~0QeLL~Z{J5rOvBIOLn3E3M&CcI{XkO~_g<+4@BeY*H_;^PZSuM&n5A~6BJ2K(V zR2%f2+aO-}aS)?1@wk|cc5u#2?bCs4)s1ssjAnd?bNV2@&ALH|M#DJ3*$8a2{qh@5A53bBgwzKw^agW1990BrrHZ?%ij9v2%wq)L#&2u* zBv!kfspU+poxc5WogbLQ{M$T5=ez1rwpQRQvUeMRn?t9vnm~`+Em3+l0Ubs1jCz2jn-@@k7#9ys$oTTj4efBGxlUB{6#rlFdMk!ZA2;$*BfIE%| z<;DI57q8&(w_7wbS^AT|YO`#-nPN07@;hSk97qSrU<0M$W{re4$N9!PsqPO*|NpI( zA+-`?eGd%@V^L&jw3X8(@H=h9-Hd<@JJL(wXUolfF1=w(3^E`6(lPC*s+jbJA-o6_ zFT1}1x+Gp)^K$J4?DNr^uw#l8(VniG&P{B#dU&24%^px@CUA5sLu$v@>7vi`37Ua` z1h`sHE)X@cu*N`_rD`NvYnR8sBv6fIAtlba8T>#9&;1<4Fw_QctcpB8{KM#bF_!x{7iM!ZdXw;ix$z{$WDBVzN=K~w z@m1Henq*@OE)$*_?jg`{Tnr`WI3w3DY9LwfaI%iH74C0v&~+J|LZ=t4nW_z=hduFo z4*Fu6AY>P02f~CCvRQ#uso-W1=oKUQogp} z9!JjodEXXa0dNdQS^<^_KAXg{SaZZU*76$)EV(L{wTUe=-=tq88+i`4pX^4{CrZI4 zl$Al%vxIbFN5xIF;^*7L!+SF-ziIYf-2SA2k@Kh~f`Szbv{P*HZCEce@9$Xj0pg|pHMgPk|NyHdvet))a+q`ox$C^fr3sF`X)4TaoSY@i#x)+SbvJ6n^3Sl3=AX zhVLoAl!PlJAhcd1GzeqK=769lCoikOQbcAcGA@yp0vtQEZZk<+U~d$YWet}B`}sn2 zwjuYzUB8hl^|4Ok)+AR!dduCmmW%vC86kf`GCgUV?%J0{CUFfC@F0Ig4@}b2G?T~W z=YwJs3w_4q(ymi3(HMcyf%d?duN|_A%hTQ+Q*n|GON@MuW%lC2T2G8w4>exoLr|-? z-TY?xv72ifuP%k=K1`z2RY$pIW_zQu)ryXY4*O26^f}VjIq%@^5A&2qr!pj(u!0C@ z06*rHc7zICw{*c|UVOR>E^j8oATE``@QhVTMJDF+Rd~JB+Xub>VNu?H+g5XHoTRXF zr_hs49XgVD-gjl_2SJj-yJ>kKL#rV!ZQn!db4d~(Q*{CD&h!NZE5|BjDd^8z@WETy zsI0r=tSJhRc`sX%6!OO{bQKQ61v*2N|K5o{H_{o>CScFVjqy z9ym#aE=9FVPyX8_KB;bfU^}ON+AYyTt)JLoFuuD8SE4<>O{#RFjUM**X0vY2&SkV^SsN!G;Ms{{;39x-+LqQ&}V z3`&!r>Q?zl)W^&$<=m@bjtuiJwVyVj1*^8aN^O_t8RhMg~Ksd|gP zm)?4n$CcTJ-aL&JjzwuF)F-IpsUDz}bn%P6JO88hBY4@p!bCcgwWf!BWzpExLn^Y! zWrl+W_cMq)z$~*nBco>(NeKeG5eVZqnww{iW5bL8A*Q}NrdPpMDgxUiP)bi=NdwQi zRUBmg3|O?ViILU3yoKhLGKn9cNYQSm1BQz7U&C5gila(lkQlNJ$CSA~K#Ltz&`jql z)rF^%2M}1qiWmw>Fo%;4&&QRY(Lb98GgST+LRC<$~+2>~Pz0DH4#MM7g0_)v>aD02fkG35WqFR1s@%cO}gJ8jE&-~-97OHKX*%yIeh`QaZ7vQZ`3FnSC&oUg!W_* zyAQnJ8SRpuU=?`LFu+qwl*&t5M2o4~F9>jyC0CFBi5IQGa#l-VH-?b`XD9E6A13+y76K;&*Le$s%1lpNVTv@A>291!p+Ym^lPJkv#UDYIaQliR;wPTx(t-m+I` z6b%btW7Woig4PV?OhXd_bXFj1At>hJ3&DEB2w;NXPrn{N@Tsyc48PU`9SznTHnp-8 zRw2UR9{=u&aIQZd<*WrpYk@M(P`iR=GLuI4?spuTFEL=E349dUf$141F=E;9>1hX8O7kUdG60<&OO{sq5Y)L%-*>7WHCgT?-SM)Ql^S=8-eYpm0b&B7NlZ zb;(JBP|1)4GOL+x@$d^^fHfsWi0Og`;k$(qK==;58G7A#`NBrzwI}J|%0Dnss&VQ&c=!!2S<{E(rJgf5Vc zUx5E=JYf&=tZ*Q~@`cZo$du=x1mCakCepkIaKT8{ht|I8m1@qSNUTOiv2<{jY$jNB zorKrf7n(-t*FE0-e)QOW_>Ua5`{~5Wx>8>k?sa_~P!^vS9srBMFROE9hI6Tu5#hMOj7fTxB(xUb)m72Ynu;l}x8Ec%eUZb>aw5BDfQIQ6y>{0tJo{HcOxO&93u&|(*| zoLK>f`&5pnrG=@A?EWdhbH<>*W}3zL?xf2JM0EZ#^+M|KrtEa;6kJ15`Z`D+pe|W1 z+d3KkAC)EUCo7q>;n3zYk)f|JposuH6EPTYkU~`o$;AvqrS8^{2d>17+~fzlVQ|q9 z+af^S0((?lyiAkkRYbrx}cdA#0u- zwR>iF(1o-jlWv45n_!SPos5)~l{@h*R$EhGE#-fJaaN~pW_BN{4Z8ad&md@YE147F zs58m-ywmhX0Rn|5^dOg`y1Yj)NbO+e%D;AuENVkC{g4Ee!a~c+#53X3Ba)%s2{_IG zle6uDj{D9`nhVqA)gj{>Gw1RcVWLyp zbE;}=`SkBSK%)SFg6-yJ(bnmc*pm9+`J8(DE61mEXDjV?u~MqfG=!mTR)z1&yrahR zT8ISI*ztS#5pSSGr4M%P*O=qlxEsgji3k}V_~SA%r95$;5#CTKuvC6KUhDU(sGv2L z$HnSkz&FZaRhF!@&?%Z4Kc4mVJ?+JOES+cgO@eMJn*3kf0zzT0ex2;U}R<%U*a?KME>J22psWv+{@^1MGXUzg zNUlXOn+bi{-LG8LKv62853_EXjuuWagHeLQl7h9n>gdgo~}W_>ghU}DE;GTt;W zHpq^*6K3(wUwS(JV%BoD8-PQKJ`)w>9D4|G3vRRi2azKoS4hUGqo~IjiHb=QC5X}y zrKp|`r*ZzTi0-ExJ0~Z8d6MmSbY;CpK_%IXA#E1ay|g}X744O%FSnw$WmcW#fuIFj&H&W8C|bdqbjH^w-F&|24M+Te1#3@e z$IM;TW`i_xHLE#f8E3u!6+|EyDzCg)l-n3kRS{~$9q!`bb#w8dgY?Tlmh^W;VT&4! z4E)l53mzEKm8DEu)}26$z)|Qe* z-tdNw6Nbb}n>8ns3lqrimUNee3BaH-{=?&vF6dOf!XxWT0`*!84Omb`=K<6g0NV}J zE}-5x^sye$@S|%X485*|enK`+E=H~+k+}w}hJPu_`{~}>kp6GH+dN1;ZU$&cyF-ng z#9u|rcPQXB(X=J9MQyZ+QzkQ*gGHV7t@)=}wr;2;rSIzJsqS%PL!t~~sx z5t8&phQtz`Iw+v z&4G4=2+*rpEjx<&*_GalyOQrU!#+lH^E(N@A}gE^aGDklOQ#x^n73L$27&afrsk{i z+J_in%fV;8FK-4RuXC8;KYAB`M9UrBV6!Y(Ac_QZR+}bKVXy~KQ-d)=S+g_x{=BV! znVW|3s)g~pzzmU%8V`@3{$eXNuFQ-H<0+QWzJDdw1Mo~!ty@-RXquzM2XWp>g1h&c zE0)ht_5k+_C*Ae-#mK!Xq6RENKcM)`9c0hEw8UfHYtyu0-@S8CG{Yc826LP6`=%@G zk}|0uPaZgUD$;x%iTQB6?+JI)YF43(OCuYxFYJWnS;ZhDygv#<9H0xvxZX|J%uG+O2ZwDttCg#vYEYkiHMV8l;|Ark zLSIegKKg9m8CcQw#*`e+Fp$&hqkQE*SD7v%3Y0JYITq&n(6#xrh+(9t!??FnuaLpu z8F&OMaRdV|W4=K3f;$^)-fbR+hl0Z~mmuBU&S7Mk_P)RDH&ly~DcZ$*O~tRcPD@HF zH8AxVo-)`j!5RM1VX&$NSQXh0PRdRYgXZQ}=#3M!Z-rU%gUC0kqUFeU27(~~JwU?0 zU4&R?o6Ma28z?WV$d-{NMnWrSSFm{=v73@C>t_JeCVk39msRR2AaHyj6gWUVPxU$< z3genc%(8v%TS$-%5_j0sw%2B!NV}53d`^%})s~s+hAp{TPzAzkrwl_xA_=*`R!3jo zuWOOw*F|?1dU0(hlj6n@FUUJ}coD7#=DK9m2KxCObe>Ob0{lRLnl988G8O2T3e;t4 zhtpR0W=}&srLPahcJPj3Xw5{pIq7rvB zLm-vGw^4HKc%ZI4uC&zJSc77z#sNJP83zD7f);*?k$9nH3tKusa^>*Uf&}CN@q~w# zCXr@$_gU7$$|*Z&Dkqs_hQgM=5j?02_lCH^KouH<R~A!mBxu?07$=6zf1Q0m|#GbA`O&k*as8YyxI#Wn*kmVuOS47EdAl zD2`HQTW^oPjTgDqnfE!-yrM(b3V`ZD_&8IQ2XD80!4`gV*%ASoV zu1LWO;C7q>3&qj-gOG-#>s(}I_?S4w&hKx-h_)|^Kvhyl26Yxjoc}y%m&5xI5qr7> z%&of5@UFV%S)BDJ>)l+2C84&s9F&-)d4f*g2|q82P8(XQ)aD_x0vS1}E)K4SFvp+( z?Q-04cS3elXtIr6!(4{=v217GBtU8_9lQ-CeV!b>7=_w;hFeeEoY z^@d*UDhif-p}& zTnvr1jOCfH8fd;GXXPa;ZDM=<|HJxgGdMrbLE_vlJ^7-=e~e^|gp{jJlFAQ&>I==1}y7G1ap(%@ZA;taB&#>c(c$GLc|4^e8k# zYIKYRDugusgr&TdTG7_3&B^{RbNikZ>cL9gii?`DY5?ftGQg}`8< zFkKr+_CC*6-&5Qz_5FV;Dosxj%<6L6x$BY+pTQ>Sza?rX;bWWKVmPhSvUOrbzrXb2 z)|ct)>zJ!^+=||+J8Au4Z@c^`!2dTc>oHkZ`_m5X0cKERQ=-u%jL40E11cU7I=O80 zUs$5nSZjr0(dXQd2Q+TE3k}QFR6CPqe=DlW5;gwS~sT3UhS!rH7sdc9{4z6K@j%oZkF!m zUw9Og64F=Y^jJp9$aPu0(ByD6rAqx&;*oX^=Ht6DWlI>SwECufdZ|Y}D=ucNTRvWl zCk!(L15RJfYn-YRgE;9p&jWB;4;c0AWb+K@v8e}e_udRO_2SL#=1r_zO+Evbkb6u% z7(&3OBNC2O!J#jL6XqXuu6s(PyWGHN4}-kg&Z6hO7|n|{1*1!E@KX{(FFXl{x8pV` z;i9%+1-WK`>Fhu%Rd`<Uc2#(j=$WB#ANGp5>p{5) zxSe=cq2VK-1Jf3~79{P(5*7-IBM~CP{z;uZ5IsxltIHvsov~zxGD&uhf4L_Bh)W8aJ3!oM^S7wDy=ni8<@2-ENx8qIR}z#$7K*?%~PYx%;d60v$sS6 zl0*_CB|ZS->tE$|NKQ(BHt-8xz?Tik&(*lV5skSXF%N_`F5p7u0-dDWqIUhEmEcL{ z@zSm*YY_!Uu&QAJ)aK2deluO{B9>XV#ZZH!W>&{TruSX4MZlJzTe$76DYJdO0p7sp z%;{A!GQZse8?a9QQy)vl>=vC{cyz>dQHmU{Yt5W@N59cHKAym>7Pl2^+^y*oyhy>X zY0kvVn{)Zqe5>&Bo9f038An3FpaNtU&WKMIrtRDQVbj*Y5il0gMYDcV(3E%Z4!;(_ zN-A8eRadb=wxei_3T73w_1T)KX!5)U#eC5iRhli7E(A+`Jh9^gdZ**%V@Z5J3dOzC z4+Q<0_vQsPW)}s8JD8FYCgLGd8&n9$@J@9iKj^kKqykcK!p>R%;^LBwm!};57j8oZcCdjv(1;d>sTWuv9y&D9_|3%Bq*jo6{4EU zo#O;u!(f*bEQBj*oGQNvy2Lm(s)-RYV*#Q>Ur_K{5f#XQ$)@LBaHupwmnvYHAf{lz zaE&iNiWGo~z6G;T7Oyh2H9j3NLfug71cFS1J&(2?!l}|Qx-;9CZ7r8sGr;(zS;a)0 z@dm{5F+Tse5&%tXEuqJQ>Q$2tiFUtMDw$$btt{y9`EVGeD< zkbV5)11xNLlNzoML)&%UR;Fo_&MlNycaRxze|nj{oOxmZNjhRlOOj=a;;22Pi6gA) z@xM5P*WzWi$Gid&{o_nmIMg;&=(}SV>Dq!&@r*Q0bt+^@ub9IftugbEBRTc8^f!oS z5?%c6lKA<*-u*PhZ!b3`XqI2hq4AM`IDa_Yn3f<$P$1GE&Uw{=V3)G6>sWO>negEK{E)@bJ!l90p+D=yO7m57JiCoW?WF@0+*pqsV%fj*q*qw+@k7+EZ%3nCp|N2ZJhoT1DhXT9)Sl%K{BjK~#I;~Ale{h6K#)`O9Fch zb1klkVpx6L3V(;M zZ7!^mPf_1qbzTpAQAvmodr75yK~5?U&<}X)Li`7ci%vfBLd78gX5vuxJt!W(+;M-! zZo#V>GfCZ|xl+E9mzR3*BB;dy#&&PEED3;OTZ9FFc_;*Dq7VGL7vhEEpz}mWmS}*o zzq(^nIBYx3JfsjvfY?b|@LV_o0$cKTr2Q8C6Ud93&Ebu3wml?e+8RP{kYt*h+Ehfq z;MeN&!fZy&8Ya{o(LX&znZv!N>oMNEu?F(k8CFUB`6VVnFE0BFI zq}sCiGgSEs1SbO&(%0g_sBvzHU{1owp#3kAWa~uErhUEwSfhyVS@C zVH7C{yc+BJWHXU{kwImSOboJl!vSdg*1J&52c`BbUJ%x!Vi@eA@@uWl0s(cqHYZjO zRRiEx;d1L{03rXHyultUljcp6C=h*TZ1JS#I;JqlP#ueIdv=%b*Kn*D~=D@C}}#=>E)S z?EKdLgI;_qvqJPOn!X^>fnw=d87SYE5LEZxU{Pw$G6Qv7B_)EK2lp+g8=uoMMkODy z#k(jJKJBQ3AoQGd^yb7Z1&A^INXl$~tF(8M9f!kCxUIB3H+s@{|H8|h$G-vsaLJ!{ zihZY=5YY~|>|ySAB>}?sMOWut2yWBm&Z}GUO(oi%taWYYO|;d zea;$}N@w9bd`_*9&nl0&ww9`z!*k|w+Yy`D+5Wmp@OPvYwaVeN76wM&#YqQdv-L3J z`$VjOIw9FxB2+rAzP<37jkPNG$@0_t2YlCcFe=S}s48l?N8+Kdc4`lwN>)DJvxyQV zV;Y_6WC+E0r&G@OvgMaL>(P?oP2lyDIdiRN$qs84N&u>~=BA}*m5>BpO~Zd{p-`|p zat*WWni!I03@s0o)(@4sOXkA|A`L*)4VOf^RE+qSQXi+X=o<>v-v1jjU}`96Ho00p zLxh^KJw4kSqQwp^wOXY%=f8f#cC8+@Ny62lX_rMqKI_fjPph-&NvfQjSRTk6dFd7% z{#2}07!Y%p+`dI)`$$2Ev3S^ZgHAn5$j8fcoTA6Oj6@CCvjKeHdG1Hck#EEO5BvCQn*gu&X@aF#R3d*% z?xzFWwqFwA1Vb0>)ZIBK`lAV66t8Rk3}pcmbv@^8+1ecw!B#*}m1U2uQ9ly}FN4j> zi*=$oVcyp^`5i-B#G1+csPuM_k?2xegy+eQeT2HPG7`=Po|uCle=*nailWM{vrti! z`!7QZ?goYIxbbtbWj6(mX!m;m=NAZG8FfARUezV`JDItbLV7ok4c;PyiSTzHB0|Tt zaLfJhsfUgq0h%VJj6t~)*795B{oHiDp~&|;jNu(Zvmjm_9SHe7Qa@q2Zu(c??7jGFL+6TCB31~cxWY#lL|}Wk~5qW zaMa&)G>;*JL9qW}!0SW_R05Y@S(Kfd0-b-IKc?U`jp^V;Z(#mmUbN8Gbm0aApPXI24 zJ%M`#rJe($V$ULY3;qc{Vv`weM}3k?3$DvIOq8j4!ZV3-ga!+Kbvb{^n+tKmJLHze6^6$8GA8Tydr;P_QrUiJvUi zYx=%opJK=3F4XcYoR~K_UV&_$%>NJi`sm#*Ewz$FUN7O$Y{R(`m2gV|put|~9Y7YF zZYdiRx!O6sKtkdMHCHdF^``(}2PPqF<|CpiaO;K3sdF)6_pp%HCc)F!%oTEmrVmOa z6kW}}t$pwXISdfK5t=riU_r)wt5k}t#Ol36>ls>&1<`|8lDNioRxDV!E#X463(1#x zxMI*1(OnH!gXFq%q9?dkWGJuFSmWjr0d8vhfmh8k!a^$IQA$ksX%4{VpY%pcV9Y@S zq!jQKwdFbeY3|M=I#6cY^yD!k=?0VCIJ_;n@?<$L8>w*&X!o#Nbma)fUB0;YKn}F# zb_^7coh6lQ1$bzRrhp`h3u@Q=>^8br-ARHxU!C+DIL)|^EOwRoYUSr|z5Z!0Y6Q&29EitdA9Lqi~kE>lW=xau6qqiy!YG@WV33~X+;}X{I&ju zvew>$BZg}sc#AHU_ymi(6|OUpCy3+0=lH{>wsY)+l_Eu0u~3=biZ?-@xF^=wst*pV zoY@nlv9(1n12SBTtU_Da8bKZ> z`I2(M$H7n~B6`|YT)2Z$ z+YFc_cG3W1|E$*$?$7((Wzu!9B~Erfq8hI5!C4y&LU2L`0Aw-X&N`7^omPXZr*py; zDZ2R`$VHj>Zr)^6Yvm}`mykyWps?8?TqfzT69kPA#^YidJ;I*kF!+1*Xn>3U73~>-! z@aG6kUv$41i%5;vBZ2LrDXH6$_F;U=9^j`To%{qkhr9WtJG;b*p?}maT zRBU4nvbz7F_VwST?b_c~avsG$t6lu_fPw7=CPDv)v#@VrrP>DoUi|w zK!ZBrxR?%?0EzoI%YimDGrL^SQ8(7LY&u~ICnJ`rd5!SCF}mD|PKcP~5EY8yuIO!~ zVOA7`S!BYh*!>y&7xDaU7t88;M*wvf^J4xwyeJwDh)82f%OFOib@=gm){=jc`jM3{ zyjw!?Rj-kvJ1JbqUYC)gF4CwR_7=qz@J7MJOrB93m-uPx*I-D)qO|+XtU_x$UM*7zA2DoQ5f9Khs&rv__T8o+0_?{7_v@=MYZUACtS1UqTnniwtFA^_igfcR+ z`C;#LHSEmSyq)RI> z$xl7Uy3+D`pg6wa`h(heDSu4*4x3pXiFO5GgcD;C6d*<2{qcOArnAAQcLCLDhZB`Pw@d zrt#!f)Ma}!w{LYYIcUQpVH!R;lm4%5;cR!%VRZKsq5YmT!(wCuZ=j^KX zlM^lw?OS^7Q?ym8v}bq+U&7MydzkQo_I$F`sKQe@A%CEDHyUZPNz}v9%Q1HBuXScI zW$Q#^pcD0;XFx%A&ePVBu{sC;I3BN6S5?uJW7B~aS!e<1ZGC#7Ik}>`d7Wth6Im}k z?-1ua0)3;X?lBszrrR6iO5I@lPNqq_>NH&;tb?SrBaUgaB@~UqiH*-VMi{mX&P5{Y zwX*Hy4>gb7p%vCpTj2z!GQi0LR>Cvr797-i{cBAGz@GRrpHd{O#jv4ccgYm5Mqp=B zfxAETf35F)I&r}s>Pq0(-7)e@-&2aoS$eW>e!u{v4GEn0A|k0b-aFxRh0n#edkXz) z`j|V!52oIy=gH)i^0gMXw@}k zN&d#9napBKfgB;E*yFS5eE2gjA*G1&j(zR`0AkMvHvnjCwJpXQ%!YCBPiU_Unk8v* zEwzV`0@M7vW2x~IPug*5Tnqg_Y%dE>2XZYhcgv*Yy)eh*+4)^BW#mCzyaS>E`T7PF zQV2w6bxyrzN+vo<#JU2rj-o>6k^^mF5OdIP;cjRDuqk42JnMk%5eC*6VBtL>sp-;^ z0G<=_T{v;y^IwXPMes)-3oR1&5C>{f=;9`uOL||Iw()I8Iv&U!cv}j%1F_-f$nfU? zto+wX-m1+HulH7t?fbrd{$h1{2bTZCAvJNib3wwesA^?M#85Hfy7cL6112nY{u2a{W91g_YU|-?xM!e|!H@0#-zFc!w_WMda^h4cMo%*(S+DwsOIq4} z6>(j(jg__uTZ`-Fy2vk&o~Wy8rY5%afY5#COc+{nk3Nv)p%yb{!+Z9&-4&E=%8S>f z1^Zu4lxoaW?d!m?;mLo*kS|a)fjompJX*3dW45RJS#XEye=s7nR7m?k(tF8CfEXvj zbqNLvgC2VEm!ZNmKW)}6{#}dxWL50!3L%^qKz0T|?wuLsnQe9X2eR9!Dh{o;!QfH%!(^w$VVg2-@NA~9`AXlEugLO-u}&_jv^9biidgdlFL(!!xfXmv`ZlVi zW@1Fjrd5?E+eqpP9a^qjt(pD+@wt@R2}n|%{Is%w85a1>Xb|ii7C*Z}v=HOls^mW| zjh8qY2UMuYI>=so0s)*KIPF4-QccX@Po_ zNHO96CQUF&llyMl>aWYRsmY(~%2GBatVh}cJa6pc@O?KL-=$?q!uV;fhcV$=ryZ7l* z@VX5OSt#VE`v&DSzRwVRbExy8la`)On>^8%15t-Giwmk^-qf}p2Y!@Qeqm39?D3=*80+ve0OfA>(@`{$ii{5 zo`x_O{Y+L&(4>Sn0s?A{S8Kus(Tdxk%rW`Tzw#-3CafO=ASQMLZ>6;}`vU0p>0Yrm ze3n+Rm@S+*o77e)%-aalLI5=+*>s`}RUrnq`D&nn!7a9Dk&+}f{Vv$R%gBcsK@o7j z(&vH@bl+u08EdqO>z>bfHM%8rGGuD|ujTE9m^5`UK)cxE^{1kmp3TJg*cEJK3~Ux) z=|J>)6gPWCn+_>@8i)|NEAA7$ir#wZFz7jVboDRe5E+RmAv$O{v`rw5ee6H?VZT!{ zJGg4eSnJd?4(`XfUOg9nHln7Ku~xQ@lm$>}Qcp4Eml)oUxBo708*1A9q0yR7Y8ysz zQg&wfaE*PJu)~eKH74i_fX7%FB5*SX>(3@4;FpoV)|3U|gyJz~SH~VUFi@{@voWoN z%(Zp{;Z~Q2Hub8PnK-5Ow?c+HFN(R2Y75}Xyi9DtKfXop(pSwX`}?JN^0B*1RVFW7 zgkEaKsnsLo(dF>GP--f#qI}FYmHAu*Z3HpC9kNiDkKc;zPEHC7{QMoMYIbTf*9y@DKl3UMMSyt#OBhuIz$#SjaPWA_1mJ8mt+W=W=o)C ztDx2nETJV9TyKK^j*0uq1E%<)_J;yokjpcmz>vZp-CR(U@{5O|bJ|~{Ak^nY*Xm1M z)`0vi+(l~kuhe>xWEB^`$5>Q+2trSdtDDdrS8-6Mx$-7yIp#|O23x&6?$-Q?&tMW zui?9|SW(oV#zX^0GtO9I(~}{krL^xIlgy0w6yxkbQb*>z=7nj{6|E#8PbL9i4-dxGy z1{t)d2Y7iyV?ZXoC{QgaCi(naagY6C5`55Svt{owz?s2R{4#DOR(Ec}YY|X6ZPtrR*%!O$*}GpkN;7=35}6+SvIUW6-;E1Z`_YXIn}C7tj0NHr zFs&bm1a-mX>@xVETOsz?6DH)LGN_Z0T{A_4a#C3%g!X&lkRZlDGpUr#xvS(v3kJJP zEGk}2SGVA}hIFgyHyog*Av4GIBz+Xfi=B@#BPpE`LI>z9?0s;JwWP{3FavcLp%CY5 zhxrTdL+|(`!tr_z6>L<}Jb4JMN^~(@;SezpZ8hgM7DLW9i>ClF5h#ouLuTtKkq!Tgh+j&@st;_mm1`c!~9pRMM2I^qqeQ?jIPv)Dt8F6WpW?HyO4AGjzU#Ik* zJ)XkY4$^JL$eF`lJGt0Mz&J>iiT{2bfK#k{*Zgl?B`?nv+ZtrS7LjFynF_(bO%bJ4 zRW*}uNAY#Iwh^6fJJAs!qM}?gg$cM5$=&kQGB@(?NBSii%-{6nEG&N`wy4x<)U*aJ zu&SXLid@FBOmUJ*+<_objX!aHj3s#o6sdZP+5r4f+n`V@6*=~;+@2znFGJW|qF(xN zjNoeylWd9pB24VCe!&K5_b)!>q(xJ!ob^BjQ)I@c`NY)9pTOvdV* zOOv#srmmI2gmuXx<064E(fuxwO2YuASG$RyEyFG!qDRD|%`3twuZhkshmP3%?yHKu zFYeEj;B;_?074OqY=P8*@+m%?XmP3_3Q=8vOv(f!BjRbZ^<|hD?x{`K;08+T?eO}mLERAf|4g<|72|g?7hGEJvZ+MAm#KAHx8N2RHyd#SxvG16 zQbt&7n};W+iVlPWMU@2cezx{`)n;u_j9O>l-D%j8brs8{1^#-$))7|_qrN2TVYSp(_8E- zpdbS)^X73Q${k2#KYmh+`Ia*=yuEWTrhvE$I@kCG@CL`F&T496t_G8&UkhDLxTN|n z{I*z(Dn_JLADf#K-4`l71W~rWoXYbfwtIS#w=el=n(niqU{=qatNw<1L6jA~qosuj z`+JGK!wC?k{6UUaC)`-{0emrD%C9jmn2Wv{7NLQDv#G@u(ydXUb5_%86*c3r+k;Hv zg^U9d#AIo}BNlsTMnocnrnTgdk-^<1d{hq3TM^_?96Sxj!3+>Bi?`n5Pktg({0CJT z6gxBZ^VoY{K%#+dKn)-^OQAG0tV3C~v5<>M&lOh}4$!|S&7^ltt_e(MQ5dSU$u&U> zG)=SbKSq~su65UHD{Gd0MRs>DWf$we^q^7y;A9Dv`&LsJVd}**=x>S#ml|xf_;ar0PHnP-Ao~4zrfjO4do2EA zbG(PtR?)HX4{|Io@bFXOY#9xlt;h;ua?8UKkW41ypa(VXuYolOsWG5g$UvnGRm&q9)<5~GWkeQ)43?W}38jNvj7q~Lacb&}ftlr!t$ zq&$^;#=Jf9IiV>zBni|~X#0TB)K|t#rKXUkVHGdaH8%AYvtd@6Tj9E=+jkH;q;7!F$eMUqg%CMnmN`%V$WDhE`cXLB2*U=>`0zdzYw zFao=#XUz=Jv=M&F^d9YlG-gyIIW~--#_z46l>{J0La3S2n8pf{5z&N7za{0*c$k5J zsxbRKG3 z8hab3{Hlhuao!CIQkc?ZU8L%f$>fXB+lAwXg;3!^A4r#E>@?(5Li7RcZ%yMLh7`O3 zoPPogWt7s8EE}sqh^<()ansh}Kl41ct0D*&$Mt?RR<0c$e%mDC!Z`CyM&w1yw=WNt za(*$17o6>dxyX-Yll!=yL88IW+u}?nO2;a4_9(md*{aDHIR{*UVdntFS3b&3i8BJG$Q8FF-CR{x5nLA=+Q!vJZl7@H9zpJr8lbH; zWZy~{1E;8nk7c}eGzhCu#?uIV!B2P18piE4>Q0JkIHRN3siJ77*x<-N{^xVXYuF6c zkAdem2$Lvt@5GT(r7-_Tl>!Zn{mCd`sjV;o%sK$OC9BZ*B}O2?XPed#ri5>1U}kl; z`#CzFeKLO%Z;b7EKu4n|7pSBHlesbjGzNBYK#(iv&_7wH`#O8brG_C5_QpvER_Xk# zVKAkBkPyh*6)SZocTqymQ0Qz6w-*|Teg4vQ`nTn15F96ki&A}uS5S8)oy-Votz-C( z;2~mGNGa`s9cy4!cxukpdEsUlpK@`#GIsR91z)4G0=sla`n!EU6F`<-{im}oU z0pQdopjmLxUbt^#dvQtOnETrzCKwhm2#_+>dcfH0u9H1R>ki!rqTWuyh$h1L#$Jk> z4WBE|P7^~)W%frJ3a(*}5w^jY z`}LiZm39$;K}6Fp^!<_^*QZ|sO1!t0Gr$ckm$=ktdQ5bar;TWM?a0XjZmtlQd{z-E zDTiDk>~)+M7mY;-F*ant_m#GC&#c%|0&hDMG%(CLeB>WEBhMeVev)SQ+Mg%8gGF&? zV{CoW?k!4v9nx|bk3)}kzcASG z{+#DyIR6?yK)rKj_o>+zN{V>|4j|zea$~g%CgEYHXmr_W{URXl;x|C z>o4fCY^iC|;9p8*sB6Ld15p<{_~2*5TId+x!T5hfXi5RT_@#QeI}ZhpODGg!FD}RO zmd9Y3#J}h_m;f~QTGwxo#2K{*(ROZS%=S@;T!E3OO}8^swv$3qg8D1UpuO`6D-Q_* z-6>zDNqd**mcMUyx1x4f+8wgnZJj$ZZk*~x{WI%9k&#j>XruGSl0y?oiV(3cnh)WW zAsBXtuTbQ1T?)E&su%S)@`Rfy-$Y>0tj{HfW@H}?y0hC9wjTg+n1dajz4;gPSFWh8 zd#BzXF~%vf_wP0_=TI|gPK>qW-E@b@^&%Tf?8M<(eOlQg&6##BER}KYqfKZWIjHNncWrG)c7Q68^5y`uxR!I3}F&fdN<*nJJAMEp*E9 z^!m-N`l%he@l`HqMsDPhqe!)?vxTb^(u9n$whX08knL{Y9u+owqgmFCeR~ponm~#u z-nG2MQkMH-AIad!9mmAWik2ZldfgALIW& za_}8cCP-naJ%6`cBWP~%bBO^7A3|5Yc>hRWtD zxD2Pz2ETB%Yk)*$T_gGpbX@$$hF&9z@&ADE8LF7BR?iZ2Y;dwUzGiXm<3l_8d8vMB zY8gV+4jz*JiVwRvPO-6OIobGVpS3~Pr|96Rs zcRzmSzM=)O<3V1>)D+slgwO?0-D2BJI~K6u^(*m%>U)X1-dEeexqaVL4{XI+3pVSc z!{)_+nDd7zm&q>HJ3}fqJGw)K^$i#+9>tIAep;e zwtfy-J6;_dPtlR&+SY?|uO6pY2k$N2S6;@3gVwlqG08403Mv|#)4Z04?LN4b-G$>#vXr}FQM z*!-X6ZAjv5GILxod=eAN!!g66wD%*#&__9w$e??)2|wr+6`ZH$sJ^;j`6!5Hdtx#d z7-)x6^}O|W7ok65(GUt$mYgxew;iv?vnQTL{(hT?@}6!P53z{k2zGpTMhT~$^x3~> z=$&eHr}geBx`d!aMm0<#@3ZQ#^454Dmnd9*kOqJmW2B1j3hIcdqOKz@K+eU&zy4Z} z6u4#@E!#smz2|$pL0EKF(dW>*B+@~@&`y^)k85w@eQh$7L#JlKJ7B;Ba&0O*BdQe&22yL$Yzlc8^t70hj5bvKYKvP44dpdf+vX&<+=@pliuhFcN&e6xi=lq-AgW$3;GB^0XE->My9(N*-!c5djrYu0VU~em4tuzjspE}Fzp+d z(6il=WkyM1-gfm%DFbhL?!I~lZm21^1GH>VA4;OHz1|pdkfIW)S$p=DE!sVhx_o&) zZts*g;_quJbZb(e!XBX{S%mA{&@^DEfv??H!lnX$&z@u`7<`qOka~7Mcor<+r{4`t zUd#=15+>K_GCrZH-YK#>Z#!-h3=lMi@}Sh5_7qw{1~IYZF;eu)<2lU>!pe}kvmw8f z6LmWd3cv+5<|uSy#WY0Nnhxx<8!%Y>pv2K8P-`NH{H>|9J~p6VlMhaI^2tfh8r<)4w6~-@0R@p9vyUj2nHckIn$pop&5V385YqYD)S-E z85-Vj8;1p+==1#@s$p#V-%y&MGEU@Z+72%&aN$vAv@KhYR|sHTzOq3;;yHELjS3y1;6x?FsdDvdP%$-s$7le^V1qQj~ zxhXmSNsoSsjY<{K)`Qz6tigdJa6h@ue*;FSIjjG1$$LDrUZ4Jo3OTK6!H!y}akl{_ zC>7ZXuEF^u9Kq;@9k_9BqNHacO%Bqka3&-C742schiPxdOyNrehUr#7>IboJ>5ttn z&W*|nSOG*VbkGzBnzvfP>Z#qNl!U?&rQ!hC{CBxt=5p`FIN*>G7X7Dpy-XeJGF00t zL!pPeE_otNv)>x-b+Fy?2?g|OJch>SU@GpmRj%C5_~h5$azc@9#Mof*=mv2(qXRx0 z6i0NEwP7gUBagm_Uf+jD)L)T6>jK&*J7u5P@pyl_n>Di#uYXZDrDJ3t@xvRQ!LZD7~GbuZ4OK6t$R3J2m!Re{W;|6a`>8?w`P5M0TLZTqN%~pqRk0z^QtRdqA%RbVnvZ8a4IL35 za9Ih5ndS0{rdEwoRj83&QAq4&1=bkRVFFr!%p|0IrH zI4L6^y#3@o&1U1_4~65}G{(AMU#~KGG{6Cqt{!rK(lVjk3(D?VdI^{+MhfTs4|bqC zD?R1S1fpJ>x=Pgw&Xjk%B%~6&B(`8cV$yI9KVot(p~(^h4>?zNd|WXT%Zx09{d;d< zyBZ5+jKSthV2tNJlq$?{pV0jP4mPs!Vt8uEo4$)wr>*WjjvOPtqH{yO6*7d~B6Zc8 z`;$0TFQha~GsD+>pF%I6_9u`PYZOnsO9w(En5M)`FCy81nU`yQ=qoWd{?UuQzX(cJ zJ^!^5ZN$&Kb?N4B8Zb0lEFF)9py>Vm;^z}{&0}MbrKCTRWp~u=3>^lQlXQjbG2Y3! zE_`h)4HdU*4ASVR%aB|VQ^lQB^pN++7iGXd>h>s(@ElRh{h4PyrGg)`bqFVgse4qB zZh)HGY!^y4a}HrH0j@ImRNK!ar4zA!3-#v?Cz|g83p7uW!js_U6lC~&K{p~ft@Noo z`+h6fD-V7^Ra!`4FO^=v|d#0 z9+|RL@o6r6s%&1=`WB}j+eUC@CYbTILbFJjdqi{k zh+YWpp;nq*k2S@!(|zM5g3QaU*zbdO2vwf+03VVh4)&IqG!PJzCp(tCbw!=6!Fi_% zXbQX(>0peG8GAP$Q+LiE zt+ovz;jsBaQkep%SgVxypP4NlXir*^E8pnmG`4`7u?~mqDHlzcEkMxs%2l0K8P$AF zE_Ge!KJ7=`u>|E|59h=darF3#@%+`>>kEPp{$!%CQ>*m>!jGU$T^m#~NXm*rSxSXy zbgynRej`-U|XrNe9pRMLABXIL>-0>}?!hi2ySi+WOXG?tG*OuD%*Lr=lPe{Fo zYxKR*Mclei(g1(nJXhB{TdDIGc1H})NC&9HFkr@*ASt?Ec5P!{hkiD^qvY0VRdb7r zVnD@yqca4~;+>yo9Ppud(hFF@F6?*;$qOC(%yQV|70U^W*)yrOBz{>)zuMbenbDFP zw)S;+Q)!7OYdrhXr|ZS{>Wes8jsnMSmWqWOksFtno~NA3eETJAV z#psf_()uR{5~18ALnsF2LsySxaxW(L>Y>k9)~5G29d6m)8jSS;cEeUcS3OD;1oHg4 zJ7DpM9u^3hkp3sC1XI|43|MN}TI3Pb%t*ci2)toO-QHgV$B&!{ljExHoa4p@c-jix zu*35U<)B|4KC=~n@$@*d?eeCJ9eB0_8O;~87#B%l7rnkq1OU!U%tv8%h1@HJNP_g6 zv|>}o22k=ox^40q4}XNtrcIWYloGbk)}+DA6jb(l@swhr$0C~z4r$LgT-u+&`jdeq z&Y$zbW~~Mx@z8+|$hr=90<_j>Nu zUuv_JRawz&Th+RYbcMej<+CIxOUO#>p&iN`K8VWcsY%7gV>g-L zCj*vybBs3LiGVOH0F(>+A35OdwlN`){-o}u<$IbDK~bxTRN#$Y5F2(UcRjFJhI_X~ z`_O@?&A`ZC`~HjyJzZf-n=*A~sjMbfGh^;_J zdZ{po5EeoBCE$<3={$X&rp`NOybI-%pt7&CQJnSd}V`8DUqt%R_5rLQzPwckk zI+mdk6L((^89)>$%<(=M9e6RUT+Y`i`T{#C*g7}Ml(IO-e>z6exBmN7d;y}HQ&$9Y zP6m+WcnU>l5`)(C~l5A?PvnpfY5PD zj|N#diGj-+bRJ@(rMQK|(gZy_lQs+zRr`C$qa~-4us%tKzjlwrO#aSF_AeDP20ArK z=Lr9qto9&ntFi^DJ0ho-A3CI>^BaVTnbbi}+*;T6I-7B;i6s ze4Ncro*Dbu6)7-MGxNxZ+o}gA`zs8>DcV0c^@4i1 zRq+~bTU^k{$U5S$v~RlP19)FYORxSaekZyYw2~)q6WP0K9GX5Ug_^fyTWx#nvL-r9 zw->Lqp}b9JOoq`@E?s2kRoT0)!Bs(-j!o@7p6cWBc13NfyNL_H6aJYju+pjPSXWJm zE(A|{cB(q22$Mo|FFG}_Hq3YIR6#C*_Mh|TBfvkTQiC|+67Aa~pbNiYn2E5YJ*jGQ zp_$2^Xhk*h8dun`%P8AhB7n9VP z{+E>?h0N5=b7z1e2JK$XkXZpSBo{YIW0u16;2{b-pOmfEq^Y7*4Jxx-`o8NS))OM7 zm0l%s`4}HiWCUC24j*jcPW6BA6HnT8t6G@T2Qro_#~u$9+m>If!S7ow)@>63*#w-; z^#LP{uW>ch;c&aOVU z#N~k?O0f5(BP8}eo}A3i>O`CpYxyo3|Je>J<;H9Y$TLzTaW^206f z6CGt2f^|J-QO#~bUrAGouQYwA!9~qIDFCDMyF>s5SEcLyn5M4A#B6PS_CA6g66ej* z)&4>Fq_b)S6DSZsC&@!}&##+c7ekNNw^nlVNDAgQ@;_1eZpfnqi~)vjgD2v;@{f<9 zIp-JM1`rH?`XXJ3HO9?gqVWC6?S-s}{e8f98-P6_9*#}hAmTW!)U_)sF}!;Mq9stk z0U&m7mEbTH07ZIPjggWhSA8Wf?hs(`Q@0zVU)6@Rn>k1z}F*>cNtl}b6Y zPIwZrcZtBS7yZF#Wzh((R$SocZ?hf{&e-4XXRX)>;CVLWR~$tmr$nd{H)I!Ms{ zvp^sa?GfObrU_f=A(i1p89B^_U!`kCH{qcdKep+xfhG3QxFT97NP_`3)VRQ(H&Pp&bq+n%V*tOGYFPv3bH<0boibio0;C^hLo91SUUpz1=ga)?!w%=Pi3? zqCm9dy^b}y@h@4Y0c~2RraOY8v{X?uYx{Ugbclad>IjY*c)WlaFF}_epq{@(t}Z5K z<0YVyslJR2mh6+6;^%?Y5Mnx)I8inc0N}wo#nh!4^nzv#`LhH*SHnZA#!{7!)A8Qf zS8Xy+$BY|#Q)S46yWGw$&6Awksu!3k3L$K|wt^8-IwWk6|$WXLU8vL6F*WfX~VHL;z>a%CBvN zIhwM&{H&X@l`qK#I;4A=CC263dd7={YPTLDst}gbRZyY=1Zk4jYag3M2XWfmcEz|f zqB1iUF0d+)LqL*ubWYr~;(ftauk|rS${XzJO>4bEBRP-$6*sa z!rAOQHlL2JQr%ptDQht_NMST$R?a1;z+&|^SWS*$)UG8^?nT`ceMW&t!#_WP+nQNc zPetvV;{2BXT{m#8((BnRDzCW~N_ky&wU2ZeZ*+Z1?t`U)^VOh3UPijUNvO_pHZskO zo1pn!x4FlRvRSl5!H`pu(x^=NH9#`a@Gr}13*f#q$$}V-`}|OiXVr$(@v*8eoV-%I zpBEf-9p5b)ltY_ z>y-VU;~zU>s;s zf^*;!X#v8Y6Hr+2Rm z;8JA-=PK?DAcHbA7XV@T^+E%rxB_po(`8XAj^8MFii!aHB-Yi2s{4kMT@j@7{Wci$ zVd^ue4DhsQ?$hH>A|&1)DTIq#a~0NNqj7!kWj4xaifv(>4O89p60=|Mv4+;-)__U@ z37KWvuIBt`Tlo-~i=PNm39ea9Z26HZSL*Pi+qju2FRPUSeeBqGb9GOML}_-(Jn$`h z4ZhTf4ZNUI^eWL}DyiZ@FH+8yePx?;g5E<-_>OlR81;Uuls@N>E1?zuf1I6$(R64Jc6p1C=ZjRY=z~NK;WYRS5`wn-Kno3c@T^LOHt&a<<|`2o*p>c zWZ|(}crA+Z0HQO_f{0$rnZ zf1PGY<-W%TULDEef{Mf!gMMXgg(hae^rakbx-$Afdn;s^Sd7ju^H%U@?{j&?!Uxxd z9d$S!6@s1f-8yokBMwR$I+w`t@mO6Su5HKz;Cm1CZ#6-U)dPjy>pgR^lQqB(`$E+5 zYc=AQ#o6*{yKr9c4Cb|gl*uWfG>O@qNdY%j7BEL|$ zmryUCdm|XOwC)w4qz4-5wqt&XKv#x&YjwU?kNyqcOn*6=m!^ls{Ze-}$!25E$22?i zdJ)i{G)&v_)B)2-<@pn*ea_G5&|g+{V4laI0Y=lXVI#> znC2pQ22W{fV;U0+rP5)?MOz`Ozk7d-EV`4QL1)BYQ>>5$hP8knTQyIT^{8L_R^2U| z>dOz9JWlbYEH`lDT(6cks4DE>EC9`~104k~jOYGM>6dNc`6FNm>iZ|i`QJ(Y*+?~O zL&X`8vGMMNdRO|T*4WALisuuA{3ukenf;Nzktdia+}AF_AqhV`{5p>8`HyzPy;#j zHs4V$1xl#fk%zASKU_6l`Hw@Mk~Wbikm!8O#GDhmVLd27#|a--^G!B)+@LOoDzc}mp!el z98~jV1TP8E(&f%1vDxG}AGFTuCx2fSQlu|0uaWF}A@`v;czDIBlw*hZm7e*6m~EX% zfU0^n`Ct1vJ+8dX{AWf7e&6r^jc4cCV32!B5M?@GhkEUrL`Z?mt>kKA_yTW1ij71l z8n{wmOF#VGGp!V{G-Ds!>zY5Af+#j`j@LOZz&HD?S8ReB#^g)N0BBb<@KwwXn#Bm6!ge5yoLd*+}QSnm-(NVupKN|LEL;-)wQrqg+gI0mmv)T;^;|1J8f zOJts~J-QeH{ljW+A)NIut1Utj$#UL-7*Hj5S7R zu}o6u=~#F({l*gxX|D7dig%C9m~@CBgj<7DsqVrLibk==`~C7PuljN{dU;R~#svKe z9!jID!*0LG%{7)A5h1Q(WY~qs+S1l(%r{p_a~cqP*I3;P^A_h~EHaV~aBp{X4gbQ8 zJ3lEXkBGPeTRMwniIOkJFmuBoyrkq_>i8kH#Ya{(kM`BwcOBo*C!++p(8MSfrLRX- zg_Ah+tP?POcON~~*CM{+PHjsLz8yn(G?i~Sp|hav_80Uda3&Z&9NyfiXA;xM*KiZ1 zvnAmQ>Gn=mf*0JpmM>WYoAkqG(vX!M;F00L>Pj%JHo6G*q7#eU#52hs$b zHI<81hXXP;>k)`ljXsD*!u}+rOOhExY{_XdB9&X(Sfl_mgDs>NE&xrMeeVRQi}HNA z+f>hE6jEDx_K95jiiL=O%I*7Nyd4dYQ71)opjG@}>hEqq>kDB;MDDgAOyLM(Dc#Va z)qg^{4-)VD6Qc2js#X|maC%KrcFw8o3d~jT0hvVU#B?(%&QtSGj~r(?D-K5DNd{8C z#6OdSMhctD9i?WRK0VQr+TsygiF(8{x~UocJmc`7n}bl!sbb@W#>C|!yBdxJwN1(x zeXyBOc!+63;Qf%Mzue;k@?D{#h{vm`!rDLod8P;b#IgHFJ#~U6QiVVH$%RHF=?|8S zy8?q?X-SMY(N54~EVdG|j!VCqj$kjZ8ZQVq_t){>})}BWV$IF*=YC z2O8D&!Us*b<7+mMW42OjBc9FuLo0QHWB%@X(=9Ek5^soLiyG9!yYNbNd)Bkzne;X-B(fm#L?O5kCb@4 zTRuGCn_7E&N0oWQ*yV!t(YlFbogF!~Vk2yx_mD z>p)~E;@LcYB$SWnREs8S;Z8(aeR~o%EE26Iyr-ipCAr?_WG$HVR->E3uI%Y58u2AKAcL_qLf;TH8>O`C=0CcUf7Mq(II)jXeW`sbAV z!Wx}pEZoD1XOuTs4HLNEK|OGI9$|HN%)ei#(}~Q}Ku%@7&OGp1kK*AZs_hTa0}b^y zn9ZekKqLx+XnBG-Xm2YE&JWEGy4$rPIMT464+ss|UZ>EhIc7{o&ML!ajFH^&z&cn^ zAF!lNznNFhuClLcLehVQj6lYklUG#rw1Zi-8B%McKMr z@Anf7d}yJVakn{qylLCitUrQdn{g#N26JF>!!Xm90!v1{)NaNp%+TQrW@73o$ImsM zFCU=%j7o!!JN0^RQm>huhO6Zpg0mPkcblV>$T=`St*H-_xXA4U@(Y@=(aD}bPjMk* zDg`D}qd!CB_h+taii5OSVP12DQ?>5L%~<~r6)7^El3^-#UO@P^m` zR`3vk?CbnnDTx1bU~Bb^3oryzg<%Z*|BoTkq09G>Q#3hZ z%$Ly_4T?~heHnW|93tLOkTRM*2Q|P*ObX4BtM~H;cYv0ASu^Iplek&XIv>pE9n`g0 z?&p>Ib=x;|uzgML?;sQ9f(MS>S9LR1#DK5{pKEe4&#YgT6YKOewrf@IRVGf`Y%gRf zkvwfF(v-a{nYovC?tT5TjTBD_fwO2nc_>y;KZZ<|Y_0aiLnZ3G;<|Sj#)4&YIFOym zSIwe)(Ysw@a|$1L2~ zKc5@Y;ZL21xT)OlyfL5mgbC-o>?+GUIxyl}yv?ZFMu6<929DTlHDyw`!}*tJ1}#33 zaYSwbQ4m{nxj)zWT$twgm@+1tUYv;gs&LXS!uA4^GgXqh`wj~T-(B5DD6TTICymq? zLuAB%U}D*0(J0AvJ4CdODwFw4Pkw8d$r^%DnzDd!F8>*38@9X^j^+=J1Q3)&Y%)t> zyh;{(B`PPDsi|QQ!A9Nn5ms|@DWJ7pxm647%Ypqwu z9-LIkiSQHN3ckRpHFpXDf0$8%k`&;Y2%`*aXYvKAsZP#2v9^qYT@mu-*V;N|pyQ+o z0UWXjkd(DiRwN?*60Lf5&kqkH!=@kjIlM0zQxxytkZMpXjEkt$j9HJ^freMX(fjA7 zAZ~oW&g0G~HGGa5X6k)`3EQY-x;zIzBhv+!Op?N+=xqC-or_J&I+o`I4@ieB-BI&K zeqo8exUim_#5YyuPk4T?SwhOXO0rPB7HFA5w2NRpR6!RJIYM1Q?7~xmd@{+=G)dS` zDIx2Zm`v*-&QR7<+3{{B`s8sm*f^{?PXacR@(76BB;6nN>3@Tuq-(|Rj)M7;yn;W@ zhNd+57N^^n%2Y$x{4w5h(0LlHVHLeNWIM*SmFq5OVCW_{ zvk-PhF_5sI7po7G%o2F+7aZ8fb_!awi?L@B-bfURD#vj~locsNo;3py_fd+foJyKR z)yFrTw5>tV+R_^NlkO-oWec1VpuhMYFL9mzMm)4*5XCKkm3?y3s=_$aycwM zWwP}5RPQpGL=Es<-b^kc%{(Onr44x&uu(regjV_hu6i~_I?Nqr|MW@DwOmp3J_quH zgiTJj&I5ZRW8Y+=Rg(EGr6GwaLP$2ntJZ?!|3&;^rcb$1y43@z3+Ho#mmRXkb)Zt2 z{2M2F5W($mAxo2_Ang`*mx8My{-i(Iy__!@LcFt2MDw1|=gEFCs=Q0ObK%3kU82~x zw)_e*x&MH+DvRoYpz9u` zot^r%+}^T$QCOrQtm1i=km3u!QD%1n|7Qwt9|UZ$TP-FdT7`3FZhW)rHggZnvIp*X z(Y;>!G4_IIl&b&l(j)wWs^ag%ba`y)KaJrV$h7|z^kC?OKdQ!4Q5u^Bo2$j{nwWrz zja%;uX>ro?Nx{K~vlvT)0*A2ic1u33l~J)|u>)Ju5PMG42>AW#@W&QIhNj!ib?q-k1&7MC1Bq7Rac_#y6->tcf*a(OX452Ccx{|fsxEi~wM6%i&i@`i$ zpL&alnF+(R?$0Re6f7k3z$faQleMED2cmZTv%d39M=1336qd9#By=) zPtOp$w`@C8qYM8;OgGgggMM7OrRa;q752x`IcEX4%BOLt1eFi`3Z7E3`$$K&r4+(X zsMQY;b~z(-F69@?t%^z|$eSgUG`veM+zQRX0&;zz5T`O|=+z_W$-D&x9;{VG`$8`d zQH?RNybz%S!*4YRr7w|ALu+C?08G%hGrY=IxEr)m8m9wzpikO{x!A^O=3y>kmS7Eb z++7Z+^M>BfIW)&DU9N18j4tWgs@{Z|9bL0f(?5y0q;dfn}FA+Gv1endaJ+1m9i#hSB}{ z9M_4z=9z5u0ahT0d8dttg5@$e;P9AZsjKS=jjunbSD4<&oQ)kA#i)W&n{URr3DfG- zoZXwd5s1&?H zw(E>Qo3g1Ftt=U;OCtGB-jBX`o2$9{u|8;q8cJchV^Jj$S3;3cZ_(z68ls}Tg0;_;44m{8kSqS_SGg7-PYa*hH zpL~u$HKfNyxA+humBmQGP)$lU;p`p<_h@6w69aH#v77T?0d8YlO)OkoSc|)E(P`Zo z{`=P4XqTKu4c$$>Qsmjf15QlhW@}BpYxCB=ExO$sPhbLcq43c9BQq&}00~DGsMy=M z;ULxGkRN^l961iU3&kg#W|56K-Fu)^ZyyyC?mP%vpK4W9SO=f25yGHJaT2 z5km7EhR`B@fq4XzT=J{mw;hDN-uu#ZL%11Zm;Mfsoj6d%de%|Y{Eh6@;s?$l0|KF8 zjq&v#v#*~M*n!gb>EdEZ${ZC3IpzWEY<)ZNQrhyDRqt>v*{ z;7@MV1k9lIjD0Z#q|fjt(zbn!CSMu4d4TL~{;$D0!aWo`pv8CemR3=Ve17F4T}B%& zD8PVgYK3giswne=EkbYeUR|Plx?B>l+Mw&-tsP8M&#eMz&Hh|lWo@O*)9o^JY*>Rj z!EwK}qP-C1M#TVvvFmSh`4S`K+W(`(obk*K8hQ|7kEOCTQD?Q4zD$8r{M{!emqG#T z2$8t(uUAxaQjgxs?HkICmmb{b`e?5=uwtX1ysV!n9=EEnk>r)F`Q_BiBM(X~-Rfk~ z1U%5n{?i$qD5V_#KCbEe5(90|yk95I8o9tRh;A;gHDB<~lK5}dXB@^{?pdnVjHnal z_u_&tf*wo_t3KOJ#gH=O@N~hF8{PA#_Ga=Ce=G|7EV@UAx z6_IQw`S&}Y1Z_<{Ft}}!FjplH>cSx${yiunm0ndoUi~O;10muB-mSgTM1Ra1R(0~Kk z7?$j6nC)(w;6hrR?CnN8weZ%6l8HE9*1G*NF@fpvR*9olrUL+A;iy^LzH&Ki2u&te zruGwkN-t!%rz0$+O0CbKqB6VDm;&S)K_(-*q8DPSrpI)h>c^l63K~vv*+uv0S9uc9 zI4|41T7==UVt!V$P%5A@ABJ(nrMi<_BA4{#L?>$ogjE?u5_L=Pc5OTg7s8#Ea_3%o zgbF!i32uJZcR+P4y_l{(Gzd-FEYA$0j6nJ{Llx~$X{PTjJXLz(XVD6Y;4K0*SIC-6 z#73uA1Brb8XVT#3VM zu^RO%ye{L-FXE9F`IHVD<^gkI9?xDOaLZeV!A3b*rgVaTqHIb~U%ea}Wq<)h8PCn{ zJzg7ef=`RVpqh8?tOnd_pfpgV;MzT)_nNrXS>S&K1l2N(N%aa2nS=F5D|~xpB?82V zyJ}B~F<`<+iz56=-m|&wxZl^+37E`Zue$=nVq)%@LL0tYs9Zn;hAAlq3sXiZ13M99 z@d?UlY5L5CBNQ9`Wx4fhyDFV-WE$Z&In;$fqxl5vo;!4xq-2UnvSPs;?PqTzt`B4` z<&w6waU{TCnh+yvN+RhBstIB_;6UyZClqt*b$d$TLS;9ufCwh}QAbjH5K0QuQk*UuZ1+QhZ>h`x?G{YK zBzakA`}y{;v;o51_vJfaNJ%nC1*l@91D`#S+k|9q9#D?o8lbWCG<@c_d=#N&8noMI zc(I5)!d?#QG8M<##@&kp2irRz{{dH<2dm4oPV zY5_?r&ySNH?=csTs4HJfd5h(2w_(+u;M66vw#&Gdz$4uZ60#s*q_<52^y;m~x($=VKiZ}nop zes(?+i{MQ9e&M3-oj;MCA>G2zr5zX6-0P#jaiIS2uQA-C)FDbT9aJSd$d72vna*}O zLfFdkMsogA!jOaQpluuVu?em#G*8ob8Go&fP$rx`OsjJL}fpTf74+|utV@3-n_R_5BxIn1ma7}yJLM@nz4~riQMhpkuBXq$ULyurM#yz z6f&>(=_S${WcM4Z4!lsjg+$<{@k%l;FegY){EAw5=N47Z$`z=nqVJj(0`#y%{lrlL zPaT~JVnXSQ7^G$Ii~ez+OGijSb6gBkeR;f-Dyo5*A*G(I%~w%SyvdfY-x`nZHU%Iu z=uwn%5~CL-e+oX#BF_b~E2=gD-_%aw0z*!$P-M+7!l|(G@=V_rrd0R88fojHTF1{u zEy6l~N)#d$Mn)~cnD-0wC;WJ41=!&BxV8)1O>2Iezg!iUNuO^KY;GMMWm~ymkE5xX z7m~PTCB*OQrodOJOnBqg@)?|lo<%~faAZc-|Hq#%?ZH~hRuVCt|7M!_P{vgKjY%?$-Hg64d9NDPC>;Zb z5@34F=IBl#U84s3-}W)q5I*c9X~%o^c&5>cNZH&qAJo=LK(U9!V#a@6Wi zA^&JmQQ6loDA(V-HBU)?=OKdE41Dy4hGNb2BX_|Rio_~{bPkY{)mp$;lN#Y16BlyB zrc}h@{L`S$2#203ucx~$ufRB$$ZfcLb;a^|V%&VG{TZUM?%$9YTH8Fj4TRRO74EjB zcsPgOLe|lu>ENdFPNeOn_GW*Xy!%Tx%38B2j({+WbbG8}`^sYeB*bp4W|yj(ndYdZ z*kV|G(d+KW2%uEnvF}$bwk&ue5WD_MccohGyZD!uAgPRawYgQvueqTg6H@uRs+a*+ zriiLs@M2p&;a~Kam5Yx^*42x`9YuZO17?K$y^fWiSebiFw&mjaE|OTvsU)0yM&IhR zZVsiK6u%`~IZCfFs?jXw20g@J$IVHN;ZRlNa%k;CxP_y`@%7Qq%U7%f79!;QN)uo| z38eCyH0ulySHnLQwHs=)eK!J34{wW2T~~d-0E%?9Oka>Eb_t9aKPEZ}2HlJQ4y3N{ z41x0VAK)`HH^#&J6y2c~gn-L8=a+3Er*Ro8Eim}JH-70^iN{{q zGUBSy=_@13or!w&Ln zQstQ97u2u`b9KQ07!RilSiyK)3ScP+JY1?+QT(G{@oCsA#eCntG~`z;`lmP+XGyI5Dq2*w{;unZy^~rnM=+f<+(*3{Q48 zR(=N;LU^GqVn~5k#Lx7JG`bZ%6c(54RUzF zYnM=$>X57F-zhHlZb_A^z3Ly-lT9#dZLo$oEXa2(wY6N?yXk$hw`KZ7+D&M za;UR8+QjxhE$YRir0X6?mPZQ=S z@xgiozW4z+?0$hBNd@WK3L?nz#=|;*x!uhTFFV=+|UK`gCA&i4%`5mNTgmN@8on%T?3w z7ZHL=QFp&%pdtLc3~!qK-oBqMP}MS|@Eh&=zsk^wS*g7t)dOj@@y@k~*&WBT6sEB-jjGM%P{j>PZQd76(v$PTjal)~FSTMAfd{ku z2(zda;F?UOB+W-@`S;qX|KZ|8<7x3Gtj0p}GD7=&qLjv}*##-aJw-$vQhrEBlQamR zlfqt`BEc%E{-P!TsJqZu{aOi6p$z|K%!oQ^ni94JZr@a0=L3$FhG>I>Zv+dR1qF8$ zgGZQOBCn|Z^XGHy@7Gt^@8=sBBnjCR`Cz&Q505iQu?9gdl|A*(6i{8Zlk3&^pL~xa zH90WI_H+ltOwZxlKA#HxNS;>Yr=tf37`sq)Gf26iPGe=$^gzQcQktz+fB %yd; zwy1I_vut5*p#00|{s$%`e1)#K*-*xD^_)M$>A*GFTy^$qafI$ylI^r&tBueW^&FV zmaRw0TdYOgPmcDcE=nE&voM<(g}!H&k|IY_0myt3r1`ANGpE5uC(Q>nE|f*_U%>my)TpTVro=R;hzd4gS^7Jv~Ssn z#RhtV)!XYyNY=?kqR_+!*#Yb=ZNZgkBG9ggb&Jvhn1k66Cyi*AUTfV^yOKDl65bD_ z9xm+Fb5&nPY7fa!4YO4s-~sQFDFirRy~hh4ln^(!0+hVo+q2^y)#9k_M(EUvY?Ds6 zbEY7M(t-g;>m9NH%E`>DEeladDs z&E_xWQ4bkIoN6*Seeeu;fwx?~JoLa4S5b;-gbf}F?RDOsF^ZcQf&p6Y4l_KAm9Yy2 zJF6c_rq?0zL;E}RYIPv{2zzD~M=`dxddcSX)(RA}XbLhDwdPj6r6l5`dp!Xo z?Fb3A+kB}@Bio`S4927lyBb{^LJNj+!^&F}1f$mh=NEX;RNmBfJ>h*OKD2Q{gf>`s zA~Gfp$e9J>N~T&G1`3ErQCz5Ua13H!^Bw|FAjVu!Fdt4@Is(bcKcw+y1@jr@s@ru@ z!MK$AEw+n7+?t~k>y?f0WrxY3L$v;O^vJszmV})zlIS9u@YVFhjTu=XzZLza#NKyU zu9LI>L`iNplmyb2>44bdli0L>U(e;8QIf1(pCdXx-;9%>uM^ct994oYH~^|R|3br)iuuF?(xRv zX}5NnBCxsP7?GMa**Y1=ck(T+1TMEVm!-y+PF=pKH7ipZYfh-9B1kNOC9E)sd$Tw+ zLJOr|0_g4%o6hGD`DM1nbO!Ipm9s!F>>rNnlQEH6FT#+8s!UPD&_2k?VMdnJU{-yR z#3Xk62?$6pN^_8oow7Knl|F3{SCNfXVjm&L0Tr-u3nsh}Gd_7YWQCYQA^|;#iGS&E|E;d0WZq%wal$v4iZjt)0|+A|$82IGZ9hbge4k{8rFjb$eonv+xOY~Z zrF|`3eSs4!2-SmxIQ~#?r!XG|?yD2R8RpM>h5RvF-?$Fwa=MoTCA_V4eBoL52*Kkm zu?6QJxep1==1*Go%<9LIHTAqd@5w8)*Jez{ldhegA1=K75gsuA~Yj zqaX9eh}wdzydRBI*8MA7Gi?KCk~jzJg@09v7g&GCw0i#)<>2bhtUnJ4CHjEl2Z>I< ze!@cW7Qf-VAdmnw9!djJtF(Q%;%_+DY(>w9Uckuhv;v zs3erxOZXsppm_lZgqsBC+6E#%g(D29<;~N?CyY*YxQ14jv z{>=8!@j46gJ{-;>eux~8nrU{a@EE9ee+;JmXG6zBXP9m`)PgBurq3&U?i5We8vMqu zTk49anmem~b`?lc~1>1x*gK;gHVYJmKNT81nQi1mwwkQ?t*;3 z3vmTm*AZ}zL1K|OI%z*W-i`wb>ig<8@Laavnr5D4L$9}k(eHe=n?TqP4hyHyn97bj z?YE^F%4aZ#7Y@YXs&3n7z4h%7Xt6_cs+k&t4H{aD$p7i!92MHInUKyO{TI^uk2>fZ z)0Qd?sZDKnQ|OP!YqUFU430Ht32s9+Qa%p$PZmH$f2%q2Bl}M3ZqJ~$>}``9Z=crA z%^r|kePP6|0kiTT2pz<(Iia4_U90t=FZH=1o(Q?FAA43uQ+#?c*v=m%4O~=2M)2SJnjR9_X*Jh zV_`;-DD$fL@4{N=)yRb zRxa3nI>^R`k6L-W;U zK@iso@F?Xa=B%3LG&cLhrkc?jQ4^>oca)E){av#<*xiUqBoMvc#tFy}W zPu;Zcy9IE*Pthj<%zRHrRnC!fZ~u+_3{0y0&Y$y2Mv{qyk4=;}+T#%oV_?fbkLVBi zp^0QfMRdiYb2A8{S+MJSd#5N&6KVt%6wp3i?BPGLC55Ul|00&RT!P*qP7RIOf0uccZ07y3 ze1ynzyihNP16I%Kf9)52_hD;qThru&y^GV1QCB_8!SUFY{ zPcIQBYgT-9x5KCQRM@AxbG4;|9%X)~g><9@4kiJJyo;C&n{*;X78dQ4fq@ey$tS6& z;6-U}Gt8qE5SfGql>ocOj!rilBeM5R*Cc3bsxDWJ)=r{n*o}m;g^@77L95SPrcoaC zd0HU)JqpFwKc>v~n|9#ro(m)7bT$-kB%SB7LDy(EXWRj?Ao+_6^{171plnOPM3PE% z4`JTJ!aWzDO;?K%HN8oP1-e}ycGM5BTVJ>M&k|G_nn`Lxt&@cd=Zr8}f`TpCiS>** zob}BmB6QDIq7^`qi8*uTJkM`7WRg$7O(?e{2q9I!t5#0k)=H7Cu7r#2<*1{A*LO)feWgcQcC6lXL>$fnL5ZP0b|>&<5Da`Ol8{ z!{Rew<@$+e__yz!{GE0aEu9#B1+=H5ijm-RWr?)GQ+(X=t2va%J@_1tNjL7n8H5!( zHnPIu7UKKf9}cAIS!XTkN98QhwW+;ak~E9Ot4}Ly#EaXz%Z4;Hpj;^$i_YBFMk^ql z>Zq4!H&z3EPqzFpf@ri>^S)TjAi-0gy9+CBpe?{*0t@*LRk*k#ZcxBBxb|MNr;qr5 z&|M0|E2-0V&rK)Vtn;wS0HBl-Ac-QWiR2@3-~dNJxWC)%u&FLZ_KhA(4#)UF*7Prc zKKT33dsMZ(Rq{7RpE5;gR}77B<(!LVCWS|lPQ9~9U~VJ>ZenKrNN#87YLcAa<76v3u(%@a;Y(KATn2p zn--E(z?p5Nzgo3Zr%Y+s_vcK&cD6O$=d#%x)%Q6vL`VXKX#%b0{JRI9f9`Du5+Unn zO>~ftc~PB;VD(ngsIv#OKgb#7R+(eX4Y-2)+pR zAdob}!>5#1;v)mk&=^%P;}ihe52}A4 zuRA0|daBeCLJ;IcihuERo!}^7&fNr-1Axn_skO(nyT_W7*#A3^AGgl!yxyOlR+eSD z=ZOQdz5b^H>ob~*TQ+1DpVH)Ywfi9hr029ra{cojU)$wul2PZ8Rkwl|1;Z@yBVjhJ zfE(W7QBF~z_FB0ENT(8rV=(_n{E{%5$_N`|sdOr2LVc;Eoy%EqQ^BaFwMY4fwLw^t z6!*OlMK>TFTS5fwX-uWuDp$%V=i`F7IW-W6=a5aDZ-cF(Lwa4oiaDdE+DKfR z;SFj0hZx;7nzWn*4M`Y2IM@Mav43l|{#YDj5fE#^%2wkNjI^u+y}?wzTySsQbEAaK z3md-$tS1rZU&Fa*!s$O+n<&a{Ese!Q&!7Qa>$WjNTp_vwY2&5kLP>-@gr5U0$ zkwv{P1opQH)IMj!_G{E&0Lf??fl0JdpdYZ|R%7pRZGFJ*bnjomYgpovMf!z|QMim(Ru3nn+*|}=FkQ`xu zVJxQ-9tG|UW}d>xx!}pfx$Zh|mnvS%+5gcuUZ4YT!7mm0_mI9L=X{V$!T5;T|Xl6l_&Prro&bW z&=*5B(&wa)Y#hW*r#rZR44~Flg7g-a&ChRm?7OntXU}*HA{}xejzEQ_2Rjb>M6mw9 zRDeO;r^nl>1VRl$0~g3w*9bH>^_q|{LsVN>P)@{FSO4$@g32x+u)WX#ePBP^oCtm) zW4wvK%gi>lHbJzUT%D$Lq)%$gV^Oh^paYwT1J!~s`)Nraus2ZT0-g~GAR0l9-Jlq> zbOatc>a-{Ue+zRbUv@5W`cNA~jSXyv!w`EyeHW$xTZ3$Se{$H6O@CB!7a`A}vApKeIOti4F58F%tdKg%+(`9o)#Kc*QY-Bb3kyjBikZk$3**N7#IbF2WSR=xx@KY;te-ZG{aRq zDP0{Wchli&V4o20v6H_lx9CDm{i&%hwg+42_ty|daaOt!5i-Og^b&8w?}5dFv>Tbb z8e?lZa8K+k`Q92XVkaDdAutFq_VvMS3+pu5I-;V+7hr{DL)JZUtirD=o?`L{M{h!? zA+17~pzq(<+7PYx<@q9sM8AfHD+1A;kGBwGvCKegqmBu<<99sXHhQ;sPnlhso*6B* z*_@Rhq0C`19G2zE>n1d$V_bX>Bhldr^sDxBFN$LD(~Lyr>77_{`t>=bZ}$X43V2le zr)F0lVbcLeiCmeE9x%KosUrX7u>wTv|=^Qx;T9?6sv2gd3n z`Dw!xC(KnR3nyeFI0f0X_W<((uE<)wFCf)LrU`Ev3Ag8O_NH&g15TrIwfq;)9%PHe zqPl|)DiOMI;2fWDZuHqlG54?c8t1|3W~4~eC5!iOGjjivF3rcTJ8?gRf9ADVPn9(1 zi4fB(Triu{@0jy54sBn4x>b6%^R~^X5NL&O>QuvKQCj>FgPv%W+w64khDwkmX7XV` zE<01|!9E;muU`bUy*)%6#z|%Nc>QTfm6oBPsdyUp59v~qoR(}}XJaiGA}Y*(FVk{@ zn69uZrj|h^M?8|n4=mI}2@8~Sb1A}#qs)!%Ky5%6d@>&4P9~?M)yw*jy0QcvUA{7G zaS2h|mY^A=nv#QlC22ClWz9nBF zLX9V?Z&`?8O>&=P{0Fb=0$#Zv{u*ZxHR+#UoQ+De5SfizoQsMK0*gc%s^=61J)UCx zc1c!7uFMWcSWT2OO(P^kQZ5+xQ)?t=xQIq@$je}?aE09fpMiZgUe!N;AcA(#T?^ox!yWP$3YzTyQIx~z41q`=di;3Z=s zvz+b(k6^1(Lj@Mpvxw+u!-15o-twfD;EE;4Z6g1x{21te)xmy5jv=(jdB9bww z(V$Vko0^)O7(?pPR8Zi`8Yvc^Nk>*?ArG)qLF4S;70b|J1!vX*8Zm&RpY@w4%|q32 z1!w4Xx0#p<)+g!vV*h4G_r6{=pgUGrc$=JCpY>}RYWcnV?Tvp` zJGi*`LMBRh;}__xv)h}HeT`)RIY7eVoW>S4RAdRr#|U?jowU^9Hq>5Yu)2W^P9z|} zfBXVHgJ6pF|A%0l)xeZw;y>$}<+e~0HuRQV^tG#`C>JsWLXMpD_{?Am#l=50gt3Xm_eR_3hcm1;6 zvD|W)k|-e6po7xlL2)N38!9>o%604(O3yj%zA7f0qbA0Q^2UuxI{w-gR8@X| zWo6P9-QuH$dTD~0SVb00Y5#Kayu01uv{ui+gw`zB&h%&49k+LFmh>okGXs}$H`z7M zASlAb>iL<8;LJVjEWZYLksDPTQJcQ^O8B2ftL|M+DK_)Dr-hsMp`I$cvkGCg4|(+B z(kvDCPs*uAB^=!P51#tdc7_cv<{(^z$bVU0@UfT5g{#>*?9qJ7&+wLF5 zy|SQEcAl;J88@&MQ-URi+0L1SXJ1#cZ<(Z4wE<7xqRNaTQPanAn~-uT49bT8!`YsP zD4${R12_o8+Hj($~Y3y zwJhV-pvs?RR_c|j!StA~8s{q>jdepqpF&(LrPrFx!mHUIAKr>S_zzZ!0p3SJ*r3QV zO`~;yhp`?723{qp{N zepKmE+U(Wl!D((xJ(Ap@QQ|AOmbT8{HQUhCLgSQ)2^+NHkNYEHHCD%zK-VqXfXTg0 z;}kGNL#^vQiRoe2fE8KI+BgwAgcODERq_EW?R52VbqrDrL59AB#fgihZNvI2<>%<# z`RFGIUEg8cvfzy9+NfwEQET7Ol80(T|IwYAOatFO!7(##DpkQ)S!rek(Wjw1m>ooP z$9}*E*_?-8!$c)}mb@Tc6bLlwtu&*7yT@!5s9fHsKt^NQQ>z9Q-8LA zOZD}l4mKoz=gepOEN;RUM?u1O^v_8*7iTmSl6?;p=u1q)yLk7YS-u7kIOZ$}6}rYr zIGT|wO@cxWcvq3lV9WW9t}ZKD*Yz{09Xwl7S~V->OY@yu6lV(X<_`VTuo|a zU8QGsm%`HQO}$eddy#dYhJqEFv!1)3G_zdki>jYy<3!st7RxODIA6oZ%`g^HDvChfa@{$r{j zyFhz29pz-eWP^}dw66F56tb#v_cUSPVFt6@318t?WrK=sMpTc#I1=@v{Ckj3Fzvys zvTp8tUNvxlu&$HbPLFIi@5xL$K@^dh4M@ITo5iM02MyKcT_$Uw^Rg%vSKE7zYly>v zwieMm&@EacHIA^0T$yTmRk8U+my`u=SkzOEb3+1X-+VV3YjFgiF?YP+7FsHrvOwg! z(ET;bfAkX%wUe5CQ272!A_ zhBtb!jaY9Sx~W~0-I#S&)MJq&LqiuX<^+|Ns4KLdk!%xE zjK6(Q{CV%8K9IVs(G9Ro)q2Ohg0};l3%sX11&_TAe}L=hy^q|@h9f4hq}*fgtzlDs zBQy=!b$q8+x+n~Se`w_-+#{LIZv$CRHAln|zzi!El(;DJ3Xv`x-gQt?01A?T$~ijU z7PsQPn0s(Yg>6Wn8w$Iqw#uAN+6os7F!iFFT8Z>ii8wSXeG~*lqmOVYr9RzSVW9-9 z*wgGn#MvwpfcVMmRHvZkHv~9e9t-<82D#z|5)z^){}Qf5*bOXNkNX{%X@zN-z+=UT zr!7`?G9yg)Db_wk`qyFfnx>vg=jZvq9|?lKHlW>+M?1Vy^1=j`g|?HdnUuc$=2M?_ zt2o_(z^6)&aVh$gw$)y$vEWlw^a&TiJ zwn3!`G-@0CLV@Qcn9sTxur`o#Wp(pcXwZh_uQRqQ@0OPrLTip0s!N^6b2MK;Bog~( zq8^b!!gvT~#IlBGaOReFjihOBOwM5zH7* z$1WU3L2HqDpu6-)*9@A70otL_k0(i;pg&r|_a>X=|D?-?GP69@<$Swd{yooN92SlY z#HsSKLLC#ZsQ-|>*_v&5dPW+kHBO{?)wDK8VmuBbR?4Da=F0ZN)_h%5oDBM!4?2uw zQrlu)lY;M_jWDI>JyH?Wld*S??o^zBN2wvG_ZCaLt94TC42Adv^neITwJj~!m{%m# z$akRFwXuVew8ug=(WTbCiN5bc(O4{+ zUQ`aOm%SCl+v?LH1ub~aOknf)>)9EJu!F$lLI_+M98>ciS}2kYGQLWhaCno!W`Wx0 zJq5+8+)-<Vw;CSK}WakkBIcno1P( zinE5LOdj7!rFbx2@S152s_91ou2Ii2OzZ;)=gT!&(n!?$YDH^iAGjVxh3^z4G)Pcc z^L7a`_2j6Su$pk}3KxgZZI*pdUON9*r>_JJ+{~@x3Dc6R*g9b!oWwRe^Y({B>d5~o z8J>qk$K_l@Fq*R1M@omx$BvmY-8?tipg9Cp%Fi#(iy}2FDT(h~1%g%cjbwjm_dP== z^Gw%6iAU870UH-=eq$Jii;o};q#mU^@m%G|Bh>DBKGD2`FauG~ITFtb(k#&KBoKtLVp8(W`TET<4y+cc;Ne zoK6;K&LJZ$Y|nYt)ZcV4xDR0Jzd3hB+^;3Q#f=L@A;G~eR4OuT>QUf*s0oxWPW~t8 zWBYN+0e#7E*yMu0Kk8&&se~OY{fd1vb6kSHo<{sRUN|Zs*{L8#Bf*OboI1mr~=e3E@BzLG81}xSzrD(&iSFm)ow})E`ea z$HW_*g}N8EFe=-8HrLpToSBkj15eZ+1TIB1Rg#%^xJAxcB0O&87_fsvLUkN84=z~- zlo#s5+Y2v5msIF>(NtB$NW>_Y>)PcnUdQE4#lPtdugBHc#@t*l}o|9gy(k+ax|)9QiT$}z)b%1lrS zh4-)HXIE1lPC^$g6o4rSD@a8{xvd|!Evx!!8$5k>*ES%q)4*QGAO;MnYO-gokxBeb zvK3)r`ZH{ll34FXf}8|WAt(s6snjmnjFZsVPct10eg_gjWIdvfqn1Su{F_x@Jfc@V zQ9x_nZVe3lf^)sq4Yo%|-C(m|?q=z?!Y9q7-L<29*v9@~;%GD-B+S)5My ziP|H7Mh^V19B<57r9%Y2RjYkAqoo6X-!p7&&{L}KRKa4P);ed0<8~KCzJFE7i|8Dv z=BBd02M|(#PLhq%tVVBjHe0a#<)G_mhzaJWhciSepkpH)t#=x*!p$ zpebcnvE#A(;&ARC&GljGdI+>0{^w0Hp#8K`p-X4FUXbTj>;?n2=Ej(zLG-WQ;%D!w z1((HuGSEZ90(#6$-RU0CPp$JyEMB(|cXW;Ae-vzj00? zXcAMEb6hZcEB(Pd{KOC4TRt0dai-%REm7iOJ)mI1YeA2cgDIo7r^gYG9JLu{M8^eK zgD7bXwq@m$9I^KK>e_@Rj-tDpRnxpeR*%kZbU^X~rXnJ4AP!556{Q65;Cm+uIOCZF z&|75E1d?G_bi5vz0ZT7NRvha|EoQ8RmPq}f@b$pkdh!cbhOA6#0+$o-2=*A^T(cNG zaKLt6(6~f0C3Rw=fOw3=DuldI)b2z`<-|z8z$d|XCG}ZrV6LS?{=){5cbB}6O_*Ny`o9GaSdP_o_ zyKeE<9rOn=oRm7YtxNP*JukW=HZ)RV_hiRM>p`st`#uPCl2{LO;!`!+u4Ft%iLcIC zHFb+n?!Ug#^e+*k{?7ds4Kf!1`>g_STdrk;yY8e zq{gK`8?!jTFB*X0q+m&m<0D^L{VEUWOt05A$0Z@HK~yJ|6+*nTcTSh|JXFjXV`68Q zTF_bh&duRGw#iAv|K9nDhn(L|jGg7Z4GeCR{pyhNfPMg)1_Fn!%JfFNwNmaFu<>Eb z;boi)`{q0AIvOHD3z?*j0bYDg8mg<)iTFz8xT1L%#guqr6+vKrC0~o zuWb^hXvYp2Q$!+#yKC$bLh=l6tGQabiEDM|KWQX^i?G*(fY0oYA`|^QN2*((K-|eJuvj_SB)n&O_f@g0K{6+?neHm5)|XU&0lu z7+6nfM$RcSLR0DL<)~Yb#Pq+4AY!eh>S|83AT7#}-@U6_!!vwSAN4N4zZv17T4VDQ zO>XZ`I+Pf`dE39jEVDLQt05hjU~t`)Q5gr;XbvjWOfVQ67QC7*Rr!fc@ z`~3C{UGaQ2%dPJz^)4d`&oOUw64JuQ8KrI@31{3vX}%TK>wCImu4UL~>~72*1PJ?l zG#y_aQ5-OG(+o&pJyNdbctmZuKnS;bsr;aZ|1#EEF;3!TtFVN&bUvnMe4-B{BCB$K z>qV(5wA0KdToT(9XmbxXzn>Hm>F)$8V?j#UyQoMC2*N-K>kq{zhze-JF#Od1NdCYd}nTM=7 zefC;6g)lQ^KiSq7`0$4ATraS*PlIeqkNkjr6>i;ptg)dkOkr# zw|03s(<9;MyBTE~w7Xi*LvSV z-qwP(nne}3A;g` zZY`JU7A_2hiD%(^IHoI!@Xe6Tx|(pQ7$mPCMzvFn*=S;F&{=$3$=GqBTEXJsA zM1EE9G7!rir+1CV{Zwm9PSht2Vcwl0aS+`>C{}1dD5dL|Gyb z%f(VZcyIvXqW5-Uat4dLRu7D4FH%1{+!c9MiELpb%xgh+<;0Lt!-pasiS=7S*EAwL zy(y|x?OKo*B)WP=UsN+zek}u8%e#8cyN&m@H~<)Gp={qmNllwi)`e6btry*94ty|% zf*e|b2vt#A22@f$i*9m~(gj`Q=ni5X?6H4B1=Z7F)ZC;O`N;Q$?DEXPJfSlBXSpv^yfA%{67UrrT{u(WG_^05D>P2HL3p z>~M!l=q^p;lndX1&Hf{KEGw?}bxB7gMhOsNIXh7C`uAVte5Jr8o*+%gYm>!FYht)N zCZ#LTp97228pN=p$MiMj9pI`%t7H%>qzOXqy0^dmrvG;364p?fCTlv==6ya6 zo0ZqUwto9OB%~&oh=KH0r1$8D6<(i&-2`Ss*mlCB{YzL02Bu(KKXriD#3}g;9!=#Y z_O5!t1@rN2?(J3!QD(lG?3}`v;_V3?s2Hjoo*-hefM`A_A5TyYL9Z7?c^1kS=@VuO z1ZY9x9mfD3W}|E^Qj80H14wf_sf6V*5)bGeSWVCyx6gIeEXp$%m7Flgf9c+?8FBzB z_1=>|^+e_P$LkthTM;k`^+{%M8rA0f=2<-#Y_$yE9-K(g-V)ZxNXT<-{OkwL0_C$9 zxm8VM2lJ{t@o^$CyL2p{duW}2Nis;ARP%H@NsI3O<4NGXlMS(c5B5|ZE^QHx^3`mp>JxEb@-+5*ZD8RvQ z$dC7ZHwL1LI%})oRgUb5;>yGU16`qnAw;`tHe**$REUAT_*3^+?l6S|5r+Td*2M5U z&;2;q%g~ks^2hoZ$Q$N&JYlI6+q7IQ?$_wV3~3Bi;+adtiOB9q4i?v>cqQ7?sH}-* zXAMyy4w3t{t24_!#}5M{QE>yHJgGIyK&QUv!%;)nnk2V=`zDR08f)j5$L`y1Nzc!3P*bKlDgGd!(KeYnR<7UJ->#}SF zxrp~*Xv6aTpp1gW_g%x99!V!@HL#EAv*Zcb8grgjLHgj7o(^T^TjCNq%7zTC?j%_K zg$a7CRNmSKbA1thkwo)LVa|&Gc9JebQqN;Q#2g>DfZfs^hII7w^+l#ZEB`6t{E1Z^H&b8W97QXw6PrHGeAX(n zhlE&I5Fel}TosF6H`F4N*=OOXHR6@nOe|%|A+Pz}JuD6k%xkT)ZPGqvj)HJO)~c7Q zIC$h@d|x7?9`bDdJgK!;&6W|+i_dKa&wSb)<56Oz^#_oM5c@YQLPdD^!w;sM>7!+Sdyh~?>AEXG76bQ6) zGIG8{PjHaufZhG4>J!;ru9GAy9>?^7yI-)ms}5H&OWKe+=5Aip7Y2h*kTV?R>i3P6q8@!G6-j71RO23C zazdtzTVox4vEqJ<8T2J=cVrb_O!_rw(o_*ztc9?%=%{cusO1FFg4|+b=0Ao;cL-~! z3D8yvhn!`OQ?8~fStH8n$HcX{${_a4V*RydW`>!vTI;O;BJ`A;ZOP8_jV6BvKyiyc zTt4OzWRZEkW`NT6EhtNDjhtH^(G{@Y`&X|@tKJgnxIsO`|FXe`um)SNq%dO8*pW6U z!NTugT|xxaYY?eyh+I}#N{8HhK?AdVHH=aY!PVcJiY~%y27k1Z$x_h8S9qTJ2sXS+ z!M$-c_;aqDyz$Yx<9|t;o3rA5eHd*Gmg7(;@_c%6Co??L>pfa|wQ21@IKIiP5qq8H zama~OQSgu4t(L?CE_WK8K3%fkxNm{cGi!gKzYNvVXwq# z^^1zOEG4--juWI0QgRVXiDLl;RMib%ky(UftoNLwNHIz->iGB$@YziUU=d1kZfuP5p@v{b zdWJA+y1r_gH1tvqu7ADY^k4nFR|1u9t#~e{MjS1eK)3p}2=28dQK}jgK}g__=P&&I zM-Wwz0_%SbK&VTC+^a)1Vxb*cu)vdbJ!skZF(Umi+Un|jF!*nEUk5q|k5`K6u$Mbg63dAFUVo;>0MI%*aGq8upa^zY zS4t26F+>P#BYCYgmBq*=53?5p9o`mQxN&xg3)a}3q2J539EQUcjjAPrziS5j8}$*Y z6b@&9y+$FAZM|dW6a}L0R_^9E`M@v9;Evn(_RE8L%;WYjomMeG(oiL~i58b-*o_*c z^hf+ma|c44kAD!fmNOpW{|qxVyf*(uV4r!%Q1>%@qvbDCyyun3gjJ>ZnfM!5sc<%B*d~I(^bX z^|O5(D3fyd2*Gi3OhITkfG$g>#mBTHDbUWcJ;Y#J>n(s2?v+9QNo|S1dSOvNyCi&M zUZ3}1h?VGI#rDI))I-ksPBrrSuq)&KxQH3@iNLi0VaVmG-WashA->FE$I1R8%w_g@ z=uI3jF?!Uzm@RT%Tu**doRuIcqzm`5eayp*l&}f(Z&_oJDh7ZF0X%bqLZMs_LiBVz zB#ge1bKmjmA-%~q7s`Ps*-FGN-%L-v9=z!?64Q@Jn@>q2R23Bzix^~m2!F&@0hCTq z=<-UnJfO9&Rd7T>T;^d~yYlAA1v5pDyyaPcX2oGm8^`WNeOHfcor{N#m(O5`V zpGcX9-v+@o57@A&`rI*g(XB^-%iH+O2NGO5!Ex?L5}`j^NfH;Mgg9wEG^QIf6jba zc&fXWQVR1J9}7Xj)e;mM;ZCghDpvkxG$G#~Y66AQIKVkvr$5XqZ)xYJ3O4bncUde% zi*m`rbTUYG86HUx=0@Lwo2^bjAlK9NT)ZWe(P*zJ#myUrONb$E>jo6H73U@a1x`9D zB);-wZuFdB_|*MNzz%2)877CNzu^|}Cs?RD?I&AvPZ>a1Hun8sHwkn+xptZ|{g`=E zv+6pSA^EbGY)n zS>{-)ET%*hjQ>e{<@b}-cpBgq*dz!ZaLyWphim2XLtnErs)atDE`}m>;u?qh8*B)S zL$rl;EEB>Ql;{l!)sNK5P?MjdpF2EMXsNN?3Jc;DlALe)MQ;kUYs=iE^YEq|ieN%D zsN>(r+`GP&r>qDFyjB{d!qQXvvWZW)0W=8aj95cgK>2us>XLA% zrO2N6#yL#1>AT<3QbTKOi!4Xi5kfu3KhDwFC|l0#wlO-%tqhZbEB4&f&4A%`Me94i z5<=^7!HXx=%h|T*>Bf2gIEaUG@^MN;RS%q#&lMO%Vk*T7fN7C#OE6A9FSTW!Wd}B! zx?h3WV7?#qm>~I{Q};9KI#hla$L>Xq(4@fHIi)T@>vhaY9X?pqW1F} z>^PO}?*IuFZuj^a?+q*OgNni;Jy4@?Qs}J_M1z3-h<-o)M$n_HF==CW7w+u+-aBM&H~cuc&ID zxA{Q_UMXr3C$Y{JG!O<81=t zmiDgmcpZ>!h8Op@YaLQDTfi}|36Nfabr(l#UYbCqsDxnL+tP{6vU2ov+FdmG#v3L+ zi^p^M43qRg0^sfCpstYvg{Uv$a{d>6E2cRRfJ|7b*dl!|zYIV~`o2I+GL~tjs|y}8 zo6qJ>D?wTzBcZ#~*3tdFRs52Y%S&=Oi|caT_jf~5FPRi>LCzglED6#W>>G)o>HZ!; z+7EUDIP97*w^~$iyy*G{(180V(%1liWt}7attPnK2~Yb{&E!F7%H6ywV(X?daj*!s zpFVW{u+*KNY*3bp-qz{fET-_EX8=$NjOD^N%h-NYCgGXc=u68;&jve?^t6~9oNu`YSXZ}yShWai)#eZvFOoqKin$;rZ1d* zWuc#&O>ia=OtRqt4tVl1hb@kk0(Q#fabGqyxx2&P^Bx*{qR`8**j451)RPtL<10ZmaIA#aT*WQ*ug6_44 zDu(Q43AalAPLhcS-ZjK-ktO{Y`q_`Crl)H%y3-txxr%I`KeZNtf$rB;!9imE=}cYM zaNWjAD?)eYbnOCw4SaKs@YAp$yU2nD-Bx7FoZ6wOlDv#%1I=iMqLe{AHkKcx(rsOz zEe!dJf*F%XVsVaHs_}>5xT_F&y-p)jrNgAp4Eg74C6-#f1y-(8>lS25>I|p8_N3$HQ<~T>h?ae zAf7CNZ=|(r1Z~lfW=7mgaehlb*5RnYr$vS1m@wKSXjRyjvCQk?l?x#AO!CG04$Ae( zv)8m6pYMWJOvR-k+RPbgXv;UU40Ev)VQb3T{P!HZ(Q;O}eWCBfGB~5#i!BPy%Z5>4 z(ns)@SlFc!clm)YV*d=es zU26c{dg3?a6VR$$Rx+3XONxQ9`snle4ZCJ;B>g;4V>eYRq^ZukMM+Q3#k6Amvh%7;n4WvS<|1+vrv#&@`*2 z`u=iS8KATA9G09B35&s=>3PUGb>J&DG3RXJJTT!I-l1air%={V7`0`^OlLmX+Qnf2R7 zV(MvH2rU5-?QjENRJt-O4n!Y~?k+j2z|@El?*}?Zxo!+1n)8VP`?xJqph8Tup7l!% zcnUiyu1dhNqreR~2T7dTd`N-1Qw)3jQ11j)i^;}~?=MszXs^sB@Qyk<@#Uy^(Zf!)k`?z26>k%7>8Inrre+`(L7 zxn74db8yh8eYMd1^tM%>ABybsut)1VXn+fO&~cfu(Cr_eY%QIx9AZ1{J}w+Pw6QqW`y`Q1L~nH5dTdnHqh6S2Ry$}P@uNbXxY0bBhd`fnG@Qp^e~yKT-b z0QH^?Sn>3vpA-3L71shmY#D22nsn~8v&ZaU8NIugB79Ef#sCAQHd5>%&&b*=6sg#C ztLg=eBq(FOST)y`%M^(OnSN&t2Q}Lld~z+kiJP<*Auo{VkL$yYh7FSTOMo_(YuJ^0 zt?0jZp7fK=r3Sn>@>eBP`i>cnC5}8Os`3Ib)JKUnxwipd4AG5~e(>=BFORjCrvm7k z@=@kdVx=c0#(Ft=sjnUb)g`_=8Ain2)?R8Dz(HSAiPIMQIuOncj08;2tGNwqMQkbU zcQ+r{5Q_c>y?)oGYk=N9EU2+K%&QP-k61kt$DF|m>pfoaWyT51O9>>WRvjHo*9N`f za&WGG>8h7)?8{XPT}3)2JyH)yFXYf(g@?AMa4(!0iIqim0RAWc_;Xphn37I*8ju~l z8?HpQV}?vTijO`6l~6F)4}WjA>Ao(>Rp)cocig;ZR53>|M&YFR^N>$yT2kWY+u8m0 zHY&l}HG*mX`RY^u%^@r%dDe_{=bnWc1oiES7WLQhiSe^rM?%YzE^zif{2+&L>@XJ0 zh-4F3@eLP{#M=k;<1{f4oTO?>=4^mT2O}ZY@ykllwYOuGObX7B@?$YimTX-GiXYGBM432$=Q{ijTqAo&~ma5tQ#wkDs@x2#iO|fhEE`?ea?M&S;Zf7f%a{*%n-#*f0y zKccESk5TPRrZj4d7@IapKs2M|*gT5-LCH1#Zayiz1YxfP14DVWcPAyjg~?W=7sMw$ zQyWQ!vbIuU5?$#>Z)JG+m1DefZKk=+7dck2t2z~5nwa~|QA#x-uLnv!{W%dr?fiZa zB&7_pPbcJfGXDIIMrgY(g@+FT-W&qmf}ox-F^z^cGp1Pu_v+AZXW0XC?Ns5bKcL)88Rp~uUu9%Wsa#Svvt=kg@UgxM<@3FxL{yX z#i-;6Z3t;K;<1ARH_HD8H-Oa|#WDPvu!>7q z^8iky{+{4q$2}}kwK?#lh&eZbb|AvQm^sN>? z@FW4WjvfyXq%P!n=7{GBSYDT{4RQs)FF%>?iiE>rLsD(4X3w8a@(mLeNrYZ(jVKa z>H!Uu6R3~yQcev|(Io2+E3vA@$Wpn!AxJ7ynB)L*WZOhYHelz0+$Duguc!_C2X;?t zFg$!aHmUfofdlCo-`m-LS>V@D6rX23$KR+#hADw%M4mS%-7hm)_o^2(j2x$q21fBi zhpD%P?2--LcvYGE9A=NQbeuA8X>2}de(dX5YW1SK1Zdlg z@C3T|_W(^mvcFK!V7f(f4=gX2Sj?in{$BY+1B;nfuutL8rJvFKl|)McB*09O!L^y^ zUoX#HPh@UXQ4BR-sCy@%eX)?j-B9ldZ|x;(^>4wK>eWg0Kw!hW4T2S=_x_`&=7qXpTH)veAxbM89b}xj}f1$a{fd zaBkxK(v~qXFDH=l#O=Mc4v~G(>^$ku@&~L`M4BW)%PNL27`kOyK>%65JpqbQ<zu$YznpLI!WUH6902TI4~WW#HUNjMHBhA<4Lk z!d8*X7;89tI_r@<4Qe0O#@AMj({>!4?LD@Vac*$6GU*`hHvU$Un5W{8N6qb#gmp)(d_2uH}g!s**{S5VX>0VXB{ zPl~{LmlX2Qz60utCCixSy=VV2{fd1N;j)pnptd|Lvu-tEhP*cw_&W`RgK2iKs*g{~ zx>Wu`$hw-!b0F_v8y~pIT1Sw)|M7=TWXXpx*(J6dALDLzTZBPRWx(6CR`vZ<&{W>ivjYrkW5NjsymkB6PKj|V)C zuHg=vhLBiuinFP!<|o&1ly?%`ao^9n-G%-rs?E&kU)0z|Zy=~%K#@DwS(3PYD~mY2 z{(G)m?nj#-xAU!aso|E$vM~M(HlhObJ23r``d`)<8q3lqyJx-}nWaxxK(+1Gg#Bv( z$mbXupZ7b_%o6LJVepM)2$NyNKHJ(AvDPevD%jGYW=_f0zkaqN`ZZqMz%c^27e=0E z(`t`1g~R?fyl)ta??>_SZWU~?N=p-j)f@SuY0bw;&Nhza)initf5sIlE@Y;Wo#ma7 z=O*lR8CX~H8G9ss8PjrUs-leJJvh1WTj@KhmhUY5^%JJ4SB$AT!SF3t1_?9D7D97t?QMb5!o32=0#$4pXN|7uz+jPLzj^ z|MV*<0Y#$<*%LSkMl4pB*X|@k(ID+O-cl1d2Gf_vNQ-g`#maRo1fK2`=h|7qRC;n% zH2{;hxq$&ju0w$|*R*>4{Fo~#z|4>V2LG~g^B5UK`VR8ey5 zziU3Z-8aMGzP=rX-V(}!#pOr%zVEhq)jVkmH9ph$uUn33|FZXy!f+y&99&ir>YsB}$>k1=Gv zoqK3d$Yek}3U%h54;)O&>o^z>ab$B|Cu6L<+iDM+t^v53^uS5P>oWbfV-Let)O{+y*Y zwj{OicnaAu(-83MZ(hI)6fIe%Ef*LYJ*ot|mO*Kd=2AZPV+7t!>dtg&Oynq|iwF_Ws7| zVRzzIhru>PwBy&=Z9W_Haz6g0NBBP)ZbS8F{*acNQr@fkMSYX%!$9F*&8<7>PBz6j z^k&{m$ST94Ix6we=m7^e%0jAyiY}N2%h(7p1b8aAV0p- zhj3f}ru?9*qn42Yj;-$Xcn)$j~lYaYalp@DSkk4Gj^rgFtoexg-SR zy0g;&S8j&(u)eT^a_mPB$I|AphV zlR-zt^$sEXBoE(vv?+gQDmZ!YREm^n;tR0UvZUnuJLczELA~u_&QKahl9G*prUiPi z&PbfFWa{9hcmKhHnS1+mQ~E)gEVR4QCZT|67pjjGQnp>-XLW zlDKXoiu1>X5xCG9uga&i%Ee-tOI+UMIb1)bE|AjfT*M-(`{eEz}_~{>Fm9Bg(&A4u`{`1hfa*pGbf&hivCFJs| zyp6d{X{60LQl1d5knnUb#$ExL1J#IG{TqN*3Ir$F1W~ZJdS!X2;%$Gjx;H?eyRQ{S zBVQuWENpsMc5k>D{0MolZgIeidb$^mg3IZZ#6vgG zSnce09wPAYe4XoLFnh9lhTHFwdD)yC8upkb7@~tk2-F>f)F^EqwI8dO$qgTaG#H~G zV_S&1n`F1;dj? zztePM+~S0*Cty}#a$VoFqz|wmf}3*+5h5*RqW>w187NOr-DC<#HE=MWK}`&Mrpsf4 z(Run`$(wEo5{JzmIo3c35B+(_%Xg1@QbNG8$e=3!ykHZ&K}yDp2(X`ZhoN;sOFH-W zggK>%B`r^LPB15u>XUF>wd=4D+7GI;Kebh4Wv;dO3gn-L0&ioA3u}UfJZj%)Odjc6 z(3#~7{A2shEo0SvihUF!y>VW7KSY(~Y*>_pL1j{uQ0&tx7Kqz%x#YIL#XLwiVlsKY z9oxxyH$Y_|VnwvtB=0lv1xfEV7Z(rQWwhK^!^VPF2=X9TTqO=hb*E3BqyYDMxeD)3 zP~*3fNO0a`#~O3aZ~RmH+&-%Dnh0Gav*O8t3aG z(Iut>$)29ddPaQ9iepOf8_+bvyNS;hILqM9)eHSjyw18PXaFiPQs%FLJQ4{n5e=5d z2SV1QF2SXOrM|OgdN}Z2*#8Okt7~2CE1&e{%$sp?(a$Lm=Hn+ELC7KBRVSu%w?&}| zW-kaP@lfFGo$?6tNmfwcx^p^{^{ZsIQ1trFjd=^LbMlNHUCeV(<%PETYkWt}^OT=x3`)U5p`?NlL&xog&QdZEPv@`h#(kMn=#Oxx*9(y#I3|j;l;>rmT zP({qLkR?%Q$slZ*F56oNk+NyOJOxnuAu~^I7#Y?7&YiV?)YXqcCLf_pG}D*}UA0!H z1Y>r6uI}o;X^sD(Vul%esmDZ3mU;eHOa1iHV8Fg!$} z#lP`z+w&9jM66@PoRg^&8}ZB*X5Us2hzxeCL(6sePXs2FOl?)jz4(+5$|)<&&IKOo zt^xszU}|au6y>Mio}ZMGK`ihZr^3Pf5%U1y{Cbzb;en7p>K=diu-Hs3+=Kcji}LR~ zIz-&1snsN3vE3a%19m%-4YY)$TkoHVo$vq8!YDhP(kOL4+!T3y461DM1)V1W6&YYi zT73j3ErOCh3u4z=`*Qo;L;Cb@7SfN8A>4sTdgwXT-&7CbzGcZtn6dwjQZZ`HUV|4w zlg%S`80ms>6}Q;l4Ofeh=JZ#={XGq8uF=*4KDmOjf`CY*6e)mJ9j`w4el}lsOml2C z(tI|`FYF#abnd0+ea?aL)xoo`kSxYqfj5Picsx%kRq6&XcXO9Hbbo75$tx-M<#LFT=cQkBjI9kLolb6_QB7J8+B7TZJii= z<47kn95_Yabs`0AfnEIT4h1GffuGI~$=#I^1V=!m2Rl-d;E~(iJfG8{xB2VVZDfe) z^-h?Md(-T|BH;2A@*tw4vki3`yWUDc1Vatk&>eHgXO39qODIi`FRL0#{Cv?TK1vX3 zUsXEyV-)GFw3Y8YT*H0jw-wh5Xz(Mb)Q%_iRS~?v|2`}vS+}>f3(}dT)#4;GA-I-E z7?icLP+kNih8JQU$@n5_(Co#$koQ&3KTLf0Q5lt_fjA7MSR(Tf1qDREek#3Rc~%J3 zXzGQb>kHx3{W>_(T1gk0SdUWm^m`vzsK6XXIHu%%%!ro|D_&vsbA5RmQ}L{{KfRr{ z!dKOVO<>kVR-ra1^>oH5*U4jEe3wSvRzKK|bt#AE(Ij{#+!vS0@Q#(d<^JP3b#PLt zF_(Ed!c%H<;&%9j<_(3L{Bj5?rH(?fe2t4JOZCfUfJU>2-#DiT$m)d-Zxi5GnZ~&7 zoUo~h*Tt!E{fZ&6?8s$!a>jRQ)C)&Vd6Um7H1Qh_Zw=AA=hwAwR{_+`R=)7r;*Jiu zJ=^w|ISW4GvZIp=bmeLx1SwiR2b>X3{sC^59*^MuBqV+WFJ<)NA2wD)I&ACLAQN## zYUsxLx+ZUZnqqb|eeFka(GFV#Io81CrP%dz`SijnR3&HMgQLy;9!7@-7j1Zs40{L$ z8`)hw13t3pNwREjmv#@w6xe*gt%|$6Dt>52&8H?7cN>W~*eYp5#HtPU(Pi2} zb$8A8(m0&kffpw)x-O-)z6I#rU#YFWvJMMrwvE#A-gYu3*#;d#CXDyWOyOCAZ0eS9 zIk*k;XPsV@nRoIEn%eg6cvLr=D9;|t!_rVh{^=tZYP%DG(e8E*GdrzhcawdY!P2%W9 z=GQrX?KR(?u|ZX$U1&=S(Q{fWfi)=nWC+*9pD=eloq!c*nuO#u>Wueuo-?!wGrib? zLw&^`4ttD<@CuaHBO{_|785GbdRx^q_yO>Mo}fz^=C0zk9y z>`;Qq`|%=e$kKc53qyVjV4G>4SSG`tYtS+4w+i!`n)PzeDaaWJO=s1ik7y3=Srqt& zzzAAa{%W_Zc#U^CUaboPGz3m={T0My$yF9Iufu3^rr$Y12pacER^R1DKx6VP!@|92@-;Ht89^ zD_K$K1VrP)OJ;a!W}_PADy{g%54S$(tKj6>!nk2u?`ut8xZDP%&Inr{^eIgWKC@u- zV?1zO0-RM|UeTNFAazusj;_vHvMuDpn|*T5d0w8TL6g;K#q*!^muX~g z`CGqO_B%e-laz_fz$Jb7K%TP5b)8M{U!^@bXX=d`U|#;HCb{jv>B#J{cMtNacPh=O zaJSlENwWc!$gFW{&`D=11pHMv2shawH_kz?d^6q6;F2deV|VI?1es1@i;w6+XWeXv`z1EB2$-&$>V7tTZ6Gg*U=t_r@!Qc zXqu^jIrW^{vqJ7e7sJQ((c023R?l}1-Ez<6tNYfXYy+luCHN|g`fo*fS%i|&09ePk zl}*S=t>7MHM*#bie?IYLa7SdjHe=%n%iCJfa)bR9k)i{E1eiq+e`E;Ee<Dd9ks+S4=vP#QU(BW9@F$~$? z*#Y@HC_s_BO)ZFEF~`XruOdVt1qR&*U@3h`Fr76WpEtcSvLU8ViP+|aM9&ivPhU`R z0XhF}pa=i(raL)V7p{}ChRo$zTJnNo#*Gs%Ymz9w(ZKe};ntXxWz;I$H?h-$@~Wi( z`3UABI54(Jjh!5%_uD*gbqJu^>A(S0324TATTO^@r!TWm7)tw9De_hwOcEj-RMKN- z`srJAJ2>{Bg<~8+YHe{Hu{kJ+mYbYVo>xxwr}P)b%0h&L%A_cA2y|lM@N>n6Y<8W~ zrnp^m8v^2Ki&@rcQ|S|kL6zy3Uk75PA(wt$!Ys$H3frDfL`&8^z$7?ON0_7h+Wf8# zE1OdfYq2lY*J#PBx&MDu)-Q;>UTPvq5176m?>@|;a%&d8=wA*tqG;e{*?ioLYG&|i z{40ehDjNKfWIZ@r!3=0cl!aJ=nfxH#Vy^8qd;%7m0E$EcfB?#Ul>=R-?BNVhG+|Zl zwGscrs`9*}smE&;t5$neRF#Mo6>2P(*L)^ruZ__KSF&T#BKLiFRBVR>9}X+7rlhsj zl{C;|PW#L50m1h+l%`aakPbzhm5G*!GLR=o#g_1Xe`%TDd;2SUI1p>m8vF9iEsIAX z%93O#(Ni7mr+uV|tI+G?-E1bwp)Wk^YC&ikETYffDQUm#-KEnO zu+p3_>u^vYJR%xfRe5#~AJ8Xy49_|9>&s(1tB1{ zeRzlvAcc^RM|5cBGAa{#vt9lqm(gWaV6%w(S;;AI@kPD9O#x0`Uzt+)UpUXGU1?N@ zazV<(W5H5bW{cX3VbQC7js8)M_Rt|s3&rYm%^{OYk>x+mH9J4RtE3}#(Tu0Q6|0Wd z4Th}42LChiL2qeTNzrr9UQQlH68bO=OR@XL<_*n_$}}ii?S)k_?z+FEZ=8MWOB-|Q zPPt-Ttm9MPCx;{)zO>c{779uVmI8xQDorzTA0QyZWA07`kbNQ0@!H-EN?Eze zf#V;88Qcj2U#jlBTKdLKJ^udl+rxJ;bhMPU39+>kM=no0ID_^4>C8pyTZkdLQ^oew zW5qWep+YX4nounM+x9UwU!Cn^LLl8IJ(3@m6*Wcv7Rl&@a5- zDGjJp4J&0Ef9oM4uMol3FsLuFCBNM6=`}!Upr9v(E*QZ!B*m7Rg+IIf^#Y=yk~|hj zpTz)td#^FNXbxD2^bonG;6^IAjmM6yeC*P6lKvaeb9oC+%q?8!fGr^$m;5TpoCgqO zi}&>$RJLq$98l95Dr3vK)0N_;!^%bdUK_h>O|$p?s`+!cbWJvX%&H#qAZVow1LMB# zf&+~ZruJ-e!ku)wR~Og%h4mgi_{V_n&G7U_{0FtfU(y6>ko9)9`Ew$s2`|63lbV$U zm8$uSan{D!a!~eIcL_(AAwuvlTs-VxXWw4Z?GLLZ5xe*_9=(6YQW^DAC`NUY&cX}d z{iX4+q6?R`cC?Bsf>k3a!qYO8FYxAfEaYl`*Y1S-y0}ZO6EwZ35_&u+Ky+Q25gO@q zF(^GfWVckHQ4Q^vlva93jyB1zU&eVwPY2x-Qj7dMb3|xlQ4N)E50tw2Kx9!vNn^pi z^ErQRZ$<0UGej*Av}nuAjD*G1V;v)fFimXy$)t?ZLTN7-hVU2Ava0=J%e4KvDfop& zgq^PVoR4JHxVEWe`8kGYDXcPwglw=0(%tgxp*sB$H&kaSVkKheYD-?;n(&u%W@#!R zzLkc``4{O+BZD4{H%E~JKcBc@EZu^=D#Pb6kC7{+BLM@li@nkv7WZm~sN_^{oJXY( zzLZw_7-_ze>G&i~WkP`;g;KZ4N#3PQj}2cEXlOOgDI#1|KE2NJD(rsYDGG@5Uh602 zQtom$y8nWgsaWv88U}fqKUG!NWLyGi3*Q(B_&)&=mJH{1JR@FaB&D6 zM)52|;zTfNVKGHMyGJu5B@^rSBxV&%^9L{g+&2$#g~(Q?Dk6uAt~D_!mhgf5EWbo) zX_|Naz$-!)XV$&Y@wq^c(wZAAWO!@ZHzux3?l!N4VdRq{WUuaRX_49pttCWMY75fbu9e2fJ3sl~y4a64XiR+^q)OQo(RhSj4 zJ2J@B43U6W_Z}qBR(L7W1Lwrj3Cix9U|*sAs)b8vHKaT5DY!|6?z=g_#+jGKhHNMK z8X0bUu602T2p;gX!=BqfhLoL<2|wJq{8>T8TZxxRN*V@egV=rvQQ?Nzh`x$8NV9`` zSKW^oXG(o&tGNa6!`y*}J+%^Hpvy;>=i_zrm8_-Paua;Nd?vV7SSVoG} zsYKwj6PB`yu+zSAIJY&as7N=X5e{KCY_DwcKh{;VrQoj^YV~-ve8)&6Z0a6=QncuD zM$)|;p5|LVoNR1sMGQK(XFQH~cfU}!FmB-}4Jw61_`C5GiK@aU^^T#_2fFA3&nFzF z#A9$k=gJ-hx3}ED2TTni5?})3hGpj*LWbSjeAa*nr}6W5D{Dbs_vmILW30_s{Hd2~S{~(n{joxS zncZNoIYu_!!f=CA(ZgxTkPa&}vJAO;xNCgE^R7W8xRhVr&f1mQNrATbsgARG_*MDO zj3k--YZVVUtk6D*ox(?m>4^ zC@XL+>R;C+f{$Xw5Bp{fKP_)siy9 z7>H!2-Z|?FT%7jylaM3~o(qW_%gB~;7p_KOX>Pu3@uZ|ssVYa;faG%0KN{VF+!AIG zCKZ5IO}+xI;UtPdQpjD6VuikZHQk8Q_4k|cT263CF zQK5J^3Ro_3?38eg-wRq&fw7y~EYgL$kFc3!B)$XLl8q_zL7dj_@3LGXkpCx5vypP2 zLds^vX17p2gKsV4dn&|Qlahej8r|>xmdk3`O2uwAO5_j~vl6t~o;OIA%jG&xSEfcU z(+0R<92Yvctw2y$5ZTb_8{-&^#QF%0f;=K38<%9Ji+pe^px8`g&%8-^%aRY_U=mJ} z4X>mh;3}nQ#-Wj1-MFs$#km+UfiiBFL@L@?&7KWc;NxF=1lY)E^`fi{De!*(GW$~+ z!sD)`CwxvSqapIramj-U%6&nU#-XSKi}Neq7G_d#oQ*&RDcw@(4l zAYv6BpBAvaFbM?!4<%YR>88f-=?MP?W)YtpzN8vn{AY5lrOTbwvGOfaG(J-gKNXC$SQ#`Utar36#9 zObzK$VNzhbzpizLemuoX+|94 zAu*IOB%V2|dilZ&Eo)VyHnL^%7YN=Jg9kPeRF4ZIsD8Cq9G)rH)SJQflq2(!zq-iv zcs^%H6g$-Ek9fgLnpp^{Q1qR|!z{d3EE6zw`|U`pknCg_wbiwM!GDAD+pgaAwJ8I> zfU#Yd(|V-P;LZfvs)8BG0=FFDX4yW5ZMD%gV~$J4SV8%>y7LB+x1#&CUsLno!S<16 z$CEk=a#k$_3C5%TNpc{p-L!%H+Nga)4}qG6DumntZ?CiIGhro z#GY%cGm7akZ=rUSNYA`@B7$nLxk+)`-iwe4f=ziB=+D?t!w3g~Uz&2x3gjut-IZrp zp%m=TFDcK?vo%zAXIAW$Xzst9pLBQ<)i8r7)i#z_pp6`v83eB-<#B_Euyi=xivKx! z{WOo9XQ;?;6J7FKBGZmzQCOS&s)=PzHpHjznE9{GHH;R#a8J!~D)bYxJ)@FwMdg}B zy~Q1ZU^Uo$J#6)_o=U<79VMi4s?U)j+!{%&atyhy7T?y^=`Sf5bUzP8?8^ z@2-K9P?c^*eDxELl!F6M@*1s9Bfp9bu z(h0t8p)q&Tn_1k;XSEc~H!&=x7g#GK{3@Q0I5>KM+KW^j$(hF=n0g;FBOJAEQ`2GR zco}TfFNNOGXKS0G35Q;ZUWp+#@|3~-Y);v0(y<#zH=29NQvKp>2O09EY1|7^kF$pZ z8rVZ1XwL}D&Nud!e*^$yjeRjy(9@oRa=F1)4h)UkvN6~yhc z7%A2HNE|#i<1p>5H$aT4GEbBq6j?|e)31Q%&ugb}=a?c(KmrUY2?|s9)a$!-v@jfJ>e979 z{#PtKM2(FCc<^?QlB=}Iz%TXQrwJ7Cv{whHd3Pc7f~T=I?iP-&&l6VXY=e>FeF?~ln`rVM8 z@Tt+Kd@47wBXKmKWBZU>>bNX{Mx6_K!x!&SpRTpas%+Vz^`mbb%Ck4xC+f?$HnI`gp9grV zY^`IPNo)QelY(=}$o6PdP4b9{H8Z5TxPGVrJuhh zn42X;ND1b4xd`z$&xXn0sPl*~!7~+=S@)arNOsH6G2|z7EpF1oDeCY4PCeQ_@0654 z&6Cf#Rw?)(Afsl3y2wxFB9^tXM0Hh|?GeyeP$uz8_JCX$lDfjyXw-U7-xim>t=Ah2 zp&+ZiR*dq6+#l*C&h=~$5r_fwe;zKM5UtH#3-URk_ z$~8OoXj5Ro?XVT0q=_RmNj1`VOOJewSt6gUaz|U<@(Bo_jbBZ}(SsMfIgX`Ms^c*O zlN7X9@ZVG&c}*c2k3Vh)LCh_bRZdX-tmE&eP&+)@G9~WW0XL4bBgI}4h;7wD{XhD3 zxXXeNfjAowEi7wdp?uMG*o+J>=$HQ(vl623Y{hw>Wb?<|+f<|_$1wYBT2LhUw#nz( zc+4AK^XD?yHb)TUEbHp`B`}j@h{##^TmnN(BaR$G^TMj4CHQ84q$QYse2kih^@hl@;cVMuAR@iVGlxU0^nTX~M@SZ!4Gkvs;4bnl?n&ADbJ{6y($mHO=mbP&ZtN38fZI;k@X1kEs~A zL$ud2%_iM=DOs&4w>t3B7qP=|Duv$gmwT474n==s)RfqG1<&fU`+9k`kyE&gq6759 z?eMEJTyD+1bK~jIgDNU$GVy6o(2MAyeOnJ{!ZW|YR4GU8pW8JGJu97yk+$HxQ@Xd! zEZOUUpe__{+~JTm6rHGxYa6Ug35yzs^k(+^Vv-ZjvX=14ixQdf7Oq?;B&hwfOv2_r z(#8z(WlrDm2Dq8TIyJiO7(V&~QH@1t5_`6+W0^plqwcurO$Yg#E zIp>z!G-ECrCxudDjzs%m%6a9HnS(9hCIqcRCh~q(t~F}=?8YbLI-_f2a=MrUpDIkT zGa{W+_5h+BCt~kC9Z`#8=HiO&dP|VQpOLhWcx9a3 z3VKjBGcY@}-)Fu3ar{6@ssZ0lz&8gl45I}5(a;Xd+>{1? zgXKj>&~XNoBYXpZMx_u4(cAl-)CB=vW=;7rn_K>RU}JZhF*N0xf-Nhz-~^9`^RgC( zP&b``=VIS?+VuRlLY=J35&sNtP8JMV1O<p4f4gW9WkAm1$Sx7eLQzw4J*j9^wAj~jgpJK@9}Wx;GCF z#sWy^dMfXc z-@KTSZ&}1gcP>RmBS&5MP(g%sisw!H>sSEKLdpUK$NCZbZjgObpcx}1kBJvRz7hM` z1o(vOkbHzioKr5B~y<&Ee)^poC9mzd(4BHj}ii^bt@ZL}Fi z|GlOz=19$EB7O7@>vSbtkPar!7wOwDxh0vFMml(-b}gPl28teHMx@Xk;!HfWOu*6i z1zY6QadR>Jm?~AUc#>I*C6^WQ`B#g4)WkU$NiZuocxx(p0TpGW1#+jp(3C zP6XWD(pTjqOOsLW)Ve=+{0dxsZl{Ljh|#QcMw&Ucm_4qEPU?-^$GHsGrUp$YD^V-k zFiMdeK#AnKa@Fk?X1MQx*-`i#|Er5qxbqRSYM^yoA*ovE)7Oe0;G4G| zeZGOJR$ACCehgr;XeMo{i_8%~CF;qP`#YPbI^Nm-YfJn;zui%rp~^4qGuSO=mNO6C3faAe+a*&DJTa{Wxg-++-@<%71Dp13liA;M_#BwxcSc6s2j;uMr?$Q! z2d>-7X)TH?StsCp@bNThmqfa|NT1o*78>snXtu995XOAb632;0M4x_YW)m44>Psyh?P`(KT-DuZT8u2cd}*l6w{8oTuO-|?J(=OtBO zET4*c5$W=B{)yqQ$_%;n%+Ck!kGt6;k9Wk0B6dSD{RzNPa91r+k>z1OcmEgsrWu`rMiC5m87lP|v^}QO ziw8@_qaKX)=q=~Wp*UA&b{*a0xe6XEtqBJv|9Zf%QE^0VEIB=<6i#$3R6Y9KE)2wo zGTN}6^ehS+x3qX~8)_i~PT+^29N6Xzmq*^1fjv2sJfGT7W1v18nJ zGQ(1u{XPHrlvQ%OP2xh*_p+?4T~L+UI)}CoCvr6B=%2^B%8m26q21S|a68O$4xNQ{ z0TJQC%F94HG4fpuW5~Za-U&N0s%!_+D?5}o(AnTjC8Hu_1M-+K;PtM6irUEpN4zFnZu8{=fhB>tGJHED9(#f%dOZNBYhIWuNsp~SLs=517(2+ zK!lQ=B8ojHIR)MKAg#g!Cx?!~Bdz6G7U$mNL~91M9k1F5O8Rvg3pMC&DbslwfVp2b z>_a6yyw7k9$1J=qazJyK5y^6&*_EG-N>aOtFk7O23?UKPPN96k50x8RF1@abR)UX& zL*FE8Q8bHY*K<}Yt_qv-`C{b6f<$pYk#k1CyH>mMXrn*Wz!a1 z1!d6t2jiHjlqYPg{O%hyL)JS%9EQM8^JDb7P2XzT&$XXvKRpb9c>**_n*Fxw3t=*6 zEoy7a&!+BblMw*8ZYPLh_e^`?6X8d%mLxkyjP$+}?PcNeHZ7!WUZ#`#WDdPh+$m3x zj^Te^M+lo7x6THDQoyx>cS$_pa36$qo*A-(+Ccc%Cmy^xwH+mOV||4$2?yzOjw`sD zzSfYDZrgmFn?oHTh<325duZgRl4Rr`|5F|Jz(iaM9?hq2K^%;IW~cW2sSQ7z`xS>2 zAVV7k_3B&)VY3c=Qdb-aGql(}ofqzgCERPxShpCxg*gkkxHUS4yNI=3OA3CR0<}fu z$2e9V#?&nj7E4gjBysgxreK;*e=&+t=!n9-+l*W)7nUp+t8A+&@H z8yx^Gk8&a{ER0k}w7*Oxz$wffP@Wpyd^4Q99 zVqa$v5X}D?$DBHU$`NNi%BGx16|ZQwE2pApdqA?|Cm4Q|Ov(;hIxx$_axrV>KBoyj z@>AMk6(CHhLS#eUZ$u{wTt6seE zAeq3c3|T|M%?YM3k@^xNz8EB?zg0}=BL4xs-YjxF3O3b#?P}v=6kwwYZv>EJ!O?hB zt{HUV>g4nbf~V)(7_pm zVYD3>O@Q%mK)#}*ILsj&FLH%)3ZV_7+@kbkggirS`$ZA?K-?vTfI)<(1}=HO45yD5 z>Y~JN*v6i#+(mDy+Ue$m@L!6MnKPTu1Ln>d46QG%fw&j{YyZd;rt~*e+`9=pJm)Eu zBV1ULE|uszi-9fuSc)It@l>PG0jfPRVdaiur}jH74*&G&2nm1cQYZscmDn~QUd4XhY_It5lS>Rh-u$<{ey9+ zXzfWkv<5Or@zPFVM`b35x+^a968zAFfuUL4;}cPy>Q`1fd~s|4>G4b`!bnbglW|r!|}y;P=I{ zCln9YsuvuOP{^>tWB)j1hiS9bKeY1bi+d#8A7U>G*DVikNFDGzv9u74#$0(Y-XNZP z@uhP(1sfB1u>vnLDhFAl{D=q)|3Y$Vu!_k&+XRr^3%oi``qWq0FMG?`YUlkj7nvYr z9(D)0qga1=+6>_AFu$aQ3OT^(_rB4mlpm&T=*1fZC-mIHO_~my=%Tyx$#74B0~zo2-}eA@%PxUI#oGI4 zYVf1eT41koCqAt=K0W4zOrfyptHslc1Px?=qPcBtDELc5cv19(@jPeP-Pa3e!`YR4 z{C&hT1(56tnEPuD>5O!gAo$D5wsHr2@A}X`QN?cfKR4t4xtg4__Lfd%cOlQO=O6~c zlf^E;f8`27t%+oAmA{o8BuDtw?0g@XXPjSduXL4VOt#?Dw_C?{=7$;e$FMEni?3}w zF>Zv&hEe}1Dj(|9EgFvmw7_bU!o}y9jK}}KxQ<&XTc(G{0*Fy5X4vy+IMk-SqFfud z6W3(zXd#FzS-O>k+RkA+Q3O81-Rul&zBN%}DL~7mV&o?^6(4+y<_m`qdNlldWrH-6yoFHT1Bo@bYB|%kIA&X? zo|B?Gw&(61T-K=BANSD;FNb6F`Ha+j007FL z>?VOk)45~nH<%Sc@u6~u%sXl)n}w)*wk7%0gg#~x&Lr+4QFDH}9+hOpzfMnc!NZuj zYmgr~`~y{Xj92RD!6gZ4!01$w!F*DVf^G5+KdG1mK-wI@yF&1N?Rc`w zLd8K$fQ>K^snQ3Gs6fWz2tt3Et;J>^{nEvGcbi~+B`s+bl%?Gp042*tBTHmnVjY zc6+4bWiU{hnI@57u(;)oHJ+LiWrDIx@$DbCw7>)A9V@CH0g?;LGKZyGwe6Cmnl%=B7 z(j=$Kzu}9k^U{2#$mXx_XK5-jg-v8G6Z{!fL6a}gUa9+JwpFEvUr&?uK0tH0im7Sts2Fv}C zj(^UffRww4@}}p5`8baWj^wGr$Aq0F2~vwPsyp7cf}d@~-x2q68sq>`K>@lU>I&NO zyJoIYE3j=H=t~|#XgclYSrbABRIV-+lh^;PNeMwxYdf4lLk;ciZ@B3V%-#*Ek?)Bw zEtJp$D^Y)in|lbzw&H>!saJ9Gt_b>U*vfc9m?Ql-OKj7h#-p;qj7p=;pH}C>2G_;H z*_c1XEvP$a)SOPpIQu=w$cfUFx+h+j|b%ku=qZPv&#( zJ$Za*NVU5{mJOY~Xqe?$Q5HoNtbjqTMcd>mL=EI6$I}M)m=)p0n=}rGxR4tpga#zA zfW8Bul@K0s-Vf9jd!Y3~!*3Ajc0}W;x9|4CfZ_}-t>C#u%4cu3#lVdv?ojJd#)pSt zI(3ynM<)F>_D1ySLdNemm$M2T$lnJfu?+`9XMKSQSl#x|@kc_vJfqj>bNO5UEY0T8 z=|^oDn`&ce^h)1ptEso;jT}T$41S^hoz($nd13267$3IJj8^Uy&`6vp*Q zvEC5VAdCKZYKM6h(?bBhaX_ld8f4>^G%xB55kVpNr)8UU;vR2a;Ale1(-}4Bhz|v$ zv2*HEc|arph9J8oScz-i*3dS)GcZ|8Fp{k0m6Rf@!4Nf^p&$`mPgh)=xH{aIrSl8* zmgnz~asg6sTJYI^Sp|&IMMu9D6{5-A=U+>dU*`FEyN~&KpI+A=3-68ob<~OyD5d#s z6g*OZSH_mEXD7iNw$>bUjBm$rKGk#bJ^~eI7`R(up89^e0O{FLkz;=MtH8$YX5D6p zdWyxu2t{Jv;rlgZGyt9*CEsbbXk@X^H@!gT8rv z0iN=*T~^@cN#)^oS9*o4losP?1r)V2RAgGdqXdv#9Qc~ zMCuq}#Tt%aWb|JlHUV9q#4KkVNR$??s1sc77>HryRBNK>fAAH<&b(WZC3_vypA#Da zT|?-hcUp&ei`8lO-)5qO3}&nqWxsU5(s*h*oS0$+L6x#2S;nx%BEb5p$dq%DTVxw_ zzRRJ3vB4&xlvM4wRlfPh^{I4^};D{kL8cBQ^MBNW{=Y! zL4R-Ya-+5qVn!C~CZ5`16AKsj;q1UT{y;HnI4Vn}j{BKl)=Itmbt^&CGhH?QE&Lj+ z0<-XZ7Swl(%jf+J2>Qxc@nUefsLw#u9`I ziWc6Prsv>ycDSQ&`?Qb4y^z={1nokRn}k3u0hHUjSS9VF-Kq@EB@)dMztC6dQFNz8 zY*^<_L&nevlP%!mu6vJDpn#$8%k};^O);We(@JIVpiDm;?P8^o6D~(NW_HxD(#}v*P3=5+H5`2yjxMM+Ax&CfG+93Oq2z_QT zoln~o^tQO_?omG`s zhGfq&18Y7h=b9FN;vp|z;)Z|tA~q12$R|Ugx%9NS;iDaZoPm<>A1G8&^J1KOB-C2m zI8UWl-A$oV^V6N7lU}}?(JE5$yQM!mlze?bVKx*cU#ssj^ABvr^rs?&E0!*Csf-d8&V5;H^2#i|h5I9`%ZZ8FC`o?&kSdxzZ6sH^*)ZS` z1hIdL&&VfZ*1hWQkZ;2Lc>Tm%MGQfTQ(L@ZGKPN{w~GT%?aGdepyR?0f#r(m@oEbi zr?%~MBQ&jB*!LHWr3Lc zj@4=%>-}ry_)F;Xy1Rys=3|4BBL!G4Vcj^bjTwFVd_KsZuIg8V^0HsW`JA&O5d(hhEya| z&(G3{-f?1_F{M3X2ca`by9S8Zq1_HgjdB1jQKL0(wjaOcLTGPd`tuU08olVG@ofj^ zaEC;df>xs3~eJb6+vvjkvhnPA}tsiJoG~@BLt|SgECp zs5{tS)CvD#j3wTLe>KTmE9ge#9KCl@F;zXZHS^r1Rny}n`9b3Fz4iZrhh)j;X(@)U zm@_kCoO>3#{tKs)rF((AP>A;D{BzbfLkXqE)=en2s#8*oECyt3A#3MnN~O%9GVs}W zxx?E*?hp}y1OszO#y((eg74y}=-1lWwKPJ=9H*p?h%UUA3j9DefZt&00|E?D_k97< zAvi=!G=RTe!G`iR>!=|WbbOgrWb{bZ(MKOmzYHKg3>mdV0{XY8KbwZ^(eE97vw~cbNCGTY5C8WWbiz0!jk1Tf z>q$^*GjvWW%k&d0`a2Fim_9SvRr+9^|WY_-_K*YdjP#$=k3_IknFPuAE~pY9(QvK_ zXV@3*1V>;FbdUW=+Rf?y^>0JXr3Ioccw7ItZ!Y~lOYhI%23IKbE<3fJJiTM4c#hS$ zfllzh6lKT&pAIEzdSh7R=c$4g$%Y`5aa*68!^JYNY%7dZXEv0vM>GAOe1CojQ6GN4 z30L!~ca-xW8 zzUs+Z%{#cB*C5S5kgAI+LhY-;Q-jC2KcTtw^swL`uID8bB8OnP zk&menqi9|!Awi=82!hZnW^Fu1$0G@be^U`YgHj4gR9u!CTXQ=NB)9%aW@F)7)pIWcTi_U0(j09l6G=aS-qoU;CEhV!5 zpV1%()r=YXKS%7rjmb9nQB0~p<7y$*=BCe#*$_u&{W3^4j}+|*fKVr@)gNiNrIIAwQrNvul-+H?_yysZK911Vjnbkjtx9l!a-TZ4?&go=*o zrU>+i6U!Dw6P(9&si##0k=E(dZ^IY+H>0&+F%>Rw@2UP; z<#*uSnd6?G~@SvR_@=VyRpoFfk5fsKZ3*!6q`GM6(nw? z&iW{)e~J6XgXk)7`_9*W0~I9w_gVV-?8OY^@nNFdU3oCON*HI_6h;JpBojncHqEET?o3mb3Zm( zDc5|$hXZy0CLylAW^kgJ5j9D8dpiD<_c!2aRyp@SaXEB#G9UXohX|XvM3n;}(_UrLHemU`r8@s^>_`$KEbh5RStNeP;2)_buJ}Ub4%XO{z|j!IWSp zGlHfnx&<;b3NS~otZ04jB?-?_^adytva}zsH{5WDO}YFnVI>nEGDvOfMg?X>q3q7- zQK`E4-jy35;URTPC4W2?_u{_m$}4x07Bb>=AyPjGxS(6^z7buPd;j{n=$a zhfDHW*Vwu5cxNz7Y?8$u75Le78&nJs8?_M=*0jJ=11wAKtoer*Q8l<4+!kS5=~_dS zLXT*@wo(9Nqf%~Nj_FVJY1mKoT#0@hx!ik_iYxrMt-JqWF2LOTFL)|YGMh~Oo~wXd zeaLIGEeifaq7V>yyo{iR35<&<^NPvq%e4+x8Lr@=B67v80TOApQn=kVB_XbJ2EpJX zAmNVWnazgE^^*>3xVjihHto{IBo{@nu*Xq_p|NVx>PX^h11jIB4q~Dn;-?^2y>sjDhRM|Wmj3#)#=m+NqC<05 zadpJO9^Dpl7BDnt}c7G;__66^lMCZ+*=5AQcCwFQr>6Pq;4>Y*Ki= zl9<|Q8CXnqFY-@;vPXhfGMvV|gUA62DbDGQUzz9>E{-{pPqL4_8?DM?b?`$$76M6XI^(&i-20ilU=7=#&nK$Y#X<`L07I{} zPvMB6oyz;49|)XgBg#vNv_Ra`(;8&sn?vd#kT5R9b;VM}d=52M^&e0x_9&BY-Vnw~ zD|fMN&iyykjS=mL9?ED8PB?!Lt8a}Qebjx}sazylee_$lw zcFuiVOTN5=T$;!RdmgNqXBRS*+R=+xt&S!GfqY2Og9Ey3QRyXu(z$=wGe37JMM0?- zJz~bv`_UxF?hwFa!$!s{=$y!zBX_B_62w#9ydbi~65GNHV{mFgF=a@g{JhpbRTvj# zHCW>_tgp(lQNhe$IFyeQxXg^i66)1C(?(SnCwd0~0(7S5$fwYD$X-`a#ToIHqf!u~ z9?h`@WaVkuUi@+I;r6qq_xW-CyIU)I(sF#qbBXuj3(W;j3=r+i+O~li<|_tf@5TMq z#%3UfDo+JT@l;A~9nGy6>ugxobv|N9tLh(r1x0RkDqfdc-ddSL!D6e&0Zpvd+{tky z(KF&p9|;5>4MIiFe4y?~{fi%}P)Kc#GAr zsC;e2#T3J2D5wQ9!rBu2z73A_^+;NdiqcSgz`Wkun)aZQjTyXJ+`s!1k3k8#*$a_+ z+maBh^0jugeSiek?3f8(V+~jUiU)T3=5F7=bLGk95=2<}F0tk;^$nD%Q4IkDt9kkE zeh^E`AiDt>))LXImgx@OzkY!BSjp_K_br&bE3xr3lsS&P6B9v?^G;4{Dyr&mT=+uw zy#2jzVjIi3IoxVTfv^8tet@~Z`W1fB!?J*xy}2-rwL@!qF|S4U-64-uvGy%}mSakj zm^Xh&0!t5Z5=!kWn zw87s*`A?enJvGHLzC+LraZVw>F`08(gheg@i$W_DhEdC)n5k%u+gLqwo%t<>c4Etu zDM*qy`|BOr!w?@bXzt6mip$I3H!k|yCq%bz{;H(rur1bbimFSNs z!Ziv+VaH&_JH#Dl{j3WvNn+|3JoQVyy1GIF4HNMd|1L*H(I;fLH7GH)-X8fTYy>BH1Rah031=aAC&`Nv zm+CavQ8JKD*O5Uw?!1?!^7>lZuvqw-b97(H2IDbC#@wl@@svmZ=XaCQ9OR3>vlTALB+gA1_U6oAw zUj{2&GcEY~Xo~G9DsGjAS#j@%M_}wVd8wE!ZXhN)A?#TdWzD&f8E$lmI}iY?ibW$J zlmh~Hx6hn$7z|rLVmpt?_DqjpW(9`@kkklv*Q2&KsDlNvNa-ZR`+1?xtSJ*ta^J0< zTg{v~9X?l`@|F{%c}#Xd1G5;<*F`EV2jwoeblQ~aGIX%Y^w9~IJZTs9TN8V@vDpq1 zL@DYf*s7f-hYX2M>?ue?W+4l!&Old8r`=ZGtXyL1#8gV)ja0~GM9gn0%?`7zqcG98 z8E{e4n$P7zY@xvq;@XC^QBY#sQ9siE-hVh+|1BXMS-IWbgA=eN^}7*AO0R(xpgCJG z7c0M717NnhhM!PH6$`pT^gRV)&6|wRlUy@w>Pyfakv_kqoqQ~ZoI;-im;)P_W>1eP z62-Obf%vjsL{G3WgPx)R_{uK|tqU?X{ofXp&6 zX@jd%gkg80Q5rxCgv|W zp@Zs_FWzCj;l2p?)B$c`m;pIUlQ}pvSR}#q0|gbF@Gu}G)P8faUsBL zgoN)s=_K^O!}djVPP>NFf2$eeV`qW37|3{z_=8{jE=iXwG`n^#lkDk#O@2}glDus? zG@D*wZ|X(oTr_LTz%gNDovnYE%KkmA_aXL7Dj^4eC8Fvkg~PFQ1b@*S8>N1hMgDK5 zG~bjTe*4e;DeF40{I=DAi#Kuma2YVfZ=hSQTXj*GiJtKFd9NG?wqDOPa1RT-3Z_8E z_~h^Ax0G&}bs}?I%FO!-FP#2K57TA-)bN|@jMt3+OBg=$oj>)1)*U?~c@M4^VlxNB zte6LKo7pB@8lCYqlKD6n`0gh8Wc*%>fX>@w_ue2GTqgD-)|rlVcRd#m>M>enG8=e! zWP4%$y`;B^ zdMI%Ion$QO#K|wnKKgLZA)BZWY8Krn&Q8>9j7NhLi|ibB+)aTc2-x}FW*y@5=iEL# zYnUZfi0ImX7Ug}diZ%f7XvO6G>El%EOws=b8eCq~vHyMiTQowIi2)>zFzo(k_~NS7 zYM?^q8eb5v{E1x*#+IWsK~$qbv54;mEBtFpmy9_G89a!|0=h_#}=Yxi);@ z5o9rHYND;vl)DpKwCU~%-2Sqys6zs}g&$VSwUsi=e&7J!`ah9z-XR(P$(KWw*bTyp z-pn*e^ff`aR#MIev(MD7ddunUH`aEbcLe*lK_xih(Y4+o;AGf?6MIXz$r1ulR#NF4 zNl1gxnR8%DOnr?*`39uB4z}H2$6htdpuuKJ<4URQq*~Y3>ZKs2!yCY;(eVfct3VVr z^4$-`+Owvy2R0X7>6RmwM%1TqWD{~ugWzRAL9e!30HUi2f2GyJ*}!NjMBGC+fw+iF zg&VPhvR0#!52kQGz3JLOoAsVk?O%j&(o7t-ht|70?Bz8ZESvG=_znk{%vd;AblVOH z*;eQXV?C5g+*$lR!K60B=)OzWM`<&-axhsaPVvDdqom^!&oTD+t}zC7l4OUDu%8|D zR&&K&yMPTDKUR$7){2^9CQgbWeR4F1wth+6{U?>WCEfH`D-l1@*ApGE?BZ2ka_Tn8 z*kQo##Gf^ObJOijDpmrc zlJ4_3QzcDZ3OAm+^s*CoyOXJf@)iAY7XXRpd#T(I*~dhsdp|E8ZKwVW4ud{8C#Oz@ zJcRz0NQDV?VjZMpRPBk?C}L6=@9NK=Ie$45yu*lMd!b3fDGhbgSQH43zJ!lw(dlaeVrKB(RjNp;#5 zCsHqyBi8p2{vMN;2A%Iu9Na!06PSqFQ-_HyDHx%Eu7Z zTBzly=Xtg)vyg1Xq?sFqDR>JBcLnq#d0dh6;N)+DGftu|qGfrlm^L(Wm)ALoUV@)Y z;_6X_VhlO<+{S=N&zO^BefeYb^%yF)1h+)QV8G8kh^V%KqnRr38jW@!9n26=SPA*s zWnjax!N5&oQX)k%yb+TXwk3~cpiGF#gW+7e`x>j;H9%&-FWmK#2u#PgNd@5HVJqIp zY6JyMpXpg5R%3Ua;~qBOhf3?ZLOmO$(8WXtzBe~;5G?|m_EPgyZBX0WR{;x~)tQ-T zn-F$L>L@1$Fk?I41~4}$bX*_`{T;@)2#86IsQ9s%*ndyoc}9eOkjW>?o?A9MrDuIjI4 zjxxTu=GblbQElvg#+@Jmzt_CWG<@YBl5#I^qaWx^ex-#w?Z+ik<9CoB+P6r3z92}S zv;|#3#YoV}gTDCKYYir5F7Im-SZiMni%wUvYduZP%bJ_oO@Hba27k@37}`DXFfO~o z9naqP?%LKpbDBSjK)tTD7WM@my3H7XO0$QPYZ?4Us6|V4=mx;O zhWF1bImQb=GR+(U>`T>dJ z7ut+~gDV-htMa(9lC{MJKGGWe{UN5Zy@~FeJdoM((&)n>xeg4Nyk4OViT)2fMe5;h z23h}k^nUb$z-!r4FqrL)Z#@qCLT0N$s7mj1q*R$twq->5**t4mHn8J-N`-)IcW*RK zo>ct|C33@BwmYpW)hSgmt77C8?e7-vL)G0qWQ-HM%}x7HhC6c}#OPGC%t^XWfz9YJ zl1o?7d<5GW7^@7 zU~xG{8WZ61%FNTdYtUq>4#0_{#uQfMM3#U_B{e)M>ZD}gEjeB=C$Yutpn|3f!d&Ocsb)4sM! zF~7KUWSsNGimvEiXwT07KgG5E69^HV8V?2tO?>&(Am4)dhWztqpcI+qNALoB7Rt}L z4`>Ko9cAt#R_hU4%JHYIP_ofCW$AwQ>10AlfIt`HLjc<0dK|Of+4nQ+v$*v@8_jW- zF!`KKtbUH!Hj+8DRu50VSh%{wy?L47HT zNRW&&m5n&;j;CJ3HpbDsnzOpwEaae2bnlo*6v;SEsYnyl2w?rsUh>Vy>#vA1FmD+F z?1!#xW22{g%~PlH@}EP?3O|g}RgI^W&s(l!BigjRGBlNn1LtnxA%9ZDwMdt0V0Ahg)39KggJG>ZOJ%B_cSmnK zNU+8>nps{Z#JTMR^T!D@+JR%HUEx$~1Q#p0FTGXUp=kiky81S%M_PRJA5)Z-FZe1; zsLXS#{Ux$a)?$#1j{@Y}B6$Qfn^as>%A1P#1<|mckE07ysBarC@^N@5&Z*l>TZ8_p z|CuiX6tdu7s$~@)(lM2AJd0J1hwZxzk%y|jN!u8E9VVyW0RMAvE)cIq>VL}m2@?XW zKcE7pXSeJabCD&WDC5}r5p6Vi9psOEb7prwLnE;6gtc|aBZq2FSv|G!)&}^dT?{1c zl-H;+HxOX912ZQ$-P3deqox6rsa6pq4%_`DlBoN6$c_#WAIg>XttjWJEAc?~?|VQf zSG!EC3yZVk>{Id;VJ?y1k^5D)e{B4>OOf37<&oHMl9cK{Vwe=eLo@=1$I4(z`%vVm zk`M%ZRnwY@x{hxG*2iy=wTHP5zT}?)3m{;~7Um-zUrmDaLM7$}<6FDYu&oOPaXNeM z4&meopW5G9S5F06QJP@=g(1-jI|>zHD3}V59y1lQU-P?(A`GvQ&P1_P(1313n!PSTtJL}IjobN!ga^6oCY>b^1&V3ETFY2pM-vZzy%=D)vx`hp5 znmNZ>(VEexMPI^1^{I{6ywk{a4F<+bB*x`(_tl5WJir_nsX)ei@ zN6)0w_8lz07v>6kEvYmk{2vA}M|&|ej64;ato=CVqn@YVrZ-{zg}5$fbAMnGi(;@i z(5l3(JE;U_-MgHzmEoKUa)1)5s0=@lATzXf-6sAXk7_OIO57+%W;R<;V17Q6^XWG+ zJ3~f=v#GKam6l2QD(9X$KG+iXyhDsNF+>P|B{_zeYUtxGb1gfpEp<%D${{V5n@?8% zEyCiMJ>oy^5VylUs8EQ1)lR*~o!kLQC-Sc9lXBkx&E}!q(HQHe;Yxcra&sw0qq8L= zZ6>RR+-FkdN?wl^XNo8jx?A)hd2f60eH%XL^T%?Y`RgrmJC$>zhNy*}@R3LgmIv=04t?td5oN+enqdhiiY{3ES;S8FMY9T;KXG70|XuGRc2_ z0n;T#4qFZIXXDx5Pdjh36~$|jb)v6AIuuaZPZ?zrgI$k`0Sk%De;VFfL^PNWj#^#= zK|W@i7WI*Qu))8g5DQ>BV+_yON!vn*A2yB^+g(5B@tSihbPUxAs{t-jZv*zp3+tuM zE*t_i%Fg~vt!E+lMCx$zJ^Vv=1tz|)nX5t6%u_Qn&9p6c`>qVE!O%kcMM`c}(v$DG z2D~`Vl)?euC&)+tbo+$GqIe%qa}w+=f?Ml6wj5e1oVuQ*g_MM70oSo7gi3v4oH7!L z*k-lq2lQWS4v>fC!Hcht_sUe@#$ToE(cIh@p2|ydas!rPs=@vve$obEw#f~Czj7RA zMhh{Pfe}5dUeGnKtW0#y`J7}u<(>Y=1qtDB#W&SX*nQjj94Pz{D(GSu376oQE}tD3 z|03yKH_~+Rfe4CKz(5ahzJeooHOTl`ZVfKg=k+eV%^J^kLm$c&Y)ZGsxvyx~F&+$@ zcywlf#&o`hSqu`~^Bb>Ybj}{E@MWN@f0hU`vdWzMon~Wp`DqAl(?;IkR0a(tf!SI` z>*c`qh7ai{eB4qfwa|SB!M2;+>eDK^u+^j3B?p{r))u9cLsF+)E8_Z&ZmI-?V}K8k z5J4RFXX-hy7W{98D2$H#c{$(qZdakI@e7&Wt!d))bdHQIAlvgT!gc4?$el(zi;Ec8 zLH)vg>}Gi9zV0gr*nSgXeye>eKZBO_s|z5~Td?c*8>|`@Mj?>fXJ$g;R5Y$Mt|2pw zNEzE7s3msb0~|Gt)2nNf^R0b6b{(oifDd0F+3^31^xM4h|MH6b^$t$iu-3DNTRsqn zQ1Q}_jifn+^^n$6X+T23!+gO$m$V2;lTJ)$*)9ce1egl#(Ekh*wsud zP-b^e_GB-Gp25GL4l$ZGB+aPk&OwIJ0+!qwph(JL)rZ>(>uHtB_~oEmk&n4qUua-h z#o)&RXr*T!{HZ6OgG>cr?#p>Gb2jujMBD0OiI-{74fZF`NB%ur>5^0mX0L*=Nryk8 zm5~l|9(&$0F;PGyPcT`1mnblPlg%C$@8Pwm|2oiOl#6obmya)4K4L>_CFU^|rqnl4}!`Wmw+J~2lNiBdDbBJQn-%s~>z=P{6 zW?CUSqAKl-=aFqz82nji>YrRZ)emHFi6VpT`pF?^JZZQ-iM5@J$oE$lCy)}S(oHNd zWJ12CNlv3X+uLLgiDrj#kcJ%#VKPTORe`clT6S!sMiLvZZomDQFSpV$lC>rpJ^Ee1 zBt+6{9D(&+P_Q!?;Kj3R^!?uVFKHcG{sV2wttsGcaLwawIPdW~b}KBl&HwAX=h;BM zBVi!bxMp`{$usqJjun_cu}ZicM{`9Fb1I>?b9R&#MbFlc<6??J{o@|seYKgr9P(hY za;Qrg*3jDvAIWII^JN53LGZH<3Y~uoAM0C8SZeYDmD2O9vlQXRrG!wdjtnfTI+NQSI-dk4s!w}XHSne zb&o_U8f^vI;Gn9~c&dJO3f?MIt{yqeJRGLgipsRicDXRp;zlvHQP1KecgdSqJfnnQ zStws4bQgI-zFE@53A`ZaeqNdT4GrC0O^Q z5uJ@mDb{Wa3eTqm6mP^#HX0T_kC|zd9jIoL>m7pqKZLNIq~WmCow8sc`_rJ@d4sV0 zP#9O?>qI35t0((kgUwOUJAg{gzv=!)(qHO~iAcz0-72KoRKhoY*Z+W9@WVhvKyqUv z#+pd;OOa$I{PUo>1`LS1z>{-h_M8pk_U_G+k8>LQNf$&X#BRGsns_5h$|l4*)=f?olRgdo6eC z7`U3PD7I`~-VjVF9eF%19Pr4q?iqRz;o}7!W9b0b{)6XK|7DsdqlR)^w(s?XXdbTS z_-33NhO7D-%%@u zH&v^qrn9-sM_Ut?E;)E4#rgHF z+%!D*NDXzbQFTbZO>>D_{MS*_lc>DIrfXxt!+S{aSLC$LUl^|3VVSCaN!GP2Vz`V- zl)=IiBiwvQ!m7mCzzGpvr}g-}zl!4)VOJFx^rlX@0*X`x(a%#8w8&DoJjj2p>`m+hEQRLnS5j|P#2@HereN&w0!3kG@d&bz%2-1i>~aV_VJ{= zd%|^*6ZX(?@I0JRvoljyM~g?W3zeEVaAT3o*w7;~z_t&OFeydx{Go#onxq8Pj5e{RuRxr7)GXvS8GB7r|RLV7Ww!S@hq z!?CX!tp++%okXAKC9GKnxzhH|wjNDoE(Np{k^5UF(C+$0TMX4)9}M93P_$0RHf~{uu}E_hi5G)+X+sh?oWa1p~@=E)%5CtRZ|vz?iJ$ zZj{kmUe@tEMTp_OSnLmLDniD!<0iAxG z5%|5}1-ldQ0B4YIfafm!;OdH-paCw`%>zxSO0wPlSJHlWaWdv5M;>$}L_gwNgo#5Pg9%9T1=zLlT)W+G-Rc070YMH|h9(%Xcy$&BDg$XRr|9PL2zU=K|x0k!?)^K*I zPq&(2TTtJHMroj$hU4NBD~u02tEkSSuy}Gn`_U$H!I33Wy%Xw{#E#RF{yo}nrM#ebS{-5kdw0YJCB>(9HdW`q@J4>h=fUWRW&fwP zoP!-MZr0NWB4v3`JPKS-m9rE#n+um|*;_XW!*E+q5zEfN2J*Qw-6VUA<_wWLsIY=o zP2Qkf3tMngWSy(KQEQBk$f%C`-y7lyHiSs25fVjHmp zQv7^|pf|aTdWCr*;17o=k1M6p!$XiqgCq%5Ulb=(vmzBzgfC%? z0iHBrKXybM%6Tk6PM|gs;3E&Gc=`D%ESOxWEoQlgL)E-w+K3_Iw1wQsN^8XWNX3!CQ%j+G zoQi!lQt?=wAU48y+c)^6FHo4UG*M=g&*$(4@y!lTGt8TFJIPUFZ7FN?oh)`)&HNEH zQoTDaeTogRyO5iltQ>%e)^D%si8yrcgMyLwbe1qc;utHm_7(7sW8s2Tdu4Dl6z_U` zEvXk9Qy%!38@|W@^}l)Nj`G`C4MwX&(Bz=&DQb(snWoH+<=$uCNeN<&OQ9S)0pgWq z5T%jONHvzvbv)IMoHL@_AWSA(zS#g>qP;@B4c1b5wP*GxV#s6##SgCGcsbFvDCyKHs?@|j zLnnj!+eULB%`Cbzw096PJ&sn0f#FPxMqtagXV-heM}62WObMR{jxrEXE*jwHO1oFeAv#p+mj9Z{D-Z9Nj^2`ZuSkS6cV(&9T9@cpT&2Tms0> zw~lho{dvzC@5@_VJRQg$pJyh9(>s_+1kD>re5SrP3mLJuigXIuPkXzL#+%)|Vg22P zesC`2l(b?;YkZPH+6CONT$8+gt&WK_4xZ?226d_a7zLk$s5Fy1S z7NJk?ns3hO?gpqbq^$1Pl?!DMyt5TZ`Ihe9UG_L%GH}r;s2$w&G%XC1NQ^-3H9`JM zs~~-qbOPmZc79nkv)4l()aC+)x=&Nt!+n1}w%C#fiJ3z9Ib8dNCl?KnkUvA!|FOl zAnbC)l!<=2sW0X18stz^>)Bce#e~6{->}r0ZK9J>(oJcI$UrS7y?QqUA>p0L?b>=w z5lIw6q1$fl8#liRtTozz_I1=URJ9oBc_qY^=ycC*tTZ3$)GpC?UXYIxQM)|f=JZL7 z51NkSmc6>>M@vx0sVV9SUGF@RNX9q)tb64IC6f!|&N4txZnV$cFl{l?-9J^SrWvZlrWABVvD$|Z*XL$C z%>)7zAVC#OGkJi0)I=<+Z1kwqF++Q&$7K#O$jEK=Wg8~(DuleH3%uz87uX?5vuSXyZf{VLDNFT9bFLw&P*nOa(~eUPW;Fby)YLqm93ZoAiZ)LTu&shQo=&OH-B zI5X|Ib{f0=Ce3MyA{LqLI%mh1MaDt9{dsYFDn$dpNC)@;EQkm(CL*?&o(if|6|4kj$y*fI{MJpDZS^4D~_P7Sd+6-%77Qr zEt6m1ibp(Wm1L2mcBEhWlTF8NT_d02N*4d6@RXTkAA{ad8 zkcAL)EoG;t;p@c(BpwSf8MUyDz_kSao%;99aVbC_FqR{6QdIBDn!KLfM1 z=qg_Jt*&pYYDwLbZTpMf>Wi?UMDVlrs^iE6ho6h?s}mh9>j`2ZNnf^=tHkbU`!WB& z8m3HVW`yPpx3WGzq_a}q70IWmwGHJ9nWnanX~k`9yMu{N{7HFDMlqlXUtQ2!fT8p@ zNSA8;G|M2U0VM?I6B37JCzdw4lD*oL5$}+_yq@`Ev!=njM(Bn=E%^~TBdB^aK|U^B z-oVl$%0ZyHaBVU3iHDnV*%eKTQQcOdv}jUgff7dQB(yZlpxb?x*^Xpk5PT{CO@d)m zq;Nf)r3=ysaj2BBv@l^=pK@VVEu-|E9Q;Y0IVa0hvd%oVcIA$x=LpotET$;PJ|Ywb zb!ZK1wWDYh7yh`+CR?2g%s$s_;Ot%=9=Mvmk+r6^gDAo^Wz*i>aVZnQ?sy_J3wJt5 zm?lHQ&I9Om_=?|Zu(XU3jOCS<7yAZYk2Vm+1VbC`)2-B`;1`AMo7k?HMp#!4M(RHY zZ4O4-FK8>)=M77~GVTy_7=3Fk1SfK_;lGKhO&a{Y^249-0fk}-O$aPkntQDadH)ol zMcyHg;*-!dCd0gpw^wT4m;gIK#J{I?#`a5Jk#2E1TwhmXG>7;gYN5aQ%8vP|5R0n| z!pw1reD82Nu=bG5Yb?x*Dj|3ypmB_Q!4D^LK;)h^^9sOzf90FolSv4}Yq#p^)LNF8 zJm1FxIiI7--D2}-$F4WQHFL6EndGh~RbFbYZyJ?Ru{+naO+AQI0lq8}7b#Ek?OGqH z@Mpbzt>su!)Y1MP8`jQz!=kBjn`-6xIU=fmE}~O)@R=?)hJz4e*Q}#brXzqxZ2r+Ek;V{rO!o4uKh4a!Zkb3abfaUSRSUvYVy#E7D_pL9c{&U`_VAqLC&pq?2 zV)~s%tD*_oqcThPPE$-(eZ}3>U6Z(&KGPLtQg~X@A%tBhuS9(q_}yH?ZpZ}% zFwlbd01rJ}Vt%I8d!MmHw+$kJ;YurcemPBwn*Edv_ahLQ($b5V<(;s<&jtv9GHLyR zU$bTrW9u*-&0AaS49YM!pn`dIhr#+=I7{Q|MoBi3lJLnDrR<&|wx6_Z_U~LTeWbG` z`x8Lnpdd;*;y(4@XkihW`yS{U;1`^VwcT6@btWHhRCU7~Hv=JIx z%s;u$4FpvM0A`P=>@np>Oq;iErRSb-^a3h8q5}jlo4y%OIHhad06*Op|xRkb5GxV#3?Ho3dryB#xNMsgUOKC^0*U8Ux z(!F2=d}iqql0bMP3tOPt_vD(boH6IBty;rH0BqAuli#*z5kD%tnvLrZwW*G!ESZ#z zA*n%Y5iSBD*ulK;Du=E$sd!vNxVK|12{Ep3{5g9V!_MRSQE@t{zbH+ zuYm(}zYJweFelYCDJ_GjxgGct2~ph+W|i}ls)IUjihMdLg1dmBH;j4oN~q))a(C{; zswLBpF0Z+=Jf_uhmj@#_uAU+Yg>d@+IOdk0ED;nIn)+IM1u;G#zfFg#x|Ge^>+C65 zPD2vt`2kSKQF>t#>FvVSF4OH)a`zhyjI?FyA~7QC%~NLar8Mb*bj!7CMR93ugy_bG z$=wX3FcJtt5Npk4Z2g?xcRVr)@0lkKN^%2@wP>Jc_rk8Y&OvZa-4n|{1y1z5h?p-z zPG3IDEYmNzlDpWI$ginHi|{Xj)aM2n_ooVTJ}}t;0Z@J#lIZPrE!!gJr_eKW5mag8@FH2-;Qc&hrubUdyU@*l~AJ` zj@*BWAvYc-r)Ma#$Rk=Eltvpqa))yW;yXrBzFVnsx%fqG42ggZdizX2e?2Mx@3QP8 z!Y0p*E-1gnXh+#emGNhOI!NL}T*#GMvhyOzbCI=pmK&ONU$SeAW{i%(;ojC{G2wd> z(uI#wXzYL{JK7_^CF&6vxh;1%B5!H#NyOi=W0V z{{TV%8wu*tumni|{IzFPIXxq23w@XKWgw#XGnUcx$GUF-l{WS>(T(2j9{OO8UQBSi zQ+dgn-#k;~HHX9Ijt&~o_*W}4QB8eA7d~$e%7(JW3G*+(Uk;jHeVzCJ2}b2Gkztdy zFU5Ze3ssaCB^jHk4rp;08%rCbb&yt;UNdp>25AQb%Zz!Or5D)PcgM<=SQ6~rLCF#p zn#AxYdXDQEc_(`=RhCy7zEzBWmym!!U0U`B*0jaw4piQFBg#3DLbi((A_j4H)%T4B zoxlD#k-B+>Fh?cuqHlDSW`98wibcHB^cRpk;H*M^w)=;S9te* zOS1iupQsLZv&ZFXl^4VG%YT-^sP1YHA6+0QljZXhMpH+hn8x)fX}N~aBT=NyvbJ zf2fJQLE1GQyZ>++=w+7aP#Awqvf`B{_BRQPje7#He=@ajBG!Wog(U#RRX_TA$*+gO z91)gr7}(pZhF1y}BQikKuNPJ0=K*COhuXD9XBafhD0jmWVr+|w5qetD-?I~IDbDx< zx~+T^U_ux6dknW<*1@%{|J@bDhI6UM0rvN^YH_JaZ}iZ+i>1q)tVTe%s;@uNrG?*&M5>6 z8G+e>B5_ELc?cY|$bMi$O5@dQ30whgAfD2%fVZLwTP6rHbG*j=2C6Pqpj)Xtg|Y

xHHnSOw zI*6rw$bFgF{9&ni(7o$gN^u>JJL-cQRuxf;l;xFpW%0MD(|$$2kwN*`PdHETAA99f zS~IfV@zhHppIBBkZ{yNsu6_wdum!Ar$y_NI3%Y`|mnn3$;lm6^hLQ!hxI^_>?mwqQXT)UaJY}Vhoz0-`nOq0H^n{;!Qxg4r~Emdsiov-4E zQNCk@Yj@GMUHUs;=`~~BwCxeQZ9a4PN!msgs%=^Nol)W1C~b@C@7%E0jP0atkJ)X@ zF_-^^wo!#@n@_)!60RMfZ3Fr{xA&W|t+ee)yKVUbuQk_Fg=$-lekV0t3vjAj`a2hD zusvlrtyqJN8dTHr^(!ty$37ml(b2SG8*KR+Y`u2dYBboWLbYwCekVO#OJ&n%+F&cwVB2N4ZGi?G zRj9Vr=y%-VS~B=4G`PJ+gKe+fwnZ9jRH53oK)*94T-!+78ufR+vPi=%YPXFnK{u*U zZCj+@$q3i3qHU{exHW0G_1kT0(r}{+)wV|c4io`=Rya0bH;6g}$9PXQs7X~P7*#O< zYLlBEUf>GXxF0N<>n^&^WgaYuT;s8R;Ll>VnQMOK_sHb?re9Vz1)W_RT)|#zli!5d znFr<3Joo|@n&$F*kU^IJ>Uo)#!CrGUQ*EcqT)qdBuI3#S`aLt+;ec5-A1+37W*(%x zdRxDO;h}l(SMSSgF3ir83Xb7nD_+MYyN-_&>frmF8cF)}iau5qxl4n+;fHibXwdo> z;`Mz>o6LhBO0%AK&ptzy|ADrd2M-B&FdaEVUBk^2K>dw&^{aMy|4Z8Sp=y`=Z?_Au z$p-yrXx<^!JmbHldHt$+pJ7x#L%aS*h7+*KbomU;`yUzA&(N;_k>Lbv?#~9ck)sO9 zPy`2(kw8F%a6plo4;ey5ns*wIAqa@k^_GyGk3Ene^m0%wAvqrl!Lq07A#?R{h|26_ zv$@}G9)x1<^g$QGn)nIusOXL(F7uAb<*QuxZWBwgvoqq6nQup%X&F215x{Bt0`8Yu%n)^%atO0pR z-jo;QMR}>YSIYf?pL&qD${hM}6yY@=EcEgR%l5$+9(fldq+b(Wz@r_trvQ7gw zO6?to&qfrTz=z%}&ow<%QS8`cdT#OYyxH!#bozfshiMy~awPOguMb52l?^8h|B!=y z@xHwa`p5gmRd+5B^O)_Ubk6yt-U+md9a!=gJ3iuZ2|bsQY1#u=m!INcPvlP0rj&mO zjHZ+yS0nxgmLu~#4+dgB^FG{wJ7QT0YnB9bEaM$DKmyEzdmlU!zL=&!qLHNBZ_xFs|uM z>GIwdx3S~CY$1`{D%su)m z{TS}T8DsG`vhmgHUg9wkKC6xl*^JeAAdc%9HVm`Ouhpch>0Lt{V`5J;mdWdw)NE^@OtGbtTVVnKEVOmqJ(np)}*Fnk&9F`Hz>6 zpR}OhAM^iIcz)3$|Bo;F^A|q<`Nj)>e!=^`OF!3i@&CQ#FS%Fbtoq__^FF@x>dV@i zrrlvQcdrPpoOP$WWozq$tLLrp-n-+T@85O(s_eV>eB+U&w|w2deE+h?ZeOw_ukpZb zPu{ZPE0ex_WYJS!z5CYE#izd3IWy^+@~Zo0ZJv`hySn;;YkMotno(Er-SS;i&na6t z?cwQr>n@moYr{|LqqP^$TUztP-2UqeZ)mx0{epoTr!2hZre|+-mGU;jZ?ba&qmVmH0#JGt-UM^7yt%sKwviN}vE8^}NW;fKHKzw=P> zUygtD`=hIml)biY*YmqmUZ1%q^yVMl$oNyu&TsAb;~&Srx}f(TxBY4R`L8V6^yBCM z-2M5U#tlE;_jZ-`V=m zgFl@2u=fW${`vdgzy2Sx|7p)ZJ`%a*oBjv(|J`GuCE+~lK=8@HiglCPj;wvE{qBy^ z`%m51`Lm?Q%71>}zioaZ?f+E&`vZ^n{_9ykt$Xyl|FY|mbAGh&ClCL4@2@ZT)vfD) z`kUzgz4(_)fAPeV{l6>xZOc>ZpC0)AlxOaF?pd{YF^n)ib*4tNggR{znnC$%Ytq+8 zmg;NgOnu#3r>~B;^woD#U&~(8*F~H3wM|Z|@b`!qsqoh+hAjN;{q>BQQ)_4X7B64n zTUC5To^SfR>uT!e%$Ry@t?!n*e5GG*YFe?pY$7CuU#FF`)R8`|4`p( zQBUJ|(YK08Q1o{}Ti;sHiTkFDP@pP%v&3t?9p5<%`}lqo;7K=aYsB^xU#J@-9C0r~5>PoyCE>#4+EnMOV= z|D>f$YNB4dnU!UnT4+B;KAc&$!F_Nt9o?Fc0@iqm)==rOZgO$>B2r1n0ClRt9jf$& z>OUWRzVqYMwm;t=T6S5m&(W9vR%r31ogbtI_dE8x4g~MKI<)MIo$sdx4>%6E_6P60 zDzrE+A-6QN?2?4sD?^JfPRN}ST9%uTTM}BFlaN~+TK0v6+{u#lN5>ys?*|uO5n6mv z=X3LbESV$Q>10HYp+3 z2+b}^$W0C{D@@2u3e7G^$aRL6<&*39!1Yq_;{507Vz{y_dlY2?A+sxuDRpP$gS zOG69JlTX;a{$i*pJ0UkOwBX!?+)F}D=OpA_99nR8LT+xTDJvm2N3!f*e<9Q~KA~Tq z4>gWU$h|1kd=BOCbayjP*Yw)ZfR)2B?-A#hMF!;$ej{ekeiTO5^Bmx$SqE2`Q%X3=M(yM zMX2$jgxt$RP5y-3NukCI6LO0}O`i)bxFDg|h4K}<*9Akp&JWgnN%cBE)Hr##*I$bF z`s#$X%?>TNDxu}qhMGzfa;rlNu1v_S3N=kh$ek5hP?C^)O{l3jA$Mj%%V&g|u1M%t zWvKD;gxrcy)1-vl@=#+@LhkfXQ$c8fB3?FzPm{0My`DPM>#|_YoSsTAi&7nJk6pu! zjXxaX3saZey~K%lDMulPlB<$Q0hePv%# zJ?G06cR4w^FGm_Yb8F^B3v}Dt<`9Ai_Zc~up81R0ZuQUTjIa%gr-I_aJ6%MUAJ5jT z6vz_)8k|%)JA_F{epe7z2Hc&KzZuUCnWUeq(!~8`wn`gI+IcEX99*8S(#DZCF~6&j zeO2Bc&zlqQp5&h_#>uE>aTU6-)NI?AiYL-ntv7Hj`ay8p_P2u%-%sNuFT>g;jz}eO zbS(JreRlGg;j*|QeYnF;c8@IGZYQUYEFG|u(?*tFXD5#yS$eIVj9q+UOWN$@)Dfj` zS|g248Bz46)si-9WVw4KjnhpDRo--uq$Q6m_YFx)8d>gcNpp@YcNe~$O1JMF9Sv5l zdWujI4l3RYq)R=Y+raI6uI~y&pHg`L{LIr3bc8>N3St|$#H(EG%y4rxfl>}(i7b}U zJH*h+h5KjB39QX$<0}JW(7n`ZZ5v)Zsrd*tV$n)qY57NSpSUW^CYUdJ2#FVIb(xR8 zHgQ{&T90hxC~C_AK54xcoka6Q@{_RJVRj0PqS}R4?Lv$dHWXDYu&Net_d6?ofw_y#HT)lJ#s?&Zt~G;W zL2{8SC7{R-M+qD9q6Ip;AM=JrvjH;!Gn1PDfjkL)^~4Vpq2Oz{`mlOxqQCqnmC#*2$pQ zk2klbMLSQVw!M9S=$^Fx;DBQwe;2blDO8?zu=8MQaHC_R>qKy28fTssrXA>vYGI@& zcu(3XihLjppvTdJh;~ofNh$JvVv&z25=$(?p2fnn_Y#X7r$}F7kz3NmNesS5{}Z|{fQ-xP~x4$5+70G&xs}eLW#GBN|3vcdJZR+_zaq{^g7N z7AC{Cu0A6?y@nYl#v(aRv7&T^o9onUl=vgc-;Bf{Asc4`;xds#;T`vJ4Sd7nAo>?~ z1xM5r#0!rrX~j4dP1|L4J-Dq;=JPkGXk_{-nIiJ93a#2f@zOy>dfHKo znsQPO2cY|tu_!;5ELM&yuAw?3_fWx*zX|A;;VJYc6N^r6GYjjI@kXAC|EoIVEFSP& znu`CcI%6yk$vh;>asRH?9_tVc9s~G@TR3(yGe!GvT%Vm;n9Vt}3D#kHUb3V012tt~ zu|_UdSd;8&8$I@YHAlsUNxb)D)kIHzZ+O-+E~Y1-xUnV>>R!P@&D0vJs!mB3ed6O@ zl%>BHq=&5auV$|2X~+1m4dIw|XM8?KK0ZB+CV9#&8ncub;72xRqg@1ZX zHL<Xyf)1B!viG!=Z_;3dchesklU!4#y?ZF^SF_j!C5B5pf1L9*?NV9medM zv#trjh^q8_5Mn~upqH_*g`nBr)A5Mn(TIjZ5e>y5IxPs%?|_18zqp2JV+sxjckA3^{98r_5DgXU54xr*K%&M!jlXLQS%09rn{afmzW@3a**eu_t`EXO`o@J?^KO z7hvb&oLPzyc2bw>XVIG(*nn@Bq*n3Q?sc~0B>HNX7Jo7@rH-mdURK;+do%vpzpSuR z2XJYBfLSk2+FuS4Y%9@8`=GO>c$oSrdt8afrHjzZGH8B5qR)1zRr_t=5xo9r}EI)n-$$Sbs}0DYJ!3zzhm$m*1_1hI=-VH z7iaMQZkPCa?{N`&cT)40C@zsFfIRj2p|0YlQ_i|R@6KQ7PqhOZcIMyXX9?XE_2lC+ zQ*N@jF=CG?4=a;m6b5*oNAsbsh3M@{zmm(XQ=*X2<3#FEZ6aI|Nr_= z2mgONd>BA=%r%cObbvEZC)+P_;`CsAH2%twE|G4st#_^C;8TA5H$PehD)KH7H3(E< zZ3K~h9i2~WoZY;{HMb#p_9~6Zoh|O#`O)94R7?i9SbK)oXu}`X-}6DJ#N@g(GCMjv zXWo`Mb4bmZU2^*>A1jXBG!QNh&y=NG7C*x(^%LQ=wuTm#MxPApPrr_BI%XFtFrFwb zIZ_bGOTkASeah>HkQ$;>)1+#YL}(yhhk%lJ=6XuwIp7kf5%hbCJ! zlWk}MrC@vRX(oXA0Oz&+sez4yz&-Xuu1MtvV^cJLqWJK%Jwr`;s`L5)Q{B_-|7`Qw zdaYnEc9k^eqv4r*hA&Wr#^Ehlnwr(tHK^L21J6RUn3YfSb^Oy`+U z;_*+;!>UV@k$?Xi`*SdMg`$7|P4E)N7n?-;EB+?9Dl};v3~U;JI)0|{2y^BbLd(3$ zj)}oomUS;0A-R)9zfu|w>DvSE%lymh_+a%o@_mteQv>e~Fx@i34$JVzG737C*M}a% z|I_QP`zb}lJ+wF@%C`E<7u2LUksBi(eJk_HHNR%AwKMwNpqd$U&%hsbW{Tqcu3B8p zMsK!MRs-H~>yXi&cdG?_?6Uba_0gO4YtD}-IX`;2E~)%N=TlxLU4C>lONRiCcWwR4 z@LUpptLJx?NPo5m{yj3|1};ivm*4Ez#siHXmNTnyxi#o%og7)}cg>xTqiNbh55@h2 z95yikfS|OWKm(b{ID3!Y(5&doGcu85<08uktbO$jHMP;75VQ?Cg*%{Ic|RZUd9AmW zi1+oo)EjOh;m(SUxArbE8YjVVYocEsN-v~I2Hp#1poAGH>2JOuGK1ykKuPz?tlW>7 z6!RNPcb>-^m&M;`akCw=ZG~!ythoV)8dBr|>mBjH`)B+kFACq7r8g)};7`+#6Th4x zRQe`DjiVz#Kd?r|o8RCa!oKHk?^LP zRMZSzs2K!m6|TX2v_$T?a|dgPF@dTPZwLNzandXHg{xmSA3f!C4i@Yr&rca4>UnBu2!_hS zkl%hFE9AJ8dn~eU*-hWXRSk-e9v)GDEPWAAX6F5qkf$KxS*p+NzZ5jV;tmHHUlw-> zE;H~40HA|Qa9H0P@}`Db3|DYcO0dol={bwg5?fj>eb7S9=~k*PSCCL^)dtb2@Ej;> z{n5cX*80`PXz?P#jBMRL1Q$j?1CX(BF*t(-G8zIvB_4?~2IC9z^c$3|?C;B$7R8&~ zajj^#k@BFH$0n|QOMpkSd;&L_t=3`l(d|y>D+OD?>>Ts)trN{hHv`3Go&2^6l(?c} zUxtC`Eol2>RF%#h`?WO-i7|`Spxs0{W-a4Pa0xZWLrpAGO|;>*%!b>OiEtYqs!R1K zz_p}!MnLY0xcm?Ns#9_03Rr=cCk{d4v}*`vCPHwV`gVjC4TESz+fIXUN@5=tn+IyeuVFBa`&FXLXgDlcv^G?+9mAyB4gkhWTZ=2 zmQQ77`>zCQi0>+F&G3vvpLjwoa0q7QVa0=sH_t*Zn|t2z9C{v)nvQ6FI05ozNyjJ1 z#H*f=&;L4a4*wT=iy6bZ@q%m%$CJLMT+-K6dy8e6L`a)Q`bzmSp|7p&5;RsKZvlsF z0ZlQ05|05VSoK<4v`0N$sDTWCkw@S(sbn{!UmBUG{41r3zojk!`n^qrwJqj6dI$iw zLw&V-JPw%ypl3i-->bs_>Kz79Sb%T_0G&@>{2=*|x<&M{z^9z}F+>OT0U);k$PIw% zG62rP44FlwWmc0$IRQY_2v;{#Co7r#svk{G&tK1@GHb(6NB``h*#&=$SO7NCIhlG~Nt1 z$E}*jkLx+)S7=rORZWng_}>bM)<8TN0Xk|4XVx%Mmf}?x1>dYHoTyXLXO z*VuPbYIWVMYVCMbK3a)0gJi<+oJd}=Jh0gHvBcgHJ)~@8*UiZb)*I;3!sp_X+6X?B zE;UQ~rIJ416+XvKpKqt?n3x6qmFJ4YQB%7R_ zgRSqvCBn|`wpt+NcuF#ooqap#R&DgWHjxWtYi8{+puT2BriO8kgHn#ZO%$>!jmA3O zjBZmZIm1#=ZX;VIi!EPH%lu7w!^evQ0~fb^ zKCoesn}sduPZuL_a(h|psHd;yHe%o-Iyy$HV?nOLqK3h7OJ#u4t+g`A!dC{KQs0%;1OGzvtghdROdk>Xj4-<&N8h*uJbpXycE9zfxwYuPUGoy&Dp1=> zPw|2T6p8*!ca&kU4xyB&L1TW}R59Db@{xX`HH}*Z#S1*|vU*q(tkUoZ6eqQK;S-H5=Y%99l0>ouR;KUs^rd>MD4pPaL)A;st|x`i!yb z`!4mN9~s)O5V{=yON6DQi8&Taa;%7RU{Rto!O_|5rHmm9d)Pr==~_Dc_nLEaV6)QAB|og?|r6jNUd&&bt*P)$+X5gLHwypnnC>Y8x`W) zZ4>@mD-%#W!-x{y9XOS=;v&>4vQ-}ESJ|HS*IUjFW}^w0?eYW8Ugx%0X2%g_8sF-Q zjg|y!N4FEAzfXPGaQ5GXVcw8_K#dv;7PcTSm%*Wt#bHSJ>!i0cM0?)B1oK0sH*u zC|%FCXruT(Q(&!$F2#GQ#=I3)kDwA^;x;*l`)97dagg>_k=S-(N=v`FzGASwv*k7m z2X*T^Yohls$zZk;gkob&beVqY7+lrb(YfjltPu&jodR^UIwqT1V*d`7`*KfN`4}Gl zbG#vp@12bA)r&P@V>6LT)sntZ1Wt_uUsGky(PbJRi>Eh4CujtU^)x;aPXx1E(Lvq0 z#{UyfU9vd#y@bBm@Bu%wn4Q;0j2jwXj2Eqm&Rq}(O}*9C@%rjXLICii+`5>6mH4Ow z0EJx#jL^eh0ocK_&GlztS{3@1dYbF(o|-fz(3RXhbTOmeA_g=z8h?ABIw= zE@`FvU;3&|*HzE)SdL?_Q%Cn$T?uVoKSj^%ogD9Sm(~L7~q_+~dy@T~gADtAVN~YTl{%3B!1) z%!WV@(+%VvG2hbc`L>h!whcU1wj^rWoSR$RKl8aUc#?ZA6ve^+#3*C|W`ZrjoJ#Hqn#sLO5B zU7iewC!pOvfvCjfQOSNREXs456trJ>f>L zn2<%L9{%0G{ru+_AB|Z%tzN#dZ4kR0ce?!DOZ|#;& z=k1P29xgE#-f%Je^chB(OIdE$ZC%Te=tliL1dzJ6>$*-jH+G#&;){lJVAO->I2=z; z?1;^!NAjhvI-YcNH@-0gofFyFG??m<(zf58ebwf3 z7>@U>9lzbV^Ob*6x34-+T2ZOwWQKFo?Hg}(ZdQ)#o8A#kz}jO!naJwlekFnE@pCbL z-G4Wlmiz;M)TM#mH8{%I)AdeL#Q3@Z)EP}iG=j2aTi1Gz?sE2v>`~!)debj|{P$s8 zX73W5uC0cn#|Y7IOsS-jBdavmRs`|TS_Z-2Qo zx5v8I$bHeeF>Z3I&E69DyTrFAbir-YG^))4)w+_?)*e%6mbtb|a133G>zVZoQ|z3` zT7_jVb)B5Z2KUU(lC^e|3}JYMCw#p(QhE4kg>HQ)XB4^}!|26GA40dDwLPCew^GmA z9*u61IJyDFA$0q#s*qvP6`pc-cMSr`^v{TJdC84#=SfgSg4yQ2WCpJX)#!76yw5A> zb9Zv#+EaF)yH%f=+fUnlzEAb}5W2aJBPI(EvetH~KHu#LPxFF8?#PV8pKK=B?soR; zu3PNQzCKEKeItk-?`Y3$J)h|4PKfy!nTTPp-`P7#K+`plL=Cz^)$iY`iT0jC1ewyq zBQG<~J1?+7qdKqTC(m>zmWcmxqZkV#wBnY#`1?7=-l@^eZ7$< zq`U2%X88f2B%Ct0iwr_1{cxjiW8~KYo%Yww@{f?IP?m1QoHb2}@`xBo)@1bPwmSO{ zjgK^BcpA%5e@EY{GeiuANRIl^OcE4-Uy>YstxmDvo>6rqO3R|Dl>A9GPn2EQ*tv)r zn)nxe?g}aC`iT@o^v)W*Tna@OsEUoAQSu}eEJ=#C>q-MxsY=c7bOx?cx#oAed|l@H zuAitD{K&3pYwTAE^C6+lU({`u-AlCHAWh&ZdC{Rm^4Q;hs#ZE?{HR7Z>k|4jN`F53 z#q;Qiq|>BBwW^P*Ce=APvKhsJn*^m`U7)^vjxn{;07;N{Yy=v$vt z<6&*$HG<%Z7{t+xT12`luad9d^KB4BynA}-UO>bP=+qMfUQhu= z$p8C&&if{5DNOg@KGMAB`aI8h&U2pgoaa2}Rni*o8Cvb{s@CnleL{L63}dhaV`iD3 zhSR5#AygPH8sIZM>U879>pI@W*R#R7E{y$5wpNKa{{g(+sH+5Y6?R;kDL3}Oaz6}} zrdjU9Ou3>1%e|Q`*CkVK4=C2I-v_hh-b1d2@3jNVHDt?C?&xw8MvXAgKh?S`YLemfRkSn9de09;M zWRykQ9QDvBLT=uAJ>48_L-f={fe6z?*k|o2Hg45st2N!DB|){UpA<`Y%h%Q&Q*F(u zXC={{p5sXmNzZZXBN>CQd1da)Yxa24XO3IEN)6@$#{|m z%-nOy6l*`o*FAkXBpN3rELQ&;TFQ{<_xQltAR%Y1=3bp32rT*}Gi&f}(bk{^(>*wY z(?eQqw&b9_yst*PXD-?=N}@Y`ohN-7EP@u=$Ai@c?U3rMQ4z%(W;a_hT%`L?+?u&Ix&vfJ9 z6E3E1EKc_3_XI z?7o_ao%LF76k%bvlIk@B=?2nsdxV1OJs}G;R&36{I+<9wjG)wzCG7K~$y#oUJ%i(f z(Xxs}YZsQ{2xN7GHW(pZH--qa$d~9rKoh>kb#uFvZ-{nYZEmOre(DvNPtgOAYhXJL z9QSVTT=b_7pNI;X7C;vxe7FTd6FoZ z#wI&Gtk!CBWRq&u6YY~C4s}oav>LTUCxuj(3xv&Z?qqo>*`gdEK<#Y24O>FWt##3#!xxLBXgUw; z)OoUAVPSx;(R(s=xJNnyvxIdFg>os6@e%)YG3dOl+2e}Hl|cWMYRlxtvY0<5~WsEgDhzSV*r>lEMUZ=32hra zI9JGJIQU_KzPf-_pZ4AV0`GVYZxNdK3Gn__GdYkyiSW*J*#PrE(uQXm;8_yX)XMFf-hHDv zA62_^pqt%EGB9eR;(T~;!v;n}Uh0V4<+loHsq*(1oY&;)Ypz+jqn~rlhJA^OhXS|Y zOwhB?d~KlX-^CzRG{3QVULf@b_+e6d@V`rtM4m{`^r=Uu=F#v$M=@BqABkQ7leYPJ z`TO%9gqI-n8rVXYv+tCb_NY~5&2R!~>WB2E!QI3@>HKoTor zB2o7W4z5sP{u{|1m>Ny4h2VWogoGpcE)r~eetf&U*#o7f!r^V;CM1#$@i0vF9nWbe z&cfa$196aPwnn<*j9+zmh#3IcyV%dK}EUb}U%oc-}cBSr;Eh2PP0m4aV}ac|jt!=R4f7@l8z#$< zjqxy2f z6^Mp8uqpF9b4___{tHkbh5~qB7WfGS9;9p!{DnWafiKPl{?{m(td&vyR)!P}60O*R z)ZYQJ&jz_Yzm@}p1;Y=7U)^QHFLN94`?K)lK#IU8N&+c?JozqMbDCUjI`%fSA~C3L zzzxAT*JjSq_D{^%?_cw>Ys0;0;Qro#M=MWhF6c54Q~gd^-ys~@McEi;P4(u|J(5}fS^A2<(~{M zA5OgpB4#q|+2=u#0PokiT1G(=O4A)^E!H}H6M6-HafgJtKNWMo6F*A=i5iGK?~*cn zCC&x#Wz85K(Hv2hZwI<=cET9>`_(uHHeZdo@q6)QtV%)F>coNN4qN{YAnHT2nFI_c z(A(Ipp1tc^J)-7LZ^KEb#G|hxlRVU*JTiCYuaeWF2a#YZyc9nk&yP7Aoo0;!KG+(> zdLe?q#>2i%n>(q6{fE+L<0Rq$efdafo3E~LDjc0$kK9~=jrP%G^c-_zBoEEGgF$s+ z1M5(dHT)T+y-(&*958%_ZnHR}7T*#RK;Hk?6VTY~E43pundb4|P=;D{R7QMhp&Hs63U zGp)7rNe;Oegfq+3h4Jr$Y!RovfLlMQ62Vhs8&v>gGztS91S}yk~RJt5^a*P6~ZXe2M(d7VKw~ruK}Mg ztbTKWCR(dBUBXVl)u#j@TkQ*jEvb1Y&gvpt-cLva$Og%kR{X+orcAf zvNAE03h1{$KFNpFp%-tdQGfNypr_*-+t&Ga|7&+>r;gY zIhStoFDRWl)1Z!&Vl*49K=QP+OO4U3zW^qblkG}b{4Xsn zICYu@ptr#VL=OSv8^_x~o(3QV!iEidap`zRv?nI^P$e$`gc5Tl z)#Yg_pFvxhqxSjd(R!J^8O_-8A`Ha?&H2=2G6Zf;mx5g~8fI%q?GuH>B?dIHZ;1a2 zW?N&rt^(VVuIBFYy$di-!_AhJpZ9aNY}jvp>wS27pr|u_7N}|9l0=D6d+r-ip4pmT zm+zgwzHEo7go?T1qDtSV3SzY`f=a~;=p|6A&c?-@9+o}ITwng`0_-VH&nN?C%KI=Z z+nu>nMSq3puN3`31~$*#fH6L7qhsi}}*-cc6?mU7YqlyxF-Li&@4#VeXEvN!Jx%vNa9P zt8wzBLmLA0y)Ekpk#oMXXgfU_%})*f38xlK}GPeTo|Gh-?5lbtJ0iv9JE*Z3Hr! zI?IVV5lC-mrov}8cShL&9FLZIS2Q#4_cNl^poXMbPdp&Pm}qdUTbbG-)C-KP-|8|Ej^hJp!ajOZb&Cw&$m;9UanRnYBOpD zm?ZXst@{9A=}}H%aX|qO3?Gqv7I0#9s(^S!f__UK%fF?zZnn_@5!$13U%!sf*@uFu ztAGxi-n2@6fPVS~5IIBi(~~n(D&cyloqhyFqUU80@iyFohN;tiK^^s38{~)+>|db@ zzP4b&jY5>8NLllhh!h}DXtV%)EtaN5E{9mkKT~f))2Wlhdet-*r-3wG!DAPv441e< zYV;1NZnn0HCuZwtk$=TenxKa>6S~<38N6I$PnaOyzU1xWVv^wL=Y_EJ`zG1>+ z8H&P2=MjIE?6)uDzk)P>!i|tI-kY95^I)HJplK`4BJrSvxpCzuekya4Gua1I*!M2) zjdZ2P%atGhfEy|;P2+!{S4Jl+%)BB0H|Al%mg@kxaCBllnks|K?u-+b;#XV#L;Z^G zxXgm=sozcWUW)%_AjI^3>%STAPxF5BE^ZxdLFn|E>yi2m?g-6Xhp%7YCd{liT=;q! z$uo}lGu!rlgF7=bw9|#X3q|bVd@T_Gsh~+-BxeXl1zh+!_ z6!-$}NmBvdrTFjrFHvh3pxS>bp#ntcVdiGGuogeQz^)7bxzN8sl$8gDb|w0QKK72TFjd}9K zm#CkZ1&wjwNKfp;Q2JV5dX`TeJ(0o%Hf%=qO+dwto}9?X6QD;}PS=SuIV+Dw6R^{z zpu>G46%dOfai)9VNc?>ofTUq^b1d!ZR;P)k!zx|1hqd7v*T<(GuHfXy)d7C|MStjg z+kII4g&}ZZ4}|#TN%5|;{LWaO`F@gi8r3vvCmg4v*TL8FEPs4$4|9w^aTeC>x?>_g zGrmEy2vFryt#6W+K64CD7HUzz9OFrx2Zut-|x2T;B-Cho+w zr1_a1jz|b32jSIU$6Hj-p#KW&kvvfJo36k;Q}xkEKXV%hK0Do++hZ8HnXFu$#QF*&*bTaI7HJd1u$geLZ<3*IpJ9s4Zu$P@qU2@D&CQRh#6{@Qy^lEZK-|$YAbZc2WeR4=e^}f8t$YiA-vRhDUxl*$TjhcO(H-Kyy{)e^g-^#b}?|A_J%vYgo|5kb6e^iI~-_@>v zez)oWnQz+QZ{=I~AJ{+h)kfiU!QUzm{5$S{ZM**Y-KPIxZTq+KE&O{NfIst9DBHhP z9{6M1*Ma=|rd|L1ZqxrWU$?>E%D3=8uz%*Ojl%1Kzf~Uiciex`q_+Ie?>7ApYumq- zZ{hDb0DtDIP_}=oJn-+`A^zjq_0R7%{Xes_4gOZXh5v#5Ghb~KUKjkW^1#32{-f>s z=Xaa_hqdkB%D3?EegOW=SD|eGR(armq{ct1OY#@(GphAFoU1Yb(g^6yunWSx;ZK*U zN+e?yHBW{^tuKstfoj4oORbB#pznIM_eNO#)+%W2LUJ6k;BTeON4p}rELuMWS0tP1 zI|gm!uU@iMb@mk!m|^#d7h?Z!*Q(zz8*<#~@7)pBnguMGtSolgI*1 zuKLEJiMQcCrYLo>U=D}^VU-YyVLRkq!uMEUtsRo9kAoBg?D|n7tRB>Lv8&b9$LZ?j zYZhEq8&;QS@@oJSlYKC<9j3|&G6Qk>O{PSTgQL(3vWtt|qvn4OaJi$4-I2-x{&7E&)U_J> z<0>euGhG;z6L7)!Au-{*M$olBc3cAdc`l6e2qg6Q3Rb|r*0>W?(9KVW8w_cpzl_KX zboRQ3JZ;)fR0cBN;$JDQshoz1Iv1imMh}PUNIG^5Tt`f2E398IQg-J@r&f@`zGyuK zZB)wqv%K&DiVuOzaFy*lXS6Sj14HPbc{9|~4jLGu9+y@8k5Xa~{ z$wok#T6NMS#CC0$ND8Anr8!Fpi z3d>5`JX{H%*$Zbs$MUl|dRS21c8s8x@(AduzG46|N0H+K;OZ_3yh7a_Me)O9x-CxC z_j#wweP*0*O7!LhIP5z@1Ik&)SxSk-;|KUBAwHdrUyYhjVB_b9#XhXw|4LJ)W&S2a zEL@1lu0Hjdq{-#j#;b!Ic{9yRnDFt{Y;=fylr%R?ih$SUt}H zNgX3tffPliQ;-6ebOx=uBu0Bo9w`@U0o;rm8O0WkS@L3h?08aE{8~H|fOrA0EWnU) zgiGIAtWjg~q*Dq!zUlx!pFRD!(R6-wcomoy(Ud&_9A3KMqE@5MS!m1ACA@-cOaag8 z8Ci!r&i&P}fqF)6fiztF0Ex*N4+F-4J@L&B6XppzXv1q9H{YDrfM@aQM#i@7bwS8el`fWK<86NI)F18ab!;y^)1&U2Dq?_Q-S!@b zO!KI_B)zSCf-DpDhWS7Im;7;;vfTsfLl%0}GRe!`@oRr-Eh{~$`QZ6k6%6f+eUgie zz7H1P?q^IW#{4RXH+v9^2F&6LsLP*X8Nc9%bQ^`BN@xJf)`5HPSZS`!5$>7w2j<-d zt$Vbik4w#$^aJp-=;KoF{+Ilcj_C*bxYSa~I~aXj>dyzy&!LY?6+dw>`nWRmsS+C6 z^vSS5Q2kN^cxd|g)#aCT#6Ny@k)$7tK7RGwf64cBOh3@auVzZ#!RX^x^#{+-p^sm= zA3qp<{2BTLgoZYK{8|1vR|9xx`uJ3p*0b92k55%d`oZYqQ+NHB{Ouj*i>?tA+8&HP zJ~j2=`8o9QDJ9B%NArsT$MpPi2@P%fu)0ivpc<$L_@MNm{Sg8^zEa974+MT3ik_{1 z>GSCV+<{(?DP7Xo{5(}h??e@G)xzWQ#5hH%+@ymodz{ggg16trv{&CI2Qtj^K`x#O zuTET4h02KqWGfsySsgKO7O}n`C(BqAd)Goc-gK(i^iu^m+zG-nY)k4?1Sol8A^dwP^iL6|7(}j9>d$VZo zS!Afs$#&0%>N=0QP(y{$83-lD6U2=z^^`#Gj<*7(U|6}OSC7@|9cXp6fRDd?pHhuQ zNNW@RCm6=-Nm?i}N2`xuLNgh2=*mbMnQKXOB0YfB?$&rSqC)M5izXI|3br{@w3|^{M!{=~pJ#^-I?F+r%#%(wr4%LH> zvVY#z8QV>S1Zg3H;Gd+5d18tHf)jV`1lO)zGi>C2fF^|6WP+G zHn3aX4plE+XLV~-u5jR}q3Tm9A&x|n1m-W*X^gj%nJ*yMQN&4;>v+yX*bnx#!HWUo z)n#@EA+<+aBc*MzH-v$xzO1qeC{n$~R;$xSk?_!G^$!wXJ4|b8dK(s^Fn0+)b=_9% z0!ewqueTDfh_6PBcZd4r1KgZPr<<(?olVr<^_r+8*+SI=hC%$e4ws74>DfO7RY|=) zt_D>5RtNnTOas?Zu+^LTvCstNN2A-O3th2$%65=~d?`fT7}FG7opRA>sVrTqUeIQ@ zu-bJ$^WYe<;B(#k+rr7>-1Ii4{F@mg4EPTrc*a4ZL<-fdhqJT?#O2$oyjkTZKf#!CKhc__-!=tLJk1i`iLiXQBNL=K+($c1w>H|9m_QMQ^F?k{ z$XsRXs@0^srG?0aQk?jf`lUkTB1yq}3i`WEyd}Bs1mI5OcH4VE6FW2pnI_)T-#O=3 zRowql)@S#>ROK7jJwxogqc)hq+)I$;7sw{QOU|IXeu>-rlpKlRg5obgxAYvJ+I6Ye z!DwZwE38FIjXGZD8Vm(>-COgzfI8W&<;6KV7~7{mTR})wlapR_#rHU473iu6T^5=j zLySi{6WKw3XCJgkw^GExZ{0jhV&BQBbhu=hX)&cp8!w93E4D^bWmU4+_laio{N9n9IGuVM<0#QO%0WW#CIe7Hfhm6zl+00nWOYRr zsH<~E>72xP|A4ifT>%L=riyfXgcEy6$AD3OZzHaWq)|D~Zr90n^K@#-^;hYL zHJ?IFRKN^!B)_1SM~=0y3T{()@aelwvxefyDQ`m!78%|*a}ddf64Xq-h<_Hr4|gq6 zy^WjjMbe@{u1DraOEVb6b(f5R=3VkRx(i3TL0Y-hIVZ^ijO2z*NVbOo_v`KzYP0-S zv^IQ{+uJaX9V~Fg7dV`;F*oPI)ww|-uW5=MpU(2ft9{e<$E)x@IR+jabmD_c-qz%D z6wl(gl>TW9?UYy1E&6pukLVX@vJqFx(#eYfjPBw8P{p1fR{P(+VYMGUyj}ZKQTXOO zb3Z|2n8s{h!hcr%C+zw$)F17HalnRe66(~S?(jC8jUO#t9g%KOKzvv=ca{j9xHGOV z2dzgUAIgq9w}VQ=v-hqT?Iba$VKAGnrRSpgZ}`M{)JWYYwXdf0Q6%;T`awkRh6bRXW1^7ww#FoLMY)~(TP26R9jx( z1;=lx0559v@}Atr7{0(Qoa4RaX87?Ye+%M*Nidq2LKz;JA|vkO1i9rh6iW;aFw})7 zP=9)8mpLR;#D}311drLVzpx4H?E^L~cj;CGTIHQL)g*wHzIcZ>R zCL==YjJGhRziYrsNPPw;Yd|_&&_8vX3;a!?wCM*Ig!bouzw$%3S?f0kf`LCk%@C60lo9;u?O^hPj3DJ6hC}w-k zJfHIynSR4DVQ;ws_RHk2m<{pcQ?J~~ET|-!T8$SWJ2jowwb*T``{asZYKXBFUA6SbxxV|(LT6R)9efyYas8!#tRgFF4Y|dj?^92 zXD9W;0QT!i{hy^z>HE6ia6IzxC~9~|t*wSw@EP||XhO{Y^Fm8h)%9rYnh$s^Zw>8) zq0a-XBNBB6?g~I!Gn9NlPHF5V2|h-bNjn~Dm0Xf$L&sXWn`)9?k~&io3#wF$WVNUV z$;6%tbElk_T!B>x4og_yrv1?xr8;`{Q?=|5IsZ68M(*N2FxLY%jt#0|!jMey|Hi!-8=)v^!J&zg{0oaqNQdsd@# z^mTIfrFXQU9u&Say5&+Yq)yh~aILG_%L%F@aXrhKo_ZeFPh7aHsFk4;G|aWZaFUBx zMxB-OMA6l-Z-tsD?<|vDalYjd{T}f*)o**~pQ}@a>gACL-qk{O!Qs#5vMsghd@HxL zR!w+M3f2U%?Kljx!C2IKDqe+ISq!(i z3A4#_kjAm&5SnwCu^zK4G8dkM{Z-sA0yL!lp|^SZS%xZ+9g$jHa$4$5Xv+{9Jj+42 zmebT9HxW-XD3KWeaMMIYk5yd-1oo4Rw-m%%3qaqULM(=2$WnLO(su2Q@3_4ubzQax zG@B+CppU;~(%y=<;GR@5`k3&wY!q|$lY0C-V3`u|KrzT308xtcK@*n-{7;`88H?~! z@C5w-5XRL5-iU=FG7RU;0jd)~%G+=`lFZf?l>ZnM45`U@oSTiv{kiei49Lt=6CcoEcZNL(z|oyF_Os*~7NT|`$QirQojSoTNo=^dgDCF$p%u*>S>*34f963a60Btf3&hRBN%Vnd0_Aouy>u6-4*GGSB*tb=0lc& zah^+^|H!wYapGl|?VA0v#~ZJZMo*8vw2v?TUDrAOXJ()s@4YY0?v`*hJ%?1Bd*w_A z?%%TIJI!IKx2;l^evy;!Mtd;pW!n2sNA2nL30?r0wgri6e38SAsZ%%*kNuj`8dt5s z0ZR-t19Tr2JBy3Y?govh6#HQki%}#kISYjtfFl}+9APv`?lrm*=AOVNu5*ReKZemZ z;YOKzrOY|mGES5+O9G7ba^G8Wa)?Fwg0dYs^sHs(-zC$HLwcY29eh_A8i4DvJk^$- z?J|~2%fZ#`32w&T22KR{0I>2oy5;gU^Bz8ydf3(*%f%t#u1Il8i*S#P$90u zJ`D~7@9m&JEuvO?RHqDt;}I~}*006rn5W^xCZxPENG`!tyiyqs@~Z5U=4<8lmOjSfR?X}=UM~~D@^>-WqcyEK3s;K(sBudjbR#Y6N`y!xy*(=+1aoPv%%9S zv*B#KH)QOU`f=$=81Embua9|gWX%ub*r{aUWw!}1?BXVN5p#sqbG@t;u5J$J_jnv5 zgWTG`Vt$QU@VS>Fj-M#4cGDe;t!Ic4k+jivPjx52gC7>0XeC7J zIYz(EH)0#amrm8M`?6zS>Qvg?Yt(->OGmtvueBWGRB7plUkS{qPpoRMEYm}@KysH% zv@oiBK0O6sFL;7x;zU$>@_cga1NT=14TlG6Y=XX%{sHQuJ1 zki#8pt=}=HL+4=HaGhqZk+}x{C|t<}MKDbhSGyA99hUHFBaDK^Jp#-J69}#t zmbj9M6=OE48Ba)dvt$bk?6b$G(8dT)g&-|43QAM-jG%h)2N?*9IkKWnGlz&aVUAa% zW0(Yhfbgo?Rb!X3uwE!nLrEJ1`o|8|ucyNdVL2(DS&>M^ zII1uPNzEp^CV~VY8?vFfAU(S%7*;h&kwj$fe<3G5JD_I1CWEb~0@8nj^s*fo#ej-Q zmK*iqZnG4NCN9b0V`PEZNgFtKMY}*p zHGAqSK$-Tq-eKXLhmfOp;AsWui)tRO#ZWVgGLQ+v=c%>d*#kU^$|+7ThN?GTMo zDKqF?rD~oMzD^)=p;LYG7K||yaA=26G+{OOcQOYF9XEEXL+WSf0+T>Hc(uWo@(#kz z&u|VfZ;W3{cQGkbFDAV-uVEm%^J`!h0C+tPWaOU-_4JvbwkS|qOwkxDc%NpGiVcooHrqjzbP4&D|mOsm4mSoyCb!MBb;4WAps&ZMYlF1No`hwkfYd>Vv^T0GLkA{b998 zw_Lt@{y%mDWZK+fvjBW?6XFh%tCsGU%RgA?r#)+77#+g`t(COTIiwb1OK7jAlbBLnS-!{{wM<1P4qfc-FZLz;#}UMdZy(% z-0L{U^<$sfPfjSgPbI4o43OJl&UD+5#EyuN{3Z0BxlJFUqVTWP#toQ{=K-^G3eZRC zr1Y#J@kCwX=gcfHS85rt&f7Q*qA)oH|Af>%`{_6w@0KW3@rGc=ISZD;F!Au#_5n!=j}^du|fbVm3#`S+#N#SmVZZ5K2Esgz_PB(@!h(~c9B8q>u;_!x*MK{a=t})R z8iN$^Hj)R+w&)Ohi||`5Ed>F$aUjC#zQ5U{eie`M-kK(~kMHrv&gb{H`Wx?aIq;t+ zFwGmqUDazUal`l;2!4FNHqE_Jy}AEI54-uWql+$M5f!#Y;9N zx38wAEcDKrf2{YSd2BftOG63StO?f&cd9o)Wm5tLlId39Faa+>tBc_s#Tj=r(r}pe zc6_aG_iCQyc&k<;z)RKY`(3e0bB+0OSiQbapkV32EZw3iU(IkOoTFzIK~gU`lX&~Z zFtCKO$J}fx2I#xr=WToy=6|y);JF{cVNOFHflCAf=4%Ld0{ervfuTisuk zkAh}JU^j+=)7aZM2rUZ{X5#VFlZ1L8v3Ci%B&3eXCeYO#0s)D|n#OoN7WxZcrEfTy zc~C8I?&Ok9qlkGLjxZL9QqD$?+P0lDk;_cuWZA*A`my2ce!<9&zJs6m5n^{XL*chESEL)S@NE7lMX+8K>@ zB4c$$J*0ot6|Et)xuh@38UF@cy69Dr>8YN^_nGe*xH#HhMRKYpMP~<9V0}DI{du(@ zi~t*0WXN2^)7(W1PPNsUB-|5EY+Ku5BNlOZo zX&1PmC`SKm3yS7+uvU%KAi&?^ada6}+fF7uam?Y2og-5OWU5vdYVI;h7x}?J3trSi zj+q^w3!RIRiAx;O{2KMfbIg%Qi+bG@TBn|k%+s*WlmR@(g7rRoep8*a+%Tv)H_fIj z%j0Zlj^@c-=~S=8xtzZ{fwt|Tm1nNyI%J|#XVirw#jbCIE>N&bm z5I(qH2w%1(q)xSXHe=ghD4rtquN-;aKr?_G@B|R+;w9e$S`5F2cN9jwwriCuHYiL> zr#eR<1M92iHITpKeKobXm;%}B9I;a_t6;1-ff-*$=HjkZkiGLDt1!)r%GT{#<&Jel zwZz$;>M&N%X9P5nBGiB);I`f8bEMsoypSr?S_u5b%4Ig8c$&vs+pIdFz zVJIiwllKYUVdd5OT4n}*(Sy^|ll%-KRlKh>J+G5m$LU(hSD864(_}2Uj0rR{>(bqm zcO${(4{cxZo9pAlpvQ4dKq!Q=bbP2kHajsHxLmkO_ztVaWiX^ItqrNGBn8i{saK2l zrz4CMBio#9ekS?wXD^|4C)E?Fr)4k+)%B7D*z5caGnQ81K7)(J+xzc z#N>zk#y=t-L}36k5bKpcN=2zqRHJ^a3tI|EDvG%|IjnX!3kihVKY!aKL=nD%n z_8Oiq#czNyx58>{i$DLM7br)t@nP<0BH%7!{{06rpdb-ujr_xMI zg#}YxK#XHQ+hp(1{h4M4+087J*iM>_#GdYxwje+XjBn6fNX^MK$L#?e0yl1y_Oc$A z5;sKdt3a(ip#G5d^?#!s3a$EgBmRLtey?;ShvT3D#s#Xk>j^u!U z3AdhPW7}#vq*h&$&t8Rh`KBH3GA5pvxh9-No)(ek3OJiF@ym8C4Vimcs!>Wo#@Vdm zGWtl5<8+UhrQ_1*;Gw-1KG%F{4F zp&|Dpff`t#cM-;Q1rbx%{L0MnBP|9AT4miPAVp!|=bkJU;&d%dbHd_TGV?+e?| zw;g_yE&jR43w!-39l(2t@+TkJLHQpApVjL!_G-3;?p><^6$n?Z0z+yY>fU+rOs6_J>RL?U+9;N(OHLB_BSqgYoEi{G|M? z@QM8Y8o#aVHJO3#$MdHJwbVZ&(pf^&H;O_!S^_@WIEg9X;;TMYK#z9x%PsH4OS=CX|5>dRrP1qEx%mG`{W7=y??p;y>Hp)_kChtl z*PL#j`ZUwRkDuSU^?T>mZ$~d{rqs{JOnY@e2lP5b`G;})^M9kS)vIp-dd<&3_mk(h z)GwD+;-LI_=V=5ohd&?CN(1$ilZJG}pYC%H#h*WF{=B9~ujsulJ~bd0z8}dyx%JQQ zMFg_^^JDf$?_0Cxef0mp|7ZQpBE>WPcgzo^^DvUP_V0in4pDwaw+_nxDEeCbvy8p2 zYYX2`uK%4#*?@LpG#p>%<*QG=q(K7bCYksQ-+-WM%BPZSoHq?0lk|r+5M=hqv=6BM zxUUsdBd2la%|?dFRa3bDM|(9CTt6JYBSCf2OtBY)X_>>`fP6~F_Pi^lCLU<$jS#4( zPlur-578#_)q3gEFEjvfyp_1pOORCH2H?>T68BR#JOsQ$M7Muu)Q-+0-3OT_UNe zJ(+fYVCtVF^{s4bIgSsEe@W^Knbbxec*PgEaU?bw=OeA70z#8fMf{^ieGeN}(i|l= z!zA+I4>lkE_-d&%fODJf-X^viUn4I${tk_SzMf@R5RyEIwC$nr0YeYG%k`KO1;C2B z;MRJ-540>MA>HapQ9-1$`REL37x6!ky@*Z*@WN`4MMg+{0ZJrX0noUxVN0|x@(ZM3 zEh7CFh=DEEKY0WSar|>~u_aSI`^3F03Y|MBo2L1wDDUp5rPrSUy@TP1n$q3Lu6$k>)n z%W%w;e1kUR1$gSNvFd;VG<*P!KoU<-qY%dvSJv8(XAC!3Gvj#_`m@Kgd6%53#rJeu zc(pZ_bWh+|mSXdhs@6^Ngt{Gz9GBZ<3-awIueO`)zMzlQWYlVMD)cR!?sf*KAZJln zJuky510P2d7*-Am++r|c3(QePmK#Jej2e&ur{7OwpcJ2s;%dd`K#Pa`jrDMQNG?M+ zC{>UxHHf8tmnn4tOYt-krFQ;3)0T&&W@SnZMyb@5DDrBy2oE~d#7vQ1EK-Fc4`z$B zut-U!$me@efs&n#(^a*K-+C9@_b?Te{K$K$c#E#^^ z$9x=yShx6sfWzCc2j$UjnQoV7fYI^QYUd6y9w(O|H*%VmiX(B-l&_xtP@9kOfQXZitgmhhT84jTsAK)lW-k_@2g>c0*r2Zqo zxXN4Szc)M@IFHus4R?#>wrrR2CHl(Fu=0&E!;G(TQa$Q;D|Kg1D(Tup4Dg8-_-==4)tVo8@`iJzA8xgdU!unb)f-<6vzslos%oDU zXmX8?HwQ)_RJ3DOKZC*SG)bJCHVqJ;;uju`*}Q2$UkQZ8@>Z@6F2Y; zM0o=tF&ht+c$X|fD&Gs@NWpPeoo0h`wGEE9VF&V>&h?p|KnqMN^ey1SYwk$5prV5= z*t}N#N!P<^l!(D51kI>b>m=6~3fIa40C-9OPe^SOZ4+W;;n?KaJpOzrZXaDvI}Aku6AeP1!flR6J}vO;y_&V5*&mp>1&j0=^FUI1@UygwYO#?>t~6uELJ96d2I z+;|g(aJF_i#`ED1WIS>24PL;y!4<$VZC&3Z*vW^Ho^!q-$MJH%DWqt$1x2U zf6Qa>uiy@y2Re@K!P&yd-HrjRHAWFCV$MCGD`FZ>7|`l$ftNv{qmGCBMQ}3AxzUab z#8t;&UZ13^)n%&nmTKaHQW$%OuU&PS*4nk39;$2$5)V$@bQkrrdoHr|vol3MD+Zi$ ztiyFu>t{n7Ky@>ljt^kj#jaAJoch>gAlAPe|%Nv#E?*U^F8&r0%d&V@DcqO1Ze5;%zvcZGI@_ zuGXnsg;DZrDS3XjBnQk$OUbkBRFvy|4dE%XQ@jn^*)wa0)X`RptEI((QZg@FaurJA zS-K+)owH*{2GjeQvjsV4NS!ybIdr5lMj=uoQC!uis|ud+Gg*aF)P zsT*{v_yjaQ2L;a1r7z2rZu}e7x}#8Ksqt&UX-p=sp%YtrKvK)HsoTLOnE#T1_%881 zJ-oL}MJr7urSUc2O8Hvl%#?4eLSFrXbdk3aas1PGb85i1Sa6n{h>u!?j8W&=mp;7> zxW%51&z%az!HZwX8_`piM?-4Gc9FI0)8oBmI}{t~bC+;Ot!k2Nu62#CAy4<&f?t_F zm*b;01hx#|eR8>k=^@|!1<7c1F5Wb~L!QA>%l^(;?@BI44koGx%UK~r`*PXkx<&7W z)WaB}_HXgmO!CSGvhtb|H-Dp6Pf928m%~4u%IFbSHmCfIZ1SBN5_* zJ0^I<>c(Sd=1Phybi>)Cu$rWkutk}gO$H`zHB{%M#^%Za#Djq+P&?reRuwuCt@O#3 z&Pa#8Iv0~(9L-Ag!kZ&_R>9BVzOn=0!Y)&r!`F<$=T+8{p^j;b(t0j>>ah3&PWkMVO(30bG}@GNq^ z%6q%x<-wBoi?$o!6X-R!;19aBIcc;xKoQP-61s~3ZDfLM3I}WKWo(+Z)pX%DqvVj zT(!A&cA_EhJN&`u^n$I$sD^J4^`J@V*HVW8flLD4 z50l4Re7F%>5dcw_ECWa|Cm3jf-NB#iD~%om1Ma!Elv?5Lyh|AFRQ(3pKL9L-vslDg z6UNUHgdBQ2a6js*&5BivI9B7?EIKZ4HCtmn1(>iJ@VZb`Pz|evp9RWjr!)H-LwR|bifebKhjIdg$aK&4V0jq08=fiV&D|H?4(>ViHJ6oai zc^q}8!q=>wzE@J9^*vNslBv>Ls;qIAPY-yY@9h3+Awy0B- zAXo;#BmHYtXe;5PkX?W*-Y%hw5#o;HmC0e7tvm!SzsXzt9EQ*rpW&r zbf&8_3UIuWpCN(n;TW>yCHQSzk>R5m!biS0Z4Ta&93h2S^c4KcqD*}mF;Ug+Yxcp( z>V=WOfw)l6TY4U(QgKN6TZF=ZyhOeGv7Xs$BHfJ(AlYkFi-X`-_(>B zr~s$(EQAfw@YqBcx8U>Dy4Ni-CJNyinRrnMVbG&K+YjQEt<^JIVVq@Jmo+=rINu-e zL0xoF+5xl7v;4<9?gI?);3ijT4VlExZK$9BsW+ruvPeIaz=%gz$R3rHRMToH+&#mQ z5q&_QC7YPA?f|RgxtQ@fkzXV5Rkj0-d-&9@rv^pf(dWnYN3@`uuA`J>yFIh*#->E_ zjjKUZkf=1QzBx~NjPJ>hjYcy*DUbWxI=TF9q`6}y)`((#u#0z%^%hXf!T??<#Vf-v zVSk!@0RPy@vSV#$Z>Yj7Ni+ne^3Pp?$^27nmIUaGc{1d-EKd!A%aIPc^vC3=LL?Ir zAJysCu*SpCylY-nG6Bwzm^{fp;1_KON8oQ*4g5$Lb_Au#3jX6A_az8a6$%Gc-iOSC zx1V=0b<)IewQdhcwc5og2&q{mGA%TT8)5H%NW>z>1oAcvMQQc?tK2wy8|11=3wIT6 z%zL0hSkvI!2j68C4(k{oauHI^k7~m-+TSJ%26IkKU?6W1>`kY$m6>n7EyIOO80fRv zPG_o*@o#jjmy0XlpP#P=K#xQhyqPos;KbqZNE`vn*r0ml6{6>kR0?S7dHtEHQ^$Xp zyX9|+3Zhbx8>>;s)nNB;yXAlGRp~5K@X>8TzSQBkV<10qB>=QEAIFFrk7gh>1k#1N zGTodPy~r_dw_VNbKWQK+1|tT8eAm-Hl%r-L!fe>1Lb?{>9A( z4HJl0XndIg;g`5=k*|JOuZguKb!F3-ZpJyN5LCxV1$Wt&`uTa?2FJ!XmE^_ObjKsB zC9#okGL}-cYWG$lrP=EI0#k*nQCMw~G|txJjD4A|BGT2bbXUA(r6Xm`tf%}m|WG$!9dXM%2v zt>haaY2$dEWUg`Uf$;O(Ts6Y6xGK=O1%EL=^4yeNE{a97>&-}CjC5%XV*o7oeV{R4 zP?V{`f=%u&=tHvdT<0!0~Mmf=fi)4$AGy*nk#v+W7cG>S|r$uHZVcJi}`Us8v zMt?g)t~Mo~M;^kj;eNiT4l)(Zok0a_E|^(sI(Mv2{sqPK`o;JNg$YEkue%a2ePZIm zB*iz>J?b!kPN9b>?%aZ9`*{qK!#h4z_IlYC+7rx8c(}13sNTH7(rf3QWPWdM*tMa4 zo9m6O=H?Aax2q?v8pT(+%HK=if!X!Wx3N3ICFiHv5~d?nFg+cw#QlYQb>}OZ!CslssMZf4VnIyd|y&+8$IVVwLtFq+#)yAhEA-88M`4&duuk!3+p_ zk!t}$ZySVz^uOC=|GhH(S01eY{Wa_aTQ>~>^nmFy1Y(WapzGt*u#fTQ90;ZZf;(Qe zh|ms#jDIf1qyz)h)()k|w~c?U9^Vr1;dvlCJ)y@zHjITmtICQo#N!o*e&wQ-KON?t z-LKu>HTHAkHf+B1$mAKnLI&X4_maRB|I~^7jaapCCm@2)Sf08Tp(9dV)b;qoCv|s@ z)dWUBu1~F>xY9^f1&?E3`-o8f(+ysou(SZMgE}3Yn~E5BW;z~ecif;mMz7EUwB8X? zXTaJ4er}}F=hyGiWH+S@KfR<`l!_$7&=~(|+t-Qk#)RLGBU9 zstFQngX-gw_mKz&J1_px-c%r~|K$`uHe2`+6gIyySJkNbP>m=WS}k1agc*%?vPm8`gn?nkIA) zSA#1GgKFkG(o1%ykNrG|i)q}R<}W?FKb@4ulNlzQZY%``81EkIWW0g6%L3yj7Rs0~ zLTaxD116qFo{`ajO5L0-5LEBz0-&c)y+1~HqDH-?f0)qrN`%FYZJEwT+MO?5E1l<# zIr!Ku$937!M0|u5Z74wvCWjK!Hfu_}2aK|;7E-gMmM`0o!3&vcpxv0affGc=7bJC2 znH;M|NIVW<2p)SNQZcr+05E{YDJOj>T9i5|lfp2S*e6LVjI%ga?Hx}NfbANa@iP1p zo-!`lzaO<@y%U~5{qlYI*$t-$XvhQ8Uol>p!Y^swgLhM6y+e^<)vEDrh-LWMqb1oq z-LcxzJ`tHm;|rceBk#rcI`Qm65uVpwiSvl~+P%la^8g)jIoJvfg0dL=Szq2Qc03fm z#_`t>;O#QqVDdgTRg%e{W?1>XbpA4~${v85GYQtBg)EO( zt6j^51CvZoxB^Xc^C4t$ezJ2Dc@K95gRots*M?&qxrvOr+OR0M4HYITIgl~ zS-eItw*bLZ1TaE|*jdTzFfzt3P$zjhf1Q0`?Q>8YqwELmvMpFt9LhRvsaUPfhd{uh zWpOhcvFf?g_cqqSObRWy5DI!^HUuU1t$l@=S+p=Q6mqnnYzKD@J`Ah6@ky=P^T?a) z!Hv($kVx4|sw4&BV0AF0ZkBZD@!rKBk$h~clDqT*lqqJ3#Vc8plWy@!U7`Tl#TXVj zn=zdLh;bQt5_iiuS#eDa!dNHewfTcUG^Q-p9$jv<6xroHm>8idK(@? z%jluupX{L`080@MLdK7h*$SY>CLArUq2j-RuV5P6^U_Qv;RtGjFG+2>MNPuQmBlJK zn&;}f*iUjenemCtC|z!^Z}+Xv2-;+CmU%E!CbI_C>oVMPOIu&SEXsx5{2m-12i#ya zz%~x=7BS^ooswLOVvSM*u=%`IFPriQ%2JMG(G1b}1?EEXIQ(P#%j{a^jQO)mMz#6_ zo+ig&tj@~KYPI`mo#yT5(B(7hL$%uSq*Xq{W+1GmT74~ba-Y8S@;;E9KTgNMUW8cZ z>d`m#{J{bF-}O(7YFWDcs|EcAv^d{~(?OjiL&n5<)YqkpVtMhF^nmxx-Bwgt-cPXJ zw(#BGDK-p&5L~g#8q*7VrY1;#yaoS3w9>o6)fYY|(Q<^OK9y$5hIw|t>GxV(eT!0? z@VrBB;8$O9deOq3O=Hrqg0wFD>IF=oG-F!to!08=+l`m%O~$%k-I%W1LH(Ew%VsaA z$}&y90iC%o0${(4-dY8M*rwETatbZxB$^qDFjxVoX(f;(r5Gs4>WoPVmPNPuQD{;% zrXn8rn*0%UZyb_GC!iwlVihL*e3zR0Zx_hzo)k=Pz@Tx_L5P!Mjf-(`1T*cGkb(nO z3gbnNlSCHAdp0s;_N_9;6wE{njBn?2*+l@1N1??$6D{E#40@Wm0H)ZyEklsC-zdzz zFT(L%wA}@4%$Fyr37?2e0OW(9LO-be85+c&0Y_@X;(OAuQ(=WJAo9^^h&8eA3SNhG zCwV1RmGdq z0}TuuB+<%MZ#$n3}8HbQMPQwat9?h!D*uP}>C*xO5 zL7utC!wF^c53Dg{>|Fl&vGu_N4t47x>mQPTrT)YN>udg{eMrpHXRZC3sK{{FsR~Z6fUDfK*jZ;^ys-%XQTkS4`D)3%r)aKo6)B{L8Xa>UT z!vEoU88q1bb@z0fA&xTq+0ldi!*d;61AVIV4O|%^c%wrxb?tV_s;pXi9;7otNzW%@VCy*7Rzu#g3wfdWW zsQykqM1RNs=>8n4f409L05G_NguKMKFx`VSyHJMk0!L(4ZG=028V`srcqwWS*FW&NaOdha#xgc<@@)C6cWZeuyhgwzW!X#v+9jT&nt zfT8d znKAea`pg&yrn`zu?H7RsqIe<|t4G)P++s%*hK!5YL-Jk5lbn0GBYGuN zxW#0ey8;dT^I)K!f5rvoo7jqv3(UnX#)ZE#@z;&v=4+b9S40)(>qjDhB%sq)S3Z2_ zr#-I-lq?P!rI%o;R*4o9NcD-#(r{m6{2J|pMtwBs3@|7lx- z*oV!>o@K82aTbnRwZv(`f!^oa{}Gh=wHl1)Wm)bBj9))t3D@|GLA?xnxj!QHWWR0c zNbM)2+zRnvA|mh%-_Uc+&{J{nCXN^P2s1DZUDO6853sn@O*@&1*;O|MQF(s9pBwk+ zd3>`Dxj|LjMHmEWLx6LlvI4(O0_FYmX zpy?0a&U&VD{MGJj#r{8t?H%&I(0(1r1bi4$f00F7R@F_qrda-IchDS|7nu)g{NXWc z+-1}?jD}yX-px+EP7G`PBQXU4qu1qb6051um8Lw#7iX(m|xF4 zsu4^luYuT*@gqZXzgx`xZhMZl7#%F_#=h5MeuQnWaTLZhgstzz5)M{Ym>You_#luF zUnZB)A4SNZ>cSUgjY0dQ(NzEvt|1|Hpk(&+L~eUCGS6g8oe~2+W29KMxW~b zH_erDWy%(q>f66cs=a0AdF5)mqu=Lr^l0jiTy?rq^V8pFke^nb{9pO$U**EW!cVJU zC#3|&px#s}HNj8E=vxeeNS+~AFY?vcM{-#z$Jre}g|YP0pw~*cKTlhEmmJ=CUyi#A z;)w>qZ-rqM=P5s8-XCWS2cd&1ey>n~CI)Qgw<59`h+n9l>&|3caH<=GdVB#yr(b@* z*!0Xi@i)M|xq!5T07ElD`rj|O?I@KLQTx;M&D{D&S@i|S1Ms_8Q%WNacKN<%Rekp zo7`AZCI(Tl{s&VguqWUrK{i4Osa4yp>;c#+uL^ z^OSzqf|il%Q^z5<46lkHt9xp=6ZX8y^8K?1>1RQt%nb&05HRMxhpefTDrvgFyE5f! zD*QuJ#SOahdi2x{K&ejwQOeC<3wltU!wCx|0&W&8&B52H`au99Hy2+>DOcI+$u8(l z)_bjQl$h&b&hr5I!iWzK@jQ7FCp`Sce6h(Ud>bK@k>>+p{2&ajhCaiyS)tCrd_v$8 zpPMBUq4S~#c~ujTc$%)tTe+h%bjrbqc0RIc`qd?i_Boe29kb6&U9WE%TIe@w^!Gn# z%WggagE}MPYg|?pZ)%KlM|@4C{+u<;co%hq#M<0oHSw%&BFW{aX{2|hay7Z?n@Wsq zLoGnnZN93{SJ;28`WZqF0$+^N0Iblp)LtOLmz^k7C|9x5%x&iPKw~^)j$0W(Id!hF z&F()k($JkFW^M(#mpI9=OO+WS#M`2Hw2fk_r!@9#cNswm4C&H0$5;XH-26Esk@OL! zj2Fl68PLX&L{x<|W}=nX!}@~Xy|m$0xy1+gl;SXtWlt0$Jl#$#Gm;So>1bvox_EZ3Eb_B)CljycshfT(ap!`QRb z7$y(GWLV}I+yf*Z=1_i{Nu4homFi{8%_K#oAZF-=|FBq;CQQO56OSCzR9I^4vn$l7 z*YC1<>Z}@M!<~s~J8atdk z$O$!Qr`P8?1xnLSZ!d8*$n)ML8uuEz#mEBVCXG<~enAM$xbReDYM}8%ri_75?aySs zM%p$0t!v=ODqW+#{JXaH?}{D=hzcXv)n5Hq(aj7#Dk|XPeJ?#OMmL*aR5A-x=RXlE zU-AS@EA`3E`*h&YA`AlEG;vmR?`s;c==a+blPW@_`s3>f(Co|w=Sm_=ysb=J$Xx@mbnwmi|ybBXB z*C)pUq}Hmy2_O;;Bga~Q!PeMC3~vK!joR{9raPQ~@!B!{R|^3b9wDny&pnvQ{ynlg zV}s7*E?HRWkemYx2gBPi8!ZV;-Ub6djdyK&My{}j;!L^i;@5I1+`i zvUTQXV8H*#q6#79UAzfx;n}@roH$gW01xa}Zgn+P@ZB`TO0)(J?*RZ{@RUiu!?gmi zG<<8oaq8{A%0xoqOg4qp8#9Sbq1+v-Tf0&+w2o%eaP=MtS9plE_@1cu_Eq((oXsD( z7L(sFH_Vq;rhMkwm8xKI$UUufG{k(%=o z;c&;|3I4^`9I^P4BNvbE4fj~>gBtO{Ckc032jTUnI5)wds5^1H5Cg|EKm(MaAZZ$1 z4BSM7x5%RE;+5K36aY6D!_qVkg{&(A!Sq{TR!nA6a0xFcU~MkO+Uz%zc<0ckz7e5} z35a8V8%8TnZS}CpVG*VT}Qs4tpfSG2+>c8@avz zqIW#tSdcBgat}K8!5to@{~vSj0^d}X^$j;|C{ZE_TCiZj0znHRwul0XQm_IlLa?+| zKw!M!F(NIHP(-9)TBpZYbR2ZlnNb{dMxC2;^EQv#T0%ud0lA7Gc-=9AAmy&)`~TNI zCrJV4dEW1PfA9D9_v^_y`?~hpYp=cb+H0@veleN)bCd`|!d5yoPo?T@p*%no8YXrO zMo+tI!O={l1;;w}tmbGd2+U3kNuZXOT{5K+dUJE+H@;!OgkNRAvI1R6`u*};;jCt} zG1D%!Ts1x>1T*w#aG_CU2M6XE_oMXqFHV9~HFbrsJ`1l8LKToOu1MxIY%nV{m~kfo zDpm8J5jc!#c1qai>Z;$uSP^4d4gi@bI395H>WJ5KuN->8xzC8>{@le!+Xs6rJ_>t# z?i0$I1rCpK3*~gp)2rim!|CxQj!<4;h7Or;+^2E&?lXEqIuO6jykzlwM`ma=z{Hxu|NP8GT0N#*8ILCxFY;T)yNexJ^;8vHwu>M58r|oE*4@HTNeGoAUnZoI*y#fJ}XkjW5L=q|7f(b)MRwn)lm_Tx}CmYWBW9tJ@7>?i4gsRReWR|&9#@qprT&0KR& zY&ifvIV$3vZS>*pf^`-^Fsw@$7ov3CJtG1&fm5(9_(&N~3x#niQT=rtcz3J9+le@M z!ai5Oz+Okcl&Q}81zMK6Gh_Hy7|Y}GefvP+>U8!$e)LJF&Y7q?}jB`o!?nQ(K9?u)qEniUAqYYeo@rtL{c?vcUg^A~+WI z0xa`j;$o6K>{ad%gfoJ|GC54c9bDXDX^NQw_rFz1Cn2@aE_tluJAhKcZ5fORUI>B) z(&<6}qE(>YJQLRoaCwqjuF8LgE2pt;1mUB>GOka=QC*`TF*w;g%Iv&1prAtiQ4YRg z1bAxSM-}DjYTzHFC8HqAJQO3FJr0W?dAn10;Z3>$=d`f2GUlQTi~hwh9z)roxcJ_Br55YasRA=f^{E$e zZVWYWXcWqn5pJd;fOaKnK&2p=jqN~uf^opqk1;u^m><}2E5Wl0thht7tXw$51wKYI zR4_T6?-M)DQ+ts4fDJ3=?NrQB9h1)(z}UY+J(r4%GZJ!()wkl^frpx44xf;&5U#Zj zsX#ROrRW#89~`Z8I-4xC(!@B3I1Vr_{L=g|_9^y=|3|%s%UMRJ4diw44i=qrSzNUB z#Ey>Tq>@XTU2U@1^gwEW>z+8_(Eg2>IIhw^GR=?Krr6s^l%lB^B=Dqto8}Kg%#X|u zK(Ax3Q-9Pabr;g|5A++X}s_$SPhpsnQ0tg5ULbqb!m&AlcwlZfFigD69G|B)8*SHmvz1t}^(tByZt>RPnk%Y*VhP~jEeZwU zA0Zg+#g|6YAw7$jE744h3v6DLE2kzWY2_FVXZTS5qAQJlX)uOSIi$?To)8#gPoYGq zRs$5A0+7JYl0Ym*^4J0-Dp${4BLmdL-FPqR*VidJfxnH-zt!*4eMtM!APdbj;HefebU2S9k|22`0 z>2v~-Zjc~Nq~=sjq$?q#d9K<+N$prxIpkSf*hw<%J5$(ML*4)gX$Z+vXIdf70XT+U zE^~^?(qWLwnsZ=a%o*`~piXD;sxM?dbHB;q73+lvY1@++?i_&4e${-H?s4#>QuTZ5 zgQtgcFyOq_fCD{Zx4iyFVP$fafY!C$r%P`b#kF@X0dlK3I?RIQ9n>3+dYXQei3%QW zR`PVbHE6+9e5LAVQmh-n{ZZv0REaChuParDb#>x`2IE&3>)0*d*gtCXU8s%*1Y1`8 zFcoj}JxFb}zX_?{J9$S3#m_A#dUMpP`g?|FUgJJbjq}2mk_&SUWkEP zi@}lM7!sr3Hc$@Hh2hBodh--Pk`(xdDY}Q7!cFMmckpaFoOLM;_OGQ4IEKj~r_Svr zvdP6JN_HZHI4S@#`jg>dp7AP`EZU{Uo~-Dhdp!^CgT@P$dsV-mO0ia_a4XkOrTD8( z(O-Qv`6LZsEe$$Ffm(606yzBLnQR7<#oookXa=Hed4pCSU{8l15%%;JQOi5*hKLjZ z*j;LtE|na3;AKxExu>BT+rF`1;DIB%B^kWm4s*?iYT1|2Lvycef?5Uhc5umZwFhCC z2@p7pm?(uW6!9O)kbVde^Q?09LNXAy6=HXHsFG~5D8=eMlLuMLq$n{%OWE#nLkaaO z1$KrauK`2C;ta%0VLVr@g)t`wS2ooQPHY~iL~qL`CU~*B5Hkfb4H89oo>>hcf4P;R zeSBmf*Qn!W$_V%=>#a5|6AZ=szSi>wXw6h)T(5ZR~0wFyWS`+6ovzEuSwRS-a`Sjp)9pw4UG(3rmMOoo*%f-u5}LJ z8g9YWBQPXAxWEQxJSrwI`d$-k`4?x9f?bJuUiHisf}QZ8&Y_&hyc|`EdeLWpl4@O3 zn*(EYk#`v~i}hCPekn-c#Vx7ji1uf-X($`$seKt}K_k22exRFJvq;IWA`s29PcuTD z^UesV+OM8kE$ok3e~VNVa;V&|HkYuQuoG-YpiBFMALm6z<=`kqqROdmeO%0NbbvYE zX~($K(TK#TFlH$Do*)bN0iCVd6?0@nT;0tWGJ#p?S^uQ7maC73q~o5>QWv9%qF+E4!@Sh9_ zkjLj&qwZojHX0wY)4SB)#fI3GmX`GX>Wbs)=Xaa>U-Y-B--_4u_c*bB#;cXEj<@Q! z(!12alh?oJxcd3srv83y>$l>q_TPR&`x&oBrRulRqy0gqJ)!-%Rc-Ol?>6cK-;5%s!@jm8yC-#E?u|O1X z8srpyHE1DkB+E&XuRXr}$l$skTH^Y#zAVh#Spmm{Kvn>U4sII5cIMpBhCoDFkXF9o zfG$KVwESucnMyzVf0AC{;Z^hS=X|pC!p{RDX_Tw)stK_h z19ZcDzG3IhudZGquTz1c602>%rc3>2_m3e*DS+c|nHmn{hgZmU&Jq@dg0Rg&z|}Ib-(g8!yQEB@ zDG&cX*krV`a|UMsdM+w4Ck1i70L=pc<=F1ZsenmW0gn^F7ZVbcs{95*my1h9i=lro zWe)@94r+{kjbDoUTcxpgNMmO|AdN+h&UhEh`4Sb7sB#@up;pWF;!qUOi^O!915#s! zZ@NFO$85O}&6^*Aza|3vfX4VT-(r60HrE~a_apf7T)Dk&-J6sJJy(8Tx9ar_sHZ$v zu7&$gq8si%K?1?#+Doe@@F_|&%%Z(;?!5;NH+2hKVm!j0GvI5ew|X|Bd+sw#I%5BT zIS*Tu(7yzS!lv>fOv#<@6T;NTO#Tb$)Pt{x+bB1r?c531A;|~l^CXHWZGMde$aob^ zvD8X@fV^b|T7@EW0tpcPbUBtG>K{5#1l*J~&qSZXM^(A{8{}V%4hj`?JW-||@{0pq z7}{K9ens!Qpl3K>dR&5OkTFeH!yNPnj&pHkYO>A*N4)ES8)ppYP!nRvT0vRsd1D%99ESr(;daip?f z>yYS6p;qtT3+}!o%*Ua&Tx>xldL^R=`Cw)+mg5Vf(FF?WtbREL{@=k&@GoNFlSo&t zwuvPteZ&CJcNv7XyVc9rCVfX!or>}VgXQYZaS~xG#ZUo6Y8TWC7=-BSv9R&=E7w7G zG-?UXHFn^JtqOIql@0ZyID+pDA4&wT7G)0Bi}Zc{u=q&NGxve0iy&cbEmcoRK~5=qul}@;eV4~ZhdRakPEh|ATW+C{V7GFB^Tag*VDgUoAa4n5Ms;39zEP3}EBvFJ zFDMjgS%80&&uwwb{$judmvZVff!`L(}BR3Z3@zND}!G032t8+kf*>M;#aGC zumXTvp)!ZdQ~-mYPI25}dWOUh?gL`H?FG`urXf8HtP0Y50qHBRwvnEThUB0jtyiQq z#M~Fp7P{Gr3bKm6)IExo^SOv>y5ofL{0RE`A(e*4RRp;`+w2;ob?S(psr3ueu7 znT;Kr1Lqrm##G=}m(RB}hQV^P#r%@%yMi*%<2f)Q5e^wNB6&XZkYh7LcRavQQt6#k z@1SA*VS(5#3n{uHu%9_3eomlg{4`vQ&f)`eme+`w=h6^y?Cd$;hnJa1Y+4sU)2=U>-} zl!TTHvHl0C7HIgx^k|4v9@uU|@;oX(v8#w&`XYJQ^{8TNUAq#bKpC9KbgE01h+qJ^ z=?vR)fr);+daIw+N^1ghB@k&{YN`eh=EYNW%8;ZStW#<(gyYR=LK=G0VwP&{LZ}<4 zqPfG|fzrg+T!FguMv|=?T_%|=r&H24L{rxjyR{f zd$G27dKC1R0`yzmWY1m0IsztDG|bmuGXgWw#(Toj#`pm7k)mU6lbD-zjQA5s zm3yNu7yj$e7@=}9-ZTqps9Uz|#Ze(~q68lbh3fuFTlBmcodbW6uNBG&ii~raBfQ~6 z=g@iT<-2j!HNP=w2hXLwL35ysv64hK0=~_As}1*RIQzn`TY{@WduOMo_=iqWt^%mu zf(*q7cb5?w?4@rw0Rcg-^sA9)ahzi4LZk$30sZka>^Z{fvZBVKRcW1IcSiCT^ZZyK zG)$2eGR(?Ak?|>DMiy}?sh$#S;m8wNbaSAe#G*yB(4s62ucjHqrs*fb-wskM){&5&sKmjMq2q6HY#j~_4 zGXF#pD0i10fye?OYhoZEkWZihslJ&jqy-N|ci62hP#dg3REN=r6{90CQ({pQ*!0VY z29mub^p%d)aII{r#}6Jx(y@Iv(Aomq9aFGFJkjS1c5JvI;lQQPi0}ImgGLRTrJ%nT0Cx{BVZnrg!kW68~%P{`L&dOniUW2rYJ#$KQx9(jwZF>P{1>jdRabQ}sd9=o&zyE3Pk8?dE4 z%oi^X?>t7Nz{qU_z9CPT?>vrbCLTNrNA;aE>Ybj35st_0uM&?V+>|*K8A6*J9}=7c zB|f(UJ_X--{2*$$pIO>N%te)$3Ktnb{+Oaw;X{t#*zk^Hz$I!z*w~Z;kU4)uNn_vw z;tadGALS#hwk^6g7Rw@^cLYz7OVGm@X(QRhOqipQKdGaCfO{ zNd^C$)k0ed9ycX(;WZE0koi)OVLOER=$Z|uL)ACpZc%E|RyYWomn!fAqz<}YpAK1w=D&#w-B$`Vlly5LoI!O{CAsT8^B+M-4?mMV+- zGx4zqDlD}41KdA#I_CJ)^YWA~#~erNr*t~j6nBN+PK1v*YCcCgr(=y{Er_&WVH7pF zVT_m09@J<=6R^*;Wwq5c1jSQ#H6~BAFGn0h>29PJzrW9T4(*cx2bNU{mgT=kn6UA@ z9S-z))z!0w9~dv#q2+3@74)JVRH1xU&>!ufGSx{3m8wJUvs`YBfk6xsA)XY4j?0KY zoQ@8x4}Y4U{|=^&;s4M4e4(tQY<@n*=5U&ye<%t zbf-&s9q0daI1gfky1&&oh`BPu;1AAk*;zcbB}lJ+bqQo$iWi>R1E{N9JsOiak^$@x zvl(0v8!(At5qc54l-s{J(vSmYRI0w#;X_+I4J#0i;k{o%TxOJd>dpP6H0aTTSk`q8 zy$5?R@c`nCdt_Y!O;N348n~nYBkl{w_n=fPjX*#J>Twa6p-hlvU70#XmkojJURn8- zs)NHtJSP(29K_3}&I!x|(%)R5k)9xB$L0Zl5J)Bdc8Pyd$H$g4W}J>05gUpxtK{G6 zl4-X#QeK^~4Y2ykQ~Nj)LNJ5K&E0;wbB3bjT69(2Mxa6KE7a>H)RC|?Dsj2sj~geU zuVRyt{vq@51oc=d#kN!mPwgd0K$p7Nya*{c5DS&H==#->Y-IPS&xWAW@an1MQXR|c zo|4x^m22ol@mQnYgqA0PbK|3embM|-4hEn_3AF(cK;TQUgSRai5+D zWvC~v5d2tlUZL*S-$o%$oT2}ns;kwmMoLLM)dawAOYWbjNjg38`;@c-rx=LeQ~{fH zrbNYHvdO(c;djLMEjO3H}?c-D$OU&R~u2(3`RIk*SS5<~HH~=)(zW zyUxo2(g9S9!H$U`exaiGy-Ql>WjT9=CY&Gu!=xZwK)&D)&e;eg;9%r`NbhspRURg*L< zmyyanb?+k<^S2J;DFKeWXAy;->XI0osD}OZn9-ytnen;(#d;SY8yy?Ka&gi_)_TKJ ze+xo6&m&K8l;pu_sLzo_Xc-Z1^*}&oFS;tc7^&kEQn%dbUwtX7 zF)GsPx-naCAwB>l1YD|~D{hw|O^(M))noWT2}O;c}3~8!2_-G#u?E2db{Jqv{3%T#+lV8Q_H4;y`eKyu0E)EYY*+SrUkV_k$L` z5LwyU`kQx01vAZT>S!oWuzoOK>`b67)GEloYKKgiJey@ddC9ljGZr^zwZ6?PuJPYH zhI()n)#k_u*_r$bDl+ybnEiQ?QO=0p85!e>^ov~Qs$0dO0?7=zB{lvgy|GY&I!95d zKE>!q=6#p+KjwJ3aRh607+6ohQt^WOWi5<;BxgV%_fL*sZ3xg1;8nA9y?)iMw*cT* z?!OADq3L&-QI1BxI^`Dh)L>AYM1$4FH0}EOdxF@z983MQKX3c|}>E5be zP|r!&B3QD5h!m2*2F3Lif$3B)vnkxy$YEhV_08W2BbQ^f4UTEl($y zztEdiZeV(aYN(Rc{#*HoF^BooF7Gk9?I2hxZb5Qknu|hRP@#P!2c@~5F5}*DagL}> za9@f?6MSRvGN`!Mqa5p}LS>*Zkg(+dG~ONae^>0$OPA4GcW*Urt~K8lZ6$i>*zRbh zKvbc=m)y=+J8*~8AfoZ9j!P z#Zt9S?PqA^^pmx+O8r*0NZ87&(^^>phZ#UT+dz7Asg<%Lhh_*{saqAg*x;@RrhB{b6=`gD|6}nnd*?rTs*;Q#Fb^9cRmEXaOK4K8;Uvv?wk; zwYw35hUW5Sjh^a0?88UKYrBo$RBYz{>qeW&)>6pl^a3UUu@f6so3--;k`2zE-7GYP z%#jIBb0jsOXMzXinccv*&MKXNyY=ps&wG~MMv;P6(8ME4!ptMTvMK|K)ku1m*-WYX zrn9Ad@?b9Ua>4v?hUGU~b**#+R9B1au{%&3L~~DFD<%m$VX^^OKYzj;kjx`j(7Fc# zhWdF|DE(=Xwf(tdHxDAvE1?W(Qkk9SA1Bdh>^1%HnMFh6i+{uYhG zeVfS600>Sr0fu=N%!%S%a33D`^nR{mxxP>U8GC?_NC?&h@DB*;MAplAV^(NQ5^&c2 zSCkFViPJr7Tr|KvnjwC~0i#3Ir(sPdQ+$KeKXTEgxoFd=sWx$OjW%7Vx+L3Fz;b^z z*=~~$ZNhnljmQib$Xg5G%3gq=P$IKviK-Sj@_Fy(!gDZEV86@8f>>@q4ba+~&FVsd z#c9rUf`{bAoZym>t#UhuI+Ur3Ez)W6e0zGpQZ88s>r|aTW{N!WL1E9e4JeqRjZ>XE zFe&WLN1(NcTA@QZ)Pdr1<-1Ti04RQd=IYpzuLt~*E5)j4@C*QbE!D68Mxf9rZ*c>A zEmM~YLAjC>bt`tv2kN5c7>iLectPdNB;O2LE0N$?5zBAXXh=Re zDo;Zf8SOHwa;)lOx1citMr=NQ0p~6|oJVKj&wfuDM*;ukexnxm^35IG*6_#;LfEggn&d@yY>r!>#D|UZAg}Ah`_)7kS(rBJ17j%GU=Y)?Yf+ZB5a8d-`3vUoJ z2ucE%fp*Je0}lHMLejZpPoZIfe4~X&G^Tx!LQw%F3s9AZ{E?%W?g2|G@+^Y#?K>(QAEcF+vM|5=aLt;;qxLDPurx(_z)7$a4q{mYcnO0sT zgPXx*{uoby&xP^^>GbVLlHo&{)gIJN`AP>*)$Sjrrs{XvQnc( zqB8=6$H_3{#ol4-A(<(rV#U_RKGm-OpH|+-)5=?Jg)L{8U0%d1;6q$9>B4zyru&6BL zn1;1(Hw~I!?R{DnGrY*r@fs@0=(_6Q+EZfTZ}VmE1d|Cp;0_Vbx0r^VrrW2siOmgU zvtS9%D898xcIIFaWeAiPSWsq}cRS7P@t!9DIrTPacZCY+?LO-yFb9tHSB70>u(U7s zgugA0+~bbi=nCT=8SImfzKdcVbTtjm;o-*2Kv!dWs2g1+4D+i$+#rKli$?1(c{aF* zV+FqSSl2CjXAc2n;b(wnCmt7 zI+})VfnZtS`S}Q>Tl*bmJxD}_OTONdNYvo1e?!jj8J@~^%h9X&J?$m^+Zlf5_}zUC zev7bMRM}^T4mp1heji%t9ECGOqcZt$@{!Gli;q+JaP!fT4=*35^O3_x7d~?N=*CAL zA3ZY6rX@QG5bD`C!xL|v;i)=SHp8=Mn2&F}@dib#$2+Wpr!TBHkm?9h{ea+uo|mB( zxPPXv6A~Us)VnW7Aci)+4zd7nA-?X$G*sW8af47|Fy0BUSiPZu=2A-KJ+y<1vxoy)Pl%l() zYQ&t!Wc2=*tZWEF&SC?(RbfGlCNr3NlOd>_@7;CTeC=VC$oI3YvT!hchUeHe{BOYj zYWzos(%*Ppmt&$L>yNKO5>c?bxn`|$KtHq6*#&n_;{v8GxN<0yzSZAd7>``(UFqzY z5nkosPoxZ1HNkA;8)Tk}k=E5LjCT%n6M6^#xC?{5%PkiFXt=di1dAkp=6pzpBY8!Q zxSrWl_Yp`Q(B_)kn|7b=*uM4{RIBY5FT6C75zK-v5f+OaM!bK|nh!m-^rc|J;%lpC zX^;b^Ibm*F3(rXob9eZwEDWBb*>f%mfB6F>lXVXP9n&23?p*$6)sM|}@TDDIGWpUT zFInNYapWDhD}_FS>Zp&oc5TdTcDz>v_w$&)&9!K?=ViC2-hCbsf*TljhrWsMl6OZU z1BMYp>~=3iyL;R$?G{a#wELkne<?>&7A{7cgVg!vc@TvLZMQaSx9KF6G7@Kt6!M z?oRPsNUV-MefQEr5q|sBJ--$a5-Wgu**yVyEjgS>cr!dd|1I;cTXGoZlQKNNe7hm9 zG~Ar&Scz_O58Yey3O)iMfwfefS!N*v606a`ZAf93&2e_z-Um)$re4STMzk<09 zV=@66wRP@#zk`ld5SnAI!Fivhya^te@{WV{!zTncvZ_;f1?F2TmkMx*39awV3 zzDHb9V+@Ou40JbJ0Tf#xLR|^tJx^^H7S%rH!B5-K^bQP7p=m+>eJI9!8zop-L(zB? zwGTt>o@-kgsuF8=JGN5=k2;5bKi6Y!bgUe@oxS{XaUFx>>Zo|wS_OjzPECDevMBKt zqs`!N?J|HL{GR63zn$~-Z}&p{;$nJC7R5T`d_R6E53F=f0;iwE`C^ij56%~pIA2WS zd@+gh#U#!blQ>^Y;(RfQ^Tj027n3+&OyYboiSxxI%om^P2@F-WnJ;8=uqO;R$P9DF z5Y8F-NSQWgKpS!YExw+@lPL+-J2^KTBq!CgMh;(h6F-Rd*82v^T*5|Mb4Q74Sr#yMo7@7z=sSTZ5_ASS4Z5RcfF999CT87!6bwJLGzN@Rj4@%6I`&(ZK7fn|p8 zJm!(P1SRFwI|rjAOtF{@q-19o=Hd7G`1T?r-v{8GNZ|Vg_0CJe&8Ygg>12wp*i(0q zD{N2^rjuc$?Hg%eS`sWU-;qfr=`0EBgO$!x_55-w4Fov999|e->AWN({2?ZnOE6;1 zH8Qu1F*`=C1!KhMaM-hmrJqcnKk7NkF%z6k#)YerlEf#Bx~XaBsY{wNGM4|)^cfqA6bmoNavT9SgUbGtckxShw-zP5?nDO9wQuvX z5%tDn7XO}~PdgW0pJ7EuvV$#b>z9B8{@YpXG9jy8PO5mo=DDz6UQg# zL!8}3)6FK~*MRf_M|~$Wo08(Th2O0#$xdX%;C}*qT^AngxOidKv5XL=*(__CHE0TL z&9q0xB}@Jkp>P+dU1`Gn!jo#WSPt-k^FFZQ-`V z!tEM=!v>m1n?47QCk}L+@^SddXa=yIwSAy>(t_O{?0e)aS z0E7!R=v;NnA-dGWJG7n8$4$04Z@f2dX4)F;LJ&0eI#{p3pa(UtbQVzjmq{O=@qN~Q zqG&7JXrEX841VVz{HRq!1tu)IK+kFMBdqwLKM~*4itl>i$@4p`_#2Y(ShE-z54G>D zvPCZ8Hcz%_gPM)`;NPm|1~$)W81wKkM}O#ed%5#|8hmg92A7yPFT2;SAE{o=xVz1H zDudt94!KUQnLMFSJDxfOw;FIEbqMJ$b0uDF93i>|$fI_8ml`PtA=9-L9N%`l zF0bRjC7V-)-tY(uH*-``?PU+J9pGj8|P!^;_xD{!35V{_BscpWkijU(mLGE8c29EDequ zKa5w8%2<)}s#bcm|K#=8A6GxW+th!gbDQ>C@mBj!te^3!OR9b=J=%ZCN!$PGarN`N zP5len)^EjI?H_PL`x&nu6#pZE5-Xs6&oGVyX4(R*U$J(X`zvh~z5lXYH>d_G3XyNIF zfy|x-XxBU^HnhysvHs*XW6ino^BYFF5`$qc)!zzRbXMYGq@nXtq%lWv&Tz?`fcc7w z?Xo7=|dTM8o_>7+jy_KyN4Ku*wYO40jm0+duc&GNE|B2 z)pc+m6m_WwZ}=XY&A1=>eCcL0yFB1E{(xzyRINXo0D7?i?`AaKD~ii`fu8EOrPhQk z6EXGCe#t;Is{9_hQLbUDvXIM0w?=ain-;u+fi zz-S}{ydl5~A%(&Vw8ej)#Q6o6Mz6x+7B8@6+q&pt6~VnJKqJJ5#^8B3 zBYvqP%GA5puqE(f_w@DhlH8qGjEc0rJTS0aWp%eGAP9RM(bHp}F?1@9yB$tYAawcz z*-STCkOY_q)6{ed$B+$DiO5}lzraEk?=cBtA@?VVutRT_dH zDpyZj&0`~C$5X@t_+PG8yd**gaMhzc;0#=d&>Z!lz>J%-gqpZkfI?i|jsgHLTVbD1 zt-_{OEm~{uHN#%$mT*l@MzAtb4S!G$>9Cg3vJV|@#QMNlJ;yfo!)=kgtQ#jIe03S& zZr;e~99XKsIRRZNtk!*vO=(Zv3RD0$H&(uwSpL$dqEUrhaw#fI7bsFo05;=qNB@26 z7bL{;A+#Fw3Z)~fV&76#fU00;G~3Os)pr;G!=oFVHe|bEy!=8ETzTG+UR2H#Bu5Hw18WvaTfY}Uf?;nIdFK37q? zJx!UqOJZH-7V~Y@9cbeA_s8T<+)5v&v*LK{hDeSNddW^a0;To?4@~!Wq^mn%^}eU} z1AMC6tAD_45x-n5R3bMB)n12iZ1Q@sL=)u@>~}XY8iY6b4sBgU`-M*f`W-}e%kA>& zS6hFO(LuEsEDEVk6eF}QofPDHpYGM<2=e!-!c@lh5s%6Tp&DE;1Ew9yQJuzN zmz!XXpdCW(3rOOZVPo84ms`IKfiO*=qgVQ8JHzS+&(iLQfOS5K!*=XJ33uUeAM7yh zhc90YFBW+(z@^DrON(7#Z6$)}Uds1x1~Jvrz6e6osnA37_gKw$nt47o>wTue=BH=r zHdKfWczp*7HgeT*B}TV!_Z}$9qvM?}sl4}PdxVror3Y1Lf{|@-eTHTXU1{#Ih{)XSdEiUv z9to@3eU%u4X(kxF1NFe*;&CAzSNs-(j#%}0&X>WS7^|6ePlI-&FwUV5N}V7m3AXD5 zMY~XvOEqp55-n4&=odQq39qQqYs?Z54<}vi+W@1Jn;1Cy92^c)+b$LeACkTG)f5^& z)FpJT?2>0zsDE`Ob$Y>0bJVI_-kuVES1OD5Fb~Eb1KH$(opz7FMt0Geez=2C`%b4v zQ&^~gwjPO10s>Scg5d8#XCyt8AQYR}pb7EKg7cW`WfaM6TJT#VjPNlw{gl9b-EM2o zx~Ka58o^Dedi|Xfx+V@opJ$E_u27A`b%%j|<<@J;BM>LVKh!Nap5Rx1StX5<-Op=b z_tN923|8249kyQntInd+U=ap?pc3~fe;ua0Zs4~oHOcfq2Q&wU!8Bu}Zo{4N z9CNTGBO&H$9hwi@f}YB)n^mrQYc$F1n>OK5{t16e{ob%N1E^f!C}~=SzO4u^!en(5 zHb_gzax0Dq^exzz!(aGNE@rbsXL@R%k*_YEIw;#S=-FpJ?B2YpKqr?;Y7djN+k>~eFk9S*M;*lcgHu{jmKWied* z>LTknEGQI&QP+xE4Q^1xn!yZMjue86s$HS z-A^B|I`8>=tuf)L%|$9}T+CS`;{q+X59h-lfMD<9LCg|(U(E8PhErRoj+g4yXG`b~RcDUdn9 zSf7L>Um$sElpd^ifs~DSGIFj&-m4=;2IKi5uQ2gab)UYwoF8Ke<623rjB-AH<8%fRlkzcVGtikzdvkeB;!c+$x?-Nl2J^~|<1;`-#ShG1&0ac_bO9w#N&9>%w7= z_XGv--~NV$R8Q@G(#T4`dPS~;aK3?Igmu1WDUW6Xp*$6xmy%@jAvRKwcbYKEe-=(C zEqZ+!rQkk6TzgCRR!}Cuo;G>M#L^XrHRu4uW({cXMM)}+Fz^Yb!-n{g1e*af{>;5$J(MguQ*n(0?Vff|5Djhd(SQ#Kh4vs67S z{z64ke3yaMZgqAFvipg_X>MHqJ*ZR-?n{AyE8Fhrlaju`0deuvhGY1xJo;q9>nJ^qEU2>JGe+`se zMy4GE7O)sih6I2Ajq*Q|IrZknv8Mx1O={z`p(MPD{ zY%GD*586STrhbb~tTH8xMz_!FoT(n<#UJQF_Fs3r61NaNa^%X(9QDFO1X!?`V6Tm) z&f5!TKv=(z5;DRP^px1=j04*+kC8`|*wA&s6*8FJ0-5j+bSkUy3fCdhs4c@(OlM&p z@xdf92S&NQo;uox8V(Fo)K#TczC-Fq=Lh|A&P<#nU{A$Kzp;g$QT`w;~HwUl8`8mOoQ%b}5(WS{@<=2esld$jv z+KtJt65P7dQysWex6SfeoSG0szfKQGkce!7+9szf$qlC9$`YW$ulB{Pmm?toNxSvq zsse{k=0)I52B)SywdZR3awbR?^mF{{Sxhc!rNM}clz<~aIR$YF$|-+xN{0x#_BEyy z5%fFK+Kp~C4#xV}A((*kwX!SZj<{tS-i3JogbFoI{6~^>m-1AXQD*nG(17;>g6y{1 zLro{nCse4zm8?fHJ;zKpq-FA|JI$vPj7+8ZowjS>Am+0 z5fKvn10gx;L2XSaXU5{!7$fb910&)d18&bWHEF|hN+#&JVV6kH>1(K{&ykj0JV1b~ zP~CMU^Z=xf1{*&^G4WU0$X^(>@cE$6`E$be)Uw?i#fx;OV(}dm&BZMHJJ(b9TciOm zfb&!l7jv<5!xcdx&KnEoCd-_K1>sEaXo~sJD?jxZSvs{`vjfgDwc`=t@MY?txDNpT zSu`JHkAw$)#TX~mt_4sZ{v1^yU%bq?JBb9IRgGV4EVct6Q4|=Y~ENM@bIaJd;_RuEZ*la96F8cE!5?!VO8kYD*v6s;LA-{UIUi&-u)bd~?`5y5# zP7&`omu%tda{C+jdWq>uj#3>XpHz<@WB0dwSrQx;vWUcqqIE52IlLC|M2BX_u|^ce-9%G6+7O9?a(%8L*{ z*~1=WCAh^9hUE0eIYDSsj$Z}uf*^1qNChXT`t@YrgnA79}L z(Y~49*qux~Qxb2wSQ5uSs!(p|nvvMA&X_Iu25{x7{m&Usg8!R(Z>MHSz?4^Q_pr-^ zmD~p?I1GTkS3x^E`MpLvOmQ+tAj+i{^^{2KFb<)*S(T z8+OCc-|UDV3gi_{ZHJCH{MGv$PH)DB@ z3Z39?m(w7v^^`9h2$T~rbQe$pDHKBnK@b#)&~oKY0`r_v8jrRR9Y=#@=wqv}Su1exnr?T-*HSB3h^UIEa&f_)1%KUE@}uYstsowcYK z(#u>oHpFM>41U$HmDM?U;m{ljW5zR~h^bJ$bY3W8-jn=rEw;*hN0?8l5A5?d>G0&L z>cbX1J#2WW9RWNaNJLwBaskgqox!hu#OYNFp3fvK1<%7e?|%ai?NGtro#7^0Sa5d1 z`UI^9dc>at@h6@d9DrzyUk%fx0y)?m2R|!=I(m$ThTBkoK1ai&e4ooW0=v2v*g>MK zBslNGCF!j&(5CYlYzS+KEw@5VkhZV^lc+elSUq%5(30E<2$jSK<2>;esUnrHYcgLi zaA}Fwda~s-C*?9qL-FcUN0*tS`FJaP)+I|@p zs8E^D$27gH8HK_n=1}7$O#Fda@Qm3fo{1|W<3y*G@p5Klg@4x>lhAtVT!@PGz=K)Bsk%DY zS!z;s9mIkaaQ=B)3Qni#u)8qDki_0p?vEfH%(8mncslrM!%x$}yJ>MhK?l_rXd*qn z`@#REer}}-`%yoBBJi4{y=HZi;8M_P{S}Bqj6oVTBDo)T3aHjo_dNOmqo`qw7Z<|N z4mwg0=^7cyb<8rImPhFCY89pr7S^vQfgJ%;zL}^}CmOmZc$FACjMph)?66ri4+05d zi4&Zt3I^bHG{m3am~wTE1#x@0k7&t&fi&FD*Gb`VYj|!w4xY}i+DGdN&l55SrtSXuJSnYyyKln0^oj-7lHJ(Q5s zXt|GOe;?_cQne79P5>14CT^DH6t5*Dg+(Zfr_S@r)${X2bTq5;B9(9r_1YNu^sD@j zg}5Q@w?jplVvFsKjN*)!A1Q{vmtfZlL^{e7YasPmo<(Z1?EP{mHw@TAc-f7tL+_R2Fhn|b~FpMM^ zqUZ^0Xe-aNpetwX@+-Y>O%$J}E|^cXi&W*A z0}+q|`wx7$%pwUb_L?xR6aN65sZXJdMs@b__Uy3cJPcHd#l?u}6(yKR=$T_DxFZJIv?W&m4%?zp>;Xor#4f}b-vf-?PywV-GYoc@MFx5nEUJMG?;1NovjM5DG9NTaNC=b-O1 zO4SQ+d5rqaX?h68KQnkagfJiD5i}zHc4|Vh{3(E5FVr-bL@~v=a3fL7U)f{?mfry1 zL*FFl0o<@8yP9cuzFLDsvZH>=INtajT1gK-8miq>r9G0w8T#H}~{dG}Pm zJXeqHwsSn|$AnXKfTO}|K|q7gtm@0Lp|l+G9Y_#NV`6*&USxBIpI64umQQZ*;PYbD zdNw$K-qDfEy?jEXb{3{NU9GXxa1RHR@yX&bZZ8H7%(GqAh2fGbdDsRo;cs))^Y3E- zl|UT}_XfG1PEbX@{7VuX?Y*I^RP{POhw*ugho;oq0?^g0N0}}+jXzlQPkx)5nCn$} z8>QP|V2hohE}?8XK{A|64rX8#uP#8rerSKn>93}c>=^eeN|E`pZbbj<{v!^RgQ+pz zU-%6xr5kv_&-&D0#8AMbstS9xUHs}f@%;}ZcxrbdFwnVNeQ#e80JBU40YD$WJ^kzWq`TJjF`fT#8scs5?R35Y@j$oxM zi9I?GmY|ytG#3XwoZK+IsXu%#GtR;03_s5Hjbp=M+_w`%C2Etr(??174Ib{6bpBY(E#B`au+(3PkGq#TBx-IY+x4ZL)*CS z^Od6=YYz!jjM|3*FUIBt#K7r@Tqf5t2tw%!3ZUcZsmnzf+;HwAJkh21$e0@m5ap>0 z;aydKo+;L`yz;7luU69a2e8v`q>K>8k3+@N6KNGtGs1O^g{K!d?Ch6l-6@E`Dtm}B^{Vt6GJ zW1i75U!-DaT*eq2VPKwjQ!&)RGo}xIWjjp$ITiUvT4bPD{W2Bvj1_|;1}u;^Wfl-z zs@eqx3e+?^COB8jK`;1_7~)XB*;w;m4zAvvs-F@TJELyvUH6!W&F>ZMhmd4Cx}+H7 z22b|wwfA5!jmhz=VB{*4Rs$o+yY=frgB64B-t496ZXh=8^CSIz@v{tWY+9sgr+Q4M z5)jJNi(gCqDaj_?J)Y)=aF<=7)~&IDpANe)ZpYz~tKtvJ=*CdV2*AbB%ojNsdSPQa za)+cR4WT)q?l^uxxb+1J)II{%I3gm8)7TnS3Nbemi?eK?llAO zQQLE!a;~w6bF1Ep0s=b$J~z0{?H>qTqFj4+NU?)t{uLiu`QJ)E{&T7~xICP<>6lTv)}8q9;4Is!tZMmaZzV zalzc9P!0To5Q2C@|E5mx^KaNH4nnWkk$@j*NaOj&J9eKNG=LHk0J5LXPtJIg+uZ*M zk2&D3gP;x?$|<0$MkU$*C75N4rE4=w)zh+j&E1mG@JM`xxF^*8v>@JHycFsVmYopm zB!f`uY+PE}Q}wc{7b9goUmPrfxgQu)u#a8GWp*8*(_z-y(fHnONnl?5HP|!mw;JuK zWel-B`AZAi*y~3S`g{!jhn1?+A!G|X3O-;))x>+8phDTkt0j79|3t2aDP_#_`EU&g zGA&ablZ7pvivWpq!J@m4wimMac1sF$N)DtLj(`%qOE3}cJVE#5Q7}EsFunq*!{2Iy z2#eCre2irerc?BAnY#6Ei6~PKOcLP@`IZ)f&6TML07bvjUC;hlI;`l!v7LZH z48t|j?~Xl(g%B*5?EBea%Je>}E=s(R!Mbk7x_+u;r%pNr>5Eco=>Aacm)!Tk#;8eLDTIx3P%q?aARe#(n{e)Yt!r7q_Ek||qAn<9Vv)lyxVaU}}X z#LoK`)z=;lO|FX#INcrQGZ;!(ylUo?EDcep&Fxuw1u}+*@iOincmwIsIe=SSzPeQY za!D(>f!QKEYt5&z4oJKeIO5%)TkDZdbv)1b|Srjd}0yyx>| z;N$){T&jz{^Ba39s${C+qIht}?=db*X5kIPJyl3&v8tq15^E-@$7HEI@VN9>rqWwI zh^+|1N}uk=X?Voj8K);Rb&yKDCuCxen+k-Sg`_riY<%?mt%b@O7R^gLdI?oS#ZjTw zFXuGGsr8Nuwdo1zLZ*`G=Xq!7Zj_c=rp|}Z1`J@~6ev0X@#-@9X8W`%LC4F$c2dmC zQNR9-goEL-Xap>i%2a%ZrvH@-8{=1L^@U7pOF%2qs!PriY-4{wLm{2U8sdEnx>?XY zbGxMNsM98su>F8q5Dk`$i?Tk^-D?EwoTVz(QB&K2NS-fv+R*)UO;aa?i8bh-elJZI z(2F+YT^psWr5r!_S9`f80?F`6Fy7+dK4B^f-%oh z3fpS(7A+g{Ebz7ziQh+W&S^zq4TM|&pV{mIyp?)XXoI{%z{yY9Otg7LU(<+Ewl&+#NAoK%Q z*u_pzYq686xy%3*+1oBMc&W6z)G98z@Lw^yuAs;^O&4f9XSYh*e6eB6axI>47Hk^P zzcKhX1d;H3jC$-%y*#6t1D0oJ`c<|Fpn_-`k)q4s1a<SQ zGX?(mP{+%!B{-o2vK>p!pWMq`9Rj_77iz)DO3#zSrChK8qeEgYB z#rSaHJ~bI1XL{-whLI_UdLb~K4r`Dt(l3G>E<$LtQ?5#6zL8nB9$BzBE5Z5|R!h&r zsTqf&(GfGFrahTMo;gKEwYEz78VU4x(aaD2Y9F(hpJypm%hP z9#MJ&5E@{QjR*8B6CCMmB`|u~F%@dR#!k6<|7oc--emlcELi7zTjz_9D_37XDv4xs zQG@pn5ikMX`!b2ZSrq_$q&fa;!(mrqRe!fGrc~XeYbsYa=$F`47$NYNve?yAZR}1M zDSX@hQZj0xUKyVw!A5Q!K1S*fS#uokr8Zro^Pk`01hxVriyOM)8y06S+hZ@sguh*w zkYn2k+S+3fC+N@OW7AvoiC_471D`$&O5Q;ug9{xw{XU!;;UTXGc-;{ESa?bgnrq z&m5m`R`{fy)22>NUp>nDC=Gs`8Vv8;>#2POT}S_zqjMwE@*4VgjEv8ZRPdIBDLBQ6 zabj+6Qkgg=QQ+8YzSjh!;<3K|j`z&9O|eWI3NCc4MWR87AA*Qsk@k^k*w%1Gs@;(q zZ@gpM@tk#K#u+y{&$!lgM#$Z8r}vD7xVZ}^)>s)Hyag43XW=5q&E`gY4Rf@Z?{wnZ z5JwA!t6Sa&;oa$z*8(KR84Sltb91Ln%#OEr8IJD~iobbCT1%+GWmhn+v?h^)T#1(7!N_1li<9u7nY!6OOYZW$p-0cQ>}P3SP&u zn|5a&+}?9f&wV}j_WT}1Jk4p2cbOILgB#oAgWAhZ)S-QcY0eJgT^%aisctNDr{z5k znpD?=d1`rQpQrM++=iM$^UEdQ?f{v?GwVLjqPvUXZEXeq-^c&@8J?{zGdy$GcEjUi z_)y!5%kwHf#>YB%2A%s+4}@&O|EKu){}LbH;bQ?xSic<~0$^)De4**Bb5K&HIMZ7XFQGamvn2~-wy!14 zbR-8X>)};Yr$g5D8xbfKLSu|i;#aC>Hr!cQIg<@-y#!xh;Y+|{Heg(*Vdp`E@(TYc$S>uv5E?MJ}H7-P0 z)!0Ca;bR>iTlx5+VV|d_J^sgg@u zvF5i8HEYtutF+OX^!TUwhdsZ6FJXryymODI_WIK>Ru31?^-wBlfeTYh-nQnrU!RAm z3Zmh3g%wl+Q^5GFNJVy}`jklJX)U93Fu!DAvf#9p)%1;X32Y$ovO9YT7ITR#T#4C; z|5f;3hkta+tS@DLMg8&fQeaYFhq(6mAMeDY0v>^9O>^UMn-@5^n@hEPG8QkG0T>I| zOw*3sgH6;6duoRx5ZveDhIvd3^M|bm(b?9B5ptNjJsY7Ib|eL+n7a|xNHWqSNOtaq z9y-O`?SO)=6=#9Sj$x3@ss>Ko-mFUai)=+>TajJH*h~&a88cXd zfqqe%3|UNy_##@WryzNMP?vB4EKU(t(;uG%nEXQX1k_>`$cz{uvub7{lD?0Vd|;uB zTENjN)y}FOhDe(cKvRM*43k-v3z34}pOc(G4|kgtXa+)FAXU$*9E+rA;jC940M-#K z&|-L5?E=Inw#x#RZAQvgDf9m#eh`j%J+;G5g^0Gyw-}_{Flt9QRt#FY07G|wiD%>< z{O$t1)C_E>^({xc5myZi*1QN$q~H`)yG!smz!U)t@XAWGv}Vp?$!%wygF#)wGF~^#=Ilv?;g-I~ejy9S8 zzF0c4Ca?!-W)aGHg$?uak#M3+hrjVz37(aS7(ESY5YEcEd+t^|$gpRAG{bWzD19cd z&~`GHfwjJX!;SnLWXvIFPx0~IsHsGz=dr%&p8M{E!ZF@8#S~I+qR&9#uWO{&RC$rp zPe89P#AA9f;xJBHQ9&g}NGmF7#f;DjQf|c&Yni$RDWem!44qzPJRG_V{W z$Wu8VWw*|G317*1m6^~!osO9#T|Uz>S2Ep>^mKdhVGj-xgbZY(5SbRR2#k4M-Wq%W zMm?djgd}(@0pqQ*su-C9EQ0kOW3`L|=5;d~@zJI@R?9iJmHn+JUUu*fcJLm%gY$v7 zbP4KzbJyyT1jad&9egZE`RkaF)iIl_j%l*OAhX66z`g`fX&LW7^f9OZllAj@&D>;S zUN3E1FB5a?y_$|S33!2%B#wav!7*k45u4ITpcqlfu4Seq2{2QN1PasBRi&kSQP-NH z0v1AcuBm{fB)e@oK9W?xLTm_Mw+cxS0!y(8!5YCSTJRrVXo?nCDr*1#UkLlZf!X~0 zFSwop%uqOrH{6sTLU$bFjL&t$N$C`n2~Ku0-b21)^BhW`Re{CmByt~$ujD{7)YG`YbGM(#KI#EwKHcJ_>F9lCtq}H4VIoWDlv%&t?d5_*rvXiLh!xJ}a;Z;wMDH zss+=T^*_mkRdWhikWCdyp|C1Y#jO8xsjwU(^&T~I>m{Xf2_gah}{Yw#Ek^~RzKXaE*X`vi~Mc9`Fa*2G#*+4`IC zJv?W5@op@ppvAc-rNx0;?ytKw#j_oU%nzZ?Y5F>+Ddu(@g|qXu_~_X5&FPNA=E3kf ze7Kr+=Q@r+)r0S^vYNijZ0P?M^+FE%1jtL*1wmeKgn9@+?;#jJYf&10K1Mkws)_)1 zBh*Fsc@HWh{H%rA2tOYm+(=bXhxR@9LQ&N7`*c;2*&aGSWI6--B2hCPrz*1bL(wBA z=!c?*!4{%hwzfp~&RyRvx^wO)+0ngQKa9rae&od0M?Ipkt(&4dw|*Mka-2RWdKjxQ zJRmFJi7|*LW_&y`<40G`*_#<%JLmh%=&ECTqic_SgK(%>@Pr-+vHKX?%GiB~{Z?YD z@YMRB=;10=0?_v2Wffka|G{G`A79{6(+~ewv)b!e>m*is6I#)_Bf7J7b2QevCc3xv zo#@)u#^@@@6wxi~zr@Re{OHd0pEAT7jji8+;uiv-RjmV~d)I$}FEEg3Q|p4_=;8G( z$U7$=`M$!-0g+2=%7_| z*K~^>Mo+T2Ot+Rjx@GIvh*{fB_v-qM(Zk20h}jR+&t2C|dY2(Pk8MW)N?L1|!Xoz` zTOHjZI-BTW=xm~Usk4d3sI!Ugq|PR~MRYcMptFe{hRz05v^O8b^F89BvjNexqJ7ZW zME6o>6OB=46WvLjO>_%&Ht5mD20T{rv5t?ee0Z*(;2{NW_}8C+5-`We|FI#;2shpKJe%!7!7ZsuzB)CszopH|91 ztBVU&D_k(*H7mWA4#(EY*ou}$tcI6-kpbm2#_i}rtdH{%g7@*ocvPUtmD8r43ZxmVsv0JH5mLwydKH5*D!Tf+0}WG}^AS9R!51PpwWv*dll3j@l4`6lus~9Q?Pc2>B0q%*Q+Ff(EW#bie{Ua1xcpD3{-f-s!(G4?qM|aIcljpAMfmG|9 z(bZ6YMfcBLTM*p^PP$?1chS{b4@Q5)INcxb5Zwjor8v4_eScqcH5O0#(I3}0NB6IP zKf0@R(sGo`pk1vuHR81d>}OZ&$mw`}z$dud)q216d)?ybhSmi;qF;i+Z2(8x2F`_m z#VD=?h=rJf&pFFcGC*t%G@{-O(P-l zk!w?QHAB7xPg~89ZD3UhDMpqkvRF(EQPYv@LqzEUcY*P2XqA2z#F} z7TYkQv4C*{dD53)MXSk|h&93~%^-K%2JW_++-*PRELK7=HjulmCU+yo8Nx=cW=R|D zQdlILMMV9_Uavcq1Mq)uuZKTp2mEx$Kbz|K6{(KDrA^0k#|PwaT`f`gg^g6FGzcNJ zXm?uAKWk%kgF*#KU+6hRQh z8_u$#5i5jC+4pxZLf{- z+c|f)&FIDtY+U8exqEDsgLD!M2`~$VVrc+BK%v$&!j(eNG^&t7Fh{7`SpNy`+G}st_HXef+i$745$6&_d59vmju^4X*OEyJi zCH55(`+r~ws3`vLOut5Q=RdSxKq>#`SEa3R^Pg|l%sah<3x;IRm^CMRLD6OT*`p`@ z#5Z|D`N(T3vVVGK_VAl#&z>`@WY+APZ=XAN=B2ad+;X`k^#s7WR#cXskFLNG094oMR0KH%C7N>F@Q%Q zxj5~bjT&4&QNf522X)mKy7+QuEUQZ7%Yx<6DL&u9Ep($$_`VH#!K%10ThMxN4{y(nO!28*=V70G9RZ$QiTCwfAxSseFLrykQj@1KPM6r zQhDf5Tcku$kQrp`HJ1`_3Yjjqh&c=;%WT41&Qt&&=u^d-Z%+UaZ{^W#wNhf-_BG5* z)G(J>2DCD3sSq!6!CXs)xJTB4`%N6c3ET?ts1c0##b*`VXrS5ymmzjeFpsAW(IW7B z?~uGwC34f43X;Azw8yozRpNRiHl{+1mPOND;NWHGrh(ilKKd`p4^V?0)dfjXRf$1H zB)sSzW#2Hi&d$4W@7b%w=hA%)7v9{i@Pl8RR=8j6G$L`x@Het>FfQ$vO8$IMmPWoZ z_f9hDkmDC0wGp=y-#UGP3($AqHK*9kSNQB5?*f|rgX1cW&`3C40at04XV(mcL^(r0 zaWYF(iECBv`hc%R#reZ~ucp=DPg{ttv-15^XC#f}3;1-` z!f*m4-oeOY!gG5Jbx5zIz(LIV*;JRJov^|eY_oPEGuZD<5->a|3a1&^4MwqUC_gXV zE6$Gjs>B+ZL;nPijVNHbWtT?Dr$^2e5mEc*{bZMXKTaz@IqgWf=nx4TN*u zreH5R|44V_uWPER?t=5Q@EQgor(mgcAVx{a@fGq8e!;pNQG<2b-QAfW@IS@y3T_V5 z6J~1}=frKy6qzRd1BD3xr`{tYR$^!kUO0mMVg(0}sK<|5NB1toyi$0xDqrwAb&kk_ z+gx~gJrB-lDK4Ah{)Ug(S>jS8Q5+5fSVWjV7DZOH;cNdh{Tw<^(n94kK?6rMDBorP`{=lM z`OYCa@kc)3YF{HjWS_9;46simVd=DS63+%@AHFSmc{bQqzj4|T9AKy!7b*_|S-UtM zBRmlfUWake64*-04BpTd_{0RW#9&Ei#ZoRJH&ULD&Rw!iyh=Z>)1O#Z{l;AV#(Zxh zJp7aw=o1R{8;kTCheygiWF4{YF?56U_k;7>I3S6m&Uc|RsIMDV5Vx@(<`qvuWb_53SgUNT_lSHiq#z|gORdBK38UkURk1BQMj%<~2e{YscW8Zh)LVV*N!=vTu0 z!GNJ(3G=K0L%$M+E(Q_K^ebV0XTZ>}gn5QxNIlfwM`6p0L_^4t8~6PVvNJk*3a8L7 z#%F>|7@g$lRCbYb+IdO{&}0bwb{r9qy+h7tvT21C%Ezg$eVA$8WUc2wI0nitV_NU7 z=ijhE%)?CUrh5LBFidN}Fs&JeX$=^rHJ8J*1`N}hVVKr{VOlc`(;6^LYldN31BPkM zFidN}Fs&JeX$=^rHN!Bi0mHOr7^XE~nAQx#v<3{*nqipMfMGhnN^~ZhpbA$#4refJ z6Ia>c?}{{EC-l|68VCoD1iOiVz)0K(w2&-#XFo_$j^&DV=-p3>k*Yhtk z!U`sFOFjQe7$z}bn8YLmE11N9VG>gV?qd=IhDppYOk%(=i5Z4T3>YRc!!U^f!z5-H zCNW@`#08J|jU#JkLRCOhEi7x8X0 zK9%^0&o<+^3jj~Qi1(QBsU3m%Tr-}#1Mu{V_Syq!w5{spl{>#T3%*bZr@IKDmK4I_1aB{tB@SZ>Pc(G51H3Om|T_>kOIh zrgYXAGCiBpSzpL>52drVkm8vMYx{cCVOUU#BN@pDrtADJ6 zmcUp@UfK0yG?a-cAPC3?7I^@N{k@yiwPEe8;jEkK{yFB(4U1>S=gkxL(5qY)q3hvk_=U} zoPJT!G_y2A6)iVZ(R4H3P({n>7x1RaTyCf${zbg0VwW4Lh<{hEGE|Yx@<~1BN%j1# zI+mM#um*){>zCrMqd~%s^SIv3#_6Ckr0{(sdw1ULN7pMxJS4*K!39@ zc+42*34$e8rHIS|N>34)MU zPmvu5rKiY_jnavBD>2MiL_L!TLgP{$%&pY_Zx-NBgXCQJoDDRr@w|bUDtMnJS*iFU zMHfx$4P6AEz-pZzp@!we9U-Q4RRy}s;}eg6E7iWEb~u&7b@j9yDRbhw+6hEpp-92( z>;rTI9~G#3k3)9EkwYNuZW}u3@4b-IKaFhDmnrz@QsgY&p?{#3Z>G7_*0XVQvQax` zQ}21s2xhDIOh-^}(f03eSg;?b4PqJ4jCFA~2x=`z(>^{g*Sp$y|Ts0yvk!g_l#57Aeu-Nafz> zJ!hdAFipq~v}Yh(2`5-;EjjQi-leyxb&Tr+XFvD% zPByo9vbi$0XRVBKl=jIc_yU4YHnexLp)wZm+|Ui&(1)Wcs)bsd%4!ks?c`xlqdx`o zC%b{ynbn@WXpA4Gf6wLA9q7-vLw%sJxzsb*ia(>%!uyqmDde5qPK7lylm!a|7nEi54Eb^L8u z#kqlIWH~j=hJP%X!2)<;%YT)>kK0sjlmcL-M+SjU!rap4(|3tC4zY||*HhL|rL%53 znloLkRUyD6o|*U!ak*G*=*f#Oc}@Czc^|7J=Iok0$DJvR$O}2pA=MHtOVqU5OlYy^fACIFv98blZ4N!sH zDqu1-)xh7e`;g{Tesa z+R7xVnuNE{zDl7E`jSq6*Ln=n(4E^PX{7L(UD}a`v?n?mf}76d(LYA$ zj0DQWlVWJ>C`q9Ied1j6ae_G6=t4=H-qe{Vu+~HhCY3z&J|k8V2eqdS9xJ^k#@2j>22w_UPjbO=ueV}t>NSwcLhk!-#CqPVOsQkqF{`>_BEB1x%bDPiG-YCd zzRjUpxHWSCm%a)_mSwI`%!{oUz3(+(f=GF zDRF3_3YG@?N!XcA<0ddDtjBgT-4bhFEO04GBH?=_?Wj8zTS@a46vUO;@#h9KLovT zQ=leQkcQv$0n9l2#@|+8XONs|As$i!;lF66H~wVKdE7pb{m}%%%eutoS)L5>+R|2j6{RR zQG?R4XXV`#9fHx!%cl1c3>Q}YL~tN%a2O%u&i)T=aC&d=k09W)uHX=;RM`1#$t^Uf zQ{`;3XANVX>{$+K8*IhfYW5em1n20Rk8Zba&?C5>AN)}=EANNWWJF!-?pCm-M=k20 zPwcB`k$BA)+VS)`m#J%=-3spKGpw zco)MD+?_nas5A9u_x(px}(hxUn!NRmk;=|WIs{=>wlAoO=}7$gChT1O^e zly^Khm!n~1tKJljDVQwkd$do}^RwBAt zgF{Y#)SgC^W1M3@Pdx6GGbO;c68u{RMu6j>Lje=q+xs8MXbNf@FpE-Z9)|67iGHF% z8N}^{%-Be7!k;NLdsTj{I_yPUiM0`C0M==2Yvxz!D*5!!1^@ zpTipL%}v=%mfA{ZAM_fv05cCvC5j`#fvJtP(*8R-8lK@L7k;4_3_IIZ}-nolu7 zp_yzin5<->b;mCWLGdxYMJ?y|uxQ=Pn99qHg$tc#Vn2p%BPQ|2wc`bI?jnaFKo^%s zHW(rcfhqkliL9|&gTo!Qyfg!ml~ImyKQ=^G#si*2_VTxYgA`>MWWl@l@}$UeP>V>B zm9yu84bGvQQ*MJp$vf3_LWlG7nU=I5~W74%&N8Tz=n7hFMYDi zZq_zi;ggPtW3#@8eqZSx1}#m6;zQq7yj87TL$(UhdXKgN;#x|Id1}|V0R~3til8a4 zEj6D;Z$$=goEbWJ*?+eJRvZpi9tpdG!{F!!t86J_5$Ox`U@b4BQCG_KHCDhJr$ubV zZ8aapdahi<%P$3My3|q+H(H^WV{&;fZ;!g1R{)PYc(SLC;-$WqNkznYsgFD`HYkJH zHp4JsYf!owmKqNcXEi8ZIX)mwz2|(Hk?i&;>Vnba!o{O69S!BJ`Ud!N0O9l<+Gpux zP0>^B1#|9%5_F-&HbU*wlSlVZzm>X(dHNIesq-AQ{r^hAo<@{ooXcPy84q}3p8jtc z@POl>L&1{kz5SES!$Ga7MB4y;FPW#18b=kurf@Yl`!Cx-R%nug`htV-hBX$v?5-pS z9mCM=QfpTN^hnqSeM9%FzH||HkZ7e*e{?n=Mlc{A3;Hopzz`9(1|h8jR^H#6sw|L8 zn|cIYK7^3kgvitM%j6=A4^o8II*Slwev70PAFKJ4%xv(lhn&*0oqcGtVQ0UJqAcX^ z8Jp=cakkhh6M4Jq0i0cIxcQ&FX_Io?hu9D`n2&rr?0ka_UNd+-KKlv&Stm&qdGTf!{JWVG${tPCqmB8=U%Ld&7za zID4zLrO)l@7mx0xvr=@v3=i&H*Hjm;$&GMfl)=~%x~>TYK&&k65-^av3dd<~jh!DU z!}=^r<#%4fKKDRHMl*iKM4tR=MsCTCp za=lG~$C3rb)WEamSD+T5>N`=g)hs#X#MNr>gW}zUsSLe0V;9{4tl_Dr#QA1AudDCE z$)>^b>1M(-;D8K??d$1imYrsQG|Qp0c&dDn+32v?`GH0xaN}f_S+6Iu5L3Vj{3hqkn&!aiVLF&uU~{lxaW7(@Xrq>wm4bmYY`^P=fud)b zuM#ftzQv6w1EDp53#Fr*vV7vMzq13v(D>|7`mn3B)m4X)D3fN%q`+5*k!WfN;i)E% z_(z1h0Z%YCnTa^zNhz<%l<1R)k1SV!-BMr|S#Cqf(beI2;-5+UEUEZSH1VsMDLD{G zWTtT8G8c0po_zW84Mw@4Ea3B3t0KTp8``zSHcPNifOe{qH1&&WydNIx73kF=`d4od zt#J^SPhMRQpL)UX@qVf-Id;(8f2aQE=h+f0K$kBJ7AS?3V0+XCC%F}!qWo?j6XnA8 zDF4mRJ(d zJ$xEGD-=7#3xM@F+| z2whzO_;a+^iF+(H4jOm{ST}4tZry5qFMV!dC`9aEw+Rm2Y{B08r}QF%ZxUDQ(wmD< z&9%j@^&TlcHD~fLK+GQ>8eITPriVgQ9!kD8RFMq_Y~Kv9?%Ec|av&U`7W%4W0Zu(K zY;?h#tYHfaRo)T|kc)h&fo4UC=z$4|h})SOEpIV3qId{9jx&DoP>4ue369CFl5Zwg z#CvLQxq-tlw2;~q8C^m@Q1ZQ$JNr4HGxdsb`slIR!YLND_E{7Z8co!@6z}}#qo+n6 zL`>j@M7=Y)UY}9#odgbQ$CkHhqo-PtGbu*AOSt^jJBuFQ{^@p_Y)R*T*kSfP&v3Lcs4kw#vORn%v(JN4=F#H_?jE@fH~dX zBY#JmEjXrr0S>`r7tb0#*Bu~l`;xjds&7YS3(d-6w?)b&H>}{^ZVbBgPe4;oe13j> zKAzFZo>)Z>AEC#G&Ci{aF>HSRyitL_C5pS9i_4eAnOu5bl1rwyf4wnWNL>$s|Mdihvw$rMZQVZ2BKYS^gL%BRLwwrb^5tuZZW z0?b%V=Wj6{Yl~f$U=hDHBO70eH*-8<@dl=}(HHS~E^#kyz|znQ-lMn2ZYuTff3grbF5E;ou-YJ;_%!H z1IH3M7BLDZ!l@{r!Z;uyTw=pHgo#}*!`al=C_8D7Pw^Wnn~v@e^0AxX&03pPDwQa$ z!GuDmEy@%p zunfzEa3a-ye;9vj3P7Mhl?qIQ35H>Xlt zTTHysB;QI5T%4fcJSNrF#uM?_^U2;Nd!Fn8bg+|h2J_8ox+2NQm3Lbi_1K7dj|Z8l$t2HQbS5^aoO;>=LN1!q|AsO2Vn!gM8w=End>6|l{ENz zE-rHfZ7>!10rgN>DQfLjTvo!CkUCm~$|h@zeO7I^WzmmPRnU&m;<2Ie)o$N!<+7+7O zDc+}+?V}ZJ1!wYbp#B2xKoYdU){pY`)$B$t7Z(!C#VlyC-4e`>&l@iLTl9gMi0;;@ z?wZA2KEY(X+kOa%+xp}$Jn z5a*x382T@0K+~7e0Lz5yaC-^%2^qxRM)o{wg@e{o9KRY{%CM4NiTB04jq72bS&HAs zkHvD%yNgr++jO5#A3Ir=&G#{wzp)LKD03Piw~Uz4I)5^dR*$C{#rs@c?0`(yZ{-R3HQ)IO2{p|Q_w296LoAjX;gvdPY z>JyDGvl%F#6(JC6Z%X=0ouq@l*ocG9w*&_SF2m9YD@FM{-h8ms$u}fR9f{@exqR&k zOHCiC)-$vsOR&E<_-9z*nZO`}EXSrmsaZ(%;@BI35#|@aSP=Uo;iEMMXfUCFK5_9l zw){ZMr9|jty3HrVMA&$hoQ62s|eg2$x{vE0JEC{!}wj`roE+@hVcYh z*BK1si7$6*7~l10HjE<~R4<_zs7FBjOcFD2FMass#|=%Z{W9WvSuwnoTV#ZjA;>cB z+?fBXoi#0R?rUUi1)12KfB5R8ZG5^p{|M0Q#GHTYCB|CfdP@p6jQnzrAZ#i-r68RR z0^NYky)Q8Z@yeiqO}7+mPPf#%OJa3msSlP2rM?Bo_p=}(woqAiXnbzSPlrZ&YwJmf zEj8Ws=J3}8tj*g_SzE2!!Xh2}7-iv(`2$N&s*b>F>V%$*sx8$0etcnw?GozFtOC#9 zEqaR~54c{(L!EevFGAVr=95}WFF~NEm^OW7F%*3Qc$giSo{Z+h7rkgg&3Yaq#t@oU z3(L1W6Ef`pT*z7gv6|JHSUvM9i&dw@|3g=k`09%th`)*jLeA`}Pn#yKei5t?pa(+F z4V97Ml?4e^Ywt%ZMCl901EvciWmAa0e1D4-%8Ih7ru`uP&M%AEbrv#x1W}S?y5qEK z#tR)~g2iBh#8=XBl!1JrkQBubrRQ}!=!Pg>ypH31ZAy<`0i+@Se8{o)iqK>%0&h8pNE8^DT@`sESXFRVGw5idP2`=q9}ozi^117Tv1 zB!}bn^cnD{PU*vJJeSi>qtBw5{~>(_!}Ssf`NQ;C$!-3(^m%2iL7$K0J03(IM)DLW zfJ)9lpVfc-pVLSCiUv(5hI#Dc{V0sZo>Gk3I5(o>cHBVlJ?xOw^(+yB#fwIsh0%!a zb7R!m#81`PaS;*gX)s??81e;R1bpQKxCf~;$&_mCK72@Cqm8Wh=!+*MYCWw7VeJW4 z!3>kPFLf$KqwpJccgFuxHi2*(Fdj%*pxn)7~Ev%g|u zmAF;DEr@H}gdeSkJx6U;cv+}vbww&U9^)h%T@MQunesW%9HB9*r5EZi@QI6L5uq-| z{6Q9+BV*OIO*dTEWTeQC6ny1ar6(8uG z9jb9*%p9tZ&qm&f7`D9ei_6^VsEF2>i4iI^UJ3b~d7F#3&bvPF6q)K&VD;VAbEAu( zbHQG@{IA9~QKTaoyohpYKx;y#=0$ChC*KmBDOXMzmpT)dAh!nI{^g#t-=Xiw+fuw+ z9lg7Fvs$)W{}y+g9`8nz(BQQg)3B+^Go>=;#brwI?zz_mx|1O$(TN^HsVJ!&IQhkM zJ$SgGQEMaOAwBL;kI-Tzg3VZ3+;-ECZi~LfUkZJhZ@tH(ba)+#O&Vj2#JP-wTKfP} zsQ=a45JKr?B!KZ6MO-bPOv8~USG7V5?My%Xme6aK8|foWWp;B`@Ddpm zSNuLj-F%LAX(RrMc#wM+QGl!u*`*#)`ZVK#?!O6BI7}OeT~|)_q}T5Vf0m(bag4Cw z$m?tLM;*1bc#B&0LGcc?e2+fCp;tNe8(qMAWFTUeSRu~mw&HOE6giS;hU>ukEW3Ux zc0+(Bda`1AUeqIYy~L!Cl?FDMDHY=7rzB-iK+T(hx6K5sic^-SWtPDEW_*=+LN>vC z(3&Q&C3L?VdJfjyNSdcWJ$jE^Tn>qAR$mMoLN`GPRY{>6+Fs~T%?MeIoS8ggc3bt& z@fMFqWE*JbhpHU<`+4scx2mICNt{~w-OGtK5~rG`NV#PCawmvxkqhL&t(LwBKWs{4 zK-dmn6O5tr;&P>UE0&p4BrbL#=1sv~`Y~}5XI(+jjL^{Z`K(i$PUBPkMW!a>O!tjY zK4@SM-Jyg=y7F34cE8h@zf$I*8>Djj2Ymhse4N(z^*a>noo>YQe2|K>g|2dY8;4z$ zJ*RtU6pWQ&qa5m}cj4>9*gwJ(Pl@)SW+h}LzJS<|WL=Ole9n;XH$x}>fG~ZJzU?4P z=W%yC64aSmWgT=`QU~>Er-Rm` z39(+#W*4>7LtiqT+L3Ph6A3*8PcO;!0bZYw??X8;ZO0SPq(Z@+|40Z!b<7)5Az=e} zf{$gw0_Y=Gak*>WrPgq9v?e!z7g_1OJiN4Kh<$1GEs&r6&&%=A+%n>ewsfKw41O?_ znO?3`;FYHL|IVlItaua$WVe>PV_Q?kci!mZ9>XX=J{+7POSaDBSJ-5JQG-)(7}-%U zZE4y=y)hiLAE0_lcO8CIVy8K!-X%T{PoJNBmTI>}%DAI%XzG~$VTbgkBc4W2;*wDl z`tFIx5k{R^(xpvWd~1qwe)0)c&PXmd)N=6h_>kv`4~B9QxMLlC72io@QX(1jg;Fh% z3@VpG27Dh0FXGTR@gdJrCZ~*wWYAX%=*h>~8jEC5MKYdPP<(F2(-*}zXHY{@UG+%$ zPiet^&SN~L9vo-3Vl6==MjMs@p^hIsN*ATH@YE!3dtd$v9A3|f~ z4NX!u#TH~>>YIcyu>Fe}pClv`{t+|YB)nOkTu;M%K)9d{*(E|PFE>U+6-*SICanDp z8jJ}DEboj)D6|>;7JA?0v)Ft%4eDelWCS>|-8=@aN6?nbp&b0mcdDbzJwx?pY(;i5 z&-e51Pcj64Q8Hf_wR_~OhBkZ5hr?Kn%t)${@^)%u{$o%hW5iZW=}^@q(r9nRNXcO} zm;ML&I>0(lhohj)GKC&KzOJdA+L`?*>6mtE=g=Cdc6Jl69IsP)e95CMBHWQP%s#)~ z=zz00Q3){%;Q`;FBKt|~YeaxypDN)&82I6%tKO`SAkm4bRpL+$M~8;k9_))X(iHC7 z@mua^9yL?+3)BJDN0a)Hzf0VS@y#Fj%(OtD(N6t_n}b>}gqopaXi}FH=sqPEHCj2Em zoEMKI6Qh*<1*I^|_%)JYcu_7w6fq56+F`?t8mBsf1r?%fF0+ALyrY9G72>sfCUJ!9J2RAwekHTf_Ea5tzzc~P(#_S=(Ucv9H}|7uFDi&5*t?ciTez~e3> z!DAUF0t&2T_P(DIK0ON|V+crO=@ z764)Z-2c%K*UQb{Z~%fOTx@N{du1a6H~x<_DBpu`;K;2)EaZai*ze^48m-nXLmDA) zV+sP_$uNq)9tRuu2TClK*6QAYY#>3;UH?~g$GJ?@U1ruzZ|fGz4=^(IQEKl%p5R*m zD`42d!>tn=>{~44!{C6`OuzA7wP+xdqMibvO;x?(_=x#gKZs&!rw*^*%(iLLd&{L8R)Y^y8V(>=1*X#v+ zq6By9Y!mVM#(es;X>IXfXMtrp7&%TnAIrJY2z6o-efl6U3DG&+9# zmkbMSP1=l!!mAck9lOKZ7^P#&)jtpXihB8u>RI6CEl)7_R|KA;xHNGquR7pl$s`nl zK8w;?di76bmODAiuZ=9x7%)zfg7stGZmvvS)qu1SbkF-uivs+{(KV{^$EXWq!=M!J zK;K}&vkAR#ta;)*DlM|0w*|%|5XE72dqRM(Yh3b&#Qvebs@h8O;S-;}O!ztQ+N$^q z2T8u4flLtfij@nGEUUh&dN%rIpsc#etoS`%0I;toeHZ-|0TXR2#6!|cAIH<#iG_i`qBE<+ zH-*ex`Y}*ugdPbjMORLY_gW`$sp8zE7yj^PNlJLuoXSDPDERg@OsLq80(3aR`+#rdZ-kKyyDa#{Npp;1c02yzAb-*p&>s|;U&ri{VuTqq8fHXFZfi@?A zfO`+U=_RXPW`C7pV^?sPq5hEym4$*RBG#YNzDh}x?&y$CkqyeZT4TDl|D-ta4CLfX z?aNmEWJMJSLpWiLQhNi9g$996UJ7{9$$X~=YKa#VQl{b2f0355-9>s@t*u2q9MzYF zKT3sv1`n?KhlJ0>it0E{{svNW1pP~gS+Fj9H&o^=FA=GgrF0bGYOS$Laod|H%`$gL z1$d}R4CiD7u8?puB1+~!xN9kppZL0T&h68iOEVStEB40qHnSJ#u(?sxL0QzdFUn5c z%le6W=PNp$FdVX0gqd_9#_9r?J^8xbg9TogKxFBwwf(_7+P`dzCIL2Ij~VkNec#|7 zgZ;RZ(55xZeT&K1lYp3EV`4STD->D+MMP$luF_hLUWF^uHtk>PlDG6ia=kWO-$(A0 zdIOlQQg|C1t|xzx>WUE*LzCx1kM(QsChsBd_PFP_wujIoYs=zVb3D8sq46C0#Fo`! zgtJ=oa00-kuJtp(r;e5SnT?jgsGbxQ(6FHe3dYzXpP(19sRhta zh&79^EuKvGA&m$W!h$fVD358M$=#(+N4<7l|1jT>|+J`^lj z6Ui{_8RXgqJ3~JX>f7`vDjbXo(H+jgGd;HY0rg9)Tzh?aS~%vazcF2pA<l-ju^WcP%6B521yC3K~N?gnz0T~pI(JsIc# zjfOEe9NuOAHTnmGX=;G1Ad}7dP25xGL02#V>dWJ}L03PY|5njoy(KJMGMa)817a3K zOo)e^wBBp4?@@odRi>Avfui-})9d|8{k#lWYFQV!eu!Pl0HFF7KuCJy=%=f`fBj;s z9;?40Es?9ftc!lU-k+(x<$|SgeUo>4^dcI_6JD(if4e@=*bQ2_LIt6*IM0T6ksazQ zABDemti!<59$tUv=+2z)t^4#XIXkSe^a1KCd-Z+cLu!NjdJ<1-Oy389omd>Tey#7z zdB^&-`pOag`|zP24TXPWh_ChUkM2ybvLWrD{(a6q>p}IE?fTB}q3#V%nqXTHy%S~Z zOP^r3Ms=z!s=l&Ge<%D!MmX9nD~h{rCGhJ>{fPS~SD@S7I=Jea^r>|;%J07-J%~Un z1tue~l>+1HETQ2ZZ{z9?_`5UD)PP{-542!%=6}$HahYdmL!(1$o2J&?My+^9`{D}f zf^_$b`?%LIH3bd`^Mmz$K1l8%}}+NDN`C!9XF~SApbN zV*S~k(qRK(8VQYp>m8f44XrG(ZTdd_oA8(2!iO^S?~d-sY0?kpY|h#PNPGI(S^vu0 zslKukfDZj|_|xv;uhX;Mr~7p|2le-IBIyfHT6g80f(w;Td*C^dtZn*+qucdwD4{Lq zFp`d8v-MMTo5OSebgp&!;hr5?|}IR7C$!tv=97Z*OHZ=hfML;4=|6=H&ml@~Qo z0Mdh!qYe~F#C(s4rWb|3pe+SkR#YEL=Xsg7G=XLs{ zj{B$%ry&)D#&5&9ISO2}jd}%VyjDGkVSpM63a}p!^_m^tL)vj0$e`XsmUM%?PjPr& zw+6cd_Y7C0BZks(5p*lcMk$KEbJ-XBtOo8qQX+-xnjRBKjhoZWHchij3$knYC7qYq`Q;$|$ z$?Bnnvx_&^e2FYd@j8N7PphS5_Ivn~9wAPQy zwNfArfiw!FBap6b1YR|}pf+>0e=Sk(g?K##R>RSB&Hyq{8!wq3Aa;o@L%{zJj zI{I8Efh%N?6EXzUVo?IshfXg#$m?|sZIi>w<`={Lwe z2yp6Jqwa!1;|2lwM8voPSVyO{Q}LSjUtNYGR;#Z}w*5<=JoY#RP9ShZ3!jAhnfV7W z*GiE)DSepVvb@j^RRL5$KJ*mHOm>Jo;}=?jH`BpKGN-+VVi(eSk-AnHhW5J$DS7qE zkLs0SxbLienTh@_{#vd5B_PqhJ)v}6@!$ppS!1xma>*p|i4t%U3ePpfH=V_Iv=aLx z_Vcbo1s;s=h;yTkT##{CK^W!N+kcc&MQ|{R-`jcdpWrxqXT?8Hjnj)rOORDzwp{+o z_R~Cd9NIoMRHUx$0qYZd=ud+0zeF1Y(sbOE4@@P1gj;m;gd-|5@JpSZF<0GJbCUBa+% zr7NsbPbQwxhPg}D9HuU8#H+P5A;*n^Be8+0`~mJ94$&wYG`XJzzr*YCYtXC7ip#ns z!8}mx19Ujy&#mWs8|EoQ`FrMoT?pggjl>P*RzR3?H0o(QiCiU*2XsFIkHQ zWBsJUUj>80iMpBp8+sATHY~9<6kd9CpSMw;by9upJm;LD=6q9Gp;+f0!*qE&+Xo@# zzBK2hmJLv_A@@Ty>7iLCb>$)5ec#fsb?&FJqIv~(zl0}?!m?6PP571WJ`7*4^r?5N z3?Es+k_C#O=JGbZ{A7n`Ay*4RdP>96tMMao4V|UF_NjADSN!ceH&bgor%7wHr!1Q$ zyT7y0oSzlu7B0yD`R&0x3x&N4@_!b%X^#9TT9AL+Z42@&lSUW*Pu>gate(!|sQ;jM z=p2B}AL?2anxj;P?y^;AU(F1;V8@efOB4AiFzW5Fdu{l#ho(3}0Vlp3_;QA(0MLyu z7rxw~DcPZb2VdFv@`R@3h64Hc%EecHXi7mSP>8Prd=-YK6omrA@l}Mc;d)!>T6?J4 z;oTi_dc1VHJkr$~)?35jZq}%`jd1j~ST|y#+}zc=)7u)}*u%OHu{N);?g)pwTAOqc zZc?o$ye){edv{wSSTfky)w;_o!V$amC}JJnHtYN0rmogzy)E3FVSN{sVQ4{ZR1xai z=4}gyZC1J?u zdQclxg!gE=DSFwc?-(ddRX z=>#JSYyv{oUHZYi-8p-5TDTkqL}+-UPqLhd&3Y6>*qwJgr!D6omy-*EH2k$ovK%4| zd|)2WYt1>FvzyCt0o#UqdnU^vCO}WL=55Yt$vMvD3}>7(lI3j70?s@1&3Pi{U`{KS zV`rStPL|V@37jLk$lH^%8?#B8{S`3InaOe@DsX;Z-;>vtb38|&9L2*Z_f8hmoC%b} zdRyLMJTAM3i}5hZ)?_hZtP*q}v-31Eqn|sF*>)P4!DAiBTyz?l!E+tRoPQdb3Fr1? z&OVLI-P@B{G6V4j(>ZT*c%vPh37aVEptZ?+STX|f#o159KDa#(64;F;A~y>X;cYRP z2|SU>>3hPF?%-A|;bk4SHhT{mj0Aq@&FPTJE-WREENB4lZkeBW!OH1}!{JOwCnl{~ zo2?tY$7O!zT~3FjO06(F3tGY3D)Tena{56ju{iUTwZ|IqZkG9(XE`0xOZY+8WIrMV-#GU^ zZYqfuD?sRtHV6j67{Zf;fjS5`+pX_H23sM^1d}frF$n|NVp2kHv_St5Os*83Bn;F+ zcq0S|LMR~1ET_zhNf2nTa8r+VC}&IANy0G75cw383#7a!VHjoT)D)B*ouZ7fBL(Hc zPEm%MN}vo$k}4`$S0^~TJHC_Z=_TpvJ^o)6f5-z{fW{d9A$;3R;br0HC>p(ibs>mxZ6x!MP+|#QnP={D$zd@N@c}aI?)2{^JmS zL;11rb2>N{>J#~MA$>bd<;TL$>4#0_Sp?~8GL;{5ET>E9LVg9(x64$1gkL77C&*_% zBl)C>k$pz`k#d5xL3wpfziv!F*BR+&gLW$Q3_m0Nz>>hfP|`1Szh@~dWH}B|3ovsn zkqW-6j=46rg~r0%gaJ4X7AI^#pR@p3ljQ9|MNX)>_JlqVdeWDdu+fT6BQ&Rj(2z0Y zcb`URP6wgMZUdinq%$Xj&KORS-E$h9IXz*@*-oP~rziOIbUJgo)LNjE<1{*RI`|Z# zg!&6lqcf+2Po>F6qeOc?<#g~VhI-^5{sZL8J|p>v51`%8NIs}k=JPYruLslbbUtPL zr1nStf==m2n!igsHR_UT)U)lHsdAKImDFC1=1Y~7gkd#`(KKbWvP+eegy}@}yQLaU z!m#QGJrima)*#D#5`+gU46LVX{v-^ejIlpO^E*358JwAda&D(6gFRD5tD+x78LZGL z&akCYaL(?O%&_-Ta4zT+XBgEfI6FGU8LBk}XTvB+(uc_m+bTh3GA=r!GgNE}&bHHV zCL2|T<2JUF1ayo2OOstUKb()RJ>9A4dFh#>;dmEM0VWak7@hA1u-bUqg z*r;R#V%B<^jmqhuUw0P&f-};O)DvdjXQZDL|J*aukA^8|-;O3eR}b>hC`v}cnaC$? z)Iv!W@1%(OttQL>zku=qNknI_92IqE>>!qdo%m6r}PQz`phlI4)q*MZD#Df>x$ zcs30s3O!>k0LTeJDw$#abs%$*)K|%JXoV<+%o})(2ul_OK?_A#uK-6Cv|CJp)yE4( zyqJ=*P?W)9l-q8h2`oVo+#ME*&`rSC)o!5( zRvIsY**Yu~$*FB&yS9N{xNSup7Qv`(Scgkp1H)8{n`ZCOG&yDUv}>BV29{4vgIHPL zH?6_uZV>)a3a*ZoddA}KD4TU7g5&Ual-(Le(1*XH9M)z8OYk?%N_Qtq@mD^hr1#aU z75yrkCan4#yMC8r@%g%u@*Y5FNm>6uYb?>fMl^jz2lMTTnb%!^quc_g{VdvNp?$k; z0HC#J<8-n9Z8+M`TJG#Q!G%34S7^diT*A7rK~c3vw|44^`K1j`uXem-?r=YRnXj&= zLuPjC{Hc7w6}6r!nKKg%BD(nWEx5P+)Ir*Zx6`?mMr)IH;0j!+m=wFIVU}Cp^Lhzt z&f7xH-p9&vs;!k(Vz$ge8)DWE@;>4x6UShedki+Y$2joM5*b4|EvRem{rVQ{NA=X_ zPt_uBe?^rzwSqB{*L@QHhN`XD+LFE@d&=TdmZq^DPUN8F_aIJh-RMS}n@d&q(uR>% zt*v;@`PSX9T|uaB##;bBvE0NJwY?SP=HWD(J^i&Jf{`zw|5U<+%AL5epqEe9CrqLD z-NpS9K2koF8cD|5@DVqR-j|0es;5jy5xwFl|x zgQ%;;ox#51j@!SDqk%Z@xdi9_pSp=3cE{Hp0HIUU=U0gvenIY36|JoVR|j$y0v_`f)K1)C9;S$nU8V{ge57i%;&N`sjeYiUQ7;1@L_w zzjy!#JyDTyc{aH@ApPeV$ExKmQ|XEdk6Jx}s`Q=uyOYE#xalC#l()$%#WOMnM-3SD z8K@fdPSzv1aQFwb1E`B{?*u-0=ekNuM#ix z-~@bycn$#An>TQx!=FeIZ~cQ`3a=8~IGJ4i;@bNIaD|4fyy1!?6gWR3`J3*pVNaAU z3_-M=>`K8CFA(F;=c;_-3t6X6eDx=88t@sVr^i(B{9|}s8JxFV6=~c+> zFmwOj%>6z?ImP4eSR~%2U^Ci1igw#CKPm5jqBCi3P=2qmJOMyaQZLERyXL zBd2i_i8y!m3G7W2^&sUM80kXSpCK*smMB~?!hfsGfg{qmf<%`@W!-e)KS1X;QTH2j z__Vj-Ruujt_;{?oABXXk1}FirQNC{?obrgYA1h!Hyx`|;ti$6^LHJYr}(J^o^GM)HWYoEghUcRZh zRXhO)ez^MN6Tg0zMMFN5sUaOV=%?U`wczylVDX4i6tPMT-cO$oCk1nn>1Q&N4#k1v z;58Fsqi_#^NMEf4hyZAN;~m`g*iF@=Bw-#veBf!B_>_@2Og|PoD^kvPHmk&K>{JjQ zcJ=Xv7!CRZ?cC5UZ;&3 z_80dyBZxaU=%piz$6y=P4W0mVYW1GWbF|k+pD#e>asY~%*t%-53>g$*i0I-Qa zPv^^a@a<-t1fl&wIb1r(`JneaZX4@^XRS43NwdZ0yTmy%9#KPpAsjcv?{LItJ48ZTcc8bhoO2T`gvA>JKk6<8$b?m4Lif=;LjN6xebQJ5n!NR;G2k( z=OUa-4CkcVjcP4DPC!kkgs~u}!LGjswZTp9cI;X~?AkOh$*w~OFzpO>rK5fcc6|XK z#ICc%VZ4;coELp2g?yv8D8vL8k;zg{c83W8s2z^{Lix%ANv9gp9_ zG#C?TL|*O=uq+8VSho8t$+FjX#*!ELEMpyA zWbsLQjSP^N5zuSjZA=mxA)b7fP*GCZ8RJ2MzsN3fh(q0o04e+hYANyAF7bJPrVLrC zN~i>mPvFmNF!8gJVvNZ1SPVa1Qj+hJVw8~Yt>df&3&~~T3wM&EY9@)b(A|6;{!dRy z-r4&m@TYg2PRH}m&|W)0uDt|D%}$%F8OK&kN5f*%X*BL zmgwvFi}6#f4FZ7bp+l`;fBXebH~jja!~%K*cq;6jf-qgMhGL!Qv_gG9Vgp@3ZQO5z_Xre)nBM=&^kPd?KwZTf^pJ3pD zC>NmyeB6vrrTFnAO5@x5>Z-3OdmP^W0hfx|&OwYBN?t`SV$d5dtqqr8hMI`|g<>&J zs_r6+UCg`al?+Juxp%Ohj9mlnFl-Nu;rLEo)R`xIOuqFr!csEXC+Iees5!Du z?!a+K9q|xYQLX!&0KiETo9;rmmw`W4SzyC3=82$ffM-T#spTQ-oT^y1GRS`z-muUNpjizWr_mV z;8)PhGppFtFdozuzsvS`U zA{_WVB4yQ2Qq_;is&AE5$LcUD6PM|*12Geu%`-7bi9XyTB8f-gSB*p$8~qxvK}-T| zD78wADM;|+06@sHh8txqO)YC-qOAJwfq~v6ict&^`v84L&=t^L7x~3mwJg~*Avs6v zybZGqcs^2V-vt4o3Y@c8OVU$~WN#=U9d~=B=|HWk+q-y@c$_kkH7?z0iIQnFt5Iv0 zQAHccO;)Z?Ts=E6;!$6QZnQC>M0zi#UL~ArRfq#92{I`z2WOH_qDjzsM~sZYLK3t9 zag%t*$+=Lpjj#XyNoF)9Uk==uwt1mlCNi6oac2{Mi%?-o^dzRN(t*Vd;MiHR2YsT8 zM8+q&KOxl}rl&Pm$L@%fvxcq`8L}*Scbq3IPoR-zAFr6f?8PzxKV_tP#jk#ei4lrX zYk!VUo>2`$l_$-bekEJt6Tf*}R=E*X=5{tCiuR}SMpJo!QESh^C-w-lL-WZY>IjI; z?`5GQhy&HS&A<%qW^e~qt$UBcW0lZEn~uX=k&&z)aTPvf0q;0s4iF9_8mmrl2{9Hi zr!T=!Zjab}3A3Il@T-Wg$->0xHh@k`1&#Bg^6;{}_--0Gq3JVB7OoKY$a0W44T6^~7aL^b>rU_jQ2^ul~Rc9?5xVCUFj1K@;KXdC)|0*IMcy zJDXQc0UBqdvQz?e0~g9gpDvY4BRoXVNWmOOW4?n6gz=QPfF}JZj);MNgT!4v1S~nEQF(;?l_Aq!kG1Pea;6^pb8acu@hU>D>zU z-Fs(oW!@vkOydYr#c#S|m>?_f7Y|c;aBj(Wjez7hXg8h*UxIn?uVh|1ugDhn2aI{} zbut&tgHJ%>T(NHYiIfTL8k7$FynCU9?PQPZpJMh?A^yScMQLT@)=<8uQv74FLEemM zv1d~tIP-7vI6%50S)A|u}%{*Eh!JV!Xddda!8@ECm2? zhpBu?lsJM0(b`?4?SUN}gGkF}UBPeqI$k|W3Zt}TVqibMs>Fv+nHg674jFJ)A=?rh zsx5>EHE%;%THTRXiD>GCmWh>t&pF3)oP&(iRpc{fU6)7tI@YWB6U(U#48U)dSdlDr zB7qDckjwFhCR3Fl*IeSyu$!uO60YVzcfw5f4JxMUK zB00?+_z9=YFw@opc?%voGXb&#H!;8%6F{x~vzg`z{G8MBl4%c^X}N(Qr*%)J-D#%f z2bOT!x929>b3M|iixywNT|~6%jVSoBrPz9owdsn7dk%A#d0(2nP@4@ntvMYIfw|D( zPns#Kx*)|MAo>-rBnDn$kUNw0eumbXWuBKT^KC@?0}n8C?1@Bye?xR?fwL8(#EX(8 z(p@sM#H|O6tii?pz!O~BZ_Uyc-wFnF>(M-89lVRGQcQ!&r0 z)qB5!;nt2xxx;Gu=*Rf_UL_uu5qUrXf`vk|qY=(hbjc6ao-yB(r$d>KBTcsIH=m6Ah!& zuwYx-gf-!%C;{`1zkFfRwe~A2(}u||-f#HSC{tbaK4L>-NRWrb3;be-xxT(+c$5@q z;LkuJmJ#@had|-IW3OS4HAR0<0OxRt3zH?*QY=lX{o-abcJUn9XumkmL@0P;AeVtk z54QZo%0 zesP?8mR06Zg3~#-GnqRFv9da{O|nqkD<@E0x4I%#KA(id zX^a)P2uq#Cll@HCc-1c0f9)WG3qmy4j|ay$j7_Keh0sDZ7=1Kt%hG+sW_Q_|hX#AA)a_aBH2^!thaFP>FwxUgQ1-8aTcvB2Hr7<^N zv_U|5<@1}>(n102!E3Uy>glId&+oHj4qmw$D~{ZV0hv}k|1NXTs^>mfCnd4L0r==N z>|Zwg=no7(=e0?5mz{>``%>08X|Mu9-b3gqhq=fDJEl_DrQ!yqYZ;%40B8V}hZu3h?1B zs(_{l8@Q|Pt&x2mAq2!?`Gv;}=g67J*3`TuIm~0mOl0wL#@ZQ3V+KQhhv+XMNEU8} z)F93VHcd=I80L63mtxx2Jk5x*;BQ<+x6S_=~LT( z2k4vXHUEjOE|OQ2$@Z3+E}3+(mlaG(eVi^XETMQTt*$oVZQ_^1S?*I{iC@<}-l2Z_ zHtXj0uk6#Vej{Dhf2!cL`YB!f?utbH2E0w2)oJ|!qEEZ}`nIpnNSF1kI=w!kXS@7+ zdbh*ZNSFD?pOzn4l>otrvj(y7b)XNY6At3Ax3hFV&-1Y0V5d2mb}S<}NIRAm?2YZK zGI1ZR4p&r_uinXTKL@~m{sgw!&3Qy))8&kan z&sYuXQo(CdkVSadqgC|lrZTDJbn~=yyBL<5{`T7}12#dsWUw8~{WN;Sr%+o0-v?8* zB`~P{+7gE)=+l-sEqK0a35@GfYzQv_jz5dfFA!Dd8fN0+0a)p4)|%7e^BrR3xoqtF zM3HPnar5FK)fWWvAIEkr83Zvqp5fpxc186#qM(=-R?6A%UK)tum+iXin=r!K#EyR7 z!C9twn|_+18SElV!6xw<{cIF}p&w`~`0qa)$D$aX3W(s}yED|EhEV{#jNZP5)*SG= zQ{RZ#%`?=Q;Th^Tn`Wrhi~+CfYd|Dt;hQAU@wI{&*?30vc^(bupt`eRIIT z^}WdkuCX6g50+^o&9uMBG~P*sDvUOO#5|gUH;Sm>m(7A}`c{wVQ1CpnV1B(NKHn`0 z=Mfrkf?^H!s~#=MwiFaIt1Io0BU_}U=D1SkSeBCGEHekFqM+e6%i?Qs3BFINL0V#= zi}f=xWQ+7=TfS8vBIR!I@sw7ipWM=NH}0W`ZzBc zX18J5t{;^s6kv`4W-f})E)dzWw#s-x70&x4;b|!Y7siXBooluOxDb3_CC=ixC0SGh zxu{?dbQH7K^FS$Y>r(aYgL29A*EB*9ZShhGhA=#`%v|Ie`AQgy7r+!MUy_@i7f-mwmVrw64>++e6 zzSzYi4&{oQsJ2QF4$B2!tVtkr9*PADioX(B+&-VslU4RX8ppd3KQdA0_iF8ajOc)O zkvlKw3jI`#t{i*N(|XZJSgf8>!w zbA3!jiH8fgy0FqVG>Im^`oJvUL83$0FCdJF3;M}3A;baIi%g9ArD7DCjsEIIbt0=x zEK62OvpB@jN*vwZ1qsZm-*_QGp@#uP4U5mFGffWh3s17@zmgPi)pwg!Kj|}wVH64$ zcgJUEurqDAY$@|eBgx{ljQ!vUd)tOAIlY+oy?Y?m|u+l zjnPkpwOZRs6d^(PgJ5WZiw?7_{8NHr-yDZYG#~AnalT2a>;Nq>bDIKxpwQ#^gJB>z z!Jt-Ud}tgG*Rjs{_<%{K5%Kw`et=mFx1)AAN)PN#6!&aOaTl1yMf(7ViQ^Zo;5TqD z_rT|gup9g5X1r6pod`QbqYPJy-#<-wDAAwb@l;7@G&=SIol^rLuwU&ErJxc(cz>I| z3*|Sw`-L;rD_ih4d@LQWbOGLhd0>2+BJH`vx4pwRylc~Wt3Dz(ztOEG4jT0g%+G?Nlv`TLx4Rr+7_Q%3KsNN z((#m68Go1FR4Go$UZCe<=m1NF7{LszM2qlMy*MzEl*Pzs8yXZE>!M>>A5n0Dn@+dw zpx~5j%G`n=xkvGfnUWR!Vz9(iS3G`kkr4(j!2h(_1jE1MMp54r5=6rV-V=X_+DG&9 zTg4p|T|xV^W?Yq@G_*8TpSqG5id4i%^URS0jeGku0(Oui^KBB9x;PP6t=ox7d+a={ z1l0psxtl4Q7aQRh&q!E;4Db>XB?ay!NCJldes{GLz&KV&asoVcmOsJW24>A3w!j(0NtoKRSsuu!lapiPP$#c;NW9iW}chNGmXzMuOY+!wDIK=nZX*L)Eh4C2wKKwcuz zRU=UeYWLH|B9@x(K|3WuyH$uU&SLap&I++d2CKv}KD(lL`8?!5cwAAE@7@^r2P};? zMU=5AL4s($&ol+}6mMQhG*kjpp2Ww?@AE9opzTAUs@=IKjy8bVH= zurroUYiE$7dv|5De#{vjOkWXs_&+_7U zNLo$xBzo9*tM=B+*z{#5;$ZqE-Kxh2w!R3qUl6+pYxZ`4Ejp_L%&mx}e6C9wrg-ii zRy~=a0?z;k`C2C4FX9&A_=Pu){)ZT&t=NBhi~~d|#;Qq(M1H$FbV# zYkjrVzFMoT_1S7uZLQ4^N%*4>K>mp$_>VJ;NB|`vk<9P2_qlgw!0NMaz4cvot)DJ3 z=bpd&?6c24`|PvNKA1$()9-elej zU;B@?;kL<~`zk_FlV?ltqfosSZ>ozmR?IRoU&cFF1ArF1NR8NMI2QU9wei0>)<&_l z9Ls{=BZ!SmCuN^GRPV?Lo-I}&kv6-UiAt^DbSKjBSg@1Qub1ggnSMRj>Y`dpxmFjI zn#!?x6ninp=27e=99uxKHjah9No^d7SodDz2*ADgf6^g_(fp}y52E0&64ymJLU0S;x;rWc9}aEeWJlewtY=EdBzi?YF-1>Q)5 z?|^(tY7$Fr;w>;~<}YgFkB}Ft;{+hdL(BB8Ilaj34E31;qa#!MWi8*44FMk|arOig z&hslZ;)z_Y2ld*+m5)|L6c2Jt($>>GUVMaFKf`x9sxF|a@mom0sJ;}aE{K%ywF5Hb z@@Lf5i1u$&Z9Hlxv6(`)JQOGQyY`Iw?-B<`k1WaTKb6`4MpaU;*U2(w^k9_H18cGe zk4QWu3Two(qx9Yf{u{FjFZ$Yp9pa@yBoLwjm-yxbH1~PmbO-7b&(`%Nczt%_eJm%J z<;f3B5*K!eA#YOwCc@*gf3TA>1yq8H4yfvYbZdM_9iW1V5dK;dgD7R#^qWJn`nZMBX4DFe4ww=9l z1lSDPwZMp_0H`lqc1~!mDNZN+g`tx)pqvskvorJ1S{UM)Foxs+xfJXaBQ*%xQGJ-k za3eHKO*dh6j$MP6#GP05B`!#)8HvgB@ot>jG>IaAQ`?sSrd)OKrKUsp#Qw zAIyp9^udYIgFzb(<^9;!(#*ROX7}Wk(-}4aw`MI<^I+|tZ`NfayEqz25);ndr~$YI z6jvJ=T%t3Tfo#yw5t8Md)Ghog6^lx#C8iO2^aR71wesdL_(f|!AT{IAhq8*7%*N&h zCo&3BU{61gL@}h=#BHfYeu+vDr(g>MU`nvX9-3;Qfm)EtlHhN}1%suCdK+T3Hb22N z3HJw}qXJ=49aWeDWb|!$lP7@IQ6+A|Ji-b}q9z^Qi39ki5o9r!>R4*`iq{;;DhNDO z;{v<8@NuezSsm@c7)W3Osd-2>r&6~emGLkMcmS_7aPa4Wk{y;3q_C(0&5EtOkaMLZ z{!!#D>A2?IYi62GuYTp+)FAs|kQGg*d| za&eh1$U_K2m2U&0&cX8NqL@sRy@;R zAuGC&n{dmD;w2Ci)1ZSXNb4j#w4EbXZ=$mks%;d@k`Bm{gK867i3nTqdS4gzZD?Pj zN59JC|E_Fedi>|ceiRlO=A?X@zJJ7y)QO4)u*3=SwTSa1PIOoOT0L%~L9#P)FpB9V zj^qwD`QDz|Xu`;{nNpV;onC@PBA6K;p#JC(pabxzWXR`Qd(OfLicFW?E!)D~O)Q-w zo`n4`dPzJnK7gs2*7p5I&@O6>phH|`1fAkaBj^&vMlet08^Ho`o)Ih-KjDKig~g4; z(n8S&76rCPTk+jtqG+@}Tf8oVa_2>4mssi*&Et8*eG&9cCxW1i!qGsvOQCl#Gk}JQ z623b0SZf-_C>`UAxy9Q?_}hG)dyN5FjZ(x#^>jGcAHxKYZt_F#FA|%E`hE>8HUTBn z`K0H+Fab5tLhb{Iqy8)`q#c>H;s)$bkjc|gpUpdbKXw8yv6=+d4QP}1E7*>(ojxud zf{LO!u|O4830#J>+H=N0o6{kRl$YPuee~+Q$x(+pm!AJJJ4RR5}vv8&x`}$^o)UHrF7b2#RYl zMbGg)r(dZO@5@z;=E!M{a(h?;fknJO=;HSF1Qr7X^fwP(za@NK!CHYdg4Ns85hY!h6)`ZECI3t@sv?T0abC;X^`>$8fP`+$Xd4^!NNf1 z(&eBcM3Yk1gCHQxBZHDl5QZ(17~5wedZh(uG@_vT!-5|!Ez}ejvfckIXvuwe-UA|z zO&MkS01-H%hDthA@)YWP72lzfXA$D3tRNl8_-7E0BkxZ#c?faLEn-H{EcVGD)e=^o z(z3#qXSJ&pl1jpsr?soiF!mLGNnThlQ1*t@hgo>#2YBz@*xCYkxgO`KO|=kI!2a!8 zJ*+=sfEY9jmT@T-LHrnd0%rzKQGF-Dhc)qBtak%Be|!LPW3S-zVgpepj>{(8d`=|| zMx?&Yct@?=MJ}+j!;7ricnCN)FjsuoG&jeV+OoWP)PQ`)hd zL$K!ualj_I7*;fg11qS#Ds&jPg9^pjI*b)~XyTVxakTPZWI)dJyc2vYz69Fq0H)d| zl)5z4JBF9+ws!S1IdG{z^U+av@Wc4zWcpuZI*AwELHL2zUWanE5wJi-mabn5@#{}`#W*&9wzu)x-S!$xdwsnmUX_T3iw*H=B8-MhjWXY_B;0p@BMt6!0+#fY_MRi;(=yo(NzeOUGeFD* zh*-EG0TM>A&6+Bk(k2>GmA~9*^w+Y{VS1yjByt(_F6rYmdSm*~%3NI0KjTN?($nZs z&!6`t`A?%SJ-_lL`BUQXB$+>LuSP+h&$N|zzL$k)|Jgq4b7VnUbrDa6(-%z4XPW<*^o=q*Zh?sv zM$jx47(t8p!5Q^seL;PG7dPm)iRcB!JECAW!%xIGqFxhnT}*+Mig3 zm&3H*Vr~YglI<%-`-!DyF*^m-H9Az2^j_Y6A-5?R9E@qG?_dZ|${Bs-_;faslz&4X zSuky!w2J+VSt}8SA5JiF3`XPMi{!0Xa50dG9zw=6aGXz z8y96^WGQL^27!e$19>`>;zy{Gt)d!E(o-ob&v_BcO$I(-w6}7oyA>fPEaV?;4RvLc zqY!{;y#l?fAM8KN=OXMZh!0+6_m7kxclvL`GBMIE@zlziUOI2Fh%r-A?p@L*r7ll7 zS$aI4-?z#E0^oXY$LoHIc&(7DVw=La6C#Zb*Q#s8-(+p3x7jMBMnucFc73~$M$`06 zoE4}A+{HlOBxv7kKr0p$g)BwkMntOG=vUwp8Ai{U2A+POygK|cyW94M}y!}rKw?A;H=A&$ZBtYnMHh%H0g-n~6y8FxjcE3j%Pln`Db}ND*Mb-1-neBK0a`quK{5Em+kTUBfI$WFDc z6EP$At94Oz7<~_;599$kR1PnsJYAee8L4OK0!fSvtu4g~QSeXk`B=_*yq5d^6I}r% zPPtT{{P7EMB6pZ?Aldw-UJ<*P&}a7hB&uq}&&Cq2taK-+nzyh1I$2klQP+t}^txaW z_M&^+i74rFErIjXJ7EK0+y^TIh);CEiXDd4(+0c-CY)%q2hP``gry!l+fzOy1Ai^5 zTDM+3+oIC*J?n!9UrFHo?Ob~4n<3$3JE?3&p8|T zppF1yR3)poq0@vaRY#SIf-0WkaCz3MjWsw4px2HFRe+jNWwCt$suY`!sZFSY=b|hfee`AJv|4W22TzyEFh;Y8D zuBVC1cA<-EMG5MaIzpOAKKfTH2G$#qWqwR?81vVPaS(7{;`Ut~I#}YWEz;rIb$kVxu{R}?q1TN@EgZZt%h96W% zLNM#E8a}ds48xDYWg32-ah2c)rYi%*ky^e}yH_oL8}~+Pc2B!H)(3g{5yebnAJ%P@TA|-ek z3RTeqKZ<()Mr4HT05LYxF`QopOYo#tSBy0Kd_Ojx%_4@uC3M(2^9kWLJ^@vz+qfxv zicC209$SC++bn-*UEQ6L?DY&63g1J*GFCuS;mr?yaWdc$X`86Q`PX zM~X)y{cPu+=Ii?5fvclmI|lvZy3F8d0D5UDWX^^#t&9(BzX_=Xa8FX^~4)Qas|zo{41D8S-c z6Z}2R_v~C^)p{eglF-`uIEr60hzn3@a4K?;2bo7MB0J?{ZB5(Ik~46Jd`4^=-~f{< zA87&?8VP<>ZJRH7iEX9iLiiq5Zd-X=U06Oc7k?{9y7BiR+kL1T*3F&xXta@IEPO;^ zAs|x_kg>F&v}Xn%1^3zp?&UNE#-W5VjA|NY#a}e2SA$mcIuM5n@C_EG?II>d*P69n zVq*o`TIy2IakZXmsjuYnu*lenP-v~$(;0kUFBbR?JsoK34IRu1;3Zavsc?=mAL{^} zxOatmv-B~?l(mIRT#GNklWdu$!b)X61u_x1odQ`1ETDjbz`{_gqMgM3kL@(Xb>K|_ zeytN{b#^$m@V{9&S(%4*9 z7+O~vYRwG(9wU307H~O%sB3{sP*%ANe=0AdBV#i{wmhSzJlLTyrP%VQqCApKLYe5A5Q%%hvP{;ixt0Fp|y&q z+GP#C5qZ@08UW(8s?-l%-3xGgNp{Ig?7Q?hVY+AuHwO(rW7<6oW%~BQ}rL z36i44!`-EI=kEgVQrx?8I^5l+O|X6H!qX|o+<3IX{U$NCPQ0$k@46t{q-bJH_b${@ zjmIO^`?g}Yr0pIDc7_Igz(8a=N#suXGaHi%ZxoNGsN#q+2tRYejof*8IzBg|d;^g; z!oFxiDfR`C@)5)EUCGy4v4Z8rN1zIeX&ZII^Copbjod(OZo<-ml>F^@{f#z6=2bf} zSuEPov5=(c8Bt&{cPrs>W5dP_tQy^0)s`sgh9QjWM$=KCac(}ns!TRSuLCgaWfH_z@{t+W}g%Wsg z7{C_-zydWyf^+C#4>#3o>W9(TdQkDAZRCcKUa_{A-XSig&Qot}MZhr_0kRz1KTo~s z{dwxGtq8{v##Z@O#P5Yo*xm#92ivdsZu}m????FEhkqZ>Q*S}uTab5W!C(l#+77&W z`8ep321{UIv_iYj*~|9&$Y+zqVyW%DV96-^cWJ zUQ;WuW>Fg-2i>5W%1A*L-b|GbQKArxmo$M%K7Vo-K!#Zwb;Acx7UCkzt%s4a@(N1n zMl2b`Z9!}Tv2$G|0G+x3leqXPq>#PYc6520?D9=O!Hp;Iy@6`y+^BKyYsd{=un>s9 z^+YlS?e6^qDaR25i14@I3KT^Zdr{?HSjfd;+O}{wksH3zBJffvpx)MT+xoXA@9Qj78&zr z!Q7dKE>b)Y<7P&c@1kS2A{{wK=V(N3!bK$l+~_C)l-^nHBz1%U--McgZ|=O_aULg( z`(Btb5_!te!MD*#8VDK$knzGHddFgjgURA8GK9s2;T=;2Wxptfd}s&$8*}69UklxJ*YVNx^Ezo&Je`kJCB83 zumuOnHzwS#VQrgYEUeT`2#^pt=F_%h$vM0&@sU8lRgpkaBOEr~d;4fdAw~0AVU}@P z4^|_k8_ZtoX?T?~@Gd4zStRva%CGaDJlDAY`70Stp6I<;z-h^Ece-&v(*B;d>4h+v z7r$Whab>cpl+X5I#Cj2O<$eJS|(L~7$~e+um?W2R7P}AquH`P zZCz*`u1g5~jh@Q#&t>pxM7Jt;IbhMSwV91gO*M$Fn5^%5vzGZZR%Yg5#c(BD5Bt!g znQWg3`xDr(#c%h|lHI)7@52sj(78OY3}>toSSQ^H992WEm?!g-0v_*K#83~ zZ~V(;`qKD5qk%t^)4fLHYau(wCg(JCh7A2H`1XS}j6Ai+0~I}x-| zu7e-z-Bs`Z6USP``}_5RM1rG{Pi&JhM1q5SFj>urg^^d>wg^<1Qj9!=xLVNy(hQNY z`YPE6@DK~OU5J>kN3>JBcgZTr)&*49gTK*4mTv^==59hCIfMxj=Zn*T&N4}OE>Fj* zS-xB&mw$eIl}|~2-R!>wMECG$CMDK!ux~3r$HyCfrv&&rjd=Ug60xI(9tlqxg$DyIy}vs2vQ<`kVvFNhrx~{CEWvt zOm5f;LOt2R>kxn<`oNpqayTQjUk&wG0>k0i03GT5f!;B-@mjEsIo}Pe7y~8eNfUKBSP5HVw2M=Tyt9p> zXHgWeaXza^>6RJ%%C4~cDh*`#7xQp^Xy@V5;=o_*AD95Xie!$Zoa0rQBfc+Pn+9ee z^>a?_G{Jg6j&I#g1HV^O5}>H{&n!&jUeiAIT`;nqm(ab=+RTb?E)$iblkPT>bYA&k+<` zf0MTcg1ET~Y&FKbo+$Y;B*A{!S|vVZjsuRl+~*@!%q>f5rp9Y!<6uK^yN_-+O30Qn zWFDDVD_SLK*NX1>lE!Z{a-z3Cu}B7mBPV&w9C#`XPbqyWGcYzXrMxz=*qT@jDj&xt zeV}qQ7Wh4oSQ;)XCG8Vl(;nQ|y4wYRz}jrIyoHWvH4W# zop2-I2;B)c0wY3qx-tUR(4Bc10f3CVzfISmlcF1hjp1L#*qv#I3QTdSjd!CNzcR}! zcJpdS<{`knIdKOD2OhA&3iZA?C7Z#FagfW|QF5A~Gcb8;B5hu*3!8505l#2fI?*91 zPV0#6LV}MJi_mbEB>^vsJ&$-M;@F=l$223!_dEf`^lxMOrv{&Ti^(f?FS5${4u8G3 z(mek=8mFGo69kiL#g&o{YsG*CTtd$AlVAxT9JnTe)uprthqMuD!;-Tbf1`a_K02Oa zoK}gx0dkIaz}Cr$IZkfk3OsGAZt^{7WWtJb7F|q7ZKcKwEKU;Rd2ys^`$vF)+sxJ)@l9}FribOj zd_Onp;%OUSjp3U_Q)g{sE2d7?atz`eaSFEgNGL($;j(JX9kdY~UOQ8~u?{1K0Y_~b zB?RUGSuj~GVTz@*bz&B1b&lA;_WN)|9V1Z)lLX4Vv`K;*nLknXaK&txE#+d;!O7Pg z@grF>{!Id9jr?GL$Z%j<1pugVdO&58=9^9VzbCVh-W=YWQL)-M5524v-;ju;c|;Ka zoObj|EntRHUhqXip3@;r2pthmIVlTV5Rt2oMIdbGqia%g_If#Ivoe;C<|9nt+)*RW zol6Mj2|EcHs-V~G#Wutd$HjFF|>kb z4PuYQXr}B!6AwonSYPMm9>WsSyzw&s2g~L?QuBKk|@v zQzKQ(6eMtk4+#}|h2R{YoJ_X5Nl!$PZ>FmIGh$H!r5uT6E~K56s*dg?Qalk;jmYQS z0u$WoR8_}Q4fyp~*iIvR?{R9Guer>W2~Kjl0oV99TJ((){C0B-wCGR^BjZV6&qD$p z;{iWf5WWtpI_$ga%nf(i_dBz|9p1@CDz2v03Y%P%@CHv}nT~548KxKL)K3`eL~gWD zffhcUO)XfY!{omrzDE3M2StJNsf{nojOF4Lx$^L_cKErn^~g#3$X32V%V9 zVJSUFW>i$c;uoV_eJa_72Nasl7^WJrz{pmqXS*bo?N(&NoHXN5b3TG@P;)tU^hC*I zW4mNK+t_ODbdje{g)0LMd9=H^0F+C!#YN`kS8{(iC`Q`EQwwTTK~iqm3ZGL~oYvBueDN zy2+l_C=)Q%MMBtYo%2y$KS-}@J=$kngFZ{HV zksuyI8&ur_eCUJ(X`-I%BtmkKft#1Ey}ijy*#<<`h|Sx$O*z0tD2gtYWBw;W8BQf@ z#FI0VU<{F9Fb@G=`v^A)bvTZL*#bCLs#J<4sUmM8L7!QFg!WSiw2I~lTv}mZBL^xV zVcbgwc!N6iiAGq#A^<{qIj=^vRVP6p=Y+h#z?iTGGpe9Y+?)dAN~HQx9i}qgqj;Z7 zRVBVrN0&bKv2?}5YelviaS5k`=>*_(8Xf(+H`&S&*&Q#8F_EC88emVifR@H5lFCnA zL8DfE+N(_$6D?qp-MW?PRFYHw4>+i;5mhoa_IJ=e)*C&~40FSB=B)ucZ2sLfqCh6N zPcYY@eJI`4Y2VCMYV8;v@sj-Tw8MRx+9GJ_gEBq`zFT5r@TW$IPR|#+P3+Pm zK%B892F0#TMT!;~hChnj1lajZl8CD@N(D6{&WaUU<(dl75%-BIG3h1=4eYH7r6eu1 zw?T7OrZ@jQN@bjri$v697cK8{38Hl%vJ$d2e#qC;dYHQ`U)knZ`9ry+73lj5;w`_Q;G+Jzc9t`A7RYNlU-LKOZ}~s|T=virFv~?K#k{ zZC=MT*zrWBW#)HBt~)i8HAK*Q+4=N4qFe@15DdA!d~za#o?5(MBq!(yJ?+NNJhm^z z?!xs74S(q5;FU`O2_0EEJST&rR!_=+o3*J74?htUzZx}1RwN>ICLC{0SUt%UEQ~Bn zgc6x6%K@Iai~Lv1{`vij(7)TVr2sB3+F{dsHXONe z|8I%!Yupf2QD}t!CK+`{e3O5+49<(g8gSs!ZTYam?DxC_d*It;!tL?jnmS<_QAd;3 zAubxhz1RBVkCMGu65jweGF9Sxl`Ocxe>>pWs~Gs6M-ymX$H0tC*#G6jj_DLe_qFda zdBM0kA8%abL#aCiv`fa%ZwJo7d|7>EM(|_53I6PijCXy6v7=X{9PI;1CaU$~?(pz4 zhs2m41Yg5Pt3jo#JBFdz&k%-8wvwd!mtBwJgA62Zr_UE$PvFzjeb?kr|DgIwK33!r z?rOygC-_<@X25t2=6VH%IL0Dnq^U2|Z^HIsQg9;dc6YODSRY;XV;o3hFpG~&EG1IP z{C5B;?OBYJSU03$K6XypZ)-TEkJKe{H^N+@dt1aZQf*Prc6OS!H&07w>$^K){j)Za zyOvW;TO-QZumc+H+}?ace`sAlyvXBRFf;g907pH6^;cj-x(Pw|)_WDRb3N*UtfRJ= zK-p@`w@jgkX-|F6)6Lp^?K-S|5)>c}tb9-{40Lz62yLVy-R~R}q1iDbGdS61ppq0C9 zjSwvV6{1E$ywnNm+2&#HxDLTiwz`rCeRVX)?zyt2K)$F)iqgEcuVLYj0>b~#k(1i z8C}}i=phBuy$Mzoca^&q;cvC;M*N-Y^5QSFK5FA{r3^!Mn@XfOi!5WMnUuwq>MrIJ z&WGn;`h`{v0ss*MPWmi-v-6WFvq|q0L89 zx<$jeG)#!o59ZmT;W)l=Sf8{KkXBu`O999KXwblrQzLJ1bJPczmVBXc1J3lx9w23r zfp7GAFF-iWxB&(Y1d=qu&_Ra51RG(HVZ)h57|OWNIwu&Z+O!O^fCP#S8^{S2AZHa0qk)6}A=9oPk@R4*#!=8uU(msZm2dOaLrsj^`F>=+wri z$npRreIjZO=7qKlh9^1@JEg^5r)ZJ+|8A%;{~mWq~14N7y{jsW!rPJ7I90Xcjot z18U1kD|qtkL~b{%Ec%*fXOad-fu-(^-47`ZJY>EK`ivC$I1sIH?|;@yQaZS#nJzTI{9_91 z`Cx9I+ta;02M^;myt*3Y(quQ1;Hu#EWA>jQtrd$0j~GjCC8){Vk&yvKbw??5%3#&Q z+@udSohNz!&lsSAG-TA7XRT$MRH%E%v11`BN8foH|qpiP69K-#Xqh%7!+h6xv(wzm^tQ2Gb|5c?IP@vaxy8@l&G zTLL8u^d>krxb!)a7H#DHX9-%N-B6leMAt!((p_hJ-c|7BRtEgwdHII zTHG7{MoFRG{s25Y;zuptK5M2|>}#a@@W6L5dSC~tY~hTsU3xqeN3Ul3i;uv5jj53?zbf z@!4?x4E20ZZ6g0A+EKZ4SYm%=v6Tt#Ac0Uc15K;f`zGpRP2PGnM5`D-6U(*3)`zNQyCCYPP4+W_ zgV`$TOaUFzlz7F;bMy|?4?|}Z-1*SxEyEc3Tg8Kki|`YkmItbULlv_)Pqym!a~oc9 zUYv(Wqa14EuhC#4=uF^ZeUMH{CgI4S050TpB|1&ZD)IBDc_{r^5?#SOZ;Xy|H5kcq zJLgk7Emv~ylI^q{O0^RpXOe{kexX;4%HfR%^>Dn6%Xr1fd}>k&Uz69Yxc%8iJ1Ag{ zeIHHvZ<81*W3TQ&{)^p={1_c}eJ=6mGLdhZ>E&X-LdMhH7a>CzvWLwB`zQNYNBA0Z zc$F<&X4hcbHG@d+QaGc>kvFMKyyEV&8CK{e02O&-&ZCX({__ZMXKWE^o@Nlz^JZ#0 z#M9qA9T`u@aEs>c2Y-v<5Q#Aip?|waq$%zg_s|LjqV8+z^Js&FC^_PC29ASqj@csiu z!skHx<);i%{H^5vkob!iqfCC|$TZ0TE@LMaL;MB)7}2%xH8y(tppj&)S3vVnLjZM? zX;7KMFD43qqvZ5Hy>SqIBAY-AtDH^DU#>IzvlDmNy;ZZspPuAi@#1*@5!8*vaatZM zQzzjm6}u=J#ua)+?}beMp52n6;c^Nk7t3T^`Ct;nIFTc(@75(S0mb%gCWrWStRE-u z>9uIEOg0GDC;d%{6-DuSFNpCqD>oCq&aAx)z-p>yv2%T|IC~TmFBAzQu-&2}%dbHz zPHhsehVfD;A4_~>sv&35-1wN&(H*z>b{VOXPKY04dXD;p2Z7k4^jni+`MSP`7(Mhz zu<8omU<+Su!?`bf9R}}!zWq0ZG&qF{Po?>EK9SS)SDcRe>-hyyi$*yDHzk%h5=-oI zaR|gjGQa-Y93t`B0jRyDvYzOLu=j z-;zPVnB!W48B_!_qB#as^-!tutXNhE*~SaaYaVfrN#d^{n9!@P_;3{Sq7)*XC^%LY z#KC&C%R!s*_VDGo-QAs9TkfWuK5caFW=NSiQtS1(F4i7PbrF*(Y3-Xfesn4<6s<9X$5V&r#ZEOv7sbiKvCFZQSUj0 z*o3P|U>h6G(w`Y_I*dqPIsIWyMB;XA9TmrP-H-`?Fltj9RZNdOsZCJaqGFmO4pja} zG+4WD0tct=z{A*u^b;Sit#ZUKF{n9sx$l`ICLTb#0q5b5 z8BTs;U3cD)2r8nbg~wQ1rNm>Qgc7uzm^uuuTRUKI692Qd$`;=a62;IB1v0cZff-N7 zU4!C|rftjZo?Z1eUq`Yr+R4T~g#4q`IOD&V_W+CAbf+D*T`+(}K3)`|jrJ|Xf?q3c z&!Dx%Oq1ezs^vEvTbGK3L(L4|I*u(%#gy5zNYxHpC@SENu~ddN;x=oLn`(KioKL$pHIa;N3qj5_7|zxn<;iC$KE4j8ShwU zZY3cJdhrE!)8-JJ57cNK#9qy(KLPy8ZA5%_dQRZ33BDGpkLFRGm~epSP~0i)oS9?& zgvOZ$8}yicSf@u?6-ju(yNFz{zdwn9VTA6xIaZ`%D=9X@vD;FyJTyP%*q3GOD+*eo zQJYEye#%L|N)@2_?0b}B!>QOCDfU+!8%)J=<@1crVe6}RqV%H_vBruZDEa=(MK4bk zrJ3)0nPXk4SeopZzu>{cmu1B?S|o*$#T|+Z>3FdZ z_Ej35XV7Wp84xyva({+TL2mL+`113-yz_$(Kl+hO7Pmal(!4XDA{8x2;6M;Kf5)>B_FZ3}gl9kGL+^a;ztwda8MQpsE zMYgK&YwSK@ESAJKVfhyJVdIRwxioGKUvH!RBg}`*+QFH#fVyXw5_Vv^6j%VCF+Zmd zxU2>S#j69Dt>$;sh(~06X#YSM828{&uxS1k+9!B=>Ycs`z>Q?p^n#*~#v9~);UT7s zxLunHPl_(>YPxG_)~y}l@HzjPb+w!h!=_?w*GzG)1S6ElhB0p)i{I5wss?$EoPxv{-WfqCuRGRAi{X z-ne*m{EzY&HTf6(RoH)f6prb}-@*^20oU;E3swU27QY|*j63+bII(2>XQT!yWlu8D z__VQXbW$vty&vo?-9Nm!MXec{Q-c}A|yC_TNsG7h7SS$W2 z+tqe6y`YvH+0w-l3f#|0wsao1WT(BkU3_0}tRtR-(-xdMx6!i;pA~bp{7s!iR@%AR zWJxN>g^9+&7!CSdBtC(sJeq`oYoP9Z0IA_d*M0bbxnH^PiW-Hhh5h{{P^Hq!t*s56 zOa$_9>-*$qcjdx6aS+{=Z-LaK$FCmLdkj6-I80$29yxI&L<(C4=a3{F>OP8Kc_1$Q zgIqsh<(vq;H?U6Z_!-l>+A>1hv;7eKU=H(7mn}4*WNaM<9j-3-g4W?)0P4&9jUZqp zvLe&dyGrq28y~Ih%HM*6UM!Z*Q2(i*g7e(7JpJ`U@oohH>c2hKfI0w?6JRhj7;#ho z>XqXYFRM+o&H_>gok-%>Vp^-&T+mcf(OIH-4ZGnAPU1kQejP+PxbY>|{d(9J5yX{tuDl-aw`;S=~TdO>V)Rp zihq_Yncvf~k?(=LFZ4Y?IlAD%Cl6jIE_3SM2@0hb z3Vg#o0s9w<$GcyN-%v>kyGpp*P_$-!AW4(A=fr=@#`X$K82P-!uB znve&sKkyd^+~z`M5NQ!#4}J{$k0F0F=k0lsuIX$SPJVe7rnnn)eHYGC)X1%-#%;j? zo~RaEd1Q63DL4-GI72=Cfil|Z;u@`e9H zg*1@8Cl(l$AJckFVy3rN^zlH+$$|6;F7~m%pHQkC`6=Q$p<=8N&wWCxC<+8d<6SnM zoIVD;;XMXC_7PTdcD@^X7opVVmhF4+G%N-UV}V-_7#ExFCk@Lvc51jg!(1*^M)!~A zz*d+pL6u>!qtQzPefh#^-Ys=q`CyT+w0vCJs)w_IAL`ys^U=Kl;SZ05l0%fCotF;W zV3zlrd1Q$RC#fYz(h&ym4t-QhYQ-l-Ok9YZ1Cm#1nLUt<`j%EgE*o&SISYrY7zeYd z$4?B`1_JtavbuAao1#v89mWZlrN{i4-~>Yr+yEUIY-ujQzg*vXKqC=SW*}tR0UaT* z?l^(_80_Fr@pT(HVVUz^I|&h14fk0{2)v<QND z6K%792joVSi{TRkvKD!Va}&0!!GVzvmMhwh{8MmoWe(#4ddYd7Q-Is7buSq@4nu1? z_k<4YkIdY!rMvr40ym>RTcqUTP{(E3r|dlm7L71Xu`1)i zRZr}cEO(;rGY;Rw%JE?>A5T8x#urkaF3zJ&lw28~!<31k_EK`8^gML4C%``yQy?GC zAvT(TQq(^YWhW93g`b&DREE7ZxunDAFoZpus7Gq!e*ux?&#efBw9Rmaa-hewo?tc| z0v5nWm5JoBY`kQn<3sIc&(WapYziuIziGX;rF)m@9c^Fe!>qsv9O|kq)k880y(XL< zgH6KrCU_XaB(=1-1P)F%YP-;P)7DTl%Y6cQ-KPqx3*iQ)+TD);+`v@369{C1ce?Ql z2N;Uh3(w7OfU@XlU?>=F)L^*NXbrZsm**v3{yT;u10BFnTlwY}pxX+}?6V#mh@ zYhMVLf{YTMe>p&Z@@)h3@%||?VHqbxk_km{UCbrQI3ZvpxD$0^BDbnQAY+JY#m;TX zK1&t0MA!~vJju3o63DX{y)MLX%d;db&KO@BUb-b_pC9?VCcUO*BP-8mtEL9&u}6kw(|#dn1f; zB9->~QChcuuJ0)(7Jm?!x$iB;OgtBeuc^|yasQd~6W)h_81Sl=++t($!UQAkgkVL* zS!m)Ku97w2IAFNe?LOgO#Oa`_KQj5Tn@8>%`?sdk+yZ`$9@pCRzECef@Yv)$tC4<% zDIY`p1FyLKKRE&)H(`pD0-zGY25l$sYsOCo^&hyf;@5#+@~r2=)NyG0QLoKAQ#{he za|e5g31RF#RZSWThh8nf9>!lFu@Quj=$65Nk93j1&7!@MYFcI1qQLj@HEAq6q9oa9@X4S zkO@320Ag$K%eNwBhnM+?($L|%-jp3q#KM##j98hY%*b(ro&&c#W8{VqmC=e6>ib@> zD0J$q;H9g-sRZ*^*PE=tvE+{Q=ST!3(=#OyBqkX^NYLf=zA91P%meKeSIc8xjQFKq zaqS5yg~#%vOBVY&4R}~P8XqlRg=Av(#Vx*#MzTL>fcxwoecrP#hENYMMkjiHI;O>Q z!@oJC^9!}{0Axh@0IaMpM$<_ z_47l5G4;<3(pjEw_=qHNKG%l*^WzA^{&^qHbFj643Lj+uyoElcT^H=1CzAd1czWp) z9jg_8*}y9v1}I-zKGUE|%V(_8^Ies}ab)})U+%w3qGBPqlUD}I;1WU+J9aWwVm>s( z2G2%+|Ih55p8-f;X75}KDQW;V5o*h|XV^O{-CMzf&E#3|HZbDZ?pEFyzy^BdcS%VP zr-pEF2e(*se~-8|cC6<`mM7ppPK&`v`J}d)OqFx@g>Tv=)rX9+E6Sl}! z_nSEz-G|5l-d67Gq@2yU?GWNi!V;3ml25fRx6qE}$J{X(TN4Pq?xThkb_`j~xm|39 z?F_wpJ60`QsBegR-xdW#gB4{Qw)McAH*DBn+ok<=v9!Og;1!u|L_tnx*k7N3J3+G= zX{4%T7xIrv`|B>)Uwg^pB@oEH*4i328TQvbz>PWon6$s{CHrfKy5=8H<^ni+VbBh< z?n+o*lUz*BMF)E}s%suYIt}E44*W}5U7x@pYp;hs=rSx$VRb#Ni(F7D5Vv)!>*ZJx z-~}0f=elNt3d#{8T4?+!N~1w|1so3?R2vQ|;dzYc1*>8;nACg^D*xx6Y8x) zIVWK5sbG3xN;Y$ z8HU!r&ly@{;zUZuW7Zh_nH)M^W|&uB{C{R%eevMXIwlMwu838D<{K5xjLI%;W={Oghe&N;4vP48woG)q8fvVkU4e5JhG=Q z1kd*-a*uEUFWFNUsx4Oi+p61BZ-zbfA}S6sANJG=eoJzoaDiR5lkKWWfQHml{~fZc zCW+rQ?q!A(YdCIc8Tg7gM&=xs_SG)!sM-=3K3F@Yy_4Gw{U{x3;qr_X-2S+>8AdBd z(5YsJ6~@c(Yv~NO`F@Waylg_9_yWT4f45EwS%eXp0-G;hQrB$ZB^81QX?@AUdOvHq z$ilkIu&}0upEtRN2$PgwpfJk+G<3>zm&1Ra?*ot=q?fy}Qje3>%JanQP&-+e*+Qo> zgW2r^{qYOh2i`_f%PD2$$jG!)ULVP)uwvNHB8cfosN+=oz`sUjm}raF_YTLlmrpdk z_Rpjf+()UR+j`_u)*d8tE!(|jZR6^9`&ak+gOgXEye)V`s9#ap1@oF>t&_1(}+Lq_sSbkTBR86k0_O<2{L3#8k={ zCt@}tMyB1tA&Mj0BXQNkWbn=IB`(D`oR*P=u2*ETsSn4GKzw+WLp=82v4odABv@hZ zHIkrUC`l_BUgZ?4WinKvbwWuc??!TM9qk${;tw0B6jvIR(SXv9``mMr@lSI+Xw3`* zQm;7YVoKqzl0me%Ef+o%_EOKuiM6zvfc-fR2*m?G;7VZI1WEW-amPc{F&Dx&@Ky>Y zET~az%-1UnOc&R3mONy+oU*`(owNKlnPn^tAYrZSM7i-s?FHQY!)@^a^isTgZ>_k< zMODJR*>?dP0(GKB22vj9YDK1z$s^NPbdA3)HvWXbBulbC0fcHcZYM_~6=Wt@PXD}O z`WP}nKv&eJ3$aedo5e$13MPkY<8qoVM#*XlQOQdB=M|Pz$$sp+Vpk(C_SzNrVfjbW zZ?UjB0Y$q+tV)Q*8U2l*WBSblmi1?3Dc&bCZ$G^_-)p(T^PG6AR)JnW5Lv4JF@>b)*Imwe?w5Zd8I_=oG*wngK zC~m<*EiU0apXv@Q!DOp|Q6GtJ5cD`Z!sNflj+u}uqPWCi1}9L8s;f~YDL=gUEzqmQ zaSPR5Kzg)10tUY>`V}s$*v2@M4KO-irlVuU81x9*$>P%(x6TzLJ`2K7hGIVx-46$? z*P5aStT|D&WqM|GzZtuMwS+KyDl$3SNJe%_UWX()gSE=!9Q4a(WFg1aPMM7=B-C3t zTm2Ap-5xz?&FMh=V8rKPKR}mAr)S|qF?B{7%`@&^f0NqsTG$e?zBn3}mUb6eeqnuK zG!Fcu@u3axeFpKnC~SS1lD<0>e8&-e&y3qh!d_%)vbIum{XkTxqC!_r8*W}h2H2hb z(u#?{R9ij?7yMb)+Es)Q)e2|MLmNKiTA!s_siFd|h-SC?Ob_*vOyd>xnPX;*yb>;U znYywgmIvFY!eYI`o}%KvbA=tzBSRYwa)o~}Dl9fCEZ5B1*8DvU(Iv+hz{mNzu+k*q zIa#F0;#*S1@1f$LxpK{~L}T_MB|`m!TorxSoP`~Vh67V<@Jw49qN7Khe~;R7DqQk+ zSzWBC(RqQ8$MuY{?66GmxdNJQ*|X=oi@#)t+E1#S>TvxOp)+?_~F~j)8RW> zq)2>iPT}ir?p_iwxFFw&3e4&gJMHQ-Tg@N|B@74iM;oHW*>8w8=(!T_47Vm*ORLOZF!hl9(zrNn;Nv9uCRQ$Q>{!G;Y1?8}tB)XJj zq+R0#X(~WU(ZnO|={@QxvV4vPe?)a?HLlbILHiOf4&Vi~n*q%u59TgT?_5ujK0s;I z%maj#uv}Y~N43d5YS$HLb%hd9PMRiA0D!)4S+FmXPCr|V6p8GODP*r;?w zfBN0)36KJvhPM_WL=>3Tqu+6lcrN7;AO(_+8G>Je1%0KCqw^C^*o+2#+Knn?XS5&YRo(FA$LZOagij9Ox@` zB-Mj2C7{b+TaU%^D-+P1bOO3DNkHvjLg{1tg*-?S(A;za@@d!2Pa_~_l7MKtNCdRx zXAkD4SN>H9h*paT*pGJYqJOpMA>3m=r9RPP*RBm{-Rd)k%(Q;3&;For>{KX0cd9Mm z0LBVHi_{ql(1SGn8`{qSvq@u+b<4G5YRg)+WwS2Rkf1^(yP{&~1-$GuGv7D_5$0i9 z;9qz3V z^{{f~g=d@HePOS~z0v)q+R~nsfesZZatYj#T2Y$}%wYKdW=xQ|wuHe}8G=p3V5yIL zQbNGfTmT>xFbF0=eMEnCsR5xg2JI0pfc4D5Yqsg_A}|m4aR$_Dbsxe*((c{v&U9Mp zDzZpnC{1|0->61P4yKLNGc4HL?pj*9sa^Q9)Q9{zqhrOgV;H=3VJxYfKT3-$55PAq1Ab%aFUoa6;Q^2&#eZ>7H%g#LfP7HsA%e~dT=U?Qg|1XB$ z{b>;noe55F9*us%*LCzsR!%eilGolVB_o5uQi`Hh10+a&8}p8YSdey!6)k9}cpMH~R0pTaX|yVr)x z=6p>_zeV<&Dp#cS$2 z8q5I6zrfW#cPv~r|LaPv-95UWm`>G64%iW{TJAm;p1RU4NLJyhqz3J)$tsXg@z4y5 zA4Lu++@y8wmxi$7kirVqZOAKzKBveg3#6%r{=?`R<}2x}aL8@i?(WkdD%zV(^kZ!< zGXc*^^NP&o>)~pQ63P_%MM`$_9Rr$Y4g_Ii95{u4k&@GV$Drn!gEffi9B-jt#1Cn{ zV`%eC70Uk4nPW=-g5*!-pUclvmXiRz^505;UPJP zkA}YB-$#IUk^t@cnv%fj0yHU5W;xE3^uDqJ<^QPwZ6yKP_H|vWP7|QbBtTovMC;d3 zfIge#XXXEwpXr+3Y34((!5cbk<#4!14oumTC76+gt=a;^eVr$));c_Y<`r)|Ms{X+ zxT?)(%^apj9{IHqnXEMQ5iZZ+cpkMBV{1T{hDxxy(JdAmw%@n~r;xFOgK8F!y+Y+r zGoeSz){H=Q?0vyTB^Fqb@IP_(CwxQU4DeqIedM6_=-9Ln?G>NVj-A`N=pwp|;h?h8 zK7t&=Nl8%4Yduksg~xvQE`mC> zhYX%{d+%bGyEW~8Y&ZyiNO+UD;oTbir|sH$BxhH{!6N*p^+pe6=JYnatKvUxdo-@( zY*$Zwy54-T6c0Br?l5?EvPH6k0ADVOaML)JS9N_GhZ#5j?>=v!z0B7Gs z**76OJP_p^zjZ^#FnDJ=fRBuvO+c)}Jts;JsyfKTW0$)m3JfZtb+~qGBA;#97%kyM zSy)ieYL?&bX;(w3n2kCxL_k)k~-zV@_JBa%P$LRi?0;{rDaWJj*`c2|G{fp8v zMOj)}mMBU~Q^W;nY1v|ATG{}Sla@A6^uZ{FTA(`3;;{Zj?d6Df($WTrt!Zh4MO#{$ zMf^D}ZHV}7TG~+YNLrdI!f9z%u_`TXm{^#Wc9ys)E$wVkm6m1`)6&w0i-~DzBSd~$ z+DLJZ{8Fvc&1zk?^;KBe44ZE5t}X4ZE$^P01XHaLFV8O-^ni9$oP-@%yc-jW_yJNUMJjqU3vmS-YQ=2| z#IrR;eAv7P;AI(;%|=EReDZ7A32uVz{!T^xOH}KK9yI54G#upl&=cLS@*q)-`;UR|poYw%F5otz(F00OwBZ0ZqL7D{3?xw-5laRV-bJMe(rcJ=IxoQ7Nw9DBoV5+_ za{WliL;}~pcIzR;AD{`}@GectoQ-n&H@wGReRK{RI&5A%7t^j7)6Iq_wVPLZbQMdv zClmV6<~g3M=4y}99PngI1xvYS0M369M=BOvsW#!FgLO%c2bYtZ{u}d=0*!X?HH-wD z?k3#ZVn0JP+OUzg4%pO?X@yzq4}CZ=)H4u36faRtufy?b)2rxh>}~vkX3EZr9*h*s ziJ`4Qz(QBBtw8T#d*~o>NHg53bZUyL`OW6O<}Teo16?-(vn@9DHQPo3LThvND0X>` z-%NrSzgc0M3qMM8`KWBI3x5Y_0)GdB7Tnv|W)HN2Nt(KLs$aaMt6Ukc&>yyJ= z=HUI*1JmoKQ|`UA%E8a^dFk&JG|w55p+2+S96e+v4-=b%A7i1AdZy(0Y{N(Fum$#5 z;8s`RUKuWS(4~#D5W+xHz#YkL>e_(?PfA<_>LFrVlfE_<>ZY=3^BJcqMZ(NDH;qN2RWkR5J zo?81VZl-(y3;Ftk6!;hcG`|o|=9e5rp}Y$UF|FsR)yP(h7w2JfI5#|{B79Y4(N(UZ zDbAuPi;Aua6x~bq=S6F%ui-z@SZi3@@JRi_&8TM&ZWAoP%k>L!nPGl3d~Yk#-Rm_p zu>g1L$k+e;t!n$uch$U&$i4MS#PuVvi$FbzK$i)g@NunX$uR&#e(1?9J{6t6M{SS0 z)H;D)&vDH~fA<0WF7%_l22sE?f*U?|_psTb4QZ`gTixUW1_?(tAu(EmNL0P3?PK7v z(WN64m7zS$SCI|X)l=4XWL-#W4({XN^B6F7Mg2-wF{*;FgIap%PJT`|vMQ)AfnR&hDfg$y>CisS zUFUv1XAdm=$x1)$Soa);!`>NQdq~Z3mrU$PtKvdeG96okTPs7$U{vTqjbGcOez@S&O=kw4#j; zjK&-nCf}k>iSQJMdwsNZD0;IA!${PNa@8Lq`+j72l_m?A2!fx1YKQ<9Zc*FUV<_u) zgJ*@Wvb&?vD2gvY(vluCM3lX1`)-$7OTe{J@pTwnJANTQBNYG~=~3JJ-lt?hhuU3Q zXLxZ%5e%ZE?SsO1Ru+MWM>__EXL+F=FW$PA^=Hx6OoE5TA6TnLe-`L7gsXB*PdG-fRt1GKhIwuCVQ{7_FC_H z@9(1`g+8M=;JtB$M&dEaFV$UV|dJp%fUql!=>Ukx1q zdXe;t*62?O#GzuFe|_jNyT87%K2%yXEYlmVvxn}Tqc;r0i8bMx!Jt3EI*x{B0!Cig zF&9EV7qTeK8qP)H20&4V20{9{fMo6#Km@YS1l)6=om$Y3IgOzo&o_`^%jvv|2TGhBz_i&m$#`nSUp!lo>~FHgU7hW@o# z1JKZ1>=k-z?*M@dAOI_K*Q06j#5VkGMAHqZya}J>7b(In%7IN z2zLZuyoDM!Zw9NW5ek{Id<3{s6f}?<361qY*GvwF2SdfULM2my5Rj;EXgReu zCyl}@`|Idv0e}ghvokM!URqA41#Csd5%j8LW%q!?P>Kum&f}Z#7xK3Vah4xQ6J_a1 z+v?wdlYoo7p`3d{IvrQ2GMirdgy4o8RNakvOJ}%t$S`Fv!qt7vk7xNC!(kg6IfPAE zb;kk3qP5r`3koc%fhs9a+wM0=IQ`BAfW91$9zWC$Xko+i0{z(vw5Pwcgukz_ZCyGC z0%EiA81(70w^q=;Nczi0u2$~yrE}A zY=$j=0SS$=@(gR&s@>swXSn84eRtzZY`myBz6E9NdRtl};IO9E_&1~O+yN{7B!Y85 zm%jr*InrAE^+5Bi#e2^Kg=D>otF|6;Bnlkm;wDoD5VU*n70gd`* zKhJEQJfOk91^1w2`ga0ooBl&em;U$X@e3^5q4_fPpn&}+!m9uFW&9E?dQg0&&}-`5 zsRtHgr=_c?|4z4Qg8uk9{x>DRpwK`yDfd_1obtP?996%Ye{ z7b>tGUzx(~Tesp|YVIMjln*-|#$S(CIR*!5F*HbVFzUz|&~PjMX2(;q^ z2q2FWWOV^-cktl2@ZNqFE?X!HEp$Xuu^$dCO|znfP=Otb@78H+w6!|A3L6g+a1Vn$ zG};lG<_wK@g$mrUBE-{Fc=!-H$_tLw2u<^b#;1o0G7`#oP{xZg=_r#C8tn^B%M6Xr z3Ke80l<}bqM_IB^CL4jktPoZL-jCZ1Y@sQ39AyL#sjq*l1^X4e*t5Q_4{q;z@z($P zHbz;F>U;D<%-x8C-XQ5|_2Jch{2QxYyi~GJ!oh1{_D;)su!}A2aCk!>|IVrx2TS%A z#P|o89k%QuSEqG^H}>&|t6scHve)Y;^k!xsvG9g*N80A_+CKgxRWJ6H>|KaNBFt{L z90huvX{*C)`uN+cUc6bdYXP{yYyu9GdS=MoXNKH!X2`u~hCKbukY}73a^IOD&pb2a zS!aekI~nqj+iPjoPr|U;u&@qVFl`HdGaGCCM=gfF9{7iR1F2Qdr4q@YiWT>}ZGj}) z{U_7D?{I&S? z`FGI-HLkQYgZK24C<-ojR6R5Br;#0V!IU_j3mxWY*irmu;v+C>W7rY_FCy|qag?cg z>T)SQ6-Q4tqrbEd#8Q@E$=+CFF^HS>ERHfjj}(W%13g5E7rn)xi6F_*SZz5()a+t$ zlmT+2IL;UWa)^+0^c9gBG30Elv$PN|ltLiK1I$S2C$LE4kX}oippS4E1wXFFddmT# zw%c;C}MD2 zgkl(*;Kd_&fh(WDFgRZ)#xFRtPWZ(xXz>bKvU;G!8b^!GM2kbvk}hb;?tvCt94&Se zElxp820pTSdtk*L$BM&b7nh*LCup(uK#L=e7N?08x1c3c&|>R>7H1SK5FisT9>GhN z;KiPV7nF%3#%&_TD~QP!#5j5&#vMnD$5b>#iQ6lB#tFRCQjQSiQI0%S&wUXafxf4o zwA7>>g|hLQ%7%EM*Fwp10X;`4O}pW9LYll)73uQP7E3EGIfE>j3P+*GCJM(5B%P#C z)radTROwYO-yk2Yw{)d#fw{;qm5xG^9ZKg3uLr2wLeV-LUP;l)sCw;2`DmAATiSY< zKOYcAoug3YNTU|=0%7Z^c{;*jY93$JGuO*UwU)JMyP$tEfi`L$g)nCtbx}Idwu|~_ zbGU~3C$s9Q>*S-OmK|xeFqK(?JU3AdbtA~j=z+Yfp2*8Kk!Ka;xdnN?9>~j1Mjp0K zDrIdG*76AMGLvwJLmhjd&T690F8t*c)MfQRowXKr{$=QL607Sv@5>TEqw=S)T&w3LZEkKis# zaA!}#9m@1Xp4&to72OlwY(bu*2lCuKk>@dymk#7Py@ESu58Qcr;?8U0E<-?%?Hi4 zH9T`I#5L2@Y}umOl&6s1L$hT*s`J6q_{XxbP#OlF5Lu5C>*E+2f^)yzL&zveWDh#i@x^?ir_va`3F`gd?~J+ zC;A5tK}))D7M!Of2f-Fc3tcB_E~lU+10T_KO7aivajcxH<7A@cTpcGVe(sKwiI{VB zoJ_==qvIr{&)sp7;^*!-N%3*89m+#Eo8u(KaWFE3iVSl$$4QDKWQI7AV|sO*;@omJ zrzy@TXLXoNF0r&An4Q59fz*X5sq?IpmzE2`#h!<8HU__@shEgUtg759ckkS2| zfcZQJc&^05TnC=k@abC^I?77fho?n8K1KM0k*lnf6Olpj@O$}Jt48O{))wPdWUcE> zZB#3s5lw1YYu-oY4cdq|!zo(UYK+she1OD5TGrbA$XJbxmCV4%VM_}V4rMEViaoRSRaoRSRaoT?L+D4z=+F-_M+hE3N+hE3N zan)-ZsfleU8Y}EFV~a^^P&kTPCUd4o5gz1@m);iR0x*E0T`C@&pgGt9-(e`Oi&U>X zgsE!bC6kR7gVh#IaOiKJmOmf9iUY8Lh5Q)>&I{ZPrVC5~zXfpVC>R&=z-2aW{ez_k z8!!YEe6L#gs|3GKd6yss56{T)^5J*;;aQ!=Xu(+M;+MS~<_gy4=&yOJ@ua`#h!AFd2ch%z`M!dVgN{g+)M<)_6+lkI}A{n!t9!~jnZu5hxC3_F09f}Nz3y*e9 zPKu29=(QNX#NcM&NGhhY)}cNe8wWYcfvawTSd{IyrtM;S%U%lxfq>MO!~XSp7f!yg z;`syrc6i$O;tA-x18D#@u*$#P(iz@}l7Wx>0JN;#j#}T-x8Mv#jMbKIy~bY;M;qDg zmbSE$et=!taJ8i|ycVBCKJa6J2Zvzbo6_Tb{GITw*)~e&dS_T7X+T2Desrk$kiXNi zF1)6{ze~s1^&E~te~cM%haZE$U8@8YdGN9=Kw{Y*gcM9~X|`++uR}8}C;VIVx>V2^ z&n^CSGNcSFT3XToabUfFo!QyINk4F3*1;}(sGmfyF)UoV?HaS&fw1K;W(+ZKUfOuI z+3QG)f0w=$oyD+mX=@*|vn@CS4l^PpmgclBw24uBOlkV-rQ7~GQfdx4ycS*e_&d=W zQg}5y`fou-*>-E%7N)lxmR{pwmH(u^8$AZ;TUs#?UPCf~{uUz*AP2Vk8_muJ>iit) z?_?j2>9y!}Iv{Jf#_V=rt>w5Pap|V3&2C3p{b(O3&k;&zpnO{&v(GJ}x^cvK??rnci~3qEAfxNO4>`Ax2iwhu#`D@JH2R0)#6hfD7zS``3q=Wnq%;yQcvr+zV zAG7BzV0FwwmME&X0J|ky55-8|0w$WX4U-cmQ>kuR!sx~Nl14~DbM_Z~!_b=!ZYdcp(SF8UeHq&0yYZ&H-qM^-7Jr zjb@(k=2?zNe^e*BAW$etX3B(8*e&n}V1xiayiXJBfZ|9Wz??;OP`c%6!8@^Sf*aWd zXc46VAdo?DZK7BN-O`y#H-&m^&Jl<^k&M^((F)ZX(2Wo41^h0E1+qRs4-nA{!jbop zK<+b9Pl!uD>I0B%6z$TjR}0>WZQ&8>Q2>ib9iM^>f@TxBBCeKtfJ-)lR+{rMq?Y)_ z>mf8V4rBwS@#SjK_g$;VB`qz$I0ACPHS)j^)RzkBgt+u*AAszlfR=8%S};yLgHZ@= zqy@l2AqIecfT-^Vq-2zmRfmA%4b)Wtn2ZFenp2yG6s4$Pf}jfW^jdI+uu3DXQrCI{ z2(<@2jh=YZ2rd|y`VYdry1(89USXF?kM#i|$lDE9Q%cc`^t3t%F%49t6+2*Qvp@vJ z_Rvi1Ov(B~=nO_4Airz->l@Gy;rp$oXp*;}Jmze`>}99$bxS*1p9<3N0>`jtf#<|I zp#ACEN!Bh$5q(h6;+^baf! zavG#xKIvwRY}98U8{mXKQ@ygqXcoalB=exk^3W?t2^8@FoauthJ&;rU3)3OE$gIzQ!zz^H&d}C5)9zA^?}GxL^fY-_R19_S!5lF zg)c!ikPOlT+d=IFy#{8)NLnIsNEeeNF?|;!jj8WukU+wAfumv`nkm>VO=kZvW`@>G zU6)8Jz;_r1LS&~&3u&LAc+$i0|=X`j$-N_tzwoUQOR2xaj-01>RVnEms+cM9;+mQAmxPP zLAl`csZ;1vV@XY53ggfFc~6(P)w-%dK$rp89j2Kum6mwjV%;!gPcz(APaaYB03Sj3 zQDeDig6VrJMpxzloxo6hq7e|i<1rP#X@N!gyC~Y^+`v1=((er>$MRFX! zaoony`pHom$7URp(uUyhljARrx;WaT4MEtsA}h2)0zM9_oQgBxZ=pj%RGjZ0A3v!d zl9E#U@%-8jgsAu#<-pI~9{f!4;iuOSwYCHPLC|;h>GWEh>FMa3Q=o25u)Pf z?gso!*^8h1TUWjN?UcGz?>?HcVb#0eNZE?25u&bo_kon%wH;miYumb7YMZ-`BN?j| z*5ePnJpUH_g>!|7)ErcpAhk5scEG}EFK+7ZuSIS9RYdCV)K;wN%eEPqfDG^& zsE4%|8HKLe_YDna=FyJ?vAR|PA_N`&Ms3AgsK4xOD`S(|#+GK zp~6tJk7$}P2;fE-O3Nwzt6R120SzZ=u7`AbKrUiZLJ;X|N7*hb;}Rm8U9IhCStZ>) zDc!@c1-k1+E&@u}eP7p3*ko|Q2TmgcBGxp!+=kH$l9cFXk89gn)|*si zFFiunOynZ!WPgROZ4B>YWUYOttlJJoG{a4kp3U$lYQvEZ6>ox`?;t!7%;uS74Yzcv zfYa5DvxGfna~lV#c2 zSfnYOOvWXd;{+DcqM-=AJVxn!6rKa^N2PT=IOARz`hd=HBqmGno7|{aje9dN(vEY z6wi2lA8nYSCO)jEYBezrZ3*Bd))e5OF9{ITDWgpj>K(CgQ(>O&oCzz`CO}23iFzg0 zR2nRbT_vDYd_b`yiekJULL+9Zi7!`EXPQWd9t4+2uxV=NErdvgng)$@yG_jCe@ni6DkIM7}A(RA>k${BatRM#8A@|2vIn3orb8BI*5IW=`;y9QK@J& z>E#j8X;D37g%ODAG%6=WIx)q`^h2i*ZHh)yl%q|MAp%7$6>ox45^5^)BvU3qzmbRt zK!rY0{U-4yAXWNJ6czQGKT0nr^u4LwI7FZ*C$=}4d>|UaP3kt2aMW!wM4;%T0#0;C zVogPuWSS)CJ(3R*D7yo-ru3c!oB;Hws60_!RC)d=rM$Iqg~#CmMKm$C$&>>VBHpZp zx{DHx!6w5_MJN?nu<^i1{I+ha+1Gl6BJ?G zVu&J?sPhzyK}BeWoTkW_$_haz)mzj^SX#mR1j+$!ZFqNZ@I*x~c!8p=Ywz z?-_jl9Kk0#r`&5iDCe5qatgg=2fbwvy=4ZU;xL=RrvPRKpW;KC_5+@CfjbFxms5W)NyJZ5)ph zf}Vm$1fdcDC}T?ZKf$1ir2{MykS3!QjZ0i*a-6Bo(Q^qyRnN(JX9+~tArwUvDuEUD zb1??}8Dr4ps9%EoQ|iAUnC;1*7Yda{hj z%q^Q8D1F3(AJ2lUFK2k}ob>g)$rHwmygT1B^V^>62TDpx137_`hvt@*&AA~^`tWTj zybp8+Rv(sER==LI{VE5R5a|00jZ3jJAjr$H%hS8dy(RotX!tPh5nN@*)y`jrum@M! zif7=y%~`w?$HvQrxpjU9PFzUbn!xi5u=>GWc}%Nl#P^(5uCgA*6E^gQo3FBraSolp zi&|Wv2~%-3&F8DETCmz3?7Dq^Zk5v??93_4=G8k(7N`q(=1*<@F2CIo?8+&f!*h%K z<>~7t78;jql=BtMDYi^0H1=+g zPq0qWW!Z7vZn@)PlusKv3YXcB!nX2JDfOfHWeVCVdq!V}y|_d5`BQ`S?gCtYcxb*r z6u$>Z_TS3AzUl;srK>NY#&~Ft!4YGw-eO0 zlX#WOx1zA3wMr`l$WDo!^`fQagIX`x5;RgrC$Kj+i&H4-deC0rx2+9E#?Xa zZ8g>~XzTK{HTl}wiIafC&~zaQ(%p&ap3rn}XhJ&6XC$WkLen!t6SA0|9ZwI|=Tyz| zzKxz0#dgvxvZI4G>_)IOh5;*;9p`ksT$?T_xEl0v@23R(upbeXGv3w6Le;i&j2uFm-jwh$T9ZQid zM|8v>JFn&PzIFcgV6D}%eQ8&D+mFNZeu%ruxK%SUFwXM&I<#MeTJ+=G9YeHy3eR#p6bz0@uaTW-!3Y`VQ z0y#FQ14nAV)M?h#MYh!OcDUiu@ zcIcy>`ZOHb?yg!P^)3C7>~ae*sy(?0YjZ-gymlGqj3emGPs^XZ@w<0?Kldw-Zah)_ z=U=?_=jQuX77TA2+V=GoPu~86Ez{h;efBr~w_ENDe&+Q`zqe+geM z^?UorBue-jKYs7u$GqNB_upad&7a!6fsE!a{idS)uD5^v($t;HI=(e&;%(19Qs;kR z^%qiKs$cx|H;xS2TQ}zWzuGeK!L|J!zV13_<-oswAuH|58$Ny{C(fzA-1tGGx8Hwlt-N{2M%rklU~&se-T!fBtu2NWET%f;hJyqD>(mlvZ2y%q3(! ze;a0fA@o}qNLtq8Rvmn=>UH9bDtgKt;kA9!+5m;!e;8uy@^56lhb$+;8wTjjAuOmm z1gv89M0mrXGz0aLoiW?p4t-#0V8~%<6?pBcUVw*s)2Wmcyf%T?c?!I4(NeBBz?6|h zfUPFLHdQg;L&X_!fUN?sqX)pm7$L^CohZZczm90vIDs)T;JV z;B^YTjySxO?=Qs*SX>ooD}QUC)!RGb|L7#xBjkW=8b3A`9GXq06Cc=AK2F{Jcd#(&jeVYjHX&HEI9Nu$gU@GxMfKSW74(>TKFb!B7+|x7gJyCEulzxs3Orw|x?`au$Y8>Em zWndaw!VBf-jcPS8F`SuubS%$2z3&5^tQ?%lP_@F%yIM98-aXuD-UXO_oUlbt_D$?mp2+2@@U`?GMg!V%Kfr0=a z=VL+WdYKr>R2ZQUl1^trh)=;W*+dBKjlcng0yxgY;?Vmu@sSn92ZR>*$T$-|G8G*6 z2tLF<2^dg60ONct6g^NA9obO^ft3P2d}qQ(mVyKBjYJBxX8?p24RD-~MWYvN;v*-D z4=4rTBlAr7$X0N8O#Yz#6NEs)0g&^sfb_&oeB?&)p%h5gnedUL;P9Saft-iMWHeyn zV{8;3u$sU}_L=aJtKdjKy#hH83(JVa#K*WOK9mBWJOqZQCOW1@8AK@%j0T2#wYc{vII>TxK+eabV3=&;!xP1aQXrGh zgpa8Tj-1mgkn`|B7^<82xTqcohYL)6TvQK)Ll!1JF0Kc{aT60E7uN&f;Ejoqi|K)I z{K&+|MfE^9hGnATqIw`4M>FwpQ9Tfj<(c@ns2&K%6HRnkGIjt_Q+_RTCi> z*8}0`u8EP0>49*7*~G_1^*}htZKC6%dLSHVH}P>%JrEA|oA|h>9tbBKOnh8a4}_B* zCO$5%2f~>b6CoGZ1L5?KiII!xfp7-O#K%STKsXC#qT`}^Ae@Oa@o`Z-5Y7gg__(MZ z2xlZsd|XrygtMY1J}#~Y!l_vkAs5#J;ry_Pk&EepaEjW*$3^u(I8AP% zo>Ad6y@`tpO~-O|;?Iz(-z~vH z7wo+(!2aIAKlp;(f#EChv*r)@*@UMN+FBe9GN&Qwd>?#r4gNjM&6@!a_cHFm(|l}e z#Zq?GHEIcVG}bUH;+UMH=yt;6vk;pCZGTV+nPscA4_3?7YBMT3fH3W(Zs^N!QA>u zU{3iYFgrd8%$`pIv+t9@obyRw&N~CliWXfsUm!4Qh62~51#yj3VcsakN(kff7zKv6 z^BG*%CCu3cCafHx&LrAIHt&cs{39qcLfdA;f~X9f89oI63e*nJ#N|1;xU@&D&rxSc z%gQ%i4#D*~*lxr1Ig8}zXspkP3Ml4-u^5HNEc}CuuOfpJYorMF$G-`br$TOqp6FGYIK;z(58XV+2C743FCy6yDukRFpaT8Vu07_DY-tqd16VRCmh zxPbHBB>uaK_^39}F0De(kI>#pB>oAj&UF{3qdhvAK>Llrfg_Rl_9*e&74gA{rw|{~ z(1Z9mZ8%1I1xJkb6rI!4o{LRQ;=c(j*b|9wI}PzO1s^fulXQv1cLNugyj2U4fO4Td zTo0kWtRf2w>g`e518pT8QQ8xmr=@*XGVOuBQ)rJy$WzI*cL?oSyeI8#(Oz#vudPCR zo`%%b7AJjnl=M)1ChdJf`+af2?~qnS@ZU|Oefv2J{${a*Z~Q}!{R-O9~1m-Jp})7ociOU)Q<_i z()xSjg5Mbz{C$bU?>JY%-_xt$cPirNord@qUhv;O7r~#LO#DwI_iZ>z1|3uH(2}j|P{fUrE2I?xLnX z-dU^Ca6kL(rV&%t8%j(WZs`GJN-g4~#WL-*64jV_HVu`s%I50ZUW{?n z4#y#k+u*4AB^qiH46ZV^aS%-#8}G9<5yYrbO_ZxRVv~$%6p8pAeOC4weO4wj4xuw@ zDPSQ5iOM(%gt&l;#+km5I|?DKAnJ?CBf1Qm6vtuI-YJ$BB+|^8NL1EMkm!ngG)YDc z6^cEJLl|di6GCeohstmXgw800*t{Viy5l$mBPD{Uj8g)C#vx2LN>LpC6O4%4-lI6Q z$039pdA^LOti*+6L}dUjBqJs%_b3wo2}aC|Bk{s8qSCe(kP($4y?~6EtR$hkX5j94 zH9B*eeKx|&ClHRsM`s{M=E%%=7x&p4#34qU+#edfxagAvo!IxRf=*j>e+YIw_s72p z-2Yt2{m&9_a{sf$o80ick^7Oi;pm5lQn+P!5B4NK;=qpKc^;g4vJgidG0wy-k4R zbR6k{-5}gMj^l$&J5<|&xDx52>QUX+K~SL{KaS2=(}#y@2%kV5poXJ^VqiFs^+8lI z;Hzx|V?f~Op_cb!Ks1(Z8!9mt&N{;J7dp0T0|bPYIB(*p8E3h0c+j>>1O`M}Jfs33 zz=#P59VJ~AQ4NA}h$5n>u&dsJBM@Pt8|^p=!$bs5z5qzcKqyQ|yCxzKZc58hd&iaq z3K%`q*JS_HxYoV}!>+Nio9X*pE{Q55p@U#0U@bn@o7O>Mooh zp?gQ1?yg?xF3ra1t{RTo=+n_1)>@#5(H%CM&Bo~N!rMG$8)3a;oG0d+;%Cww_8aw( z?$O8+uTdWZ7MzU;dn2wCy89^L@5brwqylK~Rp6Vuww;dfXBPO5Q|J!UFWrsO{lW-* zb5~QW`)3t+I12(ojPACcbhkroqPH=D?~D`v!U;S)3;`oXcx;4ayD`GsM0x*{0uQgl zqJZ2$K%N%?Tja(Jdy&+ zm}-HtF-?kT)MNHMYRge~G-5L?c+`5ws*QQ`v1%o*jA<+emZ(NdbksacwaQSLRyk^r zW7Wn6d}7tg0IO7M8s3=l#a+f~csBuD)67OKY^>f`h#9N*pE0blYGYDmR;wb-1ZWXz z3KnEER>hhL(3)0KpcN+{Uk(Yy!_6455^qYiYM2=VtWvFvuBwPrs#VA}EuSD)Vos?R zvmIbM+PYY^5_L+o3bzP5O=z*VU!b)nKx>*ZfmR|P57 zwHDV3VQzE|0?}UA7RY%s7bIG}B0fc$@FeyB%i`Bn`yOvy+mFA82k{b96~*$s6YDuw zy<2n`Ltzrr_&ct}%pZePL|Fq4vq*a%{d>)32s3GqhK`d6fC5xXh>lJ5dpyKi3Pv~7~pD}SRhae2)h75$d5B< z?STbG$B9^=w+tX$f(HNu7#xCz3>6*|54eidifEbhrYg2gM2GJ5ssJ|%ih_cEeG@h_ zUke~PL&6ZOCps|9k%$hHDVzyRVHb2@d<7A&$rK1jdSwcC6ov$*umT3BM8Cj>y$3cp z*pP?~@&rdE5}3j!*uX)RU2mF90e0_|DO@oKOs0TuK^)-3PsJ0qo=E7y6F?Inu$w&5 zL7u=(>G;h`w*(!2YqTz`0gc@V{xyj;#IZn@Hw` z1bczri&_99n!ZC+8}zW1iQaP?ex0&hJP_#Ogd+V@j!dm`|rMUM$-hCnZdJPGlX$wa){1n*+8&xCjpJydSm z=cvS;3VX~VE7T}se5xT%23_ngYBx=9RGLmje9YRi_Nb)=-g_9?WW0-QMeU|pHDPz2 z3VY0uD%edMdaC_Q241XYR1h#uEPf=7WfI;m2*V@dR(|rSu*ckE1^f9hJOXd!1D^_e z%=J~ZpBKX;{+8o@=2H9r4#Oiv zm)gnj7a=}>zco2Nj~!+j!nv60eAKBp6P0JA=HQaUVxU1TLJI` z;Bclse+XW+RBH9&u|XaYPu1so1;Wbi@+qO`yh~7DmGvZkQ}hm;-;0TNFBG9C*qu{m z)!QRi>+Lv_SAQojf1;7|8+9aadvNdV<*wlVYRic#+&qWkMa=%4M-I@%al-}1rI>!_ zfxKC=;LSbwBK3s-P7v3 z`q4!sFi#AAaiBUec>J7Thr9gi!48jB`B&tH`r)hoq0u}-c#JhPnnwtav4uwS2;njI z&}beZj5BaYJNefc8ttl@;Kp(-zPW;R?tff^I$pgRKYzapKatVrTwm1$msyW9Sm*l3 zm8|Cq)^j<2LPPY`VZ()i_GSI})myN`TKYNvn)rwp z`77jnT3f3-zZVQ!LIrce2l@pN>n!eYiJ13#VB3NwH`ZuUOeqo}5?B+d*xz zcZ@f6y0~*Cof{Q=T1z9htz>C|?Q$!3u-^8n2ENo*YwHruyVd5d#_8d6PvG8elwhVd zvqKBKiEC4}vc@5@Cq{egpjP(LWm=$yHIButl*qEOM9bTf(XxYg2Wm|xC86;$t%(gI zwd^CS*0eB%$+&vMr8Vu*0)|$$#jQ2%(*mv745pPGyPTJQ+K}20yGnuw@pP;&@1$=D zBMnbo+FK1sLoU)9HLTdd9YN_@(@xyu8LYKwO}lv?tnV(Z@yKM8r3l^v>rrYj?s5gv zQgQjH*7TaXP_ktMGOp+A5;Ve`vSZgPWFm_=)S7yu{ilTRQJifh;d?{P=1&W1oaZVN z2S6Al6Nk?t6OAaTWMXAZCc+{UQPk7{HIRiGSP0<~$`)?ufi|Jk2$gY%6vVSpYwD*p zjfVggIJ73Hnx~u z@N<^~d3Pf{P>%wOOHcs!oo1!9GjA_`CV7xI1?d4))r7r=izl@%$J-=)xcFY5+CnV) zTR$Nhyy^{+OX~6A^-7c9u}75o-=Og!u%oQmvye7hbGto$$^kP^5TJ!eW_N(xK~K3t^*9$S)VQjpdVH7itQpU9$| zyETD`Kv>RVO2G76DHjlqHv#9e1UOwW7&o6DMoh0Hn?2ZFW%d-15G|gE;`vD{CT^kC4g-`9|Wh@*{jeN?@i>r3CJGC@QZ9 z_Le7L4?s2Th+(i7Dl=S7avai=F$ne4tJ9Fx6NP8;7(fakGZZ1o{A>cCwiuATk{Mbt z(Yx^^0_laC?}f_a(7R7SW^}fWWEKsv95`;lKTvCg_Abd>3i6N84w1|skt8JZ7Q8@b zm2D-NkCMz_jk2wzE~$T%4`deX;AKJpo1M$HlFXEFXwkAQB=bikGj@Z+KfnVk|A-IV zA8sZD9)d4QSq2gxdp?FduNO)0#_-oGks)M>_;V%VZx)59S0bnPL}2ek&Hy2V#;|y# z@e469*@WrEHuXwl2w5VGj$|0Yro9r`(-X!s$uc@yrv);BxWzM{2ZCGi50n|9MM&ev ze0)4k8snq{k=G{N)E&V7X}Ey+IYt_TFUq!&v?Tp8K9Ey7RYCwe*x?z1FqH2Dc-cxC zA0>@(phDSJl9ZJnOw1Rg=4K_a84kG+(DJpk1diD9r;DnrH+F=$K1AY`al zD!Y1Ouy-nB--JnK1UDq}D+z$6$AIjW%n-6TklEg37{RB#QrXcH#xqeFovjmZi|Y9$ zptb}5K&=tlMRFCYQB-Uto%41kP^7Vr&0n7^AwevLFI-7>;WhUKvWy{ zLgkBPmbWJW`l&R_k2L_tbdf-u5n3H+D~`T8>?eRsk=Q1fTRP!on@Hw1k{PTa?sp5R z-$pW%Szx}I5LnM#lDQQxwRmYHnOjNbM!u1{th|*ENC^y72{_b6Q5k{bV|!!B6SG`* zb|POCvuwn`{FIvIJN5#>^p8N95!y!5_+B3$H{&tD6H+LzO)$6g!OJ$2#)nB`@P#)8Y#Kb1x+d64Wr zs*M9gGKS@e^QzCHsgf^6n`p1x#Y3N2XlbpBSi803dKpm)Y)--aWwX)K9EWt zwEbotkPMd?gSHCENwLh?kbIF8@~1wIId$;6YzFWQpOoiGioQsSCeDWEi=~u5^^wGB zW)U7Q0jA*@VirMRI?kvrH^v0_@3#_b{V4b6j*nQPxk%T87XB8*k_4Vudx@TC6>b-_On4xs%e(`?+~L zcT&1}KR0jZPD;m(y}6+YV?%}GlGF1-(p8_2JUCW=&HE;vs&FXI-yC?*j~)4itXINrSC71$|2`17m^&{<4e`~n;Qk;`?;L=mTl==Xs17JE+ ztzJNB9ndy_P`Uu6`&u0Bc`bG}F^wRY(0q3a&}gfA#I~gK8N_d0nC-qM7i(&s@@8Rj zIrNM-8-Mf-jm`SD#sgS8_JKL=q_NrG-gp2B`}_Gf``gVH zP*nr)f~uPEhdu4bo^m1D2dS(qmAx9wUJYht1Bv{BY+xW87>Fy;_Yd|r;2P1Vyg3S{ zT>LS+h#Sh=S^I0=kMV~c6I3gb=!zsD!vD_>MIatuwAx zl*`q}XXypmOIH!pr5|!Ngt}Y)vuZ6x&%5QZUh&_4pT3P3d9Qz{OaS8cAxqDH#YKG+)a12{e;)j z?)%(?EM5!y=Pgf#cq{8e&%HRGm!i(=^Tn_8R?^^mznsfkL7PsD{0DF4{B!=$AaBL| z?Vj0(cq^sjrkB6OTOn^xJMk)oapm`3xRsX@e(qNTf5=M#15c*z<)wTj zbB7G%rFb9TxM?&mrThGv&rjv0a35a3>R#T-w&zd(@!z}>ZTEx!H^e*1UijnuY~Bg> z!S6pD!#lZdx%o*a@5Gvw+BS}NQdxX=yv94BzW<~4242bJdwp_0-iYLy)UuUV5;=bT z&=g(?biL=%LSD)9O5@*e;*~h78#cYdD{1n7J8~kgg!!+?(|dR$%L`+F{0=WfdGOvf zwY-sJ-FHXs}OH7Xn=R?YckmQ2sCGm+s@i_|HA?`2!nn`@-7(E34D$U-|dO zt0Q~YZ(X?az=FoPhZav*c=Xl4Wu?D)xV7IepI!a4+Jz4e{QcmL*R9XqKJ>~l?n`bS z^yrlp3$524o&Q$)554s{kNR-c5WT<+rYZ%m)$ewuBR@~ozuTxU#pyjIb^VX(7*w<{IMf%_TS{0IVbSo zH$CO056mr_9Vo?eoIt5(LDrWuJaPC8dF!K*>XM%gW~5 z5GZ~4wv^aXdwG!c^67n3>aK8TLsPJD-62mo4m^6)BUiTj)T6I{2~{-zQ;YO->X%Si z$Cu!n_2tCs%Zt}HBVJ$0nd|eQPFZMLW7fAMR^Re?eb2}1d+E&e`Fhq@9jmV)UfpM@z4@Y=3nz(ym)OsW>Ii*w>bdb^3NJ z7B4i?wwQ~|xxl=HWmclhMB@!rCNw4|G$9uYzQ04q1q;o;w;F##W5&T-;v0Pk=2qjc z)YsT#)>nBR@;R&e>UxmPS3f2G-oG=@g5S~mOYVBIy%pF7V+*a0^?;0lfLgeGwH z{AgLS?+J}b4^7B0fk-!jxNh0p>z9rHq6tKX+0!pAn|(vD?#AZlfy?vh>Dho_eg=U| z4~_AKCS>wGlkdLJn5@u*Y!k>V6UgDq=8jl4{uUF+Y!k>^m(9K{SaAq#he6f#o)SHOT+M^-@2qAKhL=4kZ^YDUs)pZ@Ra;KZs#;?D!E=h zWc}A2vP5K&xV6x@W)mC-l!8Po?OKA&QV&7tpO;^#Z!s*$)ej&KTUqul4t}u2azwAI zJXSumAb*na(udNVF3m}&qnixkosI5y;r@>c-rpM)06qKbQpu<9?~RRT>hDnG_S)a- zgXh-Yg!T8~2GIve8-P-#=G# zJYo|Qp7YFST7wzpv#-8FTy|8X>;ZxvBvI@5@DE!uriP~2dTe*fMJ$uEw0j8(lzxu8 zo%&<9)1-;UXB4>liQqo0rw{I55*lU0vi_BkKKh9&Y`4mvlxMseQCN6Rnw6bTk9V?{ zwxaE*uh6)48w=R<)~bg-k}W5__4lP%e@o*1U6Rn>bD zyx%t9xb~M)%*)Q*gMB4O7vDw-TO!Gc~e>3rKMjf8|jP@?k&`!McD*12R592L82FBNOXKW*ovh{*|o9oOW4TI!diZY8O)RucV%- ztv;k;x;w&U3S1K$*qhiMrScq6JGg9kHV1@fTj$A9g2|0CyzUBzs>Bf^QROSlZ$*qd^(48LqaawK(=37%jcc#M}eEuIc01I=l zJy@MJ{N%U3P}p7W&C4?e8p6Mp$J3j05OU#O86HXO1`)?K-wC4*6T!P1+>$ZJn=wUw zwt2sN7RvX9zLpibGaHa`1jOsFLE&^in6Gk^_VkNrGU|JU=AaUsN(82~CK`Yg%Yl&H zJG4!=dv!xw(K=XLacD3uyK2A(Hp|JO7(dfHv=uuX+KLm7VR-X5<2(V&MjdAs4Be@3 z)K=`dRC{s9Al>QpHx5Ih92(Ap zh+&&R@K-yx6_YIu*hPK(Db=i!r#>$VX)maXWs6#%7&oZexK zgq>b}Cvf1P_~EbALW-d=>>Ca4?T8Y~chDN-V-IPK0fu#XJS@qRJw}a(y1lx)o zmuf3EU+S+JhPx#2z0K099~j!HAJtZz9ICB2K9sHdx8Wm~zZTyEzjhP9#Nn`V3=E*e zFyaZ_2-ewdDfi+IrO%T9g$Z3}ha;oe=mr4i0iL+$)lQlvvQJJ*Xq44oV+;mxpa8n6Fhpr8(ftsMlBAa_;bO7=_rN7n$AO$_5&>zl^>uyw@=x zjE7spdu{TNEx)&f_qqnGMEVF8;KOhhSc!hQ@sfq7h7g8vNT~64{K0Kf&d@YmDCG_z zO29x5I_(9O>|PKPV>mt-mZyITh9mWWGaT`q3n)Q<%XTDLfjaxpZ8*Mh#a6J;&cXgp ze;rWeutbJpOAV!WHJGQ_f!b{T?Us7<1)o@lZloZthm@`!gj((X_F)-beUIfhP;498 zs2>4CK}xr31PPLVLJzZXu!%DSnF7H{2QZQgj5L>gGKetgV2!Q%Y816%+|{Fc;nnS4 zl(vI=-N7fkxsEpup+A4`#*db}2hvLU&JKMwvvLjC(WyQCKkP19!-LjcGTvMX!LaVVELY6JNqa*dpUXr*larS zCHLq6KLRnZU_&pgeuK@TdWZjj-USS9)pr5`PX9`j$k82oiS<<|7*aAjxFEx(RkYx3 z>5*Mb%gH3wf6hlBoRnv^3H)o>j+*U5PogEezEfM#35@I+4B%G+BUZ~1(B47uUk{A5 zk@gP%E>vZ=9MUtrLs#q2I2(YC^@C8i-CsK_(~D!F8_|dZ8fi1MI*`$+k-z*a_0_og ztQpTX{B!8rLZU!O_iqsum+FTIoDRx&0vwyZo-q55_zxi24q`ybheR7&{X2oJ9DSlq zA8D7)>kYwG=^~pzrrTfL{0_Foa)3pK2OLlWcB3ur1Uyw-Q&MPrpdRxIjOVr=qWkJ! z13Wzw)>luPo@Ag?UZJy+kW_%GY{oCu_prQI!O-N`@Gz+R%X!9aZ;CruV2oPb!nUT> zyn=!H?u73-UI9M!9}7P2N|~1hE_ONQ`Hj9Pk4n<@`eFj>$}=tz!0bpIs6Xy{ofM7? zC^Qb%OT~ICI?Mgsa-IOr#zUp9%D2k>K$SC8#DaQTk zF|Q!sIJ8HMe0_iRFdDYr-*dNcLGd+3_pG_XQJiOdKTP})qU%5y8~h|XO2Fav3Cyq+ zrxd3Y7{8SlyQ;9J*rUE4S-h}VGp29oKtZR!n!aoWK2G6&^mq$5##&fJ(i2h9R`QL~ zcq{qFDAh`VF-IOi)O_Os^Rd3b_@z&J3{Zy@6dKQF@Qp;u(Hx_3WW*T$#i;`hJje%La~jWHErgv`L&C&$gV+bqCl6}gS!nc$ z)>&xuHy_`bm}h+P8X>-350>jL|4K013w|ay7ID)f@D=GK@{3Xq4t3-kUpgpn!8!-I z1qWwj9AP-+psWxr%PAj<^wd<2&;n<$-ce}$8TVgMc2hC_pyh$46*x&6%*cQT&*7mpyQV#|BOzZ7(*H1 zw`jgynw$G`=Gl9GZ+!NTf@Sbaw7kuD^7l-$C6uMT$H;{>TE?DNoMMDjb3p4gU;}$7 z&mQ`WK2(Z8f2%r#qiTxB6#X5*78l|Fn~k5ZF?Cl`1JUzbTp~z|Z#qWo=wV|XRGSV( zwElg;mtH5*F|qR4g1bRx4{WYGSZ^urQwWH@@dfE5bcwY9ulK6gs>}t&)+u{2zkPG9jk$l*==UseDNa zqkatGb^<4t6&QCt-6ox=4c7M8zG~n%d@{Ab2rif8LgO*@kZ(My9&`g;1~2h=5p}*z z@ZdPeQwa?{WO;@$*45dq*A^Hv{0cqwdB!hBsYh_>cTJ>Oy?|ww@#FUdV>q@am-YdF zbNH8@Q00eOMH2=JFbWB$W-XsOj6slWyjHB_D?QtCZ)TzKxg1r0ZJ}|6`B-Oot^yJe zZB%}!A4O5OR`EA{#9IHrzo_Kb_?ri;6&FQPES*--jW5V%U?C71**;8pESgBPxS0Q2< zjDOz3Jfrq;LhnW^09mUD5r(PWqRMWqq7dPh-ia}`ZkzVx$H=I%Uow0{nH^DcWk&Tdy&)k|A#% z1raa$bF7#{x_3!(p=j4A9~ekzcJZ6v#lBI<+*6Z;lIS-;2g57*?mc)4MSt({-LFpn z9lp`KBFl@yvEtGLV?lE9h^vS*hl*1D1o#58gh>xJ4yUL24gjqf?AS_6dD>aIYY4$fSyU1A>+4BLjUo@WeiC?Bua9^Ycw5_~tc90RlV zRG+fRTxR@XJ=Mje2SeI5ujB zKORe&4JV-lC%a`SFJPi^{QrnWuB=`#2|hx(ZULu=pE$FKb1R9Id@8J1Do#m6@}%YO zG4EHjJ63vR_e4Uf!}yb#x-cQt zY5ccJ#di*)ZJ3Y;&sJm9rK0=p()0bDuKfFpZowWM$xTN;6QhGzOm;I%E73G zYQxd=R~FqC%ZC`{8E=^RaMX%!k7faWpYaPbC&NqkXfEo~1!H)Uqp|>c?aJG@dg|)d;Q? z%4f@`DC9DpDr3cP9JGod{G5Z)lR3WuWjHnD_M#zo`J?m?Y+CSEmIxnjv@}wKUXE<- zFYeTv-2IkK?VEx(QYrQt@JH z)_TJ^xKnuHuON$FtDgX{@EC7Hs;Ooxkby)x&GsqA&B9osX}_s5oXD6l#c;2zD2eD1mc~jzq&Ep(ibr$1_2)BoOajo zx8O>Ui81KRj~&(_a7gKzItMC$bf9usCl5}6KRTE`D?C#aq0c(d^jQa*KI>rmtb@g8 zt?4uGkCDrwKs85zd9x)nLs!I7{<&CdXua14S;g>`=rpM4(kg7|9Q+uq;=f4CxGyt= zzRV!;WyTH0awKyr(pKu{5D5#n=C4WA;k20mr@6 z0-c&7-`Xo2#-3Lsx#$(XY*H^O_Kz*nEA|$>upWZ|PU8nJnqf%!V6@@6g3qZE zBZ~vDSWo;-7|vg9j%UDp$E%nSt6~lYp>ox5k3QcSy2lwx1#nuP@q`%-_rvSF;N!NG z^7P`bN(0?xcH{NmDuq6pgP9|d(p_fDGrVg>E;(^L8neR=tl8I0wEHbh9Yf;e40D4$ugr*}8;{(IGhZ)l{L`@eDGa;}UFRCsSXG%)G@tk_EAL9hZ zQ_R85*m0Dzm&^E(J+#P)QHNpOUoq^-HO{vg_a@a?XxwGiI9h7#IUWyu<_YHDZ`^|c zzPD`xA%|lZ-32~!gElV6z*mO%FT1R`SoQCl#U<$9JAYNW;97lee%?fAG={!D<1yTs zD<*2uB_T{b^cSS@^j;Z})axQg;zOddm!oa0=dg8`FgT75VtMfFF&b4x3BxfMpO^7n zhV1sxSX(H^8G6(e${{0i&eKgU24X%psgUq^VK84i#DPH`bqpPs^brZc8c-z3#QC!72o3*SVvcH9IaDcA3uum zbxufVW(YlHsiDVWv zMBgBu#$&4H`a2~I*S~46ztchW6uCl$g;K}J;zz)txBpowk7FW7(ervqDrj&uHv9(q zRbZsovkO!LR~0o%%4b!IK!@b7C`rsWrVcT&KJSWrUbM8>^+~tpD<&{gU#RXv(}_h}w(v@mKS+KKQJ-U(vJZQK8X&6Ojn!y|1RI zEsBHUImL6)w+CM~`_}vb5E$cE72o85ohFlCi@;Entb2_7&EhKS7%W`YAdkU?j+F8n zIrz8WD-hxCdG_vkwn7#dgSJG3%fDQ}=x&Dbxqke_9!W3y3?Nflpag>?m&M*@7ncI6 z^?x$eb#PUVxZ?^Q3UsdVl3Q_SOvK`iUZB`fs1d9^eN6(DI=S2VamwnFX4~AJ#6${hRz_6OD(oQ zot(4^o+whsff{{#_1;t#D7K(Te-wB-USKB*z%G22ODb{-jFs`6jmRP1i8i~${zkcs z^~!MKFOfUNI5OWvPvWq0@k0V7{MTQ^1a&RpsF{+-x{O^*V%|Mt7o0|H+!b&4i;{$b zUgPC>L7v6Vf@$%BeOM==CMYCCVXJQtx)NgYnkR1x(p|=*UtzL<%s6-o`{^<6i&y-b zq!t*fg%ILw|2kUGZQK+u_(QYc|HKO}K@#fAHGX_$tZ|wT7yIclj!F=Pw#)C8c3sB4 z#b(bJjAdsgN2@9yE(M&%%2qc+yY}^ ziij%b1Uw>7#Sb@^aRqeLK5;aI(@C_`a5i(XI%p^-{EcC#ma<(wSntpe8w_vsdT5z$ zJ=1IS!;}@L&>TJ7fgG8C$-_#Kb;i5hhz{!WjeFk|5Wv#Qe#JU#i+&u1IL}!BGo|LU zu{cYs_&GAj`YgbZQ0#a|7-;N)lRM8)z zrHXSo_{0HeN&zXBjv*8*)tYFWyiBP?SpNcJx%u+{xO@BfsH$skJVOSU;J^$pz=%;3 z9lb%L=19;)g9Z%{6?HI>phZQC_BcgFoggY8aYE~HjB;DG)mp37d#|;$+SVdkUor_K z2n9ssy?`%OcN|1Sc~|E5{jPn^%p`<+`}p`g&*$^|19E1+tiATyYpuQZ+H3C(daXTG zr(>7rg_HGXt9mJyni9GyKz9`7nnZ8G-#YbmPvMw4^|#*gVYSw&m+VitIO^21=^s#= zkLe#As|Uy!(1}!mbSkL3XP}iO>JI*CwY0+`#dE&iQ&L%8K^59A#@Js$fGJr8>-ws_6DFQ&bBy(%`7fb1KAf-(%wm z(mDjbMX-hY4W0|8p+Z19!kVg4cJTzGoft+Mpakg+tE={=+h2zqsmHoCHR|$AB{~b$ zz2EE>Cj{Nsh_Hacb=tSPiG1=db2-xB%v_5Z_?(qulz#*i)xETtZpmtY#NzW`nt2q`8=8V{(DX zm`e>fR{;O>_gW$rn6xx)jFbPw`lO3KDzf#_vt0jE9}R%X9D)+UUL)q(ETweY9a&1L zv%KV6>#gPE)vWu=+7?yWz|BgvZyZ^AE~sL3w%9np?qCb!x#Jhu7|> zMNGY>7U`^icd};A1Z~N&el^=kn==)^-I8`wIxS44>Bm1>D6~(Z`!4wj8{kZKSDkwE zHbE9Y?lvcY?il#fGvtr_7`m)oUG#!xna#;l&5P5yH^5puEB$K}%c|p@l2B`Ps^K^x z7vhgn)@}Os3N5V1F4UW!}dEef=ImK z3?{M{XFGkQsZgQ&_@jAFA5W+FcvbCep{lVNBk@RU$JLNx^Qtrsej?uyVB)n%?6@9Z z4!_VpAdRwN^;A9K;IV5oT+A5~GvVFvVp#1M)*yy&#XgQGwAakjxr(z~e*?fAOcBqf zTg#2y1X6wdyb$$oXewo-lE<3APZy|?0&B7g)Ty-s7dtUePL~n0Hh_@W(8u~Uw%v=> zM*%lh(;Ryvii0hIcZnyUx5SV7Ofy7lFn`w)JT`_s~`o1JW-e(*_|)N9o?Fftf{>esD1M5DnA zqd{ma)4MuHGzn20ERjG(a8ZR-6qjSCTXmJ6Uu{7he6k})%9V&F7#+5QDaKT(=I>cch-v{pTjeH{$?HH@o~^*0ne zmBeZ-z=0C-H?!bNPpC z{AB2t{G0$!;(`zjC*Q&g81P@^TX=C_#AGKvVEBFj$6ER&K19Gavodr^k}>8Q zoud;U`qQlr5vb2+pblltcWju)NG_MJcAGq5Qjux%*z7is%Wji#)TNm=3$xoi9#F@H zX4)W6$ZqgN$(mwkh0t1ArnQr@TRS;}18 zJSo%QY1s{)p50&x8l0MG(8zA^3;|hegFG|4wc(P*LjV}@>QVq1MR&LU53f)2osTh7i~3k!F;oplbgmg%f9=jOeGKFL-U zYE=O0WI~mCJW1e}{HR^^JXUQ%?yN+c7YZA|$DS`GCg47fxu79VtTZH!9{u;ba8C<= zClb9OV3Z_;n$H^khzLdQBO*@5N}P@Xy72+NW${K~UE>`b6hVjzep1G;L#;oIL&LSK z1PCTR>Z!AMEDGSD4bb;dSTAyeg zg5yGH$!bls4z%(^xaFjo=jz-|0aruInGgK(t3*q0^s9aNlcBk+yBwXP+Hmc3wYt_| zaOp?&;vhhO9DA8!@H9$j^=CFg67ToUYeD2^OF_nc*4{)r$v6R5ChbED`L5L*TgonP zPAY-4Qh^|F;JLk9Kb`hQ2+^QoT*^*jRg7>1|F0tL8=-9Qv|u4VkC3vy6-9?pp_r5 zfASck2Ny^+=i$bvmi{0C)JY;S5LEW!Savgr>2GMe3rZP_NfaeXp?W|)ZXR13jHLkJ zc6|m=Ev{WSO@lFnu7SdwU?^lwf`pF?6+7Z>QmP?a7)I!lJYzq(QqEZ>nup+Q4l1A< z)1gd7N30hy0{K99uwWR_{pcuVe<#j4EZrdlmn4Y}Z)pngT@)Enh*4 zLP@!nLm{kzlB@zgWkiCyvWS`DgL6yK__)Ap5PS8YBJ4)sr#OJOn!3*pdt3A;~oTI9`}j zkPrkT@jxR78OP>`A5uM-UJtmoS{s}4%NknCp$rqPye3*nH* zibS*;7np%m#0lZi)?RXR9_}~;X6+yrNnT*A#@$ssbnDlGz$j4%M zH)LU=>HrCgWEwATXt@JglCrVJ%E!rO01Xi_@)r=BBslGb zO0j8E3{)zC(gb4}^c-0zsL=@;yNz#MJP+&VM3p^=P!5TffyiOZn-^+I5p~ycC?33^ ztJ%B^Ou#nTTbO(x*Hj|`V+=zC^>a!?+b2+pU{0#Vuh?Z{7f~Vy@VL4k=;ME&Q>4); zvNoXi`GxzeO?d|jcfsbQEW!lJ!-a7$^E9D&`nJkgnhWv)h*wk7D`$}>7+VT=`$gKMS6bsTX8W&FU_`U<@4ajk1;`{~^e{F?ag&frSLGeK;^34oUm zbfDhztyLV>!oAkAyj_JYc?YtoXMKUZQdA3xG#7!mTH`@YY%ml$2n>ayUYnxD8p}x; zEGsmY(*#RsWhxCXr)%Htz`2y}gOCE7nguYaF)bw8^8nb7DYm0fS-bK+D?EU6zS|rn zN5&*~p%Z1m%@i8aOYCr@&`|5Q4Tbx_kHsO^3h=#{L)2?iGw79S^d`%I(*gnl-lqI> z8d{J0Y}gEn&=#ttO%96FA)ooKwIrq1A`>hHngvTMhQWrD)E1$({;)luO;Ng1 zu%z6$^+>w~%aF0nDh(CxHMU^{J+5W012TnGX)=xjo}8~xs|=_>CQ2X^I6W%zV>Gl> zyjQcG^0VGp?Fb3wH6(LA1D+fKvEBhCSLbyUeu+gIrqw*$RVV_EB_S$Q81H}&CuH*> zt(GF{H;@q2#$jjl!tGiOiN;^_s(?6R9S51Vaje!j786Ib9ik}>)d@Mj>-qoM06c}E zvv4Ijid@SROY)!;@*y=}f{dH2t$E7|Kf{RccQB>Qpv9>uUTSO*iKz(D-ohmb+Vq8; zV(cqiO4MM|VF+E@T2Fv<5@*KiHDfJO%-Q0w14`{Q!*`ns|AOcQZ<)~@Dyp`DYABg8oNM9 ziq02~P}@U34H#Anh9R)Cn=*|*f+5%IUJ-5VnJF~vacy*w_%qL5F!_F!& zmKbaG;(=nb^1_izfI5zsqpp^lC4er`ZI~bFtPumh62=LT1}P5Mas$oPMQ|nq&q;zO zElID&Q>(}_vZfM3dIV3mjpqc7XE=lBG>zwU!Bcd4{+SJ}zlMf%@We@KiVyLmtd_}` zmyxDgp_j@L{2&BjnXS-4E{CRKD{$R58G41xSs8cc<}Bu13WmX5qwIz~ zr5SaKr9_ZQLy#lluLY@E<2l{I6RT5A)d?c-FtNQNMBAY{Is0S@(Ig-%pK%%a>CBV3;sBZ& zs6x2_RT@Ul3P!k+4oo0vOAr<;8q-OdkQ0EZEkFf&sH<%OnyLk8Ekwvm5xO3llOnXv z0@I`?Oe&cYk)m;0ipFK6NJ|g|p_BDSiK7!JEOYu4^wU|&2)bq9%$MQXmUF$)Vax5^G&ne-56uSzMaIvtnpN z`vcIS;)KH-mzE?-I%mLQv5M)IDACeXV$p&qgEVcjrzKl0kypuvz?3s?flzfSltiw!$y09q5S{)|{A}wA(B6pciEZ9fl*<7(o&f$W_@A zg*j;$6lWI%Z~ zj9Hp7H}f?ur`eKJAd*BGs)6F{G7XhkUqO7}*wDyT!H(Mx^e_q89NBdOqH75H1)^Tu zl^;tqKhlu%*gUEAdZiY2SObnB$EBi}cJ^vo`!4?rYBOuyL*r;VC{iNx4)g=(odQuu zVVi`UcRG`h^D49o@T=;~h4dKE&QvnYv@|o*xxMTUW)QT^;fl@^&*e~?S>i$jt3U-k z@gRpwpRi0kB}bZgP=bq}QlObHXwnDYNn>(+0G0@d%8$QVoJOeZi0apCMl}d0<;Z2F2saD(%L4f zsRsf!n8V9K&C6xNDrvU^7RWyG@|WnexAU?DDgo#@-WcI$`Wxt+F0f5hsQ7GiS`K7# zt}8XR!ZRmZGBDPf0%Z*?Sm_=ovx)4cyyGJEia-QeyTHt{4uMLZ!liLqgmmhFmaqyz zCC#r~eqhCcE*4~X7TFbOZjubYA9BrEI=!Ld7Ec1GE{jBLOMnk#&j~A9xSF|C^cr6j zau7VOt;QFwL)hh6hhg%|@D%8V3oI^CiqPn1(7V|9mE}(M>YI}h_AiY6bYLZxfD4)e zr#G}{Is!FB>v@m(4-hsA^J-tiNT`JV47^-Of$ZP)2{$+1>oEt$cY>W z^kEdPvE=xYyO2I(uj_!Z(X~uC8H?7hz{$XH8Ml}6tS>~Q;IN}JogRPs2H_gw=9J%} z!YYRP+7C~_YV5~j$pScCEymfn|Q4_<~Wf*wt!$nScbY#BzYHgN)0#+0**U` zyvm(Nud%U^SN*|@gzYBR8BZixUjpY+IAH7ZP{yoKy*4!IAHVKrf z#+Y)AME{Izy7{HwWOHiEmDp8-HN*XCS~Er3o-7g%bG7v)csy9RA0y6v9>3Mbt=(mq z!lpv(ze4M@K`Mb*QB~|nYANtW#Lxt4*THz zp9S>V;jw~E2XsxqnJOI12{UaAaYsvEP3A3JhMmFukn13JiiHdH94($T!S^fR3MeHa zPB0KbFpOoj9?NPd;|;QoJKU)TY|0#i7AFYs;v$ueUVcqs^q*k(9|2CYG1 z%7WAl1PU2T;NkF4;RUtd47)cn1+Al%m~mqL1EyVTp{KBcF4!~nuH;Ov&RRY z8T6-C6$RX)%tPfMXt0-fanr<&QGtP1NQVxx^4bem<#ERWrf_f6g^ABSNuRMnSd-pz z+fz=xryYy#rqZIcuglmC-!dm@$E{1|0x_#l(_^hRItmlG_-_@11fa9f5Vn$rP(Q47 z?WIA8?K70behhDwoFY4EP2O`F5_C`jE~wGlS_$F)auQ@Mk+;#>0yV)6Tc`+5NKM{e4GD3qK?AOI?LtWp zh*$~&Qe+${;qEZVFbTabz_pmu;JQdVeL<3H*CE$R4zXSnV6OKzd51P6#1jUAUwjNA=k-nudMt#Ax0uGBdGn4Q|ZXeo$Y063P>X)okp0wxKZ#XG$xT~!!vH`o$g zoB|ipQewGOuSiiCw4QEMAp{5oTIdc}@G>LF0)V*IFP5zpy2h~;>!OA1k*Sle2^5)( zK_Rcpq90qR+|5Pz$~Z6d#!yT~8OJ|DUD$%@6U9J}YM2X{#4tB}X3x8f)_?$sy;x>p zpj|LbFm(etQFS2(gKKL(sdNV&Kz5r{VsD6Mk4ji@3aK z^8g^sQ)HR2|D`=xSayr3#r5bwYq_zekSi9`#9Pivh@HJD?39n@w#0t4K3pR zk_luz36=)|m?ZnTFxOYeo-W6lt1=MK4QwQK!T^f^A5OO(O#jd)Q*D!tTLWM{qQoWq zWS|74m$#yDN#3`(0eL4%6P>S&R!IIdS27N>Y#nixg%#TH607UAiwlz23ckuRgsoC; z2gx=t<~W2}2()z)8#7rO)01JZrJXb2C!*mdE%67)d1WmrOG+S*5o4$T0^p1%B|

  • TPnL+f#g3nA=(*_1q4I%;p)5I^1jveow}arx9GERl+nx)x8{=i{FsIorrB^s44KI zj|$OhjG`NkeFz;rhk-_x8^0K>8f&RUoXp=@esXA*bsVsJP!O>$bK^_GSC{h{O}q{u()@+&jFf5eoD5;0V)(n;9|pY=#Kcu3Df^9+UIQ?p{qim=6Dxxe8_FOt4Hk9+<5-$!}A-PMx~H~ zkKy@EQ-FuH!M6~1?-M_%-au?9CVdyH?56$mB3B6s*G-lCkq z13ET9-@^BN3-QtkNn)+SGkIBb+2>pMGl9#PS*MMTUf4Tn^1kX@ux~J=&ST)7=k)`O zRlWtgJP5pL1(A@7X|w~QT#O3>hD#4y@W_r0&bRPu-$J~$Ax-MOWeW^hEAZWt`e6gM<~H2}&UDTlB&f&s7z`BYNH!>hemFE33fr!&5VYctermrkas zxj(Cu%bZRs>7;v+Z^8b-ad_~hkJ7_-^l>>EA%wPZ&;~Ofyn)b3#lxXmNZ8@UP4BM) z>)|GIkhVDVn5*EY4od#KP{G#A+T-AyYQ~(2}?%@>z z4)n;NWvv8{8S4`}`Zataa32%6EezIjn)TpXaN(YOID!C2I*Qq6c&Xjj!+UmE@7HB| zir}_3iy;z#MhAq)*hn!MesO_?A=vF(xIaV3xc9Gu54yf0@mary4+X~ubQ^5&{e>&@UmdyG7=lNm{gs6!C% zlCo}z_uaX#qFdr|u)E6Dcj7+8SN!jDUzN>$*4F=CIF7`B>qIy(Plym-UfnGTzdQfI z0oIKGe=qzO{yz9`!uQF4le#6|cjv#!-4gG6 zL4AKqBT5X6RiM)ngRf9{V6xGKs-8(U?#S*QB@JEs3Nxi|;R@S8v<)YJ-qy6S=*jys zyMyI0qI?Us^8Fu#==z>pjwbihYFmon-3>6V-7?GHGz**Y9T^)D8!HNLBl;G;3scdz zaItMC+P0xT57(sH1{@C7ImD%%SR!`ffx&zWq;)_XJI>!4%kfT;2f^mt_=bBN-il4w zwZMap@HX;2$7=Cy%5ErX0|`HP&M_fPM2f4Dbtq%3lrI(hd`?{k0nDCBtU zI`S8F`rbdi-~D0V;U>EMUd_L5pI@{}%@O^#3OY z`ZTQ-zq^5Me(whQ)bDwUn(}{kikkd=Oi`0;4#y&$2ILXu&m$Q~Tz_R5=o7jn;CDBW z!rcDZ9p#X!eNfdA_Tx|?kLf6+i6_WxV^JnN1bEJYYf#oL#> z%7<-@Sf}e`Z2LXm!d5jMeJ*}};yw|g#{M%>%7Z^oLnd;%axIT+FyOmdj zqCy3nuhDnqwaZ&)SJeROWoHm7?#`Kc ziM7wQp@#SScvP8_YJEHNZ1u#02U1ONhT(Qlyzqqr0V_FCJttS2265}o5Zt)N`!0(G z6z}j3AftnGEy$A-bhy-hNnV$ z8Jm+mjm>d4E*v@$O=E0pa9e!h z9LcdZ0$yME&y#};UJvK9HiB5Vxv@x7picSF6SRSvZuRq%ga#AU1Nx&zxiW;}+hy7B zO$ChO8h2rz0fD-_Cg@&%BUpqt0p5Xc_0}Ku3#D$v4|ztYSWP}rnz0hG1f*vv z{!i@B)puM{62_}b!orPw`OVkZpB2F=3#|hw@OQ1+0*E3IzQ$dk^hEXat=xfhhw)~? zGjd0xT=d6__98BGHz3w3E0g{v(reT-yACe(yE&8hTjVui9HpJznRH%`4HJj&#}ycsZ(8 z-Q~0mzKsr`^wy}|5Eb+rfh+EizF(8n3achfty&e8i~RU9vfKxJb*rV4>##p8_gCR< zR&eL%(Haa|Fef?=fAVvpqt(5CA}2>Hz{SsnzSNR=vSze=UTs(uR?`xWG`g*=$-Eks z)B{+j-bH0lK7DmEH@ThrD;avqb4qwt{1)7meG8&(Y>lx5zi{oy5j92uuFZwIso>3( z0el11O0ZcTKGi!fX~Fx(=8By_1(GKtKAilvO($?58hLM{T8RYyIEOW$tkfHJ!ek^w z+_;_^Qm&pKA;gWi(J(FpE#8OS9%jN%7hU-t|#lHQ+$9Q6U1j+pQ=eo?6?s?o>$Z*QfsXIX5Xx;sw8 zM>`mv!)ENkSCC)$8;}%UbxI#)GVBy`iX?|+rAT4BDDdJ2k3V^A*8)(&8XAk>e$f|& zcWTtH^{Z|ZRX~5#s-yG=a1W|f0sBt<6i|2QbkrBst!FBy8A6p;eErGaI%yqz+}Qbn z);q50{F{h&@J-;XGVHIUUzwF&qxNb%oG!3pDGE6I@2C~PRfL~MCusS)RGs`s5v(fQ z9D51y#$%nhsW5sX2QPnOojO|#0>0z}cI%^o+jkk(s=HAaoyL8OIzz4or1G81VM)t# zr}h^9A>H0))au$^`*53w*xnQRt-W-6eVq3Cch?@{OVD4a4=8m?4P*pY==&PO_^wHf znD(E?;yuGt2_Irt4~u8SbSAy*B;lfKppB9Mug6MNDc=C!MvZ7Z6OIWHcuWC3qt_bP+Td?p<7jefgZE zcM+v7*>h1({AqGm#!Kg!fY9|h2k39!Pv~(jKd()VU@`T$DPcDhc4}QDN11$|lN_x_ z(p)Cpnohb2Ne?nj>}7p0TNBk4INos~`+jii^DbfQi|7)kTIx9dmhE*38$ zMtsWlU+Za;TY4&YE7A5IfPFkeBR zO-Y*(P;onv!Bdi0t7hsXK6;G%G))>2l7mM@J|C-XUA_;xCt9aQLVa1i-r_a&kj9(T zY5YBg??qecnbs8QY(kD6*x~D zAWI7N?mGSXRskBTvr%19t*xDAl$LlShaMN0JEsg_r~h^|0eA?YKm#zT;O+im=zv^+m(>4SAR!#t%f_mZ*yd>`aB#)OY16LaXg>WJqmoeU8u6%b}ep9LbGL zt5ui(!+vqh_Yhw0!n*^wpZ-4u9nt{CNMmR_3dd&R*_7k(LfPfoW{u0mxXFOrm1?9q z9z|U!S)ri?bNx=Ynkc;joh?KO`yS#8RCq2ClM&^DyHZImI6ODbkF~m>alEWksOyxs z`kLG*U&FN1G<7iX;@-%didtVIFH)|!sJ`9&twWHASM3=sWTwD;i>g+;`5#VhYKB*} zcjyu9%>rkjfZZ_!jKynlpDOUT#)?%jpi8Dl9VEQ5Vgl?2Of11Bs=c7JJu`oRv@A0D z8c)T<5g+4);o(C-`*@wq3aG^Ti@6a3^RHtUTa)We5qUCbh zD`g^XuM{fBN4pUKW?k;L#(L3M{1&d7jx}i(3!JcePi1wPMm(mkTA4--KcfPXL#DjiV(Dq6}zDcQ=iqL9_u6c-d`pZ2v1a_kE0}eZK@R_87G)_sax!F zw4h*TPgKV`<%EE|q#6VSy}kxprApKvh2wdHGe;aGAyfF~eF{G7_z(%kX3V($9AD!v znfrNk^h9-VFli5PbINcJuOBZoO;n%iwDR`ZA&ky``Gw((ekh9)KN=eQLtCTPuT1vC zEbUh@TmuX^xEgp588A93K8DervR&(VTUlQ!^Zga3qq}06%tX$Gk1UMD=F57hQ-txvhe$xgN>=Tcy;?AXCTfoHmA$OlD zZuQ4wG+SN>{)i6cgUsp@2#m<;ob&MLP4aXMb8?t@q0=lL%^7x~9?;QFT8$d4lZ@tu z#q7Ee$-LCbN1fdo)zlqs^_qTB(BvK2$+t)^YvsImeflMW^;f8iA-I}h@8o;Y^~WZE zkkJYAV@p7gf73#i_L~y}uJJtSy1Z!B$R`P{wr;6+p*IfFfq)=mZu}n3Q%7gdQ^g-@681vI#bCjq znK=snD?4)xs})n&uGa5>!YzoGpu+YK=;}GZJlel?+B5OQL#hh9Pv@bm}z*US3X8vSdL{qLBhd43dd4{J^1_XU5f#Jn$UZ*Y> zRp+I_@COcgd()G;>_*J}x7($k(WT+f&6I9p=_RxgM?-t#@MtS+0HPW9&wIE2Ixu2@ zg7cf_L~yLcA{smM-oAHI2bFG@PIU0W5WLs1OLQ8Mp~W4a?umO45buwhZX*SMM5cl0 zZ<=s-xLS=;><)RE3Fy*zHA{Gi=9<`lTbT!9Bi}QzHas5YGD&3rQ9IB_IN;dk%PiR_ z-Pd0G>yIXn5z76)L>`O`x4NvK@SU|J`;jKs=jOeDBlg5Zb?&)ZkhrnX$cKbk5$L#8 zf4g!b)(lrF|4;18ZF)qSjCkakVH$@lkA9h)kIidii+-WFO`m3( zS(kP(s4*YOeB#ByyjAx5#E#5hB|bOjfurUo_RifuGP(|sO`cT(4exf68Ng#_q<7=eh16A@qesMyt|vff6>%Nb&4GFxGKf3clfI! zgs(Py#fvcIPOXLb5jx&`{**HB)yvtRpa5RCU)Gmy(dca0`dEAFEh`jg(acGoP4P##=xY_|;#Zycs)eZf>LHKP@T<=8wIv_JjVE4zINY{g`(1|9vP8_Kf7# zsvpUx=hfPY6DL~x_IBVDpE}<44mf;R`x}tWoMGRlrHIhUuT21KeK0XR9y=IyQlFFZ zE#ODj253ty)~5;z#RW*W=4UVZ-FzW%*p=jTK(!x6W{`#mC+QX{M$ z))lk^sVeSEe9&V&7I0y;t40tNr%>cf4S$q57o>~$)TOELWMv!72-j2C_g%Wwy3C7S<6%3}aJ*Wf0ceW+Fb*ru_YkLRy>v)= zxxOi1;%mY(G$($!JMR4*{AbDWsWnuTmw_#Q2l!{idnMOL#%rWTMeYU7=8e)cyQ4GB zk~c)IPmZ6*$D;G2X8?9`NM>nauZL2xZ(VqL7OVNH=l22n=i$_Pw3ht1GsTAMvCJlR zflf-VT4;}%d=$nZ*S6sf!+2~*4E&;<=?i~kc8x#i8kY7)UJQ2igG0SAh)JnmlPdjQ zgHkzv*s}7L*{5|zalR&QHj1-#lFIzJOsxGC{ChAUaS8D@Qv~L_*I(MfFq0d-YS|M~dY$y_V{rC6KGI@@-0k!2*7ppkg% z{VWV?ylh@-&TuUIgYil3Chr?~9x7!W*t^MS&Ssy=obu9G)E{eh#S-7(a*!qUU%*;D z-C8p2Tf|F5k8cXZn%uEiGp3O%RO~X12~7F83(qzudF~)!xoiyd`QB{)8fo*_h`6sj zG3ShU9c;DxnyyThw?+$^^6zU3+=rg-#nlt+>J>HW1iOLW0B-dbu&sb6d%xrX%v;)C zOhspkqP#tRxgSz^aqM1CPW>^leLZIR#z)*?`uKVX+58|9xP;HXj)AYBN9s<0#GN`@ z=8&K5;jl8I=hRcjx)b|)Ae5&NcF3{7(|FsN|I70qh~~u-F1*?PHKKf0I$7pajDw3u6I6Q48dqFmLN3@IwmkVavl}e6Y)_{@u>XW)S`U zw^!6fvC#ZvPAdjRC>m@U@5XE$#(Uf5IL#UyIlio{N00L-^$qYZ7`3nX-Hk&4~#+*|`Ic!e$v)3C~ zXOy?j4nRG}y^o{WFUHGkgc+~PeDv(;BGuW-e!fnkVoLj0ZTjWLa~zUoY2PYnqfGxM zU`hM#%s%D)=k#JP-Sc(-U?2$rPK24{MS){bU>7BC& zVE=fxSffx8ovZ->q<$6%S*Kld#vfMZ&{eSU6Ed^R^gyhH-lx+l`p zoDXu;r3N+6Jk}5MSLUbJL~URR!bg*vuI(A=VLpaZHEQ0)!s>Q@^uz~p(91NOe4#deK% zWu?UW^<{JK$vva~ObfU0!OZr(d7&$;e)PpIE-mmPSWigtZ#W+gz4Iure(cjjSO8eO zsm*Ooe$NwYabXb<%t-Y7Jyl=3UGe;{qj}QuR5WL;A5XmQWamAxeW~a%zE{SDj)QLp znq%f*09LrCSvDpDo z-?wRut9%_Cm-o#8+ByW{95^4;-m?8E^JWJW81s{1!ae9T>BMa;^7TnMJ9BbI=2T)T zpNFp;^Dd_f-cnartdKf!oG%<3XzvZUvMl3ExJ_fdHDNWXodrDB*pNmZ+p1%WV)uq} ztV6zee?~F3^)mjNjSk#MkI2kOG1hO=tN5Ko@nhNT)EcWKwZ^2Zz;%$%J%dM9OX~#j zC0ecp0X`Tb1nBsHs9u!@IZZ$YG)NNaRlD42Y#O0-ws?+`a@$8p(;e~*d=6MRLQW|N ztBqrY57ogZzkn~~wE4*WybsCA}1@6IGGleMK z$gyGd=Qr%l={W^$jiDiED#!dU0K%J^W7rftZP8x1dk*Q=p^p3Tr%s)hkY+*i*!i7R z0Jh9V=|M~uVu6FYL#_R>L|O@q)k#+U_n^H`^^WLzmAbs^CLyTaPN%>NUGH=pW8cljSX0=!$y_MGM9D zx$4gntpcO_W>V^s8pK~oURZ59#YL}TtUVYu{{nhP^6J#Wdu1$=l``?3WBxOZ*-Y~R zU;&<7GhAqZmr*yQGw*aV7wSxVWtF8PCH}f$dlhJfJ9{SKPy1+*XLSb|ZFWu%-@L&P zou<)23sz*)XfI?iK9WqI^l^O_AC0l}%{zceD}Hr|K};9n)7Ufj+|zxHw-PL>%`MCE zH9kjbjV{Jo*7ws|WV~u1!S`&!7pumv2qVN1(dQ^#0xd!M+bWZNx%+{t5;0;bCi@;uK%+m}T(I{Eq8{@lZ8UFK)R@|27UQcQ|_K7Ag zlk#;FF)CA#SgS6yQ{et7)1P`6y6{`7p0SN?HMK=6x6z^0dMLKhMX}kTocg2C+urS? zMKs_moVOp=lnioXDdr3r%V=MM2*ayGJ8>}fsd8W^L!bWkRpG&oz9?xlcl5%arilUQ zj4Dh-1(*lG?Hpms_O)qx$F>*59}LY!7chV1<8zk&3|jD2p`u@QtuRNeONHIB#RVMq z9AE`FwYGgQTC0Z9q8f~5wn&_#{WG}r(zwwt89kxnR@6`1Kbk+sAP_7z+nwWkxB_3! zbdSG5B8|Udbm6ZsKkoEF3$FSz_l$;~n1u<;Js$sg`CkG53yu$~52t5S4|$I+)ROjnmV{O97!1epV9w;`U7u{!&L&;;#pP zu|l^!+emOD!H+gVq;{wJNECXRM>)iZ{8W*CO_;2>1L&z^-qxcIG5YqLs^x6J{PL_q`KL`zF`b68=@C zYRHWipBgH`vf_7`H8EY}Tlo)Q@~DD(K&`59s)iOU%U~WU#?V%w9PUe7YI#Gj&wUTx z1XOF)o#0@Uo2YKlA8~ADqhFQC#Bf%PPrZZO4g){u!}sp8HE}&p_~*wF{^ifX-s))H zR9Iz=4w&T*seoumeP$DDFLE zK(*?ZPsoN8Ca2r#)bFvo1ngi3`sV!x1hkTMYW*>iW-X~xuiKvp5aSrb?Z>e<8NFny zzKd=AaC;U4&x$(wKyhS{jE#1?Raj^r?BQ#&kb#d`XPP%c zcJ*52$B{eHmuyV)K{9fq+#45Fn*IKLdU~@x|@~N{eooV&3BPG_0l+2-_kv$js>V<}@c0 zd!6dG6PV3W^hoxUOg89`wRl(;fN4Fs<2iI%{GXjboSp_DE!01i-TVi~JIxFH`lquq z7wb&=wY0+j2=P~1SqH$o1$b25*7?51HOR{7))&N-u-Ni68Fn zAccJobBl>(cHwWlz8DK~9DBg|hW^4TL8_slw25 zZ-;{JNlkaBrqgQkt05Sj7*9$>`-Igk=gK5RPc!Uo`fIs4tnQdc{)pa+Jq~y|pMxF5tOx1lq!BsG8Lt@_uRj(E$KbHm`Pftvug9ol-$+%mN8~d7vnaxH zKXJ-MY9+Z&HRcO-YSjV?<8nEr>AowEwWT=vVUJq69&l%V`9oU`=p1{6o+jcwH z5!+~cu-RIS5;@Vn*3O2-tSVg7)EFwoH)f_X{6SCE^v5{w%2dHEDILIpirMyywp*l` zztNhEf}vRcFH>M{|CFv#2QFV2Y0n+r(h=P082?zWEmS$tD67yUKf zHa1&HS{@{*vk^VGyK8Xl+BE4643g3Qp&+Xz0!#DKFPFYHtB@F=< z^s1G*plwLm9BZ9{^?LF|Q>Br)J#sgMpy4DfEZl9^ybTxub;=_`3P!3`ptCrbIByW+ zh0nl$SfJCWG2S)a?l>18n9qe*q65RKMcT%3bO~gAq}g^yW|XDq7x5qJo}HzRx6y?? zuYJCiqE8yO`$6is7L<5nh(Z4A(k5|D;qi6q2HgT!%u}N(1T*fQxBd?>AsnOxOMy)#O zC=nAhb^?%V?E>hPOqKc-#va6nNCGBS7S85Cy}waF0t43Z=6?ZAoIokfVx4F%_GHry zaJ3yIvboDMXbp7G+KPDm7#Gs@%WIV(C8W`ef1dMW7;L~dp@IzGxevTzz9Q6_axKSQ z$FVj>Fh~+dRIGjSb0(`PKV}$|ukj1A*OD46Id|M9ksUbpvBTF$|6#3)n_Pv8zRpKN zyt;y6c}dzX)>C1w@L%60Wlmi#|?g#cU`P96G-bsGMn*VRq6y+bePxxcj{V;qK%Z^WrW! zujw2{kzRXq2K_QuJzPAOLTLasu>g;%Rp;pfwC9kj*}U`q4)s$$*n`L)XTB}$5y8?w zty#E7W9t=|Nz|C+j=z2=+<{8{b!J$dpqow`dySx;-mi^q526*C(6@_NV+F2T;9!r# z$l0ltS7-R+p`qw@xE4)ah0)N%+1Lwd&?=SfoLCui$&>A6<1tm1sNC0B3~!gfX#(Oh z#O6aE6$=AQ$L7N$LJHRC+4(TOUPDX)ec5Rc{E)Kw#sfH2V2|ayQ7ag>K#SgTwvm_ zH&yzQ4by=bUoqYZ<~EK zpb~lL#)U{h8NqT3v8yqnK^z>u^N1`Ghn^67u$RvoUI7qBC5TqzZTsWK`5pIQic7ct_rFtrHf-mvCpdHh z8sSwPvh>4@T!7>{^}CnFbdQ`G9HaW+a!<-y!CXw|y+WvOrwJ=6gyL(%!csXGHk3s?|$UUNy<6e>K0CRZgag;wpNYSCE)<60zU|W#}^P^O;51-Np@Gse%RLk$RT{4 z%F}hF)7ljwoo_@5Ah^>hh-0X49p%W!Ao88o;8wM}y;9Z&t)dt7aE^-H41Rhl=Oa9D`5H0{l5h7 z{I2jY8)^J_L5KtI$AEXzk>GLM;O{DT)#oAvrd8IDF^tDhGwgtXq^tTrIF#_Unvd+#23B7m6gqs}KC-NVm*HQzJJ3-gW;S zyq=xm^|bMOCJWvxY5Z=8+z5F6yMsqtSaw0;m5g_%To+h~VEBMG9p(_sqCrd}{9p68 zN<$5*7kfKgV#^EiG(T=nml|bqe*w+^Ea31-Mr0t*`_d(Y>e@6s;vsSFwoHc+T#M=A zn{?q(a_17jo|^_M_|aa$`Af48RDoulpz=6ieT^>?LB_&YVMSeubzucBe!3s26V><< z8Qk)H(R(JUD*Xd9aUg8Ypm`7&uO7Zu{Kq`na+f59)hwN42Gi}`WfB}PduE_?c%s^H zh5!z$RSD9|4dR+VMSTFzA8*daS2)sBoe*O2V0$l7I=6VOYy8%n0OAe$r9qE!K#$R& z8E=p|TsIfZB7W=Sbn&3-*UK58>ck*mP%~)i*k6q3{h4kYw!-h7x^-%cZWkoDRtGv# z-+Hk&Du|q6K1G=*Qjh04xD5twz{hQsT+Nd65$RIVy4+FuB{WNsKKS#;;bv ze(B0Do%zX*2eM6v!}-O|_iEGPi23%@OGnHP{15em|3kih7pfb6w(%?YAL@s?&5z6$ z+KKRmHKDVbxN$!C2_xcxR~pN^O1916acoG0P6b7FIFecQ~~9IQWXkIgB_iB5~n3FSm@G;@B3Rqj5na!(aG zphQlOjr>LyxIapb$k~XjW@tu;$TM#I0Muj564olfe`?StRI#3Cbrv=v5nuPIBmvL} zi3Nk}inlK5u1BToslFNM2LJ0r2*Smql3PF3MZhAMWH|jXgFp7iwgZi?bQ1 zGDq>2jAw~%dWp?Wr1cf~8{Q#}ueQI09}q8Ys0N{!Cu>0GtAk(gz-F{(#|hZb=oAbr z^PRqJ0MFD~6>`W7J*2PR3A@R+e~0*2y$D$Bh<3ST5q%+$2Kms=jSkVTw)=UBWVx;P z!!|))=n%S!*SN^!j*%wmO_8bKrUhOhX`RDN~4t)$m;Rqd~-yS$*I&`IG6uU#*vT!;SMTa(vuPu=7&^_X&aXQ2sJJ_M2 z=C@fLV!dZ|z4R1quP4>1JDl;vq;&Xr+C;AZr*K_+Px2rjBhFexU<*FcUVBgeVtN*@ z2tUa3noDfWy`L+>u~i}6I-Gx+#-rib0r#D~)SyLoQT(F4am=05K;$?nU#Aj>q_`xe*T=xeofW3P7wr$P%O3KIk32;ONMbAbDy%H?0*9S)PPT!vfBO)}q8!E$> zTHQ{ktqxPgYPlZ>fjFW^((wQSFEwZ^Cf55WjlQdKYn@f7_Log(x(fD@pqPY59bq#L0ur2{->T;Do#=xzeUW?>XB1k zA7MH4fjD%#=BxkQDgIaB=al!T0iQE1Te%TG@`IF7Kl|wO?(-P~;W1zO19W}PAEE2- z+QNcVsa22*@;dY1N4|RVV`h1?@JZ)q>OcOEBi8SCSbg)6uJpOPJ)1sGzNW{H_Yb27 z>#N7UNYlfH=TSYjACVqX=e`gBTY9_$Qkec1(dnDI?axk<>W}|CB0VzotRMnFOjxvdMsjo7X6*_nm#MH9Y!CPS2K2`>0`t9s1H9oB7LOJ^&fOcAM>AG z@msbe8$Tys<8$8O_^`hEM0nLr{z4cp<8^? z^e*``#%ntMQ+eIeJIt)hga@M&PBLA_%P#Lx_kDUq`beD~Te}^v@P}Q-E7H;lKjvrSXP4Lbt=xPV ze#}=hM79J!yFBFolOy6Mb*`6bpew(bFL%XnSt1)hCtu@p-r@MLzWPLXS@5ypLH>`7 zkJNcr)bL^W6nxZ$UgvbeXA$$W>1CJK_&v4hFnTdxjmh9=m-nbYe|$uGNu4vh$8UaD z{GMp;L@zsEtiesJ8GhB{CAtw1bvU>_ zq(eAs)k7<|BTwrS_q)Xu5#oIbxe+4<23^o<3j`S=>dX& z_C*0dautfzpMvyQnY(@%Tn}-)mqrJu*8C;#gQ}mtB_t6DCL?o`zc6LTLYkik2+8@j ze+>2^Y%o}4{&=}8J9&%-_GfPN2RxS4JL?pAD|Tc`)bF=b%-pei-8s=qaisc=Yjnf7 zEb;x1WJKwV`522ol#=@>>szF6x~mOr90!&->!HdYbQQ6|(cYcEFn@^xy6Al@>NA_t z2{C>>hW|jOuMaWG0EY@Pt{t%x;hxI*r{-Yw&fn<%#Kni8zXUwuLN;~kk)IHv~A~zL3GX zHH7`W+iE+<=1jG)XTK*IpgoEGCv*%Z4@H_cOKaxp%dHtnWCvDr>5SXKypa2J>9I6XI%gdVKN#;XF; z>F2>NaQ(-Thz3bFvfXrGX#YH4%ZoKwKbxE)xVk*FRqKWPs&m-+uM_tv1|f zFpLC-W96$mkK-y-uPWi$>!!W`_(rHFfK0Ymi?%AAwj}tPLJEI1I>gt`iTPmjv~;^w z>2@#1{ZJ@K?oY@v4|}P( z`td^D^Ayxkts1$QzdX)GOsAQDA-ZI?$h{^nRRz{}9h4e1W;K(0sG|j8Tmpr7spZmq zvZnx`+;k47tCaJPaQ6@yP%&VJ0Yk3*S3PcVM($Q&$*}S-%JAa|9T-xpete0eQcpl! z4#Er(4RyD$c3q9SOkYoIM`R?g>Q262J0R%Ss?~Q%wPZ<_z(X_!0ev z;IUoU7Uv*ukWM=L1)@)}GgW`IIT>BESumhNH#@yMC9GbNP*D2!hgfZ7(|q-a#vBzv z$YfuH*zHO7HueY|C0@5y6}}}}Krh*y_UJ#&rswr(dj5Hu)8cJ5J)0M1=y^6<)$(ms zcBW_n;*n-L6rBvu92g=)(eC7bzfIA5b+zs(dVwxw62mk_x8!lQvnl${XmKKGirV_N zv%KAG_s*~0`?1rzvamXPxKso^Md*WS9ZnzsYdg00QHauE;+O2--LU_9pLE4!Lun+- zY$O3j{MDd0cH}t7gUx$Tkk3m5)dgvc&f)2v;lJa2P2CsNV_cx7XsjGsj{O&L%Cm7| zQ-V_+bklPlhj0jAy)z|qvdxNVUkv9L&R0M-Xg**gny(&@IHW@q_T=?Fgo_zd+Y3B5 zgW<6MhItIEZEFGFL-Qf{*n7-3QuA@vVwmK5V0YkJ`dl1gjO2`0RkAn5?v^0NeWD8K zzT)?U8nynAwi()8wQBk60vlJuzAW&QXA!-_NC7?5f3F@3VxI2zg5J8{Df8+1gWzWK z3OKw>uIDs4ePDqpB zX`~7XHfMZWq%V%&9<5Qx&||#%PrVyUaI`8wkH+*R*mZ~!t5u6}$PFaMoy%_|#~#Ls zV9su)i<~_|5Mz(Y&ZSB6c(2YR+5cKvPvGL8?f|_aA)0~YE8S&2p)*Ou0?*9>luW_Q}54ZE( zp^hpfKrQeP3IA~-C{?QhR7=oysPbrQ@}};{e+(?h(_t%rC|a(H)jKK-go z9kf;qC2_A^ZL=*b+iNQeZaR6g4c2JpJQq~2YdOf6Mm<4y#yra($G!=en*dC|=kwVO!fX0| z1l(Q$$Npd#XknEr)aD3|F^3|hPJQWiSm1*05N+P2$wb(KXblkkL9RpEemK|8so1{n zn+uB{aK9TyM!@_ijn7p_!sm{3>kdBGrBk}ar^LpGu+#V~?~%dBCHVYK$I*7iXL}l- z|BtdO0dKN+`Yi+q5P1Ux4Opd0l%f?HTLh$PfpS_P*wUhMsRdsGay8|U0>!3E2$u&c ziU?9syhTJnP)ecYlKT|pP}J=|U^(Pg`u%41-6W-We0`o~-o0jKXJ=>c-OZVQBcGqE zDrqQwb_RW}%g=(-Qa*$`$WPlaen^v}M8j}?WdHjrQpo;yqT~i!r|O_cuyv}Jn0t4H z*4ZXvn*3|)4D(;l;D&Gq)#~F&DIGM$a#=u+I9k1h7|eYO>QJfu%F&=Mj+9Y`O!}!` z;n*b|a#<(1rhxM0lVWJU<@_3{6SW9U5h%IS;uT>#dL)_uunMnI&D+TOscmy|({2q(fyHSa6$623r5it5a-mCqobi6`WV~+lBG8t0#~s(m z9Xcb=>l9HR%8_1`ky1tXAc>bRF^SU0A!N<~-76-IT383jSZ_kZ|dvn9x0v5G|j{@gCKGh!5?b)n6SrqQY?uxDJjCQ5wfN(q{l;hB(A7 zv%f#i?3KA_f&|-HQ^hj*iR}ouSN^LOltQk8kq|J~DM>e7&_*ewK(6axDq-GV&`BCx;vUK69Pxe`Q7>Xwtif(4 z+Mrz%2@d^<1hw@o99l<)LMisMd*(=~6qBqGD=xrikrxCCHMa6LK67Obzl9**jAlRkS0 z4!Po{x&M92dS_fK7e1Rp{Y%!rkv8GIjg2AiM-P>UP2{kDMgGFWfB2X1*xLzjrS#bG zZWFUPEL`Ek*547n;BUh7*3z^VtBgy0C<%nE(}$TqBY$DbGCM zm}0=Jw?9i3ag&USYBOLTYZ0cL$KF()ke>uh`okROU5;bH6$?GtJx8X|`?Ko>0|V-L z&L>92*Jk>`uCEyFCA{<5o8IWn5C?hmY0P@)XgyEV|0as5M3vD9BJN+@U(q==>s{Hel>*!+{)1kYVp6+GWchcq0;y30tV0=U~ ztT(OZwhVG@rGHF9sPP90Y5_;K&_(s=okhoY%G39vz5;4Ci^;+EG?AmT_YJ3^71N`^>8M=p=7>Lvf)Ouy6K|my2-kSlC23PYh@&B zm@cLVlQj(!$&E6ZUI&F}6i!u{CQuJosMOJ4=F%;Tk!3A4?U-~KRl<1Bm+UFc9hG~Y zpf-%&=h@Abz@@(p9I4_%PG!+QV%J*|2bNS)#j$g2$gpgZDhBbcU9-NDV~v%ua639w zNOPr%I}tTdR~~0(-cm)XjDx0|xJwngb>h{cZ(>(VMF$~s*RjBZF_#!I_i@bHGNym5 z4OUj;TUo83xa<#5tha*X5EyEZJla%>qZSl4RqT>3oE>2Mf&MZjscpnvX2fm4aTlw& z($=Jk-r;el%Fq>!5f`M#OJ|VZOHXso@+R9OR-6StE6ec1oswgmgRUIkqMv71TbbJ5 z8COfetfh+ooeg8_mTPdoC2{LlIc@o!oI!u*XryfhV}rG~p|#1lQbF87#t5ER-+7r0 zt{jC2Y(|y~ks60aXdVmcIxOMR4dxJ)^n?hdB; zzLi*{=QT8&8*?#%?W#IfVTr}n#-&G*fP!u z<@ycoU!~hu^G;Z4gJS~|HjklSaoajP2j_|MceMGtTX6w~uWkv9yRi*!#-Km@_bc*e zo83=Hvd_9lfb35{aTfHCm~6WE3DZm<>+j_9$Km-nnpqdyC@Z{uzJWW^UB@LReo48( zD=2gcMfSUTCM>ebOAe6EkVtXM91}I}+tG^*8k4R=!(D*}<|!IV8YmY!>t9rfMl(eN zeG_?~4{FwAyrMPxBkq&XVY)Ay^B7v*+=12L2Jf*(=t;w3Nix8(Q(dW=`gM!v?X zP3yw9QL)2#o&1nl^r5%V9+$6!nCb!O3sGKDl-WA1+(McU9g|u{qmR(~GkPbC4a>&c z?%{0u#+uT_y>i+>;WOf+zh>-5zy5xD$*;s`7ySjx0_P1EasSv?=<6)^!DCU5?rqT5 z2Dxk}50$nMbB~6&`g+JCRUVoQ`k1IuyI6_WL9rE0hDrOz!p_Y&CGtIt5 z-x`K{3cewM2MpX?1u*zP{UToTCfg#Qo{dpnxSST65{nKV&Rf5udi7DXhJZU$yB9F& zu<0{o0u#c=LZomJRSU8A2)@p7qRFX z^jNr*2Ud*wJrTIaOWdT(YX3gVr+jR*c^N`uO(s(4#sFoOMt2fo)I^2v=~IIgByJx zQqi*UcxkkVP=uo;D-QAdeuLd0b3Z5_W=_6kEA!6tFUbD0hoyR`A`I(pqrNEptl2IO zD$f0H+FikC!+hNmeC=C@nOB-WPUhVgMtGvHebPULC;QrWsThv_gs>k(F&5LjlV?22 z(FW7ek;i8w!l$8Mc62wAMLT349_e^+UK}i=s*D>oQpE>}Bm-)&61i=LUc5Gs^n%*y zW{~2+g{%~C-3)Fq&o>hHQ_49&ULGOB(Dp7N(@}qfae?P_(@+cH~75(IO5dJLOZuj}`Tm&%RTK;{Q6q0u{n*Dgy zl@>lw01x@4l`IL#9L+4XBn?;xuw13hh(pp;^1Dsy1x=PNzChEmCiMN=lw@y3h21FS z#uEfCF;?ShhH;*j--IZ08Jhg9(chLS+mt|9T0WhZ^k?zCH}Mp&LyCVKUgyGlvv6Ue ztOw7&L9I3K1o+^cCt}Yg#w_5h5qovv5B6;0IrhWu9}EF+l%VZ$eYI`|HfnNGU+!erGznCY3&iOlpspfz^N;T`EyHU+0 z>U_+K2`227^zn8{MV}vJXgsdnY9VS#e;`H;ypJnN(-J}h;bz~dKV{HA%XPhDsSxZ00<}tkyzT8z% zOsT?t9ZIGUrKN}tN)e^=DBabd_y+Tl+tP*Pi%z*w$`j>5+!kW#0WMWNjR~cTrI%#^ zhO=fB^L8<7q;YiD8|Y}Id^fVx(q}QLDaJvZ^12(kIm?X)WQ+0U7q?)Vmu{7V<{l6E zB*O;gyaB#bV+*cc}*?YLH%Zsc{~K3Wqjm-fQh>Wm@@D5CKaQJ*ZT_RPdV zgsdD^BO;<|7n|Q@rS}0mj%GOQB`*3m5b=ZJ@CqFNjcJTH zoQ5Ir_5vTiVq~)!Fo>l=n|BZVsp|Fs#LBUmtty&Og1BH9W{ke@KIjhCUOgjN?h|l6 zwuM-;j|-iYmRg*{MXDlM^|7o6Xb&&49^m#}EZvH}z<{cjF6v8+lr!-jln%T{&NoCc~xdHT|B$Q z*e;}bmym*%=(HtO)X(F#!{x5-z8BACL}!Rm3xg5A#Z;jxuJaw@Or9FxhE&@>!9rpi z1w^7<H)=sE!}yOeO}w+=uwa`<0dU#Ctx0qZ(_J9Ur%sfELUbd>;)fK5dbDEHCbtlX*=D1kfAm+~QUdOlXR zbYn{CSq*<%@y$+Ht|H3SJb2`_jmXx-8!y2R&v@gS0r>eYId_S%;Fvtd!ovkMEqN`N zX*z(;xjoB*fP^M>C9R@r5+Q}|E9CQS!f9Y}8d#=;u-pnS(mAS7A4o*lAhgmQLBdNF z7r5@3bv&&ia{w){;XM2X9;!;yy9Z&=yCm3*B-(0V5rs09cr^a^a*_$&??u5;K9=H( zqM-Ntk&~(~noWp+u&2=v2^p^)7Bl)(w^cs^0V4s%H+=OX-6GD0hLXLG6e54zpGFgK zFFE(^q*en1In8@JA>9k@kD{`!&q zCM#xA_7dM_v2r`t3)HG_#}Y16>6!~@Lf-=~QhmlMg&VQ+`U(dVDDCT{Z$kEUg<)U2 zVSWv4WQg0s=w}D5t68*>^s)Y6kS{%7UXItlq_=)K$Om0l)k6Gl$KNnf`ZQu<{`fmK z&=7n`ryD=KTs0ah(J1;7X#2!FsT((mt{Mp<59-%wdELVcW%FFQ~8> zgw;X1H7d+A0=?EcVC-?p7{dDj%lV|ZDjtox998*hNnr7GWb7&OjxAdAwFiUlQu&cd zX&wiSDK6*0cGJ>gG<=~plmeE)M|5*lpUB)KiQQXZV~V(sj*dt#g)_E(Rgz zA>#RAs4`)drAPP1wGgMbalxmG6)m`g^~Vv(sJp+cpS$dDiUB!v(*_AT%NqB#{)0}IN7t66Cc^ab_xL4rZE+*Kw4p@aHH1P7|= zTZ6H36kAPXtiYF{v6nG_V9a+JhoZxSljZ%8F1k<~x5SEaX$^cE^bLx0mvFC@Rubb# zPfzUl#yo4P*ehd-2b#lB!6tgrdgJ85+p&f*^mNpBDh#;)zc6SBA4J(_h}Y&)30VVu z^kNkY5~9tOkkDh_aj{_A%gy?Cm4n;L;8alsq@g?Vc^a~~>7s=sBsYWc83kkiq0P6~ zw*`}s<-J7UIi7?RS(~ZTy^@4ab#51+D8G2A-1jRCCUV#TS2KafV1&xwa`$#{a%h~gP1I^v-V<#OZVZ8}S)DgDQbCdiDh zBk6x2l` zl0BQl74Q|CaiaszZ4LDmOSuDuSv*x}$j?1lik|1Ix?)gCcl_Tmi$xE?w}KA|zA7Kn zlzsLWRIxSxz>vKevPa}@5c`9e4!PhwpDI4z!3vr#`hWw7K0`cYl)^wGH*J!_tdwQr{(!Li zb}Gpi`(Z$@_gW=jV?T^TdeDBDMp!p8L_AH>dvD{v(EI28FrfF#dz>AWKZ|&UPfcR~ zjRo|^D0+034a(B$-{^(*i&V~^)sqN$Hf7yZ^sK@r?TT-L6*qA45W>jfOi6NmNyRLx z{cRY=V16@n-%DkBHlo+Eu!1~o!X!O>6X?dT1)!m_NLCbCO#4TAq5V3Q=*jxAScy~C zk4}8X(?s<{KCLS=hf8tL|3kk8w(p6sgMspQF!90x-X(93Ibz(G);LJ^ zCUmhon6OU*yS_K^X-X6&U7NBclvTF})Q451Ua3A+pl7~@-ly-XY%)Ewr1z+z2UXR7 z3Zs_=dVg-HkXwUZNI$teuh~Ck-25cZ;~D#>?8g47O7iazMdjTf$Qjq4D6#$VSuSf$U=;&?~)@J)yYJv)t%4SKUA zy+8P%TBy`3>T`6Eo}}*xy06_I<`A2G+*FiwasYG0_4kK4MCKK4Zm!uM<`8|^KU80d z9yM|NKhhyq|4X>#Pr_R%J(?_s7|CJb1~+_vm_y|LO?ci~hho7c{F12hih3 z*9kI9lKbP(-j>7u^QuZXJBIxaZ-1n`E4L?VODpXMTVcV%sp!AC3cZm+&#oG01n|&N zADVVrF`5U;bdowXRXp}OH(yYVUbNKUpUReq7NOhG(D+SuFUHF+ zu%h6+VJ@@aJ1}KE<%D}({?!gV;0G2kr?7%2(P%|&8F74&)8Sw^)?EsqVt9ZBlYr^s zn8fG%#XsE1NhGN}!3{{p>Oq@jEN?Z8Gw=EJM8Q_5JyOHJ^@ z;Oi2`W>{cJbd;W^8FZ?5QdrNhu(ArJunv{(L2$6XQ~AZ5GFb^-zE5LKnii!8b$rl(hp;zZEX`;2^Ih_-6R*~0WypUK5i`U% z4l(f-Mr>x(rdL6_RPluLW}j1th?x!9;2C=zbKw_(QQxCsh#!!Mr~Zl{KAMh~nUEb* zo8p|krSHL$FP4ucrXD1wZV5~4#CV^jlIYN{BB~VrAY8iJLUjCAmeI+;une)$%QzLk zIpE<-=|x*HyHw=!n(;2;F5$Rl76i?Y;FQ7r%#F7=|?{4;;!G3&< zJV{CAvpI9tmQIDo$^@t~ZKJK>x8z6R8%sSl>ihT0k8BPnQqE0lo`YUnNEuz__HXF5B^gLC%INzB4`B_s;cSDA#wx^$ys#27* zD$s~VnaG!MK8~MbE`0*SCTF?4dY0^RhS>Hg&n%D?K;@@Nv%d5I&U+FQO~oN-=0e~h zW&4c1&Gd|1wq(FpoFU#YJ}>Z5Hat&Rb2~L(mdLBAqQ68$YBhjO-)yo#7BM)4>24!A zt*CX1gaM8!uHGU;Buj7FJdr`u$qun}n}HU(rl$C>PElEYuedr*{-aaLBUkLO2Fot- zz-;Q_(X3oQETl!Ji-C;ARFZ6pe)5UTc7RRV4SSlNRK?g#3&tLjF7A^t2UFD82t0Ap z5IAL>YKQxqG5_^7*QwHcqQ&XA&oZcK-e=*7k$5!r^nAxXDTCr8fQ~_%X03J#T8m2wOwq;3rZ}j{7g%X6A7d6*W-1A`#-*M%iK@|cP*o42io8$} zl^a{+aNkT2QCmEzU?AFwnYg_5rV80yBmKZrJ%tE4iyJaxIM{O6C0v8Ahb#X&xJCtW z-5HMS$zg*CS3|T$A`PRxQpi_qV#G?9dZ8rW3I-uOHxjLNTo`eq0}+|Ys`(h>-Y|n zYBURZUw}6^>&`=^^p5agp6^>>x1xXe;9AT(e}{e*^;N*WG$&)D{SAEw){5$AC+8GK z7kUqAudkh&;;3!jh}YqcMQY2})-3cyK~3;lZMLaA+x&=_dX8!-RzLBSB}~crqAH$x z8KQj|*In+Gk%c*5Wb)jBjn=dm=hq3winyn~PWxS?z=pX8^Q&yNEV@xT9b8B0o%~9+tLN!WCN^!4KgXSzba7@4+h~1{N|hnD ze<-Jd(Qzda%Z_WuC>TAPA5Vk83%A~*r+=A49_><4%famQ`%LQJsa**+{_B8MM zp=kRk8tn3#-R#Aqjj6P1h9xX2M z@l~ao-XYLCeU9P~bz)E{6&VD&37xn{^e(}mNrC42te|U%dr%-7llu3_hcS4dF(S}k z$KXksX`T9KD5cKwjuk?Q;&dMBC0g>CeKf`?t7R$aDpiJP_JOQTDAUqr#N1X@f;iM{ zl>50aWw{>$zETrKN>>Olb7+v=AtNzK=ca&T&&+p6P}Ax?fTSdFQBaKw4$l?) zE*tWauX);p513iGwfqFs*TA$;Z^78VikAG3Wn7ye;M?R)=Dy1=+;794xNTHqekwoF zx5i=b(EeZ9zqWk?Hp*#0@);?_{`_5EhO7nBYH#`zEle^<)Mq zI_+tgoGP-PHONmIjRUNWLLB034%TyIXqyca(|V_hA?(7V+j(tl*+=|c&1ba{k@&Yb z25X*;gSFx9toTWD;McQbuy$zYU~T{ADOe-J#ao}@x(mz|)y9B~I@wUO`M%%j5@2KQ z-B_^2G15ZA0-jdv*2cuQX=*rNh!7Ucf?C8Z7q&$rwm2;iXyC6 zL9kGT{Lv@@^f8gU8<9H)_#ofD@C{Vs98fls*=B?Ya(<1%^Yo>H!~W7OxElKSILr2+W4t)a9%j0=ECH7`WQcc`a7PxSRx<_`tYEkkC<`It0~vz%U|-^Ddf`ArIThTm zh{u=v(9@zPavs7s^X~HO2+&IyLsEgQ$j-n@3zPzz`y=GuXY`A++avSRGw>^+#Av)) z_B}L9PQB!&4Y(4vxtQIEoL!_d1M9DgiVXSS?Z4-PHSB3z0o_83S}N-xv>AtccpGTo z58}_|+lOTq7)|`;wJ~Mi>K}lbUd6~2_On5?WrgxSM@oJa=SJLk^LF-f@+Xb%<12EW z!cw;O}63W{I%KH(!%vgDO4m%`)1qx1^i15(25&tgsr~9HM*83$^TII|BfFJIw z#?z3vJxazz@j{jHOaR2fSy6K}1k>Gh^)BeT;GX5FB-6ZtzB1)1-w*aCE6uBEQ68%XK5!;f^gpEbyeqW3&Xl(bLE!~!PZaJ5z`!PmN+d+3r?rG!d`-yVn1CB+UT*C3_ zSj1@TO95hLv=bPuZp;XlbYe!`4n~zOrb$GU#bne~8v9^rK8JW4fhEFl-bQ2xdE4_< zkhe!G@zyHDn^g3;g;Kf*B>O zHPW1HQka|O?84nNr<}z1bzuyIT=JZ`yQ>sv7WUUJlIoCU^G&eRi5_~8LESfm18$o4 z22>cXsfRT00`Nw4D+SXsK@p)dnBtKl%Cd;ho1|8r6(vgVm&KPA zEtiSQKXUgS!eVAVprbc*3m!FJ$ z16rd;;3q?jfG4s-9ThJ;+;`~n$rMG4SKkhn&rk%Q$ARIF4>guIW0Z8_v4Yq!6f4QJ zEUbAc7R8xi%7^IiSPWxAFB8+PT_rL;L!f!v5uxTBjE<36+^s^nzr?%O`#R_(>HsXc zUx`E;gki^3=UR0>DcxLRdX8xL(=EX->?3;4q&$sJY?EzMn7#dcQKZM_?}1cPI6@Dk z;;%dtrm#AjigRhi7Lj+Q3b!y?_af>WJJ(`FWF{$v+G4gxyqTjhvTCkIp`61Eac4-7 zPXHUCHQ5P79-!&vW(RvwzdBYNme*fEg>!Rm!EBb7R$g$xwRY~rh$b|l8sV8g!*sVx z%w5B}5qTgN&rsIN_7x{rE03sZa=0I6$+^TIZv{&T)5>^`7J-<<#V!XhZlWAHcLi=7 zJR4*B6z8toD}A+B*5wsOPPOAjI&FEw+$%M+kE1hT#Ut;5BcVLbE`})9M$$gYwiqdS zIwFlPc}@g2Dr0wpDewX8jR|oOA*Rjl?AEz$BC_L=fa3Hf6Kxs6wZoV`%m3~wx;O2B z1nDfnbe@gwp`4H2V%~htM@c7Zb?_XxGebbID`8&&4?i|C%B3c?gcr68Z@P4s$)1oGN1hUg*v^U5$wK>kUD>0oG z(dNcU4WT`L%Zs#xi9)pY5-Xl3p3NA)^sx3XT1kq>Uu4gze**2WBfqvbRkfLy5QtQ? zVB`>!r*J~5F!fPHcrO6MhyOSc~ri#wh(&}a9DtDfW%*7s{LWWyUkq!odIp~B|&CtZ~08_7KTgVa3T znbQ2>vNVg(RU56ad$v%&4yW^=|JbgIV}<)+2p|yb$n=e{r;Cl8O;eyvNe3&*Fc61X zJDTY$Pgo&7l!5T^C9J>(WYmu+pJj#Y-ql13)?L}>Guk_{U&#$%zf2AiU4O&?wiu%P z<1<|LR1Hahzkr&*asDA~CXJ1qYw@n;Fto*}(9Gv{j*VVFU;kK}@{jRBo3oyV{^T#w z9rv7eiN>pB%_|8Ur|=o333LN7`j_o*3>wQHh|DCMHVtULOW0Ri99a`}pv?h~)1Q)$ zb)W1;f!_>!Ra~PlB52F&Qsuize&$}T>G{pOEBi#CaCUKIEu0f-R>G5@vEnUx3jlh` z6R^T#iu?;jX94cE$ROoe%fFij3{PPYHUO(=CudXs(n%6$hjAICQnKD+4#b5LL6+kE z6HUdP%WL^NhN!d(QfVNmkQAWvL?Qd*K(#g0vo6QwrB~%8O`%DB9*;mBc>_$|LlN4{ zMI>mvDs1F86|V$~*KoR+scZQ(zX9z28n}G-c61K%5o>dz5P&-)ie2U&OXHk9Z66*(!6 zDCWF>(a1~6l8d0ZPtnZY6xeUn58qguuXB{Kd7@vDF@7~egi%masmnB_?Md~==bxW+ zf4S$gKgA1^D8Ht>tC60tyQ0`Wq23_MMUiPlDK1B>$))ht9molrH<#!%mk{9IUgbr- z6{qyXz6+{Ff1qGo;w_d3dCWWj4@}6k4HrOC1nWMTsh6eX^wtWcOB{Wjso?44NNwg^ zN}k}rxf5)LHi=9b9osyr`eR?nKj}jq!Zwh#lRkm6gk?%^sqpm@vn4)1omhdoc>R{I z+FTm_W1G@3zX$dk`bC`TP)_H0IUduUDt&pvSE7f(QE_D3_?+XV4k^A=Wpyo2j-6T*2eJ3kjpi9n<93MUuNXz4d0$|)M-fE9 z`q_N_O~!Z>-BtN=yl*&;k7L)WMI0SSJ10pio{2|T}f`k=P=*b z$}K~Bhsmv@;S-Wuyy2td)286Z}@gCnWe) zhK~~b2htsw#rEO9>1*|uf+GD#eWe~*NMGanhwE!B^fd z>3`MN{qz5$zJ4S5zE*7SN$)VR%`tpJV#_mpl-RPQ`(O3-v?_a-SetNNeSM3B6sE6B zW(S2!Th;$oUzKpBzV61%t<=|1(AVn;7y5dY+Z?Q@!x(f>`kGSu3dn@?wV_TM!Ii$c z1GOvasQaz|DC}M@Ue`F>FTKNr9b@=}gngsoql8^ux&yQLy;3L*-Dnv_|CnpWI=lK8 zH-PgzyagQWuaQ2xU`esBMf1|r(5U#)WQ=>_8>b8`j%hW#SS6YS*oZ zbGP=*S{y4V_?Wui)FJvsr&$;&7TrAz)p+1MmPB9+8Fbu+5`l42Y=ry_nV;`xvKZu~ zIjmT1VuDPyZgTFz63Co&K36o=1z#6)Nd%2g;E2U5saTuI8*jo;I=j9&_ZTMYu~tL7 z*5%;`6tdmd(dL_I_w|eFT|UYrZbNebR(UV~tapLud`C2MJybK7Z4%$kk|i=RBCMUu zwu$$ozbX>MhTuRo{hgqII=F`gZVai^HSJ5& zH(78jlF&3Xv-?gMyHT(-R$}LW=qH<@> z?*y!9M4yKOb)1J*(2OOnHN{P-5iV70heJIJ=dzUbcm%M2hWKU%D}bJ$ym0@I;l=%4 z%3rE@-SDE-S&1+L^O2l#1;km-(-UfZh3N$}rBtJ6rY)rQKl?cWsp}L3z>4MIY;7Nt zu?|p@B&Y89U`h{U-FG6VU-)F`LU5^f zR5Epm&zlFEgO?E$-UKY378D*WwLo~-YUCS7!b5tjrCdjNvKiQ#u9|^CekuY8T*la0af`cD2ScTXzZR0E%;ELrnJx?e+IIFK=^ZA|dkmkDJa0C9 zlss!ocVM=$-t~9-mW8@wbOxtLkzHTksKnrZ&zOl$?~7{?N`bFwes99y~E_W#_$Qr^FzZ& z>D!yqt@Mrh4|qif);q?J-7;8>@zgX{|I3e}R>on}5sN8qZP4gw-nGqfmG4QD^Xy7G|!yU zX!~Jb3AVmi(y?%~`))4H^xhdF#wgfBo<;~YQD_6{m7ba*YRON8RH2Y7G98YZJgX=` z*yADW7hh&!J2B)la#*DHdtlZD7weh*J*?*oasJqkqsryIXiN?t=UU$+bKbGPXv%p& z5vpen;%feOv=VlI-grEvoqz@nkEZNEeE226nsv6mPiSgjJ5`1p+{4Q^)||Jo3NBOQ z{UZ9CLH0%lEc(KrtDSocm_7ayGi$U*q5d8U3g??b=VQPRi07Xl7f*cAfcSniFPI}} zb81p^9&mJHH{Oo%#Ng z?!}5?k^N=jrvjpoym-8ai3WcS>{3VR)ZucXUgpfUz2c^e}OzpyMYVxA@#pcGM9%(kG(edW0I=LnpeV-(|0iWVoFZEZDJ@{GPLGn z!~oZm!1ayBd^-i-5#%?M__YT4jjg~hQ+@+@L3zWPx56mXw?R2Ou9S9dt?`5f)3*w) z8yHX9GMu{%505*;x4(Rc?=lNio4;1;vDaMWX`$bS5uWUS4aL#l7~eke`z$WrbbSr* z;V8pQo-eQ%9ck{DLj#@maIvqfE6iKbZhuZ%^r|l?mJg{1@ z58Kn4wgk2HkHRISg~FV7G}5^X!z8-Sd)<^@%fVyePv)9ue7&%8rPI~*GQ%ALHh()S zV#7Bv=68!1S6c&EM zNuI9@J3ol{a{mPFuAuo-{m~#hF`@@g!sGAAU z#G4I`rq*MosZ*@kRPk5W`>Uib(TLZzEcyWDl`d)+UIUdEEcQr9;>Zk^gq%8+{UfzM zC2>Y4N$=1tOiv%B(&DzjuO!GEj?()z<|}OtQ#>k<`=#^o8}KROto^i}FZ*!j7eqblhO z(xXi=p{(TjY3Vj!evENvbSclfR3(cx`_{*eIr@6Cc{jMk629Zm z3h(OWW9>ojm*5TVTp-Y`i=js!dP(#7@k@>>vx7?s2HNcTVGqs~<*|kdIm}{h<76?9xjpo7Kb@Z%`CFoAy9| zdDVB*Ua2nM7GVNa>_S;@X*0l{Qv*T8CUbC>Xu*^lkvLiruM6qUm1 z&4Fc;xPwq!&3y0{l)=M);v)49_z|Vp?*p5=$O3<~qG-j+8}u2+w?MO>`+RwW0^AC% zTM+>_MCafe@nR&V2tAE3btg=38<=d2Nv(`wLNJJrLgac_a6XW<6G#6x$c;>SN3Z5x zG-cnJF7`-|@|MJxOZ1eurBgIxmvPl`g%(Gy?-&;_q>JGO+KZ8%A-szpEuiLIsFW@a zN{9DVE0Q`smj#k8o~Y=*Rr(t&EM^y${cko%9F4?*xHImE04~+Msbb2PDx@5yQXad) zMS@0^Q{n_D&snZFmr{?$e-Gsx@Ab)8E?ChjZ-7tspWoJzQgD3jbZco^r! z{$NtH5&TU9Uxw%)*@E@FTcV@O74<<>loxT|C+e+1Wfi+jnBJ=5E8<5E`vvU<%u7ou z*05r3Q|zfz&YohpOv%HQ2Pi*b+SR6nqLHWQEThqiVN?!t%36Z%HLr(HIblJ|h{@sY zc$Fy{pC#3zkPI2bm)-c%qZ8^|-8YIYd`Y%>QET{1KePDC@QV%lnZzQ)FDB?$Ma(k% z96`U@VuIlp7xdG_(}rIH{3HiZB;2G-n=P_iqU&(SfD!Fj8b&4_ygZoGrjca=P9!K0Rz{~3jscsaZlHh9ri z8a{<_4PUU0P(3PdCg&3GzRK!|9W#e8>7Gwp)Jo~b%`gs!(FK8$z20DN2eaq7SF$#` z5gozJ%`soSAzRDMG1ab>ZN>q#TD8CfpoMOpIhmbVN}K(iC)trvN_$4YKKP})o@F}CY^I7obGdf=E*PrBe0vuGi=ncGIEs=- zBPlI^27LYZP;PsR&y;uevm^v}E!->5UNnThDG#U5sq;py@eFJb^K?K17I+YcZ_G1R za|x;TzPB42>_>1)8bRITu9YEnyuv)ec?@kXcW(*FBfW4x=|!pz7GKeY-Gzb1{s&0! zvD>-ELQ;F|Tj2WRt|gjDUf7#Te8x<0gJHqI@|IK)P%plaM9N!IC2*U?BITwE;Ku$9 zD`)mO1ksPt8mXmOFlqy;Ud8OI+LZ8>4ZMyA_qcTEuh## zFb?8s@%MG2GzxKo9WvX2-VydS&1v z3T|;Hq=7jUU$L>V_538s->E64HG>N^LyfM%#aLo*z$@ED zd`Ak)8{c*$VEYys=68n!IEnv)5ojEQ4>soL|A0Nd=u4jmtAJwc>*4M(t{*Sw{h_o~ zpFZ@@$c`UAV-S>KSQMB?VM+JZ$28aHd=Vh@SDQ+6CAy1!uPEPfqjhU5ink=_GfZKx<#+8VrR z#q51`aN@BLyIGC|ZuK2-iOrH{zSxO#iT6j1Op-h*H1|mnMt348BI>_RIblLw_s?_C zeSTte{FuQb?XaA-XrN}Ab!Z~VGw&?P0|AUB9e8nlsyd*l5xHxgqz)RG(cluo4bdh zL@u%XMj9JieR4MwhMPfox_fgZ9zk2P3;m)lysx1HyZgggLO{@~p2P$4Z z&=f*9+X%0M`V$N{R}Qc05-$bAEtSJ@<>BaHxV3UP?)rWt7;dW^Ufm_`4Tjq*hu3h4 zdcp9p=`_VZ27hOARQ{qXr>}|p2g4ne!_j;!4Ti^54#xwDF9pM6D~IE)h|$6DxXR%e zmOT;-PpBM@(^>Zh!&_Gl*O32Ucw*&nbji=)26$P%NtMIvBLBhgo-+w`wE$+qDsc zqqPykW3&-t;Kj#_!tXOk5T?c^GB~Cwp)^#bk`pwXzyo zSx>W8mSNS(2H3T-r=zv95iwfX*f_0hGO*xQK|<4o(6|UqA3`&b(CCC_B%v9HVP}?Q zwl)Gsj?uM7_YBRTNn5^ATfV1ISZ5^E#P^KEdT?rG$>$=p5h;JwfGIa~$QBOSuZ>7M zhb;B|t6E_|CJ6>)o-=79hW%9)SS=NhjqseSqK(M;E3y)m6i_KkV=5JqmGuRcvdqd< z%7%eTnTM&^Do`oQ0hO}k>rhD}Dt(!Xy+U5fGKtEt>rn9!l^muLRgp?EQAxQDmA*tJ zlc_{kq%w@Cc&y zeVIyPMJky@W!QD7Qj-*f2me|D^mF{ z)oNfxD*vTgWmcr}U#gW}k;;FmR>LY%`7hOKWJN0frCNC^Qu!~{YFtGs|D{^xRHX8+ z)v6+ef2~p#v8(E2G^GA43sy7puGaG0kCy7cHfyDKT?*fE=8yMJFyS=Bzcrd=sBdVQ z%g{2Hp=B;Z%Up(*xeP6H8MVySwaEycjNr)#o{Zqh2%e1K$&*^on4FX+B5_Lr8vYLE z(gY0RwXy!EtONSvpn9k?LhGG&`#}5Jad8I}Y|>Ld8;)jYSU3zhafW}#Dih?h^aOVpt3+r!DaK(!6S1ft*nYs!_Mw%kc)vDA~uxHQPdbS@v{{{u`yYIk# zAOAk=O$8S(erNHcre5U=?%FkC*WooQEef7HclO+s>KE!LIDY)4@nyMZUR7|!h=n5t zY&#sM;EOL#dhyS)hn`XJkwGQb z(RX*ZQgG(XDl<*fBd002XwmXTqZ&NEOF@ez&N493K1{(06HZSkpLX7>V9SSz4{Fzt# zc2Mx)hn){U`RuFB6uf%%$kj!+9qXrHMn=1g=WhIDuYwI4q&0ZI-Cb)G96Ppf?AyzK z7Yep&^+T(71H)fZ@Rwh{_+>)+{`m^N{dT9fryp!mU%^wSemk}MroWmf*sWX3Ztlsi zL@W6H_dUO#KW9m@f_?f->~r~!&)!jR)26DMs&AgPUBPC}3Yztv@kow>wQ9xGa@}rw zOu^4Tzxw&Ho|9b)E?BT?!H`D%HYqrC=;uQxf4|SBV19n{{JtOFbWp)HYqqVKlJ#_= zg8ljp>9;Fk)hq?A)+B4LD|)tqfBbRbkF!`zx21DmZ7(@HszRY1LK10|z=EnECd{=?Y%C zvgL|DE-+HT-+zDm_a>tXzf&+L=VVUFixIb3V!=- z@wYFIf2z5HHEKlFXnk{?hZOwyY+2meHE-y#azW&%T!On4?cM5gEpP6^XA~>guwiDyjT7(PsbJTxZMu#g`BGa24<77r@cB1B9iZTuGi7IrZn@-C@aLaD z{Q2Q7hu&B4@yAC!{?lE{S1LGlYNM$MFWs&i@%CjFgN%9 zT+gao{!s9nZ`OS?H|L3_3V!!p{qOEP{6av%goGUlYmVza1-o>4pv$w_v+q@~y!=r4 zhmN1q6nysCbI)Fw^~VeaXU~3i_8udC< z_wLXXY}80^v}1I_W(7a_7drFBnxqv8A86ny#RF)yF^ zrR`(|Z@+!&?Kgao+(N<3%o&+AN;f{G;OWyppFUKt{4NEvvUX;D`_8Xh6|7gUOTF2T zIi6E6De0D^`}^fStDxB&ZBB}@c2TgX=x)r`zBxz16DM9f5kFzW5d{w&dic<*vp?*v z;KGI9EPSHzfVB$Fm{Dg&R9=l26@1`Di46zV_PS*S4OHe_TPDAqfB5zWwIy z_wC8Mq~P6me{^@p7t)6-IA+X-F|U1b;+TTZJ$LVOnV&WMRl$AxChxntZ@zih z%?HNbSES&VU;h4O;p1aH3V!{lV~^~)MM0OVpKH|(3;w5I$Bs2S z)=Qa|q2SrGfwNoeS6V9=7q>R&9b{aMe7xO=%GI!`lV>n_X_sz-L>~i zQ6H2j_|7{^-x+Ux^pJx8``@hpRUNdcRKY=me1o(To81boTD5D{N_|LG1zWUO-D1$o z{kti+c5TzOJ$`#@rhV^eF{#SR&Sc)^_rh3xOC~6rI(V% zKdj)dzkd7cQ;+V+{I-XBMwP%tIso|MO) zc>P8N`}ZHze{=04Hl;<_FRe(}ZmFHU!y&|bmYZu8#O z;NA8K3eKC?ZQd*U?l3EO>#gH%JvBJ-cLh6isN3Q8N1lH|!IF};C1d`4`Ev#T{B!@G zU)=pmPX$dTt0~%Mb|~1Z*Q33bn&0_Z!MSt$&s|;8;tmC$d1lEoJ=cGKyMi~|kZ^!`kyTdcK{Ln_h_3K-$AAWYu2MSiLYN=}1s^6?&dV0t7Y4tz)LBZtY z8Jt4;epv;(vFvg0*YM*6!2v##9C0daK7<^L96lRB+g^ zkB4r|`5^b`d@`e@om zHSg^Bu7W<_t-i$9v@aF3*<7{-$uY|mJa%l+vB%pVS*75OH}<*lvmUXF6}&-)4N{9{31V$1R*DsBp`7gtze@a-)8^lSX=_(pl!)^&`2U&__pGk4q5rz#~>DNZPf}23I72?K@PfW z+sa?WOCoP;Mj8{RaY!DgJLr_3V$*DV6Pi;%<9{sLSEv;nG$Xx@zX)d+Aju^nIH0N( z93Y;O8E2Hlnc^6!5Yk;4{>SV=Bq>28eJKjjp(|m)zwVpo@Z!@z7)uDd*?b#io-a}) zeACmM!|20|kJkRjtiFv%Kn@RokxXds8o0~>dnWL12Mr5h8*PCUlav&X5=NFHU0~4O z926g&I5fmJoo`b2od)_e$dfSrX(S_(1O44hl0mxT%izwgxEtqhWH9G-&=G(je-Y%E z?r;DY>>USE&00mXYFfrdfBQuL=+;`@=?>cGq*>crHET~R0?2ED^ooX8wBbcNln^V< zx7yK{P+EJ&86j&C;w$m3(+bYmNn&1yok(BwUD66pk)(DYLSdN|DO*#(M#v`8mZLBJ?_@8$m~j61>Pi4gTb&BqS6TJiduh1hJgp4>oLoZ2_4#nJEWAe6sBTIxib-_|P6FiQ`Xd367zxHkl0PXn zz7y!1bP-9&i=0;JBtTBq6d8#y#33emQ4rY;I0=xGsy>_q$jQ}M0!kPSa&hEO6$#M@ zkdrHi1mt98_Zp?=Wt~K1@}*E#7wJpRM2U(3Ig_N5A`wLk5|S4MkvV{q00s30Gkxj9 z15YYTZFwQQJmfVFALA$utDpqrpA7$G`sjm?So%oBM<4p=f{!lrk%Esz`pCgY3VjU3 z$3XfZ!)d3FOpw$KKB&@Wk|&uFYvHd|{jcu8W+4B}J@}>ixr1UvQw$qEY+Au)GcIql z6#iD#Ka1k{U!eHXSd)P*{JE+>k5PQhC@yOS>+H_WTERuT^Az^c{h6(tWbK(nH z!FID&aN3M*I8+A+#}|y_O~wJM#p}xjXRXdHv~3Q}gw=T!%jm;Ge0E_9OZlPMQWyN1&2veCg&ws-XtW8fZnn^n7d$Jw?kg1txgmJiiui#l!kvc z%j`48cvdUeZ6~V_1)9#r>3UKpS`J9w?7WP;k?EqmG4uX!7|&HwJxJc_EJoaDNNyyN zVj}((Ec%NOJJmIdR&doGpW<+UC9;GmJX9&I%zr z;;|(b`UzpP%8@l@5wrNDy6mS4g*X-`SE-$Lh=;5$iHA$o{|$2r@$56B7?AhNW+)Sx zVpb-`^)2Tj2V%oN6x2%6K^7d&{ZJtI?69(pAj2KPENuh{oAa~J4v8V|X1kMa5>0?8 zAnXLAQeH+~CV^8`MZAP~u2}Kl2vVSC15${eLfkk{!3qnGvp3|}$B96C^-30lE^GIw;Mt1syh8!c&1eH77(h;c0aT*wHqN%qtPlI$zh zSyT}e_8BVlaU_Rp4W*gwFo

    eWMnWn*`3*+syV6=q}mtI43OeK}ZaGluQD8o^ucs zP%-So0lRY>gieh%5ySSQ__-`VeEGIGFG6uGC^i&eyq{82evwZP)m1jpTpo^inddY| zAFfDDhZ__hZ2LY^p#*0M$;fC<`v7B?Yjel-lk23%k;nzgnOe@7q9)T$8A9u}6C4aA zLb3sngizMp$iz_-jvU(wgKXO+2C|4&YDLaiQH@;wgbmE5X#?jM-FL0Pv1G2Fo*j3UWe$aRgn@(0286+3Jd@ir`&a~Qi= zX|8Yd77o2{prS`;Hm1 ze8(JZLD9iJY&IiaEaF8`yxE8sFXO?WTjQfRE_EZ<5e5sFt5M3nQzSr8ignUGplCX2 zz(V)n_!ItON~XV<68NBuLG5io8s*#wfx`#3yeVd>qDsiS>+zVBC|0R13}Ef_vtRDPELRM4MDZ2=)L92&#(Bh0`5$2Lq(RlD9~b z+hIbeZ9;Kwwxft+&;+nV=w%HhxkM>B=*CV+?y?!mgC6ue$Loj_Z~Kw*3}$2EEk6=! zlE!9AEydtZWTE)b@hT$gg5wbvUlBSRR5}GEc1X|W z+)uJtO%!Dw5!o7_C<_Lv8E^Cs5$Q`pY!sOxFx1p7WMgfpN3BVdNpK`&*z6pbQ>wAc zUvbb;M!#t<7ou%17b1)<-nOB}bqk4*Zo={#Wn_pD_38|X4yOg)gut*4BJ?`8P#mMkgSLmR z?0}GAjd!3!kVfCT?I>2W%)xr17*sg3q3Xa&w_iqq_cY>t4Pmyh2>dqAf{%Ge?X)8f zsXy|&lVsQ$?j+|$(q7^Tm$ai;E7(Iw{|aPS!ZP$aKBX8kqbg@)#%NLrycSb&W2ohI zETnigiAffx98;05lgi$Edi@!(eV8vL=;qx`Pk*$(rm>lPt@t`DNvYw;7*YU(#@#nKkr#3|ui1z@}Jo1|r*!ZG$p=$0N^2t;1*$)2W-%IqBdUQ}v&4xG z-exaJhH%4^}#ro=W6;QjtBaHykQiU1{TvW zmV~q+aZJIz;+RiqWyzy%vBWOR(ccxT^9)k=B^{zGKn>+ln&v@?;h*LPoQGj3@O6Yn zf_)vC&cn`aXgDxVfojKKbV?QmpRxF)-W@($(o{E@1AHdqliFH*(u&4fd}3mpS`dgN z$F~C`rRi{x(MIrb3SQ=*()Hoo8db<~)GtOy)0jVoFIx@vB|0=9r?{kube(JxaHi10 z0wesBF&PMWQrJK{kkWAb9mGTu2#fO29CJWT^(GMKXC~0Q*6k##u+D{p{Q;<5BqHRPr zF`(T+=y^^Uu_^l_lemSAkTBFnJWRN)I2a_a^-n>u9ggb4mfp4 zPLt4m$$|CIwS4cdxL{ST^&n2{y*03g8CM0f3Vjf@ja<6SYOn&12oysaVB6`uiaC0u zX7xH~oPaf=NLnMZwg)KGtljErb@7SNg&dkuSIgL;W$e`IK2n!_sZm9m+hiJmLd3uA z3J22m@>nSg6%+?_ALa0n;os?wxL;+8k%8f>&jrU76rVp1;(Vr_?A%@GJ^W zsZy>jzb1Cx#dg`>=anQOYXgxgZ*3&5$j6$kmOl!IhXb|Kdp#mv+eC*=E$Vg8@Dpkf zj(jpJml)9M=H@a;8j07w2IAj^|0Mj!;XfMxc$q1pB)0&O=&vMq0mBG&j&`;@{>-C8 z*fi^uD+srajt$<|p~Ibvt78%X!O|2OE}fb}%`f88n%USNaaUIz%rpU$s3T)>G4a`5 z<9&lD|1b>nX;l1KE~5BO=N+rzE4y$c@3$I}?^BJ;dXz%*a;cg|X44n|4l+!U*$+tv zWj8YWUg;pK8kv2EbdUv&%(hDhS=Pwx+S0Lr9H?Fi>|C1!owoQc*4(IhZ>@sk^0+m4 zIpEi3L|Z{W%{C&2wHd7n*nGI{H^*TPw5hm%AN9++`)5A_e|MgQg^HW{f2@58d{jm9 z|0E1Bz`z?MK!m6P2L(h)0F?-00y#iACJdRl5Ds0$=ZG3%27*8moC)%LCa_-X?z-Lw z9_zIp;DLz&2D}w-JV0IT@qyy85k#2(x2oTJGZVo5|39Dq{(h2q-PP6A)z#J2)!o%q zoeS}oBs)*z))8KcCq+u6L%{(hItcv?m&UXGc6=2%)MXK-m1{D9Cu_$KUA_ROhV5j< zYX`Ltl_&+8Ri53k<2&T%xn^V(Mz*?E9p?M)*ES$8m_avl@!x2Xxr>DaLA-z-VXPMN zeP4->mH^RJ?Qv!Nchw<66<(2o=7ld94T3E+gHui}uQc?g+v%4Q5o@YaiHIym24ohG zR=T~^Y&--M*@DL|l<2|37{TBUron9HQ2aBQ!YHh|Ls67YspwI_5G&&w=*N!d6CirW zcjy4;z+S{&*No1E+(AQL%lKS!BAk^%{_mel^4o@dMp!{kT1PaHJjCB7PRRIU8QUU| zgLq54L-}-{wnL2eBbLu6knD`_^LHkTYM&tt#h>Fe`5)2$dEBut6DNoKsu@ELE_%4- zhYs4CjJgt7-xps_r+5SIj6;&rfT#eO+IL7o+`GReF)mow&=!7F_R6CBG|?iu_@-0u zBG%kMD)JMGP;!UJuI7waR{e+j8jq8NW0B1{?e3Cu|I>IT*VV1{Ae|{a)zdgJW7TgCNY0|NRlog;ze}?-evGsfK7Ss-hP*O8=qMMRz#G)xSXvm& zz=J=3`Ao8UyOFcCxKm+$8k)r$fd)mF9^dHf0Tw@>OL$%d9-r7GxdA+S6AgC#RvP9C zo=aMxys8Ci^d>ez@Ey{dSgqk_wcbRdoS+u!O*F>or>ZwmkJ8WidedFz&v{JWkDoGq z4T;d1il-C`uq+RMp#;lv6;CI{GZngU8vg67u1C3m*gckmLfFcR;z*{48z^=-tn)Q^ zpS~HT^p$RXwo5O;-T#fn2zj8CY}3ea$7_p2q}4`$xefSRj}r8%{IOq}r(6$?AUq97 z`X7EiA%8hm(NOR#%5TJgPfCo6#Ck-g#tVitMX)B`$6DEgx6!3OPK1tw1HBQLEB!uk zjfA96GFuU1=p&A5jqrCznP4{j&atKJcmRRmT(txns6n^*OFoAKKq!GT@LoylBl{8> z#T7U=R_Y{@#qN<1*iwoIk&l7o(yHB(wXMO6C5j@Id{Kxk^58fQhXsbWZnzXlhJv7Y z_W)sJvvb3hNbt2QutXLJhB-YTmW*Ih2tkrHEdTV_mP@ZjV3Jz-Sjnso#3&akD3TS> z8{p4^RMe%?qRB*gvP7AVu+R}eur@gPGs6WyOkpfs`qhZ5*dctH_z^?JCoX^6e3Uud zQM`;4oU3^ym?1(PX}+Y;eZA(iLNnpSl26Q)iFmMOhHT)ai0a%;+=i$xkL zwEtiTN4~~+E;i>@dMI%Iw;dpQC2q`4gCqM9&tfOOVaC${LBB3UI>o@vnu(4QLm%G9 zZ##cRFkAH!7h-o-;?3vGQB0B6O7S+I$z%o~7DyAp;V2k%0xh0_3NJeY;@=EG-)_8y zdpw?$Msp&~J)sCDq6V-Og`>|%!VrQcTmi-Jjx2XMl;{HJ6BYp+J3xq8(RT#b22yi< z^dk9lh&w3}tf2_koHoI(&xuza;{{0P_@LBWa(8lwm27`-I1uL~^3>UAE4q?ikI7y` zZz$#heVz~BiQdgiDV~{&qlGR8BJhSqG(WKpM6anK@<1$J0V43QOOzsL4Mr2Shypg_ zSuT3HIh*F%;PAxA)XE;Y?wFN@?=db;RweC0#&cAvFFrORCHg*E3@RF$murQ%R z9dW}lVh9#))etB9HQ)X;j!*sui#+t&@XLA3cj^kJ!)I|XIcQRw_V(&yHZ4?!U?&sO znRd0sw9wG@3^UeSROY8d|EKJvPT*a9z4R6E5zhgc}|3lJy^uPKal z5bZ9l6%w4N_K2SgxkO~8J5y=kCuU%0SPk7e+-fLBTzD8Y7=lX@k?RA|9um6o5fB>16m~u)0;Tm zL@x<$yn_e2retXucoqz=U5GvB>`%N5P>1on)wIjbU}medd@)|MQvGHs?U*rMzj#~n zP`!)*Z<72W>%^s!nae;>%MY7Sg{-h$;$hiOD%k`KgZM}i1iE=0UUj4%!pOw?!!kK# z3XtzhME1DpL34_)eSIbcm8`}u?M>~&v13BLlA_P^1%gGcXq=m&9UAh!5*#%Y@X@t`8Lcpb?jE@?Y#J+*och*oK% zgc*Z*IzGe}UG@%;D=HTO_SGlq5kz{{uOzijt<0rvwh9rQS>nexsGLXZj7cjPsdG6( z^R+{jL{1rOdyK_~W|J5tx|*qheN=y*Bb0~Xe|=}|ld)rz2D0blkKiBmE(<$iC(nm~ zJ$05j%i*mIkWBiP4cMeG_{1GUnRJz90Tag^vf`vHREp&i#CT498Ay!cWN|!9E@r19 zfMTEB9zlgT#{{8WD}?GK?n}-U#c?YxOxWbHCkkV6sNqU4U` z$(=S})N3K+6znM=zH8uEO*A*rmK9zqPvq~l<%P6SHtEM56Nsf`eVvDQ3;m)M<|Fz! z1<~CS5kE}6%}`;3ETl>@5!AVx$U0N@4kA|j#dWf5K%8j4v@8RY5jA_>v8pN2T76dK z0lV@Gv@OP|!5WErzHx8sAp zHj8I~#Y0t^{Vguv1ujp3{?JlTPwxaPjcs2FUbeQg#D~{ zAjVB3=_JHPZ@gz4ga05SAiOfWV9Uz7ihwwazi9HO*lK-A&JfksBfc-Rq;Dk(^2?Q> zW;-`;yqOz*$e4}3A@vf!oMuY$SD9UbnUXg1%(nAO;pm&*Bh0=rMl>YCx#|}dh)PRU z3+jh_6H0x%B?Ako1hg=CLGLwiWtg7=v|7jr7h|PBJK!Fg?ht|wFEJeG5H1vNjHETg z*_)GVhJPT1m#^1CX+kGH38OEBa}6zsO}?G~aPEBM8m@9!-+$+Tu4Jp;(jxQ6%EqX8 zvZI^0z@$-@eI44U06pdt{>Np9$OjiH^9@&b$IlnHnpo9P_-UG$Ww7(-gT#mFAojP-&wbbu{KeGG{G zV&Gz`(1rNCn9RUX=)$GAdVzOxedX$R08!s%xZf5LT$YjLlc@%$e$A;KZ5QlGr>{I9 z?qw`)wPPnj-kTq|cQJKNzgP`NC0Z#FbY+Np837u8j;y{Co(sR2QnVM9dDK1(^A@W^ zmn@deNeiuFtuHdwD05&Ql`)})FjT1p^)Cs9EQ$I);IdXJD6EXE*s3 z5Kl?yAR6IQ3mNi@FEh}Ltblkx=4o5;-u*A;INLA{FdG-(A7$FMa=&=xYLmYkEeNHF zv;Za(d$kYyDIjD%p4w6CxfV?ptQ7lfdRM@S*=K@*K0j}=cn zRsOAb>U91bXa3;#9;NLY1k()x;Lde8oQ@4>iUR>KH+IF}7jo&N_~VAQmpz=kzwMQb za9*&t`VnZU5O?q(q_N)A1-^q|SM_^NU!6?<5i46Ln!@#&VIPPZEuO#796p&#Pqv27 zah)-I4sg*IuA(;MeUG{U@n=xhr*dX5K%hR(gk6I7do8?$;c0&L49>3OY$oR#WOH@1 zWOac`Uxhen9FGQ$2km(9TGG#8L*0=0U#Kv%sGf;gekEbxwk$zbh4`(AM8)}QtHXu9Y=AhM z@OLu&1xff)z(XhyFuXLt)Ps!ZUjZKwXW9u(cOwB_;w;?4^NSN?dcjtuQ6oUGZmeH? zID?AQ5*Kk9uQ`!%X)&Mp;S(~S5i9dnt4ZOFlJ@7BmY1)vX@4Hx>&gmo!f@si1+}g1 z4{msb(O;sIZ>v8CFzhW1e&KlZ)sTZ&)uWMcs5of{kKbG3&tmCcG4er@i^MQX{Con_ zsME1fH(o$Mj?=^vNn~qZ)D7nK7i8pRrtRN67U5ch;c)_LZCsv+9L&%T)_tb7Fu-&c z5bnA|s2mflJ941UQvU{rr^=z+yKV6#Fvpn~iM4)(xI|(bgO>*02C&)tN)pBMgaX83 zH)4#FLLZJ+8n4G38$SnnM{Pxo##@qgk8|zOg*NNzs3`7&{2C+wITvl9r~3S&ZaVXh zx|R2Qwn_}2Glua=4CewmAo72(Eu!7vA`I_zZgV9|(yF~uJUE~0fuznp z-Ij6z9F^ixnbpv|;V^35NLZBO7N5GGY1nkR-3l`9f~3ZZAqJ(N&_n`(508))cXp9F zSepc=6?>%^XIC5@X;xgj*dFHl9x<`k&c!l0Abj6*0}EP}8wLzqp6ALKZ_Lzo8B@b2?+?s=PB zA8joe;Zecv>HxG2T{O5-^n2LsRi)`0C@{=H!;x1hGLz|~V9}Su+FCQi^je2kY~jv> z4VSs}6l)UlqnLUQ{sBau7FCo09fUL>JjnJdP{9 zSvD90_ZfhL8D77*i#g>=0GIlK#|O`i^!f&u+9`D+O6{(& zOZ}5dS=4S!mTEvcv$c>I(yNQbkWQDTbTs)L8Fg+Bt3mv>7;?v%HbclQW>*nNRxyyO zfUHJ$g4emqn#mTnYbBxDZrh%yHVA(fOq5eVNu}^4v3vqnN`aloS(hxZIZke=#3*m2 zXgSqtZxbC7H2X$p&hj)yCnUKc-|}1uT_oQsVJoCk47i4^kT@wIQ$9ER9emy><#SuP zB;Wxg0n0G4`x2r7(okEJ-}V9xb=a$VXR;m2vE!#t!+A${KFo@OtsBmv+~QVWx%!w@ z{2r@#-D~-6>c;?(3eF*1ec3BVs?~Ja@lgFUxBPN01~2DNG^W@Nf;v$eRsjLjxfA>> zXY$6Ev)o6L^3-2c+3!aT+7-i_*@QKXjCw(j~L6_gBKF&z)e4p1(fI_kG>2mQ%u)cEPhd&)8 z5IvG6h=(<9KZT(n=dD&)^l0oGNZ@q=^d${+6pU{~8vNC%>xH?z6`T5;k9j`EO|qzV z>q=4+T{q%`5@Jw7U(ANbat?600EUh*E9U4h*2|tRz`e{%Mdr6!f z%Ctj>p{e0@ku3>hTK{3SY#_t@iFVV@G^x+V37I@J;gKaEHpgEQMg zIjA8Z3S}-_2gU{#fPgsNEbw2Z9gTt{F`b*KzIJp@XF4CAmrm#3zcT5poy8kpL?zhc zl>1kWWeHzE+{!Q(y=&f;^j3(+nAt9EtT!O0OFRWJlimukPUgaMY0_IER>~xcT4NM5 z(yyM&q$x}q83ojahOy{nGhgNWALdH2+69spbKhZJ2_5gF(QX3PGT>GQ%!WR80kp;j zy%H~^kS_PDO$>L3L}>OI)UL}>drp4y%LF6ak8>|H%9Y}`AoZOvfBc;bULp&UXyI^} z(>n$=t=M78VTJhMP8MX-e^bTwxx^>OTejK)g$%OuM1RHvqlp$Mka?vk19m@WmuclqOXi(p=5?_0 zMke!4H1nKRUf*P1rkU5#$~!pQrsW%&d!EHJd{*8U$-Gz1yv|l$YclUKGtXt^J($e9 z(ah^&<>|@1C1xI;%Ol?S#Z}2X^7jxe-K;!+GH;xj=eF|BPUa0X^SWDk{gZi}%)A~} zUZTow`**PRsXoQZ`zo17%Mr@+Sb4Ez-cx2?Pb=?{WZtc2-f>pm+GO4}W?nCu2YDPN zs*~BXkge{w1hG=Q-<<_f{n8TaVup2DQrR>N1z4zO?Pj62GNQeZLB5=kD`=|5Vx>~- zUoL;fL{rHD*cl|WSV-J`B@3-x@?)s%q~tP%Z_Z+dSs+bx+?6}DcuayuN_RL31dn*!?evzZ`bFTPN-d` zv@^`R?O@2`LolY)Gt6V{U~V;GOzCHs>)XLBGGWY7z%UEi!Avz_%+bIwDf-y%6!#vdv=I5thL;0yA=#2FIemsk#WS+?492Z;JMsMwadK_563zBkC z(^YEueNfpcTLJ9fiSOKbIAsr??Q0;+7GJeeA@cY5wHU0LEPloe`=nD~Q{~_|EU$tm z{a7LX1`L42+t~y0a#w|Th`(`yDo>32n2^vU+nd%=KZkcQ7NZNDUQXb-#C>vVvo}<@ zeoP`+n~?s|Qw4m?kGL+Dbu4TR&s)38k1+@E!5rFi56mIFSzdKM_ovHlB)X3Vv`fDWBNUM%eI zpwGz0fZ6*rkdiv4ts?BV$uBSxFT!s|8!SpS*`BSvWP8##N2x!Ff7qM?Rh{&+nSbX4 z7xQl>$q5*H9?0!2$;JDH?j3CcvlY?@Q+*mOfy#tHdf)R?}NaDpI2)!$lx{on3H%f)g+D1 z3oS+|o0C|-W9F8eoJj`{Jz|S_p)6~|} zq6wY9%&rXk{jxvdzO58bzCx9dq+bP|E#AP^Ym`obFyF?@V(>q|C%Y7UQ=&SuL4)0` zmEs&20Frl$Xru*17g-Q9ejUy-kUWBmbia?}k^4^l$|iX!pOpd|CrFYj)eSV#GR0Q| zs0nUk_|bUUM*0^ zUxm;meynLQAq-!K`QUF!d}rABy3%|w${YT|=!O&Hhp}2~0=^0{Sr*58kaY$7YnOwZ znXERiM6RA_-Q9}Aq2@jgjWsT;=ag$vK0Y*m%8Ygfk z73>dp)JvVl32GrtlRTiVQAxHS2?dHNypWf6)6)X>Ul2R!1nyn$F)QiabGyGuzF|qz zg(JlzsZ#tlUXt_?NLos|=O`pS(1S^m(wpoo*55R7p?BLt zr%RhFXMJJKK&@q!020rk zS5%7AnR%!)Ji(Zk--fqrw}+avgW|t#DjVL6xp9)3VfS%&-r7PRS9E8F8nXg;MD{j5 zw1Vw}N^~6#2Rg-So+n*QG0>c8IB9}a$roy!B*LbTI0mEcb~ad-k9vlBN!r z67(fGdRNu-TW>t#o?W}?NRKzS^K5cvzr;+{Yu)-1kElHpZmiwx5hxE-inZL)aASqK zu#-0nl8)JEGyS#gJHiJAN64n7Ar@4s+A={l9C zW7OprU-8i|R}csMMh_;DbBT3%rhI=3Xp(O#G87vPi9D!|fOul2CAYmzNggK$0>C=x zG zTuc83v!FMZ;^}J?gVq@usV#PdI{Ddg)2I<@3odREL7Ck z#FDY%Y+0VPVfuP?)t$j5=VP-D#c~5v)O>{ ziE)@D{*y!|*E?oDtkw#jIE2U9SSN&z!x0h8cd~3j>xvI(5w~hH)of~?di-R4330_4 z$4sjlrRh#&;P~(fuoq}{z7d~T4r`zL#b>WcYjDfT+6wLGfY{65sGC$tyNRQm7jZPF zQ1sO7NDbzduJRY=mg9IoFGrkaL*1@V!}Nkv71^harzs{1&exZtKu)6CjhRM#(}z1G zu436}E=kj$e>2B7#25C~Fj2o%j+s<@i{!=1ug0-ul9{9APonaLvOK`gq3PBq>ZbC* zitIle!ac!6XbLDiPo-Netn7m!wH~a3xo}EH8dn}hC@A$4h|)H8;W6)8;oxBVhU>u_k;gZ_+Mqi zK%U+|10ZaiB$f;lmu=x@lfnNW$b~Z>IwLfK6Y~>vSE9j-HPTB3$OOC4f%1-)Pkb?x z+V4DslFrxK@HBA8ekS zKc#jdU&z8P6xO?yCg(1{+~!HBL;qVIOpSK%9@W zX~Yj&h`RjZ0@>xOKn zt3%$>MkjZ|R~=?1pvq8JtD5ixyNV3vPx!6;odqq}L67`=E)NgXW!%nEYuv(w6B#7L z#%e}FpG0$<&UGhe2)X}EEB5?0oWfvrK`lb((cMm7Z1#JC*HxQ%d_gCyM!puS5I;#C zN}h%)L}rD_(@B?EJe}hc?%EWdp1#Q*SK;xi63ol4o0yl0L^y8~j}DN5Q8vIBuqr{E z2qgg&8z93G$~>xum;N)ixaCEb3X<$qL@!3e_$_8q?Fd|oP5M*BB+h{Pu0Guy4)89= zaDLJwOBBRbe9Yc5OvGm(BgsDK+s3lPu<$!sDBi%CY6u^$2}cqcbzcU=>yi*jES6x> zzQO8Kj7N|e=vF7XRxIhl6Mb{2Oc~s97uE%GdUtxo>u@rPZ(mM=UI0)C(un}vmkM|< z0d8{amj`3$tPok9ay?GHiAagi=r^~9hKg<5613@`0Zgz3*tHOV@sm-3n=WD&@SrTY zL5eVAymsFgw)gB2DC-*zRgo-vgL< z`S)KbS$(}bKAw^vGT%l3sb_n7{wQjyldc`p`6D`q1e+m8RB^gH&3;YIfAN3hyU!%N zN0i4}Jx5e?o-4&1l>Q-_L@B@i*!i^Hm;V9Ibv>UZ291RdtTq%6OeC};JJOtE%avE> zqgUKMq+3n!i3=owYH7n1e?e@2Vqkw@dtXfc-4k7%FCztQ6M|B=7v==o^> zXyIet9*aMt#k^zWN18_`+jqI_pg(M%#Y_5&dN-^&7C-Tz3izR6oW6(a0T?z?UaGT% zSK3SM5l=?qlc|<|=lkx^VP2ghqjc8`$>LXWKv1L{5KBiUb*#Tkax#TVhEQ}xSq{~fCuuwE;r?p+w89d?K4^Bi5L zr=Gb;%&ftDT}rG)7(hfa@&$rUaY@8NG*ukfL%2%iF&_Xagj>K8U$t2 zuPK7E;UOd%{Wd&Ce|l~BH~n#Mz;+9+p>KdE21npoGVRj!vNU-xdxI!YP5S}AJyE*2v+^P+!`p$O!+GSmdOD z8`tjPrTLsz^ZQHdJ5>S8^*GJtaG-yPYI)_iPiZMDrl~j6=%lP|MzTH^rmxR3f@&CX-x4Sgc5w!6zQDTmQUne~($M#jT_ z@%6u%E9w)?2>XNR8uMSEZ&zbkp|2ACSFxIFqgDE=OC&3oP85$Dvd}jc|0+d}B+GO` z6oP-4{4jn8=$){R2`SXd-qa0$Ml%hL6!9@S8-1gG2vIV7;e$9=XO8EMBxB&w#A4pE zxD(qew!?+i%d~@nZpzYC++6C_gd8k4lGM%fXX@+FDE@Yq`N1qrWqJhHlV64*A|$bJZ@_t}6hG3Q&WfrD9P zd)P5O!|RH50>zGi55W^3#t*rFI*5nmgLe5Mj`xIiotjcnYx|D99)_gsSO?h9u44~L z0<7Ux=tv{)zVI%AEE|Fx<|sr{j!rBY~y(&F*7YR@jf!o~Ir{TWR|>m(4ZKgz*N z&BK^hK%E5S_Cvv)kL@*WA*6F}C>v|K(16IHjBq~Acv93+H~x->vcYl-E|Wxf7*1A< zO3BNCEAMwyr@4?wheA(&mc@bGM(^SCX;zaMgjC;BSs#W$M^qFJQcS1CQjbDTD{;!Y zpEci6d=%tX$XvunDe%+xB@&&^Gs{jnv%E($OZZLg%jt=y`B9(>A5FV7X>HWL;Vsbq zvU9R&)Ol&tP08ghfnTc^oL7S=sb8I$6xyqILaVS!cOZOCDTS|L{k&@PE;N)!H16lG z+Vc^?uDcWvd?WEMIWCAsi0#<$dj~G>Ps0wI#8B z9#C0wAb}h6Vx8a^a%fjNE5vgvEf&usak%gs7QX=L*__UlMKk9V%9DG-j`IOKW&k`*Hj3^VYbX_%}wE zs*p=$JCE4HO!7BFV2_k7gH-;mNa62F@OSSI?f6UmLs~uLiWFpoJLpBu6y;9#Qc8a2 z(eg)|rLk*!a!ib%PvN6x=j)5(e9+po)b4Bog}J zjj%_^hlam-Mm7&GIX+rba?GLDk`qWM$mPrAL>@NTG|_GaX_ z%+Lvu-!j6dW0WS9VIMdVaKU#KaHgb_A|$;FMF?GrdzbxWMRX;)=0g2;*1<5N-Zg088#)hz8rUYeiNzB|>`NXR`URx0oOIBYwtaWAJmd5l z8ZuLid=yqIj_1==Dy8Wnz~t|Rd^S3VBO;npY<`N_tJA)l=w}Lq5{&{C9ieiH36d=s z=qu6YF$=xU6|HePag(M`Ui!k+C$gv(lk*@EIYJUy8GxflbmV;?kFEgUatMZW>p?is z3Gj8ULA9h^4nND37|RL4k7$t5lYV`RUl7KC_*~|zd8@L>``{E;NGeS}#T$UIGm~aR=zOOLJpO-Hoq4M}4_6tCwlqupqE^@s}Gd1QgxWdZK*FVdu%6c282bdzV`Ak*`- zQBs_1C*T=A3Wh!D?-2M$CNv1g9Qr<#G^_T2nWY;6n$jtv@N=0Os8-SO$vRetH>Zqgq`Bq z&v6=AA^9;AdVgW*p9|!?$#zbWnR_X=v3L>>4>V3stLUcGaEd`FZJZ)g$0Aibj2)8jc*^REEVR%#lRj3i#(Co z#vcJ)D1jJ9Dx}Y3GS(BP5GahOe|{>*RGE|36G(Jm#&u&Z<_GQYn+{}UL)SnYu%ovh z`>k|M9wa%)I;~~#Ma)X2k@w&ehBsAQF#cfw>rOAhPPbrJE~OxK@Y*`X94Y>h(HY^3 zVbvj}O7y(#(hyL~>L>9O#qo$oQ* zH!LNeezz~5my%Dv+vkr;$*14#^GB!T)9?2AV^i|!x1EpkM};s}On>)ji&>}uP;c_r z%!k#uwwm%%1&aN{STET7MFGUac$)m#gGJE?QatG{#_@>BK*^}bBepH09aJ}8d7u;H z6zhu16sdQiPAqHse8u`IcrvF4M4t~Cm2`8Yj&R!_)-yO%R&bVx%X)*SnT0==-*m@> z`^W4LxfoBI&5Bu`;IB^FyGi+QnM>f5>BNS2rSkLt)n9DM{~zE#>Uj7A_@j=GKY%~# zc=-ePqmG|HfIsSZ`U7~cEl^hcam2gFtU^J@@em6Hs-HfE9&pN~mma3T*@pd@cf*t7 z2RmW{-721)B4duP#3y^B=_tp5sdkv~`;o4fIk$4is9bVa6V`X}C`R;l!my84gK)Tb z6C*^w2Y8CY^xZTXd6=gL10GSR^p!4S2)Sc{2IkZ-nrc?M5@!o>KbOEmGJ`3aveHPG zW`S*(519sMViknr|8K43qXcM9cb~Yp$@~cSN}L_^H6juc&Wn9TXOZ0?2<|hV82A(I zED>dS`ZTA0{HlW)IIFER4x|cJ;9ZeruE;WHe*{j)`z=3WI@Lao>_*I~Z}4-0@&jzr zx`lLEYJqaqnfovt7br^-O4Ban;y(UCmvXHeR&Ap{5&5lyavhExaQXfD?*hK#F2EbT zBCog>D2F>b`u6t}yrV?lW5ieH^j)A_IioM`q=!BO?6w8U&Nmk*wL9B(w6$i0-1zxs ztoUg-a?0@fTUgZ&b%8R0q7An55(Xq;z|bquSjS zsOFnwwI-3#S%9YO@6)qWs8$+E3FCD9W9eIJ2H{I-#uiCXl;WULHsMRjUYttdN-X05 zvz<6$vouckg-m@-J@qzv>Sv`6z6ONOSPOTg!x)^uJ^$VOwk|()c{MzjU_9tRNCU&v z%}us9e|sF>Dw1b+!E4xVd^Peau`A@MAFDV*E=WK3qV`U~4y6GeE?V>RGmmgAWfS_) z-4+QJ`r1bzny&nJ;k$u7a1fon6oNoVM`&+Hc6ErXh?A{XhF2iByFbtrdPf4GTv?+g_nvlR~?okzzbm|-xmBkRgI+x(W$*9^3JyhJn0$? zcwbd^0zzeuaXgG&>uMGC)_XILe8}Ye^E;K>>|{mqTf! zxO)6B;|%ZM#<8A8w+FOtb$W(_A$hc{8(S_e-%G>Q-RK;LXPLGZkIOh09n!QN0aHQh zD1DMsp9H>;3NiYd{kI0E5;BPUcsT|vj@|`e?Ze2o;L?lWQe1g9r{|h4>SMd=6LS~6 zt2}#fLCjHAqaAE95ccCAx#-n37iLDjRg`D%lph^%y4ZNk-VfFA#?fJj!giyNJm1Y# zWor8i@Y;_GInq9ee3Kbj@iZzsp1K4#xT#NeQlGRoI%jd8G>#_*$&PzTLKS;5jsP?6 zhP*hb+YLl*FuR8~w~JW0sJX>!u`&)zpWkeSrAP8GX#R#PAumJ`RK4+)ZS3F&+Ex?J!RpFGx z;%xEdo#wm|8Yq_R*vpTTDA8M~Ubr^y+iG4iQKAtf`30R9tXxqu+{(V-GHjsLmuKL~iX~n#&rTod7b78`zy}+2a0;1318h z^=gQq!1VCIfXGEVP{imR%uy?t-NEJHkoK{3)tDDEQ(I5xw}f^NH5(PJ&`aGMgU}H? zMO{G%GQ^(O*mBdSy0s#jx356;Zg3Itncn7=Gl)~Gt@cc-6qoPdWPpxG)=E2T6xdIm zpyM#KvXFC=ML9gIa4WY4Pm)y@1#3a``yVmQ0rC6Y+$On)*P432EKA(=cg{Q7d1jn# z$`aMkgy6>!`Fdf}zLMLebRz;ja&n;1VYKd4dc4H0#SqV9$pAK-p#|_%%hKwEw_zdJ z;}@IGpmcdaI6OGGKsLc+oEMxUe};@v^2+&Ggd%5_E;a_jzah&-_UDAV1+SDDi;OP8 zMe=7@C0hw>c=JPML!}6NxuW(Cc<3Osg+my_|n@XpAgAvYqWg6=j@W)4I?a0BeL|3A;egb8~(YILdKmrkIO{s1j zEuoiYi}#yJ3J`rWfw$8-00a{HwNb=*54G^Z9JfrwiLdfcpgAQn+7liC%N<*K8e$6N ziRl`|aqBpV(8Lgs=c0ao-JEc$%@u+I->@}Xh1!1I@-~9u1(+1k6HAMNvBVJ6vfI# z1PG5w;Ogy1A&~2%{wH2JU#8;i&kJUY6`Y>7{wMx3e;v&G)a9iduaV|#0zo`?31GJq z)@A?A6k9C34mR|^au zD|FGYjL*9r{hhL3HwIHtmfjgd?F4c%iG8nQ7Q!v>&_F!Hb#gOLKr|M7;v3|kbur8m z4oB)%oppb*4`c+fX`KbzLOtM-J7t6<%s%O5+ZRMXYUpXV!MKibmE)k7r8r9eOJUmj8vctk{}jIeIG_BD#j9AJd}8@Po+&K-LG|f{ zY5ppFC;dx&8#`V8^Q8RilSUmy{s|w>SK9hDK+1>9!`8(3aq1|J?<^Sd9kKhTRyP`m9%0F*!kN^Y|bfN9J)oh1jAmCQ|Jgo!Z zb08ue^{MkU1^DS)U`IWmYILv*APecd#zMm1Zo9e=@<6WzK;z@Q`CXX9m7b;Z5=$lu zXFc8;9=nHm;jT8+yNWSTrWGzYse`v~ksn*h^x4PacgZYv_g5`15t+ z)On48iH)_s%IW2F*vic!g`8KrOkF4onr0kY@4UMT6SCHw{+0J7$wthB@)(AO4hGk< z8Yf^!$hCN2qqDHly=5K%@hH?=uF8Pg)B(p8F9n5>%}`&nTJMhH6+%>Wx|ZYReezj1 zvhyDMWBn-buB+xmU*b#x61#8a9IeIZUK#KwdQ<&|D}Q@spgd9TqS>Fr>7-1z=wIHy zqVxMNZAPVJQ*?puV?|d6CM!{Fl)^B$gmF`XeBlutzTOiancv3eI4+en`@~eq{(_H` zDBH_haahPH2Ft<)TUWeeOv>N8i8{d2FBJrEs#U&6viyDkolD$MqI>ZZ`*;NT*-g9% zDA=-MD->}vwl=dvvwUK!OlHhPBldY|!IP7}7gR1yT35J_0-d*kp`k19T*=Zx(@U=`oSF;R2FMO?@@hZCv3 ziB^5Xt@=VIaMQ4<$5nQ=t9+ZAz-Hy_R%xmJlq4Vh71@&w5zA>TA^}=7$P$lS4KLQx zF^aM4SO^+%5UZIFUMQ1V(C@ACj1zvOVk_php;v1>k^PjC$2wLCU~Ni2d%0gu18NvTHPRsJPgIX$s`0`r-XU%)b!LXE@#^eAg6(7n~nJO3g_&{pFa4!j`A$rejDv3W+rflh~MTVsX1xAyN0 ztG-Zgl{{`-fX?$i^D>u^4^UF0D#XBxS%Jx;$5*56d68Ye>rJQvl+H@gGk?mAWsIKM|qgASea2R0As2bS@+)vJ)68}7*Yw0&ZZKeX8$*`7^d zl(A0s2vxr5%HxUYq5R$7+W8aBe427l*12KO!2X`dfoV%S>o{_S-?q2^_1F14P^e@4 zz9x$ECGTsYo^0{&C9L}}wfwJmX_ujBBqd(jGXCaxX+3TrB;<$q{}wOpV56+<*zwX1 zFocWZr8VhR{l|)z#`7D@_DzsgiqEEkp&Sj)iqEFo^-a-Y;8r#QQ73gI?zag|)<>sV z>rREjMp(AEk!!98`8#wRz%EV!iytdq+X=F^20LEcFeJcYMqfuE95{>x`iP%qe7C(f zFgKF$ZaiX<3UAKexO*3xsfQgnAk<9^UQK6-fFuYtnH>=8B@zlXIprF%EXaB~A1715 z3T&vfD3f1WPdI8@6Ry97kvD7VT!2%f@k8PBUv$P&&Iu)u(INdM7# zKTC{39dJE>z!PyNgEk#xjaLL0g0$0Rjl?0umw1DXdit=}Q|5XO)~Xes?bRC7-F5|8 zJrI%Uh({EbMg5{`4O7BX)0N_-&bqegfpx8qe32zBy&Y-enwITYNDNcVSAf6xM+uj^z*YJHB-S!xf= z$?DT2aO3fu8%?$H>#|@S7&U1#Gb&a(uLLY)!-gzneN#O?eWL46>?xti`U@n8ez-@i zmHOzLSdJr6J`q?$0*G;@L~#tn5i6xI*OVp3LQ$Z95NSxCgu|`1m0;cpkpmrHfIHct zO#av>&gsT0i!siBz6}ajo(0llrB%pYu`GICf3eF00i7BPJloHBo1Pr9I-wl{i408FLUY-)dMVnw@D{S(qbh%=f+Ch zNO#0avPr|nN^(*^v&1i%u8eLMqp|y$;}8WX!1Cmsi!*04zjS+ z&c_MWIEBM%E6M5@?iyK%(Yz)IsOVN zNHWHnpfRnMWTOaV*yJ1iaOa^aVxcgri7TIS)&;I@_y;R_?X-LMzno&&bQgzX6`J}eI3yhFXUn>A32gFy_`yP8>6 z+4#{)=Rp-^CGya@*?qa+rP(){cn-k`oehp-Ctv|qBg68y<1QUG;%{!j!GXc3%S|$h zzr(0b{AJN=*c%>X1R}3yrV?}{P-tWVM<(xWU@qBZn`?9M@-*u0?Gv#Tl7qlY(sC8X zx;DzIFCjy6KJ+H`?j|B0ro@1u>dUwHpD|@##_8s>SieKtn8W;6Cz?t3{0GZ|xXbm9 z(HrmCrPuZ;z;x7x)=$h`bpY)vT;Yxt=0YIP+erUl9~4~hLL<8yw&OyO6G{tZ_&M-w zGBu5%NezzBbGr}2W4$f29!n&=0kRE7yHopu&UO5XcA@>bDB@^q!J)?lxC-r?l{ia# zO#+Ov3~O^pkFUu=^Ft>?p4>35Pu6}wq4;}%hxjT@95ywUh<62c%AkvA1&5R- z1e7EHM$=OKm2+XkLj3e6D<^-dcmeNpVl?6W$Qr=GX4#S`I8;k(5(uxciz-DdL?G5` zClenqI;udYn`G=f?tD__1N4&YF{P7N9B=AH(wjXcLQ`)Nykf)m)=P2#PuN#@U5FMwUd>GkMPBnV(T1M%V@udK0^wVXS5OUufSBw6?d^Km`;MSKRdP8 znEz9t{`tojaD-_GwKqt4ESK#EF*v3VOj50Yl5C2v$(b&bed|!HV1?JK+_0Ju{0KKA z-mCkBcTJrj4{ksudO5PB<@Qc34-F>mlJ9t$C4dDcxn>nF)Y}878aWY6%@9$97$e8y zI0Wa8v{z-T>(TW|RYnrTNqE{ju0(%BCOE(YrL8clqY^c6!dzc6S^E|8s6^=$s*IzU zC+=Kj*L^ZLtY>-k^C#;!5`M&s%+Di%AQrDVy$6hehEe!ei)&v{jgW-+Z9t48+n|=L zc;eUhbvDA$XpC&cva7if{76aIt=~cD;j@c;l|fP^3edr8@23vlqW!4-CVo2&KU-k3 z;VuK1nyp;>IAzi}w|W*v>&e`^7>_&{PeISduLL<(%j0c0_dwvNi=wYMY3RnkrIQmF zA|Kg!{uyqR8?`K$a`smHFz~HV#SDITD8~M|4r2 z6Dv}?n>*yLCEOwCN~kh%BM(RCm}0NDwhPH?{CLy~2_v@??n>gA+Yi7(VYUl>bH zCHf_Pp(g!_dipVOGOZ-AC@N1>`@}_Zd;Jh#37`-2 z#v0ID4q_PS&e2M@b(|vh zqumIshZaJYjqyzm_rnf@SUQ+8Fk_J(!aR~3 z!vpwU^rH(>vhYLu+_q9lXXoR(o5{@!%*xU0k=hzZD0eFaDg(0T!7&?0BkDr0fLOPq zZfN{km@91PWJ78^P{)PJ%>Yk@QkrH1hzuXnSD2v5(m{BEeqc9z%^CUIfe@xd24)_& z63qiJaKRe|MtrfH)h(VCFD2xj@X)r%Dj>k!Y2E47YO1sg=R+|JL=x5?37@qfyZFC2 zy@rX*5i$!n(+i;c(+lLIfL}OjNRg8zMDa8RA%sLY58|Rv^0XCY<%VWJWJ1$6Wuq{7 z*6c&jV_;UTaHnADK^qOrZ2tw?f$efME?0@t?G)lH zEUdTj6Y;|z=UJ8a4Pe<$0H<&-;vuL zuLX?h-y*(M&%;3vFz=&=onghAD;HlQd0mR-RLa`6FJ0Ini&<$Rhck*7)J(1$BFP4) zJOvZ85g-s}8gl&Ni?4}ZdJ`7MR&d8@_=0upUV)$D&So|m5MK?^+yH~-^dz_viHR5x zD&PT+*k-A8?OeumfrDDn{8-VvexL$JRubh_XNP}ArHRZ%XX+Dhu?jckIzXNZw$z?Z zO|?V>E7Q~-4}0R{Pz>uY+99KBTXF$~d3kp(JiU?k9lRs>5Iq-%fuTfa!R*l|tUv`y zbUfKfs6=TROLkIil{Sae!6`tK#=D*HT%Zif$0@pc8?VtkO2ebHU|(JXO!wedk^zW} zN#CQqKsE%(2=hnrAf<89b|h_sJ;1RmX{g*RCubAyErjrg69Qja^OeB)?G zLtE`kbnOX|!yPwvL@{N`k66DR;O*Km&S%)eBD;C8>}Ct^FH6(Ac>)Tjb#v2?i3D!3 zx|GHRv=HE7qgQ*OQ}Rf+;Gjd(6#Na+UExvC1{A|q;d^q3nxjNJA`e7ukVNf6Yw}Eb zlpEsUaNGj`i# z>e%zauo#+y#b23AK6+OnWX0@60ZH3E4u*L9seF*+7`c=wTv-RnaGyIaNKXVa`wSuL<6ZL)xvc`83Ki0%$U!4#4A6h zNIV>acz#@&OWWcT_sgO_F&S?_0!L(jcZ87vNx08?$&Tn&^W`ULx%uEdukJ_Xu8oR&eweN(&jL{X>3^}8$vWToCN|rSDO3~ zNv)N2ayTo}O5Ne+OY#MV(sULwkwzEzXtdtJCDC>Ffk+6{r=*14;?g40!Q?D?EwaC- z5-p~>h?=RA8XWs5P4&Ws?~4xr2+BHzff%142BhH712w0>&{~zIm!RORS_hl8uIF0! zhCZm^T7N7wYYpQdEL=l*>vO{|tj`EvM1wU*Fj?YXPZ4uzq+CD_ESGq3F}EGI6kfNa z%>qhXCx2}IdnBq)w0e8}HLHl?!u0Taynm1q$aqn4k)7iNj{_HsY8 zZ@JRY2cYqj0hZs!zAdBM}k#NNSgjDq&$dz2+6sdIT z0v@zE|KbG-pkcP~nqxbnHYGh4c6`k&{c?|9lC>ToVtMw@-wOv?E-o0vGf_cg3mvh^ zq1_<7_q>x>=0vdOeW*nH5gkh*8f(aBzlOXhVCK+TKH8v7sA8w90{-NXwOG4|wXQZ{ zKJ3CSfHekc7qo+!nF`Y#Fn-LwemVPwmg4H1yKg<&q;FtCvc(fy5??;e+eKti< z%5RJ8&kps9?C&ctU_{1r5A}#YL9~rgl!gcK1E<-n`yhy3u55DR>d;Mp{*l;73L#3c zu?(E6ZBD?+_o;q?tA1?8%ykAzOa)a253SNah|{=S`*LxS!>p>D`%5hpc{azwTwrg-1CcsEGf zXC1RoN(gvQV}PeKoQk9NTdgng=wTYu$NhwO-#;lmK}(4n8;HG)f;1W_F?32>sk<K*7z?V{D>!J^h`@y_aV2Y@si)?%%+1?N#H)$0r+e3w}BqB zJ6!roHwa3tI;GxHsMPGxNc2*;7d8lzsCMqAdef4!t$Oj8)9lu?tbeWs^jAstr12w5 z@}qZ>A5$=>h$Y#^m{huOSB}#|gP1EP=>cctx9m_};ykG-D?Ui! zNoqz1qU=BRdtz|uboYyKKUr}`XUoC+*_D=h8%NbGgxrPnZ~U)b)1a!r+zAKcBB>{ezYJc-U{J0Zn7c zVFYSjVpZ8)R*A{*rhP=J3-diJgSw9xBO1{aQ*VvTqW6Jjr3Xw0{WKc+1R$QCnCA$0 zg;9|kSw7DZ@~YcyYU+ZQff}Dh4ZQ^*qfA6NB!vPC1@pE130i;q z2kAQ!^nvOQ3!}OUW7c>`ebY{$Y2LUE9=A_|GerQZ*c{vwp+6~A&Fp~9MEU+Sk9y2b z*wLvy z45FV3Mp|Xq>+2V5Mlm&L%hY6+257%H-OlnSv##W5&dGtJgyRef~Db8SEEXL$9LCAw&43+Q@t9Sk45Le|SlW4?3 zQ&g2EQlZewMS`V0bZ%W&3r;%cfXHeR=c3One_QHC=_0S6O z#^q9`TUSo=SBNk8izD+;TplN`wfv41EiWI#Z=pw=V%SvXCA2XFVj`L}h5^t+;m7c* zyVx^@^NrJCFkw{`{R?V>aWt5k+<@OSxbX=1mLe0a(r^`0)j_cE&AFRJ_5S;L;8cp+ zWqt87K=F8my!*5dv^Qux<2{IS@!NyMZ#Om;onEv}KJL)4v*t8EVgr6=W@6(V?ggcx z9sp?QDQqia$T#ld&eFC3RX{v0p=k$AYo+T*ccc{$m*B}|gOgBnx>?le-GF|FL%EyV z8#-D04qN{o16ihsr$v3MV(1DkJfY=oxyg*uN-X!sInv+`l{i^8^gU?z<)hN$ZyesS`* z1jHB{Sc%pn1?K@}3P3ySHF#(`G@?>G^FFuSe1#d9!voZpY#FYR*ZH9T?_n`ED)SRh zW}qwSno$?s=ZRc{V^V$DvWjjG7r-MGsmXDK^R${A<1}q%wwV+91}~O9VWVAUp}kI` zHP8Q~uw%hG5)?9r@Yf>{fd}%E#xM0X3mv~FD2Cm_;)ec2w7fU1JcPJxLfbKCQB7X48wo0Xnr z6Y<}L_)o=uHMCc7KeF_av07O%wlwjYcwu&yM=9B+O@nm_AH~LfZ}gJixmd5@d!Ch# z?Rap0W3~02t(RZ}abtZyv;1Ja#H*DJ(@UU>H|CvSrsnA-!|+|0YkrT?OY-pDY<-W` zOGXj=cC*&8ddX<$`WeQQSQ+#SuvRGLT5fm%SCOTqegQ@yh*)VEwtSpbJ zjg^g}+G1s+sghXPSi-#_@3mf@#VuD%Jx&@u2(xT#8Tp zCWkjYUQ?9guY}OuHk8MN9Y|7XxDn)UsGdD$&1)(v{RzJraj2&zv_qKQ*HZky_+9u%p8yAYA6NKXvSbShb!DnINpbD^w6dm)FMl(;}oi#+WRH|NmB%vCK`uq710y?o6{Z?gP4*Ys3`E<;c! zm^r-K$AS~PF9N4zdSD(WAL7eq>GnQEYzLuGI4{ngZEAh*LM2)bPlkS7J(~8ABbT-X z3X!0V^5RN`j=q>nc%XNJL?gYSTx z^l%>#iEdu(pO^|m`$slYfwQ3*(*aIMb!2-5^&GLBfc(hygctMYXh<&36R{I~J+?0C zFvEIRxOW7StTbGMFN7N1xolwkD*Q}9Vpm;sIKj}6W;o1R$y>W-I>EJRcvkN`oN#Ers8hUx+5j048|9B!*+LME{ZjBUSBdsTL3B{T=a|%^9q^$ot+L#HxHJR%7}cQ> zTG{+qnMx&NW!3Uei2i8BURPWFD*SSWpF^MK=I>LUT^H{}Gko?Xm z_9sw94r769$^0voHYRWSrh;PWU%1zBR-r6}da|?wjWb}sEv2Bs*RyGf-MLNlts3gyqwk5s|c`RMHXt|xP6w~#t*{vk6W+hYJ0HqJ%R8zUdSAz^*_e0FTSa5grD1^{2$ z4%79JL)yV2<4C{VyB>dNt*u0_!>_i|>cVgzUIAx_QIH7y02>0x z2SDBm(ZdSHP&-S%(gz8?kVLyebehe*O$RtD#PR&$(%_H7K^?qrT$PgfJAd$DLnmtR z2z@PaAJ_cQRhTE;UZVq*EcQ;O0b3!ba(sad8Zxv^)Iai~x1PSq!2L&G?r2Ch>kG63 z{tRd!bUxB}+Oxv1R*COt5h)b4=0Ymp81+&Y`6@8E?>L2x4q7)VO*djZv`v@+hx>yN zd$4v0z--on(uTD(R1j@@9Wu<-WIcZ3J}8Gbpn(ocoHz0NwUtfE3}pd}7XT?(LPgpx z;yPxYlEVK(+Pi>9Ssf4Do3M}t7IwjiK?4Mh8Z;tNssvC21c-_n2uVF-pMurQWMzt$NlKK`jBavfpp!yzgED^xyCMd>+ZZ z=Q?N3oH=vm%*+vp;XhH?RMtUuzW8;ef#^tTF~Gc9gWdguQ!FPx#>wBz{W{B$oh_^f z817tI+iyr)uJAC71GFqvf!x4uDgb9QzTnKj;F8e?g zc#4M9s2qJMdTuG%XiHZ2EbnTT@2^{o*bOTXebu>Pp}izPsLc+F?O{V|b+$F}4`5-z zQs5hk=Rv{;7I*(u2=$`8K zkIIqEMZqN%zhNs@KNjlzGZh;pZLy}o zg6qxFgtA6a4V9Y2O}ZW#>LbmjRU=%$MWbh+MZU|do@YICVn5*VX5(9=L(%2Md+fH` z2)@;s+5Q2&F;&gq(b-<7b3NWI|5dmA@=W>Kh+F<>w>&vMX9n*~yVoBU-)?+}u&Kc| zg4LWOPFw#E#zFjuu&Kui;sE)=?XcDln@Vk?kAK`g{&V|_=O<}35)VL@I#w)}%ODsz z&5D0#NxhBV;L?Z0$g9y^KllCIEd5B#Jug2m{vP_A|L(7!sHvc?a580)l&|dbofkin z{E2c- zS(5hr8ME;Yv-nOg37gxYC|OKPcv+V&p#Ka$SGIu->n|whDDi zMo7y{Tq;Kzgw7Q+5qYZLioJy5YBIFq-=DwDdyST4)XeTw;L6!0ETDSqm+H|vczA58 z^b$0!H%KpRjp7eMUu%0CnWy! zw70~zr*?K=Q%t#vH>ePZiB_onHX1|74z-ub4|SMSFNEstY^{OTBiPuhw#W$^fu*x{ zAT_>6K~7s87xOnMHyi6je8!fjLmp_r4yAV*rQ5IMLx7@Bp!gWe2EYf3)~WU8(+3K#D)~(}tR6rZt73@vEFX3;R2W;(X#5CJtUMxY zU$GGLH3T(AG{zf|qXuGfkjoG$JnA@ARm!4Tx z`~!8Eor03+5n^|`MvH-x)?%?Zy{?~gX=!3cNtYQN-&~M6W(QqjwEWT1W0)HZ7|%R& zme)jR^)8@=kC(gG7=&7aRi#ePUG3nT2nxFLYTr_9IF;o@aiE~oggOYbxsG;N@=fOB zxk}{{jQZE4ad(l{6fw9F^MqhFYV7$G3Z=5X5Mt`qS9k$*I)Ig*Pc$5_iZ*-j(GEc?ke^ zdcL@8dH0)FIWO_t_9{lf?Mgay+s00RTYO`G=aKk7`&I7=o%5_GeoFvH>}c^wt9t~p zt?ZapjNXOyC>GUQ>lGoSR|xpyNLDAHVjt^*7VJUa-XcBhriIV2XYs%n%tm)GlF5t%+?#sC_f7tF3mM_8)K_39S{s&dShTU5j6>=JZ3H zv!P<*@Iq+qyu#4h;4p|I?7XHh0Bvz-?Rf>&5MQh+wDy`pv|8=|01BNFAI|oKM4Uh~ z;cLGt3_5jV?tC~eM!tp3hwdi888GL!5~GkHUgCi!3&c0IAX?kbi9#OC;Fwk_A;SgJ z=4up@sTtYEbiCC&W0y!TbY3!LI>*C+wt+Lcm7`M;emD@d*s zQAUSWy=mbtb>#jq)cy>g&Ide8RL3A$U2Sdg>a)JFQd`%Mw`C}MAKlm+h)lPv)ng$>m*pd)jqlT-LdOYKasLDN#+ z=uVa*CH&*9%5>!EJah(^TU{|X>Q^bzMykDhqC-YDfR}XY3Foy9LR<`>_=WB9_X}bJ zghsEsH_@)B7Nh&7VB|5crr7DSJVtX z=M~~sY~!m;zaWoPbuLBtdLOwkfn{P;u_kC=pDU})DUrxhb&q#Zun6u=$Kv4^4T$K zLG%`C%9*CzyuVx#C&F!oa1kv_qW=vt0@wBmf+xda&{RJ&`gnPD3SYZZy*3&la=TXPh3C>?n0 zxraBG3O+{~t2aN?bWS!237tQu*=#<;RWHX5BHrKDvS={=bSdtEWy#Ng#A2&dRGO#R z7OT6LO-1>N7CCGm5tJ9gj<9($QIAp!bAYA7AE_;U_V;Q!+m}Dei(>WWAQy@+s`de9`PVNDg)u4oKNFV1XGJVd0yKOm|vm>1R+E_*uK0@Uo5*%Qv!~* zzt&EGZGQ{&sUk$S{Y|HP7|`~`H?k~Mh}xVPWJ!v3BOa5nBIl*#11L5Uv*!N>yKQ-8 zo+VS>tFm-BHjp4fLy~_X6@7HaANUIeq2>@JP^D~u=?8uSYRv94GBiDjLYz{M$>=Ab z(+c*YoYIfm($$+nor5Udu%^I(t*57g|a)|Or zJ@E!i%x(0s<*PaE226)-Ek4N~d!t$2b@;_n4@pm@Mr2pinqK%gl-dZTGC6wF9%{cp zsB^Hmpo;y8eE|=Q`kbdxgq~UuJB8;S!GUtU!>AcQ4TsVfgvw`&blP4-nn>8C<~Xn0 zP{$|2+T_lL(zxu*_FCu=947xxuE2Ts=^0#h2^++Yn`~cdG*dT02Ft#>%9dd{PLL!1 z52Y$Whb601v$SdP)?ehc*1A#5uaIXne$_W@DGTCc98Q&dqL)bf)T*$xu#kB!wTf3f zTK&zY*lUS>oc_T7NDu$bW>=l1R)7hTiH%o(+k@htVJR-gF7c+|aoLTJI8&Hc*dxhQ zwTFL6i5?oCByL9%8qOa(fem!4T$)`fn!+aapf zbo6D?-53g9$XJMu$FGYZ?yxg~UlFGQe}kb~h*h%?C+3i?Vh^KKDNRfhE(N_FDeX?X zC~;=p;8il*U0t}J`$FwQB>l4T%NotsW@iZLBMPu6OO$_Y!U}1&&66egJb6uxrcqM@ z@ue8D{eu$<ypL}7yXV+ zvzBQ0dC8%6)`Zw7p|imn?Lzb5g`PFqt&4JV7Mh=Ba#q)pY#N)Z=jaR-F(F#3pAUE?F@l?(cj(iM@w2y#z9sZvCe|%aR*aAMTA#3 zRm2KXp|tEFi7{N&Y$|Mfd{i}?!!nH*WEwx>x)Lrs3S-0F#-egHAOcQmq&AMqwA{-o zBMVZ<>jQg^%Sf^g+3uTzZdj9+rihWiC3WW8*Qfvl6eD_SR8s9xr~Y(LO*zO<~gcsE6sWKn-D$Har)Yc zW|Dn!q~#JfWs*6{O=)pcYD}@4a;c^?8NdC`H%EcLwT!h@L|d}ejwnxG=;|jR3u{Iu z!u>OBLoAxI#G>%v3t%nbXp!sm-rJ4DeUD_%D(UU!YDeaX$n~*t5`_aN=2@7G#Ewm! z;LI$MOOu(UiCJaN%(BF+a%Uz6B*m#ln?t>!Qg1+fId(_=Y(X)QqS=C2IKI3r9UVk1 zv1}Ti8flx5e6Ln{T53s?*vt=4oE=Cs1)Z}3P9xs^UpO<1+0LT_duAduL9!bM&nhM@ zF{{D@dZr6>g#tYRpifK9;_l`RNSw)$P0LkyTNS#hjcQ)rHeo8}cCuUJI1JVQ? z$b@)nr7yZb+8-WY&d*??l_z6kP09BF#m+h^vx}xH74*!k6bKWu(8xtcYi{I@Da8oe zpH7wnLC5OqBub2Qd6YJ0my~ot^pi>4aU^J?bLJ%2Ej}?*Q^P2g{Y3FbG_|RWabUCA zv08RFe?(6EN*ThckydMq#qT97maMU%$zPJ2IdQPB1|oaC@(>2@xjyq9efuWpEVrbB ztRQ|Zyp2#88qH?SdPp~c?vM+aF*36K>FaE)D#dueYLzI3d{?7Gq(iefd+ z@>=({$f`jy_X!y2vmH6~%79Aj;#^!|o~qGlK`-=mb0;(4%;2aV{d%J*pC%bF+16RP z3Wqi972`Au^T-{isP7OJrXcjDY3`4w+2)A2t}`KLe}$|VbWhPZ#~QX7hG58oU1j7C)R8}zeOjV z_X#u8j-F)h@a&Wivay52Q9{It9CR+8WPWpnMduBZoW)ZWo$MLz{SN){k^w!%_lB38 z@}Qm0j~Acl0&%m+xZj#RNi8^NUQ+BG7CF<;#-I# z8^#8!{BzxjoL13{XEC@Yt3Qtvv8F6CPd1NTu0xE7gSe(OnG?c_U8g7$Hk+1+PsnlCUy%JvX+_X5~QR-sj}T&!>6r zAF}#>w>$3F!rE|NZTP#C&%^`26$@~v2W7vicW~0?uqWZRC?6~xn1tgq@kDhYzXf4|5pP=ty zia<|Y%Pd>Z)Lp8?hlnonz+bgTIE}ohU1@$lQ5jFqEZr!0sC}ASYq+gtqcC|E-Ev;F z51wXF_&6sJC5qhngP!D0Oy?VVJMjIO@DtRFEax!DJ3g^!Vq*5h>Q|y8BCo3Gb040~4>(K9R$VR=8G=y?@( zm?wRYAZ!MFPZPM;{$Jh?$U&Flhjs=N%q4*LZ0EBdVy0xDY01z-Uwrk{=#(VG*g^;q znC3AGJnf9&TL>pCx}mV)un%#CZ8UCePxd2lUi^?83FX+p=~xssC5Z`5W;?7OB*^Q> zWS#v5^eXWcR#Jrbs6W=+Km*fz<3#BY=eq)k{vY`0an#WkmtDY}t}tM(FMB z)@c%#>>@qnN_Sa)Fc_p>ZEFfA$PP&6i>WLzi${5L+=yD$j(3tvn~= zdsD}Ef`y`)o_bEmjxVU=W0-8anPFyFgyK_P$SGl|BS*+V3zU{Jsz>ZbkLTD~)vxGz zD75-U$sUix*o#$m3-M!w_(NMz_4_@u{K8GD--<56mY@U|eU7R>&;o%34@A6@BKB-* zIzO>Nui8lF4K|Z;Ot~ts{K)FJ68`emv6=mWzRq<^)C9yw57UhlMId7~RlISruR0vr zXJfRPr@cffNJr-bz5iNWvCSqmLGkJg5Xmdr0Io&&)c>2zYQL@@GA5HKcG%^1Hr{0r zdi+d{6@i9XjUdbVBHuq!qZThlyE6O=t6d?^MbB6%?bmYIsa5)uE#L; zg(OHY@sW?V@Oh?rSrDkFAtsAe<3_Ul@2LRK02Yi^PkOv3Uk(J)wp ztAsFk12f~og^t#M(n>nQlS|C+RKDdDiT~u7EL~XEApUujDmLvSz2$zMeUc7B7?7BP zvSF}^P)!scMD#t`Oj)dy(PR!+;l{5I1Wos-LjE?J9!L{vrN%g#nG~Pmi=F69NgW>% zXAe8z%UiBtz>6+*X*N|#LI0E~QB*JkEtFLd^3&JYeNH^9;V_)9{y&T#RlY7A#y@(0 zKv?O7mte{n5XOy z7n5&Wdavx_^Tp&W704e;0shzf4Y-IJFQzHq^0F z(&W~EOY3-N^O16|5Ir(|a=gb+(A80vtm+$@xa7IV5xBiK%u;7|^j?n6yRu7Mt(AADR}5}2z}IbG{C z8^1e{$&5fy!XHt;GLY9U)`7H4cT2uzQPna-znjeC_FFb9ZJnAmp2Edr*2^I=RlUAm{+tlsJs?^kFFIDNhcEh4V^3K_?bxB~ z)r$I{^<0VjQo;4u;UUegui_8u-wj_N);-ZPIn&Cci06(IrXVX$u2kc@r?-xb@1DU6 zi9j}1A&Zr*eAQXHF>l(T^5dBt+b=iiac6T~la5Gg9;KUP3H(#bOCag6`4$Bku&JJ@_$Cwn zBKXRI$NU5}R_B?e^1#(%45(=9yet%y&-QPwmZC0xwB$WnQhLp93Vqr~pKiy?Wn<@= z{?3L<9q&XP?+)E24m@64b+S}F$KTmpDdU~Ui(&QVq)g8_;~h&u8Sm+}|7E=YSjwcG z=|>7Vk$|W=j7xIBu=8v2Hy3&kdPz>v9m3)-r@tyU|B`9@&mZRIpMHS)AA?V6|Az;t zKNpKG$-m?P^{d?cWX%Ekck{PQ-hckb18w^w572)>;B$gtF#ZG7f4j)$Uvhx{yWITK z4^aP3H~)tRsK1h(N5_AF`d@MLlc()}eAC?gE!F$aAM56iJV5{73jD{8{{Z!`cJnVe zK>uHH^M9LLUv^yiKT>vmaX4~EEF3oHeo5dH6%l+jhrY(T^#|s*pQ(Qj_01no(V^w6 zznuEd6=C+?x|4ujG$*rI1KMQ~L0pS0NTmQjRbNbKJSNIq01Aiv} z!eIl#k*(tfgiZCt9Qn72FFJ7jwq*kUhydf?FZ|)V?*x&e{EuiTu4qQLm z|G5Y5|Mmmd&-OoZzxB2MMf^tJ7Hulj|M0$vo%PF&`pI9LzZraGd*wKc< zH{HXp(69mam^|DpI9jaZo3Woc`(!~~v1(d460<(_eA2hSqiui3t!tx`BWBmx&PL~S zHhZb|Bw;-=-CT`?W4n3(q?~Rtx~Xh`j9kWr03l;6Gv5F|s<<$J$f@~X$|K0x^2`6H z@;&`NPuucm^(~*FueK)&!jX;qV}3YcfAn>SWDT{fZ-4Zet-t5M^-n!;{d=yU{~i2e zM((%%vy!#ivaX!|Rs9e)JKIz+hQi7T?Z%+O5v_26tsu&aZyqF)q*ZFE@O8UKVu zv_F2I_A~hx&I7&)z9C_A-SPXw&pp?%em_$B%C#8C)Sp1UtzW(W`kC=RxZivo&fb06 z_r||s|KoqkR?zVe|G&q7`#$Yw;LnbK`X{p|Q(9dGfcr=WFDa+u1Q&xm}} zY36@(%t(RT^LO>~?e+ET`Y>`XzBS*>nx2XTTISaTuQe5!_T_Q`h4G${~eL?dHDO_5NS1o zKR4gvZ&8)x<>62A%>X+v!Jk_`V6K@eW&7es@uzh@(QT=3enjBSgXg?_c-(vo&(jn3 zfk*PqwWmosfo;}!?FGy~r|b`&h~OiyzYj)8xy<<8e0Ti&_9yvfK(;@(JmcSQe>#4x z^GTIVY~S(geJj>{+|3k6>Mw*xyf#AB(D;Nv7-OiD7X%9z+TGM>s^{oWVr`)5YY=zCu()mNrt9jX z9xVIqD2;M8WFkLumOtmU$n%*Y7n@Oap5Ez5QRJboFZRyQ&Qia_4GfQS*M)mT8X!(W zcjU!PP8P=*cW;FyIx;G^q|PUywbc+f4cUR1B>nt9)6vbZM5dz54Y*> zY`*B;N)t6Qp$B6i>+c^Ms&id$E+3{7YfXzh{GoiO*$Nv&VIzT){h^y)M0j9?m5Gt* z@{UU88w5*pSpM^8XoJS75LM9cD41S6$Gmf`%2X0uVCg3J=R(tYmM#=AbN;6N8Szaz zIGkR5k(oDAK}lXJJu!QI8=mVnd~>$pG1-PEW*Z*Yr{O*LPeJ$^?`%e0&x{2U^W{#N zSZBtvp19yj{>ub%SZKd4lt0Ng&^eh0*u6T>jL7M|!L)e6Lt_56Gwa$qv7kr0u14Jr zrn50|-j}aqQX=l!t2S{5ljX&MrSv>!*LJwpt4ft9I#vdt&ZwXK$ zaaFPNRQ##17%GK+)*U)KS?~f61#Kyee_j}x^HfLgivIjsHh_nXoHJ-I>}x$TzNIX| z)8bUF4|Y6{<@4Fha3CGKF!j}{=cWA>ccgwz3C-qF&@DAm_5=d=k4(%9gw_sn&Rh`R zTM!+J?_WXJKLZ1w!$kAU1uNecERmO(&|rGra#xJGe6vg?Q*H+@kNut3V7`yLh>m&= z8H2U|s3J%57c`h9UjD*;^EHeq@m{?m7gA)1ZDN4nH#G?Q;zbpV?{_3FWhMXU5SdQY zj;+^Y9XTee3Q~IKj;qluu|=vkEpJAl?&ud<*LpLw(+SksumuanDd)L2wJ{0RJHUg9XUdpa_38{# zPdqilsUxy5%KJIOAezhzmd)b0)j5YM=#k#m6wwa*Iytd7Mf%Yr@giN4k|0fjTR&k$ zHMrO|%zDK|=OQu=GM|R_rW5*ThOENFXp-~9_=A=7vEYS$@+bnStn8pO19fzhzS7-b z&e%`;_W?RLh=(_tg{rLaJ2Sw14bjuVd}?^kczR}(%6)!faWSqrtWXT?&2H_L8Cr2% zGDv2&IQs!l=Wwfx;}ns%p0NeRKkr|1U5>2NWL|S&X1Z3`z#L4*<_0s*jnZL$n-)&! zKSj_J{gXQ($-8Jkf7i8PNSBxe0|5f!7rUG(THJQ_=>;|*3b!)F&nZu`T5o&cQu>ko zBmQ9pU`|b(DVOxvF$>RT(rV|Lr@fKIj!xg#&S1@lYQ67IFD@}x+e|m(9h(sf573KD zd}xUCK&kVG>y$7ZtB5wh&9o$LDps0ycx?qAl&?vD%gXDxoSdSMT4fQqrol}9ho#|W zvvs=sVljr=OQ<4O`ivaNt>->b+e*wW+A=QJAh)*OT%fY8RO$Ev@HM1k^!N29{pyga(z9Up2z@!hd~Sg%K)z9RAK;Gpg4gYu>XAM1C`21+P&D!6Z6UP{!0jl3^mBQ;dmqju&Dtov_gT_xBG)Wj_o%xGO#l_uE zu8UUW%e!~ve@7&r+L`~&pdoqkottmvyVj#5FHgRed~?*7bft+r>6QucaSAL5~ z|9SoWD45run{WFYx=(*p^=lvI`J=6HmUH>T&viB9^2QsH@4Wtw$?wn2xBcCIjR&B=fQXL;5>Y|`4+yt<@>-V`Q}$A zX5e$n2h8vT!>4t=eNqE1~tX3gWv@iH?!uff%EyeR70a^i5ktCrxcsj-LYv86?19U)|&Q3$F>wkx*2q%x!PtEStK@A zvYefv4*cbWYg@K_9Q*mChjzotQin$*{$k{hRBS0~i6JE)bcU6ZdmkzxhdK?K%X=`V z+AGw|?PV4?&JTLNQ53V|nV~%Fq4;V&N~eXrkip_R6iCeTJJ!M;ACw|V814+~Yo0Fc zwJfwy6`QN4db0m<&L*=sfSETotI?^ZZtZr=-UW>l;5~#CRvRs6f}PlI{JL~p(;~lT zmN+m?I^8<}?3-6=^DuJw`2gJ`S}xPtO=kEh+C8+9b0%=_lejdlOPtE-XS%pY?4Ei3%A^$4RM!fdhAGAmT5|}dBA>KKTGH@i&52o#y^zjB*o!pVrV^% z{p^iXq40{8X?gVbA$|FG&RdB|cv*V}JO~E?2J0hCg5TNNG;c0TbZX>3Om72X%Ittl zOBrOmdX4OTqVGJBF-#|9pE)KM`jgDD`Ose*Gz0UXZ!&wPC}MgL59pANPL=mUI;^zr`1?!Qx5M z``dI3qZWvvjNcSnFva;ji4QR7r_S?LuM>k{kA4T72vGn}GKs-D8xYGvp0L7KM{|Sh zyUpfLwkH1gn^WK8O{#OCe5^gO7mFSnDZ7^0l&(hF_8>DEup=*i$(wfNj`h4s)qu&N zx&)fcS;s1qiA?Y+|HF14d77%0EGI{9=Qm_|=PZ{jSuwgzX3vLVo&SpXa-M{57vD4! z?GO3Wv9O}UNpOfgfS1@dZC=K{LWSZ0>z!}~S%PYIK9X|pS}+KZ!F*NE3`CDLhts08 z_Pz|NyIzO7XpoDnP@ zPtY#YGH9kw%Lc)uJftDc4q5wqS}bPr@g??yv2eOd{xwH6$=*cNCJ_3wt^(qhdiJbV z-mP?=iA-eHEJwIHX#O(Et|1#S9HvpO0O|BLLxrZjAM?$TB-Ac%ZBU?}SHPLdqg6MO zSoJ!qUg8Lg*S@ZPIfrDYUiY&Gs+xg1tJvjHzIs+5dW<=e=B07jMr4XHe)%d4R%a;G zej!Vn_sz*D<{(k3GKu*_Nn0V@Ew#Eq_adtmb^1wLA4=->#HIekwOH}{&D?%6oBrQ6 zjpH1#goeV*qnz40X9k+IQ*-tOx~DrciHC*#%j?=Mqd=1qTD_8@GJ%N-9NxFP_Q9dG zMJ<>(z4+M z(As{|UPq?Ah0<8J*PhC&2?om!9HjO*aaAvI)b>McZ-eI8q72$Tp) zLTZF=SpsuRD&v#kl-OVra=g)%w5lIWjylylm(Rbsh={GJ(Atdx)Q&ygAjfU$S7zl4 ziiXzC7TH2dJnfZ;y`Oqm=NtSG|4ftpG~82=`nlrJmz*qwV#AVKabQYBo-(vdX-c<%SjhWqD$@p(r8SzM9j@5xRO-TLG?!?S@SvuubmzkI@>~Z_qHo)L zp{8(3M~E% z_6-eMls!!!%XMZ4dEdlt;Xra$RWFL8GN7r*C5Re{J@BfQ5_l>y@L-pF&7mGRVO4T` z+ct(T=@W{ts@IbrFprUQfFrp{e$D3>;YU?P>+%p6i<@c`i^&J1SVSs(mtR-~vj_-( z{&PMco`4y@_X}Afkvb`I4XJCAhmn*8d5sk+r0loh*R0PRVL|0{!KQavAm@o&tE{STY3F#y=%!kFG+pVd$cZPIWM{G1Q)w{ay4rYz-Fx6F$? z30y5#rixq6wm+Ap2DY4Gf3~(Pg_5VArgNap;qR-GX~6S~$Q(#97N1`pbj_ggznK=l zo_9m0B&N$&)t??0bvtjHlNbkD4>p>yk)O+$wD;PUCG_*!soGDIS(#7}t;f(IMgH!CkINMw z-$-18t!}iq$pje(fCJeiYqKZlIfVW#dQRO3JrAAYqUWo&CxY$%F#}p{nOk z>gvv#;J`MMcLSn9cCTkGO*yAJd$YEg*`=fWl+F=SJo><9Urb%i2(<~9`I%(N6%#yN z&_ndHDafhQT_=7s*+SrAD>K6NGHGsNwolidRSW}Uyo37;cl3XBxb!)HOF5-;!TSe zN|U*&Luq&}?eTuaYNcBjGn_f70LPMb#@P3C7R zq6%?Xd>x;~*ZsOI{ZL9izW(+nebx{^mH!)GHSIb0`r5wudRD^x>T^%ceswh~-Z8H1>3>U%@x0&WSr-wr*>wTT&8`vqVckuM&Oib$hazL~lKe8!3v-QYfUPpoAyy|>rhRf{iPDhK(Zjv$s%aKh) z^SQ3{*nIg!zVqah$-9&WJ^94VxAMs!!^%i<FpsEs*;hVUcVVCY z!AJICG43mEP!q+5MbA+~GK7xq} zX8F!9P<6@0vWG89gkZc`v;Ye z`@*~KH+}k-@4Wt7^80u5ZU1i$-KT%aH#h3)ReZYT1LhNzP5bt*_|!Vrg!hL}q5t^C zD8;nLdh^huLeS!%-3BAj^ssQ9mdWvswTA!0>(LNSSz}aZL^=3D1QTtH>@Hq^`gov+5J#X(XU5miVt3N zh1SCN^m4r{K|YZK_GvIFdFSP1{x+olBA}RM3I&o)Xw_?c7i>z76jmk!5)Yf>a_ggx z)cO+i28Fq8V2W)(RUvgBQ(t0(Wa@9z%M9(m6%Vi|_oQw;xoynsnHk(92$AcE5#G;pIIm@*0XYBmY!6%*)vVO zJ0cMvM_}Bkmn1v6JLGHfeeRcZZRXH2tweU*iMDj@ZzL(%D~H-Z zdhOlv_2Y}RK+la&@+JSNoyd)C{OXw{k@C;U4xsaBmEo4IW4Ip9q)I)qz6;~XZK4-`qggz z${lGM?wlRzyBC+jn@ zN{}MgiO~^>(|IR88j@8?L;l1tCro&!?0I(I^6~`wfy*PGQALyjBkRrf9m)jM+dcwT zcy2TnOf_1)60>(^;-UO`J5`UPGH-Er-YODBV&`JYc_LU{uMcr!E=5Ojf?M>7610?P zGT%}^5WkHVkQ0xLX)ZPwSx|sW;uI(-(b~S5rTDEe(@pw%kSt=`hD+X z?N@XVO=hIquUHJi?>Imvlr>QHFdIm2g6Xh;+6=j>!1|9Z9sOQj`BAn!cTDs1D%ALG z4cEW7%|(vq^_wBUKKWi04Nv&uulC2O=Q#8UJNj7;@oXo&P~y?sQAO6#S!BZTvV}cd zrbhvRwOv5a^K1M=ad()QxKVfzJ8#Eq8cMI-%$NCatZ4oG@%57D3w4x`#TBWv)>3Tt zj@IVD%mu^?sOVota%h;ZrzR{M)zJo>t=!K=z6I~+z2gaTf(mO?E+Q1kHOe_vudiI{ zFC;tE{&RN9dQ&}8)-P|z1rsx6vL>bGwk)zePK*2wC|V9T?;fjrWYVDqkwB-GV>ERU zzf(tPolyHQ&B(M|r!Bu#;q=b|(r~>p*yLf`2ZWnEep9sI9j+dp? z5{aXLd=zRI>B2s^(7nU*a(I~BXGQ_oN@Gj7>41Q~^O~-`Q$8RgdQSsqLQX?|^C9bq zEr82~-EvI4?)nBPJYu_>8vAa`DIV(N-U`(H?ifWKP+bb<VYFu{| z1qox0yCD;&Gws^`9&RqTl_U3z!l+ZOAC}pksCR0c-k1a)mZ?vL9;Q8eMWnn7`z{hd zOt$JYTNSx7=!+g75vuh@b(GEOnXT(Y2IlY(#WpsH@QQF!1P1gz(t)J7bE&V|@V@eR zB{3-LV6>aZ>5`C0SXiqCu`-%&sUZyxT~S7t%$Cu*WbAT^KU$`ninrb*IvR_u1cHz^=eR8Ag4%D6gdH)B z`uo9;{hFl^ zH$H99JZ`^R4vUEqN1sBGC^HZ{=h* zry+?M`bhE&r74LmBTf#oFoDnGtTsNO?4%Mm9szl2uzIe)wW#Z#{(i%pXEXNOln<)E zm|K6SJeX5lNFd8x#<(xjL!MvSO-wtxR+X4lt*~njn)Rwc>f`l)=l^|Uw5#`}r)uL+T$LOWp zj1nxe0J+YY5ojAcph2*7$OkU_i?+Z!N?98CW}AXcYQ1Yqkti*P6E~Zq?QjS#e~akv zRU%1=4Ma)Xs+B+&*dRPD;=5RxUYWVcw&bem&cC1=5`DYDT%`l>r(Vk0pCfJGVpF*I zT>(hsWg!QdW7abf0Y%59Yx?U(&=lZ&7XMH#3goa~0e=XKiGss{b1TfuXDpK-e!But zzR2}g6#XE3!G)R%Ik(P)FP6aV4q793!DP*}S=dt^qpm@Xb_CTC-U~o}61R&|nXWh9 zS2$SRn=%@-+&7?AA3>;zugRJVnzIk_mir`H5vp-Td8Y*T2t@C1$U8=_ypW}VSY>=U z%b?>=pw)>5QnOlWZDZ3Sa(H8Z8dPq#_Mh^ZPywLWB5~}$6p4IJ#eQ?J zE$4=$yiG+}S3jF^?NTZge$UOU#43}up2ps4q> z?zwmky69IwlpPnX;&&)d-5LW0X%3HdPVEa+Xrjy9CW+qH<53}-g^$FY&=-N zcx%y=6*F9)72PG?6I-7dqc9PlcGo6x=y_ODL$!u4dU?=(ZASbHkissKlM+N35<6&~ z`GXy>qB^;LpwFj{AecnTS`OVJCO(}@bMM#VJ!$U#H@&AQb~a)8nXWgx5DO9hn#`hq zD{6)DUP)se=@rii<yTYj~cV4t@UgNgOrDPHM2xjQF zK90Gej)g@my-nCZ*v6d?dLJp^$r!v>9%Psd_&LRv2wbgqbbZu6{$4?6aD2Qg&7N1i z*?CHWmu(EyB~x+dh4>S!^3crJs-Bl<UbBVBqa!D zligBch99KUC1Vpqd7(n*;5wsq*&|E>9`2fW}tR)OWB{BC@c# z`6+3~kI>BCz%?!(NE|$2CB-)J#53BtS$dJgbxEjw9mxnI;X-y;f9RGoVC;zUx*+2l z_r@QSyN{`<8gD=DO7)MwQ&8{h9CpxX-75g9Stmef2P5e2W*(3_*mgq6g zD_y34d}~3$X6-mY$B%^OJSQDLn>x1btb#&YGWL>SzARcKL-NIjNlum>LI048V54Iq z<0Mnw3|4tOiTyn9bR`dk7$Uz0KJWux>Y>&v!|IZG4lJ=C#VMk5$HAu-)Al&pCB z7{S_^SgxT>^}IB(ymMBVQS$~f_SGM|1C%{w%R9TWLdL!Eb1fX;)uY2Be&@?;LO?qaXi)(d$kR<8f$!4I(vp=}7O3xOGC)tRgP71A_29+Zy9HDYxJJgT^>@RIG@fJFi zVhZrRnilAt#Rl<2BG6k<5PdXpNe~{R&}{oOv!4D5$77R+u0_@iU;y1V zRBRB{4$%hTdrR9>jNBj?`CO`WQ#=rVJ4~1|7ODAhw#79EY7z4jnT$2r=AIW8ayR8M z3uMAZF$q8-@f)Nd0lVCpXrC%&{N=qhqx{ix6HAMm%^AGp? zHQoLsYZ|sv8t*D#sXH&r8N|UA@w4i#&@G1`+;(mCC!!N}cU~WKrj~PvJ4KawA#=!1 zc!~1nhvCSGDNPny-smfKM6Yt)K}5AOZ5Dk3>USvzJCMLg{`d-iVdxflDJpTiZk(w@ zV5FcnfE$k#m@?ZR>U;-i6BpV3wf7-%p^D3WZu8NzgfP& zuHS*`1yk4kRI*D@&Q*oQd$XA_MDZTE-%H}iD%=f;w`8Q1cyAFDEG)0V zh`zYGvRu6jSd=nU{x42dG?^hggwp+jmFA?_|50ANlKsh*a3dftmeLKTQBkdIM|=qr zMT8q+VAz|@E!#5;W{LpHJC)ca z1bTe3OHo}cd1Yg7*G9s6%JB1e9c=~8TVUUj-vpT^UYa*|q4pgD)nkBtmW5PKc3)#n zU_&VixVCeO3wcwIhXCZ7qu3n%qRwLb>lzQ*Z{D|(kyz4M?G1>X$jb0LfnK-{OXV<} zgy)*H0`EtEtX&I2ZY>~3H_y}~$ZsF%bfta^Z5|GYt*^V}66kst$Us+ zwnOUlpO2K2ln0LNA$48x33>NJ>uUOZU)AUPC;8tIsSgq}|C`TV6qQ*f-hrEM?~|_B zE_r$Oosw@x>{T@z=VPzEfcd7{PW8P{iU@pp{oS13pPO&{+xyWz{Yk$0m74A8{gqoD z|F8Y`C*#lS@6i1I+L>V5l@d~;H^Kev3q{9J9F_8FhxH?P0n{XGw#Zochr^uGN` zzS*R9dOAM0e88Nr-~NP(^ycW$#4r?1#fdXS{u~mYT(~R{dZ3_dYdEwy=S0Q(C`hO< z9O<8UPqNNXc5kAI-ss50*|Oyf*OrFHKP!lhNX+%q>hMK2LVNr=zc2P_s@SFuvBxg= zzS4Yx5fuT=XGu8Jb+qfFsUBL)D`o8yd25?xcyZSwfs2twg?A6R*|&!^Y(!s)o++d^ba{lumFjxzgOa>m}D%+AL@w(BP0#B}gD1 zibwdBFT3mjb*(htY&zBWD3FacnyY+~`z6ln^~&>QYkiGLC^boY=9Fz!1<`QFme@gZzzcP>34)3wlzcjNvbp`aFT~>Q3ZCcqT+V=>7sf`cYkRCXj3(ql z{_t?rvCk-s^8C66xj?VO^p`nr(|5T!h313+x|D`05WRVL=m)wf2AnRPTKW#_swIB0 znl|yM6IJYq-o1a4mjO$i?szwk42J4Hl_Q3u_c5oxqE*dKC0?H6mVwDKB~AQz1SQlp(8xf?<<&YzzjljzOQ6tfrPOT7-M*CSyZg7Llk&e2Uz z**Th#KS$tsFDmJch;39|k7UdXI6IuT1vM3BI-fFxys3NR@7mJ7Q}=JRB+8vSJ6_Qj z<1fgQf={ru%dnmnh!FE$Wi zuXcfWwtEpfv<7xjOHn!}!NzcU&>-2ZyU84S4&S&)|tb`Cw%CfLzJzAH$U(wXg^WNyA zq;=f{k<#7zv6mAlUC(U|}eaWQotxOb`C(e*?(y*!{l4AH{{+>;S zKZe?mCsEGtREj>~>}0+9l^;4OkQwT{ln0W=;LW=O{>a0*k5LqthzVxYTPf*3s7uJ+ zj*^A=ChJFk$O?MB^-H0(^G`{yLk7)JZVA6~y4t!1IxoEN4%6HIdTht8S43ZbI{I%} zSaUE&V{|$6;OruDNvLxP@KocYvIF7M`6NMj6E1IF!mSj2g7ao7?Yw3e_4xusjo$-@ zUjk3M^&|#Z222AiOuL@X(9gc`DDnVF077_n!m89rS*A75eD<*}^(vg|=(CT)SNw6U zF%_?F#y|5`+h>{8rhIV%gDhqrtUzurK?7aJW?4D~-o0W(yt-h?FnFeDBUz11RqYN@ zE2HgfBT4xqr#qrlG%|zE%jlQd#hMtITb|ymk;JEIz9dnA3Nm^*4Rnl?xxT{B{konD zR~^Q8^|PT{HLA$Q)?>vXvY7|v|2B$OvILR%!o;^0MTg%TsOa)o;aR@2+UhiI6!bXH zjq4)Pax)KWEgtQ@yM>QkD#E6~bJ|`vaaBMV4m4oTHxcmOa?Mb2Qo|tBIbcFn8eUP?XYxWK*1y9dYU7W zhL#qHDBbp{M2UDkw6%XY=7J5m8V*fk2V_1kjpB^Vze)A~EVrbGn?3f7w7b zQDLOwL&m4g4{(z4C59y?I4_L*G<42O^AIS~S7Vh6uyoCMX1>BxAoo=DCNHCpMst^K zmWX_>6`T?u^xnY4``SMUbsRxK*#$!##QjQl`g@@4 zRYUoi9LP4~>xQS$O}v zn{i#Kk~geNXv37av$^l=&My~Gskm)wwJ$chZR+H7=ZbXaf^_uVRDZ{?^F1tc$(ux>)Kcda=X3XS z*`-9ks<^qb>gM1HGK0>u{`Az*OGdf#w~;7rYclh9Lf3o!oSmsj86jr;|1gEIfhxrG z>#W=*Vy=B2$hAjb02N<`zx)%*lZ0o&mm%ybJ`1~Z#t7%J3Tpqy^8;p&VPunnK$COrnj3Mv^* zQe7J~R$6baM82_`bh|j!B8$#1uMqm1Q*Rowc^dCaYw%AEQGZ8xeCF0Fs@V!;O{g~~ zX0!OES(Wl0ds)3H$z(a73)Sw<tvRfxEWb7^iPtU}Bzr%kJ;B+MIc& zTR|73jDm})a`D1uQ)1f|vObFBs@H+J+~I<0(#31+sq?|V!|moqE~o8gbIC3>{kC^l zRDX4|wp!gS)lghhl)Hm>G?m>f(m^eeW3PVS75P{PejX6NS<<-yJJ(B(UK6?1O`GYZ zh1w;0N92cY`f-``j<*37J#<(Wi|C{0Q$%k2gdrza@{iJwln{n3CF0( z{{C7Zy@X=E$Ri9#2d?+~KTxGM>JZEbe@b>TK=y(9P?Ni|da2kSSrmeEHgU=+gHB2# z4*?8Xa)OPp!dC7TK`nGsIjt4+w4FAYU4)-77q{GDww!9SOCuXSm^kly5XmB<@e*VN zdD`SE&=6U#eLSRn>r#-YD6$lq&Eq!F*;KGwyQnwo+>{TT#|m~hdqV4{7H#rZiE(IP z?mYANZ8~{u9AP%pj?FYL-H0_*!A=fQ@$_+__Fa6%)5nK8ZUjJC4FzAc4ARxzX!;FT z4A4Mnbu!fcEgER6MnSWRAHo4D>H(~b|4T$-Xfpj&m0bMbNM;Yp>}X|SBxlfWt^iU) z%t@pLQO=c^=d4|ZQ1@+2F^4*=Q63uT=8KZmd~f*xlJsq%0{y%?6Ny&2UD!Q-+Gha&U?tJ1pQhcoSh-i zEvAsJU#k#1Nd$wz?%+rBVJ<-#ojA)Lr=u4nX8MynJdlpu;t?4aH$MX}T-LU^+Q~GLdJ!5|Llhq}OhdEreu(?@b_bA7l%|h}>aAGF)_(8(&Dat+d1NYY3GlbcAV|W7X_lbGA%9kAbRx+9VKkVVhY0$ z#nj0jrXseLSan!9lB7y%&eXP8QDn-O_&JS8HuaHn_}OTtYeT`*Ns)g`siPtVQesSG zg#0OqjFvycA{FvyP-FssEPl;-Z31@y1r%y8R4k)pf&WEj^s5wVG?Q(<236ty>T*py zGFwT`%9~Vd(TTZ%nyB{|%6XXcUgQQXzjK9l;=CzyLtcaVj;$hdQ%4o92Jf`855eDE z%!VUZY2}Cpa1VnXz&jNk;9pUCeu9w;_on|CtQ=IBtl0m{D2RR)?0UN&8Xwd;k*I}N zn+T@bM9(IbCs6keTQ?hg;_AqCT6(sH)|UO0(l964u!+az_119&GARCy86tQ_XY*kV z;vNd2{BH|#ef_32+w69af_cX|=0nyKi=$W!B1P58WRz6D8EQX|-|`^* zx%_Q1z3aVxzm%&TqCRVAk7m04huV*(2D92^x@;w)3%!OtN2Y}nb6Z%$JU^IU9|=$D zH<*>#`YOIQm|Op%?4ikA?6nqJeJ{nUwq^7=+;3fC+v7UE!94ts*5FrzO%=kB+l7Ry zGunbt$Nx|L5ql|DD~WpO{#1co4&bW%kB-&bw+A0qX3(3Ugu0C+<`a4v=T(-|9{hA+V<*<64dyFe{pcl) z+G2ybDBubu*9}*)d-`v7sGF8OkgC<5FC$nzg*p07^2(|i>58M{c(mxT$o#<8LQ#&{ z-{#OQlfaPGNf%lzbe*EpXV!(#CnytllUl29j(=F*p@ zlUbseweO|_`#fZBzk2}u$)8=4zfXTaTG0jE+)gY9-yj%&P;J}qOw>@z+hH{D+OUX- zL{Nj}6eooifp0eOjpHXQ#+k9ux%8q2plc`P%FG{FwB$=jC^`F=%FM83;*s<7dX zZy1SUeVAMT_`Mw z;;sJGr5?y49O@LED#Idz*!ML9aXPISG_#XJ$+XA}1!5;MH*l)QD4sV&rY_(t&Kaf) z#7`)gxKXA;K$6P?#WnWz_bRUO|FD3_`dTOx{CcXw(?@azAPTznG#s20aI<;+K?^i7 zzj3TfbMj4U3eZX%rC|Cm(vz9^fVPc~yna4r%P^aN)N=}L#_mZp`Qwv)(X$gnaYNb? zJw9=@1c9nRr@icm&;uu_)PbmB&9HCla-QjWzYrnB)oJe$J~R(a(StUMj0V;$j)vjz z=34D8m=x>Z?6iG{q5m(_)^QNkl3%BEv-xnH4p&ek`rtg(pR6bNM^cNp`$6nrWek6@ z)nq?P5*-mBWXd=Y$&`6?GsDu&jD4o8gA4X_@?YRlZ>6EXSNIKWfZ#x)!<)(tB-WcV zvJn1}1PP25J3O`A)sM-tu~Trk2U4h0F4&vgJ zX)AVTYI3%NE}e2eddqQM<4;>EV5X$;ztebWrtwYi5kCWB25be?}txW#Y8hmw_<=YQ?_|Ag_E8`3x5%JXH; zO9<){?Va95dW)wn?1@YKi3_ZOA@s6pJM>chdFa;n`OEj}!Te=&2@^6M(}y<-tcF1^ z_w3`Y_Yx>RbH#^-FkDtUIGubGAQIE$DleyPSq##4LfdYw%(mN++ivuroJ&Km#ZG@I zj|@9|#=Q#1t2d|O-OHJ#vsBa!zQh30?Y7^_Pc`T0;2`hgIx#VR9m^`st=pExZ#)8)bVyG4i<+xh_X z2ir#1JN?F`EI1uk)3v?MjJf#j4XqLwtM`U(y@|hEOIHwOOfehhmYxB**QWNi(OQs5 z??bumn8@Hi*1=D+eRWpq;CH=|Do+FzDVNl8BVCx@?YHZVfjgb8g3D&C z)Q8!=*pd7NZ^%w+EfPKc>z)53?$ZTm;Ds!1m5t(Q?60EDawXj%fhOXgheNksONP+N zyCgX83zZNH8o@m?mQcH(`oRGIjO)TNx7=sd#p^`6f58N5r=*j@UE-hnL$_AAt^I>p z@>;tjzqKy1@>}}_DY>ovjBl<#s;bft$x#7+mUXK+V}xqE6KC;y3Er3Wku@anewxN- z45q5S*-%zSu(k4DiJo^)8Ly7`vR#AFMZ~>)jc@`}txg@u$!iJO1X{@&dg?8{{vKjg1I0 zn#@b++7L|Kug&%=`E$Ccdi`N3l9BgA5BN*<3MKye&<6#hq3KV7LPwi9O+(P*98g&O z`86-byZ0&+jDJ34$(P-xFSkvn&dEpOg9t*t9Q<9jSBZwpt#U3b%LxfPzq~NCmVwA~ zx{>AD+jHXu=n|LFddIjN-$?nn?kAMZF)&>BWS{TdeZI?1$}1m{`UrlR|IPKkmkW!G z{i&O8?Ik~YRPyrdPbJ@c?*&P>_L8=}fGK=dFFtZ$6ZtwK@a6S4D8D~9-}cwKZ-0_+ zj>`7umM6aIGyCmN#-G>UkA5fRGUIdeZGS`e?N9Q}+UGOlbIS+J;rs7T@SE4)G5P(u z`L@5?yQSScd`iBVmF>?h&-)Kg?{9p1l52C8`vof1q+x8KPL^RUm@!ZYHhF;jP2jyw+kaA{RuexZ zwEAS)VOY-I=;dBP9oQ-@c$XH$oIA97sDPI{^q*^qmDv&!v><&_qdEJa%$Qy!$sN-I zEvRD>(>rUGJCdXC{W=IUslU{c1IX&Tq#?X9kNjgsjJ=d36jV_JFUdJpbJ$^Fyv-g| zI>6s4R4EOlqXU#k;RvDeR^mCF;}z8*KA}Z7YEd2Hu>u#z#j7~xJot&2Xezi84%{8Y zceJpk?uDsSSlvEH=m|bxqHrX43~!Om!A{P2;-eaBmmMmv`}ei`Y1!`Yri%E8jsJr? z?A9e!n4}<2s^`_on#`EZi* z|H_pnkfR3r4*G?7E8fuU66!3kucB%p_FJ=keMSkHj%BvCbpK0|a&<=@`~kB>3(1Mg zEc~9jbJUx=zNwV~o4rW#Qf7=5vfk19Qs{xOLG*h~0)PcW1}SM}<+SCc%?`I9a2Y&C1uRy^}a1 zK^%_G*(NjNcTUdQ(`k7kC3y97$^*d_Z!4d~w^VCD54L<@zvTnwRIfZC@~r;kzrvIL zx)SaG22aHIr1hsB`8&a8zykGO+yB}BtM+wg6n?iw8FNniHTxTHWX%%-Prx|8b>Wdg zTl~mlCfWDC;?aBah&j_au7Hj0iju7goW2tz+Rh>F@>eQ)Ir%rXm7Ikq*J#&*YPk+48nWs*v zDN?FFTM7@GVKWp%h<};JxSx2NGld)V6yEWip29Cbucz?#>DasB!fV*LRO%Wkb;%P4 z^{9(TBkDQJ))?~zqKDhs(zzJ$i0UEp2(oNxRHR!({YM8!N6I+yhi0G65l$tmrII%V z1RY)42a`LZ-u&7TlS>bEDtW@KWEs3LtsTo>ss%bSyR%9n&GCzI1`b~p2?TOFu6*KZ zM)$?+Go@=C^>S+qx>y{F82iw)YJ^1yS_w06L}qM=u}d&&dPmOIaBKmZ_kfa9%$sGy zybiRv$fCc%7}RPG)6M*Kk<$#~)woUk!X|3mCd``H6sP(Noa#}py);%XsW2RJO98{- zpijhbh$oOPM7SJ{(8;<)>=gUx*hu@x*f^(*-7|KE1LAi;Ch4rsZgrpUa;n2Uj&8=i zYa}vBiQ4@qJr@|50t{Q_+^_J%j?xcPwG2JP&Edfh5ek8IxQs9ohhu|<;|7R81qgxq!)i-uN9)6xff-`lavp_HddF<~3^o&LE10r&f;OF!1<&DVI1!_cKzq3XDYDgG26_M_#J?(*d0)L)TcP_XFo3#EL2 zT|RXRG7<&Yg8{!f^>FPQTw+`$Hj?<(K27YCdu;z7YnyAcLO4t?e=|V%%7RQrLXK z@;Ln+b_tgcXWlH`O_uaTb zxtWY$o~1(PG0&WalcE~+*8Rds_#V~LkzA34ogBwHs4q1StFgRptGjibbZh!YLKgcF zcXSv{3}?%(+%d~CEp_H!U{od;eAC1o}0A!q{VOH_S0TZRHBDK|-{FiE{?$a^A% zBWlCD@`J*{p>T6!35FnNk7n>YZ~qdzn}ss_B`06+Up`vLyuAGj^VN#Y(h$}kw?4%G z-N-a2>{doVaXkn@LX|>7m4wxYLN&;jrNhJz5&n`Y#k8*(ERNTB5x*-VaQZ>3rZw?l zUCP=!bo1iZ?0(iSnACkh58Kmy9;Vnty z-`**GA@z7ztZB@*>|lQ`mBa2p-DMuU8Wo)Dd(jC}G`hj*hFOJ&YCySu z{10t(g;hzY7pS9X0R;#AQBx3BF_@I%Poy3~dX|Q3^m6u`L%*i4or>cRV<;{fOn&Emcf@At0x23jE8w4s_kVQ#IrQE8qDzLJnm&g*^tsn|GRy%Wyqs2& z?6-AbGMRQb`t=-SCfCB2f}te&-S8-(;ay|2%=Q~_9CW^x#ufp&AsRV{^CsyYYM&mc zpx`Ql^mKY8B|7L5cyIbv>As!OPsLn9YGY4ES42PFEJM{Wzp9s*{5YzDf4R)ri`@F(A~#i+1EO)<#)@e?H~^E+S;1DE&U1^33PuA6 zH)i;Ur+WoB5lrk0n&+-DLqGKezAxMeEamhnn^*)or3%6zMwc06s% zXdJU;7G=u3=$3g^e&pchYtznzOc~29b9>t|hqNhkSf&gVL5vq%m@aNx#^0vQ$MQ4{ zX>hb#ro3&Lu5HTvIa6l0_I-AS3+E-iP_^B~9X;a^44#oD1FeM$t~s!711%2E$TXli zffI?Ea#moh88ggc*AUy`r%>!a958r3WkVUYz=WUVeDu#e%wWvU8!xOxo!UMT!M zRrtF%Qt`Z6VBIwEcNF}+Ok3MmNF^6ZCB@=N!$ukrJbH7=!oBm(`E>*`0FdrJ_Cl&@prCu)ygRvw$B#Vv@%G}Uz;;-73#%&y3tyILW z!4h!FTkiVw!Wu2nyE@Ck@Y|*7jE0d#R`efPgE9&&8it1*8^(fAi(j<2aMOA8_q^WFALOdL54wLiuXs?Wm0)|YEanYK6^HGEmOY$9i!^?Y%14TBPFTN zWmB(b>erI`fSZcP9=?~98#5`U!Lve5k2qfY?W2x)Q|J*jegP8bU3Jlh9{f{ST+5M{ixs+=w=9UWq!iX?ufNHw0Ic;S!TqmcQG{6hCA+BgMm3tF3>S%)q9$y7mjQbi5Gg+Qq0BlMbQzU7P{&&cRC3GIsD2sV{3{Z1SEe8c zO$L(@tI2dxip8o!x>>VvKEXoQ=|c8M=-C4hLNBa_tQYDFRpQ6mL;2X_?`vI4P6^U& z7$P=_66n>m>u#Nt!Z#f9U0h?=LX-O_^L35eyUSje-i3{iH0O2}LyX^^Z%~5~9ye}f zO|&3@8pB=q?ojT*={sfj&%js3*!sf9r30P?#Yb5ECLvp1N}MwF;Bi6<<4YF<;}%xx zkoe2j1PN>tJ4MtZ)1n3(?XmxP?Om7Oo|CWJ z`}czf^pE-K)~7T5bKr6QfAIE5-@Nt?$#2ie*X=Dmus!ChW3%l!@Hqc}{9yD9^E?HC z>*3XQ1Xg-HQCDF0fHP26#zZg=$336Kk7sMg01qvpdL$)N9^#2q22fysWSL*LpJGZuidGIih;+v z3JuGab#H@AYdKs5;z5J0M^*5zG6ES@jPgVDD}6tFC|<(DzM#PDhB7B4PV=BKg!Dil zjAIk06~uee>3ymfmpjVUyK9}Z4znjz3uYjS9^MBJslV$SC$)-iRokCuB`V@;VM~fG zAC>H?%7HX!(F?VzGIl^h^}tl@gwxWGv1JQq?fpd}ohb89!J>rFJe~NP>V#bPGeAuS z=016~j0p#-21ymIFx~n{D!HH%B#2*w;C65FOt@|a8ioTfQmu+49qxqi?~D+zolc+_ zp8^m(m5Qd!9`*yi-3_EME8$HrE0g%URY-&ec7~g>>^kt1uYPwt zpt`U5xAVL?ZyqA4ZC29%|!5mc+^ZxEvMzBK9f5Ba3^v@eeijzSN? z!Qi2rbd@kAXDsTrk8}eyJl4HGj^;Z{g3o z!Kicy_+2u?pVvD{U+X01{zm_F4uK@hi39;S3ZQQ1@kYIuQwO|leJD;lv!oP)2se!9 zYc55&j_g(Abs|OH*(jatO!hmctQ1q7e2XN+$=T$!-T()Ny$zGVv6ihT6n7K|joe?e z>^Ws#R9d3>_7IfI=UYVS;qC)Q&u1QVdG~i60fuWj_h(c7gW)1K!~T~|+=WDN-l9y3 z^)yn@yj*c^1yffwfTGf=k!Iq*z5?`gM@x|fjx&kyzY!!z9cHzZ*~c+vLZPh|j? zA~j4??xAi&R%Myl3Bz8L5~Unn1dEsI+h!x=rhhOV(%TeaMxXlEI@v1_lLj`z0|t6M z`w`l&g@Il@cpeAubBqyTJ@Z9jKzunMXp0iJM7uu+WJ-DCJrIAX3C|qDQyG7O0<=Q@ zPlR{13a=I64YJ8w2z4t&#B*@Zu-pkpuaf`#3~d&vgEFbY0b}Kp({LQ8VO3@tc7DJi z&C&rbQ(=F<5S`Fd&ou4>5}10^o3-xQl;WYYwO`^(OJuKGHbSQPV7|65wrqQ^asPpZ zyX(S)8DVf>+W>t$EXd zg>TCiPSt=s**Wi=cN9Cb$Pn$t5RX8S+M_r%He@+c5%s}JchasFb8Q;p)N4<4 z<8kbjBh6bFAi@_Ii$G-cavsTDu52u?MUB`GF^~wWji~E&eY^xLtp$-g3kXM0{OMOOdQ{yOiuW*PF?S=DP0(uAWhogee!!9cIM1qdR(d#va`cIXN^2G z@-Hl0Xh!@4>dFDZoi^iq7uTqri1n3 zb+@6AtA3^qW2vq#>NtRV0J)e;9h!vQQ)_`VGzql@Vc9h{CR4y?NuPQWi5$^-B&E*5 zKSu9NP4nHF{=PwKg8P{fz_@`U3?KiVYL7PNX23_My0ARG5`~ERHok+*LZ=GcFPAEC zzg(&qY^1sNc2GVsc$DB8&bvV07@n!+ettT&4EnE#R2mGDquV90TcSXhKyUqw0w8VU ztU}r@ciX-}%nKz5Hc;bMk|pDY^;#sQIoJ>^=N<@hmj)4lBa90(0H%w@A`Kujzeer8 zUrX7_GIjs6B4ncK4*dh?-7pgAdw#~WOhuV79jGfx!EGT&z;L_4cVoDW(Z}a7>s#YQ znS9?tX$KQRB9~&#Me+nm-l>zbx-iW5a&HtCJm@D_H*(|Iw&w-1AcFhh{uqN-BErV+ zn{+T*4KMp0hyvLO;ZpG;Vls5EIUhRs70DjB1u0cr2pt}nw100OTx@_wx94G6j1b4xSqmGEjf zK;v@#cl1^Tmtb*#iztBBKX?gt7aM@eLavLd3xAuDyIdHdJy*0=?4~n-SIv<;Il6rW zd0JP20M>d6%~kn&ig@@WD`4LVt3!0X2$uUBI5U*EHJKMlEhcCYKTDVH1bA0LkEAQq z_CGkXW?_3+#_eZ_N>n}XrY<|0YXI+uftwy&F4%L0J_7<+`pYXa^l@;4F3R|d{+YSo zdZjJ}D*yj?zqQ1A4TCkodTY8m!L4E`BR!SF`GKnJ-ri}*3-AgujfkcsjR z=%teZbrT-(z(#PQeKsIFwv0a?5`crSZK#hY#kfM;^d5mJ-Xi<-;| zx^uId6WE$m(`5ISTZpMb(j~-wIJ9Hd`Vs;+wF5&?FAzVM4a@W(Zw@r=?Cp`%-;kVd`q@BSDqZ*nDRD#2{(?*KNi_VWdnIuCwh zBxj{Ahp-_L19cbU*Z%`T2I__bux;HkX{2rtCs21E8bw_v;g5CYIo8tbXmHKj2MrS) z@w>=nDGRz?Ax4YL(nZE#|o3bGRp9110YaH@tq-z0IcKLy$;iFA@UeM z;))xy47PSWOt(dzcrj!SM@2n~8<3#oA{RXbMsM2*thFWzX|{DyiVs5k_03%{{o<#(WuJcis{i! zBgi4CznB$w)LrMAF@jqB7_nNzGBc4~_o>GbH4u42oUX(AqM6ghlN1cI8vy3-2|2%q z<2Q-WD~oj-BDl4@$Synh*H6QMq!dVQeSDb8_mY@XUI3DMRi=4#=afx|SV3y#z?GM<$N}NU>N@N3W z%xV@3qV)G0?Tq^-t%=+0PuzG9!gjo1&3F%>SqYYoQX>Wh0Ce?*j0^FrT3x-58c0#H zGdAgUbcVqK&uCT*vPaWO$VDo!nhrJyu)qZcJ0yEb#=jLiU8xrh_>5~s!|182jfF)e z3&Y=C^l2yZR@PnT|6I%Q4s!VjTd}u1?*F z)J*%yaj^9O!0Q6wP%jsyrGnB5i4$EEo9Up`x>l?BC@hcaY=LP>syC}xx?T!ZOCf*k z+|(dSW>68=m!z{H<1&FbSs=7y0*cG31)2SQ&H+T@OMuKdf57mY2$l$u5>20K^s9m~ z`;OIY+|Qdc#(w~xIj8)ck;p5l;c4mKy3J}p|cJt20cPL4_Pbe+sFR5Jh! z8-p>0e+L_5S+;}vME3Y4(skmb?!8TvX|3dF>aTHgGiMCy(RqZ*oY#Pp_7f@s9Z!k4Mo4uD0WPbZcJJq_3R z&EDx#qw2gBjzVWDI>%vmJp~>B7<+pMDxvD%Ono}>wNK4>>}!ZxC*nPyh6I_LuFZ@q zjhGl$@KOn$jESnvlBM;e*_Fvfc%DE%NQinF0XoslE3Uu?b8Vm6-|P-|DdH>GnXf~W z!xPPZoQl40pXb;ca8F|X9y9~P#PT{~FRKbKb|)5nkN!e0(a81H$RR2Xa0=XDaLQop zXUE1Euj;YC1Y>{2lX~pO#UeWSsu+_aI+@6FtM(s`JGN^7=HGJT3upW{vTO;p-SKi~ z6#Pu}R*yWc5#+SfURM~g-_98;{*?1vtR!%nZZG{tC5e5V<_(N>GB%ygOJm<}k|BYp zIV!Q)7g#^80DX+%@bhS6589^;`byMm^t-f1Z4hug?B<t7@W{=6%39JnJ}7pwaU)6@wV=0gJN^N! zj(YbM{6{0DV@)Oe5R7pk#hY`{Sy!(T*HcR35e zZf!C!z~~yCFdov?uv&P(EI!=mXx7b2Q@ws;1|fbH!Uw%&ZHuT!2b22LdIqB#;E}|F zez+f6JFF^xNyF&{xN5Mkw+tL#g^yp5g7bzaHdXV@Z}Hpq$ENGAnUQf`U9de_@RpGT)IyOKZRm>1aOzCWUK< zRGHezzDC_Yk5G8rz`PUe^c_7^N)!V-A`vUq1kspyf|=fqQGEMGk>#l?AU9&?YNoi< zMRu@87XI$DWUgT5l|+q3P(GC5{}-M9)Q+k`%rMjYO!!^%L+Gt;maRS$rbu z?U~YZLS$blFai$^q@iiG&-_I&Gg zUahDuCO6F1;vSfiAJ~jOw!6K?U>C(B2T~=af zc}#7FcO1&p*GD)^5~%9|k;5y@)>Rp`;d`{ea zsOvu!e{^hQ_vmmYA$8k1;$npL%7?WAe1}D0kggT)jH13k1C?^H(MU;!PdMGeY4skU zu9vW`bU&9sd63iCLiiG+3gZbjp6ty9{T3k@?mYmBuzGfvpa3a>AwV1%KF8?t5B3wE zFc~IgK?SERxwDeV8g^Az;5iz z)xbBaH{Oq#4(4s6e{1-XgTT)_C_HaBp$Sa2B22Yn^ti;~mHM>xWnk=Hy4R~yby@n( zntdVqNt39$8n1SWur$_OimSsQyP9%^2vz6i67*BqZjOd;iCL07qX^QiJI{j60H8(1 z4T*GXHsbF3V^HK8RNye3K6==hPB7-yAqm{U?W@$+Q`dK>HvV=-g+8gw*K91$uMGPa zR(4~ivMhV9LFXap%^v8yH#w;YuM+~hPNDR?Vj||_{pb9A|AG0$sbzFg$)iUGt*_Mo-MYt8pr;h=S<-)cwY8vAc&z5tFfkNW{`fb|9X21#0d zxJ(@=;5F(UIi=Bd$ZT(Zy?nQv^4(?MevtC)uhX9a2kXzT;P+&A!LMP=5E!k;HiwAk z&mv)UJEGtJO8MWo-(;-eSbx>|G`izymV?X0?{D`RX ze^IPshZ<40XtyMzuVl>Cu`BQ#8m#1hvA(5*d%BCPc=kOai?AAq+U1-NSAxE{od*<< zfy-a&olCXM-fa$q2#0;+;)^uhppymamce@)a&h(V@fX^02`6qvlZE$YAaJp-zQou* z4q9m+gZdw4=H3Tnnx|SifY! z?*tz-+hhssr0?JpbP7qwUYA)eifo`G@iy*amsVXb%RSJd&tKggz*i1LRqv2iU+K>Q zlVzap7?d(zW| zj3LI@LRcMA>jBE2v`xf)>YMX%TY0=!WBI8iSQ3pMXbpBR8YD{Q2%j;vfOtO$vZ%S! zv~njdiK~ILisMo+d{7AXfft20CmHA9>8D9jZ-`1>NsX%Yumu_n>Q4b8sV4v_T6tL2 z>t+DQtMz4=b%_5iX|VMnlPXCeQL2{bb;VODpIqn5azq6&P#4?-6yh zn*-kD5_O8ech02NZ_#88Ci~UzX4~;nV-KnS?y3weY+#D+fWP1kc^>@cW3|#LcJ)0? zCpB1O$|R}r3h26hGij@fp>ZIPrM9;q{-N%Lwlw~IvBPzNy5rdruZpj|I79Q}kR~Ry zw=a?Lh6(M()XUs+3=6BXo|Li`yEpX0sIYZj((Jz@u@A-`nBc&eKPUDb!j1)2*5ey@ zuXb^J+Rg}r5@FR7?xZpx@z{o=kpChE#ADB9XXQQTKAIXYuXLy(HPtaPlJH>x=m8&2 z%r-DlSZx+`umz8(TYqs(LsFt%!cpJPVn8LTUKT#UHD94BpUw=_@fKr&9agn&B~exF zRuZUJ*o~wv00{OoV+8ft0>@p^;}S&fMGS?ino3emyV@N$rqlkX3BNu81Mp_Kv9;*+9=# zY<5KQeo~)ddWQYOTOzzs0j0V)gGK!p@DUN{h#L4?g8Pg=kh+Dj%k&yE+FfIAzFV&` z6TrdF*85&vPii`nuxI9)WUN4Gx5)Xr2ra(*kw=T~clQX(y5C*I!PSGpfE?=RG{`W5bB&LKC z8^)|R#BsZ)vV8<{#R{IWxa zTyK+huXJnt>mP(N{~i62PL0@srH%J8HDWo*INf{!~1(~s_ z8LWJ^J8rtm&d_!FUzOkGRPM|Xhd1oAD|Q+Ze2h)#fpcnn;m-fjbT%gPzu?Besm5p(HEO1=(s<&??vUYU z>MtF`qf(SeW3x->*w|DQqSN@=O)!!L(n{8q}YGPUb%q zn@OxQ=O<3SK0osU>p#!Wz-^c)#aKX#lEt#giaI;2*WQ=DO)lhv_to3 zP*h!TryOQThoWlG5xPS-PeV-+_0}w{0B%l>pm_~56$ z#I;lmJFN~#z(s4A~one z4rFoaOu#@qiXeu**7!C^k#k1e`1XXn`K9eMMX0M>?U^Zk)EoQ+9A|(!BTWVB0^lw% z6ZiPM1c3nJDkv zC);`1L4dSJZ!><+&&_z)^%txz4t;-1T0Vx(sXJt1d&Ln` zBJ`j`g2;9aZ5V`_uc5SCvqb$faNDj0jG+5RbTz8=bfHf%mOtnTH*}^#INeg6~dBMrec!s*|AK%k_u> z<|4gc0}3@NsteO){w@^8RjErfO<|FSEzSP*ptgw>D+1J1Yh(IQ{aOE?>FzXJGx zhR1%T;c-E7GI!}`=;#s_AYrrVtWmMNWyvAj816(57`!+FKS&B9cuy zMb@{^*P~W+YD7q#0!9SiFqUMXt`R(!#j`=0e(6nFHuF4vJ9o<>gQoCQ)QH~PSS$bV|s zG{Mw4pL6rIzVKIrd3pMh2#3hEOqclK{6<|qwP`-n+TM?Dq{zu_pWklV{Hvayn%BOQ zuiHQA!1hIiy(?@l?K|*zY5bt=8W?|CK3u{dMwn`==e)KJ(R=ah8$(I`BAeJZSsQ{5Pc7m=*J}?f5XHe{@}`K5&rlZCi?IvsO2zT8nOGJBSkf8;$_18kc1;e z>}O{S;=5V@hyBoWS$1HS!&~-MG$a=%{dCf;tWkf4aX|#}(lW?y>m&HL2{Z#lZ%RD? zmd#d&^(3$g_8X6}XA&jRxA!;=2kPc=3%p-ace<(O6ysiq9Yk2mq~PIONqIJtGTiV; z%Aeen_!W@sejfIz*S)fS)?b9m?cp4?R9F1O4_~Ui{^3o@3+52(CmA=3jMRc07n3N+ zN8TWUT*!}NUiFx0+`Nk6c*z@lU_^`mnBkP_s7v8}3gcPI&A8WiLjHP;hw&Gdm0QF# zP+~vi=pz_M8ukWg8N3aRQwC3=42EEyTvpjIx==(*NdB#M#PCV4k&lY4U5+4zeA#(d zt`I&qsDbvTqm#c;y!T56}>ZnMrFeStSDMvWud5{ndE-ey7qQ(Z)98s6)Iunb0o=nb8$*Fd8 zg4vw!C1BgKNR@Y2($vr0bu^!A1s2vL>(}$~?MpIcGD_=BWQlT@GRmi67h>DGWUwE$IP)uk`Gs|@0PT2xhi;$RS{+k+}_93$ax zpwBIkx~*n-J0>+yGVW;^N6err4$-K>_ZydiNVbTond%Z~X+%xbAG~pn^;13^?fD@9 z$L7fFlWVL7gaD`Qid8agp|_0!!qoZptDC6Pw^X!>dppQ@3`~%T;U4oU_!m)oGwwxM zw}NrH0_$gqa#f>hricVIu8#2)?+N-#Xuwde`YaJHl~NC{Bf0hbyiyRc-wcTN>%_1M>^&m*i!|yCT=b8if@szgFu6Dj}cl04We%K3#=aQzB`Fgj2GdpWU z8Kg#_{yL0PL>($f%A#;F5*Q6^ET|n(JvH_Sw1tHtiI=D1Md}h5Y^-K{Tlfyt(G(Xo zjynTO)f9L(i$)!&qvVbnBbholoBF7v&SdJ**;MciV6S6p=WHr1$5G>Urv3-+luo@% zB=vcwe(a{2^P(hG+QQe?t@h^x5z#{~WPl2mcgp_?&;bY}ms;9X9-gKWiALJghp*l=Br%1GBfp z3hyaLW`8|X*c3-*H#`81O@>aah7r|QvV8hpoXa9m({~*xKQJ9%qdVcrhU)3mdgfNjTY3`uv-_AV_>4y#DvMGY`f6gLrXEmBtJ{XMeXmZ)$3GgeUW5Fj zvpoEG^cq!-IJ%J2A>&FBqE-u8y(ES^ejlABCKq(444=&|@7? zY)Vcz0JM_>+904m`g8{nO4D-y=tnx!ctAk6JD?q+>Yb=d2p89<9njYW^iK|GNBAcn z0J_Qn-6NpaIiL{0%MJiN*8%Mzn$XcsT|#ot#ZV zyzz7l3sO*Gy$HBZ0S`dA37skK^R1s@JvPIQcbJP5-fwOhC4W?v<#EG=z@l z*jgo%6!T;fU3vnmAI5afiRT#6O+sQ<(SXqo=0nE5yK10w&}dd-c;6T&l|WD-sAG#g z7jDSA&{^C9nG4Bq(Q=Utz%zB4^w1t_@P!Gyw>w_S#m?8@R|g4PFQrEMYm$yGHmT4GheNfeWdi?fk*!j-u?}3+UIv(`@Qnpck-S7pLIb0 znXgXGw(r2B{}&y!|BY?h=XYNFcb=Ble<$DR|AFl@U#*+NGSYts9{oRP`)JB*lp{pC z5yC&Ji(a@%Y`y-=bs@2_@EB+1+?-r=vgR5fd~GY8}E;y@jybi0F7ez}fjgYr&7({IE* z&#lm$i^`x1o}cWHM9>)XR7kRO;GDW2A$3Jlir3l4Iz{99CR4Vq&#Rk_Jdw&+#|Q!PxIp;QDo`R+GM*L29ScwOZW7l-B+a*WyNh9i~kcY+) zj`=3xZvvhSvoGAyu!$_j*=Z5X(draAO!HbtSxdcE-0N&5q(h9H>YN6kz6g-fffLNa z+08&G2n@Jw?3nzGH+ia6E@f~w^(kW-;EM4fvvW=lUVWA4W9J~2ZYz#Brpdj}GvIy( z*S-Z|x~ji;r5t0RzFt;KdJx1TV$Z|x075L;Zi~00$NI%Cj`bC2n1^ox$3XV}Ymvxa z*^=c@pYj9EVK)hq_ft2*D2IxVrw9A{Ql}R_r|QuUWQjq}ajc*@R-tRZ%GDIgZ)>zEpY>QG2mBz!b;P z8vOsh(jN_#?QnAv>sAwxjHu8RF0s!NFqoZjmv#s9@E-gYiijd?!U)VtZq#FAo#(|8 zs5|q^C|T-oNe&M`-cW@pVUM%+;HLd36(0I?+8zS)aBQ~JfYGAm8gv|boz|h7;1hYZ zC(gmaW>FrpI1TmD6y!_1G(+ptntsI~LZw=xThmK=U(_$NI8gU3>eb8oN^Z=WEW9fK zM+M=35DISIu4G%h`p1wdtASwD9%Qs_%|7N7rnOx$H4aYmtz}IPkJ2kw` z(Zpz7K|C>mKSeQlT3703{k#Xf>>-X4-@dD(1nmEd!D}9x+UYprdju&|xTTtpn*mTT zx*ji5Ms}@B^py=#yG9+OhlaD8UaaWN(3WH+{51!F#;JQzYiyoNR_^dY)=w7*SyRjT zxzIk`sKpO~5$||JuO7U`i!~S~?)7sjf4bIQJ_Rh|4&&k*Ay%sv4J?5)xvh6wWh<`fkVC``P z@xB5N07fs8bw^@UXJm%cHJ_Rv7H-RAI12TBH@tr&7$$zW;iqP_7&3SRMvq zT_oV!Y4^kXT6u`PIz&k2B64n9L}b12i}f)vDs7(HhW>v!C6E4n(Y5DYL1cDKEE|$; zST-d7iYz4mbqI#U^$>^+F^}L}uQa_UL!5gd$RJBrQFS_aXIG!(cD6Gu-SG;!hw9+0 z-@C#E+#SL+5QCcdmk!h1(gMM|EOwq|jv?ywxz1`3sH49fbOelgAlNYwoE8jp>+oG5 zIHCNzK)3Pb_)&_#_-|^^>QFn?ThN9`t19z|Gzlo&qRF1+(3AAI$Ij8s&xysro4rkk zH=WG$9mcgkIXErtf2=Wfoes&PJBByHIpbT}lgH2nJOj!5I^NbQZ-E(vz~nRtsja%B zn*U|S~bf+O?me|1>!*uKJo`b`r$s5IcP*Mk52Dp<*6N#itMU2+Tz32mG*ARR$O~f zB+x*GrLBB`7q){saJ>g{Xn<=-{pV;Q*l?U|nFh|W5Z_x%E}UY$n))s339F4d1;^8I zMy9fhsINh_!24GY?B*pypbb5z*_V;SPjl|Rp=XG=!Gv4Noxqc4zW+DZ^aOn zm`5NQ7qp^dbvbJs?6|#PW&w^i!zbg8unC_Htf_cs9zmPN$xlb$MLzDuncuc}P$F%o zGWs;=MsH+s@Jf6ZNc>n3pKfi2(Bd`GvIwG2h_VKi1d6~u^fkEzah?#6b5uEeqs1ZS z1Sl#nbu1Ne0+U0a?g*qd`^MNU2&h)HnzKBz|lcsN+E)V4$s+nO#%oqXUgMB8lG>t*sk_xS4{_)JFWH zn|v0(vRybvcLCiWE}GRUSS-`h+zAffs_A`&juA;cMN<7vc*};$PKeWP&ov~99%r3a zFW4le`H-s}`Dc&I;1eHaoQO{ADQY-?0S#y$RguOU?`Ef{YB*6u3-0H_SskOe9%$hq z*zEp<+Y=02c0F?qQ_kPUevv%=L(lgjgURZTQO+VB5pqO+0Ja$Ba=dq`r9Ki@?_#1C zZgMgqaZ3mGe?5qDs{_YB{wQ_prOUaTb7OR3%x4@fX)!k~Q2#lqX@tv-rxx%1f>XWm zqSSVLuBlzx$zyJ7JcP{*C@a`PH#}U|!R!wjKY@_y$B5vFiqFLZ4F%BI{UMASZ(LR4 ziQAw4K)P@Zo|PPjSsnMQt)Lk=pQvED>a5uXU%mC+SM+bN7TEN|r+$h4$<^NbfP_&4 z!a#Sw8NV@fORkim1B6g4q`samT94ocd$j(_@x!4buGAq)s9Vjcx*8mr|E-NY;r@_Q zOYct+%g6f8=nd*2o}E67MA&I0^_Qe+I!RW9n+tq}i2 z=BOTlAZdP_Y&43H#;5{outjUbbGA z;_&PG9RsKo{2QE9Y93awztQ6fdMe)B+d6b(U}Xx;WA6}A+i^6{@=c&_+0v!BD(Ceg z4=m=xYe`<~2c>sHsJouF7y_VLk4!S&ngo6E>;c3dt`R*TmHBa3$1KM(6;=Z!0sHly zx*4!6P8Gd}$LCrpR6QRRf$26_&Gsy!nf}|oNKt>U5VBwq7*Wy6`knNbB;99igo&X{ zohpUnh-hEn*qrAS)7Po z-2qpSSReZNSYqGFf%-apNH9G6uEvuEvcQ~AchJpP31ldiUIZ#2L1Zv6;#^@W;6 zw_u>l055khc>xjMLG}Z}r5M9lgf{@YMAVb=00>7M%M19zY6j;Z2tXEjjGsZ@N}2FA z>ipTFQF8Xgx?qN2A-+P_VKqxF=K>Z2bl-mB0nYhYet1LT|E4x3WWNM%Tr~uMU>g6N zHDHvIh6U-`#qHA`YoECXx`o{(i@}})NzM--km<*|jU+^Z%QV=1q?ws!FRUg;>>*Ly%4YlcB^Zr@; z<9X(LNNL$#n?7XTw!{yB^s?r8X-33HC(^Y)o@hQ(`{PN0dK+J?!o#n+51F^P`!6R3 z>TnsJV1c@=_~BeZ9{QeHOpKD5{ZK0+-vsI(0tieR#ke6@im4jJq^MFy|BS>IgUh!= z@Ndr1Dm(^gB}&+RAz*uN=!Q<%#Rd<^w?QV%zQjxYvg@a_9&*ZHp7*O(N1Wtx zDvdA$jA4+xVPl{yXlV)jTtv@DykDZ1W-gMvAeDgdD1>zjew~AJ=nE^$BR6r0@)@I~ zj?TMf0fF8ZRgdc`cw;hvDi8i-OG4y zU6(%(YH9|`eTz*)eYsXs;(Vb*zYJ6`uf-+@O4F+_19fN~)SY=y|NP3OL{T1;nFqBl z19f;F)YLqvH5sVlJg9zoP_YbDuRN&2JgBi5sFFOWe?FYc6GvsBj>>~tr=iGLU+~h> z#X`4xCDq5&*O3af?m&B*tA7-(AB1TRm!8DF4uO@QVO_^%*|pGha1wy?-DCxx4or%_ zq8BPiYhdDQ)^}Y05YKZp-vnuhK`!-3S6N@hzfPTu1Vk)O7Gg5jjYD0u?RV|JF>pgY zKVm+304+VV;Fa1Xo|DW&YOhN}&RvEah?|_HO!iBV&lRmh_u;WA%OhsSX%pYufV#kfibU9s3PtEYMV$&(29}^7xZY$&p-r4Y{ul1`frn5*$ zc3|wD6rC>}f)ytXdUqmt2*ay~W5a6H8V$dmVw03v0%)tH!FxjgeTjYT0ykWN@7iSr zSobfIUxoN3Z&;H4Xhc&Tbh@a)Q84uRPPL8S(?zidfzYhVacEgJ*P}i4uK!8ff z&($sHMD1|Ucs+gyuKhO$R;Te%@C`=%sgo+UUSAm)@@}B+7Np5NV;;U>01J|r`jW$v z(|v+7pGNH@Pe(QbE&=J-Nu=Z7@YPW18Tt#JVCT;fa8`8hdk5C}dkvg?q^Hi`J5axp z#qa?1j<`zI;y0sVqKdD!0torV1uENJ2C zs5%TJs!>;&wNoku$s8l zjylQu88IL5Q!2!eU@(0BcLY{nk8%Z@5OMCwlXQTJcdjog9P);F2CNtBCU-305y4m1 zJArkQI>_Pi_j7psAFJN2-2xu}pmtMf?JwZ*Hv?ndLJLFQfN>wS4{eVBE%gSQ=DMBg zi6r<27wqq!vUcp<4lT-8ux04Cf%+ej%Q&YG;ji_2gZD5rU9t7R`L~ht?{!3}0NnLv z7ti%Yz9H|LY8B=fuxPE_Qd;{Xu=ofw&B5%u9L(Mw@|OAc6r<||*3IZ#kl0utoMxWv zl>c{5`464)U*(j4X9)Wij|_b|z8yBZOw^o;jjqt^A6ZZX>XAShPcDdYFP4AphXW(MDzO9`rvf0XR$M7O z!DVnA5ga9{SGP%>AgO2T)D57s2dEhkl2i)G#oYz{GOXPu?0Vbu45W!NR;#?i^>`% zcPkLXsFbg!AL+EIEP~@fgbhbcco_v3@IX=spLRYlUbtE*xr^dwqAwZpwF3|Mws;Rg zNDH(tHHB59RO6SsDv8bQjhRBfo8*0G!N*4BR>BE@we86|6t{HG^6D$R!skAX6l)QcVJ|CBUbfs=r&?l zJJWkiOlA_UsqS0;68T@|CCF2w?vlnJk1hCnw<}PPug0rxAD~?N)Vj&K4|nN4bY>sO zoW#GKj81Yq4))vEgsRo}7?}j_Ejc*b*Xt-5WK6^_5sGjO4Utex5hjnAhg@N zLGEhP<4tG%j~-WFDm}Kt26YO%YgjFlRn4p8F|gHGsY^fef7RAb*XA&B1s{y1y$t7C zX`Whm;o!cpZi1KXBYTf|3D{QVqw*uRI% z#LR)Eyl-67rhR_rwSRnm`%b=Y|DKZ%XrK9Ne71cD-lv`#rrXb`Zt|mX)y%y9%W*&^ zzP$fzRCWe-x)=_LFJH!lAvys|8aBvn`lI*9K7-Y&4I|kk^s_+SdW;wp#4=1_=PW0z z%8zhOU02W+T?-HoJfVh4GNZ5|zWlSOr$()sD}o)1Yj0zlq+H{s1nQTd7&QUA1LUIw zzI?dS0oQTuq4I=Pb1z5bS$r4QVyrev_)yjJJ#{ZCkKY3gA$fkyl%kBKh6+N zw!^V1$pnwn9|t*~I60GIlXXta&1um&40Cfa>Vq?vaW4N3HfG=tbeYH{!iz#BQDV9e zmBA5TEXO!lhgQJlLda`I2qAf%!fzCT|I3hrj^~4DA!kfvJoy59&?uTEB}SEX8$o!RZ zDd!v#<)9+=34{3M@%N;|1P{8Tj75K)e9hnM2S~j+l}NstBXddSmjjRcui{s9fIs!^ zKrpAg*01gbWs}d8{hfavE2B1zc+@(jtbU)3iT%ro$7a6oAr4%Z3ooSjLSho^_{S&Oy-S9gkivI`S4yh?;2p( z`yMV$!u~Y$$3T4?LOsQG0du3@In;2C8~N2o{kdA^Q;M{Y&Cr<$kgYRU>rB2DSB+Aj zuQ7>#Pc=rfk`C&~3uWTqJgEssZ1&mkXOZeNHBA0rHSD}VYJgYkg>5kFri-Fp3W$)p zQLe+_a_K7l!|=@Mj(Ky4?x^;-Ya4)lO(SWQ!*7~)>twD9zcOFuZ=X}h+im%k{K?HU z{j+)K!=pRMO$JaXg3Cnji29+s!>8t<5w+X>ST-eP0^Fztox;Xq{EPc3H_6P3s1_G0 z-qlzxS?%AE#v|%6H!HBZ66HDMi!l~(55enWn2#a&?!GOs#?4alANmW%o`||i7v}i^ zeOmGw59`KpU++?Zf;E(Pudzvg3}U=ERBbd!eJ5x*`(8c&tL@bcId@8%GKZr~_e`0+ zH%iCsE+M-B2B{$$rHJ~tNJxW-GK*t!#%uQi{yiOxn}P9*8UmZ|GmPt{{Xa`xJ{*f} zl)NmSFQLuSOq&U(&Bk1HyvkE;-;*b=_4?=MSq_E{F>gCx?;QGt)cH@!t`)D`gTD}M z()siPD!zl30$MWW!4Zs?V)RYY^md*Uhrlr2Y6yX&x=P2HOKVwjYDxW8?&kE}#!y6J zA~UxNV~IGhG9oBkY21R&;zzl9VGXO$@9p8mMDFT0+Cg!vX%|@eAZksQ-F-Qr-LmDz z2l%o_K=b!vb%iWSN9gZ_X6hGVnrBL18{@n|>2vZ*Z`CaiP@|>gpbSi^7urouEdx84 z5J!TzY#mnu0j&Jvy@_4Y?Q$IioK|`)R#FzcsYf^U4uE644quM{e1t4lb|Z;gD$f`o zVF3Pf0*P;2&7PN}*vI750ciS22LR#JNV%X~6TYRnVs{EL%<&Eb-eTA(7K5lNI#k4) z#NjjkfG*XjZ>zMLIv%4Xo?)oXugO`Aeg!Kv3{K{l#@)`W5z-x@*U93kuY&<0xzAp6@ z;eq(5YL@kb;(PT*6l@qHZa45oQ>c#WR~`O}lhkv1rNL2WR+!YNgvO2Km!W)A^}&%R zIv1)@JEqBskNb8yslKVP3GF|};(@UU==8i`Gg@lkD6bxg8o*2FeLn=pd07uGwyejy zOy?C5R-?M;RuR8~jbole3&U`jJ1moCW}} zQvFmoVOX!FpL`kLYQ4S+*t%jlzML2a4foVCD;(dOZdgsz2OgY(t>|Vr3Si1(q&h6` zTnqP|hzedS1B0Y?wVkW1T@Xw$Tv)kuiUVm*haVuURLBkLAUso-FYp$Em$5df!c(<$ zAHM)9b$mDoKe%=^o33pczW{$c_HpTTf@MF!GMKv63#T+fz`&Z0_po~akmQDbd5bIu zqC%e!W$?c9WEY*0RttjH#rwcr1k3DqXEGi0U|}~TL=X?zO;`YgYm*&C zKB!rz2%7ex*_Mm#;zqV>jbDuWqIljB9MR|ja+#)MSROCTwA(L7*d-@3*WV@Sfvv&C|qAc zF@#IlFL-M!8*;6d+Rm;OHKcwLK7trqHd?NGM%8tivr>-$wy_HT)aVZ;-v>KXmbsda9M;+}p5f8Ay@XKj_*bA%D88VGo2xV-PjlPp%o+pTm9P z$ki}s#@9CTp-cM@a>c;@eWQ;s4f@rj6^*6%N-aiZLg^GE#0Wt+8g6$dK%aEGYjy#1 zEj078|s7KnE!4aYuh&D!tp!@@m*ZF$J)Xq_ zCQA3Yu+h}rfKwLxNXMQ5X98@AtPyYr9Ie5Iwk(N*^CId#`IdF(-DOfkNS!D~Y41oL zV+#$jUc9d}F@2wks>fW&b{dk}A98vdRSCHp($&~;E|rtdeHKF8>VrCv+L{6Q8u7G1f+(7gmu=-&XM@* zI23AjC%xt(@ZD+vK$^Qb7fTL}I&xm8MaV#$`3Kg)ioP$=HQsfQ$2-tI4 zCis`tLeGKpiXUk=tP#-UH2?BXm~8o&p`$P1!O=kdrD&AVW8U$(L%*8Qw|Vtk%byzN zz9+f9#1JpuE#6$fqz82YgroT|v40UX|KCX_SHDIE$=SZ4dVr&5*MMqFbW7lXKIAd1`j>UoC~8|SDSHu(gbGF z_seiWliPFu>9ReiAqo(4*0}X`3902Bg{Fz7PR-&<4fo$FzMoRjx`FsY6%D%3{WJE6 zkeZY!2G`M^c6BZRVE=?1@eJLvWEckamrnBzZ5W^FafKB0h0|9Tsg+?z+?a>cU9iRN zXZ(-$i|a8)+9w_O>irkTs9cZH{4!0|hDzV^EyS~8CzR!};N7a$@xH>inWBx~MZCft z$0DzcBgl4?=qrI$=VPY0gK=vI$+foFPwEGmNXJ--x^j?g3CNN~0JpZla?J_$bU|*L z=JCc;NEG6yuL-KPl~PI@!C6!Knj&?xlPITsOhkN+_XN%wAJnn6nOdX1de=$CD-A)9 zxe(GIj*%Xc*!5F#sxR?LL8pz0t%cT9y6Kl&9q?}@!tdkH2x~mUo=mjH7mM0fht0sZ zSz6!<+`ZT03f%D?8TJPpPQMnniw3*I!8LCbXnYO-*cTbk;g56*)*i7l^-(X5((IJ3 z+Zmskx|sl6r`tf?rlD+;elWR|3e?kUGqo50G`@mzp*96)>w*S1f*Eqo)PrEWn@ucI zW1YnJ+{B2g&`CUTBD0@23-@;T9#Z~&hFo^Vd^L7~CXVLn(PU_8Ptu@X-hYyKA2>^& zhy$m!1?K3rg&6Hm-9|au&kxk2{aH4#Nd3u4{K8F)!2ev}FbQ*R2s&O$+53AKK$um6 zn2TDz>F=U8-@Kfz^SS@@sW}Us_2$LhY(%z#O(rz;{ADDh?%vD%B5R{K8r{+~6H;kr z4n}g{t9I3Lpv^X_h@ae_w?;3P@37p*$7W*8_YkV054UbCG&@%`wTedQHAl8?EQk-c zUfKI*#m>E(s!HK?@cU-bq5AL8-?*FpO5)SP_+hOZeP)R~L)p55`cOx+>+D(08&h6z zx%D!BVhfWSeHrTq#*@76YpoR=lgn#SE`At>PdT36~SSJWaoUWD>}bd^rW{%IeYt#iGu^JUp&Wk+<4 zHus5vKB}fw%CI2LnEHO89-**0yPUs#FC2+hFtVa6kX{J11gO?FM4tS?~qO z{7)ph+qHL+E3~3#2BFLK0SM}mSW7QN)qK1e#*v54hWb)(BiE7V=rHbx2kKrx5;`7~ zokQQGxN2cb*AuJUy0Nlxh2Q&8074>nqRosxYL-US?SrIhEUO_k`3M)Xw?M|ab?}J~- z#Gv&}Kus6a8~_6`6&tlNDRotB9lE7)GRZd!NzxFbK1U&MTwE_GWM94gua=S_#CFxPByy38-PzR&j@1l~({?ywGoe+KX_pZJop zYtTSh-qiXZIKT&d>HuHSnlXk>J@^2wM&j)a4`6n2w&^XgI~Vig9H{?Ok&oeHe8Q@#0VyD z_)4w$~8bOMV60voyBV8runZ*p9FVJLqZrtIXqakY8*1 zTx3NKi>XR5j<*B8g7g9Sc5(34uT38u=PQWwWxs;+ERFLFjq_=_IGg1*21rQi;(Qcw zE&{9!;99e*{!wbSchS#cZsN+AOKX`AZRyR0OepUCRsOi@SFk@%V}F*$K9@fV<73dc zV8cH2NZvuFXl*Wy`#0Jhpre0QXnkb z;?h&Ha^zDuqIvinSvdv6gW)&s{}q0}f{)f$G<{YIeX5~^bjBUzm0Vz@wUtKBdI#ivTg!855%=l;ZbHvVo2McvO#QT7E)^E3Q#cmsaMDGXr5RhS1oyT3& zh;gnGH%NVS0z(vORma)_3zHw1^n6t+vUskecSLB!kJs?HIZ}Uiirj(^3Fm(?y~4Rm zOAN)mv~Bp29L>{+y6c(NR3vu_F&-TvIgoJiMXaM|IKQuzh22w%7K7F=^diOxN+h6*!ahb zjEm%NP#r4q<6)c6y( zT~t(5RP18Mj-sMsZzzh!-bKU`U2L&{U|A6*_NcM97-NgQf~eTV-WB`e+I#1H&g@c5 z@_pZ5`S*p-&e^?X?%bL4oH;XhX0D4Vs;0U(dCWFWwwZ!0NuYCQwn~OP#xWj??)z3L z&91N?%QHxRqcmwBQ?nNmA!V-0FLl3l{EwsD=@07<$@!*!d6ah2-cCK9@jq%D(LebQ z5`FsNde@)-a6RjO%k^6Q`+Bn9^j?j@vy3;g#OG-0^`F<{QjX+tuB@qfoICa6f{Kf& ztQZCE_FpLDkiiopVqP-d!&>ho$7|1y7*lMp`Z$Xxd0z6q%**7baIy`a!!yNK8_9C6=)U zb&8vHy;b4ga=XT(0p$0dtf_^STlIb0n$}s)qp;2~SBU12#mK4jOZ=qH4V|v%n5xq) zsrb5ZO>#CQ?V44r*JI;I>-7=>xn8rh>(!9!vAafw>+uq&An87|Xs(#ApfCb%dSV$1 z5GiJ7x(pbvSWMl!JgV;8HO>E$^qHoxOJ#8%Not^JXP(qs3`kAq;g_kkhR;9rnFJ-M zo!Cc7??R{4lj~U1JJoWo%AXW-nV?&#>7}1D+>+Q!rBz}BP0p57GBeYX>aRsJrux*W zpktU>)0!M=EB0%b{LX;9+Rt4$nlkC-n19+cRo*B$@Vj*|J%5pUS3i5*;JK5#xmvpI zSLLTna{H7jryYCZD`+NnRrfioewEFZvl$Fkfo_*W>KDTt>EBiPXDj`=EO20FI2iFU zyJ35KS<2hT0o!r_=hj{PG791!*OT-`Jasf3Hhoo|RW52Kw1ovQI+%P@Q>&j5$!6X@ zRAApI-pS7J#k2~GIq2Tjgzy$-M-~^#%-f=aTuFUk$^{Fvor8*I{MjYg3C~U5<>0C2 ze>gLh!>^can2hQbcZ?Arkw=gWn4G#F8U96{dg-IL@ZHp+h&VHJ>4cU`R+VS0IeU6) zC?684MY$ib<%*_4sRtW68xvSls&%eZRcVeE7Jgz#?4-Xfs4M$0 z1wnx#s|U4|E7+SJ*N~{)xyzuJn`{`v*vOL9jAIzB4wzIo*bY+fDlHhg+Ol^ry?n5y%BFjabK zE2f1GHS6SY1f$LDs1wQ-!>^WPQ(zl8mjb(6LKT?h3got_#{*T^2_V7&&D7xmrW5&8 za)O(y-+`t**557E@Ajtkmfz_^zyEciQI-pl2J>(KSw6q0Jo;Dp3{@4%kL9EK!)b$% zg~}~5G5SE68EgNS>R*$&fXu{_+m*`P(VF5x)-8^v_m(W?%@gXFYNm(Q4MWt1K+`45 zZ&s}JV?8AtU~-Ah;p}_H5~qJK@8@GN4Y6)}!qo;lQ@nLUI(*80S5z;-N^S3x|HdS_VTxzs5a+9V(-mOb>(@3X-1lE#6#ftpvN@)rGD zE9zCm)U%jMv1PV`L>Fl4=B7@f_Nl-N6jeNBQsW7rX*=HXBWNWtSWBvmgAgHw;T{lb(#W;5&F)A^JR7on=mJ zbQOm%ABT#eWv4Z=arW>T#ezFWGZ~Y3?D$e;GhSP$hq+kLiL?X^GS^c3hc=g-7q8Af z%*S3c_|RrH<+mip@`__s-hJ?m&!(MRFF1tM=dz|gZCG9WP8*UF>LO7zu@p9b>)Zr2 zy3W?r*TtGKvVWI#|9gW|WJ>7%uvT_9=AA(=(=O51yeLh7RQ-+1Ng}(8hWcbr&*AoH z=wcL`ea#psL3J+POQ5NvC4Txys#vs$nZNBBpZ-}P#A|9YQ%R|^=wRxS+p0F^(uxgp z(V%~plxGoDQh_GT5-;AQs>l^@VqY)~QQaJ6r9v4UB2__jhvQP(Gf^^wKpl2g=H zvziX1w(4c;bhY(T`qod96EoD-gXvrE%hnjR^^f$eQeg+pQCnxHZ&mZX#8U8{pY*Mp z<=6#kYyb4E3uWsPwY5$9R%sIjEmK=-rEWD03tFMJc&2UX5wu!u$&X-Wp8D2 z;!|03&en8OjfE8*)?xFUjW(7u`wYQ`WL9 zwogs{q(y8zYOhUmh(s$^aC}As?yKn!#0Jx;SNzHg3!3^!$qxOF#th=HiHr@slRWr` zbJTiXK4n82r^V^Ze&dDI{IbS(>9RFGL!b1x?kBtc5SKj9G=4E&NfvK2Ek3&+kFlh0 zQfhpb*){2L-bt31zJ~EyqR5?m;hmITiouAFboRw@E5;)kZXQ0cL-bJP%8^O?%;2#@LpM%=x#O^Jz;_I zqqc>txxpE-gWS~2h0``m-Na_&C$IDL4&o%5->En(8upoPBjX*5is>i+hOJBfogk)M;bWPite0 zPt%w!X{S|BD{(Jti5qfuFg3KCmRj1>6u+eBQnG=n-dd`LvgyU?&M*$@*dST?-ReOk z>s9{H)0u4Mq@anZyMjZK%d;V4j>vd1Dij$k=E|JRa_W9%Il~U7ed>qw(I`i1nr(F~ z%G@}g^7^^49>?@Mq?WRd$Dn_lf0~MC3dyqq7kR@#&YbG8fsAJ`xkTWZ5B; zykHntc*yh$xx<(|%3oKzJGs{lN4_>@kONN&m1>1>`pC#<5MZpoSJ&C@67FE*H~=YwE6KEe%#fVVylWqE^&E#~|s+usA*KP1QEb zZ7^|$v@%@fhM^d(^ET9_l$y*}C=gUU^=Rf7>y*Bl>jm{#lFP;4>?zH^KDX4t+;8b1 z&-7z;mSfeC9F^_1I?7Us|1bw5Revn)GyIg{^(^{GC#UGDzv=aAA;*P|15-&q%RUx; zF%882vD}{MY6sIsODck52FPprmRWvT2K-p{$&wQ3ADU>{`;Yn}NZ$9YvPD`-rk2j? zUeoIXi+|@z3$L)%4KKn1jS(p}dcOqBb)YG~r?oT;uJRt?6icHfuPP(@iUHR{oC};2 zmxz>1!?H$qV6mw>DU5#kY9|(e;t4AC9JS zPD(#yRW2{Nx}-9|RGsxNEksVu%T}?^rufye4I8*#eX;d=CUc7oM`S`wtSnr_jM)hl zRAUBCr(TzQO&~gXu%a?SJ^x4{XJkC#5ssNLlvD<_OHGe-);pU*HYk$GOg{zuq~>x^ zVCq2}<7gU{#RBkX{N4Zg3jes%29}d1JqvAay~{T0M#RcjS9f@KmGusfsV}K_cv|l8 z7;3$|y!GxzPgAu9&j_9wO%aESq3B)XQ9s+4SS(RP+^BRlWMMN9PaaAj$N2xHj&ZZ) z7_S?0G+#0v-9e77PoV6nr8#EBRbJgv_(xnrii<``t(nt`D_sx+OUOo{6}HGq=YNw5 z3O3wRSIg8pdN{211=V%rZ9;iDi)W|74%X6hGgY=68LzIAZcpg!m2u_n@_17kuAaub z%=V(Ug9Jz`Mj~=E-m^wk%HL$RPCiqs<@2y39j&zbBjRZ(bl(?0%tw~+TTa`=64^Mi z%U!Yy>B03RL)odOTsXH6scuc^P+(${rnE=I7wR2p`bVU&AbWM$ zLj8F=8Q(FM z&diS0Pn|70ED_C=%Fp<5s{PbJo2lJ0O>LFgGSz4}w-Xwocfls`;t0!3rS4RM*}U(B zwl~v|H?;P?V`x6<#;6+s)c*~ON^+f}Z42%e-ShmU1~}$bx$JEG=y}zUH`>`fBF@?K zOSEfc-cZP`np`X=St4hYOzI-Gmi}HB<3kjMK3OIaiItESH=qjfrg2VctUy6(J*vQ& z>QSF4t1a&jV0rn$>=s33uz+P9F6;Pxv3pg5D+HKU7m>88`1Fz6<@S#Rx!77QSb*vI zT8sI@F_4)z#stq>vILPaiN?!T5K2u-52n<9R0{`jXXxiV%RVA2kQ!MBQ(?Q0DZ;a} zbln-sDYMJ!fF(@3vZ$MAU_4@TBS2ZY_NK$?DW2R)CF64z%zqYCHa(^*wklceO*1&t zdVe0uN-(4NnfW5lRHBtPm4EcG(7u$GG@8m|ojjM7)ANs~`upvCvCxc9QF~>cdUP8b z{fwK7Z8U36?Hs?NEZ_DVL z6b8&tU}f7#U@|Ft$1`QQIx}MAg^zPCsU+}JKRUxxeRU5RiA@{t%@`an)7`?Vv@$Sl zEl)>S_V9|W#k|tcUcwxBxZBXRnPT&bMu$Jd{RTN2$+2IW6llc*T+tujN|Nu3m^@(PgvI zf--)>N3b=PEk^w@ZLChK@x@Tt$oi11&uEsFP(QO4;st$!OH;q7H5*@qC0N#MyrXY$ zi%$3&*MZqKbfJv<3Bd@FR410zVur(3^CZ>3$Cc>4^Wdh{gOq-gj*rr@eC22F=Z3Dy zdqh!R(=YMT^T~)NHlK|zjbC^{L}+nk|H62qb7h*&ZIpZQtKSGxEsk}Jh*8d!Uv`pSlF*2;1JXzya z7p&$@F6wtQ)O<>Z`fQfP!wn8$<7~u1#AZ+WEO~q_;;v&>S{o`J6IYzP-q>J%NO0HOWwD}pNSONe$p(cmw{jN%!5%)i< zkqn$HKSNtZoU~2m1sf?`CbS+iH#3c;iDam5{4TYY=WSLSC01O-50{Kw|46iLdEU^$ zTx|W6-jc!Z>9}JJh@O1+I&c03eItv@%DJPmGe+vF_Y-}j^zbBCyDvpuw4b_Ri)HK&@ zEXex!e`7(`y_P9LmIWEO#z55D){}u;=6bV+3Jyb_XJ6c|AYy=Jxj;=UH+m^O@ z&6|k4PZ+YOtn_|v&Jk9lwEC`(mQOTzXbU_I_pPV;*fhO_g%e^W6x4 zn@h%%#w+VwLd#^(54zC|)i9Fuka@qs-ewqzpzN`J2OZl6SD*3*m$akIF!IFg==~;i zp*#|oO4OsR$&~lUN=Vg}mi{KjUaF-X23$)kHxYSNo#dkTCAh* zHNG%rr9gU{OIkwCrjJWhn@b*#8@m0Y+2s6HCb>A9d-CRwPobS9MZ9d~tDCx4byIV! z$r@jWxN8PANNcK9lZB-gr^n6w-Q53Z$!+|iV&980Vy5tv{^4Mx&gXQcXe&mwVeV$c zXFT^pmaHo)-ALQS(u5Q%6_H}6pDrF^#Aj#y%x`=N8(SNLH0d>8jjqL5vl)8u;2jx) z>&)BU#H|ff9(;S#Q5<1Bc(qpdA&HP?S#68+zEXbT%!@BRpYN%@c$92cjV1lm39?-| z^%F*d9}fMfAr@zTLVpHbOtq~(wMBKCsqLy~n%bp$=7`2Fw&qSz^;{!9rWl%gCmNcW z+mJxD1~~T4uK;~}p-ZJm=uV^u@>SejTm6BTSbY5}C&^9A^7W}BYb}!38afp*t;r_+>qKv`S1v<*&{e7~Qz1LGIY{fn zj~tdCmi=jwv=0dE;B|g+M`K)7P4m$Fe_!0ui*^tAxiVl{zvpf)eZ)YDN58_D;1wJG zrE%ZEp>*IHkA#07Ft~41zGgWR{%NqGZ;1M87#IGfUZ^2R4mleBx$j`Z0NH*t{8R6G zE&bHj&`#1$3e&HsO|)UdS{RQ?lK7qFbofIX`kKPO6NC+`EHx~fS>nEtO0?H;e(bsD zu8)Wy0+uNXzb{1!<|D%Ip>QwEgCkOG4~Xs!%cELS$~uzrqjAr(g+EHsTc6uWL~_Q9 zgAw1D=oc=Pn{U_yeb`q$i-+*bMU(3cFJy@};=5+B9OS}9>7N;CZ`l$4P!?|uznk&_ zZNHr5bVP~+P`VCt-sM1yaus8DvhZR4;RX3&!>l15#n~J3(=IhQhd-pv@{LrbqtmK zWe&}^xTAhgQkLO4^j>ZK-|D@}*cQu=hl>}@G&8UB86xNxV?DHpR7GInSa8PG7>Yl; z+1}z$`PRyA_!1KnQ^;~E`%=>rm4y`946h%4mz%X??iFFEM?d|GSU$)3&8|H;3v*I!+)XX^E&!uiKF)30LAmN7zKOPU-ap4k}kryk^e)fg|1qo$vG z$n#vZ&-~Eqk{Zur|COE&0cZy^8Ze745nov0c{d1X`h?fR?CyOsmx~ckCBKo3vt?P( z2(zsrpE|&N%i2DkDtYP~_r$Sz=v%MzoinZlr0(~BivRQfY5ZxH&hkb17uI%M#8X!s zZ5Lc|XOk>)j)jdbtA!ug#q{r>c0*+{ewLiF*)gK_W|vfVr>R>h=mc-1^0Xg$~SPsz2+ z5>dsJM53#;(sJ~;^X4WAb`rH1x1fnCX@hg9q^T&(o*8!UVYgYIVMCHSzK-R1qx()( zDW^VvP&cdnOa<|3x_T^`k}Hff(3_Z&>nUF{SPSvbq-WUG$P3zdY~?|`L1E-TkVHaH zot>#rc1e``PigZ%I83vZBd(LD@(qWBe*2&lQj?O)zy)^6uC(KqkJ`Y}6Li%Z+?770 zB&sdZO>B)iwM&*82~AGpm;ThMwxm9)4r9hc3#fUc=^EcJCVG@j#MsG>bhCxN#h-CZ zaXk=`kP`Ya$bTnKqt0}GBK4-~E{)_y=yeYatG(|YWgXh=sGWSV`M-&Oa9aGSYDjwV zMWS@YNOOcY6Mz$JcrHQ@r48f$KV}N8f1t~-{4U|&B{Wn$DB{QV&rw_N4+i%rdvfSa zN}~CN%1;{!O)gm^^PN>?*{%B_XBu_9&HIM}RQ)@2hZ-aovvZbu`JprGtE8XGiK(eQ zbt-i}%*%+U6^)O=YTuN+(ND?^E=TR;hmFa|+=#fOOwqPsrV|vfF)1SHrSb5}Bz7j) zJ&@!1i_*DqE5>7G?A(zNA06~F&dcTk^3!IL=dmR$KO<^sq4}*}f05Ci%jKZx zj?QZJ(}q`Nzmv=-&_~Kpj9LXG>ftq`YI`8l3t#CE%Y`?$&1~y!^ND3Kq66K6ZB4S` z6NMfT?`S!5*p20qN}dii@JiV$<}6Ali8t%WKh;QZWsRSbQSI`6q$mA(bR&2FwkcKe zrWo>mP06K=L0#41DiZVA)QK`t4R}&%V<_SuR7&8Iku07cqguISwqco$=s+3txQt7w zgg9FgqK_C3-lR7wm)wcXIb$mqo{ctljIzyRb0zGPhhcx%Cl^D7uuqPm{!xLvip$B^ z$~CH$Yj~WzcQtH0y^c*=xq5!IImR`N=j19j<^^0-zcYI@O>jCm=)7rq!g>Tdp($#lo1p zC6uWP7u0N^vdWGI21QDyF_KQpcqcZ=DTb-e@}h}VvO5>MQ*zD0-1!Gxk`0n9v8OBs z34|C`8TZUP;;*WxSvbumIDgPrIkK#?XodFewKLrC0P{4(fj)F@*m!G_;Bu=>4M3a@SzXB3Qs-oS6n>f^Pb}n zH~ppr&$x&?8Y6u^@~GGIy7hQ2poRS}owP95i&VZes9|AaRE57&Dvij(nrH!YfE z+JUrOFVXTXv+1<@^27C3SdRYB>#6aMfu`TBha87VzcZ}elIqVduYo0F>V_dRHBs_d z4*StwsPob7B#T)H3@XO){w5h`jdsft7C+Ws%YE3N!kYEOv~n@Nf~kspTP5Er%C`-C z%Wz8S@s4T7+om0_{m1b#Hb=U}oat3?!Rj%uw++4y*7~Xf&Mn=wQI+KXbi8KT_`iI7 zu*{4g4<@QJGB{6M;lJXy9Iu%={>SkcC_FJjH4#lDQQMeGS`Ljr^`HCgO#NxG;EG1VTtlDzt`}B_Up5@x| z#kyl3JIr>fL9Ql!i@jquku~-%8BUMV$!Sa`@lp0l-ffi_YRkJpH#ddL!@fhmck!+hNu zduUc`%-c9W!A^3O6llrvDB84@Dj-?fiD^lZ#>9UnWg0tvNQz5Z{jAbs2+5EZ-YI8D zPEX5iYmAaB%OwSPC83Q~c~PV}n3LsidPq`8xA7&@vz{l|Nm+13&5~mIW{snZWJBsb zNrYBclm3cSj}hgt#oM5(=yS_Xj6rjcYU2~`lij}|-*H1)WOrlNr>tZHk9KHJtML%d zQR98sSBE7q(19xGfQ!v{{m${OHs2$Tx|wsPn~a!#F0{THHVtanT*f>V+I}i9#z$H z>1=Z2>f!-Wt+;qLb@9eFXY@N;rC!{d@AhPYmtasvd4cKK;4J$0|8@U?Q98@z(u<&A zh9bzJ-)YG17XDodAkg%1 zjY@hLUgJO8MI1^oC#Ttif0Rq!4CSIjB^<3eV_=Aa;+g#X*9{KIaD%;V&gplyaSQ*f z?yx=I?YU@6spZSqS#suQS9wV77I!ambd^~=U(29g{bC{xmGZu9$R9N}yR&x!`ZYGY zqj$oH`bpBs95u%& z3_%JF?6Qa45K`)@-`U+Y?h(n`VRI)Ufu3ZsJ&_!UM#q=(zHRV}DqG0=(#Y4DLkfNM zzBJ;A&54LZ&JkliYRsg`o35_Xe&LO#hg{VzyNH@}jIq+LIkQuS*IK8NYmw9sjK-B( z!ctQ(;`<>zY7vLsEQsH@PaRU+ZzP7lcoP-2P@%sH`=~HTg&`^&szQSbN2zeE3d2+w zslur$oUXzc6?Rc!4Hf#R&{u_3RM<|19aY#vg$q=;ScS_}xLJj}RJc!tu_{bd;YAf* zRbi3}AE?lz!lx>HslvA^{HVgOD)itva7yuFDlDbKiYlz3LLU|Ssj!I(Td2@qg&kEG zqQapnG^lWt3dgE2OofpuoT|de7HE)~kO+?3+- z1UsepVHF-z;VBg+s_>!;ud48-3X@d$K!qk1K2@QH^O{!<>Qa5(T-0KK0$nXA6?yh?8nHlBcJ~^@|X9~zr0S-y&iaZ|G*)) zw+uP*Yr7*Ad-zwh$&}fq|CvAfmkAtK=KJHk->+=%b>+{NkNzC-bm52-GaH_mSm^hO z$Bn+n$9UWpMTnF{;Bbd${E4qJMv8mycO^b^jT)Zma z!>VBq<_(Ko)H!x%=%Jn8?z(@QU3=r~5-oyDR14`;t?u}Gbw9kz^x;%Q>r+*Nx>Q-+ z=I!c-=c+t>^~v$o&-Z5keD%-aSG{@#c;zZxH=L(TI=SK#tc^7bQchEVh|DMH_edgiY!{h7yLSMIxKDMRvj%S^NFCGX! z8QtjQf&SMHcn@pt-E7Y7W-S(6Y|(MEspHv6&CVw79hmsyNa+{rTR&X?Tfz8xduc3j^SdcAP{-i2K} zD!QaR%$M@!Tedgn4-PtiI=sbcXE#^poF%H}d>UWjY4-znyU(w>V!q$hQ+|2Md*?Yk zyTjqN?O(4Q|8?T{+G85m?sIHIpRRizcgyR1ie-UZ>Umz-;TbLE7a zMf~~|Dcx>->6lu7#!Sr`F}2b36OEoHcs}1X@WL+FQa-M?*N(p3ZQs3aS#uZ2dgHGV zHGiAkx?ksdt(yDbLiGouUq_98e5umoV^Ix`RUiCQ^+DHn4vMy!9(`#`pG&P4pKtX? z)1*H_u5Jqn-0(T@?Hh-;PtF#9()YxszGL3b7_+f)@$O8$Wf} zJs@%SzdogXDgRNW?yMejXL{zD)0hABak()| zm{FH6kM3aK>jxiQ@p@E0@@V~_#9cx4CdSwM&2#f_`!ui(E0{5ykxF!-MY{{!If4gSr*zXkYr1pl+(p9uah zz<)jXe*ymn;NKGbD}(|M}qW2mX1$|1kKk z1^@BjUmN`UfPYu;&kO#;!M_Lihl77>@V^QEMZmu__{V_%RPb*E{?EaG7x=q^|84N^ z2L4&W{|5Lcfqy0NuL=H6;NKMd?ZLko_;&&SL*Rb_{5ODqFYx~r{O5xI1MnXW{*S@` z82DEQ|3Tm%4gQzFzZLlZ0sbN29|-<$!T$;P_XYnk;J*?49l?JO_>Thr;^1E%{N2HS z4ft;Z|D)h<0{>g!Zvg*7;NKkl_k({F_)i1>q2ON!{I`RDKk#n?{+Yr5J@{t>|DNDq z75qDZ|8DS~4E}N8UjY1sb;6DTW=Yanr@Gl7dQ@}qN{Lg@Y zd+;v>{&&ECI`}UKey;2#A3^}zo(@Gl4cdhp*2{_VhjFZkyM|D)jl z5&WNn|9kLH0sqV3e;fRN1^*u4p9%cWfPWzPKL-Ep;NKGbpMw8P@Gk`ZM)3a({x86P zEBMa<|1aQQ5B&cI|L)-55d4dRe*pMD0RKhc9}50=!M`^6w*dbT@E;HU@4!C-{DZ*1 z4fvk}|4-n55B&cG|6br<8vGr>e=hhp0{`E^zasco2Y)B)s@P7jSIl#XF_;&>VD&SuY{BMH)Ht_EZ{;R-$1o-a+|8d~o7W{94e>d>Y3I1!q zUybGg|2XjX1^@ftKN|dZfd57Cj|Tt#;6Duf=YanL@ZSvnlfZv3_#XlP*5LmP{3nC| zLh$bg{@KBQ8u%xJzb*KG2mfW@KMMSdgMV}IUjhDI!9NWA?ZCe-_!kEMq2T`t{Ck7{ zNbuhT{`JA%1N#*V?*{%Qz&{@R4}gDF@Sh6)<-vb8__qiDui!rh{EvbE z9`LUO{*S;v7X0&q{}S+D3I2ZI-wyn1fqz!;pAP;B;6D)jOM(Ad@ZSgixxxQ0@V^26 zeZb!U{;uFZ3;dnIzX|y70{^ApzaRV?fd66e_XdA2@V@~5ufhKk_(y^NVDP^V{x;yh z1^gF-e^cwP@z`qXo&jbIS;I9LJJ@_Yq|5)(<8T?Oye+>BBgZ~HccL)DN;2#YB8^M17_~!xt z-@v~n_?HC#Yv6AN|1#iT1pLo~{~zG*0REN1za04cfPXIVKMwv=z<)jX`-A^#@XrkX zKY@Q1@XrVSeZl_<_(y_&BKS`Pe^2o51pWoV{}=FI2mXV=zbyE#2LDL#{|)@3!Cwdd z`@w$;__qUpfAG%?{(pe~IPlL4{=LBe5%@0z|AyfIJNWy8{}k}g1^#C6KMwv`!T%}v z_Xq!P;Qs{t4}$*(@Sg|%ox%SQ_`8GuM(_^?|4!gv5BxKMe{1mX0{(BozY6#}g8yvr z9}fNj;9nQ~ox#5?`1b|>Zs1=E{Fj5j9{jh1e-`ks2L6k{zc%=n0RI8te;WLkf`5MS zUjqIH@GlSk<-mU{_&*2#FW~@b3Zs zg~0z9_&)>x1K{5X{I7w3bMU_n{ujaD1pdvye<1jm2LFfPpBwy-fd3WnZx8-+!2c}x zyMVtv_=ki4OYrvt|2^P;AN=2d|99|@1^;Q_{}=f01OF!AZwvl+z&{TBL&3i{_*Vq~ zeBhrA{0D)53-EUZ|El0$0sQZR{|fLw1^(XP-vRtzga1VEZw&q$!2dD$mjVB|;J*y~ z7l8jc@Sgzw{lI@b`2Pw15#WCU{5`?{0{HuY|7h^P2mS@Xe+2l~0{=kpZw3AZ!T$#M zJAr=)_&)&uuHZiy{9l0o8t`8S{;R;hI`~I{e|2+67f&Vt} z{|x>P;9ng4H-Y~Q@J|MRH}Jm%{!_t!2>1^J|6<_(3j7nmzYX{o1^=<&zZm=rga0k? zzX|@6!G99?$AEu*@IMUx>%spj_}hWM4fy8(|CQk19sECmeCx*@z<{-PE9S| zBGbFCS01*$ajfX-cpTqW^UOH6W_Nl|^vd_JN98v28%_x5l{B)?mdK3*_qs0& z|30UTyqBr@unsc|-7o!T`+g3k%v&=b+FoJd zFGnV?cC3Ek^^{T-x2`@|bWd>ROkF1Cepbf)?6g_iMz4MO+TqRedjndXetW&|r2}^M zg?d#vH|_hH!@mcVud=NDn-!JrPO}R&zhCA3G$QNz7d?FKm;T(XjmzNupQaVAQ``R5 zyp48sZZ+EfsO9$PcE8$nJ^b^Ki}toDx%_(+`?4VK{N(+YPc`s0j$CrB|Ni=>%~PX{ z4mCRGeSG8jvC)m4#x76R*B^VlVB|;2LyMRkmZizFGL<$A&0et8uudUgQnGyutT9Pn z@Y2TGCB4g4>vK)-RCrC7pmXgyFREF-TCpwtot*WLJIp>m@A^gDN>x#>y z-t~Qp%+KkO{b=O4V$CLftiAVq_DY{N4qEP+(7eKu0&gmAz4^55WL@I@xRD{b|1R^} z?xBBtZZao(kv_?d4^RKPE??c3%dVCk7x*Hka*>2qO{c`2t8wl7iWAeTWxcrIZ1}r1 zrEZT|U1G-0>#Gj_RrkT~HOuN|jq+b~s(Wy+M&sKZ${GFMwCie2w-4Us-))MYcp$9n z(y_A>2mDd)(vZJ%6hB+*w++YEj&pMv+t*vlJ)y$;U-Lv?ZaJdm<`)gxwOoJdj_te$ z_qU&0l7DJ&i(Q4v#!YC`w~_6WZohY}I^AZtVan(7^|F5HRG|OgZO`ABRXNZlIcMX` zgQoYqvT%&^^6E2OKmKI&$!UIG@{coBkN4d9?4kQzpDm5Y{B-C1;=03Mw;z4R)$L&Q zgyBz4e+cNj{#$p~A+_&JzTr12{LQ8lbq)vZE?cEojqbiH4-JbiklVTVy?s$leM;4v zt4sOWW}Wx#znvWyKiGCPCN8i~&&ZR%4Bb)blA%jTllmQYC4#>{_y>T0JowK8|C8YV z3jF^B|JmT*9{k^f|F7U*9Q?n6{}u2L1OJ)e-xU1&gZ~2XzYG4Ez&{80uLS?2;Qtu> z=Yqc({I7$5Iq<&#{+{6P2mZm}KMMQ@g8wb>-vR!4z`q~(Zv%ff@Sh0&J;1*q_$PsX zB>207{~Yk|2>yA&e+u~T1plJoe-HdSfPZQ5cL4v);J*<3SA+j+@ZSpld%(X7_?H3y zS>XQ?{Fj6OY4E=U{)NDQ8u#9>68MLLzc=`=2Y-9;Zv+0Hz`r*5Zv_8F;J+RG z?ZAHs_@{t>G4P)c{-?lyB>3+K|Eb_#1N?7*e`D}Z2LI#2Kln$0e-rTE0RFAO{|opB zf`38qFA4sAz`ro~p9BAz;J*d@_27RV{Fi`#Yw%wI{sX{2H~2e&|3mO^0R9EQKP&kE z1^&Ci{}}jB0{<4^zZd+!f&WtQ-v|Cjz`qLkj{yIh;2#A3y}|zk_`86=FZg?a|2Xjf z2>#i@e-QXL2md$V{}lWa!9N82e*^!|;9ms%4}*U`@V^TFFTg(m{Nup?JNQ=v|Fhs< z3j9le|0?i*0RB4gUj+WW!2b~Vo4~&t_`d`H1K>Xv{Qm&|zrnv2_^$>3!QlT3_-6tC zx8QFB{_DWMFZhoKe@F0t1pe2+{|xwF1pmw6zX|-kz`r8+$AW)#@LvP|o54R9_%{Rp z58$5-{40QeH2Aj!|90Si2mJ4Ye}3@a1^yGj-xmD4g8y*vFAx5mz`rf{R|fx_;6EMw z$AJF~@Hc}0bMUVU{?EYQ2mF5m|GMBm8vGA}{}b@<4F0a*KN{1=0N4EXm1|DoV-0RQ^nzZU%ag8wS;?*{$@!M`E+cLe{;;Qtx? z2Z8?x@NWVBSHS-y`1^tXO7QOl{`tW_8~De9e<=9B1poQq{|WrNga2ai9|QhBfqw+} z7Y6?U;C~GKjo?2T{Of@K&*0x0{Qm;~4d7oB{F{Nl7x-5O{|Vqf68txU|1$6|1O7qa z{|)>@!2cuoUjYA1;6D@m{{;V1;C~4Ge*u3-@Sg(ytHD1Q{3n9HJNRz{|JUGu5B%SP z{{ist1^(Z`KLGsOga2LdH-rCE@P7gROTpg-{HKAxJ^0&!|9w|w3_;&{X=iu)I{(A5)DEx!}Wbl6m{zJik82G1ve+}@z1peOOe+~TC zfPXviFAx6x!T&M%&jbHo!T$*Odw_p)@XrVSd%(Xm_$PsX9`M(Je**Zg1OGq3KQH(@ zfd4J0X;O`0kN5TIq_`d@Go8UhQ{EL8pcJMC-{Qq8Q^~q{C@}k zS>S&P{2PIPPVnCa{vW`96ZnUL|7`Ft2mU$0|2Oa-2mZame=qot0)IE~-wFN;!GAFL zKLY==;BNx|Mc`iz{Ih`nSn%Hp{zbum4*2&2|9#+p0{j!f|0?(|0RQXY?+^a(!T&P& zZwCLC;BO25+rfV-_!k2IHsJpR{Hub$0sQNMe*y465B`DR-x&ORg14E|NX-xvJj!M`~8HwFK>;BN!| ze}n%6@Q(xkNbuhQ{$0So1NgrM|9aq`2mDKd|DWLhJNSPF|NG!y5&TDh|0(d#1pW`f zzclz)1^-^)zXkmFfd3Ql{|^2Yz`q6fHv<0);6D@mXMz79@NWzL2f*I|{z>3}9Q+S~ z{|xZ&2>!dl|1S7X1%D6lKLh@Ez&{`Ow*mhE@b3fu1HnHW{2jr+3HUbz|J&gI3-}KQ z|K{Ld2>jcFzZv|ugZ~lmuMYmD!2cllX9oY=;C~kUM}xlu_zwX8>)>w({#C$#4fvM_ z|2N=24gBAOe+2mV0RNxCe=ztL2LD^&UkCgjfqy&jKMel%;O`Iq3&4Lr`1^wYHSjlq zzY+ZNg8wn_9}E8V!Cwuw0sk=YF9ZJB!M_vuX9NF9;J*?4%YnZh{JVgEXYj8E{!ZZE z0sNnX|03{@1^=7iKN9?Nfd6dpUk3g~z&}6uX952x@ZSOc1;PIn_=kf3Z{R-x{B6L0 z82I-C|1aR*0Q`%B|1`0so!g{}=ez1piUs-yQtNgMT#m zUj=_}@Q(-ouHc^t{+GbNIQVY>e>d=74F0vizXbUI1pW)bzcu*J1^*QA-v|D=!2dD$ z4*~zB;J+FCSAlU{3Dj{Bwf;AK>2;{N2I7G5DVc z|JUH}3jPV;{{j5Jfq!lA_XGb;;2#A3#lU|h_!j{Gd*JT_{yOkq2ma3BzYY8Y!T%)q zR|5YK@ZZ%oOYo(N)mGOy=(}=B_?s(V#@_dyxTr$PlqxeC_#M8Te6rmyb1JPlRJ8W< z7IU-K{~X`SvHbFWrLGm*I->K6rh}r+6(9ETeV@re3vypv)#X&zzB^`x3~l27?b+_@ z-EuYRur~Vl$e62tYSZ^!aQg6|qus8*8`>w9EjaT;U45pwP5U$30na1GAv=3zTkm!t|JT4e&5xcR z?XmDi?DtWpJH0J*YhC534hddca=83dGVE#h9&IN4k#~DDUAc#2md-xD_{FlMS}ix0 zez*CUd9P1Iz;8YCl(8MZXXND)cL%ukZeQ4WoYc88!Oik#`QCH*@V>(g1BMLt=+|>V zNZ&p+Jq8T+C{e;=NT@-?z`mnJ3>eY3x7K^u=%I!o6?*m^E}!lL`u8p0Tl@Fxu4#>duwCIj@3qv9I5^C%P-pN*RQpK0|#nDh78e;966#@ ztXNUAVV%+b{rhWW%9PQ*fB&vsxpGDO^UpuE5hF%uCr+HuCQh8F9Y20t8#iv8_WAQ? z?Wdo9(i%5zti62sQv2(#zqE@NFKR1Rtk5=X+N3RByjWYcYLzx@*f1?NHdfoYbEo$0 z+c$0Y?Acn05+$^1)v9TA>(JIkd2_Fzw#G zdz#s7)=HKvscqf5RSOLb)v{#CqD3%ayKLFATE2YwwEX$=Yl8<5);e|Sq%B*vOl#Y= ztyZg6E$#B<%i7<6|E+m?dTRIY-`6TssGvngMrr{80opmsqhIaWvuB!zhllp{>sM{d zmMvQ6&YiX3;9%|K$&=cF0|zv3Z*Q$xvu0Y07A>@n9Xo1g&z{v16BD%;FJ5Tt*RR*U zeEFg^XwX1w*|McpxpHM~(xgdR!-fsDPoF+%nKEV4CQO*1`TP58K0ZF$(xpqab?eq? zZQ8WaR<2yB`TF{5GiT1!X3d(V{r>y!T8$btw0G~`Y5Vr=({}9Gp)N%emN#!+ZTRrvT8|z*wD9n7t##|x+Rd9cwIW4|Xr)V+)|is5 zO`SSbYt*Qb_Wb#CZP%_{nyag;cKh~ity{NlTGp&tHJC#0zbm)+F;lc%N!-fr7uU@^hUw{2on>%-|_Ta$-ZS?5T+T+KM zwPVMQY1OM&*9Hw5q(w(ZYnLuv(pt4@rTy{8A6iIAh!z+asJ(srR(tZ~iPpDoUv12o zG1|tB8#PBqM{UoZJ=&;IqqO41i)-b}m)G3g-L*Aq)@a+dZPSh(J*t^ZChgX(TbjXO z&2x~n;K761qeqXl`t|E;K|w)Uy?XVu-+uc|D_5?Zrq}DW&6_uC?b@}| z_U_%Q<<6ZOCbWBGRVy~NLv6ou$vI^CA=I=P_?;rldl9V;H4dgI8=-nWsAo%VKMJ)! zM^SbI`Om0DAJqIL*|rV!nUA_3z+99;{q|v6Mv}GV$(GC%6^r5spIKt0}qwkK+~0W8mAw*ErZ zenp+4QIAom*fG>@E+~Ei{R$Mr8PGY63OS-qV^H;}AXfvG?SeUp0D;mJQ7Oz|W7PZx z>c0y!m4KO>jrm)JNy>rg2mr+tigpUBk`0sQh54%nriC#N9Z{twm|h!HVFv159ThZy zN+nG02~;5&6SD>Lxf4_TCkQ)Zmal;8Vbnd4;;)Z6ErI!SK(!WtX%E!u8m3?eYPcI! z%Z|zL1^K6#EDzLZI%>TileY|0ejL*liD|V3$EKLpqL|)SAl@4D;|~UfFc&$&{U)aP zDrP(uRbGOMcfd5>#|+0)mHYx~eKDQ2FkP82O*6ry4mg=WtvF_C7AE~6COj8--J%Nk zhPlZDvVWk$2dOeHV!jt*cE(c;9l>;ZQw8;>`uR?^GXfL$JEpP$rfDq*-NlS1V(#9d z@qzOYT1ezamPe2 z#Z-2sDjh=g6NY(nqS_mVY4ro^MVO`#%w!CvFe_C>XH0%&s?c#%J)Nj_+G3*LU_N?+ z_j0Pk51_l5YUnc6V_mB3v6#C-R5{NutFD;QB&x~PnCRM=;38C2e`8j7CZriLxwok{ zf2MlNM-{vYleY(RwH>n^&SlzyM;7o7CTlK{9Tic*YDBdfb*@2C97Iig$-b2o@e)o6 zCs}V$wJYHEg=CDS$nR4;-ek)}Zfg;ER6wm$Q0plaK^4?@21V6?+x9~}50jkRsBbdn z;v{CL9jfvRW@iqnU5Tt;gZVjx$`$2SYJ=)?aBcy5bIGQxsC9kJ&1Y0B9<$X7{2VbY z<;kMun1FsDR|+-1Mo|@`7`CD+Bgop$6weA&xhYvT2-6jX={koR7Ni3wi zKB&cHR452!7Esi=QNxSix(ckjU=B}FoLy1tzF@Qi6`n;AhM;0YLA42J_@l<(D3WI& zwj1@hj(O~cis!;~HUf_hsOwrxN;K;GJBUS6{4pSe=L^OBf#Gya=042i1=PifV*h{{ zdw@CUh#K2rMs`uOe`C%XVm9qj`$SZ(ENWX2#Aad|PM{ujF>`vb%Y=!IqsTXb_I}K7 zX3U8V=;j24X_(uAn8%u!xnD5{*)hTOK)f}W^#|>nnBFIt^7-KO8k2YylXnKw{1Owt z4YhxS*&U9#orlTXfN3(Ic11ADk1?HpflXCR@Fc32dzj2mn6K)fZvqQ#HdAfBHp>nr9i z5Ytize4B&vQE)vE;-fKZ9+;4YnBNx9XFizzFF`MHHDSOG)nGTrh1kAA)CUy&^ItSH-3su%nn1zy{9ERC^iV5hBS?z)8XhRh;0n_ydRa;)r z+D`S^jA~Oy^->Nq_mC=L4CY`d=6^Qk^*B}9V$8)0%XQrCNmG!Y#B_oEv9ljXz!uA9f_H^jQKBt zX}n7{Isg;lO4Zq$>a{)9OJS-D8Z=lNaqz`a5GO&LUvV_VQ4wcR93yc!#c>s9O`H{R z+{I}YXG|PXael-(6sJy{7ID(WaTe!Y98+-y#n}<(Rvb}rq&=u{#IY1-O`Jz@%EVa} zCq|rQabTrEA`X~1PT~}c6DJO-G$wqhxx`r)M>&?-M;bBW=!s)44GM7x#ZeXKTO4$8 zuEil1Crg}NaR$Y)5{F%!YH?bnF(VBWarVR+6$e$EbZPjABP&j+G%&=O6GuxLMdAdC z113(YI9=jAi=!^it28d8Q6o;FIB?Q{kp_r3U($dPM_imaaYn_-6lYW#A<|e82V9(D zX=I5bDh(EKj-`BSRXg(x?^ZTpDuHFqKB8G}@$rC=EVwex+e4 z4GMAWrNJl-3vu+N;UG@BG~lGcCJixZTu38H8kEx5kp_k|&ZHqJj`B8|8foINOQTMla%pf&V^RLZ;g^PtH14EfC=C*6FiV3}9DZpShv7*` z!&(|+(lC;Si!?-}0V0hdar~vBDve@k@JK^i8l2L&kVd66PNXp|4XPeJdhCoF+h&ea zk&>oAbAC@6yzuj>W?Ke%94ox!(w0&wo9}gfQK0&)8$**z6b_wVEOWNwCfon7<5N31 zh7b0t(6f850fym*VRUo+xVcZI0p0rz{r6_NM1~vwy*c#XhYqOJ=f7eYFj!8{zEN{o z#itdY-h2#vMsL7| zu2QvH^%~yw>NoIf*huTrp?Jj_Asw|Y?Tc5eg48nE;wSuH{Es46Y_w9=406$2Y*{cn zl6p{c@pbXw_kaCq_?!$fk`IH8{ty1Rrmgjo|A*&W&d#La*%hx?i45r?TUyo&XkJqr zJVa@OHgw>CQCg^>UyUJyLq=+>Jm`u@kZ0oHB4$kh8@%y&tL{K+UX+5Q(FNlV6S$T|X+qf$~*&z-_SscBBVx8-a| zJuWrAQ`Y0;;MC)AY}3+^8sAg4Nqj6tqNHqpX5E%rezNVkbsI}&1DgvbA0adsdh_qsmrGcA3KR8R)X|D zxwlw{+%EM3T6uME*R*BB^j#{Ql7|2K<5HS@kyjJdvVLTne3$L+Rw)mX<#(#g z_&s$ShN2IM{Oi+6`>(CCtFh2(+@pAV@{#0{RZsTK6_+t%i)y{QCCRJQ}xbr~P-NmI&+j z?BgMq_88GKBviE6a<7sHto@*g<&q^5}Tync;J?wR>L=LsrZ5OF!)g2M(;-E`Z+q3F!tKV65??r~$ z>%NOzX0OYZ9T{t{%P%s~Ugsrpv%Rji$gr%s)*_Sab)7}VWYhH*`O;oz5LwYdH%?@% zvo1a?tn-wo9?Xo?V!6Y(j}Yjxkz6J-FK1x4!W#4kV($EJR)Ca z)s+$%=Af%4GR8sIOr(}Y*G*&(2i*|$+gTSO(#2UfS8aFJtr1z#S+`wetWI}WRyQSchuRsA}c!Ta*K@7>B@`j;i&Tw zIn+_tN#rt}&Y<=?>L!VF(dm8_>7mmt6{+cT8%6qN)$JAOpG|i}WMWp`6_Fm!IWYc1m__F$vPTwOJ&`Y+bpaxmWzqE$xjBn2RAiE)E<$9i zgKnD0Li1g2@d!qI`={}0|b<#QHmhDcu zTq1io>FDU4u7k*=EV>}|+etTCWTKO9nn>#(9V@y8{62|XgFJ=YiR^v5w4rEv4PUKMJc;p1+dgL7BE#!9O z1mqFqF633@ZKN5=1Sp-BKetO5GB5HbvI;UB*#`GsxewVCc?Q`Ic@{YUnTQ;NG$Lmrry&<1_anC; zqmT!Y(~*~uN05(^$C00r(MYEPxm^w*3m|78%OlSr>mX+$TOrRQ`ynqN!;sV^x_QVL zmt(jA+sPCBXc7EANJk?E~>8k7e6xt6XZdJ#{v#2ih+b!AWDdc zARu9(4g)hZGXpb#m?&Zgb}M#wH@2AAt=O&Df$?AK1Pr6k&*yjV`@g@>z3+Q;@!fmv zwb$-_&dxam=m@v~&=c?qU}wNWz+}LMfH{DR0A~X(23!Yt4Dcx6LBM-}O8{R1J^(bM ztjXno_JD^0y#Vh5h5#N1lmV^)%myUbM+Sp8`nx97x3j-rBq4+0AZ-r}iS!Tf53giI zM1}{31Q0T{TA`Fn75&t(;H`9pVWmo%q)gHhv@hSlNGT&I)hM($=47PeVp&X7#HC2J zurAKpRjH{kN@FZI6jk(-sxy+(lC-c)&!}VusFe~K3Yi>3WnJlUD(k9}%H(W7a+Ney z6_>&aWwMcl^?RvC2Ab)pLs)TcNsKu@2@|E1Gadr`L;S;GxY*0T1Agy;+GNHdL7`M+ z$g~P+R&&N*0;Cc~x-H!~cde8ecvd=R>bT=rxgze&z?t!wq*bIz*`(4r$uPKx(>6s~ ztU``LjBXvCQjx8r2GRwpb%f$mWeKp!0eF?FtHuOF|0OzV8JB@{P&ic9QGixyoVK41 zD^scGh51fnBsUq!@j=L|~_eI#Vl^%d|2^Aj~haN2PN`&7fIy zS|T_B+D1o_)&yVsZrU6*Thd^|kShy|li|3!WmH*znK-caNFU!|tO;z!vMRMIX)K#7 ztQ>|~8D+>=bt+aED3pqlt6)|nypp4WmPJd_394HAB727UbBU0u;*+KY%Ejt5>n(hDy-@s5zhBO3cDwxS5DKz6)r4-VvlYa!X zA*RcyZ2Xlxt{bTkV*44iC&gyQ(~?Z?V>=?^m=1xd0@xntY+yZA*rPbLG$&K53d=~! zf?N(#z{~)6(zj;DrY6PFj!;|>DD)0-kZ`R6P4dh%HKLYfCArC}go^EgjsKHE=?aATLojx&qMw$~Xl1bwLuhbdj7_Z) zV=V3FZge79BQ^uJ4q(z*BXWDRaA_m;3lGM2=K?`xsZtbjh8q~tk*=UbKa^3*(x8n& z*CJQwGMGlEBhim;nzY(5C@H3)%H@!Eluo}*(YZ<~GBO||u&z_kvs7hf_G6u6VPMO6 zrQo+U<%$dfIb4G#V$;-2Bc+lwRCWdwFU9N%gO)_WV3mkfsZtd(<*&|A-ii!Lt5Q*# zG#RX@#3iW{fsrWFP)ZdSWRe_zHzPg?f{jzbPiyqkf}<8TzQG$*mYSr2+``_pLOV>H zVIHw@mn+n;Jx$RsPN9&aB>gg_WJ)=`Sq^(LTALK(Wf&zaK6$*`E zK*6W z{&K$5&;l_FIXgxI;-afVXL^T|>aWO9QFO(GzMU;yx{PF+xTK_toMn<GsGJ3Jc$!^A_ zLK!o82JKqQwm~{g&>gUO%p{Ly>ULo?L%$1S8wI6M#SxqtTC56MKbs94mkBkEjV1Ok z6)`6`F4MJPrB=ei5!MX4+ho2^SQhqWas|vBDxsP|qo8z}4r;AZDUhL1sxlK2Df)X* zKapUk+dsC@xI|S_99y=?hn0aONWYefRmpSc-N2a{3JA4|OQupT%g8}4=1i3gR6>iY z=rXzfnyn1KL{uf`GK^Bi(@BEO7`pjbS+9Ygo(Z){@k=LG;ehHPE|Awu2Ug(#EdqK_ zN(o)H1|{N?5(rHqbj$D-Q7Q;b16SoLD>|rw&lSuf)LYq)vqgyoLN_xVJFSz@CMuW` zWK&)Fp22)UWhqKkHte*9XlWCHl_n?X_Ww)v&|%O$ZAEBkVBTpJuNd7VS1>ES_lZm; z^Gbkvh1Ip9`myoWf3;>RD`JN|H)l;#Xf(0}1;xGR@H;0-o0wK1z$TXNBREfL`ctjq zg;*gA8LpIRp(0Cqt9bb}*h+PD{FnyE z^{F~6eV>&r6UO{E1w8T-pGP_ZA~_lG$WWkBI)v_M@6W5s=VXx25hphobRlteeRnTo z9@!V@uqlt64|pA@nhB5e0ZIevX2v6@01ajl&Ht22ej|GocvTh$aIOMI@31xih2sSy zCO_DW5f$07HPOkx2Ml&1g99TX38Ji?HE96(!~^;OW)W-t&hibx&aZDx3J`&WU`81< zn}Heq8Ua~?84<~rl^24!E|?LK8i5)8{srX9%AmOgm~p+b29Q51gXS)*42IDa%*KFd z?gM7jhjEgFS;Cr?U`9Q4fChsZWzn1mW|XxC8p+C|d9pntV*=($z{j|wc`hrDYfy!( zJepU5*%YuA&<-$TTF_hsW(?O7sDzbA^K~#|xYdDfvwSo^0W<1B^GDWP8_Wg{OuEo) z3})1iYq6GKMtL;bgBg}L>Gj9PU`G8oxz&s{TY%Y(HS?iVTe9+KZqM>zA0FYy^3fa& zW(>;^%#o~F2FLDwr{E#b8bcGnNIKeM3Wo=|BEHussrYA;7Q|iJn;V z4~gnR;2)T2iuCV5ga!gJlW^>K9jd1vp*IzUc6tdi6ejC{{3DrZ2du$hVgV=WqCx_@ z`NPOEm=!=f5$MwbiDNCyc2unJI zfJza!@<{at9$B)5N0x5q!FmSJ4j!4inMW3G;*l;u1?zdFH^>zM!FBc|1@^FwJThh* zn898Od>6nX;FW<6m+J%>1NunNQ40FX05?EbVV+iG$<^wl3*U-V?}spe3N3&)#(*To z8jvn^t;n*QhGY!rCZv?9aYt;oVwRwM;f(h1xOtCQY96c7od zb_BO$5N1cf7>LU$2pg!x)`}$Z%*fn9KtqARObiADB8C7W4Fk#rI}*qc!+}7a06qm_ zlX0L2bQS=00`y+Fq2>|l9`hwK;A$_F+ftFzF63_-97of02NZ$xZUq1MQbgB1%4j{5m zb+RlU@;Mjsq%R9nuSK;I2Lid2|}m1%6y0->8FN2Z{kw z19=050p$V}0R8fAVb`4p*5Q#yfyUbK$ooKuOKllMGtzt3-k6o+_#7giBjj;rPM$+f zeh0-PuR6jS56}ak7eJqY3>v|^0Eh&t3)BS21;`V~A1Dl{7myrC36u>q0BAJOETF|e zn}GHJ9R|7xbPuQu=m(HlV{5VokbkIOMK{OwZqN=XwpG);6lbBkLAIM?fa>5M;TIkl z78x22Z9URIJj5rM2=|9SI-O%%oM56{UE9&GY*sPLY~GGwP3{$@7VWTS;5w5?y?&;m z<6;$6c3s^9JNSoI_FcMNB|U}uYj+HtP^UmYR#DY{lkK`$H~s#YiL+aqb~^p8Bm2?W zi1794K!yAJMTJKMhK4{Eg++EUBK&ba3cm9393qTdl?g_KLyJ_o2O;-zaDvSoiK$+& zV~&Eq?f}1Vla%ok1z#l0FcZJy6X;1${DOzc7w~EX``0`$XtsoCGrq>~4d&sHNkqfP z64fE9OIRNd+;Gx^a3WyOGA+iHJZ;e_I*(|g58>eC+FC>4N4^I|;AcGpSyVLa4x#!` z=%i&WxWtsonVDR2khg<(Ds1hn^1wFSDi3U*uJXY4%_`6S<~*{tJC9TXodmLN0c{*e zuPsY)_ypgHup`vT$=5$1Fobf@&=wj_)TvW982p2@2j$w#1@_$d;RK#i>l6v|ZXT6GRc9P&DCC|5rOr@kRWL*D zRo4OLv)JKBU2sT)a8nb!VAH=R40)M>tyf))vx5d?L3bpM(cnLnbA&Snj)Pttj<91Q zT8K_0cma7f#f+tD#B{=jpmE~Wt1g!d7+PgIGGs~(%wanDv(?puij`>;E!}lwIwWb- zDh*6lVm8RMT3K9T8sq^ej)x<>zbda1HB25b6v`|`s!FYpJJAybOv0Qp6mg0qHOxQL z>13SZ;C!&giQYgMr%Hp_bvQB1`C`klzi!BM?p3CTE*A$ntq?&Pop9jg<)Ep^2|X`= zp9OSE=z5Q3PLJOz<}KJFC%Ce#QjNH}RZ#<~xH6Tj(hU_uW5YJ3UpXjxPur-lS0r7qA>GA zTVOIu!ORnT!ERo9uFH#{YhKmuWg4Xvmp4HdJRzNUq#aN`&?%rVK+-^lRGoRGNf3{; z0cr-+9;g$LH4GA6T&zi|BcI$50N;s#h2WKm{P@5)3>bdR0z0&A0%COo)O$ z8<&Xm*tig;*5B|=Gc%bq=;}~psX5g!a$&|$has*wuEht(STDd%53XnqL43iqz_$=< zrN^S*kq6(!7)@Nz!(~bWrV|OoUp7F~Z;#$aRZ09E;r0*0UrtbkDmlnitV8^s@JRIZw1Rj1XA`k8QPY4Xi{Cr@Umc2E=zk?Ll znFtkjQ*m$w0eIlTukXf;S5XI!vtz)no4-o1>*sG4@bDWK{osS~9*A-f&x)|=5OHQ1 zdR2m1&4YI?E|5ww23+{1;1A1p2_Wj(0|-#%DTMEQWK`((^ACqD9^AJT-EGmmY877u zaRGGUI0^RC&=2O-Rp8QXL@Ub;A_mzS zpQ(()GRB)FFyE^_H$abWxnX|XXL*&W0yXR!fI1_-ih>#tFC3$CO!RL9JT8sM$1<#| z$HRKn6nGdmmlp;ttVx{5!UyME=7KwXg2NpbQaU>#^fRAX?%?u24*K&jZsmiB#cehb za6p5=g%4OeOHJxee*;yDK&pc2i!kUAEB_pXaP`aW7#n|13e$8+kB4cx!}2gq_+Z9- z*5RSO1k#E5G#n7^a{&RWJT7V`PjTVAwG;*h-K4lIjElBL3;OUk*rlkmYm}c1TMn9OABf!Hkt3zYZ*%ZIf;k(|&tsi_L z!1uTl?y7bH4(!aUrm6zBnNR2Va<9RydR_;9n}9-!X{rj3F^Lc526Oq3GW@L}-+mIz=)yK-6?6~LSd zl(iBj)0v4K@C0evw36!(0rgRKp%llv1YU*q5Ci4K`#d35gv2F?;Mx|0W_Wm^BRC*EU)f-@TW&Z z^z2i?J_dR0WjpXm;7q3{J_E;B#K;9avN_Owp#F<^WW7QNgXLki=svk%F<#6g?|_^x zb<^WTgFO!DJWE#rp8;KG?Z3nYc9~#Yx-R39XP5HGGl12X!`cYY5SF)KC4ArMkjW~L z1N%*u&@C8vx-#glYv;_UOJ5)7)(dpRA?fFrIs?}&+WPoLz~pZ`Xf`lT=cY<1-1bGc zT>tR!&~Oh}B*Yz+Fi#NeAn(I12|~jh09{C9%^+yuN*G7R(L*14B??C1*lvG)pbv4- zG$LU1fOD}G?|je#eNkvf2$WUopn*;W*lis&5IZKCgnyT?$e#4HH_j^HBm%{{bc8u+ zeBsr0oa3TJaJ@(WS;EOyPJ7WJweYXUN&kuA{8XKSqs4H|OaCe0{#&lcgs-85dj^(tm2So-@XVgxUZNQ&JUNz(#k?Xc}h?ITcvy?C#oA4)Q8{px_uP-LEbO#f=n&WW>kDK zY=E#hfB5;32zGjRqfc-EOsH3+;elS93aZFOFr!3z4+DP2)0>(Y&+Om1AdllYF26DU z%YcV*q(_+O7rs|@({&Zxx$j>tj;JoRkonE%>OR(_Z(snfgVK+#%s7z2uv&wRA1hS# zdlxpjE8|s|7x?JDD34H8`yR z*@ka@hfJVkG$exwAKma?fG()cL-v5K;80jnW*>bSWS3%iv{2R1aCZ>~hHDE|UD(kI z_{I2Q-x2IrwJy7ZovzCffpG4G-jvMj+yPnL#|z}RdWL+ggMPrnaTcfhrk?Hsuvg4! zz_7^2uQDD~hst>wjMpAL*+2ruLO2$L?Q6^+2t%!WPJleUzR0pLKIedkYseaPiVWs4 zk`mZm)|C^rmHyFW0CB)ITV~L}q{#?)y6MF4iR!?^b!#r2Q^C%a5B3NBz)t5O+u{dtt3Ad73(7(PB2@3AbeqU>^%an3Rg{AF97x3GCzf9M~>gv~o6 z#t57DMpO%%CnM$xoA*a75H=r+SSV~h2a$ag1krpO*kQJ#c`;xTU@2e%;0ql&I!HWj zLhso2iRc;P2Q@iKE7d0A26Wh@4N;ONt73KB)iU^;L>}u3o69(EAZcZuRK7`NZ4Ve_vpD_f?faP0~=y<>dXt4G1iY)wUZSZaak zkzaF=4g#_frckoulQfBrYHbF-Qb#4XuYW$OYPlWUjfj9zB!dT!0u zJ2P)&e0Sb{r&h_!^>=qnAKW0>zhL05Swot>37EC8{-@MQoA15liLJj)$iGU##^jLh z>5G5#STfja%KM4hX{J54O~~kRdTjcu&Q`;0mP8KN+OyZeHkVxHTE@I>TyMjaR98-lK}^b7Wvj zX3fA(Zn-bu_L||ZH)iHP<=1O)b5w1`^P%lV*E_Oi`h|C@H1jsT@AHOrFm7f*4PVl^ z?08b&Id=1X6OY=@PJQ}OHrFJfY}AF-=L@?gCpt%7bzE*feR1=yt5c0%D<63Fw+t)u z+%>at`CuExn}u1t^=;bqJP|+2%x_rD5wFH=S)lSiv~>8OeSODzUd>dMYN!MG3p&*D zUY2~ITkNU}A;RqTEi>-?sO`m{<6HkqNvlrPj7ly%GruvX=uKd8MuccU?OC~3b1pi3 zy8Yy1t*{^WJ%e+$?JZ56u}fHFuq|}ufx|HiybsRr-8Zg&a?SOs^2DtXsqLO`YGbK- z5$5&)+D& zuyb!wPLz>bOs%8D!pk`sO}&3OEJ!%D*slEZ)1?zW*LAyb$2zmERf_EUaoaHG)!~L~ zzi#z%iy2w(d#3@e5yS2f?RIzXJ-=|A>O`|{BWvAA`s>ce6~31a{T%Fg)Gc9+CMtB? zhKA8e$9tUE-DmO7yM-2IJ7#))C3oc6e^1@|t#kB+b51!AB4#W6KX2O;IN^N3jPjuC zZ*SdgKKSGkAItLCCr2NgxqgCr%?r+M`D6azk}Y;`nsm8-W7^C~1?$o$tbJB^X-Z1T zxd|nu4#(CzN4K4@eQM@}@_QdA%9~VsTW!avQFY2p3kv(L4Xtx%V&bGXXV0xYuwrwK zy3Wqof0^z3;gtDop&fs$`KiK(PqeD7m*1_aG3(ywGo_&`wrnr8{65t4@W5*;)}D`F zB(*loo|ao(b81R<^;-4{YVD&DU$;6iPm%YlP!*EyLv z5PdhNQ@e@8y6a1Kbf42wUf*`7q|9bgT-2&%cY2QYJJ4@PM6YX$q6bk&c0S~12^!?B zJUcBmvF33LpU#?)6HWn}JFl!hAe`u0+p1B-?DpNwFF!asXHV9Wm?nhw(a^1`U1GbZ zwY#UhnEux4nrUNuMclS+Uv@rjX6XJ?-Yx$~AEylw3nwmEIV)h7I9Zghe5&pr)S=Pl zt<5BvH|jO0d3eJz<=R1amIv;Lc{MkF)60qJ<5s=+`Pb~E)NpyXyYn|5T*_}*vr(`l z)7!FVVLOi+4`$DdY_FK-8-4k~#FWeJKg|-&J-_gS%ahlST03<)(8r-{1a&L8!E^QS zqfdv$^*v?FZ=aGVDSo}HUG*9>+AdTlrwnf~Byq&O!f?Zgx!YTb!dBH8E^60%-R&VS zIt-eydnW{+;w3LANP_<|Y%J^KH3U98P@gMyxVyy*Ypt4;omct1(p z`9t!<0X6Ep7GJY+Yvt*8%X-(r`hHy&R_l6L(U?z64ZHQg!*c%TJLyp&uH@zHHACmr zw2;2(*1{m=*y1amH7wdnme%k2^3lY%U(4UjXu5ybd}UiJTebiF5gS!cpBeQv8?m`@ zyIyr3+hum`hD-Ld!yqTQ4%gpL%zi0QRMzsC5^u3dj z?edUMZ@rq>v@~zfre;je!J6Xb^}@GRv;3s|vG#eq-JxgG{P*0?J3e69xmH8qMyYYU z*SFjbE$x-MFWrdA%4o-J_Eu_{s8MFXtrw)#0-4K- zQ3r8uJM4>U8b{8VRVW=fc-E(BD+YPR&K}k3 zbGFm{8PX{)ErwQ0v~D!2h1q4hN5>Z4xjlW>t{(lC4*$?SE~9SkpNI11Oz(KG)^nrH zrz2gOMLg(qZK9*=p0w9*pZ9q7^QgP*rQ;7x+kvmHRqx#A{&xA3>U~JxQpnu5-H83sl6jqKuGMagtxlK?tJiqEZ;xjm zqD%x34$3ETg&4;3?zZypUeL;aNAeXRF%-W3;bME`OWvt#r#iGdx$cY<}41 zno(C@KWQ=Jnrzkbq?HGSCP%)lHt2QpgmG@O{vGBIclSSJm~iQP@qAme3pX@3PLGNr zbFNDhy!{gHE8Gtsx!Ss2`uxw1UewRDH;?VxS#|c>FtN#k`;R`Y&AXA<%j@YU@1axc zGzk9a-Y9A6C(6p_(?xz(vy}IH5{X3@)9Z^bCcmeeZ@;+RZ@r8NYxc2?ZAbt5Gqj=h z)xAfJ-EZ@4T9@^cwobor>%H3FxiJ2PWY7Nm8G8jKX={cUY8re{tc&f+U4O95jApr9<_aC%8#IF z(@XXwtcdC{+iGE4qm`$c-?%%gTj$2hzBstHuQT|4-+``;3iwYxe^)y+an5 z%52f5{8^^E9*r}}xb669k&}PFY9-&NZl4w_9waaOaO$yYabV=vPJ>1^{66oH?f7=@ zeBuI(v_G58TCG%hwEF(}eay{jD?ZgduDBJ z)}~cXPm5DC?ls7Da&7j0`C8vZ&nC%7PX%XItMjH=zgE80k{@@Sy#3Mcg~G77@}L@I zO0BOiPgq>t>)=&<=>u-%S4b@`uvK#%pJ-J4==to4*~gFzHRAW8U@cH-8A* zbf0tP-oo%9r$c#tEyBL$36~$<$}enK^2oH|xX-hFMzqfs2FD!QDqJCR?EhC;>4*3iYuPpR@v%#)!y$LOo!Q^GWvk;yZ@Ih8zEW*i+~f&g%@Rt981GhR+IXD(@byBg z?1QUoJ00mYKVd^}-&Tu5y&Dd@uy4+uS@R}XT(Z)b?;l*p>GFWX#IcmxQ3ErlvDSd&su!+_`yKMtIy^UgKm%SXk(FdJTU7eEeje8we_tl8mI}VO6`q-?#-ztIa(j_Ht=kAgf<#kDZIw#EP z;l#_)@?BpRHE_J^;jw(gw3R_mW20VQcK*MMII~Xq_wa8!9LEmJbvzn zn(uBlaJ<$$^TYS3jl#=Z zCVio%94zSn?9706lW4Dly>X8Q+`ss zy+~rzarWk0MgH=$w^MtpJ5JTP^=V(U_xK*Qhw#py+I@dZ%HZThxBP$h^ypyJqTQv_ zTlTCt^DJZcaQWAD)#AqosM_w2dobtx{65Z+wX+YdQ^$pT9B*o-?QR+UINdtqbDu#G z>%}L%y-(fS5|Z5Uy!-I=Ry;?84R>ukW=`9(V27|%q4LZy&-SWetEm=2Hnn)48)h`z z7-J>7*?!97COICv_d58y-)%FhFev9t*X_k_&c(az3I`vrQ~L4Tu|0<@cxR8Tda^KZ zWI?UjdqXdtynVf-^>w35jSsaEB($7#bfD{(@u5vNmTvDk|C7h=4}L#uUV1y%|60SQ zb!Y5v{Oyrd`nO5u4pvj=$fi8}`h4!TGd<-i4xU@Ft6E>tfo&$qhW8a==Sklsf|F*- z7p0yzW?JtnoEa>C+Rx2xn%#mslP{DuaWA}J`!;>FkJhO6IQPXtRQkRnSKYD>jbG5> zPBZ6Oa{^Sxk8IxDH;=p?{BY9M>$YceV$Y}sw>urbv4*vwP1Em3&QBaZt8V$n?(gb- zsF&ro%(caeDg4u?y2TDHTeJ0fX0I77t(B)V=SNMBoqoF{aOcq41!2L}yB$s6d+g{V zqw4+Lge7OXkZm*Cz9JJlRF zrkwvE`4I2R-RGB+K3^;-yxn`5lY^xFf=A+mZnBW=(f6{?+`lui`=g9Q9_)+*>>6{9 z#RK%X7tBG93w3adTtCW*f(zSln*rS3Mj;n%J>aJwXoPu)!sX07Eg0$NK`T_8rb^f&2dy<+0(<`4_}v^M6CfO^}U%^p64*{eW{EtY75m=Y=o0 z?*R86fSlV#){K1Q-DYK80iFjQ(ht_$=_ikj2fawqtobXLw}HR^Q-pEEuO8;KvQ~SBSKph#GS<%6;BPK# zVzJDJv6phFC+`9?!}wHUm39Ri>*(!@gbU%)?>CzkEAD)i#m2!NO&tlMEv^mX#&*32 z=WlU7w@Nq~*k%RoHxV{pdHw2wd(iM&>MBdus6&^E?fIl{T|U_hD81hADHhy@0zCkt z{zm5S{Oa@DgMX9%A}oD*eS1FmSJeMCp2LABflL}04RidkhqlayPw%Dmw&Rnz6zr`9 zDulEaHQeLdQ!B74^oxTLLEl33Tj5__j9@WFt8rv>8WC_C zi3awPuwlTOlQtt&*N&l4845VJ%^rB6HCExEiYg2Ypb7((R$)LEQ*Z(!H5T@VL*lrj z@Q>zh6#nd*$5;1iYkq}WA5lIns4^b_mUeJ6o^#zdv5A}Rrq5>x4jq?j6jsFqM;5yM2(Y{Wtd zwFGg4gj$CfBcgU7vX7h~s3NeB2Rscp6z~}!tYc9Ia{As!$`TOPuP8e}xTlhG0vrw) z3YZTl0~`T31Q70fqzV8>0xkp`0Js4V*2AdnfTIA90m6NU)Mdb7fUf{ye=#Li(Dxov zwE+vj-X1U=Fa|IePz?x6^3))}Ou%t~S%8ZGM+5Ex%mzFII0o<$AnZ$}J_Ex2h?Ge@ zeeWez7jPWdT>vKo`U1i}cB%(p9$*UKV8D@p{Q>6#a``2TQ)}VUEWBz9zd&)x9xfS^ z!F_yS!`rl=|I)yzc!ebvuI;0RxYh?t zgc+#}N2OHa)q?29FEk_swxm>es}RDrPD_A6itkowlDfhUTLWQ@QO-sKCGZv`+8J+P zfjbOQcdAO2lF4{tj2Le`sgWj2QNW3jqzqb&zML4Zv_d~RD3vF`ehb*!re$w)qL=dVC?i-C#?ZZE)0|I!gP!b8}@O)>L;cNeibo`cE*m3HdLrV0~cS~3?DO! z3?^at#R2zsVQ7qzew9?%>FpP~Hn?dAWh-Mtn>g)^g;meI37N8j)li3u`|KRRWfyk6s`}9ON665aPt_gkT%gCDqp{hi;f-30`r(rgl|iDX97=? zn!xfRB7$iSQ$yK{cevUNtyvCdGMPJ3Wbv@!67o!z7Mqlismjz)nEw=P#>6s!D{APw z!Q$bpnv#M`+`yUv7n&(4brRfEh{=Zv%j$>fhJIsn@Fdc21HrlrMMS$ZH)~MlfmP|Z!SFvc#mOLCZg#~o(xM;=gElk~~vRcAr zQE(GKQ|Z~)Ap{3o3lgDG!$GT5yao$6`gwqPjEm+vsf9~;*xaSFvogad4O|a~cQnai z&jPK9PVe6dU<2iDT0sw*%(z7Sgn=Coc%@I}-loio&F$EQP;81Txy)UFzw%Sy`XacH z3a${Xlw~vI7ad9{;Z(Rcy;3qm0U3%ZL|ztbETDJTC#hlAKw1*yCERPnUfk9n63l%@ zV5j-(oiVz;G~5MkaGVpW4SKC)ai>PPK0s13X!M#oeKRWbAp~Ci27@7$UW<9xV>*sTb$|s6p}`N$U1a}F#(WK z@UJuh_|sW86L3fRo!ozT|GIpc5Ba^0&GW;6_gM3PCy#&pjh~#LzmMk>aGMEa4Rjt6 z%DN6vQ=mp6d~!3;RiGiEe9{rf5X`2q8Fot&GtMgN#EgNcKp0m6Vbv@{Gx#q9LOau_ z+0Lm-jn!!2lSPdu6|sL~&Wm#0yce;g8=u??)TR5cbP4#^f$ji>g8M7LFF?PO{SWW| zy?il%GPeb)2hkmFg31UcJKDifY+iz%`luu3tLbpsApIpeA(JqYn zy`SId`48`(<<&{Z*Y=RdeRT3!tz-V*$w%w|;qqz$;lF_Ng#(TT5%+8%LO=?_!ulTuSOB_-Sa1Vk z`*8M)^S9kKk(R(Ghy8*6iOipL{LcOF^di4@BA;~r1N{@3Kk4|L``_tBe!pbM<3G?p zk@=I3-?{&tUgRH0;giKcJC%HL3rlGJS5PVFJqPp|$UYV3K!I|BmV+H>F&j=P@SXs@ z1wudKH25|F@&eio^cH9*@c$KYs-oln51s$byo&<)i9lA+M(b#pHd+An80VV9px$^x z9I=h60o5vaX91xdZ*IYf5N^c94rSq5Vgj~ZV+%&3UXMUe1JGRp(NoPQ6aGN|MCNxo z{^alP+>t*DXv!bxpUC`9$DjQDojdYB0rAuSYx*ZLztiz2e}CtW`~eWB>3^VqBJ(>P zfAaTt?#NeX@X6;umw=Ax(Pyy#WO;lIGc2@edqw_88t`vJ?N%D^r=KXd^69@X7Yi^WcwdL zDhv8-pi&?;#J>;-^Pyv4uspl<; zKCrY#{|YAAj|r0;!01Ic?}3b24Oj$34r1(@98IbU77BzQ6Xp{V=trS6^B~V3?#K+F zSOx$F<=-V-hr{^w35GjaST4@1pqx)|r5y60S`cu{9w$b}7v+FQ0niVofesfBl2Z&% z06>Qu&T*JC&v>?|yH9us+%!r{q6~(CJemP!lYF}95OcMFURBLet;gU;r})L6Pe%X_>;fCb4R`x#3}p_ z^iO1dr{hol{>~lwJAn@Wf&Pii?{xgh-`}|--z%R_%KkwAMCNxo{^alP+>w6~$Z^E4 z)D(EGEI$ko34UpuI6R1Hi!qQUtn;OSxu64U?*_makShQ}J3GmbMxs;k-nR*lB*~u3 zPYlmrm$19Z=czw3-YMI@X=x+%_z=4E+^|P$hlHDTwM%W+WL%=*oRqyj<*Tpd+2z;| zwyb%&G&p}kq`CGGM`wl+(KG^r^GLM!NqqXwyzf^y#mnp_S zdvAL$-2U=a>y+|dqZce)x1heoz#zLvfsXNAUp$H!S{X89`ac@}gJ`dV#K0X3N>QI#o2G{r793hs z&vW63uF;QQ+Q}NJ&)mDRen;(FS@!BqbxMSj8eZDaYvq(J&t{IFcz4Ba)eR0@ytyf+LC4$0nYLM8yISr2{Bx>s?feL{ zhc{X~`?&DdZAgxISt8b(ZWz&PbdBrnZahCbr~1ndXHs{axwyObjUm+o9-VRs zYEE_S+T_Z5U)7HHyjJ7R@9&v+f_F4%@{2OJXIAGjYy|IzT{)xF{`h#QuiCleOp{?- zS9rS?7}uHK^KtQzeaD`>tGBZM;FhOG?K8LW-~O{luOmShMVp%VM6NnDF>UbvPIs?X zKh^iVd2XxH;I?z|EK={+t&Ym7Cp6#C#$Oc zc=(`o_P}i`-R_LLy6!TeMBy6!)t)(fZ{5c?zfd-*@c$Hhj#rx^+SSP| z{bxLxRp`*?fc#yZBjS$vHeXhEs@dn|;DsA6k$VR}?xOknF6EHz*+q#h3Oc@jK61fi zZ;9X7PIXeRjG9d}yY#Aclj54D%f9iI0n>Us2E}PGx#b zaqg{|FE8BT+JBWn6Wo6TLna)LbsA?)-}%GMtspPmuXD3Ko9yn0mv>29{(amdMXlZ~ z@3h+Qzjw=VQ|bDy3yV%ge+aF$_-pF``NOZ5e}-geX4}u5&}pW6@8N<$w@$9vpEu`X z+uk$k*Rv3=T({+gWl{K}X11?e&#d9KD09R;O^nR*eE5lZ$+M3x7MAZ>P#pduvd_A{ zw*qZL7Cy|xy|&3J5WX8fk!oMr}=4>IhJ?A+v7Joiz| zz9%Ce?p!$HbnX(LqciVj_HiAV=hoqr$CuM-os4eI9yHTRTX@N?+9y(T^R?^kW13+N zU8eN$ss5O6eItML9v7M8(3Ybnsa?nH-z=VScxPcLk-V?rp0Q1hcOCtB!~Lbj_%Fqx zx(BwEY`@e$sLl4M*As28eeQDo^~>T`1=S8FuMHpCK5bc{wpy7kw()OAF_XByw`|#@pd=I>7ze(-%->cCM-Rt{fW&VM{IeNck)CX2f1PO zhaK)FTyvalvs{;spr+P*Ox)2T&5c(_x+_GKsTp77X~)qc~^ zBkCKWy@$9|+h5pb&yG0{H->!h**U5}deP!rbn1ZpnZB<#mewum5fGj6=*y&+31?GW z=8fsKw}00ea+CSgz}aSbX^q}{u2Mv!>0 z(>`xYOyk8LUyYm9v!-J1x!ph8#&6qV^Jv9Lalx;7*wgxOs(Elw{IDZ4U!QGQuW#4L zoQs{#1zi4YR#q@v6z6=X<0c!g@Sqyo1|L1`Sbg-d@FrhOTRD~tY4xI1zT30KW-H0* z?pDf@7qeu%JLh+w-@bE{gQ0Cur{mRsT(H!5Hojr>Y}mQ{o#7?9b3LE@ti5+hRI~Qw z2NH_!+?A(iz3pYNb;=}X)kOE|HhFs{_zuf?Byaul^04z+hsMON*s-edqe0n0)n7b) z82A3x+wT33xqg|>Q@}m9miK!tt+9LD!OxD>3Sw2`2JhFj+Oshr#iVws$G)ho#%nsi z4E@=@$12;&Ag~qi!a^8y~sn_-sH!ctEwD)C9d{}lf<1Ut(IZZdWuQTb_Jh@Q* zLH=Wdc(HNjX4^qaHqKf!ubOw(tbi>u3MI>ZTYetrGMTxzALrok!Mer0HfHp8l(qIv z8TIw`rUMN+zdO1q&w5ban+Zn@se{e-eB0`&S*r@J?fK(S-q5$N+^U66_?eggbncIg zNit`5$I}MxMKA7sI(_#Wf4(}+=+*J%BIBC7GvXeV3dHwGC=wd}r^sx&F*_&J6n_t4%#x);-cB z?aBO)^X9G|wyyWjpbzP`_uk4cbh&abyuzhTz3Cej<-nff68_6(&!H( z4ZH>?<9#W?T1B4<9^r$ti!|#rjaVO8Lfi{(tJk|3Eu6nMR*cqt`F= z>x9DWLCIVK^#Q9H<_l`B7`*I$~w<$G{>z|huq z1|37%^|qUn{^IPn?!vXFJ?f}~n~$5YIrw|gM)|D)laANVn&TF^#dBG^4<~#(?5gL{ zIHGmaK?x!KQw9Fpx#WPtoRgYb8d#|kOY^9-*+$jG2+L8&$e3U!7I}H)Y&<*Uoj z-&QW$kny8W{(93t)w&V?O6{UL=1os38cZ3eb&if| zG-~x?U)OCTUXwu|_Z}K&-1pSEmr2iuB>K$@D?ZbH(|7s0uGd_9`P#NVPJ9d|*0x-g z{Qm5J`h@?yC;#2PXWeJRS!!39(>5 zVwg~H6){FAc!j7I3VtBw3I!Gm0SknJ+K8oMfditqNYDbYP$=+5B*lUt#0^404@62V zkkWRMAO$g3B*;K46ASVYi^PJ-h$Ujd3PcyNU@xM#SWt`@CKg;nj1dc-BC5p#Vi91j zSWp|WKrCp2NJ<245o1Jxj))~fL3hL=kstvvOe7de^F@N`h@~RIG8%<~9f%vmf@6qk zk)RZ@KqPpN7$y-AivbCdfJ7ukf?9|!5`jG;B@#Fx7D7HC#z+KyG+!c!KqMrBK8W5D zK{BF?NYIbw(_J?qhbU;^Mpz(l}Oz$C!efN;KF zV6w!TOa`idjSNC0Mh`s z0Wz^9h*%~3LZzGqDVP)Bho)9SrK^?C=|&RopeI)GUQGJrnLI*A=T| zOJx~wLx7G3P5Li(I*qBC#H4uI1aZJ{-5@e>Y8(8rjNjU^2sLo>8-D9kPg0t#%AjM# zdFQf@vul#l)OZsC698Sb8htC|nKTya4II2@<(POvl9S?6I3A>lj%b(A5axz;wh+_Q zNp7)l-9QLe9AWS~L0nzh4+#C0G?1OtwH#)3>%mlHiVm5cu64AHN`} z8usm?EmM;Tx4>s4xKXKE3a~kS5FgT;gujIZ)dJ4z!>?4rsc8JQGdR5-n*?{hpiKkk z*x_mdyy#y}Wy7yrP>L+(^nNC63MQc9QL#Bxe?^80fBcXBRc7`CKU4GIfHj488YIP0 zY#8*9)FvsRisM;%IE5|GjDyqO+-ZFF2LL%M(uDqBHYTRk8FIGDtAIiu74{HB}W}LL9r(%o{o(UBXUDm$=s+ zhupq14y$U7cf)P2Rd`IJr(chtx?*oC&K04ZL)4!;KtPTLng}!v2zhIk{<_9eML%<5 zy$TDOPDOYa2I|4@_<#BSIc)m+>4nyWf!|vxAol{d!4G@vXOCdQMq>&6p#Tpn;{ z-8ge$>m$nIgM8gQ(3j)fxiC@oPx{fFi?@Cr{Z2pT6PI`TdGlOdpkDeqHN|g?nevx4>$cH}H5c(-&!W4QO zOX4rWhOi?Xh(<&c!kK76coJTO9}z$V5}`x{(GyPmD2N0ig-9dPi6KNDF`5`lOe1Cx z^N7X7a$+s9nb=C~Ck_xth-1VB;tp}2ct|`YUK4MKa)QSb@l1K&E7 z^2hV1@Tc(?@|W^g^EdPN@{jP(@~`l3@$d5=^I!8n@W1eR0z-kNz(&wW&_vKe&`RJb z@Dc@D1SbXO1Xl!i1P=vo1Rn(D zg6{&6fyBVvpr%1>0|$eK22KX;4g3uJ4FU~94WbPC7{nPQ84NKPYB1JdioraC#Re-4 zHX7_TIACzh;IzS6gG&Z?4W1i(H~48FFq9Y?8(J7z8UAHh+pwWwBSUAyu7=$W`xq(= zvkiwDPBffiIL&aD;R3_uhN}(N8g4e+Z&+-2((tU|Im1haHw+&ezB4R06bVg*7Q(-T zcEWnXCPHVSm(WKTAPf|C5k?53gwaBUFh@8y;=AIf;@9F2;xA%DiAZ82sV8xeG?6$WnXSL5!+eT)^xD&qmhqm9QKPcfclJjZyu z@lNAI#wU%>8s9R$Yy8ysgK@dB$i&#h!o0{G(rr%9}no7+6GP5zW zH*09-Y}Ufe(=5oWyID`OK4vLq>1LT`gUm*nO*ETkHpgtE*>Ulk-4$Csrg^#4(5%_UCsT>1I)Xahnh#2_cV_-PcTn0A7Vbue4+Vb^X2Ai%{QBG zHQ#N1&isP;HS?$Dug%NNzncq4bJC8qCmqNpWE;|pY)^J2lSmDjLk=MG$&utFatb+* zTud${*OME`-Q)qXn0!pWA>WbTNka=`3oDC;7ETszEc`73EP7f_7;)6xGg=w|_kG(e!r|NtA$B%i;Jdelh7|t=z z^H3yHrbcCsaa`q%xEw2}zO+C6y#|iZX=A5M`<)zqO8YOz+;G=XrkD_qx7+ ze4p*wUVGhZy4St#b+2LXvlcf4FM|LBib0$~nn964n_(A&1%o}qF$RBz5QcDuWQGie z5{7by3Wh3%I)*0}Gt=IKVi`IL$c6_>*y!k&}s!3Bx4Iq{^hvWX!am z$%Dy<=@?TWQxa1qQ#MmBQyEhwQw>uyQ#aEv(-;#8GZiyEGb=MMvk)_iS)5ssS)Ey% zS(n+6*`C>j*^SwQIh;9?IhHw@Ih8qsIg7c1xtjS2b0c#La}Vu?q*^Jq&*xcBTu?4e*vqiGSu_d!*v0Y^=U@K-T zXRBg+!uEo#ovnxMJ=*}=DBC340^153Gdm}{G`lRjKD!~iIlC=;2zxYp8hZwNCi`{v zLiQr|GWH7g7woOqC0vwVY7!G+3O%7uYa}IY74~{U7aE^G6 zM2<9$0*)e%VvaJ7Dvlx*Q%)<+ z{hThG9-RK1k({xdshn3i3pndI8#&uKdpO^7&TuYqQgAVHv2%%ViE~ME$#SW4>2n!z znQ~ci`Ex~co#9I2%H+DvmCsedRms)FHN-W?^^=Q&o0FT5TYy`hTbWyvTbtX6+k)GU z+lkwq`xtj1cNlj#cRY6@cRF__cQ$uEcL8@fcO`ctcMo?T_Yn62_fKvD9x@&(9!4Hk z9w8oa9t@8!IHG144qk90!1Al;F{$Z%vLG8b8dEJIcy8<362VdNNc8aabpMy?`v z@GI51E zngqH9J_-yA%m~a0{1hM&q!MHmWEVsUstalh>IxbQ+6%e~dI*LHh6_dt#tCK#<_eYw zRtQ!LHVQTiwg~nJz8Cx`I3TznxFonNNFYQe#3;lrBqAg&q%Nc@WF%w?&XA85N)k#F z$`HCLlr2;wR3=m-)FRX>^j>I4Xi4a&5Q#9AFs(4Nu!t~9SYB9FSX0u`iAsyAi)xA* zikgesirR@fin@sgibjiOh-Qmci`Ixf5$zUzFWM(MAUZ9&Bua!LLD8f5Py#4T)Gm}A z$_3?)@<9cnVo~v^WKj)*|*%Y*=hk?3>uK7^Ap|xU{&exVpHexRJQ2 zxRtoOxR@{BvvKJB)KJdB~>MLB@HEw zB^@PQB#%iZN?w)Bl`NDjm#mO%lzbuCDLEiXfF?qdp?9F!(Y$COv?N*a=t}exbOX8t-H9GUPohaM6c{QDJw^nB!f0dkF-90; zj5)>z3F=Lo%%mU^ohCphElzNHx%1Ua# zl&zGT)G?_Lsc@+{sZ^qz0r$rDmj-rB8oDH|)BD|=nGShh;`iEOiMr|hKcH`x_g z0y$baMmcslPB}$6eK{*R8#yOAcR4S)Xt^_Tsd5=|SLO2MO602Ln&dj=hUC7%S&y}x~uaU2lZ;@ zg(U?7MIuEqMNUOcMSVp>MN>sPMMuRz#Yn{@#p{ZNibaY|irtC>ir*CH6qgi9l&F;W zlw_6Um9&+1DH$nQDA_34E4e87C>>J@S4vjOR4P!aRBBXeQfgJ|R_amus5GQBthA~` zpvusMBcBXw+!Z=+WrY7}6Nin9*3(pwir-si>){sjjK5xnI*>(?!!wGek37^NePy zX0c|SW{YO0=10vhnvh^wfMAzw8XWfwKTPKwe+>@v>dhEw7j(9wNkaNYZYph zX;o^~X!U6gXiaJ@Y5mlq(5BL+*Jjq{)0Wki*H+cm)ZVY{qV1s_tR1GErd_06sa>O8 zr`@bQrahxQr~Ol#M2Ad=U58gkKnJCR(b3hh(6Q37)p6AE*9q5&)rr$d)JfIJ(7CEp zq0^|-tkbFUQD<1^n+};StuC*wkgkZXtgfQ2vaYGFjjp@y8Qmn^G~ImNLfsPG3f&sr z7rL#wL%L(Sle*Ko-*kWKQs`0XvFZuvq4ZSsH1+iLjP%U)EcEv4x#;=m#p)&N>Pu9P#U#wrE zU#d-{>6J)S-?WkciY zx`1koV`~jVWm&}-+LgH%&!2nq;H{YwuM ze};ovjRh_nrqQx7&pp=>JexOm_S&x0L#w=m2hgaBhhH$KBOlfl4(}E|5qr1t_0n#C zosqMVp5eOaV3$+RDh1WMF?}Kz<&@J22D}%}UJ=(=Im4WL^`nK6rb*E6vc|sXSj%1N z4;~FuU317{N(`xbStb|VHtRNZ;xysFhjISP)m9IpbbqwvsHW^=Muj?z7!^J@?{60I zwz4<1H-61-t=+cYKVWsfk1}A#t%*Y! zQ)wYTtsbUPVJ;T3p~i3j>Ru+{a4lD1xy+jG&|2zNIqj}YK5n)`+*@c6*|I~L$f$@x zpj$oHEjVy6EqXdL=YBKF|GJq&h5Ci_(!a^R#PxIpFBS6xxg!@i)IQB0WfN)06t;a-LwEUDLeJ;; z0tPid4gzw%|J8~A3pznp|L@u^V@&`DqG1qhOZ6=ny$$j;P;|x-aX@y zN-`I}qo;*ds_Xr*+Nh+_)M@nmsE5(>-$&cjDkVMDB6xgubJKr z8Pr91CBMFHsV#nwtjnnJz`oT=eQw&?gx3lYp@jl-<1cC>o5uEE=!gH`&SNXoRu(bBsFQrZ}$zEK*BYsI7&R)5qe zK2i_j32f@$DeQ3XL)Q~w-xD48e>EtaKS}t%ZQ}nyJ1O||-@kz!=$yXvF{;Von0Hmw zxHa#~feY3_pUkAL-To46y=!D&`Yvz6-#2%#H;F5K?M5RmC-iu78Jy9j&^n(TKRLfM zMgB-$D^G*R+%JFQv4|SF?y}s7X*+gHYzy=*q}kecvx{_QXKVpf3T zmdzw1*$JW>#Ats0_oq+(u6?*NEa`G}xS1tc;CRzF@qqgRaz_?M4qS06QgIc$;gPl& zBs9J2_vyL<-T*}B)uab9FI68&SNXR+t9^HNK&J4)iD0FX(LW46=dTCsr?35AoAAH= z_cZ;uGYmyXp=dt-fLdpAEHaD>k$hrN@hizE1g4M&0>rQzR4V~?D}tnIi5XMoPO#B|o+ zHUPIKxMjgD0&Z?_Gusi`7CM7B;O+qTTNb)5tz{{y z)tqch%aljxSs_h~CLd3yG2)8WD3OCrKFQvbNB7!R*kft>aS>KNEf5q7N5C9|F$ZARn~o1@=mT-WmldVb=H&bTKox0 zrry*&bt52W*>fBr6MQj@WAhz>_?G0q1|0SQK@X4i-$z~s@b^ttZzH$Cid(IJg6gltvs#i*LXSz;C_^Q2&b>Og8you!8`6P0*R)1IQ3mMeNL- z8smyC^jUEV4tL$wthv$p>H35up)vB>9if_+qqIPi|W@F zyVD+fN84n6d(q?gZ5~Z9)hRH){aUY6Y*za~Sn=|SPLgy|&eV}9?awj|_q&ep6TPN% zX!43sdgEEr}-uM*UP3y zThCNHrsN&k{im^xZi=#i(nk3XMvqw2qAbA?9jZJS(kx<=tUY-p>Fph^izhn8t~Lh} zP^?~kKI>xp;+&y&W!IVoKh{`sMf}vGpDm*i>{uxeylAC(=X#0A zi7sRNm*y7(Q>;HTSLe?X6YcvZLHue$k%OS`c3skLjYsl1tHSaW#$gTby`>(z3g=%E zS~9S{YJF(6&1sst^`6s-A$=;}Z)OwSexikO1vR`Sz6Jtab5!vKA;zkbm$V0U#-`h- zAMV&CyeB&PN6%5?T?Y?QpV-eX(0<8}Q>kyhW5ME7Y>@yD#{1fpW3f92Q)|5StuIp} zl|LM71P43!ieFs4_<4xDNV}{m@zsggF?SAKgV%&1jZ1mq^Vf8)u!QLt&NdxD&?bMZ zbBR89fey)QTR=4v(K_rNrK_nN+Uocx6xsOo!j%LobJE{_Au|QV@_yVVZ=4QvKT;s> zpOJc&d4Y`DKD_S(+uY3C+%QZ<4vE6}{tKndUn$||uMgOC1*-TnsGm;S9z>h*G; z-o!_|>*5o4I~eWAOBQ)}N%^D{kAkYr$|)N)rv3GVB)9je zy~Jj7ajrbi3FPL|CGw=q$P1(yY1157PyY1Ze@Qr3@1XNkVerenH)U5_v{}V-^4>o> z;X@R~M}FnKnWKSbvrCW1)1t-e&OyR*QDKJ)gnqYw9{Ei70vYvSwnf$WB&+d{uhJue z)+dc zXa&>9{zfJ_^yg8j9~!fS-It{^X@BWFEu9=LAT>PqoLZpwp{P_$)XTa4568;vJ7031 zCU+vsePJAXhhX1~AV@#sS`*)A!xXyfL;gJgYqAGH8Vzu=7!}pHv z2KNw}Z&oW+ML&=qSnSoklrgk~sbmkjk;Rpqqj>5=S!V%DWm-e_q&H)M#`DL|brj7x z9*Z8CdFw*7w$=Vc!ztoPh0kFL=uEus;Kf2`#E ztE^(SJnvAl&Q7-9p&mq(HHoFBiTPKZ4{7UP7l@ph3R?vISdp70Oo4a*C z%W5ZHEq^s*Zymo&HegPgKy%)JqGqNeJ|TP0P4 zG5x>J2)pH=L;Pau?`c|zf4XdNA!DZNvF0I$ufJFMRyb{ArW>u!YvtK65XN$ttVRw# z8rvDOmxjsaT-}ntY(jMQ*>RKKH}flEnku>LZ#h5BwvjfaaI@E}`Tk^SRqJu7zPx;(tz%aKn%$g5qt3S^im_oITI!PhvxXCXg!gGFV`d_0 zi&rk5y(=bRXL$L`xrYh8W;ydBCsSzcgG${!klkzu=&K{YneX&Y**;mnIO= z$KQ5I*z8()Kkd16h5uH~?c#6-6SC8~DfJn=r~5d`Ya?>fm|rPXt*Vt~{HTAbK6Q^H z$(%;Xc{%L$kpvOi_t6A~3|*_Ec1M3id}R8R7j%T^MpbgU-T7au%0^%ADnFv?T)m;1 zw)9Kjl%dzJ$7<~Qfrmvx=MTo@oT+ha*WqcOCoX<-{(1yMWs(k^U!h;jt!KXHsYb&Y zUgp}0n$90q%b%#1m+l}LUq&VB#0>ntZ*la2sqK?+nj&6u-n(q4=)A~RekY2q{-l3x zxX zun93`vGWMVFyk_p3wV&NZmcZtX zu+kjOd))Q8iY1CTPgcn$!z~=yqn=FLFB|s5PuBExkzHd#Q0YxX7y%;eLPsFN=0`&H z&uauaiL3d}I)j8xapLd${M7Cyv6U5g9AK6OWfj{Mmr{XTc5t1aXcn;=i5`| znAZ>Y@VT|ej+PzP_)z(#hAvX+AmvYWy;<7lUfvFdDwYlgPeg3EPk#|tV!eM_uyzPZ z+k3G@=%oIUQPtSYaQz()W@#AF!{u_ZNP6z~IZ0mP(mdkMhyzkr5M_{1U4u{}oAGezpJ01Kydi+JZ}Y{vCZ`rn_y< z7CY+_o5!`&5dK;X6^(FuK>ImY-kt*aZ8AjnD#=P&Wrnj8uk+l%ZXQAVNG8#ihk2%2 z2;C+me*?7?Rp*MSVt)O5gd{g}7?U6ez42E!^H;QcQdW=sv1gaGcP8QZ^M{f86*(t4 z9|0=~g1{o`&moQRAM=;*5QvOL+JAl6;ixk}dOGV`wa`SG-@xk0Hv|dC7Kn}Bs;dh7 z1hF(fmN0 z4HoqWCrw53WZ3Lm+{4hl(#LLq> z#6(*36dfb`Yr3u5hr5HuO|`D4V*1C!tO`aZ5K~V_sc%-_H(sr=9=qc%`%%7>bxK6Q zhP3o$NoH!pOKYxZ7Y}wvrbB_vao&XWWVOLoGEb-GH4`P9>THEnr`jqxqACSdy^>~} zULb$xyEa6LDqSIwc|&>Hvg!7Vp4=&!UmU~-4zqAeq!74Sh6ZLW1$RkHmkOu$`Mg%x zd4}qR!O_p}Lk^5uPwqKNxEi6m_kK_^CO_)uj^UPoQiDyFugeeVrycIJj6!*lEbm@^XCuCO zkpodA%)Eo|ptRGJALXHyKaULGlZUXKs@aiL;7cz}?VP32L#OfjLFcRPgoeA+Lj+Pw ztEc@ub3aWS^PaoRi)n9eWj)#d#G{t%&bwT_W^3B4GYtvK1g|iSWi8UR_en*Mzx#CK zI)lt;xX*)#m3@dWJZ(=`iv=5LGv^y`(`TfIaU(j$Mq?KJFVS6;azyZ@OE#?X!tZbG@-_;gTWPO4yB^LATm{lU{?64$y4Ek~$NwNSogXSXLHN+kH?ZH{T_~F1a=A@0~GY$Ce{VC@aPF@?v7+*}>t(uYTyI7G6VnpwgdW42x=A&x6xXD|$b6W?@Jo z2Dp5M`o5YU;`}UVvFJJc`zY~i79tHky;E)bKUDIfTtakL-o6e|j?rFh5l=I2uz3*E zFuWRYh5^=+B_HT}XEf|H~J@#uj6JN`~G&=ApXsCN$Ar|n|9KDEtBO3 z=LG+7JxU_XD%2*XwBl%XNq#goZ|*0=nxEb?Mf!yDQhvtmD&@wbe?p9%mgc@|MU@<} zzD7NLCjCBr!hy-5($5s}*2e~W3jUx>Bu8DH5cTbZBu5qmraqkM58m))e%2=4`y~M{h?Ylp`IWU zBrP+=+zxWDG9^iWkrGgFt8_KjYUXL)l~EDN2REH`j(+AvxD2>bG}1h_`Z!=k+K;;I z&yyOMSi;Jc`a^7YI-!UhSLgajycttt zzx`1RO<3+)8hhImzWid~x06(V;=+SoZPZk{>xeMBvvpz99fbNMO@;+Mh##M#CWlsG0&p7gHyEK}Q&=Po(BgeV(`rXg82iq*p zEjAGTYUqv7GV3mHHYQJFeMHk!+I_s7l6u+vy>)L-|46l{@-|9=cBit7;UkptZ zuSp%1e<0x>7Zs=VBh`@b?rf0pxGMQ&E*(+Q3kG@*_jvo$p(vg_w{JQ#f8|uTkE1DL z5`8dwNSw3W?|#Z{)}DN|N1QC-bScGG^2B$RbnG9=-ml-O&)EC@eZ1xKK9ip#b3O)M ztP_kUC|=}qJH`0h>&?envt}H9-jYCA>+9FrQa;yV=N;mZhRl!3((n7^P)i{FwD6#G z{^WNZ6MjGDgIp4vev5Of9ULZFLT52OCNe9PZd&IU1xSuRzJAdAE$xR`{_}yX9>&ML z%O>~5nNsM*a~o)e-Tm`BXtg4^j!@vNb>RGMvC^IP1fmq;OAAWs3cRrV#vs%=gH_mq|2{2ZTo7M5`>Qs@1FayNb4JUB`2q7r-i8J zmxI@*gN7od?s#;djwlw=D#VHX8D@3Ms1!tc6fUF-wY;t4Sv?}5XBAjWn*Hsv%ivFL z!>X@rWCU^#UrALn|KT5xrLajbJWLa46>+%t)@sn9o%$AKpT@}h((mgYA$WXndg_jam5c*LcHQ)++<~h$v$0jDrkx(%e88bxd#GP# zDS1w*EHTm1@SALnB71%BbJ7LyntLR3g8aJLuz<^qs`V{nUNw`0PsOC<V8)OC(+Cy2kN<(YBR^tGVI-LOjES29b~VT{E)ZW zBG|Q8N^g>+^$vTCw{+G9sO3v48t6st(dw$`ZJ>GNRlu%H{{HKu?9$dgLkns*6M`%1 z2eqqeoR2!uNVL2Uf0W?wGjaF@)mY!<@A63>_Z&Q%)HVCbBKo20rCjot6Q4K|OZJEg z#GJovQ7e~L$ETt?Y^2LVsyuPoyJ39heM`!ZyI%ZJ*KcSwP+W-^AiH(p=IcWzY;Trx z^J8+{FI%3DKH`JA_eSMpy@i!R;-Ax>>x3SkK779p&EIO^b4MsXt+3Fguf}3**=Owd zirW__`9i8E;&SJ{aORHh2#7NL9Zvo-vu-3Qhk!meFr+iGUid(-X(sP@VvA_{bhhkD zo!s$H7^Ag(y#FXV3UuJB7DA1 z%wZL!Pw@poi}`aF1_}XAbm_<>_aJ?;u3rz#ev0iEkY7@W_g>yp|K>*cZAoU&TNjC% z?f&d&EF$aqjd{jLQ9V15c)a$Ly{u`nUK8Waz@#=3@wo0P1MLgMAF`4uUY;784)>S6 z+(3fR)-h+LIC}Ht9L-xlL}E-3QnYrdu<)vzOkJR@Z5Lw2qI}bZNbs%lU!ZfdblUg64PWTJy)S*c|-IV2};@EA-C<#nhdTu zOl#m@U4Lw`LwNKN)lQSWf( z*aMb#9XbgN7b(5#^M~B71u$}u|Mpu_ZZFeU-1l?e0DG(TQbVoOBky`aPChbJ!c+Z7 z=|fHQjprVJ+4)!rY8_rCE*J0F`ApD|0`X|IbquF59(E&CC7%slO4iI<7Qg!B1f zmNUC8&o`K6A*RpXEIRJfbop{+KB>2N+`U4zDUO6wv9(`_$!V->zgej&jE>oT&n=Iu z?gyWZ{&AE&9Ka&Fhe$1e+N;;I@pee@(1;r0%USaSb3ZO+-wm-M(^y5i*K3K?k zqcY$6ta=)rGR)>8oBlM=uH*OcZbUyjhqVUDS)XENF3-cRd!AYz6B8$&P)1Fr&6a*( zz5Bgu-|~gLYkRC)_qzUxy%bII4BcR%9E5g%OF;f4r;~EOV!Zl+LUBKK}@@-1YV$SE1ud#{B-^iK`YilCAqLTNgW-j34Jj?~M2n<-!ya zJvVRFn>r_zrzM|!sl9`3_`zedUz&WgTIzRe>Kpbv-Dh}DA=%uwv+QK-n`zqK-lX^! zA$i}&IR`Ho`5a5Re%dH~hZM`F->V<1YkDUO(xaT^D}N*gb22>nj9?L@sTh|aDQzvJ zr^lp^Qf7`#1+=b>Q=?} z`?Db?_gAK`5!>Z5Qyr1sVQ`?o`i#!>RafcpsTX7E$(o$(1AaSXqXNx!$S(Y92|wuM zRa@lDr*)gMi=g~f`xxO}ZX1id80pZdkGB}?WN)vG>-w;E?OZ;_pTeNjb@{@ZV)tDS z55Kd$Xw^0s%zFa0w+gPkkwM-Yd)EW5hLsxKvWIh~|ChnE=(Y zRm|SkiDLn6ndYXEyz?y*&$ATte^GjXZcByu*H(5hYODsTHKyd zl+h(V39I8C`oYmcO8(sUn5FC?$peP{U8HT#oh6>vKQ7p`SES^SY<=#$bt z*+PPT^R+)7{v)?^()~J&b=!)xFFQZbtvzKw}je`+bkZ?>^^JUiWKd-@#cn9d&u(SDY*|Vow63H zalsY8XB3aelQw=Xj~bnSc*G>4{AFX_wWu8@CXopy(0Z6 zo;IME7$f+sVRG(HV)`yn{aOKH&ud-Wn5KT_`| z+R0m7I$-PI+%SFZ*5^t7(;Z`PaumjLs%|=4QOLy6DJD<8cttWMNo!-CC>}#G;K|`$ z^L>QjHZ7Nad}!X{AiF`YifPcdJ>pzoskf}f?PTl@dD>q}`{%AH>yU+IDyUPOq;b?J z+#UALA(r|~A+LmzA$`73(3i?~CQ>6oA(~yWLDVrx*Y>sVNABRMcD)fp+51B(^&4@$ ziT5LCbK%S#0%JT;#rMnzj(nYn&AXR$ZQ;y>F6f;RroJxT78ZMu&;icz3pfJyB?4Cj z*hB!{@G_WSp)&^en(OcXXHO9SNB{L$;s4EW>k-x-ATMyA0wjoU2JVz?>Evv4Z;n0- z{E!jhA%(BqIZ%*Ka-Jf}ig-+Ml!rsu|KhVWb+uPZ~1?-{YX%gsl7_heX zO$!Wr#S?^;0Pd3j z0c^SI&#cK2@?Zh>I&$$d^mYZCh~asBIJcGGQe3`!U4p>=NN@)s7=A5lm@wQE24-?& zer=B!NQ3)#jN{^A^KjM!r#f%&`FMea4!>sw7YNHVy(SYQmk>+v6AS;na62Y<7w>>I z*4E31T-?gr9$Y-r08p(UvUWg#pZj63V;D#iFaIMT4z3ws&!mgO#aYh-#4~gTc>$rq z3c$y^fy?V52oLwAX#)sg%O!PoLze65>3d_<$Hf^W3_|16Gh5oqJNehOGMoCjySaNi zf+Kg$0>M#uPB0ceP7a6zzhhDZVWFHX0d8RcI2<?_LuYY@pZwe*18^^{Jp_16qYY8yq>$8i+{j+@b&OrApB!o>mg z;sQ>D-s^HK5Xf&spXmr#*V{16?A_Mz2zRV~1825xv2IuvvHwOu_|l_H>wH3cFbQZW zB?NTfH&z=~4&jV;ISxeP?Bcx1_5o^;G%P=)L5IvHhYz#|8(FROJHVc{MKRGO;OHpraKao`W@2y2@*F}~Bs z&&x3Yfn^brx4S{qEf*0;w;u2a^MM!4n-S3301fQ0=no7s!r$E)>^}$fTiesk#}DjH z=LKlMwmUA&Z zmjXYtLu>kk*Bz)62w>CjI-v&oM0^>boPOi@#_Gh@4t28{03T?$|3cct1AOEF>2KE! zNkD_Tu}vTR;iiO+zMHL!(?%PE`}cXS>B-u701PVDYkflx@MVGJcLw>uI>)mF%NGb} zbfEm3_23lb5y%x^zc4}?pbY{VK0T-hmjJB|(C~KC6O0k?{!pKkfE(61=w2Ot{R2J0 z_{Vv3Xp#8o=Bf`R7$RrgbHnZWdpgY?XRJW|0klqZy1EaVT!7d&Dw zSjYH!hjHKqJ>x+*DNqi)+|0n34Bzjb1U?C^Fh z0R+X{Dh-g27U09f#RF(QxYjxUyI!9K;p;c)0OS>4J{TQdoAnxR1Cd}Hh%X=XM*ufg zFZ7Kz3I*o#N z!2yhu@$Ckd@gtx`0lDD0hx#=IXucra=Kh8N%pu@d1TU*wz`Z%03&6dt%>mvKVBf!u zYkNNi>j2-6;rlGDO>+q(@Snn^yKY}L%fM-EppUHy-1C3zd~k6$I9hum0eQmu!qXvN z^neC+881I5D+xe@{oLBP01(z={Jp*7$8`8~VH)`U9Z!SuJ^|9j+P(iGz3ue^)5F&b z+~*t4owoG4Fq8ixO*$~Q+T3O#KiheP$*ju=D8SnMXl))Ag`0Q5Fz}-Lv$lTn5;xy+ zMuX1O5w!8O5i)ir2xcQ&W}YC-=9wk*-aK)1Mmq+A76_IX;EK)KWEBi2w@wzBLEb4) zAmD=acMFsY))fnQ-b^n6^jR=QV%cE znJ@suvpL^YK(7bk@p{e#KAs9^DI!v;f1tW8J&8O%F2+%TcP z)HPmzp-ld}?SBIB0(Bw*#KE`s?Ya!dn|M8eZ5-MHIPX}(#RZSp3$D2kfU-jUhT)(+ zMuM9J&|n@Z;2BHWDibOUu26I#!nY78`pe!*Cx!JZOiYp5pgD#?#hR3~wMd z#z?@N!uhxVPCp;)hz0Ag1jcF8#RTT=o5voI9|=ICI|qJ8h6@MPOBv8|6q(m;-)rFB zYzMCZH{>657aMs34fgaj_1o$0=O17Rm&lyaIG*;ng9U*ET)n}3ia~rhUpxz*q3j{8 z7MJHnF9Bz5*s146=ku4k2T`#XOk=(M;%Kle+sh1PIuG;5jd5X;cfcCO=CQ{K;D+V1 zI0E)dcgFTsaNq%LJ#3)?Ay(LD|3F_~uo#DZ#^tyMXFz;d?{M4)FUVUOpus#L4aySo zmW`vyfahc2mc^kQKu2)PgByk&z_~R*LXh5tb8qiw12%2&4LV+I=j#lt2>u6#cp5N0 z*rjT$jRP4_g7n~pb%P4Qx7k-WiRtbX5YttITlyC9_I@20INXZ26e)U~46G$-QKA>I zNQx#V2W~S;G$+JC3bZ2DO^P;!=s=2ggXl|&4u%*-iarZ5g%q6$F^3dg4zZLJ-3qau z6g>#BjTF5EagY>^pa3{ail%{xAVYIPq$5L%Ky;u)t3gDPp{*fGk)b^yYLTH6A)1k) zZ$fk+L)Sy3qeOQ=^d&=&LX@IHe}foBhNhwfm_mj|LChgT>q0CgL)$^DCqo~H*hYp< zg*ZrtzJv9rL_dQ#ONM?65kZa~gh)q@UV(@tN7GONlp;q9LDV8gD?v0PM_WQfQlgz9 z&QhR5AtETz=@1>r(YGL`P@q@Pl?uqI7o?hfapt(j)fRS zj=l~tg&f@gF^3#I46&3PO}GPKJvo{mVjDSH8{!~2+5zG$IXW7mFD1GFB7y?_3}O@| zdH^CF1$q@?4#=Md`ct7LAktBxl_4T2&;}5tDA0!?YEhv5A(~O3Pe62_K&L|Vr9c-$ zjG{n4ftW&p?tz#?f&LCriV{sn3(%Je%?GiR0<8?Oo&v20v5f+40a1$zeF!4%aso?u zUcj9TFalr+z;gg|0Nw`Z46p$p7~!Hn0CWZT10XnS1FY_oXvus1qiG$dKsWEKyrFkc*Y8v1t6HqqcH%% zoDyvXFaV$%z(9bp080Vp00d{jpq~H)XS$%f03HYU86cS3p{W>H>Fxj&2ABs>8Q^t* zwg7Jc3!`02TwR09XO=1i%*n%K*Ly7!L3gzzBeZjI4B#0I2~M17rml z1yBTFG(cs5F#vY~ybI6-U@Sm8fF}X^0=xG316U3)8(EJdlZ-p=zV>hUGSBIaQb17DHo!Ni|n?%H``phTRpZ&VSUDft+frt z0Uf&t0AvZ)$04(8@_~f{=QOQpI__n)y%X+jH4L`qiE9_@pwBuMMQJVZHp_z+iK&4zVo+%Oh@di)%eN5r9ns0n<1ye62!O0cqo1^cL}N z^}&lDm&~R(aDfOa2UJ-+1KYi^0s%{#|Ir@~q3yw9-9OpFW`Rw^&&9+4-vZ#`+dFyr z;!C@k54eD}UckQ;1MB}E%7OLAGVymFvHtF$;eqV`QUtJ?hBaIN#vb&?YyV%kgWmsv zIp~cS@?QnC9$?K_LOK647r3|w6z1<037VPIx{2DV99XX{hU#zrcys0Nys1?|Ca?|I z-4VQ{!8<@u9D`UtpylvGj*VF(lrQiB0t;|-Isy)Z!V*BJwIpD0=WUG{mj;*&;q5rK zpTNf48h z<{tohBrj}`Kwxp#R*tYv92;Oo+dj}c*w4`yTN|KfM6Pj#JC18TJ)C>fdoZM``K_K7rsYKU`oWG^hUzho!;;#PBi% z$C_b#=Pl7-fOYf#FaB8RZi~ECCZK!37X&`KI=Xv;x6ue(bH;hO`1$$xAweSz0Amy6 z+S?r{ZN!=ftQhEl8&f!A`(NaGW#U2srN>6!h=->D-CDDDP&pC!bJTDq1C$-aKyEv7 z4U%vHz|tggz24SiZ;IpP432e!C$6~zfx(g>{)JIwupc;A4xiQ5KwG{1-GF3q<-{eq znS>QFTvmj<;YA9%yp2d(lJj-}h4k@u!8HbOJRJ7yIIJl^;v3#tbz?0YUL7C_G%0L& zSYAi?g^?F*9BV${6gl|K7B~@Zje>mv0=?ie3Lt`XTtU4C9C7!@${5?ZgLVXJ1Ae6e zpKxYi;}NT}(97Ay)iDs9)VC%DEM=|UL9Id;U~b;Avxv9Fd~@ELE?Qs9Y`BEYqeWdI4=Hozwso8lpzeO#a=30TV> z%QbG01Yb!)0|?3u$C5ZjT4x#OUQ2UxJZx%fjUIY#wjBOmV3dyx0H4s{V}no4z>x2Vkw@ZmDXN9XCoCDvU|Jukm1;;j3AGjijT@?iLt$!{Hy88ec7yxWv zE`*~->_T5oJuw{*xDS9^4fpH~F!l*C9Syjx!7YJ%b_2Ky?tXAHKLzguzzv`I0rEBw z(`5pz1NR$nkAs^C(9VN@CUew8$sFtg#r44 zI~m+panE%C)1MR5p}`#j?mf8YlK{5~W$koE{G@yn!gW!2Z3_=A7;XV{Eier813ZEy zRO|)aaGjUxFK!rSd-!eX`~PL>7TZigrdV7Xcv)komTPLEf)E8gx{E6cY;aAAI?D#v z!bnkB5Y0$Yw;(!@q8>o>B}Fwt#9d&G4AlYLU@Z(a3J|P?p?+-g2c4FED3Fl7D>%jU z2x8p{_pe)bz`l3G1;hhBG0`kGCrzd%M~@Vo$WxH?anT25gsrSpV=HPxwb1-~p=<*3{MuEMQ^@>q6SAvgpj8*!qXiL1`yy~q_->h5B^~geh6D3e>?jd_ zhY>c0CbBaBM4__QSR750f0G|ef1z&_Ai1_!#5F2-e7Hi~xeQYZ^;{U~Qbn1t3`Srilg!*1Bo3 z0D`q{nks-`t(&G9AXt;983G8_&T0Mt1Z(9q3`p!6Jq;Qlo^M@Klb!a?fxuF@f@K8g z@bm%3Y5i%P3`XnzF2J0Cca*>otcAiqU>DcGOamM?eLMgxT7k2z!Fj!bo-S~e2>*y( zpTm)19^hbbAH1Jmpf|!~gB4&XH#-4mYo6FFu)plEciBYp2VcH`QOaftnBs!Nrq^O& z3$*cwWp1OftzfMNiTN>&gFk_00L%sF8eb5_hbU_M3+;1LsM#e`W= zYyZ0@AbQ@rzPrBrt@Ym?9-iL2Vpn%pSM93m7E!Ak#&js6XcXb0aiT&Fi&Vs=(C4kG zH<={d!w1JFQBOhrVQB?@)jK?f+S@uuYTbqoR<~@+RO;sB0P2sck4uvQbsJOtG3xSt zU}_U93Qdnrjig=x?Nh6lzGnTalti~TmOkg9i&jA&wN6e4D!+fZhyv0! zuE|xKjdK2VnqU5YHF7oPa|N9$UBI$tuC|ooLdgoR`;fLm{jG2@5k_+);tS+uZdwC` z=6I=6{?`Lf^X#NI)21Y}1BHmV9ncbqIB`*^OZi_RC=c|A^z--dr6pv+;)1590Dbd| ze!7tAM}sD>?LcYQDgv5lio6}|Bt|BSj!HX72u+SEi${Is=^~|Oel#^Knou_?IjWr~ z;Qt~oy2jKRU#9c%5(il(CdH6_GcrL_zvES>bM0*(L5tfHK-O7;s>WYINCQar%ECtL}*f!wyumJ10*e2NsWX7(FsWkag6Go zby*)1q6ZI-97vTPWmp&&=osV4yr`{v;s`ZOpPT&eX2*OpF?o!olwO*=vF1SdlDivHJRq5FfgG^;6xJag| ztCkH_c7k1`sl38X?$4rkW-=M5y@{x+qw? zQTt4Fhh%E+sY-~ceW#K(QqN^jSrSuwP1S^$%1Gr+OzkmMe`0Ensp5#Eh{q9AyH7Qf znA(G?wZzo^Q|%?DITNb$#B>v=3W({HtKJY(y{9s=Ro8ne1+gwaZasYbJk_^#*a^R5j0Vh^G-2> zCN+&$QK^V4K%Jr(WTG3NJOumu`FOhp1$*>zrDtQ0Ky?!2FV%q}7b9_+jEcGiqE+$1 z0d75X9PHyA@Jsk*U5r;ntG#Ji<4q_0@STLu_SAkz zcA%=8W*~@GMba;w<`90#zo#xLeBpx{VTtLQ0aWu9ap&~j$XZjYBIGxlgqb3bS^`}B@WGz$bTAvY-N#TiPBNYwke>sX%A(X;w zr;9czoSJVbV)>gQnQWm+$)Pj=DU{_s=(6~$6oe0T6S=%M5jPz{*`SN?q&8^KlThrJ zH!A8%BqffTpYb%~Vi?&>%i>pv!Yl7xUDE%y5b9#lHQm&86=j3!D$OO_$=k;R+?<>F zC&mv<42@NEqGoZD!X~X%i$=}dsEtcaNwumOweUneM`6{yB6YhiQf-YDPj7mEVfm63 z1^HW&@!{nsA*yph&(rAebjpaX1ayX3U7mF^#ZHGxTCv7D0(1qcIqN!4bY7BEl0a#j z6rdTCa4R>&CZ?*WPnS5{8q`7$sSXMo`!xGTYF|EdwlteFJrv4R z-tIz40Y!+im~{$|vU`Pm#L<9>+MCFe`l8o)(?+Z&dLV(ase@BeQ>DFQL?2Mvs{#c? z9hXOS-E)Ghv85b|KN9{S{8qSh>8PJQcR7Y_bF8}&PftU98Z?}JIY>YDW%l#^3h@XCjnVKtPn9Vc!_fPFZ_|X@8b4-5y z#+v;1e&tfspKbE%H-^4h|KIuP!n;tp>KZf-P3bp8p=hq?oHAIUvRA1fEG3$T!Q$hb z6#=2iih#%j1%1QXp|!K4%Gt4%+KZxR4>u4dRJ#8YofXk7TD7nn+QP{$miqHU9aVM% z!^0JJv5qQ*UGLB)c6M>`k!g|PbWerHDD1kW#HG;6bvx=fr-*)clJGQmu)@yIQDHYA zJ~lepZUEISk#-63>c*DB&fO>2!`I#0)t7d4tvr8kw{nu3e@}1sV84!?%jr7$2D=7y z4fc2K-XplTUw8L_a&F$Pj;i2*01wJwS&Ul$UHyD}{9EhUNfk@l054Yu5vyib)x56^6u{A@8{>El|8*&1H82R z9&Y}@zVw{$^D9wmF$Af*7@7?A^!0Z0bN8UE1^?Pr+fsvlJY18vtz`pJt9ea900-4fjC^goZob^RcB@9xfudjHKQKt1sA_4M}j z2+)LT78M^G*(@e{aCB%~GwOib4ULX-R5c?*LbJ#?S}PfuWakjCm0aECQIaR2&ZWOC}9_217SH~9$_M37@=3XMD9g! zCNw1|3DpTE1bsqgnnXU5kVqIv2qpYQ@F(mVE|LEjDUp{D9uo=)R|%&H2MF5x6TJgM=-F^1{i{MA-L~tfFB{U#BB@_|z3Fir?2uBIK2pb5Y zdnEE?!brjd!gRt$!aPF$UWxn?;RInHVFzI|A)COMo}Ph$OlD|Up@NBtsi|CEsZy0H zRjXF7UZX~>T2@vHMg96prL}dVMz*$1nlx+X;Gj}DIkjxrs#Tjd?b@|(@8aU-=Hbz) zlec&0&OSbVe%-ot@7|+F@7{rdfBn_3U;qB0pT}ZB+$z*Qc_dX z(}xWkF=F)SjEr&PGBYPkm^^vPlxfpu&YV4a&YXGkva%K~T(V@@vgONHu3WWh&6@S= zH*DCvdF$3~+j4St?b@?v@7@Ck4jw#w_}H=B+!H5GojQB=+_?)EE?v5OIWO<}_5A#T zf?Kx=3-8>yf4`{c(W56%o<4o?qPY0gtG938y?g)uzmtcZT^*gGvTD{jS2=|`mAVOI1rWu{tUMZAc= zqaTraN3;&q73SyEO$&5TQ zl9@t5VeJXT3SyGUoj^=7Q;3M=1Y%0hkYpp0#UPFm$wrhOxf6&fJ#sfBcLFiVMwFf* zrAHA{SYncmNH!wbh-7l7u=WIEN{`$rtUZC4WQt$2=}`d6B+!_gdWU3Ug+fn^F%k3( zNF!PS6vM1U>a)y9UG>k0euo2IP<233>(%h{@f6+zBKTlRJeL#cx5;lHGuq zikUz%u|i=%!Q})C3MMCztRR{6r1!6Kp_iU_?O;DLq3)Wb7FJS)2<=Oh9n!3Oq=EuiNa%YaR3BjaWEuPcmlCGu{r5Urtk(7o*+&w9TA;2 zQKG;s#DNfq#X*q_a?;C*&56xPPqHD&h9n!3tS)#ut?I&O7NP(M#G)`rrtkz}b7FJS zlT6_$ZDNwe0nkPVqA38OD1SgCDhT%EPR#7dO+g@L#EkT!41N{Rp9f5C6i$5p+nm^( z!pSL|oYv$SITaX1MZIkAzMM{ooC=h7 z3B**uB$GRZqx9vJzMRr0nLteGlT4Wx8`Ti>PyA^Lz|fGGKq_&5^vGSD7d>((*??qX zg1AgX$x)4>zGw{@g(Dam5fjK=eKU}|`l2Lvk|~@KF+n6N5-=7C5sWE)ajO|q+Ij@C zmWn$_kKFahU60&JHXxapU`%Q25sWE)J%TZ%tw%7XwDkz&u1D^AZ4~OJ9IeWC$i4y3MPg6)X>q($(>~JQWDaW8@U50NJ9V{Vge}0l>j!xHsp_r zoe{`gPVOXAI0CtoEQ&{4!BE=z1W{c21W~m5lm@xW>4uln(aXu5WJWUS$&K7WPeI`b zdX%<4L66ebC+Jb!`jiH_%gJ3%?s9S`nZgmson*?VdZV*Ne^fJz>=206CxWV4QYc7J zkh_B1NhT1JJINYnQR@q@1_t%WJAv4MnB2(&ftcLMe?5{3#NKuqp7iB) zokEvkib@=>`j~0INqb9qbHe|tJkR=I_2@TEBZwd)$S-+7sF(mi3YrA%Ocfqk=hDb%2hL%XU?~@4QYFMhzioNJ=`s0&8(`jiA12-SFzL0HPe}CUVMUpjn)8$8;AKfXT0OhtCD?&yq>HsAZX?x8NL^WRPHmOfpKay-YG)u!~HRE!bZs z*(W$eCOIiMK_Xz;RPs~sahb%#ow!IUsVBHZDsd2eTqd3$RsI(K_;0XI8P>-FIX;P3M9Cv!T1PA?A*Q(u5+tUPT#0!n_1K`qhB$&`XX0q$F2ppp zD2X5*LYzcQbHpT>#JY1Tte5omR`s$S-8~ab_aa@s0}_Dh615dHI*wLy#c3~KcQ5TK zA)5A3wy$xcQLl2UlrRyk&`~^M9hG+RiB1#)UI~$riDKYG>qDrL)US%5`2nGst_ZR+Vfq#=jkuypkhnO4%io0%e4=TA4zC}fc{P0gk`8j%B02bK3D zM4DqSh9-q89glXPQY-1);^`jO6q>GP)D);X5poi1HG{=e44r~%N}45ACaR}>=-en{ zRMrp{8lfnwW+5!@_u)N~HOo`fx1MfTO)*G2GwXNlkl(a)7?gxA2xz=&mA|HP{YyjROK~Ep#vhta*ZVw5Zo*sZXMANU)rmhV06;>W7zl zh%zQ(z^}DI+M=MN(yZ~Ii=u3noaVqZa|lzC%FR_%51^$)C##o6{3>Xg+*X!&63rh| zFL@Eyg_vcnnFdzoE*2`qtLOG<&V{&^)x)3~QF9$rLDK>Sji%fjHBn=hJHNkGr<5D2 zOn+0+@sdh6SV0f+u9~-w|L!SLj7|Nf`fX~r<{2pN32j}is|3oim`5)}hf;~WC!sGP zoDj#!c1k!%cu4p}kR#bp3ATi01P?-ILJT35Fo7_Gu%1xXzWYk{Mnc{<&2w5#af|fq ze`r|j|KDuKDZC5isfg10ufprvYZ?DP=Ha)qlb}5pqV^C?F*@<08i}PT7E}X}HgQ0B za|Z_}b?qZOl}3u%VK{c!9BqB*QFldTGs0BDDp@UZJYlMn;T`~ ze^Y)s{V&T8wK@J*m5(@A0%F_ZP49vs$R$#Fh*T=ikkR!_$RlJJN#)0lrSc*|2>~id z<#Iv@A%l=3_A8PfLXlv)p7R9g+Eti|9`S!~)7>{oq0J(aLd$w>{+g$ax|8t4z8Yf9R@_t{&;i=b2RM?RX{4c@cGsZmvuM^~(l|?yb7@D<1OdowDQcqPVD= z595i;jz=5c|0M6)C_tAdU0-cKr6bD8(C^>r{ioyof0+mB7a9Be)A{n38ixqZlNl!o zE|M8f5)3lq<$~oh<4uA~WXAi|dPC#WYQ3THHNgo|<0opC8GjT!OKL3XMrv}apF4yJJidt6@Rath$j+g~WlfZ?Z>ILq3?iQLO| zgLM6u|FRSGAG;RXHO%T}PgxJ*m%&Rnw^3a{8XH)dO55D0Ed0lg!=F8bvMB!S5R~u! zB$1g#H0utQdcA@lvbQXMQZ0}DrhSEkUy(zYT{8tY9P@cb@}h@dhG*5+nOxv zCH!hS{Si7|v+hH8EeoFODwPLzl**H|=ti>G*YThF;pA36ym+n(JFvc1tCKU@({qvF z(m~@tM9Xp)jhvw6JS~@x^Z&H3pgbzve$PkwFn=6%S!-KdlDg(L**j?#W_isJTKx5= zF7{WGSzFd+jb<0A5_(a+5F%B|1uG1dH3jF$ls1ABq{?=JGo;GSg0rQ{-h%B7mBE6K z%aqZAbEL}QYFVnx6kH@z&Q-Hixj}G=RJlXVGUY+RIflv$ff4VAkE&yp!m3f699k5cB5O!cSo88OwT%2Hyob1BUN)%CE_ zl9=jmr42FJ)0CdXR39t*5mP;`98FAiEM*ok)#u99#0kWI6H`5{yh}{=yYdGy)!#~+ zAoX)V=|fzWkHG`N`adT~0~qv1&n`b)nTBq1e?Pkb3G`xkJ*(n#^hQrcn)|NsLsG8bKYQW>*`fM);%L zw7!!P21h50v!L;$O_>TVIWhj%!a?!!2C`$*deO2M3W;P$rCwyHUb(0s6I@ETn3WE? zcRlC|Rc#mwiyjE!gCj%ZQWCU%PMXB7SzoDs*$YKRs~O`H#nMJ?gz0g~q4Z9>_>{r4 zB#G86iZs=gy4LtZ^>kurBE2w$E-1}QTWCU|SZb)vFPWQkS%6UWdQiphAr5oT5ov9iuiD@f6WC66hU9bd+L(DLrOHR#WKJPQS7z&MO_NI)~africmh z>9Ju{likPS2f%Bskw4UJbdjUanu-@ecVJfJ(RI`W`(N@BH9Q*fs}AG-0~=p72l zkv-z$2S-H?PHX@FtkEbO7&NuniN3EnzR3Y=Y5-Z&|^sV%RRZ4Gx3ap|oQj>J5s+ZpD@G zX3TMP%X$NqYzO0$osvTd&;`w>e*$Ce9S+7 zm3cSq0hL`Fu@;y8;O}vB_@?-3xTCI$Z??XGzF(5z>fJ?nPPH*CX>RQdr9 zPp+|)Ln*Ll*M0_xx52*uT=>+e6^t~w$Ukl!3Qg`Rc#q=B@Gbicdo`*UXSTl!V}c5> zZ?9dgPcfZ1B zR87Um=N7DQ4L6XS3&gq`rr`VsUZ8iiCN}xBf!%p+j&-g_^XYHyLWch*9?wnTUhq+N z-{>98@wtJ6FGXR8ltnPh!yf8Cj)&uQb1|XdC{J3L1(pK>!LjpKczAXuzql$A^FoiX zPf-@|^m84woaX^?flmD4o*>L?)`usq^vAl%Ut!n6-smxF2Mc^t1DzE^80+c*ZPJ}^ z;hO+(GR%c%4PW5ddQ;$@`&Rg?^?QEj+Gsp3`^>ZIAA*yw)ezmD@ zvzfoX8IS)o_kg!0mT+SJU9^6151!+0p4vSV>GR@j>hnxkp3{_{pldqt%M(^>;4!#+ zZ#$p=vI%58uFebTxjm!jHJCr2^Cl;DQ%SmsP-nYx2Qr*iguPKO6FXJjcKC_u@>0QvU5` zXINV&o^3X|4^M{IV|~Zgz^+T|*vYB2uuYLKOfvrhgVPn@S9%0P9{u3f@7hEAZ6k3> zd_OdPdYOfuwn1=c&0R}Pz~cJ?yc2s3CEM2VCS#7k%ldOs`DHqKO*g=SF$iD!7(nwT zwxCz11Pt1AfI!~{Fl7C1IO>^;XP2)*XTvSfwQfal?Vt~fy4J-ld;oiV*8qFh;cQN$ zUO46ATRwQYIUagH5w7Kp26sDC?j6z|y0xu_o1_g;|62{HpC1cV$F#sI^&enyyH@CY zOA0eb1j4IP9pS3=KCJgfirZ!nfZ(dv;gs1T-n7SaOsO}AJuB^uH77){zK2fYrZWkU zR?8Nyc5;K--K?PYh6uKCYc|BxPl5I!ZLnKK4>s}bQM~iR0#@H~#>tZpW59q|>dyH< z@x5z!VB00uc6mOUyeoh$W2QmBsP}Mu>33+HQU@M%TMnb27sA6@7vM$BEKF%E!S|-k zux@23O#a@4*R=YC`wB*KoAmi`km3k3d;}hWz%NXE0Do`00CPR}gGG8H-e2MiMFk~v zU+jkO6Q8lwQ*O{ViIREXm_ty>(1Eu%orNoWu0w%icZf}S%m?1TfL(r=vBjQu(9+~D zHhn_~?%A6OrH(D3xcCO&-eEa3EOBDXk2Ju1o1RRu`wLbYP=ocT7K$EK?!mmN!|+c2 zOZNN%LVD}D@JO~8npd66yx0TiKEa*`v|Wa?y*5IC*Vd;|Hpzu72)}3av6~Ujt z<4Gi&RI3F1imHQeTsnT;Fai!`d;z_=FS%cZ@zBY+BHLrQ8vQ0`qHKMN)80$D;p#x#Qtvr*Y%&0AwrIp(h4;or!#6Ug#Kw>^!3LI0r~%Ke{Ke~! zx2EzP$s0V%#8mwuSleU-EDY()0_R-D^~dh;RThD`H^LIEQk4Lyz+233o2*>2@?ZZpN|*Np@KCVGx#6`C77|u zrWbMaMLX_?chS+?0!Q0M;=3y6A^VYx7DK-RKc~|ebv}>nHj_i-X zvt_q1@skfrX)_#hPW0mWW;x({`3lb;(*|CAugXGNF2q-8hNpviV88j9uq}HC6o+rb zg~@?1YfS(K*FJ;wnwepE8jV1|%7t%VM&aB;bwKqr1qa`{jjOw@L$B%^`I2-$thFSF z%SM@#{i`l(R{RrcI9fn-z*$^<>M0EQx&|KdLO62u0Y8@nK;zp?k=vd+jL&n6SPsuYl zykj(s^lZXvZ2tiLH&*90pVkJmsYBU@O$TwyX&?O2F*uv=k50=gFf!UxCAlDOgzTJ-AKj z#$S&~$I4e0utsO)D6O0UD^ew}M?MqpSet>R%UteV!vuOiZp|)^$biPx?!)cyvrx55 zWvocP)3tZp-xHMBxh9L?2Wss-QsY(_ye-jS?&a zWo*sCI0$Jl0gB&0fztF!@SZ22ezX3}=&cmHO<2SWer`aw5k>GRxHHtM(}c6wJGe6_ z2!1s1fof-(qEFX&m{2?k8}_da2fT{06ZJEm4UqA!&!)lpX3lJ0Xe!EUK49xE&&0T$ z1-N_MDwsL_0W&G|#l%H*SyA9$R<{#)?OU#J&Lo)+Z+i-h+U)1=gHFM4c^5ukei=Nt zJ$sgXAFpP+vUC1npgggk&+AYRrk1$kty$x-m9-r|n|2Kb?^uV~_YC09sG)pqOg47E z^Oe2ZJ_%+`x5SN8dO-GMUwoMAk4`nmV~3EbxUjS#9A07u&m9+V8?)zF^27)yZ?B16 zyhB;xjS4VPvWmqV$OpY|F=+F?6Wl&m9jY%gp*PL=IhT6M|qxg^GM#bZzji`Irq!+lL)j$FdtUE8vP}8yIHv zf!3zZJjlrye;Tf4F#8%BkLk&p?x_g_CuQ?dhp%G2`tfk{b~U_Fp@2t9QsMdOOuWB7 z7GL}K!cJ5B!}8o?Y>Am8njK97--%c7n{iFHXXFbA-eSTx<*&qsuclydzutH>BN#@S zU50fFR=^{(<#>5{8rn|JfXJO`Y-#K`C^T)tzihaSHxg<=g85_YBUiH1_XY#M5`ad1 zKH!IsTcAc@5?)Fk2FIS}!tRI)?3OYF7yB-Sm&I0idFM`?fBZY_Eu9FTt470!+*s7R zHXk>dZ=yMhahPIc$W+5^F!x9})O(Z-_Wqstb;nm=H|!H{vds{-DqrAo*Ud1@<0kg; z*TZpxLinS^iEznbD9>r{g54d>@m=K)IM&3FXWaULt7&;++|-j-G=I0RQ#6F3%D@K9ryLMhtcczF;@o;@(!aJud<2Sb)$Jz`wm#scPzI# zSsO~nC-C|gW|4&pmtC>;b9pYEc8c zamx!UTUX;#+P8;=(+uG0op5ATZs5GXpTWoBMjSR@14m~iGBm}H`(|@^zYeN)9uMjN zG=kuhi9EAf7A}4G48KUa;^%ou{6XJtc+dYc-!wc3JD;5nwJRIqlu4biUzfgccdi3> z8ubvKjIe~JMtk6rixV5iYeClX8!*nr7cN)d4DfU+9Qzr^2Yy)(E;csIcI`WC)8#QA z@!<%b>bn!iPV0r!gIckvBG8)pV$^|Z+Y}n}La3pyx_Au;-1^RiIAD0OyH#A|( zpLxJ4mvj6t=P20ge29O0JP9sL@ZsTiUqBaL!2LZIgUiCN{MDrMxGZ`RpTE5_RIOhL zN2I@igQaKq_$O0gvi~+*JJKCyou9{FzWoXl_oq^S)EtL-b>bdl=fLQDUzx|~RIJne zCO_P{51@~;SKpcNaZ?n&v>Sn)!Vf~qzq8oH<`2pu%48a=Gx)|mdz!v3`ZEJrEtX^0F9Na#0i}_w? zQr!z|{R+U=z?#*ZIt%9?vIL7Yzh1O@F z* z&kA3`mt&*hx*T!xq3KJgO$LTooZA4B&If|Ji*^59;J z;i~;5o_h5imZaTh`L$QT>d|x2q_7|Ktme);Rrbdtl4-1aD97;dV>rG?CdL#dW5Tee z5N)o26WJZm{a!=%&(FTFBl;4~|NA7^KB#~;tCGM-)(zGc-iF;(f!Ch%1Ls_Mz;;gz z0jt#su%p6l%&eHp8~dujbx1mEb4!YG{j0HrE%88af`bM-w1&+(pJgQwd}kCJkn<24)G6ZitwzJM=Si$*z*xBE{Rx}R zOhk9r)6mANJ?_ig%KN3KVw)Y^u-IcOUdq@3cRo7Oceu$eb+0R~HVokl=3j^9`~qt+ zdMd0eY6AwbRq>v!9p=p$fUjm80@bBYXxur7+xyLcdp={a&bkips-g)x?EeUdh75qh z$e*yN^YW_~SymtU zmZIKh`q~nI_N;-U8z$qHs0jFO+6iyuO~IenOCiT$EtvTXM`d9)_MIqa#-kFklcWg0 ze47sLmD{p+*N))HTZdSd{t(FOyA7VT--);PJpfC~x_D`iKeXQe72S3->@&O{HiT6e z^3@4@besnDMnA?AQ)Fyi++nCZ35Iy*Geee!2t?UTh1-BYWcWkm`s*Uof9p7M^!V~*9Si`ov&cQeD zHu3XkPQzo*DctUJES_*$4w;8?AmGPh9(3d`Zu0&C^PERQ19wMm>#+kj`1C^Sh>K|5 zygqEN6bcXC{KRhE$fi>h`AhE@Fualk-A7M?9^qB^l}eK!VofCY=XJ&LS6-u;z8ThC z7Y9p&d!q6{JXV1BKY{EB5Ah#vn4TRiQLnOiSn-+jw4aMlk#pl%;n5vmV+3YTC> z;!qe=&>YtuO=1iGdVqn0nqXc#x*wcIz_FT3F|NfcW?E+*HXMD0Jvmzo4nIE3BbL2{ z&xQL~Ox0YxoE;24Z|B05l_}u3P7j?@jJbEKN4PNe0gUfI2_uhP1x3sgJkxkLi@25w ziEfL~GOz{)E$++iq)o$FiC6GPQYqHE>;+RYN2B4+5v+HYP%wMamzTJWqvzQpJ|`^- zXXhgubEp&E9@+v}rLADMU>^G#-~|_6Y-BTHTEUlZ*39m`Kh}9M5JI|l0?WVSp<6>5 zFWTpeCyMK$`=e?6pUcV6spd>^4}D@D3z#^I3zn zg|M!6CAPDvH}q?);9rlth5<{a!{7Z*;=8Fo(JVd;2fME3OZ<+a_qJUA*~T7Y0xR(I zp*`{EMGGAAz9YnCpWt~G2ccV)ws1IVJ&srx%CBY4fL8A(^G5MwAwJ8Q#ph4QeOun4 zwe%DokPXMC6+XkK=%LI^ZzURDwnK~aoiSiU61y>d83Y(!(^v6mQ#lg0Y;oX@ zEjr`(1N*Vxk|Nywt%yCPzPDHF7JO&>{V?>B7aVx|6Wf^;!YQ{_SghF0n%;g4d4r3w za);-*w)t6>`B;KZmtvsvn`yXU>23aY%TD}$NpQ`oyx{!pty7_VA<7TUeO zgP&U~VTSn(T-Lq@G=3Az_38PVU%iAiyt54#U$Wq(DBa%y?$-(9T{o

    6dGd}h2W-W{J6-!8s=e24gs@txv3$9IXx<2~_2 zJQ+{Ld*gla{&+e*J3c2q5FdJCHNIPX_xK)h zBfe+cjF;l&cqMMdtMOWVG;YTi#>e9Icq877JMmV0JnqK5xE~MV6Y#Sf1k5kE41RQ%}pG4W&L$HkA2pAbJWep3A8 z_$l#IkDn1gGk#Y5?D#qHbK~d5&yQaazc7AL{Nnf}@k`^E#V?Ov5x+8iRs8Ds zHSufX*Tt`o-w?ksepCGB_$~2Uh{!;wq_$%>OGyYfn@AyCQf8+nf+mcHqmrgE|TsFB}a`_}k!X!%KBuUaFOY)>h%48(D zLUP6AO39Uzt0Y%Vu9jRqxkhr$`HbgXC=2wZlByCxnpvtrwNe(0jlbK{TnM=-1=97hFF*%eRPR>itPmUxPBzH~jmfStLN76{{ znKYB7WI0($TFGj%mK;sm$%V#M$ytMmZ%p2lyg7MG^48>S$=j26B=1b#mApH7Px9X6eaZWi4znQmHa#TPx9a7f62D=Qt74B%cPf0FPC0E4bm`;(l|}hG|kdHEz&X_Nw1Jz zF}+fH<@74)Rnx1bS5L2zUNgN`dhPT&>2=fVrPohyklrx8QF`O_Ch1Mno255TZ;{?I zy;XYa^fu{j)9vYKI+pH8&q#NsXQsQ--RW8B?b6$)cS!G;-YLCvdY5!O-IGqFlj&5t zH{F-+Pp8wf({s`T>A`d+olWP`bJO{BAze%lrH9k=((}_J=>_Rs)4Qd2Pw$a7(tD=O zbSYgJ`{^J(k)BLXrKi)2(tD-%PVbZ6 zH@#na|MUUr1Jehk4^AJFJ~Vw;`tbA-=_AuerH@V@lRh?mT>AL*3F#BlC#6qLpOQW` zeOmhT^cm?h(`Tj6PM?!LH+^3E{PYFs3)2^+FHT>QzBGMV`ttM@=_}J$rLRt3lfE{6 zUHba;4e1-xH>Gb*-;%yHeOvnW^d0Ft(|4usPT!NhH+^6F{`3Rs2h$IwA5K4#el-19 z`tkG==_k`qrJqhelYTb+T>AO+3+WfrFQs2jzmk46{aX6<^c(3n({H8UPQR0WH~n7v z{qzUv57Qr|KTdy={xtnr`t$S`=`Yh?rN2&plm0gSUHbd<59uG%Kc#<8|C0VS{agC? z^dIRz(|@J^PXCksH~n9_ExS~9>FhGuWwXm=m(PMM%%UvLk}S=#EYFIp%to>+WLM0t zlwCQyN_N%kYT4DZYh>5Vu9aOoyH0l9?0VVtvm0bL%x;w3IJ-%9)9hy1&9hr%x6E#p z-8#EXcH3-wHkyrPJF+vfo!Ob$u55R9R(8AW_Sqe>J7#yv?ws8v8_)J+6WL@omF>;; zW&5+~?Ck8E>_B!fo5^Ogx$N9*K3m8ZvqRb8?7Zy!>_~P&cGv7~+1;~yWR2{eSuU6>uq*0YUlGwWnq+3~EK^|F38$WCM@vs2mW?4s;m*}b#-WcSVP zm)$>mK=#1wLD_?|hhz`U9+o{kdqnog>`~dHv&UqQ%^sIMK6^s;#Oz7gle4E}PtBf| zJw1Cy_RQ>A*|W3fWY5i>mpwmwLH5GzMcIq9mt-%^UY5N)dqwuj>{Z#Tv)5#=&0d$i zK6^v<#_Ubmo3poMZ_VD8y*+zJ_Rj2G*}Jp%Wbe)1m%TsxK=#4xL)nM3k7OUsK9+qv z`$YE1>{HpNv(IFo%|4fXKKnxU#q3Mjm$R>AU(LRjeLed|_RZ{D*|)RrWZ%ucmwi9` zLH5J!N7;|FpJYGHewO__`$hK4>{r>Zv)^RD&3>2tKKn!V$LvqppR>PYf6e}u{XP3f z_Rs8J*}t>@WdF_nmu<^0m0vo)On%w?a{1-+AP@5>kMkr?^DNKvA}{li{0jLM^DE_7 z&aaYRHNRSZ_52$7HS=rb*Uqn#UpK#Ae*OFg`3>_M9cge@|J^4gFnNQ_=^L_dL zd^$fnKPNwsAIxX+*?cZPH=oZJ^2Pj6emFlbKR-W`Uy$E5zgvFy{2qBDzh~aem-6L& zC2!@c`C5K7Z|4{0$MW@jBj3zB`Br{B@8-R{pAYgA`N{lLemcJ>zgK?m{66`8^ZVuZ z&mWLKFn>_~;QS%^L-U8_56>TwKQez*{^}0;`}A~OY@iIFVA0*zcPPS{_6ZS`D^pn<*(1* zkiRj1Q~u`sE%{sXx8-lo-;uvFe^>tQ{5|=5^Y`WN&p(iVF#k~g;rt`{NAr*6AJ0FL ze=`46{^|TP`DgRb<)6>Lkbg1%QvT)qEBRORujOCQzmb14|5pC({5$z~^Y7)~&wr5r zF#l2hz<-gDWkpD6NQ~u}tFZo~dzvX|=|B?SQ z|5yI+{6G1B^Z(`Bic1xjE-q7Cwzynz`64L7A}Zn{DbgY<@}elpVx+i2amC_F#g&Vz z6jv>-R$RTfMsdyJTE(@C>lD{5u2)>YxIuBl;zq@di<=ZTEpAraytqYi%i>nWt&7_f zw=K38qs3UUqd243S)5tyDs~rV6}KyHU)-U%V{xbA&c$7d@nTOgQA`$7#ol6HvA>uu z&MwX=4ipEAnPRq>E6y$Ei-lsbI8+=i&MVF@juaOZcP;K#+`YI*(J1a&G>fHTxmYP$ z#cHuu94*?#g~hRAz1S!=i%zjs951>>ujm(p;zV(>I8~f3E-LO-+`G6>ao^&8#r=y1 z6b~#OR6MwNNb%6(Va3CXM--1N9#uTLcueuw;&H{}izgIMES^+6xp+$P)Z%Hy(~D;m z&n%u*JiB;K@!aBh#q*076fZ1ZRJ^!&N%7L+WyQ;jR}`--URAuhcun!z;&sLAi#HT+ zEZ$VSxp+(Q*5Yl&+lzM;?=0R`yt{Z$@!sNn#rum76dx=;RD8JjNb%9)W5vgdPZXal zK2?0W_)PKH;&a94i!T&kEWT8Hx%f)))#7W#*Nbly-z>gWe7pEg@!jHk#rKOJ6hAC} zRQ$O3N%7O-XT{HpUlhMAepURs_)YQK;&;XGi$4^9EdEsdx%f-**Wz!*--~|~|1ADh z{JZ#1@!#Tq#kTTN<)zEZl$R|pS6;ph%CL;exJ=5l%*wnh@L}|k@(Se@%PW;vF0WEv zwY*w+_3|3!HOp(2*DkM9UbnnndHwPR^6>Sx%LE%YEhka=JXb zJf}QR9xP|d*>bKtx128*%Ej_fdAK~UJik0rUQph(yjyv9d}O^*-m`3$OXYI8Qnt#~ za;-dyPj_Ef9xK<&jdHW>lw0NTvRn4bemN*llqbtm<>~UG@?Pb=%lnk~#V5<}Up}CG zVELf(!R15Bhn5d3A6`D9d}R5k^3mmE%Ey+ED<5Azp?qTbr1Ht-Q_827Pb;5ZKBIhQ z`Ku}p?qWc zrt;0@TgtbVZ!6zkzN36+`L6Qa<$KEamhUUyUw)wcVELi)!{tZHkCq=RKVE*K{ABs5 z^3&yK%FmXcD?eX;q5NX`rSi+=SIV!JUn{>}exv+m`K|KX<#)>OmftJCU;d!{Vfmx- z$K_ATpO!x>e~wSe|FZm5`RnpG5+MuR}LmC%27H9-LlSK->ix*@V|x z{q2qB%0|1_Yj-xs2mPa+Zo7Zlj>0UP&5icv+Hm?-x3k*fG^RIKJ3Tu-$z?M1*YQ`7?cJ{*8qrGmGQrdj(hMB^KXdT<&c4Tbupf?CQAEm{n56YL{1GPN@}miDh>f z>ocEPXe_lG?X^~;wYl6qy#-wZT3%Xq!>dc9W4kMm54apFEt6ntdC6h6GxIa=R5R;r z^%VlqjM4K`19n_D_)0t?eCv)%dTCdw?Df(4N7tstu%VN_as zwcYAY9PPB1t!N%DV|%EdNY7-eIC~8*YOf(;&5Sn2XO0Lee(#xHY%DC!PtWXYEFWzx zAA_(iDhuR-Fj7=9mCVI!AT*O!W2@WVta59CEFm@r8;xdfxso#Ks16&(Ye{!-PL|Iq ziN>_R8Zko6&K{T=pV69{nmKfEYJPliYEo$%Ww$`+L`djj4V3)MGb$97vBj)&wlH06 z7aNjjzth+=BeL4N#}j|w)C{CQFnz()g+92*U;TKggR_=ku9biYz66BTNI-C%1cdt%pf6b*-*aH9(yHb>ic+zU8}U^H%f2+Tu6cvh zMC_m5lBTxcRt^WLa++IPjg@A*F$rzO+k@I$2y&@XveWkV99IW>n8_k{^bjUQ;TbpbBqfWj8qH&r7 z8%>L3tv*Gj#Ym%d%891H#;WwwlG#rl;q6XDs>`L*jhX4m3Ouwl6vrl-0gKEPp7zk< z-rY`$meq=q5n#q|i)W6?$VT4=Qx;?pt*1qQP~eUPIAnGIBD}HH=(jP3le!mRXJf0` zl`V^rmGY85MGd0Up>mf9LkIEK#7~ zwbo{<%bBcDQCwnQw&}$qb5o`>=a5wjBI;(uL^5J@&5h1-zty*gC7N1KF~z4ex0=hx zVA#h8m~1G)2scHRp;0Nd3|>suWODUc4>oJEJ2W$WcxrxO{6NK~e2S_?AJ--F2~fSQ zm_v&bTvvMNsQ}C7G~}6`!cCPZL`x-8H_}MJvL+QrYu5riQTOhy>I3amf+kZ9>3k1Q zFHG0OPlumYH6@)2U)c+meuwqx-ZO_ zWzT`Rdk^CRn)209SH{|yL3M=5Q9!xM6-=#r(i3RsFPaxp-$bg?3ux@b4v`8qm(J3K ztz{XzJ+@-9pn%GPdf5i@6wy@3;+1qSf+d)Uqk2LPwN80S0x+heSRjU#D_C@OFozex z<#x+MGFA$;iH?9!D-SmVYMmC*GF;BT*IwJS$P{cW_hskC9HN0+JSSS+_Nwf}HAhNtgI3*?`Tm4O;4Yz_L2R!7d(DPY&I5f}N6nSQ?CTpQDi z2NVEVh^(b`)>1@(+l%-qly+ohqH*3hmM>^vCr31-S_hX^=3r!r&Gq%h>I#j=E2QP4 zw2%XPtS7Hl@~9DqT=2E%Y$V(ApxebVPUFJP zl9Z27PEOP|#ir)$Ms4>R%grtF4l)*JW~Bnxfq95Yb+G9Ob!c(_?ELiNk;e4Q-r0s+ z%@z8qB~gXc5?CLaa?aF|X|-bFfldm7kK*pZdf7x{0&ByI^W&II$R*+`jQCZMQ`qaQ zH|{}jb?MAA^m-uxwUmgT_DUiJ<*FrqV%^Yvf7^F|vjoWV3b3OAJfN{myb{-Hq9UMe#^c#TKnVGc~;Igu~O! zM?1YfFV4v>S`%1f!rj}l%+%U_}~*K)rr^eJ5j zPtTcSz0+%vZZX^7aA$LqdM)vL>ohurQ~gG_)$fX$GzlR^mYLc!7%-+oSIN;7Qg#tbFZ|P25Y)loWROjx4F^S>}3jW6rJM4mmx?m9ti5+dWH#xM5InL&&{JGTZwXpn2 zT&oR?O;%e%lGVm?d+VqUthYB&4vV@Ws%y2eiE&7yuQZA9U|rPPDzvlSW`D=2uhf=! z6+@<@oxwU)h^jG+g;pB6<>&@TKd571VY!oF>ugxI!0uUEkY>{+)$EE2w7HZ)6UNhL zl9d89BB5mm6{hCcXbXK3ogBO-qDcZ+k&T1Mx@l2>i-x8ASsg(jFrQvWR0^^6jt=@O zos$}%ESFA`4^Z)hzd8!ptVU{?1I>4|y|1@>*n8rrazT*FB7Ul3Z?xb(w1zoEl4zCb z#0&{SV|kF0GMH+s8d-rsbUUH}Y7i-l0%!z75)Yvk%#bc;oZTP#A{VkyL_1p>WdX~<^mpdl%fppqf1+lneN+2h2) z1y&IKrlnXNm^)`;VV4eBE}l54HE%WB!U+(7DT8*e6lUk8V`Kb8mOzBnHbyo&AQ}qc z8yITCb!d{+Ty;;nsrAFZwhQLL#!{_V6=EX`{B-Wv3d3Pxp;S|s|RDxfF(L1yjoq=$-(p`E3s9(xXQ@{&zz3EO~5 zM?JJd;f#8uAjzkFXAhn6vcWBtkx3{s7O^a#p*)<;r9~%3lkn2t16MCCgMNsjqPLP9`5qCuSh-h-BP+iZ-kt#ij ztvDVrG}>5s5j}{YasR~`Q6FX%da#9(2}3!d9pnj1>Jv^Gj3M$bR{Bh1&w=TgN#48d zY+~|+4x@@ySYdA%gusT$ek^_=g$0nOmbGM|?P^W}@-w0diJZ#FIgXth&4--q(UzSs z)#}B>CvsJ|!Dc1h!4}LAZFq(!inIVCf2#7*{1HV}u#|&PG?GDAEWFA%JclAq>@iO4 z;g(`TDnUUb?Qwfi%rap?h4>~Sm8G-Jg6-Qoh7EA6?^7Q9yW1Vx>d>q~0$BR7eM|o%Iu~#_<95yB4c~t1*td zCF&jT*6|1hl8&H~2AD|SCMGFuOacdIXXH8oEptE&4X8TPfUG4QmK9}(;af2~;Nr|r zP0X=fsdO|T)6rp>&iQBU7)3YVZ9^w$>{wT)5yeb{alL4E{?_p-XtOt$aKNM2IN9m4 z7}8+y$3VU1u_cVoX3&Xjs$cj)gLGj0YfID#0+McPXJXUi^V~TxKTvt;$JDjz~$GuS$Ql z+aVj+?5}k;S~M%0X{;@?bXuV+y(YPJEU^=jw*$xrQUz2IStV$|+Z&r0$RgcYRj>hjnb+s{(+Y}YwAT*|I9cUw_* z>>N8&McKJSNkvgC%GmZZhQ!&ieU~b?7YCvYN$t$hGgL9XIJ=D&b*;kWWc9WD*;;G%(N<)zBOD_LolS-5N(5>*5glA@!t8hg$w>+x1{ggWrk%}Lc1Jd&&rl{fNLMCpII{ZfL`?sQl-TN4)TRflCm z)nVB}b$E5K$u4tq6RDG^baGAAzWS}D(F=z&WTUjWB7g7_3jc=3lRgz3B0$I*SJPIn zHCX8w4ihvyDmwkOP)FlkZMfnW8?HOd;Sdho>cY_IMEZ65sRvyYu-hkvjlZIhstZ}i zvQDW!HAVIW*eT?L2IiO>X-J{+5R-&l%fh&V)jyEE%s}RHqPae3DK~MlP0J8siEoCR zH@Evkdm9IFoJsT}GO*U|U>s@%#6rD>*sdfQzg0Tj7RKLbQWN6~i_YS+0Gx$nhSUNy z2ka$i0mwyY4!FzE43Tze^?AZ9KTk}}FHY~Bp1=vkx!D8L6Vo`w$|b8Kpqs9Psc;hq z$Fce@_f+USi2-Qvq(dTY#mt?hnEvselxEXO?rm?P)iXX#Yg_#5kQkivZ!CEZ&>dr4 zp)nzjHPgXuSq2Z}_%5Hw$i=v=NqH6;Q$ne&l}RkT=^X&d&!wmxfGP!Q9~FA%NGDqB zoh_N1Jk~~W=3C3H_EvvhtN_acZ`-+G9!cu35{0$N7Tl|gCQI)nrW63Uz17AFt}fL% zt<&NN7_|{8VGRrC+Fo%vxDK?jiqeU=OtE#PGiC~>wgn^A`giHan%%Zj2{mL+qq)9T zBN9hvI&F$Mh2rcD9oGle8nwkTJl)nYt!b-t%pl|Q*^nXmz%I5osH}B@w2q;m!*zR% z={Vk3sT@%b9C#g4d4{g^R9gm0fEj2*77JXps^AjT7eExQ+3T^>u4>@o3ePKt6lLKk z&I_%u#4wr8ifHExB#~&2yadCXEG2XDu|=g8=It`>7S|_iK$X%Ye3E01KCy?4n|)09 zxf1KBMtK$$#UI6PIjfcg_G1&t$K*!0S6qS8D39)Ra2#}Q+Zz)|6_*8;v5Yan*9Am1 zGi|fyKR61UCR6kUwBVgI@h=4kX z%&hWaiS?T%A;#BB2Pi;CGcHB7AaPE{$$}54G_0DpT_?7rxN}?(E!A;_qPE%QjoDeC zZ7Z;^yH4dx> z>ZAaBu~j1>!yv1n4wPkQOX0cHXrtN3Nf9cL52|CC!)Q21J~Un*yX{sytRc6sG~j2& zDkRgQti0qvtK(;^Ml!{IF)6_Z45SCZK35A1wIm^C9JZkkHhncnE+4jKs7A8IsHZ9o zX{xUyO{mq9O*ML|ptVxg>8cvjXv=C|(wk~qnmuT()J>=mWgvFBwmFz+9EyvFRuoVb z(BPvpA_}JRG~==mN|g7|I7tebhXU;*OF3`b~VvWoMBl&qW&Rbas(qTB4UK#<8s2feQJ zxFoGj;o+;B3^jW(3v+TM*iC1>gOy3MM2jjSgoSDsYyaL8$qCLGfeA` z+Nsd~nG!*9iOgw-jU`hsZ8<1bu`x&+@UAOgKrS z@)NZBlqFglLyWT>L7)um8Mz7LT&70E?b%U%GEQ*{++5LhabGlZ=S1-_f{I&*YISD) zu6-|9u{tP*_uU<1CPuGL^L-mt&RG^)(0lnPXA(jN zo?5_4$2e$BRb0!K`ohf+%QlFG4^${>YlA0;qClY1_K>7e9$xOWbi3@Bg=Vf$-0HVt zdTOsy+?btZzUFQvzH%wKx!fP%;31zOmyC)+6^eoO-!zQQ(vBYNvN{_5^E zXwZG|!Y~6j-MGbVb>bRz`rK_g4eg8+qqBLTLA8OQ0N;HmoJvHtf%jy%EX&8R3!p>F z$1&B}M3IOt4Tt$U6H=pnD0(x7L4JdTeo4u9Fbt`8IFapQ5O-^(wZqY_0V{$C-c|D= ziRN|pZWtDt85L59z?dBn@~w)ePACR#PPdxJw3?`ZJzjVr>Zbj)3IWwDfjC7~yOG4b zXN_3EiyPtN={+u$*D3d6npn}wZPTkz&ma6jUnxxh^#S{ z-6==9{f%=b_u{Bb;|wTle`6Ns;1?DS&`;iY#b3^p0R92jY<|nFNlg=BmjyeMoU@7# z-$j685<^(tMxUn{~PtA$hoVa=$1OmfFb1WB{uv`nNcY;RfkQ z#^f{(?qO(k#J&XVgOrfR$BLR>m^(0jWO3^JMcMomVX*EHe1=UZJG+Cs< z**F!G@s%1;&QbyJmf~l{mL;r>S%#I#BFJr$O;QE43Yg?MKE=eat}?~xI17tadj$v6 zHKU`8CT=r9MW_ibpXS11Cp0Ydr9rNh3ahSg%|{3g45$&>8CmAQyvnvXK*nYHOBD~W za+nrWs|2uCl)#v)1cF>85aKI=u!<50tSW&}R|yL7l|Z2!I-dV!hg}l;6EWEx?KXAGj$MNWwsH$1ie*dVIJ}c0c zLn>iv0-cf^yPi3=je~Y?4ghM>p4SA~_qxGGm*Puy_6a=;Ai)foj6epJD;7i9f9E*i(2TV35qS=U! zNLN|7caUv`V|pOj6L1f$fdr$td?C*z$W|~l0d$K`wyO3iAzB9Xpla0l*+bYs~t$Q zZWdtm#O3X^FsZR2zUj*@!-cV)gGnoIdOGa2GSH?GPI$YF1aTeI<5p2o3Xy^sM?1-^ zwAQGdI~cANXd|dljt!&Hp;NK`?<7{$5?$rSArW?hPzyw)*}_0$)OJS|-__l%EV&zv;mnUjrMr7$peCR!50YuXCI zmr$j|qFN4KxllctYN8gzrfilGNaG%r2P#!qj#jD!>BjwJw4=5Os30##*2PeHh*~2L z!L{PxJiJ=G1?i( zH2guE#g3IxIaaelxkqV1V#s3wrZb~VAln$-o|X)j4N!ZnI0lMB1UC`fd8I`>l?Vl? z>?&N-h$$U0?2{RDKz6;7c)}Kp(i=mL$Qd2_Yo2SN{xGs^3K$O+0V1*+NO+5iusfxLTE34=0rqA&-G)r189k>TJbA z0v(D$DMbMH``ASp#M*7sT(p&H0 zy&4$GWYqxiP!~?;bK!(7lW;Su=c&nXD5IAtb`~m?ipLOYDiElsE;$HluZ+=vp5#+V zuMdcu6q)YQpuOI2OXEP}oSeqoW$}nvy>k$nxY!(Q4m10vXXp`bq^W;GIh(7r%0Msv zNm%UP%D^&?w!DXgA!k!*6&ScQ0)EF_^4VrfoN zIJ7Ws2d5_N(ERw!q!V_T#hoCVLEaKlU8u=a5TH*Bg4}T4c&Oh7sYL3mh)qy#-j!aX zu3!pwOQTS~R2uga!9G^!biFjxQ@%RHY1-FppFdvdwm2Pe#C<`OT*}56m4?mw>>OL_(}%%%ZX@iGPv|-=ZN(wtbo(aD{*0`PQQ3SqL0%M^hdXGYGT}+ z)hI(~ON_0>Z>|RAc7*+CQFImQv4$1LI(;EE$LyY{suY%MGTMjPvGY(&-PRhsBksbO zW@aGMJTzt+n1<}uWx$%aIBZjw4Z}m&YqBHu+ANtcBpuHiX)!4d^+9w^prR5YdX3qM zXte5BQ%*q07tFqzR6g-=<_&t-dC_~EYb2!CT z6U_N}8k>qov*fa;1D)Voc2mH_R8l-KX~Hy&z*xI`Y#U)r)#FbOXkgw0h&szEBXx}? zZ5?XRdyyQ?g^Z|#^Fy5?Z(O?RHt{qJPNm231D99Z&)J{+S<}FAr5&>7Gp$73YPk_+pip&Sv;|@djTN#LII&h)Gcu zlbu3^7fP!#AD*j%v^Q4a#5KDbaAKh*{w&Uc$+NJPWajY1Llwj$g`;Ej_^v8UjkN~F zE?gyLyjNVo4oz1v`b@#$9rbt>tt2S{nlsXf9h%;1wbV0rZqT$A!@`(pE==G?Yg(I! zd8rs?KdBBr7|}6}U##qLvZ86&01j9R+38Uf(GGDP3p05t4?Ql(z(H_yiGs_RxaF+Lw#* z0NR3hvCIlr;;0Dt8sZ^*Olo0jei|pARWujXkzH6Nf$ifNdJB+6v_$rCos3VYO-PC2 zFxMx+@zJ{XoW_#nV&@!M5k_!gdTu|8Mo)@}2gmuufKS0^3pVk_H5;=VN%VbwQua|J zFD-t{-p6=_#7$TpE~a;vJ#JAxmz%l`eSXj5Cz=pbHYqnMErt7tI?+}o3{eA(m*gop zFOJf?rD$HPaNr=I>k~SFFe3o@otb^ta?kuu?fuZY(9bDjp#1jX|YnS6pHPKb}U_G z)5`~ROKUqE;$SXLd;?q}W5NQ>Rj^ z1CCl(;W`>|4AGF+*ja_t1rxhn!#WAq0>#b|Rf>4Mmu-T7?&Vi0yf7aH(%jRS=ZQQx z1_fOP`N9(=GRYgUd-x))37bp=U8g95ZhX4S;Y84Y$`!E)vr|!FkHt<|F4dBd{L{+A zgwLPd%SE+Vbdt`R69c$GFl-49>r{Y(pWU*2{ zI4R0#p9(-x6|9PGg;jP6QjSB0wPs|P_Et=Sv`|G4`CE`uo8;$-INj>BSWG`EnW%9Z z*JFWov59%WPp36jF?}||c)grVro!s=ZeX)|HXX8iHGqzE?3Z|KC^F};ttbZAW6C=Z zx_?7bnrQoP2e)d;FkAJa!By>}?D$n#o$kkG#T&PnXs||VMMO=}cM5B1Lb0j>SSG9P zIm}LXm7!?b2R`n3tR{mP4K!C$lK=ffMAeyTJHdfuCAP-w@ z8m9w3##2y8xA3_=@KCxdVa*bRH{ir(DT-r-<*5e=+L|OL=tZcyku8RMaS1|MI(?9C$?Lyt{QfG zlsecQcH0qnX3YhZ5>Nxsj>_Rg!Z_$eyX76XG!z8~ueOCd^b9@XhND;JL;W4>f_8gh+Jz`T3!q({c&Wx@94Rx-z? zS{5%Txgt50$DFKjae&#$jB%%hXm;1kHB5QZuCh2AS4oV?^2&`X6lF!9y7S6Lu$jXd z9co-1ysl(LQt;AImBQz=>M{}sxa3jpN<8;sMpb;4X?WS0JhbdM2#G4Rg#sdm09*OTh#aE~!j%%jWQcSuO;>}K_C;`wuje}ri-0nui8Bly! z)nlVJ;6ds@h?CsWjpnk)N1rqp-LZYA2lvolHt~LyEzYPfF#u1LQEbvyB*sI46}J95 z&K&XheMO$7vji0{y4hJf@7~oC93M(;onG7XeGuX9zA0ZkbrQrk=G;@3wqQ)O&RQy( z-T#QL&uC6}g>qKQX2|0>*OxQo`fP?=pDiHAIWt5CWb)LI*8?lucU=az7C(%jq_-N$ z1Wd0AY7Lr%9N(?sO8d4bZbLN$o{r+!9G=#&e6&Y*U6w~wXTeoz4~YlpDW?evI+t{go(Wj%g1RU1w%Der_*L`b#TMc zCwb4hQZQa?R!mV-5>pC>tL8&+z4-`AjrlO)V$8?TYt(FrwJIfYz4;KO#(W5_H6J1j zHy=%{nh%p|2M%0IL>^MEdh?+OL(3`%L(Ip-bj=6v)6k0?Tsm(E;8+y``1l(hiHCwr z8zB@uRuvrTqbbHPA6=_r1|7{R#H&KF!^lKyoGnq9o-^K)us7JNZ|Ob0YGqv?Q;llK zm=CIUJ7NLYJuD-BN6etp5i{bC6Br!cJA*9d8rC$KrV@nfxi~jvg}8GI*B&Y4=~++i zIT1HWb&^DB$hTE#qHfz8X16YGq*%b?fo36rLV6)#0pc3cVO}vcVf5y_rl1a6LrQ|I z?F|Zwvo&nv%~p>e+QfS_ez-v+HG02E4C^dTO&P;$Db($1+Op^zbr|n5xeWY(lMjhS z2^~o;KBzDrFmfW`Nj@ixC*9oesvG9FL2W4sfIASQc9jd>Br~a;HAXKaxnVn3qB}*C zz?fAM0eOI3G%z?tL)a-A!cNgBY!?k-w`dY@iiR3;iXy|h22J(&6uWMjW+{NfwgMDj zDL_I-0Ss6Qps=j~3fl^xu&n?NTMD4CqW}d|6rk(2i-*PNQB7UB8c>DPfG(YlsNz|e zET2YH0TrN2r~q9=1?Wm;0F~%UM}Q+80j_isaikNNEgd0_bO2oG0JzctaHJy*JJK;= zOUHmCokDEsBxXs+h%Frfj&uY#(h;DfTf%pjWrL-k^pF|1UIbJk_^G+qaa(3=Y3Jye zVB%m8>2YvbJ>h0siVLa&R!~_;9~T96QCV0ARI)mtlG=b&ld`lfSe1)dfmY-axGxu> z6}bRbt`H?OJ{co_U57RHjZO<8dgYM4;bFg6^`A0DqA#OHV&}jHRUF$G%ZqaRyTG z&_|Rt)WBOB0&Z{NSzvn1j)dli6_hw4VA?!~l|&p+BGKsBRjwZF;Rn5p$BE;o^o&61 z^Kla0!H?&efW_2s*p#0|boZy704NPBpJOfMvk(i;S|z?AT1jui)CK>x%1b2aEQq9w zj^C=}Cy%zf>sy@;jy#>eIEAl#Px6BShZe^7$#=?Xa9TR6a?=!Y@ATXP-EVA}Uo;un zhEL*7&Ewc3U7(aN#<&oYbOB1uM)>1N4nP}j4!}#i4noUtjZXh)t2;yQ232X|69x|M zNx}~SISf3Vbkjl+Wj=f*!C_~bo6o|bJ&W^GQoo8>fmZ$sB3r^j?4&a!rceBnr&;_ua>B%X)3b%xl{c>?$ z0L}xd48i(b9w!3q5l+R0w!}-}9Ge7H+YGcSp+OmiS0(Vk-i|SB9&N)9q((pH#_=)~ zE+&ibCW)sXe6WU(bf($%HaFVqxEo2!ygq2hm3&Uz+3q}j;n9n%P&>B5oal9t1!hMT z2uH*rV>%&hJ~$zBuHuwH6{SQD%pwJl4^Eyz{~E$7=ocFW{aEZaH+%f94TYpp9Gu(< z{+*hCr{dq~@b5JI6Jv-lF{WeSr_2JsWU74U8sFoejIbD%z z5u@bo)^%A)}ED?VU<-F+`e31bM%y2nHZrZ4j`pS(YQV<9HMM&tLW6@8sbuUQd zr*Oh|3HMA}lA9nbwDH$%43iuL2!O8WNN&EZL!Z|%6q7NlXlij`VtfwgP3V~a!qmBk zaLi4*-I;nCX}g}{B)Bkl4t%dDoMIQ4oq$06h|>*nb#P|XP3p|RD+q9CRYE1FX&yR? zTiISBo&?j}gSq*LF3iQq!`7z9i-az(SgqSOGrKqq)lTh|n$STKK?kV(bkT=f8y4M6 zKpp4NRCz|t3#(IV8itveMA~%TNt2Kn77tg@U1>;ek5HJF{5nhYcnOm!h|*!ZkcdmY zRqC5}I zKR5Y73i?Tfq9efk8*f*vZ|a{YjsD#eFd!Y1e$%NHipeDvHN`=bJ~(s?`pt>bEv!A` z3)2(xQ}_i{;a&Mt*h(3L92FXod{}-%tcJqY>?Hy{hzwT7+I~vp7HX1_usY3CO^^kK zvQgY2N%H$gaNzj#;`%TaadO5>oovq40-HHOoIILrENHfo3Og?pPP1PELQM<(aN|mt5Q3BQKG=xf`brtEd zQ$6Wgtdj7yqE&?+-KsxHQTmWUtq^EqdS9u-nmq(!MFT&GGef}_hCnyXBo!P2H8S<2xOSCk{V8>LX5hp@hmVoHy_Z-?M$ zfLT$b?Kn?N-(K&yyhrIGHfwRPf>1bMP9H-;NAw(leM&64xUSV@z>iR*tS% z6bn?5Ey%>h^+>o)^|c%kRbx7)My!Z4`wqYt*7kD?7k_rw`PlE%-I6jqNzV8 zgL84O4|IvOnb)=WYBZyE!_LWqOYM~q{R=& z4f>r`TntsskKR+|&+f@j?XZe0aFajv=c9Btcz|IR=~FQCpw$c0B|Mu)j$)aMJ~V_= zl|~Q-M7q3ZZn)^#Fd`iAp$}j=)LL0p1N`7SIPRyx9QHyImK+ z0&RsmuqC>}@kALZ822Haq@@&=ou~+wd~OtWv&Ii8ep7u4u`3G;I$QEEq0Ap)8egll zWe^o-?1CeaCM_mbtoUfLNl0khPKyz&ysr$F@xWbE4*hh3sJH#I|VJK#ebSpP#otuSo^ zXkdC~dQo>w;cbu>&URbblNxJ_Q^}G6KOeY5KJ~0p zZ1$GN2Ah~2%3|P<*D30KWDt+sj^WY@J5dSo0s}s4saW)agQByUX!1(iu&!Tcq7Fdi_)J37Pn*TLpLr;t)};n@|GzMWt(E7t&E|~XdVg=`m4JQfPiRG=5ZZs;O>Fk3(`8oHtQ`OW)~DJ zUe^+6-ETMrc1fQ`;Ju!DF8*r7!VntW$EeA5lviPfQ0fI8@eGp47r86NXUuQKBKVQ(L@# zT$`J4jI|`*xTsGOH!#tXO{|5f@%agS@{pE^=^|k*NlpRa2k{+>dKOIkX;{40>dFav zT^3@1RH674C}rX*TB7HFYO-XaJW^YgnW;l^6E#1qD1ursH6v1`6=8JgS_I!@wPX@I z4Lr`G4>MX6&no1Y&FBZ;7x3!euXMkr{p!^Z3=$))f0@L4gRL!e9q1W(FTy5SuliNv zoe z0HubI%P2yEPy7~acoNP{(g4hCg3OOc-uS^jo)plNZ#u*SM~$4sVsLAl8`K;N`p`Hr zP>462RY2}JQ;=S7YjF3bGjt)Hrhz$YjdL@>PzC3fXcdwYbs^g8#6XQH*i&s_6JmX- zxqM6l7$VV}pW?w>rypWc}_I3CUcTqArW3KwMgEmH-bBG7ksT=MXJqVSG;9 zn>Yt+g(^DTC~V9f+C#mBjme7_8gf6!WLSaMB#OHbewuoFk$OG7Q)?2U3;Vm=;BGJ2 zn46zI%!ik>KDexYR&^5LBE~S7Z;d!Q0dqxuG65qG8^rjb^F3q&9k*5)^I-MaAj(Eq zYFears*HeYwJ};Ryd+gbmAGGp1P`l5Nvo+!L8;B-lB$%Vdey2Rt7>B2~>mQfkZYngelGO+urNS!mQZ4Vqq2L5z13&PExD2ssv_pi@>| zORQot8n?@%!Ab%(mLixdEndOZbT7t0L?mM!CM-zg2yot3sUxBLCQE>s4+8jp0N?#=LjY;EcM=Pt10>%LvgK$ zc!AL9zRFr-V#GhWziMWT4>2`Kt7=6ODkewxP_vW7x|$NC`g|_Y1Szs_h8nBa53$=; zs@QkeT51i|vsTS9)MA;#w^{~WA84w3xF}kKjefU@Jq!#7F}pBrhmsv;`-)a$|B_T+ z3tl@Q-kP?cVYfYK*liOwEZPOC1qZ9?Sl`0B=}7H1RZK#l_&5c3@Q26vQm8eS$8%%9Kbv7RjU}A-U|2H-vW66Cp0YAs$=q!2pG< zZcP4a#V``)$@P)8C_#NT*W=;2g@^Hcjb4246V!xWEv2?t9EU}yjniwcVlG-I0N+-v z668KtEupFc8fq^!*F>9iRZ1i}mF1;Wtu?FqQS}Y%jm+RQI^O$PR&fcYZ74guiskgp zmG#p!WA=F+8ZC)S87Li>M$3H`5w>Oru?N#!C;QW-pcF`@HkYGfc>qqPsg7j#tb}cg zfLYU>ag`d^r5hHni^$|irTkKe)f@=3%cRocHFO!z=$!T?=xik|r#Dt`luUB~$LSE? zjG2E6b1p75YFb4=fiTb7v^B3FOW_)_^h|e!>0?;oAudC+!a8Bo(N)N)+F0F zxNq+$OR!TsudNNu3|a1vTCP&VvObXBn2u`cK!9P#`xkQUiHSI64j$f=rA7o-h0G= zlhga?pqOqQyRhTQh%{auR>rc6-tMGV|Lr&m(vcM4#A@KcHE#3xF*R(*)}WojVVuCh zxoJz-sTqk`aV26R%4f^zDSh?MIluS8s@~P8lC2D?M4eNWWU`!}!lT$?oyJPcLfPlg zo;p?cE}Rt8{5pLLt4&zh-7c=@DS5zBq(?OmM5iUgCLIRmD-znU5>a>snTw3#CM?1F z)IBjJFP$}zWv4u0RMpCL2~L)V-(-qT0&NKWJHD(z$*2&5kgvsrQCVfdvtmBK+h&Dupn$)#*#i(2V+8~Yow)k@rbf8OQ!)~3or1-j@ zL5;Ag1YlLqfath%V1(?^isx7^#qmpFr)QZlv8iP6lg(PF&_dbBoJy2mllLrN&A_>0 zaPSPD9>Fnib|x}4(fx8@w>v{L-rFZgefqG{?rxSD{U4tJkx9!jl?>U|vzynW$tEOG ze3nQ#0oul*$2LjVyTvD(P{rH*FxQh%spO(6m0VoA=<^Z8>o($Y>KyvlS?!8_n2YFx zT)^1_(-TK{U0)cw2~!*sGR)^58b9Di(3p;-5fhQRR();F%FV%b0uE{=a&UZZ4rfrs zjFshUNJ!SOi<$Hk7pFBpi%IXo^z4k?6L}!j3)THxw}VL)Z3Rv921FejrX_Iu$e1?Ki^467gDqzhz{LeZ!;51@{pM!B z?PlkSOLH+CRW*_LEw2`zKD5EU!-7siZpZaJTwZ_l;i_<`Rz9hO;lq$PLNs)LPz(+P zc^OG64Xx@}Fc0-hFL!Q5IH zgko5;(xL-t_+~bpR$waaL*sw}zGcioJPRUAKy_+c$yTp5z!s(@2j)^Om5iw!Rv5`3 zkBD%x8l-3RI7p_YG_qZGyu~Cr#P6;HD!lX z%5)C2D-Zq>yLbYDf6=i;`e6%H0aQAg37;45x5<^ErK()n=Plz}f!xXvslwxl!Z3Md zV{25VPK1r)R!GSKf@%&d7s9K}<$edpR&fNhj|icmGU>ZzShZ#qv^0pjo?Sd`)1kL)Wuf%h6bkcunlzQs0d3JtVtMtG z@|uZZ;qX) z@%Jlqt^~QtB*fPXVHIUEXcyR)39pqbpG%q29 zJ1F|Woe(;>)+WubdrV|(y|YH+9L+;p%}9Y#bGTg zCjf}=yV|;7%#Ak6Ue@RWEOojdSf{Ub!Kl#%1zlYb0^{I=uT(0h+A2y?C*BvPu;_2k zGz7qpuThuF+i;Aj$p#1P*@ggYR?Ii(rA;R~iAPPB_rmBuIhWv{JdNOAW(L7QIeEZu zdc02jF%f}@ca|i<;>PQ81mf{Xu>vgvDkCB|SrK5O(_?ptfj=fX1ypqUZMf+PJaE%{ zcRDi)C~o@gWJZ9BesKEW6dd0=PR-JtrUef3(Mj?zc9_mKS!8kxyCi@MWN6DZHmnImAWoAFi}qN&%=0dMee#$x*`bg zfNPzn8v`U^anTU9ineJqYT|P9rIdKTpn;(?M!GYCK|p&fNOW??Ht7c9+Kd?DGq2e6 z7Y?{BrSP!E9+51GB^Nu82FE7B@w_4(O~B-8;e4FB!Ubq2KtfBLMW)|89>Ps%Jo+`Y zZ)#pJD3A_Ma0~?u);qX}A|R7AFHKj{AQ=IgG$dfBp(J7txOiZpv3JUPTfhcLV64lJ zPfQ$|AD=kFGjKc1(%1myw$Wbhc6v@c0k5yOt1$Zg&gP1X``MDCs7Y18l~f6~Q$?Fm ziWYvIj}Jm>e!7c9>-U-zgWu*-I4=P4!IcWa!g6G0A{VB3C~v$BFz7ayT~OS_w%O>G zFfQuRh8;O*+D>favZ}+vHz#3pd|lF}(2;tqNwvLPly%BUwG)H)&fN5|5H9xi=u-aC zCY~L&W7t%=V`P&%U0UmaVcH*PFm=vZL+~F??lH)$vpf zsUKX}*O)$tv+_6{KvQTBQpRetQSH--37?k@w#Q|&*`;CHkQfr8&a!J`VbEqbJ`D=_zPEz@ZRPG$MjeI2%b)MI;&(f%J=I+T$uQ!mPAqkbEs|W64A; zl-?z(qWU!rk0e$#Jdh45xeyzNk`S7p&kpkp!(tN;GgyEyb{a)mpc>mqNY)M|UC}CO z-PeY!2|s^=o%{)?>Rl#Cbts>gaN-l*$4eO%3AFBH0#rQPk?E|6pq-hE4s~b_o9nt9 zQoYAKMjP;MEfNFod{||W zV-D<#@QW9^Y|@c&#!fX;Rf??wR|2l$&M~agDZ{C)bi2a6)&djoilCEX$$k4lGia}# zrtKhCbcySUi%vxn`btXq)En;u%JSNfDz=TGOte<)wx%t8z{J0L=&Rm14>>8lTv>T>FkiOl=EC*jll3u=!WV`wbUHkhA zMLK;SXV33|p8I!b+6OzRJ?wA@j)!(AX8hs6)B>Hl6YZo~!7Mkg6Og8&!;YP3l#Had zvWPIO>_n@UozU8{6QREBM5!q|!IiQz*mKKHm{oS&vElX%D7q8Sxa{OqKW5?TaT2r? z3stslK|IHExum8oCd!>oicv**uvogQ;?@wui-Bh)x@-pGUdDlav-9rgftsaNyXP-9 zCiln-32?mh9P6UML~+D#G9`?v9J+iaL~_%7Ud813_cpw4E#LU2U*eJPL(_V15fTpRzM4GcWo=?AcIJtf0@t%fVhm zM<%i&HKj93B2+C|iwvLzl0g{1gj{|hk9vbwvPclGT=8@F9tv}9W8K7-y`3JpK(4{mikjzBXFsuP*)$6E(EzE73RjO5PE5+4yJa<#chYoX8Kw*5w8Y}rz zlc~hw25L*n4$v>0@=G-Ntcp+6s`!Lf#V52PK7ki2J~33pC(wvb&J_B_AFFNgcTs>M zaU6o_5d+1lS{|WR5h!TPj6%ljO$afz9m0`$@oKi1s#swxMp+@2Z*ec5yIkIOhfg@)P+_+-7 z8p0NPr#n6O0wquf*wKmWlyHEOX=@9HKbEVm(!w-5x%COT`$e^VXCVmDQOZ2%IpN-LmF$2R+`=S-@0X>tZVAe2qBa+XE zgQ8jS+1DG@Q_w3VL!v*GX%SMD+n`qR*a^kkincw;)J21o2~w+NiP!mcIvd4tbSvmo zvh@GDl#Ov3Me(6tiXwvipr;+Atqm&-pJ@lZ#JC%^>2MoXWO5r;5XIQ;h3T^~f&+J& zruQ6L#10D|!tp^Kl2lm5Kt-;T)kdM=9!;c%66vjak7&xQg|f=6F;plHP|<+bi_ZkS zXity!)RDMH_6S;WI(ef!4MBl8%2tyj6YL!M059GHF=iyr^b(}9(mXn+2~73v7!=gp z6fm6d&%7>R6hkhXAss^jPOO7d_{xdgi(ws5JPA6CXwKWwbDh9ygtQUaDToJ)m0!_a z1x>Pbf?{8(H^61fB@4x7v}UoU{|2L%6|K-32E0~SwFMHyEjU*>OpRt=CW1ocY)>c5 zxbZk%gmoNRwt7S^AjjB5lv;vW%CWP+IyFCc?Icfrw*shz2q!ieoyJ3jh8UCp;d%+8 z63J@7b{y4#sq)DCJFYN8%Fg2%%kovaLp0)T$~zLOnX?AzN%sc7IIAJsg2jvHn&g^+%>TWVb?nNU|A5d1NpPM>J<8WiugI0PC4dO9QiiUP=bjK~z? zXRA$G^s=N5VLsMvS&c+Y&IDaw7BHQRhSaRmcGh)7?W_$^`(p!{)@Lv>PS+}3nsJ;i zZu?C`Q8r)@UG)YceGbc#>rMM=H;$d9=SDfGvpO(4d(I)eFs|O^<7zM<&N%9)_B@jN zSf5Ai4XoZtCdZR}n~#sTI{i zRIy}Zlq;E*BP#qv86JnIwOZ7vN{(SF_4$VD*XOKLw&tlXJIMkYKBWVo> zS1M-hCcsl4+@ksoKBQQuS!mqH6bNVW!3`kSfav>=A62W091bvmmVw3xi68 zrMXyrcBH>bb~HQVql8vE8l$F3TitBxoP|Sjb>@&K0 zaOM&?HSN|h&Pn6&tn}^7Y>jM8n3jx8dDUn~Ee?o`wV^<~DV%LIdXoSOx1Aqb5=r?e z4U&9{IDE=EOZN84DN>H(A|y$dOor7f@x%Bv-5Ti0s3^;5RaA{uL={6LdjiXshm8t2 zs0EZ49cN}Ir>r#x`Cyf$IPsh$xniLh6PB}S3y>%1SXUBO^)7=Zdw#!*mK2?25ylNk zdd5q^^K-K}B8XP!0`@uyDl5ow;7z;jE!C`PBkT0rR;RM0_!7KjnzuOHWBP~ zs41Od)f%8RL~k^vA*DqPXg$i6NAdoID7yoZ+}gKQC@{4lakOWXar_lCK8D1;P_Lxv zB|xT$IWU?jAN{A35^NTfob-%*gWiCaUt}ib7AXLCB+g8`c^KO!Ca!DwMMs@1gWe2P zGGivcfwKZeF7S$n*o3jV1Xo&OC8VNWo8V|y6D)I)g1E)&x%uj%dw5Mj>n5Hm3+b%H zu{c{h?u?AsZDVun%yP@br(Cd+S0HM_Nj%)1Yt#?iI^`}-+i9sl9I6tc`9&wJzI;S+ zW}GaOo^h&>nQ;<=6I&#TDV9CSl&c!#ki3;3i$cin zYO;v5Ooe?h>_bk{^@}QlSOJpn2>9fxuw<%`)U$1!p`uylU7@+tQl%P|u+s$GxO$yN z#WB_>7%htw0M+ruX@IQ*hmo4=wgT`1knpyUNoY(Xh+q&?A4I3RFf@c@H$^lhDE-z# zE-cRC^K5h)&*`uXY^ASRDHm%k&oB!DpULG~^eKaGm(JnimVgw}OH$IsEU1>n>UzDz zLE*IJl0VK)sgki&@~{aWP?ZMg(XGk2N5Q36>J`;8t3wrU7fR3PQ-YP+{C<|*3c#s_|e7m6jTHBp}M53i*4PUjd#x#EmbP2P%L zU;Xr|f8*kejb@FPUbUn9OaH&a89HB~1cAE2v=Vh#J93X*4w>XNFpCmL^?Jsy!1 zV{U6ANVEkzWxuCkw=EV*9B(PyxtW5AY`D?V#R1RLG0t9WD52{9Or)xpFtq<;@4e%z zD84w*4TK)x1_&*b&_UYvzIzio5+IOJMUwytL?H=Ds8Rw5Dk1~{ML?Q#TR>FA7CO?T zi;4;e3W^9KiU|6?GkeS41by#)-sinP-sgAWWOmNX&Q3jZ+U!1roM2kX!3m~4cyMTX$-yCLzvEDLD&GC-ZlRM{ zY+)1R1BR2JODs%+Bt2bh0{YP<$C#x2+Zemkij6Tzdcfi*=n@N@AWP1NAhy_i7@Jvq z+}(z*q`v)d_8P0&={6@C!cRIVbb^mN4aQvpUjRuqIlqb{h;%XKL8Pm*gGg6v9VFW2 zt{Q1(2o>)i=eAgrn16>O*MTYSbHa5#nS)9BnKryd`8?|%!Qw8aJ)xMKG~%@sV!fewT5@r8P;Ws! zCtb3+6GxSN6D4)*1hJYV}6U3 zUwP#_{6^<*zzj%R=CTjK^oq}YVM8Gm&PgUOvvWHf`IAG8B|$PvC@WnGSrB^sg*a^~ zmIMuQVACp=gBe36 zt8bOl8%k>195mF9&O1GVW%#w0B^u}YGymYR)Tz{hd#0<1V0Z+Qea z41#<>0fap!-?<&D6T$KqM~@wfyIt96+z}1ZFw27z!nYjV%1`p_fKnbC0uCMr zo)^UXowF%(9YhEHM`H=%0AL6(NCg3AdP+#-8H9uMNu?q3Yjy|?1tRw zN_27HCGH$E7F%sPUXbFOZN3ad3GCV-+*tZR7t32BjUobEQ;B5f)heV;56t8AhP$x= zZ~9{9D#ug>YT~z6Ify{aSx)X9&`0m70O52N8Teuo+mCWjY~Vs=S%PrQ%RphMB3bK% zaummftbcO9dz&KhlA8|2mROwx8?rjd!uCBa#P>3|;D?X(`?UmduBqwY!{}-X@Eal6 z;2JA|P7b(<_&x;-x*8y&PQ3_&5+n=$7;^cNeP7Rl>CT5B<^;-b`nGGjZ~B=jHz((o z(4A|Sdd-ChJ!D9hbSlih{ujQ}r@9gDEvPu&zYP_~`|a((7dMXsMVAe6t|CRdiU6LP zq5W0x$BWg#jefx0E}xNc0%;c+0a~OJ1y={0Tf%eW@v@rq3}-CdXuL#ugu_?)vBOev zfSH^gBpv8S(yFC9hl|{}lDGSw?~odQ)(pI>h8ByntRdxMqG76spl~QA1APdY6PxLS zQ*cy`zB-NAtpho7$*Yq{2MotqYw~hvSGxjfF10%9Z5M;K6~@%jC*Ay*xO+cQ0x!9UMH{ zOfQ{eI7z0$wKTaCK3V68Glb7c#h0v{_b5`wF2pmOc;{aIdUoy`m(;ma5Qj(67ia}C z`Chw7;$1uULiTv)bSE69cA`ykrYiBc0I^Z^}->=L{Tlr=Ivm z5Mqg;(d5KIy^`VvI>^NC!+YoSrPGxbg*f(kx?gu3nT1!I2eSFmxjqcujn$!h;BA%8 z%>>so!Pk=kl&kv#IA0fcAKbZ95?)#tEYp`zyo~N~QVEoA1OsLE>K7j$EC@6V-hHmP z`{kN}d+0l#;yT2;Y7jsbe_&$gKK<}zsm{r9y#@u#O~gytLJ&zZSNzV6g?ov?OxOwRoof-4nZ`Jt1h<0OM1Sz58}g8ss=OI8(=I zOdtiH6M>^Etzw=rxp9;E4dY@;D=3ph|rO9e}y>EmJp<`7Qs)E zJLMFwcOczg?arM*68k0%B7V5E?t~mUALwxAkt?3upATg5eZtK7Dp~-GM)txBaA^S# zLfDKb-@IR9TvzAeA=I0+z>RR`5~@3VICj8X7mW+xy5J)&qbAZP2XJm0 z89)YC6=?{ma7CRaecQPUjrGQd zGo3X_-t!bh(FN&rKFvbn&P#|~dHTlt);Z168=D^3WAaoQM})YVh9LTZuDB722_3M+ zoKE%Kl$bz10~?yj{TNbD>`Bg8`R<`kTA>far09=!#`kvmfo3E#gT8MvSb8ElI3D%( zw>_yF-WTAXhWL;yPYp#hKVt3(`J$pLPQK>g%uM=)~+oeS@7q2eb2q*<6Ae_%n(|&e5*#lkYMEz9^rPIL; zH`t;;jzE8h>@{E(f_KqphhPHbgkpV<^aasy_4K;bcxDz4o!VO;e=nLN7F;D<{S?u; zbmvD(NIoA0q8UMx{X^}K``U%5>s@gED*0dgRXpx4#h=Ij(BQjI=v_o!4qP}dPAC?2 zs2SBYlFzf!R~fjn^m8Nvnojp_9K;VMlXLg37*4>DY3*bNvlgJ;0gS)>0fesuXgqM# zG+0Ui<*H_Ykkgw;4D<*m*@AcZobUs6@edchfs9aS#Rw*(Vy;2--9opb-~&J!gAq6) z1S28kpmA_7qxwwWyP9$##pf{@eCmV5Gm0i}7j}t80i0hR2q1itOd#&#ax?g$0m+kI z2Z;o!8$|_Htb>7kTvApfAApVv%8DUTzpO}+E?LnZ_X~wSKB_o67q#%oksL21z!_X(d)X#rW(krru|kUh5qhSHgmSP%+7(!VzS2*0%GOLy;)#ZbXQ zs6^;X^+}5)7L*p9SV9k%aOgt?r9~eiKt5=NLIgv9=Z7GDwFpRqzT1k|JCIH`F8V09 zv`7&yX|Y(Gh41orNuzhCoKlz*h%SL>qby%(S`6!iyMHkAy zu!sPI?|ArD2#G1Q59pO&TJ+x+lomrU0cp{V^+}6CR7q(umG#FhEmD#^PxYzU|*`ad)+=Byx20UvD94?x%#x zqJfTkko@ZJfZ}N(#ku=N4L+&3{7TCT%CEs_Kz^mDV)CmG_b>8mFx4l&QiLP31uug= z6OdnNV(88hlthF1133cC3fcWaUrV9_tqaZR?_^*> zmT7-Fm+t&N(Z^S4U_YQ4ee$a-%~hmZe)Z+>%clNE`Qz^A1#rF|a>=ix6e51n+o>Ez z-vd}I>TJeNazK9d-wGw`z+is5S%zYW{2Iti-r(SlIAUT5#y_<5d4$9CRhz~G!fLRT z0LoQOD!&Fwb;+**oKJoY#QnoXpF&0`u%`wvAr*5CqA!CZzXl2<@@pVM z!2Jds>%t8H&NHz-qq=YtfvXMN5EpJXa3*l0T(||m#RK=iUyVuinZ^JS&;^hLcnpvZ z$OB9T%mXY3ybjm_H~=^UxCFQk_#N;!pyHGDnQDM~fQJAwfc#<+b_4YF#fKmq1(@uM z&qi1PSni9jNBAzF2yg&!0ziJ}5PlE10k{hYpIo1*0;mmW3?RQY2z5X=Kz~3s;2FRQ z!0Ui_0Y?F60Cxa2rl9SBSilg#a6l$t93US+esdA70Bi@G0$c}_pNatov;*jXPJjf! zV8BqoD8M+tRKRS&Jiv>96@c}CHv!uL`b&7zye|ceE~xOj{_zFUI45IYz2G>I0!fk_z`dy;K5=ezyHne|IKeQ z5B~o;zZqsgVq8bx(NVM$v94)(@pu_+=bRk8kDp=^OJed;bMkN!7(aYc1;@k5)llL+ zg&#hqmkWo!VNbx}3bCxrO!7`-h9SpK;Lr!xV7RT|2ZtcYrExqG_{=TA1}=#gBz>bHa-|`Kd@m$x7|BBq@E{x=z(B|BOB|gxde}%ZU<|o} z>#*+%Z}xVs$hkjUp~k*^xbj`%3jayI@xyX`SG4}gsW~I)lLIlQ1*EOX?B^eyEX zBgn_pGE*^Y#*@2zEyX+Sos{tz!{JRFz~j&~{AtpO!oP z3~9s0!hsZTtV7mh=lm(2>(5Ev^?>)xz{k~J0bjR|CJy$bWLJ)2g@mNhNtaQmK0a=9(Q@bX=L$|+`bah=~pBWM@aFQ z#AG?7=cc7SLBhPWQKY-lolo)L3KbbT)~PvWCpi;`HsC75H_yp+rY`~y|LjyaS<-cY z8*xGBd}`pzSsS=zn6oy>RcEHgu`eOunm0z8a3nb!JaT@|DrJVOSVBY1GSaLf!yU z7R7f>%Y@2%xI@7xrf(WZcdkDt@^wn{PtnffF!>XmFH(cg^G#eAHjb4006cwO-?VI0 zi01a?3&d%9*R;F@=L;nRK=rf6CxVXQMOY{iDgAINqBnilFi|n);2n!dBDeK~e^}~> zv<_JlNUS5-C%U0QI8BaNRwi8k^SWdVP0LBjN*d{#6n?yeNXnw=$c`Q%-z)M*JE0@; z(mLWaBR*9#D$)1-SkfN^@6Xja6Kl6*CZ-G8Kx>0?$#s_u(8DfR2ehpO(+e)!enc1A zBwt&c9N5|7Glu4*;+3Pc2hf;Ye5a|WL%>O&badVc0(24-s>3-6W1Gj2-3c<<7L*i(_dEkdsu+=fj7hNUp@Z z;ep|y@rj^)qm#&|+MM)2JT8~kB9PMGcMuKvx(A4J$&UZmw7AUSiP;&M9qCsg7$!a~ zb=(66mx<3x9q#LQI!j$~+Nz%T?o&pGiFs*BSp%^DbR^#bVVFKRFgr0JEr(9c%wbqP zc;^ldsFKx?I@~vOzF8lL)AABAj-ew9Oh}I>j!H`-)G2X%M&7WI!ReY9=qiH4fH_^o zBw=I8!1>g);KX2(M&-u&cYIuTA@BBL2o^)qpMENZ#_(u=tbYc$vD8s0BhO*A7$1f< z6*n{f<|kzZ`h;MyUa&Z@{stuS$pYVQI0$cQc1GLLxoyX1WVXcy)pnS(F58ac+H!5# z2jy^WnE#P09goSSz3?BIMy91^|3@;mHu74_|HzSpp+wjIM-IBj{%1ON-4Xwh;s2!k zv3VJzaHiT_KwPK(aS7dh-Ak0TzRMnPtn3``i;z+JfB*OOYt<<~R|=1+1E^O3eG8O5 zeG@w+KGwC@sex;+AB~Ui6qC@YL%Xp5_p9^2C;Wfd19UuN7{>E*UC%1Oa;uhSPxo4$ zq=##HE&=j-)bfPK*YaeuwLOQc*6|Ggv8E?sX8nY>O z2NVL%1DMD%o|O8)0agJD0bA=j`HGtTcfMP-8YkwjuJ75~rIshwr5#SLNBECcJdb?%ufj3 zTa;AR6WhP6$MZ!kk0+|OXYQ)no`3Ko_ZKaz6nF-?zTw2fVm`$9GE6Df2}^sOFub=D zmKoxNW%Hb{+&m{Nzs?CO6ggqVBTiW9ODC-Sn-f;4^bsw;Y6~ay#5v(ZgPgGSNGGf@ z&Iw~?I$@&%Cv3dZ37Zr;VbdZfYxKEiSccOop0@Kb~p z5FSTZ5#bjIDsgpm3OaR|6f4PH8*izS%-xX^+5wN*8>?}>-s3qRQ`&R>O~e7k=@2Q0{QfwJJ>%1w9u;s8*CP=&-CNTWcFMW- z?5gQ0>$|@9Nli~BT<0Ut$d7A!JihCsk7|0NeAoFO*7Q7wYg+i!Y93}rHBSN{8{nCV zaBekEA)p9w2l*1_0k@!K>*Y0KWu;MeUtycU`hK)Td)w6UbvqbtuT z%|bqR-N^O%r$X}(T*Aisp4Sn+Mk4qX{!pFvHMzcVt-5D_tzbEXMv@=DtkrZBCS-w9ALD2K-hZ zp3q?OBjq#%ewGsr{X3$DhsmhniP==2_Q(C$XixdLXxhfA20`iH!1O1CUIA`M54{#R>98 ze6;5tfYhse&uC9A0I63qgaUxnD;8lAfb_u#ggF3GuPF!@0Z6?zA>08VbvcOeO90sq zuOPe!AbVofUeTWV0CydSU<|hRiT2z8wCo%0NdYVY90Qb31pYBR19?Ub#`BG6j|rIT zjrLqgiuOcwjP`8QqCI!IM0?tx+?amRo>geewxM-B-IAj{1-SnJ53r&=O^4O>bOL@j z@(scDWLz&ocmR1421R?WAwGFPv}X^>5Fd&53`EFwi}vK5kb=1E z^cm?Z@>?|}%Hu&@qX8sN@TBj^FJWqwry209FOA^+Y0R`Jj}CkGbHU8($)jN)t5%b%YWZ_q`eFL zE?*iMKmWQ)nGxkV0{nSj+T0vx9O+no66J{jT)9}^a}99d_4=N}fJK1(Z1fF6@{ElL zV?M?l1jHhL3SbrB7yzf?nS@SBXmpf^1*8B90EGb3m&f)6=P{!H`~9y6{?`K~dLWD; z#HTjHJK- zyWpDqJ_`TkZ$e4Pzera|WEJuwbjwdGDFS~!1R@OOcD zZzf6_t>S`*TLCcUROa2cpQ>1A?{zwRXF^w@*$?Z(u=^PC38`dmk{OhWX9dT$LUdi5Em~YtD7%9_8k9?{mAkcs`j=<0tS7_|^Pw{v`hee~k|lDhqI`*}x>o&K{YkyAR@OwVgO;QX*UIa4^ya#zPt@n@EA_YZKlQ3cD?>2`8?%h%#_Pt< zMrpH-*}}{+XPJx5b>>&*O|!IB#hPioY`t!6v)b9F-OEn4GwgNtNA@B6EBj;bQSWK* zIqwhN>)t=T7$T-T`ha2Uu&r2@Rah_Eh3&=mV@I)**_rGdb}_pgeex!|mp#RP#a?88 zW`ASvv8B0{+tqfLDm61x0GDUetS*X0P zoK|is|0q?|Mrx8eOwCajsO!{i>Pht%^)I!Yw#|Cq+G`!O&RAbrr2P!(3Z^l?Pdp@k zDSj(n7jKDS5-Saqo{^A{;^;ys0nJ7neKwC@%rEC()EWwE39Fj|@==8I3Gr3XYtswB0M6seQcLmDnUAx)5` zNiRt&q>a*6siNFK7UYNJzVZ`tzWkEBQhrB1C|{O;#$2kcv{vS;Z=gN5)oNNDP16Qw zk7={D)!IgFhqg~UsePke)9z@c^a%YG{T=;7eV=|tKd1k$-`C3-(MA))Fgh6VMyfHw zm}bm23XG-3b)&pl)r>MZQ#IqvN6ew-NOOkytof4ps=3W9G7p-k%x}yqCX?^<)e7~x zYH1g>Jbiv6-l<=mTGZN4qvP#h+n5`Pwx zrJGV!nb$h$C-hmyS7tYRx&67_&-;XTBH8#>`ODbA7IOQzQ`}|ln%G);QQ9EMSTCQd zll2{XWjoz|(w=L-Z6CG2wZpviyluU`yxY8cy}yz&3hA&hV=;@Dv2U>-um{*LS&2&$ zH;ZMZ8qySLuDn;Csw`6OEAMKbY4^1Tx}gu&f6|*7B39TqBg))vMp=Wc(bgL4UF%OP z!hX!owV$>N?eFcfUZ#ivZGt?@dxc@bPeNUcu`CW1b3qAS6Prt)N#~_-Ia;oubjOU` ztn5-gS1PNC>I!we`i{C+J%X7Srq$GE z?^V*4V`SfEn2Ky?_Ib7(7t2qi>#H`X&qm?AC`&!1qf(UINY>?e`7t?Lo*|!KyPBQ zW^Z$xwZdY~J7Y1BO#@}T%ueE-=B{)9aG&$_gc(99alTkznk`L`&&q9;b;@vcp1M$7 zqQ0$ORDV#fsTH(bt*=h>mD#BOE8?5tNwJ|cKuVLAOK(W`rIm7#d{NF+o>!JBMWBdb zSg#4{V<=&ZdR+ZdeMCE~{i>DKdCj(L0eCo3ifm4VcAxewbn|skJ!;( zuXm*P1@D{Q&q2kB&i6w+BZlqDrnA#9&v|YrH=8TNFXK1x`}jkARiTBz35L*Hcoy@e zxwuYDl=88XUX(wSHD#Rgr1GpXPdTVuRDM-Tshu%L)3GCMP-|$(+Ouf&OWF#}gI%bv zK1hE|Pt)`DS^8rARsC&!ul^=xygJFee$ze&KhB@ zvp%qnTi2}eb}hTHE!kb{Onb4t)+TytGOx$5YuS_R_t;lza_zY!ZVk7cJIVdR{moV3 z8}U5fgCE4dj~V|9|AA0ZZ=g$hH@(09tp1t)9iCpgcu{yu*eMJXr-(DfPsPiiTV_`J$26<4q$Rd+{7| zrFqh-XE(Cj+oHW5>$s-(G4E=!h7+9UwE|t-#s0)D#tzyXJ4P4bp3p^15|hPN(sR;& zsgZ2TqvRv;*QAYs7Kf5bhQ309TQ3ik{8Ietn*g z6dDO}LaH!ESRkxMt1k#Q1zy}J?#2%MljM;(ISo6|`@a2mg3;_a_7M1qntVLp zhkpco)ozULZ@eyy1#j@GP$)!;eZ>A^3U*jl(m=K z0d(Vc?1bC2z1WF9&~KTot=?9qRng|`iFO;WUEQg6)1K6pX{)pt zy_wGH< z%#AIW7hz%}F;yHRE&#W70en&%*2EZTfwWrMDIJ$CU~iAae2J4&!~sga=goEqnwPb0L4^q2KFG0U5nv1Y0{#++`hHg}rG!P!Py zk~Ic192GALBP;^*DZ7x{#NDG*g4DJT>N^Irc>%u>^XV@*@oX1<5$#KV~jD~SZ(YyjvE{}p;Xjhfw={BxL}4^ zkrrpgS*g}^Yk~Czc!D@P2{gaZK8^nE=6%-tn)hw*7hdL=v;T0|ua~f&vK6?7oPZhk z6!@U6;Ad`g5qv|?nZBs&tNaeg6F2$4`Q}2N@V0PT_*#e*+lgHuQ)G!Vz!xtQKN7ze z+e)!gS1Db}m7WE6_!ZXVeW?m|{0w=${Jq>#k(5N`DP_I#y&|c9X{p%5(Lv|KD9hSM zZl#{ou7lI)VD>d%H{U^j{%AI^bZ|Gh)(3VyZ(r{*(yup&)Cw7l?Z|q#!CVfcpCbNK z?DW}Uq4=J7Pb>gsIwMCZRk2Giz%KtGIO@AvsVCI$)xO#gZJ0J5)Z#sD zr*=R)r-kb+_4ay4$Zj+B=k>MvR=uu~0lsCrvBcP9ylWI0pBoWoO*6(+Kvi1W6 znqQkgn17q5^`te+T8>@wjCFy?Co!eyxa>vy&IsQK3&2MykQknoc7s~fm*>lCK)Ei- zWtC1!eY9mLMX%Adu5g!S@0 zWZDR!Id*~WLXt3-?tR}tO8ZBsg_*b!J#_B!j`#yV|?Z=Je z3c1g@_K;&0!Fr?2h;v8{{ zxJP8A7eK8KNf)J3@&NgDP(x9vrnXQuwFhYN6Y3Q8CCu)l>Tha!P0-@N$4}8_fEQe^ zy`~*REhF@rnBnbo5xm%!dKl`NU@U?hxz;#h{A%2T^fVhY`c?BB`0}64CZL*qtf|&J z)(q@MOnxco*WhcxKE!*`Zwo2^L3Wolm~VFl4N_FTxEeF=PjFn#BuzRdwN!Y;Qo1S3 zu~O78;WD^E=6ortw`~M2qcNplPTH?rjzBC$g!bHK_wvIq@}Gj6*(?r_@5vd;RpmZ( z097?sdmNHaFYw!cV0G${`X-?TJB%-l-;FxhS5q((cA6%n+x_4ltAn2}&D2AgiEIw& z_-3)XG*Ta{7wIR>)fN*|8d^VwsVuyp+%jUVVWd86Xrh7?CXv?~@L%~UX zz>3@x;G0)*J%zdAUh$GxN~)#i(D`viV+u+`n+X3JZW?6&p4jVl@%#CtH1S_m2d5^D%s4c(o`2SkKMqP1=rt9J}uvn4J89I+56gJn<*?! z=T0BWT}%gmv0MH^zAi6Px2heqfsoaDU?z@+hU{fyjj`Q$#LP42nkO7St*A6J5Opfc z)@9p4+tr8ti><-6;kruksM9=Yjr1DUM2`H7{EECuBeLF;pxrC=LTDRy>Ic9hd;}^t z(>iHAWGA4H7;h`@Oz$4-_fB8eVs&U6HnGj2@z}wg;c(lxR{5LS|M%%-*rel z2d<=yR9$K(ncxD4N*T~w5NT)w_TufJ;kTuGQfavgc!8Ga5nb*i_m&@l#5N8)&hzqC z`G9;1oXjog4(o#F?V$8jCPC)kgkJdwz48s^#XKqtK0F?rO(u4ur`1=W1Ni{DwoA}d z-Ni1@Qd6`9Z7Q?@8?|?}W7^NqFV=&8dYGQ0FW2AD59((LQO|bfNVr|jTgTfPtK$#Q zj&Qm+S7S?YKXEIelZX)(i(9}c9oH^sH?=T5Qg5Ua?NcA70)4^HnkPbj1xi8g& zo;X$+q+}}dl~}Sv% zEP?zMPI;z^?Bnc{>`3kw*PkB@S@jQLv^Z5&6^APEF2ab{J2Q2 zG318%Txq@r-wdnid42`f&(HiSXwbV;9r8`cHHu_|eod9GO55b`v=Ue$B%?7(0q4> zo^7QVAvabMAj^8xsp>T?$7p1Z!`{{qoZKSozLz;4PWQqtEQ7W-<6nU6c8PB#bi?X6 zDby6_DVlmzlk{c!cKs-H*fk8!=xYqaj@8dhH|JrWjIbJ8|A6K>-yx@r!))0JN>D~`3N6$a{VTm2Gy|i|^Pt@wt!|hz?XW{1 zgigA&x0bg%G}@;LhYHUh!Usn}A0uM_oWm}_cy#6BxfQ}uxr;JfS*o@HFZv?%JM9dw zk%t+-!uS9ja3tjW;ozp$V$OeS)&m!uVZCjI*;Vby_5%A9tUCAbq}tH`3?gF_Q-)cN zU<3CXC~9kH6}p0=UKS&zhM1i_q$SXH9)y%$UXFsMDIPRp0yL5v<*zaB%|I&`L&H-V z)UgwIz)k9V>Q(hmwUH)i2KJW^!1tZju4tm(LH|WBZ#-d)HJ&zB8QZ`!9WhQB9Z=6F zq5V5=-Y^?l304aDmd~x~(9_Sdt3m(3uw|HYsM{-SeaOR)a1*$yT7M=3VyGm8l#$Of9SiXK&HH`w}Jg51su+~P>VmMYO*HB!phZG9xXoxE7oRE=MzedngM<6v+6Ciz1B&a0D83+9QYN;3DLS2 z8rgA>71luy8)me|%E&R^HqIEo7#tY4GR6FVV|h(<@~H70;!t%LUQVaQ8mh;Ik;I$NFpQ5+}z zqrPRlW;KBvQijS8OWDc%W*!+j&Vhzb5T1a%c|2Hej2vGTW0~FC39-s2$ZS;7IPMEwp}Gj<#6a2HnWtnhxIa z6@3lt!I$(FMk1abgEhAqwBe2^TKlYTtOQ%}en8~JV@{n__B-}I+ZK}QuUrHEX-Hei zLTm9caN_Stsq$j^Q&{4Xw2|5(?RV`6ED!aKp(u5*c>r3sFsl*Ocr65P-W2Pgk$0ds zht&Ce8On!W#GcX=a_126e@nO>!e!`FH%jkFqvh(*@gzb|$(fz8W9OR!w2<$3cSAdk z^B#0h+RN7Fc&;n=B=-e38S6g}7QRAA%-67A*MP+Qn4BrElXrnO%~TIU%km^Rk8ibm zT3h`cXa%CJkyZoyaXZ0#gVcv9OJ(!2Y(17|yRnb4d2DNLBX^9ufL6ysH#ii0*iQZg z-$)R_fAxm0d8)7kyVVE69_Unl5E_Vr*iC#?%n|2+viyquqB&;13_5aM6}9eKnr2~F zeHMH6Iz7(dte#f7HQTytg@F#t^X~J0=lzS+174l62&%)cpbvDbi(q@a$r7#VYUouj zaADZT)3A?!3VyyUEX8@4PfK8v*(EK2h9L>|oU&B@c~d%vy{en~vU(eKrxE&Otgq@= z)eP&DzZQDz^Xv^+SKD%(xUpOTc+k^mX=T1MC`ziBpwv?zQvcDC_4bAZ%KWM|6MIEh z(5bS-G|CKOdvcHQw|EvZMG~yl$AliRK-_^eA%F&Tl}F0UK~0ZA_9FVEx1jm@OsTI9 zg6*k3`u@(C%`vur&-hm#qBl=({sO$6IRo?ZaKNHGQpOtbL z)vjzZ+Xg&$7Fzo%IPR~xJDdkr_&@kE!YS~`7olCc1MN~}sSY&KgP~oTkNxg@ND6;T z&7gznA@`9}uvg?_&zm8CB%grfcvb#G4udt0gLlR((A>vCUzx(PRAySwMsx3JV=>~W zM^RZyE5cRYm}Q;C+A2$FN^5?qcwBCzt<=Nqim>@GH_B4kiX-w8{C9|)^%I>J<(QU` z87jcq)Pj0i^kg5wJ~4rPhAjY%+YJwkn`||Bo#12dbN0M5M-zEuw1>Wy$_l9 zJao_ZuwT`K9k-i4QlA7~`$c`d{x19y&Vt{GFzOo5L-VrAKxf64qy5?*a*GWPeGB%K zhX_8Q9MwN`W(RU3pqZY^{UYe%R`o3G%w4rFv>z}FOY3utW$=snh~!Uk%6XEXAbuzH zmPet68>xI!j>@~AvFGGRmByg3g<7s|LHD=Y{K}dSzO51TY?ikN8MFLybU&!feIis8 zzm&JAiO@+-f`#*M$Q#bsu7ZTktSU$6i-FNvBcIS380`(FupG4sMR4`8r#8p@I@A!sVXI zD5W~(1XinWL4UFbnvRXuIqPq$mG>n0=yKGy)_~219R4<}r)~M0!hW$SJROcn-$DAj zA(vO0D{ZiokHlD(21le|#3He))Pf%GCw&CuD`NGyNu?}e`{+~5{z7aYldN~_Gxi(a zkG-FH3AfDLD95Zt(3efYTwcR|47=V{wldd}Gr2`v9bV+S^27OQ(DA(nE8i(-?aB!4 zh0(%HVJPgXOQ4NCjk)=cD1bK|4a#3e{uBJ$tI9T|nJTN{S~V>O^XV)2vxI}fOxCAi zrmQyJH!d1CjK7WE;A)OpQLr|0cAEVLv{ql+Kf%_hczb(Cc%Skv1%HOh!5jN2{8iXH zuokr99tOR97y60AsEr3JNCgEP3hm=c>;neuE~~}2#AwJ=^Q9x;%c_BL5L?#M*o!Vf z)8bgHzJVW6S@a&KErI>B0xaUE^qP=Ms+wO|rESZeVn1i^wtuwSf|gD6t_A;Jp2`(u z^;>Krn*m$>V)iw5C+rwM!}47RmhaBcR-fPs`2ONn$aY(>6K;n_q{g9rR*z$Bw zjmGH3aoZsmc7VP7jJO;=P`j{#>%az48h%LU%v)x4t0i{idR`Gc`ZVkyyGUIVoW3s) z+WRd#ntKj(^?i8kOofjAL+KBUFee|!KKCAUA=j`*x5KJcUVBP=8C>lt{S8otMb>82 zYM6cBHo*VndY3u#Dy2M?>Ac`J-eLE%tzd%^`DcU{khw;~cDF}-M+%4MUk*6uHJH%{ z!OQdNNN6f|!*}X)@Xyaeu004@w5O2?--*|uuRILDmfwskR!h*Jc<(IltKck{?DAB% z5d)rLF1VNvz&)J8-hCdFzA-dL3&hLdwi_FBQ-^r+;R$FT=<0bzZ<)AUe6*LKN%s~4W`LY$@Apj!5c+EBCG(ZT!CF{J1ECI^EGp;`4PM?4nYqcZ8PU9(mk_`C_$$; zUu14L@qSW27|nM#z_^HN{fk6)9PVh&ujRGYyGP@+3N1WRc{e!tWdyx?j1Z&*!Q zC=FFf?F;MrT#V9v^$GJ&*!=s#H)alew3ry@zLu=U&V$$DPBs_X=Xc?$c#tbE)szHi zXTs%bvLcsO)6_oDZ;a8$nFi$2O0=H3I9+T_=y_}#N;CghriML@G?t;PH+=OJGl4^BMbWbv&N60Yn|Xjkp%f|wYeTWx(l4rk5*e~U;5kg z;8U{OK7i3H3kvtB_pJAO^8D;d%r*qEu(9QXpP0|S$9}^`fVb`qxoHXPAFHTwGr_>RqjP5E8r6WBfP zz=KRw4YeEergPxIb`cb?wnjY2(%~Pq3L4V$S~b13J{$gq6JbmE-DqX%W(#Q2o`vsR zPy1zP%s;kI+P9!PhAl0>5_1K0=GaHs@$fPIm^}?&t+0|^u++`qQ2K!LSPhxvC;blmhPoS18Z(V~uvu-!-nZL00L#y1x{45PUj%V#gT+|HBXAS$o$mn{^GT9(tsklmPzjF?iQy z!TvZ0TJqJ>cknqA<>BCYx5|6u-{h)FJ@iZi=z2Rq(>p~g!tQkjTG+~Zg8qn}4t>@u z`XT)b{RdcJTf!#x2y7`~@C$8gzF}^(ShPDI_OO*0%TK6J)e`R;(2Z7N4x^0`;A;;< zkJpP^2d?#3*j+Q>UGx$3I+yttuqV7D?hp@)UqP3BORR|Z=6k7ZGu!wdB zuX!0-(kQhqd_o>qv(>TcO8D(=2E8n!_0;-mW3;32Zmq93);sG@LyuF{hyw4(8IK#; z&_%5@)?p-f8)eM)(5UL*U*IyC43vEM7ng)J-wy;;FZ{)S_TDFSrl=C-HEL4{W+eLp z)~x`~_&oSne9t!&24dehD3lgW*l*qxe-LA&L9jCa3g4=7&^8LthCeL#hx|1OR`9Km zE)T&faSpPU1_U@8Fk2hbfXgWr992<;#IK#*00~iC&9_QKxN^bn5SnUD^`O4bz|6;`hk-k zg&Dg*S)pvinmVGGDn5#%J_;TG>+1WMvo*oHwuRMXiMB?23zE=2SWUi$r1BfII34w# z;D&}{y*&vF@`d2_VV>?A-o`>!He_ULg@82bK4*lD0~Y4 zIQ7!s%x?p&ImGY5m~|8dc_BQt9#K|7&LjS))6|dDk+7$J3*W=Rx^4_K(xF-W-PmOA z!~PzLIn@yIyl#16*&hrKlQEDDreSq0wN}D2aR>D3$I?d z1z4*qv08U{KY=FcOYko@y?4F;fWMBQdV)yUb{oR0O~+Y=KI~v<48~wro(66EQg$V~ z1v~-qg1iYo$Vlup4YAwkSkryr?UW3!w==LgNAd0X0a&lCv08h=N;g6n1#RtY>_Jz- zaqKr^uzD&(7l!!~6G8dXNR9=cv5feSg3^^1%0ni9PRNEQ|69=PHpR>*KH2ZVf-n*m zh-7nzeF3{5?q{7kuVsILCQN`P>_^CLgqpMy^5tXT7MoFj>M`1MZ2|O~|Mx6r(~O5e z0e4{bWLmYLU)fAFZ(tH4C~u{+{n_j6OE|sp5O&!e!Wn3KYhksXlRs3JtB-**`9^;N zyhtDOIq!LLUqS@cOHBa>{Rf*OP7{BDT-siDeDoH;CK^H4DDf$5g#M31@267V!Ugay z4DI(u==C^wP<+h&z+L0UPz}Utnb-hN+J)p<*%3@j1ozn{prxAdig-!6r)1)c%x{|8 zQpn^-P+8tRrcT+!k8uoiZe#U6pdVxG>5$hW9A7w|gNIWe>ghUNXe!&_EgM0K+oHw6 z9<=}zVvD_#jLj;iJ&kz3XW?CF4(AB#1sjwNRtWetrmM5nHLwof)&J3(L;HRa-dmf& zoqc6rgFlK2D*6lYG=}atg4#c8LW@&cED!IN`LMa|!YPw`uxaFiJFE}A)M5E3q>sfo z(ebF(2G-CndXhdDcGb@ygH$zQK+856KN$a*Bj5#63FBGW+rZnz+tvFr@jw7=j-dMK zc=i@%Pz*SOW8$x39l4Ecfp`8MJH;{V`t89xr^EYyF+BG^g~j^<>^rUD-;)d9gQs8t zIcb*1I=*84Y|XOgKpPixbti=cGB6kCpc7Myh*t}#xyyns1#6?|7MB}RD(6z~{4 zgIj@u&w*d?HqeeJt-kh2L0bn6VSW7}cy?ug1A7Hp`u)%pey=w$1Y;j8uBG7# z*AzP9W#D+XnZ%!`5qa+U2&!X#3@5S{fSc$8o8<-UreW}zZ3Lh83SuU7Z^zM!n>b6c zQ=0=@+-+D?hY>H)8_vD6v7)=c51!bBX9^=A?S+BD)`#!x*YLS$1plNT&6eQrrb2JN z8M=dR!aI)Gr2Y^li7#T8+Y33AlRCirb&d3? zR7q}vUG5b*S&?zh;-<=>^*?JieC2R8@vVrv+cHp0^8&(hakfcH%{tdB^LvLJ} z>WkXILn0I27vms5zAk<)^^hmZhW->h2$3hIG98B*;FLXFBIfuBjzzDmf#04WOvLQG z4Xw&-_^N*?c81JFHt)S-}=mED;&v2! z{blsapH?Zmyj>G}MKfE#`Lzz{r9s#&M#Bm>8FO+WM-YqL5l9mkpkuiK@4Rx} z%HC-3;16Nlb?_#5hk>tK1|9NN>=b9AslpBc+E-sJ+1fbqR)EuOt061xhR*65 ztOXt57e0!60lqt@K$jR^;7!O)iSSUL2y56L*rosGYeP#EB{smhH3^;?eZZ}4g>Ug~ z@h+@UZRO4K58!5Q%jF=AG{Fgv9O%xsfj{e|4u!8|A#~@pwPui+_UNUd15vP^@4?fI zg;wVoNJ^a`;V}u7DV>eN%&UN&{sB_te(@FPDc+VVsOvN)r7}5U#e@l;YYVBi^CJ8% zBhA(*r4zgt`<@B>yB;~=^^9tnX8n7?KDoL0P+m)%teCWBi7`u#<#wEy_ zWzAYJ#82 zz7&-BAkObd#sJvEiFfiU>@o+S%lQX-!2V{k$((ndyH1;FEQIg!o3M0#0uGg7sxZX1 zQOoFWFfmnV-JXU&2*-6tD}Pkh5M4W4h3Zu#={xl$s@tzZ&j$8`3_J|BmaEEstOsI8 znh7tf1+WGjhaFonlHiT_jZp(qct3a)WWoRb4V*xnX}<@4k4dOPeF%o3jFs#*_8@zk zZ3_N29;cpOhQ042?kJbePltZ{p2d+RLRTKW!0{lSIt%>k|c-uMz4Sl%X8*3!0IyaX#Zd zwCm)wk^oP$h5WlXZ(B*Ik8@ri5+aZ_c@$KW3rvPhp~6~EbK*#g#Cglc7TTeEpa>aU}fO5woUq2sw;QK zj`kINz1zdGx)djg7C_e;rH#^Fre0;2G*eH69wJLW4Eg>qJ>2LBA5|iIWI|gr2YVIK z(p-V=zZR?$<8ktNzWIvzF6`8ikVg9W&Sq?Z>~X;gvm+sK5DsuUlv6k&r6- zxXwylz#RkK?pz7*`%LRWF=aorjUzj*+{+GDZCR(s#`9)Xtu&g~y_#yc6h-r6|j zkOa?;;~Xr}{8gbUG)M*Dz8d31a5go0SzpR#t4t2raQ;5F0|fn-yYXLu^)P z?eBTcy|-?oS;N}>?)SUDc|4~3`P}=t|307h`@CQ0^?IFicVu>zXdOu_DDnM_pJ!%q z9eyk0Z^%1;VsVC_6km>R{d)X02?jdfIn+@84)@lJC{dNv`o4=_=O=JhkHhnQ!TKyL zc&l0fJP!WhDp*~f#3Tjh&%6qk$a^>!C>F7( zLf;hM7XMKEGk9+fhHv^>U45D4jlD#rj}oP_vyk~!hf{V#>WRbv$rAIyB@<-RzfS)x zUaDZv3Sz+#;MPB9SmeBCFHroj1`j}Ud?FmyL5cUGW9$SY{zvtRUy-z9au9QGIQ2{F zWfxO{l?s;mkf^dRbrft#|J0yb`>5apLauW7sXJDCu`e`@>Qm zmAnzorZV}{)I2H_4x&DP4__tVOIiuIgI2Vh%80y`+3*r9S2$y2EvwC`tTng7A-u%u z7@oBWUab{gd-6a;}fT>_G?*hPL01t9YZhC`@n=U zVCE{>T=%$6NopZ-znpY`%6;T!^Z#jy2SKZIW1n?sEQ`ijOnF9IG^f z?woP}tiy-YTb;)$e?I=HIGhGU=^uL@gBv^)RW*#x4V;(y1?u|?C5l`We*^x=A*%GE zm_eQ7SH-x&En;qVAvAy*bC|AjEIcYM2UH1g@4NYEc2GEzo1Jj zP|a?xGs1Z(tHKj-S38n}oI!49bT3fu$U&7t59nk^95H`L`Z&prC-#Hnacc4>-211V z0}^~W)#zKGIQA5f#?e}zu|WM9*R#J87xCHfo>ynwMCQDjOll+8{d{~Rf66px*|HYF z(wv1q%otl>^zapTcILpLNH>bjxZYNQA~xaVF{rycgGjX+*Z);SZx_t@OG(?~2R#Vw z=8ohX+)0tC+oi_9s3g+w<2LoXtWT?_Q^2EXJ>cfIQSkRnKN20}LY%lC!P^}Ic9u`v zf%fq_xO4*wRx8y(k7oRq4DektKm&ZVnhIeLwc4k#w$@~};h=b*deEKmx#ngSk@a1h z)rfncS1N$`XV+XW)afD1>(C0gKROR#R9%20>o-)C4>DTg6AE#--Hf+lXB>71u=?Ll zCC76xU9r@#Zop;!97y1A^s6W#5{@NDrsSoJX%*Z7?h5J#_tt~e>o*h0=hndcn1 zt!qK(zvNtukZ13nkwTUDgBj0eyaU%YiK4d%4_Yq0athG4UL~%cf;;vBl=ruZuXgnn zI_QxTkHh5>oZC(0whu6xo@d6si97XLYJDu!v7M*>{4vy?P}H6aKwv+m3rs&5d^hbgB&O1=ga^a*!w>cwdz zo(IwH3Z>^lzFqy{4(AzUPSIea#`p-_M|tX)tAoY56W01Eu91VTI~#B!U(WdZ5`Au8 z++a75+a1qp{V)!|PpD#8nYw4{DR=<;n2%qxZtqGx;6ALZP1L)7ns%8d1V{V@#705l zE5YJxr?B`F0a#q3&ZmTQIRS)7gA z83(_kIw*urDe-6&KjVG-Qr~0cSi(qHk2n2%b%vkedC#*4zVAP0{65n|#oS}^{(W}k ztG|Nf+KF14l7w5R3VMcjKG*ev>o79Z5qdjhyN{p_=_`7X?3#K29C87bv8&T}!#lJ+ z{+4kGbImf^?>^sR_nLH zbSrT9yWtlltGFCq@gB0O&6&R=JD)?{Mr_u8bdM;-A#)=gWj4XnzCjFx@fxGub`X{A z&S;gMIPhMoaG%Bf@hP)#KH8E8ALpU0Hdn=84=-^)-0=`udr-oPgf$6n z>f(-0IFY)zEBW4cQK8;Ly!;|zUgC1<@Ujx~(I>9O`*2ULa`hLWbMBm)Om4U#^@!9HU{Eeft%GlR1aHBscnki_h?tYM5dY_{ zX(?1UADebMRRfo&{ggfy_oO|X_M5a<(%vA`x211Sf3qa2U+Akt#xHBxmDEQ*ocl6s&fyeH-ps8*Am-rLoe?1JP89c2!}VH%Gp@3KqlUk!^j(c46l6! ztlp*!x%O|6TTQ?++o<{336A-2n3*$BBCmvTy8~y`qh!{vqCfj-7s|2rJ` zq4)<@#_tlJ2EIEGzx+wexr-ScSqXciT$eEGWi(tzz3$yOyq*FTOeW07;k!CkK1{<&uCw6Zuhsg=`*HrhfD7;|D$^F@ z4~e6KaxXC6k)X0lyl=NFBl8?p!NZJ{FY!h>=sLCswS&cUSv!-yW7jZR?j&z|5_M{f zRUiyE+e#`cJ#gCx!rz>XKe!QZ+XGapJe%?g3ebn-b-_Aja>(wFrglZfOg)U!FNlgy z;7t3_{W*-!LeNYsNM=3r`Y`ISEATAb0Rz+x@_daLGNxl@aauGwSUy#OQZIWU{_-Xw z|NV@Z7g%2=$x@eq26n}{meuE-&3V3!it0OVV95%-d<+g{^WR!4%4P#l! zT-%$d*rgHp{{!&{7-Qj@Z=B~mgPh`5WQx*%a?3%sMsAQh*f-_)$d;yhs07(~BsqBykH#`E@w_DTE#S94V6j%Y=PvtpiuK6oqj8jpi0#xg_I zHMAG&<#FJd8}JN044QjSGBD=ILe<<1^6fOThC`fZ(^;|!Z_4wml^?;KEK`0vD}E!) z(dBgO*aTf;X4}QdQKH<-Z-0wIez$Tffg7?s|X&&PsGvNTd>&tM&UhH}_DGoR6!PHHzOR2*( z)17h&9>^y++iUP$U5}gh_vB&09s~C1F3uC(P|6o72Q%M!3G4d1=!iS4H+8@e9WNOL%~G$c*E9Tmj#( z6AqaYoY~|n)eDsmlU@WHSc4t}z~yzRF?WAYxT;sHPp7APQ2ZOPXB4z6W~`FFY7%E>BQ1P*7O$`sO3~h4racCw_>64 z=ZBz7^=ek}i}>;QVrI$5Xc9{kOA^l{7uub?_5~`d_NRO2)5)>alx{$sI+^&@jyLL! z)TPAwWZut`-j4IhMa`l!V-NVydq8%<ZuBu{Hu2^?Vq7v@+*Jv$@{RwN5Sy5QPJJ0Jp7#>Z;*<2C(7Eu{-2~q=Np<*| zS& zr9Q3Q@V-u4r|6{=t>V7)r(m%@OJB^DOGcYL2&Q+$^C?}rqB7_fh#KoxDU#5*kD_PU z4aBgArsc#0#acQtUg+bEKEso-U3@BaLr2A*4Rds# z)|!1nW+ys@^u)S@eDOtU&O+h4cM9nA_SBS4v6k*I7gGE11f80M4~+Nmf!D!|yaXF) zqC?`3!359KZ6hb;Bv$^PamHSOFG|LX{d;uPMAq>i(}(mHDpc>n?e^Ey1!<17%(OD< zGOwV1`wd(WJEVKkt8oXv1t%9x&yyp_;QGi95(oHO5A*p6OaDF zcU=L7Jb>)41dgm8S4tOt$T#DMaom1|BDfR&zLPax{*;{JorDkY%S8e(fd>8kL0zCMOsg4#h03d25~5H?=I(yPAAn*S#-*{9JTW;qV>UO zoeA(P&3KGYqN4Ou_dZmPoPjs=! z7ufA_;;g6NXOlaM6+4Ay^oz7K!?IbN~g_|W*(tlX*OS+|1Z{y^S+R6-p-sokmd$_B9= zi#~c08TM`XNk&0ze@hH;g`t%0;7SFXoq<|(6D-&hT*m>}7gO@~V6u2>fyG%;08e*2 zb@`vtFDn5j!D;Smspxr`(XOkBK*QVYNYy4^ILh2n4gbg$D7pbm)V&X=0?s|BV zyBKpX;AH=hUU!jnG~Ekk<7C#`%c&!~8x3v{K6f%L2-n|^=&F07eOKVjXv59?1kQ+I zn52dHeUj8#NSePZq5Fkz}7YfVUs_80CvJ zmOh_+D=x9mQ)21Pd?H$VC=SrQ>9o6v?%01%Tb_PR`aS8ldeWFtN8_4%4?MYy{<7=g zsjHYTAA|Y4b0iYIJ)P)x0{u^ZMqU$(igXpL;v&v}EiQ$zg#FP4uL3c@l6WrbUmMP{ zLy{ha;Y;DHd22C#Ld<%Is>A1!|4hcef?R(u*81|4d(gQ*P6=by$HMcRiKpnNctajy z%~*t!a5wrKZsIJwM`g`v_=pyP-_F9zc@H`E$9M~Oq9f^#7?G7Y{_bQ&nas$e%UCap zTr0C(>*nhh>AG%EqZbX5yM>;>4^WM^oDp>~v-ow?%{VxcO{kVH(c3eN9vb4#z6Or$ zX&jjrdM9PzH@OTX{RU%Ul)9I~mjoLSpQrvDq%!!hP$A@lHg*7RUvaXRj()A4QHo&F4X?(gZ#(H0KE^>d}?P8fu@ z_=d;h%(w?M_gThLYCn%57T<*q^$GQvsbr!T!XQ4C^)6U-k$R9r(Bd+k7MutJbm()C zE4I?d>oj`J&!L0U@l;yv&8NAN8sbIDOIN}mJ`sOAtlWk83~r@g<`ZVF>R!&g*+rJ$HTjJxi$gaY2{FG;5+cO(y_ z9)c6BlimV3aK-Pl2L8cgWDda7Zp3HceXUK-0y=foCN{%4y^;83^3EwKDgC_vp{Xz8 zin<8L*h8$(e@Tx7!}VrVW?oHp*anN%M`T$G%BhezGUQ#O>*zz_Ne-ck!i9(8%#|b9!x`LDwgcAQ)ni>K;M# zdf1(AzJ+K72a{`l0 z;nnyNIp0sfDEEV{i|My@F{{K1>O_A{m%`gM_8;%L3f|j{CZ0@wKy7ih_p|SgvUn#o zvfIa}z+@ai9`HC>-&lMY8s{2(mV2SZU+vzBj_m9C_D7QM-v_q-icz{Nna25`&>m`i zsOrvl7;T)Z-?9ELO}-)dX1qvWz!xuthscD9IGYvl27Y7VF?fhCQobgJrn)nkS7+n1 zya9Cl7^=VxR5m_L9oZlG)rzI*+oh*6x^95UeT@3nFVI4kdbY#$_#-0W!*o0R9r~nr zRlU7NPNhO=Gc^{X7kS-V;>v$j_4If~lz7f=g@=7r_}5~G=DSJs#ka%Z91pU2pFUEj zk?Fplu#g!Z&kR3CD=6+`Zhxi~1Z%a=*mc@t>@7Oygu^-)Gsh1G!?fX-h=KjMh&*=? zobvaKlNrx<)ARY4nsM@;zX*l8ds9_?(p|M6dl zKzoB6jwYLUCM8RItes6qlTh@tAAuF#r^D5uX(Jl#k4Mjpq=Icu|!pBAjQvLt~PMwPi1Q`fZ|baVEcj zunQ>oLb#V-l2ctwKdD{QTVd-@hacoQ%?`!q)0H8o;;$3OgM8L-KCAd0{2fw0iBF@F z{RXt~o#C?YcdeyU#fwP^$uab)|3yk%>MohuPov$TJ)mP@h#n@#v9KCk3^)EO@WTf% zaB=YA<#2CL;D!Gic|dt`7U#Z!b+!wK+aUEMX8di5)GHLiQlE=^tC>y~PtgPLJs9da zsjKJ!xDO1)DL7Mp&f0$xtNm@P2{NMJCyzC!hovt}UkXB7qraqa4Y~e{_=vLbE1m6m zhQ4bKnw5VPA;A5+x#Ic&%Aco%N6O%%e-@k1{U9ReBfd^&e3?_oe^MnZ&R6aXjpfQ~Nm7sym6>4(;)> z46m^G4fb)~O$-ifP^a%RARAt=A zr<7WUdDKfKXQt!gzdEx4U-RemMcA8J{Gj*uErz_GcLn445;BwzsEc)h-q%xUxdG2> z4UFt7%<2&8m|gUYFG;9k%ooWkl0nLTY*&p4o zmVRPyC%DODjt4bYFz#>lb?kSc03J^tjSBi>4T6Bu;ghcf3m=HT;0@Hga6FgN)h&kg z=SphI?uMh83)fe~*nTwa6mp9_8F6P4>*m2s81@LoWc%{_2)E)lo`Y&|C%*GM+-=e` zX?xE0Q_RovIM4UM5w(LH-%OU8hkNLx@KwswbPo-BQ@&qWIlR8#mH2*-MbW(|>u1c87JgghMY<^)(GkiYO2yzo z=yg)5_8c7Im&Eqv^tITT5qN3*lV|~-;~J7`FdO}&u4LBiLYK})S2xUl2H35VyuXEv z@j0UF=d7ChF>6jsz7_TCS!zbZ@yu<&=XW91qW8g(yah^Fi5p=9UV#fibY49747}pU zxJDPTI-Lc3-_E@1);!RHF6!YoHckaw-$0~!Ub~Zh0Tx|M|qM|+F)WL&gM)QkCV~rucUI&&k_nw+Q7KGkZ*q< zeKkJe`-^9A1G(3QDYxqP|Ag?1@hH0E_{^@!=t5cg zL>Z3M%)R(t7Y6w11P9#8HGD`qAY?~q54#NdVHZ)8@gy9_yIjGQT)h-r62HRx`zpU$ z6HE?z0B-q<(A*!y{re1j&W8#6qO6|696An{!zXCsGFRGCR+1Cu(j}sW*&@;I6L&cA z?hqpT$J9rqWS$Gczn?mpHS|a>pl{tdC?C!A1ALl#E)W#DM}+45X6Hg;u$#R3C>;GY zC?CJ%^YuAL(41`XQSmOaW~qy*rY7c%_#qe;i51(!$*)E6IWeV&)!BmYD-L$GI`t-) za_KK0uAP*QqAIM5>cEdtvCd1~T=RQcQKIT@eiroYEY)H$9*=cz9JeFzf@ z^F~Ib{@f^*DyEV)sye@hAE~eU=u@JjkQx z-lJ5Y{27$81mrkE*G6>$Q;QU#IO8z1x;}pC#)Te!HIDArSl4z;+M5ok;^lswO0AV> zZFzWF?t$ff3msu!=E5iKAO?}nL7y%;XZy{>1BS|Vrlxb=_c)9dp0~~3hHU6 zqN|;_E=Omc054OGy0I4D-LDx#^pvcRP@HKcuWy5E=>soGPgoD@VJNkv8Du=tb^b+E zsq^6^KgMZRNx$G1T<_31eL>O=N$I${P9Q#CO(%#>P}FOzNglcb?~BT~oQ~Aj;Jbe` z^)}S>k+iaO`Sq0ZGOhw$JVgJ?9YNn4VQUW{Z;jBr^-^MDIx5{8tVPlrGM9coZzjD# zoy;k)P*+fw_a3f^dUT2i?FZ2ax4V(q_Sb~35>ImVqqK~m`F@7xZKof=GF&O~bZ_1} zIiJq>CnZGd3pi9L2J3uIJ1iN40$oSw}xB*)TbW8}3c8+ZeSw z%hZ9A0MgILfwGYvZdau~jso#I6+Cm&!tl7~g0El1LHIej&qngfN2oP;4|Q(7XBE9I z63K>Es!#VkxKo)4_Yhg0ka^r4AwM@_yhf*vVCo6N`Hdo(wH{@=E`VS8DGcKyxUhOz zBZk1-ky_OjN5;1S?ea)vy>7?jb8kW?+V>yPB|hZ0ZoWhXkD=S(PhnfvvR>aq?*CW5 zZ%~Q_SGa>d&C%MeD*@D%Nsr5Y=%ITEjtlADbxKMFD5e@UxQ?~9Q9Xmd#NEFMZ2Khj zPA_tfeoyz4_fYjdg-!SxtUJ$bcQ1BFxmRgThl}WzO}BzPJ%>l3bxF64GwJ($5sLCp zsFwRVY>a;r@xcs8vn0U-sYz%O1$LY*EiJot!a^FgaR!3qa-m7LhGqxty za*pfC8yZuZ$jQ54D=LY@wS1dKyuqz-_MLo_&G_C1aP5!qEhZRqmNYxQk7#}&!O7>( zX7uI5C>8VB%VArp(`s?W$~`@n{ieQ@QFvjKoe<3x&@bOBx_=9x|4d5Y}_sR zDEP(Hjg&KXtI_f6@p?3qW3}UT>82*C4~2G!N`^5IxZ$yQ>{K*FQ(5SQb}jR5b0@WRo6+C~P!>ku6(*JgCs1g>IBrX6opG|plt4!dlewfSU_#W2t1 zc51x~1-fW!6`DpgVV7GGW zeyULk>OnTmaEI-zxZNmcebo34WsT6mWkTkxeX(*c^eE$cM{=!W=?d+3W`lV0`R$Hk zXDJ$grS?iPq8A&@`1xw6rKzLhu7O|dX+lMA0SmU#KcfSdyNjxl9$Z|#MBskviU#4; zhFJ|q!HMHkL{Acx&BO*P41^;-lK2n}a*RclbP_4t#ENYAm|SWU^QlZJ#QRl@dRI!V zaSPbK3*U4#xU`Dln6bJYj6_f$DC~8w>Ry$!Xoh~MJLD5T|N$1u!|aZ58j6ye9U=7?*f?C zB3ASg9EN3hZ7Wz^s!)n+sB@_URW*c~e;}vA7Rm8^{>azl8Zwu^P8*#D&1*;3cMh~%am`b-%oJZrt$;lMMZFXDSR$`^Y z9Z9r|1_#9A8+Ow9%8f4|o4(k&M9qBa@(OWf6cag1$=%ASVX7p0R#Q`23%6WP1Z{*X zZw5cM5=Gm=G@bNZ=q8eG#!b-Y?sr$?D66Fkxt`xm>171>GlmBl#lwu_QAYAOV;KzK zTx^UJqs&`GuNcO39OJWF$E1wLdYs(NjHeE?@XhqaiKZ)#i>^4ijH4oSmqx}=2Mp<$ zMml?9G)iU>qoy29ppIDAfs@dn%anuuJ=u5(3vi~Cf+wo*Fg1eY97!=a_}%;hK^}dk zis`OePSztXCK)?2YGk~~NcrKe*SDYL+0N_$>(me!a)e&{W2{y7R0pe66c`}}%|07M zmP=2`d{(JKez&QZU)n8Yr7DLJs00&Lvr0ANU}(kd(auWMiNC!Y1h<*hs*m5;7)Tu? z(hn2sM~U|1#QRAizL}VBCF(nf`%y&xm^A4x-bF-q5PvI(wY_w=i>3c<9T9VsUuN^* zJFTaC*l?yj%R_8yAeL?B+7rRDiAjX9NY<%1B3A(!S{2br;*dlji8>ZyO&rms6g*Z3 z1KCcF(@*`y1X*eny{NLe?j;FjX!L?Q2Ju!qXI$@ARG<;GPr2rC^oz}=(_aAySAKV* znLcYBxFZJe7LV`?AQMzZ$!|7AbN!vt*EWB#{swvbf5;r}rT0ib`pzJj=YMWKZ#n8F zP!Ww(bE*ZDG;;*T@ykOlyd$1~u~5G^_kPV zmANwsIyZyQtsry<7(EJH2g{U#893z)wR)ZYQ_?_wS60sHrY{`@+K6p(!sk$;qsfs~PhRFH*Kk%#=xWFO_!k5y8)UX8+13yP=*M>L{VHM^>WcRKp(D;?Jrl&uOF!P&0jiTFH0X!Kp(0~oqVkyR@?al1?KRTt_(55IBNORu(m z(AFS$YZ$~e3g#LIbxnf1%pfmok{$FNNsrfP#o%$EFqb0n?4%sJzUG0)3z7<{{Ss7O z$}c&U!zfi!XHt#(v6dS9`hQyvSUO7v*zyDCedV)ccwXE$;mhC#wt~^EGZ4CW)tPO@ zY1smMS-urn<^7MW7w#$aB`Zb&9FMFSCGb3DFg+D;JyozhTOzansZ}I!4e_oZ-W9+b z?}?+;i?xqb9yqar^`RKAti|uE^A73n(N=dDEauL=Ed62W?L|0 zlaFU4Ezgh3jy@F2>-ctrE_%eX(Je)8Q$|D9xP2)3sRrLH2~0BsY0$ zDLHDRvX90rd8c<&Ph%-wXlSwO2<0HC26Bl>%@!P*8x)ca^!qUWC@O0Vn7&Y%!YWXF z8@L_B4uWul6w1H^Ev)|?toq~VNnU<0kF~m%Rar9GQC40HE3AjLwG3x_6YFR%Y{s}S z8Thpp8y2`WJ2`DOt6({7TMNuuztaqR771@A>rpK$QBweu(a&llYl*BPvMO}39`vyi z$Qm#KZ!57sTA8qHjq*sg4Nt_m2fTDYtxSgdyVs~-JD#o^>=I4KuwR1xfxL?vODgjbSmRCuLH;*k{| zsR*X19FC|4cBmOnr~@`=Gd$2BJjEz^VjLM^HoQauj6^kTc>~wC75HJ6o-WPIBqtkJ*4L`IP!OSDK|z5v;6Gt{1-S`g6Qm{xO^}%&GC^Y9;4eW|F1XrU zu$7=HK~y#Hw2h1aK~#dJ`r)@GyyL)FVl={OSz%}MmE9;+98^obH2}Lh3d0cvhw6mi z$bmO4gfT5;WC#}N1%(VTBC36up$&}C1wQCimSY%xYn(A*h8=YzMlmYlQ0qN-Me|U3 zi$DiuAcHDUK^-7{vigs*@=I?)D?C^ft9=|Ry$5b24|b%8)xC_B zy^2-6jupKLo}`UY)y25#Wd$E(^&VyAo^+X6vmLD0G1T0;lrbw{buM9Lu3)6qFxDDi zWLsckJ78ja781hsXOlb}*X#r!j1a`CnX0!%Yv;jS%h4I<}6WW8b zv>*1wurJZxdf$vv{~E?N8!j~;9#!T>CETg-4FlV(V*Fzb!yxmSRxyY@(Myat#+(~2 zJ{KOo5Ds3rvr5o!Ey!26(^h5Cx?xZIz_~+UTw&8J35M(6j{<90M_S?PJK^a!!_g1G zv5I;+0WWWXlaGXtk0m;}iBGw3@P+X2rEu@n#Ho7t_GU0wJ3MfzT+^vk=vBZwz6hQ_A1pb{qVkw(QM`)V>AYC-%Z|_ zM|3PAPi#byYE!OX*2)1@o+e;`U1&?Ws7hs=&nj}bI`X$Ba^cz48ko4t6;z@xe<^k%TNWUq~6uKggI z@4o`&kR|%ppsH_KfsDQ-+T*~0y*8pF^>?cZGG^yeoVxDku=0EPl#(e%rBV?<9a^n0 zD_&lu+sCIc)}4_?Jy_5=3rAA54UEWUpBg)?v%$)^_G3ih7=&FAUO^az_AT&YBxhS< zfXsfG_jTX^VFZK=kaKJy+mB`4&t}z^oW6`~zBd3f%8H&x#x0q);Kn9a@h+ltpZ3uh zNy;V~7qeCeV#YyM=1F3&opsss9h6I%L#<%SPEh4$RE_~=)Cg*&bQck~%gA1;$Y1JEwwuUc+Q?zLP_uhcvIo&xN6}d)`Mo|XT5FX0 z6y#2C}VBpJzXeby{KV>C}E?hV3T?5cJUIL! zw5~F8qAGa%x^$yC(x@ix)NSGJkX*yPg;S$axlunl>{IqrGRtq{3%6tng(J*Yb=Aud zN<^t}RZlU4o!h_!Zpi_<$trS`^()p$B%{mA_Qh<2OQUkD{tU@(JALkqUiD@SB}Z

    eS3aGGQ+Yknv@xzoKp{{)k?p)8Le5>YkyG3N|QGt-g|RR6C{3k8VYS zk5ervS9PRfpMoSA^OnqB531^*Dyb97i`aeoX}0P-J?Un&np||v22{;nD(xbP8hJAm zi<&KT2~j0Pkr;vx5hX%UgD4P^BNJ!ZBefsOcSmd<_>Zk)wyqx}2kv7&@)^5X^O+-# zt$LaA0-Q{x;7>vHqca$J%aoHYDgfX3areKPp?6O4^TPgk=bm@gRg%3|Z^6p9P=DE` z{E(lI7mlWNE502WqeB7il8Nu6^G}cC(ixtU+3;@LKjlB!k_Yt8g@P$fwF)Iw_@iM) ze;80>0dr0_-~X#Jv03a2dWv2aDAD~f_xfL2(GD%geoCrV!oJfNs|b?9_5_Ct9=kvEdT^pbxYXiB0U36g6< z5faAFtp3a>Uj~=&(|Kxqs!pd*!x;s^iDDD2`b>ew+FF>JR-)_xIBtw?Xm*$x(M}3g zC#h3kT(>fR<4Jb7mss_-NtA3Oiynemao|DAg-5AUUs;3CMdtU9O{PSuTg>V6hL!l7 zV2!i*zWy`D&jjnOu!?bTilTr>jP&xujT$32v$hTp8HFph;wo{nqGq$Amf#zy@OegB z@r(4r*$l$j7^vEkpSf^^x0T;i%ptR=CAShTQB+w`WXHU^z>pWS8R)N)GrP!|3(1)4@No)vF^)Gg z7MD~JTu(i@aSzPS1evg83dLl;4XBNxD+*sA%z$Wzq7usbE}V}GjZf6P4zxO9jz?hk zM3sv|hZ7A>R5w|D%YQ(%Eec*|9G=Fk-p5!NJhx^H!Z4R9$6OD0*9>>ps{X}(^*v3n zwp!G;7)LgcqrSvS^&qw>?jO<^<dk0ZPusBi*CN$_AyJ_Y7m`GVZV;A4 zhjAQ65+P#2RsJYZk880}V?~d$%n~ss&<_lCG{mVlNTNrvs!Jh0<}jn-dQbi?Z8 zlG7EE)s>u=5t$F0TnW$941>HG z?s$wEgGjQ59B`VKx#?8(!mf_UIG?LWB21+Zg^lUBvih8A`RcZj^{3Y7K^s!fnV0j) z)|gVR`bBd9S81rjCCcY$$@95Y2Jq32h|*wRYBc-!v^<~AP=?<^_%w+Rvfg;Hix=q! zjxR6TAA|+A;A<$-cu~4lZJ}r@%0hR5$2yXk?LC`AaIxN5?fs6UQ;e*vx!wqx$J$$@ zbEiTzTrUD`QTI=my6PmK9nySuLi1U>=CjiG)Pu7pPuJ-Zjk#4i+Zxot)27~?9(C;u zs$XYZojO+a=)|Zy$D_WS0%bAF)QeN2t9z41=nkEuz3RCcR$go}Q@A0AI&9*U4-$t> z5zJUAyjV3DKzfJ^10+~r5Rdb?xLo1nmm2-S;%ycsNI0=rb<4=LDg+;tp%B*K%WqIe zew%vndzAMXRR8_BA_uE_?qk$#?@_&|KqJ1eqLs>u)+;O8s;p?YW^to+Uq2usUX7$SohY$-x?17gO4xvyvgmV1ZHN+QT5t@}n=u{S= zPg#T!Wf2Tz5h9gE5Nwm9dT9{|M_7bPWfAI?MQBwPp<7vm0c8=!ltr*8ix90Wf?HXH zd}R>?`BZ_C>vZjFQMatDe*KDoM%5c@R%c(7diq@I&d5_=Mu|EysuWE(`24XQ;OZXL zUMNM%{Q#>ci_$1m3G?YFO9NNi=y2^Ee8pU7ULC za@1W{q`tZe<+bb7OV^?(Zn-FMSFCc}*~)PjD#u-}9Cxj9+|9~y zcPhu-$BZ5(-i~{btwvE=lh)aEsI$FSwT)p_ ze<#%u;Lu8%IAvyXw0fpUa|Fqqt5xl2RJB8DXaw8!t2a&54ymNEYAsESR?~R2o<^AA z67`*l-XT>rl39q}A(b_~T3a)$)ir_$ty%{bqpFcd^`Zh*iptbmR->-6Can?cP$yZh z<{!iA9-Bl#wkVSrtqQVR736$XkV{oTu2u!PQ5EENW_SRgmqfAjhhL zoUQzQp=!wG$|TmRhTNOPa)sP2NLmpEN*`gY9v}(w1)sXX5LoQVfxmq>kM%9qpmFd~68uE}bi4#NtQGKGc ze#WJhGkIDwQ=-)}RqBLj&{BLjM43cGnZ!tC5}nE<<|>m|tW2VCK%x#c zsV>x^NTXM4GlWYVQ!de>Tw=6xiEiZ*^OZ|1RW4CbZUavH7WLS7sk^>kef7d6PAHdX zS1vJDxx{Sc5(||}luo*WQySDa-{wQX-b`qi+<9DauvOKn81>0}6u%UxJF84lOpSWw zn-t4*kX?5Z2m0~I4{NsMP`7TJ>Q_1H&@EDLZiTvX>(r0iqB>TWdT{&IeLJeYTeCWD zqtt8b(i|&K(RGPBYpc{#+n{dRHucf=sDpM;y|d%$nzgE5HijJDsXAA#>RiRDbBU@W znog6tWjlNsSwG&6VXayMb)jP}Wl{ImEQ!_?ty-5Gt;?%umf(J^P~U5vasVyL#dfLM z+^^Mjqnf)}sd0(YN;;P^vw2!QSE86r^v+t{Pw8j|eb~Za=QBR0nR<7}bS@ zJIhtQvzYl`f$LQC&U)25TUGDuRtL!dt|H;FCY5V&u)asDgT$>4l6-ZLNVn%Ia*H~3 z8?~r*)TNH2esz$Js&~|^97L4*MP1574kWvX|UqQ2n3d>io3& z+)0vY3fG&f`dzVlNGesqt5*+6t9nSf)k89%9+ENjkXY1160IH*w|YqO)k9LM9+GPH zkTj}?q+LBEo7F=yq#lw9^^n-rLlUbVl5F*m6sm`$TsLF=X4@swbNczYF#D_WV z^F2Ap2x7E)&ZBj61?qz;(^|P2t&(d}o~=VG<9a~>1F9s9sght(B_SH6*o8WkqZM04 zn!8qLl~$d)q*{~-?$Y|Kesz70s$H8JckNRoM97Tg~P!{GS_`ma%+N0Vj% z9a>S_tIo&onhCU_Q1`%7^((VJ8juA@4j>tT;QumIX~F)2{5z=1?4=rWm@3Rk*ek2D z3^6`7^IwbjyR2BHFmvW^;v7HZnNsAczJbK%)1)zRVb zsZ>7<*Di{98QP|3T1_aN9VlD9RK-d)>?H0|aRkRv^_oMqYY|mT6;#aBp_WTEtLR<* zD4tTC8t3y;PP6BMc)RVJ{CPDv8$I0|z@PuHI9nL>I<(UkyzyPsf%fBz7w-JO4O9fFzcczx1s+Dt1hmBaWrMK zk5Lz1X_@wVwtS2q)GOdM( z#&sv|mPsZSGSL0E;lZ>>)AYX6gI7VUEv$GTnM>ulGcRf|%I8may3Jk0EJ>XVvb z$oo*cCq0q4M{-cNtLRTr4-+mtxRo9g;zJWhkvK`p@Dxe!2X3%k>%O`dGE!NQ}<(QgG4t?faMe-MaqOFEbo^ z?JQgE`Df8cXjd&;;$h5;esc9&^lXcwGD7&LEi08uw&)gClPcPB$t*o;TC|Hmr#jW! z8NZ_PQe8(MmRKAsIlii-T3;Wo~p&Gu;eD ze~r;DV;+1JqP`Rnb;MUurM`-WZLT)+sK25})z^w`tTq$%CFWmTzsoslXMN|Ubc=p0 zBj2ODqtq!EPt}w*69qb`S@y12(`%KRjwrlg_cCLI8)KF(hq4|IOm#C8XK5@7s?^Ta z`8bxAt+c}{CVC4~& zMWGaTa7#v%j$@;5nf8zuWn1!M@vw}$hJV0H=P2fJoN81#-&*H9jX?6~dbD|}cabZg z`mYHrB3YSu__tg;%5gIZjuZqb*ilyv`YS9m@|kDiVv2_Sbm2qwuN>uy7^Sj(x`xvT zSjlslSJhg9+^qPq6QnbN=Pc4!(I&NQm5L(kStEM2`;DyRv8>^_)UXxdb}UDcY=oWc zgr5}e>JJy&CA$&!;oDaB@qeP~T+{+l49z$O9O@V_#+K>tv1Y5AD^Jl*6pV;uU2%9N zyQV7Ezxmv_8Ffor$FHO5GWnJpef-__n)7OWto8q(bMDNlb2n>X?zi;L?fW4+=h~NR z-;gq24^$(1xe)_DkoN<3UJ`|Te5&`7U`o4sWug>Y#%@EMwTxJAb!!diyoIsbhC|oD ze_Kzk6Rnk$;=}h}ahGaqyehE^?x|E!Y%iX8adt}fY9V`d;{(g{b>Jx1{>$w+zq;{z6oUaO=(Q#h zvkB&?9qy=yxHN#DV-#n!K?gNqj|A7|gKSHvPp$yj_H0p=EJ#57@!u`CRgBM=m1K%=2H=!%QlPC3~vGA=ZL7q)$h?1E0B!Y=69!F)Q&_lpv`U zkb0ABTwX1>G5X2M4f63=Mr|P(Q6J8VVLZPRM9E?t6ylt$MLTVRiEYO}?e7$0C;oY; z!#TQ#zm8=ipmu0-p#>sjGCL6V!DL)x2X%P8US zWt~N2Rqyfnq$EO9gNRD9iJAQ#%^M(pHq@^EKcHBd_~1tyV9zTVL7*5RI>MK z7jQH2SGph7lg+o#O+>0f$KaF9RHoEutSuvwHWEqYj80Ow=^~2e;?wbVai~Y9AH$1d zrZaK{=T^?FIO{Cb6M3`?Z3Qm6X4t+7vVAL@UNo-RB45QwnXiA@)-h+y58BIeLivGw zWeufoQ5)!PLatZwa>MBx>k;Q}7-8Y<&OB z=ZD}19O^p#zU+We&iP_FF;Dfw7tTu1Z1jv?kR{svu{yzMUSSNPEn2p5?Wxed{WV$@ z(CF*a-x1KGzh65@4f*N=CZ>AxJ9J)2m7#l!DsOMrCTyB8IFj26i&Lv}u0fTLHtmGj z4b$f5ABBDNGLIInx3~;r;oaQYbvvK6qZrg)&I(e^8d9&F*ITs{cQ;i8eXwyu+P`uF z&gYvIO#e*%(s!+1iqrU-ql|LpHg${a)jk(P$~%v0tz;lF_u{l{bsOh>r(Xl;*~)JL z$eL-T&PmvsK&)4;t7tWmNIb}b{A4BVRQ%UNMN;oS>1i+oyFEcnv*SVZ@;~B2lGr9rq+(w!LZz=7p&lnZRq(e6?+A3YB`de+CfTw@KjJ=hF%MFiG$OyE{vZ3#6mHtVwkRan zW?!=07H(QN$1s9iMzC$~MOjPJ!qUTnA`K&Wv9b4}V4Lg`&=#=6?_fu8vj%_joEVPI z3=89-x!x!GpJrKP3buuXd7l z!wOUUqJx(dh8-4mC~vW&?8@`}cdX%Qk#b;ch!M3wHg*cr7dDKYUA|Y`CE!UR@+xtc zUt}_Vx-K%D<$c$H&vA;){|%GFmMtY!0{S7wZm7MH$6wfrbnFBJCnBc^T~JF^3w%exe)KG%?W(p zx!zf3nST4wfG;k?W1fFhgiT*dYv5S+p56K0>0|Rf61IkOF4t;7;Q6oz3@jah%wv6*E8rvR7a@qw9PA;o z3Yn+Qjz-jwsZgjvY>u2t8PP04-VKXC@`ZAb2E};+15}?RgI*&job?sNvY^Oo*6~jB zr{{ug`lIVu*L6l0MZ5QOga;1Tg;V2$xv^+!eCUejm^zR_79oRb@zl}Wvt;UMUBx1& zSFxqui?YmrQI^X`@}BvqMc%cJcMDj6zGd-|h{|%~A4PKXs=#TydX~$<0yH&L_3ZE9 zU6yv-@>n9nWhO?YEJOiuKX&TcX$;?qlWgo980UA{k$d92vus!Inc8x^esi$Q9N#)* zW=;n4)H&x%hD=||=^!Z+UarNg-oLi0N13U6>wTTof2|y|G~4 z^wkQRy4pH6tP*n=cXC>6Q=@`cTi`t-_L;FI+&dx``bWf~=@H?W<$`$E?ueOJWbw>1 zwPcp($q9{|74OI+O9P%E^KMx{v|8>1I8*CH)C$E3(?Dg#%mK08KfL7IdL88S&7Ho= zmJ|)zGgsokv%BS0kbyAYd&XJmWV~&G^W=Lkn0X$#G=T%%7Y_c(0kxGc;{9mz0ta>2 zRzIh8=I3O23jCZtZ2e#IIj6_OT<@5ehH6Z*&>82Iq-0yq=|2@T{{5ec^kbHEZfZ0U z3PYx52Rn17VwA2(gh>J9fniONkr%>EBO^}eG&0iYHs2fFY~E-Yh=}}akT*ho3mTfa zWGxC@vK+FeMN9z#1)qy$z)N6S;$5mD{cvDuK%km=1-}P$2|RnjzU3kCB!Z1#PfJuCqCgvPI_F9F@9#v~C|^i(G4q;?BeT8{EIn7L{X*=J*5j7+znNKKWN2 zZrBAA@*bB49cHuU+AKzsK7v(=$6njw{ny)~{2$?DTl896%vxLQ9=52wfbBy9whQH5 z<(R#FpTKwgIdXs0QMTw@TU1c4?i{W=`TF0GXo2$y^UTgELwPo*Va|IpY-&t$RVgCS|J4YX5Ebd`*t+l!L zuzA=x(B@t*8`*5{rFRN(EAN@z6=C0lZQnT!+D}gy~<+tcxZ(abnz1Q*)uTv%o`e+~Jba=i122z%L#EBZV?%zxAIaEhBO9aPw@0oqB$hc~o!(+dRu^Sze~A$>N$PfKlA)~=YoF5ry}ffUHqT9oc+tZufg2%zJ4_Oa;))mg#F2>$7X)! z*~Y1im7cj=Z=ScD?Z9!yIA?xseO;1sY7m^pc&^Ol|Nrm*?iqM66lPVwo|%~|WAjAc zmpxl)3gm|E37@UfhJ_@n_DXvSki>iW`XuK`(^_ z<7=?b`GY)Ynmfcz75{_cLxRWJR@j4Ou!r!rrYMWtSWS_kA99zx86;xpm;UW#=1_yj z_5S4+!~8H01o!Y~T#j^@pXFvA#61>Iwt{vK2_EI;!{qr#bEi4D#+tybVO_^xlXU}s zgN!*la5L9D-)7@>cg}%%7rS{8+qUib6DxP@Y+n$~ZIpR?yZtQgZ05f?nsf3p=cJWs zZeD3O+r_q_JFDy#`=9(ftL@hCZ%vw&9&ACd#Z z?Pd-Px7)8~&m`}*kOS}L#dK$p1PnOI4tsZ=!w9~WE%~k?SIvz$qzN#5BKkE2({Rc^6wlNYPBEh z-#IAMZr|wNDF}7gf8^geI5g6J3Oj4$N*xj!Wsl+=^?eQvt+TK4?-YjC+hhGZhlMuS zck}NY9@=Pk`FDy!o9u4?&XJ+bc8`DOsL&RBwtwg7&{lhnf2TOK&7SMuIVQB-p6A~= zHnhW@@83Btw9{VT-zf?0vLEi>IX<-8evE%-V`z{4c>m4`p_}a|vC}7Ct~9jQuqCn; z%01?NLKl3-*Dg0_huSOsCu1$Aw#L7+j#GQJe`h_X_Im$L4yX2Z|IQwq+WY)Fdva>K z{5yMbYM*82etGv?PVM{tNA?aaGa?@2ZoT^XM)0$25A$fqm2+O>#$wV(m&({+ikoF7 z2Y<*h+5DfAJST;l5VQFUZkBz`ADcY3H~%@(OlEH^lfkLMZGY}HZD&UJFqRj}5i%r$ zC8Qk5-rOCcBsNNRY$~Ybn4nCVDl1BO%yRA=d0EqT)!vVSZ4Kmt$6Jmb)t~^0`dgy*9nGy#x>614i^)?3kB^ zZqL(9EB%?fso+J{_f>pi<4xI!W8(waC}iU^HdYHJi7~M_?65!2lz%~$%U5mY_6YV@ z{eq1XWTS?S)8&XAui)=>oD)EY5mXbl#&pQ_+!JfuE{_^JHSv%4h{TFai)V#;N9X(hdiS<`A2Z5v8$hYFctiice{)KLD$|F&*$6i zN?sTmlYNiu-okFQ?#jI1?E!Xo(%oDh-TgRD#4YlIPCs8^DtJ^LzC~Z_8UJhDqOY|V zub{7Wi@sJJyZTzU$ZN$nv-_Gn_f~ms!XIVx=@XzCc983sE8p$`%c^IXpK=xT^c2gT zT(Vub{(5>s+0fG?OVsq~S;?#D`ToWw)7P$)mw7B`)qy-ohe|@=o7DT>iH@S=r zeG>^K({J+NLc`A6d&k8=f!AR75BV;C<}~eo5Z~-;**Kkz?B1udi_|8%E+syvrp2gVyU6Gr9C~t(Q~m($l+MPOnQ(?Rq)2Ny+JQGS8A3 z<=@#~c9Qpy`w!5~{bVy=CO9ELZcv+zkPCE8g5xyI*O`LlK&&f9$PFn4+-&53P|AIB zutOel$TZb0Bc+1Js^#&dSs!=%`6E-oZ{?_7d6C^DO8rT91^pPt^ZYj(@9?T-(@LH-R>!DrkZ9NNy)f*)Y>1lh2L1b6;^h21P6Etv5d9Qq)4hs>AF zur4-@ITiewdo6!VX2Vj=?QeN<&>Bdb4pcAKz@+jk~PI_53}a&(+GUuv`N? zC&*8CnF`Vw=q5+-JMt)xm==cwR|5LXru<_$*a$h8JLeSh=Ut94g@qi?=G@?q*g2mq zQ-U?P>+Kcx22=cY&Q-TqzU2N8v*l}U=9=fo5yH*{9UkiE(@X^dV&|R82YN>~Bv^mM zhS_w;1H50@vur;pZ){!06NB$E$!p9n=8s`pDIYc3v>;J#S6#wg3sPlswQL$eeoD?% zu%FzUWS4h(o7Y;;ttoBpJXr_zO^1AMD(|`oqD zaJ{$aK;|>z3sZ*i7aSLKGCP`UtPTm@EbqRKd#~V5Q>3|)8$NM8H;2oyJCR|G zt+0n2&5rp-?ww-_YW6?4b4ak62ZQe7j#@c7E+n{&bR*!$@Pf-pd=qmP3;(dZn2nmjsPodxU4(`>B(vaYC`LJ#NJAN4wTp@Qn zz#X^C^X>@=?&VyYU*HZ>xR?C*-y0I#$NfPc`0w~tNN_)Q%n!DbrN}e0LV^o2iD?e@sTmp4^}&dc|Z79^@5$Vc6Wn znHZCUUNy<%A5gQKWyrW_o%Ok^mDDAmJRjMM;KmssRHboPi7^T#8PvNf^j6W|DA- z5b?r$yw+6_qT&f^#QWTcE}rW~#rul8=;E=ORsXK8*ZX^_x_YW0x<>bP|L;4WPfu5U z`>Cg%I=ia6dZwipol+e)r_6=mnIyQArPRPp{|fHd2&XgZ zc?Qm8dY*O<`Oocf6Hf7t)DJ)&fPF@fex6U@?z00POlAA^-3x&$(WneZKi2mhc&LRL zX219}m*MQ!cRvUv#xQXC3+Zw7!=rc%(ZnTpzofpjPQm5k`g!^el%Dv0seLn~r(3_Y zzPZwq&~HHBW$@feu_gBN_HB}$q<%yCUMj`9_Z!C2DNX%ufM7i9{|rosk4wG}zLO#3 zJg-L;PI1njui?b2;hm7+ik3?L_bopx{$9X=(#U4g7-C{i7!<|gi z;X&{_`~#94`6=;m@-m#yQhG}F0#`~O=`O$%g-HmLJRM&%DB#oq@s49sCQ5;9mNG@U zr?{Ahw0S}lq8?wXDa2evH8Z6|O3hM2%yy*&C7*++{sJ5MV^R;L+(T(gri!rzLe49A z1-Ou$7Y+O!PLA;o$DkX8gQN!SQrwupkO1+)cawXPgR~FcL+;6rugU!sxhD$#0=bWJ zl*8)5`(oTX_)YSJ95jdU4t|?FH4aK8K8L+W-UE&yKhXI@%J?A;>Iy#M0z=!a2Y-&D z7l^tY!;U~lGg!FEvSCH=e<}POXohl%LVj|* z00&KBhQA7tICnhb^B9cbs8uK72_SbIAsyLpuo3dfprhzril}g8I>LR=onIo@s4?(5 zvBSY}F+)FcI6JHxUAxCIn%jL3jn;<@BXl3#N<`8h;7Q*>^nPmN-XS-T`{nl_f!?AC zr*i>}O(}g&!g+wPCZ+EPIH=Ds)~2w&S<n;hU7#fDjms->oMl<@W;W) zcHnTatC4V*19MB<6wbl-H5lP+#aTY~bV`S#=oR1(a5%c(u^M3wlngypadbaL_~Lt! zug5vUhkv7hujf|yn5z+A-yo>-H1nT0nJ)L)Ac>H`eKyW@89Za)ah`AX$0^R`qRUf> zT*0XHF{8mS)aA$nN@BO++lOJ!6FAeO*B6m+r?a;;7(L!JPN#u$HdKfu?^$p$_ac0y zLdY@5SPEy{3Vg+T05FOggi}5IG%DLdfoVKqcnaQPH|3WEl$m#&NED7 zD?&Io0GO1lGfiU$sYrk){#>Fi=cPCep^Imk#xA-@hB~hUolNw4(`X?&1s;(G5;nkD`^*Y4Wd_ zR_D72^cV%Y5z|%*^dvkG2HfQz2D0jPSQaT(17J_VpOI!`x^n*iLr4);aXPfe9u6&yv~0i07w zt~X6*>$sO{O79YQ*K#k_ncfZXZj5=)hWE5sSn5D76kdd7sd8_Fqo_a8xjce9AjBh> z%Om(BygY)rdnkg};N=kr@899&5s0v~w#g%y%d2cEsw&?M;V2qS5iFr4qTanBbS3xl z#-8eh5V}IF`DPJ4fvo6*4vWj2Ao3#zGF~o|Lo%V>heOGB?j&)RRty1@0+h@nT1|B{ zUG9@`6kYGa(8b|j11Z+uO%i82`ZmKif`>Vg$Rz_vir{cS=Vb;0+(-dZ<$elBQ8@`- z$@6InEVzz)sb2S92=7hYOEr985Z+zn-8vp=9=J}Ldo_ja9_!)EEcdYxcod@U9)qsO z#oOUzpW|>bnvuI4PXQ#ctTe{PV;V6RXSqkic?LX_;CH5CMv2-ZI@0+dW)XdD!k3%H zT>>#I#4Lx;I1yjnLipMV=*UdiffH^jiI?Nd7jcFnws^{Q-jQ~{0IoRvuP{2x9x`4> z(cJ*fM2e{Ac}UvB+)GjRY=-wS?xn~*cftD%dAlDV@00MhleY(jb+hDu;Pf1TLGiG6 zaJblV+%H^?{h&!~emc}4*+HD;_7Z0^Jd|t)lD)5!WCw8#$-WI@YO>>Y1GpXWt8m$< z#aB1Vj0Cdtaa?f@kGmJAI9H;K$WinRfP<$q=?$3vBKJ}{lRky_HSVR@x*I5}cgfrR zHS+d__e=6x>Flu_bUy%l9S3#=VqWTU{0kt7m0=LS2y?sjILjR{&b#4}Nqn`FB$5qC z;vR^pN$gez9=8|N?MP^V`&BrRuxD^W!lZgf(K`TE!bZc^_qmrRY%07T+1~Dp;QgGu zNq>gA?iKJR^rv)+0_^cB=vTOIP|WN*94c9MxU zyp?--0@!QloL%gBo-fyeC$Ypq=oc{y9Ds8h@?|o*P3Ka0sA8D?OydjOg83@p4}%eQ zr)vTDhj2Pi@S6K@PIE5tx`POC11>n1dYO9-=%pwC=Q6L$eWCO$_r|-o!E+;BInJBp z-Yq@Hdp+(}crTlahw-lk5im8j&i}Z9QYOZos~}W8Jy#t;5db13t}I}AEl?l>0)stZ=8>> zAAlX_$NwECjNF?+&Ov<6!H)P-amG_zdfv8^&}CSnr4UcUV@z_=-M0;1bEIh`{dJ%x z?j?8&pq#nWHH-53S`=bmnM^ zFnJohe`cB1-ml0zgS@O)8M(_G zDI4e8ki`1u(F8nup^zO$UaF3s&)`iY@5wv? zgK%5uMcxghuJ>MibwJ)cGp^5ETzU@vzVQgxXC-{E^BB317tFjOuFsiLh$a_(cGyB` z_wMQK$%dxnJz(7Uvw8YHg10|K$h}y&Df|JMlRjT=~hxxwrY)tc*A4$)q zv|i?C($kcdYW`DtPEG4$ek(nj)6z^67IQ;SOY3JQ!86x^^qihHz#Jj3oRK!n%#fZl z(?*z+;W>fC&Pp3)9t%&1JX_MTnL8J*o1x!vUfh*9q4Ou@-In0X#S(f!Ha;$f5-_>N zm4(1)=y9`g#>8|B&^IH1ZcKMlpZPa(UzKiLK}ueN=PT#s>E?O}KMmsieL6F@!b5wF zoL8i~%qhdr(K+F{GChsCsW*sD3;GFu#(X@#$W(+i)wM3F*VkzVLAKC#H`w$4Sqm^wDO4 z^h{1a(kzjlqtY|Xi1Zwt?laGpo@3Ip% zWA1~8Tac4J!+cwMrlrp`{~^Vur_VNB$W5*~H$C6%BRwC4PK z>6w+j!dwndybBpWJG~gg3%DZ4700=8L7d_p@u?uZ_IjAp3-?8kcMeN;olN1Jhozg9 zQri#|W25v8O?NSO0pz=ngtn-`%eEN)BjI8^Y z*WnrEWc|!sI5JFJ!ScH~8y=bqIua+Jxzni<^;iZ7(cXO}wVELU_a2_iyzsFPZcrL|@_U0Z%cV=TQ ztd65sUEB`$(Qx-B{D-)~IGL^_XBg;IxSjC>jRs2KsrU*Jh#Tng)PL!8i1LJuPayfHgl9?y3xG}`*A@`9xiWazW zAI9ANIGjEB`5G34BblCdC7+Bh)rnZu^-v~&gK10s_8_+YQzC_LeMG#k8p1l?pS>vg_moZNt*iZgZEp~Hah?_`W}GybMnrju&LaTJTfGW z(taOqYM9qDS3x(=nUJL9d#-?kvcR(o4xSCHS39W~Ln^Gqj3FHvJM0}rBPkK36eQhwQPShw*GNg4iCZ^U9ptLH(dD+$q+kpg zy|SAp5t7{KL2z)R$HKvl?nfo&N6fCOg#ODxd5KlQ!AtByICzO&2L~@P);nr#@OKo= zAY;N*5+Vr^UP|1MI@=HuKY|Qt?B=-#TF4Moc=&V_>;zYPvU1@0?6_a;R`)_Iu?=n$=vk4km9C)2Zu1-I0>c> zpuW;whOfOa#c_q33jcXH&EeL{#d!$ea>R|M!DtxYl~|rV8)x~(hx2iGC`wwnIABlQ z7lN3}=<784x&mL!{USs$dpQAaqZD89)%f}d(2?0~KTcS6OLzt6&A<+fYZBwOkm&jN zO1cZ<wEli&b+y({VA0?Zo#K=y@1t`TC1fIvhn`0n@_q|39Bwai_)_AL_ir z;rOOUcRInt2xK-y>N2Zp%Sx&;tEw8S$5e-ED%WI&@N2$f)=V5PyyLPmLp5bp4dp?W zk&#(eS5GHNx~3pA94TKNKv-;-s;vt`S0GYfQdi#)&R9wI0F+l%Wt1@tk3u!|!Md7~ zDqKMV)`V(m>V*(&gs(hUA-ts}kzjqK+)^O43J)~Yg=)rxs>7rN{Sk9Hnd!t11&=Y+ zVJ0NtNAcWGn#`SJ#w9#uCO&QUcP}#&Gt6Xnr7PY{GVV&+>^4r1R2bhTEps`|IJfa_ zq{3}%*_46jkk}~xGMCz%R8JS_nwgko4smZb6SLh_X8))7<>!+&n+~JdAfa)_8?_aj z-kOxn1HByC?>27RR6z<~XX4tmmco}KQ8UpS7ZsYt-QHt|>HrH)z z-n7khAYG1S_`!h0sF{k~NO%;P6Gi5{VfIg0V~+UTZM?Y=PoCV^_&C=bvD{2K-RyCz z+1;ICrnpy{@wb|8I6ZD-eFgHOd$wt2n%$S1o~O(a?rdZ4#+OZ}+jz(^7x`?Qv*`gV ztBw1S^kld3B+KU6^6zqd8<+a`IgV6&jF%&G&4d|EK>MNn#zr@X**&4R>2wb1?R3M=K4`tzDAuXXR4i#MG0uaMh4pI#b$h_neZZNY&I%)fypj4CnTUwo`GxG z#_<_$V`O|U(}$~Z^=5B3URXof#G!TcKAOU~$C-|&Otu?cL#CN>u{psA)psed(fvuM zft;BQ6J2cjPvwl#pR$^gdfp|9WGkH@rB&oI-DCd~HG{fxc2E)5S4AS|jd>5O)Q!%2 zYr9NPK%#G@jh@)A;6SdeHha3!6=b6y$~5Cvx{aNv?&v<=X3N~hwVO7Zhr=1~HG5=J zc_pF%dZ7T&Lpj}3XYBR}kJgIT)UOK% zBXnJ~B($oMx=Of_K5A98sndAgpt5|^G@izt#q7TvrHR7m>0XXb{@sn++{UA)#G~_j z*;#?&i<;>b=Adlz@C?(3qIb{ZMH=T`V)mPA#?3bS7(KJm{bieD(9-6*tAlRicc)~S zW86lEGk&gl_!x846m!@yW@4u4nqqc;%#1rGXr>sap)MrzW^G)uk*bREsiWRJ>=r=O zon>ZUG}@uKDWdLB`%R1=WTup(+WY{ip19F%h6Gx9Hm>zFrtHGqW&>LP{RXP0k%U{G z+jwxpGP+%!W$Z!?tuVgcP+^XA8|N5NxAEnM40Dv*xDe7QMz;*Jm$5e69C{3r-wjF* zY}juObQ@RUYXA4p_sm7s7z5^Jnn@=jYc@pbVzZHb5iVuZrM}sy+fRtt_8<`Aeq_To z+&YcjCm45cLN232G9KTUfxG51Ga30~RPdx8233h@Q+a4ElQNLs#-kgf zNI7mZ8D{)NaAE1lcz9z4wYDe0dLr*qw;|)_HJBNckJ(gC@$SLN=b3}yOTsx3p$zwUV-KrGE_XvO8fRR-X_-09 zNZ5rAm4aPpCKxHW;0(f)FE;KsjRfP^ZD!I`1l)!}L;PXna6jiX(RR;8b#t-0|6qe+ z7)1s#`djz!S_jp0+NWmpbil+E-j&c@#l_z3)SS*+>aQLz|9DgHwBv0+&rR(%P*z(V zE~!T%wYH7kSh;VYHQV<~T(MiZJszfwJv1IR65^+r{g$I(cA6EfhOBAwKe zCxW6G#JMX`%}fAeyUF4gh|p=jG;~73a#XQh6d!LDbldHNfwTj+g@j`e!8qL9NjVKv z-!mER))+A{qyJ~z;ay`6f?Y$&4)aH4PBhsaka@=JHU;l@q&l5; zl??rd>HzXQRLiqIR4ayERDywuFs3K<6{7g8xe1;t8i`aEotU$_Q*&^46Z*SYHyO7f zV%vbaq1_&+Y4{E{$H#N$92nwatNw486DcdHp&aSV8rm;{?TkEg5~-|&HS|c|#nyLf zO&9aT&PydLU`b;MW}6YErVcyty^=bc`cop zH=1{L7yO6J>uf|R$0Eqb*jNM}F=VlZAMj)3S--NbT($-i)sLRC8>1a&zl8bdaO%;% zaR+}8&J3e~&o#$yGx1W8G1W}DjYbIQsSFG>XY8Wc>{RTxz7#>Tcu)f!N%z~$UU*Fk zp?70M(c5jbvAJeC-PAIS7Lb0p>4EezA{bVnckAu;xp4t9kj#J-IvkQqa~m%(x}9g3 z1E9A55;Jj?Xc+xVOYzXpva z`kZbiR^s-|N58$@A#}Of=+6uf77`G&8#>v3x8fd~f~A5FH!c%u=`Q;tYH{P|YV$i$ zYq-zCggAK@?=P{Y&=(1yF1@ci-|RlcOuX5|gS0{0&BX0)`MK@*fv7FG>p@ zlb$qt;5So_F$ZL!PS7$C+=!tr5Hivjow6xqv&`bZJ6+t`Ilidf#H zhlcUFNR#mp0`;e;v}7F`!D9?D{9eQ`0Zx&$Z8B*U|2}Ddr%2DFIB(nJ?Icc_l}OF= zNWuurt8rI;ivn!@nMS@xMt+H*KeFLM2i*UF`!G1?!o|zrBF6)krN?F=bLOHDeSAU6 zNp1LpjkE+{T!m#Aww@yXexn1HZaye?q@~O_zJla$B>59b{xih)b8_q_Asi-7#W0hpCdyLuJXu>c(8-wsCHeyKaHXeYNJxVdZjTIz2=9NlCso)g_ zBYB=!V~3-{Jbtwq-++{77vqXuEnKbmWd?~7h!UA8%V zDhE@kKBHrz-Xa6j159I@VH#|G-!Yeu;(y2chQ|L;OFwkTbjVG(@u2Y&txeIB2O2+F zx8Nwh1@i|uEUQz?WUr-8smD}>BC`LQ#Z&du>k7GxiZGTN>$AE%n86<>V2KPPPkcMZ zaWkOlzw${%tn|pm$?8+L;@oPv%W>1C2X4fH_(zdVQ)JT=*|bh%2Pm=w6xjh%_EVaq{G3MNDXkxt7O3)IGoJ4oz73-a4`R$aC%2L z@y$QiQ4z^eT@jeD2ZXShvL3&h)mpg-R0xFtz!Yh<7m3ka(snl{RvinMrO z{Zej0JuM#C9|Yj}E5Xrl(DPeVB|064!;MD+$(sgjUjcV94qU=F{}5V(LqRm7+aVC0 z9>5_LJOp;KOFANpsBxpz?KY(_yG<#~?gB?3+(NEy3BLJf0={!`ATQ{CaM0Bz zpo?%&6~l>tn(%EgyP+%0Hfki~@Yo!h{rKje1^B)L2Wsh2Xbt%|;1t&w@9!%4RsYjC zy&?ojs0@dbHF{{%b(080r+->lD!3F5p}sJt-mYY%le$c+=X?)N=(M~158?j~2d~)V z;IF>N%CZ+CBZM#maFu_^wgot#@*JG*7EXG}?-k*sx6nTpPBjdr2i3m|UGerS+(w}jD6NiH>q7y|&n4%P!6KmMGz<<&h8BV`!JP?%~ zWque=D}+-TNP-DCpp#C194LPKYFvzsmykAr55d9njvNzlB(alN0~?UMseiI#$aZ?^ zfOfHVv*~v77U0mjlEna}IFJE!5-qln%si5t>8H~??zBsG9|WNVVeGn83U4hAwUw-j zF?KcF&EmRD1nvoVe;NnE*eyn3c1=;3T@w`Ml?oL$Oft&H%W$Z1D9nySVRjq}^LC=o zj^kZid|$+2H_*dSBS!MtQE#(5;D7YTnca{dj>*Yr*>hmxj%_z?5R8C$((EV{W~=KS zle5*~EeSRh2TENsC1{t`d7*?#^8cPXvXaUd!ex?nLo0~BWW)(ZQN=%W_V z6Ng&=6=uiV2Qq_kAgAag#-K~-L^m-d|4QKv<4_eg!XM?#x1G+k9*8zbr)#*=zRPTY z_Y!fHPU5N`F8oMsOsPG%Wl2g?DX&HYMQHNblsM|MicOA`d8_DN*0 zlVX{E4P@Tna{j;Iv|l)7g6S%a>6N%>`gbD^H?%aO4%`CwU0lSD`!Wkr!syatIJ)8K zYw{>Q2BA3=DRm2Emp=s~&5Friz z9L;f*(mfX5WjM%eI+x+-#v;;ensw4F&MlB_HU(RVL+NWM`>fl|FS?D$?Ein|d@Ky5 z4vMA?)r!%?x8k5RpgJ7#L+c}V;dlZ^n}j&;L2=UrR8BtSC8{k4aQqX;cR1un&Z6ZE zTJkc;)Z;h{$N7rfn!4&AL!EXTz(F~K{p?Hi;|q~ zPeXCgJ&LZ&PXum~9SVJPTaq8TC*6sI?n`uCeyFpWg+q3Kl2Z%09EWU{lK;2Qd=HVg z5gV97wKZO`m&iM6Wqo}(a&%^9WvG5-Lum$f67U_sVjFO{u67kYJi$e8`J~c`6OSq# zS2E5wZv2F@in8+3tcvnrR!POgit&?6O2(HSHGcB=3FU`dyMt+mu-L?#xw5u8n7KMs z6)LGww-@tGRkXi2({_zPpv=;SP*wRD+DyU1e6JR5V_*UQoS92lAi!k<)wSgfRlz_g z5g!9& zRtC#iLro-9SraVx@+bohHMCbOR8kdMkBb3pS+;!GAFX=%#US?Vg&Ko$D>I$zgDh`t zSuk9WEYHVkGFuQ_ThGFE!A3T_q^7(oSQopVTZ^65RkbyhUd@OZOA8jwh)K(nC3Pj$LF}Sd!p*6vsI9Apy|p!Lael#q zSpk31BBW^AqD9k|2MXsLmlr5n?#~MZSRij%Zl1qrPQik}qP$$PCASt^ve(uNOJ>yh z*o?ZdII?hz!!Z%ZBsR0EwxqtWq%p|F>uRf(lAVRfl7VhS)0^@aH`tqVYmRsjr5ME1Bp&rc4FPK&| z2k9%Ewj>Y9%bUhJL50D}SrLZsnfyDCf6qXEm4{ef1V`ywxN(%>D8W%0W_j2|ix9bx zvI-@_K_O*xJt|wUTv{4of!u-xMS07Ln39_Xi(yzE^B;;QFr^Y$z>UhwP~?3YD^%A(TI59$O;XJ)2fn8mg}=sav-=f|^mw zHwYmaRTV6-peRr@XF9V^e(TI@B((;+mXIUXkXWE7Z#s*hflzarL%a2{9dUKAJeM{l z)df-ik(|mPn-PrEhp365%H^%i6_A92bx5ujREClE6=6dns>hO&ss$6L1L)ULrWfQFyod|Od8cj%QFw&KmIGa|I&tvidYMetgOXO> z1j=gzl~uK+B~=0HfFrC1G7hf=$OUkbJUy)6LfOV%Xud1SCP=`Vd zU%T(xLXBl*RdpCxSVA_Bh!$(z<^%tUvBDv`spI+0Guhtz|7)@sO3=rZ2iJB|^Z0;+ z1xSQvq8Pt%KOdt7)>Z{dtRajT{`lw2pEe6alKjFz?zH^;>CxR#|7(ZXNEAq#NDc{qztz< z3_L<*xShxBnK1{$qN0LD%g1H0pG~Pnt*hZFriL28i+5F}h*%`5Oq^)IDMq^_Q-zn? z>T0oDw6?BH^kD~Ig+g)hpbL?PTKmG^HxoQGcwwB=T#TL11l2$?#4_*Cc>S99WA< zh&ZkP%^SR^WU;qfepP~nvXXE(K<}0Co9%CXmrytHU^C9INY0uP>cudsrdw$JO3dwo zX#KTS#hW1^E20Dz-X#D(p zWl3ZuTY#w?>dB!sX?`eD#{4VSMMCIItR9Um31LuKQboO)bjwSkhm*aeHPSAsJrvN} zMSRqbS*4gS6xHU3YJxRMM(D~-0Nuu(y0_)CaVrKj%AT`)vSU~&woNJOU^0sMWJHIrACSO zGB6Kd6eZOl4DZPfEB3~$z{+wgbf8uR@HR76W^uWkW_PuikgRDesRD?g>kZQSNT?zd zET;-9awbI8mTE0hUbkBEz#0r~_=*W>Wu=U!ld_6TtCB^}Cz&y?->UpHzpbs|wF@_2 zOtOaDu8vsz)1}uO!jG!&|+fMFIdxP4O4}Z0N!Un-2*+Suaomrp|E~^4ezjdAnIV& zBX)7qpn?%XPVo%dUb^H>13dctmR!&fciLEV5MbN>QOOE z$EAh}bhj9dSBERCB-he~nRBqTLfuGJEFUeeor9Eki zN^2ZgfU{n;{54rA)~KK;fZ_IxU}-}ozp3#lfSq;9JTMmvsTjS}I$IGI)q-LTE*B$t znz>ptIhsk7;X!6T7ClNeE54_)pS({ldo z5;MKp8X+g1+;wWwYz)a*Aw9z4)7QYFqI^6?no~3fE06&>7oCweeeo>j|A}jq0>vh( zL;L|6p4>L@NAcof!5Tbjt}I%K%qf>oq$p@%u(~9S2OoIGhoPU4RUX)O7BTA-9&9>W z9b6ZnRXH*FfsgSuIy@goYmXHwUC_OJb&xOfh(eF8kSKDPtp#KZ5sE8}c@{msvmU8o z9F8adv1l;;wB-?>ez6V{JUm#J`lLOy9&E3i$_INifh3#hAv<>iu(&%wo-|BQmdgI22)Qiv@j*!O@o{A1k`jc#Y7uK3R(0Z~~z;_(s zMr$nriyCbRZRilAhwoRtZ3O!AYf=CQE@Z=rlt#P@#Dz@(rqR7oA{OxiqGw6XyM zF3h;sV7Ve#huVb){>l|A);aV21-K2($ScGM!;c4{R=FO^txP@iLICwWRF1AK)@bG3 zJRCz|^r%)B7G6*!UFeuBCzc3m%KdqA09n^q!ot!Mk`B9nqU7o!rmwS}t?;2uU{E8_CWYV4vIk?ET9)&?;Lg^WKhW`1B!WI=6>TyCFJW9?Pq0``E09;(n99Iaww zUk&Zk!d``HG_o)^E-Z&n!3DK)F(6!obwbQ%kzmUeVnRiPFEK4zGR^X1wcxki8l)_d zC~xWiiV=fYpOm`zz$fsN>qkF(ie~H7SDI+?j!!>+%atV>Aga$WroJ|E)+JVD5JJdW~fO}ul#UmeAF5C?r?lB&tj zn?jNZnfE~GmAF`3-zr4N&>O+@DqKv4-WZTX$c)3utI5n&h>$r>oOs&AYYRb(Q2GUl zSR}zFn=C?ah6)+^?nDop{N9r3W)pfJh(3upM5sF~;((okJPgvImHRUw&ii`fr5TZ0 zyq5t&`AngNg3oc%YYV-L(SCCrzb<4_K)%GE!p8KB2Fbadh}1I?BwmYa8b}j@#AN6v z8tCUQVm4QSwBMxaISa&dnM2`L3P*BF^LS=g< ze%jM6MG{CmD5kIzP-emSo*H5W65*#WoqX$j3i1BJFAKQYxU3zkV!2$y#>? z?C~Y5<$f`U|7vL=g}NEU+gp{n2c+p5DI@Lif&TnlCCz_A2oXx!^DapEA*q>Uz9Pak zOPK@{ujAw2M`O7<6r@FynE;ZrSIS5WJGjixEy0XBaeEjBE2y3#yYX27%|Z{^6DSI1 z5sk@!jN=4xiBKRuPSCB{gqQg+)G>?Hm0|xa^q_Nz#YO*#;lZ2PBBg<%avmxlUAELy z&Nb)Tp&-NU$wwz{%W!+>Z!c{!p6to@N+R>em)_M9Tnh_DC@-{2J;hzpBlFpRn6!ti zI~$sX9@0#oD~U{0Thomo9r*tvt2N2{`|z%$LdNbHqQ?FpG}EsF=$buU(o8nvUlo`L zB~$SxNb&F<2WigfvgXgBM}(4^9q2-uM@h{TdoPeM*DPg*fD|7gWn_7^b~*M5&?7=g z%`alG8FA>JHJMb9-I~l$5c=)Mn4a+K6?g8o0^gID_>}XZbUqE~s`3J}XjdY7g z9&#efbbw7{x+a0_8>4ET0TMn^C5u6>IzlCtAgeUe1me@kB_Qn@*#Y9wG~Z33H1Z^f zUn8%B{9V)Y5lDZ{=I=m0)I#;?hC7Hx=&#I+wNOWcL^U!Gq*)^;g0yNR3{tI;Q$bh; z<&Vtgt8F6l`B9K_xQrw(gY3}AMxUaR)ZX`kyAk0 zIFY##wTaA)ogklSp&kYqo~_!`1`<75C4U7eo~n|6g7~MXB)&UBX(Sz_O(REwcr-mz zL7Ft;2dU6Pm4eL1YyPnui-6pxg}MM_zebutzSGE^Aeow;KY}!KB6I9jn^2Br ze}ZnX5Gt1v!1T8v9isY?exH z0qK`73DPy0(#7T~CRZkj7@qCpW4sw)6jsfYgQ$exM2XSjM0gwj@R6SK7-502Y{*?Y4E!5>8O&Ym{ zNP!yaS&$Y@&s!kv8uVr$eR{Kgknol~EAZU0o}<4kV{gmAM0?ZJ|p30OHd0v{5L(D)Tl- zhekR;Ue<^+8JacH6XZ=h6_l=lAaPpk86d6r?VVUEazKhTQV7zlkrEKUMruLIG_o0F zpGGbL$lGY`#`)J*$cunvJYg1M&1M2r;#r~JUmxrOX=QA64_FY1o3Gyxi*n9 zr65;mr4s=uwTYaA|gjSxlfA9kDeTk5xBB9oqsuu}~0XzXxeuPI_cLya}XD zBM*a|bDWHeLOl!O)yV509xVFC^n42PFHU5-z6S|wBq;^0a)lad2uS;hDwzUuJC~7q zmV-R5kyRi$C#V)~0O`nB$uk?{x^_|G(BH}v}q*15Be63^aC+%J+ggyW5jyu@l)+fu8MevFy=&pMT;8+ z%|Z|5bD%H_S3pKcnLy!KLF`b0WfmE2%Pg}(Wk^CnCPH&drOeg9JZ#Ndl*_yjjm4f1 znc@a1Bh%$yBXjKM^cyl=VNG)>Gz&dm9v^;)m+Ud|CxlFrEfhPCiwM1PRTf^yp4C?M zuO>ZfrG=EP-5{;as-7oE^9_lL=9fX*G?|Y{5B`5T7W+4(=Sr2t_eF2BPL1m@kPcgh zETo5i_tm?B(q6cDDBBP^_SRlw`R`;&@A-GxPDKubIn9# zT>i~niHmB>jnE@PNzIRev^=fm{63H{*DPf^K%zFmi)D56hU7l2r6i}LytE!*C`gAL ziejHaGSlU1Dv|jh-WSx^X$?E)G?lCeiE5!P0BO-=ZUJe3MTV03)5c|}H||Pb_mox^ z4??rhBXi?Pket(HT$GBJNd~_v8LQ#%f_TnQWj+UKvWc|NcP7bn)xvhoLU%umD!CqM zVH!x2Th>gn@NkeEP39Poj(AljpF(LeCxWzZQBx5nvRw_e86@XiAtUa3=Ye!+GTTAg z&R6y92Ju{|lBYp@77=>h1!;|{GGBu=_{-b++61*Bag1t7jlRhcpn zzePmsjUY_RpYuREn()`Gb}zb>WNK7$6G#poGRI`@CbC8)tswr()Y$idcp|FIJ0L9^ zRMG*`riDrz0DCkt0;J`4s^()r!k4SW57MTQO46f|jTGwlYN!i9=qHFpx@7Hbx|&E= zYws6Y?cD~=LXWJyyFpsGW=WnPd)|?;BSQ89k?U6qD2bF6>!h?g++-87XDC87Yh(;aQ=Dqyu^?XjX<)2wECdPv zMW##Us%Hn0uI8$L9Ai!%itJed%|egN!)lN=muk-@kPiBX8M{75NruNxp#swv@ZT_t z+BKXA?P&Mn*WY8IuAxwMD!C2B|1Xt12-5nMN}dF1|EEe`0*T%tbAwXxK1lKL>iyz# zkQPnGH3)(S)Kv5UY1ygj84QxMOC>%K{}NU66p-Q~mCU73x2d64fHZ64%+(<6n#=|e z@9i>FpkVskKzT#h7m}J~DTlet&n;!jjVLsWP_j&K1ZlG4BAG`(qBfCnHFr6#m!L<4 zl5u?q;%kxVqPP+UBMNl?BqVM-6o>NXsf&#~40KLHzh3>{vTp2@-xw zhLYvQ?)xR>wN)#xwa_f|$nrW5q~k%6QUe$9i@_j19+#I1auZ1N@u`Z1_k*-fR7o31 zlSbYHX_=zR{EPHxq|aeUsTRry(xJ8PY>?)~YL3kYX@5wyc`=CBBGk9yi9ASDlQ|ir zH8w}9;J+}!F4o4zXOWDi=W39qUTW#=1leWhD*dt^{Tf1ht7^|ZkfFaHkM;9UgLt$$ z{~Ab+6-wCr8A!24;)dWy>}@@=CV2M#lA7R~pxV<5nuQ)&6MP^pm`#T$_bDJ=9+#9k z9>ix8nqSnERfk`<^NsAww`bb^mM3t_)AXuD(Gd9X$|#KYTXSW#Z@Y~ z4}@8BB4P6jAVpeA+d=%rYW?{Hr0oe&UQQ^$s?t!T>q(Ui0P$#=M}xFisIean!d9zf z9!SemQV(*2-sAk$`tl4a`SajCsA9_3qQA@}a4+N;E}H{LQyEz^^sS?H1F zbvDQjO{N(n$4Zw-`|Tjb8hHeyNh5y(X}Lgc1#f~xHJOh=eCMh%-;y3}9F;f>tJ0c1 zUXTurOaMuptfng;BxTUU6Yv#LVxfS>-iUec=Ob{S_ZO9%Z(b4oDbA| zUJv4XP1O?x@w~2*>p`M6k+rU!lb>7bC|B=;9uZ2`u_r*-8){rHlg#<5g&%?VHJNWf za^94o_~?r|4(-mEFamjK%TVk?iA+#6j{|Aa=CJcXd|J*|fP^Q?P%`bsT&62&Ukg1V zluY}1Ana|K3bJq;h+iWuAgvmCie%oAp`<-x-t=?rk)iziNzcy?W$paT)>_kBWDnOP z)Ab<;dsmJ?C|ztM+No0=+a!auy(d#aB11uZS_w`DiDE-UtcK45X?{Z`CxCd~kwm7; zd*GL(t58cKfNc2BvU2#;Ncx*sIg8&jxfK*E~LJ0QiMirg?r zgnbRtjx9E^wD%tce2GdXg5-Rl=HUX6=%uPmh)6^wjYJw%avDhMP3q44OF{e}s+w;i z@{wxcoggh*+8+lATQcJA@D>RBSk==3k~2l^qkaHs(_~T(N6!CU4Rs_)lSXntq8cdz z@qMC(ssZt9ScJ##_I`>COh1Mxqt##K$EMwQtB()6mTISO**Ybv=Gr2ZjQ&pjYX*y1NFw`$CZ0cPU$+cmE*!BZ>1l_Ik*c&l;ag}HdSvTPITEFFyV{yY zgXp1-0cpKnl_>;qO%Wx7*sUGft-r{^)3G;$@<;R=L5fSO3F|?^Kd3XQ^FW$A)V6#D zh~FYu5h{t)jK%LPw0*70?1YTxaCKelA&{1!I)Z&3r2Ts}uJ=H4D&*Z0X0p#g*lFr} zH|7}Fe5~3hq=Pi$0dlPO^MOQ{sxnhZ<|b8h0Z6e%DnR^N+D`^)`awD2GSht|vi z-R-(+-G$Fvtj7L6Gz&dmUK{X+2#78dpMl)qaY>oJAmI!(pEE#OUsFqPDoC3~7K5~F zq>^N`Jgf%^H>fOxdn10Y^aPXmbm8a4I{K#H~5`ZW|v({nFKyB60|AU;jz zb&ys~^WQ-_v>f{Zq*%+;MVhuI9$=AWa&15Tx0mYJL%9q5RXQV0tu%{%>n*LE%?W#d)3nML#AV*ltIog zdUMO`S7n+&d=IJQ5|9>+To2OLL)CL92#csa_Fj;tYL&c9ysqdiwTcu~y*03ZJKsO1vP^-YOYSGFqtFB%_5oo@BI8 z6(Fq(RXyuL+B6ac$?k+pXyNQ*|M6VaYi)B8Ohd!HWVMlnd6woY3Ik`u4y z*f}6kja&;7zE0L>z9X?Z%=T(e5blJGubZmp3DT^QcR>6a`3Fd`M&dC$4BJHJVG}1m zJ<~jNJilMd!+y{#^vFCM0n%*6CFUUGK%z&e`;n%AwDc0`5;6-Ylr~;12FW>~ru`%k zpC+>f#M7+GTn$pJkvl>BR$Nr}SW5s|u}rNAuTv;(*W&vi-yA1pWR5kbP+VQjv7Fhlvi^8{q`9m0XF@=&KW9O+&?D>5 zRw7xd&9{U2cw919Tgjf0>Kx>Gkmx9td_W{k5_-y6SGKb5ZLLT87BcOna#ShP<>j$= zHC@ZJbj4?*ysT7+cIpL*TF*g5-53v&qos5v2s=*NLuIiDq(vhqf)t;rme)xj%}tWX zRETFTT}{PqI~7t-D}M^pRXxwzdMFjA!9t-&mhy!ltXQoHSA(?KPkboUZjzZKYJ$ka zCqQyE@+L@FBmV$tv53fL2iE*rN2qPECrDG4O431?)oY1RM}p*N?Q{xA$2c|AB9LbM zHFB)Imw>csBn-liR%JGU_%w0>Nc0$0W-CaGX7eo|Z5p|c^kl1{o*)^GyaUpasoMM* zhY8KuB%|ef~ z@L95FyPB(irPz5~Qs#RQf1WBcFbB(`n&wF$Et<>{kjHHqnF{~RUy=$(31hJl{%U9z zdZdM?fP`nM7G4O_tgY(r0P)RLW$p*bv5B-W%t=>UQ-)^Yb7YULnc?#eh<~1pUB=~G z@Jn*zcrC6DXcl^8Zm?;H>shtdc|h9iRw-j|`9-mZwb&1bW}!#MKAGbBT8(`kNK~uy zCx8@xqsl};{Qsl2g402o|E0=Y4#J!Vw~L&DUy_GgN}vkr#69k2Xcl^8D)xftG9Q5y z^SGo;{B*Q;jSL5gY9tq=MI%c<;!D-oPXcMvWKIX^(8%Q=Ok17X39>^=#WNt!YUBXO zuu>V9EO)WK+SMAq#nuB$*!R$^lOegNhnj^`LHrsy4kWCRMvx|rTmsT;5rd*)SA(=` zu|EW|!zMCaV)e4C>54Ct`9pEN3e7tCgksk${1${Qlx>+pCCtEmStDs6K8=h7@oQuX zNXsHsPd-Siwyw1Tq)j8$Ao;e_-qK_DF(@qu`X)I7|kP_1geQ3T@Gb~3L5X}w;R z*$CphQ6(3FG(V)0ognSEsHByMrspM)RxPfNL5i2C7Jd)n)z(FO%tX4h{PBYL%4N-z zr7TucyIRUkwjL_w@zAW30+3?Oo>G$0NCQZ-Mz(;oXk;r$n?~*g@w(KVSC4^2SE#x1 z7KrB&HCMkNJz5_2oQ3Dl!Gm){tfF@{H&)tuC^v>fvrcA$blCSwk_mu#wee~gB&v~9 zDU?Qj55kJol->=}d`SuuU6cu|8GHsfLAA+226Im0Ad8n?Y-CH5^ zkm53C!$8f#!62+ewRti~lTBpo?VNNq_R(7G3!z!)@$x${A_i$LRbvm6JuBt=J2Ljx za+2w4?CZ4HH$t<}BV)e=#9O1T#_uG1R;uJ75WhX1m-dJqCSA2BwNjP^{zje8c)prH-+;7MsHFQG0cq99wIFR8c?hIkBQJq;Xyg+RcA3ZxCuJdv z%ST<+h!@1Gk+C3nFv46oMEg1xq}Y-XqzEK>rOap2TnQ4sN+nGo{;O4TDG1x9lAA%A zHJSTCwysiZ!iyxc`QUZhFxR7&X%& zRg-xIWQQj61&FU%O+~i_(5#U`AZ=QxV?dfT89zv~MuH&UYN0lRbZ9b{gLtk{W8Veh z)5xPBIU0EdWE83b<+`Y=UxO5DGARYHP$OeNnl&;Dq(vj8AS*P@8$sGMnTtU>G;#xo z=UO!t^y_h6jrCP_kQ`0s2asZor1+5vjf@0|Y9t%vE=}_akQPm*9;8hp=Ye!+ zWCsY-_TW7XvR~8u3W!&e`2ZwGBj11&Yoz-^v_Xw{K|IxJ2~G!zYBDQ8S~SuK(x#Cp zNV`UMg3Qn~KLf&csHO8)5U)nQ0m;!w$|AG^jT{M5uW4QY64qo^f`eJR77#lUWYp zxlyeNt3Z4jIT<8JBj)z!H2wYa>{tdq$g^_t8=kS1*ntpuc5BPW4$Xk;^p=T^1;Tms_L z$aNrX8o7%?-KK_m0;E|ZuYj~`!H%|V5g5xhJg$? zN!E=(X$}AVjp*$n6$T?xQ5Ouh*o5>Pg;1W@uXaGDEGxv?Z5av`$|__27O96q%|@se zjVuDmd0x)(NoEB|hbFTcq*(hsko6#*J5bV>QH#8O-_g)Kfo=s$~M!6m} zS9ir^tp6T5bmTeR&M^qH+n`zK@iH+!d>Ew7vQUsef%r~R*Ard^X(>?2-#|R}?mlUu z*r(T33zumY{u7#Yl7LCU22ExVNV7)9f;_H~Jdgt#Sq_p^C+iR8Mh%EhBbz~rG;%pe z^KP{SuLJ4ONDGMfPF3a+5T8b#1_|G#%DfEHs*(L59UAEX$+=q%^&LpDMiQ5!-_S^3 zkmx;XsG%So8W{@`t3Q+**&xs2Y|Uk?_pQWEc(qJFj>-IJt!viua27P{WI4#=noJc) z&b_M5jUdGuITa+Vk#j*>?o&fu2I7A}k^uc_Y#>~r*leXM%w^PcC1I-m@8)qVqSl{l z$Q~=M*gglb>$R(z(=^R3(5#caAWe3Qqw?AZ(yWocfV66)1EftOKY(;-q{ne+%MXbh z6FtB{kbK)7*}BEs4P8xFy{(6A&VXi}%mvBOVm}e2SR-{HO&U29B&w0CK$^9|r(SpMrQaVjPcOa@I8W1M$|&nqcP-57pKDSz+s;{P97vPG*ASX!aC= z6l%viuYy!E|j!W9SgUkGEo2|C<%R;quDK5&5C~Ov?c zO(~s&xZ3TJCy`Q+{hEdAK%%xiBy$dk?*#eWDiE%%t%7QAciE4T%y!6l9#ivYH^?$g z^OGQKh15f#+9}l4awJUTYmj0sRF4yoKYLWogF(Dct0WtwS(BL!(yFHv#HYoz38X^{ zbv{VD_7?5+AncDKF0tNnFG!0;L_hWdh;OfI&jAp>Mt%Tk(n!jQ$Y+g=0BN&{tO=ec zNb^tEgkg4B$lsIMXV(PERr=j)p-0y6LJ(ah2$I@xaBt)PMX`Tx>!H}!LbK2#V?Pfh z%r#4L4M@929;Q%Fs=2xkq*)^!AnYkshJGnLY7?1LfWAm(?c?I zK)ioeV_$3&DlhtkKyqGGW!Bk5%3K68c%QV8LTv-Nn}?Dzv;%jOMji)wSqs$$@`NVy z4hVZmYR3Oo_$CHdO?u6iAu=hrYT`Q@nH*d-;V&9FD!6L=dp02pzl7#5Yyv%F#|Br8 z`#>XE!BttGYGhn+)!5H$LV6s<_$6yC6}>@@v*#_iQeR{5%|KWk)M`Kqxm#E5lo%8BKw^;_kKj_YEr zl48$7>>?D^C|NW8FWaT_GxW&Toz}>pL)MKM&@A-Gy6Oih=9<;GTDue%)bn4g7ok)= zo>zZ~&7(A%>tLbKLz)An6@gGqs6Hkm^QY~#UlLdNOs3?|M#LrbP+asm55)62X_n+F z5T8bNg5+rA0gxt*JWG1sQ1!e8;?>A!6iOqm67*vl83fX15z%iP3BsJ}e(YmFif>eZ z8D=4f_eS~T2=c5Lq+XM$1!;auwQvhan?|;Qv}@!JkPeMJ3&P%3_3Q`nYUH0FK8+-m zA`dk(6vVHQqd}T9vIHcmk!p};jhqJ3qLJT$6lrPS1=4EE@L#lBS;t=0-t}mOOjP>~ zoHmf+b~UAMl8i<^0$HZT zHdFIGX8F!EMe|xAeQmYlDa02tM)BG`_>&&bYGgvYtQ7VeJfa`o&vSp*GH}QUC$!s& zOygU$a_}dl%C2|$d|76v$(VWVhfJPtuO@r{NjY*2<~uLK<38d^Kh;)R6=!{(rX+si)#ON+@3nW=y-#6}o44_s|K%5FXvk=mYG9N(# zl=&V~K$+hmLCPG7PiB=+=442eGOZwqO1k$Bkjzn9xtD-kyX7}Dwpay_d#MuXn7JcnP%}iBte-EAz6|yAw_;Gdw$GJ4}N}@ z_$R?WzF$n|CyUB)zp~7tTtCeHNImANkT7NB(`{i|Rr$nO7s|ASL`g1!bRxMH($yC` zFY{ZO`OYgs^BO9Zr|K(Z0wkN;)ABM==Wa--nwhDQM}k_C`Nb)8uz8T#$l zPavt9In;Q`ctfYPg={yBc+->3x3{ zl}#PH8t+0l^BE-Q_l}V`-$6q3`?r-#;1@VWxj)?sLmcpm@-F{VBbkjgv3djL6RhAL+rDiveyn-FO%=p z6r}6oB2+eY?6oYPWec^`yF3Dt@}FzT*_a54(!0cuLY7nJHAva3HfgmM63JCIC*eCt zn&elAeQ0u$hd9 zq&*}}(hbsOj^2w1Btw~Dkl>|y7ULyzxt1xAc693g1BsEm1W8bxC6LjS`4HlE)0IDm zgh@6+;@x#-8^odU?17|wvFjYTT3Y41&a-HJj>2blOdY$7%r`P>Y3gGnMXh6d=RpQ z>vZMSkSNJFB857$6_W79u4>kkd{?#C6MDsdLuFIPuGoG^(Nj7jpN(=NW<2H&P)pwB zBWVViPOH%oBHxBx_72{4kVH<*$`?bv@>>=5D=Hjb+`Gu_ZRai`uP2fu{fkGGW=Q(t zk1dA#=vMLaDb`7V9oTJ~poB=6$TCeKU5Ldl! z>RU3jwAcyLX?YbHr`XOy&d)MP*cbU&V{g2t7xP;c_A{rhmoL(4mGsq5*I5UN`BKbda7`8)@Z>-DT%S$>h7sY1*%j(z{p3?s7LshBDVd z0=bMi;r$@B=IMPO1DRBI=1Zf)@$PrOVA8&ijb5CGkO}%3k>??y5{Ln4&93X=9mDC>i_jh)mGJ7$p^A)%pKMna+_6CjbO&B*(8vKpCTR;11p$qd)> z03=J9*^n^(72xL~PVRYK*>}_jJjr(r6SNwOQQ6e7=WqptGpix4-@DA>8%U63DPeR<2d}mSVIlb>k;qxY@j-5p<$n@uR<}`>q!mPYG8|OnJIWgDQrH~9s zPe^Q}-mkupB*_q|GfHPhL*l;JnWjC-ccy8Y#Y9v#b?i*zMJJgiPdJ`>hLwBcu2%1|B{AOkux)Lwe(pDCUbDbK+l( zIYMJ@j^0fjJLdCcJbuQGIqCOqN0=^?+z6d-&8n8&C0tJqbya1*E=BLAl^su^FH%ST zjgb*%?0$(%l?=%oNZ9XPG7BM>Qs#X~QdLhtfeq!!6lkn6VV%s|L@ROe=hLw(%=Ih^EvNEMRDAjgnA z3#mo25K@=qZAg8Rk0DJ+zJzoj*#^0UWFMpl$rEMZ?~VJd?5ArEeBUoq^}pZuiKLv17g)681ma zEaSl+Kz0&QJ7#J195ONgH`GKHLo&PU2t~etWJ$J3<=r~79}@aa%L!v~Z<(t53PM7Y zwX}mo*J%k$s{$=W5T}ZkC?s~DmOCKs@4EL#AyMl6Wk}M`$ZGT*8Xc1yrt5rwOn9%Z z^NrLY`3(~PQ)g<7!+p$OXIZf`AW6!EATIq(;aW(FGD9Fi%1nZ!Df1{KMy-TY}kU#}3_d#MSwLA_9Q|2{DcDc>iF;DX{ zhdO5aiK#CB$`_96T{5z`utk~32-E1RYc6A6{cVIq{8p0r1tNcqTK;#FsTjkj+$nP` zWW-XPX$+a16LWpFhRmYOrH~|Lt`m7v*BJ&`o)c4Ng2-Ds^B`n>PE6(r$ZpCkhEz(K zRwnbF$TD5$Ye=1(n9Mejw{@o6t=Q$9m`pWDm@*9@MU-hF@{X=^A!Kw;Or0K(y~}lG zAf(C)BPKISfp0j@(4R{lw<0+ zxzqBAjHjYK&kp`=6d9@IS4i?kE#+^+-S2xXwIJ?RD|XD`qeSw(E_(T6mhm)0WmCtF zxdVhV-67jQF)LQ~Dl-1BdSA2F){zw}9vyW|9ou_v^p%d;nM$T~*l;Jj-HMF41Q}bwJS=wA1kw4!GqKS0v=>&m}F zl5s7SC*tl$nUf&V6LqEy#Jx>R2S|d>Mi>(RLTCC&oiDYNLV_f>LsBHOAc=;iRe71H zvjh@uZ0p!F<~9?__l*7E@3K_>1eHx4*=1YVJk!g!@}E?Bqg1Bd$wH#EgMUF%o9(=0 zJcm!heg0c5$3RlwXsHW{Q=KM|Y({5VLW1X6k#pF;Z;_MoMf&QDOlG{z_;c?dlJDFD zpV@0iD)&U?gjdI2JH?Q2N86WVMnRIDwM>*&7if7961h;zvyfC}{n!28fMmPqOd1mJ zre&jKF4M9T66&s{{O#!dGcDC2k)B!_LIPv8w18wN(+Lu~MrW>sBuNHAqSxxo1W4>U zEpbSumzJj>k?XZAf&>b+tc7IzTCsZ?Di+CiPm5?zx1+MDWB2rLNVLE0OZN20J1`59 znvgijX^<9S!>LCrG9xGBJ|&kR(Z0NQ9m_TnmZkq`Z`IiXqNueOiW#+-ya9 z$6FUp%ok~O8!`#H;^L5?{|GCY#~^8v`I7PPY?65klAK`s68RM3#^96QdsBLkuf(%` zBpC)tklZP)ChJx+Az6|qrOp(cc~$C=d?>9*zJ$c@vaRfDnD;>PU5zZQ#xF9SqxECK zK8QQl_9ZJ;bqYo}&4@XNr$J)$oUJXyrDsjuAwhaZ)E5%{LsyPUod>nt2Fa2<0txu< zoY=WX9+p=5&b`Oy`VsaOR5o?&z2!|v+N&&L`%2CDH+>DDzTQV=Q^)qT0TSM?=l+xQ zK1<6VkVJXCJC*LjYCNVhCqp9t(b5tU^q(!;S%jaGOuj3Yq*-)9WmCt_LVmx8Gb3a? zUSBpd4YHi-Bp^}BEP|}3%qmEXGMgaVDYF+6r%Yffrnt_*?#WE$Uwue|GA$uBD04le zC&?g)`;1=Iu~LUJPe8VlBq721y45mB{q=f0TOp%K_CV4}-Rg*Gcvt@m-RexpG?I3Z z@Iu|{QpmV3b*qt(8XL6SCaqrAt)@d7(JY>XEFf73X+vXv57LyzvmO%nd$*@9exY9dHJ_PjJXZQ6R4yg zQ!a#LDrmV%WQU%`0BPlm-+NXvhuXV6KU@7-$aro-<*-*rcFRq|{R(7`Qt8x-5 zv&@9Vav5`4=0T=YtEG@0KbtxxvkEdGC+4hf6xpFOS;)AYm`ufc@iWa|bfyL*kkun> zEV5H)+Cb{(#MHS|DeZ30_9c8X%)B9%-^KOsreFr33#qSH>2-JM=;L%Q*griM2Z?$aTjy&s>uLY!0dc!Chu6We&hkQvl!03=E>0y3H;2ANHAFT|leO+Z2o^?2q( z#x>Eh5EA#qj&P+fc7)$S)>EtPkd-8RA)#~3%A3G-W#KiX=V4T10?0uv2qQ>X>a$!_7(C(*7;EHEm71l zt!(8f($~B8U1D1~mUra@>X=qi+15$sU1uTcm{z(@Cht0*ppI!}XZk%PeExs0VK!uU z`B2yJSJW}BY~}I~W6YiZyRzx)PN$TpSU-F1R7d4DBxfoySLFqec9bbnVlrbP zA7l@F-+%oNS9nIlR10_}WL znvZrqrOHE*3H7lVndw+afMhbH*smj*`ytawWFWh-P|iI!c`it6l##7U|=g5S@jRy83je6go4TPFYWu_<)G^YAXU z&FMAQMFUhebzD5|$iE=O87yPA(jJo9YkxmQGTk7FsL7OFr>@t^Td_RGvzx|qJt~_z zw)er(`%v4L^gb36rV&n+R>O4W5lEae&qERzjBzBs8e3$V|fTS~ecOHaKv>FWtu|Vx_UfUKq8bWfkY{D zj|gSvL*`Ou4J1aHt&p!MQz?P-Oqsfn`X}r0oC`@%=5k06%0wYa%G?2&M42ZcDatH? zETGI+kWD0iKr+;-`r~*<$kiik0m)LPE2Jl7hC-&1+zSbe)#qmpWC>*!L0rmw0*N%& zy>Ejgav5`9J?cL=tEcEp3rLbOmp~ewsxyNjDawq7IOEI+P31=*8EUlx5}?dxNSy|{ za@8j=3(B;BtZJw;g^(a+ZiIwM?uJxoq+2b5L@2WY5~s(MZ$(bkcmAD_6t$`}7yC|? zPlKc>(*e@8iSE50Btw~DkjQwwVv`}GPuH#HL86pd0ZCJ48ze><=SiHOX1Y#2NSre5 zAdAkh8GMMS6n~oANl>N`ncyq>)D3|+bG6(IiM*_3G9++|p4V(hENJ^e1?LUOUOK&B zLk7?}{0lOxo^Ex_Q~0bf-7_0P7SS2I05Z3}Zgo9m37xSC5SLEWY{&qTl++>l4zh^u zkma71=K#8|Qy>YFj*xbAAL|2|PUmL=WJF_K=W)mulGh=7sm`a68hjEUlbY%}73Sd` za+11`MszmXLW)SbLmb+jevs{F>dF%(LwoukNGFn|kO19(K83inr@JAOX$J$(V8v($ zTR}=_2d{;D!+xyqc!{!5~3A5@mb8mzf$D%o&{M+tI-is zgQPcP6|Ke?$b5e_>@y&YSSa&BG`npbb>-LEXO7zqj9W&0ADEWMLF4soXH%wkA@6N}th6GpY%-N9mTAjHNlFsTi>mkAWwd{sO zNvge!SsbV5-VhROprtJ&Mwv?>@nyR5KuF>tEt8~94PECUNcef3SqO>Ev|`U{V3tU} zXLTN()zzqM>ey>=3xqR!AzfP9JCf}^{I7bykb8v2N8E5~fydAVJD>fy60uB_v5Q z5RxXD2yvd$kPtDqqyR7=-s z4GBM|A5$(8p)p?#$&&PkL~H9h;~^Q6dms)y2S`9-!*pM-K$4D@6_6CkI!KyitBAiE z_9U3AAm5V^r;|{A5zZ=|`MQu4Ni#^ARWnGIq$?!x zy3Sk+Ns|nKM9tb@1U}&W9PLV689>*jv4a~Nbr3#X7k#7KO{uY za*uxlr=^$Pozo%VkMvB>g(P!g>hy%9KGBs2L8AZYGe1@81oRzg4#Z9C%CA9!pXxfR zAn}b_HbX++=~jP9t9|;6Rat_w`kTJK>OxW*^mxvK#Oc{ZcSwR{FeFPdK{9LgcoGno z*6<}rhB9eL@H5?ND;{2ke6C{|`aup=`tCqfy*iJ1sLjrrW z#39k&wLAw2?$xqLGJj}U2}$^3&riyee9un-ouAK9+0?P;XCowlhlUEW-1t9yQxqh9 zK<}9YddC~LxmIWNDJ_+j2Y#la9ra!%g=^WbEGm8}efBuGX>k|cLRQX~&SvLw$zf`92feG?M(#m+0{Nxt){NAvm= zl}#Nxi%pRDM0@{n@b3>u%I{s|*k$;SeR_lqAfcFU)drFsp#Ki|Wso?v>MgC>>Q<$Y z;NQCPL`Whh=8Qc6iIU8P#Bb4c7C=H1w5)_U|LDqJKoYm>%q~bcmoa@+cpK|8NoQ(9 zqLgU?2~wsLBt^Yn2?^Y$>kN=q`}KInLX!S?>@EkKivQyDUO>BixAgASvAaAAQg#){ zp3aB3lvxZ3m$TQYWZr`Wa~ZQfYalU_&5$9~`(8+rG8Ny!wM=q6#3?5;b#r%;29RJ? zEd`KxH7kW9@H?S}H&lZM zvE#HnCPJC#AqkSjkR-`Fl9{ic5v_-WTkH1 z+q;%MKUpuM?-HZ^J^kPJ-sP9rI?`7YR5o?&`8glLnad%Qy4qH@_h3y~v3z^)gkvZB zP+mHBics0qvAvIgls#TZW(p+Y^<^{vfka83hd9UUU0x!sNIrmMNxp=*wREfPkTl8P zkoXBYQ*8yVxY}A=Nbp201(0N2BW9)-LeeBxONLJ707!~t6eM(#u6#QrM)IK4AxS{8 zB=aFou6J`4EP@0{-h*UFK8Hk3w!Ie)?p;zcw6C*({-Wg;Wa4ER`7^HgGSkQWzxW`3 zrJ@*}zd)^ydKatVx5EGIoB_#@Tn2Gn+q*q=Ax{o|>N-`^ceXyLV_Mns6N4mr>Faa` z#F?v~)6R!vPyg@UBYE|1KUrNuXMPzfn>uzpYau-5A0eSOhvWLPnO`C9*;<_UFpJa7 z2+bLjZ{X`fb3X;*w$`mqheYe!dCAImluQFHeIW69`nmBfkOXBOfTSDhR`Vdyf%;j& z8zPN#W;G;6vK5jbsjw2~ndD?hilhxBO%jG=NCrT%B)37F#(F%nAj|!`u{~pnCXzY$ z8S6^x{2c0-R(8MMfGqMW%Q}Am$#|7*<{Jpt*$Ii!$*lH1PQn4_Fzm^}M;P`;XwTt3 zI)@EW+0?P)DG>2n$(Y+iVt(%;S3r7DrU;Uz%qU3m471MWWZnr0G_~Td^O^tmI`{PZ zva=}Yt{*{WpmM^iV`uRagfq(_yZu(S_sqZQJ$r@jeLX5qx>C!ZO3a=1xDW7|Kz|mp zhAkiwlFpE6{$FO1On*o!q2D7KE7HQOp{aZiq!-m$0GUN~K87Snet@(iIpRZ{F<%OA z>RXDtxbqX;u}?=Pb(Ze^Jjh(Xm5jLuBu+9=B&laH5>n;aBOIB5nZ*>yN^12qBuT9n zK$=o!HKc%KE2NVz_?nS{rFh_}UG_+XZ?wd>?mGMYdD)W?Z}oql!<4_y_8d;8eczAX zO&vLhg;#X!A%9IKc&T2o8mlnrZdw|Mv@v3?l-7_KWx7ZvtXo|VNuH-ADy=TlG7%D@ zI*&r4G@d6R@h9}7-a<$+Hy*P)A3=fx^*bkDK%8@JUv>>6ZAA`#M>=o~XVDsNLS<9O zUdw+#I8*5(d^Ghcd&Sw_6aT9Bf@^IZ4BV-O%BGI(y)nc&+s;%n=Rkra7eb;W{iF`b zcu4#lQ^)M`1CXS@s)bi{Ilo2AR!(}R{^pZ8$OLGYlMt8W9Y~1eOGwxkyFTW$0({)%~$?~1)nE4EO2_bbZ?KZdv$ z*}g=6l-@}yeu8V6qyZ#J5{9Hm217C=Qz2QB=OE6-y7!ME0blIgT~G3zdz$9H4V6tD zdo>-I#W?!7)Fd1)Yk`)Ftu6_N%XLl?Jk=!=ex`G zX_vQ2U(f1SF3xH!z%V`cqab0D8jv)#Y5<8}qg$N~iC%5SZ0_ORAemB~DTIXA=-x*{ zl2myj#G#*7%z~sg>Q=8p;|L$@;8-T8 zy{Gw-)Umy95}9gtr);K9mY+q+WKBiXZK{k_I0{MyL zN{Bg8w$6=^;5}wuW(~*qVl($bBKPXd*7IY z9Y)focuVkGS$=lX)mEm{-}YQ2EutfE1!mXZ_{4QiPpX<0O= z;2mG2ukNV)nJ-egbBQ|23ple=>9Jvm*2XSKqfZtycA*o#&hNw60!H<4g3 z3V!rO#`7C0@9_n73Yue2w~@5Kp8iUL^V58{FH%Ro@pmB2q6Va)FH*S`_H;H0_M+8O zB-o3V&yZj*3g-JFT{T4IH+@0nmd&xJNfMl&7K=%6ewr^S6Z`uzkJ|mR-<)&cPv6Sk z@sQq|qxX>4O5d?ldDXFx1x@?tN3@QpZ0guE78a>SKL>#2-kTPl6pbLV>7ED3;n+Ac68YBo1$9g-T_^i^K6UIG?)B#-BRp(9cE_uuE63;lo62qa>eF&8Dw{gG za`vfwD$58P$OyewROi`z>$H?QUMs01|2jj0^QDfJt03X$tl0euc_Mew|9uUX?Ymv) zD6PgIR5o>NU$;WaTFH3kL%7u`aqh=HN5kL?`^HFYw%kDxU<2y=42cl~XT^9BO5|hS?H5ix#MC>gbaY zS@>@%2M6oQolx1-k;;Xgy2#t=PBLR>A?tiOG6}CQ7bih7@n9IW3f_#P7eSXbUDb>7r<{(;0v zs(pz%Bqu|%U+OwRNFb%_gdm}1S}un~e32C^9e8tb@OxXQuxLPGpMfJvqkcx#xe%@5 zB*P$Kzm;SrLK2jj4hg)idw&uVB3S~7kffy!$@fy{9bIP^BuL_HKxLAekk}eKFB#$K zB9sY1;%S|^RD?3uL4u9!r@ZX7lU*gP^1XJJ4Am!m6e_b!gM{e(%!Kra>Q+fe#Lvin z_3eX4*xZRSr*|nb?k9T1K7?ec&UcVnB)cH%X@upz!cQkDb1bCMFgqT*8bPnGd{-mv z*OA?6fXb$hy&JcMByzJbj}8|@QlIMm>H%@rTCwACKg(x#r1ySO$7^MKzXg)^#a52z zRoUJ%2hdDsqOz%D`+5PwnWd1>@c&+CGoF0cdCsW+t`lCD&-&O|yzJMJ75fMyGbq_WzUVJ)nQ-bKm6a+7C9D@dcyvs*sim=v+0?R!{t^1c|79hK3!b)sAosG zf<{oeCM^Z#C-pJ;tPlo94Co9pXK zNQz{u$PE37Dd!tp7bMjnsqgF>%9v|IG9*nP&i6JWk2~@xZ9C zvUQ|YUr3l_I3!9k0g@n@2FZ{-49SxG2jXnjeLW8ekh}$PNz#xYNd^)k`2`Xt`5O}P z#qM&{lYDpiZ`$Rfzr||!m1V_hLoy_dAb}tBOj|uhB#aFECxbclJSrr$$gM8$qSH( zFLnoGp5(iO?oIZN?cm>ssBG%Ej=67q0m8Bt-UE6$gv=9v@prw#if6RxObJS0$6%XCQaBrOR@>_jck zN@lyB#p{sx4*l7cwU88LHbFu=bgP|^%r907dyg18(7`9T{7(eozc>}XL+`njH}}J1 zAQkWcCjYJMy@H6hV)^cA)iHWcPeElDqo{S#*M$#0%=5< zSxQXibx2dne5=G{{)Pl8Q}6pSF_{pgfHK8OOlBga4Q1vjF`0KE?I^QNiOC$f3A;?0 zGnAN2S4bzy3{z6J^5(iY)Rni-H@Z;edr^4=$%{(NcveD2Q)au8+`Km9*#%{qDKVLg zAu-AfQDQPvA(JTcq7su?1({5ltP+zs`Uf1M-S(bf&uZW|k$hKd8ufJoDw{fP?#|X2 zk|?L|0Bs=2l3WGWScJKXm2^Na{~5uRt;+ z%OK%8ddwd}vXuD@5_fgxTZr?QuDnxPQJsoEVtpucJS0NW7!o5nACe@wN?PsHeGP)7 zNX9}kBzHl=jvn*F5QkR&Nl2P9uRs!a=ua%Hgrxq~y?-vPNH#-4eo8e9!7`JjItQpgjH$?=_)vmGN5oL!vbI5s)~^tq|8A zkJPyr(u?Xm3u$_buDlE~i)4e;IZW@xPmmDFZb-7F&Xn59 z=0r%EfMhNMY0LNayrcz%HdPS)}_Bt}ws8!D5W0C8O1 zssSWG(j4NFoC^t(Tm}h|^nrv)N+A)FiI6DC{g9Y1_G~0P$#+jbqdk2Bl}#Oc6}$uq zoTBG0e|IrN@-ZYu@*N~ivIi2Zr|TTG9d$_RLLwxsAW@QTkT^+iNP=VpBt>#JBu(-Z zBunxJ#5q-uFb#1@et-l?_CdlV$Nh|1kemUDk(>{SlgQsWOp*+Qq)2XoWJn%_WJ%^j z0(1>7gSfuf(-QI|-_x>m%@Ou}j2APKkf(rQm&12Ik zkZ3MrOw+0?Nop$jDPr+!6$9VGd;mQqNpz>LtmD!B!cCb=IH zpl`)_1`_d~?bsbO&yfyw7P9iMqfY98I_7!Qq1Lgzf92Kr|E5(YzrJ$c6xx&a>jTW) z)Uo@Ofp8`Z8GXCmWjj;1mF(9c&otNjfGM^P-dVa#-dQqrZ13f=xUYJZ-Q2ZP9a8qQ z0NJloC3CJmEv+G0`hD0A5Ql!#wi_hgR=0{kT#`YM82vWxI7pJ@PDtP!U1v5VLGnB# zL$U;tZD(8AHEin5;^1qzrJB7%{=aKwR_u`b%I()J{(i~Ie}Y+*-48{+g@kf@VeZe{ zASwU%^(0g7SDYV`nvn2$W;IN!`VgnRmX?qd$t93jNN28rgf6rqzob5-Z*)w?|J^|8 zeW29oWHTaTAS$E-DIFIRbOHSLLzDWUFea3yCF6D{~J&1H!XtE3N9=Rx+N_VHn|wz7)xbaQ`{% zFsJOb`GsgT&lfZqK4NflCsrm!ExcBf54Wvk%osABC-{{+4D>Q9{Z{f{uSMnP=XT8U z`+6;#w{SwM?C@500Lb)-UJHU8I@Oryn(${22s;!-u%(NJ%C3}|@$vlco;A|`2 zYK-jT#3uW4ZRg7`LoQUw&O$PBHj)!ify4{79P=Bli-?vckYqy3g^+Y_EyE$9Bg{IReV+UHP@FuKZmlX5!%6;sGPV(&!Q0| z>fc)mFTJeOm0hpABI>uY_k^S`c06X~^BqstuOmCy0=;K)JBTZ;v~S_?7P#JXb2k!2 zZUzbd;Q8oGZg+C8vQZ~HQ_t%vNcd4BCUc`?a=n*bmF|<0$#)iMe>^ga7%H1O_9}Qz z`f5@Mm94Cj@!y^hI(iB(_LrT0^pnwOk?cx|UIp&>LFfkSNKskT}V5NRng& zWFMW4J&;r`W3IUBe`7Ds*7K?h$)2U9Kr(f;bbuu2x(Gwu6LqFg>MSv{Fnx`IgqCWV z4sqVnl7u8vT2_gip(}qaby{fo1ClyMOZ9)SV#jJ}3`rcNr86W@MavD6sjTHz$=qPY zUZ=t3GQxcCNSQ+Y*!>79n>wyz)@ME>wqDQuO-T3%+q<0A4F&>r~&5-3e%E3`sW9(i#${I$a>a&voT%q!ndKM1CB%Q07l$0`+z8@^j=MWln*_Nm@dj z-L|sq#f6XzWv+vycInJuY4w2-v&)kpL6RAeEZvcwf@BWYBYYW>q8(fgiPYAaHIM{V z{sH2grZc-CS;`zyuACG2P>-+%#3iXG8M?k&Kr*yn9VGLYepcBNl3lASmq0?FX^BB1 zB=J>W^lA$|E z2olL%r>1fbNb(QedlV9ZmNQk6LdCbe}-L`51aX09hUMv}s-jG0F-Fpm@%4N(|@DLoHe39B1PPElnX|x{q~+I3(9Yl2rLtsYBy=Q0mahd>)dfRw+oP zoSwy(koeDfJo}{14lRKr&=);g)rSP>dT%M2I=b@3kjSN4Zh(aL=*oj3YiXA!Nh``c z0EvAr%8Y|dFV>j{AwkN_lU9^jDMDA=*O28TyC6+zghwBV^GtFEq!x|vGDw6Z0?Ck! zg0!RYOoNn=%z`9Il8_#>r|&|tzSujqc_hmBj@_`oUc>dMoTgWrzdr+?xD4gf! zR&4L)ktpBZ+fnZ)pz?H*29W3pwl6t{XNk}?*cIaJ*H=MbNStI8WL1ft=|qU@=*ka4 zqI4g79ugs021(JK?K4QH!MgG`$QF`vmCHGkhv>}lkb1muh(tGHryG6_80IwR{2DJxa^Zko0IR<*H!JW3<$QOut#nnUF4H zwOk-FPRsQWcf6Jnki8^RA<^HC!gCV)tl$Yqr3t##Vn~wY6G$+oGn*k>NdAJ%x>aWa zM`Pb_)6x)9YoeBOAZtmwLl#Zanf{Oww`&;(DY-+-eUMIfYIzzGoUCPuWTt5O6cV~i z%MXwRQ?>jB3EZtEP!;#yd$crwq~luJL1x{j@65jK}L+#7{oUzgZ zJ7($q22?h6>^-U!!kOD-Jd15B+k56;^*$qzhSOXcJA+@FMG>3Q#45T}yPtb#=7 zdFBR4`beGm5fY$xvGzcMBu5>Cy9CL}kT^*Yk~&&fz7`UpcNm62g7mKS1c*zopdXeD zy@Gxo5+->E5+&IHN%+rOWW|1i#3^&cvB;2|07;TGgQQ3OJiINKIpmLDj!7Eo2Go@!%bs$lCH@-O}Led%HP^&_bdS=Y#wcc<@F!yZP$W%y@ zoyQlHu~$O^^s3}1NQk8T@fb5n9Y}`mBtb~9iCtAWnb$(%B$FT^`pMce zkTA(7kQn_WVz<;Gsa*?w(N7Q>L8A22oc0hWsK?U{lDt4me@MEymOCI3|EG8|i@8#V zem1cP;*zYARwSDtA%9Qp88f?_?-@J%Q~gL(?gaFn`}vO9_nMHHFSal9v&ek=s!e@0 zMdjcz`i^uJBt-9%On`(*o{{k!r(3-(b!u6$BaB`qE1&NOgEYbosBG%Exu3agg`~X7 zR(^-X!)BMwidCwO(@Rnt66vlpO(4$YTG~KjLyVYrCObhAl<6ULhU!cosdI&{GYXRJ zspSqxw3lx65G2twM+cku|&%BQ$mFEE15+NPWVelUd}%TyaYvQD5wM%&U@o$FpROKJ#l(nPnR! zc#}T!bojDN_ zCut2ykz51Gl9WQir|3E}AW@R{AenkPvj^hT*HZ6f+_6czLEO`Hrnh98Y8e4Z1-0A- z2{hL-PwJ4o14*8xGoM4kt+f0q(pt;0F6Q1&O93Quo|bNqWJt?ENV>BXd!?kk9nAMi zNv_pb$|R{wCt-&4PMIVmLz$HjXPiD`n<0VmTJ}jDl4DQ7+|T*%S#-HYS{?E%a^Kqe z|NmC_FmWF9lKW3ntdDJl=Kx(Vzg*Nw%X_)9KJxDZWL#g)=xRQ29P&jn-H}OoV(-QS ze6e-zlsc=;yTqpQBajTWddU~tDh&yIs^44w(HEOJydLfnxs0h?7vkjlGI#!DpAb~Y{%u^tVoS4dw`eIwX3dvBbWsoejTIY+j!uJUWgVBL~|MoJr&Tq&h z*XrJnKD8Xatxm5-17B>N=BU%m%h)=dkqJ|)UcT5?EzqhrwHk{|j9T6Ai*0olTHQ^p zUP31Lg^bYlz8sSMOv@UnlhL!-?u%`8bp3M9OfO@l9wbGr&i2J-u7zYa>dK|Q*vxdu zUN2+i8HoFxZnex8o7o5nZPuB6zDP!Punkt@3NK?@o!p?Da~(-*Na#mh=Q3YxowicP z%h)sS3061vdDH4)h+9R=tB`EKik+!>eVXq~>-h7sb)w#LwtVXZ{W@4;=Ua@>)Uo^Z zo6L(c)lS1b!GA=PR*fKOU+j3Y7t2iZ9?yEc7w4n0spIAz3%WyMJ?$Dw@7F^@muML* z(pAgNkOavTNZ>l1nE^>r<{3!jQk{8Sq??uxATg4)kR-`BkSxis5ce`&r(z?lGf6c_ zg5(59HmqBn4heME(hia$=>~~kt}}&@@D*ByKq4fgAu*CE5T}Q3HCyVCEP$lwZ~eR{ zbttnI5-0fqk|FsE61Yj+MTd&XgkW}t3y_$R7HIT#vlQA>x4@nnknE)xfW6SzX zhqzIju``W&eI0zv6%M%bcl}0>`9)NoM6z0m8Q~6y>C4{h{(@xt+VRK;k2@W^?9W1e z_jbh466Y@Z&b@}nRLPB}>|Lx_KdF=NEaEigvr*a9u_L?!;*QiKEQG{IYZ(GblT3hw z`kRc|ue%|^F}l^$kT7Ll6QRr+NQ5#QAyLZw1&Na!-4yRj(7aqok}|CzvGIC59Ux_o z__7yQOJ<0kMX5+oUvbkQQJQ-K5++$7aN?FJ zS$~A~JO_qKMxTTlIDq_fnFG&rbfZ4c=b*BwV^2a42xt037JX-1+1|tds`sn6+B&lG zV^P`EvAy35$v&j#{+!56E$=~sk8AlB5`R?7?;>CXk=(r{cjh74VLJ0P#HCrJL}(UYKoZpZ4v0guD1Rn|W^p{krCFQ~iOtcypAQMm z)^a^0b)S}7AmQO!W=V!l-3ub)Y{u?;+G~~Xsar_<{uU~yNq$yh?xHn<_zVnXS}HM_ z%OGYv_WTq>oKibxIb-8RMrpYhk{O}pSx6=SPAje6huCYU?A~iyZ+WoTW3i z3le=mk0;O^W4=jC6G*^+Y?2YSg{1oHzbxMs5~WtfkSxgy1hCg?E4$VFD;CoT4tX1wANS5|u z3@VppWL58l)bU%1JPC10UW0`E>q0UsA@wQqrL>~Qoo$fVZDvo+$~$M_j&zIOn zE>m{ulAauVrj7jG?az0H|D^AHp&5@Z7g`{@rxle*bXf>XI#7N$RI5fgfr4D7bNh`|igJdXkVkT8^Wv!(5lOX}GFPmu%aY?#C;<@LC=JXaqVkE;L*?aU} z+yx2VYs9pgEp>8Yo}s-0$x!Bfh#S{+zL7fg>~tq2;`eS>Ea8dXr=+FTa(nSW8GC_nhC%s~5!OR{@X^J!hK@36m^_WJuOa=0Uq+c3zJ6O5x!1 zD)L8YugYs_UYk+b)Uoq&&MD`VwUT*Ng+z0&O3b{PL1Oee?|IKl(mvsJO|-c3n9VW^9?hvG$iCd1F<7?X3EMRe1s(j zjBqrKa0@D%I(CHR+u?KOek&Pabx73f%gx<4f{<8F%yn@oBt*|!`a>clH$#%X*jZ#e zIruE1{&?(ZnNG8~2bE17JBueFWvyfuNeH)k0}{+V_cQDKIV9vi8?+;Iyw|4(AK{1t zMmU2;_zNnVI(CE=&&9s`tz?ANAl#}pB%FJ7Y(`iBiR7g08MW&@Up@E;NBe!*HJn8w z?25{!jve73NLecx;aEsK_uSZwXEr23&z6@$BJ_IjOGu0)3rUe2aUPxnkko~^u6?h` z?nT6VXW-y79e2P?7tu^xpt7lBXL>QDtd-34DhRjg4N2zSmoRf54@uEG6%Ru~^eP|; z3HxGa5%c8WvxprqizPIRWvFcG*jcO>@mt9(zK3wD9guWxJZ2V0w#T*Ok5F3GgGA_6 z(%F!xFLo9QPYyndN&a~3sY}r;E=FZj$IjwvNLecx&tS-8zmCWR$TX5TBuEGx@+o9GwfYV+gQQ#tubcd5GSaFBqz4wyyfZ1%0MZrzwM<$<<~G;TU8K5} zQIL6*xf9}a(63V-g~VUiV@^WCB=16kPnwLm8?P66O3QXgg5yu7rf1(UprJk(`)QHwxm;*O|Md70DBjD9Iv7oMbg5MY0`|A*tK} z^CCGJl6X<~-UgC-K}$DCBsVX!su9R6Ivb-Pamw5aN$1wkw3-LWkh~5FEYy9ik~$kc;s^3w(9+DWRdmjNw9;SPr0twz|A9v*Ho&yO?v32a-FR(;b{!rJ@-u?Dx z^=q^xQrW9xSM^g!n&f*(e5u`K+k52Af75%7Uv=+$QMn6A#m?A4udnqASt=|Z(pT0e{JG9tgG`pBFC@IqX6)Q! zp5#0C5}N5KRBpOk&;2$?-0ur-Wfl%E?p+jGZ+jQ%Up%5TMbdY~@Dk?>ox!y5JvmzB zFGR zMvKfe{+$+?X>gMknQ7V=ndv8}9P}&OnPxo6cc%4z)BCj%l}#Nx(|;iDAbk#xz7VUC z(Q*>U@0C7pyL4qVdLP8|F zArX>t7eOZK%2gpDl9M1|k|vNKNoz=qWJrcd9g^{o2+0&k;woKd zhO{Di1`;P(1c{Qo2MPXd?f|*x{Ez_2R%u1@HzZC{?PBa8$tjR9Nef7tq@%RjuY2zS z36#_GDi(3HjDmzo?u2AWW=pGobmbQyS?c{QsY97HkSNJ!NSx$%NRXt`C71=t36M0+ zs|h4X^Ew9-r7?GfWJ&snP~}ocnq(3rNPW$Kgh`%-L`jxF0wfOmZ8)ka!1)_ZydBt$X<5+<1niIB{LBuHL|L`habVk8?O!6v%*-H-^$ z5tm{XBqxYaozo#H%A5JGC`SDGQv-6MxMcb35kEIWfLU4TFWkJwMNT+ zNRXs*cg&IGL`Z<-bV%%5TgMw=>EN>h`}NPD&qgNwxy{H3yNImUaup;)QUuA842L-W zclg`AFrP-qcP|?6)q4?>zIN$H&j+Qi-?Y38aY@!eLL~bj5t5phV|_@1kT}U@kOWBy zBuR1~Bt^0ilJ>=}M#htTS0hBLkw)d34)$ zKr;Jm#*R7QJxj@V%n2HEM^v8mr{2>rWB^Gaq{3f1Qvyj-W-O$HGLs=~NFIi)C7BCJ zkh}tEw@>%A3{r{YQ^;JBZy`~VUm#Wf)^+wl)>Ec(5Bx-oGPNKflG7kxkrY7Yk#vM~ z`bYN_h6G3oA@fN}AfrjfLTc>Sb*4Zvl$i+`N13M~T}WPoY$90>Ns_FAbj5pa@?74$ zW0rx`BKZZffMg#eMpF4oeBQ5|u2T!Lg)*l>CQ+sU5+>;g*-p|OvWTQNq{m^pub~i^ zWCCOf$u!7hl1Cx+%j-JxAX&=12AM{g<&d5vYaqKxGLRI>FOXgpbYJ@*jYukAh3_&Y zsRfCXoCaxHQP(Me?4?Xc$aKntArX>7$Uc%1$V!s2kl^9EuPKlsl7}HPNS=hOB6$ts z9HHyH4=Eto0GUOy1u}r-cSwawx=w|wasQ#rv5*qVxR5p^XF{U6*B9o@w}-?IGk0tw z-9`L&FXb_}1d^uA&5&$)-Rdq#yn>clkPOLuNT{ODEP*7buQVh{vPFbi?S;69>pDmF zM1~$y>OKFgVIv92l&%UxAt`o}%SW8)emm9frX&oa+_zLNpJXBlVN(djAmmmf zxkNt3y-&hM6h*(+d)BOd-Y-4AK4<#%czpi&JiXU@z1MrKz2|af&bbg$cv8oVgX9-# znFdME)iMu~TBPMgiFr)R2asd~UGrCv;6N?ELHvWX?0g~4s;gx`h%?`ac^|0-q|j9N z@N`IcjFvRSKUn7(Eu#`TW-=sEU&}p^+#!0@qmbl*I%WwZb+DFCAmM&meh_J>rAAMT zBH0I$Y^3LE3~>+BqfUf)6w?*r@1tY-L9&P2JocGhviK^y+RyY#-!b&IX_Q~ysM7ZW z7SNq`ELQQ=&iamhEu{V~TBbv~kj#c;NS=f&Ajv`2kh}|Nu&d7e8N?&`9x{<+6J#Mt z?ThdXgk(R6TU%#t3^|9SHDof$sgOk^Js=TDUr58q+K8 z8t<+%KL_bavJ?`Kd;nQO@)cww$e(Q+;%BB_LgZFS7m5dSzWcS4fwv^)gKk}QJc+UuBiAn6medO!2(S`LOJUoc|s*li(+oE3YIGCy~y_C2a}-xwXAsEXeGEBf^A<5Y>9 zmTs79F2xM*-`iPD(yvc%e78%V%nLCpTlzVOIhg|?1(LClTvxr)$&k#MTJ8`z%Zgp8 zQ+zk9+?95u3g;j*%RLOkfaUdE0WHT z`gL{Yo{%mi!yp-ws~`(Vrb5<`%z-r6Q)gZX@kri;Oe9$iSxE8&WF1M3-ZdPzp3Ynk zat=u&h*x^|(wvR9ki^+`m*v!*2?s3@hsygNMc;m-qzgV-2 zcY);J5E(^s86-bMcjH<}qEgEpkmOJ;4~h)a@(d&-SqjMyw=uSd=JOKe_OO0^+aFoQ zDr9E)2GWIMeuZR6w(Ey$$2awuN6$SW3n<2gtRZO%X|S)J{RD_d(gl(np)+3$nMg5} zkcA|dLDrGn0CD%zb4`N;rOajrAA}@F+OA4Bo`-m&w7dq%ldOiM$LN?yVlL5Avp+gE zR?9w+0?E-3=TaTh0g@VTMgDR+KGy7HPq05dvHNa5VN&kC52S8ffVo)uKxRfS$1zKK!q^`6pmCi4RBu~>ZpF`Y?j#)2xy6Ko& z1JG59*%y-Tu49gtn5%T26CjB=ChqFh5>swh+fX+=WcG@A>}R?zhH%V4NV*hbIyM&K z$71UV%Bn|tI1zcwC_8%q$x=P{KthtoAvuy9Bu}yoQXu&R5|ONhIP__sO^^gh?Sa_S zSnNv8=ZMPfd}Z8ue8Q`_JQh@mbmIWbmE{;b7OZ5!V?nJ3`aCzrsP-hsL41-fkf5{* zvxEPFM0ND1xCcNA6f;(&mX4VW$xqZL^FB!WWh3Uk`U1qeR>yoKa-EhhAUTrt5O+^K z*G_|QN1CKZ?E`V^>6jxS!DJnC93&gB%kG!?G+nv-wVHZ(1~Rjp3rQTH_o6Q(b-k`< zBqS4yt;c+FuiSb(n(GQ=u6hO{=VuBe7tbZ~5X76N?=ABo!40~?rI76HI%Xv#oT}wB zNaiLx%C5qE-cPS0^H0x+O7Di1IjZ#f)Tg!ojCxo$LuOOV&V%uDMv^@twGY($bpRxP zi(Qv=tO>;ZRG+cqAkM8i<_w7Ur;fP@QlOX-kSxVqClcs9cR&(<={)l!<~AL(7*dGy z*v^|zQC7S2r5>i@wO5Q9+CuI>RU&I&j=4s24DLU3S#bYZ9gB?mL{@Q-?&^Ob{uI56 z4Up8)_L~$ks^$=^lw#^Zl1+8Y!H|4gElovk*O^a(1XHzigJh>^=>Laqsy1?B-hu<<35iW}l7B**i^UbMJi?5|O+I+4*3-J6}SU zx>|mNbRyZY5-~K_z7Xd=y9!xXQ%HEfo!xfTnJrT8x;j&ZCnB?3%;Vyfi_M&TU|TXz zq|6>N`*Uo~vWhe$Ip2tRWE>Ci9@8BmR*P9z3xUf#?BQklvR{FSB+LSkMytsGMha1S==!Y{vO#0kV0`T z8`BNqJga-y58}pB(c^Ua!U{eQpueScIb!^pTBgXTowUq_B=)i*dE{FX+3l@J%?l9Y zJZERO-N-Kb-`&_4e?QK?#`mckOQarppY|h2D*g-6GW)lX+)H+Lk-s1XlKR823VLSM z65^7a4M~xVg!m-aLJA~z%BWZL>~kO)l4l_KB|7FENJR1tB=M?_*$hdN955VnksJr{ zNY00(Nrppwl4~Iul6xQl$pT20L7KVLgr zpO%euS~?!mA;PH>_0nz57-48S3XsV)ERH zm_i&Qb3Fvfy=g~@JSQXxrdv#y5f4a)!jH2nG0{*%(99uGCN6sNa7tGlYt~jZijdz4?%pA#gKsHBS?wl2Sd{Dk*-M z5g*Bk#dgem{<+)=lU4N$?Tfb-yB$oMQWafxf1Q{c@~)mNs&AQ@kw5TWJ%tKm^Tl2SK< zDk)tlVU@^9Xx_XqG|U1XOWE}6tn#(?9SafrY^*NU*~B6$^P5M6l-qY zvQ>&=jzmmyx{Z;!T0_zlb27xcL&tQ31Qc^2Bz32b83YL_<`PKyRUI=4lBbv{5a$EE ziWv}>stIwVaoDr ze4dL^?s-neCrUd1JLY29b2Oe6#B)i^fe`;g-Jhc%DS8K{4aECM$8>~bYuHstp0goo zn!OSdkX#4Jkz^qe$#amzDm~Y0kSxgxhWPECWuM*vw7?) z%y-hOy9%l2c;v~Su0Ioa1|<2p>5q9P+!NxTrDKMPRBE{bl4)ok871@WkTm6)1Id=e zJRe&KDRk9&-VmWtUqVu6>X=Osm!6sLatY=tiOF0al8s|*e+osZZh!16-?_BQO_AB; zkw-n7Is3JAtlZ3tDf97Cb1{#7_rR06I_R!mEOLUDN|BCQE`zu|C26?pAX-KWxjo z4xzacW6`l<9y`}T5SOGiBu&yyM*VEAFLPGYkl;rn=8C%<5|T`Z6i8-6qDYT=8RB=X zS9%^L-S|*qe$g@OAW)K&B*#E}99?+KUC8G9O;O&+__B_fW!-tAmoQK~zaoQ?O8$BeR>KZm4i z{5^BFDAmnu@0mfo3R_{con$UIPj0I`Zq04U6UBLC?GaX*+r_N3>h-dh*p|#~PSp1w zXFSe)U6a{d%LhUVvDj`T_uZDc&ZN0oBeTh4cknDowwT#UZ%DAeu4k;oklX~xm&DwW zrbCBNp`#pr}sb`W4n(JdQ%Hv7bVxwb4-%4G3CWY(0f|VSfFzF4t9TERB>4g2k?eW} zDkNzH2}n+Ygd`V2@+6}m5y@>3=SW@86OaVSn-G^|EhI^@^Ofj4$&nC`eD8{#z4nTJA>B$FU%l6xTm z$zn)I@+l-w@*5-~+50N2t8`B=*I-LXlH^>7_j%3Ya}5*I57IMb?)*l^Kvq)BWJuyv z9dkG2Ba+7;&dECF1xU@sdaf0al^eBu4QcqN6?+%;i#6-J=+gMkW`FOc)5`wdOZ!MY zlkTGHk=f+2chP!Rqw~j@-N9eI>^H8W_=h;-JaUJ05tAZm3dxj4nf`QyIBjhn8Fe9~ zBaIpa=|nOS;+6ikm$_%&3Q3dP4e?{K-AEPZ`sZ$Rp}FQDPwsI0np%D-U%z3OIMd_5 z@@6xq%gSu~98#a3l~qtTmP4{6A45Wt|3V5RzeAkkbXRL%gO0^wYt9v=y4|of+Y@d& ze-JX8JZ|adDaSyP?ey#?%Ixj6oDB&{`a&X-v5>;4W|TQCH$t+d*STi)J0Pj!b>;^o zhU6(oG9G2uZeA~!yY|FM`gz?OGW*H8!j+H=$ybnE{3^SmQ`eI^;FJfa*il7kI@IA) z_ajF2p}Dp|-1sxMb`|DRxc|J0o8t3qcd##IPE5q9>ul?>nayW+tDU*@GdrjFN!@CX zD*eoE2Gw&Q>M?obZe!~)pA)Wj=2AW8v(42WRjMb9>#?&37fOH1&6A7s$epbT)>U=y z6=@GCthGNW#$S*e?)&}v2JwDL%(;k(dYRq9owj$cQT?E^DW(!Jb4jj)_`U5Y$@3s& z9>pw#ge0Fr0vfgbwfLq0#q0}NNYVk4rcnbRIg(o;i)hqri6MChlBZEWLkc8&Ux#mr z(x}5BOG&ywA{sRm;`GtoxDE0)jk*t#CwU!`piyfe!9Ds@c{L~Ds*GbQ`V1e|f6xGD zCFMB?F&~k%gWO4SDr7ZD4@ff3EIT+9;>A+YYt*H~`rzlMG-@JZz9P97l8Hx2o);l& zC}ufi9my|{fJW7wjIL75!I1SN9U)m7)fcjnVn#zYliUdj<53mkD+l$KGF#i{B=UbA zLrhJQrI2je?5TNlSOuxN*U6}FAX90sUm-I{w!0pAND?A{*sD_V90Ezj*QrQbNG|^U z*dpB^Za4jobZ^NsLsxh?B-vM=!@D7VEEN^QhxHqWk0?B@fA9B$h`IBjoz(NpC6HXH zV^w#^OfiqXN4>q(Grd}I5A9f}G#MK6cx={2?-XxpVoa*gVpW zk;rWF*p5wvr$;V=A4zAdinx8ve*Ie@^bZnxYy#XW>e~w6c*c=kX zVrMs>HF9tbHZ8uea-3>i%QSlzWDc*>v-gH%Z?t0P3T`TAr4?N}7XK=r86}+;!4p_V z-CIh}zM^Vmt{>l#q#Gkpp&4cO^u}1E8}jc_NWGimnoDz;?{WNd$ExPCcfSI4Y#}lS z@wY#0e=@~ykyJM`x`EH^;j>}!cTYs5KWg?;&4p@YZXEXqc{(&lW;3eP`3}vIx+=!j zY(CfY&o#G+Guv)N)Q#8C4d)JXTB_a;&lf-GRNc(di519WM%g`G2dSD}V*Z3wop6y| zZpNti@k^vWWF^U=ki=c~Jj<_<;ym^}koIvmWUjWzY(`1V zwyQzec{(GH8D-br4-(R|f=Lkf9=i&eJqt;aEP$k9vGsUGsqVV$DDzvMsyj;RS&rGA z(r<98Itl)w_!=zTqyAS{KbBQ2`TL2=y;e>hy9#G{IiqA1KgcSIqwHSndJFoTH}#mu zizbkWqyr>;SI1loNv+UwnT%SgWdVzDbV6;^kp zvWoFCS22%_l7G`Bb8%f(Wq8?#*U{3$hC`4W;N`3d3{S88LNz^>g&1IP%9 zISP`iBOS9btsq&7=?HO(9kVgrA*P2`hC}{MF;_rxyXnl=L)`7POof;|l{`(mB%3Au zL4EEi?y`~IqsI2~oebrfhf!wV?WkrLwYYc^Y(1|c#+(Ej(;P8(70-r^`43`VtgY)= z2ib#U6U5zB$LxF?zR4cf6Q7OZZ&54GRgF7|y$bfGt6)!L&d_gTYXtEd$n384r}UVc zF8)5WYR_e#T{O00W0mY(f>bKs_ueNd72Wp`7sZAT4NAUr5zslU;@Rjeq~V zijMIknjPh}{@<%mqe}0FwV`^hLOnjc8od)z>tXx)v|?bOGt+_-0)*`6^!-iwM} zef#$7>o`?0vaaheS5SI4tn}Co2}$NaawJbfqWC>D`3hvkut9yR>XFQ^ASQ9P?(=&P zf1uu-FCbp&TZd-$pCJvp=<~A~(r}TLic!NVhW8#k%Kt2uN+WCDwj#6dI2Bz@>)H2& zgd`0iK`$FqF-m@a6FzqFv&~~WZ~jW4?tEdZ&ZoEPe9Z~wC%k4|Z7>&0C&)Q*jGZev zNa`tfuJv2z8N4ld5|`VWD@F|(P|?fxtJWpGxd1iiOP?Gz>ly*68YMB8L;A+u5Saui z(5NiLyVA}jF;75JL+oCNN6PXU=(HbWA{ z%=SK(n1%{T8bUmhHjp$)S4c;it3M>5n6Z$MWHKaAau=jP@(84oGB1H7hUu=p4@r`I z1Mx^UK++^TPsjW7l=)CdKrt;LA<1cwJjn%+0!bw#N13mKB!=sn?}Q{t9)@@%iy&!| z<&brh`8!BJFzW5ck|dWyJdyyCCYcTCNSPNy z0*YA%2}wSKWoaW*Kk3rUR7HMfE!NxDEhlHQOs$)%7PlzBQNpqNJ>AxRFB zCwU)IAo&imlrq=43pJ0_H6H*;k~D{SB&R{rBo{%}Q|57yfMRZhgd{T|d6Fj}1(H`G z?$!Eid=5#B(l!4INs{b*H)-i_iwzTc#ZB)W5`^R_K=zrbxb$NXp;Vr1tgb4Hj~^A zNnNY+%z;cMc@gpv$p;YcIz8$K$QqKGGw}JbNjheK$P$vKki=vgV;`F`#s2*BN>l^2m59GMha1k*Fu6K%E~A@ekKOoxDy)k=zAIjnTXO1SCtcMDonEpQ@7CKao6R z^{Ag90m-iS;Q1lRVGw7W9+iS5NG^c5B!eL-lJSr<$#jTMG7pj=c@dH$Spi92sK0IT zImEqGSNIboJ4MT1A{4XFOsrzOj%f;UF4NKhlKn&X@N7sB|E*_xHq2jtF86GBbT)<{ zGs^_XM{$gut5BT1+_?_A*`8-P3AZ4#$z#vq!?LbV^-6P)C|;?I`V^9-nDvmv<+@{g z+>5>VkIvH=lBAfr&=NTn2B-cWc*XWq( z5<@ZvlG>#2Y)?bniF(w#kdS08BqG@YNzfg#&TQO8o9YvOI3yp7y|*~m$z0{$TiVdQ zC56l;kG;2?4GD{xt@MLLBpDesNw0J!#3czKy=ksDAsLGK98!p-VrajieFlzna`DeA z9!t;xf0^OtJifqBzuR6F<0&!Nb+C$x_A+i zxK=;zybp;cYWZC9{HEvn6_UPF%PtS%IW4WLDP-I&`ce2y$lO?L50f(_Pq{s;HAQD0 zhRi09?cw#1R57!a`ypwPg%F?QEl7^!OGuvNcZhe7Ui%(%v4bfcSv?SE%hEkpC8tFj(|9o`W$wEcqC~^;zNB7M?$g>+O^A>zaCN`nF&c|^{54q zR83ot?O5&+$y08}I#S1$A+yQjmVTQ2A4oV)uQY;0B%2}0M|Di?hfyKP0T7SmXh@#q zc!=|u&eK)$kW@$>k`a(J$#oFBF7t_nX^;t}l^U4?SwQkMWF5&XkcPLLtI~{G0qIHd zC1h$Wb}!P8Z_8dBI#u5RHXyUfV^8nykKoZ^xZQU-Ee%A9bJ>_Y&&!aAV%~?iPw2V6hh%8fCdorFb>`u^AUPBgbkUzT zZVJg$%n11O>!3`NAfhpc}9;~4oQ)$fp|l7g&QG0#q9Pt`a^O! zq(Gxui%?8gh`UhF-Vc%?xf~Lb+$MQQ9+o`M>O3z((j*^4awHod5lJFMp67I)rjRsA zCrFm0FQh;+LGnDW^GtOiU&^YoKEB;z3g$&HX4$t;NTg3V*^*r}qF`{=oz?%4B@ndKG8In(W3-OiQS zrnyd-Ve`nHeP$$I?nu2L`6YVPc!_yk%k_|eH8F8UmPFEPjIX9b%@=(X^!3n1U> zt{w?VuF=u~;*+EyA<3nXJY}8?$ zV(#;gLGpj-n3o`hSfs*1&3oh1#d@yy5#w#rqt-xjB)>wUgdVlSLUewM9aV95_mkuk zW7&TC)kIyyID@pfGK!=*BqBLYWQZQsL*zUy6%Z%>4RX?rK@hi6$6N-<$71*0-$PbW z?#aBC_B}vmlgFOJhau^`O@GXOJr606ESFIvpFftYs?1rav)?0&D9Q)r5F#ABk2bzkc@{!B!LKJehA{yzCQ;^k-P<| zpVfE%Zy{NV*#yav)Oj9rku-#Kq&z1S z)jgSVZ@B|`%qV;69)n~`{V~`3%Q8F3XOIHPpO6IoZG!z4qe7DA5TE2UNZ~I1K5Z{Z zmSV<3y!LeELZVJu=0NiCDBF!fQL5Vw`?<;qaaW~3FCnwZWBc>2$PspSJ6C2uk#gsn zMst0G%qEYW>sN?-x_-pp?ggCi1MTcm;hqrZAT13cS&|lz%%M8wB#75SOE*a2cr8OA z`LTNTDt)Y(2q|+fvU)s^=tRHhJt^ zXNeqZ=aPDQL%gO&%w2RCB&2KbIvGVW3zDGovlx;h`4Ez%6SYS2T%u3Z?~p>A*{(gC z+?KT;Ia}X*>*dhZVjjEp#*mPtEyQi6yKy=sRT9&U3nZqcjj4X1i8Lp|Ace_v^`xI5)$ob^NUDjN((ua`8jM8T{Q&t}Pm>WH8 z>ygY0r5lfEc}t|L?&>EHm*g8rdm81ujH`)a>Oy>yhLC`y6(mb?I%FVa9tg=(%$1Oc zWI7~qrmp!>h)eP+B&5u1As)r-^a^SwX$T2OPJ(1fDj;7`=F1>?in$dMk=zeSoTY1i z2I7*uEiv=-?yQA)6yq#G%_Mt60+J?>EJ+8*`INagBu_DyLL!m?lJIoR4?r zlk2NjdK)BprIvdkZVxN?CYPjfGI5@Ykw&ty$X()bjPm2zMHWLE(3xKf`RFmd(oZ4T z$F*#LOr%k}zm9H%I;JUP0?8?mJjun7CbVCpA#I+}d2WG>CV3d*JgH-HkQOBGL+&K` z0Wyzd=cV}M6?J1D$kcf4_CB90_ORT?lpM`<7&4nY_OUw!$&a)id>LRmn;{vJ-QU96$LW~EAnv7FT0laQGepMgm^37PnU;|dXM&dN zAwJ1$NI>!|#JyaPS`JBEq2<4lhh)dMQBN$k&-vn=w%k6yPJOPA%qEY$-kU-qx`%g$ zxEWpHMG!w0TTf7wa_f1A>KTsACXcP>GDvupo_z`=HBrmG5cgUm=JY-RDU@Q2yaGv6 z%x5y{I-TcxNa7|fHQvGXev6ib$gNiF+P&LE%3Zs&K%e=8keQ_!r2bPj#?F;1Yc9EC zcSIgD%67GTEK;-l8w?pX#jZkR4CJSHE|H0lOfkmhnFdKuwcU`I*^p+G=LtymP7`D1 zS_*OJX!#V9dRWVPh?&b)xZ5(E4a(dA;uUANF^wV4?UKhzbBL+X%IT1SH0oR#HBHYx z1aeVP?5MGjH}24xuZPqtuENGlgXD`VwekSueUb$b=LwzXB}nQnEz2Pnk$ehS{BIre zE#&tHwEP5la+VfnIo5uUmR%qPirE*^h4LH$aUYaXZs}~C02x{oyROcV%OBF2dqVyb zY8eO_RNPZLY8+$)$t1{YB-0?Nc{UGzLs9dV_ywnRNLq~^JN(Z_Y>b?`dok*Q$Fw{I z=@XBVnE8-gT%o<1!gw$2Z|T|kH!5VRzM)@w2PQM$&Q+~ZrFUSwMfO^jdKRM|lgIY? zL#eQs*~&MNJjw46XMxOaV|L5qu0_%il8(i$G*=Yai*jnVe?h=px$ThI6+U?oL97*CZnF$a=wgOtYru!_p+92AW=M*U1?^u#OReq zafS9bv8dBqI)}~+dZo7_v&myuI#cF~^TTz@r2Ge(e1qnV)r@W{~7YEnOfRslq;xT083B|9qw7p;1#Ii9d9nMy@$0Ibj(4J%okePK=LG=A&IYa%teskFD=6%C(?dh1&O}a zG1DOaw_4^vlC;uSA&Fmg%t}a_Vm8RAH997-600CN29hP|4#|^@gn0ked9H@|BvT;) z$zu>_tseC%#3fk`nMmjGzmUl!8z484)O;UnU#Bzg1Mx_jLNX;WC-XE&KzYuCOeGl& zaevU6Z-k_N)N(&09T_p1AA^J>3n2l?5=ibRJ?dRZqI5E=euB`Zc%|q&K;!uI+B?9V zan1I=kt%Og>AumE&f#j*!}2|(7uHL8|stYVHE@=`LC!^1H5i7$l_3H$yUX2bcw!O>;d4 z$&$PTnMd+2WFg6Fh+9*y;z!6_imCAtX5XYM+y@eow1Oll&%YoElEIK%X;01WjDZyX z)R}LD_;g>r2a+KPArZ-&5C?xF5o^KE?Bw6qkOavliK(Guc3g#ck_03oIaFfelWDJ% zHbwd8D`ipK!~efg=DMi%T&1frLDygstEeCUratMym{yRHnaYcn#NJa*q}e~iCH@?iX197pvV-Fr-b=g#;O?6UR- zi0Mqy2$I}UpN-a#g>fDkbqXZ4lZ~;fDAW=ucNMi>*LTPs$eiERW|p~n%Uru#v2$hX zlr@+A8FYE0O6Mm<6%LnrVzKqOdu~fTZoO?8mD#JDQPRWlsJUvC$Rx<9`ZkZq6j>KZ z7Lp)&1mf?bM?DMaytkHjATG%#kRg=kYsfgt6G1vs%w|Z2WRFj9ha@=&5|SJZ$&s{! zyhqXrQh#4v^VyJyV$zW9DP|}nSrmJHjgLjny!^Wr(vn8agk(tOLe7arew%UIk^M%W zS0$yh>g;DLw6A=(evXun@2fKV0%SI$Y=tXhu@!EH>=S2}Q9G^1&-I$dbJ;7UN=m<} z_@8FCKQ~V;)z@-8WG);dnWY|kr9{biu4-hK3Xeb@Gs>>31*B^2HnZ34e`o$G?wGCF zqnb}bW|POxbv`6>rd@^9Qwd2lH)8gE0wkcA+aQHfjCmBE4RKoNQ41jHmRgoT+*VrN zm6-F5m^`Z?0mXa=i8|_0n;;>@)czDTx6v^NKq8W(C8n*8X$NshPJyII&WD8b*Qkd; zJc=0)Np{kiZe7d>jZ#B|p3jl|IR+BQKFBzyb^yK|Br z)d-S2SxY;JN74lnl3WN$chIATLb9|Mm&+*6#F$mw3dzMW_VhZ%^YhP-o?D;Zxo_($ zE{n`2k3GHfAsn+DvXVxvh17pX=c)M_UL}#ZkQANp7LYVaCrFk?^@HRnW;~=oaw{aH z-I)c+$5MfBY{(Dbqmq~_ZUJI4qjgu`fuu`)HZiLthU6Q_I;!wb$T`dO+V?Erx}g3v zf;3pJW7rw7pC(&F>kU2^Bs8tY;_Yvx(t#jX0~#J)I)M7 zB<1Tq&x3d*IT=N=5|SfX11XR=Utv#4>O&GE^ju9LE=fm7isWAqkHm-gB$FT+l9`Y! z$y1P!Iy30M8iGsZ!+B|;o5v|-j4dXm=CuxNWO&)um zyFhYVJyyDxY|GV@qPhAav&m!U%0SY^%vNTJjMr!5QAp-8EpI_`vDj{SleeY9fmGoS z$ZYc1dUpJ_hEw(GPdZi~;uq(#F-Jj~#P8utObU{rm~N1uB<2~~U`RMiuWK?SyG%G!D6$al(9#Ezc}2@L zlIJ5W(;&&mjhNFi2a=`}^(4f7LdU!b30}~7zJ_>jY55frKB-6Tv=*c0YuOj#FVNB$ zl3S$ZI7o7#madTKc`J6mg2f``?pOLtdxw<$>WR!IkG)O@L)>_!b}qjt<<2#R<{E>{ zCXdWjF}~l(;r&KAH&D!ti1Febw6mLiFL(ASlz9#^XO@~CR=w9`&QH0S=Thb+$Q-=+ z_uVn~sB$ys;>>pK=KfP|p0BsclUTJar^We7pOzI^smWtc%QukxCx7p%`{}mKm5Ar6 z=-yopCq6}>XLr8CT;JHawrCD7$k6 z<}#z~X-UN*dE{RO1teLl z+2-*eZD|!15|h-U20?=MR_yL%t2$PC&wT6W08ShGIiia0ola^de~330o5wjZ&isGo zsaG|sbjJK&^%)z53Zr5k*>{^cby7K*WiPHl9y7|GpBb^(-B}DdFU~BZ-jm-I`8YD-f=0e;_c9h+(Xj&})=SfIz zbrLf1Nsu$vym<@9pDuaq4nB{$sz%95Uxjpu^N1{mg#WgqY(375|6NZd<@p?W%qTni zAFJI(^u~E$eesj@<_*I2aj#j0?%@-NH^X= zOjRC{4xzaSyWo)PkVtYeN4S*@id#HW~3AtA{Hkn|^Z zlwE16m`AQ$`}6LtALF(@QNizer9Lv7JoZFg1L2r^AzrCw^Gb6*#3y-OMv;61$&y5n z97)ZeaOyra>oS@5g@h$BXQMGB`5ztA5|a5^%gK;Jye`|H+&YOVw?D~0bbl^DW|PPE zXSmcuF;_ws#$so8zTcMFqs@Bu0GUl5d+P3mq>7oXJSOsk>4xc84ibMxKDT;XoF+oZ2*wlZ}uwIpTvJ89_!@j7c6 z3dxaN4GFvInCTGrOf3&Xf>!Xn*nl&u9t&g@OAwRr>?qrxs3^KWi?({Fbn8bD zx2EpTN62jQ*#3M6@w(Z$WcEKG&e>XaS&tZ!{UDj&b`Xm; z0duA4?{Rzx$@I0eOAo(?BnD`y@he6R*0LAG9irt3NQ$H#Buml-5>?t!_G~1Eij=#q zG_9*QGMha1Y+MIP7c*OV7?LA-9a41;W$h~=nLBKSBI_YhX_Pq|yZ?rhaJP<0LY!en z@J^2W&g#)4ov-L`Dz%fCkv2v$pDKAsx z=6fK?`g*1FME2D3f=FF0??JpP^z7e2!drBO&PMe4RxSHM{Hye+MvyGYagZEI4;e+f zGYaBeqx0MfaVKiIUt(zXMUa4EmP681^LLQcbvn;qkSxhwzvC06@tsyq-C>Z8B*#N) z?_}Shl9+QLF3A8$3zD&rP9&2cJ!6Tl?(3yOeRca)F}+9O9Zx)>Z}n=lu!Fwy{~MWE zo`lrj$;Q~Zylt9m|J`gJspU;%HhJuQqW}qtncdQ(@UM`nnq^dtKk&W3coic1K~n!V zyHoYdGhdAgH^zDFdj)N%!sC$Hj;QT(h-s-xftS;jDv(EQy~SC$05lndam~%8Is>cZr3q;{fRszM?+k? z+jM~>Nd`kalItO9lDRU9?%}UMaQ9O6&cF znn{j@q)E<#WJrcUvLx3-awHEx3M4N<9D2lG4RJ|+hongM-hz5annIk?HE5nEoC>Mx zhFq0BAe-Z>TV#ZcYOC+P8Awf%+aO8Gd_Tk`c^cx;9bkpT#P=VWD}rQVv3r^=%0KUE zt+*b0M_NjIx+`AAm^^k*8$+sM>|6`Wo2&GG=C+N>l{Z)EUC&JptSj9s6)>uDC zUy^Gei%4ccdXnTI5y=Y3Mv`wKn@Ki9*2iLd7#6>kS?+$-r*-XCV>`#>vHNu}qzT0w z56PFl0cy^(2Pu@qyoc5o;>^@n?l?$-jir!8NlfQgL6RhEAt{p0kTl6|+oNWZ10i40?5!bLis=N&kz4@DlMI1GBoiQs zS-Q`+L6RhMARftc5T9fjBp~?$vN54M_7@~9#hA0YM@`gBqYi@`*nriL0pnekQ7PX9k5cW zxfvu~iZLBK4dTF3FdW6v^*0>OsAO zJJj0F=|uP529S{CD9A**+nfk-=vwX$sYhpZFk~vpc*r7>Ns!vK%d;SrBu_!|B+DS} zsbgP5=EY(kbMwWOmiw3+#d+k}SB;%9d#PjQgx7;4=jzTkhByytIS!I0=?=+}43LbVu-lFWtpBricSB%f{*XM$SctPouj^(=f@C%%N%B0zBl!^GlY9#aNdAC?B)inX8H>g4sk2z> zDR)on9jvdE1CiO}v3uGKk}hVpat6fD>9zNUq$tlMNbVi|dw}nPxaZm{#nzmAd0T2e zyrHi7QJJfl$5!})%=LsMA5xg3?*L69 z85(sOBuml{l3uMlc7=?3LrWGClDq&((0%?xh)ePl#3R{d55#<`Gam}^NKSy{NG^mV z|D#8Zf)qYBVtRO!j4C}A7te6B}b2JvIDr_Ss}xmU_3hv`!nAajmZ`jE^{U0no8kgR~DNWO!FBs=bj z9i)yO3JFNsK^*EvH;7L%1X3WG2=S<6GaxyV1(1kj86+L|P_BZnA#P)PEsJb`5Pp>W|PO>*`~_uUz?iEH8>mMexqfP#Qdz~9Z2RUEuTOV zYmA@^__rPse6M46-+Mc!K_h+U4}^rj=$K{@Z@re&AgR(^Ci6uiG-?#YeMH|yua%hi zMA;s?ze?tEd)Vo4UGp6>S22(6;lq$L$qSGy$qGpBab4k;kkoHxrDk1!K=LGe?t?Q= z(gYHbbc8q?be@YK36e`7F3D{WFBaP$^XZXt`!kdJ^Dr`pn{_=eLL!otkknr~<_k!E zixpc>xSe#Y+?nyjACj)6Wf&y4vzCdFs3a!OOo&rk$1H$&yJ=Yp z@psp<8j`D{Y6u0Jd(Qmp@$?#Kmw8z zAt6Z*NSNs#;naY^=SfVGn}fuu>=L4sK9^=_`ga_=qc;_JO) z%%I}6TqQPhvUqiuo4H{VeJAOPnoS=2D02a%>Juh%=KDcXbSIerxikJ0ip1OuNta^G zJ>lPws-JsSj2?Yy#qcqsYsWtcl~E5MCPDHzWJ3HiyW*%p!<>2)^EzUj1MPJxdESS3 zBws*WSI7Jc$sMGn<^gz~K$-V|)Q_cNWWPS61`TlBhISPGUeW;h@UBb0Rq}9*Y7>u= zdYVI;khF(1COH+-ki>%|NiKx6h^5#K{B>+M7MZI*Vm^vHCUOO2CCM~MK9-99{+Q8y z9A|XAiugnoSE^6cjChyr_wn1uv)i9#&!7`E4|63;9W(dLC6IvReTg~DbQPb7#t9$p z_ZyaK6!#f2vR|*hUM#Y%Uok3ixQ!9n0&z)pJ`kBnj)YXzETfKtq~cYGR6wd$Dl!I= zr93x4e3F@vbS$=qxuWPEX1D5L$9Q%-Dqq&9ii(Dny~bbK%#3nNpQ?Hi^@I=DS2v}Y z=22W>Nsdi4wmmFKi{#&>rT2Gf<^Nq;2Y;6~;oqfgJ{IZf%cw9Sc^i^A!qy`(A3%~M z1&Bwo7UGkvhXf>lK|+#R2jMCpsSAln8bA_9>UtVMk|arpM{*p*kHzk3t|Z2pIn zAZzc4JZ4mUH;zT}$iGV4T*o{ISrdz0h1bEx z*zYd=(<rRWWw1RIhU8k{ll)b5tB@Rt&Y=mrm z#bpQl@3|&cU8kkbx413!qvsAT?h?g3cCP&)RsE^J-MXUhppjuI#_V7d#H0tB3XQaa zIK#A@4hboyJ0v$(uWKYEOL8+LO?mzeaR=$lA*A5zJg-7hBekrOQIBd_3rUjvDWhnv zItQcXQs$~p-RFyPU#$wO2KSoCBwRfq;+V7^dN62jQ z*tKte2u{l-y28C7h2mT`rV%7KRaq9E#avu^scqZA-_Nw9;2)Q)D)IY&TAlxr&*soCC>`^o6)9bXUhik|fhamg$(s zAqkRKA>O+>=06ZOujMC*vs}y04RPg?90Ezjv)le;u8>jXo~YVwbbs0*v&mz-(OG7{ zQrB|MeV%ok?(<+|PSf9Kyh7woJ^P&y z=XNbmL;R^)Rzh;qwEPSS@6b}a5zbhg*{;I5TVl#x#S65G#>i~)*ptvvRGeK# z#q|^)iOQ|VX{S%`uQJzGk7$K$%Dj>?@7WlyPe~d=-ag*WZdc(xR8CiA2U{VJ8D)ET zCL~$RV`TuuBgsH~l9`ZzB!q+{uR`)9pFkp#pCO5d^$ylN0(U=>`VgPwXh=YE8YCj= zA$jO05d$GxlV6d-w$-yji5og=ZXd3s%kK~f|qLejC=J<%; zRC_jLm;Z&#CXe0IA&@AZOJXjUdgw~IRq7#m0FotH49Ssv0x6JefH;roweNNmP94dS zkQB*j5Rc?yNSb6A#4r8q#yrow65<@L?@`kw56NSYFx2(rAQ8!XkmQp(<~K-UzLve3 zVBaaG5hSxf$D9Unp3>3_;+MqKJOUCe(lIwf^7O2Gw#1OU2uVDnN4*bmN!CF!Bs(3A z-61&?;w?0JOg(KN?z1{`H%OACQsj9Za~&jFtmQt4|GSojkbF+dGKhP$-mmW@55?4I z3Za+-A&HlCo>q{MVtPQ56f*>pr>NSq90Fd<_XmHbb%`dmn?$ zBuPk)B_lWbzF1JNylgFNfGi0t2`fk$$;=iZ&y;6i;4_*$*on%MF z6~41A6;@J(laV=9%wsFO8TdH$H@=otT%hk`ze7?5-RFJU;toL45|W`&r$fBY^{Bp(AQrp!;6Gd=3dW>zH34$-lI0*A6SKp;xgF#P@WCjUm~yw6ua`nrrC-2}$}x z@+28ZL~=JIptgQ@ zA!(8T;*&f9$&jpo1SH=>awK~kkCl=%hZIQ8hD0PoAj$3ZDsF`2`slN9KP1st%hMtg z^{96sDLTEMK++^@A(>swD06*nh9q~>veOC3lhCpUBu8=(B%*gSj)N4M>3YtA_;h_$ zLK1`ZDl!r?NXvAHcc7mAK8Vvu%af2Cov}9{5p`oVBw1J2vjyUn#H@Yy6S1cx2SKuX z>QQYWIg;*>0!byrZK_92hB)=K+y_aJydNkM#)3n3YjOCSNs zG)R`@X-G)&2_#3d0g@-#>m+o8q&Xxa=?-y9cWiUzj)o*irb1kj5RxQ$7m_0R72=WX zb23&+(j1Z{=?ck_41i>A(dTd+BsoRP4U&iCE|K^=+ec6HzF)bIo@?l_@?m7om#!~! zRu@1DN9q&xzRZ4<5fk$nBv%sC=RYAydLOBN2jn4X3GwLtsB<7b$p}b>WC|o8nJ;l9-iV0LdMryKxDmKyn8pB3TH*1%~G~_Sy0( zNP^@KNSb8dQ*bhG*C(MNBu_CXK?)>&AQ4Fh;?Ny(CZy^)q&!b}1mc%s%u1hz1T^YB zNJ#P>#5qSlWBdb>E0mdKN!PZ4y4B7&1G>JoaqtbsDZ6k|ZS2 zO0S{|q(Cwd;Dc$;D7`N8YNDJxhayj!UW2rN1SFjy&dIiBnf(Gt zl4KAhLoxvpk=zP#=`&RKLsBHqKzx!VkbvY}NS@>~NJJ7r67*TD8lBO3l06|l$-$6- zUC&}jk|YoDNWO&lB!55xl0CYh z9+JZ#d6Kq}h~x}NqLZ%YB1n>CB*Y_`1o27kh6E&!LPC;PAbFBiGU{|a`&x+8S<5C! znq>d37)5dfBqV7KNt~hcbcZBKhC@7(8zBM7Oh`!b1SC(AgG40DA&D+}_H_`CWal$6 z7s&yTkfa$TPjV6@iY2~_c9prRd-t<<^|$G+-VK>qhC@&oldOp6N}3INkI~m<_3V_fj%H3270(pDFU1#L%cuAQ_UMAR)=l9v<;Y z4u<4Qg7=pDjI5NulkS|YD?A!8$v1R`9b{B}{T#a|Bxs;z6vR1C=eb6t^bV(4`|Xg% z=h?F%>zWIhLGl7*GVS2IkT&P*QC~pbj$`Z@bBlB7Gv6leq5VX3)w5-L=0{WJ2$@-G zcf;ABm?I#m(z>uh{5u|!Cg}zVN%}+bB$q+HqRdkuO)ju2wd+b0pH-H-u2h^yDtrW) zS(ZXvdcOLp#E|?9siZtRpN$hmG4&zNh5ED{4$1e_(hlNYq|ZiI$wQKsn2UAHNXTZI zeF`M%rDN`wQT?^N3`vrFEiq{wvjLK$JiB(scNzX=J1-qO65>&w6l5jUb3SA;Nq~rW7mMA~bTMk?cEc-XF1H&4Df6eu%(5Pmj#nZ3zI_ke z`AO6+-1SA6>4t*MYJj9KqVqD8)TXZ!wTA!br5#z-% zl6jU0J%T&~$zQ5xe^WBkPhmcXM7Qaf4UpgyExVq(opa7bdUpN7B z;uyPw(HO~G?haN`<_^fraxo-D-54SDjMJ;Q9+D%uPhzM)3m|Ed*C7kz+3hM!SIb?6 zTcP{&DKh6T*A@N^QLEw= z6}^20FDR(@|6gnEz1M!8Cml+EFgg3b*IsMwwb%ascy57@8I9JauLQFDMV{vAr1>&G zP8cE0c~3J7WdDMvIRWH+lpgaX$c^Uf+p~PV7@TWg9%Kd1yIxFvK3~rC=lj4%Q-wC_ zmw@aRJ^}fCAp0}qe*>A%kSE-VI+!61AQv-a4#<@Z*#L4aLtX`BSF~!#m)iM8^7R(* z87jTX)qBZ}*e8svRx-=~cW_od!9E`Wa$Y#^wmX=A3FM+7+JF6TAXhSE=r&mOrQUyb z0XhDC9{GA8=OYrVq5E;4uQft0UYO-#6r3;Lqq5Rnyj>T*5c}MpaXtXfPgwSK@VkNR z&yW`a>1D`I0(l@qeg(+9=o9Sxex}NhKL>IlL;e}a#SHo4+mX`@c?yuL88QrHC~Kc* zfb7bU<3MT|vJGTDLtX)-mm#kKay~<# zd_9oMhG;uBPUJ^@s(B#ie>s#pTY!^5j%UbuAQ$fQH20C_$2^~305bpMp61;|e$vx? z7|10dnxQ+8>NTFv6M^i?kZ%UE|DsPd3FO-Ae5xfNk6HCzw+UqEXFbh% zB0m_~Oy>O+K$fypZv=8EL*57E${RhOKOyp~9{F1!m*1?2*7tu0vimI_dHi?58gKQf zb_3ac$s^APa^)R9)o~yfv(h;Yw(AiI9Um&M}p*D~a1fb6mo)cXGa0@*f;f=N=4|Y7~CO9jfFxDCXx%eXA zs=tiVvvt3p1aj?nv;@_A-wI^cuut`FAiJ|ve*`2*Pr11AzAq#fPrlRV;xE8CM?MGS zs&Edi-{adTrA(i11ae2@6WV9Z>5W?T{>X>@;0wU{s>xFO%mKOf5pS{Y1ajq%6jA@_ z0onh1p5{D|^XI))9{@6xrFt8XOBwPWAiF>8IsXxm-Zy$ae+6XMk9*{EO!Z?P`SLYr zcwa!Ik6RxMJ?fNNK9%65Kc=i3wbg;A^!yAQicqjfDJR`i9oJpNDauY zKlK_O0P79JDg8$4#VfmBpDtv*H$(2FhQc|t*lz%GEo&v-1!U+RZ|6S*az0D-cR((F z(%W$8PV|Er@-;xNX2>2O*D~ZFkf5_#bsor2FXSS$tGhn+g;?W`$cNr?CpasgP`h6Y zGh~G`|bvK9iM7@bbSDb$;@f7H<=jcaDB|E99M= zKLXCmCusP0K#qS#Ew8@%X&^(N_Q;o=LOred5_}qv3!n8g-wb5`zbT^mnk3EVJaPw+ zEC241Eg(bx;gMGYsb$E|kxz#F8fpI1r}`j}WDVx@PnjyC`3E4EGvsqXaHtgZB3R?` z>&QihJQK)sqMgb4TYwzTXy$=j%#aR{s~PfArh0_RQaj%Vq?aK-59EA?yc@`chy?Gw zD2T7i-x@XCc@Obw<_Z53oTvKUH$DyIQk2Dnps@Ukzmbksf(EkU_@hTYx-} zA-4c|UxsvnT+5J`0lE4(Uly+cGL)^#z7xpq4EX~fwG8Z^LlSBBJp3_aCb_4z>dKgA;pK(6fe$VnhqzsAct2jtolJk32oEJ$j5;Hr zA8p7H5e|^72H#K*{~%J;tV|X8b0AB1d!7FU$URxPf9V!>(leT;0C^}w#(+HYdjcOy zhsxMTQzZ4~*PhN?+^C0Nd|}|sHsL!UOZkNUYaPh(m#BR-UoQcYdIzSu7f9ff^qGG~ zQJ>47N1yVX7kPbN4bBf_$Zt{~;T*MWGI_O z&H@SgXx?uFvTFJ$awm`vL=8i0vs?K1viN-R{)89%yuS>b$1~*BKx&zWZw4}-A-@6S ze1`lUkmDJjzX5V7qxm$DD;e@71K1}+o&;nlYuWYyd1c1=5Rh6%b32gv3|R;A&MejU z1G$vZ{1lKY8S)k&$N#G@({};6m?0kqaydi(3CPt9dF(bce3s|)Od!`XeV#{}^S&(R zfLzUx6(FyFNuUYk-V@F@TJGfpVUp6UELAR(2janJrjYTSkI3%Q{5 zUjpaaJs$ZmkmJHR)VOOvE+=Rk-~H_#c_)zGyds+Sj{-R! zk)Yv)xi3V+)tCG7`ZPG_$m8!ujT6qH#yuU#@IKSRn2}SM)(lhCbybZ|EqSxnt0NI@(e+FcK zhI|Uhe1<&kg=puatdNVI(A;P)Li?i{ej_;FZ!MA{lR(a!bVY6jvU^E$p~wc1^(@s7 z0J(O|=k(P;K9SM91IQCz89Y4XLce2pqq(>v@}X~h5S)+S5u^vs7X`Ud&et-|e+AC_ zzsu+Svp`a7+&tTp7iLmxOntuSd*KPEe5xk_+28lbFp!V_P_PD5-2vp%YRCnV0gx*h z@+u(5+kpnsrGveA!gGEtXf7L~ZPc#EZ}lxjh_Y|mTAh@8-ctJ>ZN@BGLR(@ zq}s<$lya)b-9ss-)cH=Ny7-IQBB{5HXC;urpn z1KIy(Pjd*!?o8GiX@1#DKLg}Z8J~NBJSUDN$oVxuuKY?!)od+yw+8rv@2?YKn-F~C zy1b!pSOe0t5KCw zZF&!o@Azt8n?4BSXs+HcqGi# zou349KC{Np0ja?hY7N@?mw;&ALvQsSAnVcVNb{FKwld^jft<~dN8gKzn@?jt!$dLa9! zfV?Y1T0kym$R?2YX2|yec}!_eG$gBPzNNilsnCkrwVwNfrV z^f0-2N42AUfsZNkH~J#pmLifPCzUJ{Juj4`sRdHXy&9<>D}qKg@Em z3M6Qla-l1nzAQfaFuCZ1&$D3pR2DA+@(2V|E?x=b$zSJlaX*lM`&yripCt{(HmNKw z0a?HhC6&dyfP6H|#fONPhA9^pN@elT!{p+xz~@|+i+=?2#w-_~1@doMF249ju>SKT zpNp>qf~R6!E}jbHYL<&<0}1*hoiCMizWOjaKOcO4H`DnLkmsY^ljUy)^4X_)%P#{t zf_jn0ej7mU&vd>U2*>lu@-G7t^hr8jDe3&N>*ySM^Zi-B{FC7PwGf1aR+nE7g$G!W3)Up|C3&=ZS>&I000J#>&qG62mn70>4 zab>IS%4FROKL3e~r*eOQoS)$>_8^d_z=p{_ZwGStD}yzH^j#(CA1{?@F8#N_=Sxr! zsRZ8-S-!kJ4CK9-ktJ*V6_67cohE<&Cm=zeR8K!4x$ruF;$h14 zKfq@KIwuVu_hXM7`sJF}@QFZP@NBQ)(}6q!J*?^zJW4(M`qH0}`SWwZXCssTd?5dx zNuL37;5lCU5)dk!?9&4B{HRZJt+&<2Kr`r*?DMJ5!#+vF4RGDF+Fss1f!X8oR{L}a zt!=e7+97}!bcD( z))$+d%?^&4qFGvQt(*eg!xC^J>KScxHcy;swtBth;9L)SB@U&SV$#jlpmVz2TwPz^ zXmvK5TkTfAyXiUXM6d&+{-Cur*zPr9lq@U8rV#xwOh7%zvQyv^;)`s~u3*8>S;4{; zWOoaxRiPnD?m)=h4)e7mDXK;rGoIah#zhY;+b5B&WEr z{7P@?wAMR!x0~I~EQSk@GqW>G`|AxZ)AqKyu+w1BS~=NXWx|bKv$?q5Zuj<&AlN?J zUfCX$n6$8Wgt*SYL=Dh_4T9hA4phK2QV2W9I1Nk&hYqHb8CBZ(Aj9iw(Ub$_xPjvc_7xJ~Xy}2^zz+I6Ub@Ywy>h^lO+3C}v30GIK zNFS>VkZMOy5t-|jVfDr4-2C+H;^L9!N^iTf+Cl^ zkQ6x&X`83o=QMW&P0a+hSC#{%Qgu$W6A7FAw&|HSMq9r|2tJP4db+m}xUb7yOh0==2 zf?ZOwIv`8N`kIMr2;&AAH-vGFH#QnSj8Gxo9Bf$9k03N$nO@^Zk-iXb=|?2}7(yeJ z={0^Y(ih?_{g|X5&oecKwrjJEJ`*kYau4qi~{`Y;2=Qh*V2ZZyuFbwNf0LU$OmoXB~OEJA4a1_4TC4L5c+MMbPraPNx5qkx+Ilh_SGKQ7Y86%WohyidciY)5Jem_LuyBOfLo zX;^YC=8<6whC&`0Q6LoY$Y{#f-jJ`egMP>rcv`tTFy&&znPpt$?=?EjltAMFN_p59 zpjG65>@3MfYXLK#9jynzYSL&U0wFu2!vP8z8XXA;Sqo#A#eD*d1roF2Xi|F6Zb=(3 zI-cxOuX)3m$AOVEOmxH0pNz6?G=HhrDRoTpNB5KB7D#ePC|YJr@<=FIW=t|k%yKj) zc_d(#85?De1PGQHlS~o{mKl>=5($855n+0lW?!S=est4l@RI~MJ?ckc;|$5&}Qnse`X z$k=$Dqd3uWybYl#ANFF-sPEk9~Us60Eh)d$`n#efvnG1z)e# zjAvj`uhj!0-Wt2bdaaQ~z%upPaDZ0U+pR6((Ol`SueVnQn8%PpvH+dUsq3|n33KXt zO)^1>P?+_aV1t?WY`!nXjzhs z1_B9g#|8tULVlwVQL!;PmV^w~$Ow=K8LnFh)Bhv&;YQ$ycmal4 ziNsZAv1_rsS0zPSh4EEBXln6XVqYsm0p0(=IQoUpKVI>bPod* zbpy<2EQs0u$#x5VVPP~jGHzM1=2B)DtTbEaz@t{7PAw^I%rf5)hO2I}WPtoV9 z04LLuB=Cvo0Ig$xtt&-WtBpjwwGkQ%tVxM7qcQG;3|ebr5zu0()%HfDE=6CfjVDAr z4if??%M30lB@R!a^;#s{z>*wtvEE|6GW!)GC55_pjG-bWa)8bL1{xhnq23i!Xl9BM z*1Kn#Nv+{X?bM>dgkiFx#fFGvLW@}L4o(gQQH7aybfSV|M^D7r@m^;|8y?RD(!{Ia zqEN?icM*=s-VzgY%al0yX`Iv6$4iNfc}f(dr9}HmiP$igq&YCD*^p*Ac4v)x;srlx zWZer3p&`9XtUpAwH{tlG+1l!~qF@abtZX!eRsib>i?j9SftjV|;?ly*>`h!BG0+2@ z#!8VApJ~Fy?n3f1zs>fUq2~0$LbJDxg_o@@E~ga|HP<+9!SO>`S=!KTun^R^VhUyh zJxWZZJuYT5vV~R>a3YWw`JgSqa#fHjhppHT6mAlqG3K6%C=fnkfR06I-Z{jKQKIIZ=w~MdiE8cVZM_hHSS_ zWtQv=+GyN@Jjr5!j711a{)Au^YgKG`rf;5aPT6mlvV?RRK^+{n%D6Hp#yQc(8i}m$ zuFCr9pxYc^1yK+seRYtPn0hle>oB?$S6!4iX6pA-w zPRb&U^dfg=c4_*i>4j#pznLKcfn;SP6j87gfmnx)%vIosWRk>VS;;%g+iRw35TTw< zr;{YdsyWbgVV$uNGrpE$)4`cQ7POIPIO(^mBA8&Oh=Ri4ftoejgjagrL(OIEb#>KC ztDKA*S52`55@Y>-vwcE#ri2;7cel6L6wEd^w>Q`%VQ_@N@@8Whi>#R_ia9W=(H+FI zrq9ZHbmA$hP0t=XipsGxJyo)liz*r`k228?EE*t1m1#{=mc5#n#iAbM!=mlRvX!c< zjuG2b@YvG9apq+OS%&ZTH>Hlir`R#HR#&w-YjWpmNVW=D-|=g!CF9Rn`>}}C+#al9 z_PEkJ=YMT>PFpU_^=W3w|iPcJM^9I;Y_A6C^#-@^7gCs2{tjUAn8PA=W5byaj< zx@~^icgYggZW!eAho^6|Vosgl40pWSXMMkTtOvJ5)=9JoVFx>#oIX2=>T70B?cLo# zK>FUKrFOPtL|JBxNCRgz;g*{Xl%o^X<1{VONEVo9RIOT*agkW|+rzu%@ z-|{(3SWlpZx|N?tn>cdQ+ydL5nx;yc8NuuXI%cu8n55qZBlKVBt6RA4ixo9&O=6#v z<`Ra9-UBk1!(8PZtM4O%A}+F0So=JGkZ3Z$KEpOs3x2R|^@a;*)$ z(9#w-mPEn**D1fqV^ZpKqs(Qv?YF_f zv4`a(S9xVX7ptj-_V8T5dXsQ$ks0L+S%M-`5~T)Js(K1atP?2F8b%p(F!t)heJH9h zj^2ZV1r=Zmm9a#*+B(Pj+QxDoQsGby!h6ms>djJ6OX^|DLmC2$(tgB#Y-zHD2>=f+ zObf7hA?G=o9Fuckm;`{B6NUuPEwlDN$SFmLu!KtM;W@2#)-c)#KA{tWrh;m&4W8Cu zm6z%rM!T9Rc(Kl3JjYEeG09}dgDc$)tgpiVH4p56k_SuoBQ})+f}jl?h`|{rSNwqn z+wqA->PscMhr?KCBk$VAVn7fjZo>#mmvy>D{@a^7vd}1VA&inr^EOukCMqDwJp#h& zpBXMhh>a~d26&w{>$jwllBwtNId(1DFWoE@*6oT_B)1_Un-JH>X$QwHQ+h}32N~4v zO_^!eTSQfyB$E=NI@WLTJkCaYaI%Xv?&wBnE->h?NQDkHG;t|aR7rSi!-+f&PF6OP z)3Z0t%!>C&ziv)S>h>m%Z_qS5Q4|$Y<8VA}Nn{WawO|d4Q9Pp+1L`+cT|u?k5l_rB zf~FYRjTy;+d(Pqb1)kiR>&?$Tef`6wL~Sy1!#`iQit<W}O;pp4@0*w~&i=8eS=c$-dX`dy>_YXMM1}a<(x#THjZ| zMn-TtDDmxe*U#05Yoi|PcX}sV{Y>BXYMIw+fmMH_;kj^byxzs`nY4M@53<$(<^e;S zGb?V5DFPD5Rfw3}QtIA~BgB*rM`}SS{I#3Lu}VzY=~Nsf-#o0#6N*HN)5FCyL?-8E z4{~?0k39{XhRhlQ)NM4CJo#vBS<>)(JtQgeIgXYU-F{e8ic3nN+s05Dd1=UEl;a~q z&gOEr3-;^`FpJhHZ=B#SV!Appdz%}dElz*OvFX{#X@z56MIq~txt0TSt}OdeUK+bo z6CHDlGcbrO>>0>5X#pB=@~)-<4Js|>1L#pWpK6~)lo()U2}{Y?OF9)7RHd6!TP6xv z4hbeFrxzESQ`3u+3p4XeGjmv)BD^@WI=8jJv)(a`=~rj1)83jq+3l>9VI1<7gjhp` zg;K!n2tI+&zYrNrytfg)9Lxi<2%h@zO8iO~{d%b_vp?6D(9 zl1w-P)^uFhuUX7aO&{DLDzb~~6Gg!>B60BERDnjG=7))7X{=skzf>|-aZx0)3&SY~ z92_t5yLo1D2CFO?>^$Vy(xJJ9nWfus{`%lt@GD^$W3Wy#GbK77fP+o4qJ!H6s^_Aj zGdE$uQhrVzaKEP)mSzslOky2#e(uQ3b z4s82a2PWylk>=FQ;!<;dE=rp^go=c--a;@nvw%{bTe!_-4+-XvOx(6KeXACKV$hTY z3Nm&WgVU4q6AM`ESi;(q@C9(V2u;lZS-LIq0RL$?(o~b{NXHf@Zkm>)=D{LMnRz55 zSv+=NX<=HEfjPe5+V1yVJ&oAG)hk*I3Kd_9j~D%hFDMXbr+RLrSpUo61c>7_-y z#WCHSM3FV4GgDlQTAV*TF)12&XhxB_r5Pl(IyE=BINuacS(wHzauJBk&5vSuacN@d zm|97(g(IG14tqq?-;r1#AZ{9Y0yqZO_7scr2T=BoC$*TGSenR*ycklzr?ntNkA>-* z=MGO#<-!)H7j8yAkIbnZgm4l5jw~#=w2LtN5$GNAzI14MAv(?cf$4@gmS}^J4;-F4 z=pzqLF4h~(3Dm>IiG!A-c?Azl+@v|Q@KKaa%%fpURHQRZg)1xCk}38!Czh5Ln#@p) zHVjL$GY7SAP|B&9n}XF9Kv&AmTbB?B8wymB9K9L#gQq2_bX4qWP0UWg^A=_%v<+9b zsN6I2+A^gC)DX3<04!9Ip*JeY3+cw2XvlAt${UMW2KZW)=b_7-Nnz`CTOyL+cO1j! zC7Vp)Cs3(jlxFX?=Fy4ydH94Cn35W%sTbyMy-n+$aFm8+G4$#45^Jm|49ny5Ix9Jh z5pO_b2IGL{+{84dz--o3Fp@RrF=lWO1`jMWkKBsdZB=8DzlHxX6wIvDaS3v?q>IPO zIfY#`d}-#uu_Y~Op^(O9;@GW;XcF0VAvE^UqM8B-^Cy956(=-eiA-vmt{BIpvGxh0 z`C|vzV#ipvFuB~&<_Nhp1&JR1mjXANzutai4vj5&qNBq3X#V1!sQtX%{d6!;94imB z_LH>XCu!}si~wa`$LTKT>AZ}BWl)Xa@jRWkRYl9$3)}__hbl1icLyb`^TgzhGkH#J zFq*|6wb|ZSZe#yiPG^W1qx5?mVQ?;ssW>X8`WWFl7ArUz^NAJHMShR#N{vS_)UDZ` zpoev(Ul18no6hpPVT*X%oB>HzWUa|o2;yoj%*wrVCFb552v#v5aYKE-g67~fzO`H> zz#B>j`?_l zvk;74Yhr@5#%m}H>Do7c!J4qiJSG`(^gwoUM778po~BWRBePatmT6U%k6&P$%?%H* z)mZ4LvsFCg$QyKOg_En$MZ)+MCRdOp)Xchy>SLmAIXtZ{m(mn>84B^TEETD-!UVyz zR)l12NkS51N~qGfqzG%vPVu0NQ*pGMBTb91T)FCE7ftW-AxZqr^~VnP7#yT4X)-Cc z%YR63v*eB;oCVv4$*fQkh|^-uWwU)(Du8vxWt&2+78|WC?00aTON*UHX$_1m zeVon6`VVQj!-t(FO)OamW2c}vM+YXFgRKs+{r4+0&8aycM?0t*7a86xFy}NQ$dz6 zb%m%`A*}~HID{{%>F~f&1%RDiR@AnS14n{8X{T7}a*{9=OmrmJw8kN`Ce4d8Cz_t* zWPo(typVG;6u0uq%blJOXT~-i!YoDoe}{;?%$S262;Dq9XRRKzLn^CcnPvrjWWtkq zPNqc_wKN7%qA<|98?l0l!M}EjZ*8O3h>^mul%%*Y;aok-UPh1HlRjC>R3wA<&xg zR3NJ_mJzTDW8IbmuoV@iC=QLM$OOY)PJ3&{p9?c?I+R3L!ge^5Lk4NL&&Ua?l1>yi zt%3%jxK6FEiT17lLpYX4DxqY7fEB0p1siA4YUKiy1=Z3yRB7wJ-Y3+~|G;!Jgf&~I zk%f4RqjMU2No9+PrAx3kQLaYFFeMa+7g?iLMWD_pDP=#L6(@{T1Yplm0{AQm&%P-~ z-AG?utqaWKb#gw66{|Jixz<8Nl^)m2gftb>VY=-YIdj)@ht6FbeLfxCauGb7oFXtm z)N?L2hs6B4v-K@N?igOpwigj9h`dW*rUfBpqa?nEdYRMJ!E6V%-o9Zg!S9J zn8|ih_%a6jWb3&2$ny|_Mb@g3U^H=wL#C^EmeArHU~3f}g#>tYr;qc@Mc$iT>;XE> z?Z#-fe~K}yB@=_Jael)Ef`Z`$$u)-!5=s@Y$AC-+E!f@XW(w;$INXA)2HnX8%SXan z%fu}Wg}m}vgpdG|oY7p8WSv+x+QdX7xfxU}02$z0Zs%kBEM}LWa~TOsY3eL65wYmR zbe<6@H#f>SiK}q&p!QY;C-IER7^dOUKuI{0R7Nlb<_*;;iV2PM#c*3fa@gp))QObsBx01jKoUl+a>c zsuFaiDq&iMnYHqZSkSzPdwUBp?aiZHZV53mDd5>eE$dBKXGCRBVxlci<&nK4$a9=# zMmvxv0^^;`iYT!zE!F4Kg>`iEXF%w4ijN9?1UxE<*az1 zqDo*!C7DM4)PO?RT-rK?-7phVs z#yjy26Tva;@}4l4Z#(@{C5KT?ga(DXBuaUapyL_O5IL@rPESe|(YVx@`JW_+O;6s^ z$0j<)J3Sp%;E^ZL#q(t@OX<*=19278_JU;hI?ZqqA!Ap$_$x=R)Ae2- zL<$Syk|p+%^ro(jD3@`44>Rf>&dIL0-=eadC6H1}L04GrCy%$epj%7DKv7N(xD3T( z0}cb3oDOhMJTc&~c>2I&Rs7=7gCb#33NHaeLCK~4){I!drfVTY1KMwyM%r&H2ZkUZ zGQ;o03<1ZCp}-8kBQyMV%%B-d#`yB5ozC#tDnsjC9C;8ej*Vx0X!XGUa-WPgU7{TU2WCl+tR z!8Tm`$KzMri04H29M(GYMj$hQ!+}>L1F5$7Z*6Mz= zm&#$SgUwzXL&5#y)eh#$11xl5vYjQ>G)rA!!MBh#Db56NJ%V=v&U7}b@ObdYdKPLX zDhC0JXF3q*IBQ0g^POF+VTE-e(NI=$aplI$L8bX#88_5TVFU(k)sv4p%kc_Hs&qWZ zz`H?t$Hwj=Q)>!qbb$@BtKxdCZEOyUQkwrWEy#zVxwb`<^Qtix8Z=T@lX5wthzZJL ztOSD=%3`&xOo9n`?+X_iC~ZsE^H|zghQuA7o?Jr+>8QO~hB?+7^z@)0Cs<8$CJwW` zwS|*Nn!f~xJO(4k8>Be70aFBMdou&${SRfLyU;L8491%x2|=laD} zOlydyjfAwnsJbR=lUV}hZU-1gAP^Omi|oW8CwZR%i)R(_(lrRv0|(>tM|dJCh3vs4 zBJM$_6ms$InI=B^1R95=hns4(#7JK>lgFv-)CAsTs__|C!T2&5-)^c6yV#L=oS~P; z^(0DO0OZ2#oxCk6Z3EM=cVX05H-5W$0(gf|5D4r<*dU zXfB~64?TsG(cLK{ajuKDHco9R<)o!bY4+Y?EHO>nLa@t3B zv?%*@dLF0Q+{UvptDRw$#O9E;ZFZ;yE-*?*CJ(?$PFR$J?O~*KIBM5h7AF?%0|=-E z5xc29ID%7C(|nhWV-d=ylvMMCr#)5{i-;iJw%?BzMne+n6>e=ux&*Rzu`GpM=>6pQ zP}F5oM^8ZwQbLmsPDH_-l}Z8{Azxky>b6!^+ITKoV^k&on@1bDUr6$m^=`lIBQ>o? z8XvxBLRymX<>GDZ3fl2OfuYu5rNn${ssvBBO(tES0nC5156=BHw5)#4I#MngX zrzGTU1Wgxni1uSsUVl?T7L3t&Xey4o_}ekkjPH*nuK9BW&KfMCaK1B~AlAR(ET)BY zoM!<&HfaIo2E{DLkL>^i?S*2tkVVN*+kR_{64K;nA(?m$w@Ekg1spxn92E3e`W+N? zh$`yo#*59JC{#0#^q{_Z}F*oXnYr52te}ax0FdZbqbdcYsgZwrf z^mkd9el{kUD^vn}LSh9Im`-_3!S2vqhq2>Y%mQHL$tKyAJz) zQ8^;-Qy9;_HS{kGK!J; zsvQgq7Sa>u3`s%4jgRf=DN*YJL@I4TGhPKqsGu=d6LPvDNXk{T9a~+S%tgUvRJfK~ z?3g09B}p4Ro+0C|)WK;OgH!57R|^EK6%5a;jO4csPUW{2i2PKu$xoGIV=HScIg*h` z>EGm6avRFik(0{r)4h{!2sp*)kG)pMW^9xt)lyV!p4i6yAv9rT;20}zvZWW)Rfa_A zvQs&7laP&&<+s^Igaq7-LVes%HHj!G_fq&v4Z>e3&$u--%XbdM9yEFY5{W$8uH#1* zCSEY&g%SeJ9C3)rA3+iMU7AJs83TrlVerdwC+2ICMzzDcZ{~ zRa@iB&WO)_VDg9WU+`|1r^ZlZcY-O`i}q$M)|%WSad(;=6k3hP7IUG%wpOm&SvoMOm0R8z?`@Fr>; zQv}}fTdgTS)d=zvEe_g4`KjhGE=0)2f@pSe!3|Z>O_ta3{A&T=R|tfcIFtPH)?Dvm z1QX2JUq=A{2};JFdp2+iOa>d#mXo?3JCAP?Vtr~xR_rx$q0L$H^l7ZtPV66s?~{$@ zkH37LrrO~XfkM8BFJP@WS3;5DU9vtt701bM;I7{kbO|Qd{E@Y04A&(sM_O2YZdl44 zO8uKfvT60Wa992W4SqlT@D!9Lg7`|<#nufB9<@z*#f3f9MpGWH9KL5N<`^#w-${CwzT;?G1k}YfHzjTiM-e}>~CbXWo z@FE{ds?~`wgvI6XNe?`NWZ3rR7C&|)i`KQ_2+Joqxd=WIp|~zSO31B^k1-r$_oi5t zKTbd{y_?#4PCaEq!Y&K@Hu4D8e2n2!Q{b>2{9P%H-CXhv0EZP`ON;PVk$s2WN@kYbh zw~vR|ynSQX@fyx~jd)(81zuPh#t=|07HENyVFDf3v7GB(&vo3m!l4@bdTJf~9#3=l~p)W84{H$pWG5Sb&? z#Q+sdg$z*X)XD%+VN_L%PByCQML#=(>j-$B7fszPTDzH9ynq3H^!gMw|D` zGnJKACyXw8B3fBQzKWGe(KncpgX!{OuqS8b#h8EgXDnPVMiBLUqJ}pOh#BijkOQ_OUc4TfOqB5cU0l z3OSY}4aET&-=w3K%a~&2Ce8&!}1=v!Q^{MnB85t}|Pq*Gb*;&i_IV9UE zfoaeht5U_9pUIa>#RtblwaraL$}fE&R=$%4 zNjQy;3*l%{bUN#iAUl#|ayWNF#ydD;fyK}vs65r2zLmV#ZB5S2-_|_1Fn1L1%1z^| zUYU9N*w&TLiA9Swl2LK=?xY(wu{ij?Hx$z%c0cR#Tiro_dowE@1^WR`G)=RAhF_5f z^P3Jfa3|ObUIH{`Yl};w78?vGv3%&bQH<6JCDXtol?klWIIEpmi9$R5|B}+E)T1kI0xlUs6}bhk-jy1$A+ouwXAi za}oXSIv)AIYa9DwW$G9w7UWY5crM-Idx|>e3ZR9MkyBgnGn}zdqsI`QDC5Bxv=a~^qiyc#Z(qjkVz7C# za{^~sG7=0jv5JyIu@zya0%ORD)pL*bisJn?$hBTyj+oi16PThX;0*AwoGN_D2s|Z$ z2-Io z;}^ri*g*#%VNj!?*yzO3i7?U-v!lDQ-f&zNkFADOW7ca}%6|JE2O0$QuI-LZ1;n4X zQSO$8b92{ASsJ2+G*)Gq-Zx7wTu4!9q%;_4C>`yGdWr>{8bAu&f)yT%>G zb~UjB2umAc=NN5I>bV505u7PujVrjG&8)bpm?l) zsPfA#Od>3(pB0HgiN!eFV#T-0Jmg!hCC)?xJ7gQ4Q^V)LFznQEsSL~E$TA*Pyy=GO z87+p4X%J_$f>rR9WybhTZi3>)snJ&RnQFJhe2Z~%klXEF0Dj5nukqe-lODPer z7@!P9l^)HO)0a(B%w0**C=+(l29Ep8Vm211Z@6*HQgBo*9DbIcfI^!MDE!1bC*dbN zo$Et7;K9i}?67bPel{G4-V>Vui`=8or6vg7939Ree?tlft=70smMuHo=TAH48&TAXx|nX0{4nSq`LODo|`%S0pVEioulwIUyaj*m>%iZr_J z5&6i>tVp9v8j(ikW!IJ-=B@jN@!es30tsVCZMazvpx0R+p`DG;MlZXyhZ!^6E=MDev}>YWP+Wiy zosBwA1}7(~hDQu;N;h6Vi;u5tK-(DV;OlT$9;XC9S%}PPwVERdLjfOs=Qb)O4ho|O z#WH)X-fQ7o7iU`QI2q2H7cq$ANti?t8}=J8wNaeB#)y{@V;!7=(4TveR}4C2om}F^ zp&>IXBM}nsgEH%kLM7P5C>-M}2I}?xAO?nqw^GaqlFPT0d7UQf*hNjV zbq%EHx`oqx-S%Ahz34ayu~BmPayGvyz17AlHSY#Z;%M7w--4KTjUhEFPG<6~%jYd@S*a_f8^}m%Ot`{j7SKkJr(7JH7JHrq>!_^QJbe z$Ks$ny}UiXp2VYfSEUm zycUKfEpWlf>S}!yQ=4WNyAx54yMmQ*ak%3&1_$BY3Q=sYSG-mq=VQe91Tn7fEO*Ze z#lER&nL#qps4*=!$|O{0C|I|_8(mm0YT}_WblRjICelCE;mhF;=3T8E;Z3c?XpA9_ z;?c|rpS=XQT1}?o44C?jeGCNVk;5==pCvf3at2#lMu~!D(JfaHQ4Lp854LhP{8WIP zzs=#$x@5P?V(E2@%1kUSHKB;Vo;FD=sVkwC1#YSzo_)~;A zs!Ml*|w?L}>`Y-|fj(nADfnyE-_arYcKiwB^c zc#V{CKk8s@AGy`FeW-~t7N`gL^+u3iAFh%Q{+V>j3$ig3$TL`vO?X|KaOhAUcRK8I zIy7oQhlXgQX2SO)@u@rgV7dI{i4<2|zA7@oqN);5NwkVVJ> z+t53QM`?d2Kg2kPE+6u zbt~AJos^e3v3Fz~CaarSx+CUXP$A804={A_2LTLeLLRZJmqlne$l{LG1b z5HNDsF?uI9=0fdN@GEmE#1@#$ZSkX}Elj85Gy0K5bzFe~jc@|@tD@FLb5_O{nM@zv zA$>WbkaWJ)?{itII{i+u1t!&ri)bOyG!7oEaOO094#o8!`F)}_&gEFddc=~XXA4L~YC(adD zRVQO5nMb+gVg^_6DUZHeP0h14xsHPsG3RJImTy&Lfra-Bc{!VW3n13)dASt#c_PKc zHo8Z2YaB!5tz%V8K_*B3HfW?Y3)Tl~!^9Wydy6}^8D*Lq^16u<)S>H$)COiD6W z9^znyf-eLz*6J%u!6$OCJQ1(jRSay3tkgK36@0s5bmA$*d03<3(8I?f|2nDxh4a}; zlGuf?LOnc1%vy51G-mM0sa$zT@bDB-0BTmuhxoQnTivC5iaf2ec^(nP7-*mbz~OeOiyBHN?l@I48z6 z$@W@ndmTrItQ{#ggPx0(kv42DOKzm%$@?5#tjfH&g*E}3jCgNNAJW5Eh0|pZvu!G- zD10a*CJFcsY49FzSq#z$UXi9mtc|K^gU4I=IvaJ3gc;^IV(&&jDr$~I-zN`URN`y-#s|W19qCCETsKuk-)Qk~KwY^y^A}iGDNMBCnq#^5- zX|)JqqLRU5Ote@bMZ~K!kVQvZmbqp|i_vAXsZH(6s`M3^ed7=Tt621i7!PjG1d@F*wU{~V76*Qb~!DZPLHNlTR;Yg|8*DS`` z_y~s;aOsVwSgR5u3SS)zi%zPw43T8Th$)IKldR>bEMC;a_eiTh=7aMJ*~*fBmq|ZA z!3+6vx2G^(ma`V8_#WMklGR6|Qr1Zh>iUdbmQ3PuyGg0H!|YncAczMf@hRM}e7MM# z4WE(=;~kC@P}nS}470aH%D5!gwMSZ(1o=R~JA}CLR*=0#nZVDO4LZAHGah zX|zNk4bhfdXQJ%I;#5}h?}&DgMvK8;aPp^;ONuV1he2@}L+o3QJk>shyx?0d!kh6Z zsv3{d=rCA4Zl`pjJTJ?Y2}J4+Lc{J?T2D8`EuqJ0WLmivD5fo!WDobj@P%1<2(qk@ z`GH#-k4Tx7I7Jqp`*x~u@!SI?#&ZuAi02+cIG%gp6UwHe8*1ufzEyY`Q#Y@`wQXet zil-i?c?;p0kBSspQ?a3fBWu$OcpjKv7+n{yTt9D_oq zgl0~a4NNH|O!xEeVl$^9#((%)c)M?1OPItJO{CZz?Oj!6m+B$}SbeH)5V?3H6zI%P zNOQP@9E(qlU8jXRqgnHZW`!+Q#4=9P+TQDGzDO)JP#MV%Y-HXn`Eu=N>{RRkn|2$S z_>@j$%cx@qf~+Y+L!1pVtg+)cIom6f5lGsP>+?cGy$S26yGuwcX=Er(hOL`r14)FW0cfS~74$=D`m?QY6jn_Lu1gxX_|c=}EoBH##S!j?BnljundD zsUsMMwl`ClDXbX?Rf^D*p3A9#$TSwMb0lp7=!bn>N03=+Y8a&Jlqj2)+uRFof0~zf zVXNQ*CvkfTPu6VV-3QcpVTmhN`Jf%_(30b}P-_c6HgGu*`w-D`4iS^!1JEq>xPG$Q zIl)8Vn`{vy0hM#3WAWh)ybXktsM>KWd&#qIOf!X(DVG7AXlhP9bLZ@-+iKUyn&)M#)EPqpitC?j@jMvh#4cJofY?)(quTL| z8BzuI;%kdba|>t^!i2DZX&wt88x>n?v`U$nAP%R*Qfq0pa&35`)ggF+IZ8A<*(NcL zf#NoOPy<-(mJYfVqdTNuoTPC;u1IDFvzK;lY3i53(Y-S?wYO5*@h~uqi_0?cRVPNe z(A?4a=H2TZ>^kzl_BIx7UnoXGjj+Q)Xl=|kghp>>W)S5j#(bdgpoDQ~oyTy}Gj2x?p@gtf zfRpPuQ(mOg+Y)FIG)CKXzWkpt=xm~|g{|USai`#)vd$}C^>th!h-u}`(|&8MO`Wjl z6ZmtoV0E{8lpq^n6q3@YU|P?(dLmXLyabHXe7u+{(?OX_ zHcR~Rcs%a>%KcAAhW-s5p~R(}LwXs};&ZaqI6l)=#bVFD&q|rZ`W`kJf(vQ%EiWnK^=h^G#uvIY&c+F~Sss>$0Rp+O5pK&hM$qXgvTcd6DgwvFKyK8~fl#cF2X zWHWs7hX!}81N3*TgN9t|V1R2Kh|q@Uo$xv!RF};o5fKVk0)HQ{~zm!^H zU0CXRV&rq^f6MJd$ASDq>CepK`#M>hAqdUPqQJag-onHg`$C!mML0B@@pUwK)Kc5= zj393ev}CqB>jT_5!2PrBb?#+M&)zgMJFTNrwtE@@9D@%w!5E4~j4BJrcR~Z9n9|r; z1J~c~@!?EtAx1G%i~KAIs{w!UBL?EHc&SnpAy>ZL)#0^?&fUe7nvs$uYYqg56Y&|!qvIyOiizY3DDT%2i+a?F@j<4ctJpnMyzaHMxTHFMMHn(_BB-G1JYq){QUvoa)6)8u>=3}L|jb%L) z%64xL8psp!b#@uhASW2h?2!&Dl*CQ#0oLR@c=TffXQgh&`XVpQ+#(+X@j{xyHkBs| zSU-kT0qu#pI4boEh&w8k_YfxEl!Hzz#_%=W3H{2j&#MhU=tNz zuv>2ncUAo;4pnpxoEx;4y0>&zabCT(B@aCFn>}Y_VGjMLk}kAM@Aux4^6K6WzD3>+ zHvYPdaG-k@<$|j@_&B{RTg$5#%dLK!Lji)UiJ0;5$zXUn_JAc0ZI7NaHIf<{Rb4xd z0ES6;$Qj94o3Owy5oy*OcyrYO!%7Z)0z_7DoGlzSkWB>Q+VaXIS|rQuO0+&pN9N?s zND$zxTu_`F3iHPfV3Ea<__~CANk4}4(8z}inG1wPl65@D zqccgNRFxtp7aJb5e8>d7n zCj){<9GO{M(rEs&Vh+4Dl7&fyG(@AM5a9W_BQuk?VVr>7u{856`1DQhE=F7C1b10Wi2H3I$FeX6(6dU&SF;SG#?u54rZOG zo^U&qJQhi98gd~!iCK+=GD>VWaUV!D>JTX87pQ9tCq|~1hqip zil&QmB^9aFIRcTcLfNR&#Hx!2iWHKnmDCnZX~MCJYA4XjbJHEophyModuCq{N-LE{q6S5=%B3 z5wa>K4%H(vl^>x2g_fyNwDpdV=h({HN~b)H(?<#{R>!-6XPHM@tk@oHx%Q~j!26xu z4qiOO*bePh_}yLU^ZPx;#HWYZr9u)cv?A*g`05Ydg5bu146g=w4F$)&Fd)Lm5Ed7Y zgszw?0VR;5P`m=Qj$I-fY)|2=0PnA_oWfN)OnDHr)krMnhRC=+Dbd_sEZm!R$%c)I zQ3YNPn5(p>JY$~}D-v|Fp9(&GGpm)Lksy;eip#6>oF_ra;*5L+YV zJy=IjPxoMJHGe0VTc~}k&;<$glpc?I=+g#{kK8-JdM*1>Y`t!R3tx&I zi(iVxH(*ts6VV8!#0W<2CD$5b_N7=cpty{?dL9a_fTv8!0|X&c!+a)z0Vi>|^!eLi z_xao5{PVZN)t|o|NuR$R2_@)6jFdiqI~qQJE16nZ9?t7PeENye;i)H`$$3ORj$s^f z26jq{aq@EyKS-$cODl}bHJkm`I_d?f*cxJ-$4vlkQ_9|Z_jI$tmc-T8!aaRard(e^ zm8;Y9J}C0!c}drx@X#cN-ZIoAR}Aycv|FbVKn3y25YJrVbwX5K43{wJ5@w>Zl2*cd z@Z=*-3W+sj6IR4{Zdp{6LDUSBTPfOz6f|33k1GU~(GW{o84PiaHRemlM}!){jP7i1 zo!55(b#)ss}Ig>Re4n($O0uu&5Z$C85QEU=o0UwHNqHA`;rv6~6>h?Eds zqXaX^Hd@pPp=C#wXkEWYBXA#IPP-~qk%z1SD?d&doHBe1HE1(+2!ld9d+=83Opp(6EN$oIw zBNGcUkxcpL3hFqCvgi*sNDx1PFB}So0#GuHme1J*QY~5frK9u|g%gq-%E^e6=WWD_ zq0n&4%U$SVVXO6Ue0S=Ql~_*0!gMsJC1-k}edI?Lj#ynI5Y+s0Y^5j92Oim~wo@EAb&OE)0iUU1j47G8?SPZ?-~V z4IpfBgfK`0gr73rwT0sV=XK7B6Q{@1VOTGPl`vd{|5}Gm4JbA6KoAQTF=)%4UfR?l zK+13q-x#?dVr$Wu(o_Y@N({24!fJey zJ^WNDO28&6PoniysO>G^^%hTpBenmysp%5N$&#fS+=0u#LQL!FjtNL5pzTBmNfRFe zqKr;y0)*VuZK)SLI*1tIg?$v8;)KLvoia?Gxs$jAJH#+e=1M+EWdu`r zXY&cFaMIhL$7M7}NaH+K@-F7kK`RR^*dygbTe(y~Oc1jlBBdQieNcHJWV^EP7U?gt zr)1dpv-JWi;m!JjiLtC$Ko6=KKAs@)1oZm?e6H3g6yQ^=?bAK&OsF1Sn3CxRFQlWI z;z7=3+xto)t57stQ;QQEN?v90I;hMlAMWSzIS0VDa!70nv3b zVzJd)U=Pf=3}WPU7}ys; zsu{${>oBkngj6#KUk|YsP1--UO{ICs;zVd{Lv$FT%Os;5t+Nbc73LV2{SdL~kN!+k z4vTYBj6mVX@4$3m$Hvlzc);}Q0mSqdnH8oRk|3Xxh)5aL$0-P93KB9%n#xHC@KOs* zVq`s^twfeC=U9V|hTv2WisRu+ZT9hlT~IBBv?GvtUR=DElS4eafbk|I*sO-K*y`&{ zWd88v;$AYwWuoTH>_PcLc#UT(FhatIi9&g}LQrMq^-T0(9*NHAf>o^8J)PyDJZ&ju zPWIITIR`qD)5I%h0YY`Y5GSBQjkAK~mb$BruQ_hB-E+rK0)xMxGFd+y` zJn;?yKyG?kMpX$!g}er_5P(t{T5NSd_-oP1OL zifju|pkns9bVhq-w5159@YOR?mq1d+S#rj>jFL8+&v-p5BbdVGHJ-Krkt)u0JY5MS zr8E$+j>Vi+z@&z|m1#Z5Vhr_+%vhB|IM^dpuefp%&Ob?Sr_%wn1+lRt%rXq+l814= z9A6*fg%)i>kSr7n3Dr3K6|&FYEDigRRCBG(12{A3+Hoh#y>Gco@cL&0~z=69R$Y8bFe8b`bKUr$U&`G2W}O0_nf*N z^kAmJun3=%o)Xe|+^xYXEVRQJ;qCP^@kN=^EFQZJr`sd=3?-gpw^glGIU$y&^4BBD z=TMRI%w}tCCoUr&&T#aK#K? zJ;hab>S^ltdiJ4DU(wC`*nvynr55=9Qi)xvLf?i$T@`;f=iWmwymI}YcgX)C~DrJqZ z&xwZxxj`zfAhy;D0NPu{kE<$B6zI#F!ksRae(Bspbd{Iws}gCeuyge?GqA>2)GQy{ zTwylatNgFEmz?y5+qQHqHNDM2PPOGE4nuBZ=GHlUvCwh)yoxBeR8l~jOJ00}gW!^o zd>j)y+0F!}JA9=KhKa9JL^@#;)6je1?U-& z)lPo}UvNhmv$ZY|Y9CXXe~sE9{~CGS{2NJC{xzypfR(!4h%3tI_w#Tkxr-DXN#{HT z;W9WYU}0bvQ*N}-2dli2WsCKo$cvu{-l2G9Nw+|MJyBxLJ`OkTtj!vFJzUmeds|?v zG5EOE4l(k%T~=a#YuMV5Fxjnyu>ihMO9ZCOn%B}TMIICnHxA|M`;H7v4^BK#KDtFRJ;{}y@Y}k+f>#u_OPmdh z8KGTmLE2M=oS1eQRpk~6)GO_vAj8@*%etmzKh!rC5KSS@Ek&lZ!4FD%FOi!sJSxU< zC_5grQe+_OJi2aSvRM;QSkXc7yCKIp^OYZ^*4+~13+z+*a|b10!AK0#2khXP3CpXH z5ST9-T}USNz$I2Y%Yf0j+WjH(YR~3zU zUx}A`rs9)_CKe_pm!=nRb!uj^xpa%H;DuBbu@w?4sjkC9<-;i;8s?i`z=>afb}@^w zdg^Fn^1}|y7+B-z;`KU-_+b=kei_4RLV~%iFsvZ4w8o*G<@H>2xu*LLoO=`1T*Go)jlC5T`#t1 zr~`M2l;i^mu~tEc68SVc`Y$@lG|!7@TH3*?t4%CoRVvhK-z9?q8@h0EK%%rF#wyz2 zr`?D21Md~__$aJCg%?H%vbakXJz%s%$g;3;P< z%Sxg@9@LWTP9N1ONoBisGV5F{>R3ep1VM1ZOM>8w-P-D* ztlH`gTw2}0FQwJlx`p>o+e6*}mmXzI03Pt(*?RSl(k+#G(pwvNz%O@Tk{3@CrvnNnhono7T|lyY}xASZwW z%2$KZF&R!NpKlLp1fWx{uXb)R1$~1mY*yltN6bis$*BSDP+7*(+Ei@9<6{l%fgCtc z!3DOpP~vxZWGIS3+Hieb(X=*cO8X255(iB`r-{)`;t(s6#N`bX_tP+jvW&W$S-|pj zKe>$#8=G4c;%;PAV$jF#*zk~KNGY{f+d0c6>;`)hqF;Dew9g;bh){{b8(Rm2V(ZlR z4`IN-$bbOaN+S$&&|)wrmLzP2SZk`Qi&5#ZmVIvE78cwaaF8fpQmy@Di$p#GEZ6xQ zXTW+qr_DKWx-va?txhT3DaTQsPC2B$t{ulay@^0p9f-ONP`eA}3=a0ew}Bxhw zblwrOT^0LiksfQH_)w;N24lf`vSY#}IJoA{mN1W$ONK?iDO((bs^$$tb&NzHd@KSn zkBC6@NCd)N1RGJ<^e&7X3?DP)&;i)#>EJX0FR^)+fPFFGry#PGK7!F8MaSo4v$&=x zbg;*PK8k7Ai`5q7f}x z;_$M2A+1ZN6gf^3PC8ZT0P)?!c8vS~A=oG5tK&%kR1hB@dQ=^9C?(ncXOxs|dO+B* z+el<}X@&lf6(t)I6;|pAW?LTJK^_`G%Igl#&s#f28cvWm&%>m)uC zdfF#A?kMSR$N1c%yAhsp>>n45xQj&|C!7xR^x_=zp2N96z!Rg(JEX`QnxjUaGh9UXZ0!@fKuh@(+!gOt1at+(CQslNO z7^`@5m#T#m{pb=}$*G6GK(13g%a|^Py`q(t1^k#+973vO&2cB1COK=Qd3@-g)AHnf z+gd_%&k5?O>rJ4fI^CLH`Hh#%Bx$#9PBEj!(=)l>3UkqfY~LcV?kcQIVnVAUSr;@D zI>FhV_HCY#(-AItrX$??ry^{Or`^eB!(1TJ)(6C}<_KqZNksS%a6B{Bt?pMub z9cRi&;)abFMUb(Agm=`qct?zjcWhS~N`>fMr3Ap7M}gCmwWpxJ-ghPmM4 zHWu9xmWx5%o&_hkC)`6(TU*bs*b?xWg~3v!f%_WopUl2LpD47U67LrYDgoUpyDzwn zGv*eUarIn`mz%|SnZ$S*V!YJ2a$_;3+*}N2R`coXt@kh{f@EZfQh?&fe16}La-|s! zkH7@Kt?ezgl)Msw^J}!-_BH__)7JKmrWuf?G-YF^OV5T1Ft@EuI@YeHKz%yt&pQy#OGql!4*%Px_{}ipu1yxEd=ebxEsZ=avMJ#(}ENm zUAnl~46jhHL;lK|t`%ibFt=2MOTo<6jJgNeEk!IuG@s&{DX3{%qctHGzS8oOCMCIr zSojK{Fe63Ep`Lv#R>L3g*TkRiVd5S~GTo!&Fa7A!tkgS-fM6;i7gg3a0Bq+kP1D3K!xdlWIdP_%(100O-zB$NT*%8upWenjF; zRsqS31ZW?b(p>qA_rX3>t+XI3AEQo`IeFda5r`+xuJ12VQOk}IE;nOS?K+HpI@UsS zu3D0E(>#K)sAbaHyqd?03}{2)mp_&P1AT#9Oo`;KjtI!nVg8X4B@3$*pYDh|yy7`o zFt(+tyT-77{7&cJUr9v@8qk(nvPjW>n*#ReDX>e6sO^k)@kZapBq( z83%kOb3Wv2pmxyLs%G6h`VQsvuCI?a@?dE~?{mr!cbsBtWPaGU8`7s}fSEj<0A=v; z-upL0HZf_8B^I&r`82)d$zfDYrisW9_H9j#pH<<1ngt>-+U*k0x7N>6lT6LU|dHEz;)ZY=ZN_4~s z7ig!Xd6Z+>yZJNbvFMg;|FoP)caUfc)}IKl$L%&`uB%JRHd##)ZoGc5Fh4VI-7_r~ zsP1BQ4M%#LtiOu>tp1o@#mNvm@O=BKhu+QED-23!M59Ym6%`AKW=bUZcHj*rZFeED zrU;GdWFJZQlkhBjo5e$;Nb7kbo)E2>qf5{nG~JD zt>_F*zn|b1$U8dpU~ddz5ssivm?yu<<)J2ks6>s#4#<|lM;BaPztHwhLQ5W^ZNRDa z&Y$T_uWdGB)^xZ6vFm=s7!&YgXdZovJ!f~wT45IC+HzYI+vELb{BG0FMHYv6%(dPQ zAQeth`K8}jXC%DV?%`X^`F%{_QK-h)tS~-mY->c8Nz~pnB~p`%S+yv~EIBjBTP=a)-dMY2a&_?DG?E~L3{ z)4*+0^`nJxcK=~HQAWE{rtF<{JW6GP3A|(5CTPyKs|!9bfL6lbkKddLEWuucxF75_ z`VfHyqVZ*!58XMfp^T8L(0#KU$wEH+VodSXI!~k-un^h8pfI=Zq6U17g_|rDpfMau z&im_@7ga@28&8WpTxes-BB7fSFdOU<-a_l4d2!cFt(#~Gs}@mKz?Nb>3&hhAVShJE;(z7nBWR>6+o-&FX%WKX@z@&C+5;?IaNW;@!P91 zZp0vKJ)#sez{ePnrFEe4$Wyc)&{k56G?SUDnS`(t&gBCo)l!X7nXmuTRvLdhb37G{ z^dx&5VS*@tEDjrb^%uHKHq48zGopx+x)R|+hd0c9T1G4095y;asWnczyUlpM17&Id0`tMw;Npjw7;RMUAQt$sJN0MO$jj4|<+5@^Rj zZKuir{#Yh&c;Pw5f8wznEg`=-*+XQF-{)FVhO*aSRBByN0c=FuL!@4zvbJ@i`Baw^WYgivDQ+42H@vZw zDyx;EwMPs$c*9~8W&)_5XMIzc8PP<@`|ir4QFp+eygdh>O6VSn7fi~iMW}ve^f^P> z+P>B+6{QGtnE^DjP`V7^yH=`EdtlH;h-qKTla1Gnh}2N)uM32!%T0HGU16?OZkL&` z+S75MWn;~{K9<(|t22r3f=b%}Mvt|9Xu!CkqjmYFKqO?yWAtF32RnC&Qja)B_KG91 zV(7|)UO2$gzS(-6ATf71#9u64L^>QlT2fl)+kJ%O^_9}eFgp)bXIE9Fl zBp0-si}mb`4<6&6*>}Fi3}Pt$K;E{}ueFx;PqqfJ$B3Dmv%F@01JCD+Ma!&d&rDi; z$6^ZLFFT=Ok?;3EygAT^Z24qkE5ttzJEFyRWnpV_#VSxrz><1~{WdGgYmGDHC$raw z8m!g7_W^V*@Mo*izSzGai2A<*+eEkh6n_6B8{g_f<70?3c#WPyl6))&w_R}7WV*+% zj*cRJh9sBrlsIUu)o!o>3;W*k$)>>UhJG0Ub}W2l;owd7x{X5UjZZ_$%a^Kk(z!<1 z3WnxQu$IChv!@n#r!HkDIY7IcV2O{DC1!YsuX64IySRkVNN`qvhKA&{@E%b)G?J$a zCMZvcl%!1n$XFmUdaRD1ue6%t?$NWY_WSGA9MJ$To+|{QEay0LHu)r#G$ZMdUa?-j zT=9;al0wey9aD_}BCDb!>(#SX<{F8plq512AR7}>-oeVCLRRNHjRzA+Y$hX@;Jjoe zxVMDidjmnn59$#fN3Ror9HYhITKJSA%L!F9M&pfkW>jmN+pCO zSAu|23CWTxK|pC5;gM@az_eEEaHzygW&&=Rc7l#keJ=3coUb8Q%X!zs9n$m|kgUiI zw1N`IRT-dAokN;-9n!Svkk$nRf^KuK4VcALP!W@$DkdPEn1FO*GFP-I zg<_*tF$t++3Zxg)fk{jQWibU*#3ZDONk|n_a=Do2IM}?z`d=HqKttRLO(IVaDs~Sx z(F-_)ZBS@2bXK4PL8$SeAcp7#QSd|%fTw~`Pg6led%h-wcmf>>;)qTV1NVXuJQYNS zvo~`TiSQz=j|Nm22QAKmzs`5eqQFl{VUytU&+XkUm=(SCW;=z=dZW1(JBnCUV2toZ zVVj1oF3x#_i%b0Sc5!uqm}9gFT&u$opZM_@u)awcPzlZW9rge@sJ7o2qj&XbaG!42n0<(cY1o>31? zw0h*U=WO**tk;97RF9Nwww2aHCLON_6D~Mp%}GhP;D+<0@@(}Go?Z`2L_JE{b4EQ3 zYxR&+t4B^sTgl?s+RBrn9Z#6fJt-x6!s_8k;VGtGl@h^)GC&&VmbR}gR(-$3|6dCpGI#Ce42|nJ7N2> z%-n==VGuZZVbn!lOK%6DW0ogRqlKYwPCEkN*{Y?xyx8Jxl{TMT3{rQ&tyMsXOtWUonHOIu(XWF(NgkU{;r+63zJmSwUUl6?w-fv=xLa9o)`xVJi}j z9THc+Lam4moRZ9b?>;IKOG(v+Y6xR6X^43U=_(FTQn8jLWWjpE2Fk}UO{}dp05;{b zI8t@R8I3hY&6t&MbfNt7D{i?~`q1NMPXgXwH?X!J=8mb70c=XP>;_9coLOC@O4RGc z@`e&Bb#4-)%o;S1_iCz4O7?zQnT1IgbfV~v2nG~d;6WRJ+>*BAt65g%NZA((4kGn~ zPZwWL>8dR$E-)=CQza_^DJxPftE@kfRZ=-C0WB+2Ei0Rg<)B6(L`ym=$0{)w`9$nV zBle_l78@XFBPFDfBBd_nPT5kVY$@R>3$0UPNSHLjGg9MriEbCIp*o(z^P&{QW#tM9 z(n^`tBC`7G;>1(7+K^QMsY=gQfYPi};t5+4Po=fCuKC422Hy(x(kfKy^!Y3;n_e;K zv4a|i4vOikvh3Cd@*~LS2hpeieAqUK&V`c zIBdM!z(ENqq7!6b8)6yS21tXZL6S~H%Hc^mIMJWhV{mAnYsAx+S{;FWmXlN)9>FR} zZKpO365CpXEiDD*a)o-5Id;J&q&s+-#CFIc*O3GKq&WbG;&mKJJ5Qbn*0yPal=t@3 zn|eSk^GP~8ZRe!+3mu8SntlbICTdAnHc=hoa(7`m_bJJn=V1f1{vkPdHp|fx2{vU* z$|&JP=6LBAqlBH68VaexsGiE|`EO>mt2RW=jggm=s;pi6-gOD8?(7UV>j;8`0tH>V zsgqamcK8 zW_q?AH3CFWzZ(Px;;kKz_u(~!W|W4qgYzIIvNRJ3!oJ{hEb=;MXJ~Lo<7Tx)2pQZa zBaXSk`Y5@iKp7kItF*rqUR#z#x%ElXH9kpl+moa;eY(YjpXt^Sy(XGo@(mo&xeG<8 zhWG%sZ13J6inC1Rg~0m|(LVL_w@vevR`k)_CyJj%^RbX$s2ROj?Fy$h;>p1QJife1 zHFp|&f-a4!B$z>HOWQzDDuu>GK}JH8EkI7gahV*%Ea25Q z1V9o;HGX4Dv)CDiILjhp;Ldz~zFeZ_D_&xnGl-yrBrWJ22`%U(3A6xz)El}}_bRyA z>6GzCfY!g}mtQ;}1S_Bv`_k0fS;^)=-NKNO+iBiQrB;d&W*Qk0RW-T_RGwC9pEU#{ z|0#`1!c4}x0pLrh7p%-Fg=zC=R;KLkx8LDWh+EmHp8hreM5W;TlPFjWUFQf>PemoG zFua2X?^^gj^88Y-wmGo@HMB>t090ZItxeF^e7XDd=C|%rq3i?mYA}7mAla6?uRUs%_#ZfCDg4)%`s zf1T~WJDUCc9=ig#F#x|%5-6{u*Kn3c+>e&xRKn3TB(C7XZ~3{ffB~}nCINmF_6@JJy@r?Z4p+5=!MQ(kSK#xRkY_MeAxFYgCZemY z&;a*7J5~gu-@HG3W5RpLdC39{hUfs3K;|J&`UHiJwx!q+jN$$&-ykQd3R6&b2q%Ft z^3043{_>fczin1^_X@c%{q7A+Ae~F)XQKz)GKAlS|jya1Eh#*hZNq{b7;kr?>u>!WbLSh_0VXHv? zn$alpaqxDMNv;_h>W)w3b)*4j4y-!Pz{-FVzR&l8j4W+Z#oW>6SeZ z8Ut@ANQymFjJv?;f+b1Utt3pXL8tczywE6xLk{~VlwYRX3p=O9`>F_;f%`NJV8N^C zhDfAl*3TNLK4KE)elXPldXem+=ry>+vyU*`cFmI}Nm|D^^It93Yn&ePOfg=~4K7?V zHzAVrjFq*T(;7|Bx5`DIz0=d*=#dpsG(w0HtDr6u53z; z3=U7EZfd&QxwHs@>}Uku;R-Q!zHH;GpwY{;kk2=XBRe5)pwvD{mc&SeByS9V64}%B zIpr#Lyr=BM@@whA@5p2yj&DB%1GxR}qbJBobU0M?g%Tu1t z1EYr(Q{|dh_lBA)c60svp&i9-7~>7krFcBprN4>4Fk;BB?{3VquIY~bXw+8-AN3W1 zkNXNyoB9fIXr7>MPE3&>dRl4ag0Bh50u06-ABu3NfR;A~_nnoa+*ew;(N`FKB36kfx}BfWg2tm*38d?ChG5m-hNbs8!@lwnos{d= zPkj^2te#AU=L~aFOaR3B((Wj?Vk3Afzgrx^mDmw97{Y5$w_YAF03>cJz8sv4Lqa1? zwyZi#hC~`Z!2;WGHPoN7#iu{@6Ck2GA;SILJ-(l^PQB?E9zw67ArQ3v#MrT0$bu0y zY0pwhwmf>ES`Y$~#tx8V5V+Q&rFD>}v=8nE@`0;G=^Sj6MttIMqOrX}F7EfX^Ov*O zH-&&y_ErSbYHJI}L)i=n=Gd>~R+yx9TarJYs%9Zw`dnkRxnS#wrf$ny>IOHutc2G1%sQxNY7fbAc9|#uk4UuLI{y9qRF-JGOq2 zOuFCao7EqP9CLkfxmdx1FB*Zb{%3@oxAthL3|DOnE1egKq>akZ2ZdqIl?$4$|Adpk zq>u#eThyXOc|9y^h2|0}W~?itv5WGxY``J!W?0XwU)6Lf`ZJH^aZ;9z6Wx zZ@jqZb$4Q29%w3%w=W+|hjto?KEXGk^q2X5WjL0Dhg%d_7|9t@h4(qn3hQ&msL zsj6f$b0^7XkSd`8U6`CTt%RO6*211HK3fG5hE*y(V72@Jy95C^vdB}FV-hMTn`*qB z-u?;=%^3%whcI4jfpV=H5I68R$NhT#Wn;dC)Z9L&Tz+NC!DVQn+h$2R+#!5;^6}0$Izfo%k~ZPm z>p5Fn(A)}rnm#UtE4*{gZZ2Tb#CU^2Qy&4~(EDySx|oPI7AKY!!B$(HG7J`B<2BD4L=oAu&v&z{VFK0G=x7r6LIQ`MQwzJKQY z-&P%66@Bi<{3d~nJ&n7aJ9sP?>qN`ZU{8U9;Z1`}<2^r_JvdyS`j9W>{bXdBU!GwuyR*J*^2w9 z+?5Rpebd~IMtLr3KlN-?PD(38lqHLYp8vVXvI~LSnA){KF_6}_Ibl}Ewi8%-r%Ug8 zni8@~62zVfej1_fc#9ktye=-_wn;ccyX~C>5 z@^Tx9#jFwZjhjEh&VJz(TY}F?7dy*Y#Um!<&cy^) zX>?NWV5zYEgX7b~HycV)WGco1!q2kGl#>C8J02Q6KKT0v?uty@9U#msYvXQ!#2u{V zO|`L_44e1|L<;cStptbEB0e6RoNlNAG7wvfP>2^Hxl0iODMg$dz5eIv!O6x#3}1=~ zm=)waa#0TJ3j6T>WK-8VJ~%ldx+_XSQIasI1qrAtXJfZwDfBao-s^xU0a+`501Ed{ zAAUP{^JwD-MJXpit+0TU5*suX%MQ=LxgR$*RU=4+W}uYW0IA3XOeLNizW?Pdh7jVB zjyriHNF`>Vl-K~N!~{$wvaC0Ir+XX9b95@Lfui|@L2W<*rE*^HogD5zQnA3Nk`hdc zigc<~gQddukKbGU^ZbEm``y%P$s1g=+nmpEQ5Ulg@&;NheXE*Z44FK)YCJ4 z>W+onyBDm$RNvOj1*{EJKuL`SzFNQq5H~8ZI&X>dh3L_tFgdry(t0xcsuUN=w=9?{ismn+MZ#na0#cP zz^LOqtch#96tcoTU5B|lgXy^Z0@vgT3MVdd*&-v%JGe5*1P}sFOe^f{ox^aOw@R*W zRTS1di>^>{^JidX7D^BvwSh$>+K_Ota*WoBRRtFBTmZ6@>N}Qm{ij?HI6Df#g_UG(bChTz#+P;^@PSM-r$qEHxxwftKX0V z4HRTjLLJdW_`sBU4A4alV|>%Y7~d&kN;I8rCaS2JdR-*!Kp7RAv{4qO>znIyp5~lm z8Wtu75XH#iG6m}-nhEJpfUsG@N^+jBF5PP9M1~=K@H@VnIBo?$KR;jG%B3V(;nvA! zy+xae9TdG6^h@a>%Y+ya!jTNVplb@%r74^B>IZw^lOaTDY8@WXqh z8^F^tjXA6Nd`meF84#gEZpqHPo^{9?K<9(`gDhmSSo_m=g;%S&a|Z;^J^yR=^@6)m z6BmZ?yz-GG86Qa{|p$58G|yrEYj?J!jdN*!fd^`zMyPP_W@}_ zIH*Cm)X(nl{)n&SqAt8Iilc(}_CAF)n!w@uLJt@Es>_BPRUjO&z<2Gd=iw$C&~Qh; z#};uj1K@%NGYK8UXlPZU|5YO*nNr;TF;Xc~ZG;R(U(=O60ikxWjOB@j&J;A5j3csy zlm@c?k4Xp5#LyWfBWR1MrBWvOc<0j?zxdTVQ>>$-VR1?}zY-5u)L7Ht11xYthhheLLazOMls)ffz zwPL!FXV5e`6%#MPS=&NQwsb;Pvw)6s?1H6xQMKqg7%RMVCXPlTM1^x}bi&yHMtL>A zJLfho`?bpCu6@!;XwhmlSJ(su-O<5&z7v8CLFu+KQ1sCdcOt&MU*Y{ul-uE;M|@#? zo%33*@Rp)&l;pw4ML;{D`)&DfR1EiCsSr73wPJL#hwl_01CHh}i<_2c&Pt`n+CiZsJ=c}MAhuB~^^_GyCySKUd7B%g4XEGSHEqS&vbApX z=4crLAPDBy1vlFRf;sKm@_d1%=*bMmt?)ImJsDC102Frc`S1=J&(dGz8jn+(5G`pX zIv^KV9%vOUV`9=B;g$-b3aYaSmmJm1h-w7$c}Nzk_Xq#b=VFzs)6W8q=|i896%;nflldGkO5iB1fKv=qxT1=C;NLxc=iTM z&Fq9L!~6Y%^m^`N1g+Q~Q$0oz(%?qW5&S;UzkZ`^awZ2lS`Q$eS9tVnmF`98tGhS0hSU2V>OL*sb+yj>9}OI zS&e?sa{!x$Qd8Cxo`jFKVO!yTop;3~Yk_4k1Hp#s@+w^i zlyaxyG@fsM%{o^22*&EZ`4tXwxJzP9>cj;Y6`fQo16ui0Xolo%H0pNsTcwNNXUP>VEInQ?LZKim0@Y`XPUTL)j)^qrR!AZ*=W2CU^B&LGvT0^K>i|hN(pLs#EXhPQ2S8Z&m z0|1)i_K#QeL{vkBYwfGq(edFY-cg-NFOcR{MBLQjSW%E-v(EdH66aLBclrpI)RNhK=ZE;bhG^NAF&$kk+6%9X)jl6j4$x z)Ln^c`y>i&kRgp z%+4@9ww{lkc0+H=vzR^w-^{d1ZX*a;z(od4Ay?3H=PZ?wV9qt={Pde9)SG#B`|S_? zI2Rs{q}7K{O1X`zX0W6_!_V}Fw{%!qv# zp+DfZe+A}vxN<%Jyf|ZQe#5-p`{hJGR}FBo_wxaO1tvshy(>fEb^B5;3p3}-mf@uv z`bv6#Jt2lf2E*i;dC0f7E(%F-_KTQhP0Zk0ICxdv^A*c!)YM^X(W$W!G3NJpQ5<@q zy-{SIA|_4_nxW04yg*<~WXI5c7v(X|!`OwvsGT6Qoi$)b)ijUlJ5_B1X}}G#&xkA~ zDZonc{;(;x;R}O+bv%j|jHq)}u^f9JPk$xB7%SD8U*JBakvjm7X2VgJ;Vd)OO4r!y@28@e1D#!GhA(Ia1=p@is)zxRRt@UF%5fK=TtKfjJS?TBxuP za#z_z)BRgjh+wdL&5MDZ$%v*^v1l0tOG>I&z*Lm2 zPG5|ya?2~kyc2HZB3W){_AyDbjnMBRZ5dD)oaS>5tTMNAhOs2YD>XGFEMP0b!rLhU zm89ds2$Cw$=rv+VPJ1F!iMUE6E zYXN2%Dk4h(>5l(-^jPhQ&LvxpRBK_7`nvPX<-9rkW#~Y!f-5$c;*gBbH8Os=2!@lB z;a_{KauDPvjIf{oIYQsAVAJXWvC@ZS`;rFjz<7Nr*FgO{UM4oohKo5j<0Qo|F53i9 ztU0b4|9fte34)D-87|wgWx{y`GjCj`BfT<=o>swWU~ELBQgUam^tFpsoOg%{wI-~< z+=$6ae>tlSSWs@0<4f5txw+xa#-nrU-3r(7*H>`$Jm<5G-o$ne?-aOx=s2$5J-xtq z@I9bk^VTi=bq7UQ=?JQTBY2On7!quSbl}WTi|UUWc#WD1>9ghgl1sK!twQxqujXa< zdm~ZLc?JG_js9v8C(+eqw^}-%oYPk>(jRT9qTht;gd9J?r{}Y~&-xj^dF9}?J-RA= zekP~=aY0>WBUkZKc6KJR#;*E|u;r!|w20YUFKKJL|4%MSv%0;tJWGv8^PWZJ1_L{> zD%qVh_GGd(m_eIM3vQi9xON#)=9b+pn=ti{7L~5!qd@NvY2sx026m+bv?YfPvzxoG zbh&68rD_Gj50>R;c=ooA%%a0`?57nok#&?rqj(vVruK{&0Srdl`cRrfL?_~7-sD7# zx8*Iqaig?Ek21VCN*bhvKdS|U4ZT9ET#%wOd#0folN=v09mf_Yp(>Z-PTn29JFpE< z!5}cOfMk!=AeJQ!1tcMnK6~5zWj$|;C|vSIjQiOI(C#8{ZC&5sn@sLHZ?{{}ja)9qL#D{T zxU#F!I|!JA*jL!AYe=P@fSG3kG}`&MhaKLpjsgsRX1BA^v)~hGV(_x|E+S1Zsy}}} zv+Lw7w-iSXxNCokzbSXw! z(8c;yNx@4t(t?fy6kdjypmq)pMXGyFs6PS9TY9t>Vmn-8)GAbm#)fv(Z z3 zy}mhq{R{U+5R-($fUu(f1EtuGl2TQ$HIgM%OE@B*eymTso3J(_cIe`+Ip0KkI zhtQV3zwRN6>-ibJ1qkkxMd>W)WYu8;Tesl&!5pDS&@!5klG9O3GzmC%ardC(i0cZ{ z@i2rD;4g-xENvFCqCz(kY8Z>AM6@Qh6-AawnI^E!8);TSV;azUhfEOezb%sJWG3Zg z+a&I5-Cc%_xZo>mxy{4vxF;Zq9dDi zO^*$&nrR%>kLMcg!P&IIY5u9j(E)Mrlj%&7+58(;b9SPP^y?*!?ZraJXM?aHnRfCR zQ$Xsa3NRObi}Nx^xL`!hk!C9VvIu04|2Bn~ZLtNP+&bSlkL2p9>cYI%^|9q{ND8oc|LVZF6CX zwHqsf{Nzkl%4|##Q06l~&>AE<)&zu|tiF%957-sF`P;N1^BL=?)i)`0T!}!^U@GN$ zaZgVTzOm(Wb^}%;@9gs!X-_--K6fJ??*8$&9jxC8{mbI|7{%RONsPXPIMxVImahf- z`DJmpf4^Fxs;6K1&2)J2x8Mle$)8yKu1>Lj?yVW{hrbx$M>+o;mwEm?TC5mkZH_x+ z`@A%}Sdl=gL^Bu$h5SamyhTiM5-IdE_&KN9XHF$AkdeKHVSFr``nD9(^REb?WN0Gn z=CwSH=rLrOu>F!Jax8f#!x3L0$NPvE7jdDs=4Y_BY4UDu6SM#8-m#>1X!dT)&)qLK z@)hz-Qu1@g=u)T~`U|s)F;AGJG@=vXFUdr+y~6c3WhfG`U(i-;lKgbOy}ol>dwc79 zPHlhR!3nc}I_!MEzWKhwJ{XGF-etg7`St8P6FomSA}P+J>013Q*-GDjQ9cW{UxH#S zTwiTJ;DQQ=#S(6U7kouYzSM9m-3QWpoT3%x;q*l59FT~>h31S`no@+l04DrX?9fIm zYjJ?Z1_|Q?frh@;xJh`lcf9w`9Ck>G=Vfra?dr>CoJn>xYKS>MN+aGyR>VE_?Q9QD zNRY-yyFBgaX}QZrrfwWF3ODGmlCtm1SAx)L+J1hkeEHQ=7!zO|_!Yuj`ccJS>g6P` z1>*kUK74k3svymY7hqEH3<6HYInYZ;x?tbbPa0NDD#7m}1(D}1m_Vm;C5vfdktR5d zOyvBqcYybDQge`925OnOQlo9kdb`F8Fl$FVLwtLMg$sb+ZrW`41#AB^HZSCJhSExX z^ezx3P;XZP>6c3u>>N=tN#F~Koh6G+W8Ef$Qb;F|AE}}D8#tEZHlo5OuE*rQT5vq9 z6&a#0>(NRNV>&By$RrUoE(KVGlEEgFz)v zKE+0!0L{wR-FhWFyTqkIZV}>QbPu874_@f2@L6y|h55&sZU~SnL!|FYR_qCg1xCAp ztdMqNTL6)Z5f_&f8{fm|{iRkiV%iiSq_;Yb^y3wr@uOL5A`au7n)Sw#F@N^y_Q7Ns z3II9qrIW;xnTcO)9F(f>kSuDAhemdB^{<><{)>_08WW$8t^LFV^7VvNum~eyKhspREjPx5 zuW#^s3Uyj68w1)36z?2O^a(w1sX0Bqe4P%rsre6Cf$` z*qacrUYiII!&K%`e#zo9*oLJ;b-JFyNzG%JZJFg&K+jWgW+W={yI+2`QR~E7z$R8b zHd&mklOJxgU+@FQ)2>*R%b4Sf7njO)8Wb-#-Nj>GrMteryo|Y4)?Gg4fZ=h8ZGgHU zC7mgE?(5EQtizJMYSaTt{I;{Jh3cl^U@h|uTHD`$+I>VvQV{S>zTt{F7O>+>0kt%8 zV=ropB_W>T2`sv&SteQyD-{D)T`_aTbE}OMqxgwxV(doUbSy^F$60AT^S{l0{~iCw_dK$}R03OUdLTFhAUGJz$u-V5 zcQasXOLjuAPctr3IdZFDYd4o^C%4Rn5;tdOd6K&X{l-D9Z+C3H)MLjD=jb=kixjFWQ3lS=AFi$h`Yb8w#mULZf!6rt z{q+hvlh|TqhF4o#v+d{d^QY|>vll|Mz4b-*9-}tf{N+kTw(T7ykalC{?Okm`aC`Pr z0MGV5{XTpB?oblXmE5$p{esQkNM8nac6POt46jImgi+ah*4%@EMp5ndtJ5yuQr@85 z5$ZARf}XNyPn7ujOzk#J>Ykh*&2K%YDxbws{niWU^W{%1E!%QPde@`spTWH%06&qz zb1!LoOY1}M9YlG=z6CYoTg!X4vfwtTWOGzn*c_A= zw*Zy5${gy8oTs^ZQESSR)3~2@cNDf3I8>`p#3D$Sh?93avwd;j;ifruXy_%>fzo~s zw_hq=H%@w3O{;fn2Qy{!DZEP@3`p_TB!KAySP8f|ho!#2W>}+%)spY&#VXMiZK7R4E`) zuYlzCq$JUnL17+R{!%7OI={KPg{R-_-{FcyC=OMcoKAAJ{$h{mnDpFQL2p-j7uj(w zy=yvJU$r;t`P*E__;WJrf$OfmGpw)CoV>&2gh7VB|8)O1w$HQK$?Ffl&rb3C81Jxi zf9)Q^tZw!91IA$>7*PoRQZhIL_&O25^a%J~`h9*$C%%^PllX$pUdw0bdnGg&HU;o$ zYB06J{=j*{_3X=g-ydfYG{XHW=8I9|wV2iH_Pd9|C)p>2cRaA+5lI~x4Xs`86u}1H zyyor|j6Ep=1zyh27x-K@0Lp|E2u($Q5mfh zIMUQhC+>i=*Qljm#X-O?wjzVja`&wuE_jNm!zYo`bpef6DA94aXHa1G*Xys#&zPlB z-YJA{c@z?cUxQ)CGh6xW(TBq1h)fT5HCP3lC@~XFY4kYyaT-o8XkTqC;jECtEuJF` zYLu3QG4RDg*(6zE5&2VwIj$s_xuuPIW*9I*h9%eB}uiG z{Y_xDW(V(HAG~>kj{_E?`)`la`Jr`R4mWC96O(*#gKcLK7$>VY7zpwkN0Pig*y<)X z$AwmX5P=9)`_X$818H&yaX^y#J*KMqSZ66 zQm%*6NgR%JW8ya&TJq(&gGEVRh}3keUxRnzcZlP+4WRP1v79HzRU*l9#g#`2Ily%;@(DnP{D44xaS}goew_&Td5>aRpmd2t-JrQwOp1Upe6Edlj4&BmD}q~D0zlIVOxhTEG_$Tb?eQdEyw-{0P1t;C8c zZw{5BY}J5upi^+Fb3@ss87$~>VP;4J8x6DT^_Rs;cBD2GB6rhAxXBXImNQ(N-dM2o z8FM3=iX~V-qThh_TO(<3RRf|d_tkDF6?yw%?+tFp%E?nI%fKRvA5(2WuVH;k#MZW` zTW;E3ItNU%id`nJg^qE9v7We2hJC_KW`Kn2CxeWd%nJ!QogxgW9RQQ1T18l5^MqP} z>isFkQz0`KM@OjpolTN%Yx&%4VBJ5E`P(3B4kcB3PWjlRt(6G(HAWD?G=O*7=SqX+`GOwxm{k14_fnYJD`(RN7)?M-Y(!g zz7hLIUhLk8KD}J;@x9IFFbBvli@Q(r%lqUc2jGbVUwJJ6{2Bgml!Uttrzf*_C%?=N z-@)tTJK7b+=a<8gv(ZS@F?kgL(8 zCQ85}Q<2sM>ws0dk(y?ka)wYn%MJR1DnvYf&Ay~ZC`P-_7Wf)o!<1R8dms>L&4WFw z?}7o$c|0X!x=b)6X;7~FCLdRD@U5;7vSP6iixsK#-qB*K>b ztb6qurfLF$#ZzFi;p-5X&QRtY48`_oq_lkf(*VR$d4GmL;o_U=e8fFl@YN%?draqzX$dl!aHjkXzY~3+@K@@0W=Jlx0Fk zPSljwN|)!@iRrU-xX2^)OWxMVIk;PvI0dzqIv}QBLsl%F*tuWLM}ibgFvjNt`~wg) z>wHNUK%RZzX_hLKsD3kD@VZ&ifq_>9`zo26Ulx=dP`{8fbU|NWG$;1w{cVd)=+qFU zc{7VdlQ*QmlF8VJLRy?OU_KxGf=^EQ;MO%7C_WTiAv_065ZU_0OGkLhgU=6fc7K9U2T4XYCJpb*q?I3oCe-;i=x(#NAS{O}~|AF}1H-cg8JhNPt5(5gFoe6%lKI z(_valn3T)7^!aB36|uK!2+7&miY5TJ=qpm&NXCvliGzcG3~!uU^coi*j`@g9^%>VW@g^sBUwWb0aQ1#q6_g0PkJV+d<3!p(eDF!KMDtOWJcbLR4*7!W z$8tfsEs&?wZ#!&A*-OHS3#Mzzu-t`jt}IL{hnAyU{M8 zdUa$L#MSchayf*buWl4x*q3#%V9NScFl|05V60)S;n--y{wb}AFe+&{Od2@Y5;JT^ zA~v)mQ5)NlNN-2zzZ4XjF3_T&P_^Ar}L zLEN=CC&rk-d)hRMPf%$pAK`pHAK}WR-V@Ye+fDC5oagueQa`MZPxN_`ZgY_okWt8n z9e=wG3^h)0^dTDO8qZzmpNIn{gWjGS#;2J9IRnV2nmT^ui2*GGI_{6Rc_IVaP%>U^ zrlTttNM&9%K)J6SBnWFForyjLu-5&OnkB<{N17{) zUyMMK1;Un?;{sTKsaUd+&lAvKPJu*l`09b)xf>}Jt)yoNTeFyB9#^Mqgh1yOK5h@s z0#jILsB+=G(#BbZs4yA%Jn-oW#rdKKR?i9<=>rf35_Iu|&KE+W>CB5NGpL7}Fhv&H znIqL&G=C6KvZut=Jj>aqQwv$^Cx{=|Cy@RW);y}?Nf9_FsC1VJ^z-HYT7uwzZ!NMH>M1Yn*=8I$wX|e&N0Nb`s64g3A`u4 zMWCmTr-yG<#M|#t!wxR`7D9%mFlsol;jXwud3rKK+t}iOU!n|w+1Qe9EK3RW)trXd zQ5344MacSC20iT_5lLCHf~5QcDPAi89zDzJFb=E+r0<`WtKXkrDWj zs}&v<1$QejpcgB@XR@`s!d+^;nDR`1u04?9)^oI|-l^$CcryFPuZPEPk3M{OJA1vn z^BW5ROnBar5R2^XhY!DfJc9cfE=yc2S5IaSaL(f|Y>nUiagR+3X){5=03iZC%qchDdKdDf_<9JVX$O+db9aU>&*c{hckFcN3O9GJ z7r3b5LtID!-22RMPb!(f?w8!lY8fZ;3sv7kaq_6cz_Q9C+Vo#;j09xo52b|F;(u}8 z*J1dEHI7=O)_Tq?oYZMlezsWISl6te27@_;$Ty6)t0FXvnfRCoWUHj()v&T(z7c!J zorw-Bni-ZU(v+i@Np$k`K|jT*tC|!ip8SXrfEC-@(&)K;khtV=kieX<+H}m6y$mnh zGpkf+51z?u;Y}Wy_8Y7eo!Cs^iI2H)Q-`Kl-7mKtl6yo$!oIr{37R%VrXeR)V>l$t z0f}6f6WZ6lOy17%=$kQXi%nUBYza@Rgc8br(>yjO!_2drGcKrHsOgPf#y}q7I_w)jaMR{AKgu6xJAbSHb zB1ScFSQ&N+*a=!04oXcc&qQlIu4rz6Y}y+jJHa{%(}6=Lnsh|1k3+rwvTrIncFds0 z)+5_wX8^UfB)36yLoY+tU+?cOaMR7iH9F|UM&tx;1K#)NGcV*S-rpV0{Jt}kL$7>` zWF&R)DAG0nC6A6lQNaUEYMoNkd}h0R;@7X|dXlezlfuyQ2m7aHcBc~jkS>9^c}iJP zBsUGK;#4jtnV_wh)^rBIhaH~TL!jqPIaCgx5~Rv{1qJ=X+N@`lXLG|r>@As!YL)=& z1p}#T%VE1E87iw70hLdHr+k(dxMrV}B{i@{Bkr8HU!(}tpopY+pIeJ+^-Z=-sMX~L zjP_>x4ATWgzK!&lDV5KjYFk1AE&ZlPs$_&-EN&UVW}GD>TbA4V)ver98)vHMmQ9SP zO(kVyWZCwst;2%w@hxyA7xl~issd&eb@#b|K|KODYVpac?Bg`X*Yc242A4Nfmx(0} zP%O#LRMzYJur{MEn~^PN`)HZeO<8XsAP0&iub2$P?cuG&9wS`DYUweOhdxI=Lb8ky ztrYjw>O|8z4Uo*K29O`DbU8O7bIyJQQc%y><3v`Ep3oH*Crb%V`qJS{*W&rDOhv&nX|am*O*;LOgt{>{?heV0fBQ{9X#Q6P)G;!T%yYxICCrlg%7EjMBljIM$ zr(eq^2Tm%fHS1r^Twr1O+sOzBMs$?6Z^5r}!x<~O;2DJbBaJ0f8`wIkuohrr&t&Sg zOtL8^S!}+sZz7SD-#B=w)t73|8v6`Al2UF&vQS*&!$Ujy>xewf;`FD z509@P!Cq0?Twx}?=wfX&ga48nXl#bM;U?Wj?rZv<-~(-PfVb_vI4MWc{q~asyX_~0 z2bk_t39utf71O{2QWPB1HMTLTZY@!jpssErrkuw>J(x!6{wDcPk3ZtR66qb*@6vd2?r5SuYlA8-x*if8o?pq>K-SX+c(RL`8CfBBWc1lzhN9RO<$EBYK;kBp5ZPts@nw_Svp$KED5fH7ZYHPBw^aAuSmK8g^=$sTI#*tlAU2Udclu@Gi=Zx{p@6D^{YFz;=`cVQ-Vm^Ypyo$2U_Y6e}VRg;|h|RF>tR zeP}P7N7X}P@2=yH%4W_>SnU95&!%XMxe~5rlDegebr`(uqV*V8@&{;{)0R+z99E22 z*tFO0g;;-o1j`DQDYFRv7^=0zL?EKH7kIDfhEgNQ-FrYJgzWDFT=cUscC>Th`p~Rp z%+z}4el=w81pR(PlrY$HFdUA7<+2>QHgDDpYK9OS@V$d4&m$6E-(Sr(cN^#p#qgn$ zNdai_M^Us|ER(9~>rI&F3RvKsCT|jjEZsiSSh8Cs-D27SKv&$MIL6E-}6y0?9{t* z3k5|=Q%}K(8Bsb*L4!GhRZBC{mHdIzx^xaPAc*kqG6{(liMUOsA6t>f#x14W zWZR~%V(hROH@8~ZE!vzuaM2+__3_Eu1r(}o7Z9S`1=2y}vxCw}Gaz zSj|I>#*a50(&(~>-}7lAg>u8Da&V~hCt9-UGvMpp-R%tD_r6ynRjVX2jHaNJvlhn^ zlJB5Lf|1foB4VHjip3Q45DoNWhX%7elx87 z6iR6U^^&}z9muGXK0~C+GMDc>Giia5>%qQ*yyyy1npAKj>wuM86x!H@YzO-(Ya;BS z(d#{GL3A<)XvejvBYbyTBLFdI1MWy@HzLie=*lfcc{PPFVV`CQrK)?lUcn#Ynz)C2 z9xw8>jz^FbQ$aH1KE7s&LD3~e<|gN=}tz30M_DaFAs*4 z0(W=r+{{jfQ;|K2Z3L;<43uI8u$h4gCsds^itd4T_vn88!0$dbDffkisz9{66%d5X zoEaeI`2F77s_2&Ee2)9;+?2y6CU)agVXZ3G%Qm8K@jS~w2uz@z?6(?|<#*O6*dHEr z9bkmcwQ)0D=c-l99udLPo)!eXotl}3psMHI=@ zdcGu+{8QOE!PTP^&Z7ZoMIyHPZ13amx!3?{(U!En%Q>%2q$dWoEx+?QcE}7QJvX0} zsl10rdpMj!1d*TTi0uJ4SlL3`J2||-i3L7%@R4P(R`H@use4mr!8NdiCqcccrfY?o zKJn3r<90crEuVe@FIOw9Un#BZvKhpvGALwl8BI%E;6{2wo8jpi-8>ZnFObRP1t|k<4jpP;wB0` zUPByyX^Gjpy`v)<97VM%B6hQ+%{)av03MHFqejkiRA5P}zzX0dhNiRZQ~q{3ym%1) zijM(yJV$u(+W!OhVf7ex|Le^X@2ZqpC9>MMEl5r$K_HxUKIvgKt*Yr@T8YBYgzZ=c zG#GfLMB@|afU(xIVU`p)(={c`&(QlRfiQ129aol_AH~9JF8MI`@>57 zQlMC!S6p&y*$xUCN>W-UtJUB#YAvdWQPPRIWjTmb|%NVK@uB&|~Qh0hM+P z(?7sL{8cRffZHfI@4(hZzU(P^G>93Kun#zCwr@B#)c}~9>*)By&xp0kFpRQ1F~<~^ zGVHy1hp$1<({_F`E6EYr?Bt*CPxojvB;p24SvW!U!s?ixLVJkLdlP7zOS(EK-wCh- zDAyj?n6}C*znpHrl}kzw7??sjHUW*yt~iAM{DB-hV|sNc&P)x`MVyB!wmm_WpNj6mv!csQRi zw?bju!OYb%F(w54SkVT&xHu}Drc;b5{fBhIZz6YJ>bQ12RbNGH!k~&hmGDaS98-0? zJ{-RJF{?3=aI(inBxr#O>sTUv2s z*HD+uPvSI6pV51m5G2b%;7)YCZ);V}iQTao76go>ZbMRLKCbg{+81x;o?v1{cLX-a zR<_e}qQY2}{Eow%F~R6{GBfWIS}eIz(2Z8h9L^-eL)fB>2B!L$-P7h#+RVVTl0oXH zP$3^qf91B?JA3DmHX^hw0KU+OX0$-%ba8;K@a7Fd_npk%?<=!_pxP&DpA@Ze>%i@k z3Bvaj%uv~gr=i%b?pBz!fR@}u&^68ENo!;i#xsU=%p3_@XA__@se(6NJv?um!**wa>!{i8Oom-f zhxLK&UTCWA?%m%A$I%_;L%LJ8Mvb%^EMe!re$ucadhM5u-f#We)O7Cc_N;@V^>u#>2h%X32Y zzE#P^?kes`mQPL%tSblCc0uct2A*dNNeSUR+#^aM+}n*T1;cIbDTYFMj60J>leQJ6 zMf32^4+T*?Y?S7aV&bSuQgsL@wUJx|UTP>5A&}n|_@IbOQ71gTb`ykGP7x|}u3Ccl zQk9C&ls(wVxf6W&^Wpy9>4EGSP7ZT8{jfJ-yANByJpY;HZO9b{OQ3bv(LR9FqSfu) zmVx{cz69?-oF48U)P+uA#|MKGiGj?zR16UVpbpUyqOC-&F3LNn+i&H>8Kc%Q=kYyj z-<9=r%iDCI`Et7bR{E4~!iKUme@ezr&E1lknH}3Vi{F2EbKnt~YHcvUa1u6!J@pM9 zCHS^GJ4ZLc+%{5eoX#fg`Ha`Gc5tezgIWa~(&dGycW3OXa$4ao06Z1$&xcAk96Y)f~)=rgbA5CyE8Vg6x3lRp0i3{AegjgIwJPXE^3jX1ll9`$cO-!|oWCTJq zc)95K3$E;UiJUTM2bcgmz@%Dc^U^K8GVS?2$pwn3N%~H;nrQ;;04l`5C!(m4?58wZ z!U#TvX*sGicO6Gpg>n(E7fpg@FSQa~m~GPQO^)#r&^uvYwdm{vaXim*XAQ#+%lyIn zkM9nSF$2Guo$kGUD{VMI>Giv4dX6>tn`jyjd+`+*zQIjzr;jIlzjU)HO^PXvS`{NW zwLXH=2pYksFxC11uALh4)5!Sa9y09C7!D3$c;WxLMlT;^3VpUuwn;Auly;7kjGwmp zAH2b*+wti?r-N4Nov_L((?h(3w_0Y1)-TT@b<$uF8LLH9NKSRm6@B)TX?}oOjpfrO z^P`!wrPgts>~!1A_8F!*ZtigVPN%4Xgq4BF%0#}GS*;cA9la>bfrW>SwhUvnZ9hH+ z%HiH~H;32IqQ0HfVCYCNh?n!{cCo$fScpl2CnfmxUiyug+Oda`$jsm#qm0v=gOmN^ z!=qE~`WLQjqbZFx)Cey0+%sH3$B<73HY{Ykzwn2cO#aM+)0v(71r_<(tloJ2~ZYBgQIq=NoDGeH-6bxJ9#C z@)Ls;57(58c=e=!O^%Nee1Wq90CRBh(>?R|b_!BVIozo^M=i|j#_;kb0QRvSckJ4)7!0*RUY;a0EY z=};>)EGX{LIV&+|21N)wm)+_R_0nYr+Q)a^>gEA1gt+E90djj4Cm05|d%QWq9p#D@ z#K@%hI4u@*h~DA!&}5viM8;q_RTzPY3aN~?Gz4l1j6?(tx`bKZOBVZ3dBEBvzvE=sTyuOP*j4rB~!lL}J ze|pgNSZTh*Ivy5gr8)T>x6JB*l!cw+_{mJMv=cBS=)sIoHeS9n|xJNttzP!9RmtalK`4{Nl~G4^Hdy};rUG%v)_c{cy{ zAUs~i8z8R~@onluvc>e?E*ePp=YD~7b zu5W}mxO_$k1O&jp&ejS%!Z(2CyEMuwej+;PHp;6Tl1_v z-sOVbo56*qgnUTI&KcVSQyLcvzDfM_`r8&B0RorV>~yh$=M*BKIp!5GnBXp!n0{`q zuJG#jx3vrP^kQ*#|AjZ0p4iX%87lG3Q#!nr2qVzJpAl#UJeZ8{D_$=6pQmu;y}esKg?Rg?cmVq?@8`{c9fSXC zqRu!If4RIl!(4rVFt+%*pMaiXRAe9@L<1e;8!j=({>?F_0{uq{(|09i_>R9@BFM+L z^Ycr1DEdC~L?8S3(0q5AG~s~%rVjqRmL;53`r9_9ry1R`zkKHs-hy(?Km#`|s!0@L znV8m0v;ri`1kn5qdygSEAZ$Ip7zr{H~?YloF?FYf;9A!{EPS!D9UeOQX z4E9Hnu7dwUuM&5BtPGmv@hJhjaLe6SFJ>#mZQ|#~YQd|J=s8cn&)I3{RP9~jm&M(Q z9**zhH8CKtvkjy69Agd_1PmnuRbSG>vUamV6iuCCJ}p;wu)Hwi-GRy9w)tKfisJ{c zM)w;Pgn4OC?==96@{bM}LCW_SO_H*(4=>xD!ALMQk^ zv(pBL0e(GSapN@2nV9|%O7T15nS5KWZmzlB0Z$)^9) z$+n|gV1YRAmQWINx#SimiS6)>VQp|$4|UAKu-%7Y%By#_=Kk#&NYED- zvUL1~rA zA71b4rhyJx0}$#XjEJ-&sOu*pK>l2*3f@rh)Nd@qr%kppMPTfl?+qc$lRkXg`by4vx1Q7Q3J!kISyr_Mi=Z{}L zuse6|%$YN1&N*}D%$eD1uV1Fv6h*P)f7ieAt`FalUWWXBgP-ZAY%JI{q}euY*N|Dk z+ZGous=w<8^*7&9eCy43-g#HJ_?GV%*GKLwzU|K9iWxP4Q9_9N7Fahg)svk1tmi0T-w7s+XB%eJeNRXFHLjl%q?i z#PzIi`53$*Pr1BYQ6B$!o^q66l=V`Yb4_4fzsh?l>nf3PI8Q0+ns27xyDm>D{FeOS zlX=P^pz>XRBf{Tb7RJklE73>7kNS##UH^&|<)#t!^KTB{tSFTly5dKHD84JY7c58Z z5w}EcTR8u=`Iiv@;HnVWw&T0YUpbYN;FKpX!Hc7KKLXz`eWP5za`lVrZ^bL79cajXIPr~g&b5^_r32?0i^-Mr4*wa(QnhYl)HiuQWS3~KFUyTD88G& zS&qv5|NIM1E9&Jk=8U&1+Kcwq1?y^S0(H+5?s|o%Q0uUTe;8{~W7i_*S5r_D4{I;M zgVvJyH9hN>IsJCm3sk||a#a26mEm*sbHDs!o=Y7ZWwe6^ge!AEzKndPk9VQGp09P} zs4)X2Wcvrlar;RcQ~+w~l{$#T{9loT=|Q_bo?2lTBh~e-;bPymaFKo)wIksl?0jeU zZHs)QU&75yR?vfpGc?$EWhgh0K3}_6Q6fdj$qJ$Tt71Z?ZxKHI)y9pCghS_AOoK?# zuL`+@Tb39rOQ1H5YJ00KYzMOWzk-0ebS2gjc4oq!qEHTfX7*}%L?K)HOmBNy1rF5` z2Zk(;&YgF|ja!{coj%Ru&}Vs^pf{*#2c#r(f!`p_he4T(QVT{{^rZ38jyUv794IMj z74I87E(Lql=%eV8I4JfQB_6vHugswDOD`f+>H@}vr!yIhT{Mg`X4a|_J5W}mf2U?n z+ah_!;q&d*%LrbI1hUmwA*#f7s4*A5fnt)R6qKX-s$i$W1R}+8L-TW9?DBHTGTU&1sH>S%md_P7PF&vWe`Zx~;&aR!#4fhf|W9^aim^7gDu!}*t zR+Gkm{+h{NaR@Av!Jjy!z38BkZw0^!5}@~u^gEs7i;8xM$3K14o}=~UZhy@yX4+k? zo#g{{#)Hu`ngDVszP$yf? zk)_efaM8w{JtNz0f05Kycw9=jFkt+t$)=X$R6y>&*pY)!O5GGtQk7uyjY#7d$+ zbj@X$)-kxK)uKM!Dh{ECt=zvlJ?wFSp9an~pN;b@Sm^6Vbw;jy98axB-l;QQxrC{O zm;YqwyZuJ+LGD``5P19mvJluU)E9c(wZ@aOf=KFxA+^@{K0i9pH{zM%x*FrU2dKIW zob<83#u)n)W2$xJt4-^{PZ>|lL+Y-I*ysj*h7-!GIJdW$;q)bzOiflfQASDM1f91e zRFKXI^#;^JT*`djnxY{M)1d!=<2D{pZJS{a@X!|GzW)?@*im z1c2y&MYjKod-VTStN+Wq?I|6lyO7{f*-$!U_I8bYmL#y~ve?XI5?FMZYi5#}`oE*g z2WtswyQGU(RyXO=mAzS>KpiJo+!ZiZU&fU2L*mcjI?f*I0OhUur@~Vr>>emRkErn2 z^*Nqma92^SQ8~<{E;vgj^~=3Gz|g98@{VwCvE5RD@tTZwV&&4yGMTBPcIxhr3lj%=rDFlp&Fw^opIGFo03|9WM;GnL++?aRbWNv7 zi=+{dEe8VWe*Drm+!Kj~ln_AtYq?EU&|Y+=?u1G<@ku?7*%>hHwMIT_r|JO|8fYcc zQ6wOyv2v6qAfeu=T{N^1o)VtY9VR-VKA9y>qnPs`KDCA_XMAxq)r++MXpeERnbVpn zGv1L3tIn9sEM^zEs;kPb_MZe!cZ;cRkPXTqk=l;A+iIaNT1eN5R%-l@r9^5+NU1fZ zOFZg~j~gYzNq?Qu_@w0AmeX2Cp4yZ^kHm4X?|f+PP(dn!XAA6YnI#V62Mn(;btBpn ztxy;j*BYl#h#1LOkA!yzl4LS`4<%}i8@N1X7fH6g5*^*{5&3>&KIqJ)!xum)z7g(S z6EGIY5`kLdQ8Q)yw}cV0)fy{h9uHXRpQkV~<2;HQeF-UoStegROD|Tyz)_79zr=$U!slD0vjtLHK@Q9?_i;gqrkk3pBo#R;ThO2S zDGG*q*BWum{OO?~XRV>J4d4jb(gWx*EFWu(KGHVu*BXnF62~#lsTLR$;&|$5e91=s zf>fX`G$y!#MzqlQ15?n6Mn{M?h_n-ynsKoNi5a)QOocK5V-buLfNaK~DvqN#CuFMJmGjnCyoA26=YzU!U&o^f&x zlZ9G6agoWe0pmv!flz=Ot}`BH+?*Cd+;(<8q}jn?9O2q9x%x#0=p?GHP`}I~hw)3! zcg}4^rPh~21G(^k&vU4Qt?QbLv3l=f)5!VU6>svx%Jv)QVmXX)=Xp5V0%`<|F&Jp( zTs8U^WQ48_-c)0E1u2lRFqLgXsjpUvrd*Wv??bCH$sa>0z?8 zXoH=$|C{qccleCrafu?jWx_A9;6L6SK9}ApOaEv1)^MFSoDmEd?{DscDGf(UXaAP> zZ2zfG&HfGU-ab=fYS;Fyo-<~&G?#R`LbO@yFQV6M3*MfKyI_&oz_m`wHe`P+c-)e$ zd+S{Kv|_*N)JHU2G9$`LHfn5G{(qDEd?D>GM%) zSzkkKVa?{y*AV+5W!D>sB{7B97*|WYI>&3-CnmiDsR4|l4It9*$!!!qljZ@@ zNL{6wqmg_1Q>H|P#~~W2-GFh1WFesIhTQ4O_)Ny8M4ZX|Q>S5Oo$qZ)U$8)X;fNhz zm)S*r+6C_fDkhukGarMdz zwG-E<(J!giiDhcE9f@WFq@7rX0F_8ztr?n@ zrXs2vhxJyM8SoxVWO3M!R0mSeD-DUExuZSJL#E$y`b-cbqy!s&@~8r%VB;X-E0;*z z)%T-lIs4K=jF7jgL3QA;aF>KiCWZ=k2r-Qx1ny`sv#ysy@l z5trwcPgE5=!o+ire`JiJ+}Af*MMP69Z%!7L^+Yo-Km$9)a&@q)Z>9OskcX53F=i6^^zHJrKDb^ zJ(lUDUZtcSdx6B!Y)9MEpVNA-Yya+bNZI%%Yy1NA{J*lsPX~1GTzA%Bk@T%))~Ez) z{DfI!oW7b_fHE8|u|N6DJ4TS|g6e~m z9jsc@Io=j)U^}^&^?Q%;eY}CHK1)PaA|teCiOx#oLS18`wS-~62Ht9LHsq0h`N`F=v<_J6|8wd~j zv)&L75H11Z;O*Z*-NolfX)x_Wo{@dU%&eXEK=1?89(emaek0+V_D&yJ`n&8m_Gjs9 z8wjm$ifcukG4&5!#C1fSF;=3=3vGz&{<9^548auFeo|c1y(C<3izT?8Zx`G;H6Zsp8js8ZrS!)CYiNlWZ3N)S?yAnAy#)mhU6jq~CsqhNV75cOD zq40HW89w1ramJV0j~&!L$d4CYPAk--n3sZm%kgfG$5{h+i(4%8IBJc-OdhA$CXPx3 zKUUZN1@njg0C%P_LCYN2dnNH%`L_79{J!M5$M;x#yW>;);cIk!>Og#ziCHk3Dm=rr zQ%-el2f>g8(KX`CSPS^l5iZL7eGQ&!LVW{4n!#z9GJDAdsJ&R!aMeIHb{I7q#++7T zZxM)zIr=rd0Nn$~#p>oC_D+20Quk=vzVMw=SG|N13qYsXb|hdWMDNCTyb2o^x$3I# zBP}|#!*E{M)o6grZqSY$v>~lW+UVxBaZQYQc8jHnnLi zfi{T~J}-W))1*x`R-i>#hmPt(8ts%#T@6`7^Vbw6-f^irqy;1nJ*#ApTd`9wCmWP# zDz>T>2YmaM^kIusjbU0=;*&v#A?m8@a=ANhb(5lPd$V+#x~d8}YIFkSV@Pe=F#)NY z9NM;wZFJev4pfT&#Qr zvGLdNsKlpvimLH3ySj#^8!8xm5BZHNJVk`GsvX3WKFKa#do}}BZ@hxc>2QvIR<*Gm z?h4F)T1(%M;s!AMV9CW=;tRnW(dnoUZ~VZ3VPG%TY{EyGIq)6*vor5P z%5&6W#{k=dX1V@cE@1qkFJ-~+qDD^>d)h*|0promx+%)cCBKN)nfXu3%%RLXJ2PL% zmb|Vr6S@l31IG6{n|TCTG~n?H&uo9d7}uC<;dC$F1dMYK&w$PoMhiKkcW1^8$Uwb9 z)O(Wq!iZ1iVi%m5tv4DO5V0~adJYD8^qL7d>gJpU!e&aj-WX*G4WEOirSdp;^e8f_G1zcw!m)M4#ywC`gbQ%k#=@)BR*{>Fv!vn_kGN;xU#R)r#6+-Q} zFccZiagGJz>H`9}v99g|E60MOt|j+rH@!v8;J?GTL)I4CfD1H^`rrd6;S?kPyWNl$ zsKZNoHr5v)(j$Yf<4byAh-K4i@PlkdE~Vz;Bjh%I%>`-}J6v0HxT27>py8zBgE8RSOOUsPvNHbJ>h_l%WTQQ^6s@%dGrRIPDLP zr_8H@Q|K!%ILCSyqy=Bv8@wf(@nZr~9K0)=@gvGmgUhoSkE4o(aWk(u++O&ejo-3` zW*4VZXJR%AuF6*ELlAa_908-&O%o;Hu4MO z7~4|BHNyeZ;}6sr=dU7&GFE`b_Y(9VHH|Rr4}~L#X#zXSJ1yb`>r(eTk4YlC{k_ig z-$@fh-%toF;Hkb8JBzonl3`x-`i-ASW3IGKmJ}Ok5t(GC2WYFncHo?VvGbO0^=^^% zo+h1En(*ybHF5$%K7YlP5g9BumK!2*m8KlpPxCH=dN`oAF2@fOrm;s}FDP z*2k5yl-aP@-o+r|_z&%f3!)Cs&|lVbJ(9=p9lG8Cs5-YL-igohIH0%f)iY}`D->4y zjhyqTup31u>XTNqm)mTZcbyTJtpeUAJE8&lmbNW*rZ3Dj(@V~QE_1*E>JUf0`;UEA ziXe_*&;shjqv9B5{uf;=#GPZ${$Rj#kP}}QgpFtfhDz5ha@fzLsc2nq`0r(A1x9@X z#;q%@hf5nz+sYNC{({iC!8^#cI~_2BBnr?Y*Dx=;d5H&?+uV7n>#=wXWCDe(#FwQb ziO?Wf?R_ASPWHf0MrUBhSg%@J#Chxohn zCZ59^o#c$53s6Xz;@rENU8?rz%G7-WfFOv7ExGj z59YasCRMQ-&0r5?QZ^?Fbwrk-BObJoI+_V}1lF-*%i}a4R%Ta+<_3RAOhWoD zc$s993t52N2m%Qh30XLOPH2iOh=oA5;MXqdi<{*UWM+mA)yQ&?NhR$JUH8peZL(JS zzu@m-`oD)o0@Hsj)MZzO13e%MkfFhPBNf6h+gkNT8h0dn>kTw=AV}KVV#ZIP$MF3c zC@ZC=`8{;5ivnn#J*)fk%RQdUYrDVS*yFjRuKWAPdOW)V-QUBs@78`tkLQK6yT3o& z<9XI~-QRET@jUMO?(aABc=p`T{r#goo}F{Lzi;UA{AG{l;EmnO|EtHde{T2pFZOuu zN$;NY>e=6(hyryP)xe4U)8l zrc!m%N3k7GLy+No*@Y=7(Z|$0;Y+~xMG%PrdcYprAIZ~Iy&Bu>4%ThJ+d;r;Byi)q6Z`oNjET@%GaIW5DkrTt5PS z!Lv{_=%0sOY`5_qx5W$0-{2kMln_{=PjZWVagSTCamMXKMU_+BED%Z#-HIV0wRAoe!kcJx+0Y*xk->P`{1)`~h|I27By{ zNC6FouIRJv7=-xb3?^8+_*DBaKYXund*b%95f0gPx~Kp-KVRc6Nqj;M0&GA;j>0mt z9f}u~XssMpk-vCmdWm>bzs`l|RyFn$G}YdkBhq0_pX8u?N9m!l6YLR3>D%I7r7~pzH6T$W=La&`-f;|cL0P#+%6HklfFqhdr zW(OWKw&@=j4nhWmJOdeG)gbPK-4Y^Rv*Al)(D1tEHE z@tDvZT+MHM(2GYRS?MNd-b^Zvuh1=)1kgej5^$PfW96E@8!=rhme=T(;(2rN<^Kx} zp2@Rldzl3yA0SvD>m0VZB#^I*Iw_F7SRnOEx0qrV9V}&dNL7N2S$bf701qfErtzS= z8+3Oj%bA0P<9`|eu?X9yAoA~FgqZ;<d-=y;3fm&?|i)-6nkT*&1h8eUe+`v863#Qs0<9zlZ*b+e zyzkZzDKE;xBF{6eX&Fat^`GX5Yfb%mA-GucVTDf1VjXJg#IR~-c&>go0&CUi1Ju)d zX~(q}LjCn+cJvp~@~k_LYKQZ~^`giVA3hcu685(^ux8F>O5!7|Ix;{!@+m3Ij`+A< z(4I6gv5H$f9UN||%%=bzDl_~eeX;{BmL8Sr^4Pbj%hYYMOXYFeFpvayLa;mCNE8EI|KRCb7G0Tq-k@ zlUZiF5wUZO%y=(pjfH*PCg!OU09f%N3Q%+)SPtQ@VhSXPmA@%SSqrN5+h)a&7zq4y zUE*2%kep)g8`^2R+C;N6nJ&^A`~v->F-zl{LTzCUZucEkSJ9*(ExBu861re^?ecxK z*ysCPop>>wY^#tw^8euq}1Qougn1##d&< zSK9me;Y-9gPkh{&81V(`L}HEe@`Scq52Onn0S7fFK@_9HEvF&C2o40|p7Lw%}~46g04CGUid1WTwAmXI8RQ;RS2olqyf z`k#kjm}2SlOC$hkO6gM_wtFa=ywJ8C)8$l0V5Z-AM^5=!o}zOAS!ZAu`~3eWzV~Fv zrH?5Fs|fD!f57)EIi3Cw_`*3a?e|Z<-HG1IF$FTc zdu8c;`Tv66&z`pMzd{1Y!wibuCbreH^q$W2zD(j@XUzYKFzaEwlRp9;6Hr3MjAGZX zb_y9oO4E_FXX*gZp_|M)0Lunp-&k79 zZ>(h0ouUKU`hC;dkbWs^1z8tz2XCZ>gUh&07A8QzjyTDoU#icv3%^~Ii7Ad`Iom#% zb_dBS6M~DRp;F5u%+qe@0)B_#aTMmb8a!|kC zj-z$-1X$_tf%J>Q?~G5!cv0KxE&44;V6uE)TR1z`=}q<3ywunVtX245g1x5w7iskDZfxF zU~qM#&$qS5=2u@@F@^KNX~HJjc|EW425G7m*v<4RYs-Z!T7` zA6H`+pBa}y^5BIX)R^qR+y=*C#g(*}mE4{_LnMy9hOmRw7^FQQcZex0j+dsy=V!g{J0%XCb#!q-a|6NOzigE6)3e@MtTs15J$u{5o?~yH zb#TRb{1%}m+wst!-}$!lvf!+P>NF5U9)^kn1pK$;>U2F%nCF6L;{n2cDZl~yAsmLJ zbqrowpbrv>1Mg}t*~FmFRadXi)&5mjhPEC%L~q-<92F=S)Lpt>ei`xQgMuLvunNO* z(%jn&|4_!4izWlqF$@Y!uPinW^LL4Hh`-D9x?+roTU%M8gylI5VhgbyP0TdDL>cIp z%#so#WhKjuw`4MOF*jLftUSRjCb=EzZn`j3DAAb^yhjSzql^_!OE6@PH_@Iayp-?_ zh>ylM+R;~2PG(WDagS`m$|x~H-80IJ>r5oB;D$1rxQ|~RmzXdd!h}Q`^QFn(%?y5N zvGKL6jGk6f(6E9-0HLcTAjGQwSwab2BXbZ-{FuzCGc;_25U z->+`otFI-(s+*VR#OGyv2O{Uie{u*J;NjKsyZ?l7vP}H$(di4cq|Ntg#PiKUqpd>Y zO!mk2`Gg!2+OFipc(T60LJP%gkdg*!rArxUk1g~RW+Hau3E59rt{u0kO+O^d6@dVx zPGlrEi_J7+-!Uedpffqw9w#c{^dPzB4x#g8-BPrxu61B@Mda(+*Yu5ZKrW3UfmByxDbhKFbB2?!KaR~WY?RaDG~3t;voTusnBZ=+!1*P(XUVwb za}PH%|6mB+nMHQvZte*zCN)Z1wXCvS`fNwMi3saAel%LDhFsA^v?qsO6A@pZR4AH= z;;L(sL+#I{kt|YOQ-|Y`Y2W`rroC&@IOGuB$xE0g9y}jgMVqhOl64 ze>Fz=+6#m=*1f;RL+0*cV_s*yWyq2p$3oW`=UyNMVi3x-_>DIeqaOlJ(}f;q`bu*> zE|Jh$JUGULFqKoRDabjy27Ay-CyHOnE)j|pxY79{ZM_ID#|X?u%-UI_zMJloU6SaN ziTL9%k{E#U;!f&Mfolb{RyR*6fHh%XAg+OTBv0gYCv?@9CZR{PGokedi)e^8OS1Ly zB_deA+0#RypW}X;Z(roz1-{Cn@KU|$Ysi<@lBT2cw`py3PWcVSpKRVU@YMHu!W~a) z>|MBl0>+Vf=C*R=x@41rR_HIud_<|#>nJ6Op*t3cDIP6h!UC0uE;T=;Ocv?nD0Re=9yYcG(T;J^Xmo#c># z2xFn%=4dAeEgcBnYf;o+A6o2$*J7a(E<4*J)?dg9}`N&1-DHh1y$)?fJ0QA>c zAY7_-41~LxHIUXa9Lpg$#xcYCgrr{(x1`F5xo4ELCvcfZ1A=&bhtw#}`ry_Lcf_Tg z92n^X*0>1@={3$AfRm%ZsXc+6g*#Ck#llyiAvN|ZJOzvv#7w~iqE6qB4B5K6S@AWI z_(t3k_kzcVK={T zfV;^Zxd!nU2Y4(j%CD(LrGW7aLjhLz^@skuA&cTDy#2P;)87jiA6#!0i>^aYLN=Vw z0aB#FAF3g~cKYV<>>)%K>NkO8|IqZ6iCRelK}UdPlR9;N}l1W!;xN3e(@UdikgAF&Jb#UlMd4jS1JIj4Kj2(9MS z$=k(tET3)^dlAQ6VEBXfa*P%tK3rl~W*;r;uqo4U!WNl`AQIi}5$g`4*(6Vkk_Cyu zu<#PhX>=Gl`d9QFj_BAZbUXzDE8dR*A^d#9i5$JiqsE>`mMO^qDjt0g5aXJGeg=Pl zS1d<$FQWT+s^I_Lz$M9AddR+!?E#9lK>Bvl#(i`K$*=Eu38Bl^aq4mPcz*I4J z@}_xi0{L)Mhb9*UZSph$9TAMZ0WH2zZqY(?CLYq8cnq7!wy2>U$%V#~(q@pA$XI+3 zfDt-b;aQ}{{(*GrxA+iksV8B7e;YfRR7{^^Ccdo^lo54Sy`HfM~QlT z$`QB^7vB{8${K-CMT*Qf+v9|A=^-I|2GkpakVNQZ zFJcp#f`VV+RXPy#S_lVsQATBO8!}RLr~;zUNCk|IV>r}JBtxp-sQ!pp#Sy}-B=5>( zYBIsUCJX1MgfmZXy#vM?M3BOCO$|XAVz1PnpcmPjHjbBmkiytdoL;Rv%$93;|jpzu!SQa!IN0RV9D zY?MCKr@}KQ{1PaoGX;Hz77qzlSPjTUg4M=6*+%-Yq}@Ycq2(ZbN_afZS)zs#9-Y|? z=dfb@8IRl)&e_YH$7GJ*_>D{my9dm==C|lNi09Wg)4_=~y~tz$sxtaKg6WbDGSH+D z>3e^bZB3=^{`@tSIq6;tl9jg88K}2e@yfnr{pwAG0XbsBQ~gF=n%nmqOJ(B1d_`5B zh4?D*DJQh!6ooyj{sLTL6)DPWri#Y*P!PGZfiwsJ@^vsD|9HdD@@(yjRrrtyc{MEI_BhqRBG`ekL z4#o#zmiEYKx+x(%f=;oP&j%7N+iST{+!Uf2vQ^K-k#ai}A;=Xi10Wq6SU`g?13E?c zUyNWIyKN5g7(#pw)eG5b0vTv_s<)PwF=lJw5!_lywlzE2a-kg*&$h!63}!oQL)>4U zyQVT%&gl1-=d8gMA5B9sD~QTGb#v1Qq!x(Eg8M5x{nu3Xp)Ra}+uNMJaOlJgbnIK# zJ*J%sLWSN0R`k=s7%d^sw=|Uipx-!pAyJj~bzHHJX>h`0L@%j$2JzHBau#b7Yr>D& zkQ>}+(H`1uB4s>@jC7r7BI!vsMM;M6CmwX65x|}$nu@3=kGtvf!9sl2;W!1(H^5=4 zz37H+{yk>7;4BL+%S754++t-wge?gfU&B(!7^Uh_jhw-bc5t;VGAh1-`Xvp0_$M0Z z2|kJmqxA-|{TFEEIksdaF}x!05S!Z?-$0&0S!ID{gG<9T!9{ftF;Xb1o$^g`f{QCn z;H|;r1e`@6`n9~k_D~Oymgil56M7)6UD%QhWoQZvrZgs=B8^mBZHy>kzV6~cVgFpR z(m^vrywc5niq%g+vXZNtNxtx>_FvtCq~F-<;qgO6W}Q4Fo~&dabbPgh?>BaHzVvpi z-iu0>=dah?)GbFcnYpdN&z@}frwKaQK!xZJ+OdJY<@p_t|xi&3PhHcEqQQq0< z@;*D>jU?l(>pGu@Mv@4jkq7_=fJWlC<6-`hREn=e}9q z+V97OLoinmsq!mQX|y1|pH{1I?4L7JylT91J`W7(JaRVa57J9=?EzP4eU zZBS%J+-(zXkGgqgZsJ{+`cmVG29#D;m0(zH$LSU(d$nbLSH=$oI?JYMtpjwzDl2E`x(>kej>8%XH-#~XKsaJc4M0YTT!z-9^V1A z>Hzq?`Y_x5992Ks_LVSv>7~CHhtj_ZUINw$Qip;E zP|@sDoj7J}zP3xR?694R#9ydSa*5_rqr<`3;<%gw+slDh>}=#5dlMH;sWBDFY9sdo z=D?H&Q{zPRT^Sn%7&v{z# zWi5_2!!S{NZ!I0D^Zdjf8lIVKpZQ)}GE#=Eb06te#^5hem8`v2rg0D1RBU{a!1L&6 z_XX{dLQMV&=C8ZC2c%lCFp-lVHAa8fg~n=}u93}z`_St4D~5;TNB^2ifU#N*7YB?_ zITsI+GXc35j$vfaQQVJ+!l-9EU|DAAP}@-)hj3J9Hq*rF$4R2Sc#HKnCNxZ=WQNQ_ z61!XuoO`2p*byCJ4hgQ5WZQ)X0}d;(+qhr|xbHKdBFjdAaomf?*^h!o5)2io|(qBJOB zvOHmd0SDZsxrN4;OeHn?6yQ-@=M(rI>-4Bik5B`!T}r=Lpx$ZsEKnDldGt!KoSSlHi)ogw2;yt9FS)bdF{$t~`Nr z5cZH;)jYrg_9}bx)k&{;Kh{n<)K!n5m*P$B{SGw0m0L$*I}$sTc%(xdOMIG(os1Cnui+Nho_Id?QI7p12zCZd|%c=-`UxL^f_{0U!b0T3*YYoz=!xY7N`r3 zApJJdhmrm_zF%9Qo_G`ADSRJ6*XL|3!so(`!;wez&pj+#0F2WY9_2LGCs=6{?jfZA zh4SwJ#``9$G@#7iIF4aWg98`U2PiZHCE+Hy2^_$tlqo}4!-G62I>8AVF_);565jpT zUQt((8%=E0-tCBoI>e`vBH}boWW&5ab;TFzU2?S4RX?I}{;&h2c?0?iEmu57eW`eC zIDZl@6^~8h&pG_LkUv-8Gy2#AsLTl(c}|cla^g8FK~m2-|FRNCti;z=f=(}Kt>s!0 zs%Sa7Nw>G*l&`)YFc zqOif4oZejK;|JU(u9W0JIRe5y?#Mmf5g9@6d} z<7K<+YmpCy+gD$G6W$}L(AQdjZRb=8=WX~d%s!B3_ECvCn(V>GBcox*>Ki?? z>FY7iEPN$#lL6YI!=c~vwvh3LOO7GdBs%bL9PWtwJH)}nC%Iai4b#Lsx!Q@s#b<(3 zTfF=6xg&iCqMCP5tq;CFM%--XL-5@XL96UVqT(UaFA1ckJyeX(IS-ZLbN)l+$c0im z{VtwnJ>*B~0RGDwHzD;R*I0xULIsPl6BYSAmIEW>?uWFkuEaZekg=>zB@mY$MbWKD zxi959ZNt*SUX)T}ttezRp_jvR$qGY_{fX-C*P36(Hw=M? z@TooLnFh3=m11~GMm?jc1Ne)BW8)9-qo3R_)#g})2AK)N1@cQJR|0EsxOSqheiZvW zr4Uwxf*~@Sh;YW26FW`V)Rf+kI$CS;wd$RCnjMw;4U~tK0yC#LJlpK8zKXnR`uz>~ zj4!hBg(Tu{r#RQJF; zkE%d|$dK7UurnK|ojT*w-4?9j7LpCrS}s&10vGCx-8*^$CkhAq0rUP0Wi7$JLjT^1`Z?pnqDmJ$i{cnB6> zkS;A*sI|F$Q3f8_4A>+)fS2wcECy<+CUAx@|#f5a& z`*;QYh?H5c=F3;(Ne)(=EskYD(RkqMJK5=U4&IPQhptyH!KYidYjM_TSq1bSih@8# zvFxfgw(#aRtIkW2AIc$TgVXqJXEyB(@-GrNjE3zbJ*4QOdC0};-=nOAB1V-Gu69=& zix(B3yInAMo*k$C(mH0T80YHJr&qw@9U<4=y+{stV1))t+Xo zaZdy2K}0q-UP!8$aXACT1QJW>4iKl2-e%$u8ImIBeJ$;SISu#zENTvv*Q?wF-JH@8 z%={fJa#6O3#UgGq$CLy$_5ls0HMWR7a)Z#N->lsDNfGwB*Utm{x< zn(wovIbwGm50cZE+c~bd241l(b)<)8Va}H@&x%)PV*4WYAzRaSS`R|!_A1>6$JoX! zE#$UA6&S#wgv;X<9w!r-dvp7XSwizByeXZK!t(j(Hx`_M>P|=h4~V;z5P9L9b;h2~ zx*+~|c6EUE|vu5pr%wU;NqqNvCafm;~Ci!Em`DkXtOj3yZ)4$?@;y%M6 zf{-%DFo=t~3JOJ8;^w(5r!`Ax@)Mc>VLi~EPI#&uoC?rT4o;o1Z)>)KlPY|3WNNyM z4Bd1DxpdejIRJyk;pR@9$SGH6G_a_Vi5C5DWRSzb!~z#eg3Tca6pM#=HI{rkx=^IG zoHQF2r^FuXzM(vS=f=#Bs4C19ERn>g-zAs-v+AChMTKQDd?}tubKvR>r}-+gVGWvs zu@uJ^YITr~4rR)~qw7oz>WsH|s^%UZMo|od){+POSeYd43e&aLwGqNn$PHzIimH3k0N!kNUUmM&``Bw#TJX%R#5yS;_ zbgNL5GKU6nYl)J+An2v9B49oK~EFqZ^iJxy36xxxUqolz}o8v?eyy@L+SMR)3M;sT#j=QM}WN zCp$ac2R@X};IdMf_tHuq3;Ca-9q$Y-+s?sdvnjajI0cuzj{cd3UT{6ALaxl-5`D&< z_O1~|jDR+{zg!r}Sr7p~SsU0QoTeQg7`a({!GVEM!n1KE00+p`eAs_GH~^meOQ$30 zXPeYb>s31qYS`mn0Z9JMmM#Gvm`l0_lU1#t zl@FH<7od4Hmf?xJKT3?+f8KiTteEVry8ZLg6F}8 zWaAW;?$#?tI&dO!;!z~r79ZqRjC9rEl7|oXu?1`kk93uWM>^1t+|4vFfH3G)( zt-@+_Br-5P2Qz3rU_8NshIvtq?uHZ0YCCl++QkD|{a{v!P&OK^5-(FH(ULw7v7NYY zo1u4&V|y0bg{4o8t^io=WFIxUIO}o4{#h=qTdmmScDzYl%ZP3mW%bI9QJ>N^a0BS7zSnn*Wq1SC=n-w4jbF|F;mQ+9_Mori{HfZic1 zKo0>C;y~u0cpbXWiT=QzawEu2jaHy+!^!L6#5f-^H4ZtKA}3Xc4;}|K_7`x%|Atz< z_GGDL3%N=|j&6Zp6M1pljdDabq8?L@Hls|+J({9rtv+ic26UtwgF6fQVA4L}_K+;i zlxu)TccV3&>_cB{(`b=IbPoG{iSVp+?f+1BPS?64T~xnx+DJ#_+%AD?XbDJUMF2XL zC_5QW;M8qU9hM#^8pfU@bD#>5iHEz?&}D#Qw@Aldpr#~tloVL39YJE4V$VjTBL;w# zTI`oxW`3kJMOWbw{Piv9sLQdP28TkuWNGd8 zu{^KTeF?Zp+sCl4{NFTFX>e!6{Z#!3(G%CPXInFHDlb+q17? zRGn{|c?x;yLG0b9T@=t%Ni|d91KGk9l#?QdaW+bD?HT5Jj-mvIZ6)oFD8V}8Ihjl? zB>FI!|tLwTMpa!y0J-4+?pP@Zdxs11mciWD^9e!@s@gJSCvOvCXgPz-dT^iyC6 z63}k1D@eIR@ic6}TX}vI=l|%WE<_t9Fnj=EC)S~t8z1lB4vM8X858P;1$t6M) zf{&pGbOHV^hx6c4kZ2eCA3B^)y%j=bxy4V(&yV1e06Fduj<~2y`@n&HmiV}KI1k*$ zvo|w?;;xHi9%l@dXqvxvm3XIje7H~B79e2ljUNMXN2E{O-j0QvZ5#4=2Z#cH))E{3 zl?-fLFmr}={uuk#ZaLc+P@u*tu#_~#>HFZNWI;-#~P`V`f47j4z;So9I1fO^n!)xMPfAp6wlL0 z!NRlE8TC*DG|S_LQcPP96E>|qM-ab%HnbC2aHNHw{yYy`ChU#dUx*j2Zfqs+cpv;P ztH+s9#;4Cq@?k>4bkKT)ZjgE_$s3K7!{nl7JGZY8?*@Jjl0Cs>%WNXJ#&1nP+=|4*@U zFTTFS|M&3UE=FiubF{XbaCY>cICv5s9Cyx4ykpmAIf{6!D;zjcX2&VB3P-U(W{)wH z_Y=6_3B8QuTT2#oHqP^7=<=ZJW{B$L#(u*;Z2w9`52szGR#648E0 zz;EExe?eh$>L$8D?*7|xo%$>HPtDQp#Yo(&ZJ{7ncn@^D2d7~c#9EeL+i=_#nSx8+ z$Ph~A11sf1nlO^f+OpB~JUct4*gcOo%NZb6jl-V{}r}u_EiiAF(I^Koxm2 z|5$@mZ78qC@~z>feJlrn7mxx*z)Nd8MaTKvsd}O$*3A5@uD%tIiFY09rc}Wz=!Ckd zMcuqOH}QcB*DK-H7p(gi!pSw#91?Adf}ShkyBbd6Ca5TZnrzqo^V=tuNn~T2@Y-_e zJn(xwNdG{TEO>3p%cKwF#uRWEHz>Sh+<4wzJ)r+!3v4mC ze-F1L4)^X`j<+a=i{YBS#K`J{;uB6Gyj7i?z?hxKj7aL(k6-SqekIF;^h4(QAjySC zK>$ESorhcWIB{CsUQYM+=a3H^n<-ToAY2+)jB;RHVpo}B&O=g%WcUt+7vtK=L6O^u zh%)9ZJWr3&PymryzwyvBq>iw~y-_AGY7Gj0tuIar7~1tx2p&>6ja7fK{xHQSHjL{( zC~}UvIow}ziq@7F50oL?1pW;zf@QlnL_&$+lBp0vkkXA4UugY1wq6S4xGDHW@GJ+Y z(bq}XBp0aBU6#O2CZ{)+I=`dtMOjbi4TrfeYV^m*^cz37`tzhr2ylBxx!UwOv23bHhVy}A$K*DKy4St`6VEQ?JXR4#%A{U z&E|xw#s(6xww0kNJ2o35zmwB}&E#DD7Yg`=sDWJ)gipY)RBP=UL>tioL^Z)`qo4Xf zG#ww-w#4Sw5Did>2@s=0qM3hC&y7Dk%>zi@8j>C}cfHK@8^4eVroqpE8+9&Eso(@p zAVd&$6p|}69j-MdT)7O5qgEZoln3btZJ^)asC$_@ZTH~8?wjXSSN$B-GXEg{G&(k$ta%ob z*Up>Hw9i~XC0F0wS#q~k@>7|}mMpFb#49{OzcB~nidmPav9#>`#=pe0z@ZORV&8F-PR51KN5LsL$B zy4(5FXr2QjPk-bMz62$bF(=It_#+;PSK7wH1j1z?QT$emqQ{A@r+;8Ja z(m%Dm(zuO^>gxwl^Vm;VC*Ic5w)$QTl1+uoH;wd~zlo6PODT>iCys=B=kLhX?sH%+<_jRI-29U}v?+&441-SQ(KmaGh&%%H zzSW%|{XksmT*6kGT59xf$kG2n6J^LAEJb5=#=ATRu++mNqlEH;BRK!1&V2AJ<&Wn4 zzjfxnOZoQT7|#D$XFjn#%3sC#t2*;r2t5i*lho=%=>0d!25+a-NP1B~MOZGo(9#+X zK_yJCa9sGORKly+~hPsAf~LqdK4WmCT*7)!FP{e<#J3k0i?Cw+dj1D^UjF*LW&bZA47bgV`#Dx z9G!hdeUxx3Q~Tje;PtIszYz~X4L9Qprt2w~U3}ZodTB*nb?azQNK4-iVxGs&> z!KRsZwHr?^>>JQk<;Rba8S2ErVd=)%i!%`VfTcm$Tlb7PG*C`q{PnB1GYE8 zeMNdXc`}P|i+By)mNl1+CnvqJ&30gZH_NPaJ*7!+vf!9^kN5<~@Ae)$IHaxMbmH`2{A}>vAzMrL;j&ik zu&tmiy-MDXMxu*zdkC%9t8w?D@8D9p%BfIa4%jQkWNfF!7v2N7wD&9TR|Ri+UxCk7 zw3VI)tfK`+qGPaVLkq`BPl#%V_JOTHx|+@Nx>6s#2#V;BdB{qE93R3LS(~(9gLoba zUBrO&25(^k1=ASwm?yzY;lXCkwK4}M{jFE(8Xt;U9H>SIqk6!&_K!qg3gF|V9Ubjb zqx5T8xLHuXvX&%jjQmq#9Bv+&BHz%K?*mt1qQWoX&>lh5^Dkf)U)1Ha3)ZKVUytpj z#`<6xg9{!`|CyR|fa%xf(!!>#jACxyu)0c6aL=%m1T{v}Z0ZwO$U&@Eq<#mt(2t3Q z;C}cVo;Y&feViiSm$`hbm8eNdFh5R`IeufB^-5hcovdzC!op_-jH*AFRIr3_U}`Cf zc-y^j&ahaj(FMpLv71ZZ6sdx5+?OS5`i&A31T?pHGN=BMfbse78K~blQ@+Bq*?>!a zf;kulIakqQIJFy(pej)?9xqWrz=w4#h5qqk8W$`q-S_rYsuk6)96DWe$N z?X;;6CyEnmrg{2U5yx1sWio~Bv^!-ATWa%V3fpSegIpw&q(vL-4qN)_&MC3mxaorKEl@YxaTevz z3lc53Eh~!P0Mx`O1U&~27vTZF*olkYqE1=^nFDcuMWG#4;%;Z-Rw}KsmQALDk_ z&AApZI^s(cjJkQUV&##|J~Px8ztD-P(zyF~#D-*Bue}#ITUf^ZT(sq>+?e?YIKa?n}| zVds^9?a&m5R(`ZYYr*hkA|IzBC=>kPTQsy^WevRr43LqFm!bBadb}omsH@8V8G=z@ zJ)N|LueGH9-=|Fk;>)IZ+cQgBGE4VnmcDE(VttM?$uHxapQzefow+=-^lRffD;wto zwYD5Bc@yFccJOIslX6elz+j`7BtC#=hes?Ez8tanmlxu{+c?XtUvarxR9s#tjK&vf zHfCG2lY-)TEFidJ={JL8zR@cT6)pQy$5ARc3$IhX(Xrr7lu{`5DoNAJ^!5!(ZAA(< z{r#F}43ql#d@O~e>ANVeSFZ48$gdh1mD$9TUEPxm0h~F+%&Cw$|Bt$N0gtk}_J=3Q zBn&e64j43Ql&DdIq9!#85zrvvB7#l~Nz{U3OYt=a6>&zejgUB*Fz>t!VryG%t(Rh3 zJ@sGlXd!sPgdl@fD_-i2Q;V&aJ!fdeOCdpIzTa={_njHgo^!tMdA{#?zVI;bzO23X z+H0@9_HFI8gKD;R$ivMsE+X{>ZVn)!D_mX(U#bbEyPVSk-0cnUG8-9JrNM$)o^d=>+k$npWD6n7GdeqM?!-zf%A9^*pIMI^fZAC3Z zz=MG$XW&AjD@E?)0<-3YF;B5ij`{urW4^zA%z2a>N?yj4!WZ z6vGA>&K)o)0r@etBiR48hxeq$0vJ<p!qr+{x6E4Q()Of5~HiXtoVuC-o!=A7ZErAwa<*juX*rDA;v3Qz~67F$j<$HaV7o6leZ%YuSute?}Q6i zNB@q{NxR|3dJs_{Oq zmG3k(kL+52c3+0>&;@$hH?}8c&r1B1bG69xK5bQ94r+hgYfSwNgbWx{ zQ++#&?XL0clo)A!LG{c7P6I!$9bnuT_l>YTd++ILWZT0ZF4V@n&NEs}!o2ujim7IF zJ7O{$gin5Pzmv@-?a0l}e@h^&*VVfLc2F;thFw&{N^oI*)>UWuQoV{6cT6p}d0I9(@b@`Y?Z)Rel1VhXG>Hm2J)} z!QG7|WhkOL$g3z1XdK3>p9l_BoOCP%ueGSDJGkNHm4$Mu8A0lCQ~)EsoTbR7UlRSR zJw6!)Ru;u44~2l}Kz6Z`_+%gKnz3rFYJt?+$9#*C2?D*iuz0+La<_E#CmI94ITc*h zs=T=vc7-+{%zo^?k0cc6K7;}JBAjQos<(6D=zX|ThV!v4xv(E23^Ty?%wivgUT7h^ zQOlRhz0h#he}l%gM*@KB@_7!Pw`4&sMu^`G3y$-%q2~||rCyQ^If<+rp(jhf6VOI8x^n zRHL1$JZ6$FG-vf5_MBe5ZpAXth&l_F$A__UzCQ9Gy+{_h<*8br%-11jqol+hq zLlu&tDhp>cB~jDxeV|CspL+U+1nEng3of-(o+_1+g~gjyI33NMI3yK6E#N<<@iLX|gb8PCP@& zJV7F;TYn~XCox)cq2JY^LA59w9piRAy6nJYBf|5|x~EAU<93oT^Mv$`=6f7E-l84Z zzTtO(ySe$|09U!d7aan83rH}dwONmF|Dh=2*$KM70(xVfCTY`cP3n;%Hap(O6UDt~ z1~aUr5E~_UlJXt^T`AfyHlK7!*jAFdjFYsd5RjTo*9&xwhRbQS0o`Opy2)@9|IICi zsRFEl^@fgUbz1CIC1Vwb4Dxs%=}5>u~n@YanL-NSIqrua}%* z4!9Vaaz1qYzpBnCMA#AMaJ%Nvz3O{^B1l*c04xTxBq>*ycUk6%{3GrXftMrhm4I}) zmD%ggW83VPJ)U|Z9y-=Nuzj&(bEaco(bB`P{nF!s1b=;Joe&?};zO|or@JZ7kWzDS z3}bgyJ^*(z;vV|v+6QkK-1sv#u``(*$5WfHTw>sOPT2kUR4K#XVq4j8aX&M%s}$pW zRg=oxFS7u$$m>8wKlecHNkkkg=>9~cf>lBvvpy1i4m|H@rhJ zHu@J@H+bzEi>)(_4J(HAeH<`ev4qo-@|*>72QD7$C1R1j2frQrpk?rPIEHSkD*_3k zKR{nHHoTzE<+kCx5^*U`svP|<$xOeh5$XNBE_urdta(9eYm-{{Shmh5B0=3m7;obV zuCDKHWF#UC!vfyQh&(`G>Aue+2CsQEspo#mFdy6N3xoktRLrAgv9q#!8Uame>j6=E z#-YrJCiPCn@fcm35NkUvSkB=Gnf~nOZb8=lh!!I>c+B>ryh=v95z(39XktXZFL{u; z(IR!m`q(a1!P@4{Oe|V@T8^uS*RzUAVGg4^4Kb0Pk`puOizOoUI>I&O0gcc2dL z;U4Q8IYtPGo^CgXL0AUm5imaNe%4P&?qs*CT#(qru3;aIH&?CIl?1p?`icPCT3@=G z{2SRk-1-Umo8xmgrHI|_^rBYWlRjE{F%B4k^!14IFRU;{p#Ow)?rLlm{&S8%4&`=XswdSt=>`L8JU}W zm`P=BD#hI6DH%feAR5li0Ox+_m&vyW8Q9p^=`QY*`q3?-ngyiW>NxVBD`HH+681l^%g9pZkKm zBk5<9?d|jQVs?b43Dwv1!sjW%ZOz_<_j$ArHB3U(`U+iule4xF;Ao!QmMcGS;$%$* z_7xYmT`LFINL}sYq9J5-c|j4FNWr=Ygb9zqozRBLMRvW<_E$z;DB#(YaXZzpPRBR~ zf?Jb)Yyyks=Sw5|hAb^JZ%0z$-?l4c=csLV>UnT8%J(PAW#)(Lq`h35l?7or<6=E8 z!CJB^?mZrvmBwd{8^GdfNHq=%Y6J1v1@SrK2CH9;&8Zy`Z!U~47`Lzbjo5p z#TSkHviif=qS_+P5ewCp#>2(&x#Pa7{ya9fc2s;`NxXgBf$G1++G~%5 zD-)kOq&f-DQ3rZsQ-_479q5nED+yn4U~4Q~93Fq*`PlW|aLs`&vF{ayPdl(V)?64q z=|Ep>c0ssY+BrU_a>#+rAd3kCRK-etMppsqhqY^nx^U&tf95~Xyj;DvhCHD816;iN zZFD^xmYz(~*^^6gw8@FKSGSP5L7-&|{4oGRjdEOKZskPeR*e3Cou z0nKV#F1ioVpx+|e9$8w}lvxT5s7G?qzhpEF#G?>!&Dch)WL8M5Udb>PHk%k-^TLGb zK3q6XgoeUYfV?OsGN9{f0s+CI$)%d&0rm;Ce>G7AO_x^+aj=Or!YV+*Ltg_Cn`v71$#37%LY;r`iq&GGU)Gbe=(V z{K1(QEuE05OzeiNN_18BqHTk!LrWtOrmN3D7C3~fc%a`C*z{jBy#b!cRiJJu8e*g> ztGsv)bE5QWMCo`=S<`3c@d?T~Lp1xfn0gEvbPN~|lu zm{68QhLmuT!9HANeBM~QxyqhRBk<#S;?E;eT=9b9#Ewl^%wyErEtlj2;bX1-gm+vq zyCzP9_U?stfU%($>BfpyconzxtbN$}@Yn3;fKx zVm`HZkClXx-m24~*JEwNw%#6OH4AMt5v@igYhQsIIs^S@Y{4I3hG3hu*?8L{B+pn{CJ^#p58W-`bndyKR!+Y~+VCy)FLE+p0Q9q?OHB zC}hG_nJ^BeK9|<`v{tt8zCS2f^wXz%r%);@9C&+-Ib* zIXqhTb{?6d_i*f)i>1lUnZ%U+7&8__{_moIXNJ>e^d*b@#MMCq=ZL22Qc zu2)es?w#WhflM-HuhG2^Q~$&&5hgf02sWa~vDEbS!3T4ot17w3X@!pS4@5-xv3Fa{ zAnVgHgN>PRSx|k)iRcp0AZkU$$)L^zDSL z7j^b0F8y4i{FsPUKcZL_r~24I)IUA&`aDzF0V-pl8s9dzRUMGA(C_x2n{vrM#{fjA))YWEi}0Tg!GM0g z2=0k{Y0AXp3Hxq18X|uiz+A2#F*LR0r{>{egwKII8JmWQW%v9V#KS?;R#ph=O{^O% z4Xmuj)Y961Hf2!X-d7>6PS{38BmhB=aEA3N!Zv44c(HFE6!>V8%4fa0=T#rIN~-s4 z$E2|oph08(W|X)<5SuUj3GZC!I_&{w<>}F~UI$afx@zk|SDw=M7u12#jV@>R9H`X| z+&m1Gm|L(r&GRA{jJ^EkW30Ew3=~Z*GuHdkdAD1bA9@R@P_P@=;+nxkRLl1qi0i>C z+)y>N-rD=x2`_ejOnML92V(=Ju=r42u^pg`prn9Gg8*}k_5K=T{dTnMf)idrcJoiz zK6D^;8DbZ%N!(jWT$>VZx6wS9?}w#%AIfF*ahe5|n%|4VtX{Cx;%!dVH!NWbqo7#ijZ@eJ* zrnQavJc@jBM{En%80&TNidTKBBq;{Uy8f_AMF1!gm~A0gu7QJt!p{G{3<}@@B9AWV zNB`c|#lDXIz5EhHkV;Jm{f}(uc!ZLW!Auw`7>nI-dv+i+96NABZ5?gl>hea3^oll0 zdRU8kMEm)qZ{mAj$l5lq|N78e-uQ@EAl_II3l_v13uD2;cwV{t54 z9B(X%1xw62Z!C=kkBT=Q8w-}j8;^+vkB&DU9Sa^4Z!C)ikBv8ujs?r(jmO7= z$Hg0uiv^F5UsN8OG5VY6IfV5A;XqFi4h;yxfuLwc5EOIg0=C+Z^eS=#2ag3 z!E@t{)v@5Xc;f}J;P`ms`LSSKym3-2cwW45Vk|fz-Z&u^oEUFBFBY5>Z>)<2&yQa; zJ~rcmL-(_I*gX~pEcQBTJ#r4iO(6*NYCBfX5X`H$F$Cv;9o!Pez!uoE8ESz^geIrV zM?c3#<}M7=&hB%#QjO`r^gzNmMS!huEC-K87&fOgDBkhJK6WDF!StXds3yZuFoqHW z$B|#=i4TyS8ns+fBqQ|k59;AZ!Rnh1wj`KI29P8X;ob6}I`wW@JEKC0WwUUU8s#ZZ zid$Q4*QdBW3YGDLs?k-)p)kU2xg7r2tswq-s}48YkSwUajWEHV!7lzg;RgPl&$ zqVCbyM0=MlwzgV}pcMfvHSBT(n$?RAeUi;;qmvG;iAOF%#gTm@!!r~9b1m#T>`nMD zC`cA$kjRe=e8_x45AOYYZn@0-8<0(LhuVCUuGMtK==yiM$PTFo@WZ4D|CyW=B}$h< zpSHBJ;4QLF!GJYrC9^p${awM>O6!$^PsExmYE*8$sh$@}?~i;0Z2|;g7YDx;_+O@u z5wvk45gHE$LqXcUM0$q#Al&J~ws!M_?_yVUa=Oyw#S|DgybB)*G>I&p*rGC)hH5Z7 z;pRir?|v+Mr#!>OOL~V`?C|LQ-5KZ)bAh=qLqrGy<96J$o*_xN--a!r3Y>`hW#b8F zpg54?CaZet8cap_6oJw81PF-%#BX2RZgsNTz*Av$vX6m4<<_0-TS4`j<^^b&_AdLm zwH3AZtHT`rNEYlB{}=7TM%LDX1Br>}0yT327)I)rS;q#;tRqjT`X3N30DxqNtmIMa zWCsEGXO_8%TGe?1iSgU$;`@li5o$2jM#7?BmRX&W;TRxdJ+DsWCuxnXq#o6Y0HHQ4 z)m__Yw%4nCg0ByvWA$%PMoq7f4y!mXat%!4^uXv^qOTU_6V?We3#}W*~NaE|z^26xhfE$bxNc6^K11 z7ki@(9NZ!WwJ;p$=35*VV!c+EQ(cN}xf$3_5tlLOd~qS{I& zQ;AxYi+UeXU<+P3@g-_~c#@etX#%D=%fAIYuw0Oiq0Y%Ap#rmP%arm_$lE)GdYHWj zV6q2R^@-dN7aA>4sukbxoJM5pZq8@0rtli8Of2AmQDs|cP`#&HPueVfy;+0;bU%s% zJ9)01J?DWBbkF&F>N9Ri9^*p6K+rE(L4e$*K~k@BEAvF%^(Lo>ww>?x!hbk`bKJbB z-?8!g!rZNDop$Vrh}|DN1B`5hm0v#KfRFq-TKyg2mnUmcNmh&h@D3?g6<>h?IO{6KQ^ zA^?x(NoiSBN*z=f<)U&`ztoTR2E@dSeM!50CnI4U=IB-!y4d89*VL zSytPM`({#kjX(PO@?j2C-C*clc}5%({U+4FX*pObTj2W4zoQJ3`hh$R^W{|!x69a| zAXubFune6or)b#JE5)WB_rY?6PlR&Rb!#h^d#(2yLEj>WD3=Hrck91rZB=Ec65fxo zI;Ebyq3^V+aq}ti*{#orr%_Kv5F2&m`?^u(!B*V(%DwlB!3!p)o78Ufa7;+#S>G;^QB%;)g4t{- z9~y0QwIedH#E5beLe(LFW5PY~$mp$8v?`xK%JhtvNL$rVH;<9pfmAWh55U@xXQ=c@ zRJa_N-Y5LcCcarq$;6BqjgZ@I$F-^+i3>dY0%`>SY_K8`-sYO-rde@S`a<*Hvjl0- z1bN&Ifb3z-D0>Qa3PIB6KD%Cko@K+QizVx3xBI)mZ~Vof9$v7}-On{?me>8!KlFTH z7Dzf@9S=Z~=9ieVfi#ir5JkXu-CaVC2c+xxYxX<~FX2{?2V7f$`6*^8t?C{fosB#e zk*Mk-{>RKz3sU380CeJ|uRMl+JF}qStA;IP%Itq&hqo_hZCaJGJ5yEau%T z(ux?gBO-^OCeWr_^gKl85P3EiLH^8<<)K^zuYqHXUr>-jc^KmTXq9Vn(SAll%ML?x z!SlI-HET`H!F_~Q{>TX)TOz?AIk=wm!rhbvVlB=_Q?Z{JIR^zvJw8Gv6UjLYj&iMH>rc~cG@nu z*~3Twr*zsUV1~F`lJTawzYSB!@Ss*pn}o5N(&&Ed~G@`UEBuTB5! zITiCp29_-yo~ev_zT*wZ*;&8XxasdH1-<%vPUEk8>}sz0lPAzt56cl_cNYg#vy68E zCsdnLTl6U+CLR<4-d=P}NkE;VL-TCFH30!0Rr&0T{57xD?3ggaZ~Uk~(Qs_WXxRMi z{xzwKe}-Mdtc-$vJ)EG);0nuCsBlP5PVjnAi+T_moEUo{h>vV5YEic@kkKG#A5dPD zm0NH=^?Va`5Pkh?dMa?*n1@f#L#%DCK+wCYX=Cw(TPjs@5#+1$dYnocj zoqn`j?{zR!GZ!*WmEI^kB~NRg%wrvET6>FnvQdU!AO|%QZ%ZZ!rBA$^jjl&6nXA6- zzRxT36K+UQDL%5i9jgdlY-~~Ag~?AOk*Uk&EN5V`d$#m4B(%c zana1ID<{y%8w5|JH*dHY7X8*$GSn}S8zfl1qgirr!mS z=E&UAuF3@@ket>|LR^*Cx_qA)^T8HX{7;v<<`Hgshfe>sC|m73I(={xLxoPGatVY^ z8*>Sc%thtVX_Wv7osP-@2%T=rr7g=v37x)^jdEIfuQXsDM|`9MTGUaw+MJNfMJQRG z&BZ)17bTP|&{0A*4D%pdlO8x)RLKT+!dHibK9Jo!Bb#{ry*TqzTmDU`li@bAkEM zTe{j2U~LVmE1b$=_Gu2mj#`sC;UWT+5@;2(jCe6$!L&>LQQ9Aya15{(d!Ivx@}%60 z+rLI2EbIvWQbH9H2h~O$V0kNC_Akb-^*&#K52`c%PB{{=k|_hB=JhUB z+Ad6SNr$zZ-7~<_`1oPgm+W8||59(e;a|}AqT?H%>V=D24@cu`KH_F;)&up_j}T@( zQHug~O>j)(v3@%->+gc!js)RP#n4vP6Lf0O>m+Ixqd*iy(W#>@k*GQFTP1ena(ttF z5FN@emky-((1!Vzi$>-Nf~oD-Nt;{Zvwq7YI;$c;6Zywb1fKF~Qg5EkrU|4zK>#Bj zawDFt)e&zZAR;#jAn-QBWB+y;G1wEDF2{RJ^nV!qG}|8o<`K9>eKqj$z_`VIJXZX3 z=r{%i)l4Po<&d=h2}Ai#WcY8^Cn@mvL5%z!|O+LZ`M7d7Wl@lR!3X=*C7K>i)e;7IKQ64~Z~ zSv?)aQ72n(-0elLdB2S{;ZCmI!D!JyvLlPg8puPI6CZ+yf&9}Z0#k3pqdTVUf%;>L zR!m&7RD)|$>?sl2>HHfVBu>{anFb}q0w|NaB6lKy6!YwvT-pGOo{aBUfPie7Tvt03 zDbPH6HAA#SF#S4+i%5<6@ef*OW!84&2b+;CnIP0I3L5y)br?lpSZVu)JKsr4^y6e)j1fTR2@mbZ{ zcaE`PAbq+y&rN}yXusK!^|hOSLWXUnYOf%HTc_3lSV88T=675$lSdscHLZ`T{^}*%gqMz;$6uiU`ZB`N5ib&F$+m<4G3Y@$kew1bMV1S zL!%;t<3mS921~-n*&Xb?IC)R|i)Uf*OBWYcqe%hnw{X2UcfQE=x{RlZ8DDh{>H+l{ zLe6ytROn6NmOSnsFT{WfqcODl68S1BT!_Fz!M!a5NHIZ z1dPDN6~>4euo&&h238}m9)Z=yi290@iB!zB0AJh(kqsCbL^%d=nEnrGVlNm;57T(x zd@|WdhH2T`T-ghnaF{+-gW3{+VLCO;$s9NEk$JsPQ!?jUa6xsH4sb^3MF>l*Tm;NJ zlO}#;gvNHU{h`Qk*b$rs2=mRuoo2=eO*I{R<=rSA+;xN+1dCXX*QrrZ6>3J3bs8oD zQQ9Olqfl^9eF&_q`)N)r^&N4}p|h3F$1bOH7MvY-a9vkn-QUZQ^Kv2Pw~&YCw+-77 zry|G%tC!?T`uL}d1a0p^D%_&bk~Ps1}Pb}T|E$@3c( z+>V*q-}H#xiH!0i88;iPEy}fdV{cPtLoZReW+W+Gnz{(-+6vszFMUOxR5{AApCeSB z9M~XoAU)q{m#iFE>B@m@3w`Dw|6llONnotR(%o~AG@$_gpRQV@bb3KfcbK;6`GUm}w@7(?m0s#i>1gj`@=7)5B4el`d81OAD1k zgZ3Kc=}jMNc4YIKY&uY78j5d1xWij+yI>9X3(WEEIF(sf58 zZ{8Q#chS;Ckmue^<&P(t-hgfO0t*`%vpXyiCY^m- z=&j6px6wN)>t&x$mvr`V&H;4%&MV@2zZ{qE>Jc~t8*hH=BWD|@MK$jdj)8zEj%=yF zsz0}r)1vC!xbO$gK2D1|S%(R1uJ))OhGT4bJXnj(A!IfZrxm4I0+88hliWf@de=h1*jH<<6j8oRbxhP&?#6ua!N+#<&Gam3_ zsK#Cy(kaux@&-3$_|K3j2*&|K54X7ZU8KJchOmc)k`4#_`7V5@_Q5A}!KY?}PlokB zBz@G$VwdwB>txOCFp1aStiGn(KE?)5-_C%s4V>gDI;624{;z-CSgYK)yvACl!=$mu zpLV_9+T8h9S1(Apj>Wua}om;dp}Zo_SBCo!t;U1)S6hSueS46yAka}WY*aJ zlkh;`@a4Hj;1q@a(#WPQ$Ou8dBdFvWSyl=Sg~+lpESAVSk!4llhbDeBCjN;Y+&5cR z?+Ld@mIcK<#}i&0S++pjrYF20vTT{S+o4z;*!EcUd*T7CmllnKEMO~8QH4^OLxTv&3LVecrc8PrnU(M$G1>rL%Os!~tVZzkP z6z)`c=v9mP=b7N{gzW!XfyD5?jX?c2au|FIdE@-G$J%0D$+wJFXrNu0L-82#}%*~2QOSB z%O9vuLHLxqPtM;#v14~~o(1t$3X@83A@^RWJ7AfOg;&3|(>&Z$OcRvp6nV^V8#uAn zw?FOr0L~V`810u?ngf52W!I3R$@*EM1vT5J-EV9H|=Rfeldqz5j;}}OIgnuI8 zMqY{^_sf(H{RugT$3%7(hANS7G2V-A%H|uo4nZX?>P;O4?D_D@!v$fO*WsH-o3i2O zGrTZ70^x-%>et!uQ#vmY)Q{TZt@KHBeT!O|jUFNwCh&qiZox%laek0EuZLbA$M4AU zN<2N&qR#B&@eyQKXhd>a75j>e0!-O&PpblAr$n|DSktPgozbE)hp{jCp%ozqNRf>S zDLmor>F*-Q@r91o=O6XRBr=c*&(NUE5%oC_k&#{0H7iF)D$`FEL8q#=5*$&=+%m!O z&^EI#sgiVi`tXj;^$-{7A_PSSi^8}{jBPV1I5dPxZ^$@@w5<1?jplOH6nX=hQM-Rz z%+2^n&u$hFYD{dRS|#rGK;B91!{@iENY+!+qCUbJUdP}D)D^wrK@Q0d$pM)}WQVsP z((wg61*jCvd_d8!?I@i5OoU*P#XsdQ_b=K-e*aiPK1ZFm=!Yl%l zM7aY`v&B~ia_55bln)QHIPodN-tuC zqVvOddx|5y712(fIfPDTt8D>?qYV-ldyQ>YQDXXjTp+t0TNNVTR|L}MVLGwI^)DYA z$qZdG23%3GvEkCzOCtLULVmp86E1yf`ehAR;PHdorlSX}IivSO5qCEwYM#B~$Syy+ z7!PJEfolZ?t8CTUR|NL zKr2N{V=!NnEaX_W(DET!cn&85Rjn#?MUf{R)b9b>cW^@~(KrJp0UMiJE^EyM@pdXF z0ip*bwyvU|fn+Hk$WHWh&|etzPyApOfj)&C(cIQ<8k7QYQDVdCh1S^01fF5;EtDEv z3gxE9FGmf6>T~S5Q07fzZBk86ekAPJN)hFFCif&PZ>#d4&Nv8)RSX>q))?yvO)$@Q;hJ&gsp0s1G# zj3e+`qMbB0n7+t|MLl<;r58rNDhwCeLx@^PGM6Q1jDXmp{7{$2nH4p{2pu{Oy=I(Q z5WrwwVls~wRV83$sKu>Pi-)s0-N9~XcDbZQinBmIDsWu&6lGr-Yk83_#lbk;XtrhH z8?cWa%K9c}Q&;HJFyDNVc`M?vwXz}$mMdfs_lQtPi&`ZO>U9Vws@^g`BB|WTQBa-s zvXDwoW3<+rv7z1<*;%xZZxWrV-bXglbVg=eiz;%f8HN@^mo5Pq-Pq<4x~P*R2m}pb zk_fwo8Uj>;NsL2D_@NxplZ2WPEH|xYgi~}{heX!rP3kF0;I(Tj-OZLfSt$I+@k#c- z$rDaWasjvF*;T2w{W;uhd#xdWr-_1Utb4ROvhrN^HN~ zZ?EPcLCstkqw$1J)pLHUlOwoJ*b;-~kqoY1;e#~TQ~Wg)&CATz)ll)_CZJgfSnL-b zF3n%61r$d>$U~0L4SG2OVIHtsy!OlmV!dyqJyJh1)$Y>|Oohwr78BQOBm2Bdut?_d z1TGly2q&nX$7CC2Z}ec!efHs4hI}?{=!;KRAK8K!)rehfM2eD1vV${XpzVppcHtLfi{1TqI1=6Z3eiKNErrU4M#{vR zLwYdNSS9oaUEt5mugCprY*6{ovG8mk1`L^IBNuc$HbF77#@yX&{gu30a9OZzRI9p3 zCa&caDa#=?@NZaVsb8t-!cO+eE+j&^$8BWlqD$Kkc^JMxUV*e%KFMb54P$eddZ>2C z13KAh&_FgeSWMgZe!zI4(e%}$Lo<;-Jv@sgt4w%7^iF0 zJ6Q?B+pEbG(HCGzY|}H$!01|x;6yh)iAF!x`>nk+Wx1F?^Z66x4|c0@>zF?k{Grtk zPB=XF;nagP8nzo73SDcJCD7R~;yyF~PzFN)S(fPLX0yGT z)Brqqi14NO0KNhr2c98-FHdwYhRa^Pi2g2IL>G83K7bG4Qe8(Uv^ zf1$AuR(!vMd&eta8^i8?NW;|I-S=wOcze@Ja8ZbF!56QjXt`}YQ^^KLc^}||g4}f% zD#8#H)L?gSXVP9gv$FaPW(Tw7j9OLshEB5+AO0Z?Ly%^U-Tk&sG2X9!YXZr^tobC+a?Ws^O_ zSp5bhlJ&yJzr-{0)(|ce&9(2_eQ2RCITHBZ%9j9()LZaD>g`O5KNQLk6guDT-mj52 zQJqDMw7Yleki~ZQ2Slhhbc(%NF|12WdV)lE0S@^+KzRHC8;00ZdE+i*tY5v0(6e9z zdG!~};f2s-`zHeoTUEIVfYx1=UHBk}HTdu^u}VVH$JX=$t8C*K(W|k#N_F7}x1V9~ z7t+ILh9GINLRm6}62hOm65W6)x{UYO9*|`ZdYC=b!jSR4lLq@%)siY;ZLP_0e4Gry z1d^B7r{l2FP^*SOC_c}KDnvxihr}f{AmJ?7EB9dsA#_CN-~nJ98m4b?MRD80gO{W1 zX}-w#LL<7F;Po)?m%l+DeFmXHb>By_V7HM8H+Z)9oSJ*&C{e z3{)5^?*~L8F^kDzmZ?###h`*`3AiI=B}61G4acFP>~k`v0wxjn7kin2r6(`H!F|AfP&F08o#?2-BX zb~x2+%_8*iNPyjAPn&N=_cL&sX$e;*o@M_uujP-fH2v!G z3#DJ!(-t9Fg+0S(8MrrVd(uamEiR}$RhT*#v!?|LrNO##t01M&sWD&R?vW_` z=wfQrJ-P^OF$Tf`EB>Ih4y! zl4O|g$pi-cdU#~gTts+6#SiYnF&idm^)i9R(k1jm+@yuQH+8%uDqBkcf!e#hPmNy7 zbOPVfR%ytr9_NWjFW$3PJ-waVPMBjYhbLaI#xIaH(Zr z9#~&QD3YIuO_P4SrOvEzrRSFb0KYve+2d6ciM{ZU*!y*C+Y||JQH{cl*n=muyPrq- zXmbLJohy`s{&^Y}E@|v3e+NSan3UT(ke%fs9WNS)WQsRpvgk2py#k7zXOB&kf;4zd z0C=xxh*zRAK(ItRePqD!uHv-^j%fHrytVzakzn$aqm`Ka>N9` z>&@`c$loA$?`Fgxo|uZ$vAoP{ba65ciQWE#&gB(eh_%oXW5XqZy?xyva(H3-I@DE8 z8fDAP7amvBiWcGo?17^$)C~JW?1R=cTwAlG?Y(>}8;{gYN1*@dO2DLRbB7^PzU?1v`H#=kj?RQe z@5jE#H0jQf{?g7b-v+$V)z6$8M(;+}!>xwncL!BuDq*|``~rd4fII#RB>qB;a>{HN zJ%I30K~pBh#}SWu^`Xcw5lr z=|3X~9RCN@8WJ`&f{~XW68SqF*>;75x2X9#YvHQMb28V_&)?ZAIe{zaHOU$R98?!O zcytqv=>7^{`wjtop)s?8!9jJ7RLQS1u(}x=d5(kvrS8SAy^?cAKb+v z4wSjnzC(bRD}!JIyg?vzVym06wy6DJ{W34b6<$x6fQQs~lb{U!lj)=^h86Z~tizI0 z2PDYi7R72UlN1CP>}DQ1%e)_6$rcYpzzGfzY;#J8589%?WQjJTJspo8VnwwRpjJ13 z?Un4aRyTj`mAmk(+y38W%<<|VtD6z_N-qC&wCzSS$m-^=y>dX@{Iyr^7dL;f#pTlQ910bgj)=qHRzyXNz0Z(~0=aBx8 zy-)Kl63f7_+vpQ<4MVZv!gPsoM=xSBw|LcWg#6wX)q?<#Uk>p!E!UG<)XwvyP?N|y z;cRcU%?bZB7ru?*>vVW#J*lOFx;tgolQ`-^?Smm*_=4*9P*7%(H2Lgg&6=s}-7Gk6 zsI$c9H3wa&7Bx!)Z~*8)s6Kz-0`_;1W_YDieODKhoL0(cyj`iD6OQmEr1- zu14yiJUOjgf>|?-$t@M?qdKX1a#{uBlG7-9kXMx|c5|=NA!F4wZti0l;^bbfo|L}q zbLN$1UhcIj=H_0@B*|&x`N`ZeQT;|nIAA(aht#VgH}`smIJq~d7B}|>3C_!XhC0p7 zeFo!_(`NCLxh1GBa&r&rkU8pC!c{154nv&WFINM?7{L8<3C_!Xu6k*_Lz%gZOHP~5 zPv({dDlOzhUJG=HsiwQRn+$PsU!;EK=DtXR^KxITZg6v7%(&#V5I>n)mZ^lB`!XHU zuBcoJ4stFz>DsP_0j&sWErjLJ_ z^=t5}ZgxuTrjLJ4!FR!_dZn>^$!_}imtXMR@T=A1H1)da;~(x1X$J~;050{Aw5&JT zO&|X<>mS0e+9$1waQgV?6#OupYPwr6ef-NW_)++wAL0~DAODiw>$C#}JPDUN-7T0t z{$s!BB7vV-OvXuTM>utNMd24jT=+VYPRMp?5}hFM*J>oV(-y=o>uCer?=Pje zI}>^u&FVM}U$?dWHNhS8FfSg)RU>pd>jtgrl`c1nA#_9r1kE{cV!S?9=;myBa_iTf zZqCJyAZ9ig4NecLKkHtKB{=rdLPxgXm7PiqSXk8N3?uLeydSqwaIaoR(J%NwUqQGE zJ8=xl7wG!D9L7&E#SJ9Z@SHU9crS>7F{0s3d!&6HcE2-Fnt()(Pgn*ftBd-PH{Vs3pUP=F;C9b`$}E!lcd>7aZ~dkj70wg%bkCT&oOc_ z;kzJ>;L{3xezqrzPmMiA6xKp`s#T!oXsAFIYC;wY?CVTxSC|^gpM@Hgg_6lU zwV@*`+BFo`-cE_1=%z!7Xg;HB7pfU~PGqB0z?%i!ngzrpU(d=T&xtI9?F{s6W;hBJ zz0ZMzAtHcLI7Xfm$zyc=1RfMrZcha;cC6t=g6m!83E!GtOsa<4Qio%5L?VV~r3`V_ zd%~Bc0^)>H}hedL`L6Z-ZQUiaC{ zSlvTTC0h0-YS$-fACGJ;O&eMLHTW(Jjf|Y{3H>v&9OpNmST%YD=G-p@m+0%{b8rd~ z--&Fk+dsgsJ3o^3F?u8Agwb^-I!CMWOXrq$IF7xg0sUF--`Eec0eLNfW;E1Q5Pqce zY4BKEsVlHw`kt>fh|}@&L^KKujR62|;YxrPmNUSA&FZfh6EHx-c*M^n!e>V*zpxuv zE`;D<@>c@si`-W3>3I{YwT*wkkI}FVnXJ)KnctIDTh-sS*N(0Of++Veq+a2K zCFJx4+VH)hYcn@3YT-ePFa14DG>J0hft)wED=N-EqCpX4Ox2r%#9`&ZabDaD&7XR~}XH|#>I zC&VKH9p_$|<=+<-%m(gXtE7$#s<#DWG*YM<1io7bQ$zBT@Y^u^#(hMWZg;~Cy4`!0 z$oljclfw6q$Q3$LZu7UODLOl64awb!4iW{sLp+v*jV68Tf5T4F?nn)6i4U7>xiR-^ z@DCvq_0hM4*47644uS_CcFN7=`ucVtGsN!Tq2<9E?YxiYjoey}-G952i2)eswS?B6U5cP=kwEX(LqQU;h`jPr9?;b_Rq)!$T}oG+;@V`#o?HGbKnw>o+yX791sYhH&RrTZGR(kOSg5(O-|Ik@4h zq^zx|Z4s<=NopAndJ$pmlnHr@Iw0Lt!nqe$^LOZCoS7Zp@Lq=?iZcbm<9Ubaw6XcNN`2zWe8WPZ2b-AYFxPky~GoK;!$Kj_}eeYDV*ID=_dkGK4fIrHt zAn&xQmrh|6v|QM{oabroNsnC9tRB`>&2mSpdQ`FoM}-!U{=bnHWp{%$gpkt)y`js% z1}$p;SV1G&d+YBpXQ|Xkq4C!>t4lQ~1{YrPbX(_blnyR9QMeggkUmU(1_Fq34s3}D zqFxrePbVi)Thyz%7`C{6IM+R&K(mQ`=}dK|MxBL50YKhxBkPyWU0yUR9)B;#$DyLN z6Ytf2D6Gg)^#|701XVLZk6v9}K6d_l?JO98p5`Q8Nj4(C0s1Y?=KGlHU|vO~>f;6F zQeLDzfITu}O zQ%$d6+hJ{mYL7H*sp-KSEPZ%J42TDv>9kWw-u$Z{FqBpDv?p;pfjawokze#R z?jnr0&x+iJho2+|AtZ2((Zo%o�x64pn4=zM5Rj__c-Zi?oPl8vd zQ-yWbXTq5Gy`!OY_qhvjYAr&*HZ9gx zWXO)@$C-*ivD+-ciVBnP=>e2*r%v0VmIw=@8(|dZb1%LX|AzPO-}i+UY(g!dyBr8D zP#>QR_2YTw@h%xK#dT=#DPkzj_M~W?0@8DjON*3PH#{+$WSE;|lTMPF&jfowqSahw z0$HDW)oJm+Sp7lueLXH=6)d=Vt$~LNLsOengAT`}e|(b~r#)bE=nKvf4-Nyb)hQnF zRG|4s;-x7!tBE=SZ!&5@j!Y)i;5`IvAZZwwD#m^ikg4W>^#*tz)#I+xB)OxO)amMy z?Jo&e>!~>!=P8NsS@U2lSEPn9^}Y1jBuJ_QbTlt@2@!PZu)b1ACpk2!@9Xs7LM)3x zi}Xb%CKe9Ybu$Nt;wyAA!r(@XTd~JA<$`7rk9-T&SptPudypNP-jCXN)sq^!MYU>2 zPVJfVD;%X_PDhco6_U{Ge+so!8_1|%TMhbe4XF%or7=S8@j4<@B)+^n%6m4k8k+q z9v=!wU(-4GQ*?wCxZhI}niCleg|F;k7fjFS99+Y6wK|{h6d^&nrgM<%rBG$(Ah_BS z9^1p}q>t&rO%+f2h@K(*_@!ym#XW%FD#hnslg@8|dQS_CXRrf4c@lZjJ4x_9f0Cfx zI*C{tU1Y*ZL|l&ab87K+e6d4GGZxex{!NS+3 zubm{7YLr64^Ea_soyeK#nUkbymrRnHP1(enIgw|i&)CEoI^N^c$8Tay9j}o#q+e<; zIHWpJ`_Hl95NZ!>5+Vqm;g8ZE;g!K!l=6*7l+RWQeDaZaqOlKTWf3Uu`SieA&vCiB2h0bV zy3I}fyheBJ8`;zsX+MAcU!hDmMk9AY8bW*>aOSqB_V7|rF>)h1CoYXtBsiV2nd{l33ATM=c+Y%LalWx~Y zuKhqKJrb6}a!HS1(o!Uqxv#2s6aCytq_T-dHcG-bbqp#%`c^+;|dFWz1Zud*vAC- z|E|(M5{R!=x>Oe{^KKME0zdHeLY7D&Gylgz&iv*=9y?a*mS0H6*9%!8g?uOo{dYBa zK_I?XlbN|fY^g`s-}yoZn$8m6-dAOi+tc@e5xof)r#ps|tpXyI4p}eop59}G=5F_A z=yRC$)MDOWiP^-}*6Zf(W^8?oMQZiT(X5zHtM5TAA8Ei~4^|-#>~kDUi3inBq`mRz z>NyNnf6`v7#CjK77XiKMfu(~#DCt^(uRa{m;WrV5*=5k!8q8o6TX9NcaD{Ql zJ*Zlw56^mDV63E)7wlTC!k{FzOx=J0K;!1m^7Hr|;xX>{Arj!qHD)+Q7j=y2E`;0f zxS_EYodkCeuB>=cV|5OrF?_G)pbqE?j_Mz3cRk%ZwY!5uJQYQI3TxNj;P@ z>2rHV@N-traDJ+K4(I0tJyANQ=Lq_a5Np7gHVvb%xMwInm}4%0tibH48jGZ{R-xTo z9@)2I#nF*{P!wjX)bzr<&8i=vi3p#*taD!nzM=EAN?izAcSPQZQt<1^-dWO^zyaaJ z0erxz8$};*;9Lke$V9GK@Uu&!l%inQD(gsWH4U|Eqq`x>th1whbjus%B*5Y$zH+E$ zbny+|=xbrf|9F{n(V9Jw$sl{zSIC?>K$F$z`UgBNqmBoLJK?v7Oez3A#;VuhIoX40 z&Lj{0(SAlwEyF{u;S+Jb;;1p2tI)gEWyeS<)QV`7jApOnqx3@IiMKH2;;LAJUep;9zjrI4j6 ziNZkDLT>{to*l>F4+!9H#eF zjU2Xgi0w_VY4TPN3)jeU>#fb)_wgF*w;c+p<2ShRFMTZ@H}x7p2x_l}n#A&cpaVNG zN41#iS_%TNhHxHiwv8gi!55fsVv)tmM#D7mtfl_Q3Y;3^Oxqht`mB8|>U7ivxZscg zH^U*yV3!Z4Ogl88#Fv{5XYJkiXfhBRSPyG3zGMSke#bJxJD29m zPvDW^3*v>*jtVcR8XnHDZ|ku1YfY*n3w>J69^NN!Qa{zPE!f1JDNa9*N1IfOhJ+f& z4(zqN$wKE_{dR3-=3G^#gRJAt`rj4=U>8LEKE%}P7<3sge7kiou+D#0>JLSByrovQ6YOeZ36_tQ_R0Y z-kJYImo@K0xLkWkoe9Z{R0Y@oz&30#oQ2eA+|M^HXPq=TFm$&y8F$Ski_o*32M8KE zncqU(bL6+k6F#+P3ozOEYy5QW;4Ki`NK20dP5ho;dIM?B@%)Um&*467|HLs;8-Nl^K*$My8F$KYvL_FCL=V%A`xSkd_#5p2x12DgP z)_b&pnTpWV=1l8cnR17AajW)Y5UD&mBM^QMjC((s?)D2>i23%>+MAUdNw+;3m1 zuWEKimQ{Gdo$3F80?ld;3(a)KqOg}s68yQwJ_3G7&%Z7 zeixeXEHZRd!fz!?S3^a@nzK3}F1)3cg-+F{N5Ng(0xNO)H#8&(UE zEL@kyV!`?pL&5O$t+t=LJs1~4H(*F?vo>3=?{0xrUksAsnEsug)ZQ&*l=Cl zi=nEzSB!=)?dt;8d$4g@V$Jj0H~BFeEV6D0STp@rV<0(Mx5;Fxs(P#!Devm~pt1fA zW_iC(d#zVc*2GHa40*Akd=pMYueY{agSo;X-|TVr)lT`8%;5{_22k>#(eMZR#=Mf3 zW=me?x26Y@({;(yb;$#{EbHDv`G0ZBA4GAu9LCDO5V{rw_%7bI&Z|7jueO5$ssDt? zGK>u8)Fn}VztQlnZThV@rRK0|wHU_8S#uU{E%PVqH5YQHheE$@8%o`dS;ac3bw6v3 z;|YwN*Pzz(taq(JXTFX4PDg!@t`1F*`kqs_PuF)F>$_FTo9ef7_5HrzYCW{R`|AFJ z@{(v?mN$s(QARm**ucf zy_(m)+fWeR@MuR(God!ncOjlc@5?oYrtjtcz0=Bidy8Oyf+P-~Q@0r?^s$M}ye3|p zZQ=|4RxpsP*G*inn|L$$!f)Z~bNK(D%6-;8aMV21^$Lu{dFZXNC;O$I=hXcHg@A(x zSkEk7a~yoJ-@4+^dj3Ib*9W@xNISlsYsc@PhF9U~_kH=bYk*`JXJ3l;EH4Pv%FND`sdf`_xk^$f1-Y`pgeX*UB7Mr+xi83|L@fAMJrEMP+mFpgLOE!{q}*L1MDB) zEPwL*qqXm#`VCkwvOAz7TJPhfM6bFU>o)X?>+Dh*!l4i}!A1+vW4C9|13=#Zt}hjF zGU%c}7SbZn?+V|5y)-L=mIbWo{^WEKK_Ky4p(BOFPo@tyQyf?)Ln=Y?4H6kPZf|G~ z8aPOCyoT}~@~*rd^`-rTGa>0ub0mFUVK-$9n;Ebg{mIF?uotu9o$ZN%gzc$oruhdo zJA_|ZKgidTEPem)RxZas2UTeas&oUZbVzx+ekc#)8EPrxS%~A=Isf}w=CWLqtuV(k zR2Xg8f;PO&8n9j${<$*!?MQ zUPqo-JfQnyxURs|sushlISR8OXI{0;C-W+{&Z)p_LZE3tU_Ajy1f*l`lun#Te z(S64S9=rp=YW&q2#Hw%>Ryy}{=7))6(yVrC-J;sCACEw&Ys&gLbrq>{lpBwf0X1EN zm}PD#j$wa|tf9BiCNwKeosU%3UpM-JiWCME{7vdiBtYIZFLbOJavsj&NZK?K#$GLW zC6XLM9HVow%+JT?-4ek^y*NxCW8cO);Mv)&@JF_ww=Ex6vnNYW=;Oa75k4&6ey?3D z{9I~YiH~rK z(By25Cg!3I);?8?xi;j$Jj^QVvF6)I6$>vrtWuIH{*^vZIhizkZ+Xkb9yl@&&`g8{q?EICvgT{j{C3*G?1s3zhw zx{AT!a0Q}EswE)$1=iE4%XCU#YBn9se%9RR;yn;NX^%0%_E*-W!bSA>E0a@2qUrjV zFl=T3zmU;I96nqc$S9JMQ)QC1i`%BmH&k~}ZvP@1P}pl>Ha8m?N=_uXQ!-ZN-qc!l zD#`dBW<0ji=vw2H5FWx-LI$u=izWh!m>2o+t5FP~eCs;DHQQ}3Yiwn@iFt(@1;LB| zA0bGr(tc7pU1)ty;u2-NRU_x`VuvDnCC+=&Sk(bFQq+k4A5#BU_yKRskvjXN>i|QT zhSeP~%Rjn*1*|u%SL_083w%v})bm(jq^xZ|xADr___}wDOW#Rb;(+4{ z!15I(2VuQ$ePVsdwT^WpYisqfeML>@r7)hKudX)7-07+Q(jIP~0czyd>J{rtz@v3C zLl&1A?3)55b4EqSNb8?bl8BsI@=37l4eM2Oowb{tXWbBhDH7Bx7aN7n-IlQ4Vsn@L zCs-Q=SzG(+QqjL8s>s7zGc`Q|VqEZjEowg6xZjPzyzwzAg?ZytX$!gNM1!$u{b}9a zqtIPN*7N9=FeXp1lVK2Ki-uOyqe(fLU`8h*J>cD#R7je6WlH{Dv5TZlIiHg!NC@ zJwMFZ|3MxC^_*by#UAU;So;QRyKh@;&%lLhOs|C>!gKGKfeYWk@2g|-7Q;S8Tk!sk z3t!;Ph@r@y)w5~UxHbm%*EER=V1?+`VaX%X^k?_MxjsRt#gF3p>NxH78<2a zbeAmA*MV(hY|JPR&73C~@^F?)1|89fZ5{Tg)vxj)P_1LBZN-#Ppo`eql6_ z%(Jl+r#sU9LHK)avwTHD8Oi?U)^`VQf%m~e2?*APoDx!M)!&{Ph|>^fTLIy&CJ-(D-_6^S0P`0~dZA z+uv*9`}E!$+dpvO_SnW(V|#^$UJ2g+#=UbF-s_PJqqiq*ENwzuo#Ouxuq>Rw;(s3XlnWVz z|0C32@Jga2FrO`2G0Bry)5#$AYH*Ikas;7a^UY^R3G2#mSK4p0UYx0RdSv|v8al;_ zV?Fq(_FLoRtN?E<3xDKUK}cLa;gmQTkw*=(@o9d@(NP3!{ZO+Z#k=$g=uO8bhO(2c zao37Q3=OIt{f=!y?)~Fd23T4`M@oR0&0Z3+=j7W)L25yvI{!M%=g&giW9~0qJmJYX zT)Y=OG3<6<-jj`Ro2k-Z{i8sUxDlhmSm5RZE>8V&ki-1%rTw95$Z4)-Kl2OLjt4Zv z;rK>_PcG4juKPve37d?|96OX~hpY>dMUkNt}o*T5dZaj+oQir{Scy*XrzCDc_>efd9lPbD<BG-f4H5@4 zw#Ylbq&xH#@ciYw(SJJ^r*Jtj{ao_ptFsh$a;1^|qN$T950-2aVjV_RoepuwyV1?! z8KviY(F(h;5jS~JW3{mcY|51~1k~UEBh37O`;hsfI>Gzr$AVnS)z1VD_0eiLtY}l+ zc(4w0_xOb&<0%)ZaT>rA?;>YhnOLb48EtNCRX{~_hG_CjaMnJ=n&Z!^;b4i>H3Y;$ z+@%lblH=CTc;k5&Po?Uw(Lf*kL?@FM-ALnf6d`#jqWU;d9f(R!aW$L@fc4Wo(jLg8 z58yufhCZ0qi&|WIMYT?| zr)G4oP88j%-=e^-?o|z%2)b7z?{amou0#Ne`$OtioG~F<6i!T82;CH|u(`GRRgr{} zC3jZ8`X_P*bSc7Xw`+HdtQ7p#QNQ{`LPh=RDp&nV7`T4TrtW1za`%*I6UZzEj#8u< zINXK6dq1H?{pyz*nq0aXCBTpf*3~hVJF?_r1d+E_;TOC;dbL))nyXcpE@o0lr*v^2WZja^da{!>vqaA#OEeOd%+O|3GD8>@ys&Dcf){%y zqnnRo3@Vwi1#RD^56R&{@@4Rm{-<(Z?&SCMZ%|c9e5TGXdWLT5A-et3T5OVCKb?6% z7p0qIjtoXZ;{na-;14!Wh1tu_DomZmUui+R>Td4vV!U$wi|tv+J`dw%1Gfy{wtIGt zz`IgVb=Z|Was%1uGx)Ey8xiU0jhhLWF7mBnd<(1-@h#K}YSyT<4iY2|_IWVUx2wH0 z`bC%CZTs#2zr7n)rJ7-d)o;EQ)&`DH5LN@f5)Un_nm6VbM$zlVpC#~Icd9s*n1Y{j z^$eC@U_xQFUndN!a_!K@SdRq|Z!qQI88Cny4;4+kJ__T0v;l*=M>}-}aZyDoS08A9 z;zjJ4ocR)r&Zn+;$(@w@TJ3g!DyhKI%nZIMr4@iO^a*{j&pywgxrSUd?h8S0tcIqT z>ZYrBKWDlM)d3h32=$z8j+MzTGR=4uBqLKD=AG{afV-BFn0FTV<0NTZHLKMLttq}r zN7;3oRM_wMUendbB+#ZIv5Cr_pSf-jn#RR)yXR1lRC@9jdgN_VKFKrJ+#g=r!{~;A zku0-5<||cmE7f%}r3W_qMna3MX0_WY$8eElsL8q{8Jj!9%xA;M-{=D@di&doN*GsT zKw>HyFU=z&FM;akLg5|7w_TH)q<67T1lhy2C|ACHwT}||1|X_bBc(h(`x1XEx-122 zGxfhgJK5bI^hO4i&!%7~p!x$yqGcBd$w;v7IsoAgTLC~){eO!qm6`Zp-37#OiQoHf za*}ZzID+vhHuMIkAcGqJD0!VUZK!x_;$#Hu>h6skB?w~UPY%`%L{MxQ6@Y2N6T-0K z&yxA+`P1CQB`vUO^R)Ic!F6@{>wI|+`XfE`b-#Z;=+jPLq3A9QS`y0V5m&xRCzjPS4U3d_jX;Lj{Hq!IMx47-Wh!svC*3^H=h}Z7#O~6M60#$ z!yPVjU;o7s5e}Nwc-ZdB77Pr}alX&KX~UHpG3+sxQ%$fojuc`9I6BGPJSOoJyi(O& z-SZ-+8KvpwS&q88&2#x@B<@h9@f{itlsF82w}BzCatzl}$b@5qi(xna_5g~9!a6Si zE_+Ku@7^ETR=kxtZ8b{LImNPa`d%JP50x7pAaL^YsizT&Dn1)Z-qH$zQ!2TFHeGVf z&84>Qvz@4+-RH?z3^(iU|74-Bw>RngcH41Y%PY;1xDW|4W5Rj=Mw>U?g}0=R!N7mJ z`X~00cCWgvk(uC>-{suYE7{u#m}H+#i>G<^K=Xs|&F8(=!0?Qj>P(8gD1xXC!s_#T zIndXInW_`JLj;RD_C+7{OdG+cQlU0PCF3zo|HwBL`LT?EOQ`5`ZlyXyk9GTMe~G$o zgb@7^fES`KlsIGwdXI)c>!%_{)4CRh3_{VJo*)7D2kk~bC*4LAXg1jmSiN67<3Y)j zo!$rBlo#2gsrJcis{J@aweMu8_GOo90qan0RG502Y99vG>d4=BrrJ9&Fa{zffk)J` zI>d;&gitj{4fuqF7RcgZPJclyk*u>%Q)3$l)-J}YHT{zV?ei(Q?N`%ISsnvnlOxCp z4^IZo(i@1jVC`K@A&|d-P4F>Kp#hfJm*%6%&wv$JPjrO&USVV?uwRcyePQ<#>r|9M zrwAZuhHAtOdTHd~%HgGh^Z^(c&7txGpW()ZTsljES*gVOaxp1Yq! zp1sB90p5#~!Q_umnT2xUNdeM_EM+9e=*r}s8DB)_@6Y6)Bl&Zjm73M1p6FT3|8%Ey zB!BxiQdlg0Fs_`6Yc%Z;GC0-XJzD!x9Fr0aEI1vArtFYtZpfgC2$~@p4Xi&Mh-M#z z9LVz^r8zBwhD_JKbeKj1%TWiSX+9*HPhp(MsnkcT@1-MvW}>-%HCy)}nC2f6)9*5v zxK*()9SKb1&GiomrZd>k#n}yg>>)ADaWPd_*q4stCU!m<#`+dwg2j4xfGt>C0Y^5* zZ6MWyH&%BSV{p}AB!WD$13z59WA%uQnr7irLI`{{&Y^hFEUcDloN02dn4wy4m2BkV z@4fAKAIve1tqJg*?CYDC!~Pa_hBQv{AC%o#;|^BZ0qy&djMnVH0`kecG7OIaA z3@lQw92hu6J#%2-F!kVpfg{wd2L_H*)dvQSQdc^G6yeI;Ph+jKoWQHkgTU&#S!$NB z9=|@y;{u^V6>E@eiOuD!vEK68-rf-MSYE97dD2gH8^4}%I)q>0q^Wq<26i^M$^c`X zn=hn68YNXPBWGg5%rl;HBU6ifYQu-pqSlSnhlItRz0B=N8o#Tzs_{RB?3*5WoZnWGwtZI{zJh-n9RD-?m|UHcF!J)l zX2MFqWi!+rgOOf)QVRmAatbLHdPk7|kYckYh=ZiRe1@t>r@x%(kNm$%f6)weL^}ON zO#jB@|C{`g{`Eq){F44xhfdG-g+LR7IM42ZY5jC#;xiz=^m>n+8f2uOIWVSoieoU> z%}D5t9B#~Er24leWDwYd3N=rjy2rMJk8wUC;}xFBabY#ije+vtX3a42E717ZdL<^I z@JG|CkYtW0g{N?`Kf#IK3;7B{*}#<4u)^Y3tWz6;cNK21pH6%aqMyo$0tmii}s68 z2=_#b&M;PADYt=!h1EAZSjmtpKOnsVK6P!G^7LS_eOc59{*aEJs&+s$aX>usV`Dmb zE?F;m@(y5jo-rrS7I67gXZ)ShPs8dLWkyDw(w81GJ=dRLJo4VH^hmJwW+cYK=TVts zC>EX)uw!iq)E(3xE1-{L1tM{I+O%QauIlqpk14x)l;Vv_|B3Bp`={-RoGTL}Pdn{2 zgQw)0)kcQrEA_6PDAu{544C-K0_@Y%wp6F>zut-=09y zKC7FoATu#R^*K1TwnL8i!N@AW7vP*ZE1jA1G%Oz(r1jl0?CAd=^W)5w$xog*gWUWw zXTH!+kfD8?`$_*LzfaM52d|$K6I6X9Kkd!b?<;2l`rps*9$?mH-`SpS{g(d^@f_qNqP0_>%7Qb0EI6H1rSPQ#wb%$M&VYD#$?bGESg~szk-$Gbp1xAZzYVMQF*Y za7EA9o|7Y|)9RBawr6Oxhv_TwnwwMh`C+h`;>7m|7k99h2jKQK)1Y#}a|Yanc0h|? zaR9iy5rw;JrV)P`=E{6$y#xpxr$H)I@_f+z0}=H&Zj%4OKqOHT#S`hQy^j{8L`o$a z7w9uZ{mC-Bhq(j%u*eVPt5AmJVed|4FD<$lP<5c~$Y(H?1`O8oYA?y}O;dzIZ?MAB zspc{WfQqS~_*KpO6az(u>08oZ`?#e5H!2m)Gvi~-kG%GgCI5;R@Tn4%MYyjS4-wFb zi{$n0l>}_53%m2%myhdZ^-AIbLJYOT{=<4**eeWwk(cU)iX9W%Umkl@g|PrroH`#x zm4ZUi3#lrMy_jrOi5nV;Ru~?_{U{w$Rbg~zNdI)mr4>dWhUBJ0W>pwRFyu=a8=P0q zsW6UV$h+x~aTUh#4EcLHak=bL<%A7+L#m2hX)4gN)cU04pU}ZW`>DySkOJ zJQ0gvg}5DRtWJZy^G3R>ufXcX0S(sv1Rj~%rKs-wtbQtd@C)5C>H_h-=lFgmzE>UJ zBJpiYU%UwI_#PJDGROBv@m=fq2oqL6bA0!UZ?@yR zN_sP~3{*28E_DYYL9{}juyg7p874^NX7vB)a_mTJpI=+92FW~qdcsG?&DNL83#X-gzP>(VN zrEhb$siZ9#7x$AIF`?*R$~!h|%EMx-76guY)P@ROCeWitk0;uHb2k}Av9W?J+AVPz za_o4)SkniMkvaxL=xk#X5MT(^zs^>{!G-8292kH3e~F*`U*b>rFY(>~OZ-Rw_~G(x z{x9)=$ch(v4sU}5Yad4KE0p~pCui;o^Ha?c$OY5|BG|&y81(Tk)x3n^6Wnn6_$QA7 zOIxOzml7iNs*qQ_o<9D?>tksb->21K3%K3EU%Xz9QN?w$gdlA45W39upLWAfWQ1`6 zB%Zpz%J9fund{S!`8)s^bl|4foCdlCrWf8CCr{z$aH-!r=<4ay;U6-*$qlDZ zhwotcJ{J#tI-H09>fdfSef-1IZ)^f_?Su>LGnH!gcL!{%3rnAdcnCiP(C?7Y1{ly^+)K zQgR4QiWgH6fF_^pLr6eV)!>@V+@8Y1Z*o76c4b_npHg9*5P|HX?{e>yK2H<+#3nCb zbvF(h)C~fSbDx$qI0$rn(_~-MbbqS34TU!5AQswS*9D+uTCtum`Rmu90suTJtd_`_ zf;NlfSGTpg2dvcn3egopOvXnYoJ~ zX8#f>Ew!!y9o`vHRO21Z)-b0zV7o%jrUl>wJ`s{z|A8VSs3-Q}i_IO!jj^n|qP7a$DJCE?3I zJ$B8OC5ZDx%8e6TG^w>q5v0Zls(@90n}Z53t>M*XHbv?YLZlvH(y%&Cx*_23f*7N$ z`a31B*8t2vJUr*P>?sSZ`Y|MtDG{r_l#U+Y9`SmY;n}Om@vW6HMy;AE?pnCh{KeU= z^(fw2vn1cMz?&Dmz1^B#P@($4f|oED&_D9TOL6ZY(=ddXs`2kKcG;jDeRjiIDP$Ys z9eZT;&x*T6!ncU~X>q>*cf7s~CE#Cb9aRES>jL;zsCI;4abJoKcM1y}C}+wl-Fw^2l<6lO<$$9he*-nebLkKsS|Xp#^VmhA?zcems+i zFWVNDr?s>oQ^53j)6bA?`n^5!RGJEw_x8?#$CPgnvsl0iqW=I0D9t7t_NzqjB z@lP8PZswVuy4sDTkAKc2S?x~N59na@@tU;jz^S#VK21x9KQDb|R%5eNh{;I(9tJ$g zVJ8Pt*X5}TwJ)x1zcBuM9l{5*%3SAsHQ_l)m1-vIS9ibU_}b`O<@%nbug3MY(6>nY z%=NNXgBdIJ6x7F&zq6KW!u&2iS-~ySKI0y=pk_3B-8MyX$C%Bmg;q52JiVe<(G9zgWwMs zf5?Q70*R?>bU1ROuRWy43-1m&smWK>IZo<7XTs+*yx0lLDK|E(PIXW|?FOZqzbDFp zI^0=`o}vj?KL*ph1F)*6Q)xL`ZT^r!yM(j(ouSBiKz*Qtz$#Fz9$*w)LFz?PST(;V zYek3o_`z_5h^K<@ss}g8;4ogyl#7#?S{|1sOErH;-%kWRh5^@L>I{kV8E?30Dpa`! z&pzEv>%*4fh+&>xI-*_Wik4RdWxh&L`|6%EB?jF2wu(8Nx%LWZc z8gGN_!6tR7qRT9BJY9`^`mD(QZw*74ahEjPOjg zRp<(D?Q%4y)=KHG)H&%em<~-X2&v&hl02-+hCEM0%0UxeVt$r|;8cbFgmlcGTFX_W znxUyOvmeRCgLi@_96DaoA9?6_N&l^IHe7^o8SV>^Q)o;JSID*Q+fZ4|V~TW&`*)Pt3`&qzKmC?4HeaetdJ1 z6OG&4Ov}}8I;14}L1oHuDpjKsghNWFz!QuM(VG}JJ_lVpQ788UF3dxY)ZwAky+~u8s8SHrB%Oc_IVN^|IKAj5PM72Psz#5Lo;t z9q>n%&ep{WImMF264qPhdd^p#Xg{z+p2VD)SvdV11|FT&&TsVugXTOZUVq@Kq=lWA zD|>J((}7N1f#!vcCRqx}V8lsBlhGdoRrl+J$f9{Zlrl@j_NP=S$0m9A(B1 zhhD;HpaL{QzPWLyxp&dxL1s6Q$N_RZ6U)ZDV(^*fPc zg5|UC;f^x_wFJkhx1b5^UlG9VZvsP^8=uD3bdcT`CmumSQ=6e&O{GO7qeIB~4di z(;*6aq(Eeq6Zt*`)GTMFj5#_F>!rpogHq6(#%V=4g)drrbYW4sdL;5oVb@B@xS?TT z*_0JwSYd74%!bF49;h1LZ@r*tDu`}>ZSyHmLDmCSX!P4QqUa#M;N9&cn{^=Nu_-_WS3Lx$|GDVP ziTmL|+-)1Rnc%xOli)_P$M11u|MdK>cqk`K^yP);K+SQccU?3q4`3TM6TdM3hcP7GP6Xqn{>_+86w zh|a|%%_c0<_bp)}9~TgZna^mhe>`@~rFa@_(h3;Qh<)c<7&b;>R0xYTT97>PIK8K& z!yZPMu>xL9P`&VW2hJX(g%fuZgd<9)<+Y#05_n^He>Vr$9LJ`ko@3O-@UDQB*aRC2l1^XWqk)&%*B$C4<^RyjzBD~_l@xcYj+|JCRjoSt@Y?h zAy57CX_;b~_C3aLZp>eS`?igfy^Ym5#!pU>OCf+d z!dW0x`)gAu>BwL$SPnDHbKV(!xlOtp$ye?KUS17K_Qsia$$l;D!ZVse8m|hRe^mbB z_k+t{0OY78-o%5KVkuaKsf#Z#YkUFd?5Tp<3>n=b63|h$7m7L(V#D!8Jb?DACnm`ColsRxdqo=hTu|%(79?C1qo- z4VhezJuufRb*#~msZQc1oEox$o4~l(#66@k%(V*rBh9;TZprTGMexCb3T~KjaS5SL zVmwsxI_KUqllueGJe}&CY|;JC*9A0Xk=-WlI{?i_4M;M&_&_udIB0H3quEL{H2xG; zCj%arn>w}0q71q|2cnzppj!lViJz0bqequW|N9abp>bUPto3U`!DjF_GCf!YJP}vS zk2k(?JHYrWT^105osE{Zz(`3{liZ+_GU{F~l7r^4__{Wu_PJ@p5Z)tPeZP*4B96TOy18Iqvp(&&<8~!R4ZJ8!BoVlViq@ZVKIDZj9h|(6@NtQoow==hb)#>(6)+WcY`u zC~Qs-SNvt*T7KFP@~IO;1}rh#7_$R0Y*?n*?Z)g3_VxW40o{aaIM&AJ8 z0?8j4DPY2$rMpWS5PUoI_f#_pNl&Nv6=vOOKIiDp+V4*kcF|=&p0%Go?qKnDjC=hK zz1{*oJI1YY#-Ca%(#l6}5NTzWa2@LjS?^?|#fx#QXr`sbCu^T0EtcALl}|}}-p6c?=&R-4QUhWWqVqs(dH>xlH&HhI^dw z=QH6HVW}b=o@&l#A^!ZRLt=qz6B*$Y{}O-lTtaV(CKx;*9h_C|vz$Oyd-uZ!R{I2r z*VVp|7WlA!=lG}X7I%Kb@&YF3*igN~>I01g?{%l;Z($_x<8=W}kp_oVYJp!Z6FBUI zBmE(BguLd;u)09PXsGRi4jGphAdgbdLDP>vNcsW)J-t0uwk$K$Xo2-5bD;?@g@Q$q zzp?(Ei?mt7Iu!}@rA|ZYu=-LWDSSUkYxIKa<)JDDGG5%3dd>-wv|BBZIO$J5RC*b2F&>oxr8E8Hc_7ebB-H6kvjS|~sd-IdT*3+ONk zL}DnkzCXe`nr$Y zFDqAruI8-mgC*&IFO&IOUI`ZCWA+r^=!w2aex;+zHPI&~DO@eCsBLmhv(t=mBKKk` z4xf5=flSak4hwOF*=87D==fY$XdL{+DqrY1lsvYkV-`TI1}3P9(;Y6aR3GTc($y61 zq`iRk6X^*JSm@kP^4nhc4#(yn?Nk7X!-F!F`a6u#Xm;ULvbupJetbG$J=)pe+5y~a z#Y5y47&gv$&)}EZX#9m5|4G0<)y03Vi>_*7ve20B`rO=RrUN9m`*m&w>D;pCAIKG2 zMWuxHN3y5qGH1Su@!*s71f}x9VQ{$zA7r@$P@m|O!Wlmf{6N5p?zj6JR@X_o5YwgU z*M#N_Oh&zjGKN)ed_g0LSMlqvSL1k}0$xWqvqCNIFOq7=_3hGpYjS?J;y~qJg#8{| ziSjHrvWw!t+&?*q6a=FD!znIYYN{JfpAO%_@D>*jeL9?~0&0yLP9Og|FQ3t#xGWNa zxS@bo|0Ch56!b-xo>xtNu%1_F7-U=J<>1 z^glv|@+CTEIQJT4{gW>h27H(P@wnlK>>rsgU|($R+-!L(yKIPb*@#_}hvY=h zwr$b>UX+7(o>!F`y95}VRE)5X;O0wt&v5v*iA`-E7p@SQV4lp9^NVV z(kQ$aU7e4ltfuLAN{y(zrX_2)CmVlKtH9KfB>oWkwxh&~i(p zPeVzjMXV>;0}iY=^llU7=He(W#Dm3d^7BmLIUixU1c@08g)a%1shr5McGzbx@S7=b z1b5n_M>n;y&XpB2XNdkUOk;Ow7qIGObEh53<*T`V#_D{DybJ2GG4+uwOA%h3D+_Mp zKW;sYAUpY86c<(b>mM@Xj>~b3fAiBkzF!`KNTf*J3p8>`cxpSOPXLhegTI>91rUy} z1QsE*UXcl;wgHg9*2NH5p=Lwz4^2Ul?5_|IpKS2ju-Fs9ffTgJa@;ryQF^(4w$WD)jJrU%pmK?K=2JVyV(Ipg>vUW$ z48w`W*%)?3GVG=ow{hSF>wX8^7#Kq`BVokvWF*W0rDHQx3G+YUBD5w9Yk@khHRiiT z&^^Xl&$HPuju}*>vM6R^#cj#)ZjtBz zaFLJfTx6?1UvQqnx}4re`li1Cjj0MJ-w{6C&9xr~4A7dZYwnjnSrcKm?x z&m#yLmB@^L%DZWwEZ@GyF!u!(&jzs${^#!nO8zWPlVvsSG&%_4#B3%+$NT0K_ zy07f`dQ%O5>b=Z7&$`A)>;bg7tbq6A-auP6j zhsi{?SYKJ6+YPcG!0R1m%MP|3wFE&sePCE+h3#3*(f#rPGu zM9>(N4iGM}1NhLZZ-C6)UgbdV$WY(|PyxZL+zS-OnABXpt3Y-Lk#iAi?g2T%$uXhH za9C$DylJ;Io1m5XLiF7rN`uiz{kG#2+cVaO3NIZu77IZS%(zg0CzZ1ZEPPP9GBaIG z#+zZ9M<$BMkB#YWb*h%3a^qZ|fm9xY>pxU(uTYI<&qkRGQne)cFXNoF@A~964#2gN zo!?qdZFyHjlRX`mp^~V#9V39|@3I%3;IqT?cAY)KkC%S)YW7NX2H;{a>(kfZt7CfS z#DXPT;V9AJ`yFG{aT5p!{4E= zPX}*{TmR^+x6)ReihbvehBQDV0IPshufd~j(R2NAn2U!G`8l|6f41=1!tZ0>d!yL6 zMo;vA7wMr5ryPUF%x`N05|CK%?u~U@BOhyJk7e)rw?*C-(Ny*X!T!ZrzCRchB@C;v z7WEQZ=%88Ox$_T352Yax0|B`dLyzS17zlJso&V#tQdh8{8L?n`At-e{4yI?VdI140 zm6>}lkKn29%OXdjG51~+J&aONkLpv%W~Y?7%7YN~uZgbTo^x4u*tf;of5jkbH##JRnMy3s2BT3@MB9aYFELc`Vq-g~%@ z3^w4HEV;c6xMb}o?FUt+V8e9Dm^=J*12zz&6oYu+=%laOiQcvVK+<*C7>^4;k0LLF zvJZsQCG7)VDQTDJ;N*=UI`ShO-;)qfyy*(lm0rOwFbE3lnx~NwD(>yDYqo(O!Px^8 zjve~vT6m-BnfyiMVR*(96E0+7tU;#yqVI|=6eeuwQr(X@`%i-Tv&iBZ>gu7SS6S9K zB5JlO7CwT2>KkEGV^{JR$j^sMm>&hW2&NuptHU%*Nykl<<+Ig^I@XF;c`yNbJv60S zsQxpIh_PUaz5t=|lj`r7sA%*f`f#!^T^~GKL0hPG5p3;~5cS;wAe1I;m)({3>Go(t z0S{;ol&W)kfSsYq^W@I|c)LZaiV{&^4I2hJgOcslMUcE*BRT6=eLE3o< zH*e3A5VK{=QXcRhfM7xAqfE)Mf0oxY)z=h;QZ);S?DDbSTMz&>{y^gN;$M;Su19y);`N}7pwhdc5%xp z)Zlb+N3*y%@2F5`9*jjR^*urP9hwOmh@D?=BB8`iH`w+PH2&&q^x!whCW zq+E^HfmkO2cIAUaw7>W>BiaR>PO=9TXB-U zUp@D0)(T{`7pU%3i9!)0^zPhbfd5Z2~zUoQtiBJLDDcsBb+pVj0WZMJ#6h)22n z$QuxWIhCk7y>C42Uy zeM4vfF$dY^`h|7$qCFu@%e#}XjtM4mmbw0Bv;&$R#uR1Q=&S|v+_hj2SqnyQYN2Xc zt|;!}P^~+!qYniS5S9`-!PWAv(5k%{Hq&ZGk-{To-I!1($y#f6#ecL@5Ijqzm4jnU z#uhjiEl{(WO61Hn(?P4{Zh>F*M?5+KOZEZT0%L7|oc43L3)Zg+6^bMQJboA|Oc4m2 zBjGezcaTBx)@%wuh|jylY9Ea^%ow}q+NK#^D%&)L{N_fw{8peS*c_l;n_ic%_P#qB z=oW2(LeW?nQy%qZ^wTEaa5+Z8d&lZuARg;WOjuxKucA~#pxGj0-7Q^H)N7r(Vz#HT zuPijsooF>aM?n%^^P&S+DoL z40W24#KJG4R~sde2?;lw9agXZlA{L`2Oe{d8{^!V)MHDKsah$q0qZIHtiLS97ZT4A zU7!pN6*mdRzqm`~pZI#hW-Hp!crxtGH zJvg@VYZdTiee|{f)`BojQ(U>@0vdL&`o5WF5-?$M=>mDwBhww3_X9W;@ZJQM;fBXk zh9&UvhF9IQn*D%L7p#2|esJdec#Nw+{>5XQ zZTJ_DaRJZL$4iRL<^arC-2!t%VSLm@x3NTiYYLRRq4kbPb-^7#%aeG#FG#-^g|-@a zBFP|TCpIH0)e)k4g*hi!n}g7%YkW;p{MrP9*o_F!hJ+?{raES+%qV^$`dJCh;YIwj2 zx{5(@3E~{f5|ApJ8aUI0E1^*J{>pTZjAO2YAnVm4qf)h9$5{`p+X|}+ zVN1XbU)CeGiV8rb*6wcTP7foOx{<+^eDb7H{bLae&sMChK|sx_hw$}z4o5LqO;UNh z0h>kni;H0kUC2^|F}PCwawMi6$aVK8FE?IH6Dt>H#-H#3e|k|`0ZaL0neloWf{Q;F z;vokjWyI30H^Gfur6ViVgWE|3e4L4^1A|APx}npc^E9ZDaHA?!zb5G(WF9xVxyX(C zP_pDbMxS)RR}5$}4o?Sg^_93D_1EWH5H@ngX=K}Xn}(0MCwK7?)<;k|0wB~YD%8tD zk~2%NkZRQf#(7 zAdVrs8t#&O2ie`N_L}!Zj3)P;qKDzp?XCW?EKRWNwcB@ew-V-iIcUwEiJt8>TiFk|if1*h0Um4h1NdT2(Yt_j|7X94rH?O5ai1>_ zu(E2~RT@IO$X+HQv!t)KZAqbV>tPO?FoZorDo&ns)(Wx(ec==oCi*N8nguSN&)3mf~H!8LHoG=?bTaD1muBNcJ?xZpEf^7z>M1a@SkzlHptt z@6TYeiuQ4U*8W(4Vq=OtOHRWJcEfEk^w2c9v}yV@yi^e^YqvdPQqd!^3F`l>yr1F& zKW&}MWC1)NqA#UpF&w?#%BBb5ty%A<$@-qhLy(Nxm-tG)gDTS1`F8H;9?@g0YHi(W z^i>6sAC0~$KYEfG&rcRgmnM&?NR`vX0e~t}l{Ah8u;`m+yuc1x(;+s*)B}2{tbjlj zCkmeGTr3;an+KExybT32KRQW1Zr4B`-P8TdW(W~uhJULgX#&&_nEh9`?#D82m zM&l3G&14L)^>ndCj;~Zpz_?ILTm#&l%OVHPG25Z9k<)?`Ffgok7JhQ5Y3ldp9^ax~ zwy*9Ttep_ZbLI%@1TMM*khr1R!o@sdJjMr;%XK%IfM^_^U zN1@*U560*nxDhOJ7Q}bepE4fJf?uQIFVBJ}{;}UfmcQ(1TtDVP*&g5G6IyJP9gmmQ zLWjQPPjGjP-AC#Fu(2upM2EJtNEla<(PLU3rl;k8`Tj<}x5{^ee7EqM9{;*NhtBcN z|E(OI`Bd|p`9=A&)r2o(cwy@~Wwx4^_MDY^g0eI9%AcucZ?2!E0aavlshH{uP;SpPz4cADtUL(z?_cLemQ( zLq<=}j}A3E@{@xrDa=Y$$oRPwFJ+aBPAA9E^n&Piv!lT7ZJkd`;RZ5zALZy3tnwn+-M(Zm!{fcgy*Er24 zF$J94YhKKaC>GGJ#Nn;S2~A=YBh>29hKknRiPEX}CD0#lppSprI?6gO+tnsFl0N>W z);)l)`iCW$;ukIu-XoY-_bKuZ_HE#gUB^5A5Da#=8tAg?s8?$>@N3uA zO3C@P<((_5fg*Xk=^=q!i?6kcZqO&v)1P{Rt1VTj`vCXF#Jfm{rT=2@?* z*D)uc{5Ro6lQBi*>Qy~OVEc^c9T@54{XKkv)%xy~yyQT=D!*X@2 zPG1sVy2XZYdPK6jqYH%&!NJ&U^|Zzy*M%z70*yG+FS0(v<{?{u^;a=H!VYQ#^aeNb zQ%<7zbButl0oy@mAD|zJ`_el6LkGU|?yU^{QO5ImAKDJJ>V^X`506nY4c;lfI}gm{ zoTc;p5NktGeki>Yf5`L^oqumT#>EOSd07hge1}U{Sq@{q)a7Ay0EH_v58Wg+)Zpp* zsC4|zUE+EEg1aGF9E#f>(VwcJ*cpY@Pw^#>i~}$4hdkn|5()M~KF1lbbG*V`NTjN7bU3wL_yC2Z>JfSG7 z{&d$ec_#gYAzATsr{me5Sg{}o?IG($-mRKn6e_u!%r{v30`TA-ZFl=_S=~O?2EWQ3 zC)1MF$X|yLE8dOlvz4FRCQ=CY@JHjSo}N`}S0LP((kh`E%(jzx&z;H&7f0+SW>~j1 zQZ~BgHGoIQG(9m3AvNvW;iJ;wHSUOt4z^8#STYd?^Gren^K8YRzSHx9eY@{8C(iRa zlYca>bCeoc|4KsR=#^3(q@^g??U7oLrydaI=<5*upE7Js5Eeifk8mv9J)RFYy7{=^ zkZx^4dupFsONRCy{Zi;E#Yw>CcOnkg*38wj41f0r45coh_n~^Ga3wR2y1$- z62YxQxa&EhTsbqNE`Fi0%gxo0;?u|-ihq`LSSWcB?C^q8j6E)tQ|@;b>vF#h69V74 zapkI?TW%(D%N;#D*9jv}+UFun!P)rd zx_;mn_kYJf4@nM*pQf&z$S(F6?HJ>n{!aH-X{N9Tz%x$6%YAxS5WigL(x(sf)I9jC z?!~Wg?0`CG+vo^rwBhy6>x6uvY<`5b4Hl7L2x+D|DLXBctFjn`em@cTyJy36k?(Pc z*%O!A4|2|(t=^M7U_S2??Z5_Uf)&RBd%@xo^&G-bsxz(4I6VEm0APFnc^s zg0Muc9*I6HbY299agf*gVoBW1cpE=@p;TtDJF9SSWH+=wuwlbdMuGAELE^VN@whBC zUKhzxL)7wl^e>rqy8XeQ3*aIBA~eG+b^km4V_SNpf8QC#Szj{Fj&+GUX!_khkiJXY zLDO^A%PM21{JX?;N#BN?t(q=nbkZ~Kzm;F7?^4E2>AS=oH2*GT?3BJsoSPo~#l=Wg zf5o^Pcl_Xmb`9fuqo*u!b!s1pC%lfAl$kzWOVpg z5{hRWW%k>M=j~^Nbfq@cwO!u=W^h>XXT@(j=a76(>?vK0a&@&vPm@8{XeYE58)>zU z&1}~>yUB@m?6;@^@-2~k`3`DW4H8C(eACUDqu%JJbMB~A6;55>4mMs0gz-A|8L)T~ zli|g~x0CpTf+enmV50c5#ATi36P?z3r&b+ap$7hu$XWg4jOoZoxS#PNP#RR+!J4Ih zfzXqv#e#NWraZuwujh(PW*k`x)*=P^6ZDM@Nb5Ef>tOohZags@EZ*43RL3@+|$&@>$E)hUh1(sk(Fw2Pu!~yx6L&O z0i=J0r)d9}oX9ikgR3#2LEki3dpDx0ys5{COf8i}P}Q4Vp*8~q?F0qajoM|K+&!k& z`cah%^_UJUS8olM&ceEXqBvT)+5a{%6Y`nc1tw6g>YWQtahP3Lq4U5jb{29)vq3HS zR@N3PWlU3Na1f1?guX;ybf#gsodiuCF664hF!}QbH_+II3gG(0!|8xe5TF5}zBuen zBF=~1wO_~>h?{K1DF7)>B_0LsWX6i{Lw(+d>?049ehItcl+3mF-8FzUipx98IZ<^I}O$r^>!;ZkER^E-473l5gUC$XxX=s%W zrKy$1ax`TflIQg~+}FW?5dBEB&os8rwdpqj+V6K8X$o`}MP!pP_#dpL!L)ciJ6bm$ zyPkgm zuKswHG*?z*JL?q zZ#V?u*79LGHpbS{@Q(HN+^*6=S03lYW96l#gXsmYUJo=%{8n%mtnOP1ffn-EZf3jR z>eX4=2z)ZXJNS+yJV1M!ZNsb_yN1EIxu=DFwJe_SLmdGEIog5mW5>d*iJK%gi#4KL zvornz2mY{b7j*)kzh}%^nv2U4&RV^;j z)b3*GECar#g(+*Bxg*!ypS!3#)wYx4%=f=Wj&BMrYYISV)8D=W(z(*&SF}9E9Me}|H|CdYi+)x2Hp|KKMXF%@ zjtyo^#55~&P*{D8(g_!gEY$V0|0JdVEONem3rlWpggKgI{|pVShTPi(?k^UdY~JvV zC$iH%wd7xmX4qBVTf^4s)X8`BCMH`HJ_+5L4-2Q*Ls z##FMOG0Tk%s}pr8IX!k#o|g6^Kca^1YNvZ%iB#B6N+nW}X~^IIg$5m~6TkW6{;WBGTtFq;QsuSRCi3iA=9Y z1J>W|6`WnAFU(fv2f=U=kXmn`wTf_$Xy;=kx!HGSAw)REpv6L*v!u&H{tkPoET zZh~DyFKl~#uz8ZF5GYU}*nO1rLw+dz+=HZd7zFETk1T@pb2aOVxz%WKD}$EGt5EBH z&dl>PaUNsb@5X{Szmc}CRN1*}^SL?%7L;jQ^>XxEj-a=hk=hWuYjA zF)1>6bHDc~tY19l+a8#}!N7*j)wf@R=am{?xJ58{#ozFAh@1+G>4|hW#q>IS_-yqk z7ACTbcJv7CNlT5dUC`9psYtH=g^_{6Tgv{$(s&(%_!qC6=D5hwn3+A?UdDSryIB}- zo8iNL!{Hf^0R`A*A<#g@*s38CuIrv9q8b;GP&|3!HCR!h3o*u$gV^7O3S0Ib=T zV{U?V%YC@w60F4uc`9~O$`gGTS6PG0e+Pizx*vNkhr#A^mzsh$C;0*nupdBQ7;l1H zurtcjwK-TtaITMWJj?j23tj4FP?CS8E2xR`85LTEL+?Uooz zyo22|80fkP<%t4BU_O%VBsDGzv7kK#)He*BAukP+%VVVEW58i}`m7zW8zN>o1|SCz zMly#77t}q=Vh7Is{yZcch2c38NQMAu5y7Idib{DILDrmaC*41=32Us2sI z>{YvCBixOeRG0cnl0lPQMz9CbvEYlNz_lJ>A1_Jg#>-5GE=_{wnT_+)Q6z0F-6y33 zG9?Qsk915ZAx2#{JGciE!5kMJ6d{OtmN5!1PU)IZ5X+4<29MY?P8O9T9#(;cJz^0b ztQ`apsen{wIZdeBXU@jc)KQu60^ZN9GfzxH`2;&7%|M2!_o45EL58;2WObOMJdr;U zZ9t94pry#x9PNodkZjUfhB9&FM_fO$*>tX(KtVd!lp!>j&J{YG-8|9PvNHd9I`j29 z^LusXj|rFLX61Zld|v|h=~Bi|x;7B(-~5zWgc8C{BDmaxSp=yjkY8GU$OCV1(}-P; z1-B>QaANTjDTRVOFGf})PlT>NxnL04oUH9!{( zlYwA*R41rVT={S=#~8tR3>O;i`q-JD3qi1gH*5H~>tDvD*V7I>RS*va&$zDeML&R_ zab4m04CA5jGcFD9vm3eB$4aIk*lc}DYJD!YF%{dJySR6(JtcZMukPruV*#vivnrQf zf7r_YYN;uCo{UX!=WSK1|1>gk-UFD1 zN_wL(=IFxteme*M_r(~ZO>}Kt?ygcg)++_EP-Po~|14Yh| z8+kJ!kHFwVCZK6tr~3wJ&E3Am7r^Y%HXQdFJ&yq25S#DR%LUKb>r$e&wtxZX!Fu=R zOJtOALul+zLliK{J4UXHqw4zPi^gGTUs zyUC2BiM8J7pAI+%0f~iZ7>x}j@)*aYV~=9&EW~zRuW_|4rh_o;$iCdVVo ztbDDsVJDmC-(D!OD1*#z*6Y?wW{C$EQ(m8oiKYko>|$8{fLnLqG;0%u7m^>CLTI+S zOqc|(D@Ko-jg`aG0t>cR9g>T{Yjj!*qRQyslOrI#`n85g4#MuP(5O4y>3%S=3(%10 z>ieX`p{GcR)^_1AFW|51_&{6vieJ$$GAXnJ`!Wm0ov*D|v4US(R0KWRQBdU=SvA=B zo{OT1MuX1oRGl3pv~Oc=8b)l|*7)+8B^)Bp|w}BrDh+&20 zvdh>$WcBAD#E&_oD6EwS#z;&6EB*B_zzBf5EY6ohv<;}%%TVgzq%F98c)mRent7Wl ztmoBhQK+q*TfFNjL~`OD;tAIM3{6pWqAvKgZo#jYz6(_v15uQ!95r6|W#Uu-+e6EV zO92;3W^FgO_-mjX$5%JYI;?hctFH!Ha^l?r<&teuZ9j7Jdm^X9AUW2b){Zc16NZN9 zjnc_^5F>LYs8H`+MYNO&4#0|a^!y_K!j~)5cUZxanRFx`$NY)OaQFUbpQ@=+YQsil zl7XsowJ(OIcdPN}PuO~VsK6M3iXex8aiVsNGzwX@?rNUE6eK8UPRoO^-z(ng_CF#} z(d_=muw%Rz%ik}l{fk(VQTk8IgD_x*fII?(!;7P^w>eOXLxLU%bLQZb)>oHYnm7gJ zuNq{W$?{B0`m2h>88$XEJfuFmKvHq%?T%NhKgB-WOtlRxTgFeYb`!v@4m54Ky7^2g z6c;^h2*nId)$pUs)lt%qI8_`bNWnPu3*dlg^2O}3dR|jK4;a=;tN7J4!0E_Tq&~k= zO_%&YkGN(eX&9_@J98xfEOB5#rq~%|rwyq=x~P?Ej&^A1ra-;f9sc=5Q>)SnB%k*T0~aZZhvyWtxm6?hFNO1G#JI; zk*h!u`Bk}9^DERE35L#1^-sYpxrB!{y*F|x#HPWzmzRh!)cG-5r+T7=}bOkkc>q<;(+%(A- zGE)llQ!pGwY(d@EV}zG;%{vT&2Zw+WQK^dZ-C9ORxCE@O!3eP8$x&4o>hc|C#C7>b zI(dmH<&Lf;Il_&tP~CLddBgz<$9$#FZy?^Dr0znWq9jvb_gR%_>aDEmUZHZOugNFQ zk=dcPLuZ85MCmxLMy`Rq^r87~VYnB(Qg+2dt8#!GZbdaS%C zdEsOUiDyHpw@9;63oSicGoYkl{4HJd9?5fz$I`x>6)G!;MVOaxw+w>&DMy=C0={Q5S_8TPQbi7f>4?rcq5au!1D2 zFVG7@pV{+|@Ux$zI$<^3sTBL?XPN%l7G^T`4Ae!b3?zdEq4DNEZO>>pxMaI|ZGWJN0HFl?cImzMaet%9n*H2v0#|@ryq`Qbp zXKoi^H_0jnoGL=Iq*#hAqgHSJY5_ui5JoNX&_6sZ$hYt?==(EfR-yVok({V2Stvr% zkZw-cL7IxwM|RW^PRWlpxR};iA7)^4!mMu*G8Sv^PDi=?2Lgaj^EbG>I=-Lu1>5jw zN4bvk_tm@6bv(4u$R{Ry8z;NIu<;k2(~q2-$WUbcsD6Jw`|lcjk#*PkC{KdffAg}( z*Ux1>;^QIZJ;wBW#48;)9PSo1Sho`3w%vxWwO6%c=Vo;z=NVVKMXc(9w>1}~ zed$?gQ6#l!0q3J%>bX(RM~3M_a==x)o~ott0uY*XoDd`i9A~AWnweFoIn#AD^{jM| z_UYj!OK#llpLeIv*W~yWP_MU#Um% zB0b4+nZ#@C#_!W5orp&LQ`*;E42h%M2_XkLng#D1p!2CvXK5sQmP$+X^?plD`aiV2 zd3;pW`9D4h0}L3vBSr}rCF+1dP!d34WHDe^Y*7b75?XMr(rZM-Fe5Gq33n#pdKsW~ z@27QXZHv|_ZV9+RLWBY9f=d;P3s|jp98jz_fC%$@zn^pO%z*au`+ooU<^^}|J?nFx z^PJ~A=Q+=L&PAjz4NsT8a`^We=sFdD_#ywU&(PMff&xWbmw`Fa2p%)g4Y%|7ZM~J()~m9O<2zqArkW3{ao%6oqZh zOoyoP{@hR5A4~9b`{U9qzb=trj(4u@GyJ-iye6Xf^}=v^p^V2)>Gce!COGCl?3oJlL(ms3NCRXNxtC%7Nzk~OFUjk`*S3B#wxZvKgC z2V^#K>P%Z5{`ued^<#vdq$ zXTx%l_&ow5$N#UN>vj896cL{|KYmd-ekbR?xJciyU7EN}oA@=(sdKdE zwF|R7#=~s^wPKhj!R)c0B2ZihkXc^mPQ0)qOT_k=BLd+|WtC73e)VYqi{i=xCv4+v zcxsl8{>pSyKOOy%89xO&L=fkzhyH;=!AC+VKmn|uMuPq_OOWPl;iqSoA8&mPs@R+w zd^D>|^*UM}Z*t1*wCnID4sj=bjVZ8-JBm~z(0r?IX0`psU&#c}a4pJ}H`nu71n|wi z(w)4*5!kaK*Uzf$``uiTw^A2FJ+nv^hm~ftQ(U+rWB+$ldB})Swj(>5>Uwg%9+dpWV zwsbVpPVMQ7Y)TD;ye|3AQ0elWbl)@G@hY7+@}bq#hR(7uS836O2-Poz;!?On6`b6D^!JjbS z#UYK>dPBGN&-~hJM#ug^DRnEU);ihSzSFO5fmWy}FFeT7w5^Q?wjpQuWOy!W>z3~) zdFVU4=KJaVWOoAxbxEopBM~N%d%gL7#62W&xYbqNNM$6vd0*inx&+`mHVboB>TEsa zHWw-uO|N#p^e8IT`(v1ay%~Z8WdL<)hjB2!{xYbyq%GkYXh*)&j_(Jh>MOO@?$U%G z0jZY@QuvfySR#K-{Yn3sTXS7ys#%|lujB$is9&B5AD`qI`&^Ei9bd9BW#29|nR7l| z*%K5)f#^k-(9Lmy^XqedWt9hPmwB`(q*z+cj3D)LC(S--BKh2B&j1wslL zUC53}ILG^n`A7}PtN?0AZ+u3eFpd#|RV!jn}Md!C4kZFv%^dh(oG(RTfudwxq#Bp3;R8XxwbV7z17Yj4i?{rhu<-36V zLn;$Ml29+F^*4|P#!RdEQ>DL`$uT~4Mr>>Nma3Y%e84ltzCi9|fasJe(KouO)D^c* z8<#jm@36)Ml0__gO(q>#IGD$CnE~2WMoGrcL1j-q$}QT&cJ#KY7BTl7Vg2+-QV^jdp? zm)NAhp~dcI&(Fr>2lMP|`%*ROL3}AI-vN)c3+3BK&KkmaJ};9o@=I*CRNH5%^zdT( zmh@~yNkyRhE3xp#oCj$KvmPaaD*Gd8npnoatzMza3nA?cy+0^brXBq>;3D}I((64D zhEpkiH!7rGuNd;bg%~L7bk^7xIfX){qI~zDyko0sQu(lM&yzSG{IGs4gyb_nrjT_J zGul7J6J?5Z^J{{Vc#bj&EWJ7mQ9 zRFpZ_C`M?Z{dd(D=*Z$~yQgYFCJC0!Mv+}2Xn;4CyVZ+|ju#lBY&VL`W5nt_`9~7p zD$*O+d6wR`+SErKO>bP8Wab#t=^HD^2?A43v!MX2tn$y(dwE>X~4`qsgwkD*}m{y`rR1&-JhS18z~P!MEAW|5dgrKnRJ zrBJXQWR>Ot7su6AW{t-77pnG`9Myicg@rP_Rs-z~a`f>9=~f-pSJb*_kiLM~gvhcczvESGzSmcgb= z(m!XDnr>1R37Hv*;&4TcKCcDbC#ZN9asat3<5jniXS0P=x`n7n_*6xl8hXQUtVZQ1 z)px~`Il&7I{sM(dkesyE}O+pDYlgId$$xP z$qdV2hZ4E6P2nKrK}iOrIFV;r#a z+bd<<;O^p<-rWiJX2Xe7`>Rm`y3PfWQx3bte$NT-o((5j?F}m2 z;RcQJ<<)z*sf3wf-67$Anp0J9vK9ZIkac~^`=@!F`2BS4=Z=Vi;x!qr#um_@;ZBz_QY5dkQo~ey(ePRBw`F?HU`)QThQmLKtZdYINCrJaA zc&^1vfV0!*3&zb60SFjHkO8Y}(r=4w5}pBB1Vg|#S^&SPMyIAldPV2DD|M~-YJ;sP zrcUwRrbP?!nmT5z2hmtB<3m3)lcx*woFhvBRR}kJQUT?X7uDLmZ*)Y0@F4vcnQUkC z?Q}H14&v#O-*cGY@Bqe&tayZbroPUu2}FNPbh9~W+@)L~Y!g-(+KM?S3Nlt9f~)OE zfGD{mv;V;JE)XH@ zD0J?ira7_#Dzuu#(Pl*{cs5+&jEuAEy`~5iX_1!fE(awnA(wceWzY!XR+Gt@d!@#? zhK}cqrF0TLJJB=+J;A?JnO=`qAu}-B=MYo}1F`WBIn)Ev>A=Emyd1g&BEn}_a;Yxe z*$vitTux=J%w+ARvewww%c@w69cFcyUpKasH8{@grcbkL)FiEnGn<5cNOP?2X17Gs zBMyMpC5wb|JICii^>;l6O2dlp5tm2Evcyb&Mfn;>zA*r-#{(t&`E8(>KQ9Kz6s%Sv zvUAb^tXhAKcA_3wFdZteU;jZyzB1AX<@dE-A|Dt=1 zW`Wje-O6Foy4v(jg?3Q*A6qpcxIaA3TDAqy@NC?DMB1vC`GqrZcMxgwu*xV7Cc~40 z{|HYrf5kYJ!n}jIQZrCWA^u+*vM^~Pxah3vx^H7MU|7I100yHY^i8lD=ztR!Aj z9NZp04XUtn&1C|n#F~vv9iLQeU0e(hhNNncVhrm&BD^p)&dfKZ>26wBF|A}8a~(@F zo8>twHP~5_VqVQD_Z@R_as1*Eb8(52P_lA)Q8ySCBzF;V_dfZ>lU#kK#6#kFR>ea- z=w$eV3J7*A?q}7Mm|tTLs00BK_@La1q ze1*>8RlC-cM~hU^LdQM8*yeLolV$0^kJOvs^rzzs!51Yd4Pa3!uz ztXUf#M`bx{Osg<3c-AoWgH5D+3Y|dir(TomkL9rn;7_$eU!^Z zLZ`)MQ%3ozWicl_Q*cQE8WZd#;gKz!NeYo2+vHBC=&HR#tL%gKXWN_9kRgY*j=q1U zPx=`Wf<5wEg$npwlon^;o}H)s8d$Q%Hs$QSC?}E!plx#GRWB4Da8&%i?bq@i9V=@xkshgQ(|A%SkHd*giGZ1*nTzkH8>X}tcdrU zFLOV_Gp!~$sp%O#$s0Zv5^AqM5`NAzqbT-Z@D;kVlGXeOATgWhU%_$6-T&XxT2pG1 zHpApeOjN9U2!L|-jjlft)WCTlTU+GUsRu|OGW$W}VQf$kAKy6{_uclYwV%1ifjI1* z^nKF}iF|3@E5)yL20^RZxfRM2WmFa^a$1>!Q9vJ>Sy!=7^*`f*HS8_YnU2l|R3WD) zaLf|1>M8{(6*JJsAqYt4h?F3H{FHtMy+sC3CBDyG#=$OlP)Fv`A5MIC_~1dDoQcmU z=VW}S{D>!0_>p+%93g)kgL2@V=Z9%n{!#wR)p@8q1&72p@LjFRfQ#RHirH|#6P9_FxsC6**(uu`b^ZwY&7GP2+4eK+ zhwT@70fGw1w5+E;WtrvH9kx@p+;<0+DiGq=|Kv70-NJPC-clDKXJhUz0!J9AKklZ1 zqmJ(+9@-wJ2FwG@2Uu>ZFd-qt3_Qvrgntf>aP@j7h$HK0`C8$JiV)SmIrQGmyBnot6e z3(?eb=9r_*jmAcw8S>V`VR-&fDJKQD3T|dB>ZmJ0Zyc0D3RB0;;S`YIu9R~)ntW`Q z=zDox8|FZWW7g$`>ez007VuPJ0(a?FnHGOBkd=6O1*&hbyqcRKb>Op)eEJ}|>7M@i z{wn(eH9l(?`JKGurX(q(NEM=F7e`;DmM7{0EIBXlw^opoby*=o%$CKKD9C3ws)DTU z)`~5N1sZhgo|pOdR`{~`%#!%c#liQ(#li2w1DzF##5yaIQZ^NFh34_*ZI1CBAS^SUzLK-p&nQT<8Mi>DlYy&J7lL*%B2suVSLP!$c%lGP77 z_*vw_=gb!k(w-c8(BF5_x;-^xq!yW$2)a1|1ZMugrv)o1IGY9@C0LndoN_A5Q_Ct%f z7g|gQ#6Io<-URh8R$XmrkKg{8Fzlk78RdUZfBKK551`LV!5fCi_6eZJs-*x!m$j7u z2Dz%-sn!2IYW+%h0$os7LIm3Vf1UqPC%&dHC)d)xQp zWM}@mBBXi#6g+SX5EhMV{d}FcF$cTOeC?z!W%@I-=?DH;daVT$jB#MW!rp6#ARc#e ztU?E_9g6pkwN3IICeM&OtK@l(JV(iMv^>YjbG$q& zDtTTbPhFnZ$#b4OZ}9 zs64M3!uN&pTq_~3%X6nZzmjKKo_!?EV0oS|&nkH~%k$Urd`O;umFElcd|jR&%kw|- z^nxxr*7la?>GBN9bGkgQmSC2gq%n+B|BWyl~dmQobq-<8A~A^4StQuSsruLzpE~WigefW%g~UndJ%rA>@AXB!2KQ5 zFY!`m(W$jmj-2Accwe^6Tbwc%dh0*X&y*6HvL(zytkrxMssnDvBUW%bPLfq+3mJiA z`XmXxFq;`&iOj2hH1mns%=?f)zg#jGWHawVsMWmpM>D^FQU)c@OS0{fEZirgFOYK9 zW)s|xC}YDmJaOV#UoFvplxRWGt%#_DjP?$G)2&Pft9^+UBTKRU-SDjBzTQ#w8M}*V zxQGd&(3vp2ko+)LsFSvf@=32^14{=3&>fIEaU)B*On*;WkB*RY)?> z>f!;iNO35%U%HiRIsFDnbdsBBiKyDaav%uusx8j{z(3@F$DCVin%B#4)1o}iXDs$Y z>(qfaFc81qjPh#j_xche(x^ufqc4}x_G~CU zFgpC@>GjKpfdljre$?5XADK(1bR9*;=91tc*uvfhPi}jl@=W)u=atY-VRDZ}-WJ+S zO-m04vxhZL`a%>>>cW+OZ9a=yzo~%|Y>Ul6uIXND`qiBi%6#Gf!3~As|4DTfAc1@7 z!1A`#w~!BHzXaBB=tTP2D^xpb)`exV6Ka03ZxcP5L{2H+(b?{c^szkUJH~p!C>Qm^ z3zrGFu`zWl;=(=P@BC|Hmp3vUw;`PGL7GT+2Kd6`v2vGJf8<<-z{o%1gUsWNzIDq0 zV+pj8(Dp^Jtc~F7@0qV%Yr$P-LUQPTh5r(?umboT138d>x<^^1 z*3Dk)DV}6bfRA}R(H*xGt)*8hrsyJ;o+0~u!Iu{&8CuvgaqoY&$xnqoo-A?8IbGou z?j5Y%z`;#&0xjAFB{p`jAgmP8Mg3^rj55cVTiWgJ`?eW7^P^kEKuf!D3nbA(a26m8 zvbXAA0P2ko>1S;6MzOneEU?0fv=>UHC$Z=z1mL8rWAslCzh)BVd-=+IFY*1LkF})_ zBUEcGZ~vEHdtGbYJSWy^4GEwsFL+w<&Bb$!!^0Pjfa8|cpn2)yb*n*N$&H}gvGyV4 zjgsk%%}b+4PAhL)w~Vo59Am@75u~jpyz7Ow|y721G@nt?Ob{E1{V<&SJev=R3u@?V5>$b4s!Kgy6 zuv@3I#$tX_A+WBLpS}1A#apkQg1`F=y58?h|cH#T;~oNC!-x< zHI$(|j>a}*!*%l*Q$&SvYccPEO+P&X(c<3=4&%6aP?Wrv3EQ5^Lu0ilcV&|O@K~J} zIROP07;XJB=!xxuE?tLb3N`*=4EPKHsT&HSpJJcVK%y_g;Y?UbI|;_C1Uv*W#Xht| zC4eDICV^AJFiG%%N`Mio|ItlRZJ$^uJcfoVCBoaVDKo``L|Swou&|!(Or4AZ#^C=b zwI9+JehK^3f~kH-9s!i`Wr9m80^7Nh4S zzLvz^ig072fc!YRLo;#xZyN6-jN8E33lJ+*b^$}#Y0oPTA3X&D#;yu2HV7|CKcg!H z6=tchFr=*H4%P?g9B>!E*)#bj`)P@bL)m{*Juxr&YeYHgYqeg%Op9E_@evmqi@w1w zV0Zi!z--r<0hI`YIyk@5(M(Bv$Tx|J1;m$e0L1?ZUd(@(LpYfiS-RJnc(qlbro?>- zcS2n4ixlBjK6gSa&Y2MXFQwDF^4{LF+6OnmpXG&{Sx)09nG`YeX)zvLTKlJWKko9j zjmfbGuHMz6mm}<@^pew&4|!CBFm8rh|sR@#4~U{P^KvBT#0) zHi7h9A}26}9z;ICut$d$p|nCrvRNaN&E|es2kps~(B$+4N($6gNoDq2)Pwo}@+ELe z6#O#sk!-Dk-r=`t9L&%at@~a6g&SW%;^BbR^r<56FJljoyu<%WkK_<9=3wA%^tOJw02e#=>x$367nn1w|^f-fDOf1m-C=Qc@B3mizH(iadKybw{LhzOy) z^TEuNeA-JN?G_M9trx+pi(GINvL8F2iM${#FTqaMfuhA0=uz(HiSN~t#zSWV94$H# zHCvbL1+NGedQsJH3m_!<&z!=h0$s|YrvazGWZZYnlM(6yr) zrfpj695s3a?#<>>D0tt=2=8n!!3Et?(k*=ej~1h;B#6OBV$haz>pwo(OLHh~VnUrm z{S0B~wGsSJUdy2&9~>U)(9&8Y+1DYHceDlXY+XY^X@2rimABO1+l2(LRy9Z3yw><^Bw#@*zUusEaMoMveF!AeZyoaTjF*HPAQ0~L%~9vFq6*bWG) zUUUj63In|St<+ES_t48Om3@ZgAl+qo#!e*9Qi+;>pY2(pqxNK|EyM4<2-ZH1Ut)2$Q3kI#l5gVgcm0oGZU zXYL30_0>+R4b}Ao?uu%vt!D$3NKs=y@gD0dWd#&%rEZhcLRP zYSDax8cG}Ab*Z1m8)&EH@zit6wK$>c>+yH3<;E^OzQkGTLI18F7A}j|rHw;f>Pxj2 z=nrs&7c(MXaVpu@g|FfA?nqtteeg@Ii6XQ<7D6+0Tix(;WIv{#4U9m|_NzBZZ_*~T ze9w9iaT;wGyj6tkgpiQWK}#J%o>L*!_8o!(Zr?TWqzZA+w!FPYn-`rxLNyN&Z=q>b_ChI1RCQc-0Ky^JpDKH1Hk!v9q{~aPVRs@7 z{p_s;w5#xr!}@wH#*TfqKuXL@e^v_)>JQW6%BRE zv%^vzPA-?A#N6qtLi9y5Fc(9nGj4%=I8cdX>vm)0!vubV2Rp*2uiFj!UcVgJ?D1as zbaZitbw7h7ZD)r!vb*u0Ot`**N#2fpSR=%yPY0s)f8tSBI?cYyfkN~)ne~zEzsRgS z1ojiG6o2~tC`XD&w~RuVeUnd`nrPw||Dbq9U-Z`G}~tzq?yB-cZ8FX#2x{ z--ZZW6pXx-VK?$?SsB2B9N@R^;2SSLQ|Zi4(rY*}rdLxiE5JEEGAnUM4k4)ouj`PX z$MK)SukjKYhDVD%f~UGENT*_50l(%|6lAaKF2L&>GU3ljqrOt%R-6pjY-C!R9g;<(#E)u*<@S(}CaJ3{k{* zNu8AVRpY-r706*$+l$0Z)cYvEwJ02G;>sgQgc38zx(vb9_LWPeDau^b?#X> zn4>P)UeZl4r_Nu~b-h8H-& z79?UWp(Wqp5c|fhR{sKU2&ysA{7K#brKec_U3kmdLm4+?pj5h|!)WCW`3~`f9Niio z+;G6Va3E-a8&{N zWkIiy{p3Uu5FqTR%OsAp6_NFUj3@n0bf7bSiUELqZdYgg@QZ($@uSlB$flo*y6kRl zdVcXQ(WE)?LrM8g=+4gXX%NAf%R@xL@v_L>SLweM7Aiywam@GsF&>AVSt z9I9WL%`}CXF3ZWp0F`N~^X9;m%kafs&zeGwbU}|-!UM2gI*;=D6wwq$&UP(;2Z&%E zJ|+41+&nN#5fRsYDr}=?qG3&Lqkp)+E%-(<`^aQMpX`rB!|EerGFu9ceID-T_U&sY z^@opb+?Cz~>3gfk4;G;;AaZKN`8z75#xJt`=C%PI==jz@3mlDQ>PWGghU#?vUnCLC zK_6Z3kO*{oY>ZGWOa+W}!p6h@Y5$^!^%Pq>{2uPptlxmw&W(AI=TiSr<6r27{by#o zVlDu+-_8@-kp5$U>WZ-Q=5~e9N21}||Jwdc`Pg`Ld7;ko7vz-B09F3{qsy;R?ZW5;efV*r$zQ0D7j6Jgg+v;R8R z9aCBR8T8*H{}q0&N4Orw(pha?h$y7g(A!a{Ltxr+t{Q~MphaXjG$RAJPQ<**Ph8Pr zO)fUud%Pb$AN+2(AKmBB9Y@bL2zjE-h-}L%$3Wsaj_b zBiy62nQ+4ew|*9WRa39gxq(`DeXYImI@Q$9q=*KX;7b`pLDQb|rW^_2q{HL0`V*P_ zl`20L(Z&W_+-`8JRAv-;z@&9m4kza za8La{6qo!vO2~oYyR}VbG#cx4KSWU&YdT3Iw!X}rg!Lqni8r>op|$q5Yn>jKj8=04 zY6PwM)2;LvU+b!QA5b;0m33Fv+FuAQKmduXOug*-_g|#X`>EHTUK2nndwV`vflpWg z1Ni4K0I{!~4YeJhgq_$t=}Mm*@gHQ|hAq)k^nLEYhs1!hO1K22)*h%JO?4GyDbq>C zk3=7c0;}xaev*ZE11m%;Zic5PEEDHCvezgUCCVpepHCoTB_`DAN^-N#!e5WXw$%q0@@oh)CCx2D8yKx?1 zH_G#1bOEn$uER}{TKk~`(onRbl5K2+gLBo!bI>&yQfu}C_O5I2fb#4Y-!qm9{5}}( zf({yvk*+XFc7Zi_-N|~V62{+0D9^jD{H1C$mNXr*rH0?5=$rBpWJzPa2=!X@5tIiY z3(*yT@bG>Y!uf>o&wctvvx8rHW7zUM1^*X7mP z!!xjrCG3S6*w5BlnwYvS4_NM%Nd+u>jsi+yd72B?0HLfJdr%fG7c5RjQDD-wcL07x zvelvwAwG9pNrqQ1Zv4wE`H(2u-2ZR`Mj8)zxvjVJ>PnO#Z}p1HGYWOJ2S)t z+)k3#Ik*j~k6hed=eFS^2e;Q;^JBQh{*kg?fW?OSwN2Q$8saHOv;oJxF)hF&3-0e+ zBGUqh<{0q*PPb7NY}8|4x?q>fG~vbC1x;7*lAin3+V@CHbLhDn1_FpxyoS24zU{!e z?rH~Cl|~3#y*l;@FxYnW+~qqOgC5K?T9no%=Ihh!>n>NzZ`}U-@*&|!Xwr(u8M}%4 zSYs3RN3w$im`zABUuT6s8X4MIQRs^dvgVgG9`1s2m-L8VkQe;W?1;Pz&upqZ)Opy8 zxZ96O={O~<0$p5ju+`W%EfjpoG+LH>#hb`qTC4YF-3##&L-+%g5`3)>78#?*1nNJ8 z-$mHPBq9HS>!rFX!wYy+R43lDpl9}DXn%s85Emzop%Xgv4a|M)(1%rrmbgIH*nhvt z?a-dJ_I@F}f*0OEGA4fzzcT)JJ3Xsp2?o9728C~z#!UmTg;|i`4+wTM#eoHMqyv9! zLuN`lp~n1HRS0tUur41$L{!y@cE9!lyDoK>^mD4B*1mQRtM$I{iGV}yQL93-6yC4O zC7PWM(L}GxC7LY%m-z|&uGW6q5`?bDsFqgJD}u441U6Wdx5K{xXp1oigHzxwY}|~= zaGus$q(e^iNNrVibEja^@<_X``ILZqm3NN?Z1ie-5+`S8Tllo_)TRCZ-USrRYNwDB0dJ{l=se&4NIq5Yl zuf{%IMx|dSXkhi!RM(fNQm%Fp^#M|GlV;YH3Q_cd^CSLdF<;QUQ|x{!uI{WT^TB~R zS|+^{>D723pQGaB_^6Pq4*(+pT z7ycnCmyPx^VMNX}|_56B8zlJ|Y2s{;zd|<7h>Q!~}x@Ab_fratKi;Q&*@?K!96V0Pc_)3J( zY5N3vm5GXt;?Hn?D59Lu3>*_*$lmzC&bMc}?V+bRMe+sPicL8Ib zaPR*GraDXmvoioqCI21!xkGtjNIB^iu5i*VEUDH$O~w|7%4xOs0O?X9{{&eEux>V8 z%C72&@<8`O+aYU~nWsVH{w`DUVg&kLJSM(%uqspAYu!nFbXMbQ!$L({HQ zbs}&A?Fhb#yh~nLV-FDod0%*4Ul864Kf9C5R0BE{cNcPOP<`kco=qbCM#T->HC1T|#j>>D)#B-=)eL zyJJ=s`B?-w^%?88ky@nM@CYno;1|)Ywm1Bv99`|eAFcM=oNBSFD1AOPr&{jkO7j4F zAKV`$b3Gf=kB!0oQz{_a7-+6^NT`{%aHgxH1wpa>?a$rj95F!M`##ZEN*JMGK#e`{ zJ*Fn@`gL5lpb88nA8^~;I7SR1wB-x|x{CqOVAvC6AiR#mRr0AjIA(M1IWF^gkyRWR z4S$`BidSKtskOUj^39B2kY|iG1yefN0rU|H}f99j4@pEQ@jj5PV8ryNuoXRMN z9{}E;Z zUzQ2$-~hg!pSNT_FXL9GT4Pk%6QJqEd;*UQTI*Wsj^@B<<|?iA4M(1}*1$*(dV5#_ z`jr8-@q#Fqv}hDH>sRD7fU4Wnar(nKLGMbNs_a=aoi<^ERmL<%lh30?IS-Y0y7Kva zC7)N>V-!^As2D{rp5MSCqJDewM0{b>`1{{-O9b;aTK5;3ijV!uoxGz4;DV;DKwReH z8a^ct5HGh%kRLuyp!KG-bB-xE(3{*QFsc1zN^n$dPjtC)xTxA5r9Lv0 zs>SFARo{fH$wOEI$Zh0`-}vE<_%^plkS`I%8Fyl>Uy64^Wb=M@L2*|QC-Zz2aTVQNhOMd1omoYX#H$!kw zh|F5V&lrkNp`GrCI1A`%Wfq*dz!Nu+3C$B_y=&}IyJTu|Mc-5Ok1_yM>V5D|x%U?} zs^2^HPu*Bmn0@~jg49Gai{@XVS)jw4DCT6vAa7iMnx9d_{OR7t-D^Mr)}=gVSSYzF zq4;BNbU1%u%&F)z(xb}08ykI?JuT~13=`;cehOc&1uy~dLz*gt*KfGjz-}*{XS4Nw zq!`o~Bb#Nb)$e#ey+|ns^5zDK{$z!A6jeGCnH!2=Q?R zAM>?A(Le+8@^=+}H%9{x;fMArTqOgb5^)STO>e*_uVkYlvS@4`3a>BH{Vo8Y9M3=yyE$Z!47eXtN2tjBP|jeNVj~GAExvE?7JiV(|A10fANaKJ1@j z5QzZF$PPR57g$dLk+HV;ivpGwM7|!~|lrD91D{o&0uey}K(LZAYL^)JeqD zY{Y6Qz^>mzuzaXE{R|d)*dKpFP)l96$z>Ns-%0v7x1H%{7BSTVTc|`oKNF5Q3{{la zhQ#k9Buy%SID2SWKpR<$Vmj1Wi;QW?DF!2GXK5Bf-3`Yl4sw+4R$9C#vc$0z4irJrW$A$!i}*tx@9-smg20^_ds)HB@ngVwc| zi-*{Lu!n?T0Oct8CV2^&*RUTnCmr$G4@{Q^!8zOG!i9X|@EJJoE?)mr^Q;J%ZQYqQ zc0i^+4kif7kk3DGS;^VBPxnLN7l=C*jZQSU`g^sp2;kMUnA{BDbR!E$s;_PzV7=Wn6Q;8=L8kkeJg@9#HCjYk zrP7x(LaqJz`$QeM?#vEVkeg47;#9WBMY9%t3tvR_YL%P==L@o{O-^}{Zsl#k4u^#nU)aGWy+riEl4kQ$7$`Sr!m+W^VjvhNdZ)kfL?y@L{Am>7K(zmT$g z);+?K-in-%d=f$BZEgVcbgVoPU%>?Eqo;U4!VB!kbYv|h<_YeB*Iddt#RYT_{K5^; ze~El>!cU*^$@5T_vI*eIR!uIn7aU=;Fb@&61Nup zBZ~m=ufLaR58Xa0;N|=%b`wD5#Z`9dU5ECy=nY8Xz{fPWJ%DM7s_aBI%}q+0#6f{K5L?E1%7GMWFO|_a zq6+KiY432J3zYK`oyZ&jO4H#m43iX`YTSzDa4Gm_ZsMTqy`_egx4~-8of_Xt4t;m8qvoj2cLI&jw9bqo)-?wL5(hZxSK~Oj10E7^PzD zz6Fvl)M7(X6~c~?uafl$)PIX~sRo@yki3Z#M-$)V+85D}tM$6Eem_}7_-e3N%9`c1 zc9)OXZ{%fXbM5%)-<_Tg_Xj_d{sNlAz13affZSawb?7gn2Dic2kxbFxu1{ z9*>z;UKV(9T;fV_LO7qqf;KWQ*j|5fd`P}|wt1O1zEbuP;SXoG@Ow7w7ClYu{8axW z2jVvAqST3c(hbx@2+}2d*mPX|vG>O!kU=(vg*!~kWZ$+DD9I|)S_b19o?xjBAyA&grj7ABf$6~{k) zo?CaibuM1*TcAtFNYQU_!>jGZD#&bR0#Mq8=9A1$N3siKswe(skBa4c}6AVW!h7`dqRqn|oBt0{^EsQiR<%QC#B7kc4rm}?aZ zB4cap_8W!A;Nv85qwrJx{!EGU^eL*xN_9%aF11MDywvgfilYO;5>Itt=NL~k%|?n0 z;flhvf!M2622ij9DfCpJM{febK;0}m3z0Gqx8J(aYc0OIb27}K&auu_TZxMXHy&nj z;nSgwDE34ua2M*Ye-F5x&Vd8h#CYoFrTSuIz%E5^JvwUGG<)%6my7{o;}i!(K$qFC z7J31<5h`pvL>S@61Av3Y2ob^C06#hk~@bUTxqAY~|OlJb;sla)) z_OwYy(qeUbIBqt83K+zmH+ax>-qgQb`O}AvE4F@;*+A$mtj5_z&|-f9KJc zhytyh3=%D|PQ)2AT$Okzs{z4So1nD}$1e1s|J3)$`vwCu))`6a{juNgQsFs-n#V=U za0KR@oQO$60n<|>pgHIghuSjz)N)i;JH4g~)s+eH^Jv{bG1qsClU$(RD&!?YGDeu2B_y>?gXR74s)@3Cu&Yb|63AXuchDX0_PNNKaRaEj6HYW5g4%Z3g9d; z3pN|M=1)F=%n5mA-TMEq-878PIe&}k+?}83(RhO8*IN6DM}v5MzF8K(@vu3cy&EYt z4(HdOuC-#jv)*f#!8h&Z?-3RD-|=&=v9YV^H`))HQ@o(>r(J0ED*=SgCeu!B@dSs& zMdXa`2p8$=GAXafq#T-hr`Dd3pu|TZZ#+%a?iF^0&&8!?N`S-WY>oYx1p9(Bz2UR5 z(F7f(N{0>AUHaQ>EYBF|?U`DBNu*qdFtgc4hX|uc(uKRCZ{Wh)*`PL#%B?AjEYlAn zhJ{)M*6kM-83(-Ke%M!stP}1{heu%bJ(ayO%2lNuu|8&bD5kLoHM#DQ0LRu`$wtO9 zuI2Lt5b<}2EL1f5;UU9F=hvS|S>brCWdVGS1pF7Y4M}`h3Z6 zw0|G`T3gEL3%{|Ij4lWm?OrUr^S;gqR*>Kq+GQ9yyar8+o(gzzBivu1s1y~Rwt`ZQ z7&lbg!)1WU`kChlaXzu(5wa zq&~|1@2fo(spMfJdN^>ye*HZw7#5T0mYNAgb%fEi>l zl`epFb5&0cO_nqKs!TX;dLky!!_SVB9p&8@VzK@ROFjNvOo+12U@ykjI8gIrTLZ#nL8+7V zzq*-t_n&0&o3fVx9Qn)#*MbYAPSuxYK$qU3E`uEFRoI{#I5gs#<4`{1eKE!8jv@@E z5>E+$zswsMjq73S2VfFw>8Z8Uk0~uYPycnME|PJ| z4=@MnzjFg2j>Cr&Y7f~LJGHl=*JKTHOE!}Yh_0x;7`?og^t zZ_5PMtH7bDzo3iG1Qg)`*2TK96##XQoUhcU&e`F}xyD+y#1r`$?m1{$jyHaVY~vo; zHAqOs2vKbXWGcJnuNb8r*F+;Tyq4m1w|ezy{wcVLa>WPyJg(_g{7kdYRfVZmn4<2@ z7M!hB#*#SR!(d1>xf4DrRhP}-3GxvHhrH0UpDvOUSBB8hgV#p}uhLpa1^0!|g*O$W zEf9Pq@|8NSlvy9R5#i5a`xg8r@|88y8$1ZF6_}p?Nhuh`zHas;TNnKXYx7yGO^XUs z^u+7abZ5}rINZJda^sWz`~H#b{yD1>6_DD&$tud!&kXg0Gu;Sm_$`0%muP5{U%q{s zdGitT`0HAN7dQZpJPpz9D zzQGL3!lWi_BZ~lqUq7fKU@aqFg=UR)#3Hc!JKztO-tK`~&zI^;|23QPjLme;;v4-a z(`d#hByqO<-TBUvl_6@UXNn=|@JQmY%r1EmJJ4`4BlBhWIhoY^qpjULD@PXOg&(mh zN78#xDg0V=16$~p`Zb38`C4niNEA_o9aujvp_k_K3g+qZKu85wHkH&Q01eu*4uFMf z;L(UXQ!w5gNo#j|<5ow3=vv2C*$?81bD#vZ+ztd#wCqhJl`K5Ker*YBA{*p!c{_x3JVh8=2{|UaQE#>*)m8jx;u~V&J;SVr$qX9f2d7qQ%C6ppzHk0kD5ANz23$E4&VF zE##Xk5IP?T_ryf8xTFzG=TbYpaMz%KbIDRr*|eGQu!d1SnNb@TOi+ z+XpA93iONI>^1f&Dsy?xdGTEAf?uO&0@ipArQ&osNR>Juk}Uso`@Kkv6Pzn&(I1@u zpyRhj;`ARfRk0mAQpacT4SfsS)3IRWe`$}k<%jKAsKQWWYJ)X0w*i-`7*2<3{!#Pc zvNoc=kqiw$oC91GSmx1lh0wpzPSOwehC{#LyOFQ=jrU?#BOS5f5M!%*wL{K=kN&ZN zl4APQE&)ENQ5=C`SZG$lDk}GW>moHjb9_Jp^_u>$i}kt!dqYCnXeRVOWI}!RqfY2% zh*5P|$jm|cC1!W_nu&YWu={FGrvJ54vm2fPa}vV};kV)+HTwL9e1EMT!c!-a=-W_k z$lieVD-GQQ{ROwCTDw$Lq`!zD@TEUzV~%xVR=Ytp_QA~ptB5I=ia+uHwf(d~#rbjI z(0Cb+#aCgnFD4BUVWog~6c9EByrBYTL5gw_N24W=-Ah4C_uNsuy7EE+Qu?fQZ3w_s zDl{99@ap0rIQ4k~DkM4}QIr^mdPh!(w%u~vG`q4^#6t|s7;QZe1IL)S`x~htYa{sX zw&->(_8#K6kA{h_`EPiKOwmj_L3etsm82h&+wbDQYe;wiZPj2ILvi^(Uxo8INt3;@593T2?s69I_1GW%w?_?Cc;Oeg!#m)Y|J)dWfBOF$e&Wc}7+#G^f%sRCqYO$va*cFj;{QYL#jYO9PvuKy*t?NEnVtkvAxg00Y=@Tss8{aYRvEiZe69g*JLzCN)-F@mj} z?Apzhue#c`)U#EzPX1D6Mq=~?{a2{{h??i8qVZPl;pz9gQEBU$8MA!8MI7(MN+~>C=Fa( zG>n!Gz(y#=S!{&9;l`IGy=$Nxynp5+KT2Cta=k_ABKBH*;g{{T+>raOcr9UKu zctQV+1`K^sYhR`2bztx`{WG^BP(g(NQDeV5#H|HnoP(?u@fP9(_AoZG2!md1iiG)j z>k-pP3t`!_LH{aKe5EQrlzK4RBS-6lxIaq94s}q=r5@Fag=obBtV41&LC~07AzaMe zB%QBxL(-*cTlA_nhj6$D%DE1Mu3_g8u}WlY}8hYvH5WD_4|Bnd4>ZUqsdM9%!p6m`6LH+PKV zx8*S$B01PIrl1m&9tuj#OTgswA{UckqbIJ*gZ@o>&1gF`$X*cAug!sSyg-TRuPjxl z?q?SEHBbCo*A1(-FB;?w#FUnZu}bhWWfJJ}XN(G?y$h}jn(WmVUFfA}jgoZhR3x?M z3kUOY^VdQX>?!y*n;8WbEvgcuqYJhwy~ZK9GwltywARt0xHC2#9&|`sin&|NQ1{_C zegPJ{I9Y~kr|p-(DrIuiqW?lv-a+h41Th6^v0eBK!H5W0Nv{zgz81!S315p+n1YMc zU*Vb?fdZdghLl)85l!Qbn7La=srsP;K2U!}@IYj?(S`|el-Vz#>`P*Fa$KxMX_#ty z1Nu+sR^ho2o7<>rGIzp}pU1vX!Dz-9hq2Woh!t(L9oh6}(Ngh2E23@k28P{~>6P&c z`Jvk6Vn$FtOHSq6O1@3NTgX6jbRHlq^O9S6&5XaNknK z$Cl>!*m4~!DYb?lO5cpGjE75(kbfex{WhQZu!9+@bsPvjCUC<9n$oO1Y&Rdj-F@S%G*i`2&%cs#v>s8VpO_$-(FfweDbbeFH zLud9gUt)QJh~&i>65`}ZW_x|F3l5|JX;~2NMwElrIr^?fic&OHxA~7 z7nwGy!oGN{b8!m$Wfc0f)>2_ExF|u%*O-d$m2!PS-5Y)i%jw`pkuOruk~=}u1Kf>~ zJqqj_VMC%Vja6cBiy)x>n7mia69;WUNO+7GVW^g0fyTnRjQd64v9vk;0Y=Ec?B8QK zgEgJf6)3eM*88M)cR#h~(Ho_RC;tV?i!iDSt$JG6O{D-2r^4yrNA(o|eoTBmrv6jR zo-PO25gugzqq8F~JpGO-d1Mb&>4pP&;gQj;k#T4`95TiBK2-n+iZlKgW>sP9C^WPDf_y_hw+2t6&%k61m+CRNF!V8@7ea(-gXKsl4I1 zPgh5lWJ&fWKvzXvpL*LY4m^{Gbtv~xxaTT&E^xGE?_9{om)1)6r<_x93#olH{xYYj}ejyFPPb^4T z)K*nBcH<_(4OFNT^lG?uhz|{Fw*tfyOiO>Rl0B2hgcY2hVRmCb`%5wE2HQ3pxj&2= z7l6*OzV>oh&oS>O9MxE9z6zQHyA-G3G0yM$whSI+7gg{$w8kEPs^BsC94DiPkS4hj zZ$d1|hZ#l{NpcR~p5fbUzHQEwbsi9xgqr)v^$_WAZOL(9+dqE{O2NkiBk->LJ<3=z z)-DqyUJJ*N;^pZID;gNZG>X*9u-s_vpR;eflFJ>BF`L7dL2)~FOxRjHHc#7v?}RbVLj z1PatzC+CZD0qBUWRsmiKko#aFQ?%Agx{0|JdRA*)MRLTB+{y7vd{zT(UVw49yREig zSx-tX2zmoBI+^BHraupyCC?+d2Hmi_aFTZeXsxvxeH6bEzu;^0O|vi%+@>x47fKuq zzuVCd@e;2+4*f-)9XM)F&O#V_gSKc(+Yo8&FVSMHc)4S8&t;W??$(lHv^R2&YYf`2 zErm6HdhAT3(VAbwtL2p)DxRLnv*NV#1BMDh)#+c6cmX^~qLCF>24>;_T?KsqZt-Id zuC;$FGcy)nTC@%cU~CU#^X4a=-5@PGih*5f?W_OHAQ5B5?@+$p131Xu<|Cni%SAuwou&CDlXiWxbyV0|-SC;w(+#M3|YBt~%33wqJunqy7^#ED5 z^p14rA0*j3e__c|(614|>X39cm9pH-#Npt7Zy+hjbWnQ`+xsy&+>Eq|*o&Aa0j4Ke zfe3vT2qW1KZ?*O~sm7~E8B~i)Li9Sm9bmEu-!4EH&XYOG;tVR2Ag>d2FN02&ps%Iz zUj2^@>WLug7s0-%UWD==B19340bmHAE&U9@P!H4x24GstC3!twf!G*)TU+`nBJdk~ z8NU!};>CT;B3B_Wh9goo*#5-WUGTK>JHD)6j;9BTrHj4Rw5vrz;x$z&*6PuCzzcx1 z<=hUZMI5e}iW+#2uc!E+zk*0%c{mA#Z~Jf9`~zJlM7UtVI9h^mm{Z`%KXX^87XI93 zNV3eCX&8;X<(34&egcOj4TpIllN1m6P68ot6!l|I!O^Q)Bj>0j9RH!%C6zM*{qF^tr$^cOzB)6ZE|~`Gr*sOBEYyNg1ASf4%eQSSavr z%apDP&FYFoe&l@IxO)hw33G7;ew?j#h4vVQ(Jt_Vc$YY+$L1Z@DfP!${j}EM$_%dU z@Swd52I)fpfr}P7Z-p5)&#k%fWtK1VYrJ5%(T+7mzARMY;)ODY0!F?xHnq$4lHh8p1oP z=FX4bifuto%#vrAyQbkb650Rx$V{1kPj557Fh9g4U?6aZV-_Q+r7rwBhIv zB}l=<8LB8q@WtbHD$oH57N)gWyiw@H1qYpK3Qs1b z;9F~EJF=QvthJ~AMVgz{+G1V(YYCG{=yf7(ljuCb_{u`nRx~gbWrWhJSOXA`e)8$n zco)I~Js~p@1RRbfj0^uTVUgsV$poXw*xx0$oT!c>aN196x?f(f+B*!;jQw6M z`Xyf+uukcWeFb1~8x|-j{oGCrL;DZ6Ij9IP%n^>vc56&v@X9p+-P|HaSJlB)c&n{M zfjGDt8-w5A%E#GZ%ggXig@^Xa;CnwnNLL%(65OaY_d!JCM*kV0N(jXWF?csv(!=y< zTQYbwqBCxZyqg8((T1XG;wtdu%o><~Ad(rMA#5NQpwCjNhfy$yU6)%8BU zn=FvP;w%s$V#J`Uf<#Fal?Z5n5CQ^j2uZZQwjz!Z6=4@p5jJcVGK@idYkh6)ix#U@ ze1k+32~ifbRn)3jwc<{_b0VO!^YK2tvICx=^RM8H#t5T6fW6uF=u+cb zZT(0p!|eI<+sB?L1{;1lr&;(Bj(C%wp&0K3KBr=-OrDFzN@TBrO~=eepFjl^Z@yu-CL6P-W%m<<&5H`d+ouJS@2cYYF4(-w@m{wRNeb%r6oS(%U zk9Jkw9)uDdp=~Dec{Mw)G&&5JdkO8qU$E(}Lqf@uN75Vi?v!CrhgY@-% ztO`S)5q~V+dU%Z94_y(w>jMFqPDj^VQdjgB2yqOod|M;gSyQ3?p{*(P8>2ycAdYqT z3nezLfjVwl_y3-v88`tb9kSuy?{#Fus7^0JuXwNLqn3kxwq`_(WXW;zZ4_GQ@iiKU z1o(;fZ7A&3?{lO-dNVZCOIGw4qK|aD1<~VWbc|O@pTr(jqzoJjcCbVEos;W-DzWJ= zDCUpNawVuCN`j*B1S?iYa9VPj5}Kl}zbHtxy}TYfZmRbFPEg>1q})_Z&VlL`2da`B zs3;#g_!X1YRdNdxfdd5G`2PGwG$`bKTj23_)dX+_Uw=(j^d1+>qtsn+ZGHR;wm~ng zS9p2hrS)er06D%x=?hoCBnP%IsQ?&@Luha@=IXB3c=X{|$0Q`X1lo?`@T#S$rU zgR_=ae5s7FhCBLPILCnhl?S9x72+(EW^6bO9fNp2i4`mb9-?g+rK<}7U^-#z1nADx zjCmUt5ziq<2}IdBm2wwAX|sT=-tY&YDh3*k;dT0Dce%)tC}i{8S1l=*XdVGl(&P2p zb8u6thBiG8{;ven*g-}6!(Wkl=|qPi5yXb+&$Da~oi2P7U#`|wSpZya%{fe=b~|Es zIVP)uy7X6yeiNH6L_r^Kjhbh$Z)~RAA>Lz~thaw72tpz}5pkpZl1j)QX4` zQI1SVrmyF~^A~5F--VHpOQ!S(A_Fb=W~uusJS03spiExjR%WEC)WAAPRh^ z(MfVOy9q5{y|qeK zL*i&WLA&ZU7qnAQ+&MoH1N)zQ8R0@@)*&!rpMe_n2hmCU2t1i9sYT);%_scDBB2II zLT+H+bC}nDZ?{?}pdMiO>{bT`t#un`_rY+yD{Bn^)>{9BuMO5+IIfqesjtDc&XLexAver&b<|dG8Pa3SbakAdf8bIB_*Q|{=RR3m0fTY`h--nk zb@$*5HVN}5$0j&E9$hR}!9k{6EhRu>lm>8Wew@AzRbn-iTd59NZzBT0=Xgs{Rv+|0 zR5bcFw|$%f?9_L7Zz0_+bAl?_t-2_iknu-qnt z3x7Xrym4ISBn7icbCHD286E4a7xEWnPNPZqRLsjrQ~lfNDbFpf4kYOf=a7m80?lun{+7eJ#p)DVHJpf2WAW^NRQOD z>{nb={mvx@{b-;{ceB5uva6u6qlF^ttvS*OE{6Bf_33086AC5m0I4XVGrUs0wabM` zYi00hMJ+sX=B=3GhRhn$jgnJOM7c65+e_=MLbq5{^l#`&8N!~N24HRIgfjXF7i^se zg7&dUL;nQ?Li849J0df9a{o)HIv9bX#)^0qKLJHwK`C0tMtcNE&Ip9Z)dOZN@dOgB zhI??}nEL7S#tgnGWf-iDm0=acya32Q&Z6&Q5}_LbIcJ1F{=1nQhXzX*0E_~vZ?M;4 zM{$~Qhxbw4N(hGiT`l_;0FDLIfTm$}=*Rb~+;JU%aSZ|)!(xRa5YwkR9Ex77{~WkT zhxKtp&H(Prr?|)gvlyV)@pBKo$xE#E#`V7-2arLkaj6ABM{6t))Vk z#Oj^()^+N|74lN)7T8B{{}#sDQm%!1OvTw3%+qnvA=KkcdFDl%aA|&C-XJbLq9W}) zkn#DBtqlq*Y1vPt#U|l=O{f|zT|XKIh+$%AtaY}CS?(n~2wAN;9eI%x9SoEAq@*Jh z48w;=SaRP4OD~0X5#dYG+?2#7QTM@*7+MFnItcNNiq}K znWv4`O!SZa+RW{PG{gsYKcvoNu5-kw;Z4??vTA_^()SwfXA9kMN|w#O{@3YGPD1Kp8)uX4ZR&c;FCQGcqc3=rT>YL)t_1zdPLk8g*{(}X8g<>aV_ zV(j1?;y)W#d_kn}l1yTy?y?Bkta*3JR81@es67))%ly&doN=idRas3LTTSf4U7*C$ zOZ`!>6!@(iH-)S^n7xnU_NPpBlln0l{|Aim#7UKdpGX!zfB>tC_&C0^%Zxf~4u*zDv6$gJ7a2;^!E}iqp7NE_>3o51=+T9nMRaR{3H>&6+aI z(W9`fqr4L9*J$l|-V+Odz*>h4P_)ArWJwg^!L{TRjBl!@3RU3;mHdt+fs5iKTO~_$2X!c-60yV}Xkz zkQ5S9HBt5h9Z1FB=M(;+`~cB0Gt&ww4|I{>8AsEJlXX&~HDD1Zy;OA{a^)bwiwoN; zRWpr~B2`nyt#_)XoDFpFxpT+!d7*abvy8F4Q>wMnITlVowB*Y~y)&9II0?%cLBza% zVcy00p^i0Oc_FQO-^S2oc)9dNzU=H=GaE0v~gQvAw9s3C*xR_Fs6eschDLpPS>tr4?k91=rz@lHD=yHx1pVnK0^%E zqZ~RA+hFfQeRI}i79#e^n+bRnuNjrt*JIIPsB{e~MYHH3CAB~Ve?t5-3{~QSRzg{M z{F607Qh?AvLwcNS{*YNX7uG0Y=&$gMI@#d)f^6{A*<6ni+#xawgv2jr^GkJ@EM7x8 z?n_C5`-o5|jj{zsO9A66;{!xhl?Zw4MRVY;y#M`w zkoW7z38D(J0i2`@^_&X?Vs4uqG<9}b4&dB+<AVq( z1Mn%h>}D>VQr`{?bLEHH%5C^Xmi)y5W9d8~i5SGuBw0cZE(S_p8m-gYU216^iJS`Q z>@Alv;INImKy$`CO!HC7EYJtPwguyHTU2xVy)`pQ8E2$BD**ZRCn)@aC0KB2+Zj~a8p)($nvyVUtod#6tiPmD%PYLog9;R2}sL8qj z2@ZB1KqbaCbM2Wt(9@ZJfWC@9L7ko#AgV9HkG>PbjgzLIkk7GMZw9R#PAtJaJ#3CE<;InTe0aAE$z!F2;d%bRxhe)^WBU$cX zD9{V~F#eVau_y&GHP=#mLMIpl~zu&+cVP1b0& z>KxKQ4I7y5;#zgjLH9q6tSIhavlzL5+(kIyLb~ealjEeD_P=4M@Z+3-Mr(Z&pK`rX zfqzpT#pM!Ue*XVp8m;2BrfS4H7S(sneKHG!*4z~Y2s)Rgn0n;v>h$_z>}U@5U?U7G zu^6({NO*lqbbgPl^ct%Ct3(G=BFA!zK$fbu`00zj(|_nR=$tdO!&^5M?>(!V)$3QLdqV_oPT0rWnBoHA@3e7gmN$@NYF0|w}l??5_&(@`eTJ#>#b`tvr#;{$h;+s7KU(CiO=4~{~ zGG~Uq+42w?h+Yf?N9Wjd2b|bmGjNGRQ?InL%+BK;L~f?PtE(vW=|(l%RkD(adM_G)Nk|Q6BoD3wXeK+H#g3CAIsz zlxD=NDl)btJ`Qw!p4a-imfXeMyCU#GfCn_f?U}s@&z;BPDX|Yw&B2?^aqm1qk~GMx zOnQ(>T)7ha`ru9ilc<92B%HEXp2Q@oU|rLM;hpR>>9MsRzg>nu=y>!bbUHQ+t)s`V zTa`Q*c1s@mXvs0iCoS23N0K?Pd%I_8t#`AsWub3U95gLC8SL?!l%TedGo+Q*9e~m(c5r=TH>pOo`!^f! zCO!&u*?FzowB&CI;wKSx<+V$;`v(I2}(`4A_*8m;HBJYo6l zB(@<`_DWwUkH(BDnO{`F0I9J;R3@TIG*F9JCCfz& z;12H3>M?z^j&;SSN6vz40y<_8Cm_we8?DB#&_7rAbC7&Ua~VXA<{7awbH}?!O{3LO zQw2r$%|OpcZRJi>5Am_O67zP`ZuAzLk4YFxKtBTQsV;SMwtjo^q9G#JV6FzvWOj<} zz&)>^*oZCfQ<207D@2nfB-sDJC)pPk3|^O8@?l((FuE?;+!OwGA7Ges2fn8oQ2Zm6v>5z=vw?y0p3EwLhzGS%!1W!NooJYcCF~azdgzyt z*xWbUFVEjkBeyK(ctx=%FRJ4mDQl4F3bqchN6-p<-s8HFpWeEkp%goY`UTL7i%9 zveKMP24G(&_Jv{Fik<_oC1Wr*mXSiwM}iZDUTdWuWbaD4jSXqZ2ws|JHd(vG6(@-# zISxs7A^tR3FXJybjF#bcB8 zjnW0F11S;qULflXM3=FSs@ZyffYOwSa5s-JxiUSs$$Dz9YErE^{@D36GCOdA@Id65 zRIxW*liBbEK3hd`rUp_g`Nn_g6JT$l%5y@kK$2=m#vixG-95P+BB*fp^iKPvtRX7; z?-QJ0=51WKD)w$O2_th_aqELEH>h2G#_ih5XOpnP$6DsRVM z*&G)!AMaBluAFr?JeZ==1gT%Hqzy(No=>c8{xf2L|h$C zQlO^emib86m!Y`*B(M=54R&z}lH#3zW;eCuOnG@sy-bpq$JNVdd0D4kM#u{fKT&3g zygaF1C=SLu$sh2Am$BlVPpg-2@DuOkjZ1v_TwWMs052cN3#}~hvO``v)JwO#bgCET zj(74RA+kLzFEUY;^No1tbLz`2^5uE;vRqy^@g;VByp#4FzSz8Y=Vp1hBHr004;RNf zx5z_7ypwJEV$Iv})dCTqhDsOMS5d zCtTPpM5{k5fT4?B>n@~oU?_zFEk#Z3o7(WSk&iCv)Havme%w-rk1ng!H*oNuLB0AP z`Sb{$%)4sw*Qs}q@oQGszJgWNBS7DEQ1Ad;7_L~WMH40@$g>Ej_6F29HCU;|4&d+u zhU5lop;8KyRBKqj=zG;-Y_5m{InK)rq@UAi>yf@M z%krK3Z#dLbzLfhqXL-W)y7fYEYE{_;oswH~Bx1etu>y!1iE1Su@jM+e5?4vbQuSPS z4^ks?L-cHO<@W##=r0BGHu!o%4_a@P$~*xv#E#bK$Mjm zZ`E2WKyl{E&FBLOncPewfvOmvjP)63((q~q0ChrvM))M*LCg76>P7-pAs^bGR`Eb_ zeMgjMjY4NLGf&VeM(lA_Oi*q48q};`hPB!ylwYxj!w^q-mvlxIxAtEzOhs=&c4$Py z5$iK2g?6k`R&v^~F8Aq8UfM2JFI56R_o*t|TLm~?%=?|HggREKI%2=Z24Lz#L>PEB zs>211)-Y!(R)>S*2!ghJ7yjz=+;*@fQH>xbr14*dgeX^Sfffsz&>)wxh;?dCFY2x1 z4(&mc@eS_6of#EDNnhhuj$@Ic^lbe~_g(*xZ7V!sK%1-=KNM6o`@Du;UYtc2^ajqG zhbqo|>x~76v?Hm{sZ{%Zs3Y{K+ay2;p>mRY#ClC-fd|l-`@PZnha?6Kn3B`Q(Z+PFd4v+zCmS=dpmpv7&RXH_F93+_AUw7x7dH<$Zys(CwAR`H$pvK(9s;EQ zMx}EW#e#dg$K%2W8cr#C0&Xygs8KTGu)~z8#FLqb^`s1Rz(_@`6L1itHdw90@J)Zl z?OSuXb-C0I&Y`uwif_178Y@_}x(9ew8-BT*x7GSdkGPuJd~(EUSD+*R>e-mUN@HjI zV+rm@ApY?c-YWD9a5&yOI9mv-z(}zL4JDea8zhPQz10WMBu~Ja%XthZp7qwNXYb0Nk~lEqXXuJ!}*p*?jB2 zqz(wPI03{Edi50aCT+{XSqCrx?q#gw_CakO%F&k1nea__9{wV7Boc4}TZ$j%HSanP z{lwnzJve7ahI*@bsIxoQT5E}9jLAv`8KHxH~>|li=`+_u3#;evIRE9 zJpEyh9;)@b0WkdM>}2}7Y`RVUytlg*-mZ|r_-`)xp~vgkW5(Kj3SYswO1=J;axSJI zqcha3b;~jQAe|eZ?Hst|Dj`FWU#`Xn26%irOtHG&`c6bGDYFot^oxV|L#>;W!&)VM z2{u_LNF@PTyKOEkdWYA8@lMZ#cNM%Ryvsfbc{=h@pZx>i*B9sH=J+;85MVV1PQ3H) zlK)`7`kstnLC)&1-ATz#YvUUt-FhFg23VcrtJO^lS6XE`m16kTvgvz6wL`m|0_nfeyi7~QfsL+6C@*J zjs$YlTYJ<5LW1xz@lg}B9`Q(V^$cXQ&POiAzOKe=qjkB=!a&5@JWu8ysCS2qFKb>s z1$ku8V@@x~AJ1(Mq7chx^4QfU^7G9Ynw-z;vY-3lGiGoJg@FjH=&#Fu+70wHS(};g zMG<@f6lueHtb;N_O!kbDu(e(C7NeCm27LxY3UPOU>OziWq&gVE{kc7oSD0)Fc_DI^ zlVLo7<4F-CwbnF814YNhQOEot&3+kNX1Xz(iN2JWNo zBF83Uk9&LI+cOh3eEl>CU52btWm*aC-+K$jxzK3jJ9HlrypEnN1tjcxT(PpUqhCE}mf%qB+ z3GWc*|8h9Ujk3NRP1`r%4`ibxzS~pO^AsF~+vC*p4<~VF zT;RB@#%Yp$m--OE*4{2w&pQX>If!REwAEU%@AB#8F2N|@ec<)5OjX&3AC2b^00G*4 z{z5#zuAYB;5uRTnWIZW-I46TM0U0E!zaiZv4~b)^Eq@0|Ii87A2P$9FmTy5Kev{M! z(nIms-o|LxArVX)VDMF-ZcI~8fQuz)3H}NnnlAGY%)j*k6y!Idqo8C!d}~B@#Q7<| z$MIcX=8_ZUOMz93b8|3Nu|iDWh+d^;5o<+qxGN~RhlOUkg%nD@12!1t>e<(&?sOHZ zKneTVpCRx3gY!P;IwI=w7>0gX&*EzHOM)s+>OB1_tI$JMr%;Lun?%EmNi;~ zWk@0Sx>w7#?_EJ}AXPEknRgGxViOy!TT=%z>G938c|Q5zU`n3B^l9xSXTr%ZLuVEv zc30EP%z7fkx>^YcN_l5=kgC%-n0|GuNU|~uW%BE1cys|KgWWj(*hhiGxc2_!2fP7N z9cI*q(e99w!Wrt12FmsuXptT%M~KhH_IfXrn4_WmMavJ=$Hjh@*k3yTXXZHiQ2VcT zZ7=+PE+6{O(V{!>J0XOJt~uI!Tjpr*>}vsULZJ#*MK1dibva$;%-0-4a1~#3@APcc zyr7p(HkFj$^wVvZ3#OKA0AB2$ z;SWLy7$M^|Ct&2I5TZiHJKFmG$X)>LrEvhP2VZ|cI7#i!Exl0*!pdaeJ!}W6HvXe+ zILq`EbpJ+MCk!2q8nsKN&wE9e9| zj8gcP3;1I2H_j_z&h!QuV0xzz^2V9I>rfQ8rl3BZc`YZYY~AlgBAg?c*Fe;oZPtnb z6Wqx-x8;Y8lVj66H}}R6@*FERG`&oJ$%9TK4PS(61psxtC>JoIMLLb{70Yd4F506R zuR)RvR<5QJ9T6f#jn11{VaOk-9hSOOL>B3vdPP4&FT_d_eTIq$RqU6hqDLEhtoOo7 zZSf9PW4il8(&*!n|3kdLz)|J7eb}51dB{2crI9+Uwed;0T9aJb^nE}J90D9UnYa?P zP%oz}YuKnV5|Nt+V_c=^DT12li1rl`kZ8nOeIplQQ4Yv-DR2o_=h=+?Jfu~}NadY0i>OpUpxiR>5ph;hJp78^^T8u|=x=BzIUA5?4G0fYGGV9l%)J&*H>f8v(Fo6eV z!8AlBKZ?(*sns!X%8!bmAwFFAISk3qnJb*k`QAd-WPF9;3i_h6&BsI)RE^_jyc ztu$+ns}Z7`=ViU z#V&xeJ5d$EBGzc#d?JTac5Tlfo72Od#-!ZwJoLuNaX?xS&aqJ=24_&qOGH8hZl_kr zd2-OLWy~ZTwB3Pb!2*qzwIuEqo`x8EI8CgoV-#tQC47$8zky0Y$j!`{wx?08mRx}f z)P*I9CRE5s4ty*ui=@`Z}cY;&QMkLZ3(F2tD&Cv3hDMmn`>}}_iXTQ7Ve1?HjC1_5wthxl;p>U5`9{o# zU<+uJE@jyimc9c2t4Ky#9W(^EyXUixneA`~t@T~zNmU}3mbCGV5gCS{4xV*PH>Zqi z9YfBjR+!dD@Ce2SGROBxFv7y(`5MbN!1JLKfCCO00YxWL5q%@E6;aId6d+vsA>M`{ z*1d-v1wazW*-elI0@kIMvfsjCDByD)m4QprsL~u2Zp7H*`hNb2GFy#QV&kLipw?P~+&Fi* zr3k;7r*L7v zTdbu?ANp*siSbu&=`eC1j%BbzgGOM9K5U+v%DI!cNnUKO}=Ztb$!UZ2+Sn_ofQDEw)_n0 z(EY$Mb0b$O&Sd^m2FYM8VXgH@c2^j{{KJjU5sgyYaFb6-&zS%F7M!8K;Xy3(;6W5< zJ_UfDXEk>#!r0qry)Hz+`_M0z3r%zT+a83|LFJ#dCDVe23Ca8;^bfrnZ$qLkH4clU zABPLbbs`q6Sc67jlQavS43#I)D2@>#))cHlAT{L(lu5AoFeEKxs4|-cJ!m^NNw?i* zu=GkB5qlD6&ZlmA1Xp$U;(ivYRI)-U&W8EVt!8gmt?_wua?3~C@BwVCnun3HfQrnX_E6M5&raBKeg*mDGMrV;ReMZb=43411DbAV^hKbx0BHk_RuulXnOj1{S1 zg+=}kncdAh!1H#Gf!(PkMqw$^Pvb$ZhyU`QG(wW7sNbjXPH~EIYivrPcDpuI=cjupq>$5>*3No4x{mzDri`+T~AsvB? zj&$Ap4}Vun9LvJZr}o24?rmh!6q1p zE-<^xfsIWvgEJglc(@V8DT?99jgSN|?1?})593k_4J#~=;LB{L z%t7NN+0QVDMS*pLlU7ZKBuFW(x2|xK5Lf0)<0YKtqDDyboOl$2=%ML#{K9%oGNQv; zD+8G5b#7mp=SWymbYvqk>W{nW`k8!X=b`_rV;|YSQDGdVBbLpQa5ei%N@|auDl*Uk zP#}!3Bi5UB3iOqwkd)cr8K?woF2GZG!d)D(9(VGr2s?QOs63@m#7Z7;Hq*^B%*n%* z5cP!IdP*bK6>gp~C(kR$(`fzSEP^1tolj|hvgeJmC_jC*ewN$G=JBfYJfT0&dhB_{ zyEijtw*3NXY9G}Px*bGmH_jj#F)(Y*l9_eRYO)K%Dg>vsve{fVxE8V}_dRR-t+t6=L*OmhE zro*U3T#9vNO9N!JML5t0UbTjX3qq42es-}tqrEN)gH=mry}cQC z1oSfZn}Zqb9PB^x!)&i_SseV(=}lO>h#dMVFH=tsQ9D(p^a=U`_p98}Rv8fZb%V+P za>cC_h?gRJ|u)<8gwQMw&Q z7dOLtltRQ)$L4{s^{P;#l>IHsdb!GTbFFoAEv1vPGEg`DR?(x`_m^^TWy(zZABG;| zh7seeDaZdIC~x1MA<)5et=a7%zKpWofKrM?lUZ8bXniJ`0!mIe3>E3;x|y5D+oMRD z4M>22>qTCAPbDg0cz1Akul7FNs6L#U{-^7&E(j7LKP$!DlDNt7n}Hv#UwjFEQt|un zm;bUVQZ327ytl{yHC~)O{_S{lPBlbb!kbcB@<}PZME{)&L}pzHDz&~mM>>gSQ*kEn zUn*YeJn0X5+1JxP*4m`9r&jPy@~)t*EdME4qn|la0--|KfUr3Pgrff$b)=6_pZn%~ zM%0H_-RhM%#uFQAhYB`0L=W_<0|>^9^h?Z0T)h-tt#c!g*&v-5=0LU5>%mI52e1%7 zA@P!5|1%+B5hxjtmFx(h%Iu)Q%Z%SJyHc3JNSyOI96KKRx8Gdga0acF&chS9x1hD| zLTB|1Ah*XO4gDgwINTg`um&Y@fZ0A|w!xe!Z@FE?te1X9Y`C?_NHk2Be!E^L@(FEZhCH$mJ{*gS4AzVli##uy(O6TLPLI*F~4qnZ*4 z(*Tuf^x~|lRrldzqc!ggp*wt=pl^2D0WT=9wn9}67~#Ln}6a+6rpGyQStwjexU>qjKZd-++8Bf2sSqXZTV;r0Qk}%dKTJ6@Gi!^G^bOgWd5ui zCU|fc)UV}RfgRVu1@^;|ds#d>u5$N+BhqJ7?&e!;BrPa)AcTc}?iFfs3Y`lwFIT!H zkou@}qkcRL9dfqW*PtjP#|?i{#!}zneg=UQS(nuaiBXqQB1|t^U7`cT19YI)=r3qY z_s2rkAmSe83*<~Q!9$t7RbfB82mk-6%e2f>l*=PlQL$8^Uag)%z6Fd&_z}C4!(W6C zGbETM6O5L1XkWk3gZGIYc(o?--wA?XQiQGa}Z+=>nDijNyv{ z=IsLhpLU`(Y#5B?@8iLElJI4feQ?|WsJ*51PP{lv=_;l-F~Enmyq#qO13yXCV-kgKn*6Z*L|Bok&mVx@)ebNZobK4431wk)yGpbb$ z;RqFq3i?V7;s4_1-ujhTa3i?qIS30&;>BUyW%OiYN?$xLpl@`?Q>MVB6J_Y=q4mLM zMFreJnC;IYsOopSS(|&>K9a;DB-mR~o&G29Q?>n1B;@i};DNq{RQ#)Be%eMRV*TQD z{|T`kb{RUPqP>XHzFM!#!;Hhdr2!rY*}{&$QaVVKc{si+Q9QDP)p+W3Q$+>My%(cn~m~y^uSx-S{TvRPOyy<5lsjaa%3tIhE_f za3jXA=PNpS538xrN%VBR3iPZ5x*q5j&h^gl685n#+)y?n^6_K`9C3x*Xj#7(7Kp3N z7Yl>H%v-#e+fC0W&ImK)h@e9qY4Qlq85G<=1kIVjF-<`&`4~s!mlSHud$<;1A6RH! z5H#+24lk|=Ods<$zM?=3ZeO9R3jr)yxq!xQeF|WqpafN z1zy~)QP=6>EX)9cnd9U`Wq0(C`W&z8e+N)D{S)ZddTB2)O(eHEHU~>jnvhguEozLA zH#qY&^TZcmE>`zgne?d@eB(bFUW>ehnT@65ieqGW$w8>d@Z=?!&msf#Tf@EYa<=#t z_PjDq81(|Ha13h?I!z`v@y?hJA?l%QYTB$6O<>X8Q#sC1G(~69Rpg9lqAO5`=p>Dn z-7W0YGwzR8fSYmYp`YC%GS%o)Iz99%(x8e<|Aj*d;~o;o^kVnmNg!H;lLtUVS)UbU zXS^H#!ijyMjvUV`lC@`V_ao7HrXEsPZ5;LVRYFh!grJOA6*#REwjQN1NOEU%=-Pr< ztzoSlADt_!+#G$FJ1=zdJP`08FX01%y&Qjd(RRgyYCcKu8fCn$n&nM%5Q7!N##`Eo zeV~_mb(G^%`q{O4(QUGLYwPP^IRgV4MpG{+d`nw@etuyZ<78-w&EG?}P`NW!rN8G& zgZ0)4m4atu#ViatMs|wv>+|qbc}ZZwMfyLH58R7kW7NP+A@rKQ(@XdbQSud1xdUJD z2Za*O>5CAWi52mm{-K*6dlJbUNxxptok(YuwC+E8_$BJnTlz(bw+36lCJRy#5E$Sw zYxLa23u94RCVGq;v?zi`@u7d_iCK7Z<+tdF#pB_bj15NzHd%GsWi~=4Dcrk~HZT5I z51|w~nCaGw`nVmV{I5UDeq4tR5BAcJ_tLRM-u`>(pOnoKB;x1byxd(?TgpM@oP}!u zg7HqoD#pPVdU5a_M@(MaaBQ-MmT}(jR>f?{K$-O{Z2kIlmMBo1MNhjIIS>aAz*rYc zeL?*TFMWLpOWmQ;VJaXT$!KG4VQCQi5YUseNdK2xsJR-8&{y8uc%7#fT!bF~oim22 zgnK_kXiqug?GV8=6FnKb?-K4R;ZLei(5yt)`Uc+ndP%@3rP-(By`gF`y4jPYk=Z3y zZ5KIC48{K$Q@)mhIsLYI)p-u>3*~&;iLKb~_@owKK9Ltb@ zpV=@k`By z#aJ4QAB+#R^>>#dt*r#?^lmbOwhKcrL%91m^_Yi8k^)lm@i<&P2JkpcJ@&xk$?CBu z9#2w_z3|8eQ4Dds??w;#Scu08_1N3^&iIPNs;xH&Q`@vqAHr1?$e*+r0(hXVk#@lA zCzDp?)aPDwZ46{r$AK9JZJO#`qH_%@@WsY?{+aS{jD-a7@}Kch$0xFTV;eI7@%8afFc;5TV;GA7@k{Ycp^RKq^iI-x59xW(o|WD zf>Ra-x`vdk?L#!!A7Cxo1o2<(Qj=zz4L_2&wtd8Sjd&@Mu0@Gz8gth2+ z)B3es$V6PPz$3payMN>wo$jmTN5^HQvI@?u<4{_)qZ|}!t$#(;MtAyBWM&7z_8r!` zsLb+%20;NXYh6@seI)}FY*wrl@#)liy|wiesqvszK0Z~_5Z!un^h)zaSmvCIWh{<1 zv<+)WKXWQyUr^i;AuH1%NQT-z<3c4fcw&59ry`{4g7ZGCmPAJv)br-l1>eN<4`#gqYs+erWTznZTDoeYDV z4A@2$zRC|rI3ET(AC`oVEPPE{534O0J&fx51oOW-d^oBpFYKO!q*`p_r$KwqqgUA9 zi$f%F+&&*L^9FL9sGKwAE}~LPM)4Q6fW61iI&8VYJkz1XEAhpyL`W;V`eK)&6rzOq zqfNN267t0&`00nDOYs$t{qeX!Jr2Ml35?XYLJ>B05}09`^(5;?2er)uGp9rOy#si) z@4#1Fp*7xxMybmBWq(cvt@SokLRThdv$BQ)Dg&m@g=vR>4;PEKkvAy!Mlf305n5UV z?NYFEpO!od#f+s<`xA_f<8*bMzhb+2Q?PZjmi!2*Hp51bn7>d4k7}D1J`um=_#FY%hG7XJjO1v<7pHLQGAV6? zp(ge#3(JKN@7SVk_-}G^`}w`$rn-{OSmqBZ-4PoAnId^FTExipfnVk|cm(mD3I2!q z+mi9&y_0{m39kWhrJxbc>c=Mo*M#pgsrcD zd+A8Uk@gthT3_Sbj}-c6c5yO=?je{k<`hz=*%YLmN-&aHR90slGfLPXSrg<@u%$^@ zydgD`E%~sd<1vS6{$<3WO!HYM#bug*Qt$QFttTm_3G9)9)I=+`V{m0SS{Wot+=((=j8TA3es`_%9bVA!BQ@-xBlXO z)mk~Q#^kcp(@)`cP@g9k@@zUj0@HQXYlKBd4dC9r&##Xn<`-! z8J(PtHJ`0o$DINo437Lw=~R*ZB5F=eE@K1#&vu$3MCn`P|d3x|bIv+s>oG9$se2OOCkI7Ab7g zd$-m0X*o;A^}p@&g4(3r#=iFJgIe|e#OR_}U&Kcn0>b4+D|%@Y{B@+BAgZZ4tTPh? z7*9o+r?|G@z7&>~Q=Mf63o_6GYoN!Yij$CsRaWWdeIgz3;H!>6FNvG3! z)PS~M{^*_qQ81*Y;-lD2$>CI}uw+isvoCmGYRj_YXu=P-SfnT~T z7PQRuk%ub3yj^XK#Y@~l`Y2rY!g(IsOzvHJtp1mr!u3w!^A9TAWDPGAJ^&p28~)Yg zBQO>FsL8tJHa0`F^}6^H+mExrCaVwpQB?`~2JjO9<`LM^VZ&SH z>~{+QP>H#ceKzAofWy&HM65?ol*TE-v}4ZJTaTy&5l+!?mGRGmp z$XmS>yinC;))8du37FfVyX4xW$y87L@tN}w2MEq}xHi&U83zbE&B@S52K?{VK|w$v z;8NkzK`br)ZsU^ZDi}UC7MK@@%*W#>(AHjxaz>I8{v6{@ZU|CIuvYnJ++U6-bLFQP zN8qT~6d%TTf?AOqeLMw~rVmd=?Z4r*TXW@TEH2uHsyw6>q-1qtb!JVmA;ry_5<^Ox zHKm4BZPtVhaeJn1s2K(;yuFI$K;enLIqoQmfa|lwZ+wBVl{D;B1_+$m0H0GGU{Uo^ zeOhn*QB|i9n!UaOrpoviixB_fSW;35_oFUArxa_d)>i;(Qv2F9LhUK^4f2QRIF-o- z_bcKbpn%+=B9pjrF~Xx5`!GssS9Dc0yFR=O1gnWvi8IVEqtl(Wp~2$mr+kTx`4L}y z7TY)MY@2Ir+@10Lh~M9o}QUudHXKrRe6x%OYJIgv5G;fbHeL2S& z%@3*A-ZF*^L4)`5U@gSKip-dEpv4&nNg{n%du`BpKMC(J-qAL!B5BMqW)!TtjTF;1 zFjXTGnNbrmt|>ATRJs^7#b!bXqo%}62-Vb-I_LK_VKd=U#vG$&*db)^-#*-Kn+wvP z7Vc&2YK&Mzg%g3^qeq)2VaI|b6Je+NAPmo54KXmQD|=W_8KACgwxGt7O`t0)mr?dM zbPLO^Ax?^`D?3cRS7hunP_4^9cmnZCb|C#K6X1#<^zztn#g{zC;@QeTZ@K^A7#UJJ znu=B%OUp!IRFdfK)s@a~jtGI(Ti-gFUP7iZ#x>>Xc|RK8jnY<8de)B!X8Ua%0O%zP zwGGd5tw@*Pfs4l+L*9)8xE3(Sc#=sKd)w|2p0bLxh72Se<4N)qV>$T=CI`47Yec+C z7+YXA2W4CDEpw~-wPBy>sPC`K>-twg;oEr6FZ>T&RcIUP0yNy7V??lPtm`Q{{_A?V znF^RGh!2J8LvQE9ls<)fj9R$D&oXrC*CS|MtR(!5jQ_rV&RbZNsgq(py=n@wTAt2`06* zuz^$yk;Z>>4AIV{T3lwF615yZAp~$U4h3EqAPvZ&K>sGI%2N%wdVMUEhnyE-d?T_L zVq@Ntq0mH!EDHz9DhN8PkXYiUi(e}Q5#KFi7qES3|*Vh zUiYIm+2giA;X<2=E(e5BvsV2Cr<$Vir9J*4(Swp1!)}i(*#ys(C}m zoEr4+$2PjMYtdj_8e2`dyk$QH^JhgcpZI#^j)nbk5db`EXUmH$C!BaA_ea=beGaBm zL=55=N;MA0q=GqJn?Xy^T`2Voc3L>sS6ilWq67yIqEP`CJM8IE3ac(w(=n3*u{#n= z%Y9I!FcI z!QCh#>;nTcwrU}`L+~aQ#jz$c8L#%!O;YFCvMBtGtS<~__IWB}dmm{m{7 zME_$akp#t95ZWIG45K*&l|I?k<(whp>ax1@JX#*z{SH=_H=v2fD(7!#h|;|2cLs!j2=>T`Ju~H0df?yd5CUB++6>K(es+5@y2H@F=Abb+>0PyC1Y9 z1Zg53fG6QKC1Zb$eQYi|t7U(IiS#qrrG)Y)1S@wg8uX*h?Zj=BuPi)H!VL(3Dxw{E z6KxglT`9tla>bw^Npy;WEn3t;IvsO2cT~|`5|1tYyzx%^L}(Hg&b2C!WcS&F(KIuV zV2i2(LyEv#g0Y61yS7`Wp$2WkWX#GI?zp60E*g3#-UO)TUb;XOv9Cl=vjM<_zg_5< zzbUgfio;cb{K<)j+9|#Ax>qEb4?ve#)0ko zqKBIdmhxd@U++b|JN=LawcmHmAM90*fr6;`g1Bewvdf=(w ziX!|l25Gda(K;?JyD}r?n9#$>w9(pu5|FAf;8U8f(bt?Uk(ItjBF|RqlR`)K&3G5f zh&Ud=Nx$JxbOb;Kc=;TEO>rQT*gV$$C*MYeVK9!YVl8F-51~$*tP9k<#7M3tFRXYE z(ut$b2cvAV#;EU=-C8?q1Oe1b3L{sSP~kO24SD}D^GcWebiod0bd)%Im-kreK-o4rL9P;31&!hOsb$)~zTq`~-MX)iGdL(AS*i_AhL}vO_J&qs2 zyfU5=g0@mVt|&XPL{t2Ck9u(#llyLfkZW zNBCrfe!Y1u+Dz9t=R=A|*mod}b!5xNUQ8dOmOW$tMm5l{IL3J0m0io`sPeFn#3EQY z(|FT*;%m+pS_DlsVQMSwm!thM6BhOkh4rjV-Bgwy>@KIU@`IAdskN&zwG^>!3X+L0 zP&j&o%y&UW;-;Xl{c0T29Kgz&K6h_TAP+WP3EJ-Nt?Hj2`@5VfVw(hA5$@+fLmllS zJB}VWmNY_UPe?9-bWdE$z$XJ6J+Hz)bE$^<4<7;s0xM#aj!pA+N2%#E@{FFz?H$#? z47@|8`>4n=9o+0-6%(;a*&nrh!LxVszVKi0gJBb?!W};R79iOjT3+T`ON(J%#J&qd zZpLTx4HC;LzAX;$yo5V%TEgQT)`UwqSv9oQc}TVH9;7Y~K8hE)ILI@X3vuasR(K#Z z2hX80WLGTf64t1|qF^R=n0e75kof{IIe~A}odC?bzCXuJPI^rgKs2dh&V>LdN%;#U z=ZaXp50}-OkeA2=s%ajbTx8gmW z>$7~Xw{{E=48a0UDuuaf%ZsE8Ar(E(&DcCX{fv$rPPOB8RV{{N7c#>+>XG;+9?JE@ zyj;~zu6k>*YCN4VKCX+*L>Eqy)&%njRA5dDwYQxF$%oz|dW{dY`4Tlx!x z;^rUA?$hD-QNYq=8%3mCjp2Mcyn~5P-6zW^hZ|R4GJ3=XrQWhsEx2*4`YEfa9bzu- zet@*o+|12A5AL0H;Zn8i$>p>fFI#o`9mP+${=$Na`XrhYG4h)uk4$ytk?~3%ITOwf zhxG^vxlAb6`b{Xs{~(<_am@N|`-Cd`Rh+4XdOQc7E9&D=k4N#Cj$mzp_}-kKS@$<~ z^_mc|g8pl_(8fUjfPb7JpN9Fw<@ygdsUhE-o`)L$k*)DndGx`6p!9ky*)rkWve*DiCC}8QWH!UBLhS-c*kk9Ub>I+L&*3S2H{@tE4a$q z{0k%BlT!}TpSFC#HPKW91^yx%IhXHPi$R4(%4I*O?;>Rc=2#+LsU|nl>uKH{u}<9W z4fKPo_R%nrqSjR2?$nYG;T?2Vhb@ERL`jm3-p;WeAa`>Ww#LJZES4Qo{YE?!clr{A zyD#Aks%D9U^nN(71d~AmED|a?C^SPiSy-e zoR&Szs{`pVQcd21Bh`+BbSKxk(r4+nqZjsLT%xA?jL)?V!0QuZJq;Eoh>sp;bkp@h5Rp_>n(+YwsJ`rG$2F!$u)WjYLV|rWH+m?K zaq_OlH@H{hbC#Ua+{NT6Vb8)R>GZ+$7N+vtT7? zE5t&6p{AF&$iUaSd>4KSz6;ka54#1H9jX6^IA2&tvyK9MYLidI+eO?<#1P%p<9I*b zfz>Q|9`p#gnxZd)MgAE>@;u=4*}un={w3?~p>wCAW@Jxi4q}?__Y!YZiKjMNufftL zfiSdR+OttyoL4J}0OEf`+<_|h@OSGAFIm^VMzB7+j+IOt~iOsbU{R50O=I2AgZoveX zBr@X{R3vUh*zSo-qBZSpUjwt^jI}9JXB}T8)QL}q1n5pz>u2LTa9occh2v`d3IIg0 zAihY@nI6{Owl24pT|!bpsbx1lY(jn?PAZ)kQ@H{@^ueGD?1tA%G+$nH{dsB zk_rYT3j^*dUy%bw4?L6I?#Hzajw%ADiv2Y0VH|(3OXcK%JBVWadbgeW4#ri=p{~= zaG&EdVV~JM)-XOc53Olr`f2LBr2jnkD&e`8itY9+xp{sgX`~A@(p3yg0Mdv!0p(8F zp(tb9#oZuZXs|#rA#TYKcGcN<^g*8|>3>7!bg8MS8$>az(|Iw5VMYB>kZ<%@o$<@n zxL%=O#c@3a=U*{}P<7fXruw`h;)~8m#ku@&IGe2bn>bFy?M!M>s%A?tQQ454R{QKf3Xw|yf8E1E#L^d@jc?8}fY`gSe1ThQm1Q#bp3MaBp3P`yl9#)rbn3BgcZ>AH z!GZ)hoOT5hYc$r}i^~M5cnxOMI zBp@F+o@fME(NmlmtQxPghA0`NgR?hXuAk=Ci1RLK8*cd=&f%8$La}_|8i*HZz+qMq+AQNY$Q`%~^r7gH;u$%5ss92f$pJwQDyf)l6`y)$Cw(+ zMb=Qr6vj&C!0R;g+$EVOxO@|bb87G1g0h0vT=rh&YhMayL61O7harJ3rag>o@Xy#SDb&Xmvo@Um zE>M->cnp}`Zl8jD`hU?s3GASM;Py14kHr_@*`_&!bGvsfBz1(V<~31lkEdYNp>0Tt z`xSNJ`3VadaQCl|IWI&tKcTR0!TQYpRQ z=ym0PWA8wEvffg-!hn@nuYJn_3s7tYq_Ls;_bwVR5pPGL40xIK4ZP2A1+{hu*I+x#vxmFfvs7`AX`xafguc+c@r zDXI_S;Z@y0NMRD}C~~LyQ#HlAp38&M&QUHE;7ZntIGUQ15(6y&5a%&3|G{6(dop~G zFH6nGo(6Hk45Kdvgbmklyb97sI=6$?K7joE@N4w}`OZ#e{-3h(kK%y#2Dd0}%)EtV zL)ac7b(h2Cf;CxH+W`(meao=`#a&w)gljcgPhaiu4B2lIB`3PWFjNi0U{e(H;zZ<# z%z9ojjaXm)f0TU-d=%C7|8BBCfXFNmC2G*9s|H0$6qU%sAmO2+EW{*K(PB&E7^z~| z6;yO!_LIA7s@PXn3wbdCHe4vd4g#CZN=g#Z~s=v?w zmk-R&+~>LHo_p@O=bn4+cHGec`K`k4f14mHeaO`F13!&e3qJ>}c_AfGc6$iaVlRQt zoE>7lEJbIb&!q3nR &=N(SQzMSZ6V}1m=Uqx={XJNBV)9Tub@WLGeKtRv+ zQ5^K_80`n=qWL1ZvbsFHz0R}M_G$(~xRE=ny^glqq%&s~9d$!HD^gXW zLTl^+KAUgia7YgkAz5tvVVZ8i|Jg`Sthu<%)<&r@(!!g&O{s*PP!d>0d?zl|AM}dG zKB$5Et07n1expk{iSy|ET+IF_Ww=)V<1>41JfbY4B>+3@akI=TBJSL*wja9a!#E{y z3c{>gx5`68^eAhR%HceLsZVL;{}#v`_+vOi&qLL=@s2=Lipl zm!m}NIAZNpX>VV|P%N5pR#5f>$?$d&h)FZuy+9_tg+4DboEAjDodUQognM)(mF`{k zCQtFk;&Ey$_J>fe3}Zppkr~FmT-*x{giM-e2);6+=NbD>t0_cX*zUs3Fr&NUamg{b zZ|0~HtO)VjEiAt~asSM_8|ylG_e|t?q(}FJ0ac~l&uf5I&n;K45!iJ=p_LJ1UBGR| z6gJ`*>}jf_5neB`6QQ@Euz59&A?wj3Y~$@lwID|vuBzp?6*OA1u=olTZ;pOvmHgO6 z^pXCADjg#tx1;tekX}YK7b?){C?TaWAH0)j&XIl198ca6`a!NPyHx!~s$Hs$=)9M> zOO@#M68EMc=7X5j=HfeA={HuUEUxN#0iMwoz;uqC!LvQ+tCkuyrrh)tsFMf6E;MdlZ`&udOhUVcRI^5QKE z9+SIQysfDUh;>KKcCE9pL~*4w+%VsA1r zsx{_fz|~{J!>3#uXfbO46+oPDiB331pi9PF%jDK1ExhkWh|ye#l&IuGJdIWE#}-l( z%WZxYxe+U4NCGyhfM?tk3L2w%7rv1W%1+!IhSLtcjJb4+x=6kYe39y39T!}6n7PfzP5cOc^5R{F8)8TCkTPFAj+YRoE$ZnZ2NfwgzMD%>sE@HuGeiRk> zBDlT#alS;4Gn!xEi&p;vWG$naa}7S8#0SkEWJW+udFF;>e+e+VC$yqXiQYIFgyt0o zVPR#$C5swpNA$nQXRsb{C1sygC`A-sfE&C~xV;2cp*-NC}%lHWdAGiBOJfT ze(vx>Ee7cqj7e?WVhQIn)@LV9QuaDou|?A5^=!>@CgIklNY&QZ9|8DoZr)ljC3eYw z1pGq`>!PaY4x^@xiPP#1a3q@Vc^mI8ZNm}Df~V4r0%zy`Yo&cIE*ugtA0*(oQQwPDR*~DF}0}!9%uFM=57I+)h=-Gl{_p0C$i7J-7N+WL-9ZS>a;> z7=g}(?9A$cV^Cwi2j&xd(!fE!pnYRD6wW2_yM64<{oQJgj@M=S@d^o~mt2B`W=2n- z-b>~`oC!^0N!(xg#eF7_}!9mf1oDI)!=-A9uJx-BTsm{_Q-T}UVx|& zX3c!KB(u(edn$8T0E0$4*Y&yASJkD7b5QA9Yo$&`x8_m61e)7Sa=TdE*Jv?XsCnBe z?G2A31ru5KKZKv=NAMckrqy4FDa(51K?I3k&vnV-_qByQJBHubK>Wf5O+0X>*}x?2 z4b00wIY(dD$xEHJB^>~v_CSVa{0A?wovXNWC>3BE+IbIQ*6lMo#uq|Bx(XkzAHi(Z zCM{Nse!-Q7NQFT;yq6Z|^)Akz@Q_Opf#-bhO10P$gucYP+0@Nb(f%+%;3w<|u)ZpE zs9sF9|0I04@pYX{r7e+Lo|smvAAwl((LnRSVf_!QHH;16T?DC|b6cXgEqXz68x*^R z=%f79JTSX>L*!=AOMVxVlwvhJH_U5HTq)xV;9Iu_tXpSvjDt@hj+KWJ&kJ$7Gr@-9 zKxo0@#3RZ~#@y=?@K%q2Re|fYW!C{w%V|MjevGvSM-ix|u*`P0%Se)R1ROUu!3CQd zQs(>S0nk)dqy(^zu%-m8DKq41$v(v!h;J?48>wM9AvQYh(A}FFx+=|5c+7$$)U4P- zH8)V$?-=jS4M0bFZdk*FQFO6%3d)ZTgh!?Ta6iR9c^~4g3=M`*<$@YLw~M!>Q|k_8 zAl(9HVD2gQw?CvaptIP+8NxCP%q$v?WSF;OH%f>EW)P9YZ>4jB#ako!YP5L{nv{&7 zm2MF-E8e02;#;S>&H6tg|j+Z?k zh~kK(siAy0Bk^XwVeS{{0!Lsu4Vt5XMl4d)vGL_l4~VZX?6K7CXTL;`b$b-|%`3pX z-W-x%6-H00OG_)4?j}z6q}dy|J5pX$>&GBQJ?)eRqa_8_D6@}fYjhtIa#=$p%e}kt6aqnR3uYHNk#aFEk(r<*#-q(q4y~5VQTqHISPzXA2~t_W z(f&6)c}j)-+WW*dH^a_Dx<`;smfB&b3^|427x&TXr>bHWd(k=>m_td%I!2+vDk;R~ zWHwy%p z;s|R;5sE6cu}-ml=L?8@nvrrUG&|(>&^d}b&O3wKjYoYCDcKry?g~!tU{vQWra4tl zCpr?DUuNb%;JX8$LS<05UwZB2;;r*fkj&rwbY^%`?~O_F97xTHV-Dw^y(vj=iVU#E z>;n$J!Loqz!#LMN&MByLM+#|TVnTLbJ+8vuJB^5!>vWZm0wmp(N-F#Gl5|L7d%DKu zxa^Z2XSugxtf~e6eG%MXWvt>N52|5EZ`ZbUwQ=0N!|mSazbuUC?rO(oBnQZ95~?G=Oox(bws9vw}vp{rfN+v0D%GxQs;$5d$guD zu!}@5>MPd!i@%PXUsarUQ}jE%yDx(q&;k6G zw^U{Z?W4X|Y-$4_q*R{I3sPY@)Xyr=ny&GsuY{RhsehQ|j$Y+=miIc!4P5Vf;c)3B zfoSFIs}%Vq^_wo^eO_&_(gNI-_C8giA_U5g@tiYxX&Mey@W}8@;Or)j0C@JR2cVRy zMccvQeaba)+o3_<)y!hDnV~=hnxDn%-Yycyn$$1cWVZYNQ;aw*W*}oFs0&`nE>ZP! zLgxY}wiErG7kw0p0|79(GKALH163-7ni3#{W)vb7Yo@X zpQiRp9zruPX!6iux0cyEp{T*A2E$_=GiZvKTA2+>2Gp;(gHHtcRQ18dVYOjh{sNe0z;R1bN{OP8jgC9?|TR?K9-Nj)0oyrt%Jc1v{`fw&j0S(9S3rf`b2nQ_3Y#Q0 z33;$d(1LYO0~K1(e3?HyzTUTo3SXkai7A8^;zWBsE*fhsDTiIb8`4qSrp`5oK?8lM zR||TbGBvFU&T(N>Rsz?MWuiZ1f81)|?im0%5o{XgAh;1{>w9E?rEn4Hd2L(sd_hBV z3_oEH5A>5nJAthgE)u$)2orux2}LY>^6dRWBkZdhv(5Z>btaGe&iUBurb#r}$+O>5 zso+m;6lZJK6yr=!OLy`}5g(3cTK<Yoy9`o!-WkRcr)UCx&2XNKe){fT9Xh`3Ptojll zO>gJhpOB%tKs3x!08KVgL0*>%-mtO8frk8LNp(qPBhk z;}+oy_#1;RiH-uq>>d}=Kvdpg`_%I}G6LY2TG(FqZ-DS>Ry8hgFZ*0xY1^Y0qw%Vzz$M+D>J_&4 zW402x@7lK2gAtJ?8jn7+tUC7i3O}^2lLJ6Z9RhKI^)wUDCSlXr8Ek{H$6q`B*biPK6pl|~-2&jEr$r*@p=HT6`C^7bj z<_vNZ-xn-J;`ychH96Xkl>L#ieH?&5hH=QCpN(P#gV;WvhIeNgP>Q|22yShzMJk+M zK>+MFVgEZ@I%L(+`2MReAA$W=9m6DRWUCdn707R1QR3{uue<4|)wf9s*>uIuEMfq~ zNeFXzmcUpu0ciC_vJrSP1D``+%8jixCD^g9djvK;CAo~ePjYZl!H}xM2Lz}!s^oiH z{4GYyN#?i`=jN`dsJ(G2@aR}K!8L1GBO2GWs#%Yl+v`4~j1LJ5&&0hI_QB009?axg zjPno^N2==wyPZt+|(z{S)-VOA_Unk2Qaw9QQ};j!i5e@IcI9F`;_4gv+$}l;J|>-p(85d zTbKgu(&7Oi{8ScyNUB#w)Kg&(Ktn7WW0rVJorl^*{J7`3Vy#T^210&VC-{#Y11{0A zE+1?jFV_7Wo*nDpsf!!WIEo_csd)p`G#WIw7`r$urB#{HbBs0KutY=vm(Fze2FnMfa{5`Q~7lsUQXf5V3)Gs&2A|XQq(eh zsbJ#)TvgxA*yu;g6R<8TL3@?68FL>O8XiR7BI;Nc^qJM*a+-@){4~U^#wUdMil1jB z-M~X4&!9y1bmH!=(r+nHJlZ8qD;yNY%0c6A1I1(a&J=22rKmk&Zms)-*pBo{e5~*u zeYf??ZpNp6b4zMJj^-P1CuU75Swj-R$y}ooOlS)7VOGychT@Ndt+bCP0m_b~a&E5G zQ&)lWkE_MR!8sXUKamLLGDx)1O$4Foup%J9ArqpVK@ z**8RbqlEzS=j>nA@q8dy=0j^drhz@iz5&{zoqz%}z_hWr&(=PFsxTX|uoM=t4zci; zqr2-HE%r15oEIdt=aGrYN|hOAq;I8tRVq_`JtEo{!Ti@JeZZ}NG#a%SIhcz|ZOLW$ zQ0S~LVYqDi7;6=W5bt?^1uyeO`Z?5_s~ZEbwL(vimG-S7+Xqtc*B?ZM4j&M^kNyUi z$#kuE7s6BZZpVjP??$}B|Bfn)Xs9O_rIMgwDrc)KxBPCnvIP;zqj#ZTV_$wGIC9+S z7zaI#eKWDWhbZ@g2j^BPafe9QY3O1z5KLkm?e2t3;&+M|N8`&QMjrf$FPq5c1C#;H z&!JeKGPyEsu9%NdMGiU#31WhPl=BGp(Hx3)m3GCE5PV9yhDG8ZUji;waw_ngZFnd= zAEj^)`RiGPxg8NbzS8cc%3=*%_zO;)-{CFYqUbeVYvz@?s?N&*7^zoWKwR$v{3ql} z0UViZtQCnba*P}O*kRG~fu6P+Fk)fv#|bjYGwxDEY@Vm%5Ixy1J= z{~%CyS~VrchCRliD=02eKfqcn0(+Udo~j;->04!BBsp^pm-st?E2U-&l)074&{dl|Z>Q zBBVAGW?xFhi1iGk%~!}tsx$N?~!zR3l%BMO-koW{3VFAKb^~yl}3b z>wW3VQIKB8(jaUdgFOdVw|j*CA_Xq@xIt<^b1I^zH$ZweQ%n22KM}wd?oONvt*~#{ z;XygZOV#7Cc^AM$B&(T%PUiS|)%i$Q_r90zcr}?A%?|=Tcu8!poxm6T;RH_@x(A1A z73HkGV{`~2hp|>frpVj%J0tzAWh+1zMrZz<{_#bN@tQc(TFerR&Xa0-=}{K24~2Cj zU$H9ZS-&I4rICzv9F9@!toHNt=br=|YCr2`vP9!yo%HFH3b^q@^7O?WD^L{fOu~&i z@45}p>hDEZGbze#F^rUC@@;1S$p+uR6pQFDo7RYcPfOf5Er&&9KLwu7_lS>q+-QS7 zzRttmb;%|!LG3M%$Qq(uJbj@;%r$}qymh@?0k;HIIqct@#BhBP8t+ZS3BbaMI2RYR zv-ial7yG}>^JlM-`FH+GG{k`5W2HadktS*GKdJTCJga#Iv6zfpLS0uEwatH>5x@iw z;+^u2*WDLZ0(sAGBM{kL4t2mi#k&~t9<*Nyv=w%BsY|N_RR07i5+9@iO8GlBc8B5c z6q@eA#0-x~ubd9}?7zN`VZ`H%g$#$Ta6*{gz#}r0IB(R~Bb=<7{WpKhu2$-PN|#*Jxc*L8o`^7=??S&a=p%ZnuXjNKUdFbF+OBI7htd zL68HM{_VETro(-*B2PAv{ zPF!4R&wp2n(RZg>Tk5tp8O^e9!af8j)mh8fo?Zd!vR%PRL8X1EN&_McIS(LRM{B+o zqiCRCpUSWw0601#%j`cih>XXvT}SYU9^Q)@wlf7MT)Wn@DjZOU$t2WzA^XD}0wjnh zh+~~Oa3hPp*zyhogBUSo_8NJI$2X5OK#Fo`wE9q)-LrxTv#MC|9Mq&W?L!tr;K<^+ zG=W1|{l5bif+_~%cv^#0Dir!xraveHI zXc4{u3;p8e;BL`ej2L+COSPNY%fm)P{azdm{GpXYA#$;zRBI(yR8WIKFEZsrLG8#| z^w6z69I}+67EU7^q}tm*(p)VMXeN;35efMvXnv$9AAX_T4lKYlSDgV@P}ob@L^hMP z>V9+~GhNvOyqgC;KG-fb9e#I)>>c2Sz!%$7to#IID6=2m%m5*Vqf`mpB+Rj|kW#X+ zwTLU8&{(aW3skr6U#hxU?JX)(j{Teet=duPYM%tQ%j~n#)!vT)RLN>{?RO!lqE)Ci z*RA$ER0}J$UHK5)Me;DVz`-Ao_Wnje0D;)8iU``fBzwSYg9knBk{$G;cYtSDa_tRn zOsmm~n2mVC<dIhd)7UZ2-8>0GV;HkC8a_WykKW%m2)Q{azb z-Oe@;jlK}%;Y`A}u!{`RBM`O=QEp}TNY|w4C|gw)wC@!VkGO-yqod!ZD|-hWRAx^T zn5CiX5#Tm7$L^kLs7FU6eYfrbs%}CwNL8C-5B%S%?ZDmQA{c7*zm#hKEhR{`SEQ@W zwU=%2@axeL&-}t*`XI(1>-$JPrPJ<~PD^8;mntY||4s_|84TQ*2IVbu9pLx^|t7>!X|;{ZD#DJ;b^H2EuS%DwA6L2Z z?7{zAz1`CF-oy+TrhBEJz^dn5#&>nP`h5F=H>A}ZQkd^ecv6Sh0=X;`=ZF58!rX<( zLSe1Kej*)sssv)U?e26~UkO9w=nH9Rg~Q6y&ao;hqLl z1WXS~#6=DH;cKb()gWbsy~rI&@EnY(b_BgPv&4SVbJB((3WP%F9?*b^5Sfn_+Jj)D zE$zqZP(@dF0fov#P2spMmh|<)_$5m~WpPuLbWL?_Iu(bWa!8G<2PXiuVW>P1#_aUu zClrGOG=B#?C%~mXu``0VCr-ebIiZvsvt93vwYG=%61(Q{Re>Q%s9;w~9N&aaSIKiZ3`F0J-C%K^21ffu9?Cygrk(RmVO>lvx2zYz(lNsy(S z5iDz<7n^DqqYRe$DWaSSEaC^gjpEz5RPvxx$V3jKPGM9s71iB29RaJJWYn{e%{+S* zS$|K1h5ljdZ!Pv5;7aN6p1_Bz!(*qVl!H9Nsh^%gZPSmKJnY+F6XZfK327i7$@M{A zit2njqGHWOOv_PrGs;LdF>ToXhhovB`YRBOld}?$l!D9bSu(QJh(UCv{m9286!P5I za#RF=ys){rw1u>Wks28b8>5G2dyC5p%Iu4T43R!^MoO&(1zZF2R@w_i9~>yd=xdT! z=slukIPP1P0>4y`5GgA7s8`^FlNa4WR55H!(Tz z66srJUoFiSoD`6lt^@R9=&7H_w{sDux(2oS^s^XtBGZlL+tGMSuXV+KxfD)PC&0F@ z6gC@x!w)W zS|)l7^B>e|B!c?48k#y2^Q|QzJRiMWau$gv)`7?i{*?`5IeVZm0J8n1QDg@5%7()s zXQna0@izZ2v}< zm5ns|pj6b#Qpy!8naA!W34)eeATzPzuZW4U&?qpeS!W{{cX-9ZXpC96i?uckMdyRO za*~ZSoA>T3)aqrk^@Y&lBRcm_{8pQQ+7fy^a69)dhRepoUwtK@rl7HwwfG{DQ}Ogi ze+#r1nw{oeVkc+^FJOak=vwtl45Vb$5kbk769AT|*PuxIt4yTSQVxJKFv4P2yuvXf zgWw0G)Zaoa-uy8SEpS%h0f#)KTXrmdF;Kh;%I){lX+nrA zw>vEv4%oIPWN5-TW}!1vrIpaY=(Z0ha*f~cOn415=y}fJ#s|o)2NgjG_y!JsPlIerw>bI8|`LuYqdWp zRE%~{5uDc*CG~Y)%1XQMdg+7;dxnCd-1cu`2&^)-`U(_J~3)+k=p??=N7*>3k64IKG?<9-f(tZQID zK3rId^Dfa*;z0{LIfV|dT>-aUJ7Gylijd<;`uJ3O4}Il{(R!c%LZ4U4njs2_^j)D( z`LE1gvIkVM#1#E1q)D9GE`uBZL*|Jv>aVwHE;+UE%{6`83azlyr4Z=`c$wygsGlk zDtiEi6(*kQd?w1V2jkQ23Yy)MbhTi^Fud|u>2wz$@)B!_qJVp4l!-WMuRe#lU5}Gb z!=?cVOE?gh03YS{YqHWIoT5fV-9_gzBDdUruNuED3j__H1I z67GAT$}&oY+j1mx_MuJHm_e+ELd%i2%$^_;1VNu(ok7+31*w2Z`t4rHm3B)jF_R5n z0Bw8;;HC@d4%dMN4wyUz-I}_xdlt0g*R<(%UT*zMR0S>a94{cn06Ze>rvNS5>0E$P zu;j==*B2xU z_72{Wa|HUOoAitHBJN~NS{^5uiM%B^R_x!1qevqLZJt8RXWP4^JEVFZP(>kwVWM7c zKa;K;?hzO+%fv#-^hi3>G}eJgV_%83XcANM7C*r8`tvF1X=aBsgVC!Kwb&W>Lis`@ zn5QB=#7PKDuV4OI1a3W3dYa_zY=GBzu?Ka{KhOv|;TnM{veKR^vmg8WRCtbQ3FXwb5^Q7n9NDia!QWB1R(r+fTv98>2Dh z)2d5q+Iz#++nQVgL3!P7V}I_PY#5G)u^?4~V{@rL!`Eij@mhd3+0VkWgzp*PXl>1S z^&L@ODaxZMDoPtT=NJ^9g%V#tiBMrLKynQ2HvLJI=gs%jOH_w(?ic6cFi;??BIWw- zDkWZThiuABc%AfjCXv?}xv9`!ypReV^`d%p%AZdrk>L#>l^N19vyy*#p%NrjF|~`# z(`%7Tz|m&{82h<3%q7(JH$aTTwKGEno;QLseZCNm+E4eow0W?-8rt$u8_w=}?A{ZIN2MAZ-LA%QNY!zaAfI&yd@NTI_RHm9mk* zUO>u5;-4(D235d5-SBGS@Mblb$%_XODcIg~9%Y4><2Z(YPM-dvmsEe01xV_1D#c`x zt}Pq;wtkvrR^U$4U-)}&H?IxEZ_BXC1M#a4!I`Le4Q03b7GyLIWYiREO`~}^Q6T;c zicbaRiSes`G=CXj+(5)3ygPAdUgL{jwI7*rEKXZA7SQPJDJb4XVGgt(*w@_+^7x?@ zuO-obb)Wcr0blRM!!Y@4u>%OKp20QPcejYVC3Nb1z-*TXaIWb%tK4_jak$>VET^%R zc{%Sd#|93tsZ+D;QJssN#4O`Le$8Yp*h34_*8YlIt?xLVW+||G;GA!KLcXb)+l{te zXiek{t+A)E?&Cq5Yx3i`1flIDw@qewptkcQO|D{TA6EcaeEL4GE_J#?VHe|ZnEll0 z(jEF(khnmTY@}h3{i&FuWb5O+aQIVHL0rYEBUkN?CbX7@^)k2Nj1moum1!vLmVFFHrIpY1*CxDbv3%VG>lTs2D*6@BxwFt zQv)IftwUkOU)GGX@PoRPP^!1E5-C5FI~g>+JD*lC_8lQC=^jErX|muJM^; z1LpnG%%##yx!$6$WXysEJ#KzA{>UCYfkp4bTRblaulG3e#mtun;#Y*tiiuMoGEH44 ze4^5R7rSZT31Y{q)nCqGJbxmn6}z)ZJ(%v#CA}U@0kQITN>=U&jY$;RFkT8Zu}z`X(~n*zZS| zg(73p$E?;Jg6tI-^nT3{#030b8|@i5<|Mr_oN3LnfcXr|M*jgR+#fgY2>2pr>w`R? zg?yclFr6tVXlM-TYhYUbu^7aVYL-sLligUNz}^d?kA?50)Rz@+AeEcn*0s*SFOPH5 z%tEh48B;3lZjTa!vVQpt(udi!5nU(#lpG)MmFC~-yh$-T5yCs(V|aCa>ba9^Ja9?ZvoF-osQD%roMLeM*cr&-v%h^=E$g=619J;*tpkC3 zhBejh!e`!fvgnCig~7*7*Za{h3)g#-L-^GV!!L^xr0SLglPc(K&dL5#Q z}GTAKb@fTMFUx(C5`WiCE(FLQQ&}7mXE_#6ievK3QQf zi4|gp!*w>-+gIV&Xv-|xX5z}3gPGbwF2uFQOmT2@ncsDAG&`f`8^-#BgZ`r}d>8T1 z+JNz9f~>Q7QZLArx0#-64pUltOa;aEia$Phr7I7 zfmf))F!unkgSaD=-Vn5=bJZ!q^@j)p@fIJ$xh@D3jvR1itPSZ|6o3Gp?64d~!W&cv zrC7Guga4Q!?3*!z;Z*7#rUt^Yc|4`qO=J8a@u}JCv4jfCr%0nkJ*lS;u4n!-k z{la_gA=_{sjsr6o!k`U59rN)ZN`-yD#B-ir`V3lB0TL`Mx2M&68i}QdSN8BhWalOi zLr`Maz7G@%euk{EhY+X7Jt*`akjF{j5yMr#T0QSD)lW^u(%Fpa^>fPYb@{1Y$GKNk zqCRyZ&u;cm72z(US98@m<-AlGi%@uizz*g`@<4=g7^B~qO0kkDs*^A7Ku_7(O{^uL z*QKHx5G_E2ojK&cBfS_Lr%Y3;eToO3!yQk3jF(Cm0B+G6ynwLERp3C3N?I{)@Bgr6 zMP{^0pY0`4N1LSZh?Buer+ZPUVIY0{%!z^%hu(YiE4(zimd2YTTjVC=NheV$zJ)fy zg$Y*S_Ko6DOuGFslw!R?&6M$q97u=`qP#Hv5g|D3g{Qd}l8cg7hNO=eLt6P}_6hp! z(BZ3f#v_1He;Dbj&oSSb;v6Jf$v)eFCw2{Nw(d|J;%oZq3sM<=hk(TE#_Ctmc2s5J z$*Fvy=%WK6y%lBYeI`KJyz*YW+V?&yP1RrZ!lCkbOTu_>m|4d}m*lEr zqf!cBPB%oG>&d}H$31SI{)m@0xsulL_Ujnz=rR3KFT5PQb!gcBSi+UZW+r6t;ILgK z43ci#aY;RbfvIdXz+6E&q@yh>dQC^$=*XQ`18tgk3~*2f!TBV74d)sv zGXOJYjOf)c-+k4?na=rEf5a{5UR4l!PG94pF1eE3=2AkFQ~=kY*p-v6Meg=mCg2~h zM&Te;v&nBgNOkIlbpaNh#S2v(MY#3&co_uXX~$&e=BOx#mu|5?$MzRPQE*gj4nn!U3YP?_x@ z*@EiAu>DI(%Pv~F4H4CuWt0rE%k8NWL1pXWekj*mZ|u8JTXr>G^`lbN-h(Vo5)YT} zgscHt(;146S`I;i>mScPLl}!la9aJ#;I{gk9$ZR_lU_JSbd()!`O*0uZ8+N-W5On{ zGxSc>p_7iCiJZMY^Gc{5?ci`}QvXK^qzeckF@b}=4UF2GN?Yo7c%oAOgBPfO%#wu} z&USb!x%sWR-~M$jYHB5qo}DWAZ%n92&pC?)^WcC-lF|lTLU3uWkfdJW#Z}sio)#K+ z9!7C#n$iE_K>+42%nWkkLeT@{i;`inc@qZV5 zMa~?Ofw%Ql+H|D3`I{>3hP_qVb$HjmtkMo4@1bw2w3^RP#A6p8H*P?x|G24`!s(jg z-%RlpN{tNZSEcQ>jYr?q8uK)xE!leD#E$Lx@8iDY;y0oRt#R6rH&tlJ(_L z2}Nh*G^>x+=(Kib6>a=sD-Hyov=Iu*z`4k7tWTb_zV+aVJ--Be`P;R|?dJ9$wqb}) zh2uwKAbL9<7{d9HpFEd|Porha8oU9*nT4R3i9=66>BEz@_H-6c*rAZ{a$L3&R1( zgm2pdjVs>&11ME^e|I5!VJvj_PeEG|h$ z0(&o@zyv95mjV2%v_DXx!q=UJ$N>6>1B6){ecx#dpz_5hNO{&4eqI^M1!Y15gy)PQ zTR;(@$>}Yi#ed=bM^GJq6ZqbV-|z5^-<_boo$q4=eSk3JxdG{~LoL%WhOX;CTqjGz z)vDS~P-fx>q&kRHh$YSKBt8EV;kMMd3wgFNKfa)eKs-v^*@^i5NY|}I#_Y}=2>Yf= zyB-jbtat9iJIcKN5ZW+r$QIik z0K_wfkjq4dd?RpAKrV6wx2Ee*DsiQwc0$3LZsAIa5{enfn!G5^;HMei1g$QH6 ze1y_A5vTYD787g_Fn#9`3o&ct9KH9}H@-n@^jC72@9{H|s2h62IzJcH% zn>QHA6EL(Y?Cf$SL$r0}=S_bRey+p{Y|A0mNge?|Epl2I-;+jHQ_2pZ;dtz4~fIQUO-XU*yHoZ-|p z2cg@X5QyYLPpCCwwoMLlYI?`7JQ^_!KTW?s=uT8>zFmN}RYM|qxUba6O`NN-TPG_m z5#k#uz}as;A?<`)M||-Qr)y5o|BlQe>f_YFyOJVkN(xABN11CLMcQUC1z+N+_6C0N zPyeF_0EBRB}rDI#Gj*=jdQ4B33jBf_x z3#YbtunxBIkyDI)Ni9ZG7x?w=fuCpnbPre$*0&ldoj)K9>`n`g&%&Mn_5&6}cY&Sj z+NbejT;#(fA}c(t{wO3jTd_d_@e9X1fpc}})NJ6qr7q~O!s4)HIA#)DYgJ)C{WszX z3^-bzN|2bN-;mO`a-UYG%_|slzSDxQx?*u)I>q{BK)FzL{U+|P&aOMi)f(<>6>o>d ziTP)B@w1lNjp_~A)?7-M%sx7g5lH8S6TgJZ5G_VS2+QxTxW}Lo?uwfmE}ri6{*=8= z{Xg%j(XRNvs{ppO|lcR z<4;2N`h}_RM)tDZqQcu7_{G1KemL`H&&57R$XXJ8{U*41!AI6ct#M;Bmqmj%t_6;u z>4Ni=^AQ8jn_8@qFKd<{+`UoZXU;WVrY_^MYPrt@+?sVf2I?;y65 zVC983p)*--jc3m+o`xsrj1Y7=5_jZv2xnRkL#YCGcUBe^8UfxUnK6#TPp0boncJ&8 zb^P+&N)&DDC<%7g?pudZ%F3;!qSdH-5QRCvMoN8Ws+QXj zrfLa0p92cu772W7`EYizHL0r)BDYo8BhMCm%Faxr*gbPwTZ_a*PAjkwpA=5cnTQK; z)WKWaOTt1PW|DRzfZFhnh1S7v8Llc%^#<~1Pr3s+(hrmXv|wzlLF=4Huz!)hSUCO& zai6>Z9s1aXghe`(XP{6}w)qLH0xp0_H*7jYl_fhMZy{C$E)GHdfg4IT_ITKS<#8f4 zfCelj7c1J6=#Q-+8Bu>yQN`=;oUQD2UXp+;vn_0ITS0mXj0CgFjOKZMW@7gW&akLv zWo&EWIovIN#ru@ z8&=qpx}~T)G$uver=eok6$*$vdYpAP#~7*eKmcu@l07^OW&YQASEG;01;r`!TEJU< zRE7Pyn9K?C9)Q3MF0IvzJr`)O`UX}iL-G#9S=R=vF*D%(6P`cESiN0WoW<@j{i1jS z4-8vN$zqbX6d0{MdUx|*i1BPo7>`v_U^c8^BCnVnD^odC@%&+I0Af25MpI49|I9Cn`2 zs)Z}Aaaa8KiP2*~(c!Ym_6tw2G@+Ywxr}~+#Q7a^6}6bcHU1ZV1Rt)Ms7X;-{UT)I z{5uQ3sX>b&n;)q$)^K~%7rDV$lP511fvkg&rG^^P7MKN3rB9ekK*B*dINvv0yRS8# zeMw!bEc$6zBF&ksUyD8uV+z^p1u3-vgR5s(*pV!mLX>e+NW>*?=%c5630uD*#UnmN zfPOABh7;@crvR5i*-&6e(QAQoJ(f>iuaM7>9sC0enf8WhEDwLqqg)6rnktcz0Y#f? zU)IRYL0XIPHe4Tl_gr7K%6K=ldc@spTiU4&nS|5(2Iz++7)6=fvUKAlbMa$#EGU4umK^EPz5o zN5+>&ke=YXniWO|(ue|6F=gUxmrV+(B@p5dGNLWf(<&dBy@>dS0kT(Yr+VJ94xBH*Q9oUm=`#QCRiP2jfbUa#ONFNF507F%iZXu5{=0M*vlFY0pRaQ1SWJ? z85gNCz>U^9luPt_4@k)KA_#_^UVspdQ}Puq3ImW8_V4~6fT?rMc?j}mV}eF-sfC4R z|BnJAIw_xUl3{^zFt&ZZ4W*$TemUr@Z}TdZ`?8(WF#8nkO!Nf$%?F8oyuc8j{eW5D z8^gyJZPFU=l|ft#oMBTP@oF4@p(j!$RsaqMM-r0yu2dL1#A)I50a&n|j;p|kBLJyA z1gIjDTpWRhU1W}yc4S%0gn?{|Y_NhwJGI8APb3d1{u0h|+Wf`uMfW8BUbM4=4U6;^ z5syIQT&^pd!pk$~RF{TkdZX>vYF3@*5@{SLM4wx5n9O}VU^9~IE|lDYqD4^c_pvfz z0eS*(>0E~96}5QOPb$KBzQIxoyJ8B?B5~>&stOj_qCmat=XiY9mDbOAfZ4M3b5r3; zTJNXA)6zPw-MJj)>VE}Ro%4Z9Z~ZAt&H-F;7!>bLLt1PXJfpX#4;H;BJ|?@;H!uHiBfy#)*iV0yP|E&0G<& z8<7gxV;qh!1=JU&kf@G?ynde`7rM_-rfztVG#?1sJ0%XT#jq+VVXXiIgA?jV`jW0I zMNoU)2t4^`Js=F@u743;2;fg5tazb~ujnyho*T@zY4+p_3~wX0ebGvHCKM&7>tQ8& zz5W=$NQ_r5T2xdsOZ7!2rn4kU^yfWj^#mgIb3oVCa}xvG1u%s8bh-|ZnHiizqG7DK z1m1Mmb>fReU0jte^)Ns_(x341D}20$%^vikwM?xZq@~!)a?!!2CZ3WK5`WhJ$~G9V ze}#Gnx5Hm5E~<~UGPI^)tzQJSH;tAIGlN@jFlXzWeX9O#whO8*+b@rzFzRnUO3J({ z`kS_R-Z1kxWWXML*e=Ar43KFy6k^K8cpRB*%*R{UzC|J+j^5TU*~mzHyo7*bN6yj@ zr0SWCDs-u5NaB9I!wav@RDt0{of2R4Lta#JE$F$452|4wf=E6&QM{7PV zIZ*54(RyNlw^Uw^)R>ifAP1`c7f1XkA!3ovmmt<`58GEu5NEKZtt?))romO&xC6fz zSdqIwh-HkIc|kY(6*LbJnR!oAa-(t(bK^- zVOR+J!9iP!TW8;{SEA)k9V*t(>w<%E`eg4*ZidwV2yjROI}a)n*n@MoLVy9Oz0B?- zb!5RC^Mzhc(79xTeEhhV&9rg8OypVrI@qiZYK4g*?AosJ@^q;!oLFvU!k7u$5CO22 zEcoc2l{Fb!{Zpi32sQKJiUg-HD(tr}A|n;U2p)emcJpGdFcjVDVy_V)be>3M_On73 zxv!u(=o@Y6c}U(qj+2&8EMD~M0g01|(4VzuU%b@gs{dure$Cx3XQhAz#`E*`?Dyc3 zE8*FP+p~-Qb@g;G4}oq*S{M13A|mab8uEIPgC*s8Rd2{dXi_s zJ#T=!;M7Le!o&C~KD3D&6WLfJxnfi4#_GW2O8d;XhumMMW$)-nPZAiaB!RQ4#T`kd z{o@iz{!%X(!jR&z7{~&5&#SbzEt9T5;A!*|*H+I@OtoIm$Za1lWgs7}ZtI7iGLJXU zC+h~yezQN-MOU}EUb5Bv7=rcL2v{->!yINUE<}24w`Exm4#k_bau}a0DA>RUDNOhB z;Z6}f&^~@Ti2^NNyMi+fR)(vS5DQKTwtmv9=T=-IBR-U@lA+eJjfgisIoN7z@Ce*< zqq&Fy)+4)teF!%Fl(jGx^p}yCN?@aSIGm852xrz$!g;9G4jQ}s9-QVOYwbT#h{AL- z8nUk?a19JYRrOy0xUd~Y7=^es48|HA+%?{?3-1Ihnk#@Q;rSB;A{q-P8*lcQxMXZ^ z;1~aJz3H*^mUO;~FeQQ&O-BL}k@7Jb)jaj?=}(dtxXBlvkOj;HVPb`!9P@zr12;%9 zZsAGiA4?U0xXS?MmDb|H#3^E}6;#l3#bp*y+N!Yss8aIc+XnS|Y7h9*lUpv0echuy zk$40)Zxclo_HU3tMZ6l2RK~s@Zgiv{C^yT##4W9r!7yk?ow@Wi*-u>{YTAC=421j% z|9k$OeqPxYfKRvKcNG9At)Uh8(D&it{0`st-%u7YA%3f*+XazL{~{vyTMChj_{BdD zk$Y5xDG|(m1DlS6fhpgMz@>Xz<$)&@F2@6x6BRD$6^w_XXkZexeBd;K5BjH*kQn}Y(c}S0343Y&0LGUv^&$9mc)y=MjBnHMmKOiK{W-d$80@Ww+?6I+zq=aX$n!zrh5XP4 z=9r&gACC772SsRUBD2R;PG#lp@&EU3qO3wak2t&rz*(}U;WUDIC1~C)(+H0!+$~c{ zPRP8QEGKLam1YFY^_hc1Xjhg!&<$tN4)XA6DT9F_Tk5Y*S={bxE$#8Nhu= zo%zw>Dj8CdoM@IPpzGA{VEulJ7l1*u9YH+eRq>sgnPt_aOsZXZM9t5o=&z}?4L+-{ zEU@WMQW=rr?j;-%3Cn#y%loku4v!k(eFh9+T&K>s!KY<{vAYnOrVwzGPo7De8>?PU zu$lq!M2Axz*_asupbKufQf*U^jbGsKUOBvL55bqhQeS8n%Iqeg)GXT2`RJ>*R3xc1 zxnX@q_|5H<;4YQ}UjYLCYZT8L;`M`M+kP0sQj%$B)M<#Sv_lfav`ddh0K{K_n*$NJ z5EinY2y8bBDR2NU{TdLUE6G8J>HZ*4E+PRe1@BHL+KfbG3%Pnm*AzFWQ>;+M&`V(c z;fXFyCo)tbl1{C&E*NdM6yA_VQ4e>}$D2u>a& z;I~-vX3IE_wJey9lM5xdceVOFj|EXDM=`JGw~AAZP$|Y&hmK6~#W#xFb|y}#zTmLP z9QzjytURX(qi>qP5ioa1w^pBaM9Lvv%EX81E@yw&?XCxktcOC6^XKKzqx^X~1pO1O zuOH-(tO+}6e+0;WY~w(1Y36Y4wgeCJ+tqVrv{o0Em*I3XCl_kDWyn@yuwruybdJHQ z#eRo4=P@RL4m{XL1_#NAtXo}6rj960uE0?kZ*)YgK!~GZCPo9KS@?3ulk;1oe=slL zd?j0j8vIj*Zgu#GJIC$|F=_8J-70lpcHjx^+-l%((XgOkt z5MN=O=o$*PS%^_y0L=ybE0ngyOM8^)CxE31)(KbGegLEg-e=-&F4z8eW+;~yUpO8&kS<8zCIwbPwZt-h7qdrTw=;1RLKl>d%7-Xk05}Gl zTdP`Iv#QLAqe^1iq8NsezVYk}jMj^JYVKrJQMINw01dG4QQxr^D=(yONJZ5B67{Wc zbK%vnTE7N&fAz*r~T4*W~{7`{5d`SM`J*}`^W9?IkTc`&LblY<;0zp|b- z_u7|W4FmEr+Y=Y-WnKrUDd<8Du^jt6>4%)6WFlX$^iqJGyV1vZ(ZGn#LrBtv*duBSvR%K<;s7<1?JfiL@6XmVR~0ibDX#O>!JaY3sz*k&+@CIdf{ZAEZ{k5`$7RC+j$N}R4M%`><4qa@{Z>ML)nn5 z3S>eK7`xHzBQ)$@+mgEMTgum(P(ge`vS?eC(Ro5VP!bQshN3cU%sTiiD)EW+m3Sxz z@nu`9X{xY>g5N1~g6`Ev`TWhmg=GBA^hFEW{VS&6s3Z{QGoeC+dvbm!y0`nEVmSIh zg&>;97J<2Sy?wW;nH~G^{hEMgKW=@!oD#BV5WRiFd)aO;kp%dcSQ{vfi1@T4% z44iW+P?iJHIJ>HK9mc?wp$v#W8B^ew;TGH&YVQ=IcwBZL=yJbs4jNZr+>Tq-#v%7$ zj8>Q`9g0q{7P7s(L^(3ly4aO`trBPnMh}2ZYoT-&u5dj56$Ja%vcnR`BNxAziviYCY^AlDO+*;ljnOkA zi;V`K`+pL;aw^>o=L|yMW#eIG$p!znbF*OR~sP z)DkF0zeSGc>0W#|b1{}N7iT9y_$aFswgQxva*mh^WIS;`KneLM>2`mMejTtcgEwsd z&z-{j5mAFvr`UHb+EbKVZe{pI(zdj1LVyK#IhS-1ZafH`MS73zUoi5774s%FjCR@eD^ zR0!Wkh^^~<1nfd(ky|k94K@z;U!a?xmBW2C3`i&&YzPd7 z1Dc7_3z)d0$CcT?U%(iC993r5dLNNOON(uaF)r$;qBpJ*^c{#ZM|pv91zjuC=6cVdgebs4TcSv>K)BwP}I0);)Xc>g0CH;G_cX*WI{-sFY`rW zNONkANStCB!l7Csnq`sW;0TlEJd9$SQ!_-@#&f=^DjpGz^mf~idpBllP3`eX$)b+K zxq>!k!|bVMr^gU7(4!eHL*N~>W%dh|9z!TH?m!bxvkY=Gv_8+W$kB?n6?K4qP~T)I z!+`HC;6L3`h^Bl%`XVz3%G3#UhxP0XmeCQ(HqWul>3GM4*VdlVNN#yIXNICp9T)e@ z+@?)0gi4MjDwg4=X+9>OioT6>939u~P!UTRh^xp}D z#Y&o|nI^;b{X`m+<&!jI3DueQ2hxbcDq0PxifN*Hb-;f4zvG#`{t2X6%_$EWg~&zf zz~gFc1L6+4<#_s{XBuyRD=2XiWv&KT-- zDBssksOT2#xdqNpnwIn%ig()qa;TV&oNcyCH)_c_*>>4=f*}MCz>250uN#)-%Z^2D z09NwYJ`w;VqlJ2E~n1A`&ec%tV(SM)sD6+KUH_pQcQ!i0f^TATX; z^vK7{j8PvH4~uWfgRSFpI|x8WBxn|@VP@5SAn7f7)rKVjVuD@_iI2suVM(OpYlXi9 z#2l+u1iO`zsUypTSQy(h@~f}-`X*n$hTcYty@=Q5?^!NWW&k=|Qo!g;c_qC|g<1?tO<(g{SGp<1 zs;!@ApJ>14p_1uJ0@|Fzckr|3dzrR52Lq|C`7Me1UPA6w z$>jNh3YY9T5__e*N8~wFg~&6ao=mUqqgC@iuVAPB?X5EY#P+a1I>TJg#Y{fvCokgyDwR%#I zei1rQu9%dCbD~-wgn&dT+7ih&4o0HcdS3>d`--#^Soj_mXBZm;&Gvd6KoZY)<6$*l z66rni&ma*k_8GT$PDUmXzm@EKIoen~glawe@eh>>4bqyja9n?7N^hIO|v zw{4ND>RQRv5>-mZ>b07zP{b}seMjm8u-2$59$bSvaX0vjzm0yC7^U-gyF%mb#Dzj* znbQOmTXze`gTd7&sG+Wv9Kz}eLG1|~4e7v<(m}?8tdeMtQ~iKBauFSD;vuQ&(8$pJTV zqKAR7>CQspPV5cohc$ZSA(blVkX2UPC#+sZvf+{AXgXBa`2gOdBUfgmO6-$3cctI^ z!UE=gEOt4gorYfbAlhKl^K=bfs%pxJc2$Z+cmdHOMt&)!?ty^JGQIU zi`nXI{+6bVkbP^>9A5=iJ)3am>o)Z5Ny%HX?U$6$h3tL8_6ip(8(Kfl;Fb0CRR`Tl z7NmmJyO5i@l^*z5Q!5{PnWig1CEWJLemXQW>_QZ(iL6i(beFNwb;5eA0T1<28R~+w$^O|yW{FN^tHMJBJGTQ zt+;bRqjhO$_)^lyyuT$zTbCA~6VT5u@f;(QCi$h69w_ddXIYmHR4rgjOy#lg*a_-U_w z2v7cz#G7aG13v1Tb-qNVR@nCtUtF6+P7`u6)=0t8^K}heOU*uW(Qthd9@PcVTJ`Y4 zVb&*s(C)tewwl(Ha)I$RZE9KNje(cCjDX|Z5s;@wK=c%)UtI@qL|5uG~y= zQN#X^`R`5Vm(Jby)&H&i52o`AK{O-3P#s0g?;t3vjud`Z#s157`_I7@km{r(2Pgjd z9NeC9*!o+oU&tNdC2=0at!(QR5tQcy^^eh78JNizg(W;%rC35N#S&sEmT);_eq2Jh zNJa{Fz0AFJpHhqkhh0k+?%acibsvjfD{K7QgUvEp!4ormk#oTm0bt}D{$e-ed}&|e zI%|=P#g@nusRI9CtrcN+teT@nNy=sp-XeamN^SgbAvYaJ9D!(_FZjkr#5y6cAVrm5H;@9 zsL~b#^CW8WnIFQg2=h$h*p&QbV1tI!tu>8>jxaqWm!m(gh^%IRzKQYtBIa3kIu>QV)?FF;KCg$u_VK@w&S5NtMog4J z0SUSb^lCu-)aNF0%r60r`L+v>TA>I`28cQZlNktw?a?W)Hk)56z(6K}G;l7zxI*pE z5WYVzH&8E}BtlMuq4-#wZVCV)fy7;$xCu|9wn*JObz(g~v1rPkZTCRkrsHB`Gui}f zh+q-jg;hpN;us-MYGGhInaE-oLrft=GfpDJganx&8?(_*PD(-~#w$XuTK(@(F~pcW z=x>?Hc=#&4!9jMuA)CGv_fH`qPelz>EB zN^kSWMO>jL`Ya1?ub0BPU{5@%cX}O$ZJIf#6WcV4XRy84tmd|Jo=6~R6feha6K^Jh zKC7L)1GBJqeo~zpoOe}6gPQ6mt2?o3Q?otJ7rg=Z#V8wd#JNPBRY$VMwZAMWl3(c_ zz=bn9d?!~f$FoB8x3F%(zOGWUb#;I4$)D2z)LeAIEDnIH&@|Jw{=N&$wTqhLzpkY< zlKHdGD(ZNNbl{9aCQw3YXqM5;(~Ld|)?&0TLPBjJl^^!`;5ek{Y*w+sUi51rY!)EF z-2FFOt=L3FGucFbzXoY962CME6GB*z;K<_?*tXOoN4XpeLb}CoARW}n$iX+BpY0~o zH->f&tRG|~xlaF)<}*xM*bTxc3fjqEp^d;K2-LsPXbBeY(+u8FKIl!FdCY}Z(9|$o z`Zt8bA}5#?4P$c-G9-n>CIFvbOx{(a7CTq|xemA*t1R~3L z#YrtfNNJVjbPVbc4Tb< zSIF2)e(ObIA$3HG|Ht0DfJaqbed8xEV1U6Ht0)G=Zpz zU=5N$s9XjD1Y2u}5FBEFG?^&2h?7o&j6*cG^sQ}e#p>JIik2!WUVtE1E7f?%OEvXU zPaLe#DuPw!`~B8FXXeagBIMP+-~azS-#oL|+LyKVUVHDgFK3^<_n96k4<73#_er>> z94s;BTWKZH4U1gJQ_g&Y@)(+uHu|YV0(^}w-d4xN+UhW~tqu(SyXQ6fBMT|JEev$4H1?1mq7s;hxKn+d>cA#-T+* zj$LK5SfOFL@)K7#V5z{>fKNo@;!bsm$gj<1!=E*Ka0y3C8}6})N+R;rZjsH>m9~*c zOjKzIEn_q18y8A44k)o-G#F~lT~+Q713fBm^uFM}cHd4EjST-K#`eo88$KS*HpAYd zu^=;@8t;~~ZSK%tjR{~4wMl2Q=2{e7dfI+0&19J0x9BAiL&euz%`kkiA_Ix0hawmq z_}v}EgSS3!X0W?*hT6u!C$uLGuLXS1SyB`m9!SCCJkEv>m?x}Y@p54QEUz&lQ&cl@ zo^Q8BKF9dz`yw<+@m+~0t$_K)K^4%3!-`SkT|}x{oHMfxpQDI|*JlPaX)+^2yLzx| z;d@|ud5yj0kN|q(G>JlCsZF$-G*QRkYuxPNh&&J*|JD4;4Iwh|4hMT7_7R|zz}XMN4sLtKFeB)uMo|)79IOtDC>T`gV(wJuKIgG#kXa(=U{qYxAkr`M+f?d z)gBeRo{TjIKL(x_*2$e519x@uTHdY7Mf@6Z;;*h3>|6*-NZ3|!aWErKsv7N%UP+8RJiuEHnC!}Ui@o*YT9nQPN|6Vco}W=zMosGu9#=`o9!h9b)Ux1m0C4rM}t3d_w=s| zPvH_f&IzeCcGbZgX}e9Yhl@;kUnzT0VA(Nya*tV8eW@QtMAAyRCWx}Q7^hgWeYc}Bx?t9*Gctyzj3 zk42KBuy)n+#>?iUts6@HLdo{HanPJ~JXGMpe0z@Z^S4op=e8PxVr8kT6eGtydLMscz5n4}Ti$H&>&Zi>oSdkY?#ggWqI z(9Zz@AN{h3<+yQu6_SM(EDV1ix2xvhj2hjmGv@`PBV9Ka!_kP|wgijV@2fF>Z^5K= ztzr!B{1LZw$~Pdk(7wHz7QhM}UO9scJ#iy;MPq)Og?EYXb3TB3d_2sLgB~Tu70Q9i z&1pEi6)}MGZFC?IHLKxCii8`m;I2Em5v73}PciJ&9lI3+iK~9U*ws7Fy|C|i0dHd4 zKE)7@sTh(1oRR6`cH|~J?r=NuM!~l2$he*Z(I%5`Hp!bilK(3Od5cNj+L4@34qMBY zj6Zh*^yA(PPO#f>8j^KFhX*27=qp#511e2GGGq^lt8$@6LTZV-)^R$&1OCl z zet=t|<*fBJP`vzvnzYuJqkD=)W0HDOlNKmatI+#U=qyFrBfq22xS`u#=tAx_$rp7b z=L=X{9SM1rNgn7(eh$dDXQND@!R|-P#-DrM1U#~3fA&b#Rf}t&QqJtZ_ImMA77}~j z>=xHU$Xu@{dVSvOeOLWal;;FYS+|x=$YtH=s=|aE(WLVtgN$A+z1n->t@Rrqwxx7# z_V_NOv?-R-`0>X{NwtHuV8E{YJ4$-E(UNc$xnp@Qn*I$HfIGMeqVAYX@9O^mwzhfjm7Nl8 zy=lu~Bhz3D9?e&e^>s(@0G+Fz=Nwd0u7;r?u-a)h{g0`3Iu`aF+&$4Y6Sl3~LDBXA z{Y2P2*s@!72M_+77@b0_4N8V*>)M0=gI;52R&3XJ*`b zE{lv2a?YA}Y_XAZ)5!g4ScbrQU5qJ~&m71SJcb7VZoq&A%Nx0&=b77i2&sP_18uIW z;TaW3Z$G_RT%7)r6Mh?n6dxdtdu^c?(sVU&k+$xrs7(D|F~O`mDn(I`LzA#e5j6~@ z&@X_c?iepH^k31|7d|S(ey^&*+Oi#=AX|~CTZ!5>A=<4v3SJ%&cH}T<4DzX??9J}K zz8%T6eF3oJ6A(t6J9H!w>9IoxvFl+R1fH)oekTpn6zmC@?}%LWKw5$_VJv3^j{$7W zVFVMm&Lhg%>L(f}`+(TkB4=V3+H&Mab`gmWc0++itUb1V0xQ?k8!s^v`@SRew9M^- zd!zp0=+9?jVibG6TbegxzC&#geW~{2NRLo0#@*oVN#-O;=KJWZ1~rboC_clOZ!DjU z3Xw_gWZ5jP^PK4*+<~A5e9Rd=n!hkU!H7P{&MUM?nS{I(T&QTXt za{ylay^Z}v-RGPL__6N+E9!3qqxsk*1$B4V_T9Dx3SkESR`J2}1@UA@L{U!O@e%o^3Z4%XAY-4ENHV+{Z4?YVS zi>G;;pYi;wewVAEe>|R(w{3uT@N@J?xP>H23nba1VhB^1f501TD6!j_;}9R~`+f4|-^A0wCMA-*le;$`w&w-~r$|_G+Ln|1zv5BY>!OMJjY))(23ncU7x+n(- zS3P?clT+=V`W+}lL@%S*V2fh9M8OAgbl3&zfD2~+Z`9+4t8HwR!gdy@%yK(z<9YC9(Hude41SK@2jxXC#EJb|anB9P6U$sr$33^eQak(osx7= zQPnB^lATplbxOCxzU>9D)P2rQ$yJZfFh$!!r1+eB&-__+pXUSP6Rrr@=0|qhuz@zZ zEytE|FFep$H@Dr$ka?uR$AGx!z=?=BuSNra-a-#q8m@+aBDZay0c?|@^>a0}_5x3& z-?mRg8Z~kp#^Q?aJgfQ0szvc7(hBh*ojS&elZDSl(Cl+G|1{sXVw4X{vmdEw(O?`Q zc_9|MU7CKOPq!%XP{AECc&NyoAx%Fr&UdyI7=2h8e(QH6Nfix!LbtQ=%Tq94K6E_r zlCRb)4)GJsMd%=N)f+tQqXw$+Ac^l}U6SoF5%Q}}_kYj!Q213s_ zKHnh$e2V5qe%vjlF3MR?U1x!DQ!NUE*@O+RZ@7v8P3AszbAyGefu9j41$v=qFxt~~ z!)@@`dL0Sx#5;x>xpT8H!*^2!xI*&-25zP*G#qx-Pf?@?6lppXluL(D zO*d|kfpi!P_GjU#&H-Y)4Q)g3u46-fkPn5jzoSR+sr*PfqlzM`;C0;Ae=8yntj_EX z>l?7vJrz)?AwpiC<1~t9n(S+?j$a+o%xl6xksU>PYCm=8Z&+F@6ykIgS#IbFtQ()C z(yn{^dgdOhd{B(PLGKFxrl!vYhyza9o{R_A1;(q=MjUzjR{tr|QwhUb5?MDipNU*f zN~_J`kZk-&8V$~X_GF$_ZKzFvvYk12#P4cgDr)QHY7*5w#g7A`05&v-Uis|VhNtni zB3<1BHm=hQ<5}4+ z@E$h*=hyxnxlYe3a@QVg`xPkE;hG+gF3Bekvaf?)gwEf>83hb3%U|gj5aR22C zq8R5`@wjdZfCg`Vx$rs!)x{5V(otgcv3T$r64GCHIh6+S4>nUW&Wp?Srm9b@C_fIl znjp_-;zRm0OCJ9zBFh7cmNx@OZbIp>6cB&t;Bc{`kb1RaRx#ODxHZt5nhZn5Dx8D?ResoT}nYjO?&>L+(ghpo{o^NDe zR*ndz>)XK>;p%R%Gv*t|9+eR3@K*PcFmPv_mD}shhQqZ3G5@UPm*6w%JY>TgfSz>W zT^&ZNOqs9Z9Wn|s@=I$yQoV1{vp)#R>LZS!g`P&w?&PwfOlKSrDjFHdi6y!=HZok( zia>My9lIkY{)TIft{|soVcGr`o^)$i?LKdnm2v+o;o0us(VqTigGc@T1L*tv^GHtf zxG$rKYOE@}2YE{+Uy;ZY{am9O7ZLsi+4N{EUB0OscZzap+V#=gQ>br&L-o2p&)6JZNEGAYDF2w|$jaQLbh*G{9lNZ3dO z1u$GHmNfRTc{r!c0^rq<(Y8Mz6&xK19!YoI@F6r?-7VOt2f_un=oIQ1dRE?&!I6V| zq?w2LUgInXFWJNUDN@KM;KH-@MrSBIV;v5}FpXGd>L(yA=|*cOQfZ>KXU#E=6o`yo zW55*C^2x;zMwKXOEq`@ySi4G!% zp=ahAc}lNwTf+x_e6uj`pLj56yHm0syJx-3YL*LCvz#N}6PE$lUlB_Bl!p(=SZ zn~cmj_WN4IZRsP=|KNj6v$5{J(inO`I`YWGs*Kuyh(M9^!Z$Drh~Zn|n`I6CxyUK; z?y^Zv9^#zdq+75w|MA3YGH|19H+6fFdI1rqmHwUk)seRes=Bc`8#Tspo_o|ct70{` zu=89-=xFFwW1tK#u6ovdu~DOl$mt*KHEx`2R>d-93GFnV+{IT>lmbt>*JE_wfR|uT zd2yHC&3mAb@>I*)Pu!Y+Uib#S36TT#MN5PKKF!}3Fr#+z)-$@}9Y~L@?7YG^O9?#b z9~1t$lz?r_Y6|B(I&o?SPJH6c-{HKYwI9aLV50eB|Ee6m#W-zV5aI}7*Gti-c=#FB zqY3MWYTqkw+EsoV?S3BRx7qIJRDR8NzazL+7xA^&{oYZ2t#-c_<=1ZadtCWxUYjg; z!;iCVo*(6=9XI+kS3d{uypZ{uaf2dYIQuhnuexea+b{>!f~%a}{P}pfsy>i;c(ShJ zuji z$3LF;7oG)|>aNaG*Kv&>#E!+8x5qWZsQa=R9IN|b?)5erM&zPmV>qIVEWtS=2J}L} zZU&5~`!Zm8+)IxE!7r;M_!o4Y1iBkxL5Ib|ApQZk_zB-k{7lluSm(#(Hj%-_#(wc| z%r{CDafvZYS*&yH@%aVHD|iUa845TS6V_drA@J6`O!NVsoo_qgou&CNC^7n3{iuJb z*Eo=`WO$|SNjK(h=n$@eB;GmmjrC_R*X;OY_87SgUn5uD6r{V;Fw7rK? z`poliJd%z>t+lvNuf*_+R&s2tmTnQ1g=Y#xoQZ3N<{Kl?)g$uIUhYJ?6knGVa&_uG zZ`XCx;wj*~jxkb2CRfQR{`c@i4t{bE!~kDnysBy~Z`bN)BE7bwXtYQ-ynI%#Hsi6G z?Js!94GkKF$xbGY$?uak1r}{zU=dmue|S3`{*HBvcup9{x@1Gfx9YG_6X&(g484;5 z98|p&rz1>NuPwk!&c(j{y;0$JvlDD`BQALqKYX!%kE?zYJmqA1(czulYFCF|d6c8M z@%R(ye9=@~_4hH|ndU)$jIxc+b-|r_xOjEwMmG9TdgzZ7PoiwQoJq(LzVP_bF9r7= z+Ig(ovcr5(4<5rne-VNka~=w=zF*f|^?VZtYlc=^-!`0fa~J=m>e2xA<}Nwj7pNdYb=^5ZOCg}q%6V5*sbF^^}hkz3LpyF-Y6xHtNyQW`zH56$W0X1%-tJ1IY7GV zSI}=y;vEH8?u~EnS08NWuC8tn_!f|>9bQ-fgPq6YTn+ES7PcRBc>x}>rN8ZU*rYvL zLe}2}mB$priG#bt;|j2}3EK&CG9O{lV7y@DDE-_OboU#>SSbolSB%jNoHZO_9~-D$PAAFh9tYZPhzpJ7QQo?7ks zk(;=`);v9!HX6GP4~2H}TxeX__EXQRHunz%K= zlM>CtM9Po(8=gq&>Geuj&s>0g7_4cTpZ)+@u3O_4DOajWU^fx-@z9q9SV63BK$4g^sr2v+Pk^VTUh9 z|B^F0@ZtQdzfb6B-c%e`U8_QaEcm=Vwb`+IDh}uC8%4MMBP{LNxI?B_UaY7Wp&rP_-4Lz{ht__{7QSDr|_a zZ!GL;6*j8am~?0CKuXZu<+B}ZxJVHC%1!CgH)F?$5$VhNl!yC};a|zK!TFA`GZQ=fWvhetH zBi5qu5bA1pNj;gx+TI+fi7(g6j5<0ic|E6%tJ@HqJL9*Xj%>7X72Mt)Zp0`ssYeZu z>^s)g@mmWr?(Fgv$Ko@<=Nrkg(~W!1r<`~Xfw@co{#qh`bB`GRqD1}?ivOx)e&~ne z#=s$@ix|;ybH4jh=ozlb`hJA>o5jYG*u$EOcM_Y2vSG2uwE1H;zP?~+v2mZpN~d|hyHoD4#&}{h zorf0Kic`aVbEQVP85vh+q-Qrz#3xxBc!j312sFG2L$(j`sgj%PF!z3hk00p%)&q)? zV>bpj9Q^Q@@t`z?+EJ0xc;!iXg`4>B0xeW@jY8+ovKB;0qGBhm9ICYX#9I`u@ z1OLP+>9xG%#xZe<+kbjI&L&JlCvK%2)&Gr`O+7>zg66=F(d7W=uXTr(pfs=xn}vc+ zdQJy2bq_KH4G!(a3=}=l21F6QEpr_x>i&&UQ>z}2Z92S@9vM6zffX0{&R>Y@jS75x z>0IIE-8=|29=lx{VB6X7h2LuWWlP+S5I)~skU6XoyF`)d6og=nXX04ykK;N@{hjcs z=!W~&XEwp@!u{iEb0E+!g;50JSExC2gKt4jEd4J~2DnfBYzN1hHyxDNMI@AR4`;5TgfJUmL&wZZJ2m9YVlvX=#Jp_) z`3n%C*YWjmqhWJNup)|G@;OXiB7GZ)u%NjCG2PeGPW3>XY8$EQMF&`U)CJraEa6Tr z7~UjShiDMqb=~}9(6`+Ju)wHMK_$i-DJzGi8UAS%^HXcZfB#yvBJ%Bud?8TR1B&M8 z#;Fr1I(GV>q2i5XRFot{qZ|JkFC@GalGTi+`+Z!t9TCQO@+VdJ+E$~3tf+|WF#9)| zweo(_47m@pyKfo_7fxO_D#m!9%V)bsnfFH|(RcG*l1%^TSJ9{YW+l_#m_V=E-#Qc{ zTGwqrR{I+xc@YKQ1MkpY)X7Fzj87!%)T?z5Fkl~)WfLrDzjxC;DHAI{1^XT=rPdTg zP#1T>o4SP6@wZ?zeuo(NJqTAlryQ7vZxNDWW1K{dT`g;V2z^1LWWN{lTUu-^QfW6{ zmRW>GSX=_C3~$9rz7l3~OJ*~oOGL(P9NTt}!h=L*#Ovcie58kubXJAVM!!&jbbk6P zr4c#47dwO^&du;NRw|le<6t(cA7?3!Dhqdf*6n5~iY8=3|A#42+5DJ))%@Hn6Wr6w zWr$ew`;)}M>tfe{3Z+RY&8FwEF&JxOg!9=6rzbWzUo7oTN9hmf)WES49$4Huf|jJK3j}0NOHb$sTsjOV=(yfSl5at zVP3(E$N9c^nQZp{K@g)d*e1d_GctWi-eiyehj5zfI$o|BK7+UOsJGDE1Z1hWL=dy)?~_C@Z36oyAsC%xgd+VPQ9 z*!}%lTO*QbY;Yp(NYBOwZYN@qTkL~O_FdRMTZG5P0z{1UfCa{fXG<>y&B_KnYAhXl z-&@6#jm%UAw%P^8wwQO1@T5$9HDwx7v6SKa(n#hTD{eK_pxC(d9J2`=5Jm?ZKs{oT z1`w}5EVl6S8#kAu)aN8@UwjK5vexCC5N;53o|pG}*j0p_nMS@`lFB7r52qHG;)Lq5 zAW0ZU2kUZRk+A@y@a4PIg@>E~$Ti(QzV_l>%G-Xf1a1~8^Lf4QP%{KYe|L~*OXdqe zT+9H{_)6i-eNz{)hQn(Qp>{Z<^BUvFNp{2A=@rQen;(zxf7@%EW(6H!(8Wd?+@XCT zlNn2En8Y@&ZATz7mTP_Up}6piXk?7>!dOL2UiOIh3UNykaZeBjcVn^ZvzEJ0@t1JB z%`kk4!9NpsALpRR^0C`s9dD{d3S%4B&Vcl=r6W^rW(rtt0^ji*3TSg0<~{JqTz_c~ zH}D`*wDGX);a&N)rHqlWT@H_UOt6`;gCjA{ttw7T6&UF}TcqX&EOT z_%#NouL9y39@k~8&kP`#pU&wXmDkM1rco?y&UtRC19|9);2K}IT3nLm#WNc!q`&%# zQt**h))T%N3nIR6;4$5ho@o@YR8asd(L3Nb-*B8KkKSIRP^l~K<5blKvW#eLj&YW{ zK^IOm4fHnYuKMxdlwQR>-}uQGN`xS6Z-zIT6S~HFBtGA`IUdBx52|AlI+T2_4tnE3 z@3Kl!wjrbOK6ZWR%qGE&XSJ{p;bSA~L4sk8f_pi%d10GG?5%M6K1DI(FjOXc{;>;; z-LeEcit-d9QJ!>h_=ceH7Z{;ku|AC78%FW-p;g;)yH!yhcv*Fr*{$;m1DOs+t?e%W zkOi8>?waz!rt|^n_3AH08?SApYkQE~pVRPInuT~WE0K)X*!nGLMTlWgWT8Dac4_cM zY>%m%k-f(HI4z3C(mr*N8ZoLw?m;4qK1bz3^bBqh8`wkfft@DKAf}qn!1)`M5K`rx zE#Uxr7C16^6ZzUd%j_CkLQuYY5rA6YdTBmKi3P@c_s2?@`((L$)IUl!5fZU3aNpJ= z(nC72tszURbpz?R8#z)gZhyPVla2hw7`cwS%oZ5;%clZ(5YN&0U+YmmcuvX3Bf;D` zB^AAW?<3<#Clh_#BOlA4vV#qg^6C&N_;xqUr31(1sqjBv42$Ps*l}b}Q)xl9dNuUwjZpGoMABHHf z4uf|}x!7BvK06^}FmtKq+G-d^Ryd^3LBR!Z>4wY=)x1_EFnqF!Zr+ZMy@$zINC!nPeBF#>vUDq0Gmv%+|ok5sKr`xwptTgcbCW(gGsY zh#Qe;a=A!ksgK%c#uAwtzG)R2E>?B2Ce|_f+EH_GFzN4~e;LK`d<+A7(APESnA!R= zEjHh4hz$4q4z@h-AZ#VRwMh+vADAjpk?%DgA5A&ZLq^^1W^l@=?VASX$jeD1(+_sZ{I?wtxI{uoDgw(+1U~9(& zW)&#f-i6)lndTeUn~AY8quKL&BDSY6Jiu%K^?ZoC6c-MNW}vNLAmHmSQKodW(-$uF zEJpJ4EpoNif=?y{z@a98)MbB(F-Vf;Bp>4(ywWRrl^A<6nR&DU|0G_F?H?dPj*5OI z#vfxr!}!%3h^vdN_>P!_WW+ukcKtXX4}2=+>FMJ=iPX4VH%X;SK2hHXMDMU{6x=;S zDm%PZbc}br2Fx;T*o3LO@27|?@@MP)H0R&JLq)86Oye%YGjU&YAUz~FUKQk7^ZxA5S zHpl&LgdegfZv;vH3oB?%O=AQ5c66F-)=EA3wNjqR&fvLc4Pu+fTY|4*9kL#9@<6;L z(*T!+utg7vEcD`es2Mej&gd?LlIydGa7jV@4C^S@O8S`Y*6n7=NlBaQCu+TdzD6mi ztkUDRpJD}kt30JhA@+m6+F{81A{rYw`HW^6|MjU}Ko#&^@!-S)zA_#VE8x<&UvdHGT0tz}^<6381MiHH(x~a4Sb2yrSC$uf_&;7;W2O<-)D`ll$?wK>HUER-Ep84hcseY5|*Z z%MdBciZe{lPw2T?c}5@NSsdf;!6b3uTqIq;v|O*#wcc`324juodWWtm%Vp4Yh2=U# z*F4L`@!6QFT(bRREqz@5)-pmM3JKHy#>X6+r)c8lJ_@ka7y$ z;6VUK_vr`<2dNc`;984-1xbQYLO?}P1Pd(!mMsZR5&~AWA~@e7U@l1T4-`l^NOe*K zr&W4+C z-?dz#)Gu2uma_4r^?;c*?FP8sc5mIysE6h-tQ@HBj*A z)efVt<-r6Sw@Km;O1->yn$-Nh2FVCwY5X|AO$^d=*)L-v=mWX$W337f#n{!)z{GN&GUncu_TA2@2)phbfC3%c&OME_ZQq!UjQ0Jl#NY}Sfx@YX9 z--e<<#k=aiV42uR@JIu4qg?glF|rpyhQ=ArKp;=|>=HJ1JH@9p>Z-JN z26v*g_XF-c+TAzNDiEyax#t*93z4jbz6W0Kd|bY^yT3FGc}{jNC^nvZLY4V0c?J)C z>KkFjfu#xF%*MBFg9B2ik5O^54~NEL4Qjp-keKjx?HXl46CPY*;L|-Ee${&kPBZZq z{7jLY?o-wIzP*k{DP2|FNn$#Cr zFSN*Un$F6>_iQnuT{zk%fhRs5$^6k$b?I%|PmywJXukGamcMAs!I=Lks?iwti4TXf zvwRDzqrm9jP;-pj8M=Y3N3JmWS+fjy7{e8g zCy(_jtmfhSIg}ZBP1_Z&uNbM(R_vul6dvIU0_K2@4$Kf{a zd*k0+9>Lv{@%RE4&KQh6CAHt#+k=+0uM_{QSo~HdAunD_g!^jW#kuCZZhm~k5KRv! z^3we0axd1!+jGB%Q^m&!{pao=N<5#j*Ma-b2ZgyY>|fEA$cHFOwRKrHTI5)wb1QTO zYaCBF)p>54c2IvYoZ&u0KTEM6tAU!}G=64d1*0V`_EUx4<%-=q?b7T57gn-tTn(op zjlDhSNHeDQmdjxq9RcH1G=@-Xu(dt3`_3u^?(5+vJ$~W7pCHGf{bPC@Vb1Y|n46xX z_h33h`$r!P9&xT7p`5{qTJ0I8^+yh^)^!Jo8W%eGH6ok=Wq9u(Le$Q*iGvw+%?05L zzW|O`zUWW5d-xJZcSl~@(a_Y4#swJ_4ufkusPy2jbj4Zy+8vY<{m2yDHJL8LQh08l zq~NpB=SsS`6n{>l)KH+ z{AYT74oGG2CCca{;aTqPX`!jk#sy9YvJpv%AWkKSE67U&Aa8g8bCULKXqG!XF?>mS z*l}9g%K?1&X>pPF4veS*-H=)*RJ$MO<1^aPQ zP9Ll}{|;st*O7+WBB$C5JYU06=-|#MK84}^BJbmCJ_=`aFHX<<_-dnVJ2IR70anCB z)8x5fC%i(tB(6s1y>MualR}}(a^3qJxpWz~qcXZrajNnS734XwO6aHphrd`2I`}ipB9lCcj+AbcY<7_=eaLi5j~{(y-2TkdzD6 zoCIM-Dh#s|Y@hDmi^}6PE`leTYcXbwx@+50{_BuC_w&ZH#%Iqy|8}okSOIs!Cq3`g znzKLqSIKA3K5IO0g!X;51V?;u?E{80_vl>%p9M*V>reaewXipFQ*G!79`{DSYSQ@_H&uglC{&mx`p?DQLJq!2J>&{abNK2(79H?9TIC(L!5W&D9=ebgGvE*c zaQqLQW0VU;GXKI@XvTh-jXm6#Y*D|T z2v-&OdxU1CM|y^Y4flYe9bh1^B}-k9^hDpJf9vkLVJ3QJd{Au=s>qbWRc}BE?2J{*mOC`aT~Gxpj( zX3Pfo_w`_@LISOgE1AYy=)&3_gDob?eQ=}{1w&7wD7bpgoWF%BkH69;%LkC9EiTI& zwojG^sBX>?z?Y+ynRsUNk`NP&-Z`{BvIq)&)}3l*F`|aU5hZSb1XYno}io zy~Bj|mc;Wd*G z_U)d0e!!QVq1tK3To13&(~brAW<>hOn`BdP?m>; zS`R@VhJA?{CrhTF&N!#BC_MRw$Y&L^2GK+~911{9a*N&I}1>wFbxp)-}u~oq-u7~~o zGU|@80&07>9xmwJGx2*xspOq!leZ{AUKEzdJD&2!CAA%hHs$Sic_66t2i_;Hu1*?)A*;7VHt7pLKR-8mU`pGyws!`>5#&g8f{riUt- zALwZx1$Sobe5-q7&QG$Rv#ZxqoZlXm_mcmN@alffynWEG)&0`*_Fdf;F6fu}S<6mi zC@)n-*Ai=g(!V4ZxvSx~Xf$!DTn#^gyKz!K*TdJCg^!EKNwT4L00%q4yVux!v|89;3pU@?!NALoCxegnPBi(zWYn6=HTCQrre43GGTsLfZ+mBO_ z4`8<%)@W1{Pc@!!G{O5pMV2s{960dW+q(`#hx_irpg6ozV3k0>z*PcQ3k(RX7r0K~ zdVx&>Hwe5{;B5jo3cO3;-2yiW+$?a5z^wuw7uYOtx4``Z4+v}#_=3QL0$&%{D)1eF zhQLDt+Xa3i@QA=K1Zw}yJURrX3v>!}3)BT>2plBPBQR6oD1l=IW(mv@m@9CSz2Qb z{Z7hXV7fr3K(|0$V1~d!0zCpV1&$IpR$!LE9D%t4Ckf0KSRk-S;0%FYf%60|6nL4y zMFN)y^a-pKSS8ReaFxK-0s{i;1+EjgUSN~J4FYc!c$>hD0`C%dx4=yTHw)Y%aI3(_ z1vU%ZEpWfU0|HwFz98_Rz}E$~3VcVPA@GpEc7dM=JRqFjL?tfnx<`3Ct0gD{zv)e1Qc5iv-RP=oL6m;6j0y30x#_i9nygN`X}Z{Q_4B zTrDsluwLLgf$Ie}3EUv?R)Mz(+$iuafp-hsByh99EdsX+d|Y6&z}*7(3p^mOMc@kp z4+?x;V5`7)1R4Sl32YbmiNGTQzYwV1E#)sTU7%B-Tc9p5L*O8R9)XzxM+qD&FiT*L zz+8co1m+7Y5LhH|hCr{tc>)&-yiDLCflCDX1Xc>H66hDWO5kdN0fF@b*9lxNuu0$s zfwv00P2fg>cL}^(;3k2a1#S_zRp8?Sn+5I`xL@D_fh_`G5O`4F>jGN^z9Y~Oct~Ko zz)u7o5%`5b?GIA^0@DRL1-b?50y6{-66g__DR7j)u>!LM<_OFcI7wi>zyg6q0%r*H z3Y;f!p}@-oE)uvzpif|>z$$@$fvW_r78np%FL0f}^#Yp&ZV-5@z}p0F6nK}wy9I6% zxLM#9fm;PWF0fhPZh`v+9uU|f@CAVf1->q@Rp2`U4S|OQwhR13;1Pje2-N;4ftdnF2^=dhOJI(`T!E7W<_jzkSR`8A{}2D)DSTTn4iUrpk2F58F-LxuOHD@%dTUJRPWmCMRk_&rOPtyos$D_^43lviI}ULALD{w3o21N7{% z?(Y2N?(X&nyStmVb$2%-U2b1)F>%$d?(V9c-Q9TWqG_3+gK0sUUFFBFxdeX7yCl1` za@iFS*K{nexiapksrFaFRXlf|w{&u0arXG!(kU}bi;E^_m*!@r^qw%@@}68kmQwOe zn=&)W7ay|_Ukb!kUG>|De73{1z_dQz&F#Ivo7?>n%J^fHQ#7ZldqxhbN{E(tV+r!KL}%{>G)5jnU$30SLu*emG-}`L*G=IUD2U$ zD$TCw&^MK4S9Iu`O7lc@i0S=r_e0-gnkTA5-(;F6szcvonkTA5-(;G}Iutz?@B7+0 zJ`Y8|I|SoVim_~CR(vdT&&BvPUUPdVzzpkrENexat(X(o$FeVxruj?%Po?Q8PE0cz zjgQ&?YiWK(*|JXU^MwD6vi+vg>`K}G$I|SiY*V$BZ>nrL?X%_yb{+aprrB9r`6kmm z(fa&PrfGEucFc_=oZ?rNExxMUZ%*;6eo$LpTW&h4%NMV#UUCjlX=T~9<<+H2vJox}M1 zWJ#uBT&WDxOiqV>RG*p&rR6IYLs=$k7hkMRnKA`RvkA}iC%>w>E8o=I-#0PsG%Mg< z4YL8}w@G0Z&HvZ%CR5J+$C39S!VQ>z!E}EOWdJh-W+Kej&C@c(@ne`@!Dz2*?!hp5 zFbVO(U1jt0!ybmY1LjqjD2)4WntK4uSeOf7$nQ6?71sv1?}B*{rtcd`X_)nB(Gq)7 z(2RlK)Fl5K;10tS{~hydm`kvp6E!jIsf_!r)c&bx|8MxsN|NtOtW(h>%W^5`mL$<8 z)1-2*1Wz5zTQDEM6ugaiV3KLq!tXZI|9;?SQqUOiJ7n{3hyA2?R9vS6-wtyx%>AZc zavGL`%eGYWlSS7tAi1H4RfG6Q@m?F>4+cYZuH#A6#`So>6~?_WmT==d)d1>S&vo=()OqE`_&BGZha6O2reCGnr>{K~YEg z(y|pRSENn@{3xB&^0U-a$Zx0bAb&ECDSt9gg8X(KQ~pHyB>C<1R`tLybqz5fUg#aj zlFHAd24az}jZPGZr8M5cCLx~{VYQ&}*n;cdjk-)(;Ob&*#-prDK z%*ko7922;iFI##xZp3SGTj_S-PLZ~)GcctFk*F}aJM;-jY1?YwDubDLz+pP$!V(koPsxf?9n?EECb9MOi9D&7+@=P)|o}yp}0i}6X_8}=k!+m zW{N<`7?NaQ517z);GsIOm}**mYXTX2$d06x zq(h8Mz9T8gOm)XIMy$!l2$M7~VKC^7o_VuBuym3}g6zrZShlhU@8v8e|j=s0y^nx@(@+~i_`Vn4iQ^~DQYb#2OY{iDHln#mXwnY+>p#F1AE$*pjM6&_$*-=XeDPc zSUF3{z(8BgQZJHn*P&*Ua%ba4>K3<^Xb0}3+*#a~uvYF8`0Tk$W=NTk#lS!{z;x6< z+bE5|q?u;Iq^P47cE)SVT&L+;IaI@1XGxPPL2`H`mu-p|Yyu?a-74Qyl3S%^OVA?k zL|BU>QA&%+s*)u6EG7mQ&-HT18fVitkqrJ^he%x;WMcJy6(jW~@d?GON-~>|`kkhl z@UU-F^O(4{N=PlPt^9?_61OwP1aXs@Epan*Bg5U5li{ z+OJZ+&SO!Pd!q4xx>I>nOhTcmu2Y%V5Us$(JjI%k72HXFI*&m~ar}6!-qlJdQI3Q@ z)*|U33rn?gNm!=Gmt)H0nT0cEOrOjagcgJ9m&%P-h#4*$!_C2wM3kS3)d@c{5YsD* zCRH5FgB6}61LHWZ99#nHl;8H$Wzi(dVEMCgd}aP^4I@?lllW8TKSdn&{HKVcWB!xk zu;;%6f2#Z^@h9cKlghU-b*OnW)mWdAnTG)rxj9-l&_D3L^|I#$0eb0k$V+2ctmQO9_aA27G&?C5J8x3z9eI<| zrB>Pb&DsT3OtCt~kyHlBaU{t=_39W$k{m3-uaJY~*D;PHIg;Z@k|T8-Nph(A{0d2g z;P|q1j3-H&&f-auXBu|pjnB%;9!E=Vo{6Mx=reahPBuc-1Y>+|cFy^wQ)bO8oj!B= zJT1m56IiLo`n2N0 z!h+Z;PK<=UF%oJLNAUzw>QAh5>p;#*??9e9cJ|guq_*xWA?C?*)f6OYAtM$q!>zMv zu{VtHV)BR0;ek((cHgB7GM4SEL^+`c!$Q z{1$&F=_m3hrLUR^VCQ9^8j6sZk3cEPJ~^HgvZRhDr97RKhKk`U>qE&w{!S%G3R$rOE zoj*nT9r=^e=ga28ncjJqmd-7lRXA<-yy=tYO`kohbo#8RvrCJo6fcmTcIxCAGcKMy zFh>)YeG*y8H}H!r$<6MmaaI^4^tO@jHrqJteb=4xJ;FKvFz z*E|^4Eh=x6g=drVVFtl(yBQzuX4YoFoM+L&j*HG@kN?FsKkoTo2=g7w5ApHh*F`WT zR($ZorG#1$%=h89)hq*^llH;PDuzHI5WrPbv%wUvI&Us(gsQs2rN|B5njSJhmF z$Z>vrng7~S-?9~m$L3>^`+3COUnFZT3Kb)iqe|$%JRj2oL)EMCC$?6vMZNEw9?A* z6{X8pE@57ItfaK8s!BLDIeNijTa0rfXjfvDHRlYk(Pn!KXR+uDrq4xT zlr0%GVzGbKSkFjprx_V{x1*j_dc>!6M0hneOHV*18+ei}{05R*8?c-KB zsIOz-?*V=uH~{>Di7!IqV0gZXdDvy?%4(0Q9M9si%E~KnWJa4gF3tVom^Al1;I^>} z(@xW#PpPc4i2lIEB`is-t<6w-UH1~Z4|MyHQ(*MZ`rhgmgNdLPNq_^jb zd^C1H+E1I7=H53w&AsM3Y3{ROhQeHEV%lkDB)Khr3xDr8;TBzIxZ-Q_cNXu7`d^Fm ze+qNOC28(I0q+5R%EYwOyqDy*{4E?kPPj$a89vQSr?c??wEsCszxT{EcO!5Q;5%n1 zOgqgVliZfSh5vkRiTc+d{oQlZ+;iqY_kowd5L@Odo89uW@;~7X0Nf_rnBX9)Y>h#I)1glH|7hEqv>7 z!Y#Va@a$kP&@Gx6Y5P&jq+{2B8!tYBO) zY|8AJ-Wi263un!nJ=F}jU|2bqa<$>(#!sm646pHAvg*R&<8o^}lWT!QP zYM?fYhwVX)Xt?N% zaw9?^6%-baI`_QM+5}p%&&wUnVjG3r(=uLJxTLIXD1o>ISs%?Z!2(vylXlA=yRc*a zwA=i1?E$$eWC|XkD=U|ksi2rkaba~Yo{Z^`5H2Ar4rVAf&y34Fhjxy&T|s&C=$ON&4ls^x5vZ`m3<<=XaGE z^wl>0!2f`MwT)jokS@kiZ{zoLk(cBl8$bKAuKsSe@sqc!ZD>Ohe^+&QgH3;!epmT_ zk(7Q{b@28i{;ulauao5OD*x}2((h^=-jl@dVIg+m_dpVVpbNYteJqK8V;A{%Ch_NY zk$MviD|7jaPb+4=GzwkBrU$yZwKm2(Fo)}nY(_gmzuD1U-ZRxZ8 zyW0NVw(*m{%J>BIh+g1;+e@No+MuJl2NQ}B1C z5Bhfsewjd9g>gLmP<;Mlk$No43E)RJcI4L_CtiX*Q>35oJ#j_qn}R>E@x(PiPr={Z zZa#pYK>jmQ@XHJA6W}Gu&{X`*C!YR@RQ%eB^PioH|HO-5yC4<+i5I^%H5LDfi?7X2 z#ovVnurMWm)(O@g-sOKy{_>RkC*A`rPs#5&VflZPs{MldL{;Foo$#Ni3e={Q|HS8^ zJ3C4LM0=oXJ4rwN1PkEzouq%FHF#eq{3lw2f3%IC_DT=f9baJ&c9MT#Ie~T<`U-yD zrGC8M!A|l|z7yfU`76@5-C5tM7(f3C{$!?9I{m9I@Tbzr-*$mN)x6^ODfl~EKT4&O zn{52dpWP(qpL@EJe>;=-*=(#hl4+Cqu_la5KI2Qm$!=@y_$n^=UR8)C->a~+3mcc+ zfOyx1b`_U;Ng-JL#AYr6U&U46tGI%xl`)z!E&!Lwl5-h|=|l1|QeYuiFjhJRYh`3+ zx=cu=suC4`Z0E&lDMjIWF_((DN-VpPWv{WOR<^OGh*d+b4Re(hhz9GoM7*0rpT zYDLqh6=_qadyAP%*+`3=aH)TSY?P)a3T<41CpLW-&YCu_2zi_`qi{jtj0;)Mv1R|2 zE0$u}fAR7q7iwcYSC>`RmP@#$3(iM5UyQc|J;^;N$vq;;ot5OiAjy4El6zW`dj{O; zw)7V!gEU~=YaNFe{WV*d&Y3?zw zUnKNtS`*yUU@tS>EpS)CevRpNUxEELus4`)FWl>4{}oI+M*pnEY3|>{zQqg=!2KBP z`%QNX+%JlqHH%iiB+dN>-0z#=9=Jb)z5C;oKTXSr+bwoQAAmc<=5B`jEV$2s@t_B3 zx;)LD1N%j$J5ZkHo&r0$M$4mag#hua1FU>M2o zvNZQt*w2Syd9IMp>P#TUM#O9jm&R@5V}28~D{8UB5v1JzD4QU)^2JMhr8Ub|Tv=Hz zbh2O3{31_Pb@@`Qvi!=j#oUd#qWsF0{$*u;Zu~So)pkX0++2aZkmOG!6OWqOBl~z@~Y-RN_|FR#JmoD~|;jh*BtCy*ymM>efq_X^q zm8hSMS1QDQ+FMqQ*J{}7in4`eNvTk3Q)EYMF$7+5rDkrARem+K z%lwQ`2uz2!dZmBm;+2)!%w;QL_T|e~lvc$8%2ve#u-h~iFk8yE#@rM-llxAmV0-DZ zrOOtV`O7tKHPyV;%dUpw615puE0#|#O<%Ee<%c;=SlR`nYHl*tlQo#0YcVFtwrMI0+g90_H;#8<_F z*XGIv?OtruWkIXUze}r3=d9Z0^F*gnH?_-4)qdO>ZA@9Mf8}y0^I|R0#&+6{w#6wX z_gdrk?N8w5-T>3BeV*vCo_sNOw^ivbvo*{5^pRP&o7!Eh*WTrcv z^A`@dc+c2j*v*a&zv}Jj1g$_UCOUgO;;BM>Kq9w1!o$ruFy-X8kSHJLw3LhAfTBG7 zW(Vcqw*ln6Hu!xz9B#@aa^-8<)o^p~xws*41Kb>exo>@5x)!(*ZtiPW`RJzo7u*y? z%{TM4-@|=I%$=s~f}3F~9Q*R&=3aTr{W9DG;b#0C>py}!mOiPP)%U?vxR&pRn`w(1 zf(?P2>8o&$c1{AlTe}Eurl;i9(u&nycBMaBA-b_^r{=>A+Ur|%Gw0ws2w~5r)t5AJym4BYE zdFLGB zlcKT}OKN;&S1C_WBzhtmPW}0_CU~OHa9gV3VIXymI8NS8@}&F#^DUcYQPEkE#wpZ8 zI{n2KBk;h-^pgO$6@QxIFrACe(Ay8P&3W{Xh^st$lz6kQ>#qQ}j?l*u2hP+d5jUNw z&n9jjsaFuUjMVFiHxJWqCvF|7ZzFCRpg%9+1N2tnjc4lb6K_6KKT2HHQ}6vM-2?Q~ ziJLO?ZxL_I(DR5r9(@|I*QGBa4)oMl5?8tO>xf(X>$ecQ`z!g|N9cc`TRTPHK^!<; ze?`LG`VnG}TkrcCaMl2Q2=Sr}J&U;6txqR*pQ$e)ZXKXsO`LU_UN8O``tOK6r|EwY zoT0x*ym_Ra_ByaOTtAICf0#a+xcN-|LSpX_eHQVeA^H`>RYUbk;+8Y@)x_;1^;?Lu zhUmW{Zaq`Km)Jd2-$C4*sXtAeKU9B@c+mj;u(-|oS~Ofg>2L6FJzeGBJzO70w`aIM zpV)o6zKXbNxc)0*ugMn}uJ53`-Q;T;uD?t7#^HM3H-I+}*S|&VIbEMg+&o;bB5oO` zZy?r2>UR>mN9y+yS6TXVs=k%(=3)9%#971jw}@LZb;p~)`NQ=Q#O`$c+r*x9y@c4? zSFaVEu3sv$rv4Uj>&g1Z#Q7O|?^fXUbbSPIONM?P zaaJ#VCUJf*eF?F*m+qJFUV4DIxtIPk;;d8jO~kFe^xeemz4R9)yuWUU+tja?A^N}R z-gt^CZ*M<^v&`_SzIy+^BRtSoKaY5`Nw>(P%Qxw?-uibL-mL4(h~2&QHNxl7e@?t{ zfWC>irLVq+*wb5ojyQjS{w8r&Z~b4y0W;p#;d-yP;I8VYk0fp%u1_QOjMU4Bo1h28 zi%!;WA+9=E-$b0>Ti-*RHBx_u*xOq_LfoqB8E*qG>a7na4xFq{65LxaByP>nONqVx z^&b#7_1147t{R~Kl(@yM-$U#t7={Z`^EkAAPv_t760`k|)Y4Aox{x(xjj;*EWD z$9uruvvenMv#CF=mL6GpXu8`?TxI&Vy7f%*X=mu;h&OulJmU7g`X$8fVfs8`&l$Rp zc(X_M6X$#Mwc>xK{$IqJnIE@_n+NFk)4!#U{seJrAN@Jvs?+uNhy(rge+wR@uE}oX9Q#1AkKH{ zecOPwll6hbP5t!|#NG`3e8Eor65@Q9eg*L&r@n@`%BlZ^IN;RpA#QT&yNNeC^_Ph^ zJM|BV-Tm~F-Un`W>cfazocj61txkO|u{Ka&PTcO)uOkkO(0?lake9gCqi>gRkE&ny z8T#{dH+%F}V)v=~zld9OJuL$49i|T?4xFKnC3cU{rxLde*S*B;nfjIDf0lk7anlI> zX5x(_^oPWKhW@IA_to2py#vg22kN~Jk*>df3bAK^el~G)KYcQB{z&~h#94jyg~Z;G z`f}n$BlYWu+jadX#8o5pKN1H<>Q4~6J^J&+o>TRAiL=hoPx=73b(lVcIR7-gfVjmR zS6YYYOX=2z>J7x3PuFi3x`BE#v3H>U67iye`ag-Q2I@Wj3EVVL&m`VBP``jUe~9iS zt{S5MfH*KjUr*dLMCI2rSig_%tW%Y{YM8#4ZqG2iRs09*$B6R>>q9>T_72w1BhEMJ zy(V5XSf453XX+KiRfF~Q#DT&3oy40*=-VZHsQ&K%Ved`g>#C~0|9#S=lmc?WYncjM zXc?uD4h$kfI;6DFrXihCxy{%FGF)<#P6z}9L_~?mWJM^W2#Ar%G6!TRqX9tyMJpm8 zGDHMKgz|pZ9?se4+?&GlJU;K|^MC)|e12JHueJ7g_PqDmTj;>f=?{hW?wHGOoH-!a`Mba2P?LqgR~>Awg~?Udf)Z_vz6>4`#@*zol2 zke(yvo?X(NLI-z9pDQ#sDt(>M>TOJX*YBLZPn$F8mxT6jpZ-Ybn(fm&y)AU7^npVA zc1kZ2+P_meFSLAg`h1~FtUJ}ar+*^miqYwZgyt;2e3$gAVji&hx_Wea_}|6e==2^! zbEDIT3hlA_y_WWjPR|#9#jfd2p}nKi=V`s2)3*v;Gdlga(7w^>*M;_vPH*-ObYOIP zoKQtSQ)v0_>AcYOqto9P+M7w=BD8w9^m9T7KbL+}X!*A3VedjSW769TEgzHKTj-K8 z>1je!qiy~elWx-d-P5at_KZpQ3hf<}zE_0I|)tg zm_Af!`PlRVp-Xm2A1idtF6kbjY8Mmkim~a{VjkEb{d1w!W77jdmyAunsp-z?;C;~_ zolXm_7?a*lXl`tJiqM|1>8}dy9h*Ku%Xd$IU+DTB(su}5vrYO}Le;kEzX|Obl^*p^ zXlD2H{z7|4r56cZWAo?WPU#h5?%O7PzNVwnKhbo%^kYK%w@a@VIvD`^b11mZ%m-l zf5Y5B!}__87}I0^JoFsQi=mf5Pl7Im{up{Yv>$o~dXGYn#r!n%IOyBZCTQt~(o_d@ zE9hUKW1!{ePk>H<9tLfPe`+K=E=|#phrQ!3_lCaLvzq2(62*l zp%*~EhThMiJ($-)PsaQd^dsnt!iWA7dJ42mm8DLF?hJhmx;wNDdI0q6&?BMW#+_Q| zcc7in)8U^2Jp+0kbS3;7px?lJC-iyflhAKM2cc&{Hx0_TZc3%cLeGXC2wjN18tAt% zFNIFTd;;`4n6H5LLhpk92>Ohek-rI@1RYsYmU;sI_R#C0he3Y=od^9Xv!2&47hvyV=!MW*p^rhIhTaGL zJM<#x7G-6rZO|VJ{XXU|La%@x1w9{rBlNq_RnXP&&xQT~`eW$D(7T|QLmz>D4ZWA3 z-OztQ=Rvm~UY7bj^3OwGfzE(7LmQxfgD!_Y4*fQ?6#XAS-^Bb==(d<2fzF3M58VO! zKJ<9xn`}~++8*<+(5Ep^fUbbfhTZ^egr0)@YtVC{=R!||UJHF?m`dLVZN&TxbO!V_ zXeG2{L|N)m?C%IY5A!(a8q8mUZjHGLdKu=Up;tkVhn@)kEGV-y>8qf-LT`c|0DTa8 z4SFv_e+=CKy%xItre&!dbRzTx=xk^c`gPDJF`opz4tg2%K=?O9cY{6*y%qi-bQjE< zj4VryhVBCWEBt++eb8yppFzJ0y$RY4{WbJV=q=DS(4RwZf!+pv1bQUyJP*AC^B{C* z%$sgjmO28Of!+zf33@u_RnWUJpAEeSdL?u&{5zo2ppQZCh5rZWYRrSs70_VwveZ&& z2HJ>xJaifKaOktprO@vo?}q*Y^EuG_p%+7Uhkq0F0n86W7h(Pj^bO40Zc&zc5V{BS zPtZf5pFw^k^dZcPq2IuK0`yGiInWEBmqSNEZ-Qo^PeXr+{$HSffNp@UhkoueWvM?x zcZdE8dLZ;5^k+by!TeR|-k7_fbD*a~tD%=bkAmI?-4Qwf-3huL`Wx)M0bPK(Y|FCL zV(3250r<0_pT*n={Ty@!^g`(Oq0P`f=b6xxFMZ_s0*o2AN9$3gdjwnA&5ucFrp zJq+`O&0dNlMU=nCkcp+A7W4E-6ji*P&!Jqh!A=$X*B zq2u6>_-t8fU+5mtt)PcN_k(7k7eP;iK861I(3Q{|pce$~Rf*8t7PPEA&w4x1jq$Z-5>I9e~b){uR0}bj0V%QX8YC22K^@V`|vM;UWxf8 z=)ssDg1&|MW$4?`&9*5^{T;dwbU5-V=#7{gq3=LXg}w_tADTw~Bj|gWZ-M>;x(@n2 z^pDVgLjMUp6}>ICElYh1^G?tl=6#_bVEz*HU(kin51}p44bWB4kD=dz)}Vhe^f}D; zLIcddfqoJCPiP4=y!%#^lkZ~HvXK*i^jd0NTo5g?X6x%%^loPfxx2nATVI=%)moNeLzei_xPpbwb`JjO zs`EwpE>=&Qx?AlEqGw4UMhsL$rKMHa>LPKnJDMj919W9G0c_tH4($|`XVmwnRPJoILfM$54~Ma(%{Is|O4 z$m(qv5`EdC;L?V2XO7uwCu`twYsb>89P{Ol!)j?KhHMK{9r8K2E`4oTvtwiYM3YIg z`c1QMgsm!tTG<>+j$y*OyiiQfru{}#bT-?#Zzc~7p<~kJlfrFN?-RrA>n-o-JT4Y_ zC)`M+tjfkBWmO6yrR$@pPR&tqwCP-#Bd2#a>PPLaeqmWo8sO}@RH23~ZZ7J2y9l{vqU{=#t}Z;rBdKYeS5(+J>TDftLffK`_M0fRlB-p< zZEdzP-duN1w;Enh4AWTaZek;Z387)z%GBfg)vNZvFmjFUdMghsX{Zvxidb|3mghKx zj+RXtK~ZgJ=``y3?z&^ylcxI#WI58xsmNxep>)K@I^xW3uI3Jo2NYv>OKU6$;!e>n zh-m8^V6&C(muRNcZiKE}asoTL^oFcZ(9oUJ9_hrFdOVbnY}SenyvdquiIa_7lJZ8= zbbL6-P|jHhBx8LmEtGv~k#iGGD@Uds zFR^KCm(b*;laxoQ6=h$y$pO*U8~3`z$*FUyrf1nDYywM8lnNvYv++#ItyZ45$QF1% zRh`82p(y3XEqYaLY*CShL$XjlbV1&kv%@Q+&fs`Rw7NPX9pNW~F%{o6-`0PUOGqH8 z7JcXF4YJ+2h4Uk26J>btqOTGix+z@}eTZgEOva48TI(@AImt80lPh^eVE{NBQ)e2t zm(V$z;G1JXhZ5@Tf4xoe^BpzGWxtq42dTb3Hd4#pC0%apcBRXlaF z83~Cwo^`_pA}1|}-ngnA4f#?2v3$DkjmycLW@np(MH&*y;j$Pr41^ilh@Ng>me;jV zHJFNCf+OB`%L%9^XSa4x#oAV#P=|>jJ-to_Csri3+-OXPixX9;RkRm68C+%AF1c72 zI9F1PKO8V?s(pEow;=)4&-5qd&{tCnNOPs#)9qH&XZCo;s+K3Lx_x-YN3Y|Xt*xsg zz1T3#2t+(~iR|9CJ5kqFAI?lwL`~RavV>z&PmGrXYb7-kyjYP>)<4E$)3V!8*k)c@ z0ck_T#bULS<_%r-h`7l`jMVp?>O|n2b$KXZCN2fxb_ryM#=O+fl~1UtBrwaJr_J46 z4IRtdO;T|`l~l8mD^2vfYNah^Y+j!|wxdq-y4xEX=@QW&YU*yU*MkO0wurr~gV2UD ziAkdR(|#p*QGJpWg!PvQ5>->26?Y?2jVdG2FJAqLBvylkfsAqEUc^OV!L;oUO@T>8 z+pYGxi;^ggYnn4XSP3f#?YZvVMNj@9RP3A1pDm`w5Ei!hs6nP6Cb*WH4W@Rdz8u9Y z{Ei$`MRxDLu!?v0jYRt3=Bc0)ZrENWDf1*&x%s$;CTf%%rO0yVqjYt2$|R4inCXk^ zL4gd$b8N#k≧Fa`_~kMAuquCI=CE#G(Z*1`-@PR#K?hT1=}>71u%)r|TfSe= zol?!Ju9kPr(|I$N!|5AOOV7wLqgbe+ zCmXu+*}9H~mBqxS03;>6Y;U9~gTI8!^eOq?r3hEP%_+v0v-*mtOFcjnT`RLlMZ~nM zMYx=Rp5#W|QP=BB1lTC(zIt)Hv6eewnO?E(At!ALzrLg6xR!#ji^OY{i@4Vqo4hKf zz)V&#c2`?5wglfyH5ajynEEQB(VlBB=BoQ5rHGAqU8(bFQ5TqCD`uPb&c{;v!1@(+Fl&wDz(sSg+#pa-Y(^?nRa5H>G!dxWV$!nHso&q*R5!4#pIjQBSOQQNn zdJ=9PHm+kwJw;PR8pwQSS2FukoyxZscraw0!t_M8gX%xJ5g;DJAuYOzmqcorQLoHT z%XfBWW;pJmx&h0%`aNa zjYN{ZgRVTI2X2dyCLnyZT4BgEH`0yN14f~s9x&{JdO)*>st2@iqxFE+@P;Lf5{kt} zX3UF3a_I7^-L~Rx$ z)Rz?GPhV*BrpJnBKu=I4^Lf&tniF5e=Dav7(TsS)WR~&|k7ZE9*BLkQzBRAleQR#f_iZFYyl*Wm_Hwmg$d{|7u6N-D z)m0-NtN8oU4!Gvt(=PrBjkcKs@*5Z5;!sI%?1o7nt06r5@x=F+v}%P zP4=doT;_rp7c*RCINX_SYHeBCY&yVBW5`H|!0U!N{UJJGkvP@`b8PFsm(gO;u;K6TajtTn6dq9>~>jK6wRX_8cL8pD#KaMu-B-L463#1 z*jSoz*TiXt*)Eiky->!Sug%y>Nt>B=GAD%?Q)ezy>-$NOASB^AAL4}!9y4vnwRkT< zvm|)TNl9kqQOZI_&$?+l`PPhZ!eHo=jI@_Jl*A1ZKM<` zz3T3=6>|%jmV9P;X9p)>)V1RuJKgLRZ5g`@s=l^eoQmZ~lrjyd>r9hrYsoWfSkE4{ zTK(?2Iyy3NTG^gfn`vvH5OrjhH`a1}UVWZ`);F?!tRbVbnLcF1jw9V2an4`zT&BLx z+*POb3jNcCL2vz_RLZO=ML2JR%C-R-r@*zu)zzM1}m zt|c>6pR$cE{el@{ ztLwm4D#_YbS+-h99Y)b*vXt#`;<{ryUo_KZ5jG-rc2amUdgow&ZkUsoAMmDm+P*hwU8W~@XB1-*wN{+ z+lgC7SHLu+DA6r zG&Cm)7YrL@T^TrU!t!j>L2v&EJtCDdc0{bpWgSbytSstgvN7XlT~-ZU)vq&`+~O#e zog9`UeFI&EbLIxI6^XQ8b*A}hY)phyno_ECsrQDeEg#yVLQyJYD`)^G-iR(|8OrY30nZrFQ8>wrWY!we%=E>Lx zZF)0NHz6j7Is_DdW=Dn+=G$8mvK3uSPEdoeq~B66J9X$samW={u)@`=gSaSt3ulr7 zRV>Q%kb7Q9HRcS6LC-Ru>VlBlP}JdxfF6PjsC!@V@7 z?rpO1LnDy5eA;QQW`0^oBUx#`Q>?(^_5#LO{ODWCU46Ks*I9X|V<~*xmUCK32GUMu=rS)y^u)T}C zqEN^YahV2cds}swuA~!Cj|?ShqQBl6y5M!8oLxpDL|}!ka`Mu2nQdR86-KSG=Ed0) zzO8K}Y`Saf%ZdgRrffPc;!RAQhH#HADbEcVj_M?{%TUqu|H5$P-RwrjtV9%Xv#X6U ziLUNLTf)+{t~5_=Ei0%=qRzE6Iql@(h@+b(X?Ee-Hl&W7+zs?6l(6-wcl9p*ZX#bK zCd?>h{LzzC+xnC_dAm`0lG3k#Nco(|U={lpFt4AM-9Wxm|Jc$f8?Q-&6Lxbw5&*!3- zByFp7UprbEMVSdk8`q4<)HW~1fKB8>+tZE>9Cas2_x1JkqZ<>*DTkg& zGERf-*P9X{EqPQ_m{t zt3&oVOK_DNK1e2_7Bj`c!|dDg?O&9aC6*>Kwz?U3~f^Apq*lvQ!cI8dF#RiZr ztCB(7Xsw%Ww4P3+E6Q#-`;Icpn`P8bcTl9NNa3OdlB?T2k#xSL?ib}`eQr9(GSJNM zNg0LP&P8yRsg!fR?V%t^$)P{kA!mL{pVJh5R}mDOk%-=z*6MCQuAPl@VmF~J+vFzd zx9mD3v3|JeQWPqgB-9<50tX_Q>27HSFM-4Cgkaf3)4MDfX(nYhliJT3LTg?D4zsy$ z)t9qnv*S2^0fD2sF_TiCKLXVhONq^{MoLt7TYpW zTQ5smnTE!8=}`F+$(Bswn2IJLNX%OlkruIMHW(60^L46pUwn&0j7{Sz#fFe^4YM=5 zi1!o(uj)>C9yXOOC;E=sdO_y3q<;_#wX5~&_3pT3<889a5R48BV>vx%W?W0mbV)&Q zQ}D$VWVXCpI@fmGX0-fQ-re3&*ToEnp0qUL?sf?;tpH7m8D2VmRGg!{zZbl&bBpU4R|T0@jEl^o@>#ML*#Ul|Su&uVqH{uV zmOY5fpHhpg)SXH*cxJ1WV=k}lY&WTCncektdSug-83Z$3D;-j1SoAy4j=g-4OO7c;GR7De+sop=s;oM9lHTteZ3Uq(R`x;>->d#tubt_AgnU1D-&_g?J zmc!FG*^LPJeFK-z^gM}a^Bl|14|-uB6qvD5I5tc07R#(tMo-ElBX*tB0%2G~^kC#_^)^=tcr4FiMMp-N$gtZ#na7gVp zs9~p091k@pm-1N}Yg)3cIVN&-L5vv>a^#LJq9!e6flzu>(#E(>BDJck&n0U&vs@fw zNQI&oUi@a-q@QIc-lFB|V4LTtgJ>I>BwNpPCYd_Omg&6@!*M~jOJghcFaLrx!Ad_M zG*boALubU?t><$ojLhd9_~|7<>aXA(u*s!C>I+u}sSCk$aJQu!EES$ZseKmu z&ufCzl|PPf9nZIcd%y$WQSc=A4R`_k2^<9e0^R~*_fSiHcii*4$Tom2t_@NT!H)F1K-4thZE`aXUuPcUHgO7 zOfUz`2TkBSa0j>-JOrKvQX!P+T0w=k2L=iA)vu7p!SGju)PA4>%%OL}M?vhu;P3cM zX8+6)-L07kjOszW;mZ1niAxy98?$`sw9H<}P`>XM3T|ew zEvHnTYPa$U`Xj^r+-4ZY@vZwd>jUpMCA~(1%>Z8O>bb36--nc6$(m0aUuo;1n3A#f zmy{hT$wf)_zNFgDrLe74CeBH>xs^2wDr;s|O`nsQKBp$*nHNkj9H%d1D6zoXu%8}g zswdY>o?SVwvSzNl%6rF@r0)C_xb;)$h&%Uzb>N9l(0}?9!2C@>m0dqdG(KZTCi-4nfiKZWk3PoX339sDWvDn6y&bo6F{8n6f)0~)}0 z!P%bzXM74Bapzoc5xC?N^soE`xeL>^==FhH!JXhfuns%{o(9i@_26ajI&k)eqHli+ z9kKg9*zhTIOLzNZKgGR~pHeUNDfLF7HyZ2;_5}NaNgx^TgW;K30bN1uC%f46T(Cb7 zG5umwg=r15KS@4n&@+VktM_FSBg;i4#!?Y??K-(sD&Z(eFW~BW#`V3Wf9m#Nuvnp| zI%GSF{%qNLZoM$eMrJua5iK*OWU28yJpS=zJH?t0^5GBEDdctJ4vXk%8j#*j9PzeW>i zGZ}AJ2RuKGbcnZH5Z?lepE{w2_SsAa7QD?^z!I<1BviE6>DF$eH1;)y2%}MnW`|`^ zE}LQHtTLuJWWmQIn&F4J(#ZW(O(@uY4cqNxJF8u0_ebk_+vS;PeEDPz`+B^L>jE41 zYiPYh%EWU+QAZ@z?3UBG+%7T~ktY*9VO@*88X+O}X1AP&c9zYXJt8?9!qjsKoSb2D z*0qPlCZNn(jnvZm=!wdj8a1z`s#?ukICmcZrq0Ev|7jzF>X}tD=h4rbJ8RC78PS-5 z#$5exsyrQ8DK^BFxzj`pb0HhG<^KY0#>IuxXI6=pc33|zoFO*Et%c&&!ntBiyR}f< zS}1OzFaL}O3)D2!`A-1E-AeIR|C=lR)QEdHFrWWZktov&tA zt7%hJ%^dDSRgV?pQ@?k&cCATM1{*Gi4~v3taEHu%PUUGd!|sDWh|e^l%-zb^?5F_-287i|EdZ% zHzsG%-NYXW7hi;kEj(Cv?0mkNUnY3b5`vqplj=aPAq}<9EVeM<&CfGISFkh?n<)%u z7~?VbCf*CD+!KkONzUXa<=#?&OBe3{4HxPqghlt^+&`9cx52J^mZf&ttt|B=a0KQo z^i=R9xE`FlJLj2$Ql4K2Tk<>+EC8+OuY|q|9s^TwYxo{zsWIR%@D*?=xC6WZ6!LFi z$GO=9?=sBdmbg=o{0wjn_$BxUNbkkD>tG(pgLA=E;C}EDIACwW4(8XGB_Pf1NER8w1Yet4_1P2fnM+cI3KJAmx8Onwcw}VW^g;$7C1L|8X0GgV~-6Y&8-P<7tD~=9CtR~ zuQYa!JF;=5wXK1&!T75CI)??Bh zuJ#_Um89DOvth~ZwS?vOX8GG5xtyhwIjN$NdtxrefS<7Sbi;f(?7@ z_aiSq0^rBy@O!}k&ufs2p8Wce3zhk>UU8%XH&4TlrO-7csh%Twh9`4o&iys#8$0Ef zA)9TU$5{L8(XBWgKbx_8Ic`)Lxdg4}DE>_*ZfBIF29T>ON>aIMBk!7M{I5n{{Y}Dn zEPBYRYm8h1DgNh>_aINTqH`rW$Oqwl2KlMTtEb@hS@7HN`zmzi8vCP=OZ;-kE6&DF zJ8oRf+{Zj4-&)+4@Y!Fk#qcxp4c!L5*zXnhFTjls>|(zcc|W`f$a^Z3DxZp<#9v^Y z(qugU*MJ=I4DVGl`L~4kEYDj2vEPflg7gve&M_E(_j%-}$xE=m9R6p1L_BQx#=+;z zbX7i$coRRTw|;?nCVADB*8Y-j!^;tF?Ds7sjj^+j$VV7k>(7DLiO#jSzu4G+^&=C1 z=dRGq4MrxA=Wu@z_j`Xz8Z05clo8$5NC&=czi<^)W?JbTu}@Ebb1Abe_OYloUplwj zWxDG{<0ed?Z_o|r!^ius##&v)19`*etu;M*q> zuedPZxvUf6N3W_(`A+2{h7aHS^kF3>n}$!L!l!LK2MUu?S`d*g4?`j$9t>@&&mFs^bh#+Dwsvsb|EZFpqGO?!Qt?qxBPEGU$xI4St|NI+J@l! zI{(h+?Fiq)gkkkB3Q=i!TikDCms#@?OP_-tWMxjLm^=S2p7X=eldb;;Lf_#jX>gZ7Bp%1-(~(R?kC;ajI=ue-1{kUN<#0dg!$9D^FP&l z4u98y^aHG8JV;w(X_KY*TPm{uEgV?H?XSWcwvM$cuopN4%mLltOz?yMW!#-`|4Ga* z0bOy~e;@Nx^h2bn7X0RSC8@RGZtwtj)IR?j`U2Seg_6{cK+OL)AYqYk6!Ysz`11(M zd0-8=9y|b^1TO&fd%_F01!Mm&;Sl_J(fT!*@NoG9f+V!qI^DU`t5|1`oF_zYgMQ)m>&{w%egeLFf z4IjQgxW2#V<6zh(Tkd?=$vWH{i;oQT{NE?V|Gvw&8nx<@e3+#&W)b}@ES0npGucbiLoJm&C-y5rHP{}=c%TA^{#HQv+X2!0tfkYT!k4@& zdZm^!Ow#6IP|@GTQt4icIc=%*$;C`{quqh1eL*P}`wmd4C14oO{m>jJ;dubs0|K7c zLwiBESw$T1ejjm(Qtm*NDhD6)Tn)_t@ojhUU0l>nn* z7bOZc8d|th5;&)S`jug++rRq1j~A^!r5o|sSU$YC;l67 zK)rG2%g`SC{At|1*y=v_U$8TY@ZJp0TskcEM`)(eJd1fL&t0Bbcs_cq>^DuMAMj=F z`8@ddVDBmLE*Q}~EVTpJ7fc58fXIqrDYB2jDzFCJ1f1T3_W3!FC$iTuOP%pa?co!r z4@*5h1fGWfTkuEl3Rnl;07K~)?3Flw^7^DRBooY zl8>f$b2YLoC=E)2(qSdTyxvD)&rEwE(bJCF7Q~rLtT{RRttX?rIq{xf3`>3EQ{ca% zC%T`c|4DKeCa34z{3Pn^4Mm-ML&+WA`Qyw((V^T+@{{KOs(ZfvDK>pw7=0=-Usq(3 zi{#dw_Ii5Y$qZl?MO18wgvD=t5JVdSzfF*b*e&`H%TOY4ZQ4JdjS5 zf$gk$C+Oh=w7E|XODzFSpcQn272qV`%Irw@U}@6Kmw{}b?;J0O=F2{MeHsksYdSU$ zY{@rr9z3~WBj10*cq89``~**K*y5)DV*@+qS8_~zzLv8pn`^~Q|0izvKdmelZ1|jg z$MWUkRzg0}my6p8`To9N(s%HGuK(b83^8LrY3u!;jC1{;o5OKD8OQrS>6d&`P29Jd z?#z!>YW*FyH1qA-w#`h+AbXORQVo@GKIJ|C z%6op=dw#}y{x#1zYxg(a^RwRbb3FH0o#(yh-}2mV`M>j?U*K5+BjNeI_k2Ik5>EL& z;5|R+JwN0zYe~HQ+^M7&yVojqq$05ioSb(6n?+uKgP2T4CGQWY>(w%!E?WT zzDhE(1eo8*Qllf*Hsg6cRGy{Nx+DL0qU*|hP*9?Vl@2S@7{1Af5hFGoF>=IaBT7e< zjTkMDIJ0AZ*V+ ziO2OKr|?{cT*{E_OAz@E{FAu-LgZwO%XyYLFDD<3T;lsY@=c^L@ss}XVR+(~wHJ|( z@Z=T9t2PI`_AeK-k|fWEDJ1vN`!0n})CAekl&R`1N}B#QKNG%aFVH zCFQAw?D<0O;+K?ZSCI$a`yr|I?_%OCzjl#( z@5jl1Xyqr1+75F9La`MSMyI+YHzAl(zb&QwJC0_WP z+}Rac;)SoM+zVe(xfebsKi>1;%{P_$HEu}Qe+89%?El_+i?tK@yax5O)$`?2PWFN? z@%lWJ=!QQ@8!1+AydfpZu$#$K^3(}r-q@v?@Z_i4x#Q}&e2Nc%rSTlEKUI@&eXHlr zRf1`Jx>h+={wEv#g1&%h>uqx#X~$dsh6(%cKmH47rgTi)}aOiek`T?%(bv(bl zcDy2Ov~Sfm`@T)f3N7kL`@IFn2rW5Ap_K`?1K~8r>p6AFhw`qayzjxgc@8`eB+Uhq zAEZu@_a^UN-mm+)@%kpbEqS-jY+CBbEOMMEkh82Zequ&XRp>`M%42}0xa~b0u$lYd z8=SBIZCan

    0T1IVw`sXPWb#p*9y9^1g&4(jp0agzauTy%WZaI+dI<74q#ON#*34 zS&OstY9>#gK65JfB2KNToTm)4a#8i18a_~TTx(+n%PM>XdSqqNmX*id%9h*DBC|u< zGoMi=T*F?{f14okIRe9LeT7kH^q_kvTy(+7P7J>neVKBZ8J;Qyi*_8Ink8oaD_7O~ zm!=LGJv^1k%y-8%Nw$4&KNM7lN%bCyvk>G z%ekX|TG}|ccN{%>Ibsu+7PNGBb=S5Y)!oRs#^%5*eR}L}4IEqE#rCCIju{DEi7d$O zSsZaz^odsbkec!pyRA^O*~Gtm-0}k^WjeX6UUrq*(~{URx({g}AQ@6lYL3O)twE1R z2Fp_Gt}9Dj^rh0&dtkdmOH*S&(OjI0)@dX?2Y~45a^+FqZts^(Z9GT;dkb8OIa^<* zb~vs~PR-;6jvJpHzi$IaCCjgm^{jr-msTnxU|p&g^c+a|8J(n{6`+sjii41Ya*zXx zePh+oB_Pups7zI$mOxXxmZ_=+{srv)8Tl^(`U4Mv zC-4K_63iK}{w|((EKzGN#66G$17E}L!`QtUceW`}8F6c8!VXP=0iFjzKjALN?-b$c z!L2_0?LPmy9P$f}_k3GaTGu~&^-IZ%!LL8#h=a6H5FbA&-aeAa{V zB}!FDctAO*5PweM89M{SF-Lr=@kfcDKf}!P8sfa3Fjc$)eH?#94l2OF$=D|?`graa zGxjUcRUm`AJ%m3siF^e5Ch{&pFDS=62wjrL-Y)nJDoDGY&y=dnB&7xkSBiI-llX%E z6~yHqxcN`Q`abTzhufIfKnF@m)4!AU@1l#m;vIAz!|n$3K72$mGis3CmBh(?>iAf9?kCzCKK)NXNmy4pSNW%;n_e6v%;U(2u>r zyKt|Mw7QV6gL06PtAZZG*`{R+(3Pa(_5JHUNKy7v=yMc8|BGex?uAno(ikY-eLwZY8qzpL zIWH#+eYiIO6zQA6tqRhvg0@3RdD#`q#ba1po;+y$NnFM)r7R1SM!A21m#0LOw8Kri?)xCcB3 zUIW4LWoj$17x)rb2#yEe1y_LEz~kUm@G;oBvrK&+90`sACxdgqW#AX!cVG~d;Bj81#mX)b(z~{kqPzz25SA*NZ(_j#6wj4LXfuIJg0;|DV@GI~d*Z{U) zQKlw>BS8!J2KXMh7TgD(2k(L{R+g#VKm|AoG=Y=B55X;99e5R}RdnOP{$M6p0!{(n z2RDMp!K+}C69^xe0v2LXZPzfUCh>U;z9Xd<;gNLzw{w zfTO`Oa4NVM+ytHkuYeE0*1e<+_yVW~wcvPgHdqa=0e69?z^mY2VAJoGsa?PU;0Uk; z=Tbj_ao_+j1yq5B;5e`xd;?qo?f{R2m%s;Li|ztxDMP8)`P!; zQ5Th|eZh1v57dJd;5%S7_z`#n{1*HTd<;f@zfA22_6M^;Jva$`AKU=$1HT0yfX}Wb z-9Z&N8sxxA@O5wzxC;Cn+y|ZpuYrGpEq}l}1CziJ;23ZmI2oJ+0>vT&6Q5;Fs%^qV z>84D^Z^nL^E!1b!mW=whQd_gtG|i`5qwJoV?b#ALnq`We)XplSc2T>kF>0*ZP3^As zVB_sxY&!is8)(O|iF7|UmX2pb?nE_7?N7(zKspUyPzS3oszcP5)S>DyRiP%UDQc>k zrYhBRb-0?LW~w99k!qHjt*Y3%Tdj^#HHvc-)O@u-EmVutVs*6ovigepsyaqx)e=>! zxVTF(MWmY4Qq`J)XV`nozzovzMM-%w|&Z>qD@x769{+v+>&96qM}t~ytJPo1aER~M)Y)kW(2YPI@- zx>)^CU7{{kYt&`xa&-kCUMR9x>Mby?pF7xes!<9PyIsOuO3hjs)y7%^{{$GJ*pm4kEhslTe%)f?(f z^_Ch`e^YO(zpHoDyXrml5B0wKr}{wsOMR$5QX6DTR}io%YM5C|3N{Hw1e*pUgUy1? zgDry31X~8FV5?y3;IlzG_*^h5*e2LE*e=*U*dZ7l>=^76>>Ol*U4mVMF~Qhiw_x{R zk6_PWuVC-s^T9sBxM1I4zo0xAA4~`)29tvQg9CyCgM)%E1P2FS3=Rpt6dW2H7E}b2 zgDJt(U|LWaOb-qZW&|^XBZ4D?S;6d}Dwq>g2S)`p!Q5b8Fh5ujEDRO}i-V(sF9%-< zz8V}8WP>F^ZBQ4~2Ms}E&=f2UnuC_$*xpeHybI5qfsa9VJBa7OTr;LPBg!CAq#g0q8f2j2Qj^NJVuHf$Ao}fRtH@GkOMR0%cK=5Gj zP_Qm|ICvy@G{uI0v{5g0zcqMo>_)G9w@Ymq=;EmwT;H_ZF%sJVnEOTv2p5)riI&LK55>Hri zQ+PXbi=oI@OUjKow~|c?`ski47x0La!gq)G>qB(hO|teT5;->~EB8*zy)4 z`*6l%w{R~xZ^PHjcX6zLZD)gdfm(OY?CLDD@syD8VlbCILOJPEp0FZGR%pehptvat zE||_7#Ys5i{PK;sQ8hg~b>1R!Gv_985pONI&;-Z|%+geX*V(8KJjza;W3{LU;wtz$ zK5H*$iMb~Qv4}UqmfE5~S635UY7+`LPBUi6a%m(^!8Yiq<$XKQFv7<7** zMa#GVleaWJ+trbsIytKkSa&Yyx2N}8BJ#CeO;E2de$29QGcGO8wza_!mTa9EI^^zE z$kumt+C(C#`Z_{VS>Jle#qs(8Iq!9L=%Q+0sOWS30(TU;7}b+?@+?Hk8SgetMalO; zZgnio8)#{Pu^PIkdHTLe$#ijc;+Q3p2f;}-=K;r8g_)qR&d_}Y z>z7+)j?y@+f62(5jcwer;mT3ytyC$xxzPDA%0eMu`f^^@3i;N(q)1A1F{gxI%qig) zcZ%*r6cg0S3+i6YtS?fIwIFTT zUo5zWZ!We?TG2N|yL{}u3W|85oJ#6Tt$3+ooqbBw(pv(hO`~i z#1##mC*rnh?)Hes$cXiskjZo~_tlYK+8enelqSW`e?(kgXP0$xObENO(S@Of}Tvs_a366Ak654p)7@|3qm<`dK#$q>wPOQnbZVlPwiae~0 z3!2=RG~VPIk(&mPeyYAQ*iT)TdCj4B$t=O9Em#GC)ofEO<)q_OEWt%bmu#+FjHQSO z7?@MjB{G5tq>B}evusK71w(sg%f4=ZhR~w-ftLPgE0zXwP!*Sn(oZlI=1}!11JJml z^)pfJCc8888rYpErBsTyyJ#q&M)1v$K=uR&h~|%wX_}60%tBDl#_J4&h=71!S^t_p*toEhYEL!0VnsDd? z+ksDa-Ldou$vz#lyS4SlIfrx|_DMQ=#NN@+ZF|i6ia$MJEp51*OfIcJ0hcNGm`LUf z3oUqD-vYyMyZB)`;dIM|24h{7LZwbxz7DgDP$+c0I$Q3N z3VaOj4i3-DY_h(MT3%#Ku_eE3f=M;g)$=PlZ_1NLy*Q=qcf=Q-G_PPfG@J@8It`kf z0@Y?IYSHwzX3ehT z8bkXKCSf)_2u$s~58Cho^e{x`mc3QI~j@rG@q!)iWxV6H}M@M`~iAXgX>@i=o zw4$6P_VW+Go#Qgpls&Z{`x6y`M`m*M-k!Wp6_(hs#VJGJvgy+}TVwUcxY1v{qFyi~egU~`jc(pU(4W>GD z;bNz;)ov!zbtVea(6%qGdC{8Q=pfSbm{Ipo)Qe0y2)mP2<IHd9X&Jh^68rlZ1fi;>D1aoI#kF~cIiTEQ7n6jnSp zBqgl+wj83vlT>I~+D<{}G`_~(vP?fzMX|?ZdOg}1J7*D& z?0jZCUS6tr;fgPaXxlQ$5PGMp(!?@|Xjy(VmiL(9@`uNhQ9`TfLt1V)4I<{{e$HBM zvw@5`XcOxh&9cxJZ6}ecNo4MpZ80-mHus+CkYft_vJ6q=^h?9fYks_DK*79ptrFD+ z+NjrOqDnc;Q*L}i5j7oJd2oYhKVVW!v`f0YL=~UMGnH3#0lP_k&z!BTtK-_4s3rAf zG0*f2k>Atp^f^&4*Ur;MZM6=LOXJQ)rW;JC>G;IgZ8RgS2(&3IkbZToCE;tuG(H=S zBD5*$2w;r0w_-LU5ZyYM9~gRpqVYJ07gSb7$o-`t9M zs40Feqmi@ax4`XA4;Nz)>zOp`nJXp2a3+{d#d6GSHJjq*;%r)DQ+<8TZ%+6 zi~hy}txgkYUs1eD(G&f;H76n2@|Mk+%}m--yxkL)o%$YXhTK!pFWt?KYkrZLam^2B z#l>Wr%rMysTF^*GmkZlk3fDD=v0g+$^yHK8_yUGs_ZxquZMV&X*BH2E1+C*v6iGy@ zYBt!680xS7=%i&;%>s5QFbep+WNX4Tfbv5>?JaZ3#oT4MWITPB!| zw007c?=tzO%>F)jl5cgc$fKyaql1!*Ae&6tFuu091iG z&%m%ZKNtY(!E4|h zumNn}M;Jg2Xa{G3i@@ce58MsbfoH+1U<26vXV?RKg9=a$n!qY>7FZ3g25Z4n;B_$k zM#2gX0`ovKI0>8$E(dGDQ{YAL4k*2ekI}&1;1Ey)js-oS7hDc*1P_9j!3L1J8GSGf zG=MX}jbH%02wn#tfDyOwaTdsceZdTH49J0#z`5XB@E~{*ya$Hg%7;eaV6X_ZgC1}Z zxDnhBo(Hdk55eX?FH?Jh3a|jQf-}J-;8ySicoBR6wq8qEzyaV0a17`KXM&5twct+h z6nF`|4@TaG9dH0R0vrRDf$xCJ!CLSb_&sX_oCmH4kAUaF+hFUv$p4@M z91Yq*FSrui3?2l}g4e)@VB5QiE0_U}2Cd*Euo|odkAUBSK~Q=R;Q*7sEO0bv2Pc6G zzzyJTuns&6UIXugl78X~b_Wwc1*igF0mp(>;4E+vxCYz`?gLMN=fP{>12FPl!V7i> zlfV(+7|;dI16PB!;A!wO_yBz7KJ>vsU>;}&tH8P78gM`OHFyjonAb1wM1l|Ls4-!7GJD3EffCZodbb>R%CE$8+I~V{jgOZ1MZ(ssA6wCw7;A`MK za3#1IJP4izZ-SBQ@CQr*$AB(y7PuPR4_*Wtz)lYn7BCAO16F~v!S$dY{2sgywts|o z0Oo;Z;5*)=CB`XpfidxJxO{ANLq0V}|H;07SSwa|6; z`B~_z;B9OEPrFXO>-$f;{-1XJKkfQ|+V%gm>;Gxj|KDiWm6ENg*~wLlvwVAKO>?Hs ztDMJjbhb}tmyFkV@|w7T6laBN3i=pM6Uh z7>qh3dSk!-qSTt@J5nc;{WGMNGfRB+eo-qIvtDKN%sM18qo3znYL6ez+*%%+AzkEj zILw@wS#dTYG07pRAyIU0gd^6l}MapY;_nGTJeptfN( zlct2Disioc33Za}^2{S!fAq7>I_A|Pt0&_aiR@%HPcAp=9m3hpruqq!*kVFZ*atAa zoP&q8OY+K*P27LN0aiAloYRztkWDND;6=+k6=<5^G-C*&)?M%&beN$*)$+<~~fU zJ2QhVg<`6Fb}k$4ZCZt9iJhI)^|WkgwN|*JT7Nj_+|rwk8nQ8-xTW_kSeL|X%cpi} z6(_=K`+T9!stzjxdOIfCHH)j~&B@N2QByg28fzOY_PTHuN?h1t61@&57RCLzq`N)a z(O$1>hPb4=-C9W4Fh?^aWU+i`-I4u)Zc#S!Hy&~^c}mu%q)eer%O!%k;#(29*+x~? zQSX^)Y;0v|U8Djqc_%WP0%FbLXrYfJn|0WwfnGOkbjhFKt}4_n77up!#{9PA zU&{4HWX;#6-0@3|mW>TsgwE5_CZkn3HG6o?ocZR!3cjW117%x!Ly2wLI&@nF_sGh{ zH1O?N+1G|YmSaO?O*$OZRJwYOc+!9^lhre6sGLp7m38b;@;w*X?8)%QiWOG(~FNy-RPMbqzBrVvKZ(TOKk2*U$bnX#XHK(#N;T2AYA$2EAlPOK^yP~n?1Vx-oV=3+N4GyC9*@a5Qv0&VxU z<8HJpbDyLY+OT;s;j3&NH)#;LG*l>Ehs6*1P(I2gF#C0!4ZGQ4>B6N=(_7kWTd5FX z8aFj}rkv-anL4bRH($Op(yfQ^rm-1fWv)wGcXll=vaDUS+|atV-LjM(QD{$_oKulJ z8MbL!Pn?h2j696&&NT(ogh1O9PN5&dEp#yqtY?3LK1(6)v*8uGYWTjpmFf%e_Gu(M z)lwr$`LeBXjOY0t>UsY8Jo#MBgiCX4^X=oMLSsX0m#Gz;Us|H8SiNmDX2;daPS>j zr=k?4Vm#+i=wmV^B?0{O(g`wcM$9eEGwn|ypIs^m`y4RDO%nvFgDXCB9rDFnLL=Nx z?;U~VrGNYlQVX#u&v(IaT-2g8YNO{M8%y*)C--8)m?!fKW~%sl+w4cK2*0y-xr}VW z?~{Drwd;uxIbLCy!rfzbpc47Rs~n$Aq_pO3H1#9{BukA~rgR<(hlUb&{asqD-ZtN* z`SoXQV?H~6!a-~>lb*4*6>+l7l1l989={Qpxj`>xvtGIlfK3=?SH;e_WMV6ZN@M%qOKG939hz-<)n?Z~8f~w=)6%e|((FcIKj>{&Yre^ z*0rVbJdY0`^0os#XUY-Ts>!n}^+#-kN6dA3rs?XNvl2crx3=33vNq9Io{-n`1R~2v zvZ-^cvr{I|oyjdhJlUFdj&OxBbDCqRkT<7lF5PWA+orj5nH`-~sU6@=>rVu;W-`>+ zqOZqc5FK1!BViM_HAkvw9a_hsTihslXneM=HqSjtqHWJ#oHnzD+F4pjpX27p9B>toO`TCYmbWttVP@Yvms<#3r;b6SZ{N44CG$Hn8?4(` zk1vyGElkM7Lm)L{Loxs8bgnQxKIevvH3)%czeW11x)qgaCa1@y>4G#6o|!N6w4{R( zx0gr{`Nk+2XLyM?8;+|6Joj~*L@%F_CEobqBaIRqGdb$($Z)4HJUKI2>iHrmNKYp# z1FyI*`R0};d0oD%`Ht8dB<%WRLeY}*I`s;G%~Ub7{vN^8aZ{I(Ei-K-pDkFo^qf=? zGtH-Nc_o9y&IqlJw(BM&u}!r}_w^TbNw@S@c9Z8Xf?vbsUW~Gtj1`;OB)x=?h2t)v zl|1KU1XbU)!u4r2&vq-KZlZ8)rKN3!&9|D%6v?cabLTlnL$m#kLNbH!q^NnHR>+2D zJ|;9Wd8zr1?oKmr$JJ!xT~(-`{i;yGq5k&d(z@A-Q)HNu`qb&326cME6xR=rUzPL= z4`ZDYGuh3uB%QBgcgQBV-7%Yb3@Wag(G!Qf@(mUrjahdrcS@XVK2ATbU22Y{Ri^Lg zY_MHlc8V{Pfm;jT%}oj2(v@4I`9x)@=FayT9Gzt<7tQ0mTRCmRmOag#HD}I|Occ5G z8J}k--;~ee1FvQ|L_k8M`MRkx!;#2rDx}D4J@jmdJE0rVC!>DIA}*1md!RoWw!S80 zy3n~0#bnIx4QVf&f-&KW>`CQY=$fq?b*v&?vU54}M(w&DER?yCMUl8lLGb2ni`Wgv zszqcv4^Wt8+T9Po?p~X=%(ErjR!%X}4TZ-qOm97z#f)^VoI5OK*3&Lb0f~c~!!_rl z#chODhjwK_WzEd#i?h{}YbMW@?v4HS%=!_N#&S$dqB8^2Xy!nuVs=egkkgEcNn6^R zDL&!*jk&Fla@?rfCJ72-Lqf=K#H3ctO_7*y?1qq<)0@r5JVUuaA`cZGc?HpjU_<$l zvmZSTB{wHUS*b2Ec79raU?-VO$Jt2YZ?*7T+)!IDc^R92PBX8tyUtXeMlLUn71gZm zTWa4dud!V|)re+pLYbMEcT?MuJJQN^=efX?N{YWo1927-K@`tmnK(Y>znC2 zNhdJk$*@h&JqcGn>InP&Gp8jvG7_-7>iJWc3v+g2T^a34#Iao|&7~I+39L&oo>i7` zNGdw_b&7^<)m&>+bEU2E&9(<7pQFTMA{^(Yd(Ot(47t|L4*A5z_HHC3wOt*u;X}#d zTeEKM!euzk(@WLzBvl4_Oy*g=Y&Mt8%78?VaYEBFam|>P>oc@5$;)b4Dqokk*Rn{k zTx=P=NV1%9w8v))N3H&3k%d$@ieQ`|Tx*nE)vkN0C~%N6{e=!z{TWVl$q9}U3TfXs z(1aBO=W%2EvX;({_BOL6Bc_qC9Fyt56|>7EqznTX3oey2`a4|^yj7aoI@4d*-@V!S zOnGi^F$U6>s!dW&($>@@@?=t;CpqoYNZXA#OFO)>wPk6uww2XOZL0{rXkl9AW-YYf zfJwsbT4nt>-i{uo=^^G+8i*FQyUgW;BsqScITKDe>nvoe!yCJ1v6@rq)_5?_T}h1F z=E(_AN=awcBz2+XS&g;J8VlKKZo zRH|KI(+aNTEhjaot!wgaQrv*(}hHfrWhoBPbQ z|J>`P2e%$SYu2<(^|UGba<$@re*X`pfV|H$=a!~~UJ8{wa4U2Z=wr|kQ1=s^$6HEM zg5a~^5dZhXuAt1fj|UaVlKvO7KLfi*0o)p9qop#~m1jxO zVUm6rKH6Y-n{Fxs^Anw=*v)~Ggni5f_P2tSw0{P6zYF&B>{p;y%>K64eh*Y2{@;Mz zdjS*r!^DoD!qQ~;4}vfL_do?=|3&P+3np6o!m9w{PSSoc|3@8Hn%WJ}$I$+lVyyxc zvtP{r>Hmkl_W_V<-2cbVnK@^6c6XZ2wo^O1Z8g>QN3A+%&fl3iGqcsoQnG3#6)M{w zB#T9|SXmW92%)sJ5{1Pggb>B;65@uiv`E6DOWdx0ulJcfyR&;Y+PZe!6ESW_$yIPf#!NDurm>&Nq8!2uYVh#ynYLTU4c*lJncCJq}#>Y^RGlX1?vAL zVE=}IFTR@BzX17v)PE()DG>f2z-FAw31=tuPi5`l?f#R;uL3&?0be6E_kSpSd-FdJ z*sBomjgf`t(09R~^iSo{zXF?i9w)3y#vh`8!nd8j4(tgCtDEpx-VXJDKClZB9!SP_p#QbN zK83J+W77T?w7-AW{nuvy-vahSgcZs7%0I>@@BdH0y2`Nsz&G!I2m0>|tcI{M8Q+2a z#{qi=LUr=^F+dFAU--Yh`OgD(0m8kl@Qy#kC(r+0V4p;|FM0eO=zlw~yAf8k!XJMB zDd%%SH-sAC-Iz1U4H`WDKdku=1vZ9oe=@%EkMYU#KLyyc5mp0F`5otqzyBT3k^7uQj{+|Q;Bf^8N@Q1(toi5;n-UtsRkG})`7XVv=u(lQc@cX|I*y|A1 z0Z+1rc%UQuzZTe+5gty)cVPW@0s9YxN0RX!n19a;asCk=ZG}Jl`JW2x90XSqK7b`~ zAh1pMAMxd(^rywZu0lvn!WSF@PxohA{do(ppCY6s;Vb_HPvfCL5m(L$SqMTCp7H_+ zhdX{5*dm0?Bz(ak@a>KN9AGOEd`bAqKfx!De-*HgBXn)T6AuOsfp1TLeG}ME5&TK` zf z`opupzJoBJ3C{vofN;3|?*~@6m=gvj;VXd;Ahb9Bw*70smLLpH8b5Vja0q-`{iy=j zyAbk|@#y?e__qDO4D2TeLzBkek^Z?$I3a)_CgVHM|43lRA>=bH_b1?t1EH<`+aCX( z1?)V8qp3DFkM=EqaJcxTz}}BA1o#5r&_svuF9Q1x!s4XyQ#6^YmgWyjkOoB8p4vK`4{{Nz7pjW2!9H&a}aJ$!c*BFjX$~nn}A)7uoU3lc;4m;1jx{=XC0M=2!XD}fInwACL7-&TIT1?;B?wMlrw(mu4sw%YDEp8@Qp2u~#8D}fInwC%sW`L6)> zF@(A#JYn1GzrFdt3GC+xPqx9g*FWLg&i^2=*%h#XfiFNgtqH~L_21t7qrjem@N^Qs z68HeZ;mrRsU~fWLpM)oDd;PaJ|8>A_M0lnRzPG8UTF`eb0wN6?e-1;}r2{_U;*9l$<;U?kxyfe#?GH~zNg z?*m}>B7~Cggl%vB?XAE23Qp*W5N?BSZ~X1yqri?sh_u1CH~#ka?*d>KAoKv9Fa=G4 z#@|-|Aow=J*CO;u8vmj2_V|J4hKIO*m(#KHsPs{j^Nh-`vSsR;0a57+Yx*Nu*_Aszk#m=vZMHX zU`HZ63_Pt%NAYFAUWf1q@CE3f__rhDuLE{7!n0Uz!diGdXdG?VpZ344{jwL>l=+X z^uG?+R}hv0-z@)|`fsa0+5BILAyS~R?gsWC!fna;rvBT*x1E39LfCHzw*zm_+m74A zx78nJ0edyV9m)6(^uG?+%?QhYFKC)mNBVCBHhmE%+?kB;K>rG`Cn4Mgd?os)eeX#B z71TGv-O2b4^uGz%j}We67$@}|p#C|!K`{(l{!t!&D9_=*uH%0S6deTCcP;iH2_HZ{ zn)nwy)puZQ_7BkputZ;TFwuWC5rn4p+v(rsq5@QDipDkJ7bf8YD6XU`ZSVxM@QCS$ z=vlyDgph*qH#KYRfi+Cv9SBtMAmo1@l5P3#CSaE#+@6G|g|hL<_eXp9$ANtX;ZEQQ zW8pf0{|wk45$E;@cZw3J>GvJjBmnQ``3Z~&jj`g zgi~7K55NCaz`l$y8F<<|I-?y~|8IazTg(ZkwZb2M|1z+n5vDZZJG%ZC0=pPtYAgKV z_x}X2Zy=lvJk8w_CLLJ+Z-8~&fbVx&;Saz6zQD#1W&=;m*U|pZ1ojGqb6epLzyDRh zzJM?X_yWwoqwBv5*xwP(YlT0&{?Q%N_eQ+?LO95fw%qZbV}PZ=jPE%9Abw6kuXdo` z?KH(Uok%5~8_#2fdIYA76#@ta2vZP}>rlE9dDZRYC)YdDIXAa)1amH(#0xZU`l*cI zyA_1FJzPQsf|%p~{X48?z!SpN+{ ztpxHyl*~qN=K(nr<+NS``nJbfh_)_7Ycz*4v~(6~&auYOw(r>}n}&K*5iUiIAxuhA zJLA#L1!$=SFQG;voNu+4s84HCZq=QGmS!i-I?;Y&yadp!_D{4%HWTe8>f7TcDzRE^ zaYc*|<4UYlDRYsvQirp)C7Ahn7|}WCs~r6Yt^QlL({`3^=UC0e(D!J}Z>BXn+Tk*+ z7On0~Yp?LzNdF}-fOQJtKZ7|My^07y?ChaN39j<#q=FT@%Lm|+<8Y{V_STxe0W zv$QK0<5`ND_?@E&EKUOLp}mqV+)6ehY2_s-C7vYCnc9jcQn^~H@L%_Xn|n4|W5vN@ zL>wlTi06w}i4TYy#2w=AA}0l;{?akhY0^#7Gtw*4=-?T_>A|_dn}hcTUkSb&{2;hD z$jY5$S-wqvOb#heD2i62Df$Mz%J?b7M_!G%&8y73=(EvV=pY9e2LEn=*(|*+@p5PR zb9t}aUEQUAtA4KS)wUZCgwBYqjy)awJeD0F6dxWxJ$_!iGJbRX<@i@|I<%F*UMn69 zYVurVg|b@7Q%_JYQm&ByFm8zIK&%vv#lcnD&zPw)UC!gU0F^dT(9Q zhv_HjQ}y%ptMr@od-cckm-M&w&-5R3*2pk=8pOYsI(3Jz|zLL7FZ7Cb@$nf~N=13qBNFCjV3JrR-LI zR}}RD^)t1Cx ztMbS4epy#WDHkdqD_*sadaL?~`nvj!>e4>fSA_l&xx-|t8OUJ#>u>2+>8xOHC7_N| zPgBoQ=c@Oq`}O6`T78^xkulGB!Fa_GLR~|{ zLL)g1#`ose1=imx?s`8YwQ{mJzw41aQ;L$?k z2O}dSg(ij03Pr;A$3LJkK>}6b`K`DKd+81K3hKdUf(^m0*u@I@F8OWweffL&7db`o zD?O9}ilR(aZc-jrURC<2Gqh82e(uqq(s$`m<3{5P)so6=0bSh$e|Qif2oANb96Gz~g&^Ue#2`s~4#A)qB(j)koE*)psFt{;qnpftsj| z)@EoIL1L`cp3vUXzJ|Q$qz}-CV#lZJ=jzw$tFY^vAt%1p9Y(I9Lq^Ot7GUOg8*7Zm zjcrCwC@-Xk#)OuI?h8El?{2Ae7gLU z>5U#8jYLO9C!xJ{(XG+XqX(mAtUi_nnK?Sn6eQN*XtA5jC^^cF%BA|7`cHbgaheeb z%?)h`y@JzHAIb;^!b8Kc@Co6`;d8?C!izBCrQzD}*6{8y6Y)pHNKxeU$o$B)ksBi$ zAk)I;EOUXm!mKgZnva{$m>bQ_=9}hw=1y}L&ejj+e)FK|iuQ{3j}DHW6rB(~BRV5` zE=G7+^rq;B=)2Kxqn%>?V?V@xjydC9Ui^j`$a}2F0u;<5{sM z?xN}9eDMTnbMVXHaCxfyB)GDh5>z%pVr*AANc=oV{L>(%(r`Lg>6`RCqu4mtxYSsP zQ@P9dr_mqha%Sk<(9NNn!XJiRk-m|k*o*Ozi0O>`<45CuIVCZ8U-@ zEc8OiT=8UaTJWsk6~SwQcLzU`cgrU#lW_u;D}x~&jtd8|HWMSWBUeP0MDB~!MVyfK z$C#z&dFEX6YV!^AE%P(1$j_!b>W}t_%F#z-&)`nmi~V-S$3vo>7r!JvKYmC2KJ@%} z{I&R(H1{&rl1DDFzc^ByAubSCi(RCPr7G$3;B5Ii`4#zhd8)Qr`&L__E5aQKICRz#275P3MVF_LZ$ zHe=>k$meU!d(D@?i^oSVj^0e;Uy}GYFzdw+#d2w(beHs*^sAH+JSuo%kW>GvUav_w z9WREw;oR`i;XJd%yes;2G#*(1NxH~$E?z~#oy5r6YULAZe_(||M`Aqp*`33n+ zWr{jotyW(K&-Bu+)GmWmeO}+KJB=J;uwfdV&1a&M;!h>^U?XXc43h=^>nrMFp?JJl zERGi^i_^qw#UoBWN^+x@7 zT{T7;rN%*{S7>c0CpPBBZP7eyCDwb-!OoY-7w zDE_z(ZhW5lZe%U}dx3a|I98e>Es<78U4o}U_vj2wuRwlI_AC7%um7g7s#hJUuEqYI ztevTK(F6MN`YHO$xU<$8&w!8i80Un>hNpz*gx7~RhhI0(h|Y>uM6ZdikG>Y|9P>jz znh-lJei@`7y~!Xwlo$J8l|RCroCe*Kc;N!626FsI$r)6F1@a{57~jYTWCbU3t^S4H z3-{to<94Gq^ie1f9t%C})$rbM=g32mmm?oWevG7d z=&M3}T09!J&2iex+P07o$&d8LIo@b~AN9pfifxTC0S8mWGR$h+QN5)Tr5~jI(0m34 zX9nj49|%4Yd^`9R?(z(I09Iv`T#T_@CRfVW%WLJw<)`K6ab{na-;&>xKaxL_zmmU| zf0BQd56Zlfu4E`#xLNxuM=3)URf#CWlw*|>lySrb$Ucs8brM#znq095EzxAha|*A;OuV*aNX?#Mi~xPedn)uHgFM%j=c1)hnU3)T*aKkJzZar{(I)u(tI&Zv>1Ba33u<@@s?c_5_osws zhdV|3M<(NLT?vV;nWM~Vb3N{h8*z)z0N1UI@1Z`*9G09OAQpq~QiF2vR!HgZf)nNQ zcCqzx9Ld@o?lB=wACHmz&p`_u!VE6RnDFj{Y_JPV~E| z8!~1FYypR*k4oa}IANbjlY$oq9}DgbHU_83SAa`XmEOuoh`Wo|IPFmH-}6HSXLvGn-8)JAopji`7) z^ao3znLZ`YQ-;8fxL*5BTc*21(?W}I_dOr_JQR$)68S9hePkIdhBu=5;K*BJ=ftr~ zwGJ}3n5%;ZR_Y?Gwd^S!n}-)Zy+T@?B%v_E7* zE7~6}j9e4h2KiBHc8V3nn2m{lBUUQCD(#bm;7{@;ilC0wSL+9{&wkt`F=L`}hH;5; zopG;pf9U!e53D zgu6!yBV!{MMDB!q-wExz!mKlkqgO%i8iW(c#Pj2$;!J&F?|HFYd{XQ#g{3+8OHXeG z_XUSSHhrLsP$z3;+V$Eh?I`^?eW|`7G&p=r_+0c;8{QIb2>(5t7Kud8h&&p(4rlX( z=t^)_ebg1}8M{0-C_W+1G$v$tU$Fw#>L6)^)HygH=z%PJOCF-!psrCjs14Y|2e9^E zKpLH)zXGj#m@xh9`dmxKy#&oY9Vh!jV@_y(C@p+> zczL*QM8R3PGm-*b=~(j;+}H!6PelI`Wn$jg`q&#d1G&L;I6I2hh6G$c4FI6t@%=i&QcwyeP(I953sTImK@d^f9as~6*heWG#t2l{ta_e3uZZ7?ZYfV17EF~dk#~a+9Jnd2!tU^f z$LI>Z`A0LI=2q;q&XgV;6D)^33PKib0p}dRUk5uL_df@#sYpLZzfEs|B)vYgH*{Ng zRru}jXJIzdJ0eA{haJ()+!%c%_EF41=X^?{y)(t2oU7C-OJS8gr|*E4lxFlWL}LWB z+_Q{paH8%ro;0=?9~mr8eGMeg{gH8I2wK(|&}mPImEq=joZ2gMlADI<4hv4!Z`I$^ z|Dk6<$D41gFlvpz;C}OmWcUl73C#^}GQTkeXvUFPWvm7qg_{KqCZ}bS^5PRXpTCL$ z+*9XB2ZH0}rSkpqm&!zSliE!itUasc=v6q6Do%Q*(9qDap}Rs^kx96-E`oLRiuq-f zhdugXd_T3h#L3J>)JrtQ)5Xi7Q9Tdc@dwc(iP8>fX|OKXM;<3%4*yw${2TPDLg+O= zDxDw!`fEkFxBssB;CWbwxqJsnlVc3EJP$V+k3qvbIx;fyggHH$9Xlgdg&XqWST3xZ zS@9L|uc1#T_;7$|N~@)Bpgo1afq$1LDPO6jx(prhO5+aWXX8ZZp~E0Keu>OBUohV> zzk)S+ajY;tmBwD{wC?TBq6DwtPO(s$EL{Rm;9sQ$(0x7)a&oqO0<`l%&`JKP_JKr7 z!7iT~x!c@fj*rfau7rJC7k@wg6ScK5!P7k;{rbW8lOH@5zQn77*9KPxecspMw=4I+)9|zMlKQjS4<5aXwS`(Lq|s-(2V4<`jdx7wj_}Ljufn||Pewk+&Bn&P zuqda)uY-QJIW0Z1w>Uy95-$~3;hy_S{1zH?uGB{wC`pnoMIo7vgFbh%G)bBYz4~0~ zLg`ZJO6eLYQ$9`J1Ha5fXk9y$Zb zgde4MuuS_|>!-)``LLlwun#YZ90mTo1=`Eb=r1t=HfJ23p*iu3VQcPytaLJU817JU zqIivXgIEWKwcuRf}A@5YxrpB zjU~_&AH>;t7MAfYWsmX$?zX{dPz|Z0;PaTOzNG%7W@`p~q7T5I;?T2TEg!3&4(WIk z?yhISS3ctu_>^vk2Kb_}9cLsLKDA=#L3e~63T=d6(HEA&F?i50Soo&NcQ;s#!)rHF zy-dAHT?KE-Kf}{;(>xp<1O4Tm*eBq^A@PFv*o5y+;F!t491!P8y>ORzfv$Wie8r#1 z8Mu#sRtBj>@XEZU4%cpn2KG;*CoIkj!j<6tCbX3hqq}{^o#W8Lc2m)VHFzeH{pHJl-PGM+<_v; zG+;cF#cJ?{Aj#4+>0_xItkm6nj7sC9SFWTH+o@oY4on>YWR2_k8Xs$ zv>*4AE9QyygSMr|qOno1QLct0zY+fBI_RdGV}FGu{bB4{$aRj{>%?w}QSm}>R&S{U z7WJ2sOZLcJWWU_g@+gTob*4OAE|SN{CGtdhiabM}Engtdg&tT1kHZrAcAV||xvjPFG9Sv*Dk;Sgn9hZ;^VVx>UUjHvVe(#UEGKt1m!KzoBkZ z-&c34pToEMow`r`O=UEf=Fz%neyt~bM}y$`(=<~X4kZ`59c#`uo519xl#bjC)U_X9XlZr!W<^c>i}{q=l3s2h+0 zg|LH*_3`>-eH!>;j$W?M(<}7_`eOYS*ar9LHTpxa5T1f2{4(@_H}&oMhp-pE)c5K? z>ic2Cb4HpW7~SA+>|+cxh8POuUIAqGXk#qo|LL&r&xSAfVxt0g+amZPml}5&)y8U^ z;m3{j@C|P=-hgNFePgHbxv?95;(f+%1`~3HJfSWjf2b!smV-k0dz`TKhKGvayDWiL zGbJguJ3>)w&7UIkmhsVRWI4wL2)_*xXjFsU9;l<%wV4>dwU-3iGDW3{& zfE?cvelxrs9=dwyv3tWmLi7GT%tg{7LZn+H7ha2j@F^>iaHIgY-DuoY6X2IDjhqdi z>cx=?SW%1MpbGdn+xyF11y7aT~3%q7- z#SOW``~-frJ!T_3d%2_D6q*pCT z@cOKQ2ftRTlh#Wcq>a)hX^XT~+9qv>-n3Jyml~wqu$vlTjqS&s$ppEeJLm}tL0`}x z%nb&Dd9Xb5gZN9fK?C<`L9j4b6dWBa#vL>Pck2{**k=W22g{(z&J9)utMEQ+X>fV4 zI#?52gST1@xOMl!D&B|pTa4_6dWgsM@2ycg>m`VYpV-ftB#kjjmAsuJKJ}p<~Dix5BRmvjB z$R)~BNXg}}RBMzq$~s8OI%Pd%MXssA>b%Hh-lC@Nu1=(7rl|#B#;C`;s7HNwiVVB|^<{E7s-uBdK>$MG#v759l zkh0sf?U1uOwR%X}-FP?LsO{7CYX>w&=OAxAdM>1Go<0!rR>T`vLpSvT$lN0Mwu0*BFN-oSaB1K$;K4Om8hIQ5m8+JcrI1}a|#XVsGa@-I9 zd?1_`9tc@3h80NjqVQ4yBzH3PT-2AcV}0~EZwG4YPL5cj}n zvlutQ1iU|icO37#W}9X3KFl>M@HSyZeE${FsOv#E6-=Lki)`8VzsV6x<=R@b{T|yoFyBpvs*#w{3*5Ee0bKe0UXMHQFegJZvvn0FFu533U-3u-GUfd+%r^u!9 zEa=E(ayhi*3i$e~*QMK%j@M0(3m&DKeAQcCU1w04 z;O#I0`ty_{x+AtK+n`e)$xTt97Q!MslKY|#n)ikyx-|xB`OwCXFK23RB5h{;~?l4U!lnD>lWpSW<%I14#yw2_y|ncm#^$CGZK%iqFN@F^l6%;??mQ z_=ncVx5T%`cgE}S-V-+c5{{|h$#!*HdTc&4*aGOTCD2-DL0|o!blMy6<-pz}(hL7{ z^8ZY0{Ljg+{u7<@|NP{4T)*4`55cx0(lX6(0lWrBqHEUT%ggmgq;clKw~&8Cdgrpp za`+pLMEmrZg6TUV9kdc&iA6`GiSEPKSqBb7A7!dJ>s>`2Y~vc}N_o(CYT)b3gAP&y zi!%?lV-2jpJlJzJ*1OzN*isGn@~RZP*nl^9rLZ{~LV2(fYM}4uL36Kx4xR^Xx(0f2 z9yHvVXhSp)x@Qfv$UNKzHSq?#tL2z{d}omdpF|D(3VHAi)WE(!)Hr;w{S?@HC9v_z z@g`;|Mo|YVZac<8Hk%K2ngZLb1mjBFoE4Tuw%D@AmRr`?I?EQ@U|C{YEjw(dQQve= z9wsltO~Ko}O6c{~(B(Hmf3L?k#s;+VB7Dm@0Xq3C=;Di@f3JbgP50<-XxMJ+1~uYE z^oAAhQ8;ED^y$&?;mn5LW-)ve0^dg|{2t}Oie{fj4Zbw2gTA~8y7G4D$qn#)>i`yKLnqz&~~>%)7=S<*$ZFD0hxmr#0L*Z9=sn4JRgPddXzw? zErrjc9R7|f_&S!t&rt&(N1d_(-i@u$T6coe_QJ1m0A64Z{296MW#q$;VL~$<4KK!I zaN%rtFDl@A{R_m_bGi2KT6 z@mImxUkXdV23CF@xNZ};ZacWH0k-`<*!3K2dLQihJlOI|*o1r?4Lg1^PUmdc?-j7! z7sGB}jft6hd3%dl?btx?Ca#+<>kY-C^ zQ`f+ru7fST33l{$*w78IpZ7sxaj>3!u$=Q?H7l@~3t=snz)~)a&W5F20V{biEac^o zDeGVvZ-7<26&CSMNSM8_hY!Gu>VX}c3mZ5e_OA)scXX@-wr?ry-g4NyRnS|PLUXNw zom&SRcN5<0ZHI;10PA*NjDt<x&c&NI`v-Tft=g<6ZhpX-UtM_ddZNquzk6P5#|~7jLag^7WDzXX_Dpd=1OfQwVK! zwB_%ybXJjP_Hzug=HK={FTo!zUg2bqaEmXv5n3)ICwqStXt@RWlDouuqcyfz4g#|H(Gw$`lPpb_WL_C>3v;U^Siog z+;6s*_21<&rFUnC@AIU$X8$w&od5B5%sRwdw*NQ09UBk%rtSaD8y~t`0dM)T4NGS) zvc7$oj4vN5EscE%zH?}VozDCpeYx{$ApLk6*m_u)dx6ukwP=!Z#B1{R4gZ z@Za~Q>Ay#Mh#cD{Mr zW_|D0(9YLxg7u|ap7ovEK74zuKyNIE2Xvq8gZ@_nALml|HMc{%^QlEzee+j0cjXJa+WeiU`kK8N6||@W9a*B_e!nW$>@n!l%|q z?}Hf^G5Ws$=$-Fk!4 zk)1_@Pfw2_>9;!IsTqdJwkjZzqguG`_-o%@69dj2!q6fW`0p5=omi0p+0A($&+ ziHv6l&|ps<7|NpZUbHke5g5`$v{ddr1RK%Ru7vu1c*c=MiN5LV$ys%mHy zCudDaKQ;XnbkUzk!r2)E0P|DDfjpDjnG#2(TMgqEttd?`4o(8`)Jp!f^I7KB;rxMoVMomXWt!eSB9K9{d%%-6k?GAuSnD$t_o!V5_*_wm7q?O?leD7*zN(?n6!Nu;D zBaoWZFfD(Yz3S;LYvoDimBi>fCD_y3RFXabbE38AoIGbxt8(q z$-{TGK7A?n>2oKhnyQi{YH#%tt8^#B=UKq&qR^R66Qu{jFn`o_xqX ztq*yp)?4FEEPdys^=`{d*1MBr?#pP+j9rp;H#4c77XBrcfaGxaTR6CDQpMICwq2|C z_9G#FI9vR*-i^d!CG%85GPT}<_L^;3@z!;l0=16~Sa(iK)6Z*G5iOb8YLE@VDF&*@;cbu{WhV4Jonm zxtWQ(1id8*_&*WuB(WgQZ7!nPeUguH-*&bG0=`+aTC3kLA@=*XtqaMpkOfzgpih#k z1Dp5Gl95MYk(oisa&&Ni(9K=b<;9%Ob912q2eUV_k`Fu~phmM^7+q1?K4KcptsFfEzw(vt>npSi>` zd0Hpt4Tl2y85s8D7Y9E}mmV=YtBHKN*;GL4q1E^T7 z6z$G*cxci%n2FhA6^ZWBvU;{gpP4LCeaXw2tQEB0B08K&f;y`;6Z(^GOluFaX*ez0 zl+${Lx>I8`xZK1+XuTOt0{n1~Sj$?bBu&?y0e zuuEFl)=NN3oU{b32Ymz_bhr~dgbYcZCFFRE_1RXETfCE)>KqrVNnF&x8IxIG-Vi1pbc5E#LW^f6v{kr(gpr!?gY$S;HZ80K{k^LmDP zg<)Rb0)8QPweuQ><0P+txYu{O*I(rI&9%~JSm{Y#|1fVZGEcP=$RF;_E%XLZ|3s?} z+NVvUpUMnIAe{w$EO4Ca^%QyC%yO%QVQNwKew+SBcysL`oa+q?^X3in4m`%2J31*n zJ}EtcdZjwYHI1OD{yfUhJ>459^5!~F7paSUQeK@yborDDq5$b*txU72&nY46 zZ^qec>Nvq#Fz_y>KiumFt6&9&TbUy)h8~t!llIn=)+vAms>I*Oa3g)FI)$jSc>Ghp!3Bh9GF(01D zImdd=Ny6`h7qaUm>=~QH%W6>zCjQYmCD< zf%e6&TMT+(qK&4#!8|}y-FlS0++5ar%RC8I)W3-Q5iL3<{i^@YqK+ecbDa z(%@LcKZ`-iF_d=}q4{*epMgxyS>*{LW<103WIZS0>0n&_5T$UPyk5jZu?E~=fy+eN z+Y66@lrc!?96+4Q^%8_jkXenu1+XUXU`^KGByhb2PN09@ZV`P1xA2us^c6fA)2V)* zAavpAxz8@@hZcSZaXYopADk?>(2Lc?K*1+;2k|j=f0W>7xckvY=O<9x&3S~3r>VtG z0)rMi3Bom?tTB1f;&nFB87*eiQ^gE{L&Xe1xCs&swwP?&DGU*U`J0X7=vba|r zTo2+!NZXK9?U z6$CZFeV*nPc7m`bx+~2i{A5>aND~AORp<}8a9^bP80Wo6(Omf(T(kfwoR>xPEds}~ zUGcj(nQniw3etqyKXs&E`gYh)*;GQxP9C{E>si8gUk zs#`eSCdQ_EglRT0E>#d_*hERHPdM8qPEPd;b3hEBof@B-E99a_tDjR+7YluCVnXT? zVW3T%nz~dNViOZnmkEkZOio=c7&dWQYPDe6#ObLuLV-=3k-A18t-|VOO6oeH$R?(y z)(WF-Vp?jQP;3)trmh$0FY{QK($o#YM4OnNx>1;F6Ejjb3Da$2X6hE<91z=Ra%(yp?JW3aT3*~CaJ z?FO4T7EAj&h{vh-A}sCKcFA$6vze|hAlusgV#fJ8(hVr(uXnwV$jw@%*~A+-;vAi1 z=eMX+fZ)|k;IdPD0mk;WEjPC0 zO(?E?Fk3+^*aXIuG10?-8=63J11@R=%eO4nelM+=(Tu3$g zUx(*ySQEMk9aZTA*ztEDXCSkRN|~dUqln;xzQn_eh6f#kN#s#tA`;n1^sh%%s)u`+ zah%wD@UuxY*FClSK>uc|F>6dBRT|s9&$&QbV-k?C#?%*ymN5;7wTLBR9Oq(8rzDRl zpB*<7z2&pxH(OEhBvfUNwoOmAw+V(12@*EYfwA$Kix3$u0>sYj4wYAb}YcWWxt(DZ4R1NZd!rn{R z;3t%PZ6?gjezcE8G`lCX;m#ki+Ks1D4Q5Vgmw(&pJ*jdpky%}aEJhk@HUL$ue9zYco4@6<~W%|LMIk5OeG75V6xS}8^^M_DD6tL>H>w*P=Fd5daorACI3l={jd zN&CScQbMB~vkR?q>|W%1n3J)Mk73zoASRc>4%Bkkz6G}AS7ft3=e>xEQNniPo%Q&` zj~rV(AC(#YWMsOg;IWD-rt{O0OmVIQaRpLr(BmA9zZtodm3oSOR=P>g<~jEUL@At$ zYP^Z0V`8f9ykJX6>q{eHxr-9lBk>&)96SD9^q2lR(w|euo*e)>A7rVGPE+t;yq_Y6 z4X~Ympt#R9$m;wHCHqp6aoGM3wj>>Aj8z5d$pI(D2*hkSCG8%&)2&UNQm-;9SiKHM zf?=vrmt&sCdU0$QG~;0|!}Biy+<@4z1&^WBTsrS;z%t>>0Mx8UZVKo4)-Lq$&fO?< z@Hlm+QSDB=vly%7oCbm?U(0bQaV&5Vnv$HODkT>&lah}on-Za7#xWJq3goh0-dO^? z`#unNy63k1gfAFYlZ{y$?q&F*obyG(;Hj z7(^4P?om+511^C-0|a*}a$T(Bbh~g6@8nSEn2C%3lDjzZ2<{ z$J}cXx!2Q!QjF_qJmydpmQA$=P!58 zPXqkdT$cl^-J8<8bJNoh`<IU*-B3$0)RW4*GG-7!adA8 zCu6O->yZJQ=O#P<5#Bik`HnSq#-qHm6d9dfLdM60jPp(fO*wai*n&*X$CF~~?ewNy zqkwlBR3iXWmr1VzY+Np$Z-}) zizTFhaVA@&3yhV~9poG$PdtcLGlqaXpU5#8z;jsb)piiFCB2Xvq>@F60gXnZ)_@jS1DXQT8qgwZKqLsQ0WG2dF-~gR3p9JR#ZIG< zbV9TeYt5wWJDIDILNreU~w=PWvq3Nm<($v_2;*=E5EWO^!}g!DCtsX_;l9l} ze?)OM7KeS8^*Cpv#U?S#k?Q#fReF!5a-LLxHE4?cjCH#1Mj;ueDbFB5)@RCZNMHm^ z$~oxMLy470_$l!`5_w3tS78{#Q7x4nClUP^=%YZV_)#N<9Q>r6fcOg(j0VB(VVx;D z3QtC6$|*=pp<3y)@%$U=c-XOyi~UR|7M+jQIiV93OrZqj{DK7I{Rbw8IBvgK13;;uLe0GBq6-IX4HZ>83cE$RdW<2^^Dh$dnuBR zCBk2j%%B$#B`o2caT#V1@%@Mvsy4y4mu>Eqfs!-uB94aT9!(^=hK_|?~ z=eYfx(~*;PA983iPA7^Vw+Su>qW%S&a^-lk{%R8`IYQP)HsQ|kW$m?z)Es=-f^Mzm z(sFXMx`B9@dP~m? zI6B{f$YR4McxO4bC*vbjsYNE=&%27Ma2ZtmH04Ybeng@7C8S-f@H^5OWIyf%%@*f+ z*wLA!{0pViv zvY@tnOf_6AjX19WbX}qh|LTCrI|KCk1dYE|!tg<4ZbVP4mvyE>@eQ{n|A zNaydj165Lf1T_;BbT~TI`FP!8B}Una$w)B$?bk4D2}~n~9XEh9rwvx}XTSz#gWO2u zEezzyQA}@GW(@ljJIEUMQ>5PZ`JA%W)7_Dn`m@&5rxEHII^%&prIddE3u`z&(zK65 zhV#nIZbK30Ixor0YCsz#Gn{iXnXE>exHOZ?ItYRm&^a&Dot1(5Bu<={WqPu5L0Baf znL<_{o47pFmo>;HuE_K=8C0hXIj+-$zoYNL!awlLr_+#;j!FFuMJe8+zXkm&l1vQ( z$NUrP$FZLx!^0Heh0M3mRwg30-!VDt1Y2?&vL8TTJ3V#|uukmE3l@2Kf^u&o%6nac z^87$l=jEUn?qWQi0qwY&he-yB>$(;>uOo?jHif$l#5YuY1OEY{6po|f1C(=T(>P~g zgE-cSZxB4pY&z}E@|wokjdJc}h)X% zg$LuLbxU>ND|hB@q#WhEb01Z!rn39#@em&F9F#-*!GUOVRdq3~=Q*IPQVh&W9r-3IP*1YJ2E#sVur)xGIcL2>@md0_Hrr(4lRpI8L zu^JFJqTI2Xcji*7w}MD&mFCG?kCs*)&j9oafga$U0Rn9S;o+$U<9Gvw^;Ecqcji&y z7a&sh;NjkdA{aM~h-ldz5Ax1|sNpz(j7*#_2ekHlg7`rs25}Tp{C#-fla?WfT;!S_ z(+$NZdyhpF;6|kjh-s6cIHq?++M3)6TzZb3KgOLNu=7v!r1!Ve#X@?%oj%EzuG;Cb z{`4r)R-5B;8RrA&vome2Fb>((H1rF2=Uh^FrXhp2-*F-Dte}hwknt(%JLbbs0dr(f zD_y>!942!<3f(Ef?TDNZjgCs_r@G96HC={MT2C)Z(fYVJGn~_0t zbX4(90U0h@%pJ&NeLnl$G+XioG8{3g*ENL0b$k|)#3@}*09kC2#4}yVm>u6jUIcQI zMOxTvLC#E&z%oAjWj0LoOBRcQq(Ssfg2b?_KStApcTrVd^OX?2hwKLBZUkidQm z((2%Ni)DTG+i$kSLEVlg-%nTaY+hiI)?xQmH@yaDOVTL!G#W)W2v)1kY1Wy}vR{p} zC4Q=NR@bg*HY~#_F6W}eoxMp zXoR^nmugXFKeXt$%?ZE&P>j!hfzFngRPiorosPl?F0)AD>#k9dl@>`H-s2>YRYWdV zFy|iA?cuHB)7AUy#&dp(t1q?fQR z#!G{^7a7b4I5Zq|W18aA$nY?MY=~@3Q9?}L4H$ILW`m$9@;SV-3Ww72Z}_?cwU!%$ z{DV-{9j68OuMztl;{&dF0IWuVY_ z+~w8CS&5{h7wf(qF<#h^YkebS-3I3pAwC7+)E)h>2lRy!KY({G$Ht_*2O{l5Jgi%y z7{z>#^kIlRe83|krn&OH8IO*17wj$Hhx3?7TdnkUGbvff?Bt~m8OKx<45dold1ob> zPg6j+%aO}-Db!16`_mG(WEJHOq6)%h@Ei5T52D_Lk3dp){2=Nu<9mTmqiSX5LKkbjtH(-cIRr zzoIS}CrxKLGT1vi+aIj3CG}Ke-rG0=LOB}jN)65FCkD@n0XSspv)(r>gL#s!tQUH1UohjWEWLuR;-RL&9xsv}5e86I&rHnG< zS%bgUn%|uuMe5KZVRDZ96rb5-vnTJeqT(N{Xxuq~BlA2fD!v>M{s9-d-$ygOvdKv! z!6C!3LA2&!?#Aw%>JHEnWC^~21A}BZ6PNfM{2Mkg*U#~9*~F!O z7yrIZ%=5eXdYib+pT>V<6BT|B|Fcb8?)UQlu!$@D0?(j#tJ5p}UHBB6sPy}Ik4;?V z@5X1?#C*S>&#{TC{W*MZ5XWPG998~YK4O<#Wb-$n@*Bu;KnU@VfuPR{9Cv1O{McR)bYKC;UDp{4K|UV?c}RLSiK*OnXR>nA=z&JC7T$U?cqPL2{BvXzqJV|+sE&>iD0%Lnsrla za&|7?$tINS0N>Ll)a*PyAA~g*EqfqeWD|P!AimTljO={=Vw(tM58)TtL^xaI@3DzU zc95?FVNJozR`}O!BARXR@7P2v+vMwQBA#8qe+|MKK|yvQ|C3D&%O1(Quz*%;!?TO{ zY?~O7J(?eE6NTBueAFh6$u8l?*u==}3H(HxI5vASKL>;x+LogzdkQoWq!wYl*y~f~ zA#$^BA95`26&ObV>D8$3$jj!I5YEv%o3F52>w|5)-X{8HbByam)b9g6W|ugvy`2Jj z7-+}hYzMhN2U7aDY$vgY<8oy1eUb3yIOikHeUH+C4km}6fCTyF9dI1-r-2~t&;iF` zI_GfY@Y9fEtp^;3`~@~aj>DF*!Ewl6VHd%1$S<}DI1c$0HUY;W|F})Sama55VeJAO zhx|u20mq@m;8w5XICRtWtW|O+&Rcg(#Hl-v$EZ{KA?;#aVWbC9_KPVBBA)X&%8+$C z(hheI=S4KZtMIsjGE#bQ(-Hd||IF<~@82E2=i;A<h!CZznP{$es15wj*P8~fs zew1Cr^>AA&Xw~C;c=(BSiK_>E&i3b%Y{?k7WjaIKpNLp^8kf&>Br?kAaTy+r*Z#7S zE$NO8kmM5hXg|`WS}<)8$e0$@v$e88-6`D_w{^^u0&Poc^fc ztEXi53Kq%#kG(g6kE%K!zi%?kuuE7}6x0z=5hV<(N}~oy*q0F^o9JXnCS)YbI5P=L zDWtgjbBWfiE)cD?T2bRtwQ4n5cUz51T`H~7s#R+>Ra|TB`+e><=K-wpvv2!^vdCqgzd+*$L<#2Er0#;}lnSYS;ybZg14{zp`9W)GqDJLPYN0=y{vrlX2 zvG%Oz)YddrH0`;O)4pKm z7fjIqM)r1z?ahH*Vn=ddm)J2J*d=D|?mgF@w3OL^U~+o02-c6nXKfn8p|;=nGiZ5+7e9`f4hKkd_8@%`Gia-1u92O#)}Gz&Yi=Lalqvc&f&ja7w}&wh%EE=YdDs-iu3pDb~A^(k;a>Az3<|Xm-(%Li0x=C3`{A^s z5XtN6+^P+X1F)oegvYr9E4Og1k8C}gZ9R*)*vo3;|9jB$5_|8d@BIG59Yf}`m{H;z zat?u=#f%Lcv6!(xV&-B-_ayuXVBV-6W7uKDo(HgB4;CZ#>UIi8_Ns92b2;jI6ct>{D6W=)<$U)-m>}L|!n2(YIr zR3@y#!ci6Jtn56pYYIlCGLJL5!rxoYwX0o)FJzj7Jp(^7T=MZumM?TdrD%?kEx3VB>~O!94Pnx0u(Tdo~9LV2vIRV4P-*^Ga|~k5$0~KMDo5uIC0t zi0Alb1`k{k?0-sdw;O}KLxsWqq3U3_8-pPZ3qpalRoJ3;Q7||v*qf)W9uFQEDhfQZ z{)J$EC~$AyOza#uYs1~HsRO?x>wQCk$E+gTEZ=1DO}5lGTbx`M1YXF@4E87?zKe)t z7mL;@iJeC@&L~Js?5c!e18z)+wq?=k*cznFtU_A{|g;6W@F+8i7k+7iS@gYY+I zL|p=R5W)&P&2nR~7rqz_b?cX(NA28$n$X35m2$@l>(;%pC+nzLQp@~G zLN&`!@F zdTDMZoMg{v{5F8&!W_KxY zp!Z|>0W33J>aaDL|G(BUM%!f7#j|$v;$+)sP$aL8m1PjKqpn>vuUjbAb}du3CX=CM zvs*Kx{n~lU=a&fuoyxHV0V`$?t|WWVF?VCo^_t88539$+~1Vu{zvbC-x8}%)T9#Wj2mu_ z-8a4RufpwOS?pXK7avto6R%q_YV_E`NMXe9zpPXy(NI}GGM%6obP{EjB97vf9EZ8C zh7(nbR%O?u5*fMf)Ff(EJiUTr@+Y-Qp7#qp6Ogjp8Vo!^D;*rPgwmui`h=FyV7|6~ zQz-Dj54zEiypUf-@ihncstWE~6g;>v7@_Dxv+N@68d@0K`>0^o>A^h$eTryGih?7l zX){B$iBRC;9~1^hh60`W-DU<49vK{dWN_H`f;~qCyBrzp{p(=Y?`+ph0H3PlqK0<+e)-9H<=k&l9JhUqC`MRp$L7~7|f#y))lXZo`;i15JNcRtP zFAVkztS$-;{T|uxj*_?6y%F3e6u6wLgWja=nTcrvgJ+Hk_BsL6tZSBwErFu*xl|;V z_AJ7;A9Z4TkU+$J-?~k7LxEf6EbzPa-HL*Jdjx*50V~rW1s+;oNDs6)*cbZ*s_d-p zkE)*3sZy%TVTIT`@WA?Ja!!+780>aFN36{Sezm?zYTIM5KG<%+CJaBTAy_DOERu5S z7CHsdyQyWh!9zkb12?YkmJK|Yx0r)X!C|4mE5zEB4E3)HhVRC{vx56^){A{lLIpzO z0uNeQtlXVev}@p!4U2=r0zJ0Sph~dwf;|HLxsabADcjb+5e)PQ9K9*n>nH+lq66-> zzZ`^~$`4X^{|9&LVx|9$70O~nmS7~c=9_AV__;j76zG#j68qat$r*NXPWm?|C)bsI zeO;B*$b(9I`Du|Ju8Z~BPSdjUR^vO5gTKDn*=Z-x!1!0%kXS{1Z7QC{;HsUWXE6FO zS{A?W=8E6q_~Tr8u0zJTfgatC4DP)IC)t9xoR8Zr4)!SI@JR1adX=6~s$|#D3S2%2 z2y6~o-R3%>2mWtE_vo<%ci$rM*)>##0DCY%&ZCR!@jW6K%Robv%K-GvpvB06k&qP_ z^r3waUKQMzbPb`23>*7A&Mh9g?-5v)7yMe86N1()$UGVBek4!949L&-tH;Wn`T$)U zMoiXQyXXv-6k9BlVy=;`aw>`H8|-?)a|VH)QWkD@YUD;<}!x&)~`a^pKNA}_dik2$zSmQtY2zlX!Zz&v}TKWVccr{GTkh9)IjWG-NTOT2)DUfEh|3UfZBQx`-}pKq&B$43`4Z|Lk!}u;&UIbbGwCdnif8D8lOk z1x(`z+MTMf_l>m5{h6q}yMD2wR@&vSQA<~0tDU_QwSmy-Oh@`|vAvoZ-JWDXD&C%< z*}>jN276u~}}_!pz0M8(cpFsn-!d`oW31P0~>`!n{GnOWB=y5LA~@R7D%`(u{9pn0L2 zgVyBWf*vbFfjQz8f$@wYW)%ka4~(x0%xaeD=3$QocjFfez84%k2A_~g@+hWZ6lPI~ zvCuSzyf`Dia|SKXnZZ41i@FvuBq$6#X)Pwsz``wFtUR=s;( zh@aO>q0Y{5y1WvkrB>o$cv1@0x#Ac;z4YsUzF&6|9IOPv_T zbLeDklb5xsZ_e6ZCDPL*&YL!bcM_*(N^t!85$YfJj zoGD3I;U~fHQ<7l&=>d2U!^9D`#%_DkimWLL9&nTmjuL;SVUpIOkO3tF-xiWaTHnf> zX^;CZw%dlre^X6&`au~}BP&_6WBS#ZlZ$98|$Smk$kbYlDfhx8cS7Li`gSy}7W zY_De6_f)JgJ58C_YMGO;ku}MT*M2#pSy_4CvBlfPUfS>7&0N_z*)AipL@0~)s=IbZ z57Q*0-!L(rGQTWVl^Pv!TVRygEAQQkpKp{IdE@2aHW7PfpVvRU?zvgKLP-?DqvIplx)@2C8K2V0(XtOK0KwguVA zlaSAPC#J*;JA+$+hNc@hb(Ami^yFEKJS{)O+?P2f@3s@h4Q=PokmKf$^Vdqa=h*VB zV`O(6wGPd)JC%(>wB#2#e(E0olKty!h{*0Bdm!*p-Z7iy=wLPpFq-{D_gMBT*a)zi zo&D=DmIN^4f5wh~zU=;BD__fKZ z=sxTw+K0!;ZVDTrx-4ezX1I%y;VzQlN7*QIBa2-mi$}3ZP}!HVVL{o=un!k3V%O*# zdRd)?9?>VhB+5jI9GlnI*>U+LTfu1~o9#hzP10tcc!3Owyv>G0&cTzejy!9Dcb!8o z{DWMT#7IIsi?ox2e|jgL216omvmud7ft04`pk8^`jVjhm>=)W8$jT(s z{+r1EC2Y8j?3S{HSi0`JVesZ<9GA0kiT~|CL95sdbQ!1DI7oJPvv~^c<+zQ_kQVei zjYzItktt!n{us=!KL+!gJMJ%A$Jpu?^1uBzp8uz?k#A}4x4YT|I-gD4iJkq|#Q!ey zE49J=L>+|O2sS*F|LwoI{C^7@9(e?wKbwt1=Nd0SaInI@8hwJ@i}v9$B2>YaZ#5Rk zQ`b#SAlZHDVg&8K3;EwszaXdHcPP;*&7<2&zR4jv{pS5$&gIzz+ll31v>lOOmi;&t zM3})`wf`h-b8WHcS?qq{9Ljq?FFJ?v0_}Uwp&3T2tX^ywTz325*p&JH?3Ou)UIIl> zUeiaX?4oQGzkjuBj*au6JOw_4&9 z2tyrS{bVDIUt9 zlj}JBk#kjc&ebSK_TTgT{{@>A>r^sb#wN$|DEX=Gu_I|&hU`E?cAz2ayMZA)*pMA; z$olRPA|8>U`*@b!ADlxk*1?<}Vxxu9iaCOQ?#>5EAi@sC$nqMY(F^^ID|gyg7m6=9 zf__+OY(BTIMrB973A<2s``d@Ukv`H_^Yv9psOvsmWIu$>sL;}Nh^7!t_9|=0W~uzE zZ4o~qM{p`bTyvB#lXD4XbnB;ZdZsOwtLE2neupjQr&dlM+&KzZse%6BNMxj#3{Ufr znUJSkF*^H!Cy{;$@}(V2l5GDSfPKc=hV-)}r$_G`1u%r4h+~jhZOe({+kb)@H9D5l zMQol8m--@pgr%TmY-ZAhNif5P@*=~HHu78C2RZ$iO{$j+Y321jx)3ip^5Vju>=1rj za{9r}k;aw@}F!}~lG zuujSu{VHVSCl%24Iy?E%K0~owl@X|cWU}%zwh&qx@qwRne7h~;$9<8DBx7>v*KFOn zztwlR-HXbIUzCO%>=-tqtr35bjuSVMo&V=Dzh{vP zF7ta99KdTrd^v;pay#pRc=^Q|%4V2|v;X_||2+#FO_HS*m#IXpk$mA-u*n)wTHM0@ zll76?*&bzUcbV)SqyotV)SG;Im!$r^&GsqVKiIrKZx-#%pgmrJOqT6*wsQ>m=?KUq zM5Zb-Soi*9FfFyy8=8Ckc{t0C_TX2B?B3to97uQWb^0Ec9)BpC^!jq$`^#`FvP01) z9liG_z5H!#($mXz?@yZlX>4AH;&EwnE@AT;I*hB| zRA%C+Q7e+!>W1Zo+;O&_0CgS%O{MEkl-oC43|Ahue8PkymXD2(<-@b%E2=6gmyfBc zOpJ+FO{f}ocsxFC`4Qs|A2+`8VE5@zc|z2Ah;vkReQjdY%4AJ4US~dDYCi}h&zFw! zk46$`)bfU8P31_r>29U$=ZoZaw-t-dn7Yu4#cbJFZGB}!O(K@e#E8SHsE((tIL{#^ zv$1S^c}>EKRVC9I3A9iG)x_mEQCDfj>g#e+F<^{5R>b1jY`mg6QE4^QWs)oE5|v>) z%2-34Jl~Xz*Cf|+F~%dS?itU=ny2=~1kafz8x!86tg_E0tkTsLiBuMo&t^T_nwwai zwNmLsqcuHVS6P!t=dMqw=gHcd`nnZim57o>^X8Z2q^8!yS7dUh^Ap@-uFRcJs;o>W zG8tyc^JbJ-a~o=xC(_Y)I$oRLDOw}kjJm4&bS>$vud|MwJ#X%`ShQ?DIhr(o{-h$pNOJgxBR=RjfX|!y{yt%RYrBfs=Q|fsncXifDNl7|lm83_rjbR(hHi7Lh zYidn>Ji8#?n6Smu^)-tmoeMBYL&iQVi?6WvrRj8idR|o(Pw!gx@q$DRK3AW%O5)kL zdqEC;K0mPnQzp`r(usJkz-%9wyritunv#ypO|6!w@Pnzd=S?b`LH-s@T3AZ7_Jd#iq=gTUNTb%rdMw?^qI6YDITM)vj+S+fSRZplm*Q$rS`ytXMgj2SvoL6)R^a zYm-@PLBsL|YcNl3S#r5GHA(r4@vMbTy|*T%mnXC7czVsT89bxjevpK0)Kpoqxn;4k z8Ivt{7j^fxM@nt*y+jUj70HT~l}@%YR1m37GvsM)9-&*AsGK4XucQB6%2cirk8&L(&E>h-DGli~ z&nT58mLny1U}nsnQC2*94CZ%FtVJ{CPM$Y!wpCqHQ{z-YYx<YsQRapP&wm$b<@pozL?X<^I z*)$D)uGJOa+p$?hsxnzsh0nQ$h{Y=FV=HRvm&a>j(tKpBI%G0@2}a9)#g8L zWdCXF?_y$O9i1^}(lk2M*$ZM* zCe5BbdD4_wI3;3h9W@OZni9JKaJ%n$RrBMk>}I>Pu5t(FgBf-T{nIJ&nwrV<19V=r z#`CI{Cerm&lMIh&Yt!)x8fLo9WCfj3EZJy1&x)A=eE0wLg(Uk7cvd?{)N?*Sk@iW#W-23 zoxTCR)OmYYr&4Hl0g705ClDhK>BI_Y6iAORAm=)WEwM{oMk-^a?56m?(jFU+<$srI z5L=xz48D`Gp$Oo_vDFNro!#31c!hVIEcZUacgnD%ES^fmRYy&nMs1$Utd!xlb$St?47i3PK&jiL1iqi<`UEsMs6_~=ovExXQp7G z*li5`UMM#nkJ_X1>UgHwn#)84KiScf<|H!}RbW%y_e9LY9x1*T_i3*v7S+()i9LlITqgykvG)-ABHc}BHO5_dWrNj;fO)YhlhP%F}j6z&#F$b{Ic#VImYCS76i)`eA@Sz%Fz zDWqg|gn3k~F&>jA_+5e}TDMp{(>mc8uiTb7ql(bymIA8mkHIp6ZasLGy$q43>@XL*eX-fg>f1Im40Mm^$pongFUQfF)x?o zTpF@#Wnstsxs%*Ty zAzcsI&KnHF?r2g^t+L#t^a^G<{NKp(D6SGKsb9pJ^^`aZQZaiXXLs%P&|g-jY@1fq zvR3hbN(*j3(miUsHe?_v&Ta*LuEy?9AtdBY0ZBkYldZxmyAIfeBZ1_d&GFJrEraHjTC7$C@i*c~9s z0HuP}{n@OmWbE4sQ)`lSE3L`)|FPLD5XVaAmd#&c8He`r$>)+I5xj*HfyUh%4V>z5%Y$)C8d*(on}S<#Wl%+ktXpDdsUg+ z84dRRDd*z6Ros7BQC5v{D!pY|3A!Lr8&5GdXW^T6(~&jqV(ctpYo~Dgq+2T!Yhp6l zcg9qlS@zVQn?|^5u2AKIKD8Ge?AfDJ=(&lPA;%yv=EabaxKa$?WKG*$XQmV5c33VN zMzy{?@#%|c#*N%<^7MJ>k!2=-LB<;+$hcI}EO(yl1I%pijWrE-h0tI7{;yO$_ocP( zQuSo1e@>ax2Fa`b|G`_H{@ZTfA^l7UWNw%1%Z*lo8wbm4QWiV=zjRH7eH>5A#EO6n zEo9Oohw;_kA$J3r`P%_94YeF|-wF*vYpUXoj{3&Bdd?|(+-S$yc_LPysO7GQvzLL2 zEjz|hfpg_XKF-Y{XDP8{-h%BW!3J5teO7J;Qipe3+;+H1iM zJ=VM>ZF6_RJFhBtC(51(yUJwtJFm)?oPld4?Afquz)6fx>uQ* zxfApZc(|`cZpLk2uugc~rDElL=PsYC#zx$ZwC|zXMSbzXCY4Q!`OEO`BK&sHU9g{L--f57byt=gkKB&3 zknf6f1J@B;;H^RB2vY94RE}BBnvTnNRJ-#F&YIpguHQL!-*J7;z0cv--1){joDa=K zH{aNXpvO!(*9hL2Lpx}lQN1&lDF++T6abw}btp%g8u+k~a& zmU%}sOzvT9Dz~wsrQQHC-59r0-bvCs@Y^SQ+NeTIUgIv=+C!Vzv_#eogbBQbHt&W_ z?xHgy({Y!sPB3ReCR&!-&C| z+Ka%v-fm6N*GW;zs(?FJlbNqQ{rFGM z&CFXP-uuDd#c;9t$IdOAF{d;ZT~K;#$vhr#nmuodH;*de;V0KzUoVEpe{hUxxK8eE z1-^D28l9567zx}-CzdQayd1%j7Dvz-S ztU|h%xJ%@jamaFJ3;az#)Om{Bd7Sn*NO8|Ro;|l;C*%JFoBZX-IS#OiP(D`5<~)h+ zg?ic`j?6m{c_cljr!PtKh$AxwB9Ex&WELC5ky!;PP%@hg;>g?w8K7k3-3yO6GH*iU zC8JziUmC=bk+%fp<)WO7JTdGMM`kR$u#%Z+5JzUIv$ON&*g4@6$-hG~F6rTu4K9&q z^&J`S+3DSUa;YoR-6!&fh5Yqob3)zXl04GskY7P&t8#x5QpMLcF@c?1p38=aoh6i` z;3Ib0TjW{nZO1v@;>h%elq)?WAZ>iFKBs2_q(;e1f;16zPDWnQme=2NX|91-2by|L zmrx@-!kUTwq*v!Kk05XT7@6jrjQaqYyw;qHOFqw=_R|w{A4K+Qfs?N`WaQ8Da^69K zeA(U1dncrNq$!h+_#20qWDulG$&7(SeL^nm2P_VC>tMdD1wqzY5k=%-jiT+yTC2n- zUJGyyX_7L{wE&U>*>WwwV&4-A)7*s|78%WDUR1GV95SZdC&T7P?7tlG;%eQ+xSS?w z7@Eb#1mn zE7LjBJ!o0{Ql~+NaCU~$Ga7Q4BJz>9)-y~!We|SG*U(eN*+VK+3UZes@~w{Ii%dP| zK|0tZg-+>Q#@UG~)D4i-1!k!GA>}ujQ2&4oRH6Fg zk{xWh^z6e~iZ6%dY#0%@rBQWcxZ#$Td+HbawOeAJh|C0~xfBxdLy62hAxh>rNc%=J zu4>2@WsS9veO0KlAqA>*ehf*eP&Yx!d7ahCh3#XN4XF;Azg)iVLZq7QsDIJ2IYMo!B{>_-jvmj$ ze*)>`yVg0&-v;S$(<5yVU#JloMScefPjoEr$h-%MK4OwjAd$mN!p~(|DMk7~T2!dL zAsq|=a_Kn?5F zJR%RY$ng0TRllAPJ-iE>3-t=5;4v?h*znJgXkU|j1bIWX2|XCpe5S~7$aM#cM|o}U zSV(JsQ_l=Y)8i&7gVc-PJa{*45*TNlry`yRFA-6Rv_pTFi342@>Tc&0J1@18JIJ zTI^Mk8ETS`AsxPqm*(&=k=fNWuT^Od((XEXyfhDi6x*7;p6Ce3z=>Y(DI=MR>aU7=(ukgR9B zK8JE9soeRD!|9jbQ1*Ef&5j<=K7WH~ncnnE1qYfb+y}Clh{VSn-;zfm#` zkcg5w6;jOTGpFZzAxh>>$n8qzMMzZ1ybBo~GW85#LS3$84uM>uWR8cVluQ;B;LyJykM%Nz-~v$;^awD47_fh<+uf=Nw3HAx%oA6Y`Lf8O+$HS;-sqsdmsghv_ry*yatIV@;Rhfk-m)AqKbqe<%&#zq!gJA zX;J;)LP)0~%OUNG)IvJ8nElQVAyG9ZxfoLLnwit9AmP_dvISywnB*=IzMZ|a4T3(Zgk%t(qynPgu`iz1^TZHi2T6pS%L#U<2OldKY% zaUPL5V?}C>HC>HTPDds+-jk7>%6IRh6FlNszRf1PYWd@ps2e}73rbv0w}ghXyM$!^?8ntqr!!k04L2eMR=5s;M9JPC4{ zA`2iJ6{&?p&MnpG|ygrwAp z(5sNPrDh7>hZJW`(se(q(PH}Q9+37M%${*5B=Qq8R3W5%wMmYKG^x6?3{v3dLdspf z%O3HG?{zlWRj+F<@n*Q#?_|cdKk?mst0)<5j zYW(D1n4f!AGS@;H6}bmee4&}<=Y?Esk`74w&rFiPKjnU%N%n@!)omSQf+9yjLW)Eo zGDppo@-oQlDupRXgOXVXnXL4j1NlOQx*8JkWjx<-JbYJubN@t^Z!ingAxO)YEhq1?~);}VfV$hnG? zK-%v&TiS(?yH%TzfIOl|26C;^a~7oFmyVq!O_Z>ZL8j*0Ap=ya^(drFdCMOlUHmeQ zl`f3NYAeV8{&3S1{*27qzKq2686^BGGxmaE_@N@hA=}hy{8)%}pBZW2wxTPZ_p@s+%&ei9L>`qZ7y*< zp#oy5nfMw=`(9qpD4NfJ6et<_IDKTGl)IOUR>&jDs`o?czGwQz(-KP6!8ah$Jxx8I zK#H5p66|##>3P~K3rUZBi~d06b>kpbe>0SPa{epj&&NXEQlt*jbf=lq4Up(R&A2WU zLOydjy$KSz-3;}RkYAeQ_dB$ItiuHd^)5_g_6~~RKV182c+dIGw)AA+LSfkgw!b;Zi94FvFEcQa;PE$ATw2{ zp^#!#UgIIkM)?jiu8xH-{a|tWq3BDw$dtBZPW;4_En)K zOQ=7XDO?J%9`p2YY}G)@Tg;L9_l3M`hB_P4s${N*L|$`boHpTC5=xECUlH=UspkVo zn<61vn({xHGD9HIH%&4gl2&cPG{~2V91rs|a$tA`2ncDY60*;rn+v?_CdR4w+;# zq;fB(zi`^;n;|ud+z)9|tc(?M~;XkvlseA>ifRPY*FN3$bE{8huq~8uXNh&obIY8+&jtigh^<2 z^mwI{fLPm18=eBmd6cC2N=Ux4*e@W<$bW9!@)9KHnG&iKGDd~!UP#?><8tc7o{$a| z`vk}*Y9u@t5>`(iod_v^z%0{^kO7m;oZcuhpO_wX59Bi6s*=LTAX6221=9Js8R}ig zTgnsu0VzJwY_a={A{Sqnp$>pNr9w@BL~G1Y(;=NIr*TO5Q?CV(6lNjwRSMTbI#iE; zA;jupTH^-DCKdbrkV_SL9&(x@A3%nvxcWx;f`pPe1k$R=G{`lI#34Udd z_bQp&AT3JfVaNqa=2b|OB40qxR%G|l)Jmmi0%Wa{nFWc4Op7gpR4bX45UZ;x^8-jk zksm?I6}cXgQsf>;vm!4-+7$T+(ymBP?!Z{x%-DxO!ir3Ulq)h1a<0mI6{KCsY=9K= zlzXoKx&YFu$n}tL4^!qr$os0TdkWIV)9IqeX?tH5J&L>uc|x_BA45)2W2A0ld1hP5 z>;rj7kqG22MJ7SAs=SVYjPS>Y_B|;^jFWwWJ*{$N%6pmlIu+8?+sws}AVn<Ocj2 zjMHkhL#|cnc^#5f&+>IbIur?wLyrozC*=1k7Y9KeRHO(pS*2$#tq zlDPxYrevOgbSm;HBuvkj>lr_S3{#}*1j|~lthyiM6h-&}eQU5<|Ct8K*-&!2SO}jo z$koAhkV92mmqLas@^i?8DqnX&TGU+TAxN7de}uI1$%R~8??c{I{ntMs#bHyX|6#1k zD$5UrY*SK zEx(5pk27UHfygHV5Ckf?{MUd7bO;Qi(P~;Q|b(ATy z2@+Q1Hb_*F#~>+1UV$_z@+qWQk*-HzA4Lv^6dY~FJ{uBNBm*gSiPQ3LfRrnl7RVo! zZ`=$yN{t5Pu60YX8P{`=msF_NA+1X06G)pPT_;keitGomCYhQekgy`NB-CV6rV6rc zj_C>OAkitN%#R=)QB&qRNSl&*01`RIlz9mfR!;?g4k=co_xI4_)@8?AhC<#@)+mHD zt2+2SNI$<`cx`X-G)c4B_J)}O>N#V?Zxg(>_q{4J&9l(#=n1>ty99ED>d{Vw^jcwt zS_8RM$(#x4Oqnv5L)vDTR=o*QJkunPLZY)w@-if)$or7U+onveY}oC3733`5iOwFG4#0VvHA z*slx{UTEq`h#o~&L99il%$bmsB3D3K6uAk~uE+zThnKT+R(%cjGdIKSl=nUTok`T`*{A@8eJA_j>bZ~Dd>$l*%Q z$&eyNu7Whh%utU&ij~ZBkP<~chcv5DgC?^Ip~kDjAu|;@9CEKBGa=9W#J}f88d`&V_QHnQT!t zt_sbLp0E`V7qglm9V$JSLBi!`y|^7xtjJT4az);TG%1o_N=_9S3@Pt!t}%{88jsh*fXK zwFXkG$iv{S%~9$!voZq|CUwPUm$r6>1nHqGZNGqKZt03|66H zkd%_CgS@9o=YJs0N@f$JQ0ciJ(yC;hg?y&;d<1D%GTmli`IF3ig&`e^OoYg1Hf4%}IS2PwY9BsGvWMNWluxWuviRgmUO%}}>XC`BHDw5w6UR)}@E8R{cQSdkDbg)NHg z3u#kiA|(1~z{<7r3m}olO;QbMy26ZW1Ef`v3n2w+1?GB4YLgereuj#-w3<~9@&GdJ zn>`t6dw(aITTJr4$S4wIb+h#`2i%OKVu zGxk;?Tg_ZN3Tb!aa_Zn)kPbz5TY%3iG7@54Z|XS~QlLl*5?16wNJNpFA;pS32Z<{3 zF(jo(_cAP|$WTbDB8NlT6`28PRPFQekd7P7T&#ygwwPoSB&A3zq&(m33m%qGpPHdw zhIHI$lD|PZ6$u`T4R11K_JYh-GoXVZ%{QAeVY#{Lx~rAWVpwX7Pph&Odu%RMjArVE6g%m6DeMnT1iy-BS+yF@_@*<>J zk$*y36&bdSdaB4ANV_79kb?V7i(LW{Cv8Jz|mwB&^6ZNUR0Rgsq=n=8>UXA06{J~_jgS^aE`ziwax0`=k>?g41>J! zlygTlpA1>nc!>8bP43q=+U?fQymM53$o9|M?0Dzs%csqIwX@Oe=<(K;%OM?ZyXwSV z1F?SZ$wRPt~9#Z5=$PGlr zldajiBlbGvCH1W1XOIt7yU~3Gb800s6w>+!FU^wqBO(1%Pc#eC{zp?L0V#jgB@kn3{hJ`9j(G4aj;G%Bm)XubH6+L$;|Z`I{zrA7Z^_lI}@b2}KTu zH2v9>nE~lkBn}C`W6G?Dw7SHx^JS2;R8DV!%vW>sMXzZJ#*A(eovw<71QT zej@p*GyB|;kTxYV71FuQ40SvtqC%~Mq~14UzYtQR(tI_f{6kabE=ZG0oD@C&0V2t?l3fWx;AuLn+cHUr)DnZK~joTLz+G_ zW!6BN6*)`Dm!`}nNUI|EK-v{~3DTj+-yo^496gQ=d(=ofV3z5Akm5X(jE9uFzuV)4 znh8mDF=fg{W{61|Af3;ceaiWeEoz*34Wv!oZT}@Ctj2ZELW&jn3#3Vryjp6LB10jq zij+dy6gdIXu1F)KQ<3u_R!=iuTOj3%JOpV{B;#mm!^sdey?NU+o43ew6aiSjHj_JLXaaF|I7 zA;kxnWICjMg-I4eBKw&A*GZ7JgG`xIAb)w&%-6M$4n>}Tv|8qD^bZhAz5o6xWPlpC z?B0Nk8n+xQ@1K0^6dz{F?7fOKD{>^H zv((f)2hyfwvXG8xrp!i2c)Ce0hLj&}#&s2>CFKyO7ygy#DKp8-66#!&d=6=I^*EvS zT1_raGG)d?S{9n*7)azilbi%8Kf)yELkcn`X%(XMJPm16dOn0iCYqskUqkFl&%uy3 zB{K<9o;5?oAjOMJ@&l1+Hpym4)AvmB0Hozqle`XzoNtn@Ytek9Ne&g#V3Jvo$YPV6 z2x+>&B)TBevJ1}R== zk_@Et1e2T&DY)1qn<1?wCb<)mT4ItXA>mS!{0Y*2nn^x|6vs@`^9N{FaSequD?Q(X zv?$+L0tu@+_yb6}s;57N6e~}-57KmCX*$62(-6U5EsW8c1kTw%VK7TfI z(QPBM07Zrvgg2Gs7sdHDN|Cbscx2ksX5LF7&99gxxES(+T2)IzLcX3@EM8MnUlE_~ ze?d~pYdtdC)I9fGh^0m;H$qx|Z^m^mr0H3cv_m?6VvH{b5IU72^#Jj6DY*H5c zJDSU{Hm%X)WLkhhX6*Yx+HW*{V+tfS*OaM-G~Z&%oFjS`m@+?yl;3X3JSw5eOqn+! zok}Kf3Km;r${Y;oxYN`#4-%ba%48r`qe(7-M1E_Ax(CvFo+=ysq|-$bYP>0P1LP(pa~GsZS^jwma7t%aJ)u*1 z!Y62MonfYD-_x+_Xp@YCgq7tNL99YkW}SrUXO8F3g{1Z~$t@DGbCNnQ@JTw5r(WK{|SwGHFPGDzCGJ3^!%2fixd%lKUX-zcOQgRYIw`%s(I< zhnb-UoI!bg?1T!CMN9+fR4JSa`J-z2mq6MSk>7Q`Tak^BXBD{+@|e2Ybrs|+EmNyb51-!{pykjP(6(jcKmm=?PT z(sqbRZV){~P4W<=LzT`}Nb?ZWquz(Kd}+qj_bft9GW8q^iG1eBIHgkpY5CkF)sS+P z(~}`hs+2E=w5q({3~BqqjQuG{TLa9Yo+^7<1pMXGe(hpboR3rO?+UQT0^ z=i2W|FI6)A|A!Rb>%}Er7lCxBxQ>L}tH@l)?-e-?()@s_Cku%v&8I+)^2a0+*N-3r zm1kZLx!Paz6q$P=1*&a%3DQf2dKVIX%8cDQ8#}*eT6HhT3(9*BfF$2HM+L_~3RD|j z4QW^83`pv8Gp@^pylavhA%!ZgCm^{y@{+H2AT5V@_vnT6I0uV;<)ztcpPjF8n(cFk zAIkgn#U1bLKce!rKbkuSIw^F#w+Pa*yGa&7npOR(g0!nISu{aXyO}w?3{qTRl2%B# zpQ-s#NP+tP#cPmPRSG|a{Mjd7-ko0$-qpN!`g+8wJ>^L{tvc2(mZg=|rwK7c%>$e!o%T!HfNLP*E(}U#fI-fma8X+ zKZoq=%lKt#r+HV))cVlOSD=|RyLop?XHQ7^r>4v}NQaV{0kPCb?*vF#kql(Gx;wBD z5>YajLfYn=mcLc>EHQ2PBBWiBk071LnKHYdPusi9B!@$yNs}B0Nv$+VBcw%r23}ykn0rr5u~-n(c@U`I!MP=CbC-i3I=HD;(i zg*;(~ia;X%%D?pQ4ScEdV%6F#M5cUSQ}Y_g)ymGzkOJlNn;};ynOh+5DQo-@@{l5* zK)U#Py!!5Z4R%-Sd*m~-E(b2+4Rkef*b5T9$+M3am-F4XU5%^l3p1{vXfDokz82?{ z;7G`I`6elXY*A#cq~|U#J+ZoEWvpU3?^bw3$~2BlrSjfd$Q?>g6Qs=@H94_g3Yi`< zW4{41PLcZ|9d0}CgnACr`l1>8JCM6oT%SYkQ>5F)^n;2Ff}|cc^^As;KVp&+NV6hK zAzjq?Ck1&=wKk_f3Y5$yNT;jEY1QwCgdcU{a>y%?Vr9d(AWtYgUqIRw>3s>ls>ptj zPPJ|mfi!RR;)-RGE2IPq{%GcOIx+?SG|3`J>ziIEDdk#7v0DE*4HDjFhPo1xQZl!R z%->9z2OyD;O!7NOn~MEy$Zu3V{SUAk&o01W3D*nFg7qWXd6P6*&VEQ{)oJB1L`;c~+6nA$KV< z>T=8aSdkTw&5B$Cd03GrAvY-UPsqE9jJ<-kx4_A})B4SUysBh2KyL4DTI{EgHbtI+ zJnj>(l%3y&*wylS*4HC7uCgIzm8n_~xRPH`QKRKPkb=Qx2_6bLO34&MrYk-3AcrfN z6_7SxkHlV4pIS3lh58{f2dYpPLH1VUD#!pu?tmPs$PI8Q{*p@F^U8?(cdc4 z7g8|P%zGFTQDhV(sz@m$rO0uRWmk4F&MJaW&Vsxbq&$3b z5u}AHk*Qq13LyQun)w<8c@q2Na&ZvkZ8xsmU61Gv>3MI5^epz% zQ<$yESneNY#9~5*EnT{ls4SOEnO`<+@$5;{dwOk4p+lCI<%rvczu}j%BU3VITu#Og zRkHN(?a1sYv$rQDQJ+ZSid*=vhZnn$#RhTwCkc5~`A-(Y(x74IjgTubV9w6xLRL`_ zIsf@Fq+R*XwU9kA1p!@;x)tKsIc#wsEf!l{8H-!FoH}H!mCGqXt%nKKG}5ebzlXHh zp<7S8sM_=rnzt#^ zG6J1+)^#uS!f=hNUK2{&wLs(P|3V!5Jx8e zr~DW{+050`-jL^1-UmURRe3)Mvd;iB?_(g(#7wEg`5mIT*;gV>7`^gLyl51H$VpXGH&EnSiMhu4>D0j zo`94nJ#Rp~_Qxrmk070gc;f^~VYi>LO5?XkLIy&%DVc*I>y*qy$Y)AsHsni};Ewzq z4~e+Ba7Z0woFW?_-4r<=QlQ9BAOl_E`WR%eB2PiWigZARDe?tmxFTJz!xI!440-H0 zub1)KG3QNovt2#h4aInVdBz^$H!1s!K+kI0!(Q0I$@_T7akNO?d@=m90R#R$&^FhQ!?uz1^)cPeh`9?%T-*Pk@-@E zx*hViA}>NL`yPjvi`O78`7)l@yNK4SH1?wPx_tQ*J>kNpKX3wfuK*FQUerF3LrO1PjRyAUL0TNXs#%+)e zpLq6hMuWD+oR3vn-(;UXZ{S`DY0lYah!8TKE3XJdzPs7Ow?+|U@BwCdO@rJOGObYt zd6N-QPd`*SWUcbdH4ra_xi;Z9cCTmVqU0M&`Aqa=aGqS6FM+fWDwpP;Ko%Tmruinw z2F5Kt?G$=8bo$(X9s4!P!|z7V7s`eYLpH1QJO_DOrRP=1qJzxzybIZ;Z1^eU9zTU7 z(+X^%KXt8RFmeM#lnzR$yd%|heG80!MR#_7$nlwEaei& zOh)ECZ5ztCB_V^79qyKT_fK=}#=lBo6s?7oiRBF|nAI##CmOx8s&u?I;hiMws_MPt znq-~Nc?#LX>3H3WM8-SIWYd{Av1DB`Yd71= z;}t8B`$hq&Y^I{xWZjBYv3M#K%dSb0uAGJ)u52H)E}l&`CSsK}HMQ|%T`Zl5XX@)r z4PPhlHHtFXcskpVieVI$6<5u6m%l*?(#%4Q>};pSyS}}e)fFsF8NuB1orta7PE5{s z5KC^S%{kwRnAVnzaqf7P;Ue0>OrP3`^EjcE7uuc|!|!7iw&PfQm__CQv21*KO@f6& z@up4@&JO%5vP3px?u@eH(PLymF_o^zPT6d{qB>D20c%sS*n*lwB2_$&)5PjT zMMHK6CGpzK3a%xyZdBPsy4H%7)YQzue~4j$;{a|PJ8(j!63MZLPl%-(>axk&1TH6! z@n`GPwwBVmYDcpj>xH?D(Sn{emj_s<^!Rkgcw-%*aW~vM+GQIJUf@s){VgcgHL0 z>*^8}7;^HAd9f<@N=|YIkyJyb+7(VGC~66o$!S@zV0Mhg&;$HTu+$z~sv?^vK_V|n zuv6zr$15rlsjMmN#G6`!vP=f^#*%o4oy25arPIRLrz?m{DuERfU2=D9hY+GFQ{9lQ ztY1YbIq|P{Gwhhh)n}*17nESm3X~nDq9zef$Es@LD>D4BmUj(D#~142WK2R!Y7*(R zxRGraPTdfWW5>kVCg9j2oKDmwR@75XJOhc{(g|G8YXR+eXbs7_#3)Bbgo08HS&}1h zxk(k6Gc;`=&9D=lXkVVJccdku+9q;2M*Ec1Lfg^tQ9+XFd$5&F?l8D?ji7V~LEb)k*oQ0&VaP-+W&LvRWV#@p_(Xx55wa(1Kx35$9rSs>D zEllG}w2o>wq?01sK8tWs4; zs&PrBu8U;n*U#P?0B`4%Y_HXm)k&*B00c=81VNCe=qYYk3eW^g;$Ci2^sa%?SnqBB zJ-r=m<}iL3+{FfMF)&jzy5s8)SKZ~w(fQ?Z_u=rblS^f6u!j!pucv=)rkiQ?cM|l# zd(rrr1}>-LDHh8~nyJnJ-z$lV?;k)nx_g*DLj5#EPY9$E$O&6ATM@;KK@=ELU+f<7 zP}_U}V=643Xc=w39CTjj^~)I8tav|NUwws5eYi#k%Iw=JkYLw~ceD9arN7dkZYHzm z$?PCRrsl!mrtVkg+9a^bs0yhxgnN-nE~pPOQs^Jp5lm#Gk);(CCbNO4kE6%c1J*g~ zGmOFm%+rYOmgB(cv!*3hr>EJHOIom7z%gP;K(OFJ16{1{al-`+%JRI|&AGt9R8gsI z(A}n}VVFRe)+PX|^%Zlv{xDjtPiTACgR}_QaIpOkqc5t zeJ~q$b5YL z-O{o_-&dF;QO9_`SV1e}r-o{QanKY~H$>4bW^=4PhsVc0lh{)IG6m&N2%PM05VId2 zk-0H2A!(5`pV2=M?r{ups3e3Z4KDSB1y!Rah=5w3OOis-eVlwq(faXXnRTLEYYqzQ zYbpa-uoOJ3H=!|bFYKpgCwq#<&p@Ho-;K>TQ2(aav#)?zNzZ2U}w5 zI=)HjhaT`HRYnj$-*AVp2NjCHKnETCJpJ0;$j7$wJ1l5RtY$!zhqRiGF=d>1j9GdI ze^GM9N-wq;R}8m}Zc)c*K3&p}n4oJ-kS|X->|w1~m4Jwa7cORWjs_)`APmoFQcN}K z7+n%-EO6*HkHOlX`c%EBb@bPl%?7P2gV({VX8r>p#X zCxf%^;gJ^yQPMuOgD@Oanj2dw2sqKvRh8Z>B)P36-RVC5=70{Vf zu%c_n^BL`3j0U^50;y{&NYx{BODYD@wG}vZZ3V3u?GH0*z^QAuGuj(w)PPghZf8`L zMAue8XHvnuQM6W=2+^(8&zT8bY##ou)el_I2SDrnSI z0c$Re$|pVzJUBJrQuwM8_b)1#HKhX8vQ+(_B&nbwM+GdnbT`-<(!^8<#%s7t9EXbv zz8b&*o_%;o*eHD2Qw<-Da0RoTsz6SUX)G z#HMAqAmSOK$A-(%;6XJU-Qk?H`}!Er>@I?^+dKjhp?FNd1+EI^fS|ZGfdzxHDRscX zSRWLgs6qC6kZqOcdd<@;`#E+&ik;9y_uhW{>0S5nvzY<6R<`%DJ zP;Lt~9@uu&1@)LPdWw zTR)7Ry3G^zHz1;E2_lP9iFCv`(@QsfT8t6%H3l9!u6MGGjLfD~83mR>73J6t9CT2# zcZhr;$c~d8RA-zR`bYGnrNI!^<-w{nPuOjFOvG@heby%5rul)E?J9E^hIqlxC^b!P zN7zZFeL0alu9G&BW##Ofv=3y!VfARKOBS*jO(rIsuU*^`aZ9(HK4ANe0Z~A^Hn(Z3 zNdg~^DzNP6^x`-4DH)r!GZF{;3~3N&&pu7u;$ibSUOe#lGHjsr z4V6ZLkfb0oTV|+JSUCEx(6XE95}c}Vr_Elefx~?ovE><%Ez4RXoxYsT)eQYSd+M@?jUpgM3rU{$ zlO?FeNIWqQ(o}&2$%Ltob=(9FS`A;)6q1Co5FkkUU=bVaFmJ{{!pW2ZXh-KCFBlz0 ztSX{s>KF76juO*!6k7bO5EYPXX12m`xaZ0RO+`8UXZ5@Bd4h4$nNC4pScS{Ov*TFy z3ydE3!uBYRZ%!tf*;eytW3Gm)mFx>QGLsqN=1`N(6XSZcc?rXd!ctQdw}o15i{I+k z=@)DDu{eJ6MNQn$;BK!heWz$6DN^~qm3s~5AF~Q$cQw0v6j6o6dJS--u0EyP5^@+Q z`W@Y*XmwL!W=qSJR4;v2pi%A*72cTOqfbW|# z6V-pv(2bVp3|bOcEKQeiO6p&$@d}TsQ^;cH6`LQ1Pv_e!kNkj*J5z+GULfV@d5;_qmJ@GJ9oLI<8c>2?=R0kU1&)KDICy8 zrjyx`3VTV2&T7mf7XT4#yhkRD@fQ&5h66kPc6!kwH3QDX;xnt$LXf%Y+$*5iqCHtK}1pvsSAY?h0?0iw7v@E!=t>=Sd-xk{y@^XkuZBS3b@8+yB?ytl%f%JW8ys zl&LoO*;1_56W1LTj_(&bRTGW1#FnjMDAj$>$OD@|Wv#C`FgPFlj1ezph>pLD-=Nuq zlG;Hz9I`cX!!#QTMD!apL-C42=mA|}y?h6Rb^9LivAdaKEk!+Qko;9YmaCjeP*%A* z!j=o3vwvEG`Zy32>V9bY0<-u20WJq&id@)HG8Xp9!c00)x7yTP)))rbrCN#5RbbQ_ zD}xrAm)Ay<(yJ!>n5?w?(o3&I%2NT;f>6jeLf&eR1Bb!9o@kPzZi%yHQ}X@dH%$9;8NWk4 zh{g{eJWGSP`>ws6r>P&XAK39Qb`7j)wm;E6?ds&}>h%1~wAX)hhgWBN-E6(X{KYx` zcoPsL{D2U_l>J#v?Gz|SQO!&WL^X)4JJ_j5S)NQ}7DWr0$)n{fnW{ulVu+fNs5RvK zbb5AuurE>bU&1&)x<)$6)%E4+*?X1$HxPdLDgEhG|4j}7F1WEqd1ha1V=4o9b$xz$ zVypJVoc`_$SLzkl1q778NP{f)ZJO2;FO(4Cj^6cemnVnEOdCc1Clf{3Sq*_)HrWG& z#SrowLZK+m(j}%L!;!piOl;vPhQn9=2mnO%IB{{on2lj(fStkVO7^i_z`=c<7O9FY zoRaqO~5TOn%NTcIv*`qr=oPuAwAB^nsa61~a#)kRsXL z24+5D14QTUV!4LB^Q!+ixjcRMS9fuEdH4~st-H}?eILWr5VP2K69XkvQ~IihC>yAD zF&&toG(hG0v_%>?(*rcoAK_xe@7$qz&Pll~A-3V9u5hodUz8kB6;-{YAS!LU`LPYH zjWm@XirF0maAhDLQI!osD!O>`w;K!IDxIOVFf+HMfuaw9=L-Z@ve?W-@{C?OHTe4r zho{rjvOjG*9;jqgXv;QIw|4C2XgMOu*Ic=s7WQno3Cb8QVj^XcnyJQ zag;!0y&hSq>Ls1IjvkiH9O+q`&x+Hg};EyVBN{t z`_nT-9Te}eu4mxHKsLfQV+-AsgLJS`GoMpFzm z4R!EB&oz~@2KDC}_!N)lWux_GIX#SEmv^AWh*TLQvtJ}QQUdNEnTi>-1`GcEoS&d%hrkux6(W8w`2?RqC%#2@x+%#GW|Gv3_9HE#4^qdCJ`Ic zkE1WSoCN1_`KtJ#8hfn&&<6LTVogNOzlHyd&95KUpzsKja&|kzW!YGZT#4xhdVz(( z8(rR3&Kj?j-hK*q=AAYVp(MKcpfW|ZZE}#{i2LxP!;29OOyLpBhhZqpFP;^+#yPhy zs7px3xwLyqM~4|?dRjsflF6aUq|7DnT1%__&hc-G1-L?A>T=KpmY=+CyWZIWd^)@j z&1=A{|7?R>bi9TIrqPSkC#E~D%Yq&-DWXmhU@RfUj(ZDWMqMS1L%JJeeZaQzj+#1M zGKq+D5m0WFnyrN6Sc;^hiP&mmYr;bSKn&+Yp*7i{7P5oz(GxaS5V1iY zFTXym;U+607Yva247)3kHI2Ww<5(asb9i)@TAgBzE}40AN`BT%_F;+M@*T!9ha1iw zGfC`+d=#0fTsWOf;YbC>Y%(3?U(4}N-MzLllb?-ZIYy>-AoIshIH-!>BhxOr%XlpR5FbBZVXVjl>MoTzEsv5iSaH0%X;PdDim?)KKXC3 zAD93GB@mMp50s!wwv=GNwv_y*m6*@Miw=V+lqyCH%2S$cIj8CrSt2<)SU5Cc(uRVd zIpR{qAZL%bT*M^%Jas zK6)WMi@`JzL6B0KD>YiJm?wW;8fi!GB&nFO3 zvd3d8AiJ;Jzyxw{1Jh$6KtnEAk5odbh#OWO&?8qNHAe-UYz@qQrc(B;9k#M(eHg8| zn;S&@tnA{`TV&`MX=?Zb0}6DmlD0w3_+8nIheGVi?BIx!wZF;BD$6+SZ#v+#Fv$1F zjBn?7&m|NdGx+HG!})t0!Sc{FPjIr2)3~&~b6- zH^H+svBPK;8QIt>4ED|^AI-AB2PXLCN}7U#S5s2+W1FoaYghgq;`ApraSHzYDLXc@ zmjFWk7DkhpGSmY}eOPSen%-qeBtZp9TCE9ST4X+a5OQS3-LIc+5itVB9^mrgHznBqZ& zEk}b(DJ%9wvhIHte%y?3eGZXXf|2<@cA?4S5w`jwo^J}dBSXL+7BNzstp%s1?Q(Do zX8aRps)LQL6oZKgtiyh!?EgIeIo+OTY3q%<15g;xx8h%LPmIEIEy>YV@2a56-6uD` zUPDV|#5_Q;xOuKV!-_auk+$WJ>hZOu)U0%6G3z;9P}48Ji4)$THz#IeVTP!|uF^n? zjVTW}vFGN)J5DN12iM}6A=PH_)i|YyarCoQ3obba=nF2bM!viUo=`?MoLEkisVSWEv z4;+-dDFgb{jzC@gnJJWZ@BA?y>2NMv-O$FYG>S*ZVvw8CfHg(vaK|A5@(nXG2cQb2 zQ#kj6v}1^Q2RMRrEw;}NY`DyEN+e=qm)*VIqRx09Dj#sd>F4>Qv#UmeoWeoTl{M=( zHcOGz>drz)%i;UiW`_UP?+Hc)LuK1&D8M%SnmaLTh_8lev?(9!aXE2p(&QYr8%-jI z-SBycx0`s!TrFrM^nfqrkR-*s{$64wn(fg!H5)Avj-f+Bv9s2S;E#6!C?y=8H=>10|dOb zfV(`kv0%#v3s?=0y`FHujTky9( zu)H}or>>yF@%yu(eG@`joXoERwzwHot~d%^21eolcU9Se*e*-#m;zNAx)^RufHFytWz zrt1^Vm8Vp?JsywE5Nb^&*va5QgA%|x{r45FrhGWzDTxttm#S+tB7b{$b$X;ii;`BA zdz3VJ=ZUoJ-q#L|PzI&8FnO^RZor%)e(r?KH?#wtb8-IR^yn`f%O2WFXq&%296Dp` z*dUckXR8(7CEZpYF@a*IX~R~!01QoSWnhIdqNyc=_;rBVIz~-Km++jOt;e6p3wVIo zx;{q67|!6!{Jt_;Rq!ZBCA_%tdcMHR8Avel zXbKFLs2+RI&~6pRj@y@b1I|{@`!*^SSZwFhyV3Y--XgIV`dFoN*Dnog9GQrHj4EU_ zP@Fd>z8&$cSc{6+u_C)2v1&|f_)FVb223lW*7!whXA5ruUm>ukO&k>V7n>>$Ti?7= ziF$>cdqiL2Xx3!~4urHg@tf`u?;SanT)H5D9Y-#RZ_~NG_KjPP!YLHPyk6@&&&V2v zma5A%u^gJU9*EUrsEjH!1ZR7P;L%ZV51zLoka#NsYusA+Iwd2+$fIt?3`eo$<^P<8 z%9^$o`Yy+ZtwzJZ@agPg3l53#L{cOxMJI&jTc%Yn-bFn_qCg6sCj<&MTnKZ;!qsB4 zjCZLasPd9w;iNDJ76P%m5dMrUH9&D0D5QOl!l#7?>8N+Sf9gN^{|crsXe(zMhBIIo zg8G+b)rOJ<5B{ciU38M^Gvz1HQde}37%X@FwE{rx)q?Q|rWm=S1)3gr(W$5Bcn;Lz zhL}seR#v_0K7_{`rq&6R^788NB4yp;eW0tubXk!(Ba#x=>Lm|5OR9sJYp8kQ>G3M$ zsp>#-Jd)6=^uMZni)gydYiGw>(9332?8^dnPyTJPL?;z+>!TVun~dJ*k^@!0Dex}X zR+H7>#6=4F zy`dw^C>K39+O=5fh;6!$?P&^y85wOCC9Q^@K%e!&2!kt z;o?evSsUN#&?c=aA#qXSa*B7U{|mThIn-sX!bBuBXK9F%3RvM_0V#aa4iarEBORFz z67>rZD$qMX5L+Mgi&GEr*iytQ-2Ii+Evr%uwzKS&wRE@&$uASe#Z)^j_FJmtL-SVF z6A8t&#*Fc#)Qlk-f03n>Mm1V_xb1!r8rlntJ)f2QCZT;Ls zNqU%tOqJ_U)Nf0xUOiDpP3;|SM>IN1nc;(B!pBhAh4=n-w^F2i^VW$t?uqL#HAG$X{o&RJiFx?qhQO zXfFA^C=6oG17zv3p7rDf!BZvAft=4`!Z4)I=jk-s{aRbR4QT*`H8VberH99jbP4s+ zUwCKiiC=zX8X*$G(VxbN@B-)+n$sA|w*i&>2Jt*TAmHN@_O<$pD{}C(zuBWa)WGSH z0gR2l_@h6kYh0-dDjC?)nX!$y1Er0$uVSdy0gR&l z{tT%Fw*g7noH31RBx~IuQdyO464N%MX=}LEVW;XUTrp}>R->2{TPv~R#_qK;3=}sV zPFt|yymHGqB*Oqo(GN1SO~nb;)K({$4r)~*Evm>i+koo53~VYHDo}6bf`T_=Q1+#_ zrVVvLQ^&SK)l(N1b!ky)s!6b>h5@*kCwS2nIF%jj%LFfF;2PG-5U^H;KHOvoc)>T; zG+z;O4Wbxa8;O%^d>wC~rr{>1r8P^?OnUdlyc@Cr--#wUvz@8A6=F84`cPx*bw3NN zDryJ7qezmmDQQ};wRAgImDrA}ryC`>scE>V$E>B&-Ec&aaQKI$nWokGpr$NRv)iJE z@AhIz^o`TbE?ruXJzeZt?v=L#3N`}{*g+qj8z+Ut7o%^o7)_{ z3C^(b)IzB(rAf8yNUiWTg1KQz!Qf|OdHoiFBXYyAA`?3$d-+=m+AiS1B^xwFPV`M? z-2CGALG(g{RS074e^aQJauT$px|!%MWd#_qdt99Nj(eBjj=i44F!sJZASeU^w~2FTGu^Wc7%fvt%zkz*j5qaTqZ{o(?|) zn08!z?8`3z>fJAu#_sq{_x}9qy8Hc4e3SR;>hS%EK77%K72o={^)Lv82sACUMP0>Tl5s(<$mYPP7)d2bg^-ty?u=zxvvu`=;FDF)&?R z(lHl)`*?VyL`)f=^vi~i^XJ4IKQ3Po+X>RI0^^f^JFx)yd=u9w)(D=C7 z1M8^eR<`a7rY_LUaUGYJ(&2sKdj{D2Qx@6!aM!mQ-Hw*{J`Y-BK9G~v{=z_wbstvy zIA_u9<2cxIdLn{Df7HJtbp6-G2~B#jIY_-TB=64WE6IJ5?q$5SoW$0)#Mgjif)3CA zlC4XUa3b)zO0>m$;NtQfu1_HG%%YWgUH8W9Hs&ARGte`^%-0y{^0K-O`1?9nllRHX zWOIKGcslm;{f2@wwed6kC+~C={!q}Busvk2@H==FY~O#uIrgxs%U%v7La6Dd{SmCz zH>L1?Dt=iIPq;r%y%y!{qwGvvvQ zPeqzw1*eU^Sy4mZG0_|A8r5)&A~Jzm`<{VB>Y|?ebyLl;xd;XL6xMw%*FjTtR)wds!*mFs_A0TZ$AWdutYi6T0U$J@Iqc_!4h9weQYkrtIRm-_8Px z`^(y}&Y%i!ffg30r2HC?kpxO4% zkIYKHJBxKDp(Ada7C46D>!02Zb^+UweaMoA(7rY9f}D(Z#9&t88VU0!z|uZx}tz`wH( zzQT@U1IQ-*lP{8YOf$ZF>8?LqrI7+~Jzq}m*iGsXC*p4-G8X#yrPwJ#22{ea!SlbM zDE!lFV3qUrYJ!hx(4pn+*tQ7u4414n3orQ*El~geI6-rs-*uOt&aO{Co^%&iC!dbb z@#OZ0^CQ#Sle6Ql(%o;P)*-*wn13f@qBTrs4?OtSGx8;q8vFxVg#havLZ9B1-yR^J@J$`sTarLf<<5h>{Lax8v_K z&MuPk*k*z!W8VULXD)bGdp>yznPsCus;lN~zi;WwG z5|{8FpJ&U(Bg6J6$F3M}SK^yRQEcCM>N*OCzu}~&zu{u*Z|8ttT*wr#&CbRG8TAw}t#(7c?)GCdj>WiOlPQJ@)`XSqnxq|O_%Y3Zw@oF~` z^|*-%MOSI+*zD31`S*_sS~r97o|Y@w zJ4CuJPP}u`lnEYBiCELk9YcbWDk&vH%fhJnd+_V2d%a7 tK^q#V - -#include "types.h" -#include "util.hpp" - -#include -#include -#include -#include -#include -#include -#include - -class Socket -{ - private: - char lastPath[513] = ""; - char lastHash[2 * MD5LEN + 1] = ""; - std::mutex wsLock; - std::string url; - std::function toLog; - - public: - explicit Socket(std::string url, - std::function toLog); - ~Socket(); - void sendData(data d); -}; - -#endif diff --git a/socket/socket.cpp b/socket/socket.cpp deleted file mode 100644 index 3b0d546..0000000 --- a/socket/socket.cpp +++ /dev/null @@ -1,46 +0,0 @@ -#include "include/socket.h" - -Socket::Socket(std::string url, std::function toLog) - : url(url), toLog(std::move(toLog)) -{ -#ifdef IBM - // WSA INIT - int a = 0; -#endif - // PLATFORM AGNOSTIC -} - -Socket::~Socket() -{ - // PLATFORM AGNOSTIC -#ifdef IBM - // WSA DEINIT - int a = 0; -#endif -} - -void Socket::sendData(data d) -{ - if (strcmp(d.path, lastPath) != 0) { - strcpy(lastPath, d.path); - if (util::generateMD5(d.path, lastHash, toLog)) { - strcpy(lastHash, "NOT SET"); - } - } - - nlohmann::json json = { - {"altitude", d.alt}, - {"vs", d.vs}, - {"ias", d.ias}, - {"magHdg", d.magHeading}, - {"truHdg", d.truHdg}, - {"totFuel", d.totFuelKg}, - {"fuelFlow", d.ff}, - {"hash", lastHash}, - }; - - { - std::lock_guard lock(wsLock); - // SEND - } -} diff --git a/socket/include/types.h b/websocket/include/types.h similarity index 100% rename from socket/include/types.h rename to websocket/include/types.h diff --git a/websocket/include/websocket.h b/websocket/include/websocket.h new file mode 100644 index 0000000..5c95d11 --- /dev/null +++ b/websocket/include/websocket.h @@ -0,0 +1,42 @@ +#ifndef GERMANAIRLINESVA_GACONNECTOR_WEBSOCKET_H +#define GERMANAIRLINESVA_GACONNECTOR_WEBSOCKET_H + +#define BUFSIZE 1024 +#define MD5LEN 16 + +#include +#include + +#include + +#include "types.h" +#include "util.hpp" + +#include +#include +#include +#include +#include +#include + +class Websocket +{ + private: + char lastPath[513] = ""; + char lastHash[2 * MD5LEN + 1] = ""; + ix::WebSocket *webSocket = nullptr; + std::mutex wsLock; + std::string host; + std::string user; + std::function toLog; + + public: + explicit Websocket(std::string host, + std::string user, + std::function toLog); + ~Websocket(); + void onClientMessageCallback(const ix::WebSocketMessagePtr &msg); + void sendData(data d); +}; + +#endif \ No newline at end of file diff --git a/websocket/websocket.cpp b/websocket/websocket.cpp new file mode 100644 index 0000000..8d2f9d1 --- /dev/null +++ b/websocket/websocket.cpp @@ -0,0 +1,104 @@ +#include "include/websocket.h" + +Websocket::Websocket(std::string host, + std::string user, + std::function toLog) + : host(host), user(user), toLog(std::move(toLog)) +{ +#ifdef IBM + // Required on Windows + ix::initNetSystem(); +#endif + + webSocket = new ix::WebSocket(); + webSocket->enableAutomaticReconnection(); + webSocket->setUrl(host); + webSocket->setOnMessageCallback([this](const ix::WebSocketMessagePtr &msg) { + this->onClientMessageCallback(msg); + }); + webSocket->start(); +} + +Websocket::~Websocket() +{ + webSocket->stop(); + toLog("WebSocket stopped"); +#ifdef IBM + // Required on Windows + ix::uninitNetSystem(); +#endif +} + +void Websocket::onClientMessageCallback(const ix::WebSocketMessagePtr &msg) +{ + if (msg->type == ix::WebSocketMessageType::Open) { + std::stringstream debug_msg; + + debug_msg << "New connection" << std::endl; + debug_msg << "Uri: " << msg->openInfo.uri << std::endl; + debug_msg << "Headers:" << std::endl; + for (const auto &it : msg->openInfo.headers) { + debug_msg << it.first << ": " << it.second << std::endl; + } + + toLog(debug_msg.str()); + + webSocket->send("LOGIN:" + user); + toLog("Connecting as " + user); + } else if (msg->type == ix::WebSocketMessageType::Close) { + std::stringstream debug_msg; + + debug_msg << "Connection closed" << std::endl; + debug_msg << "Code: " << msg->closeInfo.code << std::endl; + debug_msg << "Reason: " << msg->closeInfo.reason << std::endl; + debug_msg << "Remote: " << msg->closeInfo.remote << std::endl; + + toLog(debug_msg.str()); + } else if (msg->type == ix::WebSocketMessageType::Error) { + std::stringstream debug_msg; + + debug_msg << "Connection error" << std::endl; + debug_msg << "Decompression: " << msg->errorInfo.decompressionError + << std::endl; + debug_msg << "HTTP status: " << msg->errorInfo.http_status << std::endl; + debug_msg << "Reason: " << msg->errorInfo.reason << std::endl; + debug_msg << "Retries: " << msg->errorInfo.retries << std::endl; + debug_msg << "Wait time: " << msg->errorInfo.wait_time << std::endl; + + toLog(debug_msg.str()); + } else if (msg->type == ix::WebSocketMessageType::Message) { + if (!msg->str.empty()) { + toLog(msg->str); + } + } +} + +void Websocket::sendData(data d) +{ + if (strcmp(d.path, lastPath) != 0) { + strcpy(lastPath, d.path); + if (util::generateMD5(d.path, lastHash, toLog)) { + strcpy(lastHash, "NOT SET"); + } + } + + nlohmann::json json = { + {"altitude", d.alt}, + {"vs", d.vs}, + {"ias", d.ias}, + {"magHdg", d.magHeading}, + {"truHdg", d.truHdg}, + {"totFuel", d.totFuelKg}, + {"fuelFlow", d.ff}, + {"hash", lastHash}, + }; + + { + std::lock_guard lock(wsLock); + if (webSocket != nullptr) { + std::ostringstream msg; + msg << "SEND:" << user << ":" << json.dump(); + webSocket->send(msg.str(), false); + } + } +} \ No newline at end of file diff --git a/xplugin/CMakeLists.txt b/xplugin/CMakeLists.txt index 4703661..4b461e1 100644 --- a/xplugin/CMakeLists.txt +++ b/xplugin/CMakeLists.txt @@ -1,4 +1,4 @@ -file(GLOB socket CONFIGURE_DEPENDS ${CMAKE_SOURCE_DIR}/socket/*.cpp) +file(GLOB socket CONFIGURE_DEPENDS ${CMAKE_SOURCE_DIR}/websocket/*.cpp) file(GLOB file CONFIGURE_DEPENDS ${CMAKE_SOURCE_DIR}/file/*.cpp) add_library(germanairlinesva_xplugin SHARED @@ -8,8 +8,9 @@ add_library(germanairlinesva_xplugin SHARED ) target_include_directories(germanairlinesva_xplugin PRIVATE + ${CMAKE_SOURCE_DIR}/ixwebsocket/include ${CMAKE_SOURCE_DIR}/makerwysxp/include - ${CMAKE_SOURCE_DIR}/socket/include + ${CMAKE_SOURCE_DIR}/websocket/include ${CMAKE_SOURCE_DIR}/utilities/include ${CMAKE_SOURCE_DIR}/nlohmann/include ${CMAKE_SOURCE_DIR}/XPSDK/CHeaders @@ -66,7 +67,6 @@ if(APPLE) ) target_link_libraries(germanairlinesva_xplugin PRIVATE ${CMAKE_SOURCE_DIR}/XPSDK/Libraries/Mac/XPLM.framework/XPLM - "-framework Security" ) elseif(UNIX) message("Building for Linux ${BIT} into ${PROJECT_BINARY_DIR}/Plugin/${PLUGIN_NAME}/${BIT}") @@ -92,7 +92,6 @@ elseif(UNIX) ) endif() target_link_libraries(germanairlinesva_xplugin PRIVATE - crypto pthread ) elseif(WIN32) @@ -119,7 +118,6 @@ elseif(WIN32) -static-libstdc++ ) target_link_libraries(germanairlinesva_xplugin PRIVATE - ws2_32.lib ) if(BIT STREQUAL "32") target_link_libraries(germanairlinesva_xplugin PRIVATE @@ -137,4 +135,5 @@ endif() target_link_libraries(germanairlinesva_xplugin PRIVATE makerwysxp + ixwebsocket ) diff --git a/xplugin/include/main.h b/xplugin/include/main.h index 462fc62..820e824 100644 --- a/xplugin/include/main.h +++ b/xplugin/include/main.h @@ -5,7 +5,7 @@ #include "makeRwysXP.h" #include "recordingPath.hpp" #include "simulatorDatabase.hpp" -#include "socket.h" +#include "websocket.h" #include "XPLM/XPLMDataAccess.h" #include "XPLM/XPLMGraphics.h" diff --git a/xplugin/main.cpp b/xplugin/main.cpp index 9fabc9a..f47652a 100644 --- a/xplugin/main.cpp +++ b/xplugin/main.cpp @@ -12,7 +12,7 @@ std::atomic wantsExit; std::map configuration; -Socket *connector; +Websocket *connector; /* Datarefs */ XPLMDataRef pauseIndicator; @@ -107,20 +107,20 @@ PLUGIN_API int XPluginStart(char *outName, char *outSig, char *outDesc) roll = XPLMFindDataRef("sim/flightmodel/position/phi"); // FLOAT quaternion = XPLMFindDataRef("sim/flightmodel/position/q"); // FLOAT[4] - // Initialize connector + configuration = + config::readConfig("Resources/plugins/GAConnector/config.cfg"); + toLog("Config loaded"); + try { - connector = - new Socket("https://wsecho.hofmannnet.myhome-server.de/client", toLog); + connector = new Websocket("wss://ws.hofmannnet.myhome-server.de:8000", + configuration["user"], + toLog); } catch (const std::invalid_argument &e) { toLog(e.what()); return 0; } toLog("WebSocket started"); - configuration = - config::readConfig("Resources/plugins/GAConnector/config.cfg"); - toLog("Config loaded"); - char hash[2 * MD5LEN + 1] = ""; if (util::generateMD5("Custom Scenery/scenery_packs.ini", hash, toLog) == 0) { std::map, std::vector>> @@ -238,7 +238,7 @@ void serverWorker() connector->sendData(copy); - std::this_thread::sleep_for(std::chrono::milliseconds(50)); + std::this_thread::sleep_for(std::chrono::milliseconds(250)); } }

    H}N%PK5qDhCt(>n>gvmARIm+fJ;7g z#O@9a*&V$i2pzKny0!^|cD0wV3!Cp?U*D-PyY3#`SZz9MxnLJeZR?MP4MWLJ7lUoT zdcoGG&6qS`FUq4=@yR#3;qLttSi^g3@NV>X_BLT8bdZHYhp0z5&$%M>XwX`onj2wTTE;9T1(Fz8HU*1B_V7t5cj^hyzjqVH zxj%y)y>{{uS-WBX2y519wK;tIzK7Yid;||y(${@o#ew7e8LXe=6%_6p#NDcO1)EP- z@m~5OSlhY|1dMD8ovgdFC(^?Zdv6)GOznV|vJS$dy7Q6ed}fb!Jc4?IR`Z<3elRH5 zmmPRF3=f#Lg9hw8nCx7IU&t=G@@Ze@$`0TS)mk=vjtee-UkFv!jD-BD!xvf9lFgw^?94he!Ci>33XQ-=2+J)(!_X@Ws$qi(t~B zG#oNvGgivK#sBGl6@N(DL4W=8pkHGjx*Thabu6pEnCV?{K$?u5@RzPEw|Vfq zS4;N5ehW;nwZ%88X0XwML*=>D4mtT2J-%4Nn~^dAcKZpUz4rzktwQnN05Q0prK5faHD=U^jg#EZnjT`!xOwJQp>E zhVlfwH7OMDoT<)tGadjZkdDaRIada@J77TlVQTdN3g2KLAVlffPb76 z1N|1M*qP8Qh^x>GXQph!q#Nfza(*AYUSrG;yloG!(kyt`@NnGl_X*y#xB!l2I$-$5 zp>Xt2eU?2H+VbRi9Z^v#IMQy*og6|u$3QY(w6}kxBVIW zUTZIm`PPs3*q;GDd)mYHjDrx-d=ihX{SfZHaAuXmI|EeBh6yHBz{sg3ng>mT?e*F~ zkF`Uw=wUI+yw>6HB&6%=GnC3a*{wSV;6{BPv>v$~j)Y!=#5YZ_(cz8U?%-nR*0(B* z&(4MPyf8HB)&wss?GB#K)MrUN##PpHVevmFA+ov!v@N}fFUG&bf!k*=xoKaRZWYJh zytBhax8AbQ4bAXdPdTf#y*;+(E#Tg>QLxS~gF#!ox6RgFOUBA7M4REAT+SHSBT8YwWnUIcz@N7h{ZGu(N5i(AU8j zV>d-(9|J3_^>GMxcCG;J?|jDe#pn2}YddjN>oKfxsVPRr*J90jy~B2$7GQI43D&8x z9In>r1yf#khBd*5VMg29d{y#SJhVLi5?zzeta{3Of6@#ZwfaH|ivkqzMfwVAN1`B?U1&>6V3^$sRHsfODZ z_v4-yKBIldOw^zB6fN%#;V>##j&lmJ<_6B=g%fbAZsnF260(ezf0A6D~;8NEmd`4y! z@QmNWAKJFTU2v1t&3FgJKTOzuKSPMC+t851Z?XYfR9GR!S0YB z*gT~!UvsBBHexl=dd)gq6TXqRo7D-Aud{%d(vEQ2RRwI91!5G##*6BsfBXiB+r9xB zMcd(R(@VJK#WdcSrP6sg2|K&5z$v|l;f*(aa8~^hy!x~?@cm{Jp4lk|BOm$mz8hP@ zO1))*kwGS_FG+qgd5rMR@MqH2hYqg!!$f!^u{8 z$j5d<#nuw6edjF1MI_<)C*R=li~Fej=PKX1<0|g6Tg!_=6Jc`b27GXD3#>J9VAoz= z#2*H=c&F?vcz)E02Yl^^?QeEv+qdt+Y*j}{x6gwP8?PcT+ae)c}xVc!$` z6mGi4=Z~*_7V(wSzQO$GPaxCE2Dhyl3PT(VV9aAZ?o#gq#60?l z+XkJ(9*a6LRed>>cK(OII?@preKUclI}Pw|qc@QHC>{Ivp2qpmzTo}#Gf(NA0hO-L z#vM(6z>~i|Gmnffc)n{3W>~=p7lo{YTLoKj!f|@d%N2kl+hW+X2@zyp|G@SR*bFZh zJHiafaBRCFh}|+JyHSCJU0=_kiS#^Av!KzjA^UOv{i$HHV<_J{ybsyma^OqX6Hv1_ z4W2;(wrN-gMuyME1@7)_`n|8PX!tdZ8@&*p)Gc5W@1Caftp^onUc_#V4nvaPSnRJq z9u{stgd?UK6gOXmkq`NlDXU=v@Qg>#`7P^aZ`R(N$F&)I=41f9;lC> z$3DVgHW~1+Sv6k2fdUpD+=m|LE5pgmlW@=R3vArnpY4Nebh%`~mIlxmsq;7fJtz)U z#(~_i@jnpu{tWw+H3T-({HN1aXYollYu2buW%wEO6c+X~#n12O@PdscSTbNR&tCru z7Sr=;!He@)vr;M3^UTEU6+5um`_4dAS`v=^{sqi$tjG4l$K#iXBe3NDLYR5FE-Y!& z1Q+xxVWahXW3cBHww~HShZiQJv85$UKG~182n&T0*nsm6kA?{`S>W??GxQmM9OhJQ z0Yx2K@TUi#V8gwqVBYt!=sIpN&tTcG(P2G5%je;D={PvV$6(Ly?O~^-GxG5gSd-rn zCj6MgmCd{1k_p}6()u^p-)=XKw^<21K7qC9atn4ny~|$qKZcec?AiI*7qDTfEv8KW z2^{W0yXV2Y3m^Dw*+h_XfFB1&Lzv+hw65=k*BjhnHZ_7^gUe~IfA1~o z1>EGjS44wz(g`@2JP4nBxs78|bK(59eQe!IFZerVE`L3#GrV{@h(%M~?ow2Tu_yX4 zAZt6Gc=H%}=?ysanm#`MJ%pXEQvvn`UxZ6EZ_wqglHvV2xYPbRzB|_k*Iy06)?@EN z)5LSwZhuE;xwjgR+e>!&qt7w1zZF>AHH2o*IAB5mq?+Btt<`P#@mwo>Q)Lcr&ZYTg z#m)J+8wn6}Jcb$O)r38_%<$R#=P>QnD41n*7AyMg;dA$%$4aq#(c#7e=)C#@Y=1Ei zY9u&9ZmtoUP5cH69*u>IaGOICAhnhkL6w0+=wBntwq0J?1K2puEOVzqzHvh-6m z$aZ&umptr-{c9OxKyC?M%pHgQ&3Zwh%`$Mzy$bMt2Mjpy1(wGqgY`rj2iZO!?sR0> ztL<~B9-_nt!&b4Ihc@8yWlf>g=2h^#B$5rQY6Ol(Rj_&WH+ZYgb3St8JTQ4a0OlDf zVQuJi_IO+)xM%hOxrI4M+rDOl$e!9}{1NDzK=!A+e6a7a3lF6~<2C<@#Z`A>xcA$W zSZdW8=T8j61C~ilfAuo7NGOHstqI z{;-#oV=3ER*b@{3NiY& zJrcH4Hi2JSz&{*wqLbmbxtwecOJv-JE`jb{~Kfo79ThVyO z3-q;56W=NaA@oHp5^sFugPPk*u}l1}Q^o?%1nX%yMT(doxmFvKf}-1o}}I=wzO zP}WCXCa11$W%{XJhWJH)NvFJ>_9;k{#NK0) zla!L+!SvkjgSbr{VdZ_ZJeMC?HM&U>EYebg6q;WsJY1yi^?7Nc{ z&G>tS*^d;M?OFxe_4)<&`P{=2X+5OZnSOb;vszP2}j$^^Fg)#26H zeZ7^^2L$8#+52pMcMxLM-(k)Rd$9AF4$Mme@kXtYg)}@y?UO#39UpRq z7JlX%HGCPu3Q{Ggb*?7s-HPYByX>ZMg! z95xC&8CvV8FRz3{o!O_l-A zsq<7h6??9ub29O?^}jhZMlBsDmL8_;75n%(xx-Z15JQtL#F51|UAmbsisX&!*}S#6 z)H}@!J4N0=Gi)YXG&_s(-->Vvi{o_srZ|@Wx(_cYe^f54gpJ83+O(k?C(GSoR6Co* zdQ4DQbBpS}3}b5!WI<2m0Bt>|KmkLOc=yk9q&xRCnUw|7h~V9*^!biU-G4A3@HiSz zE@Z-yEIhkYP)p86sF4L*mpz1LY1#-Lemv$2`-Mtg5{FbThd7}D{K zJzS!W!ZVxs!(Tx-B`3#MI#`l-Ukq!TC+PTLuW;mP4~{S1#iE)Q(9d_f1$KBW76+_g z|I)@{+EFpK>G>1<^Zm*0mrf^@LI*nQe3wezn(~ZDed=v^%3b_cV6}@qKYV*Ax%e%h z55*1G(pyREC7O}FrkvWpB+_>AN!YtW3V};oXf3}(cfWhEIg5{=nBlR=K!jjbDUXc+^5E^^de-p(}hzH*6|f6k1}0WN#^ZV+h~Vw zJ{vR8K;W|GQsU9=n6hUUPqh=~;wo8M9=ni&Jq&r|witYWevxFWVsPBNj(^qu2)l^K zWah1b$trJ{MEFWObBTXp0>?DhNr-#@LLs`W=M~u4ehb?Ox=!5gOny!anfm7okoxk8fB3u_5;OhS zsYBQ4kDwz(YTre;!+44;xkLR*%joPnABriuPXiA1Vy)bMlCV5OsdKy8{-`FD{VZVn z^Kxj;!X6sc(oFt>hb7J@qWk7yxSm#^bpK8sGJFb>;uEO!Jq2Y<0x7ACc>nA*FNI`*qmd-O5-*s+bmqa3L^-j{c(1yhSs zFQ0LDEZy^IM9ritDC?_d!FoqvvRIVc&e=s$C)D{9$k6YR1#Ibj7m|EwhdD~ZycD~L zEjBksk>)bqzSN)OKiATyU>i*MTny0%!SDoi5F<}wS zo%I=>b4(z5{VUaqJi+YC&4A4|E-|B#TgsT=*8;)~3+K_rVw}av16<6QFZxHUbV^(_;M z?{biPza9TFF5^E984At3!*hjwzH-eCj2-fX!mC}dNzm<0{gyD9$@hs3apDt7#i-%i zAkv&rK_`ZO;LGNx(DE$LD_n#a247^3P zofUL=@+=-ZZ91idc`&sr?(n_QN~>N;Kx9lIo8DSY>l9xzHS3)ylAFL&zyC*Pr|xIp z|BIkaiubT|-Bn>Gm*+?J8=(Dy0_HtWq^B}oP#f`*bHE#=p6JoX(8*RG;+qP!(yW}8UJ;}ml;KP zT=NnYk}2eL)Q+h%E+9Va1)Lr%g3psaZn|wAHQ#y2?izZaEIkRccix8I+9V1~&_K+v zfrzTxgs@--uG=ylwln6#HSs$|8*mZ}5$2ceCj3`iFfF~cgx~Zl#0b49RIp(NBJ6G= znhFuYcj3#XEAX%RO(Uf~)1f7M`QtI7Q2+Rn)T)fA1&Ko5M3g=XIiifuU9iGk8IkB z(>q3UfBB=hA*qeX=L@Mc?KzeCex+#{5{T5bh1P;toYFZ9Ro4joIC}x*>n8HY!z;+i z(S}D$M$wm?4|J+^rZ6Xu=F8+KLVU3eAE#AFH}(Fo?4cc$y!jl~m>okv?Hl$WEkN** z9Z1bX2Q>|S*(hB3D5^qA<5k0JL$qg!+ECN%v)A%o5 ziq&f^f#2-2{OG_$TAG`wIr*Y&I{bCNo98ke{<8D>@}7!uedgn zSe%Vni-bAAE)QQ`-h|4a)5vhDLRW4$jh}lS^?T&_gw3x=x+fBWO@qik@GD!b??~Sd zPsSiOJu-9^X0BZ_bavEQo*&q9=n!rATFU*J-d!;=Ph(&{x;q#AP*a!-A^`NeG7B$>yChZm4tdo+f% zE~E8fKFA1sO*%)OQv8 z!)>pdWMq;ancpA^THQQ-~O%Ff$Qw>iyC?Y}Gj}8@GWSOhB;#%4i{+6Y~ zbFLH}ug@p9NG-m-=MqWZGeP9)pSWO}K%|+5@lor^z*ds1hq!S^uL$(6ZbZLW2)*8K z%@w>`Y2%y)Ohz-A?uF_Kj8s0o{-eva-FnD(v>8tpsi*CWFhL3`t07s6~=Yp>$Cs(52;3~sY&E%7eCUwSqbdft1EEboxmjQbK$MCitb&C zrt+p`d`9AZ+&@2;e@xFt!s%<&I{OI?IVs8P5*I`AV=}!jkffvIXTsUg3p%YE_%yR? zv@A~-xf?DD8i*{lc_q@9)K7@<+=DC8olI`hRq}V-#Z#qMk<`Tx{DQ_Hl6H^BvQ7VR z&Fv?N75btdKZTvDfW+w+3}uxd1heMZSc+oS@<|5gKH(IVXX+T z>*GT_7*o$BH*CbRafMt)DgwWJId&8~L9|qYeVBcob_7pl4r=*`m|MW_FC2y)D$T5D zumtWL)8`-S)8VJr#Ol6fVamfQ-j&-+dE%z*@J2?Tj$I?s+CnTjXiO<@ZEzvAkS#e& zWUyrx%h(h{Zx5}+M;$l1Fygx^yLcKaeyRYXqGB=Diw+|9=|yOBb)W@$Gs)}T2&USxhoadBTugdEe@7f)Iy3#D|Dg{n)$ft! zrbB2l&ByV8gKYH3T&OM-o_F{Z%IqD+6;6$(c7vPP?Y5A9E=BdFkVcTKz%wnU@PZxuT-+f1I8#ao&Ie;dbO9e? zkV5}1C82%IJjgAY59L~0YP&ler6m<4J++5VFm9qC*YPZCH<6e39(Hu_Kb#GSXWN#Z zB6Fp$`0=$KC9eZ`f}b;Te7}*ZYZEOQs)eJ+4^hVFCH(ru2h{lKEAM=7NcSXsn0bO0 zdHRi_gstnK*6ze(gWixkQux%TuPId7g!QKS(*=iE$ZEVtq)aHyj7Y+?gLmoa>K1qh zRN!h*BVPLyQp-;T>emGpp~r+ zw`KECI5Gec0_XT?bTm%LWaDq_OZu)_29tB0Y_m~0ZC#T|n?o}YeY}l5%0EuKO#NB( zz*BS~QWH=2bW^+M3NCFfh5i2DFiqnT&8UdOg`-JyYtRg~*m@ci*R95_dT$C|V$XMf z6}Y9JhCIsMlu|Okqt0~)9(3yCt{G@S=^f0Ta!26*;@Gm4b`(2J4qGbBDE(PIVx~-| zy6Y=xbo+mFqQQ=>daOoXewM86%VF}@TZ93H>BJSq`PuuWbPiompk$g5`JP$VSCMt0 z4%a(Ygy++>$^XYr+`jUIh3pgjF_{f0xF}?iZ5Iex_H43djwW86pVg&9g5(?*U!~e#3rs6mOZ}&B##_g-G_tW{nMTcqZEzD5A8F%D`5hR)spf;dvv6MEVg)6cTrMtWA$2jx{wm4szgT1U zsH=SN-!=4Sn1(^lApizr6+7=l`hR?H3jKFQA=|?V+*z2Pymh z!gH<3lrMNqD+Lzz>V!rM!zOo@-~a-s2X{ZS2-O-jiV$# znbA(E&ky6wlQjH@dcxkgOs96;BtAf-lVo1pNI{i8WskI}Xd1=OFqnrmjslANG3VU|61=mc@cm%Uij>w~@8mGHbhpIfbK zqll{2OlyT2tuKruoAS$K_%a(^n^b6&;tkrj=OfKcnaY~jB8V3Rl1TX!1Zfvjit`$p z{b?2D=m;K7vL8D-JRZ84D)gUWC>@;rh)tQfh8BF&5TM>^=&=C#XS>@~>8ji-h1o|6ijG)5jpTbQvNC+SlI`DwjHbR;Vm zt79*~XMG}FEek{0u^61Yun-A*oB6-$3)CS#gKX80P}Wrs3RxS4`92mbM4=t$RhP2w z*Qe6FsI7>bp^vBSL43XD3yN@<&EG0W!AQi2ZB^WaY4X?T-W+kd^1cRUgBd%H( zHst)gm#BCE~Pk9*oD|VJ%`Jbbnu3Ai=w2paHAE1QZ^=w(;L70h-W{y(_qGXvWTj?H5 z-?W>Ai<<0EGSQQbe=6+39Vy&q=V@{YRi)P9cc9^sNUL};G9?m7w>2Cpi*tC3e+~WG zkiw1ChEiLQ>6dA<|@VfB@=5EStMz;h;trhmLbTR7m*-K-Zb*buSI0o+4!daZq9o0IY-G1`6XIep5GWo}Pxut2AU2BmC6 zOhF>qPq~lqV@m9UQy#Gt3yeCOPWc6W+-}V=Ay@MYUu=#bH}EOmp1(??yyJL?z-O$F z6XuM{=?G`eeAk{;s66P(wvL!XPb9Z6!?||YaY)cF(_3iM{!q3(KAWzu`p$|@W#EdC zDQdZ`fuH>nNZ7@p+5Dy<$!@n0)w`P^-AP|d}fd!KM) zd>@%yUXMLWx5#{TH8Zz3C2;gr?D~dh=(hdMGQ4*pIVX>f+}TT(+y;R^S71{28JtYm zD$JE5c}u821;V% z;eVk46JkEFt?kzIf$cEh1Jt^=&IPG#@7yL8qFP`h%uE zT1qRg2wJm)BedS8vecG;P;i%lwS@}F7g;i^{%9)JGNRK%SCgsOb@uPsDw1(CM*z#G zVTW{?rNmkE*XFSi%QI=+mGyj~(@dz!J>c>$N04+w1^*+kJWfL9KjxVdqJH^8dG1O) zUw4?#)c;Eh!hi8F6>V%Br%977k3igR}-pO_UWS`@-n#l;cx zcmOwBK7(dm&fzmX220B*p2#sf`3@u{5xC$@A6CNfPZ+7YtCO{iDRn9C=2x7}G3Lo&c2HN5`j<}N`rof2Ug`~B zbUlRT9~>yON43z-%hTx0+9A-F7d+Xt5UjC%2nx?b__F(a`|5*ex!A&jEZa~f{+(Ue zsfgRo@96fGk(B2q%A^+g3A5*IB>DLv^nn>)_R|$(Jcgm}-CU%oe}kuqD<(?s#@(Mz zRA+ex%WM8%OPU=Eh=`yc$A+`I5(O&TEzhMl=i{umYM$+Z1VN7h3 zEk0y!pevOPcy?Ta4%>Z1$b%++a@QevrGMvYA4WlYR66Q+KA=%wCh`9yGpUXrXF*f9 zQRM1URQ&i#^Q(^X_67UtYQ7D6C4WOMN)KXDVq|ji7WQ@)ll=Q?(i3u5p@LT3IC(A1 zRNu1CdQ$Yd#$VWXh410Uc7DX>1a|5v;+C)Ajr}vC4}X-XWW!c=NZ1L#*9~FY)e51b zwL>W3{6QZ|Y}txjMjK0^guf4-A?vQj<=q#M5@qNrQUvn zJf}C)lfRn6%jnLJ@0$(>*QN9(S{5PYRW#$_6)K*gj_unYBF~@(EepM<;lnRhATp4Y z_Rix2V*{b6o6eJtJEN*uf;MG}(c40O3>R5Udv@){pRGfw$$um+k1L=F_Y~Nt6}|8q zHH!ynDdC!U1M`WWf^OXv^wQshf?Wcsre^}$PM;zDOIrl3JCELbUBeWmy}ZcKlqT+f z$BoBc#(g0Jy6o9MaxuHaq>83erS4-U|HF#T)eI+Xt7;50yNiIveeis7migRXg5@V} z)8~low9@!$98^bk&pMY7oN z@)KDFXkhgH33R5ug8lyX2aSdk`HlNQ`0-MMoitG)sT(zX(yyh|>E1#!6+}_zX~qUF z8xG}dk7$UOI?PNYX_0|GE-JcVb%zMPs`jzdV@heSUpX7ce_+s|1F))ngM<-}X#LL> z6qIAeXLekns`nM}NVq_+HhWX*axFX^q(RFwI&nbeBEp2engriyA^%}V|M4Pj9+^Ns zDrb2~#u_AlzC7h+}mudL z3-#frDF5Ug1pRd(2kTnYL_8Osr#DQZmeRh{?-0@5PA6s*aZ@D+?Dt54;t5L}9v_Yl z%QYx*kY+c_W$?T1Ab0Xviz>nI5iXmhv#T@s#`6+*_b`Qav}i+N@-N|B^FaJT6IOCv zjHZn~!Cm&$(=)qZ9Lq~ZSkgCk*J&!<{V+-wFoJCydR;L5{giLAW>KW{>i4hic znX+x0dr0^ALiWR|nk2Lxkz%o$q>j$w3$7O+NADi3TKtMKu9xxa#!7TzY$ZSEpHD*R zHKo4T43+9~*4jOfCMbM`=m8`8>Tk)$tUxsR1|hTD5x@53QF`)A zs@gM$#=9;-LTxsa@EJ|jQ+vTb)#GkbAsx$`L;K5i!sq%rh?e`ZIq5=Pby*-g{(dg9 ztxj>ZOUp^YyBi+&>!2Mxk%DJlAE#J_E2gi^cu!4S?9K)?jGrU-Sg+ED6B8kLj zd;&^Hf4LP)Hr|4w8A4WNR~?qfmQll7XUMh7lUR!${KRfCdBsflynn`2ujG+r>I_O= zP>6Bz@^m1niTYffq1)h#h2AFwe^ZLYr+Dymo-}RiSKf2b z4U1A1($Sx%X;9n-1gwaI?Zz-_oEJtzRj-kWu=no1|C=lpAEBk6`|;}GVu~4O##Dt2 zyJgk?_vaM|nB2-VmYAY1^8yBDDbcq?8*X#Gp9&2v@p=0!avEPjdJjA?^V?8LyZ#%p zJA=`XJ(V6O+4AnqHS}nMJw3H`!uB7-xaI+&pN4J5tndN!eE)u&8vc&NlLZc`PiSZQ zyC2)ng&|wKn8xX*P)+nu{^77HiWs!L+kpuValb}i4teO0)QzZ9FoR3zYgZt<9 zpi<=vDNRY>i4`+oAZw58*F(|m6^teSsng2gYq_bww~HnzvU;~V>X6#R#%NU0;7`MG z^49_yF8GN(cORkpks%sKoF?|)Q=CYjjm3+$Gs(2qc$KNeHmo>?>|-HxQ(_Fl?`cA; zE*^W|c45Wp7P|Q3B-7S!A)~&xZ2Ga`R3$Q|O!P5_Ck{=w@i!2pNg+ z4}ym%&L++Nhs)BQu-P#c-jbCp$EO^1?+@|~+rA^gO%{sDZm|0P5lg=9A$RF6F4iJX zlkN`Y10HqKyI4&=UB?Ki-`&YK=Ky}3eueo5H0VP>88wb#YlzGja?Slh=h+rtdiltWH1h|N*)&zIu;mPf zyA}$aIL-LC>^{5U=1HeTyx6YQr%5`tfLYJ}N1DwtY~ILLnx*g%->U*>fPEP+`tc0f zf^Q$D(nR?+8W8z3oKDQU#n-jIqUKjqNKHc>$-6c}O!Y1Fu8kx2q#p9#ZG}S?I+POn zf-J>B!?62gQ{loT$6TYP`^xliUkLidJ+RHqhWeIYrN^?LASWX5{x{ljsKZ{hO?>XZNL+jQ4HoK(GJ`O!zcbmqnje*Eq{gnhe7VVl=urr#Mh zxjdR4Z<@~6j_^lyhB>`S3nfYMDKx3v85SdZS%K7d)ZA|*waYi)?(Kj!msT>-w&sSt z!=R91%%r^ysCIu6ZZA>5`ph0uF?Pp+(DkVQW<{OVa@=rcD?Z#-prL<;V9RW4{Cv3u zyBgEk#GL2I?=iwYsay&)dWHy*NO&#UO8PE-sG29u2A|qMYXg7bxaL+$8+)5>s>zZ2 zycGIR_YEd8SEe(=h;l>{kRKuFWCxXbo{utgeTFjo`1hFc;v>7+nTT#d&)D-+xYW(& zB|mg9i~QSq5Rp&=OQlgfCJ+%~X z>_<-oCd6CY7P`Y#SlG>rG%NfONeXQ@!{$z8Itv})p1+#KSangzv`}_UtdCxlt8>@G zYpDMACdwT0mnLTF(Dd{Pw8zOD-cL><_gW!;=dMLLes8HaPJ=XV+u*sV6|_{7`Oyn6 zu&~*UG%7cupAwj;&^}jSBTgIA=9j*boCM+WuNephLXd$W>O)z0TF*^9^^{Snu2uZ7sQ)iAx< zN@wIYK()!2&INpCx;+-uKkGf(S4}3hb0c}9k|8Y(l;Ni@*wVy{mArb!1PrYI&HvpH z7y2G1@{TSDy(MD2zqXfZJ&zJ*4;K81EM{RFg^lIryg?%k)!&J|)~ZL4PZT_!KcTgk zHTmGEB{VWY*jpW}=*XZo?9N_Ic-bvNn^z7!I&d7JJ}q>2fdiZUJQpcRK1|j50F8DW z%+E&JVedS_Q+0HqGwu`ky>q?P`gRumDL#h9FMgT+=G82ENE z^UvZm-9!bwr73u$F`7S~B+QfUI<(nX88TKDeEc|Z6gIu#T`@%h>(xe;M1Yc4nk4m8gX92iM<|yW<%|ElNP8`Z6vZrb%I{Yxynn zACNp|fv<(ayXY_qd%YFlsosQyhFDa}4=2y5yHQ#dNCh>Qu_wTmKYQ~YD?jzJ{ylfl z{Kf_KhkKCYwO;5h9!l-wby=I`G5CiC^ODq0g6`B!G23M5LsdL>7|J2|-5qpT6yor{ zN}L*c9(n&~B{tq7NY3H=?6<*dUNfc~*oKm&$<(ZI0+r#zY0SJKG;_ooKKHvSbwO{32X7vW&y12X@%l6{T~q;dl{R+C&qMqiRy z?vpc+9I^poFGI-daV(S4Ql_!{U0M2@`LOG+q6v#vegc2t`tuM&9I z8;2q4GKQ}#+=3S7L9W6+@7ZWXA^AdoYg{4^8*GZSrw(l0-NR%QSIe~9zQKNsJesdN zV3_Y8zCj_M-rxSmjfH;9|LRt-dv5ViYe{5>G-s2!gfE`tEu=Y_UN|Z{iKdAKGMTw! z@N?J=xGe}HuQToJ;%0Bmvsgth?~TOlfy=SRV;!ETFJU&48W_4QkcRJEj)g*JXQ)C6 z&AjZz)pz6*Gf0BFTLQ(coyJ$a{zePmzC^lxIHuKkvKw_BWYl|?9k)0MoqfOg8Bs6X z%nar$exIT5!WphN<~LLqYazaCFilyY#kLi%r9wg%B(AROeEO1JicdgmzqI`r+-o?rpsCByvQZ$npFgV6>?(uHCxJ4xSk(XsqV^wWK)ge@td^=NfS^Ko4_K z0lib-`NjDHXF0Wt9zXai(ZUSZUg+|0_4z1ieMA}sU9>@^l8=4lLl2r_Xo*=o zSwFeV{?_d!zxiM3p44(WmMX?&f?_d!%vQ`PUP$*N%iPd#FXy2c=_X&+xd`yr0rm4(u+NX!lHr=m3zNoJcm9o7-(gL=A)S0ovrvO`i+=hB965XiaR?==YBVJNIt{oJ#qYzzZE{Oe?`7ZO{fzU z7`^lD@NKT)D?QA~ZukN|_w_cM`{2NyIVw_Y`EV{)r9m}<-&S?C8E;1kdidWUp$GUN zX9E8np=iYBJ$(+#J;YnnBWdiFZ&Vy~o678n`^DPOUA>hQ+?q`#Ux3#qD==X9P>dh$ zP8zX{`bYOcDQO}fez=mhkJRKdoMK3#Mwh=GW{si(4<4@kj1>Rv4@9_#NcfDbY!c;Ku zi!`s3)f1ZKUUSuXX79tX>I&zls(YweDVjUXbf)J@>a4130cED& zMX#|3CC5&n+K&$SWwV0!ZFa`n8XNEvxkB%b2DD$?M3Joq?e>gAQnU*@;Pe&V7rWSw zB1w9(seyb4Z=l#oHr&6XQs`s4h@_a&xc6BGf90aFYxP9>oi6m(-YkJe@LA+%d(!7` z5hUiml|2s_NIy=mA&tS);8vZ)bzb$8-Wx-*cOa;#7Smo|8ML09!wOZWAX|MbJ5phV zS@RCjb-!&wfB71|w5uK6^S1Ie%AFWsE#&$#Epc*DD9O2w#gr{0*%X;*TGHUn)z3Il zXj%mGo)As9hWfIhmqya2&5Z~cFI=3fIE*#lolml`NBs0BSah)KCy~R}5XGN^!}u1wIv0Vv zo2KSQ;zV-?hIgmo@8XS6eCWrz>$49_%%wMA8wmQ6_-L-L6p9bS6)K@9oR&YKfW{X+$|81JBD1t zM$#&S#vyEgBcpT1$1u0&HtKJBu!Rp@k^iENk1qd@ z!o?KW`iozMzPOWIYsgCIZQ4V3bkgWVLKQblnMf};d0?_f9j%S>VmCjpKxSwS8cR$d zvs%bAuK7lv7aZWCYNx0(Jc+qvhalzXaOP)lkiJ+>Wqqzgsqo1e<}37yX2=+ky1^c7 zzCI0qwzW|5iy`Dz@Q&Vad7k>UpC+EMr(s*C)7^j<-1)aLst+8citw5A?Aus&ZuT9z zU=_#aZM%*EYtHg5F?Mw5)j_VY|2qy_ETfOVDk=KvE2`c8jP6?4a_b^3oXFnIPTPmk zvE%jRFfx+n_bs82Ed!}|YZOh8{)4%K$5ULmk>(eC;c0fgSfX!$2j7HVh)>SUqrHnl zW%Fs_)NJaSDaWrHWFgu+hTTXwOf{Y*{Mvyvm|QyniUX`L;LI-)ZGA%`=}}DXO*c|! zC-RQ4S7aD)n+$&KqEOA{yiZkvWZhB)Prw9jMs_^YDio7T?GQYD2&8k*a|L)n^lT1S zzoE0YnaU6{E|LMV@aT&Jg zt|IxW??`lzq(bd5x+43OwB&T@j^h*R3vYnqLpkAhsTAMLd+6>~WwukVgv5S+7V^7Z zI32T>466jc%*mViLIleP=aZLI0sKeEQjE!YdTlFcp!36_$Jg+K=I6<6%Obd%$75S= z6*E0Cm2_Z(<-_k&Mc+i0mlBHlnbQ2w(q?+yyMrG;yBBkFkEiSq}}vTq3qXmohX76%=mymOzJ z2B~1&)Q4>G@gH>kX%0Dlt;WGiUF_?19lG3dn%x$-b;Ib5Y~tq86gno6pA@>itj74# zr0_vB^}Zh#?QVokN+Hfve?V5OG{!91N3So}V1TL~wwr|Uxxr4bbZ!!|fWmz!_ZTuo z{RJK`o+)~s!W<#%*e&#t49fh-7kOSl(EQ8HbYc)4_?yMPzf+}A;{>iSdJl)ZgHE$ z8Bps75UX$&m z_e@0O8yr_zbJKZ^G^oCbYs!7XE-i01>L^2c#dp%`h{OHe(iqy1Npofr^Yl!{;1yr- za$^?-*R5oKu4$3+-X88FG7M&W3vqm(Bf>g9vYq*B@TtRyy)H_FL*8u6-kJ#~>*d_L zXA%j;-Xu>!p zvhlQM-1;|WrW;bR&oDgjR%cjy9Lvn*$*67sO=|UJcc#bCvcLv`#!;l{(Ss;v(F#n- z-cP&8BAvGttE`>^wY*mhC9QuPqM+9rP@pwZV&qme$cDw|?wAG>QkVn~PxK z_xbG<861%;gKxxD@|2ck$)*#r>*qdd&iYFRZnt^GRUi7~nuu2>Eg0MIm6to3!Ngz) z9m#Q~tK$`pm** z=UN*3`8|uX`48Vt1(T$lKYopj)w$4(f2ph;1K*^v|(v>6Dw|A&!uCH(~EJ{T-?y9e`gU$f}Wjxq#JG)L5CRRk1& zq0h_1X^zls_}}7E-u5nzwhMpP|F8vHM@S*x0dz|>jTe5oKvU;&6#j;0-WH4xN(US^uvANq?G~_f%n>Tp&o5265KF&7-ar-FsprM@Ur(8 zRmtmMPWBBpNA?k32!5WbakX$xj^y1}8j-Vo57sJNqTzzSZ#qSfBrP*>ZSy)RRy5<6 z4NI{2OD-)ewWal;v#DWyH!V7w$CL(5rJa596deAI5`51hbWbS?nsabBF9a)wbDSL2 ziL0C1;jknZ-FJd`t>D3T51Pwg%w9v$o8Qt3S%2d8lUZxU3aFHCU_%0S(mt1Zezo%j zb(RF7cw7tg2Op$Mq07iQ#E#ZPic{YXZxvb8g^s|$c2}&L z{fDm9x095+7;T7Hi8rn7lyXT9v!h(Gqx=E2G&%8cg3gnvZ~|^}1{h#?hjwf+r!8$m z$Xc-t9~0KH`Ne|~^eqT-e``tKHkEh(sX&VBbB=g-dO4KSaq&ImeB&ro-W-PG>GBi-y~LTUH1y{xbqCCnTwRsULsmTZKh-?^yM* zV4TS|$DDD)sLS&dE5E)97w<&keuD@SFS@g)hbPIWI1lf(FNQ(uB5p6Af!x`{*qf0; zhTCGJaPQP1vfU-@B>`n{7_pX%j(b4uqKTyQQqY~RIO5(&A(N7Ql6GqE#lXjXlveQ* zN*UJtTxB=1^fjnod^hD}mNL%=5kg<+HBu2e{WrMoA`OLAv}DXVd>l9gQ5~MhD{m%8 z^=A|nS&fm#icE9b5RwkkhkS-1Wwxy&C%fq+q9sXFFAMw2_IEtTzyenHb@|dWry$;y z3@6V*dggWoPlTSv{p~%>%|M0*w9aBxIy-3FjBQM!F`9-9Izp#hVo)tIn2yvZAj^3i zYw}x%Qi)Hj-@cKQqa&DOuyD@36g=(dEDSytOmT)G*p(22+rKg}_Tg@vne_qHfnRW7 zydgbM31*!}qO_?5Xu29svRcwy%l{(gWW9q)c0ZJ>9tnBB{bV0Cj)KnR(aYYcT*Ll2 zs%9R?(()ttcUTth4~;^hpg+5A9wuTZ9W>H39L${bv@#6+obmI+8 zU)+V#duu2~brHL)K+qn38YQBkcyHUl_Ko$Rhud~yahcHTcyK-&@U@U;t}3Uf=+&r@ zoyDG~8)9Z<6Xhv=M)y-aq}{2-lu9YVBQHRMLNps~I1RVH#?!g1C-gp_vuUMs(PaIX zEfsjc(dRnos-Zc2M>fIQQ-tp6HPV;omV#%WfIFQZ=vwYa_EqmHv<}oTFY!8L%@p*6 zQx_2WaV@o$m(dKVB-UqkjP`dw=MI%}So=DeViZO3XZAtb^gaafHOjmyd=ZvdoMW#< z7&QiNWCz#m!{-YO=0eZNt=KZ$AESm^kqXujnTK^kmTi-JyYc4SyQH>J`07`OB{-Hq!i8+t|+BZp6?0z@~3LgcM0z`X6y`9+Xr3|NXzu zzMrEa%90k@DzsRlv?xnTmPCX|vQ^R|Qi&ANq76}!L{XGN+AXCGNhM3P+Da=?u5(}a zAHSK;f1lqy_uTXS<2`d`-sif`oH=uynd|j>z8(+z`n{spG9a-w_$K;fN_iePhk?V? zD9PU^bHtQv7fG}EBT+u=D0ETkS@XIx1EMo7fJ>X5zzr@*3?DTa{C#>)tW4H`Y$vOM zqzj|PBO?M(XtkDdp2C2P{B!7HwWZXJH4Bi3&w_xlxss}>aw6(BQ5>swMy&njA<@%b zEc&E7i&x%l0k&&+N#_gHp)%*p*jt7g!msW{tEerq?`ozzt--y4p8YP3seXwt21yrLrTdbb@OMLxIP4rRK z2D*(EqI&2tN#Anmd!+NMIAc~7u<}rV(9cC89@Pf)H{1n>Q`*Imwa>**soS8t4-&+_ z-PzF4vmOv+QVB`aW&zD{2Ssl~33&23Pjcj})KOqFU2Ji^58iafNj*t~*nK)0m_#Xy zO25vEug-di&TdLzL((mvj^aHl>4o zZr`#)#x407hBZgPQFkq<>Kru>B7trk*BZNBa@*e1;1+*_I{A+vg?f z%Uu-L+%y#3!w*6~pJXP1ak@H#Q}WRzs!7vZ^05x6Kj@@5Eo2n1+`CG=Z?hS?TU7y)mqv-_ z%?iOSoqXtT?JeEdhI89fWrII!OCm+eM{L9Ap(A zk_c}rMc;%~z%BAO*!*`kl$=u{PMH-Zi6}@Bwa)bb+#&!>zg#Y{^?3uJ13v(!`4>d6 zYk-n;9_aH=Z!wi95FfRj5M87h;w>6g&{f^1z$(92vS9RCFmP@bRO6@vj_!??jDKti z&i}K6i0}weXNnR~k@h8tr(WPf{%a67+CwsEtSjF8=K{^T`wArOkdZP}D!|d~5$MQV zKQVGa5tx_f1L*$Kpjw&-JbI~D5`F2R*eaJV`c9uLDyh^+WEQLiRq|8B8QZo4Z>I+k zQaAy)tZ5RKr&Rc{@~G>I3#94MANSe5DKqMNpk?Cl1YSgw9Us5PhXN z%Y++~#QLEz!0izsS_J(RSG4wvf1}Jn{h_NMmC6?76J$Y?B`;6}r9aj2>RYF=_hTyXKeWR|qw zw&(gOusY;4NSUbvIztV>f~^ZBUfUI?fJ6+I+= z>h54zyHDbCGC-{QlPXD()(a}`_Jg3ahM*^~5OT>B0T_J_no{c{5>o>~*xz;H+42{F z+UhJa0~z4t7e9~+9g&PGi4nhi{RzD>cN0fEu1NYmz89-)S^@D;A9(#<40%{e*@uJW zlEt!9#Jzf7B-$TdOLJC)1l}?emLop;*_al`3*lD2cc;)7qmfwAX$@t;$zMB<|cP8~$VMdKR5N!f{D zVT%K}6Sfo(uaZE)Ivq*;-(}#Xq$4{U;I$TVfp(k3UdV)MKO+0#cmuU9cMCwZ0 z09o9^!A;FpXq1|{s0~wMXo)-szuzfoGSdb><|jdKj?Vz6BQ+!;?bF0Li&aH~$U$+Z zG_U<7^#C~UtPc4+Yyv)^uO;5n`8eZ(w~|NMSH&xjI)LF2FJ(wdi^0E>#m@^jiF=po zi@mdyA#Kke;N9KDk^#GHpjz4>7MN;_V}p+Y=YlEX!v&>4)v!~1KeP|9omn8Cyl;r%kbYM9}%A!0JEQXb~LQ3`e;LW3>;uoz&Vxh+jNnDnk zsAJeAsgk<6O1~@uw^S~R1*0BFb|G8EvtQLD(-jzT%;W38YfuxIzKIbNSy}PXwN~hg z0tQ&C$I#5DpTX>~>5?b$i^S$KStv5(5*YEkDT!?920zE{1^aXI#SXVQlI3Y#V(0x< z(fa*pP`cM2@|SWoqZVn9`y#cD0oQ8ZG%z=|h zxkN^{4S2o}msAcN0rO=u#Jsp`qRy9>(3Li6?|GsEw4`t`$UU@C403-B3S7pB0=)-J zFNVPRFFs=aqATKs12rPJ-y*rkEfeot;U%x1pA-|ug#-WHdSDw{08$%j z2n_Fv6A4{6@r;xuF|B1#d}}^Ma;u&amzkb~&K1{-8tQIf$pZ_q#%>tId_N0v()5AH zz)!IGG7Ow9fU?ix;n*1)rZd16ox<@~W;+bolpC@?d8>_$ccST?+{oC%rf$Ip@$1 zjuk6Pp086DU1=*ZYIT-~qT@hPcY}zZRR($uyf{7QrPvvI8Dv*}5XFZFKtanb@qkIa zSYfCsIvJ6oRmLbukmnL{V{ev(ZkO_^Kg^I!8eIq01R!ActA60^Vp9Q|33cDz5jjuf4cu)Urhhy1n9r)|F`Y` z+t2^E@Be?j|KiS(6>sVfmfxmRRT~<0zW$57B)ii>_R)?KdmZxs$Ho6|?;pK7aTF6$%s8{> zSaYob+fnxbmN`Q6`tFV7wwwg$T}HOBCVf1|KK~BQNp*we{0pInvc3pfmP1y{7h<17 zZg97beMVkBTg(bQCCuc6Idsv2`CMXz3?A~m0;%h_WDjNE;4dbnU=L%onVe<|$n(!m z`fi0Ok@s@}qxo+;8G3Us)Nr61K1PlKD`dX$Mz*Oyb!a*My(gbXzMbc_Upqm+-fR{e zn=fPIm%c@0cX*?-ei>q$aYx!_WzwS|Xjd(a+BggEpwfvJwr z;VnxU_|b(7W}7k$%zeJ%Aub(s=pzkKXmJ*;n{S02xjB=t`+^ANei^(*Xn^qJTpsps zg9%YMe2Go{c9ZwHX-Y;EzJTW4s|3@o_YmQ?;<4F-v&f<5Y*dGMi#G2b2bC7B5Duip zU>&6q)O<~z&>4FLuuuyZXVL;YTs+A7P8^Lm%DU4szPb3SB_TrJv>*80`zKK6OPP4k zgA%I#s}dFCG$52~p9X~<%dxJSK>S}T2U%4d=S;kc$*Ls4JKk9c$?(BMi=r{5D!Z1u z*M5W7s>z^hJ7*!rk2(>xg!5czd>Baak$}5Ti>SROpRm7e3Gl>CifE*%H}O;I5{5EY z3%!md%)_{;D7A1McZoWWjV&qm*ckDP{3euot^`NURggkH`)d|Ltr_fm}0 z`CWwDzYD~-;T1@fWf{>mAdrPO{_@fC4;a(sn~Awf^7KflGTU8r4z)+Tc?YKtK;iUG z{5o|KNss6Gu6Zh;JSGGV9*jmWsa(PD%U@t)KfZ^@ZU4-vgpA=_gK&E6!-J6e!B4c$ z=~T9^rh+Of(&HbsD)Gtl-N{X24J!6jGLi8V`n*Je_Ih|3ojGa}F{$Yr3Jel3ziS)l z%tK9NaHP8Mz1#=e+S!dol*-c+{WR!|{5q;x;kFRpu#nTxje^WlIqdGmEIj;OI{x#w z1f?Zv^zczk>PMM}lXt^d*~cVZ=(!erTDXB3FtDPB%8lsX?=}fHp8Q3|HE0lx$ChxC zjCbtv;P2G(9z2!Zlv#(tL8`U<*<4B24z zx9e7}q<$F46uF@8aj6Ku?HLu@#SF z;Xi{{laTT*CS28~Ad6VmVJ`0^ZdNj0>C_t>dotgU&9I#}$QCxewHoUmA z0jcb}k6-C9W_n&0plbF;tnF-XD6U`(bs-VPXGzA=Zh0v<>DNre$vB|*a}&vxvW=+P z)JO2b^8uKozaHom5pd`=cPi@rPojJ4S%PmLgxmcm;1f$Ya+4ZCoKLaC3ypE0nwL)L zuUn4?2R{R2>G$wYK_cj{s>BOK0*tsEXZmEfA^BVPa_S`;&`Gxyi2bIz^tYojgnY*l zs{e%#c}e*aupv5-<&HLZ@y9cC^sOi=^W96-E~F05b1p`i-1FE!MSq?-ypGM3eL*`a zZ=j3{htXTN253du1(jUjx^98>4Gy-(3k)>xEyW<}__cKc;PKM$fJA|qu!MH=oHRA0m8|KC1JkDgX zCq+*^gcus0=iSerAbWp4rX$w(2n)aQg1z+zsMLKwz1!FXcGP|VwHxISkeoAJ9h40< zSa{G!XgP{JIs-nbD@Q-??m};Vk@|plX)*&fb3j)7X>!+?_r#%2A1opgVbp9 zyL%!-y9Qk5p1o(#n3r7y^2Cd4us6o%sTDDC2keBc=0@<#shO;o-$Q1>ei^c;>mHg` zNfNFb8X@ZyVM2KK5KyVNM-}Woa=xEzsp1k>{z}L{rs>iI^vt?V0%M_zU8uqc=4cFT zU=xA3?b#qaUbI1&uDyw9i|~L0Qx)m4-Z8`rst8)MRU6eU`o+F5tUyX%ZNeALT>xkI z7g5E(U8vx>V|jh0I3T$*4U4%_M~+Ax$4@4$p}+J|T=2$^T#o(${O-F?r01B~KvOvn zO1v-z=9{KsQDNoqo3!<4{~=#u!sYq&mEciC!TyIrNs}%Wr!Ef#@Jq?%x9iwg<$UaM zur&v*U(5S17eH{xZsPWNcP!^xD(BUl!k?OQS^B(KKD4!;zqm~n`Me~SZrU(~ahSCc zHTUD7!HF8AD%gyqP}5Lb?|*bo{uo%!M3J^>eh3$;ufXp;e!;z2BK@5vtYYEZbM#m| zjQ#Ytg4KWCN^Yyj!XD=LGW`o3Xmzz3RGDfcpH?`*Jzu;S`~7C*j?WrQ#Z3+5MS7$V zIx`UqnR)<%XDq@sf2#;~V@?WJuwr~h=tJ&_{%%^n?HR4EJxIIj-6T{#N^8oyyvdwI zX`#STiMp`d5hw{5wCJ`sdNr;GEm(Simh;KRjr;7-lMTsGDmj~ZqfU!hfm!1 z?kak(^EzpsGM_3c?Ir%8^Wla72Gi0qL&w{%lr3 zFUXzLjy5Wr(}xQkg<^UZD>>qWgNY+ci@7bsZC3IfN1NzhQc4%++ z6ymRU98Ro|B}_61t|>ehG_P6CU5eO54&d_SA}vko%7tQj->g3B#)YYZZPP}<`?m@d zQH%@u+IsZM!cXkpUQPHkngaEP-ey+5o5S-xEUY~J6t4^JP>LU35dpu31mlPqd}nMs zJ+J&4p6wQZkIIxIEM7YCD?3)P4cQdG#-3ur^c9&Ok2Vm+);Ra2N>4brhq&>niPN{5NLGnu_;J=48Eu+C-kyGpt=2q;Tz%6D z`sZANUE3nLr5n%i)zixGVy7werk(jPIcF{89$f+7Y;+_RTTH^PpkML2b8*nrzAmqIUv|)TT zloj&?ak;7@L~ZtCHbg%ZG;gdxi@%DT29-x0Tu8#{*`sNT2|O`t!c_1;%A&h<=^G!g z?iT8MA_>yJvk94QJf6wwTS#u4<{|XH%)vtC)bOJD27qA$N%t{lAi6!83HLE3b$1JR z%lCS`esB$Yy(V7RXmFLY*mH#dQw9Ev=XK;>&NOI!sFdq&{Q|ga&ZN`5%Z0^*UGQL` zD&Dd?7JBe&55FpH1bu8dho59A&wbe9g3k|Z5uT-vL#JrO^7CeC0eo#7ws#N`HU}fv zUy~5j^cX?L@<%Y;SN$k_{Fl%sdz%e!nL(QH>QHU-MChDzDmCX0#)Zd+;ilh?L$M>7 zu+tcl3GuBVw(K!yx;t=;Son~G)PBK3LGuxXd(ZiZ2v^e1v{HEbDu(-W(weECv|l zh;AM)u%EHl%wyMbE^cfkbf)JVyRb_JstJfCG-Poyuqz4bw||A3cb0;G)(3=N#1puc z9nZx2Zejl{K8bH%l17;n1~54fg2^e%V%ZwiZA`h_DRflW3LZ|LP2LZlhR-xQ#+{k) zf+-wyrjI?^kF8PbMH*|Ypk`|bO8LA1N`4hc8_7IiQWZ1ll6(o+cubXynd(W`ue?F5 zeQpR%nX;bilr%^kCy~%~>Hm_`l??GNE}x5eeT^8&Jcd4+!xDxDzj22>Z+W%;CEcUT<552VO!W^xZr0L;<98a{Xr=e zk8aEXv%+Qh>OKQJWL!KRv#T7}JZKLuA4$YqbNjGAu{HdWt8(NTpBg@4nHIJ4u`BE( ze1sK`jv<=&H$pP+Hxk050HXcaG$=N@mOfr}hCT3oI`t}kCe&l!1g?(x3+7at(|12C zN7OqTq1&=g;j?pg<4O)of#2syEHAu+!WRV4BBzbMPF_uUkdE}Kt9j(owL2J{*V2CG z&fS#yvSKFWcPXE8eL8vmVQ#O-8T#k`AX2gEHEeXP0TtAz z!?@NBp56Q#WNk{qS^LAV(ddhWnL|)htK8VfJ=qBfExIhH@ zzeMmyKRNTdS}2N95>)E+*vD--tiP=(y*Z?rJkXZR$}=fKd58xT)_w(3uzZbI|IlE* z&fS94zJY`#6&*}lXBJmIq9=H#Z-d`B+@jSh&x9q?iFu^6vYO ztjeUl%%2KtaA%Jhy7PJ~R;Rjz9s1`<*oPj(zCpooY=(rP--?uciW)w1Q63w)uZ_W5PX4Mi`u`%$covikGe1fLO~K0Xe^E$myN#NP1QwH0x_OJyAb%+xDp4AGTKU$F$%crwN9fM5D zj6B9lMM1FK9frL=wTif{cYxZt>>K~N%m%yWGlslON5R4I3{?DMHXW=5gqHOm@xApA zsqbh2Z??c3Ba=)RBq4IqyaXVb-+ymv?O7xC&%ri4S?F+>4f^ z{zj5Mm4goltEJE!SE{Do46m~kMS?82sy!s6mv00!4 zqq_0q!^Vth#cX1=y()k4dNFn+doyjePmULz9#XIPA!gLKELQKm5#yGfCFFgv;^dDy zbK+&3E0{cnu-DV(wr&2x4Zy2$J*}f;+Vf^|{DO~c`_E<}p?(}6X%z!)e0dXX@3v+d z_a_U#cix~pLOS7Z4$jb=_icEGmpgLCq?b~cox}=SNBLi7`;kSyCcC=a2t>TYYp=8FUMz69a6UoQyquSa^DE5;+_Ckt9Ve{QAJn;oW|@6 zW&)jw_u-nYUU+igEFLLS!!C4vARUi-ATb+WqONH^ybui$Mcc}tGI~4h89D}Xn7Nh$ z{Z6QV*HTQ;=mwHwSBXrXQ$xz{@Mg0vTJSnyZN&Vte#Ukr3kn#HqQ?D6#zRU!3ZoCZ z!tcnR?0XG6qW9eo{&}S#=U>#0_ZXc)_nxAFYTFL(#`lxT5XhzE_wQzH|eKQ zxsf@f-hOk+$t;!?NIQ1r%-uxdl;`x)75}Kvb7tJ{58Y5`pBd}Aq!=Nl7}EL&is4BE zJy;ZOOEo^@DdP+$B0#Q;sc^Q%ORMG4^HU<2HO=!mMK}P_m9fDuKj4Pq3v2hao#%Q+kWmOzzbY0zUCLn{|nvOx})2gwqZYr0Vz* z0v)S?*I2bvkD&_a$+mnHVeDw1^=r`V;4bFFup^tMbWl1!hNHVKyE2|?rPP?M!F-dC z1$^f*EWDP;;|n!2@x*=>gj~N#7w4I?=v59(Gt8pzXnR3k$=P7v@B}_lAr7nm_f4qw zoq>-1md}q#tU|BdyN+*kF%=qnG*Ow8&d}hVQoh;H6UZN%&o{(80m~e8>46|O$X(?Z zk^I}2oxM4ql6CQhX8cTGbyvqwg+w#dyeSXboPt1c(U1AzeNDo;-! z=UXiP@=WZp!#yak%!*^Cts<5;#|W#xD?%0RjfgsvihVz}oSUAw6JK>PQ|d4Li=Q~N z5q0yrhK##-8C6>%Lsw()hPQ-~wI*O0%Cdx_79C3xk& zA$rb{9OPes16jIs6rB6+8MqVvo>{yqof){Vg$#TXXHQ6$TdgG44f%U7& z>6WYc&$nzbl~Hdg9p8z_x0-Ko#!Cp=lRJ-GoNf-!9#kS<%dg=w_V;7Setwu%i#>F^ zVW}`?^(f|=pC{*c*_N{%J%{{W*9C35znsyppN0PRpFsXHFeSz%f8d-hZN-kdd!l>f z-jm8P+iBV2uOKsf2R8nl8FXjuJg&q5WlteCX!Cd@qGiQRe!b63Vfn*5@S>JRI^g#X zc1-$SZs~-Ld~O)V1U{8VW1eX+DMv@4jz2PRo7zQ8lC2*eXw0x$1wL5RIUk6ya`;*rDY8a6G6dEAHa-nJ?$b?UDvQOXVFOP?(0Vj>;Ff8WYy- z-aYcs`!`UH`WTvV=J;9(8oi_Cqy?R21 z5Sa3ayjzh#`=&h;@=9}gg|*GdMTJm$$nFa4YqSAdcf1HK8tDPab)Bq1&ve|q6y{19 zBSHzBLC?m>NI5#Ca8B$b3b8p&`SeF1PD~>lRK`l{P=BE}a=B>x$Zbe<%3r9=vJ2WA zUqtm5y~G^taJ~kb&lWA#My;7HDC+4W_MbFIQTyN!9H`xAD)}S zSiE+_Yi1j>zglXzb^e{?mq2wUT`!5tzV`-9Y;*+e{qxDL=>3BA_a)r^TQHU`^=+Kg zGoUAY`py~STZvthH^V!oM)G?sZevUP8tHM5TZj*eAAsklcie*|8^{M`*=RF*{Ca&9usTugPb&?|5=1*pix}V30self6vi7TA#FDup@Vfc%-I1=*3SDPqnxl4=rwDC>`Qm~-500Q zOY%0u=~gF%5=ABU&nsirJhGRvYR)1K=e-eZqRg2YK_m1|g)Pk3Kux~)O$ZW|L9uN< zli_iLR@^OT6KJKm5&pJuB5T8T@we53kRVAbvF%JfXKQ~N{jlFd@Ld?oteHLwE#0!8 za4x8XN~P@SrN*t8+&~bRRCj>XwjCg;^tJq)@;E|G<_&s#DT2+*7$n13MK-#NB^<*} zA!ycq;U(*dU1VPZ*@iso=_C)}e?fir!eV^FC^Y zjw_}UwVT|&F%i>!ev`4N_<|1~{6T$&-C>P@#|T;c2|2h)3Aw4{K$UEW5R`RSK;wGm z!_#W^F-z>U*@OIdI?h!NZppkxs+U)Q>;u=hakaDHKOcvL=EnEbqYH1LaYGN;<;frU z^%44~mE}gZG&AysTF9Vd9pv|KJlPXnjZj84 z@aLwtyj!;mV(aP&kJs(wJAzl!E(;ssFKhPmsnN4xxhMVH*UMJufSL}|UZh7We?Ntv zU02O7oGUK~zdFh1zT^1xsva1BI~6iYD21{Q+(xHoNONfwTj{OXU@gy5nHd<1!ZrAI1uv zON7JA|Btnv3pH1uvPhyt^ z9ffb)3FY0JPQyBTe{-d&D6WjRz|^Ku^n5&0sP1#2EZqnA-&Y^t294f`TI+2rVA(2W z+~hIL4f|@yzhW|d;FleWK3PvkEzF=UIGNG+M_og+I&2Vy>#D%keLgY0teQf(PP#67 z6NcT{DG>FQu+xFv)UwdYh}*%FB$jrS*IwLBZmgXyyr0pC&40RriSM-pnT9(EsqBDg zczu;V?fr6``3<}(l?cw*S8eB`FaDL-JZ{VU7!}YzN`CW-^~~>@QZiWP~f4_mp<4H$e&%9-@aWim0>J^Wpv_>#5+7bx^bk$*OKV z!A{AC;ETrYV0Xt57HYH=l~~@#$L+bydtM30&x}&w?|T~)jgdznJB>&}qoN1C8evB! z(?-+@*FQ8L6(VIPXVl(1S(11vOs6{36IAD@wN4;i)Ws}LJs!M;rQ<_}w|V1}K_ zgo?*4=FWC~;f{(EzGssg`r_$nq1E;ttJ%1V{HjsKX6b(>_^8(;bg`Qn(!9rp3G+xp z^$)Z{&s#Y5)j1|ebvD9kxFBXb$IzMEKBEr3F0j|75iVgd%;wo{r8!Duzv?^U*YEEq zF6?$>hqgyUDi%QqQ!F7T&@(7`)P@5UW8mlq_V@%dnxAWZjxO1^7hxA%fd`^Vii4*L z{ssl?8tyImp#K~)51Pn_E9Q`6d?6wKXcuBI=N9|gsJ%~Vd=3O@Q;F}39O5hD9dCVK3=FY{;LGICJe9kZ?KLC4sRVT#A> zKx!{lk?WcgkxiE-A_rvrke_n4^pqVTaK@V``12TRV3@apeYPr$_^G!T99dIBzutQp z!4KRQ^nEWwnL#(9sO@(Nxzr}0Mc2{edMWT^YBT;LREr<@ieQ@KG)Ujn)x;*X-Nd|8 z(?NSe5gk5hSSY;s33t;y4&J^`CBI(F=PrB;wojVD=dd0|h z2SJMs?jx{j_! zuI!E(;xgEe=0C9Glz$%)tj|!)Qo}juquZas=A$e5N!U*0U27{m9J`0pV3*Nd3J2)f zf5)P$ZJizlG5|+S!urAL#>kE%B~dSJD01M)=~| zSZUu}4eghkCah@fLgfP!SedXDT*{Y;sP%pyH2C=h*mCbmcG6#hH#9xXCq2!lb0*tj z0e3vun})&UGW%S*M3Rj?e~LO~epU}z6d}uBuK7$_)ih(OezW-KzbnyifnTZOjRnxDta;S;CU=1k zi=f|og+jMas6s)@-|_Qfs_=zspIA4mO0Zju70xc&CHy&3Modcy0V~~#utJ?mZko9P z6*#31db48man9|&D1_lZh;OFnM1qWki?3>p`wD9XSR6G<) zW(0NMi!@QB*JJ{0UGrMVnVBW5%Sh$YmK}lSrYLYLp1ct@x7qM*PpZJ+<9k@$yn5lq zyhZS*(Wj8}jW_U#Atm$;)3?akE*X5Lfeg1%#RZf9aRQD%7LCO^Wi!#gkFd|GrNlx+-7YxP$qom~+p{4s&|fJ;@H*kI}g~!0U}UOc?F{f=vvc zKy3Y8NXqD$;B!i(?pD)npy4x4)eq02OUy@*ZT-%?iuFX!yyys$w{KkI>yKa z%ZoT}u%9=&wF185;6*5FxIqQ8-KgWl0tj3T;+H;Y1yQQysLrMpcvOHM@jd-Cv#|3b z6Y4z~jGJ+aSou{8X&QfzUAsn^%owXjdHS?qE9`@Wl%4a)may@d-2U;{qu+PPbsy!S zE22IKZahNP{%b%VYiy#*nZ?-n#+783^;+urto3B;>bcb2^ab?jyB=tdY69eEx{#Z( z@*#iAb0KM-{Q-aGm_tqe6N#k#Er$B043q8AT5tLaUk0)0Lqw?>!q77Ov&=X;r3?YAp@ND6A5 zB4PQDBfQ?=BuX;H1f>2mAV!u4kRh^u*s`*8)OU_8uB&DRFIv}*7*w9;6yEJ+zOA)j zUdqfvLp8G~`$G=Y<Mm2YcmC{etVhQHM@>gGo2=USiKra zS=GRMKgpp`jaH)ZMLhSesFr#*esa=twv--O)b@SO1$`Yhv zWoj3&+)AGDow1zL)QR8>r1=ZW5`U~P<~I1&7zWH@-6#v~iRe9r!Z89y;X!Yj^b6lNzw6B@id8n1%uuX?kb==K1 zEzKm#S3KioW}ih9Q6t{T>jBga9GEtzA%&cAYob@}{g1mL#4*zzY&e^^Q zhkdC1f}EQ@w#R|z%f7wk*A0B*&RPEC3fJos3R=&FU;nD`aqfzQT=y#~K+_!UE^Xy6 zH&-!V^XH+-#rEW^FqT)ayMPd>k?cmZ>3rgk^`y%f3rZ)ujoR$DoaHvD@nS|d;cS(H z`@R!E^{WZOt26d&`wTfUapDU2c)c>@b*55i`ns1h``rbIwuuY{X5 zE(F=oYs_VAQU!Z_k|5U?zZiwU(cHZ!w_*C`YtXcUM69#~Chg09^k2>{+T`^bRQY2a z)MIVI`3%>9k+->A_4aFc`H2#;$;1+$S3Z_k{FFp3^vEKfgs7wc{7(?_$)j+~6J_|F zYc!VifE7CQ7orfZAnl9z63ksI2>&phz$ht~Tdje8n6m?%Gq^y!4{T-2@6D$S$0&o< z;RD3_-?8A$oi^dav2d)+CL2%jdCV$&c@4a`mBB`KF7QOn7QP|y4rcJSgIoV;4Qrx! z6MX9&A@2VQf^vRsr&cct00!&x;0@EJ!1e3T^F{%S(QOZu$RE?~q=3xjn9TJ*7;aI( zTE!``aX)r)t}Amf|9o%K|AP`c;Y1?2uS)76`jZLyA9;@X)p?>0i?$Flv&WEmcYi=! z-2tw=w^PtQuR`0#{YCQFncS((Bf?`>L*B$-E_Yfh41yFdLZ1UeP%-0(FgoWM*=JV( zWi6TlS9q<%`aiS~ad*SGq-j~4;=-{E(Li&TA8H7VA2yP?k*09WC5wB% ziziS2N#div9ww2Azt}=DiB2YSg-N})ptsiP%=fJ-US^YrxXYyRyUHcGIA?hvd$Ism`-EP`0COrMN6=+2NOY%u?K(g(o?)T(1hvL9-(gC z-AJF&tw(o#8c#aU!=U#|=Rn)20a|TNC1y9Aj;?#Gjt`~Qf;k?a$n{;%s8Ijutj_U3 zUdeAUJGAI0^>9MJ5We*uEqCV*d&oGHT}-PZAFNp}f6x}brG9|2b7QG0FI99Bk%Yc; zeGA?AoIqOEnPBHNmjEqC9GQRc0UW%Rq?QzG!bKW$;Ric@3Aa^BVV}ya)RJ?)xNqDd z@~v_Q7?cu-Fs-OgB*I@zj?aw2+|BrfXlxpx#@55&)TIezQ^G!UWP3P!pmH0tAteuS zwwndV{i$XX=L8EXdupH@s)F)9nu%u4yo@j+_cLMD;^8&i4>=I}9aToX)Kb@bUfDzwEKPIb^zYx9Z?)*}_4m{@HWmtA0K^+g% z$NVn>C@&j|Nunn)4@rm#HvA0B^yQbuxULLe%PN|JFf^acAth@Y*>U=KB}Wz8z8)Jxr7)cew2t?Byjy=0JXXrCJn`WZ5tVlh3djkAjP?`}P^Uj< z!WN?2ds=a`Ks{`7-mtL1M1g!!nkZOp>Sg9Fd`rfJ6_TxeAMigfwhHl`x$wu9DQJ^T zHhu6b1N;4%PvQM(c(QRMm1NdVU1g78a`}nEfgF1>%G?5bs*_Dt8n+-nbM;ZT&68+4 zYZcZ^d%;2CC#L?uDddzv95PrEK)YVO1>y5LeL&XZh!ny?8u@~&=L7P+`JrtoD*KlO*4YrS^zxtIsMc{j-9*q7MOlX5z^VYhpxN&5T5te3_WxG2DN#MA2^cb zfOtH#A?}(MBi%MK!oFNTrcdmqA_fl=c)2feep@&-FtisL(7#K21l{7U^yC9GYd68M z+?q2f|IW#D7_n)a3#etItVvh+2TNm5iC5RpvZil$3C}zN2)OApx792T^O`-687$Vv zGJB8nM$Ye{;vGt;g)7S_d^<{M*p{FR>;DivgD>Ibn!EYi_m1=Dvh&#+ci-|0giH8y zVk!g>2XZ*APADrFrc{>MF!hmxI1}MNjBap&5@3NV~p8&I1=4|j`7FBORcB-bmml8H_enkanu$y zNk7Ry(sRL|p34$cWWOP^2XzrcdzvXU80Jd!RH+y)8a^HM1-YJz6PYXXNgJIM?54_O zYEJ70OsB*{`1{t4s)*9XD-+}3^uR^@kM#Nc$-^4-IHeR!YvX=W>u(cv=%h2Fbv*`^ z&Ei>)W*;VS<9)L1j3F$yg@7KOxqx})JJ9iIdc?GjcU<7%L{7*!MFy5B(M}ex;G};_ z#G7n?`p1ATLWVqr)$#+_9pxlfI<$#MT{A+@QK}=2gZo*n*f^-WuZr~?_=>ZpI9B~| z9qQATKn!0~gIjWX_@z2p_zYE9EV*_SV(w-p+*uUL{FtA{?S!)U-^Fj?{O)Ox(p4)y zY3m5naqa<=+n~%w!Y}B4(;hZrQ9L@-C&xyTz5Mq$MNZObhSGAA@R@z@_UKo`z-IVcqAWP~~Z7C z|Ha&QfJL!1?apkP&AST1qNoHVC`goGA}0X_Ns1y#a?Uv^(L@jlf@Cup1QY`zD54-J zprDc^7*GTS6yeUG2zof@JNN(o=RUU|n(DW@r@N}Us;6gmc9vXz^)>2S>ROzI>KDQU znH5kUv;h;o?4%iT0E96eZ|KGMT%0w140sSaN{NL;(e~1kq$36gAeXZHG^s~BpoS+B zJA-stIO64(AMn2rZb(C7n8_!_33qWshrb^gdQU@-I^#KdYtn)PX=3CgkK zcNch)4%3$5hR<@-aOfa(sc{08lMsVb7`{N>nPm)rr%II?Y_38Lh!MkOoZL^|aE}w3 zD&2&6txF+4KEV#TSiHxiWLHDGx44t6YV9dIrrK%8UNeDxUm-Nx-BV<*b4RhtC7Wsb zO6w^U84gs(_DzI5$Qa(e3)lwzw9DRSo%nvT&d;R0?N;yLjE zEhhm2#r`i)pJID(E^W;uIe7x1xb6i`;A;n(`?fk}K;$#nBDEJ=9I_2~mGy;`cBBTx z`5wmJy(~d`*h>Mt-CYQ0vp%4%dmSYok4vL{nCiqUsWXvPr@2vwGxrkKM&iiaBbNXr zwg}2o-utMXPnKg{+Er*P$I@slLoPVCw#zhuf+P4d_S^AcQy@++;XcLCSb_BEHiqot z_ni1RqMVXU35PC@Gk_ye9kgxkHAK7cI=sw=I?SZYICZe%DK7EcE#itMdjel1GgRB5 ziGTf7jTDkv2CUrDhktizh#)Xh2644TQ7Vm;P*R1LspDidoaqWY+TJ*ha@egC!j$NM zPH$h5COJ#d-W_Vdxg1kSY#j&oxOgz(z^g>!_MAz`ZyLa->g)w}%JC6DZ=+$_j_e^& zURhHdnPZ4&8}l&usTPPm=L5+^cpJ5Ps|oZ%X)}o^(M7r|AcETU{VnzQbU#MF*d3G7 zQG^-YA&g%A)(%JA@c?ZYXNfIjlK{t7#ZcDyhv1KKo*+ctG$Un2uA#Ab8A7zE0kDGs zzdw6@6YVo(gTl74(OPeHV9u^{#)phvLD$4R!ehSgA=RE+fmze)Kw_5NNZDACMp3XU zMdw)5p)`b)2n_hu39a6Z;HG9@+OeHARPF1d#5R9Rs(Jbt_Mp5fuI9~NU~9%LRB1;L zWkqKs?wn^Bitay1;BcEFew=xZjXfqtK66(Ih!c$>Mp$2`ekwhRGX2hmeW(E8srOSsEeTPlYU8>;*mT;3t0xaKe?c)`IR=CjcpX37iyWmhiFp zKFGCyE#OA%MStOQ0NK9npd4v50YY}CW11Tkh-=zy$nR~QkYA6Lp)B4FlexYXVr3!) zQFNXxVlF)xqf~!`Dw)GaT^_avb=af~XLW%LJ-s&puy&~9D=QvA?xi8v-utEiX!`)` zwr3+QyQZ9m64WM9QNm;%%`N!Dd^DU%FZ?-ob0BH>3kS-*@*uSK=nOd>0wJlW&$Nc< zYS6B09Ivk1k8%rGNvqjU#(@(yz+S04)xQB=qMtw z|2YSyaN;Jxd^VVP(uhQ09!UYieX9xTX$p`GVFMa)jwcSX>_Js0I6|?;{Wy^vb7JvR zC0uFcbLj0UUexS)S#){6E4F3x6prsJ5lAmvOM1G71uZ`|L|}b?fOJpo1A&;HhBG^; zN4yF@Yw&Dz0IJ!LjkWR4B^=goAbs;%4ZP1MQfD$7@n+)ZP#15>(;iIMyX}SLiedxY0rs}01nrUSth40Q0)U*8*a7HQnjz zNNz;YmaQ*`?7eG9D=H{B@tXJ4{l#B#{yw1qj$%r#x+RIlN7n!yr}mSzudhU_jDghi z(FxE!Sw3usGk^{{l7r>ih9RFCQNsb>Z-A||4OEr4FL6!LkAaT20<^oG-@vnH?MTaT zYPd~2EAS>(tmwwi6Vzj^Nd$6(8rA1 zDJy#)koZk+pwHaeg&(yS2ZC;_!8~)1z!_L1;L;AB1+~jU2thZu0Wv3?Q2a4j7>_HG zIQf)k#G#f?z%`R-d`(gx@IjY`USpk1OL@r&^z9m?IDL5w z6U{Hn0a|QJ0wk<+a0;B>#E;J>?xE23=JpKfm2Wn&QB=s1TM3gI{l8%>bBcApC z0>9f$nsRdX32w|PlTdb(jw_8yAmhedu#C zCuquv=kgdpZ{^c~93l+icfV(1b4G%&ue%z6*R?mWKK2+qTTdG%JwX=Rs!)V;nBt`j zxwjC&qPsvS*J;cS9X2X4&YwsMc|gup+K1=ePN#{d+#@IGegXKS8_}ei~c4 z%?z8isg>O0pHF@MY&E=%HUxxfY{-gIk5JOs9@@c~heX5kA{Yf)HKF8!J37Hg0sj>K z4xhfk2*E(*J=Qf=8B=_(msadI1Y&$|Q#D^U0=do@Kr3e!wStWUZ#6ZHa-FHcb7Tg9 z5B1xiM|)eLs89ZQ*TcSOHijZvP(>bWKJggGvbLJ=srV3BaO4A;VzdV^JQELSSJmSf zNs6>5Jfl=Xt`~JUA&y+!y#;#T$3^&Jeg}NBN|dldnI9)jN=6m?d?V`)Tq27w1Eeiy z9+BR>euh%95+XB)Y{JF`sbZ#T&OoW|MkKcOSrW&<3d)8lQ`BkiOOT&51FEU2qz))B zlhrc1L2`R8^;SAFX|qov{^col@cK0kKr_@CQ_}j4@R)0w^nh^#GbYU-T=Mb6ZX%S@ zJok@M<+QknZrVE`Kd&0If5rQoN0TZJ;R(C}$MFLx_rU2l6Vx}~ydga)BmCzw zGPbm}4)rc*4fS=vAm;teEd+0@KZa#ZE4D(o6x>EWge|>qK}g)l0#+7BV5&z}f!S`U zguLZZ6sg%AMAxW5O7o=;D4u3!YLBlA?HD->>mzdnbu*k9%3E%ad&{9pJR3Po#2?Tj z2rHUUq?&i)~~!fG|O$Xf$<>G}xzP}xD;R6!w5 z@+ApU+%7_Ter+3RdUpuk`Gqz0xVkH0yAwb;c+3iNyGbNRsdtea{561+?#U>x2X|3w z;jbvk#BAEzAVYE`N}aSqk;J_X%*LAZoWNGgNurgb zlfZ}P?5U>8S*Z3ajiBrdfW2uzK-VrGrfrb83qCn!MT_!gVDI1Dh@0MQjnAa35$(0_ z!k@)9;n&{RCm3^^)26)-5V)$bM7!Dhv^_hY;bo4!B0H`hqOj!G64!;dP>0mdQlEb^ z0+@Tq2g}Qe8ng)OO}c()jHYB+Iw@6hi3*bivdNCF4ssx@Z3(wB{~$ zJh$g^lBdZaSz103Kh^C>+r1?KD2NioTvb-U&y*|UGo?=u@2$T-xZGU+5ykzDGN)Azu~h1X~lA#E(bk1(ctFDotyu*G=01rz1@ zM$ljTlTghMG|(d@B9ziy?t~_?1@1xPS7N@YBv=w#M?C86h;q;jr^c3Y6YHLZ5`&7Z z@t4_7;)jn9qFciE0elW7fDp(>D^Wv%f$syrlmc#2s4Tp8DCz_8#1zta(FoZd+fF>_ zF#~O0b&Zm`c?C)F+)ARm9viUo)Hw0O${yM}Q)?*j!!>AI-Wtk^<1~D&aRKpNPavkp z&y^bPX8^8YzlVOzA&S2={ghC%J&gQtWixqo&=Z1ej0cF~!{co{IVp8gd?fAV8MJ%a zDU^)FClumgB|zYTCq*pA9^-#Q94qBkNVw5X#qZ%U!g%F2(rg}m!Wy?;!q=`8rU?$( z6CyMdp-tR6G!^MV;(b0=$Qv?1nZTc*6&D@Be`l{CcerI!^Hzdbag!+WNrQ`M7l*G{ zo%0;D#}S595y2H$k$P)t-JR>G5GD=Mc2O#6eSRxsw{JDAyVRc$tdvjXq@>V-b2$jg z%Vp6M6T!4LgR6v4N%$Jv!w)QJ*$7n1Zy`u4^N{$9+=yHl2vtIs0xsvup^GyuDVniz z*yFcsaSco>$eQsC5KLo&e*+PZe^|K_CoiIc;=peuq1Sa_Kc$(GgHkA<*gGPv;khe@ zmy3igUE6|+J8Dl`>t~00d;kK)Fsx|K$}*BqhZ!m_HlC^>B}h@-{ef`yqb20bn~VpS z*^v?y_JSW~9^kAd$B2wr9-s!TjPl>Zh8FRAMY!bl93P)M2yU^OqAIJOqYVfZVo!W? z#O3Gn5uO(5LUv9Ypjc59!93z z`AP#5#U-G-!H&2>6EfJeb1iLxrh=D^H~{8YdXa})wQ-#+E)=#%Cj8d*2IOVx@OQPw zIce|lW7H(mOel3&7k;&aCzi>8f?sz-nc!Eg4e|F3V;ZBLQeK8OfZsQ+B#Ndm!_UHf zMZMDaMhmc5M!;>?Bm0x+(?z_Lz5|1J z-ZRDMj1CK;QqeBFL|rPy{e3k#_I$Pc93~`u-Hj!u%ULq1FW-ae*1& z=*l8(@CcJWOTryx9HkC@6$Q+^1kju}x>4K_ved8> zjwD4lPg>RndniTXHi>M|gR>vc#HULHL+!^UK;d|ZB7J5vB+eX%(pHuL2HpIL{-rgL zx|=k>X(o*gH0lSsG|TYS17WCw)~}?CnMGK3mv{K2AZ}3D{0o^!+X9psf$wv?{{V>z zt-xG15+=M1^at3T-B7zN&jUq3FV@G~k+wtS2{~WotDg?UgBKjYhRbo(EJr;;;^bP2T~R$=#-oeunk+@C z`tE>P^Zp`rJgOEm6*z+#dxyoRL(%P zi`BU3@MiMm_)N%DMV@BJ)kLj0w2koTdSAgUnY1$U9OEF>Yn~D1)RBz^eHePPW_)64#X`zS+DU z+*w|UPP?v&q26>SKh61u5{R>;Mt|IhIi6NZiasWS*2vrmn8bTf*l){|!dIBkEN7Mz zRzG$p=LxGrHYGQR6;B=juHJ8Jf%t@h;i9mySni(s0ML z8_*KEQAEFoH!#axnu$Pu2Qf$47zeygAQqo10>ebP@w&Q1irB;zZkANXOn}Q>&9k!82Xmq;H#9$b-)vFt1zJQ@(Srpy681l4ZV#;S_du z1Cuf?RL-_fK%yfV7t81Zf*K5nm0CFLIovv0=)LdM7`6|V`QVOlY$%NamN)7D0IY6^FT28bHzYgl> zPGBEj{)T?@rWF*q)rU17)&*|4@=--(`T@BlG3tXNEG6lC2!&Mp6-TJdr|$87NnVv~ z3Z!VyV!|{6fRHo-!E~oBTBFwur7Z9PR4jD{2$}HL-S>Z`cI_OX-mUmZO4_7^CIz0y zyZe4ct+k52m)d9U=QuswJUy%w;>XHz&SXX$sy=HXJbf}{E5`*++)4<7OzSbDG{cnIc4Jv?(Zd_oo*2T=1ZhT5i|VdL2kSs?IzwZ=QH(f$Rt_7 z$)D=|<}D_J=P`lf5`_@D-;3N|+)K${v5hQZvKn#@V5J4drBS{oNTH68#N+c;_Jgup zw^E(u!f~HwFsRAyPHZX<8{X3A0hLMR8_By%oOWK?996yAlYGeW6KL{~30=@POI>9W zjRwnEsRujLD35wrXfKMtqc>k{$9_z@hsRVOz%pDd2z5K{X~p?6kS2OPHeg!^$;oRo z=EgQrl*lWZ$jFXE9_px zDZC2FMh1FWObbQ zXNY*srj)F5HjOZ5{f#_$?+)?ALkjI&i4-=dYy-{X+EHj!Q4f1u#|Y2kn?hg!{-i{P z5VfyEm3llk4^1Z5VjXy+09LC!C}Y|cd~G9(6}nJFE>YSHKQ}vqVG)u5EhfXDWocUY zyVp}OT>>pwE%7}dJ1rDT`W6qJQQTyy7;4{VJ>a_T2h3JlHO{!?9#sxBA!m!Oq)CqJ zqNg}E6W1x{l45a}Fm5ucyVMiUeAMT#>mKZ10nz-3x_( z|D`V#m*<#C4zy{;Ztr=A&2BqJdsA=~HEk3L*?XCw@>wOw&$w&|J6>{-Y@L-+DDRa- zMbtX1q1Jiw;lx;qncX^6$t7P3Dpmm$kRKp0jUJ_9HwwYuvyUXV%YCQCc$Q(OSUywu zcJpJeO)tl|#zhcMusaa>%aQ=Ya4n$j=@nY7j})=+^)oWJI1N0^tpm!ZuL17V8=%W~ zD`J%VV)3gK0}1}?_R$1atiYcK%!s;AKpda^8NmH%3KlC-1xh@W2F%3tp^bg+6xIFD zNJGiuWJB#B(2%{K7PLVJyxq1J-T1zU>UY$NbU*h6C0nizO)I~E*N_Q7-R5Saxp_xZ zcDNJ+C?5==*Q$W%kXQm-h*!f1v>XOdL%J0EM}uU_Wj&(us2h;rr-F;$TuRlL*@RcJ zMiC!wj3XY_E+;m#1ws29Lm{`~jbyP`vCz9fO(3`}gxDOZgqiHeqY`6?q`+DVR>x#H zihEfEs)02E<dr7NJVs>8(VH zo>D}CMw!^2W&1Fe1P$mZ_fyc!f(;vc*NR}ZO^9;E?G&1Ooe0LX_6g7@por!C#E!uQ zbr7S5-s3m-^ipEin1a__a_~xLUeKE9lE5xibF8!QK@?jZI~og25=#;VaBtu95l6%> z&?0ZV1p}21Q};QgP>s7XaB&n2ZhSX|s3kgud(n6SV{o?u8#cL`vbV_zZ<6Ci-8bVv z$t#S;Y~Qtt#q_K7QVl+| z%pYYgN+Zq&^FUvk?t{(Ci)d@>?%?ZQ?Sfc>qiJV19LE?r#8J=8+{2u9xQRte_F>eE z?_nNcV}S#2v6RQ3a*6D2rj%MR4e%s)p*F5L25_m5@!~QVDgj)KQU-U z)o+?aM-6*`h3mC&Z!NsR<~$qpvai)t!>9t{p0`Zs8*!5W37bcWzh8u9ey4#`eK(1I z9Ydn*rB4zo6Q%Jz3b&{$2F3_9)3d~34xuaHmqCBwhXoJEs=qe8AP%7;EUZ3Hir z#e>$oa)eV?xM|u?KhjoB6o49;L(q-owE%0?9o*~U4Zs@(GjNBDFv-HY5*puEL?|9O z0OCUiP)+O!1PT0V;?vC>)YU5wl5EztVjJE|5O=|QI_pm(#0vu{xC^aAly*%S+~)c? z;D{t2j-Y!NRUl#rJsvUxEx6^#N2SC`GJMN{Ug_J!t-1qfZ?#}zN!uH$ljt!jGdh*9 z+gF8hu{((xah?~nyS9l^>EeO!diI?9xE_z*q3i_-GHDS`Jv>SlIF>^me{qvaH1q-L zpV^`gX}J*Fvy*9$x>^X2No@emSApneIDoCwe*vH8&Vrkp_hMf?ivusra-%P{`J)E! z2!c7I(x?N|?$oX7c9_QfA4pj$WYorR1)6GLCee74IPL*YAnlSg4PCn|7#RJSf~(z` zN0jv{1|H;D5m$PgBS>h6VQhu7F?;tcM^6tpLtQI&;jw$wA@=Kjl;!jSG}nhO}6vU_pP zULvR|<)@T_*GUB9x?Ie_-2hVC77*|L=rZYcum>b(`v&igmZ9pfeZ?}jxs%Vx&R|u# zy)Z$ddoXS$-yki9EV1q~JC<#*42o?$kG~?n5iH-y4_Vby@hRuGqN?8O5QlnSQI34I zCGRSN(8tVW$Y!!~nDYkNmZqY`-#2*_O7FJdp62z~aVDqogLn zzmXP8)ENe`V~TsP#8rE9>qXa|aILoIjFD)|S9`ImW|+I)AAUFN-z6D9$Hq$Okhr)M z{321lO^jdf6NL}>?fta>3B&K8{m1tI?fXvu+vDfollpI|NlFUFAWo;R{dCbCb%8P8 zeT+Ae+?|#bsptI%T_3aNEBe=DtKUgoS>W8%Uw&f`2Y)&Dr1T|}`2Tbs%w2t)-JOIi z%;7&#V<&U>P3FMwJU0htdzc9)#1@J0zor`yUHB$MH-U2ooSkpM<=YUw3eK|fczQQX zgR3BVH=OBrU>=+^;5=`GD!A-iy?_xu$6bgXa}S~y!kK;_qI1AGxDKL!d;sTqxbKGx z?PcMzGn`}K{PEEOAL*xx3r~0E#?OtFu@XgZ^2C@FB5+FLof+PGUg%=I_dC*1d5VFrCaoP}Fp`?SKj4YmQC3*nsc z47T@kSdVttesC6sa}1oj;S6-Z7|t1R{s?EdD}WBm!2#!w{qX#}UeF(@Gl6jioD2Wp zBX#kxZ4h}7GyVUN7W=BPse^^PHSDWet~Q>g?iPaT7CwNMhnc;N`CL&+K~YCeP|MU6 zX=mZ;2CR46!oj!x5QmwKJ3kRvzroEJK5z>Wm@9giA*J8@cXJehyGL|KjL0F%pyPfT zfdSJb7|&Jw`&^fBXpPn%1RzMcaqvIER5P4_wWu)CA9vS8pBD{iyW06j-!n_!m zH*b4pm{<9er=*}Iw?|G>Nmpr)4$PkOMTFMCGNF+IoaWvSEw-@M!cz%=5)69P)rD~o z9uv$Hez)Kg2yY$ClZD&C;@bFcOPd9r0HBA2xY)_N5(dR zDS|H{!T&QMdbq=U#9o*G;0OMkuPcA>BVm5k+Xb5=eZ;}MCb$phO-_#TrfxQFfb%AI z=lPQJuac9ywS_C-3464SlOtehV_|N?A=wLlGWpZcN>I8zILcX&c-Y>EHfmzX|h> z3-ge<2!{EHKO^Uq`GoKzk@kQ1--0dR7T2xn<+R`rh468U{o&ouap(J< zgz@5-LdN>~lQ%B{Vuxv%=UfQR`-9#deI>vYFaz8yEDiylruH5dn;hXKE)5hG!-QGt*Zb3#}IF68Uk%Tx-4vZK3>{4q+G28}`J9h4Okg3$3{QhpabXdI!csKe5RU2E7`_kuZf-1;{cC z`dt`{!*m|kz_{WkR+VMYYhmmRQ=}fj_h8H{_XAhJ^gfLHf8tPi2E7i(xiCfA+bb~W z4`3V*Qv{nRGU)X%J`Pg^A5db@AHp~krU+%f+>PS)fn_M zFs^_pg6(%Q=qWIchv_^{g|Vvo56q##pr1uBOp$s7r@@#*a{;HrcoN3WSQ7o^E(W~; z9v{E^M|~tr8)00y2tS6gu-1?I8!&Bx@z77~uFaq~!#EYD$an&K81yGFHi0REKf?4W zj2SvV@I{!mz_{fnj?rb%TVY%QQ=~nD;jcvj?s`A4ls<$0494~_Md}g!9L95iINu#}|B($bl(>1w7#Rg7IFM&f^pqcmKq}o(y^_ zjB{a%)Fb#Tj5WM|V2n2$UoaMiDN>K%bQll)#1%dadIpU9VT#lvI1|RDzCUoOAA_C+ z<8GKD^$5;Ju>TKC4`k4DV7v{cNIinj!Pq|N2c8aQ(9gq|FJu8Dd-RIKKXBv`2K~1^ z?A$r)$MswuT!+MF2~3d~y9QGvc5cHIiIG~EBC+rgrbvu8!xV|lXD~%#?iEat*y@8R z5<|lg);uuu$6AN%1CYHd70z%GZb(9%)UlkU4kh6e}j^rosmCS6Q@ zT@bOZDr*OoHsJyMJkFD^E7!ubR!2!eMaV!`Lx*F|2pmrEmWjiZLqtRrxdPyr+gNbS zZDjypv5a%)YhHuQWxr(9VW~PuYWYp7W2U^-8rZR;#LHg}P(KQ2caDY_U48F9eODvw z89_apcy%bQwCB*-rnqp0yawgZk((q{I>#JOJ0?nW5euGIJlp4=iREZgM`ZjL;{B2j zaf&$`QYpWrBUf!vbZe6Efw#BtPyhUu7USt551%`9pYiR_*ClTg7&-WqW$nbCV^JxB zWIhxBa{~Lr9~;(5?=N`ER3(@d_v*dx5xA!rWV$@EDXU_nGFL1itEkjpP5GOwbGG~? z>GJ0v#YLtEwnmP_eJ_@6whhge)Lc?Ib9>*Tl-pDJJqJgovxA%X*w}5r7IHs%F^Lx(~^Y()4 z7AN>xKi3UW?q4Mc*s38V(C3>OmjkAG3QLTCex(^$37k4UwOJ(k<$Js8!{IutVs}4o z+dVQjIdh$Y6<=ApuAHf7DJubhC2S`l{13L9mz%EB&@aH;mN4KMp}&GvXY1Icn9|&Z z%wlDNV6YT(8emVnHLZKo_n1ZQWO_(TOJ1$TS0!L)!d2^&pWXPB57|Un-#vDX>EZNY zfcre3o``jPz`mCcmSecJC4FnZi7wJ*yl#p&|7pDkm%&1;%*%K!CAl!Ugu9!UkTWl+ z_MhVXu=ir2;WEN>21$DGEHpyD*gZ0t4d*$tEb4G^5mx54 z!-AaumnAHaskC2A^J8+C@HAhhO^(%Yzq7|BTA&5BtUTuc5QtBIA9P(@{&4-bwuwHr ziK@bz`+DouU+6iQo?A3mh=?zTp1d;+t^at*#WTHVVyPGr6&3%77-9dZ=S>%JmE_j@ z(=U~-re|Nf5^WoQtah=!NO_Tx;2(9cIew*?QYhk&TllBm z*_-2Rv)QtIR|8SDR&F_meH(J!{ut{|I5)@hM)R(OOIqhWGTPPaNIUe0D=v-TSBSHhj1oQO|Yj7*_IR(fu`J9C_}J ztGAjRyO5H!Z$hs7u_K$f(HC{sIIo5r1&5&_P!LGe4DaERV7kuBn zW3zo!%kTC#ekLZhM1aljh2($QyD2Ra;AgMUNqA(%DlHm%Iiusy^*@8?@8tP={(s%W zG@yNY$2HTF>}S@-o#D(V3zHqm>TunkT(V-UqBJV@P>(P>3{E<|^kTUxA68=JxBE z>Ic0(4DREbS$&5$YxZKNm}<$LFkAVQslY&y>en|dL54KHt@oL&RhR=ujY|arR<$R6 zR#Y=cQM6_)xXH@9!%`q|#5MWgIFD?t)-_Nj4>H}n%{e^FwOTgvR=j6=v!&L5w8K~J z@Q5R~g%a$79)YS8gmX<>uRf@VN>$0PbShsHD|LwQH*>pLROGM0G(WfV=Q?4fe5X2j zp+oNtPV+qt;ds--nb7*joGo4-7gx>mrw?&r*K{Mgrrr#P5e^>B}Luji+bpI=s#4%ii0qYiMP4kDQ({&v+mQ@^4Dw{$-NpZhe0$#r#mt>m;)DmMj+QcAb%|>w`UN-twP1y=)#2KZvSw z&9iY*Menq5Z(eOv_RiO8W5ovi_D`P*Lj#7Li#t~=8eqn_=)$^}!E)iM&tHkmsrbjm zz*5@%Ifpei){2`uOT25!4qV!|W`lt__ROY5V<5%{0J>>4i{nz-mb!)3EAz0V3^d!nT(eL+l@kRUF#* zehPc{>0X2FGQ8hzZryh6azVh`q5ff_QNE+BZoLjELs_@Pn$gH*Cq4bp4>g+q$GB++ z&!ij0xO{8g!xI^EmbAp2iHb@8eca9KKU4~`U%`wnRwKO!U`RX}Ku;C0sKc)(eCFpY=bcH7HO zV+IBpZ@x!V2oLTD*Z048L%q-8kTDIm7lw$YU)Ae$95>+(m_62ieX&%qJdZC7?Njh- zVXl(mys?+V{Lgs}aC2vgo)LE`BZhf~XU2Oxy`438T?Q*NmxAX0|9idG8(_a~5Vq7U z8h?mxyP%a#UJs&Lk|J2!udle`u*1qa|0JU_?(t*bK>V4kd+n+^O#>#Cle$F@w2X%h zS)hTaXlXL;#%jHdd0b9gogViea|{VhE@1S%w;%f<$(%Tdgo#FP5__3F+IV*t=AH`I?GcYk{%d?9Q(5xCO^`T{uchj+~0P+3pKOThW9o< zzr5wtV9DE?dY(z)H!N1;3Lohde%ac%Z3piY6LmY*=1)BW@+y-z240)z$bRxd2ZRW| z70VdUlvaA4RGqN9Pri3%Wl+k=!M8j8X=yAQ8^sLlL=HASER(gCysiBi84HnWe#{#K zU-K@oriG4OtFN9mU$6alORDG+yD;Q48{{4i4bJeb9e_T_edX6>ss7CE=!a^HKN5o* zfq-!2dh+?f`!k19hxT$z07JL>pZ4-Vii~63!}qy?vu>tNo5!y(L(evw-Jt>J_=I_V z_Kt)$iyVB)2%ooE`=fV9rC-CJ`TTXSC?X;@7iMNQj;5|Y^Y?N7B4^dN6`pvL&e4(a z`D;@nME+k1meV?!@#0;eA*HRW>ayN_;PmjNcPadSEw?4Q_c3;Z=X`Dbcc}vvf;h zFY=kwq6AW)%vFR7cKV!(a?xY6$JaYopjfN)>5=N@*Y4ftXYrnTDhGsIpIY0MBvwO9 zWiTn2A4!IeI|gPS2iCgPF{!WGHPxdv{~;4fg!}ZC_(NAU|Na_S?8m;~H^a@_ZC>s< zaa-n1W{Ak$_ZPX*uP;WiJ*%I-EoTf>vs$IxlgYuvAl>={pb+xBYRH5A&tjq`0YB{yxgFTZk8A(fxz_i5eP zP`;ayy~y~6?$szF_5qZyZK5oWqki0yHTLXSZ;Fsh7L?_{B-KAw+e(m;5P4a`~gNH)&f| zHU|}!aICVOXk3N;%|Gvt?evOP-0~=ndR=YF`H}v+`9ap9UpkhT&Ihx$WL>6HQwP_w zzts^mA2ZaJtZv+K{(ZO=8;Ml2qroQ83+0>wJg7{I;%#ZukPO^V9A>+prSC)em(>a^ z`9OPF0NW%q?nQ@mUnosaDo z>j)ZN(O(7VGCgV;Np4+;31qK?O!rc9{&IuG{VdGWzbk>DtLXKxErD(;NBKVqjWeG% z&ta>!`%Kh0>-Zthlm~pF6Yy?`t$c!}XJ}Q!d$A#9^yu3Z{q8$-{jUSrK=5ya;Lh&9 zw&F&M1s~N)O`? z7B{5V9+Q}yeCy`&UGEqO*y3~8(3^4IufzCm-9AeCFllw6Uc$vG5S*m%`C}58hTR8+ zj@odcSM#7BcR!n7E9U1j_?HHLfe{}VW|8EK)e@5BGh)YL?-3XEABX}ZjultYrZT@ek(O>7Jb#QOUyexH2`h6gJ=I{7_j6f`!Q^vbqF;Zsb))2GN z$k#dzJjUF2^nF<(Y?unGbJy)v9@fghp#Vf7Btzp?_`pdt6UvEXFmT>L)^%k)S;=f+Kg>KGo zX-76Vw3Z1@M>gOpLvQ^r*$G7XSrh9j_Bou(DLBfOAuLm$_}x=UI6doJh^pZio*g1v zeX>4dr=-`PD1Q~xb87c-=fbXco8GUl&4esqpnryh$5MIQggSN8Pomt1sel2>S zrI>;$)pnXdZKl2|JZ$At$MmsF=~l?{@kOW5pC{7~G13Vp)2EKcuHW%{>A!lBH~vk|Dpf_CLfJ0qSfx?Z7GVPxrB03zY`+*pgIlS+{YDD zU;L|UOc-fbFJCqr;o4MGq9^-!7$vC;_Ss-b{=4LJudmL%jp0ufH}MvVJ(-h) zNJaM=wDlHu-9f!Bkti59fA*hI)ghycs9y|Is{v0Oz^t zx{>s^2h`7aZ1q#I3u=?!G&=UmO2zbRa$7EM-KEULV%Nh$_N~5pmv?LBi}*3=8iPiv zCQXsAO4RJgCWk!COcdEWcaD0k)+}5*vtRsmBKqZe!|zby?bbR^_ZgJgTwGPikuR)y{Q@7A|};duaN{l97T|F8{+ zaxA~NFHYvhVMc<;BweOIH#I8}Sl-%VvMyK^3}w$za6TP+su(+<(jlx_+E{qJviZ8S znu_PQq+=?qn)Q+Qd*k;U$zYFiMXS9G4%&TNa`(6<}Ej z8Ae{{?3J4*zwQ&;IGAUpf8LRQ=XZvo_w4e^d#IX&(%0+BK{K;K{CcjwXf&`|yh5Mf zo~5dVvhA4%@l^AZ)5aHx=f-JuFZ?##y!l#MYrN{osfK6EviDnkV@}RDL5DMsO7Fa# zU0SEr&f7ESnR@b_ARF56lbd{pd5XiM*_ra~HqVaR^PUG%E9=>UCv~Jbht7w}?@+j2 zc+|iwwjf%0Rq@3Voz+5^usbO%y`$QW+^@E+ROKyLb@a~uzn*J;UpWypVA{x-)k|{2 zV^bK`++l0(ze>$ySv|a6+r7>4$l>8ip`l$W^K0Y$b=#A_-XGCjVopH_TCaRnVUKtY zSGRY9$GB)+{N~O*^1uV_09@-j%C=dl`|2EJ4Vq48TiT%lo21jq^zA;P>5sO%N7BS9 zhtLnfcifz-_F3k=SuGPW@n)}T{>SqAbYubfk-!03-C_3on)wBH;AgXtTm8T9D@6Y3 zI&NMUoe&KyMREQzXD>OYH~ssPx`6nSG_RT>{H^wo_tYrrGJkFMkFN07AKyw9>{2~0 z>n=8%zneXTMXHMfSjXeI>nh!Wn4lR~6HeuEd68mY3#D6Yc3FnjHmpA;6@yyE9p2TP zUb`?s-@j<~tXTP?Jeq!CVNX9Vqt?UG_5+uGU2TrqN@Q0oDI;`_=ic@m>$CJTAe(eu zmA(!A`d6vw2^?$E+vHxU?@p_x_N&gkRn=X;5j8dG=Wn1%>U?~ZYhaIx$JFu8n-8(q zHt!>^ILP`&^{vd9%dx2KpU+^M7G#`RIl@d^Mx0GxA}m~QvBGoV2;VXM%Xwi=KnUm` zc)@=fcR)7ataL?Ff?tBO`o-Y~B*3Ucg?Q@_bLYuBV)=Z-mCvT%5xZwU0Vi0h!>y9a zfT@qiN-qwXjPW1u-f55oIOXW13g*3PyMC1=z_e7Nr+s6Qt-b&9RP3$qV+N1=(=@syHvMR){ia(v*u50$Wlb9LyPNJk^GD{RURr4wN zS@FtLiCD=`bvt`5Q#|(%ii?#@9Teji9i(O{)vsf`p-u%ezR4~c6q7}bxf^3ucdGK* zxuyJE`XAO|M7OzfuFD6Z59@yU`K|8u11o|Tjj>QffwFWyFHJA6`{kAnOqOpHI9zyl zN6mtR3>*jM1mBID=(2UG$&8Ku$D0#@yJj`EpcJ9F{Lw1DM}`q`ws}Xs^LeL*^gigj zO=ne52sd+J9((bT)uf$s%MSK2-**ZDmPa`j1_QLTj#s2x@U82%3z^#|Aom{-nUU|z zbn9pf-V2?VS<5Ql+hJ`m%>Qdbf%YJzqECqB;-c%vvU@!X^t#|RI5-&e&}C-j6wl*O zpQsNXPL%HZVjka46U~!ZF(hfE(Yw1-K{2W`LV1ui9MmEVI7(gOd8KP8&1#xpV3f2k zS;EowsYdq&|7XknaJN?IEhJO;wcXasZ+}YhX7lJYAnN|sRN1JwSM-T9h+ta54J|$Y;_6b z6gs>*<5Re;Vl+iz{6I{zHkhknp&uKRJ7B?cF0aT$hit7{oaz zeLc0wpP2CU`+jG~iPxX+==azK`iG;#_6)B!eLkY)byw!ym(ff+o)i5xckjFJx^&6q zQ2PB#rsi0V-({g`%Fp(wZBRQkTHj{bud+l8EqP%+f8Im%NBnWa`6QvPoOypV;<4i8 z4G8{yqy;pmzq~N$WpKgjYd?3Aeu}&K`W79g0?3l*kWab3?trnDO}kg;<+no5q)~AZ}O?RzOUbjbZv0m`k z*MKz0>DRpWtVw_6HN_$K&w7E}5$=|@R-O))o)g{!o@F-4td^Do5ta@SmiKJaZR6Rz zuBY27XeZ}RYvTf2BR;d$zPl<{(J!~GbG5AVm*FN&zSLb&vD^A|NZ*Iii2?FO%B|A3 zS9R`6joV~MEpR-@guMo6HXfipo7tDGj~|ngtYdjj@)bYmEONs-;g&ilEzHi((-jGb&4~TD)%g0(;z#4DyIyh83i(_F z{*420vHI{}V{u=j|Iy2{;yoKu^_t`n2?!GkDxGqPLRM$Ed7W7x8%YMm6S^T2cn4RWaI(8+0JlOY_*hSRk zh4ZE*)};kgEGpq4;5)@eL@kr?MSI}oKrly`WT0`R;3{pBA`9SthcDP$!VsNMHxL5c ze3AHC?;J7aq(ULP&&hKg=e?uXWclox{_J8|aYt6#WR2coH`!YNn;#ToN*`lF}yGn84bT0P-D*R8MrO*e++lBNDRgLSUGO>F*Z5;AKCKbO6LjP{hp2QV2O z&ru3ClD;9X&x22haNlUoKZpzFW{cdm{^S_O%WCj__vrV_J{==cauT*on^?9qw!B{l zcBR_A>`WROgsObGq>Bm@b)I#H@#{LPE?<*+ddz3_b4-G?>e%jlzwuocxh-CLThAEu z=L_~O6E>7}!Q2E3`0VOeehR;lxw!D)TeMwRt$vgM$Az~Ey9Zs;+{a@)PQX*Jlx;Wv z&HWU_CPHv_{^wXkn$0DSpA-Nfp!>~M2Rs<0-nUZ?;C{cUg1)9AgX6!+Je*LS8=VyQAm(m0ta^s`{|La&5^@X^k6SkKM838XSxo=Do$~ zgzEXmWNQrg?I^nW^14~;^I~ku9)rYbx5EPau&HKSlxC$A8iywRo5Kt{F0R=CX;siV zxM6Pqff#MUO9iflN7UMn8nxUn)Y(+8-H7gOrfv1D^|=`_Ovsl#KPoc(xbgom_a5+3 zRBapgP~3DFiV7&Wh=dvlAs`@N0tvlD0!ZJq4GE+y*#rVo0!k57LK8*B2nd3OSV2Sy zSP&GAT|qIZfQTg`HbnTYYv!Ka+0Aaq^S;mbe&76Z<(~PUe&)=Xy5~&%Vyf>t?e6D% z%qr>*CE>s>;>HyhuPgIf%@)nC4EywAy;j3^*3FtWdHLd=6I*4y@pQ-E+J`><>Y=ax zu$G>E&{Do`L00Y$N0LWpe60@u=Kdoq)h}MaJIr}2uI@kn$$zd}FnV$6u(L}R-Tc*| z<3}H8KXt=|RS%_Pk4SjpE9Z6UoCi~S-0b@^glo-8mKI>I?GW`$e>TCDiVe%oXwcf71!&naf zc5vBsqd1%wBtLwK`-MUrzNT*Y9(1_f8tFs_8 zKRG4KZcWe4!x$JCssRqS71*8m_*J{+U@y$K=kPb~`o}#jnHl5QHSY60j$K8u8W|Q_ zL(>9Bh0le__*%k@1D);Zr@!aM9eea9>z<3-rueUuXjh%|_%GK9zg6SH_Q2IMQ-;`_ zj`3e6eSPrhb-t4EY&3F5 z#H&B9d;9aLQ^vja$L zspIf@JLZH;8uMGxvkyLd%R|w>?C&{0ZO_@Oo;qN^+^X>DPiL%{JGW_a<%8GVbyNRY zEk_-yc-kGGJI_YlaYwW6Uax(=`I`3Kk8ImKAaczI_wHKx-oWe=Po%7$w(8oLna@_7 zc(`X-mrF|)?>}4-bMmbXZGRa6&29Vc<}dS_*Bu#m|K7v%&o|E9*ZNRdN!t7!FKtfqb`PyIrQ3Pq##PfN ze*bIj4R1WP-%p+T`YhPh?_H@ZrnJmuT-)fA+zUSzX0*uo`}hmDbbIZcx)=aUz<3!2|??9>A{_9|}w;^DYQl)HAFeE#^{ zcWYq;c~>2Jl*OoPqhJ1PfAo&<{^?8FH;HUr@WE$GOCJrmef`n9f1m$$+2xGKPj%e> zUe@*P9;mZ*e`3gOBbv1TytHon@rOTrw14ZOKYG9aU2Kn~0gayB-YWCkzAd|bn11Z} zydGIGAz{Vsp6)n*()sAXR?j^#@2z__4*T}nVJ&k0{kdV;ym33m{+U;nmwVG&yEl$F z^3+Y;hHiZD@a8{0n%TJa5s$o-|MS2H*X$jdeSGic$G5F{)b~E{-8cUyW%NkXv-}r_ zcAd8-w(gNTera>vAE7_B_%Q6TVS&%TlJ@KJq-FO`d-mJ7_gY`>aeu!N3obRD+3B6Z zf303#b}*^k3!fC#$v^XZ`S8|ThtCZg+9LMtcf+oq_NuMffMdfv((@{#k#DOU z2iyO-{n%qaZ{OQDJ-GOhJMYcQx#f>mpM+c6S{n^&enU>;ta%fH3NChxy#41t3L<0Y zTt59z(U|?=Urx$8Gh}GoZ;>y4VP1dbv$^}$-E~d7Nq?SrZ~D7mHo1IHz)LGWeCFkM z=HLEK$DxBdUtG9r=gY_2ocQ+DRtI{;CBC}hy{MGY^Z)Ah`q4N3UH{jBW{s1ZA388A zzEQ+a_l=&^eDuN2bu-s{*%`_l2A zHBTS*p+)q|GM+tvma;Qddu!j+qyOS{p{?c=}qgEF220| z{OaEdw$EEq?}br;cdmWp-@W}ldb;V7n2hDQCvJ_6UN`!M4exgO^2oCIo(prQyztb@ zXMf$=|JC^${z?3N_o%z~zH#5leW%XVy7`0P!1*toUfQC)`uKwf)t&c-_58-tpz*)u zW8#0j{_Q7Y*4(sUR+}jS{V)I2V8)^!wjV5ne&fgeaCvo+}Gyl}u`PM(f`_3C&T&w=V=)fn{ ztdT+Q%&#cSc(+mR<*v8?anq*jej1g!r`Mb|gZl1EpKU-WbfD6xOTdqbcf7vntv>f$9ojoDF!;Tzc9tA?ZPR@t zpKG(U(JK2ddsh8jfBEAJha~j+_-x%L4t{mxdu_uFyQ1fdqpzuqo7;KUyb}Rmez>*M zvU-pAJ)82$+!uP*UU%%!+FrYs+E2Q0} zAIGJgc=)Q3f3IrSw%&jNEoZG-*r4B{It}SX^YQ<*ZvEuV-@Zs#aNEYGx4rtrb)SbH+d6Pn{dBxZgPhNiGa?|V9PP2{vynILJ*kyt5wtn)e%#@ETw>{Q)=Z6IoKI)#o zV9mgZb8a|%%d&GXZ3=w%(tx#rwTK~@L@;Sz!~#~KcqbLRz|;Pjy%@>)aIg7Z5Lkd z9I@!F#cg*ajUCr(&~Js2o4c$?y5;U~qGrTD)oR$AYv1|m-ada{qdpNGd-#V3Qujvu zGl6S;(`X(ZtHOF;LE4?KQ(;T#kGh36Te>u_MQ4bOv0`ydrp4U zHt5yVqHF$aweXqmUj4k&7ikk(Ms<34*t9i^e|psM;uqKKf8mytpU;;E-FNwx8w$TE z|M=d74>Imp^YT2~-0XybG1I1Gtmt-Q(B7B-x^dp|9+StWM*Ud!!@lkB7vA{qxu8Fl zn;yTTS&8!I#AP=uZ1CKd#|ICw4Vp6X@X*hfw@H2GgToy_-a&Cm;Rl#ijQzdU(5%>AS6W^EG^itF8aH_T3fo zex-e1Iro*lf5%;aVOLI*;_ou<`r+G_e};ys!u1J5f9%_RYlkBjTGd@|kNG2B zS$yv3iTDGp6JM~;?0$EXdYf)!m%5@49K+o7u-7 zdA8tQ+yeAjwC6VGq+@-zJh)@lwoljgO8ay3Iomh6mKU$v5q|%L;%-MLCJy~%-S0c= zZ+d(6%~^Lnb>fu~kxh496J6Gz%heA*Q|G-iU#w|)*K5DDoc>w!b4R~kvb9ZQ&ij97 zzp~<~6A!%9Liy|Ys4JBJiu=wumaK9t;WpL$Y=gJ0+H(+XMgLcw`^C0rE^K_{(J9fx zCu|)0zCCE$Z|m>={pu%IuKsH8tFgn^)>{+x#xosnXu7be?ZLVOru96ucICGr`_83@ zoR~2o{_d{B@(=F4x%;N`f6RJ#{HyPMJ3X^yV)^!^bKhz|FsAm`Q72pWtSmtmJkrmr z^Y!$WZ(Y?P@s;yIJwJ(Ul{nn%ix6KwQtB6h??jY-5%|EG|9kL1z7WKJeBY!D)m(>a zuJ{kvp_=PZ%{3tcza&)>B5+yH|J}OdKYksJ|M(p(Dp9GYKCpsg>;$P>Xw@L~MOtf+ z`ZjHOnEC~6MLqQlZDl?60&P-#wb4DWs;b^ZTUuZ3OG4<8swAT9SU$iBv+VDQuQdMnE zTc)ZJw8cScZ`zU|HGx(MQ`2dS8mh}^D}&U>Xd^?_L$u`$)bDAPhH9Oaw83g~S~Xbh zuGxm_NLp*Knn@cOtgfSt30C*hCIqTyX_Ergy2Y@?4b|qfk%4MgS~W}^OdAuZrqh;( zsB<-r{iyMJ>TX(VJ@q5nqA=`nAS`Rb>r% zu-bvPI9MG^TN11;pe+qn@6)y|>JHk-hU#wGvS9TcT5F*CEp2(QdVw}URqL&VO;Xji zv=~7zj@BBgrqY&K)FRr7VD(gT8FCcqb*X^h}v)+Y`H~kPg`kG zV`(cIsN-nW5Oo@@HAKCGHZnwAN}Cj-K17>PU)@SuSzp~v8xx|wt?>}`6Iw?D^(3vL zs=sTzo_f{&*tV)_C)!9=9Y7nSs*`Ee25P?M-auVMTNJ3?uWdI}pQ2R))IAz+pdO@E z1Jo}xcZ|hL8yTRUr%h<6)>;qi2vJ+o#ssJXXcGd|X|&cbbq#G&fV!F15um<8TNI#{ z(-sG)CuvIp)N|T)1NEv0uw5FUHla;wsCJ+&4pE2FmSId|T1P{5Ep17Nx|_B5Ul3R175tq4;)&^qd?eQAs9tD|X4>Z=*Fm8v?QR%xK#LmSgTEul?l zpuS97uBzqQcBooGn-r@4L|YuDUZO2&poTpJTiQTvM(YSwBed->wKr`^m^z#`sew9y zRu;TMQFE~UFzjsDV%VjyX|NB$J`Vd7>}uFOuqCh`!9EK63v2;wy@#8q_rbP9rz^eOU9k8Fm=D?nY#rQd@@<tVxT zm&100O@|!}i&ui`1lSDN4A?oa1+e+Bcf&pgyAF0S?31u}!S02{LwNO5*t=nWfL#k) zdt(#z9@uMOm%+AzeGv9$*iEoQV7I|eft?FG4R#*vJXm}xq^^Qp3cC$Div@u;pYr z^XK47%r+H!AUQofGlzvR@ywi=w(Q(A8^$~KbjU8q%0~hyx3-r&9UZyY-%cC+c=0@a z_i455kC zU?wwf8#o{;8->ZqpPHL(&%?fCE}39{rX!1OO!pzpObdwSIMdrfOUtGW!D~y)bf#kP zWc)r}Yu_Fb=>FKWUHQ^-An|7qC-0r*_QpKgG1F{I)+nC(!mW^wdJ9^pLASKHAqKxvT5hAltP{E`q!wR z`j^86Qx4?#Y)rlnS5%;Wwy6GS_44L*u)18clc(F=-J{l!Bzms{(iK9hJooYF${Sg9FsUj4;(deOoHB{;S^%t^z7i=Zn+MgTE!>35dDy-icnWk z**?6o4n1+2eQKWF?#Xb9aGlMnxJ>uwhDks2lXG&jGn2Dy7_1+I{Cngp9~UD&9ra59 zDHJwrDYNx***G>m`wG1=(J4JIH`|t$oS*ED+l77S+U)Ez>+Z(q%B~A}Ril}ks*!lA zJ;$Dx%sB}>V$lZL2jSJ2e(K_7l>uaT(ow?emtEqHtQ%fg3Qh@XUzr#ef-|F13eruUXKF`@_-6_9arCtd0N*DYUK+?D;4TXGj)}W6<%xMEVH}hW zde_2p&uUv*gK{4S2_pxO80~qiBAW)qwT-c5!>Qc8k&+{)XqR(pwziYBkm&mLV@Kag zOEE>`=UnWH$G5wyZRj!j^<>He{S0yB`kf(e`4kh=Z}I4) zXa_#;^-}ZmvfNu~nN#tZ9Pbo;v8Zm{y7ctrz}eR%#zNfRp>8m*3OgF)+MIy4VRPo^ zxm>+G^Z0VPO;1brjtp_4r*`?!dM-22a*kP3GI5TwBXw79c)Mh^=jGu9k&>KdrN89- z0^Dh&V67nAnp==>%}uxFCFe{9D@aerfbRLZxmIU(a#og-nw*n^4-2JRFm)TA;k2s( zYg(?|X{C2(fy0rTmv7~6QvA3vBN(rqPa5FQVLC%v(~~o^m_z+uK{9W?^Ri|-t#j;o zxoFx}?G$ZAFJn!aZRL5}6cTn_b1E6@uC$zPWXfg^CMD8Z5W3d_hgF+<$f>X)CtLaBetlX44QTfm+`VW#`hk&| zkIT-?Ioh_nP);l2f)57OszZxZ$#w8rjXT_Qm>{SlnYYf?oPw+@cN~gQ>rzAJW*VjM zN8?D*8Wx%!=ex7#XQsMpLmYSn%PCwZ<|A3V)A9;|1B^LDM)eDQbPs8{IC=`QQ_vFR zno;|V7{@9Kpg+uGD!GzdXBNVzqd-bQPMVz$n$nDL=!)D-Z;Ayu({plXAvI%yEdyxf zgm>N9@GKn+qSTxEth`+8a=oW9?Q9+EfjnmLKx5PA@A%5}{L^?2YPQ9g|FAqeP)%?I zs-;vu=0cnus3y$`^qdo9y3CvBo`I0pzgD?)_DDP{GX;rzAU>1wX1G?;^Z0fe=6A9O zsy(1|XcklqZGaX)JE6NEBj4WhCmM4fI&7Hd2`a|>J^HN>o0KeJQ*>J*)`;(lHWhV( zJQhuL=fOLSM`;~WS3I-xb`Q1EwqO6a_yHci5Ctz3ylOuU7ZQFjPh38H&&*5rqSJ95 zM4tnVJ2Y!s_qm{5FEcOD&M5jdr>9HC?3BFBG_csj5nb4+^|H2hD#6;|eAfP)SB)T8 z8Ney)teihi-`1wMGi@j2X3f^`f_rgp$80-d>}9oDm44d)k(}PHmsRO6#~)S`(JS^+ zkXY-;s6rT}7j`PY<>Yq|kxOw*Kt)g~*OvvVkr5%PwNr>Te`zGFH8MmkhRUEyD4`49 zuR#@2A*vD`q9#G+c4EC5tT+7Q{iPa<@K9-ggc|@2^z>VNH|9u%7(Q}2<|ti(JV3=z zP3JGI9ES8pAdQ3&wR}v7$MLK`BE-(aVwAb4J@O8z9bl1;a?k&5nbmty*AVkmIn=X0 z{ySynrMg~breQ2<>y%j?od3*zYs}4$&$Jac>D_pHlaC`$&#v{-PqvHe_7t@Kt>stC zmVE!=;>pWeH@Q4xaq!r6@7w?jd*$=DC>r0{5E-&$|9^w67w}&1O#d zO6{vG6m9N$v{ftG?SG+tnbYPv+mW%Dz7f(s($P4+SMaPG{S@G<{l%aSmO%fP$6P7e zT)DKn|99G-(=|`BQBQ`wwXXhqPUE*pG1#tvqp@xHzk(efP)d1;*#_P z-X}wq6VPu>geIY0p)x3GGBhPbErLp+N=Ogo{%^IpStQm=Oxtc>o@a%J0;V@2VELHLR*#9_2Ke=+@U^Pr?(IS*_@vRiy+!hnKy&yA7}1 zow@1xwyfObG$m~|uG=$tiH`>fvY{l7v?auj9;6JzZM7{nE>4M3hK-DkQ{smwj2@52 z4R{QKo5f^)Yv7u|-HBO)@z^>yr;pN6d%{Dj-B0&XdN{G)pcT+s=n?2y=rhQuH&bTu z$WOn{2rX^y+SeT8#k?FU3{k(I9isjX4W1LCPJ(iwkD#~Vam!B3XA1FLa|o)y`VSD# z(}$sUrA^e15Z&K_Mq_<4ME7^09aw)}wvS-D*0W92Ac+3ogKoik4CJfb8TA;aSFTmB zcq=QM4?X0**mZ;BE;<6D^|=j3PR z6xglynf4rOX1Wy*Wwl=-Ywu*3dp^x@THB`N=4RQGbJ{6`<4iFm=NQT1A)Ef34?l92 zg1g((?HPDkW#=PID_+vz0S-?0GrKS=KCE@mkwP_Q}cZ*rm^GyR&0d zpKLtp;QO@M?UcB|qikC9bQffnJATG&<$FPE8+t@*ZevZ$#1}FM%o?jUTDJYzv@|Dj zXoSIp3yf@5MrLY;Os;7<)i=QyL$FYIB+M`4g&pD(>6x z-C+3V&*M9j(+Inzq;y-k!F^65dU-!QuUAD+0qO(pp2p zr_z=NhtJZiCHy|x;*ju%X-h)FpP`Km4KJgO2@U^1+YSgnL92#_|4OTbhKIaJ_keIK zts@{jlC~%yyf# z4GjO2)*2Xo)l0BNC?9QQNO%X@ijeSrw2sj51lqFT@MO(~gwLQY4GCXDTNE1p2(2t> ziW2@5w((tI_$#pZjxYRUSbYB%ei|0v4~G8(I~BI!F712B@V2n{PBAycpI2TLO#kGQ*#QEr#6(i|-o4--cZT z`vq)1>?v4$2O9o6EWYOq4}Mwuelz?ASbRqqek-i2ezaF8wgLxVK^Q&0{uV^KE$uT0 zzC;Htbot`dro`>XiqKB#yxO3@YRmt3G4U> z(H%&(`7#E_hvAJ+N1YkQ7T=eqW;)Q3n29`!mx$>nJu?qqbD2O^vgdXV23#<^Yww1% zFWC4Dtcpt&m}kd(cD?A@$x%+U?6$OOF>mMDvoRg7;hnXreM!gnL40&C(db+|%U8jC zwU(NdiO1WvRP8mep0f4|S6_AK9~G9Sz0i_)JyX|qqnyY+E1E9uUC1qV=EfC-wi|7E z_Ngc!Dqo6Mkdu{*FD=th-{!r9ucq?s>9}e@c6r9YHb3Ch0e5qTJqr)qwQY$BC!zGr zseHM_Py+GfumIngY89-#G|b3OPSrP)v-0f8X|s*~*LbRYZb+l;q`!lbJDXiagBqMpq?iys)+9oan{sh(Ox$2b69!#5SKX8 z^~gTWnX4t9o{PuoQfGVtpN*sI6)vPjuD^vbd`ZL9suoG}Jr3T&DBNc0v{mi0B`-G%uQGD9 z`h>F;O&^~gV};&4T+klvd3bnjr>nC7Cvv@Z@dm^6>c}d6izk%s#S`iu$FL5KcL~O2 zllv`XW){EAsCv1Zp3J9tC}kfdcGxgwRAQ`xkENBkLHNEy85KJsPU$~5VNm?2L|o_$ zj87b$sPH;a`)BJvYJ9@zk@`9xJ^P5BHOi~$KwL}Lg{o%2^G%2QVw8;wA&raKkqPl5 z5)+5n^qwS9>70S@bvsW-v66E-qfd&!$HHBsIwLmTa_~kZqKmByFArT8Xi?fKFREO3 z7G3nKrOdQGeC?Klc$7rkoXo;k=f**1TrRgAjnXrDn~{}K{iEAi@m(yxeaXycN7=R= zuEny@@`IJC-dS($hRG2jcV5~)aJA9crm6g7~S#usbKU^MnD>!>*H6QjXYtxc_O zL?BO>{1kruoSmQH%SCTzaN)g2m2i54gRA~*(x)GX@nWm0pS--zI4%(!JEm>xtb%q5 zj}d(hy{0oaM_<I^d2#0*s#8?mwm?lgmX5|1=+Y% z*KaT6y9InSi~bV#q;Cve5auIf{y*k+M*^GwoSu4sMrhoHa4m znSA-+ib#L0k8T(zL*4-8xkDtx4|i|iMUi`>up8!1;F%L4QrRiGqSL>^;12@WXS%Rw zcbtxn)$EpyZ`WCDeaE?7P`FG7-}34&JYBJAzlCsncTeb|vHUT`=D1@|0wJ`Qh@Mk5^4rXMS?F!ySQ~a9n;y_D@W3yN(&` zULSzbu-seyhnqGA4Ug?_avJSkk4+pu!sIkGZh+e@arDSh@up4u1lE-ecRN%1jbOdA z$J8w9k(;NU8<(CsH@Dg1mV*Zm=Y-gn_{(>RY=XXh5+ z&ONsPuMK&|qX*+Vgkp}R041HhHm;a*a&RG|;A-1x&zqUT=N@)EWy0kkzL>!ak}O&0 zBMpTo76eL8O|?7nmD>|z(em>6yC24d`)nnhmvf8^4+n7hkDnf4ol$D*xEf__xd_Yj zJXf`Zfiv(?iew`_J*xmW4SGhia-Aq8bA(fFa=wzDnuFDJZC$=!z!>VW3VKST8%)EB z{`6_zu@Lo!FGJME)o2Xd@}T}-g{a+NIpIp-{wAt*KyB6W9^NOw7JrCmh=_~#WDeLO z_*IYNy(`3LJKdwv1?s(!!f#H{RiTg3ueo|zaaR`67d@dZH$C0j+u9bpy`2-^w&bR_ zHJsYHP9rlNol`P%Z7JQOaSEs=E__O4?cK*uWLF5+w~t4jd?b^}xUt8tP?rBN{rqf) zP4eCKN^y6vA`gCwr=0sXM4kOzh}!Iwf31Z3R_Okdcy0*=W4|W6uJ6}`ul4;}j^Cnk zpK>WdoC%1p5=uCY=bZYDs&RUk{es<${nF)3i27I!v>SeoUcuk5S8%UMI{%5EzmZ-b z>SEFxdR-KwtZd^k-|KZzMhia)Kj1wYR1Rh1H%Q4-?dXR1IVYaQ{uZL%4$X#I_|aSE zLez!g#&yhwKAB)TH_*gArTq7l8GTC@Mt;IhLX}>;593HJeI>?Sz zM)i-PwC%jqC64gVq-8JWk?z(TfL`Q0#qa!u{{RSxg254(3=}Jmg?yPh^t?3_| zh?zL?ubbwS%7-u9j7UwvWiqz3m1MgU$+(JS-i(dMl}!%?hB?t9(VZ2Vo>3lwj7veRfxJz6TC zjM;E0grkGsPW**_FhJ`K-S;)<_*{21e$EHFdqiJ6IOKVa=MKL97#=&$HayOjICw%l z;=HMOs9LwBe-*&}+iLubXc4L|fnJ8%+~AJqcUd22b+hWyF}v+UnADD;>Vi)GRSft2 z)%f`qZt)SJ>QfNoIV^tPlkMu__UD$3c<$Xgy14zh%|?8i zaYM_KrlHzcaWn{3iyDUN=ThGAdM&=fl*4~zBmZGGnbKi&wIrS5#{XFurc+T(m@P<$ zSvJa3SJH{O+J8E}!Z4lc!aVMkP8~_7w3>8$g<(3?g;|dCthqdOP&V!#>oxw%<0}l) zsV>aDe$pwv)_*#_!Z4lc!Yo4p%;mXC%A+*#pN_9EOsBdq+mHy`Koe;THEGwr!Z4lc z+VxgbI!LNU?b=rurc+(Jegf&R-i-3pq+R<8!*r@^*W10)sY$!`6^7|l*REGcdo#*Y zlXmSZ4AZHuUEk*?o$A`CuP{ufx-fT3yEe*GlXmSZ4AZHuT|X)9&5E|b_Fa>9?JEq^ zsjgk`Fr|ZJYSgZMg<(3?wd<#(y;+e4%Ttqf?JEq^sjgi=?UhbV+O@AROsBebeUG#^ zqdYZf*S^9qo$A{4N%PJy;F`3$FpEsbX-(7d73NCmEH>3!P1Ere=1S?TGNr>x znb8>2Dc^`T+Dfk@J{vF=$4xr(6-H@YeVEmfP7ETeX*#~bTq&I*Nylghv(OHdHrW3V z%aMTN*jOTQZO(OHVTy6hU0s+vB^~zH+&?u*$5)surL)Aee`=bJuP|3ir!mqAL^)U? zv{7mU#nBmk2*y3crhf6Dt+@YPEn!#(H4Sr(gt7hyVHTS5#_#oNlDE4|d8=udrKY^q zG|X!V!wRCff1KBMQ5;>+cA`SnNZgZsZaRJvunjMYuP`OJm#QwzK1s)DZ#7BBSC}iM zQzq$Hk<`{SXI!KE0OPos%p6$!(bf{hFzc$4!c_mqxA6~rlVIF9ve)jteP>mh6?cnuJO5%3Dpsc%HxT zIshlIiAdjk4aK+4CFrLsAm(il{(JYwlfjMtm|;U8hAEruKg<-bFsx68DVpLx%p~|R z@`hC<$OvQeALbYAduH4apA{q|<2X#w!&uGr&q%SHGlk(cpVKl-X*FRkA&gN6OpEvM zS~{uz)A`*i4EqR%DXJ#SU*2Jm7Q<9l6XqX3VUq0r^Y%JAZF6~e95S8qYQj_^9hTkb zCu>sIznQ`yXpQRnvXsY2rzUm%hgX=I)b-!qVWbYKtLuw?!ca1 zYb!)sle#`{3WFdus%u5^W`%#IQQ|iD7QnBWgb^VT4d1_ME z9{r^8{t|s<7V>EHN3`rKOVe>ILReMqg1q}m{1(G?Tp4{O!<0|;9|q$@dxT+M$uPwk z{=;C5Y**f}s`Zsxm`wj+zMmDU4lDGpv2fc|je8l~euLW2_Kaf^w$FI6>e4a0eTi`Y zc=eb8H*OAy&1e75;m)Cu}o}wb*}{PF`Vf$*zT| zs3y!!@MGi+t6G{&r(%`=bPRvA#*(xe&y^r!+uODVFw&tN0u`@8IuQNVMPbX=;y!sD zbidBpfSc=JsDvpKcVA)JdW9J#VT#uKPbVCHjJ#o087yInAMhV$tAt^=nwBR;{PLQh zreUgnKa|Cfh2&${%$Xja!P;&3U`_A)nTAn!Sk=;tc@WqBkhaan;k6`Vn_(E13-frT zFq%jC*WGKG=CuUjJj=ul@tU%HBl7d8o~I&nWU?M2=Vl`euk{$FqM9(lUSW7m$uK1) z{?iFG<&8=6o=gk#nEx<2s6!)Pv@DNf6VibgM-l&dEi(|t*e~?N@-R&KX8&Pwy~40O z3{$+tf0%4j-k1gLTOj7`asOeQUg@wMFrApK{=+1|58H{+7o(e1%HZF+O%GFyZSTI# z+(+^oa66i8)po9Z=&cX`=<~B}d{?afK)0QHy6%d~%a?yOk7%T?SD4YczPI9HqfXtc zECGQ*aA4@*kkGJt_0*TT!`rlN*Scri@XsCfd{C+h#%V&(*dBOKDC2$O4t};vhU-*rDWvJy& z+L%zw{j>>zmd&)q!In~5YlvkZtrBK=pSC2}@-3|zX8BFCA(py-W4kig(wH_O)Dljs zgjk|!i$g2}Xp=%MqiHLHER(eD5K9hiWQb)kZE3LOep)ry@+7Sz)Urq80hR-_Wucaj zX(NLzKWW#BVi`u86l_VNtq8W{(JFzK#k8eimi4ri0hUr) zN3i7$+6s&1Q(9}VLWrdoZKcIBm{tw2jH4|J zu}q~c39-zfbyzHS(-sF>Hqj;pSze$m3$h%hEef_A)2zjEmbN6&a*@^%WNCO2wm8Vr zhPEWgax-mdkY$+0Ef%}B9cYAv?ZaI4z#7AmO-@EAWIr;WRN9a+YYtdt!;-|9;Pj^Se~I(LoKh+R)$zU zpjARGKhwqpS%NRYCInfor!5b$bfv8bu?(Uu4Y5qownHsW+Oj~)3fl5O%YzyZv^+&y z8EDx{s{~m-pjCq`XJ|_;7RzPWGK-}#ZF!L8CfcG>_XV(u=l}kgxv!BEbLC$!?4?6zkz)T_5$pa zuwk{Ea?B7*8(2L1vGj(00Cp7Y6R^p!2VkABn_(BjE`nVJyB2l}Y$5DRurI*A3Huc6 zr?8L0{s>zPTc=J_jzMB+0{a|n2iQAd<6$v}m?aT*1*{zwbCX$|uo!#9G9UI?*p;vt zGsLnL7GsE5-iO@{`#tO?*h{c4!d_pusro!@JJ?mQ<6&3B=D|*bT>)DHyAk#=*r#E) z!|sK}TyU0mU@-@s*gs+KfDOK?Dd$?VSYfkZ<6xJ&$>=M}duus75 zfPD=X&&Mnu!|sCp3D#&&c#WTv>G~}x zbjy$SbjEg-$oNYca~Mw#ICGnaoxsq|7!(D`yHh1`XUN#{ba!pxS9sbSTgGEdcRYAP z<@u0GFJWqSR+dLGaMNtVuY|hV%=y+QTElObwD=TW`)PxL@N}&G>TEE79nWdl+$U)M z4waJ>Xao709eCzW)h5Gmd)64nx$ySKaY67Cc{$CSUG?#S5kJ$>9OCrZOA>{2gXlxQnEj=3dOb71PkLP2X)*(# zH_+Qv6^eNu%waLah+czQ7WA1Ds)VE`Z5AyKo9+&cHfyRZlu3YBc!PSRj9>dk+BjT> zQ7j!`3=L0$nL#*kh9~48GG54dPV9v_Fo$PYCl0P;4o754*p`<(%X2`VDvqX6eGE4o zM4TqV6_LK}Re0^kRh}(GL&mYLRlE0wtv`N&uMZ()BnB`3bLn#QkxOG3aCbfp;+0eV z==W;AGJ%j6MHkYg${2U-S1`;=GP-aKmF-SWn?A!;N!;>E7=55Ny`)i8ecPue3`&&B z-+Q`a7tg}offA99)}?4($7)IF+xX=*$H>xp+uZ4z;Zfa9>k+UIGiP$I>S$(^Uy890 zqPUB^yzBjk+d&)EiB+Rj3La)*zOtzpx)HssHX>DCYB&9?k!R}~W$S{!?ph(Vz3=SW zGqRB1$+^!~G6WcyHV6u0#&C5qun*64RVk+?G5QFuBhSVh6h7u8(SN*HH5UDj(>;TN zjD2JtLrDgxz}P-K6&W5l(vtTGOWN>D_-Vgs!Uoe2J_-jZ)5371p(S>okY95VJ_(|8Rn|1P?}qAP8Py<9FK_{R3l8 zV5||O36z!WaIp322f0&mq+o7`C^=@>Em`3KL!;?!KpWyj>dqLM%@`{V37Uo?V`t(% z_{iYm7S8O%QQ@2(Asl(>UfZrQ-24>7nVglcPddcg z1Fi4TYK()-U>09RpJ^qXm*AeAAntmsxH8msA;v*KUY$Ok%jK{PrXOST+H)AjaaiZOuox4I$GY)g zJn0|zdw{D9e{Jh)_rthXSCYLL?%Nf^{Qo(<9ZyDSxz-+Kdkdcp)6Zi%d zs)T^Gh50n%6XY`1Z}80p6a%>+R-|f`0<6!18jE8R{1ri^CjT*TOB44im5+X7A;!mi z#e9qMLB$X@wIv4s8DA+F+u)P#e?Hu}uzfxZS+TCg4}VEeu^<0z zSF<4_{!;iWr{7cV_=^zNmk<}WxjB#(>x|zDf7SWtvGE8LDgI;NKM5-K6F-lejZlpE zFTFzigOHa=ru7%eO9IX^r7l$5+`b0 z&zMew03KgWI55Q}-!7UXloyU3NIwtjvy57Y;&R;>UsGFmPZ!-9W2t9N#n9`R1J8P6 zYv+wt)AdlWXEL~E<#71=QceAFK5cEbFY&6GYW<_K@tnXFHv^3ETDp2I^}QBz=~M7X zOWXFUDDCk~x_KTlys_2hRkQs^`PJglYgn#ujnpxLDDH4s5RSB{j6{ub2uW?&Mg0<- zWxE}1isDjQAMXVqeG7f|;4s&^!Ag8E!_90<;jf}5euwC3B#1TgQikowp zX}Ei)m&{{I89gpc9RT%!Izz3XYoRdc==d=8edrMMI?Bwt9qnl$YfXD5=$_PAL*{9XHNa+~Pg^Wc z9r;|%9mos|@YE9n!Rb#UwLRo93$l2v5+NRN;4x)39wF#KF(hagJSg|ho(r3^=z?0T zt}UEMTu+6hUo@W1V1#*jBAALB>wMRQvfTZKAJ3;gF6?@+Vr>8Mqr>Cx7r>FXF z&ka-C&kIxUg6hmizXElDB>Mk2z9Vw}aNHsNfmkEH|E*P#-xA7{NAEaI{ekOz%Sm~8 zbZge*P#=N&7Y9bzEkv`!loS{zobmlD|W+>0@$VyJNn_NxNrrERb_}=7ZE=o==`Y{i8Q%D@;m@R0gDXb4i8;@u$ zc9WxCPL!ugIr)IIb@u{mL|<#`uGkaUjd)teJy^hLre(@^?jyQz&I}Agtj%T6I;|6? zdrh-iQS$|yABhtj2y|UTXEEi@+J9aE)M^z!_3kH+{Br5bJrB$r9i@72kCLUeEYe1K z!gY4W7Y-Qb647{2d~TuBt;RBb{MOD&do*`S{N`dl5QjEAgPUNs14QQjN>XP0<#ED( zkN00ZOnC{y=VBHp0Ak-51o7J5-x3V>5GWK1gX%%`A%Fh=+uUFJMs4U5(Ra?(CREX@ z1-a7~mYHQ`8M&D2;>jI5c9_)!?q=c6^j5Q2ezRD2W@Q)DQ(G3+Q(HsP&^qV^=pb|g z^3HF{G~Q~kB`L~Z`h!k-7DjJg{pd_UMBh-tD;#|S?Tb_!w~NWgnt1>8PCR6 z3;!C7x*C324;zI407hLSe6#R>z^H45KP9~WHz*Ut_RDx)6y6bxYAXCS;eEiUX2K5& zzYUDK4xIb4T=?x^6rZIr{?CP{gXKWY!PtgQ2%iZyAL8%($WIAh0(Kw7=lbMlh2Iah z5wZ%e6uuQ~C)5($yzB>2A{f}MnJ^5Q>({Q{9US-x$mhI{$12X+nA#*4S0U#P7Y?*tYFwF75)17FwU?+(@%Vy{jfCOi?$26X^4 zFVn#ap^kveXT#U^cou`*3q^o2o@T<=fo+63ftiD(SWv%d7u)$D2@&AbM z(O{FH{=zp2&jFhc#YsHdgs%mo;)RzAe+cXeXn@4?vhdwtuR{aH|7*fO1*?Dt2|p2xzwleZ z`a|j9yha%yd^FfJXsY;65PmnpNp&T>B`USAMKWNXuJY4F5Q4UbXKTYDl2`mDd0mlB* zDZD3GKPV5(ybJ{!3poK<4|BwS3RpVCcX^Cwf$)5=`A~uQUm_fvK9^GukgiStDrlD zzae}h*fY>w!rv8M26hBmEc|2P$G}cPOTgLwzZ4$uBl<&Vsqj<6yMpzBmI<#EJ^?HV zx?A`K;q$@nf|d)f`=;IxZvoo@tpH~`tS9^+SUGeL80+&|;b*~qhwc^LOnB%|xQ2!9 z6W&~S2e7WtN^rJMtMCC}w?oBXEN^S!xnK*RRl++9zaMN1v|4yi;ctR{1g#O?U-)^j ztA5sg&!WXYTzE^cF3>vhf4lHuVATEKY*)#`6TztU!n1@=1*0AiK1+Bm81BSyFOQ38;n#vu&j`O+cq=e!Cpi0=Uc%dfQKiCTg?9$)4?PRc z`Wz%Y35{ST6Lu@NvTDfGvSu5S}D_4cL0Cb@KOwvbjCxD>kHS}hQ3r+pDg1FT>TTh*59;mz4KV7E z@G#-uf>DQsHxXX@9PSsOcZ9bR-V%&@S9mAk-N2|L!g~rI0!FT)r*TATcgx?|j7#Q`j@Fl|k0HZz;zDl_I8=gf$p9+6i zct2Q747R3V#obIwgFV@UvjlY2mjE5B(j_CZX?zrwH!|Mx7C!Eqo{#^@H$2 z;pt%1S>bmIUkXP3DEvO*TfnHFgg+?!O)%WlSwf;hxpkU!I3J(OM zLWJ)XULTAK75=*LYrv>5aMsUZ;T^!Jdcr>x9s@?z7k*Uu7%+-2S{Tna!l!{z4TS$7 zd?pyxQ206F3&E&H!Y>G44@PnPZ^mEyu-aC47$Xm%*r;gf9~QJ{Z+n_;TS# z!OlS8!dDBw0A{&>=l{Yt2yX<|9BM0klkm1+5l}nfJA_ApQSF64Cwu@H)j{|k;gi9r zj=~QJcY;w7!Ve2y4n}nn{-N*^Fsifgqr#sBqauZWBm5v3)kXLZ!cTxvQNqs&zX(Qk z6@Ec@!+&tBK+(c$zoWPRwqR5@;laXtgHhduHxxb!jJjEPGvOIvR1e`d3ZDl?^%UM- z_%bl6m+&azYrv>mz-T{n?748roL%&cz;j@J&f>Hg!+0QHzo&-k4312SU2}Z>WUoCtE7&Son2H_8a zQ3Hi<68g z!NPZdQDcNR6#g<8HCA{t;YYxz+lAjK`~(;^PI!Cae}GZrg+~bwy@YcqG(mVT;qAbv ziNgB{?+r#x5V-iJy5Rj zFNMDab`)|5KPmh?*hOfD@SlYTE6wn&K{GW^_@BZ%g53f+g)2w&_MZS|gYtz33C|~k z3WPTlJ_n4NDf~L&3&8G%W(mJZ_*yWk5WFtxAwu{@Flsh9p9^&n{v_BQXbyO7@b1Eo zf*ptM0LP!wL-;pfr=Ypwzo+mYz4CVUmxT4*UapLb;l-vag|v`l!O@aMp&yTQ%NF0gWFIXLTWuJ}I#My&v6 zy)6*_8`wY4J>bmGox;`H%~a}MaGvk(5q>>bC+I%mYlRO6qgD!kSonA_su-O4*&=)j zm;+iRe4Fs)U=Ks9h3^nv3ib-LM)=dhje1xMZeEVU?@4GKIP1Su{8xfe_k;6(?M2}i z!Kn4Z_X@wdPBWEyK=|vzZvvwp1ZVvm7Ty_*+93Qx;l049hlC#$9uG!6Ec_ec31HMC z!haAx5sca>{G9M~FzQj^7lh9Mqe{S8-rDc!{l-GDyP?Oxx!;3?KMeK+v`KhF;V*!d zL7RnNC;VNo&!H{CZxa3;SS9qh@Ce}-!2;_xQ@0B5F1#_A71}2JR^c7NdO%MIA0#{u zECJds{5Ii}z%rm6!Y2sN2P=Y}6rL*l93&5!7!11TtFMJLd^*kWcT`zn-81;h0 zvqAVGFzQ8cw$I0eF9V}q0_T3;F8m=dYM1cmgqMO*yM@0Zd_NfVvhX*A9|5EGfU_Sv zBK#{b>J{Oi3I7v}+AI8o@H&=eD)p-Hv%>3xQLhRAUHG+N)IQ;tgGT}k*>+Qca z7`0z`BjM3t)B)kmg~x$WuM2M@d;}QvhVU-JQ^2S_8e6jEzVAN^hD}@gLqrMmZpzujx)EVKM zh0g$^eh~h&@Wo)%S>d~cZvdly6uw{hHZbZZ;qM6F3r77c{1f4az^Gq@e=YoDFsf4c z8R4hFs9%NuCj4J8>YVU@g*OUnrc%EN5BNa(F|gLqdEpI&cLAe*7k-`ao583*gtrzx z7>xQ8oadL$!l!^uh5iEPbySpa2N?A?IN$%?EPN3dbwPL^;j6)@f53Tu>@R#f7FsDHtkpWB3g3PxQLK3X`u_*^RB_cX+t5#Ep7F8(dSxW0urUkT$MFT4d&P`07 zD|`bO6(rm#{0T5BSokdAFM?4a!tW6N8W|3aX@Poo{0MjJ=9pPQU{~z++JHDy1f80-+l+v>IER;P;p_IMt0?KM> z8$eJYP0}{dHYG_JDj=YsqN3tf6h#Hx8}|Se2Z{>f09?4Y;-25@ea`zNY2f+%p3m#` zdwu`;@;q1W`&{>Z?z8W8Vk)Gm-={toCv;Q4UwtV~=&t@P^*)@?L;WH3%Wy(Z_3x{{ z04MZPe^mVzoX}hSXX@|834PRmrG7U~=&Sxa^>5;Ye(H~@{{koUSO2T}e{e#&`ajjT zYQjAQ1JwVkzBf+DQ15udtZzr+gn{al)ED7|LFyZ+ufz$N>YJ%wi4z8^Z>9b+oRFoy zo%-!KVTk%p>L0}kL)CXx|1wS(roM;zBRFBW`abG^zzHMNr>nO$rS620>IbQBixWnv zAELfLP8h9zg!(Z!1NCFnPs0mi)lX1=8crCeK3Dx>oG@PfB=u`?!UXkG)n9=VPEuc} z{w|!5t-eJ4E}W2~ezy99I3ZX4JoR7Uggo{0)&GeT^3{9PH*Q8<3lr5>sPBvuCaGVf zeh^NWtUjPV7bg^`52>Gp6Q-zNs=fjzOjUn|`sFxbn)+4h&&LVV)vr~5Jx-XRe!cqp zaYCW`4eIycgd+7D)xU=mW~$$${%4#}to};%$<1l&phW$(>Zxgs|COr0LHz)%;8MR; z{WzR3OZ_(Wv&6w{^|z}J;)FTs?^eG7cP*T({(kj$;U0&%>UXL?fD`7ae@y)+IN=oa zPpLnK6HZmXTfMynZ8)5!evkSdIAOl}m(>r!2@BNkQ$Gc7GXb?W=7{~ISPQJhsj!ihCH&P(MZeYdGOdyz~!?)E~tOE7X^& z{|P6oR6j?3)7JD!VU_w*)OW@SXQ^MHJ{>2lR_|4R5>8lym+Mujz6f_Rti{WGTDAHz zoNzW?=F{rbFU75ZbMUeM*5Wq7x;VcT_Y|zhGqka-)N&5tzJ_!0GM~0eeShH(xhHLP$KM$)vg!>k*)%=gC{{xrUPTqN#_s?$i zskpwdS^Zx1C*h{T_3GbL@4?l8{O+IJhwrIhhr1BAsQ*m;Ww>kMM)lvTzX`VkZc_id z`g?FYVXOLt17>~rBu=;)FZXRD^#^gnEqFN(jnyB;3Af_;zpa`2&v3#v&EG=(cQ|1? zUam`P^^Mxo4#Ez+9B*g!t#HC^>U*j0gcEL8KTv%SoN$MhKSKRLoN%Z53F=4TguB#F zQlEzt?p9x@z7Qweqkgvfxj5lo_4C#HaKe4+E7aHGg!|P8)SrP99#Fqj{W_fRp!!wn zFTn{9sb8=DI-Iam{YLfMaKgjtuT*~@PIyH94eFo336HAZrv3$-@R<6$)$hj%kE`FQ z{ym)Vg!-q{e}NO8RKG|4PdMQz_50NSixZy4OMU*9`s5DuC*c|Oht;>j3A@yPs6G`Z z>{kD&`aU?}S@mD3AB+>8Q~$mCF*xCQ^*^i6#|eAX|DnDRC%mBkU-c*BgcsF2-!z{` z4^DVVeX{y$oba;xrs|jCguUupsb7r~UQyp({RW)ys`^y*m*a$e>btAI0VlkszK{AH zIN^2m1JvJ-6W&liSp5??VZZv}>i6J;1M0`9e;p^hss1GOhj79{_4(>Q!3l4vpQ8Rd zoba~#LiNAngm=`Js&{l`ju75ef3o@}IN^}`)6}=a35V5t)OW)PN7PrUPsa)GsjpT) z3@5y=KB#^gPWV9mQuQ93@S*xM)t``X|*l@67duAJo67 zJ`0x%KjNjmJD|Q4=YwPF5365-TMs{}|5*K1xE=7b`mfbLihCJ;QU80*G*jMpv8ZY~^Nqu{q&_?}r>igh?w(4(D zKO85t!^^nfF7?xKLVNWOsxQL{9q@8okE;*kgpTT;Rlg1=bW*=p{Z%-jv-$(-Z^H@l zTk}%>Vf7E;1o^#r@gJ*y4kyTO&WrzA{Q;birv4}OM{$Du_Ppf(OZ|^Hp*vpAr}HiI z`AX=%YEKfeP^7|3orey&gy&P4Agg1pNTJpK3Yz1^=IHVLtpg+ z)bGOW1^In^W4=QDVchp1zn?FDqQ|_*zzHMNpRN9EoG?=T2K75|!YK8Zs(%$Hj8=cO`eQg@jQTC= z+xO(zg0bqisn5p=>tA9}awK!pd`p4Bjj1x{$zgztgoRF>lCG`otxX&R+ z{p;%c;DlWDZ>yh%6Y|u*uRe?u^3{K;{yLm6QT;dSpT!B2)c>UZC{CEH{!jHOy{Y4& zKz+j7=5sn2CrnYFtbPton5w?H`ZYLVn)-I?@4yMu)pt?I-pmp+x-@^h!`n0~> zJ1|RqnfeM`6t0|2_E%Vs9%p0yy~x3zX>P!)L*CmcAQYI{s#3=;DieGH>rOECseAxMg5mJ!LNS1 z`hRf3LiM++@7SL<85XI(OMN$-P^JD}^?h(cwfYCt55);J>UXLiixUFsA5~v~6Kd5z zq5fo?uvq=m>ML+UQ2lQ8t8hX{{qyRt#tC8dFRH%_C)BCmt9}x4&c7pI6{+hBfL_)Zc@964t73rT!(H zaJKr+>W|>Qf^*dOQvWM1aR7Zm^#j$nzzOTsk5JzemkHoX?ZA{IhVv1?s1&zYHf_sD76E?YPI`BD{>R-Rk$_-iD2MIsZQOM{u9R#p-L+ z|A_ksF2PIvzf^rn27Pn5RQ)RT-Eo6p6F&CeSX?n&7UwH*E8+4ue;MvJxFXI!je8lc z#LND#*X_QE`xvgmOTX)4_21xxt2O_X>i@igk@ z+tg>MpN4?if52=Nk=XYzjN^@}6;l z?oSpj4<1&(Q2nX606d~Tto~fwUh1D6TK-1d7TBf!UiJ5igWc*MQNJJe z2|TO*8TG&78V+GhuKq>!9dP~OdG)WWAA_3)d(^+9{#0B5UQqv``qj8g;YIadsNafv z0A5o6gZk%i2jOM)zpMWY_dD!WZ$D%{r;Ua(cLJ~A<^E4r-x(*oikESHOZ7c*!ajWL zzbu^aTAUw`6JE#5^V?3#nTZqLz)O9bs{S(x{JrMMg5fcgRIpT`MrYB@vI zzll2v2Q~i~^-04xUU*A=uKH0p;cYEvs`?__a(GAc7puPm_a?lney;k4!?_>ekd{-X zzBO(r9M=4P^)qpc;fVUh>Mz0x?`b*9)o;cL@2fvc{oOd>11)F0`U5!OL-iZg|Be$r z!pn8JQhlQl%pJl}Eq}B6?l|FNE$3$SlW+m}1TXi`9qMnyJrAF%e^C85xRxWCGgbej z`cXLHbG+OSd(;=>gfG;;s(ukp_!2Mo$(!oW#chSJwEQFLpT!AZYyMBwzkn0I!OMOA zt@>AR!nf*=so#$~3g4;!P5qy^lu?ZF)c>u%8&3EEANy|rPWUm-kH87X;(QKH_$kg8 zKyoCC&$N!mn|D4Nmwi&R>cXevk7v;U0iL;{5Zteeh?Te;aoc{=&=kN;quR zKi}bggTLeQ+edRg;UCSPqWOE{2Eo7TTdFU>m4I|srTmWSgSfN7uD-kajkp^jL4AMq zci?t{Lw%O|-MBZwseZKjFL1{oQGJg3e{jvl@cn=FQ`C3I2}yW)?uyk9z>R~3c)9=Q zs4v3Jg=F>f)dz4w3SLfKx%wqIp^T8s zw*#8R`Fn7WgYgFvVhVZ@w;x)><$n+NIkb%P$8f(xt2l2P%ejQsalVN-XcOl<<9b5d zIG=$V0qx>^4sHsxkMkwCdC(!wdvO8i80XKxt%FW+{!-jE&^gX;#oYm^aX#i0{#Vh5 zDB~GOqa5jXRq1u#i+c;Ysb8x8Bb?A({TlVQaXdrNL;Z#7yWoVL>aSAY7dIGs;bZ@e z#^pfoI6nnf1byQCY}|b48|N!=bc3K7jGGTx>VHyS zgu19c~j0Ro~!_}G6b z6L=Dy4a8)oi&YzAu7skc;D{#ViyxhJrGuOaEb#`boHA zn24AAcAENAag`u{D_6WreF%3Z$lt6Lf13Jpa2J96ZCdda>aWCY0r?xW;%n9Kz}*M( zw`RpJSN|C9S(v7Njrvz`2SNUJtmNOI{(amrn4$hM_4aJ)S}0V%S$z-O2q;p2tNMK0 z$uLv>-RdiFr$e#&ht;2t+YBY@pHY7&ZWolQe@XoT+!x?dzhC{IxaK*`|EoW&zB_IN z%vS%2`U2bnn4|t%^Tke31asBf-ZP)amvA4#JoU-yf5x@XW&U4%OZB~Q zlR^IOu$=!+>Rq^HAb($2d{6b~;I@PO9bxeq>L0}If(7b_tKWw^3~u!k)PI5d1TK$>o58w_%jrz0Ie~kMY0_rbN{}b+Ss8xTN z`Ud&*p(sZ!b%mh%o7MNlWkN{(9qLEoCO{Z3_1**Oi*Z67Uh1En>gV8uC3xv) zKCZqDR}M?H{9Wo7;)1YD{Y&cCJui? z=EIqq|7-O#a3NTs{%7^q;DnWUIo^NN--r`d;iaE!f8TuWw&U)Dv+y#n)lmH&+?%i( zFYQQ6^~Z4bNsM{ar>gIY8whLF_f+|_Wg`aSAz#oY~;s6U|oahz}|UcUPEq55ZV zdtnn^?&qWGkKulW%kc7Cf3E&doN&4N@6~rL;Q4|p@N$3trhXbuxKh2HzpqBJZ6!{) zO3O)6zYQl`t@&H3e+MUAqrQ{+=2NIY;aa@hpFP#5;)Lt8{B-pbaKdISXNdYroN&G7 zAFF;NPPjqy=c#`J_YrJSKV5zDRPJZEQT;6SF5KyGlluAUZ1)b=_aMK)CC{=K{LmDdf!tW~->bABYzYft5zM1PI|WXK%Sk_ta6T*mHTrdk}!yLE}z1&M#-UN2y3E%)HBtip_|7K(*>GIoeXMy~toBV#8{8pR%F55DY z-#u$ZnG0Y($oGRUqWmPnhL8*?&GKgjFDYn_gVQ-XQNIWUf}`Wn~Ul z=3C`&R><$a$#3w<@0V1voC;kb1G>O+d@f-Q^oKO)2PeTq2tgglIBp}Mv_G%2?Kj|U zcm-aCr{NiR4xWXVU_ZPA@4`NK4GzGYa1h>tU9cOThduBDya+GDUN{7Y;Rw73wXhh1 z5P~q&!4g;l@52Z1A$$Z!;bZs&K84TVbNB*!a*m`Qm`KRZ6U@VM-@h|~Sf^5ivT*!lbm^s!`o zV2lOGpA3y41xmpM#ZUq>VHSK1`{4i_gty=wkoRMULEdjkA5HpK9}xc#q%S1>8yPEn z%<`8Ye@~_p$ls4?4TAt}v$M}+v!$}Im9Pt8S4e|yApHaB3-lsQ`i%o%8LZ{_x5FK9 zC)@>h!#!{>+z0o=1Mna`1Uunjcmy7W$KY{z0-l7Y;A-~g8n_m&gUxU~$nP?CV1GJ7 zC+G}Ka802ZG=~<@5?VoPXajAb9khoI&=ER8XSkQ+NG0q7T_Fv+L3ii@J>f#Q2(Dz` z{$iUqv(7Eh3%8nZ4XlN;p*OA%^o4U+egOIr|A+Pd1v$}nNB{>oArTsYjH_h~-JksF zFaR=OAPj;`7z|l31ct&e7!D&~Bs6CmqXgp3VjoV^94-!FaqPuQ|-r7CEg5VoVz>^s8Lo#LK;{Ny9-uS%WvnIR@9nSyZi76?ha2H0XajAb z9khoI&=E3WFl50H7z)E+IE;Xia0hGy`8!hA!DiUOKHLVk!;S3w9QJV?;XKk_AwGuq zSQrQ6VFH{4*^mR(Py+#|g~bqr5QL!)mcUZDn)0rJYvDTB4A;XAumx^}n_w&447b3o zupRD%n_R;SRVH+TzZEb+8_`$T@(U zU@J`Ix=ez}Pykb4DolgvFarvq2xdZe%IE>b#7m$QTrdk}!yGsn=E6KU1x|(2U_MOZ zoKJ=Vm;zH_8cc^7PzW2~CHDPg*bA?~tFRAVgV*5=*bfKbO*jZ|!Q1c-ybFimFdTvP z@E*JmAHaw35gdh&;S=~2K7-HU3-}Vs*_W>fzlLw%TlfyXhaccaI0iq#&+rR83Xj3# z@B};wPr=jh44ezQU^hGq&%yJs2VQ^|;VjP8*>Da#!9F|*Pr=jh4D5p4a6Q}rTi{~2 z1TKY5a2Z?2s{ek;l76-U<1n+z=g1yeOUu*LFTQV zrHtp`dDsIlz>Dw_ybOEc6?hf)!E5k3yaD^6C1rM}oF34Mcu&Fu_&4DoyajK=JMbvjdfm2eeY4cEZ6&>bG5jK|>#NMoDbU_Hp3-g$67 zYyg>qlleB8Ta$S-nKP65v4Op+>L|u&TP|l?QWsrBSw8tq}0n9 zY!hem%$>#&6^~8&-j| zE%J=Xvt>PV($>iHCeNDj>=B+vzRO@TUh2LnFbPJ3)PGVBj)E~T6$(J=#|>~FNZTWA zk+eh7E=fD|0R9`cbt9p)r8j|$HC7SM#otVL3#=w@K3@8PM2#^_d>t)q=QjA3_12Qf zPW}Xt%xhRa9}-z^08Vf~GJH?|?_eWYFCvfhGuIGb4d;Ngk16D91dUm~l;tleb1w1O zPyut`LU6F|$%GfcN;sM2ugN=$cmnYf!fROGL>ZUBSHw$kF0hkcOn4RH!-S83)cxI{ zD_jU^AoX$;oW{D+=3Ykr2SD1|TUb6He<7U9vb4+64nGMu6PLc+Hp0sZ9|UQCr9Iw2 z{)^x|mTzTQ+UBQVJ8@~3uOR*qNPB!I%NLM$Bb?8&wB6EHKMm4;OJ8vrq4WtCKsth#-74@*0{?WXT^`v zWISe#y=2@KJ7$X=r^&cX#$<~rQ`&oJ-*yp~G4pTmCp^pYZjkZxGlc&TN*nk*aT!1V z4u64+o%eu@t)C;5@wK#*FA}C07ka4z*uWcZGf-0glPz?c)cH$QDBtnQh zf5IOy9DgPGH^6ezR^poA?8LJOhd~bKI2W1{m$oKMp5D+4q(3743+b!e2kYPrd{^?x zn70ez#e|nYD)BT(hp{joy1@V#2bYp(6HFkU0gIr5vWf`rC%g|j6PNz$U2r$t1NVaT zYj?nHa68-qjmUdC`?HkznQ#}&c^rrIk)#iI0Hhx$eW_=_>ffD7d_6o1Vb;lo99Rq! zp*v+s-!#5YYV}q7v0gjUw-9z9>2b9{Qv`D9~^@p;aB(#eukgmclZSwQ{HR|p$WwI!BcTt zDYpw@S4e|yu!Hq(gHPGE^nu@i<#_3ju7HumN5NgD1a$26{f)? zI0>>L2XY|~@?j!Ofax#;3ZV#w!!Sr;+a4$bFKh%Kl*2t7M{Dw|hBhE$n6|JU8j!w% zFqd#5M|UlVB>eVtYL~zgH3e3;qNr421qL0tUeV7!E^W2#kab7zXJu7_y)_ErpzSvHIaA%G=XN&6q>^ooTEmB z72tqTFcv1jco+vK!5A0~IgkxcQSMvtE*t^rKfeR-!C|oa+usuZ2BhD86h4EmLHgxi z!ABtd^pD{X9E7*w0K5s`!TTV6^A89=gr`CJ=fA+O@H1Hb_MeD91HZwO@CNLM*I*yK z0zD|JCFi_5;p;5F3VUHU{0laY?{9)X;V<|Ho`7fJId}T+2GwgUsJt2b-Zg z+w1{7VIbVhb-fh-3diDO*~fbSz&H4B;Xz!0@ErJ>JnIObApJ3T9IhZek+2VCG=mn< z6q-XDXa!B6CA5YklyMj~vtBd!fcUNWZE!Peh3#+)d_&rPpmbxM36PEh9V~mctoPj@!$+b;Os##l)*|PZREg zR=5Tr^MK1)zLKfF5PKWDp{VBtmCml-sdG5{cp*QJE;4)YW%b*4pLoEa$1l16L=B#@e<^9OI zKfvkSgA2inUqDy}Zg`orUa%1VH_NxN&MMY_04M*-VHth|;b5pG{yJ$dL4bH2;jOH* z4c>>(;B)u_K7bG5BRC2l!zb`5^kiKx{L1>*Q|=a60aYw-h092L0B#|EKKU<%b6LKL zRA`~&`my)3^BKM{YC&<62i&Xu?(BwYwMavuL=S;m|J z;_IO+el6>FA-tII5=bSU2I(*s#zQywPh-R)($1u;FkucXhKZ01{qWWtp@-%8@y-g; zyW@L6Pmq4i*X*D4UBcY&G7qO86Iq@I&HP3kYH&!jGs`pIgy zd6z;kyiaEb)!`uT6N$5RPQ~`K5YXpe9JkIdT=91{VDaE)LZf|g=LvD zwB`*O;~s`bK zDqPL-HE=Cl2b%kHO>c zB-{h{!hP@%?1YEm33v)*zGpGz9;N*I+0Pcl{{`tlKZd)C=q==P;7%qUA{?ft%9}0vtSrp4HYm4!mQI9dcmXcFzkd!;3vx14d20iunsO@oij*VBxMlZ5BEW5 zmhU9I3+{${;9l4cJK#3B9qxduU?pWOB|H=EV%`5{KImN5c^0~}P7gSX<5~l&<@n$n zSP$!<9qC)h+kvnnbb`*%9x~b9*-%IP9P*q6cd$GXRzjF%4{5IwmQz**RDw14b24eq zk@h8ANB+MF2jO0WbSQ!SZ~!vk2N($Z;28V}1E3gwh2P+3_z8Z8U*K%EmrA&m^1Bdr zg*4~}*1XR>Z1*m>8}5Zq;T?DbmXq&M!e)dcVHAvpF)#$i!B`j%LtzBWgvn3M2E$2^4LOhtd5{kiVFFBt8BhpCkOjkG81w-b^o3IB4^1J3{q#T?cwr;>pd9Yu z_|GEGDrgO>VJ)nIHgGnqgL9xQtcM1yw}LR2a3bVG9&Er}02e}Imi@30Dq$wu+0L_+ zM0^I!g(*-3g-`;;Fc}J9Cd`48VKz($7tDfEm5{!Y-kOSEe{|@UF_RU6_PZ7KY@4^xI9^QfX;4pj+U%1+(VK@SZ;0-tmZ^JwAE}UqN>t?Q_%xTH{*;lyMU$gAvT(6gqbuJ>_8~+dSK7@T? z7VdkN6X0u>pCEh;9)~MPD}f{U!?2n72ZXm${x-N7V&|>)lJ*Vkhl8yD7W9Kf@DS?` zfmNja27kcs@Hw1|Uk~fxe7GIXgLB#M^B|Y)d`Lc-!@7p$#l$zkWR|DF6c`PKFbQVB z7?=tLumPsS4%U^qudi4)cFyYymX|;+d5#f&2Cu<<_WMD?o$wI64==zY@HjjSd*BIZ zNV&IVEgS%-Yjz%JMg&%$%?JnVrN z;6-=|UWUE!|My&!UCuGAVP|XDr}GIDS#AJMaDbovT@4}97PAiyXaFl=1)K@1U^T3P zvmg=dkN{4Y54BJQOCbPZSORrW4QIeISPrK{2!c=pi=YB3VIlaz18!IVW#EHy@Iq%e z2}VO(Xa-|oEVP66&>XTM6!@vboU@G*6KF}AY!E~4b{h&XjLm`ZSrZ5;% zAPJJ8Aq;>FXaudHF*JdZFbY~h8z_b>I1NsQxo`^1gHvHB_rvqt58s2#IjtqU4DZ6* zxsNVlxtREO#D66I1DsBLAzVs)0bv=q;boS4!8zn#2!G*jqpYPknP)l|&V%z|16%+n z`kvAQxExg z|9Z;Y0{QHNYeruFL|a{r*H`YZ@p)~*klP#b+louF)AHP5cUpD=E=RN_4nfPM6c+ayD=|lU&Y*E@z6% z*~rx}vT~A^mSnAxWR;fWu#&7|lXMsCNewi~%Hpu6H+3X5kdI{fNRp2h=?&~o`|7bt zkv()Ih;Jz$&CC)UM$U#>T(T8fJCkhfOtQ75WNT-Vt({4>b|%?6mgGoz$qUv^wy*mw zM+3Wt#%^@fjoA}rf11cgV^xWbtVm=_p}(dBIHavJx{FDsIAQe@91BFFOTNT)-xrJ8YjdQV4!d^oII#t}JF z%^eM0slC{AVq%i{>CnKgVS!(BuNQsn?+*)@dxs4TRYwcNb+sOUc&T@&?mX)bX)}j?!*Cx3?`@sKS9cg@6+llO}xrg@T=8=e2 zIVdYra`VUzH@8lDa&xPw9~FXf8D{1ATI(Mxz=`HUoJy zS!!ekjm^NOPo7PmJe$^vHfv*AuuV(0Y0)+<+opxvv~-&mZ?np8qT6YzVKWVzo1tB| zYuD}Cb-OfX#@^a>yLR2KUAJr3?Iu{YxaN0ge%fPWeTVLsQ;*ZB+oL@((w(|Jr>^hR z^_{xDQ@7{T?K!RT^f;Y*oK8JXryi$Mk26uXo2c7Ov|GYD@G3A%@me=ck{+*h+a&36CF%7` zlFku#RZ>e0TWKh5sCa2XC2Xf*doygP`yc?)k4)=&WLnoF)4Cp+*7eA=ZpTdPe$2FP$V|JQu}pg- z>9Pp)Q`6JsMDu?^_DS}`*at#MlJjreq)z*W(QD>JdPp6tn6rt?p2+`4XzgX~rnNmb zXPoI2ddQPqsXbk(BV4IQ^Er++UL9vNK?G9sygJTkI9?s+P-}LiWLat>38gBMQ0gHG zr4o`*>bqCR>7K3`(Zc9T`W#MsBx3X_#Tb1`i5UGPiL{Z9qeR+Tk#<(3y%p(aMfzKj zbSpw{QELBJN1A&-(rEHnawKz-^gLOo%L?sQ#9>98RwTuWI3miCXgOyzeGd# zmlTP~UKrh4XVXZmStQmX5^EWWwTi@AM`CRvv9?ys9ythmLc~S(&mP%7du0FYk^Qqr z_RrohvTkHg?U8d}Zxl&w9EmlF#3Dyzj~tObvd{L&KHH=F+%B?i`$()~B-SYs>l}%t zMq*tev96I=uSm?g)Lwg^i0d1P^^3&%M`FFcBufWGH|sFcqf3beI8!Py{ofnA6HRv~&LKoIg9~&(68CbM6v3 zzexh=Nu1*(@+6Tbi9AW1<0SGWkuQmJoWwa!;v753?;yW}{0{OnS0W#VF+L102@Xnf zI4H`&IMrA-KaC8DMm&*tLt+g%=?%L>4`8*1tkv+YGpOt6r#h?-xV=FI_l^ubTN~W~ zGse(4+2zz`SX*7Y_CnfdU$G4X)Gn+`L)^yddD^Ycyxr=`+pUhgy{Xo?309?^U{&e~ zR;5mFG<~(RBE2GAdbQH7m@NlkM3_wtMjI7lbVVa#46P)zyf!w*h)TRRHa4@daTo(B z@iHorP|k>iatIO{a|DEP0J1E@5D8_VDxnNOB$UyIgfjGyP{th+w&qai;qs9rAD!hR zRX&pCqoI6sk&mwOktQGAR-agpY9-N<{Bir*<_nqeCKl zba-kvCbgtbk!W=jI#`hmZ(h|b`!dq+w5v?v}>ZVUe^X@kYogD=6Y%73TfsFY32%P<_g`+ zGP{{sx|vyenCta0(|VX`J62bZ&>%h}20 z?Cf%;x}05H&aN(Jn#l75j$IEpcNTpMKU9g9k-wLFmmjX zsFTS{Ybq-;&qEhKkZ?f>U#8PAQimHA98RwU7iG_WE` zR-~a7Nwy*>R-};?X>3KBSP^T|hau4F#OCWJPcSMxdm|h5mz@Ebd`cB)Z$wpRW{^71 z-qgs@)X31($k5an71<9iPcX*mP9qj|GF~#BR3377j7>1=4~T9g|eZ3U{0 z=Kw8_fdpCzb(pa%4=7rmXbCix*(6!kPg5pD78B&@B$fYJ5zVQAS!e>2Rz^OiD2O;# z%h>Q7hu8R!z4Qj;qm~1w8)4URyhA%44junHbo}qoo`^%o{|+7hJFN9OnB_P+N@&jF zBsh!#ae^Z;-B*+D3mB*P!qJTr?9u`_?Gm+WWhU?J(OE-#bW+gX*=S#CcowV(Pa5qJ z#%zj+m~9b}L@UW`l`u(`X=p`~tw@R$X=FtjTahMKq^T9L=E#|a9F*>>P4_K!Io&R2 znak;MIlbvU8#*FADXZa1uxgnEtCmTyYMBJ9CQ3-rswC13B^a+|sEHDc*D?}`bl;j; znVV}QvQhKh1(_Yz)*aT?9oE(z*47=?)*aT?9g#-R+PcHqy2IMK!`ix|xph){S&`mW zq>mNpZbf=nk)C>obkeYM|J9xMx$Kp84HGnUXqc#>Q^N)tCJ`D@bJ_e{+d{)-THD*L z3ubT5Z7z?CJ`Qpt>GMMmq9^|+i7u`Y)QeFoTT*gLHvZ9T(P$)HrY}rq%)dmU(PHsD zw$V)W){tqB$U4&PjxNxVjxI#DETz$HL#k1iyq2aGnxJUeSLj6=6;)j(*T z3nFIS!K14=v~oeHk?sa{lvOtpRbiz^s-s9vrIjHkP6h zG&Q%xHa#!PR_)Cq97Z_IR-8N37W6>KonPY#F0T#y12s}ahUT2@4_C5yT%xi1@rgw_ z`Lbq4UVe$Kw#+9PSj?{RA~JGwa&2aYVf8Z%i^(u&SZ1cp>ks-o;XrVCTF4h%;`jJM zX?^DmB&DB?^ij6l88%O#x;juZ!(HvO<+4y$6AmsnmZsUN0v>l2@7ayTl2ThJ><;@1 zgGIr>5`T@yXXrv(AXwq9@t^LNBQ}+*o^w~ZYW!g%g%coW$T+_v%+CxjZ}c@9@>lS> zUtaO6@YO8wRRwD6IWrRnnty^sufM_<3fC*axEL`d46%7Dr}~y>R|I{&YF|y*CTBE1 zH^=7ng))4eGGjS+qPgrT*JaMQquLt+z#L{elkl3O-o?6?SH$HmCgGRo$wcKfTcz22ZN6ym!Zp>VLy z6Rr#TyvCLH1Zu*Z?9%16K3g?8+!ek&<67C|dirZBO8wk`#_i_|igL@kHczFys>)YW z;VW{7LQ4ZdZ@rSOt@)Nww%6y)^##NJa=(YWG&>v)`pfFVzL0H(FC6l?*{&5y%jK4@ ztC4)%vLP0OwF7N6Az3|tSvV$Nw7fJDd^I6?sB1!Ue;G#-DN#(Cp&}<(PZ>8vhIJR^ z=jC&PqY0c~PM@`gb&_QbIj!o47#G>Pw~Q37?qIppgRN_AE}h_NQ~$`V;0?JYQKEUM zK$TZiv@SA?)F@JNhTK@ghg#K+D4sU!?kvignl~}aD8|UFWohw)jgrh$S^o^l$u-YV zO(@45^0|Ul(Gx8qO-xOw*tdjQM=ngg98slFAJ*$9f)@8PB5Mo55P4y0V4T>QrI{Ubey=?+Y5$`H~@NC1zS0iD@yZ zi+syn^2}M;B-s?TLH`n-7lg4~o%FUS+@ zU*a>*h(8pn^9AE_7Z@__xXfklkl&NbgBcFG{Wal`wKLo#eh&|8G{F7Crjh z;%RAWJkc|1Tth!Kf$nBZHDO*~NpshQD+BVSGR{QIiPKfGtvvaC3HznG^mDJp91!O$&(Eoq%8`exC=h#!<^08_ za(awp>Br0{qC*nfTd~olU^{xg!~SrUPZ|kN&~J8ra78CgcfX`N@* zu3r<{iVKSJr{@hG&dK-J`l`JWlfyrOw+boFH4iiBF%MFf&4zoJHr%9hC`LL5C+Tu% zvMdKScUnP??er>tSsHz@T4_I}nXwu*>&dk4UZWwRv5P*GwxX#8b7+n;7S+l%p&pXk z)mA#KByF~@%&MBiNo`?Pt~O7VpQU;ka}AXipE2O|m6&a`EthzjwO};(^aaDzMY6;B z8PWqti!ou^^pdcQJ;6XIP#)&XoL>JDzqig^#Zw-$ zAu}&kXiQ$CLJfMj|BlPcakINIc}s(Jp>WzX?)u2SSBFX_<;G;u>U$D3p*Jm8y6*v7 zbtr!#9sS7eX>&=2iT)}MWqBy69pRFLWC|`;7*-GZH3k7+$l5j9kQz5;Tpu5J$ zIn6Uh3Pw{cmCE3(k#P+>CdVI^@k>kxz^Ha~+#&1o#0|}i&o+bxDz3008QiX=JULZ9 z>AqM46=U;R$7j#_AF@lO_n-IH>?+6Xu~dt3JEMDSW?kf4p5v}C`l=&KDuaPK9wGKs zoHP|i7_5>Yv%y_HJ@sKe%q6E(HGMc}bM#UE5+sd)a zMml{DcDE#p&*|B@gKd@7ZjaS#l81M3IKxvLvT287CQpIUu&3n~m1uHZO@PPOcYGEX zPkq`9Gf__4@S%~mf~d3=CDRM0)9KHqtdc?nr{szYM}Ay zsWzi&xzp1o7D|UD}-tn$0UUP z(FMxQ@KlHD3psg_jY*CGy@`6FI#iLdWJrC-P%Fb|EsWt?#>kQXWAdmGCr&n>f&aL+ zCdaPr31=|T;iKmfEfMGD>dVlqo~*4atMZ2`s@ zbPp%fcdO^QV%*d^?vC9IgAsSF)^x_OEjH0Q-so5(HkDdzmbmqz zJ#6fF%$-D{mRIa6_XUknP;7AsT3@QwqM)z5-p+^2K1gi68oQ#gZEd0@PyKC1dLpHP zMZTJP<;pEf+2&1E5Oa^qagauztlA%z;oNa&Mpv!z1*hql^+Y9;EVB{EB?ah@1-Tye zZ^Xz}&G{0ZduH9LYmZwy<~(pF>mRM`S9A<~!ekGp$hdCDuNjPt!2d%A`uNhBGx~DJ z?UxixXGSudc*osAPbI^a6PF+t*{C{>JJ;SNo=^rKF&nI^$jC3ro4k~n4Wla(y&Ymw zXqxJ;B3YLP-LYqs>|{G$O6m1i&YfOz;`K>5t_Y7eqskk*A*x{GmI~3<^H@iVu9u*# zeB@~8T^noF1_Oce!t%nPzrr7L3&$lFA72gDTb<4)XFs;Wh%2B(rqW{W*0|*CTK0oy zJG%368FGU@qmgA0Hk1+WP{~-k$iK{Lz7`vGlHd5m8`r^YHd>x)TLMz&B|o@zsw(~_A%D?7>!kqwPf^#Y>PcS!3<%fcWZNdXe=3B z@OhGdns0maD>Ou^Pm=7>5 zeQc(IVx}I#bnCR2>aV3`%dhe3AgZ8<|D-RCWouMrq?gv!)X?ggiMn7UNPkzg5tY`} zW*tBGgU4OOiJ~!(N>a`VPHGluR^0xe)GfxTLet)yz%mG@aboVeWO;RUws~_J<&xLM zjTvU-YW5Vw){(PDDm~p4liziYfDU-Mdn6gntIu_dMRcnL5o^s?s1Vj z=&qI?v3V@@t#JoX4E46mlGj!SnN8K4);-PzEcXYi)zSjX(rmXsEY+}Dy2%yHBuuC0 zCo_d?D(I`o4Kr>rqt+p-mDEUUYB}j}aV~UF8!bX=fFkL4nX?b^MUk3qHVcKu+>vq4 ztTLHlmg~qkE4Dm+5~RiFqQvZCMqRjkq+DjJ5ZRdVJn0FfvdLhcis2&V$wEzlR#;y+ zsPb0I4U-{bG;{ta>T3hW38${g;GqoHg{*@SMRFH0h0R+I zqqY+xL-vrH>NHSe_CrL5jOutsK&FdzO?tZiTA976XWd?JWV~b?x~$FZEt45OZ&6{9 zwYrz_ZM>@ry2-(Cv_|{=vNDgq^#ECm<~=S;(o0z6i@A|aSrL0Sn94GGys?e}UT}F4 z2PHL&9uTK=n!jdIG2K}vdFso!ebQT3_DcqFwPClOm_Q8!!5|YT?kcN;&4Vgu*;iPe z;}0?+M!}+LtK6P=S7DrGD~G-XEiBJvczilT&`PtJlC>jg#lDbSZS%6wN*RLh`7?RjDxzFJs?G z5#|KEF&vIK^AMf%%!0zFE`V)!bnp`lOXT6jgC0;X~ya@8HY==B<+t}XRow-bs=+lL1t3T%%-Gk z!$7yz&Hcg~%uu*E5D44M8AKyWg(33^mDTbhJ6dlrYnK^G3Z3Y^dq!GJdSUS-c}H%` zE6lTb8P*qM&&am<-8Js$nzlUa-My{4qB?AwPHKhu#+vR7Q}5Dn(+|s!UC_5VHhpm; zb6Ljt(MJ1fMnW~!wM(*WB{QZM5lm;s)iQF>(?o$jOhU_TQ2vnzJZd*OlNaS^wpQBxQQNp;&@tR%ORWbRMi?U{Ad~D zUo@FRL8e`!DQ0IVretfHHaj=1G}2M32{7u)ULxmIXK`l)VqZoYNp2nl8x_4jgV~_r zS+?vMB?W0r2@&NQFwMj3Jl@Yr?Lb?=bq>*-W`vgpG=XFBdCay{8a`v4!K1RM4Gr1UU^Gmot~|MwkL*(Id$o#>)vFUCqpkJzqgZO(5tih)Xfb z)*8o%^U_(~jL?wC*ORDnJatm}@fg!xu$HLoWhy&3F?VEE7Go246}@IM&nVHl$*j4G zeN}V`yjr|9qn~Sj?};y?Fnsh`m1XQc6vlkZ$viH3cW4ap!pn_Wt}6YKk&E`Pj^>Cy zoQ!y=zqt0^!eZ;&D)N@h7A*I$n^OIj1(xx0htWj2dr3g*XkQ*@X_0Yo`fjzhl3|}w zrg>T`1I&?E8|^_ba{OjD!uT$LbxKOjcd~lAX2}<8IE_}SIW-KN%VMo{XwjaBx1hAxXMWF*Hy~brAaX^GMk2%{qr9NX zYBtjQ2s)CzsePlTqn&%f5%Ah8G?3bkX=!`j%zX@?`PqHG_ExYpf`` zx~?khm$XO%{c2y(m<}=y%eXrk`qy~_HOq~je#jR#`zF4$eCajt_L47oltxEF%sKez z<4OmDuZJ0vqG@JtLOe6t40^0@l%*LRJh{ouwWR-HtZp{-W=V`3WEBsgepf7hwKBHu zmCVwk&YofPs3S|}kT<3>9q1<|VlTn&eVx`wlGdH+6ny$Nb zA~7dsCylK}Gga7>I159{&>#rCQk<|=SZ+nJ`+hDA#ziQkji)8%EHe*h! zs+g0I;|_Z&v%UX^xHo~1vN!|(UtrnIBFBQLh^QM91T~SI5b(+gL_)GA0kIyN6A}r@ zl1(_g8V(T@H7aefUh&4G8jrSA(S}1sLB;zhws_Q9Yg;_p+G^|X`^>!WyYIVM)X)E1 zm^?GjJaf-HGxN+d^Db^~byGU=t}IC#laV5NFpA;qPHPd_owh&1s$U^7JFP_& z>!ArSb~sn3jn9K_SSz@*izdVsnuW6Ztwm(JtyC3)I(HGc6H_E6$`wrdkRznkN$sd? zgdIv@`h|&0&e3U0+#%fwI=daC%u3dYb|htYFbApKovg4igq^S&7mj$4L5Rp%DFrhx z#ClbnhpQ(S7L_`+;LJcwE{Mchi)1%ysELi4O6^VC79yUNCKQsz&C=XVNeDD+TRVbU z9go#ZuvYLU6)I6`mD%V(6tt?TL?S^HSicBWH63OBQp7h1=P3aCPMqG@J-Z<) zVyTY1NFr#eW#Vs85(^7ePu-}syM<6$v{;A=r3B`T#ZE*IYI;)G4kd?YJz&R93?FjlwLG%PCTkwwY?)d>F__BXr|c<7b4L&S6Gd4JyDk}i_Hh( z9aG*LRJ|$~i@G{X30^v6IV2Jo>A(Gn+7^`-6|rJ50KvBQV22!`2W1JPPHOF3(VvSO zm+E{XY-$WPG%D$vi!xm;uF^{jsteLF64*o)^VB1vnHZvg{>gbkD*~=|kxIvW&Om=O z=9<^cjgpvi4ttWuc3Dt3kmYSl5%?(`q~bX<)Ln-92G07B;Z+orgs3J{##B{OZIo8e zO|LeZJ37-lj58`q%d6AT@JZL$3q&C{9StDPl*AvGR&|!4neN;xM2%9XU(mUMWMLhx zT1W z`9T5GKzVTb?sE(?`dqeazUjj~QE@u64TbFjs7nEuVJY^<6)3R*az)K=uXTwthOEGmO!2q`J&s+JrOv`e69 z$I{Rk5t%g743t4_yNE$iq@xZ+T^Z0{7;2Ja=j8|q;GiVAnGE@+TEIa`va(bxfc_+| ze8?@MSd!w3#V)Q`MC=tQ6*Y_?*f}or&I_%YbcFiGGB_Lh{GQ_dlxMq8_# zK17XoTWgBfPY&Sutz2X`L$4&HAhkXs2a5twL*Jg|En9Zc4dzm;|*2LvznK|gl%*@s} zWmEBWWLo)CHWN1`TgTEtb66p;nZDC(95#*1%C#DAMIi_m zg>^LHN=4r`vGPHr`XY*z4-hU2iPS|Q2p5H}%9_ww zx{H5;+fq)+qEI<*r#V*~+GlnthX{*g0b5m4QmlGgw2=u@dYQsVFIO1p-3lY6RTwFy zrm-;6uV!(%KwZ>Qx+`)uU16A-^_2r#oyEFQ%Y53{Kp?hD`igC^PB1}1!99y-X@XiV zJ~uC5Hcy|$u;uWJk034r^Ar$?8g`?IKdGC@i`Q=7lHo=tNck zY^b93&CS*9MPx0)K7EGdgEK(sFP4&~IOz)xr!>5BIu0@A1VL_Ma{l5v+l(+V$il>h z)QcBKXj#s%0CQtx@#DtG0?4||AvfeKySW;2I*HBUl&Bm|iHGCY@G?prHUqodgkILv z+};vtLjzC?9$46#HVP`$G?TS&Wp++xX8N=oeUNKmGSX2A%rs_JR8SH@7K>Wed>kxJGXK}Wb> z{ROq+aEx$TPCVJP90!q=jr1bfhqkdpk(*Jd;x&ob#cT|lNDhM&_}lGXjk>5(8LVP& z6yK6|3h@+n^ofGoo_6r`g7kyN5F;x5Aw)$#gsAw35LIx~zdb#Ze?K5^7IDT8A+9Vf zN)W5=1q`)Bb!L0Us-u6MB_QfwX9#`_MLf(CHft;5f>qp2TPg`p|sYW<3GK&ko~J;Gzzy$uj`L-klCZI zKAv6a48!z;c1IV^H7&=Y6b>pWn73JFdJqCBgPTM!4kAYe6U`xH*$V!hlZY$f?}<~@ z>ko?c;Ca=o*zU%zOqzUJ*Ax=<_8@%GQDm8i)I@BE4nzx#SNLX3Ag8eEx;0WpE`h?8 zVX!Prti|9A6D4DN+_k=GCU^B4(HTHH08wWV0&BDk zQSPF}9BK`?Dp-QmHx{BZ5@}k&dkAQ|nio2>kCFy<#A$Dcd%1N_A3Jj1YVy*I$kLI$ z1-134za&tVSe}`cY01`H^3LX};&L-ul(kV*Lj$70qD0!q?E!W6AG_vkE7n`Np3}(v zOcX?@K`Kj8TM^hw^jtZy6vq**iICd7erdEVLuRbB`6}w`JGl-ghX9QQEnLtP4IFEU zt5s)Wt8b&ez#;vM-5W)F&%DPam&Kh6`FJ00tgGi@OaY>(nz8)uf1=bLI;*lY zeRj!gqeyypy)1adN3Wu17R|Bcx(m668uKY~_|&_6WNnS&hq@qVuD?*jF7PZd($P*s(jLZC+z z;*7&8&HU;ryEMxYBMV-Vv+!aUyjEm|$D=BF#efDuK ze>QTi_;KSOstT19mCh(FDK;Wi_6D?}sR~}uqTaXSK1oCIEVV&j)UY5uTHl1aH}#c> zLgcvLOM_hZ`)J7f_tKF6gVEHtF>A2L|DJ5S$-X1+afAmifSd3;O5rAqFN#!oI)$T_ zkwxgTD0iaaLkG79rL&_8KG6`e>Ei~GMGtfhBa2?}@$uJpgqb7jnZv@-dIo+`H4m*Q zw{?b9RaA}GB}Nu$fM@okNbs5y$4rOMANhDr^lbNLjV|WGS$b$>E zoh@h(=q(gsU?c|%gO@9el@I+kr6m&UpKc}sy7+WOjmHrpE>&j;D^(T3N>T>42>8sT z6Qh;L%amqiX2~++U?p>ixy+;|nH6-rUEA&?Y`R0|zx zj&voglZaH-Wi=F3k!cyCO2N#foykOjC2t7>o7u1fqjn)W)mCNJ+7F5L!>H0r{&YcA z{=Sz;@?jC7@XQ8K^aw1BR4+4CJld)VGa=&mVMGzRSj=u$#8(MgeUe%BAK%1s0!VN2|QFu zwAke!wX8i=mePNuGh~Trg4IP?Q{t+qw7lG?m|0oQjl0q^l&$q8wJMsiTEzHbk#i(* z1ltx^?>Cy-X9p!S50)gidDGO%r)iagBMS>_MKLiNZEA~fZ9ttVIo&b|INfrdXEt`F*|Zw zMC@{4&rLtBO3O0=rL#-4C8!muklnD$Vsk}0ybQ}68{y2KO>Pl))hDy#UfL{I0D@-~ zgo5VPKuvO1bx6}7UU$%#q7YfThS;b(=^C^|ZK=h4~b;V4nv);U!QsN4lE zFReE7t{(L>X=Zba)9QBEgO%15;rUs)xtY_9`8hdx#w=cWHJW5)JbO9YIAhWBbhdCf zN{WhSm57r=u%<>3rc*nVFMHbAHbr_Qx=2%5Xedo25r<7$A~%sHLI{yiyF06W1}*=YOJ!-evY$Hb-Sgg zjTevAN?O>M?JM!SU%bYb!_wu8c~{OFYWA3`YL3j3r9+gtO5p6}1?6W;-65(_c^0S2 zvO-jvdKseaP}^?mWC$xMuzchk+V&C75cA>mIpzb8uzlpD+V&CdV*AK~)b>$Q8I=yp z&R7m`#Bv}@R67T$dEk7Nn>1W1i`k8S$UUcKBs;Hj692>%USw=~*W+WxW!bzOEe-5!` zJ<4+W(xoVBX4f07ZUpxfTcc`&$K|zYNYdmci+&ju7PtT@xz>hvNLEET8Qq2EXpjrw z!5Dp&Qc_Gu>|m-vDyxNMKt`2vq*|VV&9*4DMPoD-7%U1ShxdfbP8W;9$beTEv4ELf zLd6SaQKMKCMuIDhSQx;Ld@J+t5@M{ zeG5B({Yc4AKT@5?cv8tzJgJ$_cv8t}JgHfaS{}^IUe7vcX=XTAYjW86X5JI+U^~O# zNl!*&^g7qyMK8Iv>CLQv7rkWJrWZ$y$;(kfyQScVbR@=bY#-q_mX9zPCGeLp;;?;$ zfvH0RD>jil*s;ZYh|Ttq2y7p5h|hurEIzU_;7ZDtoiQ~_+fXN+qHR+$b8@sT4+SF* zPU?#aI72CN>5I#(FEWJ{;$Nx#xv|8-j=t;~j1g4L$ZUU4buq$h)LPlV~@QM#f*V^<=q=B05byLsq$lhW7dv4oPw>`%&=R2z9&aJl!$2iump zHq!Q{FyRK16h#JeynQjKWu|pq-uC>fzipLbx|{{u%lD$0gd9S>bb$0l*m*p z;=p=Z%v&{ZB9b6IKx9lv`>m+dLM9-8ljj3ve7Tk)WVKf zAcahymaDR$DGuV9lbMst8z#zE?4nqf6-3I*3-CeqJG^6~A`!p3esp!s3oW9~T6SAY z8#8oN${x(1Qk9KsB2t+en`vR?%M&&>%fem!TQ5$_Ks zPUkTnC35|a5Q{o5Y+cdFQ=W@t{qTbbe`sc6QQINhIZ_?kN>!Z%Cn~$0uY*$Xu;cPb zX6|JkTz~8=8p4Fdq#pGGv5m!Ri)juw!)2mwRJK`!%#0LAvRm>YC^g}hR zX`5`Mv`wZm6UQWH+H9P3FN-0ukWq64%iVYsGl*eydy`tq#s-XDZ_-5q^Sw#y1%|vy z8wK`wlWr1N<4t-WBk5h-jlho`_=>_a!nF+z;Wqu! zmE~lE!*gKb;sF$nsFbyV_t^v`kCcS@icGi}4ddks)!N*U)zWHPiOsf0HJaO&S%T(0 zZ62Or$sk`#TGZOMtTjkrQ=50P&PG&Vm@h+|R4>{0VfX~J;l(6jJf@v*cN@o>_5xtO zX)go{z5_D@laDFF)L_CGiKhu8@f?a-g2~4SeblrIei^0{BlH^v7PO*=}E^&%| zyh$&4PBH1lJ`wxzm=iIROnVxz+O$^!=bH8^U^hm7lK;)v^MQ{5@5M-d#C{(}@+0>9 zF_Is#KY)?^i2WBB3HvDUL5zeI`$HHBEB0QDgcbY47zr!(w=r*EUd6nFc@y&*=5%Qw zeggANyTEfXvoMn9^MIwM{e0jVracUtZQ28K#s4`vIvp}?CkZ((-g9s}Hr`4F=gcPj8p;2K~b<`m2_6l2t3Uz=+jEa#0KH4tcaLk9HD%CP~eNBzW|6B-+kxBS9Yr8CP5 zs^?ag&{x5WUtZPN0M(#=dHk)hXp2fJt9h}>qT37|&7poW#@1PM73C$BC1=`np6Xb9 z5`V8n2T^JHj0%asin9Y+E6&m2_c>_imLSx0&_3p%mGqO&G|N<3QWYvZyP8jK*ztZ7 zN1NlMtthXe_=c5k{@hp|B;Fb)t)u+w;^@}J=;l?-E-ALkX2ts!^i~^4yjv`Ksn@D% zT7gdqgO@rA%^MpS43wYL!-p1aRcZOmGOD*KWYd1^pdABkfVNg`D^$e=Tpf?q!?|b0 z+F}y;Q!LuTf~wLY6|EibPH3(C4u!VKqD6O;YOv`7^WF8;ZP8VgRL(0cDk-aA4~O(i z9b*(&N6ayl(jF8hDg`%xJ;YJ7b%2eL`g#;xq<28zCnk;L=}B;VyG92@bQ_Br=@*xY zL?os}yV}V~h!*s68QK08lQT_&{;bk8Qn|f=XCBOHAle)Kpm=B6s z&cYR(v^t_t)_syDeZv-0|!NhgX(ysRg{th$b-=BR#@+h}cE-eFpGUv+dO zy9C-Y8vY{v)Iv*MjuIT{S~%%T#|h3+Ug=AjCQinzR_T5(`4S%cx|uK4 z?{$||&#YMSLt>P{6T1j!;e;Q=^Qs`YcwUtX&f-;kS5Cg2s6WXkKy@X(#d#4 z_Z_RP9|b2oM(CuirOqFh{7~nb#i`HG!YuG`{@~BjpRM^s>cIyta@t|`+JV>cC(9H0 z;rbT6fUfaQ>^+-0ig+jfR$!NR;v35CoA{ByZtukZ2n=~A4*e0Z$2;+8fxX^|SpxgK z6AJ`p_$F2f-0PjVP+-tE@gjlyy%VnxnD3i-lfVO{C$Pph@i~F!uaV{HJGd7BzW`nc z{2%Zl;Fxp91{k~(vw#bM#lVY!=L4I77Xh1rR|8vs_W&0Iw*XfGcL7_0ZveZ1{{^-I z1LsmVz+50zIk6N7qnQ{6vbLXi5pXH+D&Qr+`+%1Me*^q6@I@f|fQjz{mjk~9t^^wA z#md!?)f`s!-Kw4|SJSl|$kfZuDl?2Ki#)sRK+6Og?+({@u$7WkoDQmM9(P7l#8|9Io1}Cz)fmb6`<0~4oFR6%8tR)moNqtXEQ}Jb}`lhg^VjHID z*r!Ju!<}?%*Ve6j>aIDR(TuP_7T>Xz(VsB!Km{Gyj!MqZz~F%zJS?IhxvbR)#rcCB^4<{yk~9}@5J$>` z#PY>au?HL48lyo;OI5!!eru7Sd{yWMn~CzBMDB_-^XXodv^9C@#N`>RV12C$r(W=; zTW}YIT8`yX*L6HrwUXHmlA>A@1Q+nSr)a8}C2&-MN@4+rm?WUOHv9RAemP4!rC=*i zS5ZC9qUmUB3(7}xtxdoAhGx*z(X-GZ3vhf$g1nn+rdAe!>IF<&RA93?`ibIm(M`hx zS7Y{JM%_F-a3;{&PuavxLR+L?)J(7DovrCX-i5F(+9}t7&j0z(!!w?uX za&oeX#Qde5KQn8n8X~f%RYp*j>F0#o=B`X_00u+4@PelEFZ_}$IOLZ zn>e%K_Ry<6^28_Xb(VByE6tUadP<%g1t(cU$Yx3%^zP$_=)5K>n=>L-Zd}i^N`|U| zTEX!&goU!wi<*^H1S^-XC@{52=BygAnUbu7VqtBx9u>~w=#bU0^q^kDTA|7r*A5i5 zYt~hw>NUL_^*d>9`RwwFv&xS*CY<2Bw8pnVDS{wn2g!GsO*Lsr7G$Z~ZmM<;3V|EV z4#SB>2~Ix6sxJdVX&B$IF7PlGhGIrz#61p}idl~7!mPt=#`I#gVEQn-Fncj?VZ?7g zrXTN$wl9Tw^+PXRumUtK+`M3g=Ht_iHW|eHx>m>5&l=PJZ{HI!nszH3>(Ks`ZcOji zSh%ZAFIm63srtK|;T|;8bM6=WhtQY6Mw0vkn}A(O{^0@-B>Be)H2nSyf!#^|X##ta`~?C-UjH0{HD3Q*ff292 zUSOBk-zl)$>t7=<-|PRGz#gxEv%p@j|5pP0y#5yj?)CcLR4~c^p}>IO{~zU_`v{?i?U{IDZlF0$>QZ2zWk_J)OS= z$ezxBA&|YFeP1XA--gU`E%3#!U9!<^?exLu0Q_FpF7Vu%qar%ln&xFF2Uww5~H z=~Xo3&dixaAUP?S7YY}ZhGvyihLzA<@OGMFu_Ln_;o@2BL2CIFuSF{)VU8AE?vT*P z9gH}-SewM?`^OkZRmDbUhP(uz!oj zVrV-xqmHjpAqHrik`v^!WuhP>81oBe$}YP0vZq##=B2VFrCx-JLuVdnHm?~A!hYaN zwSr*S6w0#HCTea&S%y}(H+@>QBFK_Vsdnp)H@i;)${qe-B(|3|*!+p!wi_Fi-tP2L zcc0bXSNZ5Z!<)Ko!4^K;&Q^uk(HN0$jt9*S#jp@s(<%2$qUhNuae?I};koC5jNaPs zH#9B^(%WSVs;u(xsW|M{fR&4VM!nul${xL=mZhw!Oz?cBXmK=1N7hBE)sKT2k)?~& zK3ip3Cn=~{2BdP;K3{oSW#~lOAl1XeVrI^qn_FGYuKli=PdP4dQc_@c|K`W1nQ>F&xOqixsM~8f^H@+eGu1#!9Vf7g%C6IRO9JI{wwdAai#G%c-ODv&A z*}AZ|bp~}*rTE0wm2s7rU?CY7zX-45I)9=XbB0>FXu)C;5m`7-P$%bAk~gGuuWquantO#X~Nvt46A0b;wy$$WG?a(8Oc!M*YSl53uea7 zlT+K>apuJ6stRV5K&zrKzU5aPjje$MThouWN)ZcfQylGv7;VAa>RA$Zm0`{u>K0A3 zmJ12Uom8#pH0AHjgp;!k3nOK@3tZQ^BLdboN@PP13EhMd0lv8dmyXu9aI;bbRLUfpzoGI{3MU-h)eR=gWZY$nTfwO4u2PTIU~~1s;^DC z!hM7PUiPfD>OD^aJAR4ECw(HH@>ys8Qb*$`SKz$St}^$66S-Wz+4eepnO|!cT4ii< zJ5{4=Iw3NQpJJS4yqGw9S_cGv7KdLCUfS|T@EbAmle*djzWcZlflb(*@!SbM0RD!9 z;D3G)yfY4~-XtCCCu2a;bK<10OaJUY?CaYjiTOc&dt$sS(-JZexv-efgZdTDGW7Hj zfe@w_(|wvYq5MR7;_1|=gy^5!#ho2;=vP)Uv!Lkguw3O+8y8qof7(`7h6(c%$!koA zkJ8?F$T{g)%s9+380k=>FrzVtW2CPkVN?1C!-4V>z9#i8eND!#(*$ul&Hvl+_pb?E zX~+~(#w=s(_xVyL2|VCS$rBhzN+}iC?M?ZSz+P`klfb>+lw|^YyeX>%_IXoo6d3ZQ zJSuR%H)W5&1KyNB2+a4Td@j&PO7SiS27M`q3Ctipfi=FA(*#C*DYFH3`BKgmX!ueh z0t3F3s|1FUQtlJj<4bu_V6QLb4+4WpDSs1~LHsL#`+X@#3Eb;TNf(%(lyb5_^Vfjt z;2F5tv!|R77~(ktL+G0g*kVTm?ktka9N=nM2BxKx7Ol zZvd_QR)k8*tE$SvJd~To+hK;~#-0Vv<(98u#}GJF2y-?yby`gqpAren9A-MzwPMT8 zcj7r_RUIbGX5Xd}d~;Sq*j%o=@DcXLVVN3*JDL$O!r2_RO4j31Qj$0-m3b4#nXhc% zED{xYWUAWtn-nIBthljkm+Vk=jVSWUGa_b~P+>`!JT)&RQx?u#JD3{38R1AC^YTGG zSr_Fc_C%(EUwqZ@ZbE0oS4*i`;huYZ1Uubq;jCiMpNxFJJ>9#qfAw6dYf%-FR4oQ+%bpLoaK`JXOINc_Rws8 z+1+uBq<56ft;~%mIm^yD$TxEJH#=Qeb;B(y$WukKSu)tZ(+sh#t;0pX4A$0hC7vBF zR>;gFE|Xf2s%D*T^|?_&JCM4@>n{zIY5gSSTH~s zu}g263bew$b*Wz0h@XU=Pgq5xlw{d)@{>780{8rQY`_Ox15FTkQ-XB5oayK|O!-zU zo>RKq>-Rl&nx$1$bCHMfQN=KNl%)k_c0MmAjI~A^O4`Q7Rz6G0=b>%M{@2duUT9?w zO@l_}+G3ytasGN-`K;vWwU8FWL1fiU-pW{-5CH_caagoD&`O!)rwT)x>vk$GooVU_i=V99H$f|Q>z8KJ z7F1VPszy;>Li<1*?R+=wJX&GK*@o}{D>j|}1<=Ls6;!`7>($D@H_%BLHqy@|hK7?g z8#zg~oVXg1m9?}*IG}D&sKy2*uXUnL%?F`X14x~~A4Xi)$^wd?wDDu46WB5!AnPh8 z{t58;=Zy#)5r^L{`9FVz8ZS=z7lpoNMBvCc`acT3c0@qdb58odNj%UuoTT?6*Wxcf z$M|`?ANUQuJnOka85m8Noxx@ zS(jgB29>JWCh4Omd?j`n!!mB30T()dv>l%`%Jbm*s3Wc2r0O5t7Y=MqbtB2O+Q)`v zS7jk-4do%wR!)&=NmCK8^JkUA!bv$o@RNMnz`{wM>%d9bta3=67lU)|$0Wcqlg?N)83O~En46Dl~nm$r4_b&~8A-aMVR`Qk&PU@XU^qM2h%qwc|t;#AYOs=0* zHfI|(5I#TbE?YaeK5(+gF>4Q%F0p}e#mF5K+QcavI9PpcAx>vsP;CrO>cQ-1VKsVV z6O1dRAUw-?rYz~CgOfPdo0QTnl6M(j&cIe4t#V6!TjjQJ5?`YJYSo3bmHhs%^j95H z|F!aB;Urxvjm0pR=7sWvmHU?{%p~}svpywX*4VN_OC6sGoz$`B!NONd3+Jla7n)~V zv}>S~zAIrynn(+$xLMm|SvgGQ?^HE#*f%En$@mq1Ed$w_2Y?2|Cg zu!^3Bkh+lHfX)$t^D*l&PhdX5XdnGo=%u`aO{CK;>G#WTLz~*Dw_i3Quo?45%#mwZ zpI|N%c+H5wIhYGDS7Z8x*V1jhB0&9H9 zYX#a-#XlTy~$$)?)N31prAMTWP$m<^%8BAp7Rzq$|}~dGc7`^|+@3Hv-FmD}fzA_SMOk0ohk4 z_WTX|LMewy%6Ay`B%(#e8IfpRo9uSLp z>rrSS^roM;!=&OY5ddGGL{hDB%x`QG!y2Vy0cCHpr-s#L$&3!WT@Fpl31fzC5IN6Q zd5W#pWd~~_v4zcZLQSO*dZpzcaaDwnsL9a`AxqMjRn@txu_GV4!oopJ7krYl|)TE zcFd~J#Oa=L@@@BVL!)T`B_A*w&b|4!cKxQDKvkntfWVQoSwPOJIW}HU+u6ctww~$1 zD4lUhRil*Dfv2BD9~)mgE1Iq`8gvd)2<%}O4N`oyYca8+S;3aYe9OgM0g$Tlt8S$R zK#;P>A~WmR?ZZK^KCjnkNlQ}yp{nq9PVIJ6b=B@Hk&@t;%IHKb)#7SV2_Z;#Y5F&( z>bN}jiOQ+YGMdq-0&u|3D(G@ihmWTVm^3vel)OlG`fvxI#ysPWBNFF!#@B~m z;8{1l)8De^L$m)o=&Yri`OM&C>zToDMCy$toNRBJ8khIq8aHi;4rgn78+RB@{PGGk;^?K#@rQRv9$D8_)z|aaIZHtOW=NQYQDf4Z|a!>yS%CO0=s>w zOBCLhx=!E$Z)%Ug9$)H10wdnk=L80Psc#Al`cnTQu+NwJUx69E)Zy0w_xe&N2+a4T z<_O&HODz;=_)@DC)U~s~Fj5h(a@e5v;WS!<;}4rJ|?`YMn$SL(+= z)^Mrc0$H=Aj=o;4!BVq`1k)T(f;iEYBI49Rq+5m+S)*c%;g+^~dGW_kG}0O6 zL_}trMk7Y+jLePIm+NAIxd$b0L~}8u(GjIwk&DsDvH-DKEFuu1?d2e$3~m>TJvHM- z9ca#I;!{(4m0V0QGcRB82-nuDYc+NysdTkZgP9A<6|UpmG_Hh8CD}NX`ka`K4&D@Y zAXL3_2~gd8iG^I)-nPs^W!C_Y2zRpd*R7%IL@OAoOv}PWZp|Rh=kp_-9WhnB+7?k| zlee1e`fcDrJAIB3ky9aWW(??UDyh zfyj)?sANLI>#=HkacripzNzl9tg&{HAs4Tt+wk#L=|6I?CSh$&PL|^47ct13Xmr-{ zaVYol%LrAL&(x?`U*?l;s#UqC)xMy`?9mpIwXKCUuWhOH=#}WKvNTt1tp~eVd6aR1 zJl<|E9aRARR-0-sa;GkUQ4Qj?xU;^AEJlT`@{!kmXtm0+I4KaJlE{^U zg36FT@{6CxEqCAP&Usu7YxCu!z}-jN{8?gx8r{cFvA?GNP6 zx!{DKj(ugxj}9yCn0@Qs^F3qk{B-;Ng4Pjd?%tDn?L(p4zKl$};o|9+rEGcZ!fysn zIcLJ$pJk?>_n%E4Tyfolga2@RU}4MS&%J7V^wN8`Y)-2`e8B1R-(P?4u)Lh3?$7?V z_la3U!@qg>g_EBC;&(Iuc-KwKhTI)&`rnVY{bE2$$-?#bzwr0}?R$LF((0^$w5Le8 zWj!rFIkysFtKaNhmiv%6_fXS)`5A%0-I%?Ym*xZlqi1Wl0oYU)Q1O37l*1%mev)3i zThdqQ;BWQ!XzgS!SA<2WUsls78XMNyRg{kH&548)Bl-W=rm=yqF-CD9P*XyC&jcb#BEn#H*GCO>M!HxyfuaSf3p6p5?l2r?(eF<2~jwYzCj?L^PL`?G=b|5 z%^hjnua>I??3}r_YJPiWx}g=^OP2HQ471gABc$#UxI#icM}Mkjx~OrRgyt;;7h-W^ zCNWAHS<~fyf+7WFS;5w~HOki}<#5a-ozM^?5W9myoXo{Rsc)uJeL+QLKBh%A@uRPP zaKGusq|)+v1-!tdB8aIv%e7sj-~CkHmCX!JGS{ca8*^%-i(L0t^~ZY*GfMTnJ&lSB zNCQ-%Z5y<%wP!5nv!AWai#rz^nK_OGs`)k@x5tAsLTxFszKNgq1?P zmLQHUM;!7+Kr0fNv)S9ZejgIP>$kD9NXg$vaX2~0`q;#=Qc~|qwK8`{c*U?`aU_#J zOEQh-C5t1vmn)%rlt5-JOPrHvgW&d9I^vZ9F5*aA>Le=;HwIjMencN62RdiIgW#sb z;Znin#o;D_J2eiM2CmS=4aP3N49rY$#`!Ux{C#;wq})_sUF}A9D!OQ9V`~f{%I3QF z8(im-POkbm=jtj&{im4rl`~VpN#B#Yt90N7;+FQP2PbFRLMQz}&O}>Hoa96H09F>1 zJyO-y*Z}j97TDXZYO`-s_ntFyi&(3+(cG<_qlgdLjb5eV)q%_V_(L z0{8kneFD4uo_7THc|HGDc(3R1dvNdfda?x`@OjQq(CY~c?D2V)3hefKt`}(dJiine z@OfSn81#9*Q1~Rz(9O8>hj>y1X81fg%I))2i&+R~DU!JW%WM7`$z%{@>0g-`u2HvM+TAqR^*ji?4)`>Xb70TgKy)-be+6=m z>-jGb8J=h417ibs0Ve{Hk$Fx9t_6mGn}GGeM}Zdsktuqv0d5A~2D}%z4R{}LKX3!^ z@4zL%fxqA_QQ$ZrvPIA7K;|@0HE<)a3CRA-b1jg&A)dQ|cLE;=b^-SSR|59|R{=i; zt^*E!P|5f_#{gmTp6Nj56;BArdAVl|@NVFZK+dy0_W_X+dY%H_4ty1O2k`Ge&aFL3 z52^ERPYUox+@}Gr2c8W?rs!D+wEC02H_f+^BsxfIP#Z zoU$mB^HjOiDmS0Qk!X}jN`1-+mxPc59PMYhctfi_hS6t864nvFiYw;k7)&Gy@&R7a z=4xvXceF_s#a-9g+=A3aw386I$i5@2ivq&!k~_!}qJDAIIs>-dX1Tq$9v5YHBqYQfvpPfod(W@YzFZ~nAwcSO3~`xRKD4^rfK&;EILQY6TIKW}&bwReIN zXb)8eX=1hAu!fRqE+laXv!&t0CJzZHI>(5!-Fm2Me+Hn4-Bo-xhT$SF(y0KQbxb1GRSOolWsL|D#|iRL;0qv}S|*MLAP1P{~+{plumaPV3+qVW)hHLd2#tuDY@=8wW+p z(elFfPLT;C#wG}RiG=u|mgu_3GmQn!?Fd}k5G{+GU)_Q*nmJKg$RPu%ImM|YeH;BAq^)tJu0xxBgvUL2pvFqq(Rq+Fsa4Jj+b`O(G&|VNF|It& z5=7AtV01J!25Y0OnZbSvRu-SrYAANO87h`)N{rd6ny}F3P_>-0zqUH7g|jNn3}=^& zBPO*!mBXWcerh-eqiTEXI%iQS*qQ0?r6wkOM+P>&e7OOs1h% zx3c$^y|(PS2Liv}$+?1Qc0U^kJcF@dJbp6tmt$^${w3h2n9s2v`;5kkeJr@+ zaSL1syc8p{dTC4J@jxJg2|W>$BMG|4boXu5_>A9b7~JNj6I%K8ZrAwk9Wnn1X=m(; zxiw|%Z#Nz3`|@yLH)mbsL7Wyj*Ii8q|UK~lc+Gxv6rC# z>oF4-rPQkw&Sp&27z5K$_Uw;0~l#WPo&ZqnLq;0(Rvcr-F9dbx@)yyN# z4V8_XUp4!vtq)&ysxe@|fYhKTbzETRxJa}pdsFwiF^rPHp1wUp4}88o>#dicJ2EXe zH0{F=o}CzJFU;y%y?W55>#sa&@5|dpu35F#yKCEX{+gQnU?`Ly=(%Hc%Euq+;Pq1*Is`5 zu$tO}uQ~nG4_=yl;ENsEJGVVO zc+Kj|eWL@O(cgUj;%N;v#i{#VdGVOE@xxD=RW$pMF{6fz^$hfSgUJJuo9btu*ibj) zIAh?zfnR?1bZ+-`t46I`b;XdO#?Ya?kFL(XxV`+ey?grt%iGVGUR*TOxAD5Qhky9q z(-Tt1dynht>M|adOqUpBOB<;npczxUknYr58WHeP@E5jmNIb9e37eaN2eFAhH? zW9TW7B?Xy*kpo8V-0`e$-OBa;jwL0zUwyIr86U>3c7v7Z=X(KKAfsxsy^3IkBO( zWWraUKRJiLBd@53uIZ@T`PW6!NDKjy2?o}2dJ`_CNL`^YLjO*bI(*dnXZ!q8`}$ON`jSrO1J(Pc6lycbR+C?4BhoBSXMQ|;sIDe62o&R ztS>;*?ScKQq1m_4eZPTSTuj&Mqp33(ieEAe*U>~xbctSA)m~U@kna2%L)Bnd1z{l` zx?2-NB|TP<|yn_!>wVaEqxG2O7K0}R($u+rtQ={>ND(G2gemRSW591W{k$JDS1_S*}a`w(_8 zi{Y{y7PXP-?i;4Qaj={&SZ9#wY6C-R48!qUhIa>3W;H{#muYhxQ)VjDMw#$?hI=u? z{!@nLe5QpE)62)O)r(&#$!+Xy>ofc>4q)bkia{6nV6EwK5EnFfY3 zJ%wOzd9dD8rpF9e=NhJgCZ>dL*lrHf+lNepsj#yr;7%q3sUv_8T#+jE&3SBhcX;*BiYq77`9Q^K{wqdK)33nyM0d4UuLKVsh$rQ>g`emH1YKesh1gkt7w94u(leiHzY%X z=J^1&F@Pp`gf4v@%~(VgJxcejr2B2B%SK?4x6{Q&!4~hJE56KdtAz#bpiB0`LJDZ+ zN`~_ihR;fdyaCHNlwqlkVd?s%wM7i?QLx~Fbm3&!cRehz4wfwlDP+75fz3(IVWH59=H zu47odM;9CqE9`w1QICS7(1-EuqKKLeJwgsEaAQ_T*BvA5+*4*yXECU%jxlK};2^VDp8rtQ4lAYnf_l zV41HnTzX*P8B7JAG2HW+YPQSN#`KcObeIe~$%mCb!nBgbl+_E1-Ui#h9oF^;Q%)gM z;+YJkY}o2v*l`W4D+(LzX3E*i@G6AGRKgyjOou(Nf%jksg-nqTGaaQc+-qS?pTllH zU>Xos|1hlbde~DX)7NLP@AqLTk1!=zkg6(F( zVnR$~dzp&sn1Yj;76vgTXEU|$hgBU4D;xkjTf#KZ&D2r{D;&>Ma2-vQ1j#OnJB+Tq zma2P+F7qN?U^UgZj&6R93=xW2LX$kpP%oy6D(F5k3}@5zcaUTuNe!ZCmyxue;&#CT zw$tpF!%}uo%K%W*3l$o4F7eo3?I$9lVW-4Iy-5S z?R1?IhRQZr)HAS&5z;&~>D3JPb+Df#nxY(b@r*3gU^kahea|tBhtWM>qA7M!-G|WC zXV8_;VD|Sh)JD+c+h7UOEeff&oebRqx=tT#q=;@b6ZW@(VR$9O^jW(4Rdo3-hVls5 z-t(}Oq0$ZLIv&{Ac39IPu(B8F*3ZE%=g>vhz%G;MuDf7aGZ_|F!wQlZo=?O22GMjc zz<$=!?Ca^iFTpP6(6zSF)B_lbPcsa!poz|)ORR)dZG*KMbmwOosxqtwdOU`Q?ly~| zQb05N=*qicy;s3z*29hp=(1PSeV$>Ml)_41fMplZ>|J!zJv8|hu)5W-mMa7WB3Hn+%IVVAz&_7_9dC!ltb$GLV7QjTN@u~Q_rNL!GrV^*4dgS_ zOBg~Gu!O;|apYrz2EoFL>H2fLY`~Zfieb4=!)n(sB%X%_`eB_jV5@%E-HQy@d|2~9 zrl3BihpXuFgBfDaGffO&$n?pgm*G{;l((LtIfH4fh^g-~*rf+nv!1EpO4x4~Z0>2; z!7PSLDJ<%8rn@~%eZyfnt6-f2n65T3qz+*?RxrG0GG!JsR97)=4r9t3%(PL#^lvcS zXE5wvU}(-_S}0_C*$rDQhm}3g)bkvy{{>j5!Sr?+?4ShpHO9EOmELJ4SHZ_Yhb0jnO=&R8ip_xT+S5u9Bj9Y zsc$vY@HMd67hze4z@E-vYP($YX`R2*CFA@oD1PF$pkd^TGhbwwVvZ0OzhgB}vP+Rq zTKn-B+3rIu#!}9ty5B!&?x!ER=?^TK@1OyrPrz#Es5`a%-1Lrz>7x z`mI|AZ}Yu=@suOpjbuzad-%UH59#}Mf6;o% z^nX;`_2bInXKrX3eB=FZuRiw37xtg?e>eQ?bE=QrHTBdDZ@ji|{em0bi>|uq+pGtF z{hy;>x^?pW(XZdUaPyqkE^0n;@rc6pJ3Z0150>qka`Xk8FT45l+pc@#+FyJ$YGm5K zPW)zLa_0E$4Q0FT2+zIs%!jMm7Hzpc<;hR-&pvWl-cLXH_Ug^=pEl{I*G*enHQ|`^ zpSo|$Woh5sFyO@7)1F?rFa6iUCI9E${KRglgASN(? z*$bskE`sK`|=eB+!b#(GQ&##esI`ONG|C74_KaBq(B=OC+K@@pW5WHPj10{D zi`)DO+&>fGExI$Imolhgd^|ExBj(TUeD=n!h}+!2fmm%z~rO$})!@KPvK` zh*sug6WX_VwFFxo%_DSnTFgG#^^T} z5$hIZF2}4ein5KOELZkkAr7bBt<=#QaX2|^dIy}m%VPzW^QLz#T!t@q(r)_2UT^Lc zf&0C=#R7xA+<5{IcykvEG<>-i3C#EAt``{c=H4PO;LF`2u*RGFg20G3_ice)-rPS5 z?DpnLa*aid?Dn+041%m<<`n0qEL0;~t3FPPg3 zYyn;bTmW1TL=Q1{6R-*R01*AU+$VwP9p>%^UI2U-Xr-rAzEm~KjntUSRv%M-xMJ#K zg3;|9uJ7biyo+POVmfF-B*J{2=%ERDb-%NtF}ygsFf851h3u4fx9o>Koa7f;Pm`z= z&BsKyK~^k7qR;C;0L{CCC17D8r36H6H3a`EsDGi(sDZSn3PfsgG1GoYE(fQ&kJ0KiS9) zMEhixqj8dxDs$(BTVkWo6&=OyOy~*!g^!8(U*d7!ZQ=vpCib`b zQoiZm>!1seRu^emG)`E9fWhJ?=3uv81!%0-s#LTdolNS{!bs!GO%uL0h`ys-oNF*C z;-a#Tl8j}Pb2%nxCLSCyDv*zfV66P)V_|IBzqZ4>qQ7}$bm^OgsYe*zE8f|f(RS~B zd6|dL`P)?=ln?*9_psqUBlComadT#zp4VJ=PW5G%E{oju^XoS}`KyOEzx~SYo&WgT zpZ1R&GU%K1iF?T zjV?KDYDVpks>&`|+SYW#byu$W<%9S1y!`x*t$+RK4{!Mge*NWyV~z+EOwUd`Z(hZ$ z743@}-st}G|Mt9h>aP#~)#&Y$zD^r_;=-RVJ>e#Gwh%cczcQ_s#_w|w&3 zD_+TeHt&~r{Oj`<|6P07ZTlZQ@6H=@#?Jl4^;sGJ*zoWNNB{HvlU6NwzNYW^l>3KO zmAAeAyQw9=|L@h42Yq`%`{I^!&b;cVhpv0#-K{?!`S!U5#|D1%){t$P>+X8tq9@Zk z_Kw=}$H#itH~;L6p+8-AY2$A`^FQ7C%$hL=F8Or&zB$1ae+!@X=I&{;&N=7xs|yRS z+k4MFpUnCC>;HPQvtRn=^2^_E{PN3FpZopqf4OM>{KL!NdFQd#P-t}VA%|>xzNcr> zy1)PZt0Q`Q({36)dho~x9ysyxn{Qt5^#vDf`uy#;mp!<7^9if|^PjCV0tiV*jOcsm zzWX*0967S2x~%Nb@TN`2JvCv%ti@x;uDNB*81FF)7ToyX_V!yo_4|v?C@45H@an7o zN}Vy|`qzK^+fS?N>VE#!pZ|Q(b$j+?e|zScb3JKkhfEwctgzzOzy90Vr=Py(i$@-L zaNPR!^`BgS{hvBseDUEQM)2@2-n{Q6v@$;YGdD_uO&p2n?INwpX+;Z2+UwrZH(3f61 zaQX``wEy>*=G%3y7bmRzxG=0d&`#}v!J^>^|8FX;Zs(u2p@OVRds)_tvx$$ z=FC@qa>W%rCv4m};o)`b#^3kZXP0dF^wX2y^sq-=vnKhj_ugBv>6l|KyRoY3%{4OE zjy!Va`RAQC?~qF`z4?QRioLhqbkoEqN=vK8W@gU0_^r35{4I(7-L1ENc+sj=w+9bB z^x4-^Qg(lQ;e|JSbpQQ-F8tsBo-8`ygmt&ip8fLA2Mj34Kla$2zuUh*@2xl9_;u~o zSKl`I4}bXb#NE3;n||`iFZ}aQfBMhSmt9u#$Li|C3f8W@W5VjyAJjbl_ydP`cAk6u zb=TdU)7pB&zxM9U`LL;JZ2R1~)dPO@tA~y(FTeH=yLM&$rw>8Yn{WOzIV~HJnIJ)_Fzx&5YS6=zv1zWb9^wS|jx~{n4hK2t-@xHym;T@#Xp)_QW83B z%9Lw<)6#O(vZtQ<#i3`M(f!Wf{`Q-*mM#1Jy`O*nRM~(3d+F-p;*oO~E_~<7B}>jr z8$39_8utONytAn2)$UodM*Zmh_aC4Cv!8vmQ6u7 zh-Y5@&2QS?IO?dUe?Mx}+Kn|eW0vpO@kPcz{&Dg8M<4zBxgUQ#{gr6+4-e$#maXVQ zkodlqos{+e>Js5J0{DWaOcN# zCS>HbsLyrT>a!D#i3Xpv6VwCc>gtI6UH3V1Evg4=2j!6dm7B3~A;4+3F%=ASrF{o2+AdlG5H0SmR6k zP+-KD_PM}5U)nbU_xsXDz6I>^rHvPOz?YULFqo7!L!gnAHeX;yQrblV^Sxk_!vn|8Cn{ob@+ z2|VCUds$#jQrag14PRQ|9bmwhHbG#}mv*wi3}4!8fgxX7nZW#{v_;CDl(tr2S5n%& z0=tvaUR3_Rw2zhBm*)Q+_#R){Q3Ch+($WQ*KlT%8GjVgzCGC75_iEB2Ko(FOdCT$6N7^VL`;N4uf!xDMO9Qe$ zNt*%W-b>oKK=vVNtAOlF((VSbuSt6x$bFi$SApCYO8YaA{Y~0{cVqdM@uM%bD4V<| zhORU?t#ywwm2%0*i`n?h+zLzUUU|!MQ7*A`wl`}kR7YD4bpeEpOnaj|)5v=!h9+Zvgs(ay!WUs zXo&s93g)!CXTcd;R$cT`a>>so`t`m9YH#xXOxOr&i{!Wx|x9SsX`8AvvBtL4%stVlo?3&}cR5Y%_DF3< z6VKYP^XCfh1a(8(oI`y3%5`@{||ZZ9UoP(|NoDa6c+G^!G>OstI>dv zT{>dh00AP9tVuwyWkV7q63CiDv92Ba+OA#K-cZ+$eeK=5*WO(f6~(f8?d^V_?>Xn} zp526dKllDVfBe3W@4_qZnfJWsJ$=rcnK?6IdBpOijO_ew=0f-;I+E5FPPl26ef4s+ zI&r7UbaaPB3@L8ZXlmh`4%s2@6d5jd!rh;ElJksqBD8hALLKC-XMesAj9nh8Ro02r$^jJZK0=hbKdroUx9jz&>rKv{{uN-mR=+ zrUcbUvq$L*yB7^kMi7l%N0lopGxk*P@(lP8d06y4hJ@H@q^5A>2D^ri75)EzB1v&@l#+cmh%A0KFAHnhduv%_lfY5w+t~P zuJV)l%&G9?e0GN?^OR$V!Kt!ikM1}43wG%#*rJ&f5GE`O0z6BtA|d3OT(oHa0sM*_PO2MP2A?2;yDZA_=Lo%Bh5rXqKNlYP?#Rg+pi@42qYQQv ze21Jlai}gIk=+Tn%BPDyf8eU@OSL22?X_W14D{F3n3!;^a|+;ZA{uQgAn>uOz4(eD$u6<$~S5=L;@ zbPxO}w+)ZOF1nrHbnKGXj$PcGGOpwsTKkq6`-U0&W(Z`Qd~M6qe;#&6m(ZB#CtpQg zexm+*QL#O#-)Ec1aR@+MJahkK7zMW0a9{6*&+m+azxQqIevFG=B`Dv7T(n}f}=8ehp zgPF9gL7&tM`H8<*vFE4FfA{|^Z4!XuWpRy!7;RAdBefrH$A}|1^l% z&Us6e@#1nWqEz;$?W$>UYa5^AbHpTX?lPN9QAuvTr^+;7dN-$QvrN*viK&UHf+c*0%q=6**~(&wd<5cd@YWab3^8=X=&Jb$ zpXCtc=J3InlCz7{Lm?FGIXZ7=XO3Jn$b4ig$K z@Et2OQsBE#s8Q^@Me~b&38B$qUs7nS*!Pjpc(LyXp^;)=!52`o*td<)Xn}9M&`_ao zrqFPqFC;WV{Iz?bZ?(`^q3<%G@j~C-LKB6)7lkGZeP0Mo75e@VnlAK}Y=EjF-%dh} zBHx}u%_3i&P=Aqcnb1Iy?^L0|BHwjFLq)#(gocZJ?`k{wA~aIuEB+E1EAVY0G+N~I zX?u}xrqFniuUTlK$alEVWRdSYp{XL@%|g>fzJzu!@V%_lq67(1-@A z_k9NC{onUHl=Vg5_FwDweBUG}@A1AFQ05JM`$L&u@U=jBpZBeT^4{+|7kVu8HfS64 zc_{DszIUL^JNWv1qvr*DTSDo}eZ!%g?dzKYWp9gbF7$ZlAy6u>uNxYMo($#u6W{qz z&PDOv1m#>5-#t*yA@My2Wq!l=G4y2UPteuS{%Jiw;oAXf4wqQYLtHv&Yl+wyeBzx;)TZ;0x4wZVV%jcmgH{pr;B=}SmUPUHmbUix zCET1SBbAJhWQNmKTfMx9%XE?*H9fdNrE6TTb5OpZ6)lXLtsHfYnO$sa(ClJ358!6Y zGo@!8a?6;ylQZ->TO@p4sy4r?v&$OfXeG!`t)H)}V$O&w-;ocG^I3M0xY;t%;kHX| zWFATR4)WB~xvOI*v9L4GdaSMLp~?NU%vY9I@LHvw#M7@E8C4PjtH1Tq3RiIXVfI0o zBjVQPgd|=wdFSM*L@DFbK0HHs*0B|Mby|#7#?J6M-@*NYl<$@)@f=k-#h&A0k3RC% z=<$6ICZiRpA9l?3I0PB%4nAEmq(o&8gX_`)vFgbHW*lVBLmE%cJc*mnOW$(N;?Tzx zh+SW=(A&sc~mAf>=_K{7)^RnW(MpFCJ4cvWa-su z`52e0+mjP5Ytx1^X`~N3$lL{LZ@>_5Ex9*cgu6S!jINY($c5eAWKTiSWteZ3yyL9u z?v7=8wkeY+c4kOwWg?367_3g%%6=!Qx^_8}NpcNNCKJdTxkD(&jRQlvI{7b0e=OqC z41F55J#f#)$yHGKQ)#YpQ%WahZ|1YQ>rX8>3! zTh%F3VzzIcLQ~J4$wARfOj;c0>KKO9rcAJ9<0>2uiRoYpjjYS0%pE0CEN8PwVKE;@ zAJh`=($|LAy_Re0it|S}WrKsLdR&G|v(U#lE^q8GrPk|H3Y1;FWfoq_Y!OGcAkZq> z?UM`a>S?tS&gRT{X|N`>N;?N|9;!3rF?oQREF6;w^{!U(hAThDb+YAlCNn1J-E+F0ul|~U9D~UL+m>J-mL2uu^2#KF&e>9;A9X5*MJ$ETuo7yE8Ae5jmoY~t6j>ZP`RpYIaD8xUat0Q)Mv8`YdH&_ z`n2;EjU6(uv3N^FmrR2;wbL;iZcUK7i#$`_?mLY*=w(@FWA;#ZW2qIc{)>CHc?BDvK2O;a)t;+?hcw%#fpY3&-o7RWBGZo7TN=z_2 zbLYLqTxOr81>=b`mzw3c{pM~t>Bj6_MI&9RdmXvs*{UtnKdD>xJpv2mh9s(U( zAy-W8%&EZB$v8Awl`N-n|BEJ2$7~iy(r_Hl!j=xS)@M3cEEV=+8Dot-@0C;cohC!Z zBQjFr&SbPTeTa>INk+MrNlzl?HkQt?9_2GpFoizEE;X6hr;uGN%%yf(CB<7b{xthByTcI-braUKVcDGla?P08wtXz#I?@XL> zRo6{xS=6Q%b)3hby&EyJCSrw>>niQlKJ9;F^*%4fbTC!&9CN3&)IYAd)IX*NRC%d? zLYs4?gPp1JOt79-ZWTSs%<15II9P)vijy9fJJhVF*kpCokGv;?^T8G1dT<|bPTkSx zD!OX2J>keBq*?mok@CD}0#e^}rS0~!R10*%ImGHD9l9Tnt2ymV!FA|J?oaI^|5KDkHlJCUPKlDTr|z&&}y}7e+I|Lq(>^JCD+qX6p$<)3lzgEzOyy znWB@C63X#tRdT!S<~|Uu{FF28$Ws>0N^{D%Iwi%f z-R6b9E=^D=KYwA_n?Lhj9w;pPRA{20>>omt1!V(&fd&i9b`ok9mW>q}Ei4NNRfT2s zLem9hEkc6@WlM#I3d)WZnkpzePiVNH>_*KmEPF_3tf1^Aq49#UkF|SY*>^%C1!aZ5 zLXE<*p+chtWv0+bVOhCQ`?r`ShrO{gPg2$ZWqzcr9m>2&*)dS&L&~C1=3mOLgfg#E zb_aAR^l>Qj9c8aVnb#=$1j;;0+4oS!6=ef|)AJlz~ZrD0(^GL6er4+qvImxkFq+n(cJ7P~Xb=2mGVBey0_HMHb~r_bwi zj@1-~Y!rubQfGti7iFI~9iqe2i~sp7HiKs(XZzI`=;Zm8ZO;0VNk^Go|FY`zehRu? zPX81cd5yGe4fa7)FlD2FeGLLOdr4NLIGYl5M#}e zlleM26(h=)mF~UZ8N0PxoHqkYwaICVY$R89xbmp5M&h<}_LxH#!_q-R+=)g;ALtC; zVKl?ZVI0=lzQT6T_Fr>u$BT*;UGNHcwL?jHWALau%GvC$N*@uI}XQi+QZ_Vuwy!cjscM8?q!T zIpH`+rPg-GBQx(UJiMFLg7$9f-9%nv8AuQ+BNay9*`i>r>-TK?aN0?4w8s8ENIEEU zZdK-cA$u0cw6@ht;ubZ^dT0AGhCMrREexjCWjk@Vi}f6lsE%UD?L1cO?w@gU4R^Ct za(_!5|7NQOwI8>*RI9OS4CcAq$}(L|B4T#$XJx58yy*Ja zpRKkEZIxK*e{;tjPv5csZPRyt>Z!e-I{KHh*REfG^7_r&U;ORllXpIO_LZAIzjp20 zYj0e*bhAx1>9k+e!2bS_aC}% z;156ii0ej2=L)i0~QiG26h_Vz2=8(w-|3s2diB-!Tz%Nk1703D&_6J=$5w4e z9P#ZD|2*}_6UL8!b^P5Q9vazhyRPllw@&^cmAXDvH{-oK-+1GQH-21m=MIlO=6mem zuP(Z@ynJo>(!U-!b=IuWvlbry*WrKu`N5x8@9^P4`|Ve;-*H>q`r6Q;^+Ru{81c}G z6_2jC;-0V9Pn`Jf#A`P!JLi*6?)>D4d2d{P#TC=9IQ^|1H&3TOOTV(^A3N@|&-i@~ zJ?1>~?YC>*zWn?fr_G;#)cjvd<5xZVY~N=Ko;&Mr!-ropeC`>wM-CWJHX!IN+5h(2 z|GfRfnqz{o*!{8AZ4P>N$&%Zb9P{?;B`2O(e&T^QZ~4|k554rzv7LwPanM1n2faM* z{<91tU_^pu^!x9B`u-n%e<*zZdC&7(Bu;y8uf2ZW>#L`Ze5HT?lKy3z4H$LEA;%uF z{iiRjT(|Dtb)9vuU9ih8m+n&fKy{yrimfZg%s;O4w9~dYZRBO1>#x85y6gAdr0&O~ zj{5wlzn%B%9p|6F?EH6sn^^Vcn={@#^NL&M{r21Qzn$ja5dQk>E56?Gut#4!^2o1_ zeERI4A6T^L#6??v{K8@Hy;t|%b!T3G#FkqgxaHbe<+sh4vB``+)6cBD{PHQ6pYZMu z+dTK&rqBK5$x~h(HR`TW-52dY|B*+YdgSa?P347!+ZIk5HhAw_ZaI@XZ)U97fB)|N zzwq4^KmPa$$G6=*?3=M;Ul@DhKNsE8)O2>!-rqfSV4prkeK>l4$W1q$bJK2P7d{?=Pl-#Y2y+Zw+6?wju( z-|m;uAAfxF$FpX>bHf1#9CpA*Bks9x_3CX_k2`13gBM?1d+{~T4Bu<#oiE&Z)Wfqq zW5zr)=8RvPABo3*jeow+Q42o*{P@p@9s0NLHr;fOO;?Wn%Zk@t>wN9g>+T&JiA;`k z-M`)U4?q0a!xtUdxXX(#ZvNuV@1MM3+_>bpht@4VW#-I1XCB@i9rMqBzVpwUclx;g z@WX#N{HL?NKO-7FJo^0?dp0*TG&Vf8*Ta{YX2jes7T9y~;)fO=@>+7!ZMIpwO|oO$ zbGP1l+^t)Wtho2CyS}*V*@L@}s;{3@fAQ8gymaol%g_DtliiQ;dRKb~-89YD+tm^-g#%%JAaMdJm<+4AL2F2CT;FF!o)xG~2y$G86U z_1BMi{m&b3FB>+jZP=SDCOm%k-Cy7R=m9IbZoBQI+cq0M_2EMgz5CD=AH2FNoDYO!zNLhi>`in@hggwd?UG_TKyVy+3*U=(p$2 zt(tqzwl_U})m3*~waQrV&KF;t^+n&7XFqRgIi+ROFP}T~{`+6P|GveoeSN+MeJ$r6 zyiX#rOQQO-%g%iN{f74+KK9Dcw%dlcO|?z>{f|Fh`Qw4|&!*3rGki{M^Tperb56%O z>r%Td@9uuK`>Y4Q__d&5s{;RD22MEj)FG$tbYbzWcii#a9lr!t&HD7yM?P&@@b?o3 z51uqQJYn0Tx8MHA?SF3C>$8Om&tEw4rzhsV`s#{TzrOnJ$v50^@eRYr%sKY2e_i<3 zC%zwD`^ztn|8mLXZx%lJ(FFJ z$7>z;Ucc_i-F92I+iUN2d^vmesM-5BUbw}<2e%yj-0lyaw{qnlD?d9ieFdjUO?vOm z@F%CAKH&6{llouy_rEv&{i!=1+49vVnI%O#?Yr-SeeWo`>f?(pI{2aopZ1k5U3%lvnkU}&4jMFW z(Bj>;Y5Dcnzx{gr_|I2;@WBBe+;hU!tw$gI$+I;ibn_t+l^JybT#z!7?>HK|Pd1c8fudjWe|7V{)@Y#|BUpal* zvTK*^_x!uNJ@LfECzk!={G0mr9oToPO$&z2n^!sS)XmqtJ8jyaY1>q-KKPhpK0M}w z%m0ksc;n?a?l7@t^@tHSjF@v={UHxL@cIL{FI_U=(MNZDboxhEoLpD8Z{1aWuKV`g zclUeu*3+)-@OVag=I^pa-DQ_mUv}v$yKK_dc1zogN8j9a^ynu>pZ~+cYr48#>^k|r z_5b+s$AA9#aq+i9r%&%ceZbVyXRldv>YC!6E3ZA}l)s#^#|4|-T~ZP(iA^iJ>%$MP z{_ub)AKbsi7W21=SC71I^5pfCUwpair`Fc{THBK^7ZexoR6KLkkcx2lz3}z7q~5sa zo{#Q%tNyU|Wb%;YOZPtXm#@A$_p9BHe){znUfA-5@^?=BXv&nKQ%3A}!r}`r-2cM6 z9ve0Cnrm*lrfTrqugc0|We2Seb{}})(gWWfz4oM^e}4MsbNBvg$w?=9PnvekW{+*P z<5TNTUb{)ngzH}ZVO9ItwV?+uIrHj)M~vSt^~Pi6v;N#~=!%J-T#?@A?fK6RA8>nY z$%zjgWPJbpUi}YQw@bxo*B^EMo44f&Bn|oM(!N%&|4^0vfJOso>q1@%1c@Yvnr)c`fG)9OwIXXqRNuffru5w4BMJy zNgzj>YuP(w^y8k?bj=jbmTxZ0*v&Vb`O4BsoeaNZU}=`J22ti;S=zReJD%JQ&PcZm z37j}kgi++A&MLjnh8J_KWwspUJU7g!SKj6a;9kx2N|sYyQ(dVDl=GLJSzkSU$yBB3 zifAWss%|$Wy7?|lp-Ry9R93Y!l{G+^@^dATS9pnq4vtYfa}?P?-Px~q-u1{SJs(3n zM5#;$v=9mB5uzqNA>Rq0HP)E^Q*KgdsnhXvwdh6+|cS{JgPRx(n=8~v00e#@v#zU5)Uf{A(=@9X`D zdbvb<(B89?QJLusQDjXAW+vxLM^9iQjjI}WHArpF%}BgSI{#NP(3-upi(HLTye5>k zb#psgr&C|evT9Cq?`mD%GMvgsx_OacMrW3 zr?l`krt7nCoS(Qm zk6O)CuHlw#wNknKW9F+&YqIMV>-}b)&`Pp)vQBqhW+pMGl8)%Cx0a^NxxBPa9#A@> zQ_mWY=%i)4ooLaxIqMoOX}G!*uogVDgC$!b9{^Ar%SSL@j+AaTOp;0GDbaUVN~x0a z=?T?Rme2O=>DaW?I&Rt-{;5rDQ(v1pd+Hqf)XBbJM>`XdOSySYy7sb_lO_!JO||AV zG|R`ABtCmFQT-3)|EF?3S&8iYkEF}_=tjxMEqedVw5r;yWqQ@@N=av+z|(KjVKQgu z*-U7#z_XpE#hwvDjbcxQ(0GBTT4<=iv!Bp#fhVMCv8PLDq}X$;P@~9mwotRkbCb|$ zvFCB2;UdrTLL&v9cQq~YY|!pSo+1N&qR3M!G+yMHA~aUyIY6i?@^lG}7I;q6{9?~V zLjA>_TZASGJdX%XqE~3D!1IgHK#`|pGibWNGg7E3^aL~=;HeWDFZL`JY7}}_3QZJy zP8VtxdM*{}FY?^4X`$y$p@BlrKZFJgJ^hD3L&ctd+rr#|Cl57yomio=sQs6Qa$UT z>@oBF3T1x8Gq_}!%&mG%D0|#IyF-tM&VfdtA?T^lrBL>Sc_L8urg_eR9s#`;dMxx# zD0|~Pk3-oL=XnjvoUZ3{D097@U!m+Z^LU01lf82u6M6!)9LgRu&lD(o%sl%+nFIE8 zLfP}~i9*@S=D7^Y9yQO+Q1+;K9)~jL>v;#tT(M_8l(}DzXNzI7=gu<%%3QH$cPM-1 zJTsu|o%8GuWzN{M1R91O3uVuo=Uk|hZ_Msn`$8GG>0PbP_E5%hGAgqsZyA%ZuS@zJ zd&XDJ)8L`0+4dTIbK|m>hSo810SbFyWy)8kTBVK4w@#hbs6ipnART!_#oYOPq@%Z7 z>3*Q0bBU_1tgo9|5v**e3(l%)SU6!Eo3HdjOHT)V4n~WTiCc-esBC0+QgicY=_D=2 z^09g+6r&~W-cV7`Ejd%>)>k@H)WoZreb!cddU33ovd_jHS&_(h)Kkrj85{E*m^dD7 z%~I>I?0mEDnUYOtn#}-@#4K8rwauxlpII|arl+$!Jdn90VgZ0%xzLVam>QW-&nF6)+3d`O= z#lA%L4RHXA%ST4qj=BD@NW1IL!==4i;+8d&SI(*;y@};+Z)(#Ye(E?hF5!S3t{h<* zzG<;6e6ptBra!dPmX&0aeu33{-4^nR{Dg7x{W{CF_R0tgI9;q6$PF;fi!(di*h?fU z5$xYsrbm{h-gm^{t1aWw+|ovi7mgLn%l-rk93fg`9OJz4Wd< z=159d`o-A3n_5aGx6o*ZtVn6T^+a%%!4~WNhHS{AZ^^zS>Rn!$9SnLd!}=H^D?;_x zY2qY>jPA_pn3LTZ#xlNqb0!q*YR?{|3`-Z9#mHoKp!N_Wc*7h=sW9`Ruy^%`o zZD{Le?BC;+z`k5Wp64>&cf;YyxL?Nn`6zRIX6(4}6DCgDtzyd5X_eD^ z22QU^oT_U~-GrqV?J3hSMs@-m`Tpj{jo<=s73h%;mi`gz_2-)Puqi&_h}xz)*Tw9@+QovG+@<}IB1X1kaS0$i@n2^%iI z>_E%xdFe$G{~MQ(-p-DVt9HATXH{oTT>go3tM?5*S1+xeH+nf zi7jIsnImTJcU#JllyovYZ5CPEV%ZDeD(Q{z^HL^@)qIncTP^f4Fiv^7b!Nq^o>Olm zv~C4-i@D5}{%mLNc9Q)?%uZ&WG*c^b5}?0tx3)^KTVNUM@iO?QOq*I-*a}LVvt658 zt+S2V&66jG?i2Cn=3ASdVA`(R$vX>ZGYz0rk)!&Y7v- zOmQ(<9+g{UW|_1ncuN~QmY}P1xa`1K$t{L*RKdR}%6}0x{b3<{E;BuWt*Jfse)6S}H@ZY~$%Awf{=m-f5f7 zB8Dfkzej?U~R_M`N^iPBuet)sHXwRZYcbL_;4yUAu9YtyeaN?Ism z7%qrpIDtC4CdZx6Xfs=lsi|EZEiLBq*7i2NZ${B>^cHHV#CcA7TYR>O$pCIy>r(EV zlseCaU)pR1ZXYP2*!q##k(2WrviFmKoN0w_0)kCUs z>QvJ@4zh<+rtpIBM*qan|C+nac^dw(-3s+w1#y(SB z3hHGKzHT7wfMD_fcW*d$ks^!%2W!3|z zr-QZG)Edn>qjRZgIctcn+GGzuXi2SIrqrM8D*`p%+8CEtQ?vPErF!I6!wetT9~=QL z0*`}FK+)F2jGe(AU;#J`oCN*~o&ev1t+p9v><#9C7H|%@52V0vVAEmf0Mo%Da5Oj< z+zj3V{kI)vi~|e6a&Q@V7;FHWZ8yx=3mgsBfDgg1}RYL&Eh-kJ;wIS z$LiOC(L0nF_klXF0`!zyv%=`mY;75_ofG-em3O&MSl7I^6kt2m-HOF5j|vul6OHXHvc|8r*A}$^FH}M)#DV7 z{_Kr|mf41GpTFGM*3e|Vu5no-n{D;WR(^3wKR|H_>AC9F8D7#VWhrTsN$q|+4>Kfw z@{@Pl^`t?+oMt9}l|2e5aU)B-SI$MW?A%UF$6mb;d=*VpZ_Ld53NNg=cD|rpD_V&tt1I8(tjSV_u zMH#=6 zbqQ&9!qh3U+Ep7o_n9LDk?VpNKh#RM_!IFX;7QyZeG<2mY@QQeIfv(L;T>FJoR3+4 zat@D^2Bxnh{`P0UIN0$JxiZQkfIo*PWtxebEjJF{NaW;<9H$6+e$ksWP+IinldJ51|k@@=q{@iCl^~2>Ac&U3i@7|89w3&C|$@w&u zP8EPBvd+&WK2o+$T3*HO)L&6^Aa>RxI@5(l{+D_9oHZ_-)7zrR@n9HdDVeE&M zWcB1#V7pV`GcCJ0_mbeJ&@Jh8;w@=-5nkvXizoe;e?)HHZiPJ?caG_*tgWt?t*YsK za`IqTU09?#NVOO zqpfgtJnbV;b2?3XU59>A5A^KWQ@P^TQK9L_=ytau$)C^Rx$9|S*I|b6Cqbo61fk;D zDQ_{G5m$U6M1KNEVX=;7ziOR?_(bUsWaBQZO5!(VRY;}iHx z!hhHHFYaOR3<#W%EsMM+vyw?gp&8ns_H|c z@S+_5V*V@srH?y9Ec_&oFSU76FXUGQu7>A6w@vz%8{tVmFMgdmb{jl*S>TizFS`1e z{_?%^hQ2bU!}ZuLr>pf_5IR@ zdi~v5VkGa&$}qjCm{!acB|Pb`9H#Uq{cK)$xjl^)>}Xlk%4DEp&!o`uC4T(9=n23x zVkJg*xwA7MqoJkK&L{R&WqzV(C4K_*Z(^38(Bt5l=&@sC=R#}PE*(1uwRq-FLj2Iz zISkSB5jWRpd+IWJf(JSSL51mO;6r?nkRHeKr-uF5CpnT%3cn#-O4s?^$qt9QMw zR0otcAC#&8PfWYgD zHc9D`sU!O?vd(+E=q@3wifMB=-V;&A>5iO#Qf^_xI*v#y@EEQz3%oSCM1ufM*4qYq$IL}ph zl3zML@Z52ecsvg;Mtt>5H~SlF7F9SQ>9+6AYe%O$ZCg=K;`pZl_KYI+Us|ZCKQI~5 zS*btdDD^j6?ZRX=AU{!#3tqIxY)z+F*l`fZoG+nMWoVF&v7-6qyT*b%wdR4=oWJI%+wbZ!-C+GGNldxwx zo(Ap~;0?&qXKS$4%6o?Mn~5LyI9uvWweYBu&ijbezq#<_ed(k3N{nB?=I@snqrfz9 z61WUJ3kH8sVodt5#FzrAKoIN?jt6Ie8^L<;$R{PnJR6;#mKY}kp~8Cy`aPIyM>6I* z@7RgALxXRX7%AY`h0e1r|IT0Fom_u??GE?f`E!RQX8rO*?PyVZxYi)|QuD|8{nf&* zY;Fy5)c-1Nv9|iiWXs&zD%N~EG}n3F@ZeFU^Lfge_J~34VJ|W6#YbG$-Qo3eEt=oD$wGIDKCr{1#;zDg}^=MFu4#IYxN?zDlTz4D%ad(sB#tU;eMcM-^w z32B+CW@q^8$eoZUx7wCt30-gEa0YKq*lY9T*XGGf$GoEm^Gki6Th}aZ_OJhY-sOJI z%Je$^B|P^$lC;%+Hji;D+g-{#tkHi~ugLg&@i!h`oH*r-cRQ<^H#XK?jC}rBw*y`R z9b7}uy;OBHw-T27*|rAvB<}8K+Z{HqXaCpP+Dy%;kcr4Dr=)v~EuDd7c33OJO`f%! zb+J^g`KYrF0kg&covN0NPscG4&SVepx@_7B8JRJP&4&tu(Wd&pE}8u z7^h%ZKYyR>x$8D7Ljt%(^4y(zq5`>fG`06IV@gF`)l@kWwywUmf~nj()zqkDYXVzf zM5$eEwEpjqcb~&AW%>g=sS8spdbY8JvNwXf+}HqphStiwoaSLh4r9`d z+ZhZy_3uCNcMbk}l=VW+0hexIV-a+1m9&@Ogi~iN!SN7dn$X@jsd{Xjq_kz)T_z3L zJj0PF%?u8;pJr>Wp01_!tC zRcyGsnLR{ubPOAx+}2rah~U~XeMj(8x)XUU=h)@j&0GnYq{ryhk!C6goRt*&~c zwXb_mH8RsjJIg&I6&DjtreRl)p6qn|%xiBk)M(#ws4>RISvI{1`ga%qXUzH~ikcVO zEL$J#s@Q|XkqHjT%E`NP{j}V7=g`z)hJ2(~HN9$TMSW$kW_Hz7Spjj{>ygMi&jcC! zM3L7*3#`QhM{Z4?+}e!XzH=*P=gKaw%+5?H(MscE3(rWfQp^IKinzTnl+cx zW;@vGBr{D)T_cY6Pr^>4U)~w7b(m1${{lbwm!U>;d1fkFONiSf!jN@xODXe1tP60L zk$y>a_p|jPhYp7)eh-G1Vok2Sd>HCwbtsEjHdTWq==e82)Jp1O>PoJdZPn~t5*_1g!1$f{v zL!stX)m2U5vs9bfTq+F#xIX*kyW$S{K%4YhZ(YtjN~U62uSYem{Be1=;=*&*RQk*0 zGCAm2zok{$5jU+@EbBXCrTA7+|NMFN#b#$n0QdAx**dkr9=rdi{+xDRzmL^EPncn? zZC(n^1ZEq8qpk3!RdJ(Du!g6$zNanIZ>&a#GiM{7pFu}f)>0yE;$7t2y3@$XR*I}_ zwl6B1HOwfmg=IZ(+nLP!)z!_FNv5nk^S1;n^(|bM%@cPRjya8cazs|9XT9ublW`ay z7IiX;kZtky%i|(SPC9#>WV`6{7Htu|X4Nob7a;AX9J(ive4Pbd03=TqK@SHK$1|W8 z0_jt(hTab(jemotfb2m@L;I0W(*JG=Ed@@00?T={cUw<*c{cKCIFmw5RJ7>FU)DCY z!tFM-!X;R-h>r!WN47bYJDj9F{(El#v9k>?fx$)yApJM_F4)YZjTD&1PR{ zCO4*OcFm$J)BS{=+0M5CvW92v(`(W8ARk=v-6Dr9%W0d<9gQoNF>z$`vaE`nv{bm$ zBE?ajDI{&nE2+~ZG#j3Gbe9sg9!Qf|Tvz?1d*8Cu z^-;!yvQ8&uF6Ffvp6I6TOp{qT`J{|NQLtTqm}`ZFnEpM1&Imf?GCJw_l^A5?1?g;G z%64e09&%uz{t^wH+D(5*i-vy}zqG`eJFMJu8NaxAQa5EzPtndK9U>=rAq~`k=lGSn zDr=(K+B}J01w+Y=%z@L7)*vD0DRkrH!8BbMqGGzz&0Hww1$OXoh zRyH_#E1WO&daBr?a!#;*!CqS3blR+0O~tVK?pnL$+ANe=g9vLNkvTphqrnv_@o`S{ z(CtAqO@A)o{A>5LA?qO-f{Qgsa;z#=87pilgV{5VNEn?h} zD$|b*bL%Q*ROYsKk&*FakLM11x{?RxAr^)qG16dwX+$J_p3uH2ExRZe4Nt+sxFEvox9yr>ki#bV$m{oD=6&Zw-e ztgV=B4Ft4{l{eSyo0~VU=E>G6`H)gBC+xX7>?33)kD|6d>5smEr^m1~<_dkNDt%=* zGpU%<4{k*~WgSEOJN-)49+&KEg( zu1Fpn=Hf}eExaS(rR=;CyWkXfvOh=sO1~|dgL$i&hI?RTb_9{ZHC0%adT*R@=zlM9J`xV*_Qv*-#-7PzghpK zzuEt#zd8S{D2Y2ti{6u*Ox7Z%J?q^b={~Lc! zKh{;B+dplKo%^ulD#mG*byI7rg7qv2OXya=vj%s|X8oNl^3GzkUSgK(wD4|!R?p}5 z*2ZeLC(H}+Cw1OoOB!0?Nge-J?ch>m!g~$v*}u24#79P!c3MXd+baM{FHWP|J+JMA z89OI8FCD&6XDs`l`uoy;;oF$M$lkq&*`r?AHwJ&W?@(jw+M&in^M)EX+jL0XP~#17 zu^m==dha?j>6tOqh|bK)IAwpryzKj=j8V73?mTbm=1!@vt*p$vd#=OH4o>%5)3EC; z&N)-e+0XW^eIEMTMoLA_oKW@`eX{LFzUIrsP8*h?Ps(1#$MTc<&#R=+J2M{_W*90nhQwb2e@XH{c%n=6zijg|x-vRc(D{myt8J`r7M(Gyp3m2- zQ0Wu-xT6u-pH z-L6H~FyS?@zrqe6`Y*~fhFdDn-N~bMdFj3eyOldRi#YaogwEua9ZQy%T3Pe3Y;*W7 zRu(B3r#KOZ-fPF*X-g9K7j0gx^>L!zjU^HLbObT!lMf_VcOJZqKe?CMod@sQJb72;xKh_a zkt0oQ*P5h(DYe0Fx8bIZrz3)!*_`X{q~ps2a?`OIyIsa}DuO|oHPt^ETa+A_`<%V2 zhisj_emzYuJ=#TP?@iC)SxW7{PoO9Nx%-CAlRDx2B)n8hFVETV(#G(=npZ}_&W8>) z)-N7v{Mb6w*c7waZ^FJW_N74Qb!HNPd}jW()SfDU_N-qWayLD`^m=Ok38o`D_h9ow zXNy@WH@NL3a(hTYGN~4B@8Hg>y(CTH_MygW;9c-BI2bH7JNbaCe$w@ru_o42ep>u#@mcCt<=-H`s|Q7q1aC<}rzOpsMf?Pl9$COC5d1YezL zFBQvHaptOZC1K;TRn}L{i(A@wVypJ1PL>k2QC|?nom*To=mguvhn8GJv^1>sC{;`P zMS7b#yqii{~{wlKkiAFOr}q0$n6s@ z#a=g`Gyiyrb!5y?u1vy_>Dg2|S1xOjmG8qj;!Q8(SfOYCet_TnXV^M;k}uBJF>)Ka z`&UBv;>YP9gl-EjeUfg=^Q^NACY!nYgrp&6oH8dZ&zD1eM|AE_{G=g|)H9fLufNL+ zH$UU_jpt(kw^T3g(qFD4K9&aS@6Xts_zFktk_L_yXqaAEQ9rk~Qop;GH1dr&?mI%Q zYpb~P#ySHj*DALc_oxhAZJn}4y|Lj^5BcscInA5%-73}eirICQ^1(|BZFH4d!1}OU zP`Id(cE+73%Q#tz2iZndkK!^${;ym%iftsWp{EKA@bZzop+W<^I|wxfc=r@)4)87z z8Xn+XB{Wv(JymGD(0jg6RqVY|yBB%aXj<&OS7@Tx`-ISFq4zDJ!D8=MLL-Gankx2gAv9U&9ii=o-ra?!3%x<1s>s_U z)F|?H2~7;}o-EWqz z&^t}?fl7JH8tY7~3V7aA+}-Y7IUzygO=pk#~}&#oif0Q$^nSLeoXwCE8x#JxXY@zzJHmvt)?40rHeI42i{Sev${T9l1Vcr2tnA3u81w9d34m}qopUpwHBip7^)^C}fF2FytXuCz&|{%@Lyv<#4P6O+AKDH53VJv?Imw|6u!i_*$Qp%zX_<%VgN*VsA1m9Fe9%WQPBHZAfs99xpOpR_l( zR<1AC&T<{>LWTm}OXc)VS-E3?Alok+tZi1>XfFphx69$S%k(^QJ6DeJMWURqYZ+x; zVUgmibRO~zaz6v-Cp789XE$?bQGcKwVo=$c)iCLDN#0;ZmYJFvW zgPjw?l|hZH6>u&Dxz4rfdU;l#Nvrf|L?^YixuLPMDVHH%iA(n7NOiZ#p_vwoGyc%* z@@O+G8Ts&$dc{Gh%XI>>^{Uh6P?A%sGLh9%y-qjgx>%(oyq+5&h06ewl@ScRtS1TE z-4yDypqnE%;E5E6oNAi$p_F#eJL+XKvUcw=Q6@6IyxqIl_6wmEw*6L@(dQn-u;*Fd zU)b6tjiiO6#28r1SGDu>3D6v8OS4&tT{cHkU)ld@SEH;@E`uz|oJETg+e+Z_Ij-$V zn4;Kawc4c3kV1AUu$$GTo4kvoYqY-X(9y-B6E`?=4Q=Ku;o4wLU1cUp4Z*n5cXBg(%WSu zkR=mjV$&{GQ~EnQo-QWuy4Dd=SsroL5ujh}X~Sk>giCD>4?@nb6pANVne2n#1iWXLYMtA-P&P zt5%=Fn+?XQU#_zkGm`DrTdkwV&bHRfqcS6?XBactYL!*i(SF}`)O0p3YRx!0Z7Snv z9ZhFFGjopz)}K_d&DctuoEOFw&Dl+c`d~et#3Z$o=a*Dvx&K|BLVC6ymaWybl}H3L zVRdo1oA%l>p@>;&6u(YFoylXO$y7CaokS{o&M-E+pF_aX%>jkhrYBP>vg0lDVTxUW z?cg)&ordek+wL-iu@8W>AGsWLmSJU@d!DZqi(8i2X~_g&Pr}NXk9OLe*EAhZt1)KJ zDV0-h^D?bhN1nlSEY6v0%;(yzCR>diw@mZNNM|^@kI1m?8tM9K$n1rsk6f0`QQ0$6 zd)(AHms2*{R4ebLOE|Zr6x&Gt`nkDtK3~Q0Q7!|?Zd_Z{QZ31Hk78V;y7=3S>mu#i zguPX@!&jgk{$l=i!Zj72C)iNbOIfTLwz&QY!OO{ruISjj3 zj9S4V@EzTJdc-qDU0gx(KtMJaj;r zj4p3(<9&}`a<8F^RbiC?>V*=O_=$YGnPAg`PX8sU}Nk8JX;O_V8q?nMrnFt2b) zUWeHkr-C5PD{&fo8a}%TRe)E?Ft4$xJJA7>APz4LFA5a)*d3dwG>8Irgs2Dz@M`G? z>Dvg4*Km2|j9jT#&Q%JY2`>>NSYFkGgcme6Q3i++w*ZI&^AYmlVdNyfP=okH;Dtd% zbbv63Vh>$Inn47_Knkd9k%1;b6vROq81Un_lU@)5iF?Qk5C<`I#cxFhy=iC?q(B%b z36nUah>suYe-qia$iFv8*H*}b&`@NzCLUXWEwN)ZUnei10Rg<=qonBt(w4+O@=17U zWDJo5A^1UL75Yr_GC>>-XqqyMeT>XH@Ht_ALH>UReH%N700UkMUI4koCzwG9`4BYl zB_NF{Wa4w7^`t@43}0;^Oac6;@V~-8btMGiz@NbFYr+sdG)%c0AOwQn;2&NLw*YZX zQIGu4ApX+02cSlPv`ita4%`nTk0|RnNHL`m0A>`*bWh@+gu`5Q8n?iCg9T znS?;#^NXISY0Z5kM zhrAB5oDs*I9)ixtNJ|mn6GjAn@O$D$8{`W_<%dS!BK~in`%TISa}XNDo&wR=i3I{tS9_O2>)xs0&!r1AP4~e7szY?&=@rNIrs`0%n^7IXbijBqK`7R>!Z{R^noOK z6MzP{>7&wn_fdg~eN+;6V{7bF`>51j$kst?u?PAn6SGm#M}@}pQNcrS`xzbI67Kit z!JNjN`T^dQJ}QCk&`TbbLSO8C566}DQIXF)$}C5pAHN$sDje>k{J=y$IUYG^xC9W7 z1c(ZqfXpqpba>PFg!oVQ>$eZ|qreDPmJSE|;gsz5{CLUko7k?4* zU!4!OrHu9@&L%o`C2iOPyP#t?o`XmDfg_0<>5Y7h`9u7rkSCABsP*VshaLDogl<6BH^l83(*G=O(AabM5&h^hh-U(R5}tV}e%?aQx9~n7Zto#m z++Rh$ga0_;KL-6C6!lj|L4Ow3aO=}w`N@Oe56EwV9rwh=n2Af`QSb!eiun=3ATQMO z!~qyj;pa)x@Cm#G_$PW*e-%Fy^I6D3{m>{h1PzNF1c3?EUGRvT5yc(&K@_BsO+b_4 z7sNpXm_Nh&6So2V>GO!Yr#}m*{b{4bA9EZU0||5nMnOj+1I+P+F#=lFUnK>Ta03w# z15uCyaS-0Qzf!yOS0NCYh;DdlH~dV1=f`~PiF*<8{T%(C!Sr{;e*^xC2de~rBY{E6yb(VjLRg7ANpJOF#u&tH zJ#y;?srZNJA-wnq_~Qqw@Gj^cjm~oDIP{r=RRkDiCHf(H!^r(TMEGVaUJ6Q+(F0glA)1BAT>T#k;L z2?qqOq@HyUZYSa2hRh{|b1D8VBV3VvkT@r(Q&&La__-Y!{6+7=d=I!E^Fzoz3?Bpu zBl0LZ@RN89`)9a)iSB=3{}9;}dOm;$%yr0qjQIz`+kiVre+$0A?Gxe*LgEI(-xEg= zMUR2q1ZnJvO$r!O7pNEr5{|+>0AKYhP{xn=LC*gZ{xBzm0`q6wp&<~&oQ8&x3qWJY zC4~Y%ZicvlkoW=dG`zkADgg}=R!rg`VG?%gJ9y{`!VBT<7e4j`{LoW`^Derc!AzVJ zyzB8*jEaK*;Hz%s7v3&IY3IB@fE0*;B#4fr4Ua2ONuxli%?eZ$Y6|s}ZV<1;4fsbD zsK~C^%Se9-;eZJ4CW!d(3r&?5r~uRt3=kB(BMW%G!ygR~gvQ_(8XSu*;Kv?;8pxW^ z6o`rpNP`%9!qBAn#Vr8>*rQMrKYnN$#6$)t%&Fn&g9sW7k_rd=xXchXQ=^2DevpJo(;2uRz!AmSH zQt_RO*f_$z@xmg;wMC3qir7$5#HNcP#&bm~2>i#ugC>CzGj1Vh@XJE#c_Hid1YYd}wGq zW@zvW{6pi|!}v2mMC72MuL@}!g_IZR0OkhbfLj>ZIR26q#NUs7IQC+6ZGmoJ{#eKu z7r&whnJ6@Zp8z^j5)Sqt{^HQ2U>D+81|KAWfxZBUz&Ej{p$60sf@0qZIgl8JjvWYd zE6mX3*0^tp-))cu@$KH9i`V;b-JWgSc zzz>QaV2B)4p(h4S5KaJ|NjM?QiS2MF`~Yc;?TOr>xKR%AN$8<0{Ck1j;88}=$@tj= zid+O3ZOGwnVovRjeQzkT!3tHAg5A%M= z-0tBW1vwBGdMfYcAc0&0xfF5%VnfXJ=r0tsLe?~usjS6xaxkH@_Y{qWSq*nxQ>^cw8MOA#-Vctvg_t;8(= zF90tDF99zFFLE9Fj)UHaEaAp(fx=543x$`s57z+LBM&eFfP2v_f2e+qj1F^M)^DOoRad;5@kKleEa+m`k{uDCzBJ(iv z%&i%3Fb6V@cXr+_jU5>aGcHas?o5~RtlFDr595#MCp>pc=pX4fW3(fKbf-yY_?dyq ze+1*5m4j96bjCmzF(!P8F%xqf!7Ddafj(>?TVklhlSAlxHz)2qqt1?D|N zlmcmF(zqqX9jNC9GH*XnMPDAMjF$$g*y{t)Jy50Yhr&zU4IkqQiPGlZajwD!=&XN`1ca#1L(gKSrEPr zGYBH%e*_*hDL^LeAG=&UlT68*bT^n5J(BV71=fT zyAc@>KzES1grE@t;RMN}$N>C;)Ij1uILX(Lfgi=3!ki*)0qkka5vU)8L5jRHzr!yG zyn-7@f*^8n5CaJi1tAayeh>f=5JcAhDtbW@81UlIAP9pr?glgpl$b%9Fb#vT{HBcc zB@S<42Z^`w^Coid5T_E}E1>`AOSCgT>-yfPx2TV2g%)$ zMV%q0}8z{bQ!osD4#G$?uIT92LbU5RpJ*K!aWZB*rQMrniM;3 zX{Z4Wf+%_GSHzRF`KcRe%xUt^AWgC1@PI-3 z$fgU31A3Ftgo!^8Kt76l68(l3xgAI+Gz>zUAwyk{LDNG>!(G(xH02A7LBwx2!V(zh zz#ay1kQ6sDZ;ISzxQiK?6fi&g@ zcnTU`gdB*0C@>C178r*U1~5Sg1cV-oJWwD23=jl^kOt<**gpm9;ej;p!&ATz`Z<1qu_@2}t8fD$5Cj1b`34!r#GD$U(&JgzpT%4b zP?H!hGiFYM0A>?JF#9L7?!Oy$%wb@D$XYx07)a0LT^po8bS`bBp0)za{V>96 z(XKED#9WOV<^=E~lWwG)HPN>A2T%plt+eB2t|g3XXwT3nGu zK%k2B%|eIJ=|hzPHJ?X+lK8NXK><$rRtCHjya09smGi?vW5{ksu7BFEFnGA|P5_qJlN(eGxazad--IqKh?2?14JsurKl1 zo^tpL@q?xhV7{(_Il6&gCt1d9uXaaGtmvAAapePp)FAgt-Yy>1h>Nw0G2~rWv zz_@Yw!mRLDki` z5wF0B*ojL5o*x823VsZJ>R!TK4Nf7>r{ab=3?d)|43ItzPv1W4jP3NIoc+{6{g zf+%^f$mbZk(xk(rZwk(U`gs@g(WXEWM1gS*{m6N=XAq}dC(fchLjzIhnc#H#kuz`y zNujt!&!xRX&C_V-Ab_86&88~RNgog--pq%`!pKY}yy>8pI017majGGnAU&HrSW0+P z`m+wdIrAX2={cmMi+8bAyko6o?!S|FEX<+9c_)LPSONb?)()2QF4zqP0ql_@cpn1_ z7|2B6h434|9>;7#L(rJW5O%DZ`~lG=q`7ue)@nCZvAX|5(VfR>H9ZahzWX3)vhyp( zz7>OPMNJ7&F$y8oq@pASMX8w3Y8#cTX{62Cq(YV&m88T_Q50j>LL=X#62IsDZjT`%4}EI zuBFI!wa?PUFB*?_3Y008UgDlp=H696DHXSv2bA{k8w*M(?C$prx$CL0)^<5H6s$21 zw>fX$IEPfG^?asu>~i5J&MDQa9AD)E`Q=~mrMdi*`S*)@;*}fCb>DRb>J%(BS3Z;` zto=xxkCj_)d!csTxBZW@l&_E$nO}>fFBbnmz0CW8Jm;)R{sL`plAdcfspqq@KDAq> z-74*tP@vs1?N(^FdY7`=EzxdaSkLDiacx&8Ditfqu$&s;B+Hu_=g+O&>-2C@{tv{Z#3vB)6~nDx>Oq z;jzwzzN#tFUkz2tSLFJ%PX+p_piF-?`U=4akWUG<$2d0BPxuP+_|>-}8*v+53Wt|-oh+AZiIOSxEj;&yVwr&kwn_Pb=%gu{RjE&NE@=9Hky^K@Fwb?b8*r)&M`5eto`(Nu={^nS06)ID<*?#{m zU0NW&TD**kT&PT;_n!szz5k?kzkI*-G%xFl*Ad@e`rg7^9)ayZn4g~?l*upH*FW+- zQ2B$!k5cZi{Gj4+|M1q2rwfi&N4)G9Wlj(tZ@Wl+DyeBq z(kK1nUGYN7a(Nq+-(*a`s(Yif-pW!@BBbn|e7~16j=Qwwoo>O+{*f`&L)4X5L@@zX z6i6=-)()07RDZT>g$2?|DWoJfhJnU=r@HbhrB&XmFKWuPNpPQXREif0YpEWlo%@YV zSV|H3l*_9kU;SF;i^;cLnoAci5(etkC|fA36qZp;0TuGAsTd%SGUF>4p?`{3+NP*d z-YjLlk^YOehf9A@`#JK8U*}u>%d3)CZJ!E0F}4-zI(~%|Q$VGCuN|a5K`y*oo<2*Z zSEyI(xa9Y-z1H@Z%BWK=y;y#U{>#?L%e76V>sm1t)O7J&cAfY4Jv|$U7hG?(=)h zxcWhURNox0A5{Nk?EBOY3Vt*8OQjb}qxLdCxutr{*at>7WoC`u|l&rwyY4QjS{CbV55UMpTku*CK}&wOvnd&{Sh?h~W z&&rR56wTD`a(Ti^VX3ry3MnR_hAMgax%#<~ijRcqRA{%{cBSotT$n2(UYxg|-@^;n z*w-(lQNBu@uau+ebA5j)F1^rp^=fVXit;5C*si3ED%)k+DianfTk*O$Rhy0PH*HdC zJ6NHvv}*GImiDJU!u@<6HHKO8a@!PBliOClK)iaZzNmF>YX7h;EOl?4DFp<% zy2=#%uD-C=xvbQGx$QumYH3Bbt8#5r8;7(i+d-~fWsAiNm93yO*N*Lc$ErH>S&E8u zKTB{w-{b7(J?(y;HO1uz)O@IK=dN~d`&8fY6;{{t-P)e&?&G^P?~IBmY`mZE^=#*y zv7hg-_j6wr9Xn+FMxRPT8G9j9$!O@aKw^wmJy2S``0myr))0$d}&42Hbr%$r^3Coaie-SOZQBYKTUfVD6eeABd!tU zwjZ-SURm*q-1be<<=5!9JlD6p{0Z8iSYJi@Di@YgmlD7{8P;~S(ElcE zy*uCH`SQxA+y5?}ZKgO*FF4mz?Q3qEN_o{UI$ro6x&5wy8IC2zBRm%k_dZQnS+>9X zre`OLy3uw2pio%W-E$MQ;2Z1`3!b)LTF64TeU^)AI4$3ESD}`MKRUyJFW!tjqg3_R8U5BnR@SWp~_fF zjHPftWvG&0kt=hgHsu#mtF1Cha(PE-Hy5Y2zVf#7)vL*+Yo}EC;#@s*sysLE-gg`p zIOg`F^fNwp4yY9`7v|^U6xiQFVYT$iTu6B?PVJlWt+5hot=M*nydrAE%Y;ELPMLDG z)wZ=&Ei8~$rA$RGBwxHRS0|U2i)*vCN_!jGtgj8~2}^`EREgIR$Pa!o9^Y{kQbtj8 z$E&6NZ()DW<1FXFc5RV#YACl|Ei9E^t6Z5dU%gsoYvkqU%I4~wtDR=@%H`$y#n`-;$iy9)sa_NiS3#p>XJWHo4L9E zqj3;utMne@9BmA**?z#jDOajYxwIl-(KG5i>)xD8^V_2es;H!zGRpN)ssCb1DW`}6 z`&+ENfCAUR0%4Iclv1GYqPqIiZ?(1y^&JRHZC4swEj1MG?Ra&N=eirbERRBMRp*pR z&mB+4vEqK^%d~l)evBvoX>E*`{;2axez{{Ltj)!x7YK_e&TUgW-h6sgok#2wwO2d8 zjzNJjRR3UH+AJ1UJ1;f4>!$RATzW3e^{UD>DKO583C`u?@?LSQ>`N_W%2zl~mG-5` zHLy^-rMdH-Ya{pl+g9!Trj6&-dBHd)YjcX@XuEKlZDDDJwkV-=i~XEzF1}!lQ?*%X zA8Z%DDD7Qiewp{2_XYNOvG`_vZ&I#S+TX_boANu9-6<__PPCU#g)tQTuHPK-lHB*F zxo2VDgO&=*De`;s>N%FqwbDAd4|Vn)>L>k7aZabYztr(AXAkek_Vf-&SiP6ekj>Pg zET_4-xZIdNHujC`QDkgom7dS$xc&;uXM4x^y1uBGsgJp~-|_ny@lwCrE}13oEn}lP z7x(XUYn7??=eSC>QJ{XUb^`I*4bH7TYy6wgk`CI7#T!@){tZjVJL@Z0;0N zHpF=r)+$@+`-Ym?KBvs}*+y9A_j8rvmA*qS^u2f`h0i-TR8?r3GUKXVrY+w`6uB=| zQFEAa-S6GH@At}wA)bGakoS?*cFy{J;1QY!rJvc%`5LTjk_D(P>Vx8h~>9RJ*Uv4$$l*=onC$T}&rMrtXs zPAYQq+FUObR+{J4)<_9exwRoZ-`Xq|FE@wFtc?O~%{jo-Z+_|zw%B+#{If=RIeNgT<5!OiYH{NwwC;3!bBZZV%2j%8@KEb|z z>uQ};=hg_N)=8E866>VE`lyQiK0CzPC?!Zl}s1jD?){AvgMWuC8YMs**Ne^dLhGh-hqWUt@O@de^;0OXP+qOIQ%QmKQ|5dG=4VN6PFO!x z)=#DNQ>|=uuAQ#Vt9ZG1rFgM5Q*3>dn}_A%mEyJHHP%iEmDW$Sw0z2}pW>^XQ){Py zd~2e{`YE+;DygN++Nq-0+Nq(yxv8>dDwHi0mQrSXf%Q^h?d1DRU1a@~+-LmOPg!nV zSwHy{+yDIB+OT%2skzBMQGTbf=hhCz#+px=^;2Q}lvqF2)=oLKt(|}O+?xB9OZ|rb za_?oY@Ljw21pfCazd3V#8Ec;0?>&IE<$tsF8&74;?HbqUlFM8xI(jdwTrf`F1CFaQ zl|PufR8xLfgJ1^pSf2%I%EcaV9gHg?!FNf+HIQ2XP|JXwNm=$^$&hOqTHtf3eq54T2+S%B7TW z2lw+Nudsx*{6=_mgW&%-l~#1-PRg0V`>bOd2OQHNXw3Os%Po{Kjw#ILL)Nf`ykm`@ z<2i?7dNY{OJk5)|!D7DTSGJRPT!Y{U&Z0d%8N{PZWezL&j=#x2UO$}4W%S@~#_|%2 zS;sc^Ji$J5GOf6r-VEVUrZI=*)bI!4iS~t4xrnaZ!o8GJ!7M)HN4B%iNezO-DC7dV z(2sj~oYz^&FZ@m2M)sN0xsXouVgO@!mX~>(4_VCyc97S&LC}CR=|~T5ql`y*g(a+F zGdtPyPF0`AG@~6|xs@^=Wg;`FVkO^EOK@6)pdLqZI<4tMUxqM}Cz!$< z=JPRY`I)W!$6lv52oB_ATG53ejAbfSe9kZICclY3Ii2(A$c@~`Gt6Zf>-mE{&S(%c zwI&FLR!*+9^AqGJk86z!*YJ$Z}x3%%p6Y> zn$w03bfXV&s*A5Qia8BbKE~7hl@-S0)htJu-UnCbg zcbvuL^kq1cn8!-KWdqyEF47l=ax7y{~ zxr8g|MnCRhG!vM{9IE(`Pxy-O`I|az-FrBiMl_)%mvJpO(w~uxV=}L?fY14sT6UA) z&Kl)-T5>g|4C7HI@&=3egf;v~Eopn#3>tAECEU&9yv9d-M{ue86pbn7b{=9HOZbWO zvIfC1T+B^8%xiqYZ`3Vz?6`tkd6bt~$Qm}2Ty9@Dn=844$C$+je9aCH=-{44OD?4s z!+476%;96!@judz<~@x#gYzk-gqs=0Gt6QUtND&i#8)^*oIneT>B^l9XB;muk7~YS zBfH4IQlGS;Cxdx{ms!Gh>>|6$KGBFv=*-m#<*O_CqKS;V8Kc~~4TNuU!USvLB@)Q4Kuj?I4PM|f{Gmue?V=8l5&T2Lh z_h{gqfO$=KhBBU6RI`%X#n z?FZ-3k=_jEAto}DC9ESI;(XJHb7)I9Zsu-AGM>pSXA}8Djf;!u#H~EQQ@p}Fmavvh z{7e0NjEVO2V=Qm*74f}}C9S!Z-rUVYOlA&?SxpVwNy=O&IDvC0rYkowkdZvjROYaR zZ`n%TF!vhHq&+5(+VtyhWZLZUtYq*sWJi{!Ou%17u zJI4K)i@AaRjN}s>U!x+aayvHhjBO33TOCws+g*zF~TYSbg_I%tv(VXkJlc#x? z)%?jp6O4}*T*VFC#xTb70&`iy7yQgNvM1E#B${z4CG=%5kMKN|EaWqO;&1kR(j23Z z3%G`UlrfGMn9V{~@*{t<$5YNNjcLsl+{j&wBTXeLTt} zDp|o#?4;f^jvdV?rj&5E+W$#I@!<o4 zMo0QGl*f66MSM^2ymQYfwC6_3n8X6U;U5l|>=<$;t?5V!19^XDfLx7&E7G z5!Z1O0~yUTRI-rOY-Bh4Pw_lTGum@K{Tatp=JO?6s5jNxp$%8ilR-ShBwptO)=5d;Q>BikWMJ3DlfnSg7#~QY<=S#-M`E+A2qj-+lRI{1zW!EB3q=-)R<9?oHHjDX!P3&ghSDXhfrZcy3 zFJr0THRkgPKd_5~Uv)j@icn9M9QYOjmAU6jPYP2drTOJJ_?*y_pj@hfCpuT+9A|SeSJ0iCxr-4z&P!CWhTn;2+fN$PimNGQ z1kX^(2Yf{>d(1ILPNxlB=*wV6^8{0PnCDXxpZrU`H_dg<;Ucb}C%17Ac8!J$cdcIgGWP3&Z^#m+ycaUoaHlRJ2b3f^QX-?5GS4?L^UmR|Jd0VXhw zH~Ea8`Ir19<|!@c%w0UmY!gSsDE|C~f~I?$avd6=oZ%NJ}RTjAPGBhIBQ-6>@_Pw+a+_<*YF=BIdz&6}*|59+P8HfX~&^x=NS z@&a@DfYtm&@Rjj#HW$;08@PjEJjPV!@IIfio(=p(-q+R($I^rgxsu-8$^DFFD(|w2 zUkKM({~S(ZE}$dV(TBl|Wg7GNj9=Kvq3d1qIGZc!#URR=#@j6AD>m~lb-rH!MD~AO=v?20~yDwe889dMqFbpa{{N+k}K#<8ISWK3t7u=?DL)L7bnw( z8+d@nd5MLr<#%?I|GjqxoJo5+Gk}p)@Ft(KiR1_S$T?iW%{<0bs#wKV_Wx0Pw52CQ znaq6FvX%5FZE-r6(2GHg;VE8ZKA-Uu|6`Az%_Yv}N=g~SYb@kzwo&gF$Bgs2jsZN( z3>NSiKeCHDzq+4uJ|*1Ba2{tGb6CnMe&A2y4W83Dg=Snp7Y6VM&ohUme9g~nqs~U> zh9>d}}MTuBcGGMY)e#d2!cO0?NL<5C&5&qBpjgx4><@96_6@0)( z_SxpxaxqBk^O^ElI)&6_OZQ`WM9zu9}Ido!m{ z#N~A7PDV44nJi*8zp{({cX>A9WLj_;UATpN7{y~u<_%Wz3tI{PaojnC6KF~su4DjX znaB*@3&r+R%;L8N+kTVi8}mnZ5rt=Qx}8Tu*;S@i?!rfG^p^zvTaC zesd1ja4W-knwh-MYSy!ve>f;;7@WoBl=3hy@jhR$i9N!G!HHZz34bm1mOFp*bzhh?niXTrE)uos7LG^fyx?hNJ;CNYZzd_oNy*iGG}VNk$X zwC6f*VH8hN!5rrEIp4F5JyU(si1WFI-rUU?o?s3iu$G_MPLeeY4(1q6+ax319OI+xUk)^BM*Ra4bz|%@y>ZKlf5j1+ViSOIb%PyU6y?290RN z<#gkAhVvY+^AYR#on2&mHVpRVIL@XmSJ9UtJj#y$y|+0*bFSnjhVmFMQpHL(lhkb({2z^IMtiQN zH~ksK6THeIzTr=@eHsP_(wOFSFuxM|hEs_<>#I@9!AWip~t+A)aS0D_GB;?0rB(|FqC?qZ79=iiynP zBfet?^$xU;oWVtOhi-{LqLd zT*$Tb<31)Zop)KxSJd(!2OQEcIDuwdP6>A~j0wELLcZY-vO~>LT5&bEa6eO+$0z(i z_YR#fPlncXm-2YVdvp2&$bqZ9qOk8!-nBG&UC$DLq}Fn~vSmF3j1ll@P0j_ArLUSSD85}jmU zIGOY5&b>@z7EAb+oz!jQ{BZ`C(ubiu$!tDh9eG-q%T*V3Oym_Zfm*v{UkS?8QU5tq_~!92AcBj{LH`9JHvUSIo-I2am-{no5?%VI4Gng-MN>? zc!60gU#X!w5JQVGm>YS#S&JtnVn><+}AmkOSy?rOyUhbXDj=iZydDcMn*E7 zg{)&62ej5dt?0&J9%nY6vW5H$JO|K*-i%@z@3WrW)Vt8yr#WruOkeJ%oEf~$GS;wx z9pqi)7;qA;xRM*VmEnxz1!nRVOZkO=$l5q3oJ%Ke=3d4zg?CxaW`c|L!^vF8mGq)N zqnW~d*0G%fFR@N(&E@oB5M!Cj8+^_tg0_w|N7Ib9+`tgV^D>KA%SLunzn!sDNLy}X z2xEDLIV@%sn+e+Mg9e;T5!W$@3Cv~{8_6!U-nf_>xQ%-$=Q(Dvh%ea4F7hukewxvi z?%c&F#!|r?KH^*cqJFXK2WN9J*V31PJU}_mvw&)TCAi%B;3UqcBR4UOCz!^3Rw+{+_O;cZs4k^k{8c~`gw(2&zPpHB2R?8O9U5!h3woxBS6w>Re--G~zrir3ZI0 zoF|yUJU(I_TgkiD^C)L>5!cXdj^a!%UkAG&7jP zVpj4qf3a70bDKt-L2ItyM*1^?@jTCL7PE?9*u|dLt50K^(vB|l;~pO5Nv1N3C9LNU zq8`>3M{+VP>BvnC;t`%>E+6tWzZ3OztT>GexQd?iXABd0gO6EHE&sB2FV{WJ;ef3U|5)-K1sWi}u1 z1;4PJy?UE-oI!hfGJugh!%PQT^SPX!^k)=LFrByfh;{tVzvSQKm~am5 zDB%`{Fq)^B!W@?JH5>VxsIPkt$Iy&RxrsqM!X)Ohg0HD%H;3HpGdAt$!M!}q>wLln zwv+TTw>g1xDdraLWeiU-oj3T1ui3yZ>fhp7kh5q<3H=$#1YYDFR`3-+QcG~Fed0ul zXv?+qrauobj%mEXGS;)1Z6u}U49C%g3%P>s+`$8kXFBij5$pMlo$P&^^+aQu)0V60 z#cd4dDPCkA@AC=Y^AGiIH+MLb3%QoQ4CP@SXEJkH!a8aR@37y5K@`M65~M*EK zdj@+2b%MS9Z)E!f{vuaUKiD_eFWBE-{5sJ4?Sq3ufD~C*!8t+GpjmKka9+?n zXyGr3wG3JX=LfBW3xW%Si-I=6#la;(+n`<0KDacvEGYIay+hD3xFWbRxGLxrTpe5! zTpM%_t_!*ZU4w2xNzgsGKIjqj40;7O1UCk~gFeAcLEqr!pkHuHaI3fQw*|KccLe=| z0l}TYUBSR$P;hrJI2aNP4ekl<4a$OH!F|E~!2`kYU_>x77!`~T#sm)r4|#Y0NbqP- z9y}I|4aNoIgU5pj!4tug!BfH0!85_L!NlOXU{X*KJReLBUI?ZHQ-f*2^k7EtqBs68 z2d@OL2CoG(gUVo5@Om&im=nwm-U!|d-U{XgZwK!L?*{J$^MeIJmG1@?28)8l!3V*T z;6s1l^P^x{usrxUSP^^@eCmIN`z-i8SQ)GeR{I9w%V15gHux&|I#?I1555V$4Qhh# zg71SLf**sQf}ew5f?tCT!A9RRYz}@4eh;?zU+ew|wg!I&{|mMSe+Aovzk?mY&R|#Y zPp~`qH}~HRhG7_mahQZ@n1y-a9^szhUSXYZ@33yTPgpO^59^2fhWmy4hX;fQh6jZQ zhlhlRhW{5f2pfing@=a);Su4H;Zfny;W6Q{;c?;d;R)f1;YnemuyJ^DcuH6po*JGO zo*p&{&j`;9&kD~D&k37`&BAlT^TOs~i?Aqc8MX?~4_k*9gcpVvg>Ax%!%M=pVY{$> zcxiZ9SR7s+b_hF$SA>J)3_6u(bZw*Vs+rrz!JHr0qfbh=nu5e&DD7-ry91aPGhWCW`hGpTf@V@Z= z@PTl6I3gSwjtWPIW5Nf+hr)-$N5V(L^6;^6Y&b3)A3h#V2%iX_44(?04xb614JU@r zg_FXH@cD3Z_(C`(oElCGr-w7b7sHprm%~@WSHsuBnPFu(D||hi9nJ~ohHr##hHr)Q z!nebB!gs^>!ujEXuqu2%To^727l$8&OTrJsrQt{6vT%9$akwJXh24nGS&4_Ah( z!qwpy;g{i>aBcWi_;t80TpxZDejC<=--X|YKZHMqKZQSszl6Vr8^Vp@rf_rkTljmp zC9Dnq2)BlRhW`t$QJ?6hsBd(0)GxXvx-}||Zi{Y@?uhzF1EM>l zyP|>7py=*sa5N+u8r>7!8@p*CcxJ6tPw~SlG=f|z%3*rmoi{du%#qlL^+qhlaKE5=* zEG~{Ok2}O2<16AT*F4A&$w57LwsZ0JMI(T z6!(p9j{C*8#J9$!@on+#@f~shctCt-d{;a$9u(gl4~~b#L*skmd*iZrSbSf6fBZl^ zJRT8`j7PJh%#na;%@r&_G@yqcm@vHG`@yxg~o)y0y&yMHBbK^JSH{-YBdGXuv zJMp{md-42uL0lETA1{m-#f#$);wABi@zVICcv-wW{y1I{e-eKhSI3{lpT{fXRq^Wh zi}=fUO}sY#D*ifN7q5@MiNB3&;_u?`;~(N5x9GM)I9Gx7K9Ge`M z9G{$!oS2-HG)fvLCnu*Qg~_SOY02qHljMx#%;c=(?BtxJY0@k?H#sk9p0r4cl9oxU z50oLrZ5 zNxCN8l9Hr*a(&Vx>6!FOZb)uSdMAC7o07iC%}KxHmgLr?G`TIgJ-H+4pA1OuOzuhs zCWDf@lflW5WN30va&J_h9@JEk;$lJbTTG+FnK6>IC&&_G$~IWOU5SS zlJUvo$%N#IQ)liA6fWNz|C@@Dc@GB0^Mc_(={c`uotEJ&)7_mhRmqGWOML9!(IFj<;> zlq^e@Cm$y(l24LPlj`KNyq`!H_5k2P4Zpxeey%{ zWAan-bMi~_YqBBPm~2WmC%+}XCtH%*!f?9b<=&)dTD-IKixOoFWo;qAU!ZWC_OkmBt10! zzqCQxFg+|iJS|9%NRLd9N{>#DNsmpBOOH=aNKZ^pN*kq()05Lv(!%uA^tAN!v`KnK zdS-f7dUkqF+B9vJo|~SRHcwlmMQO{lReFBfI=vvhFuf>klU|%&lD19TrR~#8)63H0 z^zyVr+A+N%y)wNj?UY`fUXxy%c22KLyQE#yZfQx{J-t5dk@ie`r8lHEroGcX=}l?h z^yai*dP{n1TAJRL-k#o(_D=_-ccyox1Jgn2-RaBw|cIyxPbKA1j~KAb+1KAM)NkELVNaq0N<@pMA^MEYd*?%tPC7SzBYiV{E1j3VoxYR4 zo4%LMPZy+B>HF!zbWyrE{UBYEewZ#zKT4OS%hQk373nAGr)hQiS^9apGF_FfPQOUM zOxL7q)34I6({<_k^qchCv?l#7{XYF6{W1M1{W<+5{WaZ?ZcI0&o73OY-_tE=ZTd&L zHT^UFU%D;*E8U*{o$g3?rn}OA(%tF5>3?aEg;|uvS(2q$mgQx8WP4_NWp%Q>v%1+n zS-mVjtDo(g?U(JJ9grQE9h4oM9g-cI{a@A~YnUCD9iA0rM`TB4M`cH6$7IK5$7RQ7 zCuApPCuNPY#@Wf)DOq85YIa(7de$U6BRexYD?2+oCu^ED%g)Wt%bI5`vZAbI)+#$c zYn@$?U6@^zwaG5dF3H+v?XvdSrP*a!advsuA?ui3kzJWxm37Ll&aTO>%{ph-WnHqa zS+}et>z-Yo^~ic=y|Np!8?)Y7pX{crZ+3ImFS{kXH7m_-%Wlu^$ogjkvOBZ8vVqy4 z?CxxEHY6LG-ILv$m1V=S`?CA92eRSWh-_pwDjS`R$sWue${x-h$sWzhv&XWr*|=dn$W6dnS7}o0vV9P0A{==d;P#3)z%xYBnvKp3TT!%wEb~&R)r0&0fo9 zW|i5j?DcGRHYb~#y^+0{y_L<&-p=01-p$_2=4T7Cs_gx2VYVn+oPCfj$v(`MW*=qC zvgO&w*^2Cw?9;3|`z-rBTbZrOR%c&iUuJ8vwb@tM*V(#kefCZEZB~MCjlKq-($Tnu1vd!6V+3(qwtTy{2+nW8E{V&^={grLc{?2w}JF{KcKiTf=-|W9E z$P4qLyf`n(OY^e4yu3Z~_RQNWuTI|Hd3E#l$*Y%_pI1L`-@N_u_Rl*Y@4&o+@(#{B zB=69?|I2HT*D&v}yuIH+Wz0{@??_ z2ZIj<9}Yeed^Gr2@bTai!6$=H1)mN+6MQ!KT=4ne3&9tIF9lx?z7l*j_*(Gw;2Xg= zgKq`j4!#q7H~3!g{on_|4}%{CKMsBp{51Gk@blmo!7qbf1-}k{6Z|&#UGV$h55XUU zKLvjd{u2B(_*?Mz;2*(1gMS784*nDTH~3$G<7nZf!^?!14KEj7J`BPzjKVlf!Zggn zJS@U890{)wUNO8xI`3ZxG%vyis`L@Fw9+ z!<&US4{s6PGQ3rI>+m+=ZNu&1XgC(`2+s(2hG&Mm!rkFn;qAiPhj$3?7~Uzob9k3< zJlqpbgp=V^xHsGv?hmKKv%_=31L47NCY%lD!gIs!WiuoG^D$HQ*e3;W?9JQ1D@Plcz$ zi^6+__YUt9-Z#8oc>nML;RC}5g%1uN5gj*=*ivM7&= zsEkIUD@0d}t`uE4x=M7_=xWi`qiaOhjII@3JGxGE-ROGJ^`jd^H;ir+-8i~Qbkpc& z(aobFDg}oajJwFq(;Gqq*qZXg*qq7NbMa;pn{R{OCw@L3G#XZqePN zdqj=so>4Peik735s1>b7YthlD9bFh5i`Ju!Xfx_WThZ~T8}*`oG>A?_C!FA>9 zUeUdy`$YGR?ibxZdO-BR=t0qgqlZKfjUE;~JbFa*$mmhgqoc<}kBuG|JwAFu^u*{% z(UYU6L{E*L7Ck+BM)b_+S<$nj=S0tqo)<8y*_$F^v38-(VL^UL~o7W7QH=sNA%9>wjr=!nApN&2jeLng^^u_2)(U+sIL|=`*7JWVXM)b|-ThX_p z??m5?z88Hz`a$%==tt3yqn|`SjeZvWJo-iS%jj3pucO~Yzm0wu{XY6b^vCE=(VwHg zM1PI`7X3Z?NA%C=U(vs#|3v?d{ugbFFBM-pzD#`C_;T^(;~);>D30SKPU9@j<03BO zk@yPn72_+#SB|d|Up2m3eD(Mm@ipUX#n+Cn6JIyJUVQ!d2JsE!8^t${ZxY`$zFB

    • QmTNx4UN@U>@401CLL8@r2@FX(l?Ig8$3XS*X+it=SG67t^VzX3STnw{Jz>Vm z0p;3YkB9e~wUV@qDzDTYoR>L+nMwy#b$#A)2EmWC-V#IdVy@@x{<7s`HMj1n@CmqK z@FUD+lst;T16_;XCJa0?$%z%3z9a#AO!HhfO z*9F7YsoKwl9B9^UD+VxMSUKwYnW_X31+TF8GGLA5(LgfRqw>01d03Kl@H)=2?q)vY zzD-k|yW2(Z3G3B^IUok9L^bPeo7tq=OP$_5CZa9Rjy}A!j5@zod`M8W#lD1IV}f6Y zcS@)BW(PuQu+JHkK=$p@H$D^$G1`=eYuStyL8-th zVbfCJwhDu5bsHYhe|9V~TsRVo|{zR1Gu^`=+>^c~8TtjiAhc zmWDUhfSf&%(C6Z`0J?_h>xSxtc!3}(C<0B`8(vRA{1ZM*e`HlPK@D`pYJ4|>LA_@= z*@OCjjNzXn4dfj_=5CZ-?05HGw4nq0pbonDC{R2&NB8Y53Stl>u%T%JGkL$zwaXVERRVBCTdW{8>IE%mQRiP9%}g^*1R?zf zXM$juA9?gB;HVhu^@dpHpS39u=r`*L^u`GC-c6QBVm4zCKV$1egvj-D83R!Fe9{IW zZkwVvuxNNOwgvjh%^gg=Gq>}TIDKCLgW}7zxjSW68#TROaeMqFtRUmtJ2hT(=h>FbeU8X)?+Tz~Qe}A`-Q)Fv- zLQ-kQ)~cWR8NOu@nMtoUNgIkif7_xOwbnFI$jAoD_PBPaokOnhQRSLKqJ!-qjp!W8 z6;3xl*ao2C_yzq!^LmyR2VUN@`KN`M?mG8)|nEsVLcCC$d#jC!_{kUpz<&4X3%J75QStX z*tlo_Hl?dR;X`GCEx8Ye{-ILojeqEm{-7F?2Z&dm*Iu8hObYwMC#rE1ZM7rYo9>UKl0XAmC%0TzTx@WBR7tEuUEeKx<>Ry-J z$oW|$Zp8}%xf&cYT5sW|-*v^Cx89`p_N3glmI&S|4zr#0b$x!8k$KdoFqb;L zeBi~0B(P<-SOD1$m!_m@=nAZ?pE~0znnOX7ZVtp_!x*;V?>*=Xu%9j&pqQ96_=au8 zj6o*1@*UK2IqP`_uT!ctfK&Jz^ivu77K=IRV}CfrW*yOxf2(ZENnPem%aT#ZYIIuYrF90aq-V;fBNV9 z7w3T)n)3FBB2Qvj*1|Kr5$6Xw{&Wra+1tGZ^z^Yo$+P%sdzc7p&P*u3jCW|X@pP`>76) zrP)-0hOM5YO*Y|o^5Y6r8dsfSUJd}rrXKS{<{%Afj*uNqtS_G&w=nEnnRstI=in&0 zm&I!G7s3&&8sf@VNo2^!W3Z;nhYPtDMLmhSn5eh6-JI@FdsfD zpcwrq#WHtwtZrR7sYK5HIi~F1Y2NzCKtwbt6&a_#)?57_d%1}56wgA%r>72UZicda zBaZg2-aOYPUfwa3!5L*$19Q6EX_cIvj#=1IVV{rmDML$Yb+b#I%tq2~07*~qtbkR( z48Issb#^o6*@VH?aggMVI((eO^`Ibrq7HR@C3=1yG}xlzc;medB+2_CC$8zy0ZTd2!ol3E&$q_-s*mSfe!$=n2k zVlm@(08RL_n66D4IOCxwQir}QlSR?1R>t+bwdS1R8#h7-=W(^9XZc9f#1JJ@oCExA zUSeKtR=ju-3T+#D++wv@h81!D5i^u4rpIX2XxdxVw>WGZ^anZbA94z_5)&nc)A*mY zKv?HqpP;11 zP^^O6_neP{4VZW3_pUe_vM$2FLZZl}`EUjQdyTnh!}fFl&7E-iVl?Fi=wDNtX#s}09cX}wQBn=)D52eA zEAvxys+ik;bVTbV=ibCA6cKyI?-b+&(DV_?+}!3rn#tl0XE1nWlv<%A){rk86Grv5 z`E*u3)f)-31ipy?z2LeN1<{zNlL^I^MzvZ6tR7|q@Txt+RHMWz4Ws0e*3d+zH!!8F z!pK-EEEs5wn@^e0RYCNGJZaiIZ9}t#6(8GJ3vn|fyCFjv7VCrF<+o^_x!LwEuHA?% z7}vvci@vXo{mn0qJ}aak5uE@}>hP*9^PT+>d#o&GbOYtgaG(3PS{B0vVSJ2p%$#a3 z?yiN&QIQj*34%>x2_z*oAA*Rx-4((f(rfQWLbY z&cxsecu3X8T{at#I%+&2Q1A-rMkGbSUUsATaJXVk4w8pTYWYTyWd46sB!0&}us0gW z)-wxVr7!~yg*|)0p%}A_{>naa*pfy`U{u+A_rsYlwRy}kKz%(6#%~1K@!e$g#9$Nz zTsoxM+^vtoL^qaW0Qa%Le2fycI_$s}*d*z|#QL#?TjOFRp>>ji1X&PJOHoliIl672 zWi9+89Gz(*=N0<8cE3|%uni4eRRFwL0qr+axuy+qtL#F*J5v3w>1|~P^Vu?H!Dbp5 zbA|!09nsLwvFcPK-||g;$Nv6(9V{ERr+S`{IyzTZ(|HE~LRNeNE~8SQx{mj)#~t%z)Q$2Wm=}?^g4j`R{M2aerY49i34IhDtS_t1M=XVPd`Q zY<7HS;NfnNbg`x;4FMnNv@n`}H__^snh&0hQq-0(So!E2PRV@DHER=_umaHm~^sfzGt&as86`RxZQHi&V(R zKzSzy7)pDHKh{swW*#4!6dDSc$JQl-H;P@dh&gC`A5IGG5gK=!%eH-7HmnB+p9Rm5 zk3UPr`9hGiLMEXsX2!UffQq}DLF7b?URE>Xy3a9=DA&c&J7`A`uG+)BAm^;&;oy2p zgR!e}^u*^40zg@umNSsFMD?#Ws;E>@2PD zti`aciVbSnDSEJn46oXCgeAW24gE~@Ek@}Vxt%>rk2>i|wlbL~;!XcAF4bvLRv-$$ zViYv{zm@3zv7bXQ0t23?;%H>uH~hH|g^V^u+kA_cP{Vbh&-B7Z*rAN8jXK`vp3)vI zi{vrm5sk5^&%KI+#;`_S5|1o;NLqkw3Muzwiy z((CR>Flr>oaYMsU%!O$6%0x6nsxD6g8zWEY2Lht{Bv)`w8h8Vu-BVD41+fpyo-SAf zV#usxGV3|3x@XM1nOKO#U=0hw`fosm1m9m5Y4N>8m&jrn zNgpH2Jr@M>y;v2dH#$Fem@+_$a_~V5t%$nQuG~ACH;JVQ<-79uU8U{lIeYCZkk)L| z`e~=i34;}l*yDi%PA%A$J4+amtY0GLol6O?@ZT1q@hsUjif)B^yvGpHUy4(lj=YQ& zvx=|_bU-R!MsXYq?g*|ICLYhfJ)mAX+c|4Wf>Q$Yq7_`W+aNHaeao8nh-tOR=FOg@ zuO|*+LCubFgAvYNY_FtHfwuBC1-mv*N*f8E${P}}0l>e0KY?JM{Z@fgnJa%DvA@)} z;e2uV0CHatt6&426Y;u8lN=op1VHxQJMU~qvklKvy+wZ4j5N^8g-agM#r<0v7>Xz3 z7Ca>q^6{ZSQ)nkFfes)NlB*Q=ZL;a%xSy1XB;FA5})#NxN zi1VWSZBYk^M#>Y=|YVB7TKKC)^`=SDxu^K!N5209z-%YjBj_Lrb}F6!&h7wBni>2MNz`!f!@oDz_TQ~2^w$}%@~6~sywjrzTpC3%EmNf#FR)#%1SsYfK6RhWcErM<`~Tfc zql>Ktb0+ZbNYy1Gka!{e#v>HG?Gq_>7p9X5Zl^-s5uOF3w@8GA_)hIT+x%$K?CfbP zU^vm4MEPLTTAt)4of7zJQ{HxXr)aRW+%tQMbD*VPkAV(R1`}&m7LgzIYiQ<+Y1#^$ zv2>3dv%gYVsZIvALuq#hri2x25i;IPRd6|5s`Wn6J1?K)jH&) zO_@4WnPRkXp!JH{1$FVIp`FKCP^D4EBAKK^QtYE)Emb=w8 zoL1-kmB&pop$9a)naa#Uar^9C9{G#jLuG^(QVL#@AlN2LmvP?GA1=|dwkc|DK>#2< z1NcLGSBFmVj&IZSY-}m^nd8$P(&*RYvm^--{@|#_dnLRLPRWwj|JJN8m(veR3n0=G2f3bP+yK;j zBxx2WH>1@#Cp6k4Bv2FB0!S3s$tWATW~j)Td+m~2ct&|z(eichnA4w3a#8K&&V#Js z$SZ$$YH;0vh+?KFNEfo`N~(Hv80)vTdmd_?Sla?I#&U1uL{^cpB2UgL3uuKuABx)#EG( zTns9(j%nuKOG=fTOkN2j!_Z7144TfBQ)+uu3Vw5^mFIkCodvumI-x_EdhP_zlma#; zvw?IX?jD}vg4E#3^6b){_&=Y-Tj>0~ld8in&hj#;BlF<~u6>8;=itG7be!LYZCr{` zMV&)QhedV!Kvk=nQt>ig-iuODpSXJE96(RUu_=(un3MPrfasO2*5j7F-u$QuxtLsWY9FoKnHgr>XQEbXL z%i3ORjA_Nt`P;tPFhUm3Kx2mxD1EM}j1-ySPZ5}Y=@gtU;_V<6e6{q+7BG!`VMX*K z_1l4uYeBE6_))&ZU5wgZ2V#82(XNqR1*pcw{I?P=e}(V8D^^!Btv#1pCePF7NKTs- zn0K^3@je_Ou$ba$?${|1lhw&_k0`z4*;Mm#wuR{{+?G;PTwzp}O7%bPQ^RA)XB6K$ z{zi(X>;??#xPnQw?UeGYcGZV@6;GiwkdAu-_X4m7rF?6`G=$WuzcPXM?H^&+Za|>i zOtrT*I)@2@)mq3O=69y5&pdl0Mp%`9gt|%v3pU$W`J^i()QY^aw*;(Y4u~b1Y3GM< z3#LQqvb#=95E(>G5=>YsN#X(0Wh3tC$_t?=0*%i%2E1K0y6l&g%>H}H91V$1;fYr z)Dce3TCWmM=Mpv=5)l@+txG6`d)P1yg}8R!qj-$Be7u)4QU-%8dYk8tVNvp1o zc=J&K%pf*^y)p|M(#fOI}o^~t&YF^jD_)bT<1-!=OMF2hdTwxLG+n}C_rm4H!;$)-9tM+>`+*J zAjYz(JR&&i7BT_Eu%CSrk%A1^HvFXQ2C~A=o1{~5ciqGMG;i5l{5IWV83y}2^FM+p zZ2{xU) z;08Dk(7%oMCYkEp``=s4@jaV_i(BZ##y$#F>~r^UvB>)P)^aRujlrX`n&*IR38r=i zaru>+sV_@>tz-cKk>rOR;YRgJmd04w;HfWw9@gom>;77{)97~6QO0OA$?bM2eq*r- z-y=ssFK|XpyEe##=~y6Z1hS+YP2i=XS;_5VC0{=z7+ERfdA&7I?txkV)DB|PQZRv{ z=AOgJdJtDOC$~IdIEiqe#ou@ZrGes#liGZ*zimPZ8$+G>CWpg>Y_}ybPypByz`$%F zf^GRP??CAIu1%gDO4^_ecQ%XduWl+ms5a#PH^QS4UT9dTqZ#wTGwL}>{!xdvF=}B) z=dniKTKAI%r*f$-o-WCM;j)Ib$^Sd|ukVpZ!umoAPP-5d>ZB1=sZ-v>0p7I{TX~TV2V+~)@g-#5b4IEA1KbjUVG(*Gi@fH@+pDuXVJY%4K0*+`f-Sgj=9z2npN8#|6SlC2k#|Y}CB3U%J zLuYk6fmr;ukRHG)>5R>ln=dzfr1j7I>Za# zieJV%v=f`_?JWjIqrSW0;gg}OM)T0w&bIr|)wbRY?T{F39!9V>r|~JinxN0^)~~pU zn}evJjV7;;NM`&Z8osU*rsE(yCbrFKs`7jo|tvu;7L16FEH}?a`E*wZdiE z?0O$B;tE0uy?K4hxJm*ma<4OmavK;7qwF~jFd;$sF2{~sOxhwzjHmmFb}mJbZ0m4% zZEo%oY`M9O=kra5#8^pHriQOM10njS-BEyfZCj;S5B*oOgXRq->{Z+fZ@hi|los7! zpDIgif&)uLyM)}!myTHH!Fj3kQ+OZoKHZcgZL!jsyrI5*-T$av(!#o}U~52KdzsSe zMP`6(NAl~GxajDhMg`$dKqEBYkz=mO=Q1Fgl^)GnVBtOB@fJO9i`?0|DIR_?IfV!Ra=arePkm~2*$qhi1gILnTE6yISDyI6! ziA2ldo^&&+aOEgEQFK${`+P@sBHu=)0T=IxLq0U4^ zFejP+k|P9-C}=3t5A3`7`$Qb7i#U~M9`!=W>;>zTlrxiBHvUpyhO~B#nWt zojg80K~#^~!kF}g>o95tXAv#1Rd6QX8DD|vIcYl938X+GA6&oHrs`>#4eD_1{yMrN zi>nC!`{^2pfD=WW$}ZYU$Xyjuhc=ssigsNwBudNm)6>E1-X2Jq)ytFj$}Oa3UZl^) z6(A6?;*PmQr^8efh6uNbQq^+BVoidUBhPM9I+9aJqNSar%rZq<-{QW`D9Ew54{A6l z6lPU=t2I{8$K|1lg!jd%+bTurG%fP&E2*AI8zT_w4gp4QdQb^p!?qqT8a|0Ks#>b= zBSqY`eqV=o-cYN*o?@ur@W@K>POs!pivG!H-5DLmROL7dZ#LwG=&QsA?*}Q)>YXkk zml%FoiIOqJhft^^B3MT!9Eo4-lpV6jVIB&A)9Jruxn?p}-qI89>cq*vOt+*Qz`xI= zSRa@jB~DS{J=80wv%N z+DxVLM?cA+ks&$hbSj#`SB5+?CrrXEP`!EtoJ9?O1|2@ZZw7zVanoF8bf+_QWT<_> zBigWS6260&=VdreIm6d8`&eZB-q*jL+st}3tltv|yb4u3{dAD6wDGcgeM`Gp8*U;1lT7`A%Xk!kY7g;6+1dKw4Jw zG00m+3pgL8|K_2Az>(!zV~Qhe~p62f@oOnt)T40X%>kBrqyIJC1WMJjiJu2ZF13-=5F3@%gYhx-? zEji#*?tR3HImO!iF@B;O5gm$-X7m6T(|8+{t5tlmDvsO@A%-313= z@0phHgeN#y<-k*Y2jitNwTkCZl)EYUSQC+3RCo4~xOD|Ra6Si>eK)-wDNQp66Dw43 zoH6muEhq^?kR*(Pun2Jomwp<&g4i(%6X_!GjVqDmE;Lq`hRMA}9x?;Vp(y}?)NWn8 z4*`u_xq!_64WsXlg;_WEWT)jS)kN-*&usMyo5$a_0xhKRA}W{u9k)!!PcI8N(!c)W zlvS>U3^ZA1BYR4R+0x3@IMSU3F4*HHQKS@R`#3-tJK95q$@TQ-B7#Ms-O)D3|GZ??u?e|q86hPu?Em8aQDtat`}s#6QJp0R~=P& z`f?dq73$^Rat_ARv^`+%GAhp8tKG z^=O4|bQMVd>2!F*glkc$ z`SAtf)T3AIv0l}6WaF^;kBDI3j&=Dm{8(E{7u!JuZx?#_&_|Bz(fOvRQho<(TTQvz zkw8%;XG`&w5(lZJGnSHGv<~ovE^yedu9`gzuKtMAjW5Fixybn7( zWhE7YuMY!#h)$k}O?+uX$oBnBdCfE5<@tpFz zgDrU;|CbZoD3d09R8qi_>q?^I0sIHKCJ_VR8K|89I+Z3m7x8^+YO=Lj2SY2j-5C_% z1(C(>Ni};KEi~GqMScxrn6@rQs%&#+RRJfksS~E)bU3q@{;%A?YERhP2V!9byP&AW zvxyVC2?1{j%SU2H@JsNwd^wHfdt^y6lOB``nBdCBXItNh3MPYh!_X0CJtdK0fc%_L z`{;ph*!p*POe;jtl2W8lP=2Dh=Xo=g{wW+CL!GA*{-H(m*&KdaXPJK@e50`~w;gNt zw3PDETqsuQPa%PpH+&^@5BbIQ#^{f``{b`9tV|#^eY8s6kn9#Pl^c2Xcm9A7y3$G7 z%ARXuFC;km?jSf^>-D?`dh6cAm(NI>fI#|z^(3eB_ZI28uAkna05o(qpGVHmHQO+L za)HI+SqDDHTYJ;S>rQc;>p?f!o-_-=ocH}!u-2yJ9p6L7^Ck}g2Ps#akKr-NrkD>7 zC;gyV-;#R@OhQWom@4Ya*bi+P3nFQYsyoO*W`V=1WNk#w=;t<2jq57G&+l*HrzDpfAtH-b3WYx7Gl!m3qeB zCRsVK5^Lc+sR_0fuwt#L5l@ER#^^FecaqZDrzylhS} z*LexgoLHj^8Zk@S%MmrP^}G83Ms09jN`)EUwa^1DT>+I&T3MMStUoPeukSz>D$HtZ z5937@bUo_Zr$5qAO~=L=HiY!O3IFHwz@;=vivEMmmDON6+I`(lvkiP_t?AxfXUzybl75V;_ZY1$f4Gkbr!3lnzFgKFw&I(j{1}Xl_kr}r9?Ru( zrgR1%^Qp^#0abp$Y9Cr#u~uE!D%JH@=tyk)o|C5z6Dw%NYZpVXSOjG~MpvgjnYf`y z7er?&4Mc~ZW7m>ad#lrGy-&cy((chc(HJgj^*d*v3iA<3#Y^wc0R1A5pq!a9FIf4P zm=j8fP|R2!CjvBm?DmK{bhR{XZ&EEF0&pTH-+KQrHf9>2QNwkb2IW6&bPW}vw&l%L zP3mQjyRy`kbEM6=$bw)=={Cu+>B~~Cr+Q?ob%X;;H}?m1_Z%`Awu{PqLlx-kSBV|s zpn%1;0xA94;1rXzvqUZzFYP-xZjazS#&_wbcFUM82w~3~B|rNenXy_tQ!igubR9XCvHPxeyddU%vu3sAI31I>8Q zU5RaWubpSZb#H1d;t=D)#sPEJ^G126lhn}$!4*!o$d1b_d zbu-C{;=@5`5$EJsx$*7>NKM1Xc3?u3j}5s~MtBC7ls5D}^W9rU;hjI8cmST~%bv(E zhe}eB)#9UNn6k-i`%Y9^pI0nOcI20c)oKoGeD8QFd?uqM_A`P;ZIKP+gY5An_zE=a z{C-E;nim^0(D88O3&(I+9d;mz&QHzeq;@+=VJA2R%r=FG9+M5A;(+p3gVP}AmRp~qBfv?wKpp6ASFz? zng&bhbLsU$a=^X@b6<{LA(i zsc`EE*9M06T0>}i&!hS#Ugbj5TF4wbjVE<5QSx$Cy#Y_&%dw4R|l71^?wb4}1w&KdKFyosH+eYkmGYPh3#4=f$NH z-pJ@#tgzj{fu{?2G9z|{5%1%OZ-1!?dkk+hvS(h_5v|ud^1EhR-Xi=}CZUOdF1YhN z_#V2M93(Te<`*lRfaRN5RB+7|fz44!btEVCFnPfi|A}xCbO)U|@|?zrjg&zF1oak~ z^YGF2ZPO7MDK`5-`7*f=6R)iMFm+;#1Y7aWQk%Yv`G#G6!Hz+8LSxr-jx0u@3Q@J} z>5*2v+%o(SwaQyda+wGJ0TC>uVD)R%sFoq_z7&sXncPEv6FnCmqZ=V3CVu~bYi2&O zNE&xMP~yr>#@qeTBh1SICBR~h<(#(@m-R^j8AU~d7ypiwjIhA3Mq&;0mZSRpnO0_CK)%~~*^TYDp<%v5A=ZJV#^Nok%hQC#Pv zqqwZ?M=d3q9B3>ou$}e3npw-Litb|(`avUrQ z(YJFXiVxri*hx(z8?3m|Le$^*O@*R2Fh)3tRUPU#RE$Hg?EzDD=J%WC5Rq~b0HU~=N*rHB2>g&SRLs=jU5;1Hi#e4kxRFoZGf^*j&LppQB^Rv5C z{vyDnek+6K^)c0X5QF#M9><%5#gkANyzW-2>*z{ySmUwU*$8!Xu~Z zIKOTwo{kvQzZP@(81KoiY~tLcSe*53O31X276P|r(=t1Q{`1GWX!Mn&_A^&QzOI9* z@9XBZ4`sMtbD6%%%9pg@Jwj>opOuDWYdCo0wL5t5?ftK9`SIIin*%WS18bH)6yHiOpY+G{v+UX8C2Ut5V-AvX4X zLP*@ss+91<#ViOaHZ>)c#1RSVdb}>i3R_Qx>%us3NQ`57JLI|)L@_8&owO#VJL*5n zFl+)7+f1Bx$k+i=Jugvk6_M> zo4aKDT;7+=08!SgXTy;mRyHd`?Tlx8_Ec|?L@1MBtjf8Oe(Oot{1R+HoeE8~tLCj+ zjx9b@p@{cEai{+UMg%k;5{Z(*`6d=4wpoJQr?{kw4;_7vMCea&yW5TCex2Dw5J7A| zx9D#esVXI1-IEQBbO#>UpTRhszu-cxvgfgcg0xn? zJVLO}ER?tAc*q0>SQS3p_L^A3TA_52?L^)EWGyWVf zCz8KHL`*+D0DB?tyCro@vgc;W!TTN)1klTAQJtEwuV z;7p~{u-IP1c$C#{NLYH4v0`BAp}Km8ZinfY;CvpoW0ZDZoRwt&)D#X(hv&_nvEmaO zv5JGLsx-~A_J0zvdH)^+$eR2?h`T64>qSS4%U1)<<(h=*3bhQlFf-QPW~f*Bc25tF zQ&v}z)K&F(-ln2i$guLc`fW;ZhCL)3#<&Lc>Iq|;9$^@Tx(FbuGiJ}H|Mf8b_&L*v znp;0rrT|P=4bh|w=ZclsWXF?Hgr-3({IL6(n$0X?I?6*8@>(J#q>-b1LTSNg+a?Q)dyxk0ZF+#AycIAtke3BC&T-=oWp^!8uh@a(`U&Et= z%8U4{HZw=YATIIzZZB*qC%iD&$0Ys5I$c0WF>XvwJ{53V~g!UaIV9k~xA*V8sJyCKKq?>+}I-QsHXxIosRC>Fbm4mFfv}ofo z+u|~deOF=~VS%AGdL;mIBuuB4JEelUj)@){j`XXMg?chdN1x8pQFqPB0#x#Q%eaH! z;2TP!;MoHOTYfN}CVve2Mc#q5Y`9a*DZ3-u6 z&b{l0vnKOV;nvYtM*bnWhHwJk25Z-_~0vR?~ziyZs_DCTZ_;3v(sE<6_UqHdmN2`~@ZTOZGavXAJ+> zdAfdGU^|)^8EmGhKpA`YWYRqJ6$g8~6(Qx9v$=g%v$D#)N=KDti9BA_**1Bs{g>a; zchyZFeum;SC4y5<+9dxA2}7gd zRzHPGd8eSk9aD3=(=~*6sAAwr@kRrYkro@?{2q!nXW7j`YA^NGIH?oL477hkWr}%t z%?RdUx>4P)%?zHm*m}Jm68f&JtkB8#;hw*PsoqkE*_S^Y#pp`;>gvrF^)<3JB$e^y z`WlfkWHw_<4CmHaf6yaJ*yEuH+vQh|H9p|9qt4Ge4pc%Y9G$2itQ?(@7BUPB_8+;d z%!SsXeFx^XWNY8!?rl>%6%u4s%0F_+QKFjJI;5Id!d{|bfH=`yaIC59h3*`fjanzu z#YI{MY)A#{|15S~!chfge58^*I-MN49j(jOCPFcmh!s56EFiN^I|k1Nm<6p&DA?^; zk8oaoN2i2GGx>GtFm&7m>YY2SCpCzR-*>}Up-wwRj;Ht?PR0D5Urn>Bm=sfb1tTUv z(aW}19PU)fv6xJTpM*aCeoJio5jh(mcp z5oC}S($hQ!xArZ%ekfeKaN|O}H=r^K_qgQV8}nm9S$)$}%>6N1 zYUp$QS_GO#6H6=f1e+2&4&^HEf<5G0ZbWcvx$W2i#A}2qB%ZmsDo2rt++GQ1@yOn0 z?Ub>#Y-jp2eDG%7vj>(haUjB5$G5noWRSk%u1!tYoRDHWxTe2Z%AiM)#ZOfzFID+p zy{A~CaR~|;oxOqvTMu`Zg^+uyT|`(gEB2iGxq8J=e+%COb7H1wa2@++|NJ$9`ymI> zsDY8L;{X*OlTtQvJU|a#A?D^j&N1Rz}Q(26qE|o4lNNZLc}1E7(o*ntyE^?qWOadvU7)t zKT0{>f-HFzHV-1fGH6DN8bFoNl?-$98mM0}kQ$lX3|jqQQ{kYv$vi~SebRb1Q4gnL zFbn^t&7bcxqP1&w+BRUz3j!^I@+cU5j?B zzlmypkh)~Fy+Twdo$V;*XWAQaw8XCoBQ{%OPoJ%g9A?s63=w0!1yX83_`JN@xXN7X zRIqo&aqw&KSB0t<5dKp<^+1nv^?m`nr(z*Bj`;$$)eLc1qJ_!|@dAR2}|ETU8nQe|1| zp3BG+a?;=R&E})P1DO=lNU(t zB_S|Pbaj_a>RU!!{%ErHkjd-X_9Qv_At+R!FmyJ@GIwn;g(L7p*_ZL>{A%Os&XxwG z;@$lm*J{zL1i0s%FJOKevhj3&6BSBA&HVBI2uP9R79>kc}#$)lPzk6B->-eC=&UwzE zX1MuxVt@8crovxWZe|O>Ug=I)mD(c>U8;Ud5JB3iL*GMaJ|4T*Ryo^(m2?*QTsKe^ zldjJly~Bs96N1o8HKV{<6RJ#ScXW7<_tB~iprIO|%e^mcH*xz>NBQL-+rO~_qJUj5 zHj;3FM~8-dsEXvN0_SOn8WQ>u?PI4nqe9cmc>n_jL+0eM@od zW$>;K8(WRnCtrwiL}s}JAF%f1T4jrMULr^2Z=lj0bS2=IL&{T5CBWkSTDklcuA;*} zG07JK45`p*Xwy%u<{+uJZAq|o3st-LQklJwnq>y8kj zi-JCQ*t{YS?dw2H9=k*^UmbGs3?(vRH)&bd<#jX3AHn)?vg_IPIy6+-5q5tq z**hw+y&IitE=GQsS|DTyx(0memdA0op|DU1Grtk-4z_-ZHgF1y{*mrX?Dyp+}0?nAR4`&hwT24_=QZ*q1lL=m5kcrxs9-8DvRP>)ZQ%*!!@ir0JBO z*;@*vP;czqm|<_+^U^_1+EsLg3TqK4Uwy1u^AX2+f%m6&N(W&VLUCde3>1MCIMd~W zLw-x9@7~wAWtHB=g4h$wOkz_^h-BAe2t;a4dg!`eHv7FCaYwKD!Xm8F?PGzFkIGVz ztTp6Y$*^#kBPp(G&VRZQp_|9$MbPddPHC5ES;?zt@uEWX+2w6*x|%Wl-)~a}y3Q_j zLFpz(16QB$K*=8ql)w;?shA@MxXm=_j^Wj5Yn#9{|R2K(Ne0_08eHy@U`Y8_+2ABKVNbL(IpyW)Jr znpj*+STZyLVb5EhS;e+Wn0eA2yK(R9A~r;<2m6Jar6yY*)86N|Hu5ybgk-uRDyDVx7q(QTdSU8*ix$EhbzXbX2L^ zQC%mLNqMtbr9kMd(N?ZoQ(IYM>uyQZh1Y9>A7p#H@A5U`gm;Xg(wr+3Rq8yCrI`U^ z`@D;N^UELzt$^n0oB3x&cZSaH-udR}jNt6giczlkG5B{ONSZqheMX`A!QKcs2j5xnzC&h*JIa(Z`+P)4^y^)?==m&wyl?ZiDq??UyC zR~t}~aM@3uy%V6VZ}!y?z^&TEL@A0)tlUPLHc)Ozk~P*4hY%@+RvV5c)BM-);*&o2 zBp7Yiwrv1dlgC5JH@IzcqLQ&G4dC^bsVRx<1ecpjIhAb8tpeT>@g<{R;LK$bVMzDX z385>2P=Az%NPj2&V1yA%X?L;-G4 z3rdr#>N`MB4B55+)PwI=1g03kO10t5CA7r~F8q$DvQe~}vnnh#X*a!PkB=>_>gsUv z!?t?XUcZNG5I(eycPiHxM{Oydy;>0XQ+2yAtUDRuofw8P)DU|wqYl184WI}LK#g(BZQB1P7jg~1H zA0Yi)l!!yGnwcl;$F=EHJ!)!-wThb^I=PulwpnwO2zz{u1nsmXGZF29E3kMKw=KIh zw#eZbAl7H^t)hO}?IJ&~4245wrK(XRa@b%Z|9)u-B4LLJU{-{}7QF;)5(jeW2*Iht zg*>JbG?xz!MaYMIy2Ab8UV4Ttn~L=Dgej2tPAt;Zk#SVtVs$677t zFgZ6b{Ud#H**z%#8`NTd8*Pz#m8I#6^Ufs?xm`|22&g<&rgcM9!!`<;&K2W)cxC0l za<@3h6;M*=y2?&_Dq7o??&N)X=$-5)nnb5sZ; z5Z-GTYb)5YtgaSQq%xZcrJ7;oB*8e&FOChX%shb(M&tbUkW?5sT+V*5tt|zQ#tl1* zzcrKs6`|roJDM#b7;xoW1vpIEekwo}b-XGo=Ol)jxp9o!f)wbPfyWZ9{XjSrocZpt z>=DB&<5|~KC_4R(nnX@Cve;8t)j1~ch&u=XC8bkI9wr^d`;76?4ecu(H@*b(VR-rc zy)Yyw`W-p5bYJ)9A@PObKFK0;>D-h)&Nm7#%asa=msr;?sNPF4E`=1z)pA@Fw zLA-Si;Q5a)cNCR4sM;M-j4+goy>oqNGP=IYjm27g$+sWsRBdm9PNNiSVL-}yd*yU+ zMVX{rEB8e;5r4+*-X$&477&HQR0^==X?77UR02MocS*+tmm79tpX@BAqPa7OgPQc% z4Y}OhNx!f?mt{V%QQIK3{OWRg0hNlC`!IOiRSm+d_lLNN#@Ef=+O<#{$?k=*i{oa5 zK1An;E@Dl(dZ^D+<$`33g=ZtQ+!mzHr^9Bh>q0QYo>$B*+RnFlYGeu(qoKwbgkNWa zZbzb26%!I4M;1Ckp)(`W`~d?#qbGC(itYLwH&(87jjhpW1cBoE=lUNu{s(Isxnlj6 z1rW|BE%2i7{AhgjCLNcUXZq!_$RmF*Yji_D@`3a0KPhS5^($LE$Aw;x$6SHB!aB^4 z&ulImi@79tw3WRc7)}D42`8s(o)|?@;x}UA!betYf)?vPyyAn3Yri9>-Up9M_tNq@ zdf&<3!-}hDEuIc=78gc$_3V8p6o$Z7I!CAaf;!eOn6_Bya!qM5V)WU_sww$O%3n=* zO&pd?ccBpBj2^{W)L{=X4Abc!!=PfGmW%s1LLdx}TH)ZJVfD@3!VQ6zrmZ#*$g*QK7pu?Tsd|OH9Mq9JOM~|C%0qz$TSklrIV>Z`aXt6J|>k~n3 zD(Eqgj7Y2_P%3|L)>eu8{bsJK7F_GrpZ>`<`GdFhhe@Nl@K7M9Oih{9M**QgN|PA@ zAA|KvI-nGn)@wiOGafVB;>&Eg@>Q{FWeN8~i;(1Sefj z&&X1NJ4>+CGKD=gn3J}F_^rm`>5`RSm3!h1m3>VFB$SNyFDt?&=m}9US-Y5>JrK_> znoul>I>c`xAC>+Owx2IMLpfTeH`eX$9Pt_?viF4=YNKKo%2``euMd}KwBqs4?|-7Z zt5t5}r3%yd8DB%wO{&|uC|LmOb1-rKFNsz1wBHbdkcWl`3}mcJL+-u~Bl2ZQwe7H0 z37{2LyS64?n6-aa;xVRwIo=7yI=Cj{)M4#MkhMo=sKV&mG&Vip)+clV^b0Q6 z2*OGWENvU1E%EtXL3^bSH8S$sqxS%ICkQAGx&5t%CeQ9`_`np*mumBUx)v^4KrVwte}*mAx< znm4noXYt8v;VDgEUWv!awEJlFBVgea;!^Q}c7FnY3ht@^BLV3G55+8B3l&oPJ0I%j z_7FR+)zb91yP9Dx%F$v4`f+UW7t3@iR7+$=#dDfuY(9q!M-Y0;23Z>ce(=_wEP~XP znVoO(l9OapGA3at_`>wAGQgYYUQx*Ic>cFwz=2q0si_@gqmRY?GQ6M3qQP|!ID+aq z)K9M%Q-u4tu{6_XA>LR4rkNh&^wTCP-23E?r}+iWOX4S|Af&^SJBGkAOirRzXi?s1 zTw=$JEyts{jBJFsxKmBn_hm1$|lla39Tkt95bB3M0JvT=ty+Xfzb7# z{yyoeLNlCCfPdvWro_`3IVtN^`gy1g2WI7CyE#&)%@Oje8<$IhunVg``=S$(w%yOhe1XajD^2t^@-S|bNU;l?ljhf+iY?HKT+$gkEszy*$Kky87lfPpY1PL zoM6t939){2xLA1O(w7PzMm8bmCnb{QfZqMl&RZeJ|FyJ$IzsWl#lm8ff-Upx?sRq4 z1Cs3*vA&MS7VM4Qm#5z6r`X+fpEDe!A9TXgTr5&N?|^W6qo&Kv-&b#pvPJgjaco(e zmT26E6N@b}^KH}q+Kw2wr7tAQk(54Ns=GM2%B*Th?VRCuf19q`zi>7O@ixoLn5_02 z8PmnCvdizNak+|2|H>4~(wski$71$#&y*T%#N}AoWZu^$Re+qsy<{Z|K3<`FQ68`s z?)ml8-|9$eVW~Z(q}@lOXau_K`wNb?lo}K|GWZtu{)eHwJe^yqoxEG|T)BL!VBx!Y zEqv2!eTKE0tS;gQ@?Q(SRg7}Hl-Ha?(yav-tgj0;C5h3jC!belxmEjiXHkOI4f9Jk zzoRF(ff}T zwYPXibfrL1w_-W(Qo576#w0SH*-&nb20hl!CmV2ph&D~pv>$$kx)*oG|4W+{MaY0_@L=ZHG^F#4%l zicwE8c(PeG6jM&4#QlzzrUx>(+AmDBHo{7RTS`c}6T}yCZatG#_DLo~TaNx{s=oAk zYUuvmMfYYuya~8%vU~8LeAMm4<`A~h5*zlU6Jy!oq%VS(IfAGa3kKzqfLYqFNS~P4 zFlG8j2TY%IrIbKN7oT~s2#gyznElsE+xdi28t+B`vF$h(3)cPMvfRbUP!+NpKKh>I zH!^=gUCoGCh|935bObg1!z2jSEnf*msIGdwlq*`dtoozY5S(CgCCh^i=>l7JrEGL0 zxM+iRA7(pe&+yr&U-;6v+6iVG$>*sg#339ssRs?`&y~ovPb*wUj3^?wm3n;1*J%e~688olRnj9&t{VNowijNll?1jf-gP zhatLf`B(GAXjNVt8+>A9N#S$;0!L!b-CPd-$cJrg{H4>g3tBg7AlQ#%)O%_21!R=y z&S@Ew`tRF%n{j8U)u#9M#-}#J z2xSs@Vi^+ee&!Y_?NDbjC>_{xO(%)=5VuF^Pa{l{DLDZ${G@WoM8}3mr8J#Kc05RS z?ez}2_Gz*zk*+U=QHOSShF3a`zH&6JShL%*_s2D%ywya799CjftjQ7H3!7eR3jR~X zSD6ZJj=RoT6D$Wep%QwZT!q|6vYuvL+X-7&xp$hm(W=KqY>XGf84pR%rmm&2Q^l|i z;%zvNy2`Tw{*y$0$K@@w$l=jdWTNTy{WAPt#(W6-jd1l@wb5WjHJ(5n!N8;KJjq!~1PNL=_gOG32Y zOTZrw9PqVXm z`WaDfQCSem711{>zHwL^{uK7s;v;Tb^oc(fqr++zzE#GEi=&OS#zzSZl;)}kzAsA~ z80)*L$XicUCa&Ri(u^1Arb?9J(Jh^6idYPC!VZBH$-ZNkhlQ%Mc@+nS>!V*uiE@YU z^?4+1m!KdM`0pZ?T;87uRvyo44+Sxr0ka-iZsq4QRzx9$=oakK1ggH%;+%cOK|Xdy zX|b3ymD3Mbaj1#nI@#;=M9M$0P%~#*49^3hV7a$^AC0_|mtoE3cAdnB;UN9xjp|#B zzJr@gUX%tM2VLwZIf$v&z0p+|ramV)*ERvhNv95cmj zmvRu@RA#j82~EBs^u)&odE_Di+05>#iwo$h20=f*eEDV6Fw0OO1L4YQ_)BUzR@ju0 z2s;hN2?{?Ie<83$6bi+jYyOq%TWV`K8ON%>oiTq3C%%}#ZO-0_u*8DG7tQJ}<=ckP z0-e9=MRKQx)*RRhEz1s8WMR8lQ|*^YXDM-3b=MuW9LzehT0%jr&HW6Q^kL4O zCnOb09BlwL=G>)pvz&Ln6Bb!=xyG^I2c8pT36pu8=&SJs38^AuOJ$LOSWk~_?cqSU*G`gSdlm9YmEFhAr|>b>MzAF9XO`wemGWj(phkB^uWIPZsHr6+t(kC}e!dA$|0>Xx&f`kf@iG-%uuf)F&T?!{!vqi03 zY)P`CbSzvE3J_6|D&j$UvL`@=DinIjpPkw@6o)OGjf3V`lC*`2AGISBAQeab zWZIN&4}O_D*6G@1<{f_Eb{2q9lIpG}Rla(ogp{DGB`3p}*yXAJ`gmGN(1T#u-sm$# zS~pTea#($dbj>fZSfL$B>^>|Go#<3N4#5M8UUG^f6Av594RGM(QXOO&&E2g*pu*Ve zK1ITaOdEgbjsJPY*o*vA63zRNJ8g_3WciANZgQG5+AqS}@{wRGUpW7vf#TAh^rYWq ze`WCDp^CDl$vj{@QYd}rs(cn4MZTz0fZ|P*i-mC%n{yGnkY46uZV5+O@S0qqM*d`l(DaoZkqq0*Tq&3GPm&oq-~FuC4ec zby13svGY<_#QasqqNZ`D^jc(;+>YuK@!BsxL4G6TYHzAQ#|Czj8Or_oI`-x;qZPlv z5q)@)4+4d@Tqg_H5pgi;hN=+u#iJ*I0E34|Ncpq-t)Sqj)^M4a9oiT|c_?{sd=GS5 zd}jsZcb-?}+li(sIKqz0BJ5t9yR(M^zOOb>fH7D|(cmU|m^)s#%rMv*D@#h4b@aoD zOuz_Lr8QR`!F58Xob~sofa-F7eY4Doz3Zwx2hV&fon;26Xbe{96a=0h>g-?0Nh55P zpUYa`;%@lB;laV!JHNKYi4OBDhp>D#F_@CwSXyPM8L<8dojqUk-F#{%i(AD4oJ4>_ z{G>Lky)IJ-B_lq$MX>5uW!Z~s!Vb^=o%GvJKx6v8#mP!EX^=9)Qe9}9jkS3ZF=eRn zqwuKO=jw={5kPw`ldz>a;YYux^?RW3y8VV}%$=vnkf7Ymw~hH-$sd^FM6#6|PT zw`k(^I;qNa#O~D1d&hpZ%1k$sv%Ig0F-cFwrXD0|WLi zSRozMH!ZA5=I))>5~e3cnBUh=?w&}J6;TU^H$x8H%s$ZFkiBLE-CD#=wPRDWiw5dL zzhc;9v%$KjbS(BVt;e`5{nQf$H2B9RoZsh5B`Bz!rwyk2;drnG$-jo5 zkITrQTO7<%kHs@sjU;`s;3U&T1Ku^PDZ?f&i=SEcya5M6PMu^a&}W{6lr0J-NQE9N zw&Sp4$TiSP`Uc7xjGGli1+Xg-#>A_!O69XtOTL64z#o)V(nawO>(bTFobMB+kFTke z%M)m_bewe_3G&q(f5C!;&eXh^~K~59x zsU6=R&%~noO0?&M)R7-=iZt{HG=LTW*J5BdH0-k}TaU_@6_>rPml97I>7^##Wr%NH z=}e1!2P2@CE}a*d8E9Y%5H`ow}))t^APkpW8b8{p|(s8U2!m=CJSJ%2>l#U zXqbkZ{ApDJK^2>NXqpdURMW!(7sjwM&twMD})mxY=U#%vs&t@x;%4G;liau9n(0w0dJsawa#b7*pj0GM^lQ)caNNL(BtIe=Fe7!ezn{ zHHpK9?J1i_ls)T1?E0nHye{MLH=@l;{R*Us(+`Kf=0qgB+Y-CexbJ|f(htYD*uJom z(zxT7&Vm}Ga;P7fwdBd2$&6`YyNG-ijbHT73P_^Yv2B0j_FHvVKep9H1{~n`nWW{< znY-G0OYsU1O4DiN6_{+4sBh2+HTqtcMzFGmxZCdIvr9iorSJQs~uCdb9QBZP}Y zE(M$Sj64)?&V}CkN-WwTbc*?Dso)K`q?Qf}N+~33%p-s$c!Rr&4AA|O_;o)i225k* za>!_=dqi}Txrhv!FlGlr_q&_WrIsmlAkG(0Bu%LEo#F>l|7Y&XuNTl`-G!AZm&D8( z^ufu%zYtcA=}W--uDHYAqM%r|`#=V2bemb#xPREK;gdvM|G<wSEYqD??K zBdCuYE734ds(7O@dIvfxl*v@)0T0_}__0wiH+XMv3VuZ`!DM+WcVNi(WeRrodpP&^ z8h^MPtjnLTg}IE(KNtF*6QBI)TkF3Fz(uJ;NAQO@UOE+hhxbr98z;Z+N>SCAU7Uq2 z#uZdL--~oAtwRC#A4sA*%5eLvMiJ~_9|`C?6c{*a=We&QNs@bI<8RtrOPr4LxFuqw zY|IzC^0ads%Xit@T&DWidv-m_pZ#T*5et3$^vT5-w`yb{4fO=WPMAE^k4F;T94CR& z*&g*)q@Bb-Q!rh*-VW!VGy4uZ7hwk_f$j1!0#KWS{el5r=cSN6a4x1WM|!|P%Cmu% zGEbs%Wh|x4ZLx4u&tR7cMdQ)EcYaPk#sDy7;;o>8R|PEwgR+#fLP#w_bN$YMOkQ-l ziuX-}g?*SE?v;`bkQuR(!>u67e;^l>B*KFejIOb%g=%&OYr?;Q;B>6qm+8TLcEd}6 zf&^NV#F5$T;}wo@qu#9h>zkK7H!7u73ahgCR*QUKEVO{EOSH2I7&0^ZMIy=r%$c!AvdZH!aoygCsELJ7Z!#uWHhE2ItNh&4` zi(MFkk}@Q0A*$joQ)x%nnP<=qa{H{l);tL97JOUniq=%2zWmn8Y1~-mUa+ec@$kBf zMUddRk6pW>bwBr`R`>+;dD@EpjL?N5fr|@q>Q%TPpOXJ3AU9#Ec{(IvLip3Th&^Sg z%kyJAv&}rRWyMH}@w%=ch`uuLUXg!U-8{a^8@z$nJM7A&i6QO}HFTEG2mo(ic@n_M zRy8Hv%A9+ED$@&nif{=vSR~Vox7=7-t?QSoWEpS*CbCXyYsY8qHw8;rQT+?Fv7jD4#Zn#4P8!)K9`$@-)7X^1&| z8!Az4c3ij3#1kj|413=89f#Zc>eqsmGiWAen=e-nSs+@SQl-FY(3IodCh@%0_m`dP z=0)57!VX>AJRPbGg!PHmYT4`fIm8wPvZ-dfB3xK8UCO8RyFQTq{<+-rxuWURcV$d% z{Zbe{B*9s~g8c72?jaAo$NqC^z1=*nS+AUDj~pbYt8;ZsC|KFB1Xfaokk8Vaoa#6_ zwH@A(I=_X|X~ol_-HUcol1NXWurar77xccNl)xmF-%n}d(HLT|XFTUOoL$b_!y7%G z>zj7Wn zuV$CX*yRp*Zs-+N%tic&w|PDYju?2U&JzLQmE@aIQTR2QV;cNWF04>8A|m?Q*OKuRR;i`Y zK0py)aczy7r8=*%PSX~s8gyguddqXiX>eLYKfbb@wt>{4_!fRw4#(MO48)Pa+0kBr}Kh5}f=Sm5Z==~o@rHLPXDN^mB= z^%LmVSAA_OI-m7k%NbTa@Q7v0)dC6-svauOCtY-54j4|!Uy{mE7HMmTM6mYcbOZNa zU1@5oV_s!BGoV-o>tiMWqNleIIJA`bY+{nY@9P`cXA@XqCO8dM%*&GBi{IIP9itP- z7+^SpCn2MSKiEwSo_EKE(GU`t2?r(52MW-_n|(x-P%H|WHm}s`+=y}wNdw;H6O{}_ zC2B1MbNL-X$NfC6$yY{=R|{gCP!s*Q?nfs6a2VTYFS0At@9-Fh3uyZ=Wk3d+4S3i< z^+`*NVp9`pa)3=o@$q|IhcDTJW)GEZu5HQAw4v7clK~8y;Mb?Q4s*gpxzOKnc zY@>jjvFeJl9Q+05V5>_=~RWFZyhgj^~%yy(H#=|t?+&@%5&E`ko z;txcpAsoUhi_3+bG*p=za^Q0-4kduGJcL{Y+{hd34j~uZNQ3<;rMN?4D6h8Knq-NT z%jA_yGcRLNf0nj1z$JKPhKy4Fpgg*`z}5>tqrBXQjf9jX(U1=iY9bFSw={9tHu*ky zK-;+E@Iz5Wi;2Ze)o`QGTFYwroRRKb_IGDBv+YnU(`X{+@u|g0wna_c0@hZQ1W_~A zbu;_d!&Kxjrhxz|4raK5}_W*gsKD~^L(jsXk()dd~tRIlh1JRbiL8MZ5H05 zS58JrhvKL!gW!DlwE29Hth-q2GlSZZ2RCa6lRi%nC<8Uk7()9?bf%0bdm<76}Wos@9nLsG~rkFgKK)EM}p^`BxqbzqD69Nvu$8;NLt5=RO-8Q0Sa z)`E|cGAz+ENK%NU%>#{$U2RK7rQs=@OQ?^uOiJTSe|*N#KEeLza7>HlJ+>HDBhTqZ zIri%m7yu9%xP7NE71pQEgaPqs4yDKM;k zY>g`?<;^wg7Wex{Xd-&R2E72&KoV`k7uVq+9i*RMb1H&lsgURCcsCU3(bt%q4<$3s z4i6UG=W&;p%84ff1_*K;tl8?Q2AY-fy4SZiHL|uLz^g|l`NooejuT5gbbN}aWt*qz zImFUP5#A1#EnF)V)<;3_4EjG<5-?JhQr$(TS!duO@tCnBJDkUpuHX@0TBH$y*a+q zmHy`Z@zzy@?znHu?8JJt<|T3KF*JgR=kv+&G;%!Bw~dgy*yz1RY|%QO)ExjNvDdha zv6m$qgm&%+x~sx~^e!LDuNXzhB!9A6ER5Ty&Ski~Zr>05#(E(|9>Es`lRb_QVT+AF znfP8-`5j<>lv=|)d|H{PPP@knM_|9*5ri7D4gE@sii{XGZzAB<5l!BlAMm3Cb>3~0 z`rr)J5bVRi^b4|sWY%j7TN%OPr?`*$w{i_+?kwQe3rK{ZK zxLH>`;S7pD07Wn}9KIT=t2e?Asb0;cBn##vW$7|zLusosQ$m{(BvnF&3;XXUG74mU z$zBfleaR+*fcCKyxkw{i6^xHnVMS?;Hv(7>Zk7+Xyp12O5D<~uRmtWK-73r1kNGd@ zvM-PJQ-$5l(3nU{q^@u!MOKr~{EG_1;(Pr3U&Bp>_3nh9&$^4~LZThxK`pQ|OQ`r^ zp~!GAmMG{+g-h~!<6T+N{1$Pc zD@DuE;p6CA<*1ce;h4ZVaToQBKR6bw2jvf)88xCJj5*zrDtbn(LQKz_lk)ofnZah3 z+6jE;<|LHAnWs;965ftvkIT;aTV(tb7qW&sSh}o8+to6<^*te6x&`TPJTj%YpXF-W z1A}EUpx&M%ZyR_0Aw5t{TA{lLwt*|U1%i88*L%XrCXX?;A{O?beFeR(S(tVOIC6FX z9L6{&?*gh``6`4_81^epcC#~Wdw;HN)}JWuEs`sINtQO~Cb|*twl`96-omtz`hHi? zU}XjC^GF`?)@;Ax7UB12+0rR#%=0s?cXOvutu{{$ z7tEhK-$~pnQD-svzHnm^1|)=6r}FQtJ`QNWtNMp@T`U^Ue(RVUR8O%G#O?dNB@MzL z&v?$ZK-0vs?S;uynN~LSTO^%@EU$CT0_siYKvRGB$$s$d+zw-QFViX7Ns&hTNc)V4GCZ?eljo z`bFZ<;uzqLN#itcpU;tdBXnb2o%WJr+CQ!S=`C0IAjb*u;R@TT=zs!l5gt`$y)3i% z$;>op#JI^i%P7y$5(JWgo4v|if)IMCwBz{ijZPw)1(5O=-3U@UlsD6QYuR+L;DHpq zWMIXc4+@>h+~qV4Nw{UgP6?)-6`2T?Dm78`H-FH6jVxT617t`S3kq(n<({B~NLVdf zn9V`;q%gu>HzE4>7b!9FyA*ksx3gMoK@O!}$IE_Np)sg4H0RlWbdEEW!D55N-TVvxtv=(oBN+=ou9DKMKrz@7Q-(|E1YxJcE&;|=NiTlN-B$@<@4%D<^n7h16=y#ZdYkgWOO2 z;-o}J84wg$=0o5Cc-&<1;ozvxjy~9S zhWxz07OXJ9eU-C`6?W1GzN}yH`7*y`z|l-ZnR*ZCzr-Sb(o`Y{3G^UTZcZUc^i!ey zLube|6piuJ)>)}PA>C9H*26*V_cbOoy4v~+Qi0@Sh-IP;%LSFuy^JkM1FFiSV-AXn zM8rp`!QhV{7e)bs3AkOXMH>c| zjLTVgD2ZaHa44?yGBH?t7$S>>RRDFXhEywaL3QWXVv*B9s?YeH;y<`=mJ&$)^M%Y_ zNng-jH;1|#bdKD`NI(TG18-VuUi?y{xMWgR?7tlX-v zp=$#CRe0Vo;34A5^cS5;zMNE$1)~lQEVT_I_(Q%X>}S(N(Po$_p8Kf$S}xL8@xTpA znhXX9`PcCYJYIq2<8K9cyaNjaPz3sK`QML!1phw$#r^I3pYp%$|9wb`s~9WEs_U_F za*P(r3b07@7kb0AUD2q7~dQN}1y$`}AC9Dor4>M;;5jf49TWlR8o z1{gyCfP=IVW{#sadiRK7muD`b#(H;%qo83Y0MaNkXHhe~yTnlr5U_Iq2aK7MsJ`B9 z;wWPn*j|7!&dh1laqj_flrjSBDL|Rv-#VhSQT|(vGzRR%%vtXtPz4U`9nfa~e^dEC z<7Y=f@Hd9X@c+g6A2|RD$QDQxToMGJg@A4d5e1E|2m>UGu89ET8>Ni^kU{|%VE~kH z&?Qj-S_J5Z7*WzF=!!T|#u#0HFCMxkL6kC1$RbFT_J1)BIsOEa4q5vIatvAd1Q=t4 ztbzc5sAUj9SpaiC@3gb4iW&41WWFaBS?`2X<5|G)U+|HBvG z5Cb1bRvHB#$P;Mq;a~Rt53fQ0dW{P78ucHqXa6s+f%64O`|o@~LH+AB>VLdW_{U$n zf6Z^!p1-pgf+FfLN`e9cSYUt!0a#Fg1p`=cfQ8_g7q~S4Gp7>(5ETF8l3V^uA8@@K z?*UPEz?*9Y-H@?RKf5-e!?Lz-S zTmJ9$d941wu)wv7@?Yrxx)CH$0{b8Z|DKS;9Dz5esNJCRzc(REWP3l5*l!S)$nFo8 z$S#X4x5$p4>mmC+mVZBEvnc|BV}KwiV7q4=SWyB(1Hdhj{|o^eS}?%w5ny+KJPNRD z>JHg|8>rtn0fLu+n7<7K3ZP61INWjVZ&RNI zDBA*7G$??5_DUH4HXI->@-L(F8$h7}1yF^(7S4Z}SNUrmD3G84j(0q$`)iK?So@c~ zFaNR^pg;js@_GOiN`e4||1#+K*C3Gg(>l;&ATuEEHYgx#U{uav{u6JYvkSoT7xE8P zAbX&PK&uY_kokYudl%@aimZRM15M~aV>cSLl_)`5jZV}=qk;x)Bnfeh(4k4U4@6W3 zk1YyH2T%|bI~h41gE*s(Gvkb?^Kj<#8=X%_anvy}LO>nGH^`{?7_GKd@C7K3{{Mcv z&NT9LTNOSn|?Bx zEewHEO5yb>WJqK&`)t%o>ApUdyl6R4fU{$$pG;B$uh)?kEeBzDHfo|wo$h?SiPVu- z%0zk<2p7x|{!keh)#5kc}{kTIOxSt35XH)!hb5P4Xb9t_G zkLiw@Ej=<@8Y5?CF>pUX z?%#on4w$>X*c=S()l3rmePDy!^g3eiAa)kHuLB!I&wabtoB*uFYndkcr$9%SXmqK3 zBXZH@8=w<&Hvk>nEndeo(LaRkM_TIbPcbIZene};y^ss67f{7|uL+_^t{%X60d)Yr z!h{#I3(~L746OWWfIH0`{cX`H!{>X4&-bMheh=pFy&2=c$cQKXSp}xV3q9tdaQW5` zVT`Q?uldT>4~u%N245PMy$P1te)sElpYtBn?|$dKRKEwE_mF-sb>7SLd&qpHIwvi7 z!^kOu%}>Lqc<`sxGaObQF2?X@({FjK3%y78SjC(bo5E%3_dI54chwjbF-DY8kpogGBB5R7cnZ)cYxTj)kM*|4)i$Oic!f&{tQ zWymg*Y`<{SV}ZEg-#-ImkiorhLI(H32^rjzlhE#**!C!Me z(3@v4m}k(Z8T1Q-GC0ujc?JvAiwy3C6Ee6LPRQV%oRsdB6ZW4BSeFx*!Ty5+38yy1_J400V~8<|j^!JuZaR2UTV1#^^VuwclO!96+g@0Anw-(EN&gL~nG z4EE>5Ww8I40E3|d2C0=~4uAaQFqr4CEYD%7<}f52ia~}sayYcDm$c{GD=X~4y|6+K z_reM}+zTt@uspjD-_YS|_mu_*V z()u8lJ{Lm2OsthQnJs1M=PIxyi|F+j)}6A3pA|0aTJ+GOr|Gpi3s0;%yXFPW32o*@ z-Dbc{M7o}#zkg2ayRu9vT+emY{AueuJv&EoA%iq)h*(S8SlON3_&Z9C%8ts6`qUh( z7wcTS{+N|nzmD+l(l-9Rvm1Y1)CoZ>$LuBDk39nfmw%VG@$a48_?yQqH!ljClPb(a zCF(_F1@-dp(l-9Rvm1Z&xK-vwHRhzzW}+6jSjYgEf0wrL@15QFo5ziq7uA`Q8qGu# za0dx4|1NFg-#feUH;)@NFPdUbI@e50&C91yzO~0c&2^Pk+%?a;Wbl&9B0Va&15&_~vy2O`m~?U6R<3_>eI1<1+#La^jC7{$WcJhZDa<<1+#LTH=o-{^?5+XXt>Svz~VBPy1)T!QfF{Um)VKzr<6H zDX?I0zNed0!!uyW4fw3H+?W{xW`NBBECtvCz!sSghL>|3URB;Tue_@^tgihmm$Nz~ z^KTJA20j{oiU^Cs5d=xHXwimt)r7k$!z}VM@d;3QzBv z6^@{ua%P z_dnR_246a*XVbu5kb;9!$bH0GyP{2?W4`vs1wmhI5 zcvH`4<**T!qjP{DkEg;BBK*1^0?XuU;H0Fk?}xxL`5MZJFtr~-n{I+dp$$^QY5fp3 zY6KPqg4A#@5J0|UfqV^_PU@y-a=DUTo5PY9N?sc}a_B`~j^m*h`9KHh9eR}y<1-^S%)OGgvp^D(%R{*#}#fcL_D@ySz7PgpL-bfWc!vYN z+XdIQKgVg^!`Ol}W`6*cAmyg3eo*9X4xQ{6_;NjneD z`_Ipq*u9+CeVo|+ocQhCSv^m4;x8pUM0gqD{TvO#!-Q85UP*XAhlB7M!bcNc3&&vt z%n_w_bQZR3IeQ{&8|j|yBkhRFM_n%>oXO1m0dxk0N$JKJX21?DI^MBb-p3{lo%rI>LIWr9NIm5gNQZU18#5WIO zukob=kEUL9)xv2+r3I{&QAw&|ElpH?@TjpZ@ z*i9{RQ`fjD!%aMl36)J=7`sq5U-95*%7O-*%EligIKn>yW1)wro+ z+*G-nI>1f&-P8a#wQYk)09=0Irap30Z@a0rZfcdAddf}xmz#P(r&>_qm6G&7-3HOh z_(Ptl!ReK`)-MxyKTG2vHCscF`jMNuz)dx~sR?dsteZN~O&#r~M!Ko}-PBMwRph3& zzU>I$b2s&&n_BOtUUpL}-PDtA>d$WK_ipM}ZtACQ%5+mVxT#h*b%mR{*i9we)H!Zy zyqg-MQxxT{^)i}~3cKKg-Bi#`6}zb&Qi7xYD>tRw)Vpr#bvO0Ao9cE`kGZJ_-PC<< z>Ml36RHtHSE+$DoQrEiR*>37bZt4Oz)$FDwxT&#j>O`ID!eTm#O21j>NaA1@CFrJ# z-P8`jqq*G(6{QUS>XzK7VaR*a#?s*|D)#Lzmd2+9AGWa&Y$gd;Ym`8+E?gc6HifGK z!?BMTz;Od}W3)xxXk+WCB-&!`N~qIy5%WDncBaC9c5X-=41=`wEz!@UFA-BiXW5fY zY95g29|EbN1+#}2ZSE9IKjx=4uoI0VyD_dl(YbN>qR$~au72lK2>blkE1U|CSb^F+ z*>dA|&U9z|1Q`Zbk;$Mc`XkTk;ska3bDS@yU4&!4%UaBTVg^lrw6XoOHe}8WZ0g3D zsSc5*B-Wzvs*W)0@U&lFib;LsHHR55Vrxid^5i(>aa)4w>^x*M_Luq^7+Udw?szQM>Qi?gLmGml@M&!K#MSmP zAo{a;>^e%e4Yy6J%wzByny1ZqBi1NfJ{5g7kbJ7!4Yo8cGKMhMjLW;Trk9C`? zdcGKJe!X>r+0*_dkFk$hpI((4wYg+<`u(CVZ{sVf3(=scwJ7XMG^_8h>_G*#&();^ zDa}!J@#``wa8$7uhY?ppMP}a~UXI#u#0^Kyu3ClMZsy({ZqvCq?6&D`D2kh*7cRi> z2y2zv)FXtziO3DHlIq@;s9`k+*nF$txv2Lz}{L z@IQtB3-Est^1FesnuVS(d6r2QTU~-)YNR{2F$T?Oxfs^*y&&zO#G9>~Z=fI=QPO%t&KYU4oUY z?v`@CBfn1apMTZq7MwHG9dL^*uOVifWxVQ5D7a}ypf)bgVNm*V;&aVV$Py!;m>4Q!jbj{8pRk5Sv)+o8mL99jRkqkW{nAqGGadg zYzxOjy1boi&$u>^c~rj6U$Ratkx;4**dcb!8Q|mG^v3S4#t2fQ*<4rYSv?<=boqnn z9_E#IH3g^R8ST0y*oMlHoQmXfovcBUGDU6}$>};70hd#{I)dGNtqa$pwX$^g!0Ij7 zEUiL@H&^qBx?URxu{<~I$D9$1T}!hb93<4KJGVkl#O98I7Mi`b=|O#?b2Sgg)Im46 z2I!vHbZU9!~O%XF7LdajU{Mwbg~GhES!j%y^z}!wM0B`e**m&#d3FaT%9aq z$(J0!^^y&ZqYNzf2t=XKU~(Yl{z)2yd47;xz>5N7>;eh33Be$&9h1etJzVEPZsjpn z)tFFgwINLoO5i=3P#%pEBh!>`O#R8m7#vHe55zsDgLao)tuLN1x2xxMJ_rv3w#bJ0 z;if$7LLz`%Vnc=ia;FQa1*Fl2>;uRm8-iFC?-5l1e6&r(Fz|Mv1}CT#(Wtpf`EB4( z03&%|M1Y&LNlFF)Jlp|Nz*>}RZEy+12RaAt%;ho${fV+iGR=4~-gI4=s~uP7EetGpO4$*PX{p|V3No`WlH%%^ z{bfSW+Z}{(0UU_IVqIU_HK7PPg5y)#2uz0_iD8MW!+t7;1yIB!0v!RGhnacsKn*77 ze1L%F@2Ytk0~`^JR$jFUCe#Ig)(Ve{Gv}0=-dp45u3W2J-Abr499XGYcGD`jO+~bo zsHW2V8i%bbC;^zg%s;-*<#xA?S)Y?*Tt~7PqJd-g6&i=%xaJ;_#v?^Qsv|*=YseVl zh%KsCXwr?LP8Jk0tnRaO{RO#A>K2{rn;PCPHOyRBy`iH!bzo){Y9+ZSSQ(9~Pozuz zw3Ak=p8#>oeCnm?GJ5IS1UkA{s3Y8lhwZgJq``2RQUEM>06}%93%I~q3_&)?yBD@h z{l`VxO07w68{B$=H88!oXy|zF(D6R&Z2#6*tXOdCt0m7{3rn}YRq~c~b}0Sju9ELc zdb-Btw!Si|rzbPgoLKrK^g?DI(3?=lY!!QHEOq)8OqHtJesOB`TwTxJe+v)IiT=;-EY@OA0MyVG9vhV0G815USTkKgXOfX00Uzbadf!QsoC zxeJvVZl$j8{_(G*QdiwKWRB(BdjnkV)Arq&Gq-U9$OSro_$@|HHU1cu(_nI-qbK+3 zO4txJ;k?g(C+ z*m}B~L$dL2bX37%)h;}<6VP-`de!zsLR~AS#D|m}zd*{4Um#`2FOah17im%`_v&tFX-)esRvx&$n?vmAXXo9AiLI(9GZ2pQ$Ad~%6}^P_nsiStjnCONg=@v} z;LOql!YT%0jpyFyLT#M5!-2;eawt^$no4gx!|dzXG|1dee>?r<8F04ya-+5(gr9fo zIB@X4LRG#g(+#+b#*yJu+gFQugdn^S9Ne|5Uf`UB0z`)ZOq1pk-$BXO{)QId^iTloPvo6oL6CWfyau9y3-p^{};UG9av$r{taPMvl!Y7i+f{l z57z!0w$KV?R0V5v9`u9#hgX`=I&%4}@Ypjd-3=a3;#komta?KRzsa7+^v68Ru}(KC3W=GK5Zb<@_I*+*C-EHlLK zjjA7iDK;ynj&%q_SA_x{kE2jjg)SBo$s(MPj0+r#p1j8R8X1@)e*1H6l|FY(NDk8? z>du@(v4l_vourUnn!Yj$rqrnU$5be~JthAAz7pyNCs zQ5em5wnWvnf-S|*Kn_&JXRhX`eLnp`cluclXB>!!u9sJH=EZ7Gy2Kxaj(OE-`O-xw z4TRE&M(_$kO#Pvp6o||E9`qwg>*|HCi+Qm!s(x^u>(Jg`0OhRN6jj6W&`v;6vK;i4 z7Oh6xK`hcMuns@yH5p5!hBZf{F%=)lCMBjor>78fS{~HA8>l=FI(awHpgd^AZlF&O zb=%@1rm(G-^Pqo1CWW9!^PuM`E-=;J!{CU6v_ z)U6wRC`-<2jDhT_#-)zNVOD=}2j)g^FReZH)_fXj{Mw--roJ_$K#OV`Lh*RfqF+UHI&(gVcFya{ z{$5=D7G43+;Axe@bR9*J^oaTCT$36wtrs_~7f<)LZsBu=CvZpiH0S;}%%S;G?rNVp zF|Pft4e4#ZK<8VifpND(bgty}N}f;sT<6)wdefkXe;dNgKO46nHx27XdS)PtxCG;t zDLmim8Otv#1UftHD$jR|dr+zo=$nSEm13I)ZPdjPG{O$1q~Ge6;;mHt7uvN3$&;4eFccFE<8A{KF&(t$JKv+E(zM9xLR(% z^v2a4c5-E0-K>-78UtuSvo>rhYgV`llY2!xH@~61^^NL;N`mJ8N)y1*%T{Y17~h2Z^kF6%38X;BMOHl?kX zWwxPed>3K~d4Vn-0kZ2r&MQI+2Qk7r0Fj$0D!m>>vq8EMevMd28;?o=FNP-e&o_=v zV+)fStu|?-JGEcD8BMH}CQ{e2MAnPH%_#TI9GkS%B_cp{LRmr`_zx%d%IXa_qlcGZ zA#$T^40y+^Gv9d;TxJ+Hf4_ zQAI}*YU3wbS=OPiWP(*+{LJGyA{X%F#?Hn$cxeVjT9fLHpJHN}mAM&>nCOIr3d_Xd zgYiHOHITxOy^1+WqNmyHGN98#nhSC$Bfk5YJ9tnT;71s?cwB26hDK94vvM z1qqpH@RO3WHE>|IBGH^sPrpqP(beqwK<5y8i>Kg^k#?)O%Bg0YUCqIOyZ*8>o)*FT z%oWdHv|f8iEQP;4I|p{v7o~Fpx>Cm$1?o0Kvo09(?z|aBH;QY9W@P=w z@7*^eX@K!tmkHz58)9n8$I=(sknxa72LqY$5CEDbz-<*_ZA^!V3ev)Zv-0x1I*A!k!|AB;+G_8`Gw&UQxBg6d+MfW9You&%9; z1jKr_7C2}RX5w%Znr&s5zWnu4>2TB(wEW>_b*M(p?7%`8DqF|%lw1##K`Co-N~Rnw zW92h)OYgSUBg}Q_joUe%jxdfuH)Kx5A0xy+GPq`B7)v)s5i}Bi%=PK_cVTY~v{8^I zuF^w%H12pZ!0XS=sh}^U?vf$v-BX_tR2tCLM2%iO=F31Qo%`x7+=1|b`pz|2EDZY) z+SbD%>L&pTyUjvw#)0xQABv4mu%$?yFofaC7=n7XHQ7)Dr(&?{ahJsTjo;u>BeZ( zkR4?FV7H0}>xvNi#t;+qUL2;w1REUCdL*is{suYa_+O^}aDwe2raHw;WER5U6m0^` z3qD3Td;~f!MLs$ZGY5I`sdAT>Ax0b|WR3>{TPbekp!2GGW{S3s>1`c_R#^uB2`W#h z`(>TMIrZiY&7g4sYxo=*=C}^>Tu}u>TX6nK{4sSWhJo2op_aN!4=ecMW?|0yJjy~n)HL5P1 zOZSfc7N#g@HjYPCsIMmrudG@*$wu{#PUi73957l+A;w^CZUrQ%w7=%7-U5P;&&{pN z&974pVv}jP56R7K%*}69HEzyOYdo&(G)Y&Po9S!iSKs_z567Di6G3^4x-}{^rMC?X z-0}#BZBfI1Bso;@`;Y-Lu%RR)pfd;c-)EzQHW5lniR*{;@G@M6R_Wrf$7Z-mBMuvDu&6m`ichNgvA^?JDMrw5D=c$9NfpKU|OU(RxZW*03GozidOCZm) z1lZUd(;xw~)?_DCZ^_o8Y$*$((hbmP^GnV3@hG-0B-gA~ik|z>ba!fhQMH6>NAs{l zqH`DaqMFaDw^Zk{9~UxA(~Pxxg({sWiq@O=S1Re4SXWi#wQc!3j<#(e?Ko#Liwc*~ z62<<^`?^6mi@&v#D--G$b`nN4p}O1`M55dD3rM~ahukODxejYM(Hx6Az1?gTCoq&- z;)QZ4&z{;GQ!mSCWxrGsLp|fZm&Me8Ny3r2szq(p%wa-n1a2dCOUl9+9~eB4PfVQ) zzC=(^Qc($mAy}=%?qslG9He%}LO9+=n_6I1YzB@+*ficlJ02!Hj{BiwLZJ)P5KnNnJFXZW0 zAImd{!y|0Niu*cWP3@On?DwRGJpr?i=u*mSuAbIASygJ$a&0`yNe0ycI$6DjNd5H9 zw!c30wWf*%m6HsrcXTpue_j0X4w7Guc9KDLtWMg5Vm|0+uYEXLqy8vHRom;6a&s{o z`qiB}4{RKsn;Xo{52_9~XSg*UU$`r^#(VL>qe81K{t?EDuP-8Efz_N7R97@hcgU30 ztL-^AT`Q}*VFdze78VeC&Abl;hcSZ+7~;Z~e5x@{O9IOkHDAafFOJ`42i1kcd(`K*=X<+8F4^~}&%bAVTwJ00)lGOqL1(^sSy)uZJf$d3LkdTHZ9e2z+w~l^c;E z4jr&+8)dzQqA?T0yubOTdTSjzuWn9txfqOuCe zro1x;r+zBrg;0mOVZydtESiXO#;;IC#q=vf*+Yy^pnKZ8E2PUzE7wr8#Hs6Th6kR7>Nm0>%L$nI$pnU_!Ogh^I5YpEXq-=11{8S%LsO^LCD*m z+Ao32{o=it@36>lj<~7e$`*CX1)|c{K44>-)vm)Rdam!>fWW8pL+aoJdc2a_0?w=K z=_=51i>{`MnQpFz#IbWA>wL zDdV6j!x@lFJ96Po)u4O2jH~CGb(;e#BT7+5k{cn4xm80N7?KG(Z_Zv9 z;HdJXW^lAvMK+_UP$GA=%OuBfOx=iGo$UT@tH=z+nhR<|1r->yTDq~^)ugSqUsHqZ zfiYSSj21Qf4R@jsYCX37Z~8ji@omDeXoOZq#=Mgnj>XiwgB)!xjb+PaoHQlWIvFUn z*%3I!@|26QFMG044c)c_1E5B#XBdu4T%Was0zk@ZwNZBP)a4|dN9Kse*PS`yE%Yd0 z6*&L=U4= z^7O(|=-DO^h2x>%piEtRma9EG5rNOOQnKahl6>~Z$WC9+a>s(;++3Cmsd0IPl`My; zmM062$!GtG*?LtOVx3a#d_AF%rlol}qdHuHR;p9;@T)Z3ua2yj0m?E5lLFGWZ$9rD z;- ze9>qjIqJC<8KKK-cD>UO?Hy*4d@0voNVmLM46- zkVek<=VICr8;{W+=xm4TWL}5FleFhp{03E`Q4snjh@T{(v&^HwuS`UCxs}}pNE9GH;_!Ldw+aOIuLU$jfl>%O7r?&p(iEi_Zb<;CCij}n=oqIg z<&bc*53{qWXjH_0QXd2$@hLC8L?zI#GGEyJNYa04~!QK->g?`J9*-3nljqSqwF-q5myJhFEEY6^a~BgAhd7xf$`e( z0-7?}TR@m6j^2bK`!F+4!QmV|TGpXKQCR9$FsAB7#M0B`22x0<+Y+vF{GNHhADwHh z!(qVrc}N#4!nv9BwHRFEuvt%5c&rHSi>FScl(`#O>Fb+7(^IxGM6l9;XoH0$)w3p! zAprbfqfTp~UzOxrV=$IO#vij0PylhJPb5YtW?&~;z*&l5yhV7XD^mx)D{Z6qF2K?V zrn+YFiiGDrWP|6J`jv#aP!o`90-c9(efdWKVeS6v)QqM<|DG~sKu+qmW%{L2Utr9>sRhWK!~3lNJv6O@^q{QNa_QLwOa8g zW52p3U-56GVpP@W$kzu?N<$G z!BOe#c4mnR{22?D&t`s&a%=4Mb>o15oD?fw>X zWfZzyZri3m04cqgCXB&I7<2Or=s(7Z9~-lN+GA&6Ick^(V|xCIb1sK_TJ1v00;+}Fw4XKgZ5H5&v}x!fKVK? z;J$x(OP&`HR}<*qcAQ?5mJfk&t0Ubyz70XKt9MtJR$QweAj(&$AF^B-s zJv-OlHldH`$0)nOsfy|q==?LaUj6X}Q3RALQ}3?UN`dKA8ykB)QVx3M2Q07#IsZFR zNR!s4HlfbeuUOAxZiIqD;QS;}ue*Dr-!lQ|+ zrS1#n;&%N4QaTo}3VuXc2!=1P)ji_!`&{06 zstZ#?tzOeSNc?)gR01m$=-^V<8ZYPCeCkqN)?s-&V3_%X&9-MLBj$a{q|?>v!wCwU zoki!H>nS`2YBN0oZ{_Dw%LIzZZwkt^wST%|K^4YRR6C=}waXg~cd!l<`Q10(*Ht9kneBB#lE&Uqc_W zgCr}i_S1bQYB^!mZfcni;c9=+hvv&=buFUqTm$myI+Uvix7a2+(D^7bVL1^$&@LQJ z<%KI9Q@I>a(~B_tAE8LF;t6%NrU0shml^s661c!zncxf}J`4^N-ux|FfJsP=!=%c5 z{Has}zj3mUaS211zjdVX8?1D7aHB3c6EUct<7^2kKY%) zZ@A0*7nJZAs~viyYAF_Z+DTu4yFHk{adgi|q-y8;YU;F85JvPq$$HMg>J=N>V|KM> zAonV3Feke0CpnYk*@%@?SOcuK<*2|K3IR@NX`alul|S1k6KG}@YH*v_kl6tXQN6** z$b8P%?#u)rN!_^<)j4BeP<_dwW_9VQ;=GcMl{7)S23&KMgmAM}cDqead(3a?P32Ng z?#R_V*)LWz282_nV|JxZF~5KsS6OvWOMv}Umx0Iag6gf&c3bARt$i$&nT#eG5VDG( z5|8Wv`~C!iMYn@fdr0o@VmKl7RAoy7NZ?<_EHAv+RWN(mUHP)#z^<5EajL!b?7U#_ ztFZ;!dJv?6iICDB>rjRR2`B_9h+qTbS3wi})wv9(DO7|o>|Zblt1Ryd7K^)eeQ1*a zu6*$4ASh^fVc09sF%*N|5h-f$KhXl2#^Z(J40L>qvF$W~nH_E12SpL*i2@6B&Zhwy zK^psbafWv;J!2p?gievPi(-JX=;J3ktiGxnZlMvAo(%iZt{o0^6oop_gX(M|F?pN? zzY+{JL*4SBz(5BBtNklPz5f1Ksp|@=@$aRY)Oj|7)@!!L$$N;a+e4|I&pF(uj)Kd)tXP_n*Sm8+2TqM>mh^=3K3<64e^+N|c%=@69Li!b=a536<0W7dfrkkqLFj1NjG+;Hg&o6(7;*%{kr{+J$1TaCZmp?vSqvT%E{JKzq)^tK-R3)~ zQ%RJ)iz$<3w!-*@BX(S@8>wYJ#}Jug7Az4gE!R(>OfpM~=4yYy5B9L*nZAyzkTgo8 z0V)MgoRnL0g19y0wXXG9R|hS_XGP>XgT+;4Rqh&J3r;-P7KDtSiQ+hQ!Q&1IHCBSh zVxOr9CL&b>&39326(TN$8xetyA#Aod2A3QS*I?fPSf$wD$x8-S5kkfCFgXxMYp;!44{RZfhV9@8oQupK2vIe$rwWsBP1xF!NJfuL!OjukyJYsL! zYtLgM@}2WH`ut%eu5NwWwo-9>pkofj_k8RZEG|xW^Rb?&c3;p(VfzIK&JS|)5e@X~ z7fe+lbe&w2`3da5*gdQ&=vV7gx!Ak1iqLCZHPIb#$5)`^ViW+A8jiIALvx}2D5vj+ z!U4S7G(Msb1+8cozJE3HVG+9}E<>*7vc9yXKhmr8$KXp~N@z*6s3GHRWeRkx$V1S+ z7csog&vb#mBoLS4tO3+qe{*8D$$25+x@|NXY+5l;@K9Gg*nsivD{#WSTF!_}JGx-Wfi)cBZ{G_CXAN7QvoC zfBK%%rE7)7Aq?sQg}pGjK$o#?nQw$Z#y`fnBI3ssYzokZH^xgk2vzyi?<7(y7J!TI zyqHFtZ<|?Y4EZb&*712HP$A;%kFZYx!qqT*{l&CdTU7QinUGx~jQ>2LFB8G-OYLVB zH2-ixd0JvE>i6@C!krhJQA)u^=*}Ztl}C^;A+XBS@;rQEKLSd{g)1Q7c!FI$=3v;% zm=Oc+GJ)wGQqc<}VFih#C7U1gB$8971 zXH74IKEJb*U_Y*Y?!J`A)h+G|ir!$q^u<-m&98{7%iI_Fa>-h4C2&9-0|1^gN4&Zi46vUL7WXj@k(M843kf21;7VoE>VsC6|8o^ zi0;C-fhpLHgWo#{bA4!}oKgTQ=4(8tR4{+F0Szo9-~_!RVQ?{INxSgBp#E%t%}u0^ z=8Mx+6Iu{2i?Of5`pa2AZW+N2f=;;7^Yg86V;Og?gu~s6Wnd&w44^P58=o&@1JLtW z_Hf9AFs2UAkLNYox_GT3C@eXiyqo!bU^j%2mP|Y)jwNeOY51S-;06Nh=gr{oGKs@! z#pSFT^y@|V7+MG#a=(O`I=f}#taS|Ug5iGPqhdMu!X=#8s$N_Ys|ja6;F>)smJHiH zQVQ9r7s$H3c$cVe_KAMC4_OGCt|_u7UK(wlob;&u4==G7riX*NAa-7@ zAhxDqf$^W+=U0=5akUeKnd9|P{FQhg&y!+r%$gA5+T<7HZj#>`{zN%a?cWc9Axs_6 z{{0zz?o+*{{rjOv;p}<(%P|JeZW&eo84BVK^IyK=nx7uNVXmU#z(!TBO8w0@5ZU;R z=zp)u=6KSR%;A#oo1@4MKF%c0GtN{T1Uuhrq@5O%sqB#w%fNjuE+mDFxO!-!L>}}R zeNu+Co*z1h^>xSjdacLveFa-)`hEp|{CNf9NjWq$fx2u>4&lIJEq@HVYDGEfZ{KB0 zVwWw6?)F_;65Z*|W1^FrRZT)}G?_ivK3IbfQQ%mxK2M9TLX|%0jG(#@KjD*p&PQMe z>cx7S*CTjY+{aEeKSo!TM=1yOU;A#soWxkeiRdBO;brz|lbP-3ncLK%aW(a+Z#f&9 zJQh%{(^gqH8^GDq>OOCnO;m5dM>43s>;?0?WD%A-7zAn@J`;#OGch|gJgIBhhMM~e zNa*ABkP4`XT_H8)0aR>7YMJ~Ml8pYL%PpT4*LSwKzH`O(U0z(I1?!U_Y16ul+h!fj zWD8?q!9}7#VXZ*d7mEVXo_eVpxVjco6~l>J=4walSqAs^KW7JCZf$6+tWq<+J;(IY{Z{H-Ltwj zBnryN04jKw^X9l84edD-{f8UW|K4EdacyU?FE~dAJ8CfoI@wWm0%lOEPeEgWk#gS- z6KXm5mJcPRw+#t&@S4n%9B}DvC4tTo)WNHu;`~B~LRyEm+d8z})uHWq9l~|QGJIJ8 z^&}f~&qma3X9)pRNrnbxL$RzSs(yQ!49z%}hZ8YVf<`f|8SY6zsUQ-^*{Adth*>Al@dl_-e4KZ_W69sJA}jOSI}%g?xhGw{aZpE zv#s@%yg1Knw8fbkhx_-Cc95rOU&uq5*$jx_rQwg#X}!9IXtap2{8Bp#2uecFaYDMGN$&Fa+iX`ShFc-5Z< zi1{AWvz=qTX#NlI5tm%+5rCD$n)6;BRcYN#R3&`KLgvmpy73(%Opyi;usOqomrF2A z{x;dQ(?0FL=+pnu^pHV4P)#0bQT&L6I_^B71&0YnXz;NG;J6BCFvCb5oTOoVF8vu# zi-rOfgQ{@HFM!`0<=m=T+I_mmL1%$3L!I27Y0K!&>Wqto@n2W4#vVX6-6`tK2JGBpywIm z=T4s)T=rqIy~oK&E;J6%o%mhU?!;c>eg|rF68)X(?taw4KEPFl@(qATg^zZnyLasl z|Gz;0U;Dr9nXFGiX)C}fQ$>t{g0cWf7m>m z_NmFb>GZA$K9?B5AvA965me6q>a|8{O_1NFDRdEbqkou7e`EUet3f{uh)e(en*Jvy z+WOIGW6Y8H~_A#O>vI!*Xe9fa@Ag; zUY1%zHV*~oC4A;v<_nNS1vX9toqtDrW?48tm2SmRb&ME(HX_h*8o2m3rlw?6x-F{S z9;HSwWGJ+#t8}C7IST8BgX}W1w2)e_!gq2aBX;Dnm$YjKq_#ari{9D- zz$u3Va8@!Q?YF4WX9{b5<7+{cCwZ-8$5fHlit6rc4a(fVa67I8LG0UZt{)jb!yj2v zKN8uCZsxGz=`4=1r8rIPI9|zJQ3IvwE1q6Y|jFiCo1jeY^Qid+9 zhT4DEb?%CJCpSYQk0{m?VR!3M*@YyB!GuC0ekKh~bBI_Rw+Z;8#=COMg7MhyJdV8D_aHOS4zzgZ^)=e<=K7m?~A3e^|v@B?%~JRMd)r+hGxR>%)?B7 zpGSJx{nC_1F{-W}8Z^3R;m;$eO}+U1cMvOsFCE}m`@iYWXd-J=_X~u{apGF_$di2G znC+Mh8)&YIs%StyC1&4H4lMm6@^Mceiow7)&kqZN&syNc8A2|xF=6DA$0gLC&gTH~ z;fw@(7>(7cSib&QtiLy^Ht!?#vs>#iZFDshp=av)uwDrEaPQ%7h*x{M;UQkS)+`Ha^@$Xhf3R^~sA zcO>T{CnwPHGYHD~L~>us=PpIAtj-KiJkt$-N|>dmu(j(t~g|B5B!c@_Tgqi-Cg3Q7|f8fHY3vb?Ts}s5uhzJ_8sq-je3Wa^QXF^2-50q*a}RUKN=I zI`~nqdp!>y0_4_x)s*7Fp8NG%pyNjx8|U?gQbVYeokK}M697~vueu%K9D(TiKgS1m zGChzBewY{f3ID{Oy^!`vI?TyR{SY06So`>>dTu|L5N@XB33*{q0U-<(fb6Imz%{qPj=1KI7!DDm=Em`tNbwLAb zDa}r_Ro&nbYlCRXnZ{EZ=M;^D69C3|^iFP`*Eo&OlZ_MbNEWMAaaK}B31{~gs`#k@ z=MZ#qtkh@R!J1iR_9hwA*?+LW`C1a$A1ANVXrldg%TLz}br~KrAo8&qd2dAi#75;o zxV*yVPGYC3`XTmEPYsPKwXcwv{m=%g0RrqBL{yOHDX?kI`B;P&_`@HafI`747}LWu zj8O&!D7Q}P5P7KUPnD{y+0op|s!hLie!lo3Ytm@F*n75X?zib(KJ%SG`bN}+wT7`} zLKB>*hwzr(Ika^lzVs%j9i8ZWYdC+60A4dL7h$9a>eiZT<-6cUJMayI;vb(4NNiZ% z4AyGURG@Efs1xboj3+P68NYUmED#Lwb<#VBw4ShJZH6P>#K(Vkrne2lRFU2}Ja9)( zM-TMJ+d2~0T1O-&+0A7bPz2%UK>s;8bhZ_&=M_ zQ2N=To)5g1_drrY4YQgK^dfRy*OM(zUZQD{rO1PTL3DNFMRY4zqs?cpH8}eXycwbK zs_Yx6FPA#dn;qjMj${jU2f|!D(T*kq^{bn+WqanuRc?w1C9Vdvh@+QXuCe^t+c7~e z%WLn-O=4^JWc_MJcS1yLjwWb&M2lm* z@n5=4ztiTlUf8-aPs*<{5T#y@^cw4(5_&gd4ZrWf%UGoxTt5X6WXaA9RU&=EXiuQy zH>_Bbmrz$~BG8FTx!^WeQ9jY+z6lj`Axl`#1A_w{@;N}jhu;S{Ms3*xm{?dl zZ}vaRG8l%d_=MZ|7M=!gLSz>ipEE7JK3=pGqCH}qEm}B8m`^Ya$S&3cCF*-f;Nha| z$41U6rg?qtU-Z)35vj`Xa)?SF{ul+bcgUhxH+xm~CY(~O&>v?L6mD{6WMMi-!jBl(|BEid~EJ zbD{J$Xz(1!55C`6nGH@+vuk8FNRMSzo@v%Qz3=wPV!$O+B4gWDPrSq4gvW7 z^$F6xxhr!vl*PI|Oyb&~9gUat_r-ymjzl$<{!t?9mhf@_bKyIdLzdM!*#(Af_^LOw zVW8KqGq}kvjPWZ%uiBh#NbPT&;s9_y<8|F&pSjqdkq_^^>QJNiLH~l+>~MokX(5f1 zfrmjmXRM60>~Y!^5|O&Vm&ZHcE-%C?qFb1Kknq$yTaQtg*ZgjUlM{SW+QrwZ_ z?=VKtDI;5F9tMh zd6laBbX_nM`x|u*0KfnCnk%nTZ2jZ{IPWuoz4P6`z>SQK7(c`xaS$YnPPP$a7Q2pG z#QT5jpbj2yFnDA_+Kj4)UzMtfvjn+jAFpbv^F8D@e~IgD@%&vsmv-JqT=U(qUr%fxZLzOJu;H4M+}%s*x`-QV0LD6yDW!!}F#w(n{R2a~ zP-}PQY-Vt6B{a6EMaPNsbMwkk_T|585jKe7ehn3*7vo3pGsi$k8k(#ye2LZ!q~ z(IxIY7a0Hz2;3t3l>PxWv&qZk!fIawnt)=QtTwJG5S8(aBb20(*#U%PQ9`{W?fdK^ zeGOi_-=$B^(+{&r&uzZ){0i5W=XheaqU`DGDGN`6{|lEQC`5QGvU zD++CJ<{?bgxp`$E^(4^+d;y+*bd7bE}xlefa41GmJ+?NiSn zmv$zCF|!8`AFM9q{%wZ`gWJLm8xuzh8<`_Ph^mH;X)QevulDz+=s)`5KPJ%dGF_uy zj8Wfcwnylml?8_A96t(QY-eu9#L3Z7j5!KpR~u}WjH?fSAR18^E9ZQTMWNKp6FuD; zrC@dT;){l7y8lRZK!kKtR>k6J_8N2kjL5{TCrh@m;=k~6qkhqF$DMf*zjejaJE(q3 zZzMH5uB@Z%sNsGJ9T}`_^D*w;$~ePGkz&q*Sc9hiW$o#Yo?oZUd(tvpKuyM8>Z6_ujYbT1eUdGk+BPB;DWe37h zPL^<*PhDlM$_}5o48PwwL{P*FJ#R}xldm<4-(NV~uIcV0?Zkdg`$?z$i=FltIPJfz z^*pYAtj7<2Z}w0rp1sSa;6>q2Ueb%Fcv3?*ryHV0>4qsq(|WCm_{v%83;CoQhIZ>m z+)1?8RVx=jy)70vg)j&_ZW z9Ye7mS}A3@@~OXfEwa;CWS{0Xme4gzXQyuf+haGUCxGnEZMAC8J{gl zw&>)zIgZeBTV0any zi%5IygmLMyEaORyP9A2gqk7CylfyFM0D8E&N;L4MhA8fecb^-LCx@sBlTS0*UUx za3I3D!OQSSWnU!1WM8C~51eoRG_Oti(ooV<-zqrc#I;8tB97E zQ+wV%ft;yAif#~F{sXcDZa53~xts?70@inLFp0SJh5cLn0!~?Bi!U8664fore1o+# zJF;~jb>A1op8NR%7LGS=gm`ohc~u3zg{ECb9`y>Hq4Mwscxc=oRU4j`E-2Jr4fjRW8E^-o9|a*5p6}!U^NXO1q@(P( zpa^%o#Hk_NZ)7UMkAW8yw%cduV4jY)v#kQL)u9!yGpQf5FH=v(XrH66r}D zI_4yjk~*r8fS>6~cs^&MVGbjrMr&PvKe6#usn@gb%Xm!03*CfYOF<5R(XN|toI6if z>1wT$%2~%2{A3iJBTS@6X#g4SHU0sS7@Ik#jWc?Y##p&Y+%4PX>8Ej!M`8Pi{kc*A?cm2#TqaLcXX@O9`uTTUq}gSsPo_}+8GF_* z;{!V}sA(=jw5jRo#a>V9e7DaQ*=-#neYOE#!auIiB6(Wi;C+887dk%cg6VL}=-GY> z1vvL!kupAXkzOzzF_@oFl!@$UgWJQJs988)C=pLv1eb%vyJd!j2r^4hAU&3q;B#8Z zvvrZH;5ydp0>sxevRZ* zYa(m~hu>6l+*JHU9){oaF+x;o;TUN((9woQvAv-_+afDi?WIoC8yL2D7J{woWx3>x zgycLeip!JN0(P;68TAFCV41U=GT`UwGM68W?dj$)60K=yZM&bs&dfv1Cf~)PANGD0 zH(d)y+rv^BMth*6lAyJEVG!sz6mRZmI8`@k9V;62d8#5`IpmpZ#d7C~(V{@CXeZ=g zT{*q;^VWYtv-Z(tjgr4|`TY}(R{c2RxMUKY^cz`hmS&r_)HiusCv8sGM~m>C zyc5;X5z=GXlgw{h)HM8bFnBV4>y}PQ>6yB8!ng`eBd$>_aSp$|2)VFV{pD-@!M+C& zAc0F)?=g$5dN0CpRy~4pK757@QD=Pq7V&wjz7)TGYSo9#hLBZ{-)=0k>dVcBa;rXU zHiWJEO0%KTs;@E|s;v4Nv!TYSA8j^_w(4t593!ibm<4LkjEcNYruH9&)8KUUnxS-ukfk!n?U^@K^2?t?W)6WY-r}2g}B)*9NqH zQQ%A<%7*yDS6Y-b-q-AmP}fK(L8|yQvroA9`y8^L#99l+mDo2i`^npOF#EZK?CexZ`OXu}+vKDQFjE(+ zH?H!s&Rw!hVb(;W{B}0pRO*zgH8xAmsRuea#~5vQ5T|jFlY{-p4SF_-s}I08bZ=TF z16jt^YxZlu={N%Sy#jrvzQxHUAomU88^}g}CG*dj!>Wr`g?h4(K+VXxsG+F!zk|aJ&{~as@lB5Q2C*L$lQngbj{R^4TU@~(1pS$1?TrTy-jULhHOOKK0 zrLkEwdCPo7Cz63di(_YI}j>^?1aV3AI`+BnB`5ATcb~h(%v`Nl=ZqB|&$V-)sIytRF5r3B^ zyfA@602?R2poc2v(lbctIeB+_R!Ro>6?)!uUmbe9PFpF5o_*aMhn{Yy6zPe{i_k*? z9D20>SjwP%K_^5()p5p8AbNFWHTwa_9tWHzdTOqUsh{a&6d{f!Rnkp3V~xWd?15G3 zRX}dFk^5rmc?}?P;5MEk*LS{n!~^p$+s7RqEF$_MgC?k@k z`pw^vCx^Hz&vD6!S|E+%&?v-rO%h+eIjWYlQJR+~BXPA&!~Yj;Zvq~5k^B$Okbw*` zFad%_H)zyR6G0`4O5`wT5LASOkOVJ4m&MsED(XZ~xx!3Bz77NEdakbGeXQ%^>LOl{ z2xRa^yif%3f*uAGIl?8(`}tJ&90`fLzR&NU2a<2~QC(eK-CbQ>-3@Sb<%DvTmxvug zQ8+IFp5vYTfQ(0p5RZ3(gp?;jx_Rp*WI{ZIyq=CumxO{fOUJby)H;7un%<8>xr?Wp&>q`0ci5QgChn& zb?t-N@$|C%*YA;_2+_hlzcG>kpoZgL8CZMWM7G zy?7KwF+X$X+dTIi$in29zYUWs9Xw7%1V+}r=+3>P#|l1vS~IXC?vhL^?Ra1{u!ZSx zZBNkgtmW`vmk~fN&RzW6B;ytbvZ~6;3Eq>zavZ>V07?Z$0;*(Q?)srI}dNsm!l^ANaBwr|7>+tTWOcu+-n=^P}REc$u|4D%48VckNDA z{n}*J|K2HX8HP|ER_$-TNL0H4#3ibYOIEOwDcO;z_F3v4ji1$Ch@@zx-nbgip}zh~ zsw&?bzc#jJcMac!!<7gVy$c@0NsL+erABQRbgVed&@h_j;*_JuYFDD3QNoiHxu{X_ z8xc5qrT+5=ZSj^Sz23V77%&zbE6R4Jmb9p`xK#cndKC9j97X{9s5zgJFh}LhA`#_k zkLF5#47I$nvtD82DuxV<46WGj;7gzIukNW+2h-7|=@FaZ?ei$j;(rqMxZsq~NvD8b zW$bN`5ZT|?_HdDpDVk}xe4z(iOdRSc4V$)(t}B?~^rZmNFGzD|_S zgWs{GoZgp!z%cW9ociEAtLvN6|7o7OTHOJ|PGTh3Ajb$C!4A4(&^3y3VBwwJZ{d}5 zhVEz-kw+1Qg>NCp&d%`Hk#f;Nt2)TDfv(^TXLJhgzpX_&yj`{}dZgxWsXA3BMUO%1 zlW>8cLp`JWCQuEsmiwoUw#{4%-{tlkw(PzSqMsIwb^1;yRolNcUDMYirOHR>DqCZn zcq~G;Yt3K;;W<{WD^gLk42lc0$U_!ess1PDj%A?+DfriT}hgOaYOv3EQ=MzPA3 zYU6e-=W^N4Kw?}Og!^!vv6~#|Mo{y48S5-mRomlJ?e%;OiaLa?m!0|xWYXaskBX@a z(1VDwrM%GH8P~<+YBP4d?={Bm`>o~K0HJTpi~QQsB_I#fw>JJF1FhJf-E z0-ls*ZB}%dEvFkyCi(?L zQ0h-k~q5BWTs=5G6j(XQawE>G4ddZ=+Cox?pxl~l(FayNd2<~&K^ zpzl)gQ*akMTRK2ru`;Ge)>fj`tYW@E)HIFIYMKBOF$DgX*2N2(|@q5YO%BeF6gRAem+!>Y-4;m zW|NHK@$rQRsoNZ1k^~fq>F+njm*1*Se0)iw+r6ue@iNK3HLdc`j4!0R?eXOj?-dwd zyxgMk(p3#Im+4LnF{uNt*}u(hWxUC5soE#o*UR>8x2Lu7PsDdBws?BNbZ+$p6L`@~^edxcmdPmVcs#{3lR9 zu2Hut|3VMtza>4_x1nzeMFlbTa|yG$iGNT>-@=#^XCEKPw@-j zk7Qc^b4&h6@Hx^=HGi)7ra6Bu0lzSB#`y!(nmniAEAf*X-UszE$KlT zp{TD=_=>zpBNvgeziG1Bnj|n0@@xQeycw5@ga%sGqG~DQXd%~q{{zpm49Y@Ak}S; z55v6=LpY#+*XzMy4;H*;aM1GZX{9|qx;;~8&lG)F^lz5>`}J>+XvIFQe}6qomf%VK zyEXl48s$gJb4&Tr<4;z+e=U*zwdh}v6Uj7vYs>y6!Jmtm>;AQWUGx66O{|nD`T)`hMV|^q@&1+7N_%9r-M?m$Ki6v0X|v(J zP{w=zRA-z&Zwh}_F9Lrg)735M(ZP!am*&q`Up42?yWm&6zkokLt@%UL<=!Ofb{ci7 z{1JM{pO*A|AdBJV{1HN5F}2h3%FEXRkY!o_oAFs6zi2r=&l(s2bL>@}y>(>LbbVqn zcJ^FCGxy7SBHW%3vBl0_!0^rMwOyz^A%-XILE4_<^wz%u7T&|em4XE4-t;X2_rZYc zANT+>x&z$mG-d7FCuR8u_J$GL<~wdF|3d#WMedR!o#bceR%ewmxjxXj4D_!!j?qsL zN3W&)o7zFKKWOkh**d=I8pC75pTwRQ_F!KdjgKUTi3>WTw(YFJd+~I516GAqKbxZa z#*1c7n=fZ6|3aUQm)E!T@;V#(d)#vy_OTibvd#K1-mHO7eoQvijD+DA*T^{Dz+YIe zmOl9sJPo%+v-J8s^eW-%1G5mRpM9~`YBC+`7Xm@hv7UHfC9C1dlj?&p9I9~73E|rs zfM>vSY_>dAT#on09*G-&EAb|254~g$TYV*asBbP-dG_#(fq5&F3|Zh_I_C+LUI}m8 z{MXHmIKE@>!j!);78+{Dg(fqrs zeO5-KC*a2RB;Rg$vu=;b3CI0dkFUWs6aKOe_YZs)i77w)o0Okd)`?NGrTm0+E*Uyn zvvA-nK0JQl;6DLLV6_wv(9_kXCirr*Q$R*?ybIoitQX^#dgMzfbKC>_%+d@L+KeUS+hxF;w z{{Ddr5sGn#26#P(L?nenE*PLG5F*?OH`MCh8oj+TrjzZ6Bl2D6J%o8c$oKMKwz}>Y zDIXaJTG-Tp!`pve7V$-hr&MQuIg!1abkTOI;T6ecZHWHW`chr!#5&JVG)Jd}pFj)u z2KvXSeegD8b>@Ort8p1tK(Xlg@$o7gSW3S0CtS3&Q2qv%&f;JEAePNxK4;+*nPWqJ zeVTMOyKkBIbA+0vSz3>j>N#CI z8yWz6s!4mG^_lgaIuq59;c1k-DlP_2E89c2ckwwR%~gh`lmr7Q)o+vJdFenSq#r{K03ve6VmL zPEaDiZ&Na#X+nc>qx@^=Xg2qV2CEry?wWBRIO4#s)B&~71_!dxn6ve?R*znkFsJ-nn8BFzljF%o|df6qq9(w`iJbPxq^}y++-ksB9BuHx52$N=zFv< znCYom!{Nc#MWYQDJzB_Q*!j-l5r=GFK29y17DT^8p=hb@NS$TbWv~i7T8O|X-_gkm z+kQoR!lpcgd2=vBAkQpdLY`~U{5e)TTq_hf2BjmS9uby3;vy}$$jO1f@e08a>av!V z+3=Hexs+<8$Va3RJ0c(cwY=F7={xn;|iSwJF)4(8ys-2?tv|y;icY>F(*_O zmZ=|#}ZmJaS$ZLC)%O}33$I)lkn1K%}E%XAR!YZ zSce*Za#e5QJO*k`h;~W|0BNpr?^lMji#2IhU%Z8jJ6>5+?6V!H-Yj|RtFl6`csMp! zcz=)_&`os?Jn0Q_DfMngaPSq+uSipl+iCc>Ozpgo6~;S^BaRS7HZ&quu&U~4-qVR| zu<*W(xBZ(~km0>8ov?ZZ8?D6_7xyQzBb&mthqpMEU))(l*blIl=s9|k&$G1-CC6QxK7Zbyu;UP zuS+^7Yp7k4v?Lt+^X}czh{$TQZg*~IVv>A zbB=G3bGwdiPH{7j3;O3lMr-PqJ`5GxJ!HF=qail~Gt|w}OI>shOb+1-%C+_|#1I9? zaQeII!121~)-Pit?I{ZwfG{Px1N6o(w?1sDu16^D+PV*LxRwBanrc_zH-f2Dh6T{U zt8_3FVFVN4Pg5<$45@#WU;_MUs$GrW2tF1=Y*+vt{HYEulwbnDF2Mx&(^R_)zY$z4!36lzRJ#|y5qz@*6W~u%ExWAUcY?kgOw`!LZz4#| z(8sF7wS@Q+mZbcWhgn6hDpwUc8P25Uf~#8DT09Gh)WA3bLi`EW*7Fa3;_Vg~hDk0p zBPSB&h-W0kpTk==aB_=`bx5Y(+f4Cyg=-1%=kT_dX*IRPxk#q&j%OsqpRkAuzv9vn z_ztsRYQ_bKRF}sy65`L{@)M|Uk?|fRQ#tXBg!mJ#{ZxOTL@i-~M_Ocj014FQO{R{7 z_!E}o{EEw9U|Nfe4mRi;zs+70*bBKVj)y{EGLdz@iozUqPfA6VFJ9KVj*9{EGLuz`Pb2mmpFd7tctD zKVj*h{4#ygUE@W@NDY4J^+w8AD(jDyaASM1C&q`=w>HUi`2-h9 z&j`!t~;@%h~s$6r~ZmV7IyIlr$b-bO6(u{OxYWmUHW z&X2uS%s=aRe>ARJ3=OdtmzP){sy=hXK1dfGXac?xXl%IHnjR`S!M+dFG%YzA8kM_f zd%60`W{ihvh%fkg#%rOWJ-oByBot%)0{5L?gbbR{CWUUqJ)P0})D5um10IRzaCZh5 zX%;Q22Qe*J^y(~xsqx<#772(Dut+|`fmiDRp*%7pn&X`tFS<+LuzrjT& zFIfIRShWW4Cpofqb&puCm#qbF`-TTybDA3LRRxK)^gZ5Z;x&!0rBBx_f7n_&@+T~G z{ofw4Tyw;1sVya3f3bdRvH50La*k$6@FiKpf9^YZ8Eclpk6`v)xNWMcTg{r#6*2dS zZ>+BhHdJk42lRh`$jZJ;Ti%lW5&j*(jy69QD_3W50U2(6xaV_!L+top8ulHx=VSl3 z?K-*^K#7y~VgC&}tyK*wD}Pl(#8v$*Rm%K^*Wdd~?!T;6d%m+)<*oi$*;h9xM<^4I zk`!C-=Di(qj0!ns=dZ$f1R$Vyr8C$ue@*_n{!aJ(%R@zfh~ZVPE4epPs?OVt)?CNV zQ3P64aO574=ML~nN7dyq2iDEn6I;D>%zlaK$rv7NWeo2eR7Z{3D=}#Vw*0f5#593X z>a?^p0U`v(U#t;)P2lBi=@Ro1fs6X?76fk-cE3k?X+_yi7w6d&s}&u%tkVCnogy%!+bv3|0iM zEdzIIsUGKWb(d4BCjZKp2pzFkJh?!Mm-FuN^bvPDEDC0vht&`k%`W|`O#MqX5w+3Y zhJq@J)o={WP}iCqo_0$z8nQBc^EjYJ>#A3f$QH{%^xq`?hqio*GhSAl-KN*a1o z(|=Jb^p~a3U!ls*7WymHq60#IaRqA7n{0V#5@QahzEu4pTYO3C@#NP$sZa{_3xxVR z+n~Nk`)g|c4+8x#x@g9!%x74vn04=i%-~+uyT3uz!XZqzp%-+u3Q+$~rQKea_|N{dy!1f|sGZmG>&+{bktQ8`ko72gJ5 zG7OEDqJ-%AE;ER?Udq+^UdhH66nEVspEz5Nd*9x}(nde_(txi@H{`3gx?2)EapSk$ zcXD_r1<|HG-@`*4__l?II{7CyC0m`0odM8;Yr_X_z*5m2a$uwlo>6`98-b1hl(*77 zmoM(l7?BhP@Xx;2U!PNk>x^Hn6z*82SyqPN1k0E7?FKy>fd6pdmfZKTWDksyjoqM`Fyz`e;Ykq2l5WM zrTm4Q8SdfRD`Qgs$A!nv=h!i-25=1xS5IE4jrx{<$@*rpmp&U26aB@LZSiYQi3@1extbxJ3z?X>Uq z?@e>hm^iKoVS5y5S3~!ngvp|4@f}?pA!7#)%g5)tz}U6o}mJR~!Fa z|BvUfyP~>=9EH{|c@6GY8}b^ZWWo9t6rfbB*!YNJ&XMv&^{c7=lM;k%~^;h znQ>moF~~IP29Y5-_d2754a&(s4c470j_O0YJ^zi6f^(;bBW$H+@`c7j=MIAG`D3uM zjOsUy{&BOG;oVVQZl0?i(lC<2SX}fIT%5Pz8vGSnhrvaM2kl4KcU&2b#_Nc;1e%1w z))eqI`iYnKkwPW<3;&$vorFK$W#~g**V{Oa`cF(RUhJcou>K5tkYTST!bUT!hGCq` zQ}W)#uyKj7Iv`b7Gi*G6 zcT#|Obd+Ms{%QD@(P9#8rcN~;8K_EN-1Og;(av{jcyI>9-4;f%_&r#U8iVzyaZ|P$ zkBJ`X;m%E+c{00Suq&uoGvj)^mXP;0-oikS1~HQhcDP4=9&)v--lvC`uMuv20$tp` z3X(PoFV#)n)seVx2*hRoCT|101MsM@17!8FuZ1gi0X#aIkpcZa!!|Q3QU*-$cke?A zCCokV0tAH~r7 z5yXizEYF%)*M z?R5@Md2f#@K|779P|y5PkCiJitaQOi9!pujM9&a?uoAcMs%sg|xvS<@BEjjPKW7DR zb7Ip2C3CG!7(i0Gy;A(`aM>bl3C+iNM5^*d=ke z1MIlqTn_%&us1TV4^(Em914A?+hZV&ag^CIT2 z+<|HY&6*iIqAC)4nY{Mj=CW0N3N(Beu+Y91{upJLCUZIb<;Ea7Lonf>xie)Do;e0B zmt(6cA#uJ-8Q)&VQ?#t@q>W^S63`45P1m{w-jrw8;EBF}6e|aQOcOq`C?|aR+cG zx-D`Ef>3(aKvu#X*b5;hqP(}O-)2b78nVhgZzIC<>zA@p{{2q(Y>VlJdj=qFrv2Ss z*j)^{POWZWmIA8TF3&C5p}t2{H~!iQMPf9Uto@ck=yW7dw-+d+Ts5$4WYgB*C0pk_?xHrH~qS2L;f1vOWXtZJ`eAKJBb5b zh5D{@yHao&gKLY2_rSf+fv$Yq$BmfNO-vzUiWxJ=#EdX8;~6uVF=I{44fyNdGRxoS zs9J#1d*cdB^wWO!&q<$s3!e4>Wkn4WJiXiJH=zc&W4h?f?d}ZMnE-New={sRt~33O zIR(%)s@AiTK;S}04^UxmdOOQ^fwcocp6W(c0eC(BO?$~O1Uk`}0kYh-Lu$JNH~Sw6 zACLktscNerLVEZb{(|oTX_znbKJ10LTjL64=7GA*wBep%*1M_GSCKSbrhBo=Ugv5D z|Am6as-Mtel&F{SqJ$Z&!h#Uws0g+8<|*{kc^|Un-|_EtO5dN2!~M2UW^TbJw{#C?dhABz3O;ks zKEWi+anDwu!D{e-yD?O<(fZs7#ZLeCX&8GP`Rn}q$0M(M_U%ZfC1V}*EwHO6ehtU& zKv!&XQnb6yJ;n$}&m6||VT=)uV~lY0EM!bEV~lVdV}zsUc*aa-j1i7wL^z@e;lR0^ zzTj2AP~T(hQUCG`NQI+){uffJsOM5hP^wMBoPcp5Hr|!k0JKO5+=^~uMw;kUcp%~r{ z-@E~s-)Z=^vr{xUu&wrv^@}yw894)|{(zT)64uk6^@$l=i>{V2T5Fdl^Gzy|YicRE zxI$b__zaEv3x+pqr8!m{z1rG+x}D zAkL!iS#4iguoLC`ja`ex4*L23gqGt1IS5hsQ@IXRF~L0`;!EPEb^+X&MDDe7?p|gU?&_ zXER%+o*%&_hf3F)Jh1Z2y}2m%T49?D$178PpqJz%vs)@!|5Ml1jYbYVbwdnb+o1 z`XG&Z%lOMZ{9r{%IW9TKRNdB*Pp~=oCPK}25zm0yqf9fkx)1$$eD zx<*74(*xS!I8v`j{m(PMj_`>+B*|4{HJ75j1S-~0FTC|wv>x}`XgkoI<akHrUd)RDDn;!>omSnP!W;;i+f5Pl7ZUYXXyXTHXdV zAb2ho6S6j_Y2q#lL}#cYuTiETF%scr1gr(DZ}{@(>`k(Sw{w~0v<{&C9Cdp;=7EdrSN?ofxP?_zDiq3f`DqpnSf(l`uif+X6X&;)fXby!n)g4bVJY1-mWf z9@$tNo05fvjHlSzi`x+39a|ckoT<)Dnv8k#MZV77d=nj>7-EkD+NW40k@{!PR&B@6O}QkDpbm#MOHj@;Q~ z%)g{7idl=4+i%Q*83{>k!Ew8VkgTa!qY`& zUDi-coX~`cNE)=JX+|0KicDbw?(cdDmUu4R`*P-WSd$%jdr})WQiGC39{Z{NrCJ_` zYI$smo)(mcf{IpJ4o{^U3V*+H^_fmouBMF_0fb_Q8o;s0N!QIB5nqGvd7Tv37XN_$ zqve^pSPt$FlPHI^688^|6+9UI;5X`{+=kKrkgPXG$6OHY@$a25^J=X#xaZ)RAv}~7 z+6v{x+70?}B|Q0v8)SqFlW|Gdj%|>lt(g$8Oz~)Cz41b3r%x!H@`he#AfZcFZ|D}Z zW?mpC}|)m}zyuOFS4})r3*PCDC0XOp17(>v7Mc!Lqyz zn#E%#S5~hv4)^?pI{1hPZAxI53}qmWZ}mE&J>u)F{B>mII(OYs zU7_G~TX2XYFFYex>w|WMPFhi1u5J+tl<|57?)2nXjdb74+`y|8KuC_dNjIVNWvPQT z0R18I3|MIGDOV>L8X8sBYJ^-Q-QZ3{LW7Rolv%6>f6JDEjAQz1qz+({98POzbRxM= zKF+)ftnG}qwB6|3cnSP6odkh@s!$tc!h`}?s(#e9w6=@%2FGMXPb@Dhj&_yyiXO#A z=l{x173z7(l^spDuyKSwBC?xU|5lV&7I`Z$XL}2|TQYEYT%WlFTNWcRZ%IXbm!sA$ zEF{2rG?K`owY_~IK-_u?B?rn)w_=ePR_ql0NqZ)?e3s(|VwM2qCX4_mH=937QEo1k zNZgmHix%Z3IY?l83!KpU%_VqWd89NncsP*yO{RMPLo(G-`Nw1>DpdMP)*^#S&NRt@ z7XV7tUHY?`l0&V-p-$0yJ+P+eH?xIrhv_%HR~)9_h{*+dw^$y~owGTN&t}VGgeq4Z zHO&_6pi4z5aNvFp>T7uP(wD&wnq8rGNkhZZjr>rSc8`eH^GJ+!-PjXwAH_F0tSr=Q zJo6Cqorqa8nPrasYih<0Y^kvcSSpKX$#9G_4`76{me$Ll$RD6cMzlWb2-Ah3@_ zDVMTXY>Q11bRe!&U6mlLI|y@^msO~X<5bN!veI3u{w67$rE0LDsQprOlbCFQU%gxu zdDV28R4?cZmN@g@=|9?&F*6(Y@t`deAh=_6RyC-r#k)1JBBb zz3R+T^%q?P)eTzOpm&~Ip>FMI8p1t~X3PX)d$eQx8yj|gbQuv20-~?NA$NezX@ya< zTPksv$bsR~ZK4xPl`USBuOgTZ)gs5TM=!$EkYn|Wo>i*8m6W2}vyf7?5CPE>_^qDO zaoB*pBZs7Ml<7wF4{P-L4zG52J)O=wS1-51(cQvNtbGfzsZH?}6n1j<-|KWHbn1cn zE8de^bWY57yw8sJRh?0;j@L94D<=@LPvY>^!Aqrf{Op#BO0K!1{s-!DKa|$HNi$%x zzG$bFke2IvRZubWZOM*QHRZ%BnIHYgf{-mEe;3W^zOWjXL1ckO2Vjp?mSy@LoUf`|-dc1%06 zdcSDiwOoax_4<;w=#fU>%HwQq-%eU_aKQ#_Tuw~XYzlS?Ug+@Ofmd_;TOZ|xp_HG+ zV^AJZ$aBz+g3wDQ!j`oy~DpupxiAEJnLkVdEnZ`Z)eD>pg zYAtqPz%O~9kkmhWi8ONlw#Wypvar8M^PJlW59(-g7;LjyyCdA5f@-LLZ@+P|>+Rrd9MiGER{-imXOt>8Nc;^#{1!>hfhWEcLyu-Dg< z5kTOyJMk(JxCzZN2fuCdUL>jfbeK>{gIl&)tj%Hqt=~=x20Q^km|(EhX3Kuhj`xCR z7L%x>Br~SDGWEVzfw^j{M-nDo!fuAmm@?(o=@|F~^9MY2$d5P-U+#GqAt*G|128kb zw1Y0$%)nZRbyPMM1?FLPF8IJsXTeX_PWQ<5Sj%RXa>B_`cdZp^&RY*bbJ8PVEj$9S zm}smzJHE1*f^b(} zOzoGfV0YRcat(rP7IR92e~;9Y=COHCFm-xxXbx77?iy~WmML`+d5xh;#+fZYvXwBA z;l0!E^(Xi^VUzxZo+$SDUKct-uJa34x#wOA9BAP(_3e>N!cqb~Pzq|wWwj$T*%9(W zx5xTj#u29qd?C!hBtHW^Fau1@4pqdgj~gQGVA8f$`8P`EI2y+CJzutvcbw8j|LE(v z^VmB_*zYV)yYq&27`C$^w>X_$WV6+MQ};>Thjo#<-F5r%9#z%PQD@yxbzd+(2pP_* zo0?WP%w9LS9RxJn>g}-)GO~+ygG3yZ%hjb0B~mXecKhIImvsOt#;`^Ju}{YqPbXCydpgp z>qj~Cv z=s!4NCVXCF{=Kd#og|3NHIUqoH}2XAx-*2u@?s@|na zT_~)lU>}Q=FoCF*-)Xjsk|bP+v}Y9hI{%kNFOW4cjKq4~JXChvOy>;`%|Y5k;!1lo zlT35Zn~@sYu3X(H({e`Sd4vatW<(w*O(cC>V*M07LG6i)^7ES;A+b3a)Q zVIw&@L92nR!CBo|14z2>GU{o&E|Bq7suCTD^R}G(5ZQ<2RXrHrFh~al*gatDgC77S7qCvrnuaDv8$1&C0WhIt)3ZkU0(1($MTTIrPKZU{(b$T~Q(nT21eS^^t zFgI7ID>Y%z1@lu##Hvp3yAUrHcB@bZ7It0UPA=^9!?KJoR~;71vhpzXk>`b35Qd`R zSl^OD)H86vLqR$!64-t6uP&k+ofgS}5tUwu3!Ze>T%oWjq3R9BODnu};x1 z9~ZSm)_2J%$T?+Rze~F}ZxB5L2u|>*WJOb-KU)SF6GOjy2K~8kt*MQlz0QVs9dYsyWty|4NQ;C88c?3Z%X)dHm(Xq-U% z_UX6=tSgFD)Id80T5q5pLB@S#prZt8Fi^zLxR(tSlzdMa=q-WnH_-Wun9|aa_Y{gy zyIByX6Y!<3{gZgFrv&$5@TEFf{ZUG}%;YUdHhI6mG52EC)lkt< zXi77fE=gb-!Yp4;&{QOYD;T^|2dmCPMR>2~*l~jCH4S;a2~1Zp%iRW3GI%nB?=YBl z3Qf~ZUMrDz8WWY9yvg9Z8GOFU8V@#q89%H4m4XH%}burLlfoukv z3XjrawPTO2)FlG_V4&dweQuy*1zM#cZ#Yr#+bsC8KWf$`gI6>7P93a9JZ?Wf`bYpd$=)fk3}D z=~|B#=qC+%w|UDK8&p?!Mhl|NC&H|zp>1J8%$dsB=n?#whDBgftCtXXCRy8 zyWK$FN!%n2d4Ek%u$M&*F%%?&9gPS+{jgvsgO4)7M*+}1EQ7%|6P%X_K7qlJYovCn z`dShm#Re|MNmVM)dIOaS^pSy15vV~!-g6V^`V!sWG`f`FK@9dE7Ce~2lT6{6lUVo- zrhrXt>!z@{cy;+XdYpOrpCJiGobD3$Dx*>16OD3|_B; z)ovmBo1L1>us|Oh=xC|Jas%}e=syM;D9|$o`bhFUXrRFo7c@|5cUE?~fu52I-DsdM zB<>mm9W8OC8uGrBsK-+zxVItLBZ*EoiNc9Q^-Pp*Dw_=cgu&a#YQa}R=8he@vabvD zgMnN^^ydaTR-jb|>LbwW26|iay=e!d~UKoXs068)M;w3~@sI*~US>Lptl6tv%OjU4OAlZtTWIp0)1eh zdnMm81I>}RmkjirKu>7M+c!aLZxS`_D&6mr!Gjt6CmpOpg7-RuX{11x8>mE}OAYi_ zfd(4rKLVX$pf3bE-avT*bvIB{p!NppEVSv_Tmw}cG)YCvK1#%lGERfwmmOwk&{(#@*#^@= zfle{dIKg|gfsXewWhVojD9}M}`r-km_;H>0Rj03+>LinDxL&wT6eYCLK;G|}Z;gSjfIY5QtuWA40xdSsSb?53(0GCV zW}t4Hm~XCz5)D>f+0C1WidXhkA3r6FVl1{ZjV)JPIITWbvBMgM=dj}bF)+Mj1_uSl zI)XPiliBZ1WcOJ8tT7JD>vU&yaA%CjaCaS+fxkKUn-d(-#~RiLkIIWxVB&(xTqz#Q zVwai>J3MrXl+#`~pA6$GsBu_>&Hcm4wXv+Hlkw($?l$Ai{myO1oBMm)j5qg>wi$2k zPj556_4{O#^tb-rLo&X%EYee$6R$t+D{pomG2mwRrvh$v-#g%D_uT?+_WlIm-bwjD zV`D!}zyB-O6<+S2itVVZO4y^$SWV%DalEQyutRyQI0up}&#{~x?BJi8YnyRer33rT ziB!i1J5*+Siy>~Y$?ytxsh>n%m!;hEV<>kiTl2|*%Zp~1qo<^x~@ZFYW(`n9e zRN`67T`$liY5Wyam{K`N@K;7jl@~fCEyoO*{)O-d?Z}KW*EBC(ZNo*bq#yd?!ftWSnZDN z-?ge^q%S_PN!hDdZJj2Bz~FR7g*x8=^;Kt9P7unxwJ0}o1#_N-3>CpNyoPa8WEVp5 zgv7GPB{Mf~eV4_~sZbwE09c3D8XKbnDkmqAcxNFGOkxLKWS-0lb+axk;sWx@nK~it zGPVdt2;321-Qi$i?f}hoKv))UcGwR;Og4L3scH5*aOZe_Fio00uhLPfy6IHGw3H^l z#ib4ir}1{WG`V$F(}f-FRi^~y-4~1wnbxJ5UXmdM6{`X8>H*)a3u&3WICvpEZhU9> zw`ReWEYqFaz7VnmPkW3H4v$*cn`vP!oY|Sj+5P(t`S3K&mHP1kDd(3Uo>96oHa7W?bkJ{nAKDs;8; zm2+dN=AEe{_+U^P>f9TaP&Ck>U^h5S!wkKKka_^c%jsMNB7j^p#enGcS z6A6s_8;d=);(+ig;zq(GYh--X{yLf5X|F+SFb(9*6pmf$U~819cc)5bTJx(VMSc_9 zExQD#xGEhL>ZqKELO8q1HZ@x9f6}`;+9U?`(D{rj40g`v!KXlD#DqrqZiP)2)8@*}ho~AEs z#P%Hf!cg{wa>^Dk7sqaKm8-#T$_`EN!c1#urtT&1Tv>K9GdSR`hzv(DIlaHzvkPoA zrs*r;kC3IS7QuiJ^K#ol(>6FV4grVrGdaXQstF?NUI5YJu;GCS!b7@Po$#*aTxq%b zLJDw+tMy;dmFV=F!Hv*Nyi0>KZ>&#gu#5jTbfFuNpHEfdLBbO0LSf80ExM4rVu>zP zuHJe_i*N@sp{##eL|BeN+zSV%f%>7C#5mvi5n-WzI7qnNqIbAM~L6pcKkHP55uoE@c+R0MQz6qUyb-I{AwfrD~zAjc6|27h*xdL z2N++BUv1#u%J?O1$B$lv_#FIdBmbL>uWLKr^9ka&w;ey1@ni6-4g9+pU*C58Ri7e0 z7r)xbzk=}#+K%u28RGZ09e)qw$KzKU_ms+RFf`h4EZUvkNW7VrZt;P+d=wlA9J z@7o+s_V0%gvBZmCZP4dfi}=-T$4_E>Km2Nz-}pWDwGG1SB zl?}Hoer(XWKG>p{j?zzmM5XuG>aNPxHsx$75C( zCS%Tyc28dS7f+t!#hhjHE=0Y(^HHAnDg43|S@fiyBHyuAVc1UYCksC?<6zGpJb7eU zf+ydbPxz{g(VsY1$D=wtl+{OldNC`m*K`KqER-bvM7+NW-d`mKgTqs%PI|*|*rh)b z9G()B77vbbl&N~1ft)^MpOObodu&xF>{)JW#~U}^+SuKe@kY)`whXwd2opW(!%n+m z(a|PFU!9`Q@u?~1+L7YSw+e4UUK@TT^L}>~VzP8h{p8e`sfdX;s(VPpdIbA)HtWTd zw!AIJJLiaIY^HJqHm{cjL}otN4A~OKq$&V~!XKzlIhdv4seAfT!|&j;#10qUQ%cpJ zO(2{uHo$QXc))ouogU!A{McvFBI{tOqFWs$7zxkTd4lsuDi%ZCON!<8SKU~fAF$h^ zU7H0tMD=LB{Zi=DB^2zPlFK$NRntw8@PfF&&{kd{XA;zolgKr#;v0!5((*u!1~{>1 z+F<$@4rHBWP;Z!Wsuj-LnZHf@14FyXwkv22S@uXpNpb9cRtSw@-(9f&*6-p*y553X&9b|9iVOyKZ+cB38}{=VT+>0e*vdL zus){WX&;o@8@0sQww&YmtT`z?`ZAvZTx!5cN9HawZQ0If6RR;V? zWB(>EK-4Jd+ryRXEh>2QddY}@j{KiW!IG&PB&gw=)Zm(X>GOJh0ZyfZA zxu?`Y`G*zZhD5o}hD~V|YLJ295@t#5{`tCe3DnMcc4`Go=bNv~6q$nHip&bX zDNm+-LmD5wes-8owr`{PM*H?RpRKmYkJgawDxvf>khE3u)esqOxZPE7{1HlBzM+u8APp}Xid&YoZ|3? z%7E3ffWVEl7}PnNVXzt!Tl@l`icq=_wNkh=0kS>@?jQ=@+c;rvOCEQgQR{;e)lJ*P~~ zTq0GM^AG+dLXA7H35al~;b?SByz>na_xP7AA=at4mZ{5h4jgi;;S7x_t#_7Wch7!N z^1;k99bTvR;3mFV{`&5vcqpb!g%`4%3`vM{1yxqI2lsu4S?SP_KCzdH9&WTQ97}yu zE*ZxHP&-9i>!TO@mkA@>fuTr`rYWKEjLn2I-$cOzgY(IMcL1g~xx)DZgqL6pC{_=B zZ?{FT^t4$A!!?2k-{Be-iJlmXz4frbvgiKIkVU^sdB3(n!FXKo7u}1a>-0ODj}IP=x*&f!x_N6GkC) z`KNYzSog!+fa|SETGhA+ETvMNf8npL&HyFJ3V|S=tX~AaCbpo^h$q86*1qZn;mb;R zrk1Evw}}kKQy&rO2i#Hsoh9{gD-5!ek_4{ZECfdXEDWr~&GXUoNWFv9UkOmGI_{bm z4#i?=2(HXP_)c968|=qm2ElLOt;x${bCuL#;-U6YsMS ziemNdePR*_KEf_kq2AN!5{-jvoG%Io69LFjE-iMO) zWO-ItEx!DIGPv5k^3NNxVHBl_q?MJ=ik?LT1mk?W}kj>u$I|a zit-)hJv)xQ7*CZvGuLjjz65ITIq~2U1m~bU3AQ9Fd&*`~A_yZd;S;x>=EE`9?G}<` zWC=XNQkIe@Hh0}!1XlJbDI29mh{ezqxvg2g$xOfzsb-={I;zb2NFA>eTY@KY5u;$v z40Oi_3fzawCeFoYP+B5y74EHZ&*eiUn2TiO1@YfJE5b}!KUdfu1t_DrAN@L;yFMwt$a0eOyG@A|#gUrF}G21$(W1 z?%}I&aACx%yj5vJKndolp_(pDk)~%>kv#@y{!@V)pNH_tn>O%y5TCpY0-wL)v!nhz zfKO^k2;GlQxWMppA3kY`oK@u9YfsKNkt2|aEbHv9ao`h{(02HLNqbmBFFPB*hV;?G z+8KG>uMX+ourb3e44wTMLPEp#l7m%U{QIDkEk}sIURezj8ycJwt;_l^`n)InOjagZs1aE0qUWT9o~rwRX?yjf z*c5T&I~x#HwnaPom*-dyQ2b>WF=yDk566WadkQO%4(qAVy?WUii+<%j_weW&baeEs zg#We~UwDAQ=qv9of{5(kI;qiGi_6sl>wwzY152bQ*g0_0Q8*kt20BaA;P&mR`cxE; zQkU=C$>rY?E+nI;`)Bu$Qi-v{cahc55IN4? z@bSKoqZ9i~`dv~w2cU*TmUcQz!^U5)E>Wh(t zW)o}vUJzo<;d;MZ{o4>4FWdfJxq2jlAT*!+A~Ej{mXg2eXz+G?M8% zADR!7TXT49zC@*KH13Qcxb4b@%O3ASu(p|qIr}4|h45wkRSTbNn2629tlwqrelxaJ zz@p%@ERDx+-2u2GV_vY<1|MZPXz*!ZAl~w#HT-ss zr&v~_$u&MNOo^Ub9VT{OaZ#$1Su0D`s((t!v_N_ApNq9zoZG!7o9kF?-&M8OZOiAp zu5LE{7V7;c(HhiC8VwFl#(cfxbgn<*YkZrk8_9WQuWGOwsv8JJ-)-JsQ|0pyhN^Iid@d&u z>)4d;zIFic`Z$*D%J=fj(b+JMcg&@ zNJ8l?|2bs{7}!Sku7_p+tI2-uKAl~RRjeE+x8_i|OVm1y&g_3lu@+iZ=wQ&2lza18(n`otw$&#|VR*dKVZujr`3Juvn~fE*X-d8LZJR6CyUS79~9hH7{4w$bjRgdWi zSzqFO{6M|F+}=J5eAUa#*kWF25W{tSR9vr_&oMSr#;_%Q&c`5Q8w68E(JE`+FeK1g zB|c~`%ftHqd7)L_JL@%%h)QsvEO((EX!R2;NSr#n8v7Q{D_`a5Q>w;k6w9c5Cf0{N z9O%G}Sn~`(9s7Y%ef>)_SggCQ6aJK92slOOEBMJ>vlVJ$Z~-fT>kDy^et>(wH*{eEuuLy?BGi3xXN@j0MSzIE z1dH@jB%Lrb9ZAEr#7asdrH~YBFR4mTPzC$mfQm9}WwH9#BbqsO#4*iHk|vdXA(NsK zF{PmBw8Lni5f#Qf^~79V$&5r*s*xv2iuF-sG6JMS7{wFc4g(-BIE+@Kpd?&`*&J4d~zxJH>fMXuz+2nhOPg zHKNEqR5chE;k$GfufX}zg^c6=_wl8w@EH*c)Bh{f_`1X_@F>e+7o6tliw0?$!x*QK zkz7-T}PzEwGwkERf|hUsJ?bgHx2~ z#aur3dxy(s_HCzBi?q7%C8sInF`IBLdojw1MYiChMEyY){Ep>V z4|cJf@m1GBEbN{}3K>RG_CItIjKyjAe<{~_9FvE&*Nn%6j>E{cI+1(vm`)Af!!&(s z94>TqT#ME8%@x*i|MIVqeQKInMe-LJkEtR-y)t7i7gTds%gfjVQ|)K0K(o9{8M z;8LcGc9XX1CE{S&QKPBTIa4RAC-!|}O4jfB$AzWw`cWdYH4X=}eTb!b?Ab5janHJv;48w-c-ySm}<4gC)995lgIQkH5 z2Xb}Cc3chMuK5~O#%!F;O-5`~{P}KX;COYCcW0Nl!imCdUT6$dIB_uvxBBweMSvUP zd#)*Bo$pj^`vfiO_$(_Q*Y)GN8{cp**V5P(;PnZaO5q~2=vd%CEi^XW|NUMhbr0D9 z^&whjGMv#o!xYS#*amOhi>tNH^ir!%;F{D0QQew{IggNq5V*6~e)PJIa!r=mi`DI) zy52DDfrpL3FS8!*iBD@iSH!F}8q#dn9;fSRG|-Z>L<22V&O~rXwu(z31fzANwYz%d zUSO+E#Y znSM~Ms_A&c40!R+79HeYx}6_bsBdr2(o(arO^el2I%jl%e<`!sd`ARp7XT>+l85wq zj-kQ=+(0DdA!AN#F%zj1?=@X3UZklK>2OSVsX5v{U+zUx{%R>3VIV(_{U6sNf`2Bn%h3)`W>o)Is8OX`Rid8XFHEI!$FRt3 zBnaJ4Yf5O&D*UGE9YmHHL*4)hw!G!`)%`*9t=FQr^@YZ)+TSDGL7O@3eXz|jSP-zZ zkkp5@jU$=)1~z;SWVroMnK4uQzjwQ9IA%s%_=UUlq(nI2Rz)5}SyrZpta$RTQUJNc z-4`@Wu37=B9$2mG#`@5u8GA5@be5>k_hA#~XM{)%*TOQQb$NNJQ}ZA!v>^$&&T689 zd2vp$^2K0{yNMYw61W4CKyO$QGK-KfSd#!b^@L<`%Z-$KkhL-cM1K;KypUC2-^l66 z9h^g12CljsHix$L?5}>CIat`4Is@Awh9bgZt6^c*hR9F&qsx#T4@a@`i9oxe8HqaY zIFP6%_m9vVee>3m_x3NX<)I-Numz3A%^@fa5;8WYVj)74>05#F>$eNQPZgZO4(2)`bI(UTH!r6m>C2Wl-OA8d;KRoKl|?$ERm6due|H=$IBWuzJbX5*sE zlqzc;ON)A;Y|dj5RevnA-m^YapTM?(T5?phwpd?QH&Sject(3;*j(c)GO5qjsh^6c zuJWX$#vN{B7D!);I)hRxtDPS9^(|^Js!!QvNwLw*P`QgxZEldI&KGxR%+2PDai|#Q z3*S|7tq4tk)zHs6ZBjG3f%?I|uSInzRjU)xAu-QaAo5qOHic@*EW8rQ$xbH2=p-}B z>lfkM9O>VXE!d0*I;V}L{o`CSOI_PaX&ZE8qBL5EytHFO=}?0e+lQBj&}xy5!Fo(9 zrJ}13(?wDRw^x;?OicarW6_Han@v8`#<`SqCnRU3c@(aicdG7fF)NuF=Y8Bxo!TLA z|4-tmjhvzTZ}Cfh__DeGVb)j8;o&XdSuNmKTEMCWoV~6&zTy^epas071-!Kdobz>a ze4|^ybuHjGTfo~}z@GKZ@r`K#&uszMw}5xGfO9uA$9Gi=ctHzzMGJUu3%K_;&G6~{ zY3dglxGz&QQ;hzN`a{g>Rh>_wucp5q;@9rx5vA(3`(>oC8sQ>Ts@{X)2jfODyoU-0 zNLS#h74y(-J#q8xHg5xv3(R>6yI;b zi|C*?7kZ-yLq`s7TejH>-F|2zn9Hb|bFQYD38`=kXr9Jt(Xr@y^NoeVclVkBPah8O z=G=^K$?0AE$Ffv6ScBxU+GhPBnas;l%RmHN;*PA6t{i$9VfFB#K#aIo6>8dWyIN=h zmJLD^t_Uqx_v*qy6V8*FZ@dyWB2JU<{?-ecJ{j}jy~#L3>wP{cU#2M7UG%<0Vtl24 z4gA`uZ=?ELIg1;Orj2uXq5FaZ$@{Hyiq*sfd065OW~ z2wi;a&?z=CL}kGnPbny4+Di)|9(A;2cIF+xe(#}z11P&@UDX^zySZ*R;UmTQ!O)MQ z=_SckSiH?=Zvgep+DAD0Op@Mmb*cgO@S6JTQwZg&weV834(XO8wd%AzB$azKxQKBw z5~EPQuN8U&1=Y7FubMUNfob!wVjWRV{ZsWx6pK@ZFJrR;{leNw-?k2`w8gzK_ zKv4cVIiH$~%lmZ8c|yIjxZ0{vJq&eV$yd6sizH>Jt!GLfPRsT{33uFD->g{@>yh8p z|DMwYfVNV#&3vQ(U8_H-{9+>nGjWUlclY)Gd;hx+eHByb|K9(4BxovEm&a);S0CPG z#)P)|-$CfJ@99KB|)CETs^-)cLeEw+cY4Aw$}gtxih8zZAaqY)BhHkk|6rHPtE|+|8CVlEB$Xk zqCoV&nUd^x^}iQ_QoG;V|L)b@mP67N`qT8kNoV|@_rE+-mdtqS{^wTv-+dS>(EtC>`rpI^dD8zjhqMSM`rpYW z9+D;r?$Zg{=zmI#uJlqyV$6S%`Tu4AdnQRQ=05}I`7edg*81ORvSy6We@Og$`d^Qm07K80Il>D-JXI^9f>4t=1YOm)?xO{n)lWTD|^$j>4lw`qdn zb9S*>k_e!*c~q{3Tah-JO|V(0o}QaB;^(SoBtvtFbJtu0jnwp*40E8QP}bxAt^a@O zcc!5-QNMf{Yn+GG@4-7$dlQVOYZC#we#12U8}(~UozZetSTg)SuHPs_Wuks1x*s1_ zzt>=DrRHaJu41(}5uoem)$niBZ_}O4+HbRD_#O58z54#GhC-un?9rXd)ByU%In8R2 zqn_3YTB!l`{Z*;b=TUjBQ2)Q^`@dtove*!8=s&k5{kJ9p*aA6f(;R7{Ht2UYr~l8A zxjFa$kLhpH^u+bODF#f;H;WSin*Ni2lm20;y~CrPlf=J+{*?1MSDS*VJA4a|R?0Qj zGp2m*xAih9z7=M|8$$+Cef;YD1R`J`)4z=0Hs59NvLZ5*t61HST+xfY>k*k^(O3i!7L7~r!X!8A z>Tx6UGNQHlo)7*@O#a)dYNL-BEU{M^r25^Vw|Y_t_!Qy%k@~i9DKzKP%zKLCYNQ3s z{*Msr4mgn==VPwY3uFJ1wM6Hx zosiM15D=GuGWDR2z$uM#we1bl-U(~EFdpgQQX2Vy`S>iD2b-fHIM)wnZyu*@^b1dj z`(>oz`7#u~{RtuyH=|=w6ReTtq=}`=pb8M_fN)JZ#+h8?nWi0bWZyMc8m{V!=uuLa zm!31|ETtm`<4&A`{$(W9Hua2Tg;r^5Vy`j=l~S;Y$+nTsc0}Y9lq%oc)zH=-L-J+u zGTb$PImE*t(=;wHr$ViMUGS8t>vSOYmhE54=2Gnhy(3od>ndmKP8Qf1IR!Z2VNFHXtuBn-Z2kQ&@1q8gaqIWOO|&B+ERK>Y_ar$ldqJL;}V}@a+dvo=KCvu z)|h2~WtIaimb$<43Jzk2Yo#lIYvJ0sz;S=2*pOuQS8j@fBth@5fNwa(67PWF+JumH zM>(U^&(*q4%Y(Jt4S}Ver&zYTYxbpqjE5K&TuN+ZDs#53ZP*=HiAeA5$r^L$Q7a(! zXfw;t5nalQnjqn+D_H^~)tbwt z1aIefIOV!jU5bLup_X{j*N}R_9O;G6o5S2vsnI!x~-40~f-^jt#0faS6CHNz?QzpzSh0{X5>C@52%jslEFw-6su5032o`E3& zbfLdclcy=t^uWQ3XJ96wbbRs*%r*LxXJE?pC(poKsy}%Krci(K49wa3lV@N~l}|YX z6Q9!}We6kZ;3_o|pJh0!6PPJY+M1gbg}yVGP^QM|L;y zI7&S^L-4`Bp^NPBZUzE>qq26EsiSo+@sa9mzQ?%q(V2QAOX2fN%oXSJlK}MY;?Ov9 zcMaAM@s?kkCM{YDH^&{fNPD-|DryUS;?UFdPyli$>Q~v)k_buR27FYk-WC) zi2)UHL&ydd5bLGuf=Xc*u|x>I3FPHx{^H#Oiw$@t}qpg|{A!xlI-cYIrud^;F zUI^j3|KB+?@7@SfpYQpe=Wk2)o%@+HXU?2CbLNcLE7Ms1!F}H2dAADrr@PlEYELRr zpDV_9{JB#6^@$fiSddR33RQP34%fP4n`k zctVIxh%UI;kqg>M5s98aT|mR>*jlnklp)O|^vBAc`<8m{=*z^0^%gbVda~y(BOsIZ z+;y^C(w>`odZ0ZwVTATD(7!L@hQPpK&wYa|jj3SSbF2Cg(}O)X*G=}^<+7YajY+6U zvFCnx7Ge27dv2#J1mOVo+|&&m84J#vu;;!=0%xwI!8w#Yw-X!#sO{07o7cXiJvVh< z+H>#xt?EA6a~B~x%d+S8P=M^Y-<4S`Ab!@KyLtA(?YX(agV}R`hl6}jkh16ABAZlZ zhJ;T{IJW1m<9sRh+*B(;dI)>&Pv=VH*pRnpd+rxi4(K-7o_odtFj)57@660J&R&W# z9m_0Gda&o-4zPQ&=O&Ef|2^4rznJW4x;-~h9T?q>^BH42LufhPhiXin5)W?Aef5=8 z2H3-bov`PoBCzK^N!Evn0DJDaH!xYmS5qS7!BrP4sZVRXpV~>R3jzm^hZQ=YH*auFqVFz8>73n-YKCo|_s?wdX!t z)|+b2&FIz|l|47jZ?fmUh!3CGicH#bCr2eYQbe}&-+yJ#-LU|~`XLK!nfBaNH&unH z>c+k0lO&L2&pmUFT$3LsoE^lT`&(3uYJbk2d$Y{alb}L~mx9V_nJFQtJYt12?YZ}b zxxs`zH^G)_&wY(7$g;|1>YMDjDPO{#n?@$xo;%@A`t_Djx;;h9qZ#4i(3LiN{(~Q9eiIFP>@&Rl+99NJ$2CL6GArIL(pQ*Ze_gMO|*MW3LD68II$-f zpxVI}y+&ND0?_5W6=H1p$PB_6Kv6H*JGx zhj9{KQA3_4#A;a)7GE^5O9jxYYgGee3GL()aJRS{m1mya;QDYp{7fu%mC}DC^qDwV z{BP_R9#Ksyec*`+aFqSRRf!0xPkVp9>^Mvp>}0w?PineJmAP*j0Y|=z5aSUuxm<=S z?dBF58LVpuNIR7@L4VeM;a!wWA0Ijq`&xoSvWs5?Re;ZL{w@PJNO7c_F1W?U<%~zb z3DbpVkq`X)=S>%Wj{!SZnl6MBE#l~=dmdv$nl6k^v}m`i7Tn^hL|Yi&b2r#27A zVu|sy>=o*-<+{_(ODCC!v{$%NfrRs#q4HDu-*SsZJVGwZVBzJo!Fc`kmdf<`*0L}o z{8&b~Gb8NYk~UvkCT4`|Gr~`1guloL7krjp-=vIiLq_{RNNz8gn?wC+5lz zHYekU+ilm6ktSxR!ogoR9Q@G&yXqvnD|U)hwl<^jz`d9w0TM{Cv-o&wa%a(=QfO9* z9nL<_x5F!7o54yTrh`m&>6P}Ti3o^bk<8=RUUrZ+H=OF&!rd$5p`l%Lx;LGJ_#i9JU5dc8_FYxD< zmu%!(^-2ER&Q{-WyhU|l@+*ICc^e6I>Cf!~&ScH~10C`)zEjQM@R=Dg$TQ%Z+ z6%9HggA3sBS2-`7UYn9;Q2H$C`s8?5S8$9Hw&R^}sch(i9{!YZ|r{JBk3 z0rq(IPga84!EvQOH^N1VKesX0Nr-;lpWBg%>fuZ%Dr+>9Kevlz5X#s1Q(XB${JCvp z8;c@Zo$ADUTgY#d);hiKZH%Y><`I}pNNq1 z;JT}2#}AMPBVQA633(8XSfa%gd9W(c7UaPS&S6d56f4%AAR ztb<;>5Rlj(6re?RT>3hyHew_E2ZHH|qRbBD}x;4`FJp^q7)o#=pXVIa? z`}#g_IA1}f<4xPJUH5uycnbb~{j0NJQ0&xOi;Srrm;PBR&D~JYEQ=kLwqLP*YWuip zqp{2Q4#(zGJq~&@KG*nh=VlxE@Py*z>>sr8o7z6l1s&4dveOl=eb5{Xw&5;5*fCa; zl8*?kxkXJ~;V1D$AjJL*rMMGU$_hQueuE*?b+O3&GSx{OYZ`-2!S2Zv(pBc}GsYIfs=TARKu z9^R_&$}zs7_BEaKZP9WRj5vn_1h=sZBjkvCwXNcP?bbDoSZQ$s5fv1@jSLR-hbwNH2?Y`X>Y6u!C{Ev^8KPvp@qYQnRPel6 zn#+Eq=9+XkdcI!EcMj0kxGFY;qom!u8?eFg)-D{&xKNw%zOhDD)tjnP_Ttc^*pI{? zRm0&_g99~uP1p24#Bpwnu3tG4U7j}~qy5#BfFEaev$MB`&+-wIvTeD~Q2uvn59u zpOw4@oK?e**o#mjqDlzIMkg-F)d&|qW8yL=c+3lnjR^~l3+v4ZrN;6G6pkG>1&_qn zh^_o|hkUy!a^+9ll_dC5Ke2Qxfnwh5*+f70cxY2^{>!t0ei}Wm(@$WQc{@R=zsT@g zCpuaqF2`cOpf%!}H4?c?p$fB!`l@$oA&>E9BtjJ#@4Vo`Psy4ofid7<)uN^*C(HQW z_z2yB_fRC!f5x5;={|wz;Vpf4Jmf|N=eb%4JH`j(fbrLk1XOqu1_uH4Xt^%_3cm@13g{IyG0t{Xtk;_QqS^?~?RRd*eancwP;V`W zOe&maI6aXYi#pCJBIxwpUJxlU2}~Dl`R#PtJRP?+KiAtQ*3||YkcB(vgQFGuK4Rl; z1q2Ed_{8>VKECZZXD-#Ixtean4{E>*J2@Rqk5MH4>tN&^hA-pUCpr8KMdLp;7}Ra! z2d!}(+Hcy3_uZ+VYS^?!UoK84TlL+TRkmIr|enH=e^T>)1wdLR0Wg;#Z2k>dM z85{J@?#NWwF2P-iZMVM0OB1dy{y6*4j6EDbhdcY}ZH|id;V*~-RIJgO9!1&c*QmYX zHF%~4k1y|1W3M$$0ZyYg5n>ttIDLZyqpP^*PTR9g7q@d)<)|Yg4yU8P1JsdoEJR0c zgs0V@myuZqgcpiu_egX;%VP@SBpQXkH(w6XZ6_gs*!(LF3>8&r;kd3<%V&IcG!fxa z5-1>ntTXn-;}IT);9-zVUzXK z&`rC3m+eIwPyKctPYfpIuYkeDZNQ{$4=SKe+4gtXJ@|z)BI8qQMxC0RQAG!tPdR8c zb2bsFVih6FrwF6oY+?v7F$-li8I$s*3mNpty@ci<`D1=e#sK5Q2lOS5tjM#C_=3cS zJIHuC0p)L;0TrADCZvTZTOVLi9D&OpO%Yu(s1w)@vCM+9{lJ(Viemy!GIqNLi@fq!6 z(XNzVJf94DsZ7Y&vSZ@L;rI#5@vohuywW781_zlVT9?&2VtR$w>)lR zKQSsA5#XS=APjpWXQ=$U!oF1>ABa)DfBd;kf{7N=79K{0K$+csiqj;+~k zYo3~GGj{8(*%ck(527ES=RI_^pO$ayxuf)O<2YZ>9i_({$Ia@wqm#>!Hn(C;D8QZE z2OgH_MYL?`WqbjM zJx;BOkYe^Wsys&3LUV%Ms46z9AQn4}s#0TFL!v}Pm4J!aP56YsLyyi~Nba{*lIbyi z8GG7u7xr!2;?iDax5`IACZAWUw{17pU)9zMm&(gXuWzg*l$&U8B_SMbpE9}Lm|Scw zy9>cnxK%WdHw_S^|Cm9>4l{YsjNaS_CbK{sSdjRIop@GYHU8k#;Ll^!sX^?+md=d* zzx(TSeZa(waD7Jj$&Bz9>0x-Yz-%Kdu0^peQ@P2$TU(* z!p{ZL@Idj%=Y?eNO?R|$Q+&28Vcyk%RM==08Mr6+h^j_D4Fe7^GX4&vWp?4ulLSY> zOKI=wg#+1d@D>6-jW>;bSFNIbD=q78Sp#HG$RFw(8oxLE3^JbpI|5Vze0mgkcEycN z(8k>#AdX1uu$2HV;bO<-7Z;yJwMlm^Gu!c6 zW{P&lI!|^1zf#Yl{0K;7X*d0Zt|V74IxnZAkU9lF_%rT{)iR1`4}JwaF9@F1ca1&I{`?8vjoqwbcsQ+73SJL+!&mz-8d zEs1v%t>SdIE)f6-cdG!NhSB6F7Al9YnvU)vfpXL9_FGM(^dC5vrJs{mzl?9eKyObu zucdczdbn@@ZV&kJi_;VEU@%^oD)Gbm$$c_F5M`cMXP?5O4)_35FVtY6E*c^3ANo!uA3QPV%Q=eB8Dz2TH^eZm+W0mOu&xe52^sT-KW*urxbgapo6AOfw+Ayw3Bek zgJyrm;^je{^p2JmFR#d|Xs*J4yJ`X_9QCRRdBR~;e;TSs)v9MHXBTE4AU zD2|Y|DuPsN!kfl>SQT1g(d3L;Rp);RQ!-8(irnyJnD6woIM%Z(EU3k65ocRe%ugwoTQ4dn#-{-MaTFRJ ziSa1|5T(QyVeUp3ACkZ_f5U`?ijWu~*6x)O1sDieujH!$t?<3n_d5OChB~qH0!f+e z@@=g;ahgiT8v8eyM%=BySIZA-lgLNs@@~1<`^A87X?l~%7@8T%W$B>N9(j~UOv+BY z)HB?M&~AoZ3q0guSAiUm=@kGFB(U22K7yygS~(X?SQ>RqH~WVJB0f+ zFjV`NwuICvDR4n(9bCfmgre|XAm^83Kzq_O`BjcVw|4U^8iRN!TqCYhjY8n75z+G{ zH85-cj|!j*##((F0DMiwjP#^JXiq>0A44qXGI&HLg<^TJ1si5g9|@b9deW@I=)ktE zDRcn3y=s3T?OSk}vrY_~z|f@$DA$|Hpl;hL3{06#fZ$#DD&;TCgCi4Ng6x&20v0*# zIxmg-{h~!i_-dp~>!v>7pGSNu1^1j%&*(XD7WDhHK1hC=!tej6>Rp${?~mq*?f_4S ztZcy0z~7xiMu88==U%YM-EkUWEU{ZklAx3a+~5JUUm6+6Dx&$bTF$wMQ%XK?t?(wD zn02JIJw_4K5UETfI|~{${?6HeohXm6Ca;z(E_lzK?Nk!SffH~u`2@E*9n{I zFSvf42+33*@aBYO5ExW)(jej_gMH$Z7*D}eISCyq1zo!U*2x+2l09!jv;Aa}ls?p& zMuAS!QJ!%#~W|R0>-z|<1t!NG}u?5-Q=dR+Z?(E z6;JeuomEUmX~nt!D`kS&%wpB62CN+_DFGAGA=+djRxKxwT+mTn7spW>q^#I=01=J; zeZOin`VhYKwc8Q*2Ye+3FKf+!Fh8+cTq~<2)N=cuoWp=wO*m;epN13?ja<~8*z0Ci zU9l(Rh@8_60Am9%I*|*yA-K`i&TCn1>5MGu1_uKGwZ0nkc`D?a9gIrb7$UNX;$hj6 z*}^@I0|I+!FsFQ!fT4i8=|Hp8di(?GXLX_{iKQKsH?hvD5A{IA7?55?fz=J-)KHL6 zeT8C#>m_ zIIi4EKmYOw{OJGk{DhyZ@TfX*(OHaHpYX~L>3*}@9xAL8W34n#T3Sx{_&PCeye#Jz z&tbA#tL4&Hs5P*hcH?tAt9Fk}suPE++%@9Wk2rUL^5MN*PhM7RO=5jK#D4o9D3e@_ zt@|a3hFGGR}+pY#2n+Y>HN!VCFR z1z2Bqfee5l9-y!5zmf5X{$O_1A|Gbqe|^8?h(wE6!SC`)bg{l}vkaic6n)(zj23!O z4+IqD9M*oM2YsE7BpT!`5QD~W&3NtJ80o3_@%phPg&w?oo)CvvUse+=rf&L=MYK6)t@J*yDP3D&TiFBfPKP9c{S`|XmuR#FC z!Uji1AS)@f(m?vf?;2q&Lr0Og1;;vSbqLaiHY`WKd+P7Q4)V-e()oxdWlhu`o+6+g zeyd{IYsKZN864qJ^-PJw(ZT_&iu}Jmk>>x^M-nxfIh7D;bmH7Kn2q<};TFA``;mT2UtJ(Yy0CosQ~^4lLJpqZ2k{*pJKFSVXMo z4xh*no)Ib;OQ3|x_3nk?kg>^#z34@_DZZpM=EVcY`;&h9Ik7<|YO%o_Eau?iBZF~5 z0{(~f>p1ERc~yTUm{l8uhw2YKj2NKhY3RCZYedU%iokKvlKW%#2Sb5%AkpBQ;587` zZ!9A5#vN-8=%|`g0uLiuxS#CCbIx9V&l&1!VBQ6r$n7^@$aVsK1~Vv+pC5 zh%&K6UBV?DB{AE#w(lxpXc^v{4aF)Yb52e;>pX+uM?(krZ-(fRF+U01uO%>$AL#z0 z3SfN#^mXE|GThS=HJlj*EgM*(o<_byE>Wv6jV8$}kn<9aVu{*O!RVkXkZ80R|V7=(9`hm$4IvvEP3fhY8-^-ZClO9zU)9OOx&YBtNPBKdj{T zBg-6ioFIsc`;zemY@Rr*xmFe+8oK@~_-AE^eq47HbLfsn4&673L-*arp+_ci=#hsx z^!QW`J^m#BEW@4ym95;sKX-KU&wbnZ=aH;ll=iq2Kkzeyzt{vz#SBmD6#hvD0%gDp zXx%&=jB*zM#!l){Dg^g9`{JR#cu|GyYVWa;o#tuCge+icry&sq%e2aGv5)E?a7czO z1HC)g&ZT09*7PQ36(UKzDf36ip$aR62{8)0)~oPJJ6OB%$T+tV)5> zt7Kh9Cq^ikNA=?LMQ04UOvYe-E?Jo&k};T%BNms==*zDv!zbe|zsieGiMXmsK^OBD zzsQr7`=QgoOzSJFC+1)iFq!m;yaJY&pcHAk4;_iFz#nwExB_z~)Q@}X7u$z%Cfg1; zwOG#;9spr)E&swKgcFhwPDnyHAqn9GK!{auc5g-_s{M_u)=!&>Q8i+O!8q&Ct&x2h z2+JaW6!N%)kd1$(kXK|Cv3E&7p0scGnKPVbSh}(Bi{HzMukSfBRHN@1pf$aZ>c}n$ zGrx@f6wx0So3qbw>3hc2UlwU03a^84#R3M+UK0;v_y0UzBE$T{I_ncJa?_4jm42g( zOmk2tjKtTOGu+y9m*DL?m-g>!Ax0`{g0C3r!iPwXeo0?jsK#nE@VlXmUah#75BxwY zhT$RX2TSl%3|%RI(=P%=Du7=Fcv<8=f)nqrFfexG>!26g^ZpV{R5|OHSGjZ@5uab& zD62$;e$m#8`;Bk0><9wa!6OolpeO8;s*yXFur@+3uQJB>HCEC9!gUl+)n*vxw*aP0NU=(cVSfZxtd=dUdf zXM{Ipgq`1}@nhnq(&TT-DLjgpt)nKBB19?2Q}!YxuUPUi$qfIse~6tUxN4)4wqIw+ zcIX802^oLD{{8D~>Hb87 zobT&S;_fiav?WS^&!(W5piB7kKbH$NO0tQ zzgPu$zTcYyC?@>@@7c^)MWE908z%h&$c+B}ywWb^J)2pHW-;kMmlIPug*ic{kkXEE zWO;@u5L<7t8pO;W&e?jH`3HZ`W;(X?kaW}L|5c{7ABqiN0&$5Q57CrzDz7isSE5@z zJ#%xi0vc@L$6;JCNbz5)j{Lh)>sXM!O|s61X}nVWS6rYfq`CLDtdVZ#AE}}-4Ublz zTNGka{b3I;vk0d~9M1VH+$402EtTo~L~5bH8gSk`OEw6O^3?!74zCjz$S54+>q1U5_>R#otuuI|B#f1c+Y*WR$Pg*oXGqe9{97mF6=Lyd6jLSr3tF z~h zADyRDK{jvTQ{p1AcpyWf=CU%2YKOvOg=MD~SPGy53o&THSzZPy9p|oC6SD|?`0Je}f2Pw9zh_BTZ$loMLt|tfsH{$hhHIpG zzFpr{twsI@G5~dWO|q15l(bcRzj%;slirG@1#g87k~^_eqC<1&7D2QaKd@CDWw<@G z7=46hI5SyURHMMDvH&XY8b3Yzg}m99ZQHU@$_ZPEp#T-X*VurEQO%VVd-3FV-Y0F}I&r5R z$s-W8FE7>>%hf-p@IZw3>tE96P<+OL1}9-q@38BwIeOc^ut^m~>=kbFA`h1;Jo5Z?dHodo-i288|=8VId& z1C2oo8o*5fy7}maMzPSC<0*)oW5Wd{I}J&aC9HxAzBp`%zohZdRvJjuR*!0nWndhNgk)n+h`$dp?cMn!T}Uf&F~OKDn)>ai^PZ zZj6LE-d?iK_O|VVjG?ftjou6^gr@ky6QLdN2ZI5cC}WT2iDI0Bu8c88DW+1yCmIwb z=N{Da-=yGI@@F?lp$uRbn*+&4WE;>75K6nwo}SIa_L7`G+mX1ExAfpO`kFjzynt~S zdpDpIM(4b^vA(Sn8U>8k2E@>XY*Y2&fD!;Q|^CV9W(WDMpe=NGtf0IrHV9Ur-6|^Fd!7CCKKeQvezN3? z!$vvO_KZpz_C9S}9C_;rVMbe9w7)^G0XtVX`&w-^Pda@sr8xC1XCWHFeNTHD%5&o@dv+Uk=rU9{Ez!_#lIpSV^*^K{$Zwl5ud-?e?`WDMRM@({hCZBO7SRj*qpiSw|1SOW7s)ex%)6XsG)=uQ#L* z_VPF%Rle;7%GR`b@!*E~zP-nCC_Dg96JS~1lU;vU`9{R&j@52MH*CP{D7w*hGp$Il zIVJWI8AlEUTwUWZ876{}y|f-oPpjMxHc^1Q?3dN(-bs%jy49K0lQsk#FH#$^Vaefy zyj`(RyQh^BQM=nFbhrdrYty@J@YI0JG)-}Dp*Y@%XST^lC=RGTz!bss*Z>kM0N*-% z>7F=pYK_?0WQ`dc?uT2TYizM%g&$)#fpkA|;IjE=TbJ(cq|e=i3#b6`t?$m(Zg~SA z4SV3DU@66XzIExIPJD#>qYb;UQ{Us&nrbk0VnwSc2F_lzTS!%E>};+)$^olD&QXpW z#`~ZEXV6P>jo40=z2Yd}jAgm`Lj+2;Yd615<$kc)JvN{cFQfyI=uR*%pdA1-Euk5T zHkvjQ>KBjbYNz|Lp>Z!Fo_Mn3QCsM;*aAF6JWt^kOviybF``sr$(zU?8%yXe;Bj9VdW9@u=jHa0Bz3X>_@cvJ7rd7jo|Z4x}LRH7T*_Ii)e4kF0~ zku2hYO21bc%YthnL`aQUfcW)*D;nfF@TH_-nB zm4KqzeKOqof7eZ|@vFT*j!!yJOqUtl&BnQIq69nLy#xHA49ocY&?HJ>_Y z(f}``$!2Zw3&CR9^qWlq3V>d@h)W}aJwDb)v7E;;)doZxYRdkEm`XNhq;XjVJp z*W1M-Z|*0&^0jLm%S^x?2In#PIEcx|2~7S3AO6k4zq$BVpL*wGRd5*B7q}VliMM{_ z8dLXIqz`vM$O@UcDUkXtNN1Q;64HK2NH5x#2I+!X;?AEWqzmj~?;A--al};xNa^|z z4z=hsE58bmRsqr~Kw4EFEN9^S!Y?bB+0N&?pj{7WxCl&zuBy`w88_YSpxrM(t!Ge& zOQiM#sK{3&5qnt=;Qn=QCb&YPAr5da0Jy3+BlnOX*VVwyM{TS(|B{VwUjPMF8&4TJ zucG-!3bpA3b7&xr2E#6MHd``a_W&b@BVs4AP> zE7k`oU7=A(^_h#Nt4`Ob@sT(&$I}>{Y4(+4bSkLn**)Cp7+jxdO*lBp3fvAjB`N6m zihh(0T)rC4)fdgm3Qa=I7U9jGCD#8ShjYGNob-BfICJ1F48u7d!#N(q$=<^-oZ~T^ z<1w7$>(L_vAWGvJ9IW~N&4n@J1_ZB)&P0px(?slBj>HX(Rv7S}Rws6I1kFQO`NaC; zJWdu1{w6vMMPS6T$PSsmst7rbm+AtVA+W#wp20Mz_gZ6w(3TU+>li-^{loc`IoV;H zKTW@Ux~5C}YSZ*H5#k-lh#FCN1XYSB+;ijy8;_37 z#*KuqTbiU(gkGJ&s1JxNa@B~VWCGdOozaiCK#@g7k@-l8A1RxqNnBbd3S}zM zGl&L*i;fqC+_nDdnz#?%gy=yCx%bKG81JN3JH}r@KZKUnxG_G!d#dQ`6g837`U{m+ zQ2cF_2J;UspeksWYUU_hE_((GNr0p$NnKB&PvV4|yW?{82{c+M!Ev!b;7*LF%t!ID z(^T(??$4p6XJ=%75$>C+e%0Y|@#ql52kuLhYeKnTJywPOdx??8`tlecTTKQ8&pTN$P(b=<2cNxzytltYc(M#{YbYeh+RB+?oJ^CJ^3k z$>@vL6Oh+fFhH5qfMRsaXV-6VWZ}^U?C{VK+nCd@Xu~p0t80`LObPwg!Snx47XyqTfsfKlKO##%W0j7sMg+K7shMjA?18Kz z(m>uZkU(`r7WHoX4vb5y#1r%jmxSGz-~Y~MnpCvjJA5_7#$xof$n4iOuD>fhud8YX zo?Y6ATJ?R$Y5M=5d2{j=hSNhgj0zAkJ}6le8fJ){o5&U5H{=R%jdtgn(NL|*YaWeQ z3rNG_cw1|H62JV4PK@picsdXyB^u4Kqf}r-jF3Ks| zJE2h<-;s+isjiJ(8+bG^Bt+=JC7^O=H&c0xITf_d*0`KyT7I!P48GIVk*TX79ycMFLDk!ggSV=K^fOb@J1L|jdH z8M$2AH(L58j2ENj_`sP71TxT90_Zvn3aA6)aT5}O1o9+RD*I}>y3WQlDem$D<_dF) z9rjGv(%w{!occnH@#MfoR*k`HVowl+usG^rsaosc5W`;hS}^I%DsL7@lT!#;653#=tzi*r==eycH2k6N_NiICuFU58) zWBwAuQ1iVU*LjljJ!c>7jZ*i9yq}NuMXqEWtD>9J!}?Y?Iu6ZGzTMLSEfj`7OYHoS z_gPpov-GV6luiykN=Zwl@{upvEO858rYcBT;8tbUhiqBm&xfv$^PP2IeYC2OcEd3Y zr^CjYogZnpwqv2Xy`$*UiZ)t5-q!AHbF>xh(pI6|{L{L6hUM*%F zj_HO~b4KsB7_XWiV^_n9B(oo!9fvMNTgA)>gNEB<`f)##(2cqrwlyF#X9-*~?)BqsASZ{!t@w3x%7rmd4fMn=M-5sL0hO?wG_HT-)#%e zrfPX{q~_KPgWi`KX|LE#(9_zB>{KK)ju*($j(0+*2P)BsB$fx!c3?C9fVVCB!QyT6 zkuFsWSdX`1J&s<6m|9vOorwihYd#5)M(?N>KWKvX0jB~$FeGaG#!BOzlJ<(&VxMh0 z_%<0Ymg25&4zE?VYn`(GXbuWDT^pbhD62Jo3|PoR;c?o{%LukhkuE{~Co${gOS|JG z9~&EXZaPlLrTFcN^^4sByr`wJ@lsp@`X-RL>B!_VXx<$)#Hp*v0o~)-41}3WMj}o$ z4Ud~~pJcz_{6s4Fs9d8=j|+`=;c*#f8Q@W-j%Gq)gz#DmBD5-1rFI zstY1jv?4fd(J9>2cr?X=fZ=z>210RmG$TS5Rx4geGlr|lEYDdj)W^O}PQR;G)qtJQ z@tni7nbTa2n-@yAQ5DtGLPMH1E*`9Z?g$Mss;6DjZhA{G7DIwrQ-Zc?+Hdj(;Dk%s z0}Tl-aTAUCZ)3;*SF-SBkU@CWOMQX~px7}|;GtQdkQd@u8wOWTZ|lSX365a7Ln+f6 z@&QA+C_ld?2VpKMNui`HzEZH()2eZ8RGrCrTDS7 z>!BHPtA4n(RVT$ypRH;73GBZoeoj-?2|btiyR4mc6NlV?vyumvqV6oFOnnKq_9M;S zrkA$P!vZf`!{!qUwr~r)bq*~swfJv}pmFkvkKzQ2)6`gj)io~P9;&PX4jqt=N`XXd zO__kVw+VxYZ7teVjZu)9?0_b z$rY=+6jDP{ifa#SrFlDi8%GB`T?ia61Cm4%R{2C5=;=q5vdAVq+ z;AJo(IOkqC0oPnT$dVO0-snU=H@>MDHG>O0C~(aMQ~=t>g-82^?-B~wjSi!e#dx2% zFUqv$7i$3yl48BMYNLDUE7S$vEhV`{QvW|4GU{A)KH(RS;(UVYUF#Po$xnUXI4v>` zH5l!zznFke%;|bemgDd#s>Wb%&m*HX3YsOic?c1>yh}PgV1u*)nA#yyLqHmUBmk8O zsspnkjXgwMtfkIcaSbX0ff6PkLp^B2jjc4E7mJXc8s29-Gm(BX(t(=>RHJ@sMZaY7 zH3UYbXCa6MSG-a5hp~yGw0uHGtm?cWS!fg`Oa}+To&{q;P-oAZp2XNytC&U>N?=<@ zCu*c4ErK#cZV1HkWK&-u0Zk#Yf3g`mzS7&{;itjx(0k|+&n$06n{>|Xj2)TU9uC;x zsC;cabm?eZ{vZ52O2RZDB;YE{Uf8UWxV$U&QTeuHd2pw*kT=}Rcsq8+Dp_D-2nGgJ zpbyU4jJNeYw$L$jbk`m?UZcDp#$3i*5d0wv!FZ?5cpGv)hR9}!yiLYyG;mszZ$F3> zWFm}QNgnI4i|PXW_E;|cE$^xoGtVH5*n!x>pw}m~ubCW;9dv**ovAPA51gEPlq+Dv zAMxo8-SJ?Zj2KT5Zz3Ww)%io7KS1Tk+sI+&IUWos%;jmpav1ACD7TPKK;OS#YouLe z@Z`W^Y&h_MLU+hQvFnVsrCWMu zX<18m*`Oj^(mztY8@si6r^|3?c&u(I-a5BI&$4tED-kC!XI*+@Ru`HH4+n4URVVH| zhMysh6{&^-Um(!}aHwpH;Ypr5V2quA$-?XlJN32BSYdfr)DM7-FX4_LIHX2+wh^YW zWZU58@f;kh<B`NC|8t90wPs3jMs+dR<_4MC?3e zGVP@hh6R<o{Mo#&ayn&XR!0&4lNMNt6Qy`+E#@DZ%G zD1bJ3pnzAuPEx>~h>Fr5bG%Cqz6WfNNa28Dx5{GXNKfqQ3^F)Tk-iyGNH`An6@5out&8U_tm^ymYDI!p&d6-T(2InH@eyRn6&z9BwwoP@xT z?Z7rE{F!O@T$HxJXFxM#^Jdc0R?njRk%Iwf{P zWcdQx<96p=KN-6FxxmQM_@9t_$+3F;vd{=U{;O~;Jkjd$A)#(PJ~lkDWe`#kvo!t) zK0==(JK6}Bwa^dZTcE;|>3=~)2-W?a(p@d|L+KQa-#YO=UW@=P=yCJEJ;a}2Y?a-9 zaqre2iJ=?JAA zEA{E#S;=&g*RdHk&z@zRH>-V>Y|oiYNBw$hI)Bky)8RQVT$Wbe^!if63Lc8H;K_u4 zT55ju&yyZL1pdHZ7$<@87#}%5$RLG}hrmy6fT|cP3R8D`W`6@dt4y#=ob^7fl%&Hw zjQ2I9G;kRcF*b<{ueATbKG8hWoM}%ho0BMev@yzj5$gQvR>QNP^S z9=yEt9(wTfqC?bQda(2Z>FI#^Q=Cq3-t_rkX0Eqh+H9n(zutn3aA8I`eg0r4pOy}K z%fX6W-irOLq|fC1#`ABCgn6aGL<*^TlcbDF~pI5C6^wm^aT!Mc-JkUW}TG9 z7wC_uV78dYS`TMzUU@56Lp?4j%FPo!!_k07@I!~J@E}HBeX**7k&p>NW#A@!NB|bb z=+5*UarbtTAINLR9{6EA0)j;p9^B%=c@ppkP=G<5EJ1|==#{A~{;$Gi3UY>7RNe(- z)?;J~4Ok-sPHTXU#rp0OL;jdHJgfOS3v`F!W3boF7#!nHYj8?YADu;dpd0FC&UF|g z5TH|E1e``Wi({OG(aV;eGcx%D__02gNFpnIWT5p!r%SwWFM(ozND6kp4v$g9MlKcG4`zypLNUNy3GFHlh*$$)BFFH)&C1{KOfsZ^xq{lKgRiXW0Av{ z?=;4{YE-{hKET6z(0`fW??x5Y05ogX<}s`f02)s9{~en1@fMPR#yKwb~u zknkqgLw?T?^tr3>`jdc5GJ+%(wKFo(Fh@R1v)?F_GXZ<(h|@5gkwS{>GZXBpGK-WN zQvS&vW+U96Z67wyu59awKM_4`or)p2!ssN~9sl!*0k@Ha480jK13H`%fAWwbDKygP zfEGbKhlj&3GB_fBV=&>DAS%N-Cj=RMU5c|z+Wq45SH}L>lHjp{>3N{Walz}r9X5Z& z)Da87a*d-GaP%uOI)W_(S_r~E?$%F8v~<=4=278nF(pO?ov{;wWn7R=E?_5DDnq{m zm|W9uWleSBxDyFBJIy1S+!7ytardo15rGZn`QR`oIx+vs&2x+KbE?lz78eBhC|I$z zgQgYazX9aO$%4neVU*1#LZu@WSd?T@lx z72=xfs5H3=QqGQ~yvDeE$|?%Ju!Bp|L^>Qw6>1p%4d+r>64q#GQ2W0W{~B{&f+{Gk z-{?F>YcjC7n>RYZfgrEcQ(%UxPF$#3sKo7AZDaZgl~uft8-f8 z79w#pP>duunAQb}CK^fUgV<>(FoCfKY)E^dI^jo8F$fevJ2!@}PR!+4QZCDjSjD}z z9|&KtjGLkXs}qaYsIG=CVfQSPfcjt}ZbAaA)$BWf#DG(RZn)c=j#HWk6LH6?vLgOA z>qCR6`6v0wB8jm*#s5WFI=%6HdydboVYIlCG4nI?Eh2N$e7jW=*FopouT-UeF^x%B z&9_!wkP+UH5zca^)yMrCpg<9edCY&Nf7^aY@WY$f@xsCT zw?<|~{{rkS0^>va(4@Z{Z_0e`29=xV(0m5T$0#rZ+meShml0PwmmWa z8yU8r8Go4-|MrNh{|BwOCpH-4rsoG27KV|9j6Y{woJ0qW`ymjgBM?tjL z*F%fU=j{zo66NPNJRpBo$)5)P@xtKUI}87O_~*sHGW>%y=7oV$R!0L^EC1Kg(3<$d z#)bbgR;|acnP;BsFq%olzpjB6Sar}X^%Zo$=z$F@o4Eo+vRExN7dp)+xa@MO3sdMS zvF%gNX&dP& z`LUJ^O5h^lf)m&ikqbvh9o!0vqLzx-y#BTH^7xx#7;+fjBOQlpU7@2R%c=H~A8j9^ zT5-3m(s+&<=cRxJj!R~MH8oOI@_q!?YHYamm#FtyI7GOQd-XUKio8ViMeHYYhl~$P zqR{61#4y>b70U=!&5b8hriPnOd53=BR@*Ob8$vXIjpS;o6rCyZi%z(oLL9@v+6B!2 zmRafJ-?Azr+?o;Io*w@HhF*@9E3LGh$q63`3gK(_=DAK|Dd9k-w-g9F#?`nl5n)!3K{e$m)zASi+CVj4 ze8tA;H_Xin4Mos}U`LgE)^|=oWdHJ=jWX|u+Xe#NOQ%Bu0yw^kzCET}K0 zW5}kNi(F=J9<|HNfR}6s?*I_$Ah2tEUbfcs2qMJqa3ClJ2DXRjfLO3{5W&xa^jFA2 zm$IVxH7B4iWCnKy{qx1Ey`ZINC*{}}s-r4lV)zE$*JBc5v3oBPp#jL^r(Ldq2^%^ar z;=-{>R(hSd!b-<^rcA|y7p35cv=bo}3Yj?u_}_e&SYS1>SYE~?%LvkoR5Dvi)ejK= zhoabRF2*346X$>|aw$`M3x#D?P1#tC00u(Pm$EQts+Z6g$B7WYzeR0g!9kC*FJCALG; zaRxt4Q4#DXK-?Ei>^cWSKUPdAP|r*d=OEiKxTyAtag0Ke3#*`Eyx;&LnurmPO+XU+ zth}PmM{jgajm@?Op;mkf3dMB7O0+pt9=o7U>>nTp>TD}do%pAfr%rUrRDu=kY7ho% zVCrDi;ijG_lp}@LZhIIWtRHfCTs*Z+?_2=i3s{MFGB1>ycv9YA^?8uV0&{(_MhnzC za%7OXolgeo1N8;nlCeDntniz*U~Hp0SYw6r8Pcy1|4vc}>b8pxNzAb4S}L_x$@C0) z>Ry?Xymtn4JL9K|hh$-6U0u-T6SpUdUx~ESWpPeflt?+>yb$*#L*pv6(Aa8mxoSLM zYry0cQ)M=2ih(#BLxcv>J=t&5GYwauD2)fvE2~)TqPCuBo50tC*}$nod>)`KIQUd7 zMPJAH9b!mIe&Vza@sES#&lVNeGBScTFJWIa;g4@~lkSjhS{u^if zH?+WSzyxZKkHFV&92CjnB&o1|x~KL>9jyJ~2eyA;d57r!Z6^G)egOP7aSM;f|1tay zvG8E+Uzcb2gXeEP79tIc$7pIsDrX%mBA7Y1?L6BnBo3*Im59CEPaI< zW6l~J9{b2>hd(Z>mT~h22S>|V=!}hv9xaRFzB>ScG!T0M%P1Qoc_f)|3=-vOml(1~4vHK#^6aahO`Q)@h&N*JhwW2_N@}dgI9|MAuC2fr3 z0Y0Nm(MFwkVm2eEMx2n(-H*Nj10Sv# zawZ5FIHB`yV=c^XZ$@UwsRPVLKGen4-Y{-nf6m>r$9li~A}F`K75CeH@F%xv8qH^j zNLr&k2eqxAA#2;2joL~*<~<%FVcM>)LNY*k6hZT5&pr5o*%e$WA!Fo*IQyglTuyK{ zeha(e-(*ayUHBn(r$xrw+N+>c7s*b>T5&l*<_V@X)}mG*_%2kZeriSIbV>#T2ZbRy zNH(QzjL@89{2+=aCDa(ihm!HRh_B&jzld&-L%ok2hdcv>H<0itK|@8LStiWgGn%V*-*75%fq8I6ZXf zI*_RPw~+8S2XByLZ3m@|fsNdsE=hFnVx&S=trJfr{;Ix*>>fvIH+>DvU?aE( zcjgH7yeBL!ns*tDesSEK3J@-}RoX}4W}1DX=5pt1bsG?o3y0KgT0VmL^o<$}7SRZd@(0s1q}i@jno?f)PB0CAA1<(6&!N3yzXad~QwmdkVCs z37CJ;zae976bHpwFQcjyXKrkt0+x{^>s@Iiy^05r!Mh0sGfDcXixiBZUnj`<-b5Tk zaz)C2NyMFHk@4}Y?!?QlDNy58RQ3<%6OVEyX;UKZm7o74z+*?%#^5()MKX1X`~>rW z<>f+Nldv30_l90zpb}E12PEq zh&2ITI5+>m3n!aqH~s-&n7Q#X@g=X!c4@nby;-*Skr^2?ou!nk%8qO=$!tDR8)O;F zCrahv6BzCs%!M)%!^r{~|HEm}b^l^+Tu$fBzor`I!l~+O?@%O0Vd1ZF35#+f8l+N2 z|7tArmX6qI0ooP^UIHf!&WjC{ss|3$!0FK zs^9j#C4czoy`Ld6Gl>EulN{y~gCAv4pkjNt4weCkyA1eSEYTLbIM89iAJFNG7&vO#$nGN-BUQrvS63 z0nMo&@e?087ooCANL|R2#f_aTIHw4_Ku{DI?XeL7QWfDoG97`)p}i4DtGLd;8B6SM0~*j8Kh%$iX=?d_K{sQCF{TSp!GY_ z>OW7_KM?h6{kVQwSy6v$i|jK_hcB`GKhb&!q`FKm(NLc09f_apcqcZeEHA6{BVfmY z(l8x*H3T;_qwr&oZ$YL5%9o{=C;J*FZ(>F)-A`m5>W$@Ve<Q1wh+CB4EsOgh)f`6-t)Q5Scao+A8&XRj=?|<#CnYY6 z#Z0hCMtJw8t@Zr9o-I@Ep9luckd{P#helJL(y z1pK%C)q;NpjezkzQ6CTC3usIc;Jx?+so=R*d;qzZAp`q=VY4Tqx>-GT{={ch=VLPu z=z3q7mfCfP#5(kR!viGMNaCZ_ET#p>jzUH}LtiiB574_7UVOlG`~o|CK$|dx z55UT5xN%I@w9)udJ4cYWmZd1HFD}Rmoh2uL+w@LDCk~TyrlYC==~-k!{MAyb-ri9~ zs&~Y=#k*FFn_?+P{;^|mS@M@+%oc?Z(QrdWho=qm~1!gaB2aM zT;P2^v8;jNM_>fvaRdVQKfFE?&j{QDXjwb}BJ2Mlhl)igwfyrs$vKxHXYAc1HA?#? z=-0Hy1|;!}1z}b>=-yU#EPKf{hd^vZ0+xcp> z|FSns|Kw02jsEG$?iBiO1tdiOPjL&Ne=K6D^iTX42f`-%fXDa`1evjMAYX}hCM{KQ zw|q#VYBkq}CL&g&nZRqZt&3z^yn>Q_sH~rN9#6@5d$ zF*%eN7Kq67GBa}+U?-ZxUSwAZx9Pw|OS3E4c`Bzt(f_^O^WRD2gEW9%Zh z+AInzO!R>H$D61TgEvO@Kpqdtn|?`lf${YFaPu1^=o1^aGg|``cC(BQln9a=WkYm$ z0TV;cj|QE_mUvmUc%Y{e=ckn*eLaa*kOweKg?@1}{86DUv@#@qI_wW0p&)HBJn`$@ zqMs^!y}XPAIUvwvbt`y6tiUg}%JP8~R8d^(EkE)`7Xs)Lj6$2ZB!MoU*6l>jZHHlQCaectS|k(%+gVHpti7vL3Wtl z0@G#W(-pS>UAL1o^*F!_z#f%G`zEE?X*TWy+8LJM-NI!AF^oXQtppFDx`X`BZ0xC zguI35NbGM`M|i)&@KXT=b+KQZE9+#ad#K>AssaXFoo6xrM_Bj|(7r`%WKG0@L-1O^ zJ?S7PJJ07oq#bc#QlI7%alXw-vuluKERQcF;O$G})B-@RDnJOmrm23bObg^&%edt8 zx}=(){;Iky3nb3&7q@UIm-IQYSuHZB zOvlerRI)mlC;k5ng3b+TTxGt+d+K7PSh# zn@u3$MJ1r}S{1Z~yRJ$UAqgn^e9xJCcQ*lF`g@)~9zGwkcV^DanK^Uj%$b=pXCz8% z0*qcHw|6i0?T${UJ&Q454Lt`e{~=G`*rkMSd}+g36?ED~0lnKCaO?vP@O(K7cX2tb@zY4^9_7v^Ju6lolZ({a%AMT;uh{j|bD z;j?jH?M*HeRXe59d|w7Iu%an!3=Vo;Q%wpR?-5p-4?V}#1@xuZi=E*+Y>(d=FVZr; z%5342Jvti-#EPDikD67QcS^n zgy%ha7Xr1Zjp+OeU;o>mk%NiAcmVwKHSIjr69Hk&{UiZ{-Xs& zf99rB0GPzB05{40FY%fO&m>5wA$Sx3B9-i_FnRbZK+L%{=5<^S2FVh7&PNq#tf53v zurF3)o-%~7&qeT+8oM~PM#4mr9=a8sSe+KqvI&0&g!%e-o{>mYrq;Fg9w z2n+D~i?wG49+$j+BY1uLlLUbKb|CsVK~nS#$T6^Me@ z@XA8kl(C6jjTw{#gnils(}c@C5aTjj8uFV_t`8BX#;#Yvg1#UiX(%syq_#Tb|vtT<$5 zrh3%7l-j-{t4phYoZ`#i{kx$b9Z88iTIl9j6{ya8lqOs9oeUs$wL(S4HjSVgD|u{k{F&Pqmd_!29aqaIQ9? zS(~u^)r$aCyy?`=`F*q6gC_-Erku~?501K*;zz9S{0~IcVr|uCWeX0)srlNf50p*X z%9hOVo=mYzTM6$o9gm6_}^Driuv27}VcSsi~lvDzz~)-KuNH zsh=*$47^V{#uE+*oJHZi=>m77J39ALNL#r%9Vc=QZB?hTO3>D(FND8<9=4qmMUc9ns2; z(XM8yHeri?B!<_wcc#3I3dgi@8@2Jr=pmGTAB?7beSDpIU_oxcJRwfM#2LL0Rw*k0 zkpj+v#wL$rsD^&??Ozj9vWR*LNg&i*G(R9(%*wamj~VoGPs2e|H5s2SrvGO2LmH?! z2-51`K#q_)%y4^2nu!lXIV(cW2a$hKcz-7Kba)RA_V;M3;06q*`8gqV82}4I>N!dW zK1wB#9ZE#JuY3uB63{oV^CSE%@NK{|S)ew(kwXT-Q7?c;;ZPc+F4DKAjJ8;!{dDQu zOvCeDpdS)}HxFfv(pH7j%J=})3olw-B8s-;1h0n2EcwiEj&Cc?w?L39J`_i_)y3jY zc;_9fkZ;5;F#+GVr{W!?tTq{+7T)7Q{72#-h?I+TOhl-NzD~uPQN7gbbFrIaXQBA{P!UgRlIdwg;Q2=U=0dc zTx~uoa~P_(52U)MOa()HZtXea_+@Q3$0j+ z4BD#gz~oZCLMa|)V{w(YRMSa#r^C+@QrnacWj#EbmT3BIi1ju3w$52WmMF$(vOaN z?f59uAp;MD0p&iZ-Q@AQ094&Tj#mrKIUgWNzmdP)i__I*HqAgoS#)Dl(!JZCP`Q3TeLOK@xi(H=P; zIHi9hnxB?^_BHasF3AaKqaF@j(fuo1={>zgA!iC02IdQ{4y|9k_ul}dz#a;`X9b#I z4dZIp`rXF{ft12}6nImt2S+Z>>d@*_)4?a(F=ky4aUs6L62Fkg)Z!sI9k_t%KF&_o zF0Oj3L@UZQm7j*U5xMZj3!u3gfJQWZ3h6XabK&)un&w2MWvxj6Dx!k9B?!z;U@7yK zQGm-sN)<#=5#${C+ZcskGRc~a{vbEHWr&-MI29v};HHC#XJBl&@LP^w@?kMoxaldt z5*{)bu=u5u+*$Y~mj|Wz^}ccvQ9cNZE_lsnc~;NHVxY(4GQ}No`@+qcz9XTM5s0Pn z8E(t+9Y8bbSXwy}ZqD{?L<;SahSUqfO(&yXhX z%RVE$Wnyr{kO$HHL)G=IZ7L4JpiiYh1{9p=95QaOwptSj;CqWvd;^tBW0Bx zp#o2MUDn8Fn83*9P|R>swyz^ploxJ28N{waL-}3ELTW?iNNLI!%ISytj(k)S)!hdj zGZIrPoE+~Wq%X)W0A)dlLS_cp$$IlK@?d|D0;vSPptr<|K$h94dl}kZg*ftYJsH0q z{1PipNA&{;yAYm%-yHmw8$brGLogS=CFnyZxN07LX&Rn|UoU=3=V&*#;{QhcM}hb& z%?0w1=0|8B{$r-aUu?|dFXY5E&>n9F8Su3WUqCxYo4XTIR}RZL+ObUtJj!Dgg4d3{ z8QHG+3>p4|-(&big^=-Ed=+?+=_o#S1O7G6h(I^spvGRa7f>IgL^%`zxt4L!hy}PE zd(9V6z)0)T+t8+KP#P6|teZ<*DPdpZVa|)oQGT=OK{!!{{CS2lt#zRLm*NXA;aI|F zW&2?G_S~yztL|eNsD#6N;WSLj3NYIu2oFbLl8A6X{#arKa%e3IgByH@3&wH!Hhij% z(NL8|2PTol+VYbjb3+oEe0z>WWtOe|26=b|XYT;;dKatyv-lCGTzyeqO7JusUpfFN z-IolvEiRS}g9nhjz$j8xe~aWm2!9~`PyH=Rf8GeXx`j6eu5PhTK(9{P3*-G>h<_UF zz&Ob0i|r(jF*Xltqkj4lm!s~S!(-Ldx+$n&Y)|b4Ntj3q0n@7ABw?Z@(S;I*>~YxH zGGGh~hV)-rHbHoLNL`5C<}hPy{zQi-1F;P>vN&_W1#oG?4Wb1hoTpf!CzA@iKo%(7 z_lQi{J}NlFD9z)lCbX&e`Ei1tg_53hU=F`uK;4s`mn5~4>|xM?4G$%?@`vaNHlg+m zFzC%3JYQCbABVok<*NHhY;Wz1q|)z~rQeuTdQ0uBBm!ChmskKqK%76*a8BlrQL;U` z+@7N2+H+$PMzR?}d%7R|FWPeg{ul)$#2>j9fA}ST+?j-l#40d7kcA6d_84-3KlDIWdjm*X zl8lK+$}MJMuoWD^cr2I`(eu8Y$@DxA^c)j_Ie^tB9(7t$1eMNs*ZzuIctT=I29WyP zarB&S(G$xUqqGW5?MY8Q$xDbZ+VnvSswK7`6k#W%=X9H%K-rU?;dnzyUe*SH>9Z9{ zJxBCh7l&bb63luF=0x-?*>OBQ*T;*n=$VLMdQzD|S>_4pIbBLI>pZU4c%Nm_Qzd%N zIF6oM;<$NAAVV-<%SdkJ_lPh_PaM9GTbp*|rS};%b`_&9ng!RZ`XYZy-AVeQ>DY^S zmeNaS6TqM7bE<1uH}No-xtn%YgHHUSnp(p@DH$@K9C)SL7cHebX_tnu6S-DEG%QcwIgb; zV`C4L^*>fw#4XY1+a@^y0^{W9Q-PB}9EqC@9i#7%zMqhum{Oy5Z=N2f7WRHK>2warDQL>Ue zL5Sw!-ddu9w3D=;*d zm9-#wEP~wRbRxGlqgJiOjS6gnV?pB~>+2=uym0tA7g7l=O|6@4-h(S0DA|W=1Q{^C z_UD430U8h=!HWI_9I{==F^!_1;X0~u6M`1#uyKZu4zQLL(f3Z&Ln~x4(U&XDb1|sU zfapK4z=u5_u)|~?E?$D*r93`KR$JsX5H6ggYk;=U!3~#Km4U51pF?MIuDXqZ*9a(H z7aRO^3C_|1{s4R7Ta=8Cr{x5`HzdAYjg~-5;6pCpd$%V(3;b^q{5$Y1PR939yZ~k?n>@%WGn_&$w;v$VIsM#b#6>i~o8x36#cbi9ZBzt=KLFMg zlY>cX>=o8}@KpGlP=fvC(G5|{Z!VXVN&;qiMSTaEg0roDpb*AP4*<3gl6}rjXdac9 zNZ~9w0~T+tXbzc5KaQE(7z9i1zE~)pWGun!Om&%Xm;s2>Ys_7j6UDKjsvAMRs@JCR)TIRph}-4AN7? zJX)n@Rhxg?%p>2Jf(5ZwPy5l8G@$~&_CPlPSg=j=_g``R6V+exb@2Hmy4+D5P znxG?Hm1M7jzV~g23_wZo`4@J;Mj8ost)8~#>6J^Z{uqig#?!(Wj(9REtUlH1>C`lk zWfQA5&;09cRu^gYPaqAmOq$3*PBBq6#yfnmmk~+x4oqfaZ_B>A6z-NC@+J^sBUbDk zPO-!Zzd!_U-Ce*dATahf(r8j~l9tp7E$MpsdM0h~T-eS9#%^<(BkfPs?DBJM6J1(u z)-B{p!X6|)&?jE`vCy#jgo8#5EOls$8zdYBFX1px=zTY+$9icJPlMSol||Dsrd%S$H%HK#)#f-a=T z`Yp^die9I=A^J0>0hzc2&(zz#fIYX&SlqVYigWDf0BSpvlUqP3w@MzDmx}kylBoX1!#2RI! z-UbBzfQ|$B`ik3H6Tzi7vB4nh_240+Sn!!49d%C!>f<>{<;K;YyW$ZnORS}axneoV2|Dd0mS!z?Wa3|B*pv&16zES@b{Kj z|NV?P_H1K%02^KOSdS<0FxVbV_n6av&1O+(!*I4Wi|q;gZ@jYHZc-7@?lY{)0t@f9 zk{NW3S;H4RNmiUm4!Wc@(mWI%w??}T8K6PZ$~VAf);y!r0aM^&97kMz;Zo!8f?Z;ZB}w?>CG#TnJ&x!uEOWog}2c91_qqB|B4!n8ZR2aBcLB# zf1$*R*yXgS$F4T93C1SuIbrZmX*s6PL*kiK%X1*)P%pzlx;EWi&VkP@$|%|bWc$Zb zx!O!wz(Pmrw!nto<@q|Ys>w;BKtuDzG zNz;v6-L}H)A%!_HRIT~(IQSeJKKIALdu{l<9|vDx!x#QI_#zvA)Q^KNvEfU99DJD# zKl#VOm)r3E9|vD$!%zQl@H1@qSw9YbwhbRR0X*>wBw!Y#rfOU~mw2Sd{eqt9^L`*b z_yg&Sejt7Eccl}%s?xh-4-i_f%l9~JeW%CnA>KcobrJS%&P~~dHLU+aR%qJNDTL9J zVkN4SIMPm}P*S3U5(nCe6iP~TQeyWQt5^ypCAui_Uv?sek`mpN_@zP ziwG1-N-Uzp?RFxCk`hNz;wyF{g_06WDDg2nkwTOhJGYeL56vZXYFj#mC?3LbDgD+~ z1%5BJAgAfSk>~3qj*g#K=rPy)zP0BwY;9(Q^|zFZvt5BQD!q+Mr*UzcK4vmu2;TGr zVM5I9v+v?>gg!XZ(hovs$TLKkpK(Ll~mMo^oKeEZ}$8= zz}-NFJ&$PCwem1-$=FFgG6{nnG2DK)2P;G;^uZ!7&wQ&mUK3iR+tG(E;QkkFdRq*} zsuu9z(G=_C?(9jzbL*IdZ;~3w>%gm8%ppbTDMDp5=$-!L+~VpuwuWLrvPCZzUjK}@ zW^C6P41BL#T|^X~eD{;vr zI2<*0L?7T@kN(6W!q4V#;Q`(lwRryK2znvrW6wy$jq?x+oNtqUnkgjdBhwMj@7rL- zOAJ`o$GrL+h%kHx%Rz0-N*|uf#TR$ol_QSkx1f2Dr01FUK+;KOI)k3Uj)DXp;?)BT zE+3AhnI*6USRwBg+Q|7Xn`U<2BH08CoxGN(^`qo(G60`ww zcDCsL;%rXy#UgZ$5Q5alKk4*9^7jkBko?VC*=vwUH`cIUR&7`4Nl8PYuAv)g2kZ7( zC0{8^#%sGXe4j@L$8J+&=aKXODq^(hv1)Lt$H?)L5R78qs%RBX06^u;_7<4kMMrSHC*>d7Z}8<)w*kC zdv`|*65LPy1rK1c^DC=q;7pIzP~~V0USw$7BBGn)H+> zNxQOl8na2|YVmCl@}q}FZ{G1mItlzVY~`u&ZzU}?d2J(Y|1 z>}GPYm_4D>vwTUQyxK;o)o(zV3A7D1TCJX(umCmRC>C|@wh4?L?=x8!G2z|s9_tfc z@G zopg*8JR28p{N_{hnWup46n}txe}HS<<`b{dc$1_W)RjFvRF(Ob_fzV4{o--wN`s(u6xD+7H-FO5&^$J2C*<%!D} z=hkCNutbk#21m>HpJEwx(~tzKAnl>j2n`VMv|sPk1SlhBsbBtClzV3J46J|l}V+_EU6pBKEP^z)i`6#ZmEF69=R zL3o$JEyWTY!57qOvAE*|J-CB!7gQvsx6pSQV%|ByALfly^6lj2F6U(q= zgx~!6FL)rMAnJK5vP?$Op+5~Kmii?Bc)p*@_xwmmvELU6hinWh7*7mB0T>FHTQCgG zdF-?c&jVbUI6sv01sTO&{!gkCPf?TXPt`1upKX~aDMi1_ky7V0cOXu%AKc-j?jfd? zV@NlV9=-It;LAUqCZ`tjubhUNsO|uvi9R1kv&a5a&G+S}L?fp)IbT4wt2*u|u=pVn z1ZTqLQ(`h_X*?zo4R1Xy?7rkZC;rbL}C##Bc!h1?-DrJoO12@G^q zycfwK$aMY>$bB+8?$acg!Eea`q5Mq1G0#T)B&}$;z3M^V~BC4)B6vIxr1YfCKJKWP?{W6(>m@D%2@~;xX{G$~uDR3kIa@w>>MF4*71hKUH&<{KQ@JCWf^131X-+Z=j*+jdH9zvHf=W%s$=Jr%-sc`j2VIT$Caoqz7xU zYYCc3_A^0wl6k|1p&baYFRYEQB>|XgdEhb3{~(E4jo6!BpoV}B(%v0x%)r033k=>0 zJaelF^h~>e;8is47O>+x9^L`_Q#G%WpK{z0SdK*=D60MJPu0wjpNYP%G1ID;v7&uy z%%`RE9l1ZqzAX~t!_xO)1A$Hu=^^IZ9j?n-23eUZkOk&;j z0ecH2(0@i@&k?DyuZbn1**aRc)iTUZ_~aPC6Q(q@5jXJdqjiCsqih57eeT;D z^FB74W}ej(V|r^09tgD6m+{wLSJwLYw)T$F+Rwn4wC{7U3LKuH3@r{L+w#wm*EZoDbAaY|a_G&On_c$Tv^PDqj1Cn$|| zsg2XpB)ul6l3)|k8}H0$yebnrI6T4ownpeeupBQ=^s*O(%QZa4WR?2UC8(x&t0Y6T zX{(MvWze)WZQ%p1{4T1ME1Ib^vkc8|2g7^CfwW&bv^5*xc0qilt=fY9PQZT(!2I{& z*d;>nU-APT`Q#_Un|6gN;54Dz7p6>?qq*9uZi!?&Avq$p$V^-K(USa)BI4VrY|++q zgAQJ@LFm?2y@Mr7KSTjCf3uK3(JbW{``F0uRF3$%eDC{qX=|EfCJ(u(urk35j4OW= zlP13fnOb?@HUA)7Ie-q{G=HwP=51Vv6|LH;FQI?|&ll*H{6oxU`RkA+Y_|urOIwm7 z+A*+wJG3?Hjfr`pMO(EK8!O0mFdTK|e<(UY&iq!&#*4T7cZBKdQaZFXI|v`Hii(}u zs`Y3Q=$2GD&~1mTS_>Y;P=UaA$aliXatByuL1K)3{P%1nMJXv-*gbJ-?aSWcQNk+o7~;Yr15c z%BYvDHd(zywL_b_WFNIDN2pCby6NYWsZEm>9jh_6%jlb_pE^`rZ# zJh`8y|M&eg6Qa#GfxnZg>c^BP`Yh-_$ylbQzvee z!=`s#kJzG`a)a{J!#q&-5L%<>jxMDAx}+5-OwDcz`to5XyL9 zJ+f(Q-ZlR47UlmaJ|TWYbJbCvFVRQ4WLw{bvI3`7BbiXD@|Ct`Yj}?&0 z7imCEP~+9;lbH8z1frxPA+i_D0nR*awR3b~82B2ULz7SjM+4pN??xB;9&{_I(P9*8 zl0=o49))g|r1V3%CzX_Z=8(S}m(fq#DBND$-r=X7@PZMpV4Mvs@djmB4Vnmg!(K6& z*!Y(8&H+pr$WUsG(pINxt7{c)^(FY7p9bC3gI^WDZf*4y>G;mTH&pSBnwRx6D+r#4=e zMgq^%c$vzAuko_<#yJ^{6Ulp98Ff`oQdco$B|T}~ zj~${K{V^d6k&dip4%~TCc)vp|L6=SFgJ?Irv{B$HXZRBbd>A7-8_@+>En)_C{jc_j zgWBr4zTtfiu>kBnK|^9;Rx1K%C@Pf|j!^d$X=}_ZTE3{_#$3bc4e!lDdT!Xv1bi+u zS+o$oj4mbd>O^Ar(@cuof~-z)DcLYNDE0uyb|cmyE-gT;n+k$aQ~2{t6z-usQl4RAhlqxwnOU2(HM_<1QQ`lPVP=l3ZH~6)bJR9a!gbt3 zDNdQ;_=}0Z2)FLmMFN#p|4jwpuF?|No9F&GL9ZJLxt+Z=Sa1FnSuRT*UdsyZ~B*mO^M}Z4~~wL{Zd6!n(CJhZxo+Vdvq8 zxr6J@-0=aY1cF$Vp{c-DD63b94$3-6EfmuiA=*imfPk0HE}%+$h)Oucyv0OrR7d7R zXT-8PF*%Z`d1)zR0uba;yNI$)7G>`yrHU8=J7Q=sz|l=%G@5lLYLN+O^b0b(DKj$~ znzJJ-Dt=EI5<0ku3ZMotJEJEeS?k0<=qLh-%x;h$G7$`9@%sIw!XQ@xbw)DlwS#=W zC7lSdxw2%B%*^~97WcEB^v2^dKX+9WmF&v;NW4Mn3<`DH?d-_fmZ&+w96-=7ULu_Z zU(^R!kAozb3YaR)xyxDCc%Bp$5HtrA=Z-y`^^TBA%Qn=_Lv@345+AGglTv~N8mdUh zOC*rWLHtV`wJEDx+}}hI|B=Lf8)N@|(ijeEE=;7Z`&mC47}i?DkId2LcVywumdrU? zlwGAhi&+hhr0yrhLSIYXVra{~4Chb0f8_#ecnPR+KZ}DI{OrlrAF6?qdF2N2^QvEq^-CF8iJlc%IR%l~loWod79cbK3 zy&~?VZ?RnVkjtLus`WAJaY-!}oED&8vt(>KIuMgPyxVfbl^j8rQ%BN~L%R9t4KVef zw~N!wH>+>ast=^51e&nb6=(u0;LY0$i4pJuP@-$OzBScL$E?6Mvr;!$J{Uyc zwG(TDu!dN132pY`sGSc|0v)%)9(g5T&GSpCQVupX_(UJ`G~!Z%y8`p(1K=3~7$^a- zUA|Ty^DHO78dyQeFHmylMVueWf6~Xi#L17!)=lAzDjRW5pb`4CQrG|K)VfnyPk&m4 zH5w=#9n?k_aZ{d74eoE7MCXPn@pM1Z+a}RHQ*04pKeu)qQ=ryqK3BpdpuOv1v|-og zmpHTR%GTXqTgJe6pLGnwatX;4ljmL7Q?scy%y+mGCR{4K#Eiyi@o_XPznEzlp~q^I zD0oO3@Dl~GKZ`Vridy|4Y|Yvw{@eP-;YB7>7q)P-;zWKyKg@`kW2aBBV6MW`RQ>Y zeasHTf;MGTSW7A1JA&C$?A%8PwpAM5i!uK~C{P$LMN(ZOn8Ug3~ zz0616i#|szE_2`iAN-f!Xy5Q`4DN0yFm2o4UcAn*SOLh z(P-NRAc7os7;Qg8pf#OEmmJ0?b7hhwrO&EeTv9g8j!VklOpQy*U81L?{A)4Dxz=f% z`w*}~%nnPgQA%u}u|y4Ifnb(ky+eYFV^|h_+?Gz6KvTOzKalqV+R~|eDSqjgNAac9 zrJI*O(ivMi=5Z@D`xjrwo*)4)RBu~4PXQ#O_V~?vnP95<)g!4XW~dQ=UTW=(nIi`t zi}3oYu$l3m*xYB zZO)3ebQ1rRSLz>uc|dL6T}~zjnApL;zX^+Mf|2Qd%Pl`z9-x}nrpE?6ay!{#lDBtQ zNM^r;*y#YSN14<<5>bir&D}M}Voy?>EU#6HnmD`}#SQgDBv`1O@+Z=d!p&4767Pqt z?~Jvj@34`?&ZQx1{;7?h9ea}ElUR1n3iHyLY&v;zYdUu=>oZT%;Kbp*{O!R{=CHwp zkB1{Fkz(F)Hidc2ad>wsg?VsMxHX;mr&SJ}7P>!7N_m26HF1j31@}pTvoX2I84%~~ z=Q3*}{uD9F$R=KeUy~>4mxmx8cgu@|kFA{#9pJukJbzhMX$k+0mhy2E*w#`$#+Ap1 z)IE3i98xvsFkX z+}a|udn{LpeGI^!01Gu^p1T%q6;TdbS~$$=^9domQ(KYn*6A|G%E-_}Pi(aZ==|m_ z7qX>G?RW;OHdjgf$x4!4eqc42ExELV+$I;lB9@GLw~SB1k|nWl6Y0r~iz?aTia8@0 zRg!)_8LgUOOm`a#RN9c^1yrRA#(nj4=?EP@8+z<4BaI!;(ISWjM?Kvyz<_Gd2}Y+T zLYNpAk!eo|>kSwkE^uEC_atyuQf)r?5$$1-!>t2hT;w~6nC2sf)Swn zLGdh=8$IL3FtHjAM{fzN1qN<(?G12oK`N{a1@P2NkvYB8>Y(W4(0CLbJAYd2pGy<%^B%zUrXwp_U>DF5z)#mgW1fq(}XO-x_m&JP#w zTs&Cm(wjV$ctPc>smx-^9|$0tDh4Odu-NiD1Y_-bR7={IlG&DR%lTUjqDu2=zwB#h z7cT=S(8jU9PQ>n|*o_>!I1&2^#ct-Yv6uX^c{fXGE6uX;aFG$3awiEc6W4(#k z?G(G8WBVpzH&ZM<@4-~VyUW*u_x?48d5omlxh>u=^7l3lC?{Xf^(d?Q)IwhU+ z5)=g7E$|02?Gnh(*_&*UOy}b$g8|(&feb)Yn`=>g)Mx_IZZ#BilWu|MafS@;fbK7 ziBd>xk!-|^U&SM5*D3(a1mKw-&wp~n|K7Hf3DI|1BvH?39QMQhEq94*Gi(=-R01#hz{g51LZl%m33egb31CH znlnHak}XHY4*Q)Hd#d8!K+3#~BJ=Qg;xaN4%ixZ033Pyo%v&zt=)m;;2wWorGCf`f zE(<+05G(9L^UUESB!~t-p~(*KE6p1~9!*MJ_*^PKa}!hGg)$$#mJR$|Hr~~QzY%Nx ztKxKf{wtIcX_^&@J3!_*E3TU3s?BDJzvm3Z_U7m#1D?oIQMIYqyTEWDt340M<~FWS zHP<*;3ty6BTwY+Dr++pIyNX5F4##(-h_4yvfD+l@%fPDc^Av`^o2JcFVCAmEGZtrr+)=MOKJT$u{`|0 zLe|cfbikzvbM!e(8i@1z#}n&c&q)y4BVhlI0WOe3Yq$tWkvaGy=Y?tXh5tMf$c$TJ zxDa3Vd|;!%e6WKl>mn52AWs6t=5~pKy~H+jAuWET%;sXFzAHsrPGS(x zCQV4O-#}96{i79Vr~PWu*$mHA60F_mJ=xlU!n|JGxM!7tL84gN1ll zR7}l@UYit`BPQjFsov<+q&SC|lqaSZL~*YtT2gz1>`=vw4W;%uiG;xdF;k76o=E$| zN@KfS4fA30l!VEUxnOMVjo<>$D3;;TkD>3>7$~=GZ?cVqc`#wH&)55ledrfmV+F zWg_-uS{Sb9*x8BLbc%hCis4pX56{g-<_K7ILdNn;1z8d;m#QQ~%wY(Zgdn3|HTtv4 zfCDo{w6FE+t_)-$Ty5UFhGq^s^bA6Bn!2jx-n4oM_&QV+!VgdOY!%_9;r6B7S=v2h zm#D2a^>yu{{pFKTv(CNzlm~1(R)q27)W^yZ?bqu>tMUb&wb7Oj0=OfhH4NlzX(+C~ zsqQ&c>{u#Z9M}nn3m{kV1cLQ4!!>xHE9tqfJxPq)@uL|x1!TmdIQDa2VZ9rSyA`{w zBoA-{1l|(GJo!c@2o%Xe4P=XTw1--};dN@6Z)@Y)rEA-lev`HE3T<_V-iju7{)ZZh z!&7?Gi<(;I#WPyUmuT$#bG6k7IgnU4R9kJe^);~`Z-V_SjyXq6_ON6p%nzVWfxpMQ zcW&(skqZ&U{l<4`#h0%*sqZrJk&TZ^a{yIwts{aB+a5Q%Q{az_cIeq97fD`@>#MGf(ogb&+T$8%AP5Fpg>2gHsaNe1L zBGHvEB*gN=b6=9YzC{Ny-q76=*;zzzdD5 z9Qrz^L2IaLbKO){3-qq}S_64(GiP6k-I<+RBKjxv%#c&rB*Nl|QRF2>su2I3({S>T zTWQ{hk}=BprbT@rat3I-+N$*CpE7-bku9pnP{E^T#$stOSElk{UJX$P%VjDLe{#(+ zvN)=1KA?>pZ^Ld#!~$_htB)cAJa^QgEnkYykaJjZ_icSb&cVfRYs+u85_7fXG`B&! z*|R4!c@Le%r|ZoM9sGO=o)p{keaAXK^liZ17`)8qD#xRHF1M!Dv?D^prJ%6Z55a!) z4TxNVDAZh4TCN3xH;Vv5VZapX;ZnSNSNDA6VHzFF=nruRR*k0xXjvpfH$oGjLmU~Z zt-TIR;T|Emk39j%DaloE5S2=xVgnG@}%i-iznzs=YW7+xS9ki;ja@ETCeqYYOpyjUSGGr zxCM7X!kt@`op{@Am;P~D@D$4*g|>P|dP-qVrrxCJ&9S-;y*o`DoIf(Y9@AErBi)%v zze-_wCJaT&(^K&QYmxHwG<>At0#|WM-L?ST1z?gvdAaT^9w4lsM>asH*y}r*KjRt` z$xXQm9+L_&6dW{0p`V$og+i1w5?V zxM<)=shw;$@z-tKM8U;4#7sxB0uiSlHJ9%v%KLipb?tm~eWlsX730AcLg9frj(sH& zOTM`Si#c{>BDS7l@8;P16S2(B2FEV4V}p0rE|P3~Jv_4%nN!YT2INVeblTcq$kaKU zdX7w$HzJMO+%@J+H?W)mp-vZaX+gPa0@P2@Q?1{@(5jfpXGdSE2~bZ~oAs;Y`ca1d zj1W42@+KyWxIV3aHVbC+Z&#Swr4}~r{^v+2z_`J@V+roaw3RDw%USc96G>_rsagsybs`U=t@kryEhgu#J;S&aK_L)cd&-%ugGr->rF#G;Azx*m!fw`1j8;tu*)A``7eP%V!iXkA$eqJ9{8$#zqqce?xdq8dwY}Ib zl55LvYgqKW1>7X**|3n>a4(fhJoK#rvv@3mE6lf;U({-||6+nw@&2~_s4*4!fhy+G zs{Q#q78SHkr*|5zY9Y3u|J7!ujVCya35>3MZF*WtotiNAAg@H zaUUtR&>MIV(xcjZ=_Ufk{VHeRS&n$hj=(V|NBq`~$P1Vp(O^du1kycJM$nEZ44lak z*V++9fr~ieayw#FUO!wVYha6itvriv-zWqBMymH8F9#8ji-+v=FBa%)F|2ujr;PT0asIv6QNfC zQ9H{_Ii1yGcAqs12N9!XLaDj`G)}NQ4MBu9G`-xsegN)Du17_j;xcsT%cT!Mcb%{v zp1|8CI&mHjpWiM_mE`(chH`M^k5Dd7s8euNu8WLCCP@@2=1Peh>IYS(+I&cc87k5J zb5_Xx2^cBT+Zn-G_nuV0A$SFd`zDp@+r2`-VC;wRSqUslsfs$cT$Xb^DP!x)qOO zP;;?cxKgIoUS+pmhKXepgIWBzne+IkAD^cfqm^wy)~3?@ z2=56GgJzRL1rJAmnrIOG)lO6ew&Uyk-oZVZc;)3mSq=;^K{BW8F5r zRfV@OT2R(~0@37+Rg!No(b}PpAEf|rfoF83dqF0TfCca|A1YX3l&ru&yNsOILko)b z1N|`ROj7lA(&DKId8aGI3mtVPzDno;U2p9CSQTux>CSE4R@j}P6SEC^hT1Fo=`Cf^ z(X}@*#bDsH^b|QPV& z+Sfw;_zsdg^s#8;0!Q7y@x^V-jg1tW(Mkti8s~Oy#8xAL(;@`#NaM!floX>-KHR|E zVWxYysrvZI)aBqZy(uQ}x4Yl`1;!n@HqW)qzYdQ*gWbk^LbWj>y0XqtS7AxtrmjNa zDf*|%f^x_VSa_xe$R|Xc`wkAYxG#8}KE6oVa-)k7ReH93Dk?o#x`|4+NQ(~8$ChJj zjgH6VtpY^jST-DErYlqo=L&S#=?M-K>v5F;&!cpL#c=i>T}Qvp717uA@iUa@8cUvF z1=BXkrhZPW#^$U^O#6kN(KR;h7rHRB5$%H&xIZlL%q{5dNy3*z|KRWreUhX-_-hi= zJ|{MkC~xx@(LI=Hz~tW_P1oD1d`%sCCYVG@9c#RUIoudL=NU_!xPH25I9SOO?E{fi z29hD-44V92LP1|)JO#+b%)7)pCcGLY9Gm74Dxn-j=8%327K$G> z#mgs8c5XZ;z&O501}IH2=BbrH_&ypW;BK()K=ke7_}h<>A?5W#me;pJ#=gq(8gpfG zacB?A@37x=?_`4yx}}in3yWqFyP^w;^j63GfI#_O7kkD&B`A_pMvT zmRoT#{v6-#^qDq6**`Wdi{W$K3j-0`e|s*}4_b6$FqL8dk8L3+4($W4;@!Ns{RFS? zF<5DdMh<*PMG2{gC@bA@IzyS{>NnL*J!DLs4pux1FAL+4SU+~r!ZN(ftRE>|P*ROs z$W1<$q{_nStd)zM`mxgabLm!ThF@%|s4;m{buDIieNU6pqVKy1#JxQFi_k3|vFp`R zpv&J>dAZ+QB+IE)rq!5!#6rHH`W|Ix{)bvklh$uSA^u}?XaY{UCZx1Ypq#iNU%KES zu?alYPb{3Sw|T1ZaLaI667RBFU5NgW@`>ytW|M??S4ES{VG2R-2>;S))H;k2IHO8* zB1Qy;eVL))Z!R8DKQd&O?}+l1(j0D1!)>6?e2|$;IK1R}s5fywlqMYwQl!jx???&bNPE>i{fePZZR5|qB$Q<8|Y}9um zEBp>*WbfY-)sZYFJX+-mIZs;_Ci;P7xp?PXZ1jC9-t`?-T9&mu5#4z+?MsJS(tNw{ zPJ22>V3Pswl#5-yjlSkk$ ztz!6k3EwtpItlFB(n@p0DZKw;WWo^%yko!z$t2vNbHG_4F3#Cfo8LQQ!CzVq(}q&~ z#{^J{34qNU+M()e{VaEs)_#lr8C|}b2lqD)SO>%Xjo4pfzKH!8Oq!S}^FWKa^uNYT zVOKX!>=+!zjyGof+8KE7Yamw(_8qL1&A_UT3%34L*U;V#h8#J(a8JVn>6JM4iMJsE!`?ec5t4de6DN}r;?C@H#>2v*6jOe$o9~E`Mc-kdVL=mH#?Q?aJZk?u59tO4cQ!ebl4Z~ydL(o88^F> zqv4i;VzaWz!m&zQe28$kd*c||de0=n;pvT||HQ(l2}e$E9LjGdeoHuVd*j&g$kH1K zhqpJ5Rh?x9;mGTa<2f8~5srf1INsPkLlBO_-Z;+ex8g>^QPdm9gSS5NE#Vl|8^`_Q zZ~rslDCv!3h~tHe35S}%LDa3!yXL2Z4oi}BiI2if>F5ul?n6UM|5@53t9wMWg`2a` zAJl{QWHNJQL#DP;zoB!6j!;<*(NE{3q_^7 zELGOF7m8*3ovWRt8kMl2M4-h+2LF7p<)VT`F&_;_-JUH`HRPHQo6wh;V>Ms(7-@HI7j`5nFC!- z{cs8m3og6t(>GR9*{MDi!VRU378#dpoJxg~?_A=XbmJQQ0NE zNz%3WkAtafM{?QMRX?*9We-=5z6r4xvxt&K1TQ-?|7${<0}m&h)|BDftnA1lk@RqE z=y>W^3^SS5e3I`Yr8$d8|I|+&`Wscit#r$@u;y!1wq%iDDt`RIZ>V=Mpk-Ri0N-|H z6XR?7`IXlZKIaMW{rWBE1B4Hv<2ZbGetjTD_|y~N+j3QX1L1>^Iu75|B~RZ%_)1QI zZ_mDhV}uXl@Hl+#@ye5gujmB$p6KVejPOD59*1xFlFClPS8xJ+=YDm;>x2&?{y2QE zZrwhV@Oe*w?^o~M9R)tDUX`PIYiYP;fN^JvvI$IaCz#y06Mi*}JBiCCq=>6joP3BW z4l&JH+^OlyyJNBGS6($U;YQ&9tM%QUpZvi3?vpM)Ao-#7-6OIbUf(?{v-}^|cbCbM zY)!$spPHoaRLJ6c?l=B7`p!1HuF!W>S=e#<&hrxHIDO~6P9{f^zB8`x|9gFB&-dy( zo*&S6I@r%$FMa24+25=0khi*A=u<_|r}7fzPk<7a(5J{?rLe}F#gSD0MC^={K9yTz zUfQ$#++O+=idJzjkAH2YIoLl-f$?ewx3W|!fjzpf)V@C%_Z7-7SB!t1cI5NdDIH|n z@WE|bWsTn)K7=_oZBTT|Gz16BAkG;NNH>(BYPgH5b(j|*E1Duc(ErmF%qAm|X(p^8 zC{F(*Gk9`nqN*IA0zb&*0>z*N%gO!wWuH9`c%$C?0)A*$fn3On&7rZ*5FCMF?Ru{R zOJUc&8NScS0xGe&0R7u28j7?WfemLEmKZaJs<8W^|IVd*|FCpJY2#F<_Ycn8#z~~2 zd#cTU_3t7@mJTuf)#in#P{_gN&R#kP#>*B%zowlgR#B_XzxM#wdV|A;;^;vMj@^nX zZ;r1WqfzzkgzGr+ZRc#PaW*c@hQ~K}+^Fd*;QR(om0=&Xv+^l0bjP3 z$SBt>@l88oNO8N~KDm_Yu1HFN>#4Pc^dbUoU- z+#Nqp0zPbxqSbD+(gmJ%8e^!HDBHa(=K3pIK`%&A&vPmPi|N#oNd8DfU3nG7^jISRHK}LOY}=W|Y{O zAHHp-(uJ!76%NAY5XT}h@U>xg>h)Hq&YXrfJ*n~$GLOIp{7IN*&X9TRT3sP)RXGiB zLQ!RWha>bDOuVc~R#_L>WpP*fBg?47rr@2u$>BFsBnhIo)|dxQm((~Mz2w267`RWEkjN_{n|g(J zW714Ym-2|tOLMUikVD;0gQ?oQHiIcrQ(0~KlV$6v6+farJ?by_r%B!w(s`Il`_tGd zhBipPw(>AZsPvB30`UbVlTMtE<#x%Z51(IO8lEPO_w^q5=mulhIRpONZ#v+g$oOmwr@R`1g=HTyN?a4JS^xy@iP! zW<;v;g}@O7Y(p26ijAFHm0beo%pd9d)8yGIs;1iV&+QoD?%PUexKrP|CseTqi}C|FXi^%s3b<0O{}(A9`;T>g1S@ALk6r3O7?}>}%XyJUSZ?WhCs$B9b7;+-?W}U7A&`bZ8YaTxO?7SPO6{J% zfZi{Y(L(-Cy&HDDMF2%OBRQCN8i^Gx~v0B>;o#uEsnq_72tUKUGFZOKMBI#5ptiZHy4JS9z9&B@BapU z@HzZ}xytg}LBpX$`TRZfwTHes=&J+7$j9^0L-lo_uZr_&?5#nX4ply&0+ooeF1%k& zHdv?fsNd9ndb6u|dtC=ATl^(PhXYw%TK!9?^Wm_g?iA%<^b&Z7#n8bMR1K>U9ig;W zm>9&p`o~?$yTFok)_zcB7EpH>5;GXP$NtTP}H@ca>M7$&N|2`bDMe0bPhjGDieeS7R_e zrO}-!)?@shXUj7ue8agjM^quX3dw9*ok8O-6N6Fhhe-4*&bXUWVO8DE!|qqGD}RYO zZHL~4VMoqe=+rAzFgWBK6q@KNUWaiv$yFTImXq@q0k3JktstkWccG8ogb>4^%N5P~ z#~q<@9oUeRgRWcOnUpr@z)zr zYdlnjw&@=q>xBIuR|)b06zq%1qpu5-2V}Zyh7)rM(AIoRw;CYi-_`ofCW=+TnyjCS zs}JRfb(Qr6Sb5(<%7s5OoTZv;HZDELY?ypFTP|fQL{A|F`S?0Sb84Nz)6lv9C)9Ke zVLBSivr`vz9qTHBZ7)FbuP^?TJ6-roH#fFu{V|!7NVIMz{0n6?ypF69ji|@ zphov#60hM{-Isb-5AjO=Ce=ZW>R{Zt8l*Iq4aT@E8xl3=s}l7J*aAR$3TrPk7j6e39ktwLZDop+|=x~=`QyIpHrw`;qu zU;AxKwXK?fB#0G*R6wkVSaISg1gQ`}$nSIReJ7cqwC?_PpWWZ{{PH}L_kHiZ?|tt* z_uO;NJ@?#mMt>Nb&@;m?&FY!qlZ!Pc$C{DH+G41^A|HaY=K8Y*hf;r=L8;sgPXU<0 zD_Iz=oKE#}{?OYq)h#vjVENCVh2QC{;8eFu{6FK2L`r!H#G4p-*1Wt2r$B? zH4C~53(a9kSm(#}=TJw{;snoUH2Tes*MUTSOI~2Wd|C#^oW41?D{|M6G~?woP4ihq z0_~zd94ly@8*9b(^$sP?Fj4v!KiF-!z{!O!XLmV1!ju$du5WQAFYYN9XH*DZBFMak z4^{krj@~``LvjDP69Z&bVaw;8hYDUFCa20@>e-`@cN=FrCk8NVlV|%lif7ICS@nK(LgeUc0&L&e+st)Mlnu}K zpeP0`!h3}K2jsM{@I{kcb<_*8?B%#H$(-}L5}J5t1{_Lg`^)CKtt8t-@gKSU6rzY^ zZnn!YXqzgEya$c*C>mD>QB(pqv`!uB;yF_hKA~rn5$XpC)Md)-GD7Y$%H-e|lBBq<1kNFH5+7YgdKOku;%+tLI2UN zsiTOho`OnG!ECSWJxk4V+y#|c1+!&YpVPpYxoT>x!%V1RrGscdmdGZ&$qs7|_|-Pu zL=wB5ncY^I!5s%0xI;AWXi#@r)m<8QCF*W8cbBO<3pQuRL+;BWXcWa%Tmsg8_t)djJ3~~ zDR>TpaR`XOFsq?vu+^nNith*Io8O$ioz>lOiSYrR{+6CG1hNcf>2Y+2bBBoC*q}4x zjP$~CWNP6?O62|^a4MOO2>D(yMfgEH9}bZ2r0m(jat4ZrBp%M;L3l%YG7snSpw>%U zT6=guA6F2Xacxu9!8_6w!IcJ&AS|$NoZxz9D+p)K_JklpK}=%fXIQ1>)(+?Khy+W^ zLPADV5shtD$p-0AWKxm&z317k`BrDicGkM>w~8q8ZJD{fc1O&P6onCi;|L@h$l;VU z%iXDaCANh+Z`lc;jFu%Q3n6*VLWR z#~an1(8pSJC-m_ebtm-kOX?2#cm+4%d%Ybh98K%Ez8`D)fUbb%dChh?cF6?u)z-{| z`DfEq_|~AyIsuW8qVrv0wn^hFzOz~Jv2^pX)MKh<=X2rs*nF2-_gy}Wdp12xDXgZf zki8`2y6O}s&!3Ye9|@Uy+4q_>Ll$HJOd6oU1<8Y?6l#*9q9s~8qHC3kQ-b%W(RtFV0Bi>R-rLz(i^mBERaTD$!?LP zxmZE@WPOA`9E3zSCyMc;T(Xt6ahx9q?|LOQij`HC6v|@q77xE;kUq)$-XRpQGr|fv+NYN^ z6Sx^-hvh0DWVzcX^oGjS5o_+@pF-}&a@EZ7HCfX9iPcPB5%1H~zL$BB@lT*Xw*0v| zN6VgWO@ox|IbO@2ZU&TnjZc?6g(-;i=?|PPeVz*JPZr5DLnKekqOXgsf%JTXK{ss4 zQ|Q6OHsI*^&&i*Rwt>nzM~F{?_^I`ar^}yvpg*n9pOGTyd~eA%v*TkCL1%py5i~p> z!SW@MLT?l)G;rM0JR0xKGy9q)ts;v(#RCSAj?D7RohRgm?s~A>9_)p32cFNex&!-7 zv%P}SfxYaeIeS2Tkkg1-Bv~H!lmY>(4M)L_O~86j~VVULg~Yd<+cC}DRDjZXrNPLy{hXxKAYN>UyR2$6jf&w}rwyGjq|-#)5e#Wq-%)R_pUM(^w{v6gI&Yv=!@zCjcFDg@f_y`J!m3Do;93>wtC>pdef+ru_K zVg@S_&%B1(A;R4icniY)A_awT_c%8qak#BRigv#QTjj>hJIaQI_dObpq>Ancz-l^C zj(oCC{6#^}Az)c70TDe>ZOOt3=Sr|NF*9&;E)=mP&AGc|r=*WAIV=~JTITn zG9LAX><+%B>u4PvTWmL1>IiIcLZ~hbsTHpeaU_{lvA_iAW+Q(k=X<4V9A*$oT+)l8 zV1vCr_EA#U0Axe0kv}JEWFhx~t|W-N#OIMkglCAjQ_tzN<2N6t+O)$rJd6yX&<;R$ zMqxIAcD%(Q*35Cs?^P3zm!*nr5cuMh51{8W96Rrcz@_sv;7fS{HfPp>U)TL zRESbc_EAMP=6ou`}p_*Jmy(Z3x4U( zs^hT>tYh}4!%0OI4l9XRTGNc83d5SlNoONG%~e$4LTP4AcZH|9iz-l{xh0B4ywboi zbLEpPF-k?ze2sx^(Y$%6HksV2S6ro6$9&D_TE~xcv3y%V8FagY+_rMthi`mG#5>t} zh%x(w>OBh@EQEJkAf* z#`UH8(XCY~vajKJkmAxPL26eobilP2Aup|0OA%>%wG_cKI=Q{#w@U6z%9OkMS#wCt z9Y=2S^@vVt!0CsZUceh#*Nwo?a-##-o)`daEu)C1+sqP|BQt+{iG$UMHNHjjH zx=3NAU}P@IY&sOWRID;(i8Do97C%Leo; z`E->aDI!1aMCD1)G+f~h&yo*Sf%%~72t0i(j;B9@gPZ|R&2^Sq8l%9+m|AF;IEzE{ul?@ zLPlYs5YCs`77QANL8xc96XSD;O*_u79dUUMey0lRGQa~eUYF0#{pHR`rMMj~3)W4> zqNYe(B9yV{>^jx@V&6m5VC&;0+3Z*<+no>b&z@TCA~~v$hh)xBCIoZX5cC$wJs*p= zrlmS@fY>iyZL?+okW$L}e83ol~{<2w0JUZ`W^Ox*d;r24Hw+$7U-?=?X%s^wZ zd>B^Ame&1&xaW}}(N?WDZTl70b}z%U%VFLU4z5g_y)boZlts(}IE%SHHN@Uwmtykf z`fX;pL?!e_rl+!_bH{8P+3{1Hf0a{lz zW;laoPPrG0b)AthoH1H5GU6HLa7LPBnDGqHa0bfsa<3dafU$*G-FfIK`c&UF< zq{WY$(jone*gqM{YokI15uLygKY|>wFy}k+w}23(4E6@ITq4Eh1idAQ&?)?8qZrA& zR{k;86{fhdInnw=KsjNLI}OtKm(7banYmh~v;|0!En5niH7 zAHzFijB|5v#u%OMmUJQ{N_x7ar|a}INl(-1qa~eyZlF68Ei5Q6tS*c`51jtGy zKu(vTDoy0f=KaT^QFwGjhLliFabSoP`O5!yfgxh=Sqyo(VqiBg+-;RyCy~J(bNPf`c=rU6Z8L4zHdAC< zMh})<=Rsa5_lQ(G0pY-n+OjUwmS{7zMC(C9Fcf3AHJ$&8FzXifRnBadB`sE)o@%kS z^?tf8O;!O~hHaf-9g1D2nSJY6mdd@Dg|vP?R;hV!%LkFE*wlvHlMAaa#~x2H{zDW& zr7HWwL+NnT$(qs6#!9xxi4AM#sn$I*`z&^|Y#u7=Slv*)2i3O%&OSWhHGL2RAsv60 zlTdUjALP#qpAE$-fIfV2xVX@Va|$!y{z0KPvOvUg>20&cCJ%dsJXqOs)~1w2mWpamL?F>gg{Kw1Y(vDh*_FIOcMezO%sS&LLg>o z0x?Yp#57GHW(k3qr3u6|2t;t2({TX+L(wIHQ(Vw=dN+aIsL3H(C2K39+9_uk!|#qI zvPij~e@Y(cdfUj|gZZzZ!!DM{oX6@m?|VnqFq^xgGK1XKiKDL*B>cT+=&HkEw1lkwtK2&w%3idX~9@~oePz~IzZ?E^Ic5XDPq$B zv{$mSg+62&6NCnICAI!CKDEjO4cPj|hVpL{0=M6Jh~YO%`deBo=-u9lRu_oVI=-)4 zl!t;);Fh3L`>#oW7|c>dx5^RGEayi!Q)8nP%j6YbrfWXuHvDd9Vvi-M&JWrC;ku$yHcZ8Q!YJgQ_7`np zUEGo@)OEaz|8rbQg*eBB6>-a1D%m5+9-WNMP|J*=P4Mv+p;%vyc=JOXgkTFCr*|ZX z<@1FR_jpi9%PSC3=OEb#`ObVyp7nlrA06;38YG5xk&6D>n)%UZ-c@QkWeHx<&k*_o zpOE>7{FC`mQ4OLT6Nj>lX%1H9`}+kf5AXBbXj-Hs$s99A0kv3-Z=XSODWYbur z$C{eC4Yg3atZ2WUP+?9;$aXOzJzJ9Axftxh3&2z630fJV%NUXA9@e&o7{(ekbEC<+ z@l+^pVDo3c5R#qI>QGuCWrJogDKrgxGXJPh6~ekRILjHDo)nsuL~aTKa&Q{??7I0= zLsiKL&%s&Aq3K3wmO;J?!8$n22u&MB{^(HED1`3dtWlxqDWO@Im-y2V$b-{TLeo;o zPY+e4BCH2zrG}=vLbF`tyAkAr(_Eoxqsbo=sv3=uADlHhG(9aeOInw~0w6doEi?_= zH@_LGN@sBpoRuD$?hegzlkZ{S5S-=?O&ddgW~gcmi;Cc^F`?-hp;;N^pT&YBI4vVI zjlDk$(41e>o zc(Io3q5VPRp-T#@^NgVTGIZ`(RC69|Aepi8o9nc!Vq8*KPQGy&>&8ofZ{Db2`DL;a zzl8nFyc8Z}^?eDD%|j`1S#n^LQPS7i6T8Oxh!fjF<@}uE^;E^FT;QZl6aCqeoTZ6h zR^X&f6a9Wk_UU9_$${1}awwrUz9L0?9`A-<4FE!b-~!I0aAdI3 zL)|m$=hkpps7xfKhaOo2TYJG!AO7)c_o>Nd7#<6x6G1?lu(r*HkckU7-pl%xKa_2j`$*88oP&C0TzZh{AhW8%9jcPaz+^(ZGR_^W5)&Rk z#)KL}`k3Gxlq=)L1eqQ(%PKNLRWdo4T zzo(^EC|Tewr=pg!D48TXb({cD1WeW^3yuE5Y$KQrOI>IjDqLtdg9}rgkx5BJx`4Za zQ?0u>%1oCi=w{-if-mJ5vc$&D73QcgXVezW79pqlR6|_f8Q;I|54>N7p( z7tfwzT&rW0MDNxmuy2gp(tb*Rm~*N>6;3UWf38a;_6L2e_&Wx`!gPiCHa>>TDCg=I>)u;WG>O#yu*8Xptgfj=&U%%p9j>ei z&#p5!n=gdx7lfBBG`E;95iw~4zuv{>E&P^k;`ajgn~9!81f^Rx95&bR)|mE-CJ_5( z(UGY}lGzcZTEZf6KK7O^Jox`RW(V z$9tUSqZ=o3PfVqz&GWh0Vm{vMv<&~Y_we+0-y^(ieOIaPAAVf!pOrmt)*tuaA$G6x z=&p-+e9PLlt&eS+U6`!mb;Er06UHWY_VoHSvR#M5liKnCBBbKijLG5B77vzF*(>a{pb29*@1;|5Of`QGOTq5Bv1} zX6_%z*Y{EGpD5G!1KdAb!~KtBbdQuJC$;AF+_#8?w)70oQ@!pCPwZm6mc;TzQSZ`O zPo7Oy+c{*JI$=?UB$yc<>%Log6*N0dX4L$y463#ed|d$E)`itqAOY^4`s8iA@ryCu85*{{ESw<}en8^h_Q>EUad|Vo` z(G!{44`TJ8KU5z;@nT=|?Q6DumD5@5)=-kJ(v)(4j(zpp*DU+$k!!&qC4B1c74E$1 zt}{+Q3#a!7D@AeZEu4NRSUI(@_QPQPG`Op;u=a4Ue!4YKIQ=idN>LPh3a5V*tgIj} ztFZP+u)dNze_`#>VEqj4atdn)g7u4U+_IZ#KJ`mx!;K(b0hlrh)+J?+Luv&>vy zITi4E&Gq%uxS!5FTP_#@^s~Stp`1u%>nkfr_HeD_%GOWi46c$plWPvwYq;id<;*ny zt9U}WURlkR?VZYNxnkVL=Vn7%Cvly_wbbhCdr1^CFX5OuvrhuL2%1Qsp8)qb%k4xK zlUA%t09^_SOFetbB9*?u^}>I!&HAozBM5`}vW36y z=gTyKh_^4U|KOZu#DR)`E#cPVRpj@3Qs?ZG-i0dOJ<}UA6rk-jTT+SaXT8?? zXBONY-=`#WB{F-_+!~QTTqs;$6yHw$Ef{G_`uqlR*fbYq{QfHSo@s=!j$EYfpIR=FF@6%Lu&oTDcdVjRPe+`0DV(n;Q(Bu?O86P!WKe*aBFS^c2Hz;) z*kW}34HhR~SpP(-21TNYcrRPKL8=$johSgHKpW` zwFi4X-gmx9K&napmMbjv$-bz;JUbyLJB$?zP*mr~=0&b8i_Bj%Z?1U1aSgY)?-`0Z z5uc=)&fV~e>fBw{Mw%C?D2rUX$l4M4jx?-co9sG zHPkO&d-M4OYh2l7%2K&fz1Z#)(Sxk32Gbee`^7GUwi(W&&chrB6O@vE&>hx3{bu`* zW$q$$#OYVO{qwCiti#qRYp3+XI*xaYJywj@tEEq3Swf#MII8dzrHWaSw+NTTVv&?p z#K}=HM#?V2aWPg%8$5DKYNMPsUHM}RJ#?=$Gj}s1F|r#3USt?rFYMbV#F8fK7OLo6 zyr;9x_UFl!MiS-ThH$sj+-kMD3toX3HD}T_yjYm+?TlKVSE@qAKj|Fmc17GdYr6yw z7_w|UML1ttyGb4+#zX-@$$MhkB!iS)a!797+L+0&Eo^-X0kFkjABIyD7(&VE#hj8o z=J(3|6RfSm%q1WwEiXC9jwOb;xbJy`qm3b|!T`#{-VR^m$%g@yEOqo)@PgSPKL2p+ zGXYNm-1%NIJ46ET?bpYJ6m_MIoMqT6-Y=AgpH4o-mWFu$QN5d#v$k87PTJqk3t>*g z!MBHrou*$N4DCGX1d(`PP{#jbd`cD&Yov1Ql``uxWM3mg_BA+UL}3ve#^l?Dp_8(+ z;qpo8d@0?JGA2VL2wVdFF!lvTfL#K{pyN9<4PJACTd^(fbJ05dBj|=%hW`kFaWWM- z5#CZ95yuh3d}2i77{j5HzGmh_qh!>~%=S@1u5{8vBpPbr^r(uC7I=GN-$$}H5{EEh zKLN6CRJ$Bd4&mph(3lWZq0U{w_Av?#ZXZO=4{o?HB&N}jfAI>l&A9=UIuI_4w74>z zFT-j<5mzMJxpw1S(xJ{_5Q}|mb;@92bU+s%1aAL|uW@9mfG8Pf-~&GqKEUGnlvB2~6%(K-Y{&?0_X;Q21ywshSihZ- z@5-1rSO=|-AZ;7rDX1VIDft1|!Yk&>`W@JU@B`R_FbS{C7HFWFd+Tnd3djNmPlBQ1 z-;mB*uPQPv`gqy1nG~;7^N59h_wW!e7Jec6o~$8$fy;wkaeg7D&|xZMn@0G>(R!E760TzcI6n#-erLbcZ5>pzgdQ<6 zE}JQQ7gVTGTXPBR=fE!&%k+r1nKx%DDhwX86vO+FZhM?Bq}Y6+GR_w&<9wk~+ADma zi-4`>%AW&6w+y>#3vecO$?L5X`?d)A=Af!#RUP6@g?@RJ@S?du)({sUgY&me#g*U# zGAPY*cGD<$U1piu9^J=i^$iO4$|~ENqY)E_{SXgN-E99pxsge^ zngy^*R8HSsknV)hFF$h>d@3{+tQy=KE}Lw2bN3r7k=n~JD^N}DpU zmCX>txGW{%xk`3%qMlC6hPcpEJ<6>YSTC{sX`Rv+5pW3y5WHeLbf`^xLdL{k`#AYr zVflHUpmBcWHi_RCc+tt5Eeot|EOu;?Zyk-aWMvZKo0I5_Q3BDAufNwTTAvKfPf;`< zdJnNrE_A0r@@;xAO>k~tEXu40M^by+-p^0Bio;c<;o4$iXq2Bx+RqW{{!3Yhh675z z|DBTWYm2R_(!lSuY(JTgm3O>iws+HisFZTGYkH<5=Le+AJ%JH&{&ZW;KPz4|{5wV8 zsl-Oi(r~ja^WTQgn(HBO68Z~%8u4CfllFuovZA^+{8g&&+*|6)eG*@d)3JPK#Z5^4m&X=Fs>&j@LsI`x`}-ycwdbTd zgX}yh-OfEeRM%3d{`9g))gt!vzpW^}mi@EX*T)n=h`h-DstBjww6HI>=GlyMmbq?~ zO?nO|OdUnv`JU_sLj%2yoq%|LgOZWiPxY?dC<%&uSGpAs5W@yJ43q;8kj29SVw%h0 zxaU1q-3dP^X=52x|07=fF6&eWfJ5_SV$Gti6NZmc~o^DjdLGz$WnZFWe+ z`B1fgJOp$Cva*u4UA6!Xxutae2mu-u z+{3ZU=nM^+iKL=Y!R$DMG}|`~-6BKdD(DpL+}HZrXf)A;UJ$2!SJ8UIxp}B{l*6Y< zot*3M)nfd}7Cw|DqlO5b6y(aw9%NEkKFir6r5XtAo5*Kc&qs-awc(7u9|(xZx1p^Y zu@Bo`W<#hv1#y~PzcGSVMzH;SsomNPp%9sXq`+qJWz}+h#G5LVRdBB*Svh`=l;Rat z#A`#MBAqT!e`a~wh!5YeJdF?KGs)9JZ-u@U|1JH>CP+;9*NWn5jmk5M;*QX!6p270 z_ytkSLX_Zu)0wp@%K1esBVIHdQPfsA0|JcDOnW!c+ALD_SCOjgBi|UbAiCb%Pg2{( z4}vJAu$;3Yu+pExYP2oTL*;@Kf_uA7aNo3It$!3jun&rRg_N|^m;3gy?;vg|=MY1& zFm}zE1nb{XOj_qW=#<$8^m0WTP#kG3LqgWtmAT?o5=FnzR$=%C!WjP}^Q8!P*|ziy zVHYDC@mZPupa^P;R5r|=#}27}Jx*b>Yzj;ALQ3bOz(DZf>(FoSs7?X7{!FEN1U=oT z=;;YfPh%Qo`Ix*cbWAo#`&(|5Pg9qxD~93ANxm;yCDEoRTANi%f3q4yz7^Uo{c-LB zg7Sv`s?0Go9L}Q*rrSE`JgStZt)9MiA+K&U7H0chaw~AE5K1c!FR~F?zhkSArP8?2 ziuI8#w#p|2I7(>kSSB+`L>g)|JHE+NpI<69z=$CUHY=i+u+;D4O*fR;I9opEd{gT% zWP12G4hQM=ieF)@T0|}__n+l_0}Bu9MNxjpahj}>&Ekyd1SA(!_5p)z?SeA1BqsWd zmvMd)LfnT88|W%%4o_!6hQ~@bDee=85)QNDN~Cq)KC`2U>jfCum>s#2asYRfT8_6# zF#s4L#~$Tv>0Df!0W;JdCT)H95dHmY@+$|d7Rr{$kYlyKBEPaXLSZGpLVkZ3yEnu+ z9j|{#LcAOau}DjZ7AMrUijXK{(f-f0l;fLPQY^NPiZPlN6%)n8&mW5;U_ z-<}_yuHiLZ!>hSC9Eig!Fa)nvX5d}mm2AW7xDBsW&uVxL3cQr4uI1hl@EQbOgK<%R ztX>6-5RWyyqBej;Gz4CUlDqaNn_CsUx`7dP5}yJu^-Y1-l?q-xo=CF@(D)J)vMxd^ z%Lw3ArQua2@XEnbUz_qw>w@~D@rZW+UI9#l>B0KO8&in_>^SFakFx8CUh=S5>ZlkC zEt$L^+H!Y&^e=DdWX`lFO5Bddua0<~!k*~nN2IK0q@#P=jp_W_`i8*!b>MF!lVNH2 zvT%cnLU*&fr`)ghyScK*?aSuMK6qI%S9Z=9$nc@7qza{641+K{A%s4wh>I%vO%yzF zEQqwt$%NsqzuAO;><(^wCWF+@w~V#>1iQ@TIhvc*8)HeVUz&Rj